AWS::IAM::Policy

IAM Policy

Adds or updates an inline policy document that is embedded in the specified IAM group, user or role. An IAM user can also have a managed policy attached to it. For information about policies, see [Managed Policies and Inline Policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) in the *User Guide*. The Groups, Roles, and Users properties are optional. However, you must specify at least one of these properties. For information about policy documents, se...

Properties

5 configurable properties. 2 required. Click a row to see details.

Filter:

Property	Type	Flags
`PolicyDocument`	`objectstring`	Required
`PolicyName`	`string`	Required
`Groups`	`Array<string>`
`Roles`	`Array<string>`
`Users`	`Array<string>`

Return Values

Values returned after the resource is created. Access these with Fn::GetAtt.

Attribute	Type	Description
`Id`	`string`	-

Sample CloudFormation Template

A minimal template with required properties and common optional ones.

template.yaml

AWSTemplateFormatVersion: "2010-09-09"
Description: Sample template for AWS::IAM::Policy

Resources:
  MyResource:
    Type: AWS::IAM::Policy
    Properties:
      PolicyDocument: "value"
      PolicyName: "my-policyname"

Required IAM Permissions

Permissions CloudFormation needs in your IAM role to manage this resource.

create

iam:GetUserPolicyiam:GetRolePolicyiam:GetGroupPolicyiam:PutUserPolicyiam:PutRolePolicyiam:PutGroupPolicy

update

iam:PutUserPolicyiam:PutRolePolicyiam:PutGroupPolicyiam:DeleteRolePolicyiam:DeleteUserPolicyiam:DeleteGroupPolicy

delete

iam:DeleteRolePolicyiam:DeleteUserPolicyiam:DeleteGroupPolicy

Get the IAM Cheat Sheet

Everything you need to know about IAM on one page. HD quality, print-friendly.

Download Free Infographic

Quick Facts

ServiceIAM

Properties6

Required2

TaggingNot supported

Primary IDId

Supported Operations

CreateUpdateDelete

Related Resources

External Links

AWS Documentation