Amazon AWS CLI: How do I find out what actions/permissions/policies are attributed to a role?

CoolName420

2/23/24, 8:46 AM

I'm on Linux and using the AWS CLI.

I tried running the following:

aws iam list-instance-profiles-for-role --role-name role-abc-123
aws iam get-role --role-name role-abc-123 --query 'Role.AssumeRolePolicyDocument.Statement[].Action[]'
aws iam list-attached-role-policies --role-name role-abc-123

However each one comes back with:

An error occurred (AccessDenied) when calling the XXX operation: User: YYY is not authorized to perform: XXX on resource: role ZZZ because no identity-based policy allows the XXX action

How would I see what actions I'm able to perform, what policy is against the role and which actions are against that policy?

Thanks

587

0 + 1

amazon-web-services

aws-cli

palvarez

2/23/24, 6:36 PM

You need permission to access IAM in order to get the policies attached.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Amazon AWS CLI: How do I find out what actions/permissions/policies are attributed to a role?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.