aws-sdk-iam 1.12.0 → 1.13.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/aws-sdk-iam.rb +1 -1
- data/lib/aws-sdk-iam/access_key.rb +2 -2
- data/lib/aws-sdk-iam/account_summary.rb +1 -1
- data/lib/aws-sdk-iam/client.rb +1045 -523
- data/lib/aws-sdk-iam/client_api.rb +161 -6
- data/lib/aws-sdk-iam/current_user.rb +21 -23
- data/lib/aws-sdk-iam/group.rb +7 -7
- data/lib/aws-sdk-iam/instance_profile.rb +2 -2
- data/lib/aws-sdk-iam/policy.rb +10 -10
- data/lib/aws-sdk-iam/resource.rb +76 -74
- data/lib/aws-sdk-iam/role.rb +17 -19
- data/lib/aws-sdk-iam/server_certificate.rb +2 -2
- data/lib/aws-sdk-iam/types.rb +1201 -578
- data/lib/aws-sdk-iam/user.rb +30 -32
- data/lib/aws-sdk-iam/virtual_mfa_device.rb +5 -5
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: f72988bbf8f92d16fbf0a8797593c77652a886a6
|
4
|
+
data.tar.gz: 35162ef9c23191387bdddd9027069fc9286908b8
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: c58ab6d2183a08da068100da6d99d0a957c942f19b324886ae939352d08a2020db5bf6c16923e4451115821d12b3b690617ac7cf9aba8a38ac703c076167880a
|
7
|
+
data.tar.gz: 20f0904c4db64b442704e384193ea5f8eec1108cbfc527a662988385b30686fe7e3aecba3fb603381325b9cde546b33760da458852d3a4ef7d4002237a58afed
|
data/lib/aws-sdk-iam.rb
CHANGED
@@ -39,8 +39,8 @@ module Aws::IAM
|
|
39
39
|
end
|
40
40
|
alias :access_key_id :id
|
41
41
|
|
42
|
-
# The status of the access key. `Active` means the key is valid for
|
43
|
-
# calls; `Inactive` means it is not.
|
42
|
+
# The status of the access key. `Active` means that the key is valid for
|
43
|
+
# API calls; `Inactive` means it is not.
|
44
44
|
# @return [String]
|
45
45
|
def status
|
46
46
|
data[:status]
|
@@ -20,7 +20,7 @@ module Aws::IAM
|
|
20
20
|
|
21
21
|
# @!group Read-Only Attributes
|
22
22
|
|
23
|
-
# A set of key
|
23
|
+
# A set of key–value pairs containing information about IAM entity usage
|
24
24
|
# and IAM quotas.
|
25
25
|
# @return [Hash<String,Integer>]
|
26
26
|
def summary_map
|
data/lib/aws-sdk-iam/client.rb
CHANGED
@@ -260,7 +260,7 @@ module Aws::IAM
|
|
260
260
|
# instance and then restart it.
|
261
261
|
#
|
262
262
|
# <note markdown="1"> The caller of this API must be granted the `PassRole` permission on
|
263
|
-
# the IAM role by a
|
263
|
+
# the IAM role by a permissions policy.
|
264
264
|
#
|
265
265
|
# </note>
|
266
266
|
#
|
@@ -271,15 +271,15 @@ module Aws::IAM
|
|
271
271
|
#
|
272
272
|
#
|
273
273
|
# [1]: https://en.wikipedia.org/wiki/Eventual_consistency
|
274
|
-
# [2]:
|
275
|
-
# [3]:
|
274
|
+
# [2]: http://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DisassociateIamInstanceProfile.html
|
275
|
+
# [3]: http://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AssociateIamInstanceProfile.html
|
276
276
|
# [4]: http://docs.aws.amazon.com/IAM/latest/UserGuide/WorkingWithRoles.html
|
277
277
|
# [5]: http://docs.aws.amazon.com/IAM/latest/UserGuide/AboutInstanceProfiles.html
|
278
278
|
#
|
279
279
|
# @option params [required, String] :instance_profile_name
|
280
280
|
# The name of the instance profile to update.
|
281
281
|
#
|
282
|
-
# This parameter allows (
|
282
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
283
283
|
# characters consisting of upper and lowercase alphanumeric characters
|
284
284
|
# with no spaces. You can also include any of the following characters:
|
285
285
|
# \_+=,.@-
|
@@ -291,7 +291,7 @@ module Aws::IAM
|
|
291
291
|
# @option params [required, String] :role_name
|
292
292
|
# The name of the role to add.
|
293
293
|
#
|
294
|
-
# This parameter allows (
|
294
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
295
295
|
# characters consisting of upper and lowercase alphanumeric characters
|
296
296
|
# with no spaces. You can also include any of the following characters:
|
297
297
|
# \_+=,.@-
|
@@ -333,7 +333,7 @@ module Aws::IAM
|
|
333
333
|
# @option params [required, String] :group_name
|
334
334
|
# The name of the group to update.
|
335
335
|
#
|
336
|
-
# This parameter allows (
|
336
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
337
337
|
# characters consisting of upper and lowercase alphanumeric characters
|
338
338
|
# with no spaces. You can also include any of the following characters:
|
339
339
|
# \_+=,.@-
|
@@ -345,7 +345,7 @@ module Aws::IAM
|
|
345
345
|
# @option params [required, String] :user_name
|
346
346
|
# The name of the user to add.
|
347
347
|
#
|
348
|
-
# This parameter allows (
|
348
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
349
349
|
# characters consisting of upper and lowercase alphanumeric characters
|
350
350
|
# with no spaces. You can also include any of the following characters:
|
351
351
|
# \_+=,.@-
|
@@ -398,7 +398,7 @@ module Aws::IAM
|
|
398
398
|
# The name (friendly name, not ARN) of the group to attach the policy
|
399
399
|
# to.
|
400
400
|
#
|
401
|
-
# This parameter allows (
|
401
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
402
402
|
# characters consisting of upper and lowercase alphanumeric characters
|
403
403
|
# with no spaces. You can also include any of the following characters:
|
404
404
|
# \_+=,.@-
|
@@ -468,7 +468,7 @@ module Aws::IAM
|
|
468
468
|
# @option params [required, String] :role_name
|
469
469
|
# The name (friendly name, not ARN) of the role to attach the policy to.
|
470
470
|
#
|
471
|
-
# This parameter allows (
|
471
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
472
472
|
# characters consisting of upper and lowercase alphanumeric characters
|
473
473
|
# with no spaces. You can also include any of the following characters:
|
474
474
|
# \_+=,.@-
|
@@ -531,7 +531,7 @@ module Aws::IAM
|
|
531
531
|
# The name (friendly name, not ARN) of the IAM user to attach the policy
|
532
532
|
# to.
|
533
533
|
#
|
534
|
-
# This parameter allows (
|
534
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
535
535
|
# characters consisting of upper and lowercase alphanumeric characters
|
536
536
|
# with no spaces. You can also include any of the following characters:
|
537
537
|
# \_+=,.@-
|
@@ -642,10 +642,11 @@ module Aws::IAM
|
|
642
642
|
# `Active`.
|
643
643
|
#
|
644
644
|
# If you do not specify a user name, IAM determines the user name
|
645
|
-
# implicitly based on the AWS access key ID signing the request.
|
646
|
-
#
|
647
|
-
# use this operation to manage AWS account root user
|
648
|
-
# is true even if the AWS account has no associated
|
645
|
+
# implicitly based on the AWS access key ID signing the request. This
|
646
|
+
# operation works for access keys under the AWS account. Consequently,
|
647
|
+
# you can use this operation to manage AWS account root user
|
648
|
+
# credentials. This is true even if the AWS account has no associated
|
649
|
+
# users.
|
649
650
|
#
|
650
651
|
# For information about limits on the number of keys you can create, see
|
651
652
|
# [Limitations on IAM Entities][1] in the *IAM User Guide*.
|
@@ -663,7 +664,7 @@ module Aws::IAM
|
|
663
664
|
# @option params [String] :user_name
|
664
665
|
# The name of the IAM user that the new key will belong to.
|
665
666
|
#
|
666
|
-
# This parameter allows (
|
667
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
667
668
|
# characters consisting of upper and lowercase alphanumeric characters
|
668
669
|
# with no spaces. You can also include any of the following characters:
|
669
670
|
# \_+=,.@-
|
@@ -730,7 +731,7 @@ module Aws::IAM
|
|
730
731
|
# @option params [required, String] :account_alias
|
731
732
|
# The account alias to create.
|
732
733
|
#
|
733
|
-
# This parameter allows (
|
734
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
734
735
|
# characters consisting of lowercase letters, digits, and dashes. You
|
735
736
|
# cannot start or finish with a dash, nor can you have two dashes in a
|
736
737
|
# row.
|
@@ -781,7 +782,7 @@ module Aws::IAM
|
|
781
782
|
# This parameter is optional. If it is not included, it defaults to a
|
782
783
|
# slash (/).
|
783
784
|
#
|
784
|
-
# This parameter allows (
|
785
|
+
# This parameter allows (through its [regex pattern][2]) a string of
|
785
786
|
# characters consisting of either a forward slash (/) by itself or a
|
786
787
|
# string that must begin and end with forward slashes. In addition, it
|
787
788
|
# can contain any ASCII character from the ! (\\u0021) through the DEL
|
@@ -797,7 +798,7 @@ module Aws::IAM
|
|
797
798
|
# The name of the group to create. Do not include the path in this
|
798
799
|
# value.
|
799
800
|
#
|
800
|
-
# This parameter allows (
|
801
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
801
802
|
# characters consisting of upper and lowercase alphanumeric characters
|
802
803
|
# with no spaces. You can also include any of the following characters:
|
803
804
|
# \_+=,.@-. The group name must be unique within the account. Group
|
@@ -870,7 +871,7 @@ module Aws::IAM
|
|
870
871
|
# @option params [required, String] :instance_profile_name
|
871
872
|
# The name of the instance profile to create.
|
872
873
|
#
|
873
|
-
# This parameter allows (
|
874
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
874
875
|
# characters consisting of upper and lowercase alphanumeric characters
|
875
876
|
# with no spaces. You can also include any of the following characters:
|
876
877
|
# \_+=,.@-
|
@@ -886,7 +887,7 @@ module Aws::IAM
|
|
886
887
|
# This parameter is optional. If it is not included, it defaults to a
|
887
888
|
# slash (/).
|
888
889
|
#
|
889
|
-
# This parameter allows (
|
890
|
+
# This parameter allows (through its [regex pattern][2]) a string of
|
890
891
|
# characters consisting of either a forward slash (/) by itself or a
|
891
892
|
# string that must begin and end with forward slashes. In addition, it
|
892
893
|
# can contain any ASCII character from the ! (\\u0021) through the DEL
|
@@ -947,12 +948,12 @@ module Aws::IAM
|
|
947
948
|
# resp.instance_profile.roles[0].create_date #=> Time
|
948
949
|
# resp.instance_profile.roles[0].assume_role_policy_document #=> String
|
949
950
|
# resp.instance_profile.roles[0].description #=> String
|
950
|
-
# resp.instance_profile.roles[0].tags #=> Array
|
951
|
-
# resp.instance_profile.roles[0].tags[0].key #=> String
|
952
|
-
# resp.instance_profile.roles[0].tags[0].value #=> String
|
953
951
|
# resp.instance_profile.roles[0].max_session_duration #=> Integer
|
954
952
|
# resp.instance_profile.roles[0].permissions_boundary.permissions_boundary_type #=> String, one of "PermissionsBoundaryPolicy"
