30. [HOL] Using Attribute-Based Access Control (ABAC)
Roles are '''assumed''' by users, applications and services.
Policies are JSON and may be either Identity based, or Resource based.
Authentication methods: password + optional MFA token; Access Key + Secret Access Key; X-509 Certificate
AWS Security Token Service (STS) sts:AssumeRole returns temporary security credentials.
Multi-Factor Authentication
;Something you '''know'''
;Something you ''' have'''
;Something you '''are'''
A Trust Policy is also an example of a resource-based policy.
A Permissions Policy is an identity-based policy.
31. [HOL] Apply Permissions Boundary