user_policies
Creates, updates, deletes or gets an user_policy resource or lists user_policies in a region
Overview
| Name | user_policies |
| Type | Resource |
| Description | Adds or updates an inline policy document that is embedded in the specified IAM user. An IAM user can also have a managed policy attached to it. To attach a managed policy to a user, use [AWS::IAM::User](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user.html). To create a new managed policy, use [AWS::IAM::ManagedPolicy](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-managedpolicy.html). For information about policies, see [Managed policies and inline policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) in the *IAM User Guide*. For information about the maximum number of inline policies that you can embed in a user, see [IAM and quotas](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) in the *IAM User Guide*. |
| Id | awscc.iam.user_policies |
Fields
| Name | Datatype | Description |
|---|---|---|
policy_document | object | The policy document.<br />You must provide policies in JSON format in IAM. However, for CFN templates formatted in YAML, you can provide the policy in JSON or YAML format. CFN always converts a YAML policy to JSON format before submitting it to IAM.<br />The [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) used to validate this parameter is a string of characters consisting of the following:<br />+ Any printable ASCII character ranging from the space character (``\u0020``) through the end of the ASCII character range<br />+ The printable characters in the Basic Latin and Latin-1 Supplement character set (through ``\u00FF``)<br />+ The special characters tab (``\u0009``), line feed (``\u000A``), and carriage return (``\u000D``) |
policy_name | string | The name of the policy document.<br />This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@- |
user_name | string | The name of the user to associate the policy with.<br />This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@- |
region | string | AWS region. |
For more information, see AWS::IAM::UserPolicy.
Methods
| Name | Accessible by | Required Params |
|---|---|---|
create_resource | INSERT | PolicyName, UserName, region |
delete_resource | DELETE | Identifier, region |
update_resource | UPDATE | Identifier, PatchDocument, region |
get_resource | SELECT | Identifier, region |
SELECT examples
Gets all properties from an individual user_policy.
SELECT
region,
policy_document,
policy_name,
user_name
FROM awscc.iam.user_policies
WHERE
region = 'us-east-1' AND
Identifier = '{{ policy_name }}|{{ user_name }}';
INSERT example
Use the following StackQL query and manifest file to create a new user_policy resource, using stack-deploy.
- Required Properties
- All Properties
- Manifest
/*+ create */
INSERT INTO awscc.iam.user_policies (
PolicyName,
UserName,
region
)
SELECT
'{{ policy_name }}',
'{{ user_name }}',
'{{ region }}';
/*+ create */
INSERT INTO awscc.iam.user_policies (
PolicyDocument,
PolicyName,
UserName,
region
)
SELECT
'{{ policy_document }}',
'{{ policy_name }}',
'{{ user_name }}',
'{{ region }}';
version: 1
name: stack name
description: stack description
providers:
- aws
globals:
- name: region
value: '{{ vars.AWS_REGION }}'
resources:
- name: user_policy
props:
- name: policy_document
value: {}
- name: policy_name
value: '{{ policy_name }}'
- name: user_name
value: '{{ user_name }}'
UPDATE example
Use the following StackQL query and manifest file to update a user_policy resource, using stack-deploy.
/*+ update */
UPDATE awscc.iam.user_policies
SET PatchDocument = string('{{ {
"PolicyDocument": policy_document
} | generate_patch_document }}')
WHERE
region = '{{ region }}' AND
Identifier = '{{ policy_name }}|{{ user_name }}';
DELETE example
/*+ delete */
DELETE FROM awscc.iam.user_policies
WHERE
Identifier = '{{ policy_name }}|{{ user_name }}' AND
region = 'us-east-1';
Permissions
To operate on the user_policies resource, the following permissions are required:
- Create
- Read
- Update
- Delete
iam:PutUserPolicy,
iam:GetUserPolicy
iam:GetUserPolicy
iam:PutUserPolicy,
iam:GetUserPolicy
iam:DeleteUserPolicy,
iam:GetUserPolicy