Appendix A. Creating IAM Policies
When you create an IAM role, you must define permissions that the role will have in your AWS infrastructure. To define the role permissions, you must create an IAM policy and attach it to the IAM role. To create an IAM policy using the AWS Management Console, perform the following steps:
- Log in to the AWS Management Console using credentials of an AWS account in which you want to create the IAM policy.
- In the AWS services section, navigate to All Services > Security, Identity, & Compliance and click IAM.
- In the IAM console, navigate to Access Management > Policies.
- Click Create policy.
- Complete the Create policy wizard:
- At the Editor step of the , switch to the JSON tab.
- Type or paste a JSON policy document.
The JSON policy document must include permissions required for an IAM role to which you want to attach the policy. For more information on required permissions, see IAM Permissions. To learn how to write JSON policy documents, see AWS Documentation.
The size of an IAM policy document cannot exceed 10240 characters.
- At the Tags step of the wizard, specify AWS tags that will be assigned to the IAM policy.
- At the Review step of the wizard, specify a name and description for the IAM policy. Review the configured settings and click Create policy.
After you create a policy, you can attach it to IAM roles as described in Appendix B. Creating IAM Roles.