How and when to use different IAM policy types

Jul 2022·

Swara Gandhi

· 0 min read

Abstract

Two workshop sessions on “How and when to use different IAM policy types.” With a set of six curated labs, attendees learn when to use which policy type and who should own and manage the policy — so the central team doesn’t become a bottleneck — striking the right balance between a strong security posture and staying agile and innovative.

Publication

AWS re:Inforce 2022, Boston

Event

AWS re:Inforce 2022

Location

Boston

Last updated on Jul 2022

IAM AWS Organizations SCPs Security

Authors

Swara Gandhi

Senior Solutions Architect at Amazon Web Services

Swara Gandhi is a Senior Solutions Architect in Identity Solutions at Amazon Web Services, based in New York. She is a 15x speaker at flagship AWS events - re:Invent, re:Inforce, and AWS Summits - and a speaker at RSA Conference 2026 on trusted identity propagation for autonomous agents across cloud and SaaS.

Swara specializes in access controls, data perimeters, and policy-as-code, delivering large-scale identity features and reference architectures adopted by Fortune 100 financial institutions. She is a core contributor to Amazon Bedrock AgentCore Identity, building OAuth flows, identity propagation patterns, and zero-trust primitives for the agentic AI era.

Swara is a contributor to the Internet Engineering Task Force (IETF) and FIDO Alliance, and serves on the IDPro Body of Knowledge Committee. She co-hosts industry webinars on bridging identity gaps across teams and systems, and is the author of widely-adopted AWS best practices, case studies, and open-source tooling for enterprise identity governance.

In 2025, Swara was recognized by the Influential Women platform for leadership and innovation in the identity space.

← Getting more out of your service control policies, featuring Morgan Stanley Jul 2022

Building a data perimeter to allow access to authorized users May 2022 →