# WARNING ABOUT GENERATED CODE # # This file is generated. See the contributing guide for more information: # https://github.com/aws/aws-sdk-ruby/blob/master/CONTRIBUTING.md # # WARNING ABOUT GENERATED CODE require 'seahorse/client/plugins/content_length.rb' require 'aws-sdk-core/plugins/credentials_configuration.rb' require 'aws-sdk-core/plugins/logging.rb' require 'aws-sdk-core/plugins/param_converter.rb' require 'aws-sdk-core/plugins/param_validator.rb' require 'aws-sdk-core/plugins/user_agent.rb' require 'aws-sdk-core/plugins/helpful_socket_errors.rb' require 'aws-sdk-core/plugins/retry_errors.rb' require 'aws-sdk-core/plugins/global_configuration.rb' require 'aws-sdk-core/plugins/regional_endpoint.rb' require 'aws-sdk-core/plugins/response_paging.rb' require 'aws-sdk-core/plugins/stub_responses.rb' require 'aws-sdk-core/plugins/idempotency_token.rb' require 'aws-sdk-core/plugins/jsonvalue_converter.rb' require 'aws-sdk-core/plugins/signature_v4.rb' require 'aws-sdk-core/plugins/protocols/query.rb' Aws::Plugins::GlobalConfiguration.add_identifier(:iam) module Aws::IAM class Client < Seahorse::Client::Base include Aws::ClientStubs @identifier = :iam set_api(ClientApi::API) add_plugin(Seahorse::Client::Plugins::ContentLength) add_plugin(Aws::Plugins::CredentialsConfiguration) add_plugin(Aws::Plugins::Logging) add_plugin(Aws::Plugins::ParamConverter) add_plugin(Aws::Plugins::ParamValidator) add_plugin(Aws::Plugins::UserAgent) add_plugin(Aws::Plugins::HelpfulSocketErrors) add_plugin(Aws::Plugins::RetryErrors) add_plugin(Aws::Plugins::GlobalConfiguration) add_plugin(Aws::Plugins::RegionalEndpoint) add_plugin(Aws::Plugins::ResponsePaging) add_plugin(Aws::Plugins::StubResponses) add_plugin(Aws::Plugins::IdempotencyToken) add_plugin(Aws::Plugins::JsonvalueConverter) add_plugin(Aws::Plugins::SignatureV4) add_plugin(Aws::Plugins::Protocols::Query) # @option options [required, Aws::CredentialProvider] :credentials # Your AWS credentials. This can be an instance of any one of the # following classes: # # * `Aws::Credentials` - Used for configuring static, non-refreshing # credentials. # # * `Aws::InstanceProfileCredentials` - Used for loading credentials # from an EC2 IMDS on an EC2 instance. # # * `Aws::SharedCredentials` - Used for loading credentials from a # shared file, such as `~/.aws/config`. # # * `Aws::AssumeRoleCredentials` - Used when you need to assume a role. # # When `:credentials` are not configured directly, the following # locations will be searched for credentials: # # * `Aws.config[:credentials]` # * The `:access_key_id`, `:secret_access_key`, and `:session_token` options. # * ENV['AWS_ACCESS_KEY_ID'], ENV['AWS_SECRET_ACCESS_KEY'] # * `~/.aws/credentials` # * `~/.aws/config` # * EC2 IMDS instance profile - When used by default, the timeouts are # very aggressive. Construct and pass an instance of # `Aws::InstanceProfileCredentails` to enable retries and extended # timeouts. # # @option options [required, String] :region # The AWS region to connect to. The configured `:region` is # used to determine the service `:endpoint`. When not passed, # a default `:region` is search for in the following locations: # # * `Aws.config[:region]` # * `ENV['AWS_REGION']` # * `ENV['AMAZON_REGION']` # * `ENV['AWS_DEFAULT_REGION']` # * `~/.aws/credentials` # * `~/.aws/config` # # @option options [String] :access_key_id # # @option options [Boolean] :convert_params (true) # When `true`, an attempt is made to coerce request parameters into # the required types. # # @option options [String] :endpoint # The client endpoint is normally constructed from the `:region` # option. You should only configure an `:endpoint` when connecting # to test endpoints. This should be avalid HTTP(S) URI. # # @option options [Aws::Log::Formatter] :log_formatter (Aws::Log::Formatter.default) # The log formatter. # # @option options [Symbol] :log_level (:info) # The log level to send messages to the `:logger` at. # # @option options [Logger] :logger # The Logger instance to send log messages to. If this option # is not set, logging will be disabled. # # @option options [String] :profile ("default") # Used when loading credentials from the shared credentials file # at HOME/.aws/credentials. When not specified, 'default' is used. # # @option options [Integer] :retry_limit (3) # The maximum number of times to retry failed requests. Only # ~ 500 level server errors and certain ~ 400 level client errors # are retried. Generally, these are throttling errors, data # checksum errors, networking errors, timeout errors and auth # errors from expired credentials. # # @option options [String] :secret_access_key # # @option options [String] :session_token # # @option options [Boolean] :stub_responses (false) # Causes the client to return stubbed responses. By default # fake responses are generated and returned. You can specify # the response data to return or errors to raise by calling # {ClientStubs#stub_responses}. See {ClientStubs} for more information. # # ** Please note ** When response stubbing is enabled, no HTTP # requests are made, and retries are disabled. # # @option options [Boolean] :validate_params (true) # When `true`, request parameters are validated before # sending the request. # def initialize(*args) super end # @!group API Operations # Adds a new client ID (also known as audience) to the list of client # IDs already registered for the specified IAM OpenID Connect (OIDC) # provider resource. # # This action is idempotent; it does not fail or return an error if you # add an existing client ID to the provider. # # @option params [required, String] :open_id_connect_provider_arn # The Amazon Resource Name (ARN) of the IAM OpenID Connect (OIDC) # provider resource to add the client ID to. You can get a list of OIDC # provider ARNs by using the ListOpenIDConnectProviders action. # # @option params [required, String] :client_id # The client ID (also known as audience) to add to the IAM OpenID # Connect provider resource. # # @return [Struct] Returns an empty {Seahorse::Client::Response response}. # # @example Request syntax with placeholder values # # resp = client.add_client_id_to_open_id_connect_provider({ # open_id_connect_provider_arn: "arnType", # required # client_id: "clientIDType", # required # }) # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/AddClientIDToOpenIDConnectProvider AWS API Documentation # # @overload add_client_id_to_open_id_connect_provider(params = {}) # @param [Hash] params ({}) def add_client_id_to_open_id_connect_provider(params = {}, options = {}) req = build_request(:add_client_id_to_open_id_connect_provider, params) req.send_request(options) end # Adds the specified IAM role to the specified instance profile. An # instance profile can contain only one role, and this limit cannot be # increased. # # The caller of this API must be granted the `PassRole` permission on # the IAM role by a permission policy. # # # # For more information about roles, go to [Working with Roles][1]. For # more information about instance profiles, go to [About Instance # Profiles][2]. # # # # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/WorkingWithRoles.html # [2]: http://docs.aws.amazon.com/IAM/latest/UserGuide/AboutInstanceProfiles.html # # @option params [required, String] :instance_profile_name # The name of the instance profile to update. # # This parameter allows (per its [regex pattern][1]) a string of # characters consisting of upper and lowercase alphanumeric characters # with no spaces. You can also include any of the following characters: # =,.@- # # # # [1]: http://wikipedia.org/wiki/regex # # @option params [required, String] :role_name # The name of the role to add. # # This parameter allows (per its [regex pattern][1]) a string of # characters consisting of upper and lowercase alphanumeric characters # with no spaces. You can also include any of the following characters: # \_+=,.@- # # # # [1]: http://wikipedia.org/wiki/regex # # @return [Struct] Returns an empty {Seahorse::Client::Response response}. # # @example Request syntax with placeholder values # # resp = client.add_role_to_instance_profile({ # instance_profile_name: "instanceProfileNameType", # required # role_name: "roleNameType", # required # }) # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/AddRoleToInstanceProfile AWS API Documentation # # @overload add_role_to_instance_profile(params = {}) # @param [Hash] params ({}) def add_role_to_instance_profile(params = {}, options = {}) req = build_request(:add_role_to_instance_profile, params) req.send_request(options) end # Adds the specified user to the specified group. # # @option params [required, String] :group_name # The name of the group to update. # # This parameter allows (per its [regex pattern][1]) a string of # characters consisting of upper and lowercase alphanumeric characters # with no spaces. You can also include any of the following characters: # =,.@- # # # # [1]: http://wikipedia.org/wiki/regex # # @option params [required, String] :user_name # The name of the user to add. # # This parameter allows (per its [regex pattern][1]) a string of # characters consisting of upper and lowercase alphanumeric characters # with no spaces. You can also include any of the following characters: # =,.@- # # # # [1]: http://wikipedia.org/wiki/regex # # @return [Struct] Returns an empty {Seahorse::Client::Response response}. # # @example Request syntax with placeholder values # # resp = client.add_user_to_group({ # group_name: "groupNameType", # required # user_name: "existingUserNameType", # required # }) # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/AddUserToGroup AWS API Documentation # # @overload add_user_to_group(params = {}) # @param [Hash] params ({}) def add_user_to_group(params = {}, options = {}) req = build_request(:add_user_to_group, params) req.send_request(options) end # Attaches the specified managed policy to the specified IAM group. # # You use this API to attach a managed policy to a group. To embed an # inline policy in a group, use PutGroupPolicy. # # For more information about policies, see [Managed Policies and Inline # Policies][1] in the *IAM User Guide*. # # # # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html # # @option params [required, String] :group_name # The name (friendly name, not ARN) of the group to attach the policy # to. # # This parameter allows (per its [regex pattern][1]) a string of # characters consisting of upper and lowercase alphanumeric characters # with no spaces. You can also include any of the following characters: # =,.@- # # # # [1]: http://wikipedia.org/wiki/regex # # @option params [required, String] :policy_arn # The Amazon Resource Name (ARN) of the IAM policy you want to attach. # # For more information about ARNs, see [Amazon Resource Names (ARNs) and # AWS Service Namespaces][1] in the *AWS General Reference*. # # # # [1]: http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html # # @return [Struct] Returns an empty {Seahorse::Client::Response response}. # # @example Request syntax with placeholder values # # resp = client.attach_group_policy({ # group_name: "groupNameType", # required # policy_arn: "arnType", # required # }) # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/AttachGroupPolicy AWS API Documentation # # @overload attach_group_policy(params = {}) # @param [Hash] params ({}) def attach_group_policy(params = {}, options = {}) req = build_request(:attach_group_policy, params) req.send_request(options) end # Attaches the specified managed policy to the specified IAM role. When # you attach a managed policy to a role, the managed policy becomes part # of the role's permission (access) policy. # # You cannot use a managed policy as the role's trust policy. The # role's trust policy is created at the same time as the role, using # CreateRole. You can update a role's trust policy using # UpdateAssumeRolePolicy. # # # # Use this API to attach a *managed* policy to a role. To embed an # inline policy in a role, use PutRolePolicy. For more information about # policies, see [Managed Policies and Inline Policies][1] in the *IAM # User Guide*. # # # # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html # # @option params [required, String] :role_name # The name (friendly name, not ARN) of the role to attach the policy to. # # This parameter allows (per its [regex pattern][1]) a string of # characters consisting of upper and lowercase alphanumeric characters # with no spaces. You can also include any of the following characters: # \_+=,.@- # # # # [1]: http://wikipedia.org/wiki/regex # # @option params [required, String] :policy_arn # The Amazon Resource Name (ARN) of the IAM policy you want to attach. # # For more information about ARNs, see [Amazon Resource Names (ARNs) and # AWS Service Namespaces][1] in the *AWS General Reference*. # # # # [1]: http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html # # @return [Struct] Returns an empty {Seahorse::Client::Response response}. # # @example Request syntax with placeholder values # # resp = client.attach_role_policy({ # role_name: "roleNameType", # required # policy_arn: "arnType", # required # }) # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/AttachRolePolicy AWS API Documentation # # @overload attach_role_policy(params = {}) # @param [Hash] params ({}) def attach_role_policy(params = {}, options = {}) req = build_request(:attach_role_policy, params) req.send_request(options) end # Attaches the specified managed policy to the specified user. # # You use this API to attach a *managed* policy to a user. To embed an # inline policy in a user, use PutUserPolicy. # # For more information about policies, see [Managed Policies and Inline # Policies][1] in the *IAM User Guide*. # # # # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html # # @option params [required, String] :user_name # The name (friendly name, not ARN) of the IAM user to attach the policy # to. # # This parameter allows (per its [regex pattern][1]) a string of # characters consisting of upper and lowercase alphanumeric characters # with no spaces. You can also include any of the following characters: # =,.@- # # # # [1]: http://wikipedia.org/wiki/regex # # @option params [required, String] :policy_arn # The Amazon Resource Name (ARN) of the IAM policy you want to attach. # # For more information about ARNs, see [Amazon Resource Names (ARNs) and # AWS Service Namespaces][1] in the *AWS General Reference*. # # # # [1]: http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html # # @return [Struct] Returns an empty {Seahorse::Client::Response response}. # # @example Request syntax with placeholder values # # resp = client.attach_user_policy({ # user_name: "userNameType", # required # policy_arn: "arnType", # required # }) # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/AttachUserPolicy AWS API Documentation # # @overload attach_user_policy(params = {}) # @param [Hash] params ({}) def attach_user_policy(params = {}, options = {}) req = build_request(:attach_user_policy, params) req.send_request(options) end # Changes the password of the IAM user who is calling this action. The # root account password is not affected by this action. # # To change the password for a different user, see UpdateLoginProfile. # For more information about modifying passwords, see [Managing # Passwords][1] in the *IAM User Guide*. # # # # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingLogins.html # # @option params [required, String] :old_password # The IAM user's current password. # # @option params [required, String] :new_password # The new password. The new password must conform to the AWS account's # password policy, if one exists. # # The [regex pattern][1] used to validate this parameter is a string of # characters consisting of almost any printable ASCII character from the # space (\\u0020) through the end of the ASCII character range # (\\u00FF). You can also include the tab (\\u0009), line feed # (\\u000A), and carriage return (\\u000D) characters. Although any of # these characters are valid in a password, note that many tools, such # as the AWS Management Console, might restrict the ability to enter # certain characters because they have special meaning within that tool. # # # # [1]: http://wikipedia.org/wiki/regex # # @return [Struct] Returns an empty {Seahorse::Client::Response response}. # # @example Request syntax with placeholder values # # resp = client.change_password({ # old_password: "passwordType", # required # new_password: "passwordType", # required # }) # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ChangePassword AWS API Documentation # # @overload change_password(params = {}) # @param [Hash] params ({}) def change_password(params = {}, options = {}) req = build_request(:change_password, params) req.send_request(options) end # Creates a new AWS secret access key and corresponding AWS access key # ID for the specified user. The default status for new keys is # `Active`. # # If you do not specify a user name, IAM determines the user name # implicitly based on the AWS access key ID signing the request. Because # this action works for access keys under the AWS account, you can use # this action to manage root credentials even if the AWS account has no # associated users. # # For information about limits on the number of keys you can create, see # [Limitations on IAM Entities][1] in the *IAM User Guide*. # # To ensure the security of your AWS account, the secret access key is # accessible only during key and user creation. You must save the key # (for example, in a text file) if you want to be able to access it # again. If a secret key is lost, you can delete the access keys for the # associated user and then create new keys. # # # # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html # # @option params [String] :user_name # The name of the IAM user that the new key will belong to. # # This parameter allows (per its [regex pattern][1]) a string of # characters consisting of upper and lowercase alphanumeric characters # with no spaces. You can also include any of the following characters: # =,.@- # # # # [1]: http://wikipedia.org/wiki/regex # # @return [Types::CreateAccessKeyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::CreateAccessKeyResponse#access_key #access_key} => Types::AccessKey # # @example Request syntax with placeholder values # # resp = client.create_access_key({ # user_name: "existingUserNameType", # }) # # @example Response structure # # resp.access_key.user_name #=> String # resp.access_key.access_key_id #=> String # resp.access_key.status #=> String, one of "Active", "Inactive" # resp.access_key.secret_access_key #=> String # resp.access_key.create_date #=> Time # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateAccessKey AWS API Documentation # # @overload create_access_key(params = {}) # @param [Hash] params ({}) def create_access_key(params = {}, options = {}) req = build_request(:create_access_key, params) req.send_request(options) end # Creates an alias for your AWS account. For information about using an # AWS account alias, see [Using an Alias for Your AWS Account ID][1] in # the *IAM User Guide*. # # # # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/AccountAlias.html # # @option params [required, String] :account_alias # The account alias to create. # # This parameter allows (per its [regex pattern][1]) a string of # characters consisting of lowercase letters, digits, and dashes. You # cannot start or finish with a dash, nor can you have two dashes in a # row. # # # # [1]: http://wikipedia.org/wiki/regex # # @return [Struct] Returns an empty {Seahorse::Client::Response response}. # # @example Request syntax with placeholder values # # resp = client.create_account_alias({ # account_alias: "accountAliasType", # required # }) # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateAccountAlias AWS API Documentation # # @overload create_account_alias(params = {}) # @param [Hash] params ({}) def create_account_alias(params = {}, options = {}) req = build_request(:create_account_alias, params) req.send_request(options) end # Creates a new group. # # For information about the number of groups you can create, see # [Limitations on IAM Entities][1] in the *IAM User Guide*. # # # # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html # # @option params [String] :path # The path to the group. For more information about paths, see [IAM # Identifiers][1] in the *IAM User Guide*. # # This parameter is optional. If it is not included, it defaults to a # slash (/). # # This paramater allows (per its [regex pattern][2]) a string of # characters consisting of either a forward slash (/) by itself or a # string that must begin and end with forward slashes, containing any # ASCII character from the ! (\\u0021) thru the DEL character (\\u007F), # including most punctuation characters, digits, and upper and # lowercased letters. # # # # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html # [2]: http://wikipedia.org/wiki/regex # # @option params [required, String] :group_name # The name of the group to create. Do not include the path in this # value. # # This parameter allows (per its [regex pattern][1]) a string of # characters consisting of upper and lowercase alphanumeric characters # with no spaces. You can also include any of the following characters: # =,.@-. The group name must be unique within the account. Group names # are not distinguished by case. For example, you cannot create groups # named both "ADMINS" and "admins". # # # # [1]: http://wikipedia.org/wiki/regex # # @return [Types::CreateGroupResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::CreateGroupResponse#group #group} => Types::Group # # @example Request syntax with placeholder values # # resp = client.create_group({ # path: "pathType", # group_name: "groupNameType", # required # }) # # @example Response structure # # resp.group.path #=> String # resp.group.group_name #=> String # resp.group.group_id #=> String # resp.group.arn #=> String # resp.group.create_date #=> Time # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateGroup AWS API Documentation # # @overload create_group(params = {}) # @param [Hash] params ({}) def create_group(params = {}, options = {}) req = build_request(:create_group, params) req.send_request(options) end # Creates a new instance profile. For information about instance # profiles, go to [About Instance Profiles][1]. # # For information about the number of instance profiles you can create, # see [Limitations on IAM Entities][2] in the *IAM User Guide*. # # # # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/AboutInstanceProfiles.html # [2]: http://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html # # @option params [required, String] :instance_profile_name # The name of the instance profile to create. # # This parameter allows (per its [regex pattern][1]) a string of # characters consisting of upper and lowercase alphanumeric characters # with no spaces. You can also include any of the following characters: # =,.@- # # # # [1]: http://wikipedia.org/wiki/regex # # @option params [String] :path # The path to the instance profile. For more information about paths, # see [IAM Identifiers][1] in the *IAM User Guide*. # # This parameter is optional. If it is not included, it defaults to a # slash (/). # # This paramater allows (per its [regex pattern][2]) a string of # characters consisting of either a forward slash (/) by itself or a # string that must begin and end with forward slashes, containing any # ASCII character from the ! (\\u0021) thru the DEL character (\\u007F), # including most punctuation characters, digits, and upper and # lowercased letters. # # # # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html # [2]: http://wikipedia.org/wiki/regex # # @return [Types::CreateInstanceProfileResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::CreateInstanceProfileResponse#instance_profile #instance_profile} => Types::InstanceProfile # # @example Request syntax with placeholder values # # resp = client.create_instance_profile({ # instance_profile_name: "instanceProfileNameType", # required # path: "pathType", # }) # # @example Response structure # # resp.instance_profile.path #=> String # resp.instance_profile.instance_profile_name #=> String # resp.instance_profile.instance_profile_id #=> String # resp.instance_profile.arn #=> String # resp.instance_profile.create_date #=> Time # resp.instance_profile.roles #=> Array # resp.instance_profile.roles[0].path #=> String # resp.instance_profile.roles[0].role_name #=> String # resp.instance_profile.roles[0].role_id #=> String # resp.instance_profile.roles[0].arn #=> String # resp.instance_profile.roles[0].create_date #=> Time # resp.instance_profile.roles[0].assume_role_policy_document #=> String # resp.instance_profile.roles[0].description #=> String # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateInstanceProfile AWS API Documentation # # @overload create_instance_profile(params = {}) # @param [Hash] params ({}) def create_instance_profile(params = {}, options = {}) req = build_request(:create_instance_profile, params) req.send_request(options) end # Creates a password for the specified user, giving the user the ability # to access AWS services through the AWS Management Console. For more # information about managing passwords, see [Managing Passwords][1] in # the *IAM User Guide*. # # # # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingLogins.html # # @option params [required, String] :user_name # The name of the IAM user to create a password for. The user must # already exist. # # This parameter allows (per its [regex pattern][1]) a string of # characters consisting of upper and lowercase alphanumeric characters # with no spaces. You can also include any of the following characters: # =,.@- # # # # [1]: http://wikipedia.org/wiki/regex # # @option params [required, String] :password # The new password for the user. # # The [regex pattern][1] used to validate this parameter is a string of # characters consisting of almost any printable ASCII character from the # space (\\u0020) through the end of the ASCII character range # (\\u00FF). You can also include the tab (\\u0009), line feed # (\\u000A), and carriage return (\\u000D) characters. Although any of # these characters are valid in a password, note that many tools, such # as the AWS Management Console, might restrict the ability to enter # certain characters because they have special meaning within that tool. # # # # [1]: http://wikipedia.org/wiki/regex # # @option params [Boolean] :password_reset_required # Specifies whether the user is required to set a new password on next # sign-in. # # @return [Types::CreateLoginProfileResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::CreateLoginProfileResponse#login_profile #login_profile} => Types::LoginProfile # # @example Request syntax with placeholder values # # resp = client.create_login_profile({ # user_name: "userNameType", # required # password: "passwordType", # required # password_reset_required: false, # }) # # @example Response structure # # resp.login_profile.user_name #=> String # resp.login_profile.create_date #=> Time # resp.login_profile.password_reset_required #=> Boolean # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateLoginProfile AWS API Documentation # # @overload create_login_profile(params = {}) # @param [Hash] params ({}) def create_login_profile(params = {}, options = {}) req = build_request(:create_login_profile, params) req.send_request(options) end # Creates an IAM entity to describe an identity provider (IdP) that # supports [OpenID Connect (OIDC)][1]. # # The OIDC provider that you create with this operation can be used as a # principal in a role's trust policy to establish a trust relationship # between AWS and the OIDC provider. # # When you create the IAM OIDC provider, you specify the URL of the OIDC # identity provider (IdP) to trust, a list of client IDs (also known as # audiences) that identify the application or applications that are # allowed to authenticate using the OIDC provider, and a list of # thumbprints of the server certificate(s) that the IdP uses. You get # all of this information from the OIDC IdP that you want to use for # access to AWS. # # Because trust for the OIDC provider is ultimately derived from the IAM # provider that this action creates, it is a best practice to limit # access to the CreateOpenIDConnectProvider action to highly-privileged # users. # # # # # # [1]: http://openid.net/connect/ # # @option params [required, String] :url # The URL of the identity provider. The URL must begin with "https://" # and should correspond to the `iss` claim in the provider's OpenID # Connect ID tokens. Per the OIDC standard, path components are allowed # but query parameters are not. Typically the URL consists of only a # host name, like "https://server.example.org" or # "https://example.com". # # You cannot register the same provider multiple times in a single AWS # account. If you try to submit a URL that has already been used for an # OpenID Connect provider in the AWS account, you will get an error. # # @option params [Array] :client_id_list # A list of client IDs (also known as audiences). When a mobile or web # app registers with an OpenID Connect provider, they establish a value # that identifies the application. (This is the value that's sent as # the `client_id` parameter on OAuth requests.) # # You can register multiple client IDs with the same provider. For # example, you might have multiple applications that use the same OIDC # provider. You cannot register more than 100 client IDs with a single # IAM OIDC provider. # # There is no defined format for a client ID. The # `CreateOpenIDConnectProviderRequest` action accepts client IDs up to # 255 characters long. # # @option params [required, Array] :thumbprint_list # A list of server certificate thumbprints for the OpenID Connect (OIDC) # identity provider's server certificate(s). Typically this list # includes only one entry. However, IAM lets you have up to five # thumbprints for an OIDC provider. This lets you maintain multiple # thumbprints if the identity provider is rotating certificates. # # The server certificate thumbprint is the hex-encoded SHA-1 hash value # of the X.509 certificate used by the domain where the OpenID Connect # provider makes its keys available. It is always a 40-character string. # # You must provide at least one thumbprint when creating an IAM OIDC # provider. For example, if the OIDC provider is `server.example.com` # and the provider stores its keys at # "https://keys.server.example.com/openid-connect", the thumbprint # string would be the hex-encoded SHA-1 hash value of the certificate # used by https://keys.server.example.com. # # For more information about obtaining the OIDC provider's thumbprint, # see [Obtaining the Thumbprint for an OpenID Connect Provider][1] in # the *IAM User Guide*. # # # # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/identity-providers-oidc-obtain-thumbprint.html # # @return [Types::CreateOpenIDConnectProviderResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::CreateOpenIDConnectProviderResponse#open_id_connect_provider_arn #open_id_connect_provider_arn} => String # # @example Request syntax with placeholder values # # resp = client.create_open_id_connect_provider({ # url: "OpenIDConnectProviderUrlType", # required # client_id_list: ["clientIDType"], # thumbprint_list: ["thumbprintType"], # required # }) # # @example Response structure # # resp.open_id_connect_provider_arn #=> String # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateOpenIDConnectProvider AWS API Documentation # # @overload create_open_id_connect_provider(params = {}) # @param [Hash] params ({}) def create_open_id_connect_provider(params = {}, options = {}) req = build_request(:create_open_id_connect_provider, params) req.send_request(options) end # Creates a new managed policy for your AWS account. # # This operation creates a policy version with a version identifier of # `v1` and sets v1 as the policy's default version. For more # information about policy versions, see [Versioning for Managed # Policies][1] in the *IAM User Guide*. # # For more information about managed policies in general, see [Managed # Policies and Inline Policies][2] in the *IAM User Guide*. # # # # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html # [2]: http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html # # @option params [required, String] :policy_name # The friendly name of the policy. # # This parameter allows (per its [regex pattern][1]) a string of # characters consisting of upper and lowercase alphanumeric characters # with no spaces. You can also include any of the following characters: # =,.@- # # # # [1]: http://wikipedia.org/wiki/regex # # @option params [String] :path # The path for the policy. # # For more information about paths, see [IAM Identifiers][1] in the *IAM # User Guide*. # # This parameter is optional. If it is not included, it defaults to a # slash (/). # # This paramater allows (per its [regex pattern][2]) a string of # characters consisting of either a forward slash (/) by itself or a # string that must begin and end with forward slashes, containing any # ASCII character from the ! (\\u0021) thru the DEL character (\\u007F), # including most punctuation characters, digits, and upper and # lowercased letters. # # # # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html # [2]: http://wikipedia.org/wiki/regex # # @option params [required, String] :policy_document # The JSON policy document that you want to use as the content for the # new policy. # # The [regex pattern][1] used to validate this parameter is a string of # characters consisting of any printable ASCII character ranging from # the space character (\\u0020) through end of the ASCII character range # as well as the printable characters in the Basic Latin and Latin-1 # Supplement character set (through \\u00FF). It also includes the # special characters tab (\\u0009), line feed (\\u000A), and carriage # return (\\u000D). # # # # [1]: http://wikipedia.org/wiki/regex # # @option params [String] :description # A friendly description of the policy. # # Typically used to store information about the permissions defined in # the policy. For example, "Grants access to production DynamoDB # tables." # # The policy description is immutable. After a value is assigned, it # cannot be changed. # # @return [Types::CreatePolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::CreatePolicyResponse#policy #policy} => Types::Policy # # @example Request syntax with placeholder values # # resp = client.create_policy({ # policy_name: "policyNameType", # required # path: "policyPathType", # policy_document: "policyDocumentType", # required # description: "policyDescriptionType", # }) # # @example Response structure # # resp.policy.policy_name #=> String # resp.policy.policy_id #=> String # resp.policy.arn #=> String # resp.policy.path #=> String # resp.policy.default_version_id #=> String # resp.policy.attachment_count #=> Integer # resp.policy.is_attachable #=> Boolean # resp.policy.description #=> String # resp.policy.create_date #=> Time # resp.policy.update_date #=> Time # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreatePolicy AWS API Documentation # # @overload create_policy(params = {}) # @param [Hash] params ({}) def create_policy(params = {}, options = {}) req = build_request(:create_policy, params) req.send_request(options) end # Creates a new version of the specified managed policy. To update a # managed policy, you create a new policy version. A managed policy can # have up to five versions. If the policy has five versions, you must # delete an existing version using DeletePolicyVersion before you create # a new version. # # Optionally, you can set the new version as the policy's default # version. The default version is the version that is in effect for the # IAM users, groups, and roles to which the policy is attached. # # For more information about managed policy versions, see [Versioning # for Managed Policies][1] in the *IAM User Guide*. # # # # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html # # @option params [required, String] :policy_arn # The Amazon Resource Name (ARN) of the IAM policy to which you want to # add a new version. # # For more information about ARNs, see [Amazon Resource Names (ARNs) and # AWS Service Namespaces][1] in the *AWS General Reference*. # # # # [1]: http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html # # @option params [required, String] :policy_document # The JSON policy document that you want to use as the content for this # new version of the policy. # # The [regex pattern][1] used to validate this parameter is a string of # characters consisting of any printable ASCII character ranging from # the space character (\\u0020) through end of the ASCII character range # as well as the printable characters in the Basic Latin and Latin-1 # Supplement character set (through \\u00FF). It also includes the # special characters tab (\\u0009), line feed (\\u000A), and carriage # return (\\u000D). # # # # [1]: http://wikipedia.org/wiki/regex # # @option params [Boolean] :set_as_default # Specifies whether to set this version as the policy's default # version. # # When this parameter is `true`, the new policy version becomes the # operative version; that is, the version that is in effect for the IAM # users, groups, and roles that the policy is attached to. # # For more information about managed policy versions, see [Versioning # for Managed Policies][1] in the *IAM User Guide*. # # # # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html # # @return [Types::CreatePolicyVersionResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::CreatePolicyVersionResponse#policy_version #policy_version} => Types::PolicyVersion # # @example Request syntax with placeholder values # # resp = client.create_policy_version({ # policy_arn: "arnType", # required # policy_document: "policyDocumentType", # required # set_as_default: false, # }) # # @example Response structure # # resp.policy_version.document #=> String # resp.policy_version.version_id #=> String # resp.policy_version.is_default_version #=> Boolean # resp.policy_version.create_date #=> Time # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreatePolicyVersion AWS API Documentation # # @overload create_policy_version(params = {}) # @param [Hash] params ({}) def create_policy_version(params = {}, options = {}) req = build_request(:create_policy_version, params) req.send_request(options) end # Creates a new role for your AWS account. For more information about # roles, go to [Working with Roles][1]. For information about # limitations on role names and the number of roles you can create, go # to [Limitations on IAM Entities][2] in the *IAM User Guide*. # # # # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/WorkingWithRoles.html # [2]: http://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html # # @option params [String] :path # The path to the role. For more information about paths, see [IAM # Identifiers][1] in the *IAM User Guide*. # # This parameter is optional. If it is not included, it defaults to a # slash (/). # # This paramater allows (per its [regex pattern][2]) a string of # characters consisting of either a forward slash (/) by itself or a # string that must begin and end with forward slashes, containing any # ASCII character from the ! (\\u0021) thru the DEL character (\\u007F), # including most punctuation characters, digits, and upper and # lowercased letters. # # # # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html # [2]: http://wikipedia.org/wiki/regex # # @option params [required, String] :role_name # The name of the role to create. # # This parameter allows (per its [regex pattern][1]) a string of # characters consisting of upper and lowercase alphanumeric characters # with no spaces. You can also include any of the following characters: # \_+=,.@- # # Role names are not distinguished by case. For example, you cannot # create roles named both "PRODROLE" and "prodrole". # # # # [1]: http://wikipedia.org/wiki/regex # # @option params [required, String] :assume_role_policy_document # The trust relationship policy document that grants an entity # permission to assume the role. # # The [regex pattern][1] used to validate this parameter is a string of # characters consisting of any printable ASCII character ranging from # the space character (\\u0020) through end of the ASCII character range # as well as the printable characters in the Basic Latin and Latin-1 # Supplement character set (through \\u00FF). It also includes the # special characters tab (\\u0009), line feed (\\u000A), and carriage # return (\\u000D). # # # # [1]: http://wikipedia.org/wiki/regex # # @option params [String] :description # A customer-provided description of the role. # # @return [Types::CreateRoleResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::CreateRoleResponse#role #role} => Types::Role # # @example Request syntax with placeholder values # # resp = client.create_role({ # path: "pathType", # role_name: "roleNameType", # required # assume_role_policy_document: "policyDocumentType", # required # description: "roleDescriptionType", # }) # # @example Response structure # # resp.role.path #=> String # resp.role.role_name #=> String # resp.role.role_id #=> String # resp.role.arn #=> String # resp.role.create_date #=> Time # resp.role.assume_role_policy_document #=> String # resp.role.description #=> String # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateRole AWS API Documentation # # @overload create_role(params = {}) # @param [Hash] params ({}) def create_role(params = {}, options = {}) req = build_request(:create_role, params) req.send_request(options) end # Creates an IAM resource that describes an identity provider (IdP) that # supports SAML 2.0. # # The SAML provider resource that you create with this operation can be # used as a principal in an IAM role's trust policy to enable federated # users who sign-in using the SAML IdP to assume the role. You can # create an IAM role that supports Web-based single sign-on (SSO) to the # AWS Management Console or one that supports API access to AWS. # # When you create the SAML provider resource, you upload an a SAML # metadata document that you get from your IdP and that includes the # issuer's name, expiration information, and keys that can be used to # validate the SAML authentication response (assertions) that the IdP # sends. You must generate the metadata document using the identity # management software that is used as your organization's IdP. # # This operation requires [Signature Version 4][1]. # # # # For more information, see [Enabling SAML 2.0 Federated Users to Access # the AWS Management Console][2] and [About SAML 2.0-based # Federation][3] in the *IAM User Guide*. # # # # [1]: http://docs.aws.amazon.com/general/latest/gr/signature-version-4.html # [2]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-saml.html # [3]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html # # @option params [required, String] :saml_metadata_document # An XML document generated by an identity provider (IdP) that supports # SAML 2.0. The document includes the issuer's name, expiration # information, and keys that can be used to validate the SAML # authentication response (assertions) that are received from the IdP. # You must generate the metadata document using the identity management # software that is used as your organization's IdP. # # For more information, see [About SAML 2.0-based Federation][1] in the # *IAM User Guide* # # # # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html # # @option params [required, String] :name # The name of the provider to create. # # This parameter allows (per its [regex pattern][1]) a string of # characters consisting of upper and lowercase alphanumeric characters # with no spaces. You can also include any of the following characters: # =,.@- # # # # [1]: http://wikipedia.org/wiki/regex # # @return [Types::CreateSAMLProviderResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::CreateSAMLProviderResponse#saml_provider_arn #saml_provider_arn} => String # # @example Request syntax with placeholder values # # resp = client.create_saml_provider({ # saml_metadata_document: "SAMLMetadataDocumentType", # required # name: "SAMLProviderNameType", # required # }) # # @example Response structure # # resp.saml_provider_arn #=> String # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateSAMLProvider AWS API Documentation # # @overload create_saml_provider(params = {}) # @param [Hash] params ({}) def create_saml_provider(params = {}, options = {}) req = build_request(:create_saml_provider, params) req.send_request(options) end # Creates an IAM role that is linked to a specific AWS service. The # service controls the attached policies and when the role can be # deleted. This helps ensure that the service is not broken by an # unexpectedly changed or deleted role, which could put your AWS # resources into an unknown state. Allowing the service to control the # role helps improve service stability and proper cleanup when a service # and its role are no longer needed. # # The name of the role is autogenerated by combining the string that you # specify for the `AWSServiceName` parameter with the string that you # specify for the `CustomSuffix` parameter. The resulting name must be # unique in your account or the request fails. # # To attach a policy to this service-linked role, you must make the # request using the AWS service that depends on this role. # # @option params [required, String] :aws_service_name # The AWS service to which this role is attached. You use a string # similar to a URL but without the http:// in front. For example: # `elasticbeanstalk.amazonaws.com` # # @option params [String] :description # The description of the role. # # @option params [String] :custom_suffix # A string that you provide, which is combined with the service name to # form the complete role name. If you make multiple requests for the # same service, then you must supply a different `CustomSuffix` for each # request. Otherwise the request fails with a duplicate role name error. # For example, you could add `-1` or `-debug` to the suffix. # # @return [Types::CreateServiceLinkedRoleResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::CreateServiceLinkedRoleResponse#role #role} => Types::Role # # @example Request syntax with placeholder values # # resp = client.create_service_linked_role({ # aws_service_name: "groupNameType", # required # description: "roleDescriptionType", # custom_suffix: "customSuffixType", # }) # # @example Response structure # # resp.role.path #=> String # resp.role.role_name #=> String # resp.role.role_id #=> String # resp.role.arn #=> String # resp.role.create_date #=> Time # resp.role.assume_role_policy_document #=> String # resp.role.description #=> String # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateServiceLinkedRole AWS API Documentation # # @overload create_service_linked_role(params = {}) # @param [Hash] params ({}) def create_service_linked_role(params = {}, options = {}) req = build_request(:create_service_linked_role, params) req.send_request(options) end # Generates a set of credentials consisting of a user name and password # that can be used to access the service specified in the request. These # credentials are generated by IAM, and can be used only for the # specified service. # # You can have a maximum of two sets of service-specific credentials for # each supported service per user. # # The only supported service at this time is AWS CodeCommit. # # You can reset the password to a new service-generated value by calling # ResetServiceSpecificCredential. # # For more information about service-specific credentials, see [Using # IAM with AWS CodeCommit: Git Credentials, SSH Keys, and AWS Access # Keys][1] in the *IAM User Guide*. # # # # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_ssh-keys.html # # @option params [required, String] :user_name # The name of the IAM user that is to be associated with the # credentials. The new service-specific credentials have the same # permissions as the associated user except that they can be used only # to access the specified service. # # This parameter allows (per its [regex pattern][1]) a string of # characters consisting of upper and lowercase alphanumeric characters # with no spaces. You can also include any of the following characters: # =,.@- # # # # [1]: http://wikipedia.org/wiki/regex # # @option params [required, String] :service_name # The name of the AWS service that is to be associated with the # credentials. The service you specify here is the only service that can # be accessed using these credentials. # # @return [Types::CreateServiceSpecificCredentialResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::CreateServiceSpecificCredentialResponse#service_specific_credential #service_specific_credential} => Types::ServiceSpecificCredential # # @example Request syntax with placeholder values # # resp = client.create_service_specific_credential({ # user_name: "userNameType", # required # service_name: "serviceName", # required # }) # # @example Response structure # # resp.service_specific_credential.create_date #=> Time # resp.service_specific_credential.service_name #=> String # resp.service_specific_credential.service_user_name #=> String # resp.service_specific_credential.service_password #=> String # resp.service_specific_credential.service_specific_credential_id #=> String # resp.service_specific_credential.user_name #=> String # resp.service_specific_credential.status #=> String, one of "Active", "Inactive" # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateServiceSpecificCredential AWS API Documentation # # @overload create_service_specific_credential(params = {}) # @param [Hash] params ({}) def create_service_specific_credential(params = {}, options = {}) req = build_request(:create_service_specific_credential, params) req.send_request(options) end # Creates a new IAM user for your AWS account. # # For information about limitations on the number of IAM users you can # create, see [Limitations on IAM Entities][1] in the *IAM User Guide*. # # # # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html # # @option params [String] :path # The path for the user name. For more information about paths, see [IAM # Identifiers][1] in the *IAM User Guide*. # # This parameter is optional. If it is not included, it defaults to a # slash (/). # # This paramater allows (per its [regex pattern][2]) a string of # characters consisting of either a forward slash (/) by itself or a # string that must begin and end with forward slashes, containing any # ASCII character from the ! (\\u0021) thru the DEL character (\\u007F), # including most punctuation characters, digits, and upper and # lowercased letters. # # # # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html # [2]: http://wikipedia.org/wiki/regex # # @option params [required, String] :user_name # The name of the user to create. # # This parameter allows (per its [regex pattern][1]) a string of # characters consisting of upper and lowercase alphanumeric characters # with no spaces. You can also include any of the following characters: # =,.@-. User names are not distinguished by case. For example, you # cannot create users named both "TESTUSER" and "testuser". # # # # [1]: http://wikipedia.org/wiki/regex # # @return [Types::CreateUserResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::CreateUserResponse#user #user} => Types::User # # @example Request syntax with placeholder values # # resp = client.create_user({ # path: "pathType", # user_name: "userNameType", # required # }) # # @example Response structure # # resp.user.path #=> String # resp.user.user_name #=> String # resp.user.user_id #=> String # resp.user.arn #=> String # resp.user.create_date #=> Time # resp.user.password_last_used #=> Time # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateUser AWS API Documentation # # @overload create_user(params = {}) # @param [Hash] params ({}) def create_user(params = {}, options = {}) req = build_request(:create_user, params) req.send_request(options) end # Creates a new virtual MFA device for the AWS account. After creating # the virtual MFA, use EnableMFADevice to attach the MFA device to an # IAM user. For more information about creating and working with virtual # MFA devices, go to [Using a Virtual MFA Device][1] in the *IAM User # Guide*. # # For information about limits on the number of MFA devices you can # create, see [Limitations on Entities][2] in the *IAM User Guide*. # # The seed information contained in the QR code and the Base32 string # should be treated like any other secret access information, such as # your AWS access keys or your passwords. After you provision your # virtual device, you should ensure that the information is destroyed # following secure procedures. # # # # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_VirtualMFA.html # [2]: http://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html # # @option params [String] :path # The path for the virtual MFA device. For more information about paths, # see [IAM Identifiers][1] in the *IAM User Guide*. # # This parameter is optional. If it is not included, it defaults to a # slash (/). # # This paramater allows (per its [regex pattern][2]) a string of # characters consisting of either a forward slash (/) by itself or a # string that must begin and end with forward slashes, containing any # ASCII character from the ! (\\u0021) thru the DEL character (\\u007F), # including most punctuation characters, digits, and upper and # lowercased letters. # # # # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html # [2]: http://wikipedia.org/wiki/regex # # @option params [required, String] :virtual_mfa_device_name # The name of the virtual MFA device. Use with path to uniquely identify # a virtual MFA device. # # This parameter allows (per its [regex pattern][1]) a string of # characters consisting of upper and lowercase alphanumeric characters # with no spaces. You can also include any of the following characters: # =,.@- # # # # [1]: http://wikipedia.org/wiki/regex # # @return [Types::CreateVirtualMFADeviceResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::CreateVirtualMFADeviceResponse#virtual_mfa_device #virtual_mfa_device} => Types::VirtualMFADevice # # @example Request syntax with placeholder values # # resp = client.create_virtual_mfa_device({ # path: "pathType", # virtual_mfa_device_name: "virtualMFADeviceName", # required # }) # # @example Response structure # # resp.virtual_mfa_device.serial_number #=> String # resp.virtual_mfa_device.base_32_string_seed #=> String # resp.virtual_mfa_device.qr_code_png #=> String # resp.virtual_mfa_device.user.path #=> String # resp.virtual_mfa_device.user.user_name #=> String # resp.virtual_mfa_device.user.user_id #=> String # resp.virtual_mfa_device.user.arn #=> String # resp.virtual_mfa_device.user.create_date #=> Time # resp.virtual_mfa_device.user.password_last_used #=> Time # resp.virtual_mfa_device.enable_date #=> Time # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateVirtualMFADevice AWS API Documentation # # @overload create_virtual_mfa_device(params = {}) # @param [Hash] params ({}) def create_virtual_mfa_device(params = {}, options = {}) req = build_request(:create_virtual_mfa_device, params) req.send_request(options) end # Deactivates the specified MFA device and removes it from association # with the user name for which it was originally enabled. # # For more information about creating and working with virtual MFA # devices, go to [Using a Virtual MFA Device][1] in the *IAM User # Guide*. # # # # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_VirtualMFA.html # # @option params [required, String] :user_name # The name of the user whose MFA device you want to deactivate. # # This parameter allows (per its [regex pattern][1]) a string of # characters consisting of upper and lowercase alphanumeric characters # with no spaces. You can also include any of the following characters: # =,.@- # # # # [1]: http://wikipedia.org/wiki/regex # # @option params [required, String] :serial_number # The serial number that uniquely identifies the MFA device. For virtual # MFA devices, the serial number is the device ARN. # # This parameter allows (per its [regex pattern][1]) a string of # characters consisting of upper and lowercase alphanumeric characters # with no spaces. You can also include any of the following characters: # =,.@:/- # # # # [1]: http://wikipedia.org/wiki/regex # # @return [Struct] Returns an empty {Seahorse::Client::Response response}. # # @example Request syntax with placeholder values # # resp = client.deactivate_mfa_device({ # user_name: "existingUserNameType", # required # serial_number: "serialNumberType", # required # }) # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeactivateMFADevice AWS API Documentation # # @overload deactivate_mfa_device(params = {}) # @param [Hash] params ({}) def deactivate_mfa_device(params = {}, options = {}) req = build_request(:deactivate_mfa_device, params) req.send_request(options) end # Deletes the access key pair associated with the specified IAM user. # # If you do not specify a user name, IAM determines the user name # implicitly based on the AWS access key ID signing the request. Because # this action works for access keys under the AWS account, you can use # this action to manage root credentials even if the AWS account has no # associated users. # # @option params [String] :user_name # The name of the user whose access key pair you want to delete. # # This parameter allows (per its [regex pattern][1]) a string of # characters consisting of upper and lowercase alphanumeric characters # with no spaces. You can also include any of the following characters: # =,.@- # # # # [1]: http://wikipedia.org/wiki/regex # # @option params [required, String] :access_key_id # The access key ID for the access key ID and secret access key you want # to delete. # # This parameter allows (per its [regex pattern][1]) a string of # characters that can consist of any upper or lowercased letter or # digit. # # # # [1]: http://wikipedia.org/wiki/regex # # @return [Struct] Returns an empty {Seahorse::Client::Response response}. # # @example Request syntax with placeholder values # # resp = client.delete_access_key({ # user_name: "existingUserNameType", # access_key_id: "accessKeyIdType", # required # }) # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeleteAccessKey AWS API Documentation # # @overload delete_access_key(params = {}) # @param [Hash] params ({}) def delete_access_key(params = {}, options = {}) req = build_request(:delete_access_key, params) req.send_request(options) end # Deletes the specified AWS account alias. For information about using # an AWS account alias, see [Using an Alias for Your AWS Account ID][1] # in the *IAM User Guide*. # # # # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/AccountAlias.html # # @option params [required, String] :account_alias # The name of the account alias to delete. # # This parameter allows (per its [regex pattern][1]) a string of # characters consisting of lowercase letters, digits, and dashes. You # cannot start or finish with a dash, nor can you have two dashes in a # row. # # # # [1]: http://wikipedia.org/wiki/regex # # @return [Struct] Returns an empty {Seahorse::Client::Response response}. # # @example Request syntax with placeholder values # # resp = client.delete_account_alias({ # account_alias: "accountAliasType", # required # }) # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeleteAccountAlias AWS API Documentation # # @overload delete_account_alias(params = {}) # @param [Hash] params ({}) def delete_account_alias(params = {}, options = {}) req = build_request(:delete_account_alias, params) req.send_request(options) end # Deletes the password policy for the AWS account. There are no # parameters. # # @return [Struct] Returns an empty {Seahorse::Client::Response response}. # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeleteAccountPasswordPolicy AWS API Documentation # # @overload delete_account_password_policy(params = {}) # @param [Hash] params ({}) def delete_account_password_policy(params = {}, options = {}) req = build_request(:delete_account_password_policy, params) req.send_request(options) end # Deletes the specified IAM group. The group must not contain any users # or have any attached policies. # # @option params [required, String] :group_name # The name of the IAM group to delete. # # This parameter allows (per its [regex pattern][1]) a string of # characters consisting of upper and lowercase alphanumeric characters # with no spaces. You can also include any of the following characters: # =,.@- # # # # [1]: http://wikipedia.org/wiki/regex # # @return [Struct] Returns an empty {Seahorse::Client::Response response}. # # @example Request syntax with placeholder values # # resp = client.delete_group({ # group_name: "groupNameType", # required # }) # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeleteGroup AWS API Documentation # # @overload delete_group(params = {}) # @param [Hash] params ({}) def delete_group(params = {}, options = {}) req = build_request(:delete_group, params) req.send_request(options) end # Deletes the specified inline policy that is embedded in the specified # IAM group. # # A group can also have managed policies attached to it. To detach a # managed policy from a group, use DetachGroupPolicy. For more # information about policies, refer to [Managed Policies and Inline # Policies][1] in the *IAM User Guide*. # # # # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html # # @option params [required, String] :group_name # The name (friendly name, not ARN) identifying the group that the # policy is embedded in. # # This parameter allows (per its [regex pattern][1]) a string of # characters consisting of upper and lowercase alphanumeric characters # with no spaces. You can also include any of the following characters: # =,.@- # # # # [1]: http://wikipedia.org/wiki/regex # # @option params [required, String] :policy_name # The name identifying the policy document to delete. # # This parameter allows (per its [regex pattern][1]) a string of # characters consisting of upper and lowercase alphanumeric characters # with no spaces. You can also include any of the following characters: # =,.@- # # # # [1]: http://wikipedia.org/wiki/regex # # @return [Struct] Returns an empty {Seahorse::Client::Response response}. # # @example Request syntax with placeholder values # # resp = client.delete_group_policy({ # group_name: "groupNameType", # required # policy_name: "policyNameType", # required # }) # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeleteGroupPolicy AWS API Documentation # # @overload delete_group_policy(params = {}) # @param [Hash] params ({}) def delete_group_policy(params = {}, options = {}) req = build_request(:delete_group_policy, params) req.send_request(options) end # Deletes the specified instance profile. The instance profile must not # have an associated role. # # Make sure you do not have any Amazon EC2 instances running with the # instance profile you are about to delete. Deleting a role or instance # profile that is associated with a running instance will break any # applications running on the instance. # # For more information about instance profiles, go to [About Instance # Profiles][1]. # # # # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/AboutInstanceProfiles.html # # @option params [required, String] :instance_profile_name # The name of the instance profile to delete. # # This parameter allows (per its [regex pattern][1]) a string of # characters consisting of upper and lowercase alphanumeric characters # with no spaces. You can also include any of the following characters: # =,.@- # # # # [1]: http://wikipedia.org/wiki/regex # # @return [Struct] Returns an empty {Seahorse::Client::Response response}. # # @example Request syntax with placeholder values # # resp = client.delete_instance_profile({ # instance_profile_name: "instanceProfileNameType", # required # }) # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeleteInstanceProfile AWS API Documentation # # @overload delete_instance_profile(params = {}) # @param [Hash] params ({}) def delete_instance_profile(params = {}, options = {}) req = build_request(:delete_instance_profile, params) req.send_request(options) end # Deletes the password for the specified IAM user, which terminates the # user's ability to access AWS services through the AWS Management # Console. # # Deleting a user's password does not prevent a user from accessing AWS # through the command line interface or the API. To prevent all user # access you must also either make any access keys inactive or delete # them. For more information about making keys inactive or deleting # them, see UpdateAccessKey and DeleteAccessKey. # # @option params [required, String] :user_name # The name of the user whose password you want to delete. # # This parameter allows (per its [regex pattern][1]) a string of # characters consisting of upper and lowercase alphanumeric characters # with no spaces. You can also include any of the following characters: # =,.@- # # # # [1]: http://wikipedia.org/wiki/regex # # @return [Struct] Returns an empty {Seahorse::Client::Response response}. # # @example Request syntax with placeholder values # # resp = client.delete_login_profile({ # user_name: "userNameType", # required # }) # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeleteLoginProfile AWS API Documentation # # @overload delete_login_profile(params = {}) # @param [Hash] params ({}) def delete_login_profile(params = {}, options = {}) req = build_request(:delete_login_profile, params) req.send_request(options) end # Deletes an OpenID Connect identity provider (IdP) resource object in # IAM. # # Deleting an IAM OIDC provider resource does not update any roles that # reference the provider as a principal in their trust policies. Any # attempt to assume a role that references a deleted provider fails. # # This action is idempotent; it does not fail or return an error if you # call the action for a provider that does not exist. # # @option params [required, String] :open_id_connect_provider_arn # The Amazon Resource Name (ARN) of the IAM OpenID Connect provider # resource object to delete. You can get a list of OpenID Connect # provider resource ARNs by using the ListOpenIDConnectProviders action. # # @return [Struct] Returns an empty {Seahorse::Client::Response response}. # # @example Request syntax with placeholder values # # resp = client.delete_open_id_connect_provider({ # open_id_connect_provider_arn: "arnType", # required # }) # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeleteOpenIDConnectProvider AWS API Documentation # # @overload delete_open_id_connect_provider(params = {}) # @param [Hash] params ({}) def delete_open_id_connect_provider(params = {}, options = {}) req = build_request(:delete_open_id_connect_provider, params) req.send_request(options) end # Deletes the specified managed policy. # # Before you can delete a managed policy, you must first detach the # policy from all users, groups, and roles that it is attached to, and # you must delete all of the policy's versions. The following steps # describe the process for deleting a managed policy: # # * Detach the policy from all users, groups, and roles that the policy # is attached to, using the DetachUserPolicy, DetachGroupPolicy, or # DetachRolePolicy APIs. To list all the users, groups, and roles that # a policy is attached to, use ListEntitiesForPolicy. # # * Delete all versions of the policy using DeletePolicyVersion. To list # the policy's versions, use ListPolicyVersions. You cannot use # DeletePolicyVersion to delete the version that is marked as the # default version. You delete the policy's default version in the # next step of the process. # # * Delete the policy (this automatically deletes the policy's default # version) using this API. # # For information about managed policies, see [Managed Policies and # Inline Policies][1] in the *IAM User Guide*. # # # # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html # # @option params [required, String] :policy_arn # The Amazon Resource Name (ARN) of the IAM policy you want to delete. # # For more information about ARNs, see [Amazon Resource Names (ARNs) and # AWS Service Namespaces][1] in the *AWS General Reference*. # # # # [1]: http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html # # @return [Struct] Returns an empty {Seahorse::Client::Response response}. # # @example Request syntax with placeholder values # # resp = client.delete_policy({ # policy_arn: "arnType", # required # }) # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeletePolicy AWS API Documentation # # @overload delete_policy(params = {}) # @param [Hash] params ({}) def delete_policy(params = {}, options = {}) req = build_request(:delete_policy, params) req.send_request(options) end # Deletes the specified version from the specified managed policy. # # You cannot delete the default version from a policy using this API. To # delete the default version from a policy, use DeletePolicy. To find # out which version of a policy is marked as the default version, use # ListPolicyVersions. # # For information about versions for managed policies, see [Versioning # for Managed Policies][1] in the *IAM User Guide*. # # # # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html # # @option params [required, String] :policy_arn # The Amazon Resource Name (ARN) of the IAM policy from which you want # to delete a version. # # For more information about ARNs, see [Amazon Resource Names (ARNs) and # AWS Service Namespaces][1] in the *AWS General Reference*. # # # # [1]: http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html # # @option params [required, String] :version_id # The policy version to delete. # # This parameter allows (per its [regex pattern][1]) a string of # characters that consists of the lowercase letter 'v' followed by one # or two digits, and optionally followed by a period '.' and a string # of letters and digits. # # For more information about managed policy versions, see [Versioning # for Managed Policies][2] in the *IAM User Guide*. # # # # [1]: http://wikipedia.org/wiki/regex # [2]: http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html # # @return [Struct] Returns an empty {Seahorse::Client::Response response}. # # @example Request syntax with placeholder values # # resp = client.delete_policy_version({ # policy_arn: "arnType", # required # version_id: "policyVersionIdType", # required # }) # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeletePolicyVersion AWS API Documentation # # @overload delete_policy_version(params = {}) # @param [Hash] params ({}) def delete_policy_version(params = {}, options = {}) req = build_request(:delete_policy_version, params) req.send_request(options) end # Deletes the specified role. The role must not have any policies # attached. For more information about roles, go to [Working with # Roles][1]. # # Make sure you do not have any Amazon EC2 instances running with the # role you are about to delete. Deleting a role or instance profile that # is associated with a running instance will break any applications # running on the instance. # # # # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/WorkingWithRoles.html # # @option params [required, String] :role_name # The name of the role to delete. # # This parameter allows (per its [regex pattern][1]) a string of # characters consisting of upper and lowercase alphanumeric characters # with no spaces. You can also include any of the following characters: # \_+=,.@- # # # # [1]: http://wikipedia.org/wiki/regex # # @return [Struct] Returns an empty {Seahorse::Client::Response response}. # # @example Request syntax with placeholder values # # resp = client.delete_role({ # role_name: "roleNameType", # required # }) # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeleteRole AWS API Documentation # # @overload delete_role(params = {}) # @param [Hash] params ({}) def delete_role(params = {}, options = {}) req = build_request(:delete_role, params) req.send_request(options) end # Deletes the specified inline policy that is embedded in the specified # IAM role. # # A role can also have managed policies attached to it. To detach a # managed policy from a role, use DetachRolePolicy. For more information # about policies, refer to [Managed Policies and Inline Policies][1] in # the *IAM User Guide*. # # # # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html # # @option params [required, String] :role_name # The name (friendly name, not ARN) identifying the role that the policy # is embedded in. # # This parameter allows (per its [regex pattern][1]) a string of # characters consisting of upper and lowercase alphanumeric characters # with no spaces. You can also include any of the following characters: # \_+=,.@- # # # # [1]: http://wikipedia.org/wiki/regex # # @option params [required, String] :policy_name # The name of the inline policy to delete from the specified IAM role. # # This parameter allows (per its [regex pattern][1]) a string of # characters consisting of upper and lowercase alphanumeric characters # with no spaces. You can also include any of the following characters: # =,.@- # # # # [1]: http://wikipedia.org/wiki/regex # # @return [Struct] Returns an empty {Seahorse::Client::Response response}. # # @example Request syntax with placeholder values # # resp = client.delete_role_policy({ # role_name: "roleNameType", # required # policy_name: "policyNameType", # required # }) # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeleteRolePolicy AWS API Documentation # # @overload delete_role_policy(params = {}) # @param [Hash] params ({}) def delete_role_policy(params = {}, options = {}) req = build_request(:delete_role_policy, params) req.send_request(options) end # Deletes a SAML provider resource in IAM. # # Deleting the provider resource from IAM does not update any roles that # reference the SAML provider resource's ARN as a principal in their # trust policies. Any attempt to assume a role that references a # non-existent provider resource ARN fails. # # This operation requires [Signature Version 4][1]. # # # # # # [1]: http://docs.aws.amazon.com/general/latest/gr/signature-version-4.html # # @option params [required, String] :saml_provider_arn # The Amazon Resource Name (ARN) of the SAML provider to delete. # # @return [Struct] Returns an empty {Seahorse::Client::Response response}. # # @example Request syntax with placeholder values # # resp = client.delete_saml_provider({ # saml_provider_arn: "arnType", # required # }) # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeleteSAMLProvider AWS API Documentation # # @overload delete_saml_provider(params = {}) # @param [Hash] params ({}) def delete_saml_provider(params = {}, options = {}) req = build_request(:delete_saml_provider, params) req.send_request(options) end # Deletes the specified SSH public key. # # The SSH public key deleted by this action is used only for # authenticating the associated IAM user to an AWS CodeCommit # repository. For more information about using SSH keys to authenticate # to an AWS CodeCommit repository, see [Set up AWS CodeCommit for SSH # Connections][1] in the *AWS CodeCommit User Guide*. # # # # [1]: http://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-credentials-ssh.html # # @option params [required, String] :user_name # The name of the IAM user associated with the SSH public key. # # This parameter allows (per its [regex pattern][1]) a string of # characters consisting of upper and lowercase alphanumeric characters # with no spaces. You can also include any of the following characters: # =,.@- # # # # [1]: http://wikipedia.org/wiki/regex # # @option params [required, String] :ssh_public_key_id # The unique identifier for the SSH public key. # # This parameter allows (per its [regex pattern][1]) a string of # characters that can consist of any upper or lowercased letter or # digit. # # # # [1]: http://wikipedia.org/wiki/regex # # @return [Struct] Returns an empty {Seahorse::Client::Response response}. # # @example Request syntax with placeholder values # # resp = client.delete_ssh_public_key({ # user_name: "userNameType", # required # ssh_public_key_id: "publicKeyIdType", # required # }) # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeleteSSHPublicKey AWS API Documentation # # @overload delete_ssh_public_key(params = {}) # @param [Hash] params ({}) def delete_ssh_public_key(params = {}, options = {}) req = build_request(:delete_ssh_public_key, params) req.send_request(options) end # Deletes the specified server certificate. # # For more information about working with server certificates, including # a list of AWS services that can use the server certificates that you # manage with IAM, go to [Working with Server Certificates][1] in the # *IAM User Guide*. # # If you are using a server certificate with Elastic Load Balancing, # deleting the certificate could have implications for your application. # If Elastic Load Balancing doesn't detect the deletion of bound # certificates, it may continue to use the certificates. This could # cause Elastic Load Balancing to stop accepting traffic. We recommend # that you remove the reference to the certificate from Elastic Load # Balancing before using this command to delete the certificate. For # more information, go to [DeleteLoadBalancerListeners][2] in the # *Elastic Load Balancing API Reference*. # # # # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html # [2]: http://docs.aws.amazon.com/ElasticLoadBalancing/latest/APIReference/API_DeleteLoadBalancerListeners.html # # @option params [required, String] :server_certificate_name # The name of the server certificate you want to delete. # # This parameter allows (per its [regex pattern][1]) a string of # characters consisting of upper and lowercase alphanumeric characters # with no spaces. You can also include any of the following characters: # =,.@- # # # # [1]: http://wikipedia.org/wiki/regex # # @return [Struct] Returns an empty {Seahorse::Client::Response response}. # # @example Request syntax with placeholder values # # resp = client.delete_server_certificate({ # server_certificate_name: "serverCertificateNameType", # required # }) # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeleteServerCertificate AWS API Documentation # # @overload delete_server_certificate(params = {}) # @param [Hash] params ({}) def delete_server_certificate(params = {}, options = {}) req = build_request(:delete_server_certificate, params) req.send_request(options) end # Deletes the specified service-specific credential. # # @option params [String] :user_name # The name of the IAM user associated with the service-specific # credential. If this value is not specified, then the operation assumes # the user whose credentials are used to call the operation. # # This parameter allows (per its [regex pattern][1]) a string of # characters consisting of upper and lowercase alphanumeric characters # with no spaces. You can also include any of the following characters: # =,.@- # # # # [1]: http://wikipedia.org/wiki/regex # # @option params [required, String] :service_specific_credential_id # The unique identifier of the service-specific credential. You can get # this value by calling ListServiceSpecificCredentials. # # This parameter allows (per its [regex pattern][1]) a string of # characters that can consist of any upper or lowercased letter or # digit. # # # # [1]: http://wikipedia.org/wiki/regex # # @return [Struct] Returns an empty {Seahorse::Client::Response response}. # # @example Request syntax with placeholder values # # resp = client.delete_service_specific_credential({ # user_name: "userNameType", # service_specific_credential_id: "serviceSpecificCredentialId", # required # }) # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeleteServiceSpecificCredential AWS API Documentation # # @overload delete_service_specific_credential(params = {}) # @param [Hash] params ({}) def delete_service_specific_credential(params = {}, options = {}) req = build_request(:delete_service_specific_credential, params) req.send_request(options) end # Deletes a signing certificate associated with the specified IAM user. # # If you do not specify a user name, IAM determines the user name # implicitly based on the AWS access key ID signing the request. Because # this action works for access keys under the AWS account, you can use # this action to manage root credentials even if the AWS account has no # associated IAM users. # # @option params [String] :user_name # The name of the user the signing certificate belongs to. # # This parameter allows (per its [regex pattern][1]) a string of # characters consisting of upper and lowercase alphanumeric characters # with no spaces. You can also include any of the following characters: # =,.@- # # # # [1]: http://wikipedia.org/wiki/regex # # @option params [required, String] :certificate_id # The ID of the signing certificate to delete. # # The format of this parameter, as described by its [regex][1] pattern, # is a string of characters that can be upper- or lower-cased letters or # digits. # # # # [1]: http://wikipedia.org/wiki/regex # # @return [Struct] Returns an empty {Seahorse::Client::Response response}. # # @example Request syntax with placeholder values # # resp = client.delete_signing_certificate({ # user_name: "existingUserNameType", # certificate_id: "certificateIdType", # required # }) # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeleteSigningCertificate AWS API Documentation # # @overload delete_signing_certificate(params = {}) # @param [Hash] params ({}) def delete_signing_certificate(params = {}, options = {}) req = build_request(:delete_signing_certificate, params) req.send_request(options) end # Deletes the specified IAM user. The user must not belong to any groups # or have any access keys, signing certificates, or attached policies. # # @option params [required, String] :user_name # The name of the user to delete. # # This parameter allows (per its [regex pattern][1]) a string of # characters consisting of upper and lowercase alphanumeric characters # with no spaces. You can also include any of the following characters: # =,.@- # # # # [1]: http://wikipedia.org/wiki/regex # # @return [Struct] Returns an empty {Seahorse::Client::Response response}. # # @example Request syntax with placeholder values # # resp = client.delete_user({ # user_name: "existingUserNameType", # required # }) # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeleteUser AWS API Documentation # # @overload delete_user(params = {}) # @param [Hash] params ({}) def delete_user(params = {}, options = {}) req = build_request(:delete_user, params) req.send_request(options) end # Deletes the specified inline policy that is embedded in the specified # IAM user. # # A user can also have managed policies attached to it. To detach a # managed policy from a user, use DetachUserPolicy. For more information # about policies, refer to [Managed Policies and Inline Policies][1] in # the *IAM User Guide*. # # # # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html # # @option params [required, String] :user_name # The name (friendly name, not ARN) identifying the user that the policy # is embedded in. # # This parameter allows (per its [regex pattern][1]) a string of # characters consisting of upper and lowercase alphanumeric characters # with no spaces. You can also include any of the following characters: # =,.@- # # # # [1]: http://wikipedia.org/wiki/regex # # @option params [required, String] :policy_name # The name identifying the policy document to delete. # # This parameter allows (per its [regex pattern][1]) a string of # characters consisting of upper and lowercase alphanumeric characters # with no spaces. You can also include any of the following characters: # =,.@- # # # # [1]: http://wikipedia.org/wiki/regex # # @return [Struct] Returns an empty {Seahorse::Client::Response response}. # # @example Request syntax with placeholder values # # resp = client.delete_user_policy({ # user_name: "existingUserNameType", # required # policy_name: "policyNameType", # required # }) # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeleteUserPolicy AWS API Documentation # # @overload delete_user_policy(params = {}) # @param [Hash] params ({}) def delete_user_policy(params = {}, options = {}) req = build_request(:delete_user_policy, params) req.send_request(options) end # Deletes a virtual MFA device. # # You must deactivate a user's virtual MFA device before you can delete # it. For information about deactivating MFA devices, see # DeactivateMFADevice. # # # # @option params [required, String] :serial_number # The serial number that uniquely identifies the MFA device. For virtual # MFA devices, the serial number is the same as the ARN. # # This parameter allows (per its [regex pattern][1]) a string of # characters consisting of upper and lowercase alphanumeric characters # with no spaces. You can also include any of the following characters: # =,.@:/- # # # # [1]: http://wikipedia.org/wiki/regex # # @return [Struct] Returns an empty {Seahorse::Client::Response response}. # # @example Request syntax with placeholder values # # resp = client.delete_virtual_mfa_device({ # serial_number: "serialNumberType", # required # }) # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeleteVirtualMFADevice AWS API Documentation # # @overload delete_virtual_mfa_device(params = {}) # @param [Hash] params ({}) def delete_virtual_mfa_device(params = {}, options = {}) req = build_request(:delete_virtual_mfa_device, params) req.send_request(options) end # Removes the specified managed policy from the specified IAM group. # # A group can also have inline policies embedded with it. To delete an # inline policy, use the DeleteGroupPolicy API. For information about # policies, see [Managed Policies and Inline Policies][1] in the *IAM # User Guide*. # # # # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html # # @option params [required, String] :group_name # The name (friendly name, not ARN) of the IAM group to detach the # policy from. # # This parameter allows (per its [regex pattern][1]) a string of # characters consisting of upper and lowercase alphanumeric characters # with no spaces. You can also include any of the following characters: # =,.@- # # # # [1]: http://wikipedia.org/wiki/regex # # @option params [required, String] :policy_arn # The Amazon Resource Name (ARN) of the IAM policy you want to detach. # # For more information about ARNs, see [Amazon Resource Names (ARNs) and # AWS Service Namespaces][1] in the *AWS General Reference*. # # # # [1]: http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html # # @return [Struct] Returns an empty {Seahorse::Client::Response response}. # # @example Request syntax with placeholder values # # resp = client.detach_group_policy({ # group_name: "groupNameType", # required # policy_arn: "arnType", # required # }) # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DetachGroupPolicy AWS API Documentation # # @overload detach_group_policy(params = {}) # @param [Hash] params ({}) def detach_group_policy(params = {}, options = {}) req = build_request(:detach_group_policy, params) req.send_request(options) end # Removes the specified managed policy from the specified role. # # A role can also have inline policies embedded with it. To delete an # inline policy, use the DeleteRolePolicy API. For information about # policies, see [Managed Policies and Inline Policies][1] in the *IAM # User Guide*. # # # # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html # # @option params [required, String] :role_name # The name (friendly name, not ARN) of the IAM role to detach the policy # from. # # This parameter allows (per its [regex pattern][1]) a string of # characters consisting of upper and lowercase alphanumeric characters # with no spaces. You can also include any of the following characters: # \_+=,.@- # # # # [1]: http://wikipedia.org/wiki/regex # # @option params [required, String] :policy_arn # The Amazon Resource Name (ARN) of the IAM policy you want to detach. # # For more information about ARNs, see [Amazon Resource Names (ARNs) and # AWS Service Namespaces][1] in the *AWS General Reference*. # # # # [1]: http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html # # @return [Struct] Returns an empty {Seahorse::Client::Response response}. # # @example Request syntax with placeholder values # # resp = client.detach_role_policy({ # role_name: "roleNameType", # required # policy_arn: "arnType", # required # }) # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DetachRolePolicy AWS API Documentation # # @overload detach_role_policy(params = {}) # @param [Hash] params ({}) def detach_role_policy(params = {}, options = {}) req = build_request(:detach_role_policy, params) req.send_request(options) end # Removes the specified managed policy from the specified user. # # A user can also have inline policies embedded with it. To delete an # inline policy, use the DeleteUserPolicy API. For information about # policies, see [Managed Policies and Inline Policies][1] in the *IAM # User Guide*. # # # # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html # # @option params [required, String] :user_name # The name (friendly name, not ARN) of the IAM user to detach the policy # from. # # This parameter allows (per its [regex pattern][1]) a string of # characters consisting of upper and lowercase alphanumeric characters # with no spaces. You can also include any of the following characters: # =,.@- # # # # [1]: http://wikipedia.org/wiki/regex # # @option params [required, String] :policy_arn # The Amazon Resource Name (ARN) of the IAM policy you want to detach. # # For more information about ARNs, see [Amazon Resource Names (ARNs) and # AWS Service Namespaces][1] in the *AWS General Reference*. # # # # [1]: http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html # # @return [Struct] Returns an empty {Seahorse::Client::Response response}. # # @example Request syntax with placeholder values # # resp = client.detach_user_policy({ # user_name: "userNameType", # required # policy_arn: "arnType", # required # }) # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DetachUserPolicy AWS API Documentation # # @overload detach_user_policy(params = {}) # @param [Hash] params ({}) def detach_user_policy(params = {}, options = {}) req = build_request(:detach_user_policy, params) req.send_request(options) end # Enables the specified MFA device and associates it with the specified # IAM user. When enabled, the MFA device is required for every # subsequent login by the IAM user associated with the device. # # @option params [required, String] :user_name # The name of the IAM user for whom you want to enable the MFA device. # # This parameter allows (per its [regex pattern][1]) a string of # characters consisting of upper and lowercase alphanumeric characters # with no spaces. You can also include any of the following characters: # =,.@- # # # # [1]: http://wikipedia.org/wiki/regex # # @option params [required, String] :serial_number # The serial number that uniquely identifies the MFA device. For virtual # MFA devices, the serial number is the device ARN. # # This parameter allows (per its [regex pattern][1]) a string of # characters consisting of upper and lowercase alphanumeric characters # with no spaces. You can also include any of the following characters: # =,.@:/- # # # # [1]: http://wikipedia.org/wiki/regex # # @option params [required, String] :authentication_code_1 # An authentication code emitted by the device. # # The format for this parameter is a string of 6 digits. # # Submit your request immediately after generating the authentication # codes. If you generate the codes and then wait too long to submit the # request, the MFA device successfully associates with the user but the # MFA device becomes out of sync. This happens because time-based # one-time passwords (TOTP) expire after a short period of time. If this # happens, you can [resync the device][1]. # # # # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_sync.html # # @option params [required, String] :authentication_code_2 # A subsequent authentication code emitted by the device. # # The format for this parameter is a string of 6 digits. # # Submit your request immediately after generating the authentication # codes. If you generate the codes and then wait too long to submit the # request, the MFA device successfully associates with the user but the # MFA device becomes out of sync. This happens because time-based # one-time passwords (TOTP) expire after a short period of time. If this # happens, you can [resync the device][1]. # # # # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_sync.html # # @return [Struct] Returns an empty {Seahorse::Client::Response response}. # # @example Request syntax with placeholder values # # resp = client.enable_mfa_device({ # user_name: "existingUserNameType", # required # serial_number: "serialNumberType", # required # authentication_code_1: "authenticationCodeType", # required # authentication_code_2: "authenticationCodeType", # required # }) # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/EnableMFADevice AWS API Documentation # # @overload enable_mfa_device(params = {}) # @param [Hash] params ({}) def enable_mfa_device(params = {}, options = {}) req = build_request(:enable_mfa_device, params) req.send_request(options) end # Generates a credential report for the AWS account. For more # information about the credential report, see [Getting Credential # Reports][1] in the *IAM User Guide*. # # # # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/credential-reports.html # # @return [Types::GenerateCredentialReportResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::GenerateCredentialReportResponse#state #state} => String # * {Types::GenerateCredentialReportResponse#description #description} => String # # @example Response structure # # resp.state #=> String, one of "STARTED", "INPROGRESS", "COMPLETE" # resp.description #=> String # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GenerateCredentialReport AWS API Documentation # # @overload generate_credential_report(params = {}) # @param [Hash] params ({}) def generate_credential_report(params = {}, options = {}) req = build_request(:generate_credential_report, params) req.send_request(options) end # Retrieves information about when the specified access key was last # used. The information includes the date and time of last use, along # with the AWS service and region that were specified in the last # request made with that key. # # @option params [required, String] :access_key_id # The identifier of an access key. # # This parameter allows (per its [regex pattern][1]) a string of # characters that can consist of any upper or lowercased letter or # digit. # # # # [1]: http://wikipedia.org/wiki/regex # # @return [Types::GetAccessKeyLastUsedResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::GetAccessKeyLastUsedResponse#user_name #user_name} => String # * {Types::GetAccessKeyLastUsedResponse#access_key_last_used #access_key_last_used} => Types::AccessKeyLastUsed # # @example Request syntax with placeholder values # # resp = client.get_access_key_last_used({ # access_key_id: "accessKeyIdType", # required # }) # # @example Response structure # # resp.user_name #=> String # resp.access_key_last_used.last_used_date #=> Time # resp.access_key_last_used.service_name #=> String # resp.access_key_last_used.region #=> String # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetAccessKeyLastUsed AWS API Documentation # # @overload get_access_key_last_used(params = {}) # @param [Hash] params ({}) def get_access_key_last_used(params = {}, options = {}) req = build_request(:get_access_key_last_used, params) req.send_request(options) end # Retrieves information about all IAM users, groups, roles, and policies # in your AWS account, including their relationships to one another. Use # this API to obtain a snapshot of the configuration of IAM permissions # (users, groups, roles, and policies) in your account. # # You can optionally filter the results using the `Filter` parameter. # You can paginate the results using the `MaxItems` and `Marker` # parameters. # # @option params [Array] :filter # A list of entity types used to filter the results. Only the entities # that match the types you specify are included in the output. Use the # value `LocalManagedPolicy` to include customer managed policies. # # The format for this parameter is a comma-separated (if more than one) # list of strings. Each string value in the list must be one of the # valid values listed below. # # @option params [Integer] :max_items # (Optional) Use this only when paginating results to indicate the # maximum number of items you want in the response. If additional items # exist beyond the maximum you specify, the `IsTruncated` response # element is `true`. # # If you do not include this parameter, it defaults to 100. Note that # IAM might return fewer results, even when there are more results # available. In that case, the `IsTruncated` response element returns # `true` and `Marker` contains a value to include in the subsequent call # that tells the service where to continue from. # # @option params [String] :marker # Use this parameter only when paginating results and only after you # receive a response indicating that the results are truncated. Set it # to the value of the `Marker` element in the response that you received # to indicate where the next call should start. # # @return [Types::GetAccountAuthorizationDetailsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::GetAccountAuthorizationDetailsResponse#user_detail_list #user_detail_list} => Array<Types::UserDetail> # * {Types::GetAccountAuthorizationDetailsResponse#group_detail_list #group_detail_list} => Array<Types::GroupDetail> # * {Types::GetAccountAuthorizationDetailsResponse#role_detail_list #role_detail_list} => Array<Types::RoleDetail> # * {Types::GetAccountAuthorizationDetailsResponse#policies #policies} => Array<Types::ManagedPolicyDetail> # * {Types::GetAccountAuthorizationDetailsResponse#is_truncated #is_truncated} => Boolean # * {Types::GetAccountAuthorizationDetailsResponse#marker #marker} => String # # @example Request syntax with placeholder values # # resp = client.get_account_authorization_details({ # filter: ["User"], # accepts User, Role, Group, LocalManagedPolicy, AWSManagedPolicy # max_items: 1, # marker: "markerType", # }) # # @example Response structure # # resp.user_detail_list #=> Array # resp.user_detail_list[0].path #=> String # resp.user_detail_list[0].user_name #=> String # resp.user_detail_list[0].user_id #=> String # resp.user_detail_list[0].arn #=> String # resp.user_detail_list[0].create_date #=> Time # resp.user_detail_list[0].user_policy_list #=> Array # resp.user_detail_list[0].user_policy_list[0].policy_name #=> String # resp.user_detail_list[0].user_policy_list[0].policy_document #=> String # resp.user_detail_list[0].group_list #=> Array # resp.user_detail_list[0].group_list[0] #=> String # resp.user_detail_list[0].attached_managed_policies #=> Array # resp.user_detail_list[0].attached_managed_policies[0].policy_name #=> String # resp.user_detail_list[0].attached_managed_policies[0].policy_arn #=> String # resp.group_detail_list #=> Array # resp.group_detail_list[0].path #=> String # resp.group_detail_list[0].group_name #=> String # resp.group_detail_list[0].group_id #=> String # resp.group_detail_list[0].arn #=> String # resp.group_detail_list[0].create_date #=> Time # resp.group_detail_list[0].group_policy_list #=> Array # resp.group_detail_list[0].group_policy_list[0].policy_name #=> String # resp.group_detail_list[0].group_policy_list[0].policy_document #=> String # resp.group_detail_list[0].attached_managed_policies #=> Array # resp.group_detail_list[0].attached_managed_policies[0].policy_name #=> String # resp.group_detail_list[0].attached_managed_policies[0].policy_arn #=> String # resp.role_detail_list #=> Array # resp.role_detail_list[0].path #=> String # resp.role_detail_list[0].role_name #=> String # resp.role_detail_list[0].role_id #=> String # resp.role_detail_list[0].arn #=> String # resp.role_detail_list[0].create_date #=> Time # resp.role_detail_list[0].assume_role_policy_document #=> String # resp.role_detail_list[0].instance_profile_list #=> Array # resp.role_detail_list[0].instance_profile_list[0].path #=> String # resp.role_detail_list[0].instance_profile_list[0].instance_profile_name #=> String # resp.role_detail_list[0].instance_profile_list[0].instance_profile_id #=> String # resp.role_detail_list[0].instance_profile_list[0].arn #=> String # resp.role_detail_list[0].instance_profile_list[0].create_date #=> Time # resp.role_detail_list[0].instance_profile_list[0].roles #=> Array # resp.role_detail_list[0].instance_profile_list[0].roles[0].path #=> String # resp.role_detail_list[0].instance_profile_list[0].roles[0].role_name #=> String # resp.role_detail_list[0].instance_profile_list[0].roles[0].role_id #=> String # resp.role_detail_list[0].instance_profile_list[0].roles[0].arn #=> String # resp.role_detail_list[0].instance_profile_list[0].roles[0].create_date #=> Time # resp.role_detail_list[0].instance_profile_list[0].roles[0].assume_role_policy_document #=> String # resp.role_detail_list[0].instance_profile_list[0].roles[0].description #=> String # resp.role_detail_list[0].role_policy_list #=> Array # resp.role_detail_list[0].role_policy_list[0].policy_name #=> String # resp.role_detail_list[0].role_policy_list[0].policy_document #=> String # resp.role_detail_list[0].attached_managed_policies #=> Array # resp.role_detail_list[0].attached_managed_policies[0].policy_name #=> String # resp.role_detail_list[0].attached_managed_policies[0].policy_arn #=> String # resp.policies #=> Array # resp.policies[0].policy_name #=> String # resp.policies[0].policy_id #=> String # resp.policies[0].arn #=> String # resp.policies[0].path #=> String # resp.policies[0].default_version_id #=> String # resp.policies[0].attachment_count #=> Integer # resp.policies[0].is_attachable #=> Boolean # resp.policies[0].description #=> String # resp.policies[0].create_date #=> Time # resp.policies[0].update_date #=> Time # resp.policies[0].policy_version_list #=> Array # resp.policies[0].policy_version_list[0].document #=> String # resp.policies[0].policy_version_list[0].version_id #=> String # resp.policies[0].policy_version_list[0].is_default_version #=> Boolean # resp.policies[0].policy_version_list[0].create_date #=> Time # resp.is_truncated #=> Boolean # resp.marker #=> String # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetAccountAuthorizationDetails AWS API Documentation # # @overload get_account_authorization_details(params = {}) # @param [Hash] params ({}) def get_account_authorization_details(params = {}, options = {}) req = build_request(:get_account_authorization_details, params) req.send_request(options) end # Retrieves the password policy for the AWS account. For more # information about using a password policy, go to [Managing an IAM # Password Policy][1]. # # # # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingPasswordPolicies.html # # @return [Types::GetAccountPasswordPolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::GetAccountPasswordPolicyResponse#password_policy #password_policy} => Types::PasswordPolicy # # @example Response structure # # resp.password_policy.minimum_password_length #=> Integer # resp.password_policy.require_symbols #=> Boolean # resp.password_policy.require_numbers #=> Boolean # resp.password_policy.require_uppercase_characters #=> Boolean # resp.password_policy.require_lowercase_characters #=> Boolean # resp.password_policy.allow_users_to_change_password #=> Boolean # resp.password_policy.expire_passwords #=> Boolean # resp.password_policy.max_password_age #=> Integer # resp.password_policy.password_reuse_prevention #=> Integer # resp.password_policy.hard_expiry #=> Boolean # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetAccountPasswordPolicy AWS API Documentation # # @overload get_account_password_policy(params = {}) # @param [Hash] params ({}) def get_account_password_policy(params = {}, options = {}) req = build_request(:get_account_password_policy, params) req.send_request(options) end # Retrieves information about IAM entity usage and IAM quotas in the AWS # account. # # For information about limitations on IAM entities, see [Limitations on # IAM Entities][1] in the *IAM User Guide*. # # # # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html # # @return [Types::GetAccountSummaryResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::GetAccountSummaryResponse#summary_map #summary_map} => Hash<String,Integer> # # @example Response structure # # resp.summary_map #=> Hash # resp.summary_map["summaryKeyType"] #=> Integer # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetAccountSummary AWS API Documentation # # @overload get_account_summary(params = {}) # @param [Hash] params ({}) def get_account_summary(params = {}, options = {}) req = build_request(:get_account_summary, params) req.send_request(options) end # Gets a list of all of the context keys referenced in the input # policies. The policies are supplied as a list of one or more strings. # To get the context keys from policies associated with an IAM user, # group, or role, use GetContextKeysForPrincipalPolicy. # # Context keys are variables maintained by AWS and its services that # provide details about the context of an API query request, and can be # evaluated by testing against a value specified in an IAM policy. Use # GetContextKeysForCustomPolicy to understand what key names and values # you must supply when you call SimulateCustomPolicy. Note that all # parameters are shown in unencoded form here for clarity, but must be # URL encoded to be included as a part of a real HTML request. # # @option params [required, Array] :policy_input_list # A list of policies for which you want the list of context keys # referenced in those policies. Each document is specified as a string # containing the complete, valid JSON text of an IAM policy. # # The [regex pattern][1] used to validate this parameter is a string of # characters consisting of any printable ASCII character ranging from # the space character (\\u0020) through end of the ASCII character range # as well as the printable characters in the Basic Latin and Latin-1 # Supplement character set (through \\u00FF). It also includes the # special characters tab (\\u0009), line feed (\\u000A), and carriage # return (\\u000D). # # # # [1]: http://wikipedia.org/wiki/regex # # @return [Types::GetContextKeysForPolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::GetContextKeysForPolicyResponse#context_key_names #context_key_names} => Array<String> # # @example Request syntax with placeholder values # # resp = client.get_context_keys_for_custom_policy({ # policy_input_list: ["policyDocumentType"], # required # }) # # @example Response structure # # resp.context_key_names #=> Array # resp.context_key_names[0] #=> String # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetContextKeysForCustomPolicy AWS API Documentation # # @overload get_context_keys_for_custom_policy(params = {}) # @param [Hash] params ({}) def get_context_keys_for_custom_policy(params = {}, options = {}) req = build_request(:get_context_keys_for_custom_policy, params) req.send_request(options) end # Gets a list of all of the context keys referenced in all of the IAM # policies attached to the specified IAM entity. The entity can be an # IAM user, group, or role. If you specify a user, then the request also # includes all of the policies attached to groups that the user is a # member of. # # You can optionally include a list of one or more additional policies, # specified as strings. If you want to include *only* a list of policies # by string, use GetContextKeysForCustomPolicy instead. # # **Note:** This API discloses information about the permissions granted # to other users. If you do not want users to see other user's # permissions, then consider allowing them to use # GetContextKeysForCustomPolicy instead. # # Context keys are variables maintained by AWS and its services that # provide details about the context of an API query request, and can be # evaluated by testing against a value in an IAM policy. Use # GetContextKeysForPrincipalPolicy to understand what key names and # values you must supply when you call SimulatePrincipalPolicy. # # @option params [required, String] :policy_source_arn # The ARN of a user, group, or role whose policies contain the context # keys that you want listed. If you specify a user, the list includes # context keys that are found in all policies attached to the user as # well as to all groups that the user is a member of. If you pick a # group or a role, then it includes only those context keys that are # found in policies attached to that entity. Note that all parameters # are shown in unencoded form here for clarity, but must be URL encoded # to be included as a part of a real HTML request. # # For more information about ARNs, see [Amazon Resource Names (ARNs) and # AWS Service Namespaces][1] in the *AWS General Reference*. # # # # [1]: http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html # # @option params [Array] :policy_input_list # An optional list of additional policies for which you want the list of # context keys that are referenced. # # The [regex pattern][1] used to validate this parameter is a string of # characters consisting of any printable ASCII character ranging from # the space character (\\u0020) through end of the ASCII character range # as well as the printable characters in the Basic Latin and Latin-1 # Supplement character set (through \\u00FF). It also includes the # special characters tab (\\u0009), line feed (\\u000A), and carriage # return (\\u000D). # # # # [1]: http://wikipedia.org/wiki/regex # # @return [Types::GetContextKeysForPolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::GetContextKeysForPolicyResponse#context_key_names #context_key_names} => Array<String> # # @example Request syntax with placeholder values # # resp = client.get_context_keys_for_principal_policy({ # policy_source_arn: "arnType", # required # policy_input_list: ["policyDocumentType"], # }) # # @example Response structure # # resp.context_key_names #=> Array # resp.context_key_names[0] #=> String # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetContextKeysForPrincipalPolicy AWS API Documentation # # @overload get_context_keys_for_principal_policy(params = {}) # @param [Hash] params ({}) def get_context_keys_for_principal_policy(params = {}, options = {}) req = build_request(:get_context_keys_for_principal_policy, params) req.send_request(options) end # Retrieves a credential report for the AWS account. For more # information about the credential report, see [Getting Credential # Reports][1] in the *IAM User Guide*. # # # # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/credential-reports.html # # @return [Types::GetCredentialReportResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::GetCredentialReportResponse#content #content} => String # * {Types::GetCredentialReportResponse#report_format #report_format} => String # * {Types::GetCredentialReportResponse#generated_time #generated_time} => Time # # @example Response structure # # resp.content #=> String # resp.report_format #=> String, one of "text/csv" # resp.generated_time #=> Time # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetCredentialReport AWS API Documentation # # @overload get_credential_report(params = {}) # @param [Hash] params ({}) def get_credential_report(params = {}, options = {}) req = build_request(:get_credential_report, params) req.send_request(options) end # Returns a list of IAM users that are in the specified IAM group. You # can paginate the results using the `MaxItems` and `Marker` parameters. # # @option params [required, String] :group_name # The name of the group. # # This parameter allows (per its [regex pattern][1]) a string of # characters consisting of upper and lowercase alphanumeric characters # with no spaces. You can also include any of the following characters: # =,.@- # # # # [1]: http://wikipedia.org/wiki/regex # # @option params [String] :marker # Use this parameter only when paginating results and only after you # receive a response indicating that the results are truncated. Set it # to the value of the `Marker` element in the response that you received # to indicate where the next call should start. # # @option params [Integer] :max_items # (Optional) Use this only when paginating results to indicate the # maximum number of items you want in the response. If additional items # exist beyond the maximum you specify, the `IsTruncated` response # element is `true`. # # If you do not include this parameter, it defaults to 100. Note that # IAM might return fewer results, even when there are more results # available. In that case, the `IsTruncated` response element returns # `true` and `Marker` contains a value to include in the subsequent call # that tells the service where to continue from. # # @return [Types::GetGroupResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::GetGroupResponse#group #group} => Types::Group # * {Types::GetGroupResponse#users #users} => Array<Types::User> # * {Types::GetGroupResponse#is_truncated #is_truncated} => Boolean # * {Types::GetGroupResponse#marker #marker} => String # # @example Request syntax with placeholder values # # resp = client.get_group({ # group_name: "groupNameType", # required # marker: "markerType", # max_items: 1, # }) # # @example Response structure # # resp.group.path #=> String # resp.group.group_name #=> String # resp.group.group_id #=> String # resp.group.arn #=> String # resp.group.create_date #=> Time # resp.users #=> Array # resp.users[0].path #=> String # resp.users[0].user_name #=> String # resp.users[0].user_id #=> String # resp.users[0].arn #=> String # resp.users[0].create_date #=> Time # resp.users[0].password_last_used #=> Time # resp.is_truncated #=> Boolean # resp.marker #=> String # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetGroup AWS API Documentation # # @overload get_group(params = {}) # @param [Hash] params ({}) def get_group(params = {}, options = {}) req = build_request(:get_group, params) req.send_request(options) end # Retrieves the specified inline policy document that is embedded in the # specified IAM group. # # Policies returned by this API are URL-encoded compliant with [RFC # 3986][1]. You can use a URL decoding method to convert the policy back # to plain JSON text. For example, if you use Java, you can use the # `decode` method of the `java.net.URLDecoder` utility class in the Java # SDK. Other languages and SDKs provide similar functionality. # # # # An IAM group can also have managed policies attached to it. To # retrieve a managed policy document that is attached to a group, use # GetPolicy to determine the policy's default version, then use # GetPolicyVersion to retrieve the policy document. # # For more information about policies, see [Managed Policies and Inline # Policies][2] in the *IAM User Guide*. # # # # [1]: https://tools.ietf.org/html/rfc3986 # [2]: http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html # # @option params [required, String] :group_name # The name of the group the policy is associated with. # # This parameter allows (per its [regex pattern][1]) a string of # characters consisting of upper and lowercase alphanumeric characters # with no spaces. You can also include any of the following characters: # =,.@- # # # # [1]: http://wikipedia.org/wiki/regex # # @option params [required, String] :policy_name # The name of the policy document to get. # # This parameter allows (per its [regex pattern][1]) a string of # characters consisting of upper and lowercase alphanumeric characters # with no spaces. You can also include any of the following characters: # =,.@- # # # # [1]: http://wikipedia.org/wiki/regex # # @return [Types::GetGroupPolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::GetGroupPolicyResponse#group_name #group_name} => String # * {Types::GetGroupPolicyResponse#policy_name #policy_name} => String # * {Types::GetGroupPolicyResponse#policy_document #policy_document} => String # # @example Request syntax with placeholder values # # resp = client.get_group_policy({ # group_name: "groupNameType", # required # policy_name: "policyNameType", # required # }) # # @example Response structure # # resp.group_name #=> String # resp.policy_name #=> String # resp.policy_document #=> String # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetGroupPolicy AWS API Documentation # # @overload get_group_policy(params = {}) # @param [Hash] params ({}) def get_group_policy(params = {}, options = {}) req = build_request(:get_group_policy, params) req.send_request(options) end # Retrieves information about the specified instance profile, including # the instance profile's path, GUID, ARN, and role. For more # information about instance profiles, see [About Instance Profiles][1] # in the *IAM User Guide*. # # # # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/AboutInstanceProfiles.html # # @option params [required, String] :instance_profile_name # The name of the instance profile to get information about. # # This parameter allows (per its [regex pattern][1]) a string of # characters consisting of upper and lowercase alphanumeric characters # with no spaces. You can also include any of the following characters: # =,.@- # # # # [1]: http://wikipedia.org/wiki/regex # # @return [Types::GetInstanceProfileResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::GetInstanceProfileResponse#instance_profile #instance_profile} => Types::InstanceProfile # # @example Request syntax with placeholder values # # resp = client.get_instance_profile({ # instance_profile_name: "instanceProfileNameType", # required # }) # # @example Response structure # # resp.instance_profile.path #=> String # resp.instance_profile.instance_profile_name #=> String # resp.instance_profile.instance_profile_id #=> String # resp.instance_profile.arn #=> String # resp.instance_profile.create_date #=> Time # resp.instance_profile.roles #=> Array # resp.instance_profile.roles[0].path #=> String # resp.instance_profile.roles[0].role_name #=> String # resp.instance_profile.roles[0].role_id #=> String # resp.instance_profile.roles[0].arn #=> String # resp.instance_profile.roles[0].create_date #=> Time # resp.instance_profile.roles[0].assume_role_policy_document #=> String # resp.instance_profile.roles[0].description #=> String # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetInstanceProfile AWS API Documentation # # @overload get_instance_profile(params = {}) # @param [Hash] params ({}) def get_instance_profile(params = {}, options = {}) req = build_request(:get_instance_profile, params) req.send_request(options) end # Retrieves the user name and password-creation date for the specified # IAM user. If the user has not been assigned a password, the action # returns a 404 (`NoSuchEntity`) error. # # @option params [required, String] :user_name # The name of the user whose login profile you want to retrieve. # # This parameter allows (per its [regex pattern][1]) a string of # characters consisting of upper and lowercase alphanumeric characters # with no spaces. You can also include any of the following characters: # =,.@- # # # # [1]: http://wikipedia.org/wiki/regex # # @return [Types::GetLoginProfileResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::GetLoginProfileResponse#login_profile #login_profile} => Types::LoginProfile # # @example Request syntax with placeholder values # # resp = client.get_login_profile({ # user_name: "userNameType", # required # }) # # @example Response structure # # resp.login_profile.user_name #=> String # resp.login_profile.create_date #=> Time # resp.login_profile.password_reset_required #=> Boolean # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetLoginProfile AWS API Documentation # # @overload get_login_profile(params = {}) # @param [Hash] params ({}) def get_login_profile(params = {}, options = {}) req = build_request(:get_login_profile, params) req.send_request(options) end # Returns information about the specified OpenID Connect (OIDC) provider # resource object in IAM. # # @option params [required, String] :open_id_connect_provider_arn # The Amazon Resource Name (ARN) of the OIDC provider resource object in # IAM to get information for. You can get a list of OIDC provider # resource ARNs by using the ListOpenIDConnectProviders action. # # For more information about ARNs, see [Amazon Resource Names (ARNs) and # AWS Service Namespaces][1] in the *AWS General Reference*. # # # # [1]: http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html # # @return [Types::GetOpenIDConnectProviderResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::GetOpenIDConnectProviderResponse#url #url} => String # * {Types::GetOpenIDConnectProviderResponse#client_id_list #client_id_list} => Array<String> # * {Types::GetOpenIDConnectProviderResponse#thumbprint_list #thumbprint_list} => Array<String> # * {Types::GetOpenIDConnectProviderResponse#create_date #create_date} => Time # # @example Request syntax with placeholder values # # resp = client.get_open_id_connect_provider({ # open_id_connect_provider_arn: "arnType", # required # }) # # @example Response structure # # resp.url #=> String # resp.client_id_list #=> Array # resp.client_id_list[0] #=> String # resp.thumbprint_list #=> Array # resp.thumbprint_list[0] #=> String # resp.create_date #=> Time # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetOpenIDConnectProvider AWS API Documentation # # @overload get_open_id_connect_provider(params = {}) # @param [Hash] params ({}) def get_open_id_connect_provider(params = {}, options = {}) req = build_request(:get_open_id_connect_provider, params) req.send_request(options) end # Retrieves information about the specified managed policy, including # the policy's default version and the total number of IAM users, # groups, and roles to which the policy is attached. To retrieve the # list of the specific users, groups, and roles that the policy is # attached to, use the ListEntitiesForPolicy API. This API returns # metadata about the policy. To retrieve the actual policy document for # a specific version of the policy, use GetPolicyVersion. # # This API retrieves information about managed policies. To retrieve # information about an inline policy that is embedded with an IAM user, # group, or role, use the GetUserPolicy, GetGroupPolicy, or # GetRolePolicy API. # # For more information about policies, see [Managed Policies and Inline # Policies][1] in the *IAM User Guide*. # # # # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html # # @option params [required, String] :policy_arn # The Amazon Resource Name (ARN) of the managed policy that you want # information about. # # For more information about ARNs, see [Amazon Resource Names (ARNs) and # AWS Service Namespaces][1] in the *AWS General Reference*. # # # # [1]: http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html # # @return [Types::GetPolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::GetPolicyResponse#policy #policy} => Types::Policy # # @example Request syntax with placeholder values # # resp = client.get_policy({ # policy_arn: "arnType", # required # }) # # @example Response structure # # resp.policy.policy_name #=> String # resp.policy.policy_id #=> String # resp.policy.arn #=> String # resp.policy.path #=> String # resp.policy.default_version_id #=> String # resp.policy.attachment_count #=> Integer # resp.policy.is_attachable #=> Boolean # resp.policy.description #=> String # resp.policy.create_date #=> Time # resp.policy.update_date #=> Time # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetPolicy AWS API Documentation # # @overload get_policy(params = {}) # @param [Hash] params ({}) def get_policy(params = {}, options = {}) req = build_request(:get_policy, params) req.send_request(options) end # Retrieves information about the specified version of the specified # managed policy, including the policy document. # # Policies returned by this API are URL-encoded compliant with [RFC # 3986][1]. You can use a URL decoding method to convert the policy back # to plain JSON text. For example, if you use Java, you can use the # `decode` method of the `java.net.URLDecoder` utility class in the Java # SDK. Other languages and SDKs provide similar functionality. # # # # To list the available versions for a policy, use ListPolicyVersions. # # This API retrieves information about managed policies. To retrieve # information about an inline policy that is embedded in a user, group, # or role, use the GetUserPolicy, GetGroupPolicy, or GetRolePolicy API. # # For more information about the types of policies, see [Managed # Policies and Inline Policies][2] in the *IAM User Guide*. # # For more information about managed policy versions, see [Versioning # for Managed Policies][3] in the *IAM User Guide*. # # # # [1]: https://tools.ietf.org/html/rfc3986 # [2]: http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html # [3]: http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html # # @option params [required, String] :policy_arn # The Amazon Resource Name (ARN) of the managed policy that you want # information about. # # For more information about ARNs, see [Amazon Resource Names (ARNs) and # AWS Service Namespaces][1] in the *AWS General Reference*. # # # # [1]: http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html # # @option params [required, String] :version_id # Identifies the policy version to retrieve. # # This parameter allows (per its [regex pattern][1]) a string of # characters that consists of the lowercase letter 'v' followed by one # or two digits, and optionally followed by a period '.' and a string # of letters and digits. # # # # [1]: http://wikipedia.org/wiki/regex # # @return [Types::GetPolicyVersionResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::GetPolicyVersionResponse#policy_version #policy_version} => Types::PolicyVersion # # @example Request syntax with placeholder values # # resp = client.get_policy_version({ # policy_arn: "arnType", # required # version_id: "policyVersionIdType", # required # }) # # @example Response structure # # resp.policy_version.document #=> String # resp.policy_version.version_id #=> String # resp.policy_version.is_default_version #=> Boolean # resp.policy_version.create_date #=> Time # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetPolicyVersion AWS API Documentation # # @overload get_policy_version(params = {}) # @param [Hash] params ({}) def get_policy_version(params = {}, options = {}) req = build_request(:get_policy_version, params) req.send_request(options) end # Retrieves information about the specified role, including the role's # path, GUID, ARN, and the role's trust policy that grants permission # to assume the role. For more information about roles, see [Working # with Roles][1]. # # Policies returned by this API are URL-encoded compliant with [RFC # 3986][2]. You can use a URL decoding method to convert the policy back # to plain JSON text. For example, if you use Java, you can use the # `decode` method of the `java.net.URLDecoder` utility class in the Java # SDK. Other languages and SDKs provide similar functionality. # # # # # # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/WorkingWithRoles.html # [2]: https://tools.ietf.org/html/rfc3986 # # @option params [required, String] :role_name # The name of the IAM role to get information about. # # This parameter allows (per its [regex pattern][1]) a string of # characters consisting of upper and lowercase alphanumeric characters # with no spaces. You can also include any of the following characters: # \_+=,.@- # # # # [1]: http://wikipedia.org/wiki/regex # # @return [Types::GetRoleResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::GetRoleResponse#role #role} => Types::Role # # @example Request syntax with placeholder values # # resp = client.get_role({ # role_name: "roleNameType", # required # }) # # @example Response structure # # resp.role.path #=> String # resp.role.role_name #=> String # resp.role.role_id #=> String # resp.role.arn #=> String # resp.role.create_date #=> Time # resp.role.assume_role_policy_document #=> String # resp.role.description #=> String # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetRole AWS API Documentation # # @overload get_role(params = {}) # @param [Hash] params ({}) def get_role(params = {}, options = {}) req = build_request(:get_role, params) req.send_request(options) end # Retrieves the specified inline policy document that is embedded with # the specified IAM role. # # Policies returned by this API are URL-encoded compliant with [RFC # 3986][1]. You can use a URL decoding method to convert the policy back # to plain JSON text. For example, if you use Java, you can use the # `decode` method of the `java.net.URLDecoder` utility class in the Java # SDK. Other languages and SDKs provide similar functionality. # # # # An IAM role can also have managed policies attached to it. To retrieve # a managed policy document that is attached to a role, use GetPolicy to # determine the policy's default version, then use GetPolicyVersion to # retrieve the policy document. # # For more information about policies, see [Managed Policies and Inline # Policies][2] in the *IAM User Guide*. # # For more information about roles, see [Using Roles to Delegate # Permissions and Federate Identities][3]. # # # # [1]: https://tools.ietf.org/html/rfc3986 # [2]: http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html # [3]: http://docs.aws.amazon.com/IAM/latest/UserGuide/roles-toplevel.html # # @option params [required, String] :role_name # The name of the role associated with the policy. # # This parameter allows (per its [regex pattern][1]) a string of # characters consisting of upper and lowercase alphanumeric characters # with no spaces. You can also include any of the following characters: # \_+=,.@- # # # # [1]: http://wikipedia.org/wiki/regex # # @option params [required, String] :policy_name # The name of the policy document to get. # # This parameter allows (per its [regex pattern][1]) a string of # characters consisting of upper and lowercase alphanumeric characters # with no spaces. You can also include any of the following characters: # =,.@- # # # # [1]: http://wikipedia.org/wiki/regex # # @return [Types::GetRolePolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::GetRolePolicyResponse#role_name #role_name} => String # * {Types::GetRolePolicyResponse#policy_name #policy_name} => String # * {Types::GetRolePolicyResponse#policy_document #policy_document} => String # # @example Request syntax with placeholder values # # resp = client.get_role_policy({ # role_name: "roleNameType", # required # policy_name: "policyNameType", # required # }) # # @example Response structure # # resp.role_name #=> String # resp.policy_name #=> String # resp.policy_document #=> String # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetRolePolicy AWS API Documentation # # @overload get_role_policy(params = {}) # @param [Hash] params ({}) def get_role_policy(params = {}, options = {}) req = build_request(:get_role_policy, params) req.send_request(options) end # Returns the SAML provider metadocument that was uploaded when the IAM # SAML provider resource object was created or updated. # # This operation requires [Signature Version 4][1]. # # # # # # [1]: http://docs.aws.amazon.com/general/latest/gr/signature-version-4.html # # @option params [required, String] :saml_provider_arn # The Amazon Resource Name (ARN) of the SAML provider resource object in # IAM to get information about. # # For more information about ARNs, see [Amazon Resource Names (ARNs) and # AWS Service Namespaces][1] in the *AWS General Reference*. # # # # [1]: http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html # # @return [Types::GetSAMLProviderResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::GetSAMLProviderResponse#saml_metadata_document #saml_metadata_document} => String # * {Types::GetSAMLProviderResponse#create_date #create_date} => Time # * {Types::GetSAMLProviderResponse#valid_until #valid_until} => Time # # @example Request syntax with placeholder values # # resp = client.get_saml_provider({ # saml_provider_arn: "arnType", # required # }) # # @example Response structure # # resp.saml_metadata_document #=> String # resp.create_date #=> Time # resp.valid_until #=> Time # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetSAMLProvider AWS API Documentation # # @overload get_saml_provider(params = {}) # @param [Hash] params ({}) def get_saml_provider(params = {}, options = {}) req = build_request(:get_saml_provider, params) req.send_request(options) end # Retrieves the specified SSH public key, including metadata about the # key. # # The SSH public key retrieved by this action is used only for # authenticating the associated IAM user to an AWS CodeCommit # repository. For more information about using SSH keys to authenticate # to an AWS CodeCommit repository, see [Set up AWS CodeCommit for SSH # Connections][1] in the *AWS CodeCommit User Guide*. # # # # [1]: http://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-credentials-ssh.html # # @option params [required, String] :user_name # The name of the IAM user associated with the SSH public key. # # This parameter allows (per its [regex pattern][1]) a string of # characters consisting of upper and lowercase alphanumeric characters # with no spaces. You can also include any of the following characters: # =,.@- # # # # [1]: http://wikipedia.org/wiki/regex # # @option params [required, String] :ssh_public_key_id # The unique identifier for the SSH public key. # # This parameter allows (per its [regex pattern][1]) a string of # characters that can consist of any upper or lowercased letter or # digit. # # # # [1]: http://wikipedia.org/wiki/regex # # @option params [required, String] :encoding # Specifies the public key encoding format to use in the response. To # retrieve the public key in ssh-rsa format, use `SSH`. To retrieve the # public key in PEM format, use `PEM`. # # @return [Types::GetSSHPublicKeyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::GetSSHPublicKeyResponse#ssh_public_key #ssh_public_key} => Types::SSHPublicKey # # @example Request syntax with placeholder values # # resp = client.get_ssh_public_key({ # user_name: "userNameType", # required # ssh_public_key_id: "publicKeyIdType", # required # encoding: "SSH", # required, accepts SSH, PEM # }) # # @example Response structure # # resp.ssh_public_key.user_name #=> String # resp.ssh_public_key.ssh_public_key_id #=> String # resp.ssh_public_key.fingerprint #=> String # resp.ssh_public_key.ssh_public_key_body #=> String # resp.ssh_public_key.status #=> String, one of "Active", "Inactive" # resp.ssh_public_key.upload_date #=> Time # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetSSHPublicKey AWS API Documentation # # @overload get_ssh_public_key(params = {}) # @param [Hash] params ({}) def get_ssh_public_key(params = {}, options = {}) req = build_request(:get_ssh_public_key, params) req.send_request(options) end # Retrieves information about the specified server certificate stored in # IAM. # # For more information about working with server certificates, including # a list of AWS services that can use the server certificates that you # manage with IAM, go to [Working with Server Certificates][1] in the # *IAM User Guide*. # # # # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html # # @option params [required, String] :server_certificate_name # The name of the server certificate you want to retrieve information # about. # # This parameter allows (per its [regex pattern][1]) a string of # characters consisting of upper and lowercase alphanumeric characters # with no spaces. You can also include any of the following characters: # =,.@- # # # # [1]: http://wikipedia.org/wiki/regex # # @return [Types::GetServerCertificateResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::GetServerCertificateResponse#server_certificate #server_certificate} => Types::ServerCertificate # # @example Request syntax with placeholder values # # resp = client.get_server_certificate({ # server_certificate_name: "serverCertificateNameType", # required # }) # # @example Response structure # # resp.server_certificate.server_certificate_metadata.path #=> String # resp.server_certificate.server_certificate_metadata.server_certificate_name #=> String # resp.server_certificate.server_certificate_metadata.server_certificate_id #=> String # resp.server_certificate.server_certificate_metadata.arn #=> String # resp.server_certificate.server_certificate_metadata.upload_date #=> Time # resp.server_certificate.server_certificate_metadata.expiration #=> Time # resp.server_certificate.certificate_body #=> String # resp.server_certificate.certificate_chain #=> String # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetServerCertificate AWS API Documentation # # @overload get_server_certificate(params = {}) # @param [Hash] params ({}) def get_server_certificate(params = {}, options = {}) req = build_request(:get_server_certificate, params) req.send_request(options) end # Retrieves information about the specified IAM user, including the # user's creation date, path, unique ID, and ARN. # # If you do not specify a user name, IAM determines the user name # implicitly based on the AWS access key ID used to sign the request to # this API. # # @option params [String] :user_name # The name of the user to get information about. # # This parameter is optional. If it is not included, it defaults to the # user making the request. This parameter allows (per its [regex # pattern][1]) a string of characters consisting of upper and lowercase # alphanumeric characters with no spaces. You can also include any of # the following characters: =,.@- # # # # [1]: http://wikipedia.org/wiki/regex # # @return [Types::GetUserResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::GetUserResponse#user #user} => Types::User # # @example Request syntax with placeholder values # # resp = client.get_user({ # user_name: "existingUserNameType", # }) # # @example Response structure # # resp.user.path #=> String # resp.user.user_name #=> String # resp.user.user_id #=> String # resp.user.arn #=> String # resp.user.create_date #=> Time # resp.user.password_last_used #=> Time # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetUser AWS API Documentation # # @overload get_user(params = {}) # @param [Hash] params ({}) def get_user(params = {}, options = {}) req = build_request(:get_user, params) req.send_request(options) end # Retrieves the specified inline policy document that is embedded in the # specified IAM user. # # Policies returned by this API are URL-encoded compliant with [RFC # 3986][1]. You can use a URL decoding method to convert the policy back # to plain JSON text. For example, if you use Java, you can use the # `decode` method of the `java.net.URLDecoder` utility class in the Java # SDK. Other languages and SDKs provide similar functionality. # # # # An IAM user can also have managed policies attached to it. To retrieve # a managed policy document that is attached to a user, use GetPolicy to # determine the policy's default version, then use GetPolicyVersion to # retrieve the policy document. # # For more information about policies, see [Managed Policies and Inline # Policies][2] in the *IAM User Guide*. # # # # [1]: https://tools.ietf.org/html/rfc3986 # [2]: http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html # # @option params [required, String] :user_name # The name of the user who the policy is associated with. # # This parameter allows (per its [regex pattern][1]) a string of # characters consisting of upper and lowercase alphanumeric characters # with no spaces. You can also include any of the following characters: # =,.@- # # # # [1]: http://wikipedia.org/wiki/regex # # @option params [required, String] :policy_name # The name of the policy document to get. # # This parameter allows (per its [regex pattern][1]) a string of # characters consisting of upper and lowercase alphanumeric characters # with no spaces. You can also include any of the following characters: # =,.@- # # # # [1]: http://wikipedia.org/wiki/regex # # @return [Types::GetUserPolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::GetUserPolicyResponse#user_name #user_name} => String # * {Types::GetUserPolicyResponse#policy_name #policy_name} => String # * {Types::GetUserPolicyResponse#policy_document #policy_document} => String # # @example Request syntax with placeholder values # # resp = client.get_user_policy({ # user_name: "existingUserNameType", # required # policy_name: "policyNameType", # required # }) # # @example Response structure # # resp.user_name #=> String # resp.policy_name #=> String # resp.policy_document #=> String # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetUserPolicy AWS API Documentation # # @overload get_user_policy(params = {}) # @param [Hash] params ({}) def get_user_policy(params = {}, options = {}) req = build_request(:get_user_policy, params) req.send_request(options) end # Returns information about the access key IDs associated with the # specified IAM user. If there are none, the action returns an empty # list. # # Although each user is limited to a small number of keys, you can still # paginate the results using the `MaxItems` and `Marker` parameters. # # If the `UserName` field is not specified, the UserName is determined # implicitly based on the AWS access key ID used to sign the request. # Because this action works for access keys under the AWS account, you # can use this action to manage root credentials even if the AWS account # has no associated users. # # To ensure the security of your AWS account, the secret access key is # accessible only during key and user creation. # # # # @option params [String] :user_name # The name of the user. # # This parameter allows (per its [regex pattern][1]) a string of # characters consisting of upper and lowercase alphanumeric characters # with no spaces. You can also include any of the following characters: # =,.@- # # # # [1]: http://wikipedia.org/wiki/regex # # @option params [String] :marker # Use this parameter only when paginating results and only after you # receive a response indicating that the results are truncated. Set it # to the value of the `Marker` element in the response that you received # to indicate where the next call should start. # # @option params [Integer] :max_items # (Optional) Use this only when paginating results to indicate the # maximum number of items you want in the response. If additional items # exist beyond the maximum you specify, the `IsTruncated` response # element is `true`. # # If you do not include this parameter, it defaults to 100. Note that # IAM might return fewer results, even when there are more results # available. In that case, the `IsTruncated` response element returns # `true` and `Marker` contains a value to include in the subsequent call # that tells the service where to continue from. # # @return [Types::ListAccessKeysResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::ListAccessKeysResponse#access_key_metadata #access_key_metadata} => Array<Types::AccessKeyMetadata> # * {Types::ListAccessKeysResponse#is_truncated #is_truncated} => Boolean # * {Types::ListAccessKeysResponse#marker #marker} => String # # @example Request syntax with placeholder values # # resp = client.list_access_keys({ # user_name: "existingUserNameType", # marker: "markerType", # max_items: 1, # }) # # @example Response structure # # resp.access_key_metadata #=> Array # resp.access_key_metadata[0].user_name #=> String # resp.access_key_metadata[0].access_key_id #=> String # resp.access_key_metadata[0].status #=> String, one of "Active", "Inactive" # resp.access_key_metadata[0].create_date #=> Time # resp.is_truncated #=> Boolean # resp.marker #=> String # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListAccessKeys AWS API Documentation # # @overload list_access_keys(params = {}) # @param [Hash] params ({}) def list_access_keys(params = {}, options = {}) req = build_request(:list_access_keys, params) req.send_request(options) end # Lists the account alias associated with the AWS account (Note: you can # have only one). For information about using an AWS account alias, see # [Using an Alias for Your AWS Account ID][1] in the *IAM User Guide*. # # # # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/AccountAlias.html # # @option params [String] :marker # Use this parameter only when paginating results and only after you # receive a response indicating that the results are truncated. Set it # to the value of the `Marker` element in the response that you received # to indicate where the next call should start. # # @option params [Integer] :max_items # (Optional) Use this only when paginating results to indicate the # maximum number of items you want in the response. If additional items # exist beyond the maximum you specify, the `IsTruncated` response # element is `true`. # # If you do not include this parameter, it defaults to 100. Note that # IAM might return fewer results, even when there are more results # available. In that case, the `IsTruncated` response element returns # `true` and `Marker` contains a value to include in the subsequent call # that tells the service where to continue from. # # @return [Types::ListAccountAliasesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::ListAccountAliasesResponse#account_aliases #account_aliases} => Array<String> # * {Types::ListAccountAliasesResponse#is_truncated #is_truncated} => Boolean # * {Types::ListAccountAliasesResponse#marker #marker} => String # # @example Request syntax with placeholder values # # resp = client.list_account_aliases({ # marker: "markerType", # max_items: 1, # }) # # @example Response structure # # resp.account_aliases #=> Array # resp.account_aliases[0] #=> String # resp.is_truncated #=> Boolean # resp.marker #=> String # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListAccountAliases AWS API Documentation # # @overload list_account_aliases(params = {}) # @param [Hash] params ({}) def list_account_aliases(params = {}, options = {}) req = build_request(:list_account_aliases, params) req.send_request(options) end # Lists all managed policies that are attached to the specified IAM # group. # # An IAM group can also have inline policies embedded with it. To list # the inline policies for a group, use the ListGroupPolicies API. For # information about policies, see [Managed Policies and Inline # Policies][1] in the *IAM User Guide*. # # You can paginate the results using the `MaxItems` and `Marker` # parameters. You can use the `PathPrefix` parameter to limit the list # of policies to only those matching the specified path prefix. If there # are no policies attached to the specified group (or none that match # the specified path prefix), the action returns an empty list. # # # # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html # # @option params [required, String] :group_name # The name (friendly name, not ARN) of the group to list attached # policies for. # # This parameter allows (per its [regex pattern][1]) a string of # characters consisting of upper and lowercase alphanumeric characters # with no spaces. You can also include any of the following characters: # =,.@- # # # # [1]: http://wikipedia.org/wiki/regex # # @option params [String] :path_prefix # The path prefix for filtering the results. This parameter is optional. # If it is not included, it defaults to a slash (/), listing all # policies. # # This paramater allows (per its [regex pattern][1]) a string of # characters consisting of either a forward slash (/) by itself or a # string that must begin and end with forward slashes, containing any # ASCII character from the ! (\\u0021) thru the DEL character (\\u007F), # including most punctuation characters, digits, and upper and # lowercased letters. # # # # [1]: http://wikipedia.org/wiki/regex # # @option params [String] :marker # Use this parameter only when paginating results and only after you # receive a response indicating that the results are truncated. Set it # to the value of the `Marker` element in the response that you received # to indicate where the next call should start. # # @option params [Integer] :max_items # (Optional) Use this only when paginating results to indicate the # maximum number of items you want in the response. If additional items # exist beyond the maximum you specify, the `IsTruncated` response # element is `true`. # # If you do not include this parameter, it defaults to 100. Note that # IAM might return fewer results, even when there are more results # available. In that case, the `IsTruncated` response element returns # `true` and `Marker` contains a value to include in the subsequent call # that tells the service where to continue from. # # @return [Types::ListAttachedGroupPoliciesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::ListAttachedGroupPoliciesResponse#attached_policies #attached_policies} => Array<Types::AttachedPolicy> # * {Types::ListAttachedGroupPoliciesResponse#is_truncated #is_truncated} => Boolean # * {Types::ListAttachedGroupPoliciesResponse#marker #marker} => String # # @example Request syntax with placeholder values # # resp = client.list_attached_group_policies({ # group_name: "groupNameType", # required # path_prefix: "policyPathType", # marker: "markerType", # max_items: 1, # }) # # @example Response structure # # resp.attached_policies #=> Array # resp.attached_policies[0].policy_name #=> String # resp.attached_policies[0].policy_arn #=> String # resp.is_truncated #=> Boolean # resp.marker #=> String # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListAttachedGroupPolicies AWS API Documentation # # @overload list_attached_group_policies(params = {}) # @param [Hash] params ({}) def list_attached_group_policies(params = {}, options = {}) req = build_request(:list_attached_group_policies, params) req.send_request(options) end # Lists all managed policies that are attached to the specified IAM # role. # # An IAM role can also have inline policies embedded with it. To list # the inline policies for a role, use the ListRolePolicies API. For # information about policies, see [Managed Policies and Inline # Policies][1] in the *IAM User Guide*. # # You can paginate the results using the `MaxItems` and `Marker` # parameters. You can use the `PathPrefix` parameter to limit the list # of policies to only those matching the specified path prefix. If there # are no policies attached to the specified role (or none that match the # specified path prefix), the action returns an empty list. # # # # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html # # @option params [required, String] :role_name # The name (friendly name, not ARN) of the role to list attached # policies for. # # This parameter allows (per its [regex pattern][1]) a string of # characters consisting of upper and lowercase alphanumeric characters # with no spaces. You can also include any of the following characters: # \_+=,.@- # # # # [1]: http://wikipedia.org/wiki/regex # # @option params [String] :path_prefix # The path prefix for filtering the results. This parameter is optional. # If it is not included, it defaults to a slash (/), listing all # policies. # # This paramater allows (per its [regex pattern][1]) a string of # characters consisting of either a forward slash (/) by itself or a # string that must begin and end with forward slashes, containing any # ASCII character from the ! (\\u0021) thru the DEL character (\\u007F), # including most punctuation characters, digits, and upper and # lowercased letters. # # # # [1]: http://wikipedia.org/wiki/regex # # @option params [String] :marker # Use this parameter only when paginating results and only after you # receive a response indicating that the results are truncated. Set it # to the value of the `Marker` element in the response that you received # to indicate where the next call should start. # # @option params [Integer] :max_items # (Optional) Use this only when paginating results to indicate the # maximum number of items you want in the response. If additional items # exist beyond the maximum you specify, the `IsTruncated` response # element is `true`. # # If you do not include this parameter, it defaults to 100. Note that # IAM might return fewer results, even when there are more results # available. In that case, the `IsTruncated` response element returns # `true` and `Marker` contains a value to include in the subsequent call # that tells the service where to continue from. # # @return [Types::ListAttachedRolePoliciesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::ListAttachedRolePoliciesResponse#attached_policies #attached_policies} => Array<Types::AttachedPolicy> # * {Types::ListAttachedRolePoliciesResponse#is_truncated #is_truncated} => Boolean # * {Types::ListAttachedRolePoliciesResponse#marker #marker} => String # # @example Request syntax with placeholder values # # resp = client.list_attached_role_policies({ # role_name: "roleNameType", # required # path_prefix: "policyPathType", # marker: "markerType", # max_items: 1, # }) # # @example Response structure # # resp.attached_policies #=> Array # resp.attached_policies[0].policy_name #=> String # resp.attached_policies[0].policy_arn #=> String # resp.is_truncated #=> Boolean # resp.marker #=> String # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListAttachedRolePolicies AWS API Documentation # # @overload list_attached_role_policies(params = {}) # @param [Hash] params ({}) def list_attached_role_policies(params = {}, options = {}) req = build_request(:list_attached_role_policies, params) req.send_request(options) end # Lists all managed policies that are attached to the specified IAM # user. # # An IAM user can also have inline policies embedded with it. To list # the inline policies for a user, use the ListUserPolicies API. For # information about policies, see [Managed Policies and Inline # Policies][1] in the *IAM User Guide*. # # You can paginate the results using the `MaxItems` and `Marker` # parameters. You can use the `PathPrefix` parameter to limit the list # of policies to only those matching the specified path prefix. If there # are no policies attached to the specified group (or none that match # the specified path prefix), the action returns an empty list. # # # # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html # # @option params [required, String] :user_name # The name (friendly name, not ARN) of the user to list attached # policies for. # # This parameter allows (per its [regex pattern][1]) a string of # characters consisting of upper and lowercase alphanumeric characters # with no spaces. You can also include any of the following characters: # =,.@- # # # # [1]: http://wikipedia.org/wiki/regex # # @option params [String] :path_prefix # The path prefix for filtering the results. This parameter is optional. # If it is not included, it defaults to a slash (/), listing all # policies. # # This paramater allows (per its [regex pattern][1]) a string of # characters consisting of either a forward slash (/) by itself or a # string that must begin and end with forward slashes, containing any # ASCII character from the ! (\\u0021) thru the DEL character (\\u007F), # including most punctuation characters, digits, and upper and # lowercased letters. # # # # [1]: http://wikipedia.org/wiki/regex # # @option params [String] :marker # Use this parameter only when paginating results and only after you # receive a response indicating that the results are truncated. Set it # to the value of the `Marker` element in the response that you received # to indicate where the next call should start. # # @option params [Integer] :max_items # (Optional) Use this only when paginating results to indicate the # maximum number of items you want in the response. If additional items # exist beyond the maximum you specify, the `IsTruncated` response # element is `true`. # # If you do not include this parameter, it defaults to 100. Note that # IAM might return fewer results, even when there are more results # available. In that case, the `IsTruncated` response element returns # `true` and `Marker` contains a value to include in the subsequent call # that tells the service where to continue from. # # @return [Types::ListAttachedUserPoliciesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::ListAttachedUserPoliciesResponse#attached_policies #attached_policies} => Array<Types::AttachedPolicy> # * {Types::ListAttachedUserPoliciesResponse#is_truncated #is_truncated} => Boolean # * {Types::ListAttachedUserPoliciesResponse#marker #marker} => String # # @example Request syntax with placeholder values # # resp = client.list_attached_user_policies({ # user_name: "userNameType", # required # path_prefix: "policyPathType", # marker: "markerType", # max_items: 1, # }) # # @example Response structure # # resp.attached_policies #=> Array # resp.attached_policies[0].policy_name #=> String # resp.attached_policies[0].policy_arn #=> String # resp.is_truncated #=> Boolean # resp.marker #=> String # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListAttachedUserPolicies AWS API Documentation # # @overload list_attached_user_policies(params = {}) # @param [Hash] params ({}) def list_attached_user_policies(params = {}, options = {}) req = build_request(:list_attached_user_policies, params) req.send_request(options) end # Lists all IAM users, groups, and roles that the specified managed # policy is attached to. # # You can use the optional `EntityFilter` parameter to limit the results # to a particular type of entity (users, groups, or roles). For example, # to list only the roles that are attached to the specified policy, set # `EntityFilter` to `Role`. # # You can paginate the results using the `MaxItems` and `Marker` # parameters. # # @option params [required, String] :policy_arn # The Amazon Resource Name (ARN) of the IAM policy for which you want # the versions. # # For more information about ARNs, see [Amazon Resource Names (ARNs) and # AWS Service Namespaces][1] in the *AWS General Reference*. # # # # [1]: http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html # # @option params [String] :entity_filter # The entity type to use for filtering the results. # # For example, when `EntityFilter` is `Role`, only the roles that are # attached to the specified policy are returned. This parameter is # optional. If it is not included, all attached entities (users, groups, # and roles) are returned. The argument for this parameter must be one # of the valid values listed below. # # @option params [String] :path_prefix # The path prefix for filtering the results. This parameter is optional. # If it is not included, it defaults to a slash (/), listing all # entities. # # This paramater allows (per its [regex pattern][1]) a string of # characters consisting of either a forward slash (/) by itself or a # string that must begin and end with forward slashes, containing any # ASCII character from the ! (\\u0021) thru the DEL character (\\u007F), # including most punctuation characters, digits, and upper and # lowercased letters. # # # # [1]: http://wikipedia.org/wiki/regex # # @option params [String] :marker # Use this parameter only when paginating results and only after you # receive a response indicating that the results are truncated. Set it # to the value of the `Marker` element in the response that you received # to indicate where the next call should start. # # @option params [Integer] :max_items # (Optional) Use this only when paginating results to indicate the # maximum number of items you want in the response. If additional items # exist beyond the maximum you specify, the `IsTruncated` response # element is `true`. # # If you do not include this parameter, it defaults to 100. Note that # IAM might return fewer results, even when there are more results # available. In that case, the `IsTruncated` response element returns # `true` and `Marker` contains a value to include in the subsequent call # that tells the service where to continue from. # # @return [Types::ListEntitiesForPolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::ListEntitiesForPolicyResponse#policy_groups #policy_groups} => Array<Types::PolicyGroup> # * {Types::ListEntitiesForPolicyResponse#policy_users #policy_users} => Array<Types::PolicyUser> # * {Types::ListEntitiesForPolicyResponse#policy_roles #policy_roles} => Array<Types::PolicyRole> # * {Types::ListEntitiesForPolicyResponse#is_truncated #is_truncated} => Boolean # * {Types::ListEntitiesForPolicyResponse#marker #marker} => String # # @example Request syntax with placeholder values # # resp = client.list_entities_for_policy({ # policy_arn: "arnType", # required # entity_filter: "User", # accepts User, Role, Group, LocalManagedPolicy, AWSManagedPolicy # path_prefix: "pathType", # marker: "markerType", # max_items: 1, # }) # # @example Response structure # # resp.policy_groups #=> Array # resp.policy_groups[0].group_name #=> String # resp.policy_groups[0].group_id #=> String # resp.policy_users #=> Array # resp.policy_users[0].user_name #=> String # resp.policy_users[0].user_id #=> String # resp.policy_roles #=> Array # resp.policy_roles[0].role_name #=> String # resp.policy_roles[0].role_id #=> String # resp.is_truncated #=> Boolean # resp.marker #=> String # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListEntitiesForPolicy AWS API Documentation # # @overload list_entities_for_policy(params = {}) # @param [Hash] params ({}) def list_entities_for_policy(params = {}, options = {}) req = build_request(:list_entities_for_policy, params) req.send_request(options) end # Lists the names of the inline policies that are embedded in the # specified IAM group. # # An IAM group can also have managed policies attached to it. To list # the managed policies that are attached to a group, use # ListAttachedGroupPolicies. For more information about policies, see # [Managed Policies and Inline Policies][1] in the *IAM User Guide*. # # You can paginate the results using the `MaxItems` and `Marker` # parameters. If there are no inline policies embedded with the # specified group, the action returns an empty list. # # # # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html # # @option params [required, String] :group_name # The name of the group to list policies for. # # This parameter allows (per its [regex pattern][1]) a string of # characters consisting of upper and lowercase alphanumeric characters # with no spaces. You can also include any of the following characters: # =,.@- # # # # [1]: http://wikipedia.org/wiki/regex # # @option params [String] :marker # Use this parameter only when paginating results and only after you # receive a response indicating that the results are truncated. Set it # to the value of the `Marker` element in the response that you received # to indicate where the next call should start. # # @option params [Integer] :max_items # (Optional) Use this only when paginating results to indicate the # maximum number of items you want in the response. If additional items # exist beyond the maximum you specify, the `IsTruncated` response # element is `true`. # # If you do not include this parameter, it defaults to 100. Note that # IAM might return fewer results, even when there are more results # available. In that case, the `IsTruncated` response element returns # `true` and `Marker` contains a value to include in the subsequent call # that tells the service where to continue from. # # @return [Types::ListGroupPoliciesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::ListGroupPoliciesResponse#policy_names #policy_names} => Array<String> # * {Types::ListGroupPoliciesResponse#is_truncated #is_truncated} => Boolean # * {Types::ListGroupPoliciesResponse#marker #marker} => String # # @example Request syntax with placeholder values # # resp = client.list_group_policies({ # group_name: "groupNameType", # required # marker: "markerType", # max_items: 1, # }) # # @example Response structure # # resp.policy_names #=> Array # resp.policy_names[0] #=> String # resp.is_truncated #=> Boolean # resp.marker #=> String # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListGroupPolicies AWS API Documentation # # @overload list_group_policies(params = {}) # @param [Hash] params ({}) def list_group_policies(params = {}, options = {}) req = build_request(:list_group_policies, params) req.send_request(options) end # Lists the IAM groups that have the specified path prefix. # # You can paginate the results using the `MaxItems` and `Marker` # parameters. # # @option params [String] :path_prefix # The path prefix for filtering the results. For example, the prefix # `/division_abc/subdivision_xyz/` gets all groups whose path starts # with `/division_abc/subdivision_xyz/`. # # This parameter is optional. If it is not included, it defaults to a # slash (/), listing all groups. This paramater allows (per its [regex # pattern][1]) a string of characters consisting of either a forward # slash (/) by itself or a string that must begin and end with forward # slashes, containing any ASCII character from the ! (\\u0021) thru the # DEL character (\\u007F), including most punctuation characters, # digits, and upper and lowercased letters. # # # # [1]: http://wikipedia.org/wiki/regex # # @option params [String] :marker # Use this parameter only when paginating results and only after you # receive a response indicating that the results are truncated. Set it # to the value of the `Marker` element in the response that you received # to indicate where the next call should start. # # @option params [Integer] :max_items # (Optional) Use this only when paginating results to indicate the # maximum number of items you want in the response. If additional items # exist beyond the maximum you specify, the `IsTruncated` response # element is `true`. # # If you do not include this parameter, it defaults to 100. Note that # IAM might return fewer results, even when there are more results # available. In that case, the `IsTruncated` response element returns # `true` and `Marker` contains a value to include in the subsequent call # that tells the service where to continue from. # # @return [Types::ListGroupsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::ListGroupsResponse#groups #groups} => Array<Types::Group> # * {Types::ListGroupsResponse#is_truncated #is_truncated} => Boolean # * {Types::ListGroupsResponse#marker #marker} => String # # @example Request syntax with placeholder values # # resp = client.list_groups({ # path_prefix: "pathPrefixType", # marker: "markerType", # max_items: 1, # }) # # @example Response structure # # resp.groups #=> Array # resp.groups[0].path #=> String # resp.groups[0].group_name #=> String # resp.groups[0].group_id #=> String # resp.groups[0].arn #=> String # resp.groups[0].create_date #=> Time # resp.is_truncated #=> Boolean # resp.marker #=> String # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListGroups AWS API Documentation # # @overload list_groups(params = {}) # @param [Hash] params ({}) def list_groups(params = {}, options = {}) req = build_request(:list_groups, params) req.send_request(options) end # Lists the IAM groups that the specified IAM user belongs to. # # You can paginate the results using the `MaxItems` and `Marker` # parameters. # # @option params [required, String] :user_name # The name of the user to list groups for. # # This parameter allows (per its [regex pattern][1]) a string of # characters consisting of upper and lowercase alphanumeric characters # with no spaces. You can also include any of the following characters: # =,.@- # # # # [1]: http://wikipedia.org/wiki/regex # # @option params [String] :marker # Use this parameter only when paginating results and only after you # receive a response indicating that the results are truncated. Set it # to the value of the `Marker` element in the response that you received # to indicate where the next call should start. # # @option params [Integer] :max_items # (Optional) Use this only when paginating results to indicate the # maximum number of items you want in the response. If additional items # exist beyond the maximum you specify, the `IsTruncated` response # element is `true`. # # If you do not include this parameter, it defaults to 100. Note that # IAM might return fewer results, even when there are more results # available. In that case, the `IsTruncated` response element returns # `true` and `Marker` contains a value to include in the subsequent call # that tells the service where to continue from. # # @return [Types::ListGroupsForUserResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::ListGroupsForUserResponse#groups #groups} => Array<Types::Group> # * {Types::ListGroupsForUserResponse#is_truncated #is_truncated} => Boolean # * {Types::ListGroupsForUserResponse#marker #marker} => String # # @example Request syntax with placeholder values # # resp = client.list_groups_for_user({ # user_name: "existingUserNameType", # required # marker: "markerType", # max_items: 1, # }) # # @example Response structure # # resp.groups #=> Array # resp.groups[0].path #=> String # resp.groups[0].group_name #=> String # resp.groups[0].group_id #=> String # resp.groups[0].arn #=> String # resp.groups[0].create_date #=> Time # resp.is_truncated #=> Boolean # resp.marker #=> String # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListGroupsForUser AWS API Documentation # # @overload list_groups_for_user(params = {}) # @param [Hash] params ({}) def list_groups_for_user(params = {}, options = {}) req = build_request(:list_groups_for_user, params) req.send_request(options) end # Lists the instance profiles that have the specified path prefix. If # there are none, the action returns an empty list. For more information # about instance profiles, go to [About Instance Profiles][1]. # # You can paginate the results using the `MaxItems` and `Marker` # parameters. # # # # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/AboutInstanceProfiles.html # # @option params [String] :path_prefix # The path prefix for filtering the results. For example, the prefix # `/application_abc/component_xyz/` gets all instance profiles whose # path starts with `/application_abc/component_xyz/`. # # This parameter is optional. If it is not included, it defaults to a # slash (/), listing all instance profiles. This paramater allows (per # its [regex pattern][1]) a string of characters consisting of either a # forward slash (/) by itself or a string that must begin and end with # forward slashes, containing any ASCII character from the ! (\\u0021) # thru the DEL character (\\u007F), including most punctuation # characters, digits, and upper and lowercased letters. # # # # [1]: http://wikipedia.org/wiki/regex # # @option params [String] :marker # Use this parameter only when paginating results and only after you # receive a response indicating that the results are truncated. Set it # to the value of the `Marker` element in the response that you received # to indicate where the next call should start. # # @option params [Integer] :max_items # (Optional) Use this only when paginating results to indicate the # maximum number of items you want in the response. If additional items # exist beyond the maximum you specify, the `IsTruncated` response # element is `true`. # # If you do not include this parameter, it defaults to 100. Note that # IAM might return fewer results, even when there are more results # available. In that case, the `IsTruncated` response element returns # `true` and `Marker` contains a value to include in the subsequent call # that tells the service where to continue from. # # @return [Types::ListInstanceProfilesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::ListInstanceProfilesResponse#instance_profiles #instance_profiles} => Array<Types::InstanceProfile> # * {Types::ListInstanceProfilesResponse#is_truncated #is_truncated} => Boolean # * {Types::ListInstanceProfilesResponse#marker #marker} => String # # @example Request syntax with placeholder values # # resp = client.list_instance_profiles({ # path_prefix: "pathPrefixType", # marker: "markerType", # max_items: 1, # }) # # @example Response structure # # resp.instance_profiles #=> Array # resp.instance_profiles[0].path #=> String # resp.instance_profiles[0].instance_profile_name #=> String # resp.instance_profiles[0].instance_profile_id #=> String # resp.instance_profiles[0].arn #=> String # resp.instance_profiles[0].create_date #=> Time # resp.instance_profiles[0].roles #=> Array # resp.instance_profiles[0].roles[0].path #=> String # resp.instance_profiles[0].roles[0].role_name #=> String # resp.instance_profiles[0].roles[0].role_id #=> String # resp.instance_profiles[0].roles[0].arn #=> String # resp.instance_profiles[0].roles[0].create_date #=> Time # resp.instance_profiles[0].roles[0].assume_role_policy_document #=> String # resp.instance_profiles[0].roles[0].description #=> String # resp.is_truncated #=> Boolean # resp.marker #=> String # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListInstanceProfiles AWS API Documentation # # @overload list_instance_profiles(params = {}) # @param [Hash] params ({}) def list_instance_profiles(params = {}, options = {}) req = build_request(:list_instance_profiles, params) req.send_request(options) end # Lists the instance profiles that have the specified associated IAM # role. If there are none, the action returns an empty list. For more # information about instance profiles, go to [About Instance # Profiles][1]. # # You can paginate the results using the `MaxItems` and `Marker` # parameters. # # # # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/AboutInstanceProfiles.html # # @option params [required, String] :role_name # The name of the role to list instance profiles for. # # This parameter allows (per its [regex pattern][1]) a string of # characters consisting of upper and lowercase alphanumeric characters # with no spaces. You can also include any of the following characters: # \_+=,.@- # # # # [1]: http://wikipedia.org/wiki/regex # # @option params [String] :marker # Use this parameter only when paginating results and only after you # receive a response indicating that the results are truncated. Set it # to the value of the `Marker` element in the response that you received # to indicate where the next call should start. # # @option params [Integer] :max_items # (Optional) Use this only when paginating results to indicate the # maximum number of items you want in the response. If additional items # exist beyond the maximum you specify, the `IsTruncated` response # element is `true`. # # If you do not include this parameter, it defaults to 100. Note that # IAM might return fewer results, even when there are more results # available. In that case, the `IsTruncated` response element returns # `true` and `Marker` contains a value to include in the subsequent call # that tells the service where to continue from. # # @return [Types::ListInstanceProfilesForRoleResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::ListInstanceProfilesForRoleResponse#instance_profiles #instance_profiles} => Array<Types::InstanceProfile> # * {Types::ListInstanceProfilesForRoleResponse#is_truncated #is_truncated} => Boolean # * {Types::ListInstanceProfilesForRoleResponse#marker #marker} => String # # @example Request syntax with placeholder values # # resp = client.list_instance_profiles_for_role({ # role_name: "roleNameType", # required # marker: "markerType", # max_items: 1, # }) # # @example Response structure # # resp.instance_profiles #=> Array # resp.instance_profiles[0].path #=> String # resp.instance_profiles[0].instance_profile_name #=> String # resp.instance_profiles[0].instance_profile_id #=> String # resp.instance_profiles[0].arn #=> String # resp.instance_profiles[0].create_date #=> Time # resp.instance_profiles[0].roles #=> Array # resp.instance_profiles[0].roles[0].path #=> String # resp.instance_profiles[0].roles[0].role_name #=> String # resp.instance_profiles[0].roles[0].role_id #=> String # resp.instance_profiles[0].roles[0].arn #=> String # resp.instance_profiles[0].roles[0].create_date #=> Time # resp.instance_profiles[0].roles[0].assume_role_policy_document #=> String # resp.instance_profiles[0].roles[0].description #=> String # resp.is_truncated #=> Boolean # resp.marker #=> String # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListInstanceProfilesForRole AWS API Documentation # # @overload list_instance_profiles_for_role(params = {}) # @param [Hash] params ({}) def list_instance_profiles_for_role(params = {}, options = {}) req = build_request(:list_instance_profiles_for_role, params) req.send_request(options) end # Lists the MFA devices for an IAM user. If the request includes a IAM # user name, then this action lists all the MFA devices associated with # the specified user. If you do not specify a user name, IAM determines # the user name implicitly based on the AWS access key ID signing the # request for this API. # # You can paginate the results using the `MaxItems` and `Marker` # parameters. # # @option params [String] :user_name # The name of the user whose MFA devices you want to list. # # This parameter allows (per its [regex pattern][1]) a string of # characters consisting of upper and lowercase alphanumeric characters # with no spaces. You can also include any of the following characters: # =,.@- # # # # [1]: http://wikipedia.org/wiki/regex # # @option params [String] :marker # Use this parameter only when paginating results and only after you # receive a response indicating that the results are truncated. Set it # to the value of the `Marker` element in the response that you received # to indicate where the next call should start. # # @option params [Integer] :max_items # (Optional) Use this only when paginating results to indicate the # maximum number of items you want in the response. If additional items # exist beyond the maximum you specify, the `IsTruncated` response # element is `true`. # # If you do not include this parameter, it defaults to 100. Note that # IAM might return fewer results, even when there are more results # available. In that case, the `IsTruncated` response element returns # `true` and `Marker` contains a value to include in the subsequent call # that tells the service where to continue from. # # @return [Types::ListMFADevicesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::ListMFADevicesResponse#mfa_devices #mfa_devices} => Array<Types::MFADevice> # * {Types::ListMFADevicesResponse#is_truncated #is_truncated} => Boolean # * {Types::ListMFADevicesResponse#marker #marker} => String # # @example Request syntax with placeholder values # # resp = client.list_mfa_devices({ # user_name: "existingUserNameType", # marker: "markerType", # max_items: 1, # }) # # @example Response structure # # resp.mfa_devices #=> Array # resp.mfa_devices[0].user_name #=> String # resp.mfa_devices[0].serial_number #=> String # resp.mfa_devices[0].enable_date #=> Time # resp.is_truncated #=> Boolean # resp.marker #=> String # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListMFADevices AWS API Documentation # # @overload list_mfa_devices(params = {}) # @param [Hash] params ({}) def list_mfa_devices(params = {}, options = {}) req = build_request(:list_mfa_devices, params) req.send_request(options) end # Lists information about the IAM OpenID Connect (OIDC) provider # resource objects defined in the AWS account. # # @return [Types::ListOpenIDConnectProvidersResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::ListOpenIDConnectProvidersResponse#open_id_connect_provider_list #open_id_connect_provider_list} => Array<Types::OpenIDConnectProviderListEntry> # # @example Response structure # # resp.open_id_connect_provider_list #=> Array # resp.open_id_connect_provider_list[0].arn #=> String # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListOpenIDConnectProviders AWS API Documentation # # @overload list_open_id_connect_providers(params = {}) # @param [Hash] params ({}) def list_open_id_connect_providers(params = {}, options = {}) req = build_request(:list_open_id_connect_providers, params) req.send_request(options) end # Lists all the managed policies that are available in your AWS account, # including your own customer-defined managed policies and all AWS # managed policies. # # You can filter the list of policies that is returned using the # optional `OnlyAttached`, `Scope`, and `PathPrefix` parameters. For # example, to list only the customer managed policies in your AWS # account, set `Scope` to `Local`. To list only AWS managed policies, # set `Scope` to `AWS`. # # You can paginate the results using the `MaxItems` and `Marker` # parameters. # # For more information about managed policies, see [Managed Policies and # Inline Policies][1] in the *IAM User Guide*. # # # # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html # # @option params [String] :scope # The scope to use for filtering the results. # # To list only AWS managed policies, set `Scope` to `AWS`. To list only # the customer managed policies in your AWS account, set `Scope` to # `Local`. # # This parameter is optional. If it is not included, or if it is set to # `All`, all policies are returned. # # @option params [Boolean] :only_attached # A flag to filter the results to only the attached policies. # # When `OnlyAttached` is `true`, the returned list contains only the # policies that are attached to an IAM user, group, or role. When # `OnlyAttached` is `false`, or when the parameter is not included, all # policies are returned. # # @option params [String] :path_prefix # The path prefix for filtering the results. This parameter is optional. # If it is not included, it defaults to a slash (/), listing all # policies. This paramater allows (per its [regex pattern][1]) a string # of characters consisting of either a forward slash (/) by itself or a # string that must begin and end with forward slashes, containing any # ASCII character from the ! (\\u0021) thru the DEL character (\\u007F), # including most punctuation characters, digits, and upper and # lowercased letters. # # # # [1]: http://wikipedia.org/wiki/regex # # @option params [String] :marker # Use this parameter only when paginating results and only after you # receive a response indicating that the results are truncated. Set it # to the value of the `Marker` element in the response that you received # to indicate where the next call should start. # # @option params [Integer] :max_items # (Optional) Use this only when paginating results to indicate the # maximum number of items you want in the response. If additional items # exist beyond the maximum you specify, the `IsTruncated` response # element is `true`. # # If you do not include this parameter, it defaults to 100. Note that # IAM might return fewer results, even when there are more results # available. In that case, the `IsTruncated` response element returns # `true` and `Marker` contains a value to include in the subsequent call # that tells the service where to continue from. # # @return [Types::ListPoliciesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::ListPoliciesResponse#policies #policies} => Array<Types::Policy> # * {Types::ListPoliciesResponse#is_truncated #is_truncated} => Boolean # * {Types::ListPoliciesResponse#marker #marker} => String # # @example Request syntax with placeholder values # # resp = client.list_policies({ # scope: "All", # accepts All, AWS, Local # only_attached: false, # path_prefix: "policyPathType", # marker: "markerType", # max_items: 1, # }) # # @example Response structure # # resp.policies #=> Array # resp.policies[0].policy_name #=> String # resp.policies[0].policy_id #=> String # resp.policies[0].arn #=> String # resp.policies[0].path #=> String # resp.policies[0].default_version_id #=> String # resp.policies[0].attachment_count #=> Integer # resp.policies[0].is_attachable #=> Boolean # resp.policies[0].description #=> String # resp.policies[0].create_date #=> Time # resp.policies[0].update_date #=> Time # resp.is_truncated #=> Boolean # resp.marker #=> String # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListPolicies AWS API Documentation # # @overload list_policies(params = {}) # @param [Hash] params ({}) def list_policies(params = {}, options = {}) req = build_request(:list_policies, params) req.send_request(options) end # Lists information about the versions of the specified managed policy, # including the version that is currently set as the policy's default # version. # # For more information about managed policies, see [Managed Policies and # Inline Policies][1] in the *IAM User Guide*. # # # # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html # # @option params [required, String] :policy_arn # The Amazon Resource Name (ARN) of the IAM policy for which you want # the versions. # # For more information about ARNs, see [Amazon Resource Names (ARNs) and # AWS Service Namespaces][1] in the *AWS General Reference*. # # # # [1]: http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html # # @option params [String] :marker # Use this parameter only when paginating results and only after you # receive a response indicating that the results are truncated. Set it # to the value of the `Marker` element in the response that you received # to indicate where the next call should start. # # @option params [Integer] :max_items # (Optional) Use this only when paginating results to indicate the # maximum number of items you want in the response. If additional items # exist beyond the maximum you specify, the `IsTruncated` response # element is `true`. # # If you do not include this parameter, it defaults to 100. Note that # IAM might return fewer results, even when there are more results # available. In that case, the `IsTruncated` response element returns # `true` and `Marker` contains a value to include in the subsequent call # that tells the service where to continue from. # # @return [Types::ListPolicyVersionsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::ListPolicyVersionsResponse#versions #versions} => Array<Types::PolicyVersion> # * {Types::ListPolicyVersionsResponse#is_truncated #is_truncated} => Boolean # * {Types::ListPolicyVersionsResponse#marker #marker} => String # # @example Request syntax with placeholder values # # resp = client.list_policy_versions({ # policy_arn: "arnType", # required # marker: "markerType", # max_items: 1, # }) # # @example Response structure # # resp.versions #=> Array # resp.versions[0].document #=> String # resp.versions[0].version_id #=> String # resp.versions[0].is_default_version #=> Boolean # resp.versions[0].create_date #=> Time # resp.is_truncated #=> Boolean # resp.marker #=> String # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListPolicyVersions AWS API Documentation # # @overload list_policy_versions(params = {}) # @param [Hash] params ({}) def list_policy_versions(params = {}, options = {}) req = build_request(:list_policy_versions, params) req.send_request(options) end # Lists the names of the inline policies that are embedded in the # specified IAM role. # # An IAM role can also have managed policies attached to it. To list the # managed policies that are attached to a role, use # ListAttachedRolePolicies. For more information about policies, see # [Managed Policies and Inline Policies][1] in the *IAM User Guide*. # # You can paginate the results using the `MaxItems` and `Marker` # parameters. If there are no inline policies embedded with the # specified role, the action returns an empty list. # # # # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html # # @option params [required, String] :role_name # The name of the role to list policies for. # # This parameter allows (per its [regex pattern][1]) a string of # characters consisting of upper and lowercase alphanumeric characters # with no spaces. You can also include any of the following characters: # \_+=,.