Allows access for any entity

This example shows how you might create a policy that allows any authenticated principal to view the album alice_vacation.


permit(
  principal,
  action == Action::"view", 
  resource in Album::"alice_vacation"
);

This example shows how you might create a policy that allows the user alice list all the albums in the jane account, list the photos in each album, and view photos in the account.


permit(
  principal == User::"alice", 
  action in [Action::"listAlbums", Action::"listPhotos", Action::"view"],
  resource in Account::"jane"
);

This example shows how you might create a policy that allows the user alice to perform any action on resources in the album jane_vaction.


permit(
  principal == User::"alice", 
  action,
  resource in Album::"jane_vacation"
);

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Allows access to groups of entities

Allows access for attributes of an entity (ABAC)