Get inline policies that are embedded in the specified IAM group are return Empty (For Roles too) #338
-
Describe the bugHello, I have a Group in my account, I would list the policy attached on the group, but the list of policy is empty. I tested on the roles object, it's same. Test: Amazon.IdentityManagement.Model.Group False {} I register a policy on the group "myGroup" The policy is applys, I see in the console Get-IAMGroupPolicyList -GroupName myGroup-Credential $Creds -Debug -Verbose The return is empty: Regards Expected BehaviorI would like the list of policy attached on the group Current BehaviorThe return is empty Reproduction StepsNew-IAMGroup -GroupName myGroup -Credential $Creds Possible SolutionNo response Additional Information/ContextNo response AWS Tools for PowerShell version usedCmdlet Get-IAMGroupPolicyList 4.1.491 AWSPowerShell.NetCore PowerShell version usedVersion 5.1 Operating System and versionWindows 10 |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 1 reply
-
|
@Fanch44step Good morning. Thanks for opening the issue. To list attached policy, you should use PS> Get-IAMGroup -GroupName testgroup
Group IsTruncated Marker Users
----- ----------- ------ -----
Amazon.IdentityManagement.Model.Group False {}
PS> Register-IAMGroupPolicy -GroupName testgroup -PolicyArn arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess -Debug
DEBUG: Credentials obtained from stored profile named 'default'
DEBUG: Region obtained from stored region with value 'us-east-2'
Confirm
Are you sure you want to perform this action?
Performing the operation "Register-IAMGroupPolicy (AttachGroupPolicy)" on target "testgroup".
[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"):
VERBOSE: Invoking AWS Identity and Access Management operation 'AttachGroupPolicy' in region 'us-east-2'
Confirm
Continue with this operation?
[Y] Yes [A] Yes to All [H] Halt Command [S] Suspend [?] Help (default is "Y"):
PS> Get-IAMAttachedGroupPolicyList -GroupName testgroup -Debug -Verbose
DEBUG: Credentials obtained from stored profile named 'default'
DEBUG: Region obtained from stored region with value 'us-east-2'
VERBOSE: Invoking AWS Identity and Access Management operation 'ListAttachedGroupPolicies' in region 'us-east-2'
PolicyArn PolicyName
--------- ----------
arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess AmazonS3ReadOnlyAccessConverting this issue into Thanks, |
Beta Was this translation helpful? Give feedback.
-
|
Hello, Thank you very much for your feedback. I hadn't seen this subtlety of shared policies integrated into powershell commands. King regards |
Beta Was this translation helpful? Give feedback.
-
|
Hello! Reopening this discussion to make it searchable. |
Beta Was this translation helpful? Give feedback.
@Fanch44step Good morning. Thanks for opening the issue.
Get-IAMGroupPolicyListinvokes the service API operation ListGroupPolicies which lists the names of the inline policies that are embedded in the specified IAM group. However, per details shared in the issue, you attached the IAM policy with specified ARN usingRegister-IAMGroupPolicy; in other words, you did not embed an inline policy.To list attached policy, you should use
Get-IAMAttachedGroupPolicyListCmdLet instead. I tested this at my end after created an IAM group namedtestgroupvia AWS Console. The results are shown below: