Home Cloud Amazon Web Services AWS IAM Managed Policy is Recommended Over Inline Policy

AWS IAM Managed Policy is Recommended Over Inline Policy


The growing number of security threats have made cloud security one of the most crucial parameters for users. Therefore, it is necessary to take certain steps regarding Identity and Access Management (IAM) policies to ensure the security of your deployed AWS resources.

What is AWS Inline policy?

An inline policy is one that is attached with an IAM identity (such as a user, group, or role). Inline policies are the inherent part of the associated identity. It is up to the user as to when will the created policy be embedded in a identity, during creation of the identity or after that.

What is an IAM policy?

An IAM policy is a feature in AWS that is associated with an identity or resource to define the permissions for the said identity or resource. Users manage access in AWS by creating policies and attaching them to IAM identities (users, group of users, or roles) or AWS resources.

What is the difference between Managed Policy and Inline Policy?

There are three different types of IAM policies available — Managed Policies, Customer Managed Policies, and Inline Policies.

Managed Policies are created and managed by AWS while Customer Managed Policies, as the name suggests, are standalone policies that are managed by users in their respective AWS accounts.

Inline policy is an IAM policy that is actually embedded within the identity. Don’t forget that there is strict one-on-one relationship between the entity and the policy.

Which one is better and why?

Managed Policies are recommended over Inline Policy. This is because managed policies are reusable. Managed policies can be implemented as versions.

A new change to an existing policy creates a new version that is useful in comparing changes. More advantages of managed policies over inline policies include — versioning, roll back, delegating permission management etc.

Read more about inline policies here.

Cloud Evangelist
Cloud Evangelist
Cloud Evangelists are CMI's in house ambassadors for the entire Cloud ecosystem. They are responsible for propagating the doctrine of cloud computing and help community members make informed decisions.


Cloud Management