上QQ阅读APP看书，第一时间看更新

Creating a policy

The following command creates customer-managed policies under your AWS account:

    aws iam create-policy ^
    --policy-name "AmazonS3FullAccess" ^
    --policy-document file://PolicyDocument.json ^
    --path "/" ^
    --description "Amazon S3 Full Access Policy"

The following is the policy document used to create a policy named PolicyDocument.json:

{ 
  "Version": "2012-10-17", 
  "Statement": [{ 
    "Effect": "Allow", 
    "Action": [ 
      "s3:*" 
    ], 
    "Resource": "arn:aws:s3:::my-bucket" 
  }] 
}

The following are the options, which can be used with create-policy:

Parameters	Optional	Description
`--policy-name`	False	This is a friendly name, which describes your policy.
`--policy-document`	False	This is the policy JSON document, which contains AWS resources and actions allowed or denied on them.
`--path`	True	This is the path of the policy. If the path is not provided, the default `/` (slash) is considered.
`--description`	True	This is a friendly description, which describes your policy.