If you have been using AWS for any length of time, then this type of policy is probably the most familiar to you. You can attach these policies to identities that have been created within the IAM service and they essentially associate specific permissions associated with the identity. For example, if a group had a policy allowing full Amazon Simple Storage Service (S3) access, then that is an identity-based policy as users of the group would be granted permissions based on the policies bound to that group.
Identity-based policies can either be AWS-managed, customer-managed, or in-line policies, which we will discuss now:
- AWS-managed policies: These are predefined policies that can be found within IAM and are available to use without having to create your own. The following screenshot shows a sample of the EC2-managed policies that are available:
As you can see, there is a wide range of policies for each service with varying levels of access. At...