|
955
953
|
# resp.instance_profile.roles[0].permissions_boundary.permissions_boundary_arn #=> String
|
954
|
+
# resp.instance_profile.roles[0].tags #=> Array
|
955
|
+
# resp.instance_profile.roles[0].tags[0].key #=> String
|
956
|
+
# resp.instance_profile.roles[0].tags[0].value #=> String
|
956
957
|
#
|
957
958
|
# @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateInstanceProfile AWS API Documentation
|
958
959
|
#
|
@@ -976,7 +977,7 @@ module Aws::IAM
|
|
976
977
|
# The name of the IAM user to create a password for. The user must
|
977
978
|
# already exist.
|
978
979
|
#
|
979
|
-
# This parameter allows (
|
980
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
980
981
|
# characters consisting of upper and lowercase alphanumeric characters
|
981
982
|
# with no spaces. You can also include any of the following characters:
|
982
983
|
# \_+=,.@-
|
@@ -1200,7 +1201,7 @@ module Aws::IAM
|
|
1200
1201
|
# @option params [required, String] :policy_name
|
1201
1202
|
# The friendly name of the policy.
|
1202
1203
|
#
|
1203
|
-
# This parameter allows (
|
1204
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
1204
1205
|
# characters consisting of upper and lowercase alphanumeric characters
|
1205
1206
|
# with no spaces. You can also include any of the following characters:
|
1206
1207
|
# \_+=,.@-
|
@@ -1218,7 +1219,7 @@ module Aws::IAM
|
|
1218
1219
|
# This parameter is optional. If it is not included, it defaults to a
|
1219
1220
|
# slash (/).
|
1220
1221
|
#
|
1221
|
-
# This parameter allows (
|
1222
|
+
# This parameter allows (through its [regex pattern][2]) a string of
|
1222
1223
|
# characters consisting of either a forward slash (/) by itself or a
|
1223
1224
|
# string that must begin and end with forward slashes. In addition, it
|
1224
1225
|
# can contain any ASCII character from the ! (\\u0021) through the DEL
|
@@ -1404,7 +1405,7 @@ module Aws::IAM
|
|
1404
1405
|
# This parameter is optional. If it is not included, it defaults to a
|
1405
1406
|
# slash (/).
|
1406
1407
|
#
|
1407
|
-
# This parameter allows (
|
1408
|
+
# This parameter allows (through its [regex pattern][2]) a string of
|
1408
1409
|
# characters consisting of either a forward slash (/) by itself or a
|
1409
1410
|
# string that must begin and end with forward slashes. In addition, it
|
1410
1411
|
# can contain any ASCII character from the ! (\\u0021) through the DEL
|
@@ -1419,7 +1420,7 @@ module Aws::IAM
|
|
1419
1420
|
# @option params [required, String] :role_name
|
1420
1421
|
# The name of the role to create.
|
1421
1422
|
#
|
1422
|
-
# This parameter allows (
|
1423
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
1423
1424
|
# characters consisting of upper and lowercase alphanumeric characters
|
1424
1425
|
# with no spaces. You can also include any of the following characters:
|
1425
1426
|
# \_+=,.@-
|
@@ -1454,22 +1455,6 @@ module Aws::IAM
|
|
1454
1455
|
# @option params [String] :description
|
1455
1456
|
# A description of the role.
|
1456
1457
|
#
|
1457
|
-
# @option params [Array<Types::Tag>] :tags
|
1458
|
-
# A list of tags that you want to attach to the newly created role. Each
|
1459
|
-
# tag consists of a key name and an associated value. For more
|
1460
|
-
# information about tagging, see [Tagging IAM Identities][1] in the *IAM
|
1461
|
-
# User Guide*.
|
1462
|
-
#
|
1463
|
-
# <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed number
|
1464
|
-
# of tags per role, then the entire request fails and the role is not
|
1465
|
-
# created.
|
1466
|
-
#
|
1467
|
-
# </note>
|
1468
|
-
#
|
1469
|
-
#
|
1470
|
-
#
|
1471
|
-
# [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
|
1472
|
-
#
|
1473
1458
|
# @option params [Integer] :max_session_duration
|
1474
1459
|
# The maximum session duration (in seconds) that you want to set for the
|
1475
1460
|
# specified role. If you do not specify a value for this setting, the
|
@@ -1495,6 +1480,22 @@ module Aws::IAM
|
|
1495
1480
|
# The ARN of the policy that is used to set the permissions boundary for
|
1496
1481
|
# the role.
|
1497
1482
|
#
|
1483
|
+
# @option params [Array<Types::Tag>] :tags
|
1484
|
+
# A list of tags that you want to attach to the newly created role. Each
|
1485
|
+
# tag consists of a key name and an associated value. For more
|
1486
|
+
# information about tagging, see [Tagging IAM Identities][1] in the *IAM
|
1487
|
+
# User Guide*.
|
1488
|
+
#
|
1489
|
+
# <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed number
|
1490
|
+
# of tags per role, then the entire request fails and the role is not
|
1491
|
+
# created.
|
1492
|
+
#
|
1493
|
+
# </note>
|
1494
|
+
#
|
1495
|
+
#
|
1496
|
+
#
|
1497
|
+
# [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
|
1498
|
+
#
|
1498
1499
|
# @return [Types::CreateRoleResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1499
1500
|
#
|
1500
1501
|
# * {Types::CreateRoleResponse#role #role} => Types::Role
|
@@ -1530,14 +1531,14 @@ module Aws::IAM
|
|
1530
1531
|
# role_name: "roleNameType", # required
|
1531
1532
|
# assume_role_policy_document: "policyDocumentType", # required
|
1532
1533
|
# description: "roleDescriptionType",
|
1534
|
+
# max_session_duration: 1,
|
1535
|
+
# permissions_boundary: "arnType",
|
1533
1536
|
# tags: [
|
1534
1537
|
# {
|
1535
1538
|
# key: "tagKeyType", # required
|
1536
1539
|
# value: "tagValueType", # required
|
1537
1540
|
# },
|
1538
1541
|
# ],
|
1539
|
-
# max_session_duration: 1,
|
1540
|
-
# permissions_boundary: "arnType",
|
1541
1542
|
# })
|
1542
1543
|
#
|
1543
1544
|
# @example Response structure
|
@@ -1549,12 +1550,12 @@ module Aws::IAM
|
|
1549
1550
|
# resp.role.create_date #=> Time
|
1550
1551
|
# resp.role.assume_role_policy_document #=> String
|
1551
1552
|
# resp.role.description #=> String
|
1552
|
-
# resp.role.tags #=> Array
|
1553
|
-
# resp.role.tags[0].key #=> String
|
1554
|
-
# resp.role.tags[0].value #=> String
|
1555
1553
|
# resp.role.max_session_duration #=> Integer
|
1556
1554
|
# resp.role.permissions_boundary.permissions_boundary_type #=> String, one of "PermissionsBoundaryPolicy"
|
1557
1555
|
# resp.role.permissions_boundary.permissions_boundary_arn #=> String
|
1556
|
+
# resp.role.tags #=> Array
|
1557
|
+
# resp.role.tags[0].key #=> String
|
1558
|
+
# resp.role.tags[0].value #=> String
|
1558
1559
|
#
|
1559
1560
|
# @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateRole AWS API Documentation
|
1560
1561
|
#
|
@@ -1614,7 +1615,7 @@ module Aws::IAM
|
|
1614
1615
|
# @option params [required, String] :name
|
1615
1616
|
# The name of the provider to create.
|
1616
1617
|
#
|
1617
|
-
# This parameter allows (
|
1618
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
1618
1619
|
# characters consisting of upper and lowercase alphanumeric characters
|
1619
1620
|
# with no spaces. You can also include any of the following characters:
|
1620
1621
|
# \_+=,.@-
|
@@ -1714,12 +1715,12 @@ module Aws::IAM
|
|
1714
1715
|
# resp.role.create_date #=> Time
|
1715
1716
|
# resp.role.assume_role_policy_document #=> String
|
1716
1717
|
# resp.role.description #=> String
|
1717
|
-
# resp.role.tags #=> Array
|
1718
|
-
# resp.role.tags[0].key #=> String
|
1719
|
-
# resp.role.tags[0].value #=> String
|
1720
1718
|
# resp.role.max_session_duration #=> Integer
|
1721
1719
|
# resp.role.permissions_boundary.permissions_boundary_type #=> String, one of "PermissionsBoundaryPolicy"
|
1722
1720
|
# resp.role.permissions_boundary.permissions_boundary_arn #=> String
|
1721
|
+
# resp.role.tags #=> Array
|
1722
|
+
# resp.role.tags[0].key #=> String
|
1723
|
+
# resp.role.tags[0].value #=> String
|
1723
1724
|
#
|
1724
1725
|
# @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateServiceLinkedRole AWS API Documentation
|
1725
1726
|
#
|
@@ -1757,7 +1758,7 @@ module Aws::IAM
|
|
1757
1758
|
# permissions as the associated user except that they can be used only
|
1758
1759
|
# to access the specified service.
|
1759
1760
|
#
|
1760
|
-
# This parameter allows (
|
1761
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
1761
1762
|
# characters consisting of upper and lowercase alphanumeric characters
|
1762
1763
|
# with no spaces. You can also include any of the following characters:
|
1763
1764
|
# \_+=,.@-
|
@@ -1817,7 +1818,7 @@ module Aws::IAM
|
|
1817
1818
|
# This parameter is optional. If it is not included, it defaults to a
|
1818
1819
|
# slash (/).
|
1819
1820
|
#
|
1820
|
-
# This parameter allows (
|
1821
|
+
# This parameter allows (through its [regex pattern][2]) a string of
|
1821
1822
|
# characters consisting of either a forward slash (/) by itself or a
|
1822
1823
|
# string that must begin and end with forward slashes. In addition, it
|
1823
1824
|
# can contain any ASCII character from the ! (\\u0021) through the DEL
|
@@ -1832,7 +1833,7 @@ module Aws::IAM
|
|
1832
1833
|
# @option params [required, String] :user_name
|
1833
1834
|
# The name of the user to create.
|
1834
1835
|
#
|
1835
|
-
# This parameter allows (
|
1836
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
1836
1837
|
# characters consisting of upper and lowercase alphanumeric characters
|
1837
1838
|
# with no spaces. You can also include any of the following characters:
|
1838
1839
|
# \_+=,.@-. User names are not distinguished by case. For example, you
|
@@ -1842,6 +1843,10 @@ module Aws::IAM
|
|
1842
1843
|
#
|
1843
1844
|
# [1]: http://wikipedia.org/wiki/regex
|
1844
1845
|
#
|
1846
|
+
# @option params [String] :permissions_boundary
|
1847
|
+
# The ARN of the policy that is used to set the permissions boundary for
|
1848
|
+
# the user.
|
1849
|
+
#
|
1845
1850
|
# @option params [Array<Types::Tag>] :tags
|
1846
1851
|
# A list of tags that you want to attach to the newly created user. Each
|
1847
1852
|
# tag consists of a key name and an associated value. For more
|
@@ -1858,10 +1863,6 @@ module Aws::IAM
|
|
1858
1863
|
#
|
1859
1864
|
# [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
|
1860
1865
|
#
|
1861
|
-
# @option params [String] :permissions_boundary
|
1862
|
-
# The ARN of the policy that is used to set the permissions boundary for
|
1863
|
-
# the user.
|
1864
|
-
#
|
1865
1866
|
# @return [Types::CreateUserResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1866
1867
|
#
|
1867
1868
|
# * {Types::CreateUserResponse#user #user} => Types::User
|
@@ -1891,13 +1892,13 @@ module Aws::IAM
|
|
1891
1892
|
# resp = client.create_user({
|
1892
1893
|
# path: "pathType",
|
1893
1894
|
# user_name: "userNameType", # required
|
1895
|
+
# permissions_boundary: "arnType",
|
1894
1896
|
# tags: [
|
1895
1897
|
# {
|
1896
1898
|
# key: "tagKeyType", # required
|
1897
1899
|
# value: "tagValueType", # required
|
1898
1900
|
# },
|
1899
1901
|
# ],
|
1900
|
-
# permissions_boundary: "arnType",
|
1901
1902
|
# })
|
1902
1903
|
#
|
1903
1904
|
# @example Response structure
|
@@ -1908,11 +1909,11 @@ module Aws::IAM
|
|
1908
1909
|
# resp.user.arn #=> String
|
1909
1910
|
# resp.user.create_date #=> Time
|
1910
1911
|
# resp.user.password_last_used #=> Time
|
1912
|
+
# resp.user.permissions_boundary.permissions_boundary_type #=> String, one of "PermissionsBoundaryPolicy"
|
1913
|
+
# resp.user.permissions_boundary.permissions_boundary_arn #=> String
|
1911
1914
|
# resp.user.tags #=> Array
|
1912
1915
|
# resp.user.tags[0].key #=> String
|
1913
1916
|
# resp.user.tags[0].value #=> String
|
1914
|
-
# resp.user.permissions_boundary.permissions_boundary_type #=> String, one of "PermissionsBoundaryPolicy"
|
1915
|
-
# resp.user.permissions_boundary.permissions_boundary_arn #=> String
|
1916
1917
|
#
|
1917
1918
|
# @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateUser AWS API Documentation
|
1918
1919
|
#
|
@@ -1950,7 +1951,7 @@ module Aws::IAM
|
|
1950
1951
|
# This parameter is optional. If it is not included, it defaults to a
|
1951
1952
|
# slash (/).
|
1952
1953
|
#
|
1953
|
-
# This parameter allows (
|
1954
|
+
# This parameter allows (through its [regex pattern][2]) a string of
|
1954
1955
|
# characters consisting of either a forward slash (/) by itself or a
|
1955
1956
|
# string that must begin and end with forward slashes. In addition, it
|
1956
1957
|
# can contain any ASCII character from the ! (\\u0021) through the DEL
|
@@ -1966,7 +1967,7 @@ module Aws::IAM
|
|
1966
1967
|
# The name of the virtual MFA device. Use with path to uniquely identify
|
1967
1968
|
# a virtual MFA device.
|
1968
1969
|
#
|
1969
|
-
# This parameter allows (
|
1970
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
1970
1971
|
# characters consisting of upper and lowercase alphanumeric characters
|
1971
1972
|
# with no spaces. You can also include any of the following characters:
|
1972
1973
|
# \_+=,.@-
|
@@ -1997,11 +1998,11 @@ module Aws::IAM
|
|
1997
1998
|
# resp.virtual_mfa_device.user.arn #=> String
|
1998
1999
|
# resp.virtual_mfa_device.user.create_date #=> Time
|
1999
2000
|
# resp.virtual_mfa_device.user.password_last_used #=> Time
|
2001
|
+
# resp.virtual_mfa_device.user.permissions_boundary.permissions_boundary_type #=> String, one of "PermissionsBoundaryPolicy"
|
2002
|
+
# resp.virtual_mfa_device.user.permissions_boundary.permissions_boundary_arn #=> String
|
2000
2003
|
# resp.virtual_mfa_device.user.tags #=> Array
|
2001
2004
|
# resp.virtual_mfa_device.user.tags[0].key #=> String
|
2002
2005
|
# resp.virtual_mfa_device.user.tags[0].value #=> String
|
2003
|
-
# resp.virtual_mfa_device.user.permissions_boundary.permissions_boundary_type #=> String, one of "PermissionsBoundaryPolicy"
|
2004
|
-
# resp.virtual_mfa_device.user.permissions_boundary.permissions_boundary_arn #=> String
|
2005
2006
|
# resp.virtual_mfa_device.enable_date #=> Time
|
2006
2007
|
#
|
2007
2008
|
# @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateVirtualMFADevice AWS API Documentation
|
@@ -2017,8 +2018,8 @@ module Aws::IAM
|
|
2017
2018
|
# with the user name for which it was originally enabled.
|
2018
2019
|
#
|
2019
2020
|
# For more information about creating and working with virtual MFA
|
2020
|
-
# devices, go to [
|
2021
|
-
# Guide*.
|
2021
|
+
# devices, go to [Enabling a Virtual Multi-factor Authentication (MFA)
|
2022
|
+
# Device][1] in the *IAM User Guide*.
|
2022
2023
|
#
|
2023
2024
|
#
|
2024
2025
|
#
|
@@ -2027,7 +2028,7 @@ module Aws::IAM
|
|
2027
2028
|
# @option params [required, String] :user_name
|
2028
2029
|
# The name of the user whose MFA device you want to deactivate.
|
2029
2030
|
#
|
2030
|
-
# This parameter allows (
|
2031
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
2031
2032
|
# characters consisting of upper and lowercase alphanumeric characters
|
2032
2033
|
# with no spaces. You can also include any of the following characters:
|
2033
2034
|
# \_+=,.@-
|
@@ -2040,7 +2041,7 @@ module Aws::IAM
|
|
2040
2041
|
# The serial number that uniquely identifies the MFA device. For virtual
|
2041
2042
|
# MFA devices, the serial number is the device ARN.
|
2042
2043
|
#
|
2043
|
-
# This parameter allows (
|
2044
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
2044
2045
|
# characters consisting of upper and lowercase alphanumeric characters
|
2045
2046
|
# with no spaces. You can also include any of the following characters:
|
2046
2047
|
# =,.@:/-
|
@@ -2070,15 +2071,15 @@ module Aws::IAM
|
|
2070
2071
|
# Deletes the access key pair associated with the specified IAM user.
|
2071
2072
|
#
|
2072
2073
|
# If you do not specify a user name, IAM determines the user name
|
2073
|
-
# implicitly based on the AWS access key ID signing the request.
|
2074
|
-
#
|
2075
|
-
# use this operation to manage AWS account root user credentials
|
2076
|
-
# the AWS account has no associated users.
|
2074
|
+
# implicitly based on the AWS access key ID signing the request. This
|
2075
|
+
# operation works for access keys under the AWS account. Consequently,
|
2076
|
+
# you can use this operation to manage AWS account root user credentials
|
2077
|
+
# even if the AWS account has no associated users.
|
2077
2078
|
#
|
2078
2079
|
# @option params [String] :user_name
|
2079
2080
|
# The name of the user whose access key pair you want to delete.
|
2080
2081
|
#
|
2081
|
-
# This parameter allows (
|
2082
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
2082
2083
|
# characters consisting of upper and lowercase alphanumeric characters
|
2083
2084
|
# with no spaces. You can also include any of the following characters:
|
2084
2085
|
# \_+=,.@-
|
@@ -2091,7 +2092,7 @@ module Aws::IAM
|
|
2091
2092
|
# The access key ID for the access key ID and secret access key you want
|
2092
2093
|
# to delete.
|
2093
2094
|
#
|
2094
|
-
# This parameter allows (
|
2095
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
2095
2096
|
# characters that can consist of any upper or lowercased letter or
|
2096
2097
|
# digit.
|
2097
2098
|
#
|
@@ -2138,7 +2139,7 @@ module Aws::IAM
|
|
2138
2139
|
# @option params [required, String] :account_alias
|
2139
2140
|
# The name of the account alias to delete.
|
2140
2141
|
#
|
2141
|
-
# This parameter allows (
|
2142
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
2142
2143
|
# characters consisting of lowercase letters, digits, and dashes. You
|
2143
2144
|
# cannot start or finish with a dash, nor can you have two dashes in a
|
2144
2145
|
# row.
|
@@ -2201,7 +2202,7 @@ module Aws::IAM
|
|
2201
2202
|
# @option params [required, String] :group_name
|
2202
2203
|
# The name of the IAM group to delete.
|
2203
2204
|
#
|
2204
|
-
# This parameter allows (
|
2205
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
2205
2206
|
# characters consisting of upper and lowercase alphanumeric characters
|
2206
2207
|
# with no spaces. You can also include any of the following characters:
|
2207
2208
|
# \_+=,.@-
|
@@ -2243,7 +2244,7 @@ module Aws::IAM
|
|
2243
2244
|
# The name (friendly name, not ARN) identifying the group that the
|
2244
2245
|
# policy is embedded in.
|
2245
2246
|
#
|
2246
|
-
# This parameter allows (
|
2247
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
2247
2248
|
# characters consisting of upper and lowercase alphanumeric characters
|
2248
2249
|
# with no spaces. You can also include any of the following characters:
|
2249
2250
|
# \_+=,.@-
|
@@ -2255,7 +2256,7 @@ module Aws::IAM
|
|
2255
2256
|
# @option params [required, String] :policy_name
|
2256
2257
|
# The name identifying the policy document to delete.
|
2257
2258
|
#
|
2258
|
-
# This parameter allows (
|
2259
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
2259
2260
|
# characters consisting of upper and lowercase alphanumeric characters
|
2260
2261
|
# with no spaces. You can also include any of the following characters:
|
2261
2262
|
# \_+=,.@-
|
@@ -2310,7 +2311,7 @@ module Aws::IAM
|
|
2310
2311
|
# @option params [required, String] :instance_profile_name
|
2311
2312
|
# The name of the instance profile to delete.
|
2312
2313
|
#
|
2313
|
-
# This parameter allows (
|
2314
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
2314
2315
|
# characters consisting of upper and lowercase alphanumeric characters
|
2315
2316
|
# with no spaces. You can also include any of the following characters:
|
2316
2317
|
# \_+=,.@-
|
@@ -2351,14 +2352,14 @@ module Aws::IAM
|
|
2351
2352
|
#
|
2352
2353
|
# Deleting a user's password does not prevent a user from accessing AWS
|
2353
2354
|
# through the command line interface or the API. To prevent all user
|
2354
|
-
# access you must also either make any access keys inactive or delete
|
2355
|
+
# access, you must also either make any access keys inactive or delete
|
2355
2356
|
# them. For more information about making keys inactive or deleting
|
2356
2357
|
# them, see UpdateAccessKey and DeleteAccessKey.
|
2357
2358
|
#
|
2358
2359
|
# @option params [required, String] :user_name
|
2359
2360
|
# The name of the user whose password you want to delete.
|
2360
2361
|
#
|
2361
|
-
# This parameter allows (
|
2362
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
2362
2363
|
# characters consisting of upper and lowercase alphanumeric characters
|
2363
2364
|
# with no spaces. You can also include any of the following characters:
|
2364
2365
|
# \_+=,.@-
|
@@ -2430,7 +2431,7 @@ module Aws::IAM
|
|
2430
2431
|
#
|
2431
2432
|
# Before you can delete a managed policy, you must first detach the
|
2432
2433
|
# policy from all users, groups, and roles that it is attached to. In
|
2433
|
-
# addition you must delete all the policy's versions. The following
|
2434
|
+
# addition, you must delete all the policy's versions. The following
|
2434
2435
|
# steps describe the process for deleting a managed policy:
|
2435
2436
|
#
|
2436
2437
|
# * Detach the policy from all users, groups, and roles that the policy
|
@@ -2509,7 +2510,7 @@ module Aws::IAM
|
|
2509
2510
|
# @option params [required, String] :version_id
|
2510
2511
|
# The policy version to delete.
|
2511
2512
|
#
|
2512
|
-
# This parameter allows (
|
2513
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
2513
2514
|
# characters that consists of the lowercase letter 'v' followed by one
|
2514
2515
|
# or two digits, and optionally followed by a period '.' and a string
|
2515
2516
|
# of letters and digits.
|
@@ -2556,7 +2557,7 @@ module Aws::IAM
|
|
2556
2557
|
# @option params [required, String] :role_name
|
2557
2558
|
# The name of the role to delete.
|
2558
2559
|
#
|
2559
|
-
# This parameter allows (
|
2560
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
2560
2561
|
# characters consisting of upper and lowercase alphanumeric characters
|
2561
2562
|
# with no spaces. You can also include any of the following characters:
|
2562
2563
|
# \_+=,.@-
|
@@ -2634,7 +2635,7 @@ module Aws::IAM
|
|
2634
2635
|
# The name (friendly name, not ARN) identifying the role that the policy
|
2635
2636
|
# is embedded in.
|
2636
2637
|
#
|
2637
|
-
# This parameter allows (
|
2638
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
2638
2639
|
# characters consisting of upper and lowercase alphanumeric characters
|
2639
2640
|
# with no spaces. You can also include any of the following characters:
|
2640
2641
|
# \_+=,.@-
|
@@ -2646,7 +2647,7 @@ module Aws::IAM
|
|
2646
2647
|
# @option params [required, String] :policy_name
|
2647
2648
|
# The name of the inline policy to delete from the specified IAM role.
|
2648
2649
|
#
|
2649
|
-
# This parameter allows (
|
2650
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
2650
2651
|
# characters consisting of upper and lowercase alphanumeric characters
|
2651
2652
|
# with no spaces. You can also include any of the following characters:
|
2652
2653
|
# \_+=,.@-
|
@@ -2733,7 +2734,7 @@ module Aws::IAM
|
|
2733
2734
|
# @option params [required, String] :user_name
|
2734
2735
|
# The name of the IAM user associated with the SSH public key.
|
2735
2736
|
#
|
2736
|
-
# This parameter allows (
|
2737
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
2737
2738
|
# characters consisting of upper and lowercase alphanumeric characters
|
2738
2739
|
# with no spaces. You can also include any of the following characters:
|
2739
2740
|
# \_+=,.@-
|
@@ -2745,7 +2746,7 @@ module Aws::IAM
|
|
2745
2746
|
# @option params [required, String] :ssh_public_key_id
|
2746
2747
|
# The unique identifier for the SSH public key.
|
2747
2748
|
#
|
2748
|
-
# This parameter allows (
|
2749
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
2749
2750
|
# characters that can consist of any upper or lowercased letter or
|
2750
2751
|
# digit.
|
2751
2752
|
#
|
@@ -2796,7 +2797,7 @@ module Aws::IAM
|
|
2796
2797
|
# @option params [required, String] :server_certificate_name
|
2797
2798
|
# The name of the server certificate you want to delete.
|
2798
2799
|
#
|
2799
|
-
# This parameter allows (
|
2800
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
2800
2801
|
# characters consisting of upper and lowercase alphanumeric characters
|
2801
2802
|
# with no spaces. You can also include any of the following characters:
|
2802
2803
|
# \_+=,.@-
|
@@ -2882,7 +2883,7 @@ module Aws::IAM
|
|
2882
2883
|
# credential. If this value is not specified, then the operation assumes
|
2883
2884
|
# the user whose credentials are used to call the operation.
|
2884
2885
|
#
|
2885
|
-
# This parameter allows (
|
2886
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
2886
2887
|
# characters consisting of upper and lowercase alphanumeric characters
|
2887
2888
|
# with no spaces. You can also include any of the following characters:
|
2888
2889
|
# \_+=,.@-
|
@@ -2895,7 +2896,7 @@ module Aws::IAM
|
|
2895
2896
|
# The unique identifier of the service-specific credential. You can get
|
2896
2897
|
# this value by calling ListServiceSpecificCredentials.
|
2897
2898
|
#
|
2898
|
-
# This parameter allows (
|
2899
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
2899
2900
|
# characters that can consist of any upper or lowercased letter or
|
2900
2901
|
# digit.
|
2901
2902
|
#
|
@@ -2924,15 +2925,15 @@ module Aws::IAM
|
|
2924
2925
|
# Deletes a signing certificate associated with the specified IAM user.
|
2925
2926
|
#
|
2926
2927
|
# If you do not specify a user name, IAM determines the user name
|
2927
|
-
# implicitly based on the AWS access key ID signing the request.
|
2928
|
-
#
|
2929
|
-
# use this operation to manage AWS account root user credentials
|
2930
|
-
# the AWS account has no associated IAM users.
|
2928
|
+
# implicitly based on the AWS access key ID signing the request. This
|
2929
|
+
# operation works for access keys under the AWS account. Consequently,
|
2930
|
+
# you can use this operation to manage AWS account root user credentials
|
2931
|
+
# even if the AWS account has no associated IAM users.
|
2931
2932
|
#
|
2932
2933
|
# @option params [String] :user_name
|
2933
2934
|
# The name of the user the signing certificate belongs to.
|
2934
2935
|
#
|
2935
|
-
# This parameter allows (
|
2936
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
2936
2937
|
# characters consisting of upper and lowercase alphanumeric characters
|
2937
2938
|
# with no spaces. You can also include any of the following characters:
|
2938
2939
|
# \_+=,.@-
|
@@ -2981,12 +2982,13 @@ module Aws::IAM
|
|
2981
2982
|
end
|
2982
2983
|
|
2983
2984
|
# Deletes the specified IAM user. The user must not belong to any groups
|
2984
|
-
# or have any access keys, signing certificates,
|
2985
|
+
# or have any access keys, signing certificates, MFA devices enabled for
|
2986
|
+
# AWS, or attached policies.
|
2985
2987
|
#
|
2986
2988
|
# @option params [required, String] :user_name
|
2987
2989
|
# The name of the user to delete.
|
2988
2990
|
#
|
2989
|
-
# This parameter allows (
|
2991
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
2990
2992
|
# characters consisting of upper and lowercase alphanumeric characters
|
2991
2993
|
# with no spaces. You can also include any of the following characters:
|
2992
2994
|
# \_+=,.@-
|
@@ -3064,7 +3066,7 @@ module Aws::IAM
|
|
3064
3066
|
# The name (friendly name, not ARN) identifying the user that the policy
|
3065
3067
|
# is embedded in.
|
3066
3068
|
#
|
3067
|
-
# This parameter allows (
|
3069
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
3068
3070
|
# characters consisting of upper and lowercase alphanumeric characters
|
3069
3071
|
# with no spaces. You can also include any of the following characters:
|
3070
3072
|
# \_+=,.@-
|
@@ -3076,7 +3078,7 @@ module Aws::IAM
|
|
3076
3078
|
# @option params [required, String] :policy_name
|
3077
3079
|
# The name identifying the policy document to delete.
|
3078
3080
|
#
|
3079
|
-
# This parameter allows (
|
3081
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
3080
3082
|
# characters consisting of upper and lowercase alphanumeric characters
|
3081
3083
|
# with no spaces. You can also include any of the following characters:
|
3082
3084
|
# \_+=,.@-
|
@@ -3125,7 +3127,7 @@ module Aws::IAM
|
|
3125
3127
|
# The serial number that uniquely identifies the MFA device. For virtual
|
3126
3128
|
# MFA devices, the serial number is the same as the ARN.
|
3127
3129
|
#
|
3128
|
-
# This parameter allows (
|
3130
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
3129
3131
|
# characters consisting of upper and lowercase alphanumeric characters
|
3130
3132
|
# with no spaces. You can also include any of the following characters:
|
3131
3133
|
# =,.@:/-
|
@@ -3175,7 +3177,7 @@ module Aws::IAM
|
|
3175
3177
|
# The name (friendly name, not ARN) of the IAM group to detach the
|
3176
3178
|
# policy from.
|
3177
3179
|
#
|
3178
|
-
# This parameter allows (
|
3180
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
3179
3181
|
# characters consisting of upper and lowercase alphanumeric characters
|
3180
3182
|
# with no spaces. You can also include any of the following characters:
|
3181
3183
|
# \_+=,.@-
|
@@ -3227,7 +3229,7 @@ module Aws::IAM
|
|
3227
3229
|
# The name (friendly name, not ARN) of the IAM role to detach the policy
|
3228
3230
|
# from.
|
3229
3231
|
#
|
3230
|
-
# This parameter allows (
|
3232
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
3231
3233
|
# characters consisting of upper and lowercase alphanumeric characters
|
3232
3234
|
# with no spaces. You can also include any of the following characters:
|
3233
3235
|
# \_+=,.@-
|
@@ -3279,7 +3281,7 @@ module Aws::IAM
|
|
3279
3281
|
# The name (friendly name, not ARN) of the IAM user to detach the policy
|
3280
3282
|
# from.
|
3281
3283
|
#
|
3282
|
-
# This parameter allows (
|
3284
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
3283
3285
|
# characters consisting of upper and lowercase alphanumeric characters
|
3284
3286
|
# with no spaces. You can also include any of the following characters:
|
3285
3287
|
# \_+=,.@-
|
@@ -3323,7 +3325,7 @@ module Aws::IAM
|
|
3323
3325
|
# @option params [required, String] :user_name
|
3324
3326
|
# The name of the IAM user for whom you want to enable the MFA device.
|
3325
3327
|
#
|
3326
|
-
# This parameter allows (
|
3328
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
3327
3329
|
# characters consisting of upper and lowercase alphanumeric characters
|
3328
3330
|
# with no spaces. You can also include any of the following characters:
|
3329
3331
|
# \_+=,.@-
|
@@ -3336,7 +3338,7 @@ module Aws::IAM
|
|
3336
3338
|
# The serial number that uniquely identifies the MFA device. For virtual
|
3337
3339
|
# MFA devices, the serial number is the device ARN.
|
3338
3340
|
#
|
3339
|
-
# This parameter allows (
|
3341
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
3340
3342
|
# characters consisting of upper and lowercase alphanumeric characters
|
3341
3343
|
# with no spaces. You can also include any of the following characters:
|
3342
3344
|
# =,.@:/-
|
@@ -3424,6 +3426,109 @@ module Aws::IAM
|
|
3424
3426
|
req.send_request(options)
|
3425
3427
|
end
|
3426
3428
|
|
3429
|
+
# Generates a request for a report that includes details about when an
|
3430
|
+
# IAM resource (user, group, role, or policy) was last used in an
|
3431
|
+
# attempt to access AWS services. Recent activity usually appears within
|
3432
|
+
# four hours. IAM reports activity for the last 365 days, or less if
|
3433
|
+
# your region began supporting this feature within the last year. For
|
3434
|
+
# more information, see [Regions Where Data Is Tracked][1].
|
3435
|
+
#
|
3436
|
+
# The service last accessed data includes all attempts to access an AWS
|
3437
|
+
# API, not just the successful ones. This includes all attempts that
|
3438
|
+
# were made using the AWS Management Console, the AWS API through any of
|
3439
|
+
# the SDKs, or any of the command line tools. An unexpected entry in the
|
3440
|
+
# service last accessed data does not mean that your account has been
|
3441
|
+
# compromised, because the request might have been denied. Refer to your
|
3442
|
+
# CloudTrail logs as the authoritative source for information about all
|
3443
|
+
# API calls and whether they were successful or denied access. For more
|
3444
|
+
# information, see [Logging IAM Events with CloudTrail][2] in the *IAM
|
3445
|
+
# User Guide*.
|
3446
|
+
#
|
3447
|
+
# The `GenerateServiceLastAccessedDetails` operation returns a `JobId`.
|
3448
|
+
# Use this parameter in the following operations to retrieve the
|
3449
|
+
# following details from your report:
|
3450
|
+
#
|
3451
|
+
# * GetServiceLastAccessedDetails – Use this operation for users,
|
3452
|
+
# groups, roles, or policies to list every AWS service that the
|
3453
|
+
# resource could access using permissions policies. For each service,
|
3454
|
+
# the response includes information about the most recent access
|
3455
|
+
# attempt.
|
3456
|
+
#
|
3457
|
+
# * GetServiceLastAccessedDetailsWithEntities – Use this operation for
|
3458
|
+
# groups and policies to list information about the associated
|
3459
|
+
# entities (users or roles) that attempted to access a specific AWS
|
3460
|
+
# service.
|
3461
|
+
#
|
3462
|
+
# To check the status of the `GenerateServiceLastAccessedDetails`
|
3463
|
+
# request, use the `JobId` parameter in the same operations and test the
|
3464
|
+
# `JobStatus` response parameter.
|
3465
|
+
#
|
3466
|
+
# For additional information about the permissions policies that allow
|
3467
|
+
# an identity (user, group, or role) to access specific services, use
|
3468
|
+
# the ListPoliciesGrantingServiceAccess operation.
|
3469
|
+
#
|
3470
|
+
# <note markdown="1"> Service last accessed data does not use other policy types when
|
3471
|
+
# determining whether a resource could access a service. These other
|
3472
|
+
# policy types include resource-based policies, access control lists,
|
3473
|
+
# AWS Organizations policies, IAM permissions boundaries, and AWS STS
|
3474
|
+
# assume role policies. It only applies permissions policy logic. For
|
3475
|
+
# more about the evaluation of policy types, see [Evaluating
|
3476
|
+
# Policies][3] in the *IAM User Guide*.
|
3477
|
+
#
|
3478
|
+
# </note>
|
3479
|
+
#
|
3480
|
+
# For more information about service last accessed data, see [Reducing
|
3481
|
+
# Policy Scope by Viewing User Activity][4] in the *IAM User Guide*.
|
3482
|
+
#
|
3483
|
+
#
|
3484
|
+
#
|
3485
|
+
# [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#access-advisor_tracking-period
|
3486
|
+
# [2]: http://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-integration.html
|
3487
|
+
# [3]: http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-basics
|
3488
|
+
# [4]: http://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html
|
3489
|
+
#
|
3490
|
+
# @option params [required, String] :arn
|
3491
|
+
# The ARN of the IAM resource (user, group, role, or managed policy)
|
3492
|
+
# used to generate information about when the resource was last used in
|
3493
|
+
# an attempt to access an AWS service.
|
3494
|
+
#
|
3495
|
+
# @return [Types::GenerateServiceLastAccessedDetailsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
3496
|
+
#
|
3497
|
+
# * {Types::GenerateServiceLastAccessedDetailsResponse#job_id #job_id} => String
|
3498
|
+
#
|
3499
|
+
#
|
3500
|
+
# @example Example: To generate a service last accessed data report for a policy
|
3501
|
+
#
|
3502
|
+
# # The following operation generates a report for the policy: ExamplePolicy1
|
3503
|
+
#
|
3504
|
+
# resp = client.generate_service_last_accessed_details({
|
3505
|
+
# arn: "arn:aws:iam::123456789012:policy/ExamplePolicy1",
|
3506
|
+
# })
|
3507
|
+
#
|
3508
|
+
# resp.to_h outputs the following:
|
3509
|
+
# {
|
3510
|
+
# job_id: "examplef-1305-c245-eba4-71fe298bcda7",
|
3511
|
+
# }
|
3512
|
+
#
|
3513
|
+
# @example Request syntax with placeholder values
|
3514
|
+
#
|
3515
|
+
# resp = client.generate_service_last_accessed_details({
|
3516
|
+
# arn: "arnType", # required
|
3517
|
+
# })
|
3518
|
+
#
|
3519
|
+
# @example Response structure
|
3520
|
+
#
|
3521
|
+
# resp.job_id #=> String
|
3522
|
+
#
|
3523
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GenerateServiceLastAccessedDetails AWS API Documentation
|
3524
|
+
#
|
3525
|
+
# @overload generate_service_last_accessed_details(params = {})
|
3526
|
+
# @param [Hash] params ({})
|
3527
|
+
def generate_service_last_accessed_details(params = {}, options = {})
|
3528
|
+
req = build_request(:generate_service_last_accessed_details, params)
|
3529
|
+
req.send_request(options)
|
3530
|
+
end
|
3531
|
+
|
3427
3532
|
# Retrieves information about when the specified access key was last
|
3428
3533
|
# used. The information includes the date and time of last use, along
|
3429
3534
|
# with the AWS service and region that were specified in the last
|
@@ -3432,7 +3537,7 @@ module Aws::IAM
|
|
3432
3537
|
# @option params [required, String] :access_key_id
|
3433
3538
|
# The identifier of an access key.
|
3434
3539
|
#
|
3435
|
-
# This parameter allows (
|
3540
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
3436
3541
|
# characters that can consist of any upper or lowercased letter or
|
3437
3542
|
# digit.
|
3438
3543
|
#
|
@@ -3498,16 +3603,15 @@ module Aws::IAM
|
|
3498
3603
|
# valid values listed below.
|
3499
3604
|
#
|
3500
3605
|
# @option params [Integer] :max_items
|
3501
|
-
#
|
3502
|
-
#
|
3503
|
-
#
|
3504
|
-
# element is `true`.
|
3606
|
+
# Use this only when paginating results to indicate the maximum number
|
3607
|
+
# of items you want in the response. If additional items exist beyond
|
3608
|
+
# the maximum you specify, the `IsTruncated` response element is `true`.
|
3505
3609
|
#
|
3506
|
-
# If you do not include this parameter,
|
3507
|
-
# IAM might return fewer results, even when there are
|
3508
|
-
# available. In that case, the `IsTruncated` response
|
3509
|
-
# `true
|
3510
|
-
# that tells the service where to continue from.
|
3610
|
+
# If you do not include this parameter, the number of items defaults to
|
3611
|
+
# 100. Note that IAM might return fewer results, even when there are
|
3612
|
+
# more results available. In that case, the `IsTruncated` response
|
3613
|
+
# element returns `true`, and `Marker` contains a value to include in
|
3614
|
+
# the subsequent call that tells the service where to continue from.
|
3511
3615
|
#
|
3512
3616
|
# @option params [String] :marker
|
3513
3617
|
# Use this parameter only when paginating results and only after you
|
@@ -3548,11 +3652,11 @@ module Aws::IAM
|
|
3548
3652
|
# resp.user_detail_list[0].attached_managed_policies #=> Array
|
3549
3653
|
# resp.user_detail_list[0].attached_managed_policies[0].policy_name #=> String
|
3550
3654
|
# resp.user_detail_list[0].attached_managed_policies[0].policy_arn #=> String
|
3655
|
+
# resp.user_detail_list[0].permissions_boundary.permissions_boundary_type #=> String, one of "PermissionsBoundaryPolicy"
|
3656
|
+
# resp.user_detail_list[0].permissions_boundary.permissions_boundary_arn #=> String
|
3551
3657
|
# resp.user_detail_list[0].tags #=> Array
|
3552
3658
|
# resp.user_detail_list[0].tags[0].key #=> String
|
3553
3659
|
# resp.user_detail_list[0].tags[0].value #=> String
|
3554
|
-
# resp.user_detail_list[0].permissions_boundary.permissions_boundary_type #=> String, one of "PermissionsBoundaryPolicy"
|
3555
|
-
# resp.user_detail_list[0].permissions_boundary.permissions_boundary_arn #=> String
|
3556
3660
|
# resp.group_detail_list #=> Array
|
3557
3661
|
# resp.group_detail_list[0].path #=> String
|
3558
3662
|
# resp.group_detail_list[0].group_name #=> String
|
@@ -3586,23 +3690,23 @@ module Aws::IAM
|
|
3586
3690
|
# resp.role_detail_list[0].instance_profile_list[0].roles[0].create_date #=> Time
|
3587
3691
|
# resp.role_detail_list[0].instance_profile_list[0].roles[0].assume_role_policy_document #=> String
|
3588
3692
|
# resp.role_detail_list[0].instance_profile_list[0].roles[0].description #=> String
|
3589
|
-
# resp.role_detail_list[0].instance_profile_list[0].roles[0].tags #=> Array
|
3590
|
-
# resp.role_detail_list[0].instance_profile_list[0].roles[0].tags[0].key #=> String
|
3591
|
-
# resp.role_detail_list[0].instance_profile_list[0].roles[0].tags[0].value #=> String
|
3592
3693
|
# resp.role_detail_list[0].instance_profile_list[0].roles[0].max_session_duration #=> Integer
|
3593
3694
|
# resp.role_detail_list[0].instance_profile_list[0].roles[0].permissions_boundary.permissions_boundary_type #=> String, one of "PermissionsBoundaryPolicy"
|
3594
3695
|
# resp.role_detail_list[0].instance_profile_list[0].roles[0].permissions_boundary.permissions_boundary_arn #=> String
|
3696
|
+
# resp.role_detail_list[0].instance_profile_list[0].roles[0].tags #=> Array
|
3697
|
+
# resp.role_detail_list[0].instance_profile_list[0].roles[0].tags[0].key #=> String
|
3698
|
+
# resp.role_detail_list[0].instance_profile_list[0].roles[0].tags[0].value #=> String
|
3595
3699
|
# resp.role_detail_list[0].role_policy_list #=> Array
|
3596
3700
|
# resp.role_detail_list[0].role_policy_list[0].policy_name #=> String
|
3597
3701
|
# resp.role_detail_list[0].role_policy_list[0].policy_document #=> String
|
3598
3702
|
# resp.role_detail_list[0].attached_managed_policies #=> Array
|
3599
3703
|
# resp.role_detail_list[0].attached_managed_policies[0].policy_name #=> String
|
3600
3704
|
# resp.role_detail_list[0].attached_managed_policies[0].policy_arn #=> String
|
3705
|
+
# resp.role_detail_list[0].permissions_boundary.permissions_boundary_type #=> String, one of "PermissionsBoundaryPolicy"
|
3706
|
+
# resp.role_detail_list[0].permissions_boundary.permissions_boundary_arn #=> String
|
3601
3707
|
# resp.role_detail_list[0].tags #=> Array
|
3602
3708
|
# resp.role_detail_list[0].tags[0].key #=> String
|
3603
3709
|
# resp.role_detail_list[0].tags[0].value #=> String
|
3604
|
-
# resp.role_detail_list[0].permissions_boundary.permissions_boundary_type #=> String, one of "PermissionsBoundaryPolicy"
|
3605
|
-
# resp.role_detail_list[0].permissions_boundary.permissions_boundary_arn #=> String
|
3606
3710
|
# resp.policies #=> Array
|
3607
3711
|
# resp.policies[0].policy_name #=> String
|
3608
3712
|
# resp.policies[0].policy_id #=> String
|
@@ -3934,7 +4038,7 @@ module Aws::IAM
|
|
3934
4038
|
# @option params [required, String] :group_name
|
3935
4039
|
# The name of the group.
|
3936
4040
|
#
|
3937
|
-
# This parameter allows (
|
4041
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
3938
4042
|
# characters consisting of upper and lowercase alphanumeric characters
|
3939
4043
|
# with no spaces. You can also include any of the following characters:
|
3940
4044
|
# \_+=,.@-
|
@@ -3950,16 +4054,15 @@ module Aws::IAM
|
|
3950
4054
|
# to indicate where the next call should start.
|
3951
4055
|
#
|
3952
4056
|
# @option params [Integer] :max_items
|
3953
|
-
#
|
3954
|
-
#
|
3955
|
-
#
|
3956
|
-
# element is `true`.
|
4057
|
+
# Use this only when paginating results to indicate the maximum number
|
4058
|
+
# of items you want in the response. If additional items exist beyond
|
4059
|
+
# the maximum you specify, the `IsTruncated` response element is `true`.
|
3957
4060
|
#
|
3958
|
-
# If you do not include this parameter,
|
3959
|
-
# IAM might return fewer results, even when there are
|
3960
|
-
# available. In that case, the `IsTruncated` response
|
3961
|
-
# `true
|
3962
|
-
# that tells the service where to continue from.
|
4061
|
+
# If you do not include this parameter, the number of items defaults to
|
4062
|
+
# 100. Note that IAM might return fewer results, even when there are
|
4063
|
+
# more results available. In that case, the `IsTruncated` response
|
4064
|
+
# element returns `true`, and `Marker` contains a value to include in
|
4065
|
+
# the subsequent call that tells the service where to continue from.
|
3963
4066
|
#
|
3964
4067
|
# @return [Types::GetGroupResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
3965
4068
|
#
|
@@ -3990,11 +4093,11 @@ module Aws::IAM
|
|
3990
4093
|
# resp.users[0].arn #=> String
|
3991
4094
|
# resp.users[0].create_date #=> Time
|
3992
4095
|
# resp.users[0].password_last_used #=> Time
|
4096
|
+
# resp.users[0].permissions_boundary.permissions_boundary_type #=> String, one of "PermissionsBoundaryPolicy"
|
4097
|
+
# resp.users[0].permissions_boundary.permissions_boundary_arn #=> String
|
3993
4098
|
# resp.users[0].tags #=> Array
|
3994
4099
|
# resp.users[0].tags[0].key #=> String
|
3995
4100
|
# resp.users[0].tags[0].value #=> String
|
3996
|
-
# resp.users[0].permissions_boundary.permissions_boundary_type #=> String, one of "PermissionsBoundaryPolicy"
|
3997
|
-
# resp.users[0].permissions_boundary.permissions_boundary_arn #=> String
|
3998
4101
|
# resp.is_truncated #=> Boolean
|
3999
4102
|
# resp.marker #=> String
|
4000
4103
|
#
|
@@ -4034,7 +4137,7 @@ module Aws::IAM
|
|
4034
4137
|
# @option params [required, String] :group_name
|
4035
4138
|
# The name of the group the policy is associated with.
|
4036
4139
|
#
|
4037
|
-
# This parameter allows (
|
4140
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
4038
4141
|
# characters consisting of upper and lowercase alphanumeric characters
|
4039
4142
|
# with no spaces. You can also include any of the following characters:
|
4040
4143
|
# \_+=,.@-
|
@@ -4046,7 +4149,7 @@ module Aws::IAM
|
|
4046
4149
|
# @option params [required, String] :policy_name
|
4047
4150
|
# The name of the policy document to get.
|
4048
4151
|
#
|
4049
|
-
# This parameter allows (
|
4152
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
4050
4153
|
# characters consisting of upper and lowercase alphanumeric characters
|
4051
4154
|
# with no spaces. You can also include any of the following characters:
|
4052
4155
|
# \_+=,.@-
|
@@ -4095,7 +4198,7 @@ module Aws::IAM
|
|
4095
4198
|
# @option params [required, String] :instance_profile_name
|
4096
4199
|
# The name of the instance profile to get information about.
|
4097
4200
|
#
|
4098
|
-
# This parameter allows (
|
4201
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
4099
4202
|
# characters consisting of upper and lowercase alphanumeric characters
|
4100
4203
|
# with no spaces. You can also include any of the following characters:
|
4101
4204
|
# \_+=,.@-
|
@@ -4159,12 +4262,12 @@ module Aws::IAM
|
|
4159
4262
|
# resp.instance_profile.roles[0].create_date #=> Time
|
4160
4263
|
# resp.instance_profile.roles[0].assume_role_policy_document #=> String
|
4161
4264
|
# resp.instance_profile.roles[0].description #=> String
|
4162
|
-
# resp.instance_profile.roles[0].tags #=> Array
|
4163
|
-
# resp.instance_profile.roles[0].tags[0].key #=> String
|
4164
|
-
# resp.instance_profile.roles[0].tags[0].value #=> String
|
4165
4265
|
# resp.instance_profile.roles[0].max_session_duration #=> Integer
|
4166
4266
|
# resp.instance_profile.roles[0].permissions_boundary.permissions_boundary_type #=> String, one of "PermissionsBoundaryPolicy"
|
4167
4267
|
# resp.instance_profile.roles[0].permissions_boundary.permissions_boundary_arn #=> String
|
4268
|
+
# resp.instance_profile.roles[0].tags #=> Array
|
4269
|
+
# resp.instance_profile.roles[0].tags[0].key #=> String
|
4270
|
+
# resp.instance_profile.roles[0].tags[0].value #=> String
|
4168
4271
|
#
|
4169
4272
|
# @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetInstanceProfile AWS API Documentation
|
4170
4273
|
#
|
@@ -4182,7 +4285,7 @@ module Aws::IAM
|
|
4182
4285
|
# @option params [required, String] :user_name
|
4183
4286
|
# The name of the user whose login profile you want to retrieve.
|
4184
4287
|
#
|
4185
|
-
# This parameter allows (
|
4288
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
4186
4289
|
# characters consisting of upper and lowercase alphanumeric characters
|
4187
4290
|
# with no spaces. You can also include any of the following characters:
|
4188
4291
|
# \_+=,.@-
|
@@ -4386,7 +4489,7 @@ module Aws::IAM
|
|
4386
4489
|
# @option params [required, String] :version_id
|
4387
4490
|
# Identifies the policy version to retrieve.
|
4388
4491
|
#
|
4389
|
-
# This parameter allows (
|
4492
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
4390
4493
|
# characters that consists of the lowercase letter 'v' followed by one
|
4391
4494
|
# or two digits, and optionally followed by a period '.' and a string
|
4392
4495
|
# of letters and digits.
|
@@ -4443,7 +4546,7 @@ module Aws::IAM
|
|
4443
4546
|
# @option params [required, String] :role_name
|
4444
4547
|
# The name of the IAM role to get information about.
|
4445
4548
|
#
|
4446
|
-
# This parameter allows (
|
4549
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
4447
4550
|
# characters consisting of upper and lowercase alphanumeric characters
|
4448
4551
|
# with no spaces. You can also include any of the following characters:
|
4449
4552
|
# \_+=,.@-
|
@@ -4492,12 +4595,12 @@ module Aws::IAM
|
|
4492
4595
|
# resp.role.create_date #=> Time
|
4493
4596
|
# resp.role.assume_role_policy_document #=> String
|
4494
4597
|
# resp.role.description #=> String
|
4495
|
-
# resp.role.tags #=> Array
|
4496
|
-
# resp.role.tags[0].key #=> String
|
4497
|
-
# resp.role.tags[0].value #=> String
|
4498
4598
|
# resp.role.max_session_duration #=> Integer
|
4499
4599
|
# resp.role.permissions_boundary.permissions_boundary_type #=> String, one of "PermissionsBoundaryPolicy"
|
4500
4600
|
# resp.role.permissions_boundary.permissions_boundary_arn #=> String
|
4601
|
+
# resp.role.tags #=> Array
|
4602
|
+
# resp.role.tags[0].key #=> String
|
4603
|
+
# resp.role.tags[0].value #=> String
|
4501
4604
|
#
|
4502
4605
|
# @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetRole AWS API Documentation
|
4503
4606
|
#
|
@@ -4539,7 +4642,7 @@ module Aws::IAM
|
|
4539
4642
|
# @option params [required, String] :role_name
|
4540
4643
|
# The name of the role associated with the policy.
|
4541
4644
|
#
|
4542
|
-
# This parameter allows (
|
4645
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
4543
4646
|
# characters consisting of upper and lowercase alphanumeric characters
|
4544
4647
|
# with no spaces. You can also include any of the following characters:
|
4545
4648
|
# \_+=,.@-
|
@@ -4551,7 +4654,7 @@ module Aws::IAM
|
|
4551
4654
|
# @option params [required, String] :policy_name
|
4552
4655
|
# The name of the policy document to get.
|
4553
4656
|
#
|
4554
|
-
# This parameter allows (
|
4657
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
4555
4658
|
# characters consisting of upper and lowercase alphanumeric characters
|
4556
4659
|
# with no spaces. You can also include any of the following characters:
|
4557
4660
|
# \_+=,.@-
|
@@ -4653,7 +4756,7 @@ module Aws::IAM
|
|
4653
4756
|
# @option params [required, String] :user_name
|
4654
4757
|
# The name of the IAM user associated with the SSH public key.
|
4655
4758
|
#
|
4656
|
-
# This parameter allows (
|
4759
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
4657
4760
|
# characters consisting of upper and lowercase alphanumeric characters
|
4658
4761
|
# with no spaces. You can also include any of the following characters:
|
4659
4762
|
# \_+=,.@-
|
@@ -4665,7 +4768,7 @@ module Aws::IAM
|
|
4665
4768
|
# @option params [required, String] :ssh_public_key_id
|
4666
4769
|
# The unique identifier for the SSH public key.
|
4667
4770
|
#
|
4668
|
-
# This parameter allows (
|
4771
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
4669
4772
|
# characters that can consist of any upper or lowercased letter or
|
4670
4773
|
# digit.
|
4671
4774
|
#
|
@@ -4724,7 +4827,7 @@ module Aws::IAM
|
|
4724
4827
|
# The name of the server certificate you want to retrieve information
|
4725
4828
|
# about.
|
4726
4829
|
#
|
4727
|
-
# This parameter allows (
|
4830
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
4728
4831
|
# characters consisting of upper and lowercase alphanumeric characters
|
4729
4832
|
# with no spaces. You can also include any of the following characters:
|
4730
4833
|
# \_+=,.@-
|
@@ -4763,6 +4866,294 @@ module Aws::IAM
|
|
4763
4866
|
req.send_request(options)
|
4764
4867
|
end
|
4765
4868
|
|
4869
|
+
# After you generate a user, group, role, or policy report using the
|
4870
|
+
# `GenerateServiceLastAccessedDetails` operation, you can use the
|
4871
|
+
# `JobId` parameter in `GetServiceLastAccessedDetails`. This operation
|
4872
|
+
# retrieves the status of your report job and a list of AWS services
|
4873
|
+
# that the resource (user, group, role, or managed policy) can access.
|
4874
|
+
#
|
4875
|
+
# <note markdown="1"> Service last accessed data does not use other policy types when
|
4876
|
+
# determining whether a resource could access a service. These other
|
4877
|
+
# policy types include resource-based policies, access control lists,
|
4878
|
+
# AWS Organizations policies, IAM permissions boundaries, and AWS STS
|
4879
|
+
# assume role policies. It only applies permissions policy logic. For
|
4880
|
+
# more about the evaluation of policy types, see [Evaluating
|
4881
|
+
# Policies][1] in the *IAM User Guide*.
|
4882
|
+
#
|
4883
|
+
# </note>
|
4884
|
+
#
|
4885
|
+
# For each service that the resource could access using permissions
|
4886
|
+
# policies, the operation returns details about the most recent access
|
4887
|
+
# attempt. If there was no attempt, the service is listed without
|
4888
|
+
# details about the most recent attempt to access the service. If the
|
4889
|
+
# operation fails, the `GetServiceLastAccessedDetails` operation returns
|
4890
|
+
# the reason that it failed.
|
4891
|
+
#
|
4892
|
+
# The `GetServiceLastAccessedDetails` operation returns a list of
|
4893
|
+
# services that includes the number of entities that have attempted to
|
4894
|
+
# access the service and the date and time of the last attempt. It also
|
4895
|
+
# returns the ARN of the following entity, depending on the resource ARN
|
4896
|
+
# that you used to generate the report:
|
4897
|
+
#
|
4898
|
+
# * **User** – Returns the user ARN that you used to generate the report
|
4899
|
+
#
|
4900
|
+
# * **Group** – Returns the ARN of the group member (user) that last
|
4901
|
+
# attempted to access the service
|
4902
|
+
#
|
4903
|
+
# * **Role** – Returns the role ARN that you used to generate the report
|
4904
|
+
#
|
4905
|
+
# * **Policy** – Returns the ARN of the user or role that last used the
|
4906
|
+
# policy to attempt to access the service
|
4907
|
+
#
|
4908
|
+
# By default, the list is sorted by service namespace.
|
4909
|
+
#
|
4910
|
+
#
|
4911
|
+
#
|
4912
|
+
# [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-basics
|
4913
|
+
#
|
4914
|
+
# @option params [required, String] :job_id
|
4915
|
+
# The ID of the request generated by the
|
4916
|
+
# GenerateServiceLastAccessedDetails operation.
|
4917
|
+
#
|
4918
|
+
# @option params [Integer] :max_items
|
4919
|
+
# Use this only when paginating results to indicate the maximum number
|
4920
|
+
# of items you want in the response. If additional items exist beyond
|
4921
|
+
# the maximum you specify, the `IsTruncated` response element is `true`.
|
4922
|
+
#
|
4923
|
+
# If you do not include this parameter, the number of items defaults to
|
4924
|
+
# 100. Note that IAM might return fewer results, even when there are
|
4925
|
+
# more results available. In that case, the `IsTruncated` response
|
4926
|
+
# element returns `true`, and `Marker` contains a value to include in
|
4927
|
+
# the subsequent call that tells the service where to continue from.
|
4928
|
+
#
|
4929
|
+
# @option params [String] :marker
|
4930
|
+
# Use this parameter only when paginating results and only after you
|
4931
|
+
# receive a response indicating that the results are truncated. Set it
|
4932
|
+
# to the value of the `Marker` element in the response that you received
|
4933
|
+
# to indicate where the next call should start.
|
4934
|
+
#
|
4935
|
+
# @return [Types::GetServiceLastAccessedDetailsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
4936
|
+
#
|
4937
|
+
# * {Types::GetServiceLastAccessedDetailsResponse#job_status #job_status} => String
|
4938
|
+
# * {Types::GetServiceLastAccessedDetailsResponse#job_creation_date #job_creation_date} => Time
|
4939
|
+
# * {Types::GetServiceLastAccessedDetailsResponse#services_last_accessed #services_last_accessed} => Array<Types::ServiceLastAccessed>
|
4940
|
+
# * {Types::GetServiceLastAccessedDetailsResponse#job_completion_date #job_completion_date} => Time
|
4941
|
+
# * {Types::GetServiceLastAccessedDetailsResponse#is_truncated #is_truncated} => Boolean
|
4942
|
+
# * {Types::GetServiceLastAccessedDetailsResponse#marker #marker} => String
|
4943
|
+
# * {Types::GetServiceLastAccessedDetailsResponse#error #error} => Types::ErrorDetails
|
4944
|
+
#
|
4945
|
+
#
|
4946
|
+
# @example Example: To get details from a previously-generated report
|
4947
|
+
#
|
4948
|
+
# # The following operation gets details about the report with the job ID: examplef-1305-c245-eba4-71fe298bcda7
|
4949
|
+
#
|
4950
|
+
# resp = client.get_service_last_accessed_details({
|
4951
|
+
# job_id: "examplef-1305-c245-eba4-71fe298bcda7",
|
4952
|
+
# })
|
4953
|
+
#
|
4954
|
+
# resp.to_h outputs the following:
|
4955
|
+
# {
|
4956
|
+
# is_truncated: false,
|
4957
|
+
# job_completion_date: Time.parse("2018-10-24T19:47:35.241Z"),
|
4958
|
+
# job_creation_date: Time.parse("2018-10-24T19:47:31.466Z"),
|
4959
|
+
# job_status: "COMPLETED",
|
4960
|
+
# services_last_accessed: [
|
4961
|
+
# {
|
4962
|
+
# last_authenticated: Time.parse("2018-10-24T19:11:00Z"),
|
4963
|
+
# last_authenticated_entity: "arn:aws:iam::123456789012:user/AWSExampleUser01",
|
4964
|
+
# service_name: "AWS Identity and Access Management",
|
4965
|
+
# service_namespace: "iam",
|
4966
|
+
# total_authenticated_entities: 2,
|
4967
|
+
# },
|
4968
|
+
# {
|
4969
|
+
# service_name: "Amazon Simple Storage Service",
|
4970
|
+
# service_namespace: "s3",
|
4971
|
+
# total_authenticated_entities: 0,
|
4972
|
+
# },
|
4973
|
+
# ],
|
4974
|
+
# }
|
4975
|
+
#
|
4976
|
+
# @example Request syntax with placeholder values
|
4977
|
+
#
|
4978
|
+
# resp = client.get_service_last_accessed_details({
|
4979
|
+
# job_id: "jobIDType", # required
|
4980
|
+
# max_items: 1,
|
4981
|
+
# marker: "markerType",
|
4982
|
+
# })
|
4983
|
+
#
|
4984
|
+
# @example Response structure
|
4985
|
+
#
|
4986
|
+
# resp.job_status #=> String, one of "IN_PROGRESS", "COMPLETED", "FAILED"
|
4987
|
+
# resp.job_creation_date #=> Time
|
4988
|
+
# resp.services_last_accessed #=> Array
|
4989
|
+
# resp.services_last_accessed[0].service_name #=> String
|
4990
|
+
# resp.services_last_accessed[0].last_authenticated #=> Time
|
4991
|
+
# resp.services_last_accessed[0].service_namespace #=> String
|
4992
|
+
# resp.services_last_accessed[0].last_authenticated_entity #=> String
|
4993
|
+
# resp.services_last_accessed[0].total_authenticated_entities #=> Integer
|
4994
|
+
# resp.job_completion_date #=> Time
|
4995
|
+
# resp.is_truncated #=> Boolean
|
4996
|
+
# resp.marker #=> String
|
4997
|
+
# resp.error.message #=> String
|
4998
|
+
# resp.error.code #=> String
|
4999
|
+
#
|
5000
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetServiceLastAccessedDetails AWS API Documentation
|
5001
|
+
#
|
5002
|
+
# @overload get_service_last_accessed_details(params = {})
|
5003
|
+
# @param [Hash] params ({})
|
5004
|
+
def get_service_last_accessed_details(params = {}, options = {})
|
5005
|
+
req = build_request(:get_service_last_accessed_details, params)
|
5006
|
+
req.send_request(options)
|
5007
|
+
end
|
5008
|
+
|
5009
|
+
# After you generate a group or policy report using the
|
5010
|
+
# `GenerateServiceLastAccessedDetails` operation, you can use the
|
5011
|
+
# `JobId` parameter in `GetServiceLastAccessedDetailsWithEntities`. This
|
5012
|
+
# operation retrieves the status of your report job and a list of
|
5013
|
+
# entities that could have used group or policy permissions to access
|
5014
|
+
# the specified service.
|
5015
|
+
#
|
5016
|
+
# * **Group** – For a group report, this operation returns a list of
|
5017
|
+
# users in the group that could have used the group’s policies in an
|
5018
|
+
# attempt to access the service.
|
5019
|
+
#
|
5020
|
+
# * **Policy** – For a policy report, this operation returns a list of
|
5021
|
+
# entities (users or roles) that could have used the policy in an
|
5022
|
+
# attempt to access the service.
|
5023
|
+
#
|
5024
|
+
# You can also use this operation for user or role reports to retrieve
|
5025
|
+
# details about those entities.
|
5026
|
+
#
|
5027
|
+
# If the operation fails, the
|
5028
|
+
# `GetServiceLastAccessedDetailsWithEntities` operation returns the
|
5029
|
+
# reason that it failed.
|
5030
|
+
#
|
5031
|
+
# By default, the list of associated entities is sorted by date, with
|
5032
|
+
# the most recent access listed first.
|
5033
|
+
#
|
5034
|
+
# @option params [required, String] :job_id
|
5035
|
+
# The ID of the request generated by the
|
5036
|
+
# `GenerateServiceLastAccessedDetails` operation.
|
5037
|
+
#
|
5038
|
+
# @option params [required, String] :service_namespace
|
5039
|
+
# The service namespace for an AWS service. Provide the service
|
5040
|
+
# namespace to learn when the IAM entity last attempted to access the
|
5041
|
+
# specified service.
|
5042
|
+
#
|
5043
|
+
# To learn the service namespace for a service, go to [Actions,
|
5044
|
+
# Resources, and Condition Keys for AWS Services][1] in the *IAM User
|
5045
|
+
# Guide* and choose the name of the service to view details for that
|
5046
|
+
# service. In the first paragraph, find the service prefix. For example,
|
5047
|
+
# `(service prefix: a4b)`. For more information about service
|
5048
|
+
# namespaces, see [AWS Service Namespaces][2] in the *AWS General
|
5049
|
+
# Reference*.
|
5050
|
+
#
|
5051
|
+
#
|
5052
|
+
#
|
5053
|
+
# [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_actions-resources-contextkeys.html
|
5054
|
+
# [2]: http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#genref-aws-service-namespaces
|
5055
|
+
#
|
5056
|
+
# @option params [Integer] :max_items
|
5057
|
+
# Use this only when paginating results to indicate the maximum number
|
5058
|
+
# of items you want in the response. If additional items exist beyond
|
5059
|
+
# the maximum you specify, the `IsTruncated` response element is `true`.
|
5060
|
+
#
|
5061
|
+
# If you do not include this parameter, the number of items defaults to
|
5062
|
+
# 100. Note that IAM might return fewer results, even when there are
|
5063
|
+
# more results available. In that case, the `IsTruncated` response
|
5064
|
+
# element returns `true`, and `Marker` contains a value to include in
|
5065
|
+
# the subsequent call that tells the service where to continue from.
|
5066
|
+
#
|
5067
|
+
# @option params [String] :marker
|
5068
|
+
# Use this parameter only when paginating results and only after you
|
5069
|
+
# receive a response indicating that the results are truncated. Set it
|
5070
|
+
# to the value of the `Marker` element in the response that you received
|
5071
|
+
# to indicate where the next call should start.
|
5072
|
+
#
|
5073
|
+
# @return [Types::GetServiceLastAccessedDetailsWithEntitiesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
5074
|
+
#
|
5075
|
+
# * {Types::GetServiceLastAccessedDetailsWithEntitiesResponse#job_status #job_status} => String
|
5076
|
+
# * {Types::GetServiceLastAccessedDetailsWithEntitiesResponse#job_creation_date #job_creation_date} => Time
|
5077
|
+
# * {Types::GetServiceLastAccessedDetailsWithEntitiesResponse#job_completion_date #job_completion_date} => Time
|
5078
|
+
# * {Types::GetServiceLastAccessedDetailsWithEntitiesResponse#entity_details_list #entity_details_list} => Array<Types::EntityDetails>
|
5079
|
+
# * {Types::GetServiceLastAccessedDetailsWithEntitiesResponse#is_truncated #is_truncated} => Boolean
|
5080
|
+
# * {Types::GetServiceLastAccessedDetailsWithEntitiesResponse#marker #marker} => String
|
5081
|
+
# * {Types::GetServiceLastAccessedDetailsWithEntitiesResponse#error #error} => Types::ErrorDetails
|
5082
|
+
#
|
5083
|
+
#
|
5084
|
+
# @example Example: To get sntity details from a previously-generated report
|
5085
|
+
#
|
5086
|
+
# # The following operation returns details about the entities that attempted to access the IAM service.
|
5087
|
+
#
|
5088
|
+
# resp = client.get_service_last_accessed_details_with_entities({
|
5089
|
+
# job_id: "examplef-1305-c245-eba4-71fe298bcda7",
|
5090
|
+
# service_namespace: "iam",
|
5091
|
+
# })
|
5092
|
+
#
|
5093
|
+
# resp.to_h outputs the following:
|
5094
|
+
# {
|
5095
|
+
# entity_details_list: [
|
5096
|
+
# {
|
5097
|
+
# entity_info: {
|
5098
|
+
# arn: "arn:aws:iam::123456789012:user/AWSExampleUser01",
|
5099
|
+
# id: "AIDAEX2EXAMPLEB6IGCDC",
|
5100
|
+
# name: "AWSExampleUser01",
|
5101
|
+
# path: "/",
|
5102
|
+
# type: "USER",
|
5103
|
+
# },
|
5104
|
+
# last_authenticated: Time.parse("2018-10-24T19:10:00Z"),
|
5105
|
+
# },
|
5106
|
+
# {
|
5107
|
+
# entity_info: {
|
5108
|
+
# arn: "arn:aws:iam::123456789012:role/AWSExampleRole01",
|
5109
|
+
# id: "AROAEAEXAMPLEIANXSIU4",
|
5110
|
+
# name: "AWSExampleRole01",
|
5111
|
+
# path: "/",
|
5112
|
+
# type: "ROLE",
|
5113
|
+
# },
|
5114
|
+
# },
|
5115
|
+
# ],
|
5116
|
+
# is_truncated: false,
|
5117
|
+
# job_completion_date: Time.parse("2018-10-24T19:47:35.241Z"),
|
5118
|
+
# job_creation_date: Time.parse("2018-10-24T19:47:31.466Z"),
|
5119
|
+
# job_status: "COMPLETED",
|
5120
|
+
# }
|
5121
|
+
#
|
5122
|
+
# @example Request syntax with placeholder values
|
5123
|
+
#
|
5124
|
+
# resp = client.get_service_last_accessed_details_with_entities({
|
5125
|
+
# job_id: "jobIDType", # required
|
5126
|
+
# service_namespace: "serviceNamespaceType", # required
|
5127
|
+
# max_items: 1,
|
5128
|
+
# marker: "markerType",
|
5129
|
+
# })
|
5130
|
+
#
|
5131
|
+
# @example Response structure
|
5132
|
+
#
|
5133
|
+
# resp.job_status #=> String, one of "IN_PROGRESS", "COMPLETED", "FAILED"
|
5134
|
+
# resp.job_creation_date #=> Time
|
5135
|
+
# resp.job_completion_date #=> Time
|
5136
|
+
# resp.entity_details_list #=> Array
|
5137
|
+
# resp.entity_details_list[0].entity_info.arn #=> String
|
5138
|
+
# resp.entity_details_list[0].entity_info.name #=> String
|
5139
|
+
# resp.entity_details_list[0].entity_info.type #=> String, one of "USER", "ROLE", "GROUP"
|
5140
|
+
# resp.entity_details_list[0].entity_info.id #=> String
|
5141
|
+
# resp.entity_details_list[0].entity_info.path #=> String
|
5142
|
+
# resp.entity_details_list[0].last_authenticated #=> Time
|
5143
|
+
# resp.is_truncated #=> Boolean
|
5144
|
+
# resp.marker #=> String
|
5145
|
+
# resp.error.message #=> String
|
5146
|
+
# resp.error.code #=> String
|
5147
|
+
#
|
5148
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetServiceLastAccessedDetailsWithEntities AWS API Documentation
|
5149
|
+
#
|
5150
|
+
# @overload get_service_last_accessed_details_with_entities(params = {})
|
5151
|
+
# @param [Hash] params ({})
|
5152
|
+
def get_service_last_accessed_details_with_entities(params = {}, options = {})
|
5153
|
+
req = build_request(:get_service_last_accessed_details_with_entities, params)
|
5154
|
+
req.send_request(options)
