AWS Identity and Access Management (IAM) follows a ‘deny by default’ policy. This ensures that users, roles, or groups cannot gain access unless they have the necessary policies to view that particular resource.
AWS evaluates the policies of each IAM identity that makes a request, and this is where this Playground comes in.
There are multiple access control parameters that AWS needs to look at before deciding if the user/role/group can access the resource. In the Playground, we’ll be looking at 3 separate users trying to access an S3 bucket, each of whom have various policies applied.
We’ll take a closer look at which users have the required permissions to pass the restriction enforced by IAM Permission Boundary and S3 bucket policies. In doing so, you’ll get a hands-on understanding of the fine-grained access control you can achieve with IAM policy management.
AWS IAM Analysis