Why IAM is foundational in AWS - Performance Analysis

We want to understand how the time it takes to manage permissions grows as we add more users and resources in AWS.

How does the number of permission checks and policy evaluations change as the system grows?

Analyze the time complexity of permission evaluation in AWS IAM.

// Example: Checking access for a user
// 1. User sends request to AWS service
// 2. Service calls IAM to evaluate policies
// 3. IAM checks attached policies for user, groups, roles
// 4. IAM evaluates each policy statement for permissions
// 5. IAM returns allow or deny decision

This sequence shows how AWS checks permissions for a user request using IAM policies.

Look at what happens repeatedly during permission checks.

• Primary operation: Evaluating each policy statement attached to the user or their groups/roles.
• How many times: Once per policy statement for all policies attached to the user.

As the number of policies and statements grows, the number of checks grows too.

Input Size (n)	Approx. Api Calls/Operations
10 policies	~10 policy evaluations
100 policies	~100 policy evaluations
1000 policies	~1000 policy evaluations

Pattern observation: The number of permission checks grows roughly in direct proportion to the number of policies and statements.

Time Complexity: O(n)

This means the time to evaluate permissions grows linearly with the number of policies and statements attached.

[X] Wrong: "Permission checks happen instantly no matter how many policies exist."

[OK] Correct: Each policy and statement must be checked, so more policies mean more work and longer evaluation time.

Understanding how permission checks scale helps you design secure and efficient access controls in cloud systems.

"What if we combined multiple policies into fewer, larger policies? How would the time complexity change?"