Create an IAM Policy

Create custom IAM policies in Prisma Cloud to monitor your AWS, Azure, or GCP environments to enforce identity management best practices.
Prisma Cloud provides the ability to create custom IAM policies to fulfill your organization’s IAM requirements. You can build a new IAM policy based on the
config from iam
RQL query and monitor the identities across your cloud environment.
  1. Select
    Policies
    Add Policy
    IAM
    .
  2. Enter your policy details—
    Policy Name
    and
    Severity
    .
    (Optional) You can choose to add
    Description
    and
    Labels
    .
  3. Click
    Next
    and build your RQL query.
    The default option of
    New Search
    enables you to build a new RQL query from scratch while
    Saved Search
    enables you to use a RQL query that you previously saved. The following RQL query returns the net effective permissions of a user in your cloud account named
    my-user
    :
    config from iam where source.cloud.service.name = 'iam' and source.cloud.resource.type = 'user' and source.cloud.resource.name = 'my-user'
    A green check mark displays if you entered a valid query.
  4. Click the search button.
  5. Save
    the policy.
    After you successfully create your new policy, it displays on the
    Policies
    page.
    Refer to the IAM Query reference to learn about IAM Query attributes and to see examples.
  6. Use the
    Filter
    to search for custom or default (out-of-the-box) policies.

Recommended For You