- Users and Roles
- Security Credentials: access key, password, multi-factor authentication device
- federated users
- Managed Policy = pre-built policy by AWS or administrator
- Effect: Allow or Deny
- Action: API calls
- Resource: ARN
- Inline Policy
- a policy assigned to just 1 user or 1 group
- override standard policy
- Sample managed policy
{
"Version": "2017-08-25",
"Statement": [
{
"Effect": "Allow",
"Action": "ec2:Describe*",
"Resource": "*"
}
]
}
|