IAM Policy is a JSON document that defines one or more permissions.
Policy is used by an IAM principal such as a human being or application or an EC2 instance to access an AWS service such as an S3 bucket.
Two types of policies are available to choose and assign to IAM principals based on who manages these policies
Customer managed (Created by you)
AWS managed (predefined and managed by AWS)
Two types of policies based who uses these policies
User based policies are used to assign to an IAM principal such as yourself or an EC2 instance.
They contain one or more permissions
Resource based policies are assigned to AWS resources such as a queue or a S3 bucket.
They contain permissions. These permissions contain all normal elements (ACRES) along with one extra element “Principal” which indicates who is the permission granted to.
A Permission contains Effect (ALLOW/DENY), Service (Eg. MyBucket on S3), Resource (/MyFiles/MyResume.doc) , Action (Eg. Read/Write/List) and an optional Condition (If ip is x.y.z or time is less than T etc.).
You can remember these components of a Permission as acronym ACRES (as in the unit of measurement of land) ActionConditionResourceAffectService
You can also remember a Permission as a Do loop with a while. A DO loop contains