Restricting Policies
Explore how permission boundaries and session policies help enforce strict access controls within AWS IAM. Understand their roles in limiting permissions for IAM users and sessions, ensuring secure resource access and compliance in your AWS environment.
In this lesson, we’ll discuss two types of policies that act as upper limits for the IAM entity’s permissions. These advanced optional policies are used when we want to restrict the maximum permissions of an IAM entity.
Permission boundary
Permission boundaries are policies that act as an upper bound on IAM entity permissions. Any AWS-managed or customer-managed identity-based policy can be used as a permission boundary. When a permission boundary is attached to an IAM entity, it can only perform the actions that are allowed in both the attached identity-based policy and the permission policy set for that entity.
When do we need a permission boundary?
Permission boundaries are mostly useful when we want to limit the permissions of an ...