euare-useraddpolicy

Adds a new policy for a user.

Syntax

euare-useraddpolicy -p policyname -e {Allow,Deny} -u user -a action [-r RESOURCE]

Options

Option Description Required
-u, --user-name user_name Name of the user to associate the policy with Yes
-p, --policy-name policy_name Name of the policy document Yes
-e, --effect effect The value for the policy's Effect element.

Valid values: Allow | Deny

Yes
-a, --action action The value for the policy's Action element. This value specifies both the service and action you want to allow or deny permission to. For example: -a iam:ListAccessKeys. Yes
-o This option tells Eucalyptus to output the JSON policy document that euare-useraddpolicy created for you. No

Common Options

Option Description
--region=region Region to direct requests to.
-U url,--url=url Override service URL with this value.
--as-account account This Eucalyptus extension is for use by the system administrator to act as the account administrator of the specified account without changing to account administrator's role.
-I access_key_id, --access-key=access_key_id Override configured access key ID with this value.
-S secret_key, --secret-key=secret_key Override configured secret key with this value.
--security-token=token Security token.
-D, --debug Prints what the command sends to the server and what it receives from the server. Use when you're trying to debug Euca2ools.
--debugger Enable interactive debugger on error.
-h,--help Display the manual page for the command.
--version Display the version of this tool.

Output

Eucalyptus returns the policy

Example

The following policy allows myuser all actions in EC2.

euare-useraddpolicy -u myuser -p mypolicy -e Allow -a 'ec2:*' -r '*'

The following policy allows myuser all actions in EC2 and outputs the generated JSON policy.

euare-useraddpolicy -u myuser -p mypolicy -e Allow -a 'ec2:*' -r '*' -o
{"Version":"2008-10-17","Statement":[{"Effect":"Allow",
"Action":["ec2:*"], "Resource":["*"]}]}
x