2015/02/12 - AWS Identity and Access Management - 19 new api methods
Lists all managed policies that are attached to the specified group.
A group can also have inline policies embedded with it. To list the inline policies for a group, use the ListGroupPolicies API. For information about policies, refer to Managed Policies and Inline Policies in the Using IAM guide.
You can paginate the results using the MaxItems and Marker parameters. You can use the PathPrefix parameter to limit the list of policies to only those matching the specified path prefix. If there are no policies attached to the specified group (or none that match the specified path prefix), the action returns an empty list.
Request Syntax
client.list_attached_group_policies(
GroupName='string',
PathPrefix='string',
Marker='string',
MaxItems=123
)
string
[REQUIRED]
The name (friendly name, not ARN) of the group to list attached policies for.
string
The path prefix for filtering the results. This parameter is optional. If it is not included, it defaults to a slash (/), listing all policies.
string
Use this only when paginating results, and only in a subsequent request after you've received a response where the results are truncated. Set it to the value of the Marker element in the response you just received.
integer
Use this only when paginating results to indicate the maximum number of policies you want in the response. If there are additional policies beyond the maximum you specify, the IsTruncated response element is true . This parameter is optional. If you do not include it, it defaults to 100.
dict
Response Syntax
{
'AttachedPolicies': [
{
'PolicyName': 'string',
'PolicyArn': 'string'
},
],
'IsTruncated': True|False,
'Marker': 'string'
}
Response Structure
(dict) --
Contains the response to a successful ListAttachedGroupPolicies request.
AttachedPolicies (list) --
A list of the attached policies.
(dict) --
Contains information about an attached policy.
An attached policy is a managed policy that has been attached to a user, group, or role. This data type is used as a response element in the ListAttachedGroupPolicies, ListAttachedRolePolicies, and ListAttachedUserPolicies actions.
For more information about managed policies, refer to Managed Policies and Inline Policies in the Using IAM guide.
PolicyName (string) --
The friendly name of the attached policy.
PolicyArn (string) --
The Amazon Resource Name (ARN). ARNs are unique identifiers for AWS resources.
For more information about ARNs, go to Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference .
IsTruncated (boolean) --
A flag that indicates whether there are more policies to list. If your results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more policies in the list.
Marker (string) --
If IsTruncated is true , this element is present and contains the value to use for the Marker parameter in a subsequent pagination request.
Retrieves information about the specified version of the specified managed policy, including the policy document.
To list the available versions for a policy, use ListPolicyVersions.
This API retrieves information about managed policies. To retrieve information about an inline policy that is embedded in a user, group, or role, use the GetUserPolicy, GetGroupPolicy, or GetRolePolicy API.
For more information about the types of policies, refer to Managed Policies and Inline Policies in the Using IAM guide.
Request Syntax
client.get_policy_version(
PolicyArn='string',
VersionId='string'
)
string
[REQUIRED]
The Amazon Resource Name (ARN). ARNs are unique identifiers for AWS resources.
For more information about ARNs, go to Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference .
string
[REQUIRED]
Identifies the policy version to retrieve.
dict
Response Syntax
{
'PolicyVersion': {
'Document': 'string',
'VersionId': 'string',
'IsDefaultVersion': True|False,
'CreateDate': datetime(2015, 1, 1)
}
}
Response Structure
(dict) --
Contains the response to a successful GetPolicyVersion request.
PolicyVersion (dict) --
Information about the policy version.
For more information about managed policy versions, see Versioning for Managed Policies in the Using IAM guide.
Document (string) --
The policy document.
The policy document is returned in the response to the GetPolicyVersion operation. It is not included in the response to the ListPolicyVersions operation.
VersionId (string) --
The identifier for the policy version.
Policy version identifiers always begin with v (always lowercase). When a policy is created, the first policy version is v1 .
IsDefaultVersion (boolean) --
Specifies whether the policy version is set as the policy's default version.