|
5155
|
+
end
|
5156
|
+
|
4766
5157
|
# Retrieves the status of your service-linked role deletion. After you
|
4767
5158
|
# use the DeleteServiceLinkedRole API operation to submit a
|
4768
5159
|
# service-linked role for deletion, you can use the `DeletionTaskId`
|
@@ -4815,7 +5206,7 @@ module Aws::IAM
|
|
4815
5206
|
# The name of the user to get information about.
|
4816
5207
|
#
|
4817
5208
|
# This parameter is optional. If it is not included, it defaults to the
|
4818
|
-
# user making the request. This parameter allows (
|
5209
|
+
# user making the request. This parameter allows (through its [regex
|
4819
5210
|
# pattern][1]) a string of characters consisting of upper and lowercase
|
4820
5211
|
# alphanumeric characters with no spaces. You can also include any of
|
4821
5212
|
# the following characters: \_+=,.@-
|
@@ -4862,11 +5253,11 @@ module Aws::IAM
|
|
4862
5253
|
# resp.user.arn #=> String
|
4863
5254
|
# resp.user.create_date #=> Time
|
4864
5255
|
# resp.user.password_last_used #=> Time
|
5256
|
+
# resp.user.permissions_boundary.permissions_boundary_type #=> String, one of "PermissionsBoundaryPolicy"
|
5257
|
+
# resp.user.permissions_boundary.permissions_boundary_arn #=> String
|
4865
5258
|
# resp.user.tags #=> Array
|
4866
5259
|
# resp.user.tags[0].key #=> String
|
4867
5260
|
# resp.user.tags[0].value #=> String
|
4868
|
-
# resp.user.permissions_boundary.permissions_boundary_type #=> String, one of "PermissionsBoundaryPolicy"
|
4869
|
-
# resp.user.permissions_boundary.permissions_boundary_arn #=> String
|
4870
5261
|
#
|
4871
5262
|
# @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetUser AWS API Documentation
|
4872
5263
|
#
|
@@ -4904,7 +5295,7 @@ module Aws::IAM
|
|
4904
5295
|
# @option params [required, String] :user_name
|
4905
5296
|
# The name of the user who the policy is associated with.
|
4906
5297
|
#
|
4907
|
-
# This parameter allows (
|
5298
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
4908
5299
|
# characters consisting of upper and lowercase alphanumeric characters
|
4909
5300
|
# with no spaces. You can also include any of the following characters:
|
4910
5301
|
# \_+=,.@-
|
@@ -4916,7 +5307,7 @@ module Aws::IAM
|
|
4916
5307
|
# @option params [required, String] :policy_name
|
4917
5308
|
# The name of the policy document to get.
|
4918
5309
|
#
|
4919
|
-
# This parameter allows (
|
5310
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
4920
5311
|
# characters consisting of upper and lowercase alphanumeric characters
|
4921
5312
|
# with no spaces. You can also include any of the following characters:
|
4922
5313
|
# \_+=,.@-
|
@@ -4954,7 +5345,7 @@ module Aws::IAM
|
|
4954
5345
|
end
|
4955
5346
|
|
4956
5347
|
# Returns information about the access key IDs associated with the
|
4957
|
-
# specified IAM user. If there
|
5348
|
+
# specified IAM user. If there is none, the operation returns an empty
|
4958
5349
|
# list.
|
4959
5350
|
#
|
4960
5351
|
# Although each user is limited to a small number of keys, you can still
|
@@ -4962,9 +5353,9 @@ module Aws::IAM
|
|
4962
5353
|
#
|
4963
5354
|
# If the `UserName` field is not specified, the user name is determined
|
4964
5355
|
# implicitly based on the AWS access key ID used to sign the request.
|
4965
|
-
#
|
4966
|
-
# you can use this operation to manage AWS account root
|
4967
|
-
# even if the AWS account has no associated users.
|
5356
|
+
# This operation works for access keys under the AWS account.
|
5357
|
+
# Consequently, you can use this operation to manage AWS account root
|
5358
|
+
# user credentials even if the AWS account has no associated users.
|
4968
5359
|
#
|
4969
5360
|
# <note markdown="1"> To ensure the security of your AWS account, the secret access key is
|
4970
5361
|
# accessible only during key and user creation.
|
@@ -4974,7 +5365,7 @@ module Aws::IAM
|
|
4974
5365
|
# @option params [String] :user_name
|
4975
5366
|
# The name of the user.
|
4976
5367
|
#
|
4977
|
-
# This parameter allows (
|
5368
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
4978
5369
|
# characters consisting of upper and lowercase alphanumeric characters
|
4979
5370
|
# with no spaces. You can also include any of the following characters:
|
4980
5371
|
# \_+=,.@-
|
@@ -4990,16 +5381,15 @@ module Aws::IAM
|
|
4990
5381
|
# to indicate where the next call should start.
|
4991
5382
|
#
|
4992
5383
|
# @option params [Integer] :max_items
|
4993
|
-
#
|
4994
|
-
#
|
4995
|
-
#
|
4996
|
-
# element is `true`.
|
5384
|
+
# Use this only when paginating results to indicate the maximum number
|
5385
|
+
# of items you want in the response. If additional items exist beyond
|
5386
|
+
# the maximum you specify, the `IsTruncated` response element is `true`.
|
4997
5387
|
#
|
4998
|
-
# If you do not include this parameter,
|
4999
|
-
# IAM might return fewer results, even when there are
|
5000
|
-
# available. In that case, the `IsTruncated` response
|
5001
|
-
# `true
|
5002
|
-
# that tells the service where to continue from.
|
5388
|
+
# If you do not include this parameter, the number of items defaults to
|
5389
|
+
# 100. Note that IAM might return fewer results, even when there are
|
5390
|
+
# more results available. In that case, the `IsTruncated` response
|
5391
|
+
# element returns `true`, and `Marker` contains a value to include in
|
5392
|
+
# the subsequent call that tells the service where to continue from.
|
5003
5393
|
#
|
5004
5394
|
# @return [Types::ListAccessKeysResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
5005
5395
|
#
|
@@ -5076,16 +5466,15 @@ module Aws::IAM
|
|
5076
5466
|
# to indicate where the next call should start.
|
5077
5467
|
#
|
5078
5468
|
# @option params [Integer] :max_items
|
5079
|
-
#
|
5080
|
-
#
|
5081
|
-
#
|
5082
|
-
# element is `true`.
|
5469
|
+
# Use this only when paginating results to indicate the maximum number
|
5470
|
+
# of items you want in the response. If additional items exist beyond
|
5471
|
+
# the maximum you specify, the `IsTruncated` response element is `true`.
|
5083
5472
|
#
|
5084
|
-
# If you do not include this parameter,
|
5085
|
-
# IAM might return fewer results, even when there are
|
5086
|
-
# available. In that case, the `IsTruncated` response
|
5087
|
-
# `true
|
5088
|
-
# that tells the service where to continue from.
|
5473
|
+
# If you do not include this parameter, the number of items defaults to
|
5474
|
+
# 100. Note that IAM might return fewer results, even when there are
|
5475
|
+
# more results available. In that case, the `IsTruncated` response
|
5476
|
+
# element returns `true`, and `Marker` contains a value to include in
|
5477
|
+
# the subsequent call that tells the service where to continue from.
|
5089
5478
|
#
|
5090
5479
|
# @return [Types::ListAccountAliasesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
5091
5480
|
#
|
@@ -5153,7 +5542,7 @@ module Aws::IAM
|
|
5153
5542
|
# The name (friendly name, not ARN) of the group to list attached
|
5154
5543
|
# policies for.
|
5155
5544
|
#
|
5156
|
-
# This parameter allows (
|
5545
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
5157
5546
|
# characters consisting of upper and lowercase alphanumeric characters
|
5158
5547
|
# with no spaces. You can also include any of the following characters:
|
5159
5548
|
# \_+=,.@-
|
@@ -5167,7 +5556,7 @@ module Aws::IAM
|
|
5167
5556
|
# If it is not included, it defaults to a slash (/), listing all
|
5168
5557
|
# policies.
|
5169
5558
|
#
|
5170
|
-
# This parameter allows (
|
5559
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
5171
5560
|
# characters consisting of either a forward slash (/) by itself or a
|
5172
5561
|
# string that must begin and end with forward slashes. In addition, it
|
5173
5562
|
# can contain any ASCII character from the ! (\\u0021) through the DEL
|
@@ -5185,16 +5574,15 @@ module Aws::IAM
|
|
5185
5574
|
# to indicate where the next call should start.
|
5186
5575
|
#
|
5187
5576
|
# @option params [Integer] :max_items
|
5188
|
-
#
|
5189
|
-
#
|
5190
|
-
#
|
5191
|
-
# element is `true`.
|
5577
|
+
# Use this only when paginating results to indicate the maximum number
|
5578
|
+
# of items you want in the response. If additional items exist beyond
|
5579
|
+
# the maximum you specify, the `IsTruncated` response element is `true`.
|
5192
5580
|
#
|
5193
|
-
# If you do not include this parameter,
|
5194
|
-
# IAM might return fewer results, even when there are
|
5195
|
-
# available. In that case, the `IsTruncated` response
|
5196
|
-
# `true
|
5197
|
-
# that tells the service where to continue from.
|
5581
|
+
# If you do not include this parameter, the number of items defaults to
|
5582
|
+
# 100. Note that IAM might return fewer results, even when there are
|
5583
|
+
# more results available. In that case, the `IsTruncated` response
|
5584
|
+
# element returns `true`, and `Marker` contains a value to include in
|
5585
|
+
# the subsequent call that tells the service where to continue from.
|
5198
5586
|
#
|
5199
5587
|
# @return [Types::ListAttachedGroupPoliciesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
5200
5588
|
#
|
@@ -5250,7 +5638,7 @@ module Aws::IAM
|
|
5250
5638
|
# The name (friendly name, not ARN) of the role to list attached
|
5251
5639
|
# policies for.
|
5252
5640
|
#
|
5253
|
-
# This parameter allows (
|
5641
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
5254
5642
|
# characters consisting of upper and lowercase alphanumeric characters
|
5255
5643
|
# with no spaces. You can also include any of the following characters:
|
5256
5644
|
# \_+=,.@-
|
@@ -5264,7 +5652,7 @@ module Aws::IAM
|
|
5264
5652
|
# If it is not included, it defaults to a slash (/), listing all
|
5265
5653
|
# policies.
|
5266
5654
|
#
|
5267
|
-
# This parameter allows (
|
5655
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
5268
5656
|
# characters consisting of either a forward slash (/) by itself or a
|
5269
5657
|
# string that must begin and end with forward slashes. In addition, it
|
5270
5658
|
# can contain any ASCII character from the ! (\\u0021) through the DEL
|
@@ -5282,16 +5670,15 @@ module Aws::IAM
|
|
5282
5670
|
# to indicate where the next call should start.
|
5283
5671
|
#
|
5284
5672
|
# @option params [Integer] :max_items
|
5285
|
-
#
|
5286
|
-
#
|
5287
|
-
#
|
5288
|
-
# element is `true`.
|
5673
|
+
# Use this only when paginating results to indicate the maximum number
|
5674
|
+
# of items you want in the response. If additional items exist beyond
|
5675
|
+
# the maximum you specify, the `IsTruncated` response element is `true`.
|
5289
5676
|
#
|
5290
|
-
# If you do not include this parameter,
|
5291
|
-
# IAM might return fewer results, even when there are
|
5292
|
-
# available. In that case, the `IsTruncated` response
|
5293
|
-
# `true
|
5294
|
-
# that tells the service where to continue from.
|
5677
|
+
# If you do not include this parameter, the number of items defaults to
|
5678
|
+
# 100. Note that IAM might return fewer results, even when there are
|
5679
|
+
# more results available. In that case, the `IsTruncated` response
|
5680
|
+
# element returns `true`, and `Marker` contains a value to include in
|
5681
|
+
# the subsequent call that tells the service where to continue from.
|
5295
5682
|
#
|
5296
5683
|
# @return [Types::ListAttachedRolePoliciesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
5297
5684
|
#
|
@@ -5347,7 +5734,7 @@ module Aws::IAM
|
|
5347
5734
|
# The name (friendly name, not ARN) of the user to list attached
|
5348
5735
|
# policies for.
|
5349
5736
|
#
|
5350
|
-
# This parameter allows (
|
5737
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
5351
5738
|
# characters consisting of upper and lowercase alphanumeric characters
|
5352
5739
|
# with no spaces. You can also include any of the following characters:
|
5353
5740
|
# \_+=,.@-
|
@@ -5361,7 +5748,7 @@ module Aws::IAM
|
|
5361
5748
|
# If it is not included, it defaults to a slash (/), listing all
|
5362
5749
|
# policies.
|
5363
5750
|
#
|
5364
|
-
# This parameter allows (
|
5751
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
5365
5752
|
# characters consisting of either a forward slash (/) by itself or a
|
5366
5753
|
# string that must begin and end with forward slashes. In addition, it
|
5367
5754
|
# can contain any ASCII character from the ! (\\u0021) through the DEL
|
@@ -5379,16 +5766,15 @@ module Aws::IAM
|
|
5379
5766
|
# to indicate where the next call should start.
|
5380
5767
|
#
|
5381
5768
|
# @option params [Integer] :max_items
|
5382
|
-
#
|
5383
|
-
#
|
5384
|
-
#
|
5385
|
-
# element is `true`.
|
5769
|
+
# Use this only when paginating results to indicate the maximum number
|
5770
|
+
# of items you want in the response. If additional items exist beyond
|
5771
|
+
# the maximum you specify, the `IsTruncated` response element is `true`.
|
5386
5772
|
#
|
5387
|
-
# If you do not include this parameter,
|
5388
|
-
# IAM might return fewer results, even when there are
|
5389
|
-
# available. In that case, the `IsTruncated` response
|
5390
|
-
# `true
|
5391
|
-
# that tells the service where to continue from.
|
5773
|
+
# If you do not include this parameter, the number of items defaults to
|
5774
|
+
# 100. Note that IAM might return fewer results, even when there are
|
5775
|
+
# more results available. In that case, the `IsTruncated` response
|
5776
|
+
# element returns `true`, and `Marker` contains a value to include in
|
5777
|
+
# the subsequent call that tells the service where to continue from.
|
5392
5778
|
#
|
5393
5779
|
# @return [Types::ListAttachedUserPoliciesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
5394
5780
|
#
|
@@ -5458,7 +5844,7 @@ module Aws::IAM
|
|
5458
5844
|
# If it is not included, it defaults to a slash (/), listing all
|
5459
5845
|
# entities.
|
5460
5846
|
#
|
5461
|
-
# This parameter allows (
|
5847
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
5462
5848
|
# characters consisting of either a forward slash (/) by itself or a
|
5463
5849
|
# string that must begin and end with forward slashes. In addition, it
|
5464
5850
|
# can contain any ASCII character from the ! (\\u0021) through the DEL
|
@@ -5487,16 +5873,15 @@ module Aws::IAM
|
|
5487
5873
|
# to indicate where the next call should start.
|
5488
5874
|
#
|
5489
5875
|
# @option params [Integer] :max_items
|
5490
|
-
#
|
5491
|
-
#
|
5492
|
-
#
|
5493
|
-
# element is `true`.
|
5876
|
+
# Use this only when paginating results to indicate the maximum number
|
5877
|
+
# of items you want in the response. If additional items exist beyond
|
5878
|
+
# the maximum you specify, the `IsTruncated` response element is `true`.
|
5494
5879
|
#
|
5495
|
-
# If you do not include this parameter,
|
5496
|
-
# IAM might return fewer results, even when there are
|
5497
|
-
# available. In that case, the `IsTruncated` response
|
5498
|
-
# `true
|
5499
|
-
# that tells the service where to continue from.
|
5880
|
+
# If you do not include this parameter, the number of items defaults to
|
5881
|
+
# 100. Note that IAM might return fewer results, even when there are
|
5882
|
+
# more results available. In that case, the `IsTruncated` response
|
5883
|
+
# element returns `true`, and `Marker` contains a value to include in
|
5884
|
+
# the subsequent call that tells the service where to continue from.
|
5500
5885
|
#
|
5501
5886
|
# @return [Types::ListEntitiesForPolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
5502
5887
|
#
|
@@ -5559,7 +5944,7 @@ module Aws::IAM
|
|
5559
5944
|
# @option params [required, String] :group_name
|
5560
5945
|
# The name of the group to list policies for.
|
5561
5946
|
#
|
5562
|
-
# This parameter allows (
|
5947
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
5563
5948
|
# characters consisting of upper and lowercase alphanumeric characters
|
5564
5949
|
# with no spaces. You can also include any of the following characters:
|
5565
5950
|
# \_+=,.@-
|
@@ -5575,16 +5960,15 @@ module Aws::IAM
|
|
5575
5960
|
# to indicate where the next call should start.
|
5576
5961
|
#
|
5577
5962
|
# @option params [Integer] :max_items
|
5578
|
-
#
|
5579
|
-
#
|
5580
|
-
#
|
5581
|
-
# element is `true`.
|
5963
|
+
# Use this only when paginating results to indicate the maximum number
|
5964
|
+
# of items you want in the response. If additional items exist beyond
|
5965
|
+
# the maximum you specify, the `IsTruncated` response element is `true`.
|
5582
5966
|
#
|
5583
|
-
# If you do not include this parameter,
|
5584
|
-
# IAM might return fewer results, even when there are
|
5585
|
-
# available. In that case, the `IsTruncated` response
|
5586
|
-
# `true
|
5587
|
-
# that tells the service where to continue from.
|
5967
|
+
# If you do not include this parameter, the number of items defaults to
|
5968
|
+
# 100. Note that IAM might return fewer results, even when there are
|
5969
|
+
# more results available. In that case, the `IsTruncated` response
|
5970
|
+
# element returns `true`, and `Marker` contains a value to include in
|
5971
|
+
# the subsequent call that tells the service where to continue from.
|
5588
5972
|
#
|
5589
5973
|
# @return [Types::ListGroupPoliciesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
5590
5974
|
#
|
@@ -5644,11 +6028,11 @@ module Aws::IAM
|
|
5644
6028
|
# with `/division_abc/subdivision_xyz/`.
|
5645
6029
|
#
|
5646
6030
|
# This parameter is optional. If it is not included, it defaults to a
|
5647
|
-
# slash (/), listing all groups. This parameter allows (
|
5648
|
-
# pattern][1]) a string of characters consisting of either a
|
5649
|
-
# slash (/) by itself or a string that must begin and end with
|
5650
|
-
# slashes. In addition, it can contain any ASCII character from
|
5651
|
-
# (\\u0021) through the DEL character (\\u007F), including most
|
6031
|
+
# slash (/), listing all groups. This parameter allows (through its
|
6032
|
+
# [regex pattern][1]) a string of characters consisting of either a
|
6033
|
+
# forward slash (/) by itself or a string that must begin and end with
|
6034
|
+
# forward slashes. In addition, it can contain any ASCII character from
|
6035
|
+
# the ! (\\u0021) through the DEL character (\\u007F), including most
|
5652
6036
|
# punctuation characters, digits, and upper and lowercased letters.
|
5653
6037
|
#
|
5654
6038
|
#
|
@@ -5662,16 +6046,15 @@ module Aws::IAM
|
|
5662
6046
|
# to indicate where the next call should start.
|
5663
6047
|
#
|
5664
6048
|
# @option params [Integer] :max_items
|
5665
|
-
#
|
5666
|
-
#
|
5667
|
-
#
|
5668
|
-
# element is `true`.
|
6049
|
+
# Use this only when paginating results to indicate the maximum number
|
6050
|
+
# of items you want in the response. If additional items exist beyond
|
6051
|
+
# the maximum you specify, the `IsTruncated` response element is `true`.
|
5669
6052
|
#
|
5670
|
-
# If you do not include this parameter,
|
5671
|
-
# IAM might return fewer results, even when there are
|
5672
|
-
# available. In that case, the `IsTruncated` response
|
5673
|
-
# `true
|
5674
|
-
# that tells the service where to continue from.
|
6053
|
+
# If you do not include this parameter, the number of items defaults to
|
6054
|
+
# 100. Note that IAM might return fewer results, even when there are
|
6055
|
+
# more results available. In that case, the `IsTruncated` response
|
6056
|
+
# element returns `true`, and `Marker` contains a value to include in
|
6057
|
+
# the subsequent call that tells the service where to continue from.
|
5675
6058
|
#
|
5676
6059
|
# @return [Types::ListGroupsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
5677
6060
|
#
|
@@ -5750,7 +6133,7 @@ module Aws::IAM
|
|
5750
6133
|
# @option params [required, String] :user_name
|
5751
6134
|
# The name of the user to list groups for.
|
5752
6135
|
#
|
5753
|
-
# This parameter allows (
|
6136
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
5754
6137
|
# characters consisting of upper and lowercase alphanumeric characters
|
5755
6138
|
# with no spaces. You can also include any of the following characters:
|
5756
6139
|
# \_+=,.@-
|
@@ -5766,16 +6149,15 @@ module Aws::IAM
|
|
5766
6149
|
# to indicate where the next call should start.
|
5767
6150
|
#
|
5768
6151
|
# @option params [Integer] :max_items
|
5769
|
-
#
|
5770
|
-
#
|
5771
|
-
#
|
5772
|
-
# element is `true`.
|
6152
|
+
# Use this only when paginating results to indicate the maximum number
|
6153
|
+
# of items you want in the response. If additional items exist beyond
|
6154
|
+
# the maximum you specify, the `IsTruncated` response element is `true`.
|
5773
6155
|
#
|
5774
|
-
# If you do not include this parameter,
|
5775
|
-
# IAM might return fewer results, even when there are
|
5776
|
-
# available. In that case, the `IsTruncated` response
|
5777
|
-
# `true
|
5778
|
-
# that tells the service where to continue from.
|
6156
|
+
# If you do not include this parameter, the number of items defaults to
|
6157
|
+
# 100. Note that IAM might return fewer results, even when there are
|
6158
|
+
# more results available. In that case, the `IsTruncated` response
|
6159
|
+
# element returns `true`, and `Marker` contains a value to include in
|
6160
|
+
# the subsequent call that tells the service where to continue from.
|
5779
6161
|
#
|
5780
6162
|
# @return [Types::ListGroupsForUserResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
5781
6163
|
#
|
@@ -5858,12 +6240,13 @@ module Aws::IAM
|
|
5858
6240
|
# path starts with `/application_abc/component_xyz/`.
|
5859
6241
|
#
|
5860
6242
|
# This parameter is optional. If it is not included, it defaults to a
|
5861
|
-
# slash (/), listing all instance profiles. This parameter allows
|
5862
|
-
# its [regex pattern][1]) a string of characters consisting of
|
5863
|
-
# forward slash (/) by itself or a string that must begin and
|
5864
|
-
# forward slashes. In addition, it can contain any ASCII
|
5865
|
-
# the ! (\\u0021) through the DEL character (\\u007F),
|
5866
|
-
# punctuation characters, digits, and upper and
|
6243
|
+
# slash (/), listing all instance profiles. This parameter allows
|
6244
|
+
# (through its [regex pattern][1]) a string of characters consisting of
|
6245
|
+
# either a forward slash (/) by itself or a string that must begin and
|
6246
|
+
# end with forward slashes. In addition, it can contain any ASCII
|
6247
|
+
# character from the ! (\\u0021) through the DEL character (\\u007F),
|
6248
|
+
# including most punctuation characters, digits, and upper and
|
6249
|
+
# lowercased letters.
|
5867
6250
|
#
|
5868
6251
|
#
|
5869
6252
|
#
|
@@ -5876,16 +6259,15 @@ module Aws::IAM
|
|
5876
6259
|
# to indicate where the next call should start.
|
5877
6260
|
#
|
5878
6261
|
# @option params [Integer] :max_items
|
5879
|
-
#
|
5880
|
-
#
|
5881
|
-
#
|
5882
|
-
# element is `true`.
|
6262
|
+
# Use this only when paginating results to indicate the maximum number
|
6263
|
+
# of items you want in the response. If additional items exist beyond
|
6264
|
+
# the maximum you specify, the `IsTruncated` response element is `true`.
|
5883
6265
|
#
|
5884
|
-
# If you do not include this parameter,
|
5885
|
-
# IAM might return fewer results, even when there are
|
5886
|
-
# available. In that case, the `IsTruncated` response
|
5887
|
-
# `true
|
5888
|
-
# that tells the service where to continue from.
|
6266
|
+
# If you do not include this parameter, the number of items defaults to
|
6267
|
+
# 100. Note that IAM might return fewer results, even when there are
|
6268
|
+
# more results available. In that case, the `IsTruncated` response
|
6269
|
+
# element returns `true`, and `Marker` contains a value to include in
|
6270
|
+
# the subsequent call that tells the service where to continue from.
|
5889
6271
|
#
|
5890
6272
|
# @return [Types::ListInstanceProfilesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
5891
6273
|
#
|
@@ -5917,12 +6299,12 @@ module Aws::IAM
|
|
5917
6299
|
# resp.instance_profiles[0].roles[0].create_date #=> Time
|
5918
6300
|
# resp.instance_profiles[0].roles[0].assume_role_policy_document #=> String
|
5919
6301
|
# resp.instance_profiles[0].roles[0].description #=> String
|
5920
|
-
# resp.instance_profiles[0].roles[0].tags #=> Array
|
5921
|
-
# resp.instance_profiles[0].roles[0].tags[0].key #=> String
|
5922
|
-
# resp.instance_profiles[0].roles[0].tags[0].value #=> String
|
5923
6302
|
# resp.instance_profiles[0].roles[0].max_session_duration #=> Integer
|
5924
6303
|
# resp.instance_profiles[0].roles[0].permissions_boundary.permissions_boundary_type #=> String, one of "PermissionsBoundaryPolicy"
|
5925
6304
|
# resp.instance_profiles[0].roles[0].permissions_boundary.permissions_boundary_arn #=> String
|
6305
|
+
# resp.instance_profiles[0].roles[0].tags #=> Array
|
6306
|
+
# resp.instance_profiles[0].roles[0].tags[0].key #=> String
|
6307
|
+
# resp.instance_profiles[0].roles[0].tags[0].value #=> String
|
5926
6308
|
# resp.is_truncated #=> Boolean
|
5927
6309
|
# resp.marker #=> String
|
5928
6310
|
#
|
@@ -5950,7 +6332,7 @@ module Aws::IAM
|
|
5950
6332
|
# @option params [required, String] :role_name
|
5951
6333
|
# The name of the role to list instance profiles for.
|
5952
6334
|
#
|
5953
|
-
# This parameter allows (
|
6335
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
5954
6336
|
# characters consisting of upper and lowercase alphanumeric characters
|
5955
6337
|
# with no spaces. You can also include any of the following characters:
|
5956
6338
|
# \_+=,.@-
|
@@ -5966,16 +6348,15 @@ module Aws::IAM
|
|
5966
6348
|
# to indicate where the next call should start.
|
5967
6349
|
#
|
5968
6350
|
# @option params [Integer] :max_items
|
5969
|
-
#
|
5970
|
-
#
|
5971
|
-
#
|
5972
|
-
# element is `true`.
|
6351
|
+
# Use this only when paginating results to indicate the maximum number
|
6352
|
+
# of items you want in the response. If additional items exist beyond
|
6353
|
+
# the maximum you specify, the `IsTruncated` response element is `true`.
|
5973
6354
|
#
|
5974
|
-
# If you do not include this parameter,
|
5975
|
-
# IAM might return fewer results, even when there are
|
5976
|
-
# available. In that case, the `IsTruncated` response
|
5977
|
-
# `true
|
5978
|
-
# that tells the service where to continue from.
|
6355
|
+
# If you do not include this parameter, the number of items defaults to
|
6356
|
+
# 100. Note that IAM might return fewer results, even when there are
|
6357
|
+
# more results available. In that case, the `IsTruncated` response
|
6358
|
+
# element returns `true`, and `Marker` contains a value to include in
|
6359
|
+
# the subsequent call that tells the service where to continue from.
|
5979
6360
|
#
|
5980
6361
|
# @return [Types::ListInstanceProfilesForRoleResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
5981
6362
|
#
|
@@ -6007,12 +6388,12 @@ module Aws::IAM
|
|
6007
6388
|
# resp.instance_profiles[0].roles[0].create_date #=> Time
|
6008
6389
|
# resp.instance_profiles[0].roles[0].assume_role_policy_document #=> String
|
6009
6390
|
# resp.instance_profiles[0].roles[0].description #=> String
|
6010
|
-
# resp.instance_profiles[0].roles[0].tags #=> Array
|
6011
|
-
# resp.instance_profiles[0].roles[0].tags[0].key #=> String
|
6012
|
-
# resp.instance_profiles[0].roles[0].tags[0].value #=> String
|
6013
6391
|
# resp.instance_profiles[0].roles[0].max_session_duration #=> Integer
|
6014
6392
|
# resp.instance_profiles[0].roles[0].permissions_boundary.permissions_boundary_type #=> String, one of "PermissionsBoundaryPolicy"
