Creating a Managed Policy

You can create managed policies that you can then apply to users or groups. This enables you to create a library of policies in your account to manage permissions on your account.

After creating a managed policy, you need to attach it to a user or a group. For more information, see Attaching a Managed Policy to a User or a Group.

You can use versions to modify the permissions in a policy, which are automatically applied to all users and groups it is attached to. For more information, see Editing Managed Policies Using Policy Versions.

Creating a Managed Policy Using Cockpit v2

  1. In the EIM Policies dashboard, click IconAddFull Create Policy.
    The CREATE EIM POLICY dialog box appears.

  2. In the Name field, type the name you want to give to the policy.

    This name must be unique and must contain between 1 and 128 characters. Allowed characters are a-z, A-Z, 0-9, and +=,.@-_.

  3. From the Permissions list, select:

    • Full access, to allow all actions for the OUTSCALE API.

    • Read-only, to give read-only permissions for all actions related to Read API calls, except accessing and reading the root user’s credentials.

    • Read consumption account, to give the permission to get information about the account consumption only.

    • Custom policy, to type the policy directly in JSON format. For more information about the JSON structure, grammar, and elements to use for EIM policy documents, see EIM Reference Information and EIM Policy Generator.

  4. Click Create.
    The policy is created.

Creating a Managed Policy Using OSC CLI

The CreatePolicy command creates a managed policy to apply to a user.
This action creates a policy version and sets v1 as the default one.

Request sample
$ osc-cli api CreatePolicy --profile "default" \
    --Description "Example of description" \
    --Document '"{\"Statement\": [ {\"Effect\": \"Allow\", \"Action\": [\"*\"], \"Resource\": [\"*\"]} ]}"' \
    --Path "/example/" \
    --PolicyName "example-user-policy"

This command contains the following attributes that you need to specify:

  • Description: (optional) A description for the policy.

  • Document: The policy document, corresponding to a JSON string that contains the policy. This policy document can contain a maximum of 5120 non-whitespace characters. For more information, see EIM Reference Information and EIM Policy Generator.

  • DryRun: (optional) If true, checks whether you have the required permissions to perform the action.

  • Path: (optional) The path of the policy.

  • PolicyName: The name of the policy.

The CreatePolicy command returns the following elements:

  • Policy: Information about the policy.

    • CreationDate: The date and time (UTC) at which the policy was created.

    • Description: A friendly name for the policy (between 0 and 1000 characters).

    • IsLinkable: Indicates whether the policy can be linked to a group or an EIM user.

    • LastModificationDate: The date and time (UTC) at which the policy was last modified.

    • Orn: The OUTSCALE Resource Name (ORN) of the policy. For more information, see Resource Identifiers.

    • Path: The path to the policy.

    • PolicyDefaultVersionId: The ID of the policy default version.

    • PolicyId: The ID of the policy.

    • PolicyName: The name of the policy.

    • ResourcesCount: The number of resources attached to the policy.

  • ResponseContext: Information about the context of the response.

    • RequestId: The ID of the request.

Result sample
{
  "ResponseContext": {
    "RequestId": "0475ca1e-d0c5-441d-712a-da55a4175157"
  },
  "Policy": {
    "ResourcesCount": 0,
    "PolicyName": "example-user-policy",
    "PolicyDefaultVersionId": "v1",
    "Path": "/example/",
    "CreationDate": "2010-10-01T12:34:56.789+0000",
    "Description": "Example of description",
    "PolicyId": "ABCDEFGHIJKLMNOPQRSTUVWXYZ01234",
    "Orn": "orn:ows:idauth::012345678910:policy/example/example-user-policy",
    "IsLinkable": true,
    "LastModificationDate": "2010-10-01T12:34:56.789+0000"
  }
}

Creating a Managed Policy Using oapi-cli

The CreatePolicy command creates a managed policy to apply to a user.
This action creates a policy version and sets v1 as the default one.

Request sample
$ oapi-cli --profile "default" CreatePolicy \
    --Description "Example of description" \
    --Document --jsonstr-file "policy.json" \
    --Path "/example/" \
    --PolicyName "example-user-policy"

This command contains the following attributes that you need to specify:

  • Description: (optional) A description for the policy.

  • Document: The policy document, corresponding to a JSON string that contains the policy. This policy document can contain a maximum of 5120 non-whitespace characters. For more information, see EIM Reference Information and EIM Policy Generator.

