Skip to content

IAM roles - policies

Created: 2018-11-12 11:46:38 -0800 Modified: 2018-11-12 12:05:11 -0800

  • A role is a combination of trust relationships (i.e. who can actually perform some action) and policies (i.e. what actions can they perform).
  • To make a policy, their visual editor is incredibly helpful: AWS Console → IAM → Policies → Create policy. Note that you can get to this UI through “Roles”, but it’s exactly the same as getting there through Policies (i.e. it won’t automatically attach the policy to the role if you accessed it through “Roles”).
  • When making a policy, it may ask you to choose ARNs. This scopes the policy only to those particular resources. For example, you may have 10 hosted zones and you only want a policy that allows listing the record sets of 3 of them.
  • You typically shouldn’t have to create policies if they’re just going to be very general, e.g. “full access to Route53”. Those all exist already. You probably only need to make policies when you’re getting granular with either the resources that you’re targeting or the specific permissions needed.

I can’t see my policy that I just created very recently

Section titled I can’t see my policy that I just created very recently

I believe you have to hit the 🔃 button for it show.