Resource Policy

Resource-based policies attach directly to AWS resources (S3 buckets, KMS keys, Lambda functions, SQS queues) and define which principals from any account can access the resource and what actions they may perform. Unlike identity-based policies that grant permissions to identities, resource policies control access from the resource side, enabling cross-account access without IAM role assumption.

Misconfigured resource policies are a frequent cause of data exposure in cloud environments.