IAM.Client.
attach_role_policy
(**kwargs)¶Attaches the specified managed policy to the specified IAM role. When you attach a managed policy to a role, the managed policy becomes part of the role's permission (access) policy.
Note
You cannot use a managed policy as the role's trust policy. The role's trust policy is created at the same time as the role, using CreateRole. You can update a role's trust policy using UpdateAssumeRolePolicy.
Use this operation to attach a managed policy to a role. To embed an inline policy in a role, use PutRolePolicy. For more information about policies, see Managed policies and inline policies in the IAM User Guide .
As a best practice, you can validate your IAM policies. To learn more, see Validating IAM policies in the IAM User Guide .
See also: AWS API Documentation
Request Syntax
response = client.attach_role_policy(
RoleName='string',
PolicyArn='string'
)
[REQUIRED]
The name (friendly name, not ARN) of the role to attach the policy to.
This parameter allows (through its regex pattern ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
[REQUIRED]
The Amazon Resource Name (ARN) of the IAM policy you want to attach.
For more information about ARNs, see Amazon Resource Names (ARNs) in the Amazon Web Services General Reference .
None
Exceptions
IAM.Client.exceptions.NoSuchEntityException
IAM.Client.exceptions.LimitExceededException
IAM.Client.exceptions.InvalidInputException
IAM.Client.exceptions.UnmodifiableEntityException
IAM.Client.exceptions.PolicyNotAttachableException
IAM.Client.exceptions.ServiceFailureException
Examples
The following command attaches the AWS managed policy named ReadOnlyAccess to the IAM role named ReadOnlyRole.
response = client.attach_role_policy(
PolicyArn='arn:aws:iam::aws:policy/ReadOnlyAccess',
RoleName='ReadOnlyRole',
)
print(response)
Expected Output:
{
'ResponseMetadata': {
'...': '...',
},
}