Nowadays, cloud security is one of the most crucial parameters for users due to the increasing number of security threats. It is, therefore, necessary to take certain steps regarding IAM policies to ensure the security of your deployed AWS resources.
What is AWS IAM?
AWS IAM (Identity Access Management) is a web service that helps the users to secure, as well as, control access to their respective AWS resources. In other words, IAM is used to control who has signed in and has certain permissions to use which resources.
Inline policies Vs Managed Policy
AWS IAM inline policies are created and managed by users. Inline policies are embedded directly into a single entity (user, group or role). Inline policies are also useful if the user wants to maintain a strict one-to-one relationship between a policy and the principal entity that it is applied to. Hence, the deletion of the entity or resource will result in the deletion of inline policy as well.
On the other hand, a managed policy is a standalone policy that can be attached to multiple entities. Managed policies apply only to entities and not to resources. They have their own ARN (Amazon Resource Number).
Managed policies are of two types:
- AWS managed policies and
- Customer managed policies
A health tip for your AWS infrastructure: You should check the limit of your IAM policies in a group regularly.
Which one is better and why?
It is recommended to use managed policies instead of inline policy. This is because managed policies allow reusability. Managed policies can be implemented as versions.
A new change to existing policy creates a new version which is useful to compare changes. More advantages of managed policies over inline policies include versioning and rolling back, delegating permission management, etc.