The other 3 terms are as follows:-
4. Authorization:-
To authorize the request, IAM users value from the request context to check matching policies and determine whether to allow or deny the request
IAM policies are stored in IAM as JSON documents and specify the permissions that are allowed or denied.
User (identity) based policies specify permission allowed/denied for principals.
Resource-based policies specify the permission allowed/denied for resources popular for granting cross-account permissions.
IAM checks each policy that matches the context of your request.
If a single policy includes a denied action, IAM denies the entire request and stops evaluating this is called Explicit Deny.
The evaluation logic follows below rules:-
By default, all requests are denied.
An explicit allow overrides this default.
An explicit denial overrides any allows.
5. Actions:-
Actions are defined by a service and are the things that you can do to a resource, such as viewing, creating, editing, and deleting that Resource.
IAM supports approx 40 actions for a user resource including creating a user, deleting a user, etc.
Any actions or resources that are not explicitly allowed are denied by default.
After your request has been authenticated and authorized, AWS approves the actions in your request.
6. Resource:-
A resource is an entity that exists within a service e.g. EC2 instances, S3 bucket, IAM users, or Dynamo DB table.
Each AWS service defines a set of actions that can be performed on each resource.
After AWS approves the actions in your request, those actions can be performed on the related resource within your account.
If you create a request to perform an unrelated action on a resource, that request is denied.
When you provide permissions using an identity-based policy in IAM, then you provide permissions to access resources only within the same account.
Few more points about IAM policies:-
You can create a new IAM policy in the AWS management console using one of the following ways:-
JSON:- You can create your own JSON syntax for creating the IAM policies.
Visual Editor:- You can construct a new policy from scratch in the Visual Editor. If you use the Visual Editor, you don't need to understand JSON syntax.
Import:- You can import a managed policy within your account and then edit the policy to customize it to your specific requirement.