1개 답변
- 최신
- 최다 투표
- 가장 많은 댓글
1
Hello.
Permission boundaries, when set, restrict even IAM groups.
Permission boundaries can only be set for IAM users and IAM roles.
https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html#access_policies_boundaries-eval-logic
Identity-based policies with boundaries – Identity-based policies are inline or managed policies that are attached to a user, group of users, or role. Identity-based policies grant permission to the entity, and permissions boundaries limit those permissions. The effective permissions are the intersection of both policy types. An explicit deny in either of these policies overrides the allow.
AWS supports permissions boundaries for IAM entities (users or roles).
doesn't this mean that Identity-based policies can be used on user, group of users, or role and permissions boundaries limit those permissions.