# Create IAM policy

1. Navigate to IAM in the AWS console

![](https://1075194167-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F7upncbzIm3grJePXaOO9%2Fuploads%2Fgit-blob-d6bf1d36c0eef0fc22846fa9a1ddf5110123500d%2F07c2b3989b5a0acb0152bfc595d14047abd2499f9566ccb0b5c75628f65c4708.png?alt=media)

2. Under **Access management** in the sidebar menu click **Policies**

![](https://1075194167-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F7upncbzIm3grJePXaOO9%2Fuploads%2Fgit-blob-d17eea4e56bad9bada721af67ee528a93d483ceb%2F10e3ca44f40122f294afeab604fd069843dab8c2143bc4e4bd06c8c3c5bc176f.png?alt=media)

3. Click **Create policy**

![](https://1075194167-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F7upncbzIm3grJePXaOO9%2Fuploads%2Fgit-blob-c7d8919334fc3cf5d64565da04e9c9f9728ae66c%2F124856d4593bba262d310ab426a1e64b791e76e99d6094683caf60fa0c7108fc.png?alt=media)

4. Select the **JSON** tab and delete the default text.
5. Copy and paste in the JSON below. Replace `<sqs arn>` with the SQS ARN you saved in an earlier step.\
   Using the example from this document `<sqs arn>` would be replaced with `arn:aws:sqs:us-east-2:307946633993:netflow1-queue`. Replace `<bucketname>` with your S3 bucket name created in a previous step.

{% tabs %}
{% tab title="JSON" %}

```json
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "VisualEditor0",
      "Effect": "Allow",
      "Action": [
        "sqs:DeleteMessage",
        "sqs:GetQueueUrl",
        "sqs:ReceiveMessage",
        "sqs:GetQueueAttributes",
        "s3:ListBucket*",
        "s3:GetObject*",
        "s3:DeleteObject*"
      ],
      "Resource": [
        "<sqs arn>",
        "arn:aws:s3:::<bucketname>/*",
        "arn:aws:s3:::<bucketname>"
      ]
    }
  ]
}
```

{% endtab %}
{% endtabs %}

6. The result should look like the following

![](https://1075194167-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F7upncbzIm3grJePXaOO9%2Fuploads%2Fgit-blob-a4dbbe11791896c42b43d01abf6482999ef057c0%2F3471420beb787e12d04f8bf2161a36f5f5c3ed97a6a5f837c321f2a93028aa2d.png?alt=media)

7. Click **Next**

![](https://1075194167-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F7upncbzIm3grJePXaOO9%2Fuploads%2Fgit-blob-511371294d3dc599bed4dd5e18cdee07a0602bde%2F67294cfb897f5969f64467564991a46d06afa29f449f0e40136054233efe472a.png?alt=media)

8. Give the policy a name

![](https://1075194167-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F7upncbzIm3grJePXaOO9%2Fuploads%2Fgit-blob-96f34d87c2dd3f243be0c12dd27ae2b1354f0e69%2Fb60eeda811566004b3b94726fa85f6366332b33c9a35f29674a078f214705dc8.png?alt=media)

9. Click **Create policy**

![](https://1075194167-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F7upncbzIm3grJePXaOO9%2Fuploads%2Fgit-blob-c8e735f33e8695c97d3bf078e32267d289b27d06%2F3ddd9536b91c7b4e62ec76c97cb7bc8adf23b9f2d29dd50dc62edf652daae8be.png?alt=media)