aws-sdk-iam 1.10.0 → 1.11.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 958c05c1bb1e37c89e695adcb92742fd0843f35e
4
- data.tar.gz: fe856b8258a9b93b9a92475fed11fbf7ad78df54
3
+ metadata.gz: 4744dfe1bca94b95032f113163089b81706e426e
4
+ data.tar.gz: ff31885be187936a36f8dba1bf86eef03fc389b9
5
5
  SHA512:
6
- metadata.gz: 3d7ab49b1b198bc7481b836abc925616864a1adce6953a338c35fbd222edd3a69c02e5839fefed2bb0c4dfca0408f86896e59a5a2a4ffd24be0d92aa32de0404
7
- data.tar.gz: 6702568b6971f9128c420f3dae8e11cbcde6449d0aea366e1a98b0239b90bf3783bda47cfc09709fa1d2ad8a406b1302c7d3a209e198ba456f9c3b5687c6de66
6
+ metadata.gz: 2000feb782df8cf6a6c0b24a144a49c8ed9574d18650bde44cd5bc21ba7020da743e0728ad0561bc6092ec4555e139da9a8b65f1ffd1cd9eb9defd76f78223c1
7
+ data.tar.gz: d3511f784ab7b8b0d06839660fd106ab3537ba9513bd9ebc3051ed0ed970cb19484eef131789975196bac4fdc9c3e2b1bb16540a696aa916c0f37132ede687a7
@@ -64,6 +64,6 @@ require_relative 'aws-sdk-iam/customizations'
64
64
  # @service
65
65
  module Aws::IAM
66
66
 
67
- GEM_VERSION = '1.10.0'
67
+ GEM_VERSION = '1.11.0'
68
68
 
69
69
  end
@@ -15,6 +15,7 @@ require 'aws-sdk-core/plugins/helpful_socket_errors.rb'
15
15
  require 'aws-sdk-core/plugins/retry_errors.rb'
16
16
  require 'aws-sdk-core/plugins/global_configuration.rb'
17
17
  require 'aws-sdk-core/plugins/regional_endpoint.rb'
18
+ require 'aws-sdk-core/plugins/endpoint_discovery.rb'
18
19
  require 'aws-sdk-core/plugins/response_paging.rb'
19
20
  require 'aws-sdk-core/plugins/stub_responses.rb'
20
21
  require 'aws-sdk-core/plugins/idempotency_token.rb'
@@ -45,6 +46,7 @@ module Aws::IAM
45
46
  add_plugin(Aws::Plugins::RetryErrors)
46
47
  add_plugin(Aws::Plugins::GlobalConfiguration)
47
48
  add_plugin(Aws::Plugins::RegionalEndpoint)
49
+ add_plugin(Aws::Plugins::EndpointDiscovery)
48
50
  add_plugin(Aws::Plugins::ResponsePaging)
49
51
  add_plugin(Aws::Plugins::StubResponses)
50
52
  add_plugin(Aws::Plugins::IdempotencyToken)
@@ -98,6 +100,10 @@ module Aws::IAM
98
100
  #
99
101
  # @option options [String] :access_key_id
100
102
  #
103
+ # @option options [Boolean] :active_endpoint_cache (false)
104
+ # When set to `true`, a thread polling for endpoints will be running in
105
+ # the background every 60 secs (default). Defaults to `false`.
106
+ #
101
107
  # @option options [Boolean] :client_side_monitoring (false)
102
108
  # When `true`, client-side metrics will be collected for all API requests from
103
109
  # this client.
@@ -123,6 +129,21 @@ module Aws::IAM
123
129
  # option. You should only configure an `:endpoint` when connecting
124
130
  # to test endpoints. This should be avalid HTTP(S) URI.
125
131
  #
132
+ # @option options [Integer] :endpoint_cache_max_entries (1000)
133
+ # Used for the maximum size limit of the LRU cache storing endpoints data
134
+ # for endpoint discovery enabled operations. Defaults to 1000.
135
+ #
136
+ # @option options [Integer] :endpoint_cache_max_threads (10)
137
+ # Used for the maximum threads in use for polling endpoints to be cached, defaults to 10.
138
+ #
139
+ # @option options [Integer] :endpoint_cache_poll_interval (60)
140
+ # When :endpoint_discovery and :active_endpoint_cache is enabled,
141
+ # Use this option to config the time interval in seconds for making
142
+ # requests fetching endpoints information. Defaults to 60 sec.
143
+ #
144
+ # @option options [Boolean] :endpoint_discovery (false)
145
+ # When set to `true`, endpoint discovery will be enabled for operations when available. Defaults to `false`.
146
+ #
126
147
  # @option options [Aws::Log::Formatter] :log_formatter (Aws::Log::Formatter.default)
127
148
  # The log formatter.
128
149
  #
@@ -920,6 +941,9 @@ module Aws::IAM
920
941
  # resp.instance_profile.roles[0].create_date #=> Time
921
942
  # resp.instance_profile.roles[0].assume_role_policy_document #=> String
922
943
  # resp.instance_profile.roles[0].description #=> String
944
+ # resp.instance_profile.roles[0].tags #=> Array
945
+ # resp.instance_profile.roles[0].tags[0].key #=> String
946
+ # resp.instance_profile.roles[0].tags[0].value #=> String
923
947
  # resp.instance_profile.roles[0].max_session_duration #=> Integer
924
948
  # resp.instance_profile.roles[0].permissions_boundary.permissions_boundary_type #=> String, one of "PermissionsBoundaryPolicy"
925
949
  # resp.instance_profile.roles[0].permissions_boundary.permissions_boundary_arn #=> String
@@ -1424,6 +1448,22 @@ module Aws::IAM
1424
1448
  # @option params [String] :description
1425
1449
  # A description of the role.
1426
1450
  #
1451
+ # @option params [Array<Types::Tag>] :tags
1452
+ # A list of tags that you want to attach to the newly created role. Each
1453
+ # tag consists of a key name and an associated value. For more
1454
+ # information about tagging, see [Tagging IAM Identities][1] in the *IAM
1455
+ # User Guide*.
1456
+ #
1457
+ # <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed number
1458
+ # of tags per role, then the entire request fails and the role is not
1459
+ # created.
1460
+ #
1461
+ # </note>
1462
+ #
1463
+ #
1464
+ #
1465
+ # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
1466
+ #
1427
1467
  # @option params [Integer] :max_session_duration
1428
1468
  # The maximum session duration (in seconds) that you want to set for the
1429
1469
  # specified role. If you do not specify a value for this setting, the
@@ -1484,6 +1524,12 @@ module Aws::IAM
1484
1524
  # role_name: "roleNameType", # required
1485
1525
  # assume_role_policy_document: "policyDocumentType", # required
1486
1526
  # description: "roleDescriptionType",
1527
+ # tags: [
1528
+ # {
1529
+ # key: "tagKeyType", # required
1530
+ # value: "tagValueType", # required
1531
+ # },
1532
+ # ],
1487
1533
  # max_session_duration: 1,
1488
1534
  # permissions_boundary: "arnType",
1489
1535
  # })
@@ -1497,6 +1543,9 @@ module Aws::IAM
1497
1543
  # resp.role.create_date #=> Time
1498
1544
  # resp.role.assume_role_policy_document #=> String
1499
1545
  # resp.role.description #=> String
1546
+ # resp.role.tags #=> Array
1547
+ # resp.role.tags[0].key #=> String
1548
+ # resp.role.tags[0].value #=> String
1500
1549
  # resp.role.max_session_duration #=> Integer
1501
1550
  # resp.role.permissions_boundary.permissions_boundary_type #=> String, one of "PermissionsBoundaryPolicy"
1502
1551
  # resp.role.permissions_boundary.permissions_boundary_arn #=> String
@@ -1598,30 +1647,45 @@ module Aws::IAM
1598
1647
  # unexpectedly changed or deleted role, which could put your AWS
1599
1648
  # resources into an unknown state. Allowing the service to control the
1600
1649
  # role helps improve service stability and proper cleanup when a service
1601
- # and its role are no longer needed.
1602
- #
1603
- # The name of the role is generated by combining the string that you
1604
- # specify for the `AWSServiceName` parameter with the string that you
1605
- # specify for the `CustomSuffix` parameter. The resulting name must be
1606
- # unique in your account or the request fails.
1650
+ # and its role are no longer needed. For more information, see [Using
1651
+ # Service-Linked Roles][1] in the *IAM User Guide*.
1607
1652
  #
1608
1653
  # To attach a policy to this service-linked role, you must make the
1609
1654
  # request using the AWS service that depends on this role.
1610
1655
  #
1656
+ #
1657
+ #
1658
+ # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/using-service-linked-roles.html
1659
+ #
1611
1660
  # @option params [required, String] :aws_service_name
1612
- # The AWS service to which this role is attached. You use a string
1613
- # similar to a URL but without the http:// in front. For example:
1614
- # `elasticbeanstalk.amazonaws.com`
1661
+ # The service principal for the AWS service to which this role is
1662
+ # attached. You use a string similar to a URL but without the http:// in
1663
+ # front. For example: `elasticbeanstalk.amazonaws.com`.
1664
+ #
1665
+ # Service principals are unique and case-sensitive. To find the exact
1666
+ # service principal for your service-linked role, see [AWS Services That
1667
+ # Work with IAM][1] in the *IAM User Guide* and look for the services
1668
+ # that have <b>Yes </b>in the **Service-Linked Role** column. Choose the
1669
+ # **Yes** link to view the service-linked role documentation for that
1670
+ # service.
1671
+ #
1672
+ #
1673
+ #
1674
+ # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-services-that-work-with-iam.html
1615
1675
  #
1616
1676
  # @option params [String] :description
1617
1677
  # The description of the role.
1618
1678
  #
1619
1679
  # @option params [String] :custom_suffix
1620
- # A string that you provide, which is combined with the service name to
1621
- # form the complete role name. If you make multiple requests for the
1622
- # same service, then you must supply a different `CustomSuffix` for each
1623
- # request. Otherwise the request fails with a duplicate role name error.
1624
- # For example, you could add `-1` or `-debug` to the suffix.
1680
+ # A string that you provide, which is combined with the service-provided
1681
+ # prefix to form the complete role name. If you make multiple requests
1682
+ # for the same service, then you must supply a different `CustomSuffix`
1683
+ # for each request. Otherwise the request fails with a duplicate role
1684
+ # name error. For example, you could add `-1` or `-debug` to the suffix.
1685
+ #
1686
+ # Some services do not support the `CustomSuffix` parameter. If you
1687
+ # provide an optional suffix and the operation fails, try the operation
1688
+ # again without the suffix.
1625
1689
  #
1626
1690
  # @return [Types::CreateServiceLinkedRoleResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1627
1691
  #
@@ -1644,6 +1708,9 @@ module Aws::IAM
1644
1708
  # resp.role.create_date #=> Time
1645
1709
  # resp.role.assume_role_policy_document #=> String
1646
1710
  # resp.role.description #=> String
1711
+ # resp.role.tags #=> Array
1712
+ # resp.role.tags[0].key #=> String
1713
+ # resp.role.tags[0].value #=> String
1647
1714
  # resp.role.max_session_duration #=> Integer
1648
1715
  # resp.role.permissions_boundary.permissions_boundary_type #=> String, one of "PermissionsBoundaryPolicy"
1649
1716
  # resp.role.permissions_boundary.permissions_boundary_arn #=> String
@@ -1769,6 +1836,22 @@ module Aws::IAM
1769
1836
  #
1770
1837
  # [1]: http://wikipedia.org/wiki/regex
1771
1838
  #
1839
+ # @option params [Array<Types::Tag>] :tags
1840
+ # A list of tags that you want to attach to the newly created user. Each
1841
+ # tag consists of a key name and an associated value. For more
1842
+ # information about tagging, see [Tagging IAM Identities][1] in the *IAM
1843
+ # User Guide*.
1844
+ #
1845
+ # <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed number
1846
+ # of tags per user, then the entire request fails and the user is not
1847
+ # created.
1848
+ #
1849
+ # </note>
1850
+ #
1851
+ #
1852
+ #
1853
+ # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
1854
+ #
1772
1855
  # @option params [String] :permissions_boundary
1773
1856
  # The ARN of the policy that is used to set the permissions boundary for
1774
1857
  # the user.
@@ -1802,6 +1885,12 @@ module Aws::IAM
1802
1885
  # resp = client.create_user({
1803
1886
  # path: "pathType",
1804
1887
  # user_name: "userNameType", # required
1888
+ # tags: [
1889
+ # {
1890
+ # key: "tagKeyType", # required
1891
+ # value: "tagValueType", # required
1892
+ # },
1893
+ # ],
1805
1894
  # permissions_boundary: "arnType",
1806
1895
  # })
1807
1896
  #
@@ -1813,6 +1902,9 @@ module Aws::IAM
1813
1902
  # resp.user.arn #=> String
1814
1903
  # resp.user.create_date #=> Time
1815
1904
  # resp.user.password_last_used #=> Time
1905
+ # resp.user.tags #=> Array
1906
+ # resp.user.tags[0].key #=> String
1907
+ # resp.user.tags[0].value #=> String
1816
1908
  # resp.user.permissions_boundary.permissions_boundary_type #=> String, one of "PermissionsBoundaryPolicy"
1817
1909
  # resp.user.permissions_boundary.permissions_boundary_arn #=> String
1818
1910
  #
@@ -1899,6 +1991,9 @@ module Aws::IAM
1899
1991
  # resp.virtual_mfa_device.user.arn #=> String
1900
1992
  # resp.virtual_mfa_device.user.create_date #=> Time
1901
1993
  # resp.virtual_mfa_device.user.password_last_used #=> Time
1994
+ # resp.virtual_mfa_device.user.tags #=> Array
1995
+ # resp.virtual_mfa_device.user.tags[0].key #=> String
1996
+ # resp.virtual_mfa_device.user.tags[0].value #=> String
1902
1997
  # resp.virtual_mfa_device.user.permissions_boundary.permissions_boundary_type #=> String, one of "PermissionsBoundaryPolicy"
1903
1998
  # resp.virtual_mfa_device.user.permissions_boundary.permissions_boundary_arn #=> String
1904
1999
  # resp.virtual_mfa_device.enable_date #=> Time
@@ -3447,6 +3542,9 @@ module Aws::IAM
3447
3542
  # resp.user_detail_list[0].attached_managed_policies #=> Array
3448
3543
  # resp.user_detail_list[0].attached_managed_policies[0].policy_name #=> String
3449
3544
  # resp.user_detail_list[0].attached_managed_policies[0].policy_arn #=> String
3545
+ # resp.user_detail_list[0].tags #=> Array
3546
+ # resp.user_detail_list[0].tags[0].key #=> String
3547
+ # resp.user_detail_list[0].tags[0].value #=> String
3450
3548
  # resp.user_detail_list[0].permissions_boundary.permissions_boundary_type #=> String, one of "PermissionsBoundaryPolicy"
3451
3549
  # resp.user_detail_list[0].permissions_boundary.permissions_boundary_arn #=> String
3452
3550
  # resp.group_detail_list #=> Array
@@ -3482,6 +3580,9 @@ module Aws::IAM
3482
3580
  # resp.role_detail_list[0].instance_profile_list[0].roles[0].create_date #=> Time
3483
3581
  # resp.role_detail_list[0].instance_profile_list[0].roles[0].assume_role_policy_document #=> String
3484
3582
  # resp.role_detail_list[0].instance_profile_list[0].roles[0].description #=> String
3583
+ # resp.role_detail_list[0].instance_profile_list[0].roles[0].tags #=> Array
3584
+ # resp.role_detail_list[0].instance_profile_list[0].roles[0].tags[0].key #=> String
3585
+ # resp.role_detail_list[0].instance_profile_list[0].roles[0].tags[0].value #=> String
3485
3586
  # resp.role_detail_list[0].instance_profile_list[0].roles[0].max_session_duration #=> Integer
3486
3587
  # resp.role_detail_list[0].instance_profile_list[0].roles[0].permissions_boundary.permissions_boundary_type #=> String, one of "PermissionsBoundaryPolicy"
3487
3588
  # resp.role_detail_list[0].instance_profile_list[0].roles[0].permissions_boundary.permissions_boundary_arn #=> String
@@ -3491,6 +3592,9 @@ module Aws::IAM
3491
3592
  # resp.role_detail_list[0].attached_managed_policies #=> Array
3492
3593
  # resp.role_detail_list[0].attached_managed_policies[0].policy_name #=> String
3493
3594
  # resp.role_detail_list[0].attached_managed_policies[0].policy_arn #=> String
3595
+ # resp.role_detail_list[0].tags #=> Array
3596
+ # resp.role_detail_list[0].tags[0].key #=> String
3597
+ # resp.role_detail_list[0].tags[0].value #=> String
3494
3598
  # resp.role_detail_list[0].permissions_boundary.permissions_boundary_type #=> String, one of "PermissionsBoundaryPolicy"
3495
3599
  # resp.role_detail_list[0].permissions_boundary.permissions_boundary_arn #=> String
3496
3600
  # resp.policies #=> Array
@@ -3880,6 +3984,9 @@ module Aws::IAM
