Before you create or update a custom access control policy, you must understand the basic elements of an access control policy. An access control policy consists of four basic elements: Effect, Action, Resource, and Condition.
|Effect||Specifies whether a statement result is an explicit allow or an explicit deny. Valid values: Allow and Deny.|
|Action||Describes one or more API operations that are allowed or denied.|
|Resource||Specifies one or more objects that the statement covers.|
|Condition||Specifies the conditions that are required for a policy to take effect.|
The syntax and structure of access control policies are similar to those of the permission policies in RAM. For more information, see Policy structure and syntax.