Euca2ools Guide / IAM-Compatible Commands |
Adds a new policy for a role.
euare-roleaddpolicy -r role_name -p policy_name -e {Allow,Deny} -a actions -c resources [-o] [--as-account account]
Option | Description | Required |
---|---|---|
-r, --role-name role_name | Name of the role to associate the policy with | Yes |
-p, --policy-name policy_name | Name of the new policy | Yes |
-e, --effect effect | The value for the policy's
Effect element. Valid values: Allow | Deny |
Yes |
-a, --action action | The value for the policy's Action element. This value specifies both the service and action you want to allow or deny permission to. For example: -a iam:ListAccessKeys. | Yes |
-c, --actions actions | Actions that the policy should apply to. At least one is required. | Yes |
--as-account account | [Eucalyptus cloud administrator only] Run this command as the administrator of another account. | No |
Option | Description |
---|---|
--region=region | Region to direct requests to. |
-U url,--url=url | Override service URL with this value. |
--as-account account | This Eucalyptus extension is for use by the system administrator to act as the account administrator of the specified account without changing to account administrator's role. |
-I access_key_id, --access-key=access_key_id | Override configured access key ID with this value. |
-S secret_key, --secret-key=secret_key | Override configured secret key with this value. |
--security-token=token | Security token. |
-D, --debug | Prints what the command sends to the server and what it receives from the server. Use when you're trying to debug Euca2ools. |
--debugger | Enable interactive debugger on error. |
-h,--help | Display the manual page for the command. |
--version | Display the version of this tool. |
Eucalyptus returns the policy
The following policy allows myuser all actions in EC2.
euare-roleaddpolicy -r myrole -p mypolicy -e Allow -a 'ec2:*' -r '*'
The following policy allows myuser all actions in EC2 and outputs the generated JSON policy.
euare-roleaddpolicy -r myrole -p mypolicy -e Allow -a 'ec2:*' -r '*' -o {"Version":"2008-10-17","Statement":[{"Effect":"Allow", "Action":["ec2:*"], "Resource":["*"]}]}