I see, I need to manage through Policy Versions.
There is CreatePolicyVersion, DeletePolicyVersion, GetPolicyVersion, ListPolicyVersions, and SetDefaultPolicyVersion
This obviously covers it.
Can CloudFormation add existing policy to existing role?Accepted AnswerMODERATORasked 2 years ago
API Gateway custom authorizer does not parse valid JSON Policy documentasked 3 years ago
KMS Key policy ignored over IAM RoleAccepted Answerasked 3 years ago
iam role trust policy behaviorAccepted Answerasked 4 months ago
aws-sdk-php, IamClient - How to update policy json, the 'PolicyDocument'?Accepted Answer
How to dynamically update the policy of user(Cognito identity) from backend/lambda?asked 9 months ago
aws-sdk-php, to instantiate the IamClient, it requires you to pass in a "region". If IAM is Global, why is region required?Accepted Answer
How to define IAM::Policy in SAM templateasked a year ago
Using EC2 IAM role principal in SecretsManager resource policy together with autoscalingAccepted Answerasked a year ago
KMS key policy to allow access to the key only to the role used to create the keyasked a year ago