HashiConf 2025 Don't miss the live stream of HashiConf Day 2 happening now View live stream
Well-Architected Framework

Build secure access control policies for your organization

Writing IAM policies requires translating your organization's access requirements into enforceable permission guardrails. These policies enforce permissions guardrails by using least privilege policies.

Creating policies and enforcing guardrails is the process of translating requirements into policies that define what users, applications, and systems can do. Writing effective permissions involves converting the requirements for each role or function within your organization when you defined your access requirements into policies for your systems.

Why create permissions guardrails

Building secure access control policies addresses the following challenges:

  • Prevent excessive permission grants: Without structured guardrails, administrators often grant overly broad permissions to users and applications to avoid troubleshooting access issues. Excessive permissions increase the blast radius when credentials become compromised, allowing attackers to access more resources than necessary.

  • Enforce organizational security boundaries: Organizations need to prevent teams from granting themselves or others access that violates security policies. Guardrails enforced at organizational and group levels ensure that even administrators cannot bypass security requirements, maintaining consistent access control across the organization.

  • Reduce human error in permission management: Manual permission management leads to mistakes such as granting production access to development teams or forgetting to remove permissions when employees change roles. Policy as code and automated guardrails reduce configuration errors and ensure permissions remain aligned with security requirements.

  • Maintain audit and compliance requirements: Security audits and compliance frameworks require organizations to demonstrate that access permissions follow least privilege principles. Without documented guardrails and policy enforcement, organizations cannot prove they maintain appropriate access controls, risking audit failures and compliance violations.

Define permissions for users and systems

Permissions are the specific actions that users, applications, or systems can take on resources. Organizations typically define permissions in policies and use them to control access to resources in a system.

You can grant or deny permissions based on various factors, including the user's role, group membership, the resources they access, and the context of the access request. For example, a user may have permission to read data from a database but not to write data to it.

Defining guardrails allows you to enforce policies at different levels of the organization, preventing you from granting excessive permissions to a user or system. This diagram shows an example of restricting permissions at various levels. The effective permissions for a user is a combination of permissions granted at the user, group, and organizational levels.

Diagram showing how IAM guardrails and user permissions combine from organizational, group, and user-level policies to create effective permissions. Diagram showing how IAM guardrails and user permissions combine from organizational, group, and user-level policies to create effective permissions.

The following is an example of a database permission and AWS S3 bucket policy that follows least privilege:

GRANT SELECT ON ALL TABLES IN SCHEMA public TO readonly_user;

The PostgreSQL role readonly_user with the SELECT permission can select data from tables, but not write or modify data.

An example AWS IAM policy that follows least privilege allows read-only access to download files from the "company-reports" S3 bucket.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:GetObject",
                "s3:ListBucket"
            ],
            "Resource": [
                "arn:aws:s3:::company-reports",
                "arn:aws:s3:::company-reports/*"
            ]
        }
    ]
}

Define permissions as code

Where possible, use policy as code to define your permissions. Defining permission policies as code, such as IAM, allows you to use version control, track changes over time, and collaborate with your team. You can then use tools like HashiCorp's Terraform or Red Hat's Ansible to deploy and update your policies. Most systems support writing policies in JSON, YAML, or XML.

Watch the following video about policy as code to learn implementation strategies:

Some systems like HashiCorp's Vault and Sentinel support policies in custom languages like the HashiCorp Configuration Language (HCL). JSON is another widely supported format. HashiCorp Vault supports JSON based policies, in addition to HCL. AWS Identity and Access Management (IAM) supports JSON-based policies. Other systems like Active Directory may require scripting the policies in other languages like PowerShell to create Group Policy Objects (GPOs).

Terraform helps you manage your policies for supported tools and services, allowing you to define, update, and enforce policies as code. Using automation to manage policies ensures that your policies are consistent, auditable, and can be version controlled.

HashiCorp resources:

External resources:

Next steps

Following these documents in order ensures a logical progression through the key concepts and best practices, helping you build a strong foundation to build your identity and access management program.

In this section of Identity and access management, you learned the difference between granting excessive permission and how it relates to the concept of least privilege. Identity and access management is part of the Secure systems pillar.

Edit this page on GitHub