role_policy

Gets or updates an individual role_policy resource, use role_policies to retrieve a list of resources or to create or delete a resource.

Overview

Name	`role_policy`
Type	Resource
Description	Adds or updates an inline policy document that is embedded in the specified IAM role.<br/> When you embed an inline policy in a role, the inline policy is used as part of the role's access (permissions) policy. The role's trust policy is created at the same time as the role, using [CreateRole](https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateRole.html). You can update a role's trust policy using [UpdateAssumeRolePolicy](https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateAssumeRolePolicy.html). For information about roles, see [roles](https://docs.aws.amazon.com/IAM/latest/UserGuide/roles-toplevel.html) in the IAM User Guide.<br/> A role can also have a managed policy attached to it. To attach a managed policy to a role, use [AWS::IAM::Role](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html). To create a new managed policy, use [AWS::IAM::ManagedPolicy](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-managedpolicy.html). For information about policies, see [Managed policies and inline policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) in the IAM User Guide.<br/> For information about the maximum number of inline policies that you can embed with a role, see [IAM and quotas](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) in the IAM User Guide.
Id	`aws.iam.role_policy`

Fields

Name	Datatype	Description
`policy_document`	`object`	The policy document.<br/> You must provide policies in JSON format in IAM. However, for CFN templates formatted in YAML, you can provide the policy in JSON or YAML format. CFN always converts a YAML policy to JSON format before submitting it to IAM.<br/> The [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) used to validate this parameter is a string of characters consisting of the following:<br/> + Any printable ASCII character ranging from the space character (`\u0020`) through the end of the ASCII character range<br/> + The printable characters in the Basic Latin and Latin-1 Supplement character set (through `\u00FF`)<br/> + The special characters tab (`\u0009`), line feed (`\u000A`), and carriage return (`\u000D`)
`policy_name`	`string`	The name of the policy document.<br/> This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
`role_name`	`string`	The name of the role to associate the policy with.<br/> This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
`region`	`string`	AWS region.

Methods

Name	Accessible by	Required Params
`update_resource`	`UPDATE`	`data__Identifier, data__PatchDocument, region`
`get_resource`	`SELECT`	`data__Identifier, region`

`SELECT` Example

SELECT
region,
policy_document,
policy_name,
role_name
FROM aws.iam.role_policy
WHERE data__Identifier = '<PolicyName>|<RoleName>';

Permissions

To operate on the role_policy resource, the following permissions are required:

Read

iam:GetRolePolicy

Update

iam:PutRolePolicy,
iam:GetRolePolicy

Overview​

Fields​

Methods​

SELECT Example​

Permissions​

Read​

Update​