added info

Enumeration/AWS.md

@@ -87,10 +87,10 @@ shared between people, everyone has full root access.
 
 Policies are an authorization measurement. After authentication of a user (or
 principal) policies of the account are checked if the request is allowed.
-A policy may also be attached to a resource. Policy evaluation can be found in the [AWS docs](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html).
+A policy may also be attached to a resource. Policy evaluation can be found in the [AWS docs](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html). There are resource and identity based policies.
 
 ```sh
-aws iam get-policy
+aws iam get-policy --policy-arn <ARN>
 ```
 
  Policy details consists of the following [example](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements.html)
@@ -108,6 +108,14 @@ aws iam get-policy
 }
 ```
 
+Policy enforcement is done via the `Effect` keys and either has `allow` or `deny` keys set in the JSON object. Deny is default.
+
+The `Action` keyword contains a Service and an API keyword on on that service in the scheme `<servicename>:<APIKeyword>`.
+
+The Resource key contains the ARN of the resource the policy is set for.
+
+The `Principal` key is only set for resource policies and contains the principal  who is able to act on the resource. For example a `*` value allows public access.
+
 The following graph is taken from the documentation, it shows the evaluation
 logic inside an account
 
@@ -336,6 +344,12 @@ Download via `curl`, `wget` or `s3` cli via
 aws s3 cp s3://<bucketname>/foo_public.xml . --no-sign-request
 ```
 
+#### S3 Policies
+
+```sh
+aws s3api get-bucket-policy --bucket <bucketname>--query Policy --output text
+```
+
 #### ACL
 
 If the ACL is set to