Creating IAM policies (AWS API) - AWS Identity and Access Management

Creating IAM policies (AWS API)

Creating IAM policies (AWS API)

A policy is an entity that, when attached to an identity or resource, defines their permissions. You can use the AWS API to create customer managed policies in IAM. Customer managed policies are standalone policies that you administer in your own AWS account. As a best practice, we recommend that you use IAM Access Analyzer to validate your IAM policies to ensure secure and functional permissions. By validating your policies you can address any errors or recommendations before you attach the policies to identities (users, groups, and roles) in your AWS account.

The number and size of IAM resources in an AWS account are limited. For more information, see IAM and AWS STS quotas.

Creating IAM policies (AWS API)

You can create an IAM customer managed policy or an inline policy using the AWS API.

To create a customer managed policy (AWS API)

Call the following operation:

CreatePolicy

To create an inline policy for an IAM identity (group, user, or role) (AWS API)

Call one of the following operations:

Note

You can't use IAM to embed an inline policy for a service-linked role.

To validate a customer managed policy (AWS API)

Call the following IAM Access Analyzer operation:

ValidatePolicy

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Creating IAM policies (CLI)

Validating policies