IAM Permission Boundaries

AWS supports permissions boundaries for IAM entities (users or roles).
They are like a "more powerful IAM policy for which the user MUST be allowed to do things in the permissions boundary for it do things in the actual AWS account."
A permissions boundary is an advanced feature for using a managed policy to set the maximum permissions that an identity-based policy can grant to an IAM entity.
An entity's permissions boundary allows it to perform only the actions that are allowed by both its identity-based policies and its permissions boundaries.

Last updated 3 years ago