How can I setup my own AWS IAM-like permissions model?
I am setting up a user/role permissions model for a new application I am creating. I want to design this model like the AWS IAM model in that I have principals, resources and actions.
My problem is that I am finding it hard to google for information about this topic without being directed to AWS sites themselves about how to use AWS IAM.
What I'm looking for is a generic term for what they did and how I can do this myself. Specifically, how to structure the database, how to store the actions and how to implement the model in some backend workflow like .NET WebApi.
Could I hardcode the actions as strings in my UI or should they be in a table also. Should I store the principal, resource and action fields in a single table and let that grow over time? Would there be any referential integrity on such a table. Does AWS expose how they go about doing this or is that a trade secret? Or do they use some NoSQL model?
I guess from the UI standpoint I'm going to get to a point where I have a list of resources that I show the user in a dropdown and let them pick. Then I need to show them a list of actions for that resource. Where would that list of actions originate from and be stored?