Unable to create IAM Policy with Boto3, getting error AttributeError: 'IAMConnection' object has no attribute 'create_policy'

423 views
Skip to first unread message

yasho...@logbullit.com

unread,
Oct 9, 2015, 11:55:49 AM10/9/15
to boto-users
Hello Group Members,

I am trying to create IAM policy with boto3 but getting following error-
AttributeError: 'IAMConnection' object has no attribute 'create_policy'

I am doing just following script-
*********************************************************************************
#!/usr/bin/python
import boto
import json
###### Configurations ########
ACCESS_KEY                 = "Access key value"
SECRET_KEY                 = "Secret Key value"
REGION_NAME                = 'us-east-1'
FIRST_AZ                   = REGION_NAME + 'a'
SECOND_AZ                  = REGION_NAME + 'c'

iam_conn = boto.iam.connection.IAMConnection(aws_access_key_id=ACCESS_KEY, aws_secret_access_key=SECRET_KEY, is_secure=True, port=None, proxy=None, proxy_port=None, proxy_user=None, proxy_pass=None, host='iam.amazonaws.com', debug=0, https_connection_factory=None, path='/', security_token=None, validate_certs=True, profile_name=None)
print iam_conn
response = iam_conn.create_policy(PolicyName='Test DB Admin', Path='/', PolicyDocument='DB_Admin_Policy_Doc.json', Description='Description of Test DB Admin Policy')
print response
**************************************************************************************
Here DB_Admin_Policy_Doc.json is JSON file which contains policy document and it is in the same directory where this script lies.


Please help me and suggest where am I doing mistake.

Thanks & Regards
Yash

Victor Trac

unread,
Oct 10, 2015, 10:25:52 PM10/10/15
to boto-users
PolicyDocument is not a file but a JSON string. See this: http://boto.readthedocs.org/en/latest/ref/iam.html#boto.iam.connection.IAMConnection.create_policy

Path in this case is the IAM Identifier, not a file path.

You'll need to do something like:

...
with open('DB_Admin_Policy_Doc.json', 'r') as policy_document:
    response = iam_conn.create_policy(PolicyName='Test DB Admin', Path='/', PolicyDocument=policy_document.read(), Description='Description of Test DB Admin Policy')
...

Also, you're using boto, not boto3.



--
Victor Trac  |  twitter.com/victortrac 

--
You received this message because you are subscribed to the Google Groups "boto-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to boto-users+...@googlegroups.com.
To post to this group, send email to boto-...@googlegroups.com.
Visit this group at http://groups.google.com/group/boto-users.
For more options, visit https://groups.google.com/d/optout.

Reply all
Reply to author
Forward
0 new messages