IAMTrail

Unofficial

AWS silently updates Managed IAM policies all the time.
We catch every single change.

Full version history and diffs for 1564 AWS Managed IAM Policies, archived since 2019. | A service by zoph.io

Total Policies

1,564

Active AWS Managed Policies

Brand New (v1)

20

New AWS services/features

Deprecated

76

Removed from AWS

Most Active

100

ReadOnlyAccess...

Brand New Policies (v1)

Spot upcoming AWS services early - 20 new policies detected

AmazonEKSBlockStoragePolicyV2

v1 / 5/11/2026

AWSVPCFlowLogsServiceRolePolicy

v1 / 5/11/2026

AWSAppConfigServiceRolePolicy

v1 / 5/8/2026

CloudWatchAPIKeyAccess

v1 / 5/8/2026

AWSMarketplaceDiscoveryFullAccess

v1 / 5/7/2026

EC2ApplicationStatusChecksServiceRolePolicy

v1 / 4/27/2026

View all 20 new policies
Free - No account needed

Get notified when policies change

Daily or weekly email digests with inline diffs. Pick specific policies or track them all.

Subscribe

Endpoint Signals

46 regions, 310 services tracked from botocore

Expansionservicecatalogap-southeast-6ca-west-1aws
Expansionfsxap-southeast-6aws
Expansionvpc-latticemx-central-1aws
View all endpoint changes

Policy Creation by Year

Number of AWS managed policies first tracked each year

176
20
143
21
119
22
150
23
154
24
135
25
52
26
2020929 total policies2026

Largest Policy

4169 actions

AWSSupportServiceRolePoli...

AWS Services Tracked

433

IAM service namespaces over time

IAM Actions (literals)

14,335

Distinct action strings in managed policies (no wildcards)

Year-over-Year Velocity

Total policy commits per year - new launches vs. updates

627 total (176 new, 451 updates)
20
488 total (143 new, 345 updates)
21
552 total (119 new, 433 updates)
22
669 total (150 new, 519 updates)
23
606 total (154 new, 452 updates)
24
753 total (135 new, 618 updates)
25
261 total (52 new, 209 updates)
26
UpdatesNew launches3,956 total commits tracked

Excludes 4 bulk-reformat day(s) where detection logic changes caused false-positive diffs.

Policy Lifecycle

Current version distribution across all policies

v1
616
v2
228
v3
185
v4
113
v5
67
v6-10
226
v11-20
94
v21+
35

39% of policies (616) are still at v1 - created once and never updated.

Most revised

ReadOnlyAccessv184AWSConfigServiceRolePolicyv93SecurityAuditv87SageMakerStudioProjectProvisioningRolePolicyv80AWS_ConfigRolev70

Monthly Seasonality

Policy change volume by calendar month across all years

257
Jan
277
Feb
326
Mar
368
Apr
291
May
300
Jun
274
Jul
296
Aug
269
Sep
314
Oct
634
Nov
350
Dec
re:Invent season (Nov-Dec) - 49% above average

re:Invent Pulse

Policy changes during the Nov 15 - Dec 15 window each year

100 changes, 50 new
20
107 changes, 34 new
21
87 changes, 29 new
22
129 changes, 25 new
23
138 changes, 59 new
24
145 changes, 33 new
25
UpdatesNew launches

Recently Updated

AWSECRPullThroughCache_ServiceRolePolicy

Today/ 7 versions

AIDevOpsAgentAccessPolicy

Today/ 4 versions

AIDevOpsAgentFullAccess

Today/ 2 versions

SageMakerStudioUserIAMPermissiveExecutionPolicy

Today/ 11 versions

SageMakerStudioAdminIAMDefaultExecutionPolicy

Today/ 12 versions

SageMakerStudioAdminIAMPermissiveExecutionPolicy

Today/ 11 versions

SageMakerStudioProjectUserRolePolicy

Today/ 32 versions

SageMakerStudioUserIAMDefaultExecutionPolicy

Today/ 13 versions

AmazonEKSBlockStoragePolicyV2

Yesterday/ 1 version

AWSVPCFlowLogsServiceRolePolicy

Yesterday/ 1 version

Most Volatile (Trailing 12 Months)

SageMakerStudioUserIAMPermissiveExecutionPolicy10 changesSageMakerStudioAdminIAMDefaultExecutionPolicy10 changesSageMakerStudioAdminIAMPermissiveExecutionPolicy10 changesSageMakerStudioProjectUserRolePolicy10 changesSageMakerStudioUserIAMDefaultExecutionPolicy10 changesAWSMarketplaceSellerFullAccess10 changesReadOnlyAccess10 changesSecurityAudit10 changesSageMakerStudioProjectProvisioningRolePolicy10 changesAWSConfigServiceRolePolicy10 changes

Newest Policies

AWSECRPullThroughCache_ServiceRolePolicy

Today

SageMakerStudioUserIAMPermissiveExecutionPolicy

Today

AIDevOpsAgentAccessPolicy

Today

AIDevOpsAgentFullAccess

Today

SageMakerStudioAdminIAMPermissiveExecutionPolicy

Today

SageMakerStudioUserIAMDefaultExecutionPolicy

Today

SageMakerStudioAdminIAMDefaultExecutionPolicy

Today

SageMakerStudioProjectUserRolePolicy

Today

AmazonEKSBlockStoragePolicyV2

Yesterday

AWSVPCFlowLogsServiceRolePolicy

Yesterday

Oldest Policies

AWSOpsWorksRegisterCLI

7y 3m ago

AmazonMachineLearningRoleforRedshiftDataSource

7y 3m ago

TagGovernancePolicy

7y 3m ago

AWSLambdaReplicatorInternal

6y 11m ago

AmazonEverestServicePolicy

6y 9m ago

AWSB9InternalServicePolicy

6y 8m ago

AWSBackupAdminPolicy

6y 8m ago

AWSBackupOperatorPolicy

6y 8m ago

AWSCloudTrailFullAccess

6y 8m ago

AWSDataPipelineRole

6y 8m ago