Introduction

AWS predefined policies are managed policies that AWS creates and maintains, providing pre-configured permissions for common use cases. Here are the key points:

They are built-in policies designed for common scenarios

You can attach them to multiple users, groups, and roles in your AWS account

AWS automatically updates these policies as new services or APIs launch

Examples include AmazonS3ReadOnlyAccess, AWSLambdaBasicExecutionRole, and AmazonEC2FullAccess

They simplify permissions management with ready-to-use permission sets

Using these policies saves time and reduces errors compared to writing custom policies

Types of AWS Policies

Here are the main types of AWS policies:

• Identity-based Policies: Attached to IAM users, groups, or roles. These control what actions these identities can perform.
• Resource-based Policies: Attached directly to resources like S3 buckets. They control who can access the resource and what actions they can perform.
• Permission Boundaries: Set the maximum permissions an IAM entity can have, regardless of other policies.
• Service Control Policies (SCPs): Used in AWS Organizations to manage permissions across multiple AWS accounts.
• Session Policies: Advanced policies used to restrict permissions when creating temporary sessions.
• AWS Managed Policies: Pre-built policies maintained by AWS for common use cases.
• Customer Managed Policies: Custom policies created and managed by customers for their specific needs.

Use Cases of Different Policies

• Identity-based Policies: Think of these as your personal access card - they determine what you and your team members can do in AWS. For example, you might want junior developers to only view resources while senior developers can create and modify them
• Resource-based Policies: These are like setting up security rules for your valuable assets. You can control exactly who gets to access your important S3 buckets or other AWS resources