IAM Policies

40/40
FILTERS
 
EC2
Allows Starting or Stopping an EC2 Instance and Modifying a Security Group
IAM Policy
A policy that allows starting or stopping a specific EC2 instance and modifying a specific security group (Programmatically and in the Console).
Console Access
API and CLI Access
Allows Launching EC2 Instances in a Specific Subnet, Programmatically and in the Console
IAM Policy
A policy that allows listing information for all EC2 objects and launching EC2 instances in a specific subnet. This policy also provides the permissions necessary to complete this action on the console.
Console Access
API and CLI Access
Allows Managing EC2 Security Groups Associated With a Specific VPC, Programmatically and in the Console
IAM Policy
A policy that allows managing Amazon EC2 security groups associated with a specific virtual private cloud (VPC). This policy also provides the permissions necessary to complete this action on the console.
Console Access
API and CLI Access
Allows Full EC2 Access Within a Specific Region, Programmatically and in the Console
IAM Policy
A policy hat allows full EC2 access within a specific region. This policy also provides the permissions necessary to complete this action on the console.
Console Access
API and CLI Access
Allow Users to Launch Approved Images and Use Existing Security Groups Only, Programmatically and in the Console.
IAM Policy
An IAM policy that prevents users from creating their own security groups, and allows users to only launch approved AMIs (Amazon Machine Images). Approved images are identified with Tags (Example, Tag Key: Approved, Tag Value: True). This policy provides the permissions necessary to complete this action programmatically or from the console.
Console Access
API and CLI Access
Tags
Allow Starting or Stopping EC2 Instances Based on a User's Username, Programmatically and in the Console.
IAM Policy
An IAM policy that allows an IAM user to start or stop EC2 instances, but only if the instance tag Owner has the value of that user's user name. This policy also provides the permissions necessary to complete this action on the console.
Console Access
API and CLI Access
Tags
Limit Terminating EC2 Instances to an IP Address Range
IAM Policy
An IAM policy that prevents users from terminating EC2 instances when the request does not come from a specified IP range. This policy provides the permissions necessary to complete this action using the AWS API or AWS CLI only
Console Access
API and CLI Access
S3
Allows IAM Users Access to Their S3 Home Directory
IAM Policy
A policy that allows IAM users to access their own home directory in S3. The home directory is a bucket that includes a home folder and folders for individual users (Programmatically and in the Console).
API and CLI Access
Console Access
Limits Managing to a Specific S3 Bucket and Denies All Other Actions
IAM Policy
A policy that limits managing an S3 bucket by allowing all S3 actions on the specific bucket, but explicitly denying access to every AWS service except Amazon S3. This policy also denies access to actions that can't be performed on an S3 bucket, such as s3:ListAllMyBuckets or s3:GetObject. This policy provides the permissions necessary to complete this action using the AWS API or AWS CLI only.
API and CLI Access
Allows Read and Write Access to a Specific S3 Bucket
IAM Policy
A policy that allows Read and Write access to a specific S3 bucket. This policy provides the permissions necessary to complete this action using the AWS API or AWS CLI only.
API and CLI Access
Allows Read and Write Access to a Specific S3 Bucket, Programmatically and in the Console.
IAM Policy
A policy that allows Read and Write access to a specific S3 bucket. This policy also provides the permissions necessary to complete this action on the console.
API and CLI Access
Console Access
Allow users to read objects in a portion of the S3 bucket.
IAM Policy
A policy that allows Read access to a specific folder within an S3 bucket. This policy provides the permissions necessary to complete this action using the AWS API or AWS CLI only.
API and CLI Access
Allow users to only drop files to a specific folder within an S3 bucket.
IAM Policy
A policy that allows write access to a specific folder within an S3 bucket. This policy provides the permissions necessary to complete this action using the AWS API or AWS CLI only.
API and CLI Access
IAM
Allows IAM Users to Self-Manage an MFA Device
IAM Policy
A policy that allows IAM users to self-manage an MFA device. This policy provides the permissions necessary to complete this action using the AWS API or AWS CLI only.
API and CLI Access
Allows IAM Users to Rotate Their Own Credentials
IAM Policy
A policy that allows IAM users to rotate their own access keys, signing certificates, service specific credentials, and passwords. This policy also provides the permissions necessary to complete this action programmatically and on the console.
API and CLI Access
Console Access
Access the Policy Simulator API
IAM Policy
A policy that allows using the policy simulator API for policies attached to a user, group, or role in the current AWS account. This policy also allows access to simulate less sensitive policies passed to the API as strings. This policy provides the permissions necessary to complete this action using the AWS API or AWS CLI only.
API and CLI Access
Access the Policy Simulator Console
IAM Policy
A policy that allows using the policy simulator console for policies attached to a user, group, or role in the current AWS account.
Console Access
DynamoDB
Allows Access to a Specific DynamoDB Table
IAM Policy
A policy that allows full access to a DynamoDB table with the specified name. This policy provides the permissions necessary to complete this action using the AWS API or AWS CLI only.