CreateDate (datetime) --
The date and time, in ISO 8601 date-time format, when the policy version was created.
Removes the specified managed policy from the specified role.
A role can also have inline policies embedded with it. To delete an inline policy, use the DeleteRolePolicy API. For information about policies, refer to Managed Policies and Inline Policies in the Using IAM guide.
Request Syntax
client.detach_role_policy(
RoleName='string',
PolicyArn='string'
)
string
[REQUIRED]
The name (friendly name, not ARN) of the role to detach the policy from.
string
[REQUIRED]
The Amazon Resource Name (ARN). ARNs are unique identifiers for AWS resources.
For more information about ARNs, go to Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference .
None
Lists information about the versions of the specified managed policy, including the version that is set as the policy's default version.
For more information about managed policies, refer to Managed Policies and Inline Policies in the Using IAM guide.
Request Syntax
client.list_policy_versions(
PolicyArn='string',
Marker='string',
MaxItems=123
)
string
[REQUIRED]
The Amazon Resource Name (ARN). ARNs are unique identifiers for AWS resources.
For more information about ARNs, go to Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference .
string
Use this parameter only when paginating results, and only in a subsequent request after you've received a response where the results are truncated. Set it to the value of the Marker element in the response you just received.
integer
Use this parameter only when paginating results to indicate the maximum number of policy versions you want in the response. If there are additional policy versions beyond the maximum you specify, the IsTruncated response element is true . This parameter is optional. If you do not include it, it defaults to 100.
dict
Response Syntax
{
'Versions': [
{
'Document': 'string',
'VersionId': 'string',
'IsDefaultVersion': True|False,
'CreateDate': datetime(2015, 1, 1)
},
],
'IsTruncated': True|False,
'Marker': 'string'
}
Response Structure
(dict) --
Contains the response to a successful ListPolicyVersions request.
Versions (list) --
A list of policy versions.
For more information about managed policy versions, see Versioning for Managed Policies in the Using IAM guide.
(dict) --
Contains information about a version of a managed policy.
This data type is used as a response element in the CreatePolicyVersion, GetPolicyVersion, and ListPolicyVersions actions.
For more information about managed policies, refer to Managed Policies and Inline Policies in the Using IAM guide.
Document (string) --
The policy document.
The policy document is returned in the response to the GetPolicyVersion operation. It is not included in the response to the ListPolicyVersions operation.
VersionId (string) --
The identifier for the policy version.
Policy version identifiers always begin with v (always lowercase). When a policy is created, the first policy version is v1 .
IsDefaultVersion (boolean) --
Specifies whether the policy version is set as the policy's default version.
CreateDate (datetime) --
The date and time, in ISO 8601 date-time format, when the policy version was created.
IsTruncated (boolean) --
A flag that indicates whether there are more policy versions to list. If your results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more policy versions in the list.
Marker (string) --
If IsTruncated is true , this element is present and contains the value to use for the Marker parameter in a subsequent pagination request.
Attaches the specified managed policy to the specified user.
You use this API to attach a managed policy to a user. To embed an inline policy in a user, use PutUserPolicy.
For more information about policies, refer to Managed Policies and Inline Policies in the Using IAM guide.
Request Syntax
client.attach_user_policy(
UserName='string',
PolicyArn='string'
)
string
[REQUIRED]
The name (friendly name, not ARN) of the user to attach the policy to.
string
[REQUIRED]
The Amazon Resource Name (ARN). ARNs are unique identifiers for AWS resources.
For more information about ARNs, go to Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference .
None
Creates a new managed policy for your AWS account.
This operation creates a policy version with a version identifier of v1 and sets v1 as the policy's default version. For more information about policy versions, see Versioning for Managed Policies in the Using IAM guide.
For more information about managed policies in general, refer to Managed Policies and Inline Policies in the Using IAM guide.
