aws-sdk-iam 1.123.0 → 1.125.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +10 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-iam/client.rb +453 -250
- data/lib/aws-sdk-iam/client_api.rb +21 -3
- data/lib/aws-sdk-iam/current_user.rb +4 -1
- data/lib/aws-sdk-iam/errors.rb +0 -1
- data/lib/aws-sdk-iam/login_profile.rb +2 -1
- data/lib/aws-sdk-iam/policy.rb +8 -2
- data/lib/aws-sdk-iam/policy_version.rb +9 -5
- data/lib/aws-sdk-iam/types.rb +806 -206
- data/lib/aws-sdk-iam/user.rb +4 -1
- data/lib/aws-sdk-iam.rb +1 -1
- data/sig/access_key.rbs +1 -1
- data/sig/access_key_pair.rbs +1 -1
- data/sig/client.rbs +13 -6
- data/sig/resource.rbs +1 -0
- data/sig/signing_certificate.rbs +1 -1
- data/sig/types.rbs +23 -12
- metadata +3 -3
data/lib/aws-sdk-iam/client.rb
CHANGED
@@ -95,7 +95,7 @@ module Aws::IAM
|
|
95
95
|
# class name or an instance of a plugin class.
|
96
96
|
#
|
97
97
|
# @option options [required, Aws::CredentialProvider] :credentials
|
98
|
-
# Your AWS credentials. This can be an instance of any one of the
|
98
|
+
# Your AWS credentials used for authentication. This can be an instance of any one of the
|
99
99
|
# following classes:
|
100
100
|
#
|
101
101
|
# * `Aws::Credentials` - Used for configuring static, non-refreshing
|
@@ -128,18 +128,23 @@ module Aws::IAM
|
|
128
128
|
# locations will be searched for credentials:
|
129
129
|
#
|
130
130
|
# * `Aws.config[:credentials]`
|
131
|
+
#
|
131
132
|
# * The `:access_key_id`, `:secret_access_key`, `:session_token`, and
|
132
133
|
# `:account_id` options.
|
133
|
-
#
|
134
|
-
#
|
134
|
+
#
|
135
|
+
# * `ENV['AWS_ACCESS_KEY_ID']`, `ENV['AWS_SECRET_ACCESS_KEY']`,
|
136
|
+
# `ENV['AWS_SESSION_TOKEN']`, and `ENV['AWS_ACCOUNT_ID']`.
|
137
|
+
#
|
135
138
|
# * `~/.aws/credentials`
|
139
|
+
#
|
136
140
|
# * `~/.aws/config`
|
141
|
+
#
|
137
142
|
# * EC2/ECS IMDS instance profile - When used by default, the timeouts
|
138
143
|
# are very aggressive. Construct and pass an instance of
|
139
144
|
# `Aws::InstanceProfileCredentials` or `Aws::ECSCredentials` to
|
140
145
|
# enable retries and extended timeouts. Instance profile credential
|
141
|
-
# fetching can be disabled by setting ENV['AWS_EC2_METADATA_DISABLED']
|
142
|
-
# to true
|
146
|
+
# fetching can be disabled by setting `ENV['AWS_EC2_METADATA_DISABLED']`
|
147
|
+
# to `true`.
|
143
148
|
#
|
144
149
|
# @option options [required, String] :region
|
145
150
|
# The AWS region to connect to. The configured `:region` is
|
@@ -167,6 +172,11 @@ module Aws::IAM
|
|
167
172
|
# When false, the request will raise a `RetryCapacityNotAvailableError` and will
|
168
173
|
# not retry instead of sleeping.
|
169
174
|
#
|
175
|
+
# @option options [Array<String>] :auth_scheme_preference
|
176
|
+
# A list of preferred authentication schemes to use when making a request. Supported values are:
|
177
|
+
# `sigv4`, `sigv4a`, `httpBearerAuth`, and `noAuth`. When set using `ENV['AWS_AUTH_SCHEME_PREFERENCE']` or in
|
178
|
+
# shared config as `auth_scheme_preference`, the value should be a comma-separated list.
|
179
|
+
#
|
170
180
|
# @option options [Boolean] :client_side_monitoring (false)
|
171
181
|
# When `true`, client-side metrics will be collected for all API requests from
|
172
182
|
# this client.
|
@@ -253,8 +263,8 @@ module Aws::IAM
|
|
253
263
|
# 4 times. Used in `standard` and `adaptive` retry modes.
|
254
264
|
#
|
255
265
|
# @option options [String] :profile ("default")
|
256
|
-
# Used when loading credentials from the shared credentials file
|
257
|
-
#
|
266
|
+
# Used when loading credentials from the shared credentials file at `HOME/.aws/credentials`.
|
267
|
+
# When not specified, 'default' is used.
|
258
268
|
#
|
259
269
|
# @option options [String] :request_checksum_calculation ("when_supported")
|
260
270
|
# Determines when a checksum will be calculated for request payloads. Values are:
|
@@ -367,7 +377,7 @@ module Aws::IAM
|
|
367
377
|
# `Aws::Telemetry::OTelProvider` for telemetry provider.
|
368
378
|
#
|
369
379
|
# @option options [Aws::TokenProvider] :token_provider
|
370
|
-
#
|
380
|
+
# Your Bearer token used for authentication. This can be an instance of any one of the
|
371
381
|
# following classes:
|
372
382
|
#
|
373
383
|
# * `Aws::StaticTokenProvider` - Used for configuring static, non-refreshing
|
@@ -479,7 +489,11 @@ module Aws::IAM
|
|
479
489
|
# @option params [required, String] :open_id_connect_provider_arn
|
480
490
|
# The Amazon Resource Name (ARN) of the IAM OpenID Connect (OIDC)
|
481
491
|
# provider resource to add the client ID to. You can get a list of OIDC
|
482
|
-
# provider ARNs by using the ListOpenIDConnectProviders operation.
|
492
|
+
# provider ARNs by using the [ListOpenIDConnectProviders][1] operation.
|
493
|
+
#
|
494
|
+
#
|
495
|
+
#
|
496
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListOpenIDConnectProviders.html
|
483
497
|
#
|
484
498
|
# @option params [required, String] :client_id
|
485
499
|
# The client ID (also known as audience) to add to the IAM OpenID
|
@@ -875,14 +889,15 @@ module Aws::IAM
|
|
875
889
|
# Services Management Console. The Amazon Web Services account root user
|
876
890
|
# password is not affected by this operation.
|
877
891
|
#
|
878
|
-
# Use UpdateLoginProfile to use the CLI, the Amazon Web Services
|
879
|
-
# the **Users** page in the IAM console to change the password
|
880
|
-
# IAM user. For more information about modifying passwords, see
|
881
|
-
# [Managing passwords][
|
892
|
+
# Use [UpdateLoginProfile][1] to use the CLI, the Amazon Web Services
|
893
|
+
# API, or the **Users** page in the IAM console to change the password
|
894
|
+
# for any IAM user. For more information about modifying passwords, see
|
895
|
+
# [Managing passwords][2] in the *IAM User Guide*.
|
882
896
|
#
|
883
897
|
#
|
884
898
|
#
|
885
|
-
# [1]: https://docs.aws.amazon.com/IAM/latest/
|
899
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateLoginProfile.html
|
900
|
+
# [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingLogins.html
|
886
901
|
#
|
887
902
|
# @option params [required, String] :old_password
|
888
903
|
# The IAM user's current password.
|
@@ -1003,7 +1018,7 @@ module Aws::IAM
|
|
1003
1018
|
#
|
1004
1019
|
# resp.access_key.user_name #=> String
|
1005
1020
|
# resp.access_key.access_key_id #=> String
|
1006
|
-
# resp.access_key.status #=> String, one of "Active", "Inactive"
|
1021
|
+
# resp.access_key.status #=> String, one of "Active", "Inactive", "Expired"
|
1007
1022
|
# resp.access_key.secret_access_key #=> String
|
1008
1023
|
# resp.access_key.create_date #=> Time
|
1009
1024
|
#
|
@@ -1290,16 +1305,17 @@ module Aws::IAM
|
|
1290
1305
|
#
|
1291
1306
|
# You can use the CLI, the Amazon Web Services API, or the **Users**
|
1292
1307
|
# page in the IAM console to create a password for any IAM user. Use
|
1293
|
-
# ChangePassword to update your own existing password in the **My
|
1308
|
+
# [ChangePassword][1] to update your own existing password in the **My
|
1294
1309
|
# Security Credentials** page in the Amazon Web Services Management
|
1295
1310
|
# Console.
|
1296
1311
|
#
|
1297
1312
|
# For more information about managing passwords, see [Managing
|
1298
|
-
# passwords][
|
1313
|
+
# passwords][2] in the *IAM User Guide*.
|
1299
1314
|
#
|
1300
1315
|
#
|
1301
1316
|
#
|
1302
|
-
# [1]: https://docs.aws.amazon.com/IAM/latest/
|
1317
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_ChangePassword.html
|
1318
|
+
# [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingLogins.html
|
1303
1319
|
#
|
1304
1320
|
# @option params [String] :user_name
|
1305
1321
|
# The name of the IAM user to create a password for. The user must
|
@@ -1435,7 +1451,7 @@ module Aws::IAM
|
|
1435
1451
|
#
|
1436
1452
|
# <note markdown="1"> The trust for the OIDC provider is derived from the IAM provider that
|
1437
1453
|
# this operation creates. Therefore, it is best to limit access to the
|
1438
|
-
# CreateOpenIDConnectProvider operation to highly privileged users.
|
1454
|
+
# [CreateOpenIDConnectProvider][3] operation to highly privileged users.
|
1439
1455
|
#
|
1440
1456
|
# </note>
|
1441
1457
|
#
|
@@ -1443,6 +1459,7 @@ module Aws::IAM
|
|
1443
1459
|
#
|
1444
1460
|
# [1]: http://openid.net/connect/
|
1445
1461
|
# [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-idp_oidc.html
|
1462
|
+
# [3]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateOpenIDConnectProvider.html
|
1446
1463
|
#
|
1447
1464
|
# @option params [required, String] :url
|
1448
1465
|
# The URL of the identity provider. The URL must begin with `https://`
|
@@ -1733,19 +1750,20 @@ module Aws::IAM
|
|
1733
1750
|
# Creates a new version of the specified managed policy. To update a
|
1734
1751
|
# managed policy, you create a new policy version. A managed policy can
|
1735
1752
|
# have up to five versions. If the policy has five versions, you must
|
1736
|
-
# delete an existing version using DeletePolicyVersion before you
|
1737
|
-
# a new version.
|
1753
|
+
# delete an existing version using [DeletePolicyVersion][1] before you
|
1754
|
+
# create a new version.
|
1738
1755
|
#
|
1739
1756
|
# Optionally, you can set the new version as the policy's default
|
1740
1757
|
# version. The default version is the version that is in effect for the
|
1741
1758
|
# IAM users, groups, and roles to which the policy is attached.
|
1742
1759
|
#
|
1743
1760
|
# For more information about managed policy versions, see [Versioning
|
1744
|
-
# for managed policies][
|
1761
|
+
# for managed policies][2] in the *IAM User Guide*.
|
1745
1762
|
#
|
1746
1763
|
#
|
1747
1764
|
#
|
1748
|
-
# [1]: https://docs.aws.amazon.com/IAM/latest/
|
1765
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeletePolicyVersion.html
|
1766
|
+
# [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html
|
1749
1767
|
#
|
1750
1768
|
# @option params [required, String] :policy_arn
|
1751
1769
|
# The Amazon Resource Name (ARN) of the IAM policy to which you want to
|
@@ -2250,19 +2268,20 @@ module Aws::IAM
|
|
2250
2268
|
# You can have a maximum of two sets of service-specific credentials for
|
2251
2269
|
# each supported service per user.
|
2252
2270
|
#
|
2253
|
-
# You can create service-specific credentials for
|
2254
|
-
# Keyspaces (for Apache Cassandra).
|
2271
|
+
# You can create service-specific credentials for Amazon Bedrock,
|
2272
|
+
# CodeCommit and Amazon Keyspaces (for Apache Cassandra).
|
2255
2273
|
#
|
2256
2274
|
# You can reset the password to a new service-generated value by calling
|
2257
|
-
# ResetServiceSpecificCredential.
|
2275
|
+
# [ResetServiceSpecificCredential][1].
|
2258
2276
|
#
|
2259
|
-
# For more information about service-specific credentials, see
|
2260
|
-
#
|
2261
|
-
#
|
2277
|
+
# For more information about service-specific credentials, see
|
2278
|
+
# [Service-specific credentials for IAM users][2] in the *IAM User
|
2279
|
+
# Guide*.
|
2262
2280
|
#
|
2263
2281
|
#
|
2264
2282
|
#
|
2265
|
-
# [1]: https://docs.aws.amazon.com/IAM/latest/
|
2283
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_ResetServiceSpecificCredential.html
