Select your cookie preferences

We use cookies and similar tools to enhance your experience, provide our services, deliver relevant advertising, and make improvements. Approved third parties also use these tools to help us deliver advertising and provide certain site features.

describe_permissions

describe_permissions(**kwargs)

Describes the permissions for a specified stack.

Required Permissions : To use this action, an IAM user must have a Manage permissions level for the stack, or an attached policy that explicitly grants permissions. For more information on user permissions, see Managing User Permissions.

See also: AWS API Documentation

Request Syntax

response = client.describe_permissions(
    IamUserArn='string',
    StackId='string'
)
Parameters
  • IamUserArn (string) -- The user's IAM ARN. This can also be a federated user's ARN. For more information about IAM ARNs, see Using Identifiers.
  • StackId (string) -- The stack ID.
Return type

dict

Returns

Response Syntax

{
    'Permissions': [
        {
            'StackId': 'string',
            'IamUserArn': 'string',
            'AllowSsh': True|False,
            'AllowSudo': True|False,
            'Level': 'string'
        },
    ]
}

Response Structure

  • (dict) --

    Contains the response to a DescribePermissions request.

    • Permissions (list) --

      An array of Permission objects that describe the stack permissions.

      • If the request object contains only a stack ID, the array contains a Permission object with permissions for each of the stack IAM ARNs.
      • If the request object contains only an IAM ARN, the array contains a Permission object with permissions for each of the user's stack IDs.
      • If the request contains a stack ID and an IAM ARN, the array contains a single Permission object with permissions for the specified stack and IAM ARN.
      • (dict) --

        Describes stack or user permissions.

        • StackId (string) --

          A stack ID.

        • IamUserArn (string) --

          The Amazon Resource Name (ARN) for an AWS Identity and Access Management (IAM) role. For more information about IAM ARNs, see Using Identifiers.

        • AllowSsh (boolean) --

          Whether the user can use SSH.

        • AllowSudo (boolean) --

          Whether the user can use sudo .

        • Level (string) --

          The user's permission level, which must be the following:

          • deny
          • show
          • deploy
          • manage
          • iam_only

          For more information on the permissions associated with these levels, see Managing User Permissions

Exceptions

  • OpsWorks.Client.exceptions.ValidationException
  • OpsWorks.Client.exceptions.ResourceNotFoundException