# Edit IAM policies A [policy](access_policies.md) is an entity that, when attached to an identity or resource, defines their permissions. Policies are stored in Amazon as JSON documents and are attached to principals as *identity-based policies* in IAM. You can attach an identity-based policy to a principal (or identity), such as an IAM user group, user, or role. Identity-based policies include Amazon managed policies, customer managed policies, and [inline policies](access_policies_managed-vs-inline.md). You can edit customer managed policies and inline policies in IAM. Amazon managed policies cannot be edited. The number and size of IAM resources in an Amazon account are limited. For more information, see [IAM and Amazon STS quotas](reference_iam-quotas.md). It's generally better to use customer managed policies instead of inline policies or Amazon managed policies. Amazon managed policies usually provide broad administrative or read-only permissions. Inline policies can't be reused on other identities or managed outside of the identity where they exist. For the greatest security, [grant the least privilege](best-practices.md#grant-least-privilege), which means granting only the permissions required to perform specific job tasks. When you create or edit IAM policies, Amazon can automatically perform policy validation to help you create an effective policy with least privilege in mind. In the Amazon Web Services Management Console, IAM identifies JSON syntax errors, while IAM Access Analyzer provides additional policy checks with recommendations to help you further refine your policies. To learn more about policy validation, see [IAM policy validation](access_policies_policy-validator.md). To learn more about IAM Access Analyzer policy checks and actionable recommendations, see [IAM Access Analyzer policy validation](https://docs.amazonaws.cn/IAM/latest/UserGuide/access-analyzer-policy-validation.html). You can use the Amazon Web Services Management Console, Amazon CLI, or Amazon API to edit customer managed policies and inline policies in IAM. For more information about using Amazon CloudFormation templates to add or update policies, see [Amazon Identity and Access Management resource type reference](https://docs.amazonaws.cn/AWSCloudFormation/latest/UserGuide/AWS_IAM.html) in the *Amazon CloudFormation User Guide*. **Topics** + [Edit IAM policies (console)](access_policies_manage-edit-console.md) + [Edit IAM policies (Amazon CLI)](access_policies_manage-edit-cli.md) + [Edit IAM policies (Amazon API)](access_policies_manage-edit-api.md)