logo
Published on

IAM Policy

Authors
  • avatar
    Name
    Bowen Y
    Twitter

Difference between Trust Policy and Permission Policy

In AWS IAM, there are two main types of policies that are associated with roles:

  1. Trust Policy: Specifies who or what can assume the role.
  2. Permissions Policy: Specifies what actions the role can perform and on which resources.

Trust Policy

  • Purpose: Defines the entities that are trusted to assume the role.
  • Attachment: Each role can have only one trust policy.
  • Example: Allowing AWS Lambda to assume a role.

Permissions Policy

  • Purpose: Defines the permissions (actions on resources) that are granted to the role.
  • Attachment: Each role can have multiple permissions policies attached to it.
  • Types:
    • Managed Policies: Can be AWS managed or customer managed and can be reused across multiple roles.
    • Inline Policies: Defined directly within the role and cannot be reused.