put_role_policy ( $role_name, $policy_name, $policy_document, $opt )

Adds (or updates) a policy document associated with the specified role. For information about policies, go to Overview of Policies in Using AWS Identity and Access Management.

For information about limits on the policies you can associate with a role, see Limitations on IAM Entities in Using AWS Identity and Access Management.

Because policy documents can be large, you should use POST rather than GET when calling PutRolePolicy. For information about setting up signatures and authorization through the API, go to Signing AWS API Requests in the AWS General Reference. For general information about using the Query API with IAM, go to Making Query Requests in Using IAM.

Access

public

Parameters

Parameter

Type

Required

Description

$role_name

string

Required

Name of the role to associate the policy with. [Constraints: The value must be between 1 and 64 characters, and must match the following regular expression pattern: [\w+=,.@-]*]

$policy_name

string

Required

Name of the policy document. [Constraints: The value must be between 1 and 128 characters, and must match the following regular expression pattern: [\w+=,.@-]*]

$policy_document

string

Required

The policy document. [Constraints: The value must be between 1 and 131072 characters, and must match the following regular expression pattern: [\u0009\u000A\u000D\u0020-\u00FF]+]

$opt

array

Optional

An associative array of parameters that can have the following keys:

  • curlopts - array - Optional - A set of values to pass directly into curl_setopt(), where the key is a pre-defined CURLOPT_* constant.
  • returnCurlHandle - boolean - Optional - A private toggle specifying that the cURL handle be returned rather than actually completing the request. This toggle is useful for manually managed batch requests.

Returns

Type

Description

CFResponse

A CFResponse object containing a parsed HTTP response.

Examples

Test the preparation of instance profiles and roles.

// Instantiate the client
$iam = new AmazonIAM();

// Role policy
$role_policy = new CFPolicy($iam, array(
	'Statement' => array(
		array(
			'Effect' => 'Allow',
			'Action' => '*',
			'Resource' => '*'
		)
	)
));

// Create role
$response = $iam->create_role('example-role', AmazonIAM::STANDARD_EC2_ASSUME_ROLE_POLICY);
var_dump($response->isOK());

// Create instance profile
$response = $iam->create_instance_profile('example-profile');
var_dump($response->isOK());

// Put role policy
$response = $iam->put_role_policy('example-role', 'example-role-policy', $role_policy->get_json());
var_dump($response->isOK());

// Add role to instance
$response = $iam->add_role_to_instance_profile('example-profile', 'example-role');
var_dump($response->isOK());
Result:
bool(true)
bool(true)
bool(true)
bool(true)

Source

Method defined in services/iam.class.php | Toggle source view (9 lines) | View on GitHub

public function put_role_policy($role_name, $policy_name, $policy_document, $opt = null)
{
    if (!$opt) $opt = array();
    $opt['RoleName'] = $role_name;
    $opt['PolicyName'] = $policy_name;
    $opt['PolicyDocument'] = $policy_document;
    
    return $this->authenticate('PutRolePolicy', $opt);
}

Copyright © 2010–2013 Amazon Web Services, LLC


Feedback