@aws-sdk/client-iam 3.312.0 → 3.316.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/dist-cjs/IAM.js +162 -2212
  2. package/dist-cjs/protocols/Aws_query.js +317 -474
  3. package/dist-es/IAM.js +162 -2212
  4. package/dist-es/protocols/Aws_query.js +318 -475
  5. package/dist-types/IAM.d.ts +169 -2064
  6. package/dist-types/ts3.4/IAM.d.ts +2 -1
  7. package/package.json +6 -6
package/dist-types/IAM.d.ts CHANGED
@@ -158,2858 +158,963 @@ import { UploadServerCertificateCommandInput, UploadServerCertificateCommandOutp
158
158
  import { UploadSigningCertificateCommandInput, UploadSigningCertificateCommandOutput } from "./commands/UploadSigningCertificateCommand";
159
159
  import { UploadSSHPublicKeyCommandInput, UploadSSHPublicKeyCommandOutput } from "./commands/UploadSSHPublicKeyCommand";
160
160
  import { IAMClient } from "./IAMClient";
161
- /**
162
- * @public
163
- * <fullname>Identity and Access Management</fullname>
164
- * <p>Identity and Access Management (IAM) is a web service for securely controlling
165
- * access to Amazon Web Services services. With IAM, you can centrally manage users, security credentials
166
- * such as access keys, and permissions that control which Amazon Web Services resources users and
167
- * applications can access. For more information about IAM, see <a href="http://aws.amazon.com/iam/">Identity and Access Management (IAM)</a> and the <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/">Identity and Access Management User Guide</a>.</p>
168
- */
169
- export declare class IAM extends IAMClient {
161
+ export interface IAM {
170
162
  /**
171
- * @public
172
- * <p>Adds a new client ID (also known as audience) to the list of client IDs already
173
- * registered for the specified IAM OpenID Connect (OIDC) provider resource.</p>
174
- * <p>This operation is idempotent; it does not fail or return an error if you add an
175
- * existing client ID to the provider.</p>
163
+ * @see {@link AddClientIDToOpenIDConnectProviderCommand}
176
164
  */
177
165
  addClientIDToOpenIDConnectProvider(args: AddClientIDToOpenIDConnectProviderCommandInput, options?: __HttpHandlerOptions): Promise<AddClientIDToOpenIDConnectProviderCommandOutput>;
178
166
  addClientIDToOpenIDConnectProvider(args: AddClientIDToOpenIDConnectProviderCommandInput, cb: (err: any, data?: AddClientIDToOpenIDConnectProviderCommandOutput) => void): void;
179
167
  addClientIDToOpenIDConnectProvider(args: AddClientIDToOpenIDConnectProviderCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: AddClientIDToOpenIDConnectProviderCommandOutput) => void): void;
180
168
  /**
181
- * @public
182
- * <p>Adds the specified IAM role to the specified instance profile. An instance profile
183
- * can contain only one role, and this quota cannot be increased. You can remove the
184
- * existing role and then add a different role to an instance profile. You must then wait
185
- * for the change to appear across all of Amazon Web Services because of <a href="https://en.wikipedia.org/wiki/Eventual_consistency">eventual
186
- * consistency</a>. To force the change, you must <a href="https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DisassociateIamInstanceProfile.html">disassociate the instance profile</a> and then <a href="https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AssociateIamInstanceProfile.html">associate the
187
- * instance profile</a>, or you can stop your instance and then restart it.</p>
188
- * <note>
189
- * <p>The caller of this operation must be granted the <code>PassRole</code> permission
190
- * on the IAM role by a permissions policy.</p>
191
- * </note>
192
- * <p>For more information about roles, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/WorkingWithRoles.html">Working with roles</a>. For more
193
- * information about instance profiles, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/AboutInstanceProfiles.html">About instance
194
- * profiles</a>.</p>
169
+ * @see {@link AddRoleToInstanceProfileCommand}
195
170
  */
196
171
  addRoleToInstanceProfile(args: AddRoleToInstanceProfileCommandInput, options?: __HttpHandlerOptions): Promise<AddRoleToInstanceProfileCommandOutput>;
197
172
  addRoleToInstanceProfile(args: AddRoleToInstanceProfileCommandInput, cb: (err: any, data?: AddRoleToInstanceProfileCommandOutput) => void): void;
198
173
  addRoleToInstanceProfile(args: AddRoleToInstanceProfileCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: AddRoleToInstanceProfileCommandOutput) => void): void;
199
174
  /**
200
- * @public
201
- * <p>Adds the specified user to the specified group.</p>
175
+ * @see {@link AddUserToGroupCommand}
202
176
  */
203
177
  addUserToGroup(args: AddUserToGroupCommandInput, options?: __HttpHandlerOptions): Promise<AddUserToGroupCommandOutput>;
204
178
  addUserToGroup(args: AddUserToGroupCommandInput, cb: (err: any, data?: AddUserToGroupCommandOutput) => void): void;
205
179
  addUserToGroup(args: AddUserToGroupCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: AddUserToGroupCommandOutput) => void): void;
206
180
  /**
207
- * @public
208
- * <p>Attaches the specified managed policy to the specified IAM group.</p>
209
- * <p>You use this operation to attach a managed policy to a group. To embed an inline
210
- * policy in a group, use <a>PutGroupPolicy</a>.</p>
211
- * <p>As a best practice, you can validate your IAM policies.
212
- * To learn more, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_policy-validator.html">Validating IAM policies</a>
213
- * in the <i>IAM User Guide</i>.</p>
214
- * <p>For more information about policies, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html">Managed policies and inline
215
- * policies</a> in the <i>IAM User Guide</i>.</p>
181
+ * @see {@link AttachGroupPolicyCommand}
216
182
  */
217
183
  attachGroupPolicy(args: AttachGroupPolicyCommandInput, options?: __HttpHandlerOptions): Promise<AttachGroupPolicyCommandOutput>;
218
184
  attachGroupPolicy(args: AttachGroupPolicyCommandInput, cb: (err: any, data?: AttachGroupPolicyCommandOutput) => void): void;
219
185
  attachGroupPolicy(args: AttachGroupPolicyCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: AttachGroupPolicyCommandOutput) => void): void;
220
186
  /**
221
- * @public
222
- * <p>Attaches the specified managed policy to the specified IAM role. When you attach a
223
- * managed policy to a role, the managed policy becomes part of the role's permission
224
- * (access) policy.</p>
225
- * <note>
226
- * <p>You cannot use a managed policy as the role's trust policy. The role's trust
227
- * policy is created at the same time as the role, using <a>CreateRole</a>.
228
- * You can update a role's trust policy using <a>UpdateAssumeRolePolicy</a>.</p>
229
- * </note>
230
- * <p>Use this operation to attach a <i>managed</i> policy to a role. To embed
231
- * an inline policy in a role, use <a>PutRolePolicy</a>. For more information
232
- * about policies, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html">Managed policies and inline
233
- * policies</a> in the <i>IAM User Guide</i>.</p>
234
- * <p>As a best practice, you can validate your IAM policies.
235
- * To learn more, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_policy-validator.html">Validating IAM policies</a>
236
- * in the <i>IAM User Guide</i>.</p>
187
+ * @see {@link AttachRolePolicyCommand}
237
188
  */
238
189
  attachRolePolicy(args: AttachRolePolicyCommandInput, options?: __HttpHandlerOptions): Promise<AttachRolePolicyCommandOutput>;
239
190
  attachRolePolicy(args: AttachRolePolicyCommandInput, cb: (err: any, data?: AttachRolePolicyCommandOutput) => void): void;
240
191
  attachRolePolicy(args: AttachRolePolicyCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: AttachRolePolicyCommandOutput) => void): void;
241
192
  /**
242
- * @public
243
- * <p>Attaches the specified managed policy to the specified user.</p>
244
- * <p>You use this operation to attach a <i>managed</i> policy to a user. To
245
- * embed an inline policy in a user, use <a>PutUserPolicy</a>.</p>
246
- * <p>As a best practice, you can validate your IAM policies.
247
- * To learn more, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_policy-validator.html">Validating IAM policies</a>
248
- * in the <i>IAM User Guide</i>.</p>
249
- * <p>For more information about policies, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html">Managed policies and inline
250
- * policies</a> in the <i>IAM User Guide</i>.</p>
193
+ * @see {@link AttachUserPolicyCommand}
251
194
  */
252
195
  attachUserPolicy(args: AttachUserPolicyCommandInput, options?: __HttpHandlerOptions): Promise<AttachUserPolicyCommandOutput>;
253
196
  attachUserPolicy(args: AttachUserPolicyCommandInput, cb: (err: any, data?: AttachUserPolicyCommandOutput) => void): void;
254
197
  attachUserPolicy(args: AttachUserPolicyCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: AttachUserPolicyCommandOutput) => void): void;
255
198
  /**
256
- * @public
257
- * <p>Changes the password of the IAM user who is calling this operation. This operation
258
- * can be performed using the CLI, the Amazon Web Services API, or the <b>My
259
- * Security Credentials</b> page in the Amazon Web Services Management Console. The Amazon Web Services account root user password is
260
- * not affected by this operation.</p>
261
- * <p>Use <a>UpdateLoginProfile</a> to use the CLI, the Amazon Web Services API, or the
262
- * <b>Users</b> page in the IAM console to change the
263
- * password for any IAM user. For more information about modifying passwords, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingLogins.html">Managing
264
- * passwords</a> in the <i>IAM User Guide</i>.</p>
199
+ * @see {@link ChangePasswordCommand}
265
200
  */
266
201
  changePassword(args: ChangePasswordCommandInput, options?: __HttpHandlerOptions): Promise<ChangePasswordCommandOutput>;
267
202
  changePassword(args: ChangePasswordCommandInput, cb: (err: any, data?: ChangePasswordCommandOutput) => void): void;
268
203
  changePassword(args: ChangePasswordCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: ChangePasswordCommandOutput) => void): void;
269
204
  /**
270
- * @public
271
- * <p> Creates a new Amazon Web Services secret access key and corresponding Amazon Web Services access key ID for the
272
- * specified user. The default status for new keys is <code>Active</code>.</p>
273
- * <p>If you do not specify a user name, IAM determines the user name implicitly based on
274
- * the Amazon Web Services access key ID signing the request. This operation works for access keys under
275
- * the Amazon Web Services account. Consequently, you can use this operation to manage Amazon Web Services account root
276
- * user credentials. This is true even if the Amazon Web Services account has no associated users.</p>
277
- * <p> For information about quotas on the number of keys you can create, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html">IAM and STS
278
- * quotas</a> in the <i>IAM User Guide</i>.</p>
279
- * <important>
280
- * <p>To ensure the security of your Amazon Web Services account, the secret access key is accessible
281
- * only during key and user creation. You must save the key (for example, in a text
282
- * file) if you want to be able to access it again. If a secret key is lost, you can
283
- * delete the access keys for the associated user and then create new keys.</p>
284
- * </important>
205
+ * @see {@link CreateAccessKeyCommand}
285
206
  */
286
207
  createAccessKey(args: CreateAccessKeyCommandInput, options?: __HttpHandlerOptions): Promise<CreateAccessKeyCommandOutput>;
287
208
  createAccessKey(args: CreateAccessKeyCommandInput, cb: (err: any, data?: CreateAccessKeyCommandOutput) => void): void;
288
209
  createAccessKey(args: CreateAccessKeyCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: CreateAccessKeyCommandOutput) => void): void;
289
210
  /**
290
- * @public
291
- * <p>Creates an alias for your Amazon Web Services account. For information about using an Amazon Web Services account
292
- * alias, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/AccountAlias.html">Using an
293
- * alias for your Amazon Web Services account ID</a> in the
294
- * <i>IAM User Guide</i>.</p>
211
+ * @see {@link CreateAccountAliasCommand}
295
212
  */
296
213
  createAccountAlias(args: CreateAccountAliasCommandInput, options?: __HttpHandlerOptions): Promise<CreateAccountAliasCommandOutput>;
297
214
  createAccountAlias(args: CreateAccountAliasCommandInput, cb: (err: any, data?: CreateAccountAliasCommandOutput) => void): void;
298
215
  createAccountAlias(args: CreateAccountAliasCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: CreateAccountAliasCommandOutput) => void): void;
299
216
  /**
300
- * @public
301
- * <p>Creates a new group.</p>
302
- * <p> For information about the number of groups you can create, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html">IAM and STS
303
- * quotas</a> in the <i>IAM User Guide</i>.</p>
217
+ * @see {@link CreateGroupCommand}
304
218
  */
305
219
  createGroup(args: CreateGroupCommandInput, options?: __HttpHandlerOptions): Promise<CreateGroupCommandOutput>;
306
220
  createGroup(args: CreateGroupCommandInput, cb: (err: any, data?: CreateGroupCommandOutput) => void): void;
307
221
  createGroup(args: CreateGroupCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: CreateGroupCommandOutput) => void): void;
308
222
  /**
309
- * @public
310
- * <p> Creates a new instance profile. For information about instance profiles, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html">Using
311
- * roles for applications on Amazon EC2</a> in the
312
- * <i>IAM User Guide</i>, and <a href="https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html#ec2-instance-profile">Instance profiles</a> in the <i>Amazon EC2 User Guide</i>.</p>
313
- * <p> For information about the number of instance profiles you can create, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html">IAM object
314
- * quotas</a> in the <i>IAM User Guide</i>.</p>
223
+ * @see {@link CreateInstanceProfileCommand}
315
224
  */
316
225
  createInstanceProfile(args: CreateInstanceProfileCommandInput, options?: __HttpHandlerOptions): Promise<CreateInstanceProfileCommandOutput>;
317
226
  createInstanceProfile(args: CreateInstanceProfileCommandInput, cb: (err: any, data?: CreateInstanceProfileCommandOutput) => void): void;
318
227
  createInstanceProfile(args: CreateInstanceProfileCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: CreateInstanceProfileCommandOutput) => void): void;
319
228
  /**
320
- * @public
321
- * <p>Creates a password for the specified IAM user. A password allows an IAM user to
322
- * access Amazon Web Services services through the Amazon Web Services Management Console.</p>
323
- * <p>You can use the CLI, the Amazon Web Services API, or the <b>Users</b>
324
- * page in the IAM console to create a password for any IAM user. Use <a>ChangePassword</a> to update your own existing password in the <b>My Security Credentials</b> page in the Amazon Web Services Management Console.</p>
325
- * <p>For more information about managing passwords, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingLogins.html">Managing passwords</a> in the
326
- * <i>IAM User Guide</i>.</p>
229
+ * @see {@link CreateLoginProfileCommand}
327
230
  */
328
231
  createLoginProfile(args: CreateLoginProfileCommandInput, options?: __HttpHandlerOptions): Promise<CreateLoginProfileCommandOutput>;
329
232
  createLoginProfile(args: CreateLoginProfileCommandInput, cb: (err: any, data?: CreateLoginProfileCommandOutput) => void): void;
330
233
  createLoginProfile(args: CreateLoginProfileCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: CreateLoginProfileCommandOutput) => void): void;
331
234
  /**
332
- * @public
333
- * <p>Creates an IAM entity to describe an identity provider (IdP) that supports <a href="http://openid.net/connect/">OpenID Connect (OIDC)</a>.</p>
334
- * <p>The OIDC provider that you create with this operation can be used as a principal in a
335
- * role's trust policy. Such a policy establishes a trust relationship between Amazon Web Services and
336
- * the OIDC provider.</p>
337
- * <p>If you are using an OIDC identity provider from Google, Facebook, or Amazon Cognito, you don't
338
- * need to create a separate IAM identity provider. These OIDC identity providers are
339
- * already built-in to Amazon Web Services and are available for your use. Instead, you can move directly
340
- * to creating new roles using your identity provider. To learn more, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-idp_oidc.html">Creating
341
- * a role for web identity or OpenID connect federation</a> in the <i>IAM
342
- * User Guide</i>.</p>
343
- * <p>When you create the IAM OIDC provider, you specify the following:</p>
344
- * <ul>
345
- * <li>
346
- * <p>The URL of the OIDC identity provider (IdP) to trust</p>
347
- * </li>
348
- * <li>
349
- * <p>A list of client IDs (also known as audiences) that identify the application
350
- * or applications allowed to authenticate using the OIDC provider</p>
351
- * </li>
352
- * <li>
353
- * <p>A list of tags that are attached to the specified IAM OIDC provider</p>
354
- * </li>
355
- * <li>
356
- * <p>A list of thumbprints of one or more server certificates that the IdP
357
- * uses</p>
358
- * </li>
359
- * </ul>
360
- * <p>You get all of this information from the OIDC IdP you want to use to access
361
- * Amazon Web Services.</p>
362
- * <note>
363
- * <p>Amazon Web Services secures communication with some OIDC identity providers (IdPs) through our
364
- * library of trusted certificate authorities (CAs) instead of using a certificate
365
- * thumbprint to verify your IdP server certificate. These OIDC IdPs include Google, Auth0,
366
- * and those that use an Amazon S3 bucket to host a JSON Web Key Set (JWKS) endpoint. In these
367
- * cases, your legacy thumbprint remains in your configuration, but is no longer used for
368
- * validation.</p>
369
- * </note>
370
- * <note>
371
- * <p>The trust for the OIDC provider is derived from the IAM provider that this
372
- * operation creates. Therefore, it is best to limit access to the <a>CreateOpenIDConnectProvider</a> operation to highly privileged
373
- * users.</p>
374
- * </note>
235
+ * @see {@link CreateOpenIDConnectProviderCommand}
375
236
  */
376
237
  createOpenIDConnectProvider(args: CreateOpenIDConnectProviderCommandInput, options?: __HttpHandlerOptions): Promise<CreateOpenIDConnectProviderCommandOutput>;
377
238
  createOpenIDConnectProvider(args: CreateOpenIDConnectProviderCommandInput, cb: (err: any, data?: CreateOpenIDConnectProviderCommandOutput) => void): void;
378
239
  createOpenIDConnectProvider(args: CreateOpenIDConnectProviderCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: CreateOpenIDConnectProviderCommandOutput) => void): void;
379
240
  /**
380
- * @public
381
- * <p>Creates a new managed policy for your Amazon Web Services account.</p>
382
- * <p>This operation creates a policy version with a version identifier of <code>v1</code>
383
- * and sets v1 as the policy's default version. For more information about policy versions,
384
- * see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html">Versioning for managed policies</a> in the
385
- * <i>IAM User Guide</i>.</p>
386
- * <p>As a best practice, you can validate your IAM policies.
387
- * To learn more, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_policy-validator.html">Validating IAM policies</a>
388
- * in the <i>IAM User Guide</i>.</p>
389
- * <p>For more information about managed policies in general, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html">Managed
390
- * policies and inline policies</a> in the
391
- * <i>IAM User Guide</i>.</p>
241
+ * @see {@link CreatePolicyCommand}
392
242
  */
393
243
  createPolicy(args: CreatePolicyCommandInput, options?: __HttpHandlerOptions): Promise<CreatePolicyCommandOutput>;
394
244
  createPolicy(args: CreatePolicyCommandInput, cb: (err: any, data?: CreatePolicyCommandOutput) => void): void;
395
245
  createPolicy(args: CreatePolicyCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: CreatePolicyCommandOutput) => void): void;
396
246
  /**
397
- * @public
398
- * <p>Creates a new version of the specified managed policy. To update a managed policy, you
399
- * create a new policy version. A managed policy can have up to five versions. If the
400
- * policy has five versions, you must delete an existing version using <a>DeletePolicyVersion</a> before you create a new version.</p>
401
- * <p>Optionally, you can set the new version as the policy's default version. The default
402
- * version is the version that is in effect for the IAM users, groups, and roles to which
403
- * the policy is attached.</p>
404
- * <p>For more information about managed policy versions, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html">Versioning for managed
405
- * policies</a> in the <i>IAM User Guide</i>.</p>
247
+ * @see {@link CreatePolicyVersionCommand}
406
248
  */
407
249
  createPolicyVersion(args: CreatePolicyVersionCommandInput, options?: __HttpHandlerOptions): Promise<CreatePolicyVersionCommandOutput>;
408
250
  createPolicyVersion(args: CreatePolicyVersionCommandInput, cb: (err: any, data?: CreatePolicyVersionCommandOutput) => void): void;
409
251
  createPolicyVersion(args: CreatePolicyVersionCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: CreatePolicyVersionCommandOutput) => void): void;
410
252
  /**
411
- * @public
412
- * <p>Creates a new role for your Amazon Web Services account. For more information about roles, see
413
- * <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/WorkingWithRoles.html">IAM
414
- * roles</a>. For information about quotas for role names and the number of roles
415
- * you can create, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html">IAM and STS quotas</a> in the
416
- * <i>IAM User Guide</i>.</p>
253
+ * @see {@link CreateRoleCommand}
417
254
  */
418
255
  createRole(args: CreateRoleCommandInput, options?: __HttpHandlerOptions): Promise<CreateRoleCommandOutput>;
419
256
  createRole(args: CreateRoleCommandInput, cb: (err: any, data?: CreateRoleCommandOutput) => void): void;
420
257
  createRole(args: CreateRoleCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: CreateRoleCommandOutput) => void): void;
421
258
  /**
422
- * @public
423
- * <p>Creates an IAM resource that describes an identity provider (IdP) that supports SAML
424
- * 2.0.</p>
425
- * <p>The SAML provider resource that you create with this operation can be used as a
426
- * principal in an IAM role's trust policy. Such a policy can enable federated users who
427
- * sign in using the SAML IdP to assume the role. You can create an IAM role that
428
- * supports Web-based single sign-on (SSO) to the Amazon Web Services Management Console or one that supports API access
429
- * to Amazon Web Services.</p>
430
- * <p>When you create the SAML provider resource, you upload a SAML metadata document that
431
- * you get from your IdP. That document includes the issuer's name, expiration information,
432
- * and keys that can be used to validate the SAML authentication response (assertions) that
433
- * the IdP sends. You must generate the metadata document using the identity management
434
- * software that is used as your organization's IdP.</p>
435
- * <note>
436
- * <p> This operation requires <a href="https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html">Signature Version 4</a>.</p>
437
- * </note>
438
- * <p> For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-saml.html">Enabling SAML 2.0
439
- * federated users to access the Amazon Web Services Management Console</a> and <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html">About SAML 2.0-based
440
- * federation</a> in the <i>IAM User Guide</i>.</p>
259
+ * @see {@link CreateSAMLProviderCommand}
441
260
  */
442
261
  createSAMLProvider(args: CreateSAMLProviderCommandInput, options?: __HttpHandlerOptions): Promise<CreateSAMLProviderCommandOutput>;
443
262
  createSAMLProvider(args: CreateSAMLProviderCommandInput, cb: (err: any, data?: CreateSAMLProviderCommandOutput) => void): void;
444
263
  createSAMLProvider(args: CreateSAMLProviderCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: CreateSAMLProviderCommandOutput) => void): void;
445
264
  /**
446
- * @public
447
- * <p>Creates an IAM role that is linked to a specific Amazon Web Services service. The service controls
448
- * the attached policies and when the role can be deleted. This helps ensure that the
449
- * service is not broken by an unexpectedly changed or deleted role, which could put your
450
- * Amazon Web Services resources into an unknown state. Allowing the service to control the role helps
451
- * improve service stability and proper cleanup when a service and its role are no longer
452
- * needed. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/using-service-linked-roles.html">Using service-linked
453
- * roles</a> in the <i>IAM User Guide</i>. </p>
454
- * <p>To attach a policy to this service-linked role, you must make the request using the
455
- * Amazon Web Services service that depends on this role.</p>
265
+ * @see {@link CreateServiceLinkedRoleCommand}
456
266
  */
457
267
  createServiceLinkedRole(args: CreateServiceLinkedRoleCommandInput, options?: __HttpHandlerOptions): Promise<CreateServiceLinkedRoleCommandOutput>;
458
268
  createServiceLinkedRole(args: CreateServiceLinkedRoleCommandInput, cb: (err: any, data?: CreateServiceLinkedRoleCommandOutput) => void): void;
459
269
  createServiceLinkedRole(args: CreateServiceLinkedRoleCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: CreateServiceLinkedRoleCommandOutput) => void): void;
460
270
  /**
461
- * @public
462
- * <p>Generates a set of credentials consisting of a user name and password that can be used
463
- * to access the service specified in the request. These credentials are generated by
464
- * IAM, and can be used only for the specified service. </p>
465
- * <p>You can have a maximum of two sets of service-specific credentials for each supported
466
- * service per user.</p>
467
- * <p>You can create service-specific credentials for CodeCommit and Amazon Keyspaces (for Apache
468
- * Cassandra).</p>
469
- * <p>You can reset the password to a new service-generated value by calling <a>ResetServiceSpecificCredential</a>.</p>
470
- * <p>For more information about service-specific credentials, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_ssh-keys.html">Using IAM
471
- * with CodeCommit: Git credentials, SSH keys, and Amazon Web Services access keys</a> in the
472
- * <i>IAM User Guide</i>.</p>
271
+ * @see {@link CreateServiceSpecificCredentialCommand}
473
272
  */
474
273
  createServiceSpecificCredential(args: CreateServiceSpecificCredentialCommandInput, options?: __HttpHandlerOptions): Promise<CreateServiceSpecificCredentialCommandOutput>;
475
274
  createServiceSpecificCredential(args: CreateServiceSpecificCredentialCommandInput, cb: (err: any, data?: CreateServiceSpecificCredentialCommandOutput) => void): void;
476
275
  createServiceSpecificCredential(args: CreateServiceSpecificCredentialCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: CreateServiceSpecificCredentialCommandOutput) => void): void;
477
276
  /**
478
- * @public
479
- * <p>Creates a new IAM user for your Amazon Web Services account.</p>
480
- * <p> For information about quotas for the number of IAM users you can create, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html">IAM and STS
481
- * quotas</a> in the <i>IAM User Guide</i>.</p>
277
+ * @see {@link CreateUserCommand}
482
278
  */
483
279
  createUser(args: CreateUserCommandInput, options?: __HttpHandlerOptions): Promise<CreateUserCommandOutput>;
484
280
  createUser(args: CreateUserCommandInput, cb: (err: any, data?: CreateUserCommandOutput) => void): void;
485
281
  createUser(args: CreateUserCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: CreateUserCommandOutput) => void): void;
486
282
  /**
487
- * @public
488
- * <p>Creates a new virtual MFA device for the Amazon Web Services account. After creating the virtual
489
- * MFA, use <a>EnableMFADevice</a> to attach the MFA device to an IAM user.
490
- * For more information about creating and working with virtual MFA devices, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_VirtualMFA.html">Using a virtual MFA
491
- * device</a> in the <i>IAM User Guide</i>.</p>
492
- * <p>For information about the maximum number of MFA devices you can create, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html">IAM and STS
493
- * quotas</a> in the <i>IAM User Guide</i>.</p>
494
- * <important>
495
- * <p>The seed information contained in the QR code and the Base32 string should be
496
- * treated like any other secret access information. In other words, protect the seed
497
- * information as you would your Amazon Web Services access keys or your passwords. After you
498
- * provision your virtual device, you should ensure that the information is destroyed
499
- * following secure procedures.</p>
500
- * </important>
283
+ * @see {@link CreateVirtualMFADeviceCommand}
501
284
  */
502
285
  createVirtualMFADevice(args: CreateVirtualMFADeviceCommandInput, options?: __HttpHandlerOptions): Promise<CreateVirtualMFADeviceCommandOutput>;
503
286
  createVirtualMFADevice(args: CreateVirtualMFADeviceCommandInput, cb: (err: any, data?: CreateVirtualMFADeviceCommandOutput) => void): void;
504
287
  createVirtualMFADevice(args: CreateVirtualMFADeviceCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: CreateVirtualMFADeviceCommandOutput) => void): void;
505
288
  /**
506
- * @public
507
- * <p>Deactivates the specified MFA device and removes it from association with the user
508
- * name for which it was originally enabled.</p>
509
- * <p>For more information about creating and working with virtual MFA devices, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_VirtualMFA.html">Enabling a virtual
510
- * multi-factor authentication (MFA) device</a> in the
511
- * <i>IAM User Guide</i>.</p>
289
+ * @see {@link DeactivateMFADeviceCommand}
512
290
  */
513
291
  deactivateMFADevice(args: DeactivateMFADeviceCommandInput, options?: __HttpHandlerOptions): Promise<DeactivateMFADeviceCommandOutput>;
514
292
  deactivateMFADevice(args: DeactivateMFADeviceCommandInput, cb: (err: any, data?: DeactivateMFADeviceCommandOutput) => void): void;
515
293
  deactivateMFADevice(args: DeactivateMFADeviceCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: DeactivateMFADeviceCommandOutput) => void): void;
516
294
  /**
517
- * @public
518
- * <p>Deletes the access key pair associated with the specified IAM user.</p>
519
- * <p>If you do not specify a user name, IAM determines the user name implicitly based on
520
- * the Amazon Web Services access key ID signing the request. This operation works for access keys under
521
- * the Amazon Web Services account. Consequently, you can use this operation to manage Amazon Web Services account root
522
- * user credentials even if the Amazon Web Services account has no associated users.</p>
295
+ * @see {@link DeleteAccessKeyCommand}
523
296
  */
524
297
  deleteAccessKey(args: DeleteAccessKeyCommandInput, options?: __HttpHandlerOptions): Promise<DeleteAccessKeyCommandOutput>;
525
298
  deleteAccessKey(args: DeleteAccessKeyCommandInput, cb: (err: any, data?: DeleteAccessKeyCommandOutput) => void): void;
526
299
  deleteAccessKey(args: DeleteAccessKeyCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: DeleteAccessKeyCommandOutput) => void): void;
527
300
  /**
528
- * @public
529
- * <p> Deletes the specified Amazon Web Services account alias. For information about using an Amazon Web Services
530
- * account alias, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/AccountAlias.html">Using an alias for your Amazon Web Services account ID</a> in the
531
- * <i>IAM User Guide</i>.</p>
301
+ * @see {@link DeleteAccountAliasCommand}
532
302
  */
533
303
  deleteAccountAlias(args: DeleteAccountAliasCommandInput, options?: __HttpHandlerOptions): Promise<DeleteAccountAliasCommandOutput>;
534
304
  deleteAccountAlias(args: DeleteAccountAliasCommandInput, cb: (err: any, data?: DeleteAccountAliasCommandOutput) => void): void;
535
305
  deleteAccountAlias(args: DeleteAccountAliasCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: DeleteAccountAliasCommandOutput) => void): void;
536
306
  /**
537
- * @public
538
- * <p>Deletes the password policy for the Amazon Web Services account. There are no parameters.</p>
307
+ * @see {@link DeleteAccountPasswordPolicyCommand}
539
308
  */
540
309
  deleteAccountPasswordPolicy(args: DeleteAccountPasswordPolicyCommandInput, options?: __HttpHandlerOptions): Promise<DeleteAccountPasswordPolicyCommandOutput>;
541
310
  deleteAccountPasswordPolicy(args: DeleteAccountPasswordPolicyCommandInput, cb: (err: any, data?: DeleteAccountPasswordPolicyCommandOutput) => void): void;
542
311
  deleteAccountPasswordPolicy(args: DeleteAccountPasswordPolicyCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: DeleteAccountPasswordPolicyCommandOutput) => void): void;
543
312
  /**
544
- * @public
545
- * <p>Deletes the specified IAM group. The group must not contain any users or have any
546
- * attached policies.</p>
313
+ * @see {@link DeleteGroupCommand}
547
314
  */
548
315
  deleteGroup(args: DeleteGroupCommandInput, options?: __HttpHandlerOptions): Promise<DeleteGroupCommandOutput>;
549
316
  deleteGroup(args: DeleteGroupCommandInput, cb: (err: any, data?: DeleteGroupCommandOutput) => void): void;
550
317
  deleteGroup(args: DeleteGroupCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: DeleteGroupCommandOutput) => void): void;
551
318
  /**
552
- * @public
553
- * <p>Deletes the specified inline policy that is embedded in the specified IAM
554
- * group.</p>
555
- * <p>A group can also have managed policies attached to it. To detach a managed policy from
556
- * a group, use <a>DetachGroupPolicy</a>. For more information about policies,
557
- * refer to <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html">Managed policies and inline
558
- * policies</a> in the <i>IAM User Guide</i>.</p>
319
+ * @see {@link DeleteGroupPolicyCommand}
559
320
  */
560
321
  deleteGroupPolicy(args: DeleteGroupPolicyCommandInput, options?: __HttpHandlerOptions): Promise<DeleteGroupPolicyCommandOutput>;
561
322
  deleteGroupPolicy(args: DeleteGroupPolicyCommandInput, cb: (err: any, data?: DeleteGroupPolicyCommandOutput) => void): void;
562
323
  deleteGroupPolicy(args: DeleteGroupPolicyCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: DeleteGroupPolicyCommandOutput) => void): void;
563
324
  /**
564
- * @public
565
- * <p>Deletes the specified instance profile. The instance profile must not have an
566
- * associated role.</p>
567
- * <important>
568
- * <p>Make sure that you do not have any Amazon EC2 instances running with the instance
569
- * profile you are about to delete. Deleting a role or instance profile that is
570
- * associated with a running instance will break any applications running on the
571
- * instance.</p>
572
- * </important>
573
- * <p>For more information about instance profiles, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/AboutInstanceProfiles.html">About instance
574
- * profiles</a>.</p>
325
+ * @see {@link DeleteInstanceProfileCommand}
575
326
  */
576
327
  deleteInstanceProfile(args: DeleteInstanceProfileCommandInput, options?: __HttpHandlerOptions): Promise<DeleteInstanceProfileCommandOutput>;
577
328
  deleteInstanceProfile(args: DeleteInstanceProfileCommandInput, cb: (err: any, data?: DeleteInstanceProfileCommandOutput) => void): void;
578
329
  deleteInstanceProfile(args: DeleteInstanceProfileCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: DeleteInstanceProfileCommandOutput) => void): void;
579
330
  /**
580
- * @public
581
- * <p>Deletes the password for the specified IAM user, For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_admin-change-user.html">Managing
582
- * passwords for IAM users</a>.</p>
583
- * <p>You can use the CLI, the Amazon Web Services API, or the <b>Users</b>
584
- * page in the IAM console to delete a password for any IAM user. You can use <a>ChangePassword</a> to update, but not delete, your own password in the
585
- * <b>My Security Credentials</b> page in the
586
- * Amazon Web Services Management Console.</p>
587
- * <important>
588
- * <p>Deleting a user's password does not prevent a user from accessing Amazon Web Services through
589
- * the command line interface or the API. To prevent all user access, you must also
590
- * either make any access keys inactive or delete them. For more information about
591
- * making keys inactive or deleting them, see <a>UpdateAccessKey</a> and
592
- * <a>DeleteAccessKey</a>.</p>
593
- * </important>
331
+ * @see {@link DeleteLoginProfileCommand}
594
332
  */
595
333
  deleteLoginProfile(args: DeleteLoginProfileCommandInput, options?: __HttpHandlerOptions): Promise<DeleteLoginProfileCommandOutput>;
596
334
  deleteLoginProfile(args: DeleteLoginProfileCommandInput, cb: (err: any, data?: DeleteLoginProfileCommandOutput) => void): void;
597
335
  deleteLoginProfile(args: DeleteLoginProfileCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: DeleteLoginProfileCommandOutput) => void): void;
598
336
  /**
599
- * @public
600
- * <p>Deletes an OpenID Connect identity provider (IdP) resource object in IAM.</p>
601
- * <p>Deleting an IAM OIDC provider resource does not update any roles that reference the
602
- * provider as a principal in their trust policies. Any attempt to assume a role that
603
- * references a deleted provider fails.</p>
604
- * <p>This operation is idempotent; it does not fail or return an error if you call the
605
- * operation for a provider that does not exist.</p>
337
+ * @see {@link DeleteOpenIDConnectProviderCommand}
606
338
  */
607
339
  deleteOpenIDConnectProvider(args: DeleteOpenIDConnectProviderCommandInput, options?: __HttpHandlerOptions): Promise<DeleteOpenIDConnectProviderCommandOutput>;
608
340
  deleteOpenIDConnectProvider(args: DeleteOpenIDConnectProviderCommandInput, cb: (err: any, data?: DeleteOpenIDConnectProviderCommandOutput) => void): void;
609
341
  deleteOpenIDConnectProvider(args: DeleteOpenIDConnectProviderCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: DeleteOpenIDConnectProviderCommandOutput) => void): void;
610
342
  /**
611
- * @public
612
- * <p>Deletes the specified managed policy.</p>
613
- * <p>Before you can delete a managed policy, you must first detach the policy from all
614
- * users, groups, and roles that it is attached to. In addition, you must delete all the
615
- * policy's versions. The following steps describe the process for deleting a managed
616
- * policy:</p>
617
- * <ul>
618
- * <li>
619
- * <p>Detach the policy from all users, groups, and roles that the policy is
620
- * attached to, using <a>DetachUserPolicy</a>, <a>DetachGroupPolicy</a>, or <a>DetachRolePolicy</a>. To
621
- * list all the users, groups, and roles that a policy is attached to, use <a>ListEntitiesForPolicy</a>.</p>
622
- * </li>
623
- * <li>
624
- * <p>Delete all versions of the policy using <a>DeletePolicyVersion</a>.
625
- * To list the policy's versions, use <a>ListPolicyVersions</a>. You
626
- * cannot use <a>DeletePolicyVersion</a> to delete the version that is
627
- * marked as the default version. You delete the policy's default version in the
628
- * next step of the process.</p>
629
- * </li>
630
- * <li>
631
- * <p>Delete the policy (this automatically deletes the policy's default version)
632
- * using this operation.</p>
633
- * </li>
634
- * </ul>
635
- * <p>For information about managed policies, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html">Managed policies and inline
636
- * policies</a> in the <i>IAM User Guide</i>.</p>
343
+ * @see {@link DeletePolicyCommand}
637
344
  */
638
345
  deletePolicy(args: DeletePolicyCommandInput, options?: __HttpHandlerOptions): Promise<DeletePolicyCommandOutput>;
639
346
  deletePolicy(args: DeletePolicyCommandInput, cb: (err: any, data?: DeletePolicyCommandOutput) => void): void;
640
347
  deletePolicy(args: DeletePolicyCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: DeletePolicyCommandOutput) => void): void;
641
348
  /**
642
- * @public
643
- * <p>Deletes the specified version from the specified managed policy.</p>
644
- * <p>You cannot delete the default version from a policy using this operation. To delete
645
- * the default version from a policy, use <a>DeletePolicy</a>. To find out which
646
- * version of a policy is marked as the default version, use <a>ListPolicyVersions</a>.</p>
647
- * <p>For information about versions for managed policies, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html">Versioning for managed
648
- * policies</a> in the <i>IAM User Guide</i>.</p>
349
+ * @see {@link DeletePolicyVersionCommand}
649
350
  */
650
351
  deletePolicyVersion(args: DeletePolicyVersionCommandInput, options?: __HttpHandlerOptions): Promise<DeletePolicyVersionCommandOutput>;
651
352
  deletePolicyVersion(args: DeletePolicyVersionCommandInput, cb: (err: any, data?: DeletePolicyVersionCommandOutput) => void): void;
652
353
  deletePolicyVersion(args: DeletePolicyVersionCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: DeletePolicyVersionCommandOutput) => void): void;
653
354
  /**
654
- * @public
655
- * <p>Deletes the specified role. Unlike the Amazon Web Services Management Console, when you delete a role
656
- * programmatically, you must delete the items attached to the role manually, or the
657
- * deletion fails. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_manage_delete.html#roles-managingrole-deleting-cli">Deleting an IAM role</a>. Before attempting to delete a role, remove the
658
- * following attached items: </p>
659
- * <ul>
660
- * <li>
661
- * <p>Inline policies (<a>DeleteRolePolicy</a>)</p>
662
- * </li>
663
- * <li>
664
- * <p>Attached managed policies (<a>DetachRolePolicy</a>)</p>
665
- * </li>
666
- * <li>
667
- * <p>Instance profile (<a>RemoveRoleFromInstanceProfile</a>)</p>
668
- * </li>
669
- * <li>
670
- * <p>Optional – Delete instance profile after detaching from role for
671
- * resource clean up (<a>DeleteInstanceProfile</a>)</p>
672
- * </li>
673
- * </ul>
674
- * <important>
675
- * <p>Make sure that you do not have any Amazon EC2 instances running with the role you
676
- * are about to delete. Deleting a role or instance profile that is associated with a
677
- * running instance will break any applications running on the instance.</p>
678
- * </important>
355
+ * @see {@link DeleteRoleCommand}
679
356
  */
680
357
  deleteRole(args: DeleteRoleCommandInput, options?: __HttpHandlerOptions): Promise<DeleteRoleCommandOutput>;
681
358
  deleteRole(args: DeleteRoleCommandInput, cb: (err: any, data?: DeleteRoleCommandOutput) => void): void;
682
359
  deleteRole(args: DeleteRoleCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: DeleteRoleCommandOutput) => void): void;
683
360
  /**
684
- * @public
685
- * <p>Deletes the permissions boundary for the specified IAM role. </p>
686
- * <p>You cannot set the boundary for a service-linked role.</p>
687
- * <important>
688
- * <p>Deleting the permissions boundary for a role might increase its permissions. For
689
- * example, it might allow anyone who assumes the role to perform all the actions
690
- * granted in its permissions policies.</p>
691
- * </important>
361
+ * @see {@link DeleteRolePermissionsBoundaryCommand}
692
362
  */
693
363
  deleteRolePermissionsBoundary(args: DeleteRolePermissionsBoundaryCommandInput, options?: __HttpHandlerOptions): Promise<DeleteRolePermissionsBoundaryCommandOutput>;
694
364
  deleteRolePermissionsBoundary(args: DeleteRolePermissionsBoundaryCommandInput, cb: (err: any, data?: DeleteRolePermissionsBoundaryCommandOutput) => void): void;
695
365
  deleteRolePermissionsBoundary(args: DeleteRolePermissionsBoundaryCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: DeleteRolePermissionsBoundaryCommandOutput) => void): void;
696
366
  /**
697
- * @public
698
- * <p>Deletes the specified inline policy that is embedded in the specified IAM
699
- * role.</p>
700
- * <p>A role can also have managed policies attached to it. To detach a managed policy from
701
- * a role, use <a>DetachRolePolicy</a>. For more information about policies,
702
- * refer to <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html">Managed policies and inline
703
- * policies</a> in the <i>IAM User Guide</i>.</p>
367
+ * @see {@link DeleteRolePolicyCommand}
704
368
  */
705
369
  deleteRolePolicy(args: DeleteRolePolicyCommandInput, options?: __HttpHandlerOptions): Promise<DeleteRolePolicyCommandOutput>;
706
370
  deleteRolePolicy(args: DeleteRolePolicyCommandInput, cb: (err: any, data?: DeleteRolePolicyCommandOutput) => void): void;
707
371
  deleteRolePolicy(args: DeleteRolePolicyCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: DeleteRolePolicyCommandOutput) => void): void;
708
372
  /**
709
- * @public
710
- * <p>Deletes a SAML provider resource in IAM.</p>
711
- * <p>Deleting the provider resource from IAM does not update any roles that reference the
712
- * SAML provider resource's ARN as a principal in their trust policies. Any attempt to
713
- * assume a role that references a non-existent provider resource ARN fails.</p>
714
- * <note>
715
- * <p> This operation requires <a href="https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html">Signature Version 4</a>.</p>
716
- * </note>
373
+ * @see {@link DeleteSAMLProviderCommand}
717
374
  */
718
375
  deleteSAMLProvider(args: DeleteSAMLProviderCommandInput, options?: __HttpHandlerOptions): Promise<DeleteSAMLProviderCommandOutput>;
719
376
  deleteSAMLProvider(args: DeleteSAMLProviderCommandInput, cb: (err: any, data?: DeleteSAMLProviderCommandOutput) => void): void;
720
377
  deleteSAMLProvider(args: DeleteSAMLProviderCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: DeleteSAMLProviderCommandOutput) => void): void;
721
378
  /**
722
- * @public
723
- * <p>Deletes the specified server certificate.</p>
724
- * <p>For more information about working with server certificates, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html">Working
725
- * with server certificates</a> in the <i>IAM User Guide</i>. This
726
- * topic also includes a list of Amazon Web Services services that can use the server certificates that
727
- * you manage with IAM.</p>
728
- * <important>
729
- * <p> If you are using a server certificate with Elastic Load Balancing, deleting the
730
- * certificate could have implications for your application. If Elastic Load Balancing
731
- * doesn't detect the deletion of bound certificates, it may continue to use the
732
- * certificates. This could cause Elastic Load Balancing to stop accepting traffic. We
733
- * recommend that you remove the reference to the certificate from Elastic Load
734
- * Balancing before using this command to delete the certificate. For more information,
735
- * see <a href="https://docs.aws.amazon.com/ElasticLoadBalancing/latest/APIReference/API_DeleteLoadBalancerListeners.html">DeleteLoadBalancerListeners</a> in the <i>Elastic Load Balancing API
736
- * Reference</i>.</p>
737
- * </important>
379
+ * @see {@link DeleteServerCertificateCommand}
738
380
  */
739
381
  deleteServerCertificate(args: DeleteServerCertificateCommandInput, options?: __HttpHandlerOptions): Promise<DeleteServerCertificateCommandOutput>;
740
382
  deleteServerCertificate(args: DeleteServerCertificateCommandInput, cb: (err: any, data?: DeleteServerCertificateCommandOutput) => void): void;
741
383
  deleteServerCertificate(args: DeleteServerCertificateCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: DeleteServerCertificateCommandOutput) => void): void;
742
384
  /**
743
- * @public
744
- * <p>Submits a service-linked role deletion request and returns a
745
- * <code>DeletionTaskId</code>, which you can use to check the status of the deletion.
746
- * Before you call this operation, confirm that the role has no active sessions and that
747
- * any resources used by the role in the linked service are deleted. If you call this
748
- * operation more than once for the same service-linked role and an earlier deletion task
749
- * is not complete, then the <code>DeletionTaskId</code> of the earlier request is
750
- * returned.</p>
751
- * <p>If you submit a deletion request for a service-linked role whose linked service is
752
- * still accessing a resource, then the deletion task fails. If it fails, the <a>GetServiceLinkedRoleDeletionStatus</a> operation returns the reason for the
753
- * failure, usually including the resources that must be deleted. To delete the
754
- * service-linked role, you must first remove those resources from the linked service and
755
- * then submit the deletion request again. Resources are specific to the service that is
756
- * linked to the role. For more information about removing resources from a service, see
757
- * the <a href="http://docs.aws.amazon.com/">Amazon Web Services documentation</a> for your
758
- * service.</p>
759
- * <p>For more information about service-linked roles, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html#iam-term-service-linked-role">Roles terms and concepts: Amazon Web Services service-linked role</a> in the
760
- * <i>IAM User Guide</i>.</p>
385
+ * @see {@link DeleteServiceLinkedRoleCommand}
761
386
  */
762
387
  deleteServiceLinkedRole(args: DeleteServiceLinkedRoleCommandInput, options?: __HttpHandlerOptions): Promise<DeleteServiceLinkedRoleCommandOutput>;
763
388
  deleteServiceLinkedRole(args: DeleteServiceLinkedRoleCommandInput, cb: (err: any, data?: DeleteServiceLinkedRoleCommandOutput) => void): void;
764
389
  deleteServiceLinkedRole(args: DeleteServiceLinkedRoleCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: DeleteServiceLinkedRoleCommandOutput) => void): void;
765
390
  /**
766
- * @public
767
- * <p>Deletes the specified service-specific credential.</p>
391
+ * @see {@link DeleteServiceSpecificCredentialCommand}
768
392
  */
769
393
  deleteServiceSpecificCredential(args: DeleteServiceSpecificCredentialCommandInput, options?: __HttpHandlerOptions): Promise<DeleteServiceSpecificCredentialCommandOutput>;
770
394
  deleteServiceSpecificCredential(args: DeleteServiceSpecificCredentialCommandInput, cb: (err: any, data?: DeleteServiceSpecificCredentialCommandOutput) => void): void;
771
395
  deleteServiceSpecificCredential(args: DeleteServiceSpecificCredentialCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: DeleteServiceSpecificCredentialCommandOutput) => void): void;
772
396
  /**
773
- * @public
774
- * <p>Deletes a signing certificate associated with the specified IAM user.</p>
775
- * <p>If you do not specify a user name, IAM determines the user name implicitly based on
776
- * the Amazon Web Services access key ID signing the request. This operation works for access keys under
777
- * the Amazon Web Services account. Consequently, you can use this operation to manage Amazon Web Services account root
778
- * user credentials even if the Amazon Web Services account has no associated IAM users.</p>
397
+ * @see {@link DeleteSigningCertificateCommand}
779
398
  */
780
399
  deleteSigningCertificate(args: DeleteSigningCertificateCommandInput, options?: __HttpHandlerOptions): Promise<DeleteSigningCertificateCommandOutput>;
781
400
  deleteSigningCertificate(args: DeleteSigningCertificateCommandInput, cb: (err: any, data?: DeleteSigningCertificateCommandOutput) => void): void;
782
401
  deleteSigningCertificate(args: DeleteSigningCertificateCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: DeleteSigningCertificateCommandOutput) => void): void;
783
402
  /**
784
- * @public
785
- * <p>Deletes the specified SSH public key.</p>
786
- * <p>The SSH public key deleted by this operation is used only for authenticating the
787
- * associated IAM user to an CodeCommit repository. For more information about using SSH keys
788
- * to authenticate to an CodeCommit repository, see <a href="https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-credentials-ssh.html">Set up CodeCommit for
789
- * SSH connections</a> in the <i>CodeCommit User Guide</i>.</p>
403
+ * @see {@link DeleteSSHPublicKeyCommand}
790
404
  */
791
405
  deleteSSHPublicKey(args: DeleteSSHPublicKeyCommandInput, options?: __HttpHandlerOptions): Promise<DeleteSSHPublicKeyCommandOutput>;
792
406
  deleteSSHPublicKey(args: DeleteSSHPublicKeyCommandInput, cb: (err: any, data?: DeleteSSHPublicKeyCommandOutput) => void): void;
793
407
  deleteSSHPublicKey(args: DeleteSSHPublicKeyCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: DeleteSSHPublicKeyCommandOutput) => void): void;
794
408
  /**
795
- * @public
796
- * <p>Deletes the specified IAM user. Unlike the Amazon Web Services Management Console, when you delete a user
797
- * programmatically, you must delete the items attached to the user manually, or the
798
- * deletion fails. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_manage.html#id_users_deleting_cli">Deleting an IAM
799
- * user</a>. Before attempting to delete a user, remove the following items:</p>
800
- * <ul>
801
- * <li>
802
- * <p>Password (<a>DeleteLoginProfile</a>)</p>
803
- * </li>
804
- * <li>
805
- * <p>Access keys (<a>DeleteAccessKey</a>)</p>
806
- * </li>
807
- * <li>
808
- * <p>Signing certificate (<a>DeleteSigningCertificate</a>)</p>
809
- * </li>
810
- * <li>
811
- * <p>SSH public key (<a>DeleteSSHPublicKey</a>)</p>
812
- * </li>
813
- * <li>
814
- * <p>Git credentials (<a>DeleteServiceSpecificCredential</a>)</p>
815
- * </li>
816
- * <li>
817
- * <p>Multi-factor authentication (MFA) device (<a>DeactivateMFADevice</a>, <a>DeleteVirtualMFADevice</a>)</p>
818
- * </li>
819
- * <li>
820
- * <p>Inline policies (<a>DeleteUserPolicy</a>)</p>
821
- * </li>
822
- * <li>
823
- * <p>Attached managed policies (<a>DetachUserPolicy</a>)</p>
824
- * </li>
825
- * <li>
826
- * <p>Group memberships (<a>RemoveUserFromGroup</a>)</p>
827
- * </li>
828
- * </ul>
409
+ * @see {@link DeleteUserCommand}
829
410
  */
830
411
  deleteUser(args: DeleteUserCommandInput, options?: __HttpHandlerOptions): Promise<DeleteUserCommandOutput>;
831
412
  deleteUser(args: DeleteUserCommandInput, cb: (err: any, data?: DeleteUserCommandOutput) => void): void;
832
413
  deleteUser(args: DeleteUserCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: DeleteUserCommandOutput) => void): void;
833
414
  /**
834
- * @public
835
- * <p>Deletes the permissions boundary for the specified IAM user.</p>
836
- * <important>
837
- * <p>Deleting the permissions boundary for a user might increase its permissions by
838
- * allowing the user to perform all the actions granted in its permissions policies.
