**Example 1: To create a customer managed policy**

The following command creates a customer managed policy named ``my-policy``. ::

  aws iam create-policy 
    --policy-name my-policy
    --policy-document file://policy

The file ``policy`` is a JSON document in the current folder that grants read only access to the ``shared`` folder in an Amazon S3 bucket named ``my-bucket``::

  {
      "Version": "2012-10-17",
      "Statement": [
          {
              "Effect": "Allow",
              "Action": [
                  "s3:Get*",
                  "s3:List*"
              ],
              "Resource": [
                  "arn:aws:s3:::my-bucket/shared/*"
              ]
          }
      ]
  }

Output::

  {
      "Policy": {
          "PolicyName": "my-policy",
          "CreateDate": "2015-06-01T19:31:18.620Z",
          "AttachmentCount": 0,
          "IsAttachable": true,
          "PolicyId": "ZXR6A36LTYANPAI7NJ5UV",
          "DefaultVersionId": "v1",
          "Path": "/",
          "Arn": "arn:aws:iam::0123456789012:policy/my-policy",
          "UpdateDate": "2015-06-01T19:31:18.620Z"
      }
  }

For more information on using files as input for string parameters, see `Specifying Parameter Values <https://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html>`_ in the *AWS CLI User Guide*.

**Example 2: To create a customer managed policy with a description**

The following command creates a customer managed policy named ``my-policy`` with an immutable description. ::

    aws iam create-policy \
        --policy-name my-policy \
        --policy-document file://policy.json \
        --description "This policy grants access to all Put, Get, and List actions for my-bucket"

The file ``policy.json`` is a JSON document in the current folder that grants access to all Put, List, and Get actions for an Amazon S3 bucket named ``my-bucket``::

   {
       "Version": "2012-10-17",
       "Statement": [
           {
               "Effect": "Allow",
               "Action": [
                    "s3:ListBucket*",
                    "s3:PutBucket*",
                    "s3:GetBucket*"
                ],
                "Resource": [
                    "arn:aws:s3:::my-bucket"
                ]
            }
        ]
    }

Output::

    {
        "Policy": {
            "PolicyName": "my-policy",
            "PolicyId": "ANPAWGSUGIDPEXAMPLE",
            "Arn": "arn:aws:iam::123456789012:policy/my-policy",
            "Path": "/",
            "DefaultVersionId": "v1",
            "AttachmentCount": 0,
            "PermissionsBoundaryUsageCount": 0,
            "IsAttachable": true,
            "CreateDate": "2023-05-24T22:38:47+00:00",
            "UpdateDate": "2023-05-24T22:38:47+00:00"
        }
    }

For more information on Idenity-based Policies, see `Identity-based policies and resource-based policies <https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_identity-vs-resource.html>`_ in the *AWS IAM User Guide*.

**Example 3: To Create a customer managed policy with tags**

The following command creates a customer managed policy named ``my-policy`` with tags. This example uses the ``--tags`` parameter flag with the following 
JSON-formatted tags: ``'{"Key": "Department", "Value": "Accounting"}' '{"Key": "Location", "Value": "Seattle"}'``. Alternatively, the ``--tags`` flag can be 
used with tags in the shorthand format: ``'Key=Department,Value=Accounting Key=Location,Value=Seattle'``. ::

    aws iam create-policy \
        --policy-name my-policy \
        --policy-document file://policy.json \
        --tags '{"Key": "Department", "Value": "Accounting"}' '{"Key": "Location", "Value": "Seattle"}'

The file ``policy.json`` is a JSON document in the current folder that grants access to all Put, List, and Get actions for an Amazon S3 bucket named ``my-bucket``::

   {
       "Version": "2012-10-17",
       "Statement": [
           {
               "Effect": "Allow",
               "Action": [
                    "s3:ListBucket*",
                    "s3:PutBucket*",
                    "s3:GetBucket*"
                ],
                "Resource": [
                    "arn:aws:s3:::my-bucket"
                ]
            }
        ]
    }

Output::
    
    {
        "Policy": {
            "PolicyName": "my-policy",
            "PolicyId": "ANPAWGSUGIDPEXAMPLE",
            "Arn": "arn:aws:iam::12345678012:policy/my-policy",
            "Path": "/",
            "DefaultVersionId": "v1",
            "AttachmentCount": 0,
            "PermissionsBoundaryUsageCount": 0,
            "IsAttachable": true,
            "CreateDate": "2023-05-24T23:16:39+00:00",
            "UpdateDate": "2023-05-24T23:16:39+00:00",
            "Tags": [
                {
                    "Key": "Department",
                    "Value": "Accounting"
                },
                    "Key": "Location",
                    "Value": "Seattle"
                {

            ]
        }
    }


For more information on Tagging policies, see `Tagging customer managed policies <https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags_customer-managed-policies.html>`__ in the *IAM User Guide*.