IAM / Client / attach_role_policy
attach_role_policy#
- IAM.Client.attach_role_policy(**kwargs)#
Attaches the specified managed policy to the specified IAM role. When you attach a managed policy to a role, the managed policy becomes part of the role’s permission (access) policy.
Note
You cannot use a managed policy as the role’s trust policy. The role’s trust policy is created at the same time as the role, using CreateRole. You can update a role’s trust policy using UpdateAssumerolePolicy.
Use this operation to attach a managed policy to a role. To embed an inline policy in a role, use PutRolePolicy. For more information about policies, see Managed policies and inline policies in the IAM User Guide.
As a best practice, you can validate your IAM policies. To learn more, see Validating IAM policies in the IAM User Guide.
See also: AWS API Documentation
Request Syntax
response = client.attach_role_policy( RoleName='string', PolicyArn='string' )
- Parameters:
RoleName (string) –
[REQUIRED]
The name (friendly name, not ARN) of the role to attach the policy to.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
PolicyArn (string) –
[REQUIRED]
The Amazon Resource Name (ARN) of the IAM policy you want to attach.
For more information about ARNs, see Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.
- Returns:
None
Exceptions
Examples
The following command attaches the AWS managed policy named ReadOnlyAccess to the IAM role named ReadOnlyRole.
response = client.attach_role_policy( PolicyArn='arn:aws:iam::aws:policy/ReadOnlyAccess', RoleName='ReadOnlyRole', ) print(response)
Expected Output:
{ 'ResponseMetadata': { '...': '...', }, }