|
6015
6393
|
# resp.instance_profiles[0].roles[0].permissions_boundary.permissions_boundary_arn #=> String
|
6394
|
+
# resp.instance_profiles[0].roles[0].tags #=> Array
|
6395
|
+
# resp.instance_profiles[0].roles[0].tags[0].key #=> String
|
6396
|
+
# resp.instance_profiles[0].roles[0].tags[0].value #=> String
|
6016
6397
|
# resp.is_truncated #=> Boolean
|
6017
6398
|
# resp.marker #=> String
|
6018
6399
|
#
|
@@ -6037,7 +6418,7 @@ module Aws::IAM
|
|
6037
6418
|
# @option params [String] :user_name
|
6038
6419
|
# The name of the user whose MFA devices you want to list.
|
6039
6420
|
#
|
6040
|
-
# This parameter allows (
|
6421
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
6041
6422
|
# characters consisting of upper and lowercase alphanumeric characters
|
6042
6423
|
# with no spaces. You can also include any of the following characters:
|
6043
6424
|
# \_+=,.@-
|
@@ -6053,16 +6434,15 @@ module Aws::IAM
|
|
6053
6434
|
# to indicate where the next call should start.
|
6054
6435
|
#
|
6055
6436
|
# @option params [Integer] :max_items
|
6056
|
-
#
|
6057
|
-
#
|
6058
|
-
#
|
6059
|
-
# element is `true`.
|
6437
|
+
# Use this only when paginating results to indicate the maximum number
|
6438
|
+
# of items you want in the response. If additional items exist beyond
|
6439
|
+
# the maximum you specify, the `IsTruncated` response element is `true`.
|
6060
6440
|
#
|
6061
|
-
# If you do not include this parameter,
|
6062
|
-
# IAM might return fewer results, even when there are
|
6063
|
-
# available. In that case, the `IsTruncated` response
|
6064
|
-
# `true
|
6065
|
-
# that tells the service where to continue from.
|
6441
|
+
# If you do not include this parameter, the number of items defaults to
|
6442
|
+
# 100. Note that IAM might return fewer results, even when there are
|
6443
|
+
# more results available. In that case, the `IsTruncated` response
|
6444
|
+
# element returns `true`, and `Marker` contains a value to include in
|
6445
|
+
# the subsequent call that tells the service where to continue from.
|
6066
6446
|
#
|
6067
6447
|
# @return [Types::ListMFADevicesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
6068
6448
|
#
|
@@ -6158,12 +6538,12 @@ module Aws::IAM
|
|
6158
6538
|
# @option params [String] :path_prefix
|
6159
6539
|
# The path prefix for filtering the results. This parameter is optional.
|
6160
6540
|
# If it is not included, it defaults to a slash (/), listing all
|
6161
|
-
# policies. This parameter allows (
|
6162
|
-
# of characters consisting of either a forward slash (/) by
|
6163
|
-
# string that must begin and end with forward slashes. In
|
6164
|
-
# can contain any ASCII character from the ! (\\u0021)
|
6165
|
-
# character (\\u007F), including most punctuation
|
6166
|
-
# and upper and lowercased letters.
|
6541
|
+
# policies. This parameter allows (through its [regex pattern][1]) a
|
6542
|
+
# string of characters consisting of either a forward slash (/) by
|
6543
|
+
# itself or a string that must begin and end with forward slashes. In
|
6544
|
+
# addition, it can contain any ASCII character from the ! (\\u0021)
|
6545
|
+
# through the DEL character (\\u007F), including most punctuation
|
6546
|
+
# characters, digits, and upper and lowercased letters.
|
6167
6547
|
#
|
6168
6548
|
#
|
6169
6549
|
#
|
@@ -6187,16 +6567,15 @@ module Aws::IAM
|
|
6187
6567
|
# to indicate where the next call should start.
|
6188
6568
|
#
|
6189
6569
|
# @option params [Integer] :max_items
|
6190
|
-
#
|
6191
|
-
#
|
6192
|
-
#
|
6193
|
-
# element is `true`.
|
6570
|
+
# Use this only when paginating results to indicate the maximum number
|
6571
|
+
# of items you want in the response. If additional items exist beyond
|
6572
|
+
# the maximum you specify, the `IsTruncated` response element is `true`.
|
6194
6573
|
#
|
6195
|
-
# If you do not include this parameter,
|
6196
|
-
# IAM might return fewer results, even when there are
|
6197
|
-
# available. In that case, the `IsTruncated` response
|
6198
|
-
# `true
|
6199
|
-
# that tells the service where to continue from.
|
6574
|
+
# If you do not include this parameter, the number of items defaults to
|
6575
|
+
# 100. Note that IAM might return fewer results, even when there are
|
6576
|
+
# more results available. In that case, the `IsTruncated` response
|
6577
|
+
# element returns `true`, and `Marker` contains a value to include in
|
6578
|
+
# the subsequent call that tells the service where to continue from.
|
6200
6579
|
#
|
6201
6580
|
# @return [Types::ListPoliciesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
6202
6581
|
#
|
@@ -6241,6 +6620,159 @@ module Aws::IAM
|
|
6241
6620
|
req.send_request(options)
|
6242
6621
|
end
|
6243
6622
|
|
6623
|
+
# Retrieves a list of policies that the IAM identity (user, group, or
|
6624
|
+
# role) can use to access each specified service.
|
6625
|
+
#
|
6626
|
+
# <note markdown="1"> This operation does not use other policy types when determining
|
6627
|
+
# whether a resource could access a service. These other policy types
|
6628
|
+
# include resource-based policies, access control lists, AWS
|
6629
|
+
# Organizations policies, IAM permissions boundaries, and AWS STS assume
|
6630
|
+
# role policies. It only applies permissions policy logic. For more
|
6631
|
+
# about the evaluation of policy types, see [Evaluating Policies][1] in
|
6632
|
+
# the *IAM User Guide*.
|
6633
|
+
#
|
6634
|
+
# </note>
|
6635
|
+
#
|
6636
|
+
# The list of policies returned by the operation depends on the ARN of
|
6637
|
+
# the identity that you provide.
|
6638
|
+
#
|
6639
|
+
# * **User** – The list of policies includes the managed and inline
|
6640
|
+
# policies that are attached to the user directly. The list also
|
6641
|
+
# includes any additional managed and inline policies that are
|
6642
|
+
# attached to the group to which the user belongs.
|
6643
|
+
#
|
6644
|
+
# * **Group** – The list of policies includes only the managed and
|
6645
|
+
# inline policies that are attached to the group directly. Policies
|
6646
|
+
# that are attached to the group’s user are not included.
|
6647
|
+
#
|
6648
|
+
# * **Role** – The list of policies includes only the managed and inline
|
6649
|
+
# policies that are attached to the role.
|
6650
|
+
#
|
6651
|
+
# For each managed policy, this operation returns the ARN and policy
|
6652
|
+
# name. For each inline policy, it returns the policy name and the
|
6653
|
+
# entity to which it is attached. Inline policies do not have an ARN.
|
6654
|
+
# For more information about these policy types, see [Managed Policies
|
6655
|
+
# and Inline Policies][2] in the *IAM User Guide*.
|
6656
|
+
#
|
6657
|
+
# Policies that are attached to users and roles as permissions
|
6658
|
+
# boundaries are not returned. To view which managed policy is currently
|
6659
|
+
# used to set the permissions boundary for a user or role, use the
|
6660
|
+
# GetUser or GetRole operations.
|
6661
|
+
#
|
6662
|
+
#
|
6663
|
+
#
|
6664
|
+
# [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-basics
|
6665
|
+
# [2]: http://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html
|
6666
|
+
#
|
6667
|
+
# @option params [String] :marker
|
6668
|
+
# Use this parameter only when paginating results and only after you
|
6669
|
+
# receive a response indicating that the results are truncated. Set it
|
6670
|
+
# to the value of the `Marker` element in the response that you received
|
6671
|
+
# to indicate where the next call should start.
|
6672
|
+
#
|
6673
|
+
# @option params [required, String] :arn
|
6674
|
+
# The ARN of the IAM identity (user, group, or role) whose policies you
|
6675
|
+
# want to list.
|
6676
|
+
#
|
6677
|
+
# @option params [required, Array<String>] :service_namespaces
|
6678
|
+
# The service namespace for the AWS services whose policies you want to
|
6679
|
+
# list.
|
6680
|
+
#
|
6681
|
+
# To learn the service namespace for a service, go to [Actions,
|
6682
|
+
# Resources, and Condition Keys for AWS Services][1] in the *IAM User
|
6683
|
+
# Guide*. Choose the name of the service to view details for that
|
6684
|
+
# service. In the first paragraph, find the service prefix. For example,
|
6685
|
+
# `(service prefix: a4b)`. For more information about service
|
6686
|
+
# namespaces, see [AWS Service Namespaces][2] in the *AWS General
|
6687
|
+
# Reference*.
|
6688
|
+
#
|
6689
|
+
#
|
6690
|
+
#
|
6691
|
+
# [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_actions-resources-contextkeys.html
|
6692
|
+
# [2]: http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#genref-aws-service-namespaces
|
6693
|
+
#
|
6694
|
+
# @return [Types::ListPoliciesGrantingServiceAccessResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
6695
|
+
#
|
6696
|
+
# * {Types::ListPoliciesGrantingServiceAccessResponse#policies_granting_service_access #policies_granting_service_access} => Array<Types::ListPoliciesGrantingServiceAccessEntry>
|
6697
|
+
# * {Types::ListPoliciesGrantingServiceAccessResponse#is_truncated #is_truncated} => Boolean
|
6698
|
+
# * {Types::ListPoliciesGrantingServiceAccessResponse#marker #marker} => String
|
6699
|
+
#
|
6700
|
+
#
|
6701
|
+
# @example Example: To list policies that allow access to a service
|
6702
|
+
#
|
6703
|
+
# # The following operation lists policies that allow ExampleUser01 to access IAM or EC2.
|
6704
|
+
#
|
6705
|
+
# resp = client.list_policies_granting_service_access({
|
6706
|
+
# arn: "arn:aws:iam::123456789012:user/ExampleUser01",
|
6707
|
+
# service_namespaces: [
|
6708
|
+
# "iam",
|
6709
|
+
# "ec2",
|
6710
|
+
# ],
|
6711
|
+
# })
|
6712
|
+
#
|
6713
|
+
# resp.to_h outputs the following:
|
6714
|
+
# {
|
6715
|
+
# is_truncated: false,
|
6716
|
+
# policies_granting_service_access: [
|
6717
|
+
# {
|
6718
|
+
# policies: [
|
6719
|
+
# {
|
6720
|
+
# policy_arn: "arn:aws:iam::123456789012:policy/ExampleIamPolicy",
|
6721
|
+
# policy_name: "ExampleIamPolicy",
|
6722
|
+
# policy_type: "MANAGED",
|
6723
|
+
# },
|
6724
|
+
# {
|
6725
|
+
# entity_name: "AWSExampleGroup1",
|
6726
|
+
# entity_type: "GROUP",
|
6727
|
+
# policy_name: "ExampleGroup1Policy",
|
6728
|
+
# policy_type: "INLINE",
|
6729
|
+
# },
|
6730
|
+
# ],
|
6731
|
+
# service_namespace: "iam",
|
6732
|
+
# },
|
6733
|
+
# {
|
6734
|
+
# policies: [
|
6735
|
+
# {
|
6736
|
+
# policy_arn: "arn:aws:iam::123456789012:policy/ExampleEc2Policy",
|
6737
|
+
# policy_name: "ExampleEc2Policy",
|
6738
|
+
# policy_type: "MANAGED",
|
6739
|
+
# },
|
6740
|
+
# ],
|
6741
|
+
# service_namespace: "ec2",
|
6742
|
+
# },
|
6743
|
+
# ],
|
6744
|
+
# }
|
6745
|
+
#
|
6746
|
+
# @example Request syntax with placeholder values
|
6747
|
+
#
|
6748
|
+
# resp = client.list_policies_granting_service_access({
|
6749
|
+
# marker: "markerType",
|
6750
|
+
# arn: "arnType", # required
|
6751
|
+
# service_namespaces: ["serviceNamespaceType"], # required
|
6752
|
+
# })
|
6753
|
+
#
|
6754
|
+
# @example Response structure
|
6755
|
+
#
|
6756
|
+
# resp.policies_granting_service_access #=> Array
|
6757
|
+
# resp.policies_granting_service_access[0].service_namespace #=> String
|
6758
|
+
# resp.policies_granting_service_access[0].policies #=> Array
|
6759
|
+
# resp.policies_granting_service_access[0].policies[0].policy_name #=> String
|
6760
|
+
# resp.policies_granting_service_access[0].policies[0].policy_type #=> String, one of "INLINE", "MANAGED"
|
6761
|
+
# resp.policies_granting_service_access[0].policies[0].policy_arn #=> String
|
6762
|
+
# resp.policies_granting_service_access[0].policies[0].entity_type #=> String, one of "USER", "ROLE", "GROUP"
|
6763
|
+
# resp.policies_granting_service_access[0].policies[0].entity_name #=> String
|
6764
|
+
# resp.is_truncated #=> Boolean
|
6765
|
+
# resp.marker #=> String
|
6766
|
+
#
|
6767
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListPoliciesGrantingServiceAccess AWS API Documentation
|
6768
|
+
#
|
6769
|
+
# @overload list_policies_granting_service_access(params = {})
|
6770
|
+
# @param [Hash] params ({})
|
6771
|
+
def list_policies_granting_service_access(params = {}, options = {})
|
6772
|
+
req = build_request(:list_policies_granting_service_access, params)
|
6773
|
+
req.send_request(options)