3880
3984
  # resp.users[0].arn #=> String
3881
3985
  # resp.users[0].create_date #=> Time
3882
3986
  # resp.users[0].password_last_used #=> Time
3987
+ # resp.users[0].tags #=> Array
3988
+ # resp.users[0].tags[0].key #=> String
3989
+ # resp.users[0].tags[0].value #=> String
3883
3990
  # resp.users[0].permissions_boundary.permissions_boundary_type #=> String, one of "PermissionsBoundaryPolicy"
3884
3991
  # resp.users[0].permissions_boundary.permissions_boundary_arn #=> String
3885
3992
  # resp.is_truncated #=> Boolean
@@ -4046,6 +4153,9 @@ module Aws::IAM
4046
4153
  # resp.instance_profile.roles[0].create_date #=> Time
4047
4154
  # resp.instance_profile.roles[0].assume_role_policy_document #=> String
4048
4155
  # resp.instance_profile.roles[0].description #=> String
4156
+ # resp.instance_profile.roles[0].tags #=> Array
4157
+ # resp.instance_profile.roles[0].tags[0].key #=> String
4158
+ # resp.instance_profile.roles[0].tags[0].value #=> String
4049
4159
  # resp.instance_profile.roles[0].max_session_duration #=> Integer
4050
4160
  # resp.instance_profile.roles[0].permissions_boundary.permissions_boundary_type #=> String, one of "PermissionsBoundaryPolicy"
4051
4161
  # resp.instance_profile.roles[0].permissions_boundary.permissions_boundary_arn #=> String
@@ -4376,6 +4486,9 @@ module Aws::IAM
4376
4486
  # resp.role.create_date #=> Time
4377
4487
  # resp.role.assume_role_policy_document #=> String
4378
4488
  # resp.role.description #=> String
4489
+ # resp.role.tags #=> Array
4490
+ # resp.role.tags[0].key #=> String
4491
+ # resp.role.tags[0].value #=> String
4379
4492
  # resp.role.max_session_duration #=> Integer
4380
4493
  # resp.role.permissions_boundary.permissions_boundary_type #=> String, one of "PermissionsBoundaryPolicy"
4381
4494
  # resp.role.permissions_boundary.permissions_boundary_arn #=> String
@@ -4743,6 +4856,9 @@ module Aws::IAM
4743
4856
  # resp.user.arn #=> String
4744
4857
  # resp.user.create_date #=> Time
4745
4858
  # resp.user.password_last_used #=> Time
4859
+ # resp.user.tags #=> Array
4860
+ # resp.user.tags[0].key #=> String
4861
+ # resp.user.tags[0].value #=> String
4746
4862
  # resp.user.permissions_boundary.permissions_boundary_type #=> String, one of "PermissionsBoundaryPolicy"
4747
4863
  # resp.user.permissions_boundary.permissions_boundary_arn #=> String
4748
4864
  #
@@ -5795,6 +5911,9 @@ module Aws::IAM
5795
5911
  # resp.instance_profiles[0].roles[0].create_date #=> Time
5796
5912
  # resp.instance_profiles[0].roles[0].assume_role_policy_document #=> String
5797
5913
  # resp.instance_profiles[0].roles[0].description #=> String
5914
+ # resp.instance_profiles[0].roles[0].tags #=> Array
5915
+ # resp.instance_profiles[0].roles[0].tags[0].key #=> String
5916
+ # resp.instance_profiles[0].roles[0].tags[0].value #=> String
5798
5917
  # resp.instance_profiles[0].roles[0].max_session_duration #=> Integer
5799
5918
  # resp.instance_profiles[0].roles[0].permissions_boundary.permissions_boundary_type #=> String, one of "PermissionsBoundaryPolicy"
5800
5919
  # resp.instance_profiles[0].roles[0].permissions_boundary.permissions_boundary_arn #=> String
@@ -5882,6 +6001,9 @@ module Aws::IAM
5882
6001
  # resp.instance_profiles[0].roles[0].create_date #=> Time
5883
6002
  # resp.instance_profiles[0].roles[0].assume_role_policy_document #=> String
5884
6003
  # resp.instance_profiles[0].roles[0].description #=> String
6004
+ # resp.instance_profiles[0].roles[0].tags #=> Array
6005
+ # resp.instance_profiles[0].roles[0].tags[0].key #=> String
6006
+ # resp.instance_profiles[0].roles[0].tags[0].value #=> String
5885
6007
  # resp.instance_profiles[0].roles[0].max_session_duration #=> Integer
5886
6008
  # resp.instance_profiles[0].roles[0].permissions_boundary.permissions_boundary_type #=> String, one of "PermissionsBoundaryPolicy"
5887
6009
  # resp.instance_profiles[0].roles[0].permissions_boundary.permissions_boundary_arn #=> String
@@ -6262,6 +6384,99 @@ module Aws::IAM
6262
6384
  req.send_request(options)
6263
6385
  end
6264
6386
 
6387
+ # Lists the tags that are attached to the specified role. The returned
6388
+ # list of tags is sorted by tag key. For more information about tagging,
6389
+ # see [Tagging IAM Identities][1] in the *IAM User Guide*.
6390
+ #
6391
+ #
6392
+ #
6393
+ # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
6394
+ #
6395
+ # @option params [required, String] :role_name
6396
+ # The name of the IAM role for which you want to see the list of tags.
