# AWS IAM Policies

### Setting IAM policies

> IAM policies define permissions for an action regardless of the method that you use to perform the operation.
>
> — [AWS documentation](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html)

## User IAM Policy

Describe what a user IAM policy is here and when to use it

## Admin IAM Policy

Describe what an admin IAM policy is here and when to use it

## Example IAM Policy

For more fine-grained control, you can set IAM policies. The following example sets a managed policy that limits the EC2 instance types to only several t2 and t3 instances. Note the use of the pipe symbol `|` to indicate that a multi-line JSON policy will follow.

{% tabs %}
{% tab title="🌐 Web UI" %}
Update your AWS account by entering the following pin the **IAM policy** field:

```json
|
    {
      "Version": "2012-10-17",
      "Statement": [
        {
          "Sid": "RequireLessThanXLInstanceType",
          "Effect": "Deny",
          "Action": "ec2:RunInstances",
          "Resource": "arn:aws:ec2:*:*:instance/*",
          "Condition": {
            "StringNotEquals": {
              "ec2:InstanceType": [
                "t2.nano",
                "t2.micro",
                "t2.small",
                "t2.medium",
                "t2.large",
                "t3.nano",
                "t3.micro",
                "t3.small",
                "t3.medium",
                "t3.large"
              ]
            }
          }
        }
      ]
    }
```

{% endtab %}

{% tab title="💻 Instruqt CLI" %}
Edit your `config.yml` file to include this content:

```json
aws_accounts:
- name: awsaccount
  iam_policy: |
    {
      "Version": "2012-10-17",
      "Statement": [
        {
          "Sid": "RequireLessThanXLInstanceType",
          "Effect": "Deny",
          "Action": "ec2:RunInstances",
          "Resource": "arn:aws:ec2:*:*:instance/",
          "Condition": {
            "StringNotEquals": {
              "ec2:InstanceType": [
                "t2.nano",
                "t2.micro",
                "t2.small",
                "t2.medium",
                "t2.large",
                "t3.nano",
                "t3.micro",
                "t3.small",
                "t3.medium",
                "t3.large"
              ]
            }
          }
        }
      ]
    }
```

{% endtab %}
{% endtabs %}

{% hint style="info" %}
See [IAM](https://docs.aws.amazon.com/IAM/latest/UserGuide/introduction.html) on the AWS docs site for more information.
{% endhint %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.instruqt.com/sandboxes/cloud-accounts/aws-accounts/aws-iam-policies.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.