API and CLI Access
Allows Access to Specific Columns in a DynamoDB table
IAM Policy
A policy that allows access to the specific DynamoDB columns. This policy provides the permissions necessary to complete this action using the AWS API or AWS CLI only.
API and CLI Access
Allow Read-only Access on Items in a Table
IAM Policy
An IAM policy that grants permissions for the GetItem and BatchGetItem DynamoDB actions only and thereby sets read-only access to a table. This policy provides the permissions necessary to complete this action using the AWS API or AWS CLI only.
API and CLI Access
Allow Access to a Specific Table and All of Its Indexes
IAM Policy
An IAM policy that grants permissions policy grants permissions for all of the DynamoDB actions on a specific table and all of the table's indexes. This policy provides the permissions necessary to complete this action using the AWS API or AWS CLI only.
API and CLI Access
Prevent a User from Purchasing Reserved Capacity Offerings
IAM Policy
An IAM policy that allows users to view reserved capacity offerings and current purchases using the AWS Management Console—but new purchases are denied. This policy provides the permissions necessary to complete this action using the AWS Console or AWS API/AWS CLI.
API and CLI Access
Console Access
Allow Read Access for a DynamoDB Stream Only (Not for the Table)
IAM Policy
An IAM policy that grants users permissions to access the streams on a DynamoDB table, but not to the table itself. This policy provides the permissions necessary to complete this action using the AWS API or AWS CLI only.
API and CLI Access
RDS
Allows Restoring RDS Databases
IAM Policy
A policy that allows restoring RDS databases. This policy also provides the permissions necessary to complete this action programmatically and in the console.
API and CLI Access
Console Access
Allows Tag Owners Full Access to RDS Resources That They Have Tagged
IAM Policy
A policy that allows tag owners full access to RDS resources that they have tagged (Tag key: Owner, Tag Value: <IAM username>). This policy provides the permissions necessary to complete this action using the AWS API or AWS CLI only.
API and CLI Access
Tags
Allows Creation of RDS Instances of Specific Instance Type and Database Engine
IAM Policy
An IAM policy that allows users to only launch RDS instances of a specific instance type and database engine (Default: t2.micro and mysql).
API and CLI Access
Allow a User to Create a DB Instance That Uses the Specified DB Parameter and Security Groups
IAM Policy
An IAM policy that grants permissions to allow a user to only create a DB instance that must use specific DB parameter group and DB security group.
API and CLI Access
CodeCommit
Allow Read Access to an AWS CodeCommit Repository
IAM Policy
An IAM policy that allows Read access to a specific CodeCommit repository. This policy also provides the permissions necessary to complete this action programmatically and in the console.
API and CLI Access
AWS CodeCommit: Allow a User to Use Git for a Single Repository
IAM Policy
An IAM policy that allows a user to use Git to pull from, and push to, a specific AWS CodeCommit repository.
AWS CodeCommit: Deny Write Access to Specific Branches in a Repository
IAM Policy
An IAM policy that denies a user the ability to change or push changes to a specific branch in a specific AWS CodeCommit repository.
API and CLI Access
CodeBuild
AWS CodeBuild: Allow a User to Create Build Projects
IAM Policy
An IAM policy that allows a user to create build projects using only the specified AWS CodeBuild service role.
API and CLI Access
AWS CodeBuild: Allow a User to Delete Build Projects
IAM Policy
An IAM policy that allows a user to delete build projects.
API and CLI Access
AWS CodeBuild: Allow a User to Change Information About Build Projects
IAM Policy
An IAM policy that allows a user to change information about build projects using only the specified AWS CodeBuild service role.
API and CLI Access
CodePipeline
AWS CodePipeline: Grant Permissions to Approve or Reject Manual Approval Actions
IAM Policy
An IAM policy that grants permissions to approve or reject manual approval actions in a specific pipeline.
API and CLI Access
AWS CodePipeline: Grant Permissions to Enable and Disable Transitions Between Stages
IAM Policy
An IAM policy that grants permissions to disable and enable transitions between all stages in a specific pipeline.
API and CLI Access
Kinesis
Allow users to get data from a Kinesis stream
IAM Policy
An IAM policy that allows read-only on a specific Kinesis stream.
API and CLI Access
Allow users to add data to a Kinesis stream
IAM Policy
An IAM policy that allows pushing data to a specific Kinesis stream.
API and CLI Access
Systems Manager
Allow users to use Session Manager based on Instance IDs
IAM Policy
An IAM policy that provides end users the ability start a session to a particular instance and the ability to terminate only their own sessions.
Console Access
API and CLI Access
Session Manager
Allow users to use Session Manager based on Instance Tags
IAM Policy
An IAM policy that provides end users the ability start a session to instances based on the tags assigned and the ability to terminate only their own sessions.
Console Access
API and CLI Access
Session Manager
Tags
Full Administrator Policy for Session Manager
IAM Policy
An IAM policy that allows a user to fully interact with all instances and all sessions created by all users for all instances, as well as permissions to permission to create, update and delete preferences. It should be granted only to an Administrator who needs full control over your organization's Session Manager activities.
Console Access
API and CLI Access
Session Manager