By mistake the main IAM policy of an account was deleted, and now every single service|configuration on AWS console shows "You don’t have permission to XXX…." Is there any way to rebuild-recover this policy? Searched all through docs without clear insights.
For example on the IAM dashboard:
User: arn:aws:iam::XXXXXXXX:user/XXXXXXX
Service: iam
Action: GetAccountSummary
On resource(s): *
Context: no identity-based policy allows the iam:GetAccountSummary action
Ty everyone
2
Answers
Was policy deleted for an IAM user or Root user? Getting confused with –
Deleted in sense removed the policy for user? Or just deleted the policy?
If the policy for an IAM user is removed, you can request another IAM user with admin access or a root user to assign the earlier policy back
If policy is deleted, you may need to create it once again & assign it to user
If you have any other IAM users (or roles) that have permission to create IAM policies and attach them, then log in using one of those. If not, you will need to log in using root credentials (you generally should not login as root, but this is one of those rare cases where you will need to).
Then what you need to do is for user
user/XXXXXXX, you will associate a policy with that user that allows it access to everything you need in the console.iam:GetAccountSummary). Therefore you should look in the IAM policies and see if you have one called AdministratorAccessAdministratorAccessand then use this JSON as the Permissions for the policyNow associate the policy with your IAM User. Go to IAM Users and click on
user/XXXXXXX.AdministratorAccessLog out. Then log back in as
user/XXXXXXXNOTE: In general, you do not want to use a user with
AdministratorAccessfor most tasks. Consider creating another user with more limited access for everyday use