How to create an IAM policy
An IAM policy is used to define the permissions of users, groups, and applications in a given Organization. A policy is composed of a principal (the user, group, or application to which it applies) and one or more IAM rules (which describe the permission sets the principal should have, and the scope of those permission sets).

Before you start
To complete the actions presented below, you must have:
- A Scaleway account logged into the console
- Owner status or IAM permissions allowing you to perform actions in the intended Organization
-
Click IAM & API keys on the top-right drop-down menu of the Scaleway console. The Users tab of the Identity and Access Management dashboard displays.
-
Click the Policies tab. A list of the Organization's existing policies displays:
-
Click Create policy. The creation wizard displays:
-
Complete the steps on the first page of the creation wizard:
- Enter a name for the policy,
- Add a tag (optional),
- Enter a description (optional),
- Select a principal, who will be the target of your policy. The principal should be the user, application, or group who you want to grant specific permissions to through this policy.
-
Click Add rules to progress to the next part of the policy creation wizard.
-
Select a scope for the rule:
- To give the principal permissions to view, create, edit and/or delete resources, select the Access to resources scope. Then, select the Project in which you want the permissions to apply. You can select from all current and future Projects, all current Projects or select specific Projects.
- To give the principal permissions to Organization-level features such as IAM, billing, support & abuse tickets and project management, select the Access to Organization features scope.
-
Click Validate to continue.
-
Choose the permission sets for the rule by selecting the required boxes. You can select as many permission sets as you like. The principal will have the rights defined in these permission sets within the scope you set in step 6. See our dedicated documentation for more help with permission sets.
-
Click Validate.
-
(Optional) Click + Add new to add one or more conditions. You can allow access to specific user agents or IP addresses, and allow actions to be performed only at certain dates and times.
-
Click Validate. The rule, with its scope and permission sets, is added to the list of the policy's rules.
-
Click Add new rule and repeat steps 6 to 8 as many times as required to add multiple rules to your policy.
-
Click Create policy to finish.
You are returned to the Policies tab, where the newly-created policy now appears in the list.