Permissions boundary Usage

Question

Can I use the Permissions boundary set on the user group as far as I have understood this can be done on the User or the Role. Can this be used on the user group? I have got the reference from the below AWS docs.
https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html

Answer

Hello.  
Permission boundaries, when set, restrict even IAM groups.  
Permission boundaries can only be set for IAM users and IAM roles.  
https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html#access_policies_boundaries-eval-logic  
> Identity-based policies with boundaries – Identity-based policies are inline or managed policies that are attached to a user, group of users, or role. Identity-based policies grant permission to the entity, and permissions boundaries limit those permissions. The effective permissions are the intersection of both policy types. An explicit deny in either of these policies overrides the allow.

> AWS supports permissions boundaries for IAM entities (users or roles).

Permissions boundary Usage

相關內容