Amazon IAM · Capability
Amazon IAM API — Policies
Amazon IAM API — Policies. 7 operations. Lead operation: Amazon IAM Attach a Managed Policy to a Role. Self-contained Naftiko capability covering one Amazon Iam business surface.
What You Can Do
GET
Attachrolepolicy
— Amazon IAM Attach a Managed Policy to a Role
/v1/action-attachrolepolicy
GET
Attachuserpolicy
— Amazon IAM Attach a Managed Policy to a User
/v1/action-attachuserpolicy
GET
Createpolicy
— Amazon IAM Create a New IAM Policy
/v1/action-createpolicy
GET
Detachrolepolicy
— Amazon IAM Detach a Managed Policy from a Role
/v1/action-detachrolepolicy
GET
Detachuserpolicy
— Amazon IAM Detach a Managed Policy from a User
/v1/action-detachuserpolicy
GET
Getpolicy
— Amazon IAM Get Information About an IAM Policy
/v1/action-getpolicy
GET
Listpolicies
— Amazon IAM List IAM Policies
/v1/action-listpolicies
MCP Tools
amazon-iam-attach-managed-policy
Amazon IAM Attach a Managed Policy to a Role
read-only
idempotent
amazon-iam-attach-managed-policy-2
Amazon IAM Attach a Managed Policy to a User
read-only
idempotent
amazon-iam-create-new-iam
Amazon IAM Create a New IAM Policy
read-only
idempotent
amazon-iam-detach-managed-policy
Amazon IAM Detach a Managed Policy from a Role
read-only
idempotent
amazon-iam-detach-managed-policy-2
Amazon IAM Detach a Managed Policy from a User
read-only
idempotent
amazon-iam-get-information-about
Amazon IAM Get Information About an IAM Policy
read-only
idempotent
amazon-iam-list-iam-policies
Amazon IAM List IAM Policies
read-only
idempotent
Capability Spec
naftiko: 1.0.0-alpha2
info:
label: Amazon IAM API — Policies
description: 'Amazon IAM API — Policies. 7 operations. Lead operation: Amazon IAM Attach a Managed Policy to a Role. Self-contained
Naftiko capability covering one Amazon Iam business surface.'
tags:
- Amazon Iam
- Policies
created: '2026-05-19'
modified: '2026-05-19'
binds:
- namespace: env
keys:
AMAZON_IAM_API_KEY: AMAZON_IAM_API_KEY
capability:
consumes:
- type: http
namespace: amazon-iam-policies
baseUri: https://iam.amazonaws.com
description: Amazon IAM API — Policies business capability. Self-contained, no shared references.
resources:
- name: ?Action=AttachRolePolicy
path: /?Action=AttachRolePolicy
operations:
- name: attachrolepolicy
method: GET
description: Amazon IAM Attach a Managed Policy to a Role
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: Action
in: query
type: string
required: true
- name: Version
in: query
type: string
required: true
- name: RoleName
in: query
type: string
description: The name of the role to attach the policy to.
required: true
- name: PolicyArn
in: query
type: string
description: The ARN of the managed policy to attach.
required: true
- name: ?Action=AttachUserPolicy
path: /?Action=AttachUserPolicy
operations:
- name: attachuserpolicy
method: GET
description: Amazon IAM Attach a Managed Policy to a User
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: Action
in: query
type: string
required: true
- name: Version
in: query
type: string
required: true
- name: UserName
in: query
type: string
description: The name of the IAM user to attach the policy to.
required: true
- name: PolicyArn
in: query
type: string
description: The ARN of the managed policy to attach.
required: true
- name: ?Action=CreatePolicy
path: /?Action=CreatePolicy
operations:
- name: createpolicy
method: GET
description: Amazon IAM Create a New IAM Policy
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: Action
in: query
type: string
required: true
- name: Version
in: query
type: string
required: true
- name: PolicyName
in: query
type: string
description: The name of the policy to create.
required: true
- name: PolicyDocument
in: query
type: string
description: The JSON policy document.
required: true
- name: Path
in: query
type: string
description: The path for the policy.
- name: Description
in: query
type: string
description: A description of the policy.
