IAM Policy

Following list of points is all you need to know about IAM policies to pass the AWS certified solutions architect Associate exam.

  1. IAM Policy is a JSON document that defines one or more permissions.
  2. Policy is used by an IAM principal such as a human being or application or an EC2 instance to access an AWS service such as an S3 bucket.
  3. Two types of policies are available to choose and assign to IAM principals based on who manages these policies
    1. Customer managed (Created by you)
    2. AWS managed (predefined and managed by AWS)
  4. Two types of policies based who uses these policies
    1. User based policies are used to assign to an IAM principal such as yourself or an EC2 instance.
      1. They contain one or more permissions
    2. Resource based policies are assigned to AWS resources such as a queue or a S3 bucket.
      1. They contain permissions. These permissions contain all normal elements (ACRES) along with one extra element “Principal” which indicates  who is the permission granted to.
  5. A Permission contains Effect (ALLOW/DENY), Service (Eg. MyBucket on S3), Resource (/MyFiles/MyResume.doc) , Action (Eg. Read/Write/List) and an optional Condition (If ip is x.y.z or time is less than T etc.).
  6. You can remember these components of a Permission as acronym ACRES  (as in the unit of measurement of land) ActionConditionResourceAffectService
  7. You can also remember a Permission as a Do loop with a while. A DO loop contains

IAM Policy is like a Do-While loop

 

<<< Identity Access Management (IAM)IAM Authentication >>>
Copyright 2005-2016 KnowledgeHills. Privacy Policy. Contact .