IAM Policy Structure
To fully understand the structure of an IAM policy, let us see the default template provided by AWS and look at all the fields one by one.
- Version-ID: This is a compulsory field in a policy that is uniquely used to identify a JSON policy.
- Statement: It defines the permission for a single resource.
- Sid: Is short for statement id. It is a unique identifier for a statement.
- Effect: It defines the Allow/Deny prospects to a resource.
- Action: This is used to state what service can perform what all actions.
- Resource: It consists of the list of resources that are impacted by the policy.
For example, below is the policy for an Auto Scaling Service, that allow read permission on all resources:
Now, if you attach this iam policy to an Auto Scaling Group (ASG) service that you provision, that particular instance of ASG would have read permission on all resources.
What Is AWS IAM Policy?
In this article, we will learn about identity and access management (IAM) policies in Amazon Web Services. IAM in AWS is a free service that allows the owner of an AWS account known as the root to grant other users and services access to his account’s resources on his behalf. The policies in Iam allow the admin to have fine-grained control over his account resources. It calls for the admin to implement the principle of least privilege to maintain the security and privacy of his account and not get any unintended bills.
Each organization has a single root account. All the other users are provided access to only what they need, to perform their day-to-day job. This is the principle of least privilege. For example: You are an employee in an office. You can enter the office with your i-card, but the building does not belong to you. It is the property of the company. Then, you do not have access to all the rooms in your office. You can only enter those parts of the building that you are authorized to access.