AWS::IAM::RolePolicy

IAM RolePolicy

Adds or updates an inline policy document that is embedded in the specified IAM role. When you embed an inline policy in a role, the inline policy is used as part of the role's access (permissions) policy. The role's trust policy is created at the same time as the role, using [CreateRole](https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateRole.html). You can update a role's trust policy using [UpdateAssumeRolePolicy](https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateAssumeRolePolicy.html). For information about roles, see [roles](https://docs.aws.amazon.com/IAM/latest/UserGuide/roles-toplevel.html) in the *IAM User Guide*. A role can also have a managed policy attached to it. To attach a managed policy to a role, use [AWS::IAM::Role](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html). To create a new managed policy, use [AWS::IAM::ManagedPolicy](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-managedpolicy.html). For information about policies, see [Managed policies and inline policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) in the *IAM User Guide*. For information about the maximum number of inline policies that you can embed with a role, see [IAM and quotas](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) in the *IAM User Guide*.

Properties

3 configurable properties. 2 required. Click a row to see details.

Filter:

Property	Type	Flags
`PolicyName`	`string`	RequiredCreate-only
`RoleName`	`string`	RequiredCreate-only
`PolicyDocument`	`object`

Sample CloudFormation Template

A minimal template with required properties and common optional ones.

template.yaml

AWSTemplateFormatVersion: "2010-09-09"
Description: Sample template for AWS::IAM::RolePolicy

Resources:
  MyResource:
    Type: AWS::IAM::RolePolicy
    Properties:
      PolicyName: "my-policyname"
      RoleName: "my-rolename"

Required IAM Permissions

Permissions CloudFormation needs in your IAM role to manage this resource.

create

iam:PutRolePolicyiam:GetRolePolicy

read

iam:GetRolePolicy

update

iam:PutRolePolicyiam:GetRolePolicy

delete

iam:DeleteRolePolicyiam:GetRolePolicy

Get the IAM Cheat Sheet

Everything you need to know about IAM on one page. HD quality, print-friendly.

Download Free Infographic

Quick Facts

ServiceIAM

Properties3

Required2

TaggingNot supported

Primary IDPolicyName

Supported Operations

CreateReadUpdateDelete

Immutable After Creation

These properties cannot be changed after the resource is created. Updating them triggers a replacement.

PolicyNameRoleName

Related Resources

External Links

AWS Documentation