IAM Policy Formatter

IAM & SecurityAWS

Pretty-print and format IAM policy JSON with proper indentation.

Last verified: April 2026

Policy JSON

Indent

Formatted Policy

Output will appear here...

How It Helps

IAM policy JSON documents often arrive as single-line strings from API responses, CloudTrail logs, or minified infrastructure templates, making them nearly impossible to read or review. This formatter applies consistent indentation, sorts keys in a logical order (Version, Statement, Effect, Action, Resource, Condition), and highlights syntax so you can quickly audit what a policy permits. Readable policies are essential for security reviews because a misplaced wildcard or missing condition is easy to miss in unformatted JSON.

Things Engineers Ask

Does formatting change the behavior of an IAM policy?

No. IAM policy evaluation is based entirely on the JSON structure, not whitespace or key ordering. Formatting only changes visual presentation — the effective permissions remain identical. However, consistent formatting can reveal issues like duplicate statements or overly broad Resource arrays that are hard to spot in compact JSON.

What is the maximum size for an IAM policy document?

AWS enforces different limits depending on the policy type. Managed policies can be up to 6,144 characters, inline policies on users are limited to 2,048 characters, and inline policies on roles and groups are limited to 10,240 characters. These limits apply to the JSON without whitespace, which is why formatting for readability does not affect whether a policy exceeds size limits.

In Practice

Your security team has flagged a PR with three new IAM policies totaling 200+ lines. The policies were exported directly from the AWS console and the JSON is a mess: random key ordering, inconsistent indentation. You paste each into the formatter and immediately spot that Statement 2 has Effect: Allow with Action: '*' and no Condition block. That's an admin-level wildcard buried 80 lines into unformatted JSON that the reviewer would have likely missed.

Practical Applications

1Reformatting policy JSON pulled from aws iam get-policy-version CLI output before committing it to version control
2Preparing IAM policies for team code reviews where consistent formatting reduces cognitive overhead
3Converting minified inline policies from CloudFormation or Terraform state files into human-readable format
4Standardizing policy formatting across an organization before importing policies into a policy-as-code repository

Behind the Scenes

The formatter parses the JSON input, then serializes it with 2-space indentation while applying a custom key sort order that mirrors the logical flow of IAM policy evaluation: first Version and Statement, then within each statement Effect before Action before Resource before Condition. This ensures the most security-critical fields appear first.

Things the Docs Don’t Tell You

TIP

Run your policies through the formatter before every code review. It's much easier to spot an overly broad 's3:*' action when each statement is on its own line with sorted keys.

TIP

The key ordering this tool uses (Version, Statement, Effect, Action, Resource, Condition) matches AWS documentation conventions, making it easier for reviewers to scan policies in a predictable pattern.

Related Learning Guides

AWS IAM Best Practices25 min read

Featured In

IAM Policy Mistakes That Get You Breached (Across All Clouds)

Was this tool helpful?

Disclaimer: This tool runs entirely in your browser. No data is sent to our servers. Always verify outputs before using them in production. AWS, Azure, and GCP are trademarks of their respective owners.