Amazon Web Services (AWS) released a new managed policy tool for IAM users in the management console. This new tool allows an administrator to select from pre-built policy templates, easily applying the desired permission set to IAM objects.
This represents a vast improvement over the older JSON code driven templates that existed before. An administrator can use this tool to add or remove policies as well as get a summary overview of how many entities are attached to each policy. The tool also gives the administrator a vehicle to easily roll back policies applied for faster resolution of any issues inadvertently introduced by a recent policy change.
Administrators have always had the option of applying JSON derived policies directly to users, or as they are now known “inline policies”. While this system was powerful and very flexible, creating inline policies directly on user objects often led to duplication of work and administration headaches down the road. The new Managed Policies toolset promotes these policies to full blown AWS objects that can be applied to users, groups or roles as desired while maintaining a clear view of who has what level of permission on which resource.
The new tool also allows for administrators to delegate policy update, add and delete permissions to a user, group or role without giving those objects full admin access.