Certified Security - Specialty

Sign Up Free or Log In to participate!

IAM Policies 101

why the resource "S3" is not specified while creating an IAM policy, but there is a "*" instead ?

amckinnie

This allows you to modify all S3 buckets and not a specific bucket. If you entered anything where the astrik is, it would have to be the S3 ARN

1 Answers

Check out the link at the end for evaluating policy logic.

The long and short of it, since AWS has a least privilege given, only the actions allowed in the statement will affect certain resources. Despite resources being given a "*" one can only perform S3 actions.

https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?