AWS Documentation » AWS Identity and Access Management » CLI Reference » Commands » iam-roleupdateassumepolicy	« Previous Next »
	Did this page help you? Yes \| No \| Tell us about it...

iam-roleupdateassumepolicy

Description

Updates the policy that controls who can assume a given role.

Note

Currently, permission to assume a role is limited to Amazon EC2 instances in your AWS account only.

Syntax

iam-roleupdateassumepolicy -r ROLENAME [ -f POLICYDOCUMENTFILE | -s SERVICE] [-o]

Options

Name	Description	Required
`-r` `ROLENAME`	Name of the role to update. Type: String Default: None	Yes
`-s` `SERVICE`	The entity that can assume the role. Currently, the only entity that can assume a role is an Amazon EC2 instance. For Amazon EC2, the value is the EC2 endpoint `ec2.amazonaws.com`. For more information about service endpoints, go to Regions and Endpoints in the AWS General Reference. Type: String Condition: Either `-s SERVICE` or `-f POLICYDOCUMENTFILE` is required. If you use both options together, IAM returns an error. Default: None	Conditional
`-f`	Path and name of the file containing the policy. Type: String Condition: Either `-f POLICYDOCUMENTFILE` or `-s SERVICE` is required. If you use both options together, IAM returns an error. Default: None	Conditional
`-o`	Causes the response to include the new JSON policy document. Type: String Default: None	No

Output

If the command is successful, the output is empty.

Examples

The following example updates a role so that an Amazon EC2 instance can assume the role. The -o option causes the output to include the role's JSON policy document.

PROMPT> iam-roleupdateassumepolicy -r myrole -s ec2.amazonaws.com -o
{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Principal":{"Service":["ec2.amazonaws.com"]},"Action":["sts:AssumeRole"]}]}

Related Commands

Document Conventions	« Previous Next »
Terms of Use	Did this page help you? Yes \| No \| Tell us about it...