Request Syntax
client.create_policy(
PolicyName='string',
Path='string',
PolicyDocument='string',
Description='string'
)
string
[REQUIRED]
The name of the policy document.
string
The path for the policy.
For more information about paths, see IAM Identifiers in the Using IAM guide.
This parameter is optional. If it is not included, it defaults to a slash (/).
string
[REQUIRED]
The policy document.
The policy must be URL-encoded according to RFC 3986.
string
A friendly description of the policy.
Typically used to store information about the permissions defined in the policy. For example, "Grants access to production DynamoDB tables."
The policy description is immutable. After a value is assigned, it cannot be changed.
dict
Response Syntax
{
'Policy': {
'PolicyName': 'string',
'PolicyId': 'string',
'Arn': 'string',
'Path': 'string',
'DefaultVersionId': 'string',
'AttachmentCount': 123,
'IsAttachable': True|False,
'Description': 'string',
'CreateDate': datetime(2015, 1, 1),
'UpdateDate': datetime(2015, 1, 1)
}
}
Response Structure
(dict) --
Contains the response to a successful CreatePolicy request.
Policy (dict) --
Information about the policy.
PolicyName (string) --
The friendly name (not ARN) identifying the policy.
PolicyId (string) --
The stable and unique string identifying the policy.
For more information about IDs, see IAM Identifiers in the Using IAM guide.
Arn (string) --
The Amazon Resource Name (ARN). ARNs are unique identifiers for AWS resources.
For more information about ARNs, go to Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference .
Path (string) --
The path to the policy.
For more information about paths, see IAM Identifiers in the Using IAM guide.
DefaultVersionId (string) --
The identifier for the version of the policy that is set as the default version.
AttachmentCount (integer) --
The number of entities (users, groups, and roles) that the policy is attached to.
IsAttachable (boolean) --
Specifies whether the policy can be attached to an IAM user, group, or role.
Description (string) --
A friendly description of the policy.
This element is included in the response to the GetPolicy operation. It is not included in the response to the ListPolicies operation.
CreateDate (datetime) --
The date and time, in ISO 8601 date-time format, when the policy was created.
UpdateDate (datetime) --
The date and time, in ISO 8601 date-time format, when the policy was last updated.
When a policy has only one version, this field contains the date and time when the policy was created. When a policy has more than one version, this field contains the date and time when the most recent policy version was created.
Lists all managed policies that are attached to the specified user.
A user can also have inline policies embedded with it. To list the inline policies for a user, use the ListUserPolicies API. For information about policies, refer to Managed Policies and Inline Policies in the Using IAM guide.
You can paginate the results using the MaxItems and Marker parameters. You can use the PathPrefix parameter to limit the list of policies to only those matching the specified path prefix. If there are no policies attached to the specified group (or none that match the specified path prefix), the action returns an empty list.
Request Syntax
client.list_attached_user_policies(
UserName='string',
PathPrefix='string',
Marker='string',
MaxItems=123
)
string
[REQUIRED]
The name (friendly name, not ARN) of the user to list attached policies for.
string
The path prefix for filtering the results. This parameter is optional. If it is not included, it defaults to a slash (/), listing all policies.
string
Use this only when paginating results, and only in a subsequent request after you've received a response where the results are truncated. Set it to the value of the Marker element in the response you just received.
integer
Use this only when paginating results to indicate the maximum number of policies you want in the response. If there are additional policies beyond the maximum you specify, the IsTruncated response element is true . This parameter is optional. If you do not include it, it defaults to 100.
dict
Response Syntax
{
'AttachedPolicies': [
{
'PolicyName': 'string',
'PolicyArn': 'string'
},
],
'IsTruncated': True|False,
'Marker': 'string'
}
Response Structure
(dict) --
Contains the response to a successful ListAttachedUserPolicies request.
AttachedPolicies (list) --
A list of the attached policies.
(dict) --
Contains information about an attached policy.
