Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

ARN of Inline IAM Policy

0

Hi, may I know what is the format of an inline IAM Policy?

Is there is a way to programmatically get it using boto3 or awscli?

awscli and boto3.iam.client both return just the iam policy name which is not enough to detch or remove the policy.

I cannot seem to get it from the console.

The ultimate goal is to programmatically detach/remove these inline policies and to delete the role altogether.

Thanks

Topics
Security, Identity, & Compliance
Tags
AWS Identity and Access ManagementIAM Policies
Language
English
asked a year ago299 views
1 Answer
2
Accepted Answer

You can delete the inline policy from the role with the CLI command aws iam delete-role-policy --role-name <value> --policy-name <value>, where you only need the names (not ARNs) of the role and the inline policy. https://awscli.amazonaws.com/v2/documentation/api/latest/reference/iam/delete-role-policy.html

In boto3, the method is delete_role_policy, taking the same format for the parameters: https://boto3.amazonaws.com/v1/documentation/api/1.26.86/reference/services/iam/client/delete_role_policy.html

An inline policy is embedded in the role and has no independent existence, and that's why it can't be detached the way that a managed IAM policy can be. An inline policy can only be deleted.

EXPERT
answered a year ago
EXPERT
reviewed a year ago
EXPERT
reviewed a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content