By default, IAM users, groups, and roles have no access to AWS resources. IAM policies are the means by which privileges are granted to users, groups, or roles.
Assigning privileges at the group or role level reduces the complexity of access management as the number of users increase. Reducing access management complexity may in-turn reduce opportunity for a principal to inadvertently receive or retain excessive privileges.
We recommend that IAM policies are applied directly to groups and roles, but not to users.
- Resource: AWS::IAM::Policy
- Arguments: Properties.Users
Resources: ExamplePolicy: Type: 'AWS::IAM::Policy' Properties: ... - Users: - - example_user
Updated about 1 year ago