|
6774
|
+
end
|
6775
|
+
|
6244
6776
|
# Lists information about the versions of the specified managed policy,
|
6245
6777
|
# including the version that is currently set as the policy's default
|
6246
6778
|
# version.
|
@@ -6270,16 +6802,15 @@ module Aws::IAM
|
|
6270
6802
|
# to indicate where the next call should start.
|
6271
6803
|
#
|
6272
6804
|
# @option params [Integer] :max_items
|
6273
|
-
#
|
6274
|
-
#
|
6275
|
-
#
|
6276
|
-
# element is `true`.
|
6805
|
+
# Use this only when paginating results to indicate the maximum number
|
6806
|
+
# of items you want in the response. If additional items exist beyond
|
6807
|
+
# the maximum you specify, the `IsTruncated` response element is `true`.
|
6277
6808
|
#
|
6278
|
-
# If you do not include this parameter,
|
6279
|
-
# IAM might return fewer results, even when there are
|
6280
|
-
# available. In that case, the `IsTruncated` response
|
6281
|
-
# `true
|
6282
|
-
# that tells the service where to continue from.
|
6809
|
+
# If you do not include this parameter, the number of items defaults to
|
6810
|
+
# 100. Note that IAM might return fewer results, even when there are
|
6811
|
+
# more results available. In that case, the `IsTruncated` response
|
6812
|
+
# element returns `true`, and `Marker` contains a value to include in
|
6813
|
+
# the subsequent call that tells the service where to continue from.
|
6283
6814
|
#
|
6284
6815
|
# @return [Types::ListPolicyVersionsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
6285
6816
|
#
|
@@ -6333,7 +6864,7 @@ module Aws::IAM
|
|
6333
6864
|
# @option params [required, String] :role_name
|
6334
6865
|
# The name of the role to list policies for.
|
6335
6866
|
#
|
6336
|
-
# This parameter allows (
|
6867
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
6337
6868
|
# characters consisting of upper and lowercase alphanumeric characters
|
6338
6869
|
# with no spaces. You can also include any of the following characters:
|
6339
6870
|
# \_+=,.@-
|
@@ -6349,16 +6880,15 @@ module Aws::IAM
|
|
6349
6880
|
# to indicate where the next call should start.
|
6350
6881
|
#
|
6351
6882
|
# @option params [Integer] :max_items
|
6352
|
-
#
|
6353
|
-
#
|
6354
|
-
#
|
6355
|
-
# element is `true`.
|
6883
|
+
# Use this only when paginating results to indicate the maximum number
|
6884
|
+
# of items you want in the response. If additional items exist beyond
|
6885
|
+
# the maximum you specify, the `IsTruncated` response element is `true`.
|
6356
6886
|
#
|
6357
|
-
# If you do not include this parameter,
|
6358
|
-
# IAM might return fewer results, even when there are
|
6359
|
-
# available. In that case, the `IsTruncated` response
|
6360
|
-
# `true
|
6361
|
-
# that tells the service where to continue from.
|
6887
|
+
# If you do not include this parameter, the number of items defaults to
|
6888
|
+
# 100. Note that IAM might return fewer results, even when there are
|
6889
|
+
# more results available. In that case, the `IsTruncated` response
|
6890
|
+
# element returns `true`, and `Marker` contains a value to include in
|
6891
|
+
# the subsequent call that tells the service where to continue from.
|
6362
6892
|
#
|
6363
6893
|
# @return [Types::ListRolePoliciesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
6364
6894
|
#
|
@@ -6500,11 +7030,11 @@ module Aws::IAM
|
|
6500
7030
|
# with `/application_abc/component_xyz/`.
|
6501
7031
|
#
|
6502
7032
|
# This parameter is optional. If it is not included, it defaults to a
|
6503
|
-
# slash (/), listing all roles. This parameter allows (
|
6504
|
-
# pattern][1]) a string of characters consisting of either a
|
6505
|
-
# slash (/) by itself or a string that must begin and end with
|
6506
|
-
# slashes. In addition, it can contain any ASCII character from
|
6507
|
-
# (\\u0021) through the DEL character (\\u007F), including most
|
7033
|
+
# slash (/), listing all roles. This parameter allows (through its
|
7034
|
+
# [regex pattern][1]) a string of characters consisting of either a
|
7035
|
+
# forward slash (/) by itself or a string that must begin and end with
|
7036
|
+
# forward slashes. In addition, it can contain any ASCII character from
|
7037
|
+
# the ! (\\u0021) through the DEL character (\\u007F), including most
|
6508
7038
|
# punctuation characters, digits, and upper and lowercased letters.
|
6509
7039
|
#
|
6510
7040
|
#
|
@@ -6518,16 +7048,15 @@ module Aws::IAM
|
|
6518
7048
|
# to indicate where the next call should start.
|
6519
7049
|
#
|
6520
7050
|
# @option params [Integer] :max_items
|
6521
|
-
#
|
6522
|
-
#
|
6523
|
-
#
|
6524
|
-
# element is `true`.
|
7051
|
+
# Use this only when paginating results to indicate the maximum number
|
7052
|
+
# of items you want in the response. If additional items exist beyond
|
7053
|
+
# the maximum you specify, the `IsTruncated` response element is `true`.
|
6525
7054
|
#
|
6526
|
-
# If you do not include this parameter,
|
6527
|
-
# IAM might return fewer results, even when there are
|
6528
|
-
# available. In that case, the `IsTruncated` response
|
6529
|
-
# `true
|
6530
|
-
# that tells the service where to continue from.
|
7055
|
+
# If you do not include this parameter, the number of items defaults to
|
7056
|
+
# 100. Note that IAM might return fewer results, even when there are
|
7057
|
+
# more results available. In that case, the `IsTruncated` response
|
7058
|
+
# element returns `true`, and `Marker` contains a value to include in
|
7059
|
+
# the subsequent call that tells the service where to continue from.
|
6531
7060
|
#
|
6532
7061
|
# @return [Types::ListRolesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
6533
7062
|
#
|
@@ -6553,12 +7082,12 @@ module Aws::IAM
|
|
6553
7082
|
# resp.roles[0].create_date #=> Time
|
6554
7083
|
# resp.roles[0].assume_role_policy_document #=> String
|
6555
7084
|
# resp.roles[0].description #=> String
|
6556
|
-
# resp.roles[0].tags #=> Array
|
6557
|
-
# resp.roles[0].tags[0].key #=> String
|
6558
|
-
# resp.roles[0].tags[0].value #=> String
|
6559
7085
|
# resp.roles[0].max_session_duration #=> Integer
|
6560
7086
|
# resp.roles[0].permissions_boundary.permissions_boundary_type #=> String, one of "PermissionsBoundaryPolicy"
|
6561
7087
|
# resp.roles[0].permissions_boundary.permissions_boundary_arn #=> String
|
7088
|
+
# resp.roles[0].tags #=> Array
|
7089
|
+
# resp.roles[0].tags[0].key #=> String
|
7090
|
+
# resp.roles[0].tags[0].value #=> String
|
6562
7091
|
# resp.is_truncated #=> Boolean
|
6563
7092
|
# resp.marker #=> String
|
6564
7093
|
#
|
@@ -6603,8 +7132,8 @@ module Aws::IAM
|
|
6603
7132
|
end
|
6604
7133
|
|
6605
7134
|
# Returns information about the SSH public keys associated with the
|
6606
|
-
# specified IAM user. If there
|
6607
|
-
# list.
|
7135
|
+
# specified IAM user. If there none exists, the operation returns an
|
7136
|
+
# empty list.
|
6608
7137
|
#
|
6609
7138
|
# The SSH public keys returned by this operation are used only for
|
6610
7139
|
# authenticating the IAM user to an AWS CodeCommit repository. For more
|
@@ -6624,7 +7153,7 @@ module Aws::IAM
|
|
6624
7153
|
# specified, the `UserName` field is determined implicitly based on the
|
6625
7154
|
# AWS access key used to sign the request.
|
6626
7155
|
#
|
6627
|
-
# This parameter allows (
|
7156
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
6628
7157
|
# characters consisting of upper and lowercase alphanumeric characters
|
6629
7158
|
# with no spaces. You can also include any of the following characters:
|
6630
7159
|
# \_+=,.@-
|
@@ -6640,16 +7169,15 @@ module Aws::IAM
|
|
6640
7169
|
# to indicate where the next call should start.
|
6641
7170
|
#
|
6642
7171
|
# @option params [Integer] :max_items
|
6643
|
-
#
|
6644
|
-
#
|
6645
|
-
#
|
6646
|
-
# element is `true`.
|
7172
|
+
# Use this only when paginating results to indicate the maximum number
|
7173
|
+
# of items you want in the response. If additional items exist beyond
|
7174
|
+
# the maximum you specify, the `IsTruncated` response element is `true`.
|
6647
7175
|
#
|
6648
|
-
# If you do not include this parameter,
|
6649
|
-
# IAM might return fewer results, even when there are
|
6650
|
-
# available. In that case, the `IsTruncated` response
|
6651
|
-
# `true
|
6652
|
-
# that tells the service where to continue from.
|
7176
|
+
# If you do not include this parameter, the number of items defaults to
|
7177
|
+
# 100. Note that IAM might return fewer results, even when there are
|
7178
|
+
# more results available. In that case, the `IsTruncated` response
|
7179
|
+
# element returns `true`, and `Marker` contains a value to include in
|
7180
|
+
# the subsequent call that tells the service where to continue from.
|
6653
7181
|
#
|
6654
7182
|
# @return [Types::ListSSHPublicKeysResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
6655
7183
|
#
|
@@ -6705,12 +7233,13 @@ module Aws::IAM
|
|
6705
7233
|
# path starts with `/company/servercerts`.
|
6706
7234
|
#
|
6707
7235
|
# This parameter is optional. If it is not included, it defaults to a
|
6708
|
-
# slash (/), listing all server certificates. This parameter allows
|
6709
|
-
# its [regex pattern][1]) a string of characters consisting of
|
6710
|
-
# forward slash (/) by itself or a string that must begin and
|
6711
|
-
# forward slashes. In addition, it can contain any ASCII
|
6712
|
-
# the ! (\\u0021) through the DEL character (\\u007F),
|
6713
|
-
# punctuation characters, digits, and upper and
|
7236
|
+
# slash (/), listing all server certificates. This parameter allows
|
7237
|
+
# (through its [regex pattern][1]) a string of characters consisting of
|
7238
|
+
# either a forward slash (/) by itself or a string that must begin and
|
7239
|
+
# end with forward slashes. In addition, it can contain any ASCII
|
7240
|
+
# character from the ! (\\u0021) through the DEL character (\\u007F),
|
7241
|
+
# including most punctuation characters, digits, and upper and
|
7242
|
+
# lowercased letters.
|
6714
7243
|
#
|
6715
7244
|
#
|
6716
7245
|
#
|
@@ -6723,16 +7252,15 @@ module Aws::IAM
|
|
6723
7252
|
# to indicate where the next call should start.
|
6724
7253
|
#
|
6725
7254
|
# @option params [Integer] :max_items
|
6726
|
-
#
|
6727
|
-
#
|
6728
|
-
#
|
6729
|
-
# element is `true`.
|
7255
|
+
# Use this only when paginating results to indicate the maximum number
|
7256
|
+
# of items you want in the response. If additional items exist beyond
|
7257
|
+
# the maximum you specify, the `IsTruncated` response element is `true`.
|
6730
7258
|
#
|
6731
|
-
# If you do not include this parameter,
|
6732
|
-
# IAM might return fewer results, even when there are
|
6733
|
-
# available. In that case, the `IsTruncated` response
|
6734
|
-
# `true
|
6735
|
-
# that tells the service where to continue from.
|
7259
|
+
# If you do not include this parameter, the number of items defaults to
|
7260
|
+
# 100. Note that IAM might return fewer results, even when there are
|
7261
|
+
# more results available. In that case, the `IsTruncated` response
|
7262
|
+
# element returns `true`, and `Marker` contains a value to include in
|
7263
|
+
# the subsequent call that tells the service where to continue from.
|
6736
7264
|
#
|
6737
7265
|
# @return [Types::ListServerCertificatesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
6738
7266
|
#
|
@@ -6770,8 +7298,8 @@ module Aws::IAM
|
|
6770
7298
|
end
|
6771
7299
|
|
6772
7300
|
# Returns information about the service-specific credentials associated
|
6773
|
-
# with the specified IAM user. If
|
6774
|
-
#
|
7301
|
+
# with the specified IAM user. If none exists, the operation returns an
|
7302
|
+
# empty list. The service-specific credentials returned by this
|
6775
7303
|
# operation are used only for authenticating the IAM user to a specific
|
6776
7304
|
# service. For more information about using service-specific credentials
|
6777
7305
|
# to authenticate to an AWS service, see [Set Up service-specific
|
@@ -6786,7 +7314,7 @@ module Aws::IAM
|
|
6786
7314
|
# information about. If this value is not specified, then the operation
|
6787
7315
|
# assumes the user whose credentials are used to call the operation.
|
6788
7316
|
#
|
6789
|
-
# This parameter allows (
|
7317
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
6790
7318
|
# characters consisting of upper and lowercase alphanumeric characters
|
6791
7319
|
# with no spaces. You can also include any of the following characters:
|
6792
7320
|
# \_+=,.@-
|
@@ -6831,8 +7359,8 @@ module Aws::IAM
|
|
6831
7359
|
end
|
6832
7360
|
|
6833
7361
|
# Returns information about the signing certificates associated with the
|
6834
|
-
# specified IAM user. If there
|
6835
|
-
# list.
|
7362
|
+
# specified IAM user. If there none exists, the operation returns an
|
7363
|
+
# empty list.
|
6836
7364
|
#
|
6837
7365
|
# Although each user is limited to a small number of signing
|
6838
7366
|
# certificates, you can still paginate the results using the `MaxItems`
|
@@ -6840,15 +7368,15 @@ module Aws::IAM
|
|
6840
7368
|
#
|
6841
7369
|
# If the `UserName` field is not specified, the user name is determined
|
6842
7370
|
# implicitly based on the AWS access key ID used to sign the request for
|
6843
|
-
# this API.
|
6844
|
-
#
|
6845
|
-
# credentials even if the AWS account has no associated users.
|
7371
|
+
# this API. This operation works for access keys under the AWS account.
|
7372
|
+
# Consequently, you can use this operation to manage AWS account root
|
7373
|
+
# user credentials even if the AWS account has no associated users.
|
6846
7374
|
#
|
6847
7375
|
# @option params [String] :user_name
|
6848
7376
|
# The name of the IAM user whose signing certificates you want to
|
6849
7377
|
# examine.
|
6850
7378
|
#
|
6851
|
-
# This parameter allows (
|
7379
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
6852
7380
|
# characters consisting of upper and lowercase alphanumeric characters
|
6853
7381
|
# with no spaces. You can also include any of the following characters:
|
6854
7382
|
# \_+=,.@-
|
@@ -6864,16 +7392,15 @@ module Aws::IAM
|
|
6864
7392
|
# to indicate where the next call should start.
|
6865
7393
|
#
|
6866
7394
|
# @option params [Integer] :max_items
|
6867
|
-
#
|
6868
|
-
#
|
6869
|
-
#
|
6870
|
-
# element is `true`.
|
7395
|
+
# Use this only when paginating results to indicate the maximum number
|
7396
|
+
# of items you want in the response. If additional items exist beyond
|
7397
|
+
# the maximum you specify, the `IsTruncated` response element is `true`.
|
6871
7398
|
#
|
6872
|
-
# If you do not include this parameter,
|
6873
|
-
# IAM might return fewer results, even when there are
|
6874
|
-
# available. In that case, the `IsTruncated` response
|
6875
|
-
# `true
|
6876
|
-
# that tells the service where to continue from.
|
7399
|
+
# If you do not include this parameter, the number of items defaults to
|
7400
|
+
# 100. Note that IAM might return fewer results, even when there are
|
7401
|
+
# more results available. In that case, the `IsTruncated` response
|
7402
|
+
# element returns `true`, and `Marker` contains a value to include in
|
7403
|
+
# the subsequent call that tells the service where to continue from.
|
6877
7404
|
#
|
6878
7405
|
# @return [Types::ListSigningCertificatesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
6879
7406
|
#
|
@@ -6950,7 +7477,7 @@ module Aws::IAM
|
|
6950
7477
|
# @option params [required, String] :user_name
|
6951
7478
|
# The name of the user to list policies for.
|
6952
7479
|
#
|
6953
|
-
# This parameter allows (
|
7480
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
6954
7481
|
# characters consisting of upper and lowercase alphanumeric characters
|
6955
7482
|
# with no spaces. You can also include any of the following characters:
|
6956
7483
|
# \_+=,.@-
|
@@ -6966,16 +7493,15 @@ module Aws::IAM
|
|
6966
7493
|
# to indicate where the next call should start.
|
6967
7494
|
#
|
6968
7495
|
# @option params [Integer] :max_items
|
6969
|
-
#
|
6970
|
-
#
|
6971
|
-
#
|
6972
|
-
# element is `true`.
|
7496
|
+
# Use this only when paginating results to indicate the maximum number
|
7497
|
+
# of items you want in the response. If additional items exist beyond
|
7498
|
+
# the maximum you specify, the `IsTruncated` response element is `true`.
|
6973
7499
|
#
|
6974
|
-
# If you do not include this parameter,
|
6975
|
-
# IAM might return fewer results, even when there are
|
6976
|
-
# available. In that case, the `IsTruncated` response
|
6977
|
-
# `true
|
6978
|
-
# that tells the service where to continue from.
|
7500
|
+
# If you do not include this parameter, the number of items defaults to
|
7501
|
+
# 100. Note that IAM might return fewer results, even when there are
|
7502
|
+
# more results available. In that case, the `IsTruncated` response
|
7503
|
+
# element returns `true`, and `Marker` contains a value to include in
|
7504
|
+
# the subsequent call that tells the service where to continue from.
|
6979
7505
|
#
|
6980
7506
|
# @return [Types::ListUserPoliciesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
6981
7507
|
#
|
@@ -7113,7 +7639,7 @@ module Aws::IAM
|
|
7113
7639
|
# path starts with `/division_abc/subdivision_xyz/`.
|
7114
7640
|
#
|
7115
7641
|
# This parameter is optional. If it is not included, it defaults to a
|
7116
|
-
# slash (/), listing all user names. This parameter allows (
|
7642
|
+
# slash (/), listing all user names. This parameter allows (through its
|
7117
7643
|
# [regex pattern][1]) a string of characters consisting of either a
|
7118
7644
|
# forward slash (/) by itself or a string that must begin and end with
|
7119
7645
|
# forward slashes. In addition, it can contain any ASCII character from
|
@@ -7131,16 +7657,15 @@ module Aws::IAM
|
|
7131
7657
|
# to indicate where the next call should start.
|
7132
7658
|
#
|
7133
7659
|
# @option params [Integer] :max_items
|
7134
|
-
#
|
7135
|
-
#
|
7136
|
-
#
|
7137
|
-
# element is `true`.
|
7660
|
+
# Use this only when paginating results to indicate the maximum number
|
7661
|
+
# of items you want in the response. If additional items exist beyond
|
7662
|
+
# the maximum you specify, the `IsTruncated` response element is `true`.
|
7138
7663
|
#
|
7139
|
-
# If you do not include this parameter,
|
7140
|
-
# IAM might return fewer results, even when there are
|
7141
|
-
# available. In that case, the `IsTruncated` response
|
7142
|
-
# `true
|
7143
|
-
# that tells the service where to continue from.
|
7664
|
+
# If you do not include this parameter, the number of items defaults to
|
7665
|
+
# 100. Note that IAM might return fewer results, even when there are
|
7666
|
+
# more results available. In that case, the `IsTruncated` response
|
7667
|
+
# element returns `true`, and `Marker` contains a value to include in
|
7668
|
+
# the subsequent call that tells the service where to continue from.
|
7144
7669
|
#
|
7145
7670
|
# @return [Types::ListUsersResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
7146
7671
|
#
|
@@ -7195,11 +7720,11 @@ module Aws::IAM
|
|
7195
7720
|
# resp.users[0].arn #=> String
|
7196
7721
|
# resp.users[0].create_date #=> Time
|
7197
7722
|
# resp.users[0].password_last_used #=> Time
|
7723
|
+
# resp.users[0].permissions_boundary.permissions_boundary_type #=> String, one of "PermissionsBoundaryPolicy"
|
7724
|
+
# resp.users[0].permissions_boundary.permissions_boundary_arn #=> String
|
7198
7725
|
# resp.users[0].tags #=> Array
|
7199
7726
|
# resp.users[0].tags[0].key #=> String
|
7200
7727
|
# resp.users[0].tags[0].value #=> String
|
7201
|
-
# resp.users[0].permissions_boundary.permissions_boundary_type #=> String, one of "PermissionsBoundaryPolicy"
|
7202
|
-
# resp.users[0].permissions_boundary.permissions_boundary_arn #=> String
|
7203
7728
|
# resp.is_truncated #=> Boolean
|
7204
7729
|
# resp.marker #=> String
|
7205
7730
|
#
|
@@ -7222,8 +7747,8 @@ module Aws::IAM
|
|
7222
7747
|
#
|
7223
7748
|
# @option params [String] :assignment_status
|
7224
7749
|
# The status (`Unassigned` or `Assigned`) of the devices to list. If you
|
7225
|
-
# do not specify an `AssignmentStatus`, the operation defaults to `Any
|
7226
|
-
# which lists both assigned and unassigned virtual MFA devices
|
7750
|
+
# do not specify an `AssignmentStatus`, the operation defaults to `Any`,
|
7751
|
+
# which lists both assigned and unassigned virtual MFA devices.,
|
7227
7752
|
#
|
7228
7753
|
# @option params [String] :marker
|
7229
7754
|
# Use this parameter only when paginating results and only after you
|
@@ -7232,16 +7757,15 @@ module Aws::IAM
|
|
7232
7757
|
# to indicate where the next call should start.
|
7233
7758
|
#
|
7234
7759
|
# @option params [Integer] :max_items
|
7235
|
-
#
|
7236
|
-
#
|
7237
|
-
#
|
7238
|
-
# element is `true`.
|
7760
|
+
# Use this only when paginating results to indicate the maximum number
|
7761
|
+
# of items you want in the response. If additional items exist beyond
|
7762
|
+
# the maximum you specify, the `IsTruncated` response element is `true`.
|
7239
7763
|
#
|
7240
|
-
# If you do not include this parameter,
|
7241
|
-
# IAM might return fewer results, even when there are
|
7242
|
-
# available. In that case, the `IsTruncated` response
|
7243
|
-
# `true
|
7244
|
-
# that tells the service where to continue from.
|
7764
|
+
# If you do not include this parameter, the number of items defaults to
|
7765
|
+
# 100. Note that IAM might return fewer results, even when there are
|
7766
|
+
# more results available. In that case, the `IsTruncated` response
|
7767
|
+
# element returns `true`, and `Marker` contains a value to include in
|
7768
|
+
# the subsequent call that tells the service where to continue from.
|
7245
7769
|
#
|
7246
7770
|
# @return [Types::ListVirtualMFADevicesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
7247
7771
|
#
|
@@ -7289,11 +7813,11 @@ module Aws::IAM
|
|
7289
7813
|
# resp.virtual_mfa_devices[0].user.arn #=> String
|
7290
7814
|
# resp.virtual_mfa_devices[0].user.create_date #=> Time
|
7291
7815
|
# resp.virtual_mfa_devices[0].user.password_last_used #=> Time
|
7816
|
+
# resp.virtual_mfa_devices[0].user.permissions_boundary.permissions_boundary_type #=> String, one of "PermissionsBoundaryPolicy"
|
7817
|
+
# resp.virtual_mfa_devices[0].user.permissions_boundary.permissions_boundary_arn #=> String
|
7292
7818
|
# resp.virtual_mfa_devices[0].user.tags #=> Array
|
7293
7819
|
# resp.virtual_mfa_devices[0].user.tags[0].key #=> String
|
7294
7820
|
# resp.virtual_mfa_devices[0].user.tags[0].value #=> String
|
7295
|
-
# resp.virtual_mfa_devices[0].user.permissions_boundary.permissions_boundary_type #=> String, one of "PermissionsBoundaryPolicy"
