aws-sdk-iam 1.53.0 → 1.57.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +20 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-iam.rb +1 -1
- data/lib/aws-sdk-iam/account_password_policy.rb +2 -2
- data/lib/aws-sdk-iam/assume_role_policy.rb +3 -3
- data/lib/aws-sdk-iam/client.rb +771 -669
- data/lib/aws-sdk-iam/current_user.rb +7 -6
- data/lib/aws-sdk-iam/group.rb +5 -5
- data/lib/aws-sdk-iam/group_policy.rb +5 -5
- data/lib/aws-sdk-iam/login_profile.rb +4 -4
- data/lib/aws-sdk-iam/policy.rb +11 -5
- data/lib/aws-sdk-iam/resource.rb +27 -18
- data/lib/aws-sdk-iam/role.rb +3 -3
- data/lib/aws-sdk-iam/role_policy.rb +5 -5
- data/lib/aws-sdk-iam/types.rb +565 -504
- data/lib/aws-sdk-iam/user.rb +14 -13
- data/lib/aws-sdk-iam/user_policy.rb +5 -5
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 1ae7b51549cceb428fcbe5c1ad94860906ddefa627820cacf546bd7ff1c8ace2
|
4
|
+
data.tar.gz: 49641a153d51518e5974e8f83fc00ee9e355128118ea3b560f66ced338fc166e
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: ee208cfa74d294f5d3003a586dec4ed63c9e43c3b9e0de00575c86270081bb0e6b182c522425525d40a6350a64cdc789be15fb120d4ee0c83d9dc98b5220556d
|
7
|
+
data.tar.gz: d6d147ac9bbf7dc91e49e8615fd09ebb1d3ce3a01d3d14f092ea40de5cbe1f3e3a068ff92158991b8a208e2c1172e3cd0a8f4e09b7962331684e444082968075
|
data/CHANGELOG.md
CHANGED
@@ -1,6 +1,26 @@
|
|
1
1
|
Unreleased Changes
|
2
2
|
------------------
|
3
3
|
|
4
|
+
1.57.0 (2021-07-21)
|
5
|
+
------------------
|
6
|
+
|
7
|
+
* Feature - Documentation updates for AWS Identity and Access Management (IAM).
|
8
|
+
|
9
|
+
1.56.0 (2021-07-07)
|
10
|
+
------------------
|
11
|
+
|
12
|
+
* Feature - Documentation updates for AWS Identity and Access Management (IAM).
|
13
|
+
|
14
|
+
1.55.0 (2021-06-02)
|
15
|
+
------------------
|
16
|
+
|
17
|
+
* Feature - Documentation updates for AWS Identity and Access Management (IAM).
|
18
|
+
|
19
|
+
1.54.0 (2021-05-20)
|
20
|
+
------------------
|
21
|
+
|
22
|
+
* Feature - Documentation updates for AWS Identity and Access Management (IAM).
|
23
|
+
|
4
24
|
1.53.0 (2021-05-19)
|
5
25
|
------------------
|
6
26
|
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
1.
|
1
|
+
1.57.0
|
data/lib/aws-sdk-iam.rb
CHANGED
@@ -288,8 +288,8 @@ module Aws::IAM
|
|
288
288
|
# uses the default value of `false`. The result is that passwords do not
|
289
289
|
# require at least one lowercase character.
|
290
290
|
# @option options [Boolean] :allow_users_to_change_password
|
291
|
-
# Allows all IAM users in your account to use the
|
292
|
-
#
|
291
|
+
# Allows all IAM users in your account to use the Management Console to
|
292
|
+
# change their own passwords. For more information, see [Letting IAM
|
293
293
|
# users change their own passwords][1] in the *IAM User Guide*.
|
294
294
|
#
|
295
295
|
# If you do not specify a value for this parameter, then the operation
|
@@ -170,10 +170,10 @@ module Aws::IAM
|
|
170
170
|
# @option options [required, String] :policy_document
|
171
171
|
# The policy that grants an entity permission to assume the role.
|
172
172
|
#
|
173
|
-
# You must provide policies in JSON format in IAM. However, for
|
173
|
+
# You must provide policies in JSON format in IAM. However, for
|
174
174
|
# CloudFormation templates formatted in YAML, you can provide the policy
|
175
|
-
# in JSON or YAML format.
|
176
|
-
#
|
175
|
+
# in JSON or YAML format. CloudFormation always converts a YAML policy
|
176
|
+
# to JSON format before submitting it to IAM.
|
177
177
|
#
|
178
178
|
# The [regex pattern][1] used to validate this parameter is a string of
|
179
179
|
# characters consisting of the following:
|
data/lib/aws-sdk-iam/client.rb
CHANGED
@@ -376,10 +376,10 @@ module Aws::IAM
|
|
376
376
|
# instance profile can contain only one role, and this quota cannot be
|
377
377
|
# increased. You can remove the existing role and then add a different
|
378
378
|
# role to an instance profile. You must then wait for the change to
|
379
|
-
# appear across all of
|
380
|
-
# force the change, you must [disassociate the
|
381
|
-
# then [associate the instance profile][3], or
|
382
|
-
# instance and then restart it.
|
379
|
+
# appear across all of Amazon Web Services because of [eventual
|
380
|
+
# consistency][1]. To force the change, you must [disassociate the
|
381
|
+
# instance profile][2] and then [associate the instance profile][3], or
|
382
|
+
# you can stop your instance and then restart it.
|
383
383
|
#
|
384
384
|
# <note markdown="1"> The caller of this operation must be granted the `PassRole` permission
|
385
385
|
# on the IAM role by a permissions policy.
|
@@ -537,7 +537,7 @@ module Aws::IAM
|
|
537
537
|
# The Amazon Resource Name (ARN) of the IAM policy you want to attach.
|
538
538
|
#
|
539
539
|
# For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
|
540
|
-
# in the *
|
540
|
+
# in the *Amazon Web Services General Reference*.
|
541
541
|
#
|
542
542
|
#
|
543
543
|
#
|
@@ -611,7 +611,7 @@ module Aws::IAM
|
|
611
611
|
# The Amazon Resource Name (ARN) of the IAM policy you want to attach.
|
612
612
|
#
|
613
613
|
# For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
|
614
|
-
# in the *
|
614
|
+
# in the *Amazon Web Services General Reference*.
|
615
615
|
#
|
616
616
|
#
|
617
617
|
#
|
@@ -678,7 +678,7 @@ module Aws::IAM
|
|
678
678
|
# The Amazon Resource Name (ARN) of the IAM policy you want to attach.
|
679
679
|
#
|
680
680
|
# For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
|
681
|
-
# in the *
|
681
|
+
# in the *Amazon Web Services General Reference*.
|
682
682
|
#
|
683
683
|
#
|
684
684
|
#
|
@@ -713,14 +713,15 @@ module Aws::IAM
|
|
713
713
|
end
|
714
714
|
|
715
715
|
# Changes the password of the IAM user who is calling this operation.
|
716
|
-
# This operation can be performed using the
|
717
|
-
# **My Security Credentials** page in the
|
718
|
-
#
|
716
|
+
# This operation can be performed using the CLI, the Amazon Web Services
|
717
|
+
# API, or the **My Security Credentials** page in the Management
|
718
|
+
# Console. The account root user password is not affected by this
|
719
|
+
# operation.
|
719
720
|
#
|
720
|
-
# Use UpdateLoginProfile to use the
|
721
|
-
# **Users** page in the IAM console to change the password for any
|
722
|
-
# user. For more information about modifying passwords, see
|
723
|
-
# passwords][1] in the *IAM User Guide*.
|
721
|
+
# Use UpdateLoginProfile to use the CLI, the Amazon Web Services API, or
|
722
|
+
# the **Users** page in the IAM console to change the password for any
|
723
|
+
# IAM user. For more information about modifying passwords, see
|
724
|
+
# [Managing passwords][1] in the *IAM User Guide*.
|
724
725
|
#
|
725
726
|
#
|
726
727
|
#
|
@@ -730,7 +731,7 @@ module Aws::IAM
|
|
730
731
|
# The IAM user's current password.
|
731
732
|
#
|
732
733
|
# @option params [required, String] :new_password
|
733
|
-
# The new password. The new password must conform to the
|
734
|
+
# The new password. The new password must conform to the account's
|
734
735
|
# password policy, if one exists.
|
735
736
|
#
|
736
737
|
# The [regex pattern][1] that is used to validate this parameter is a
|
@@ -739,8 +740,8 @@ module Aws::IAM
|
|
739
740
|
# character range (`\u00FF`). You can also include the tab (`\u0009`),
|
740
741
|
# line feed (`\u000A`), and carriage return (`\u000D`) characters. Any
|
741
742
|
# of these characters are valid in a password. However, many tools, such
|
742
|
-
# as the
|
743
|
-
#
|
743
|
+
# as the Management Console, might restrict the ability to type certain
|
744
|
+
# characters because they have special meaning within that tool.
|
744
745
|
#
|
745
746
|
#
|
746
747
|
#
|
@@ -774,21 +775,20 @@ module Aws::IAM
|
|
774
775
|
req.send_request(options)
|
775
776
|
end
|
776
777
|
|
777
|
-
# Creates a new
|
778
|
-
# ID for the specified user. The default
|
779
|
-
# `Active`.
|
778
|
+
# Creates a new Amazon Web Services secret access key and corresponding
|
779
|
+
# Amazon Web Services access key ID for the specified user. The default
|
780
|
+
# status for new keys is `Active`.
|
780
781
|
#
|
781
782
|
# If you do not specify a user name, IAM determines the user name
|
782
|
-
# implicitly based on the
|
783
|
-
# operation works for access keys under the
|
784
|
-
# you can use this operation to manage
|
785
|
-
# credentials. This is true even if the
|
786
|
-
# users.
|
783
|
+
# implicitly based on the Amazon Web Services access key ID signing the
|
784
|
+
# request. This operation works for access keys under the account.
|
785
|
+
# Consequently, you can use this operation to manage account root user
|
786
|
+
# credentials. This is true even if the account has no associated users.
|
787
787
|
#
|
788
788
|
# For information about quotas on the number of keys you can create, see
|
789
789
|
# [IAM and STS quotas][1] in the *IAM User Guide*.
|
790
790
|
#
|
791
|
-
# To ensure the security of your
|
791
|
+
# To ensure the security of your account, the secret access key is
|
792
792
|
# accessible only during key and user creation. You must save the key
|
793
793
|
# (for example, in a text file) if you want to be able to access it
|
794
794
|
# again. If a secret key is lost, you can delete the access keys for the
|
@@ -857,9 +857,9 @@ module Aws::IAM
|
|
857
857
|
req.send_request(options)
|
858
858
|
end
|
859
859
|
|
860
|
-
# Creates an alias for your
|
861
|
-
#
|
862
|
-
#
|
860
|
+
# Creates an alias for your account. For information about using an
|
861
|
+
# account alias, see [Using an alias for your account ID][1] in the *IAM
|
862
|
+
# User Guide*.
|
863
863
|
#
|
864
864
|
#
|
865
865
|
#
|
@@ -1125,12 +1125,13 @@ module Aws::IAM
|
|
1125
1125
|
end
|
1126
1126
|
|
1127
1127
|
# Creates a password for the specified IAM user. A password allows an
|
1128
|
-
# IAM user to access
|
1128
|
+
# IAM user to access Amazon Web Services services through the Management
|
1129
|
+
# Console.
|
1129
1130
|
#
|
1130
|
-
# You can use the
|
1131
|
-
# console to create a password for any IAM user. Use
|
1132
|
-
# update your own existing password in the **My
|
1133
|
-
# page in the
|
1131
|
+
# You can use the CLI, the Amazon Web Services API, or the **Users**
|
1132
|
+
# page in the IAM console to create a password for any IAM user. Use
|
1133
|
+
# ChangePassword to update your own existing password in the **My
|
1134
|
+
# Security Credentials** page in the Management Console.
|
1134
1135
|
#
|
1135
1136
|
# For more information about managing passwords, see [Managing
|
1136
1137
|
# passwords][1] in the *IAM User Guide*.
|
@@ -1161,8 +1162,8 @@ module Aws::IAM
|
|
1161
1162
|
# character range (`\u00FF`). You can also include the tab (`\u0009`),
|
1162
1163
|
# line feed (`\u000A`), and carriage return (`\u000D`) characters. Any
|
1163
1164
|
# of these characters are valid in a password. However, many tools, such
|
1164
|
-
# as the
|
1165
|
-
#
|
1165
|
+
# as the Management Console, might restrict the ability to type certain
|
1166
|
+
# characters because they have special meaning within that tool.
|
1166
1167
|
#
|
1167
1168
|
#
|
1168
1169
|
#
|
@@ -1225,21 +1226,39 @@ module Aws::IAM
|
|
1225
1226
|
#
|
1226
1227
|
# The OIDC provider that you create with this operation can be used as a
|
1227
1228
|
# principal in a role's trust policy. Such a policy establishes a trust
|
1228
|
-
# relationship between
|
1229
|
+
# relationship between Amazon Web Services and the OIDC provider.
|
1230
|
+
#
|
1231
|
+
# If you are using an OIDC identity provider from Google, Facebook, or
|
1232
|
+
# Amazon Cognito, you don't need to create a separate IAM identity
|
1233
|
+
# provider. These OIDC identity providers are already built-in to Amazon
|
1234
|
+
# Web Services and are available for your use. Instead, you can move
|
1235
|
+
# directly to creating new roles using your identity provider. To learn
|
1236
|
+
# more, see [Creating a role for web identity or OpenID connect
|
1237
|
+
# federation][2] in the *IAM User Guide*.
|
1229
1238
|
#
|
1230
1239
|
# When you create the IAM OIDC provider, you specify the following:
|
1231
1240
|
#
|
1232
1241
|
# * The URL of the OIDC identity provider (IdP) to trust
|
1233
1242
|
#
|
1234
1243
|
# * A list of client IDs (also known as audiences) that identify the
|
1235
|
-
# application or applications
|
1236
|
-
#
|
1244
|
+
# application or applications allowed to authenticate using the OIDC
|
1245
|
+
# provider
|
1237
1246
|
#
|
1238
1247
|
# * A list of thumbprints of one or more server certificates that the
|
1239
1248
|
# IdP uses
|
1240
1249
|
#
|
1241
1250
|
# You get all of this information from the OIDC IdP that you want to use
|
1242
|
-
# to access
|
1251
|
+
# to access Amazon Web Services.
|
1252
|
+
#
|
1253
|
+
# <note markdown="1"> Amazon Web Services secures communication with some OIDC identity
|
1254
|
+
# providers (IdPs) through our library of trusted certificate
|
1255
|
+
# authorities (CAs) instead of using a certificate thumbprint to verify
|
1256
|
+
# your IdP server certificate. These OIDC IdPs include Google, and those
|
1257
|
+
# that use an Amazon S3 bucket to host a JSON Web Key Set (JWKS)
|
1258
|
+
# endpoint. In these cases, your legacy thumbprint remains in your
|
1259
|
+
# configuration, but is no longer used for validation.
|
1260
|
+
#
|
1261
|
+
# </note>
|
1243
1262
|
#
|
1244
1263
|
# <note markdown="1"> The trust for the OIDC provider is derived from the IAM provider that
|
1245
1264
|
# this operation creates. Therefore, it is best to limit access to the
|
@@ -1250,6 +1269,7 @@ module Aws::IAM
|
|
1250
1269
|
#
|
1251
1270
|
#
|
1252
1271
|
# [1]: http://openid.net/connect/
|
1272
|
+
# [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-idp_oidc.html
|
1253
1273
|
#
|
1254
1274
|
# @option params [required, String] :url
|
1255
1275
|
# The URL of the identity provider. The URL must begin with `https://`
|
@@ -1258,9 +1278,9 @@ module Aws::IAM
|
|
1258
1278
|
# but query parameters are not. Typically the URL consists of only a
|
1259
1279
|
# hostname, like `https://server.example.org` or `https://example.com`.
|
1260
1280
|
#
|
1261
|
-
# You cannot register the same provider multiple times in a single
|
1281
|
+
# You cannot register the same provider multiple times in a single
|
1262
1282
|
# account. If you try to submit a URL that has already been used for an
|
1263
|
-
# OpenID Connect provider in the
|
1283
|
+
# OpenID Connect provider in the account, you will get an error.
|
1264
1284
|
#
|
1265
1285
|
# @option params [Array<String>] :client_id_list
|
1266
1286
|
# A list of client IDs (also known as audiences). When a mobile or web
|
@@ -1375,7 +1395,7 @@ module Aws::IAM
|
|
1375
1395
|
req.send_request(options)
|
1376
1396
|
end
|
1377
1397
|
|
1378
|
-
# Creates a new managed policy for your
|
1398
|
+
# Creates a new managed policy for your account.
|
1379
1399
|
#
|
1380
1400
|
# This operation creates a policy version with a version identifier of
|
1381
1401
|
# `v1` and sets v1 as the policy's default version. For more
|
@@ -1426,12 +1446,20 @@ module Aws::IAM
|
|
1426
1446
|
# The JSON policy document that you want to use as the content for the
|
1427
1447
|
# new policy.
|
1428
1448
|
#
|
1429
|
-
# You must provide policies in JSON format in IAM. However, for
|
1449
|
+
# You must provide policies in JSON format in IAM. However, for
|
1430
1450
|
# CloudFormation templates formatted in YAML, you can provide the policy
|
1431
|
-
# in JSON or YAML format.
|
1432
|
-
#
|
1451
|
+
# in JSON or YAML format. CloudFormation always converts a YAML policy
|
1452
|
+
# to JSON format before submitting it to IAM.
|
1433
1453
|
#
|
1434
|
-
# The
|
1454
|
+
# The maximum length of the policy document that you can pass in this
|
1455
|
+
# operation, including whitespace, is listed below. To view the maximum
|
1456
|
+
# character counts of a managed policy with no whitespaces, see [IAM and
|
1457
|
+
# STS character quotas][1].
|
1458
|
+
#
|
1459
|
+
# To learn more about JSON policy grammar, see [Grammar of the IAM JSON
|
1460
|
+
# policy language][2] in the *IAM User Guide*.
|
1461
|
+
#
|
1462
|
+
# The [regex pattern][3] used to validate this parameter is a string of
|
1435
1463
|
# characters consisting of the following:
|
1436
1464
|
#
|
1437
1465
|
# * Any printable ASCII character ranging from the space character
|
@@ -1445,7 +1473,9 @@ module Aws::IAM
|
|
1445
1473
|
#
|
1446
1474
|
#
|
1447
1475
|
#
|
1448
|
-
# [1]:
|
1476
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length
|
1477
|
+
# [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_grammar.html
|
1478
|
+
# [3]: http://wikipedia.org/wiki/regex
|
1449
1479
|
#
|
1450
1480
|
# @option params [String] :description
|
1451
1481
|
# A friendly description of the policy.
|
@@ -1540,7 +1570,7 @@ module Aws::IAM
|
|
1540
1570
|
# add a new version.
|
1541
1571
|
#
|
1542
1572
|
# For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
|
1543
|
-
# in the *
|
1573
|
+
# in the *Amazon Web Services General Reference*.
|
1544
1574
|
#
|
1545
1575
|
#
|
1546
1576
|
#
|
@@ -1550,12 +1580,17 @@ module Aws::IAM
|
|
1550
1580
|
# The JSON policy document that you want to use as the content for this
|
1551
1581
|
# new version of the policy.
|
1552
1582
|
#
|
1553
|
-
# You must provide policies in JSON format in IAM. However, for
|
1583
|
+
# You must provide policies in JSON format in IAM. However, for
|
1554
1584
|
# CloudFormation templates formatted in YAML, you can provide the policy
|
1555
|
-
# in JSON or YAML format.
|
1556
|
-
#
|
1585
|
+
# in JSON or YAML format. CloudFormation always converts a YAML policy
|
1586
|
+
# to JSON format before submitting it to IAM.
|
1557
1587
|
#
|
1558
|
-
# The
|
1588
|
+
# The maximum length of the policy document that you can pass in this
|
1589
|
+
# operation, including whitespace, is listed below. To view the maximum
|
1590
|
+
# character counts of a managed policy with no whitespaces, see [IAM and
|
1591
|
+
# STS character quotas][1].
|
1592
|
+
#
|
1593
|
+
# The [regex pattern][2] used to validate this parameter is a string of
|
1559
1594
|
# characters consisting of the following:
|
1560
1595
|
#
|
1561
1596
|
# * Any printable ASCII character ranging from the space character
|
@@ -1569,7 +1604,8 @@ module Aws::IAM
|
|
1569
1604
|
#
|
1570
1605
|
#
|
1571
1606
|
#
|
1572
|
-
# [1]:
|
1607
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length
|
1608
|
+
# [2]: http://wikipedia.org/wiki/regex
|
1573
1609
|
#
|
1574
1610
|
# @option params [Boolean] :set_as_default
|
1575
1611
|
# Specifies whether to set this version as the policy's default
|
@@ -1614,10 +1650,10 @@ module Aws::IAM
|
|
1614
1650
|
req.send_request(options)
|
1615
1651
|
end
|
1616
1652
|
|
1617
|
-
# Creates a new role for your
|
1618
|
-
#
|
1619
|
-
#
|
1620
|
-
#
|
1653
|
+
# Creates a new role for your account. For more information about roles,
|
1654
|
+
# see [IAM roles][1]. For information about quotas for role names and
|
1655
|
+
# the number of roles you can create, see [IAM and STS quotas][2] in the
|
1656
|
+
# *IAM User Guide*.
|
1621
1657
|
#
|
1622
1658
|
#
|
1623
1659
|
#
|
@@ -1655,10 +1691,9 @@ module Aws::IAM
|
|
1655
1691
|
# permission to assume the role.
|
1656
1692
|
#
|
1657
1693
|
# In IAM, you must provide a JSON policy that has been converted to a
|
1658
|
-
# string. However, for
|
1659
|
-
#
|
1660
|
-
#
|
1661
|
-
# IAM.
|
1694
|
+
# string. However, for CloudFormation templates formatted in YAML, you
|
1695
|
+
# can provide the policy in JSON or YAML format. CloudFormation always
|
1696
|
+
# converts a YAML policy to JSON format before submitting it to IAM.
|
1662
1697
|
#
|
1663
1698
|
# The [regex pattern][1] used to validate this parameter is a string of
|
1664
1699
|
# characters consisting of the following:
|
@@ -1688,7 +1723,7 @@ module Aws::IAM
|
|
1688
1723
|
# default maximum of one hour is applied. This setting can have a value
|
1689
1724
|
# from 1 hour to 12 hours.
|
1690
1725
|
#
|
1691
|
-
# Anyone who assumes the role from the
|
1726
|
+
# Anyone who assumes the role from the or API can use the
|
1692
1727
|
# `DurationSeconds` API parameter or the `duration-seconds` CLI
|
1693
1728
|
# parameter to request a longer session. The `MaxSessionDuration`
|
1694
1729
|
# setting determines the maximum duration that can be requested using
|
@@ -1801,8 +1836,8 @@ module Aws::IAM
|
|
1801
1836
|
# used as a principal in an IAM role's trust policy. Such a policy can
|
1802
1837
|
# enable federated users who sign in using the SAML IdP to assume the
|
1803
1838
|
# role. You can create an IAM role that supports Web-based single
|
1804
|
-
# sign-on (SSO) to the
|
1805
|
-
# access to
|
1839
|
+
# sign-on (SSO) to the Management Console or one that supports API
|
1840
|
+
# access to Amazon Web Services.
|
1806
1841
|
#
|
1807
1842
|
# When you create the SAML provider resource, you upload a SAML metadata
|
1808
1843
|
# document that you get from your IdP. That document includes the
|
@@ -1816,8 +1851,8 @@ module Aws::IAM
|
|
1816
1851
|
# </note>
|
1817
1852
|
#
|
1818
1853
|
# For more information, see [Enabling SAML 2.0 federated users to access
|
1819
|
-
# the
|
1820
|
-
#
|
1854
|
+
# the Management Console][2] and [About SAML 2.0-based federation][3] in
|
1855
|
+
# the *IAM User Guide*.
|
1821
1856
|
#
|
1822
1857
|
#
|
1823
1858
|
#
|
@@ -1902,33 +1937,35 @@ module Aws::IAM
|
|
1902
1937
|
req.send_request(options)
|
1903
1938
|
end
|
1904
1939
|
|
1905
|
-
# Creates an IAM role that is linked to a specific
|
1906
|
-
# service controls the attached policies and when the role
|
1907
|
-
# deleted. This helps ensure that the service is not broken by an
|
1908
|
-
# unexpectedly changed or deleted role, which could put your
|
1909
|
-
# resources into an unknown state. Allowing the service to
|
1910
|
-
# role helps improve service stability and proper cleanup
|
1911
|
-
# and its role are no longer needed. For more
|
1912
|
-
# service-linked roles][1] in the *IAM User
|
1940
|
+
# Creates an IAM role that is linked to a specific Amazon Web Services
|
1941
|
+
# service. The service controls the attached policies and when the role
|
1942
|
+
# can be deleted. This helps ensure that the service is not broken by an
|
1943
|
+
# unexpectedly changed or deleted role, which could put your Amazon Web
|
1944
|
+
# Services resources into an unknown state. Allowing the service to
|
1945
|
+
# control the role helps improve service stability and proper cleanup
|
1946
|
+
# when a service and its role are no longer needed. For more
|
1947
|
+
# information, see [Using service-linked roles][1] in the *IAM User
|
1948
|
+
# Guide*.
|
1913
1949
|
#
|
1914
1950
|
# To attach a policy to this service-linked role, you must make the
|
1915
|
-
# request using the
|
1951
|
+
# request using the Amazon Web Services service that depends on this
|
1952
|
+
# role.
|
1916
1953
|
#
|
1917
1954
|
#
|
1918
1955
|
#
|
1919
1956
|
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/using-service-linked-roles.html
|
1920
1957
|
#
|
1921
1958
|
# @option params [required, String] :aws_service_name
|
1922
|
-
# The service principal for the
|
1923
|
-
# attached. You use a string similar to a URL but without
|
1924
|
-
# front. For example: `elasticbeanstalk.amazonaws.com`.
|
1959
|
+
# The service principal for the Amazon Web Services service to which
|
1960
|
+
# this role is attached. You use a string similar to a URL but without
|
1961
|
+
# the http:// in front. For example: `elasticbeanstalk.amazonaws.com`.
|
1925
1962
|
#
|
1926
1963
|
# Service principals are unique and case-sensitive. To find the exact
|
1927
|
-
# service principal for your service-linked role, see [
|
1928
|
-
# work with IAM][1] in the *IAM User Guide*. Look
|
1929
|
-
# have <b>Yes </b>in the **Service-Linked Role**
|
1930
|
-
# **Yes** link to view the service-linked role
|
1931
|
-
# service.
|
1964
|
+
# service principal for your service-linked role, see [Amazon Web
|
1965
|
+
# Services services that work with IAM][1] in the *IAM User Guide*. Look
|
1966
|
+
# for the services that have <b>Yes </b>in the **Service-Linked Role**
|
1967
|
+
# column. Choose the **Yes** link to view the service-linked role
|
1968
|
+
# documentation for that service.
|
1932
1969
|
#
|
1933
1970
|
#
|
1934
1971
|
#
|
@@ -1995,15 +2032,15 @@ module Aws::IAM
|
|
1995
2032
|
# You can have a maximum of two sets of service-specific credentials for
|
1996
2033
|
# each supported service per user.
|
1997
2034
|
#
|
1998
|
-
# You can create service-specific credentials for
|
1999
|
-
#
|
2035
|
+
# You can create service-specific credentials for CodeCommit and Amazon
|
2036
|
+
# Keyspaces (for Apache Cassandra).
|
2000
2037
|
#
|
2001
2038
|
# You can reset the password to a new service-generated value by calling
|
2002
2039
|
# ResetServiceSpecificCredential.
|
2003
2040
|
#
|
2004
2041
|
# For more information about service-specific credentials, see [Using
|
2005
|
-
# IAM with
|
2006
|
-
# keys][1] in the *IAM User Guide*.
|
2042
|
+
# IAM with CodeCommit: Git credentials, SSH keys, and Amazon Web
|
2043
|
+
# Services access keys][1] in the *IAM User Guide*.
|
2007
2044
|
#
|
2008
2045
|
#
|
2009
2046
|
#
|
@@ -2025,9 +2062,9 @@ module Aws::IAM
|
|
2025
2062
|
# [1]: http://wikipedia.org/wiki/regex
|
2026
2063
|
#
|
2027
2064
|
# @option params [required, String] :service_name
|
2028
|
-
# The name of the
|
2029
|
-
# credentials. The service you specify here is the only service
|
2030
|
-
# be accessed using these credentials.
|
2065
|
+
# The name of the Amazon Web Services service that is to be associated
|
2066
|
+
# with the credentials. The service you specify here is the only service
|
2067
|
+
# that can be accessed using these credentials.
|
2031
2068
|
#
|
2032
2069
|
# @return [Types::CreateServiceSpecificCredentialResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
2033
2070
|
#
|
@@ -2059,7 +2096,7 @@ module Aws::IAM
|
|
2059
2096
|
req.send_request(options)
|
2060
2097
|
end
|
2061
2098
|
|
2062
|
-
# Creates a new IAM user for your
|
2099
|
+
# Creates a new IAM user for your account.
|
2063
2100
|
#
|
2064
2101
|
# For information about quotas for the number of IAM users you can
|
2065
2102
|
# create, see [IAM and STS quotas][1] in the *IAM User Guide*.
|
@@ -2174,20 +2211,20 @@ module Aws::IAM
|
|
2174
2211
|
req.send_request(options)
|
2175
2212
|
end
|
2176
2213
|
|
2177
|
-
# Creates a new virtual MFA device for the
|
2178
|
-
#
|
2179
|
-
#
|
2180
|
-
#
|
2181
|
-
# Guide*.
|
2214
|
+
# Creates a new virtual MFA device for the account. After creating the
|
2215
|
+
# virtual MFA, use EnableMFADevice to attach the MFA device to an IAM
|
2216
|
+
# user. For more information about creating and working with virtual MFA
|
2217
|
+
# devices, see [Using a virtual MFA device][1] in the *IAM User Guide*.
|
2182
2218
|
#
|
2183
2219
|
# For information about the maximum number of MFA devices you can
|
2184
2220
|
# create, see [IAM and STS quotas][2] in the *IAM User Guide*.
|
2185
2221
|
#
|
2186
2222
|
# The seed information contained in the QR code and the Base32 string
|
2187
2223
|
# should be treated like any other secret access information. In other
|
2188
|
-
# words, protect the seed information as you would your
|
2189
|
-
# or your passwords. After you provision your
|
2190
|
-
# ensure that the information is destroyed
|
2224
|
+
# words, protect the seed information as you would your Amazon Web
|
2225
|
+
# Services access keys or your passwords. After you provision your
|
2226
|
+
# virtual device, you should ensure that the information is destroyed
|
2227
|
+
# following secure procedures.
|
2191
2228
|
#
|
2192
2229
|
#
|
2193
2230
|
#
|
@@ -2346,10 +2383,10 @@ module Aws::IAM
|
|
2346
2383
|
# Deletes the access key pair associated with the specified IAM user.
|
2347
2384
|
#
|
2348
2385
|
# If you do not specify a user name, IAM determines the user name
|
2349
|
-
# implicitly based on the
|
2350
|
-
# operation works for access keys under the
|
2351
|
-
# you can use this operation to manage
|
2352
|
-
# even if the
|
2386
|
+
# implicitly based on the Amazon Web Services access key ID signing the
|
2387
|
+
# request. This operation works for access keys under the account.
|
2388
|
+
# Consequently, you can use this operation to manage account root user
|
2389
|
+
# credentials even if the account has no associated users.
|
2353
2390
|
#
|
2354
2391
|
# @option params [String] :user_name
|
2355
2392
|
# The name of the user whose access key pair you want to delete.
|
@@ -2403,9 +2440,9 @@ module Aws::IAM
|
|
2403
2440
|
req.send_request(options)
|
2404
2441
|
end
|
2405
2442
|
|
2406
|
-
# Deletes the specified
|
2407
|
-
#
|
2408
|
-
# in the *IAM User Guide*.
|
2443
|
+
# Deletes the specified account alias. For information about using an
|
2444
|
+
# Amazon Web Services account alias, see [Using an alias for your
|
2445
|
+
# account ID][1] in the *IAM User Guide*.
|
2409
2446
|
#
|
2410
2447
|
#
|
2411
2448
|
#
|
@@ -2449,8 +2486,7 @@ module Aws::IAM
|
|
2449
2486
|
req.send_request(options)
|
2450
2487
|
end
|
2451
2488
|
|
2452
|
-
# Deletes the password policy for the
|
2453
|
-
# parameters.
|
2489
|
+
# Deletes the password policy for the account. There are no parameters.
|
2454
2490
|
#
|
2455
2491
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
2456
2492
|
#
|
@@ -2622,19 +2658,19 @@ module Aws::IAM
|
|
2622
2658
|
end
|
2623
2659
|
|
2624
2660
|
# Deletes the password for the specified IAM user, which terminates the
|
2625
|
-
# user's ability to access
|
2626
|
-
# Console.
|
2661
|
+
# user's ability to access Amazon Web Services services through the
|
2662
|
+
# Management Console.
|
2627
2663
|
#
|
2628
|
-
# You can use the
|
2629
|
-
# console to delete a password for any IAM user. You can
|
2630
|
-
# ChangePassword to update, but not delete, your own password in the
|
2631
|
-
# **My Security Credentials** page in the
|
2664
|
+
# You can use the CLI, the Amazon Web Services API, or the **Users**
|
2665
|
+
# page in the IAM console to delete a password for any IAM user. You can
|
2666
|
+
# use ChangePassword to update, but not delete, your own password in the
|
2667
|
+
# **My Security Credentials** page in the Management Console.
|
2632
2668
|
#
|
2633
|
-
# Deleting a user's password does not prevent a user from accessing
|
2634
|
-
# through the command line interface or the API. To
|
2635
|
-
# access, you must also either make any access keys
|
2636
|
-
# them. For more information about making keys
|
2637
|
-
# them, see UpdateAccessKey and DeleteAccessKey.
|
2669
|
+
# Deleting a user's password does not prevent a user from accessing
|
2670
|
+
# Amazon Web Services through the command line interface or the API. To
|
2671
|
+
# prevent all user access, you must also either make any access keys
|
2672
|
+
# inactive or delete them. For more information about making keys
|
2673
|
+
# inactive or deleting them, see UpdateAccessKey and DeleteAccessKey.
|
2638
2674
|
#
|
2639
2675
|
# @option params [required, String] :user_name
|
2640
2676
|
# The name of the user whose password you want to delete.
|
@@ -2739,7 +2775,7 @@ module Aws::IAM
|
|
2739
2775
|
# The Amazon Resource Name (ARN) of the IAM policy you want to delete.
|
2740
2776
|
#
|
2741
2777
|
# For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
|
2742
|
-
# in the *
|
2778
|
+
# in the *Amazon Web Services General Reference*.
|
2743
2779
|
#
|
2744
2780
|
#
|
2745
2781
|
#
|
@@ -2781,7 +2817,7 @@ module Aws::IAM
|
|
2781
2817
|
# to delete a version.
|
2782
2818
|
#
|
2783
2819
|
# For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
|
2784
|
-
# in the *
|
2820
|
+
# in the *Amazon Web Services General Reference*.
|
2785
2821
|
#
|
2786
2822
|
#
|
2787
2823
|
#
|
@@ -3002,10 +3038,10 @@ module Aws::IAM
|
|
3002
3038
|
# Deletes the specified SSH public key.
|
3003
3039
|
#
|
3004
3040
|
# The SSH public key deleted by this operation is used only for
|
3005
|
-
# authenticating the associated IAM user to an
|
3006
|
-
#
|
3007
|
-
#
|
3008
|
-
#
|
3041
|
+
# authenticating the associated IAM user to an CodeCommit repository.
|
3042
|
+
# For more information about using SSH keys to authenticate to an
|
3043
|
+
# CodeCommit repository, see [Set up CodeCommit for SSH connections][1]
|
3044
|
+
# in the *CodeCommit User Guide*.
|
3009
3045
|
#
|
3010
3046
|
#
|
3011
3047
|
#
|
@@ -3056,8 +3092,8 @@ module Aws::IAM
|
|
3056
3092
|
#
|
3057
3093
|
# For more information about working with server certificates, see
|
3058
3094
|
# [Working with server certificates][1] in the *IAM User Guide*. This
|
3059
|
-
# topic also includes a list of
|
3060
|
-
# certificates that you manage with IAM.
|
3095
|
+
# topic also includes a list of Amazon Web Services services that can
|
3096
|
+
# use the server certificates that you manage with IAM.
|
3061
3097
|
#
|
3062
3098
|
# If you are using a server certificate with Elastic Load Balancing,
|
3063
3099
|
# deleting the certificate could have implications for your application.
|
@@ -3119,10 +3155,12 @@ module Aws::IAM
|
|
3119
3155
|
# first remove those resources from the linked service and then submit
|
3120
3156
|
# the deletion request again. Resources are specific to the service that
|
3121
3157
|
# is linked to the role. For more information about removing resources
|
3122
|
-
# from a service, see the [
|
3158
|
+
# from a service, see the [Amazon Web Services documentation][1] for
|
3159
|
+
# your service.
|
3123
3160
|
#
|
3124
3161
|
# For more information about service-linked roles, see [Roles terms and
|
3125
|
-
# concepts:
|
3162
|
+
# concepts: Amazon Web Services service-linked role][2] in the *IAM User
|
3163
|
+
# Guide*.
|
3126
3164
|
#
|
3127
3165
|
#
|
3128
3166
|
#
|
@@ -3204,10 +3242,10 @@ module Aws::IAM
|
|
3204
3242
|
# Deletes a signing certificate associated with the specified IAM user.
|
3205
3243
|
#
|
3206
3244
|
# If you do not specify a user name, IAM determines the user name
|
3207
|
-
# implicitly based on the
|
3208
|
-
# operation works for access keys under the
|
3209
|
-
# you can use this operation to manage
|
3210
|
-
# even if the
|
3245
|
+
# implicitly based on the Amazon Web Services access key ID signing the
|
3246
|
+
# request. This operation works for access keys under the account.
|
3247
|
+
# Consequently, you can use this operation to manage account root user
|
3248
|
+
# credentials even if the account has no associated IAM users.
|
3211
3249
|
#
|
3212
3250
|
# @option params [String] :user_name
|
3213
3251
|
# The name of the user the signing certificate belongs to.
|
@@ -3260,11 +3298,11 @@ module Aws::IAM
|
|
3260
3298
|
req.send_request(options)
