Identity-based Policy

What it is: A policy attached to an IAM user, group, or role.

What it’s for:

• Grant that identity permissions to call AWS APIs.

Key ideas:

• Most common in AWS.
• Best practice: attach to roles for services.

Hard words:

• *attach* /əˈtætʃ/: gắn (policy vào identity)