IAM Policies
Learn how identity-based and resource-based policies are used to define user authorization.
IAM takes care of authentication and authorization. An IAM policy is a JSON document attached to the AWS resource that is used by the logged-in entity to authenticate itself or to the AWS resource to which secure access is required. This policy defines the scope of permission that the principal entity will have.
Types of IAM policies
Based on their usage, IAM has five types of policies. These types are as follows:
Identity-based policies: Define permissions of IAM identities. These are attached with IAM identities.
Resource-based policies: Define the access that an entity has to the AWS resources. These are attached to the IAM resources to which an entity requires access.
Permissions boundaries: Specify the highest level of permissions that an identity-based policy can grant to an entity.
Session policies: Specify the highest level of permissions that an identity-based policy can grant to an entity when a temporary session is created for an entity.
Organizations Service Control Policies (SCPs): Specify the highest level of permissions that an identity-based policy can grant to an entity at the organizational level.
Access control lists (ACLs): Define the level of access an external AWS account can have to the AWS resources. Unlike all other types of IAM policies, ACLs are not in JSON format.
We'll discuss identity-based ...