Bootstrap FreeKB - Amazon Web Services (AWS) - Attach IAM Policies to a User using the AWS CLI
Amazon Web Services (AWS) - Attach IAM Policies to a User using the AWS CLI


This assumes you have already configured the aws command line tool. If not, check out my article on Getting Started with the AWS CLI.

To access AWS services, you need a valid AWS account with the necessary permissions. For users other than the root user, permissions are granted through IAM policies. The policy defines the set of permissions to AWS service, such as S3 buckets.

The aws iam list-attached-user-policies command can be used to list the policies (permissions) associated with a user. By default, no policies are attached to the newly created user.

~]$ aws iam list-attached-user-policies --user-name john.doe
{
    "AttachedPolicies": []
}

 

The aws iam list-policies command can be used to list all of the available policies.

aws iam list-policies

 

And here is an example of how to limit the output using the --query option.

aws iam list-policies --query 'Policies[?PolicyName==`ReadOnlyAccess`]'

 

Something like this should be returned.

{
    "Policies": [
        {
            "PolicyName": "AdministratorAccess",
            "PolicyId": "ANPAIWMBCKSKIEE64ZLYK",
            "Arn": "arn:aws:iam::aws:policy/AdministratorAccess",
            "Path": "/",
            "DefaultVersionId": "v1",
            "AttachmentCount": 2,
            "PermissionsBoundaryUsageCount": 0,
            "IsAttachable": true,
            "CreateDate": "2015-02-06T18:39:46+00:00",
            "UpdateDate": "2015-02-06T18:39:46+00:00"
        },
        {
            "PolicyName": "PowerUserAccess",
            "PolicyId": "ANPAJYRXTHIB4FOVS3ZXS",
            "Arn": "arn:aws:iam::aws:policy/PowerUserAccess",
            "Path": "/",
            "DefaultVersionId": "v4",
            "AttachmentCount": 0,
            "PermissionsBoundaryUsageCount": 0,
            "IsAttachable": true,
            "CreateDate": "2015-02-06T18:39:47+00:00",
            "UpdateDate": "2019-03-20T22:19:03+00:00"
        }
    ]
}

 

  • The aws iam attach-user-policy command (this article) can be used to attach a policy to a user using the ARN (Amazon Resource Number) of the policy.
  • The aws iam attach-role-policy command can be used to attach a policy to a role using the ARN (Amazon Resource Number) of the policy.

In this example, the ReadOnlyAccess policy is attached to user john.doe.

aws iam attach-user-policy --user-name john.doe --policy-arn arn:aws:iam::aws:policy/ReadOnlyAccess

 

In this example, the ReadOnlyAccess policy is attached to user john.doe.

~]$ aws iam list-attached-user-policies --user-name john.doe
{
    "AttachedPolicies": [
        {
            "PolicyName": "ReadOnlyAccess",
            "PolicyArn": "arn:aws:iam::aws:policy/ReadOnlyAccess"
        }
    ]
}

 




Did you find this article helpful?

If so, consider buying me a coffee over at Buy Me A Coffee



Comments


Add a Comment


Please enter d482ef in the box below so that we can be sure you are a human.