|
3261
3299
|
end
|
3262
3300
|
|
3263
|
-
# Deletes the specified IAM user. Unlike the
|
3264
|
-
#
|
3265
|
-
#
|
3266
|
-
#
|
3267
|
-
#
|
3301
|
+
# Deletes the specified IAM user. Unlike the Management Console, when
|
3302
|
+
# you delete a user programmatically, you must delete the items attached
|
3303
|
+
# to the user manually, or the deletion fails. For more information, see
|
3304
|
+
# [Deleting an IAM user][1]. Before attempting to delete a user, remove
|
3305
|
+
# the following items:
|
3268
3306
|
#
|
3269
3307
|
# * Password (DeleteLoginProfile)
|
3270
3308
|
#
|
@@ -3493,7 +3531,7 @@ module Aws::IAM
|
|
3493
3531
|
# The Amazon Resource Name (ARN) of the IAM policy you want to detach.
|
3494
3532
|
#
|
3495
3533
|
# For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
|
3496
|
-
# in the *
|
3534
|
+
# in the *Amazon Web Services General Reference*.
|
3497
3535
|
#
|
3498
3536
|
#
|
3499
3537
|
#
|
@@ -3544,7 +3582,7 @@ module Aws::IAM
|
|
3544
3582
|
# The Amazon Resource Name (ARN) of the IAM policy you want to detach.
|
3545
3583
|
#
|
3546
3584
|
# For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
|
3547
|
-
# in the *
|
3585
|
+
# in the *Amazon Web Services General Reference*.
|
3548
3586
|
#
|
3549
3587
|
#
|
3550
3588
|
#
|
@@ -3595,7 +3633,7 @@ module Aws::IAM
|
|
3595
3633
|
# The Amazon Resource Name (ARN) of the IAM policy you want to detach.
|
3596
3634
|
#
|
3597
3635
|
# For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
|
3598
|
-
# in the *
|
3636
|
+
# in the *Amazon Web Services General Reference*.
|
3599
3637
|
#
|
3600
3638
|
#
|
3601
3639
|
#
|
@@ -3700,9 +3738,9 @@ module Aws::IAM
|
|
3700
3738
|
req.send_request(options)
|
3701
3739
|
end
|
3702
3740
|
|
3703
|
-
# Generates a credential report for the
|
3704
|
-
#
|
3705
|
-
#
|
3741
|
+
# Generates a credential report for the account. For more information
|
3742
|
+
# about the credential report, see [Getting credential reports][1] in
|
3743
|
+
# the *IAM User Guide*.
|
3706
3744
|
#
|
3707
3745
|
#
|
3708
3746
|
#
|
@@ -3727,18 +3765,17 @@ module Aws::IAM
|
|
3727
3765
|
req.send_request(options)
|
3728
3766
|
end
|
3729
3767
|
|
3730
|
-
# Generates a report for service last accessed data for
|
3731
|
-
#
|
3732
|
-
#
|
3733
|
-
# your organization.
|
3768
|
+
# Generates a report for service last accessed data for Organizations.
|
3769
|
+
# You can generate a report for any entities (organization root,
|
3770
|
+
# organizational unit, or account) or policies in your organization.
|
3734
3771
|
#
|
3735
|
-
# To call this operation, you must be signed in using your
|
3736
|
-
#
|
3737
|
-
#
|
3738
|
-
#
|
3739
|
-
#
|
3740
|
-
# permissions
|
3741
|
-
#
|
3772
|
+
# To call this operation, you must be signed in using your Organizations
|
3773
|
+
# management account credentials. You can use your long-term IAM user or
|
3774
|
+
# root user credentials, or temporary credentials from assuming an IAM
|
3775
|
+
# role. SCPs must be enabled for your organization root. You must have
|
3776
|
+
# the required IAM and Organizations permissions. For more information,
|
3777
|
+
# see [Refining permissions using service last accessed data][1] in the
|
3778
|
+
# *IAM User Guide*.
|
3742
3779
|
#
|
3743
3780
|
# You can generate a service last accessed data report for entities by
|
3744
3781
|
# specifying only the entity's path. This data includes a list of
|
@@ -3746,8 +3783,8 @@ module Aws::IAM
|
|
3746
3783
|
# apply to the entity.
|
3747
3784
|
#
|
3748
3785
|
# You can generate a service last accessed data report for a policy by
|
3749
|
-
# specifying an entity's path and an optional
|
3750
|
-
#
|
3786
|
+
# specifying an entity's path and an optional Organizations policy ID.
|
3787
|
+
# This data includes a list of services that are allowed by the
|
3751
3788
|
# specified SCP.
|
3752
3789
|
#
|
3753
3790
|
# For each service in both report types, the data includes the most
|
@@ -3757,15 +3794,16 @@ module Aws::IAM
|
|
3757
3794
|
# troubleshooting, and supported Regions see [Reducing permissions using
|
3758
3795
|
# service last accessed data][1] in the *IAM User Guide*.
|
3759
3796
|
#
|
3760
|
-
# The data includes all attempts to access
|
3761
|
-
# ones. This includes all attempts that were made using
|
3762
|
-
# Management Console, the
|
3763
|
-
# command line tools. An unexpected entry in the
|
3764
|
-
# data does not mean that an account has been
|
3765
|
-
# request might have been denied. Refer to your
|
3766
|
-
# authoritative source for information about all
|
3767
|
-
# they were successful or denied access. For more
|
3768
|
-
# see [Logging IAM events with CloudTrail][2] in the *IAM
|
3797
|
+
# The data includes all attempts to access Amazon Web Services, not just
|
3798
|
+
# the successful ones. This includes all attempts that were made using
|
3799
|
+
# the Management Console, the Amazon Web Services API through any of the
|
3800
|
+
# SDKs, or any of the command line tools. An unexpected entry in the
|
3801
|
+
# service last accessed data does not mean that an account has been
|
3802
|
+
# compromised, because the request might have been denied. Refer to your
|
3803
|
+
# CloudTrail logs as the authoritative source for information about all
|
3804
|
+
# API calls and whether they were successful or denied access. For more
|
3805
|
+
# information, see [Logging IAM events with CloudTrail][2] in the *IAM
|
3806
|
+
# User Guide*.
|
3769
3807
|
#
|
3770
3808
|
# This operation returns a `JobId`. Use this parameter in the `
|
3771
3809
|
# GetOrganizationsAccessReport ` operation to check the status of the
|
@@ -3775,9 +3813,9 @@ module Aws::IAM
|
|
3775
3813
|
# you can retrieve the report.
|
3776
3814
|
#
|
3777
3815
|
# To generate a service last accessed data report for entities, specify
|
3778
|
-
# an entity path without specifying the optional
|
3779
|
-
#
|
3780
|
-
#
|
3816
|
+
# an entity path without specifying the optional Organizations policy
|
3817
|
+
# ID. The type of entity that you specify determines the data returned
|
3818
|
+
# in the report.
|
3781
3819
|
#
|
3782
3820
|
# * **Root** – When you specify the organizations root as the entity,
|
3783
3821
|
# the resulting report lists all of the services allowed by SCPs that
|
@@ -3793,9 +3831,9 @@ module Aws::IAM
|
|
3793
3831
|
# not limited by SCPs.
|
3794
3832
|
#
|
3795
3833
|
# * **management account** – When you specify the management account,
|
3796
|
-
# the resulting report lists all
|
3797
|
-
# account is not limited by SCPs. For each service, the
|
3798
|
-
# includes data for only the management account.
|
3834
|
+
# the resulting report lists all Amazon Web Services services, because
|
3835
|
+
# the management account is not limited by SCPs. For each service, the
|
3836
|
+
# report includes data for only the management account.
|
3799
3837
|
#
|
3800
3838
|
# * **Account** – When you specify another account as the entity, the
|
3801
3839
|
# resulting report lists all of the services allowed by SCPs that are
|
@@ -3803,9 +3841,8 @@ module Aws::IAM
|
|
3803
3841
|
# report includes data for only the specified account.
|
3804
3842
|
#
|
3805
3843
|
# To generate a service last accessed data report for policies, specify
|
3806
|
-
# an entity path and the optional
|
3807
|
-
#
|
3808
|
-
# service.
|
3844
|
+
# an entity path and the optional Organizations policy ID. The type of
|
3845
|
+
# entity that you specify determines the data returned for each service.
|
3809
3846
|
#
|
3810
3847
|
# * **Root** – When you specify the root entity and a policy ID, the
|
3811
3848
|
# resulting report lists all of the services that are allowed by the
|
@@ -3827,10 +3864,10 @@ module Aws::IAM
|
|
3827
3864
|
# the report will return a list of services with no data.
|
3828
3865
|
#
|
3829
3866
|
# * **management account** – When you specify the management account,
|
3830
|
-
# the resulting report lists all
|
3831
|
-
# account is not limited by SCPs. If you specify a
|
3832
|
-
# CLI or API, the policy is ignored. For each
|
3833
|
-
# includes data for only the management account.
|
3867
|
+
# the resulting report lists all Amazon Web Services services, because
|
3868
|
+
# the management account is not limited by SCPs. If you specify a
|
3869
|
+
# policy ID in the CLI or API, the policy is ignored. For each
|
3870
|
+
# service, the report includes data for only the management account.
|
3834
3871
|
#
|
3835
3872
|
# * **Account** – When you specify another account entity and a policy
|
3836
3873
|
# ID, the resulting report lists all of the services that are allowed
|
@@ -3859,21 +3896,21 @@ module Aws::IAM
|
|
3859
3896
|
# [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-basics
|
3860
3897
|
#
|
3861
3898
|
# @option params [required, String] :entity_path
|
3862
|
-
# The path of the
|
3863
|
-
#
|
3864
|
-
#
|
3865
|
-
#
|
3866
|
-
#
|
3867
|
-
#
|
3899
|
+
# The path of the Organizations entity (root, OU, or account). You can
|
3900
|
+
# build an entity path using the known structure of your organization.
|
3901
|
+
# For example, assume that your account ID is `123456789012` and its
|
3902
|
+
# parent OU ID is `ou-rge0-awsabcde`. The organization root ID is
|
3903
|
+
# `r-f6g7h8i9j0example` and your organization ID is `o-a1b2c3d4e5`. Your
|
3904
|
+
# entity path is
|
3868
3905
|
# `o-a1b2c3d4e5/r-f6g7h8i9j0example/ou-rge0-awsabcde/123456789012`.
|
3869
3906
|
#
|
3870
3907
|
# @option params [String] :organizations_policy_id
|
3871
|
-
# The identifier of the
|
3872
|
-
#
|
3908
|
+
# The identifier of the Organizations service control policy (SCP). This
|
3909
|
+
# parameter is optional.
|
3873
3910
|
#
|
3874
3911
|
# This ID is used to generate information about when an account
|
3875
|
-
# principal that is limited by the SCP attempted to access an
|
3876
|
-
# service.
|
3912
|
+
# principal that is limited by the SCP attempted to access an Amazon Web
|
3913
|
+
# Services service.
|
3877
3914
|
#
|
3878
3915
|
# @return [Types::GenerateOrganizationsAccessReportResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
3879
3916
|
#
|
@@ -3915,31 +3952,31 @@ module Aws::IAM
|
|
3915
3952
|
|
3916
3953
|
# Generates a report that includes details about when an IAM resource
|
3917
3954
|
# (user, group, role, or policy) was last used in an attempt to access
|
3918
|
-
#
|
3919
|
-
# reports activity for the last 365 days, or less if
|
3920
|
-
# supporting this feature within the last year. For
|
3921
|
-
# see [Regions where data is tracked][1].
|
3922
|
-
#
|
3923
|
-
# The service last accessed data includes all attempts to access an
|
3924
|
-
# API, not just the successful ones. This includes
|
3925
|
-
# were made using the
|
3926
|
-
# the SDKs, or any of the command line
|
3927
|
-
# service last accessed data does not
|
3928
|
-
# compromised, because the request might
|
3929
|
-
# CloudTrail logs as the authoritative
|
3930
|
-
# API calls and whether they were
|
3931
|
-
# information, see [Logging IAM
|
3932
|
-
# User Guide*.
|
3955
|
+
# Amazon Web Services services. Recent activity usually appears within
|
3956
|
+
# four hours. IAM reports activity for the last 365 days, or less if
|
3957
|
+
# your Region began supporting this feature within the last year. For
|
3958
|
+
# more information, see [Regions where data is tracked][1].
|
3959
|
+
#
|
3960
|
+
# The service last accessed data includes all attempts to access an
|
3961
|
+
# Amazon Web Services API, not just the successful ones. This includes
|
3962
|
+
# all attempts that were made using the Management Console, the Amazon
|
3963
|
+
# Web Services API through any of the SDKs, or any of the command line
|
3964
|
+
# tools. An unexpected entry in the service last accessed data does not
|
3965
|
+
# mean that your account has been compromised, because the request might
|
3966
|
+
# have been denied. Refer to your CloudTrail logs as the authoritative
|
3967
|
+
# source for information about all API calls and whether they were
|
3968
|
+
# successful or denied access. For more information, see [Logging IAM
|
3969
|
+
# events with CloudTrail][2] in the *IAM User Guide*.
|
3933
3970
|
#
|
3934
3971
|
# The `GenerateServiceLastAccessedDetails` operation returns a `JobId`.
|
3935
3972
|
# Use this parameter in the following operations to retrieve the
|
3936
3973
|
# following details from your report:
|
3937
3974
|
#
|
3938
3975
|
# * GetServiceLastAccessedDetails – Use this operation for users,
|
3939
|
-
# groups, roles, or policies to list every
|
3940
|
-
# resource could access using permissions policies. For each
|
3941
|
-
# the response includes information about the most recent
|
3942
|
-
# attempt.
|
3976
|
+
# groups, roles, or policies to list every Amazon Web Services service
|
3977
|
+
# that the resource could access using permissions policies. For each
|
3978
|
+
# service, the response includes information about the most recent
|
3979
|
+
# access attempt.
|
3943
3980
|
#
|
3944
3981
|
# The `JobId` returned by `GenerateServiceLastAccessedDetail` must be
|
3945
3982
|
# used by the same role within a session, or by the same user when
|
@@ -3947,8 +3984,8 @@ module Aws::IAM
|
|
3947
3984
|
#
|
3948
3985
|
# * GetServiceLastAccessedDetailsWithEntities – Use this operation for
|
3949
3986
|
# groups and policies to list information about the associated
|
3950
|
-
# entities (users or roles) that attempted to access a specific
|
3951
|
-
# service.
|
3987
|
+
# entities (users or roles) that attempted to access a specific Amazon
|
3988
|
+
# Web Services service.
|
3952
3989
|
#
|
3953
3990
|
# To check the status of the `GenerateServiceLastAccessedDetails`
|
3954
3991
|
# request, use the `JobId` parameter in the same operations and test the
|
@@ -3961,10 +3998,10 @@ module Aws::IAM
|
|
3961
3998
|
# <note markdown="1"> Service last accessed data does not use other policy types when
|
3962
3999
|
# determining whether a resource could access a service. These other
|
3963
4000
|
# policy types include resource-based policies, access control lists,
|
3964
|
-
#
|
3965
|
-
#
|
3966
|
-
#
|
3967
|
-
#
|
4001
|
+
# Organizations policies, IAM permissions boundaries, and STS assume
|
4002
|
+
# role policies. It only applies permissions policy logic. For more
|
4003
|
+
# about the evaluation of policy types, see [Evaluating policies][3] in
|
4004
|
+
# the *IAM User Guide*.
|
3968
4005
|
#
|
3969
4006
|
# </note>
|
3970
4007
|
#
|
@@ -3982,7 +4019,7 @@ module Aws::IAM
|
|
3982
4019
|
# @option params [required, String] :arn
|
3983
4020
|
# The ARN of the IAM resource (user, group, role, or managed policy)
|
3984
4021
|
# used to generate information about when the resource was last used in
|
3985
|
-
# an attempt to access an
|
4022
|
+
# an attempt to access an Amazon Web Services service.
|
3986
4023
|
#
|
3987
4024
|
# @option params [String] :granularity
|
3988
4025
|
# The level of detail that you want to generate. You can specify whether
|
@@ -4032,8 +4069,8 @@ module Aws::IAM
|
|
4032
4069
|
|
4033
4070
|
# Retrieves information about when the specified access key was last
|
4034
4071
|
# used. The information includes the date and time of last use, along
|
4035
|
-
# with the
|
4036
|
-
# request made with that key.
|
4072
|
+
# with the Amazon Web Services service and Region that were specified in
|
4073
|
+
# the last request made with that key.
|
4037
4074
|
#
|
4038
4075
|
# @option params [required, String] :access_key_id
|
4039
4076
|
# The identifier of an access key.
|
@@ -4074,9 +4111,10 @@ module Aws::IAM
|
|
4074
4111
|
end
|
4075
4112
|
|
4076
4113
|
# Retrieves information about all IAM users, groups, roles, and policies
|
4077
|
-
# in your
|
4078
|
-
# this operation to obtain a snapshot of the
|
4079
|
-
# permissions (users, groups, roles, and policies)
|
4114
|
+
# in your Amazon Web Services account, including their relationships to
|
4115
|
+
# one another. Use this operation to obtain a snapshot of the
|
4116
|
+
# configuration of IAM permissions (users, groups, roles, and policies)
|
4117
|
+
# in your account.
|
4080
4118
|
#
|
4081
4119
|
# <note markdown="1"> Policies returned by this operation are URL-encoded compliant with
|
4082
4120
|
# [RFC 3986][1]. You can use a URL decoding method to convert the policy
|
@@ -4246,7 +4284,7 @@ module Aws::IAM
|
|
4246
4284
|
req.send_request(options)
|
4247
4285
|
end
|
4248
4286
|
|
4249
|
-
# Retrieves the password policy for the
|
4287
|
+
# Retrieves the password policy for the account. This tells you the
|
4250
4288
|
# complexity requirements and mandatory rotation periods for the IAM
|
4251
4289
|
# user passwords in your account. For more information about using a
|
4252
4290
|
# password policy, see [Managing an IAM password policy][1].
|
@@ -4305,8 +4343,8 @@ module Aws::IAM
|
|
4305
4343
|
req.send_request(options)
