What is the term for a feature that sets the maximum permissions an identity-based policy can grant to an IAM entity?

The term that describes a feature setting the maximum permissions an identity-based policy can grant to an IAM entity is called a permissions boundary. A permissions boundary is an advanced feature in AWS Identity and Access Management that allows you to define the maximum permissions that IAM policies can provide for a user or role.

Using permissions boundaries effectively means that even if a user has a policy that would normally grant them wide-ranging permissions, their capabilities will still be limited by the permissions boundary. This ensures that there is a controlled and consistent constraint on the permissions an identity can utilize, thus enhancing security and compliance within the organization.

This model is especially useful in organizations where IAM roles and policies are created and managed by multiple teams, as it helps prevent unintentional excessive permissions being granted and enforces a principle of least privilege.

The other terms mentioned do not specifically refer to the same concept. Access boundaries are generally related to conditions for accessing resources, policy boundaries and identity boundaries are not standard terms recognized in AWS IAM terminology. Thus, understanding that a permissions boundary directly limits actions as dictated by an associated policy clarifies why this term is the correct answer.