Develop
EngineVersion 1iamClasses

iam:IdentityPolicy

A policy attached to a role defining what actions the role can perform.

Extends: iam:Policy

Identity policies are attached to roles via iam:hasIdentityPolicy. They specify which actions (or action patterns via conditions) the role is permitted or denied.

Properties

iam:action (optional)

The IAM action(s) this policy applies to.

Policy action must reference an IAM Action if specified

Specific iam:Action(s) such as act:InvokeAction, secrets:ResolveSecret, os:ReadStatement, os:WriteStatement. When omitted, policy applies to any action.

Values:

  • iam:Assume: IAM action for assuming an assumable resource (agent or role).

Inherited from parent class.

iam:condition (optional)

Conditions that must be satisfied for this policy to apply.

condition must reference a Condition

Multiple conditions on a policy are ANDed together.

Inherited from parent class.

iam:effect (required, max 1)

Whether this policy allows or denies access.

Policy must have exactly one effect (Allow or Deny)

Values:

  • iam:Allow: The policy permits the action.
  • iam:Deny: The policy prohibits the action.

Inherited from parent class.

iam:resource (optional)

The action(s) this identity policy grants or denies access to.

IdentityPolicy resource must be a valid resource if specified

Specific iam:Resource(s). When omitted, policy applies to any resource.

iam:IdentityConsumer

iam:IdentityConsumer from the iam matrix.

iam:Policy

Base class for access control policies.

On this page

Propertiesiam:action (optional)iam:condition (optional)iam:effect (required, max 1)iam:resource (optional)