> For the complete documentation index, see [llms.txt](https://docs.forestall.io/fsprotect/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.forestall.io/fsprotect/aws-identities/policies.md).

# Policies

**Policies**

The Policies page provides a list of enumerated IAM policies in the entire AWS environment. The list contains the Policy Type, Attachments, Admin Privileges, Wildcards, Risk Score, Exposure Point and Issue Counts.

<figure><img src="/files/JId3mh4mzh8TfsGZFHJ7" alt=""><figcaption><p>Policies</p></figcaption></figure>

***

**Policy Details**

Details page contains the Risk Score of the policy, Exposure Point, Information and Issues panes.

You can analyze objects in the Graph module by clicking the Visualize button on the upper left side of the Information Pane.

<figure><img src="/files/DKNdVMJTOv2ZltK4Id6e" alt=""><figcaption><p>Policy Details</p></figcaption></figure>

***

**Information**

Information Pane can contain different badges to highlight important attributes.

| Badge          | Description                                                                                                             |
| -------------- | ----------------------------------------------------------------------------------------------------------------------- |
| AWS Managed    | Indicates that the policy is managed by AWS and maintained by Amazon.                                                   |
| Custom Managed | Indicates that the policy is a customer-managed policy created within the AWS account.                                  |
| Inline Policy  | Indicates that the policy is embedded directly into a user, group, or role rather than existing as a standalone policy. |

Information Pane contains Details, Users, Groups, Roles and Policy Document tabs.

***

**Details**

Details tab contains attributes below about the IAM policy object.

| Attribute        | Description                                                                                 |
| ---------------- | ------------------------------------------------------------------------------------------- |
| Policy Name      | The name of the IAM policy, used for identification within AWS.                             |
| Policy ID        | The unique identifier assigned to the IAM policy by AWS.                                    |
| ARN              | The Amazon Resource Name that uniquely identifies the IAM policy across AWS.                |
| Account ID       | The AWS account ID that the IAM policy belongs to; shown as `aws` for AWS managed policies. |
| Description      | A user-defined or AWS-provided text field describing the policy's purpose.                  |
| Path             | The path associated with the IAM policy, used for organizational grouping.                  |
| Created          | The date and time when the IAM policy was created.                                          |
| Updated          | The most recent date and time the policy was modified.                                      |
| Default Version  | The currently active version of the policy document.                                        |
| Attachment Count | The number of IAM identities (users, groups, or roles) the policy is currently attached to. |
| Is Attachable    | Indicates whether the policy can be attached to IAM identities.                             |
| Object ID        | The unique identifier of the policy object, equivalent to the IAM Policy ID.                |

***

**Users**

Users tab contains a list of IAM users that the policy is directly attached to.

<figure><img src="/files/l9WhV9nAflcasy98LD68" alt=""><figcaption><p>Users</p></figcaption></figure>

***

**Groups**

Groups tab contains a list of IAM groups that the policy is attached to.

<figure><img src="/files/ru6QTmxNlXZNkhQriJau" alt=""><figcaption><p>Groups</p></figcaption></figure>

***

**Roles**

Roles tab contains a list of IAM roles that the policy is attached to.

<figure><img src="/files/xxZv05olkGnK2ZLnEt6I" alt=""><figcaption><p>Roles</p></figcaption></figure>

***

**Policy Document**

Policy Document tab displays the full JSON content of the IAM policy document, including all statements, actions, effects, and resources defined within the policy.

<figure><img src="/files/BOgSaD9y10eN5jcMTiSW" alt=""><figcaption><p>Policy Document</p></figcaption></figure>

***

**Issues**

Issues pane contains identified security issues on the IAM policy object.


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://docs.forestall.io/fsprotect/aws-identities/policies.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.