AWS IAM policy attachment #5
Description
In AWS, policy attachment is how you grant a certain permission to IAM entities (user, groups or roles). It's like connecting a security clearance document to an identity.
So normally you create a role to define who can assume this role and then attach desired policies to it to define what the role can do.
It's like the hotel key card system, policy attachment is like what kind of things/amenities your hotel can unlock. I'm assuming this is done so that:
- there is a separation of concern for role creation and policy granting
- policy can be reusable to many different roles
- easy to add/remove, modularity
- principle of least privilege, only attach what the role needs