Create a custom policy

This topic describes how to create a custom policy when the system policies cannot meet your requirements. Custom policies enable you to manage permissions in a more fine-grained manner and can satisfy different permission management requirements.

Prerequisites

You have been familiar with the basic structure and syntax of policies. For more information, see Policy elements.

Procedure

1. Log in to the IAM console.
2. In the left navigation pane, choose Permissions > Policies. The Policies page appears.
3. Click the Custom Policies tab.
4. Click Create Policy. On the Create Policy page, set the Policy and Remarks parameters in the Set Policy Information section.
5. Select a policy type in the Select Policy Type section.

   (1) Product Features / Project Permissions: IAM allows you to create a custom policy by selecting required services and features. This method is suitable for customers who need to control permissions but the requirements are not complex. (2) Visual configuration: We recommend that you preferentially create a custom policy in the visual configuration mode, which is easy and flexible. You only need to select services and actions, and specify resources. The system automatically generates the policy for you.
   (3) Policy grammar: You can create a custom policy by directly editing the policy document. This method enables you to control the permission granularity in a flexible way, and is suitable for customers who need more fine-grained permission control. (4) Authorization by tag: This method allows you to quickly assign tagged resources to users or groups.

6. Specify required information and click Next and Create strategy in sequence or directly click Create strategy.

What to do next

You can attach the custom policy to IAM users, groups, or roles.