add permission boundary policy

terraform · May 15, 2025 · c925b03 · c925b03
1 parent fcd9dae
commit c925b03
Showing 1 changed file with 28 additions and 0 deletions.
diff --git a/aws/documentation/naming-tagging-standard/naming/iam.md b/aws/documentation/naming-tagging-standard/naming/iam.md
@@ -5,6 +5,18 @@
   * IAM Groups
   * IAM Roles
   * IAM Policies
+  * IAM Permission Boundary Policies
+
+| prefix | description | 
+|--------|-------------|
+| u | IAM Normal User |
+| a | IAM Adminstrative User |
+| x | IAM Specialized User (say, for break glass) |
+| s | IAM Service Account |
+| g | IAM Group |
+| r | IAM Role |
+| p | IAM Permission Policy |
+| b | IAM Permission Boundary Policy |
 
 # IAM
 
@@ -71,6 +83,19 @@ where {integer} is a natural number, starting at 1, and incrementing by 1.  It i
 Some analysis will be done to determine the extent of such policies across our environment, to understand if the literal `p`
 part of the sequence needs further clarification.
 
+## IAM Permissions Boundary Policy
+
+```script
+b-{base-label}
+```
+
+When creating a [permissions boundary policy](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html), we will
+usew the prefix of `b-`.  As the context of such policies reside in the IAM Policies section of the UI, this will allow for easy distinction
+from permission policies (`p-`).
+
+Only one permissions boundary policy is permitted on an IAM user or role.
+
+
 # Links
 
 * [Base Label Format](../README.md#base-label-format)
@@ -79,3 +104,6 @@ part of the sequence needs further clarification.
 
 - 1.0.0 -- 2024-10-10  
   - initial
+- 1.1.0 -- 2025-05-15
+  - add permission boundary policy
+  - add summary