AWS Fundamentals Logo
AWS Fundamentals
AWS::IAM::ManagedPolicy

IAM ManagedPolicy

Creates a new managed policy for your AWS-account. This operation creates a policy version with a version identifier of v1 and sets v1 as the policy's default version. For more information about policy versions, see [Versioning for managed policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html) in the *IAM User Guide*. As a best practice, you can validate your IAM policies. To learn more, see [Validating IAM policies](https://docs.aws.amazon.com/IAM/la...

Properties

7 configurable properties. 1 required. Click a row to see details.

Filter:
PropertyTypeFlags
PolicyDocument
objectstring
Required
Description
string
Create-only
Groups
Array<string>
ManagedPolicyName
string
Create-only
Path
string
Create-only
Roles
Array<string>
Users
Array<string>

Return Values

Values returned after the resource is created. Access these with Fn::GetAtt.

AttributeTypeDescription
AttachmentCountinteger-
CreateDatestring-
DefaultVersionIdstring-
IsAttachableboolean-
PermissionsBoundaryUsageCountinteger-
PolicyArnstring-
PolicyIdstring-
UpdateDatestring-

Sample CloudFormation Template

A minimal template with required properties and common optional ones.

template.yaml
AWSTemplateFormatVersion: "2010-09-09"
Description: Sample template for AWS::IAM::ManagedPolicy

Resources:
  MyResource:
    Type: AWS::IAM::ManagedPolicy
    Properties:
      PolicyDocument: "value"
      Description: !Ref "AWS::StackName"

Required IAM Permissions

Permissions CloudFormation needs in your IAM role to manage this resource.

create

iam:CreatePolicyiam:AttachGroupPolicyiam:AttachUserPolicyiam:AttachRolePolicy

read

iam:GetPolicyiam:ListEntitiesForPolicyiam:GetPolicyVersion

update

iam:DetachRolePolicyiam:GetPolicyiam:ListPolicyVersionsiam:DetachGroupPolicyiam:DetachUserPolicyiam:CreatePolicyVersioniam:DeletePolicyVersioniam:AttachGroupPolicy

delete

iam:DetachRolePolicyiam:GetPolicyiam:ListPolicyVersionsiam:DetachGroupPolicyiam:DetachUserPolicyiam:DeletePolicyVersioniam:DeletePolicyiam:ListEntitiesForPolicy

list

iam:ListPolicies

Get the IAM Cheat Sheet

Everything you need to know about IAM on one page. HD quality, print-friendly.

Download Free Infographic

Quick Facts

ServiceIAM
Properties15
Required1
TaggingNot supported
Primary IDPolicyArn

Supported Operations

CreateReadUpdateDeleteList

Immutable After Creation

These properties cannot be changed after the resource is created. Updating them triggers a replacement.

ManagedPolicyNameDescriptionPath

Related Resources

External Links