Reputation: 86057
AWS IAM: Is this a Resource or Identity based policy?
According to this:
The principal_block element is required in resource-based policies (for example, in Amazon S3 bucket policies) and in trust policies for IAM roles. It must not be included in identity-based policies.
so is this:
https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_examples_aws-dates.html
an Identity-based Policy?
Upvotes: 1
Views: 888
Answers (1)
Reputation: 11
Yes, we agree! The example policy you linked to is an identity-based policy. The policy does not contain a principal element. To review, a principal is the entity that is allowed or denied access to a resource.
When you attach the policy to an IAM user, that user becomes the principal. Therefore, in an identity-based policy the principal is not explicitly declared in the policy statement.
Here´s a quote from the AWS documentation, "In those cases [policies that you attach to IAM users] , the principal is implicitly the user that the policy is attached to (for IAM users)..." (For more information, see https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html)
Upvotes: 1
Related Questions
- AWS IAM user-based policy vs resource-based policy vs both
- Two contardicting aws policies?
- Understanding aws policy
- Significance of resource in Resource Based Policy
- AWS IAM: Adding "exeption" for identity-based policy
- AWS EC2 IAM policy by default
- What is the purpose of 'resource' in an AWS resource policy?
- Understanding IAM policies
- IAM - Purpose of role identity in AWS
- AWS IAM applicable policies and attached entities