Processing the request context

AWS processes the request to gather the following information into a request context:

Actions – The actions that the principal wants to perform.
Resources – The AWS resource object upon which the actions or operations are performed.
Principal – The user, role, or federated user that sent the request. Information about the principal includes the policies that are associated with that principal.
Environment data – Information about the IP address, user agent, SSL enabled status, or the time of day.
Resource data – Data related to the resource that is being requested. This can include information such as a DynamoDB table name or a tag on an Amazon EC2 instance.

AWS then uses this information to find policies that apply to the request context.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Policy evaluation logic

Single account policy evaluation