AWS IAM Policy to Allow All Operations except IAM

 

Below policy template can be used to provide access to a user or add policy to a role with below set of permissions.

• Allow all Services.
• Allow all Resources
• Allow all actions linked to every resource
• Except IAM all operations and actions.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": "*",
            "Resource": "*"
        },
        {
            "Sid": "VisualEditor1",
            "Effect": "Deny",
            "Action": "iam:*",
            "Resource": "*"
        }
    ]
}

I have spent time to explore little template, hope this finds you via google to save some of yours time.