Table Of Contents

Feedback

User Guide

First time using the AWS CLI? See the User Guide for help getting started.

[ aws . iam ]

put-role-policy

Description

Adds or updates an inline policy document that is embedded in the specified IAM role.

When you embed an inline policy in a role, the inline policy is used as part of the role's access (permissions) policy. The role's trust policy is created at the same time as the role, using CreateRole . You can update a role's trust policy using UpdateAssumeRolePolicy . For more information about IAM roles, go to Using Roles to Delegate Permissions and Federate Identities .

A role can also have a managed policy attached to it. To attach a managed policy to a role, use AttachRolePolicy . To create a new managed policy, use CreatePolicy . For information about policies, see Managed Policies and Inline Policies in the IAM User Guide .

For information about limits on the number of inline policies that you can embed with a role, see Limitations on IAM Entities in the IAM User Guide .

Note

Because policy documents can be large, you should use POST rather than GET when calling PutRolePolicy . For general information about using the Query API with IAM, go to Making Query Requests in the IAM User Guide .

See also: AWS API Documentation

See 'aws help' for descriptions of global parameters.

Synopsis

  put-role-policy
--role-name <value>
--policy-name <value>
--policy-document <value>
[--cli-input-json <value>]
[--generate-cli-skeleton <value>]

Options

--role-name (string)

The name of the role to associate the policy with.

This parameter allows (per its regex pattern ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

--policy-name (string)

The name of the policy document.

This parameter allows (per its regex pattern ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

--policy-document (string)

The policy document.

The regex pattern used to validate this parameter is a string of characters consisting of the following:

  • Any printable ASCII character ranging from the space character (u0020) through the end of the ASCII character range
  • The printable characters in the Basic Latin and Latin-1 Supplement character set (through u00FF)
  • The special characters tab (u0009), line feed (u000A), and carriage return (u000D)

--cli-input-json (string) Performs service operation based on the JSON string provided. The JSON string follows the format provided by --generate-cli-skeleton. If other arguments are provided on the command line, the CLI values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally.

--generate-cli-skeleton (string) Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value input, prints a sample input JSON that can be used as an argument for --cli-input-json. If provided with the value output, it validates the command inputs and returns a sample output JSON for that command.

See 'aws help' for descriptions of global parameters.

Examples

To attach a permissions policy to an IAM role

The following put-role-policy command adds a permissions policy to the role named Test-Role:

aws iam put-role-policy --role-name Test-Role --policy-name ExamplePolicy --policy-document file://AdminPolicy.json

The policy is defined as a JSON document in the AdminPolicy.json file. (The file name and extension do not have significance.)

To attach a trust policy to a role, use the update-assume-role-policy command.

For more information, see Creating a Role in the Using IAM guide.

Output

None