AWS IAM Policy

This page shows how to write Terraform and CloudFormation for IAM Policy and write them securely.

aws_iam_policy (Terraform)

The Policy in IAM can be configured in Terraform with the resource name aws_iam_policy. The following sections describe 5 examples of how to use the resource and its parameters.

Example Usage from GitHub

resource "aws_iam_policy" "AWSLambdaBasicExecutionRole-3f87559a-531c-4789-b832-2b77f0d84004" {
  name = "AWSLambdaBasicExecutionRole-3f87559a-531c-4789-b832-2b77f0d84004"
  path = "/service-role/"

  policy = <<POLICY
resource "aws_iam_policy" "AWSLambdaBasicExecutionRole-3f87559a-531c-4789-b832-2b77f0d84004" {
  name = "AWSLambdaBasicExecutionRole-3f87559a-531c-4789-b832-2b77f0d84004"
  path = "/service-role/"

  policy = <<POLICY
resource "aws_iam_policy" "audit_securityauditextras_policy" {
  provider = aws.audit

  description = var.securityauditextras_policy_description
  name        = var.securityauditextras_policy_name
  policy      = data.aws_iam_policy_document.securityauditextras_doc.json
resource "aws_iam_policy" "aggregate_metrics_update" {
  name   = "CovidAlertAggregateMetricsUpdateItem"
  path   = "/"
  policy = data.aws_iam_policy_document.aggregate_metrics_update.json

resource "aws_iam_policy" "enforce_mfa_policy" {
  path        = "/"
  description = "block users from acccessing anything unless they are mfa auth'd"
  policy = jsonencode({
    Version = "2012-10-17"
    Statement = [


Explanation in Terraform Registry

Provides an IAM policy.

AWS::IAM::Policy (CloudFormation)

The Policy in IAM can be configured in CloudFormation with the resource name AWS::IAM::Policy. The following sections describe how to use the resource and its parameters.


Explanation in CloudFormation Registry

Adds or updates an inline policy document that is embedded in the specified IAM user, group, or role.

An IAM user can also have a managed policy attached to it. For information about policies, see Managed Policies and Inline Policies in the IAM User Guide.

The Groups, Roles, and Users properties are optional. However, you must specify at least one of these properties.

For information about limits on the number of inline policies that you can embed in an identity, see Limitations on IAM Entities in the IAM User Guide.

Frequently asked questions

What is AWS IAM Policy?

AWS IAM Policy is a resource for IAM of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.

Where can I find the example code for the AWS IAM Policy?

For Terraform, the mortyre/misc, mortyre/misc and cisagov/cool-auditor-iam source code examples are useful. See the Terraform Example section for further details.


Scan your IaC problem in 3 minutes for free

You can keep your IaC security for free. No credit card required.