describe_permissions

describe_permissions(**kwargs)

Describes the permissions for a specified stack.

Required Permissions : To use this action, an IAM user must have a Manage permissions level for the stack, or an attached policy that explicitly grants permissions. For more information on user permissions, see Managing User Permissions.

See also: AWS API Documentation

Request Syntax

response = client.describe_permissions(
    IamUserArn='string',
    StackId='string'
)
Parameters
  • IamUserArn (string) -- The user's IAM ARN. This can also be a federated user's ARN. For more information about IAM ARNs, see Using Identifiers.
  • StackId (string) -- The stack ID.
Return type

dict

Returns

Response Syntax

{
    'Permissions': [
        {
            'StackId': 'string',
            'IamUserArn': 'string',
            'AllowSsh': True|False,
            'AllowSudo': True|False,
            'Level': 'string'
        },
    ]
}

Response Structure

  • (dict) --

    Contains the response to a DescribePermissions request.

    • Permissions (list) --

      An array of Permission objects that describe the stack permissions.

      • If the request object contains only a stack ID, the array contains a Permission object with permissions for each of the stack IAM ARNs.
      • If the request object contains only an IAM ARN, the array contains a Permission object with permissions for each of the user's stack IDs.
      • If the request contains a stack ID and an IAM ARN, the array contains a single Permission object with permissions for the specified stack and IAM ARN.
      • (dict) --

        Describes stack or user permissions.

        • StackId (string) --

          A stack ID.

        • IamUserArn (string) --

          The Amazon Resource Name (ARN) for an AWS Identity and Access Management (IAM) role. For more information about IAM ARNs, see Using Identifiers.

        • AllowSsh (boolean) --

          Whether the user can use SSH.

        • AllowSudo (boolean) --

          Whether the user can use sudo .

        • Level (string) --

          The user's permission level, which must be the following:

          • deny
          • show
          • deploy
          • manage
          • iam_only

          For more information on the permissions associated with these levels, see Managing User Permissions

Exceptions

  • OpsWorks.Client.exceptions.ValidationException
  • OpsWorks.Client.exceptions.ResourceNotFoundException