IAM policies are used to define permissions for your IAM entities such as users, groups, and roles. Each policy that you create consists of one or more statements that include the following elements:
- Effect: This element determines whether a policy statement allows or explicitly denies access to a particular IAM resource.
- Action: Actions are used to define AWS service actions within a policy, for example; you can specify Amazon S3 related actions such as list buckets, read or write to buckets, and so on.
- Resource: Resources are the AWS services or individual entities to which the actions apply.
- Condition: Conditions are used to define when a particular permission is allowed or denied on a resource. ...