Attach an IAM managed policy to a user - Amazon Command Line Interface
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

This documentation is for Version 1 of the Amazon CLI only. For documentation related to Version 2 of the Amazon CLI, see the Version 2 User Guide.

Attach an IAM managed policy to a user

This topic describes how to use Amazon Command Line Interface (Amazon CLI) commands to attach an Amazon Identity and Access Management (IAM) policy to a user. The policy in this example provides the user with "Power User Access". For more information on the IAM service, see the Amazon Identity and Access Management User Guide.

Before you run any commands, set your default credentials. For more information, see Configure the Amazon CLI.

To attach an IAM managed policy to a user
  1. Determine the Amazon Resource Name (ARN) of the policy to attach. The following command uses list-policies to find the ARN of the policy with the name PowerUserAccess. It then stores that ARN in an environment variable.

    $ export POLICYARN=$(aws iam list-policies --query 'Policies[?PolicyName==`PowerUserAccess`].{ARN:Arn}' --output text) ~ $ echo $POLICYARN arn:aws-cn:iam::aws:policy/PowerUserAccess
  2. To attach the policy, use the attach-user-policyattach-user-policy command, and reference the environment variable that holds the policy ARN.

    $ aws iam attach-user-policy --user-name MyUser --policy-arn $POLICYARN
  3. Verify that the policy is attached to the user by running the list-attached-user-policies command.

    $ aws iam list-attached-user-policies --user-name MyUser { "AttachedPolicies": [ { "PolicyName": "PowerUserAccess", "PolicyArn": "arn:aws-cn:iam::aws:policy/PowerUserAccess" } ] }

For more information, see Access Management Resources. This topic provides links to an overview of permissions and policies, and links to examples of policies for accessing Amazon S3, Amazon EC2, and other services.