Creating IAM policies (AWS CLI) - AWS Identity and Access Management

Creating IAM policies (AWS CLI)

A policy is an entity that, when attached to an identity or resource, defines their permissions. You can use the AWS CLI to create customer managed policies in IAM. Customer managed policies are standalone policies that you administer in your own AWS account. As a best practice, we recommend that you use IAM Access Analyzer to validate your IAM policies to ensure secure and functional permissions. By validating your policies you can address any errors or recommendations before you attach the policies to identities (users, groups, and roles) in your AWS account.

The number and size of IAM resources in an AWS account are limited. For more information, see IAM and AWS STS quotas.

Creating IAM policies (AWS CLI)

You can create an IAM customer managed policy or an inline policy using the AWS Command Line Interface (AWS CLI).

To create a customer managed policy (AWS CLI)

Use the following command:

To create an inline policy for an IAM identity (group, user or role) (AWS CLI)

Use one of the following commands:


You can't use IAM to embed an inline policy for a service-linked role.

To validate a customer managed policy (AWS CLI)

Use the following IAM Access Analyzer command: