There are more AWS SDK examples available in the AWS Doc SDK Examples
Attach an IAM policy to a role using an AWS SDK
The following code examples show how to attach an IAM policy to a role.
- .NET
-
- AWS SDK for .NET
-
Note There's more on GitHub. Find the complete example and learn how to set up and run in the AWS Code Examples Repository
. /// <summary> /// Attach the policy to the role so that the user can assume it. /// </summary> /// <param name="client">The initialized IAM client object.</param> /// <param name="policyArn">The ARN of the policy to attach.</param> /// <param name="roleName">The name of the role to attach the policy to.</param> public static async Task AttachRoleAsync( AmazonIdentityManagementServiceClient client, string policyArn, string roleName) { var request = new AttachRolePolicyRequest { PolicyArn = policyArn, RoleName = roleName, }; var response = await client.AttachRolePolicyAsync(request); if (response.HttpStatusCode == System.Net.HttpStatusCode.OK) { Console.WriteLine("Successfully attached the policy to the role."); } else { Console.WriteLine("Could not attach the policy."); } }-
For API details, see AttachRolePolicy in AWS SDK for .NET API Reference.
-
- C++
-
- SDK for C++
-
Note There's more on GitHub. Find the complete example and learn how to set up and run in the AWS Code Examples Repository
. bool AwsDoc::IAM::attachRolePolicy(const Aws::String &roleName, const Aws::String &policyArn, const Aws::Client::ClientConfiguration &clientConfig) { Aws::IAM::IAMClient iam(clientConfig); Aws::IAM::Model::ListAttachedRolePoliciesRequest list_request; list_request.SetRoleName(roleName); bool done = false; while (!done) { auto list_outcome = iam.ListAttachedRolePolicies(list_request); if (!list_outcome.IsSuccess()) { std::cerr << "Failed to list attached policies of role " << roleName << ": " << list_outcome.GetError().GetMessage() << std::endl; return false; } const auto &policies = list_outcome.GetResult().GetAttachedPolicies(); if (std::any_of(policies.cbegin(), policies.cend(), [=](const Aws::IAM::Model::AttachedPolicy &policy) { return policy.GetPolicyArn() == policyArn; })) { std::cout << "Policy " << policyArn << " is already attached to role " << roleName << std::endl; return true; } done = !list_outcome.GetResult().GetIsTruncated(); list_request.SetMarker(list_outcome.GetResult().GetMarker()); } Aws::IAM::Model::AttachRolePolicyRequest request; request.SetRoleName(roleName); request.SetPolicyArn(policyArn); Aws::IAM::Model::AttachRolePolicyOutcome outcome = iam.AttachRolePolicy(request); if (!outcome.IsSuccess()) { std::cerr << "Failed to attach policy " << policyArn << " to role " << roleName << ": " << outcome.GetError().GetMessage() << std::endl; } else { std::cout << "Successfully attached policy " << policyArn << " to role " << roleName << std::endl; } return outcome.IsSuccess(); }-
For API details, see AttachRolePolicy in AWS SDK for C++ API Reference.
-
- Go
-
- SDK for Go V2
-
Note There's more on GitHub. Find the complete example and learn how to set up and run in the AWS Code Examples Repository
. // RoleWrapper encapsulates AWS Identity and Access Management (IAM) role actions // used in the examples. // It contains an IAM service client that is used to perform role actions. type RoleWrapper struct { IamClient *iam.Client } // AttachRolePolicy attaches a policy to a role. func (wrapper RoleWrapper) AttachRolePolicy(policyArn string, roleName string) error { _, err := wrapper.IamClient.AttachRolePolicy(context.TODO(), &iam.AttachRolePolicyInput{ PolicyArn: aws.String(policyArn), RoleName: aws.String(roleName), }) if err != nil { log.Printf("Couldn't attach policy %v to role %v. Here's why: %v\n", policyArn, roleName, err) } return err }-
For API details, see AttachRolePolicy
in AWS SDK for Go API Reference.
-
- Java
-
- SDK for Java 2.x
-
Note There's more on GitHub. Find the complete example and learn how to set up and run in the AWS Code Examples Repository
. public static void attachIAMRolePolicy(IamClient iam, String roleName, String policyArn ) { try { ListAttachedRolePoliciesRequest request = ListAttachedRolePoliciesRequest.builder() .roleName(roleName) .build(); ListAttachedRolePoliciesResponse response = iam.listAttachedRolePolicies(request); List<AttachedPolicy> attachedPolicies = response.attachedPolicies(); // Ensure that the policy is not attached to this role String polArn = ""; for (AttachedPolicy policy: attachedPolicies) { polArn = policy.policyArn(); if (polArn.compareTo(policyArn)==0) { System.out.println(roleName + " policy is already attached to this role."); return; } } AttachRolePolicyRequest attachRequest = AttachRolePolicyRequest.builder() .roleName(roleName) .policyArn(policyArn) .build(); iam.attachRolePolicy(attachRequest); System.out.println("Successfully attached policy " + policyArn + " to role " + roleName); } catch (IamException e) { System.err.println(e.awsErrorDetails().errorMessage()); System.exit(1); } System.out.println("Done"); }-
For API details, see AttachRolePolicy in AWS SDK for Java 2.x API Reference.
-
- JavaScript
-
- SDK for JavaScript V3
-
Note There's more on GitHub. Find the complete example and learn how to set up and run in the AWS Code Examples Repository
. Create the client.
import { IAMClient } from "@aws-sdk/client-iam"; // Set the AWS Region. const REGION = "REGION"; // For example, "us-east-1". // Create an IAM service client object. const iamClient = new IAMClient({ region: REGION }); export { iamClient };Attach the policy.
// Import required AWS SDK clients and commands for Node.js. import { iamClient } from "./libs/iamClient.js"; import { ListAttachedRolePoliciesCommand, AttachRolePolicyCommand, } from "@aws-sdk/client-iam"; // Set the parameters. const ROLENAME = "ROLE_NAME"; const paramsRoleList = { RoleName: ROLENAME }; //ROLE_NAME export const params = { PolicyArn: "arn:aws:iam::aws:policy/AmazonDynamoDBFullAccess", RoleName: ROLENAME, }; export const run = async () => { try { const data = await iamClient.send( new ListAttachedRolePoliciesCommand(paramsRoleList) ); const myRolePolicies = data.AttachedPolicies; myRolePolicies.forEach(function (_val, index) { if (myRolePolicies[index].PolicyName === "AmazonDynamoDBFullAccess") { console.log( "AmazonDynamoDBFullAccess is already attached to this role." ); process.exit(); } }); try { const data = await iamClient.send(new AttachRolePolicyCommand(params)); console.log("Role attached successfully"); return data; } catch (err) { console.log("Error", err); } } catch (err) { console.log("Error", err); } }; run();-
For more information, see AWS SDK for JavaScript Developer Guide.
-
For API details, see AttachRolePolicy in AWS SDK for JavaScript API Reference.
-
- SDK for JavaScript V2
-
Note There's more on GitHub. Find the complete example and learn how to set up and run in the AWS Code Examples Repository
. // Load the AWS SDK for Node.js var AWS = require('aws-sdk'); // Set the region AWS.config.update({region: 'REGION'}); // Create the IAM service object var iam = new AWS.IAM({apiVersion: '2010-05-08'}); var paramsRoleList = { RoleName: process.argv[2] }; iam.listAttachedRolePolicies(paramsRoleList, function(err, data) { if (err) { console.log("Error", err); } else { var myRolePolicies = data.AttachedPolicies; myRolePolicies.forEach(function (val, index, array) { if (myRolePolicies[index].PolicyName === 'AmazonDynamoDBFullAccess') { console.log("AmazonDynamoDBFullAccess is already attached to this role.") process.exit(); } }); var params = { PolicyArn: 'arn:aws:iam::aws:policy/AmazonDynamoDBFullAccess', RoleName: process.argv[2] }; iam.attachRolePolicy(params, function(err, data) { if (err) { console.log("Unable to attach policy to role", err); } else { console.log("Role attached successfully"); } }); } });-
For more information, see AWS SDK for JavaScript Developer Guide.
-
For API details, see AttachRolePolicy in AWS SDK for JavaScript API Reference.
-
- Kotlin
-
- SDK for Kotlin
-
Note This is prerelease documentation for a feature in preview release. It is subject to change.
Note There's more on GitHub. Find the complete example and learn how to set up and run in the AWS Code Examples Repository
. suspend fun attachIAMRolePolicy(roleNameVal: String, policyArnVal: String) { val request = ListAttachedRolePoliciesRequest { roleName = roleNameVal } IamClient { region = "AWS_GLOBAL" }.use { iamClient -> val response = iamClient.listAttachedRolePolicies(request) val attachedPolicies = response.attachedPolicies // Ensure that the policy is not attached to this role. val checkStatus: Int if (attachedPolicies != null) { checkStatus = checkList(attachedPolicies, policyArnVal) if (checkStatus == -1) return } val policyRequest = AttachRolePolicyRequest { roleName = roleNameVal policyArn = policyArnVal } iamClient.attachRolePolicy(policyRequest) println("Successfully attached policy $policyArnVal to role $roleNameVal") } } fun checkList(attachedPolicies: List<AttachedPolicy>, policyArnVal: String): Int { for (policy in attachedPolicies) { val polArn = policy.policyArn.toString() if (polArn.compareTo(policyArnVal) == 0) { println("The policy is already attached to this role.") return -1 } } return 0 }-
For API details, see AttachRolePolicy
in AWS SDK for Kotlin API reference.
