Certified Security - Specialty

Sign Up Free or Log In to participate!

I think that the answers in this question are logically equivalent, and that the person who wrote the question didn’t realize they were being ambiguous.

What is a Policy Condition used for in a Key Policy or IAM Policy?

It allows you to specify conditions for when a policy is in effect

It allows you to define conditions which must be met in order to enable access to AWS resources

Those two answers are true. A condition allows you to specify conditions when a policy is in effect, and it allows you to define conditions that must be met in order to allow those permissions to be effective.

2 Answers

Hi Kari, 

The policy will only come into effect if the condition is met.  

The other answer, does not properly answer the question because it is not the case that by satisfying the condition, then access will be enabled. 

The condition determines whether, the policy will come into effect. And the policy may Allow or Deny access or a combination of both. The condition is applied to the policy as a whole. 

hope that helps


Kari Kirfman

Thank you for answering, Faye! That does help; I didn’t consider that a policy could also deny when I read the question.

I had the same thought, I think it might be confusing for people which English is not the first language 🙁

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?