IAM Policy

aws/iam aws/security

💡 Definition

An IAM Policy is a document (typically in JSON format) that defines permissions. Policies are attached to IAM identities (Users, Groups, Roles) or resources to determine what actions are allowed or denied.

🔑 Key Concepts

⚙️ How it Works

When a user tries to perform an action, AWS evaluates all attached policies. 1. Default Deny: Everything is denied by default. 2. Explicit Allow: An "Allow" statement grants permission. 3. Explicit Deny: A "Deny" statement overrides any "Allow".

🎯 Use Cases

💰 Pricing Model

📝 Exam Tips (CLF-C02)


See Also: * IAM * Principle of Least Privilege * IAM User