attach_role_policy

IAM.Client.attach_role_policy(**kwargs)

Attaches the specified managed policy to the specified IAM role. When you attach a managed policy to a role, the managed policy becomes part of the role's permission (access) policy.

Note

You cannot use a managed policy as the role's trust policy. The role's trust policy is created at the same time as the role, using CreateRole. You can update a role's trust policy using UpdateAssumeRolePolicy.

Use this operation to attach a managed policy to a role. To embed an inline policy in a role, use PutRolePolicy. For more information about policies, see Managed policies and inline policies in the IAM User Guide .

As a best practice, you can validate your IAM policies. To learn more, see Validating IAM policies in the IAM User Guide .

See also: AWS API Documentation

Request Syntax

response = client.attach_role_policy(
    RoleName='string',
    PolicyArn='string'
)
Parameters
  • RoleName (string) --

    [REQUIRED]

    The name (friendly name, not ARN) of the role to attach the policy to.

    This parameter allows (through its regex pattern ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

  • PolicyArn (string) --

    [REQUIRED]

    The Amazon Resource Name (ARN) of the IAM policy you want to attach.

    For more information about ARNs, see Amazon Resource Names (ARNs) in the Amazon Web Services General Reference .

Returns

None

Exceptions

  • IAM.Client.exceptions.NoSuchEntityException
  • IAM.Client.exceptions.LimitExceededException
  • IAM.Client.exceptions.InvalidInputException
  • IAM.Client.exceptions.UnmodifiableEntityException
  • IAM.Client.exceptions.PolicyNotAttachableException
  • IAM.Client.exceptions.ServiceFailureException

Examples

The following command attaches the AWS managed policy named ReadOnlyAccess to the IAM role named ReadOnlyRole.

response = client.attach_role_policy(
    PolicyArn='arn:aws:iam::aws:policy/ReadOnlyAccess',
    RoleName='ReadOnlyRole',
)

print(response)

Expected Output:

{
    'ResponseMetadata': {
        '...': '...',
    },
}