Use GetRole with an Amazon SDK or command line tool - Amazon Identity and Access Management
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Use GetRole with an Amazon SDK or command line tool

The following code examples show how to use GetRole.

.NET
Amazon SDK for .NET
Note

There's more on GitHub. Find the complete example and learn how to set up and run in the Amazon Code Examples Repository.

/// <summary> /// Get information about an IAM role. /// </summary> /// <param name="roleName">The name of the IAM role to retrieve information /// for.</param> /// <returns>The IAM role that was retrieved.</returns> public async Task<Role> GetRoleAsync(string roleName) { var response = await _IAMService.GetRoleAsync(new GetRoleRequest { RoleName = roleName, }); return response.Role; }
  • For API details, see GetRole in Amazon SDK for .NET API Reference.

CLI
Amazon CLI

To get information about an IAM role

The following get-role command gets information about the role named Test-Role.

aws iam get-role \ --role-name Test-Role

Output:

{ "Role": { "Description": "Test Role", "AssumeRolePolicyDocument":"<URL-encoded-JSON>", "MaxSessionDuration": 3600, "RoleId": "AROA1234567890EXAMPLE", "CreateDate": "2019-11-13T16:45:56Z", "RoleName": "Test-Role", "Path": "/", "RoleLastUsed": { "Region": "us-east-1", "LastUsedDate": "2019-11-13T17:14:00Z" }, "Arn": "arn:aws:iam::123456789012:role/Test-Role" } }

The command displays the trust policy attached to the role. To list the permissions policies attached to a role, use the list-role-policies command.

For more information, see Creating IAM roles in the Amazon IAM User Guide.

  • For API details, see GetRole in Amazon CLI Command Reference.

Go
SDK for Go V2
Note

There's more on GitHub. Find the complete example and learn how to set up and run in the Amazon Code Examples Repository.

// RoleWrapper encapsulates AWS Identity and Access Management (IAM) role actions // used in the examples. // It contains an IAM service client that is used to perform role actions. type RoleWrapper struct { IamClient *iam.Client } // GetRole gets data about a role. func (wrapper RoleWrapper) GetRole(roleName string) (*types.Role, error) { var role *types.Role result, err := wrapper.IamClient.GetRole(context.TODO(), &iam.GetRoleInput{RoleName: aws.String(roleName)}) if err != nil { log.Printf("Couldn't get role %v. Here's why: %v\n", roleName, err) } else { role = result.Role } return role, err }
  • For API details, see GetRole in Amazon SDK for Go API Reference.

JavaScript
SDK for JavaScript (v3)
Note

There's more on GitHub. Find the complete example and learn how to set up and run in the Amazon Code Examples Repository.

Get the role.

import { GetRoleCommand, IAMClient } from "@aws-sdk/client-iam"; const client = new IAMClient({}); /** * * @param {string} roleName */ export const getRole = (roleName) => { const command = new GetRoleCommand({ RoleName: roleName, }); return client.send(command); };
  • For API details, see GetRole in Amazon SDK for JavaScript API Reference.

PHP
SDK for PHP
Note

There's more on GitHub. Find the complete example and learn how to set up and run in the Amazon Code Examples Repository.

$uuid = uniqid(); $service = new IAMService(); public function getRole($roleName) { return $this->customWaiter(function () use ($roleName) { return $this->iamClient->getRole(['RoleName' => $roleName]); }); }
  • For API details, see GetRole in Amazon SDK for PHP API Reference.

PowerShell
Tools for PowerShell

Example 1: This example returns the details of the lamda_exec_role. It includes the trust policy document that specifies who can assume this role. The policy document is URL encoded and can be decoded using the .NET UrlDecode method. In this example, the original policy had all white space removed before it was uploaded to the policy. To see the permissions policy documents that determine what someone who assumes the role can do, use the Get-IAMRolePolicy for inline policies, and Get-IAMPolicyVersion for attached managed policies.

$results = Get-IamRole -RoleName lambda_exec_role $results | Format-List

Output:

Arn : arn:aws:iam::123456789012:role/lambda_exec_role AssumeRolePolicyDocument : %7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22 %3A%22%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service %22%3A%22lambda.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole %22%7D%5D%7D CreateDate : 4/2/2015 9:16:11 AM Path : / RoleId : 2YBIKAIBHNKB4EXAMPLE1 RoleName : lambda_exec_role
$policy = [System.Web.HttpUtility]::UrlDecode($results.AssumeRolePolicyDocument) $policy

Output:

{"Version":"2012-10-17","Statement":[{"Sid":"","Effect":"Allow","Principal":{"Service":"lambda.amazonaws.com"},"Action":"sts:AssumeRole"}]}
  • For API details, see GetRole in Amazon Tools for PowerShell Cmdlet Reference.

Python
SDK for Python (Boto3)
Note

There's more on GitHub. Find the complete example and learn how to set up and run in the Amazon Code Examples Repository.

def get_role(role_name): """ Gets a role by name. :param role_name: The name of the role to retrieve. :return: The specified role. """ try: role = iam.Role(role_name) role.load() # calls GetRole to load attributes logger.info("Got role with arn %s.", role.arn) except ClientError: logger.exception("Couldn't get role named %s.", role_name) raise else: return role
  • For API details, see GetRole in Amazon SDK for Python (Boto3) API Reference.

Ruby
SDK for Ruby
Note

There's more on GitHub. Find the complete example and learn how to set up and run in the Amazon Code Examples Repository.

# Gets data about a role. # # @param name [String] The name of the role to look up. # @return [Aws::IAM::Role] The retrieved role. def get_role(name) role = @iam_client.get_role({ role_name: name, }).role puts("Got data for role '#{role.role_name}'. Its ARN is '#{role.arn}'.") rescue Aws::Errors::ServiceError => e puts("Couldn't get data for role '#{name}' Here's why:") puts("\t#{e.code}: #{e.message}") raise else role end
  • For API details, see GetRole in Amazon SDK for Ruby API Reference.

Rust
SDK for Rust
Note

There's more on GitHub. Find the complete example and learn how to set up and run in the Amazon Code Examples Repository.

pub async fn get_role( client: &iamClient, role_name: String, ) -> Result<GetRoleOutput, SdkError<GetRoleError>> { let response = client.get_role().role_name(role_name).send().await?; Ok(response) }
  • For API details, see GetRole in Amazon SDK for Rust API reference.

Swift
SDK for Swift
Note

This is prerelease documentation for an SDK in preview release. It is subject to change.

Note

There's more on GitHub. Find the complete example and learn how to set up and run in the Amazon Code Examples Repository.

public func getRole(name: String) async throws -> IAMClientTypes.Role { let input = GetRoleInput( roleName: name ) do { let output = try await client.getRole(input: input) guard let role = output.role else { throw ServiceHandlerError.noSuchRole } return role } catch { throw error } }
  • For API details, see GetRole in Amazon SDK for Swift API reference.

For a complete list of Amazon SDK developer guides and code examples, see Using IAM with an Amazon SDK. This topic also includes information about getting started and details about previous SDK versions.