How do you add a comment to a json IAM policy?
IAM policy are complicated beasts. It would be nice to add a comment when crafting them. For example,
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1422979261000",
"Effect": "Allow",
"Action": [
"route53:ListHostedZones",
],
"Comment": "Foo"
# or Bar
"Resource": [
"*"
]
}
]
}
Neither of these work. Does there exist a way to add comments to these policies?
Answer
Hyper Anthony's answer is correct in the strict sense of 'comment' - however, in most situations you can at least use the Sid for pseudo comments to communicate the intent or any constraints etc.:
The Sid (statement ID) is an optional identifier that you provide for the policy statement. You can assign a Sid value to each statement in a statement array. In services that let you specify an ID element, such as SQS and SNS, the Sid value is just a sub-ID of the policy document's ID. In IAM, the Sid value must be unique within a policy. [emphasis mine]
This is e.g. exemplified by the use of TheseActionsSupportResourceLevelPermissions within the (very helpful) AWS blog post Demystifying EC2 Resource-Level Permissions:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "TheseActionsSupportResourceLevelPermissions",
"Effect": "Allow",
"Action": [
"ec2:RunInstances",
"ec2:TerminateInstances",
"ec2:StopInstances",
"ec2:StartInstances"
],
"Resource": "arn:aws:ec2:us-east-1:accountid:instance/*"
}
]
}
- As mentioned in Sid some services might require this element and have uniqueness requirements for it, but I haven't experienced resulting naming constraints yet.