OpsWorks / Client / describe_permissions

describe_permissions#

OpsWorks.Client.describe_permissions(**kwargs)#

Describes the permissions for a specified stack.

Required Permissions: To use this action, an IAM user must have a Manage permissions level for the stack, or an attached policy that explicitly grants permissions. For more information on user permissions, see Managing User Permissions.

See also: AWS API Documentation

Request Syntax

response = client.describe_permissions(
    IamUserArn='string',
    StackId='string'
)
Parameters:

  • IamUserArn (string) – The user’s IAM ARN. This can also be a federated user’s ARN. For more information about IAM ARNs, see Using Identifiers.

  • StackId (string) – The stack ID.

Return type:

dict

Returns:

Response Syntax

{
    'Permissions': [
        {
            'StackId': 'string',
            'IamUserArn': 'string',
            'AllowSsh': True|False,
            'AllowSudo': True|False,
            'Level': 'string'
        },
    ]
}

Response Structure

  • (dict) –

    Contains the response to a DescribePermissions request.

    • Permissions (list) –

      An array of Permission objects that describe the stack permissions.

      • If the request object contains only a stack ID, the array contains a Permission object with permissions for each of the stack IAM ARNs.

      • If the request object contains only an IAM ARN, the array contains a Permission object with permissions for each of the user’s stack IDs.

      • If the request contains a stack ID and an IAM ARN, the array contains a single Permission object with permissions for the specified stack and IAM ARN.

      • (dict) –

        Describes stack or user permissions.

        • StackId (string) –

          A stack ID.

        • IamUserArn (string) –

          The Amazon Resource Name (ARN) for an AWS Identity and Access Management (IAM) role. For more information about IAM ARNs, see Using Identifiers.

        • AllowSsh (boolean) –

          Whether the user can use SSH.

        • AllowSudo (boolean) –

          Whether the user can use sudo.

        • Level (string) –

          The user’s permission level, which must be the following:

          • deny

          • show

          • deploy

          • manage

          • iam_only

          For more information on the permissions associated with these levels, see Managing User Permissions

Exceptions

  • OpsWorks.Client.exceptions.ValidationException

  • OpsWorks.Client.exceptions.ResourceNotFoundException