iam:PassRole
Literal appearances in AWS managed IAM policies. Statements that use wildcards (for example s3:*) are not counted here. This is not an IAM authorization simulation.
Policies (any)
257
Allow (Action)
255
Deny (Action)
2
NotAction
5
Index generated 4/7/2026, 3:29:24 AM. 559 policies include at least one wildcard action string (any service).
Action reference
SAR-style (unofficial)Service: AWS Identity and Access Management (IAM)
Access level
Permissions managementDescription
Grants permission to pass a role to a service
Resource types
- role*
Allow (Action)
- AIOpsConsoleAdminPolicy
- AWS-SSM-DiagnosisAutomation-AdministrationRolePolicy
- AWS-SSM-DiagnosisAutomation-ExecutionRolePolicy
- AWS-SSM-RemediationAutomation-AdministrationRolePolicy
- AWS-SSM-RemediationAutomation-ExecutionRolePolicy
- AWSAppRunnerFullAccess
- AWSAppSyncAdministrator
- AWSApplicationAutoscalingRDSClusterPolicy
- AWSApplicationMigrationEC2Access
- AWSApplicationMigrationFullAccess
- AWSApplicationMigrationNetworkMigrationMultiAccount
- AWSApplicationMigrationServiceRolePolicy
- AWSB9InternalServicePolicy
- AWSBackupAdminPolicy
- AWSBackupFullAccess
- AWSBackupOperatorAccess
- AWSBackupOperatorPolicy
- AWSBackupServiceRolePolicyForBackup
- AWSBackupServiceRolePolicyForRestores
- AWSBackupServiceRolePolicyForScans
- AWSBatchFullAccess
- AWSBatchServiceRole
- AWSBatchServiceRolePolicyForSageMaker
- AWSBudgetsActionsWithAWSResourceControlAccess
- AWSCleanRoomsFullAccess
- AWSCleanRoomsFullAccessNoQuerying
- AWSCleanRoomsMLFullAccess
- AWSCloud9ServiceRolePolicy
- AWSCloudTrailFullAccess
- AWSCloudTrail_FullAccess
- AWSCodeDeployRoleForECS
- AWSCodeDeployRoleForECSLimited
- AWSCodePipeline_FullAccess
- AWSCodeStarServiceRole
- AWSConfigMultiAccountSetupPolicy
- AWSConfigRemediationServiceRolePolicy
- AWSControlTowerAccountServiceRolePolicy
- AWSControlTowerServiceRolePolicy
- AWSDataPipelineRole
- AWSDataPipeline_FullAccess
- AWSDataPipeline_PowerUser
- AWSDataSyncFullAccess
- AWSDeepLensServiceRolePolicy
- AWSDeepRacerCloudFormationAccessPolicy
- AWSDeepRacerServiceRolePolicy
- AWSEC2FleetServiceRolePolicy
- AWSEC2SpotFleetServiceRolePolicy
- AWSEC2SpotServiceRolePolicy
- AWSElasticBeanstalkFullAccess
- AWSElasticBeanstalkManagedUpdatesCustomerRolePolicy
- AWSElasticBeanstalkManagedUpdatesServiceRolePolicy
- AWSElasticBeanstalkRoleCore
- AWSElasticBeanstalkService
- AWSElasticDisasterRecoveryConsoleFullAccess
- AWSElasticDisasterRecoveryConsoleFullAccess_v2
- AWSElasticDisasterRecoveryLaunchActionsPolicy
- AWSElasticDisasterRecoveryServiceRolePolicy
- AWSElementalMediaConnectCreateFlow
- AWSElementalMediaConvertFullAccess
- AWSEntityResolutionConsoleFullAccess
- AWSFaultInjectionSimulatorSSMAccess
- AWSGlueConsoleFullAccess
- AWSGlueConsoleSageMakerNotebookFullAccess
- AWSGrafanaAccountAdministrator
- AWSHealthImagingFullAccess
- AWSImageBuilderFullAccess
- AWSIoTDeviceDefenderEnableIoTLoggingMitigationAction
- AWSIoTDeviceTesterForFreeRTOSFullAccess
- AWSIoTDeviceTesterForGreengrassFullAccess
- AWSIoTSiteWiseConsoleFullAccess
- AWSLambdaFullAccess
- AWSLambdaReplicator
- AWSLambdaReplicatorInternal
- AWSLambda_FullAccess
- AWSLicenseManagerMasterAccountRolePolicy
- AWSMarketplaceFullAccess
- AWSMarketplaceImageBuildFullAccess
- AWSMarketplaceSellerFullAccess
- AWSMarketplaceSellerProductsFullAccess
