Vikas Yandamuri
why the resource "S3" is not specified while creating an IAM policy, but there is a "*" instead ?
1 Answers
Zachariah Cavazos
Check out the link at the end for evaluating policy logic.
The long and short of it, since AWS has a least privilege given, only the actions allowed in the statement will affect certain resources. Despite resources being given a "*" one can only perform S3 actions.
https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html
This allows you to modify all S3 buckets and not a specific bucket. If you entered anything where the astrik is, it would have to be the S3 ARN