Manage IAM policies
IAM gives you the tools to create and manage all types of IAM policies (managed policies and inline policies). To add permissions to an IAM identity (IAM user, group, or role), you create a policy, validate the policy, and then attach the policy to the identity. You can attach multiple policies to an identity, and each policy can contain multiple permissions.
Topics
- Additional resources
- Define custom IAM permissions with customer managed policies
- IAM policy validation
- IAM policy testing with the IAM policy simulator
- Adding and removing IAM identity permissions
- Versioning IAM policies
- Edit IAM policies
- Delete IAM policies
- Refine permissions in AWS using last accessed information
Additional resources
The following resources can help you learn more about AWS policies.
-
For more information about the different types of IAM policies, see Policies and permissions in AWS Identity and Access Management.
-
For general information about using policies within IAM, see Access management for AWS resources.
-
For information about how to use IAM Access Analyzer to generate an IAM policy that is based on access activity for an entity, see IAM Access Analyzer policy generation.
-
For information about how permissions are evaluated when multiple policies are in effect for a given IAM identity, see Policy evaluation logic.
-
The number and size of IAM resources in an AWS account are limited. For more information, see IAM and AWS STS quotas.