--- title: How to Create a Policy url: https://docs.vultr.com/platform/iam/policies/how-to-create-a-policy description: Create a new IAM policy on Vultr with a structured policy document. Define actions, effects, and resources to control access to cloud infrastructure. publish_date: 2026-03-24T19:52:07.086703Z last_updated: 2026-06-01T20:46:44.603358Z --- Policies in Vultr's IAM system are the smallest unit of permission. A policy contains a policy document that defines which actions are allowed or denied on which resources. Policies can be attached directly to users and groups, or bundled into roles for reusable permission sets. A policy document follows a structured format with a `Version`, and one or more `Statement` blocks. Each statement specifies an `Action` (the operations permitted), an `Effect` (`Allow` or `Deny`), and a `Resource` (the target resources, or `*` for all). For the complete list of actions you can use in a policy document, see the [IAM Policy Actions Reference](https://docs.vultr.com/platform/iam/policies/iam-policy-actions-map). Follow this guide to create a policy using the Vultr Console, the Vultr API, or Terraform. === "Vultr Console" 1. Log in to the [Vultr Console](https://console.vultr.com). 1. Click the organization name in the top navigation bar. 1. Click **Manage Organization**. 1. Click the **Permission Policies** tab. 1. Click the **+** button to add a new policy. 1. Enter a **Name** and optional **Description** for the policy. 1. Select a service category (such as Instance, Database, or Load Balancers) and set **Allow** or **Deny** for each category. Use **Select all** to apply to all actions in a category. 1. Repeat for additional service categories as needed. 1. Click **Add Permission Policy**. The new policy appears in the Permission Policies list. === "Vultr API" 1. Send a `POST` request to the [**Create Policy** endpoint](https://www.vultr.com/api/#tag/iam/operation/create-iam-policy) to create a new policy. Replace `POLICY-NAME` and `POLICY-DESCRIPTION` with your values. Replace `ACTION` with one or more actions from the [IAM Policy Actions Reference](https://docs.vultr.com/platform/iam/policies/iam-policy-actions-map), separated by commas. Set `Resource` to `*` to apply to all resources. ```console $ curl "https://api.vultr.com/v2/policies" \ -X POST \ -H "Authorization: Bearer ${VULTR_API_KEY}" \ -H "Content-Type: application/json" \ -d '{ "name": "POLICY-NAME", "description": "POLICY-DESCRIPTION", "policy_document": { "Version": "2026-03-20", "Statement": [ { "Action": [ "ACTION" ], "Effect": "Allow", "Resource": "*" } ] } }' ``` To restrict permissions to specific resources instead of all resources, use the `type:id` format in the `Resource` field. Replace `RESOURCE-TYPE` with the resource type (such as `instance`, `database`, `vpc`, `loadbalancer`, `kubernetes`, or `baremetal`) and `RESOURCE-ID` with the resource's unique identifier. You can specify multiple resources separated by commas. ```console $ curl "https://api.vultr.com/v2/policies" \ -X POST \ -H "Authorization: Bearer ${VULTR_API_KEY}" \ -H "Content-Type: application/json" \ -d '{ "name": "POLICY-NAME", "description": "POLICY-DESCRIPTION", "policy_document": { "Version": "2026-03-20", "Statement": [ { "Action": [ "ACTION" ], "Effect": "Allow", "Resource": [ "RESOURCE-TYPE:RESOURCE-ID" ] } ] } }' ``` A successful request returns an HTTP `201 Created` response. Note the `id` of the policy for future operations. 1. Send a `GET` request to the [**Read Policy** endpoint](https://www.vultr.com/api/#tag/iam/operation/get-iam-policy) to retrieve the policy details. Replace `{policy-id}` with the id returned from the creation request. ```console $ curl "https://api.vultr.com/v2/policies/{policy-id}" \ -X GET \ -H "Authorization: Bearer ${VULTR_API_KEY}" ``` The response contains the resource details. === "Terraform" 1. Ensure the [Vultr Terraform provider](https://registry.terraform.io/providers/vultr/vultr/latest/docs) is configured in your Terraform project. 1. Define the policy resource. Replace `POLICY-NAME`, `POLICY-DESCRIPTION`, and `ACTION` with your values. Refer to the [IAM Policy Actions Reference](https://docs.vultr.com/platform/iam/policies/iam-policy-actions-map) for the full list of available actions. ```hcl resource "vultr_organization_policy" "my_policy" { name = "POLICY-NAME" description = "POLICY-DESCRIPTION" document { version = "2026-03-20" statement { effect = "Allow" actions = ["ACTION"] resources = ["*"] } } } ``` To add multiple statements, expand the `document` block with additional `statement` blocks. Wildcards are supported at the `service.resource.*` level (for example, `compute.instance.*` or `account.billing.*`). 1. Apply the configuration. ```console $ terraform apply ``` Verify that the output shows `vultr_organization_policy.my_policy: Creation complete`. Note the policy ID from the Terraform state for use in attachment resources.