Which resource and policy type are used to calculate AWS Net Effective Permissions? (Choose two.)
Which resource and policy type are used to calculate AWS Net Effective Permissions? (Choose two.)
To calculate AWS Net Effective Permissions, the two key components are Service Linked Roles and AWS Service Control Policies (SCPs). Service Linked Roles are unique roles that are linked directly to AWS services, enabling those services to perform specific actions on your behalf. AWS SCPs are used to manage permissions in your AWS organization, allowing you to set permission guardrails for your accounts. Together, these elements play a crucial role in determining the overall effective permissions in an AWS environment.
BD "The list of AWS policy types and identities that are used to calculate the net effective permissions are as follows: AWS IAM role AWS IAM policy AWS IAM group AWS service control policies (SCPs) Role trust relationships Permission boundaries NotAction Policies with wild card support If your cloud environment has additional resource types, Prisma Cloud does not factor them into the net-effective permissions. In addition, permissions can also be set by a resource-based policy. The following AWS resource-based policies are supported in the net effective permissions calculation: Lambda function S3 bucket SQS queue SNS topic ECS task definition Secret manager KMS key Lambda layer version"
BD https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/prisma-cloud-iam-security/context-used-to-calculate-effective-permissions
CD https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/prisma-cloud-iam-security/context-used-to-calculate-effective-permissions