Creating a policy

The following steps will guide you to create a policy:

1. Go to AWS IAM Management Console at https://console.aws.amazon.com/iam/home and click on Policies from the left navigation, or you can directly go to https://console.aws.amazon.com/iam/home#/policies. Under Policies, you can see AWS Managed Policies and Customer Managed Policies.
2. Click on the Create Policy button:
   

Here, we can either create our own custom policy or import a managed policy. Importing a managed policy will require us to import and attach the policy document to our new policy that needs to be created. To create a policy from scratch, we can use VisualEditor or JSON Editor. VisualEditor helps us avoid making mistakes while providing actions and resources. We will go with VisualEditor and do the following:

• • Choose a service: Choose a service for which you want to provide permissions. We will choose the S3 service.
  • Select actions: Select actions based on what permissions you want to provide. We will select All S3 actions (s3:*).
  • Resources: We can either select all resources (*) access or provide specific resource ARNs to which we need to provide access.
  • Request conditions: We can provide additional restrictions such as what can be the Source IP, Source ARN, UserAgent, Referer, and SourceVpc. In our case, we will not add any request conditions.

3. By clicking on Add Additional Permissions, you can add a new policy document. Once you are done with selection policies and permissions, click on Review Policy:

• We will need to provide the following details:
  • Name: Type in AmazonS3FullAccess. You can provide a friendly name which depicts your policy.
  • Description: Type in AmazonS3FullAccess. You can provide any description of your choice.
  • Summary: Review the policies that were selected in the previous step.

Once you are done, click on Create Policy: