Skip to main content
  1. Projects/
  2. AWS DevOps Pro Certification/
  3. 5: Security and Compliance/

4: Role-based Vs. Attribute-Based

·1 min

Drawbacks to role-based?

  • complex logic
  • dynamic authorization parameters
  • unique users, multiple roles

What’s attribute-based access?

  • Attributes can be associated w/ user, resource, env, or app state
  • Very flexible, allowing dynamic, contextual decisions
  • If an ID and a resource share an attribute…
    • Then the identity can access the resource

Why are tags/ABAC so versatile?

  • Tags are k:v pairs that can be anything