IAM Policies

Learn how identity-based and resource-based policies are used to define user authorization.

IAM takes care of authentication and authorization. An IAM policy is a JSON document attached to the AWS resource that is used by the logged-in entity to authenticate itself or to the AWS resource to which secure access is required. This policy defines the scope of permission that the principal entity will have.

Press + to interact

Types of IAM policies

Based on their usage, IAM has five types of policies. These types are as follows:

  • Identity-based policies: Define permissions of IAM identities. These are attached with IAM identities.

  • Resource-based policies: Define the access that an entity has to the AWS resources. These are attached to the IAM resources to which an entity requires access.

  • Permissions boundaries: Specify the highest level of permissions that an identity-based policy can grant to an entity.

  • Session policies: Specify the highest level of permissions that an identity-based policy can grant to an entity when a temporary session is created for an entity.

  • Organizations Service Control Policies (SCPs): Specify the highest level of permissions that an identity-based policy can grant to an entity at the organizational level.

  • Access control lists (ACLs): Define the level of access an external AWS account can have to the AWS resources. Unlike all other types of IAM policies, ACLs are not in JSON format.

Press + to interact
Types of IAM policies
Types of IAM policies

We'll discuss identity-based ...