IAM: Limits managed policies that can be applied to an IAM user, group, or role
This example shows how you might create an identity-based policy that limits customer managed and Amazon managed policies that can be applied
to an IAM user, group, or role. This policy grants the permissions necessary to complete this action programmatically from the Amazon API or Amazon CLI. To use this policy, replace the italicized placeholder text
in the example policy with your own information.
Then, follow the directions in create a policy or edit a policy.
{ "Version": "2012-10-17", "Statement": { "Effect": "Allow", "Action": [ "iam:AttachUserPolicy", "iam:DetachUserPolicy" ], "Resource": "*", "Condition": { "ArnEquals": { "iam:PolicyARN": [ "arn:aws-cn:iam::*:policy/
policy-name-1
", "arn:aws-cn:iam::*:policy/policy-name-2
" ] } } } }