IAMTrail

Unofficial

AWS silently updates Managed IAM policies all the time.
We catch every single change.

Full version history and diffs for 1555 AWS Managed IAM Policies, archived since 2019. | A service by zoph.io

Total Policies

1,555

Active AWS Managed Policies

Brand New (v1)

20

New AWS services/features

Deprecated

74

Removed from AWS

Most Active

100

ReadOnlyAccess...

Brand New Policies (v1)

Spot upcoming AWS services early - 20 new policies detected

NAPSPropagatorIntegTestManagedPolicy07

v1 / 4/9/2026

AmazonSageMakerCapacityReservationServiceRolePolicy

v1 / 4/8/2026

AmazonS3FilesCSIDriverPolicy

v1 / 4/7/2026

AmazonS3FilesClientFullAccess

v1 / 4/7/2026

AmazonS3FilesClientReadOnlyAccess

v1 / 4/7/2026

AmazonS3FilesClientReadWriteAccess

v1 / 4/7/2026

View all 20 new policies
Free - No account needed

Get notified when policies change

Daily or weekly email digests with inline diffs. Pick specific policies or track them all.

Subscribe

Endpoint Signals

46 regions, 310 services tracked from botocore

Expansioncloudhsmv2ap-southeast-7aws
Expansionlightsailap-southeast-5aws
Expansionglobalacceleratorap-southeast-6aws
New Serviceacm (2 endpoints)aws-iso-b
New Serviceoidc (1 endpoint)aws-eusc
View all endpoint changes

Policy Creation by Year

Number of AWS managed policies first tracked each year

176
20
143
21
119
22
150
23
154
24
135
25
43
26
2020920 total policies2026

Largest Policy

4054 actions

AWSSupportServiceRolePoli...

AWS Services Tracked

431

IAM service namespaces over time

IAM Actions (literals)

14,107

Distinct action strings in managed policies (no wildcards)

Year-over-Year Velocity

Total policy commits per year - new launches vs. updates

627 total (176 new, 451 updates)
20
488 total (143 new, 345 updates)
21
552 total (119 new, 433 updates)
22
669 total (150 new, 519 updates)
23
606 total (154 new, 452 updates)
24
753 total (135 new, 618 updates)
25
188 total (43 new, 145 updates)
26
UpdatesNew launches3,883 total commits tracked

Excludes 4 bulk-reformat day(s) where detection logic changes caused false-positive diffs.

Policy Lifecycle

Current version distribution across all policies

v1
612
v2
225
v3
194
v4
107
v5
66
v6-10
222
v11-20
95
v21+
34

39% of policies (612) are still at v1 - created once and never updated.

Most revised

ReadOnlyAccessv182AWSConfigServiceRolePolicyv91SecurityAuditv85SageMakerStudioProjectProvisioningRolePolicyv78AWS_ConfigRolev68

Monthly Seasonality

Policy change volume by calendar month across all years

257
Jan
277
Feb
326
Mar
327
Apr
259
May
300
Jun
274
Jul
296
Aug
269
Sep
314
Oct
634
Nov
350
Dec
re:Invent season (Nov-Dec) - 52% above average

re:Invent Pulse

Policy changes during the Nov 15 - Dec 15 window each year

100 changes, 50 new
20
107 changes, 34 new
21
87 changes, 29 new
22
129 changes, 25 new
23
138 changes, 59 new
24
145 changes, 33 new
25
UpdatesNew launches

Recently Updated

AmazonBedrockLimitedAccess

Today/ 7 versions

AmazonBedrockMantleFullAccess

Today/ 5 versions

AmazonBedrockMantleInferenceAccess

Today/ 5 versions

NAPSPropagatorIntegTestManagedPolicy07

Today/ 1 version

AWSWAFConsoleFullAccess

Today/ 18 versions

AWSWAFConsoleReadOnlyAccess

Today/ 17 versions

AWSWAFFullAccess

Today/ 22 versions

AWSWAFReadOnlyAccess

Today/ 19 versions

AmazonSageMakerCapacityReservationServiceRolePolicy

Today/ 1 version

Billing

Today/ 27 versions

Most Volatile (Trailing 12 Months)

AWSConfigServiceRolePolicy10 changesAWS_ConfigRole10 changesSageMakerStudioProjectUserRolePolicy10 changesReadOnlyAccess10 changesViewOnlyAccess10 changesSageMakerStudioAdminIAMDefaultExecutionPolicy10 changesSageMakerStudioAdminIAMPermissiveExecutionPolicy10 changesSageMakerStudioUserIAMDefaultExecutionPolicy10 changesSageMakerStudioUserIAMPermissiveExecutionPolicy10 changesBedrockAgentCoreFullAccess10 changes

Newest Policies

AmazonBedrockLimitedAccess

Today

AmazonBedrockMantleFullAccess

Today

AmazonBedrockMantleInferenceAccess

Today

NAPSPropagatorIntegTestManagedPolicy07

Today

AWSWAFFullAccess

Today

AWSWAFConsoleReadOnlyAccess

Today

AWSWAFReadOnlyAccess

Today

AWSWAFConsoleFullAccess

Today

AmazonSageMakerCapacityReservationServiceRolePolicy

Today

Billing

Today

Oldest Policies

AWSOpsWorksRegisterCLI

7y 2m ago

AmazonMachineLearningRoleforRedshiftDataSource

7y 2m ago

TagGovernancePolicy

7y 2m ago

AWSLambdaReplicatorInternal

6y 10m ago

AmazonEverestServicePolicy

6y 8m ago

AWSB9InternalServicePolicy

6y 7m ago

AWSBackupAdminPolicy

6y 7m ago

AWSBackupOperatorPolicy

6y 7m ago

AWSCloudTrailFullAccess

6y 7m ago

AWSDataPipelineRole

6y 7m ago