- name: ?Action=DetachRolePolicy
path: /?Action=DetachRolePolicy
operations:
- name: detachrolepolicy
method: GET
description: Amazon IAM Detach a Managed Policy from a Role
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: Action
in: query
type: string
required: true
- name: Version
in: query
type: string
required: true
- name: RoleName
in: query
type: string
description: The name of the role to detach the policy from.
required: true
- name: PolicyArn
in: query
type: string
description: The ARN of the managed policy to detach.
required: true
- name: ?Action=DetachUserPolicy
path: /?Action=DetachUserPolicy
operations:
- name: detachuserpolicy
method: GET
description: Amazon IAM Detach a Managed Policy from a User
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: Action
in: query
type: string
required: true
- name: Version
in: query
type: string
required: true
- name: UserName
in: query
type: string
description: The name of the IAM user to detach the policy from.
required: true
- name: PolicyArn
in: query
type: string
description: The ARN of the managed policy to detach.
required: true
- name: ?Action=GetPolicy
path: /?Action=GetPolicy
operations:
- name: getpolicy
method: GET
description: Amazon IAM Get Information About an IAM Policy
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: Action
in: query
type: string
required: true
- name: Version
in: query
type: string
required: true
- name: PolicyArn
in: query
type: string
description: The ARN of the policy to retrieve.
required: true
- name: ?Action=ListPolicies
path: /?Action=ListPolicies
operations:
- name: listpolicies
method: GET
description: Amazon IAM List IAM Policies
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: Action
in: query
type: string
required: true
- name: Version
in: query
type: string
required: true
- name: Scope
in: query
type: string
description: Filter by scope (All, AWS, or Local).
- name: OnlyAttached
in: query
type: boolean
description: Filter to only attached policies.
- name: PathPrefix
in: query
type: string
- name: Marker
in: query
type: string
- name: MaxItems
in: query
type: integer
authentication:
type: apikey
key: Authorization
value: '{{env.AMAZON_IAM_API_KEY}}'
placement: header
exposes:
- type: rest
namespace: amazon-iam-policies-rest
port: 8080
description: REST adapter for Amazon IAM API — Policies. One Spectral-compliant resource per consumed operation, prefixed
with /v1.
resources:
- path: /v1/action-attachrolepolicy
name: action-attachrolepolicy
description: REST surface for ?Action=AttachRolePolicy.
operations:
- method: GET
name: attachrolepolicy
description: Amazon IAM Attach a Managed Policy to a Role
call: amazon-iam-policies.attachrolepolicy
with:
Action: rest.Action
Version: rest.Version
RoleName: rest.RoleName
PolicyArn: rest.PolicyArn
outputParameters:
- type: object
mapping: $.
- path: /v1/action-attachuserpolicy
name: action-attachuserpolicy
description: REST surface for ?Action=AttachUserPolicy.
operations:
- method: GET
name: attachuserpolicy
description: Amazon IAM Attach a Managed Policy to a User
call: amazon-iam-policies.attachuserpolicy
with:
Action: rest.Action
Version: rest.Version
UserName: rest.UserName
PolicyArn: rest.PolicyArn
outputParameters:
- type: object
mapping: $.
- path: /v1/action-createpolicy
name: action-createpolicy
description: REST surface for ?Action=CreatePolicy.
operations:
- method: GET
name: createpolicy
description: Amazon IAM Create a New IAM Policy
call: amazon-iam-policies.createpolicy
with:
Action: rest.Action
Version: rest.Version
PolicyName: rest.PolicyName
PolicyDocument: rest.PolicyDocument
Path: rest.Path
Description: rest.Description
outputParameters:
- type: object
mapping: $.
- path: /v1/action-detachrolepolicy
name: action-detachrolepolicy
description: REST surface for ?Action=DetachRolePolicy.
operations:
- method: GET
name: detachrolepolicy
description: Amazon IAM Detach a Managed Policy from a Role
call: amazon-iam-policies.detachrolepolicy
with:
Action: rest.Action
Version: rest.Version
RoleName: rest.RoleName
PolicyArn: rest.PolicyArn
outputParameters:
- type: object
mapping: $.
