Policies and the root user

Policy types and permission boundary for the root user.

The root user is affected only by some policies. Identity based policies are not compatible with the root user. The permissions boundary of the root user cannot be set.

The root user may be designated as principal in a resource-based policy or an Access List. Root user is also member of an account. If that account is a member of the organization in AWS Organizations, the root user is affected by any SCPs tied to the account.

Overview of JSON policies

JSON is the format in use for storage and management of policies.

There are several types of JSON Policies:

JSON Policy Document Structure

Includes the following elements:

  • Optional policy-wide information at the top of the document

  • One of more individual statements

Each statement includes information about a single permission.

  • If there are multiple statements in the policy, AWS applies a logical OR across the statements when evaluating them.

  • If there are multiple policies that are in scope of a given request, AWS applies a logical OR across the policies when evaluating them.

Information in a statement is contained within a series of elements:

  • Version

  • Statement

  • Sid

  • Effect

  • Principal

  • Action

  • Resource

  • **Condition **

More Advanced Policy Elements can be found on:

Last updated