Core concept
Policies: JSON. Statement with Effect (Allow/Deny), Action, Resource, Condition. Least privilege principle.
Advertisement
How it works
Roles for services (EC2, Lambda). STS AssumeRole for cross-account. SCP at organization for guardrails.
Advertisement
Trade-offs + gotchas
Everything. IAM Access Analyzer finds unused perms. IAM Identity Center for user federation. Sensible defaults + drift detection.