Example IAM Policies

Customizable IAM policies across cloud providers to save you authoring time

POLICY

SCP: Prevent users from deleting Amazon VPC flow logs

This policy prevents principals from deleting EC2 flow logs or CloudWatch log gr...

Aug 09, 2022 by Ivan Dwyer

0
POLICY

SCP: Require a tag on specified created resources

This policy prevents principals from creating certain resource types if the requ...

Aug 09, 2022 by Ivan Dwyer

0
POLICY

SCP: Prevent users from disabling Amazon GuardDuty

This policy prevents principals from disabling GuardDuty or altering its configu...

Aug 09, 2022 by Ivan Dwyer

0
POLICY

SCP: Require Amazon EC2 instances to use a specific type

This policy requires any EC2 instance spun up be of the specified type

Aug 09, 2022 by Ivan Dwyer

0
POLICY

SCP: Prevent users from disabling AWS Config

This policy prevents any principals from disabling or modifying AWS Config or an...

Aug 09, 2022 by Ivan Dwyer

0
POLICY

SCP: Prevent users from disabling CloudWatch

This policy prevents any principals from disabling or modifying CloudWatch dashb...

Aug 09, 2022 by Ivan Dwyer

0
POLICY

SCP: Prevent member accounts from leaving the organization

This policy blocks use of the LeaveOrganization API operation so that administra...

Aug 09, 2022 by Ivan Dwyer

0
POLICY

SCP: Require MFA to perform an API action

This SCP requires MFA to be enabled for any principal requesting select API acti...

Aug 09, 2022 by Ivan Dwyer

0
POLICY

SCP: Prevent changes to an IAM Role

This SCP prevents principals from making IAM changes to a specified IAM Role

Aug 09, 2022 by Ivan Dwyer

0
POLICY

SCP: Deny access to AWS based on the requested AWS Region

This SCP denies access to any operations outside of the specified Regions.

Aug 09, 2022 by Ivan Dwyer

0
POLICY

AWS ECR Resource Policy: Block Outside Specific Public IP Ra...

Permits connection from only a specific public IP range

Mar 07, 2022 by Kyler Middleton

0
POLICY

AWS ECR: Permit Cross Account Image Upload

Grant n AWS accounts, any principal, to connect to ECR resource and upload image...

Mar 07, 2022 by Kyler Middleton

0
POLICY

AWS ECR: Permit Cross Account Image Download

Grant other accounts access to an ECR, account-wide

Feb 16, 2022 by Kyler Middleton

0
POLICY

Permit Access to Cross-Account Secret and KMS Key

Policy for principal (User, Service) to access cross-account secret and KMS CMK...

Feb 16, 2022 by Kyler Middleton

0
POLICY

S3: Permit Only CloudFront Specific Distribution

For public access, permit only specific CloudFront distribution

Feb 14, 2022 by Kyler Middleton

0
POLICY

Assume Role Trust Policy with Conditional to Limit to Specif...

IAM assume role trust policy which permits assuming only from specific role(s)

Feb 02, 2022 by Kyler Middleton

0
POLICY

Assume Role Trust Policy from EC2 Instance

Permit EC2 instance to assume IAM role with this trust policy

Feb 02, 2022 by Kyler Middleton

0
POLICY

Assume Role Policy to Permit ECS Task to Assume IAM Role

Trust policy on an IAM role to permit an ECS task (launched container) to assume...

Feb 02, 2022 by Kyler Middleton

0
POLICY

Allow Principals to Encrypt via KMS but Deny Decrypt via KMS

Secrets decryption is a sensitive operation and should not be done by most human...

Feb 01, 2022 by Daniel Popescu

0
POLICY

Limit S3 Web Access to Specific Public IPs

Useful for dev/stage web development, where site is stored in s3. Can use many p...

Jan 24, 2022 by Kyler Middleton

0
POLICY

Secrets Manager Secrets IAM Policy to Permit Multi-Account A...

Share Secrets Manager secret contents between accounts

Jan 21, 2022 by Kyler Middleton

0
POLICY

Allow Cross-Account KMS Key Decryption to Specific IAM Roles

Permits other account IAM roles to decrypt KMS key

Jan 21, 2022 by Kyler Middleton

0
POLICY

Default KMS policy for keys

Default policy which grants access to the root user to this KMS key.

Jan 21, 2022 by Kyler Middleton

0
POLICY

Permit User to Read/Write Specific Folder in S3 Bucket

Permit an IAM User to read and write to an S3 bucket

Jan 21, 2022 by Kyler Middleton

0

Publish With Us!

We’re always seeking fresh content from expert practitioners to extend our resource catalog across a wide range of topics. If you’re interested in publishing with us, fill out the form below and we’ll get in touch about the process.

For every member contributed article, we’ll donate $100 to your charity of choice!

Join the beta waitlist

Enter your email to get notified when our product becomes available to try.

Sign Up for the community

Create your member profile to get involved with our content, programs, and events.