14_IAM Policy Contents Summary

Flashcards about IAM policies based on lecture notes

How are IAM policies stored?

IAM policies are stored in AWS as JSON documents, containing one or more statement elements.

What does each statement element in an IAM policy include?

Each statement includes an effect (allow or deny) and a principal that defines who the permission applies to.

In identity-based policies, how is the principle defined?

For identity-based policies, the principle is implied as the identity the policy is attached to.

What does the 'action' element describe in an IAM policy?

Describes what is allowed or denied within the policy.

What does the 'resource' element describe in an IAM policy?

Describes which AWS resources the action applies to.

What is the purpose of the 'condition' element in an IAM policy?

An optional element that provides additional context for granting or denying permissions.

What does the first part of the example resource-based policy explicitly allow?

Any DynamoDB or S3 action on the DynamoDB table and S3 bucket listed in the resources section.

What does the second part of the example resource-based policy explicitly deny?

Access to any DynamoDB or S3 actions on all resources except for those listed under 'not resource'.

In the identity-based policy example, what does the first part of the statement allow?

Several IAM actions on a specified username within an AWS account.

In the cross-account resource-based policy example, what permission is granted?

Grants the principal (account number of account B) permission to perform any action on an S3 bucket in account A.

How are IAM Policies Stored?

IAM policies are stored as JSON documents.

What does each statement in an IAM policy describe?

Each statement describes effects, actions, and resources that together define a distinct permission.