IAM Inline Policy

What is the advantage of assigning an inline policy to an user so that he has access to policy simulator access ?
  • post-author-pic
    Craig A

    Hello Sanjay. Excellent question. Inline policies are useful if you want to maintain a strict one-to-one relationship between a policy and the principal entity that it's applied to. For example, you want to be sure that the permissions in a policy are not inadvertently assigned to a principal entity other than the one they're intended for. When you use an inline policy, the permissions in the policy cannot be inadvertently attached to the wrong principal entity. In addition, when you use the AWS Management Console to delete that principal entity, the policies embedded in the principal entity are deleted as well. That's because they are part of the principal entity.

    So, in the scenario you mention, maybe you only want one user to have access to the policy simulator. Now that could be any resource the policy simulator is just an example I used in the course. There is nothing about the policy simulator that dictates that you have to use an inline policy. 

    But if you have a resource that you only want a specific user or perhaps a couple users to have access to, then an inline policy is a good choice.

Looking For Team Training?

Learn More