This chapter took you through the various types of access policies, their structure, and how to effectively and securely manage access to your AWS resources. You need to be fully aware of the different policies that exist within AWS and how they work together to either grant or deny access to resources based on different actions.
Regardless of which policy you are using, one key point is to always implement security based on the Principle of Least Privilege (PoLP). This essentially means that you should only ever grant permissions for an identity that they actually need, and no more. For example, let's say a user needed access to be able to stop and terminate instances using ec2:stopinstances and ec2:terminateinstances. Then, you wouldn’t issue a policy that allowed access to all ec2 APIs—for example, ec2:*. If this happens, you are increasing the potential of security threats, especially from an internal perspective. For the certification exam...