hands-on lab

Using the IAM Policy Simulator to Test IAM Policies

Up to 1h
Get guided in a real environmentPractice with a step-by-step scenario in a real, provisioned environment.
Learn and validateUse validations to check your solutions every step of the way.
See resultsTrack your knowledge and monitor your progress.


AWS Identity and Access Management (IAM) is a powerful mechanism for granting and controlling access when using the public AWS cloud. Policy management can easily become a complex task. AWS provides an IAM Policy Simulator to help you understand and test the effects of a policy without implementing them in a real AWS environment.

Learning how to use the AWS IAM Policy Simulator will help you craft IAM policies that follow best practices, such as the principle of least privilege.

In this hands-on lab, you will use the web-based IAM Policy Simulator to simulate a policy, and you will use the AWS CLI to simulate IAM policies.

Learning objectives

Upon completion of this intermediate-level lab, you will be able to:

  • Use the web-based IAM Policy Simulator to test controlling access to an Amazon S3 bucket by AWS region
  • Use the AWS CLI to simulate a policy that controls access through an AWS Organization
  • Use the AWS CLI to simulate policies that control access using tags

Intended audience

  • Candidates for the AWS Certified Security Specialty certification
  • Cloud Architects
  • Data Engineers
  • DevOps Engineers
  • Software Engineers


Familiarity with the following will be beneficial but is not required:

  • AWS Identity and Access Management (IAM)
  • AWS Organizations
  • Tagging in AWS

The following content can be used to fulfill the prerequisites:

About the author

Learning paths

Andrew is a Labs Developer with previous experience in the Internet Service Provider, Audio Streaming, and CryptoCurrency industries. He has also been a DevOps Engineer and enjoys working with CI/CD and Kubernetes.

He holds multiple AWS certifications including Solutions Architect Associate and Professional.

Covered topics

Lab steps

Logging In to the Amazon Web Services Console
Controlling Access to AWS Regions
Accessing the Code Editor
Simulating Policies With the AWS Command Line Interface
Simulating Tagging Policies