- AWSObservabilityAdminServiceRolePolicy
- AWSOpsWorksCMServiceRole
- AWSOpsWorksFullAccess
- AWSOpsWorksRegisterCLI
- AWSOpsWorksRole
- AWSOpsWorks_FullAccess
- AWSPCSServiceRolePolicy
- AWSPanoramaFullAccess
- AWSPanoramaServiceRolePolicy
- AWSPartnerCentralFullAccess
- AWSPartnerCentralSandboxFullAccess
- AWSProtonCodeBuildProvisioningServiceRolePolicy
- AWSProtonFullAccess
- AWSQuickSetupCFGCPacksPermissionsBoundary
- AWSQuickSetupDeploymentRolePolicy
- AWSQuickSetupDistributorPermissionsBoundary
- AWSQuickSetupEnableDHMCExecutionPolicy
- AWSQuickSetupJITNADeploymentRolePolicy
- AWSQuickSetupManagedInstanceProfileExecutionPolicy
- AWSQuickSetupPatchPolicyDeploymentRolePolicy
- AWSQuickSetupPatchPolicyPermissionsBoundary
- AWSQuickSetupSSMDeploymentRolePolicy
- AWSQuickSetupSSMHostMgmtPermissionsBoundary
- AWSQuickSetupSSMLifecycleManagementExecutionPolicy
- AWSQuickSetupSchedulerPermissionsBoundary
- AWSQuickSetupStartSSMAssociationsExecutionPolicy
- AWSQuickSetupStartStopInstancesExecutionPolicy
- AWSRoboMakerServicePolicy
- AWSRoboMakerServiceRolePolicy
- AWSRolesAnywhereFullAccess
- AWSSSOMasterAccountAdministrator
- AWSServiceCatalogAdminFullAccess
- AWSServiceRoleForAmazonEKSNodegroup
- AWSServiceRoleForGammaInternalAmazonEKSNodegroup
- AWSServiceRoleForImageBuilder
- AWSServiceRoleForSMS
- AWSServiceRolePolicyForBackupRestoreTesting
- AWSStepFunctionsConsoleFullAccess
- AWSSystemsManagerChangeManagementServicePolicy
- AWSSystemsManagerEnableConfigRecordingExecutionPolicy
- AWSThinkboxAWSPortalAdminPolicy
- AWSThinkboxDeadlineResourceTrackerAdminPolicy
- AWSThinkboxDeadlineSpotEventPluginAdminPolicy
- AWSTransferConsoleFullAccess
- AWSTransferFullAccess
- AWSTransformApplicationDeploymentPolicy
- AWSTransformApplicationECSDeploymentPolicy
- AdministratorAccess-AWSElasticBeanstalk
- AdministratorAccess-Amplify
- AmazonAppStreamFullAccess
- AmazonApplicationWizardFullaccess
- AmazonAugmentedAIFullAccess
- AmazonAugmentedAIIntegratedAPIAccess
- AmazonBedrockFullAccess
- AmazonBedrockMarketplaceAccess
- AmazonBraketFullAccess
- AmazonBraketJobsExecutionPolicy
- AmazonCloudWatchRUMFullAccess
- AmazonCodeCatalystFullAccess
- AmazonConnectServiceLinkedRolePolicy
- AmazonDataZoneEnvironmentRolePermissionsBoundary
- AmazonDataZoneFullAccess
- AmazonDataZoneGlueManageAccessRolePolicy
- AmazonDataZonePreviewConsoleFullAccess
- AmazonDataZoneProjectDeploymentPermissionsBoundary
- AmazonDataZoneProjectRolePermissionsBoundary
- AmazonDataZoneRedshiftGlueProvisioningPolicy
- AmazonDataZoneSageMakerEnvironmentRolePermissionsBoundary
- AmazonDataZoneSageMakerProvisioningRolePolicy
- AmazonDynamoDBFullAccess
- AmazonDynamoDBFullAccesswithDataPipeline
- AmazonEC2ContainerServiceEventsRole
- AmazonEC2ContainerServiceFullAccess
- AmazonEC2SpotFleetRole
- AmazonEC2SpotFleetTaggingRole
- AmazonECSInfrastructureRolePolicyForManagedInstances
- AmazonECS_FullAccess
- AmazonEKSComputePolicy
- AmazonEKSConnectorServiceRolePolicy
- AmazonEKSLocalOutpostServiceRolePolicy
- AmazonEMRFullAccessPolicy_v2
- AmazonEMRServicePolicy_v2
- AmazonESCognitoAccess
- AmazonElasticFileSystemFullAccess
- AmazonElasticFileSystemServiceRolePolicy
- AmazonElasticMapReduceFullAccess
- AmazonElasticMapReduceRole
- AmazonElasticTranscoder_FullAccess
- AmazonEventBridgeFullAccess
- AmazonEventBridgePipesFullAccess
- AmazonEventBridgeSchedulerFullAccess
