AWS IAM: What is a policy?

An AWS policy is a JSON object that defines permissions. You can use default AWS policies (about ~900 at the time of writing) or create your own policies and then assign them to different users, user groups or roles in your organization.

Example policies

Here’s the default AdministratorAccess policy:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "*",
            "Resource": "*"
        }
    ]
}

Here’s the AWSLambdaDynamoDBExecutionRole policy:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "dynamodb:DescribeStream",
                "dynamodb:GetRecords",
                "dynamodb:GetShardIterator",
                "dynamodb:ListStreams",
                "logs:CreateLogGroup",
                "logs:CreateLogStream",
                "logs:PutLogEvents"
            ],
            "Resource": "*"
        }
    ]
}