You manage access in AWS by creating policies and attaching them to AWS Identity and Access Management (IAM) principals (roles, users, or groups of users) or AWS resources. AWS evaluates these policies when an IAM principal makes a request, such as uploading an object to an Amazon Simple Storage Service (Amazon S3) bucket. Permissions in the policies determine whether the request is allowed or denied. By Matt Luttrell and Josh Joy.
In this blog post, we will walk you through a scenario and explain when you should use which policy type, and who should own and manage the policy. You will learn when to use the more common policy types: identity-based policies, resource-based policies, permissions boundaries, and AWS Organizations service control policies (SCPs).
The article explains the following:
- Different policy types and when to use them
- Service control policies overview
- Permissions boundaries overview
- Identity-based policies overview
- Resource-based policies overview
- How to implement different policy types
- Service control policies
- Permissions boundary policies
- Identity-based policies
- Resource-based policies
- Putting it all together
In this blog post, you learned about four different policy types: identity-based policies, resource-based policies, service control policies (SCPs), and permissions boundary policies. You saw examples of situations where each policy type is commonly applied. Then, you walked through a real-life example that describes an implementation that uses these policy types. Excellent read!
[Read More]