Does one get notified in case AWS changes one of its pre-defined IAM policies?
2 Answers
Mmm… I am not an expert on this. I think you should be looking at the agreement, on section 2.
With the predefined IAM policies, they can change at any time without notice. They normally have a certain job designed for them and to accomplish what it does it could add or remove services dependant on what they feel is valid and only enough permissions they deem necessary.
The approach to removing services is to try and create a new policy as to not be service impacting but to have added permissions from time to time to existing ones.
If you would like a policy that does not change, I would suggest using either inline or creating your own customer managed policy, you can always have control of what is applied.
https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-deprecated.html