How to create AWS IAM role attaching managed policy only using Boto3

amazon-web-services boto3 amazon-iam roles policy
Rafiq picture Rafiq · May 22, 2017 · Viewed 8.8k times · Source

I am trying to use Boto3 to create a new instance role that will attach a managed policy only.

I have the following:

Policy Name: my_instance_policy

Policy ARN: arn:aws:iam::123456789012:policy/my_test_policy

I want to create the role called 'my_instance_role' attaching attaching the above policy only.

Boto3 client has the create_role() function like below:

import boto3
client = boto3.client('iam')
response = client.create_role(
    Path='string',
    RoleName='string',
    AssumeRolePolicyDocument='string',
    Description='string'
)

Here, I do not see an option to use the policy ARN or name. My understanding is that AssumeRolePolicyDocument variable needs the JSON formatted policy document converted in to text.

Is it possible the way I am looking for?

Answer

garnaat picture garnaat · May 22, 2017

You would have to create the role (as you are doing above) and then separately attach the managed policy to the role like this:

response = client.attach_role_policy(
    RoleName='MyRole', PolicyArn='<arn of managed policy>')

Related questions

Access Denied using boto3 through aws Lambda

I use the data processing pipeline constructed of S3 + SNS + Lambda becasue S3 can not send notificaiton out of its storage region so I made use of SNS to send S3 notification to Lambda in other region. The lambda function …

Read More
How to assume an AWS role from another AWS role?

I have two AWS account - lets say A and B. In account B, I have a role defined that allow access to another role from account A. Lets call it Role-B { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "AWS": "…

Read More
How to write a file or data to an S3 object using boto3

In boto 2, you can write to an S3 object using these methods: Key.set_contents_from_string() Key.set_contents_from_file() Key.set_contents_from_filename() Key.set_contents_from_stream() Is there a boto 3 equivalent? What is the …

Read More