IAM Policy Evaluation

IAM Permission Boundaries

Evaluation Logic

IAM Policy Evaluation Order

  1. Command Line Options: Override any other config. Used like --region, --output, --profile etc
  2. Environment variable
  3. CLI Credentials File: Created by aws configure and store in ~/.aws/credentials
  4. CLI Config File: TODO: find diff between CLI Credentials File and CLI Config File
  5. Container Credentials: Temporary credentials in the ECS Task container
  6. Instance Profile Credentials: IAM role attached to the instance