Amazon Web Services (AWS) - List IAM Role Policies using the AWS CLI
by
Jeremy Canfield |
Updated: April 15 2024
| Amazon Web Services (AWS) articles
This assumes you have already configured the aws command line tool. If not, check out my article on Getting Started with the AWS CLI.
- An IAM Policy allows certain actions (such create) on certain resources (such as EC2)
- An IAM User is typically a users account (such as john.doe) that contains an IAM Identity-Based Policy that allows certain actions (such as list) on certain resources (such S3)
- An IAM Role contains an IAM Policy that allows certain actions (such create) on certain resources (such as EC2). Let's say the Identity-Based Policy attached to john.doe does NOT allow "create S3"
- The Role that allows "create S3" could be attached to john.doe - or, john.doe could Assume the Role:
- Often, a Role will have two Policies:
The aws iam list-roles command can be used to list the IAM roles that have been created.
~]$ aws iam list-roles
{
"Roles": [
{
"Path": "/",
"RoleName": "my-role",
"RoleId": "ARABCDITL71234TJARYZV",
"Arn": "arn:aws:iam::123456789012:role/my-rolee",
"CreateDate": "2023-07-18T06:08:58+00:00",
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::123456789012:root"
},
"Action": "sts:AssumeRole"
}
]
},
"MaxSessionDuration": 3600
}
]
}
- The aws iam list-attached-user-policies command should list the policies that have been attached to a user.
- The aws iam list-attached-role-policies command should list the policies that have been attached to a role.
In this example, the ReadOnlyAccess policy is attached to my-role.
~]$ aws iam list-attached-role-policies --role-name my-role
{
"AttachedPolicies": [
{
"PolicyName": "ReadOnlyAccess",
"PolicyArn": "arn:aws:iam::aws:policy/ReadOnlyAccess"
}
]
}
Did you find this article helpful?
If so, consider buying me a coffee over at