This section presents detailed syntax, descriptions, and examples of the elements, variables, and evaluation logic of IAM policies. It includes the following sections.
IAM Policy Elements Reference — This section describes each of the elements that you can use when you create a policy. It includes additional policy examples and describes conditions, supported data types, and how they are used in various services.
IAM Policy Variables Overview — This section describes placeholders that you can specify in a policy that are replaced during policy evaluation with values from the request.
Creating a Condition That Tests Multiple Key Values (Set Operations) — This section describes how to create policies for requests in which a request key includes multiple items that you need to test against a set of values.
IAM Policy Evaluation Logic — This section describes AWS requests, how they are authenticated, and how AWS uses policies to determine access to resources.
Grammar of the IAM Policy Language — This section presents a formal grammar for the language used to create policies in IAM.
AWS Service Actions and Condition Context Keys for Use in IAM Policies — This section presents a list of all of the AWS API actions that can be used as permissions in an IAM policy and the service-specific condition keys that can be used to further refine the request.
You cannot save any policy that does not comply with the established policy syntax. You can use Policy Validator to detect and correct invalid policies. One click takes you to an editor that shows both the existing policy and a copy with the recommended changes. You can accept the changes or make further modifications. For more information, see Using Policy Validator.