AWS Policy Evaluation

Last Updated : 20-Oct-2020

  1. Check for explicit deny
  2. If SCP and no allow then deny
  3. If resource policy allows then allow
  4. If boundary policy exists and no allow then deny
  5. If session policy exists and no allow then deny
  6. If identity policy allows then allow

Cross Account Policy Evaluation

Consider identity in Account A wants to access resource in Account B

Account A with the identity must be allowed access out of the account to Account B, and Account B must allow access into the account from Account A.

Using Template: Template Post
magnifier linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram