Appendix B. Creating IAM Policies in AWS

In this article

    When you create an IAM role, you must define permissions that the role will have in your AWS infrastructure. To define the role permissions, you must create an IAM policy and attach it to the IAM role. For more information on managing IAM identity permissions, see AWS Documentation.

    To create an IAM policy using the AWS Management Console, perform the following steps:

    1. Log in to the AWS Management Console using credentials of an AWS account in which you want to create the IAM policy.
    2. In the AWS services section, navigate to All Services > Security, Identity, & Compliance and click IAM.
    3. In the IAM console, navigate to Access Management > Policies.
    4. Click Create policy.
    5. Complete the Create policy wizard:
    1. At the Editor step of the , switch to the JSON tab.
    2. Type or paste a JSON policy document.

    The JSON policy document must include permissions required for an IAM role to which you want to attach the policy. For more information on required permissions, see IAM Permissions. To learn how to write JSON policy documents, see AWS Documentation.

    Important

    Mind the following AWS limitations on IAM policy sizing:

    • The size of a managed IAM policy cannot exceed 6.144 characters. For more information on managed IAM policies, see AWS Documentation.
    • The total size of inline IAM policies added to an IAM role cannot exceed 10240 characters. For more information on inline IAM policies, see AWS Documentation.

    For more information on IAM character limits, see AWS Documentation.

    1. At the Tags step of the wizard, specify AWS tags that will be assigned to the IAM policy.
    2. At the Review step of the wizard, specify a name and description for the IAM policy. Review the configured settings and click Create policy.

    After you create a policy, you can attach it to IAM roles as described in Appendix A. Creating IAM Roles in AWS.