Customer Managed Policy Examples - Amazon Cloud Map
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Customer Managed Policy Examples

You can create your own custom IAM policies to allow permissions for Amazon Cloud Map actions. You can attach these custom policies to the IAM users or groups that require the specified permissions. These policies work when you are using the Amazon Cloud Map API, the Amazon SDKs, or the Amazon CLI. The following examples show permissions for several common use cases. For the policy that grants a user full access to Amazon Cloud Map, see Permissions Required to Use the Amazon Cloud Map Console.

Example 1: Allow Read Access to All Amazon Cloud Map Resources

The following permissions policy grants the user read-only access to all Amazon Cloud Map resources:

{ "Version": "2012-10-17", "Statement":[ { "Effect":"Allow", "Action":[ "servicediscovery:Get*", "servicediscovery:List*", "servicediscovery:DiscoverInstances" ], "Resource":"*" } ] }

Example 2: Allow Creation of All Types of Namespaces

The following permissions policy allows users to create all types of namespaces:

{ "Version": "2012-10-17", "Statement":[ { "Effect":"Allow", "Action":[ "servicediscovery:CreateHttpNamespace", "servicediscovery:CreatePrivateDnsNamespace", "servicediscovery:CreatePublicDnsNamespace", "route53:CreateHostedZone", "route53:GetHostedZone", "route53:ListHostedZonesByName", "ec2:DescribeVpcs", "ec2:DescribeRegions" ], "Resource":"*" } ] }

To provide access, add permissions to your users, groups, or roles: