AWScloud~30 mins

Managed vs inline policies in AWS - Hands-On Comparison

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

Understanding Managed vs Inline Policies in AWS IAM

📖 Scenario: You are working as a cloud administrator for a small company. You need to set up permissions for a new user in AWS. You want to understand the difference between managed policies and inline policies to decide how to assign permissions properly.

🎯 Goal: Build two AWS IAM policy configurations: one using a managed policy and one using an inline policy attached to a user. This will help you see how each policy type is created and attached.

📋 What You'll Learn

Create an IAM user named TestUser

Create a managed policy named ReadOnlyAccessPolicy with read-only permissions for S3

Attach the managed policy ReadOnlyAccessPolicy to TestUser

Create an inline policy named InlineS3WritePolicy with write permissions for S3

Attach the inline policy InlineS3WritePolicy directly to TestUser

💡 Why This Matters

🌍 Real World

Managing user permissions securely and efficiently is critical in real-world cloud environments to control access to resources.

💼 Career

Understanding managed and inline policies is essential for roles like Cloud Administrator, DevOps Engineer, and Security Engineer working with AWS.

Progress0 / 4 steps

Create the IAM user TestUser

Write the AWS CLI command to create an IAM user named TestUser.

AWS

# Your code here

Need a hint?

Use the aws iam create-user command with the --user-name option.

Create a managed policy named ReadOnlyAccessPolicy with S3 read-only permissions

Write the AWS CLI command to create a managed policy named ReadOnlyAccessPolicy that allows s3:GetObject and s3:ListBucket actions on all S3 resources.

AWS

# Your code here

Need a hint?

Use aws iam create-policy with --policy-name and --policy-document JSON string.

Attach the managed policy ReadOnlyAccessPolicy to TestUser

Write the AWS CLI command to attach the managed policy named ReadOnlyAccessPolicy to the IAM user TestUser. Use the policy ARN format arn:aws:iam::aws:policy/ReadOnlyAccessPolicy.

AWS

# Your code here

Need a hint?

Use aws iam attach-user-policy with --user-name and --policy-arn.

Create and attach an inline policy named InlineS3WritePolicy with S3 write permissions to TestUser

Write the AWS CLI command to put an inline policy named InlineS3WritePolicy on the IAM user TestUser. The policy should allow s3:PutObject action on all S3 resources.

AWS

# Your code here

Need a hint?

Use aws iam put-user-policy with --user-name, --policy-name, and --policy-document.