Reputation: 1
How to list available policies for an assumed AWS IAM role
I am using python and boto to assume an AWS IAM role. I want to see what policies are attached to the role so i can loop through them and determine what actions are available for the role. I want to do this so I can know if some actions are available instead of doing this by calling them and checking if i get an error. However I cannot find a way to list the policies for the role after assuming it as the role is not authorised to perform IAM actions.
Is there anyone who knows how this is done or is this perhaps something i should not be doing.
Upvotes: 0
Views: 702
Answers (1)
Reputation: 269091
To obtain policies, your AWS credentials require permissions to retrieve the policies.
If such permissions are not associated with the assumed role, you could use another set of credentials to retrieve the permissions (but those credentials would need appropriate IAM permissions).
There is no way to ask "What policies do I have?" without having the necessary permissions. This is an intentional part of AWS security because seeing policies can reveal some security information (eg "Oh, why am I specifically denied access to the Top-Secret-XYZ S3 bucket?").
Upvotes: 1
Related Questions
- AWS IAM find a role that has a specific policy?
- Python boto function for getting ALL policies associated with a ROLE?
- List of all roles with attached policies with Boto3
- AWS cli/boto3- Is it possible to know if a role or policy has permissions over a resource?
- Get AWS IAM policy Access Advisor records from CLI or SDK
- How to list Roles that has Policy type: "AWS managed policy"?
- Trying to create IAM Policy, Role and Users using Python (Boto3)
- How can we fetch IAM users, their groups and policies?
- boto3 iam client: get policy by name
- How do you create roles and policies with Boto 3?