|
4306
4344
|
end
|
4307
4345
|
|
4308
|
-
# Retrieves information about IAM entity usage and IAM quotas in the
|
4309
|
-
# account.
|
4346
|
+
# Retrieves information about IAM entity usage and IAM quotas in the
|
4347
|
+
# Amazon Web Services account.
|
4310
4348
|
#
|
4311
4349
|
# For information about IAM quotas, see [IAM and STS quotas][1] in the
|
4312
4350
|
# *IAM User Guide*.
|
@@ -4378,14 +4416,14 @@ module Aws::IAM
|
|
4378
4416
|
# To get the context keys from policies associated with an IAM user,
|
4379
4417
|
# group, or role, use GetContextKeysForPrincipalPolicy.
|
4380
4418
|
#
|
4381
|
-
# Context keys are variables maintained by
|
4382
|
-
# provide details about the context of an API query
|
4383
|
-
# keys can be evaluated by testing against a value
|
4384
|
-
# policy. Use `GetContextKeysForCustomPolicy` to
|
4385
|
-
# names and values you must supply when you call
|
4386
|
-
# Note that all parameters are shown in unencoded
|
4387
|
-
# but must be URL encoded to be included as a part
|
4388
|
-
# request.
|
4419
|
+
# Context keys are variables maintained by Amazon Web Services and its
|
4420
|
+
# services that provide details about the context of an API query
|
4421
|
+
# request. Context keys can be evaluated by testing against a value
|
4422
|
+
# specified in an IAM policy. Use `GetContextKeysForCustomPolicy` to
|
4423
|
+
# understand what key names and values you must supply when you call
|
4424
|
+
# SimulateCustomPolicy. Note that all parameters are shown in unencoded
|
4425
|
+
# form here for clarity but must be URL encoded to be included as a part
|
4426
|
+
# of a real HTML request.
|
4389
4427
|
#
|
4390
4428
|
# @option params [required, Array<String>] :policy_input_list
|
4391
4429
|
# A list of policies for which you want the list of context keys
|
@@ -4447,11 +4485,12 @@ module Aws::IAM
|
|
4447
4485
|
# permissions, then consider allowing them to use
|
4448
4486
|
# GetContextKeysForCustomPolicy instead.
|
4449
4487
|
#
|
4450
|
-
# Context keys are variables maintained by
|
4451
|
-
# provide details about the context of an API query
|
4452
|
-
# keys can be evaluated by testing against a value in
|
4453
|
-
# GetContextKeysForPrincipalPolicy to understand what
|
4454
|
-
# values you must supply when you call
|
4488
|
+
# Context keys are variables maintained by Amazon Web Services and its
|
4489
|
+
# services that provide details about the context of an API query
|
4490
|
+
# request. Context keys can be evaluated by testing against a value in
|
4491
|
+
# an IAM policy. Use GetContextKeysForPrincipalPolicy to understand what
|
4492
|
+
# key names and values you must supply when you call
|
4493
|
+
# SimulatePrincipalPolicy.
|
4455
4494
|
#
|
4456
4495
|
# @option params [required, String] :policy_source_arn
|
4457
4496
|
# The ARN of a user, group, or role whose policies contain the context
|
@@ -4464,7 +4503,7 @@ module Aws::IAM
|
|
4464
4503
|
# URL encoded to be included as a part of a real HTML request.
|
4465
4504
|
#
|
4466
4505
|
# For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
|
4467
|
-
# in the *
|
4506
|
+
# in the *Amazon Web Services General Reference*.
|
4468
4507
|
#
|
4469
4508
|
#
|
4470
4509
|
#
|
@@ -4515,9 +4554,9 @@ module Aws::IAM
|
|
4515
4554
|
req.send_request(options)
|
4516
4555
|
end
|
4517
4556
|
|
4518
|
-
# Retrieves a credential report for the
|
4519
|
-
#
|
4520
|
-
#
|
4557
|
+
# Retrieves a credential report for the account. For more information
|
4558
|
+
# about the credential report, see [Getting credential reports][1] in
|
4559
|
+
# the *IAM User Guide*.
|
4521
4560
|
#
|
4522
4561
|
#
|
4523
4562
|
#
|
@@ -4802,9 +4841,19 @@ module Aws::IAM
|
|
4802
4841
|
req.send_request(options)
|
4803
4842
|
end
|
4804
4843
|
|
4805
|
-
# Retrieves the user name
|
4806
|
-
#
|
4807
|
-
#
|
4844
|
+
# Retrieves the user name for the specified IAM user. A login profile is
|
4845
|
+
# created when you create a password for the user to access the
|
4846
|
+
# Management Console. If the user does not exist or does not have a
|
4847
|
+
# password, the operation returns a 404 (`NoSuchEntity`) error.
|
4848
|
+
#
|
4849
|
+
# If you create an IAM user with access to the console, the `CreateDate`
|
4850
|
+
# reflects the date you created the initial password for the user.
|
4851
|
+
#
|
4852
|
+
# If you create an IAM user with programmatic access, and then later add
|
4853
|
+
# a password for the user to access the Management Console, the
|
4854
|
+
# `CreateDate` reflects the initial password creation date. A user with
|
4855
|
+
# programmatic access does not have a login profile unless you create a
|
4856
|
+
# password for the user to access the Management Console.
|
4808
4857
|
#
|
4809
4858
|
# @option params [required, String] :user_name
|
4810
4859
|
# The name of the user whose login profile you want to retrieve.
|
@@ -4869,7 +4918,7 @@ module Aws::IAM
|
|
4869
4918
|
# resource ARNs by using the ListOpenIDConnectProviders operation.
|
4870
4919
|
#
|
4871
4920
|
# For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
|
4872
|
-
# in the *
|
4921
|
+
# in the *Amazon Web Services General Reference*.
|
4873
4922
|
#
|
4874
4923
|
#
|
4875
4924
|
#
|
@@ -4910,10 +4959,10 @@ module Aws::IAM
|
|
4910
4959
|
req.send_request(options)
|
4911
4960
|
end
|
4912
4961
|
|
4913
|
-
# Retrieves the service last accessed data report for
|
4914
|
-
#
|
4915
|
-
#
|
4916
|
-
#
|
4962
|
+
# Retrieves the service last accessed data report for Organizations that
|
4963
|
+
# was previously generated using the ` GenerateOrganizationsAccessReport
|
4964
|
+
# ` operation. This operation retrieves the status of your report job
|
4965
|
+
# and the report contents.
|
4917
4966
|
#
|
4918
4967
|
# Depending on the parameters that you passed when you generated the
|
4919
4968
|
# report, the data returned could include different information. For
|
@@ -5080,7 +5129,7 @@ module Aws::IAM
|
|
5080
5129
|
# information about.
|
5081
5130
|
#
|
5082
5131
|
# For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
|
5083
|
-
# in the *
|
5132
|
+
# in the *Amazon Web Services General Reference*.
|
5084
5133
|
#
|
5085
5134
|
#
|
5086
5135
|
#
|
@@ -5162,7 +5211,7 @@ module Aws::IAM
|
|
5162
5211
|
# information about.
|
5163
5212
|
#
|
5164
5213
|
# For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
|
5165
|
-
# in the *
|
5214
|
+
# in the *Amazon Web Services General Reference*.
|
5166
5215
|
#
|
5167
5216
|
#
|
5168
5217
|
#
|
@@ -5401,7 +5450,7 @@ module Aws::IAM
|
|
5401
5450
|
# IAM to get information about.
|
5402
5451
|
#
|
5403
5452
|
# For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
|
5404
|
-
# in the *
|
5453
|
+
# in the *Amazon Web Services General Reference*.
|
5405
5454
|
#
|
5406
5455
|
#
|
5407
5456
|
#
|
@@ -5442,10 +5491,10 @@ module Aws::IAM
|
|
5442
5491
|
# key.
|
5443
5492
|
#
|
5444
5493
|
# The SSH public key retrieved by this operation is used only for
|
5445
|
-
# authenticating the associated IAM user to an
|
5446
|
-
#
|
5447
|
-
#
|
5448
|
-
#
|
5494
|
+
# authenticating the associated IAM user to an CodeCommit repository.
|
5495
|
+
# For more information about using SSH keys to authenticate to an
|
5496
|
+
# CodeCommit repository, see [Set up CodeCommit for SSH connections][1]
|
5497
|
+
# in the *CodeCommit User Guide*.
|
5449
5498
|
#
|
5450
5499
|
#
|
5451
5500
|
#
|
@@ -5514,8 +5563,8 @@ module Aws::IAM
|
|
5514
5563
|
#
|
5515
5564
|
# For more information about working with server certificates, see
|
5516
5565
|
# [Working with server certificates][1] in the *IAM User Guide*. This
|
5517
|
-
# topic includes a list of
|
5518
|
-
# certificates that you manage with IAM.
|
5566
|
+
# topic includes a list of Amazon Web Services services that can use the
|
5567
|
+
# server certificates that you manage with IAM.
|
5519
5568
|
#
|
5520
5569
|
#
|
5521
5570
|
#
|
@@ -5571,17 +5620,17 @@ module Aws::IAM
|
|
5571
5620
|
# `GenerateServiceLastAccessedDetails` operation. You can use the
|
5572
5621
|
# `JobId` parameter in `GetServiceLastAccessedDetails` to retrieve the
|
5573
5622
|
# status of your report job. When the report is complete, you can
|
5574
|
-
# retrieve the generated report. The report includes a list of
|
5575
|
-
# services that the resource (user, group, role, or managed
|
5576
|
-
# access.
|
5623
|
+
# retrieve the generated report. The report includes a list of Amazon
|
5624
|
+
# Web Services services that the resource (user, group, role, or managed
|
5625
|
+
# policy) can access.
|
5577
5626
|
#
|
5578
5627
|
# <note markdown="1"> Service last accessed data does not use other policy types when
|
5579
5628
|
# determining whether a resource could access a service. These other
|
5580
5629
|
# policy types include resource-based policies, access control lists,
|
5581
|
-
#
|
5582
|
-
#
|
5583
|
-
#
|
5584
|
-
#
|
5630
|
+
# Organizations policies, IAM permissions boundaries, and STS assume
|
5631
|
+
# role policies. It only applies permissions policy logic. For more
|
5632
|
+
# about the evaluation of policy types, see [Evaluating policies][1] in
|
5633
|
+
# the *IAM User Guide*.
|
5585
5634
|
#
|
5586
5635
|
# </note>
|
5587
5636
|
#
|
@@ -5760,16 +5809,17 @@ module Aws::IAM
|
|
5760
5809
|
# `GenerateServiceLastAccessedDetails` operation.
|
5761
5810
|
#
|
5762
5811
|
# @option params [required, String] :service_namespace
|
5763
|
-
# The service namespace for an
|
5764
|
-
# namespace to learn when the IAM entity last attempted to
|
5765
|
-
# specified service.
|
5812
|
+
# The service namespace for an Amazon Web Services service. Provide the
|
5813
|
+
# service namespace to learn when the IAM entity last attempted to
|
5814
|
+
# access the specified service.
|
5766
5815
|
#
|
5767
5816
|
# To learn the service namespace for a service, see [Actions, resources,
|
5768
|
-
# and condition keys for
|
5769
|
-
# Choose the name of the service to view details for that
|
5770
|
-
# the first paragraph, find the service prefix. For example,
|
5771
|
-
# prefix: a4b)`. For more information about service
|
5772
|
-
# service namespaces][2] in
|
5817
|
+
# and condition keys for Amazon Web Services services][1] in the *IAM
|
5818
|
+
# User Guide*. Choose the name of the service to view details for that
|
5819
|
+
# service. In the first paragraph, find the service prefix. For example,
|
5820
|
+
# `(service prefix: a4b)`. For more information about service
|
5821
|
+
# namespaces, see [Amazon Web Services service namespaces][2] in
|
5822
|
+
# the *Amazon Web Services General Reference*.
|
5773
5823
|
#
|
5774
5824
|
#
|
5775
5825
|
#
|
@@ -5922,8 +5972,8 @@ module Aws::IAM
|
|
5922
5972
|
# user's creation date, path, unique ID, and ARN.
|
5923
5973
|
#
|
5924
5974
|
# If you do not specify a user name, IAM determines the user name
|
5925
|
-
# implicitly based on the
|
5926
|
-
# this operation.
|
5975
|
+
# implicitly based on the Amazon Web Services access key ID used to sign
|
5976
|
+
# the request to this operation.
|
5927
5977
|
#
|
5928
5978
|
# @option params [String] :user_name
|
5929
5979
|
# The name of the user to get information about.
|
@@ -6080,12 +6130,12 @@ module Aws::IAM
|
|
6080
6130
|
# paginate the results using the `MaxItems` and `Marker` parameters.
|
6081
6131
|
#
|
6082
6132
|
# If the `UserName` field is not specified, the user name is determined
|
6083
|
-
# implicitly based on the
|
6084
|
-
# This operation works for access keys under the
|
6085
|
-
# Consequently, you can use this operation to manage
|
6086
|
-
#
|
6133
|
+
# implicitly based on the Amazon Web Services access key ID used to sign
|
6134
|
+
# the request. This operation works for access keys under the account.
|
6135
|
+
# Consequently, you can use this operation to manage account root user
|
6136
|
+
# credentials even if the account has no associated users.
|
6087
6137
|
#
|
6088
|
-
# <note markdown="1"> To ensure the security of your
|
6138
|
+
# <note markdown="1"> To ensure the security of your account, the secret access key is
|
6089
6139
|
# accessible only during key and user creation.
|
6090
6140
|
#
|
6091
6141
|
# </note>
|
@@ -6181,9 +6231,9 @@ module Aws::IAM
|
|
6181
6231
|
req.send_request(options)
|
6182
6232
|
end
|
6183
6233
|
|
6184
|
-
# Lists the account alias associated with the
|
6185
|
-
# have only one). For information about using an
|
6186
|
-
# [Using an alias for your
|
6234
|
+
# Lists the account alias associated with the account (Note: you can
|
6235
|
+
# have only one). For information about using an account alias, see
|
6236
|
+
# [Using an alias for your account ID][1] in the *IAM User Guide*.
|
6187
6237
|
#
|
6188
6238
|
#
|
6189
6239
|
#
|
@@ -6562,7 +6612,7 @@ module Aws::IAM
|
|
6562
6612
|
# the versions.
|
6563
6613
|
#
|
6564
6614
|
# For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
|
6565
|
-
# in the *
|
6615
|
+
# in the *Amazon Web Services General Reference*.
|
6566
6616
|
#
|
6567
6617
|
#
|
6568
6618
|
#
|
@@ -6980,10 +7030,10 @@ module Aws::IAM
|
|
6980
7030
|
# @option params [required, String] :instance_profile_name
|
6981
7031
|
# The name of the IAM instance profile whose tags you want to see.
|
6982
7032
|
#
|
6983
|
-
# This parameter
|
6984
|
-
# characters
|
7033
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
7034
|
+
# characters consisting of upper and lowercase alphanumeric characters
|
6985
7035
|
# with no spaces. You can also include any of the following characters:
|
6986
|
-
#
|
7036
|
+
# \_+=,.@-
|
6987
7037
|
#
|
6988
7038
|
#
|
6989
7039
|
#
|
@@ -6996,16 +7046,15 @@ module Aws::IAM
|
|
6996
7046
|
# to indicate where the next call should start.
|
6997
7047
|
#
|
6998
7048
|
# @option params [Integer] :max_items
|
6999
|
-
#
|
7000
|
-
#
|
7001
|
-
#
|
7002
|
-
# response element is `true`.
|
7049
|
+
# Use this only when paginating results to indicate the maximum number
|
7050
|
+
# of items you want in the response. If additional items exist beyond
|
7051
|
+
# the maximum you specify, the `IsTruncated` response element is `true`.
|
7003
7052
|
#
|
7004
|
-
# If you do not include this parameter,
|
7005
|
-
# IAM might return fewer results, even when
|
7006
|
-
# In that case, the `IsTruncated` response
|
7007
|
-
# `Marker` contains a value to include in
|
7008
|
-
# the service where to continue from.
|
7053
|
+
# If you do not include this parameter, the number of items defaults to
|
7054
|
+
# 100. Note that IAM might return fewer results, even when there are
|
7055
|
+
# more results available. In that case, the `IsTruncated` response
|
7056
|
+
# element returns `true`, and `Marker` contains a value to include in
|
7057
|
+
# the subsequent call that tells the service where to continue from.
|
7009
7058
|
#
|
7010
7059
|
# @return [Types::ListInstanceProfileTagsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
7011
7060
|
#
|
@@ -7257,10 +7306,10 @@ module Aws::IAM
|
|
7257
7306
|
# want to see. For virtual MFA devices, the serial number is the same as
|
7258
7307
|
# the ARN.
|
7259
7308
|
#
|
7260
|
-
# This parameter
|
7261
|
-
# characters
|
7309
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
7310
|
+
# characters consisting of upper and lowercase alphanumeric characters
|
7262
7311
|
# with no spaces. You can also include any of the following characters:
|
7263
|
-
#
|
7312
|
+
# \_+=,.@-
|
7264
7313
|
#
|
7265
7314
|
#
|
7266
7315
|
#
|
@@ -7273,16 +7322,15 @@ module Aws::IAM
|
|
7273
7322
|
# to indicate where the next call should start.
|
7274
7323
|
#
|
7275
7324
|
# @option params [Integer] :max_items
|
7276
|
-
#
|
7277
|
-
#
|
7278
|
-
#
|
7279
|
-
# response element is `true`.
|
7325
|
+
# Use this only when paginating results to indicate the maximum number
|
7326
|
+
# of items you want in the response. If additional items exist beyond
|
7327
|
+
# the maximum you specify, the `IsTruncated` response element is `true`.
|
7280
7328
|
#
|
7281
|
-
# If you do not include this parameter,
|
7282
|
-
# IAM might return fewer results, even when
|
7283
|
-
# In that case, the `IsTruncated` response
|
7284
|
-
# `Marker` contains a value to include in
|
7285
|
-
# the service where to continue from.
|
7329
|
+
# If you do not include this parameter, the number of items defaults to
|
7330
|
+
# 100. Note that IAM might return fewer results, even when there are
|
7331
|
+
# more results available. In that case, the `IsTruncated` response
|
7332
|
+
# element returns `true`, and `Marker` contains a value to include in
|
7333
|
+
# the subsequent call that tells the service where to continue from.
|
7286
7334
|
#
|
7287
7335
|
# @return [Types::ListMFADeviceTagsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
7288
7336
|
#
|
@@ -7318,8 +7366,8 @@ module Aws::IAM
|
|
7318
7366
|
# Lists the MFA devices for an IAM user. If the request includes a IAM
|
7319
7367
|
# user name, then this operation lists all the MFA devices associated
|
7320
7368
|
# with the specified user. If you do not specify a user name, IAM
|
7321
|
-
# determines the user name implicitly based on the
|
7322
|
-
# signing the request for this operation.
|
7369
|
+
# determines the user name implicitly based on the Amazon Web Services
|
7370
|
+
# access key ID signing the request for this operation.
|
7323
7371
|
#
|
7324
7372
|
# You can paginate the results using the `MaxItems` and `Marker`
|
7325
7373
|
# parameters.
|
@@ -7404,10 +7452,10 @@ module Aws::IAM
|
|
7404
7452
|
# The ARN of the OpenID Connect (OIDC) identity provider whose tags you
|
7405
7453
|
# want to see.
|
7406
7454
|
#
|
7407
|
-
# This parameter
|
7408
|
-
# characters
|
7455
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
7456
|
+
# characters consisting of upper and lowercase alphanumeric characters
|
7409
7457
|
# with no spaces. You can also include any of the following characters:
|
7410
|
-
#
|
7458
|
+
# \_+=,.@-
|
7411
7459
|
#
|
7412
7460
|
#
|
7413
7461
|
#
|
@@ -7420,16 +7468,15 @@ module Aws::IAM
|
|
7420
7468
|
# to indicate where the next call should start.
|
7421
7469
|
#
|
7422
7470
|
# @option params [Integer] :max_items
|
7423
|
-
#
|
7424
|
-
#
|
7425
|
-
#
|
7426
|
-
# response element is `true`.
|
7471
|
+
# Use this only when paginating results to indicate the maximum number
|
7472
|
+
# of items you want in the response. If additional items exist beyond
|
7473
|
+
# the maximum you specify, the `IsTruncated` response element is `true`.
|
7427
7474
|
#
|
7428
|
-
# If you do not include this parameter,
|
7429
|
-
# IAM might return fewer results, even when
|
7430
|
-
# In that case, the `IsTruncated` response
|
7431
|
-
# `Marker` contains a value to include in
|
7432
|
-
# the service where to continue from.
|
7475
|
+
# If you do not include this parameter, the number of items defaults to
|
7476
|
+
# 100. Note that IAM might return fewer results, even when there are
|
7477
|
+
# more results available. In that case, the `IsTruncated` response
|
7478
|
+
# element returns `true`, and `Marker` contains a value to include in
|
7479
|
+
# the subsequent call that tells the service where to continue from.
|
7433
7480
|
#
|
7434
7481
|
# @return [Types::ListOpenIDConnectProviderTagsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
7435
7482
|
#
|
@@ -7463,7 +7510,7 @@ module Aws::IAM
|
|
7463
7510
|
end
|
7464
7511
|
|
7465
7512
|
# Lists information about the IAM OpenID Connect (OIDC) provider
|
7466
|
-
# resource objects defined in the
|
7513
|
+
# resource objects defined in the account.
|
7467
7514
|
#
|
7468
7515
|
# <note markdown="1"> IAM resource-listing operations return a subset of the available
|
7469
7516
|
# attributes for the resource. For example, this operation does not
|
@@ -7491,15 +7538,15 @@ module Aws::IAM
|
|
7491
7538
|
req.send_request(options)
|
7492
7539
|
end
|
7493
7540
|
|
7494
|
-
# Lists all the managed policies that are available in your
|
7495
|
-
# including your own customer-defined managed policies and all
|
7496
|
-
# managed policies.
|
7541
|
+
# Lists all the managed policies that are available in your account,
|
7542
|
+
# including your own customer-defined managed policies and all Amazon
|
7543
|
+
# Web Services managed policies.
|
7497
7544
|
#
|
7498
7545
|
# You can filter the list of policies that is returned using the
|
7499
7546
|
# optional `OnlyAttached`, `Scope`, and `PathPrefix` parameters. For
|
7500
|
-
# example, to list only the customer managed policies in your
|
7501
|
-
# account, set `Scope` to `Local`. To list only
|
7502
|
-
# set `Scope` to `AWS`.
|
7547
|
+
# example, to list only the customer managed policies in your Amazon Web
|
7548
|
+
# Services account, set `Scope` to `Local`. To list only Amazon Web
|
7549
|
+
# Services managed policies, set `Scope` to `AWS`.
|
7503
7550
|
#
|
7504
7551
|
# You can paginate the results using the `MaxItems` and `Marker`
|
7505
7552
|
# parameters.
|
@@ -7522,9 +7569,9 @@ module Aws::IAM
|
|
7522
7569
|
# @option params [String] :scope
|
7523
7570
|
# The scope to use for filtering the results.
|
7524
7571
|
#
|
7525
|
-
# To list only
|
7526
|
-
# the customer managed policies in your
|
7527
|
-
# `Local`.
|
7572
|
+
# To list only Amazon Web Services managed policies, set `Scope` to
|
7573
|
+
# `AWS`. To list only the customer managed policies in your account, set
|
7574
|
+
# `Scope` to `Local`.
|
7528
7575
|
#
|
7529
7576
|
# This parameter is optional. If it is not included, or if it is set to
|
7530
7577
|
# `All`, all policies are returned.
|
@@ -7632,11 +7679,10 @@ module Aws::IAM
|
|
7632
7679
|
#
|
7633
7680
|
# <note markdown="1"> This operation does not use other policy types when determining
|
7634
7681
|
# whether a resource could access a service. These other policy types
|
7635
|
-
# include resource-based policies, access control lists,
|
7636
|
-
#
|
7637
|
-
#
|
7638
|
-
#
|
7639
|
-
# the *IAM User Guide*.
|
7682
|
+
# include resource-based policies, access control lists, Organizations
|
7683
|
+
# policies, IAM permissions boundaries, and STS assume role policies. It
|
7684
|
+
# only applies permissions policy logic. For more about the evaluation
|
7685
|
+
# of policy types, see [Evaluating policies][1] in the *IAM User Guide*.
|
7640
7686
|
#
|
7641
7687
|
# </note>
|
7642
7688
|
#
|
@@ -7682,15 +7728,16 @@ module Aws::IAM
|
|
7682
7728
|
# want to list.
|
7683
7729
|
#
|
7684
7730
|
# @option params [required, Array<String>] :service_namespaces
|
7685
|
-
# The service namespace for the
|
7686
|
-
# list.
|
7731
|
+
# The service namespace for the Amazon Web Services services whose
|
7732
|
+
# policies you want to list.
|
7687
7733
|
#
|
7688
7734
|
# To learn the service namespace for a service, see [Actions, resources,
|
7689
|
-
# and condition keys for
|
7690
|
-
# Choose the name of the service to view details for that
|
7691
|
-
# the first paragraph, find the service prefix. For example,
|
7692
|
-
# prefix: a4b)`. For more information about service
|
7693
|
-
# service namespaces][2] in
|
7735
|
+
# and condition keys for Amazon Web Services services][1] in the *IAM
|
7736
|
+
# User Guide*. Choose the name of the service to view details for that
|
7737
|
+
# service. In the first paragraph, find the service prefix. For example,
|
7738
|
+
# `(service prefix: a4b)`. For more information about service
|
7739
|
+
# namespaces, see [Amazon Web Services service namespaces][2] in
|
7740
|
+
# the *Amazon Web Services General Reference*.
|
7694
7741
|
#
|
7695
7742
|
#
|
7696
7743
|
#
|
@@ -7791,10 +7838,10 @@ module Aws::IAM
|
|
7791
7838
|
# @option params [required, String] :policy_arn
|
7792
7839
|
# The ARN of the IAM customer managed policy whose tags you want to see.
|
7793
7840
|
#
|
7794
|
-
# This parameter
|
7795
|
-
# characters
|
7841
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
7842
|
+
# characters consisting of upper and lowercase alphanumeric characters
|
7796
7843
|
# with no spaces. You can also include any of the following characters:
|
7797
|
-
#
|
7844
|
+
# \_+=,.@-
|
7798
7845
|
#
|
7799
7846
|
#
|
7800
7847
|
#
|
@@ -7807,16 +7854,15 @@ module Aws::IAM
|
|
7807
7854
|
# to indicate where the next call should start.
|
7808
7855
|
#
|
7809
7856
|
# @option params [Integer] :max_items
|
7810
|
-
#
|
7811
|
-
#
|
7812
|
-
#
|
7813
|
-
# response element is `true`.
|
7857
|
+
# Use this only when paginating results to indicate the maximum number
|
7858
|
+
# of items you want in the response. If additional items exist beyond
|
7859
|
+
# the maximum you specify, the `IsTruncated` response element is `true`.
|
7814
7860
|
#
|
7815
|
-
# If you do not include this parameter,
|
7816
|
-
# IAM might return fewer results, even when
|
7817
|
-
# In that case, the `IsTruncated` response
|
7818
|
-
# `Marker` contains a value to include in
|
7819
|
-
# the service where to continue from.
|
7861
|
+
# If you do not include this parameter, the number of items defaults to
|
7862
|
+
# 100. Note that IAM might return fewer results, even when there are
|
7863
|
+
# more results available. In that case, the `IsTruncated` response
|
7864
|
+
# element returns `true`, and `Marker` contains a value to include in
|
7865
|
+
# the subsequent call that tells the service where to continue from.
|
7820
7866
|
#
|
7821
7867
|
# @return [Types::ListPolicyTagsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
7822
7868
|
#
|
@@ -7865,7 +7911,7 @@ module Aws::IAM
|
|
7865
7911
|
# the versions.
|
7866
7912
|
#
|
7867
7913
|
# For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
|
7868
|
-
# in the *
|
7914
|
+
# in the *Amazon Web Services General Reference*.
|
7869
7915
|
#
|
7870
7916
|
#
|
7871
7917
|
#
|
@@ -8027,16 +8073,15 @@ module Aws::IAM
|
|
8027
8073
|
# to indicate where the next call should start.
|
8028
8074
|
#
|
8029
8075
|
# @option params [Integer] :max_items
|
8030
|
-
#
|
8031
|
-
#
|
8032
|
-
#
|
8033
|
-
# response element is `true`.
|
8076
|
+
# Use this only when paginating results to indicate the maximum number
|
8077
|
+
# of items you want in the response. If additional items exist beyond
|
8078
|
+
# the maximum you specify, the `IsTruncated` response element is `true`.
|
8034
8079
|
#
|
8035
|
-
# If you do not include this parameter,
|
8036
|
-
# IAM might return fewer results, even when
|
8037
|
-
# In that case, the `IsTruncated` response
|
8038
|
-
# `Marker` contains a value to include in
|
8039
|
-
# the service where to continue from.
|
8080
|
+
# If you do not include this parameter, the number of items defaults to
|
8081
|
+
# 100. Note that IAM might return fewer results, even when there are
|
8082
|
+
# more results available. In that case, the `IsTruncated` response
|
8083
|
+
# element returns `true`, and `Marker` contains a value to include in
|
8084
|
+
# the subsequent call that tells the service where to continue from.
|
8040
8085
|
#
|
8041
8086
|
# @return [Types::ListRoleTagsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
8042
8087
|
#
|
@@ -8208,10 +8253,10 @@ module Aws::IAM
|
|
8208
8253
|
# The ARN of the Security Assertion Markup Language (SAML) identity
|
8209
8254
|
# provider whose tags you want to see.
|
8210
8255
|
#
|
8211
|
-
# This parameter
|
8212
|
-
# characters
|
8256
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
8257
|
+
# characters consisting of upper and lowercase alphanumeric characters
|
8213
8258
|
# with no spaces. You can also include any of the following characters:
|
8214
|
-
#
|
8259
|
+
# \_+=,.@-
|
8215
8260
|
#
|
8216
8261
|
#
|
8217
8262
|
#
|
@@ -8224,16 +8269,15 @@ module Aws::IAM
|
|
8224
8269
|
# to indicate where the next call should start.
|
8225
8270
|
#
|
8226
8271
|
# @option params [Integer] :max_items
|
8227
|
-
#
|
8228
|
-
#
|
8229
|
-
#
|
8230
|
-
# response element is `true`.
|
8272
|
+
# Use this only when paginating results to indicate the maximum number
|
8273
|
+
# of items you want in the response. If additional items exist beyond
|
8274
|
+
# the maximum you specify, the `IsTruncated` response element is `true`.
|
8231
8275
|
#
|
8232
|
-
# If you do not include this parameter,
|
8233
|
-
# IAM might return fewer results, even when
|
8234
|
-
# In that case, the `IsTruncated` response
|
8235
|
-
# `Marker` contains a value to include in
|
8236
|
-
# the service where to continue from.
|
8276
|
+
# If you do not include this parameter, the number of items defaults to
|
8277
|
+
# 100. Note that IAM might return fewer results, even when there are
|
8278
|
+
# more results available. In that case, the `IsTruncated` response
|
8279
|
+
# element returns `true`, and `Marker` contains a value to include in
|
8280
|
+
# the subsequent call that tells the service where to continue from.
|
8237
8281
|
#
|
8238
8282
|
# @return [Types::ListSAMLProviderTagsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
8239
8283
|
#
|
@@ -8304,10 +8348,10 @@ module Aws::IAM
|
|
8304
8348
|
# list.
|
8305
8349
|
#
|
8306
8350
|
# The SSH public keys returned by this operation are used only for
|
8307
|
-
# authenticating the IAM user to an
|
8308
|
-
# information about using SSH keys to authenticate to an
|
8309
|
-
# repository, see [Set up
|
8310
|
-
# *
|
8351
|
+
# authenticating the IAM user to an CodeCommit repository. For more
|
8352
|
+
# information about using SSH keys to authenticate to an CodeCommit
|
8353
|
+
# repository, see [Set up CodeCommit for SSH connections][1] in the
|
8354
|
+
# *CodeCommit User Guide*.
|
8311
8355
|
#
|
8312
8356
|
# Although each user is limited to a small number of keys, you can still
|
8313
8357
|
# paginate the results using the `MaxItems` and `Marker` parameters.
|
@@ -8319,7 +8363,7 @@ module Aws::IAM
|
|
8319
8363
|
# @option params [String] :user_name
|
8320
8364
|
# The name of the IAM user to list SSH public keys for. If none is
|
8321
8365
|
# specified, the `UserName` field is determined implicitly based on the
|
8322
|
-
#
|
8366
|
+
# Amazon Web Services access key used to sign the request.
|
8323
8367
|
#
|
8324
8368
|
# This parameter allows (through its [regex pattern][1]) a string of
|
8325
8369
|
# characters consisting of upper and lowercase alphanumeric characters
|
@@ -8387,11 +8431,11 @@ module Aws::IAM
|
|
8387
8431
|
# information about tagging, see [Tagging IAM resources][1] in the *IAM
|
8388
8432
|
# User Guide*.
|
8389
8433
|
#
|
8390
|
-
# <note markdown="1"> For certificates in a Region supported by
|
8391
|
-
#
|
8392
|
-
#
|
8393
|
-
#
|
8394
|
-
#
|
8434
|
+
# <note markdown="1"> For certificates in a Region supported by Certificate Manager (ACM),
|
8435
|
+
# we recommend that you don't use IAM server certificates. Instead, use
|
8436
|
+
# ACM to provision, manage, and deploy your server certificates. For
|
8437
|
+
# more information about IAM server certificates, [Working with server
|
8438
|
+
# certificates][2] in the *IAM User Guide*.
|
8395
8439
|
#
|
8396
8440
|
# </note>
|
8397
8441
|
#
|
@@ -8403,10 +8447,10 @@ module Aws::IAM
|
|
8403
8447
|
# @option params [required, String] :server_certificate_name
|
8404
8448
|
# The name of the IAM server certificate whose tags you want to see.
|
8405
8449
|
#
|
8406
|
-
# This parameter
|
8407
|
-
# characters
|
8450
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
8451
|
+
# characters consisting of upper and lowercase alphanumeric characters
|
8408
8452
|
# with no spaces. You can also include any of the following characters:
|
8409
|
-
#
|
8453
|
+
# \_+=,.@-
|
8410
8454
|
#
|
8411
8455
|
#
|
8412
8456
|
#
|
@@ -8419,16 +8463,15 @@ module Aws::IAM
|
|
8419
8463
|
# to indicate where the next call should start.
|
8420
8464
|
#
|
8421
8465
|
# @option params [Integer] :max_items
|
8422
|
-
#
|
8423
|
-
#
|
8424
|
-
#
|
8425
|
-
# response element is `true`.
|
8466
|
+
# Use this only when paginating results to indicate the maximum number
|
8467
|
+
# of items you want in the response. If additional items exist beyond
|
8468
|
+
# the maximum you specify, the `IsTruncated` response element is `true`.
|
8426
8469
|
#
|
8427
|
-
# If you do not include this parameter,
|
8428
|
-
# IAM might return fewer results, even when
|
8429
|
-
# In that case, the `IsTruncated` response
|
8430
|
-
# `Marker` contains a value to include in
|
8431
|
-
# the service where to continue from.
|
8470
|
+
# If you do not include this parameter, the number of items defaults to
|
8471
|
+
# 100. Note that IAM might return fewer results, even when there are
|
8472
|
+
# more results available. In that case, the `IsTruncated` response
|
8473
|
+
# element returns `true`, and `Marker` contains a value to include in
|
8474
|
+
# the subsequent call that tells the service where to continue from.
|
8432
8475
|
#
|
8433
8476
|
# @return [Types::ListServerCertificateTagsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
8434
8477
|
#
|
@@ -8469,8 +8512,8 @@ module Aws::IAM
|
|
8469
8512
|
#
|
8470
8513
|
# For more information about working with server certificates, see
|
8471
8514
|
# [Working with server certificates][1] in the *IAM User Guide*. This
|
8472
|
-
# topic also includes a list of
|
8473
|
-
# certificates that you manage with IAM.
|
8515
|
+
# topic also includes a list of Amazon Web Services services that can
|
8516
|
+
# use the server certificates that you manage with IAM.
|
8474
8517
|
#
|
8475
8518
|
# <note markdown="1"> IAM resource-listing operations return a subset of the available
|
8476
8519
|
# attributes for the resource. For example, this operation does not
|
@@ -8561,8 +8604,8 @@ module Aws::IAM
|
|
8561
8604
|
# empty list. The service-specific credentials returned by this
|
8562
8605
|
# operation are used only for authenticating the IAM user to a specific
|
8563
8606
|
# service. For more information about using service-specific credentials
|
8564
|
-
# to authenticate to an
|
8565
|
-
# credentials][1] in the
|
8607
|
+
# to authenticate to an Amazon Web Services service, see [Set up
|
8608
|
+
# service-specific credentials][1] in the CodeCommit User Guide.
|
8566
8609
|
#
|
8567
8610
|
#
|
8568
8611
|
#
|
@@ -8583,9 +8626,9 @@ module Aws::IAM
|
|
8583
8626
|
# [1]: http://wikipedia.org/wiki/regex
|
8584
8627
|
#
|
8585
8628
|
# @option params [String] :service_name
|
8586
|
-
# Filters the returned results to only those for the specified
|
8587
|
-
# service. If not specified, then
|
8588
|
-
# credentials for all services.
|
8629
|
+
# Filters the returned results to only those for the specified Amazon
|
8630
|
+
# Web Services service. If not specified, then Amazon Web Services
|
8631
|
+
# returns service-specific credentials for all services.
|
8589
8632
|
#
|
8590
8633
|
# @return [Types::ListServiceSpecificCredentialsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
8591
8634
|
#
|
@@ -8626,11 +8669,11 @@ module Aws::IAM
|
|
8626
8669
|
# and `Marker` parameters.
|
8627
8670
|
#
|
8628
8671
|
# If the `UserName` field is not specified, the user name is determined
|
8629
|
-
# implicitly based on the
|
8630
|
-
# this operation. This operation works for access keys
|
8631
|
-
# account. Consequently, you can use this operation to manage
|
8632
|
-
# account root user credentials even if the
|
8633
|
-
#
|
8672
|
+
# implicitly based on the Amazon Web Services access key ID used to sign
|
8673
|
+
# the request for this operation. This operation works for access keys
|
8674
|
+
# under the account. Consequently, you can use this operation to manage
|
8675
|
+
# account root user credentials even if the account has no associated
|
8676
|
+
# users.
|
8634
8677
|
#
|
8635
8678
|
# @option params [String] :user_name
|
8636
8679
|
# The name of the IAM user whose signing certificates you want to
|
@@ -8808,10 +8851,10 @@ module Aws::IAM
|
|
8808
8851
|
# @option params [required, String] :user_name
|
8809
8852
|
# The name of the IAM user whose tags you want to see.
|
8810
8853
|
#
|
8811
|
-
# This parameter
|
8812
|
-
# characters
|
8854
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
8855
|
+
# characters consisting of upper and lowercase alphanumeric characters
|
8813
8856
|
# with no spaces. You can also include any of the following characters:
|
8814
|
-
#
|
8857
|
+
# \_+=,.@-
|
8815
8858
|
#
|
8816
8859
|
#
|
8817
8860
|
#
|
@@ -8824,16 +8867,15 @@ module Aws::IAM
|
|
8824
8867
|
# to indicate where the next call should start.
|
8825
8868
|
#
|
8826
8869
|
# @option params [Integer] :max_items
|
8827
|
-
#
|
8828
|
-
#
|
8829
|
-
#
|
8830
|
-
# response element is `true`.
|
8870
|
+
# Use this only when paginating results to indicate the maximum number
|
8871
|
+
# of items you want in the response. If additional items exist beyond
|
8872
|
+
# the maximum you specify, the `IsTruncated` response element is `true`.
|
8831
8873
|
#
|
8832
|
-
# If you do not include this parameter,
|
8833
|
-
# IAM might return fewer results, even when
|
8834
|
-
# In that case, the `IsTruncated` response
|
8835
|
-
# `Marker` contains a value to include in
|
8836
|
-
# the service where to continue from.
|
8874
|
+
# If you do not include this parameter, the number of items defaults to
|
8875
|
+
# 100. Note that IAM might return fewer results, even when there are
|
8876
|
+
# more results available. In that case, the `IsTruncated` response
|
8877
|
+
# element returns `true`, and `Marker` contains a value to include in
|
8878
|
+
# the subsequent call that tells the service where to continue from.
|
8837
8879
|
#
|
8838
8880
|
# @return [Types::ListUserTagsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
8839
8881
|
#
|
@@ -8893,8 +8935,8 @@ module Aws::IAM
|
|
8893
8935
|
end
|
8894
8936
|
|
8895
8937
|
# Lists the IAM users that have the specified path prefix. If no path
|
8896
|
-
# prefix is specified, the operation returns all users in the
|
8897
|
-
#
|
8938
|
+
# prefix is specified, the operation returns all users in the account.
|
8939
|
+
# If there are none, the operation returns an empty list.
|
8898
8940
|
#
|
8899
8941
|
# <note markdown="1"> IAM resource-listing operations return a subset of the available
|
8900
8942
|
# attributes for the resource. For example, this operation does not
|
@@ -9012,7 +9054,7 @@ module Aws::IAM
|
|
9012
9054
|
req.send_request(options)
