Select Language:
If you’re wondering whether resource control policies (RCPs) can limit certain AWS roles, the answer is that service-linked roles are not affected by RCPs. These roles are special because they are directly connected to AWS services and allow those services to act on your behalf.
Service-linked roles are created and managed by AWS services. They come with built-in permissions necessary for the service to perform its functions. These permissions are set by the service itself and cannot be changed by users, although sometimes you might be able to add a description to the role.
When you look at a service-linked role, you’ll see two main parts: a trust policy and a permissions policy. The trust policy states which AWS service is allowed to assume the role, and the permissions policy indicates what actions the role can perform. Both are predefined by the AWS service and are generally not editable by users.
In summary, service-linked roles operate with permissions set by the AWS service that owns them. They are designed to perform specific tasks and are unaffected by resource control policies, which means they can’t be restricted by those policies. This setup ensures that essential service functions run smoothly without being limited by additional controls.
Sources:
- Resource control policies (RCPs) – AWS Organizations
- Using service-linked roles for AWS Marketplace – AWS Marketplace
- Using Service-Linked Roles for AWS Config – AWS Config
ChatGPT
Perplexity
Gemini AI
Grok AI
