Menu
AWS Identity and Access Management
User Guide

Working with Inline Policies

This section describes how to create and manage inline policies.

For information about managing managed policies, see Working with Managed Policies.

Working with Inline Policies using the AWS Management Console

To create an inline policy and embed it in a group, user, or role

  1. Sign in to the IAM console at https://console.aws.amazon.com/iam/.

  2. In the navigation pane, choose Groups, Users, or Roles.

  3. In the list, choose the name of the group, user, or role to embed a policy in.

  4. Choose the Permissions tab and, if necessary, expand the Inline Policies section.

  5. Choose Create Another Policy if in Groups, Create User Policy if in Users, or Create Role Policy if in Roles.

  6. Choose Policy Generator or Custom Policy, and then choose Select.

  7. Do one of the following:

    • If you chose Custom Policy, specify a name for the policy and create your policy document.

    • If you are using the policy generator to create your policy, select the appropriate Effect, AWS Service, and Actions options, enter the Amazon Resource Name ARN (if applicable), and add any conditions you want to include. Then choose Add Statement. You can add as many statements as you want to the policy. When you are finished adding statements, choose Next Step.

  8. Choose Validate Policy and ensure that no errors display in a red box at the top of the screen. Correct any that are reported.

    Note

    If Use autoformatting is selected, the policy is reformatted whenever you open a policy or choose Validate Policy.

  9. When you are satisfied with the policy, choose Apply Policy.

To view a policy or a list of all policies associated with a user, group, or role

  • In the navigation pane, choose Users, Groups, or Roles, choose the name of the entity to view, and then choose the Permissions tab.

To edit or delete an inline policy for a group, user, or role

  1. In the navigation pane, choose Groups, Users, or Roles.

  2. Choose the name of the group, user, or role with the policy you want to modify, and then choose the Permissions tab.

  3. To edit an inline policy, choose Edit Policy.

  4. To delete an inline policy, choose Remove Policy.

Working with Inline Policies using the AWS CLI or the IAM API

To list all inline policies that are embedded in a principal entity (user, group, or role)

To retrieve an inline policy document that is embedded in a principal entity (user, group, or role)

To embed an inline policy in a principal entity (user, group, or role)

To delete an inline policy that is embedded in a principal entity (user, group, or role)