AWS Command Line Interface
User Guide

Attach an IAM Managed Policy to an IAM User

This topic describes how to use AWS Command Line Interface (AWS CLI) commands to attach an IAM policy to an IAM user. The policy in this example provides the user with "Power User Access".

Before you run any commands, set your default credentials. For more information, see Configuring the AWS CLI.

To attach an IAM managed policy to an IAM user

  1. Determine the ARN of the policy to attach. The following command uses list-policies to find the ARN of the policy with the name PowerUserAccess. It then stores that ARN in an environment variable.

    $ export POLICYARN=$(aws iam list-policies --query 'Policies[?PolicyName==`PowerUserAccess`].{ARN:Arn}' --output text) ~ $ echo $POLICYARN arn:aws:iam::aws:policy/PowerUserAccess
  2. To attach the policy, use the attach-user-policy command, and reference the environment variable that holds the policy ARN.

    $ aws iam attach-user-policy --user-name MyUser --policy-arn $POLICYARN
  3. Verify that the policy is attached to the user by running the list-attached-user-policies command.

    $ aws iam list-attached-user-policies --user-name MyUser { "AttachedPolicies": [ { "PolicyName": "PowerUserAccess", "PolicyArn": "arn:aws:iam::aws:policy/PowerUserAccess" } ] }

Additional Resources

For more information, see Access Management Resources. This topic provides links to an overview of permissions and policies, and links to examples of policies for accessing Amazon S3, Amazon EC2, and other services.

On this page: