Creating a Managed Policy
You can create managed policies that you can then apply to users or groups. This enables you to create a library of policies in your account to manage permissions on your account.
After creating a managed policy, you need to attach it to a user or a group. For more information, see Attaching a Managed Policy to a User or a Group.
You can use versions to modify the permissions in a policy, which are automatically applied to all users and groups it is attached to. For more information, see Editing Managed Policies Using Policy Versions.
Creating a Managed Policy Using Cockpit v2
-
In the EIM Policies dashboard, click
Create Policy.
The CREATE EIM POLICY dialog box appears. -
In the Name field, type the name you want to give to the policy.
This name must be unique and must contain between 1 and 128 characters. Allowed characters are a-z, A-Z, 0-9, and +=,.@-_.
-
From the Permissions list, select:
-
Full access, to allow all actions for the OUTSCALE API.
-
Read-only, to give read-only permissions for all actions related to
ReadAPI calls, except accessing and reading the root user’s credentials. -
Read consumption account, to give the permission to get information about the account consumption only.
-
Custom policy, to type the policy directly in JSON format. For more information about the JSON structure, grammar, and elements to use for EIM policy documents, see EIM Reference Information.
-
-
Click Create.
The policy is created.
Creating a Managed Policy Using OSC CLI
|
See the CreatePolicy command sample in the documentation of the EIM API. |
Creating a Managed Policy Using AWS CLI
To create a new managed policy, use the create-policy command following this syntax:
$ aws iam create-policy \
--profile YOUR_PROFILE \
--policy-name MY_POLICY \
--path / \
--policy-document file://policy \
--description "Admin policy allowing all actions on all resources" \
--endpoint https://eim.eu-west-2.outscale.comThis command contains the following attributes that you need to specify:
-
(optional)
profile: The named profile you want to use, created when configuring AWS CLI. For more information, see Installing and Configuring AWS CLI. -
policy-name: The name of the policy you want to create.This name must be unique and must contain between 1 and 128 characters. Allowed characters are a-z, A-Z, 0-9, and +=,.@-_.
-
(optional)
path: The path for the policy (by default, set to a slash /). -
policy-document: The policy document, corresponding to a JSON string that contains the policy. For more information, see EIM Reference Information. -
(optional)
description: A description for the policy. -
endpoint: The endpoint corresponding to the Region you want to send the request to.
The create-policy command returns the following elements:
-
Policy: Information about the newly created policy. This element contains the following information:-
PolicyName: The name of the policy. -
PolicyId: The ID of the policy. -
Arn: The OUTSCALE Resource Name (ORN) of the policy. For more information, see Resource Identifiers. -
Path: The path for the policy. -
DefaultVersionId: The ID of the policy version set as the default one. -
AttachmentCount: The number of EIM identities (users or groups) that the policy is attached to. -
IsAttachable: Iftrue, the policy can be attached to an EIM identity. Iffalse, it cannot. -
CreateDate: The date and time of creation of the policy. -
UpdateDate: The date and time of the last update of the policy.
-
{
"Policy": {
"PolicyName": "MY_POLICY",
"PolicyId": "ABCDEF1GHIJKLMN2OP3QR",
"Arn": "arn:aws:iam::0123456789012:policy/my-policy",
"Path": "/",
"DefaultVersionId": "v1",
"AttachmentCount": 0,
"IsAttachable": true,
"CreateDate": "2018-05-12T18:43:14.524Z",
"UpdateDate": "2018-05-12T18:43:14.524Z"
}
}The policy is created and can be attached to EIM users or groups in your account.
Related Pages
Corresponding API Method
AWS™ and Amazon Web Services™ are trademarks of Amazon Technologies, Inc or its affiliates in the United States and/or other countries.