By default these entities start with no permissions to access AWS Services, Permissions are granted to IAM entities (users, groups, and roles) using these Policies.
- Policies are JSON documents in AWS that let you specify who has access to AWS resources, and what actions they can perform on those resources.
- You can attach a policy to an identity or resource to define their permissions.
- AWS evaluates these policies when the IAM principal makes a request.
- Permissions in the policies determine whether the request is allowed or denied.