--- title: IAM Policy description: Datadog, the leading service for cloud-scale monitoring. breadcrumbs: Docs > DDSQL Reference > Data Directory > IAM Policy --- # IAM Policy An IAM Policy in AWS is a JSON document that defines permissions for actions on AWS resources. It specifies what actions are allowed or denied, on which resources, and under what conditions. Policies can be attached to users, groups, or roles to control access securely and consistently across AWS services. ``` aws.iam_policy ``` ## Fields | Title | ID | Type | Data Type | Description | | -------------------------------- | ---- | ---------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------- | | _key | core | string | | account_id | core | string | | arn | core | string | The Amazon Resource Name (ARN). ARNs are unique identifiers for Amazon Web Services resources. For more information about ARNs, go to Amazon Resource Names (ARNs) in the Amazon Web Services General Reference. | | attachment_count | core | int64 | The number of entities (users, groups, and roles) that the policy is attached to. | | create_date | core | timestamp | The date and time, in ISO 8601 date-time format, when the policy was created. | | default_version_id | core | string | The identifier for the version of the policy that is set as the default version. | | description | core | string | A friendly description of the policy. This element is included in the response to the GetPolicy operation. It is not included in the response to the ListPolicies operation. | | is_attachable | core | bool | Specifies whether the policy can be attached to an IAM user, group, or role. | | path | core | string | The path to the policy. For more information about paths, see IAM identifiers in the IAM User Guide. | | permissions_boundary_usage_count | core | int64 | The number of entities (users and roles) for which the policy is used to set the permissions boundary. For more information about permissions boundaries, see Permissions boundaries for IAM identities in the IAM User Guide. | | policy | core | json | A structure containing details about the policy. | | policy_id | core | string | The stable and unique string identifying the policy. For more information about IDs, see IAM identifiers in the IAM User Guide. | | policy_name | core | string | The friendly name (not ARN) identifying the policy. | | policy_version | core | json | | tags | core | hstore_csv | | update_date | core | timestamp | The date and time, in ISO 8601 date-time format, when the policy was last updated. When a policy has only one version, this field contains the date and time when the policy was created. When a policy has more than one version, this field contains the date and time when the most recent policy version was created. |