|
2284
|
+
# [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_bedrock.html
|
2266
2285
|
#
|
2267
2286
|
# @option params [required, String] :user_name
|
2268
2287
|
# The name of the IAM user that is to be associated with the
|
@@ -2284,6 +2303,11 @@ module Aws::IAM
|
|
2284
2303
|
# with the credentials. The service you specify here is the only service
|
2285
2304
|
# that can be accessed using these credentials.
|
2286
2305
|
#
|
2306
|
+
# @option params [Integer] :credential_age_days
|
2307
|
+
# The number of days until the service specific credential expires. This
|
2308
|
+
# field is only valid for Bedrock API keys and must be a positive
|
2309
|
+
# integer. When not specified, the credential will not expire.
|
2310
|
+
#
|
2287
2311
|
# @return [Types::CreateServiceSpecificCredentialResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
2288
2312
|
#
|
2289
2313
|
# * {Types::CreateServiceSpecificCredentialResponse#service_specific_credential #service_specific_credential} => Types::ServiceSpecificCredential
|
@@ -2293,17 +2317,21 @@ module Aws::IAM
|
|
2293
2317
|
# resp = client.create_service_specific_credential({
|
2294
2318
|
# user_name: "userNameType", # required
|
2295
2319
|
# service_name: "serviceName", # required
|
2320
|
+
# credential_age_days: 1,
|
2296
2321
|
# })
|
2297
2322
|
#
|
2298
2323
|
# @example Response structure
|
2299
2324
|
#
|
2300
2325
|
# resp.service_specific_credential.create_date #=> Time
|
2326
|
+
# resp.service_specific_credential.expiration_date #=> Time
|
2301
2327
|
# resp.service_specific_credential.service_name #=> String
|
2302
2328
|
# resp.service_specific_credential.service_user_name #=> String
|
2303
2329
|
# resp.service_specific_credential.service_password #=> String
|
2330
|
+
# resp.service_specific_credential.service_credential_alias #=> String
|
2331
|
+
# resp.service_specific_credential.service_credential_secret #=> String
|
2304
2332
|
# resp.service_specific_credential.service_specific_credential_id #=> String
|
2305
2333
|
# resp.service_specific_credential.user_name #=> String
|
2306
|
-
# resp.service_specific_credential.status #=> String, one of "Active", "Inactive"
|
2334
|
+
# resp.service_specific_credential.status #=> String, one of "Active", "Inactive", "Expired"
|
2307
2335
|
#
|
2308
2336
|
# @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateServiceSpecificCredential AWS API Documentation
|
2309
2337
|
#
|
@@ -2445,13 +2473,13 @@ module Aws::IAM
|
|
2445
2473
|
end
|
2446
2474
|
|
2447
2475
|
# Creates a new virtual MFA device for the Amazon Web Services account.
|
2448
|
-
# After creating the virtual MFA, use EnableMFADevice to attach the
|
2449
|
-
# device to an IAM user. For more information about creating and
|
2450
|
-
# with virtual MFA devices, see [Using a virtual MFA device][
|
2451
|
-
# *IAM User Guide*.
|
2476
|
+
# After creating the virtual MFA, use [EnableMFADevice][1] to attach the
|
2477
|
+
# MFA device to an IAM user. For more information about creating and
|
2478
|
+
# working with virtual MFA devices, see [Using a virtual MFA device][2]
|
2479
|
+
# in the *IAM User Guide*.
|
2452
2480
|
#
|
2453
2481
|
# For information about the maximum number of MFA devices you can
|
2454
|
-
# create, see [IAM and STS quotas][
|
2482
|
+
# create, see [IAM and STS quotas][3] in the *IAM User Guide*.
|
2455
2483
|
#
|
2456
2484
|
# The seed information contained in the QR code and the Base32 string
|
2457
2485
|
# should be treated like any other secret access information. In other
|
@@ -2462,8 +2490,9 @@ module Aws::IAM
|
|
2462
2490
|
#
|
2463
2491
|
#
|
2464
2492
|
#
|
2465
|
-
# [1]: https://docs.aws.amazon.com/IAM/latest/
|
2466
|
-
# [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/
|
2493
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_EnableMFADevice.html
|
2494
|
+
# [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_VirtualMFA.html
|
2495
|
+
# [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html
|
2467
2496
|
#
|
2468
2497
|
# @option params [String] :path
|
2469
2498
|
# The path for the virtual MFA device. For more information about paths,
|
@@ -2786,13 +2815,14 @@ module Aws::IAM
|
|
2786
2815
|
# IAM group.
|
2787
2816
|
#
|
2788
2817
|
# A group can also have managed policies attached to it. To detach a
|
2789
|
-
# managed policy from a group, use DetachGroupPolicy. For more
|
2818
|
+
# managed policy from a group, use [DetachGroupPolicy][1]. For more
|
2790
2819
|
# information about policies, refer to [Managed policies and inline
|
2791
|
-
# policies][
|
2820
|
+
# policies][2] in the *IAM User Guide*.
|
2792
2821
|
#
|
2793
2822
|
#
|
2794
2823
|
#
|
2795
|
-
# [1]: https://docs.aws.amazon.com/IAM/latest/
|
2824
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_DetachGroupPolicy.html
|
2825
|
+
# [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
|
2796
2826
|
#
|
2797
2827
|
# @option params [required, String] :group_name
|
2798
2828
|
# The name (friendly name, not ARN) identifying the group that the
|
@@ -2900,24 +2930,28 @@ module Aws::IAM
|
|
2900
2930
|
req.send_request(options)
|
2901
2931
|
end
|
2902
2932
|
|
2903
|
-
# Deletes the password for the specified IAM user, For more
|
2904
|
-
# see [Managing passwords for IAM users][1].
|
2933
|
+
# Deletes the password for the specified IAM user or root user, For more
|
2934
|
+
# information, see [Managing passwords for IAM users][1].
|
2905
2935
|
#
|
2906
2936
|
# You can use the CLI, the Amazon Web Services API, or the **Users**
|
2907
2937
|
# page in the IAM console to delete a password for any IAM user. You can
|
2908
|
-
# use ChangePassword to update, but not delete, your own password
|
2909
|
-
# **My Security Credentials** page in the Amazon Web Services
|
2910
|
-
# Console.
|
2938
|
+
# use [ChangePassword][2] to update, but not delete, your own password
|
2939
|
+
# in the **My Security Credentials** page in the Amazon Web Services
|
2940
|
+
# Management Console.
|
2911
2941
|
#
|
2912
2942
|
# Deleting a user's password does not prevent a user from accessing
|
2913
2943
|
# Amazon Web Services through the command line interface or the API. To
|
2914
2944
|
# prevent all user access, you must also either make any access keys
|
2915
2945
|
# inactive or delete them. For more information about making keys
|
2916
|
-
# inactive or deleting them, see UpdateAccessKey and
|
2946
|
+
# inactive or deleting them, see [UpdateAccessKey][3] and
|
2947
|
+
# [DeleteAccessKey][4].
|
2917
2948
|
#
|
2918
2949
|
#
|
2919
2950
|
#
|
2920
2951
|
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_admin-change-user.html
|
2952
|
+
# [2]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_ChangePassword.html
|
2953
|
+
# [3]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateAccessKey.html
|
2954
|
+
# [4]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteAccessKey.html
|
2921
2955
|
#
|
2922
2956
|
# @option params [String] :user_name
|
2923
2957
|
# The name of the user whose password you want to delete.
|
@@ -2976,9 +3010,13 @@ module Aws::IAM
|
|
2976
3010
|
# @option params [required, String] :open_id_connect_provider_arn
|
2977
3011
|
# The Amazon Resource Name (ARN) of the IAM OpenID Connect provider
|
2978
3012
|
# resource object to delete. You can get a list of OpenID Connect
|
2979
|
-
# provider resource ARNs by using the ListOpenIDConnectProviders
|
3013
|
+
# provider resource ARNs by using the [ListOpenIDConnectProviders][1]
|
2980
3014
|
# operation.
|
2981
3015
|
#
|
3016
|
+
#
|
3017
|
+
#
|
3018
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListOpenIDConnectProviders.html
|
3019
|
+
#
|
2982
3020
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
2983
3021
|
#
|
2984
3022
|
# @example Request syntax with placeholder values
|
@@ -3004,25 +3042,31 @@ module Aws::IAM
|
|
3004
3042
|
# steps describe the process for deleting a managed policy:
|
3005
3043
|
#
|
3006
3044
|
# * Detach the policy from all users, groups, and roles that the policy
|
3007
|
-
# is attached to, using DetachUserPolicy, DetachGroupPolicy,
|
3008
|
-
# DetachRolePolicy. To list all the users, groups, and roles
|
3009
|
-
# policy is attached to, use ListEntitiesForPolicy.
|
3010
|
-
#
|
3011
|
-
# * Delete all versions of the policy using DeletePolicyVersion. To
|
3012
|
-
# the policy's versions, use ListPolicyVersions. You cannot
|
3013
|
-
# DeletePolicyVersion to delete the version that is marked as
|
3014
|
-
# default version. You delete the policy's default version in the
|
3045
|
+
# is attached to, using [DetachUserPolicy][1], [DetachGroupPolicy][2],
|
3046
|
+
# or [DetachRolePolicy][3]. To list all the users, groups, and roles
|
3047
|
+
# that a policy is attached to, use [ListEntitiesForPolicy][4].
|
3048
|
+
#
|
3049
|
+
# * Delete all versions of the policy using [DeletePolicyVersion][5]. To
|
3050
|
+
# list the policy's versions, use [ListPolicyVersions][6]. You cannot
|
3051
|
+
# use [DeletePolicyVersion][5] to delete the version that is marked as
|
3052
|
+
# the default version. You delete the policy's default version in the
|
3015
3053
|
# next step of the process.
|
3016
3054
|
#
|
3017
3055
|
# * Delete the policy (this automatically deletes the policy's default
|
3018
3056
|
# version) using this operation.
|
3019
3057
|
#
|
3020
3058
|
# For information about managed policies, see [Managed policies and
|
3021
|
-
# inline policies][
|
3059
|
+
# inline policies][7] in the *IAM User Guide*.
|
3022
3060
|
#
|
3023
3061
|
#
|
3024
3062
|
#
|
3025
|
-
# [1]: https://docs.aws.amazon.com/IAM/latest/
|
3063
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_DetachUserPolicy.html
|
3064
|
+
# [2]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_DetachGroupPolicy.html
|
3065
|
+
# [3]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_DetachRolePolicy.html
|
3066
|
+
# [4]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListEntitiesForPolicy.html
|
3067
|
+
# [5]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeletePolicyVersion.html
|
3068
|
+
# [6]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListPolicyVersions.html
|
3069
|
+
# [7]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
|
3026
3070
|
#
|
3027
3071
|
# @option params [required, String] :policy_arn
|
3028
3072
|
# The Amazon Resource Name (ARN) of the IAM policy you want to delete.
|
@@ -3055,15 +3099,17 @@ module Aws::IAM
|
|
3055
3099
|
#
|
3056
3100
|
# You cannot delete the default version from a policy using this
|
3057
3101
|
# operation. To delete the default version from a policy, use
|
3058
|
-
# DeletePolicy. To find out which version of a policy is marked as
|
3059
|
-
# default version, use ListPolicyVersions.
|
3102
|
+
# [DeletePolicy][1]. To find out which version of a policy is marked as
|
3103
|
+
# the default version, use [ListPolicyVersions][2].
|
3060
3104
|
#
|
3061
3105
|
# For information about versions for managed policies, see [Versioning
|
3062
|
-
# for managed policies][
|
3106
|
+
# for managed policies][3] in the *IAM User Guide*.
|
3063
3107
|
#
|
3064
3108
|
#
|
3065
3109
|
#
|
3066
|
-
# [1]: https://docs.aws.amazon.com/IAM/latest/
|
3110
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeletePolicy.html
|
3111
|
+
# [2]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListPolicyVersions.html
|
3112
|
+
# [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html
|
3067
3113
|
#
|
3068
3114
|
# @option params [required, String] :policy_arn
|
3069
3115
|
# The Amazon Resource Name (ARN) of the IAM policy from which you want
|
@@ -3116,14 +3162,14 @@ module Aws::IAM
|
|
3116
3162
|
# information, see [Deleting an IAM role][1]. Before attempting to
|
3117
3163
|
# delete a role, remove the following attached items:
|
3118
3164
|
#
|
3119
|
-
# * Inline policies (DeleteRolePolicy)
|
3165
|
+
# * Inline policies ([DeleteRolePolicy][2])
|
3120
3166
|
#
|
3121
|
-
# * Attached managed policies (DetachRolePolicy)
|
3167
|
+
# * Attached managed policies ([DetachRolePolicy][3])
|
3122
3168
|
#
|
3123
|
-
# * Instance profile (RemoveRoleFromInstanceProfile)
|
3169
|
+
# * Instance profile ([RemoveRoleFromInstanceProfile][4])
|
3124
3170
|
#
|
3125
3171
|
# * Optional – Delete instance profile after detaching from role for
|
3126
|
-
# resource clean up (DeleteInstanceProfile)
|
3172
|
+
# resource clean up ([DeleteInstanceProfile][5])
|
3127
3173
|
#
|
3128
3174
|
# Make sure that you do not have any Amazon EC2 instances running with
|
3129
3175
|
# the role you are about to delete. Deleting a role or instance profile
|
@@ -3133,6 +3179,10 @@ module Aws::IAM
|
|
3133
3179
|
#
|
3134
3180
|
#
|
3135
3181
|
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_manage_delete.html#roles-managingrole-deleting-cli
|
3182
|
+
# [2]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteRolePolicy.html
|
3183
|
+
# [3]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_DetachRolePolicy.html
|
3184
|
+
# [4]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_RemoveRoleFromInstanceProfile.html
|
3185
|
+
# [5]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteInstanceProfile.html
|
3136
3186
|
#
|
3137
3187
|
# @option params [required, String] :role_name
|
3138
3188
|
# The name of the role to delete.
|
@@ -3205,13 +3255,14 @@ module Aws::IAM
|
|
3205
3255
|
# IAM role.
|
3206
3256
|
#
|
3207
3257
|
# A role can also have managed policies attached to it. To detach a
|
3208
|
-
# managed policy from a role, use DetachRolePolicy. For more
|
3209
|
-
# about policies, refer to [Managed policies and inline
|
3210
|
-
# the *IAM User Guide*.
|
3258
|
+
# managed policy from a role, use [DetachRolePolicy][1]. For more
|
3259
|
+
# information about policies, refer to [Managed policies and inline
|
3260
|
+
# policies][2] in the *IAM User Guide*.
|
3211
3261
|
#
|
3212
3262
|
#
|
3213
3263
|
#
|
3214
|
-
# [1]: https://docs.aws.amazon.com/IAM/latest/
|
3264
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_DetachRolePolicy.html
|
3265
|
+
# [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
|
3215
3266
|
#
|
3216
3267
|
# @option params [required, String] :role_name
|
3217
3268
|
# The name (friendly name, not ARN) identifying the role that the policy
|
@@ -3415,23 +3466,24 @@ module Aws::IAM
|
|
3415
3466
|
#
|
3416
3467
|
# If you submit a deletion request for a service-linked role whose
|
3417
3468
|
# linked service is still accessing a resource, then the deletion task
|
3418
|
-
# fails. If it fails, the GetServiceLinkedRoleDeletionStatus
|
3419
|
-
# returns the reason for the failure, usually including the
|
3420
|
-
# that must be deleted. To delete the service-linked role, you
|
3421
|
-
# first remove those resources from the linked service and then
|
3422
|
-
# the deletion request again. Resources are specific to the
|
3423
|
-
# is linked to the role. For more information about
|
3424
|
-
# from a service, see the [Amazon Web Services
|
3425
|
-
# your service.
|
3469
|
+
# fails. If it fails, the [GetServiceLinkedRoleDeletionStatus][1]
|
3470
|
+
# operation returns the reason for the failure, usually including the
|
3471
|
+
# resources that must be deleted. To delete the service-linked role, you
|
3472
|
+
# must first remove those resources from the linked service and then
|
3473
|
+
# submit the deletion request again. Resources are specific to the
|
3474
|
+
# service that is linked to the role. For more information about
|
3475
|
+
# removing resources from a service, see the [Amazon Web Services
|
3476
|
+
# documentation][2] for your service.
|
3426
3477
|
#
|
3427
3478
|
# For more information about service-linked roles, see [Roles terms and
|
3428
|
-
# concepts: Amazon Web Services service-linked role][
|
3479
|
+
# concepts: Amazon Web Services service-linked role][3] in the *IAM User
|
3429
3480
|
# Guide*.
|
3430
3481
|
#
|
3431
3482
|
#
|
3432
3483
|
#
|
3433
|
-
# [1]:
|
3434
|
-
# [2]:
|
3484
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetServiceLinkedRoleDeletionStatus.html
|
3485
|
+
# [2]: http://docs.aws.amazon.com/
|
3486
|
+
# [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html#iam-term-service-linked-role
|
3435
3487
|
#
|
3436
3488
|
# @option params [required, String] :role_name
|
3437
3489
|
# The name of the service-linked role to be deleted.
|
@@ -3477,15 +3529,16 @@ module Aws::IAM
|
|
3477
3529
|
#
|
3478
3530
|
# @option params [required, String] :service_specific_credential_id
|
3479
3531
|
# The unique identifier of the service-specific credential. You can get
|
3480
|
-
# this value by calling ListServiceSpecificCredentials.
|
3532
|
+
# this value by calling [ListServiceSpecificCredentials][1].
|
3481
3533
|
#
|
3482
|
-
# This parameter allows (through its [regex pattern][
|
3534
|
+
# This parameter allows (through its [regex pattern][2]) a string of
|
3483
3535
|
# characters that can consist of any upper or lowercased letter or
|
3484
3536
|
# digit.
|
3485
3537
|
#
|
3486
3538
|
#
|
3487
3539
|
#
|
3488
|
-
# [1]:
|
3540
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListServiceSpecificCredentials.html
|
3541
|
+
# [2]: http://wikipedia.org/wiki/regex
|
3489
3542
|
#
|
3490
3543
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
3491
3544
|
#
|
@@ -3571,28 +3624,38 @@ module Aws::IAM
|
|
3571
3624
|
# For more information, see [Deleting an IAM user][1]. Before attempting
|
3572
3625
|
# to delete a user, remove the following items:
|
3573
3626
|
#
|
3574
|
-
# * Password (DeleteLoginProfile)
|
3627
|
+
# * Password ([DeleteLoginProfile][2])
|
3575
3628
|
#
|
3576
|
-
# * Access keys (DeleteAccessKey)
|
3629
|
+
# * Access keys ([DeleteAccessKey][3])
|
3577
3630
|
#
|
3578
|
-
# * Signing certificate (DeleteSigningCertificate)
|
3631
|
+
# * Signing certificate ([DeleteSigningCertificate][4])
|
3579
3632
|
#
|
3580
|
-
# * SSH public key (DeleteSSHPublicKey)
|
3633
|
+
# * SSH public key ([DeleteSSHPublicKey][5])
|
3581
3634
|
#
|
3582
|
-
# * Git credentials (DeleteServiceSpecificCredential)
|
3635
|
+
# * Git credentials ([DeleteServiceSpecificCredential][6])
|
3583
3636
|
#
|
3584
|
-
# * Multi-factor authentication (MFA) device (DeactivateMFADevice,
|
3585
|
-
# DeleteVirtualMFADevice)
|
3637
|
+
# * Multi-factor authentication (MFA) device ([DeactivateMFADevice][7],
|
3638
|
+
# [DeleteVirtualMFADevice][8])
|
3586
3639
|
#
|
3587
|
-
# * Inline policies (DeleteUserPolicy)
|
3640
|
+
# * Inline policies ([DeleteUserPolicy][9])
|
3588
3641
|
#
|
3589
|
-
# * Attached managed policies (DetachUserPolicy)
|
3642
|
+
# * Attached managed policies ([DetachUserPolicy][10])
|
3590
3643
|
#
|
3591
|
-
# * Group memberships (RemoveUserFromGroup)
|
3644
|
+
# * Group memberships ([RemoveUserFromGroup][11])
|
3592
3645
|
#
|
3593
3646
|
#
|
3594
3647
|
#
|
3595
3648
|
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_manage.html#id_users_deleting_cli
|
3649
|
+
# [2]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteLoginProfile.html
|
3650
|
+
# [3]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteAccessKey.html
|
3651
|
+
# [4]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteSigningCertificate.html
|
3652
|
+
# [5]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteSSHPublicKey.html
|
3653
|
+
# [6]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteServiceSpecificCredential.html
|
3654
|
+
# [7]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeactivateMFADevice.html
|
3655
|
+
# [8]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteVirtualMFADevice.html
|
3656
|
+
# [9]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteUserPolicy.html
|
3657
|
+
# [10]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_DetachUserPolicy.html
|
3658
|
+
# [11]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_RemoveUserFromGroup.html
|
3596
3659
|
#
|
3597
3660
|
# @option params [required, String] :user_name
|
3598
3661
|
# The name of the user to delete.
|
@@ -3663,13 +3726,14 @@ module Aws::IAM
|
|
3663
3726
|
# IAM user.
|
3664
3727
|
#
|
3665
3728
|
# A user can also have managed policies attached to it. To detach a
|
3666
|
-
# managed policy from a user, use DetachUserPolicy. For more
|
3667
|
-
# about policies, refer to [Managed policies and inline
|
3668
|
-
# the *IAM User Guide*.
|
3729
|
+
# managed policy from a user, use [DetachUserPolicy][1]. For more
|
3730
|
+
# information about policies, refer to [Managed policies and inline
|
3731
|
+
# policies][2] in the *IAM User Guide*.
|
3669
3732
|
#
|
3670
3733
|
#
|
3671
3734
|
#
|
3672
|
-
# [1]: https://docs.aws.amazon.com/IAM/latest/
|
3735
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_DetachUserPolicy.html
|
3736
|
+
# [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
|
3673
3737
|
#
|
3674
3738
|
# @option params [required, String] :user_name
|
3675
3739
|
# The name (friendly name, not ARN) identifying the user that the policy
|
@@ -3728,10 +3792,14 @@ module Aws::IAM
|
|
3728
3792
|
#
|
3729
3793
|
# <note markdown="1"> You must deactivate a user's virtual MFA device before you can delete
|
3730
3794
|
# it. For information about deactivating MFA devices, see
|
3731
|
-
# DeactivateMFADevice.
|
3795
|
+
# [DeactivateMFADevice][1].
|
3732
3796
|
#
|
3733
3797
|
# </note>
|
3734
3798
|
#
|
3799
|
+
#
|
3800
|
+
#
|
3801
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeactivateMFADevice.html
|
3802
|
+
#
|
3735
3803
|
# @option params [required, String] :serial_number
|
3736
3804
|
# The serial number that uniquely identifies the MFA device. For virtual
|
3737
3805
|
# MFA devices, the serial number is the same as the ARN.
|
@@ -3774,12 +3842,14 @@ module Aws::IAM
|
|
3774
3842
|
# Removes the specified managed policy from the specified IAM group.
|
3775
3843
|
#
|
3776
3844
|
# A group can also have inline policies embedded with it. To delete an
|
3777
|
-
# inline policy, use DeleteGroupPolicy. For information about
|
3778
|
-
# see [Managed policies and inline policies][
|
3845
|
+
# inline policy, use [DeleteGroupPolicy][1]. For information about
|
3846
|
+
# policies, see [Managed policies and inline policies][2] in the *IAM
|
3847
|
+
# User Guide*.
|
3779
3848
|
#
|
3780
3849
|
#
|
3781
3850
|
#
|
3782
|
-
# [1]: https://docs.aws.amazon.com/IAM/latest/
|
3851
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteGroupPolicy.html
|
3852
|
+
# [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
|
3783
3853
|
#
|
3784
3854
|
# @option params [required, String] :group_name
|
3785
3855
|
# The name (friendly name, not ARN) of the IAM group to detach the
|
@@ -3825,12 +3895,14 @@ module Aws::IAM
|
|
3825
3895
|
# Removes the specified managed policy from the specified role.
|
3826
3896
|
#
|
3827
3897
|
# A role can also have inline policies embedded with it. To delete an
|
3828
|
-
# inline policy, use DeleteRolePolicy. For information about
|
3829
|
-
# see [Managed policies and inline policies][
|
3898
|
+
# inline policy, use [DeleteRolePolicy][1]. For information about
|
3899
|
+
# policies, see [Managed policies and inline policies][2] in the *IAM
|
3900
|
+
# User Guide*.
|
3830
3901
|
#
|
3831
3902
|
#
|
3832
3903
|
#
|
3833
|
-
# [1]: https://docs.aws.amazon.com/IAM/latest/
|
3904
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteRolePolicy.html
|
3905
|
+
# [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
|
3834
3906
|
#
|
3835
3907
|
# @option params [required, String] :role_name
|
3836
3908
|
# The name (friendly name, not ARN) of the IAM role to detach the policy
|
@@ -3876,12 +3948,14 @@ module Aws::IAM
|
|
3876
3948
|
# Removes the specified managed policy from the specified user.
|
3877
3949
|
#
|
3878
3950
|
# A user can also have inline policies embedded with it. To delete an
|
3879
|
-
# inline policy, use DeleteUserPolicy. For information about
|
3880
|
-
# see [Managed policies and inline policies][
|
3951
|
+
# inline policy, use [DeleteUserPolicy][1]. For information about
|
3952
|
+
# policies, see [Managed policies and inline policies][2] in the *IAM
|
3953
|
+
# User Guide*.
|
3881
3954
|
#
|
3882
3955
|
#
|
3883
3956
|
#
|
3884
|
-
# [1]: https://docs.aws.amazon.com/IAM/latest/
|
3957
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteUserPolicy.html
|
3958
|
+
# [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
|
3885
3959
|
#
|
3886
3960
|
# @option params [required, String] :user_name
|
3887
3961
|
# The name (friendly name, not ARN) of the IAM user to detach the policy
|
@@ -4446,7 +4520,7 @@ module Aws::IAM
|
|
4446
4520
|
# Use this parameter in the following operations to retrieve the
|
4447
4521
|
# following details from your report:
|
4448
4522
|
#
|
4449
|
-
# * GetServiceLastAccessedDetails – Use this operation for users,
|
4523
|
+
# * [GetServiceLastAccessedDetails][4] – Use this operation for users,
|
4450
4524
|
# groups, roles, or policies to list every Amazon Web Services service
|
4451
4525
|
# that the resource could access using permissions policies. For each
|
4452
4526
|
# service, the response includes information about the most recent
|
@@ -4456,8 +4530,8 @@ module Aws::IAM
|
|
4456
4530
|
# used by the same role within a session, or by the same user when
|
4457
4531
|
# used to call `GetServiceLastAccessedDetail`.
|
4458
4532
|
#
|
4459
|
-
# * GetServiceLastAccessedDetailsWithEntities – Use this operation
|
4460
|
-
# groups and policies to list information about the associated
|
4533
|
+
# * [GetServiceLastAccessedDetailsWithEntities][5] – Use this operation
|
4534
|
+
# for groups and policies to list information about the associated
|
4461
4535
|
# entities (users or roles) that attempted to access a specific Amazon
|
4462
4536
|
# Web Services service.
|
4463
4537
|
#
|
@@ -4467,20 +4541,20 @@ module Aws::IAM
|
|
4467
4541
|
#
|
4468
4542
|
# For additional information about the permissions policies that allow
|
4469
4543
|
# an identity (user, group, or role) to access specific services, use
|
4470
|
-
# the ListPoliciesGrantingServiceAccess operation.
|
4544
|
+
# the [ListPoliciesGrantingServiceAccess][6] operation.
|
4471
4545
|
#
|
4472
4546
|
# <note markdown="1"> Service last accessed data does not use other policy types when
|
4473
4547
|
# determining whether a resource could access a service. These other
|
4474
4548
|
# policy types include resource-based policies, access control lists,
|
4475
4549
|
# Organizations policies, IAM permissions boundaries, and STS assume
|
4476
4550
|
# role policies. It only applies permissions policy logic. For more
|
4477
|
-
# about the evaluation of policy types, see [Evaluating policies][
|
4551
|
+
# about the evaluation of policy types, see [Evaluating policies][7] in
|
4478
4552
|
# the *IAM User Guide*.
|
4479
4553
|
#
|
4480
4554
|
# </note>
|
4481
4555
|
#
|
4482
4556
|
# For more information about service and action last accessed data, see
|
4483
|
-
# [Reducing permissions using service last accessed data][
|
4557
|
+
# [Reducing permissions using service last accessed data][8] in the *IAM
|
4484
4558
|
# User Guide*.
|
4485
4559
|
#
|
4486
4560
|
#
|
@@ -4488,8 +4562,11 @@ module Aws::IAM
|
|
4488
4562
|
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#access-advisor_tracking-period
|
4489
4563
|
# [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor-action-last-accessed.html
|
4490
4564
|
# [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-integration.html
|
4491
|
-
# [4]: https://docs.aws.amazon.com/IAM/latest/
|
4492
|
-
# [5]: https://docs.aws.amazon.com/IAM/latest/
|
4565
|
+
# [4]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetServiceLastAccessedDetails.html
|
4566
|
+
# [5]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetServiceLastAccessedDetailsWithEntities.html
|
4567
|
+
# [6]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListPoliciesGrantingServiceAccess.html
|
4568
|
+
# [7]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-basics
|
4569
|
+
# [8]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html
|
4493
4570
|
#
|
4494
4571
|
# @option params [required, String] :arn
|
4495
4572
|
# The ARN of the IAM resource (user, group, role, or managed policy)
|
@@ -4595,7 +4672,8 @@ module Aws::IAM
|
|
4595
4672
|
# [RFC 3986][1]. You can use a URL decoding method to convert the policy
|
4596
4673
|
# back to plain JSON text. For example, if you use Java, you can use the
|
4597
4674
|
# `decode` method of the `java.net.URLDecoder` utility class in the Java
|
4598
|
-
# SDK. Other languages and SDKs provide similar functionality
|
4675
|
+
# SDK. Other languages and SDKs provide similar functionality, and some
|
4676
|
+
# SDKs do this decoding automatically.
|
4599
4677
|
#
|
4600
4678
|
# </note>
|
4601
4679
|
#
|
@@ -4890,16 +4968,21 @@ module Aws::IAM
|
|
4890
4968
|
# Gets a list of all of the context keys referenced in the input
|
4891
4969
|
# policies. The policies are supplied as a list of one or more strings.
|
4892
4970
|
# To get the context keys from policies associated with an IAM user,
|
4893
|
-
# group, or role, use GetContextKeysForPrincipalPolicy.
|
4971
|
+
# group, or role, use [GetContextKeysForPrincipalPolicy][1].
|
4894
4972
|
#
|
4895
4973
|
# Context keys are variables maintained by Amazon Web Services and its
|
4896
4974
|
# services that provide details about the context of an API query
|
4897
4975
|
# request. Context keys can be evaluated by testing against a value
|
4898
4976
|
# specified in an IAM policy. Use `GetContextKeysForCustomPolicy` to
|
4899
4977
|
# understand what key names and values you must supply when you call
|
4900
|
-
# SimulateCustomPolicy. Note that all parameters are shown in
|
4901
|
-
# form here for clarity but must be URL encoded to be included
|
4902
|
-
# of a real HTML request.
|
4978
|
+
# [SimulateCustomPolicy][2]. Note that all parameters are shown in
|
4979
|
+
# unencoded form here for clarity but must be URL encoded to be included
|
4980
|
+
# as a part of a real HTML request.
|
4981
|
+
#
|
4982
|
+
#
|
4983
|
+
#
|
4984
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetContextKeysForPrincipalPolicy.html
|
4985
|
+
# [2]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_SimulateCustomPolicy.html
|
4903
4986
|
#
|
4904
4987
|
# @option params [required, Array<String>] :policy_input_list
|
4905
4988
|
# A list of policies for which you want the list of context keys
|
@@ -4954,19 +5037,25 @@ module Aws::IAM
|
|
4954
5037
|
#
|
4955
5038
|
# You can optionally include a list of one or more additional policies,
|
4956
5039
|
# specified as strings. If you want to include *only* a list of policies
|
4957
|
-
# by string, use GetContextKeysForCustomPolicy instead.
|
5040
|
+
# by string, use [GetContextKeysForCustomPolicy][1] instead.
|
4958
5041
|
#
|
4959
5042
|
# **Note:** This operation discloses information about the permissions
|
4960
5043
|
# granted to other users. If you do not want users to see other user's
|
4961
5044
|
# permissions, then consider allowing them to use
|
4962
|
-
# GetContextKeysForCustomPolicy instead.
|
5045
|
+
# [GetContextKeysForCustomPolicy][1] instead.
|
4963
5046
|
#
|
4964
5047
|
# Context keys are variables maintained by Amazon Web Services and its
|
4965
5048
|
# services that provide details about the context of an API query
|
4966
5049
|
# request. Context keys can be evaluated by testing against a value in
|
4967
|
-
# an IAM policy. Use GetContextKeysForPrincipalPolicy to understand
|
4968
|
-
# key names and values you must supply when you call
|
4969
|
-
# SimulatePrincipalPolicy.
|
5050
|
+
# an IAM policy. Use [GetContextKeysForPrincipalPolicy][2] to understand
|
5051
|
+
# what key names and values you must supply when you call
|
5052
|
+
# [SimulatePrincipalPolicy][3].
|
5053
|
+
#
|
5054
|
+
#
|
5055
|
+
#
|
5056
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetContextKeysForCustomPolicy.html
|
5057
|
+
# [2]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetContextKeysForPrincipalPolicy.html
|
5058
|
+
# [3]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_SimulatePrincipalPolicy.html
|
4970
5059
|
#
|
4971
5060
|
# @option params [required, String] :policy_source_arn
|
4972
5061
|
# The ARN of a user, group, or role whose policies contain the context
|
@@ -5146,22 +5235,25 @@ module Aws::IAM
|
|
5146
5235
|
# [RFC 3986][1]. You can use a URL decoding method to convert the policy
|
5147
5236
|
# back to plain JSON text. For example, if you use Java, you can use the
|
5148
5237
|
# `decode` method of the `java.net.URLDecoder` utility class in the Java
|
5149
|
-
# SDK. Other languages and SDKs provide similar functionality
|
5238
|
+
# SDK. Other languages and SDKs provide similar functionality, and some
|
5239
|
+
# SDKs do this decoding automatically.
|
5150
5240
|
#
|
5151
5241
|
# </note>
|
5152
5242
|
#
|
5153
5243
|
# An IAM group can also have managed policies attached to it. To
|
5154
5244
|
# retrieve a managed policy document that is attached to a group, use
|
5155
|
-
# GetPolicy to determine the policy's default version, then use
|
5156
|
-
# GetPolicyVersion to retrieve the policy document.
|
5245
|
+
# [GetPolicy][2] to determine the policy's default version, then use
|
5246
|
+
# [GetPolicyVersion][3] to retrieve the policy document.
|
5157
5247
|
#
|
5158
5248
|
# For more information about policies, see [Managed policies and inline
|
5159
|
-
# policies][
|
5249
|
+
# policies][4] in the *IAM User Guide*.
|
5160
5250
|
#
|
5161
5251
|
#
|
5162
5252
|
#
|
5163
5253
|
# [1]: https://tools.ietf.org/html/rfc3986
|
5164
|
-
# [2]: https://docs.aws.amazon.com/IAM/latest/
|
5254
|
+
# [2]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetPolicy.html
|
5255
|
+
# [3]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetPolicyVersion.html
|
5256
|
+
# [4]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
|
5165
5257
|
#
|
5166
5258
|
# @option params [required, String] :group_name
|
5167
5259
|
# The name of the group the policy is associated with.
|
@@ -5443,14 +5535,15 @@ module Aws::IAM
|
|
5443
5535
|
# @option params [required, String] :open_id_connect_provider_arn
|
5444
5536
|
# The Amazon Resource Name (ARN) of the OIDC provider resource object in
|
5445
5537
|
# IAM to get information for. You can get a list of OIDC provider
|
5446
|
-
# resource ARNs by using the ListOpenIDConnectProviders operation.
|
5538
|
+
# resource ARNs by using the [ListOpenIDConnectProviders][1] operation.
|
5447
5539
|
#
|
5448
|
-
# For more information about ARNs, see [Amazon Resource Names (ARNs)][
|
5540
|
+
# For more information about ARNs, see [Amazon Resource Names (ARNs)][2]
|
5449
5541
|
# in the *Amazon Web Services General Reference*.
|
5450
5542
|
#
|
5451
5543
|
#
|
5452
5544
|
#
|
5453
|
-
# [1]: https://docs.aws.amazon.com/
|
5545
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListOpenIDConnectProviders.html
|
5546
|
+
# [2]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
|
5454
5547
|
#
|
5455
5548
|
# @return [Types::GetOpenIDConnectProviderResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
5456
5549
|
#
|
@@ -5494,13 +5587,13 @@ module Aws::IAM
|
|
5494
5587
|
#
|
5495
5588
|
# Depending on the parameters that you passed when you generated the
|
5496
5589
|
# report, the data returned could include different information. For
|
5497
|
-
# details, see GenerateOrganizationsAccessReport.
|
5590
|
+
# details, see [GenerateOrganizationsAccessReport][1].
|
5498
5591
|
#
|
5499
5592
|
# To call this operation, you must be signed in to the management
|
5500
5593
|
# account in your organization. SCPs must be enabled for your
|
5501
5594
|
# organization root. You must have permissions to perform this
|
5502
5595
|
# operation. For more information, see [Refining permissions using
|
5503
|
-
# service last accessed data][
|
5596
|
+
# service last accessed data][2] in the *IAM User Guide*.
|
5504
5597
|
#
|
5505
5598
|
# For each service that principals in an account (root user, IAM users,
|
5506
5599
|
# or IAM roles) could access using SCPs, the operation returns details
|
@@ -5513,11 +5606,16 @@ module Aws::IAM
|
|
5513
5606
|
#
|
5514
5607
|
#
|
5515
5608
|
#
|
5516
|
-
# [1]: https://docs.aws.amazon.com/IAM/latest/
|
5609
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_GenerateOrganizationsAccessReport.html
|
5610
|
+
# [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html
|
5517
5611
|
#
|
5518
5612
|
# @option params [required, String] :job_id
|
5519
5613
|
# The identifier of the request generated by the
|
5520
|
-
# GenerateOrganizationsAccessReport operation.
|
5614
|
+
# [GenerateOrganizationsAccessReport][1] operation.
|
5615
|
+
#
|
5616
|
+
#
|
5617
|
+
#
|
5618
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_GenerateOrganizationsAccessReport.html
|
5521
5619
|
#
|
5522
5620
|
# @option params [Integer] :max_items
|
5523
5621
|
# Use this only when paginating results to indicate the maximum number
|
@@ -5636,21 +5734,26 @@ module Aws::IAM
|
|
5636
5734
|
# the policy's default version and the total number of IAM users,
|
5637
5735
|
# groups, and roles to which the policy is attached. To retrieve the
|
5638
5736
|
# list of the specific users, groups, and roles that the policy is
|
5639
|
-
# attached to, use ListEntitiesForPolicy. This operation returns
|
5737
|
+
# attached to, use [ListEntitiesForPolicy][1]. This operation returns
|
5640
5738
|
# metadata about the policy. To retrieve the actual policy document for
|
5641
|
-
# a specific version of the policy, use GetPolicyVersion.
|
5739
|
+
# a specific version of the policy, use [GetPolicyVersion][2].
|
5642
5740
|
#
|
5643
5741
|
# This operation retrieves information about managed policies. To
|
5644
5742
|
# retrieve information about an inline policy that is embedded with an
|
5645
|
-
# IAM user, group, or role, use GetUserPolicy, GetGroupPolicy,
|
5646
|
-
# GetRolePolicy.
|
5743
|
+
# IAM user, group, or role, use [GetUserPolicy][3], [GetGroupPolicy][4],
|
5744
|
+
# or [GetRolePolicy][5].
|
5647
5745
|
#
|
5648
5746
|
# For more information about policies, see [Managed policies and inline
|
5649
|
-
# policies][
|
5747
|
+
# policies][6] in the *IAM User Guide*.
|
5650
5748
|
#
|
5651
5749
|
#
|
5652
5750
|
#
|
5653
|
-
# [1]: https://docs.aws.amazon.com/IAM/latest/
|
5751
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListEntitiesForPolicy.html
|
5752
|
+
# [2]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetPolicyVersion.html
|
5753
|
+
# [3]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetUserPolicy.html
|
5754
|
+
# [4]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetGroupPolicy.html
|
5755
|
+
# [5]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetRolePolicy.html
|
5756
|
+
# [6]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
|
5654
5757
|
#
|
5655
5758
|
# @option params [required, String] :policy_arn
|
5656
5759
|
# The Amazon Resource Name (ARN) of the managed policy that you want
|
@@ -5711,28 +5814,34 @@ module Aws::IAM
|
|
5711
5814
|
# [RFC 3986][1]. You can use a URL decoding method to convert the policy
|
5712
5815
|
# back to plain JSON text. For example, if you use Java, you can use the
|
5713
5816
|
# `decode` method of the `java.net.URLDecoder` utility class in the Java
|
5714
|
-
# SDK. Other languages and SDKs provide similar functionality
|
5817
|
+
# SDK. Other languages and SDKs provide similar functionality, and some
|
5818
|
+
# SDKs do this decoding automatically.
|
5715
5819
|
#
|
5716
5820
|
# </note>
|
5717
5821
|
#
|
5718
|
-
# To list the available versions for a policy, use
|
5822
|
+
# To list the available versions for a policy, use
|
5823
|
+
# [ListPolicyVersions][2].
|
5719
5824
|
#
|
5720
5825
|
# This operation retrieves information about managed policies. To
|
5721
5826
|
# retrieve information about an inline policy that is embedded in a
|
5722
|
-
# user, group, or role, use GetUserPolicy, GetGroupPolicy, or
|
5723
|
-
# GetRolePolicy.
|
5827
|
+
# user, group, or role, use [GetUserPolicy][3], [GetGroupPolicy][4], or
|
5828
|
+
# [GetRolePolicy][5].
|
5724
5829
|
#
|
5725
5830
|
# For more information about the types of policies, see [Managed
|
5726
|
-
# policies and inline policies][
|
5831
|
+
# policies and inline policies][6] in the *IAM User Guide*.
|
5727
5832
|
#
|
5728
5833
|
# For more information about managed policy versions, see [Versioning
|
5729
|
-
# for managed policies][
|
5834
|
+
# for managed policies][7] in the *IAM User Guide*.
|
5730
5835
|
#
|
5731
5836
|
#
|
5732
5837
|
#
|
5733
5838
|
# [1]: https://tools.ietf.org/html/rfc3986
|
5734
|
-
# [2]: https://docs.aws.amazon.com/IAM/latest/
|
5735
|
-
# [3]: https://docs.aws.amazon.com/IAM/latest/
|
5839
|
+
# [2]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListPolicyVersions.html
|
5840
|
+
# [3]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetUserPolicy.html
|
5841
|
+
# [4]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetGroupPolicy.html
|
5842
|
+
# [5]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetRolePolicy.html
|
5843
|
+
# [6]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
|
5844
|
+
# [7]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html
|
5736
5845
|
#
|
5737
5846
|
# @option params [required, String] :policy_arn
|
5738
5847
|
# The Amazon Resource Name (ARN) of the managed policy that you want
|
@@ -5793,7 +5902,8 @@ module Aws::IAM
|
|
5793
5902
|
# [RFC 3986][2]. You can use a URL decoding method to convert the policy
|
5794
5903
|
# back to plain JSON text. For example, if you use Java, you can use the
|
5795
5904
|
# `decode` method of the `java.net.URLDecoder` utility class in the Java
|
5796
|
-
# SDK. Other languages and SDKs provide similar functionality
|
5905
|
+
# SDK. Other languages and SDKs provide similar functionality, and some
|
5906
|
+
# SDKs do this decoding automatically.
|
5797
5907
|
#
|
5798
5908
|
# </note>
|
5799
5909
|
#
|
@@ -5889,26 +5999,29 @@ module Aws::IAM
|
|
5889
5999
|
# [RFC 3986][1]. You can use a URL decoding method to convert the policy
|
5890
6000
|
# back to plain JSON text. For example, if you use Java, you can use the
|
5891
6001
|
# `decode` method of the `java.net.URLDecoder` utility class in the Java
|
5892
|
-
# SDK. Other languages and SDKs provide similar functionality
|
6002
|
+
# SDK. Other languages and SDKs provide similar functionality, and some
|
6003
|
+
# SDKs do this decoding automatically.
|
5893
6004
|
#
|
5894
6005
|
# </note>
|
5895
6006
|
#
|
5896
6007
|
# An IAM role can also have managed policies attached to it. To retrieve
|
5897
|
-
# a managed policy document that is attached to a role, use
|
5898
|
-
# determine the policy's default version, then use
|
5899
|
-
# retrieve the policy document.
|
6008
|
+
# a managed policy document that is attached to a role, use
|
6009
|
+
# [GetPolicy][2] to determine the policy's default version, then use
|
6010
|
+
# [GetPolicyVersion][3] to retrieve the policy document.
|
5900
6011
|
#
|
5901
6012
|
# For more information about policies, see [Managed policies and inline
|
5902
|
-
# policies][
|
6013
|
+
# policies][4] in the *IAM User Guide*.
|
5903
6014
|
#
|
5904
|
-
# For more information about roles, see [IAM roles][
|
6015
|
+
# For more information about roles, see [IAM roles][5] in the *IAM User
|
5905
6016
|
# Guide*.
|
5906
6017
|
#
|
5907
6018
|
#
|
5908
6019
|
#
|
5909
6020
|
# [1]: https://tools.ietf.org/html/rfc3986
|
5910
|
-
# [2]: https://docs.aws.amazon.com/IAM/latest/
|
5911
|
-
# [3]: https://docs.aws.amazon.com/IAM/latest/
|
6021
|
+
# [2]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetPolicy.html
|
6022
|
+
# [3]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetPolicyVersion.html
|
6023
|
+
# [4]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
|
6024
|
+
# [5]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html
|
5912
6025
|
#
|
5913
6026
|
# @option params [required, String] :role_name
|
5914
6027
|
# The name of the role associated with the policy.
|
@@ -6082,7 +6195,7 @@ module Aws::IAM
|
|
6082
6195
|
# resp.ssh_public_key.ssh_public_key_id #=> String
|
6083
6196
|
# resp.ssh_public_key.fingerprint #=> String
|
6084
6197
|
# resp.ssh_public_key.ssh_public_key_body #=> String
|
6085
|
-
# resp.ssh_public_key.status #=> String, one of "Active", "Inactive"
|
6198
|
+
# resp.ssh_public_key.status #=> String, one of "Active", "Inactive", "Expired"
|
6086
6199
|
# resp.ssh_public_key.upload_date #=> Time
|
6087
6200
|
#
|
6088
6201
|
# @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetSSHPublicKey AWS API Documentation
|
@@ -6211,11 +6324,15 @@ module Aws::IAM
|
|
6211
6324
|
#
|
6212
6325
|
# @option params [required, String] :job_id
|
6213
6326
|
# The ID of the request generated by the
|
6214
|
-
# GenerateServiceLastAccessedDetails operation. The `JobId`
|
6215
|
-
# `GenerateServiceLastAccessedDetail` must be used by the
|
6216
|
-
# within a session, or by the same user when used to call
|
6327
|
+
# [GenerateServiceLastAccessedDetails][1] operation. The `JobId`
|
6328
|
+
# returned by `GenerateServiceLastAccessedDetail` must be used by the
|
6329
|
+
# same role within a session, or by the same user when used to call
|
6217
6330
|
# `GetServiceLastAccessedDetail`.
|
6218
6331
|
#
|
6332
|
+
#
|
6333
|
+
#
|
6334
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_GenerateServiceLastAccessedDetails.html
|
6335
|
+
#
|
6219
6336
|
# @option params [Integer] :max_items
|
6220
6337
|
# Use this only when paginating results to indicate the maximum number
|
6221
6338
|
# of items you want in the response. If additional items exist beyond
|
@@ -6464,17 +6581,25 @@ module Aws::IAM
|
|
6464
6581
|
end
|
6465
6582
|
|
6466
6583
|
# Retrieves the status of your service-linked role deletion. After you
|
6467
|
-
# use DeleteServiceLinkedRole to submit a service-linked role for
|
6584
|
+
# use [DeleteServiceLinkedRole][1] to submit a service-linked role for
|
6468
6585
|
# deletion, you can use the `DeletionTaskId` parameter in
|
6469
6586
|
# `GetServiceLinkedRoleDeletionStatus` to check the status of the
|
6470
6587
|
# deletion. If the deletion fails, this operation returns the reason
|
6471
6588
|
# that it failed, if that information is returned by the service.
|
6472
6589
|
#
|
6590
|
+
#
|
6591
|
+
#
|
6592
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteServiceLinkedRole.html
|
6593
|
+
#
|
6473
6594
|
# @option params [required, String] :deletion_task_id
|
6474
6595
|
# The deletion task identifier. This identifier is returned by the
|
6475
|
-
# DeleteServiceLinkedRole operation in the format
|
6596
|
+
# [DeleteServiceLinkedRole][1] operation in the format
|
6476
6597
|
# `task/aws-service-role/<service-principal-name>/<role-name>/<task-uuid>`.
|
6477
6598
|
#
|
6599
|
+
#
|
6600
|
+
#
|
6601
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteServiceLinkedRole.html
|
6602
|
+
#
|
6478
6603
|
# @return [Types::GetServiceLinkedRoleDeletionStatusResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
6479
6604
|
#
|
6480
6605
|
# * {Types::GetServiceLinkedRoleDeletionStatusResponse#status #status} => String
|
@@ -6589,22 +6714,25 @@ module Aws::IAM
|
|
6589
6714
|
# [RFC 3986][1]. You can use a URL decoding method to convert the policy
|
6590
6715
|
# back to plain JSON text. For example, if you use Java, you can use the
|
6591
6716
|
# `decode` method of the `java.net.URLDecoder` utility class in the Java
|
6592
|
-
# SDK. Other languages and SDKs provide similar functionality
|
6717
|
+
# SDK. Other languages and SDKs provide similar functionality, and some
|
6718
|
+
# SDKs do this decoding automatically.
|
6593
6719
|
#
|
6594
6720
|
# </note>
|
6595
6721
|
#
|
6596
6722
|
# An IAM user can also have managed policies attached to it. To retrieve
|
6597
|
-
# a managed policy document that is attached to a user, use
|
6598
|
-
# determine the policy's default version. Then use
|
6599
|
-
# retrieve the policy document.
|
6723
|
+
# a managed policy document that is attached to a user, use
|
6724
|
+
# [GetPolicy][2] to determine the policy's default version. Then use
|
6725
|
+
# [GetPolicyVersion][3] to retrieve the policy document.
|
6600
6726
|
#
|
6601
6727
|
# For more information about policies, see [Managed policies and inline
|
6602
|
-
# policies][
|
6728
|
+
# policies][4] in the *IAM User Guide*.
|
6603
6729
|
#
|
6604
6730
|
#
|
6605
6731
|
#
|
6606
6732
|
# [1]: https://tools.ietf.org/html/rfc3986
|
6607
|
-
# [2]: https://docs.aws.amazon.com/IAM/latest/
|
6733
|
+
# [2]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetPolicy.html
|
6734
|
+
# [3]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetPolicyVersion.html
|
6735
|
+
# [4]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
|
6608
6736
|
#
|
6609
6737
|
# @option params [required, String] :user_name
|
6610
6738
|
# The name of the user who the policy is associated with.
|
@@ -6758,7 +6886,7 @@ module Aws::IAM
|
|
6758
6886
|
# resp.access_key_metadata #=> Array
|
6759
6887
|
# resp.access_key_metadata[0].user_name #=> String
|
6760
6888
|
# resp.access_key_metadata[0].access_key_id #=> String
|
6761
|
-
# resp.access_key_metadata[0].status #=> String, one of "Active", "Inactive"
|
6889
|
+
# resp.access_key_metadata[0].status #=> String, one of "Active", "Inactive", "Expired"
|
6762
6890
|
# resp.access_key_metadata[0].create_date #=> Time
|
6763
6891
|
# resp.is_truncated #=> Boolean
|
6764
6892
|
# resp.marker #=> String
|
@@ -6849,9 +6977,9 @@ module Aws::IAM
|
|
6849
6977
|
# group.
|
6850
6978
|
#
|
6851
6979
|
# An IAM group can also have inline policies embedded with it. To list
|
6852
|
-
# the inline policies for a group, use ListGroupPolicies. For
|
6980
|
+
# the inline policies for a group, use [ListGroupPolicies][1]. For
|
6853
6981
|
# information about policies, see [Managed policies and inline
|
6854
|
-
# policies][
|
6982
|
+
# policies][2] in the *IAM User Guide*.
|
6855
6983
|
#
|
6856
6984
|
# You can paginate the results using the `MaxItems` and `Marker`
|
6857
6985
|
# parameters. You can use the `PathPrefix` parameter to limit the list
|
@@ -6861,7 +6989,8 @@ module Aws::IAM
|
|
6861
6989
|
#
|
6862
6990
|
#
|
6863
6991
|
#
|
6864
|
-
# [1]: https://docs.aws.amazon.com/IAM/latest/
|
6992
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListGroupPolicies.html
|
6993
|
+
# [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
|
6865
6994
|
#
|
6866
6995
|
# @option params [required, String] :group_name
|
6867
6996
|
# The name (friendly name, not ARN) of the group to list attached
|
@@ -6947,9 +7076,9 @@ module Aws::IAM
|
|
6947
7076
|
# role.
|
6948
7077
|
#
|
6949
7078
|
# An IAM role can also have inline policies embedded with it. To list
|
6950
|
-
# the inline policies for a role, use ListRolePolicies. For
|
6951
|
-
# about policies, see [Managed policies and inline
|
6952
|
-
# *IAM User Guide*.
|
7079
|
+
# the inline policies for a role, use [ListRolePolicies][1]. For
|
7080
|
+
# information about policies, see [Managed policies and inline
|
7081
|
+
# policies][2] in the *IAM User Guide*.
|
6953
7082
|
#
|
6954
7083
|
# You can paginate the results using the `MaxItems` and `Marker`
|
6955
7084
|
# parameters. You can use the `PathPrefix` parameter to limit the list
|
@@ -6959,7 +7088,8 @@ module Aws::IAM
|
|
6959
7088
|
#
|
6960
7089
|
#
|
6961
7090
|
#
|
6962
|
-
# [1]: https://docs.aws.amazon.com/IAM/latest/
|
7091
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListRolePolicies.html
|
7092
|
+
# [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
|
6963
7093
|
#
|
6964
7094
|
# @option params [required, String] :role_name
|
6965
7095
|
# The name (friendly name, not ARN) of the role to list attached
|
@@ -7045,9 +7175,9 @@ module Aws::IAM
|
|
7045
7175
|
# user.
|
7046
7176
|
#
|
7047
7177
|
# An IAM user can also have inline policies embedded with it. To list
|
7048
|
-
# the inline policies for a user, use ListUserPolicies. For
|
7049
|
-
# about policies, see [Managed policies and inline
|
7050
|
-
# *IAM User Guide*.
|
7178
|
+
# the inline policies for a user, use [ListUserPolicies][1]. For
|
7179
|
+
# information about policies, see [Managed policies and inline
|
7180
|
+
# policies][2] in the *IAM User Guide*.
|
7051
7181
|
#
|
7052
7182
|
# You can paginate the results using the `MaxItems` and `Marker`
|
7053
7183
|
# parameters. You can use the `PathPrefix` parameter to limit the list
|
@@ -7057,7 +7187,8 @@ module Aws::IAM
|
|
7057
7187
|
#
|
7058
7188
|
#
|
7059
7189
|
#
|
7060
|
-
# [1]: https://docs.aws.amazon.com/IAM/latest/
|
7190
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListUserPolicies.html
|
7191
|
+
# [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
|
7061
7192
|
#
|
7062
7193
|
# @option params [required, String] :user_name
|
7063
7194
|
# The name (friendly name, not ARN) of the user to list attached
|
@@ -7263,8 +7394,8 @@ module Aws::IAM
|
|
7263
7394
|
#
|
7264
7395
|
# An IAM group can also have managed policies attached to it. To list
|
7265
7396
|
# the managed policies that are attached to a group, use
|
7266
|
-
# ListAttachedGroupPolicies. For more information about policies,
|
7267
|
-
# [Managed policies and inline policies][
|
7397
|
+
# [ListAttachedGroupPolicies][1]. For more information about policies,
|
7398
|
+
# see [Managed policies and inline policies][2] in the *IAM User Guide*.
|
7268
7399
|
#
|
7269
7400
|
# You can paginate the results using the `MaxItems` and `Marker`
|
7270
7401
|
# parameters. If there are no inline policies embedded with the
|
@@ -7272,7 +7403,8 @@ module Aws::IAM
|
|
7272
7403
|
#
|
7273
7404
|
#
|
7274
7405
|
#
|
7275
|
-
# [1]: https://docs.aws.amazon.com/IAM/latest/
|
7406
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListAttachedGroupPolicies.html
|
7407
|
+
# [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
|
7276
7408
|
#
|
7277
7409
|
# @option params [required, String] :group_name
|
7278
7410
|
# The name of the group to list policies for.
|
@@ -7641,7 +7773,7 @@ module Aws::IAM
|
|
7641
7773
|
# attributes for the resource. For example, this operation does not
|
7642
7774
|
# return tags, even though they are an attribute of the returned object.
|
7643
7775
|
# To view all of the information for an instance profile, see
|
7644
|
-
# GetInstanceProfile.
|
7776
|
+
# [GetInstanceProfile][2].
|
7645
7777
|
#
|
7646
7778
|
# </note>
|
7647
7779
|
#
|
@@ -7651,6 +7783,7 @@ module Aws::IAM
|
|
7651
7783
|
#
|
7652
7784
|
#
|
7653
7785
|
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2_instance-profiles.html
|
7786
|
+
# [2]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetInstanceProfile.html
|
7654
7787
|
#
|
7655
7788
|
# @option params [String] :path_prefix
|
7656
7789
|
# The path prefix for filtering the results. For example, the prefix
|
@@ -8066,10 +8199,14 @@ module Aws::IAM
|
|
8066
8199
|
# attributes for the resource. For example, this operation does not
|
8067
8200
|
# return tags, even though they are an attribute of the returned object.
|
8068
8201
|
# To view all of the information for an OIDC provider, see
|
8069
|
-
# GetOpenIDConnectProvider.
|
8202
|
+
# [GetOpenIDConnectProvider][1].
|
8070
8203
|
#
|
8071
8204
|
# </note>
|
8072
8205
|
#
|
8206
|
+
#
|
8207
|
+
#
|
8208
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetOpenIDConnectProvider.html
|
8209
|
+
#
|
8073
8210
|
# @return [Types::ListOpenIDConnectProvidersResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
8074
8211
|
#
|
8075
8212
|
# * {Types::ListOpenIDConnectProvidersResponse#open_id_connect_provider_list #open_id_connect_provider_list} => Array<Types::OpenIDConnectProviderListEntry>
|
@@ -8152,13 +8289,14 @@ module Aws::IAM
|
|
8152
8289
|
# attributes for the resource. For example, this operation does not
|
8153
8290
|
# return tags, even though they are an attribute of the returned object.
|
8154
8291
|
# To view all of the information for a customer manged policy, see
|
8155
|
-
# GetPolicy.
|
8292
|
+
# [GetPolicy][2].
|
8156
8293
|
#
|
8157
8294
|
# </note>
|
8158
8295
|
#
|
8159
8296
|
#
|
8160
8297
|
#
|
8161
8298
|
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
|
8299
|
+
# [2]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetPolicy.html
|
8162
8300
|
#
|
8163
8301
|
# @option params [String] :scope
|
8164
8302
|
# The scope to use for filtering the results.
|
@@ -8304,12 +8442,14 @@ module Aws::IAM
|
|
8304
8442
|
# Policies that are attached to users and roles as permissions
|
8305
8443
|
# boundaries are not returned. To view which managed policy is currently
|
8306
8444
|
# used to set the permissions boundary for a user or role, use the
|
8307
|
-
# GetUser or GetRole operations.
|
8445
|
+
# [GetUser][3] or [GetRole][4] operations.
|
8308
8446
|
#
|
8309
8447
|
#
|
8310
8448
|
#
|
8311
8449
|
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-basics
|
8312
8450
|
# [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html
|
8451
|
+
# [3]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetUser.html
|
8452
|
+
# [4]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetRole.html
|
8313
8453
|
#
|
8314
8454
|
# @option params [String] :marker
|
8315
8455
|
# Use this parameter only when paginating results and only after you
|
@@ -8570,8 +8710,8 @@ module Aws::IAM
|
|
8570
8710
|
#
|
8571
8711
|
# An IAM role can also have managed policies attached to it. To list the
|
8572
8712
|
# managed policies that are attached to a role, use
|
8573
|
-
# ListAttachedRolePolicies. For more information about policies,
|
8574
|
-
# [Managed policies and inline policies][
|
8713
|
+
# [ListAttachedRolePolicies][1]. For more information about policies,
|
8714
|
+
# see [Managed policies and inline policies][2] in the *IAM User Guide*.
|
8575
8715
|
#
|
8576
8716
|
# You can paginate the results using the `MaxItems` and `Marker`
|
8577
8717
|
# parameters. If there are no inline policies embedded with the
|
@@ -8579,7 +8719,8 @@ module Aws::IAM
|
|
8579
8719
|
#
|
8580
8720
|
#
|
8581
8721
|
#
|
8582
|
-
# [1]: https://docs.aws.amazon.com/IAM/latest/
|
8722
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListAttachedRolePolicies.html
|
8723
|
+
# [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
|
8583
8724
|
#
|
8584
8725
|
# @option params [required, String] :role_name
|
8585
8726
|
# The name of the role to list policies for.
|
@@ -8751,7 +8892,7 @@ module Aws::IAM
|
|
8751
8892
|
#
|
8752
8893
|
# * Tags
|
8753
8894
|
#
|
8754
|
-
# To view all of the information for a role, see GetRole.
|
8895
|
+
# To view all of the information for a role, see [GetRole][2].
|
8755
8896
|
#
|
8756
8897
|
# </note>
|
8757
8898
|
#
|
@@ -8761,6 +8902,7 @@ module Aws::IAM
|
|
8761
8902
|
#
|
8762
8903
|
#
|
8763
8904
|
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html
|
8905
|
+
# [2]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetRole.html
|
8764
8906
|
#
|
8765
8907
|
# @option params [String] :path_prefix
|
8766
8908
|
# The path prefix for filtering the results. For example, the prefix
|
@@ -8923,13 +9065,14 @@ module Aws::IAM
|
|
8923
9065
|
# available attributes for the resource. For example, this operation
|
8924
9066
|
# does not return tags, even though they are an attribute of the
|
8925
9067
|
# returned object. To view all of the information for a SAML provider,
|
8926
|
-
# see GetSAMLProvider.
|
9068
|
+
# see [GetSAMLProvider][1].
|
8927
9069
|
#
|
8928
|
-
# This operation requires [Signature Version 4][
|
9070
|
+
# This operation requires [Signature Version 4][2].
|
8929
9071
|
#
|
8930
9072
|
#
|
8931
9073
|
#
|
8932
|
-
# [1]: https://docs.aws.amazon.com/
|
9074
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetSAMLProvider.html
|
9075
|
+
# [2]: https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html
|
8933
9076
|
#
|
8934
9077
|
# @return [Types::ListSAMLProvidersResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
8935
9078
|
#
|
@@ -9020,7 +9163,7 @@ module Aws::IAM
|
|
9020
9163
|
# resp.ssh_public_keys #=> Array
|
9021
9164
|
# resp.ssh_public_keys[0].user_name #=> String
|
9022
9165
|
# resp.ssh_public_keys[0].ssh_public_key_id #=> String
|
9023
|
-
# resp.ssh_public_keys[0].status #=> String, one of "Active", "Inactive"
|
9166
|
+
# resp.ssh_public_keys[0].status #=> String, one of "Active", "Inactive", "Expired"
|
9024
9167
|
# resp.ssh_public_keys[0].upload_date #=> Time
|
9025
9168
|
# resp.is_truncated #=> Boolean
|
9026
9169
|
# resp.marker #=> String
|
@@ -9129,13 +9272,14 @@ module Aws::IAM
|
|
9129
9272
|
# attributes for the resource. For example, this operation does not
|
9130
9273
|
# return tags, even though they are an attribute of the returned object.
|
9131
9274
|
# To view all of the information for a servercertificate, see
|
9132
|
-
# GetServerCertificate.
|
9275
|
+
# [GetServerCertificate][2].
|
9133
9276
|
#
|
9134
9277
|
# </note>
|
9135
9278
|
#
|
9136
9279
|
#
|
9137
9280
|
#
|
9138
9281
|
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html
|
9282
|
+
# [2]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetServerCertificate.html
|
9139
9283
|
#
|
9140
9284
|
# @option params [String] :path_prefix
|
9141
9285
|
# The path prefix for filtering the results. For example:
|
@@ -9240,26 +9384,51 @@ module Aws::IAM
|
|
9240
9384
|
# Web Services service. If not specified, then Amazon Web Services
|
9241
9385
|
# returns service-specific credentials for all services.
|
9242
9386
|
#
|
9387
|
+
# @option params [Boolean] :all_users
|
9388
|
+
# A flag indicating whether to list service specific credentials for all
|
9389
|
+
# users. This parameter cannot be specified together with UserName. When
|
9390
|
+
# true, returns all credentials associated with the specified service.
|
9391
|
+
#
|
9392
|
+
# @option params [String] :marker
|
9393
|
+
# Use this parameter only when paginating results and only after you
|
9394
|
+
# receive a response indicating that the results are truncated. Set it
|
9395
|
+
# to the value of the Marker from the response that you received to
|
9396
|
+
# indicate where the next call should start.
|
9397
|
+
#
|
9398
|
+
# @option params [Integer] :max_items
|
9399
|
+
# Use this only when paginating results to indicate the maximum number
|
9400
|
+
# of items you want in the response. If additional items exist beyond
|
9401
|
+
# the maximum you specify, the IsTruncated response element is true.
|
9402
|
+
#
|
9243
9403
|
# @return [Types::ListServiceSpecificCredentialsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
9244
9404
|
#
|
9245
9405
|
# * {Types::ListServiceSpecificCredentialsResponse#service_specific_credentials #service_specific_credentials} => Array<Types::ServiceSpecificCredentialMetadata>
|
9406
|
+
# * {Types::ListServiceSpecificCredentialsResponse#marker #marker} => String
|
9407
|
+
# * {Types::ListServiceSpecificCredentialsResponse#is_truncated #is_truncated} => Boolean
|
9246
9408
|
#
|
9247
9409
|
# @example Request syntax with placeholder values
|
9248
9410
|
#
|
9249
9411
|
# resp = client.list_service_specific_credentials({
|
9250
9412
|
# user_name: "userNameType",
|
9251
9413
|
# service_name: "serviceName",
|
9414
|
+
# all_users: false,
|
9415
|
+
# marker: "markerType",
|
9416
|
+
# max_items: 1,
|
9252
9417
|
# })
|
9253
9418
|
#
|
9254
9419
|
# @example Response structure
|
9255
9420
|
#
|
9256
9421
|
# resp.service_specific_credentials #=> Array
|
9257
9422
|
# resp.service_specific_credentials[0].user_name #=> String
|
9258
|
-
# resp.service_specific_credentials[0].status #=> String, one of "Active", "Inactive"
|
9423
|
+
# resp.service_specific_credentials[0].status #=> String, one of "Active", "Inactive", "Expired"
|
9259
9424
|
# resp.service_specific_credentials[0].service_user_name #=> String
|
9425
|
+
# resp.service_specific_credentials[0].service_credential_alias #=> String
|
9260
9426
|
# resp.service_specific_credentials[0].create_date #=> Time
|
9427
|
+
# resp.service_specific_credentials[0].expiration_date #=> Time
|
9261
9428
|
# resp.service_specific_credentials[0].service_specific_credential_id #=> String
|
9262
9429
|
# resp.service_specific_credentials[0].service_name #=> String
|
9430
|
+
# resp.marker #=> String
|
9431
|
+
# resp.is_truncated #=> Boolean
|
9263
9432
|
#
|
9264
9433
|
# @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListServiceSpecificCredentials AWS API Documentation
|
9265
9434
|
#
|
@@ -9359,7 +9528,7 @@ module Aws::IAM
|
|
9359
9528
|
# resp.certificates[0].user_name #=> String
|
9360
9529
|
# resp.certificates[0].certificate_id #=> String
|
9361
9530
|
# resp.certificates[0].certificate_body #=> String
|
9362
|
-
# resp.certificates[0].status #=> String, one of "Active", "Inactive"
|
9531
|
+
# resp.certificates[0].status #=> String, one of "Active", "Inactive", "Expired"
|
9363
9532
|
# resp.certificates[0].upload_date #=> Time
|
9364
9533
|
# resp.is_truncated #=> Boolean
|
9365
9534
|
# resp.marker #=> String
|
@@ -9378,8 +9547,8 @@ module Aws::IAM
|
|
9378
9547
|
#
|
9379
9548
|
# An IAM user can also have managed policies attached to it. To list the
|
9380
9549
|
# managed policies that are attached to a user, use
|
9381
|
-
# ListAttachedUserPolicies. For more information about policies,
|
9382
|
-
# [Managed policies and inline policies][
|
9550
|
+
# [ListAttachedUserPolicies][1]. For more information about policies,
|
9551
|
+
# see [Managed policies and inline policies][2] in the *IAM User Guide*.
|
9383
9552
|
#
|
9384
9553
|
# You can paginate the results using the `MaxItems` and `Marker`
|
9385
9554
|
# parameters. If there are no inline policies embedded with the
|
@@ -9387,7 +9556,8 @@ module Aws::IAM
|
|
9387
9556
|
#
|
9388
9557
|
#
|
9389
9558
|
#
|
9390
|
-
# [1]: https://docs.aws.amazon.com/IAM/latest/
|
9559
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListAttachedUserPolicies.html
|
9560
|
+
# [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
|
9391
9561
|
#
|
9392
9562
|
# @option params [required, String] :user_name
|
9393
9563
|
# The name of the user to list policies for.
|
@@ -9558,13 +9728,17 @@ module Aws::IAM
|
|
9558
9728
|
#
|
9559
9729
|
# * Tags
|
9560
9730
|
#
|
9561
|
-
# To view all of the information for a user, see GetUser.
|
9731
|
+
# To view all of the information for a user, see [GetUser][1].
|
9562
9732
|
#
|
9563
9733
|
# </note>
|
9564
9734
|
#
|
9565
9735
|
# You can paginate the results using the `MaxItems` and `Marker`
|
9566
9736
|
# parameters.
|
9567
9737
|
#
|
9738
|
+
#
|
9739
|
+
#
|
9740
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetUser.html
|
9741
|
+
#
|
9568
9742
|
# @option params [String] :path_prefix
|
9569
9743
|
# The path prefix for filtering the results. For example:
|
9570
9744
|
# `/division_abc/subdivision_xyz/`, which would get all user names whose
|
@@ -9680,13 +9854,17 @@ module Aws::IAM
|
|
9680
9854
|
# attributes for the resource. For example, this operation does not
|
9681
9855
|
# return tags, even though they are an attribute of the returned object.
|
9682
9856
|
# To view tag information for a virtual MFA device, see
|
9683
|
-
# ListMFADeviceTags.
|
9857
|
+
# [ListMFADeviceTags][1].
|
9684
9858
|
#
|
9685
9859
|
# </note>
|
9686
9860
|
#
|
9687
9861
|
# You can paginate the results using the `MaxItems` and `Marker`
|
9688
9862
|
# parameters.
|
9689
9863
|
#
|
9864
|
+
#
|
9865
|
+
#
|
9866
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListMFADeviceTags.html
|
9867
|
+
#
|
9690
9868
|
# @option params [String] :assignment_status
|
9691
9869
|
# The status (`Unassigned` or `Assigned`) of the devices to list. If you
|
9692
9870
|
# do not specify an `AssignmentStatus`, the operation defaults to `Any`,
|
@@ -9859,12 +10037,12 @@ module Aws::IAM
|
|
9859
10037
|
#
|
9860
10038
|
# @example Example: To add a policy to a group
|
9861
10039
|
#
|
9862
|
-
# # The following command adds a policy named
|
10040
|
+
# # The following command adds a policy named IAMReadAccess to the IAM group named PowerUsers.
|
9863
10041
|
#
|
9864
10042
|
# resp = client.put_group_policy({
|
9865
|
-
# group_name: "
|
9866
|
-
# policy_document: "{\"Version\":\"2012-10-17\",\"Statement\":{\"Effect\":\"Allow\",\"Action\"
|
9867
|
-
# policy_name: "
|
10043
|
+
# group_name: "PowerUsers",
|
10044
|
+
# policy_document: "{\"Version\":\"2012-10-17\",\"Statement\":{\"Effect\":\"Allow\",\"Action\":[\"iam:Get*\",\"iam:List*\",\"iam:Generate*\"],\"Resource\":\"*\"}}",
|
10045
|
+
# policy_name: "IAMReadAccess",
|
9868
10046
|
# })
|
9869
10047
|
#
|
9870
10048
|
# @example Request syntax with placeholder values
|
@@ -10232,19 +10410,24 @@ module Aws::IAM
|
|
10232
10410
|
# @option params [required, String] :open_id_connect_provider_arn
|
10233
10411
|
# The Amazon Resource Name (ARN) of the IAM OIDC provider resource to
|
10234
10412
|
# remove the client ID from. You can get a list of OIDC provider ARNs by
|
10235
|
-
# using the ListOpenIDConnectProviders operation.
|
10413
|
+
# using the [ListOpenIDConnectProviders][1] operation.
|
10236
10414
|
#
|
10237
|
-
# For more information about ARNs, see [Amazon Resource Names (ARNs)][
|
10415
|
+
# For more information about ARNs, see [Amazon Resource Names (ARNs)][2]
|
10238
10416
|
# in the *Amazon Web Services General Reference*.
|
10239
10417
|
#
|
10240
10418
|
#
|
10241
10419
|
#
|
10242
|
-
# [1]: https://docs.aws.amazon.com/
|
10420
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListOpenIDConnectProviders.html
|
10421
|
+
# [2]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
|
10243
10422
|
#
|
10244
10423
|
# @option params [required, String] :client_id
|
10245
10424
|
# The client ID (also known as audience) to remove from the IAM OIDC
|
10246
10425
|
# provider resource. For more information about client IDs, see
|
10247
|
-
# CreateOpenIDConnectProvider.
|
10426
|
+
# [CreateOpenIDConnectProvider][1].
|
10427
|
+
#
|
10428
|
+
#
|
10429
|
+
#
|
10430
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateOpenIDConnectProvider.html
