How to create and attach your first customer-managed policy in AWS IAM?

AWS Identity and Access Management or IAM is a service by AWS that helps you securely control access to an AWS resource. IAM is used to authorized and authenticate the permissions for particular services. 

AWS IAM’s access management part helps you in defining what a person or application is authenticated to do in an AWS account. You manage this access by creating policies and then these policies are attached to IAM identities such as user, group, or users or roles. Permissions associated with these policies determine whether the request is denied or allowed. 

IAM policies can be designed by Amazon or by customers for their own use. Here in this blog you will create your first customer-managed policy and will attach it to an IAM identity. This policy will allow an IAM test user to sign in directly to the AWS Management Console with read-only permissions. So let’s start!

Creating the policy

By default, IAM users do not have permission to perform any task in the AWS management console unless you allow it.  In this step, we will create an IAM policy that will allow any attached user to sign in to the AWS console. 

  1. Sign in to your AWS Console and open IAM.

     2. On the left side panel, click on Policies. And then click on Create Policy.

     3. Choose the JSON option and paste the following code there. 



    “Version”: “2012-10-17”,

    “Statement”: [ {

        “Effect”: “Allow”,

        “Action”: [





        “Resource”: “*”

    } ]



  4.  After that add some tags if you want otherwise move on to the review page. If you get any error         while creating the policy then visit this page.

   5.  On the Review page, type UsersReadOnlyAccessToIAMConsole as the policy name. Review         the policy and click on create policy

    6.  You can view your newly created policy in the managed policy tab. 

Attaching the policy

Now it’s time to attach the policy with a user or role. This will allow the user to inherit all the permissions associated with the policy. 

  1. On the IAM dashboard click on policies and in the search bar type the name of your policy – UsersReadOnlyAccessToIAMConsole
  2. Click on the policy action button and choose Attach. Then for Filter, choose Users.
  3. In the search bar, search for the user you want to attach the policy with and click on it.

Note: You can also create a test user in the AWS console which has no permissions. 

    4.  Click on the Attach Policy and your policy will be attached to the user. 

You can even test your policy by signing to the IAM console with the test user or the user you have attached the policy with. You will see that you can see the data but will not be able to perform any task because we gave read-only access. 

You have now successfully created your first customer-managed IAM policy and attached it to a user.

What do you think?

Written by DANN N


Leave a Reply

Your email address will not be published. Required fields are marked *