Which AWS services have resource-based policies?

AWS services that implement resource-based policies allow you to control access at the resource level, meaning you can specify which users or services (principals) can access a given resource and what actions they can perform.

Amazon SNS (Simple Notification Service), S3 (Simple Storage Service), and SQS (Simple Queue Service) all utilize resource-based policies extensively. For example, with Amazon S3, you can set bucket policies that grant specific permissions to other AWS accounts or IAM users. Similarly, in Amazon SNS, you can create policies to allow different AWS accounts or services to publish messages to a topic. SQS allows resource-based policies to manage permissions regarding who can send messages to or read messages from a queue.

These services are designed for broader access management scenarios and are often used in multi-account architectures, making resource-based policies a critical feature for organizations that require fine-grained access control across their AWS environment.

The other services mentioned in the other choices do not implement resource-based policies to the same extent. For instance, Amazon EC2 primarily relies on IAM roles and security groups for managing access rather than resource-based policies.