Attaches the specified managed policy to the specified IAM role. When you attach a managed policy to a role, the managed policy becomes part of the role’s permission (access) policy.
Note
You cannot use a managed policy as the role’s trust policy. The role’s trust policy is created at the same time as the role, using CreateRole . You can update a role’s trust policy using UpdateAssumeRolePolicy .
Use this operation to attach a managed policy to a role. To embed an inline policy in a role, use PutRolePolicy . For more information about policies, see Managed policies and inline policies in the IAM User Guide .
See also: AWS API Documentation
See ‘aws help’ for descriptions of global parameters.
attach-role-policy
--role-name <value>
--policy-arn <value>
[--cli-input-json | --cli-input-yaml]
[--generate-cli-skeleton <value>]
--role-name
(string)
The name (friendly name, not ARN) of the role to attach the policy to.
This parameter allows (through its regex pattern ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
--policy-arn
(string)
The Amazon Resource Name (ARN) of the IAM policy you want to attach.
For more information about ARNs, see Amazon Resource Names (ARNs) in the AWS General Reference .
--cli-input-json
| --cli-input-yaml
(string)
Reads arguments from the JSON string provided. The JSON string follows the format provided by --generate-cli-skeleton
. If other arguments are provided on the command line, those values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally. This may not be specified along with --cli-input-yaml
.
--generate-cli-skeleton
(string)
Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value input
, prints a sample input JSON that can be used as an argument for --cli-input-json
. Similarly, if provided yaml-input
it will print a sample input YAML that can be used with --cli-input-yaml
. If provided with the value output
, it validates the command inputs and returns a sample output JSON for that command.
See ‘aws help’ for descriptions of global parameters.
To attach a managed policy to an IAM role
The following attach-role-policy
command attaches the AWS managed policy named ReadOnlyAccess
to the IAM role named ReadOnlyRole
:
aws iam attach-role-policy --policy-arn arn:aws:iam::aws:policy/ReadOnlyAccess --role-name ReadOnlyRole
For more information, see Managed Policies and Inline Policies in the Using IAM guide.
None