Identity-based policies are attached directly to an IAM identity (user, group, or role) and grant permissions to an identity to access AWS resources.

Resource-based policies are attached to an AWS resource, such as an Amazon S3 bucket, and grant permissions to an AWS identity (user, group, or role) to access that resource.

Permissions boundaries are an advanced feature of IAM that allow an administrator to set the maximum permissions that an IAM identity (user, group, or role) can have.

Organization-level policies are IAM policies that are applied to all accounts in an organization. They are used to enforce compliance, provide governance, and control access to all AWS resources in an organization.