- AmazonForecastFullAccess
- AmazonFraudDetectorFullAccessPolicy
- AmazonGuardDutyFullAccess
- AmazonGuardDutyFullAccess_v2
- AmazonHealthLakeFullAccess
- AmazonInspectorFullAccess
- AmazonKendraFullAccess
- AmazonKinesisAnalyticsFullAccess
- AmazonLaunchWizardFullAccessV2
- AmazonLaunchWizardFullaccess
- AmazonLaunchWizard_Fullaccess
- AmazonLexFullAccess
- AmazonLexReplicationPolicy
- AmazonLookoutEquipmentFullAccess
- AmazonLookoutMetricsFullAccess
- AmazonMSKFullAccess
- AmazonMechanicalTurkCrowdFullAccess
- AmazonOmicsFullAccess
- AmazonOpenSearchServiceCognitoAccess
- AmazonPersonalizeFullAccess
- AmazonQFullAccess
- AmazonQLDBConsoleFullAccess
- AmazonQLDBFullAccess
- AmazonRDSCustomPreviewServiceRolePolicy
- AmazonRDSCustomServiceRolePolicy
- AmazonRedshiftAllCommandsFullAccess
- AmazonS3TablesFullAccess
- AmazonSSMServiceRolePolicy
- AmazonSageMakerAdmin-ServiceCatalogProductsServiceRolePolicy
- AmazonSageMakerCanvasAIServicesAccess
- AmazonSageMakerCanvasDataPrepFullAccess
- AmazonSageMakerCanvasFullAccess
- AmazonSageMakerEdgeDeviceFleetPolicy
- AmazonSageMakerFullAccess
- AmazonSageMakerGeospatialFullAccess
- AmazonSageMakerHyperPodInferenceAccess
- AmazonSageMakerHyperPodObservabilityAdminAccess
- AmazonSageMakerModelRegistryFullAccess
- AmazonSageMakerPartnerServiceCatalogProductsCloudFormationServiceRolePolicy
- AmazonSageMakerPipelinesIntegrations
- AmazonSageMakerServiceCatalogProductsCloudformationServiceRolePolicy
- AmazonSageMakerServiceCatalogProductsCodeBuildServiceRolePolicy
- AmazonSageMakerServiceCatalogProductsCodePipelineServiceRolePolicy
- AmazonSageMakerServiceCatalogProductsLambdaServiceRolePolicy
- AmazonSageMakerSpacesControllerPolicy
- AmazonSecurityLakeAdministrator
- AmazonWorkMailFullAccess
- ApplicationDiscoveryServiceContinuousExportServiceRolePolicy
- AutoScalingServiceRolePolicy
- AwsGlueDataBrewFullAccessPolicy
- AwsGlueSessionUserRestrictedNotebookPolicy
- AwsGlueSessionUserRestrictedPolicy
- BatchServiceRolePolicy
- BedrockAgentCoreFullAccess
- CloudWatchEventsFullAccess
- CloudWatchFullAccessV2
- CloudWatchOpenSearchDashboardsFullAccess
- CloudWatchSyntheticsFullAccess
- ConfigConformsServiceRolePolicy
- DBModProvisioningAndMigration
- DataScientist
- DatabaseAdministrator
- EC2FastLaunchFullAccess
- EC2FastLaunchServiceRolePolicy
- EC2FleetTimeShiftableServiceRolePolicy
- NeptuneConsoleFullAccess
- NeptuneFullAccess
- NetworkAdministrator
- PartnerCentralAccountManagementUserRoleAssociation
- ROSAInstallerPolicy
- ROSANodePoolManagementPolicy
- SageMakerStudioAdminIAMConsolePolicy
- SageMakerStudioAdminIAMDefaultExecutionPolicy
- SageMakerStudioAdminIAMPermissiveExecutionPolicy
- SageMakerStudioEMRServiceRolePolicy
- SageMakerStudioFullAccess
- SageMakerStudioProjectProvisioningRolePolicy
- SageMakerStudioProjectUserRolePermissionsBoundary
- SageMakerStudioProjectUserRolePolicy
- SageMakerStudioUserIAMDefaultExecutionPolicy
- SageMakerStudioUserIAMPermissiveExecutionPolicy
- ServerMigrationServiceLaunchRole
- ServerMigrationServiceRole
- ServerMigration_ServiceRole
- SystemAdministrator
Thanks to Ian McKay for iam-dataset (MIT), structured data derived from the AWS Service Authorization Reference. Not maintained by AWS and not guaranteed current. IAMTrail's managed policy archive is separate.
Definitions bundle generated 4/7/2026, 3:29:24 AM