6397
+ #
6398
+ # This parameter accepts (through its [regex pattern][1]) a string of
6399
+ # characters that consist of upper and lowercase alphanumeric characters
6400
+ # with no spaces. You can also include any of the following characters:
6401
+ # \_+=,.@-
6402
+ #
6403
+ #
6404
+ #
6405
+ # [1]: http://wikipedia.org/wiki/regex
6406
+ #
6407
+ # @option params [String] :marker
6408
+ # Use this parameter only when paginating results and only after you
6409
+ # receive a response indicating that the results are truncated. Set it
6410
+ # to the value of the `Marker` element in the response to indicate where
6411
+ # the next call should start.
6412
+ #
6413
+ # @option params [Integer] :max_items
6414
+ # (Optional) Use this only when paginating results to indicate the
6415
+ # maximum number of items that you want in the response. If additional
6416
+ # items exist beyond the maximum that you specify, the `IsTruncated`
6417
+ # response element is `true`.
6418
+ #
6419
+ # If you do not include this parameter, it defaults to 100. Note that
6420
+ # IAM might return fewer results, even when more results are available.
6421
+ # In that case, the `IsTruncated` response element returns `true`, and
6422
+ # `Marker` contains a value to include in the subsequent call that tells
6423
+ # the service where to continue from.
6424
+ #
6425
+ # @return [Types::ListRoleTagsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
6426
+ #
6427
+ # * {Types::ListRoleTagsResponse#tags #tags} => Array&lt;Types::Tag&gt;
6428
+ # * {Types::ListRoleTagsResponse#is_truncated #is_truncated} => Boolean
6429
+ # * {Types::ListRoleTagsResponse#marker #marker} => String
6430
+ #
6431
+ #
6432
+ # @example Example: To list the tags attached to an IAM role
6433
+ #
6434
+ # # The following example shows how to list the tags attached to a role.
6435
+ #
6436
+ # resp = client.list_role_tags({
6437
+ # role_name: "taggedrole1",
6438
+ # })
6439
+ #
6440
+ # resp.to_h outputs the following:
6441
+ # {
6442
+ # is_truncated: false,
6443
+ # tags: [
6444
+ # {
6445
+ # key: "Dept",
6446
+ # value: "12345",
6447
+ # },
6448
+ # {
6449
+ # key: "Team",
6450
+ # value: "Accounting",
6451
+ # },
6452
+ # ],
6453
+ # }
6454
+ #
6455
+ # @example Request syntax with placeholder values
6456
+ #
6457
+ # resp = client.list_role_tags({
6458
+ # role_name: "roleNameType", # required
6459
+ # marker: "markerType",
6460
+ # max_items: 1,
6461
+ # })
6462
+ #
6463
+ # @example Response structure
6464
+ #
6465
+ # resp.tags #=> Array
6466
+ # resp.tags[0].key #=> String
6467
+ # resp.tags[0].value #=> String
6468
+ # resp.is_truncated #=> Boolean
6469
+ # resp.marker #=> String
6470
+ #
6471
+ # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListRoleTags AWS API Documentation
6472
+ #
6473
+ # @overload list_role_tags(params = {})
6474
+ # @param [Hash] params ({})
6475
+ def list_role_tags(params = {}, options = {})
6476
+ req = build_request(:list_role_tags, params)
6477
+ req.send_request(options)
6478
+ end
6479
+
6265
6480
  # Lists the IAM roles that have the specified path prefix. If there are
6266
6481
  # none, the operation returns an empty list. For more information about
6267
6482
  # roles, go to [Working with Roles][1].
@@ -6332,6 +6547,9 @@ module Aws::IAM
6332
6547
  # resp.roles[0].create_date #=> Time
6333
6548
  # resp.roles[0].assume_role_policy_document #=> String
6334
6549
  # resp.roles[0].description #=> String
6550
+ # resp.roles[0].tags #=> Array
6551
+ # resp.roles[0].tags[0].key #=> String
6552
+ # resp.roles[0].tags[0].value #=> String
6335
6553
  # resp.roles[0].max_session_duration #=> Integer
6336
6554
  # resp.roles[0].permissions_boundary.permissions_boundary_type #=> String, one of "PermissionsBoundaryPolicy"
6337
6555
  # resp.roles[0].permissions_boundary.permissions_boundary_arn #=> String
@@ -6783,6 +7001,99 @@ module Aws::IAM
6783
7001
  req.send_request(options)
6784
7002
  end
6785
7003
 
7004
+ # Lists the tags that are attached to the specified user. The returned
7005
+ # list of tags is sorted by tag key. For more information about tagging,
7006
+ # see [Tagging IAM Identities][1] in the *IAM User Guide*.
7007
+ #
7008
+ #
7009
+ #
7010
+ # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
7011
+ #
7012
+ # @option params [required, String] :user_name
7013
+ # The name of the IAM user whose tags you want to see.
7014
+ #
7015
+ # This parameter accepts (through its [regex pattern][1]) a string of
7016
+ # characters that consist of upper and lowercase alphanumeric characters
7017
+ # with no spaces. You can also include any of the following characters:
7018
+ # =,.@-
7019
+ #
7020
+ #
7021
+ #
7022
+ # [1]: http://wikipedia.org/wiki/regex
7023
+ #
7024
+ # @option params [String] :marker
7025
+ # Use this parameter only when paginating results and only after you
7026
+ # receive a response indicating that the results are truncated. Set it
7027
+ # to the value of the `Marker` element in the response to indicate where
7028
+ # the next call should start.
7029
+ #
7030
+ # @option params [Integer] :max_items
7031
+ # (Optional) Use this only when paginating results to indicate the
7032
+ # maximum number of items that you want in the response. If additional
7033
+ # items exist beyond the maximum that you specify, the `IsTruncated`
7034
+ # response element is `true`.
7035
+ #
7036
+ # If you do not include this parameter, it defaults to 100. Note that
7037
+ # IAM might return fewer results, even when more results are available.
7038
+ # In that case, the `IsTruncated` response element returns `true`, and
7039
+ # `Marker` contains a value to include in the subsequent call that tells
7040
+ # the service where to continue from.
