IAM Policy

Following list of points is all you need to know about IAM policies to pass the AWS certified solutions architect Associate exam.

  1. IAM Policy is a JSON document that defines one or more permissions.
  2. Policy is used by an IAM principal such as a human being or application or an EC2 instance to access an AWS service such as an S3 bucket.
  3. Two types of policies are available to choose and assign to IAM principals based on who manages these policies
    1. Customer managed (Created by you)
    2. AWS managed (predefined and managed by AWS)
  4. Two types of policies based who uses these policies
    1. User based policies are used to assign to an IAM principal such as yourself or an EC2 instance.
      1. They contain one or more permissions
    2. Resource based policies are assigned to AWS resources such as a queue or a S3 bucket.
      1. They contain permissions. These permissions contain all normal elements (ACERS) along with one extra element “Principal” which indicates  who is the permission granted to.
  5. A policy contains one or more permissions. A permission contains 5 components. You can remember these components of a Permission as acronym ACERS  – Action-Condition-Effect-Resource-Service (as in the acer laptop).
  6. The five components:  1)Action (Eg. Read/Write/List), 2) Condition (If ip is x.y.z or time is less than T etc.),  3) Effect (ALLOW/DENY), 4) Resource (/MyFiles/MyResume.doc), 5) Service (Eg. MyBucket on S3). Of these five only the Condition is optional.
  7. You can also remember a Permission as a Do loop with a while. A DO loop contains

IAM Policy is like a Do-While loop

<<< Identity Access Management (IAM)IAM Authentication >>>
Copyright 2005-2016 KnowledgeHills. Privacy Policy. Contact .