Creating Amazon Verified Permissions policy templates

You can create policy templates in Verified Permissions using the AWS Management Console, the AWS CLI, or the AWS SDKs. Policy templates allow a policy to be defined once and then used with multiple principals and resources. Once you create a policy template you can then create template-linked policies to use the policy templates with specific principals and resources. For more information, see Creating Amazon Verified Permissions template-linked policies.

AWS Management Console

To create a policy template

Open the Verified Permissions console. Choose your policy store.
In the navigation pane on the left, choose Policy templates.
Choose Create policy template.
In the Details section, type a Policy template description.
In the Policy template body section, use placeholders ?principal and ?resource to allow policies created based on this template to customize permissions they grant. You can choose Format to format the syntax of your policy template with the recommended spacing and indentation.
Choose Create policy template.

AWS CLI

To create a policy template

You can create a policy template by using the CreatePolicyTemplate operation. The following example creates a policy template with a placeholder for the principal.

The file template1.txt contains the following.


"VacationAccess"
permit(
    principal in ?principal,
    action == Action::"view",
    resource == Photo::"VacationPhoto94.jpg"
);


$ aws verifiedpermissions create-policy-template \
    --description "Template for vacation picture access" 
    --statement file://template1.txt 
    --policy-store-id PSEXAMPLEabcdefg111111
{
    "createdDate": "2023-05-18T21:17:47.284268+00:00",
    "lastUpdatedDate": "2023-05-18T21:17:47.284268+00:00",
    "policyStoreId": "PSEXAMPLEabcdefg111111",
    "policyTemplateId": "PTEXAMPLEabcdefg111111"
}

To create a policy template with a policy template name

You can optionally specify a policy template name when creating a policy template. The name must be unique for all policy templates within the policy store and prefixed with name/. You can use the name in place of the policy template ID.


$ aws verifiedpermissions create-policy-template \
    --description "Template for vacation picture access" \
    --statement file://template1.txt \
    --policy-store-id PSEXAMPLEabcdefg111111 \
    --name name/example-policy-template
{
    "createdDate": "2023-06-12T20:47:42.804511+00:00",
    "lastUpdatedDate": "2023-06-12T20:47:42.804511+00:00",
    "policyStoreId": "PSEXAMPLEabcdefg111111",
    "policyTemplateId": "PTEXAMPLEabcdefg111111"
}

Note

If you specify a name that is already associated with another policy template in the policy store, you receive a ConflictException error.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Policy templates and template-linked policies

Creating template-linked policies