Policy 1 Flashcards
Policy Types
4 types of IAM Policies?
Identity-based, Resource-based, permission boundaries, Service Control Policies (SCPs)
Policy Types
What can have Identity-based policies?
Users, Groups, Roles
Policy Types
What type of Policies use “Principal” section?
Only Resource policies
Policy Interpretation
Single policy with DENY and a Condition. What if condition isn’t true?
Still denied: implicit deny! You’d need an explicit Allow for this to do anything.
Policy Interpretation
What is “NotAction”?
Opposite of “Action”: Careful! This means everything other than these is in scope!
Policy Interpretation
What should you be on the lookout for on the exam with Policies?
“not” appearing in conditions, “NotAction”, etc. Most common way to mess up.
Policy Interpretation
Setting up policy to deny anything not in eu-west-1. What’s the “gotcha”?
CloudFront, Route53, IAM, and Support run out of us-east-1 and are global.
Policy Interpretation
S3 policy Actions around listing buckets?
s3:ListAllMyBuckets (all buckets owned by me), s3:ListBucket (objects in a bucket). There is no s3:ListObject*