839
- * </p>
840
- * </important>
415
+ * @see {@link DeleteUserPermissionsBoundaryCommand}
841
416
  */
842
417
  deleteUserPermissionsBoundary(args: DeleteUserPermissionsBoundaryCommandInput, options?: __HttpHandlerOptions): Promise<DeleteUserPermissionsBoundaryCommandOutput>;
843
418
  deleteUserPermissionsBoundary(args: DeleteUserPermissionsBoundaryCommandInput, cb: (err: any, data?: DeleteUserPermissionsBoundaryCommandOutput) => void): void;
844
419
  deleteUserPermissionsBoundary(args: DeleteUserPermissionsBoundaryCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: DeleteUserPermissionsBoundaryCommandOutput) => void): void;
845
420
  /**
846
- * @public
847
- * <p>Deletes the specified inline policy that is embedded in the specified IAM
848
- * user.</p>
849
- * <p>A user can also have managed policies attached to it. To detach a managed policy from
850
- * a user, use <a>DetachUserPolicy</a>. For more information about policies,
851
- * refer to <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html">Managed policies and inline
852
- * policies</a> in the <i>IAM User Guide</i>.</p>
421
+ * @see {@link DeleteUserPolicyCommand}
853
422
  */
854
423
  deleteUserPolicy(args: DeleteUserPolicyCommandInput, options?: __HttpHandlerOptions): Promise<DeleteUserPolicyCommandOutput>;
855
424
  deleteUserPolicy(args: DeleteUserPolicyCommandInput, cb: (err: any, data?: DeleteUserPolicyCommandOutput) => void): void;
856
425
  deleteUserPolicy(args: DeleteUserPolicyCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: DeleteUserPolicyCommandOutput) => void): void;
857
426
  /**
858
- * @public
859
- * <p>Deletes a virtual MFA device.</p>
860
- * <note>
861
- * <p> You must deactivate a user's virtual MFA device before you can delete it. For
862
- * information about deactivating MFA devices, see <a>DeactivateMFADevice</a>. </p>
863
- * </note>
427
+ * @see {@link DeleteVirtualMFADeviceCommand}
864
428
  */
865
429
  deleteVirtualMFADevice(args: DeleteVirtualMFADeviceCommandInput, options?: __HttpHandlerOptions): Promise<DeleteVirtualMFADeviceCommandOutput>;
866
430
  deleteVirtualMFADevice(args: DeleteVirtualMFADeviceCommandInput, cb: (err: any, data?: DeleteVirtualMFADeviceCommandOutput) => void): void;
867
431
  deleteVirtualMFADevice(args: DeleteVirtualMFADeviceCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: DeleteVirtualMFADeviceCommandOutput) => void): void;
868
432
  /**
869
- * @public
870
- * <p>Removes the specified managed policy from the specified IAM group.</p>
871
- * <p>A group can also have inline policies embedded with it. To delete an inline policy,
872
- * use <a>DeleteGroupPolicy</a>. For information about policies, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html">Managed
873
- * policies and inline policies</a> in the
874
- * <i>IAM User Guide</i>.</p>
433
+ * @see {@link DetachGroupPolicyCommand}
875
434
  */
876
435
  detachGroupPolicy(args: DetachGroupPolicyCommandInput, options?: __HttpHandlerOptions): Promise<DetachGroupPolicyCommandOutput>;
877
436
  detachGroupPolicy(args: DetachGroupPolicyCommandInput, cb: (err: any, data?: DetachGroupPolicyCommandOutput) => void): void;
878
437
  detachGroupPolicy(args: DetachGroupPolicyCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: DetachGroupPolicyCommandOutput) => void): void;
879
438
  /**
880
- * @public
881
- * <p>Removes the specified managed policy from the specified role.</p>
882
- * <p>A role can also have inline policies embedded with it. To delete an inline policy, use
883
- * <a>DeleteRolePolicy</a>. For information about policies, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html">Managed
884
- * policies and inline policies</a> in the
885
- * <i>IAM User Guide</i>.</p>
439
+ * @see {@link DetachRolePolicyCommand}
886
440
  */
887
441
  detachRolePolicy(args: DetachRolePolicyCommandInput, options?: __HttpHandlerOptions): Promise<DetachRolePolicyCommandOutput>;
888
442
  detachRolePolicy(args: DetachRolePolicyCommandInput, cb: (err: any, data?: DetachRolePolicyCommandOutput) => void): void;
889
443
  detachRolePolicy(args: DetachRolePolicyCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: DetachRolePolicyCommandOutput) => void): void;
890
444
  /**
891
- * @public
892
- * <p>Removes the specified managed policy from the specified user.</p>
893
- * <p>A user can also have inline policies embedded with it. To delete an inline policy, use
894
- * <a>DeleteUserPolicy</a>. For information about policies, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html">Managed
895
- * policies and inline policies</a> in the
896
- * <i>IAM User Guide</i>.</p>
445
+ * @see {@link DetachUserPolicyCommand}
897
446
  */
898
447
  detachUserPolicy(args: DetachUserPolicyCommandInput, options?: __HttpHandlerOptions): Promise<DetachUserPolicyCommandOutput>;
899
448
  detachUserPolicy(args: DetachUserPolicyCommandInput, cb: (err: any, data?: DetachUserPolicyCommandOutput) => void): void;
900
449
  detachUserPolicy(args: DetachUserPolicyCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: DetachUserPolicyCommandOutput) => void): void;
901
450
  /**
902
- * @public
903
- * <p>Enables the specified MFA device and associates it with the specified IAM user. When
904
- * enabled, the MFA device is required for every subsequent login by the IAM user
905
- * associated with the device.</p>
451
+ * @see {@link EnableMFADeviceCommand}
906
452
  */
907
453
  enableMFADevice(args: EnableMFADeviceCommandInput, options?: __HttpHandlerOptions): Promise<EnableMFADeviceCommandOutput>;
908
454
  enableMFADevice(args: EnableMFADeviceCommandInput, cb: (err: any, data?: EnableMFADeviceCommandOutput) => void): void;
909
455
  enableMFADevice(args: EnableMFADeviceCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: EnableMFADeviceCommandOutput) => void): void;
910
456
  /**
911
- * @public
912
- * <p> Generates a credential report for the Amazon Web Services account. For more information about the
913
- * credential report, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/credential-reports.html">Getting credential reports</a> in
914
- * the <i>IAM User Guide</i>.</p>
457
+ * @see {@link GenerateCredentialReportCommand}
915
458
  */
916
459
  generateCredentialReport(args: GenerateCredentialReportCommandInput, options?: __HttpHandlerOptions): Promise<GenerateCredentialReportCommandOutput>;
917
460
  generateCredentialReport(args: GenerateCredentialReportCommandInput, cb: (err: any, data?: GenerateCredentialReportCommandOutput) => void): void;
918
461
  generateCredentialReport(args: GenerateCredentialReportCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: GenerateCredentialReportCommandOutput) => void): void;
919
462
  /**
920
- * @public
921
- * <p>Generates a report for service last accessed data for Organizations. You can generate a
922
- * report for any entities (organization root, organizational unit, or account) or policies
923
- * in your organization.</p>
924
- * <p>To call this operation, you must be signed in using your Organizations management account
925
- * credentials. You can use your long-term IAM user or root user credentials, or temporary
926
- * credentials from assuming an IAM role. SCPs must be enabled for your organization
927
- * root. You must have the required IAM and Organizations permissions. For more information, see
928
- * <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html">Refining permissions using service last accessed data</a> in the
929
- * <i>IAM User Guide</i>.</p>
930
- * <p>You can generate a service last accessed data report for entities by specifying only
931
- * the entity's path. This data includes a list of services that are allowed by any service
932
- * control policies (SCPs) that apply to the entity.</p>
933
- * <p>You can generate a service last accessed data report for a policy by specifying an
934
- * entity's path and an optional Organizations policy ID. This data includes a list of services that
935
- * are allowed by the specified SCP.</p>
936
- * <p>For each service in both report types, the data includes the most recent account
937
- * activity that the policy allows to account principals in the entity or the entity's
938
- * children. For important information about the data, reporting period, permissions
939
- * required, troubleshooting, and supported Regions see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html">Reducing permissions using
940
- * service last accessed data</a> in the
941
- * <i>IAM User Guide</i>.</p>
942
- * <important>
943
- * <p>The data includes all attempts to access Amazon Web Services, not just the successful ones. This
944
- * includes all attempts that were made using the Amazon Web Services Management Console, the Amazon Web Services API through any
945
- * of the SDKs, or any of the command line tools. An unexpected entry in the service
946
- * last accessed data does not mean that an account has been compromised, because the
947
- * request might have been denied. Refer to your CloudTrail logs as the authoritative
948
- * source for information about all API calls and whether they were successful or
949
- * denied access. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-integration.html">Logging IAM events with
950
- * CloudTrail</a> in the <i>IAM User Guide</i>.</p>
951
- * </important>
952
- * <p>This operation returns a <code>JobId</code>. Use this parameter in the <code>
953
- * <a>GetOrganizationsAccessReport</a>
954
- * </code> operation to check the status of
955
- * the report generation. To check the status of this request, use the <code>JobId</code>
956
- * parameter in the <code>
957
- * <a>GetOrganizationsAccessReport</a>
958
- * </code> operation
959
- * and test the <code>JobStatus</code> response parameter. When the job is complete, you
960
- * can retrieve the report.</p>
961
- * <p>To generate a service last accessed data report for entities, specify an entity path
962
- * without specifying the optional Organizations policy ID. The type of entity that you specify
963
- * determines the data returned in the report.</p>
964
- * <ul>
965
- * <li>
966
- * <p>
967
- * <b>Root</b> – When you specify the
968
- * organizations root as the entity, the resulting report lists all of the services
969
- * allowed by SCPs that are attached to your root. For each service, the report
970
- * includes data for all accounts in your organization except the
971
- * management account, because the management account is not limited by SCPs.</p>
972
- * </li>
973
- * <li>
974
- * <p>
975
- * <b>OU</b> – When you specify an
976
- * organizational unit (OU) as the entity, the resulting report lists all of the
977
- * services allowed by SCPs that are attached to the OU and its parents. For each
978
- * service, the report includes data for all accounts in the OU or its children.
979
- * This data excludes the management account, because the management account is not
980
- * limited by SCPs.</p>
981
- * </li>
982
- * <li>
983
- * <p>
984
- * <b>management account</b> – When you specify the
985
- * management account, the resulting report lists all Amazon Web Services services, because the
986
- * management account is not limited by SCPs. For each service, the report includes
987
- * data for only the management account.</p>
988
- * </li>
989
- * <li>
990
- * <p>
991
- * <b>Account</b> – When you specify another
992
- * account as the entity, the resulting report lists all of the services allowed by
993
- * SCPs that are attached to the account and its parents. For each service, the
994
- * report includes data for only the specified account.</p>
995
- * </li>
996
- * </ul>
997
- * <p>To generate a service last accessed data report for policies, specify an entity path
998
- * and the optional Organizations policy ID. The type of entity that you specify determines the data
999
- * returned for each service.</p>
1000
- * <ul>
1001
- * <li>
1002
- * <p>
1003
- * <b>Root</b> – When you specify the root
1004
- * entity and a policy ID, the resulting report lists all of the services that are
1005
- * allowed by the specified SCP. For each service, the report includes data for all
1006
- * accounts in your organization to which the SCP applies. This data excludes the
1007
- * management account, because the management account is not limited by SCPs. If the
1008
- * SCP is not attached to any entities in the organization, then the report will
1009
- * return a list of services with no data.</p>
1010
- * </li>
1011
- * <li>
1012
- * <p>
1013
- * <b>OU</b> – When you specify an OU entity and
1014
- * a policy ID, the resulting report lists all of the services that are allowed by
1015
- * the specified SCP. For each service, the report includes data for all accounts
1016
- * in the OU or its children to which the SCP applies. This means that other
1017
- * accounts outside the OU that are affected by the SCP might not be included in
1018
- * the data. This data excludes the management account, because the
1019
- * management account is not limited by SCPs. If the SCP is not attached to the OU
1020
- * or one of its children, the report will return a list of services with no
1021
- * data.</p>
1022
- * </li>
1023
- * <li>
1024
- * <p>
1025
- * <b>management account</b> – When you specify the
1026
- * management account, the resulting report lists all Amazon Web Services services, because the
1027
- * management account is not limited by SCPs. If you specify a policy ID in the CLI
1028
- * or API, the policy is ignored. For each service, the report includes data for
1029
- * only the management account.</p>
1030
- * </li>
1031
- * <li>
1032
- * <p>
1033
- * <b>Account</b> – When you specify another
1034
- * account entity and a policy ID, the resulting report lists all of the services
1035
- * that are allowed by the specified SCP. For each service, the report includes
1036
- * data for only the specified account. This means that other accounts in the
1037
- * organization that are affected by the SCP might not be included in the data. If
1038
- * the SCP is not attached to the account, the report will return a list of
1039
- * services with no data.</p>
1040
- * </li>
1041
- * </ul>
1042
- * <note>
1043
- * <p>Service last accessed data does not use other policy types when determining
1044
- * whether a principal could access a service. These other policy types include
1045
- * identity-based policies, resource-based policies, access control lists, IAM
1046
- * permissions boundaries, and STS assume role policies. It only applies SCP logic.
1047
- * For more about the evaluation of policy types, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-basics">Evaluating policies</a> in the
1048
- * <i>IAM User Guide</i>.</p>
1049
- * </note>
1050
- * <p>For more information about service last accessed data, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html">Reducing policy scope by
1051
- * viewing user activity</a> in the <i>IAM User Guide</i>.</p>
463
+ * @see {@link GenerateOrganizationsAccessReportCommand}
1052
464
  */
1053
465
  generateOrganizationsAccessReport(args: GenerateOrganizationsAccessReportCommandInput, options?: __HttpHandlerOptions): Promise<GenerateOrganizationsAccessReportCommandOutput>;
1054
466
  generateOrganizationsAccessReport(args: GenerateOrganizationsAccessReportCommandInput, cb: (err: any, data?: GenerateOrganizationsAccessReportCommandOutput) => void): void;
1055
467
  generateOrganizationsAccessReport(args: GenerateOrganizationsAccessReportCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: GenerateOrganizationsAccessReportCommandOutput) => void): void;
1056
468
  /**
1057
- * @public
1058
- * <p>Generates a report that includes details about when an IAM resource (user, group,
1059
- * role, or policy) was last used in an attempt to access Amazon Web Services services. Recent activity
1060
- * usually appears within four hours. IAM reports activity for at least the last 400
1061
- * days, or less if your Region began supporting this feature within the last year. For
1062
- * more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#access-advisor_tracking-period">Regions where data is tracked</a>.</p>
1063
- * <important>
1064
- * <p>The service last accessed data includes all attempts to access an Amazon Web Services API, not
1065
- * just the successful ones. This includes all attempts that were made using the
1066
- * Amazon Web Services Management Console, the Amazon Web Services API through any of the SDKs, or any of the command line tools.
1067
- * An unexpected entry in the service last accessed data does not mean that your
1068
- * account has been compromised, because the request might have been denied. Refer to
1069
- * your CloudTrail logs as the authoritative source for information about all API calls
1070
- * and whether they were successful or denied access. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-integration.html">Logging
1071
- * IAM events with CloudTrail</a> in the
1072
- * <i>IAM User Guide</i>.</p>
1073
- * </important>
1074
- * <p>The <code>GenerateServiceLastAccessedDetails</code> operation returns a
1075
- * <code>JobId</code>. Use this parameter in the following operations to retrieve the
1076
- * following details from your report: </p>
1077
- * <ul>
1078
- * <li>
1079
- * <p>
1080
- * <a>GetServiceLastAccessedDetails</a> – Use this operation
1081
- * for users, groups, roles, or policies to list every Amazon Web Services service that the
1082
- * resource could access using permissions policies. For each service, the response
1083
- * includes information about the most recent access attempt.</p>
1084
- * <p>The <code>JobId</code> returned by
1085
- * <code>GenerateServiceLastAccessedDetail</code> must be used by the same role
1086
- * within a session, or by the same user when used to call
1087
- * <code>GetServiceLastAccessedDetail</code>.</p>
1088
- * </li>
1089
- * <li>
1090
- * <p>
1091
- * <a>GetServiceLastAccessedDetailsWithEntities</a> – Use this
1092
- * operation for groups and policies to list information about the associated
1093
- * entities (users or roles) that attempted to access a specific Amazon Web Services service.
1094
- * </p>
1095
- * </li>
1096
- * </ul>
1097
- * <p>To check the status of the <code>GenerateServiceLastAccessedDetails</code> request,
1098
- * use the <code>JobId</code> parameter in the same operations and test the
1099
- * <code>JobStatus</code> response parameter.</p>
1100
- * <p>For additional information about the permissions policies that allow an identity
1101
- * (user, group, or role) to access specific services, use the <a>ListPoliciesGrantingServiceAccess</a> operation.</p>
1102
- * <note>
1103
- * <p>Service last accessed data does not use other policy types when determining
1104
- * whether a resource could access a service. These other policy types include
1105
- * resource-based policies, access control lists, Organizations policies, IAM permissions
1106
- * boundaries, and STS assume role policies. It only applies permissions policy
1107
- * logic. For more about the evaluation of policy types, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-basics">Evaluating policies</a> in the
1108
- * <i>IAM User Guide</i>.</p>
1109
- * </note>
1110
- * <p>For more information about service and action last accessed data, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html">Reducing permissions using service last accessed data</a> in the
1111
- * <i>IAM User Guide</i>.</p>
469
+ * @see {@link GenerateServiceLastAccessedDetailsCommand}
1112
470
  */
1113
471
  generateServiceLastAccessedDetails(args: GenerateServiceLastAccessedDetailsCommandInput, options?: __HttpHandlerOptions): Promise<GenerateServiceLastAccessedDetailsCommandOutput>;
1114
472
  generateServiceLastAccessedDetails(args: GenerateServiceLastAccessedDetailsCommandInput, cb: (err: any, data?: GenerateServiceLastAccessedDetailsCommandOutput) => void): void;
1115
473
  generateServiceLastAccessedDetails(args: GenerateServiceLastAccessedDetailsCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: GenerateServiceLastAccessedDetailsCommandOutput) => void): void;
1116
474
  /**
1117
- * @public
1118
- * <p>Retrieves information about when the specified access key was last used. The
1119
- * information includes the date and time of last use, along with the Amazon Web Services service and
1120
- * Region that were specified in the last request made with that key.</p>
475
+ * @see {@link GetAccessKeyLastUsedCommand}
1121
476
  */
1122
477
  getAccessKeyLastUsed(args: GetAccessKeyLastUsedCommandInput, options?: __HttpHandlerOptions): Promise<GetAccessKeyLastUsedCommandOutput>;
1123
478
  getAccessKeyLastUsed(args: GetAccessKeyLastUsedCommandInput, cb: (err: any, data?: GetAccessKeyLastUsedCommandOutput) => void): void;
1124
479
  getAccessKeyLastUsed(args: GetAccessKeyLastUsedCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: GetAccessKeyLastUsedCommandOutput) => void): void;
1125
480
  /**
1126
- * @public
1127
- * <p>Retrieves information about all IAM users, groups, roles, and policies in your Amazon Web Services
1128
- * account, including their relationships to one another. Use this operation to obtain a
1129
- * snapshot of the configuration of IAM permissions (users, groups, roles, and policies)
1130
- * in your account.</p>
1131
- * <note>
1132
- * <p>Policies returned by this operation are URL-encoded compliant
1133
- * with <a href="https://tools.ietf.org/html/rfc3986">RFC 3986</a>. You can use a URL
1134
- * decoding method to convert the policy back to plain JSON text. For example, if you use Java, you
1135
- * can use the <code>decode</code> method of the <code>java.net.URLDecoder</code> utility class in
1136
- * the Java SDK. Other languages and SDKs provide similar functionality.</p>
1137
- * </note>
1138
- * <p>You can optionally filter the results using the <code>Filter</code> parameter. You can
1139
- * paginate the results using the <code>MaxItems</code> and <code>Marker</code>
1140
- * parameters.</p>
481
+ * @see {@link GetAccountAuthorizationDetailsCommand}
1141
482
  */
1142
483
  getAccountAuthorizationDetails(args: GetAccountAuthorizationDetailsCommandInput, options?: __HttpHandlerOptions): Promise<GetAccountAuthorizationDetailsCommandOutput>;
1143
484
  getAccountAuthorizationDetails(args: GetAccountAuthorizationDetailsCommandInput, cb: (err: any, data?: GetAccountAuthorizationDetailsCommandOutput) => void): void;
1144
485
  getAccountAuthorizationDetails(args: GetAccountAuthorizationDetailsCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: GetAccountAuthorizationDetailsCommandOutput) => void): void;
1145
486
  /**
1146
- * @public
1147
- * <p>Retrieves the password policy for the Amazon Web Services account. This tells you the complexity
1148
- * requirements and mandatory rotation periods for the IAM user passwords in your account.
1149
- * For more information about using a password policy, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingPasswordPolicies.html">Managing an IAM password
1150
- * policy</a>.</p>
487
+ * @see {@link GetAccountPasswordPolicyCommand}
1151
488
  */
1152
489
  getAccountPasswordPolicy(args: GetAccountPasswordPolicyCommandInput, options?: __HttpHandlerOptions): Promise<GetAccountPasswordPolicyCommandOutput>;
1153
490
  getAccountPasswordPolicy(args: GetAccountPasswordPolicyCommandInput, cb: (err: any, data?: GetAccountPasswordPolicyCommandOutput) => void): void;
1154
491
  getAccountPasswordPolicy(args: GetAccountPasswordPolicyCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: GetAccountPasswordPolicyCommandOutput) => void): void;
1155
492
  /**
1156
- * @public
1157
- * <p>Retrieves information about IAM entity usage and IAM quotas in the Amazon Web Services
1158
- * account.</p>
1159
- * <p> For information about IAM quotas, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html">IAM and STS quotas</a> in the
1160
- * <i>IAM User Guide</i>.</p>
493
+ * @see {@link GetAccountSummaryCommand}
1161
494
  */
1162
495
  getAccountSummary(args: GetAccountSummaryCommandInput, options?: __HttpHandlerOptions): Promise<GetAccountSummaryCommandOutput>;
1163
496
  getAccountSummary(args: GetAccountSummaryCommandInput, cb: (err: any, data?: GetAccountSummaryCommandOutput) => void): void;
1164
497
  getAccountSummary(args: GetAccountSummaryCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: GetAccountSummaryCommandOutput) => void): void;
1165
498
  /**
1166
- * @public
1167
- * <p>Gets a list of all of the context keys referenced in the input policies. The policies
1168
- * are supplied as a list of one or more strings. To get the context keys from policies
1169
- * associated with an IAM user, group, or role, use <a>GetContextKeysForPrincipalPolicy</a>.</p>
1170
- * <p>Context keys are variables maintained by Amazon Web Services and its services that provide details
1171
- * about the context of an API query request. Context keys can be evaluated by testing
1172
- * against a value specified in an IAM policy. Use
1173
- * <code>GetContextKeysForCustomPolicy</code> to understand what key names and values
1174
- * you must supply when you call <a>SimulateCustomPolicy</a>. Note that all
1175
- * parameters are shown in unencoded form here for clarity but must be URL encoded to be
1176
- * included as a part of a real HTML request.</p>
499
+ * @see {@link GetContextKeysForCustomPolicyCommand}
1177
500
  */
1178
501
  getContextKeysForCustomPolicy(args: GetContextKeysForCustomPolicyCommandInput, options?: __HttpHandlerOptions): Promise<GetContextKeysForCustomPolicyCommandOutput>;
1179
502
  getContextKeysForCustomPolicy(args: GetContextKeysForCustomPolicyCommandInput, cb: (err: any, data?: GetContextKeysForCustomPolicyCommandOutput) => void): void;
1180
503
  getContextKeysForCustomPolicy(args: GetContextKeysForCustomPolicyCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: GetContextKeysForCustomPolicyCommandOutput) => void): void;
1181
504
  /**
1182
- * @public
1183
- * <p>Gets a list of all of the context keys referenced in all the IAM policies that are
1184
- * attached to the specified IAM entity. The entity can be an IAM user, group, or role.
1185
- * If you specify a user, then the request also includes all of the policies attached to
1186
- * groups that the user is a member of.</p>
1187
- * <p>You can optionally include a list of one or more additional policies, specified as
1188
- * strings. If you want to include <i>only</i> a list of policies by string,
1189
- * use <a>GetContextKeysForCustomPolicy</a> instead.</p>
1190
- * <p>
1191
- * <b>Note:</b> This operation discloses information about the
1192
- * permissions granted to other users. If you do not want users to see other user's
1193
- * permissions, then consider allowing them to use <a>GetContextKeysForCustomPolicy</a> instead.</p>
1194
- * <p>Context keys are variables maintained by Amazon Web Services and its services that provide details
1195
- * about the context of an API query request. Context keys can be evaluated by testing
1196
- * against a value in an IAM policy. Use <a>GetContextKeysForPrincipalPolicy</a> to understand what key names and values you must supply when you call <a>SimulatePrincipalPolicy</a>.</p>
505
+ * @see {@link GetContextKeysForPrincipalPolicyCommand}
1197
506
  */
1198
507
  getContextKeysForPrincipalPolicy(args: GetContextKeysForPrincipalPolicyCommandInput, options?: __HttpHandlerOptions): Promise<GetContextKeysForPrincipalPolicyCommandOutput>;
1199
508
  getContextKeysForPrincipalPolicy(args: GetContextKeysForPrincipalPolicyCommandInput, cb: (err: any, data?: GetContextKeysForPrincipalPolicyCommandOutput) => void): void;
1200
509
  getContextKeysForPrincipalPolicy(args: GetContextKeysForPrincipalPolicyCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: GetContextKeysForPrincipalPolicyCommandOutput) => void): void;
1201
510
  /**
1202
- * @public
1203
- * <p> Retrieves a credential report for the Amazon Web Services account. For more information about the
1204
- * credential report, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/credential-reports.html">Getting credential reports</a> in
1205
- * the <i>IAM User Guide</i>.</p>
511
+ * @see {@link GetCredentialReportCommand}
1206
512
  */
1207
513
  getCredentialReport(args: GetCredentialReportCommandInput, options?: __HttpHandlerOptions): Promise<GetCredentialReportCommandOutput>;
1208
514
  getCredentialReport(args: GetCredentialReportCommandInput, cb: (err: any, data?: GetCredentialReportCommandOutput) => void): void;
1209
515
  getCredentialReport(args: GetCredentialReportCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: GetCredentialReportCommandOutput) => void): void;
1210
516
  /**
1211
- * @public
1212
- * <p> Returns a list of IAM users that are in the specified IAM group. You can paginate
1213
- * the results using the <code>MaxItems</code> and <code>Marker</code> parameters.</p>
517
+ * @see {@link GetGroupCommand}
1214
518
  */
1215
519
  getGroup(args: GetGroupCommandInput, options?: __HttpHandlerOptions): Promise<GetGroupCommandOutput>;
1216
520
  getGroup(args: GetGroupCommandInput, cb: (err: any, data?: GetGroupCommandOutput) => void): void;
1217
521
  getGroup(args: GetGroupCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: GetGroupCommandOutput) => void): void;
1218
522
  /**
1219
- * @public
1220
- * <p>Retrieves the specified inline policy document that is embedded in the specified IAM
1221
- * group.</p>
1222
- * <note>
1223
- * <p>Policies returned by this operation are URL-encoded compliant
1224
- * with <a href="https://tools.ietf.org/html/rfc3986">RFC 3986</a>. You can use a URL
1225
- * decoding method to convert the policy back to plain JSON text. For example, if you use Java, you
1226
- * can use the <code>decode</code> method of the <code>java.net.URLDecoder</code> utility class in
1227
- * the Java SDK. Other languages and SDKs provide similar functionality.</p>
1228
- * </note>
1229
- * <p>An IAM group can also have managed policies attached to it. To retrieve a managed
1230
- * policy document that is attached to a group, use <a>GetPolicy</a> to
1231
- * determine the policy's default version, then use <a>GetPolicyVersion</a> to
1232
- * retrieve the policy document.</p>
1233
- * <p>For more information about policies, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html">Managed policies and inline
1234
- * policies</a> in the <i>IAM User Guide</i>.</p>
523
+ * @see {@link GetGroupPolicyCommand}
1235
524
  */
1236
525
  getGroupPolicy(args: GetGroupPolicyCommandInput, options?: __HttpHandlerOptions): Promise<GetGroupPolicyCommandOutput>;
1237
526
  getGroupPolicy(args: GetGroupPolicyCommandInput, cb: (err: any, data?: GetGroupPolicyCommandOutput) => void): void;
1238
527
  getGroupPolicy(args: GetGroupPolicyCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: GetGroupPolicyCommandOutput) => void): void;
1239
528
  /**
1240
- * @public
1241
- * <p> Retrieves information about the specified instance profile, including the instance
1242
- * profile's path, GUID, ARN, and role. For more information about instance profiles, see
1243
- * <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/AboutInstanceProfiles.html">About
1244
- * instance profiles</a> in the <i>IAM User Guide</i>.</p>
529
+ * @see {@link GetInstanceProfileCommand}
1245
530
  */
1246
531
  getInstanceProfile(args: GetInstanceProfileCommandInput, options?: __HttpHandlerOptions): Promise<GetInstanceProfileCommandOutput>;
1247
532
  getInstanceProfile(args: GetInstanceProfileCommandInput, cb: (err: any, data?: GetInstanceProfileCommandOutput) => void): void;
1248
533
  getInstanceProfile(args: GetInstanceProfileCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: GetInstanceProfileCommandOutput) => void): void;
1249
534
  /**
1250
- * @public
1251
- * <p>Retrieves the user name for the specified IAM user. A login profile is created when
1252
- * you create a password for the user to access the Amazon Web Services Management Console. If the user does not exist
1253
- * or does not have a password, the operation returns a 404 (<code>NoSuchEntity</code>)
1254
- * error.</p>
1255
- * <p>If you create an IAM user with access to the console, the <code>CreateDate</code>
1256
- * reflects the date you created the initial password for the user.</p>
1257
- * <p>If you create an IAM user with programmatic access, and then later add a password
1258
- * for the user to access the Amazon Web Services Management Console, the <code>CreateDate</code> reflects the initial
1259
- * password creation date. A user with programmatic access does not have a login profile
1260
- * unless you create a password for the user to access the Amazon Web Services Management Console.</p>
535
+ * @see {@link GetLoginProfileCommand}
1261
536
  */
1262
537
  getLoginProfile(args: GetLoginProfileCommandInput, options?: __HttpHandlerOptions): Promise<GetLoginProfileCommandOutput>;
1263
538
  getLoginProfile(args: GetLoginProfileCommandInput, cb: (err: any, data?: GetLoginProfileCommandOutput) => void): void;
1264
539
  getLoginProfile(args: GetLoginProfileCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: GetLoginProfileCommandOutput) => void): void;
1265
540
  /**
1266
- * @public
1267
- * <p>Returns information about the specified OpenID Connect (OIDC) provider resource object
1268
- * in IAM.</p>
541
+ * @see {@link GetOpenIDConnectProviderCommand}
1269
542
  */
1270
543
  getOpenIDConnectProvider(args: GetOpenIDConnectProviderCommandInput, options?: __HttpHandlerOptions): Promise<GetOpenIDConnectProviderCommandOutput>;
1271
544
  getOpenIDConnectProvider(args: GetOpenIDConnectProviderCommandInput, cb: (err: any, data?: GetOpenIDConnectProviderCommandOutput) => void): void;
1272
545
  getOpenIDConnectProvider(args: GetOpenIDConnectProviderCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: GetOpenIDConnectProviderCommandOutput) => void): void;
1273
546
  /**
1274
- * @public
1275
- * <p>Retrieves the service last accessed data report for Organizations that was previously
1276
- * generated using the <code>
1277
- * <a>GenerateOrganizationsAccessReport</a>
1278
- * </code>
1279
- * operation. This operation retrieves the status of your report job and the report
1280
- * contents.</p>
1281
- * <p>Depending on the parameters that you passed when you generated the report, the data
1282
- * returned could include different information. For details, see <a>GenerateOrganizationsAccessReport</a>.</p>
1283
- * <p>To call this operation, you must be signed in to the management account in your
1284
- * organization. SCPs must be enabled for your organization root. You must have permissions
1285
- * to perform this operation. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html">Refining permissions using
1286
- * service last accessed data</a> in the
1287
- * <i>IAM User Guide</i>.</p>
1288
- * <p>For each service that principals in an account (root user, IAM users, or IAM roles)
1289
- * could access using SCPs, the operation returns details about the most recent access
1290
- * attempt. If there was no attempt, the service is listed without details about the most
1291
- * recent attempt to access the service. If the operation fails, it returns the reason that
1292
- * it failed.</p>
1293
- * <p>By default, the list is sorted by service namespace.</p>
547
+ * @see {@link GetOrganizationsAccessReportCommand}
1294
548
  */
1295
549
  getOrganizationsAccessReport(args: GetOrganizationsAccessReportCommandInput, options?: __HttpHandlerOptions): Promise<GetOrganizationsAccessReportCommandOutput>;
1296
550
  getOrganizationsAccessReport(args: GetOrganizationsAccessReportCommandInput, cb: (err: any, data?: GetOrganizationsAccessReportCommandOutput) => void): void;
1297
551
  getOrganizationsAccessReport(args: GetOrganizationsAccessReportCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: GetOrganizationsAccessReportCommandOutput) => void): void;
1298
552
  /**
1299
- * @public
1300
- * <p>Retrieves information about the specified managed policy, including the policy's
1301
- * default version and the total number of IAM users, groups, and roles to which the
1302
- * policy is attached. To retrieve the list of the specific users, groups, and roles that
1303
- * the policy is attached to, use <a>ListEntitiesForPolicy</a>. This operation
1304
- * returns metadata about the policy. To retrieve the actual policy document for a specific
1305
- * version of the policy, use <a>GetPolicyVersion</a>.</p>
1306
- * <p>This operation retrieves information about managed policies. To retrieve information
1307
- * about an inline policy that is embedded with an IAM user, group, or role, use <a>GetUserPolicy</a>, <a>GetGroupPolicy</a>, or <a>GetRolePolicy</a>.</p>
1308
- * <p>For more information about policies, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html">Managed policies and inline
1309
- * policies</a> in the <i>IAM User Guide</i>.</p>
553
+ * @see {@link GetPolicyCommand}
1310
554
  */
1311
555
  getPolicy(args: GetPolicyCommandInput, options?: __HttpHandlerOptions): Promise<GetPolicyCommandOutput>;
1312
556
  getPolicy(args: GetPolicyCommandInput, cb: (err: any, data?: GetPolicyCommandOutput) => void): void;
1313
557
  getPolicy(args: GetPolicyCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: GetPolicyCommandOutput) => void): void;
1314
558
  /**
1315
- * @public
1316
- * <p>Retrieves information about the specified version of the specified managed policy,
1317
- * including the policy document.</p>
1318
- * <note>
1319
- * <p>Policies returned by this operation are URL-encoded compliant
1320
- * with <a href="https://tools.ietf.org/html/rfc3986">RFC 3986</a>. You can use a URL
1321
- * decoding method to convert the policy back to plain JSON text. For example, if you use Java, you
1322
- * can use the <code>decode</code> method of the <code>java.net.URLDecoder</code> utility class in
1323
- * the Java SDK. Other languages and SDKs provide similar functionality.</p>
1324
- * </note>
1325
- * <p>To list the available versions for a policy, use <a>ListPolicyVersions</a>.</p>
1326
- * <p>This operation retrieves information about managed policies. To retrieve information
1327
- * about an inline policy that is embedded in a user, group, or role, use <a>GetUserPolicy</a>, <a>GetGroupPolicy</a>, or <a>GetRolePolicy</a>.</p>
1328
- * <p>For more information about the types of policies, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html">Managed policies and inline
1329
- * policies</a> in the <i>IAM User Guide</i>.</p>
1330
- * <p>For more information about managed policy versions, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html">Versioning for managed
1331
- * policies</a> in the <i>IAM User Guide</i>.</p>
559
+ * @see {@link GetPolicyVersionCommand}
1332
560
  */
1333
561
  getPolicyVersion(args: GetPolicyVersionCommandInput, options?: __HttpHandlerOptions): Promise<GetPolicyVersionCommandOutput>;
1334
562
  getPolicyVersion(args: GetPolicyVersionCommandInput, cb: (err: any, data?: GetPolicyVersionCommandOutput) => void): void;
1335
563
  getPolicyVersion(args: GetPolicyVersionCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: GetPolicyVersionCommandOutput) => void): void;
1336
564
  /**
1337
- * @public
1338
- * <p>Retrieves information about the specified role, including the role's path, GUID, ARN,
1339
- * and the role's trust policy that grants permission to assume the role. For more
1340
- * information about roles, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/WorkingWithRoles.html">Working with roles</a>.</p>
1341
- * <note>
1342
- * <p>Policies returned by this operation are URL-encoded compliant
1343
- * with <a href="https://tools.ietf.org/html/rfc3986">RFC 3986</a>. You can use a URL
1344
- * decoding method to convert the policy back to plain JSON text. For example, if you use Java, you
1345
- * can use the <code>decode</code> method of the <code>java.net.URLDecoder</code> utility class in
1346
- * the Java SDK. Other languages and SDKs provide similar functionality.</p>
1347
- * </note>
565
+ * @see {@link GetRoleCommand}
1348
566
  */
1349
567
  getRole(args: GetRoleCommandInput, options?: __HttpHandlerOptions): Promise<GetRoleCommandOutput>;
1350
568
  getRole(args: GetRoleCommandInput, cb: (err: any, data?: GetRoleCommandOutput) => void): void;
1351
569
  getRole(args: GetRoleCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: GetRoleCommandOutput) => void): void;
1352
570
  /**
1353
- * @public
1354
- * <p>Retrieves the specified inline policy document that is embedded with the specified
1355
- * IAM role.</p>
1356
- * <note>
1357
- * <p>Policies returned by this operation are URL-encoded compliant
1358
- * with <a href="https://tools.ietf.org/html/rfc3986">RFC 3986</a>. You can use a URL
1359
- * decoding method to convert the policy back to plain JSON text. For example, if you use Java, you
1360
- * can use the <code>decode</code> method of the <code>java.net.URLDecoder</code> utility class in
1361
- * the Java SDK. Other languages and SDKs provide similar functionality.</p>
1362
- * </note>
1363
- * <p>An IAM role can also have managed policies attached to it. To retrieve a managed
1364
- * policy document that is attached to a role, use <a>GetPolicy</a> to determine
1365
- * the policy's default version, then use <a>GetPolicyVersion</a> to retrieve
1366
- * the policy document.</p>
1367
- * <p>For more information about policies, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html">Managed policies and inline
1368
- * policies</a> in the <i>IAM User Guide</i>.</p>
1369
- * <p>For more information about roles, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/roles-toplevel.html">Using roles to delegate permissions and
1370
- * federate identities</a>.</p>
571
+ * @see {@link GetRolePolicyCommand}
1371
572
  */
1372
573
  getRolePolicy(args: GetRolePolicyCommandInput, options?: __HttpHandlerOptions): Promise<GetRolePolicyCommandOutput>;
1373
574
  getRolePolicy(args: GetRolePolicyCommandInput, cb: (err: any, data?: GetRolePolicyCommandOutput) => void): void;
1374
575
  getRolePolicy(args: GetRolePolicyCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: GetRolePolicyCommandOutput) => void): void;
1375
576
  /**
1376
- * @public
1377
- * <p>Returns the SAML provider metadocument that was uploaded when the IAM SAML provider
1378
- * resource object was created or updated.</p>
1379
- * <note>
1380
- * <p>This operation requires <a href="https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html">Signature Version 4</a>.</p>
1381
- * </note>
577
+ * @see {@link GetSAMLProviderCommand}
1382
578
  */
1383
579
  getSAMLProvider(args: GetSAMLProviderCommandInput, options?: __HttpHandlerOptions): Promise<GetSAMLProviderCommandOutput>;
1384
580
  getSAMLProvider(args: GetSAMLProviderCommandInput, cb: (err: any, data?: GetSAMLProviderCommandOutput) => void): void;
1385
581
  getSAMLProvider(args: GetSAMLProviderCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: GetSAMLProviderCommandOutput) => void): void;
1386
582
  /**
1387
- * @public
1388
- * <p>Retrieves information about the specified server certificate stored in IAM.</p>
1389
- * <p>For more information about working with server certificates, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html">Working
1390
- * with server certificates</a> in the <i>IAM User Guide</i>. This
1391
- * topic includes a list of Amazon Web Services services that can use the server certificates that you
1392
- * manage with IAM.</p>
583
+ * @see {@link GetServerCertificateCommand}
1393
584
  */
1394
585
  getServerCertificate(args: GetServerCertificateCommandInput, options?: __HttpHandlerOptions): Promise<GetServerCertificateCommandOutput>;
1395
586
  getServerCertificate(args: GetServerCertificateCommandInput, cb: (err: any, data?: GetServerCertificateCommandOutput) => void): void;
1396
587
  getServerCertificate(args: GetServerCertificateCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: GetServerCertificateCommandOutput) => void): void;
1397
588
  /**
1398
- * @public
1399
- * <p>Retrieves a service last accessed report that was created using the
1400
- * <code>GenerateServiceLastAccessedDetails</code> operation. You can use the
1401
- * <code>JobId</code> parameter in <code>GetServiceLastAccessedDetails</code> to
1402
- * retrieve the status of your report job. When the report is complete, you can retrieve
1403
- * the generated report. The report includes a list of Amazon Web Services services that the resource
1404
- * (user, group, role, or managed policy) can access.</p>
1405
- * <note>
1406
- * <p>Service last accessed data does not use other policy types when determining
1407
- * whether a resource could access a service. These other policy types include
1408
- * resource-based policies, access control lists, Organizations policies, IAM permissions
1409
- * boundaries, and STS assume role policies. It only applies permissions policy
1410
- * logic. For more about the evaluation of policy types, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-basics">Evaluating policies</a> in the
1411
- * <i>IAM User Guide</i>.</p>
1412
- * </note>
1413
- * <p>For each service that the resource could access using permissions policies, the
1414
- * operation returns details about the most recent access attempt. If there was no attempt,
1415
- * the service is listed without details about the most recent attempt to access the
1416
- * service. If the operation fails, the <code>GetServiceLastAccessedDetails</code>
1417
- * operation returns the reason that it failed.</p>
1418
- * <p>The <code>GetServiceLastAccessedDetails</code> operation returns a list of services.
1419
- * This list includes the number of entities that have attempted to access the service and
1420
- * the date and time of the last attempt. It also returns the ARN of the following entity,
1421
- * depending on the resource ARN that you used to generate the report:</p>
1422
- * <ul>
1423
- * <li>
1424
- * <p>
1425
- * <b>User</b> – Returns the user ARN that you
1426
- * used to generate the report</p>
1427
- * </li>
1428
- * <li>
1429
- * <p>
1430
- * <b>Group</b> – Returns the ARN of the group
1431
- * member (user) that last attempted to access the service</p>
1432
- * </li>
1433
- * <li>
1434
- * <p>
1435
- * <b>Role</b> – Returns the role ARN that you
1436
- * used to generate the report</p>
1437
- * </li>
1438
- * <li>
1439
- * <p>
1440
- * <b>Policy</b> – Returns the ARN of the user
1441
- * or role that last used the policy to attempt to access the service</p>
1442
- * </li>
1443
- * </ul>
1444
- * <p>By default, the list is sorted by service namespace.</p>
1445
- * <p>If you specified <code>ACTION_LEVEL</code> granularity when you generated the report,
1446
- * this operation returns service and action last accessed data. This includes the most
1447
- * recent access attempt for each tracked action within a service. Otherwise, this
1448
- * operation returns only service data.</p>
1449
- * <p>For more information about service and action last accessed data, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html">Reducing permissions using service last accessed data</a> in the
1450
- * <i>IAM User Guide</i>.</p>
589
+ * @see {@link GetServiceLastAccessedDetailsCommand}
1451
590
  */
1452
591
  getServiceLastAccessedDetails(args: GetServiceLastAccessedDetailsCommandInput, options?: __HttpHandlerOptions): Promise<GetServiceLastAccessedDetailsCommandOutput>;
1453
592
  getServiceLastAccessedDetails(args: GetServiceLastAccessedDetailsCommandInput, cb: (err: any, data?: GetServiceLastAccessedDetailsCommandOutput) => void): void;
1454
593
  getServiceLastAccessedDetails(args: GetServiceLastAccessedDetailsCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: GetServiceLastAccessedDetailsCommandOutput) => void): void;
1455
594
  /**
1456
- * @public
1457
- * <p>After you generate a group or policy report using the
1458
- * <code>GenerateServiceLastAccessedDetails</code> operation, you can use the
1459
- * <code>JobId</code> parameter in
1460
- * <code>GetServiceLastAccessedDetailsWithEntities</code>. This operation retrieves the
1461
- * status of your report job and a list of entities that could have used group or policy
1462
- * permissions to access the specified service.</p>
1463
- * <ul>
1464
- * <li>
1465
- * <p>
1466
- * <b>Group</b> – For a group report, this
1467
- * operation returns a list of users in the group that could have used the group’s
1468
- * policies in an attempt to access the service.</p>
1469
- * </li>
1470
- * <li>
1471
- * <p>
1472
- * <b>Policy</b> – For a policy report, this
1473
- * operation returns a list of entities (users or roles) that could have used the
1474
- * policy in an attempt to access the service.</p>
1475
- * </li>
1476
- * </ul>
1477
- * <p>You can also use this operation for user or role reports to retrieve details about
1478
- * those entities.</p>
1479
- * <p>If the operation fails, the <code>GetServiceLastAccessedDetailsWithEntities</code>
1480
- * operation returns the reason that it failed.</p>
1481
- * <p>By default, the list of associated entities is sorted by date, with the most recent
1482
- * access listed first.</p>
595
+ * @see {@link GetServiceLastAccessedDetailsWithEntitiesCommand}
1483
596
  */
1484
597
  getServiceLastAccessedDetailsWithEntities(args: GetServiceLastAccessedDetailsWithEntitiesCommandInput, options?: __HttpHandlerOptions): Promise<GetServiceLastAccessedDetailsWithEntitiesCommandOutput>;
1485
598
  getServiceLastAccessedDetailsWithEntities(args: GetServiceLastAccessedDetailsWithEntitiesCommandInput, cb: (err: any, data?: GetServiceLastAccessedDetailsWithEntitiesCommandOutput) => void): void;
1486
599
  getServiceLastAccessedDetailsWithEntities(args: GetServiceLastAccessedDetailsWithEntitiesCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: GetServiceLastAccessedDetailsWithEntitiesCommandOutput) => void): void;
1487
600
  /**
1488
- * @public
1489
- * <p>Retrieves the status of your service-linked role deletion. After you use <a>DeleteServiceLinkedRole</a> to submit a service-linked role for deletion,
1490
- * you can use the <code>DeletionTaskId</code> parameter in
1491
- * <code>GetServiceLinkedRoleDeletionStatus</code> to check the status of the deletion.
1492
- * If the deletion fails, this operation returns the reason that it failed, if that
1493
- * information is returned by the service.</p>
601
+ * @see {@link GetServiceLinkedRoleDeletionStatusCommand}
1494
602
  */
1495
603
  getServiceLinkedRoleDeletionStatus(args: GetServiceLinkedRoleDeletionStatusCommandInput, options?: __HttpHandlerOptions): Promise<GetServiceLinkedRoleDeletionStatusCommandOutput>;
1496
604
  getServiceLinkedRoleDeletionStatus(args: GetServiceLinkedRoleDeletionStatusCommandInput, cb: (err: any, data?: GetServiceLinkedRoleDeletionStatusCommandOutput) => void): void;
1497
605
  getServiceLinkedRoleDeletionStatus(args: GetServiceLinkedRoleDeletionStatusCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: GetServiceLinkedRoleDeletionStatusCommandOutput) => void): void;
1498
606
  /**
1499
- * @public
1500
- * <p>Retrieves the specified SSH public key, including metadata about the key.</p>
1501
- * <p>The SSH public key retrieved by this operation is used only for authenticating the
1502
- * associated IAM user to an CodeCommit repository. For more information about using SSH keys
1503
- * to authenticate to an CodeCommit repository, see <a href="https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-credentials-ssh.html">Set up CodeCommit for SSH
1504
- * connections</a> in the <i>CodeCommit User Guide</i>.</p>
607
+ * @see {@link GetSSHPublicKeyCommand}
1505
608
  */
1506
609
  getSSHPublicKey(args: GetSSHPublicKeyCommandInput, options?: __HttpHandlerOptions): Promise<GetSSHPublicKeyCommandOutput>;
1507
610
  getSSHPublicKey(args: GetSSHPublicKeyCommandInput, cb: (err: any, data?: GetSSHPublicKeyCommandOutput) => void): void;
1508
611
  getSSHPublicKey(args: GetSSHPublicKeyCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: GetSSHPublicKeyCommandOutput) => void): void;
1509
612
  /**
1510
- * @public
1511
- * <p>Retrieves information about the specified IAM user, including the user's creation
1512
- * date, path, unique ID, and ARN.</p>
1513
- * <p>If you do not specify a user name, IAM determines the user name implicitly based on
1514
- * the Amazon Web Services access key ID used to sign the request to this operation.</p>
613
+ * @see {@link GetUserCommand}
1515
614
  */
1516
615
  getUser(args: GetUserCommandInput, options?: __HttpHandlerOptions): Promise<GetUserCommandOutput>;
1517
616
  getUser(args: GetUserCommandInput, cb: (err: any, data?: GetUserCommandOutput) => void): void;
1518
617
  getUser(args: GetUserCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: GetUserCommandOutput) => void): void;
1519
618
  /**
1520
- * @public
1521
- * <p>Retrieves the specified inline policy document that is embedded in the specified IAM
1522
- * user.</p>
1523
- * <note>
1524
- * <p>Policies returned by this operation are URL-encoded compliant
1525
- * with <a href="https://tools.ietf.org/html/rfc3986">RFC 3986</a>. You can use a URL
1526
- * decoding method to convert the policy back to plain JSON text. For example, if you use Java, you
1527
- * can use the <code>decode</code> method of the <code>java.net.URLDecoder</code> utility class in
1528
- * the Java SDK. Other languages and SDKs provide similar functionality.</p>
1529
- * </note>
1530
- * <p>An IAM user can also have managed policies attached to it. To retrieve a managed
1531
- * policy document that is attached to a user, use <a>GetPolicy</a> to determine
1532
- * the policy's default version. Then use <a>GetPolicyVersion</a> to retrieve
1533
- * the policy document.</p>
1534
- * <p>For more information about policies, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html">Managed policies and inline
1535
- * policies</a> in the <i>IAM User Guide</i>.</p>
619
+ * @see {@link GetUserPolicyCommand}
1536
620
  */
1537
621
  getUserPolicy(args: GetUserPolicyCommandInput, options?: __HttpHandlerOptions): Promise<GetUserPolicyCommandOutput>;
1538
622
  getUserPolicy(args: GetUserPolicyCommandInput, cb: (err: any, data?: GetUserPolicyCommandOutput) => void): void;
1539
623
  getUserPolicy(args: GetUserPolicyCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: GetUserPolicyCommandOutput) => void): void;
1540
624
  /**
1541
- * @public
1542
- * <p>Returns information about the access key IDs associated with the specified IAM user.
