IAM Policy Converter

Convert AWS IAM JSON policy documents into Terraform, CloudFormation, CDK TypeScript, or CDK Python snippets.

Choose IaC output format

IAM JSON policy

Converted Terraform policy

data "aws_iam_policy_document" "policy" {
  statement {
    sid = "ReadExampleBucket"
    effect = "Allow"
    actions = [
        "s3:GetObject",
        "s3:ListBucket"
      ]
    resources = [
        "arn:aws:s3:::example-bucket",
        "arn:aws:s3:::example-bucket/*"
      ]
  }
}

Convert IAM JSON policies into infrastructure as code

Paste an AWS IAM JSON policy document and convert it into Terraform, CloudFormation, CDK TypeScript, or CDK Python without uploading a file.

How to use the IAM policy converter

  1. Paste or edit a valid IAM JSON policy document in the editor.
  2. Select Terraform, CloudFormation, CDK TypeScript, or CDK Python as the target format.
  3. Copy the generated infrastructure-as-code snippet into your project.

Starting from scratch instead? Use the AWS IAM policy generator to build a policy from searchable AWS action metadata first.

Frequently asked questions

Which target formats does the IAM policy converter support?

The converter supports Terraform aws_iam_policy_document, CloudFormation YAML policy document snippets, CDK TypeScript, and CDK Python.

Does this validate IAM permissions?

No. The converter checks that the input is JSON shaped like an IAM policy document, then converts the standard policy fields. Review the resulting policy before applying it.

Can I convert identity policies and resource-based policies?

Yes. The converter supports standard IAM policy document fields such as Action, Resource, Principal, NotAction, NotResource, NotPrincipal, and Condition. Resource-based policies that include principals can be converted, and identity policies without principals can be converted too.

Does the Terraform output create an IAM policy resource?

No. Terraform output is a data "aws_iam_policy_document" "policy" block. Use its json attribute inside the IAM policy, role policy, bucket policy, queue policy, or topic policy resource that matches your use case.

Does the CDK output include imports or a full stack?

No. CDK output is a compact iam.PolicyDocument snippet only. Add the AWS CDK IAM import and attach the policy document to the construct that owns the policy in your stack.

Will the converted policy be identical to my pasted JSON?

The permissions should be represented with the same IAM fields, but formatting can change. Single values may be normalized into target-language lists or objects when that is the clearest representation for Terraform, CloudFormation, or CDK.

Does this make my policy least privilege?

No. The converter does not reduce permissions, replace wildcards, or decide whether an action/resource pair is safe. It converts the document you provide, so you should still review broad actions, wildcard resources, principals, and conditions before deploying it.

Do I need to upload a policy file?

No. Paste the IAM JSON policy directly into the editor. The tool is designed for copy-and-paste conversion, so there is no file upload step.

Related tools

AWS IAM Policy Generator

Generate AWS IAM policies from searchable action metadata and export ready-to-use JSON, Terraform, or CloudFormation snippets.

Amazon VPC Endpoint policy generator

Generate VPC endpoint policies from AWS Policy Generator action metadata and export JSON, Terraform, or CloudFormation snippets.

Amazon SQS Policy Generator

Generate SQS queue policies from AWS Policy Generator action metadata and export JSON, Terraform, or CloudFormation snippets.

Next step

Want AWS engineering that feels this practical?

I build these tools to make AWS easier to manage. If this level of quality is what you want in your own cloud platform, Towards The Cloud can help with landing zones, infrastructure as code, security reviews, migrations, and cost optimization.

Explore AWS services
← Back to tools