7041
+ #
7042
+ # @return [Types::ListUserTagsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
7043
+ #
7044
+ # * {Types::ListUserTagsResponse#tags #tags} => Array&lt;Types::Tag&gt;
7045
+ # * {Types::ListUserTagsResponse#is_truncated #is_truncated} => Boolean
7046
+ # * {Types::ListUserTagsResponse#marker #marker} => String
7047
+ #
7048
+ #
7049
+ # @example Example: To list the tags attached to an IAM user
7050
+ #
7051
+ # # The following example shows how to list the tags attached to a user.
7052
+ #
7053
+ # resp = client.list_user_tags({
7054
+ # user_name: "anika",
7055
+ # })
7056
+ #
7057
+ # resp.to_h outputs the following:
7058
+ # {
7059
+ # is_truncated: false,
7060
+ # tags: [
7061
+ # {
7062
+ # key: "Dept",
7063
+ # value: "12345",
7064
+ # },
7065
+ # {
7066
+ # key: "Team",
7067
+ # value: "Accounting",
7068
+ # },
7069
+ # ],
7070
+ # }
7071
+ #
7072
+ # @example Request syntax with placeholder values
7073
+ #
7074
+ # resp = client.list_user_tags({
7075
+ # user_name: "existingUserNameType", # required
7076
+ # marker: "markerType",
7077
+ # max_items: 1,
7078
+ # })
7079
+ #
7080
+ # @example Response structure
7081
+ #
7082
+ # resp.tags #=> Array
7083
+ # resp.tags[0].key #=> String
7084
+ # resp.tags[0].value #=> String
7085
+ # resp.is_truncated #=> Boolean
7086
+ # resp.marker #=> String
7087
+ #
7088
+ # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListUserTags AWS API Documentation
7089
+ #
7090
+ # @overload list_user_tags(params = {})
7091
+ # @param [Hash] params ({})
7092
+ def list_user_tags(params = {}, options = {})
7093
+ req = build_request(:list_user_tags, params)
7094
+ req.send_request(options)
7095
+ end
7096
+
6786
7097
  # Lists the IAM users that have the specified path prefix. If no path
6787
7098
  # prefix is specified, the operation returns all users in the AWS
6788
7099
  # account. If there are none, the operation returns an empty list.
@@ -6878,6 +7189,9 @@ module Aws::IAM
6878
7189
  # resp.users[0].arn #=> String
6879
7190
  # resp.users[0].create_date #=> Time
6880
7191
  # resp.users[0].password_last_used #=> Time
7192
+ # resp.users[0].tags #=> Array
7193
+ # resp.users[0].tags[0].key #=> String
7194
+ # resp.users[0].tags[0].value #=> String
6881
7195
  # resp.users[0].permissions_boundary.permissions_boundary_type #=> String, one of "PermissionsBoundaryPolicy"
6882
7196
  # resp.users[0].permissions_boundary.permissions_boundary_arn #=> String
6883
7197
  # resp.is_truncated #=> Boolean
@@ -6969,6 +7283,9 @@ module Aws::IAM
6969
7283
  # resp.virtual_mfa_devices[0].user.arn #=> String
6970
7284
  # resp.virtual_mfa_devices[0].user.create_date #=> Time
6971
7285
  # resp.virtual_mfa_devices[0].user.password_last_used #=> Time
7286
+ # resp.virtual_mfa_devices[0].user.tags #=> Array
7287
+ # resp.virtual_mfa_devices[0].user.tags[0].key #=> String
7288
+ # resp.virtual_mfa_devices[0].user.tags[0].value #=> String
6972
7289
  # resp.virtual_mfa_devices[0].user.permissions_boundary.permissions_boundary_type #=> String, one of "PermissionsBoundaryPolicy"
6973
7290
  # resp.virtual_mfa_devices[0].user.permissions_boundary.permissions_boundary_arn #=> String
6974
7291
  # resp.virtual_mfa_devices[0].enable_date #=> Time
@@ -8276,6 +8593,312 @@ module Aws::IAM
8276
8593
  req.send_request(options)
8277
8594
  end
8278
8595
 
8596
+ # Adds one or more tags to an IAM role. The role can be a regular role
8597
+ # or a service-linked role. If a tag with the same key name already
8598
+ # exists, then that tag is overwritten with the new value.
8599
+ #
8600
+ # A tag consists of a key name and an associated value. By assigning
8601
+ # tags to your resources, you can do the following:
8602
+ #
8603
+ # * **Administrative grouping and discovery** - Attach tags to resources
8604
+ # to aid in organization and search. For example, you could search for
8605
+ # all resources with the key name *Project* and the value
8606
+ # *MyImportantProject*. Or search for all resources with the key name
8607
+ # *Cost Center* and the value *41200*.
8608
+ #
8609
+ # * **Access control** - Reference tags in IAM user-based and
8610
+ # resource-based policies. You can use tags to restrict access to only
8611
+ # an IAM user or role that has a specified tag attached. You can also
8612
+ # restrict access to only those resources that have a certain tag
8613
+ # attached. For examples of policies that show how to use tags to
8614
+ # control access, see [Control Access Using IAM Tags][1] in the *IAM
8615
+ # User Guide*.
8616
+ #
8617
+ # * **Cost allocation** - Use tags to help track which individuals and
8618
+ # teams are using which AWS resources.
8619
+ #
8620
+ # <note markdown="1"> * Make sure that you have no invalid tags and that you do not exceed
8621
+ # the allowed number of tags per role. In either case, the entire
8622
+ # request fails and *no* tags are added to the role.
8623
+ #
8624
+ # * AWS always interprets the tag `Value` as a single string. If you
8625
+ # need to store an array, you can store comma-separated values in the
8626
+ # string. However, you must interpret the value in your code.
