Attaching a Managed Policy to a User or a Group

You can attach a managed policy to a user or a group. This policy is automatically applied to the individual user or to all the users in the group. You can attach up to two policies to a single user or group at the same time.

If you create several versions for a policy, the policy version set as the default one is applied. For more information, see Editing Managed Policies Using Policy Versions.

Attaching a Managed Policy to a User

Attaching a Managed Policy to a User Using Cockpit v2

Before you begin: Create a managed policy. For more information, see Creating a Managed Policy.

In the EIM Users dashboard, check the box of the user to which you want to attach a managed policy.
The user is selected.
Click Link Policy.
The LINK POLICY dialog box appears.
From the Policy list, select one or more managed policies you want to attach to the user.
Click Link.
The managed policy is attached and applied to the user.

Attaching a Managed Policy to a User Using OSC CLI

The LinkPolicy command links a managed policy to a specific user.

Request sample

$ osc-cli api LinkPolicy --profile "default" \
    --PolicyOrn "orn:ows:idauth::012345678910:policy/example/example-user-policy" \
    --UserName "example-user"

This command contains the following attributes that you need to specify:

DryRun: (optional) If true, checks whether you have the required permissions to perform the action.
PolicyOrn: The OUTSCALE Resource Name (ORN) of the policy. For more information, see Resource Identifiers.
UserName: The name of the user you want to link the policy to (between 1 and 64 characters).

The LinkPolicy command returns the following elements:

ResponseContext: Information about the context of the response.
- RequestId: The ID of the request.

Result sample

{
  "ResponseContext": {
    "RequestId": "0475ca1e-d0c5-441d-712a-da55a4175157"
  }
}

Attaching a Managed Policy to a User Using oapi-cli

The LinkPolicy command links a managed policy to a specific user.

Request sample

$ oapi-cli --profile "default" LinkPolicy \
    --PolicyOrn "orn:ows:idauth::012345678910:policy/example/example-user-policy" \
    --UserName "example-user"

This command contains the following attributes that you need to specify:

DryRun: (optional) If true, checks whether you have the required permissions to perform the action.
PolicyOrn: The OUTSCALE Resource Name (ORN) of the policy. For more information, see Resource Identifiers.
UserName: The name of the user you want to link the policy to (between 1 and 64 characters).

The LinkPolicy command returns the following elements:

ResponseContext: Information about the context of the response.
- RequestId: The ID of the request.

Result sample

{
  "ResponseContext": {
    "RequestId": "0475ca1e-d0c5-441d-712a-da55a4175157"
  }
}

Attaching a Managed Policy to a User Using AWS CLI

Before you begin:

Install and configure AWS CLI. For more information, see Installing and Configuring AWS CLI.
Create a managed policy. For more information, see Creating a Managed Policy.

To attach a managed policy to a user, use the attach-user-policy command following this syntax:

Request sample

$ aws iam attach-user-policy \
    --profile YOUR_PROFILE \
    --user-name USER_NAME \
    --policy-arn arn:aws:iam::123456789012:policy/MY_POLICY \
    --endpoint https://eim.eu-west-2.outscale.com

This command contains the following attributes that you need to specify:

(optional) profile: The named profile you want to use, created when configuring AWS CLI. For more information, see Installing and Configuring AWS CLI.
user-name: The name of the user to which you want to attach the managed policy.
policy-arn: The OUTSCALE Resource Name (ORN) of the policy you want to attach.
endpoint: The endpoint corresponding to the Region you want to send the request to. For more information, see Installing and Configuring AWS CLI.

The specified managed policy is attached and applied to the user.

Attaching a Managed Policy to a Group

Attaching a Managed Policy to a Group Using Cockpit v2

You can also attach a policy when creating a group. For more information, see Creating a Group.

In the EIM Groups dashboard, check the box of the group you want to attach a policy to.
The group is selected.
Click Update Policies.
The UPDATED MANAGED GROUP POLICIES dialog box appears.
From the Policy list, select one or more managed policies you want to attach to the group.
Click Update.
The specified managed policy is attached to the group, and applied to each user in the group.

Attaching a Managed Policy to a Group Using OSC CLI

The LinkManagedPolicyToUserGroup command links a managed policy to a specific group. This policy applies to all the users contained in this group.

Request sample

$ osc-cli api LinkManagedPolicyToUserGroup --profile "default" \
    --PolicyOrn "orn:ows:idauth::012345678910:policy/example/example-user-policy" \
    --UserGroupName "example-usergroup"

This command contains the following attributes that you need to specify:

DryRun: (optional) If true, checks whether you have the required permissions to perform the action.
PolicyOrn: The OUTSCALE Resource Name (ORN) of the policy. For more information, see Resource Identifiers.
UserGroupName: The name of the group you want to link the policy to.

The LinkManagedPolicyToUserGroup command returns the following elements:

ResponseContext: Information about the context of the response.
- RequestId: The ID of the request.

Result sample

{
  "ResponseContext": {
    "RequestId": "0475ca1e-d0c5-441d-712a-da55a4175157"
  }
}

Attaching a Managed Policy to a Group Using oapi-cli

The LinkManagedPolicyToUserGroup command links a managed policy to a specific group. This policy applies to all the users contained in this group.

Request sample

$ oapi-cli --profile "default" LinkManagedPolicyToUserGroup \
    --PolicyOrn "orn:ows:idauth::012345678910:policy/example/example-user-policy" \
    --UserGroupName "example-usergroup"

This command contains the following attributes that you need to specify:

DryRun: (optional) If true, checks whether you have the required permissions to perform the action.
PolicyOrn: The OUTSCALE Resource Name (ORN) of the policy. For more information, see Resource Identifiers.
UserGroupName: The name of the group you want to link the policy to.

The LinkManagedPolicyToUserGroup command returns the following elements:

ResponseContext: Information about the context of the response.
- RequestId: The ID of the request.

Result sample

{
  "ResponseContext": {
    "RequestId": "0475ca1e-d0c5-441d-712a-da55a4175157"
  }
}

Attaching a Managed Policy to a Group Using AWS CLI

Before you begin:

Install and configure AWS CLI. For more information, see Installing and Configuring AWS CLI.
Create a managed policy. For more information, see Creating a Managed Policy.

To attach a managed policy to a group, use the attach-group-policy command following this syntax:

Request sample

$ aws iam attach-group-policy \
    --profile YOUR_PROFILE \
    --group-name USER_NAME \
    --policy-arn arn:aws:iam::123456789012:policy/MY_POLICY \
    --endpoint https://eim.eu-west-2.outscale.com

This command contains the following attributes that you need to specify:

(optional) profile: The named profile you want to use, created when configuring AWS CLI. For more information, see Installing and Configuring AWS CLI.
group-name: The name of the group to which you want to attach the policy.
policy-arn: The OUTSCALE Resource Name (ORN) of the policy you want to attach.
endpoint: The endpoint corresponding to the Region you want to send the request to. For more information, see Installing and Configuring AWS CLI.

The specified managed policy is attached to the group, and applied to each user in the group.

Related Pages

Corresponding API Methods

AWS™ and Amazon Web Services™ are trademarks of Amazon Technologies, Inc or its affiliates in the United States and/or other countries.