user_policy
Gets or updates an individual user_policy
resource, use user_policies
to retrieve a list of resources or to create or delete a resource.
Overview
Name | user_policy |
Type | Resource |
Description | Adds or updates an inline policy document that is embedded in the specified IAM user.<br/> An IAM user can also have a managed policy attached to it. To attach a managed policy to a user, use [AWS::IAM::User](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user.html). To create a new managed policy, use [AWS::IAM::ManagedPolicy](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-managedpolicy.html). For information about policies, see [Managed policies and inline policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) in the *IAM User Guide*.<br/> For information about the maximum number of inline policies that you can embed in a user, see [IAM and quotas](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) in the *IAM User Guide*. |
Id | aws.iam.user_policy |
Fields
Name | Datatype | Description |
---|---|---|
policy_document | object | The policy document.<br/> You must provide policies in JSON format in IAM. However, for CFN templates formatted in YAML, you can provide the policy in JSON or YAML format. CFN always converts a YAML policy to JSON format before submitting it to IAM.<br/> The [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) used to validate this parameter is a string of characters consisting of the following:<br/> + Any printable ASCII character ranging from the space character (\u0020 ) through the end of the ASCII character range<br/> + The printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF )<br/> + The special characters tab (\u0009 ), line feed (\u000A ), and carriage return (\u000D ) |
policy_name | string | The name of the policy document.<br/> This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@- |
user_name | string | The name of the user to associate the policy with.<br/> This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@- |
region | string | AWS region. |
Methods
Name | Accessible by | Required Params |
---|---|---|
update_resource | UPDATE | data__Identifier, data__PatchDocument, region |
get_resource | SELECT | data__Identifier, region |
SELECT
Example
SELECT
region,
policy_document,
policy_name,
user_name
FROM aws.iam.user_policy
WHERE data__Identifier = '<PolicyName>|<UserName>';
Permissions
To operate on the user_policy
resource, the following permissions are required:
Read
iam:GetUserPolicy
Update
iam:PutUserPolicy,
iam:GetUserPolicy