IAM policies (JSON structure) in AWS - Time & Space Complexity

When working with IAM policies in AWS, it's important to understand how the time to process these policies grows as they get bigger or more complex.

We want to know how the number of policy statements affects the time AWS takes to evaluate permissions.

Analyze the time complexity of evaluating an IAM policy with multiple statements.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "s3:ListBucket",
      "Resource": "arn:aws:s3:::example_bucket"
    },
    {
      "Effect": "Allow",
      "Action": "s3:GetObject",
      "Resource": "arn:aws:s3:::example_bucket/*"
    }
  ]
}
    

This policy has multiple statements that AWS evaluates to decide if a request is allowed.

When AWS checks permissions, it looks at each statement in the policy one by one.

• Primary operation: Evaluating each policy statement against the request.
• How many times: Once per statement in the policy.

As the number of statements grows, AWS must check more statements to find a match.

Input Size (n)	Approx. API Calls/Operations
10	10 checks
100	100 checks
1000	1000 checks

Pattern observation: The number of checks grows directly with the number of statements.

Time Complexity: O(n)

This means the time to evaluate the policy grows in a straight line as you add more statements.

[X] Wrong: "Adding more statements won't affect evaluation time much because AWS is very fast."

[OK] Correct: Even though AWS is fast, each statement adds work. More statements mean more checks, so evaluation time grows with policy size.

Understanding how policy size affects evaluation helps you design efficient permissions and shows you can think about system performance clearly.

"What if the policy had nested conditions inside statements? How would that affect the time complexity?"