Menu
AWS Identity and Access Management
User Guide

Working with Inline Policies

This section describes how to create and manage inline policies.

For information about managing managed policies, see Working with Managed Policies.

Working with Inline Policies Using the AWS Management Console

You can use the AWS Management Console to create and embed inline policies.

To create an inline policy and embed it in a group, user, or role

  1. Sign in to the IAM console at https://console.aws.amazon.com/iam/.

  2. In the navigation pane, choose Groups, Users, or Roles.

  3. In the list, choose the name of the group, user, or role to embed a policy in.

  4. Choose the Permissions tab. If you chose Groups or Roles, expand the Inline Policies section if necessary.

  5. If in Groups, choose Create Group Policy. If in Users, scroll to the bottom of the page and choose Add inline policy. If in Roles, choose Create Role Policy. If there are no existing policies in Groups or Roles, instead choose click here to create your first inline policy.

  6. Choose Policy Generator or Custom Policy, and then choose Select.

  7. Do one of the following:

    • If you chose Custom Policy, specify a name for the policy and create your policy document.

    • If you are using the policy generator to create your policy, select the appropriate Effect, AWS Service, and Actions options. Type the Amazon Resource Name ARN (if applicable), and add any conditions that you want to include. Then choose Add Statement. You can add as many statements as you want to the policy. When you are finished adding statements, choose Next Step. For more information, see Construct a Policy with the Policy Generator

  8. Choose Validate Policy and ensure that no errors appear in a red box at the top of the screen. Correct any that are reported.

    Note

    If Use autoformatting for policy editing is selected, the policy is reformatted whenever you open a policy or choose Validate Policy.

  9. When you are satisfied with the policy, choose Apply Policy.

To view a policy or a list of all policies associated with a user, group, or role

  • In the navigation pane, choose Users, Groups, or Roles. Choose the name of the entity to view, and then choose the Permissions tab.

To edit or delete an inline policy for a group, user, or role

  1. In the navigation pane, choose Groups, Users, or Roles.

  2. Choose the name of the group, user, or role with the policy that you want to modify. Then choose the Permissions tab. If you chose Users, expand the policy.

  3. To edit an inline policy, choose Edit Policy.

  4. To delete an inline policy in Groups or Roles, choose Remove Policy. To delete an inline policy in Users, choose X.

Working with Inline Policies Using the AWS CLI or the IAM API

You can use the AWS CLI or IAM API to work with inline policies.

To list all inline policies that are embedded in a principal entity (user, group, or role)

To retrieve an inline policy document that is embedded in a principal entity (user, group, or role)

To embed an inline policy in a principal entity (user, group, or role)

To delete an inline policy that is embedded in a principal entity (user, group, or role)