Generate AWS IAM Policies via Chat Interface with GPT-4 Assistant

Chat-Based AWS IAM Policy Generator with OpenAI Agent > Chat-driven workflow that lets IT and DevOps teams generate custom AWS IAM policies via AI, automatically apply them to AWS, and send an email notification with policy details. 👤 Who’s it for This workflow is designed for: Cloud Engineers / DevOps* who need to quickly generate and apply custom IAM policies* in AWS.
IT Support / Security teams* who want to create IAM policies through a chat-based interface* without manually writing JSON.
Teams that want automatic notifications (via email) once new policies are created.

⚙️ How it works / What it does Trigger → Workflow starts when a chat message is received.
IAM Policy Creator Agent → Uses OpenAI to: Interpret user requirements (e.g., service, actions, region).
Generate a valid IAM policy JSON following AWS best practices.
IAM Policy HTTP Request → Sends the generated policy to AWS IAM CreatePolicy API.
Email Notification → Once AWS responds with a CreatePolicyResponse, an email is sent with policy details (name, ARN, ID, timestamps, etc.) using n8n mapping.

Result: The user can chat with the AI agent, create a policy, and receive an email confirmation with full details.

🛠 How to set up Chat Trigger Node
Configure the When chat message received node to connect your preferred chat channel (Slack, MS Teams, Telegram, etc.).

IAM Policy Creator Agent
Add OpenAI Chat Model as the LLM.
Use a system prompt that enforces AWS IAM JSON best practices (least privilege, correct JSON structure).
Connect Memory (Simple Memory) and Structured Output Parser to ensure consistent JSON output.

IAM Policy HTTP Request
Set method: POST
URL: https://iam.amazonaws.com/
Add authentication using AWS Signature v4 (Access Key + Secret Key).
Body:
Action=CreatePolicy
PolicyName={{ $json.CreatePolicyResponse.CreatePolicyResult.Policy.PolicyName }}
PolicyDocument={{ $json.policyDocument }}
Version=2010-05-08

Email for tracking

📋 Requirements n8n instance (self-hosted or cloud).
AWS IAM user/role with permission to iam:CreatePolicy.
AWS Access Key + Secret Key (for SigV4 signing in HTTP request).
OpenAI API key (for the Chat Model).
Email server credentials (SMTP or provider integration).

🎨 How to customize the workflow Restrict services/actions** → Adjust the IAM Policy Creator Agent system prompt to limit what services/policies can be generated.
Notification channels** → Replace the email node with Slack, MS Teams, or PagerDuty to alert other teams.
Tagging policies** → Modify the HTTP request to include Tags when creating policies in AWS.
Human-readable timestamps** → Add a Function or Set node to convert CreateDate and UpdateDate from Unix epoch to ISO datetime before sending emails.
Approval step** → Insert a manual approval node before sending the policy to AWS for compliance workflows.