Create an IAM policy version using an AWS SDK - AWS SDK Code Examples

There are more AWS SDK examples available in the AWS Doc SDK Examples GitHub repo.

Create an IAM policy version using an AWS SDK

The following code examples show how to create an IAM policy version.

Action examples are code excerpts from larger programs and must be run in context. You can see this action in context in the following code example:

CLI
AWS CLI

To create a new version of a managed policy

This example creates a new v2 version of the IAM policy whose ARN is arn:aws:iam::123456789012:policy/MyPolicy and makes it the default version.

aws iam create-policy-version \ --policy-arn arn:aws:iam::123456789012:policy/MyPolicy \ --policy-document file://NewPolicyVersion.json \ --set-as-default

Output:

{ "PolicyVersion": { "CreateDate": "2015-06-16T18:56:03.721Z", "VersionId": "v2", "IsDefaultVersion": true } }

For more information, see Versioning IAM policies in the AWS IAM User Guide.

Python
SDK for Python (Boto3)
Note

There's more on GitHub. Find the complete example and learn how to set up and run in the AWS Code Examples Repository.

def create_policy_version(policy_arn, actions, resource_arn, set_as_default): """ Creates a policy version. Policies can have up to five versions. The default version is the one that is used for all resources that reference the policy. :param policy_arn: The ARN of the policy. :param actions: The actions to allow in the policy version. :param resource_arn: The ARN of the resource this policy version applies to. :param set_as_default: When True, this policy version is set as the default version for the policy. Otherwise, the default is not changed. :return: The newly created policy version. """ policy_doc = { "Version": "2012-10-17", "Statement": [{"Effect": "Allow", "Action": actions, "Resource": resource_arn}], } try: policy = iam.Policy(policy_arn) policy_version = policy.create_version( PolicyDocument=json.dumps(policy_doc), SetAsDefault=set_as_default ) logger.info( "Created policy version %s for policy %s.", policy_version.version_id, policy_version.arn, ) except ClientError: logger.exception("Couldn't create a policy version for %s.", policy_arn) raise else: return policy_version