user_policy#

State module for managing IAM User Policies.

async idem_aws.states.aws.iam.user_policy.present(hub, ctx, name: str, user_name: str, policy_document: Dict, resource_id: str = None) Dict[str, Any][source]#

Adds or updates an inline policy document that is embedded in the specified IAM user.

An IAM user can also have a managed policy attached to it. To attach a managed policy to a user, use AttachUserPolicy. To create a new managed policy, use CreatePolicy. For information about policies, see Managed policies and inline policies in the IAM User Guide. For information about the maximum number of inline policies that you can embed in a user, see IAM and STS quotas in the IAM User Guide. Because policy documents can be large, you should use POST rather than GET when calling PutUserPolicy. For general information about using the Query API with IAM, see Making query requests in the IAM User Guide.

Parameters:
  • name (str) – The name of the AWS IAM policy.

  • user_name (str) – The UserPolicy’s user_name identifier

  • policy_document (dict) – The policy document. IAM stores policies in JSON format. However, resources that were created using CloudFormation templates can be formatted in YAML. CloudFormation always converts a YAML policy to JSON format before submitting it to IAM.

  • resource_id (str, Optional) – The user name and policy name with a separator ‘-’. Format: [user_name]-[policy_name]

Request Syntax:
[iam-user-policy-name]:
  aws.iam.user_policy.present:
    - resource_id: 'string'
    - name: 'string'
    - user_name: 'string'
    - policy_document: 'dict or string'
Returns:

Dict[str, Any]

Examples

idem-test-user-policy:
  aws.iam.user_policy.present:
    - resource_id: idem-test-user-idem-test-user-policy
    - name: idem-test-user-policy
    - user_name: idem-test-user
    - policy_document: '{"Version": "2012-10-17", "Statement": {"Effect": "Allow", "Action": ["cloudwatch:ListMetrics", "cloudwatch:GetMetricStatistics"], "Resource":"*"}}'
async idem_aws.states.aws.iam.user_policy.absent(hub, ctx, name: str, user_name: str = None, resource_id: str = None) Dict[str, Any][source]#

Deletes the specified inline policy that is embedded in the specified IAM user.

A user can also have managed policies attached to it. To detach a managed policy from a user, use DetachUserPolicy. For more information about policies, refer to Managed policies and inline policies in the IAM User Guide.

Parameters:
  • name (str) – The name of the AWS IAM policy.

  • user_name (str, Optional) – The UserPolicy’s user_name identifier. Idem automatically considers this resource being absent if this field is not specified.

  • resource_id (str, Optional) – The user name and policy name with a separator ‘-’. Format: [user_name]-[policy_name]. If not specified, Idem will use “name” parameter to identify the IAM policy on AWS.

Request Syntax:
[iam-user-policy-name]:
  aws.iam.user_policy.present:
    - name: 'string'
    - resource_id: 'string'
    - user_name: 'string'
Returns:

Dict[str, Any]

Examples

idem-test-user-policy:
  aws.iam.user_policy.absent:
    - name: idem-test-user-policy
    - resource_id: idem-test-user-idem-test-user-policy
    - user_name: idem-test-user
async idem_aws.states.aws.iam.user_policy.describe(hub, ctx) Dict[str, Dict[str, Any]][source]#

Describe the resource in a way that can be recreated/managed with the corresponding “present” function

Lists the names of the inline policies embedded in the specified IAM user. An IAM user can also have managed policies attached to it. To list the managed policies that are attached to a user, use ListAttachedUserPolicies. For more information about policies, see Managed policies and inline policies in the IAM User Guide. You can paginate the results using the MaxItems and Marker parameters. If there are no inline policies embedded with the specified user, the operation returns an empty list.

Returns:

Dict[str, Any]

Examples

$ idem describe aws_auto.iam.user_policy