Latest Content

How to Create a Policy

Updated on 08 April, 2026

Create a new IAM policy on Vultr with a structured policy document. Define actions, effects, and resources to control access to cloud infrastructure.

Policies in Vultr's IAM system are the smallest unit of permission. A policy contains a policy document that defines which actions are allowed or denied on which resources. Policies can be attached directly to users and groups, or bundled into roles for reusable permission sets.

A policy document follows a structured format with a Version, and one or more Statement blocks. Each statement specifies an Action (the operations permitted), an Effect (Allow or Deny), and a Resource (the target resources, or * for all).

For the complete list of actions you can use in a policy document, see the IAM Policy Actions Reference.

This guide explains how to create a policy using the Vultr Console and the Vultr API.

  • Vultr Console
  • Vultr API

  1. Log in to the Vultr Console.

  2. Click the organization name in the top navigation bar.

  3. Click Manage Organization.

  4. Click the Permission Policies tab.

  5. Click the + button to add a new policy.

  6. Enter a Name and optional Description for the policy.

  7. Select a service category (such as Instance, Database, or Load Balancers) and set Allow or Deny for each category. Use Select all to apply to all actions in a category.

  8. Repeat for additional service categories as needed.

  9. Click Add Permission Policy.

    The new policy appears in the Permission Policies list.

  1. Send a POST request to the Create Policy endpoint to create a new policy. Replace POLICY-NAME and POLICY-DESCRIPTION with your values. Modify the Statement block to define the actions and resources for your use case.

    console 
    $ curl "https://api.vultr.com/v2/policies" \
    -X POST \
    -H "Authorization: Bearer ${VULTR_API_KEY}" \
    -H "Content-Type: application/json" \
    -d '{
        "name": "POLICY-NAME",
        "description": "POLICY-DESCRIPTION",
        "policy_document": {
            "Version": "2026-03-20",
            "Statement": [
                {
                    "Action": [
                        "compute.instance.List",
                        "compute.instance.Read"
                    ],
                    "Effect": "Allow",
                    "Resource": "*"
                }
            ]
        }
    }'

    A successful request returns an HTTP 201 Created response.

    Note the id of the policy for future operations.

  2. Send a GET request to the Read Policy endpoint to retrieve the policy details. Replace {policy-id} with the id returned from the creation request.

    console 
    $ curl "https://api.vultr.com/v2/policies/{policy-id}" \
    -X GET \
    -H "Authorization: Bearer ${VULTR_API_KEY}"

    The response contains the resource details.

Comments