AWS IAM Permissions Explorer

What is IAM?

AWS Identity and Access Management (IAM) enables you to securely control access to AWS services and resources. With IAM, you can create and manage:

Users (Individual people or applications)
Groups (Collections of users)
Roles (Sets of permissions that can be assumed)
Policies (Documents that define permissions)

Interactive Policy Builder

Select Service:

Select Actions:

Select Resources:

Common IAM Patterns

Least Privilege Access

Only grant permissions that are absolutely necessary for the task at hand.

{ "Effect": "Allow", "Action": "s3:GetObject", "Resource": "arn:aws:s3:::my-bucket/readonly/*" }

Role-based Access

Use roles for applications and AWS services instead of individual IAM users.

{ "Effect": "Allow", "Action": "sts:AssumeRole", "Resource": "arn:aws:iam::ACCOUNT-ID:role/EC2-Role" }