AWS IAM (Identity & Access Management) - ilya-khadykin/notes-outdated GitHub Wiki

IAM Policy

• a policy is a document that states one or more permissions
• by default, all permissions are implicitly denied
• an explicit deny always overrides explicit allow
• you can create your own custom IAM permission policies using existing ones as template or write permission from scratch.
• a user or a group can have more than one IAM policy assigned
• IAM policies cannot be directly assigned to AWS resource