AWS Official Blog

Integrated IAM Policy Generator

by Jeff Barr | on | in AWS IAM, Identity and Access Management | | Comments

You can now create custom IAM (Identity and Access Management) policy documents from the IAM tab of the AWS Management Console. You can use a custom policy document to gain access to a number of advanced IAM features such as limiting access by user agent, time, or IP address, requiring a secure transport, or even enabling cross-account access to selected AWS resources.

Here’s a tour! The first step is to click on the Attach User Policy button (you can also do this for IAM groups):

There’s a new Policy Generator option:

The Policy Generator allows you to create policy documents for any AWS service that is supported by IAM:

After selecting a service you can choose to allow or deny any number of actions in the policy document that you create:

You can also attach any number of conditions to each of your policies:

If this looks like something that you could use, then I suggest that you head over to the AWS Management Console today and create some policies! I suggest that you review the Permissions and Policies section of the IAM documentation to make sure that you are taking advantage of the power and flexibility of IAM.

— Jeff;