You can use permission boundaries to limit the maximum permissions that identity-based policies can grant to users, groups and roles.
Permission boundaries only define the permissions an IAM identity can have, it doesnβt automatically grant the permissions to the identities. You still need to use identity-based policies to enable the permissions for the identities explicitly.
Permission boundaries do not restrain resource-based policies.