Example IAM Policies

Permits connection from only a specific public IP range

Grant n AWS accounts, any principal, to connect to ECR resource and upload image...

Grant n other accounts access to this ECR, account-wide. Use more specific princ...

Policy for principal (User, Service) to access cross-account secret and KMS CMK...

For public access, permit only specific CloudFront distribution

IAM assume role trust policy which permits assuming only from specific role(s)

Permit EC2 instance to assume IAM role with this trust policy

Trust policy on an IAM role to permit an ECS task (launched container) to assume...

Secrets decryption is a sensitive operation and should not be done by most human...

Don't apply this policy - it will block all console and API access, and require...

Useful for dev/stage web development, where site is stored in s3. Can use many p...

Share Secrets Manager secret contents between accounts

Permits other account IAM roles to decrypt KMS key

Default policy which grants access to the root user to this KMS key.

Permit an IAM User ARN to read and write to an S3 bucket, works cross-account

When non-secure (http) access isn't permitted, secure (https) access can be requ...

You want to share many files publicly

This policy grants permissions to tag owners to select RDS resources they have t...

This policy allows a principal to perform any Get, List, or Generate action, whi...

This policy allows an IAM user to assume a role when a resource tag matches

This policy grants permissions to perform a specific action within a specific da...

This policy denies access to all AWS actions in the account when the request com...

This policy specifies that each Azure Storage account must be enabled for HTTPS

This policy binds a user in your GCP account to a specific role