Appendix B. Creating IAM Policies in AWS
When you create an IAM role, you must define permissions that the role will have in AWS. To define the role permissions, you must create an IAM policy and attach it to the IAM role. For more information on managing IAM identity permissions, see AWS Documentation.
To create an IAM policy using the AWS Management Console, perform the following steps:
- Log in to the AWS Management Console using credentials of an AWS account in which you want to create the IAM policy.
- Navigate to Services > Security, Identity, & Compliance and click IAM.
- In the IAM console, navigate to Access Management > Policies.
- Click Create policy.
- Complete the Create policy wizard:
- At the Editor step of the , switch to the JSON tab.
- Type or paste a JSON policy document.
The JSON policy document must include permissions required for an IAM role to which you want to attach the policy. For more information on required permissions, see IAM Permissions. To learn how to write JSON policy documents, see AWS Documentation.
Consider the following AWS limitations on IAM policy sizing:
For more information on IAM character limits, see AWS Documentation.
- At the Tags step of the wizard, specify AWS tags that will be assigned to the IAM policy.
- At the Review step of the wizard, specify a name and description for the IAM policy. Review the configured settings and click Create policy.
After you create a policy, you can attach it to IAM roles as described in section Appendix A. Creating IAM Roles in AWS.