aws-sdk-iam 1.47.0 → 1.52.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +345 -0
- data/LICENSE.txt +202 -0
- data/VERSION +1 -0
- data/lib/aws-sdk-iam.rb +2 -2
- data/lib/aws-sdk-iam/access_key.rb +1 -1
- data/lib/aws-sdk-iam/access_key_pair.rb +1 -1
- data/lib/aws-sdk-iam/account_password_policy.rb +12 -8
- data/lib/aws-sdk-iam/account_summary.rb +1 -1
- data/lib/aws-sdk-iam/assume_role_policy.rb +1 -1
- data/lib/aws-sdk-iam/client.rb +1971 -504
- data/lib/aws-sdk-iam/client_api.rb +372 -1
- data/lib/aws-sdk-iam/current_user.rb +10 -11
- data/lib/aws-sdk-iam/errors.rb +1 -1
- data/lib/aws-sdk-iam/group.rb +9 -9
- data/lib/aws-sdk-iam/group_policy.rb +1 -1
- data/lib/aws-sdk-iam/instance_profile.rb +16 -4
- data/lib/aws-sdk-iam/login_profile.rb +1 -1
- data/lib/aws-sdk-iam/mfa_device.rb +1 -1
- data/lib/aws-sdk-iam/policy.rb +17 -5
- data/lib/aws-sdk-iam/policy_version.rb +1 -1
- data/lib/aws-sdk-iam/resource.rb +124 -21
- data/lib/aws-sdk-iam/role.rb +12 -13
- data/lib/aws-sdk-iam/role_policy.rb +1 -1
- data/lib/aws-sdk-iam/saml_provider.rb +13 -1
- data/lib/aws-sdk-iam/server_certificate.rb +13 -1
- data/lib/aws-sdk-iam/signing_certificate.rb +1 -1
- data/lib/aws-sdk-iam/types.rb +1511 -275
- data/lib/aws-sdk-iam/user.rb +20 -22
- data/lib/aws-sdk-iam/user_policy.rb +1 -1
- data/lib/aws-sdk-iam/virtual_mfa_device.rb +13 -1
- data/lib/aws-sdk-iam/waiters.rb +1 -1
- metadata +8 -5
data/VERSION
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
1.52.0
|
data/lib/aws-sdk-iam.rb
CHANGED
|
@@ -3,7 +3,7 @@
|
|
|
3
3
|
# WARNING ABOUT GENERATED CODE
|
|
4
4
|
#
|
|
5
5
|
# This file is generated. See the contributing guide for more information:
|
|
6
|
-
# https://github.com/aws/aws-sdk-ruby/blob/
|
|
6
|
+
# https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
|
|
7
7
|
#
|
|
8
8
|
# WARNING ABOUT GENERATED CODE
|
|
9
9
|
|
|
@@ -70,6 +70,6 @@ require_relative 'aws-sdk-iam/customizations'
|
|
|
70
70
|
# @!group service
|
|
71
71
|
module Aws::IAM
|
|
72
72
|
|
|
73
|
-
GEM_VERSION = '1.
|
|
73
|
+
GEM_VERSION = '1.52.0'
|
|
74
74
|
|
|
75
75
|
end
|
|
@@ -3,7 +3,7 @@
|
|
|
3
3
|
# WARNING ABOUT GENERATED CODE
|
|
4
4
|
#
|
|
5
5
|
# This file is generated. See the contributing guide for more information:
|
|
6
|
-
# https://github.com/aws/aws-sdk-ruby/blob/
|
|
6
|
+
# https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
|
|
7
7
|
#
|
|
8
8
|
# WARNING ABOUT GENERATED CODE
|
|
9
9
|
|
|
@@ -3,7 +3,7 @@
|
|
|
3
3
|
# WARNING ABOUT GENERATED CODE
|
|
4
4
|
#
|
|
5
5
|
# This file is generated. See the contributing guide for more information:
|
|
6
|
-
# https://github.com/aws/aws-sdk-ruby/blob/
|
|
6
|
+
# https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
|
|
7
7
|
#
|
|
8
8
|
# WARNING ABOUT GENERATED CODE
|
|
9
9
|
|
|
@@ -3,7 +3,7 @@
|
|
|
3
3
|
# WARNING ABOUT GENERATED CODE
|
|
4
4
|
#
|
|
5
5
|
# This file is generated. See the contributing guide for more information:
|
|
6
|
-
# https://github.com/aws/aws-sdk-ruby/blob/
|
|
6
|
+
# https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
|
|
7
7
|
#
|
|
8
8
|
# WARNING ABOUT GENERATED CODE
|
|
9
9
|
|
|
@@ -30,27 +30,31 @@ module Aws::IAM
|
|
|
30
30
|
data[:minimum_password_length]
|
|
31
31
|
end
|
|
32
32
|
|
|
33
|
-
# Specifies whether
|
|
33
|
+
# Specifies whether IAM user passwords must contain at least one of the
|
|
34
|
+
# following symbols:
|
|
35
|
+
#
|
|
36
|
+
# ! @ # $ % ^ & * ( ) \_ + - = \[ \] \\\{ \\} \| '
|
|
34
37
|
# @return [Boolean]
|
|
35
38
|
def require_symbols
|
|
36
39
|
data[:require_symbols]
|
|
37
40
|
end
|
|
38
41
|
|
|
39
|
-
# Specifies whether
|
|
42
|
+
# Specifies whether IAM user passwords must contain at least one numeric
|
|
43
|
+
# character (0 to 9).
|
|
40
44
|
# @return [Boolean]
|
|
41
45
|
def require_numbers
|
|
42
46
|
data[:require_numbers]
|
|
43
47
|
end
|
|
44
48
|
|
|
45
|
-
# Specifies whether
|
|
46
|
-
#
|
|
49
|
+
# Specifies whether IAM user passwords must contain at least one
|
|
50
|
+
# uppercase character (A to Z).
|
|
47
51
|
# @return [Boolean]
|
|
48
52
|
def require_uppercase_characters
|
|
49
53
|
data[:require_uppercase_characters]
|
|
50
54
|
end
|
|
51
55
|
|
|
52
|
-
# Specifies whether
|
|
53
|
-
#
|
|
56
|
+
# Specifies whether IAM user passwords must contain at least one
|
|
57
|
+
# lowercase character (a to z).
|
|
54
58
|
# @return [Boolean]
|
|
55
59
|
def require_lowercase_characters
|
|
56
60
|
data[:require_lowercase_characters]
|
|
@@ -286,7 +290,7 @@ module Aws::IAM
|
|
|
286
290
|
# @option options [Boolean] :allow_users_to_change_password
|
|
287
291
|
# Allows all IAM users in your account to use the AWS Management Console
|
|
288
292
|
# to change their own passwords. For more information, see [Letting IAM
|
|
289
|
-
#
|
|
293
|
+
# users change their own passwords][1] in the *IAM User Guide*.
|
|
290
294
|
#
|
|
291
295
|
# If you do not specify a value for this parameter, then the operation
|
|
292
296
|
# uses the default value of `false`. The result is that IAM users in the
|
|
@@ -3,7 +3,7 @@
|
|
|
3
3
|
# WARNING ABOUT GENERATED CODE
|
|
4
4
|
#
|
|
5
5
|
# This file is generated. See the contributing guide for more information:
|
|
6
|
-
# https://github.com/aws/aws-sdk-ruby/blob/
|
|
6
|
+
# https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
|
|
7
7
|
#
|
|
8
8
|
# WARNING ABOUT GENERATED CODE
|
|
9
9
|
|
|
@@ -3,7 +3,7 @@
|
|
|
3
3
|
# WARNING ABOUT GENERATED CODE
|
|
4
4
|
#
|
|
5
5
|
# This file is generated. See the contributing guide for more information:
|
|
6
|
-
# https://github.com/aws/aws-sdk-ruby/blob/
|
|
6
|
+
# https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
|
|
7
7
|
#
|
|
8
8
|
# WARNING ABOUT GENERATED CODE
|
|
9
9
|
|
data/lib/aws-sdk-iam/client.rb
CHANGED
|
@@ -3,7 +3,7 @@
|
|
|
3
3
|
# WARNING ABOUT GENERATED CODE
|
|
4
4
|
#
|
|
5
5
|
# This file is generated. See the contributing guide for more information:
|
|
6
|
-
# https://github.com/aws/aws-sdk-ruby/blob/
|
|
6
|
+
# https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
|
|
7
7
|
#
|
|
8
8
|
# WARNING ABOUT GENERATED CODE
|
|
9
9
|
|
|
@@ -373,33 +373,30 @@ module Aws::IAM
|
|
|
373
373
|
end
|
|
374
374
|
|
|
375
375
|
# Adds the specified IAM role to the specified instance profile. An
|
|
376
|
-
# instance profile can contain only one role
|
|
377
|
-
#
|
|
378
|
-
#
|
|
379
|
-
#
|
|
380
|
-
#
|
|
381
|
-
#
|
|
382
|
-
#
|
|
383
|
-
#
|
|
384
|
-
#
|
|
385
|
-
#
|
|
386
|
-
# <note markdown="1"> The caller of this API must be granted the `PassRole` permission on
|
|
387
|
-
# the IAM role by a permissions policy.
|
|
376
|
+
# instance profile can contain only one role, and this quota cannot be
|
|
377
|
+
# increased. You can remove the existing role and then add a different
|
|
378
|
+
# role to an instance profile. You must then wait for the change to
|
|
379
|
+
# appear across all of AWS because of [eventual consistency][1]. To
|
|
380
|
+
# force the change, you must [disassociate the instance profile][2] and
|
|
381
|
+
# then [associate the instance profile][3], or you can stop your
|
|
382
|
+
# instance and then restart it.
|
|
383
|
+
#
|
|
384
|
+
# <note markdown="1"> The caller of this operation must be granted the `PassRole` permission
|
|
385
|
+
# on the IAM role by a permissions policy.
|
|
388
386
|
#
|
|
389
387
|
# </note>
|
|
390
388
|
#
|
|
391
|
-
# For more information about roles,
|
|
392
|
-
# more information about instance profiles,
|
|
393
|
-
#
|
|
389
|
+
# For more information about roles, see [Working with roles][4]. For
|
|
390
|
+
# more information about instance profiles, see [About instance
|
|
391
|
+
# profiles][5].
|
|
394
392
|
#
|
|
395
393
|
#
|
|
396
394
|
#
|
|
397
|
-
# [1]: https://
|
|
398
|
-
# [2]: https://
|
|
399
|
-
# [3]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/
|
|
400
|
-
# [4]: https://docs.aws.amazon.com/
|
|
401
|
-
# [5]: https://docs.aws.amazon.com/IAM/latest/UserGuide/
|
|
402
|
-
# [6]: https://docs.aws.amazon.com/IAM/latest/UserGuide/AboutInstanceProfiles.html
|
|
395
|
+
# [1]: https://en.wikipedia.org/wiki/Eventual_consistency
|
|
396
|
+
# [2]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DisassociateIamInstanceProfile.html
|
|
397
|
+
# [3]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AssociateIamInstanceProfile.html
|
|
398
|
+
# [4]: https://docs.aws.amazon.com/IAM/latest/UserGuide/WorkingWithRoles.html
|
|
399
|
+
# [5]: https://docs.aws.amazon.com/IAM/latest/UserGuide/AboutInstanceProfiles.html
|
|
403
400
|
#
|
|
404
401
|
# @option params [required, String] :instance_profile_name
|
|
405
402
|
# The name of the instance profile to update.
|
|
@@ -509,15 +506,19 @@ module Aws::IAM
|
|
|
509
506
|
|
|
510
507
|
# Attaches the specified managed policy to the specified IAM group.
|
|
511
508
|
#
|
|
512
|
-
# You use this
|
|
513
|
-
# inline policy in a group, use PutGroupPolicy.
|
|
509
|
+
# You use this operation to attach a managed policy to a group. To embed
|
|
510
|
+
# an inline policy in a group, use PutGroupPolicy.
|
|
514
511
|
#
|
|
515
|
-
#
|
|
516
|
-
#
|
|
512
|
+
# As a best practice, you can validate your IAM policies. To learn more,
|
|
513
|
+
# see [Validating IAM policies][1] in the *IAM User Guide*.
|
|
517
514
|
#
|
|
515
|
+
# For more information about policies, see [Managed policies and inline
|
|
516
|
+
# policies][2] in the *IAM User Guide*.
|
|
518
517
|
#
|
|
519
518
|
#
|
|
520
|
-
#
|
|
519
|
+
#
|
|
520
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_policy-validator.html
|
|
521
|
+
# [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
|
|
521
522
|
#
|
|
522
523
|
# @option params [required, String] :group_name
|
|
523
524
|
# The name (friendly name, not ARN) of the group to attach the policy
|
|
@@ -535,8 +536,8 @@ module Aws::IAM
|
|
|
535
536
|
# @option params [required, String] :policy_arn
|
|
536
537
|
# The Amazon Resource Name (ARN) of the IAM policy you want to attach.
|
|
537
538
|
#
|
|
538
|
-
# For more information about ARNs, see [Amazon Resource Names (ARNs)
|
|
539
|
-
#
|
|
539
|
+
# For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
|
|
540
|
+
# in the *AWS General Reference*.
|
|
540
541
|
#
|
|
541
542
|
#
|
|
542
543
|
#
|
|
@@ -581,14 +582,18 @@ module Aws::IAM
|
|
|
581
582
|
#
|
|
582
583
|
# </note>
|
|
583
584
|
#
|
|
584
|
-
# Use this
|
|
585
|
+
# Use this operation to attach a *managed* policy to a role. To embed an
|
|
585
586
|
# inline policy in a role, use PutRolePolicy. For more information about
|
|
586
|
-
# policies, see [Managed
|
|
587
|
+
# policies, see [Managed policies and inline policies][1] in the *IAM
|
|
587
588
|
# User Guide*.
|
|
588
589
|
#
|
|
590
|
+
# As a best practice, you can validate your IAM policies. To learn more,
|
|
591
|
+
# see [Validating IAM policies][2] in the *IAM User Guide*.
|
|
592
|
+
#
|
|
589
593
|
#
|
|
590
594
|
#
|
|
591
595
|
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
|
|
596
|
+
# [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_policy-validator.html
|
|
592
597
|
#
|
|
593
598
|
# @option params [required, String] :role_name
|
|
594
599
|
# The name (friendly name, not ARN) of the role to attach the policy to.
|
|
@@ -605,8 +610,8 @@ module Aws::IAM
|
|
|
605
610
|
# @option params [required, String] :policy_arn
|
|
606
611
|
# The Amazon Resource Name (ARN) of the IAM policy you want to attach.
|
|
607
612
|
#
|
|
608
|
-
# For more information about ARNs, see [Amazon Resource Names (ARNs)
|
|
609
|
-
#
|
|
613
|
+
# For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
|
|
614
|
+
# in the *AWS General Reference*.
|
|
610
615
|
#
|
|
611
616
|
#
|
|
612
617
|
#
|
|
@@ -642,15 +647,19 @@ module Aws::IAM
|
|
|
642
647
|
|
|
643
648
|
# Attaches the specified managed policy to the specified user.
|
|
644
649
|
#
|
|
645
|
-
# You use this
|
|
646
|
-
# inline policy in a user, use PutUserPolicy.
|
|
650
|
+
# You use this operation to attach a *managed* policy to a user. To
|
|
651
|
+
# embed an inline policy in a user, use PutUserPolicy.
|
|
647
652
|
#
|
|
648
|
-
#
|
|
649
|
-
#
|
|
653
|
+
# As a best practice, you can validate your IAM policies. To learn more,
|
|
654
|
+
# see [Validating IAM policies][1] in the *IAM User Guide*.
|
|
650
655
|
#
|
|
656
|
+
# For more information about policies, see [Managed policies and inline
|
|
657
|
+
# policies][2] in the *IAM User Guide*.
|
|
651
658
|
#
|
|
652
659
|
#
|
|
653
|
-
#
|
|
660
|
+
#
|
|
661
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_policy-validator.html
|
|
662
|
+
# [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
|
|
654
663
|
#
|
|
655
664
|
# @option params [required, String] :user_name
|
|
656
665
|
# The name (friendly name, not ARN) of the IAM user to attach the policy
|
|
@@ -668,8 +677,8 @@ module Aws::IAM
|
|
|
668
677
|
# @option params [required, String] :policy_arn
|
|
669
678
|
# The Amazon Resource Name (ARN) of the IAM policy you want to attach.
|
|
670
679
|
#
|
|
671
|
-
# For more information about ARNs, see [Amazon Resource Names (ARNs)
|
|
672
|
-
#
|
|
680
|
+
# For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
|
|
681
|
+
# in the *AWS General Reference*.
|
|
673
682
|
#
|
|
674
683
|
#
|
|
675
684
|
#
|
|
@@ -704,11 +713,14 @@ module Aws::IAM
|
|
|
704
713
|
end
|
|
705
714
|
|
|
706
715
|
# Changes the password of the IAM user who is calling this operation.
|
|
707
|
-
#
|
|
716
|
+
# This operation can be performed using the AWS CLI, the AWS API, or the
|
|
717
|
+
# **My Security Credentials** page in the AWS Management Console. The
|
|
718
|
+
# AWS account root user password is not affected by this operation.
|
|
708
719
|
#
|
|
709
|
-
#
|
|
710
|
-
#
|
|
711
|
-
#
|
|
720
|
+
# Use UpdateLoginProfile to use the AWS CLI, the AWS API, or the
|
|
721
|
+
# **Users** page in the IAM console to change the password for any IAM
|
|
722
|
+
# user. For more information about modifying passwords, see [Managing
|
|
723
|
+
# passwords][1] in the *IAM User Guide*.
|
|
712
724
|
#
|
|
713
725
|
#
|
|
714
726
|
#
|
|
@@ -773,9 +785,8 @@ module Aws::IAM
|
|
|
773
785
|
# credentials. This is true even if the AWS account has no associated
|
|
774
786
|
# users.
|
|
775
787
|
#
|
|
776
|
-
#
|
|
777
|
-
#
|
|
778
|
-
# Guide*.
|
|
788
|
+
# For information about quotas on the number of keys you can create, see
|
|
789
|
+
# [IAM and STS quotas][1] in the *IAM User Guide*.
|
|
779
790
|
#
|
|
780
791
|
# To ensure the security of your AWS account, the secret access key is
|
|
781
792
|
# accessible only during key and user creation. You must save the key
|
|
@@ -847,7 +858,7 @@ module Aws::IAM
|
|
|
847
858
|
end
|
|
848
859
|
|
|
849
860
|
# Creates an alias for your AWS account. For information about using an
|
|
850
|
-
# AWS account alias, see [Using an
|
|
861
|
+
# AWS account alias, see [Using an alias for your AWS account ID][1] in
|
|
851
862
|
# the *IAM User Guide*.
|
|
852
863
|
#
|
|
853
864
|
#
|
|
@@ -894,9 +905,8 @@ module Aws::IAM
|
|
|
894
905
|
|
|
895
906
|
# Creates a new group.
|
|
896
907
|
#
|
|
897
|
-
#
|
|
898
|
-
#
|
|
899
|
-
# Guide*.
|
|
908
|
+
# For information about the number of groups you can create, see [IAM
|
|
909
|
+
# and STS quotas][1] in the *IAM User Guide*.
|
|
900
910
|
#
|
|
901
911
|
#
|
|
902
912
|
#
|
|
@@ -904,7 +914,7 @@ module Aws::IAM
|
|
|
904
914
|
#
|
|
905
915
|
# @option params [String] :path
|
|
906
916
|
# The path to the group. For more information about paths, see [IAM
|
|
907
|
-
#
|
|
917
|
+
# identifiers][1] in the *IAM User Guide*.
|
|
908
918
|
#
|
|
909
919
|
# This parameter is optional. If it is not included, it defaults to a
|
|
910
920
|
# slash (/).
|
|
@@ -978,16 +988,18 @@ module Aws::IAM
|
|
|
978
988
|
end
|
|
979
989
|
|
|
980
990
|
# Creates a new instance profile. For information about instance
|
|
981
|
-
# profiles,
|
|
982
|
-
#
|
|
983
|
-
# The number and size of IAM resources in an AWS account are limited.
|
|
984
|
-
# For more information, see [IAM and STS Quotas][2] in the *IAM User
|
|
991
|
+
# profiles, see [Using roles for applications on Amazon EC2][1] in the
|
|
992
|
+
# *IAM User Guide*, and [Instance profiles][2] in the *Amazon EC2 User
|
|
985
993
|
# Guide*.
|
|
986
994
|
#
|
|
995
|
+
# For information about the number of instance profiles you can create,
|
|
996
|
+
# see [IAM object quotas][3] in the *IAM User Guide*.
|
|
987
997
|
#
|
|
988
998
|
#
|
|
989
|
-
#
|
|
990
|
-
# [
|
|
999
|
+
#
|
|
1000
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html
|
|
1001
|
+
# [2]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html#ec2-instance-profile
|
|
1002
|
+
# [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html
|
|
991
1003
|
#
|
|
992
1004
|
# @option params [required, String] :instance_profile_name
|
|
993
1005
|
# The name of the instance profile to create.
|
|
@@ -1020,6 +1032,22 @@ module Aws::IAM
|
|
|
1020
1032
|
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html
|
|
1021
1033
|
# [2]: http://wikipedia.org/wiki/regex
|
|
1022
1034
|
#
|
|
1035
|
+
# @option params [Array<Types::Tag>] :tags
|
|
1036
|
+
# A list of tags that you want to attach to the newly created IAM
|
|
1037
|
+
# instance profile. Each tag consists of a key name and an associated
|
|
1038
|
+
# value. For more information about tagging, see [Tagging IAM
|
|
1039
|
+
# resources][1] in the *IAM User Guide*.
|
|
1040
|
+
#
|
|
1041
|
+
# <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed maximum
|
|
1042
|
+
# number of tags, then the entire request fails and the resource is not
|
|
1043
|
+
# created.
|
|
1044
|
+
#
|
|
1045
|
+
# </note>
|
|
1046
|
+
#
|
|
1047
|
+
#
|
|
1048
|
+
#
|
|
1049
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
|
|
1050
|
+
#
|
|
1023
1051
|
# @return [Types::CreateInstanceProfileResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
|
1024
1052
|
#
|
|
1025
1053
|
# * {Types::CreateInstanceProfileResponse#instance_profile #instance_profile} => Types::InstanceProfile
|
|
@@ -1052,6 +1080,12 @@ module Aws::IAM
|
|
|
1052
1080
|
# resp = client.create_instance_profile({
|
|
1053
1081
|
# instance_profile_name: "instanceProfileNameType", # required
|
|
1054
1082
|
# path: "pathType",
|
|
1083
|
+
# tags: [
|
|
1084
|
+
# {
|
|
1085
|
+
# key: "tagKeyType", # required
|
|
1086
|
+
# value: "tagValueType", # required
|
|
1087
|
+
# },
|
|
1088
|
+
# ],
|
|
1055
1089
|
# })
|
|
1056
1090
|
#
|
|
1057
1091
|
# @example Response structure
|
|
@@ -1077,6 +1111,9 @@ module Aws::IAM
|
|
|
1077
1111
|
# resp.instance_profile.roles[0].tags[0].value #=> String
|
|
1078
1112
|
# resp.instance_profile.roles[0].role_last_used.last_used_date #=> Time
|
|
1079
1113
|
# resp.instance_profile.roles[0].role_last_used.region #=> String
|
|
1114
|
+
# resp.instance_profile.tags #=> Array
|
|
1115
|
+
# resp.instance_profile.tags[0].key #=> String
|
|
1116
|
+
# resp.instance_profile.tags[0].value #=> String
|
|
1080
1117
|
#
|
|
1081
1118
|
# @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateInstanceProfile AWS API Documentation
|
|
1082
1119
|
#
|
|
@@ -1087,10 +1124,16 @@ module Aws::IAM
|
|
|
1087
1124
|
req.send_request(options)
|
|
1088
1125
|
end
|
|
1089
1126
|
|
|
1090
|
-
# Creates a password for the specified user
|
|
1091
|
-
# to access AWS services through the AWS Management Console.
|
|
1092
|
-
#
|
|
1093
|
-
# the
|
|
1127
|
+
# Creates a password for the specified IAM user. A password allows an
|
|
1128
|
+
# IAM user to access AWS services through the AWS Management Console.
|
|
1129
|
+
#
|
|
1130
|
+
# You can use the AWS CLI, the AWS API, or the **Users** page in the IAM
|
|
1131
|
+
# console to create a password for any IAM user. Use ChangePassword to
|
|
1132
|
+
# update your own existing password in the **My Security Credentials**
|
|
1133
|
+
# page in the AWS Management Console.
|
|
1134
|
+
#
|
|
1135
|
+
# For more information about managing passwords, see [Managing
|
|
1136
|
+
# passwords][1] in the *IAM User Guide*.
|
|
1094
1137
|
#
|
|
1095
1138
|
#
|
|
1096
1139
|
#
|
|
@@ -1253,16 +1296,33 @@ module Aws::IAM
|
|
|
1253
1296
|
# certificate used by https://keys.server.example.com.
|
|
1254
1297
|
#
|
|
1255
1298
|
# For more information about obtaining the OIDC provider's thumbprint,
|
|
1256
|
-
# see [Obtaining the
|
|
1299
|
+
# see [Obtaining the thumbprint for an OpenID Connect provider][1] in
|
|
1257
1300
|
# the *IAM User Guide*.
|
|
1258
1301
|
#
|
|
1259
1302
|
#
|
|
1260
1303
|
#
|
|
1261
1304
|
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/identity-providers-oidc-obtain-thumbprint.html
