AWS Security Blog

Newly Upgraded: Identity and Access Management Policy Validation

Earlier this month, we let you know that AWS Identity and Access Management (IAM) would be upgrading policy validation today (March 25, 2015) to help you ensure that your IAM policies match your intentions. This upgrade is now in effect for all IAM policies. Starting today, to save changes to your IAM policies, you must first ensure that your policies comply with the IAM policy grammar. This upgrade applies only when you update an existing policy or create a new one. It is important to note that all of your existing policies will continue to work as they currently do.

If you do have existing noncompliant policies in your AWS account, you must make them compliant before you can save changes to them. To check to see if you have noncompliant policies in your account, sign in to the IAM console. If you see a yellow banner, your AWS account has noncompliant policies that require editing. For help updating noncompliant IAM policies, refer to Using Policy Validator and Grammar of the IAM Policy Language.

For more information about this upgrade, see Coming March 25, 2015: Upgrades to IAM Policy Validation. You also can refer to Back to School: Understanding the IAM Policy Grammar to learn about authoring policies that comply with the IAM policy grammar.

As always, if you have questions or suggestions, visit our AWS IAM forum.

– Brigid