https://truongvu.dev/tags/notes/ Recent content in Notes on > truongvu.dev https://truongvu.dev/static/images/default-cover.png https://truongvu.dev/static/images/default-cover.png Hugo en Sat, 21 Mar 2026 09:21:13 +0700 https://truongvu.dev/categories/aws-sap-cheat-sheet/202603211-sap-iam/ Sat, 21 Mar 2026 09:21:13 +0700 https://truongvu.dev/categories/aws-sap-cheat-sheet/202603211-sap-iam/ <h3 id="-1-what-level-are-you-controlling">🎯 1. What level are you controlling?</h3> <h4 id="-a-account--organization-level">🔹 A. Account / Organization level</h4> <p><strong>Keywords:</strong></p> <ul> <li>&ldquo;limit an account&rdquo;</li> <li>&ldquo;restrict services across accounts&rdquo;</li> <li>&ldquo;govern multiple accounts&rdquo;</li> </ul> <p>👉 Use: AWS Organizations + SCP</p> <hr> <h4 id="-b-user--role-level">🔹 B. User / Role level</h4> <p><strong>Keywords:</strong></p> <ul> <li>&ldquo;user can access&hellip;&rdquo;</li> <li>&ldquo;role permission&hellip;&rdquo;</li> <li>&ldquo;least privilege&rdquo;</li> </ul> <p>👉 Use: IAM Policy</p> <hr> <h4 id="-c-cross-account-access">🔹 C. Cross-account access</h4> <p>👉 Check next 👇</p> <hr> <h3 id="-2-does-the-service-support-resource-policy">🔍 2. Does the service support Resource Policy?</h3> <h4 id="-yes--use-resource-policy">✅ YES → Use Resource Policy</h4> <p>Examples: S3, SQS, SNS, Lambda</p>