> For the complete documentation index, see [llms.txt](https://docs.forestall.io/fsprotect/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.forestall.io/fsprotect/search-and-reports/aws-iam-policy.md). # AWS IAM Policy ### AWS IAM Policy Fields | Field | Type | Possible Operators | Description | | ----------------------------- | ------- | -------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------- | | Guid | TEXT | LIKE, NOT\_LIKE, EQUAL, NOT\_EQUAL, IS\_EMPTY | A unique identifier that is a combination of the GUID of the selected Scan and the AWS IAM Policy's unique ID. | | FSName | TEXT | LIKE, NOT\_LIKE, EQUAL, NOT\_EQUAL, IS\_EMPTY | A special unique identifier that is a combination of the PolicyName and the AWS Account ID. | | Arn | TEXT | LIKE, NOT\_LIKE, EQUAL, NOT\_EQUAL, IS\_EMPTY | Amazon Resource Name that uniquely identifies this IAM policy across all of AWS. | | AccountId | TEXT | LIKE, NOT\_LIKE, EQUAL, NOT\_EQUAL, IS\_EMPTY | The AWS account ID that this IAM policy belongs to. Empty for AWS managed policies. | | Region | TEXT | LIKE, NOT\_LIKE, EQUAL, NOT\_EQUAL, IS\_EMPTY | The AWS region associated with this policy. | | OrganizationId | TEXT | LIKE, NOT\_LIKE, EQUAL, NOT\_EQUAL, IS\_EMPTY | The AWS Organizations ID that this policy's account belongs to. | | PolicyName | TEXT | LIKE, NOT\_LIKE, EQUAL, NOT\_EQUAL, IS\_EMPTY | The friendly name that identifies the IAM policy. | | Description | TEXT | LIKE, NOT\_LIKE, EQUAL, NOT\_EQUAL, IS\_EMPTY | A description of the policy provided by the administrator. | | Path | TEXT | LIKE, NOT\_LIKE, EQUAL, NOT\_EQUAL, IS\_EMPTY | The path to the policy in the IAM hierarchy. | | DefaultVersionId | TEXT | LIKE, NOT\_LIKE, EQUAL, NOT\_EQUAL, IS\_EMPTY | The identifier for the version of the policy that is set as the default version. | | PolicyType | TEXT | LIKE, NOT\_LIKE, EQUAL, NOT\_EQUAL, IS\_EMPTY | The type of the policy. Can be `Managed`, `Inline`, or `AWSManaged`. | | AttachmentCount | NUMBER | EQUAL, BETWEEN, SMALLER, LARGER, SMALLER\_EQUAL, LARGER\_EQUAL | The number of entities (users, groups, and roles) that the policy is attached to. | | PermissionsBoundaryUsageCount | NUMBER | EQUAL, BETWEEN, SMALLER, LARGER, SMALLER\_EQUAL, LARGER\_EQUAL | The number of entities that use this policy as their permissions boundary. | | IsAttachable | BOOLEAN | N/A | Indicates whether the policy can be attached to an IAM user, group, or role. | | IsAwsManaged | BOOLEAN | N/A | Indicates whether this is an AWS managed policy (pre-created and managed by AWS) as opposed to a customer managed policy. | | GrantsAdminPrivileges | BOOLEAN | N/A | Indicates whether the policy grants administrative privileges (e.g., contains `*:*` or equivalent wide permissions). | | UsesWildcards | BOOLEAN | N/A | Indicates whether the policy document contains wildcard characters (`*` or `?`) in actions or resources. | | AWSTier | NUMBER | EQUAL, BETWEEN, SMALLER, LARGER, SMALLER\_EQUAL, LARGER\_EQUAL | Privilege tier of the policy based on the permissions it grants. Higher values indicate more sensitive permissions. | | CreateDate | DATE | SMALLER, LARGER, BETWEEN, EQUAL | The date and time when the IAM policy was created. | | UpdateDate | DATE | SMALLER, LARGER, BETWEEN, EQUAL | The date and time when the policy's default version was last updated. | | ExposurePoint | NUMBER | EQUAL, BETWEEN, SMALLER, LARGER, SMALLER\_EQUAL, LARGER\_EQUAL | A numerical value indicating the level of exposure based on how many entities are affected by this policy. | | risk | NUMBER | EQUAL, BETWEEN, SMALLER, LARGER, SMALLER\_EQUAL, LARGER\_EQUAL | The risk score of the policy calculated based on vulnerability counts and severities. | --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.forestall.io/fsprotect/search-and-reports/aws-iam-policy.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.