Identity-based policies for CloudFormation

Consider the types of users who need access to AWS CloudFormation, and consider which actions those users need to perform in CloudFormation. You configure user permissions through identity-based policies, which you attach to an AWS Identity and Access Management (IAM) principal, such as a role or user.

When you configure an identity-based policy, the Effect, Action, and Resource elements are required. You can optionally define a Condition element too. For more information about these elements, see IAM JSON policy elements reference.

This section contains the following topics:

Best practices for configuring identity-based policies for least-privilege CloudFormation access
Sample identity-based policies for CloudFormation

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Permissions to use CloudFormation

Best practices