Attaching an Identity Policy to a Principal

You can attach an identity policy to an IAM identity (IAM user, user group, agency, or trust agency) when authorizing the IAM identity. You can also directly attach an identity policy to a principal (which is also IAM identity in this section). To attach an identity policy directly to IAM identities in other cases, do as follows. For details about how to authorize an IAM identity, see Assigning Permissions to an IAM User.

Procedure

Log in to the new IAM console.
In the navigation pane, click Identity Policies.
Click the name of the target identity policy. On the displayed details page, click the Policy Usage tab.

Figure 1 Attaching an identity policy
Click Attach and select the principal to whom the policy will be attached. The principals can be users, user groups, agencies, and trust agencies.

Figure 2 Selecting principals
Click OK to attach the identity policy to the principals.

Figure 3 Identity policy attached to the principals
Go back to the Policy Usage tab and confirm that the identity policy has been attached to the principals.

Figure 4 Identity policy attached to the principals
The administrator can then view or modify the principals' permissions.

Detaching an Identity Policy from Principals

Log in to the new IAM console.
In the navigation pane, click Identity Policies.
Click the name of the target identity policy. On the displayed details page, click the Policy Usage tab.

Figure 5 Viewing the attachment of an identity policy
Click Detach and select the principals to detach the policy from.

Figure 6 Detaching the policy
Click OK to detach the identity policy from the principals.

Figure 7 Identity policy detached from the principals