Add Access Policy

An IAM access policy allows you to explicitly define permissions over what your users and groups can access. The Add Access Policy page enables you to select and apply an existing access policy template, or define your own access policies by either using the policy generator or writing a policy directly using the built-in editor.

Note: For information on IAM access policies, see Overview of AWS IAM Policies

Create a custom policy using the policy generator

The policy generator is an easy-to-use graphical tool that allows you to create a new access policy without having to know IAM's access policy language.

Allow actions

You can allow all actions for a specific service

To allow all actions for a service:
Select the check mark icon next to the service name in the Allow/Deny list.

Deny all actions

You can deny all actions for a specific service

To deny all actions for a service:
Select the x mark icon next to the service name in the Allow/Deny list.

Allow specific actions

You can allow specific actions for a service.

To allow specific actions for a service:
  1. Click the + icon to the left of the service to expand the list of available actions for that service.
  2. Select the check mark icon next to the action in the Allow/Deny list.

Deny specific actions

You can deny specific actions for a service.

To allow specific actions for a service:
  1. Click the + icon to the left of a service to expand the list of available actions for that service.
  2. Select the x mark icon next to the action in the Allow/Deny list.

Allow or deny actions for a specific resource

You can allow or deny actions for a specific resource.

To allow or deny actions for a specific resource:
  1. Click the + icon to the left of a service to expand the list of available actions for that service.
  2. Click the Advanced button next to the action in the Allow/Deny list. The list entry for the action will expand to show drop-down lists for setting up resources and conditionals.
  3. From the Set a specific resource drop-down list on the left, select a resource. The drop-down list to the right will automatically populate with valid values for the selected resource.
  4. From the drop-down list on the right, select the appropriate value for the resource you've selected.
  5. Select the check box next to the action entry to allow access to the specified resource, or select the x mark to deny access.
  6. Click the Add Resource button. Note that the ARN of the resource you've selected will appear in the list, and the results of your selections will appear in the View/Edit Policy text box on the right side of the page.
    Note: To remove a resource you've added, click the - icon next to the ARN in the resource list.

Conditional permissions

You can allow or deny permissions based on specific conditions, such as user name or image ID.

To add a condition:
  1. Click the + icon to the left of a service to expand the list of available actions for that service.
  2. Click the Advanced button next to the action in the Allow/Deny list. The list entry for the action will expand to show drop-down lists for setting up resources and conditionals.
  3. In the Conditions (optional) section, from the Add a condition drop-down list on the left, select a comparison element. The drop-down list to the right will automatically populate with valid conditional comparisons for the selected element.
  4. From the drop-down list on the right, select the appropriate comparison operator for the element you've selected.
  5. If appropriate, enter the comparison value in the text field that appears under the drop-down lists.
  6. Click the Add Resource button. Note that the conditional you've just added will appear in the list, and the results of your selections will appear in the View/Edit Policy text box on the right side of the page.
    Note: To remove a condition that you've added, click the - icon next to the conditional in the list.

Upload or write a policy

You can use this section to upload an existing policy file or write an access policy directly into the text editor.

  1. You can paste or type policy language directly into the View/Edit policy text box on the right side of the screen.
  2. To upload an existing policy file: expand the + icon next to the Upload or write a file (advanced) label and click the Browse... button.

Select a template

This section allows you to apply a pre-defined access policy template.

Click on Select button next to the appropriate template in the list.

Save Your Work

Click the Create Policy button to save your work, or click the Cancel button to cancel the operation.
x