|
9013
9055
|
end
|
9014
9056
|
|
9015
|
-
# Lists the virtual MFA devices defined in the
|
9057
|
+
# Lists the virtual MFA devices defined in the account by assignment
|
9016
9058
|
# status. If you do not specify an assignment status, the operation
|
9017
9059
|
# returns a list of all virtual MFA devices. Assignment status can be
|
9018
9060
|
# `Assigned`, `Unassigned`, or `Any`.
|
@@ -9171,10 +9213,10 @@ module Aws::IAM
|
|
9171
9213
|
# @option params [required, String] :policy_document
|
9172
9214
|
# The policy document.
|
9173
9215
|
#
|
9174
|
-
# You must provide policies in JSON format in IAM. However, for
|
9216
|
+
# You must provide policies in JSON format in IAM. However, for
|
9175
9217
|
# CloudFormation templates formatted in YAML, you can provide the policy
|
9176
|
-
# in JSON or YAML format.
|
9177
|
-
#
|
9218
|
+
# in JSON or YAML format. CloudFormation always converts a YAML policy
|
9219
|
+
# to JSON format before submitting it to = IAM.
|
9178
9220
|
#
|
9179
9221
|
# The [regex pattern][1] used to validate this parameter is a string of
|
9180
9222
|
# characters consisting of the following:
|
@@ -9223,11 +9265,11 @@ module Aws::IAM
|
|
9223
9265
|
end
|
9224
9266
|
|
9225
9267
|
# Adds or updates the policy that is specified as the IAM role's
|
9226
|
-
# permissions boundary. You can use an
|
9227
|
-
# managed policy to set the boundary for a role.
|
9228
|
-
# control the maximum permissions that the role can
|
9229
|
-
# permissions boundary is an advanced feature that can
|
9230
|
-
# permissions for the role.
|
9268
|
+
# permissions boundary. You can use an Amazon Web Services managed
|
9269
|
+
# policy or a customer managed policy to set the boundary for a role.
|
9270
|
+
# Use the boundary to control the maximum permissions that the role can
|
9271
|
+
# have. Setting a permissions boundary is an advanced feature that can
|
9272
|
+
# affect the permissions for the role.
|
9231
9273
|
#
|
9232
9274
|
# You cannot set the boundary for a service-linked role.
|
9233
9275
|
#
|
@@ -9326,10 +9368,10 @@ module Aws::IAM
|
|
9326
9368
|
# @option params [required, String] :policy_document
|
9327
9369
|
# The policy document.
|
9328
9370
|
#
|
9329
|
-
# You must provide policies in JSON format in IAM. However, for
|
9371
|
+
# You must provide policies in JSON format in IAM. However, for
|
9330
9372
|
# CloudFormation templates formatted in YAML, you can provide the policy
|
9331
|
-
# in JSON or YAML format.
|
9332
|
-
#
|
9373
|
+
# in JSON or YAML format. CloudFormation always converts a YAML policy
|
9374
|
+
# to JSON format before submitting it to IAM.
|
9333
9375
|
#
|
9334
9376
|
# The [regex pattern][1] used to validate this parameter is a string of
|
9335
9377
|
# characters consisting of the following:
|
@@ -9378,11 +9420,11 @@ module Aws::IAM
|
|
9378
9420
|
end
|
9379
9421
|
|
9380
9422
|
# Adds or updates the policy that is specified as the IAM user's
|
9381
|
-
# permissions boundary. You can use an
|
9382
|
-
# managed policy to set the boundary for a user.
|
9383
|
-
# control the maximum permissions that the user can
|
9384
|
-
# permissions boundary is an advanced feature that can
|
9385
|
-
# permissions for the user.
|
9423
|
+
# permissions boundary. You can use an Amazon Web Services managed
|
9424
|
+
# policy or a customer managed policy to set the boundary for a user.
|
9425
|
+
# Use the boundary to control the maximum permissions that the user can
|
9426
|
+
# have. Setting a permissions boundary is an advanced feature that can
|
9427
|
+
# affect the permissions for the user.
|
9386
9428
|
#
|
9387
9429
|
# Policies that are used as permissions boundaries do not provide
|
9388
9430
|
# permissions. You must also attach a permissions policy to the user. To
|
@@ -9471,10 +9513,10 @@ module Aws::IAM
|
|
9471
9513
|
# @option params [required, String] :policy_document
|
9472
9514
|
# The policy document.
|
9473
9515
|
#
|
9474
|
-
# You must provide policies in JSON format in IAM. However, for
|
9516
|
+
# You must provide policies in JSON format in IAM. However, for
|
9475
9517
|
# CloudFormation templates formatted in YAML, you can provide the policy
|
9476
|
-
# in JSON or YAML format.
|
9477
|
-
#
|
9518
|
+
# in JSON or YAML format. CloudFormation always converts a YAML policy
|
9519
|
+
# to JSON format before submitting it to IAM.
|
9478
9520
|
#
|
9479
9521
|
# The [regex pattern][1] used to validate this parameter is a string of
|
9480
9522
|
# characters consisting of the following:
|
@@ -9535,7 +9577,7 @@ module Aws::IAM
|
|
9535
9577
|
# using the ListOpenIDConnectProviders operation.
|
9536
9578
|
#
|
9537
9579
|
# For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
|
9538
|
-
# in the *
|
9580
|
+
# in the *Amazon Web Services General Reference*.
|
9539
9581
|
#
|
9540
9582
|
#
|
9541
9583
|
#
|
@@ -9688,9 +9730,10 @@ module Aws::IAM
|
|
9688
9730
|
end
|
9689
9731
|
|
9690
9732
|
# Resets the password for a service-specific credential. The new
|
9691
|
-
# password is
|
9692
|
-
# configured by the user. Resetting the password
|
9693
|
-
# the previous password associated with this
|
9733
|
+
# password is Amazon Web Services generated and cryptographically
|
9734
|
+
# strong. It cannot be configured by the user. Resetting the password
|
9735
|
+
# immediately invalidates the previous password associated with this
|
9736
|
+
# user.
|
9694
9737
|
#
|
9695
9738
|
# @option params [String] :user_name
|
9696
9739
|
# The name of the IAM user associated with the service-specific
|
@@ -9748,7 +9791,7 @@ module Aws::IAM
|
|
9748
9791
|
end
|
9749
9792
|
|
9750
9793
|
# Synchronizes the specified MFA device with its IAM resource object on
|
9751
|
-
# the
|
9794
|
+
# the Amazon Web Services servers.
|
9752
9795
|
#
|
9753
9796
|
# For more information about creating and working with virtual MFA
|
9754
9797
|
# devices, see [Using a virtual MFA device][1] in the *IAM User Guide*.
|
@@ -9830,7 +9873,7 @@ module Aws::IAM
|
|
9830
9873
|
# you want to set.
|
9831
9874
|
#
|
9832
9875
|
# For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
|
9833
|
-
# in the *
|
9876
|
+
# in the *Amazon Web Services General Reference*.
|
9834
9877
|
#
|
9835
9878
|
#
|
9836
9879
|
#
|
@@ -9865,25 +9908,25 @@ module Aws::IAM
|
|
9865
9908
|
end
|
9866
9909
|
|
9867
9910
|
# Sets the specified version of the global endpoint token as the token
|
9868
|
-
# version used for the
|
9911
|
+
# version used for the account.
|
9869
9912
|
#
|
9870
|
-
# By default,
|
9913
|
+
# By default, Security Token Service (STS) is available as a global
|
9871
9914
|
# service, and all STS requests go to a single endpoint at
|
9872
|
-
# `https://sts.amazonaws.com`.
|
9873
|
-
# endpoints to reduce latency, build in redundancy, and
|
9874
|
-
# token availability. For information about Regional
|
9875
|
-
# see [
|
9876
|
-
# *
|
9915
|
+
# `https://sts.amazonaws.com`. Amazon Web Services recommends using
|
9916
|
+
# Regional STS endpoints to reduce latency, build in redundancy, and
|
9917
|
+
# increase session token availability. For information about Regional
|
9918
|
+
# endpoints for STS, see [Security Token Service endpoints and
|
9919
|
+
# quotas][1] in the *Amazon Web Services General Reference*.
|
9877
9920
|
#
|
9878
9921
|
# If you make an STS call to the global endpoint, the resulting session
|
9879
9922
|
# tokens might be valid in some Regions but not others. It depends on
|
9880
9923
|
# the version that is set in this operation. Version 1 tokens are valid
|
9881
|
-
# only in
|
9924
|
+
# only in Regions that are available by default. These tokens do not
|
9882
9925
|
# work in manually enabled Regions, such as Asia Pacific (Hong Kong).
|
9883
9926
|
# Version 2 tokens are valid in all Regions. However, version 2 tokens
|
9884
9927
|
# are longer and might affect systems where you temporarily store
|
9885
9928
|
# tokens. For information, see [Activating and deactivating STS in an
|
9886
|
-
#
|
9929
|
+
# Region][2] in the *IAM User Guide*.
|
9887
9930
|
#
|
9888
9931
|
# To view the current session token version, see the
|
9889
9932
|
# `GlobalEndpointTokenVersion` entry in the response of the
|
@@ -9896,14 +9939,14 @@ module Aws::IAM
|
|
9896
9939
|
#
|
9897
9940
|
# @option params [required, String] :global_endpoint_token_version
|
9898
9941
|
# The version of the global endpoint token. Version 1 tokens are valid
|
9899
|
-
# only in
|
9942
|
+
# only in Regions that are available by default. These tokens do not
|
9900
9943
|
# work in manually enabled Regions, such as Asia Pacific (Hong Kong).
|
9901
9944
|
# Version 2 tokens are valid in all Regions. However, version 2 tokens
|
9902
9945
|
# are longer and might affect systems where you temporarily store
|
9903
9946
|
# tokens.
|
9904
9947
|
#
|
9905
|
-
# For information, see [Activating and deactivating STS in an
|
9906
|
-
#
|
9948
|
+
# For information, see [Activating and deactivating STS in an Region][1]
|
9949
|
+
# in the *IAM User Guide*.
|
9907
9950
|
#
|
9908
9951
|
#
|
9909
9952
|
#
|
@@ -9936,9 +9979,9 @@ module Aws::IAM
|
|
9936
9979
|
end
|
9937
9980
|
|
9938
9981
|
# Simulate how a set of IAM policies and optionally a resource-based
|
9939
|
-
# policy works with a list of API operations and
|
9940
|
-
# determine the policies' effective permissions. The
|
9941
|
-
# provided as strings.
|
9982
|
+
# policy works with a list of API operations and Amazon Web Services
|
9983
|
+
# resources to determine the policies' effective permissions. The
|
9984
|
+
# policies are provided as strings.
|
9942
9985
|
#
|
9943
9986
|
# The simulation does not perform the API operations; it only checks the
|
9944
9987
|
# authorization to determine if the simulated policies allow or deny the
|
@@ -9948,11 +9991,12 @@ module Aws::IAM
|
|
9948
9991
|
# If you want to simulate existing policies that are attached to an IAM
|
9949
9992
|
# user, group, or role, use SimulatePrincipalPolicy instead.
|
9950
9993
|
#
|
9951
|
-
# Context keys are variables that are maintained by
|
9952
|
-
# and which provide details about the context of an API
|
9953
|
-
# You can use the `Condition` element of an IAM policy to
|
9954
|
-
# context keys. To get the list of context keys that the
|
9955
|
-
# require for correct simulation, use
|
9994
|
+
# Context keys are variables that are maintained by Amazon Web Services
|
9995
|
+
# and its services and which provide details about the context of an API
|
9996
|
+
# query request. You can use the `Condition` element of an IAM policy to
|
9997
|
+
# evaluate context keys. To get the list of context keys that the
|
9998
|
+
# policies require for correct simulation, use
|
9999
|
+
# GetContextKeysForCustomPolicy.
|
9956
10000
|
#
|
9957
10001
|
# If the output is long, you can use `MaxItems` and `Marker` parameters
|
9958
10002
|
# to paginate the results.
|
@@ -9976,7 +10020,12 @@ module Aws::IAM
|
|
9976
10020
|
# In other words, do not use policies designed to restrict what a user
|
9977
10021
|
# can do while using the temporary credentials.
|
9978
10022
|
#
|
9979
|
-
# The
|
10023
|
+
# The maximum length of the policy document that you can pass in this
|
10024
|
+
# operation, including whitespace, is listed below. To view the maximum
|
10025
|
+
# character counts of a managed policy with no whitespaces, see [IAM and
|
10026
|
+
# STS character quotas][3].
|
10027
|
+
#
|
10028
|
+
# The [regex pattern][4] used to validate this parameter is a string of
|
9980
10029
|
# characters consisting of the following:
|
9981
10030
|
#
|
9982
10031
|
# * Any printable ASCII character ranging from the space character
|
@@ -9992,7 +10041,8 @@ module Aws::IAM
|
|
9992
10041
|
#
|
9993
10042
|
# [1]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetFederationToken.html
|
9994
10043
|
# [2]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_AssumeRole.html
|
9995
|
-
# [3]:
|
10044
|
+
# [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length
|
10045
|
+
# [4]: http://wikipedia.org/wiki/regex
|
9996
10046
|
#
|
9997
10047
|
# @option params [Array<String>] :permissions_boundary_policy_input_list
|
9998
10048
|
# The IAM permissions boundary policy to simulate. The permissions
|
@@ -10003,7 +10053,12 @@ module Aws::IAM
|
|
10003
10053
|
# The policy input is specified as a string that contains the complete,
|
10004
10054
|
# valid JSON text of a permissions boundary policy.
|
10005
10055
|
#
|
10006
|
-
# The
|
10056
|
+
# The maximum length of the policy document that you can pass in this
|
10057
|
+
# operation, including whitespace, is listed below. To view the maximum
|
10058
|
+
# character counts of a managed policy with no whitespaces, see [IAM and
|
10059
|
+
# STS character quotas][2].
|
10060
|
+
#
|
10061
|
+
# The [regex pattern][3] used to validate this parameter is a string of
|
10007
10062
|
# characters consisting of the following:
|
10008
10063
|
#
|
10009
10064
|
# * Any printable ASCII character ranging from the space character
|
@@ -10018,7 +10073,8 @@ module Aws::IAM
|
|
10018
10073
|
#
|
10019
10074
|
#
|
10020
10075
|
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html
|
10021
|
-
# [2]:
|
10076
|
+
# [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length
|
10077
|
+
# [3]: http://wikipedia.org/wiki/regex
|
10022
10078
|
#
|
10023
10079
|
# @option params [required, Array<String>] :action_names
|
10024
10080
|
# A list of names of API operations to evaluate in the simulation. Each
|
@@ -10027,13 +10083,13 @@ module Aws::IAM
|
|
10027
10083
|
# operation does not support using wildcards (*) in an action name.
|
10028
10084
|
#
|
10029
10085
|
# @option params [Array<String>] :resource_arns
|
10030
|
-
# A list of ARNs of
|
10031
|
-
# parameter is not provided, then the value defaults
|
10032
|
-
# resources). Each API in the `ActionNames` parameter is
|
10033
|
-
# each resource in this list. The simulation determines
|
10034
|
-
# result (allowed or denied) of each combination and reports
|
10035
|
-
# response. You can simulate resources that don't exist in
|
10036
|
-
# account.
|
10086
|
+
# A list of ARNs of Amazon Web Services resources to include in the
|
10087
|
+
# simulation. If this parameter is not provided, then the value defaults
|
10088
|
+
# to `*` (all resources). Each API in the `ActionNames` parameter is
|
10089
|
+
# evaluated for each resource in this list. The simulation determines
|
10090
|
+
# the access result (allowed or denied) of each combination and reports
|
10091
|
+
# it in the response. You can simulate resources that don't exist in
|
10092
|
+
# your account.
|
10037
10093
|
#
|
10038
10094
|
# The simulation does not automatically retrieve policies for the
|
10039
10095
|
# specified resources. If you want to include a resource policy in the
|
@@ -10045,7 +10101,7 @@ module Aws::IAM
|
|
10045
10101
|
# input error.
|
10046
10102
|
#
|
10047
10103
|
# For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
|
10048
|
-
# in the *
|
10104
|
+
# in the *Amazon Web Services General Reference*.
|
10049
10105
|
#
|
10050
10106
|
#
|
10051
10107
|
#
|
@@ -10057,7 +10113,12 @@ module Aws::IAM
|
|
10057
10113
|
# policy attached. You can include only one resource-based policy in a
|
10058
10114
|
# simulation.
|
10059
10115
|
#
|
10060
|
-
# The
|
10116
|
+
# The maximum length of the policy document that you can pass in this
|
10117
|
+
# operation, including whitespace, is listed below. To view the maximum
|
10118
|
+
# character counts of a managed policy with no whitespaces, see [IAM and
|
10119
|
+
# STS character quotas][1].
|
10120
|
+
#
|
10121
|
+
# The [regex pattern][2] used to validate this parameter is a string of
|
10061
10122
|
# characters consisting of the following:
|
10062
10123
|
#
|
10063
10124
|
# * Any printable ASCII character ranging from the space character
|
@@ -10071,10 +10132,11 @@ module Aws::IAM
|
|
10071
10132
|
#
|
10072
10133
|
#
|
10073
10134
|
#
|
10074
|
-
# [1]:
|
10135
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length
|
10136
|
+
# [2]: http://wikipedia.org/wiki/regex
|
10075
10137
|
#
|
10076
10138
|
# @option params [String] :resource_owner
|
10077
|
-
# An ARN representing the
|
10139
|
+
# An ARN representing the account ID that specifies the owner of any
|
10078
10140
|
# simulated resource that does not identify its owner in the resource
|
10079
10141
|
# ARN. Examples of resource ARNs include an S3 bucket or object. If
|
10080
10142
|
# `ResourceOwner` is specified, it is also used as the account owner of
|
@@ -10245,11 +10307,11 @@ module Aws::IAM
|
|
10245
10307
|
end
|
10246
10308
|
|
10247
10309
|
# Simulate how a set of IAM policies attached to an IAM entity works
|
10248
|
-
# with a list of API operations and
|
10249
|
-
# policies' effective permissions. The entity can be an
|
10250
|
-
# group, or role. If you specify a user, then the simulation
|
10251
|
-
# includes all of the policies that are attached to groups that the
|
10252
|
-
# belongs to. You can simulate resources that don't exist in your
|
10310
|
+
# with a list of API operations and Amazon Web Services resources to
|
10311
|
+
# determine the policies' effective permissions. The entity can be an
|
10312
|
+
# IAM user, group, or role. If you specify a user, then the simulation
|
10313
|
+
# also includes all of the policies that are attached to groups that the
|
10314
|
+
# user belongs to. You can simulate resources that don't exist in your
|
10253
10315
|
# account.
|
10254
10316
|
#
|
10255
10317
|
# You can optionally include a list of one or more additional policies
|
@@ -10269,11 +10331,12 @@ module Aws::IAM
|
|
10269
10331
|
# permissions, then consider allowing them to use SimulateCustomPolicy
|
10270
10332
|
# instead.
|
10271
10333
|
#
|
10272
|
-
# Context keys are variables maintained by
|
10273
|
-
# provide details about the context of an API query
|
10274
|
-
# the `Condition` element of an IAM policy to
|
10275
|
-
# get the list of context keys that the
|
10276
|
-
# simulation, use
|
10334
|
+
# Context keys are variables maintained by Amazon Web Services and its
|
10335
|
+
# services that provide details about the context of an API query
|
10336
|
+
# request. You can use the `Condition` element of an IAM policy to
|
10337
|
+
# evaluate context keys. To get the list of context keys that the
|
10338
|
+
# policies require for correct simulation, use
|
10339
|
+
# GetContextKeysForPrincipalPolicy.
|
10277
10340
|
#
|
10278
10341
|
# If the output is long, you can use the `MaxItems` and `Marker`
|
10279
10342
|
# parameters to paginate the results.
|
@@ -10294,12 +10357,18 @@ module Aws::IAM
|
|
10294
10357
|
# also includes all policies that are attached to any groups the user
|
10295
10358
|
# belongs to.
|
10296
10359
|
#
|
10297
|
-
#
|
10298
|
-
#
|
10360
|
+
# The maximum length of the policy document that you can pass in this
|
10361
|
+
# operation, including whitespace, is listed below. To view the maximum
|
10362
|
+
# character counts of a managed policy with no whitespaces, see [IAM and
|
10363
|
+
# STS character quotas][1].
|
10299
10364
|
#
|
10365
|
+
# For more information about ARNs, see [Amazon Resource Names (ARNs)][2]
|
10366
|
+
# in the *Amazon Web Services General Reference*.
|
10300
10367
|
#
|
10301
10368
|
#
|
10302
|
-
#
|
10369
|
+
#
|
10370
