Explanation: Permissions can be assigned in two ways: as identity-based or as resource-based. Identity-based, or IAM permissions, are attached to an IAM user, group, or role and let you specify what that user, group, or role can do. For example, you can assign permissions to the IAM user named Bob, stating that he has permission to use the Amazon Elastic Compute Cloud (Amazon EC2) RunInstances ac-tion and that he has permission to get items from an Amazon DynamoDB table named MyCompa-ny. The user Bob might also be granted access to manage his own IAM security credentials. Identi-ty-based permissions can be managed or inline. Resource-based permissions are attached to a resource. You can specify resource-based permissions for Amazon S3 buckets, Amazon Glacier vaults, Amazon SNS topics, Amazon SQS queues, and AWS Key Management Service encryption keys. Resource-based permissions let you specify who has access to the resource and what actions they can perform on it. Resource-based policies are in-line only, not managed. Reference: http://docs.aws.amazon.com/IAM/latest/UserGuide/access_permissions….