Develop
EngineVersion 1iamClasses

iam:Policy

Base class for access control policies.

Extends: matrix:Resource

Policies define permissions or prohibitions for accessing actions.

Properties

iam:action (optional)

The IAM action(s) this policy applies to.

Policy action must reference an IAM Action if specified

Specific iam:Action(s) such as act:InvokeAction, secrets:ResolveSecret, os:ReadStatement, os:WriteStatement. When omitted, policy applies to any action.

Values:

  • iam:Assume: IAM action for assuming an assumable resource (agent or role).

iam:condition (optional)

Conditions that must be satisfied for this policy to apply.

condition must reference a Condition

Multiple conditions on a policy are ANDed together.

iam:effect (required, max 1)

Whether this policy allows or denies access.

Policy must have exactly one effect (Allow or Deny)

Values:

  • iam:Allow: The policy permits the action.
  • iam:Deny: The policy prohibits the action.

iam:IdentityPolicy

A policy attached to a role defining what actions the role can perform.

iam:PolicyEffect

The effect of a policy evaluation - either allow or deny.

On this page

Propertiesiam:action (optional)iam:condition (optional)iam:effect (required, max 1)