I'm able to retrieve the policy document for inline policies by "get_user_policy()" client. Is there any way to retrieve policy documents for AWS managed policies of IAM user..?
import boto3
client = boto3.client('iam')
policy = iam.get_user_policy(UserName="<string>",PolicyName = "<string>")
doc = dict((k,response[k]) for k in ['PolicyDocument']if k in policy)
print(doc)
It seems like we can get a policy document of managed policy using its arn. But I'm not sure how to get arn for all the managed policies which were attached to particular IAM user.
So, How to get the policy document for aws managed policy of iam user in python?
Thanks in advance.
you can use the following link for getting all policies attached to a user. fetch users and policies
then to get all the policy documents you can use
I have created one user called test1 and attached IAMReadOnlyAccess and PowerUserAccess. The catch was ARN difference for AWS managed policy and customer managed policy. For more info.
import boto3
iam_res = boto3.resource('iam')
user = iam_res.User('test1')
policy_iterator = user.attached_policies.all()
for each in policy_iterator:
if each.arn.startswith('arn:aws:iam::aws'):
print(each.default_version.document)
Here is the output.
{'Statement': [{'Action': ['iam:GenerateCredentialReport',
'iam:GenerateServiceLastAccessedDetails',
'iam:Get*',
'iam:List*',
'iam:SimulateCustomPolicy',
'iam:SimulatePrincipalPolicy'],
'Effect': 'Allow',
'Resource': '*'}],
'Version': '2012-10-17'}
{'Statement': [{'Effect': 'Allow',
'NotAction': ['iam:*', 'organizations:*', 'account:*'],
'Resource': '*'},
{'Action': ['iam:CreateServiceLinkedRole',
'iam:DeleteServiceLinkedRole',
'iam:ListRoles',
'organizations:DescribeOrganization',
'account:ListRegions'],
'Effect': 'Allow',
'Resource': '*'}],
'Version': '2012-10-17'}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.