Adds a new policy to a group.


euare-groupaddpolicy -g group_name -p policy_name -e effect -a 'ec2:*' 
	-r resources [-o]


Option Description Required
-g, --group-name group_name Name of the group to associate the policy with Yes
-p, --policy-name policy_name Name of the policy document Yes
-e, --effect effect The value for the policy's Effect element.

Valid values: Allow | Deny

-a, --action action The value for the policy's Action element. This value specifies both the service and action you want to allow or deny permission to. For example: -a iam:ListAccessKeys. Yes
-r, --resources resources Resource(s) the policy should apply to. At least one is required. Yes
-o This option tells Eucalyptus to output the JSON policy document that IAM created for you. No

Common Options

Option Description
--region=region Region to direct requests to.
-U url,--url=url Override service URL with this value.
--as-account account This Eucalyptus extension is for use by the system administrator to act as the account administrator of the specified account without changing to account administrator's role.
-I access_key_id, --access-key=access_key_id Override configured access key ID with this value.
-S secret_key, --secret-key=secret_key Override configured secret key with this value.
--security-token=token Security token.
-D, --debug Prints what the command sends to the server and what it receives from the server. Use when you're trying to debug Euca2ools.
--debugger Enable interactive debugger on error.
-h,--help Display the manual page for the command.
--version Display the version of this tool.


Eucalyptus does not return any message.


The following policy allows all actions in EC2.

euare-groupaddpolicy -g mygroup -p mypolicy -e Allow -a 'ec2:*'

The following policy allows all actions in EC2 and outputs the generated JSON policy.

euare-groupaddpolicy -g mygroup -p mypolicy -e Allow -a 'ec2:*' -o
"Action":["ec2:*"], "Resource":["*"]}]}