Creates a new managed policy for your AWS account.
This operation creates a policy version with a version identifier of v1 and sets v1 as the policy's default version. For more information about policy versions, see Versioning for Managed Policies in the IAM User Guide.
For more information about managed policies in general, see Managed Policies and Inline Policies in the IAM User Guide.
\n\n\nResult\n------\n{\n \"policy\": {\n \"policyName\": {\n \"type\": \"string\",\n \"max\": 128,\n \"min\": 1,\n \"pattern\": \"[\\\\w+=,.@-]+\"\n },\n \"policyId\": {\n \"type\": \"string\",\n \"max\": 128,\n \"min\": 16,\n \"pattern\": \"[\\\\w]+\"\n },\n \"arn\": {\n \"type\": \"string\",\n \"documentation\": \"The Amazon Resource Name (ARN). ARNs are unique identifiers for AWS resources.
For more information about ARNs, go to Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.
\",\n \"max\": 2048,\n \"min\": 20\n },\n \"path\": {\n \"type\": \"string\",\n \"pattern\": \"((/[A-Za-z0-9\\\\.,\\\\+@=_-]+)*)/\"\n },\n \"defaultVersionId\": {\n \"type\": \"string\",\n \"pattern\": \"v[1-9][0-9]*(\\\\.[A-Za-z0-9-]*)?\"\n },\n \"attachmentCount\": {\n \"type\": \"integer\"\n },\n \"permissionsBoundaryUsageCount\": {\n \"type\": \"integer\"\n },\n \"isAttachable\": {\n \"type\": \"boolean\"\n },\n \"description\": {\n \"type\": \"string\",\n \"max\": 1000\n },\n \"createDate\": {\n \"type\": \"timestamp\"\n },\n \"updateDate\": {\n \"type\": \"timestamp\"\n }\n }\n}\n```\n\n\n### Writing a CloudCustodian policy\nWhen you view a event response using this tool you can translate it easily into a a CloudCustodian policy:\n\n```\n# cloudtrail-schema iam.CreatePolicy.output\n\nDescription\n------\nCreates a new managed policy for your AWS account.
This operation creates a policy version with a version identifier of v1 and sets v1 as the policy's default version. For more information about policy versions, see Versioning for Managed Policies in the IAM User Guide.
For more information about managed policies in general, see Managed Policies and Inline Policies in the IAM User Guide.
\n\n\nResult\n------\n{\n \"policy\": {\n \"policyName\": {\n \"type\": \"string\",\n \"max\": 128,\n \"min\": 1,\n \"pattern\": \"[\\\\w+=,.@-]+\"\n },\n \"policyId\": {\n \"type\": \"string\",\n \"max\": 128,\n \"min\": 16,\n \"pattern\": \"[\\\\w]+\"\n },\n \"arn\": {\n \"type\": \"string\",\n \"documentation\": \"The Amazon Resource Name (ARN). ARNs are unique identifiers for AWS resources.
For more information about ARNs, go to Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.
\",\n \"max\": 2048,\n \"min\": 20\n },\n \"path\": {\n \"type\": \"string\",\n \"pattern\": \"((/[A-Za-z0-9\\\\.,\\\\+@=_-]+)*)/\"\n },\n \"defaultVersionId\": {\n \"type\": \"string\",\n \"pattern\": \"v[1-9][0-9]*(\\\\.[A-Za-z0-9-]*)?\"\n },\n \"attachmentCount\": {\n \"type\": \"integer\"\n },\n \"permissionsBoundaryUsageCount\": {\n \"type\": \"integer\"\n },\n \"isAttachable\": {\n \"type\": \"boolean\"\n },\n \"description\": {\n \"type\": \"string\",\n \"max\": 1000\n },\n \"createDate\": {\n \"type\": \"timestamp\"\n },\n \"updateDate\": {\n \"type\": \"timestamp\"\n }\n }\n}\n\n```\n\nYou use the argument to decide the mode.events.source and mode.events.event:\n\nsource: iam.amazonaws.com\nevent: CreatePolicy\n\nFull example:\n\n```yaml\npolicies:\n - name: iam-has-allow-all-policy\n description: |\n Notify when a policy is created using allow all\n resource: iam-policy\n mode:\n type: cloudtrail\n events:\n - source: iam.amazonaws.com\n event: CreatePolicy\n ids: \"responseElements.policy.policyId\"\n\n```\n\nThe json returned from the app can be used to write filters. The json returned\nis the same as the structure available from responseElements. You can write the \nfollowing policy as an example:\n\nRunning: ```cloudtrail-schema ec2.CreateVpcPeeringConnection.output``` results in\n\n```\nDescription\n------\nRequests a VPC peering connection between two VPCs: a requester VPC that you own and an accepter VPC with which to create the connection. The accepter VPC can belong to another AWS account and can be in a different Region to the requester VPC. The requester VPC and accepter VPC cannot have overlapping CIDR blocks.
Limitations and rules apply to a VPC peering connection. For more information, see the limitations section in the VPC Peering Guide.
The owner of the accepter VPC must accept the peering request to activate the peering connection. The VPC peering connection request expires after 7 days, after which it cannot be accepted or rejected.
If you create a VPC peering connection request between VPCs with overlapping CIDR blocks, the VPC peering connection has a status of failed.