By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

IAM access keys question

0

I know that an access key gives programmatic access to your AWS account and that an access key of a root account gives full access, but is the access key for a created user limited by the permissions that the user has? I understand it's best to create a user with only the permissions needed, and then create an access key for that user. Is that why?

This may sound like a basic question but I can't find a confirmation of this. I'm hoping someone can confirm this.

Topics
Security, Identity, & Compliance
Tags
AWS Key Management ServiceSecurity, Identity, & ComplianceAWS Identity and Access Management
Language
English
MJ
asked a year ago243 views
1 Answer
1
Accepted Answer

Yes, if you authenticate with the IAM User's access keys, the polices enforce for that user will be evaluated for authorization. You can see the full evaluation logic here: Policy evaluation logic.

profile pictureAWS
EXPERT
kentrad
answered a year ago
profile pictureAWS
EXPERT
Brettski-AWS
reviewed a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content