Prerequisites Editing customer managed policies (AWS API)Setting the default version of a customer managed policy (AWS API)Deleting a version of a customer managed policy (AWS API)Editing inline policies (AWS API)

Edit IAM policies (AWS API)

A policy is an entity that, when attached to an identity or resource, defines their permissions. You can use the AWS API to edit customer managed policies and inline policies in IAM. AWS managed policies cannot be edited. The number and size of IAM resources in an AWS account are limited. For more information, see IAM and AWS STS quotas.

For more information about policy structure and syntax, see Policies and permissions in AWS Identity and Access Management and the IAM JSON policy element reference.

Prerequisites

Before you change the permissions for a policy, you should review its recent service-level activity. This is important because you don't want to remove access from a principal (person or application) who is using it. For more information about viewing last accessed information, see Refine permissions in AWS using last accessed information.

Editing customer managed policies (AWS API)

You can edit a customer managed policy using the AWS API.

Note

A managed policy can have up to five versions. If you need to make changes to a customer managed policy beyond five versions, you must first delete one or more existing versions.

To edit a customer managed policy (AWS API)

(Optional) To view information about a policy, call the following operations:
- To list managed policies: ListPolicies
- To retrieve detailed information about a managed policy: GetPolicy
(Optional) To find out about the relationships between the policies and identities, call the following operations:
- To list the identities (IAM users, IAM groups, and IAM roles) to which a managed policy is attached:
  - ListEntitiesForPolicy
- To list the managed policies attached to an identity (a user, user group, or role):
To edit a customer managed policy, call the following operation:
- CreatePolicyVersion
(Optional) To validate a customer managed policy, call the following IAM Access Analyzer operation:
- ValidatePolicy

Setting the default version of a customer managed policy (AWS API)

You can set a default version of a customer managed policy from the AWS API.

To set the default version of a customer managed policy (AWS API)

(Optional) To list managed policies, call the following operation:
- ListPolicies
To set the default version of a customer managed policy, call the following operation:
- SetDefaultPolicyVersion

Deleting a version of a customer managed policy (AWS API)

You can delete a version of a customer managed policy from the AWS API.

To delete a version of a customer managed policy (AWS API)

(Optional) To list managed policies, call the following operation:
- ListPolicies
To delete a customer managed policy, call the following operation:
- DeletePolicyVersion

Editing inline policies (AWS API)

You can edit an inline policy from the AWS API.

To edit an inline policy (AWS API)

(Optional) To view information about an inline policy, run the following operations:
- To list inline policies associated to an identity (a user, user group, or role):
- To retrieve detailed information about an inline policy:
To edit an inline policy, run the following operations:
(Optional) To validate an inline policy, run the following IAM Access Analyzer operation:
- ValidatePolicy

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Edit IAM policies (CLI)

Delete IAM policies