|
|
1262
1305
|
#
|
|
1306
|
+
# @option params [Array<Types::Tag>] :tags
|
|
1307
|
+
# A list of tags that you want to attach to the new IAM OpenID Connect
|
|
1308
|
+
# (OIDC) provider. Each tag consists of a key name and an associated
|
|
1309
|
+
# value. For more information about tagging, see [Tagging IAM
|
|
1310
|
+
# resources][1] in the *IAM User Guide*.
|
|
1311
|
+
#
|
|
1312
|
+
# <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed maximum
|
|
1313
|
+
# number of tags, then the entire request fails and the resource is not
|
|
1314
|
+
# created.
|
|
1315
|
+
#
|
|
1316
|
+
# </note>
|
|
1317
|
+
#
|
|
1318
|
+
#
|
|
1319
|
+
#
|
|
1320
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
|
|
1321
|
+
#
|
|
1263
1322
|
# @return [Types::CreateOpenIDConnectProviderResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
|
1264
1323
|
#
|
|
1265
1324
|
# * {Types::CreateOpenIDConnectProviderResponse#open_id_connect_provider_arn #open_id_connect_provider_arn} => String
|
|
1325
|
+
# * {Types::CreateOpenIDConnectProviderResponse#tags #tags} => Array<Types::Tag>
|
|
1266
1326
|
#
|
|
1267
1327
|
#
|
|
1268
1328
|
# @example Example: To create an instance profile
|
|
@@ -1291,11 +1351,20 @@ module Aws::IAM
|
|
|
1291
1351
|
# url: "OpenIDConnectProviderUrlType", # required
|
|
1292
1352
|
# client_id_list: ["clientIDType"],
|
|
1293
1353
|
# thumbprint_list: ["thumbprintType"], # required
|
|
1354
|
+
# tags: [
|
|
1355
|
+
# {
|
|
1356
|
+
# key: "tagKeyType", # required
|
|
1357
|
+
# value: "tagValueType", # required
|
|
1358
|
+
# },
|
|
1359
|
+
# ],
|
|
1294
1360
|
# })
|
|
1295
1361
|
#
|
|
1296
1362
|
# @example Response structure
|
|
1297
1363
|
#
|
|
1298
1364
|
# resp.open_id_connect_provider_arn #=> String
|
|
1365
|
+
# resp.tags #=> Array
|
|
1366
|
+
# resp.tags[0].key #=> String
|
|
1367
|
+
# resp.tags[0].value #=> String
|
|
1299
1368
|
#
|
|
1300
1369
|
# @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateOpenIDConnectProvider AWS API Documentation
|
|
1301
1370
|
#
|
|
@@ -1310,16 +1379,20 @@ module Aws::IAM
|
|
|
1310
1379
|
#
|
|
1311
1380
|
# This operation creates a policy version with a version identifier of
|
|
1312
1381
|
# `v1` and sets v1 as the policy's default version. For more
|
|
1313
|
-
# information about policy versions, see [Versioning for
|
|
1314
|
-
#
|
|
1382
|
+
# information about policy versions, see [Versioning for managed
|
|
1383
|
+
# policies][1] in the *IAM User Guide*.
|
|
1384
|
+
#
|
|
1385
|
+
# As a best practice, you can validate your IAM policies. To learn more,
|
|
1386
|
+
# see [Validating IAM policies][2] in the *IAM User Guide*.
|
|
1315
1387
|
#
|
|
1316
1388
|
# For more information about managed policies in general, see [Managed
|
|
1317
|
-
#
|
|
1389
|
+
# policies and inline policies][3] in the *IAM User Guide*.
|
|
1318
1390
|
#
|
|
1319
1391
|
#
|
|
1320
1392
|
#
|
|
1321
1393
|
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html
|
|
1322
|
-
# [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/
|
|
1394
|
+
# [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_policy-validator.html
|
|
1395
|
+
# [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
|
|
1323
1396
|
#
|
|
1324
1397
|
# @option params [required, String] :policy_name
|
|
1325
1398
|
# The friendly name of the policy.
|
|
@@ -1331,7 +1404,7 @@ module Aws::IAM
|
|
|
1331
1404
|
# @option params [String] :path
|
|
1332
1405
|
# The path for the policy.
|
|
1333
1406
|
#
|
|
1334
|
-
# For more information about paths, see [IAM
|
|
1407
|
+
# For more information about paths, see [IAM identifiers][1] in the *IAM
|
|
1335
1408
|
# User Guide*.
|
|
1336
1409
|
#
|
|
1337
1410
|
# This parameter is optional. If it is not included, it defaults to a
|
|
@@ -1384,6 +1457,22 @@ module Aws::IAM
|
|
|
1384
1457
|
# The policy description is immutable. After a value is assigned, it
|
|
1385
1458
|
# cannot be changed.
|
|
1386
1459
|
#
|
|
1460
|
+
# @option params [Array<Types::Tag>] :tags
|
|
1461
|
+
# A list of tags that you want to attach to the new IAM customer managed
|
|
1462
|
+
# policy. Each tag consists of a key name and an associated value. For
|
|
1463
|
+
# more information about tagging, see [Tagging IAM resources][1] in the
|
|
1464
|
+
# *IAM User Guide*.
|
|
1465
|
+
#
|
|
1466
|
+
# <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed maximum
|
|
1467
|
+
# number of tags, then the entire request fails and the resource is not
|
|
1468
|
+
# created.
|
|
1469
|
+
#
|
|
1470
|
+
# </note>
|
|
1471
|
+
#
|
|
1472
|
+
#
|
|
1473
|
+
#
|
|
1474
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
|
|
1475
|
+
#
|
|
1387
1476
|
# @return [Types::CreatePolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
|
1388
1477
|
#
|
|
1389
1478
|
# * {Types::CreatePolicyResponse#policy #policy} => Types::Policy
|
|
@@ -1395,6 +1484,12 @@ module Aws::IAM
|
|
|
1395
1484
|
# path: "policyPathType",
|
|
1396
1485
|
# policy_document: "policyDocumentType", # required
|
|
1397
1486
|
# description: "policyDescriptionType",
|
|
1487
|
+
# tags: [
|
|
1488
|
+
# {
|
|
1489
|
+
# key: "tagKeyType", # required
|
|
1490
|
+
# value: "tagValueType", # required
|
|
1491
|
+
# },
|
|
1492
|
+
# ],
|
|
1398
1493
|
# })
|
|
1399
1494
|
#
|
|
1400
1495
|
# @example Response structure
|
|
@@ -1410,6 +1505,9 @@ module Aws::IAM
|
|
|
1410
1505
|
# resp.policy.description #=> String
|
|
1411
1506
|
# resp.policy.create_date #=> Time
|
|
1412
1507
|
# resp.policy.update_date #=> Time
|
|
1508
|
+
# resp.policy.tags #=> Array
|
|
1509
|
+
# resp.policy.tags[0].key #=> String
|
|
1510
|
+
# resp.policy.tags[0].value #=> String
|
|
1413
1511
|
#
|
|
1414
1512
|
# @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreatePolicy AWS API Documentation
|
|
1415
1513
|
#
|
|
@@ -1431,7 +1529,7 @@ module Aws::IAM
|
|
|
1431
1529
|
# IAM users, groups, and roles to which the policy is attached.
|
|
1432
1530
|
#
|
|
1433
1531
|
# For more information about managed policy versions, see [Versioning
|
|
1434
|
-
# for
|
|
1532
|
+
# for managed policies][1] in the *IAM User Guide*.
|
|
1435
1533
|
#
|
|
1436
1534
|
#
|
|
1437
1535
|
#
|
|
@@ -1441,8 +1539,8 @@ module Aws::IAM
|
|
|
1441
1539
|
# The Amazon Resource Name (ARN) of the IAM policy to which you want to
|
|
1442
1540
|
# add a new version.
|
|
1443
1541
|
#
|
|
1444
|
-
# For more information about ARNs, see [Amazon Resource Names (ARNs)
|
|
1445
|
-
#
|
|
1542
|
+
# For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
|
|
1543
|
+
# in the *AWS General Reference*.
|
|
1446
1544
|
#
|
|
1447
1545
|
#
|
|
1448
1546
|
#
|
|
@@ -1482,7 +1580,7 @@ module Aws::IAM
|
|
|
1482
1580
|
# for the IAM users, groups, and roles that the policy is attached to.
|
|
1483
1581
|
#
|
|
1484
1582
|
# For more information about managed policy versions, see [Versioning
|
|
1485
|
-
# for
|
|
1583
|
+
# for managed policies][1] in the *IAM User Guide*.
|
|
1486
1584
|
#
|
|
1487
1585
|
#
|
|
1488
1586
|
#
|
|
@@ -1517,9 +1615,9 @@ module Aws::IAM
|
|
|
1517
1615
|
end
|
|
1518
1616
|
|
|
1519
1617
|
# Creates a new role for your AWS account. For more information about
|
|
1520
|
-
# roles,
|
|
1521
|
-
#
|
|
1522
|
-
#
|
|
1618
|
+
# roles, see [IAM roles][1]. For information about quotas for role names
|
|
1619
|
+
# and the number of roles you can create, see [IAM and STS quotas][2] in
|
|
1620
|
+
# the *IAM User Guide*.
|
|
1523
1621
|
#
|
|
1524
1622
|
#
|
|
1525
1623
|
#
|
|
@@ -1599,7 +1697,7 @@ module Aws::IAM
|
|
|
1599
1697
|
# for one hour by default. This applies when you use the `AssumeRole*`
|
|
1600
1698
|
# API operations or the `assume-role*` CLI operations but does not apply
|
|
1601
1699
|
# when you use those operations to create a console URL. For more
|
|
1602
|
-
# information, see [Using IAM
|
|
1700
|
+
# information, see [Using IAM roles][1] in the *IAM User Guide*.
|
|
1603
1701
|
#
|
|
1604
1702
|
#
|
|
1605
1703
|
#
|
|
@@ -1610,13 +1708,12 @@ module Aws::IAM
|
|
|
1610
1708
|
# the role.
|
|
1611
1709
|
#
|
|
1612
1710
|
# @option params [Array<Types::Tag>] :tags
|
|
1613
|
-
# A list of tags that you want to attach to the
|
|
1614
|
-
#
|
|
1615
|
-
#
|
|
1616
|
-
# User Guide*.
|
|
1711
|
+
# A list of tags that you want to attach to the new role. Each tag
|
|
1712
|
+
# consists of a key name and an associated value. For more information
|
|
1713
|
+
# about tagging, see [Tagging IAM resources][1] in the *IAM User Guide*.
|
|
1617
1714
|
#
|
|
1618
|
-
# <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed
|
|
1619
|
-
# of tags
|
|
1715
|
+
# <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed maximum
|
|
1716
|
+
# number of tags, then the entire request fails and the resource is not
|
|
1620
1717
|
# created.
|
|
1621
1718
|
#
|
|
1622
1719
|
# </note>
|
|
@@ -1718,9 +1815,9 @@ module Aws::IAM
|
|
|
1718
1815
|
#
|
|
1719
1816
|
# </note>
|
|
1720
1817
|
#
|
|
1721
|
-
# For more information, see [Enabling SAML 2.0
|
|
1818
|
+
# For more information, see [Enabling SAML 2.0 federated users to access
|
|
1722
1819
|
# the AWS Management Console][2] and [About SAML 2.0-based
|
|
1723
|
-
#
|
|
1820
|
+
# federation][3] in the *IAM User Guide*.
|
|
1724
1821
|
#
|
|
1725
1822
|
#
|
|
1726
1823
|
#
|
|
@@ -1736,7 +1833,7 @@ module Aws::IAM
|
|
|
1736
1833
|
# You must generate the metadata document using the identity management
|
|
1737
1834
|
# software that is used as your organization's IdP.
|
|
1738
1835
|
#
|
|
1739
|
-
# For more information, see [About SAML 2.0-based
|
|
1836
|
+
# For more information, see [About SAML 2.0-based federation][1] in the
|
|
1740
1837
|
# *IAM User Guide*
|
|
1741
1838
|
#
|
|
1742
1839
|
#
|
|
@@ -1755,20 +1852,46 @@ module Aws::IAM
|
|
|
1755
1852
|
#
|
|
1756
1853
|
# [1]: http://wikipedia.org/wiki/regex
|
|
1757
1854
|
#
|
|
1855
|
+
# @option params [Array<Types::Tag>] :tags
|
|
1856
|
+
# A list of tags that you want to attach to the new IAM SAML provider.
|
|
1857
|
+
# Each tag consists of a key name and an associated value. For more
|
|
1858
|
+
# information about tagging, see [Tagging IAM resources][1] in the *IAM
|
|
1859
|
+
# User Guide*.
|
|
1860
|
+
#
|
|
1861
|
+
# <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed maximum
|
|
1862
|
+
# number of tags, then the entire request fails and the resource is not
|
|
1863
|
+
# created.
|
|
1864
|
+
#
|
|
1865
|
+
# </note>
|
|
1866
|
+
#
|
|
1867
|
+
#
|
|
1868
|
+
#
|
|
1869
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
|
|
1870
|
+
#
|
|
1758
1871
|
# @return [Types::CreateSAMLProviderResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
|
1759
1872
|
#
|
|
1760
1873
|
# * {Types::CreateSAMLProviderResponse#saml_provider_arn #saml_provider_arn} => String
|
|
1874
|
+
# * {Types::CreateSAMLProviderResponse#tags #tags} => Array<Types::Tag>
|
|
1761
1875
|
#
|
|
1762
1876
|
# @example Request syntax with placeholder values
|
|
1763
1877
|
#
|
|
1764
1878
|
# resp = client.create_saml_provider({
|
|
1765
1879
|
# saml_metadata_document: "SAMLMetadataDocumentType", # required
|
|
1766
1880
|
# name: "SAMLProviderNameType", # required
|
|
1881
|
+
# tags: [
|
|
1882
|
+
# {
|
|
1883
|
+
# key: "tagKeyType", # required
|
|
1884
|
+
# value: "tagValueType", # required
|
|
1885
|
+
# },
|
|
1886
|
+
# ],
|
|
1767
1887
|
# })
|
|
1768
1888
|
#
|
|
1769
1889
|
# @example Response structure
|
|
1770
1890
|
#
|
|
1771
1891
|
# resp.saml_provider_arn #=> String
|
|
1892
|
+
# resp.tags #=> Array
|
|
1893
|
+
# resp.tags[0].key #=> String
|
|
1894
|
+
# resp.tags[0].value #=> String
|
|
1772
1895
|
#
|
|
1773
1896
|
# @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateSAMLProvider AWS API Documentation
|
|
1774
1897
|
#
|
|
@@ -1786,7 +1909,7 @@ module Aws::IAM
|
|
|
1786
1909
|
# resources into an unknown state. Allowing the service to control the
|
|
1787
1910
|
# role helps improve service stability and proper cleanup when a service
|
|
1788
1911
|
# and its role are no longer needed. For more information, see [Using
|
|
1789
|
-
#
|
|
1912
|
+
# service-linked roles][1] in the *IAM User Guide*.
|
|
1790
1913
|
#
|
|
1791
1914
|
# To attach a policy to this service-linked role, you must make the
|
|
1792
1915
|
# request using the AWS service that depends on this role.
|
|
@@ -1801,8 +1924,8 @@ module Aws::IAM
|
|
|
1801
1924
|
# front. For example: `elasticbeanstalk.amazonaws.com`.
|
|
1802
1925
|
#
|
|
1803
1926
|
# Service principals are unique and case-sensitive. To find the exact
|
|
1804
|
-
# service principal for your service-linked role, see [AWS
|
|
1805
|
-
#
|
|
1927
|
+
# service principal for your service-linked role, see [AWS services that
|
|
1928
|
+
# work with IAM][1] in the *IAM User Guide*. Look for the services that
|
|
1806
1929
|
# have <b>Yes </b>in the **Service-Linked Role** column. Choose the
|
|
1807
1930
|
# **Yes** link to view the service-linked role documentation for that
|
|
1808
1931
|
# service.
|
|
@@ -1872,14 +1995,15 @@ module Aws::IAM
|
|
|
1872
1995
|
# You can have a maximum of two sets of service-specific credentials for
|
|
1873
1996
|
# each supported service per user.
|
|
1874
1997
|
#
|
|
1875
|
-
#
|
|
1998
|
+
# You can create service-specific credentials for AWS CodeCommit and
|
|
1999
|
+
# Amazon Keyspaces (for Apache Cassandra).
|
|
1876
2000
|
#
|
|
1877
2001
|
# You can reset the password to a new service-generated value by calling
|
|
1878
2002
|
# ResetServiceSpecificCredential.
|
|
1879
2003
|
#
|
|
1880
2004
|
# For more information about service-specific credentials, see [Using
|
|
1881
|
-
# IAM with AWS CodeCommit: Git
|
|
1882
|
-
#
|
|
2005
|
+
# IAM with AWS CodeCommit: Git credentials, SSH keys, and AWS access
|
|
2006
|
+
# keys][1] in the *IAM User Guide*.
|
|
1883
2007
|
#
|
|
1884
2008
|
#
|
|
1885
2009
|
#
|
|
@@ -1937,9 +2061,8 @@ module Aws::IAM
|
|
|
1937
2061
|
|
|
1938
2062
|
# Creates a new IAM user for your AWS account.
|
|
1939
2063
|
#
|
|
1940
|
-
#
|
|
1941
|
-
#
|
|
1942
|
-
# Guide*.
|
|
2064
|
+
# For information about quotas for the number of IAM users you can
|
|
2065
|
+
# create, see [IAM and STS quotas][1] in the *IAM User Guide*.
|
|
1943
2066
|
#
|
|
1944
2067
|
#
|
|
1945
2068
|
#
|
|
@@ -1947,7 +2070,7 @@ module Aws::IAM
|
|
|
1947
2070
|
#
|
|
1948
2071
|
# @option params [String] :path
|
|
1949
2072
|
# The path for the user name. For more information about paths, see [IAM
|
|
1950
|
-
#
|
|
2073
|
+
# identifiers][1] in the *IAM User Guide*.
|
|
1951
2074
|
#
|
|
1952
2075
|
# This parameter is optional. If it is not included, it defaults to a
|
|
1953
2076
|
# slash (/).
|
|
@@ -1976,13 +2099,12 @@ module Aws::IAM
|
|
|
1976
2099
|
# the user.
|
|
1977
2100
|
#
|
|
1978
2101
|
# @option params [Array<Types::Tag>] :tags
|
|
1979
|
-
# A list of tags that you want to attach to the
|
|
1980
|
-
#
|
|
1981
|
-
#
|
|
1982
|
-
# User Guide*.
|
|
2102
|
+
# A list of tags that you want to attach to the new user. Each tag
|
|
2103
|
+
# consists of a key name and an associated value. For more information
|
|
2104
|
+
# about tagging, see [Tagging IAM resources][1] in the *IAM User Guide*.
|
|
1983
2105
|
#
|
|
1984
|
-
# <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed
|
|
1985
|
-
# of tags
|
|
2106
|
+
# <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed maximum
|
|
2107
|
+
# number of tags, then the entire request fails and the resource is not
|
|
1986
2108
|
# created.
|
|
1987
2109
|
#
|
|
1988
2110
|
# </note>
|
|
@@ -2055,12 +2177,11 @@ module Aws::IAM
|
|
|
2055
2177
|
# Creates a new virtual MFA device for the AWS account. After creating
|
|
2056
2178
|
# the virtual MFA, use EnableMFADevice to attach the MFA device to an
|
|
2057
2179
|
# IAM user. For more information about creating and working with virtual
|
|
2058
|
-
# MFA devices,
|
|
2180
|
+
# MFA devices, see [Using a virtual MFA device][1] in the *IAM User
|
|
2059
2181
|
# Guide*.
|
|
2060
2182
|
#
|
|
2061
|
-
#
|
|
2062
|
-
#
|
|
2063
|
-
# Guide*.
|
|
2183
|
+
# For information about the maximum number of MFA devices you can
|
|
2184
|
+
# create, see [IAM and STS quotas][2] in the *IAM User Guide*.
|
|
2064
2185
|
#
|
|
2065
2186
|
# The seed information contained in the QR code and the Base32 string
|
|
2066
2187
|
# should be treated like any other secret access information. In other
|
|
@@ -2075,7 +2196,7 @@ module Aws::IAM
|
|
|
2075
2196
|
#
|
|
2076
2197
|
# @option params [String] :path
|
|
2077
2198
|
# The path for the virtual MFA device. For more information about paths,
|
|
2078
|
-
# see [IAM
|
|
2199
|
+
# see [IAM identifiers][1] in the *IAM User Guide*.
|
|
2079
2200
|
#
|
|
2080
2201
|
# This parameter is optional. If it is not included, it defaults to a
|
|
2081
2202
|
# slash (/).
|
|
@@ -2105,6 +2226,22 @@ module Aws::IAM
|
|
|
2105
2226
|
#
|
|
2106
2227
|
# [1]: http://wikipedia.org/wiki/regex
|
|
2107
2228
|
#
|
|
2229
|
+
# @option params [Array<Types::Tag>] :tags
|
|
2230
|
+
# A list of tags that you want to attach to the new IAM virtual MFA
|
|
2231
|
+
# device. Each tag consists of a key name and an associated value. For
|
|
2232
|
+
# more information about tagging, see [Tagging IAM resources][1] in the
|
|
2233
|
+
# *IAM User Guide*.
|
|
2234
|
+
#
|
|
2235
|
+
# <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed maximum
|
|
2236
|
+
# number of tags, then the entire request fails and the resource is not
|
|
2237
|
+
# created.
|
|
2238
|
+
#
|
|
2239
|
+
# </note>
|
|
2240
|
+
#
|
|
2241
|
+
#
|
|
2242
|
+
#
|
|
2243
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
|
|
2244
|
+
#
|
|
2108
2245
|
# @return [Types::CreateVirtualMFADeviceResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
|
2109
2246
|
#
|
|
2110
2247
|
# * {Types::CreateVirtualMFADeviceResponse#virtual_mfa_device #virtual_mfa_device} => Types::VirtualMFADevice
|
|
@@ -2114,6 +2251,12 @@ module Aws::IAM
|
|
|
2114
2251
|
# resp = client.create_virtual_mfa_device({
|
|
2115
2252
|
# path: "pathType",
|
|
2116
2253
|
# virtual_mfa_device_name: "virtualMFADeviceName", # required
|
|
2254
|
+
# tags: [
|
|
2255
|
+
# {
|
|
2256
|
+
# key: "tagKeyType", # required
|
|
2257
|
+
# value: "tagValueType", # required
|
|
2258
|
+
# },
|
|
2259
|
+
# ],
|
|
2117
2260
|
# })
|
|
2118
2261
|
#
|
|
2119
2262
|
# @example Response structure
|
|
@@ -2133,6 +2276,9 @@ module Aws::IAM
|
|
|
2133
2276
|
# resp.virtual_mfa_device.user.tags[0].key #=> String
|
|
2134
2277
|
# resp.virtual_mfa_device.user.tags[0].value #=> String
|
|
2135
2278
|
# resp.virtual_mfa_device.enable_date #=> Time
|
|
2279
|
+
# resp.virtual_mfa_device.tags #=> Array
|
|
2280
|
+
# resp.virtual_mfa_device.tags[0].key #=> String
|
|
2281
|
+
# resp.virtual_mfa_device.tags[0].value #=> String
|
|
2136
2282
|
#
|
|
2137
2283
|
# @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateVirtualMFADevice AWS API Documentation
|
|
2138
2284
|
#
|
|
@@ -2147,8 +2293,8 @@ module Aws::IAM
|
|
|
2147
2293
|
# with the user name for which it was originally enabled.
|
|
2148
2294
|
#
|
|
2149
2295
|
# For more information about creating and working with virtual MFA
|
|
2150
|
-
# devices,
|
|
2151
|
-
#
|
|
2296
|
+
# devices, see [Enabling a virtual multi-factor authentication (MFA)
|
|
2297
|
+
# device][1] in the *IAM User Guide*.
|
|
2152
2298
|
#
|
|
2153
2299
|
#
|
|
2154
2300
|
#
|
|
@@ -2258,7 +2404,7 @@ module Aws::IAM
|
|
|
2258
2404
|
end
|
|
2259
2405
|
|
|
2260
2406
|
# Deletes the specified AWS account alias. For information about using
|
|
2261
|
-
# an AWS account alias, see [Using an
|
|
2407
|
+
# an AWS account alias, see [Using an alias for your AWS account ID][1]
|
|
2262
2408
|
# in the *IAM User Guide*.
|
|
2263
2409
|
#
|
|
2264
2410
|
#
|
|
@@ -2362,8 +2508,8 @@ module Aws::IAM
|
|
|
2362
2508
|
#
|
|
2363
2509
|
# A group can also have managed policies attached to it. To detach a
|
|
2364
2510
|
# managed policy from a group, use DetachGroupPolicy. For more
|
|
2365
|
-
# information about policies, refer to [Managed
|
|
2366
|
-
#
|
|
2511
|
+
# information about policies, refer to [Managed policies and inline
|
|
2512
|
+
# policies][1] in the *IAM User Guide*.
|
|
2367
2513
|
#
|
|
2368
2514
|
#
|
|
2369
2515
|
#
|
|
@@ -2430,8 +2576,8 @@ module Aws::IAM
|
|
|
2430
2576
|
# instance profile that is associated with a running instance will break
|
|
2431
2577
|
# any applications running on the instance.
|
|
2432
2578
|
#
|
|
2433
|
-
# For more information about instance profiles,
|
|
2434
|
-
#
|
|
2579
|
+
# For more information about instance profiles, see [About instance
|
|
2580
|
+
# profiles][1].
|
|
2435
2581
|
#
|
|
2436
2582
|
#
|
|
2437
2583
|
#
|
|
@@ -2479,6 +2625,11 @@ module Aws::IAM
|
|
|
2479
2625
|
# user's ability to access AWS services through the AWS Management
|
|
2480
2626
|
# Console.
|
|
2481
2627
|
#
|
|
2628
|
+
# You can use the AWS CLI, the AWS API, or the **Users** page in the IAM
|
|
2629
|
+
# console to delete a password for any IAM user. You can use
|
|
2630
|
+
# ChangePassword to update, but not delete, your own password in the
|
|
2631
|
+
# **My Security Credentials** page in the AWS Management Console.
|
|
2632
|
+
#
|
|
2482
2633
|
# Deleting a user's password does not prevent a user from accessing AWS
|
|
2483
2634
|
# through the command line interface or the API. To prevent all user
|
|
2484
2635
|
# access, you must also either make any access keys inactive or delete
|
|
@@ -2564,9 +2715,9 @@ module Aws::IAM
|
|
|
2564
2715
|
# steps describe the process for deleting a managed policy:
|
|
2565
2716
|
#
|
|
2566
2717
|
# * Detach the policy from all users, groups, and roles that the policy
|
|
2567
|
-
# is attached to, using
|
|
2568
|
-
# DetachRolePolicy
|
|
2569
|
-
#
|
|
2718
|
+
# is attached to, using DetachUserPolicy, DetachGroupPolicy, or
|
|
2719
|
+
# DetachRolePolicy. To list all the users, groups, and roles that a
|
|
2720
|
+
# policy is attached to, use ListEntitiesForPolicy.
|
|
2570
2721
|
#
|
|
2571
2722
|
# * Delete all versions of the policy using DeletePolicyVersion. To list
|
|
2572
2723
|
# the policy's versions, use ListPolicyVersions. You cannot use
|
|
@@ -2575,10 +2726,10 @@ module Aws::IAM
|
|
|
2575
2726
|
# next step of the process.
|
|
2576
2727
|
#
|
|
2577
2728
|
# * Delete the policy (this automatically deletes the policy's default
|
|
2578
|
-
# version) using this
|
|
2729
|
+
# version) using this operation.
|
|
2579
2730
|
#
|
|
2580
|
-
# For information about managed policies, see [Managed
|
|
2581
|
-
#
|
|
2731
|
+
# For information about managed policies, see [Managed policies and
|
|
2732
|
+
# inline policies][1] in the *IAM User Guide*.
|
|
2582
2733
|
#
|
|
2583
2734
|
#
|
|
2584
2735
|
#
|
|
@@ -2587,8 +2738,8 @@ module Aws::IAM
|
|
|
2587
2738
|
# @option params [required, String] :policy_arn
|
|
2588
2739
|
# The Amazon Resource Name (ARN) of the IAM policy you want to delete.
|
|
2589
2740
|
#
|
|
2590
|
-
# For more information about ARNs, see [Amazon Resource Names (ARNs)
|
|
2591
|
-
#
|
|
2741
|
+
# For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
|
|
2742
|
+
# in the *AWS General Reference*.
|
|
2592
2743
|
#
|
|
2593
2744
|
#
|
|
2594
2745
|
#
|
|
@@ -2613,13 +2764,13 @@ module Aws::IAM
|
|
|
2613
2764
|
|
|
2614
2765
|
# Deletes the specified version from the specified managed policy.
|
|
2615
2766
|
#
|
|
2616
|
-
# You cannot delete the default version from a policy using this
|
|
2617
|
-
# delete the default version from a policy, use
|
|
2618
|
-
# out which version of a policy is marked as the
|
|
2619
|
-
# ListPolicyVersions.
|
|
2767
|
+
# You cannot delete the default version from a policy using this
|
|
2768
|
+
# operation. To delete the default version from a policy, use
|
|
2769
|
+
# DeletePolicy. To find out which version of a policy is marked as the
|
|
2770
|
+
# default version, use ListPolicyVersions.
|
|
2620
2771
|
#
|
|
2621
2772
|
# For information about versions for managed policies, see [Versioning
|
|
2622
|
-
# for
|
|
2773
|
+
# for managed policies][1] in the *IAM User Guide*.
|
|
2623
2774
|
#
|
|
2624
2775
|
#
|
|
2625
2776
|
#
|
|
@@ -2629,8 +2780,8 @@ module Aws::IAM
|
|
|
2629
2780
|
# The Amazon Resource Name (ARN) of the IAM policy from which you want
|
|
2630
2781
|
# to delete a version.
|
|
2631
2782
|
#
|
|
2632
|
-
# For more information about ARNs, see [Amazon Resource Names (ARNs)
|
|
2633
|
-
#
|
|
2783
|
+
# For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
|
|
2784
|
+
# in the *AWS General Reference*.
|
|
2634
2785
|
#
|
|
2635
2786
|
#
|
|
2636
2787
|
#
|
|
@@ -2645,7 +2796,7 @@ module Aws::IAM
|
|
|
2645
2796
|
# of letters and digits.
|
|
2646
2797
|
#
|
|
2647
2798
|
# For more information about managed policy versions, see [Versioning
|
|
2648
|
-
# for
|
|
2799
|
+
# for managed policies][2] in the *IAM User Guide*.
|
|
2649
2800
|
#
|
|
2650
2801
|
#
|
|
2651
2802
|
#
|
|
@@ -2671,8 +2822,8 @@ module Aws::IAM
|
|
|
2671
2822
|
end
|
|
2672
2823
|
|
|
2673
2824
|
# Deletes the specified role. The role must not have any policies
|
|
2674
|
-
# attached. For more information about roles,
|
|
2675
|
-
#
|
|
2825
|
+
# attached. For more information about roles, see [Working with
|
|
2826
|
+
# roles][1].
|
|
2676
2827
|
#
|
|
2677
2828
|
# Make sure that you do not have any Amazon EC2 instances running with
|
|
2678
2829
|
# the role you are about to delete. Deleting a role or instance profile
|
|
@@ -2753,7 +2904,7 @@ module Aws::IAM
|
|
|
2753
2904
|
#
|
|
2754
2905
|
# A role can also have managed policies attached to it. To detach a
|
|
2755
2906
|
# managed policy from a role, use DetachRolePolicy. For more information
|
|
2756
|
-
# about policies, refer to [Managed
|
|
2907
|
+
# about policies, refer to [Managed policies and inline policies][1] in
|
|
2757
2908
|
# the *IAM User Guide*.
|
|
2758
2909
|
#
|
|
2759
2910
|
#
|
|
@@ -2854,7 +3005,7 @@ module Aws::IAM
|
|
|
2854
3005
|
# authenticating the associated IAM user to an AWS CodeCommit
|
|
2855
3006
|
# repository. For more information about using SSH keys to authenticate
|
|
2856
3007
|
# to an AWS CodeCommit repository, see [Set up AWS CodeCommit for SSH
|
|
2857
|
-
#
|
|
3008
|
+
# connections][1] in the *AWS CodeCommit User Guide*.
|
|
2858
3009
|
#
|
|
2859
3010
|
#
|
|
2860
3011
|
#
|
|
@@ -2904,7 +3055,7 @@ module Aws::IAM
|
|
|
2904
3055
|
# Deletes the specified server certificate.
|
|
2905
3056
|
#
|
|
2906
3057
|
# For more information about working with server certificates, see
|
|
2907
|
-
# [Working with
|
|
3058
|
+
# [Working with server certificates][1] in the *IAM User Guide*. This
|
|
2908
3059
|
# topic also includes a list of AWS services that can use the server
|
|
2909
3060
|
# certificates that you manage with IAM.
|
|
2910
3061
|
#
|
|
@@ -2915,8 +3066,8 @@ module Aws::IAM
|
|
|
2915
3066
|
# cause Elastic Load Balancing to stop accepting traffic. We recommend
|
|
2916
3067
|
# that you remove the reference to the certificate from Elastic Load
|
|
2917
3068
|
# Balancing before using this command to delete the certificate. For
|
|
2918
|
-
# more information,
|
|
2919
|
-
#
|
|
3069
|
+
# more information, see [DeleteLoadBalancerListeners][2] in the *Elastic
|
|
3070
|
+
# Load Balancing API Reference*.
|
|
2920
3071
|
#
|
|
2921
3072
|
#
|
|
2922
3073
|
#
|
|
@@ -2962,17 +3113,16 @@ module Aws::IAM
|
|
|
2962
3113
|
#
|
|
2963
3114
|
# If you submit a deletion request for a service-linked role whose
|
|
2964
3115
|
# linked service is still accessing a resource, then the deletion task
|
|
2965
|
-
# fails. If it fails, the GetServiceLinkedRoleDeletionStatus
|
|
2966
|
-
#
|
|
2967
|
-
#
|
|
2968
|
-
#
|
|
2969
|
-
#
|
|
2970
|
-
#
|
|
2971
|
-
#
|
|
2972
|
-
# your service.
|
|
3116
|
+
# fails. If it fails, the GetServiceLinkedRoleDeletionStatus operation
|
|
3117
|
+
# returns the reason for the failure, usually including the resources
|
|
3118
|
+
# that must be deleted. To delete the service-linked role, you must
|
|
3119
|
+
# first remove those resources from the linked service and then submit
|
|
3120
|
+
# the deletion request again. Resources are specific to the service that
|
|
3121
|
+
# is linked to the role. For more information about removing resources
|
|
3122
|
+
# from a service, see the [AWS documentation][1] for your service.
|
|
2973
3123
|
#
|
|
2974
|
-
# For more information about service-linked roles, see [Roles
|
|
2975
|
-
#
|
|
3124
|
+
# For more information about service-linked roles, see [Roles terms and
|
|
3125
|
+
# concepts: AWS service-linked role][2] in the *IAM User Guide*.
|
|
2976
3126
|
#
|
|
2977
3127
|
#
|
|
2978
3128
|
#
|
|
@@ -3113,7 +3263,7 @@ module Aws::IAM
|
|
|
3113
3263
|
# Deletes the specified IAM user. Unlike the AWS Management Console,
|
|
3114
3264
|
# when you delete a user programmatically, you must delete the items
|
|
3115
3265
|
# attached to the user manually, or the deletion fails. For more
|
|
3116
|
-
# information, see [Deleting an IAM
|
|
3266
|
+
# information, see [Deleting an IAM user][1]. Before attempting to
|
|
3117
3267
|
# delete a user, remove the following items:
|
|
3118
3268
|
#
|
|
3119
3269
|
# * Password (DeleteLoginProfile)
|
|
@@ -3209,7 +3359,7 @@ module Aws::IAM
|
|
|
3209
3359
|
#
|
|
3210
3360
|
# A user can also have managed policies attached to it. To detach a
|
|
3211
3361
|
# managed policy from a user, use DetachUserPolicy. For more information
|
|
3212
|
-
# about policies, refer to [Managed
|
|
3362
|
+
# about policies, refer to [Managed policies and inline policies][1] in
|
|
3213
3363
|
# the *IAM User Guide*.
|
|
3214
3364
|
#
|
|
3215
3365
|
#
|
|
@@ -3319,9 +3469,8 @@ module Aws::IAM
|
|
|
3319
3469
|
# Removes the specified managed policy from the specified IAM group.
|
|
3320
3470
|
#
|
|
3321
3471
|
# A group can also have inline policies embedded with it. To delete an
|
|
3322
|
-
# inline policy, use
|
|
3323
|
-
#
|
|
3324
|
-
# User Guide*.
|
|
3472
|
+
# inline policy, use DeleteGroupPolicy. For information about policies,
|
|
3473
|
+
# see [Managed policies and inline policies][1] in the *IAM User Guide*.
|
|
3325
3474
|
#
|
|
3326
3475
|
#
|
|
3327
3476
|
#
|
|
@@ -3343,8 +3492,8 @@ module Aws::IAM
|
|
|
3343
3492
|
# @option params [required, String] :policy_arn
|
|
3344
3493
|
# The Amazon Resource Name (ARN) of the IAM policy you want to detach.
|
|
3345
3494
|
#
|
|
3346
|
-
# For more information about ARNs, see [Amazon Resource Names (ARNs)
|
|
3347
|
-
#
|
|
3495
|
+
# For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
|
|
3496
|
+
# in the *AWS General Reference*.
|
|
3348
3497
|
#
|
|
3349
3498
|
#
|
|
3350
3499
|
#
|
|
@@ -3371,9 +3520,8 @@ module Aws::IAM
|
|
|
3371
3520
|
# Removes the specified managed policy from the specified role.
|
|
3372
3521
|
#
|
|
3373
3522
|
# A role can also have inline policies embedded with it. To delete an
|
|
3374
|
-
# inline policy, use
|
|
3375
|
-
#
|
|
3376
|
-
# User Guide*.
|
|
3523
|
+
# inline policy, use DeleteRolePolicy. For information about policies,
|
|
3524
|
+
# see [Managed policies and inline policies][1] in the *IAM User Guide*.
|
|
3377
3525
|
#
|
|
3378
3526
|
#
|
|
3379
3527
|
#
|
|
@@ -3395,8 +3543,8 @@ module Aws::IAM
|
|
|
3395
3543
|
# @option params [required, String] :policy_arn
|
|
3396
3544
|
# The Amazon Resource Name (ARN) of the IAM policy you want to detach.
|
|
3397
3545
|
#
|
|
3398
|
-
# For more information about ARNs, see [Amazon Resource Names (ARNs)
|
|
3399
|
-
#
|
|
3546
|
+
# For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
|
|
3547
|
+
# in the *AWS General Reference*.
|
|
3400
3548
|
#
|
|
3401
3549
|
#
|
|
3402
3550
|
#
|
|
@@ -3423,9 +3571,8 @@ module Aws::IAM
|
|
|
3423
3571
|
# Removes the specified managed policy from the specified user.
|
|
3424
3572
|
#
|
|
3425
3573
|
# A user can also have inline policies embedded with it. To delete an
|
|
3426
|
-
# inline policy, use
|
|
3427
|
-
#
|
|
3428
|
-
# User Guide*.
|
|
3574
|
+
# inline policy, use DeleteUserPolicy. For information about policies,
|
|
3575
|
+
# see [Managed policies and inline policies][1] in the *IAM User Guide*.
|
|
3429
3576
|
#
|
|
3430
3577
|
#
|
|
3431
3578
|
#
|
|
@@ -3447,8 +3594,8 @@ module Aws::IAM
|
|
|
3447
3594
|
# @option params [required, String] :policy_arn
|
|
3448
3595
|
# The Amazon Resource Name (ARN) of the IAM policy you want to detach.
|
|
3449
3596
|
#
|
|
3450
|
-
# For more information about ARNs, see [Amazon Resource Names (ARNs)
|
|
3451
|
-
#
|
|
3597
|
+
# For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
|
|
3598
|
+
# in the *AWS General Reference*.
|
|
3452
3599
|
#
|
|
3453
3600
|
#
|
|
3454
3601
|
#
|
|
@@ -3554,8 +3701,8 @@ module Aws::IAM
|
|
|
3554
3701
|
end
|
|
3555
3702
|
|
|
3556
3703
|
# Generates a credential report for the AWS account. For more
|
|
3557
|
-
# information about the credential report, see [Getting
|
|
3558
|
-
#
|
|
3704
|
+
# information about the credential report, see [Getting credential
|
|
3705
|
+
# reports][1] in the *IAM User Guide*.
|
|
3559
3706
|
#
|
|
3560
3707
|
#
|
|
3561
3708
|
#
|
|
@@ -3586,12 +3733,12 @@ module Aws::IAM
|
|
|
3586
3733
|
# your organization.
|
|
3587
3734
|
#
|
|
3588
3735
|
# To call this operation, you must be signed in using your AWS
|
|
3589
|
-
# Organizations
|
|
3590
|
-
# IAM user or root user credentials, or temporary credentials
|
|
3591
|
-
# assuming an IAM role. SCPs must be enabled for your organization
|
|
3592
|
-
# You must have the required IAM and AWS Organizations
|
|
3593
|
-
# more information, see [Refining
|
|
3594
|
-
#
|
|
3736
|
+
# Organizations management account credentials. You can use your
|
|
3737
|
+
# long-term IAM user or root user credentials, or temporary credentials
|
|
3738
|
+
# from assuming an IAM role. SCPs must be enabled for your organization
|
|
3739
|
+
# root. You must have the required IAM and AWS Organizations
|
|
3740
|
+
# permissions. For more information, see [Refining permissions using
|
|
3741
|
+
# service last accessed data][1] in the *IAM User Guide*.
|
|
3595
3742
|
#
|
|
3596
3743
|
# You can generate a service last accessed data report for entities by
|
|
3597
3744
|
# specifying only the entity's path. This data includes a list of
|
|
@@ -3607,8 +3754,8 @@ module Aws::IAM
|
|
|
3607
3754
|
# recent account activity that the policy allows to account principals
|
|
3608
3755
|
# in the entity or the entity's children. For important information
|
|
3609
3756
|
# about the data, reporting period, permissions required,
|
|
3610
|
-
# troubleshooting, and supported Regions see [Reducing
|
|
3611
|
-
#
|
|
3757
|
+
# troubleshooting, and supported Regions see [Reducing permissions using
|
|
3758
|
+
# service last accessed data][1] in the *IAM User Guide*.
|
|
3612
3759
|
#
|
|
3613
3760
|
# The data includes all attempts to access AWS, not just the successful
|
|
3614
3761
|
# ones. This includes all attempts that were made using the AWS
|
|
@@ -3618,7 +3765,7 @@ module Aws::IAM
|
|
|
3618
3765
|
# request might have been denied. Refer to your CloudTrail logs as the
|
|
3619
3766
|
# authoritative source for information about all API calls and whether
|
|
3620
3767
|
# they were successful or denied access. For more information,
|
|
3621
|
-
# see [Logging IAM
|
|
3768
|
+
# see [Logging IAM events with CloudTrail][2] in the *IAM User Guide*.
|
|
3622
3769
|
#
|
|
3623
3770
|
# This operation returns a `JobId`. Use this parameter in the `
|
|
3624
3771
|
# GetOrganizationsAccessReport ` operation to check the status of the
|
|
@@ -3635,20 +3782,20 @@ module Aws::IAM
|
|
|
3635
3782
|
# * **Root** – When you specify the organizations root as the entity,
|
|
3636
3783
|
# the resulting report lists all of the services allowed by SCPs that
|
|
3637
3784
|
# are attached to your root. For each service, the report includes
|
|
3638
|
-
# data for all accounts in your organization except the
|
|
3639
|
-
# account, because the
|
|
3785
|
+
# data for all accounts in your organization except the management
|
|
3786
|
+
# account, because the management account is not limited by SCPs.
|
|
3640
3787
|
#
|
|
3641
3788
|
# * **OU** – When you specify an organizational unit (OU) as the entity,
|
|
3642
3789
|
# the resulting report lists all of the services allowed by SCPs that
|
|
3643
3790
|
# are attached to the OU and its parents. For each service, the report
|
|
3644
3791
|
# includes data for all accounts in the OU or its children. This data
|
|
3645
|
-
# excludes the
|
|
3646
|
-
# limited by SCPs.
|
|
3792
|
+
# excludes the management account, because the management account is
|
|
3793
|
+
# not limited by SCPs.
|
|
3647
3794
|
#
|
|
3648
|
-
# * **
|
|
3649
|
-
# resulting report lists all AWS services, because the
|
|
3650
|
-
# is not limited by SCPs. For each service, the report
|
|
3651
|
-
# for only the
|
|
3795
|
+
# * **management account** – When you specify the management account,
|
|
3796
|
+
# the resulting report lists all AWS services, because the management
|
|
3797
|
+
# account is not limited by SCPs. For each service, the report
|
|
3798
|
+
# includes data for only the management account.
|
|
3652
3799
|
#
|
|
3653
3800
|
# * **Account** – When you specify another account as the entity, the
|
|
3654
3801
|
# resulting report lists all of the services allowed by SCPs that are
|
|
@@ -3664,26 +3811,26 @@ module Aws::IAM
|
|
|
3664
3811
|
# resulting report lists all of the services that are allowed by the
|
|
3665
3812
|
# specified SCP. For each service, the report includes data for all
|
|
3666
3813
|
# accounts in your organization to which the SCP applies. This data
|
|
3667
|
-
# excludes the
|
|
3668
|
-
# limited by SCPs. If the SCP is not attached to any entities in
|
|
3669
|
-
# organization, then the report will return a list of services
|
|
3670
|
-
# data.
|
|
3814
|
+
# excludes the management account, because the management account is
|
|
3815
|
+
# not limited by SCPs. If the SCP is not attached to any entities in
|
|
3816
|
+
# the organization, then the report will return a list of services
|
|
3817
|
+
# with no data.
|
|
3671
3818
|
#
|
|
3672
3819
|
# * **OU** – When you specify an OU entity and a policy ID, the
|
|
3673
3820
|
# resulting report lists all of the services that are allowed by the
|
|
3674
3821
|
# specified SCP. For each service, the report includes data for all
|
|
3675
3822
|
# accounts in the OU or its children to which the SCP applies. This
|
|
3676
3823
|
# means that other accounts outside the OU that are affected by the
|
|
3677
|
-
# SCP might not be included in the data. This data excludes the
|
|
3678
|
-
# account, because the
|
|
3679
|
-
# SCP is not attached to the OU or one of its children,
|
|
3680
|
-
# will return a list of services with no data.
|
|
3824
|
+
# SCP might not be included in the data. This data excludes the
|
|
3825
|
+
# management account, because the management account is not limited by
|
|
3826
|
+
# SCPs. If the SCP is not attached to the OU or one of its children,
|
|
3827
|
+
# the report will return a list of services with no data.
|
|
3681
3828
|
#
|
|
3682
|
-
# * **
|
|
3683
|
-
# resulting report lists all AWS services, because the
|
|
3684
|
-
# is not limited by SCPs. If you specify a policy ID in the
|
|
3685
|
-
# API, the policy is ignored. For each service, the report
|
|
3686
|
-
# data for only the
|
|
3829
|
+
# * **management account** – When you specify the management account,
|
|
3830
|
+
# the resulting report lists all AWS services, because the management
|
|
3831
|
+
# account is not limited by SCPs. If you specify a policy ID in the
|
|
3832
|
+
# CLI or API, the policy is ignored. For each service, the report
|
|
3833
|
+
# includes data for only the management account.
|
|
3687
3834
|
#
|
|
3688
3835
|
# * **Account** – When you specify another account entity and a policy
|
|
3689
3836
|
# ID, the resulting report lists all of the services that are allowed
|
|
@@ -3698,12 +3845,12 @@ module Aws::IAM
|
|
|
3698
3845
|
# policy types include identity-based policies, resource-based policies,
|
|
3699
3846
|
# access control lists, IAM permissions boundaries, and STS assume role
|
|
3700
3847
|
# policies. It only applies SCP logic. For more about the evaluation of
|
|
3701
|
-
# policy types, see [Evaluating
|
|
3848
|
+
# policy types, see [Evaluating policies][3] in the *IAM User Guide*.
|
|
3702
3849
|
#
|
|
3703
3850
|
# </note>
|
|
3704
3851
|
#
|
|
3705
3852
|
# For more information about service last accessed data, see [Reducing
|
|
3706
|
-
#
|
|
3853
|
+
# policy scope by viewing user activity][1] in the *IAM User Guide*.
|
|
3707
3854
|
#
|
|
3708
3855
|
#
|
|
3709
3856
|
#
|
|
@@ -3771,7 +3918,7 @@ module Aws::IAM
|
|
|
3771
3918
|
# AWS services. Recent activity usually appears within four hours. IAM
|
|
3772
3919
|
# reports activity for the last 365 days, or less if your Region began
|
|
3773
3920
|
# supporting this feature within the last year. For more information,
|
|
3774
|
-
# see [Regions
|
|
3921
|
+
# see [Regions where data is tracked][1].
|
|
3775
3922
|
#
|
|
3776
3923
|
# The service last accessed data includes all attempts to access an AWS
|
|
3777
3924
|
# API, not just the successful ones. This includes all attempts that
|
|
@@ -3781,7 +3928,7 @@ module Aws::IAM
|
|
|
3781
3928
|
# compromised, because the request might have been denied. Refer to your
|
|
3782
3929
|
# CloudTrail logs as the authoritative source for information about all
|
|
3783
3930
|
# API calls and whether they were successful or denied access. For more
|
|
3784
|
-
# information, see [Logging IAM
|
|
3931
|
+
# information, see [Logging IAM events with CloudTrail][2] in the *IAM
|
|
3785
3932
|
# User Guide*.
|
|
3786
3933
|
#
|
|
3787
3934
|
# The `GenerateServiceLastAccessedDetails` operation returns a `JobId`.
|
|
@@ -3817,12 +3964,12 @@ module Aws::IAM
|
|
|
3817
3964
|
# AWS Organizations policies, IAM permissions boundaries, and AWS STS
|
|
3818
3965
|
# assume role policies. It only applies permissions policy logic. For
|
|
3819
3966
|
# more about the evaluation of policy types, see [Evaluating
|
|
3820
|
-
#
|
|
3967
|
+
# policies][3] in the *IAM User Guide*.
|
|
3821
3968
|
#
|
|
3822
3969
|
# </note>
|
|
3823
3970
|
#
|
|
3824
3971
|
# For more information about service and action last accessed data, see
|
|
3825
|
-
# [Reducing
|
|
3972
|
+
# [Reducing permissions using service last accessed data][4] in the *IAM
|
|
3826
3973
|
# User Guide*.
|
|
3827
3974
|
#
|
|
3828
3975
|
#
|
|
@@ -3928,12 +4075,12 @@ module Aws::IAM
|
|
|
3928
4075
|
|
|
3929
4076
|
# Retrieves information about all IAM users, groups, roles, and policies
|
|
3930
4077
|
# in your AWS account, including their relationships to one another. Use
|
|
3931
|
-
# this
|
|
3932
|
-
# (users, groups, roles, and policies) in your account.
|
|
4078
|
+
# this operation to obtain a snapshot of the configuration of IAM
|
|
4079
|
+
# permissions (users, groups, roles, and policies) in your account.
|
|
3933
4080
|
#
|
|
3934
|
-
# <note markdown="1"> Policies returned by this
|
|
3935
|
-
# 3986][1]. You can use a URL decoding method to convert the policy
|
|
3936
|
-
# to plain JSON text. For example, if you use Java, you can use the
|
|
4081
|
+
# <note markdown="1"> Policies returned by this operation are URL-encoded compliant with
|
|
4082
|
+
# [RFC 3986][1]. You can use a URL decoding method to convert the policy
|
|
4083
|
+
# back to plain JSON text. For example, if you use Java, you can use the
|
|
3937
4084
|
# `decode` method of the `java.net.URLDecoder` utility class in the Java
|
|
3938
4085
|
# SDK. Other languages and SDKs provide similar functionality.
|
|
3939
4086
|
#
|
|
@@ -4054,6 +4201,9 @@ module Aws::IAM
|
|
|
4054
4201
|
# resp.role_detail_list[0].instance_profile_list[0].roles[0].tags[0].value #=> String
|
|
4055
4202
|
# resp.role_detail_list[0].instance_profile_list[0].roles[0].role_last_used.last_used_date #=> Time
|
|
4056
4203
|
# resp.role_detail_list[0].instance_profile_list[0].roles[0].role_last_used.region #=> String
|
|
4204
|
+
# resp.role_detail_list[0].instance_profile_list[0].tags #=> Array
|
|
4205
|
+
# resp.role_detail_list[0].instance_profile_list[0].tags[0].key #=> String
|
|
4206
|
+
# resp.role_detail_list[0].instance_profile_list[0].tags[0].value #=> String
|
|
4057
4207
|
# resp.role_detail_list[0].role_policy_list #=> Array
|
|
4058
4208
|
# resp.role_detail_list[0].role_policy_list[0].policy_name #=> String
|
|
4059
4209
|
# resp.role_detail_list[0].role_policy_list[0].policy_document #=> String
|
|
@@ -4096,9 +4246,10 @@ module Aws::IAM
|
|
|
4096
4246
|
req.send_request(options)
|
|
4097
4247
|
end
|
|
4098
4248
|
|
|
4099
|
-
# Retrieves the password policy for the AWS account.
|
|
4100
|
-
#
|
|
4101
|
-
#
|
|
4249
|
+
# Retrieves the password policy for the AWS account. This tells you the
|
|
4250
|
+
# complexity requirements and mandatory rotation periods for the IAM
|
|
4251
|
+
# user passwords in your account. For more information about using a
|
|
4252
|
+
# password policy, see [Managing an IAM password policy][1].
|
|
4102
4253
|
#
|
|
4103
4254
|
#
|
|
4104
4255
|
#
|
|
@@ -4157,9 +4308,8 @@ module Aws::IAM
|
|
|
4157
4308
|
# Retrieves information about IAM entity usage and IAM quotas in the AWS
|
|
4158
4309
|
# account.
|
|
4159
4310
|
#
|
|
4160
|
-
#
|
|
4161
|
-
#
|
|
4162
|
-
# Guide*.
|
|
4311
|
+
# For information about IAM quotas, see [IAM and STS quotas][1] in the
|
|
4312
|
+
# *IAM User Guide*.
|
|
4163
4313
|
#
|
|
4164
4314
|
#
|
|
4165
4315
|
#
|
|
@@ -4292,8 +4442,8 @@ module Aws::IAM
|
|
|
4292
4442
|
# specified as strings. If you want to include *only* a list of policies
|
|
4293
4443
|
# by string, use GetContextKeysForCustomPolicy instead.
|
|
4294
4444
|
#
|
|
4295
|
-
# **Note:** This
|
|
4296
|
-
# to other users. If you do not want users to see other user's
|
|
4445
|
+
# **Note:** This operation discloses information about the permissions
|
|
4446
|
+
# granted to other users. If you do not want users to see other user's
|
|
4297
4447
|
# permissions, then consider allowing them to use
|
|
4298
4448
|
# GetContextKeysForCustomPolicy instead.
|
|
4299
4449
|
#
|
|
@@ -4313,8 +4463,8 @@ module Aws::IAM
|
|
|
4313
4463
|
# parameters are shown in unencoded form here for clarity, but must be
|
|
4314
4464
|
# URL encoded to be included as a part of a real HTML request.
|
|
4315
4465
|
#
|
|
4316
|
-
# For more information about ARNs, see [Amazon Resource Names (ARNs)
|
|
4317
|
-
#
|
|
4466
|
+
# For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
|
|
4467
|
+
# in the *AWS General Reference*.
|
|
4318
4468
|
#
|
|
4319
4469
|
#
|
|
4320
4470
|
#
|
|
@@ -4366,8 +4516,8 @@ module Aws::IAM
|
|
|
4366
4516
|
end
|
|
4367
4517
|
|
|
4368
4518
|
# Retrieves a credential report for the AWS account. For more
|
|
4369
|
-
# information about the credential report, see [Getting
|
|
4370
|
-
#
|
|
4519
|
+
# information about the credential report, see [Getting credential
|
|
4520
|
+
# reports][1] in the *IAM User Guide*.
|
|
4371
4521
|
#
|
|
4372
4522
|
#
|
|
4373
4523
|
#
|
|
@@ -4477,9 +4627,9 @@ module Aws::IAM
|
|
|
4477
4627
|
# Retrieves the specified inline policy document that is embedded in the
|
|
4478
4628
|
# specified IAM group.
|
|
4479
4629
|
#
|
|
4480
|
-
# <note markdown="1"> Policies returned by this
|
|
4481
|
-
# 3986][1]. You can use a URL decoding method to convert the policy
|
|
4482
|
-
# to plain JSON text. For example, if you use Java, you can use the
|
|
4630
|
+
# <note markdown="1"> Policies returned by this operation are URL-encoded compliant with
|
|
4631
|
+
# [RFC 3986][1]. You can use a URL decoding method to convert the policy
|
|
4632
|
+
# back to plain JSON text. For example, if you use Java, you can use the
|
|
4483
4633
|
# `decode` method of the `java.net.URLDecoder` utility class in the Java
|
|
4484
4634
|
# SDK. Other languages and SDKs provide similar functionality.
|
|
4485
4635
|
#
|
|
@@ -4490,8 +4640,8 @@ module Aws::IAM
|
|
|
4490
4640
|
# GetPolicy to determine the policy's default version, then use
|
|
4491
4641
|
# GetPolicyVersion to retrieve the policy document.
|
|
4492
4642
|
#
|
|
4493
|
-
# For more information about policies, see [Managed
|
|
4494
|
-
#
|
|
4643
|
+
# For more information about policies, see [Managed policies and inline
|
|
4644
|
+
# policies][2] in the *IAM User Guide*.
|
|
4495
4645
|
#
|
|
4496
4646
|
#
|
|
4497
4647
|
#
|
|
@@ -4552,7 +4702,7 @@ module Aws::IAM
|
|
|
4552
4702
|
|
|
4553
4703
|
# Retrieves information about the specified instance profile, including
|
|
4554
4704
|
# the instance profile's path, GUID, ARN, and role. For more
|
|
4555
|
-
# information about instance profiles, see [About
|
|
4705
|
+
# information about instance profiles, see [About instance profiles][1]
|
|
4556
4706
|
# in the *IAM User Guide*.
|
|
4557
4707
|
#
|
|
4558
4708
|
#
|
|
@@ -4634,6 +4784,9 @@ module Aws::IAM
|
|
|
4634
4784
|
# resp.instance_profile.roles[0].tags[0].value #=> String
|
|
4635
4785
|
# resp.instance_profile.roles[0].role_last_used.last_used_date #=> Time
|
|
4636
4786
|
# resp.instance_profile.roles[0].role_last_used.region #=> String
|
|
4787
|
+
# resp.instance_profile.tags #=> Array
|
|
4788
|
+
# resp.instance_profile.tags[0].key #=> String
|
|
4789
|
+
# resp.instance_profile.tags[0].value #=> String
|
|
4637
4790
|
#
|
|
4638
4791
|
#
|
|
4639
4792
|
# The following waiters are defined for this operation (see {Client#wait_until} for detailed usage):
|
|
@@ -4649,7 +4802,7 @@ module Aws::IAM
|
|
|
4649
4802
|
req.send_request(options)
