The growing number of security threats have made cloud security one of the most crucial parameters for users. Therefore, it is necessary to take certain steps regarding Identity and Access Management (IAM) policies to ensure the security of your deployed AWS resources.
An inline policy is one that is attached with an IAM identity (such as a user, group, or role). Inline policies are the inherent part of the associated identity. It is up to the user as to when will the created policy be embedded in a identity, during creation of the identity or after that.
An IAM policy is a feature in AWS that is associated with an identity or resource to define the permissions for the said identity or resource. Users manage access in AWS by creating policies and attaching them to IAM identities (users, group of users, or roles) or AWS resources.
There are three different types of IAM policies available — Managed Policies, Customer Managed Policies, and Inline Policies.
Managed Policies are created and managed by AWS while Customer Managed Policies, as the name suggests, are standalone policies that are managed by users in their respective AWS accounts.
Inline policy is an IAM policy that is actually embedded within the identity. Don’t forget that there is strict one-on-one relationship between the entity and the policy.
Managed Policies are recommended over Inline Policy. This is because managed policies are reusable. Managed policies can be implemented as versions.
A new change to an existing policy creates a new version that is useful in comparing changes. More advantages of managed policies over inline policies include — versioning, roll back, delegating permission management etc.