[ aws . opsworks ]

describe-permissions

Description

Describes the permissions for a specified stack.

Required Permissions : To use this action, an IAM user must have a Manage permissions level for the stack, or an attached policy that explicitly grants permissions. For more information on user permissions, see Managing User Permissions .

See also: AWS API Documentation

See ‘aws help’ for descriptions of global parameters.

Synopsis

  describe-permissions
[--iam-user-arn <value>]
[--stack-id <value>]
[--cli-input-json | --cli-input-yaml]
[--generate-cli-skeleton <value>]

Options

--iam-user-arn (string)

The user’s IAM ARN. This can also be a federated user’s ARN. For more information about IAM ARNs, see Using Identifiers .

--stack-id (string)

The stack ID.

--cli-input-json | --cli-input-yaml (string) Reads arguments from the JSON string provided. The JSON string follows the format provided by --generate-cli-skeleton. If other arguments are provided on the command line, those values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally. This may not be specified along with --cli-input-yaml.

--generate-cli-skeleton (string) Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value input, prints a sample input JSON that can be used as an argument for --cli-input-json. Similarly, if provided yaml-input it will print a sample input YAML that can be used with --cli-input-yaml. If provided with the value output, it validates the command inputs and returns a sample output JSON for that command.

See ‘aws help’ for descriptions of global parameters.

Examples

To obtain a user’s per-stack AWS OpsWorks permission level

The following example shows how to to obtain an AWS Identity and Access Management (IAM) user’s permission level on a specified stack.

aws opsworks --region us-east-1 describe-permissions --iam-user-arn arn:aws:iam::123456789012:user/cli-user-test --stack-id d72553d4-8727-448c-9b00-f024f0ba1b06

Output:

{
  "Permissions": [
    {
      "StackId": "d72553d4-8727-448c-9b00-f024f0ba1b06",
      "IamUserArn": "arn:aws:iam::123456789012:user/cli-user-test",
      "Level": "manage",
      "AllowSudo": true,
      "AllowSsh": true
    }
  ]
}

More Information

For more information, see Granting Per-Stack Permissions Levels in the AWS OpsWorks User Guide.

Output

Permissions -> (list)

An array of Permission objects that describe the stack permissions.

  • If the request object contains only a stack ID, the array contains a Permission object with permissions for each of the stack IAM ARNs.

  • If the request object contains only an IAM ARN, the array contains a Permission object with permissions for each of the user’s stack IDs.

  • If the request contains a stack ID and an IAM ARN, the array contains a single Permission object with permissions for the specified stack and IAM ARN.

(structure)

Describes stack or user permissions.

StackId -> (string)

A stack ID.

IamUserArn -> (string)

The Amazon Resource Name (ARN) for an AWS Identity and Access Management (IAM) role. For more information about IAM ARNs, see Using Identifiers .

AllowSsh -> (boolean)

Whether the user can use SSH.

AllowSudo -> (boolean)

Whether the user can use sudo .

Level -> (string)

The user’s permission level, which must be the following:

  • deny

  • show

  • deploy

  • manage

  • iam_only

For more information on the permissions associated with these levels, see Managing User Permissions