A policy is an entity that, when attached to an identity or resource, defines their permissions. You can use the AWS API to edit customer managed policies and inline policies in IAM. AWS managed policies cannot be edited. The number and size of IAM resources in an AWS account are limited. For more information, see IAM and AWS STS quotas.
For more information about policy structure and syntax, see Policies and permissions in AWS Identity and Access Management and the IAM JSON policy element reference.
Prerequisites
Before you change the permissions for a policy, you should review its recent service-level activity. This is important because you don't want to remove access from a principal (person or application) who is using it. For more information about viewing last accessed information, see Refine permissions in AWS using last accessed information.
Editing customer managed policies (AWS
API)
You can edit a customer managed policy using the AWS API.
Note
A managed policy can have up to five versions. If you need to make changes to a customer managed policy beyond five versions, you must first delete one or more existing versions.
To edit a customer managed policy (AWS API)
-
(Optional) To view information about a policy, call the following operations:
-
To list managed policies: ListPolicies
-
To retrieve detailed information about a managed policy: GetPolicy
-
-
(Optional) To find out about the relationships between the policies and identities, call the following operations:
-
To list the identities (IAM users, IAM groups, and IAM roles) to which a managed policy is attached:
-
To list the managed policies attached to an identity (a user, user group, or role):
-
-
To edit a customer managed policy, call the following operation:
-
(Optional) To validate a customer managed policy, call the following IAM Access Analyzer operation:
Setting the
default version of a customer managed policy (AWS API)
You can set a default version of a customer managed policy from the AWS API.
To set the default version of a customer managed policy (AWS API)
-
(Optional) To list managed policies, call the following operation:
-
To set the default version of a customer managed policy, call the following operation:
Deleting a version of
a customer managed policy (AWS API)
You can delete a version of a customer managed policy from the AWS API.
To delete a version of a customer managed policy (AWS API)
-
(Optional) To list managed policies, call the following operation:
-
To delete a customer managed policy, call the following operation:
Editing inline policies (AWS API)
You can edit an inline policy from the AWS API.
To edit an inline policy (AWS API)
-
(Optional) To view information about an inline policy, run the following operations:
-
To list inline policies associated to an identity (a user, user group, or role):
-
To retrieve detailed information about an inline policy:
-
-
To edit an inline policy, run the following operations:
-
(Optional) To validate an inline policy, run the following IAM Access Analyzer operation:
