☁️
AWS Solutions Architect Associate SAA-C03 Study Notes/
🔶
AWS Identity and Access Management (IAM)/
🔷
IAM Policy Structure
🔷

IAM Policy Structure

Components

  • Version – Defines the policy language version; always use "2012-10-17".
  • Id – Optional identifier for the policy.
  • Statement – One or more permission rules.

Statement Fields

  • Sid – Optional statement identifier for referencing.
  • EffectAllow or Deny, specifying the action’s outcome.
  • Principal – The AWS account, user, or role to which the policy applies (mainly in resource-based policies).
  • Action – The API actions that are allowed or denied.
  • Resource – The ARN(s) of the resources to which the statement applies.
  • Condition – Optional set of key–value checks that must be true for the statement to apply.