8627
+ #
8628
+ # </note>
8629
+ #
8630
+ # For more information about tagging, see [Tagging IAM Identities][2] in
8631
+ # the *IAM User Guide*.
8632
+ #
8633
+ #
8634
+ #
8635
+ # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html
8636
+ # [2]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
8637
+ #
8638
+ # @option params [required, String] :role_name
8639
+ # The name of the role that you want to add tags to.
8640
+ #
8641
+ # This parameter accepts (through its [regex pattern][1]) a string of
8642
+ # characters that consist of upper and lowercase alphanumeric characters
8643
+ # with no spaces. You can also include any of the following characters:
8644
+ # \_+=,.@-
8645
+ #
8646
+ #
8647
+ #
8648
+ # [1]: http://wikipedia.org/wiki/regex
8649
+ #
8650
+ # @option params [required, Array<Types::Tag>] :tags
8651
+ # The list of tags that you want to attach to the role. Each tag
8652
+ # consists of a key name and an associated value. You can specify this
8653
+ # with a JSON string.
8654
+ #
8655
+ # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
8656
+ #
8657
+ #
8658
+ # @example Example: To add a tag key and value to an IAM role
8659
+ #
8660
+ # # The following example shows how to add tags to an existing role.
8661
+ #
8662
+ # resp = client.tag_role({
8663
+ # role_name: "taggedrole",
8664
+ # tags: [
8665
+ # {
8666
+ # key: "Dept",
8667
+ # value: "Accounting",
8668
+ # },
8669
+ # {
8670
+ # key: "CostCenter",
8671
+ # value: "12345",
8672
+ # },
8673
+ # ],
8674
+ # })
8675
+ #
8676
+ # @example Request syntax with placeholder values
8677
+ #
8678
+ # resp = client.tag_role({
8679
+ # role_name: "roleNameType", # required
8680
+ # tags: [ # required
8681
+ # {
8682
+ # key: "tagKeyType", # required
8683
+ # value: "tagValueType", # required
8684
+ # },
8685
+ # ],
8686
+ # })
8687
+ #
8688
+ # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/TagRole AWS API Documentation
8689
+ #
8690
+ # @overload tag_role(params = {})
8691
+ # @param [Hash] params ({})
8692
+ def tag_role(params = {}, options = {})
8693
+ req = build_request(:tag_role, params)
8694
+ req.send_request(options)
8695
+ end
8696
+
8697
+ # Adds one or more tags to an IAM user. If a tag with the same key name
8698
+ # already exists, then that tag is overwritten with the new value.
8699
+ #
8700
+ # A tag consists of a key name and an associated value. By assigning
8701
+ # tags to your resources, you can do the following:
8702
+ #
8703
+ # * **Administrative grouping and discovery** - Attach tags to resources
8704
+ # to aid in organization and search. For example, you could search for
8705
+ # all resources with the key name *Project* and the value
8706
+ # *MyImportantProject*. Or search for all resources with the key name
8707
+ # *Cost Center* and the value *41200*.
8708
+ #
8709
+ # * **Access control** - Reference tags in IAM user-based and
8710
+ # resource-based policies. You can use tags to restrict access to only
8711
+ # an IAM requesting user or to a role that has a specified tag
8712
+ # attached. You can also restrict access to only those resources that
8713
+ # have a certain tag attached. For examples of policies that show how
8714
+ # to use tags to control access, see [Control Access Using IAM
8715
+ # Tags][1] in the *IAM User Guide*.
8716
+ #
8717
+ # * **Cost allocation** - Use tags to help track which individuals and
8718
+ # teams are using which AWS resources.
8719
+ #
8720
+ # <note markdown="1"> * Make sure that you have no invalid tags and that you do not exceed
8721
+ # the allowed number of tags per role. In either case, the entire
8722
+ # request fails and *no* tags are added to the role.
8723
+ #
8724
+ # * AWS always interprets the tag `Value` as a single string. If you
8725
+ # need to store an array, you can store comma-separated values in the
8726
+ # string. However, you must interpret the value in your code.
8727
+ #
8728
+ # </note>
8729
+ #
8730
+ # For more information about tagging, see [Tagging IAM Identities][2] in
8731
+ # the *IAM User Guide*.
8732
+ #
8733
+ #
8734
+ #
8735
+ # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html
8736
+ # [2]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
8737
+ #
8738
+ # @option params [required, String] :user_name
8739
+ # The name of the user that you want to add tags to.
8740
+ #
8741
+ # This parameter accepts (through its [regex pattern][1]) a string of
8742
+ # characters that consist of upper and lowercase alphanumeric characters
8743
+ # with no spaces. You can also include any of the following characters:
8744
+ # =,.@-
8745
+ #
8746
+ #
8747
+ #
8748
+ # [1]: http://wikipedia.org/wiki/regex
8749
+ #
8750
+ # @option params [required, Array<Types::Tag>] :tags
8751
+ # The list of tags that you want to attach to the user. Each tag
8752
+ # consists of a key name and an associated value.
8753
+ #
8754
+ # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
8755
+ #
8756
+ #
8757
+ # @example Example: To add a tag key and value to an IAM user
8758
+ #
8759
+ # # The following example shows how to add tags to an existing user.