An attached policy is a managed policy that has been attached to a user, group, or role. This data type is used as a response element in the ListAttachedGroupPolicies, ListAttachedRolePolicies, and ListAttachedUserPolicies actions.
For more information about managed policies, refer to Managed Policies and Inline Policies in the Using IAM guide.
PolicyName (string) --
The friendly name of the attached policy.
PolicyArn (string) --
The Amazon Resource Name (ARN). ARNs are unique identifiers for AWS resources.
For more information about ARNs, go to Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference .
IsTruncated (boolean) --
A flag that indicates whether there are more policies to list. If your results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more policies in the list.
Marker (string) --
If IsTruncated is true , this element is present and contains the value to use for the Marker parameter in a subsequent pagination request.
Retrieves information about the specified managed policy, including the policy's default version and the total number of users, groups, and roles that the policy is attached to. For a list of the specific users, groups, and roles that the policy is attached to, use the ListEntitiesForPolicy API. This API returns metadata about the policy. To retrieve the policy document for a specific version of the policy, use GetPolicyVersion.
This API retrieves information about managed policies. To retrieve information about an inline policy that is embedded with a user, group, or role, use the GetUserPolicy, GetGroupPolicy, or GetRolePolicy API.
For more information about policies, refer to Managed Policies and Inline Policies in the Using IAM guide.
Request Syntax
client.get_policy(
PolicyArn='string'
)
string
[REQUIRED]
The Amazon Resource Name (ARN). ARNs are unique identifiers for AWS resources.
For more information about ARNs, go to Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference .
dict
Response Syntax
{
'Policy': {
'PolicyName': 'string',
'PolicyId': 'string',
'Arn': 'string',
'Path': 'string',
'DefaultVersionId': 'string',
'AttachmentCount': 123,
'IsAttachable': True|False,
'Description': 'string',
'CreateDate': datetime(2015, 1, 1),
'UpdateDate': datetime(2015, 1, 1)
}
}
Response Structure
(dict) --
Contains the response to a successful GetPolicy request.
Policy (dict) --
Information about the policy.
PolicyName (string) --
The friendly name (not ARN) identifying the policy.
PolicyId (string) --
The stable and unique string identifying the policy.
For more information about IDs, see IAM Identifiers in the Using IAM guide.
Arn (string) --
The Amazon Resource Name (ARN). ARNs are unique identifiers for AWS resources.
For more information about ARNs, go to Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference .
Path (string) --
The path to the policy.
For more information about paths, see IAM Identifiers in the Using IAM guide.
DefaultVersionId (string) --
The identifier for the version of the policy that is set as the default version.
AttachmentCount (integer) --
The number of entities (users, groups, and roles) that the policy is attached to.
IsAttachable (boolean) --
Specifies whether the policy can be attached to an IAM user, group, or role.
Description (string) --
A friendly description of the policy.
This element is included in the response to the GetPolicy operation. It is not included in the response to the ListPolicies operation.
CreateDate (datetime) --
The date and time, in ISO 8601 date-time format, when the policy was created.
UpdateDate (datetime) --
The date and time, in ISO 8601 date-time format, when the policy was last updated.
When a policy has only one version, this field contains the date and time when the policy was created. When a policy has more than one version, this field contains the date and time when the most recent policy version was created.
Sets the specified version of the specified policy as the policy's default (operative) version.
This action affects all users, groups, and roles that the policy is attached to. To list the users, groups, and roles that the policy is attached to, use the ListEntitiesForPolicy API.
For information about managed policies, refer to Managed Policies and Inline Policies in the Using IAM guide.
Request Syntax
client.set_default_policy_version(
PolicyArn='string',
VersionId='string'
)
string
[REQUIRED]
The Amazon Resource Name (ARN). ARNs are unique identifiers for AWS resources.
For more information about ARNs, go to Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference .
string
[REQUIRED]
The version of the policy to set as the default (operative) version.
For more information about managed policy versions, see Versioning for Managed Policies in the Using IAM guide.
None
Lists all the managed policies that are available to your account, including your own customer managed policies and all AWS managed policies.
You can filter the list of policies that is returned using the optional OnlyAttached , Scope , and PathPrefix parameters. For example, to list only the customer managed policies in your AWS account, set Scope to Local . To list only AWS managed policies, set Scope to AWS .
You can paginate the results using the MaxItems and Marker parameters.
For more information about managed policies, refer to Managed Policies and Inline Policies in the Using IAM guide.
Request Syntax
client.list_policies(
Scope='All'|'AWS'|'Local',
OnlyAttached=True|False,
PathPrefix='string',
Marker='string',
MaxItems=123
)
string
The scope to use for filtering the results.
To list only AWS managed policies, set Scope to AWS . To list only the customer managed policies in your AWS account, set Scope to Local .
This parameter is optional. If it is not included, or if it is set to All , all policies are returned.
boolean
A flag to filter the results to only the attached policies.
When OnlyAttached is true , the returned list contains only the policies that are attached to a user, group, or role. When OnlyAttached is false , or when the parameter is not included, all policies are returned.
string
The path prefix for filtering the results. This parameter is optional. If it is not included, it defaults to a slash (/), listing all policies.
string
Use this parameter only when paginating results, and only in a subsequent request after you've received a response where the results are truncated. Set it to the value of the Marker element in the response you just received.
integer
Use this parameter only when paginating results to indicate the maximum number of policies you want in the response. If there are additional policies beyond the maximum you specify, the IsTruncated response element is true . This parameter is optional. If you do not include it, it defaults to 100.
dict
Response Syntax
{
'Policies': [
{
'PolicyName': 'string',
'PolicyId': 'string',
'Arn': 'string',
'Path': 'string',
'DefaultVersionId': 'string',
'AttachmentCount': 123,
'IsAttachable': True|False,
'Description': 'string',
'CreateDate': datetime(2015, 1, 1),
'UpdateDate': datetime(2015, 1, 1)
},
],
'IsTruncated': True|False,
'Marker': 'string'
}
Response Structure
(dict) --
Contains the response to a successful ListPolicies request.
Policies (list) --
A list of policies.
(dict) --
Contains information about a managed policy.
This data type is used as a response element in the CreatePolicy, GetPolicy, and ListPolicies actions.
For more information about managed policies, refer to Managed Policies and Inline Policies in the Using IAM guide.
PolicyName (string) --
The friendly name (not ARN) identifying the policy.
PolicyId (string) --
The stable and unique string identifying the policy.
For more information about IDs, see IAM Identifiers in the Using IAM guide.
Arn (string) --
The Amazon Resource Name (ARN). ARNs are unique identifiers for AWS resources.
For more information about ARNs, go to Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference .
Path (string) --
The path to the policy.
For more information about paths, see IAM Identifiers in the Using IAM guide.
DefaultVersionId (string) --
The identifier for the version of the policy that is set as the default version.
AttachmentCount (integer) --
The number of entities (users, groups, and roles) that the policy is attached to.
IsAttachable (boolean) --
Specifies whether the policy can be attached to an IAM user, group, or role.
Description (string) --
A friendly description of the policy.
This element is included in the response to the GetPolicy operation. It is not included in the response to the ListPolicies operation.
CreateDate (datetime) --
The date and time, in ISO 8601 date-time format, when the policy was created.
UpdateDate (datetime) --
The date and time, in ISO 8601 date-time format, when the policy was last updated.
When a policy has only one version, this field contains the date and time when the policy was created. When a policy has more than one version, this field contains the date and time when the most recent policy version was created.
IsTruncated (boolean) --
A flag that indicates whether there are more policies to list. If your results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more policies in the list.
