:doc:`IAM <../../iam>` / Client / attach_role_policy

******************
attach_role_policy
******************



.. py:method:: IAM.Client.attach_role_policy(**kwargs)

  

  Attaches the specified managed policy to the specified IAM role. When you attach a managed policy to a role, the managed policy becomes part of the role's permission (access) policy.

   

  .. note::

    

    You cannot use a managed policy as the role's trust policy. The role's trust policy is created at the same time as the role, using `CreateRole <https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateRole.html>`__. You can update a role's trust policy using `UpdateAssumerolePolicy <https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateAssumeRolePolicy.html>`__.

    

   

  Use this operation to attach a *managed* policy to a role. To embed an inline policy in a role, use `PutRolePolicy <https://docs.aws.amazon.com/IAM/latest/APIReference/API_PutRolePolicy.html>`__. For more information about policies, see `Managed policies and inline policies <https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html>`__ in the *IAM User Guide*.

   

  As a best practice, you can validate your IAM policies. To learn more, see `Validating IAM policies <https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_policy-validator.html>`__ in the *IAM User Guide*.

  

  See also: `AWS API Documentation <https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/AttachRolePolicy>`_  


  **Request Syntax**
  ::

    response = client.attach_role_policy(
        RoleName='string',
        PolicyArn='string'
    )
    
  :type RoleName: string
  :param RoleName: **[REQUIRED]** 

    The name (friendly name, not ARN) of the role to attach the policy to.

     

    This parameter allows (through its `regex pattern <http://wikipedia.org/wiki/regex>`__) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

    

  
  :type PolicyArn: string
  :param PolicyArn: **[REQUIRED]** 

    The Amazon Resource Name (ARN) of the IAM policy you want to attach.

     

    For more information about ARNs, see `Amazon Resource Names (ARNs) <https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html>`__ in the *Amazon Web Services General Reference*.

    

  
  
  :returns: None
  **Exceptions**
  
  *   :py:class:`IAM.Client.exceptions.NoSuchEntityException`

  
  *   :py:class:`IAM.Client.exceptions.LimitExceededException`

  
  *   :py:class:`IAM.Client.exceptions.InvalidInputException`

  
  *   :py:class:`IAM.Client.exceptions.UnmodifiableEntityException`

  
  *   :py:class:`IAM.Client.exceptions.PolicyNotAttachableException`

  
  *   :py:class:`IAM.Client.exceptions.ServiceFailureException`

  

  **Examples**

  The following command attaches the AWS managed policy named ReadOnlyAccess to the IAM role named ReadOnlyRole.
  ::

    response = client.attach_role_policy(
        PolicyArn='arn:aws:iam::aws:policy/ReadOnlyAccess',
        RoleName='ReadOnlyRole',
    )
    
    print(response)

  
  Expected Output:
  ::

    {
        'ResponseMetadata': {
            '...': '...',
        },
    }

  