What is IAM Managed Policy?
A managed policy is a standalone IAM policy that can be attached to multiple users, groups, or roles, and exists independently of any single identity.
Managed policies come in two kinds. AWS-managed policies are created and maintained by AWS (for example AdministratorAccess or ReadOnlyAccess). Customer-managed policies are authored in your account and versioned, so you can roll back to a previous version. Because a managed policy is a reusable object, attaching it to many principals keeps permissions consistent and auditable.
Each entity can have up to a documented number of attached managed policies, and a customer-managed policy keeps up to five versions. Managed policies show up cleanly in inventories, which makes them easier to audit than inline policies attached directly to one identity.
Common mistake
Attaching a broad AWS-managed policy such as AdministratorAccess for convenience grants far more than most workloads need. Prefer a scoped customer-managed policy and review attachments regularly.
Related terms
Analyze a real policy free
Shieldly's AI-Powered analyzer explains why an IAM policy is risky and returns the fix in seconds. No signup, no AWS credentials. Also ships as CLI, VS Code extension, GitHub Action, and CDK Guard.
Amazon Web Services (AWS) is a trademark of Amazon.com, Inc. Shieldly is not affiliated with, endorsed by, or sponsored by Amazon Web Services.