Within IAM, you will see that there is a large amount of predefined policies that have already been created by AWS; at the time of writing this book, there are over 400! These are AWS managed policies that have been built to save you time, as they cover some of the most commonly used permission sets. They are listed alphabetically within IAM, under the policies section, and can be searched and filtered. For example, if I were to search for RDS, the following results would be displayed:

However, when you are creating your policies, you may find that the AWS managed policies don’t meet your requirements, and you may need a policy that is more defined, to ensure that you are not using overly permissive policies. As a result, you also have the option to create your own managed policies; these are referred to as customer managed policies. Both AWS managed and customer managed policies can be attached to any user, group, or role.

There a number of ways to create your customer managed policies, including the following:

• Writing them from scratch with a JSON policy editor
• Using the visual editor within IAM
• Copying an existing managed policy, and customizing it as required

All of these can be carried out from within IAM, by following the steps detailed in the next sections.