I have more than 10 lambdas. I am managing the infrastructure using sam template.
I have defined Function resources for these lambdas. There are some common permissions required by these lambdas - cloudwatch, xray. Each lambda again require it's own specific permissions.
Like Lambda1 might require permission for S3, Lambda2 for ParameterStore.
So, to manage these permissions for the lambdas, I have decided to create inline policy along each Function resource with specific permissions. And define a Policy Resource with common permissions for all lambdas and refer that in each inline lambda policy.
When I am defining the separate Policy Resource, I am confused to use Type either AWS::IAM::Policy or AWS::IAM::ManagedPolicy. What is the difference between two? What is useful in my use case?
And also please suggest how can I refer this Policy Resource in inline policy of each lambda.
When we define policy as
AWS::IAM::Policy it is required to associate it with any user/role
AWS::IAM::ManagedPolicy it is not required to do so here