Create a Policy
This procedure will show you how to create a policy or policies in the AWS Management Console.
- Login to the AWS Management Console. The AWS services page opens.
- Scroll down to the Security, Identity & Compliance section and select IAM. The Welcome to Identity and Access Management screen displays.
- From the dashboard, click Policies. A list of policies displays.
- Click Create policy. The Create Policy page opens.
- Go to the Complete IAM Policy topic.
- Navigate to the Method 2: Manual Role Creation section. Each button represents a policy for a core area of CloudCheckr functionality:
- For each policy that you want a cross-account role or IAM user to have access to, follow these steps:
- Click a button to open a selected policy and copy the contents.
- Return to the Create Policy page in the AWS Management Console.
- Click the JSON tab. The JSON tab opens, allowing you to create the policy using JSON syntax.
- Replace the text in the JSON tab with the policy you just copied.
For any DBR and CloudTrail policies that you create, make sure that you replace the default S3 bucket with the name of the new S3 bucket identified in the policy.
- Click Review policy.
The Review policy page opens.
- Type a name for the policy and click Create policy. A message at the top of the policy page indicates that your policy has been created.
- Select the policy from the list.
- From the Policy actions drop-down menu, select Attach. The Attach policy page opens.
- Select the checkbox(es) for each cross-account role or user you want to associate with the policy and click Attach policy.
Not seeing the cross-account role or user you want? Follow the appropriate instructions:A message pops up, indicating that the policy is now attached to your selection.
- To create a cross-account role automatically, go to the Creating AWS Credentials with CloudFormation topic.
- To create a cross-account role manually, go to the Create a Cross-Account Role Manually topic.
- To create an IAM group, go to the Create an IAM User Group topic.
- To create an IAM user, go to the Create an IAM User topic.