Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to create AWS IAM role attaching managed policy only using Boto3

Tags:

roles

amazon-web-services

boto3

amazon-iam

policy

I am trying to use Boto3 to create a new instance role that will attach a managed policy only.

I have the following:

Policy Name: my_instance_policy

Policy ARN: arn:aws:iam::123456789012:policy/my_test_policy

I want to create the role called 'my_instance_role' attaching attaching the above policy only.

Boto3 client has the create_role() function like below:

import boto3
client = boto3.client('iam')
response = client.create_role(
    Path='string',
    RoleName='string',
    AssumeRolePolicyDocument='string',
    Description='string'
)

Here, I do not see an option to use the policy ARN or name. My understanding is that AssumeRolePolicyDocument variable needs the JSON formatted policy document converted in to text.

Is it possible the way I am looking for?

like image 684
Rafiq Avatar asked May 22 '17 20:05

Rafiq

People also ask

How do you create a IAM policy on Boto3?

To create an IAM policy, you need to use the create_policy() method of the Boto3 IAM client. The returned response object will contain additional information about the created policy.

How do you attach an IAM role?

To attach an IAM role to an instance Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/ . In the navigation pane, choose Instances. Select the instance, choose Actions, Security, Modify IAM role. Select the IAM role to attach to your instance, and choose Save.

How many policies can you attach to an IAM role?

IAM groups You can attach up to 20 managed policies to IAM roles and users.

2 Answers

You would have to create the role (as you are doing above) and then separately attach the managed policy to the role like this:

response = client.attach_role_policy(
    RoleName='MyRole', PolicyArn='<arn of managed policy>')
like image 155
garnaat Avatar answered Sep 25 '22 01:09

garnaat

I had a similar question in regard to how to supply the AssumeRolePolicyDocument when creating an IAM role with Boto3.

I used the following code...

assume_role_policy_document = json.dumps({
    "Version": "2012-10-17",
    "Statement": [
        {
        "Effect": "Allow",
        "Principal": {
            "Service": "greengrass.amazonaws.com"
        },
        "Action": "sts:AssumeRole"
        }
    ]
})

create_role_response = self._iam.create_role(
    RoleName = "my-role-name,
    AssumeRolePolicyDocument = assume_role_policy_document
)

Note that the AssumeRolePolicyDocument is about defining the trust relationship and not the actual permissions of the role you are creating.

like image 24
Remotec Avatar answered Sep 23 '22 01:09

Remotec
Sign in to Comment

Related questions

AWS Javascript SDK v3 - Typescript doesn't compile due to error TS2304: Cannot find name 'ReadableStream'
Docker push to AWS ECR fails on Windows: no basic auth credentials
How do I add trigger to an AWS Lambda function using AWS CLI?
Unittest on AWS Lambda
How to gracefully drain a node in EKS?
awscli s3 sync wildcards
Drop column in Dynamo DB table
API Key enabled, but requests without key still running
AWS API Gateway CORS ok for OPTIONS, fail for POST
How to play AudioStream response in AWS Polly using JavaScript SDK?
Getting Commit ID in CodePipeline
How do I get CloudFront-Viewer-Country to appear in response headers?
AWS S3 File Download from the client-side
Dynamic References to Specify Secret Manager Values in AWS Cloudformation
Passing data to step function catch
Terraform - Upload file to S3 on every apply
AWS: How to copy multiple file from local to s3?
Amazon AWS RDS vs EC2 with SQL Server [closed]
AWS CloudFormation conditional tagging
Spring Boot and ebextensions

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!