user.permissionsBoundary returns NULL while retrieving information from AWS using Java SDK


I am using AWS Java SDK v2 to list users using the code defined here on the AWS GitHub repo.

 public static void listAllUsers(IamClient iam) {

    try {
        boolean done = false;
        String newMarker = null;

        while (!done) {
            ListUsersResponse response;

            ListUsersRequest request;
            if (newMarker == null) {
                request = ListUsersRequest.builder().build();
            } else {
                request = ListUsersRequest.builder()

            response = iam.listUsers(request);

            for (User user : response.users()) {
                System.out.format("\n Retrieved user %s", user.userName());
                System.out.println("\nPermission Boundary: " + user.permissionsBoundary());

            if (!response.isTruncated()) {
                done = true;
            } else {
                newMarker = response.marker();
    } catch (IamException e) {

It returns NULL for user.permissionsBoundary(). Here is the output for print statements in the above code.

 Retrieved user jamshaid
Permission Boundary: null

 Retrieved user luminadmin
Permission Boundary: null

 Retrieved user test
Permission Boundary: null

When I run the following command in AWS CloudShell on AWS console, it returns the PermissionBoundary for the users it is defined.

aws iam get-user --user-name test     

Here is the sample output from AWS CloudShell.
console output
I am using the same account to make both requests.


I do not think it is an issue, but the programmed behavior. From the API docs:

IAM resource-listing operations return a subset of the available attributes for the resource. For example, this operation does not return tags, even though they are an attribute of the returned object. To view all of the information for a user, see GetUser.

This is stated as well in the API javadocs.

In the console you are using get-user, not list-users, and this is why the command is returning all the information about the user, PermissionsBoundary within it.

Please, try instead using:

aws iam list-users

and check the output, it should match the result you obtained with the Java SDK, it will not contain PermissionsBoundary either.

If you want to obtain the same results that you are currently getting with the command aws iam get-user --user-name test from Java code, you can use the getUser method in IamClient. Try Something like:

GetUserRequest request = GetUserRequest.builder()

GetUserResponse response = iam.getUser(request);
User user = response.user();
System.out.println("\nPermission Boundary: " + user.permissionsBoundary());

The User class is reused in both operations, get and list, but only in the former all the fields are populated.

Collected from the Internet

Please contact [email protected] to delete if infringement.

edited at


Login to comment


TOP Ranking