Please enable JavaScript.
Coggle requires JavaScript to display documents.
permissions union (version (statement (effect (principal (action (resource…
permissions union
version
statement
effect
principal
action
resource
condition
sourceIP wont work with endpoints
ARNs or Objects
api actions/resource match
entity which the statement applies to
allow/deny
enclosed curly brackets and deliminated by commas
make sure it is current
ID access a resource and multiple permissions objects in place
cross account roles
Trust
Permissions
what they can access
defines who can assume
confused deputy
external ID fixes this