All the example code for the Amazon Web Services (AWS) SDK for Python is available `here on GitHub <https://github.com/awsdocs/aws-doc-sdk-examples/tree/master/python/example_code>`_.
For more information about IAM policies, see `Overview of Access Management: Permissions and Policies <http://docs.aws.amazon.com/IAM/latest/UserGuide/introduction_access-management.html>`_
in the IAM User Guide.
Prerequisite Task
=================
To set up and run this example, you must first configure your AWS credentials, as described in :doc:`quickstart`.
Create an IAM Policy
====================
Create a new managed policy for your AWS account.
This operation creates a policy version with a version identifier of :code:`v1` and sets :code:`v1`
as the policy's default version. For more information about policy versions, see
`Versioning for Managed Policies <http://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-versioning.html>`_
All the example code for the Amazon Web Services (AWS) SDK for Python is available `here on GitHub <https://github.com/awsdocs/aws-doc-sdk-examples/tree/master/python/example_code>`_.
Example
-------
..code-block:: python
import json
import boto3
# Create IAM client
iam = boto3.client('iam')
# Create a policy
my_managed_policy = {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "logs:CreateLogGroup",
"Resource": "RESOURCE_ARN"
},
{
"Effect": "Allow",
"Action": [
"dynamodb:DeleteItem",
"dynamodb:GetItem",
"dynamodb:PutItem",
"dynamodb:Scan",
"dynamodb:UpdateItem"
],
"Resource": "RESOURCE_ARN"
}
]
}
response = iam.create_policy(
PolicyName='myDynamoDBPolicy',
PolicyDocument=json.dumps(my_managed_policy)
)
print(response)
Get an IAM Policy
=================
Get information about the specified managed policy, including the policy's default version and
the total number of IAM users, groups, and roles to which the policy is attached. To get the
list of the specific users, groups, and roles that the policy is attached to, use the
:code:`list_entities_for_policy` API. This API returns metadata about the policy. To get the actual policy
document for a specific version of the policy, use :code:`get_policy_version` API.
This API gets information about managed policies. To get information about an inline policy
that is embedded with an IAM user, group, or role, use the :code:`get_user_policy`, :code:`get_group_policy`,