Creating IAM policies (AWS CLI) - AWS Identity and Access Management

Creating IAM policies (AWS CLI)

A policy is an entity that, when attached to an identity or resource, defines their permissions. You can use the AWS CLI to create customer managed policies in IAM. Customer managed policies are standalone policies that you administer in your own AWS account. As a best practice, we recommend that you take the extra step to validate your policies and review and correct any errors or recommendations. You can then attach the policies to identities (users, groups, and roles) in your AWS account.

The number and size of IAM resources in an AWS account are limited. For more information, see IAM and AWS STS quotas, name requirements, and character limits.

Creating IAM policies (AWS CLI)

You can create an IAM customer managed policy or an inline policy using the AWS Command Line Interface (AWS CLI).

To create a customer managed policy (AWS CLI)

Use the following command:

To create an inline policy for an IAM identity (group, user or role) (AWS CLI)

Use one of the following commands:

Note

You can't use IAM to embed an inline policy for a service-linked role.

To validate a customer managed policy (AWS CLI)

Use the following IAM Access Analyzer command: