IAM Policy

An IAM Policy in AWS is a JSON document that defines permissions for actions on AWS resources. It specifies what actions are allowed or denied, on which resources, and under what conditions. Policies can be attached to users, groups, or roles to control access securely and consistently across AWS services.

aws.iam_policy

Fields

TitleIDTypeData TypeDescription
_keycorestring
account_idcorestring
arncorestringThe Amazon Resource Name (ARN). ARNs are unique identifiers for Amazon Web Services resources. For more information about ARNs, go to Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.
attachment_countcoreint64The number of entities (users, groups, and roles) that the policy is attached to.
create_datecoretimestampThe date and time, in ISO 8601 date-time format, when the policy was created.
default_version_idcorestringThe identifier for the version of the policy that is set as the default version.
descriptioncorestringA friendly description of the policy. This element is included in the response to the GetPolicy operation. It is not included in the response to the ListPolicies operation.
is_attachablecoreboolSpecifies whether the policy can be attached to an IAM user, group, or role.
pathcorestringThe path to the policy. For more information about paths, see IAM identifiers in the IAM User Guide.
permissions_boundary_usage_countcoreint64The number of entities (users and roles) for which the policy is used to set the permissions boundary. For more information about permissions boundaries, see Permissions boundaries for IAM identities in the IAM User Guide.
policycorejsonA structure containing details about the policy.
policy_idcorestringThe stable and unique string identifying the policy. For more information about IDs, see IAM identifiers in the IAM User Guide.
policy_namecorestringThe friendly name (not ARN) identifying the policy.
policy_versioncorejson
tagscorehstore
update_datecoretimestampThe date and time, in ISO 8601 date-time format, when the policy was last updated. When a policy has only one version, this field contains the date and time when the policy was created. When a policy has more than one version, this field contains the date and time when the most recent policy version was created.