IAM Policy Converter

Convert AWS IAM JSON policy documents into Terraform, CloudFormation, CDK TypeScript, or CDK Python snippets.

Choose IaC output format

IAM JSON policy

Converted Terraform policy

data "aws_iam_policy_document" "policy" {
  statement {
    sid = "ReadExampleBucket"
    effect = "Allow"
    actions = [
        "s3:GetObject",
        "s3:ListBucket"
      ]
    resources = [
        "arn:aws:s3:::example-bucket",
        "arn:aws:s3:::example-bucket/*"
      ]
  }
}

Convert IAM JSON policies into infrastructure as code

Paste an AWS IAM JSON policy document and convert it into Terraform, CloudFormation, CDK TypeScript, or CDK Python without uploading a file.

How to use the IAM policy converter

  1. Paste or edit a valid IAM JSON policy document in the editor.
  2. Select Terraform, CloudFormation, CDK TypeScript, or CDK Python as the target format.
  3. Copy the generated infrastructure-as-code snippet into your project.

Starting from scratch instead? Use the AWS IAM policy generator to build a policy from searchable AWS action metadata first. Reviewing an existing policy? Run it through the AWS IAM policy validator before converting it into infrastructure as code, or use the IAM policy tester to check expected allow and deny decisions.

Frequently asked questions

Which target formats does the IAM policy converter support?

The converter supports Terraform aws_iam_policy_document, CloudFormation YAML policy document snippets, CDK TypeScript, and CDK Python.

Does this validate IAM permissions?

No. The converter checks that the input is JSON shaped like an IAM policy document, then converts the standard policy fields. Review the resulting policy before applying it.

Can I convert identity policies and resource-based policies?

Yes. The converter supports standard IAM policy document fields such as Action, Resource, Principal, NotAction, NotResource, NotPrincipal, and Condition. Resource-based policies that include principals can be converted, and identity policies without principals can be converted too.

Does the Terraform output create an IAM policy resource?

No. Terraform output is a data "aws_iam_policy_document" "policy" block. Use its json attribute inside the IAM policy, role policy, bucket policy, queue policy, or topic policy resource that matches your use case.

Does the CDK output include imports or a full stack?

No. CDK output is a compact iam.PolicyDocument snippet only. Add the AWS CDK IAM import and attach the policy document to the construct that owns the policy in your stack.

Will the converted policy be identical to my pasted JSON?

The permissions should be represented with the same IAM fields, but formatting can change. Single values may be normalized into target-language lists or objects when that is the clearest representation for Terraform, CloudFormation, or CDK.

Does this make my policy least privilege?

No. The converter does not reduce permissions, replace wildcards, or decide whether an action/resource pair is safe. It converts the document you provide, so you should still review broad actions, wildcard resources, principals, and conditions before deploying it.

Do I need to upload a policy file?

No. Paste the IAM JSON policy directly into the editor. The tool is designed for copy-and-paste conversion, so there is no file upload step.

Related tools

AWS IAM Policy Generator

Generate AWS IAM policies from searchable action metadata and export ready-to-use JSON, Terraform, or CloudFormation snippets.

AWS IAM Policy Validator

Validate and test AWS IAM JSON policy documents with inline errors, warnings, and Access Analyzer-inspired security checks.

AWS IAM Policy Tester

Test AWS IAM policy decisions against expected allow and deny cases with action search and resource ARNs.

Next step

Want AWS engineering that feels this practical?

I build these tools to make AWS easier to manage. If this level of quality is what you want in your own cloud platform, Towards The Cloud can help with landing zones, infrastructure as code, security reviews, migrations, and cost optimization.

Explore AWS services
← Back to tools