Borislav Hadzhiev
Thu Sep 16 2021·3 min read
Photo by Clem Onojeghuo
IAM policies define specific permissions needed to access AWS resources and can be associated with IAM users, roles or groups.
To attach an inline policy to an IAM user, we have to:
json
file on the local file systemput-user-policy
commandLet's look at an example inline policy that grants read permissions on a specific S3 bucket:
{ "Version": "2012-10-17", "Statement": [ { "Action": [ "s3:Get*", "s3:ListBucket" ], "Effect": "Allow", "Resource": [ "arn:aws:s3:::MYBUCKET", "arn:aws:s3:::MYBUCKET/*" ] } ] }
To attach the inline policy to an IAM user, open your terminal in the directory,
where the read-bucket.json
file is located and run the put-user-policy
command:
aws iam put-user-policy --user-name YourUsername --policy-name YourPolicyName --policy-document file://read-bucket.json
The local file path must be prefixed with file://
.
--parameters
to the AWS CLI, prefix the path with file://
for human-readable files or with fileb://
for binary (non human-readable) files.In the code snippet, the shell is opened in the directory where the
read-bucket.json
file is located. If your terminal is opened in a different
directory, you can pass a local or absolute path leading to the file.
For example on linux
and macOS
you can use relative and absolute paths as
follows:
# relative path, navigate to directory aws iam put-user-policy --user-name YourUsername --policy-name YourPolicyName --policy-document file://./my-folder/read-bucket.json # absolute path (notice 3 `/` characters in file:/// prefix) aws iam put-user-policy --user-name YourUsername --policy-name YourPolicyName --policy-document file:///home/john/read-bucket.json
On windows
you can specify a file://
prefix as follows:
aws iam put-user-policy --user-name YourUsername --policy-name YourPolicyName --policy-document file://C:\my-folder\read-bucket.json
To verify that the inline policy has been attached successfully to the IAM user,
run the list-user-policies
command:
aws iam list-user-policies --user-name YourUser
When attaching inline policies to an IAM user, make sure the contents of the
.json
file are valid json.
To get the name of the policy that should get deleted, run the
list-user-policies
command:
aws iam list-user-policies --user-name YourUser
To delete an inline policy, attached to an IAM User, using the AWS CLI, run
the delete-user-policy
command:
aws iam delete-user-policy --user-name YourUser --policy-name YourPolicy
To verify that the inline policy has been deleted from the user, run the
list-user-policies
command:
aws iam list-user-policies --user-name YourUser