AWS CloudFormation
User Guide (API Version 2010-05-15)
AWS Documentation » AWS CloudFormation » User Guide » Template Reference » AWS Resource Types Reference » AWS::IAM::Policy
« PreviousNext »
View the PDF for this guide.Go to the AWS Discussion Forum for this product.Go to the Kindle Store to download this guide in Kindle format.Did this page help you?  Yes | No |  Tell us about it...

AWS::IAM::Policy

The AWS::IAM::Policy type applies an Identity and Access Management (IAM) policy to users or groups. For more information about IAM policies, see Overview of Policies in the AWS Identity and Access Management User Guide.

This type supports updates. For more information about updating stacks, see Updating AWS CloudFormation Stacks.

Syntax

{
   "Type": "AWS::IAM::Policy",
   "Properties": {
      "Groups" : [ String, ... ],
      "PolicyDocument" : JSON,
      "PolicyName" : String,
      "Roles" : [ String, ...
      "Users" : [ String, ... ],
   }
}

Properties

Groups

The names (ARNs) of groups to which you want to add the policy.

Required: Conditional.

Type: A list of strings.

Update requires: no interruption

PolicyDocument

A policy document that contains permissions to add to the specified users or groups.

Required: Yes.

Type: JSON object.

Update requires: no interruption

PolicyName

The name of the policy.

Required: Yes.

Type: String.

Update requires: no interruption

Roles

The names (ARNs) of AWS::IAM::Roles to attach to this policy.

Required: No.

Type: A list of strings.

Update requires: no interruption

Users

The names of users for whom you want to add the policy.

Required: Conditional.

Type: A list of strings.

Update requires: no interruption

Return Values

Ref

When the logical ID of this resource is provided to the Ref intrinsic function, it returns the resource name.

For more information about using the Ref function, see Ref.

Examples

IAM Policy with policy group

{
   "Type" : "AWS::IAM::Policy",
   "Properties" : {
      "PolicyName" : "CFNUsers",
      "PolicyDocument" : {
         "Statement": [ {
         "Effect"   : "Allow",
         "Action"   : [
            "cloudformation:Describe*",
            "cloudformation:List*",
            "cloudformation:Get*"
         ],
         "Resource" : "*"
         } ]
      },
      "Groups" : [ { "Ref" : "CFNUserGroup" } ]
   }
}

This snippet is from IAM_Users_Groups_and_Policies.template

IAM Policy with specified role

{
   "Type": "AWS::IAM::Policy",
   "Properties": {
      "PolicyName": "root",
      "PolicyDocument": {
         "Statement": [
            { "Effect": "Allow", "Action": "*", "Resource": "*" }
         ]
      },
      "Roles": [ { "Ref": "RootRole" } ]
   }
}

This snippet is from auto_scaling_with_instance_profile.template.

To view more AWS::IAM::Policy snippets, see Declaring an IAM Policy.

Document Conventions« PreviousNext »
Terms of UseDid this page help you?  Yes | No |  Tell us about it...