Certified Security - Specialty

Sign Up Free or Log In to participate!

Policy Conflicts – Visual Diagram is oversimplified to the point of not being correct

The presented diagram might be ok for Associate Exam(s) but not for Security Specialty or for anyone who is serious about studying security in AWS.

The full diagram can be found here https://docs.aws.amazon.com/IAM/latest/UserGuide/images/PolicyEvaluationHorizontal.png

Not all policies as evaluated in the same way (explicit deny/deny/allow). For example having explicit ALLOW in Identity-based policy and no explicit DENY anywhere else might not be sufficient for the final ALLOW if there are SCPs or Permission Boundaries.

0 Answers

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?