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length
|
10371
|
+
# [2]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
|
10303
10372
|
#
|
10304
10373
|
# @option params [Array<String>] :policy_input_list
|
10305
10374
|
# An optional list of additional policy documents to include in the
|
@@ -10335,7 +10404,12 @@ module Aws::IAM
|
|
10335
10404
|
# Guide*. The policy input is specified as a string containing the
|
10336
10405
|
# complete, valid JSON text of a permissions boundary policy.
|
10337
10406
|
#
|
10338
|
-
# The
|
10407
|
+
# The maximum length of the policy document that you can pass in this
|
10408
|
+
# operation, including whitespace, is listed below. To view the maximum
|
10409
|
+
# character counts of a managed policy with no whitespaces, see [IAM and
|
10410
|
+
# STS character quotas][2].
|
10411
|
+
#
|
10412
|
+
# The [regex pattern][3] used to validate this parameter is a string of
|
10339
10413
|
# characters consisting of the following:
|
10340
10414
|
#
|
10341
10415
|
# * Any printable ASCII character ranging from the space character
|
@@ -10350,7 +10424,8 @@ module Aws::IAM
|
|
10350
10424
|
#
|
10351
10425
|
#
|
10352
10426
|
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html
|
10353
|
-
# [2]:
|
10427
|
+
# [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length
|
10428
|
+
# [3]: http://wikipedia.org/wiki/regex
|
10354
10429
|
#
|
10355
10430
|
# @option params [required, Array<String>] :action_names
|
10356
10431
|
# A list of names of API operations to evaluate in the simulation. Each
|
@@ -10358,13 +10433,13 @@ module Aws::IAM
|
|
10358
10433
|
# the service identifier, such as `iam:CreateUser`.
|
10359
10434
|
#
|
10360
10435
|
# @option params [Array<String>] :resource_arns
|
10361
|
-
# A list of ARNs of
|
10362
|
-
# parameter is not provided, then the value defaults
|
10363
|
-
# resources). Each API in the `ActionNames` parameter is
|
10364
|
-
# each resource in this list. The simulation determines
|
10365
|
-
# result (allowed or denied) of each combination and reports
|
10366
|
-
# response. You can simulate resources that don't exist in
|
10367
|
-
# account.
|
10436
|
+
# A list of ARNs of Amazon Web Services resources to include in the
|
10437
|
+
# simulation. If this parameter is not provided, then the value defaults
|
10438
|
+
# to `*` (all resources). Each API in the `ActionNames` parameter is
|
10439
|
+
# evaluated for each resource in this list. The simulation determines
|
10440
|
+
# the access result (allowed or denied) of each combination and reports
|
10441
|
+
# it in the response. You can simulate resources that don't exist in
|
10442
|
+
# your account.
|
10368
10443
|
#
|
10369
10444
|
# The simulation does not automatically retrieve policies for the
|
10370
10445
|
# specified resources. If you want to include a resource policy in the
|
@@ -10372,7 +10447,7 @@ module Aws::IAM
|
|
10372
10447
|
# `ResourcePolicy` parameter.
|
10373
10448
|
#
|
10374
10449
|
# For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
|
10375
|
-
# in the *
|
10450
|
+
# in the *Amazon Web Services General Reference*.
|
10376
10451
|
#
|
10377
10452
|
#
|
10378
10453
|
#
|
@@ -10384,7 +10459,12 @@ module Aws::IAM
|
|
10384
10459
|
# policy attached. You can include only one resource-based policy in a
|
10385
10460
|
# simulation.
|
10386
10461
|
#
|
10387
|
-
# The
|
10462
|
+
# The maximum length of the policy document that you can pass in this
|
10463
|
+
# operation, including whitespace, is listed below. To view the maximum
|
10464
|
+
# character counts of a managed policy with no whitespaces, see [IAM and
|
10465
|
+
# STS character quotas][1].
|
10466
|
+
#
|
10467
|
+
# The [regex pattern][2] used to validate this parameter is a string of
|
10388
10468
|
# characters consisting of the following:
|
10389
10469
|
#
|
10390
10470
|
# * Any printable ASCII character ranging from the space character
|
@@ -10398,19 +10478,20 @@ module Aws::IAM
|
|
10398
10478
|
#
|
10399
10479
|
#
|
10400
10480
|
#
|
10401
|
-
# [1]:
|
10481
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length
|
10482
|
+
# [2]: http://wikipedia.org/wiki/regex
|
10402
10483
|
#
|
10403
10484
|
# @option params [String] :resource_owner
|
10404
|
-
# An
|
10405
|
-
#
|
10406
|
-
#
|
10407
|
-
#
|
10408
|
-
#
|
10409
|
-
#
|
10410
|
-
#
|
10411
|
-
#
|
10412
|
-
# resource
|
10413
|
-
#
|
10485
|
+
# An account ID that specifies the owner of any simulated resource that
|
10486
|
+
# does not identify its owner in the resource ARN. Examples of resource
|
10487
|
+
# ARNs include an S3 bucket or object. If `ResourceOwner` is specified,
|
10488
|
+
# it is also used as the account owner of any `ResourcePolicy` included
|
10489
|
+
# in the simulation. If the `ResourceOwner` parameter is not specified,
|
10490
|
+
# then the owner of the resources and the resource policy defaults to
|
10491
|
+
# the account of the identity provided in `CallerArn`. This parameter is
|
10492
|
+
# required only if you specify a resource-based policy and account that
|
10493
|
+
# owns the resource is different from the account that owns the
|
10494
|
+
# simulated calling user `CallerArn`.
|
10414
10495
|
#
|
10415
10496
|
# @option params [String] :caller_arn
|
10416
10497
|
# The ARN of the IAM user that you want to specify as the simulated
|
@@ -10431,7 +10512,7 @@ module Aws::IAM
|
|
10431
10512
|
# use in evaluating the policy.
|
10432
10513
|
#
|
10433
10514
|
# For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
|
10434
|
-
# in the *
|
10515
|
+
# in the *Amazon Web Services General Reference*.
|
10435
10516
|
#
|
10436
10517
|
#
|
10437
10518
|
#
|
@@ -10606,9 +10687,10 @@ module Aws::IAM
|
|
10606
10687
|
# resource is not created. For more information about tagging, see
|
10607
10688
|
# [Tagging IAM resources][2] in the *IAM User Guide*.
|
10608
10689
|
#
|
10609
|
-
# *
|
10610
|
-
# need to store an array, you can store comma-separated
|
10611
|
-
# string. However, you must interpret the value in your
|
10690
|
+
# * Amazon Web Services always interprets the tag `Value` as a single
|
10691
|
+
# string. If you need to store an array, you can store comma-separated
|
10692
|
+
# values in the string. However, you must interpret the value in your
|
10693
|
+
# code.
|
10612
10694
|
#
|
10613
10695
|
# </note>
|
10614
10696
|
#
|
@@ -10620,10 +10702,10 @@ module Aws::IAM
|
|
10620
10702
|
# @option params [required, String] :instance_profile_name
|
10621
10703
|
# The name of the IAM instance profile to which you want to add tags.
|
10622
10704
|
#
|
10623
|
-
# This parameter
|
10624
|
-
# characters
|
10705
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
10706
|
+
# characters consisting of upper and lowercase alphanumeric characters
|
10625
10707
|
# with no spaces. You can also include any of the following characters:
|
10626
|
-
#
|
10708
|
+
# \_+=,.@-
|
10627
10709
|
#
|
10628
10710
|
#
|
10629
10711
|
#
|
@@ -10680,9 +10762,10 @@ module Aws::IAM
|
|
10680
10762
|
# resource is not created. For more information about tagging, see
|
10681
10763
|
# [Tagging IAM resources][2] in the *IAM User Guide*.
|
10682
10764
|
#
|
10683
|
-
# *
|
10684
|
-
# need to store an array, you can store comma-separated
|
10685
|
-
# string. However, you must interpret the value in your
|
10765
|
+
# * Amazon Web Services always interprets the tag `Value` as a single
|
10766
|
+
# string. If you need to store an array, you can store comma-separated
|
10767
|
+
# values in the string. However, you must interpret the value in your
|
10768
|
+
# code.
|
10686
10769
|
#
|
10687
10770
|
# </note>
|
10688
10771
|
#
|
@@ -10696,10 +10779,10 @@ module Aws::IAM
|
|
10696
10779
|
# to add tags. For virtual MFA devices, the serial number is the same as
|
10697
10780
|
# the ARN.
|
10698
10781
|
#
|
10699
|
-
# This parameter
|
10700
|
-
# characters
|
10782
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
10783
|
+
# characters consisting of upper and lowercase alphanumeric characters
|
10701
10784
|
# with no spaces. You can also include any of the following characters:
|
10702
|
-
#
|
10785
|
+
# \_+=,.@-
|
10703
10786
|
#
|
10704
10787
|
#
|
10705
10788
|
#
|
@@ -10757,9 +10840,10 @@ module Aws::IAM
|
|
10757
10840
|
# resource is not created. For more information about tagging, see
|
10758
10841
|
# [Tagging IAM resources][3] in the *IAM User Guide*.
|
10759
10842
|
#
|
10760
|
-
# *
|
10761
|
-
# need to store an array, you can store comma-separated
|
10762
|
-
# string. However, you must interpret the value in your
|
10843
|
+
# * Amazon Web Services always interprets the tag `Value` as a single
|
10844
|
+
# string. If you need to store an array, you can store comma-separated
|
10845
|
+
# values in the string. However, you must interpret the value in your
|
10846
|
+
# code.
|
10763
10847
|
#
|
10764
10848
|
# </note>
|
10765
10849
|
#
|
@@ -10773,10 +10857,10 @@ module Aws::IAM
|
|
10773
10857
|
# The ARN of the OIDC identity provider in IAM to which you want to add
|
10774
10858
|
# tags.
|
10775
10859
|
#
|
10776
|
-
# This parameter
|
10777
|
-
# characters
|
10860
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
10861
|
+
# characters consisting of upper and lowercase alphanumeric characters
|
10778
10862
|
# with no spaces. You can also include any of the following characters:
|
10779
|
-
#
|
10863
|
+
# \_+=,.@-
|
10780
10864
|
#
|
10781
10865
|
#
|
10782
10866
|
#
|
@@ -10834,9 +10918,10 @@ module Aws::IAM
|
|
10834
10918
|
# resource is not created. For more information about tagging, see
|
10835
10919
|
# [Tagging IAM resources][2] in the *IAM User Guide*.
|
10836
10920
|
#
|
10837
|
-
# *
|
10838
|
-
# need to store an array, you can store comma-separated
|
10839
|
-
# string. However, you must interpret the value in your
|
10921
|
+
# * Amazon Web Services always interprets the tag `Value` as a single
|
10922
|
+
# string. If you need to store an array, you can store comma-separated
|
10923
|
+
# values in the string. However, you must interpret the value in your
|
10924
|
+
# code.
|
10840
10925
|
#
|
10841
10926
|
# </note>
|
10842
10927
|
#
|
@@ -10849,10 +10934,10 @@ module Aws::IAM
|
|
10849
10934
|
# The ARN of the IAM customer managed policy to which you want to add
|
10850
10935
|
# tags.
|
10851
10936
|
#
|
10852
|
-
# This parameter
|
10853
|
-
# characters
|
10937
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
10938
|
+
# characters consisting of upper and lowercase alphanumeric characters
|
10854
10939
|
# with no spaces. You can also include any of the following characters:
|
10855
|
-
#
|
10940
|
+
# \_+=,.@-
|
10856
10941
|
#
|
10857
10942
|
#
|
10858
10943
|
#
|
@@ -10906,16 +10991,17 @@ module Aws::IAM
|
|
10906
10991
|
# see [Control access using IAM tags][1] in the *IAM User Guide*.
|
10907
10992
|
#
|
10908
10993
|
# * **Cost allocation** - Use tags to help track which individuals and
|
10909
|
-
# teams are using which
|
10994
|
+
# teams are using which Amazon Web Services resources.
|
10910
10995
|
#
|
10911
10996
|
# <note markdown="1"> * If any one of the tags is invalid or if you exceed the allowed
|
10912
10997
|
# maximum number of tags, then the entire request fails and the
|
10913
10998
|
# resource is not created. For more information about tagging, see
|
10914
10999
|
# [Tagging IAM resources][2] in the *IAM User Guide*.
|
10915
11000
|
#
|
10916
|
-
# *
|
10917
|
-
# need to store an array, you can store comma-separated
|
10918
|
-
# string. However, you must interpret the value in your
|
11001
|
+
# * Amazon Web Services always interprets the tag `Value` as a single
|
11002
|
+
# string. If you need to store an array, you can store comma-separated
|
11003
|
+
# values in the string. However, you must interpret the value in your
|
11004
|
+
# code.
|
10919
11005
|
#
|
10920
11006
|
# </note>
|
10921
11007
|
#
|
@@ -11010,9 +11096,10 @@ module Aws::IAM
|
|
11010
11096
|
# resource is not created. For more information about tagging, see
|
11011
11097
|
# [Tagging IAM resources][3] in the *IAM User Guide*.
|
11012
11098
|
#
|
11013
|
-
# *
|
11014
|
-
# need to store an array, you can store comma-separated
|
11015
|
-
# string. However, you must interpret the value in your
|
11099
|
+
# * Amazon Web Services always interprets the tag `Value` as a single
|
11100
|
+
# string. If you need to store an array, you can store comma-separated
|
11101
|
+
# values in the string. However, you must interpret the value in your
|
11102
|
+
# code.
|
11016
11103
|
#
|
11017
11104
|
# </note>
|
11018
11105
|
#
|
@@ -11026,10 +11113,10 @@ module Aws::IAM
|
|
11026
11113
|
# The ARN of the SAML identity provider in IAM to which you want to add
|
11027
11114
|
# tags.
|
11028
11115
|
#
|
11029
|
-
# This parameter
|
11030
|
-
# characters
|
11116
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
11117
|
+
# characters consisting of upper and lowercase alphanumeric characters
|
11031
11118
|
# with no spaces. You can also include any of the following characters:
|
11032
|
-
#
|
11119
|
+
# \_+=,.@-
|
11033
11120
|
#
|
11034
11121
|
#
|
11035
11122
|
#
|
@@ -11066,11 +11153,11 @@ module Aws::IAM
|
|
11066
11153
|
# same key name already exists, then that tag is overwritten with the
|
11067
11154
|
# new value.
|
11068
11155
|
#
|
11069
|
-
# <note markdown="1"> For certificates in a Region supported by
|
11070
|
-
#
|
11071
|
-
#
|
11072
|
-
#
|
11073
|
-
#
|
11156
|
+
# <note markdown="1"> For certificates in a Region supported by Certificate Manager (ACM),
|
11157
|
+
# we recommend that you don't use IAM server certificates. Instead, use
|
11158
|
+
# ACM to provision, manage, and deploy your server certificates. For
|
11159
|
+
# more information about IAM server certificates, [Working with server
|
11160
|
+
# certificates][1] in the *IAM User Guide*.
|
11074
11161
|
#
|
11075
11162
|
# </note>
|
11076
11163
|
#
|
@@ -11090,16 +11177,17 @@ module Aws::IAM
|
|
11090
11177
|
# [Control access using IAM tags][2] in the *IAM User Guide*.
|
11091
11178
|
#
|
11092
11179
|
# * **Cost allocation** - Use tags to help track which individuals and
|
11093
|
-
# teams are using which
|
11180
|
+
# teams are using which Amazon Web Services resources.
|
11094
11181
|
#
|
11095
11182
|
# <note markdown="1"> * If any one of the tags is invalid or if you exceed the allowed
|
11096
11183
|
# maximum number of tags, then the entire request fails and the
|
11097
11184
|
# resource is not created. For more information about tagging, see
|
11098
11185
|
# [Tagging IAM resources][3] in the *IAM User Guide*.
|
11099
11186
|
#
|
11100
|
-
# *
|
11101
|
-
# need to store an array, you can store comma-separated
|
11102
|
-
# string. However, you must interpret the value in your
|
11187
|
+
# * Amazon Web Services always interprets the tag `Value` as a single
|
11188
|
+
# string. If you need to store an array, you can store comma-separated
|
11189
|
+
# values in the string. However, you must interpret the value in your
|
11190
|
+
# code.
|
11103
11191
|
#
|
11104
11192
|
# </note>
|
11105
11193
|
#
|
@@ -11112,10 +11200,10 @@ module Aws::IAM
|
|
11112
11200
|
# @option params [required, String] :server_certificate_name
|
11113
11201
|
# The name of the IAM server certificate to which you want to add tags.
|
11114
11202
|
#
|
11115
|
-
# This parameter
|
11116
|
-
# characters
|
11203
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
11204
|
+
# characters consisting of upper and lowercase alphanumeric characters
|
11117
11205
|
# with no spaces. You can also include any of the following characters:
|
11118
|
-
#
|
11206
|
+
# \_+=,.@-
|
11119
11207
|
#
|
11120
11208
|
#
|
11121
11209
|
#
|
@@ -11169,16 +11257,17 @@ module Aws::IAM
|
|
11169
11257
|
# User Guide*.
|
11170
11258
|
#
|
11171
11259
|
# * **Cost allocation** - Use tags to help track which individuals and
|
11172
|
-
# teams are using which
|
11260
|
+
# teams are using which Amazon Web Services resources.
|
11173
11261
|
#
|
11174
11262
|
# <note markdown="1"> * If any one of the tags is invalid or if you exceed the allowed
|
11175
11263
|
# maximum number of tags, then the entire request fails and the
|
11176
11264
|
# resource is not created. For more information about tagging, see
|
11177
11265
|
# [Tagging IAM resources][2] in the *IAM User Guide*.
|
11178
11266
|
#
|
11179
|
-
# *
|
11180
|
-
# need to store an array, you can store comma-separated
|
11181
|
-
# string. However, you must interpret the value in your
|
11267
|
+
# * Amazon Web Services always interprets the tag `Value` as a single
|
11268
|
+
# string. If you need to store an array, you can store comma-separated
|
11269
|
+
# values in the string. However, you must interpret the value in your
|
11270
|
+
# code.
|
11182
11271
|
#
|
11183
11272
|
# </note>
|
11184
11273
|
#
|
@@ -11193,10 +11282,10 @@ module Aws::IAM
|
|
11193
11282
|
# @option params [required, String] :user_name
|
11194
11283
|
# The name of the IAM user to which you want to add tags.
|
11195
11284
|
#
|
11196
|
-
# This parameter
|
11197
|
-
# characters
|
11285
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
11286
|
+
# characters consisting of upper and lowercase alphanumeric characters
|
11198
11287
|
# with no spaces. You can also include any of the following characters:
|
11199
|
-
#
|
11288
|
+
# \_+=,.@-
|
11200
11289
|
#
|
11201
11290
|
#
|
11202
11291
|
#
|
@@ -11260,10 +11349,10 @@ module Aws::IAM
|
|
11260
11349
|
# The name of the IAM instance profile from which you want to remove
|
11261
11350
|
# tags.
|
11262
11351
|
#
|
11263
|
-
# This parameter
|
11264
|
-
# characters
|
11352
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
11353
|
+
# characters consisting of upper and lowercase alphanumeric characters
|
11265
11354
|
# with no spaces. You can also include any of the following characters:
|
11266
|
-
#
|
11355
|
+
# \_+=,.@-
|
11267
11356
|
#
|
11268
11357
|
#
|
11269
11358
|
#
|
@@ -11304,10 +11393,10 @@ module Aws::IAM
|
|
11304
11393
|
# want to remove tags. For virtual MFA devices, the serial number is the
|
11305
11394
|
# same as the ARN.
|
11306
11395
|
#
|
11307
|
-
# This parameter
|
11308
|
-
# characters
|
11396
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
11397
|
+
# characters consisting of upper and lowercase alphanumeric characters
|
11309
11398
|
# with no spaces. You can also include any of the following characters:
|
11310
|
-
#
|
11399
|
+
# \_+=,.@-
|
11311
11400
|
#
|
11312
11401
|
#
|
11313
11402
|
#
|
@@ -11350,10 +11439,10 @@ module Aws::IAM
|
|
11350
11439
|
# The ARN of the OIDC provider in IAM from which you want to remove
|
11351
11440
|
# tags.
|
11352
11441
|
#
|
11353
|
-
# This parameter
|
11354
|
-
# characters
|
11442
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
11443
|
+
# characters consisting of upper and lowercase alphanumeric characters
|
11355
11444
|
# with no spaces. You can also include any of the following characters:
|
11356
|
-
#
|
11445
|
+
# \_+=,.@-
|
11357
11446
|
#
|
11358
11447
|
#
|
11359
11448
|
#
|
@@ -11393,10 +11482,10 @@ module Aws::IAM
|
|
11393
11482
|
# The ARN of the IAM customer managed policy from which you want to
|
11394
11483
|
# remove tags.
|
11395
11484
|
#
|
11396
|
-
# This parameter
|
11397
|
-
# characters
|
11485
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
11486
|
+
# characters consisting of upper and lowercase alphanumeric characters
|
11398
11487
|
# with no spaces. You can also include any of the following characters:
|
11399
|
-
#
|
11488
|
+
# \_+=,.@-
|
11400
11489
|
#
|
11401
11490
|
#
|
11402
11491
|
#
|
@@ -11492,10 +11581,10 @@ module Aws::IAM
|
|
11492
11581
|
# The ARN of the SAML identity provider in IAM from which you want to
|
11493
11582
|
# remove tags.
|
11494
11583
|
#
|
11495
|
-
# This parameter
|
11496
|
-
# characters
|
11584
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
11585
|
+
# characters consisting of upper and lowercase alphanumeric characters
|
11497
11586
|
# with no spaces. You can also include any of the following characters:
|
11498
|
-
#
|
11587
|
+
# \_+=,.@-
|
11499
11588
|
#
|
11500
11589
|
#
|
11501
11590
|
#
|
@@ -11527,11 +11616,11 @@ module Aws::IAM
|
|
11527
11616
|
# information about tagging, see [Tagging IAM resources][1] in the *IAM
|
11528
11617
|
# User Guide*.
|
11529
11618
|
#
|
11530
|
-
# <note markdown="1"> For certificates in a Region supported by
|
11531
|
-
#
|
11532
|
-
#
|
11533
|
-
#
|
11534
|
-
#
|
11619
|
+
# <note markdown="1"> For certificates in a Region supported by Certificate Manager (ACM),
|
11620
|
+
# we recommend that you don't use IAM server certificates. Instead, use
|
11621
|
+
# ACM to provision, manage, and deploy your server certificates. For
|
11622
|
+
# more information about IAM server certificates, [Working with server
|
11623
|
+
# certificates][2] in the *IAM User Guide*.
|
11535
11624
|
#
|
11536
11625
|
# </note>
|
11537
11626
|
#
|
@@ -11544,10 +11633,10 @@ module Aws::IAM
|
|
11544
11633
|
# The name of the IAM server certificate from which you want to remove
|
11545
11634
|
# tags.
|
11546
11635
|
#
|
11547
|
-
# This parameter
|
11548
|
-
# characters
|
11636
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
11637
|
+
# characters consisting of upper and lowercase alphanumeric characters
|
11549
11638
|
# with no spaces. You can also include any of the following characters:
|
11550
|
-
#
|
11639
|
+
# \_+=,.@-
|
11551
11640
|
#
|
11552
11641
|
#
|
11553
11642
|
#
|
@@ -11585,10 +11674,10 @@ module Aws::IAM
|
|
11585
11674
|
# @option params [required, String] :user_name
|
11586
11675
|
# The name of the IAM user from which you want to remove tags.
|
11587
11676
|
#
|
11588
|
-
# This parameter
|
11589
|
-
# characters
|
11677
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
11678
|
+
# characters consisting of upper and lowercase alphanumeric characters
|
11590
11679
|
# with no spaces. You can also include any of the following characters:
|
11591
|
-
#
|
11680
|
+
# \_+=,.@-
|
11592
11681
|
#
|
11593
11682
|
#
|
11594
11683
|
#
|
@@ -11633,10 +11722,10 @@ module Aws::IAM
|
|
11633
11722
|
# user's key as part of a key rotation workflow.
|
11634
11723
|
#
|
11635
11724
|
# If the `UserName` is not specified, the user name is determined
|
11636
|
-
# implicitly based on the
|
11637
|
-
# This operation works for access keys under the
|
11638
|
-
# Consequently, you can use this operation to manage
|
11639
|
-
#
|
11725
|
+
# implicitly based on the Amazon Web Services access key ID used to sign
|
11726
|
+
# the request. This operation works for access keys under the account.
|
11727
|
+
# Consequently, you can use this operation to manage account root user
|
11728
|
+
# credentials even if the account has no associated users.
|
11640
11729
|
#
|
11641
11730
|
# For information about rotating keys, see [Managing keys and
|
11642
11731
|
# certificates][1] in the *IAM User Guide*.
|
@@ -11670,8 +11759,8 @@ module Aws::IAM
|
|
11670
11759
|
#
|
11671
11760
|
# @option params [required, String] :status
|
11672
11761
|
# The status you want to assign to the secret access key. `Active` means
|
11673
|
-
# that the key can be used for programmatic calls to
|
11674
|
-
# `Inactive` means that the key cannot be used.
|
11762
|
+
# that the key can be used for programmatic calls to Amazon Web
|
11763
|
+
# Services, while `Inactive` means that the key cannot be used.
|
11675
11764
|
#
|
11676
11765
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
11677
11766
|
#
|
@@ -11704,7 +11793,7 @@ module Aws::IAM
|
|
11704
11793
|
req.send_request(options)
|
11705
11794
|
end
|
11706
11795
|
|
11707
|
-
# Updates the password policy settings for the
|
11796
|
+
# Updates the password policy settings for the account.
|
11708
11797
|
#
|
11709
11798
|
# <note markdown="1"> * This operation does not support partial updates. No parameters are
|
11710
11799
|
# required, but if you do not specify a parameter, that parameter's
|
@@ -11766,8 +11855,8 @@ module Aws::IAM
|
|
11766
11855
|
# require at least one lowercase character.
|
11767
11856
|
#
|
11768
11857
|
# @option params [Boolean] :allow_users_to_change_password
|
11769
|
-
# Allows all IAM users in your account to use the
|
11770
|
-
#
|
11858
|
+
# Allows all IAM users in your account to use the Management Console to
|
11859
|
+
# change their own passwords. For more information, see [Letting IAM
|
11771
11860
|
# users change their own passwords][1] in the *IAM User Guide*.
|
11772
11861
|
#
|
11773
11862
|
# If you do not specify a value for this parameter, then the operation
|
@@ -11864,10 +11953,10 @@ module Aws::IAM
|
|
11864
11953
|
# @option params [required, String] :policy_document
|
11865
11954
|
# The policy that grants an entity permission to assume the role.
|
11866
11955
|
#
|
11867
|
-
# You must provide policies in JSON format in IAM. However, for
|
11956
|
+
# You must provide policies in JSON format in IAM. However, for
|
11868
11957
|
# CloudFormation templates formatted in YAML, you can provide the policy
|
11869
|
-
# in JSON or YAML format.
|
11870
|
-
#
|
11958
|
+
# in JSON or YAML format. CloudFormation always converts a YAML policy
|
11959
|
+
# to JSON format before submitting it to IAM.
|
11871
11960
|
#
|
11872
11961
|
# The [regex pattern][1] used to validate this parameter is a string of
|
11873
11962
|
# characters consisting of the following:
|
@@ -11999,11 +12088,11 @@ module Aws::IAM
|
|
11999
12088
|
req.send_request(options)
|
12000
12089
|
end
|
12001
12090
|
|
12002
|
-
# Changes the password for the specified IAM user. You can use the
|
12003
|
-
#
|
12004
|
-
# the password for any IAM user. Use ChangePassword to change
|
12005
|
-
# password in the **My Security Credentials** page in the
|
12006
|
-
# Console.
|
12091
|
+
# Changes the password for the specified IAM user. You can use the CLI,
|
12092
|
+
# the Amazon Web Services API, or the **Users** page in the IAM console
|
12093
|
+
# to change the password for any IAM user. Use ChangePassword to change
|
12094
|
+
# your own password in the **My Security Credentials** page in the
|
12095
|
+
# Management Console.
|
12007
12096
|
#
|
12008
12097
|
# For more information about modifying passwords, see [Managing
|
12009
12098
|
# passwords][1] in the *IAM User Guide*.
|
@@ -12040,8 +12129,8 @@ module Aws::IAM
|
|
12040
12129
|
# carriage return (`\u000D`)
|
12041
12130
|
#
|
12042
12131
|
# However, the format can be further restricted by the account
|
12043
|
-
# administrator by setting a password policy on the
|
12044
|
-
#
|
12132
|
+
# administrator by setting a password policy on the account. For more
|
12133
|
+
# information, see UpdateAccountPasswordPolicy.
|
12045
12134
|
#
|
12046
12135
|
#
|
12047
12136
|
#
|
@@ -12088,15 +12177,25 @@ module Aws::IAM
|
|
12088
12177
|
# existing list of thumbprints. (The lists are not merged.)
|
12089
12178
|
#
|
12090
12179
|
# Typically, you need to update a thumbprint only when the identity
|
12091
|
-
# provider
|
12180
|
+
# provider certificate changes, which occurs rarely. However, if the
|
12092
12181
|
# provider's certificate *does* change, any attempt to assume an IAM
|
12093
12182
|
# role that specifies the OIDC provider as a principal fails until the
|
12094
12183
|
# certificate thumbprint is updated.
|
12095
12184
|
#
|
12096
|
-
# <note markdown="1">
|
12097
|
-
#
|
12098
|
-
#
|
12099
|
-
#
|
12185
|
+
# <note markdown="1"> Amazon Web Services secures communication with some OIDC identity
|
12186
|
+
# providers (IdPs) through our library of trusted certificate
|
12187
|
+
# authorities (CAs) instead of using a certificate thumbprint to verify
|
12188
|
+
# your IdP server certificate. These OIDC IdPs include Google, and those
|
12189
|
+
# that use an Amazon S3 bucket to host a JSON Web Key Set (JWKS)
|
12190
|
+
# endpoint. In these cases, your legacy thumbprint remains in your
|
12191
|
+
# configuration, but is no longer used for validation.
|
12192
|
+
#
|
12193
|
+
# </note>
|
12194
|
+
#
|
12195
|
+
# <note markdown="1"> Trust for the OIDC provider is derived from the provider certificate
|
12196
|
+
# and is validated by the thumbprint. Therefore, it is best to limit
|
12197
|
+
# access to the `UpdateOpenIDConnectProviderThumbprint` operation to
|
12198
|
+
# highly privileged users.
|
12100
12199
|
#
|
12101
12200
|
# </note>
|
12102
12201
|
#
|
@@ -12107,7 +12206,7 @@ module Aws::IAM
|
|
12107
12206
|
# operation.
|
12108
12207
|
#
|
12109
12208
|
# For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
|
12110
|
-
# in the *
|
12209
|
+
# in the *Amazon Web Services General Reference*.
|
12111
12210
|
#
|
12112
12211
|
#
|
12113
12212
|
#
|
@@ -12150,7 +12249,7 @@ module Aws::IAM
|
|
12150
12249
|
# default maximum of one hour is applied. This setting can have a value
|
12151
12250
|
# from 1 hour to 12 hours.
|
12152
12251
|
#
|
12153
|
-
# Anyone who assumes the role from the
|
12252
|
+
# Anyone who assumes the role from the CLI or API can use the
|
12154
12253
|
# `DurationSeconds` API parameter or the `duration-seconds` CLI
|
12155
12254
|
# parameter to request a longer session. The `MaxSessionDuration`
|
12156
12255
|
# setting determines the maximum duration that can be requested using
|
@@ -12257,7 +12356,7 @@ module Aws::IAM
|
|
12257
12356
|
# The Amazon Resource Name (ARN) of the SAML provider to update.
|
12258
12357
|
#
|
12259
12358
|
# For more information about ARNs, see [Amazon Resource Names (ARNs)][1]
|
12260
|
-
# in the *
|
12359
|
+
# in the *Amazon Web Services General Reference*.
|
12261
12360
|
#
|
12262
12361
|
#
|
12263
12362
|
#
|
@@ -12293,10 +12392,10 @@ module Aws::IAM
|
|
12293
12392
|
# public key as part of a key rotation work flow.
|
12294
12393
|
#
|
12295
12394
|
# The SSH public key affected by this operation is used only for
|
12296
|
-
# authenticating the associated IAM user to an
|
12297
|
-
#
|
12298
|
-
#
|
12299
|
-
#
|
12395
|
+
# authenticating the associated IAM user to an CodeCommit repository.
|
12396
|
+
# For more information about using SSH keys to authenticate to an
|
12397
|
+
# CodeCommit repository, see [Set up CodeCommit for SSH connections][1]
|
12398
|
+
# in the *CodeCommit User Guide*.
|
12300
12399
|
#
|
12301
12400
|
#
|
12302
12401
|
#
|
@@ -12327,7 +12426,7 @@ module Aws::IAM
|
|
12327
12426
|
#
|
12328
12427
|
# @option params [required, String] :status
|
12329
12428
|
# The status to assign to the SSH public key. `Active` means that the
|
12330
|
-
# key can be used for authentication with an
|
12429
|
+
# key can be used for authentication with an CodeCommit repository.
|
12331
12430
|
# `Inactive` means that the key cannot be used.
|
12332
12431
|
#
|
12333
12432
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
@@ -12354,8 +12453,8 @@ module Aws::IAM
|
|
12354
12453
|
#
|
12355
12454
|
# For more information about working with server certificates, see
|
12356
12455
|
# [Working with server certificates][1] in the *IAM User Guide*. This
|
12357
|
-
# topic also includes a list of
|
12358
|
-
# certificates that you manage with IAM.
|
12456
|
+
# topic also includes a list of Amazon Web Services services that can
|
12457
|
+
# use the server certificates that you manage with IAM.
|
12359
12458
|
#
|
12360
12459
|
# You should understand the implications of changing a server
|
12361
12460
|
# certificate's path or name. For more information, see [Renaming a
|
@@ -12497,10 +12596,10 @@ module Aws::IAM
|
|
12497
12596
|
# rotation work flow.
|
12498
12597
|
#
|
12499
12598
|
# If the `UserName` field is not specified, the user name is determined
|
12500
|
-
# implicitly based on the
|
12501
|
-
# This operation works for access keys under the
|
12502
|
-
# Consequently, you can use this operation to manage
|
12503
|
-
#
|
12599
|
+
# implicitly based on the Amazon Web Services access key ID used to sign
|
12600
|
+
# the request. This operation works for access keys under the account.
|
12601
|
+
# Consequently, you can use this operation to manage account root user
|
12602
|
+
# credentials even if the account has no associated users.
|
12504
12603
|
#
|
12505
12604
|
# @option params [String] :user_name
|
12506
12605
|
# The name of the IAM user the signing certificate belongs to.
|
@@ -12527,8 +12626,8 @@ module Aws::IAM
|
|
12527
12626
|
#
|
12528
12627
|
# @option params [required, String] :status
|
12529
12628
|
# The status you want to assign to the certificate. `Active` means that
|
12530
|
-
# the certificate can be used for programmatic calls to
|
12531
|
-
# means that the certificate cannot be used.
|
12629
|
+
# the certificate can be used for programmatic calls to Amazon Web
|
12630
|
+
# Services `Inactive` means that the certificate cannot be used.
|
12532
12631
|
#
|
12533
12632
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
12534
12633
|
#
|
@@ -12649,10 +12748,10 @@ module Aws::IAM
|
|
12649
12748
|
# user.
|
12650
12749
|
#
|
12651
12750
|
# The SSH public key uploaded by this operation can be used only for
|
12652
|
-
# authenticating the associated IAM user to an
|
12653
|
-
#
|
12654
|
-
#
|
12655
|
-
#
|
12751
|
+
# authenticating the associated IAM user to an CodeCommit repository.
|
12752
|
+
# For more information about using SSH keys to authenticate to an
|
12753
|
+
# CodeCommit repository, see [Set up CodeCommit for SSH connections][1]
|
12754
|
+
# in the *CodeCommit User Guide*.
|
12656
12755
|
#
|
12657
12756
|
#
|
12658
12757
|
#
|
@@ -12721,21 +12820,21 @@ module Aws::IAM
|
|
12721
12820
|
req.send_request(options)
|
12722
12821
|
end
|
12723
12822
|
|
12724
|
-
# Uploads a server certificate entity for the
|
12823
|
+
# Uploads a server certificate entity for the account. The server
|
12725
12824
|
# certificate entity includes a public key certificate, a private key,
|
12726
12825
|
# and an optional certificate chain, which should all be PEM-encoded.
|
12727
12826
|
#
|
12728
|
-
# We recommend that you use [
|
12827
|
+
# We recommend that you use [Certificate Manager][1] to provision,
|
12729
12828
|
# manage, and deploy your server certificates. With ACM you can request
|
12730
|
-
# a certificate, deploy it to
|
12731
|
-
# certificate renewals for you. Certificates provided by ACM are
|
12732
|
-
# For more information about using ACM, see the [
|
12733
|
-
# User Guide][2].
|
12829
|
+
# a certificate, deploy it to Amazon Web Services resources, and let ACM
|
12830
|
+
# handle certificate renewals for you. Certificates provided by ACM are
|
12831
|
+
# free. For more information about using ACM, see the [Certificate
|
12832
|
+
# Manager User Guide][2].
|
12734
12833
|
#
|
12735
12834
|
# For more information about working with server certificates, see
|
12736
12835
|
# [Working with server certificates][3] in the *IAM User Guide*. This
|
12737
|
-
# topic includes a list of
|
12738
|
-
# certificates that you manage with IAM.
|
12836
|
+
# topic includes a list of Amazon Web Services services that can use the
|
12837
|
+
# server certificates that you manage with IAM.
|
12739
12838
|
#
|
12740
12839
|
# For information about the number of server certificates you can
|
12741
12840
|
# upload, see [IAM and STS quotas][4] in the *IAM User Guide*.
|
@@ -12743,10 +12842,11 @@ module Aws::IAM
|
|
12743
12842
|
# <note markdown="1"> Because the body of the public key certificate, private key, and the
|
12744
12843
|
# certificate chain can be large, you should use POST rather than GET
|
12745
12844
|
# when calling `UploadServerCertificate`. For information about setting
|
12746
|
-
# up signatures and authorization through the API, see [Signing
|
12747
|
-
# requests][5] in the *
|
12748
|
-
# about using the Query API with
|
12749
|
-
# HTTP query requests][6] in the
|
12845
|
+
# up signatures and authorization through the API, see [Signing Amazon
|
12846
|
+
# Web Services API requests][5] in the *Amazon Web Services General
|
12847
|
+
# Reference*. For general information about using the Query API with
|
12848
|
+
# IAM, see [Calling the API by making HTTP query requests][6] in the
|
12849
|
+
# *IAM User Guide*.
|
12750
12850
|
#
|
12751
12851
|
# </note>
|
12752
12852
|
#
|
@@ -12937,25 +13037,27 @@ module Aws::IAM
|
|
12937
13037
|
end
|
12938
13038
|
|
12939
13039
|
# Uploads an X.509 signing certificate and associates it with the
|
12940
|
-
# specified IAM user. Some
|
12941
|
-
# to validate requests that are signed with a
|
12942
|
-
# When you upload the certificate, its
|
13040
|
+
# specified IAM user. Some Amazon Web Services services require you to
|
13041
|
+
# use certificates to validate requests that are signed with a
|
13042
|
+
# corresponding private key. When you upload the certificate, its
|
13043
|
+
# default status is `Active`.
|
12943
13044
|
#
|
12944
13045
|
# For information about when you would use an X.509 signing certificate,
|
12945
13046
|
# see [Managing server certificates in IAM][1] in the *IAM User Guide*.
|
12946
13047
|
#
|
12947
13048
|
# If the `UserName` is not specified, the IAM user name is determined
|
12948
|
-
# implicitly based on the
|
12949
|
-
# This operation works for access keys under the
|
12950
|
-
# Consequently, you can use this operation to manage
|
12951
|
-
#
|
13049
|
+
# implicitly based on the Amazon Web Services access key ID used to sign
|
13050
|
+
# the request. This operation works for access keys under the account.
|
13051
|
+
# Consequently, you can use this operation to manage account root user
|
13052
|
+
# credentials even if the account has no associated users.
|
12952
13053
|
#
|
12953
13054
|
# <note markdown="1"> Because the body of an X.509 certificate can be large, you should use
|
12954
13055
|
# POST rather than GET when calling `UploadSigningCertificate`. For
|
12955
13056
|
# information about setting up signatures and authorization through the
|
12956
|
-
# API, see [Signing
|
12957
|
-
# For general information about using
|
12958
|
-
# [Making query requests][3] in the *IAM
|
13057
|
+
# API, see [Signing Amazon Web Services API requests][2] in the *Amazon
|
13058
|
+
# Web Services General Reference*. For general information about using
|
13059
|
+
# the Query API with IAM, see [Making query requests][3] in the *IAM
|
13060
|
+
# User Guide*.
|
12959
13061
|
#
|
12960
13062
|
# </note>
|
12961
13063
|
#
|
@@ -13058,7 +13160,7 @@ module Aws::IAM
|
|
13058
13160
|
params: params,
|
13059
13161
|
config: config)
|
13060
13162
|
context[:gem_name] = 'aws-sdk-iam'
|
13061
|
-
context[:gem_version] = '1.
|
13163
|
+
context[:gem_version] = '1.57.0'
|
13062
13164
|
Seahorse::Client::Request.new(handlers, context)
|
13063
13165
|
end
|
13064
13166
|
|