Creating Amazon Verified Permissions static policies

You can create a static policy for principals to permit or forbid them from performing specified actions on specified resources for your application.

AWS Management Console

To create a static policy

Open the Verified Permissions console at https://console.aws.amazon.com/verifiedpermissions/. Choose your policy store.
In the navigation pane on the left, choose Policies.
Choose Create policy and then choose Create static policy.
In the Policy effect section, choose whether the policy will Permit or Forbid when a request matches the policy.
In the Principals scope field, choose the scope of the principals that the policy will apply to.
- Choose Specific principal to apply the policy to a specific principal. Specify the entity type and identifier for the principal that will be permitted for forbidden to take the actions specified in the policy.
- Choose Group of principals to apply the policy to a group of principals. Type the principal group name in the Group of principals field.
- Choose All principals to apply the policy to all principals in your policy store.
In the Resources scope field, choose the scope of the resources that the policy will apply to.
- Choose Specific resources to apply the policy to a specific resource. Specify the entity type and identifier for the resource that the policy should apply to.
- Choose Group of resources to apply the policy to a group of resources. Type the resource group name in the Group of resources field.
- Choose All resources to apply the policy to all resources in your policy store.
In the Actions scope section, choose the scope of the resources that the policy will apply to.
- Choose Specific set of actions to apply the policy to a set of actions. Select the check boxes next to the actions to apply the policy.
- Choose All actions to apply the policy to all actions in your policy store.
Choose Next.
In the Policy section, review your Cedar policy. You can choose Format to format the syntax of your policy with the recommended spacing and indentation. For more information, see Basic policy construction in Cedar in the Cedar policy language Reference Guide.
In the Details section, type an optional description of the policy.
Choose Create policy.

AWS CLI

To create a static policy

You can create a static policy by using the CreatePolicy operation. The following example creates a simple static policy.


$ aws verifiedpermissions create-policy \
    --definition "{ \"static\": { \"Description\": \"MyTestPolicy\", \"Statement\": \"permit(principal,action,resource) when {principal.owner == resource.owner};\"}}" \
    --policy-store-id PSEXAMPLEabcdefg111111
{
"Arn": "arn:aws:verifiedpermissions::123456789012:policy/PSEXAMPLEabcdefg111111/SPEXAMPLEabcdefg111111",
    "createdDate": "2023-05-16T20:33:01.730817+00:00",
    "lastUpdatedDate": "2023-05-16T20:33:01.730817+00:00",
    "policyId": "SPEXAMPLEabcdefg111111",
    "policyStoreId": "PSEXAMPLEabcdefg111111",
    "policyType": "STATIC"
}

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Entity formatting

Editing static policies