- path: /v1/action-detachuserpolicy
name: action-detachuserpolicy
description: REST surface for ?Action=DetachUserPolicy.
operations:
- method: GET
name: detachuserpolicy
description: Amazon IAM Detach a Managed Policy from a User
call: amazon-iam-policies.detachuserpolicy
with:
Action: rest.Action
Version: rest.Version
UserName: rest.UserName
PolicyArn: rest.PolicyArn
outputParameters:
- type: object
mapping: $.
- path: /v1/action-getpolicy
name: action-getpolicy
description: REST surface for ?Action=GetPolicy.
operations:
- method: GET
name: getpolicy
description: Amazon IAM Get Information About an IAM Policy
call: amazon-iam-policies.getpolicy
with:
Action: rest.Action
Version: rest.Version
PolicyArn: rest.PolicyArn
outputParameters:
- type: object
mapping: $.
- path: /v1/action-listpolicies
name: action-listpolicies
description: REST surface for ?Action=ListPolicies.
operations:
- method: GET
name: listpolicies
description: Amazon IAM List IAM Policies
call: amazon-iam-policies.listpolicies
with:
Action: rest.Action
Version: rest.Version
Scope: rest.Scope
OnlyAttached: rest.OnlyAttached
PathPrefix: rest.PathPrefix
Marker: rest.Marker
MaxItems: rest.MaxItems
outputParameters:
- type: object
mapping: $.
- type: mcp
namespace: amazon-iam-policies-mcp
port: 9090
transport: http
description: MCP adapter for Amazon IAM API — Policies. One tool per consumed operation, routed inline through this capability's
consumes block.
tools:
- name: amazon-iam-attach-managed-policy
description: Amazon IAM Attach a Managed Policy to a Role
hints:
readOnly: true
destructive: false
idempotent: true
call: amazon-iam-policies.attachrolepolicy
with:
Action: tools.Action
Version: tools.Version
RoleName: tools.RoleName
PolicyArn: tools.PolicyArn
outputParameters:
- type: object
mapping: $.
- name: amazon-iam-attach-managed-policy-2
description: Amazon IAM Attach a Managed Policy to a User
hints:
readOnly: true
destructive: false
idempotent: true
call: amazon-iam-policies.attachuserpolicy
with:
Action: tools.Action
Version: tools.Version
UserName: tools.UserName
PolicyArn: tools.PolicyArn
outputParameters:
- type: object
mapping: $.
- name: amazon-iam-create-new-iam
description: Amazon IAM Create a New IAM Policy
hints:
readOnly: true
destructive: false
idempotent: true
call: amazon-iam-policies.createpolicy
with:
Action: tools.Action
Version: tools.Version
PolicyName: tools.PolicyName
PolicyDocument: tools.PolicyDocument
Path: tools.Path
Description: tools.Description
outputParameters:
- type: object
mapping: $.
- name: amazon-iam-detach-managed-policy
description: Amazon IAM Detach a Managed Policy from a Role
hints:
readOnly: true
destructive: false
idempotent: true
call: amazon-iam-policies.detachrolepolicy
with:
Action: tools.Action
Version: tools.Version
RoleName: tools.RoleName
PolicyArn: tools.PolicyArn
outputParameters:
- type: object
mapping: $.
- name: amazon-iam-detach-managed-policy-2
description: Amazon IAM Detach a Managed Policy from a User
hints:
readOnly: true
destructive: false
idempotent: true
call: amazon-iam-policies.detachuserpolicy
with:
Action: tools.Action
Version: tools.Version
UserName: tools.UserName
PolicyArn: tools.PolicyArn
outputParameters:
- type: object
mapping: $.
- name: amazon-iam-get-information-about
description: Amazon IAM Get Information About an IAM Policy
hints:
readOnly: true
destructive: false
idempotent: true
call: amazon-iam-policies.getpolicy
with:
Action: tools.Action
Version: tools.Version
PolicyArn: tools.PolicyArn
outputParameters:
- type: object
mapping: $.
- name: amazon-iam-list-iam-policies
description: Amazon IAM List IAM Policies
hints:
readOnly: true
destructive: false
idempotent: true
call: amazon-iam-policies.listpolicies
with:
Action: tools.Action
Version: tools.Version
Scope: tools.Scope
OnlyAttached: tools.OnlyAttached
PathPrefix: tools.PathPrefix
Marker: tools.Marker
MaxItems: tools.MaxItems
outputParameters:
- type: object
mapping: $.