Marker (string) --
If IsTruncated is true , this element is present and contains the value to use for the Marker parameter in a subsequent pagination request.
Removes the specified managed policy from the specified group.
A group can also have inline policies embedded with it. To delete an inline policy, use the DeleteGroupPolicy API. For information about policies, refer to Managed Policies and Inline Policies in the Using IAM guide.
Request Syntax
client.detach_group_policy(
GroupName='string',
PolicyArn='string'
)
string
[REQUIRED]
The name (friendly name, not ARN) of the group to detach the policy from.
string
[REQUIRED]
The Amazon Resource Name (ARN). ARNs are unique identifiers for AWS resources.
For more information about ARNs, go to Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference .
None
Attaches the specified managed policy to the specified role.
When you attach a managed policy to a role, the managed policy is used as the role's access (permissions) policy. You cannot use a managed policy as the role's trust policy. The role's trust policy is created at the same time as the role, using CreateRole. You can update a role's trust policy using UpdateAssumeRolePolicy.
Use this API to attach a managed policy to a role. To embed an inline policy in a role, use PutRolePolicy. For more information about policies, refer to Managed Policies and Inline Policies in the Using IAM guide.
Request Syntax
client.attach_role_policy(
RoleName='string',
PolicyArn='string'
)
string
[REQUIRED]
The name (friendly name, not ARN) of the role to attach the policy to.
string
[REQUIRED]
The Amazon Resource Name (ARN). ARNs are unique identifiers for AWS resources.
For more information about ARNs, go to Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference .
None
Attaches the specified managed policy to the specified group.
You use this API to attach a managed policy to a group. To embed an inline policy in a group, use PutGroupPolicy.
For more information about policies, refer to Managed Policies and Inline Policies in the Using IAM guide.
Request Syntax
client.attach_group_policy(
GroupName='string',
PolicyArn='string'
)
string
[REQUIRED]
The name (friendly name, not ARN) of the group to attach the policy to.
string
[REQUIRED]
The Amazon Resource Name (ARN). ARNs are unique identifiers for AWS resources.
For more information about ARNs, go to Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference .
None
Deletes the specified version of the specified managed policy.
You cannot delete the default version of a policy using this API. To delete the default version of a policy, use DeletePolicy. To find out which version of a policy is marked as the default version, use ListPolicyVersions.
For information about versions for managed policies, refer to Versioning for Managed Policies in the Using IAM guide.
Request Syntax
client.delete_policy_version(
PolicyArn='string',
VersionId='string'
)
string
[REQUIRED]
The Amazon Resource Name (ARN). ARNs are unique identifiers for AWS resources.
For more information about ARNs, go to Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference .
string
[REQUIRED]
The policy version to delete.
For more information about managed policy versions, see Versioning for Managed Policies in the Using IAM guide.
None
Creates a new version of the specified managed policy. To update a managed policy, you create a new policy version. A managed policy can have up to five versions. If the policy has five versions, you must delete an existing version using DeletePolicyVersion before you create a new version.
Optionally, you can set the new version as the policy's default version. The default version is the operative version; that is, the version that is in effect for the IAM users, groups, and roles that the policy is attached to.
For more information about managed policy versions, see Versioning for Managed Policies in the Using IAM guide.
Request Syntax
client.create_policy_version(
PolicyArn='string',
PolicyDocument='string',
SetAsDefault=True|False
)
string
[REQUIRED]
The Amazon Resource Name (ARN). ARNs are unique identifiers for AWS resources.
For more information about ARNs, go to Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference .
string
[REQUIRED]
The policy document.
The policy must be URL-encoded according to RFC 3986.
boolean
Specifies whether to set this version as the policy's default version.
When this parameter is true , the new policy version becomes the operative version; that is, the version that is in effect for the IAM users, groups, and roles that the policy is attached to.
