Please enable JavaScript.
Coggle requires JavaScript to display documents.
AWS-Security - Coggle Diagram
AWS-Security
2.1 IAM
Identity Policies
Typically Identity Policies are used to grant people (or applications) permission to use services and resources.
Policy document
Effect block
-
The Effect is typically Allow, since by default all permissions not specified are denied
-
-
-
-
-
Resource Policies
Typically Identity Policies are used to grant people (or applications) permission to use services and resources. Resource Policies are most often used to further restrict which people (or applications) can access a specific resource
-
-
Groups and Instance Profiles, cannot be used as principals
Principal Entities include certain IAM entities: Users,
AWS Accounts, AWS Services, Federated Users.
For resources that support Resource Policies, either the Resource Policy or the Identity Policy are necessary to grant permission.
However, if either the resource policy or the identity policy have an explicit deny for the action and resource in the request, then it will be denied even if the other policy allows it
Resource-based policies are inline only, not managed
-
-
-
-
-
1.2 IAM
User
A user is a representation of a person or application. A person or application can only access AWS services by first authenticating as an IAM User.
Policy
A policy is a JSON document that describes exactly how a user can access AWS services. For example, a policy might let a user list all of the DynamoDB tables.