search

awslabs / aws-shell

An integrated shell for working with the AWS CLI.
Apache License 2.0
7.15k stars 769 forks source link

Iam list-roles does not display permission boundaries for the roles #229

Open rams3sh opened 5 years ago

rams3sh commented 5 years ago

I have enforced permission boundaries in one of my roles in my AWS account. However , I do not get the permission boundary policy displayed as part of list-roles api call as documented as part of official API docs here

But the same policy is being displayed when get-role is called for the specific role. Since I am not sure on whose side the problem is either at the AWS API gateway / boto3. Hence raising it here.

I use windows 10 and have my boto3 version as given below :- 

C:\>python -c "import boto3; print(boto3.__version__)"
1.9.156

Given down the output of the aws cli command with jq to give out the keys of the output for clarity :- 

C:\>aws iam list-roles | jq ".Roles[] | keys"
[
  "Arn",
  "AssumeRolePolicyDocument",
  "CreateDate",
  "Description",
  "MaxSessionDuration",
  "Path",
  "RoleId",
  "RoleName"
]
[
  "Arn",
  "AssumeRolePolicyDocument",
  "CreateDate",
  "MaxSessionDuration",
  "Path",
  "RoleId",
  "RoleName"
]
[
  "Arn",
  "AssumeRolePolicyDocument",
  "CreateDate",
  "MaxSessionDuration",
  "Path",
  "RoleId",
  "RoleName"
]

Output of get-role for the specific role with Permissions Boundary :- 

C:\>aws iam get-role --role-name "RoleWithPermissionBoundarySet" | jq ".Role[] | keys?"
[
  "PermissionsBoundaryArn",
  "PermissionsBoundaryType"
]
[
  "Statement",
  "Version"
]