Create a Full Access IAM Policy
A Full Access policy grants an IAM entity (user, group, or service account) unrestricted permissions to perform any action on all resources within your Greennode AI Platform account. While convenient, such policies should be used with caution due to the significant security risks they pose.
Steps to Create a Full Access Policy
- Access the IAM Console: Log in to the IAM console at: https://iam.console.greennode.ai/
Create a New Policy:
- Click on "Policies" in the left menu.
- Click "Create a policy."
- Provide a descriptive name for your policy (e.g., "AIPlatfomrFullAccess").
- Optionally, add a description.
Define Policy Permissions (Visual Editor):
- Click "Next step" to open the Visual editor.
- At "Product" section, select "ai-platform" to limit the scope.
- Under "Actions," choose "All actions."
- Under "Resources," select "All resources."
- Leave "Request Conditions" blank (unless you want to add specific time-based restrictions).
- Review and Create:
- Carefully review the policy to ensure it matches your intent.
- Click "Create policy" to finalize the policy creation.
Important Considerations
- Security Risks: Granting Full Access permissions to any entity should be done with extreme caution. It can significantly increase the risk of accidental or malicious actions that could compromise your cloud resources.
- Principle of Least Privilege: Always strive to follow the principle of least privilege, granting only the minimum necessary permissions for each entity to perform its intended tasks.
- Alternative Approach: Instead of a Full Access policy, consider creating more granular policies that grant specific permissions for specific resources. This provides better security and control over your cloud environment.
When to Use a Full Access Policy (Caution):
- Temporary Administrative Tasks: If you need to perform temporary administrative tasks that require unrestricted access, you can create a Full Access policy for a limited time and then delete it once the tasks are completed.
- Trusted Service Accounts: For service accounts that require broad access to automate tasks or manage resources, a Full Access policy might be appropriate. However, ensure that the service account's credentials are securely managed.
Recommendation: We strongly recommend using Full Access policies sparingly and only when absolutely necessary. In most cases, it's better to create more specific policies that align with the principle of least privilege.Related Articles
Get IAM Access Token
Authorization To use the secured inference endpoint, users will use the client ID and the client secret keys to be authorized via the authorization server (https://iam.api.greennode.ai/accounts/v2/auth/token) using the OAuth2 method. To get the keys, ...Attaching Your New Policy to an IAM User Account
Now that you've created your IAM policy, it's time to assign it to an IAM user account. This will grant the user the permissions defined in the policy. Prerequisites You have already created an IAM user account. You have created the IAM policy you ...What is IAM?
In this section, we'll cover the basics of Identity and Access Management (IAM) and how you can start managing access to your cloud resources securely. Identity and Access Management (IAM) is a crucial security tool in cloud computing. It focuses on ...Create an endpoint
After training and registering the model, the online prediction component enables the deployment and serving of models to make real-time predictions or inferences on new data. This component provides endpoints or APIs that can be integrated into ...Create a notebook instance with custom container
Custom images allow you to create a notebook environment that is precisely tailored to your specific needs. You can pre-install specific libraries, frameworks, or tools that are not included in the standard application-supported images. This saves ...
