Euca2ools Guide / IAM-Compatible Commands |
Adds a new policy to a group.
euare-groupaddpolicy -g group_name -p policy_name -e effect -a 'ec2:*' -r resources [-o]
Option | Description | Required |
---|---|---|
-g, --group-name group_name | Name of the group to associate the policy with | Yes |
-p, --policy-name policy_name | Name of the policy document | Yes |
-e, --effect effect | The value for the policy's Effect element.
Valid values: Allow | Deny |
Yes |
-a, --action action | The value for the policy's Action element. This value specifies both the service and action you want to allow or deny permission to. For example: -a iam:ListAccessKeys. | Yes |
-r, --resources resources | Resource(s) the policy should apply to. At least one is required. | Yes |
-o | This option tells Eucalyptus to output the JSON policy document that IAM created for you. | No |
Option | Description |
---|---|
--region=region | Region to direct requests to. |
-U url,--url=url | Override service URL with this value. |
--as-account account | This Eucalyptus extension is for use by the system administrator to act as the account administrator of the specified account without changing to account administrator's role. |
-I access_key_id, --access-key=access_key_id | Override configured access key ID with this value. |
-S secret_key, --secret-key=secret_key | Override configured secret key with this value. |
--security-token=token | Security token. |
-D, --debug | Prints what the command sends to the server and what it receives from the server. Use when you're trying to debug Euca2ools. |
--debugger | Enable interactive debugger on error. |
-h,--help | Display the manual page for the command. |
--version | Display the version of this tool. |
Eucalyptus does not return any message.
The following policy allows all actions in EC2.
euare-groupaddpolicy -g mygroup -p mypolicy -e Allow -a 'ec2:*'
The following policy allows all actions in EC2 and outputs the generated JSON policy.
euare-groupaddpolicy -g mygroup -p mypolicy -e Allow -a 'ec2:*' -o {"Version":"2008-10-17","Statement":[{"Effect":"Allow", "Action":["ec2:*"], "Resource":["*"]}]}