IAM Permission Boundaries

  • AWS supports permissions boundaries for IAM entities (users or roles).

  • They are like a "more powerful IAM policy for which the user MUST be allowed to do things in the permissions boundary for it do things in the actual AWS account."

  • A permissions boundary is an advanced feature for using a managed policy to set the maximum permissions that an identity-based policy can grant to an IAM entity.

  • An entity's permissions boundary allows it to perform only the actions that are allowed by both its identity-based policies and its permissions boundaries.

PreviousIAM for S3 ResourcesNextSecurity Token Service (STS)

Last updated