*Session policies - used with the AssumeRole* API actions
The '''effective''' permissions are the union of the two policies, <math display="block">A \cup B</math> when combining an Identity-based policy with a Resource-based policy. But, are only the '''intersection''' <math display="block">A \cap B</math> when combining with Permissions boundary or Organizations SCP<ref>https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-basics-id-rdp</ref>
28. IAM Policy Structure
32. Use Cases for IAM Roles
cross-account access and 3rd-party access
33. [HOL] Cross-Account Access to S3
{{References}}<references />
[[Category:AWS]]