Add an AWS IAM Policy
An IAM policy is a way to allow or deny users to perform certain actions in an AWS account. When a user or a role is created, by default they only have permission to login. They cannot view, modify, or create any new resources. IAM policies are used to grant additional permissions.
To create a new AWS IAM Policy:
- Navigate to Cloud Management > AWS IAM Policies.
- Click Add New.
- In the AWS IAM Policy Name field, enter a name to identify the AWS IAM Policy throughout the application. This field must be unique among AWS IAM Policies.
- (Optional) Enter a description.
- In the AWS IAM Policy field, enter or paste a valid AWS IAM Policy.
- Select at least one user or user group that will have permission to edit this cloud rule.
- Select whether the policy will be public or restricted.
- Public policies. All users with permission to manage cloud access roles can select public policies when creating cloud access roles.
- Restricted policies. Only those users selected in the policy can select restricted policies when creating cloud access roles. When you set a policy as restricted, you must select at least one user or user group to have permission to use the policy.
- Click Create IAM Policy. Once the policy is saved, it will be validated with AWS.
Sample IAM Policies
Example policy that restricts access to S3 and EC2 services
For more policy examples, see Amazon's article Writing IAM Policies.