AWS IAM Policies in a Nutshell

jcolemorrison.com

20 points
by
colemorrison
1 hour ago
officelineback
27 minutes ago
Isn't the "Principal" element only a part of S3 permission policies, not IAM? In IAM the "principal" is implied, it's the user to which the policy is attached. Edit: I see you explain well into the article, but I believe the title of the article could be improved.
colemorrison
24 minutes ago
Yeah, I mention that in the "Who" aka Principal section. It's like that for any resource based policy (i.e. like S3). So IAM Users/groups have it implied, but Resource based ones like S3 do not have it implied.
officelineback
22 minutes ago
The thing is, an S3 bucket policy is not an IAM policy. It's a bucket policy. They use the same language, format, and syntax, but they are not called the same thing.
colemorrison
19 minutes ago
Indeed, they're just a "resource" policy. They're still talked about and share the so many same attributes that it became more character saving to say AWS IAM Policies vs. AWS IAM, S3, SNS, SQS, Glacier Policies =P
