role_policy_attachment#

State module for managing IAM Role Policy Attachments.

async idem_aws.states.aws.iam.role_policy_attachment.present(hub, ctx, name: str, role_name: str, policy_arn: str, resource_id: str = None) Dict[str, Any][source]#

Attaches the specified managed policy to the specified IAM role.

When you attach a managed policy to a role, the managed policy becomes part of the role’s permission (access) policy.

Parameters:
  • name (str) – A name to represent the operation. This name is only for logging purpose. It is not used to attach a policy to a role.

  • role_name (str) – The name (friendly name, not ARN) of the role to attach a policy. This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

  • policy_arn (str) – The Amazon Resource Name (ARN) of the IAM policy you want to attach.

  • resource_id (str, Optional) – The identifier for this object

Request Syntax:
[iam-attach-role-policy-name]:
  aws.iam.role_policy_attachment.present:
    - resource_id: 'string'
    - role_name: 'string'
    - policy_arn: 'string'
Returns:

Dict[str, Any]

Examples

idem-test-policy-temp-name:
  aws.iam.role_policy_attachment.present:
    - role_name: idem-test-role-name
    - policy_arn: arn:aws:iam::aws:policy/ReadOnlyAccess
async idem_aws.states.aws.iam.role_policy_attachment.absent(hub, ctx, name: str, role_name: str = None, policy_arn: str = None) Dict[str, Any][source]#

Removes the specified managed policy from the specified role.

Parameters:
  • name (str) – The name of the AWS IAM role policy.

  • role_name (str, Optional) – The name (friendly name, not ARN) of the role to attach a policy. This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

  • policy_arn (str, Optional) – The Amazon Resource Name (ARN) of the IAM policy you want to attach.

Request Syntax:
[rpa-resource-id]:
  aws.iam.role_policy_attachment.absent:
    - name: "string"
    - role_name: "string"
    - policy_arn: "string"
Returns:

Dict[str, Any]

Examples

resource_is_absent:
  aws.iam.role_policy_attachment.absent:
    - name: value
    - role_name: value
    - policy_arn: value
async idem_aws.states.aws.iam.role_policy_attachment.describe(hub, ctx) Dict[str, Dict[str, Any]][source]#

Describe the resource in a way that can be recreated/managed with the corresponding “present” function

Lists the names of the attached managed policies of all IAM roles. If there are no managed policies attached to the specified role, the operation returns an empty dict.

Returns:

Dict[str, Any]

Examples

$ idem describe aws.iam.role_policy_attachment