What is true about inline policies in IAM?

Disable ads (and more) with a premium pass for a one time $4.99 payment

Prepare for the Amazon Web Services (CISN 74A) Security Test with our interactive quizzes. Use multiple choice questions with detailed hints and explanations to ace your exam.

Inline policies in AWS Identity and Access Management (IAM) are indeed an inherent part of a principal entity, such as a user, group, or role. This means that inline policies are directly attached and embedded within that specific entity, rather than being standalone policies that can be reused across multiple entities.

Because inline policies are tightly coupled with their associated principal, they cannot be shared or applied to other users or roles. This characteristic makes inline policies particularly useful for highly specific permissions that only need to be assigned to a single entity, rather than for broader policies that might be better suited as managed policies.

While inline policies do have uniquely defined permissions, they do not inherently override managed policies; instead, they work alongside them. When both an inline policy and a managed policy are associated with a principal, the effective permissions are the combination of both policies, following IAM's policy evaluation logic. Lastly, inline policies can be applied not only to roles but also to users and groups, which means their applicability is broader than what's suggested by the choice mentioning only roles. Thus, the nature of inline policies as an integral part of a specific principal entity is what makes option B accurate.