Create a new IAM policy on Vultr with a structured policy document. Define actions, effects, and resources to control access to cloud infrastructure.
Policies in Vultr's IAM system are the smallest unit of permission. A policy contains a policy document that defines which actions are allowed or denied on which resources. Policies can be attached directly to users and groups, or bundled into roles for reusable permission sets.
A policy document follows a structured format with a Version, and one or more Statement blocks. Each statement specifies an Action (the operations permitted), an Effect (Allow or Deny), and a Resource (the target resources, or * for all).
For the complete list of actions you can use in a policy document, see the IAM Policy Actions Reference.
Follow this guide to create a policy using the Vultr Console, the Vultr API, or Terraform.
Log in to the Vultr Console.
Click the organization name in the top navigation bar.
Click Manage Organization.
Click the Permission Policies tab.
Click the + button to add a new policy.
Enter a Name and optional Description for the policy.
Select a service category (such as Instance, Database, or Load Balancers) and set Allow or Deny for each category. Use Select all to apply to all actions in a category.
Repeat for additional service categories as needed.
Click Add Permission Policy.
The new policy appears in the Permission Policies list.
Send a POST request to the Create Policy endpoint to create a new policy. Replace POLICY-NAME and POLICY-DESCRIPTION with your values. Replace ACTION with one or more actions from the IAM Policy Actions Reference, separated by commas. Set Resource to * to apply to all resources.
$ curl "https://api.vultr.com/v2/policies" \
-X POST \
-H "Authorization: Bearer ${VULTR_API_KEY}" \
-H "Content-Type: application/json" \
-d '{
"name": "POLICY-NAME",
"description": "POLICY-DESCRIPTION",
"policy_document": {
"Version": "2026-03-20",
"Statement": [
{
"Action": [
"ACTION"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
}'
To restrict permissions to specific resources instead of all resources, use the type:id format in the Resource field. Replace RESOURCE-TYPE with the resource type (such as instance, database, vpc, loadbalancer, kubernetes, or baremetal) and RESOURCE-ID with the resource's unique identifier. You can specify multiple resources separated by commas.
$ curl "https://api.vultr.com/v2/policies" \
-X POST \
-H "Authorization: Bearer ${VULTR_API_KEY}" \
-H "Content-Type: application/json" \
-d '{
"name": "POLICY-NAME",
"description": "POLICY-DESCRIPTION",
"policy_document": {
"Version": "2026-03-20",
"Statement": [
{
"Action": [
"ACTION"
],
"Effect": "Allow",
"Resource": [
"RESOURCE-TYPE:RESOURCE-ID"
]
}
]
}
}'
A successful request returns an HTTP 201 Created response.
Note the id of the policy for future operations.
Send a GET request to the Read Policy endpoint to retrieve the policy details. Replace {policy-id} with the id returned from the creation request.
$ curl "https://api.vultr.com/v2/policies/{policy-id}" \
-X GET \
-H "Authorization: Bearer ${VULTR_API_KEY}"
The response contains the resource details.
Ensure the Vultr Terraform provider is configured in your Terraform project.
Define the policy resource. Replace POLICY-NAME, POLICY-DESCRIPTION, and ACTION with your values. Refer to the IAM Policy Actions Reference for the full list of available actions.
resource "vultr_organization_policy" "my_policy" {
name = "POLICY-NAME"
description = "POLICY-DESCRIPTION"
document {
version = "2026-03-20"
statement {
effect = "Allow"
actions = ["ACTION"]
resources = ["*"]
}
}
}
To add multiple statements, expand the document block with additional statement blocks. Wildcards are supported at the service.resource.* level (for example, compute.instance.* or account.billing.*).
Apply the configuration.
$ terraform apply
Verify that the output shows vultr_organization_policy.my_policy: Creation complete. Note the policy ID from the Terraform state for use in attachment resources.