For more information about managed policy versions, see Versioning for Managed Policies in the Using IAM guide.
dict
Response Syntax
{
'PolicyVersion': {
'Document': 'string',
'VersionId': 'string',
'IsDefaultVersion': True|False,
'CreateDate': datetime(2015, 1, 1)
}
}
Response Structure
(dict) --
Contains the response to a successful CreatePolicyVersion request.
PolicyVersion (dict) --
Information about the policy version.
Document (string) --
The policy document.
The policy document is returned in the response to the GetPolicyVersion operation. It is not included in the response to the ListPolicyVersions operation.
VersionId (string) --
The identifier for the policy version.
Policy version identifiers always begin with v (always lowercase). When a policy is created, the first policy version is v1 .
IsDefaultVersion (boolean) --
Specifies whether the policy version is set as the policy's default version.
CreateDate (datetime) --
The date and time, in ISO 8601 date-time format, when the policy version was created.
Deletes the specified managed policy.
Before you can delete a managed policy, you must detach the policy from all users, groups, and roles that it is attached to, and you must delete all of the policy's versions. The following steps describe the process for deleting a managed policy:
Detach the policy from all users, groups, and roles that the policy is attached to, using the DetachUserPolicy, DetachGroupPolicy, or DetachRolePolicy APIs. To list all the users, groups, and roles that a policy is attached to, use ListEntitiesForPolicy.
Delete all versions of the policy using DeletePolicyVersion. To list the policy's versions, use ListPolicyVersions. You cannot use DeletePolicyVersion to delete the version that is marked as the default version. You delete the policy's default version in the next step of the process.
Delete the policy (this automatically deletes the policy's default version) using this API.
For information about managed policies, refer to Managed Policies and Inline Policies in the Using IAM guide.
Request Syntax
client.delete_policy(
PolicyArn='string'
)
string
[REQUIRED]
The Amazon Resource Name (ARN). ARNs are unique identifiers for AWS resources.
For more information about ARNs, go to Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference .
None
Removes the specified managed policy from the specified user.
A user can also have inline policies embedded with it. To delete an inline policy, use the DeleteUserPolicy API. For information about policies, refer to Managed Policies and Inline Policies in the Using IAM guide.
Request Syntax
client.detach_user_policy(
UserName='string',
PolicyArn='string'
)
string
[REQUIRED]
The name (friendly name, not ARN) of the user to detach the policy from.
string
[REQUIRED]
The Amazon Resource Name (ARN). ARNs are unique identifiers for AWS resources.
For more information about ARNs, go to Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference .
None
Lists all users, groups, and roles that the specified managed policy is attached to.
You can use the optional EntityFilter parameter to limit the results to a particular type of entity (users, groups, or roles). For example, to list only the roles that are attached to the specified policy, set EntityFilter to Role .
You can paginate the results using the MaxItems and Marker parameters.
Request Syntax
client.list_entities_for_policy(
PolicyArn='string',
EntityFilter='User'|'Role'|'Group',
PathPrefix='string',
Marker='string',
MaxItems=123
)
string
[REQUIRED]
The Amazon Resource Name (ARN). ARNs are unique identifiers for AWS resources.
For more information about ARNs, go to Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference .
string
The entity type to use for filtering the results.
For example, when EntityFilter is Role , only the roles that are attached to the specified policy are returned. This parameter is optional. If it is not included, all attached entities (users, groups, and roles) are returned.
string
The path prefix for filtering the results. This parameter is optional. If it is not included, it defaults to a slash (/), listing all entities.
string
Use this only when paginating results, and only in a subsequent request after you've received a response where the results are truncated. Set it to the value of the Marker element in the response you just received.
integer
Use this only when paginating results to indicate the maximum number of entities you want in the response. If there are additional entities beyond the maximum you specify, the IsTruncated response element is true . This parameter is optional. If you do not include it, it defaults to 100.
dict
Response Syntax
{
'PolicyGroups': [
{
'GroupName': 'string'
},
],
'PolicyUsers': [
{
'UserName': 'string'
},
],
'PolicyRoles': [
{
'RoleName': 'string'
},
],
'IsTruncated': True|False,
'Marker': 'string'
}
Response Structure
(dict) --
Contains the response to a successful ListEntitiesForPolicy request.
