Home Cloud Amazon Web Services AWS IAM managed policy is recommended over inline policy

AWS IAM managed policy is recommended over inline policy


Nowadays, cloud security is one of the most crucial parameters for users due to the increasing number of security threats. It is, therefore, necessary to take certain steps regarding IAM policies to ensure the security of your deployed AWS resources.

What is AWS Inline policy?

An inline policy is a policy that is attached with an IAM identity (such as a user, group, or role). Inline policies are the inherent part of the identity associated. It is upto the user when will be the created policy is embedded in a identity, either when identity is created or later.

What is an IAM policy?

An IAM policy is an object in AWS that, when associated with an identity or resource, defines their permissions. User manage access in AWS by creating policies and attaching them to IAM identities (users, group of users, or roles) or AWS resources.

What is the difference between Managed Policy and Inline Policy?

There are three different types of IAM policies available, i.e., Managed Policies, Customer Managed Policies and Inline Policies.

Managed Policies are created and managed by AWS while Customer Managed Policies, as the name suggests, are standalone policies that are managed by users in their respective AWS account.

Inline policy is an IAM policy which is actually embedded within the identity. Don’t forget that there is strick one-on-one relationship between the entity and the policy.

Which one is better and why?

It is recommended to use managed policies instead of inline policy. This is because managed policies allow reusability. Managed policies can be implemented as versions.

A new change to existing policy creates a new version which is useful to compare changes. More advantages of managed policies over inline policies include versioning and rolling back, delegating permission management, etc.

Read more about inline policies here.

Cloud Evangelist
Cloud Evangelist
Cloud Evangelists are CMI's in house ambassadors for the entire Cloud ecosystem. They are responsible for propagating the doctrine of cloud computing and help community members make informed decisions.


Cloud Management