Iam Policies
Syeda Samreen
In IAM, policies and permissions are closely related but distinct concepts.
Policies are documents that define the permissions for an entity, such as a user or role. They specify what actions are allowed or denied on specific resources. Think of policies as a set of rules that govern access to resources.
Permissions, on the other hand, determine what actions an entity can perform on a resource. Permissions are granted or denied based on the policies attached to the entity or resource.
To illustrate the difference:
A policy might state that a user can read and write to a specific S3 bucket.
The permission would be the actual ability to read and write to that bucket, as defined by the policy.
Key aspects of policies and permissions:
Effect: Policies specify whether to allow or deny access (Allow/Deny).
Action: Policies define the specific actions that are allowed or denied (e.g., s3:ListBucket).
Resource: Policies specify the resources affected by the policy (e.g., an S3 bucket).
Principal: Policies identify the entity (user, role, or group) to which the policy applies.
Types of policies:
Identity-based policies: Grant permissions to an entity (user, group, or role).
Resource-based policies: Control access to a specific resource, such as an S3 bucket.
Permission boundaries: Limit the maximum permissions an entity can have.
By understanding policies and permissions, you can effectively manage access control and ensure that your resources are secure.
Subscribe to my newsletter
Read articles from Syeda Samreen directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by