PolicyGroups (list) --
A list of groups that the policy is attached to.
(dict) --
Contains information about a group that a managed policy is attached to.
This data type is used as a response element in the ListEntitiesForPolicy action.
For more information about managed policies, refer to Managed Policies and Inline Policies in the Using IAM guide.
GroupName (string) --
The name (friendly name, not ARN) identifying the group.
PolicyUsers (list) --
A list of users that the policy is attached to.
(dict) --
Contains information about a user that a managed policy is attached to.
This data type is used as a response element in the ListEntitiesForPolicy action.
For more information about managed policies, refer to Managed Policies and Inline Policies in the Using IAM guide.
UserName (string) --
The name (friendly name, not ARN) identifying the user.
PolicyRoles (list) --
A list of roles that the policy is attached to.
(dict) --
Contains information about a role that a managed policy is attached to.
This data type is used as a response element in the ListEntitiesForPolicy action.
For more information about managed policies, refer to Managed Policies and Inline Policies in the Using IAM guide.
RoleName (string) --
The name (friendly name, not ARN) identifying the role.
IsTruncated (boolean) --
A flag that indicates whether there are more entities to list. If your results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more entities in the list.
Marker (string) --
If IsTruncated is true , this element is present and contains the value to use for the Marker parameter in a subsequent pagination request.
Lists all managed policies that are attached to the specified role.
A role can also have inline policies embedded with it. To list the inline policies for a role, use the ListRolePolicies API. For information about policies, refer to Managed Policies and Inline Policies in the Using IAM guide.
You can paginate the results using the MaxItems and Marker parameters. You can use the PathPrefix parameter to limit the list of policies to only those matching the specified path prefix. If there are no policies attached to the specified role (or none that match the specified path prefix), the action returns an empty list.
Request Syntax
client.list_attached_role_policies(
RoleName='string',
PathPrefix='string',
Marker='string',
MaxItems=123
)
string
[REQUIRED]
The name (friendly name, not ARN) of the role to list attached policies for.
string
The path prefix for filtering the results. This parameter is optional. If it is not included, it defaults to a slash (/), listing all policies.
string
Use this only when paginating results, and only in a subsequent request after you've received a response where the results are truncated. Set it to the value of the Marker element in the response you just received.
integer
Use this only when paginating results to indicate the maximum number of policies you want in the response. If there are additional policies beyond the maximum you specify, the IsTruncated response element is true . This parameter is optional. If you do not include it, it defaults to 100.
dict
Response Syntax
{
'AttachedPolicies': [
{
'PolicyName': 'string',
'PolicyArn': 'string'
},
],
'IsTruncated': True|False,
'Marker': 'string'
}
Response Structure
(dict) --
Contains the response to a successful ListAttachedRolePolicies request.
AttachedPolicies (list) --
A list of the attached policies.
(dict) --
Contains information about an attached policy.
An attached policy is a managed policy that has been attached to a user, group, or role. This data type is used as a response element in the ListAttachedGroupPolicies, ListAttachedRolePolicies, and ListAttachedUserPolicies actions.
For more information about managed policies, refer to Managed Policies and Inline Policies in the Using IAM guide.
PolicyName (string) --
The friendly name of the attached policy.
PolicyArn (string) --
The Amazon Resource Name (ARN). ARNs are unique identifiers for AWS resources.
For more information about ARNs, go to Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference .
IsTruncated (boolean) --
A flag that indicates whether there are more policies to list. If your results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more policies in the list.
Marker (string) --
If IsTruncated is true , this element is present and contains the value to use for the Marker parameter in a subsequent pagination request.