| Feature | Inline Policy | JSON IAM Policy (Managed) |
|---|---|---|
| Attachment | One IAM entity only | Multiple IAM users, roles, groups |
| Reusability | Not reusable | Reusable across multiple entities |
| Management | Tightly coupled to entity | Standalone, versioned, and easy to update |
| Use Case | One-off or specific cases | Standardized permissions for multiple users |
NOTE: Use inline policy to overwrite explicit “allow” for a given user
ARN:
❗Exam note
IAM Groups
| Feature | Trust Policy | Permission Policy |
|---|---|---|
| Purpose | Controls who can assume the role | Controls what the role can do |
| Field Used | Principal (who is trusted) |
Action and Resource (what can be done) |
| Required? | ✅ Always required | ✅ Always required |
| Example Use Case | EC2 needs permission to assume a role | Role can access S3 or DynamoDB |
