I want to create an IAM policy and attach it to some IAM role using AWS command-line interface.
Creating a policy is quite simple:
aws iam create-policy --policy-name "${policy_name}" --policy-document file://policy.json
But to attach the newly created policy to the target role I must know the ARN of the policy:
aws iam attach-role-policy --role-name "${role_name}" --policy-arn "${policy_arn}"
What is the correct way to retrieve ARN of the newly created policy?
Right now I'm constructing policy_arn myself using policy_name and the account_id:
policy_arn=arn:aws:iam::"${account_id}":policy/"${policy_name}"
This is how I retrieve the account_id:
account_id=$(aws ec2 describe-security-groups --query 'SecurityGroups[0].OwnerId' --output text)
However, this feels quite hacky.
Is there a better way to find out ARN of the created policy?