cloud-security

Permission Boundaries

IAM Permission Boundaries

Definition

Permission boundaries are AWS IAM policies that set the maximum permissions an IAM entity (user or role) can have, regardless of what identity-based policies grant. They prevent privilege escalation by ensuring that even if a developer grants themselves or a role additional permissions, those permissions cannot exceed what the boundary allows.

Permission boundaries are essential in delegation scenarios where teams manage their own IAM roles within security guardrails established by a central security team.

Related Terms

SCPs

Service Control Policies

IAM Roles

Cloud IAM Roles

Least Privilege

Principle of Least Privilege

← Back to Glossary

Ship secure code faster

Crash Override integrates security into the developer workflow. No context switching, no waiting on reviews.

Talk to a Human See the Product