Euca2ools Guide / IAM-Compatible Commands |
Adds a new policy for a user.
euare-useraddpolicy -p policyname -e {Allow,Deny} -u user -a action [-r RESOURCE]
Option | Description | Required |
---|---|---|
-u, --user-name user_name | Name of the user to associate the policy with | Yes |
-p, --policy-name policy_name | Name of the policy document | Yes |
-e, --effect effect | The value for the policy's
Effect element. Valid values: Allow | Deny |
Yes |
-a, --action action | The value for the policy's Action element. This value specifies both the service and action you want to allow or deny permission to. For example: -a iam:ListAccessKeys. | Yes |
-o | This option tells Eucalyptus to output the JSON policy document that euare-useraddpolicy created for you. | No |
Option | Description |
---|---|
--region=region | Region to direct requests to. |
-U url,--url=url | Override service URL with this value. |
--as-account account | This Eucalyptus extension is for use by the system administrator to act as the account administrator of the specified account without changing to account administrator's role. |
-I access_key_id, --access-key=access_key_id | Override configured access key ID with this value. |
-S secret_key, --secret-key=secret_key | Override configured secret key with this value. |
--security-token=token | Security token. |
-D, --debug | Prints what the command sends to the server and what it receives from the server. Use when you're trying to debug Euca2ools. |
--debugger | Enable interactive debugger on error. |
-h,--help | Display the manual page for the command. |
--version | Display the version of this tool. |
Eucalyptus returns the policy
The following policy allows myuser all actions in EC2.
euare-useraddpolicy -u myuser -p mypolicy -e Allow -a 'ec2:*' -r '*'
The following policy allows myuser all actions in EC2 and outputs the generated JSON policy.
euare-useraddpolicy -u myuser -p mypolicy -e Allow -a 'ec2:*' -r '*' -o {"Version":"2008-10-17","Statement":[{"Effect":"Allow", "Action":["ec2:*"], "Resource":["*"]}]}