IAM / Client / attach_role_policy

attach_role_policy#

IAM.Client.attach_role_policy(**kwargs)#

Attaches the specified managed policy to the specified IAM role. When you attach a managed policy to a role, the managed policy becomes part of the role’s permission (access) policy.

Note

You cannot use a managed policy as the role’s trust policy. The role’s trust policy is created at the same time as the role, using CreateRole. You can update a role’s trust policy using UpdateAssumeRolePolicy.

Use this operation to attach a managed policy to a role. To embed an inline policy in a role, use PutRolePolicy. For more information about policies, see Managed policies and inline policies in the IAM User Guide.

As a best practice, you can validate your IAM policies. To learn more, see Validating IAM policies in the IAM User Guide.

See also: AWS API Documentation

Request Syntax

response = client.attach_role_policy(
    RoleName='string',
    PolicyArn='string'
)
Parameters:

  • RoleName (string) –

    [REQUIRED]

    The name (friendly name, not ARN) of the role to attach the policy to.

    This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

  • PolicyArn (string) –

    [REQUIRED]

    The Amazon Resource Name (ARN) of the IAM policy you want to attach.

    For more information about ARNs, see Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.

Returns:

None

Exceptions

  • IAM.Client.exceptions.NoSuchEntityException

  • IAM.Client.exceptions.LimitExceededException

  • IAM.Client.exceptions.InvalidInputException

  • IAM.Client.exceptions.UnmodifiableEntityException

  • IAM.Client.exceptions.PolicyNotAttachableException

  • IAM.Client.exceptions.ServiceFailureException

Examples

The following command attaches the AWS managed policy named ReadOnlyAccess to the IAM role named ReadOnlyRole.

response = client.attach_role_policy(
    PolicyArn='arn:aws:iam::aws:policy/ReadOnlyAccess',
    RoleName='ReadOnlyRole',
)

print(response)

Expected Output:

{
    'ResponseMetadata': {
        '...': '...',
    },
}