Policies and the root user
Policy types and permission boundary for the root user.
The root user is affected only by some policies. Identity based policies are not compatible with the root user. The permissions boundary of the root user cannot be set.
The root user may be designated as principal in a resource-based policy or an Access List. Root user is also member of an account. If that account is a member of the organization in AWS Organizations, the root user is affected by any SCPs tied to the account.
Overview of JSON policies
JSON is the format in use for storage and management of policies.
There are several types of JSON Policies:
JSON Policy Document Structure
Includes the following elements:
Optional policy-wide information at the top of the document
One of more individual statements
Each statement includes information about a single permission.
If there are multiple statements in the policy, AWS applies a logical OR across the statements when evaluating them.
If there are multiple policies that are in scope of a given request, AWS applies a logical OR across the policies when evaluating them.
Information in a statement is contained within a series of elements:
Version
Statement
Sid
Effect
Principal
Action
Resource
**Condition **
More Advanced Policy Elements can be found on:
Last updated