IAM Policies in Amazon Web Services
An IAM policy is a JSON document that specifies permissions. Policies can be reused with different services in AWS. The same policy can be assigned to different people and teams. Policies are of two types in AWS:
- AWS managed policies – These are the policies that are provided by default in AWS. These consist of the commonly used services and the read and write permissions associated with them.
- Customer-managed policies – In case a user needs a policy that should meet their specific needs and use cases, then they can build their custom policies.
What Is AWS IAM Policy?
In this article, we will learn about identity and access management (IAM) policies in Amazon Web Services. IAM in AWS is a free service that allows the owner of an AWS account known as the root to grant other users and services access to his account’s resources on his behalf. The policies in Iam allow the admin to have fine-grained control over his account resources. It calls for the admin to implement the principle of least privilege to maintain the security and privacy of his account and not get any unintended bills.
Each organization has a single root account. All the other users are provided access to only what they need, to perform their day-to-day job. This is the principle of least privilege. For example: You are an employee in an office. You can enter the office with your i-card, but the building does not belong to you. It is the property of the company. Then, you do not have access to all the rooms in your office. You can only enter those parts of the building that you are authorized to access.