You are currently viewing How to create custom policy in AWS IAM

How to create custom policy in AWS IAM

Loading

In this blog you will learn about how to create custom policy in AWS IAM. But before that let us understand what do you mean by policy,

A policy is a JSON document that defines permissions, specifying which actions are allowed or denied for specific AWS resources. Policies are used to control access and manage permissions for users, groups, and roles within an AWS account.

There are two types of policies in AWS IAM

  • AWS managed policies- These are the policies created by the AWS to make your life easier.
  • Customer management policies- These are the policies created by you to interact with the various aws services with the specific permission.
    • You can create 1500 customer managed policies per account.
    • You can create 10 managed policies per group, per role and per user.

What is Policy variable

IAM policy variables in AWS allow you to create dynamic policies that can adapt based on user attributes, request details, or environment specifics.

This flexibility enables you to write more general policies that apply to multiple users or conditions without needing to hard-code specific values.

Key components of a policy structure

  1. Version: Specifies the policy language version. The current version is “2012-10-17”.
  2. Statement: The main element that contains one or more individual statements.
  3. Effect: Defines whether the statement allows or denies access. It can be “Allow” or “Deny”.
  4. Action: Specifies the AWS service actions that the policy allows or denies.
  5. Resource: Specifies the AWS resources that the actions apply to. Resources are identified using Amazon Resource Names (ARNs).
  6. Condition: (Optional) Specifies conditions for when the policy is in effect. Conditions use operators to match key-value pairs.

Example of a simple policy:

{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::example_bucket"
},
{
"Effect": "Allow",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::example_bucket/*"
}
]
}

Steps to create custom policy in AWS IAM

Sign in to the AWS Management Console and Search for IAM (Identity and Access Management) services.

Access the Policies Section

  • In the navigation pane, click on Policies. Click on the Create policy button.

You can use either the Visual editor or the JSON editor to create your policy.

Service: Select the AWS service you want to control access to (e.g., S3).

Actions: Choose the actions you want to allow or deny (e.g., s3:ListBucket, s3:GetObject).

Switch to the JSON tab. Write your custom JSON policy. Ensure it includes the Version, Statement, Effect, Action, Resource, and optionally, Condition.

Give the custom policy a name. Review all the details and click on Create policy

Now you have successfully created a policy.

After creating the policy, attach it to IAM users, groups, or roles as needed:

  • Users: Go to the Users section, select a user, click on Add permissions, and attach the policy.
  • Groups: Go to the Groups section, select a group, and attach the policy.
  • Roles: Go to the Roles section, select a role, and attach the policy.

Conclusion

Finally, it is important to know how to use and understand IAM policies and policy factors in AWS so that cloud resource management works well and is safe. You can make dynamic, scalable, and manageable permission systems that improve security and make operations run more smoothly if you understand policy structure, make custom policies, and use policy variables.

If you like this blog, you can share it with your friends or colleague. You can connect with me on social media profiles like LinkedIn, Twitter, and Instagram. If you any doubt regarding implementation feel free to comment.