0
0
AwsConceptBeginner · 3 min read

What is Trust Policy in AWS: Simple Explanation and Example

A trust policy in AWS is a document that defines which entities (like users, roles, or services) are allowed to assume an AWS Identity and Access Management (IAM) role. It acts like a permission slip that says who can 'trust' and use the role's permissions.
⚙️

How It Works

Think of a trust policy as a guest list for a party. The party is the IAM role, and the trust policy lists who is allowed to enter and use the role's permissions. Without being on the list, no one can use the role.

In AWS, this list is a JSON document attached to the role. It specifies which AWS accounts, users, or services can 'assume' the role. When an entity assumes the role, it temporarily gets the permissions defined by that role.

This mechanism helps keep your cloud environment safe by controlling who can act with certain permissions, much like a security guard checking IDs against the guest list before letting someone in.

💻

Example

This example shows a trust policy that allows the AWS Lambda service to assume a role. This means the Lambda function can use the permissions granted by this role.

json
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": "lambda.amazonaws.com"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}
Output
This trust policy allows AWS Lambda service to assume the role.
🎯

When to Use

Use a trust policy whenever you create an IAM role that other AWS services, users, or accounts need to use. For example:

  • Allowing an EC2 instance to access S3 buckets by assuming a role.
  • Letting a Lambda function run with specific permissions.
  • Granting cross-account access where users from another AWS account can assume a role in your account.

Trust policies ensure only trusted entities can use sensitive permissions, helping you keep your cloud secure and organized.

Key Points

  • A trust policy defines who can assume an IAM role.
  • It is a JSON document attached to the role.
  • It controls access by specifying trusted entities like services or accounts.
  • It works together with the role's permission policy to secure AWS resources.

Key Takeaways

A trust policy controls which entities can assume an IAM role in AWS.
It is essential for securely granting temporary permissions to services or users.
Trust policies are JSON documents specifying trusted AWS services, accounts, or users.
Use trust policies to enable cross-account access or service role permissions.

Related by keyword

What is Auto Scaling Group in AWS: Simple Explanation and ExampleEC2What is Elastic Load Balancer in AWS: Simple Explanation and ExampleEC2How to Set Bucket Policy in AWS S3: Simple GuideS3What is VPC Endpoint in AWS: Simple Explanation and ExampleVPCWhat is VPC in AWS: Simple Explanation and ExampleVPC

Up next

AWS Shared Responsibility Model: What It Is and How It WorksWhat is AWS Used For: Key Uses and ExamplesALB vs NLB vs CLB: Key Differences and When to Use EachEBS vs Instance Store in AWS: Key Differences and Usage Guide

More in IAM

How to Attach a Policy to an AWS Role: Simple StepsHow to Attach a Policy to a User in AWS IAMHow to Create Custom IAM Policy in AWS: Simple GuideHow to Create IAM Group in AWS: Step-by-Step Guide