AWS IAM Policy Validator

Validate and test AWS IAM JSON policy documents with inline errors, warnings, and Access Analyzer-inspired security checks.

IAM JSON policy

Validation findings

3 total

Errors

0

Warnings

3

Total

3

Validate and test IAM JSON policies before deployment

Paste or import an AWS IAM JSON policy to catch syntax errors, lint warnings, and common best-practice risks. Use it as an IAM policy validator or IAM policy tester before the policy reaches a pull request, Terraform apply, or AWS console change.

  1. Edit the policy, paste clipboard text, upload a JSON file, drop a JSON policy file into the editor, or choose one of the built-in example policies.
  2. Review underlined findings in the editor and the detailed finding cards next to the policy.
  3. Fix errors first, then review wildcard actions, wildcard resources, public principals, and broad allow patterns.

What the validator checks

The validator checks JSON parsing, IAM policy syntax, required statement structure, valid Effect values, and expected data types. It also highlights patterns to review before a policy needs to pass the official AWS policy validator, including wildcard actions, wildcard resources, public principals, broad iam:PassRole permissions, and risky Allow statements that use NotAction or NotResource.

Keep validation in your policy workflow

Use the AWS IAM policy generator when you need to build a policy from action metadata, then use this validator to review the JSON. If you need infrastructure as code output, send the reviewed policy through the IAM policy converter.

Frequently asked questions

What checks does this IAM policy validator run?

It checks JSON parsing, IAM policy document syntax, package lint warnings, and local best-practice warnings for broad actions, wildcard resources, public principals, iam:PassRole on all roles, and broad allow statements that use NotAction or NotResource.

Which examples are included in the IAM policy tester?

The examples menu includes five identity policies and five resource policies. Identity policy examples cover wildcard resources, broad iam:PassRole, missing statements, invalid effects, broad service actions, and NotAction. Resource policy examples cover public principals, invalid action data types, organization conditions, invalid trust policy effects, and wildcard KMS administration.

Why do the sample policies contain findings?

The samples intentionally include errors and warnings so you can see how the findings system behaves. Some examples are intentionally not least privilege, and some include IAM policy syntax issues, so the editor can demonstrate inline highlights, line numbers, and finding cards for different policy problems.

Does this call AWS Access Analyzer?

No. The validator runs locally in the browser and does not need AWS credentials. It follows the same practical split AWS documents for policy validation: errors must be fixed, while warnings and suggestions help improve security and maintainability.

Do uploaded policy files leave my browser?

No. Dropped JSON files and clipboard imports are read into the local editor so the policy can be checked in the page. You do not need to upload the policy to a server.

What is the difference between errors and warnings?

Errors indicate invalid JSON or IAM policy syntax that AWS may reject. Warnings highlight valid policy patterns that deserve review, such as wildcard resources or public principals.

Does this prove my policy is least privilege?

No. The validator can surface risky patterns, but it cannot know every workload requirement. Review each permission against the application, resource ARNs, trust boundaries, and deployment context.

Related tools

IAM Policy Converter

Convert AWS IAM JSON policy documents into Terraform, CloudFormation, CDK TypeScript, or CDK Python snippets.

AWS IAM Policy Generator

Generate AWS IAM policies from searchable action metadata and export ready-to-use JSON, Terraform, or CloudFormation snippets.

Amazon Resource Names (ARNs) Reference

Search AWS service prefixes and Amazon Resource Name formats for IAM policies and resource references.

Next step

Want AWS engineering that feels this practical?

I build these tools to make AWS easier to manage. If this level of quality is what you want in your own cloud platform, Towards The Cloud can help with landing zones, infrastructure as code, security reviews, migrations, and cost optimization.

Explore AWS services
← Back to tools