By using AWS re:Post, you agree to the AWS re:Post Terms of Use

Managed policy not appearing in IAM console

0

I've created an IAM policy using the CLI but I can't find the new policy using the console so I can't attach it to a role.

Any ideas? I'm stumped!

The command to create is:

aws iam create-policy --policy-name launch.bots.ai --policy-document file://policy.json --description "Policy for launching bots"

The policy.json file contains:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                 "cloudfront:*",
                 "lambda:*",
             ],
            "Resource": "*"
        }
    ]
}

and the response suggests that the policy is created OK:

{
    "Policy": {
        "PolicyName": "launch.bots.ai",
        "PolicyId": "AN1234567GHAEKHD",
        "Arn": "arn:aws:iam::211125494760:policy/launch.bots.ai",
        "Path": "/",
        "DefaultVersionId": "v1",
        "AttachmentCount": 0,
        "PermissionsBoundaryUsageCount": 0,
        "IsAttachable": true,
        "CreateDate": "2024-11-22T11:13:23+00:00",
        "UpdateDate": "2024-11-22T11:13:23+00:00"
    }
}

I'm sure it's there, because if I try to create a policy with the same name I get a "policy already exists" and I can retrieve it with:

aws iam list-policies --scope Local --query "Policies[?PolicyName=='launch.bots.ai']"
asked 16 days ago29 views
2 Answers
1
Accepted Answer

If you've created an IAM policy using the CLI but can't find it in the IAM console, there are a few things to check:

  1. Refresh the IAM console: Sometimes, the console may not immediately reflect changes made via CLI. Try refreshing your browser or logging out and back in to the AWS Management Console.

  2. Check the policy scope: Ensure you're looking in the correct section of the IAM console. Customer managed policies are listed separately from AWS managed policies. Look for a section labeled "Customer managed" or "Custom" policies.

  3. Verify the AWS account: Make sure you're logged into the same AWS account in the console as the one you used when creating the policy via CLI.

  4. Check for pagination: If you have many policies, the one you're looking for might not be on the first page. Use the search function or navigate through the pages to find your policy.

  5. Wait a few minutes: There can sometimes be a slight delay in propagation of changes across AWS services. If you've just created the policy, wait a few minutes and try again.

  6. Confirm the policy name: Double-check that the policy name in the console matches exactly what you specified in the CLI command ("launch.bots.ai" in this case).

If you've verified all these points and still can't see the policy, you may want to try listing the policies using the AWS CLI again to confirm it exists, and then compare the output with what you see in the console. If the discrepancy persists, you might want to contact AWS support for further assistance.
Sources
Create IAM policies (console) - AWS Identity and Access Management
AWS Identity and Access Management simplifies policy management
IAM tutorial: Create and attach your first customer managed policy - AWS Identity and Access Management

profile picture
answered 16 days ago
profile picture
EXPERT
reviewed 16 days ago
0

User error: refreshing the console made the new policy appear :)

answered 16 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions