@aws-sdk/client-iam 3.262.0 → 3.263.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist-cjs/endpoint/ruleset.js +3 -3
- package/dist-es/endpoint/ruleset.js +3 -3
- package/dist-types/IAM.d.ts +384 -351
- package/dist-types/commands/AddClientIDToOpenIDConnectProviderCommand.d.ts +1 -1
- package/dist-types/commands/AddRoleToInstanceProfileCommand.d.ts +3 -3
- package/dist-types/commands/AttachGroupPolicyCommand.d.ts +3 -3
- package/dist-types/commands/AttachRolePolicyCommand.d.ts +4 -4
- package/dist-types/commands/AttachUserPolicyCommand.d.ts +3 -3
- package/dist-types/commands/ChangePasswordCommand.d.ts +1 -1
- package/dist-types/commands/CreateAccessKeyCommand.d.ts +4 -4
- package/dist-types/commands/CreateGroupCommand.d.ts +1 -1
- package/dist-types/commands/CreateInstanceProfileCommand.d.ts +1 -1
- package/dist-types/commands/CreateLoginProfileCommand.d.ts +2 -2
- package/dist-types/commands/CreateOpenIDConnectProviderCommand.d.ts +15 -14
- package/dist-types/commands/CreatePolicyCommand.d.ts +3 -3
- package/dist-types/commands/CreatePolicyVersionCommand.d.ts +2 -2
- package/dist-types/commands/CreateSAMLProviderCommand.d.ts +5 -5
- package/dist-types/commands/CreateServiceLinkedRoleCommand.d.ts +1 -1
- package/dist-types/commands/CreateServiceSpecificCredentialCommand.d.ts +4 -4
- package/dist-types/commands/CreateUserCommand.d.ts +1 -1
- package/dist-types/commands/CreateVirtualMFADeviceCommand.d.ts +3 -3
- package/dist-types/commands/DeactivateMFADeviceCommand.d.ts +1 -1
- package/dist-types/commands/DeleteAccessKeyCommand.d.ts +1 -1
- package/dist-types/commands/DeleteGroupPolicyCommand.d.ts +1 -1
- package/dist-types/commands/DeleteInstanceProfileCommand.d.ts +3 -3
- package/dist-types/commands/DeleteLoginProfileCommand.d.ts +3 -3
- package/dist-types/commands/DeleteOpenIDConnectProviderCommand.d.ts +2 -2
- package/dist-types/commands/DeletePolicyCommand.d.ts +6 -6
- package/dist-types/commands/DeletePolicyVersionCommand.d.ts +2 -2
- package/dist-types/commands/DeleteRoleCommand.d.ts +21 -4
- package/dist-types/commands/DeleteRolePermissionsBoundaryCommand.d.ts +2 -2
- package/dist-types/commands/DeleteRolePolicyCommand.d.ts +1 -1
- package/dist-types/commands/DeleteSAMLProviderCommand.d.ts +3 -3
- package/dist-types/commands/DeleteSSHPublicKeyCommand.d.ts +1 -1
- package/dist-types/commands/DeleteServerCertificateCommand.d.ts +3 -3
- package/dist-types/commands/DeleteServiceLinkedRoleCommand.d.ts +2 -2
- package/dist-types/commands/DeleteSigningCertificateCommand.d.ts +1 -1
- package/dist-types/commands/DeleteUserCommand.d.ts +10 -10
- package/dist-types/commands/DeleteUserPermissionsBoundaryCommand.d.ts +2 -2
- package/dist-types/commands/DeleteUserPolicyCommand.d.ts +1 -1
- package/dist-types/commands/DeleteVirtualMFADeviceCommand.d.ts +2 -2
- package/dist-types/commands/DetachGroupPolicyCommand.d.ts +1 -1
- package/dist-types/commands/DetachRolePolicyCommand.d.ts +1 -1
- package/dist-types/commands/DetachUserPolicyCommand.d.ts +1 -1
- package/dist-types/commands/GenerateOrganizationsAccessReportCommand.d.ts +22 -22
- package/dist-types/commands/GenerateServiceLastAccessedDetailsCommand.d.ts +12 -12
- package/dist-types/commands/GetAccountAuthorizationDetailsCommand.d.ts +2 -2
- package/dist-types/commands/GetAccountSummaryCommand.d.ts +1 -1
- package/dist-types/commands/GetContextKeysForCustomPolicyCommand.d.ts +1 -1
- package/dist-types/commands/GetContextKeysForPrincipalPolicyCommand.d.ts +3 -3
- package/dist-types/commands/GetGroupPolicyCommand.d.ts +3 -3
- package/dist-types/commands/GetLoginProfileCommand.d.ts +2 -2
- package/dist-types/commands/GetOrganizationsAccessReportCommand.d.ts +4 -4
- package/dist-types/commands/GetPolicyCommand.d.ts +2 -2
- package/dist-types/commands/GetPolicyVersionCommand.d.ts +5 -5
- package/dist-types/commands/GetRoleCommand.d.ts +1 -1
- package/dist-types/commands/GetRolePolicyCommand.d.ts +4 -4
- package/dist-types/commands/GetSAMLProviderCommand.d.ts +2 -2
- package/dist-types/commands/GetSSHPublicKeyCommand.d.ts +1 -1
- package/dist-types/commands/GetServerCertificateCommand.d.ts +1 -1
- package/dist-types/commands/GetServiceLastAccessedDetailsCommand.d.ts +12 -12
- package/dist-types/commands/GetServiceLastAccessedDetailsWithEntitiesCommand.d.ts +6 -6
- package/dist-types/commands/GetUserCommand.d.ts +1 -1
- package/dist-types/commands/GetUserPolicyCommand.d.ts +3 -3
- package/dist-types/commands/ListAccessKeysCommand.d.ts +4 -4
- package/dist-types/commands/ListAttachedGroupPoliciesCommand.d.ts +2 -2
- package/dist-types/commands/ListAttachedRolePoliciesCommand.d.ts +2 -2
- package/dist-types/commands/ListAttachedUserPoliciesCommand.d.ts +2 -2
- package/dist-types/commands/ListEntitiesForPolicyCommand.d.ts +2 -2
- package/dist-types/commands/ListGroupPoliciesCommand.d.ts +2 -2
- package/dist-types/commands/ListGroupsCommand.d.ts +1 -1
- package/dist-types/commands/ListGroupsForUserCommand.d.ts +1 -1
- package/dist-types/commands/ListInstanceProfilesCommand.d.ts +3 -3
- package/dist-types/commands/ListInstanceProfilesForRoleCommand.d.ts +1 -1
- package/dist-types/commands/ListMFADevicesCommand.d.ts +1 -1
- package/dist-types/commands/ListOpenIDConnectProvidersCommand.d.ts +2 -2
- package/dist-types/commands/ListPoliciesCommand.d.ts +5 -5
- package/dist-types/commands/ListPoliciesGrantingServiceAccessCommand.d.ts +9 -9
- package/dist-types/commands/ListPolicyVersionsCommand.d.ts +1 -1
- package/dist-types/commands/ListRolePoliciesCommand.d.ts +2 -2
- package/dist-types/commands/ListRolesCommand.d.ts +3 -3
- package/dist-types/commands/ListSAMLProvidersCommand.d.ts +2 -2
- package/dist-types/commands/ListSSHPublicKeysCommand.d.ts +2 -2
- package/dist-types/commands/ListServerCertificatesCommand.d.ts +4 -4
- package/dist-types/commands/ListSigningCertificatesCommand.d.ts +2 -2
- package/dist-types/commands/ListUserPoliciesCommand.d.ts +2 -2
- package/dist-types/commands/ListUsersCommand.d.ts +3 -3
- package/dist-types/commands/ListVirtualMFADevicesCommand.d.ts +3 -3
- package/dist-types/commands/PutGroupPolicyCommand.d.ts +4 -4
- package/dist-types/commands/PutRolePermissionsBoundaryCommand.d.ts +3 -3
- package/dist-types/commands/PutRolePolicyCommand.d.ts +5 -5
- package/dist-types/commands/PutUserPermissionsBoundaryCommand.d.ts +2 -2
- package/dist-types/commands/PutUserPolicyCommand.d.ts +4 -4
- package/dist-types/commands/RemoveClientIDFromOpenIDConnectProviderCommand.d.ts +1 -1
- package/dist-types/commands/RemoveRoleFromInstanceProfileCommand.d.ts +3 -3
- package/dist-types/commands/ResyncMFADeviceCommand.d.ts +1 -1
- package/dist-types/commands/SetDefaultPolicyVersionCommand.d.ts +2 -2
- package/dist-types/commands/SetSecurityTokenServicePreferencesCommand.d.ts +3 -3
- package/dist-types/commands/SimulateCustomPolicyCommand.d.ts +14 -7
- package/dist-types/commands/SimulatePrincipalPolicyCommand.d.ts +17 -10
- package/dist-types/commands/UpdateAccessKeyCommand.d.ts +2 -2
- package/dist-types/commands/UpdateAccountPasswordPolicyCommand.d.ts +3 -3
- package/dist-types/commands/UpdateGroupCommand.d.ts +4 -4
- package/dist-types/commands/UpdateLoginProfileCommand.d.ts +6 -6
- package/dist-types/commands/UpdateOpenIDConnectProviderThumbprintCommand.d.ts +9 -8
- package/dist-types/commands/UpdateRoleDescriptionCommand.d.ts +1 -1
- package/dist-types/commands/UpdateSAMLProviderCommand.d.ts +2 -2
- package/dist-types/commands/UpdateSSHPublicKeyCommand.d.ts +1 -1
- package/dist-types/commands/UpdateServerCertificateCommand.d.ts +5 -5
- package/dist-types/commands/UpdateSigningCertificateCommand.d.ts +1 -1
- package/dist-types/commands/UpdateUserCommand.d.ts +4 -4
- package/dist-types/commands/UploadSSHPublicKeyCommand.d.ts +1 -1
- package/dist-types/commands/UploadServerCertificateCommand.d.ts +5 -5
- package/dist-types/commands/UploadSigningCertificateCommand.d.ts +4 -4
- package/dist-types/endpoint/EndpointParameters.d.ts +1 -1
- package/dist-types/models/models_0.d.ts +319 -282
- package/dist-types/models/models_1.d.ts +51 -51
- package/dist-types/ts3.4/endpoint/EndpointParameters.d.ts +1 -1
- package/package.json +1 -1
|
@@ -238,13 +238,13 @@ export declare class ServiceFailureException extends __BaseException {
|
|
|
238
238
|
export interface AddRoleToInstanceProfileRequest {
|
|
239
239
|
/**
|
|
240
240
|
* <p>The name of the instance profile to update.</p>
|
|
241
|
-
*
|
|
241
|
+
* <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters consisting of upper and lowercase alphanumeric
|
|
242
242
|
* characters with no spaces. You can also include any of the following characters: _+=,.@-</p>
|
|
243
243
|
*/
|
|
244
244
|
InstanceProfileName: string | undefined;
|
|
245
245
|
/**
|
|
246
246
|
* <p>The name of the role to add.</p>
|
|
247
|
-
*
|
|
247
|
+
* <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters consisting of upper and lowercase alphanumeric
|
|
248
248
|
* characters with no spaces. You can also include any of the following characters: _+=,.@-</p>
|
|
249
249
|
*/
|
|
250
250
|
RoleName: string | undefined;
|
|
@@ -278,13 +278,13 @@ export declare class UnmodifiableEntityException extends __BaseException {
|
|
|
278
278
|
export interface AddUserToGroupRequest {
|
|
279
279
|
/**
|
|
280
280
|
* <p>The name of the group to update.</p>
|
|
281
|
-
*
|
|
281
|
+
* <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters consisting of upper and lowercase alphanumeric
|
|
282
282
|
* characters with no spaces. You can also include any of the following characters: _+=,.@-</p>
|
|
283
283
|
*/
|
|
284
284
|
GroupName: string | undefined;
|
|
285
285
|
/**
|
|
286
286
|
* <p>The name of the user to add.</p>
|
|
287
|
-
*
|
|
287
|
+
* <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters consisting of upper and lowercase alphanumeric
|
|
288
288
|
* characters with no spaces. You can also include any of the following characters: _+=,.@-</p>
|
|
289
289
|
*/
|
|
290
290
|
UserName: string | undefined;
|
|
@@ -338,13 +338,13 @@ export interface AttachedPolicy {
|
|
|
338
338
|
export interface AttachGroupPolicyRequest {
|
|
339
339
|
/**
|
|
340
340
|
* <p>The name (friendly name, not ARN) of the group to attach the policy to.</p>
|
|
341
|
-
*
|
|
341
|
+
* <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters consisting of upper and lowercase alphanumeric
|
|
342
342
|
* characters with no spaces. You can also include any of the following characters: _+=,.@-</p>
|
|
343
343
|
*/
|
|
344
344
|
GroupName: string | undefined;
|
|
345
345
|
/**
|
|
346
346
|
* <p>The Amazon Resource Name (ARN) of the IAM policy you want to attach.</p>
|
|
347
|
-
*
|
|
347
|
+
* <p>For more information about ARNs, see <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resource Names (ARNs)</a> in the <i>Amazon Web Services General Reference</i>.</p>
|
|
348
348
|
*/
|
|
349
349
|
PolicyArn: string | undefined;
|
|
350
350
|
}
|
|
@@ -363,26 +363,26 @@ export declare class PolicyNotAttachableException extends __BaseException {
|
|
|
363
363
|
export interface AttachRolePolicyRequest {
|
|
364
364
|
/**
|
|
365
365
|
* <p>The name (friendly name, not ARN) of the role to attach the policy to.</p>
|
|
366
|
-
*
|
|
366
|
+
* <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters consisting of upper and lowercase alphanumeric
|
|
367
367
|
* characters with no spaces. You can also include any of the following characters: _+=,.@-</p>
|
|
368
368
|
*/
|
|
369
369
|
RoleName: string | undefined;
|
|
370
370
|
/**
|
|
371
371
|
* <p>The Amazon Resource Name (ARN) of the IAM policy you want to attach.</p>
|
|
372
|
-
*
|
|
372
|
+
* <p>For more information about ARNs, see <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resource Names (ARNs)</a> in the <i>Amazon Web Services General Reference</i>.</p>
|
|
373
373
|
*/
|
|
374
374
|
PolicyArn: string | undefined;
|
|
375
375
|
}
|
|
376
376
|
export interface AttachUserPolicyRequest {
|
|
377
377
|
/**
|
|
378
378
|
* <p>The name (friendly name, not ARN) of the IAM user to attach the policy to.</p>
|
|
379
|
-
*
|
|
379
|
+
* <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters consisting of upper and lowercase alphanumeric
|
|
380
380
|
* characters with no spaces. You can also include any of the following characters: _+=,.@-</p>
|
|
381
381
|
*/
|
|
382
382
|
UserName: string | undefined;
|
|
383
383
|
/**
|
|
384
384
|
* <p>The Amazon Resource Name (ARN) of the IAM policy you want to attach.</p>
|
|
385
|
-
*
|
|
385
|
+
* <p>For more information about ARNs, see <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resource Names (ARNs)</a> in the <i>Amazon Web Services General Reference</i>.</p>
|
|
386
386
|
*/
|
|
387
387
|
PolicyArn: string | undefined;
|
|
388
388
|
}
|
|
@@ -394,7 +394,7 @@ export interface ChangePasswordRequest {
|
|
|
394
394
|
/**
|
|
395
395
|
* <p>The new password. The new password must conform to the Amazon Web Services account's password
|
|
396
396
|
* policy, if one exists.</p>
|
|
397
|
-
*
|
|
397
|
+
* <p>The <a href="http://wikipedia.org/wiki/regex">regex pattern</a>
|
|
398
398
|
* that is used to validate this parameter is a string of characters. That string can include almost any printable
|
|
399
399
|
* ASCII character from the space (<code>\u0020</code>) through the end of the ASCII character range (<code>\u00FF</code>).
|
|
400
400
|
* You can also include the tab (<code>\u0009</code>), line feed (<code>\u000A</code>), and carriage return (<code>\u000D</code>)
|
|
@@ -445,7 +445,7 @@ export declare class PasswordPolicyViolationException extends __BaseException {
|
|
|
445
445
|
export interface CreateAccessKeyRequest {
|
|
446
446
|
/**
|
|
447
447
|
* <p>The name of the IAM user that the new key will belong to.</p>
|
|
448
|
-
*
|
|
448
|
+
* <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters consisting of upper and lowercase alphanumeric
|
|
449
449
|
* characters with no spaces. You can also include any of the following characters: _+=,.@-</p>
|
|
450
450
|
*/
|
|
451
451
|
UserName?: string;
|
|
@@ -463,7 +463,7 @@ export interface CreateAccessKeyResponse {
|
|
|
463
463
|
export interface CreateAccountAliasRequest {
|
|
464
464
|
/**
|
|
465
465
|
* <p>The account alias to create.</p>
|
|
466
|
-
*
|
|
466
|
+
* <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters consisting of
|
|
467
467
|
* lowercase letters, digits, and dashes. You cannot start or finish with a dash, nor can you have
|
|
468
468
|
* two dashes in a row.</p>
|
|
469
469
|
*/
|
|
@@ -473,8 +473,8 @@ export interface CreateGroupRequest {
|
|
|
473
473
|
/**
|
|
474
474
|
* <p> The path to the group. For more information about paths, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html">IAM
|
|
475
475
|
* identifiers</a> in the <i>IAM User Guide</i>.</p>
|
|
476
|
-
*
|
|
477
|
-
*
|
|
476
|
+
* <p>This parameter is optional. If it is not included, it defaults to a slash (/).</p>
|
|
477
|
+
* <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters consisting
|
|
478
478
|
* of either a forward slash (/) by itself or a string that must begin and end with forward slashes.
|
|
479
479
|
* In addition, it can contain any ASCII character from the ! (<code>\u0021</code>) through the DEL character (<code>\u007F</code>), including
|
|
480
480
|
* most punctuation characters, digits, and upper and lowercased letters.</p>
|
|
@@ -482,7 +482,7 @@ export interface CreateGroupRequest {
|
|
|
482
482
|
Path?: string;
|
|
483
483
|
/**
|
|
484
484
|
* <p>The name of the group to create. Do not include the path in this value.</p>
|
|
485
|
-
*
|
|
485
|
+
* <p>IAM user, group, role, and policy names must be unique within the account. Names are
|
|
486
486
|
* not distinguished by case. For example, you cannot create resources named both
|
|
487
487
|
* "MyResource" and "myresource".</p>
|
|
488
488
|
*/
|
|
@@ -587,15 +587,15 @@ export interface Tag {
|
|
|
587
587
|
export interface CreateInstanceProfileRequest {
|
|
588
588
|
/**
|
|
589
589
|
* <p>The name of the instance profile to create.</p>
|
|
590
|
-
*
|
|
590
|
+
* <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters consisting of upper and lowercase alphanumeric
|
|
591
591
|
* characters with no spaces. You can also include any of the following characters: _+=,.@-</p>
|
|
592
592
|
*/
|
|
593
593
|
InstanceProfileName: string | undefined;
|
|
594
594
|
/**
|
|
595
595
|
* <p> The path to the instance profile. For more information about paths, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html">IAM
|
|
596
596
|
* Identifiers</a> in the <i>IAM User Guide</i>.</p>
|
|
597
|
-
*
|
|
598
|
-
*
|
|
597
|
+
* <p>This parameter is optional. If it is not included, it defaults to a slash (/).</p>
|
|
598
|
+
* <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters consisting
|
|
599
599
|
* of either a forward slash (/) by itself or a string that must begin and end with forward slashes.
|
|
600
600
|
* In addition, it can contain any ASCII character from the ! (<code>\u0021</code>) through the DEL character (<code>\u007F</code>), including
|
|
601
601
|
* most punctuation characters, digits, and upper and lowercased letters.</p>
|
|
@@ -778,13 +778,13 @@ export interface CreateLoginProfileRequest {
|
|
|
778
778
|
/**
|
|
779
779
|
* <p>The name of the IAM user to create a password for. The user must already
|
|
780
780
|
* exist.</p>
|
|
781
|
-
*
|
|
781
|
+
* <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters consisting of upper and lowercase alphanumeric
|
|
782
782
|
* characters with no spaces. You can also include any of the following characters: _+=,.@-</p>
|
|
783
783
|
*/
|
|
784
784
|
UserName: string | undefined;
|
|
785
785
|
/**
|
|
786
786
|
* <p>The new password for the user.</p>
|
|
787
|
-
*
|
|
787
|
+
* <p>The <a href="http://wikipedia.org/wiki/regex">regex pattern</a>
|
|
788
788
|
* that is used to validate this parameter is a string of characters. That string can include almost any printable
|
|
789
789
|
* ASCII character from the space (<code>\u0020</code>) through the end of the ASCII character range (<code>\u00FF</code>).
|
|
790
790
|
* You can also include the tab (<code>\u0009</code>), line feed (<code>\u000A</code>), and carriage return (<code>\u000D</code>)
|
|
@@ -834,7 +834,7 @@ export interface CreateOpenIDConnectProviderRequest {
|
|
|
834
834
|
* Typically the URL consists of only a hostname, like
|
|
835
835
|
* <code>https://server.example.org</code> or <code>https://example.com</code>. The URL
|
|
836
836
|
* should not contain a port number. </p>
|
|
837
|
-
*
|
|
837
|
+
* <p>You cannot register the same provider multiple times in a single Amazon Web Services account. If you
|
|
838
838
|
* try to submit a URL that has already been used for an OpenID Connect provider in the
|
|
839
839
|
* Amazon Web Services account, you will get an error.</p>
|
|
840
840
|
*/
|
|
@@ -844,10 +844,10 @@ export interface CreateOpenIDConnectProviderRequest {
|
|
|
844
844
|
* registers with an OpenID Connect provider, they establish a value that identifies the
|
|
845
845
|
* application. This is the value that's sent as the <code>client_id</code> parameter on
|
|
846
846
|
* OAuth requests.</p>
|
|
847
|
-
*
|
|
847
|
+
* <p>You can register multiple client IDs with the same provider. For example, you might
|
|
848
848
|
* have multiple applications that use the same OIDC provider. You cannot register more
|
|
849
849
|
* than 100 client IDs with a single IAM OIDC provider.</p>
|
|
850
|
-
*
|
|
850
|
+
* <p>There is no defined format for a client ID. The
|
|
851
851
|
* <code>CreateOpenIDConnectProviderRequest</code> operation accepts client IDs up to
|
|
852
852
|
* 255 characters long.</p>
|
|
853
853
|
*/
|
|
@@ -857,16 +857,16 @@ export interface CreateOpenIDConnectProviderRequest {
|
|
|
857
857
|
* provider's server certificates. Typically this list includes only one entry. However,
|
|
858
858
|
* IAM lets you have up to five thumbprints for an OIDC provider. This lets you maintain
|
|
859
859
|
* multiple thumbprints if the identity provider is rotating certificates.</p>
|
|
860
|
-
*
|
|
860
|
+
* <p>The server certificate thumbprint is the hex-encoded SHA-1 hash value of the X.509
|
|
861
861
|
* certificate used by the domain where the OpenID Connect provider makes its keys
|
|
862
862
|
* available. It is always a 40-character string.</p>
|
|
863
|
-
*
|
|
863
|
+
* <p>You must provide at least one thumbprint when creating an IAM OIDC provider. For
|
|
864
864
|
* example, assume that the OIDC provider is <code>server.example.com</code> and the
|
|
865
865
|
* provider stores its keys at https://keys.server.example.com/openid-connect. In that
|
|
866
866
|
* case, the thumbprint string would be the hex-encoded SHA-1 hash value of the certificate
|
|
867
867
|
* used by <code>https://keys.server.example.com.</code>
|
|
868
868
|
* </p>
|
|
869
|
-
*
|
|
869
|
+
* <p>For more information about obtaining the OIDC provider thumbprint, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/identity-providers-oidc-obtain-thumbprint.html">Obtaining the
|
|
870
870
|
* thumbprint for an OpenID Connect provider</a> in the <i>IAM User
|
|
871
871
|
* Guide</i>.</p>
|
|
872
872
|
*/
|
|
@@ -903,36 +903,36 @@ export interface CreateOpenIDConnectProviderResponse {
|
|
|
903
903
|
export interface CreatePolicyRequest {
|
|
904
904
|
/**
|
|
905
905
|
* <p>The friendly name of the policy.</p>
|
|
906
|
-
*
|
|
906
|
+
* <p>IAM user, group, role, and policy names must be unique within the account. Names are
|
|
907
907
|
* not distinguished by case. For example, you cannot create resources named both
|
|
908
908
|
* "MyResource" and "myresource".</p>
|
|
909
909
|
*/
|
|
910
910
|
PolicyName: string | undefined;
|
|
911
911
|
/**
|
|
912
912
|
* <p>The path for the policy.</p>
|
|
913
|
-
*
|
|
913
|
+
* <p>For more information about paths, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html">IAM identifiers</a> in the
|
|
914
914
|
* <i>IAM User Guide</i>.</p>
|
|
915
|
-
*
|
|
916
|
-
*
|
|
915
|
+
* <p>This parameter is optional. If it is not included, it defaults to a slash (/).</p>
|
|
916
|
+
* <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters consisting
|
|
917
917
|
* of either a forward slash (/) by itself or a string that must begin and end with forward slashes.
|
|
918
918
|
* In addition, it can contain any ASCII character from the ! (<code>\u0021</code>) through the DEL character (<code>\u007F</code>), including
|
|
919
919
|
* most punctuation characters, digits, and upper and lowercased letters.</p>
|
|
920
|
-
*
|
|
920
|
+
* <note>
|
|
921
921
|
* <p>You cannot use an asterisk (*) in the path name.</p>
|
|
922
|
-
*
|
|
922
|
+
* </note>
|
|
923
923
|
*/
|
|
924
924
|
Path?: string;
|
|
925
925
|
/**
|
|
926
926
|
* <p>The JSON policy document that you want to use as the content for the new
|
|
927
927
|
* policy.</p>
|
|
928
|
-
*
|
|
928
|
+
* <p>You must provide policies in JSON format in IAM. However, for CloudFormation
|
|
929
929
|
* templates formatted in YAML, you can provide the policy in JSON or YAML format. CloudFormation always converts a YAML policy to JSON format before submitting it to
|
|
930
930
|
* IAM.</p>
|
|
931
|
-
*
|
|
931
|
+
* <p>The maximum length of the policy document that you can pass in this operation,
|
|
932
932
|
* including whitespace, is listed below. To view the maximum character counts of a managed policy with no whitespaces, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length">IAM and STS character quotas</a>.</p>
|
|
933
|
-
*
|
|
933
|
+
* <p>To learn more about JSON policy grammar, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_grammar.html">Grammar of the IAM JSON
|
|
934
934
|
* policy language</a> in the <i>IAM User Guide</i>. </p>
|
|
935
|
-
*
|
|
935
|
+
* <p>The <a href="http://wikipedia.org/wiki/regex">regex pattern</a>
|
|
936
936
|
* used to validate this parameter is a string of characters consisting of the following:</p>
|
|
937
937
|
* <ul>
|
|
938
938
|
* <li>
|
|
@@ -952,9 +952,9 @@ export interface CreatePolicyRequest {
|
|
|
952
952
|
PolicyDocument: string | undefined;
|
|
953
953
|
/**
|
|
954
954
|
* <p>A friendly description of the policy.</p>
|
|
955
|
-
*
|
|
955
|
+
* <p>Typically used to store information about the permissions defined in the policy. For
|
|
956
956
|
* example, "Grants access to production DynamoDB tables."</p>
|
|
957
|
-
*
|
|
957
|
+
* <p>The policy description is immutable. After a value is assigned, it cannot be
|
|
958
958
|
* changed.</p>
|
|
959
959
|
*/
|
|
960
960
|
Description?: string;
|
|
@@ -1069,18 +1069,18 @@ export interface CreatePolicyVersionRequest {
|
|
|
1069
1069
|
/**
|
|
1070
1070
|
* <p>The Amazon Resource Name (ARN) of the IAM policy to which you want to add a new
|
|
1071
1071
|
* version.</p>
|
|
1072
|
-
*
|
|
1072
|
+
* <p>For more information about ARNs, see <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resource Names (ARNs)</a> in the <i>Amazon Web Services General Reference</i>.</p>
|
|
1073
1073
|
*/
|
|
1074
1074
|
PolicyArn: string | undefined;
|
|
1075
1075
|
/**
|
|
1076
1076
|
* <p>The JSON policy document that you want to use as the content for this new version of
|
|
1077
1077
|
* the policy.</p>
|
|
1078
|
-
*
|
|
1078
|
+
* <p>You must provide policies in JSON format in IAM. However, for CloudFormation
|
|
1079
1079
|
* templates formatted in YAML, you can provide the policy in JSON or YAML format. CloudFormation always converts a YAML policy to JSON format before submitting it to
|
|
1080
1080
|
* IAM.</p>
|
|
1081
|
-
*
|
|
1081
|
+
* <p>The maximum length of the policy document that you can pass in this operation,
|
|
1082
1082
|
* including whitespace, is listed below. To view the maximum character counts of a managed policy with no whitespaces, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length">IAM and STS character quotas</a>.</p>
|
|
1083
|
-
*
|
|
1083
|
+
* <p>The <a href="http://wikipedia.org/wiki/regex">regex pattern</a>
|
|
1084
1084
|
* used to validate this parameter is a string of characters consisting of the following:</p>
|
|
1085
1085
|
* <ul>
|
|
1086
1086
|
* <li>
|
|
@@ -1100,10 +1100,10 @@ export interface CreatePolicyVersionRequest {
|
|
|
1100
1100
|
PolicyDocument: string | undefined;
|
|
1101
1101
|
/**
|
|
1102
1102
|
* <p>Specifies whether to set this version as the policy's default version.</p>
|
|
1103
|
-
*
|
|
1103
|
+
* <p>When this parameter is <code>true</code>, the new policy version becomes the operative
|
|
1104
1104
|
* version. That is, it becomes the version that is in effect for the IAM users, groups,
|
|
1105
1105
|
* and roles that the policy is attached to.</p>
|
|
1106
|
-
*
|
|
1106
|
+
* <p>For more information about managed policy versions, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html">Versioning for managed
|
|
1107
1107
|
* policies</a> in the <i>IAM User Guide</i>.</p>
|
|
1108
1108
|
*/
|
|
1109
1109
|
SetAsDefault?: boolean;
|
|
@@ -1155,8 +1155,8 @@ export interface CreateRoleRequest {
|
|
|
1155
1155
|
/**
|
|
1156
1156
|
* <p> The path to the role. For more information about paths, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html">IAM
|
|
1157
1157
|
* Identifiers</a> in the <i>IAM User Guide</i>.</p>
|
|
1158
|
-
*
|
|
1159
|
-
*
|
|
1158
|
+
* <p>This parameter is optional. If it is not included, it defaults to a slash (/).</p>
|
|
1159
|
+
* <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters consisting
|
|
1160
1160
|
* of either a forward slash (/) by itself or a string that must begin and end with forward slashes.
|
|
1161
1161
|
* In addition, it can contain any ASCII character from the ! (<code>\u0021</code>) through the DEL character (<code>\u007F</code>), including
|
|
1162
1162
|
* most punctuation characters, digits, and upper and lowercased letters.</p>
|
|
@@ -1164,7 +1164,7 @@ export interface CreateRoleRequest {
|
|
|
1164
1164
|
Path?: string;
|
|
1165
1165
|
/**
|
|
1166
1166
|
* <p>The name of the role to create.</p>
|
|
1167
|
-
*
|
|
1167
|
+
* <p>IAM user, group, role, and policy names must be unique within the account. Names are
|
|
1168
1168
|
* not distinguished by case. For example, you cannot create resources named both
|
|
1169
1169
|
* "MyResource" and "myresource".</p>
|
|
1170
1170
|
*/
|
|
@@ -1172,11 +1172,11 @@ export interface CreateRoleRequest {
|
|
|
1172
1172
|
/**
|
|
1173
1173
|
* <p>The trust relationship policy document that grants an entity permission to assume the
|
|
1174
1174
|
* role.</p>
|
|
1175
|
-
*
|
|
1175
|
+
* <p>In IAM, you must provide a JSON policy that has been converted to a string. However,
|
|
1176
1176
|
* for CloudFormation templates formatted in YAML, you can provide the policy in JSON or YAML
|
|
1177
1177
|
* format. CloudFormation always converts a YAML policy to JSON format before submitting it to
|
|
1178
1178
|
* IAM.</p>
|
|
1179
|
-
*
|
|
1179
|
+
* <p>The <a href="http://wikipedia.org/wiki/regex">regex pattern</a>
|
|
1180
1180
|
* used to validate this parameter is a string of characters consisting of the following:</p>
|
|
1181
1181
|
* <ul>
|
|
1182
1182
|
* <li>
|
|
@@ -1192,7 +1192,7 @@ export interface CreateRoleRequest {
|
|
|
1192
1192
|
* carriage return (<code>\u000D</code>)</p>
|
|
1193
1193
|
* </li>
|
|
1194
1194
|
* </ul>
|
|
1195
|
-
*
|
|
1195
|
+
* <p> Upon success, the response includes the same trust policy in JSON format.</p>
|
|
1196
1196
|
*/
|
|
1197
1197
|
AssumeRolePolicyDocument: string | undefined;
|
|
1198
1198
|
/**
|
|
@@ -1203,20 +1203,28 @@ export interface CreateRoleRequest {
|
|
|
1203
1203
|
* <p>The maximum session duration (in seconds) that you want to set for the specified role.
|
|
1204
1204
|
* If you do not specify a value for this setting, the default value of one hour is
|
|
1205
1205
|
* applied. This setting can have a value from 1 hour to 12 hours.</p>
|
|
1206
|
-
*
|
|
1207
|
-
*
|
|
1208
|
-
* session. The <code>MaxSessionDuration</code> setting
|
|
1209
|
-
* that can be requested using the
|
|
1210
|
-
*
|
|
1211
|
-
*
|
|
1212
|
-
*
|
|
1213
|
-
* operations but does not apply when you use those
|
|
1214
|
-
* more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html">Using IAM
|
|
1206
|
+
* <p>Anyone who assumes the role from the CLI or API can use the
|
|
1207
|
+
* <code>DurationSeconds</code> API parameter or the <code>duration-seconds</code>
|
|
1208
|
+
* CLI parameter to request a longer session. The <code>MaxSessionDuration</code> setting
|
|
1209
|
+
* determines the maximum duration that can be requested using the
|
|
1210
|
+
* <code>DurationSeconds</code> parameter. If users don't specify a value for the
|
|
1211
|
+
* <code>DurationSeconds</code> parameter, their security credentials are valid for one
|
|
1212
|
+
* hour by default. This applies when you use the <code>AssumeRole*</code> API operations
|
|
1213
|
+
* or the <code>assume-role*</code> CLI operations but does not apply when you use those
|
|
1214
|
+
* operations to create a console URL. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html">Using IAM
|
|
1215
|
+
* roles</a> in the <i>IAM User Guide</i>.</p>
|
|
1215
1216
|
*/
|
|
1216
1217
|
MaxSessionDuration?: number;
|
|
1217
1218
|
/**
|
|
1218
|
-
* <p>The ARN of the policy that is used to set the permissions boundary for the
|
|
1219
|
+
* <p>The ARN of the managed policy that is used to set the permissions boundary for the
|
|
1219
1220
|
* role.</p>
|
|
1221
|
+
* <p>A permissions boundary policy defines the maximum permissions that identity-based
|
|
1222
|
+
* policies can grant to an entity, but does not grant permissions. Permissions boundaries
|
|
1223
|
+
* do not define the maximum permissions that a resource-based policy can grant to an
|
|
1224
|
+
* entity. To learn more, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html">Permissions boundaries
|
|
1225
|
+
* for IAM entities</a> in the <i>IAM User Guide</i>.</p>
|
|
1226
|
+
* <p>For more information about policy types, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policy-types">Policy types
|
|
1227
|
+
* </a> in the <i>IAM User Guide</i>.</p>
|
|
1220
1228
|
*/
|
|
1221
1229
|
PermissionsBoundary?: string;
|
|
1222
1230
|
/**
|
|
@@ -1246,14 +1254,14 @@ export interface CreateSAMLProviderRequest {
|
|
|
1246
1254
|
* to validate the SAML authentication response (assertions) that are received from the
|
|
1247
1255
|
* IdP. You must generate the metadata document using the identity management software that
|
|
1248
1256
|
* is used as your organization's IdP.</p>
|
|
1249
|
-
*
|
|
1257
|
+
* <p>For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html">About SAML 2.0-based
|
|
1250
1258
|
* federation</a> in the <i>IAM User Guide</i>
|
|
1251
|
-
*
|
|
1259
|
+
* </p>
|
|
1252
1260
|
*/
|
|
1253
1261
|
SAMLMetadataDocument: string | undefined;
|
|
1254
1262
|
/**
|
|
1255
1263
|
* <p>The name of the provider to create.</p>
|
|
1256
|
-
*
|
|
1264
|
+
* <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters consisting of upper and lowercase alphanumeric
|
|
1257
1265
|
* characters with no spaces. You can also include any of the following characters: _+=,.@-</p>
|
|
1258
1266
|
*/
|
|
1259
1267
|
Name: string | undefined;
|
|
@@ -1289,7 +1297,7 @@ export interface CreateServiceLinkedRoleRequest {
|
|
|
1289
1297
|
* <p>The service principal for the Amazon Web Services service to which this role is attached. You use a
|
|
1290
1298
|
* string similar to a URL but without the http:// in front. For example:
|
|
1291
1299
|
* <code>elasticbeanstalk.amazonaws.com</code>. </p>
|
|
1292
|
-
*
|
|
1300
|
+
* <p>Service principals are unique and case-sensitive. To find the exact service principal
|
|
1293
1301
|
* for your service-linked role, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-services-that-work-with-iam.html">Amazon Web Services services
|
|
1294
1302
|
* that work with IAM</a> in the <i>IAM User Guide</i>. Look for
|
|
1295
1303
|
* the services that have <b>Yes </b>in the <b>Service-Linked Role</b> column. Choose the <b>Yes</b> link to view the service-linked role documentation for that
|
|
@@ -1302,12 +1310,12 @@ export interface CreateServiceLinkedRoleRequest {
|
|
|
1302
1310
|
Description?: string;
|
|
1303
1311
|
/**
|
|
1304
1312
|
* <p></p>
|
|
1305
|
-
*
|
|
1313
|
+
* <p>A string that you provide, which is combined with the service-provided prefix to form
|
|
1306
1314
|
* the complete role name. If you make multiple requests for the same service, then you
|
|
1307
1315
|
* must supply a different <code>CustomSuffix</code> for each request. Otherwise the
|
|
1308
1316
|
* request fails with a duplicate role name error. For example, you could add
|
|
1309
1317
|
* <code>-1</code> or <code>-debug</code> to the suffix.</p>
|
|
1310
|
-
*
|
|
1318
|
+
* <p>Some services do not support the <code>CustomSuffix</code> parameter. If you provide
|
|
1311
1319
|
* an optional suffix and the operation fails, try the operation again without the
|
|
1312
1320
|
* suffix.</p>
|
|
1313
1321
|
*/
|
|
@@ -1325,7 +1333,7 @@ export interface CreateServiceSpecificCredentialRequest {
|
|
|
1325
1333
|
* <p>The name of the IAM user that is to be associated with the credentials. The new
|
|
1326
1334
|
* service-specific credentials have the same permissions as the associated user except
|
|
1327
1335
|
* that they can be used only to access the specified service.</p>
|
|
1328
|
-
*
|
|
1336
|
+
* <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters consisting of upper and lowercase alphanumeric
|
|
1329
1337
|
* characters with no spaces. You can also include any of the following characters: _+=,.@-</p>
|
|
1330
1338
|
*/
|
|
1331
1339
|
UserName: string | undefined;
|
|
@@ -1378,10 +1386,10 @@ export interface CreateServiceSpecificCredentialResponse {
|
|
|
1378
1386
|
/**
|
|
1379
1387
|
* <p>A structure that contains information about the newly created service-specific
|
|
1380
1388
|
* credential.</p>
|
|
1381
|
-
*
|
|
1389
|
+
* <important>
|
|
1382
1390
|
* <p>This is the only time that the password for this credential set is available. It
|
|
1383
1391
|
* cannot be recovered later. Instead, you must reset the password with <a>ResetServiceSpecificCredential</a>.</p>
|
|
1384
|
-
*
|
|
1392
|
+
* </important>
|
|
1385
1393
|
*/
|
|
1386
1394
|
ServiceSpecificCredential?: ServiceSpecificCredential;
|
|
1387
1395
|
}
|
|
@@ -1400,8 +1408,8 @@ export interface CreateUserRequest {
|
|
|
1400
1408
|
/**
|
|
1401
1409
|
* <p> The path for the user name. For more information about paths, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html">IAM
|
|
1402
1410
|
* identifiers</a> in the <i>IAM User Guide</i>.</p>
|
|
1403
|
-
*
|
|
1404
|
-
*
|
|
1411
|
+
* <p>This parameter is optional. If it is not included, it defaults to a slash (/).</p>
|
|
1412
|
+
* <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters consisting
|
|
1405
1413
|
* of either a forward slash (/) by itself or a string that must begin and end with forward slashes.
|
|
1406
1414
|
* In addition, it can contain any ASCII character from the ! (<code>\u0021</code>) through the DEL character (<code>\u007F</code>), including
|
|
1407
1415
|
* most punctuation characters, digits, and upper and lowercased letters.</p>
|
|
@@ -1409,14 +1417,21 @@ export interface CreateUserRequest {
|
|
|
1409
1417
|
Path?: string;
|
|
1410
1418
|
/**
|
|
1411
1419
|
* <p>The name of the user to create.</p>
|
|
1412
|
-
*
|
|
1420
|
+
* <p>IAM user, group, role, and policy names must be unique within the account. Names are
|
|
1413
1421
|
* not distinguished by case. For example, you cannot create resources named both
|
|
1414
1422
|
* "MyResource" and "myresource".</p>
|
|
1415
1423
|
*/
|
|
1416
1424
|
UserName: string | undefined;
|
|
1417
1425
|
/**
|
|
1418
|
-
* <p>The ARN of the policy that is used to set the permissions boundary for the
|
|
1426
|
+
* <p>The ARN of the managed policy that is used to set the permissions boundary for the
|
|
1419
1427
|
* user.</p>
|
|
1428
|
+
* <p>A permissions boundary policy defines the maximum permissions that identity-based
|
|
1429
|
+
* policies can grant to an entity, but does not grant permissions. Permissions boundaries
|
|
1430
|
+
* do not define the maximum permissions that a resource-based policy can grant to an
|
|
1431
|
+
* entity. To learn more, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html">Permissions boundaries
|
|
1432
|
+
* for IAM entities</a> in the <i>IAM User Guide</i>.</p>
|
|
1433
|
+
* <p>For more information about policy types, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policy-types">Policy types
|
|
1434
|
+
* </a> in the <i>IAM User Guide</i>.</p>
|
|
1420
1435
|
*/
|
|
1421
1436
|
PermissionsBoundary?: string;
|
|
1422
1437
|
/**
|
|
@@ -1526,8 +1541,8 @@ export interface CreateVirtualMFADeviceRequest {
|
|
|
1526
1541
|
/**
|
|
1527
1542
|
* <p> The path for the virtual MFA device. For more information about paths, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html">IAM
|
|
1528
1543
|
* identifiers</a> in the <i>IAM User Guide</i>.</p>
|
|
1529
|
-
*
|
|
1530
|
-
*
|
|
1544
|
+
* <p>This parameter is optional. If it is not included, it defaults to a slash (/).</p>
|
|
1545
|
+
* <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters consisting
|
|
1531
1546
|
* of either a forward slash (/) by itself or a string that must begin and end with forward slashes.
|
|
1532
1547
|
* In addition, it can contain any ASCII character from the ! (<code>\u0021</code>) through the DEL character (<code>\u007F</code>), including
|
|
1533
1548
|
* most punctuation characters, digits, and upper and lowercased letters.</p>
|
|
@@ -1536,7 +1551,7 @@ export interface CreateVirtualMFADeviceRequest {
|
|
|
1536
1551
|
/**
|
|
1537
1552
|
* <p>The name of the virtual MFA device. Use with path to uniquely identify a virtual MFA
|
|
1538
1553
|
* device.</p>
|
|
1539
|
-
*
|
|
1554
|
+
* <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters consisting of upper and lowercase alphanumeric
|
|
1540
1555
|
* characters with no spaces. You can also include any of the following characters: _+=,.@-</p>
|
|
1541
1556
|
*/
|
|
1542
1557
|
VirtualMFADeviceName: string | undefined;
|
|
@@ -1599,14 +1614,14 @@ export interface CreateVirtualMFADeviceResponse {
|
|
|
1599
1614
|
export interface DeactivateMFADeviceRequest {
|
|
1600
1615
|
/**
|
|
1601
1616
|
* <p>The name of the user whose MFA device you want to deactivate.</p>
|
|
1602
|
-
*
|
|
1617
|
+
* <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters consisting of upper and lowercase alphanumeric
|
|
1603
1618
|
* characters with no spaces. You can also include any of the following characters: _+=,.@-</p>
|
|
1604
1619
|
*/
|
|
1605
1620
|
UserName: string | undefined;
|
|
1606
1621
|
/**
|
|
1607
1622
|
* <p>The serial number that uniquely identifies the MFA device. For virtual MFA devices,
|
|
1608
1623
|
* the serial number is the device ARN.</p>
|
|
1609
|
-
*
|
|
1624
|
+
* <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters consisting
|
|
1610
1625
|
* of upper and lowercase alphanumeric characters with no spaces. You can also include any of the
|
|
1611
1626
|
* following characters: =,.@:/-</p>
|
|
1612
1627
|
*/
|
|
@@ -1615,14 +1630,14 @@ export interface DeactivateMFADeviceRequest {
|
|
|
1615
1630
|
export interface DeleteAccessKeyRequest {
|
|
1616
1631
|
/**
|
|
1617
1632
|
* <p>The name of the user whose access key pair you want to delete.</p>
|
|
1618
|
-
*
|
|
1633
|
+
* <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters consisting of upper and lowercase alphanumeric
|
|
1619
1634
|
* characters with no spaces. You can also include any of the following characters: _+=,.@-</p>
|
|
1620
1635
|
*/
|
|
1621
1636
|
UserName?: string;
|
|
1622
1637
|
/**
|
|
1623
1638
|
* <p>The access key ID for the access key ID and secret access key you want to
|
|
1624
1639
|
* delete.</p>
|
|
1625
|
-
*
|
|
1640
|
+
* <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters that can
|
|
1626
1641
|
* consist of any upper or lowercased letter or digit.</p>
|
|
1627
1642
|
*/
|
|
1628
1643
|
AccessKeyId: string | undefined;
|
|
@@ -1630,7 +1645,7 @@ export interface DeleteAccessKeyRequest {
|
|
|
1630
1645
|
export interface DeleteAccountAliasRequest {
|
|
1631
1646
|
/**
|
|
1632
1647
|
* <p>The name of the account alias to delete.</p>
|
|
1633
|
-
*
|
|
1648
|
+
* <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters consisting of
|
|
1634
1649
|
* lowercase letters, digits, and dashes. You cannot start or finish with a dash, nor can you have
|
|
1635
1650
|
* two dashes in a row.</p>
|
|
1636
1651
|
*/
|
|
@@ -1651,7 +1666,7 @@ export declare class DeleteConflictException extends __BaseException {
|
|
|
1651
1666
|
export interface DeleteGroupRequest {
|
|
1652
1667
|
/**
|
|
1653
1668
|
* <p>The name of the IAM group to delete.</p>
|
|
1654
|
-
*
|
|
1669
|
+
* <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters consisting of upper and lowercase alphanumeric
|
|
1655
1670
|
* characters with no spaces. You can also include any of the following characters: _+=,.@-</p>
|
|
1656
1671
|
*/
|
|
1657
1672
|
GroupName: string | undefined;
|
|
@@ -1660,13 +1675,13 @@ export interface DeleteGroupPolicyRequest {
|
|
|
1660
1675
|
/**
|
|
1661
1676
|
* <p>The name (friendly name, not ARN) identifying the group that the policy is embedded
|
|
1662
1677
|
* in.</p>
|
|
1663
|
-
*
|
|
1678
|
+
* <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters consisting of upper and lowercase alphanumeric
|
|
1664
1679
|
* characters with no spaces. You can also include any of the following characters: _+=,.@-</p>
|
|
1665
1680
|
*/
|
|
1666
1681
|
GroupName: string | undefined;
|
|
1667
1682
|
/**
|
|
1668
1683
|
* <p>The name identifying the policy document to delete.</p>
|
|
1669
|
-
*
|
|
1684
|
+
* <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters consisting of upper and lowercase alphanumeric
|
|
1670
1685
|
* characters with no spaces. You can also include any of the following characters: _+=,.@-</p>
|
|
1671
1686
|
*/
|
|
1672
1687
|
PolicyName: string | undefined;
|
|
@@ -1674,7 +1689,7 @@ export interface DeleteGroupPolicyRequest {
|
|
|
1674
1689
|
export interface DeleteInstanceProfileRequest {
|
|
1675
1690
|
/**
|
|
1676
1691
|
* <p>The name of the instance profile to delete.</p>
|
|
1677
|
-
*
|
|
1692
|
+
* <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters consisting of upper and lowercase alphanumeric
|
|
1678
1693
|
* characters with no spaces. You can also include any of the following characters: _+=,.@-</p>
|
|
1679
1694
|
*/
|
|
1680
1695
|
InstanceProfileName: string | undefined;
|
|
@@ -1682,7 +1697,7 @@ export interface DeleteInstanceProfileRequest {
|
|
|
1682
1697
|
export interface DeleteLoginProfileRequest {
|
|
1683
1698
|
/**
|
|
1684
1699
|
* <p>The name of the user whose password you want to delete.</p>
|
|
1685
|
-
*
|
|
1700
|
+
* <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters consisting of upper and lowercase alphanumeric
|
|
1686
1701
|
* characters with no spaces. You can also include any of the following characters: _+=,.@-</p>
|
|
1687
1702
|
*/
|
|
1688
1703
|
UserName: string | undefined;
|
|
@@ -1697,7 +1712,7 @@ export interface DeleteOpenIDConnectProviderRequest {
|
|
|
1697
1712
|
export interface DeletePolicyRequest {
|
|
1698
1713
|
/**
|
|
1699
1714
|
* <p>The Amazon Resource Name (ARN) of the IAM policy you want to delete.</p>
|
|
1700
|
-
*
|
|
1715
|
+
* <p>For more information about ARNs, see <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resource Names (ARNs)</a> in the <i>Amazon Web Services General Reference</i>.</p>
|
|
1701
1716
|
*/
|
|
1702
1717
|
PolicyArn: string | undefined;
|
|
1703
1718
|
}
|
|
@@ -1705,15 +1720,15 @@ export interface DeletePolicyVersionRequest {
|
|
|
1705
1720
|
/**
|
|
1706
1721
|
* <p>The Amazon Resource Name (ARN) of the IAM policy from which you want to delete a
|
|
1707
1722
|
* version.</p>
|
|
1708
|
-
*
|
|
1723
|
+
* <p>For more information about ARNs, see <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resource Names (ARNs)</a> in the <i>Amazon Web Services General Reference</i>.</p>
|
|
1709
1724
|
*/
|
|
1710
1725
|
PolicyArn: string | undefined;
|
|
1711
1726
|
/**
|
|
1712
1727
|
* <p>The policy version to delete.</p>
|
|
1713
|
-
*
|
|
1728
|
+
* <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters that
|
|
1714
1729
|
* consists of the lowercase letter 'v' followed by one or two digits, and optionally
|
|
1715
1730
|
* followed by a period '.' and a string of letters and digits.</p>
|
|
1716
|
-
*
|
|
1731
|
+
* <p>For more information about managed policy versions, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html">Versioning for managed
|
|
1717
1732
|
* policies</a> in the <i>IAM User Guide</i>.</p>
|
|
1718
1733
|
*/
|
|
1719
1734
|
VersionId: string | undefined;
|
|
@@ -1721,7 +1736,7 @@ export interface DeletePolicyVersionRequest {
|
|
|
1721
1736
|
export interface DeleteRoleRequest {
|
|
1722
1737
|
/**
|
|
1723
1738
|
* <p>The name of the role to delete.</p>
|
|
1724
|
-
*
|
|
1739
|
+
* <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters consisting of upper and lowercase alphanumeric
|
|
1725
1740
|
* characters with no spaces. You can also include any of the following characters: _+=,.@-</p>
|
|
1726
1741
|
*/
|
|
1727
1742
|
RoleName: string | undefined;
|
|
@@ -1737,13 +1752,13 @@ export interface DeleteRolePolicyRequest {
|
|
|
1737
1752
|
/**
|
|
1738
1753
|
* <p>The name (friendly name, not ARN) identifying the role that the policy is embedded
|
|
1739
1754
|
* in.</p>
|
|
1740
|
-
*
|
|
1755
|
+
* <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters consisting of upper and lowercase alphanumeric
|
|
1741
1756
|
* characters with no spaces. You can also include any of the following characters: _+=,.@-</p>
|
|
1742
1757
|
*/
|
|
1743
1758
|
RoleName: string | undefined;
|
|
1744
1759
|
/**
|
|
1745
1760
|
* <p>The name of the inline policy to delete from the specified IAM role.</p>
|
|
1746
|
-
*
|
|
1761
|
+
* <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters consisting of upper and lowercase alphanumeric
|
|
1747
1762
|
* characters with no spaces. You can also include any of the following characters: _+=,.@-</p>
|
|
1748
1763
|
*/
|
|
1749
1764
|
PolicyName: string | undefined;
|
|
@@ -1757,7 +1772,7 @@ export interface DeleteSAMLProviderRequest {
|
|
|
1757
1772
|
export interface DeleteServerCertificateRequest {
|
|
1758
1773
|
/**
|
|
1759
1774
|
* <p>The name of the server certificate you want to delete.</p>
|
|
1760
|
-
*
|
|
1775
|
+
* <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters consisting of upper and lowercase alphanumeric
|
|
1761
1776
|
* characters with no spaces. You can also include any of the following characters: _+=,.@-</p>
|
|
1762
1777
|
*/
|
|
1763
1778
|
ServerCertificateName: string | undefined;
|
|
@@ -1781,14 +1796,14 @@ export interface DeleteServiceSpecificCredentialRequest {
|
|
|
1781
1796
|
* <p>The name of the IAM user associated with the service-specific credential. If this
|
|
1782
1797
|
* value is not specified, then the operation assumes the user whose credentials are used
|
|
1783
1798
|
* to call the operation.</p>
|
|
1784
|
-
*
|
|
1799
|
+
* <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters consisting of upper and lowercase alphanumeric
|
|
1785
1800
|
* characters with no spaces. You can also include any of the following characters: _+=,.@-</p>
|
|
1786
1801
|
*/
|
|
1787
1802
|
UserName?: string;
|
|
1788
1803
|
/**
|
|
1789
1804
|
* <p>The unique identifier of the service-specific credential. You can get this value by
|
|
1790
1805
|
* calling <a>ListServiceSpecificCredentials</a>.</p>
|
|
1791
|
-
*
|
|
1806
|
+
* <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters that can
|
|
1792
1807
|
* consist of any upper or lowercased letter or digit.</p>
|
|
1793
1808
|
*/
|
|
1794
1809
|
ServiceSpecificCredentialId: string | undefined;
|
|
@@ -1796,13 +1811,13 @@ export interface DeleteServiceSpecificCredentialRequest {
|
|
|
1796
1811
|
export interface DeleteSigningCertificateRequest {
|
|
1797
1812
|
/**
|
|
1798
1813
|
* <p>The name of the user the signing certificate belongs to.</p>
|
|
1799
|
-
*
|
|
1814
|
+
* <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters consisting of upper and lowercase alphanumeric
|
|
1800
1815
|
* characters with no spaces. You can also include any of the following characters: _+=,.@-</p>
|
|
1801
1816
|
*/
|
|
1802
1817
|
UserName?: string;
|
|
1803
1818
|
/**
|
|
1804
1819
|
* <p>The ID of the signing certificate to delete.</p>
|
|
1805
|
-
*
|
|
1820
|
+
* <p>The format of this parameter, as described by its <a href="http://wikipedia.org/wiki/regex">regex</a> pattern, is a string of
|
|
1806
1821
|
* characters that can be upper- or lower-cased letters or digits.</p>
|
|
1807
1822
|
*/
|
|
1808
1823
|
CertificateId: string | undefined;
|
|
@@ -1810,13 +1825,13 @@ export interface DeleteSigningCertificateRequest {
|
|
|
1810
1825
|
export interface DeleteSSHPublicKeyRequest {
|
|
1811
1826
|
/**
|
|
1812
1827
|
* <p>The name of the IAM user associated with the SSH public key.</p>
|
|
1813
|
-
*
|
|
1828
|
+
* <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters consisting of upper and lowercase alphanumeric
|
|
1814
1829
|
* characters with no spaces. You can also include any of the following characters: _+=,.@-</p>
|
|
1815
1830
|
*/
|
|
1816
1831
|
UserName: string | undefined;
|
|
1817
1832
|
/**
|
|
1818
1833
|
* <p>The unique identifier for the SSH public key.</p>
|
|
1819
|
-
*
|
|
1834
|
+
* <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters that can
|
|
1820
1835
|
* consist of any upper or lowercased letter or digit.</p>
|
|
1821
1836
|
*/
|
|
1822
1837
|
SSHPublicKeyId: string | undefined;
|
|
@@ -1824,7 +1839,7 @@ export interface DeleteSSHPublicKeyRequest {
|
|
|
1824
1839
|
export interface DeleteUserRequest {
|
|
1825
1840
|
/**
|
|
1826
1841
|
* <p>The name of the user to delete.</p>
|
|
1827
|
-
*
|
|
1842
|
+
* <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters consisting of upper and lowercase alphanumeric
|
|
1828
1843
|
* characters with no spaces. You can also include any of the following characters: _+=,.@-</p>
|
|
1829
1844
|
*/
|
|
1830
1845
|
UserName: string | undefined;
|
|
@@ -1840,13 +1855,13 @@ export interface DeleteUserPolicyRequest {
|
|
|
1840
1855
|
/**
|
|
1841
1856
|
* <p>The name (friendly name, not ARN) identifying the user that the policy is embedded
|
|
1842
1857
|
* in.</p>
|
|
1843
|
-
*
|
|
1858
|
+
* <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters consisting of upper and lowercase alphanumeric
|
|
1844
1859
|
* characters with no spaces. You can also include any of the following characters: _+=,.@-</p>
|
|
1845
1860
|
*/
|
|
1846
1861
|
UserName: string | undefined;
|
|
1847
1862
|
/**
|
|
1848
1863
|
* <p>The name identifying the policy document to delete.</p>
|
|
1849
|
-
*
|
|
1864
|
+
* <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters consisting of upper and lowercase alphanumeric
|
|
1850
1865
|
* characters with no spaces. You can also include any of the following characters: _+=,.@-</p>
|
|
1851
1866
|
*/
|
|
1852
1867
|
PolicyName: string | undefined;
|
|
@@ -1855,7 +1870,7 @@ export interface DeleteVirtualMFADeviceRequest {
|
|
|
1855
1870
|
/**
|
|
1856
1871
|
* <p>The serial number that uniquely identifies the MFA device. For virtual MFA devices,
|
|
1857
1872
|
* the serial number is the same as the ARN.</p>
|
|
1858
|
-
*
|
|
1873
|
+
* <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters consisting
|
|
1859
1874
|
* of upper and lowercase alphanumeric characters with no spaces. You can also include any of the
|
|
1860
1875
|
* following characters: =,.@:/-</p>
|
|
1861
1876
|
*/
|
|
@@ -1864,81 +1879,81 @@ export interface DeleteVirtualMFADeviceRequest {
|
|
|
1864
1879
|
export interface DetachGroupPolicyRequest {
|
|
1865
1880
|
/**
|
|
1866
1881
|
* <p>The name (friendly name, not ARN) of the IAM group to detach the policy from.</p>
|
|
1867
|
-
*
|
|
1882
|
+
* <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters consisting of upper and lowercase alphanumeric
|
|
1868
1883
|
* characters with no spaces. You can also include any of the following characters: _+=,.@-</p>
|
|
1869
1884
|
*/
|
|
1870
1885
|
GroupName: string | undefined;
|
|
1871
1886
|
/**
|
|
1872
1887
|
* <p>The Amazon Resource Name (ARN) of the IAM policy you want to detach.</p>
|
|
1873
|
-
*
|
|
1888
|
+
* <p>For more information about ARNs, see <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resource Names (ARNs)</a> in the <i>Amazon Web Services General Reference</i>.</p>
|
|
1874
1889
|
*/
|
|
1875
1890
|
PolicyArn: string | undefined;
|
|
1876
1891
|
}
|
|
1877
1892
|
export interface DetachRolePolicyRequest {
|
|
1878
1893
|
/**
|
|
1879
1894
|
* <p>The name (friendly name, not ARN) of the IAM role to detach the policy from.</p>
|
|
1880
|
-
*
|
|
1895
|
+
* <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters consisting of upper and lowercase alphanumeric
|
|
1881
1896
|
* characters with no spaces. You can also include any of the following characters: _+=,.@-</p>
|
|
1882
1897
|
*/
|
|
1883
1898
|
RoleName: string | undefined;
|
|
1884
1899
|
/**
|
|
1885
1900
|
* <p>The Amazon Resource Name (ARN) of the IAM policy you want to detach.</p>
|
|
1886
|
-
*
|
|
1901
|
+
* <p>For more information about ARNs, see <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resource Names (ARNs)</a> in the <i>Amazon Web Services General Reference</i>.</p>
|
|
1887
1902
|
*/
|
|
1888
1903
|
PolicyArn: string | undefined;
|
|
1889
1904
|
}
|
|
1890
1905
|
export interface DetachUserPolicyRequest {
|
|
1891
1906
|
/**
|
|
1892
1907
|
* <p>The name (friendly name, not ARN) of the IAM user to detach the policy from.</p>
|
|
1893
|
-
*
|
|
1908
|
+
* <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters consisting of upper and lowercase alphanumeric
|
|
1894
1909
|
* characters with no spaces. You can also include any of the following characters: _+=,.@-</p>
|
|
1895
1910
|
*/
|
|
1896
1911
|
UserName: string | undefined;
|
|
1897
1912
|
/**
|
|
1898
1913
|
* <p>The Amazon Resource Name (ARN) of the IAM policy you want to detach.</p>
|
|
1899
|
-
*
|
|
1914
|
+
* <p>For more information about ARNs, see <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resource Names (ARNs)</a> in the <i>Amazon Web Services General Reference</i>.</p>
|
|
1900
1915
|
*/
|
|
1901
1916
|
PolicyArn: string | undefined;
|
|
1902
1917
|
}
|
|
1903
1918
|
export interface EnableMFADeviceRequest {
|
|
1904
1919
|
/**
|
|
1905
1920
|
* <p>The name of the IAM user for whom you want to enable the MFA device.</p>
|
|
1906
|
-
*
|
|
1921
|
+
* <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters consisting of upper and lowercase alphanumeric
|
|
1907
1922
|
* characters with no spaces. You can also include any of the following characters: _+=,.@-</p>
|
|
1908
1923
|
*/
|
|
1909
1924
|
UserName: string | undefined;
|
|
1910
1925
|
/**
|
|
1911
1926
|
* <p>The serial number that uniquely identifies the MFA device. For virtual MFA devices,
|
|
1912
1927
|
* the serial number is the device ARN.</p>
|
|
1913
|
-
*
|
|
1928
|
+
* <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters consisting
|
|
1914
1929
|
* of upper and lowercase alphanumeric characters with no spaces. You can also include any of the
|
|
1915
1930
|
* following characters: =,.@:/-</p>
|
|
1916
1931
|
*/
|
|
1917
1932
|
SerialNumber: string | undefined;
|
|
1918
1933
|
/**
|
|
1919
1934
|
* <p>An authentication code emitted by the device. </p>
|
|
1920
|
-
*
|
|
1921
|
-
*
|
|
1935
|
+
* <p>The format for this parameter is a string of six digits.</p>
|
|
1936
|
+
* <important>
|
|
1922
1937
|
* <p>Submit your request immediately after generating the authentication codes. If you
|
|
1923
1938
|
* generate the codes and then wait too long to submit the request, the MFA device
|
|
1924
1939
|
* successfully associates with the user but the MFA device becomes out of sync. This
|
|
1925
1940
|
* happens because time-based one-time passwords (TOTP) expire after a short period of
|
|
1926
1941
|
* time. If this happens, you can <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_sync.html">resync the
|
|
1927
1942
|
* device</a>.</p>
|
|
1928
|
-
*
|
|
1943
|
+
* </important>
|
|
1929
1944
|
*/
|
|
1930
1945
|
AuthenticationCode1: string | undefined;
|
|
1931
1946
|
/**
|
|
1932
1947
|
* <p>A subsequent authentication code emitted by the device.</p>
|
|
1933
|
-
*
|
|
1934
|
-
*
|
|
1948
|
+
* <p>The format for this parameter is a string of six digits.</p>
|
|
1949
|
+
* <important>
|
|
1935
1950
|
* <p>Submit your request immediately after generating the authentication codes. If you
|
|
1936
1951
|
* generate the codes and then wait too long to submit the request, the MFA device
|
|
1937
1952
|
* successfully associates with the user but the MFA device becomes out of sync. This
|
|
1938
1953
|
* happens because time-based one-time passwords (TOTP) expire after a short period of
|
|
1939
1954
|
* time. If this happens, you can <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_sync.html">resync the
|
|
1940
1955
|
* device</a>.</p>
|
|
1941
|
-
*
|
|
1956
|
+
* </important>
|
|
1942
1957
|
*/
|
|
1943
1958
|
AuthenticationCode2: string | undefined;
|
|
1944
1959
|
}
|
|
@@ -1986,7 +2001,7 @@ export interface GenerateOrganizationsAccessReportRequest {
|
|
|
1986
2001
|
/**
|
|
1987
2002
|
* <p>The identifier of the Organizations service control policy (SCP). This parameter is
|
|
1988
2003
|
* optional.</p>
|
|
1989
|
-
*
|
|
2004
|
+
* <p>This ID is used to generate information about when an account principal that is
|
|
1990
2005
|
* limited by the SCP attempted to access an Amazon Web Services service.</p>
|
|
1991
2006
|
*/
|
|
1992
2007
|
OrganizationsPolicyId?: string;
|
|
@@ -2037,7 +2052,7 @@ export interface GenerateServiceLastAccessedDetailsResponse {
|
|
|
2037
2052
|
export interface GetAccessKeyLastUsedRequest {
|
|
2038
2053
|
/**
|
|
2039
2054
|
* <p>The identifier of an access key.</p>
|
|
2040
|
-
*
|
|
2055
|
+
* <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters that can
|
|
2041
2056
|
* consist of any upper or lowercased letter or digit.</p>
|
|
2042
2057
|
*/
|
|
2043
2058
|
AccessKeyId: string | undefined;
|
|
@@ -2050,7 +2065,7 @@ export interface GetAccessKeyLastUsedRequest {
|
|
|
2050
2065
|
export interface GetAccessKeyLastUsedResponse {
|
|
2051
2066
|
/**
|
|
2052
2067
|
* <p>The name of the IAM user that owns this access key.</p>
|
|
2053
|
-
*
|
|
2068
|
+
* <p></p>
|
|
2054
2069
|
*/
|
|
2055
2070
|
UserName?: string;
|
|
2056
2071
|
/**
|
|
@@ -2070,7 +2085,7 @@ export interface GetAccountAuthorizationDetailsRequest {
|
|
|
2070
2085
|
* <p>A list of entity types used to filter the results. Only the entities that match the
|
|
2071
2086
|
* types you specify are included in the output. Use the value
|
|
2072
2087
|
* <code>LocalManagedPolicy</code> to include customer managed policies.</p>
|
|
2073
|
-
*
|
|
2088
|
+
* <p>The format for this parameter is a comma-separated (if more than one) list of strings.
|
|
2074
2089
|
* Each string value in the list must be one of the valid values listed below.</p>
|
|
2075
2090
|
*/
|
|
2076
2091
|
Filter?: (EntityType | string)[];
|
|
@@ -2502,7 +2517,7 @@ export interface GetContextKeysForCustomPolicyRequest {
|
|
|
2502
2517
|
* <p>A list of policies for which you want the list of context keys referenced in those
|
|
2503
2518
|
* policies. Each document is specified as a string containing the complete, valid JSON
|
|
2504
2519
|
* text of an IAM policy.</p>
|
|
2505
|
-
*
|
|
2520
|
+
* <p>The <a href="http://wikipedia.org/wiki/regex">regex pattern</a>
|
|
2506
2521
|
* used to validate this parameter is a string of characters consisting of the following:</p>
|
|
2507
2522
|
* <ul>
|
|
2508
2523
|
* <li>
|
|
@@ -2539,13 +2554,13 @@ export interface GetContextKeysForPrincipalPolicyRequest {
|
|
|
2539
2554
|
* that are found in policies attached to that entity. Note that all parameters are shown
|
|
2540
2555
|
* in unencoded form here for clarity, but must be URL encoded to be included as a part of
|
|
2541
2556
|
* a real HTML request.</p>
|
|
2542
|
-
*
|
|
2557
|
+
* <p>For more information about ARNs, see <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resource Names (ARNs)</a> in the <i>Amazon Web Services General Reference</i>.</p>
|
|
2543
2558
|
*/
|
|
2544
2559
|
PolicySourceArn: string | undefined;
|
|
2545
2560
|
/**
|
|
2546
2561
|
* <p>An optional list of additional policies for which you want the list of context keys
|
|
2547
2562
|
* that are referenced.</p>
|
|
2548
|
-
*
|
|
2563
|
+
* <p>The <a href="http://wikipedia.org/wiki/regex">regex pattern</a>
|
|
2549
2564
|
* used to validate this parameter is a string of characters consisting of the following:</p>
|
|
2550
2565
|
* <ul>
|
|
2551
2566
|
* <li>
|
|
@@ -2625,7 +2640,7 @@ export interface GetCredentialReportResponse {
|
|
|
2625
2640
|
export interface GetGroupRequest {
|
|
2626
2641
|
/**
|
|
2627
2642
|
* <p>The name of the group.</p>
|
|
2628
|
-
*
|
|
2643
|
+
* <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters consisting of upper and lowercase alphanumeric
|
|
2629
2644
|
* characters with no spaces. You can also include any of the following characters: _+=,.@-</p>
|
|
2630
2645
|
*/
|
|
2631
2646
|
GroupName: string | undefined;
|
|
@@ -2679,13 +2694,13 @@ export interface GetGroupResponse {
|
|
|
2679
2694
|
export interface GetGroupPolicyRequest {
|
|
2680
2695
|
/**
|
|
2681
2696
|
* <p>The name of the group the policy is associated with.</p>
|
|
2682
|
-
*
|
|
2697
|
+
* <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters consisting of upper and lowercase alphanumeric
|
|
2683
2698
|
* characters with no spaces. You can also include any of the following characters: _+=,.@-</p>
|
|
2684
2699
|
*/
|
|
2685
2700
|
GroupName: string | undefined;
|
|
2686
2701
|
/**
|
|
2687
2702
|
* <p>The name of the policy document to get.</p>
|
|
2688
|
-
*
|
|
2703
|
+
* <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters consisting of upper and lowercase alphanumeric
|
|
2689
2704
|
* characters with no spaces. You can also include any of the following characters: _+=,.@-</p>
|
|
2690
2705
|
*/
|
|
2691
2706
|
PolicyName: string | undefined;
|
|
@@ -2705,8 +2720,7 @@ export interface GetGroupPolicyResponse {
|
|
|
2705
2720
|
PolicyName: string | undefined;
|
|
2706
2721
|
/**
|
|
2707
2722
|
* <p>The policy document.</p>
|
|
2708
|
-
*
|
|
2709
|
-
* <p>IAM stores policies in JSON format. However, resources that were created using CloudFormation
|
|
2723
|
+
* <p>IAM stores policies in JSON format. However, resources that were created using CloudFormation
|
|
2710
2724
|
* templates can be formatted in YAML. CloudFormation always converts a YAML policy to JSON format
|
|
2711
2725
|
* before submitting it to IAM.</p>
|
|
2712
2726
|
*/
|
|
@@ -2715,7 +2729,7 @@ export interface GetGroupPolicyResponse {
|
|
|
2715
2729
|
export interface GetInstanceProfileRequest {
|
|
2716
2730
|
/**
|
|
2717
2731
|
* <p>The name of the instance profile to get information about.</p>
|
|
2718
|
-
*
|
|
2732
|
+
* <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters consisting of upper and lowercase alphanumeric
|
|
2719
2733
|
* characters with no spaces. You can also include any of the following characters: _+=,.@-</p>
|
|
2720
2734
|
*/
|
|
2721
2735
|
InstanceProfileName: string | undefined;
|
|
@@ -2733,7 +2747,7 @@ export interface GetInstanceProfileResponse {
|
|
|
2733
2747
|
export interface GetLoginProfileRequest {
|
|
2734
2748
|
/**
|
|
2735
2749
|
* <p>The name of the user whose login profile you want to retrieve.</p>
|
|
2736
|
-
*
|
|
2750
|
+
* <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters consisting of upper and lowercase alphanumeric
|
|
2737
2751
|
* characters with no spaces. You can also include any of the following characters: _+=,.@-</p>
|
|
2738
2752
|
*/
|
|
2739
2753
|
UserName: string | undefined;
|
|
@@ -2753,7 +2767,7 @@ export interface GetOpenIDConnectProviderRequest {
|
|
|
2753
2767
|
/**
|
|
2754
2768
|
* <p>The Amazon Resource Name (ARN) of the OIDC provider resource object in IAM to get
|
|
2755
2769
|
* information for. You can get a list of OIDC provider resource ARNs by using the <a>ListOpenIDConnectProviders</a> operation.</p>
|
|
2756
|
-
*
|
|
2770
|
+
* <p>For more information about ARNs, see <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resource Names (ARNs)</a> in the <i>Amazon Web Services General Reference</i>.</p>
|
|
2757
2771
|
*/
|
|
2758
2772
|
OpenIDConnectProviderArn: string | undefined;
|
|
2759
2773
|
}
|
|
@@ -2857,7 +2871,7 @@ export interface GetOrganizationsAccessReportResponse {
|
|
|
2857
2871
|
/**
|
|
2858
2872
|
* <p>The date and time, in <a href="http://www.iso.org/iso/iso8601">ISO 8601 date-time
|
|
2859
2873
|
* format</a>, when the generated report job was completed or failed.</p>
|
|
2860
|
-
*
|
|
2874
|
+
* <p>This field is null if the job is still in progress, as indicated by a job status value
|
|
2861
2875
|
* of <code>IN_PROGRESS</code>.</p>
|
|
2862
2876
|
*/
|
|
2863
2877
|
JobCompletionDate?: Date;
|
|
@@ -2901,7 +2915,7 @@ export interface GetPolicyRequest {
|
|
|
2901
2915
|
/**
|
|
2902
2916
|
* <p>The Amazon Resource Name (ARN) of the managed policy that you want information
|
|
2903
2917
|
* about.</p>
|
|
2904
|
-
*
|
|
2918
|
+
* <p>For more information about ARNs, see <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resource Names (ARNs)</a> in the <i>Amazon Web Services General Reference</i>.</p>
|
|
2905
2919
|
*/
|
|
2906
2920
|
PolicyArn: string | undefined;
|
|
2907
2921
|
}
|
|
@@ -2918,12 +2932,12 @@ export interface GetPolicyVersionRequest {
|
|
|
2918
2932
|
/**
|
|
2919
2933
|
* <p>The Amazon Resource Name (ARN) of the managed policy that you want information
|
|
2920
2934
|
* about.</p>
|
|
2921
|
-
*
|
|
2935
|
+
* <p>For more information about ARNs, see <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resource Names (ARNs)</a> in the <i>Amazon Web Services General Reference</i>.</p>
|
|
2922
2936
|
*/
|
|
2923
2937
|
PolicyArn: string | undefined;
|
|
2924
2938
|
/**
|
|
2925
2939
|
* <p>Identifies the policy version to retrieve.</p>
|
|
2926
|
-
*
|
|
2940
|
+
* <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters that
|
|
2927
2941
|
* consists of the lowercase letter 'v' followed by one or two digits, and optionally
|
|
2928
2942
|
* followed by a period '.' and a string of letters and digits.</p>
|
|
2929
2943
|
*/
|
|
@@ -2942,7 +2956,7 @@ export interface GetPolicyVersionResponse {
|
|
|
2942
2956
|
export interface GetRoleRequest {
|
|
2943
2957
|
/**
|
|
2944
2958
|
* <p>The name of the IAM role to get information about.</p>
|
|
2945
|
-
*
|
|
2959
|
+
* <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters consisting of upper and lowercase alphanumeric
|
|
2946
2960
|
* characters with no spaces. You can also include any of the following characters: _+=,.@-</p>
|
|
2947
2961
|
*/
|
|
2948
2962
|
RoleName: string | undefined;
|
|
@@ -2959,13 +2973,13 @@ export interface GetRoleResponse {
|
|
|
2959
2973
|
export interface GetRolePolicyRequest {
|
|
2960
2974
|
/**
|
|
2961
2975
|
* <p>The name of the role associated with the policy.</p>
|
|
2962
|
-
*
|
|
2976
|
+
* <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters consisting of upper and lowercase alphanumeric
|
|
2963
2977
|
* characters with no spaces. You can also include any of the following characters: _+=,.@-</p>
|
|
2964
2978
|
*/
|
|
2965
2979
|
RoleName: string | undefined;
|
|
2966
2980
|
/**
|
|
2967
2981
|
* <p>The name of the policy document to get.</p>
|
|
2968
|
-
*
|
|
2982
|
+
* <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters consisting of upper and lowercase alphanumeric
|
|
2969
2983
|
* characters with no spaces. You can also include any of the following characters: _+=,.@-</p>
|
|
2970
2984
|
*/
|
|
2971
2985
|
PolicyName: string | undefined;
|
|
@@ -2985,7 +2999,7 @@ export interface GetRolePolicyResponse {
|
|
|
2985
2999
|
PolicyName: string | undefined;
|
|
2986
3000
|
/**
|
|
2987
3001
|
* <p>The policy document.</p>
|
|
2988
|
-
*
|
|
3002
|
+
* <p>IAM stores policies in JSON format. However, resources that were created using CloudFormation
|
|
2989
3003
|
* templates can be formatted in YAML. CloudFormation always converts a YAML policy to JSON format
|
|
2990
3004
|
* before submitting it to IAM.</p>
|
|
2991
3005
|
*/
|
|
@@ -2995,7 +3009,7 @@ export interface GetSAMLProviderRequest {
|
|
|
2995
3009
|
/**
|
|
2996
3010
|
* <p>The Amazon Resource Name (ARN) of the SAML provider resource object in IAM to get
|
|
2997
3011
|
* information about.</p>
|
|
2998
|
-
*
|
|
3012
|
+
* <p>For more information about ARNs, see <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resource Names (ARNs)</a> in the <i>Amazon Web Services General Reference</i>.</p>
|
|
2999
3013
|
*/
|
|
3000
3014
|
SAMLProviderArn: string | undefined;
|
|
3001
3015
|
}
|
|
@@ -3026,7 +3040,7 @@ export interface GetSAMLProviderResponse {
|
|
|
3026
3040
|
export interface GetServerCertificateRequest {
|
|
3027
3041
|
/**
|
|
3028
3042
|
* <p>The name of the server certificate you want to retrieve information about.</p>
|
|
3029
|
-
*
|
|
3043
|
+
* <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters consisting of upper and lowercase alphanumeric
|
|
3030
3044
|
* characters with no spaces. You can also include any of the following characters: _+=,.@-</p>
|
|
3031
3045
|
*/
|
|
3032
3046
|
ServerCertificateName: string | undefined;
|
|
@@ -3242,7 +3256,7 @@ export interface GetServiceLastAccessedDetailsResponse {
|
|
|
3242
3256
|
/**
|
|
3243
3257
|
* <p>The date and time, in <a href="http://www.iso.org/iso/iso8601">ISO 8601 date-time
|
|
3244
3258
|
* format</a>, when the generated report job was completed or failed.</p>
|
|
3245
|
-
*
|
|
3259
|
+
* <p>This field is null if the job is still in progress, as indicated by a job status value
|
|
3246
3260
|
* of <code>IN_PROGRESS</code>.</p>
|
|
3247
3261
|
*/
|
|
3248
3262
|
JobCompletionDate: Date | undefined;
|
|
@@ -3275,7 +3289,7 @@ export interface GetServiceLastAccessedDetailsWithEntitiesRequest {
|
|
|
3275
3289
|
/**
|
|
3276
3290
|
* <p>The service namespace for an Amazon Web Services service. Provide the service namespace to learn
|
|
3277
3291
|
* when the IAM entity last attempted to access the specified service.</p>
|
|
3278
|
-
*
|
|
3292
|
+
* <p>To learn the service namespace for a service, see <a href="https://docs.aws.amazon.com/service-authorization/latest/reference/reference_policies_actions-resources-contextkeys.html">Actions, resources, and condition keys for Amazon Web Services services</a> in the
|
|
3279
3293
|
* <i>IAM User Guide</i>. Choose the name of the service to view
|
|
3280
3294
|
* details for that service. In the first paragraph, find the service prefix. For example,
|
|
3281
3295
|
* <code>(service prefix: a4b)</code>. For more information about service namespaces,
|
|
@@ -3369,7 +3383,7 @@ export interface GetServiceLastAccessedDetailsWithEntitiesResponse {
|
|
|
3369
3383
|
/**
|
|
3370
3384
|
* <p>The date and time, in <a href="http://www.iso.org/iso/iso8601">ISO 8601 date-time
|
|
3371
3385
|
* format</a>, when the generated report job was completed or failed.</p>
|
|
3372
|
-
*
|
|
3386
|
+
* <p>This field is null if the job is still in progress, as indicated by a job status value
|
|
3373
3387
|
* of <code>IN_PROGRESS</code>.</p>
|
|
3374
3388
|
*/
|
|
3375
3389
|
JobCompletionDate: Date | undefined;
|
|
@@ -3463,13 +3477,13 @@ export declare enum EncodingType {
|
|
|
3463
3477
|
export interface GetSSHPublicKeyRequest {
|
|
3464
3478
|
/**
|
|
3465
3479
|
* <p>The name of the IAM user associated with the SSH public key.</p>
|
|
3466
|
-
*
|
|
3480
|
+
* <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters consisting of upper and lowercase alphanumeric
|
|
3467
3481
|
* characters with no spaces. You can also include any of the following characters: _+=,.@-</p>
|
|
3468
3482
|
*/
|
|
3469
3483
|
UserName: string | undefined;
|
|
3470
3484
|
/**
|
|
3471
3485
|
* <p>The unique identifier for the SSH public key.</p>
|
|
3472
|
-
*
|
|
3486
|
+
* <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters that can
|
|
3473
3487
|
* consist of any upper or lowercased letter or digit.</p>
|
|
3474
3488
|
*/
|
|
3475
3489
|
SSHPublicKeyId: string | undefined;
|
|
@@ -3539,7 +3553,7 @@ export declare class UnrecognizedPublicKeyEncodingException extends __BaseExcept
|
|
|
3539
3553
|
export interface GetUserRequest {
|
|
3540
3554
|
/**
|
|
3541
3555
|
* <p>The name of the user to get information about.</p>
|
|
3542
|
-
*
|
|
3556
|
+
* <p>This parameter is optional. If it is not included, it defaults to the user making the
|
|
3543
3557
|
* request. This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters consisting of upper and lowercase alphanumeric
|
|
3544
3558
|
* characters with no spaces. You can also include any of the following characters: _+=,.@-</p>
|
|
3545
3559
|
*/
|
|
@@ -3551,7 +3565,7 @@ export interface GetUserRequest {
|
|
|
3551
3565
|
export interface GetUserResponse {
|
|
3552
3566
|
/**
|
|
3553
3567
|
* <p>A structure containing details about the IAM user.</p>
|
|
3554
|
-
*
|
|
3568
|
+
* <important>
|
|
3555
3569
|
* <p>Due to a service issue, password last used data does not include password use from
|
|
3556
3570
|
* May 3, 2018 22:50 PDT to May 23, 2018 14:08 PDT. This affects <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_finding-unused.html">last sign-in</a> dates shown in the IAM console and password last used
|
|
3557
3571
|
* dates in the <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_getting-report.html">IAM credential
|
|
@@ -3565,20 +3579,20 @@ export interface GetUserResponse {
|
|
|
3565
3579
|
* window to include dates after May 23, 2018. Alternatively, if your users use access
|
|
3566
3580
|
* keys to access Amazon Web Services programmatically you can refer to access key last used
|
|
3567
3581
|
* information because it is accurate for all dates. </p>
|
|
3568
|
-
*
|
|
3582
|
+
* </important>
|
|
3569
3583
|
*/
|
|
3570
3584
|
User: User | undefined;
|
|
3571
3585
|
}
|
|
3572
3586
|
export interface GetUserPolicyRequest {
|
|
3573
3587
|
/**
|
|
3574
3588
|
* <p>The name of the user who the policy is associated with.</p>
|
|
3575
|
-
*
|
|
3589
|
+
* <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters consisting of upper and lowercase alphanumeric
|
|
3576
3590
|
* characters with no spaces. You can also include any of the following characters: _+=,.@-</p>
|
|
3577
3591
|
*/
|
|
3578
3592
|
UserName: string | undefined;
|
|
3579
3593
|
/**
|
|
3580
3594
|
* <p>The name of the policy document to get.</p>
|
|
3581
|
-
*
|
|
3595
|
+
* <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters consisting of upper and lowercase alphanumeric
|
|
3582
3596
|
* characters with no spaces. You can also include any of the following characters: _+=,.@-</p>
|
|
3583
3597
|
*/
|
|
3584
3598
|
PolicyName: string | undefined;
|
|
@@ -3598,8 +3612,7 @@ export interface GetUserPolicyResponse {
|
|
|
3598
3612
|
PolicyName: string | undefined;
|
|
3599
3613
|
/**
|
|
3600
3614
|
* <p>The policy document.</p>
|
|
3601
|
-
*
|
|
3602
|
-
* <p>IAM stores policies in JSON format. However, resources that were created using CloudFormation
|
|
3615
|
+
* <p>IAM stores policies in JSON format. However, resources that were created using CloudFormation
|
|
3603
3616
|
* templates can be formatted in YAML. CloudFormation always converts a YAML policy to JSON format
|
|
3604
3617
|
* before submitting it to IAM.</p>
|
|
3605
3618
|
*/
|
|
@@ -3608,7 +3621,7 @@ export interface GetUserPolicyResponse {
|
|
|
3608
3621
|
export interface ListAccessKeysRequest {
|
|
3609
3622
|
/**
|
|
3610
3623
|
* <p>The name of the user.</p>
|
|
3611
|
-
*
|
|
3624
|
+
* <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters consisting of upper and lowercase alphanumeric
|
|
3612
3625
|
* characters with no spaces. You can also include any of the following characters: _+=,.@-</p>
|
|
3613
3626
|
*/
|
|
3614
3627
|
UserName?: string;
|
|
@@ -3705,14 +3718,14 @@ export interface ListAccountAliasesResponse {
|
|
|
3705
3718
|
export interface ListAttachedGroupPoliciesRequest {
|
|
3706
3719
|
/**
|
|
3707
3720
|
* <p>The name (friendly name, not ARN) of the group to list attached policies for.</p>
|
|
3708
|
-
*
|
|
3721
|
+
* <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters consisting of upper and lowercase alphanumeric
|
|
3709
3722
|
* characters with no spaces. You can also include any of the following characters: _+=,.@-</p>
|
|
3710
3723
|
*/
|
|
3711
3724
|
GroupName: string | undefined;
|
|
3712
3725
|
/**
|
|
3713
3726
|
* <p>The path prefix for filtering the results. This parameter is optional. If it is not
|
|
3714
3727
|
* included, it defaults to a slash (/), listing all policies.</p>
|
|
3715
|
-
*
|
|
3728
|
+
* <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters consisting
|
|
3716
3729
|
* of either a forward slash (/) by itself or a string that must begin and end with forward slashes.
|
|
3717
3730
|
* In addition, it can contain any ASCII character from the ! (<code>\u0021</code>) through the DEL character (<code>\u007F</code>), including
|
|
3718
3731
|
* most punctuation characters, digits, and upper and lowercased letters.</p>
|
|
@@ -3765,14 +3778,14 @@ export interface ListAttachedGroupPoliciesResponse {
|
|
|
3765
3778
|
export interface ListAttachedRolePoliciesRequest {
|
|
3766
3779
|
/**
|
|
3767
3780
|
* <p>The name (friendly name, not ARN) of the role to list attached policies for.</p>
|
|
3768
|
-
*
|
|
3781
|
+
* <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters consisting of upper and lowercase alphanumeric
|
|
3769
3782
|
* characters with no spaces. You can also include any of the following characters: _+=,.@-</p>
|
|
3770
3783
|
*/
|
|
3771
3784
|
RoleName: string | undefined;
|
|
3772
3785
|
/**
|
|
3773
3786
|
* <p>The path prefix for filtering the results. This parameter is optional. If it is not
|
|
3774
3787
|
* included, it defaults to a slash (/), listing all policies.</p>
|
|
3775
|
-
*
|
|
3788
|
+
* <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters consisting
|
|
3776
3789
|
* of either a forward slash (/) by itself or a string that must begin and end with forward slashes.
|
|
3777
3790
|
* In addition, it can contain any ASCII character from the ! (<code>\u0021</code>) through the DEL character (<code>\u007F</code>), including
|
|
3778
3791
|
* most punctuation characters, digits, and upper and lowercased letters.</p>
|
|
@@ -3825,14 +3838,14 @@ export interface ListAttachedRolePoliciesResponse {
|
|
|
3825
3838
|
export interface ListAttachedUserPoliciesRequest {
|
|
3826
3839
|
/**
|
|
3827
3840
|
* <p>The name (friendly name, not ARN) of the user to list attached policies for.</p>
|
|
3828
|
-
*
|
|
3841
|
+
* <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters consisting of upper and lowercase alphanumeric
|
|
3829
3842
|
* characters with no spaces. You can also include any of the following characters: _+=,.@-</p>
|
|
3830
3843
|
*/
|
|
3831
3844
|
UserName: string | undefined;
|
|
3832
3845
|
/**
|
|
3833
3846
|
* <p>The path prefix for filtering the results. This parameter is optional. If it is not
|
|
3834
3847
|
* included, it defaults to a slash (/), listing all policies.</p>
|
|
3835
|
-
*
|
|
3848
|
+
* <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters consisting
|
|
3836
3849
|
* of either a forward slash (/) by itself or a string that must begin and end with forward slashes.
|
|
3837
3850
|
* In addition, it can contain any ASCII character from the ! (<code>\u0021</code>) through the DEL character (<code>\u007F</code>), including
|
|
3838
3851
|
* most punctuation characters, digits, and upper and lowercased letters.</p>
|
|
@@ -3890,12 +3903,12 @@ export interface ListEntitiesForPolicyRequest {
|
|
|
3890
3903
|
/**
|
|
3891
3904
|
* <p>The Amazon Resource Name (ARN) of the IAM policy for which you want the
|
|
3892
3905
|
* versions.</p>
|
|
3893
|
-
*
|
|
3906
|
+
* <p>For more information about ARNs, see <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resource Names (ARNs)</a> in the <i>Amazon Web Services General Reference</i>.</p>
|
|
3894
3907
|
*/
|
|
3895
3908
|
PolicyArn: string | undefined;
|
|
3896
3909
|
/**
|
|
3897
3910
|
* <p>The entity type to use for filtering the results.</p>
|
|
3898
|
-
*
|
|
3911
|
+
* <p>For example, when <code>EntityFilter</code> is <code>Role</code>, only the roles that
|
|
3899
3912
|
* are attached to the specified policy are returned. This parameter is optional. If it is
|
|
3900
3913
|
* not included, all attached entities (users, groups, and roles) are returned. The
|
|
3901
3914
|
* argument for this parameter must be one of the valid values listed below.</p>
|
|
@@ -3904,7 +3917,7 @@ export interface ListEntitiesForPolicyRequest {
|
|
|
3904
3917
|
/**
|
|
3905
3918
|
* <p>The path prefix for filtering the results. This parameter is optional. If it is not
|
|
3906
3919
|
* included, it defaults to a slash (/), listing all entities.</p>
|
|
3907
|
-
*
|
|
3920
|
+
* <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters consisting
|
|
3908
3921
|
* of either a forward slash (/) by itself or a string that must begin and end with forward slashes.
|
|
3909
3922
|
* In addition, it can contain any ASCII character from the ! (<code>\u0021</code>) through the DEL character (<code>\u007F</code>), including
|
|
3910
3923
|
* most punctuation characters, digits, and upper and lowercased letters.</p>
|
|
@@ -3912,11 +3925,11 @@ export interface ListEntitiesForPolicyRequest {
|
|
|
3912
3925
|
PathPrefix?: string;
|
|
3913
3926
|
/**
|
|
3914
3927
|
* <p>The policy usage method to use for filtering the results.</p>
|
|
3915
|
-
*
|
|
3928
|
+
* <p>To list only permissions policies,
|
|
3916
3929
|
* set <code>PolicyUsageFilter</code> to <code>PermissionsPolicy</code>. To list only
|
|
3917
3930
|
* the policies used to set permissions boundaries, set the value
|
|
3918
3931
|
* to <code>PermissionsBoundary</code>.</p>
|
|
3919
|
-
*
|
|
3932
|
+
* <p>This parameter is optional. If it is not included, all policies are returned. </p>
|
|
3920
3933
|
*/
|
|
3921
3934
|
PolicyUsageFilter?: PolicyUsageType | string;
|
|
3922
3935
|
/**
|
|
@@ -4028,7 +4041,7 @@ export interface ListEntitiesForPolicyResponse {
|
|
|
4028
4041
|
export interface ListGroupPoliciesRequest {
|
|
4029
4042
|
/**
|
|
4030
4043
|
* <p>The name of the group to list policies for.</p>
|
|
4031
|
-
*
|
|
4044
|
+
* <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters consisting of upper and lowercase alphanumeric
|
|
4032
4045
|
* characters with no spaces. You can also include any of the following characters: _+=,.@-</p>
|
|
4033
4046
|
*/
|
|
4034
4047
|
GroupName: string | undefined;
|
|
@@ -4058,7 +4071,7 @@ export interface ListGroupPoliciesRequest {
|
|
|
4058
4071
|
export interface ListGroupPoliciesResponse {
|
|
4059
4072
|
/**
|
|
4060
4073
|
* <p>A list of policy names.</p>
|
|
4061
|
-
*
|
|
4074
|
+
* <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters consisting of upper and lowercase alphanumeric
|
|
4062
4075
|
* characters with no spaces. You can also include any of the following characters: _+=,.@-</p>
|
|
4063
4076
|
*/
|
|
4064
4077
|
PolicyNames: string[] | undefined;
|
|
@@ -4083,7 +4096,7 @@ export interface ListGroupsRequest {
|
|
|
4083
4096
|
* <p> The path prefix for filtering the results. For example, the prefix
|
|
4084
4097
|
* <code>/division_abc/subdivision_xyz/</code> gets all groups whose path starts with
|
|
4085
4098
|
* <code>/division_abc/subdivision_xyz/</code>.</p>
|
|
4086
|
-
*
|
|
4099
|
+
* <p>This parameter is optional. If it is not included, it defaults to a slash (/), listing
|
|
4087
4100
|
* all groups. This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters consisting
|
|
4088
4101
|
* of either a forward slash (/) by itself or a string that must begin and end with forward slashes.
|
|
4089
4102
|
* In addition, it can contain any ASCII character from the ! (<code>\u0021</code>) through the DEL character (<code>\u007F</code>), including
|
|
@@ -4136,7 +4149,7 @@ export interface ListGroupsResponse {
|
|
|
4136
4149
|
export interface ListGroupsForUserRequest {
|
|
4137
4150
|
/**
|
|
4138
4151
|
* <p>The name of the user to list groups for.</p>
|
|
4139
|
-
*
|
|
4152
|
+
* <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters consisting of upper and lowercase alphanumeric
|
|
4140
4153
|
* characters with no spaces. You can also include any of the following characters: _+=,.@-</p>
|
|
4141
4154
|
*/
|
|
4142
4155
|
UserName: string | undefined;
|
|
@@ -4189,7 +4202,7 @@ export interface ListInstanceProfilesRequest {
|
|
|
4189
4202
|
* <p> The path prefix for filtering the results. For example, the prefix
|
|
4190
4203
|
* <code>/application_abc/component_xyz/</code> gets all instance profiles whose path
|
|
4191
4204
|
* starts with <code>/application_abc/component_xyz/</code>.</p>
|
|
4192
|
-
*
|
|
4205
|
+
* <p>This parameter is optional. If it is not included, it defaults to a slash (/), listing
|
|
4193
4206
|
* all instance profiles. This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters consisting
|
|
4194
4207
|
* of either a forward slash (/) by itself or a string that must begin and end with forward slashes.
|
|
4195
4208
|
* In addition, it can contain any ASCII character from the ! (<code>\u0021</code>) through the DEL character (<code>\u007F</code>), including
|
|
@@ -4243,7 +4256,7 @@ export interface ListInstanceProfilesResponse {
|
|
|
4243
4256
|
export interface ListInstanceProfilesForRoleRequest {
|
|
4244
4257
|
/**
|
|
4245
4258
|
* <p>The name of the role to list instance profiles for.</p>
|
|
4246
|
-
*
|
|
4259
|
+
* <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters consisting of upper and lowercase alphanumeric
|
|
4247
4260
|
* characters with no spaces. You can also include any of the following characters: _+=,.@-</p>
|
|
4248
4261
|
*/
|
|
4249
4262
|
RoleName: string | undefined;
|
|
@@ -4341,7 +4354,7 @@ export interface ListInstanceProfileTagsResponse {
|
|
|
4341
4354
|
export interface ListMFADevicesRequest {
|
|
4342
4355
|
/**
|
|
4343
4356
|
* <p>The name of the user whose MFA devices you want to list.</p>
|
|
4344
|
-
*
|
|
4357
|
+
* <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters consisting of upper and lowercase alphanumeric
|
|
4345
4358
|
* characters with no spaces. You can also include any of the following characters: _+=,.@-</p>
|
|
4346
4359
|
*/
|
|
4347
4360
|
UserName?: string;
|
|
@@ -4537,16 +4550,16 @@ export declare enum PolicyScopeType {
|
|
|
4537
4550
|
export interface ListPoliciesRequest {
|
|
4538
4551
|
/**
|
|
4539
4552
|
* <p>The scope to use for filtering the results.</p>
|
|
4540
|
-
*
|
|
4553
|
+
* <p>To list only Amazon Web Services managed policies, set <code>Scope</code> to <code>AWS</code>. To
|
|
4541
4554
|
* list only the customer managed policies in your Amazon Web Services account, set <code>Scope</code> to
|
|
4542
4555
|
* <code>Local</code>.</p>
|
|
4543
|
-
*
|
|
4556
|
+
* <p>This parameter is optional. If it is not included, or if it is set to
|
|
4544
4557
|
* <code>All</code>, all policies are returned.</p>
|
|
4545
4558
|
*/
|
|
4546
4559
|
Scope?: PolicyScopeType | string;
|
|
4547
4560
|
/**
|
|
4548
4561
|
* <p>A flag to filter the results to only the attached policies.</p>
|
|
4549
|
-
*
|
|
4562
|
+
* <p>When <code>OnlyAttached</code> is <code>true</code>, the returned list contains only
|
|
4550
4563
|
* the policies that are attached to an IAM user, group, or role. When
|
|
4551
4564
|
* <code>OnlyAttached</code> is <code>false</code>, or when the parameter is not
|
|
4552
4565
|
* included, all policies are returned.</p>
|
|
@@ -4562,11 +4575,11 @@ export interface ListPoliciesRequest {
|
|
|
4562
4575
|
PathPrefix?: string;
|
|
4563
4576
|
/**
|
|
4564
4577
|
* <p>The policy usage method to use for filtering the results.</p>
|
|
4565
|
-
*
|
|
4578
|
+
* <p>To list only permissions policies,
|
|
4566
4579
|
* set <code>PolicyUsageFilter</code> to <code>PermissionsPolicy</code>. To list only
|
|
4567
4580
|
* the policies used to set permissions boundaries, set the value
|
|
4568
4581
|
* to <code>PermissionsBoundary</code>.</p>
|
|
4569
|
-
*
|
|
4582
|
+
* <p>This parameter is optional. If it is not included, all policies are returned. </p>
|
|
4570
4583
|
*/
|
|
4571
4584
|
PolicyUsageFilter?: PolicyUsageType | string;
|
|
4572
4585
|
/**
|
|
@@ -4628,7 +4641,7 @@ export interface ListPoliciesGrantingServiceAccessRequest {
|
|
|
4628
4641
|
Arn: string | undefined;
|
|
4629
4642
|
/**
|
|
4630
4643
|
* <p>The service namespace for the Amazon Web Services services whose policies you want to list.</p>
|
|
4631
|
-
*
|
|
4644
|
+
* <p>To learn the service namespace for a service, see <a href="https://docs.aws.amazon.com/service-authorization/latest/reference/reference_policies_actions-resources-contextkeys.html">Actions, resources, and condition keys for Amazon Web Services services</a> in the
|
|
4632
4645
|
* <i>IAM User Guide</i>. Choose the name of the service to view
|
|
4633
4646
|
* details for that service. In the first paragraph, find the service prefix. For example,
|
|
4634
4647
|
* <code>(service prefix: a4b)</code>. For more information about service namespaces,
|
|
@@ -4775,7 +4788,7 @@ export interface ListPolicyVersionsRequest {
|
|
|
4775
4788
|
/**
|
|
4776
4789
|
* <p>The Amazon Resource Name (ARN) of the IAM policy for which you want the
|
|
4777
4790
|
* versions.</p>
|
|
4778
|
-
*
|
|
4791
|
+
* <p>For more information about ARNs, see <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resource Names (ARNs)</a> in the <i>Amazon Web Services General Reference</i>.</p>
|
|
4779
4792
|
*/
|
|
4780
4793
|
PolicyArn: string | undefined;
|
|
4781
4794
|
/**
|
|
@@ -4804,7 +4817,7 @@ export interface ListPolicyVersionsRequest {
|
|
|
4804
4817
|
export interface ListPolicyVersionsResponse {
|
|
4805
4818
|
/**
|
|
4806
4819
|
* <p>A list of policy versions.</p>
|
|
4807
|
-
*
|
|
4820
|
+
* <p>For more information about managed policy versions, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html">Versioning for managed
|
|
4808
4821
|
* policies</a> in the <i>IAM User Guide</i>.</p>
|
|
4809
4822
|
*/
|
|
4810
4823
|
Versions?: PolicyVersion[];
|
|
@@ -4827,7 +4840,7 @@ export interface ListPolicyVersionsResponse {
|
|
|
4827
4840
|
export interface ListRolePoliciesRequest {
|
|
4828
4841
|
/**
|
|
4829
4842
|
* <p>The name of the role to list policies for.</p>
|
|
4830
|
-
*
|
|
4843
|
+
* <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters consisting of upper and lowercase alphanumeric
|
|
4831
4844
|
* characters with no spaces. You can also include any of the following characters: _+=,.@-</p>
|
|
4832
4845
|
*/
|
|
4833
4846
|
RoleName: string | undefined;
|
|
@@ -4880,7 +4893,7 @@ export interface ListRolesRequest {
|
|
|
4880
4893
|
* <p> The path prefix for filtering the results. For example, the prefix
|
|
4881
4894
|
* <code>/application_abc/component_xyz/</code> gets all roles whose path starts with
|
|
4882
4895
|
* <code>/application_abc/component_xyz/</code>.</p>
|
|
4883
|
-
*
|
|
4896
|
+
* <p>This parameter is optional. If it is not included, it defaults to a slash (/), listing
|
|
4884
4897
|
* all roles. This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters consisting
|
|
4885
4898
|
* of either a forward slash (/) by itself or a string that must begin and end with forward slashes.
|
|
4886
4899
|
* In addition, it can contain any ASCII character from the ! (<code>\u0021</code>) through the DEL character (<code>\u007F</code>), including
|
|
@@ -5061,7 +5074,7 @@ export interface ListServerCertificatesRequest {
|
|
|
5061
5074
|
* <p> The path prefix for filtering the results. For example:
|
|
5062
5075
|
* <code>/company/servercerts</code> would get all server certificates for which the
|
|
5063
5076
|
* path starts with <code>/company/servercerts</code>.</p>
|
|
5064
|
-
*
|
|
5077
|
+
* <p>This parameter is optional. If it is not included, it defaults to a slash (/), listing
|
|
5065
5078
|
* all server certificates. This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters consisting
|
|
5066
5079
|
* of either a forward slash (/) by itself or a string that must begin and end with forward slashes.
|
|
5067
5080
|
* In addition, it can contain any ASCII character from the ! (<code>\u0021</code>) through the DEL character (<code>\u007F</code>), including
|
|
@@ -5165,7 +5178,7 @@ export interface ListServiceSpecificCredentialsRequest {
|
|
|
5165
5178
|
* <p>The name of the user whose service-specific credentials you want information about. If
|
|
5166
5179
|
* this value is not specified, then the operation assumes the user whose credentials are
|
|
5167
5180
|
* used to call the operation.</p>
|
|
5168
|
-
*
|
|
5181
|
+
* <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters consisting of upper and lowercase alphanumeric
|
|
5169
5182
|
* characters with no spaces. You can also include any of the following characters: _+=,.@-</p>
|
|
5170
5183
|
*/
|
|
5171
5184
|
UserName?: string;
|
|
@@ -5216,7 +5229,7 @@ export interface ListServiceSpecificCredentialsResponse {
|
|
|
5216
5229
|
export interface ListSigningCertificatesRequest {
|
|
5217
5230
|
/**
|
|
5218
5231
|
* <p>The name of the IAM user whose signing certificates you want to examine.</p>
|
|
5219
|
-
*
|
|
5232
|
+
* <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters consisting of upper and lowercase alphanumeric
|
|
5220
5233
|
* characters with no spaces. You can also include any of the following characters: _+=,.@-</p>
|
|
5221
5234
|
*/
|
|
5222
5235
|
UserName?: string;
|
|
@@ -5297,7 +5310,7 @@ export interface ListSSHPublicKeysRequest {
|
|
|
5297
5310
|
* <p>The name of the IAM user to list SSH public keys for. If none is specified, the
|
|
5298
5311
|
* <code>UserName</code> field is determined implicitly based on the Amazon Web Services access key
|
|
5299
5312
|
* used to sign the request.</p>
|
|
5300
|
-
*
|
|
5313
|
+
* <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters consisting of upper and lowercase alphanumeric
|
|
5301
5314
|
* characters with no spaces. You can also include any of the following characters: _+=,.@-</p>
|
|
5302
5315
|
*/
|
|
5303
5316
|
UserName?: string;
|
|
@@ -5375,7 +5388,7 @@ export interface ListSSHPublicKeysResponse {
|
|
|
5375
5388
|
export interface ListUserPoliciesRequest {
|
|
5376
5389
|
/**
|
|
5377
5390
|
* <p>The name of the user to list policies for.</p>
|
|
5378
|
-
*
|
|
5391
|
+
* <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters consisting of upper and lowercase alphanumeric
|
|
5379
5392
|
* characters with no spaces. You can also include any of the following characters: _+=,.@-</p>
|
|
5380
5393
|
*/
|
|
5381
5394
|
UserName: string | undefined;
|
|
@@ -5428,7 +5441,7 @@ export interface ListUsersRequest {
|
|
|
5428
5441
|
* <p> The path prefix for filtering the results. For example:
|
|
5429
5442
|
* <code>/division_abc/subdivision_xyz/</code>, which would get all user names whose
|
|
5430
5443
|
* path starts with <code>/division_abc/subdivision_xyz/</code>.</p>
|
|
5431
|
-
*
|
|
5444
|
+
* <p>This parameter is optional. If it is not included, it defaults to a slash (/), listing
|
|
5432
5445
|
* all user names. This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters consisting
|
|
5433
5446
|
* of either a forward slash (/) by itself or a string that must begin and end with forward slashes.
|
|
5434
5447
|
* In addition, it can contain any ASCII character from the ! (<code>\u0021</code>) through the DEL character (<code>\u007F</code>), including
|
|
@@ -5581,23 +5594,22 @@ export interface ListVirtualMFADevicesResponse {
|
|
|
5581
5594
|
export interface PutGroupPolicyRequest {
|
|
5582
5595
|
/**
|
|
5583
5596
|
* <p>The name of the group to associate the policy with.</p>
|
|
5584
|
-
*
|
|
5597
|
+
* <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters consisting of upper and lowercase alphanumeric
|
|
5585
5598
|
* characters with no spaces. You can also include any of the following characters: _+=,.@-.</p>
|
|
5586
5599
|
*/
|
|
5587
5600
|
GroupName: string | undefined;
|
|
5588
5601
|
/**
|
|
5589
5602
|
* <p>The name of the policy document.</p>
|
|
5590
|
-
*
|
|
5603
|
+
* <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters consisting of upper and lowercase alphanumeric
|
|
5591
5604
|
* characters with no spaces. You can also include any of the following characters: _+=,.@-</p>
|
|
5592
5605
|
*/
|
|
5593
5606
|
PolicyName: string | undefined;
|
|
5594
5607
|
/**
|
|
5595
5608
|
* <p>The policy document.</p>
|
|
5596
|
-
*
|
|
5597
|
-
* <p>You must provide policies in JSON format in IAM. However, for CloudFormation templates
|
|
5609
|
+
* <p>You must provide policies in JSON format in IAM. However, for CloudFormation templates
|
|
5598
5610
|
* formatted in YAML, you can provide the policy in JSON or YAML format. CloudFormation always
|
|
5599
5611
|
* converts a YAML policy to JSON format before submitting it to = IAM.</p>
|
|
5600
|
-
*
|
|
5612
|
+
* <p>The <a href="http://wikipedia.org/wiki/regex">regex pattern</a>
|
|
5601
5613
|
* used to validate this parameter is a string of characters consisting of the following:</p>
|
|
5602
5614
|
* <ul>
|
|
5603
5615
|
* <li>
|
|
@@ -5623,30 +5635,37 @@ export interface PutRolePermissionsBoundaryRequest {
|
|
|
5623
5635
|
*/
|
|
5624
5636
|
RoleName: string | undefined;
|
|
5625
5637
|
/**
|
|
5626
|
-
* <p>The ARN of the policy that is used to set the permissions boundary for the
|
|
5638
|
+
* <p>The ARN of the managed policy that is used to set the permissions boundary for the
|
|
5627
5639
|
* role.</p>
|
|
5640
|
+
* <p>A permissions boundary policy defines the maximum permissions that identity-based
|
|
5641
|
+
* policies can grant to an entity, but does not grant permissions. Permissions boundaries
|
|
5642
|
+
* do not define the maximum permissions that a resource-based policy can grant to an
|
|
5643
|
+
* entity. To learn more, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html">Permissions boundaries
|
|
5644
|
+
* for IAM entities</a> in the <i>IAM User Guide</i>.</p>
|
|
5645
|
+
* <p>For more information about policy types, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policy-types">Policy types
|
|
5646
|
+
* </a> in the <i>IAM User Guide</i>.</p>
|
|
5628
5647
|
*/
|
|
5629
5648
|
PermissionsBoundary: string | undefined;
|
|
5630
5649
|
}
|
|
5631
5650
|
export interface PutRolePolicyRequest {
|
|
5632
5651
|
/**
|
|
5633
5652
|
* <p>The name of the role to associate the policy with.</p>
|
|
5634
|
-
*
|
|
5653
|
+
* <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters consisting of upper and lowercase alphanumeric
|
|
5635
5654
|
* characters with no spaces. You can also include any of the following characters: _+=,.@-</p>
|
|
5636
5655
|
*/
|
|
5637
5656
|
RoleName: string | undefined;
|
|
5638
5657
|
/**
|
|
5639
5658
|
* <p>The name of the policy document.</p>
|
|
5640
|
-
*
|
|
5659
|
+
* <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters consisting of upper and lowercase alphanumeric
|
|
5641
5660
|
* characters with no spaces. You can also include any of the following characters: _+=,.@-</p>
|
|
5642
5661
|
*/
|
|
5643
5662
|
PolicyName: string | undefined;
|
|
5644
5663
|
/**
|
|
5645
5664
|
* <p>The policy document.</p>
|
|
5646
|
-
*
|
|
5665
|
+
* <p>You must provide policies in JSON format in IAM. However, for CloudFormation
|
|
5647
5666
|
* templates formatted in YAML, you can provide the policy in JSON or YAML format. CloudFormation always converts a YAML policy to JSON format before submitting it to
|
|
5648
5667
|
* IAM.</p>
|
|
5649
|
-
*
|
|
5668
|
+
* <p>The <a href="http://wikipedia.org/wiki/regex">regex pattern</a>
|
|
5650
5669
|
* used to validate this parameter is a string of characters consisting of the following:</p>
|
|
5651
5670
|
* <ul>
|
|
5652
5671
|
* <li>
|
|
@@ -5672,31 +5691,37 @@ export interface PutUserPermissionsBoundaryRequest {
|
|
|
5672
5691
|
*/
|
|
5673
5692
|
UserName: string | undefined;
|
|
5674
5693
|
/**
|
|
5675
|
-
* <p>The ARN of the policy that is used to set the permissions boundary for the
|
|
5694
|
+
* <p>The ARN of the managed policy that is used to set the permissions boundary for the
|
|
5676
5695
|
* user.</p>
|
|
5696
|
+
* <p>A permissions boundary policy defines the maximum permissions that identity-based
|
|
5697
|
+
* policies can grant to an entity, but does not grant permissions. Permissions boundaries
|
|
5698
|
+
* do not define the maximum permissions that a resource-based policy can grant to an
|
|
5699
|
+
* entity. To learn more, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html">Permissions boundaries
|
|
5700
|
+
* for IAM entities</a> in the <i>IAM User Guide</i>.</p>
|
|
5701
|
+
* <p>For more information about policy types, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policy-types">Policy types
|
|
5702
|
+
* </a> in the <i>IAM User Guide</i>.</p>
|
|
5677
5703
|
*/
|
|
5678
5704
|
PermissionsBoundary: string | undefined;
|
|
5679
5705
|
}
|
|
5680
5706
|
export interface PutUserPolicyRequest {
|
|
5681
5707
|
/**
|
|
5682
5708
|
* <p>The name of the user to associate the policy with.</p>
|
|
5683
|
-
*
|
|
5709
|
+
* <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters consisting of upper and lowercase alphanumeric
|
|
5684
5710
|
* characters with no spaces. You can also include any of the following characters: _+=,.@-</p>
|
|
5685
5711
|
*/
|
|
5686
5712
|
UserName: string | undefined;
|
|
5687
5713
|
/**
|
|
5688
5714
|
* <p>The name of the policy document.</p>
|
|
5689
|
-
*
|
|
5715
|
+
* <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters consisting of upper and lowercase alphanumeric
|
|
5690
5716
|
* characters with no spaces. You can also include any of the following characters: _+=,.@-</p>
|
|
5691
5717
|
*/
|
|
5692
5718
|
PolicyName: string | undefined;
|
|
5693
5719
|
/**
|
|
5694
5720
|
* <p>The policy document.</p>
|
|
5695
|
-
*
|
|
5696
|
-
* <p>You must provide policies in JSON format in IAM. However, for CloudFormation
|
|
5721
|
+
* <p>You must provide policies in JSON format in IAM. However, for CloudFormation
|
|
5697
5722
|
* templates formatted in YAML, you can provide the policy in JSON or YAML format. CloudFormation always converts a YAML policy to JSON format before submitting it to
|
|
5698
5723
|
* IAM.</p>
|
|
5699
|
-
*
|
|
5724
|
+
* <p>The <a href="http://wikipedia.org/wiki/regex">regex pattern</a>
|
|
5700
5725
|
* used to validate this parameter is a string of characters consisting of the following:</p>
|
|
5701
5726
|
* <ul>
|
|
5702
5727
|
* <li>
|
|
@@ -5719,7 +5744,7 @@ export interface RemoveClientIDFromOpenIDConnectProviderRequest {
|
|
|
5719
5744
|
/**
|
|
5720
5745
|
* <p>The Amazon Resource Name (ARN) of the IAM OIDC provider resource to remove the
|
|
5721
5746
|
* client ID from. You can get a list of OIDC provider ARNs by using the <a>ListOpenIDConnectProviders</a> operation.</p>
|
|
5722
|
-
*
|
|
5747
|
+
* <p>For more information about ARNs, see <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resource Names (ARNs)</a> in the <i>Amazon Web Services General Reference</i>.</p>
|
|
5723
5748
|
*/
|
|
5724
5749
|
OpenIDConnectProviderArn: string | undefined;
|
|
5725
5750
|
/**
|
|
@@ -5731,13 +5756,13 @@ export interface RemoveClientIDFromOpenIDConnectProviderRequest {
|
|
|
5731
5756
|
export interface RemoveRoleFromInstanceProfileRequest {
|
|
5732
5757
|
/**
|
|
5733
5758
|
* <p>The name of the instance profile to update.</p>
|
|
5734
|
-
*
|
|
5759
|
+
* <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters consisting of upper and lowercase alphanumeric
|
|
5735
5760
|
* characters with no spaces. You can also include any of the following characters: _+=,.@-</p>
|
|
5736
5761
|
*/
|
|
5737
5762
|
InstanceProfileName: string | undefined;
|
|
5738
5763
|
/**
|
|
5739
5764
|
* <p>The name of the role to remove.</p>
|
|
5740
|
-
*
|
|
5765
|
+
* <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters consisting of upper and lowercase alphanumeric
|
|
5741
5766
|
* characters with no spaces. You can also include any of the following characters: _+=,.@-</p>
|
|
5742
5767
|
*/
|
|
5743
5768
|
RoleName: string | undefined;
|
|
@@ -5745,13 +5770,13 @@ export interface RemoveRoleFromInstanceProfileRequest {
|
|
|
5745
5770
|
export interface RemoveUserFromGroupRequest {
|
|
5746
5771
|
/**
|
|
5747
5772
|
* <p>The name of the group to update.</p>
|
|
5748
|
-
*
|
|
5773
|
+
* <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters consisting of upper and lowercase alphanumeric
|
|
5749
5774
|
* characters with no spaces. You can also include any of the following characters: _+=,.@-</p>
|
|
5750
5775
|
*/
|
|
5751
5776
|
GroupName: string | undefined;
|
|
5752
5777
|
/**
|
|
5753
5778
|
* <p>The name of the user to remove.</p>
|
|
5754
|
-
*
|
|
5779
|
+
* <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters consisting of upper and lowercase alphanumeric
|
|
5755
5780
|
* characters with no spaces. You can also include any of the following characters: _+=,.@-</p>
|
|
5756
5781
|
*/
|
|
5757
5782
|
UserName: string | undefined;
|
|
@@ -5761,13 +5786,13 @@ export interface ResetServiceSpecificCredentialRequest {
|
|
|
5761
5786
|
* <p>The name of the IAM user associated with the service-specific credential. If this
|
|
5762
5787
|
* value is not specified, then the operation assumes the user whose credentials are used
|
|
5763
5788
|
* to call the operation.</p>
|
|
5764
|
-
*
|
|
5789
|
+
* <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters consisting of upper and lowercase alphanumeric
|
|
5765
5790
|
* characters with no spaces. You can also include any of the following characters: _+=,.@-</p>
|
|
5766
5791
|
*/
|
|
5767
5792
|
UserName?: string;
|
|
5768
5793
|
/**
|
|
5769
5794
|
* <p>The unique identifier of the service-specific credential.</p>
|
|
5770
|
-
*
|
|
5795
|
+
* <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters that can
|
|
5771
5796
|
* consist of any upper or lowercased letter or digit.</p>
|
|
5772
5797
|
*/
|
|
5773
5798
|
ServiceSpecificCredentialId: string | undefined;
|
|
@@ -5776,34 +5801,34 @@ export interface ResetServiceSpecificCredentialResponse {
|
|
|
5776
5801
|
/**
|
|
5777
5802
|
* <p>A structure with details about the updated service-specific credential, including the
|
|
5778
5803
|
* new password.</p>
|
|
5779
|
-
*
|
|
5804
|
+
* <important>
|
|
5780
5805
|
* <p>This is the <b>only</b> time that you can access the
|
|
5781
5806
|
* password. You cannot recover the password later, but you can reset it again.</p>
|
|
5782
|
-
*
|
|
5807
|
+
* </important>
|
|
5783
5808
|
*/
|
|
5784
5809
|
ServiceSpecificCredential?: ServiceSpecificCredential;
|
|
5785
5810
|
}
|
|
5786
5811
|
export interface ResyncMFADeviceRequest {
|
|
5787
5812
|
/**
|
|
5788
5813
|
* <p>The name of the user whose MFA device you want to resynchronize.</p>
|
|
5789
|
-
*
|
|
5814
|
+
* <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters consisting of upper and lowercase alphanumeric
|
|
5790
5815
|
* characters with no spaces. You can also include any of the following characters: _+=,.@-</p>
|
|
5791
5816
|
*/
|
|
5792
5817
|
UserName: string | undefined;
|
|
5793
5818
|
/**
|
|
5794
5819
|
* <p>Serial number that uniquely identifies the MFA device.</p>
|
|
5795
|
-
*
|
|
5820
|
+
* <p>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex pattern</a>) a string of characters consisting of upper and lowercase alphanumeric
|
|
5796
5821
|
* characters with no spaces. You can also include any of the following characters: _+=,.@-</p>
|
|
5797
5822
|
*/
|
|
5798
5823
|
SerialNumber: string | undefined;
|
|
5799
5824
|
/**
|
|
5800
5825
|
* <p>An authentication code emitted by the device.</p>
|
|
5801
|
-
*
|
|
5826
|
+
* <p>The format for this parameter is a sequence of six digits.</p>
|
|
5802
5827
|
*/
|
|
5803
5828
|
AuthenticationCode1: string | undefined;
|
|
5804
5829
|
/**
|
|
5805
5830
|
* <p>A subsequent authentication code emitted by the device.</p>
|
|
5806
|
-
*
|
|
5831
|
+
* <p>The format for this parameter is a sequence of six digits.</p>
|
|
5807
5832
|
*/
|
|
5808
5833
|
AuthenticationCode2: string | undefined;
|
|
5809
5834
|
}
|
|
@@ -5811,12 +5836,12 @@ export interface SetDefaultPolicyVersionRequest {
|
|
|
5811
5836
|
/**
|
|
5812
5837
|
* <p>The Amazon Resource Name (ARN) of the IAM policy whose default version you want to
|
|
5813
5838
|
* set.</p>
|
|
5814
|
-
*
|
|
5839
|
+
* <p>For more information about ARNs, see <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resource Names (ARNs)</a> in the <i>Amazon Web Services General Reference</i>.</p>
|
|
5815
5840
|
*/
|
|
5816
5841
|
PolicyArn: string | undefined;
|
|
5817
5842
|
/**
|
|
5818
5843
|
* <p>The version of the policy to set as the default (operative) version.</p>
|
|
5819
|
-
*
|
|
5844
|
+
* <p>For more information about managed policy versions, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html">Versioning for managed
|
|
5820
5845
|
* policies</a> in the <i>IAM User Guide</i>.</p>
|
|
5821
5846
|
*/
|
|
5822
5847
|
VersionId: string | undefined;
|
|
@@ -5831,7 +5856,7 @@ export interface SetSecurityTokenServicePreferencesRequest {
|
|
|
5831
5856
|
* manually enabled Regions, such as Asia Pacific (Hong Kong). Version 2 tokens are valid
|
|
5832
5857
|
* in all Regions. However, version 2 tokens are longer and might affect systems where you
|
|
5833
5858
|
* temporarily store tokens.</p>
|
|
5834
|
-
*
|
|
5859
|
+
* <p>For information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html">Activating and
|
|
5835
5860
|
* deactivating STS in an Amazon Web Services Region</a> in the
|
|
5836
5861
|
* <i>IAM User Guide</i>.</p>
|
|
5837
5862
|
*/
|
|
@@ -5898,9 +5923,9 @@ export interface SimulateCustomPolicyRequest {
|
|
|
5898
5923
|
* policies, such as you could include in a call to <a href="https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetFederationToken.html">GetFederationToken</a> or one of
|
|
5899
5924
|
* the <a href="https://docs.aws.amazon.com/IAM/latest/APIReference/API_AssumeRole.html">AssumeRole</a> API operations. In other words, do not use policies designed to
|
|
5900
5925
|
* restrict what a user can do while using the temporary credentials.</p>
|
|
5901
|
-
*
|
|
5926
|
+
* <p>The maximum length of the policy document that you can pass in this operation,
|
|
5902
5927
|
* including whitespace, is listed below. To view the maximum character counts of a managed policy with no whitespaces, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length">IAM and STS character quotas</a>.</p>
|
|
5903
|
-
*
|
|
5928
|
+
* <p>The <a href="http://wikipedia.org/wiki/regex">regex pattern</a>
|
|
5904
5929
|
* used to validate this parameter is a string of characters consisting of the following:</p>
|
|
5905
5930
|
* <ul>
|
|
5906
5931
|
* <li>
|
|
@@ -5926,9 +5951,9 @@ export interface SimulateCustomPolicyRequest {
|
|
|
5926
5951
|
* entities</a> in the <i>IAM User Guide</i>. The policy input is
|
|
5927
5952
|
* specified as a string that contains the complete, valid JSON text of a permissions
|
|
5928
5953
|
* boundary policy.</p>
|
|
5929
|
-
*
|
|
5954
|
+
* <p>The maximum length of the policy document that you can pass in this operation,
|
|
5930
5955
|
* including whitespace, is listed below. To view the maximum character counts of a managed policy with no whitespaces, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length">IAM and STS character quotas</a>.</p>
|
|
5931
|
-
*
|
|
5956
|
+
* <p>The <a href="http://wikipedia.org/wiki/regex">regex pattern</a>
|
|
5932
5957
|
* used to validate this parameter is a string of characters consisting of the following:</p>
|
|
5933
5958
|
* <ul>
|
|
5934
5959
|
* <li>
|
|
@@ -5960,21 +5985,24 @@ export interface SimulateCustomPolicyRequest {
|
|
|
5960
5985
|
* simulation determines the access result (allowed or denied) of each combination and
|
|
5961
5986
|
* reports it in the response. You can simulate resources that don't exist in your
|
|
5962
5987
|
* account.</p>
|
|
5963
|
-
*
|
|
5988
|
+
* <p>The simulation does not automatically retrieve policies for the specified resources.
|
|
5964
5989
|
* If you want to include a resource policy in the simulation, then you must include the
|
|
5965
5990
|
* policy as a string in the <code>ResourcePolicy</code> parameter.</p>
|
|
5966
|
-
*
|
|
5991
|
+
* <p>If you include a <code>ResourcePolicy</code>, then it must be applicable to all of the
|
|
5967
5992
|
* resources included in the simulation or you receive an invalid input error.</p>
|
|
5968
|
-
*
|
|
5993
|
+
* <p>For more information about ARNs, see <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resource Names (ARNs)</a> in the <i>Amazon Web Services General Reference</i>.</p>
|
|
5994
|
+
* <note>
|
|
5995
|
+
* <p>Simulation of resource-based policies isn't supported for IAM roles.</p>
|
|
5996
|
+
* </note>
|
|
5969
5997
|
*/
|
|
5970
5998
|
ResourceArns?: string[];
|
|
5971
5999
|
/**
|
|
5972
6000
|
* <p>A resource-based policy to include in the simulation provided as a string. Each
|
|
5973
6001
|
* resource in the simulation is treated as if it had this policy attached. You can include
|
|
5974
6002
|
* only one resource-based policy in a simulation.</p>
|
|
5975
|
-
*
|
|
6003
|
+
* <p>The maximum length of the policy document that you can pass in this operation,
|
|
5976
6004
|
* including whitespace, is listed below. To view the maximum character counts of a managed policy with no whitespaces, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length">IAM and STS character quotas</a>.</p>
|
|
5977
|
-
*
|
|
6005
|
+
* <p>The <a href="http://wikipedia.org/wiki/regex">regex pattern</a>
|
|
5978
6006
|
* used to validate this parameter is a string of characters consisting of the following:</p>
|
|
5979
6007
|
* <ul>
|
|
5980
6008
|
* <li>
|
|
@@ -5990,6 +6018,9 @@ export interface SimulateCustomPolicyRequest {
|
|
|
5990
6018
|
* carriage return (<code>\u000D</code>)</p>
|
|
5991
6019
|
* </li>
|
|
5992
6020
|
* </ul>
|
|
6021
|
+
* <note>
|
|
6022
|
+
* <p>Simulation of resource-based policies isn't supported for IAM roles.</p>
|
|
6023
|
+
* </note>
|
|
5993
6024
|
*/
|
|
5994
6025
|
ResourcePolicy?: string;
|
|
5995
6026
|
/**
|
|
@@ -6002,7 +6033,7 @@ export interface SimulateCustomPolicyRequest {
|
|
|
6002
6033
|
* <code>CallerArn</code>. This parameter is required only if you specify a
|
|
6003
6034
|
* resource-based policy and account that owns the resource is different from the account
|
|
6004
6035
|
* that owns the simulated calling user <code>CallerArn</code>.</p>
|
|
6005
|
-
*
|
|
6036
|
+
* <p>The ARN for an account uses the following syntax:
|
|
6006
6037
|
* <code>arn:aws:iam::<i>AWS-account-ID</i>:root</code>. For example,
|
|
6007
6038
|
* to represent the account with the 112233445566 ID, use the following ARN:
|
|
6008
6039
|
* <code>arn:aws:iam::112233445566-ID:root</code>. </p>
|
|
@@ -6013,7 +6044,7 @@ export interface SimulateCustomPolicyRequest {
|
|
|
6013
6044
|
* operations. <code>CallerArn</code> is required if you include a
|
|
6014
6045
|
* <code>ResourcePolicy</code> so that the policy's <code>Principal</code> element has
|
|
6015
6046
|
* a value to use in evaluating the policy.</p>
|
|
6016
|
-
*
|
|
6047
|
+
* <p>You can specify only the ARN of an IAM user. You cannot specify the ARN of an
|
|
6017
6048
|
* assumed role, federated user, or a service principal.</p>
|
|
6018
6049
|
*/
|
|
6019
6050
|
CallerArn?: string;
|
|
@@ -6031,36 +6062,36 @@ export interface SimulateCustomPolicyRequest {
|
|
|
6031
6062
|
* not match one of the following scenarios, then you can omit this parameter. The
|
|
6032
6063
|
* following list shows each of the supported scenario values and the resources that you
|
|
6033
6064
|
* must define to run the simulation.</p>
|
|
6034
|
-
*
|
|
6065
|
+
* <p>Each of the EC2 scenarios requires that you specify instance, image, and security
|
|
6035
6066
|
* group resources. If your scenario includes an EBS volume, then you must specify that
|
|
6036
6067
|
* volume as a resource. If the EC2 scenario includes VPC, then you must supply the network
|
|
6037
6068
|
* interface resource. If it includes an IP subnet, then you must specify the subnet
|
|
6038
6069
|
* resource. For more information on the EC2 scenario options, see <a href="https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-supported-platforms.html">Supported platforms</a> in the <i>Amazon EC2 User
|
|
6039
6070
|
* Guide</i>.</p>
|
|
6040
|
-
*
|
|
6071
|
+
* <ul>
|
|
6041
6072
|
* <li>
|
|
6042
|
-
*
|
|
6043
|
-
*
|
|
6044
|
-
*
|
|
6045
|
-
*
|
|
6073
|
+
* <p>
|
|
6074
|
+
* <b>EC2-VPC-InstanceStore</b>
|
|
6075
|
+
* </p>
|
|
6076
|
+
* <p>instance, image, security group, network interface</p>
|
|
6046
6077
|
* </li>
|
|
6047
6078
|
* <li>
|
|
6048
|
-
*
|
|
6049
|
-
*
|
|
6050
|
-
*
|
|
6051
|
-
*
|
|
6079
|
+
* <p>
|
|
6080
|
+
* <b>EC2-VPC-InstanceStore-Subnet</b>
|
|
6081
|
+
* </p>
|
|
6082
|
+
* <p>instance, image, security group, network interface, subnet</p>
|
|
6052
6083
|
* </li>
|
|
6053
6084
|
* <li>
|
|
6054
|
-
*
|
|
6055
|
-
*
|
|
6056
|
-
*
|
|
6057
|
-
*
|
|
6085
|
+
* <p>
|
|
6086
|
+
* <b>EC2-VPC-EBS</b>
|
|
6087
|
+
* </p>
|
|
6088
|
+
* <p>instance, image, security group, network interface, volume</p>
|
|
6058
6089
|
* </li>
|
|
6059
6090
|
* <li>
|
|
6060
|
-
*
|
|
6061
|
-
*
|
|
6062
|
-
*
|
|
6063
|
-
*
|
|
6091
|
+
* <p>
|
|
6092
|
+
* <b>EC2-VPC-EBS-Subnet</b>
|
|
6093
|
+
* </p>
|
|
6094
|
+
* <p>instance, image, security group, network interface, subnet, volume</p>
|
|
6064
6095
|
* </li>
|
|
6065
6096
|
* </ul>
|
|
6066
6097
|
*/
|
|
@@ -6317,16 +6348,16 @@ export interface SimulatePrincipalPolicyRequest {
|
|
|
6317
6348
|
* includes all policies that are associated with that entity. If you specify a user, the
|
|
6318
6349
|
* simulation also includes all policies that are attached to any groups the user belongs
|
|
6319
6350
|
* to.</p>
|
|
6320
|
-
*
|
|
6351
|
+
* <p>The maximum length of the policy document that you can pass in this operation,
|
|
6321
6352
|
* including whitespace, is listed below. To view the maximum character counts of a managed policy with no whitespaces, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length">IAM and STS character quotas</a>.</p>
|
|
6322
|
-
*
|
|
6353
|
+
* <p>For more information about ARNs, see <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resource Names (ARNs)</a> in the <i>Amazon Web Services General Reference</i>.</p>
|
|
6323
6354
|
*/
|
|
6324
6355
|
PolicySourceArn: string | undefined;
|
|
6325
6356
|
/**
|
|
6326
6357
|
* <p>An optional list of additional policy documents to include in the simulation. Each
|
|
6327
6358
|
* document is specified as a string containing the complete, valid JSON text of an IAM
|
|
6328
6359
|
* policy.</p>
|
|
6329
|
-
*
|
|
6360
|
+
* <p>The <a href="http://wikipedia.org/wiki/regex">regex pattern</a>
|
|
6330
6361
|
* used to validate this parameter is a string of characters consisting of the following:</p>
|
|
6331
6362
|
* <ul>
|
|
6332
6363
|
* <li>
|
|
@@ -6355,9 +6386,9 @@ export interface SimulatePrincipalPolicyRequest {
|
|
|
6355
6386
|
* entities</a> in the <i>IAM User Guide</i>. The policy input is
|
|
6356
6387
|
* specified as a string containing the complete, valid JSON text of a permissions boundary
|
|
6357
6388
|
* policy.</p>
|
|
6358
|
-
*
|
|
6389
|
+
* <p>The maximum length of the policy document that you can pass in this operation,
|
|
6359
6390
|
* including whitespace, is listed below. To view the maximum character counts of a managed policy with no whitespaces, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length">IAM and STS character quotas</a>.</p>
|
|
6360
|
-
*
|
|
6391
|
+
* <p>The <a href="http://wikipedia.org/wiki/regex">regex pattern</a>
|
|
6361
6392
|
* used to validate this parameter is a string of characters consisting of the following:</p>
|
|
6362
6393
|
* <ul>
|
|
6363
6394
|
* <li>
|
|
@@ -6388,19 +6419,22 @@ export interface SimulatePrincipalPolicyRequest {
|
|
|
6388
6419
|
* simulation determines the access result (allowed or denied) of each combination and
|
|
6389
6420
|
* reports it in the response. You can simulate resources that don't exist in your
|
|
6390
6421
|
* account.</p>
|
|
6391
|
-
*
|
|
6422
|
+
* <p>The simulation does not automatically retrieve policies for the specified resources.
|
|
6392
6423
|
* If you want to include a resource policy in the simulation, then you must include the
|
|
6393
6424
|
* policy as a string in the <code>ResourcePolicy</code> parameter.</p>
|
|
6394
|
-
*
|
|
6425
|
+
* <p>For more information about ARNs, see <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resource Names (ARNs)</a> in the <i>Amazon Web Services General Reference</i>.</p>
|
|
6426
|
+
* <note>
|
|
6427
|
+
* <p>Simulation of resource-based policies isn't supported for IAM roles.</p>
|
|
6428
|
+
* </note>
|
|
6395
6429
|
*/
|
|
6396
6430
|
ResourceArns?: string[];
|
|
6397
6431
|
/**
|
|
6398
6432
|
* <p>A resource-based policy to include in the simulation provided as a string. Each
|
|
6399
6433
|
* resource in the simulation is treated as if it had this policy attached. You can include
|
|
6400
6434
|
* only one resource-based policy in a simulation.</p>
|
|
6401
|
-
*
|
|
6435
|
+
* <p>The maximum length of the policy document that you can pass in this operation,
|
|
6402
6436
|
* including whitespace, is listed below. To view the maximum character counts of a managed policy with no whitespaces, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length">IAM and STS character quotas</a>.</p>
|
|
6403
|
-
*
|
|
6437
|
+
* <p>The <a href="http://wikipedia.org/wiki/regex">regex pattern</a>
|
|
6404
6438
|
* used to validate this parameter is a string of characters consisting of the following:</p>
|
|
6405
6439
|
* <ul>
|
|
6406
6440
|
* <li>
|
|
@@ -6416,6 +6450,9 @@ export interface SimulatePrincipalPolicyRequest {
|
|
|
6416
6450
|
* carriage return (<code>\u000D</code>)</p>
|
|
6417
6451
|
* </li>
|
|
6418
6452
|
* </ul>
|
|
6453
|
+
* <note>
|
|
6454
|
+
* <p>Simulation of resource-based policies isn't supported for IAM roles.</p>
|
|
6455
|
+
* </note>
|
|
6419
6456
|
*/
|
|
6420
6457
|
ResourcePolicy?: string;
|
|
6421
6458
|
/**
|
|
@@ -6438,14 +6475,14 @@ export interface SimulatePrincipalPolicyRequest {
|
|
|
6438
6475
|
* <code>arn:aws:iam::123456789012:user/David</code>) and a <code>CallerArn</code> (for
|
|
6439
6476
|
* example, <code>arn:aws:iam::123456789012:user/Bob</code>), the result is that you
|
|
6440
6477
|
* simulate calling the API operations as Bob, as if Bob had David's policies.</p>
|
|
6441
|
-
*
|
|
6478
|
+
* <p>You can specify only the ARN of an IAM user. You cannot specify the ARN of an
|
|
6442
6479
|
* assumed role, federated user, or a service principal.</p>
|
|
6443
|
-
*
|
|
6480
|
+
* <p>
|
|
6444
6481
|
* <code>CallerArn</code> is required if you include a <code>ResourcePolicy</code> and
|
|
6445
6482
|
* the <code>PolicySourceArn</code> is not the ARN for an IAM user. This is required so
|
|
6446
6483
|
* that the resource-based policy's <code>Principal</code> element has a value to use in
|
|
6447
6484
|
* evaluating the policy.</p>
|
|
6448
|
-
*
|
|
6485
|
+
* <p>For more information about ARNs, see <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resource Names (ARNs)</a> in the <i>Amazon Web Services General Reference</i>.</p>
|
|
6449
6486
|
*/
|
|
6450
6487
|
CallerArn?: string;
|
|
6451
6488
|
/**
|
|
@@ -6462,36 +6499,36 @@ export interface SimulatePrincipalPolicyRequest {
|
|
|
6462
6499
|
* not match one of the following scenarios, then you can omit this parameter. The
|
|
6463
6500
|
* following list shows each of the supported scenario values and the resources that you
|
|
6464
6501
|
* must define to run the simulation.</p>
|
|
6465
|
-
*
|
|
6502
|
+
* <p>Each of the EC2 scenarios requires that you specify instance, image, and security
|
|
6466
6503
|
* group resources. If your scenario includes an EBS volume, then you must specify that
|
|
6467
6504
|
* volume as a resource. If the EC2 scenario includes VPC, then you must supply the network
|
|
6468
6505
|
* interface resource. If it includes an IP subnet, then you must specify the subnet
|
|
6469
6506
|
* resource. For more information on the EC2 scenario options, see <a href="https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-supported-platforms.html">Supported platforms</a> in the <i>Amazon EC2 User
|
|
6470
6507
|
* Guide</i>.</p>
|
|
6471
|
-
*
|
|
6508
|
+
* <ul>
|
|
6472
6509
|
* <li>
|
|
6473
|
-
*
|
|
6474
|
-
*
|
|
6475
|
-
*
|
|
6476
|
-
*
|
|
6510
|
+
* <p>
|
|
6511
|
+
* <b>EC2-VPC-InstanceStore</b>
|
|
6512
|
+
* </p>
|
|
6513
|
+
* <p>instance, image, security group, network interface</p>
|
|
6477
6514
|
* </li>
|
|
6478
6515
|
* <li>
|
|
6479
|
-
*
|
|
6480
|
-
*
|
|
6481
|
-
*
|
|
6482
|
-
*
|
|
6516
|
+
* <p>
|
|
6517
|
+
* <b>EC2-VPC-InstanceStore-Subnet</b>
|
|
6518
|
+
* </p>
|
|
6519
|
+
* <p>instance, image, security group, network interface, subnet</p>
|
|
6483
6520
|
* </li>
|
|
6484
6521
|
* <li>
|
|
6485
|
-
*
|
|
6486
|
-
*
|
|
6487
|
-
*
|
|
6488
|
-
*
|
|
6522
|
+
* <p>
|
|
6523
|
+
* <b>EC2-VPC-EBS</b>
|
|
6524
|
+
* </p>
|
|
6525
|
+
* <p>instance, image, security group, network interface, volume</p>
|
|
6489
6526
|
* </li>
|
|
6490
6527
|
* <li>
|
|
6491
|
-
*
|
|
6492
|
-
*
|
|
6493
|
-
*
|
|
6494
|
-
*
|
|
6528
|
+
* <p>
|
|
6529
|
+
* <b>EC2-VPC-EBS-Subnet</b>
|
|
6530
|
+
* </p>
|
|
6531
|
+
* <p>instance, image, security group, network interface, subnet, volume</p>
|
|
6495
6532
|
* </li>
|
|
6496
6533
|
* </ul>
|
|
6497
6534
|
*/
|