8760
+ #
8761
+ # resp = client.tag_user({
8762
+ # tags: [
8763
+ # {
8764
+ # key: "Dept",
8765
+ # value: "Accounting",
8766
+ # },
8767
+ # {
8768
+ # key: "CostCenter",
8769
+ # value: "12345",
8770
+ # },
8771
+ # ],
8772
+ # user_name: "anika",
8773
+ # })
8774
+ #
8775
+ # @example Request syntax with placeholder values
8776
+ #
8777
+ # resp = client.tag_user({
8778
+ # user_name: "existingUserNameType", # required
8779
+ # tags: [ # required
8780
+ # {
8781
+ # key: "tagKeyType", # required
8782
+ # value: "tagValueType", # required
8783
+ # },
8784
+ # ],
8785
+ # })
8786
+ #
8787
+ # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/TagUser AWS API Documentation
8788
+ #
8789
+ # @overload tag_user(params = {})
8790
+ # @param [Hash] params ({})
8791
+ def tag_user(params = {}, options = {})
8792
+ req = build_request(:tag_user, params)
8793
+ req.send_request(options)
8794
+ end
8795
+
8796
+ # Removes the specified tags from the role. For more information about
8797
+ # tagging, see [Tagging IAM Identities][1] in the *IAM User Guide*.
8798
+ #
8799
+ #
8800
+ #
8801
+ # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
8802
+ #
8803
+ # @option params [required, String] :role_name
8804
+ # The name of the IAM role from which you want to remove tags.
8805
+ #
8806
+ # This parameter accepts (through its [regex pattern][1]) a string of
8807
+ # characters that consist of upper and lowercase alphanumeric characters
8808
+ # with no spaces. You can also include any of the following characters:
8809
+ # \_+=,.@-
8810
+ #
8811
+ #
8812
+ #
8813
+ # [1]: http://wikipedia.org/wiki/regex
8814
+ #
8815
+ # @option params [required, Array<String>] :tag_keys
8816
+ # A list of key names as a simple array of strings. The tags with
8817
+ # matching keys are removed from the specified role.
8818
+ #
8819
+ # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
8820
+ #
8821
+ #
8822
+ # @example Example: To remove a tag from an IAM role
8823
+ #
8824
+ # # The following example shows how to remove a tag with the key 'Dept' from a role named 'taggedrole'.
8825
+ #
8826
+ # resp = client.untag_role({
8827
+ # role_name: "taggedrole",
8828
+ # tag_keys: [
8829
+ # "Dept",
8830
+ # ],
8831
+ # })
8832
+ #
8833
+ # @example Request syntax with placeholder values
8834
+ #
8835
+ # resp = client.untag_role({
8836
+ # role_name: "roleNameType", # required
8837
+ # tag_keys: ["tagKeyType"], # required
8838
+ # })
8839
+ #
8840
+ # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UntagRole AWS API Documentation
8841
+ #
8842
+ # @overload untag_role(params = {})
8843
+ # @param [Hash] params ({})
8844
+ def untag_role(params = {}, options = {})
8845
+ req = build_request(:untag_role, params)
8846
+ req.send_request(options)
8847
+ end
8848
+
8849
+ # Removes the specified tags from the user. For more information about
8850
+ # tagging, see [Tagging IAM Identities][1] in the *IAM User Guide*.
8851
+ #
8852
+ #
8853
+ #
8854
+ # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
8855
+ #
8856
+ # @option params [required, String] :user_name
8857
+ # The name of the IAM user from which you want to remove tags.
8858
+ #
8859
+ # This parameter accepts (through its [regex pattern][1]) a string of
8860
+ # characters that consist of upper and lowercase alphanumeric characters
8861
+ # with no spaces. You can also include any of the following characters:
8862
+ # =,.@-
8863
+ #
8864
+ #
8865
+ #
8866
+ # [1]: http://wikipedia.org/wiki/regex
8867
+ #
8868
+ # @option params [required, Array<String>] :tag_keys
8869
+ # A list of key names as a simple array of strings. The tags with
8870
+ # matching keys are removed from the specified user.
8871
+ #
8872
+ # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
8873
+ #
8874
+ #
8875
+ # @example Example: To remove a tag from an IAM user
8876
+ #
8877
+ # # The following example shows how to remove tags that are attached to a user named 'anika'.
8878
+ #
8879
+ # resp = client.untag_user({
8880
+ # tag_keys: [
8881
+ # "Dept",
8882
+ # ],
8883
+ # user_name: "anika",
8884
+ # })
8885
+ #
8886
+ # @example Request syntax with placeholder values
8887
+ #
8888
+ # resp = client.untag_user({
8889
+ # user_name: "existingUserNameType", # required
8890
+ # tag_keys: ["tagKeyType"], # required
8891
+ # })
8892
+ #
8893
+ # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UntagUser AWS API Documentation
8894
+ #
8895
+ # @overload untag_user(params = {})
8896
+ # @param [Hash] params ({})
8897
+ def untag_user(params = {}, options = {})
8898
+ req = build_request(:untag_user, params)
8899
+ req.send_request(options)
8900
+ end
8901
+
8279
8902
  # Changes the status of the specified access key from Active to
8280
8903
  # Inactive, or vice versa. This operation can be used to disable a
8281
8904
  # user's key as part of a key rotation workflow.
@@ -8861,6 +9484,9 @@ module Aws::IAM
8861
9484
  # resp.role.create_date #=> Time
8862
9485
  # resp.role.assume_role_policy_document #=> String
8863
9486
  # resp.role.description #=> String
9487
+ # resp.role.tags #=> Array
9488
+ # resp.role.tags[0].key #=> String
9489
+ # resp.role.tags[0].value #=> String
8864
9490
  # resp.role.max_session_duration #=> Integer
8865
9491
  # resp.role.permissions_boundary.permissions_boundary_type #=> String, one of "PermissionsBoundaryPolicy"
8866
9492
  # resp.role.permissions_boundary.permissions_boundary_arn #=> String
@@ -9674,7 +10300,7 @@ module Aws::IAM
9674
10300
  params: params,
9675
10301
  config: config)
9676
10302
  context[:gem_name] = 'aws-sdk-iam'
9677
- context[:gem_version] = '1.10.0'
10303
+ context[:gem_version] = '1.11.0'
9678
10304
  Seahorse::Client::Request.new(handlers, context)
9679
10305
  end
9680
10306