# AWS IAM Policies ### Setting IAM policies > IAM policies define permissions for an action regardless of the method that you use to perform the operation. > > — [AWS documentation](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html) ## User IAM Policy Describe what a user IAM policy is here and when to use it ## Admin IAM Policy Describe what an admin IAM policy is here and when to use it ## Example IAM Policy For more fine-grained control, you can set IAM policies. The following example sets a managed policy that limits the EC2 instance types to only several t2 and t3 instances. Note the use of the pipe symbol `|` to indicate that a multi-line JSON policy will follow. {% tabs %} {% tab title="🌐 Web UI" %} Update your AWS account by entering the following pin the **IAM policy** field: ```json | { "Version": "2012-10-17", "Statement": [ { "Sid": "RequireLessThanXLInstanceType", "Effect": "Deny", "Action": "ec2:RunInstances", "Resource": "arn:aws:ec2:*:*:instance/*", "Condition": { "StringNotEquals": { "ec2:InstanceType": [ "t2.nano", "t2.micro", "t2.small", "t2.medium", "t2.large", "t3.nano", "t3.micro", "t3.small", "t3.medium", "t3.large" ] } } } ] } ``` {% endtab %} {% tab title="💻 Instruqt CLI" %} Edit your `config.yml` file to include this content: ```json aws_accounts: - name: awsaccount iam_policy: | { "Version": "2012-10-17", "Statement": [ { "Sid": "RequireLessThanXLInstanceType", "Effect": "Deny", "Action": "ec2:RunInstances", "Resource": "arn:aws:ec2:*:*:instance/", "Condition": { "StringNotEquals": { "ec2:InstanceType": [ "t2.nano", "t2.micro", "t2.small", "t2.medium", "t2.large", "t3.nano", "t3.micro", "t3.small", "t3.medium", "t3.large" ] } } } ] } ``` {% endtab %} {% endtabs %} {% hint style="info" %} See [IAM](https://docs.aws.amazon.com/IAM/latest/UserGuide/introduction.html) on the AWS docs site for more information. {% endhint %}