PutRolePermissionsBoundary
Adds or updates the policy that is specified as the IAM role's permissions boundary. You can use an Amazon managed policy or a customer managed policy to set the boundary for a role. Use the boundary to control the maximum permissions that the role can have. Setting a permissions boundary is an advanced feature that can affect the permissions for the role.
You cannot set the boundary for a service-linked role.
Policies used as permissions boundaries do not provide permissions. You must also attach a permissions policy to the role. To learn how the effective permissions for a role are evaluated, see IAM JSON policy evaluation logic in the IAM User Guide.
Request Parameters
For information about the parameters that are common to all actions, see Common Parameters.
- PermissionsBoundary
-
The ARN of the policy that is used to set the permissions boundary for the role.
Type: String
Length Constraints: Minimum length of 20. Maximum length of 2048.
Required: Yes
- RoleName
-
The name (friendly name, not ARN) of the IAM role for which you want to set the permissions boundary.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 64.
Pattern:
[\w+=,.@-]+
Required: Yes
Errors
For information about the errors that are common to all actions, see Common Errors.
- InvalidInput
-
The request was rejected because an invalid or out-of-range value was supplied for an input parameter.
HTTP Status Code: 400
- NoSuchEntity
-
The request was rejected because it referenced a resource entity that does not exist. The error message describes the resource.
HTTP Status Code: 404
- PolicyNotAttachable
-
The request failed because Amazon service role policies can only be attached to the service-linked role for that service.
HTTP Status Code: 400
- ServiceFailure
-
The request processing has failed because of an unknown error, exception or failure.
HTTP Status Code: 500
- UnmodifiableEntity
-
The request was rejected because only the service that depends on the service-linked role can modify or delete the role on your behalf. The error message includes the name of the service that depends on this service-linked role. You must request the change through that service.
HTTP Status Code: 400
See Also
For more information about using this API in one of the language-specific Amazon SDKs, see the following: