Adds a new policy for a role.


euare-roleaddpolicy -r role_name -p policy_name -e {Allow,Deny} -a actions 
	-c resources [-o] [--as-account account]


Option Description Required
-r, --role-name role_name Name of the role to associate the policy with Yes
-p, --policy-name policy_name Name of the new policy Yes
-e, --effect effect The value for the policy's Effect element.

Valid values: Allow | Deny

-a, --action action The value for the policy's Action element. This value specifies both the service and action you want to allow or deny permission to. For example: -a iam:ListAccessKeys. Yes
-c, --actions actions Actions that the policy should apply to. At least one is required. Yes
--as-account account [Eucalyptus cloud administrator only] Run this command as the administrator of another account. No

Common Options

Option Description
--region=region Region to direct requests to.
-U url,--url=url Override service URL with this value.
--as-account account This Eucalyptus extension is for use by the system administrator to act as the account administrator of the specified account without changing to account administrator's role.
-I access_key_id, --access-key=access_key_id Override configured access key ID with this value.
-S secret_key, --secret-key=secret_key Override configured secret key with this value.
--security-token=token Security token.
-D, --debug Prints what the command sends to the server and what it receives from the server. Use when you're trying to debug Euca2ools.
--debugger Enable interactive debugger on error.
-h,--help Display the manual page for the command.
--version Display the version of this tool.


Eucalyptus returns the policy


The following policy allows myuser all actions in EC2.

euare-roleaddpolicy -r myrole -p mypolicy -e Allow -a 'ec2:*' -r '*'

The following policy allows myuser all actions in EC2 and outputs the generated JSON policy.

euare-roleaddpolicy -r myrole -p mypolicy -e Allow -a 'ec2:*' -r '*' -o
"Action":["ec2:*"], "Resource":["*"]}]}