A Policy is a JSON document that contains a list of permissions to allow or deny access to AWS resources. A single policy can be attached to one or more IAM user, group, and role. AWS IAM Policies provides the following two types of policies:
- AWS Managed Policies: These policies are governed by AWS. These policies are created for common use cases so that IT administrators can directly use these policies instead of creating new ones.
- Customer Managed Policies: These policies are custom made under your AWS account. The customer can define specific resource-based permissions and can modify them as and when needed.
The following is the sample customer-managed policy document:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:*" ], "Resource": "arn:aws:s3:::awsbootcamp-bucket" } ] }
The preceding policy allows all (s3:*
) actions on s3 bucket (awsbootcamp-bucket...