-
- PHP
-
- SDK for PHP
-
Note There's more on GitHub. Find the complete example and learn how to set up and run in the AWS Code Examples Repository
. $uuid = uniqid(); $service = new IamService(); $assumeRolePolicyDocument = "{ \"Version\": \"2012-10-17\", \"Statement\": [{ \"Effect\": \"Allow\", \"Principal\": {\"AWS\": \"{$user['Arn']}\"}, \"Action\": \"sts:AssumeRole\" }] }"; $assumeRoleRole = $service->createRole("iam_demo_role_$uuid", $assumeRolePolicyDocument); echo "Created role: {$assumeRoleRole['RoleName']}\n"; $listAllBucketsPolicyDocument = "{ \"Version\": \"2012-10-17\", \"Statement\": [{ \"Effect\": \"Allow\", \"Action\": \"s3:ListAllMyBuckets\", \"Resource\": \"arn:aws:s3:::*\"}] }"; $listAllBucketsPolicy = $service->createPolicy("iam_demo_policy_$uuid", $listAllBucketsPolicyDocument); echo "Created policy: {$listAllBucketsPolicy['PolicyName']}\n"; $service->attachRolePolicy($assumeRoleRole['RoleName'], $listAllBucketsPolicy['Arn']); public function attachRolePolicy($roleName, $policyArn) { return $this->customWaiter(function () use ($roleName, $policyArn) { $this->iamClient->attachRolePolicy([ 'PolicyArn' => $policyArn, 'RoleName' => $roleName, ]); }); }-
For API details, see AttachRolePolicy in AWS SDK for PHP API Reference.
-
- Python
-
- SDK for Python (Boto3)
-
Note There's more on GitHub. Find the complete example and learn how to set up and run in the AWS Code Examples Repository
. Attach a policy to a role using the Boto3 Policy object.
def attach_to_role(role_name, policy_arn): """ Attaches a policy to a role. :param role_name: The name of the role. **Note** this is the name, not the ARN. :param policy_arn: The ARN of the policy. """ try: iam.Policy(policy_arn).attach_role(RoleName=role_name) logger.info("Attached policy %s to role %s.", policy_arn, role_name) except ClientError: logger.exception("Couldn't attach policy %s to role %s.", policy_arn, role_name) raiseAttach a policy to a role using the Boto3 Role object.
def attach_policy(role_name, policy_arn): """ Attaches a policy to a role. :param role_name: The name of the role. **Note** this is the name, not the ARN. :param policy_arn: The ARN of the policy. """ try: iam.Role(role_name).attach_policy(PolicyArn=policy_arn) logger.info("Attached policy %s to role %s.", policy_arn, role_name) except ClientError: logger.exception("Couldn't attach policy %s to role %s.", policy_arn, role_name) raise-
For API details, see AttachRolePolicy in AWS SDK for Python (Boto3) API Reference.
-
- Ruby
-
- SDK for Ruby
-
Note There's more on GitHub. Find the complete example and learn how to set up and run in the AWS Code Examples Repository
. # Creates a policy that grants permission to list S3 buckets in the account, and # then attaches the policy to a role. # # @param policy_name [String] The name to give the policy. # @param role [Aws::IAM::Role] The role that the policy is attached to. # @return [Aws::IAM::Policy] The newly created policy. def create_and_attach_role_policy(policy_name, role) policy = @iam_resource.create_policy( policy_name: policy_name, policy_document: { Version: "2012-10-17", Statement: [{ Effect: "Allow", Action: "s3:ListAllMyBuckets", Resource: "arn:aws:s3:::*" }] }.to_json) role.attach_policy(policy_arn: policy.arn) puts("Created policy #{policy.policy_name} and attached it to role #{role.name}.") rescue Aws::Errors::ServiceError => e puts("Couldn't create a policy and attach it to role #{role.name}. Here's why: ") puts("\t#{e.code}: #{e.message}") raise else policy end-
For API details, see AttachRolePolicy in AWS SDK for Ruby API Reference.
-
- Rust
-
- SDK for Rust
-
Note This documentation is for an SDK in preview release. The SDK is subject to change and should not be used in production.
Note There's more on GitHub. Find the complete example and learn how to set up and run in the AWS Code Examples Repository
. pub async fn attach_role_policy( client: &iamClient, role: &Role, policy: &Policy, ) -> Result<AttachRolePolicyOutput, SdkError<AttachRolePolicyError>> { client .attach_role_policy() .role_name(role.role_name.as_ref().unwrap()) .policy_arn(policy.arn.as_ref().unwrap()) .send() .await }-
For API details, see AttachRolePolicy
in AWS SDK for Rust API reference.
-
- Swift
-
- SDK for Swift
-
Note This is prerelease documentation for an SDK in preview release. It is subject to change.
Note There's more on GitHub. Find the complete example and learn how to set up and run in the AWS Code Examples Repository
. public func attachRolePolicy(role: String, policyArn: String) async throws { let input = AttachRolePolicyInput( policyArn: policyArn, roleName: role ) do { _ = try await client.attachRolePolicy(input: input) } catch { throw error } }-
For API details, see AttachRolePolicy
in AWS SDK for Swift API reference.
-
