role_policy#
State module for managing IAM Role Policies.
- async idem_aws.states.aws.iam.role_policy.present(hub, ctx, name: str, role_name: str, policy_document: Dict, resource_id: str = None) Dict[str, Any] [source]#
Adds or updates an inline policy document that is embedded in the specified IAM role.
When you embed an inline policy in a role, the inline policy is used as part of the role’s access (permissions) policy. The role’s trust policy is created at the same time as the role, using aws.iam.role.present. A role can also have a managed policy attached to it. To attach a managed policy to a role, use aws.iam.role_policy_attachment.present. To create a new managed policy, use aws.iam.policy.present.
For information about policies, see Managed policies and inline policies in the IAM User Guide. For information about the maximum number of inline policies that you can embed with a role, see IAM and STS quotas in the IAM User Guide.
- Parameters:
name (str) – The name of the AWS IAM policy.
role_name (str) – The name of the role to associate the policy with. This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
policy_document (dict or str) – The policy document. You must provide policies in JSON format in IAM. However, for CloudFormation templates formatted in YAML, you can provide the policy in JSON or YAML format. CloudFormation always converts a YAML policy to JSON format before submitting it to IAM.
resource_id (str, Optional) – The role name and policy name with a separator ‘-’. Format: [role_name]-[policy_name]
- Request Syntax:
[iam-role-policy-name]: aws.iam.role_policy.present: - resource_id: 'string' - role_name: 'string' - policy_document: 'dict or string'
- Returns:
Dict[str, Any]
Examples
idem-test-role-policy-930323cb-91cf-42a2-ad9b-3f195c776037: aws.iam.role_policy.present: - role_name: idem-test-role-e9528a79-a327-4a83-9912-c9b90044f1e4 - resource_id: idem-test-role-e9528a79-a327-4a83-9912-c9b90044f1e4-idem-test-role-policy-930323cb-91cf-42a2-ad9b-3f195c776037 - policy_document: '{"Version": "2012-10-17", "Statement": {"Effect": "Allow", "Action": "s3:ListBucket", "Resource": "arn:aws:s3:::example_bucket"}}'
- async idem_aws.states.aws.iam.role_policy.absent(hub, ctx, name: str, role_name: str = None, resource_id: str = None) Dict[str, Any] [source]#
Deletes the specified inline policy that is embedded in the specified IAM role.
A role can also have managed policies attached to it. To detach a managed policy from a role, use aws.iam.role_policy_attachment.absent. For more information about policies, refer to Managed policies and inline policies in the IAM User Guide.
- Parameters:
name (str) – The name of the AWS IAM policy.
role_name (str, Optional) – The name of the AWS IAM role. Idem automatically considers this resource being absent if this field is not specified.
resource_id (str, Optional) – The role name and policy name with a separator ‘-’. Format: [role_name]-[policy_name]. If not specified, Idem will use “name” parameter to identify the role policy on AWS.
- Request Syntax:
[role_policy-resource-id]: aws.iam.role_policy.absent: - name: "string" - role_name: "string" - resource_id: "string"
- Returns:
Dict[str, Any]
Examples
idem-test-role-policy-930323cb-91cf-42a2-ad9b-3f195c776037: aws.iam.role_policy.absent: - name: idem-test-role-policy-930323cb-91cf-42a2-ad9b-3f195c776037 - role_name: idem-test-role-e9528a79-a327-4a83-9912-c9b90044f1e4 - resource_id: idem-test-role-e9528a79-a327-4a83-9912-c9b90044f1e4-idem-test-role-policy-930323cb-91cf-42a2-ad9b-3f195c776037
- async idem_aws.states.aws.iam.role_policy.describe(hub, ctx) Dict[str, Dict[str, Any]] [source]#
Describe the resource in a way that can be recreated/managed with the corresponding “present” function
Lists the names of the inline policies that are embedded in of all IAM roles. An IAM role can also have managed policies attached to it. These managed polices are not listed with this describe function. To list the managed policies that are attached to a role, use aws.iam.role_policy_attachment.describe. If there are no inline policies embedded with the specified role, the operation returns an empty dict.
- Returns:
Dict[str, Any]
- Examples:`
$ idem describe aws.iam.role_policy