1543
- * If there is none, the operation returns an empty list.</p>
1544
- * <p>Although each user is limited to a small number of keys, you can still paginate the
1545
- * results using the <code>MaxItems</code> and <code>Marker</code> parameters.</p>
1546
- * <p>If the <code>UserName</code> is not specified, the user name is determined implicitly
1547
- * based on the Amazon Web Services access key ID used to sign the request. If a temporary access key is
1548
- * used, then <code>UserName</code> is required. If a long-term key is assigned to the
1549
- * user, then <code>UserName</code> is not required. This operation works for access keys
1550
- * under the Amazon Web Services account. Consequently, you can use this operation to manage Amazon Web Services account root user
1551
- * credentials even if the Amazon Web Services account has no associated users.</p>
1552
- * <note>
1553
- * <p>To ensure the security of your Amazon Web Services account, the secret access key is accessible
1554
- * only during key and user creation.</p>
1555
- * </note>
625
+ * @see {@link ListAccessKeysCommand}
1556
626
  */
1557
627
  listAccessKeys(args: ListAccessKeysCommandInput, options?: __HttpHandlerOptions): Promise<ListAccessKeysCommandOutput>;
1558
628
  listAccessKeys(args: ListAccessKeysCommandInput, cb: (err: any, data?: ListAccessKeysCommandOutput) => void): void;
1559
629
  listAccessKeys(args: ListAccessKeysCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: ListAccessKeysCommandOutput) => void): void;
1560
630
  /**
1561
- * @public
1562
- * <p>Lists the account alias associated with the Amazon Web Services account (Note: you can have only
1563
- * one). For information about using an Amazon Web Services account alias, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/AccountAlias.html">Using an alias for your
1564
- * Amazon Web Services account ID</a> in the <i>IAM User Guide</i>.</p>
631
+ * @see {@link ListAccountAliasesCommand}
1565
632
  */
1566
633
  listAccountAliases(args: ListAccountAliasesCommandInput, options?: __HttpHandlerOptions): Promise<ListAccountAliasesCommandOutput>;
1567
634
  listAccountAliases(args: ListAccountAliasesCommandInput, cb: (err: any, data?: ListAccountAliasesCommandOutput) => void): void;
1568
635
  listAccountAliases(args: ListAccountAliasesCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: ListAccountAliasesCommandOutput) => void): void;
1569
636
  /**
1570
- * @public
1571
- * <p>Lists all managed policies that are attached to the specified IAM group.</p>
1572
- * <p>An IAM group can also have inline policies embedded with it. To list the inline
1573
- * policies for a group, use <a>ListGroupPolicies</a>. For information about
1574
- * policies, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html">Managed policies and inline
1575
- * policies</a> in the <i>IAM User Guide</i>.</p>
1576
- * <p>You can paginate the results using the <code>MaxItems</code> and <code>Marker</code>
1577
- * parameters. You can use the <code>PathPrefix</code> parameter to limit the list of
1578
- * policies to only those matching the specified path prefix. If there are no policies
1579
- * attached to the specified group (or none that match the specified path prefix), the
1580
- * operation returns an empty list.</p>
637
+ * @see {@link ListAttachedGroupPoliciesCommand}
1581
638
  */
1582
639
  listAttachedGroupPolicies(args: ListAttachedGroupPoliciesCommandInput, options?: __HttpHandlerOptions): Promise<ListAttachedGroupPoliciesCommandOutput>;
1583
640
  listAttachedGroupPolicies(args: ListAttachedGroupPoliciesCommandInput, cb: (err: any, data?: ListAttachedGroupPoliciesCommandOutput) => void): void;
1584
641
  listAttachedGroupPolicies(args: ListAttachedGroupPoliciesCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: ListAttachedGroupPoliciesCommandOutput) => void): void;
1585
642
  /**
1586
- * @public
1587
- * <p>Lists all managed policies that are attached to the specified IAM role.</p>
1588
- * <p>An IAM role can also have inline policies embedded with it. To list the inline
1589
- * policies for a role, use <a>ListRolePolicies</a>. For information about
1590
- * policies, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html">Managed policies and inline
1591
- * policies</a> in the <i>IAM User Guide</i>.</p>
1592
- * <p>You can paginate the results using the <code>MaxItems</code> and <code>Marker</code>
1593
- * parameters. You can use the <code>PathPrefix</code> parameter to limit the list of
1594
- * policies to only those matching the specified path prefix. If there are no policies
1595
- * attached to the specified role (or none that match the specified path prefix), the
1596
- * operation returns an empty list.</p>
643
+ * @see {@link ListAttachedRolePoliciesCommand}
1597
644
  */
1598
645
  listAttachedRolePolicies(args: ListAttachedRolePoliciesCommandInput, options?: __HttpHandlerOptions): Promise<ListAttachedRolePoliciesCommandOutput>;
1599
646
  listAttachedRolePolicies(args: ListAttachedRolePoliciesCommandInput, cb: (err: any, data?: ListAttachedRolePoliciesCommandOutput) => void): void;
1600
647
  listAttachedRolePolicies(args: ListAttachedRolePoliciesCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: ListAttachedRolePoliciesCommandOutput) => void): void;
1601
648
  /**
1602
- * @public
1603
- * <p>Lists all managed policies that are attached to the specified IAM user.</p>
1604
- * <p>An IAM user can also have inline policies embedded with it. To list the inline
1605
- * policies for a user, use <a>ListUserPolicies</a>. For information about
1606
- * policies, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html">Managed policies and inline
1607
- * policies</a> in the <i>IAM User Guide</i>.</p>
1608
- * <p>You can paginate the results using the <code>MaxItems</code> and <code>Marker</code>
1609
- * parameters. You can use the <code>PathPrefix</code> parameter to limit the list of
1610
- * policies to only those matching the specified path prefix. If there are no policies
1611
- * attached to the specified group (or none that match the specified path prefix), the
1612
- * operation returns an empty list.</p>
649
+ * @see {@link ListAttachedUserPoliciesCommand}
1613
650
  */
1614
651
  listAttachedUserPolicies(args: ListAttachedUserPoliciesCommandInput, options?: __HttpHandlerOptions): Promise<ListAttachedUserPoliciesCommandOutput>;
1615
652
  listAttachedUserPolicies(args: ListAttachedUserPoliciesCommandInput, cb: (err: any, data?: ListAttachedUserPoliciesCommandOutput) => void): void;
1616
653
  listAttachedUserPolicies(args: ListAttachedUserPoliciesCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: ListAttachedUserPoliciesCommandOutput) => void): void;
1617
654
  /**
1618
- * @public
1619
- * <p>Lists all IAM users, groups, and roles that the specified managed policy is attached
1620
- * to.</p>
1621
- * <p>You can use the optional <code>EntityFilter</code> parameter to limit the results to a
1622
- * particular type of entity (users, groups, or roles). For example, to list only the roles
1623
- * that are attached to the specified policy, set <code>EntityFilter</code> to
1624
- * <code>Role</code>.</p>
1625
- * <p>You can paginate the results using the <code>MaxItems</code> and <code>Marker</code>
1626
- * parameters.</p>
655
+ * @see {@link ListEntitiesForPolicyCommand}
1627
656
  */
1628
657
  listEntitiesForPolicy(args: ListEntitiesForPolicyCommandInput, options?: __HttpHandlerOptions): Promise<ListEntitiesForPolicyCommandOutput>;
1629
658
  listEntitiesForPolicy(args: ListEntitiesForPolicyCommandInput, cb: (err: any, data?: ListEntitiesForPolicyCommandOutput) => void): void;
1630
659
  listEntitiesForPolicy(args: ListEntitiesForPolicyCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: ListEntitiesForPolicyCommandOutput) => void): void;
1631
660
  /**
1632
- * @public
1633
- * <p>Lists the names of the inline policies that are embedded in the specified IAM
1634
- * group.</p>
1635
- * <p>An IAM group can also have managed policies attached to it. To list the managed
1636
- * policies that are attached to a group, use <a>ListAttachedGroupPolicies</a>.
1637
- * For more information about policies, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html">Managed policies and inline
1638
- * policies</a> in the <i>IAM User Guide</i>.</p>
1639
- * <p>You can paginate the results using the <code>MaxItems</code> and <code>Marker</code>
1640
- * parameters. If there are no inline policies embedded with the specified group, the
1641
- * operation returns an empty list.</p>
661
+ * @see {@link ListGroupPoliciesCommand}
1642
662
  */
1643
663
  listGroupPolicies(args: ListGroupPoliciesCommandInput, options?: __HttpHandlerOptions): Promise<ListGroupPoliciesCommandOutput>;
1644
664
  listGroupPolicies(args: ListGroupPoliciesCommandInput, cb: (err: any, data?: ListGroupPoliciesCommandOutput) => void): void;
1645
665
  listGroupPolicies(args: ListGroupPoliciesCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: ListGroupPoliciesCommandOutput) => void): void;
1646
666
  /**
1647
- * @public
1648
- * <p>Lists the IAM groups that have the specified path prefix.</p>
1649
- * <p> You can paginate the results using the <code>MaxItems</code> and <code>Marker</code>
1650
- * parameters.</p>
667
+ * @see {@link ListGroupsCommand}
1651
668
  */
1652
669
  listGroups(args: ListGroupsCommandInput, options?: __HttpHandlerOptions): Promise<ListGroupsCommandOutput>;
1653
670
  listGroups(args: ListGroupsCommandInput, cb: (err: any, data?: ListGroupsCommandOutput) => void): void;
1654
671
  listGroups(args: ListGroupsCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: ListGroupsCommandOutput) => void): void;
1655
672
  /**
1656
- * @public
1657
- * <p>Lists the IAM groups that the specified IAM user belongs to.</p>
1658
- * <p>You can paginate the results using the <code>MaxItems</code> and <code>Marker</code>
1659
- * parameters.</p>
673
+ * @see {@link ListGroupsForUserCommand}
1660
674
  */
1661
675
  listGroupsForUser(args: ListGroupsForUserCommandInput, options?: __HttpHandlerOptions): Promise<ListGroupsForUserCommandOutput>;
1662
676
  listGroupsForUser(args: ListGroupsForUserCommandInput, cb: (err: any, data?: ListGroupsForUserCommandOutput) => void): void;
1663
677
  listGroupsForUser(args: ListGroupsForUserCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: ListGroupsForUserCommandOutput) => void): void;
1664
678
  /**
1665
- * @public
1666
- * <p>Lists the instance profiles that have the specified path prefix. If there are none,
1667
- * the operation returns an empty list. For more information about instance profiles, see
1668
- * <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/AboutInstanceProfiles.html">About
1669
- * instance profiles</a>.</p>
1670
- * <note>
1671
- * <p>IAM resource-listing operations return a subset of the available
1672
- * attributes for the resource. For example, this operation does not return tags, even though they are an attribute of the returned object. To view all of the information for an instance profile, see <a>GetInstanceProfile</a>.</p>
1673
- * </note>
1674
- * <p>You can paginate the results using the <code>MaxItems</code> and <code>Marker</code>
1675
- * parameters.</p>
679
+ * @see {@link ListInstanceProfilesCommand}
1676
680
  */
1677
681
  listInstanceProfiles(args: ListInstanceProfilesCommandInput, options?: __HttpHandlerOptions): Promise<ListInstanceProfilesCommandOutput>;
1678
682
  listInstanceProfiles(args: ListInstanceProfilesCommandInput, cb: (err: any, data?: ListInstanceProfilesCommandOutput) => void): void;
1679
683
  listInstanceProfiles(args: ListInstanceProfilesCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: ListInstanceProfilesCommandOutput) => void): void;
1680
684
  /**
1681
- * @public
1682
- * <p>Lists the instance profiles that have the specified associated IAM role. If there
1683
- * are none, the operation returns an empty list. For more information about instance
1684
- * profiles, go to <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/AboutInstanceProfiles.html">About instance
1685
- * profiles</a>.</p>
1686
- * <p>You can paginate the results using the <code>MaxItems</code> and <code>Marker</code>
1687
- * parameters.</p>
685
+ * @see {@link ListInstanceProfilesForRoleCommand}
1688
686
  */
1689
687
  listInstanceProfilesForRole(args: ListInstanceProfilesForRoleCommandInput, options?: __HttpHandlerOptions): Promise<ListInstanceProfilesForRoleCommandOutput>;
1690
688
  listInstanceProfilesForRole(args: ListInstanceProfilesForRoleCommandInput, cb: (err: any, data?: ListInstanceProfilesForRoleCommandOutput) => void): void;
1691
689
  listInstanceProfilesForRole(args: ListInstanceProfilesForRoleCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: ListInstanceProfilesForRoleCommandOutput) => void): void;
1692
690
  /**
1693
- * @public
1694
- * <p>Lists the tags that are attached to the specified IAM instance profile. The returned list of tags is sorted by tag key.
1695
- * For more information about tagging, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html">Tagging IAM resources</a> in the
1696
- * <i>IAM User Guide</i>.</p>
691
+ * @see {@link ListInstanceProfileTagsCommand}
1697
692
  */
1698
693
  listInstanceProfileTags(args: ListInstanceProfileTagsCommandInput, options?: __HttpHandlerOptions): Promise<ListInstanceProfileTagsCommandOutput>;
1699
694
  listInstanceProfileTags(args: ListInstanceProfileTagsCommandInput, cb: (err: any, data?: ListInstanceProfileTagsCommandOutput) => void): void;
1700
695
  listInstanceProfileTags(args: ListInstanceProfileTagsCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: ListInstanceProfileTagsCommandOutput) => void): void;
1701
696
  /**
1702
- * @public
1703
- * <p>Lists the MFA devices for an IAM user. If the request includes a IAM user name,
1704
- * then this operation lists all the MFA devices associated with the specified user. If you
1705
- * do not specify a user name, IAM determines the user name implicitly based on the Amazon Web Services
1706
- * access key ID signing the request for this operation.</p>
1707
- * <p>You can paginate the results using the <code>MaxItems</code> and <code>Marker</code>
1708
- * parameters.</p>
697
+ * @see {@link ListMFADevicesCommand}
1709
698
  */
1710
699
  listMFADevices(args: ListMFADevicesCommandInput, options?: __HttpHandlerOptions): Promise<ListMFADevicesCommandOutput>;
1711
700
  listMFADevices(args: ListMFADevicesCommandInput, cb: (err: any, data?: ListMFADevicesCommandOutput) => void): void;
1712
701
  listMFADevices(args: ListMFADevicesCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: ListMFADevicesCommandOutput) => void): void;
1713
702
  /**
1714
- * @public
1715
- * <p>Lists the tags that are attached to the specified IAM virtual multi-factor authentication (MFA) device. The returned list of tags is
1716
- * sorted by tag key. For more information about tagging, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html">Tagging IAM resources</a> in the
1717
- * <i>IAM User Guide</i>.</p>
703
+ * @see {@link ListMFADeviceTagsCommand}
1718
704
  */
1719
705
  listMFADeviceTags(args: ListMFADeviceTagsCommandInput, options?: __HttpHandlerOptions): Promise<ListMFADeviceTagsCommandOutput>;
1720
706
  listMFADeviceTags(args: ListMFADeviceTagsCommandInput, cb: (err: any, data?: ListMFADeviceTagsCommandOutput) => void): void;
1721
707
  listMFADeviceTags(args: ListMFADeviceTagsCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: ListMFADeviceTagsCommandOutput) => void): void;
1722
708
  /**
1723
- * @public
1724
- * <p>Lists information about the IAM OpenID Connect (OIDC) provider resource objects
1725
- * defined in the Amazon Web Services account.</p>
1726
- * <note>
1727
- * <p>IAM resource-listing operations return a subset of the available
1728
- * attributes for the resource. For example, this operation does not return tags, even though they are an attribute of the returned object. To view all of the information for an OIDC provider, see <a>GetOpenIDConnectProvider</a>.</p>
1729
- * </note>
709
+ * @see {@link ListOpenIDConnectProvidersCommand}
1730
710
  */
1731
711
  listOpenIDConnectProviders(args: ListOpenIDConnectProvidersCommandInput, options?: __HttpHandlerOptions): Promise<ListOpenIDConnectProvidersCommandOutput>;
1732
712
  listOpenIDConnectProviders(args: ListOpenIDConnectProvidersCommandInput, cb: (err: any, data?: ListOpenIDConnectProvidersCommandOutput) => void): void;
1733
713
  listOpenIDConnectProviders(args: ListOpenIDConnectProvidersCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: ListOpenIDConnectProvidersCommandOutput) => void): void;
1734
714
  /**
1735
- * @public
1736
- * <p>Lists the tags that are attached to the specified OpenID Connect (OIDC)-compatible
1737
- * identity provider. The returned list of tags is sorted by tag key. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html">About web identity
1738
- * federation</a>.</p>
1739
- * <p>For more information about tagging, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html">Tagging IAM resources</a> in the
1740
- * <i>IAM User Guide</i>.</p>
715
+ * @see {@link ListOpenIDConnectProviderTagsCommand}
1741
716
  */
1742
717
  listOpenIDConnectProviderTags(args: ListOpenIDConnectProviderTagsCommandInput, options?: __HttpHandlerOptions): Promise<ListOpenIDConnectProviderTagsCommandOutput>;
1743
718
  listOpenIDConnectProviderTags(args: ListOpenIDConnectProviderTagsCommandInput, cb: (err: any, data?: ListOpenIDConnectProviderTagsCommandOutput) => void): void;
1744
719
  listOpenIDConnectProviderTags(args: ListOpenIDConnectProviderTagsCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: ListOpenIDConnectProviderTagsCommandOutput) => void): void;
1745
720
  /**
1746
- * @public
1747
- * <p>Lists all the managed policies that are available in your Amazon Web Services account, including
1748
- * your own customer-defined managed policies and all Amazon Web Services managed policies.</p>
1749
- * <p>You can filter the list of policies that is returned using the optional
1750
- * <code>OnlyAttached</code>, <code>Scope</code>, and <code>PathPrefix</code>
1751
- * parameters. For example, to list only the customer managed policies in your Amazon Web Services
1752
- * account, set <code>Scope</code> to <code>Local</code>. To list only Amazon Web Services managed
1753
- * policies, set <code>Scope</code> to <code>AWS</code>.</p>
1754
- * <p>You can paginate the results using the <code>MaxItems</code> and <code>Marker</code>
1755
- * parameters.</p>
1756
- * <p>For more information about managed policies, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html">Managed policies and inline
1757
- * policies</a> in the <i>IAM User Guide</i>.</p>
1758
- * <note>
1759
- * <p>IAM resource-listing operations return a subset of the available
1760
- * attributes for the resource. For example, this operation does not return tags, even though they are an attribute of the returned object. To view all of the information for a customer manged policy, see
1761
- * <a>GetPolicy</a>.</p>
1762
- * </note>
721
+ * @see {@link ListPoliciesCommand}
1763
722
  */
1764
723
  listPolicies(args: ListPoliciesCommandInput, options?: __HttpHandlerOptions): Promise<ListPoliciesCommandOutput>;
1765
724
  listPolicies(args: ListPoliciesCommandInput, cb: (err: any, data?: ListPoliciesCommandOutput) => void): void;
1766
725
  listPolicies(args: ListPoliciesCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: ListPoliciesCommandOutput) => void): void;
1767
726
  /**
1768
- * @public
1769
- * <p>Retrieves a list of policies that the IAM identity (user, group, or role) can use to
1770
- * access each specified service.</p>
1771
- * <note>
1772
- * <p>This operation does not use other policy types when determining whether a resource
1773
- * could access a service. These other policy types include resource-based policies,
1774
- * access control lists, Organizations policies, IAM permissions boundaries, and STS
1775
- * assume role policies. It only applies permissions policy logic. For more about the
1776
- * evaluation of policy types, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-basics">Evaluating policies</a> in the
1777
- * <i>IAM User Guide</i>.</p>
1778
- * </note>
1779
- * <p>The list of policies returned by the operation depends on the ARN of the identity that
1780
- * you provide.</p>
1781
- * <ul>
1782
- * <li>
1783
- * <p>
1784
- * <b>User</b> – The list of policies includes
1785
- * the managed and inline policies that are attached to the user directly. The list
1786
- * also includes any additional managed and inline policies that are attached to
1787
- * the group to which the user belongs. </p>
1788
- * </li>
1789
- * <li>
1790
- * <p>
1791
- * <b>Group</b> – The list of policies includes
1792
- * only the managed and inline policies that are attached to the group directly.
1793
- * Policies that are attached to the group’s user are not included.</p>
1794
- * </li>
1795
- * <li>
1796
- * <p>
1797
- * <b>Role</b> – The list of policies includes
1798
- * only the managed and inline policies that are attached to the role.</p>
1799
- * </li>
1800
- * </ul>
1801
- * <p>For each managed policy, this operation returns the ARN and policy name. For each
1802
- * inline policy, it returns the policy name and the entity to which it is attached. Inline
1803
- * policies do not have an ARN. For more information about these policy types, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html">Managed policies and inline policies</a> in the
1804
- * <i>IAM User Guide</i>.</p>
1805
- * <p>Policies that are attached to users and roles as permissions boundaries are not
1806
- * returned. To view which managed policy is currently used to set the permissions boundary
1807
- * for a user or role, use the <a>GetUser</a> or <a>GetRole</a>
1808
- * operations.</p>
727
+ * @see {@link ListPoliciesGrantingServiceAccessCommand}
1809
728
  */
1810
729
  listPoliciesGrantingServiceAccess(args: ListPoliciesGrantingServiceAccessCommandInput, options?: __HttpHandlerOptions): Promise<ListPoliciesGrantingServiceAccessCommandOutput>;
1811
730
  listPoliciesGrantingServiceAccess(args: ListPoliciesGrantingServiceAccessCommandInput, cb: (err: any, data?: ListPoliciesGrantingServiceAccessCommandOutput) => void): void;
1812
731
  listPoliciesGrantingServiceAccess(args: ListPoliciesGrantingServiceAccessCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: ListPoliciesGrantingServiceAccessCommandOutput) => void): void;
1813
732
  /**
1814
- * @public
1815
- * <p>Lists the tags that are attached to the specified IAM customer managed policy.
1816
- * The returned list of tags is sorted by tag key. For more information about tagging, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html">Tagging IAM resources</a> in the
1817
- * <i>IAM User Guide</i>.</p>
733
+ * @see {@link ListPolicyTagsCommand}
1818
734
  */
1819
735
  listPolicyTags(args: ListPolicyTagsCommandInput, options?: __HttpHandlerOptions): Promise<ListPolicyTagsCommandOutput>;
1820
736
  listPolicyTags(args: ListPolicyTagsCommandInput, cb: (err: any, data?: ListPolicyTagsCommandOutput) => void): void;
1821
737
  listPolicyTags(args: ListPolicyTagsCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: ListPolicyTagsCommandOutput) => void): void;
1822
738
  /**
1823
- * @public
1824
- * <p>Lists information about the versions of the specified managed policy, including the
1825
- * version that is currently set as the policy's default version.</p>
1826
- * <p>For more information about managed policies, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html">Managed policies and inline
1827
- * policies</a> in the <i>IAM User Guide</i>.</p>
739
+ * @see {@link ListPolicyVersionsCommand}
1828
740
  */
1829
741
  listPolicyVersions(args: ListPolicyVersionsCommandInput, options?: __HttpHandlerOptions): Promise<ListPolicyVersionsCommandOutput>;
1830
742
  listPolicyVersions(args: ListPolicyVersionsCommandInput, cb: (err: any, data?: ListPolicyVersionsCommandOutput) => void): void;
1831
743
  listPolicyVersions(args: ListPolicyVersionsCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: ListPolicyVersionsCommandOutput) => void): void;
1832
744
  /**
1833
- * @public
1834
- * <p>Lists the names of the inline policies that are embedded in the specified IAM
1835
- * role.</p>
1836
- * <p>An IAM role can also have managed policies attached to it. To list the managed
1837
- * policies that are attached to a role, use <a>ListAttachedRolePolicies</a>.
1838
- * For more information about policies, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html">Managed policies and inline
1839
- * policies</a> in the <i>IAM User Guide</i>.</p>
1840
- * <p>You can paginate the results using the <code>MaxItems</code> and <code>Marker</code>
1841
- * parameters. If there are no inline policies embedded with the specified role, the
1842
- * operation returns an empty list.</p>
745
+ * @see {@link ListRolePoliciesCommand}
1843
746
  */
1844
747
  listRolePolicies(args: ListRolePoliciesCommandInput, options?: __HttpHandlerOptions): Promise<ListRolePoliciesCommandOutput>;
1845
748
  listRolePolicies(args: ListRolePoliciesCommandInput, cb: (err: any, data?: ListRolePoliciesCommandOutput) => void): void;
1846
749
  listRolePolicies(args: ListRolePoliciesCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: ListRolePoliciesCommandOutput) => void): void;
1847
750
  /**
1848
- * @public
1849
- * <p>Lists the IAM roles that have the specified path prefix. If there are none, the
1850
- * operation returns an empty list. For more information about roles, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/WorkingWithRoles.html">Working with
1851
- * roles</a>.</p>
1852
- * <note>
1853
- * <p>IAM resource-listing operations return a subset of the available
1854
- * attributes for the resource. For example, this operation does not return tags, even though they are an attribute of the returned object. To view all of the information for a role, see <a>GetRole</a>.</p>
1855
- * </note>
1856
- * <p>You can paginate the results using the <code>MaxItems</code> and <code>Marker</code>
1857
- * parameters.</p>
751
+ * @see {@link ListRolesCommand}
1858
752
  */
1859
753
  listRoles(args: ListRolesCommandInput, options?: __HttpHandlerOptions): Promise<ListRolesCommandOutput>;
1860
754
  listRoles(args: ListRolesCommandInput, cb: (err: any, data?: ListRolesCommandOutput) => void): void;
1861
755
  listRoles(args: ListRolesCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: ListRolesCommandOutput) => void): void;
1862
756
  /**
1863
- * @public
1864
- * <p>Lists the tags that are attached to the specified role. The returned list of tags is
1865
- * sorted by tag key. For more information about tagging, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html">Tagging IAM resources</a> in the
1866
- * <i>IAM User Guide</i>.</p>
757
+ * @see {@link ListRoleTagsCommand}
1867
758
  */
1868
759
  listRoleTags(args: ListRoleTagsCommandInput, options?: __HttpHandlerOptions): Promise<ListRoleTagsCommandOutput>;
1869
760
  listRoleTags(args: ListRoleTagsCommandInput, cb: (err: any, data?: ListRoleTagsCommandOutput) => void): void;
1870
761
  listRoleTags(args: ListRoleTagsCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: ListRoleTagsCommandOutput) => void): void;
1871
762
  /**
1872
- * @public
1873
- * <p>Lists the SAML provider resource objects defined in IAM in the account.
1874
- * IAM resource-listing operations return a subset of the available
1875
- * attributes for the resource. For example, this operation does not return tags, even though they are an attribute of the returned object. To view all of the information for a SAML provider, see <a>GetSAMLProvider</a>.</p>
1876
- * <important>
1877
- * <p> This operation requires <a href="https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html">Signature Version 4</a>.</p>
1878
- * </important>
763
+ * @see {@link ListSAMLProvidersCommand}
1879
764
  */
1880
765
  listSAMLProviders(args: ListSAMLProvidersCommandInput, options?: __HttpHandlerOptions): Promise<ListSAMLProvidersCommandOutput>;
1881
766
  listSAMLProviders(args: ListSAMLProvidersCommandInput, cb: (err: any, data?: ListSAMLProvidersCommandOutput) => void): void;
1882
767
  listSAMLProviders(args: ListSAMLProvidersCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: ListSAMLProvidersCommandOutput) => void): void;
1883
768
  /**
1884
- * @public
1885
- * <p>Lists the tags that are attached to the specified Security Assertion Markup Language
1886
- * (SAML) identity provider. The returned list of tags is sorted by tag key. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html">About SAML 2.0-based
1887
- * federation</a>.</p>
1888
- * <p>For more information about tagging, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html">Tagging IAM resources</a> in the
1889
- * <i>IAM User Guide</i>.</p>
769
+ * @see {@link ListSAMLProviderTagsCommand}
1890
770
  */
1891
771
  listSAMLProviderTags(args: ListSAMLProviderTagsCommandInput, options?: __HttpHandlerOptions): Promise<ListSAMLProviderTagsCommandOutput>;
1892
772
  listSAMLProviderTags(args: ListSAMLProviderTagsCommandInput, cb: (err: any, data?: ListSAMLProviderTagsCommandOutput) => void): void;
1893
773
  listSAMLProviderTags(args: ListSAMLProviderTagsCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: ListSAMLProviderTagsCommandOutput) => void): void;
1894
774
  /**
1895
- * @public
1896
- * <p>Lists the server certificates stored in IAM that have the specified path prefix. If
1897
- * none exist, the operation returns an empty list.</p>
1898
- * <p> You can paginate the results using the <code>MaxItems</code> and <code>Marker</code>
1899
- * parameters.</p>
1900
- * <p>For more information about working with server certificates, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html">Working
1901
- * with server certificates</a> in the <i>IAM User Guide</i>. This
1902
- * topic also includes a list of Amazon Web Services services that can use the server certificates that
1903
- * you manage with IAM.</p>
1904
- * <note>
1905
- * <p>IAM resource-listing operations return a subset of the available
1906
- * attributes for the resource. For example, this operation does not return tags, even though they are an attribute of the returned object. To view all of the information for a servercertificate, see <a>GetServerCertificate</a>.</p>
1907
- * </note>
775
+ * @see {@link ListServerCertificatesCommand}
1908
776
  */
1909
777
  listServerCertificates(args: ListServerCertificatesCommandInput, options?: __HttpHandlerOptions): Promise<ListServerCertificatesCommandOutput>;
1910
778
  listServerCertificates(args: ListServerCertificatesCommandInput, cb: (err: any, data?: ListServerCertificatesCommandOutput) => void): void;
1911
779
  listServerCertificates(args: ListServerCertificatesCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: ListServerCertificatesCommandOutput) => void): void;
1912
780
  /**
1913
- * @public
1914
- * <p>Lists the tags that are attached to the specified IAM server certificate. The
1915
- * returned list of tags is sorted by tag key. For more information about tagging, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html">Tagging IAM resources</a> in the
1916
- * <i>IAM User Guide</i>.</p>
1917
- * <note>
1918
- * <p>For certificates in a Region supported by Certificate Manager (ACM), we
1919
- * recommend that you don't use IAM server certificates. Instead, use ACM to provision,
1920
- * manage, and deploy your server certificates. For more information about IAM server
1921
- * certificates, <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html">Working with server
1922
- * certificates</a> in the <i>IAM User Guide</i>.</p>
1923
- * </note>
781
+ * @see {@link ListServerCertificateTagsCommand}
1924
782
  */
1925
783
  listServerCertificateTags(args: ListServerCertificateTagsCommandInput, options?: __HttpHandlerOptions): Promise<ListServerCertificateTagsCommandOutput>;
1926
784
  listServerCertificateTags(args: ListServerCertificateTagsCommandInput, cb: (err: any, data?: ListServerCertificateTagsCommandOutput) => void): void;
1927
785
  listServerCertificateTags(args: ListServerCertificateTagsCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: ListServerCertificateTagsCommandOutput) => void): void;
1928
786
  /**
1929
- * @public
1930
- * <p>Returns information about the service-specific credentials associated with the
1931
- * specified IAM user. If none exists, the operation returns an empty list. The
1932
- * service-specific credentials returned by this operation are used only for authenticating
1933
- * the IAM user to a specific service. For more information about using service-specific
1934
- * credentials to authenticate to an Amazon Web Services service, see <a href="https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-gc.html">Set up service-specific credentials</a>
1935
- * in the CodeCommit User Guide.</p>
787
+ * @see {@link ListServiceSpecificCredentialsCommand}
1936
788
  */
1937
789
  listServiceSpecificCredentials(args: ListServiceSpecificCredentialsCommandInput, options?: __HttpHandlerOptions): Promise<ListServiceSpecificCredentialsCommandOutput>;
1938
790
  listServiceSpecificCredentials(args: ListServiceSpecificCredentialsCommandInput, cb: (err: any, data?: ListServiceSpecificCredentialsCommandOutput) => void): void;
1939
791
  listServiceSpecificCredentials(args: ListServiceSpecificCredentialsCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: ListServiceSpecificCredentialsCommandOutput) => void): void;
1940
792
  /**
1941
- * @public
1942
- * <p>Returns information about the signing certificates associated with the specified IAM
1943
- * user. If none exists, the operation returns an empty list.</p>
1944
- * <p>Although each user is limited to a small number of signing certificates, you can still
1945
- * paginate the results using the <code>MaxItems</code> and <code>Marker</code>
1946
- * parameters.</p>
1947
- * <p>If the <code>UserName</code> field is not specified, the user name is determined
1948
- * implicitly based on the Amazon Web Services access key ID used to sign the request for this operation.
