I want to make an inline policy (i.e, one that exists only in the context of an IAM permission group) a managed one (i.e, one that exists globally). Is that possible? If so, how? (I would prefer AWS GUI solutions and not CLI ones)
CodePudding user response:
It is not possible to convert an inline policy to a managed policy.
What you can do is:
- Go to IAM - Groups
- Choose the group whose policy you want
- Go to Permissions tab
- Select inline policy
- Open it in JSON Viewer and copy the whole JSON
- Go to Policies
- Click on Create a Policy button and follow the steps. On the first page, switch from Visual editor to JSON and paste your policy
CodePudding user response:
I believe you are looking for a "Customer managed policy", see more at https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html#customer-managed-policies
You can create standalone policies that you administer in your own AWS account, which we refer to as customer managed policies. You can then attach the policies to multiple principal entities in your AWS account. When you attach a policy to a principal entity, you give the entity the permissions that are defined in the policy.
There is also a section specifically for Converting an inline policy to a managed policy