AWS::IAM::Policy

IAM Policy

Adds or updates an inline policy document that is embedded in the specified IAM group, user or role. An IAM user can also have a managed policy attached to it. For information about policies, see [Managed Policies and Inline Policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) in the *User Guide*. The Groups, Roles, and Users properties are optional. However, you must specify at least one of these properties. For information about policy documents, see [Creating policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_create.html) in the *User Guide*. For information about limits on the number of inline policies that you can embed in an identity, see [Limitations on Entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html) in the *User Guide*. This resource does not support [drift detection](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-stack-drift.html). The following inline policy resource types support drift detection: + [AWS::IAM::GroupPolicy](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-grouppolicy.html) + [AWS::IAM::RolePolicy](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-rolepolicy.html) + [AWS::IAM::UserPolicy](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-userpolicy.html)

Properties

5 configurable properties. 2 required. Click a row to see details.

Filter:

Property	Type	Flags
`PolicyDocument`	`objectstring`	Required
`PolicyName`	`string`	Required
`Groups`	`Array<string>`
`Roles`	`Array<string>`
`Users`	`Array<string>`

Return Values

Values returned after the resource is created. Access these with Fn::GetAtt.

Attribute	Type	Description
`Id`	`string`	-

Sample CloudFormation Template

A minimal template with required properties and common optional ones.

template.yaml

AWSTemplateFormatVersion: "2010-09-09"
Description: Sample template for AWS::IAM::Policy

Resources:
  MyResource:
    Type: AWS::IAM::Policy
    Properties:
      PolicyDocument: "value"
      PolicyName: "my-policyname"

Required IAM Permissions

Permissions CloudFormation needs in your IAM role to manage this resource.

create

iam:GetUserPolicyiam:GetRolePolicyiam:GetGroupPolicyiam:PutUserPolicyiam:PutRolePolicyiam:PutGroupPolicy

update

iam:PutUserPolicyiam:PutRolePolicyiam:PutGroupPolicyiam:DeleteRolePolicyiam:DeleteUserPolicyiam:DeleteGroupPolicy

delete

iam:DeleteRolePolicyiam:DeleteUserPolicyiam:DeleteGroupPolicy

Get the IAM Cheat Sheet

Everything you need to know about IAM on one page. HD quality, print-friendly.

Download Free Infographic

Quick Facts

ServiceIAM

Properties6

Required2

TaggingNot supported

Primary IDId

Supported Operations

CreateUpdateDelete

Related Resources

External Links

AWS Documentation