IAM policies can also be bound to conditions based on resource and request attributes. This allows for the following use cases:

• Time-limited access; for example: only allow access during working hours
• Access to a subset of resources; for example: grant access only to VMs prefixed with ‘webapp-frontend-’
• Network address space; for example: only allow access from the corporate network