| « PreviousNext » | |
  | Did this page help you? Yes | No | Tell us about it... |
iam-roleaddpolicy
Description
Creates a policy based on the information you provide and attaches the policy to the specified role. Use this command if you need a simple policy with no conditions, and you don't want to write the policy yourself. If you need a policy with conditions, you must write the policy yourself and upload it with iam-roleuploadpolicy. For information about policy size limits, see Appendix A: Limitations on IAM Entities.
For information about how to write policies and how policies work, go to Permissions and Policies in Using AWS Identity and Access Management.
Syntax
iam-roleaddpolicy -r
ROLENAME -p
POLICYNAME -e EFFECT
{-a ACTION ...} {-c
AMAZON RESOURCE NAME ...} [-o]
Options
| Name | Description | Required |
|---|---|---|
|
|
Name of the role the policy is for. Type: String Default: None |
Yes |
|
|
Name you want to assign the policy. Type: String Default: None |
Yes |
|
|
The value for the policy's Type: String Valid Values: Default: None |
Yes |
|
|
The value for the policy's You can use wildcards, and you can specify more than one
The following
example specifies all the Amazon S3 actions related to
buckets: Type: String Default: None |
Yes |
|
|
The value for the policy's You can use wildcards, and you can specify more than one
Type: String Default: None |
Yes |
|
|
Causes the output to include the JSON policy document that IAM created for you. |
No |
Output
If the command is successful, the output is empty. If you specified the
-o option, the output includes the JSON policy document.
Example
The following example request adds (or updates) the policy named
s3access for the role named myrole. The
-o option causes the output to include the JSON policy document we
construct for you based on the options you provided.
PROMPT> iam-roleaddpolicy -r myrole -p s3access -e Allow -a "s3:*" -c "*" -o
{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Action":["s3:*"],"Resource":["*"]}]}
