Skip to content

/AWS1/CL_IAM=>ATTACHROLEPOLICY()

About AttachRolePolicy

Attaches the specified managed policy to the specified IAM role. When you attach a managed policy to a role, the managed policy becomes part of the role's permission (access) policy.

You cannot use a managed policy as the role's trust policy. The role's trust policy is created at the same time as the role, using CreateRole . You can update a role's trust policy using UpdateAssumerolePolicy .

Use this operation to attach a managed policy to a role. To embed an inline policy in a role, use PutRolePolicy . For more information about policies, see Managed policies and inline policies in the IAM User Guide.

As a best practice, you can validate your IAM policies. To learn more, see Validating IAM policies in the IAM User Guide.

Method Signature

IMPORTING

Required arguments:

iv_rolename TYPE /AWS1/IAMROLENAMETYPE /AWS1/IAMROLENAMETYPE

The name (friendly name, not ARN) of the role to attach the policy to.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

iv_policyarn TYPE /AWS1/IAMARNTYPE /AWS1/IAMARNTYPE

The Amazon Resource Name (ARN) of the IAM policy you want to attach.

For more information about ARNs, see Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.

Examples

Syntax Example

This is an example of the syntax for calling the method. It includes every possible argument and initializes every possible value. The data provided is not necessarily semantically accurate (for example the value "string" may be provided for something that is intended to be an instance ID, or in some cases two arguments may be mutually exclusive). The syntax shows the ABAP syntax for creating the various data structures.

lo_client->/aws1/if_iam~attachrolepolicy(
  iv_policyarn = |string|
  iv_rolename = |string|
).

To attach a managed policy to an IAM role

The following command attaches the AWS managed policy named ReadOnlyAccess to the IAM role named ReadOnlyRole.

lo_client->/aws1/if_iam~attachrolepolicy(
  iv_policyarn = |arn:aws:iam::aws:policy/ReadOnlyAccess|
  iv_rolename = |ReadOnlyRole|
).