Creating IAM policies (Amazon API) - Amazon Identity and Access Management
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Creating IAM policies (Amazon API)

A policy is an entity that, when attached to an identity or resource, defines their permissions. You can use the Amazon API to create customer managed policies in IAM. Customer managed policies are standalone policies that you administer in your own Amazon Web Services account. As a best practice, we recommend that you use IAM Access Analyzer to validate your IAM policies to ensure secure and functional permissions. By validating your policies you can address any errors or recommendations before you attach the policies to identities (users, groups, and roles) in your Amazon Web Services account.

The number and size of IAM resources in an Amazon account are limited. For more information, see IAM and Amazon STS quotas.

Creating IAM policies (Amazon API)

You can create an IAM customer managed policy or an inline policy using the Amazon API.

To create a customer managed policy (Amazon API)

Call the following operation:

To create an inline policy for an IAM identity (group, user, or role) (Amazon API)

Call one of the following operations:


You can't use IAM to embed an inline policy for a service-linked role.

To validate a customer managed policy (Amazon API)

Call the following IAM Access Analyzer operation: