Can I Do That with Policy? Understanding the AWS Service Authorization Reference
AWS Security Blog, April 27,2026
Learn how to use the AWS Service Authorization Reference to determine what IAM policies can control and build effective security.
This AWS Security Blog post explains how IAM policies work by evaluating request context using the Principal, Action, Resource, and Condition (PARC) model.
The blog demonstrates that policies can only control information available at the time of an API call through condition keys, such as encryption methods or tagging requirements, but cannot evaluate runtime attributes like file contents or object size.
It provides a detailed guide to using the AWS Service Authorization Reference to determine policy feasibility, including examples of controlling S3 encryption and EC2 instance types, and notes that AWS also provides this reference in machine-readable JSON format for programmatic access and automation workflows.