IAM / Client / put_user_permissions_boundary



Adds or updates the policy that is specified as the IAM user’s permissions boundary. You can use an Amazon Web Services managed policy or a customer managed policy to set the boundary for a user. Use the boundary to control the maximum permissions that the user can have. Setting a permissions boundary is an advanced feature that can affect the permissions for the user.


Policies that are used as permissions boundaries do not provide permissions. You must also attach a permissions policy to the user. To learn how the effective permissions for a user are evaluated, see IAM JSON policy evaluation logic in the IAM User Guide.

See also: AWS API Documentation

Request Syntax

response = client.put_user_permissions_boundary(
  • UserName (string) –


    The name (friendly name, not ARN) of the IAM user for which you want to set the permissions boundary.

  • PermissionsBoundary (string) –


    The ARN of the managed policy that is used to set the permissions boundary for the user.

    A permissions boundary policy defines the maximum permissions that identity-based policies can grant to an entity, but does not grant permissions. Permissions boundaries do not define the maximum permissions that a resource-based policy can grant to an entity. To learn more, see Permissions boundaries for IAM entities in the IAM User Guide.

    For more information about policy types, see Policy types in the IAM User Guide.




  • IAM.Client.exceptions.NoSuchEntityException

  • IAM.Client.exceptions.InvalidInputException

  • IAM.Client.exceptions.PolicyNotAttachableException

  • IAM.Client.exceptions.ServiceFailureException