|
|
4650
4803
|
end
|
|
4651
4804
|
|
|
4652
|
-
# Retrieves the user name and password
|
|
4805
|
+
# Retrieves the user name and password creation date for the specified
|
|
4653
4806
|
# IAM user. If the user has not been assigned a password, the operation
|
|
4654
4807
|
# returns a 404 (`NoSuchEntity`) error.
|
|
4655
4808
|
#
|
|
@@ -4715,8 +4868,8 @@ module Aws::IAM
|
|
|
4715
4868
|
# IAM to get information for. You can get a list of OIDC provider
|
|
4716
4869
|
# resource ARNs by using the ListOpenIDConnectProviders operation.
|
|
4717
4870
|
#
|
|
4718
|
-
# For more information about ARNs, see [Amazon Resource Names (ARNs)
|
|
4719
|
-
#
|
|
4871
|
+
# For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
|
|
4872
|
+
# in the *AWS General Reference*.
|
|
4720
4873
|
#
|
|
4721
4874
|
#
|
|
4722
4875
|
#
|
|
@@ -4728,6 +4881,7 @@ module Aws::IAM
|
|
|
4728
4881
|
# * {Types::GetOpenIDConnectProviderResponse#client_id_list #client_id_list} => Array<String>
|
|
4729
4882
|
# * {Types::GetOpenIDConnectProviderResponse#thumbprint_list #thumbprint_list} => Array<String>
|
|
4730
4883
|
# * {Types::GetOpenIDConnectProviderResponse#create_date #create_date} => Time
|
|
4884
|
+
# * {Types::GetOpenIDConnectProviderResponse#tags #tags} => Array<Types::Tag>
|
|
4731
4885
|
#
|
|
4732
4886
|
# @example Request syntax with placeholder values
|
|
4733
4887
|
#
|
|
@@ -4743,6 +4897,9 @@ module Aws::IAM
|
|
|
4743
4897
|
# resp.thumbprint_list #=> Array
|
|
4744
4898
|
# resp.thumbprint_list[0] #=> String
|
|
4745
4899
|
# resp.create_date #=> Time
|
|
4900
|
+
# resp.tags #=> Array
|
|
4901
|
+
# resp.tags[0].key #=> String
|
|
4902
|
+
# resp.tags[0].value #=> String
|
|
4746
4903
|
#
|
|
4747
4904
|
# @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetOpenIDConnectProvider AWS API Documentation
|
|
4748
4905
|
#
|
|
@@ -4762,11 +4919,11 @@ module Aws::IAM
|
|
|
4762
4919
|
# report, the data returned could include different information. For
|
|
4763
4920
|
# details, see GenerateOrganizationsAccessReport.
|
|
4764
4921
|
#
|
|
4765
|
-
# To call this operation, you must be signed in to the
|
|
4766
|
-
# your organization. SCPs must be enabled for your
|
|
4767
|
-
# You must have permissions to perform this
|
|
4768
|
-
# information, see [Refining
|
|
4769
|
-
#
|
|
4922
|
+
# To call this operation, you must be signed in to the management
|
|
4923
|
+
# account in your organization. SCPs must be enabled for your
|
|
4924
|
+
# organization root. You must have permissions to perform this
|
|
4925
|
+
# operation. For more information, see [Refining permissions using
|
|
4926
|
+
# service last accessed data][1] in the *IAM User Guide*.
|
|
4770
4927
|
#
|
|
4771
4928
|
# For each service that principals in an account (root users, IAM users,
|
|
4772
4929
|
# or IAM roles) could access using SCPs, the operation returns details
|
|
@@ -4902,17 +5059,17 @@ module Aws::IAM
|
|
|
4902
5059
|
# the policy's default version and the total number of IAM users,
|
|
4903
5060
|
# groups, and roles to which the policy is attached. To retrieve the
|
|
4904
5061
|
# list of the specific users, groups, and roles that the policy is
|
|
4905
|
-
# attached to, use
|
|
5062
|
+
# attached to, use ListEntitiesForPolicy. This operation returns
|
|
4906
5063
|
# metadata about the policy. To retrieve the actual policy document for
|
|
4907
5064
|
# a specific version of the policy, use GetPolicyVersion.
|
|
4908
5065
|
#
|
|
4909
|
-
# This
|
|
4910
|
-
# information about an inline policy that is embedded with an
|
|
4911
|
-
# group, or role, use
|
|
4912
|
-
# GetRolePolicy
|
|
5066
|
+
# This operation retrieves information about managed policies. To
|
|
5067
|
+
# retrieve information about an inline policy that is embedded with an
|
|
5068
|
+
# IAM user, group, or role, use GetUserPolicy, GetGroupPolicy, or
|
|
5069
|
+
# GetRolePolicy.
|
|
4913
5070
|
#
|
|
4914
|
-
# For more information about policies, see [Managed
|
|
4915
|
-
#
|
|
5071
|
+
# For more information about policies, see [Managed policies and inline
|
|
5072
|
+
# policies][1] in the *IAM User Guide*.
|
|
4916
5073
|
#
|
|
4917
5074
|
#
|
|
4918
5075
|
#
|
|
@@ -4922,8 +5079,8 @@ module Aws::IAM
|
|
|
4922
5079
|
# The Amazon Resource Name (ARN) of the managed policy that you want
|
|
4923
5080
|
# information about.
|
|
4924
5081
|
#
|
|
4925
|
-
# For more information about ARNs, see [Amazon Resource Names (ARNs)
|
|
4926
|
-
#
|
|
5082
|
+
# For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
|
|
5083
|
+
# in the *AWS General Reference*.
|
|
4927
5084
|
#
|
|
4928
5085
|
#
|
|
4929
5086
|
#
|
|
@@ -4952,6 +5109,9 @@ module Aws::IAM
|
|
|
4952
5109
|
# resp.policy.description #=> String
|
|
4953
5110
|
# resp.policy.create_date #=> Time
|
|
4954
5111
|
# resp.policy.update_date #=> Time
|
|
5112
|
+
# resp.policy.tags #=> Array
|
|
5113
|
+
# resp.policy.tags[0].key #=> String
|
|
5114
|
+
# resp.policy.tags[0].value #=> String
|
|
4955
5115
|
#
|
|
4956
5116
|
#
|
|
4957
5117
|
# The following waiters are defined for this operation (see {Client#wait_until} for detailed usage):
|
|
@@ -4970,9 +5130,9 @@ module Aws::IAM
|
|
|
4970
5130
|
# Retrieves information about the specified version of the specified
|
|
4971
5131
|
# managed policy, including the policy document.
|
|
4972
5132
|
#
|
|
4973
|
-
# <note markdown="1"> Policies returned by this
|
|
4974
|
-
# 3986][1]. You can use a URL decoding method to convert the policy
|
|
4975
|
-
# to plain JSON text. For example, if you use Java, you can use the
|
|
5133
|
+
# <note markdown="1"> Policies returned by this operation are URL-encoded compliant with
|
|
5134
|
+
# [RFC 3986][1]. You can use a URL decoding method to convert the policy
|
|
5135
|
+
# back to plain JSON text. For example, if you use Java, you can use the
|
|
4976
5136
|
# `decode` method of the `java.net.URLDecoder` utility class in the Java
|
|
4977
5137
|
# SDK. Other languages and SDKs provide similar functionality.
|
|
4978
5138
|
#
|
|
@@ -4980,15 +5140,16 @@ module Aws::IAM
|
|
|
4980
5140
|
#
|
|
4981
5141
|
# To list the available versions for a policy, use ListPolicyVersions.
|
|
4982
5142
|
#
|
|
4983
|
-
# This
|
|
4984
|
-
# information about an inline policy that is embedded in a
|
|
4985
|
-
# or role, use
|
|
5143
|
+
# This operation retrieves information about managed policies. To
|
|
5144
|
+
# retrieve information about an inline policy that is embedded in a
|
|
5145
|
+
# user, group, or role, use GetUserPolicy, GetGroupPolicy, or
|
|
5146
|
+
# GetRolePolicy.
|
|
4986
5147
|
#
|
|
4987
5148
|
# For more information about the types of policies, see [Managed
|
|
4988
|
-
#
|
|
5149
|
+
# policies and inline policies][2] in the *IAM User Guide*.
|
|
4989
5150
|
#
|
|
4990
5151
|
# For more information about managed policy versions, see [Versioning
|
|
4991
|
-
# for
|
|
5152
|
+
# for managed policies][3] in the *IAM User Guide*.
|
|
4992
5153
|
#
|
|
4993
5154
|
#
|
|
4994
5155
|
#
|
|
@@ -5000,8 +5161,8 @@ module Aws::IAM
|
|
|
5000
5161
|
# The Amazon Resource Name (ARN) of the managed policy that you want
|
|
5001
5162
|
# information about.
|
|
5002
5163
|
#
|
|
5003
|
-
# For more information about ARNs, see [Amazon Resource Names (ARNs)
|
|
5004
|
-
#
|
|
5164
|
+
# For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
|
|
5165
|
+
# in the *AWS General Reference*.
|
|
5005
5166
|
#
|
|
5006
5167
|
#
|
|
5007
5168
|
#
|
|
@@ -5049,11 +5210,11 @@ module Aws::IAM
|
|
|
5049
5210
|
# Retrieves information about the specified role, including the role's
|
|
5050
5211
|
# path, GUID, ARN, and the role's trust policy that grants permission
|
|
5051
5212
|
# to assume the role. For more information about roles, see [Working
|
|
5052
|
-
# with
|
|
5213
|
+
# with roles][1].
|
|
5053
5214
|
#
|
|
5054
|
-
# <note markdown="1"> Policies returned by this
|
|
5055
|
-
# 3986][2]. You can use a URL decoding method to convert the policy
|
|
5056
|
-
# to plain JSON text. For example, if you use Java, you can use the
|
|
5215
|
+
# <note markdown="1"> Policies returned by this operation are URL-encoded compliant with
|
|
5216
|
+
# [RFC 3986][2]. You can use a URL decoding method to convert the policy
|
|
5217
|
+
# back to plain JSON text. For example, if you use Java, you can use the
|
|
5057
5218
|
# `decode` method of the `java.net.URLDecoder` utility class in the Java
|
|
5058
5219
|
# SDK. Other languages and SDKs provide similar functionality.
|
|
5059
5220
|
#
|
|
@@ -5147,9 +5308,9 @@ module Aws::IAM
|
|
|
5147
5308
|
# Retrieves the specified inline policy document that is embedded with
|
|
5148
5309
|
# the specified IAM role.
|
|
5149
5310
|
#
|
|
5150
|
-
# <note markdown="1"> Policies returned by this
|
|
5151
|
-
# 3986][1]. You can use a URL decoding method to convert the policy
|
|
5152
|
-
# to plain JSON text. For example, if you use Java, you can use the
|
|
5311
|
+
# <note markdown="1"> Policies returned by this operation are URL-encoded compliant with
|
|
5312
|
+
# [RFC 3986][1]. You can use a URL decoding method to convert the policy
|
|
5313
|
+
# back to plain JSON text. For example, if you use Java, you can use the
|
|
5153
5314
|
# `decode` method of the `java.net.URLDecoder` utility class in the Java
|
|
5154
5315
|
# SDK. Other languages and SDKs provide similar functionality.
|
|
5155
5316
|
#
|
|
@@ -5160,11 +5321,11 @@ module Aws::IAM
|
|
|
5160
5321
|
# determine the policy's default version, then use GetPolicyVersion to
|
|
5161
5322
|
# retrieve the policy document.
|
|
5162
5323
|
#
|
|
5163
|
-
# For more information about policies, see [Managed
|
|
5164
|
-
#
|
|
5324
|
+
# For more information about policies, see [Managed policies and inline
|
|
5325
|
+
# policies][2] in the *IAM User Guide*.
|
|
5165
5326
|
#
|
|
5166
|
-
# For more information about roles, see [Using
|
|
5167
|
-
#
|
|
5327
|
+
# For more information about roles, see [Using roles to delegate
|
|
5328
|
+
# permissions and federate identities][3].
|
|
5168
5329
|
#
|
|
5169
5330
|
#
|
|
5170
5331
|
#
|
|
@@ -5239,8 +5400,8 @@ module Aws::IAM
|
|
|
5239
5400
|
# The Amazon Resource Name (ARN) of the SAML provider resource object in
|
|
5240
5401
|
# IAM to get information about.
|
|
5241
5402
|
#
|
|
5242
|
-
# For more information about ARNs, see [Amazon Resource Names (ARNs)
|
|
5243
|
-
#
|
|
5403
|
+
# For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
|
|
5404
|
+
# in the *AWS General Reference*.
|
|
5244
5405
|
#
|
|
5245
5406
|
#
|
|
5246
5407
|
#
|
|
@@ -5251,6 +5412,7 @@ module Aws::IAM
|
|
|
5251
5412
|
# * {Types::GetSAMLProviderResponse#saml_metadata_document #saml_metadata_document} => String
|
|
5252
5413
|
# * {Types::GetSAMLProviderResponse#create_date #create_date} => Time
|
|
5253
5414
|
# * {Types::GetSAMLProviderResponse#valid_until #valid_until} => Time
|
|
5415
|
+
# * {Types::GetSAMLProviderResponse#tags #tags} => Array<Types::Tag>
|
|
5254
5416
|
#
|
|
5255
5417
|
# @example Request syntax with placeholder values
|
|
5256
5418
|
#
|
|
@@ -5263,6 +5425,9 @@ module Aws::IAM
|
|
|
5263
5425
|
# resp.saml_metadata_document #=> String
|
|
5264
5426
|
# resp.create_date #=> Time
|
|
5265
5427
|
# resp.valid_until #=> Time
|
|
5428
|
+
# resp.tags #=> Array
|
|
5429
|
+
# resp.tags[0].key #=> String
|
|
5430
|
+
# resp.tags[0].value #=> String
|
|
5266
5431
|
#
|
|
5267
5432
|
# @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetSAMLProvider AWS API Documentation
|
|
5268
5433
|
#
|
|
@@ -5280,7 +5445,7 @@ module Aws::IAM
|
|
|
5280
5445
|
# authenticating the associated IAM user to an AWS CodeCommit
|
|
5281
5446
|
# repository. For more information about using SSH keys to authenticate
|
|
5282
5447
|
# to an AWS CodeCommit repository, see [Set up AWS CodeCommit for SSH
|
|
5283
|
-
#
|
|
5448
|
+
# connections][1] in the *AWS CodeCommit User Guide*.
|
|
5284
5449
|
#
|
|
5285
5450
|
#
|
|
5286
5451
|
#
|
|
@@ -5348,7 +5513,7 @@ module Aws::IAM
|
|
|
5348
5513
|
# IAM.
|
|
5349
5514
|
#
|
|
5350
5515
|
# For more information about working with server certificates, see
|
|
5351
|
-
# [Working with
|
|
5516
|
+
# [Working with server certificates][1] in the *IAM User Guide*. This
|
|
5352
5517
|
# topic includes a list of AWS services that can use the server
|
|
5353
5518
|
# certificates that you manage with IAM.
|
|
5354
5519
|
#
|
|
@@ -5389,6 +5554,9 @@ module Aws::IAM
|
|
|
5389
5554
|
# resp.server_certificate.server_certificate_metadata.expiration #=> Time
|
|
5390
5555
|
# resp.server_certificate.certificate_body #=> String
|
|
5391
5556
|
# resp.server_certificate.certificate_chain #=> String
|
|
5557
|
+
# resp.server_certificate.tags #=> Array
|
|
5558
|
+
# resp.server_certificate.tags[0].key #=> String
|
|
5559
|
+
# resp.server_certificate.tags[0].value #=> String
|
|
5392
5560
|
#
|
|
5393
5561
|
# @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetServerCertificate AWS API Documentation
|
|
5394
5562
|
#
|
|
@@ -5413,7 +5581,7 @@ module Aws::IAM
|
|
|
5413
5581
|
# AWS Organizations policies, IAM permissions boundaries, and AWS STS
|
|
5414
5582
|
# assume role policies. It only applies permissions policy logic. For
|
|
5415
5583
|
# more about the evaluation of policy types, see [Evaluating
|
|
5416
|
-
#
|
|
5584
|
+
# policies][1] in the *IAM User Guide*.
|
|
5417
5585
|
#
|
|
5418
5586
|
# </note>
|
|
5419
5587
|
#
|
|
@@ -5448,7 +5616,7 @@ module Aws::IAM
|
|
|
5448
5616
|
# within a service. Otherwise, this operation returns only service data.
|
|
5449
5617
|
#
|
|
5450
5618
|
# For more information about service and action last accessed data, see
|
|
5451
|
-
# [Reducing
|
|
5619
|
+
# [Reducing permissions using service last accessed data][2] in the *IAM
|
|
5452
5620
|
# User Guide*.
|
|
5453
5621
|
#
|
|
5454
5622
|
#
|
|
@@ -5596,17 +5764,16 @@ module Aws::IAM
|
|
|
5596
5764
|
# namespace to learn when the IAM entity last attempted to access the
|
|
5597
5765
|
# specified service.
|
|
5598
5766
|
#
|
|
5599
|
-
# To learn the service namespace for a service,
|
|
5600
|
-
#
|
|
5601
|
-
#
|
|
5602
|
-
#
|
|
5603
|
-
#
|
|
5604
|
-
# namespaces
|
|
5605
|
-
# Reference*.
|
|
5767
|
+
# To learn the service namespace for a service, see [Actions, resources,
|
|
5768
|
+
# and condition keys for AWS services][1] in the *IAM User Guide*.
|
|
5769
|
+
# Choose the name of the service to view details for that service. In
|
|
5770
|
+
# the first paragraph, find the service prefix. For example, `(service
|
|
5771
|
+
# prefix: a4b)`. For more information about service namespaces, see [AWS
|
|
5772
|
+
# service namespaces][2] in the *AWS General Reference*.
|
|
5606
5773
|
#
|
|
5607
5774
|
#
|
|
5608
5775
|
#
|
|
5609
|
-
# [1]: https://docs.aws.amazon.com/
|
|
5776
|
+
# [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/reference_policies_actions-resources-contextkeys.html
|
|
5610
5777
|
# [2]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#genref-aws-service-namespaces
|
|
5611
5778
|
#
|
|
5612
5779
|
# @option params [Integer] :max_items
|
|
@@ -5711,11 +5878,11 @@ module Aws::IAM
|
|
|
5711
5878
|
end
|
|
5712
5879
|
|
|
5713
5880
|
# Retrieves the status of your service-linked role deletion. After you
|
|
5714
|
-
# use
|
|
5715
|
-
#
|
|
5716
|
-
#
|
|
5717
|
-
#
|
|
5718
|
-
#
|
|
5881
|
+
# use DeleteServiceLinkedRole to submit a service-linked role for
|
|
5882
|
+
# deletion, you can use the `DeletionTaskId` parameter in
|
|
5883
|
+
# `GetServiceLinkedRoleDeletionStatus` to check the status of the
|
|
5884
|
+
# deletion. If the deletion fails, this operation returns the reason
|
|
5885
|
+
# that it failed, if that information is returned by the service.
|
|
5719
5886
|
#
|
|
5720
5887
|
# @option params [required, String] :deletion_task_id
|
|
5721
5888
|
# The deletion task identifier. This identifier is returned by the
|
|
@@ -5756,7 +5923,7 @@ module Aws::IAM
|
|
|
5756
5923
|
#
|
|
5757
5924
|
# If you do not specify a user name, IAM determines the user name
|
|
5758
5925
|
# implicitly based on the AWS access key ID used to sign the request to
|
|
5759
|
-
# this
|
|
5926
|
+
# this operation.
|
|
5760
5927
|
#
|
|
5761
5928
|
# @option params [String] :user_name
|
|
5762
5929
|
# The name of the user to get information about.
|
|
@@ -5832,9 +5999,9 @@ module Aws::IAM
|
|
|
5832
5999
|
# Retrieves the specified inline policy document that is embedded in the
|
|
5833
6000
|
# specified IAM user.
|
|
5834
6001
|
#
|
|
5835
|
-
# <note markdown="1"> Policies returned by this
|
|
5836
|
-
# 3986][1]. You can use a URL decoding method to convert the policy
|
|
5837
|
-
# to plain JSON text. For example, if you use Java, you can use the
|
|
6002
|
+
# <note markdown="1"> Policies returned by this operation are URL-encoded compliant with
|
|
6003
|
+
# [RFC 3986][1]. You can use a URL decoding method to convert the policy
|
|
6004
|
+
# back to plain JSON text. For example, if you use Java, you can use the
|
|
5838
6005
|
# `decode` method of the `java.net.URLDecoder` utility class in the Java
|
|
5839
6006
|
# SDK. Other languages and SDKs provide similar functionality.
|
|
5840
6007
|
#
|
|
@@ -5845,8 +6012,8 @@ module Aws::IAM
|
|
|
5845
6012
|
# determine the policy's default version. Then use GetPolicyVersion to
|
|
5846
6013
|
# retrieve the policy document.
|
|
5847
6014
|
#
|
|
5848
|
-
# For more information about policies, see [Managed
|
|
5849
|
-
#
|
|
6015
|
+
# For more information about policies, see [Managed policies and inline
|
|
6016
|
+
# policies][2] in the *IAM User Guide*.
|
|
5850
6017
|
#
|
|
5851
6018
|
#
|
|
5852
6019
|
#
|
|
@@ -6016,7 +6183,7 @@ module Aws::IAM
|
|
|
6016
6183
|
|
|
6017
6184
|
# Lists the account alias associated with the AWS account (Note: you can
|
|
6018
6185
|
# have only one). For information about using an AWS account alias, see
|
|
6019
|
-
# [Using an
|
|
6186
|
+
# [Using an alias for your AWS account ID][1] in the *IAM User Guide*.
|
|
6020
6187
|
#
|
|
6021
6188
|
#
|
|
6022
6189
|
#
|
|
@@ -6089,9 +6256,9 @@ module Aws::IAM
|
|
|
6089
6256
|
# group.
|
|
6090
6257
|
#
|
|
6091
6258
|
# An IAM group can also have inline policies embedded with it. To list
|
|
6092
|
-
# the inline policies for a group, use
|
|
6093
|
-
# information about policies, see [Managed
|
|
6094
|
-
#
|
|
6259
|
+
# the inline policies for a group, use ListGroupPolicies. For
|
|
6260
|
+
# information about policies, see [Managed policies and inline
|
|
6261
|
+
# policies][1] in the *IAM User Guide*.
|
|
6095
6262
|
#
|
|
6096
6263
|
# You can paginate the results using the `MaxItems` and `Marker`
|
|
6097
6264
|
# parameters. You can use the `PathPrefix` parameter to limit the list
|
|
@@ -6187,9 +6354,9 @@ module Aws::IAM
|
|
|
6187
6354
|
# role.
|
|
6188
6355
|
#
|
|
6189
6356
|
# An IAM role can also have inline policies embedded with it. To list
|
|
6190
|
-
# the inline policies for a role, use
|
|
6191
|
-
#
|
|
6192
|
-
#
|
|
6357
|
+
# the inline policies for a role, use ListRolePolicies. For information
|
|
6358
|
+
# about policies, see [Managed policies and inline policies][1] in the
|
|
6359
|
+
# *IAM User Guide*.
|
|
6193
6360
|
#
|
|
6194
6361
|
# You can paginate the results using the `MaxItems` and `Marker`
|
|
6195
6362
|
# parameters. You can use the `PathPrefix` parameter to limit the list
|
|
@@ -6285,9 +6452,9 @@ module Aws::IAM
|
|
|
6285
6452
|
# user.
|
|
6286
6453
|
#
|
|
6287
6454
|
# An IAM user can also have inline policies embedded with it. To list
|
|
6288
|
-
# the inline policies for a user, use
|
|
6289
|
-
#
|
|
6290
|
-
#
|
|
6455
|
+
# the inline policies for a user, use ListUserPolicies. For information
|
|
6456
|
+
# about policies, see [Managed policies and inline policies][1] in the
|
|
6457
|
+
# *IAM User Guide*.
|
|
6291
6458
|
#
|
|
6292
6459
|
# You can paginate the results using the `MaxItems` and `Marker`
|
|
6293
6460
|
# parameters. You can use the `PathPrefix` parameter to limit the list
|
|
@@ -6394,8 +6561,8 @@ module Aws::IAM
|
|
|
6394
6561
|
# The Amazon Resource Name (ARN) of the IAM policy for which you want
|
|
6395
6562
|
# the versions.
|
|
6396
6563
|
#
|
|
6397
|
-
# For more information about ARNs, see [Amazon Resource Names (ARNs)
|
|
6398
|
-
#
|
|
6564
|
+
# For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
|
|
6565
|
+
# in the *AWS General Reference*.
|
|
6399
6566
|
#
|
|
6400
6567
|
#
|
|
6401
6568
|
#
|
|
@@ -6504,7 +6671,7 @@ module Aws::IAM
|
|
|
6504
6671
|
# An IAM group can also have managed policies attached to it. To list
|
|
6505
6672
|
# the managed policies that are attached to a group, use
|
|
6506
6673
|
# ListAttachedGroupPolicies. For more information about policies, see
|
|
6507
|
-
# [Managed
|
|
6674
|
+
# [Managed policies and inline policies][1] in the *IAM User Guide*.
|
|
6508
6675
|
#
|
|
6509
6676
|
# You can paginate the results using the `MaxItems` and `Marker`
|
|
6510
6677
|
# parameters. If there are no inline policies embedded with the
|
|
@@ -6801,10 +6968,87 @@ module Aws::IAM
|
|
|
6801
6968
|
req.send_request(options)
|
|
6802
6969
|
end
|
|
6803
6970
|
|
|
6971
|
+
# Lists the tags that are attached to the specified IAM instance
|
|
6972
|
+
# profile. The returned list of tags is sorted by tag key. For more
|
|
6973
|
+
# information about tagging, see [Tagging IAM resources][1] in the *IAM
|
|
6974
|
+
# User Guide*.
|
|
6975
|
+
#
|
|
6976
|
+
#
|
|
6977
|
+
#
|
|
6978
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
|
|
6979
|
+
#
|
|
6980
|
+
# @option params [required, String] :instance_profile_name
|
|
6981
|
+
# The name of the IAM instance profile whose tags you want to see.
|
|
6982
|
+
#
|
|
6983
|
+
# This parameter accepts (through its [regex pattern][1]) a string of
|
|
6984
|
+
# characters that consist of upper and lowercase alphanumeric characters
|
|
6985
|
+
# with no spaces. You can also include any of the following characters:
|
|
6986
|
+
# =,.@-
|
|
6987
|
+
#
|
|
6988
|
+
#
|
|
6989
|
+
#
|
|
6990
|
+
# [1]: http://wikipedia.org/wiki/regex
|
|
6991
|
+
#
|
|
6992
|
+
# @option params [String] :marker
|
|
6993
|
+
# Use this parameter only when paginating results and only after you
|
|
6994
|
+
# receive a response indicating that the results are truncated. Set it
|
|
6995
|
+
# to the value of the `Marker` element in the response that you received
|
|
6996
|
+
# to indicate where the next call should start.
|
|
6997
|
+
#
|
|
6998
|
+
# @option params [Integer] :max_items
|
|
6999
|
+
# (Optional) Use this only when paginating results to indicate the
|
|
7000
|
+
# maximum number of items that you want in the response. If additional
|
|
7001
|
+
# items exist beyond the maximum that you specify, the `IsTruncated`
|
|
7002
|
+
# response element is `true`.
|
|
7003
|
+
#
|
|
7004
|
+
# If you do not include this parameter, it defaults to 100. Note that
|
|
7005
|
+
# IAM might return fewer results, even when more results are available.
|
|
7006
|
+
# In that case, the `IsTruncated` response element returns `true`, and
|
|
7007
|
+
# `Marker` contains a value to include in the subsequent call that tells
|
|
7008
|
+
# the service where to continue from.
|
|
7009
|
+
#
|
|
7010
|
+
# @return [Types::ListInstanceProfileTagsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
|
7011
|
+
#
|
|
7012
|
+
# * {Types::ListInstanceProfileTagsResponse#tags #tags} => Array<Types::Tag>
|
|
7013
|
+
# * {Types::ListInstanceProfileTagsResponse#is_truncated #is_truncated} => Boolean
|
|
7014
|
+
# * {Types::ListInstanceProfileTagsResponse#marker #marker} => String
|
|
7015
|
+
#
|
|
7016
|
+
# @example Request syntax with placeholder values
|
|
7017
|
+
#
|
|
7018
|
+
# resp = client.list_instance_profile_tags({
|
|
7019
|
+
# instance_profile_name: "instanceProfileNameType", # required
|
|
7020
|
+
# marker: "markerType",
|
|
7021
|
+
# max_items: 1,
|
|
7022
|
+
# })
|
|
7023
|
+
#
|
|
7024
|
+
# @example Response structure
|
|
7025
|
+
#
|
|
7026
|
+
# resp.tags #=> Array
|
|
7027
|
+
# resp.tags[0].key #=> String
|
|
7028
|
+
# resp.tags[0].value #=> String
|
|
7029
|
+
# resp.is_truncated #=> Boolean
|
|
7030
|
+
# resp.marker #=> String
|
|
7031
|
+
#
|
|
7032
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListInstanceProfileTags AWS API Documentation
|
|
7033
|
+
#
|
|
7034
|
+
# @overload list_instance_profile_tags(params = {})
|
|
7035
|
+
# @param [Hash] params ({})
|
|
7036
|
+
def list_instance_profile_tags(params = {}, options = {})
|
|
7037
|
+
req = build_request(:list_instance_profile_tags, params)
|
|
7038
|
+
req.send_request(options)
|
|
7039
|
+
end
|
|
7040
|
+
|
|
6804
7041
|
# Lists the instance profiles that have the specified path prefix. If
|
|
6805
7042
|
# there are none, the operation returns an empty list. For more
|
|
6806
|
-
# information about instance profiles,
|
|
6807
|
-
#
|
|
7043
|
+
# information about instance profiles, see [About instance profiles][1].
|
|
7044
|
+
#
|
|
7045
|
+
# <note markdown="1"> IAM resource-listing operations return a subset of the available
|
|
7046
|
+
# attributes for the resource. For example, this operation does not
|
|
7047
|
+
# return tags, even though they are an attribute of the returned object.
|
|
7048
|
+
# To view all of the information for an instance profile, see
|
|
7049
|
+
# GetInstanceProfile.
|
|
7050
|
+
#
|
|
7051
|
+
# </note>
|
|
6808
7052
|
#
|
|
6809
7053
|
# You can paginate the results using the `MaxItems` and `Marker`
|
|
6810
7054
|
# parameters.
|
|
@@ -6888,6 +7132,9 @@ module Aws::IAM
|
|
|
6888
7132
|
# resp.instance_profiles[0].roles[0].tags[0].value #=> String
|
|
6889
7133
|
# resp.instance_profiles[0].roles[0].role_last_used.last_used_date #=> Time
|
|
6890
7134
|
# resp.instance_profiles[0].roles[0].role_last_used.region #=> String
|
|
7135
|
+
# resp.instance_profiles[0].tags #=> Array
|
|
7136
|
+
# resp.instance_profiles[0].tags[0].key #=> String
|
|
7137
|
+
# resp.instance_profiles[0].tags[0].value #=> String
|
|
6891
7138
|
# resp.is_truncated #=> Boolean
|
|
6892
7139
|
# resp.marker #=> String
|
|
6893
7140
|
#
|
|
@@ -6902,8 +7149,8 @@ module Aws::IAM
|
|
|
6902
7149
|
|
|
6903
7150
|
# Lists the instance profiles that have the specified associated IAM
|
|
6904
7151
|
# role. If there are none, the operation returns an empty list. For more
|
|
6905
|
-
# information about instance profiles, go to [About
|
|
6906
|
-
#
|
|
7152
|
+
# information about instance profiles, go to [About instance
|
|
7153
|
+
# profiles][1].
|
|
6907
7154
|
#
|
|
6908
7155
|
# You can paginate the results using the `MaxItems` and `Marker`
|
|
6909
7156
|
# parameters.
|
|
@@ -6981,6 +7228,9 @@ module Aws::IAM
|
|
|
6981
7228
|
# resp.instance_profiles[0].roles[0].tags[0].value #=> String
|
|
6982
7229
|
# resp.instance_profiles[0].roles[0].role_last_used.last_used_date #=> Time
|
|
6983
7230
|
# resp.instance_profiles[0].roles[0].role_last_used.region #=> String
|
|
7231
|
+
# resp.instance_profiles[0].tags #=> Array
|
|
7232
|
+
# resp.instance_profiles[0].tags[0].key #=> String
|
|
7233
|
+
# resp.instance_profiles[0].tags[0].value #=> String
|
|
6984
7234
|
# resp.is_truncated #=> Boolean
|
|
6985
7235
|
# resp.marker #=> String
|
|
6986
7236
|
#
|
|
@@ -6993,11 +7243,83 @@ module Aws::IAM
|
|
|
6993
7243
|
req.send_request(options)
|
|
6994
7244
|
end
|
|
6995
7245
|
|
|
7246
|
+
# Lists the tags that are attached to the specified IAM virtual
|
|
7247
|
+
# multi-factor authentication (MFA) device. The returned list of tags is
|
|
7248
|
+
# sorted by tag key. For more information about tagging, see [Tagging
|
|
7249
|
+
# IAM resources][1] in the *IAM User Guide*.
|
|
7250
|
+
#
|
|
7251
|
+
#
|
|
7252
|
+
#
|
|
7253
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
|
|
7254
|
+
#
|
|
7255
|
+
# @option params [required, String] :serial_number
|
|
7256
|
+
# The unique identifier for the IAM virtual MFA device whose tags you
|
|
7257
|
+
# want to see. For virtual MFA devices, the serial number is the same as
|
|
7258
|
+
# the ARN.
|
|
7259
|
+
#
|
|
7260
|
+
# This parameter accepts (through its [regex pattern][1]) a string of
|
|
7261
|
+
# characters that consist of upper and lowercase alphanumeric characters
|
|
7262
|
+
# with no spaces. You can also include any of the following characters:
|
|
7263
|
+
# =,.@-
|
|
7264
|
+
#
|
|
7265
|
+
#
|
|
7266
|
+
#
|
|
7267
|
+
# [1]: http://wikipedia.org/wiki/regex
|
|
7268
|
+
#
|
|
7269
|
+
# @option params [String] :marker
|
|
7270
|
+
# Use this parameter only when paginating results and only after you
|
|
7271
|
+
# receive a response indicating that the results are truncated. Set it
|
|
7272
|
+
# to the value of the `Marker` element in the response that you received
|
|
7273
|
+
# to indicate where the next call should start.
|
|
7274
|
+
#
|
|
7275
|
+
# @option params [Integer] :max_items
|
|
7276
|
+
# (Optional) Use this only when paginating results to indicate the
|
|
7277
|
+
# maximum number of items that you want in the response. If additional
|
|
7278
|
+
# items exist beyond the maximum that you specify, the `IsTruncated`
|
|
7279
|
+
# response element is `true`.
|
|
7280
|
+
#
|
|
7281
|
+
# If you do not include this parameter, it defaults to 100. Note that
|
|
7282
|
+
# IAM might return fewer results, even when more results are available.
|
|
7283
|
+
# In that case, the `IsTruncated` response element returns `true`, and
|
|
7284
|
+
# `Marker` contains a value to include in the subsequent call that tells
|
|
7285
|
+
# the service where to continue from.
|
|
7286
|
+
#
|
|
7287
|
+
# @return [Types::ListMFADeviceTagsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
|
7288
|
+
#
|
|
7289
|
+
# * {Types::ListMFADeviceTagsResponse#tags #tags} => Array<Types::Tag>
|
|
7290
|
+
# * {Types::ListMFADeviceTagsResponse#is_truncated #is_truncated} => Boolean
|
|
7291
|
+
# * {Types::ListMFADeviceTagsResponse#marker #marker} => String
|
|
7292
|
+
#
|
|
7293
|
+
# @example Request syntax with placeholder values
|
|
7294
|
+
#
|
|
7295
|
+
# resp = client.list_mfa_device_tags({
|
|
7296
|
+
# serial_number: "serialNumberType", # required
|
|
7297
|
+
# marker: "markerType",
|
|
7298
|
+
# max_items: 1,
|
|
7299
|
+
# })
|
|
7300
|
+
#
|
|
7301
|
+
# @example Response structure
|
|
7302
|
+
#
|
|
7303
|
+
# resp.tags #=> Array
|
|
7304
|
+
# resp.tags[0].key #=> String
|
|
7305
|
+
# resp.tags[0].value #=> String
|
|
7306
|
+
# resp.is_truncated #=> Boolean
|
|
7307
|
+
# resp.marker #=> String
|
|
7308
|
+
#
|
|
7309
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListMFADeviceTags AWS API Documentation
|
|
7310
|
+
#
|
|
7311
|
+
# @overload list_mfa_device_tags(params = {})
|
|
7312
|
+
# @param [Hash] params ({})
|
|
7313
|
+
def list_mfa_device_tags(params = {}, options = {})
|
|
7314
|
+
req = build_request(:list_mfa_device_tags, params)
|
|
7315
|
+
req.send_request(options)
|
|
7316
|
+
end
|
|
7317
|
+
|
|
6996
7318
|
# Lists the MFA devices for an IAM user. If the request includes a IAM
|
|
6997
7319
|
# user name, then this operation lists all the MFA devices associated
|
|
6998
7320
|
# with the specified user. If you do not specify a user name, IAM
|
|
6999
7321
|
# determines the user name implicitly based on the AWS access key ID
|
|
7000
|
-
# signing the request for this
|
|
7322
|
+
# signing the request for this operation.
|
|
7001
7323
|
#
|
|
7002
7324
|
# You can paginate the results using the `MaxItems` and `Marker`
|
|
7003
7325
|
# parameters.
|
|
@@ -7065,19 +7387,102 @@ module Aws::IAM
|
|
|
7065
7387
|
req.send_request(options)
|
|
7066
7388
|
end
|
|
7067
7389
|
|
|
7068
|
-
# Lists
|
|
7069
|
-
#
|
|
7390
|
+
# Lists the tags that are attached to the specified OpenID Connect
|
|
7391
|
+
# (OIDC)-compatible identity provider. The returned list of tags is
|
|
7392
|
+
# sorted by tag key. For more information, see [About web identity
|
|
7393
|
+
# federation][1].
|
|
7070
7394
|
#
|
|
7071
|
-
#
|
|
7395
|
+
# For more information about tagging, see [Tagging IAM resources][2] in
|
|
7396
|
+
# the *IAM User Guide*.
|
|
7072
7397
|
#
|
|
7073
|
-
# * {Types::ListOpenIDConnectProvidersResponse#open_id_connect_provider_list #open_id_connect_provider_list} => Array<Types::OpenIDConnectProviderListEntry>
|
|
7074
7398
|
#
|
|
7075
|
-
# @example Response structure
|
|
7076
7399
|
#
|
|
7077
|
-
#
|
|
7078
|
-
#
|
|
7400
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html
|
|
7401
|
+
# [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
|
|
7079
7402
|
#
|
|
7080
|
-
# @
|
|
7403
|
+
# @option params [required, String] :open_id_connect_provider_arn
|
|
7404
|
+
# The ARN of the OpenID Connect (OIDC) identity provider whose tags you
|
|
7405
|
+
# want to see.
|
|
7406
|
+
#
|
|
7407
|
+
# This parameter accepts (through its [regex pattern][1]) a string of
|
|
7408
|
+
# characters that consist of upper and lowercase alphanumeric characters
|
|
7409
|
+
# with no spaces. You can also include any of the following characters:
|
|
7410
|
+
# =,.@-
|
|
7411
|
+
#
|
|
7412
|
+
#
|
|
7413
|
+
#
|
|
7414
|
+
# [1]: http://wikipedia.org/wiki/regex
|
|
7415
|
+
#
|
|
7416
|
+
# @option params [String] :marker
|
|
7417
|
+
# Use this parameter only when paginating results and only after you
|
|
7418
|
+
# receive a response indicating that the results are truncated. Set it
|
|
7419
|
+
# to the value of the `Marker` element in the response that you received
|
|
7420
|
+
# to indicate where the next call should start.
|
|
7421
|
+
#
|
|
7422
|
+
# @option params [Integer] :max_items
|
|
7423
|
+
# (Optional) Use this only when paginating results to indicate the
|
|
7424
|
+
# maximum number of items that you want in the response. If additional
|
|
7425
|
+
# items exist beyond the maximum that you specify, the `IsTruncated`
|
|
7426
|
+
# response element is `true`.
|
|
7427
|
+
#
|
|
7428
|
+
# If you do not include this parameter, it defaults to 100. Note that
|
|
7429
|
+
# IAM might return fewer results, even when more results are available.
|
|
7430
|
+
# In that case, the `IsTruncated` response element returns `true`, and
|
|
7431
|
+
# `Marker` contains a value to include in the subsequent call that tells
|
|
7432
|
+
# the service where to continue from.
|
|
7433
|
+
#
|
|
7434
|
+
# @return [Types::ListOpenIDConnectProviderTagsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
|
7435
|
+
#
|
|
7436
|
+
# * {Types::ListOpenIDConnectProviderTagsResponse#tags #tags} => Array<Types::Tag>
|
|
7437
|
+
# * {Types::ListOpenIDConnectProviderTagsResponse#is_truncated #is_truncated} => Boolean
|
|
7438
|
+
# * {Types::ListOpenIDConnectProviderTagsResponse#marker #marker} => String
|
|
7439
|
+
#
|
|
7440
|
+
# @example Request syntax with placeholder values
|
|
7441
|
+
#
|
|
7442
|
+
# resp = client.list_open_id_connect_provider_tags({
|
|
7443
|
+
# open_id_connect_provider_arn: "arnType", # required
|
|
7444
|
+
# marker: "markerType",
|
|
7445
|
+
# max_items: 1,
|
|
7446
|
+
# })
|
|
7447
|
+
#
|
|
7448
|
+
# @example Response structure
|
|
7449
|
+
#
|
|
7450
|
+
# resp.tags #=> Array
|
|
7451
|
+
# resp.tags[0].key #=> String
|
|
7452
|
+
# resp.tags[0].value #=> String
|
|
7453
|
+
# resp.is_truncated #=> Boolean
|
|
7454
|
+
# resp.marker #=> String
|
|
7455
|
+
#
|
|
7456
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListOpenIDConnectProviderTags AWS API Documentation
|
|
7457
|
+
#
|
|
7458
|
+
# @overload list_open_id_connect_provider_tags(params = {})
|
|
7459
|
+
# @param [Hash] params ({})
|
|
7460
|
+
def list_open_id_connect_provider_tags(params = {}, options = {})
|
|
7461
|
+
req = build_request(:list_open_id_connect_provider_tags, params)
|
|
7462
|
+
req.send_request(options)
|
|
7463
|
+
end
|
|
7464
|
+
|
|
7465
|
+
# Lists information about the IAM OpenID Connect (OIDC) provider
|
|
7466
|
+
# resource objects defined in the AWS account.
|
|
7467
|
+
#
|
|
7468
|
+
# <note markdown="1"> IAM resource-listing operations return a subset of the available
|
|
7469
|
+
# attributes for the resource. For example, this operation does not
|
|
7470
|
+
# return tags, even though they are an attribute of the returned object.
|
|
7471
|
+
# To view all of the information for an OIDC provider, see
|
|
7472
|
+
# GetOpenIDConnectProvider.
|
|
7473
|
+
#
|
|
7474
|
+
# </note>
|
|
7475
|
+
#
|
|
7476
|
+
# @return [Types::ListOpenIDConnectProvidersResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
|
7477
|
+
#
|
|
7478
|
+
# * {Types::ListOpenIDConnectProvidersResponse#open_id_connect_provider_list #open_id_connect_provider_list} => Array<Types::OpenIDConnectProviderListEntry>
|
|
7479
|
+
#
|
|
7480
|
+
# @example Response structure
|
|
7481
|
+
#
|
|
7482
|
+
# resp.open_id_connect_provider_list #=> Array
|
|
7483
|
+
# resp.open_id_connect_provider_list[0].arn #=> String
|
|
7484
|
+
#
|
|
7485
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListOpenIDConnectProviders AWS API Documentation
|
|
7081
7486
|
#
|
|
7082
7487
|
# @overload list_open_id_connect_providers(params = {})
|
|
7083
7488
|
# @param [Hash] params ({})
|
|
@@ -7099,8 +7504,16 @@ module Aws::IAM
|
|
|
7099
7504
|
# You can paginate the results using the `MaxItems` and `Marker`
|
|
7100
7505
|
# parameters.
|
|
7101
7506
|
#
|
|
7102
|
-
# For more information about managed policies, see [Managed
|
|
7103
|
-
#
|
|
7507
|
+
# For more information about managed policies, see [Managed policies and
|
|
7508
|
+
# inline policies][1] in the *IAM User Guide*.
|
|
7509
|
+
#
|
|
7510
|
+
# <note markdown="1"> IAM resource-listing operations return a subset of the available
|
|
7511
|
+
# attributes for the resource. For example, this operation does not
|
|
7512
|
+
# return tags, even though they are an attribute of the returned object.
|
|
7513
|
+
# To view all of the information for a customer manged policy, see
|
|
7514
|
+
# GetPolicy.
|
|
7515
|
+
#
|
|
7516
|
+
# </note>
|
|
7104
7517
|
#
|
|
7105
7518
|
#
|
|
7106
7519
|
#
|
|
@@ -7199,6 +7612,9 @@ module Aws::IAM
|
|
|
7199
7612
|
# resp.policies[0].description #=> String
|
|
7200
7613
|
# resp.policies[0].create_date #=> Time
|
|
7201
7614
|
# resp.policies[0].update_date #=> Time
|
|
7615
|
+
# resp.policies[0].tags #=> Array
|
|
7616
|
+
# resp.policies[0].tags[0].key #=> String
|
|
7617
|
+
# resp.policies[0].tags[0].value #=> String
|
|
7202
7618
|
# resp.is_truncated #=> Boolean
|
|
7203
7619
|
# resp.marker #=> String
|
|
7204
7620
|
#
|
|
@@ -7219,7 +7635,7 @@ module Aws::IAM
|
|
|
7219
7635
|
# include resource-based policies, access control lists, AWS
|
|
7220
7636
|
# Organizations policies, IAM permissions boundaries, and AWS STS assume
|
|
7221
7637
|
# role policies. It only applies permissions policy logic. For more
|
|
7222
|
-
# about the evaluation of policy types, see [Evaluating
|
|
7638
|
+
# about the evaluation of policy types, see [Evaluating policies][1] in
|
|
7223
7639
|
# the *IAM User Guide*.
|
|
7224
7640
|
#
|
|
7225
7641
|
# </note>
|
|
@@ -7242,8 +7658,8 @@ module Aws::IAM
|
|
|
7242
7658
|
# For each managed policy, this operation returns the ARN and policy
|
|
7243
7659
|
# name. For each inline policy, it returns the policy name and the
|
|
7244
7660
|
# entity to which it is attached. Inline policies do not have an ARN.
|
|
7245
|
-
# For more information about these policy types, see [Managed
|
|
7246
|
-
# and
|
|
7661
|
+
# For more information about these policy types, see [Managed policies
|
|
7662
|
+
# and inline policies][2] in the *IAM User Guide*.
|
|
7247
7663
|
#
|
|
7248
7664
|
# Policies that are attached to users and roles as permissions
|
|
7249
7665
|
# boundaries are not returned. To view which managed policy is currently
|
|
@@ -7269,17 +7685,16 @@ module Aws::IAM
|
|
|
7269
7685
|
# The service namespace for the AWS services whose policies you want to
|
|
7270
7686
|
# list.
|
|
7271
7687
|
#
|
|
7272
|
-
# To learn the service namespace for a service,
|
|
7273
|
-
#
|
|
7274
|
-
#
|
|
7275
|
-
#
|
|
7276
|
-
#
|
|
7277
|
-
# namespaces
|
|
7278
|
-
# Reference*.
|
|
7688
|
+
# To learn the service namespace for a service, see [Actions, resources,
|
|
7689
|
+
# and condition keys for AWS services][1] in the *IAM User Guide*.
|
|
7690
|
+
# Choose the name of the service to view details for that service. In
|
|
7691
|
+
# the first paragraph, find the service prefix. For example, `(service
|
|
7692
|
+
# prefix: a4b)`. For more information about service namespaces, see [AWS
|
|
7693
|
+
# service namespaces][2] in the *AWS General Reference*.
|
|
7279
7694
|
#
|
|
7280
7695
|
#
|
|
7281
7696
|
#
|
|
7282
|
-
# [1]: https://docs.aws.amazon.com/
|
|
7697
|
+
# [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/reference_policies_actions-resources-contextkeys.html
|
|
7283
7698
|
# [2]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#genref-aws-service-namespaces
|
|
7284
7699
|
#
|
|
7285
7700
|
# @return [Types::ListPoliciesGrantingServiceAccessResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
|
@@ -7364,12 +7779,82 @@ module Aws::IAM
|
|
|
7364
7779
|
req.send_request(options)
|
|
7365
7780
|
end
|
|
7366
7781
|
|
|
7782
|
+
# Lists the tags that are attached to the specified IAM customer managed
|
|
7783
|
+
# policy. The returned list of tags is sorted by tag key. For more
|
|
7784
|
+
# information about tagging, see [Tagging IAM resources][1] in the *IAM
|
|
7785
|
+
# User Guide*.
|
|
7786
|
+
#
|
|
7787
|
+
#
|
|
7788
|
+
#
|
|
7789
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
|
|
7790
|
+
#
|
|
7791
|
+
# @option params [required, String] :policy_arn
|
|
7792
|
+
# The ARN of the IAM customer managed policy whose tags you want to see.
|
|
7793
|
+
#
|
|
7794
|
+
# This parameter accepts (through its [regex pattern][1]) a string of
|
|
7795
|
+
# characters that consist of upper and lowercase alphanumeric characters
|
|
7796
|
+
# with no spaces. You can also include any of the following characters:
|
|
7797
|
+
# =,.@-
|
|
7798
|
+
#
|
|
7799
|
+
#
|
|
7800
|
+
#
|
|
7801
|
+
# [1]: http://wikipedia.org/wiki/regex
|
|
7802
|
+
#
|
|
7803
|
+
# @option params [String] :marker
|
|
7804
|
+
# Use this parameter only when paginating results and only after you
|
|
7805
|
+
# receive a response indicating that the results are truncated. Set it
|
|
7806
|
+
# to the value of the `Marker` element in the response that you received
|
|
7807
|
+
# to indicate where the next call should start.
|
|
7808
|
+
#
|
|
7809
|
+
# @option params [Integer] :max_items
|
|
7810
|
+
# (Optional) Use this only when paginating results to indicate the
|
|
7811
|
+
# maximum number of items that you want in the response. If additional
|
|
7812
|
+
# items exist beyond the maximum that you specify, the `IsTruncated`
|
|
7813
|
+
# response element is `true`.
|
|
7814
|
+
#
|
|
7815
|
+
# If you do not include this parameter, it defaults to 100. Note that
|
|
7816
|
+
# IAM might return fewer results, even when more results are available.
|
|
7817
|
+
# In that case, the `IsTruncated` response element returns `true`, and
|
|
7818
|
+
# `Marker` contains a value to include in the subsequent call that tells
|
|
7819
|
+
# the service where to continue from.
|
|
7820
|
+
#
|
|
7821
|
+
# @return [Types::ListPolicyTagsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
|
7822
|
+
#
|
|
7823
|
+
# * {Types::ListPolicyTagsResponse#tags #tags} => Array<Types::Tag>
|
|
7824
|
+
# * {Types::ListPolicyTagsResponse#is_truncated #is_truncated} => Boolean
|
|
7825
|
+
# * {Types::ListPolicyTagsResponse#marker #marker} => String
|
|
7826
|
+
#
|
|
7827
|
+
# @example Request syntax with placeholder values
|
|
7828
|
+
#
|
|
7829
|
+
# resp = client.list_policy_tags({
|
|
7830
|
+
# policy_arn: "arnType", # required
|
|
7831
|
+
# marker: "markerType",
|
|
7832
|
+
# max_items: 1,
|
|
7833
|
+
# })
|
|
7834
|
+
#
|
|
7835
|
+
# @example Response structure
|
|
7836
|
+
#
|
|
7837
|
+
# resp.tags #=> Array
|
|
7838
|
+
# resp.tags[0].key #=> String
|
|
7839
|
+
# resp.tags[0].value #=> String
|
|
7840
|
+
# resp.is_truncated #=> Boolean
|
|
7841
|
+
# resp.marker #=> String
|
|
7842
|
+
#
|
|
7843
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListPolicyTags AWS API Documentation
|
|
7844
|
+
#
|
|
7845
|
+
# @overload list_policy_tags(params = {})
|
|
7846
|
+
# @param [Hash] params ({})
|
|
7847
|
+
def list_policy_tags(params = {}, options = {})
|
|
7848
|
+
req = build_request(:list_policy_tags, params)
|
|
7849
|
+
req.send_request(options)
|
|
7850
|
+
end
|
|
7851
|
+
|
|
7367
7852
|
# Lists information about the versions of the specified managed policy,
|
|
7368
7853
|
# including the version that is currently set as the policy's default
|
|
7369
7854
|
# version.
|
|
7370
7855
|
#
|
|
7371
|
-
# For more information about managed policies, see [Managed
|
|
7372
|
-
#
|
|
7856
|
+
# For more information about managed policies, see [Managed policies and
|
|
7857
|
+
# inline policies][1] in the *IAM User Guide*.
|
|
7373
7858
|
#
|
|
7374
7859
|
#
|
|
7375
7860
|
#
|
|
@@ -7379,8 +7864,8 @@ module Aws::IAM
|
|
|
7379
7864
|
# The Amazon Resource Name (ARN) of the IAM policy for which you want
|
|
7380
7865
|
# the versions.
|
|
7381
7866
|
#
|
|
7382
|
-
# For more information about ARNs, see [Amazon Resource Names (ARNs)
|
|
7383
|
-
#
|
|
7867
|
+
# For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
|
|
7868
|
+
# in the *AWS General Reference*.
|
|
7384
7869
|
#
|
|
7385
7870
|
#
|
|
7386
7871
|
#
|
|
@@ -7444,7 +7929,7 @@ module Aws::IAM
|
|
|
7444
7929
|
# An IAM role can also have managed policies attached to it. To list the
|
|
7445
7930
|
# managed policies that are attached to a role, use
|
|
7446
7931
|
# ListAttachedRolePolicies. For more information about policies, see
|
|
7447
|
-
# [Managed
|
|
7932
|
+
# [Managed policies and inline policies][1] in the *IAM User Guide*.
|
|
7448
7933
|
#
|
|
7449
7934
|
# You can paginate the results using the `MaxItems` and `Marker`
|
|
7450
7935
|
# parameters. If there are no inline policies embedded with the
|
|
@@ -7517,7 +8002,7 @@ module Aws::IAM
|
|
|
7517
8002
|
|
|
7518
8003
|
# Lists the tags that are attached to the specified role. The returned
|
|
7519
8004
|
# list of tags is sorted by tag key. For more information about tagging,
|
|
7520
|
-
# see [Tagging IAM
|
|
8005
|
+
# see [Tagging IAM resources][1] in the *IAM User Guide*.
|
|
7521
8006
|
#
|
|
7522
8007
|
#
|
|
7523
8008
|
#
|
|
@@ -7610,7 +8095,14 @@ module Aws::IAM
|
|
|
7610
8095
|
|
|
7611
8096
|
# Lists the IAM roles that have the specified path prefix. If there are
|
|
7612
8097
|
# none, the operation returns an empty list. For more information about
|
|
7613
|
-
# roles,
|
|
8098
|
+
# roles, see [Working with roles][1].
|
|
8099
|
+
#
|
|
8100
|
+
# <note markdown="1"> IAM resource-listing operations return a subset of the available
|
|
8101
|
+
# attributes for the resource. For example, this operation does not
|
|
8102
|
+
# return tags, even though they are an attribute of the returned object.
|
|
8103
|
+
# To view all of the information for a role, see GetRole.
|
|
8104
|
+
#
|
|
8105
|
+
# </note>
|
|
7614
8106
|
#
|
|
7615
8107
|
# You can paginate the results using the `MaxItems` and `Marker`
|
|
7616
8108
|
# parameters.
|
|
@@ -7699,12 +8191,89 @@ module Aws::IAM
|
|
|
7699
8191
|
req.send_request(options)
|
|
7700
8192
|
end
|
|
7701
8193
|
|
|
7702
|
-
# Lists the
|
|
7703
|
-
#
|
|
8194
|
+
# Lists the tags that are attached to the specified Security Assertion
|
|
8195
|
+
# Markup Language (SAML) identity provider. The returned list of tags is
|
|
8196
|
+
# sorted by tag key. For more information, see [About SAML 2.0-based
|
|
8197
|
+
# federation][1].
|
|
7704
8198
|
#
|
|
7705
|
-
#
|
|
8199
|
+
# For more information about tagging, see [Tagging IAM resources][2] in
|
|
8200
|
+
# the *IAM User Guide*.
|
|
7706
8201
|
#
|
|
7707
|
-
#
|
|
8202
|
+
#
|
|
8203
|
+
#
|
|
8204
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html
|
|
8205
|
+
# [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
|
|
8206
|
+
#
|
|
8207
|
+
# @option params [required, String] :saml_provider_arn
|
|
8208
|
+
# The ARN of the Security Assertion Markup Language (SAML) identity
|
|
8209
|
+
# provider whose tags you want to see.
|
|
8210
|
+
#
|
|
8211
|
+
# This parameter accepts (through its [regex pattern][1]) a string of
|
|
8212
|
+
# characters that consist of upper and lowercase alphanumeric characters
|
|
8213
|
+
# with no spaces. You can also include any of the following characters:
|
|
8214
|
+
# =,.@-
|
|
8215
|
+
#
|
|
8216
|
+
#
|
|
8217
|
+
#
|
|
8218
|
+
# [1]: http://wikipedia.org/wiki/regex
|
|
8219
|
+
#
|
|
8220
|
+
# @option params [String] :marker
|
|
8221
|
+
# Use this parameter only when paginating results and only after you
|
|
8222
|
+
# receive a response indicating that the results are truncated. Set it
|
|
8223
|
+
# to the value of the `Marker` element in the response that you received
|
|
8224
|
+
# to indicate where the next call should start.
|
|
8225
|
+
#
|
|
8226
|
+
# @option params [Integer] :max_items
|
|
8227
|
+
# (Optional) Use this only when paginating results to indicate the
|
|
8228
|
+
# maximum number of items that you want in the response. If additional
|
|
8229
|
+
# items exist beyond the maximum that you specify, the `IsTruncated`
|
|
8230
|
+
# response element is `true`.
|
|
8231
|
+
#
|
|
8232
|
+
# If you do not include this parameter, it defaults to 100. Note that
|
|
8233
|
+
# IAM might return fewer results, even when more results are available.
|
|
8234
|
+
# In that case, the `IsTruncated` response element returns `true`, and
|
|
8235
|
+
# `Marker` contains a value to include in the subsequent call that tells
|
|
8236
|
+
# the service where to continue from.
|
|
8237
|
+
#
|
|
8238
|
+
# @return [Types::ListSAMLProviderTagsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
|
8239
|
+
#
|
|
8240
|
+
# * {Types::ListSAMLProviderTagsResponse#tags #tags} => Array<Types::Tag>
|
|
8241
|
+
# * {Types::ListSAMLProviderTagsResponse#is_truncated #is_truncated} => Boolean
|
|
8242
|
+
# * {Types::ListSAMLProviderTagsResponse#marker #marker} => String
|
|
8243
|
+
#
|
|
8244
|
+
# @example Request syntax with placeholder values
|
|
8245
|
+
#
|
|
8246
|
+
# resp = client.list_saml_provider_tags({
|
|
8247
|
+
# saml_provider_arn: "arnType", # required
|
|
8248
|
+
# marker: "markerType",
|
|
8249
|
+
# max_items: 1,
|
|
8250
|
+
# })
|
|
8251
|
+
#
|
|
8252
|
+
# @example Response structure
|
|
8253
|
+
#
|
|
8254
|
+
# resp.tags #=> Array
|
|
8255
|
+
# resp.tags[0].key #=> String
|
|
8256
|
+
# resp.tags[0].value #=> String
|
|
8257
|
+
# resp.is_truncated #=> Boolean
|
|
8258
|
+
# resp.marker #=> String
|
|
8259
|
+
#
|
|
8260
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListSAMLProviderTags AWS API Documentation
|
|
8261
|
+
#
|
|
8262
|
+
# @overload list_saml_provider_tags(params = {})
|
|
8263
|
+
# @param [Hash] params ({})
|
|
8264
|
+
def list_saml_provider_tags(params = {}, options = {})
|
|
8265
|
+
req = build_request(:list_saml_provider_tags, params)
|
|
8266
|
+
req.send_request(options)
|
|
8267
|
+
end
|
|
8268
|
+
|
|
8269
|
+
# Lists the SAML provider resource objects defined in IAM in the
|
|
8270
|
+
# account. IAM resource-listing operations return a subset of the
|
|
8271
|
+
# available attributes for the resource. For example, this operation
|
|
8272
|
+
# does not return tags, even though they are an attribute of the
|
|
8273
|
+
# returned object. To view all of the information for a SAML provider,
|
|
8274
|
+
# see GetSAMLProvider.
|
|
8275
|
+
#
|
|
8276
|
+
# This operation requires [Signature Version 4][1].
|
|
7708
8277
|
#
|
|
7709
8278
|
#
|
|
7710
8279
|
#
|
|
@@ -7737,7 +8306,7 @@ module Aws::IAM
|
|
|
7737
8306
|
# The SSH public keys returned by this operation are used only for
|
|
7738
8307
|
# authenticating the IAM user to an AWS CodeCommit repository. For more
|
|
7739
8308
|
# information about using SSH keys to authenticate to an AWS CodeCommit
|
|
7740
|
-
# repository, see [Set up AWS CodeCommit for SSH
|
|
8309
|
+
# repository, see [Set up AWS CodeCommit for SSH connections][1] in the
|
|
7741
8310
|
# *AWS CodeCommit User Guide*.
|
|
7742
8311
|
#
|
|
7743
8312
|
# Although each user is limited to a small number of keys, you can still
|
|
@@ -7813,6 +8382,85 @@ module Aws::IAM
|
|
|
7813
8382
|
req.send_request(options)
|
|
7814
8383
|
end
|
|
7815
8384
|
|
|
8385
|
+
# Lists the tags that are attached to the specified IAM server
|
|
8386
|
+
# certificate. The returned list of tags is sorted by tag key. For more
|
|
8387
|
+
# information about tagging, see [Tagging IAM resources][1] in the *IAM
|
|
8388
|
+
# User Guide*.
|
|
8389
|
+
#
|
|
8390
|
+
# <note markdown="1"> For certificates in a Region supported by AWS Certificate Manager
|
|
8391
|
+
# (ACM), we recommend that you don't use IAM server certificates.
|
|
8392
|
+
# Instead, use ACM to provision, manage, and deploy your server
|
|
8393
|
+
# certificates. For more information about IAM server certificates,
|
|
8394
|
+
# [Working with server certificates][2] in the *IAM User Guide*.
|
|
8395
|
+
#
|
|
8396
|
+
# </note>
|
|
8397
|
+
#
|
|
8398
|
+
#
|
|
8399
|
+
#
|
|
8400
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
|
|
8401
|
+
# [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html
|
|
8402
|
+
#
|
|
8403
|
+
# @option params [required, String] :server_certificate_name
|
|
8404
|
+
# The name of the IAM server certificate whose tags you want to see.
|
|
8405
|
+
#
|
|
8406
|
+
# This parameter accepts (through its [regex pattern][1]) a string of
|
|
8407
|
+
# characters that consist of upper and lowercase alphanumeric characters
|
|
8408
|
+
# with no spaces. You can also include any of the following characters:
|
|
8409
|
+
# =,.@-
|
|
8410
|
+
#
|
|
8411
|
+
#
|
|
8412
|
+
#
|
|
8413
|
+
# [1]: http://wikipedia.org/wiki/regex
|
|
8414
|
+
#
|
|
8415
|
+
# @option params [String] :marker
|
|
8416
|
+
# Use this parameter only when paginating results and only after you
|
|
8417
|
+
# receive a response indicating that the results are truncated. Set it
|
|
8418
|
+
# to the value of the `Marker` element in the response that you received
|
|
8419
|
+
# to indicate where the next call should start.
|
|
8420
|
+
#
|
|
8421
|
+
# @option params [Integer] :max_items
|
|
8422
|
+
# (Optional) Use this only when paginating results to indicate the
|
|
8423
|
+
# maximum number of items that you want in the response. If additional
|
|
8424
|
+
# items exist beyond the maximum that you specify, the `IsTruncated`
|
|
8425
|
+
# response element is `true`.
|
|
8426
|
+
#
|
|
8427
|
+
# If you do not include this parameter, it defaults to 100. Note that
|
|
8428
|
+
# IAM might return fewer results, even when more results are available.
|
|
8429
|
+
# In that case, the `IsTruncated` response element returns `true`, and
|
|
8430
|
+
# `Marker` contains a value to include in the subsequent call that tells
|
|
8431
|
+
# the service where to continue from.
|
|
8432
|
+
#
|
|
8433
|
+
# @return [Types::ListServerCertificateTagsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
|
8434
|
+
#
|
|
8435
|
+
# * {Types::ListServerCertificateTagsResponse#tags #tags} => Array<Types::Tag>
|
|
8436
|
+
# * {Types::ListServerCertificateTagsResponse#is_truncated #is_truncated} => Boolean
|
|
8437
|
+
# * {Types::ListServerCertificateTagsResponse#marker #marker} => String
|
|
8438
|
+
#
|
|
8439
|
+
# @example Request syntax with placeholder values
|
|
8440
|
+
#
|
|
8441
|
+
# resp = client.list_server_certificate_tags({
|
|
8442
|
+
# server_certificate_name: "serverCertificateNameType", # required
|
|
8443
|
+
# marker: "markerType",
|
|
8444
|
+
# max_items: 1,
|
|
8445
|
+
# })
|
|
8446
|
+
#
|
|
8447
|
+
# @example Response structure
|
|
8448
|
+
#
|
|
8449
|
+
# resp.tags #=> Array
|
|
8450
|
+
# resp.tags[0].key #=> String
|
|
8451
|
+
# resp.tags[0].value #=> String
|
|
8452
|
+
# resp.is_truncated #=> Boolean
|
|
8453
|
+
# resp.marker #=> String
|
|
8454
|
+
#
|
|
8455
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListServerCertificateTags AWS API Documentation
|
|
8456
|
+
#
|
|
8457
|
+
# @overload list_server_certificate_tags(params = {})
|
|
8458
|
+
# @param [Hash] params ({})
|
|
8459
|
+
def list_server_certificate_tags(params = {}, options = {})
|
|
8460
|
+
req = build_request(:list_server_certificate_tags, params)
|
|
8461
|
+
req.send_request(options)
|
|
8462
|
+
end
|
|
8463
|
+
|
|
7816
8464
|
# Lists the server certificates stored in IAM that have the specified
|
|
7817
8465
|
# path prefix. If none exist, the operation returns an empty list.
|
|
7818
8466
|
#
|
|
@@ -7820,10 +8468,18 @@ module Aws::IAM
|
|
|
7820
8468
|
# parameters.
|
|
7821
8469
|
#
|
|
7822
8470
|
# For more information about working with server certificates, see
|
|
7823
|
-
# [Working with
|
|
8471
|
+
# [Working with server certificates][1] in the *IAM User Guide*. This
|
|
7824
8472
|
# topic also includes a list of AWS services that can use the server
|
|
7825
8473
|
# certificates that you manage with IAM.
|
|
7826
8474
|
#
|
|
8475
|
+
# <note markdown="1"> IAM resource-listing operations return a subset of the available
|
|
8476
|
+
# attributes for the resource. For example, this operation does not
|
|
8477
|
+
# return tags, even though they are an attribute of the returned object.
|
|
8478
|
+
# To view all of the information for a servercertificate, see
|
|
8479
|
+
# GetServerCertificate.
|
|
8480
|
+
#
|
|
8481
|
+
# </note>
|
|
8482
|
+
#
|
|
7827
8483
|
#
|
|
7828
8484
|
#
|
|
7829
8485
|
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html
|
|
@@ -7905,7 +8561,7 @@ module Aws::IAM
|
|
|
7905
8561
|
# empty list. The service-specific credentials returned by this
|
|
7906
8562
|
# operation are used only for authenticating the IAM user to a specific
|
|
7907
8563
|
# service. For more information about using service-specific credentials
|
|
7908
|
-
# to authenticate to an AWS service, see [Set
|
|
8564
|
+
# to authenticate to an AWS service, see [Set up service-specific
|
|
7909
8565
|
# credentials][1] in the AWS CodeCommit User Guide.
|
|
7910
8566
|
#
|
|
7911
8567
|
#
|
|
@@ -7971,9 +8627,10 @@ module Aws::IAM
|
|
|
7971
8627
|
#
|
|
7972
8628
|
# If the `UserName` field is not specified, the user name is determined
|
|
7973
8629
|
# implicitly based on the AWS access key ID used to sign the request for
|
|
7974
|
-
# this
|
|
7975
|
-
# Consequently, you can use this operation to manage AWS
|
|
7976
|
-
# user credentials even if the AWS account has no
|
|
8630
|
+
# this operation. This operation works for access keys under the AWS
|
|
8631
|
+
# account. Consequently, you can use this operation to manage AWS
|
|
8632
|
+
# account root user credentials even if the AWS account has no
|
|
8633
|
+
# associated users.
|
|
7977
8634
|
#
|
|
7978
8635
|
# @option params [String] :user_name
|
|
7979
8636
|
# The name of the IAM user whose signing certificates you want to
|
|
@@ -8069,7 +8726,7 @@ module Aws::IAM
|
|
|
8069
8726
|
# An IAM user can also have managed policies attached to it. To list the
|
|
8070
8727
|
# managed policies that are attached to a user, use
|
|
8071
8728
|
# ListAttachedUserPolicies. For more information about policies, see
|
|
8072
|
-
# [Managed
|
|
8729
|
+
# [Managed policies and inline policies][1] in the *IAM User Guide*.
|
|
8073
8730
|
#
|
|
8074
8731
|
# You can paginate the results using the `MaxItems` and `Marker`
|
|
8075
8732
|
# parameters. If there are no inline policies embedded with the
|
|
@@ -8140,9 +8797,9 @@ module Aws::IAM
|
|
|
8140
8797
|
req.send_request(options)
|
|
8141
8798
|
end
|
|
8142
8799
|
|
|
8143
|
-
# Lists the tags that are attached to the specified user. The
|
|
8144
|
-
# list of tags is sorted by tag key. For more information about
|
|
8145
|
-
# see [Tagging IAM
|
|
8800
|
+
# Lists the tags that are attached to the specified IAM user. The
|
|
8801
|
+
# returned list of tags is sorted by tag key. For more information about
|
|
8802
|
+
# tagging, see [Tagging IAM resources][1] in the *IAM User Guide*.
|
|
8146
8803
|
#
|
|
8147
8804
|
#
|
|
8148
8805
|
#
|
|
@@ -8237,6 +8894,13 @@ module Aws::IAM
|
|
|
8237
8894
|
# prefix is specified, the operation returns all users in the AWS
|
|
8238
8895
|
# account. If there are none, the operation returns an empty list.
|
|
8239
8896
|
#
|
|
8897
|
+
# <note markdown="1"> IAM resource-listing operations return a subset of the available
|
|
8898
|
+
# attributes for the resource. For example, this operation does not
|
|
8899
|
+
# return tags, even though they are an attribute of the returned object.
|
|
8900
|
+
# To view all of the information for a user, see GetUser.
|
|
8901
|
+
#
|
|
8902
|
+
# </note>
|
|
8903
|
+
#
|
|
8240
8904
|
# You can paginate the results using the `MaxItems` and `Marker`
|
|
8241
8905
|
# parameters.
|
|
8242
8906
|
#
|
|
@@ -8351,6 +9015,14 @@ module Aws::IAM
|
|
|
8351
9015
|
# returns a list of all virtual MFA devices. Assignment status can be
|
|
8352
9016
|
# `Assigned`, `Unassigned`, or `Any`.
|
|
8353
9017
|
#
|
|
9018
|
+
# <note markdown="1"> IAM resource-listing operations return a subset of the available
|
|
9019
|
+
# attributes for the resource. For example, this operation does not
|
|
9020
|
+
# return tags, even though they are an attribute of the returned object.
|
|
9021
|
+
# To view all of the information for a virtual MFA device, see
|
|
9022
|
+
# ListVirtualMFADevices.
|
|
9023
|
+
#
|
|
9024
|
+
# </note>
|
|
9025
|
+
#
|
|
8354
9026
|
# You can paginate the results using the `MaxItems` and `Marker`
|
|
8355
9027
|
# parameters.
|
|
8356
9028
|
#
|
|
@@ -8430,6 +9102,9 @@ module Aws::IAM
|
|
|
8430
9102
|
# resp.virtual_mfa_devices[0].user.tags[0].key #=> String
|
|
8431
9103
|
# resp.virtual_mfa_devices[0].user.tags[0].value #=> String
|
|
8432
9104
|
# resp.virtual_mfa_devices[0].enable_date #=> Time
|
|
9105
|
+
# resp.virtual_mfa_devices[0].tags #=> Array
|
|
9106
|
+
# resp.virtual_mfa_devices[0].tags[0].key #=> String
|
|
9107
|
+
# resp.virtual_mfa_devices[0].tags[0].value #=> String
|
|
8433
9108
|
# resp.is_truncated #=> Boolean
|
|
8434
9109
|
# resp.marker #=> String
|
|
8435
9110
|
#
|
|
@@ -8448,15 +9123,15 @@ module Aws::IAM
|
|
|
8448
9123
|
# A user can also have managed policies attached to it. To attach a
|
|
8449
9124
|
# managed policy to a group, use AttachGroupPolicy. To create a new
|
|
8450
9125
|
# managed policy, use CreatePolicy. For information about policies, see
|
|
8451
|
-
# [Managed
|
|
9126
|
+
# [Managed policies and inline policies][1] in the *IAM User Guide*.
|
|
8452
9127
|
#
|
|
8453
|
-
# For information about
|
|
8454
|
-
# can embed in a group, see [
|
|
8455
|
-
#
|
|
9128
|
+
# For information about the maximum number of inline policies that you
|
|
9129
|
+
# can embed in a group, see [IAM and STS quotas][2] in the *IAM User
|
|
9130
|
+
# Guide*.
|
|
8456
9131
|
#
|
|
8457
9132
|
# <note markdown="1"> Because policy documents can be large, you should use POST rather than
|
|
8458
9133
|
# GET when calling `PutGroupPolicy`. For general information about using
|
|
8459
|
-
# the Query API with IAM,
|
|
9134
|
+
# the Query API with IAM, see [Making query requests][3] in the *IAM
|
|
8460
9135
|
# User Guide*.
|
|
8461
9136
|
#
|
|
8462
9137
|
# </note>
|
|
@@ -8464,7 +9139,7 @@ module Aws::IAM
|
|
|
8464
9139
|
#
|
|
8465
9140
|
#
|
|
8466
9141
|
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
|
|
8467
|
-
# [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/
|
|
9142
|
+
# [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html
|
|
8468
9143
|
# [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_UsingQueryAPI.html
|
|
8469
9144
|
#
|
|
8470
9145
|
# @option params [required, String] :group_name
|
|
@@ -8557,7 +9232,7 @@ module Aws::IAM
|
|
|
8557
9232
|
# Policies used as permissions boundaries do not provide permissions.
|
|
8558
9233
|
# You must also attach a permissions policy to the role. To learn how
|
|
8559
9234
|
# the effective permissions for a role are evaluated, see [IAM JSON
|
|
8560
|
-
#
|
|
9235
|
+
# policy evaluation logic][1] in the IAM User Guide.
|
|
8561
9236
|
#
|
|
8562
9237
|
#
|
|
8563
9238
|
#
|
|
@@ -8596,21 +9271,21 @@ module Aws::IAM
|
|
|
8596
9271
|
# as part of the role's access (permissions) policy. The role's trust
|
|
8597
9272
|
# policy is created at the same time as the role, using CreateRole. You
|
|
8598
9273
|
# can update a role's trust policy using UpdateAssumeRolePolicy. For
|
|
8599
|
-
# more information about IAM roles,
|
|
8600
|
-
#
|
|
9274
|
+
# more information about IAM roles, see [Using roles to delegate
|
|
9275
|
+
# permissions and federate identities][1].
|
|
8601
9276
|
#
|
|
8602
9277
|
# A role can also have a managed policy attached to it. To attach a
|
|
8603
9278
|
# managed policy to a role, use AttachRolePolicy. To create a new
|
|
8604
9279
|
# managed policy, use CreatePolicy. For information about policies, see
|
|
8605
|
-
# [Managed
|
|
9280
|
+
# [Managed policies and inline policies][2] in the *IAM User Guide*.
|
|
8606
9281
|
#
|
|
8607
|
-
# For information about
|
|
8608
|
-
# can embed with a role, see [
|
|
8609
|
-
#
|
|
9282
|
+
# For information about the maximum number of inline policies that you
|
|
9283
|
+
# can embed with a role, see [IAM and STS quotas][3] in the *IAM User
|
|
9284
|
+
# Guide*.
|
|
8610
9285
|
#
|
|
8611
9286
|
# <note markdown="1"> Because policy documents can be large, you should use POST rather than
|
|
8612
9287
|
# GET when calling `PutRolePolicy`. For general information about using
|
|
8613
|
-
# the Query API with IAM,
|
|
9288
|
+
# the Query API with IAM, see [Making query requests][4] in the *IAM
|
|
8614
9289
|
# User Guide*.
|
|
8615
9290
|
#
|
|
8616
9291
|
# </note>
|
|
@@ -8619,7 +9294,7 @@ module Aws::IAM
|
|
|
8619
9294
|
#
|
|
8620
9295
|
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/roles-toplevel.html
|
|
8621
9296
|
# [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
|
|
8622
|
-
# [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/
|
|
9297
|
+
# [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html
|
|
8623
9298
|
# [4]: https://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_UsingQueryAPI.html
|
|
8624
9299
|
#
|
|
8625
9300
|
# @option params [required, String] :role_name
|
|
@@ -8710,7 +9385,7 @@ module Aws::IAM
|
|
|
8710
9385
|
# Policies that are used as permissions boundaries do not provide
|
|
8711
9386
|
# permissions. You must also attach a permissions policy to the user. To
|
|
8712
9387
|
# learn how the effective permissions for a user are evaluated, see [IAM
|
|
8713
|
-
# JSON
|
|
9388
|
+
# JSON policy evaluation logic][1] in the IAM User Guide.
|
|
8714
9389
|
#
|
|
8715
9390
|
#
|
|
8716
9391
|
#
|
|
@@ -8748,15 +9423,15 @@ module Aws::IAM
|
|
|
8748
9423
|
# An IAM user can also have a managed policy attached to it. To attach a
|
|
8749
9424
|
# managed policy to a user, use AttachUserPolicy. To create a new
|
|
8750
9425
|
# managed policy, use CreatePolicy. For information about policies, see
|
|
8751
|
-
# [Managed
|
|
9426
|
+
# [Managed policies and inline policies][1] in the *IAM User Guide*.
|
|
8752
9427
|
#
|
|
8753
|
-
# For information about
|
|
8754
|
-
# can embed in a user, see [
|
|
8755
|
-
#
|
|
9428
|
+
# For information about the maximum number of inline policies that you
|
|
9429
|
+
# can embed in a user, see [IAM and STS quotas][2] in the *IAM User
|
|
9430
|
+
# Guide*.
|
|
8756
9431
|
#
|
|
8757
9432
|
# <note markdown="1"> Because policy documents can be large, you should use POST rather than
|
|
8758
9433
|
# GET when calling `PutUserPolicy`. For general information about using
|
|
8759
|
-
# the Query API with IAM,
|
|
9434
|
+
# the Query API with IAM, see [Making query requests][3] in the *IAM
|
|
8760
9435
|
# User Guide*.
|
|
8761
9436
|
#
|
|
8762
9437
|
# </note>
|
|
@@ -8764,7 +9439,7 @@ module Aws::IAM
|
|
|
8764
9439
|
#
|
|
8765
9440
|
#
|
|
8766
9441
|
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
|
|
8767
|
-
# [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/
|
|
9442
|
+
# [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html
|
|
8768
9443
|
# [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_UsingQueryAPI.html
|
|
8769
9444
|
#
|
|
8770
9445
|
# @option params [required, String] :user_name
|
|
@@ -8857,8 +9532,8 @@ module Aws::IAM
|
|
|
8857
9532
|
# remove the client ID from. You can get a list of OIDC provider ARNs by
|
|
8858
9533
|
# using the ListOpenIDConnectProviders operation.
|
|
8859
9534
|
#
|
|
8860
|
-
# For more information about ARNs, see [Amazon Resource Names (ARNs)
|
|
8861
|
-
#
|
|
9535
|
+
# For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
|
|
9536
|
+
# in the *AWS General Reference*.
|
|
8862
9537
|
#
|
|
8863
9538
|
#
|
|
8864
9539
|
#
|
|
@@ -8895,9 +9570,9 @@ module Aws::IAM
|
|
|
8895
9570
|
# role from an instance profile that is associated with a running
|
|
8896
9571
|
# instance might break any applications running on the instance.
|
|
8897
9572
|
#
|
|
8898
|
-
# For more information about IAM roles,
|
|
8899
|
-
#
|
|
8900
|
-
#
|
|
9573
|
+
# For more information about IAM roles, see [Working with roles][1]. For
|
|
9574
|
+
# more information about instance profiles, see [About instance
|
|
9575
|
+
# profiles][2].
|
|
8901
9576
|
#
|
|
8902
9577
|
#
|
|
8903
9578
|
#
|
|
@@ -9074,8 +9749,7 @@ module Aws::IAM
|
|
|
9074
9749
|
# the AWS servers.
|
|
9075
9750
|
#
|
|
9076
9751
|
# For more information about creating and working with virtual MFA
|
|
9077
|
-
# devices,
|
|
9078
|
-
# Guide*.
|
|
9752
|
+
# devices, see [Using a virtual MFA device][1] in the *IAM User Guide*.
|
|
9079
9753
|
#
|
|
9080
9754
|
#
|
|
9081
9755
|
#
|
|
@@ -9140,10 +9814,10 @@ module Aws::IAM
|
|
|
9140
9814
|
#
|
|
9141
9815
|
# This operation affects all users, groups, and roles that the policy is
|
|
9142
9816
|
# attached to. To list the users, groups, and roles that the policy is
|
|
9143
|
-
# attached to, use
|
|
9817
|
+
# attached to, use ListEntitiesForPolicy.
|
|
9144
9818
|
#
|
|
9145
|
-
# For information about managed policies, see [Managed
|
|
9146
|
-
#
|
|
9819
|
+
# For information about managed policies, see [Managed policies and
|
|
9820
|
+
# inline policies][1] in the *IAM User Guide*.
|
|
9147
9821
|
#
|
|
9148
9822
|
#
|
|
9149
9823
|
#
|
|
@@ -9153,8 +9827,8 @@ module Aws::IAM
|
|
|
9153
9827
|
# The Amazon Resource Name (ARN) of the IAM policy whose default version
|
|
9154
9828
|
# you want to set.
|
|
9155
9829
|
#
|
|
9156
|
-
# For more information about ARNs, see [Amazon Resource Names (ARNs)
|
|
9157
|
-
#
|
|
9830
|
+
# For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
|
|
9831
|
+
# in the *AWS General Reference*.
|
|
9158
9832
|
#
|
|
9159
9833
|
#
|
|
9160
9834
|
#
|
|
@@ -9164,7 +9838,7 @@ module Aws::IAM
|
|
|
9164
9838
|
# The version of the policy to set as the default (operative) version.
|
|
9165
9839
|
#
|
|
9166
9840
|
# For more information about managed policy versions, see [Versioning
|
|
9167
|
-
# for
|
|
9841
|
+
# for managed policies][1] in the *IAM User Guide*.
|
|
9168
9842
|
#
|
|
9169
9843
|
#
|
|
9170
9844
|
#
|
|
@@ -9196,7 +9870,8 @@ module Aws::IAM
|
|
|
9196
9870
|
# `https://sts.amazonaws.com`. AWS recommends using Regional STS
|
|
9197
9871
|
# endpoints to reduce latency, build in redundancy, and increase session
|
|
9198
9872
|
# token availability. For information about Regional endpoints for STS,
|
|
9199
|
-
# see [AWS
|
|
9873
|
+
# see [AWS AWS Security Token Service endpoints and quotas][1] in the
|
|
9874
|
+
# *AWS General Reference*.
|
|
9200
9875
|
#
|
|
9201
9876
|
# If you make an STS call to the global endpoint, the resulting session
|
|
9202
9877
|
# tokens might be valid in some Regions but not others. It depends on
|
|
@@ -9205,8 +9880,8 @@ module Aws::IAM
|
|
|
9205
9880
|
# work in manually enabled Regions, such as Asia Pacific (Hong Kong).
|
|
9206
9881
|
# Version 2 tokens are valid in all Regions. However, version 2 tokens
|
|
9207
9882
|
# are longer and might affect systems where you temporarily store
|
|
9208
|
-
# tokens. For information, see [Activating and
|
|
9209
|
-
# AWS
|
|
9883
|
+
# tokens. For information, see [Activating and deactivating STS in an
|
|
9884
|
+
# AWS region][2] in the *IAM User Guide*.
|
|
9210
9885
|
#
|
|
9211
9886
|
# To view the current session token version, see the
|
|
9212
9887
|
# `GlobalEndpointTokenVersion` entry in the response of the
|
|
@@ -9214,7 +9889,7 @@ module Aws::IAM
|
|
|
9214
9889
|
#
|
|
9215
9890
|
#
|
|
9216
9891
|
#
|
|
9217
|
-
# [1]: https://docs.aws.amazon.com/general/latest/gr/
|
|
9892
|
+
# [1]: https://docs.aws.amazon.com/general/latest/gr/sts.html
|
|
9218
9893
|
# [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html
|
|
9219
9894
|
#
|
|
9220
9895
|
# @option params [required, String] :global_endpoint_token_version
|
|
@@ -9225,8 +9900,8 @@ module Aws::IAM
|
|
|
9225
9900
|
# are longer and might affect systems where you temporarily store
|
|
9226
9901
|
# tokens.
|
|
9227
9902
|
#
|
|
9228
|
-
# For information, see [Activating and
|
|
9229
|
-
#
|
|
9903
|
+
# For information, see [Activating and deactivating STS in an AWS
|
|
9904
|
+
# region][1] in the *IAM User Guide*.
|
|
9230
9905
|
#
|
|
9231
9906
|
#
|
|
9232
9907
|
#
|
|
@@ -9265,7 +9940,8 @@ module Aws::IAM
|
|
|
9265
9940
|
#
|
|
9266
9941
|
# The simulation does not perform the API operations; it only checks the
|
|
9267
9942
|
# authorization to determine if the simulated policies allow or deny the
|
|
9268
|
-
# operations.
|
|
9943
|
+
# operations. You can simulate resources that don't exist in your
|
|
9944
|
+
# account.
|
|
9269
9945
|
#
|
|
9270
9946
|
# If you want to simulate existing policies that are attached to an IAM
|
|
9271
9947
|
# user, group, or role, use SimulatePrincipalPolicy instead.
|
|
@@ -9279,6 +9955,14 @@ module Aws::IAM
|
|
|
9279
9955
|
# If the output is long, you can use `MaxItems` and `Marker` parameters
|
|
9280
9956
|
# to paginate the results.
|
|
9281
9957
|
#
|
|
9958
|
+
# For more information about using the policy simulator, see [Testing
|
|
9959
|
+
# IAM policies with the IAM policy simulator ][1]in the *IAM User
|
|
9960
|
+
# Guide*.
|
|
9961
|
+
#
|
|
9962
|
+
#
|
|
9963
|
+
#
|
|
9964
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_testing-policies.html
|
|
9965
|
+
#
|
|
9282
9966
|
# @option params [required, Array<String>] :policy_input_list
|
|
9283
9967
|
# A list of policy documents to include in the simulation. Each document
|
|
9284
9968
|
# is specified as a string containing the complete, valid JSON text of
|
|
@@ -9313,7 +9997,7 @@ module Aws::IAM
|
|
|
9313
9997
|
# boundary sets the maximum permissions that an IAM entity can have. You
|
|
9314
9998
|
# can input only one permissions boundary when you pass a policy to this
|
|
9315
9999
|
# operation. For more information about permissions boundaries, see
|
|
9316
|
-
# [Permissions
|
|
10000
|
+
# [Permissions boundaries for IAM entities][1] in the *IAM User Guide*.
|
|
9317
10001
|
# The policy input is specified as a string that contains the complete,
|
|
9318
10002
|
# valid JSON text of a permissions boundary policy.
|
|
9319
10003
|
#
|
|
@@ -9346,7 +10030,8 @@ module Aws::IAM
|
|
|
9346
10030
|
# resources). Each API in the `ActionNames` parameter is evaluated for
|
|
9347
10031
|
# each resource in this list. The simulation determines the access
|
|
9348
10032
|
# result (allowed or denied) of each combination and reports it in the
|
|
9349
|
-
# response.
|
|
10033
|
+
# response. You can simulate resources that don't exist in your
|
|
10034
|
+
# account.
|
|
9350
10035
|
#
|
|
9351
10036
|
# The simulation does not automatically retrieve policies for the
|
|
9352
10037
|
# specified resources. If you want to include a resource policy in the
|
|
@@ -9357,8 +10042,8 @@ module Aws::IAM
|
|
|
9357
10042
|
# of the resources included in the simulation or you receive an invalid
|
|
9358
10043
|
# input error.
|
|
9359
10044
|
#
|
|
9360
|
-
# For more information about ARNs, see [Amazon Resource Names (ARNs)
|
|
9361
|
-
#
|
|
10045
|
+
# For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
|
|
10046
|
+
# in the *AWS General Reference*.
|
|
9362
10047
|
#
|
|
9363
10048
|
#
|
|
9364
10049
|
#
|
|
@@ -9434,7 +10119,7 @@ module Aws::IAM
|
|
|
9434
10119
|
# includes VPC, then you must supply the network-interface resource. If
|
|
9435
10120
|
# it includes an IP subnet, then you must specify the subnet resource.
|
|
9436
10121
|
# For more information on the EC2 scenario options, see [Supported
|
|
9437
|
-
#
|
|
10122
|
+
# platforms][1] in the *Amazon EC2 User Guide*.
|
|
9438
10123
|
#
|
|
9439
10124
|
# * **EC2-Classic-InstanceStore**
|
|
9440
10125
|
#
|
|
@@ -9562,7 +10247,8 @@ module Aws::IAM
|
|
|
9562
10247
|
# policies' effective permissions. The entity can be an IAM user,
|
|
9563
10248
|
# group, or role. If you specify a user, then the simulation also
|
|
9564
10249
|
# includes all of the policies that are attached to groups that the user
|
|
9565
|
-
# belongs to.
|
|
10250
|
+
# belongs to. You can simulate resources that don't exist in your
|
|
10251
|
+
# account.
|
|
9566
10252
|
#
|
|
9567
10253
|
# You can optionally include a list of one or more additional policies
|
|
9568
10254
|
# specified as strings to include in the simulation. If you want to
|
|
@@ -9576,8 +10262,8 @@ module Aws::IAM
|
|
|
9576
10262
|
# authorization to determine if the simulated policies allow or deny the
|
|
9577
10263
|
# operations.
|
|
9578
10264
|
#
|
|
9579
|
-
# **Note:** This
|
|
9580
|
-
# to other users. If you do not want users to see other user's
|
|
10265
|
+
# **Note:** This operation discloses information about the permissions
|
|
10266
|
+
# granted to other users. If you do not want users to see other user's
|
|
9581
10267
|
# permissions, then consider allowing them to use SimulateCustomPolicy
|
|
9582
10268
|
# instead.
|
|
9583
10269
|
#
|
|
@@ -9590,6 +10276,14 @@ module Aws::IAM
|
|
|
9590
10276
|
# If the output is long, you can use the `MaxItems` and `Marker`
|
|
9591
10277
|
# parameters to paginate the results.
|
|
9592
10278
|
#
|
|
10279
|
+
# For more information about using the policy simulator, see [Testing
|
|
10280
|
+
# IAM policies with the IAM policy simulator ][1]in the *IAM User
|
|
10281
|
+
# Guide*.
|
|
10282
|
+
#
|
|
10283
|
+
#
|
|
10284
|
+
#
|
|
10285
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_testing-policies.html
|
|
10286
|
+
#
|
|
9593
10287
|
# @option params [required, String] :policy_source_arn
|
|
9594
10288
|
# The Amazon Resource Name (ARN) of a user, group, or role whose
|
|
9595
10289
|
# policies you want to include in the simulation. If you specify a user,
|
|
@@ -9598,8 +10292,8 @@ module Aws::IAM
|
|
|
9598
10292
|
# also includes all policies that are attached to any groups the user
|
|
9599
10293
|
# belongs to.
|
|
9600
10294
|
#
|
|
9601
|
-
# For more information about ARNs, see [Amazon Resource Names (ARNs)
|
|
9602
|
-
#
|
|
10295
|
+
# For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
|
|
10296
|
+
# in the *AWS General Reference*.
|
|
9603
10297
|
#
|
|
9604
10298
|
#
|
|
9605
10299
|
#
|
|
@@ -9635,7 +10329,7 @@ module Aws::IAM
|
|
|
9635
10329
|
# to an entity and you pass in a different permissions boundary policy
|
|
9636
10330
|
# using this parameter, then the new permissions boundary policy is used
|
|
9637
10331
|
# for the simulation. For more information about permissions boundaries,
|
|
9638
|
-
# see [Permissions
|
|
10332
|
+
# see [Permissions boundaries for IAM entities][1] in the *IAM User
|
|
9639
10333
|
# Guide*. The policy input is specified as a string containing the
|
|
9640
10334
|
# complete, valid JSON text of a permissions boundary policy.
|
|
9641
10335
|
#
|
|
@@ -9667,15 +10361,16 @@ module Aws::IAM
|
|
|
9667
10361
|
# resources). Each API in the `ActionNames` parameter is evaluated for
|
|
9668
10362
|
# each resource in this list. The simulation determines the access
|
|
9669
10363
|
# result (allowed or denied) of each combination and reports it in the
|
|
9670
|
-
# response.
|
|
10364
|
+
# response. You can simulate resources that don't exist in your
|
|
10365
|
+
# account.
|
|
9671
10366
|
#
|
|
9672
10367
|
# The simulation does not automatically retrieve policies for the
|
|
9673
10368
|
# specified resources. If you want to include a resource policy in the
|
|
9674
10369
|
# simulation, then you must include the policy as a string in the
|
|
9675
10370
|
# `ResourcePolicy` parameter.
|
|
9676
10371
|
#
|
|
9677
|
-
# For more information about ARNs, see [Amazon Resource Names (ARNs)
|
|
9678
|
-
#
|
|
10372
|
+
# For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
|
|
10373
|
+
# in the *AWS General Reference*.
|
|
9679
10374
|
#
|
|
9680
10375
|
#
|
|
9681
10376
|
#
|
|
@@ -9733,8 +10428,8 @@ module Aws::IAM
|
|
|
9733
10428
|
# that the resource-based policy's `Principal` element has a value to
|
|
9734
10429
|
# use in evaluating the policy.
|
|
9735
10430
|
#
|
|
9736
|
-
# For more information about ARNs, see [Amazon Resource Names (ARNs)
|
|
9737
|
-
#
|
|
10431
|
+
# For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
|
|
10432
|
+
# in the *AWS General Reference*.
|
|
9738
10433
|
#
|
|
9739
10434
|
#
|
|
9740
10435
|
#
|
|
@@ -9761,7 +10456,7 @@ module Aws::IAM
|
|
|
9761
10456
|
# includes VPC, then you must supply the network interface resource. If
|
|
9762
10457
|
# it includes an IP subnet, then you must specify the subnet resource.
|
|
9763
10458
|
# For more information on the EC2 scenario options, see [Supported
|
|
9764
|
-
#
|
|
10459
|
+
# platforms][1] in the *Amazon EC2 User Guide*.
|
|
9765
10460
|
#
|
|
9766
10461
|
# * **EC2-Classic-InstanceStore**
|
|
9767
10462
|
#
|
|
@@ -9885,6 +10580,309 @@ module Aws::IAM
|
|
|
9885
10580
|
req.send_request(options)
|
|
9886
10581
|
end
|
|
9887
10582
|
|
|
10583
|
+
# Adds one or more tags to an IAM instance profile. If a tag with the
|
|
10584
|
+
# same key name already exists, then that tag is overwritten with the
|
|
10585
|
+
# new value.
|
|
10586
|
+
#
|
|
10587
|
+
# Each tag consists of a key name and an associated value. By assigning
|
|
10588
|
+
# tags to your resources, you can do the following:
|
|
10589
|
+
#
|
|
10590
|
+
# * **Administrative grouping and discovery** - Attach tags to resources
|
|
10591
|
+
# to aid in organization and search. For example, you could search for
|
|
10592
|
+
# all resources with the key name *Project* and the value
|
|
10593
|
+
# *MyImportantProject*. Or search for all resources with the key name
|
|
10594
|
+
# *Cost Center* and the value *41200*.
|
|
10595
|
+
#
|
|
10596
|
+
# * **Access control** - Include tags in IAM user-based and
|
|
10597
|
+
# resource-based policies. You can use tags to restrict access to only
|
|
10598
|
+
# an IAM instance profile that has a specified tag attached. For
|
|
10599
|
+
# examples of policies that show how to use tags to control access,
|
|
10600
|
+
# see [Control access using IAM tags][1] in the *IAM User Guide*.
|
|
10601
|
+
#
|
|
10602
|
+
# <note markdown="1"> * If any one of the tags is invalid or if you exceed the allowed
|
|
10603
|
+
# maximum number of tags, then the entire request fails and the
|
|
10604
|
+
# resource is not created. For more information about tagging, see
|
|
10605
|
+
# [Tagging IAM resources][2] in the *IAM User Guide*.
|
|
10606
|
+
#
|
|
10607
|
+
# * AWS always interprets the tag `Value` as a single string. If you
|
|
10608
|
+
# need to store an array, you can store comma-separated values in the
|
|
10609
|
+
# string. However, you must interpret the value in your code.
|
|
10610
|
+
#
|
|
10611
|
+
# </note>
|
|
10612
|
+
#
|
|
10613
|
+
#
|
|
10614
|
+
#
|
|
10615
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html
|
|
10616
|
+
# [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
|
|
10617
|
+
#
|
|
10618
|
+
# @option params [required, String] :instance_profile_name
|
|
10619
|
+
# The name of the IAM instance profile to which you want to add tags.
|
|
10620
|
+
#
|
|
10621
|
+
# This parameter accepts (through its [regex pattern][1]) a string of
|
|
10622
|
+
# characters that consist of upper and lowercase alphanumeric characters
|
|
10623
|
+
# with no spaces. You can also include any of the following characters:
|
|
10624
|
+
# =,.@-
|
|
10625
|
+
#
|
|
10626
|
+
#
|
|
10627
|
+
#
|
|
10628
|
+
# [1]: http://wikipedia.org/wiki/regex
|
|
10629
|
+
#
|
|
10630
|
+
# @option params [required, Array<Types::Tag>] :tags
|
|
10631
|
+
# The list of tags that you want to attach to the IAM instance profile.
|
|
10632
|
+
# Each tag consists of a key name and an associated value.
|
|
10633
|
+
#
|
|
10634
|
+
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
|
10635
|
+
#
|
|
10636
|
+
# @example Request syntax with placeholder values
|
|
10637
|
+
#
|
|
10638
|
+
# resp = client.tag_instance_profile({
|
|
10639
|
+
# instance_profile_name: "instanceProfileNameType", # required
|
|
10640
|
+
# tags: [ # required
|
|
10641
|
+
# {
|
|
10642
|
+
# key: "tagKeyType", # required
|
|
10643
|
+
# value: "tagValueType", # required
|
|
10644
|
+
# },
|
|
10645
|
+
# ],
|
|
10646
|
+
# })
|
|
10647
|
+
#
|
|
10648
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/TagInstanceProfile AWS API Documentation
|
|
10649
|
+
#
|
|
10650
|
+
# @overload tag_instance_profile(params = {})
|
|
10651
|
+
# @param [Hash] params ({})
|
|
10652
|
+
def tag_instance_profile(params = {}, options = {})
|
|
10653
|
+
req = build_request(:tag_instance_profile, params)
|
|
10654
|
+
req.send_request(options)
|
|
10655
|
+
end
|
|
10656
|
+
|
|
10657
|
+
# Adds one or more tags to an IAM virtual multi-factor authentication
|
|
10658
|
+
# (MFA) device. If a tag with the same key name already exists, then
|
|
10659
|
+
# that tag is overwritten with the new value.
|
|
10660
|
+
#
|
|
10661
|
+
# A tag consists of a key name and an associated value. By assigning
|
|
10662
|
+
# tags to your resources, you can do the following:
|
|
10663
|
+
#
|
|
10664
|
+
# * **Administrative grouping and discovery** - Attach tags to resources
|
|
10665
|
+
# to aid in organization and search. For example, you could search for
|
|
10666
|
+
# all resources with the key name *Project* and the value
|
|
10667
|
+
# *MyImportantProject*. Or search for all resources with the key name
|
|
10668
|
+
# *Cost Center* and the value *41200*.
|
|
10669
|
+
#
|
|
10670
|
+
# * **Access control** - Include tags in IAM user-based and
|
|
10671
|
+
# resource-based policies. You can use tags to restrict access to only
|
|
10672
|
+
# an IAM virtual MFA device that has a specified tag attached. For
|
|
10673
|
+
# examples of policies that show how to use tags to control access,
|
|
10674
|
+
# see [Control access using IAM tags][1] in the *IAM User Guide*.
|
|
10675
|
+
#
|
|
10676
|
+
# <note markdown="1"> * If any one of the tags is invalid or if you exceed the allowed
|
|
10677
|
+
# maximum number of tags, then the entire request fails and the
|
|
10678
|
+
# resource is not created. For more information about tagging, see
|
|
10679
|
+
# [Tagging IAM resources][2] in the *IAM User Guide*.
|
|
10680
|
+
#
|
|
10681
|
+
# * AWS always interprets the tag `Value` as a single string. If you
|
|
10682
|
+
# need to store an array, you can store comma-separated values in the
|
|
10683
|
+
# string. However, you must interpret the value in your code.
|
|
10684
|
+
#
|
|
10685
|
+
# </note>
|
|
10686
|
+
#
|
|
10687
|
+
#
|
|
10688
|
+
#
|
|
10689
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html
|
|
10690
|
+
# [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
|
|
10691
|
+
#
|
|
10692
|
+
# @option params [required, String] :serial_number
|
|
10693
|
+
# The unique identifier for the IAM virtual MFA device to which you want
|
|
10694
|
+
# to add tags. For virtual MFA devices, the serial number is the same as
|
|
10695
|
+
# the ARN.
|
|
10696
|
+
#
|
|
10697
|
+
# This parameter accepts (through its [regex pattern][1]) a string of
|
|
10698
|
+
# characters that consist of upper and lowercase alphanumeric characters
|
|
10699
|
+
# with no spaces. You can also include any of the following characters:
|
|
10700
|
+
# =,.@-
|
|
10701
|
+
#
|
|
10702
|
+
#
|
|
10703
|
+
#
|
|
10704
|
+
# [1]: http://wikipedia.org/wiki/regex
|
|
10705
|
+
#
|
|
10706
|
+
# @option params [required, Array<Types::Tag>] :tags
|
|
10707
|
+
# The list of tags that you want to attach to the IAM virtual MFA
|
|
10708
|
+
# device. Each tag consists of a key name and an associated value.
|
|
10709
|
+
#
|
|
10710
|
+
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
|
10711
|
+
#
|
|
10712
|
+
# @example Request syntax with placeholder values
|
|
10713
|
+
#
|
|
10714
|
+
# resp = client.tag_mfa_device({
|
|
10715
|
+
# serial_number: "serialNumberType", # required
|
|
10716
|
+
# tags: [ # required
|
|
10717
|
+
# {
|
|
10718
|
+
# key: "tagKeyType", # required
|
|
10719
|
+
# value: "tagValueType", # required
|
|
10720
|
+
# },
|
|
10721
|
+
# ],
|
|
10722
|
+
# })
|
|
10723
|
+
#
|
|
10724
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/TagMFADevice AWS API Documentation
|
|
10725
|
+
#
|
|
10726
|
+
# @overload tag_mfa_device(params = {})
|
|
10727
|
+
# @param [Hash] params ({})
|
|
10728
|
+
def tag_mfa_device(params = {}, options = {})
|
|
10729
|
+
req = build_request(:tag_mfa_device, params)
|
|
10730
|
+
req.send_request(options)
|
|
10731
|
+
end
|
|
10732
|
+
|
|
10733
|
+
# Adds one or more tags to an OpenID Connect (OIDC)-compatible identity
|
|
10734
|
+
# provider. For more information about these providers, see [About web
|
|
10735
|
+
# identity federation][1]. If a tag with the same key name already
|
|
10736
|
+
# exists, then that tag is overwritten with the new value.
|
|
10737
|
+
#
|
|
10738
|
+
# A tag consists of a key name and an associated value. By assigning
|
|
10739
|
+
# tags to your resources, you can do the following:
|
|
10740
|
+
#
|
|
10741
|
+
# * **Administrative grouping and discovery** - Attach tags to resources
|
|
10742
|
+
# to aid in organization and search. For example, you could search for
|
|
10743
|
+
# all resources with the key name *Project* and the value
|
|
10744
|
+
# *MyImportantProject*. Or search for all resources with the key name
|
|
10745
|
+
# *Cost Center* and the value *41200*.
|
|
10746
|
+
#
|
|
10747
|
+
# * **Access control** - Include tags in IAM user-based and
|
|
10748
|
+
# resource-based policies. You can use tags to restrict access to only
|
|
10749
|
+
# an OIDC provider that has a specified tag attached. For examples of
|
|
10750
|
+
# policies that show how to use tags to control access, see [Control
|
|
10751
|
+
# access using IAM tags][2] in the *IAM User Guide*.
|
|
10752
|
+
#
|
|
10753
|
+
# <note markdown="1"> * If any one of the tags is invalid or if you exceed the allowed
|
|
10754
|
+
# maximum number of tags, then the entire request fails and the
|
|
10755
|
+
# resource is not created. For more information about tagging, see
|
|
10756
|
+
# [Tagging IAM resources][3] in the *IAM User Guide*.
|
|
10757
|
+
#
|
|
10758
|
+
# * AWS always interprets the tag `Value` as a single string. If you
|
|
10759
|
+
# need to store an array, you can store comma-separated values in the
|
|
10760
|
+
# string. However, you must interpret the value in your code.
|
|
10761
|
+
#
|
|
10762
|
+
# </note>
|
|
10763
|
+
#
|
|
10764
|
+
#
|
|
10765
|
+
#
|
|
10766
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html
|
|
10767
|
+
# [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html
|
|
10768
|
+
# [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
|
|
10769
|
+
#
|
|
10770
|
+
# @option params [required, String] :open_id_connect_provider_arn
|
|
10771
|
+
# The ARN of the OIDC identity provider in IAM to which you want to add
|
|
10772
|
+
# tags.
|
|
10773
|
+
#
|
|
10774
|
+
# This parameter accepts (through its [regex pattern][1]) a string of
|
|
10775
|
+
# characters that consist of upper and lowercase alphanumeric characters
|
|
10776
|
+
# with no spaces. You can also include any of the following characters:
|
|
10777
|
+
# =,.@-
|
|
10778
|
+
#
|
|
10779
|
+
#
|
|
10780
|
+
#
|
|
10781
|
+
# [1]: http://wikipedia.org/wiki/regex
|
|
10782
|
+
#
|
|
10783
|
+
# @option params [required, Array<Types::Tag>] :tags
|
|
10784
|
+
# The list of tags that you want to attach to the OIDC identity provider
|
|
10785
|
+
# in IAM. Each tag consists of a key name and an associated value.
|
|
10786
|
+
#
|
|
10787
|
+
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
|
10788
|
+
#
|
|
10789
|
+
# @example Request syntax with placeholder values
|
|
10790
|
+
#
|
|
10791
|
+
# resp = client.tag_open_id_connect_provider({
|
|
10792
|
+
# open_id_connect_provider_arn: "arnType", # required
|
|
10793
|
+
# tags: [ # required
|
|
10794
|
+
# {
|
|
10795
|
+
# key: "tagKeyType", # required
|
|
10796
|
+
# value: "tagValueType", # required
|
|
10797
|
+
# },
|
|
10798
|
+
# ],
|
|
10799
|
+
# })
|
|
10800
|
+
#
|
|
10801
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/TagOpenIDConnectProvider AWS API Documentation
|
|
10802
|
+
#
|
|
10803
|
+
# @overload tag_open_id_connect_provider(params = {})
|
|
10804
|
+
# @param [Hash] params ({})
|
|
10805
|
+
def tag_open_id_connect_provider(params = {}, options = {})
|
|
10806
|
+
req = build_request(:tag_open_id_connect_provider, params)
|
|
10807
|
+
req.send_request(options)
|
|
10808
|
+
end
|
|
10809
|
+
|
|
10810
|
+
# Adds one or more tags to an IAM customer managed policy. If a tag with
|
|
10811
|
+
# the same key name already exists, then that tag is overwritten with
|
|
10812
|
+
# the new value.
|
|
10813
|
+
#
|
|
10814
|
+
# A tag consists of a key name and an associated value. By assigning
|
|
10815
|
+
# tags to your resources, you can do the following:
|
|
10816
|
+
#
|
|
10817
|
+
# * **Administrative grouping and discovery** - Attach tags to resources
|
|
10818
|
+
# to aid in organization and search. For example, you could search for
|
|
10819
|
+
# all resources with the key name *Project* and the value
|
|
10820
|
+
# *MyImportantProject*. Or search for all resources with the key name
|
|
10821
|
+
# *Cost Center* and the value *41200*.
|
|
10822
|
+
#
|
|
10823
|
+
# * **Access control** - Include tags in IAM user-based and
|
|
10824
|
+
# resource-based policies. You can use tags to restrict access to only
|
|
10825
|
+
# an IAM customer managed policy that has a specified tag attached.
|
|
10826
|
+
# For examples of policies that show how to use tags to control
|
|
10827
|
+
# access, see [Control access using IAM tags][1] in the *IAM User
|
|
10828
|
+
# Guide*.
|
|
10829
|
+
#
|
|
10830
|
+
# <note markdown="1"> * If any one of the tags is invalid or if you exceed the allowed
|
|
10831
|
+
# maximum number of tags, then the entire request fails and the
|
|
10832
|
+
# resource is not created. For more information about tagging, see
|
|
10833
|
+
# [Tagging IAM resources][2] in the *IAM User Guide*.
|
|
10834
|
+
#
|
|
10835
|
+
# * AWS always interprets the tag `Value` as a single string. If you
|
|
10836
|
+
# need to store an array, you can store comma-separated values in the
|
|
10837
|
+
# string. However, you must interpret the value in your code.
|
|
10838
|
+
#
|
|
10839
|
+
# </note>
|
|
10840
|
+
#
|
|
10841
|
+
#
|
|
10842
|
+
#
|
|
10843
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html
|
|
10844
|
+
# [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
|
|
10845
|
+
#
|
|
10846
|
+
# @option params [required, String] :policy_arn
|
|
10847
|
+
# The ARN of the IAM customer managed policy to which you want to add
|
|
10848
|
+
# tags.
|
|
10849
|
+
#
|
|
10850
|
+
# This parameter accepts (through its [regex pattern][1]) a string of
|
|
10851
|
+
# characters that consist of upper and lowercase alphanumeric characters
|
|
10852
|
+
# with no spaces. You can also include any of the following characters:
|
|
10853
|
+
# =,.@-
|
|
10854
|
+
#
|
|
10855
|
+
#
|
|
10856
|
+
#
|
|
10857
|
+
# [1]: http://wikipedia.org/wiki/regex
|
|
10858
|
+
#
|
|
10859
|
+
# @option params [required, Array<Types::Tag>] :tags
|
|
10860
|
+
# The list of tags that you want to attach to the IAM customer managed
|
|
10861
|
+
# policy. Each tag consists of a key name and an associated value.
|
|
10862
|
+
#
|
|
10863
|
+
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
|
10864
|
+
#
|
|
10865
|
+
# @example Request syntax with placeholder values
|
|
10866
|
+
#
|
|
10867
|
+
# resp = client.tag_policy({
|
|
10868
|
+
# policy_arn: "arnType", # required
|
|
10869
|
+
# tags: [ # required
|
|
10870
|
+
# {
|
|
10871
|
+
# key: "tagKeyType", # required
|
|
10872
|
+
# value: "tagValueType", # required
|
|
10873
|
+
# },
|
|
10874
|
+
# ],
|
|
10875
|
+
# })
|
|
10876
|
+
#
|
|
10877
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/TagPolicy AWS API Documentation
|
|
10878
|
+
#
|
|
10879
|
+
# @overload tag_policy(params = {})
|
|
10880
|
+
# @param [Hash] params ({})
|
|
10881
|
+
def tag_policy(params = {}, options = {})
|
|
10882
|
+
req = build_request(:tag_policy, params)
|
|
10883
|
+
req.send_request(options)
|
|
10884
|
+
end
|
|
10885
|
+
|
|
9888
10886
|
# Adds one or more tags to an IAM role. The role can be a regular role
|
|
9889
10887
|
# or a service-linked role. If a tag with the same key name already
|
|
9890
10888
|
# exists, then that tag is overwritten with the new value.
|
|
@@ -9898,20 +10896,20 @@ module Aws::IAM
|
|
|
9898
10896
|
# *MyImportantProject*. Or search for all resources with the key name
|
|
9899
10897
|
# *Cost Center* and the value *41200*.
|
|
9900
10898
|
#
|
|
9901
|
-
# * **Access control** -
|
|
10899
|
+
# * **Access control** - Include tags in IAM user-based and
|
|
9902
10900
|
# resource-based policies. You can use tags to restrict access to only
|
|
9903
|
-
# an IAM
|
|
9904
|
-
#
|
|
9905
|
-
#
|
|
9906
|
-
#
|
|
9907
|
-
# User Guide*.
|
|
10901
|
+
# an IAM role that has a specified tag attached. You can also restrict
|
|
10902
|
+
# access to only those resources that have a certain tag attached. For
|
|
10903
|
+
# examples of policies that show how to use tags to control access,
|
|
10904
|
+
# see [Control access using IAM tags][1] in the *IAM User Guide*.
|
|
9908
10905
|
#
|
|
9909
10906
|
# * **Cost allocation** - Use tags to help track which individuals and
|
|
9910
10907
|
# teams are using which AWS resources.
|
|
9911
10908
|
#
|
|
9912
|
-
# <note markdown="1"> *
|
|
9913
|
-
#
|
|
9914
|
-
#
|
|
10909
|
+
# <note markdown="1"> * If any one of the tags is invalid or if you exceed the allowed
|
|
10910
|
+
# maximum number of tags, then the entire request fails and the
|
|
10911
|
+
# resource is not created. For more information about tagging, see
|
|
10912
|
+
# [Tagging IAM resources][2] in the *IAM User Guide*.
|
|
9915
10913
|
#
|
|
9916
10914
|
# * AWS always interprets the tag `Value` as a single string. If you
|
|
9917
10915
|
# need to store an array, you can store comma-separated values in the
|
|
@@ -9919,7 +10917,7 @@ module Aws::IAM
|
|
|
9919
10917
|
#
|
|
9920
10918
|
# </note>
|
|
9921
10919
|
#
|
|
9922
|
-
# For more information about tagging, see [Tagging IAM
|
|
10920
|
+
# For more information about tagging, see [Tagging IAM identities][2] in
|
|
9923
10921
|
# the *IAM User Guide*.
|
|
9924
10922
|
#
|
|
9925
10923
|
#
|
|
@@ -9928,47 +10926,209 @@ module Aws::IAM
|
|
|
9928
10926
|
# [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
|
|
9929
10927
|
#
|
|
9930
10928
|
# @option params [required, String] :role_name
|
|
9931
|
-
# The name of the role
|
|
10929
|
+
# The name of the IAM role to which you want to add tags.
|
|
10930
|
+
#
|
|
10931
|
+
# This parameter accepts (through its [regex pattern][1]) a string of
|
|
10932
|
+
# characters that consist of upper and lowercase alphanumeric characters
|
|
10933
|
+
# with no spaces. You can also include any of the following characters:
|
|
10934
|
+
# \_+=,.@-
|
|
10935
|
+
#
|
|
10936
|
+
#
|
|
10937
|
+
#
|
|
10938
|
+
# [1]: http://wikipedia.org/wiki/regex
|
|
10939
|
+
#
|
|
10940
|
+
# @option params [required, Array<Types::Tag>] :tags
|
|
10941
|
+
# The list of tags that you want to attach to the IAM role. Each tag
|
|
10942
|
+
# consists of a key name and an associated value.
|
|
10943
|
+
#
|
|
10944
|
+
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
|
10945
|
+
#
|
|
10946
|
+
#
|
|
10947
|
+
# @example Example: To add a tag key and value to an IAM role
|
|
10948
|
+
#
|
|
10949
|
+
# # The following example shows how to add tags to an existing role.
|
|
10950
|
+
#
|
|
10951
|
+
# resp = client.tag_role({
|
|
10952
|
+
# role_name: "taggedrole",
|
|
10953
|
+
# tags: [
|
|
10954
|
+
# {
|
|
10955
|
+
# key: "Dept",
|
|
10956
|
+
# value: "Accounting",
|
|
10957
|
+
# },
|
|
10958
|
+
# {
|
|
10959
|
+
# key: "CostCenter",
|
|
10960
|
+
# value: "12345",
|
|
10961
|
+
# },
|
|
10962
|
+
# ],
|
|
10963
|
+
# })
|
|
10964
|
+
#
|
|
10965
|
+
# @example Request syntax with placeholder values
|
|
10966
|
+
#
|
|
10967
|
+
# resp = client.tag_role({
|
|
10968
|
+
# role_name: "roleNameType", # required
|
|
10969
|
+
# tags: [ # required
|
|
10970
|
+
# {
|
|
10971
|
+
# key: "tagKeyType", # required
|
|
10972
|
+
# value: "tagValueType", # required
|
|
10973
|
+
# },
|
|
10974
|
+
# ],
|
|
10975
|
+
# })
|
|
10976
|
+
#
|
|
10977
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/TagRole AWS API Documentation
|
|
10978
|
+
#
|
|
10979
|
+
# @overload tag_role(params = {})
|
|
10980
|
+
# @param [Hash] params ({})
|
|
10981
|
+
def tag_role(params = {}, options = {})
|
|
10982
|
+
req = build_request(:tag_role, params)
|
|
10983
|
+
req.send_request(options)
|
|
10984
|
+
end
|
|
10985
|
+
|
|
10986
|
+
# Adds one or more tags to a Security Assertion Markup Language (SAML)
|
|
10987
|
+
# identity provider. For more information about these providers, see
|
|
10988
|
+
# [About SAML 2.0-based federation ][1]. If a tag with the same key name
|
|
10989
|
+
# already exists, then that tag is overwritten with the new value.
|
|
10990
|
+
#
|
|
10991
|
+
# A tag consists of a key name and an associated value. By assigning
|
|
10992
|
+
# tags to your resources, you can do the following:
|
|
10993
|
+
#
|
|
10994
|
+
# * **Administrative grouping and discovery** - Attach tags to resources
|
|
10995
|
+
# to aid in organization and search. For example, you could search for
|
|
10996
|
+
# all resources with the key name *Project* and the value
|
|
10997
|
+
# *MyImportantProject*. Or search for all resources with the key name
|
|
10998
|
+
# *Cost Center* and the value *41200*.
|
|
10999
|
+
#
|
|
11000
|
+
# * **Access control** - Include tags in IAM user-based and
|
|
11001
|
+
# resource-based policies. You can use tags to restrict access to only
|
|
11002
|
+
# a SAML identity provider that has a specified tag attached. For
|
|
11003
|
+
# examples of policies that show how to use tags to control access,
|
|
11004
|
+
# see [Control access using IAM tags][2] in the *IAM User Guide*.
|
|
11005
|
+
#
|
|
11006
|
+
# <note markdown="1"> * If any one of the tags is invalid or if you exceed the allowed
|
|
11007
|
+
# maximum number of tags, then the entire request fails and the
|
|
11008
|
+
# resource is not created. For more information about tagging, see
|
|
11009
|
+
# [Tagging IAM resources][3] in the *IAM User Guide*.
|
|
11010
|
+
#
|
|
11011
|
+
# * AWS always interprets the tag `Value` as a single string. If you
|
|
11012
|
+
# need to store an array, you can store comma-separated values in the
|
|
11013
|
+
# string. However, you must interpret the value in your code.
|
|
11014
|
+
#
|
|
11015
|
+
# </note>
|
|
11016
|
+
#
|
|
11017
|
+
#
|
|
11018
|
+
#
|
|
11019
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html
|
|
11020
|
+
# [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html
|
|
11021
|
+
# [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
|
|
11022
|
+
#
|
|
11023
|
+
# @option params [required, String] :saml_provider_arn
|
|
11024
|
+
# The ARN of the SAML identity provider in IAM to which you want to add
|
|
11025
|
+
# tags.
|
|
11026
|
+
#
|
|
11027
|
+
# This parameter accepts (through its [regex pattern][1]) a string of
|
|
11028
|
+
# characters that consist of upper and lowercase alphanumeric characters
|
|
11029
|
+
# with no spaces. You can also include any of the following characters:
|
|
11030
|
+
# =,.@-
|
|
11031
|
+
#
|
|
11032
|
+
#
|
|
11033
|
+
#
|
|
11034
|
+
# [1]: http://wikipedia.org/wiki/regex
|
|
11035
|
+
#
|
|
11036
|
+
# @option params [required, Array<Types::Tag>] :tags
|
|
11037
|
+
# The list of tags that you want to attach to the SAML identity provider
|
|
11038
|
+
# in IAM. Each tag consists of a key name and an associated value.
|
|
11039
|
+
#
|
|
11040
|
+
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
|
11041
|
+
#
|
|
11042
|
+
# @example Request syntax with placeholder values
|
|
11043
|
+
#
|
|
11044
|
+
# resp = client.tag_saml_provider({
|
|
11045
|
+
# saml_provider_arn: "arnType", # required
|
|
11046
|
+
# tags: [ # required
|
|
11047
|
+
# {
|
|
11048
|
+
# key: "tagKeyType", # required
|
|
11049
|
+
# value: "tagValueType", # required
|
|
11050
|
+
# },
|
|
11051
|
+
# ],
|
|
11052
|
+
# })
|
|
11053
|
+
#
|
|
11054
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/TagSAMLProvider AWS API Documentation
|
|
11055
|
+
#
|
|
11056
|
+
# @overload tag_saml_provider(params = {})
|
|
11057
|
+
# @param [Hash] params ({})
|
|
11058
|
+
def tag_saml_provider(params = {}, options = {})
|
|
11059
|
+
req = build_request(:tag_saml_provider, params)
|
|
11060
|
+
req.send_request(options)
|
|
11061
|
+
end
|
|
11062
|
+
|
|
11063
|
+
# Adds one or more tags to an IAM server certificate. If a tag with the
|
|
11064
|
+
# same key name already exists, then that tag is overwritten with the
|
|
11065
|
+
# new value.
|
|
11066
|
+
#
|
|
11067
|
+
# <note markdown="1"> For certificates in a Region supported by AWS Certificate Manager
|
|
11068
|
+
# (ACM), we recommend that you don't use IAM server certificates.
|
|
11069
|
+
# Instead, use ACM to provision, manage, and deploy your server
|
|
11070
|
+
# certificates. For more information about IAM server certificates,
|
|
11071
|
+
# [Working with server certificates][1] in the *IAM User Guide*.
|
|
11072
|
+
#
|
|
11073
|
+
# </note>
|
|
11074
|
+
#
|
|
11075
|
+
# A tag consists of a key name and an associated value. By assigning
|
|
11076
|
+
# tags to your resources, you can do the following:
|
|
11077
|
+
#
|
|
11078
|
+
# * **Administrative grouping and discovery** - Attach tags to resources
|
|
11079
|
+
# to aid in organization and search. For example, you could search for
|
|
11080
|
+
# all resources with the key name *Project* and the value
|
|
11081
|
+
# *MyImportantProject*. Or search for all resources with the key name
|
|
11082
|
+
# *Cost Center* and the value *41200*.
|
|
11083
|
+
#
|
|
11084
|
+
# * **Access control** - Include tags in IAM user-based and
|
|
11085
|
+
# resource-based policies. You can use tags to restrict access to only
|
|
11086
|
+
# a server certificate that has a specified tag attached. For examples
|
|
11087
|
+
# of policies that show how to use tags to control access, see
|
|
11088
|
+
# [Control access using IAM tags][2] in the *IAM User Guide*.
|
|
11089
|
+
#
|
|
11090
|
+
# * **Cost allocation** - Use tags to help track which individuals and
|
|
11091
|
+
# teams are using which AWS resources.
|
|
11092
|
+
#
|
|
11093
|
+
# <note markdown="1"> * If any one of the tags is invalid or if you exceed the allowed
|
|
11094
|
+
# maximum number of tags, then the entire request fails and the
|
|
11095
|
+
# resource is not created. For more information about tagging, see
|
|
11096
|
+
# [Tagging IAM resources][3] in the *IAM User Guide*.
|
|
11097
|
+
#
|
|
11098
|
+
# * AWS always interprets the tag `Value` as a single string. If you
|
|
11099
|
+
# need to store an array, you can store comma-separated values in the
|
|
11100
|
+
# string. However, you must interpret the value in your code.
|
|
11101
|
+
#
|
|
11102
|
+
# </note>
|
|
11103
|
+
#
|
|
11104
|
+
#
|
|
11105
|
+
#
|
|
11106
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html
|
|
11107
|
+
# [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html
|
|
11108
|
+
# [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
|
|
11109
|
+
#
|
|
11110
|
+
# @option params [required, String] :server_certificate_name
|
|
11111
|
+
# The name of the IAM server certificate to which you want to add tags.
|
|
9932
11112
|
#
|
|
9933
11113
|
# This parameter accepts (through its [regex pattern][1]) a string of
|
|
9934
11114
|
# characters that consist of upper and lowercase alphanumeric characters
|
|
9935
11115
|
# with no spaces. You can also include any of the following characters:
|
|
9936
|
-
#
|
|
11116
|
+
# =,.@-
|
|
9937
11117
|
#
|
|
9938
11118
|
#
|
|
9939
11119
|
#
|
|
9940
11120
|
# [1]: http://wikipedia.org/wiki/regex
|
|
9941
11121
|
#
|
|
9942
11122
|
# @option params [required, Array<Types::Tag>] :tags
|
|
9943
|
-
# The list of tags that you want to attach to the
|
|
9944
|
-
# consists of a key name and an associated value.
|
|
9945
|
-
# with a JSON string.
|
|
11123
|
+
# The list of tags that you want to attach to the IAM server
|
|
11124
|
+
# certificate. Each tag consists of a key name and an associated value.
|
|
9946
11125
|
#
|
|
9947
11126
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
|
9948
11127
|
#
|
|
9949
|
-
#
|
|
9950
|
-
# @example Example: To add a tag key and value to an IAM role
|
|
9951
|
-
#
|
|
9952
|
-
# # The following example shows how to add tags to an existing role.
|
|
9953
|
-
#
|
|
9954
|
-
# resp = client.tag_role({
|
|
9955
|
-
# role_name: "taggedrole",
|
|
9956
|
-
# tags: [
|
|
9957
|
-
# {
|
|
9958
|
-
# key: "Dept",
|
|
9959
|
-
# value: "Accounting",
|
|
9960
|
-
# },
|
|
9961
|
-
# {
|
|
9962
|
-
# key: "CostCenter",
|
|
9963
|
-
# value: "12345",
|
|
9964
|
-
# },
|
|
9965
|
-
# ],
|
|
9966
|
-
# })
|
|
9967
|
-
#
|
|
9968
11128
|
# @example Request syntax with placeholder values
|
|
9969
11129
|
#
|
|
9970
|
-
# resp = client.
|
|
9971
|
-
#
|
|
11130
|
+
# resp = client.tag_server_certificate({
|
|
11131
|
+
# server_certificate_name: "serverCertificateNameType", # required
|
|
9972
11132
|
# tags: [ # required
|
|
9973
11133
|
# {
|
|
9974
11134
|
# key: "tagKeyType", # required
|
|
@@ -9977,12 +11137,12 @@ module Aws::IAM
|
|
|
9977
11137
|
# ],
|
|
9978
11138
|
# })
|
|
9979
11139
|
#
|
|
9980
|
-
# @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/
|
|
11140
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/TagServerCertificate AWS API Documentation
|
|
9981
11141
|
#
|
|
9982
|
-
# @overload
|
|
11142
|
+
# @overload tag_server_certificate(params = {})
|
|
9983
11143
|
# @param [Hash] params ({})
|
|
9984
|
-
def
|
|
9985
|
-
req = build_request(:
|
|
11144
|
+
def tag_server_certificate(params = {}, options = {})
|
|
11145
|
+
req = build_request(:tag_server_certificate, params)
|
|
9986
11146
|
req.send_request(options)
|
|
9987
11147
|
end
|
|
9988
11148
|
|
|
@@ -9998,20 +11158,21 @@ module Aws::IAM
|
|
|
9998
11158
|
# *MyImportantProject*. Or search for all resources with the key name
|
|
9999
11159
|
# *Cost Center* and the value *41200*.
|
|
10000
11160
|
#
|
|
10001
|
-
# * **Access control** -
|
|
11161
|
+
# * **Access control** - Include tags in IAM user-based and
|
|
10002
11162
|
# resource-based policies. You can use tags to restrict access to only
|
|
10003
|
-
# an IAM requesting user
|
|
10004
|
-
#
|
|
10005
|
-
#
|
|
10006
|
-
#
|
|
10007
|
-
#
|
|
11163
|
+
# an IAM requesting user that has a specified tag attached. You can
|
|
11164
|
+
# also restrict access to only those resources that have a certain tag
|
|
11165
|
+
# attached. For examples of policies that show how to use tags to
|
|
11166
|
+
# control access, see [Control access using IAM tags][1] in the *IAM
|
|
11167
|
+
# User Guide*.
|
|
10008
11168
|
#
|
|
10009
11169
|
# * **Cost allocation** - Use tags to help track which individuals and
|
|
10010
11170
|
# teams are using which AWS resources.
|
|
10011
11171
|
#
|
|
10012
|
-
# <note markdown="1"> *
|
|
10013
|
-
#
|
|
10014
|
-
#
|
|
11172
|
+
# <note markdown="1"> * If any one of the tags is invalid or if you exceed the allowed
|
|
11173
|
+
# maximum number of tags, then the entire request fails and the
|
|
11174
|
+
# resource is not created. For more information about tagging, see
|
|
11175
|
+
# [Tagging IAM resources][2] in the *IAM User Guide*.
|
|
10015
11176
|
#
|
|
10016
11177
|
# * AWS always interprets the tag `Value` as a single string. If you
|
|
10017
11178
|
# need to store an array, you can store comma-separated values in the
|
|
@@ -10019,7 +11180,7 @@ module Aws::IAM
|
|
|
10019
11180
|
#
|
|
10020
11181
|
# </note>
|
|
10021
11182
|
#
|
|
10022
|
-
# For more information about tagging, see [Tagging IAM
|
|
11183
|
+
# For more information about tagging, see [Tagging IAM identities][2] in
|
|
10023
11184
|
# the *IAM User Guide*.
|
|
10024
11185
|
#
|
|
10025
11186
|
#
|
|
@@ -10028,7 +11189,7 @@ module Aws::IAM
|
|
|
10028
11189
|
# [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
|
|
10029
11190
|
#
|
|
10030
11191
|
# @option params [required, String] :user_name
|
|
10031
|
-
# The name of the user
|
|
11192
|
+
# The name of the IAM user to which you want to add tags.
|
|
10032
11193
|
#
|
|
10033
11194
|
# This parameter accepts (through its [regex pattern][1]) a string of
|
|
10034
11195
|
# characters that consist of upper and lowercase alphanumeric characters
|
|
@@ -10040,7 +11201,7 @@ module Aws::IAM
|
|
|
10040
11201
|
# [1]: http://wikipedia.org/wiki/regex
|
|
10041
11202
|
#
|
|
10042
11203
|
# @option params [required, Array<Types::Tag>] :tags
|
|
10043
|
-
# The list of tags that you want to attach to the user. Each tag
|
|
11204
|
+
# The list of tags that you want to attach to the IAM user. Each tag
|
|
10044
11205
|
# consists of a key name and an associated value.
|
|
10045
11206
|
#
|
|
10046
11207
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
|
@@ -10085,8 +11246,184 @@ module Aws::IAM
|
|
|
10085
11246
|
req.send_request(options)
|
|
10086
11247
|
end
|
|
10087
11248
|
|
|
11249
|
+
# Removes the specified tags from the IAM instance profile. For more
|
|
11250
|
+
# information about tagging, see [Tagging IAM resources][1] in the *IAM
|
|
11251
|
+
# User Guide*.
|
|
11252
|
+
#
|
|
11253
|
+
#
|
|
11254
|
+
#
|
|
11255
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
|
|
11256
|
+
#
|
|
11257
|
+
# @option params [required, String] :instance_profile_name
|
|
11258
|
+
# The name of the IAM instance profile from which you want to remove
|
|
11259
|
+
# tags.
|
|
11260
|
+
#
|
|
11261
|
+
# This parameter accepts (through its [regex pattern][1]) a string of
|
|
11262
|
+
# characters that consist of upper and lowercase alphanumeric characters
|
|
11263
|
+
# with no spaces. You can also include any of the following characters:
|
|
11264
|
+
# =,.@-
|
|
11265
|
+
#
|
|
11266
|
+
#
|
|
11267
|
+
#
|
|
11268
|
+
# [1]: http://wikipedia.org/wiki/regex
|
|
11269
|
+
#
|
|
11270
|
+
# @option params [required, Array<String>] :tag_keys
|
|
11271
|
+
# A list of key names as a simple array of strings. The tags with
|
|
11272
|
+
# matching keys are removed from the specified instance profile.
|
|
11273
|
+
#
|
|
11274
|
+
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
|
11275
|
+
#
|
|
11276
|
+
# @example Request syntax with placeholder values
|
|
11277
|
+
#
|
|
11278
|
+
# resp = client.untag_instance_profile({
|
|
11279
|
+
# instance_profile_name: "instanceProfileNameType", # required
|
|
11280
|
+
# tag_keys: ["tagKeyType"], # required
|
|
11281
|
+
# })
|
|
11282
|
+
#
|
|
11283
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UntagInstanceProfile AWS API Documentation
|
|
11284
|
+
#
|
|
11285
|
+
# @overload untag_instance_profile(params = {})
|
|
11286
|
+
# @param [Hash] params ({})
|
|
11287
|
+
def untag_instance_profile(params = {}, options = {})
|
|
11288
|
+
req = build_request(:untag_instance_profile, params)
|
|
11289
|
+
req.send_request(options)
