Resource-based policies in AWS, such as those applied to Amazon S3 buckets, allow the bucket owner to manage permissions specifying who has access to the S3 resources. Using these policies, the owner can grant or explicitly deny access to users and roles from any AWS account, including those from different accounts. It is a direct way to create cross-account access without using IAM user permissions, making it particularly useful for scenarios where objects need to be protected from unwanted cross-account access.