1949
- * This operation works for access keys under the Amazon Web Services account. Consequently, you can use
1950
- * this operation to manage Amazon Web Services account root user credentials even if the Amazon Web Services account has no
1951
- * associated users.</p>
793
+ * @see {@link ListSigningCertificatesCommand}
1952
794
  */
1953
795
  listSigningCertificates(args: ListSigningCertificatesCommandInput, options?: __HttpHandlerOptions): Promise<ListSigningCertificatesCommandOutput>;
1954
796
  listSigningCertificates(args: ListSigningCertificatesCommandInput, cb: (err: any, data?: ListSigningCertificatesCommandOutput) => void): void;
1955
797
  listSigningCertificates(args: ListSigningCertificatesCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: ListSigningCertificatesCommandOutput) => void): void;
1956
798
  /**
1957
- * @public
1958
- * <p>Returns information about the SSH public keys associated with the specified IAM
1959
- * user. If none exists, the operation returns an empty list.</p>
1960
- * <p>The SSH public keys returned by this operation are used only for authenticating the
1961
- * IAM user to an CodeCommit repository. For more information about using SSH keys to
1962
- * authenticate to an CodeCommit repository, see <a href="https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-credentials-ssh.html">Set up CodeCommit for
1963
- * SSH connections</a> in the <i>CodeCommit User Guide</i>.</p>
1964
- * <p>Although each user is limited to a small number of keys, you can still paginate the
1965
- * results using the <code>MaxItems</code> and <code>Marker</code> parameters.</p>
799
+ * @see {@link ListSSHPublicKeysCommand}
1966
800
  */
1967
801
  listSSHPublicKeys(args: ListSSHPublicKeysCommandInput, options?: __HttpHandlerOptions): Promise<ListSSHPublicKeysCommandOutput>;
1968
802
  listSSHPublicKeys(args: ListSSHPublicKeysCommandInput, cb: (err: any, data?: ListSSHPublicKeysCommandOutput) => void): void;
1969
803
  listSSHPublicKeys(args: ListSSHPublicKeysCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: ListSSHPublicKeysCommandOutput) => void): void;
1970
804
  /**
1971
- * @public
1972
- * <p>Lists the names of the inline policies embedded in the specified IAM user.</p>
1973
- * <p>An IAM user can also have managed policies attached to it. To list the managed
1974
- * policies that are attached to a user, use <a>ListAttachedUserPolicies</a>.
1975
- * For more information about policies, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html">Managed policies and inline
1976
- * policies</a> in the <i>IAM User Guide</i>.</p>
1977
- * <p>You can paginate the results using the <code>MaxItems</code> and <code>Marker</code>
1978
- * parameters. If there are no inline policies embedded with the specified user, the
1979
- * operation returns an empty list.</p>
805
+ * @see {@link ListUserPoliciesCommand}
1980
806
  */
1981
807
  listUserPolicies(args: ListUserPoliciesCommandInput, options?: __HttpHandlerOptions): Promise<ListUserPoliciesCommandOutput>;
1982
808
  listUserPolicies(args: ListUserPoliciesCommandInput, cb: (err: any, data?: ListUserPoliciesCommandOutput) => void): void;
1983
809
  listUserPolicies(args: ListUserPoliciesCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: ListUserPoliciesCommandOutput) => void): void;
1984
810
  /**
1985
- * @public
1986
- * <p>Lists the IAM users that have the specified path prefix. If no path prefix is
1987
- * specified, the operation returns all users in the Amazon Web Services account. If there are none, the
1988
- * operation returns an empty list.</p>
1989
- * <note>
1990
- * <p>IAM resource-listing operations return a subset of the available
1991
- * attributes for the resource. For example, this operation does not return tags, even though they are an attribute of the returned object. To view all of the information for a user, see <a>GetUser</a>.</p>
1992
- * </note>
1993
- * <p>You can paginate the results using the <code>MaxItems</code> and <code>Marker</code>
1994
- * parameters.</p>
811
+ * @see {@link ListUsersCommand}
1995
812
  */
1996
813
  listUsers(args: ListUsersCommandInput, options?: __HttpHandlerOptions): Promise<ListUsersCommandOutput>;
1997
814
  listUsers(args: ListUsersCommandInput, cb: (err: any, data?: ListUsersCommandOutput) => void): void;
1998
815
  listUsers(args: ListUsersCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: ListUsersCommandOutput) => void): void;
1999
816
  /**
2000
- * @public
2001
- * <p>Lists the tags that are attached to the specified IAM user. The returned list of tags is sorted by tag key. For more information about tagging, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html">Tagging IAM resources</a> in the
2002
- * <i>IAM User Guide</i>.</p>
817
+ * @see {@link ListUserTagsCommand}
2003
818
  */
2004
819
  listUserTags(args: ListUserTagsCommandInput, options?: __HttpHandlerOptions): Promise<ListUserTagsCommandOutput>;
2005
820
  listUserTags(args: ListUserTagsCommandInput, cb: (err: any, data?: ListUserTagsCommandOutput) => void): void;
2006
821
  listUserTags(args: ListUserTagsCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: ListUserTagsCommandOutput) => void): void;
2007
822
  /**
2008
- * @public
2009
- * <p>Lists the virtual MFA devices defined in the Amazon Web Services account by assignment status. If
2010
- * you do not specify an assignment status, the operation returns a list of all virtual MFA
2011
- * devices. Assignment status can be <code>Assigned</code>, <code>Unassigned</code>, or
2012
- * <code>Any</code>.</p>
2013
- * <note>
2014
- * <p>IAM resource-listing operations return a subset of the available
2015
- * attributes for the resource. For example, this operation does not return tags, even though they are an attribute of the returned object. To view tag information for a virtual MFA device, see <a>ListMFADeviceTags</a>.</p>
2016
- * </note>
2017
- * <p>You can paginate the results using the <code>MaxItems</code> and <code>Marker</code>
2018
- * parameters.</p>
823
+ * @see {@link ListVirtualMFADevicesCommand}
2019
824
  */
2020
825
  listVirtualMFADevices(args: ListVirtualMFADevicesCommandInput, options?: __HttpHandlerOptions): Promise<ListVirtualMFADevicesCommandOutput>;
2021
826
  listVirtualMFADevices(args: ListVirtualMFADevicesCommandInput, cb: (err: any, data?: ListVirtualMFADevicesCommandOutput) => void): void;
2022
827
  listVirtualMFADevices(args: ListVirtualMFADevicesCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: ListVirtualMFADevicesCommandOutput) => void): void;
2023
828
  /**
2024
- * @public
2025
- * <p>Adds or updates an inline policy document that is embedded in the specified IAM
2026
- * group.</p>
2027
- * <p>A user can also have managed policies attached to it. To attach a managed policy to a
2028
- * group, use <a>AttachGroupPolicy</a>. To create a new managed policy, use
2029
- * <a>CreatePolicy</a>. For information about policies, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html">Managed
2030
- * policies and inline policies</a> in the
2031
- * <i>IAM User Guide</i>.</p>
2032
- * <p>For information about the maximum number of inline policies that you can embed in a
2033
- * group, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html">IAM and STS quotas</a> in the <i>IAM User Guide</i>.</p>
2034
- * <note>
2035
- * <p>Because policy documents can be large, you should use POST rather than GET when
2036
- * calling <code>PutGroupPolicy</code>. For general information about using the Query
2037
- * API with IAM, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_UsingQueryAPI.html">Making query requests</a> in the
2038
- * <i>IAM User Guide</i>.</p>
2039
- * </note>
829
+ * @see {@link PutGroupPolicyCommand}
2040
830
  */
2041
831
  putGroupPolicy(args: PutGroupPolicyCommandInput, options?: __HttpHandlerOptions): Promise<PutGroupPolicyCommandOutput>;
2042
832
  putGroupPolicy(args: PutGroupPolicyCommandInput, cb: (err: any, data?: PutGroupPolicyCommandOutput) => void): void;
2043
833
  putGroupPolicy(args: PutGroupPolicyCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: PutGroupPolicyCommandOutput) => void): void;
2044
834
  /**
2045
- * @public
2046
- * <p>Adds or updates the policy that is specified as the IAM role's permissions boundary.
2047
- * You can use an Amazon Web Services managed policy or a customer managed policy to set the boundary for
2048
- * a role. Use the boundary to control the maximum permissions that the role can have.
2049
- * Setting a permissions boundary is an advanced feature that can affect the permissions
2050
- * for the role.</p>
2051
- * <p>You cannot set the boundary for a service-linked role.</p>
2052
- * <important>
2053
- * <p>Policies used as permissions boundaries do not provide permissions. You must also
2054
- * attach a permissions policy to the role. To learn how the effective permissions for
2055
- * a role are evaluated, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html">IAM JSON policy
2056
- * evaluation logic</a> in the IAM User Guide. </p>
2057
- * </important>
835
+ * @see {@link PutRolePermissionsBoundaryCommand}
2058
836
  */
2059
837
  putRolePermissionsBoundary(args: PutRolePermissionsBoundaryCommandInput, options?: __HttpHandlerOptions): Promise<PutRolePermissionsBoundaryCommandOutput>;
2060
838
  putRolePermissionsBoundary(args: PutRolePermissionsBoundaryCommandInput, cb: (err: any, data?: PutRolePermissionsBoundaryCommandOutput) => void): void;
2061
839
  putRolePermissionsBoundary(args: PutRolePermissionsBoundaryCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: PutRolePermissionsBoundaryCommandOutput) => void): void;
2062
840
  /**
2063
- * @public
2064
- * <p>Adds or updates an inline policy document that is embedded in the specified IAM
2065
- * role.</p>
2066
- * <p>When you embed an inline policy in a role, the inline policy is used as part of the
2067
- * role's access (permissions) policy. The role's trust policy is created at the same time
2068
- * as the role, using <a>CreateRole</a>. You can update a role's trust policy
2069
- * using <a>UpdateAssumeRolePolicy</a>. For more information about IAM roles,
2070
- * see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/roles-toplevel.html">Using roles to
2071
- * delegate permissions and federate identities</a>.</p>
2072
- * <p>A role can also have a managed policy attached to it. To attach a managed policy to a
2073
- * role, use <a>AttachRolePolicy</a>. To create a new managed policy, use <a>CreatePolicy</a>. For information about policies, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html">Managed
2074
- * policies and inline policies</a> in the
2075
- * <i>IAM User Guide</i>.</p>
2076
- * <p>For information about the maximum number of inline policies that you can embed with a
2077
- * role, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html">IAM and STS quotas</a> in the <i>IAM User Guide</i>.</p>
2078
- * <note>
2079
- * <p>Because policy documents can be large, you should use POST rather than GET when
2080
- * calling <code>PutRolePolicy</code>. For general information about using the Query
2081
- * API with IAM, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_UsingQueryAPI.html">Making query requests</a> in the
2082
- * <i>IAM User Guide</i>.</p>
2083
- * </note>
841
+ * @see {@link PutRolePolicyCommand}
2084
842
  */
2085
843
  putRolePolicy(args: PutRolePolicyCommandInput, options?: __HttpHandlerOptions): Promise<PutRolePolicyCommandOutput>;
2086
844
  putRolePolicy(args: PutRolePolicyCommandInput, cb: (err: any, data?: PutRolePolicyCommandOutput) => void): void;
2087
845
  putRolePolicy(args: PutRolePolicyCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: PutRolePolicyCommandOutput) => void): void;
2088
846
  /**
2089
- * @public
2090
- * <p>Adds or updates the policy that is specified as the IAM user's permissions
2091
- * boundary. You can use an Amazon Web Services managed policy or a customer managed policy to set the
2092
- * boundary for a user. Use the boundary to control the maximum permissions that the user
2093
- * can have. Setting a permissions boundary is an advanced feature that can affect the
2094
- * permissions for the user.</p>
2095
- * <important>
2096
- * <p>Policies that are used as permissions boundaries do not provide permissions. You
2097
- * must also attach a permissions policy to the user. To learn how the effective
2098
- * permissions for a user are evaluated, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html">IAM JSON policy
2099
- * evaluation logic</a> in the IAM User Guide. </p>
2100
- * </important>
847
+ * @see {@link PutUserPermissionsBoundaryCommand}
2101
848
  */
2102
849
  putUserPermissionsBoundary(args: PutUserPermissionsBoundaryCommandInput, options?: __HttpHandlerOptions): Promise<PutUserPermissionsBoundaryCommandOutput>;
2103
850
  putUserPermissionsBoundary(args: PutUserPermissionsBoundaryCommandInput, cb: (err: any, data?: PutUserPermissionsBoundaryCommandOutput) => void): void;
2104
851
  putUserPermissionsBoundary(args: PutUserPermissionsBoundaryCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: PutUserPermissionsBoundaryCommandOutput) => void): void;
2105
852
  /**
2106
- * @public
2107
- * <p>Adds or updates an inline policy document that is embedded in the specified IAM
2108
- * user.</p>
2109
- * <p>An IAM user can also have a managed policy attached to it. To attach a managed
2110
- * policy to a user, use <a>AttachUserPolicy</a>. To create a new managed
2111
- * policy, use <a>CreatePolicy</a>. For information about policies, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html">Managed
2112
- * policies and inline policies</a> in the
2113
- * <i>IAM User Guide</i>.</p>
2114
- * <p>For information about the maximum number of inline policies that you can embed in a
2115
- * user, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html">IAM and STS quotas</a> in the <i>IAM User Guide</i>.</p>
2116
- * <note>
2117
- * <p>Because policy documents can be large, you should use POST rather than GET when
2118
- * calling <code>PutUserPolicy</code>. For general information about using the Query
2119
- * API with IAM, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_UsingQueryAPI.html">Making query requests</a> in the
2120
- * <i>IAM User Guide</i>.</p>
2121
- * </note>
853
+ * @see {@link PutUserPolicyCommand}
2122
854
  */
2123
855
  putUserPolicy(args: PutUserPolicyCommandInput, options?: __HttpHandlerOptions): Promise<PutUserPolicyCommandOutput>;
2124
856
  putUserPolicy(args: PutUserPolicyCommandInput, cb: (err: any, data?: PutUserPolicyCommandOutput) => void): void;
2125
857
  putUserPolicy(args: PutUserPolicyCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: PutUserPolicyCommandOutput) => void): void;
2126
858
  /**
2127
- * @public
2128
- * <p>Removes the specified client ID (also known as audience) from the list of client IDs
2129
- * registered for the specified IAM OpenID Connect (OIDC) provider resource
2130
- * object.</p>
2131
- * <p>This operation is idempotent; it does not fail or return an error if you try to remove
2132
- * a client ID that does not exist.</p>
859
+ * @see {@link RemoveClientIDFromOpenIDConnectProviderCommand}
2133
860
  */
2134
861
  removeClientIDFromOpenIDConnectProvider(args: RemoveClientIDFromOpenIDConnectProviderCommandInput, options?: __HttpHandlerOptions): Promise<RemoveClientIDFromOpenIDConnectProviderCommandOutput>;
2135
862
  removeClientIDFromOpenIDConnectProvider(args: RemoveClientIDFromOpenIDConnectProviderCommandInput, cb: (err: any, data?: RemoveClientIDFromOpenIDConnectProviderCommandOutput) => void): void;
2136
863
  removeClientIDFromOpenIDConnectProvider(args: RemoveClientIDFromOpenIDConnectProviderCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: RemoveClientIDFromOpenIDConnectProviderCommandOutput) => void): void;
2137
864
  /**
2138
- * @public
2139
- * <p>Removes the specified IAM role from the specified EC2 instance profile.</p>
2140
- * <important>
2141
- * <p>Make sure that you do not have any Amazon EC2 instances running with the role you
2142
- * are about to remove from the instance profile. Removing a role from an instance
2143
- * profile that is associated with a running instance might break any applications
2144
- * running on the instance.</p>
2145
- * </important>
2146
- * <p> For more information about IAM roles, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/WorkingWithRoles.html">Working with roles</a>. For more
2147
- * information about instance profiles, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/AboutInstanceProfiles.html">About instance
2148
- * profiles</a>.</p>
865
+ * @see {@link RemoveRoleFromInstanceProfileCommand}
2149
866
  */
2150
867
  removeRoleFromInstanceProfile(args: RemoveRoleFromInstanceProfileCommandInput, options?: __HttpHandlerOptions): Promise<RemoveRoleFromInstanceProfileCommandOutput>;
2151
868
  removeRoleFromInstanceProfile(args: RemoveRoleFromInstanceProfileCommandInput, cb: (err: any, data?: RemoveRoleFromInstanceProfileCommandOutput) => void): void;
2152
869
  removeRoleFromInstanceProfile(args: RemoveRoleFromInstanceProfileCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: RemoveRoleFromInstanceProfileCommandOutput) => void): void;
2153
870
  /**
2154
- * @public
2155
- * <p>Removes the specified user from the specified group.</p>
871
+ * @see {@link RemoveUserFromGroupCommand}
2156
872
  */
2157
873
  removeUserFromGroup(args: RemoveUserFromGroupCommandInput, options?: __HttpHandlerOptions): Promise<RemoveUserFromGroupCommandOutput>;
2158
874
  removeUserFromGroup(args: RemoveUserFromGroupCommandInput, cb: (err: any, data?: RemoveUserFromGroupCommandOutput) => void): void;
2159
875
  removeUserFromGroup(args: RemoveUserFromGroupCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: RemoveUserFromGroupCommandOutput) => void): void;
2160
876
  /**
2161
- * @public
2162
- * <p>Resets the password for a service-specific credential. The new password is Amazon Web Services
2163
- * generated and cryptographically strong. It cannot be configured by the user. Resetting
2164
- * the password immediately invalidates the previous password associated with this
2165
- * user.</p>
877
+ * @see {@link ResetServiceSpecificCredentialCommand}
2166
878
  */
2167
879
  resetServiceSpecificCredential(args: ResetServiceSpecificCredentialCommandInput, options?: __HttpHandlerOptions): Promise<ResetServiceSpecificCredentialCommandOutput>;
2168
880
  resetServiceSpecificCredential(args: ResetServiceSpecificCredentialCommandInput, cb: (err: any, data?: ResetServiceSpecificCredentialCommandOutput) => void): void;
2169
881
  resetServiceSpecificCredential(args: ResetServiceSpecificCredentialCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: ResetServiceSpecificCredentialCommandOutput) => void): void;
2170
882
  /**
2171
- * @public
2172
- * <p>Synchronizes the specified MFA device with its IAM resource object on the Amazon Web Services
2173
- * servers.</p>
2174
- * <p>For more information about creating and working with virtual MFA devices, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_VirtualMFA.html">Using a virtual MFA
2175
- * device</a> in the <i>IAM User Guide</i>.</p>
883
+ * @see {@link ResyncMFADeviceCommand}
2176
884
  */
2177
885
  resyncMFADevice(args: ResyncMFADeviceCommandInput, options?: __HttpHandlerOptions): Promise<ResyncMFADeviceCommandOutput>;
2178
886
  resyncMFADevice(args: ResyncMFADeviceCommandInput, cb: (err: any, data?: ResyncMFADeviceCommandOutput) => void): void;
2179
887
  resyncMFADevice(args: ResyncMFADeviceCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: ResyncMFADeviceCommandOutput) => void): void;
2180
888
  /**
2181
- * @public
2182
- * <p>Sets the specified version of the specified policy as the policy's default (operative)
2183
- * version.</p>
2184
- * <p>This operation affects all users, groups, and roles that the policy is attached to. To
2185
- * list the users, groups, and roles that the policy is attached to, use <a>ListEntitiesForPolicy</a>.</p>
2186
- * <p>For information about managed policies, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html">Managed policies and inline
2187
- * policies</a> in the <i>IAM User Guide</i>.</p>
889
+ * @see {@link SetDefaultPolicyVersionCommand}
2188
890
  */
2189
891
  setDefaultPolicyVersion(args: SetDefaultPolicyVersionCommandInput, options?: __HttpHandlerOptions): Promise<SetDefaultPolicyVersionCommandOutput>;
2190
892
  setDefaultPolicyVersion(args: SetDefaultPolicyVersionCommandInput, cb: (err: any, data?: SetDefaultPolicyVersionCommandOutput) => void): void;
2191
893
  setDefaultPolicyVersion(args: SetDefaultPolicyVersionCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: SetDefaultPolicyVersionCommandOutput) => void): void;
2192
894
  /**
2193
- * @public
2194
- * <p>Sets the specified version of the global endpoint token as the token version used for
2195
- * the Amazon Web Services account.</p>
2196
- * <p>By default, Security Token Service (STS) is available as a global service, and all STS requests
2197
- * go to a single endpoint at <code>https://sts.amazonaws.com</code>. Amazon Web Services recommends
2198
- * using Regional STS endpoints to reduce latency, build in redundancy, and increase
2199
- * session token availability. For information about Regional endpoints for STS, see
2200
- * <a href="https://docs.aws.amazon.com/general/latest/gr/sts.html">Security Token Service
2201
- * endpoints and quotas</a> in the <i>Amazon Web Services General Reference</i>.</p>
2202
- * <p>If you make an STS call to the global endpoint, the resulting session tokens might
2203
- * be valid in some Regions but not others. It depends on the version that is set in this
2204
- * operation. Version 1 tokens are valid only in Amazon Web Services Regions that are
2205
- * available by default. These tokens do not work in manually enabled Regions, such as Asia
2206
- * Pacific (Hong Kong). Version 2 tokens are valid in all Regions. However, version 2
2207
- * tokens are longer and might affect systems where you temporarily store tokens. For
2208
- * information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html">Activating and
2209
- * deactivating STS in an Amazon Web Services Region</a> in the
2210
- * <i>IAM User Guide</i>.</p>
2211
- * <p>To view the current session token version, see the
2212
- * <code>GlobalEndpointTokenVersion</code> entry in the response of the <a>GetAccountSummary</a> operation.</p>
895
+ * @see {@link SetSecurityTokenServicePreferencesCommand}
2213
896
  */
2214
897
  setSecurityTokenServicePreferences(args: SetSecurityTokenServicePreferencesCommandInput, options?: __HttpHandlerOptions): Promise<SetSecurityTokenServicePreferencesCommandOutput>;
2215
898
  setSecurityTokenServicePreferences(args: SetSecurityTokenServicePreferencesCommandInput, cb: (err: any, data?: SetSecurityTokenServicePreferencesCommandOutput) => void): void;
2216
899
  setSecurityTokenServicePreferences(args: SetSecurityTokenServicePreferencesCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: SetSecurityTokenServicePreferencesCommandOutput) => void): void;
2217
900
  /**
2218
- * @public
2219
- * <p>Simulate how a set of IAM policies and optionally a resource-based policy works with
2220
- * a list of API operations and Amazon Web Services resources to determine the policies' effective
2221
- * permissions. The policies are provided as strings.</p>
2222
- * <p>The simulation does not perform the API operations; it only checks the authorization
2223
- * to determine if the simulated policies allow or deny the operations. You can simulate
2224
- * resources that don't exist in your account.</p>
2225
- * <p>If you want to simulate existing policies that are attached to an IAM user, group,
2226
- * or role, use <a>SimulatePrincipalPolicy</a> instead.</p>
2227
- * <p>Context keys are variables that are maintained by Amazon Web Services and its services and which
2228
- * provide details about the context of an API query request. You can use the
2229
- * <code>Condition</code> element of an IAM policy to evaluate context keys. To get
2230
- * the list of context keys that the policies require for correct simulation, use <a>GetContextKeysForCustomPolicy</a>.</p>
2231
- * <p>If the output is long, you can use <code>MaxItems</code> and <code>Marker</code>
2232
- * parameters to paginate the results.</p>
2233
- * <note>
2234
- * <p>The IAM policy simulator evaluates statements in the identity-based policy and
2235
- * the inputs that you provide during simulation. The policy simulator results can
2236
- * differ from your live Amazon Web Services environment. We recommend that you check your policies
2237
- * against your live Amazon Web Services environment after testing using the policy simulator to
2238
- * confirm that you have the desired results. For more information about using the
2239
- * policy simulator, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_testing-policies.html">Testing IAM
2240
- * policies with the IAM policy simulator </a>in the
2241
- * <i>IAM User Guide</i>.</p>
2242
- * </note>
901
+ * @see {@link SimulateCustomPolicyCommand}
2243
902
  */
2244
903
  simulateCustomPolicy(args: SimulateCustomPolicyCommandInput, options?: __HttpHandlerOptions): Promise<SimulateCustomPolicyCommandOutput>;
2245
904
  simulateCustomPolicy(args: SimulateCustomPolicyCommandInput, cb: (err: any, data?: SimulateCustomPolicyCommandOutput) => void): void;
2246
905
  simulateCustomPolicy(args: SimulateCustomPolicyCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: SimulateCustomPolicyCommandOutput) => void): void;
2247
906
  /**
2248
- * @public
2249
- * <p>Simulate how a set of IAM policies attached to an IAM entity works with a list of
2250
- * API operations and Amazon Web Services resources to determine the policies' effective permissions. The
2251
- * entity can be an IAM user, group, or role. If you specify a user, then the simulation
2252
- * also includes all of the policies that are attached to groups that the user belongs to.
2253
- * You can simulate resources that don't exist in your account.</p>
2254
- * <p>You can optionally include a list of one or more additional policies specified as
2255
- * strings to include in the simulation. If you want to simulate only policies specified as
2256
- * strings, use <a>SimulateCustomPolicy</a> instead.</p>
2257
- * <p>You can also optionally include one resource-based policy to be evaluated with each of
2258
- * the resources included in the simulation for IAM users only.</p>
2259
- * <p>The simulation does not perform the API operations; it only checks the authorization
2260
- * to determine if the simulated policies allow or deny the operations.</p>
2261
- * <p>
2262
- * <b>Note:</b> This operation discloses information about the
2263
- * permissions granted to other users. If you do not want users to see other user's
2264
- * permissions, then consider allowing them to use <a>SimulateCustomPolicy</a>
2265
- * instead.</p>
2266
- * <p>Context keys are variables maintained by Amazon Web Services and its services that provide details
2267
- * about the context of an API query request. You can use the <code>Condition</code>
2268
- * element of an IAM policy to evaluate context keys. To get the list of context keys
2269
- * that the policies require for correct simulation, use <a>GetContextKeysForPrincipalPolicy</a>.</p>
2270
- * <p>If the output is long, you can use the <code>MaxItems</code> and <code>Marker</code>
2271
- * parameters to paginate the results.</p>
2272
- * <note>
2273
- * <p>The IAM policy simulator evaluates statements in the identity-based policy and
2274
- * the inputs that you provide during simulation. The policy simulator results can
2275
- * differ from your live Amazon Web Services environment. We recommend that you check your policies
2276
- * against your live Amazon Web Services environment after testing using the policy simulator to
2277
- * confirm that you have the desired results. For more information about using the
2278
- * policy simulator, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_testing-policies.html">Testing IAM
2279
- * policies with the IAM policy simulator </a>in the
2280
- * <i>IAM User Guide</i>.</p>
2281
- * </note>
907
+ * @see {@link SimulatePrincipalPolicyCommand}
2282
908
  */
2283
909
  simulatePrincipalPolicy(args: SimulatePrincipalPolicyCommandInput, options?: __HttpHandlerOptions): Promise<SimulatePrincipalPolicyCommandOutput>;
2284
910
  simulatePrincipalPolicy(args: SimulatePrincipalPolicyCommandInput, cb: (err: any, data?: SimulatePrincipalPolicyCommandOutput) => void): void;
2285
911
  simulatePrincipalPolicy(args: SimulatePrincipalPolicyCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: SimulatePrincipalPolicyCommandOutput) => void): void;
2286
912
  /**
2287
- * @public
2288
- * <p>Adds one or more tags to an IAM instance profile. If a tag with the same key name
2289
- * already exists, then that tag is overwritten with the new value.</p>
2290
- * <p>Each tag consists of a key name and an associated value. By assigning tags to your resources, you can do the
2291
- * following:</p>
2292
- * <ul>
2293
- * <li>
2294
- * <p>
2295
- * <b>Administrative grouping and discovery</b> - Attach
2296
- * tags to resources to aid in organization and search. For example, you could search for all
2297
- * resources with the key name <i>Project</i> and the value
2298
- * <i>MyImportantProject</i>. Or search for all resources with the key name
2299
- * <i>Cost Center</i> and the value <i>41200</i>. </p>
2300
- * </li>
2301
- * <li>
2302
- * <p>
2303
- * <b>Access control</b> - Include tags in IAM user-based
2304
- * and resource-based policies. You can use tags to restrict access to only an IAM instance
2305
- * profile that has a specified tag attached. For examples of policies that show how to use
2306
- * tags to control access, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html">Control access using IAM tags</a> in the
2307
- * <i>IAM User Guide</i>.</p>
2308
- * </li>
2309
- * </ul>
2310
- * <note>
2311
- * <ul>
2312
- * <li>
2313
- * <p>If any one of the tags is invalid or if you exceed the allowed maximum number of tags, then the entire request
2314
- * fails and the resource is not created. For more information about tagging, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html">Tagging IAM resources</a> in the
2315
- * <i>IAM User Guide</i>.</p>
2316
- * </li>
2317
- * <li>
2318
- * <p>Amazon Web Services always interprets the tag <code>Value</code> as a single string. If you
2319
- * need to store an array, you can store comma-separated values in the string. However, you
2320
- * must interpret the value in your code.</p>
2321
- * </li>
2322
- * </ul>
2323
- * </note>
913
+ * @see {@link TagInstanceProfileCommand}
2324
914
  */
2325
915
  tagInstanceProfile(args: TagInstanceProfileCommandInput, options?: __HttpHandlerOptions): Promise<TagInstanceProfileCommandOutput>;
2326
916
  tagInstanceProfile(args: TagInstanceProfileCommandInput, cb: (err: any, data?: TagInstanceProfileCommandOutput) => void): void;
2327
917
  tagInstanceProfile(args: TagInstanceProfileCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: TagInstanceProfileCommandOutput) => void): void;
2328
918
  /**
2329
- * @public
2330
- * <p>Adds one or more tags to an IAM virtual multi-factor authentication (MFA) device. If
2331
- * a tag with the same key name already exists, then that tag is overwritten with the new
2332
- * value.</p>
2333
- * <p>A tag consists of a key name and an associated value. By assigning tags to your
2334
- * resources, you can do the following:</p>
2335
- * <ul>
2336
- * <li>
2337
- * <p>
2338
- * <b>Administrative grouping and discovery</b> - Attach
2339
- * tags to resources to aid in organization and search. For example, you could search for all
2340
- * resources with the key name <i>Project</i> and the value
2341
- * <i>MyImportantProject</i>. Or search for all resources with the key name
2342
- * <i>Cost Center</i> and the value <i>41200</i>. </p>
2343
- * </li>
2344
- * <li>
2345
- * <p>
2346
- * <b>Access control</b> - Include tags in IAM user-based
2347
- * and resource-based policies. You can use tags to restrict access to only an IAM virtual
2348
- * MFA device that has a specified tag attached. For examples of policies that show how to
2349
- * use tags to control access, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html">Control access using IAM tags</a> in the
2350
- * <i>IAM User Guide</i>.</p>
2351
- * </li>
2352
- * </ul>
2353
- * <note>
2354
- * <ul>
2355
- * <li>
2356
- * <p>If any one of the tags is invalid or if you exceed the allowed maximum number of tags, then the entire request
2357
- * fails and the resource is not created. For more information about tagging, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html">Tagging IAM resources</a> in the
2358
- * <i>IAM User Guide</i>.</p>
2359
- * </li>
2360
- * <li>
2361
- * <p>Amazon Web Services always interprets the tag <code>Value</code> as a single string. If you
2362
- * need to store an array, you can store comma-separated values in the string. However, you
2363
- * must interpret the value in your code.</p>
2364
- * </li>
2365
- * </ul>
2366
- * </note>
919
+ * @see {@link TagMFADeviceCommand}
2367
920
  */
2368
921
  tagMFADevice(args: TagMFADeviceCommandInput, options?: __HttpHandlerOptions): Promise<TagMFADeviceCommandOutput>;
2369
922
  tagMFADevice(args: TagMFADeviceCommandInput, cb: (err: any, data?: TagMFADeviceCommandOutput) => void): void;
2370
923
  tagMFADevice(args: TagMFADeviceCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: TagMFADeviceCommandOutput) => void): void;
2371
924
  /**
2372
- * @public
2373
- * <p>Adds one or more tags to an OpenID Connect (OIDC)-compatible identity provider. For
2374
- * more information about these providers, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html">About web identity federation</a>. If
2375
- * a tag with the same key name already exists, then that tag is overwritten with the new
2376
- * value.</p>
2377
- * <p>A tag consists of a key name and an associated value. By assigning tags to your
2378
- * resources, you can do the following:</p>
2379
- * <ul>
2380
- * <li>
2381
- * <p>
2382
- * <b>Administrative grouping and discovery</b> - Attach
2383
- * tags to resources to aid in organization and search. For example, you could search for all
2384
- * resources with the key name <i>Project</i> and the value
2385
- * <i>MyImportantProject</i>. Or search for all resources with the key name
2386
- * <i>Cost Center</i> and the value <i>41200</i>. </p>
2387
- * </li>
2388
- * <li>
2389
- * <p>
2390
- * <b>Access control</b> - Include tags in IAM identity-based
2391
- * and resource-based policies. You can use tags to restrict access to only an OIDC provider
2392
- * that has a specified tag attached. For examples of policies that show how to use tags to
2393
- * control access, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html">Control access using IAM tags</a> in the
2394
- * <i>IAM User Guide</i>.</p>
2395
- * </li>
2396
- * </ul>
2397
- * <note>
2398
- * <ul>
2399
- * <li>
2400
- * <p>If any one of the tags is invalid or if you exceed the allowed maximum number of tags, then the entire request
2401
- * fails and the resource is not created. For more information about tagging, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html">Tagging IAM resources</a> in the
2402
- * <i>IAM User Guide</i>.</p>
2403
- * </li>
2404
- * <li>
2405
- * <p>Amazon Web Services always interprets the tag <code>Value</code> as a single string. If you
2406
- * need to store an array, you can store comma-separated values in the string. However, you
2407
- * must interpret the value in your code.</p>
2408
- * </li>
2409
- * </ul>
2410
- * </note>
925
+ * @see {@link TagOpenIDConnectProviderCommand}
2411
926
  */
2412
927
  tagOpenIDConnectProvider(args: TagOpenIDConnectProviderCommandInput, options?: __HttpHandlerOptions): Promise<TagOpenIDConnectProviderCommandOutput>;
2413
928
  tagOpenIDConnectProvider(args: TagOpenIDConnectProviderCommandInput, cb: (err: any, data?: TagOpenIDConnectProviderCommandOutput) => void): void;
2414
929
  tagOpenIDConnectProvider(args: TagOpenIDConnectProviderCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: TagOpenIDConnectProviderCommandOutput) => void): void;
2415
930
  /**
2416
- * @public
2417
- * <p>Adds one or more tags to an IAM customer managed policy. If a tag with the same key
2418
- * name already exists, then that tag is overwritten with the new value.</p>
2419
- * <p>A tag consists of a key name and an associated value. By assigning tags to your
2420
- * resources, you can do the following:</p>
2421
- * <ul>
2422
- * <li>
2423
- * <p>
2424
- * <b>Administrative grouping and discovery</b> - Attach
2425
- * tags to resources to aid in organization and search. For example, you could search for all
2426
- * resources with the key name <i>Project</i> and the value
2427
- * <i>MyImportantProject</i>. Or search for all resources with the key name
2428
- * <i>Cost Center</i> and the value <i>41200</i>. </p>
2429
- * </li>
2430
- * <li>
2431
- * <p>
2432
- * <b>Access control</b> - Include tags in IAM user-based
2433
- * and resource-based policies. You can use tags to restrict access to only an IAM customer
2434
- * managed policy that has a specified tag attached. For examples of policies that show how
2435
- * to use tags to control access, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html">Control access using IAM tags</a> in the
2436
- * <i>IAM User Guide</i>.</p>
2437
- * </li>
2438
- * </ul>
2439
- * <note>
2440
- * <ul>
2441
- * <li>
2442
- * <p>If any one of the tags is invalid or if you exceed the allowed maximum number of tags, then the entire request
2443
- * fails and the resource is not created. For more information about tagging, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html">Tagging IAM resources</a> in the
2444
- * <i>IAM User Guide</i>.</p>
2445
- * </li>
2446
- * <li>
2447
- * <p>Amazon Web Services always interprets the tag <code>Value</code> as a single string. If you
2448
- * need to store an array, you can store comma-separated values in the string. However, you
2449
- * must interpret the value in your code.</p>
2450
- * </li>
2451
- * </ul>
2452
- * </note>
931
+ * @see {@link TagPolicyCommand}
2453
932
  */
2454
933
  tagPolicy(args: TagPolicyCommandInput, options?: __HttpHandlerOptions): Promise<TagPolicyCommandOutput>;
2455
934
  tagPolicy(args: TagPolicyCommandInput, cb: (err: any, data?: TagPolicyCommandOutput) => void): void;
2456
935
  tagPolicy(args: TagPolicyCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: TagPolicyCommandOutput) => void): void;
2457
936
  /**
2458
- * @public
2459
- * <p>Adds one or more tags to an IAM role. The role can be a regular role or a
2460
- * service-linked role. If a tag with the same key name already exists, then that tag is
2461
- * overwritten with the new value.</p>
2462
- * <p>A tag consists of a key name and an associated value. By assigning tags to your
2463
- * resources, you can do the following:</p>
2464
- * <ul>
2465
- * <li>
2466
- * <p>
2467
- * <b>Administrative grouping and discovery</b> - Attach
2468
- * tags to resources to aid in organization and search. For example, you could search for all
2469
- * resources with the key name <i>Project</i> and the value
2470
- * <i>MyImportantProject</i>. Or search for all resources with the key name
2471
- * <i>Cost Center</i> and the value <i>41200</i>. </p>
2472
- * </li>
2473
- * <li>
2474
- * <p>
2475
- * <b>Access control</b> - Include tags in IAM user-based
2476
- * and resource-based policies. You can use tags to restrict access to only an IAM role
2477
- * that has a specified tag attached. You can also restrict access to only those resources
2478
- * that have a certain tag attached. For examples of policies that show how to use tags to
2479
- * control access, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html">Control access using IAM tags</a> in the
2480
- * <i>IAM User Guide</i>.</p>
2481
- * </li>
2482
- * <li>
2483
- * <p>
2484
- * <b>Cost allocation</b> - Use tags to help track which
2485
- * individuals and teams are using which Amazon Web Services resources.</p>
2486
- * </li>
2487
- * </ul>
2488
- * <note>
2489
- * <ul>
2490
- * <li>
2491
- * <p>If any one of the tags is invalid or if you exceed the allowed maximum number of tags, then the entire request
2492
- * fails and the resource is not created. For more information about tagging, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html">Tagging IAM resources</a> in the
2493
- * <i>IAM User Guide</i>.</p>
2494
- * </li>
2495
- * <li>
2496
- * <p>Amazon Web Services always interprets the tag <code>Value</code> as a single string. If you
2497
- * need to store an array, you can store comma-separated values in the string. However, you
2498
- * must interpret the value in your code.</p>
2499
- * </li>
2500
- * </ul>
2501
- * </note>
2502
- * <p>For more information about tagging, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html">Tagging IAM identities</a> in the
2503
- * <i>IAM User Guide</i>.</p>
937
+ * @see {@link TagRoleCommand}
2504
938
  */
2505
939
  tagRole(args: TagRoleCommandInput, options?: __HttpHandlerOptions): Promise<TagRoleCommandOutput>;
2506
940
  tagRole(args: TagRoleCommandInput, cb: (err: any, data?: TagRoleCommandOutput) => void): void;
2507
941
  tagRole(args: TagRoleCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: TagRoleCommandOutput) => void): void;
2508
942
  /**
2509
- * @public
2510
- * <p>Adds one or more tags to a Security Assertion Markup Language (SAML) identity provider.
2511
- * For more information about these providers, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html">About SAML 2.0-based federation </a>.
2512
- * If a tag with the same key name already exists, then that tag is overwritten with the new
2513
- * value.</p>
2514
- * <p>A tag consists of a key name and an associated value. By assigning tags to your
2515
- * resources, you can do the following:</p>
2516
- * <ul>
2517
- * <li>
2518
- * <p>
2519
- * <b>Administrative grouping and discovery</b> - Attach
2520
- * tags to resources to aid in organization and search. For example, you could search for all
2521
- * resources with the key name <i>Project</i> and the value
2522
- * <i>MyImportantProject</i>. Or search for all resources with the key name
2523
- * <i>Cost Center</i> and the value <i>41200</i>. </p>
2524
- * </li>
2525
- * <li>
2526
- * <p>
2527
- * <b>Access control</b> - Include tags in IAM user-based
2528
- * and resource-based policies. You can use tags to restrict access to only a SAML identity
2529
- * provider that has a specified tag attached. For examples of policies that show how to use
2530
- * tags to control access, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html">Control access using IAM tags</a> in the
2531
- * <i>IAM User Guide</i>.</p>
2532
- * </li>
2533
- * </ul>
2534
- * <note>
2535
- * <ul>
2536
- * <li>
2537
- * <p>If any one of the tags is invalid or if you exceed the allowed maximum number of tags, then the entire request
2538
- * fails and the resource is not created. For more information about tagging, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html">Tagging IAM resources</a> in the
2539
- * <i>IAM User Guide</i>.</p>
2540
- * </li>
2541
- * <li>
2542
- * <p>Amazon Web Services always interprets the tag <code>Value</code> as a single string. If you
2543
- * need to store an array, you can store comma-separated values in the string. However, you
2544
- * must interpret the value in your code.</p>
2545
- * </li>
2546
- * </ul>
2547
- * </note>
943
+ * @see {@link TagSAMLProviderCommand}
2548
944
  */
2549
945
  tagSAMLProvider(args: TagSAMLProviderCommandInput, options?: __HttpHandlerOptions): Promise<TagSAMLProviderCommandOutput>;
2550
946
  tagSAMLProvider(args: TagSAMLProviderCommandInput, cb: (err: any, data?: TagSAMLProviderCommandOutput) => void): void;
2551
947
  tagSAMLProvider(args: TagSAMLProviderCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: TagSAMLProviderCommandOutput) => void): void;
2552
948
  /**
2553
- * @public
2554
- * <p>Adds one or more tags to an IAM server certificate. If a tag with the same key name
2555
- * already exists, then that tag is overwritten with the new value.</p>
2556
- * <note>
2557
- * <p>For certificates in a Region supported by Certificate Manager (ACM), we
2558
- * recommend that you don't use IAM server certificates. Instead, use ACM to provision,
2559
- * manage, and deploy your server certificates. For more information about IAM server
2560
- * certificates, <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html">Working with server
2561
- * certificates</a> in the <i>IAM User Guide</i>.</p>
2562
- * </note>
2563
- * <p>A tag consists of a key name and an associated value. By assigning tags to your
2564
- * resources, you can do the following:</p>
2565
- * <ul>
2566
- * <li>
2567
- * <p>
2568
- * <b>Administrative grouping and discovery</b> - Attach
2569
- * tags to resources to aid in organization and search. For example, you could search for all
2570
- * resources with the key name <i>Project</i> and the value
2571
- * <i>MyImportantProject</i>. Or search for all resources with the key name
2572
- * <i>Cost Center</i> and the value <i>41200</i>. </p>
2573
- * </li>
2574
- * <li>
2575
- * <p>
2576
- * <b>Access control</b> - Include tags in IAM user-based
2577
- * and resource-based policies. You can use tags to restrict access to only a server
2578
- * certificate that has a specified tag attached. For examples of policies that show how to
2579
- * use tags to control access, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html">Control access using IAM tags</a> in the
2580
- * <i>IAM User Guide</i>.</p>
2581
- * </li>
2582
- * <li>
2583
- * <p>
2584
- * <b>Cost allocation</b> - Use tags to help track which
2585
- * individuals and teams are using which Amazon Web Services resources.</p>
2586
- * </li>
2587
- * </ul>
2588
- * <note>
2589
- * <ul>
2590
- * <li>
2591
- * <p>If any one of the tags is invalid or if you exceed the allowed maximum number of tags, then the entire request
2592
- * fails and the resource is not created. For more information about tagging, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html">Tagging IAM resources</a> in the
2593
- * <i>IAM User Guide</i>.</p>
2594
- * </li>
2595
- * <li>
2596
- * <p>Amazon Web Services always interprets the tag <code>Value</code> as a single string. If you
2597
- * need to store an array, you can store comma-separated values in the string. However, you
2598
- * must interpret the value in your code.</p>
2599
- * </li>
2600
- * </ul>
2601
- * </note>
949
+ * @see {@link TagServerCertificateCommand}
2602
950
  */
2603
951
  tagServerCertificate(args: TagServerCertificateCommandInput, options?: __HttpHandlerOptions): Promise<TagServerCertificateCommandOutput>;
2604
952
  tagServerCertificate(args: TagServerCertificateCommandInput, cb: (err: any, data?: TagServerCertificateCommandOutput) => void): void;
2605
953
  tagServerCertificate(args: TagServerCertificateCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: TagServerCertificateCommandOutput) => void): void;
2606
954
  /**
2607
- * @public
2608
- * <p>Adds one or more tags to an IAM user. If a tag with the same key name already exists,
2609
- * then that tag is overwritten with the new value.</p>
2610
- * <p>A tag consists of a key name and an associated value. By assigning tags to your
2611
- * resources, you can do the following:</p>
2612
- * <ul>
2613
- * <li>
2614
- * <p>
2615
- * <b>Administrative grouping and discovery</b> - Attach
2616
- * tags to resources to aid in organization and search. For example, you could search for all
2617
- * resources with the key name <i>Project</i> and the value
2618
- * <i>MyImportantProject</i>. Or search for all resources with the key name
2619
- * <i>Cost Center</i> and the value <i>41200</i>. </p>
2620
- * </li>
2621
- * <li>
2622
- * <p>
2623
- * <b>Access control</b> - Include tags in IAM identity-based
2624
- * and resource-based policies. You can use tags to restrict access to only an IAM
2625
- * requesting user that has a specified tag attached. You can also restrict access to only
2626
- * those resources that have a certain tag attached. For examples of policies that show how
2627
- * to use tags to control access, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html">Control access using IAM tags</a> in the
2628
- * <i>IAM User Guide</i>.</p>
2629
- * </li>
2630
- * <li>
2631
- * <p>
2632
- * <b>Cost allocation</b> - Use tags to help track which
2633
- * individuals and teams are using which Amazon Web Services resources.</p>
2634
- * </li>
2635
- * </ul>
2636
- * <note>
2637
- * <ul>
2638
- * <li>
2639
- * <p>If any one of the tags is invalid or if you exceed the allowed maximum number of tags, then the entire request
2640
- * fails and the resource is not created. For more information about tagging, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html">Tagging IAM resources</a> in the
2641
- * <i>IAM User Guide</i>.</p>
2642
- * </li>
2643
- * <li>
2644
- * <p>Amazon Web Services always interprets the tag <code>Value</code> as a single string. If you
2645
- * need to store an array, you can store comma-separated values in the string. However, you
2646
- * must interpret the value in your code.</p>
2647
- * </li>
2648
- * </ul>
2649
- * </note>
2650
- * <p>For more information about tagging, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html">Tagging IAM identities</a> in the
2651
- * <i>IAM User Guide</i>.</p>
955
+ * @see {@link TagUserCommand}
2652
956
  */
2653
957
  tagUser(args: TagUserCommandInput, options?: __HttpHandlerOptions): Promise<TagUserCommandOutput>;
2654
958
  tagUser(args: TagUserCommandInput, cb: (err: any, data?: TagUserCommandOutput) => void): void;
2655
959
  tagUser(args: TagUserCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: TagUserCommandOutput) => void): void;
2656
960
  /**
2657
- * @public
2658
- * <p>Removes the specified tags from the IAM instance profile. For more information about tagging, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html">Tagging IAM resources</a> in the
2659
- * <i>IAM User Guide</i>.</p>
961
+ * @see {@link UntagInstanceProfileCommand}
2660
962
  */
2661
963
  untagInstanceProfile(args: UntagInstanceProfileCommandInput, options?: __HttpHandlerOptions): Promise<UntagInstanceProfileCommandOutput>;
2662
964
  untagInstanceProfile(args: UntagInstanceProfileCommandInput, cb: (err: any, data?: UntagInstanceProfileCommandOutput) => void): void;
2663
965
  untagInstanceProfile(args: UntagInstanceProfileCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: UntagInstanceProfileCommandOutput) => void): void;
2664
966
  /**
2665
- * @public
2666
- * <p>Removes the specified tags from the IAM virtual multi-factor authentication (MFA)
2667
- * device. For more information about tagging, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html">Tagging IAM resources</a> in the
2668
- * <i>IAM User Guide</i>.</p>
967
+ * @see {@link UntagMFADeviceCommand}
2669
968
  */
2670
969
  untagMFADevice(args: UntagMFADeviceCommandInput, options?: __HttpHandlerOptions): Promise<UntagMFADeviceCommandOutput>;
2671
970
  untagMFADevice(args: UntagMFADeviceCommandInput, cb: (err: any, data?: UntagMFADeviceCommandOutput) => void): void;
2672
971
  untagMFADevice(args: UntagMFADeviceCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: UntagMFADeviceCommandOutput) => void): void;
2673
972
  /**
2674
- * @public
2675
- * <p>Removes the specified tags from the specified OpenID Connect (OIDC)-compatible identity
2676
- * provider in IAM. For more information about OIDC providers, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html">About web identity federation</a>.
