IAM Flashcards
Request context of a policy
Principal
action
Resource,
Policy Types
identity-based policies,
resource-based policies,
IAM permissions boundaries,
AWS Organizations service control policies (SCPs),
access control lists (ACLs),
session policies
Identity based
Also known as IAM policies, identity-based policies are managed and inline policies attached to IAM identities (users, groups to which users belong, or roles).
Permission Boundary
A permissions boundary sets the maximum permissions that an identity-based policy can grant to an IAM entity.
ACL
Use ACLs to control which principals in other accounts can access the resource to which the ACL is attached
Service Roles
IAM roles that can be assumed by an AWS service
ABAC
defines permissions based on attributes
iam:AWSService
control access for a specific service role.
iam:OrganizationsPolicyId
key provides the IAM entity access to specific SCPs.
iam:PermissionsBoundary
checks that the specified policy is attached as a permissions boundary on the IAM principal resource.
iam:PolicyARN
checks the Amazon Resource Name (ARN) of a managed policy in requests that involve that same managed policy
iam:ResourceTag
checks that the tag attached to the identity resource, either a user or role, matches the specified key name and value provided.
iam:PassedToService
specifies the service principal of the service to which a role can be passed.
iam:associatedarn
specifies the ARN of the resource to which this role will be associated at the destination service.
NotPrincipal
specify an exception to a list of principals.
You cannot use the NotPrincipal element in an IAM identity-based policy. You can use it in the trust policies for IAM roles and in resource-based policies.
