Skip to content

Policies and Permissions

Aditya Gupta edited this page Jun 6, 2019 · 17 revisions

A policy is an object in AWS that, when associated with an identity or resource, defines their permissions. AWS evaluates these policies when a principal entity (user or role) makes a request. Permissions in the policies determine whether the request is allowed or denied. Most policies are stored in AWS as JSON documents. AWS supports six types of policies: identity-based policies, resource-based policies, permissions boundaries, Organizations SCPs, ACLs, and session policies.

IAM policies define permissions for an action regardless of the method that you use to perform the operation. For example, if a policy allows the GetUser action, then a user with that policy can get user information from the AWS Management Console, the AWS CLI, or the AWS API. When you create an IAM user, you can choose to allow console or programmatic access.

Policy Types

Identity-Based Policies: They grant permissions to IAM identities like users, groups to which users belong, or roles.

Resource-Based Policies: They grant permissions to IAM identities like users, groups to which users belong, or roles.

Permissions boundaries: They grant permissions to IAM identities like users, groups to which users belong, or roles.

Organizations SCPs: They grant permissions to IAM identities like users, groups to which users belong, or roles.

Access control lists(ACLs): Use ACL's to control whic principals in other accounts can access the resource to which the ACL is attached.

Session Policies: Session policies limit the permissions that the role or user's identity-based policies grant to the session. Session policies limit permissions for a created session, but do not grant permissions.

Recommended Readings For More Information : https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html