|
7296
|
-
# resp.virtual_mfa_devices[0].user.permissions_boundary.permissions_boundary_arn #=> String
|
7297
7821
|
# resp.virtual_mfa_devices[0].enable_date #=> Time
|
7298
7822
|
# resp.is_truncated #=> Boolean
|
7299
7823
|
# resp.marker #=> String
|
@@ -7335,7 +7859,7 @@ module Aws::IAM
|
|
7335
7859
|
# @option params [required, String] :group_name
|
7336
7860
|
# The name of the group to associate the policy with.
|
7337
7861
|
#
|
7338
|
-
# This parameter allows (
|
7862
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
7339
7863
|
# characters consisting of upper and lowercase alphanumeric characters
|
7340
7864
|
# with no spaces. You can also include any of the following characters:
|
7341
7865
|
# \_+=,.@-
|
@@ -7347,7 +7871,7 @@ module Aws::IAM
|
|
7347
7871
|
# @option params [required, String] :policy_name
|
7348
7872
|
# The name of the policy document.
|
7349
7873
|
#
|
7350
|
-
# This parameter allows (
|
7874
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
7351
7875
|
# characters consisting of upper and lowercase alphanumeric characters
|
7352
7876
|
# with no spaces. You can also include any of the following characters:
|
7353
7877
|
# \_+=,.@-
|
@@ -7421,7 +7945,7 @@ module Aws::IAM
|
|
7421
7945
|
#
|
7422
7946
|
#
|
7423
7947
|
#
|
7424
|
-
# [1]:
|
7948
|
+
# [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html
|
7425
7949
|
#
|
7426
7950
|
# @option params [required, String] :role_name
|
7427
7951
|
# The name (friendly name, not ARN) of the IAM role for which you want
|
@@ -7485,7 +8009,7 @@ module Aws::IAM
|
|
7485
8009
|
# @option params [required, String] :role_name
|
7486
8010
|
# The name of the role to associate the policy with.
|
7487
8011
|
#
|
7488
|
-
# This parameter allows (
|
8012
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
7489
8013
|
# characters consisting of upper and lowercase alphanumeric characters
|
7490
8014
|
# with no spaces. You can also include any of the following characters:
|
7491
8015
|
# \_+=,.@-
|
@@ -7497,7 +8021,7 @@ module Aws::IAM
|
|
7497
8021
|
# @option params [required, String] :policy_name
|
7498
8022
|
# The name of the policy document.
|
7499
8023
|
#
|
7500
|
-
# This parameter allows (
|
8024
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
7501
8025
|
# characters consisting of upper and lowercase alphanumeric characters
|
7502
8026
|
# with no spaces. You can also include any of the following characters:
|
7503
8027
|
# \_+=,.@-
|
@@ -7569,7 +8093,7 @@ module Aws::IAM
|
|
7569
8093
|
#
|
7570
8094
|
#
|
7571
8095
|
#
|
7572
|
-
# [1]:
|
8096
|
+
# [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html
|
7573
8097
|
#
|
7574
8098
|
# @option params [required, String] :user_name
|
7575
8099
|
# The name (friendly name, not ARN) of the IAM user for which you want
|
@@ -7625,7 +8149,7 @@ module Aws::IAM
|
|
7625
8149
|
# @option params [required, String] :user_name
|
7626
8150
|
# The name of the user to associate the policy with.
|
7627
8151
|
#
|
7628
|
-
# This parameter allows (
|
8152
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
7629
8153
|
# characters consisting of upper and lowercase alphanumeric characters
|
7630
8154
|
# with no spaces. You can also include any of the following characters:
|
7631
8155
|
# \_+=,.@-
|
@@ -7637,7 +8161,7 @@ module Aws::IAM
|
|
7637
8161
|
# @option params [required, String] :policy_name
|
7638
8162
|
# The name of the policy document.
|
7639
8163
|
#
|
7640
|
-
# This parameter allows (
|
8164
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
7641
8165
|
# characters consisting of upper and lowercase alphanumeric characters
|
7642
8166
|
# with no spaces. You can also include any of the following characters:
|
7643
8167
|
# \_+=,.@-
|
@@ -7757,7 +8281,7 @@ module Aws::IAM
|
|
7757
8281
|
# @option params [required, String] :instance_profile_name
|
7758
8282
|
# The name of the instance profile to update.
|
7759
8283
|
#
|
7760
|
-
# This parameter allows (
|
8284
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
7761
8285
|
# characters consisting of upper and lowercase alphanumeric characters
|
7762
8286
|
# with no spaces. You can also include any of the following characters:
|
7763
8287
|
# \_+=,.@-
|
@@ -7769,7 +8293,7 @@ module Aws::IAM
|
|
7769
8293
|
# @option params [required, String] :role_name
|
7770
8294
|
# The name of the role to remove.
|
7771
8295
|
#
|
7772
|
-
# This parameter allows (
|
8296
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
7773
8297
|
# characters consisting of upper and lowercase alphanumeric characters
|
7774
8298
|
# with no spaces. You can also include any of the following characters:
|
7775
8299
|
# \_+=,.@-
|
@@ -7811,7 +8335,7 @@ module Aws::IAM
|
|
7811
8335
|
# @option params [required, String] :group_name
|
7812
8336
|
# The name of the group to update.
|
7813
8337
|
#
|
7814
|
-
# This parameter allows (
|
8338
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
7815
8339
|
# characters consisting of upper and lowercase alphanumeric characters
|
7816
8340
|
# with no spaces. You can also include any of the following characters:
|
7817
8341
|
# \_+=,.@-
|
@@ -7823,7 +8347,7 @@ module Aws::IAM
|
|
7823
8347
|
# @option params [required, String] :user_name
|
7824
8348
|
# The name of the user to remove.
|
7825
8349
|
#
|
7826
|
-
# This parameter allows (
|
8350
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
7827
8351
|
# characters consisting of upper and lowercase alphanumeric characters
|
7828
8352
|
# with no spaces. You can also include any of the following characters:
|
7829
8353
|
# \_+=,.@-
|
@@ -7870,7 +8394,7 @@ module Aws::IAM
|
|
7870
8394
|
# credential. If this value is not specified, then the operation assumes
|
7871
8395
|
# the user whose credentials are used to call the operation.
|
7872
8396
|
#
|
7873
|
-
# This parameter allows (
|
8397
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
7874
8398
|
# characters consisting of upper and lowercase alphanumeric characters
|
7875
8399
|
# with no spaces. You can also include any of the following characters:
|
7876
8400
|
# \_+=,.@-
|
@@ -7882,7 +8406,7 @@ module Aws::IAM
|
|
7882
8406
|
# @option params [required, String] :service_specific_credential_id
|
7883
8407
|
# The unique identifier of the service-specific credential.
|
7884
8408
|
#
|
7885
|
-
# This parameter allows (
|
8409
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
7886
8410
|
# characters that can consist of any upper or lowercased letter or
|
7887
8411
|
# digit.
|
7888
8412
|
#
|
@@ -7934,7 +8458,7 @@ module Aws::IAM
|
|
7934
8458
|
# @option params [required, String] :user_name
|
7935
8459
|
# The name of the user whose MFA device you want to resynchronize.
|
7936
8460
|
#
|
7937
|
-
# This parameter allows (
|
8461
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
7938
8462
|
# characters consisting of upper and lowercase alphanumeric characters
|
7939
8463
|
# with no spaces. You can also include any of the following characters:
|
7940
8464
|
# \_+=,.@-
|
@@ -7946,7 +8470,7 @@ module Aws::IAM
|
|
7946
8470
|
# @option params [required, String] :serial_number
|
7947
8471
|
# Serial number that uniquely identifies the MFA device.
|
7948
8472
|
#
|
7949
|
-
# This parameter allows (
|
8473
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
7950
8474
|
# characters consisting of upper and lowercase alphanumeric characters
|
7951
8475
|
# with no spaces. You can also include any of the following characters:
|
7952
8476
|
# \_+=,.@-
|
@@ -8095,7 +8619,7 @@ module Aws::IAM
|
|
8095
8619
|
#
|
8096
8620
|
# @option params [Array<String>] :resource_arns
|
8097
8621
|
# A list of ARNs of AWS resources to include in the simulation. If this
|
8098
|
-
# parameter is not provided then the value defaults to `*` (all
|
8622
|
+
# parameter is not provided, then the value defaults to `*` (all
|
8099
8623
|
# resources). Each API in the `ActionNames` parameter is evaluated for
|
8100
8624
|
# each resource in this list. The simulation determines the access
|
8101
8625
|
# result (allowed or denied) of each combination and reports it in the
|
@@ -8217,16 +8741,15 @@ module Aws::IAM
|
|
8217
8741
|
# [1]: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-supported-platforms.html
|
8218
8742
|
#
|
8219
8743
|
# @option params [Integer] :max_items
|
8220
|
-
#
|
8221
|
-
#
|
8222
|
-
#
|
8223
|
-
# element is `true`.
|
8744
|
+
# Use this only when paginating results to indicate the maximum number
|
8745
|
+
# of items you want in the response. If additional items exist beyond
|
8746
|
+
# the maximum you specify, the `IsTruncated` response element is `true`.
|
8224
8747
|
#
|
8225
|
-
# If you do not include this parameter,
|
8226
|
-
# IAM might return fewer results, even when there are
|
8227
|
-
# available. In that case, the `IsTruncated` response
|
8228
|
-
# `true
|
8229
|
-
# that tells the service where to continue from.
|
8748
|
+
# If you do not include this parameter, the number of items defaults to
|
8749
|
+
# 100. Note that IAM might return fewer results, even when there are
|
8750
|
+
# more results available. In that case, the `IsTruncated` response
|
8751
|
+
# element returns `true`, and `Marker` contains a value to include in
|
8752
|
+
# the subsequent call that tells the service where to continue from.
|
8230
8753
|
#
|
8231
8754
|
# @option params [String] :marker
|
8232
8755
|
# Use this parameter only when paginating results and only after you
|
@@ -8474,52 +8997,51 @@ module Aws::IAM
|
|
8474
8997
|
# resources that you must define to run the simulation.
|
8475
8998
|
#
|
8476
8999
|
# Each of the EC2 scenarios requires that you specify instance, image,
|
8477
|
-
# and security
|
9000
|
+
# and security group resources. If your scenario includes an EBS volume,
|
8478
9001
|
# then you must specify that volume as a resource. If the EC2 scenario
|
8479
|
-
# includes VPC, then you must supply the network
|
9002
|
+
# includes VPC, then you must supply the network interface resource. If
|
8480
9003
|
# it includes an IP subnet, then you must specify the subnet resource.
|
8481
9004
|
# For more information on the EC2 scenario options, see [Supported
|
8482
9005
|
# Platforms][1] in the *Amazon EC2 User Guide*.
|
8483
9006
|
#
|
8484
9007
|
# * **EC2-Classic-InstanceStore**
|
8485
9008
|
#
|
8486
|
-
# instance, image, security
|
9009
|
+
# instance, image, security group
|
8487
9010
|
#
|
8488
9011
|
# * **EC2-Classic-EBS**
|
8489
9012
|
#
|
8490
|
-
# instance, image, security
|
9013
|
+
# instance, image, security group, volume
|
8491
9014
|
#
|
8492
9015
|
# * **EC2-VPC-InstanceStore**
|
8493
9016
|
#
|
8494
|
-
# instance, image, security
|
9017
|
+
# instance, image, security group, network interface
|
8495
9018
|
#
|
8496
9019
|
# * **EC2-VPC-InstanceStore-Subnet**
|
8497
9020
|
#
|
8498
|
-
# instance, image, security
|
9021
|
+
# instance, image, security group, network interface, subnet
|
8499
9022
|
#
|
8500
9023
|
# * **EC2-VPC-EBS**
|
8501
9024
|
#
|
8502
|
-
# instance, image, security
|
9025
|
+
# instance, image, security group, network interface, volume
|
8503
9026
|
#
|
8504
9027
|
# * **EC2-VPC-EBS-Subnet**
|
8505
9028
|
#
|
8506
|
-
# instance, image, security
|
9029
|
+
# instance, image, security group, network interface, subnet, volume
|
8507
9030
|
#
|
8508
9031
|
#
|
8509
9032
|
#
|
8510
9033
|
# [1]: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-supported-platforms.html
|
8511
9034
|
#
|
8512
9035
|
# @option params [Integer] :max_items
|
8513
|
-
#
|
8514
|
-
#
|
8515
|
-
#
|
8516
|
-
# element is `true`.
|
9036
|
+
# Use this only when paginating results to indicate the maximum number
|
9037
|
+
# of items you want in the response. If additional items exist beyond
|
9038
|
+
# the maximum you specify, the `IsTruncated` response element is `true`.
|
8517
9039
|
#
|
8518
|
-
# If you do not include this parameter,
|
8519
|
-
# IAM might return fewer results, even when there are
|
8520
|
-
# available. In that case, the `IsTruncated` response
|
8521
|
-
# `true
|
8522
|
-
# that tells the service where to continue from.
|
9040
|
+
# If you do not include this parameter, the number of items defaults to
|
9041
|
+
# 100. Note that IAM might return fewer results, even when there are
|
9042
|
+
# more results available. In that case, the `IsTruncated` response
|
9043
|
+
# element returns `true`, and `Marker` contains a value to include in
|
9044
|
+
# the subsequent call that tells the service where to continue from.
|
8523
9045
|
#
|
8524
9046
|
# @option params [String] :marker
|
8525
9047
|
# Use this parameter only when paginating results and only after you
|
@@ -8911,9 +9433,9 @@ module Aws::IAM
|
|
8911
9433
|
#
|
8912
9434
|
# If the `UserName` field is not specified, the user name is determined
|
8913
9435
|
# implicitly based on the AWS access key ID used to sign the request.
|
8914
|
-
#
|
8915
|
-
# you can use this operation to manage AWS account root
|
8916
|
-
# even if the AWS account has no associated users.
|
9436
|
+
# This operation works for access keys under the AWS account.
|
9437
|
+
# Consequently, you can use this operation to manage AWS account root
|
9438
|
+
# user credentials even if the AWS account has no associated users.
|
8917
9439
|
#
|
8918
9440
|
# For information about rotating keys, see [Managing Keys and
|
8919
9441
|
# Certificates][1] in the *IAM User Guide*.
|
@@ -8925,7 +9447,7 @@ module Aws::IAM
|
|
8925
9447
|
# @option params [String] :user_name
|
8926
9448
|
# The name of the user whose key you want to update.
|
8927
9449
|
#
|
8928
|
-
# This parameter allows (
|
9450
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
8929
9451
|
# characters consisting of upper and lowercase alphanumeric characters
|
8930
9452
|
# with no spaces. You can also include any of the following characters:
|
8931
9453
|
# \_+=,.@-
|
@@ -8937,7 +9459,7 @@ module Aws::IAM
|
|
8937
9459
|
# @option params [required, String] :access_key_id
|
8938
9460
|
# The access key ID of the secret access key you want to update.
|
8939
9461
|
#
|
8940
|
-
# This parameter allows (
|
9462
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
8941
9463
|
# characters that can consist of any upper or lowercased letter or
|
8942
9464
|
# digit.
|
8943
9465
|
#
|
@@ -9129,7 +9651,7 @@ module Aws::IAM
|
|
9129
9651
|
# @option params [required, String] :role_name
|
9130
9652
|
# The name of the role to update with the new policy.
|
9131
9653
|
#
|
9132
|
-
# This parameter allows (
|
9654
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
9133
9655
|
# characters consisting of upper and lowercase alphanumeric characters
|
9134
9656
|
# with no spaces. You can also include any of the following characters:
|
9135
9657
|
# \_+=,.@-
|
@@ -9210,7 +9732,7 @@ module Aws::IAM
|
|
9210
9732
|
# Name of the IAM group to update. If you're changing the name of the
|
9211
9733
|
# group, this is the original name.
|
9212
9734
|
#
|
9213
|
-
# This parameter allows (
|
9735
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
9214
9736
|
# characters consisting of upper and lowercase alphanumeric characters
|
9215
9737
|
# with no spaces. You can also include any of the following characters:
|
9216
9738
|
# \_+=,.@-
|
@@ -9223,7 +9745,7 @@ module Aws::IAM
|
|
9223
9745
|
# New path for the IAM group. Only include this if changing the group's
|
9224
9746
|
# path.
|
9225
9747
|
#
|
9226
|
-
# This parameter allows (
|
9748
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
9227
9749
|
# characters consisting of either a forward slash (/) by itself or a
|
9228
9750
|
# string that must begin and end with forward slashes. In addition, it
|
9229
9751
|
# can contain any ASCII character from the ! (\\u0021) through the DEL
|
@@ -9238,7 +9760,7 @@ module Aws::IAM
|
|
9238
9760
|
# New name for the IAM group. Only include this if changing the group's
|
9239
9761
|
# name.
|
9240
9762
|
#
|
9241
|
-
# This parameter allows (
|
9763
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
9242
9764
|
# characters consisting of upper and lowercase alphanumeric characters
|
9243
9765
|
# with no spaces. You can also include any of the following characters:
|
9244
9766
|
# \_+=,.@-
|
@@ -9289,7 +9811,7 @@ module Aws::IAM
|
|
9289
9811
|
# @option params [required, String] :user_name
|
9290
9812
|
# The name of the user whose password you want to update.
|
9291
9813
|
#
|
9292
|
-
# This parameter allows (
|
9814
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
9293
9815
|
# characters consisting of upper and lowercase alphanumeric characters
|
9294
9816
|
# with no spaces. You can also include any of the following characters:
|
9295
9817
|
# \_+=,.@-
|
@@ -9367,10 +9889,10 @@ module Aws::IAM
|
|
9367
9889
|
# role that specifies the OIDC provider as a principal fails until the
|
9368
9890
|
# certificate thumbprint is updated.
|
9369
9891
|
#
|
9370
|
-
# <note markdown="1">
|
9371
|
-
# certificate and is validated by the thumbprint, it is best
|
9372
|
-
# access to the `UpdateOpenIDConnectProviderThumbprint`
|
9373
|
-
# highly privileged users.
|
9892
|
+
# <note markdown="1"> Trust for the OIDC provider is derived from the provider's
|
9893
|
+
# certificate and is validated by the thumbprint. Therefore, it is best
|
9894
|
+
# to limit access to the `UpdateOpenIDConnectProviderThumbprint`
|
9895
|
+
# operation to highly privileged users.
|
9374
9896
|
#
|
9375
9897
|
# </note>
|
9376
9898
|
#
|
@@ -9458,7 +9980,7 @@ module Aws::IAM
|
|
9458
9980
|
req.send_request(options)
|
9459
9981
|
end
|
9460
9982
|
|
9461
|
-
# Use instead.
|
9983
|
+
# Use UpdateRole instead.
|
9462
9984
|
#
|
9463
9985
|
# Modifies only the description of a role. This operation performs the
|
9464
9986
|
# same function as the `Description` parameter in the `UpdateRole`
|
@@ -9490,12 +10012,12 @@ module Aws::IAM
|
|
9490
10012
|
# resp.role.create_date #=> Time
|
9491
10013
|
# resp.role.assume_role_policy_document #=> String
|
9492
10014
|
# resp.role.description #=> String
|
9493
|
-
# resp.role.tags #=> Array
|
9494
|
-
# resp.role.tags[0].key #=> String
|
9495
|
-
# resp.role.tags[0].value #=> String
|
9496
10015
|
# resp.role.max_session_duration #=> Integer
|
9497
10016
|
# resp.role.permissions_boundary.permissions_boundary_type #=> String, one of "PermissionsBoundaryPolicy"
|
9498
10017
|
# resp.role.permissions_boundary.permissions_boundary_arn #=> String
|
10018
|
+
# resp.role.tags #=> Array
|
10019
|
+
# resp.role.tags[0].key #=> String
|
10020
|
+
# resp.role.tags[0].value #=> String
|
9499
10021
|
#
|
9500
10022
|
# @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UpdateRoleDescription AWS API Documentation
|
9501
10023
|
#
|
@@ -9577,7 +10099,7 @@ module Aws::IAM
|
|
9577
10099
|
# @option params [required, String] :user_name
|
9578
10100
|
# The name of the IAM user associated with the SSH public key.
|
9579
10101
|
#
|
9580
|
-
# This parameter allows (
|
10102
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
9581
10103
|
# characters consisting of upper and lowercase alphanumeric characters
|
9582
10104
|
# with no spaces. You can also include any of the following characters:
|
9583
10105
|
# \_+=,.@-
|
@@ -9589,7 +10111,7 @@ module Aws::IAM
|
|
9589
10111
|
# @option params [required, String] :ssh_public_key_id
|
9590
10112
|
# The unique identifier for the SSH public key.
|
9591
10113
|
#
|
9592
|
-
# This parameter allows (
|
10114
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
9593
10115
|
# characters that can consist of any upper or lowercased letter or
|
9594
10116
|
# digit.
|
9595
10117
|
#
|
@@ -9653,7 +10175,7 @@ module Aws::IAM
|
|
9653
10175
|
# @option params [required, String] :server_certificate_name
|
9654
10176
|
# The name of the server certificate that you want to update.
|
9655
10177
|
#
|
9656
|
-
# This parameter allows (
|
10178
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
9657
10179
|
# characters consisting of upper and lowercase alphanumeric characters
|
9658
10180
|
# with no spaces. You can also include any of the following characters:
|
9659
10181
|
# \_+=,.@-
|
@@ -9666,7 +10188,7 @@ module Aws::IAM
|
|
9666
10188
|
# The new path for the server certificate. Include this only if you are
|
9667
10189
|
# updating the server certificate's path.
|
9668
10190
|
#
|
9669
|
-
# This parameter allows (
|
10191
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
9670
10192
|
# characters consisting of either a forward slash (/) by itself or a
|
9671
10193
|
# string that must begin and end with forward slashes. In addition, it
|
9672
10194
|
# can contain any ASCII character from the ! (\\u0021) through the DEL
|
@@ -9682,7 +10204,7 @@ module Aws::IAM
|
|
9682
10204
|
# updating the server certificate's name. The name of the certificate
|
9683
10205
|
# cannot contain any spaces.
|
9684
10206
|
#
|
9685
|
-
# This parameter allows (
|
10207
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
9686
10208
|
# characters consisting of upper and lowercase alphanumeric characters
|
9687
10209
|
# with no spaces. You can also include any of the following characters:
|
9688
10210
|
# \_+=,.@-
|
@@ -9721,7 +10243,7 @@ module Aws::IAM
|
|
9721
10243
|
# credential. If you do not specify this value, then the operation
|
9722
10244
|
# assumes the user whose credentials are used to call the operation.
|
9723
10245
|
#
|
9724
|
-
# This parameter allows (
|
10246
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
9725
10247
|
# characters consisting of upper and lowercase alphanumeric characters
|
9726
10248
|
# with no spaces. You can also include any of the following characters:
|
9727
10249
|
# \_+=,.@-
|
@@ -9733,7 +10255,7 @@ module Aws::IAM
|
|
9733
10255
|
# @option params [required, String] :service_specific_credential_id
|
9734
10256
|
# The unique identifier of the service-specific credential.
|
9735
10257
|
#
|
9736
|
-
# This parameter allows (
|
10258
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
9737
10259
|
# characters that can consist of any upper or lowercased letter or
|
9738
10260
|
# digit.
|
9739
10261
|
#
|
@@ -9770,14 +10292,14 @@ module Aws::IAM
|
|
9770
10292
|
#
|
9771
10293
|
# If the `UserName` field is not specified, the user name is determined
|
9772
10294
|
# implicitly based on the AWS access key ID used to sign the request.
|
9773
|
-
#
|
9774
|
-
# you can use this operation to manage AWS account root
|
9775
|
-
# even if the AWS account has no associated users.
|
10295
|
+
# This operation works for access keys under the AWS account.
|
10296
|
+
# Consequently, you can use this operation to manage AWS account root
|
10297
|
+
# user credentials even if the AWS account has no associated users.
|
9776
10298
|
#
|
9777
10299
|
# @option params [String] :user_name
|
9778
10300
|
# The name of the IAM user the signing certificate belongs to.
|
9779
10301
|
#
|
9780
|
-
# This parameter allows (
|
10302
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
9781
10303
|
# characters consisting of upper and lowercase alphanumeric characters
|
9782
10304
|
# with no spaces. You can also include any of the following characters:
|
9783
10305
|
# \_+=,.@-
|
@@ -9789,7 +10311,7 @@ module Aws::IAM
|
|
9789
10311
|
# @option params [required, String] :certificate_id
|
9790
10312
|
# The ID of the signing certificate you want to update.
|
9791
10313
|
#
|
9792
|
-
# This parameter allows (
|
10314
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
9793
10315
|
# characters that can consist of any upper or lowercased letter or
|
9794
10316
|
# digit.
|
9795
10317
|
#
|
@@ -9856,7 +10378,7 @@ module Aws::IAM
|
|
9856
10378
|
# Name of the user to update. If you're changing the name of the user,
|
9857
10379
|
# this is the original user name.
|
9858
10380
|
#
|
9859
|
-
# This parameter allows (
|
10381
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
9860
10382
|
# characters consisting of upper and lowercase alphanumeric characters
|
9861
10383
|
# with no spaces. You can also include any of the following characters:
|
9862
10384
|
# \_+=,.@-
|
@@ -9869,7 +10391,7 @@ module Aws::IAM
|
|
9869
10391
|
# New path for the IAM user. Include this parameter only if you're
|
9870
10392
|
# changing the user's path.
|
9871
10393
|
#
|
9872
|
-
# This parameter allows (
|
10394
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
9873
10395
|
# characters consisting of either a forward slash (/) by itself or a
|
9874
10396
|
# string that must begin and end with forward slashes. In addition, it
|
9875
10397
|
# can contain any ASCII character from the ! (\\u0021) through the DEL
|
@@ -9884,7 +10406,7 @@ module Aws::IAM
|
|
9884
10406
|
# New name for the user. Include this parameter only if you're changing
|
9885
10407
|
# the user's name.
|
9886
10408
|
#
|
9887
|
-
# This parameter allows (
|
10409
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
9888
10410
|
# characters consisting of upper and lowercase alphanumeric characters
|
9889
10411
|
# with no spaces. You can also include any of the following characters:
|
9890
10412
|
# \_+=,.@-
|
@@ -9938,7 +10460,7 @@ module Aws::IAM
|
|
9938
10460
|
# @option params [required, String] :user_name
|
9939
10461
|
# The name of the IAM user to associate the SSH public key with.
|
9940
10462
|
#
|
9941
|
-
# This parameter allows (
|
10463
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
9942
10464
|
# characters consisting of upper and lowercase alphanumeric characters
|
9943
10465
|
# with no spaces. You can also include any of the following characters:
|
9944
10466
|
# \_+=,.@-
|
@@ -9949,7 +10471,7 @@ module Aws::IAM
|
|
9949
10471
|
#
|
9950
10472
|
# @option params [required, String] :ssh_public_key_body
|
9951
10473
|
# The SSH public key. The public key must be encoded in ssh-rsa format
|
9952
|
-
# or PEM format. The
|
10474
|
+
# or PEM format. The minimum bit-length of the public key is 2048 bits.
|
9953
10475
|
# For example, you can generate a 2048-bit key, and the resulting PEM
|
9954
10476
|
# file is 1679 bytes long.
|
9955
10477
|
#
|
@@ -10030,7 +10552,7 @@ module Aws::IAM
|
|
10030
10552
|
#
|
10031
10553
|
#
|
10032
10554
|
#
|
10033
|
-
# [1]:
|
10555
|
+
# [1]: http://docs.aws.amazon.com/certificate-manager/
|
10034
10556
|
# [2]: http://docs.aws.amazon.com/acm/latest/userguide/
|
10035
10557
|
# [3]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html
|
10036
10558
|
# [4]: http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html
|
@@ -10042,12 +10564,12 @@ module Aws::IAM
|
|
10042
10564
|
# see [IAM Identifiers][1] in the *IAM User Guide*.
|
10043
10565
|
#
|
10044
10566
|
# This parameter is optional. If it is not included, it defaults to a
|
10045
|
-
# slash (/). This parameter allows (
|
10046
|
-
# of characters consisting of either a forward slash (/) by
|
10047
|
-
# string that must begin and end with forward slashes. In
|
10048
|
-
# can contain any ASCII character from the ! (\\u0021)
|
10049
|
-
# character (\\u007F), including most punctuation
|
10050
|
-
# and upper and lowercased letters.
|
10567
|
+
# slash (/). This parameter allows (through its [regex pattern][2]) a
|
10568
|
+
# string of characters consisting of either a forward slash (/) by
|
10569
|
+
# itself or a string that must begin and end with forward slashes. In
|
10570
|
+
# addition, it can contain any ASCII character from the ! (\\u0021)
|
10571
|
+
# through the DEL character (\\u007F), including most punctuation
|
10572
|
+
# characters, digits, and upper and lowercased letters.
|
10051
10573
|
#
|
10052
10574
|
# <note markdown="1"> If you are uploading a server certificate specifically for use with
|
10053
10575
|
# Amazon CloudFront distributions, you must specify a path using the
|
@@ -10065,7 +10587,7 @@ module Aws::IAM
|
|
10065
10587
|
# The name for the server certificate. Do not include the path in this
|
10066
10588
|
# value. The name of the certificate cannot contain any spaces.
|
10067
10589
|
#
|
10068
|
-
# This parameter allows (
|
10590
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
10069
10591
|
# characters consisting of upper and lowercase alphanumeric characters
|
10070
10592
|
# with no spaces. You can also include any of the following characters:
|
10071
10593
|
# \_+=,.@-
|
@@ -10195,9 +10717,9 @@ module Aws::IAM
|
|
10195
10717
|
#
|
10196
10718
|
# If the `UserName` field is not specified, the IAM user name is
|
10197
10719
|
# determined implicitly based on the AWS access key ID used to sign the
|
10198
|
-
# request.
|
10199
|
-
#
|
10200
|
-
# credentials even if the AWS account has no associated users.
|
10720
|
+
# request. This operation works for access keys under the AWS account.
|
10721
|
+
# Consequently, you can use this operation to manage AWS account root
|
10722
|
+
# user credentials even if the AWS account has no associated users.
|
10201
10723
|
#
|
10202
10724
|
# <note markdown="1"> Because the body of an X.509 certificate can be large, you should use
|
10203
10725
|
# POST rather than GET when calling `UploadSigningCertificate`. For
|
@@ -10216,7 +10738,7 @@ module Aws::IAM
|
|
10216
10738
|
# @option params [String] :user_name
|
10217
10739
|
# The name of the user the signing certificate is for.
|
10218
10740
|
#
|
10219
|
-
# This parameter allows (
|
10741
|
+
# This parameter allows (through its [regex pattern][1]) a string of
|
10220
10742
|
# characters consisting of upper and lowercase alphanumeric characters
|
10221
10743
|
# with no spaces. You can also include any of the following characters:
|
10222
10744
|
# \_+=,.@-
|
@@ -10306,7 +10828,7 @@ module Aws::IAM
|
|
10306
10828
|
params: params,
|
10307
10829
|
config: config)
|
10308
10830
|
context[:gem_name] = 'aws-sdk-iam'
|
10309
|
-
context[:gem_version] = '1.
|
10831
|
+
context[:gem_version] = '1.13.0'
|
10310
10832
|
Seahorse::Client::Request.new(handlers, context)
|
10311
10833
|
end
|
10312
10834
|
|