AWS Identity and Access Management
User Guide

IAM JSON Policy Reference

This section presents detailed syntax, descriptions, and examples of the elements, variables, and evaluation logic of JSON policies in IAM. It includes the following sections.

  • IAM JSON Policy Elements Reference — Learn more about the elements that you can use when you create a policy. View additional policy examples and learn about conditions, supported data types, and how they are used in various services.

  • IAM JSON Policy Evaluation Logic — This section describes AWS requests, how they are authenticated, and how AWS uses policies to determine access to resources.

  • Grammar of the IAM JSON Policy Language — This section presents a formal grammar for the language used to create policies in IAM.

  • AWS Managed Policies for Job Functions — This section lists all of the AWS managed policies that directly map to common job functions in the IT industry. Use these policies to grant the permissions needed to carry out the tasks expected of someone in a specific job function. These policies consolidate permissions for many services into a single policy.

  • AWS Service Actions and Condition Context Keys for Use in IAM Policies — This section presents a list of all of the AWS API actions that can be used as permissions in an IAM policy and the service-specific condition keys that can be used to further refine the request.

  • IAM Policy Actions Grouped by Access Level — This section presents a list the access levels that all AWS API actions are members of. Each API action that can be used as a policy permission is categorized into one access level.


You cannot save any policy that does not comply with the established policy syntax. You can use Policy Validator to detect and correct invalid policies. One click takes you to an editor that shows both the existing policy and a copy with the recommended changes. You can accept the changes or make further modifications. For more information, see Validating JSON Policies.