Bootstrap

Amazon Web Services (AWS) - List IAM Roles using the AWS CLI

by Jeremy Canfield | Updated: April 15 2024 | Amazon Web Services (AWS) articles

This assumes you have already configured the aws command line tool. If not, check out my article on Getting Started with the AWS CLI.

An IAM (Identity and Access Management) Roles is similar, but not the same as an IAM User.

An IAM Policy allows certain actions (such create) on certain resources (such as EC2)
An IAM User is typically a users account (such as john.doe) that contains an IAM Identity-Based Policy that allows certain actions (such as list) on certain resources (such S3)
An IAM Role contains an IAM Policy that allows certain actions (such create) on certain resources (such as EC2) - Let's say the Identity-Based Policy attached to john.doe does NOT allow create S3 - john.doe could Assume a Role that allows create S3
- Assume Role or Switch Role using Python boto3
- Assume Role or Switch Role using Terraform
- Assume Role or Switch Role using the AWS CLI
- Often, a Role will have two Policies:
  - Trust Relationship
  - Permission Policy

The aws iam list-roles command can be used to list the IAM (Identity and Access Management) Roles.

IAM (Identity and Access Management) Roles contains one or more IAM Policies - Almost always, a Role will have two Policies.
- Trust Relationship
- Permission Policy
An IAM Policy contains the permissions to an AWS resource. For example, the AmazonEC2FullAccess policy permits full access to EC2. An IAM Policy can be applied to a user, group, or role.

Something like this should be returned.

aws iam list-roles

And here is an example of how to limit the output using the --query option.

aws iam list-roles --query 'Roles[?RoleName==`admin-role`]'

Something like this should be returned.

{
    "Roles": [
        {
            "Path": "/",
            "RoleName": "AWS-QuickSetup-StackSet-Local-AdministrationRole",
            "RoleId": "AROA2MITL76GLYTJARYZV",
            "Arn": "arn:aws:iam::123456789012:role/AWS-QuickSetup-StackSet-Local-AdministrationRole",
            "CreateDate": "2022-10-06T08:01:40+00:00",
            "AssumeRolePolicyDocument": {
                "Version": "2012-10-17",
                "Statement": [
                    {
                        "Effect": "Allow",
                        "Principal": {
                            "Service": "cloudformation.amazonaws.com"
                        },
                        "Action": "sts:AssumeRole"
                    }
                ]
            },
            "MaxSessionDuration": 3600
        }
    ]
}

Did you find this article helpful?

If so, consider buying me a coffee over at

Did you find this article helpful?

Comments

Add a Comment