How IAM roles differ from resource-based policies - AWS Identity and Access Management
docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_compare-resource-policies.html
1 Users
0 Comments
4 Highlights
0 Notes
Tags
Top Highlights
Unlike an identity-based policy, a resource-based policy specifies who (which principal) can access that resource.
Cross-account access with a resource-based policy has some advantages over cross-account access with a role.
For a complete list of the growing number of AWS services that support attaching permission policies to resources instead of principals, see AWS services that work with IAM and look for the services that have Yes in the Resource Based column.
For some AWS services, you can grant cross-account access to your resources. To do this, you attach a policy directly to the resource that you want to share, instead of using a role as a proxy. The resource that you want to share must support resource-based policies.
Ready to highlight and find good content?
Glasp is a social web highlighter that people can highlight and organize quotes and thoughts from the web, and access other like-minded people’s learning.