Policies define the permissions required to execute an operation irrespective of the method used to perform it. AWS supports six types of policies:
Identity-based policies
Resource-based policies
Permissions boundaries
Organizations SCPs
ACLs
Session policies
1- Identity-based policies- They are JSON permissions policy documents that control what actions an identity can perform, under what conditions, and on which resources. These policies are further classified into 2 categories:
Managed Policies– These policies are standalone identity-based policies that can be attached to different users, groups in your AWS environment.
Inline policies- These policies are directly attached to a single user, group, or role. In situations where inline policies are used, a strict one-to-one relationship between a policy and an identity is maintained.
2- Resource-based policies- These policies are the ones attached to a resource such as an Amazon S3 bucket. They define which actions can be performed on the particular resource and under what circumstances.
3- IAM permissions boundaries- They actually refer to the maximum level of permissions that identity-based policies can grant to the specific entity.
4- Service Control Policies (SCPs)- SCPs are the maximum level of permissions for an organization or organizational unit.
5- Access Control lists- They define and control which principals in another AWS account can access the particular resource.
6- Session policies- They are advanced policies that are passed as a parameter when a temporary session is programmatically created for a role or federated user.