role_policies

Creates, updates, deletes or gets a role_policy resource or lists role_policies in a region

Overview

Name	`role_policies`
Type	Resource
Description	Adds or updates an inline policy document that is embedded in the specified IAM role. When you embed an inline policy in a role, the inline policy is used as part of the role's access (permissions) policy. The role's trust policy is created at the same time as the role, using [CreateRole](https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateRole.html). You can update a role's trust policy using [UpdateAssumeRolePolicy](https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateAssumeRolePolicy.html). For information about roles, see [roles](https://docs.aws.amazon.com/IAM/latest/UserGuide/roles-toplevel.html) in the IAM User Guide. A role can also have a managed policy attached to it. To attach a managed policy to a role, use [AWS::IAM::Role](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html). To create a new managed policy, use [AWS::IAM::ManagedPolicy](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-managedpolicy.html). For information about policies, see [Managed policies and inline policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) in the IAM User Guide. For information about the maximum number of inline policies that you can embed with a role, see [IAM and quotas](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) in the IAM User Guide.
Id	`awscc.iam.role_policies`

Fields

Name	Datatype	Description
`policy_document`	`object`	The policy document.<br />You must provide policies in JSON format in IAM. However, for CFN templates formatted in YAML, you can provide the policy in JSON or YAML format. CFN always converts a YAML policy to JSON format before submitting it to IAM.<br />The [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) used to validate this parameter is a string of characters consisting of the following:<br />+ Any printable ASCII character ranging from the space character (``\u0020``) through the end of the ASCII character range<br />+ The printable characters in the Basic Latin and Latin-1 Supplement character set (through ``\u00FF``)<br />+ The special characters tab (``\u0009``), line feed (``\u000A``), and carriage return (``\u000D``)
`policy_name`	`string`	The name of the policy document.<br />This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
`role_name`	`string`	The name of the role to associate the policy with.<br />This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
`region`	`string`	AWS region.

For more information, see AWS::IAM::RolePolicy.

Methods

Name	Accessible by	Required Params
`create_resource`	`INSERT`	`PolicyName, RoleName, region`
`delete_resource`	`DELETE`	`data__Identifier, region`
`update_resource`	`UPDATE`	`data__Identifier, data__PatchDocument, region`
`get_resource`	`SELECT`	`data__Identifier, region`

`SELECT` examples

Gets all properties from an individual role_policy.

SELECT
region,
policy_document,
policy_name,
role_name
FROM awscc.iam.role_policies
WHERE data__Identifier = '<PolicyName>|<RoleName>';

`INSERT` example

Use the following StackQL query and manifest file to create a new role_policy resource, using stack-deploy.

Required Properties
All Properties
Manifest

/*+ create */
INSERT INTO awscc.iam.role_policies (
 PolicyName,
 RoleName,
 region
)
SELECT 
'{{ PolicyName }}',
 '{{ RoleName }}',
'{{ region }}';

/*+ create */
INSERT INTO awscc.iam.role_policies (
 PolicyDocument,
 PolicyName,
 RoleName,
 region
)
SELECT 
 '{{ PolicyDocument }}',
 '{{ PolicyName }}',
 '{{ RoleName }}',
 '{{ region }}';

version: 1
name: stack name
description: stack description
providers:
  - aws
globals:
  - name: region
    value: '{{ vars.AWS_REGION }}'
resources:
  - name: role_policy
    props:
      - name: PolicyDocument
        value: {}
      - name: PolicyName
        value: '{{ PolicyName }}'
      - name: RoleName
        value: '{{ RoleName }}'

`DELETE` example

/*+ delete */
DELETE FROM awscc.iam.role_policies
WHERE data__Identifier = '<PolicyName|RoleName>'
AND region = 'us-east-1';

Permissions

To operate on the role_policies resource, the following permissions are required:

Create

iam:PutRolePolicy,
iam:GetRolePolicy

Read

iam:GetRolePolicy

Update

iam:PutRolePolicy,
iam:GetRolePolicy

Delete

iam:DeleteRolePolicy,
iam:GetRolePolicy

Overview​

Fields​

Methods​

SELECT examples​

INSERT example​

DELETE example​

Permissions​

Create​

Read​

Update​

Delete​