Restricting Policies

In this lesson, we’ll discuss two other types of policies that act as upper limits for the IAM entity’s permissions. These advanced optional policies are used when we want to restrict the maximum permissions of an IAM entity.

Permission boundary

Permission boundaries are policies that act as an upper bound on the IAM entity permissions. Any AWS-managed or customer-managed identity-based policy can be used as a permission boundary. When a permission boundary is attached to an IAM entity, it is only able to perform the actions that are allowed in both the attached identity-based policy and the permission policy set for that entity.

Get hands-on with 1400+ tech skills courses.