|
gptkbp:instanceOf
|
Access control policy
|
|
gptkbp:analyzes
|
gptkb:Access_Analyzer
|
|
gptkbp:attachedTo
|
gptkb:IAM_group
gptkb:IAM_role
gptkb:IAM_user
Service-linked role
|
|
gptkbp:auditedBy
|
gptkb:AWS_IAM_Access_Analyzer
|
|
gptkbp:canBe
|
gptkb:IAM_Policy_Simulator
Yes
Control API access
Control console access
Cross-account access
Delegate access
Deny permissions
Federated access
Grant permissions
Restrict access
Service control policies (SCPs) in AWS Organizations
|
|
gptkbp:canBeEvaluatedBy
|
gptkb:IAM_policy_simulator
|
|
gptkbp:canBeRestrictedBy
|
Resource-based policies
Service control policies
Session policies
|
|
gptkbp:canBeVersioned
|
Yes
|
|
gptkbp:canCreate
|
gptkb:AWS_CloudFormation
gptkb:AWS_CLI
gptkb:AWS_Management_Console
gptkb:AWS_SDKs
gptkb:Terraform
|
|
gptkbp:canImport
|
AWS managed policies
|
|
gptkbp:contains
|
Statements
|
|
gptkbp:controlledBy
|
AWS resources
|
|
gptkbp:documentation
|
https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html
|
|
gptkbp:effectCanBe
|
Allow
Deny
|
|
gptkbp:enables
|
Least privilege
|
|
gptkbp:exportedTo
|
gptkb:CloudFormation_templates
|
|
gptkbp:hasType
|
Inline policy
Managed policy
|
|
gptkbp:hasVersion
|
2012-10-17
2008-10-17
|
|
https://www.w3.org/2000/01/rdf-schema#label
|
AWS IAM policies
|
|
gptkbp:limitation
|
10 managed policies per IAM role
20 inline policies per IAM role
|
|
gptkbp:managedBy
|
gptkb:AWS
|
|
gptkbp:sharedBy
|
Other AWS accounts
|
|
gptkbp:statementHas
|
gptkb:action
Condition
Resource
Effect
|
|
gptkbp:usedBy
|
gptkb:AWS_Identity_and_Access_Management
|
|
gptkbp:writtenBy
|
gptkb:JSON
|
|
gptkbp:bfsParent
|
gptkb:AWS_IoT_Core
|
|
gptkbp:bfsLayer
|
6
|