**Example 1: To create a customer managed policy**
The following command creates a customer managed policy named ``my-policy``. ::
aws iam create-policy
--policy-name my-policy
--policy-document file://policy
The file ``policy`` is a JSON document in the current folder that grants read only access to the ``shared`` folder in an Amazon S3 bucket named ``my-bucket``::
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:Get*",
"s3:List*"
],
"Resource": [
"arn:aws:s3:::my-bucket/shared/*"
]
}
]
}
Output::
{
"Policy": {
"PolicyName": "my-policy",
"CreateDate": "2015-06-01T19:31:18.620Z",
"AttachmentCount": 0,
"IsAttachable": true,
"PolicyId": "ZXR6A36LTYANPAI7NJ5UV",
"DefaultVersionId": "v1",
"Path": "/",
"Arn": "arn:aws:iam::0123456789012:policy/my-policy",
"UpdateDate": "2015-06-01T19:31:18.620Z"
}
}
For more information on using files as input for string parameters, see `Specifying Parameter Values <https://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html>`_ in the *AWS CLI User Guide*.
**Example 2: To create a customer managed policy with a description**
The following command creates a customer managed policy named ``my-policy`` with an immutable description. ::
aws iam create-policy \
--policy-name my-policy \
--policy-document file://policy.json \
--description "This policy grants access to all Put, Get, and List actions for my-bucket"
The file ``policy.json`` is a JSON document in the current folder that grants access to all Put, List, and Get actions for an Amazon S3 bucket named ``my-bucket``::
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket*",
"s3:PutBucket*",
"s3:GetBucket*"
],
"Resource": [
"arn:aws:s3:::my-bucket"
]
}
]
}
Output::
{
"Policy": {
"PolicyName": "my-policy",
"PolicyId": "ANPAWGSUGIDPEXAMPLE",
"Arn": "arn:aws:iam::123456789012:policy/my-policy",
"Path": "/",
"DefaultVersionId": "v1",
"AttachmentCount": 0,
"PermissionsBoundaryUsageCount": 0,
"IsAttachable": true,
"CreateDate": "2023-05-24T22:38:47+00:00",
"UpdateDate": "2023-05-24T22:38:47+00:00"
}
}
For more information on Idenity-based Policies, see `Identity-based policies and resource-based policies <https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_identity-vs-resource.html>`_ in the *AWS IAM User Guide*.
**Example 3: To Create a customer managed policy with tags**
The following command creates a customer managed policy named ``my-policy`` with tags. This example uses the ``--tags`` parameter flag with the following
JSON-formatted tags: ``'{"Key": "Department", "Value": "Accounting"}' '{"Key": "Location", "Value": "Seattle"}'``. Alternatively, the ``--tags`` flag can be
used with tags in the shorthand format: ``'Key=Department,Value=Accounting Key=Location,Value=Seattle'``. ::
aws iam create-policy \
--policy-name my-policy \
--policy-document file://policy.json \
--tags '{"Key": "Department", "Value": "Accounting"}' '{"Key": "Location", "Value": "Seattle"}'
The file ``policy.json`` is a JSON document in the current folder that grants access to all Put, List, and Get actions for an Amazon S3 bucket named ``my-bucket``::
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket*",
"s3:PutBucket*",
"s3:GetBucket*"
],
"Resource": [
"arn:aws:s3:::my-bucket"
]
}
]
}
Output::
{
"Policy": {
"PolicyName": "my-policy",
"PolicyId": "ANPAWGSUGIDPEXAMPLE",
"Arn": "arn:aws:iam::12345678012:policy/my-policy",
"Path": "/",
"DefaultVersionId": "v1",
"AttachmentCount": 0,
"PermissionsBoundaryUsageCount": 0,
"IsAttachable": true,
"CreateDate": "2023-05-24T23:16:39+00:00",
"UpdateDate": "2023-05-24T23:16:39+00:00",
"Tags": [
{
"Key": "Department",
"Value": "Accounting"
},
"Key": "Location",
"Value": "Seattle"
{
]
}
}
For more information on Tagging policies, see `Tagging customer managed policies <https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags_customer-managed-policies.html>`__ in the *IAM User Guide*.