0
0
AwsHow-ToBeginner · 4 min read

How to Create IAM Policy in AWS: Step-by-Step Guide

To create an IAM policy in AWS, define a JSON document with Version, Statement, Effect, Action, and Resource fields. Then, use the AWS Management Console, CLI, or SDK to create the policy by providing this JSON.
📐

Syntax

An IAM policy is a JSON document with these main parts:

  • Version: The policy language version, usually "2012-10-17".
  • Statement: One or more statements defining permissions.
  • Effect: Either "Allow" or "Deny" to grant or block access.
  • Action: The AWS service actions the policy allows or denies.
  • Resource: The AWS resources the actions apply to.
json
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "service:action",
      "Resource": "resource-arn"
    }
  ]
}
💻

Example

This example policy allows reading objects from a specific S3 bucket.

json
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": ["s3:GetObject"],
      "Resource": ["arn:aws:s3:::example-bucket/*"]
    }
  ]
}
Output
Policy created successfully and attached to the user or role.
⚠️

Common Pitfalls

  • Forgetting to specify the correct Resource ARN causes the policy to not work as expected.
  • Using "Deny" unintentionally overrides other permissions.
  • Not including all required Actions for a task can block needed access.
  • JSON syntax errors prevent policy creation.
json
Wrong example (missing resource):
{
  "Version": "2012-10-17",
  "Statement": [{
    "Effect": "Allow",
    "Action": "s3:ListBucket"
  }]
}

Correct example:
{
  "Version": "2012-10-17",
  "Statement": [{
    "Effect": "Allow",
    "Action": "s3:ListBucket",
    "Resource": "arn:aws:s3:::example-bucket"
  }]
}
📊

Quick Reference

Remember these tips when creating IAM policies:

  • Always specify Version as "2012-10-17".
  • Use Effect "Allow" to grant permissions.
  • List all needed Actions explicitly.
  • Use precise Resource ARNs to limit scope.
  • Validate JSON syntax before applying.

Key Takeaways

IAM policies are JSON documents defining permissions with Version, Statement, Effect, Action, and Resource.
Always specify the correct resource ARN to ensure permissions apply properly.
Use "Allow" to grant access and be careful with "Deny" as it overrides other permissions.
Validate your JSON syntax to avoid errors during policy creation.
Test policies with least privilege principle to keep your AWS environment secure.

Related by keyword

How to Set Scaling Policy in AWS: Step-by-Step GuideEC2How to Configure AWS CLI: Step-by-Step GuideGetting StartedHow to Create AWS Account: Step-by-Step GuideGetting StartedHow to Install AWS CLI: Step-by-Step GuideGetting StartedHow to Configure Auto Scaling in AWS: Step-by-Step GuideEC2

Up next

AWS Shared Responsibility Model: What It Is and How It WorksWhat is AWS Used For: Key Uses and ExamplesALB vs NLB vs CLB: Key Differences and When to Use EachEBS vs Instance Store in AWS: Key Differences and Usage Guide

More in IAM

How to Attach a Policy to an AWS Role: Simple StepsHow to Attach a Policy to a User in AWS IAMHow to Create Custom IAM Policy in AWS: Simple GuideHow to Create IAM Group in AWS: Step-by-Step Guide