Skip to main content

user_policies

Creates, updates, deletes or gets an user_policy resource or lists user_policies in a region

Overview

Nameuser_policies
TypeResource
DescriptionAdds or updates an inline policy document that is embedded in the specified IAM user.
An IAM user can also have a managed policy attached to it. To attach a managed policy to a user, use [AWS::IAM::User](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user.html). To create a new managed policy, use [AWS::IAM::ManagedPolicy](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-managedpolicy.html). For information about policies, see [Managed policies and inline policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) in the *IAM User Guide*.
For information about the maximum number of inline policies that you can embed in a user, see [IAM and quotas](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) in the *IAM User Guide*.
Idawscc.iam.user_policies

Fields

NameDatatypeDescription
policy_documentobjectThe policy document.<br />You must provide policies in JSON format in IAM. However, for CFN templates formatted in YAML, you can provide the policy in JSON or YAML format. CFN always converts a YAML policy to JSON format before submitting it to IAM.<br />The &#91;regex pattern&#93;(https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) used to validate this parameter is a string of characters consisting of the following:<br />+ Any printable ASCII character ranging from the space character (&#96;&#96;\u0020&#96;&#96;) through the end of the ASCII character range<br />+ The printable characters in the Basic Latin and Latin-1 Supplement character set (through &#96;&#96;\u00FF&#96;&#96;)<br />+ The special characters tab (&#96;&#96;\u0009&#96;&#96;), line feed (&#96;&#96;\u000A&#96;&#96;), and carriage return (&#96;&#96;\u000D&#96;&#96;)
policy_namestringThe name of the policy document.<br />This parameter allows (through its &#91;regex pattern&#93;(https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: &#95;+=,.@-
user_namestringThe name of the user to associate the policy with.<br />This parameter allows (through its &#91;regex pattern&#93;(https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: &#95;+=,.@-
regionstringAWS region.

For more information, see AWS::IAM::UserPolicy.

Methods

NameAccessible byRequired Params
create_resourceINSERTPolicyName, UserName, region
delete_resourceDELETEdata__Identifier, region
update_resourceUPDATEdata__Identifier, data__PatchDocument, region
get_resourceSELECTdata__Identifier, region

SELECT examples

Gets all properties from an individual user_policy.

SELECT
region,
policy_document,
policy_name,
user_name
FROM awscc.iam.user_policies
WHERE data__Identifier = '<PolicyName>|<UserName>';

INSERT example

Use the following StackQL query and manifest file to create a new user_policy resource, using stack-deploy.

/*+ create */
INSERT INTO awscc.iam.user_policies (
 PolicyName,
 UserName,
 region
)
SELECT 
'{{ PolicyName }}',
 '{{ UserName }}',
'{{ region }}';

DELETE example

/*+ delete */
DELETE FROM awscc.iam.user_policies
WHERE data__Identifier = '<PolicyName|UserName>'
AND region = 'us-east-1';

Permissions

To operate on the user_policies resource, the following permissions are required:

Create

iam:PutUserPolicy,
iam:GetUserPolicy

Read

iam:GetUserPolicy

Update

iam:PutUserPolicy,
iam:GetUserPolicy

Delete

iam:DeleteUserPolicy,
iam:GetUserPolicy