Allow access

Take a look at an example of how to use Identity IAM policies to allow access.

We'll cover the following

Now that we know the steps IAM takes to allow or deny a request, let’s see a few examples. We’ll use the steps defined in the Evaluation flow lesson.

We’ll use increasingly complicated examples as you’ll see. In each example, we’ll see the identities, resources, and policies in the account. We’ll then build the request context with the values applicable to each scenario. The next step is to evaluate the filters against the request. And finally, we’ll run the policy evaluation logic to see the final decision.

Note: IAM provides a Policy Simulator tool, but in our experience, it’s hardly usable. Its results do not match the actual calls and it also does not provide help with the values of the context keys.

Identity IAM policies to allow access

Let’s start with a simple example. A user has a policy that allows access to an object in an S3 bucket:

Get hands-on with 1200+ tech skills courses.