2677
- * For more information about tagging, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html">Tagging IAM resources</a> in the
2678
- * <i>IAM User Guide</i>.</p>
973
+ * @see {@link UntagOpenIDConnectProviderCommand}
2679
974
  */
2680
975
  untagOpenIDConnectProvider(args: UntagOpenIDConnectProviderCommandInput, options?: __HttpHandlerOptions): Promise<UntagOpenIDConnectProviderCommandOutput>;
2681
976
  untagOpenIDConnectProvider(args: UntagOpenIDConnectProviderCommandInput, cb: (err: any, data?: UntagOpenIDConnectProviderCommandOutput) => void): void;
2682
977
  untagOpenIDConnectProvider(args: UntagOpenIDConnectProviderCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: UntagOpenIDConnectProviderCommandOutput) => void): void;
2683
978
  /**
2684
- * @public
2685
- * <p>Removes the specified tags from the customer managed policy. For more information about tagging, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html">Tagging IAM resources</a> in the
2686
- * <i>IAM User Guide</i>.</p>
979
+ * @see {@link UntagPolicyCommand}
2687
980
  */
2688
981
  untagPolicy(args: UntagPolicyCommandInput, options?: __HttpHandlerOptions): Promise<UntagPolicyCommandOutput>;
2689
982
  untagPolicy(args: UntagPolicyCommandInput, cb: (err: any, data?: UntagPolicyCommandOutput) => void): void;
2690
983
  untagPolicy(args: UntagPolicyCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: UntagPolicyCommandOutput) => void): void;
2691
984
  /**
2692
- * @public
2693
- * <p>Removes the specified tags from the role. For more information about tagging, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html">Tagging IAM resources</a> in the
2694
- * <i>IAM User Guide</i>.</p>
985
+ * @see {@link UntagRoleCommand}
2695
986
  */
2696
987
  untagRole(args: UntagRoleCommandInput, options?: __HttpHandlerOptions): Promise<UntagRoleCommandOutput>;
2697
988
  untagRole(args: UntagRoleCommandInput, cb: (err: any, data?: UntagRoleCommandOutput) => void): void;
2698
989
  untagRole(args: UntagRoleCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: UntagRoleCommandOutput) => void): void;
2699
990
  /**
2700
- * @public
2701
- * <p>Removes the specified tags from the specified Security Assertion Markup Language (SAML)
2702
- * identity provider in IAM. For more information about these providers, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html">About web identity
2703
- * federation</a>. For more information about tagging, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html">Tagging IAM resources</a> in the
2704
- * <i>IAM User Guide</i>.</p>
991
+ * @see {@link UntagSAMLProviderCommand}
2705
992
  */
2706
993
  untagSAMLProvider(args: UntagSAMLProviderCommandInput, options?: __HttpHandlerOptions): Promise<UntagSAMLProviderCommandOutput>;
2707
994
  untagSAMLProvider(args: UntagSAMLProviderCommandInput, cb: (err: any, data?: UntagSAMLProviderCommandOutput) => void): void;
2708
995
  untagSAMLProvider(args: UntagSAMLProviderCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: UntagSAMLProviderCommandOutput) => void): void;
2709
996
  /**
2710
- * @public
2711
- * <p>Removes the specified tags from the IAM server certificate.
2712
- * For more information about tagging, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html">Tagging IAM resources</a> in the
2713
- * <i>IAM User Guide</i>.</p>
2714
- * <note>
2715
- * <p>For certificates in a Region supported by Certificate Manager (ACM), we
2716
- * recommend that you don't use IAM server certificates. Instead, use ACM to provision,
2717
- * manage, and deploy your server certificates. For more information about IAM server
2718
- * certificates, <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html">Working with server
2719
- * certificates</a> in the <i>IAM User Guide</i>.</p>
2720
- * </note>
997
+ * @see {@link UntagServerCertificateCommand}
2721
998
  */
2722
999
  untagServerCertificate(args: UntagServerCertificateCommandInput, options?: __HttpHandlerOptions): Promise<UntagServerCertificateCommandOutput>;
2723
1000
  untagServerCertificate(args: UntagServerCertificateCommandInput, cb: (err: any, data?: UntagServerCertificateCommandOutput) => void): void;
2724
1001
  untagServerCertificate(args: UntagServerCertificateCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: UntagServerCertificateCommandOutput) => void): void;
2725
1002
  /**
2726
- * @public
2727
- * <p>Removes the specified tags from the user. For more information about tagging, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html">Tagging IAM resources</a> in the
2728
- * <i>IAM User Guide</i>.</p>
1003
+ * @see {@link UntagUserCommand}
2729
1004
  */
2730
1005
  untagUser(args: UntagUserCommandInput, options?: __HttpHandlerOptions): Promise<UntagUserCommandOutput>;
2731
1006
  untagUser(args: UntagUserCommandInput, cb: (err: any, data?: UntagUserCommandOutput) => void): void;
2732
1007
  untagUser(args: UntagUserCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: UntagUserCommandOutput) => void): void;
2733
1008
  /**
2734
- * @public
2735
- * <p>Changes the status of the specified access key from Active to Inactive, or vice versa.
2736
- * This operation can be used to disable a user's key as part of a key rotation
2737
- * workflow.</p>
2738
- * <p>If the <code>UserName</code> is not specified, the user name is determined implicitly
2739
- * based on the Amazon Web Services access key ID used to sign the request. If a temporary access key is
2740
- * used, then <code>UserName</code> is required. If a long-term key is assigned to the
2741
- * user, then <code>UserName</code> is not required. This operation works for access keys
2742
- * under the Amazon Web Services account. Consequently, you can use this operation to manage Amazon Web Services account root user
2743
- * credentials even if the Amazon Web Services account has no associated users.</p>
2744
- * <p>For information about rotating keys, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/ManagingCredentials.html">Managing keys and certificates</a>
2745
- * in the <i>IAM User Guide</i>.</p>
1009
+ * @see {@link UpdateAccessKeyCommand}
2746
1010
  */
2747
1011
  updateAccessKey(args: UpdateAccessKeyCommandInput, options?: __HttpHandlerOptions): Promise<UpdateAccessKeyCommandOutput>;
2748
1012
  updateAccessKey(args: UpdateAccessKeyCommandInput, cb: (err: any, data?: UpdateAccessKeyCommandOutput) => void): void;
2749
1013
  updateAccessKey(args: UpdateAccessKeyCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: UpdateAccessKeyCommandOutput) => void): void;
2750
1014
  /**
2751
- * @public
2752
- * <p>Updates the password policy settings for the Amazon Web Services account.</p>
2753
- * <note>
2754
- * <p>This operation does not support partial updates. No parameters are required, but
2755
- * if you do not specify a parameter, that parameter's value reverts to its default
2756
- * value. See the <b>Request Parameters</b> section for each
2757
- * parameter's default value. Also note that some parameters do not allow the default
2758
- * parameter to be explicitly set. Instead, to invoke the default value, do not include
2759
- * that parameter when you invoke the operation.</p>
2760
- * </note>
2761
- * <p> For more information about using a password policy, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingPasswordPolicies.html">Managing an IAM password
2762
- * policy</a> in the <i>IAM User Guide</i>.</p>
1015
+ * @see {@link UpdateAccountPasswordPolicyCommand}
2763
1016
  */
2764
1017
  updateAccountPasswordPolicy(args: UpdateAccountPasswordPolicyCommandInput, options?: __HttpHandlerOptions): Promise<UpdateAccountPasswordPolicyCommandOutput>;
2765
1018
  updateAccountPasswordPolicy(args: UpdateAccountPasswordPolicyCommandInput, cb: (err: any, data?: UpdateAccountPasswordPolicyCommandOutput) => void): void;
2766
1019
  updateAccountPasswordPolicy(args: UpdateAccountPasswordPolicyCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: UpdateAccountPasswordPolicyCommandOutput) => void): void;
2767
1020
  /**
2768
- * @public
2769
- * <p>Updates the policy that grants an IAM entity permission to assume a role. This is
2770
- * typically referred to as the "role trust policy". For more information about roles, see
2771
- * <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/roles-toplevel.html">Using roles to
2772
- * delegate permissions and federate identities</a>.</p>
1021
+ * @see {@link UpdateAssumeRolePolicyCommand}
2773
1022
  */
2774
1023
  updateAssumeRolePolicy(args: UpdateAssumeRolePolicyCommandInput, options?: __HttpHandlerOptions): Promise<UpdateAssumeRolePolicyCommandOutput>;
2775
1024
  updateAssumeRolePolicy(args: UpdateAssumeRolePolicyCommandInput, cb: (err: any, data?: UpdateAssumeRolePolicyCommandOutput) => void): void;
2776
1025
  updateAssumeRolePolicy(args: UpdateAssumeRolePolicyCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: UpdateAssumeRolePolicyCommandOutput) => void): void;
2777
1026
  /**
2778
- * @public
2779
- * <p>Updates the name and/or the path of the specified IAM group.</p>
2780
- * <important>
2781
- * <p> You should understand the implications of changing a group's path or name. For
2782
- * more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_WorkingWithGroupsAndUsers.html">Renaming users and
2783
- * groups</a> in the <i>IAM User Guide</i>.</p>
2784
- * </important>
2785
- * <note>
2786
- * <p>The person making the request (the principal), must have permission to change the
2787
- * role group with the old name and the new name. For example, to change the group
2788
- * named <code>Managers</code> to <code>MGRs</code>, the principal must have a policy
2789
- * that allows them to update both groups. If the principal has permission to update
2790
- * the <code>Managers</code> group, but not the <code>MGRs</code> group, then the
2791
- * update fails. For more information about permissions, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html">Access management</a>.
2792
- * </p>
2793
- * </note>
1027
+ * @see {@link UpdateGroupCommand}
2794
1028
  */
2795
1029
  updateGroup(args: UpdateGroupCommandInput, options?: __HttpHandlerOptions): Promise<UpdateGroupCommandOutput>;
2796
1030
  updateGroup(args: UpdateGroupCommandInput, cb: (err: any, data?: UpdateGroupCommandOutput) => void): void;
2797
1031
  updateGroup(args: UpdateGroupCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: UpdateGroupCommandOutput) => void): void;
2798
1032
  /**
2799
- * @public
2800
- * <p>Changes the password for the specified IAM user. You can use the CLI, the Amazon Web Services
2801
- * API, or the <b>Users</b> page in the IAM console to change
2802
- * the password for any IAM user. Use <a>ChangePassword</a> to change your own
2803
- * password in the <b>My Security Credentials</b> page in the
2804
- * Amazon Web Services Management Console.</p>
2805
- * <p>For more information about modifying passwords, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingLogins.html">Managing passwords</a> in the
2806
- * <i>IAM User Guide</i>.</p>
1033
+ * @see {@link UpdateLoginProfileCommand}
2807
1034
  */
2808
1035
  updateLoginProfile(args: UpdateLoginProfileCommandInput, options?: __HttpHandlerOptions): Promise<UpdateLoginProfileCommandOutput>;
2809
1036
  updateLoginProfile(args: UpdateLoginProfileCommandInput, cb: (err: any, data?: UpdateLoginProfileCommandOutput) => void): void;
2810
1037
  updateLoginProfile(args: UpdateLoginProfileCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: UpdateLoginProfileCommandOutput) => void): void;
2811
1038
  /**
2812
- * @public
2813
- * <p>Replaces the existing list of server certificate thumbprints associated with an OpenID
2814
- * Connect (OIDC) provider resource object with a new list of thumbprints.</p>
2815
- * <p>The list that you pass with this operation completely replaces the existing list of
2816
- * thumbprints. (The lists are not merged.)</p>
2817
- * <p>Typically, you need to update a thumbprint only when the identity provider certificate
2818
- * changes, which occurs rarely. However, if the provider's certificate
2819
- * <i>does</i> change, any attempt to assume an IAM role that specifies
2820
- * the OIDC provider as a principal fails until the certificate thumbprint is
2821
- * updated.</p>
2822
- * <note>
2823
- * <p>Amazon Web Services secures communication with some OIDC identity providers (IdPs) through our
2824
- * library of trusted certificate authorities (CAs) instead of using a certificate
2825
- * thumbprint to verify your IdP server certificate. These OIDC IdPs include Google, Auth0,
2826
- * and those that use an Amazon S3 bucket to host a JSON Web Key Set (JWKS) endpoint. In these
2827
- * cases, your legacy thumbprint remains in your configuration, but is no longer used for
2828
- * validation.</p>
2829
- * </note>
2830
- * <note>
2831
- * <p>Trust for the OIDC provider is derived from the provider certificate and is
2832
- * validated by the thumbprint. Therefore, it is best to limit access to the
2833
- * <code>UpdateOpenIDConnectProviderThumbprint</code> operation to highly
2834
- * privileged users.</p>
2835
- * </note>
1039
+ * @see {@link UpdateOpenIDConnectProviderThumbprintCommand}
2836
1040
  */
2837
1041
  updateOpenIDConnectProviderThumbprint(args: UpdateOpenIDConnectProviderThumbprintCommandInput, options?: __HttpHandlerOptions): Promise<UpdateOpenIDConnectProviderThumbprintCommandOutput>;
2838
1042
  updateOpenIDConnectProviderThumbprint(args: UpdateOpenIDConnectProviderThumbprintCommandInput, cb: (err: any, data?: UpdateOpenIDConnectProviderThumbprintCommandOutput) => void): void;
2839
1043
  updateOpenIDConnectProviderThumbprint(args: UpdateOpenIDConnectProviderThumbprintCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: UpdateOpenIDConnectProviderThumbprintCommandOutput) => void): void;
2840
1044
  /**
2841
- * @public
2842
- * <p>Updates the description or maximum session duration setting of a role.</p>
1045
+ * @see {@link UpdateRoleCommand}
2843
1046
  */
2844
1047
  updateRole(args: UpdateRoleCommandInput, options?: __HttpHandlerOptions): Promise<UpdateRoleCommandOutput>;
2845
1048
  updateRole(args: UpdateRoleCommandInput, cb: (err: any, data?: UpdateRoleCommandOutput) => void): void;
2846
1049
  updateRole(args: UpdateRoleCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: UpdateRoleCommandOutput) => void): void;
2847
1050
  /**
2848
- * @public
2849
- * <p>Use <a>UpdateRole</a> instead.</p>
2850
- * <p>Modifies only the description of a role. This operation performs the same function as
2851
- * the <code>Description</code> parameter in the <code>UpdateRole</code> operation.</p>
1051
+ * @see {@link UpdateRoleDescriptionCommand}
2852
1052
  */
2853
1053
  updateRoleDescription(args: UpdateRoleDescriptionCommandInput, options?: __HttpHandlerOptions): Promise<UpdateRoleDescriptionCommandOutput>;
2854
1054
  updateRoleDescription(args: UpdateRoleDescriptionCommandInput, cb: (err: any, data?: UpdateRoleDescriptionCommandOutput) => void): void;
2855
1055
  updateRoleDescription(args: UpdateRoleDescriptionCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: UpdateRoleDescriptionCommandOutput) => void): void;
2856
1056
  /**
2857
- * @public
2858
- * <p>Updates the metadata document for an existing SAML provider resource object.</p>
2859
- * <note>
2860
- * <p>This operation requires <a href="https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html">Signature Version 4</a>.</p>
2861
- * </note>
1057
+ * @see {@link UpdateSAMLProviderCommand}
2862
1058
  */
2863
1059
  updateSAMLProvider(args: UpdateSAMLProviderCommandInput, options?: __HttpHandlerOptions): Promise<UpdateSAMLProviderCommandOutput>;
2864
1060
  updateSAMLProvider(args: UpdateSAMLProviderCommandInput, cb: (err: any, data?: UpdateSAMLProviderCommandOutput) => void): void;
2865
1061
  updateSAMLProvider(args: UpdateSAMLProviderCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: UpdateSAMLProviderCommandOutput) => void): void;
2866
1062
  /**
2867
- * @public
2868
- * <p>Updates the name and/or the path of the specified server certificate stored in
2869
- * IAM.</p>
2870
- * <p>For more information about working with server certificates, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html">Working
2871
- * with server certificates</a> in the <i>IAM User Guide</i>. This
2872
- * topic also includes a list of Amazon Web Services services that can use the server certificates that
2873
- * you manage with IAM.</p>
2874
- * <important>
2875
- * <p>You should understand the implications of changing a server certificate's path or
2876
- * name. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs_manage.html#RenamingServerCerts">Renaming a server certificate</a> in the
2877
- * <i>IAM User Guide</i>.</p>
2878
- * </important>
2879
- * <note>
2880
- * <p>The person making the request (the principal), must have permission to change the
2881
- * server certificate with the old name and the new name. For example, to change the
2882
- * certificate named <code>ProductionCert</code> to <code>ProdCert</code>, the
2883
- * principal must have a policy that allows them to update both certificates. If the
2884
- * principal has permission to update the <code>ProductionCert</code> group, but not
2885
- * the <code>ProdCert</code> certificate, then the update fails. For more information
2886
- * about permissions, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html">Access management</a> in the <i>IAM User Guide</i>.</p>
2887
- * </note>
1063
+ * @see {@link UpdateServerCertificateCommand}
2888
1064
  */
2889
1065
  updateServerCertificate(args: UpdateServerCertificateCommandInput, options?: __HttpHandlerOptions): Promise<UpdateServerCertificateCommandOutput>;
2890
1066
  updateServerCertificate(args: UpdateServerCertificateCommandInput, cb: (err: any, data?: UpdateServerCertificateCommandOutput) => void): void;
2891
1067
  updateServerCertificate(args: UpdateServerCertificateCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: UpdateServerCertificateCommandOutput) => void): void;
2892
1068
  /**
2893
- * @public
2894
- * <p>Sets the status of a service-specific credential to <code>Active</code> or
2895
- * <code>Inactive</code>. Service-specific credentials that are inactive cannot be used
2896
- * for authentication to the service. This operation can be used to disable a user's
2897
- * service-specific credential as part of a credential rotation work flow.</p>
1069
+ * @see {@link UpdateServiceSpecificCredentialCommand}
2898
1070
  */
2899
1071
  updateServiceSpecificCredential(args: UpdateServiceSpecificCredentialCommandInput, options?: __HttpHandlerOptions): Promise<UpdateServiceSpecificCredentialCommandOutput>;
2900
1072
  updateServiceSpecificCredential(args: UpdateServiceSpecificCredentialCommandInput, cb: (err: any, data?: UpdateServiceSpecificCredentialCommandOutput) => void): void;
2901
1073
  updateServiceSpecificCredential(args: UpdateServiceSpecificCredentialCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: UpdateServiceSpecificCredentialCommandOutput) => void): void;
2902
1074
  /**
2903
- * @public
2904
- * <p>Changes the status of the specified user signing certificate from active to disabled,
2905
- * or vice versa. This operation can be used to disable an IAM user's signing
2906
- * certificate as part of a certificate rotation work flow.</p>
2907
- * <p>If the <code>UserName</code> field is not specified, the user name is determined
2908
- * implicitly based on the Amazon Web Services access key ID used to sign the request. This operation
2909
- * works for access keys under the Amazon Web Services account. Consequently, you can use this operation
2910
- * to manage Amazon Web Services account root user credentials even if the Amazon Web Services account has no associated
2911
- * users.</p>
1075
+ * @see {@link UpdateSigningCertificateCommand}
2912
1076
  */
2913
1077
  updateSigningCertificate(args: UpdateSigningCertificateCommandInput, options?: __HttpHandlerOptions): Promise<UpdateSigningCertificateCommandOutput>;
2914
1078
  updateSigningCertificate(args: UpdateSigningCertificateCommandInput, cb: (err: any, data?: UpdateSigningCertificateCommandOutput) => void): void;
2915
1079
  updateSigningCertificate(args: UpdateSigningCertificateCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: UpdateSigningCertificateCommandOutput) => void): void;
2916
1080
  /**
2917
- * @public
2918
- * <p>Sets the status of an IAM user's SSH public key to active or inactive. SSH public
2919
- * keys that are inactive cannot be used for authentication. This operation can be used to
2920
- * disable a user's SSH public key as part of a key rotation work flow.</p>
2921
- * <p>The SSH public key affected by this operation is used only for authenticating the
2922
- * associated IAM user to an CodeCommit repository. For more information about using SSH keys
2923
- * to authenticate to an CodeCommit repository, see <a href="https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-credentials-ssh.html">Set up CodeCommit for
2924
- * SSH connections</a> in the <i>CodeCommit User Guide</i>.</p>
1081
+ * @see {@link UpdateSSHPublicKeyCommand}
2925
1082
  */
2926
1083
  updateSSHPublicKey(args: UpdateSSHPublicKeyCommandInput, options?: __HttpHandlerOptions): Promise<UpdateSSHPublicKeyCommandOutput>;
2927
1084
  updateSSHPublicKey(args: UpdateSSHPublicKeyCommandInput, cb: (err: any, data?: UpdateSSHPublicKeyCommandOutput) => void): void;
2928
1085
  updateSSHPublicKey(args: UpdateSSHPublicKeyCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: UpdateSSHPublicKeyCommandOutput) => void): void;
2929
1086
  /**
2930
- * @public
2931
- * <p>Updates the name and/or the path of the specified IAM user.</p>
2932
- * <important>
2933
- * <p> You should understand the implications of changing an IAM user's path or
2934
- * name. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_manage.html#id_users_renaming">Renaming an IAM
2935
- * user</a> and <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_groups_manage_rename.html">Renaming an IAM
2936
- * group</a> in the <i>IAM User Guide</i>.</p>
2937
- * </important>
2938
- * <note>
2939
- * <p> To change a user name, the requester must have appropriate permissions on both
2940
- * the source object and the target object. For example, to change Bob to Robert, the
2941
- * entity making the request must have permission on Bob and Robert, or must have
2942
- * permission on all (*). For more information about permissions, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/PermissionsAndPolicies.html">Permissions and policies</a>. </p>
2943
- * </note>
1087
+ * @see {@link UpdateUserCommand}
2944
1088
  */
2945
1089
  updateUser(args: UpdateUserCommandInput, options?: __HttpHandlerOptions): Promise<UpdateUserCommandOutput>;
2946
1090
  updateUser(args: UpdateUserCommandInput, cb: (err: any, data?: UpdateUserCommandOutput) => void): void;
2947
1091
  updateUser(args: UpdateUserCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: UpdateUserCommandOutput) => void): void;
2948
1092
  /**
2949
- * @public
2950
- * <p>Uploads a server certificate entity for the Amazon Web Services account. The server certificate
2951
- * entity includes a public key certificate, a private key, and an optional certificate
2952
- * chain, which should all be PEM-encoded.</p>
2953
- * <p>We recommend that you use <a href="https://docs.aws.amazon.com/acm/">Certificate Manager</a> to
2954
- * provision, manage, and deploy your server certificates. With ACM you can request a
2955
- * certificate, deploy it to Amazon Web Services resources, and let ACM handle certificate renewals for
2956
- * you. Certificates provided by ACM are free. For more information about using ACM,
2957
- * see the <a href="https://docs.aws.amazon.com/acm/latest/userguide/">Certificate Manager User
2958
- * Guide</a>.</p>
2959
- * <p>For more information about working with server certificates, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html">Working
2960
- * with server certificates</a> in the <i>IAM User Guide</i>. This
2961
- * topic includes a list of Amazon Web Services services that can use the server certificates that you
2962
- * manage with IAM.</p>
2963
- * <p>For information about the number of server certificates you can upload, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html">IAM and STS
2964
- * quotas</a> in the <i>IAM User Guide</i>.</p>
2965
- * <note>
2966
- * <p>Because the body of the public key certificate, private key, and the certificate
2967
- * chain can be large, you should use POST rather than GET when calling
2968
- * <code>UploadServerCertificate</code>. For information about setting up
2969
- * signatures and authorization through the API, see <a href="https://docs.aws.amazon.com/general/latest/gr/signing_aws_api_requests.html">Signing Amazon Web Services API
2970
- * requests</a> in the <i>Amazon Web Services General Reference</i>. For general
2971
- * information about using the Query API with IAM, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/programming.html">Calling the API by making HTTP query
2972
- * requests</a> in the <i>IAM User Guide</i>.</p>
2973
- * </note>
1093
+ * @see {@link UploadServerCertificateCommand}
2974
1094
  */
2975
1095
  uploadServerCertificate(args: UploadServerCertificateCommandInput, options?: __HttpHandlerOptions): Promise<UploadServerCertificateCommandOutput>;
2976
1096
  uploadServerCertificate(args: UploadServerCertificateCommandInput, cb: (err: any, data?: UploadServerCertificateCommandOutput) => void): void;
2977
1097
  uploadServerCertificate(args: UploadServerCertificateCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: UploadServerCertificateCommandOutput) => void): void;
2978
1098
  /**
2979
- * @public
2980
- * <p>Uploads an X.509 signing certificate and associates it with the specified IAM user.
2981
- * Some Amazon Web Services services require you to use certificates to validate requests that are signed
2982
- * with a corresponding private key. When you upload the certificate, its default status is
2983
- * <code>Active</code>.</p>
2984
- * <p>For information about when you would use an X.509 signing certificate, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html">Managing
2985
- * server certificates in IAM</a> in the
2986
- * <i>IAM User Guide</i>.</p>
2987
- * <p>If the <code>UserName</code> is not specified, the IAM user name is determined
2988
- * implicitly based on the Amazon Web Services access key ID used to sign the request. This operation
2989
- * works for access keys under the Amazon Web Services account. Consequently, you can use this operation
2990
- * to manage Amazon Web Services account root user credentials even if the Amazon Web Services account has no associated
2991
- * users.</p>
2992
- * <note>
2993
- * <p>Because the body of an X.509 certificate can be large, you should use POST rather
2994
- * than GET when calling <code>UploadSigningCertificate</code>. For information about
2995
- * setting up signatures and authorization through the API, see <a href="https://docs.aws.amazon.com/general/latest/gr/signing_aws_api_requests.html">Signing
2996
- * Amazon Web Services API requests</a> in the <i>Amazon Web Services General Reference</i>. For
2997
- * general information about using the Query API with IAM, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_UsingQueryAPI.html">Making query
2998
- * requests</a> in the <i>IAM User Guide</i>.</p>
2999
- * </note>
1099
+ * @see {@link UploadSigningCertificateCommand}
3000
1100
  */
3001
1101
  uploadSigningCertificate(args: UploadSigningCertificateCommandInput, options?: __HttpHandlerOptions): Promise<UploadSigningCertificateCommandOutput>;
3002
1102
  uploadSigningCertificate(args: UploadSigningCertificateCommandInput, cb: (err: any, data?: UploadSigningCertificateCommandOutput) => void): void;
3003
1103
  uploadSigningCertificate(args: UploadSigningCertificateCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: UploadSigningCertificateCommandOutput) => void): void;
3004
1104
  /**
3005
- * @public
3006
- * <p>Uploads an SSH public key and associates it with the specified IAM user.</p>
3007
- * <p>The SSH public key uploaded by this operation can be used only for authenticating the
3008
- * associated IAM user to an CodeCommit repository. For more information about using SSH keys
3009
- * to authenticate to an CodeCommit repository, see <a href="https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-credentials-ssh.html">Set up CodeCommit for
3010
- * SSH connections</a> in the <i>CodeCommit User Guide</i>.</p>
1105
+ * @see {@link UploadSSHPublicKeyCommand}
3011
1106
  */
3012
1107
  uploadSSHPublicKey(args: UploadSSHPublicKeyCommandInput, options?: __HttpHandlerOptions): Promise<UploadSSHPublicKeyCommandOutput>;
3013
1108
  uploadSSHPublicKey(args: UploadSSHPublicKeyCommandInput, cb: (err: any, data?: UploadSSHPublicKeyCommandOutput) => void): void;
3014
1109
  uploadSSHPublicKey(args: UploadSSHPublicKeyCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: UploadSSHPublicKeyCommandOutput) => void): void;
3015
1110
  }
1111
+ /**
1112
+ * @public
1113
+ * <fullname>Identity and Access Management</fullname>
1114
+ * <p>Identity and Access Management (IAM) is a web service for securely controlling
1115
+ * access to Amazon Web Services services. With IAM, you can centrally manage users, security credentials
1116
+ * such as access keys, and permissions that control which Amazon Web Services resources users and
1117
+ * applications can access. For more information about IAM, see <a href="http://aws.amazon.com/iam/">Identity and Access Management (IAM)</a> and the <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/">Identity and Access Management User Guide</a>.</p>
1118
+ */
1119
+ export declare class IAM extends IAMClient implements IAM {
1120
+ }