Policies specify what permissions are granted to an ECS entity which needs to access a resource.
For example, policies can:
Specify actions on a resource.
Identify resources.
Identify principals that are applicable for the policies.
Specify conditions that are applicable.
ECS IAM supports the following policy types:
Policies
Description
Identity-based policies
Policies that are assigned to users, groups, and roles which grant permissions to an identity.
Inline Policies
Managed Policies (Both ECS and Customer managed)
Resource-based policies
These are inline policies that are assigned to an ECS resource that grants specified principal permission to perform specific action on the resource.
Bucket Policy
Trust Policy - Is a resource-based policy that is attached to an IAM role. Trust policies identify the principal entities that can assume the role.
Permission Boundaries
Use a managed policy as the permissions boundary for an IAM entity (user or role). That policy defines the maximum permissions that the identity-based policies can grant to an entity, but does not grant permissions. Permissions boundaries do not define the maximum permissions that a resource-based policy can grant to an entity.
Session policies
Session policies are used with AssumeRole and AssumeRoleWithSAML APIs. Session policies limit the permissions that the identity-based policies of a role or user grant to the session. Session policies limit permissions for a created session, but do not grant permissions.
Access Control Lists (ACLs)
ACLs are cross-account permissions policies that grant permissions to the specified principal.
NOTE: If there is an explicit deny in any policy, then the request is denied otherwise there must be a policy that explicitly allows the request. If neither then by default the request is denied.
Data is not available for the Topic
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\