What is a Policy Condition used for in a Key Policy or IAM Policy?
It allows you to specify conditions for when a policy is in effect
It allows you to define conditions which must be met in order to enable access to AWS resources
Those two answers are true. A condition allows you to specify conditions when a policy is in effect, and it allows you to define conditions that must be met in order to allow those permissions to be effective.
2 Answers
Hi Kari,
The policy will only come into effect if the condition is met.
The other answer, does not properly answer the question because it is not the case that by satisfying the condition, then access will be enabled.
The condition determines whether, the policy will come into effect. And the policy may Allow or Deny access or a combination of both. The condition is applied to the policy as a whole.
hope that helps
Faye
I had the same thought, I think it might be confusing for people which English is not the first language 🙁
Thank you for answering, Faye! That does help; I didn’t consider that a policy could also deny when I read the question.