Examining Access Control
In this section, you will investigate two different approaches organizations can take to control access, either based on a principal’s role or based on specific properties, also known as attributes, characterizing a principal.
Role-Based Access Control (RBAC)
This is the traditional access control approach where the permissions defining the actions that a principal (user or role) can perform are based on the function that the person has in their job. You typically define different policies for the roles you need in your organization and then assign these policies to IAM identities (users, user groups, or roles). Note that AWS already includes some managed policies for job functions.
Since granting the least privilege is a best practice, you should restrict the permissions that you grant to the various job functions to the strict minimum each of them needs to perform its job. Typically, you do that by explicitly listing the AWS resources each...
