DEV Community

Seenivasa Ramadurai
Seenivasa Ramadurai

Posted on

AWS -IAM Policies Overview

Identity Policy
Resource-Based Policy
Trust Policy
Permission Boundaries
SCP (Service Control Policy)
ACL (Access Control List)
Session Policy
Identity Policy

An Identity Policy is like a fingerprint—unique to each user and serves as a long-term credential. Just as a fingerprint provides access to your smartphone, this credential grants access to digital resources. Keeping it secure is crucial, as any compromise could lead to serious security risks in the digital world.

Resource-Based Policy
This policy is akin to owning assets and managing who has the authority to use or manage those assets. It often works in conjunction with a Trust Policy to define who can manage the resources.

Trust Policy
Trust Policy can be compared to granting someone the authority to drive your car. Only the individuals listed in this policy can assume specific roles and access or operate the resource, much like only certain people can drive the car.

Permission Boundaries
This is like giving a family member or friend power of attorney, defining the specific actions they are permitted to take on your behalf.

SCP (Service Control Policy)
Think of this policy as the head of a household setting rules that everyone in the family must follow. In a joint family, all heads of the household will inherit the permissions and restrictions set by the main head, similar to how SCP controls access at an organizational level.

ACL (Access Control List)
An ACL is like renting out your house and specifying what the tenant is allowed to do with your property. It's a form of resource-based policy that defines permissions at the resource level.

Session Policy
This is like allowing a friend to drive your car (via the CLI) or bike (through the console) but only for a limited time. It grants temporary access to resources for specific actions during a session.

Thanks
Sreeni Ramadurai

Top comments (0)