|
|
11290
|
+
end
|
|
11291
|
+
|
|
11292
|
+
# Removes the specified tags from the IAM virtual multi-factor
|
|
11293
|
+
# authentication (MFA) device. For more information about tagging, see
|
|
11294
|
+
# [Tagging IAM resources][1] in the *IAM User Guide*.
|
|
11295
|
+
#
|
|
11296
|
+
#
|
|
11297
|
+
#
|
|
11298
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
|
|
11299
|
+
#
|
|
11300
|
+
# @option params [required, String] :serial_number
|
|
11301
|
+
# The unique identifier for the IAM virtual MFA device from which you
|
|
11302
|
+
# want to remove tags. For virtual MFA devices, the serial number is the
|
|
11303
|
+
# same as the ARN.
|
|
11304
|
+
#
|
|
11305
|
+
# This parameter accepts (through its [regex pattern][1]) a string of
|
|
11306
|
+
# characters that consist of upper and lowercase alphanumeric characters
|
|
11307
|
+
# with no spaces. You can also include any of the following characters:
|
|
11308
|
+
# =,.@-
|
|
11309
|
+
#
|
|
11310
|
+
#
|
|
11311
|
+
#
|
|
11312
|
+
# [1]: http://wikipedia.org/wiki/regex
|
|
11313
|
+
#
|
|
11314
|
+
# @option params [required, Array<String>] :tag_keys
|
|
11315
|
+
# A list of key names as a simple array of strings. The tags with
|
|
11316
|
+
# matching keys are removed from the specified instance profile.
|
|
11317
|
+
#
|
|
11318
|
+
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
|
11319
|
+
#
|
|
11320
|
+
# @example Request syntax with placeholder values
|
|
11321
|
+
#
|
|
11322
|
+
# resp = client.untag_mfa_device({
|
|
11323
|
+
# serial_number: "serialNumberType", # required
|
|
11324
|
+
# tag_keys: ["tagKeyType"], # required
|
|
11325
|
+
# })
|
|
11326
|
+
#
|
|
11327
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UntagMFADevice AWS API Documentation
|
|
11328
|
+
#
|
|
11329
|
+
# @overload untag_mfa_device(params = {})
|
|
11330
|
+
# @param [Hash] params ({})
|
|
11331
|
+
def untag_mfa_device(params = {}, options = {})
|
|
11332
|
+
req = build_request(:untag_mfa_device, params)
|
|
11333
|
+
req.send_request(options)
|
|
11334
|
+
end
|
|
11335
|
+
|
|
11336
|
+
# Removes the specified tags from the specified OpenID Connect
|
|
11337
|
+
# (OIDC)-compatible identity provider in IAM. For more information about
|
|
11338
|
+
# OIDC providers, see [About web identity federation][1]. For more
|
|
11339
|
+
# information about tagging, see [Tagging IAM resources][2] in the *IAM
|
|
11340
|
+
# User Guide*.
|
|
11341
|
+
#
|
|
11342
|
+
#
|
|
11343
|
+
#
|
|
11344
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html
|
|
11345
|
+
# [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
|
|
11346
|
+
#
|
|
11347
|
+
# @option params [required, String] :open_id_connect_provider_arn
|
|
11348
|
+
# The ARN of the OIDC provider in IAM from which you want to remove
|
|
11349
|
+
# tags.
|
|
11350
|
+
#
|
|
11351
|
+
# This parameter accepts (through its [regex pattern][1]) a string of
|
|
11352
|
+
# characters that consist of upper and lowercase alphanumeric characters
|
|
11353
|
+
# with no spaces. You can also include any of the following characters:
|
|
11354
|
+
# =,.@-
|
|
11355
|
+
#
|
|
11356
|
+
#
|
|
11357
|
+
#
|
|
11358
|
+
# [1]: http://wikipedia.org/wiki/regex
|
|
11359
|
+
#
|
|
11360
|
+
# @option params [required, Array<String>] :tag_keys
|
|
11361
|
+
# A list of key names as a simple array of strings. The tags with
|
|
11362
|
+
# matching keys are removed from the specified OIDC provider.
|
|
11363
|
+
#
|
|
11364
|
+
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
|
11365
|
+
#
|
|
11366
|
+
# @example Request syntax with placeholder values
|
|
11367
|
+
#
|
|
11368
|
+
# resp = client.untag_open_id_connect_provider({
|
|
11369
|
+
# open_id_connect_provider_arn: "arnType", # required
|
|
11370
|
+
# tag_keys: ["tagKeyType"], # required
|
|
11371
|
+
# })
|
|
11372
|
+
#
|
|
11373
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UntagOpenIDConnectProvider AWS API Documentation
|
|
11374
|
+
#
|
|
11375
|
+
# @overload untag_open_id_connect_provider(params = {})
|
|
11376
|
+
# @param [Hash] params ({})
|
|
11377
|
+
def untag_open_id_connect_provider(params = {}, options = {})
|
|
11378
|
+
req = build_request(:untag_open_id_connect_provider, params)
|
|
11379
|
+
req.send_request(options)
|
|
11380
|
+
end
|
|
11381
|
+
|
|
11382
|
+
# Removes the specified tags from the customer managed policy. For more
|
|
11383
|
+
# information about tagging, see [Tagging IAM resources][1] in the *IAM
|
|
11384
|
+
# User Guide*.
|
|
11385
|
+
#
|
|
11386
|
+
#
|
|
11387
|
+
#
|
|
11388
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
|
|
11389
|
+
#
|
|
11390
|
+
# @option params [required, String] :policy_arn
|
|
11391
|
+
# The ARN of the IAM customer managed policy from which you want to
|
|
11392
|
+
# remove tags.
|
|
11393
|
+
#
|
|
11394
|
+
# This parameter accepts (through its [regex pattern][1]) a string of
|
|
11395
|
+
# characters that consist of upper and lowercase alphanumeric characters
|
|
11396
|
+
# with no spaces. You can also include any of the following characters:
|
|
11397
|
+
# =,.@-
|
|
11398
|
+
#
|
|
11399
|
+
#
|
|
11400
|
+
#
|
|
11401
|
+
# [1]: http://wikipedia.org/wiki/regex
|
|
11402
|
+
#
|
|
11403
|
+
# @option params [required, Array<String>] :tag_keys
|
|
11404
|
+
# A list of key names as a simple array of strings. The tags with
|
|
11405
|
+
# matching keys are removed from the specified policy.
|
|
11406
|
+
#
|
|
11407
|
+
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
|
11408
|
+
#
|
|
11409
|
+
# @example Request syntax with placeholder values
|
|
11410
|
+
#
|
|
11411
|
+
# resp = client.untag_policy({
|
|
11412
|
+
# policy_arn: "arnType", # required
|
|
11413
|
+
# tag_keys: ["tagKeyType"], # required
|
|
11414
|
+
# })
|
|
11415
|
+
#
|
|
11416
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UntagPolicy AWS API Documentation
|
|
11417
|
+
#
|
|
11418
|
+
# @overload untag_policy(params = {})
|
|
11419
|
+
# @param [Hash] params ({})
|
|
11420
|
+
def untag_policy(params = {}, options = {})
|
|
11421
|
+
req = build_request(:untag_policy, params)
|
|
11422
|
+
req.send_request(options)
|
|
11423
|
+
end
|
|
11424
|
+
|
|
10088
11425
|
# Removes the specified tags from the role. For more information about
|
|
10089
|
-
# tagging, see [Tagging IAM
|
|
11426
|
+
# tagging, see [Tagging IAM resources][1] in the *IAM User Guide*.
|
|
10090
11427
|
#
|
|
10091
11428
|
#
|
|
10092
11429
|
#
|
|
@@ -10138,8 +11475,106 @@ module Aws::IAM
|
|
|
10138
11475
|
req.send_request(options)
|
|
10139
11476
|
end
|
|
10140
11477
|
|
|
11478
|
+
# Removes the specified tags from the specified Security Assertion
|
|
11479
|
+
# Markup Language (SAML) identity provider in IAM. For more information
|
|
11480
|
+
# about these providers, see [About web identity federation][1]. For
|
|
11481
|
+
# more information about tagging, see [Tagging IAM resources][2] in the
|
|
11482
|
+
# *IAM User Guide*.
|
|
11483
|
+
#
|
|
11484
|
+
#
|
|
11485
|
+
#
|
|
11486
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html
|
|
11487
|
+
# [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
|
|
11488
|
+
#
|
|
11489
|
+
# @option params [required, String] :saml_provider_arn
|
|
11490
|
+
# The ARN of the SAML identity provider in IAM from which you want to
|
|
11491
|
+
# remove tags.
|
|
11492
|
+
#
|
|
11493
|
+
# This parameter accepts (through its [regex pattern][1]) a string of
|
|
11494
|
+
# characters that consist of upper and lowercase alphanumeric characters
|
|
11495
|
+
# with no spaces. You can also include any of the following characters:
|
|
11496
|
+
# =,.@-
|
|
11497
|
+
#
|
|
11498
|
+
#
|
|
11499
|
+
#
|
|
11500
|
+
# [1]: http://wikipedia.org/wiki/regex
|
|
11501
|
+
#
|
|
11502
|
+
# @option params [required, Array<String>] :tag_keys
|
|
11503
|
+
# A list of key names as a simple array of strings. The tags with
|
|
11504
|
+
# matching keys are removed from the specified SAML identity provider.
|
|
11505
|
+
#
|
|
11506
|
+
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
|
11507
|
+
#
|
|
11508
|
+
# @example Request syntax with placeholder values
|
|
11509
|
+
#
|
|
11510
|
+
# resp = client.untag_saml_provider({
|
|
11511
|
+
# saml_provider_arn: "arnType", # required
|
|
11512
|
+
# tag_keys: ["tagKeyType"], # required
|
|
11513
|
+
# })
|
|
11514
|
+
#
|
|
11515
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UntagSAMLProvider AWS API Documentation
|
|
11516
|
+
#
|
|
11517
|
+
# @overload untag_saml_provider(params = {})
|
|
11518
|
+
# @param [Hash] params ({})
|
|
11519
|
+
def untag_saml_provider(params = {}, options = {})
|
|
11520
|
+
req = build_request(:untag_saml_provider, params)
|
|
11521
|
+
req.send_request(options)
|
|
11522
|
+
end
|
|
11523
|
+
|
|
11524
|
+
# Removes the specified tags from the IAM server certificate. For more
|
|
11525
|
+
# information about tagging, see [Tagging IAM resources][1] in the *IAM
|
|
11526
|
+
# User Guide*.
|
|
11527
|
+
#
|
|
11528
|
+
# <note markdown="1"> For certificates in a Region supported by AWS Certificate Manager
|
|
11529
|
+
# (ACM), we recommend that you don't use IAM server certificates.
|
|
11530
|
+
# Instead, use ACM to provision, manage, and deploy your server
|
|
11531
|
+
# certificates. For more information about IAM server certificates,
|
|
11532
|
+
# [Working with server certificates][2] in the *IAM User Guide*.
|
|
11533
|
+
#
|
|
11534
|
+
# </note>
|
|
11535
|
+
#
|
|
11536
|
+
#
|
|
11537
|
+
#
|
|
11538
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
|
|
11539
|
+
# [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html
|
|
11540
|
+
#
|
|
11541
|
+
# @option params [required, String] :server_certificate_name
|
|
11542
|
+
# The name of the IAM server certificate from which you want to remove
|
|
11543
|
+
# tags.
|
|
11544
|
+
#
|
|
11545
|
+
# This parameter accepts (through its [regex pattern][1]) a string of
|
|
11546
|
+
# characters that consist of upper and lowercase alphanumeric characters
|
|
11547
|
+
# with no spaces. You can also include any of the following characters:
|
|
11548
|
+
# =,.@-
|
|
11549
|
+
#
|
|
11550
|
+
#
|
|
11551
|
+
#
|
|
11552
|
+
# [1]: http://wikipedia.org/wiki/regex
|
|
11553
|
+
#
|
|
11554
|
+
# @option params [required, Array<String>] :tag_keys
|
|
11555
|
+
# A list of key names as a simple array of strings. The tags with
|
|
11556
|
+
# matching keys are removed from the specified IAM server certificate.
|
|
11557
|
+
#
|
|
11558
|
+
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
|
11559
|
+
#
|
|
11560
|
+
# @example Request syntax with placeholder values
|
|
11561
|
+
#
|
|
11562
|
+
# resp = client.untag_server_certificate({
|
|
11563
|
+
# server_certificate_name: "serverCertificateNameType", # required
|
|
11564
|
+
# tag_keys: ["tagKeyType"], # required
|
|
11565
|
+
# })
|
|
11566
|
+
#
|
|
11567
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UntagServerCertificate AWS API Documentation
|
|
11568
|
+
#
|
|
11569
|
+
# @overload untag_server_certificate(params = {})
|
|
11570
|
+
# @param [Hash] params ({})
|
|
11571
|
+
def untag_server_certificate(params = {}, options = {})
|
|
11572
|
+
req = build_request(:untag_server_certificate, params)
|
|
11573
|
+
req.send_request(options)
|
|
11574
|
+
end
|
|
11575
|
+
|
|
10141
11576
|
# Removes the specified tags from the user. For more information about
|
|
10142
|
-
# tagging, see [Tagging IAM
|
|
11577
|
+
# tagging, see [Tagging IAM resources][1] in the *IAM User Guide*.
|
|
10143
11578
|
#
|
|
10144
11579
|
#
|
|
10145
11580
|
#
|
|
@@ -10201,8 +11636,8 @@ module Aws::IAM
|
|
|
10201
11636
|
# Consequently, you can use this operation to manage AWS account root
|
|
10202
11637
|
# user credentials even if the AWS account has no associated users.
|
|
10203
11638
|
#
|
|
10204
|
-
# For information about rotating keys, see [Managing
|
|
10205
|
-
#
|
|
11639
|
+
# For information about rotating keys, see [Managing keys and
|
|
11640
|
+
# certificates][1] in the *IAM User Guide*.
|
|
10206
11641
|
#
|
|
10207
11642
|
#
|
|
10208
11643
|
#
|
|
@@ -10233,8 +11668,8 @@ module Aws::IAM
|
|
|
10233
11668
|
#
|
|
10234
11669
|
# @option params [required, String] :status
|
|
10235
11670
|
# The status you want to assign to the secret access key. `Active` means
|
|
10236
|
-
# that the key can be used for
|
|
10237
|
-
# that the key cannot be used.
|
|
11671
|
+
# that the key can be used for programmatic calls to AWS, while
|
|
11672
|
+
# `Inactive` means that the key cannot be used.
|
|
10238
11673
|
#
|
|
10239
11674
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
|
10240
11675
|
#
|
|
@@ -10282,7 +11717,7 @@ module Aws::IAM
|
|
|
10282
11717
|
# </note>
|
|
10283
11718
|
#
|
|
10284
11719
|
# For more information about using a password policy, see [Managing an
|
|
10285
|
-
# IAM
|
|
11720
|
+
# IAM password policy][1] in the *IAM User Guide*.
|
|
10286
11721
|
#
|
|
10287
11722
|
#
|
|
10288
11723
|
#
|
|
@@ -10331,7 +11766,7 @@ module Aws::IAM
|
|
|
10331
11766
|
# @option params [Boolean] :allow_users_to_change_password
|
|
10332
11767
|
# Allows all IAM users in your account to use the AWS Management Console
|
|
10333
11768
|
# to change their own passwords. For more information, see [Letting IAM
|
|
10334
|
-
#
|
|
11769
|
+
# users change their own passwords][1] in the *IAM User Guide*.
|
|
10335
11770
|
#
|
|
10336
11771
|
# If you do not specify a value for this parameter, then the operation
|
|
10337
11772
|
# uses the default value of `false`. The result is that IAM users in the
|
|
@@ -10405,8 +11840,8 @@ module Aws::IAM
|
|
|
10405
11840
|
|
|
10406
11841
|
# Updates the policy that grants an IAM entity permission to assume a
|
|
10407
11842
|
# role. This is typically referred to as the "role trust policy". For
|
|
10408
|
-
# more information about roles,
|
|
10409
|
-
#
|
|
11843
|
+
# more information about roles, see [Using roles to delegate permissions
|
|
11844
|
+
# and federate identities][1].
|
|
10410
11845
|
#
|
|
10411
11846
|
#
|
|
10412
11847
|
#
|
|
@@ -10479,7 +11914,7 @@ module Aws::IAM
|
|
|
10479
11914
|
# Updates the name and/or the path of the specified IAM group.
|
|
10480
11915
|
#
|
|
10481
11916
|
# You should understand the implications of changing a group's path or
|
|
10482
|
-
# name. For more information, see [Renaming
|
|
11917
|
+
# name. For more information, see [Renaming users and groups][1] in the
|
|
10483
11918
|
# *IAM User Guide*.
|
|
10484
11919
|
#
|
|
10485
11920
|
# <note markdown="1"> The person making the request (the principal), must have permission to
|
|
@@ -10488,7 +11923,7 @@ module Aws::IAM
|
|
|
10488
11923
|
# have a policy that allows them to update both groups. If the principal
|
|
10489
11924
|
# has permission to update the `Managers` group, but not the `MGRs`
|
|
10490
11925
|
# group, then the update fails. For more information about permissions,
|
|
10491
|
-
# see [Access
|
|
11926
|
+
# see [Access management][2].
|
|
10492
11927
|
#
|
|
10493
11928
|
# </note>
|
|
10494
11929
|
#
|
|
@@ -10562,11 +11997,14 @@ module Aws::IAM
|
|
|
10562
11997
|
req.send_request(options)
|
|
10563
11998
|
end
|
|
10564
11999
|
|
|
10565
|
-
# Changes the password for the specified IAM user.
|
|
12000
|
+
# Changes the password for the specified IAM user. You can use the AWS
|
|
12001
|
+
# CLI, the AWS API, or the **Users** page in the IAM console to change
|
|
12002
|
+
# the password for any IAM user. Use ChangePassword to change your own
|
|
12003
|
+
# password in the **My Security Credentials** page in the AWS Management
|
|
12004
|
+
# Console.
|
|
10566
12005
|
#
|
|
10567
|
-
# IAM users can change their own passwords by calling ChangePassword.
|
|
10568
12006
|
# For more information about modifying passwords, see [Managing
|
|
10569
|
-
#
|
|
12007
|
+
# passwords][1] in the *IAM User Guide*.
|
|
10570
12008
|
#
|
|
10571
12009
|
#
|
|
10572
12010
|
#
|
|
@@ -10666,8 +12104,8 @@ module Aws::IAM
|
|
|
10666
12104
|
# of OIDC provider ARNs by using the ListOpenIDConnectProviders
|
|
10667
12105
|
# operation.
|
|
10668
12106
|
#
|
|
10669
|
-
# For more information about ARNs, see [Amazon Resource Names (ARNs)
|
|
10670
|
-
#
|
|
12107
|
+
# For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
|
|
12108
|
+
# in the *AWS General Reference*.
|
|
10671
12109
|
#
|
|
10672
12110
|
#
|
|
10673
12111
|
#
|
|
@@ -10719,7 +12157,7 @@ module Aws::IAM
|
|
|
10719
12157
|
# for one hour by default. This applies when you use the `AssumeRole*`
|
|
10720
12158
|
# API operations or the `assume-role*` CLI operations but does not apply
|
|
10721
12159
|
# when you use those operations to create a console URL. For more
|
|
10722
|
-
# information, see [Using IAM
|
|
12160
|
+
# information, see [Using IAM roles][1] in the *IAM User Guide*.
|
|
10723
12161
|
#
|
|
10724
12162
|
#
|
|
10725
12163
|
#
|
|
@@ -10816,8 +12254,8 @@ module Aws::IAM
|
|
|
10816
12254
|
# @option params [required, String] :saml_provider_arn
|
|
10817
12255
|
# The Amazon Resource Name (ARN) of the SAML provider to update.
|
|
10818
12256
|
#
|
|
10819
|
-
# For more information about ARNs, see [Amazon Resource Names (ARNs)
|
|
10820
|
-
#
|
|
12257
|
+
# For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
|
|
12258
|
+
# in the *AWS General Reference*.
|
|
10821
12259
|
#
|
|
10822
12260
|
#
|
|
10823
12261
|
#
|
|
@@ -10856,7 +12294,7 @@ module Aws::IAM
|
|
|
10856
12294
|
# authenticating the associated IAM user to an AWS CodeCommit
|
|
10857
12295
|
# repository. For more information about using SSH keys to authenticate
|
|
10858
12296
|
# to an AWS CodeCommit repository, see [Set up AWS CodeCommit for SSH
|
|
10859
|
-
#
|
|
12297
|
+
# connections][1] in the *AWS CodeCommit User Guide*.
|
|
10860
12298
|
#
|
|
10861
12299
|
#
|
|
10862
12300
|
#
|
|
@@ -10913,13 +12351,13 @@ module Aws::IAM
|
|
|
10913
12351
|
# stored in IAM.
|
|
10914
12352
|
#
|
|
10915
12353
|
# For more information about working with server certificates, see
|
|
10916
|
-
# [Working with
|
|
12354
|
+
# [Working with server certificates][1] in the *IAM User Guide*. This
|
|
10917
12355
|
# topic also includes a list of AWS services that can use the server
|
|
10918
12356
|
# certificates that you manage with IAM.
|
|
10919
12357
|
#
|
|
10920
12358
|
# You should understand the implications of changing a server
|
|
10921
12359
|
# certificate's path or name. For more information, see [Renaming a
|
|
10922
|
-
#
|
|
12360
|
+
# server certificate][2] in the *IAM User Guide*.
|
|
10923
12361
|
#
|
|
10924
12362
|
# <note markdown="1"> The person making the request (the principal), must have permission to
|
|
10925
12363
|
# change the server certificate with the old name and the new name. For
|
|
@@ -10928,7 +12366,7 @@ module Aws::IAM
|
|
|
10928
12366
|
# update both certificates. If the principal has permission to update
|
|
10929
12367
|
# the `ProductionCert` group, but not the `ProdCert` certificate, then
|
|
10930
12368
|
# the update fails. For more information about permissions, see [Access
|
|
10931
|
-
#
|
|
12369
|
+
# management][3] in the *IAM User Guide*.
|
|
10932
12370
|
#
|
|
10933
12371
|
# </note>
|
|
10934
12372
|
#
|
|
@@ -11087,8 +12525,8 @@ module Aws::IAM
|
|
|
11087
12525
|
#
|
|
11088
12526
|
# @option params [required, String] :status
|
|
11089
12527
|
# The status you want to assign to the certificate. `Active` means that
|
|
11090
|
-
# the certificate can be used for
|
|
11091
|
-
# the certificate cannot be used.
|
|
12528
|
+
# the certificate can be used for programmatic calls to AWS `Inactive`
|
|
12529
|
+
# means that the certificate cannot be used.
|
|
11092
12530
|
#
|
|
11093
12531
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
|
11094
12532
|
#
|
|
@@ -11123,14 +12561,14 @@ module Aws::IAM
|
|
|
11123
12561
|
# Updates the name and/or the path of the specified IAM user.
|
|
11124
12562
|
#
|
|
11125
12563
|
# You should understand the implications of changing an IAM user's path
|
|
11126
|
-
# or name. For more information, see [Renaming an IAM
|
|
11127
|
-
# [Renaming an IAM
|
|
12564
|
+
# or name. For more information, see [Renaming an IAM user][1] and
|
|
12565
|
+
# [Renaming an IAM group][2] in the *IAM User Guide*.
|
|
11128
12566
|
#
|
|
11129
12567
|
# <note markdown="1"> To change a user name, the requester must have appropriate permissions
|
|
11130
12568
|
# on both the source object and the target object. For example, to
|
|
11131
12569
|
# change Bob to Robert, the entity making the request must have
|
|
11132
12570
|
# permission on Bob and Robert, or must have permission on all (*). For
|
|
11133
|
-
# more information about permissions, see [Permissions and
|
|
12571
|
+
# more information about permissions, see [Permissions and policies][3].
|
|
11134
12572
|
#
|
|
11135
12573
|
# </note>
|
|
11136
12574
|
#
|
|
@@ -11212,7 +12650,7 @@ module Aws::IAM
|
|
|
11212
12650
|
# authenticating the associated IAM user to an AWS CodeCommit
|
|
11213
12651
|
# repository. For more information about using SSH keys to authenticate
|
|
11214
12652
|
# to an AWS CodeCommit repository, see [Set up AWS CodeCommit for SSH
|
|
11215
|
-
#
|
|
12653
|
+
# connections][1] in the *AWS CodeCommit User Guide*.
|
|
11216
12654
|
#
|
|
11217
12655
|
#
|
|
11218
12656
|
#
|
|
@@ -11293,21 +12731,20 @@ module Aws::IAM
|
|
|
11293
12731
|
# User Guide][2].
|
|
11294
12732
|
#
|
|
11295
12733
|
# For more information about working with server certificates, see
|
|
11296
|
-
# [Working with
|
|
12734
|
+
# [Working with server certificates][3] in the *IAM User Guide*. This
|
|
11297
12735
|
# topic includes a list of AWS services that can use the server
|
|
11298
12736
|
# certificates that you manage with IAM.
|
|
11299
12737
|
#
|
|
11300
12738
|
# For information about the number of server certificates you can
|
|
11301
|
-
# upload, see [
|
|
11302
|
-
# User Guide*.
|
|
12739
|
+
# upload, see [IAM and STS quotas][4] in the *IAM User Guide*.
|
|
11303
12740
|
#
|
|
11304
12741
|
# <note markdown="1"> Because the body of the public key certificate, private key, and the
|
|
11305
12742
|
# certificate chain can be large, you should use POST rather than GET
|
|
11306
12743
|
# when calling `UploadServerCertificate`. For information about setting
|
|
11307
|
-
# up signatures and authorization through the API,
|
|
11308
|
-
#
|
|
11309
|
-
#
|
|
11310
|
-
#
|
|
12744
|
+
# up signatures and authorization through the API, see [Signing AWS API
|
|
12745
|
+
# requests][5] in the *AWS General Reference*. For general information
|
|
12746
|
+
# about using the Query API with IAM, see [Calling the API by making
|
|
12747
|
+
# HTTP query requests][6] in the *IAM User Guide*.
|
|
11311
12748
|
#
|
|
11312
12749
|
# </note>
|
|
11313
12750
|
#
|
|
@@ -11316,13 +12753,13 @@ module Aws::IAM
|
|
|
11316
12753
|
# [1]: https://docs.aws.amazon.com/acm/
|
|
11317
12754
|
# [2]: https://docs.aws.amazon.com/acm/latest/userguide/
|
|
11318
12755
|
# [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html
|
|
11319
|
-
# [4]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-
|
|
12756
|
+
# [4]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html
|
|
11320
12757
|
# [5]: https://docs.aws.amazon.com/general/latest/gr/signing_aws_api_requests.html
|
|
11321
12758
|
# [6]: https://docs.aws.amazon.com/IAM/latest/UserGuide/programming.html
|
|
11322
12759
|
#
|
|
11323
12760
|
# @option params [String] :path
|
|
11324
12761
|
# The path for the server certificate. For more information about paths,
|
|
11325
|
-
# see [IAM
|
|
12762
|
+
# see [IAM identifiers][1] in the *IAM User Guide*.
|
|
11326
12763
|
#
|
|
11327
12764
|
# This parameter is optional. If it is not included, it defaults to a
|
|
11328
12765
|
# slash (/). This parameter allows (through its [regex pattern][2]) a
|
|
@@ -11415,9 +12852,26 @@ module Aws::IAM
|
|
|
11415
12852
|
#
|
|
11416
12853
|
# [1]: http://wikipedia.org/wiki/regex
|
|
11417
12854
|
#
|
|
12855
|
+
# @option params [Array<Types::Tag>] :tags
|
|
12856
|
+
# A list of tags that you want to attach to the new IAM server
|
|
12857
|
+
# certificate resource. Each tag consists of a key name and an
|
|
12858
|
+
# associated value. For more information about tagging, see [Tagging IAM
|
|
12859
|
+
# resources][1] in the *IAM User Guide*.
|
|
12860
|
+
#
|
|
12861
|
+
# <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed maximum
|
|
12862
|
+
# number of tags, then the entire request fails and the resource is not
|
|
12863
|
+
# created.
|
|
12864
|
+
#
|
|
12865
|
+
# </note>
|
|
12866
|
+
#
|
|
12867
|
+
#
|
|
12868
|
+
#
|
|
12869
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
|
|
12870
|
+
#
|
|
11418
12871
|
# @return [Types::UploadServerCertificateResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
|
11419
12872
|
#
|
|
11420
12873
|
# * {Types::UploadServerCertificateResponse#server_certificate_metadata #server_certificate_metadata} => Types::ServerCertificateMetadata
|
|
12874
|
+
# * {Types::UploadServerCertificateResponse#tags #tags} => Array<Types::Tag>
|
|
11421
12875
|
#
|
|
11422
12876
|
#
|
|
11423
12877
|
# @example Example: To upload a server certificate to your AWS account
|
|
@@ -11451,6 +12905,12 @@ module Aws::IAM
|
|
|
11451
12905
|
# certificate_body: "certificateBodyType", # required
|
|
11452
12906
|
# private_key: "privateKeyType", # required
|
|
11453
12907
|
# certificate_chain: "certificateChainType",
|
|
12908
|
+
# tags: [
|
|
12909
|
+
# {
|
|
12910
|
+
# key: "tagKeyType", # required
|
|
12911
|
+
# value: "tagValueType", # required
|
|
12912
|
+
# },
|
|
12913
|
+
# ],
|
|
11454
12914
|
# })
|
|
11455
12915
|
#
|
|
11456
12916
|
# @example Response structure
|
|
@@ -11461,6 +12921,9 @@ module Aws::IAM
|
|
|
11461
12921
|
# resp.server_certificate_metadata.arn #=> String
|
|
11462
12922
|
# resp.server_certificate_metadata.upload_date #=> Time
|
|
11463
12923
|
# resp.server_certificate_metadata.expiration #=> Time
|
|
12924
|
+
# resp.tags #=> Array
|
|
12925
|
+
# resp.tags[0].key #=> String
|
|
12926
|
+
# resp.tags[0].value #=> String
|
|
11464
12927
|
#
|
|
11465
12928
|
# @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UploadServerCertificate AWS API Documentation
|
|
11466
12929
|
#
|
|
@@ -11472,10 +12935,13 @@ module Aws::IAM
|
|
|
11472
12935
|
end
|
|
11473
12936
|
|
|
11474
12937
|
# Uploads an X.509 signing certificate and associates it with the
|
|
11475
|
-
# specified IAM user. Some AWS services
|
|
12938
|
+
# specified IAM user. Some AWS services require you to use certificates
|
|
11476
12939
|
# to validate requests that are signed with a corresponding private key.
|
|
11477
12940
|
# When you upload the certificate, its default status is `Active`.
|
|
11478
12941
|
#
|
|
12942
|
+
# For information about when you would use an X.509 signing certificate,
|
|
12943
|
+
# see [Managing server certificates in IAM][1] in the *IAM User Guide*.
|
|
12944
|
+
#
|
|
11479
12945
|
# If the `UserName` is not specified, the IAM user name is determined
|
|
11480
12946
|
# implicitly based on the AWS access key ID used to sign the request.
|
|
11481
12947
|
# This operation works for access keys under the AWS account.
|
|
@@ -11485,16 +12951,17 @@ module Aws::IAM
|
|
|
11485
12951
|
# <note markdown="1"> Because the body of an X.509 certificate can be large, you should use
|
|
11486
12952
|
# POST rather than GET when calling `UploadSigningCertificate`. For
|
|
11487
12953
|
# information about setting up signatures and authorization through the
|
|
11488
|
-
# API,
|
|
11489
|
-
#
|
|
11490
|
-
#
|
|
12954
|
+
# API, see [Signing AWS API requests][2] in the *AWS General Reference*.
|
|
12955
|
+
# For general information about using the Query API with IAM, see
|
|
12956
|
+
# [Making query requests][3] in the *IAM User Guide*.
|
|
11491
12957
|
#
|
|
11492
12958
|
# </note>
|
|
11493
12959
|
#
|
|
11494
12960
|
#
|
|
11495
12961
|
#
|
|
11496
|
-
# [1]: https://docs.aws.amazon.com/
|
|
11497
|
-
# [2]: https://docs.aws.amazon.com/
|
|
12962
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html
|
|
12963
|
+
# [2]: https://docs.aws.amazon.com/general/latest/gr/signing_aws_api_requests.html
|
|
12964
|
+
# [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_UsingQueryAPI.html
|
|
11498
12965
|
#
|
|
11499
12966
|
# @option params [String] :user_name
|
|
11500
12967
|
# The name of the user the signing certificate is for.
|
|
@@ -11589,7 +13056,7 @@ module Aws::IAM
|
|
|
11589
13056
|
params: params,
|
|
11590
13057
|
config: config)
|
|
11591
13058
|
context[:gem_name] = 'aws-sdk-iam'
|
|
11592
|
-
context[:gem_version] = '1.
|
|
13059
|
+
context[:gem_version] = '1.52.0'
|
|
11593
13060
|
Seahorse::Client::Request.new(handlers, context)
|
|
11594
13061
|
end
|
|
11595
13062
|
|