Generating IAM Policies in Code

If you’ve worked with AWS Identity and Access Management (IAM) policies, you know that they’re expressed as JSON documents. For example, here’s a policy that grants permission to perform some actions in our Amazon Glacier storage service:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": [
        "glacier:ListVaults",
        "glacier:DescribeVault",
        "glacier:GetVaultNotifications"
      ],
      "Effect": "Allow",
      "Resource": "*"
    }
  ]

}

Our colleague Norm Johanson recently posted a great blog entry that shows how you can create policies programmatically using the AWS SDK. Instead of crafting the JSON by hand, you can use first-class, type-safe objects to create the policy and add actions and resources to it. You can then programmatically attach the policy to a user and serialize it into JSON automatically. And while Norm highlights the AWS SDK for .Net, it also is available in the AWS SDK for Java.

We hope you find this helpful!

– Jim