By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Permissions boundary Usage

0

Can I use the Permissions boundary set on the user group as far as I have understood this can be done on the User or the Role. Can this be used on the user group? I have got the reference from the below AWS docs. https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html

Topics
Security, Identity, & Compliance
Tags
IAM Policies
Language
English
shyam
asked 9 months ago181 views
1 Answer
1

Hello.
Permission boundaries, when set, restrict even IAM groups.
Permission boundaries can only be set for IAM users and IAM roles.
https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html#access_policies_boundaries-eval-logic

Identity-based policies with boundaries – Identity-based policies are inline or managed policies that are attached to a user, group of users, or role. Identity-based policies grant permission to the entity, and permissions boundaries limit those permissions. The effective permissions are the intersection of both policy types. An explicit deny in either of these policies overrides the allow.

AWS supports permissions boundaries for IAM entities (users or roles).

profile picture
EXPERT
Riku_Kobayashi
answered 9 months ago
profile picture
EXPERT
JimmyDqv
reviewed 9 months ago
  • shyam
    9 months ago

    doesn't this mean that Identity-based policies can be used on user, group of users, or role and permissions boundaries limit those permissions.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content