|
10248
10431
|
#
|
10249
10432
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
10250
10433
|
#
|
@@ -10432,12 +10615,15 @@ module Aws::IAM
|
|
10432
10615
|
# @example Response structure
|
10433
10616
|
#
|
10434
10617
|
# resp.service_specific_credential.create_date #=> Time
|
10618
|
+
# resp.service_specific_credential.expiration_date #=> Time
|
10435
10619
|
# resp.service_specific_credential.service_name #=> String
|
10436
10620
|
# resp.service_specific_credential.service_user_name #=> String
|
10437
10621
|
# resp.service_specific_credential.service_password #=> String
|
10622
|
+
# resp.service_specific_credential.service_credential_alias #=> String
|
10623
|
+
# resp.service_specific_credential.service_credential_secret #=> String
|
10438
10624
|
# resp.service_specific_credential.service_specific_credential_id #=> String
|
10439
10625
|
# resp.service_specific_credential.user_name #=> String
|
10440
|
-
# resp.service_specific_credential.status #=> String, one of "Active", "Inactive"
|
10626
|
+
# resp.service_specific_credential.status #=> String, one of "Active", "Inactive", "Expired"
|
10441
10627
|
#
|
10442
10628
|
# @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ResetServiceSpecificCredential AWS API Documentation
|
10443
10629
|
#
|
@@ -10517,14 +10703,15 @@ module Aws::IAM
|
|
10517
10703
|
#
|
10518
10704
|
# This operation affects all users, groups, and roles that the policy is
|
10519
10705
|
# attached to. To list the users, groups, and roles that the policy is
|
10520
|
-
# attached to, use ListEntitiesForPolicy.
|
10706
|
+
# attached to, use [ListEntitiesForPolicy][1].
|
10521
10707
|
#
|
10522
10708
|
# For information about managed policies, see [Managed policies and
|
10523
|
-
# inline policies][
|
10709
|
+
# inline policies][2] in the *IAM User Guide*.
|
10524
10710
|
#
|
10525
10711
|
#
|
10526
10712
|
#
|
10527
|
-
# [1]: https://docs.aws.amazon.com/IAM/latest/
|
10713
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListEntitiesForPolicy.html
|
10714
|
+
# [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
|
10528
10715
|
#
|
10529
10716
|
# @option params [required, String] :policy_arn
|
10530
10717
|
# The Amazon Resource Name (ARN) of the IAM policy whose default version
|
@@ -10589,12 +10776,13 @@ module Aws::IAM
|
|
10589
10776
|
#
|
10590
10777
|
# To view the current session token version, see the
|
10591
10778
|
# `GlobalEndpointTokenVersion` entry in the response of the
|
10592
|
-
# GetAccountSummary operation.
|
10779
|
+
# [GetAccountSummary][3] operation.
|
10593
10780
|
#
|
10594
10781
|
#
|
10595
10782
|
#
|
10596
10783
|
# [1]: https://docs.aws.amazon.com/general/latest/gr/sts.html
|
10597
10784
|
# [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html
|
10785
|
+
# [3]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetAccountSummary.html
|
10598
10786
|
#
|
10599
10787
|
# @option params [required, String] :global_endpoint_token_version
|
10600
10788
|
# The version of the global endpoint token. Version 1 tokens are valid
|
@@ -10648,14 +10836,14 @@ module Aws::IAM
|
|
10648
10836
|
# account.
|
10649
10837
|
#
|
10650
10838
|
# If you want to simulate existing policies that are attached to an IAM
|
10651
|
-
# user, group, or role, use SimulatePrincipalPolicy instead.
|
10839
|
+
# user, group, or role, use [SimulatePrincipalPolicy][1] instead.
|
10652
10840
|
#
|
10653
10841
|
# Context keys are variables that are maintained by Amazon Web Services
|
10654
10842
|
# and its services and which provide details about the context of an API
|
10655
10843
|
# query request. You can use the `Condition` element of an IAM policy to
|
10656
10844
|
# evaluate context keys. To get the list of context keys that the
|
10657
10845
|
# policies require for correct simulation, use
|
10658
|
-
# GetContextKeysForCustomPolicy.
|
10846
|
+
# [GetContextKeysForCustomPolicy][2].
|
10659
10847
|
#
|
10660
10848
|
# If the output is long, you can use `MaxItems` and `Marker` parameters
|
10661
10849
|
# to paginate the results.
|
@@ -10667,13 +10855,15 @@ module Aws::IAM
|
|
10667
10855
|
# live Amazon Web Services environment after testing using the policy
|
10668
10856
|
# simulator to confirm that you have the desired results. For more
|
10669
10857
|
# information about using the policy simulator, see [Testing IAM
|
10670
|
-
# policies with the IAM policy simulator ][
|
10858
|
+
# policies with the IAM policy simulator ][3]in the *IAM User Guide*.
|
10671
10859
|
#
|
10672
10860
|
# </note>
|
10673
10861
|
#
|
10674
10862
|
#
|
10675
10863
|
#
|
10676
|
-
# [1]: https://docs.aws.amazon.com/IAM/latest/
|
10864
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_SimulatePrincipalPolicy.html
|
10865
|
+
# [2]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetContextKeysForCustomPolicy.html
|
10866
|
+
# [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_testing-policies.html
|
10677
10867
|
#
|
10678
10868
|
# @option params [required, Array<String>] :policy_input_list
|
10679
10869
|
# A list of policy documents to include in the simulation. Each document
|
@@ -10982,8 +11172,8 @@ module Aws::IAM
|
|
10982
11172
|
#
|
10983
11173
|
# You can optionally include a list of one or more additional policies
|
10984
11174
|
# specified as strings to include in the simulation. If you want to
|
10985
|
-
# simulate only policies specified as strings, use
|
10986
|
-
# instead.
|
11175
|
+
# simulate only policies specified as strings, use
|
11176
|
+
# [SimulateCustomPolicy][1] instead.
|
10987
11177
|
#
|
10988
11178
|
# You can also optionally include one resource-based policy to be
|
10989
11179
|
# evaluated with each of the resources included in the simulation for
|
@@ -10995,15 +11185,15 @@ module Aws::IAM
|
|
10995
11185
|
#
|
10996
11186
|
# **Note:** This operation discloses information about the permissions
|
10997
11187
|
# granted to other users. If you do not want users to see other user's
|
10998
|
-
# permissions, then consider allowing them to use
|
10999
|
-
# instead.
|
11188
|
+
# permissions, then consider allowing them to use
|
11189
|
+
# [SimulateCustomPolicy][1] instead.
|
11000
11190
|
#
|
11001
11191
|
# Context keys are variables maintained by Amazon Web Services and its
|
11002
11192
|
# services that provide details about the context of an API query
|
11003
11193
|
# request. You can use the `Condition` element of an IAM policy to
|
11004
11194
|
# evaluate context keys. To get the list of context keys that the
|
11005
11195
|
# policies require for correct simulation, use
|
11006
|
-
# GetContextKeysForPrincipalPolicy.
|
11196
|
+
# [GetContextKeysForPrincipalPolicy][2].
|
11007
11197
|
#
|
11008
11198
|
# If the output is long, you can use the `MaxItems` and `Marker`
|
11009
11199
|
# parameters to paginate the results.
|
@@ -11015,13 +11205,15 @@ module Aws::IAM
|
|
11015
11205
|
# live Amazon Web Services environment after testing using the policy
|
11016
11206
|
# simulator to confirm that you have the desired results. For more
|
11017
11207
|
# information about using the policy simulator, see [Testing IAM
|
11018
|
-
# policies with the IAM policy simulator ][
|
11208
|
+
# policies with the IAM policy simulator ][3]in the *IAM User Guide*.
|
11019
11209
|
#
|
11020
11210
|
# </note>
|
11021
11211
|
#
|
11022
11212
|
#
|
11023
11213
|
#
|
11024
|
-
# [1]: https://docs.aws.amazon.com/IAM/latest/
|
11214
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_SimulateCustomPolicy.html
|
11215
|
+
# [2]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetContextKeysForPrincipalPolicy.html
|
11216
|
+
# [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_testing-policies.html
|
11025
11217
|
#
|
11026
11218
|
# @option params [required, String] :policy_source_arn
|
11027
11219
|
# The Amazon Resource Name (ARN) of a user, group, or role whose
|
@@ -12459,7 +12651,7 @@ module Aws::IAM
|
|
12459
12651
|
# resp = client.update_access_key({
|
12460
12652
|
# user_name: "existingUserNameType",
|
12461
12653
|
# access_key_id: "accessKeyIdType", # required
|
12462
|
-
# status: "Active", # required, accepts Active, Inactive
|
12654
|
+
# status: "Active", # required, accepts Active, Inactive, Expired
|
12463
12655
|
# })
|
12464
12656
|
#
|
12465
12657
|
# @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UpdateAccessKey AWS API Documentation
|
@@ -12780,16 +12972,17 @@ module Aws::IAM
|
|
12780
12972
|
|
12781
12973
|
# Changes the password for the specified IAM user. You can use the CLI,
|
12782
12974
|
# the Amazon Web Services API, or the **Users** page in the IAM console
|
12783
|
-
# to change the password for any IAM user. Use ChangePassword to
|
12784
|
-
# your own password in the **My Security Credentials** page in
|
12785
|
-
# Amazon Web Services Management Console.
|
12975
|
+
# to change the password for any IAM user. Use [ChangePassword][1] to
|
12976
|
+
# change your own password in the **My Security Credentials** page in
|
12977
|
+
# the Amazon Web Services Management Console.
|
12786
12978
|
#
|
12787
12979
|
# For more information about modifying passwords, see [Managing
|
12788
|
-
# passwords][
|
12980
|
+
# passwords][2] in the *IAM User Guide*.
|
12789
12981
|
#
|
12790
12982
|
#
|
12791
12983
|
#
|
12792
|
-
# [1]: https://docs.aws.amazon.com/IAM/latest/
|
12984
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_ChangePassword.html
|
12985
|
+
# [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingLogins.html
|
12793
12986
|
#
|
12794
12987
|
# @option params [required, String] :user_name
|
12795
12988
|
# The name of the user whose password you want to update.
|
@@ -12820,11 +13013,12 @@ module Aws::IAM
|
|
12820
13013
|
#
|
12821
13014
|
# However, the format can be further restricted by the account
|
12822
13015
|
# administrator by setting a password policy on the Amazon Web Services
|
12823
|
-
# account. For more information, see UpdateAccountPasswordPolicy.
|
13016
|
+
# account. For more information, see [UpdateAccountPasswordPolicy][2].
|
12824
13017
|
#
|
12825
13018
|
#
|
12826
13019
|
#
|
12827
13020
|
# [1]: http://wikipedia.org/wiki/regex
|
13021
|
+
# [2]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateAccountPasswordPolicy.html
|
12828
13022
|
#
|
12829
13023
|
# @option params [Boolean] :password_reset_required
|
12830
13024
|
# Allows this new password to be used only once by requiring the
|
@@ -12891,20 +13085,25 @@ module Aws::IAM
|
|
12891
13085
|
# @option params [required, String] :open_id_connect_provider_arn
|
12892
13086
|
# The Amazon Resource Name (ARN) of the IAM OIDC provider resource
|
12893
13087
|
# object for which you want to update the thumbprint. You can get a list
|
12894
|
-
# of OIDC provider ARNs by using the ListOpenIDConnectProviders
|
13088
|
+
# of OIDC provider ARNs by using the [ListOpenIDConnectProviders][1]
|
12895
13089
|
# operation.
|
12896
13090
|
#
|
12897
|
-
# For more information about ARNs, see [Amazon Resource Names (ARNs)][
|
13091
|
+
# For more information about ARNs, see [Amazon Resource Names (ARNs)][2]
|
12898
13092
|
# in the *Amazon Web Services General Reference*.
|
12899
13093
|
#
|
12900
13094
|
#
|
12901
13095
|
#
|
12902
|
-
# [1]: https://docs.aws.amazon.com/
|
13096
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListOpenIDConnectProviders.html
|
13097
|
+
# [2]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
|
12903
13098
|
#
|
12904
13099
|
# @option params [required, Array<String>] :thumbprint_list
|
12905
13100
|
# A list of certificate thumbprints that are associated with the
|
12906
13101
|
# specified IAM OpenID Connect provider. For more information, see
|
12907
|
-
# CreateOpenIDConnectProvider.
|
13102
|
+
# [CreateOpenIDConnectProvider][1].
|
13103
|
+
#
|
13104
|
+
#
|
13105
|
+
#
|
13106
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateOpenIDConnectProvider.html
|
12908
13107
|
#
|
12909
13108
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
12910
13109
|
#
|
@@ -12977,12 +13176,16 @@ module Aws::IAM
|
|
12977
13176
|
req.send_request(options)
|
12978
13177
|
end
|
12979
13178
|
|
12980
|
-
# Use UpdateRole instead.
|
13179
|
+
# Use [UpdateRole][1] instead.
|
12981
13180
|
#
|
12982
13181
|
# Modifies only the description of a role. This operation performs the
|
12983
13182
|
# same function as the `Description` parameter in the `UpdateRole`
|
12984
13183
|
# operation.
|
12985
13184
|
#
|
13185
|
+
#
|
13186
|
+
#
|
13187
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateRole.html
|
13188
|
+
#
|
12986
13189
|
# @option params [required, String] :role_name
|
12987
13190
|
# The name of the role that you want to modify.
|
12988
13191
|
#
|
@@ -13137,7 +13340,7 @@ module Aws::IAM
|
|
13137
13340
|
# resp = client.update_ssh_public_key({
|
13138
13341
|
# user_name: "userNameType", # required
|
13139
13342
|
# ssh_public_key_id: "publicKeyIdType", # required
|
13140
|
-
# status: "Active", # required, accepts Active, Inactive
|
13343
|
+
# status: "Active", # required, accepts Active, Inactive, Expired
|
13141
13344
|
# })
|
13142
13345
|
#
|
13143
13346
|
# @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UpdateSSHPublicKey AWS API Documentation
|
@@ -13279,7 +13482,7 @@ module Aws::IAM
|
|
13279
13482
|
# resp = client.update_service_specific_credential({
|
13280
13483
|
# user_name: "userNameType",
|
13281
13484
|
# service_specific_credential_id: "serviceSpecificCredentialId", # required
|
13282
|
-
# status: "Active", # required, accepts Active, Inactive
|
13485
|
+
# status: "Active", # required, accepts Active, Inactive, Expired
|
13283
13486
|
# })
|
13284
13487
|
#
|
13285
13488
|
# @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UpdateServiceSpecificCredential AWS API Documentation
|
@@ -13349,7 +13552,7 @@ module Aws::IAM
|
|
13349
13552
|
# resp = client.update_signing_certificate({
|
13350
13553
|
# user_name: "existingUserNameType",
|
13351
13554
|
# certificate_id: "certificateIdType", # required
|
13352
|
-
# status: "Active", # required, accepts Active, Inactive
|
13555
|
+
# status: "Active", # required, accepts Active, Inactive, Expired
|
13353
13556
|
# })
|
13354
13557
|
#
|
13355
13558
|
# @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UpdateSigningCertificate AWS API Documentation
|
@@ -13510,7 +13713,7 @@ module Aws::IAM
|
|
13510
13713
|
# resp.ssh_public_key.ssh_public_key_id #=> String
|
13511
13714
|
# resp.ssh_public_key.fingerprint #=> String
|
13512
13715
|
# resp.ssh_public_key.ssh_public_key_body #=> String
|
13513
|
-
# resp.ssh_public_key.status #=> String, one of "Active", "Inactive"
|
13716
|
+
# resp.ssh_public_key.status #=> String, one of "Active", "Inactive", "Expired"
|
13514
13717
|
# resp.ssh_public_key.upload_date #=> Time
|
13515
13718
|
#
|
13516
13719
|
# @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UploadSSHPublicKey AWS API Documentation
|
@@ -13839,7 +14042,7 @@ module Aws::IAM
|
|
13839
14042
|
# resp.certificate.user_name #=> String
|
13840
14043
|
# resp.certificate.certificate_id #=> String
|
13841
14044
|
# resp.certificate.certificate_body #=> String
|
13842
|
-
# resp.certificate.status #=> String, one of "Active", "Inactive"
|
14045
|
+
# resp.certificate.status #=> String, one of "Active", "Inactive", "Expired"
|
13843
14046
|
# resp.certificate.upload_date #=> Time
|
13844
14047
|
#
|
13845
14048
|
# @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UploadSigningCertificate AWS API Documentation
|
@@ -13869,7 +14072,7 @@ module Aws::IAM
|
|
13869
14072
|
tracer: tracer
|
13870
14073
|
)
|
13871
14074
|
context[:gem_name] = 'aws-sdk-iam'
|
13872
|
-
context[:gem_version] = '1.
|
14075
|
+
context[:gem_version] = '1.125.0'
|
13873
14076
|
Seahorse::Client::Request.new(handlers, context)
|
13874
14077
|
end
|
13875
14078
|
|