Need a feature for getting IAM Role's trust policy alone in CLI.

[nrssutharsanan]

Describe the feature

Need a feature request for getting IAM Role's trust policy alone in CLI.
As of now we have to perform iam get-role CLI command and then manipulate to get the role's trust policy alone.
I feel its valuable to add a new feature / command to get role's trust policy alone.
Suggested code --
aws iam get-role-trust-policy --role-name <<your role name>> __

Use Case

This is required when we want to do some manipulations to the existing Trust policy and add new policies , since the CLI gives only the option to overwrite an existing policy.

Proposed Solution

No response

Other Information

No response

Acknowledgements

• I may be able to implement this feature request
• This feature might incur a breaking change

CLI version used

2.17.47

Environment details (OS name and version, etc.)

Windows/Linux,etc

[nrssutharsanan]

Python/3.12.5 Linux/5.10.223-211.872.amzn2.x86_64 source/x86_64.alpine.3

[adev-code]

Hi nrssutharsanan@, thanks for reaching out. As you have mentioned, the $ aws iam get-role --role-name already includes the Trust Policy. To isolate it, you could do Client side filtering ( https://docs.aws.amazon.com/cli/v1/userguide/cli-usage-filter.html#cli-usage-filter-client-side ). An example command would be:
$ aws iam get-role --role-name --query 'Role.AssumeRolePolicyDocument'
Could you clarify why this doesn't work for your use case?
Thank you.

[nrssutharsanan]

Hey @adev-code --
Yes that does work, but whenever I want to update any Trust policy for a mass of accounts, I had to do an extra hop to getting this by running the above command and had to do some JQ modifications and then do an update trust policy.

So having to just get the Trust Policy alone , just like get managed policy etc , which even can be got in get-role, but still we do have separate command for.it, so similar ly if I have a separate command to fetch only the trust policy, it is better for me to go and do updates at scale.

[adev-code]

Hi @nrssutharsanan, I have submitted a feature request to the IAM team to create an operation that gives the Trust Policy of the role. Please refer to an SDK or AWS CLI changelog (https://raw.githubusercontent.com/aws/aws-cli/v2/CHANGELOG.rst) for updates about this going forward.
Please let me know if you have any other questions. Thanks!

[nrssutharsanan]

Hey @adev-code , will this be solved by IAM team or can I solve as well ?

[adev-code]

Hi @nrssutharsanan, the IAM team would provide updates on the SDK or AWS CLI changelog (https://raw.githubusercontent.com/aws/aws-cli/v2/CHANGELOG.rst)
Please let me know if you have any other questions. Thanks!

[github-actions]

Greetings! It looks like this issue hasn’t been active in longer than five days. We encourage you to check if this is still an issue in the latest release. In the absence of more information, we will be closing this issue soon. If you find that this is still a problem, please feel free to provide a comment or upvote with a reaction on the initial post to prevent automatic closure. If the issue is already closed, please feel free to open a new one.