AWS Security Blog

Enable Autoformatting for Your Policies in the Identity and Access Management Console

Have you ever thought that authoring Identity and Access Management (IAM) policies would be easier if the JSON of your policies were automatically formatted? If so, you will be excited to hear you can now enable autoformatting for all your policies by simply selecting a single check box. In this blog post, I will show how you can use the IAM console to enable autoformatting and demonstrate how it can make your policies easier to understand. 

How can I enable autoformatting?

You can enable autoformatting when creating or editing a policy by using the IAM console. Simply navigate to any policy editing page (such as when creating a new managed policy or editing an existing IAM group policy), and you will see a new Use autoformatting for policy editing check box, which is selected by default. When the check box is selected, your policies are displayed using JSON formatting. This setting also works in conjunction with the Validate Policy button: when enabled, every time you click the Validate Policy button, your policy will be validated and formatted.

What if I do not want to use autoformatting?

You can still view, edit, and save your policy without formatting by clearing the Use autoformatting for policy editing check box. If you clear the check box before making any edits to the policy, IAM will return the policy to its previously unformatted state. The IAM console preserves these settings, so the next time you use the console, autoformatting will be disabled. You can reenable formatting anytime by reselecting the check box.

How does autoformatting change the appearance of my policy?

To show you how formatting can help make your policies more readable, I will create a new managed policy from our policy documentation that grants access to an Amazon S3 bucket. As you can see in the following screenshot, the policy has been typed without any formatting. The lack of formatting makes it difficult to determine quickly which permissions have been granted.

Image of the unformatted policy

Check to confirm that the Use autoformatting for policy editing check box has been selected, and then click Validate Policy to format your policy.

Image of the formatted policy

You can now easily identify in the policy three statement blocks, multiple actions, and the associated resources for those actions. Click Create Policy to apply and save the formatted policy.

It is important to note that JSON formatting has no impact on the size of your policy because white space characters do not count toward your policy size. Therefore, feel free to use JSON formatting for all your policies.

To get started, sign in to the IAM console, and open an existing policy or create a new one. If you have any questions or suggestions about JSON formatting for policies, submit them on the IAM forum.