Skip to the content.
AWS Developer Associate

Advanced IAM

Authorization Model Evaluation of Policies

  1. If there is an explicit DENY condition in the policy, end decision and DENY access
  2. If there is an ALLOW condition, end decision with ALLOW access
  3. Else DENY

IAM Policies and S3 Bucket Policies

Dynamic Policies with IAM

Inline and Managed Policies

AWS Managed Policies

Customer Managed Policies

Inline Policies

Granting Users Permission to Pass a Role to an AWS Service

Can any role be passed to any service?