  • DryRun: (optional) If true, checks whether you have the required permissions to perform the action.

  • Path: (optional) The path of the policy.

  • PolicyName: The name of the policy.

The CreatePolicy command returns the following elements:

  • Policy: Information about the policy.

    • CreationDate: The date and time (UTC) at which the policy was created.

    • Description: A friendly name for the policy (between 0 and 1000 characters).

    • IsLinkable: Indicates whether the policy can be linked to a group or an EIM user.

    • LastModificationDate: The date and time (UTC) at which the policy was last modified.

    • Orn: The OUTSCALE Resource Name (ORN) of the policy. For more information, see Resource Identifiers.

    • Path: The path to the policy.

    • PolicyDefaultVersionId: The ID of the policy default version.

    • PolicyId: The ID of the policy.

    • PolicyName: The name of the policy.

    • ResourcesCount: The number of resources attached to the policy.

  • ResponseContext: Information about the context of the response.

    • RequestId: The ID of the request.

Result sample
{
  "ResponseContext": {
    "RequestId": "0475ca1e-d0c5-441d-712a-da55a4175157"
  },
  "Policy": {
    "ResourcesCount": 0,
    "PolicyName": "example-user-policy",
    "PolicyDefaultVersionId": "v1",
    "Path": "/example/",
    "CreationDate": "2010-10-01T12:34:56.789+0000",
    "Description": "Example of description",
    "PolicyId": "ABCDEFGHIJKLMNOPQRSTUVWXYZ01234",
    "Orn": "orn:ows:idauth::012345678910:policy/example/example-user-policy",
    "IsLinkable": true,
    "LastModificationDate": "2010-10-01T12:34:56.789+0000"
  }
}

Creating a Managed Policy Using AWS CLI

Before you begin: Install and configure AWS CLI. For more information, see Installing and Configuring AWS CLI.

To create a new managed policy, use the create-policy command following this syntax:

Request sample
$ aws iam create-policy \
    --profile YOUR_PROFILE \
    --policy-name MY_POLICY \
    --path / \
    --policy-document file://policy \
    --description "Admin policy allowing all actions on all resources" \
    --endpoint https://eim.eu-west-2.outscale.com

This command contains the following attributes that you need to specify:

  • (optional) profile: The named profile you want to use, created when configuring AWS CLI. For more information, see Installing and Configuring AWS CLI.

  • policy-name: The name of the policy you want to create.

    This name must be unique and must contain between 1 and 128 characters. Allowed characters are a-z, A-Z, 0-9, and +=,.@-_.

  • (optional) path: The path for the policy (by default, set to a slash /).

  • policy-document: The policy document, corresponding to a JSON string that contains the policy. This policy document can contain a maximum of 5120 non-whitespace characters. For more information, see EIM Reference Information and EIM Policy Generator.

  • (optional) description: A description for the policy.

  • endpoint: The endpoint corresponding to the Region you want to send the request to. For more information, see Installing and Configuring AWS CLI.

The create-policy command returns the following elements:

  • Policy: Information about the newly created policy. This element contains the following information:

    • PolicyName: The name of the policy.

    • PolicyId: The ID of the policy.

    • Arn: The OUTSCALE Resource Name (ORN) of the policy. For more information, see Resource Identifiers.

    • Path: The path for the policy.

    • DefaultVersionId: The ID of the policy version set as the default one.

    • AttachmentCount: The number of EIM identities (users or groups) that the policy is attached to.

    • IsAttachable: If true, the policy can be attached to an EIM identity. If false, it cannot.

    • CreateDate: The date and time of creation of the policy.

    • UpdateDate: The date and time of the last update of the policy.

Result sample
{
    "Policy": {
        "PolicyName": "MY_POLICY",
        "PolicyId": "ABCDEF1GHIJKLMN2OP3QR",
        "Arn": "arn:aws:iam::0123456789012:policy/my-policy",
        "Path": "/",
        "DefaultVersionId": "v1",
        "AttachmentCount": 0,
        "IsAttachable": true,
        "CreateDate": "2018-05-12T18:43:14.524Z",
        "UpdateDate": "2018-05-12T18:43:14.524Z"
    }
}

The policy is created and can be attached to EIM users or groups in your account.

Related Pages

Corresponding API Method

AWS™ and Amazon Web Services™ are trademarks of Amazon Technologies, Inc or its affiliates in the United States and/or other countries.

Export to PDF