diff --git a/src/constructs/iam/policies/base-policy.test.ts b/src/constructs/iam/policies/base-policy.test.ts
index fef7ed2f5..54d511cc9 100644
--- a/src/constructs/iam/policies/base-policy.test.ts
+++ b/src/constructs/iam/policies/base-policy.test.ts
@@ -51,6 +51,33 @@ describe("GuAllowPolicy", () => {
       },
     });
   });
+
+  test("auto-generates the logicalId by default", () => {
+    const stack = simpleGuStackForTesting();
+    attachPolicyToTestRole(
+      stack,
+      new GuAllowPolicy(stack, "AllowS3GetObject", {
+        actions: ["s3:GetObject"],
+        resources: ["*"],
+      })
+    );
+
+    expect(stack).toHaveResourceOfTypeAndLogicalId("AWS::IAM::Policy", /^AllowS3GetObject.+/);
+  });
+
+  test("overrides the logicalId when existingLogicalId is set in a migrating stack", () => {
+    const stack = simpleGuStackForTesting({ migratedFromCloudFormation: true });
+    attachPolicyToTestRole(
+      stack,
+      new GuAllowPolicy(stack, "AllowS3GetObject", {
+        actions: ["s3:GetObject"],
+        resources: ["*"],
+        existingLogicalId: "MyAwesomeAllowPolicy",
+      })
+    );
+
+    expect(stack).toHaveResourceOfTypeAndLogicalId("AWS::IAM::Policy", "MyAwesomeAllowPolicy");
+  });
 });
 
 describe("GuDenyPolicy", () => {
@@ -101,4 +128,31 @@ describe("GuDenyPolicy", () => {
       },
     });
   });
+
+  test("auto-generates the logicalId by default", () => {
+    const stack = simpleGuStackForTesting();
+    attachPolicyToTestRole(
+      stack,
+      new GuDenyPolicy(stack, "DenyS3GetObject", {
+        actions: ["s3:GetObject"],
+        resources: ["*"],
+      })
+    );
+
+    expect(stack).toHaveResourceOfTypeAndLogicalId("AWS::IAM::Policy", /^DenyS3GetObject.+/);
+  });
+
+  test("overrides the logicalId when existingLogicalId is set in a migrating stack", () => {
+    const stack = simpleGuStackForTesting({ migratedFromCloudFormation: true });
+    attachPolicyToTestRole(
+      stack,
+      new GuDenyPolicy(stack, "DenyS3GetObject", {
+        actions: ["s3:GetObject"],
+        resources: ["*"],
+        existingLogicalId: "MyAwesomeDenyPolicy",
+      })
+    );
+
+    expect(stack).toHaveResourceOfTypeAndLogicalId("AWS::IAM::Policy", "MyAwesomeDenyPolicy");
+  });
 });
diff --git a/src/constructs/iam/policies/base-policy.ts b/src/constructs/iam/policies/base-policy.ts
index e345f8956..8189884e8 100644
--- a/src/constructs/iam/policies/base-policy.ts
+++ b/src/constructs/iam/policies/base-policy.ts
@@ -1,21 +1,16 @@
-import type { CfnPolicy, PolicyProps } from "@aws-cdk/aws-iam";
+import type { PolicyProps } from "@aws-cdk/aws-iam";
 import { Effect, Policy, PolicyStatement } from "@aws-cdk/aws-iam";
+import { GuMigratableConstruct } from "../../../utils/mixin";
 import type { GuStack } from "../../core";
+import type { GuMigratingResource } from "../../core/migrating";
 
-export interface GuPolicyProps extends PolicyProps {
-  overrideId?: boolean;
-}
+export interface GuPolicyProps extends PolicyProps, GuMigratingResource {}
 
 export type GuNoStatementsPolicyProps = Omit<GuPolicyProps, "statements">;
 
-export abstract class GuPolicy extends Policy {
+export abstract class GuPolicy extends GuMigratableConstruct(Policy) {
   protected constructor(scope: GuStack, id: string, props: GuPolicyProps) {
     super(scope, id, props);
-
-    if (props.overrideId) {
-      const child = this.node.defaultChild as CfnPolicy;
-      child.overrideLogicalId(id);
-    }
   }
 }