@- # # # # [1]: http://wikipedia.org/wiki/regex # # @option params [String] :marker # Use this parameter only when paginating results and only after you # receive a response indicating that the results are truncated. Set it # to the value of the `Marker` element in the response that you received # to indicate where the next call should start. # # @option params [Integer] :max_items # (Optional) Use this only when paginating results to indicate the # maximum number of items you want in the response. If additional items # exist beyond the maximum you specify, the `IsTruncated` response # element is `true`. # # If you do not include this parameter, it defaults to 100. Note that # IAM might return fewer results, even when there are more results # available. In that case, the `IsTruncated` response element returns # `true` and `Marker` contains a value to include in the subsequent call # that tells the service where to continue from. # # @return [Types::ListRolePoliciesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::ListRolePoliciesResponse#policy_names #policy_names} => Array<String> # * {Types::ListRolePoliciesResponse#is_truncated #is_truncated} => Boolean # * {Types::ListRolePoliciesResponse#marker #marker} => String # # @example Request syntax with placeholder values # # resp = client.list_role_policies({ # role_name: "roleNameType", # required # marker: "markerType", # max_items: 1, # }) # # @example Response structure # # resp.policy_names #=> Array # resp.policy_names[0] #=> String # resp.is_truncated #=> Boolean # resp.marker #=> String # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListRolePolicies AWS API Documentation # # @overload list_role_policies(params = {}) # @param [Hash] params ({}) def list_role_policies(params = {}, options = {}) req = build_request(:list_role_policies, params) req.send_request(options) end # Lists the IAM roles that have the specified path prefix. If there are # none, the action returns an empty list. For more information about # roles, go to [Working with Roles][1]. # # You can paginate the results using the `MaxItems` and `Marker` # parameters. # # # # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/WorkingWithRoles.html # # @option params [String] :path_prefix # The path prefix for filtering the results. For example, the prefix # `/application_abc/component_xyz/` gets all roles whose path starts # with `/application_abc/component_xyz/`. # # This parameter is optional. If it is not included, it defaults to a # slash (/), listing all roles. This paramater allows (per its [regex # pattern][1]) a string of characters consisting of either a forward # slash (/) by itself or a string that must begin and end with forward # slashes, containing any ASCII character from the ! (\\u0021) thru the # DEL character (\\u007F), including most punctuation characters, # digits, and upper and lowercased letters. # # # # [1]: http://wikipedia.org/wiki/regex # # @option params [String] :marker # Use this parameter only when paginating results and only after you # receive a response indicating that the results are truncated. Set it # to the value of the `Marker` element in the response that you received # to indicate where the next call should start. # # @option params [Integer] :max_items # (Optional) Use this only when paginating results to indicate the # maximum number of items you want in the response. If additional items # exist beyond the maximum you specify, the `IsTruncated` response # element is `true`. # # If you do not include this parameter, it defaults to 100. Note that # IAM might return fewer results, even when there are more results # available. In that case, the `IsTruncated` response element returns # `true` and `Marker` contains a value to include in the subsequent call # that tells the service where to continue from. # # @return [Types::ListRolesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::ListRolesResponse#roles #roles} => Array<Types::Role> # * {Types::ListRolesResponse#is_truncated #is_truncated} => Boolean # * {Types::ListRolesResponse#marker #marker} => String # # @example Request syntax with placeholder values # # resp = client.list_roles({ # path_prefix: "pathPrefixType", # marker: "markerType", # max_items: 1, # }) # # @example Response structure # # resp.roles #=> Array # resp.roles[0].path #=> String # resp.roles[0].role_name #=> String # resp.roles[0].role_id #=> String # resp.roles[0].arn #=> String # resp.roles[0].create_date #=> Time # resp.roles[0].assume_role_policy_document #=> String # resp.roles[0].description #=> String # resp.is_truncated #=> Boolean # resp.marker #=> String # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListRoles AWS API Documentation # # @overload list_roles(params = {}) # @param [Hash] params ({}) def list_roles(params = {}, options = {}) req = build_request(:list_roles, params) req.send_request(options) end # Lists the SAML provider resource objects defined in IAM in the # account. # # This operation requires [Signature Version 4][1]. # # # # # # [1]: http://docs.aws.amazon.com/general/latest/gr/signature-version-4.html # # @return [Types::ListSAMLProvidersResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::ListSAMLProvidersResponse#saml_provider_list #saml_provider_list} => Array<Types::SAMLProviderListEntry> # # @example Response structure # # resp.saml_provider_list #=> Array # resp.saml_provider_list[0].arn #=> String # resp.saml_provider_list[0].valid_until #=> Time # resp.saml_provider_list[0].create_date #=> Time # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListSAMLProviders AWS API Documentation # # @overload list_saml_providers(params = {}) # @param [Hash] params ({}) def list_saml_providers(params = {}, options = {}) req = build_request(:list_saml_providers, params) req.send_request(options) end # Returns information about the SSH public keys associated with the # specified IAM user. If there are none, the action returns an empty # list. # # The SSH public keys returned by this action are used only for # authenticating the IAM user to an AWS CodeCommit repository. For more # information about using SSH keys to authenticate to an AWS CodeCommit # repository, see [Set up AWS CodeCommit for SSH Connections][1] in the # *AWS CodeCommit User Guide*. # # Although each user is limited to a small number of keys, you can still # paginate the results using the `MaxItems` and `Marker` parameters. # # # # [1]: http://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-credentials-ssh.html # # @option params [String] :user_name # The name of the IAM user to list SSH public keys for. If none is # specified, the UserName field is determined implicitly based on the # AWS access key used to sign the request. # # This parameter allows (per its [regex pattern][1]) a string of # characters consisting of upper and lowercase alphanumeric characters # with no spaces. You can also include any of the following characters: # =,.@- # # # # [1]: http://wikipedia.org/wiki/regex # # @option params [String] :marker # Use this parameter only when paginating results and only after you # receive a response indicating that the results are truncated. Set it # to the value of the `Marker` element in the response that you received # to indicate where the next call should start. # # @option params [Integer] :max_items # (Optional) Use this only when paginating results to indicate the # maximum number of items you want in the response. If additional items # exist beyond the maximum you specify, the `IsTruncated` response # element is `true`. # # If you do not include this parameter, it defaults to 100. Note that # IAM might return fewer results, even when there are more results # available. In that case, the `IsTruncated` response element returns # `true` and `Marker` contains a value to include in the subsequent call # that tells the service where to continue from. # # @return [Types::ListSSHPublicKeysResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::ListSSHPublicKeysResponse#ssh_public_keys #ssh_public_keys} => Array<Types::SSHPublicKeyMetadata> # * {Types::ListSSHPublicKeysResponse#is_truncated #is_truncated} => Boolean # * {Types::ListSSHPublicKeysResponse#marker #marker} => String # # @example Request syntax with placeholder values # # resp = client.list_ssh_public_keys({ # user_name: "userNameType", # marker: "markerType", # max_items: 1, # }) # # @example Response structure # # resp.ssh_public_keys #=> Array # resp.ssh_public_keys[0].user_name #=> String # resp.ssh_public_keys[0].ssh_public_key_id #=> String # resp.ssh_public_keys[0].status #=> String, one of "Active", "Inactive" # resp.ssh_public_keys[0].upload_date #=> Time # resp.is_truncated #=> Boolean # resp.marker #=> String # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListSSHPublicKeys AWS API Documentation # # @overload list_ssh_public_keys(params = {}) # @param [Hash] params ({}) def list_ssh_public_keys(params = {}, options = {}) req = build_request(:list_ssh_public_keys, params) req.send_request(options) end # Lists the server certificates stored in IAM that have the specified # path prefix. If none exist, the action returns an empty list. # # You can paginate the results using the `MaxItems` and `Marker` # parameters. # # For more information about working with server certificates, including # a list of AWS services that can use the server certificates that you # manage with IAM, go to [Working with Server Certificates][1] in the # *IAM User Guide*. # # # # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html # # @option params [String] :path_prefix # The path prefix for filtering the results. For example: # `/company/servercerts` would get all server certificates for which the # path starts with `/company/servercerts`. # # This parameter is optional. If it is not included, it defaults to a # slash (/), listing all server certificates. This paramater allows (per # its [regex pattern][1]) a string of characters consisting of either a # forward slash (/) by itself or a string that must begin and end with # forward slashes, containing any ASCII character from the ! (\\u0021) # thru the DEL character (\\u007F), including most punctuation # characters, digits, and upper and lowercased letters. # # # # [1]: http://wikipedia.org/wiki/regex # # @option params [String] :marker # Use this parameter only when paginating results and only after you # receive a response indicating that the results are truncated. Set it # to the value of the `Marker` element in the response that you received # to indicate where the next call should start. # # @option params [Integer] :max_items # (Optional) Use this only when paginating results to indicate the # maximum number of items you want in the response. If additional items # exist beyond the maximum you specify, the `IsTruncated` response # element is `true`. # # If you do not include this parameter, it defaults to 100. Note that # IAM might return fewer results, even when there are more results # available. In that case, the `IsTruncated` response element returns # `true` and `Marker` contains a value to include in the subsequent call # that tells the service where to continue from. # # @return [Types::ListServerCertificatesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::ListServerCertificatesResponse#server_certificate_metadata_list #server_certificate_metadata_list} => Array<Types::ServerCertificateMetadata> # * {Types::ListServerCertificatesResponse#is_truncated #is_truncated} => Boolean # * {Types::ListServerCertificatesResponse#marker #marker} => String # # @example Request syntax with placeholder values # # resp = client.list_server_certificates({ # path_prefix: "pathPrefixType", # marker: "markerType", # max_items: 1, # }) # # @example Response structure # # resp.server_certificate_metadata_list #=> Array # resp.server_certificate_metadata_list[0].path #=> String # resp.server_certificate_metadata_list[0].server_certificate_name #=> String # resp.server_certificate_metadata_list[0].server_certificate_id #=> String # resp.server_certificate_metadata_list[0].arn #=> String # resp.server_certificate_metadata_list[0].upload_date #=> Time # resp.server_certificate_metadata_list[0].expiration #=> Time # resp.is_truncated #=> Boolean # resp.marker #=> String # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListServerCertificates AWS API Documentation # # @overload list_server_certificates(params = {}) # @param [Hash] params ({}) def list_server_certificates(params = {}, options = {}) req = build_request(:list_server_certificates, params) req.send_request(options) end # Returns information about the service-specific credentials associated # with the specified IAM user. If there are none, the action returns an # empty list. The service-specific credentials returned by this action # are used only for authenticating the IAM user to a specific service. # For more information about using service-specific credentials to # authenticate to an AWS service, see [Set Up service-specific # credentials][1] in the AWS CodeCommit User Guide. # # # # [1]: http://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-gc.html # # @option params [String] :user_name # The name of the user whose service-specific credentials you want # information about. If this value is not specified then the operation # assumes the user whose credentials are used to call the operation. # # This parameter allows (per its [regex pattern][1]) a string of # characters consisting of upper and lowercase alphanumeric characters # with no spaces. You can also include any of the following characters: # =,.@- # # # # [1]: http://wikipedia.org/wiki/regex # # @option params [String] :service_name # Filters the returned results to only those for the specified AWS # service. If not specified, then AWS returns service-specific # credentials for all services. # # @return [Types::ListServiceSpecificCredentialsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::ListServiceSpecificCredentialsResponse#service_specific_credentials #service_specific_credentials} => Array<Types::ServiceSpecificCredentialMetadata> # # @example Request syntax with placeholder values # # resp = client.list_service_specific_credentials({ # user_name: "userNameType", # service_name: "serviceName", # }) # # @example Response structure # # resp.service_specific_credentials #=> Array # resp.service_specific_credentials[0].user_name #=> String # resp.service_specific_credentials[0].status #=> String, one of "Active", "Inactive" # resp.service_specific_credentials[0].service_user_name #=> String # resp.service_specific_credentials[0].create_date #=> Time # resp.service_specific_credentials[0].service_specific_credential_id #=> String # resp.service_specific_credentials[0].service_name #=> String # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListServiceSpecificCredentials AWS API Documentation # # @overload list_service_specific_credentials(params = {}) # @param [Hash] params ({}) def list_service_specific_credentials(params = {}, options = {}) req = build_request(:list_service_specific_credentials, params) req.send_request(options) end # Returns information about the signing certificates associated with the # specified IAM user. If there are none, the action returns an empty # list. # # Although each user is limited to a small number of signing # certificates, you can still paginate the results using the `MaxItems` # and `Marker` parameters. # # If the `UserName` field is not specified, the user name is determined # implicitly based on the AWS access key ID used to sign the request for # this API. Because this action works for access keys under the AWS # account, you can use this action to manage root credentials even if # the AWS account has no associated users. # # @option params [String] :user_name # The name of the IAM user whose signing certificates you want to # examine. # # This parameter allows (per its [regex pattern][1]) a string of # characters consisting of upper and lowercase alphanumeric characters # with no spaces. You can also include any of the following characters: # =,.@- # # # # [1]: http://wikipedia.org/wiki/regex # # @option params [String] :marker # Use this parameter only when paginating results and only after you # receive a response indicating that the results are truncated. Set it # to the value of the `Marker` element in the response that you received # to indicate where the next call should start. # # @option params [Integer] :max_items # (Optional) Use this only when paginating results to indicate the # maximum number of items you want in the response. If additional items # exist beyond the maximum you specify, the `IsTruncated` response # element is `true`. # # If you do not include this parameter, it defaults to 100. Note that # IAM might return fewer results, even when there are more results # available. In that case, the `IsTruncated` response element returns # `true` and `Marker` contains a value to include in the subsequent call # that tells the service where to continue from. # # @return [Types::ListSigningCertificatesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::ListSigningCertificatesResponse#certificates #certificates} => Array<Types::SigningCertificate> # * {Types::ListSigningCertificatesResponse#is_truncated #is_truncated} => Boolean # * {Types::ListSigningCertificatesResponse#marker #marker} => String # # @example Request syntax with placeholder values # # resp = client.list_signing_certificates({ # user_name: "existingUserNameType", # marker: "markerType", # max_items: 1, # }) # # @example Response structure # # resp.certificates #=> Array # resp.certificates[0].user_name #=> String # resp.certificates[0].certificate_id #=> String # resp.certificates[0].certificate_body #=> String # resp.certificates[0].status #=> String, one of "Active", "Inactive" # resp.certificates[0].upload_date #=> Time # resp.is_truncated #=> Boolean # resp.marker #=> String # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListSigningCertificates AWS API Documentation # # @overload list_signing_certificates(params = {}) # @param [Hash] params ({}) def list_signing_certificates(params = {}, options = {}) req = build_request(:list_signing_certificates, params) req.send_request(options) end # Lists the names of the inline policies embedded in the specified IAM # user. # # An IAM user can also have managed policies attached to it. To list the # managed policies that are attached to a user, use # ListAttachedUserPolicies. For more information about policies, see # [Managed Policies and Inline Policies][1] in the *IAM User Guide*. # # You can paginate the results using the `MaxItems` and `Marker` # parameters. If there are no inline policies embedded with the # specified user, the action returns an empty list. # # # # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html # # @option params [required, String] :user_name # The name of the user to list policies for. # # This parameter allows (per its [regex pattern][1]) a string of # characters consisting of upper and lowercase alphanumeric characters # with no spaces. You can also include any of the following characters: # =,.@- # # # # [1]: http://wikipedia.org/wiki/regex # # @option params [String] :marker # Use this parameter only when paginating results and only after you # receive a response indicating that the results are truncated. Set it # to the value of the `Marker` element in the response that you received # to indicate where the next call should start. # # @option params [Integer] :max_items # (Optional) Use this only when paginating results to indicate the # maximum number of items you want in the response. If additional items # exist beyond the maximum you specify, the `IsTruncated` response # element is `true`. # # If you do not include this parameter, it defaults to 100. Note that # IAM might return fewer results, even when there are more results # available. In that case, the `IsTruncated` response element returns # `true` and `Marker` contains a value to include in the subsequent call # that tells the service where to continue from. # # @return [Types::ListUserPoliciesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::ListUserPoliciesResponse#policy_names #policy_names} => Array<String> # * {Types::ListUserPoliciesResponse#is_truncated #is_truncated} => Boolean # * {Types::ListUserPoliciesResponse#marker #marker} => String # # @example Request syntax with placeholder values # # resp = client.list_user_policies({ # user_name: "existingUserNameType", # required # marker: "markerType", # max_items: 1, # }) # # @example Response structure # # resp.policy_names #=> Array # resp.policy_names[0] #=> String # resp.is_truncated #=> Boolean # resp.marker #=> String # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListUserPolicies AWS API Documentation # # @overload list_user_policies(params = {}) # @param [Hash] params ({}) def list_user_policies(params = {}, options = {}) req = build_request(:list_user_policies, params) req.send_request(options) end # Lists the IAM users that have the specified path prefix. If no path # prefix is specified, the action returns all users in the AWS account. # If there are none, the action returns an empty list. # # You can paginate the results using the `MaxItems` and `Marker` # parameters. # # @option params [String] :path_prefix # The path prefix for filtering the results. For example: # `/division_abc/subdivision_xyz/`, which would get all user names whose # path starts with `/division_abc/subdivision_xyz/`. # # This parameter is optional. If it is not included, it defaults to a # slash (/), listing all user names. This paramater allows (per its # [regex pattern][1]) a string of characters consisting of either a # forward slash (/) by itself or a string that must begin and end with # forward slashes, containing any ASCII character from the ! (\\u0021) # thru the DEL character (\\u007F), including most punctuation # characters, digits, and upper and lowercased letters. # # # # [1]: http://wikipedia.org/wiki/regex # # @option params [String] :marker # Use this parameter only when paginating results and only after you # receive a response indicating that the results are truncated. Set it # to the value of the `Marker` element in the response that you received # to indicate where the next call should start. # # @option params [Integer] :max_items # (Optional) Use this only when paginating results to indicate the # maximum number of items you want in the response. If additional items # exist beyond the maximum you specify, the `IsTruncated` response # element is `true`. # # If you do not include this parameter, it defaults to 100. Note that # IAM might return fewer results, even when there are more results # available. In that case, the `IsTruncated` response element returns # `true` and `Marker` contains a value to include in the subsequent call # that tells the service where to continue from. # # @return [Types::ListUsersResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::ListUsersResponse#users #users} => Array<Types::User> # * {Types::ListUsersResponse#is_truncated #is_truncated} => Boolean # * {Types::ListUsersResponse#marker #marker} => String # # @example Request syntax with placeholder values # # resp = client.list_users({ # path_prefix: "pathPrefixType", # marker: "markerType", # max_items: 1, # }) # # @example Response structure # # resp.users #=> Array # resp.users[0].path #=> String # resp.users[0].user_name #=> String # resp.users[0].user_id #=> String # resp.users[0].arn #=> String # resp.users[0].create_date #=> Time # resp.users[0].password_last_used #=> Time # resp.is_truncated #=> Boolean # resp.marker #=> String # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListUsers AWS API Documentation # # @overload list_users(params = {}) # @param [Hash] params ({}) def list_users(params = {}, options = {}) req = build_request(:list_users, params) req.send_request(options) end # Lists the virtual MFA devices defined in the AWS account by assignment # status. If you do not specify an assignment status, the action returns # a list of all virtual MFA devices. Assignment status can be # `Assigned`, `Unassigned`, or `Any`. # # You can paginate the results using the `MaxItems` and `Marker` # parameters. # # @option params [String] :assignment_status # The status (`Unassigned` or `Assigned`) of the devices to list. If you # do not specify an `AssignmentStatus`, the action defaults to `Any` # which lists both assigned and unassigned virtual MFA devices. # # @option params [String] :marker # Use this parameter only when paginating results and only after you # receive a response indicating that the results are truncated. Set it # to the value of the `Marker` element in the response that you received # to indicate where the next call should start. # # @option params [Integer] :max_items # (Optional) Use this only when paginating results to indicate the # maximum number of items you want in the response. If additional items # exist beyond the maximum you specify, the `IsTruncated` response # element is `true`. # # If you do not include this parameter, it defaults to 100. Note that # IAM might return fewer results, even when there are more results # available. In that case, the `IsTruncated` response element returns # `true` and `Marker` contains a value to include in the subsequent call # that tells the service where to continue from. # # @return [Types::ListVirtualMFADevicesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::ListVirtualMFADevicesResponse#virtual_mfa_devices #virtual_mfa_devices} => Array<Types::VirtualMFADevice> # * {Types::ListVirtualMFADevicesResponse#is_truncated #is_truncated} => Boolean # * {Types::ListVirtualMFADevicesResponse#marker #marker} => String # # @example Request syntax with placeholder values # # resp = client.list_virtual_mfa_devices({ # assignment_status: "Assigned", # accepts Assigned, Unassigned, Any # marker: "markerType", # max_items: 1, # }) # # @example Response structure # # resp.virtual_mfa_devices #=> Array # resp.virtual_mfa_devices[0].serial_number #=> String # resp.virtual_mfa_devices[0].base_32_string_seed #=> String # resp.virtual_mfa_devices[0].qr_code_png #=> String # resp.virtual_mfa_devices[0].user.path #=> String # resp.virtual_mfa_devices[0].user.user_name #=> String # resp.virtual_mfa_devices[0].user.user_id #=> String # resp.virtual_mfa_devices[0].user.arn #=> String # resp.virtual_mfa_devices[0].user.create_date #=> Time # resp.virtual_mfa_devices[0].user.password_last_used #=> Time # resp.virtual_mfa_devices[0].enable_date #=> Time # resp.is_truncated #=> Boolean # resp.marker #=> String # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListVirtualMFADevices AWS API Documentation # # @overload list_virtual_mfa_devices(params = {}) # @param [Hash] params ({}) def list_virtual_mfa_devices(params = {}, options = {}) req = build_request(:list_virtual_mfa_devices, params) req.send_request(options) end # Adds or updates an inline policy document that is embedded in the # specified IAM group. # # A user can also have managed policies attached to it. To attach a # managed policy to a group, use AttachGroupPolicy. To create a new # managed policy, use CreatePolicy. For information about policies, see # [Managed Policies and Inline Policies][1] in the *IAM User Guide*. # # For information about limits on the number of inline policies that you # can embed in a group, see [Limitations on IAM Entities][2] in the *IAM # User Guide*. # # Because policy documents can be large, you should use POST rather than # GET when calling `PutGroupPolicy`. For general information about using # the Query API with IAM, go to [Making Query Requests][3] in the *IAM # User Guide*. # # # # # # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html # [2]: http://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html # [3]: http://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_UsingQueryAPI.html # # @option params [required, String] :group_name # The name of the group to associate the policy with. # # This parameter allows (per its [regex pattern][1]) a string of # characters consisting of upper and lowercase alphanumeric characters # with no spaces. You can also include any of the following characters: # =,.@- # # # # [1]: http://wikipedia.org/wiki/regex # # @option params [required, String] :policy_name # The name of the policy document. # # This parameter allows (per its [regex pattern][1]) a string of # characters consisting of upper and lowercase alphanumeric characters # with no spaces. You can also include any of the following characters: # =,.@- # # # # [1]: http://wikipedia.org/wiki/regex # # @option params [required, String] :policy_document # The policy document. # # The [regex pattern][1] used to validate this parameter is a string of # characters consisting of any printable ASCII character ranging from # the space character (\\u0020) through end of the ASCII character range # as well as the printable characters in the Basic Latin and Latin-1 # Supplement character set (through \\u00FF). It also includes the # special characters tab (\\u0009), line feed (\\u000A), and carriage # return (\\u000D). # # # # [1]: http://wikipedia.org/wiki/regex # # @return [Struct] Returns an empty {Seahorse::Client::Response response}. # # @example Request syntax with placeholder values # # resp = client.put_group_policy({ # group_name: "groupNameType", # required # policy_name: "policyNameType", # required # policy_document: "policyDocumentType", # required # }) # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/PutGroupPolicy AWS API Documentation # # @overload put_group_policy(params = {}) # @param [Hash] params ({}) def put_group_policy(params = {}, options = {}) req = build_request(:put_group_policy, params) req.send_request(options) end # Adds or updates an inline policy document that is embedded in the # specified IAM role. # # When you embed an inline policy in a role, the inline policy is used # as part of the role's access (permissions) policy. The role's trust # policy is created at the same time as the role, using CreateRole. You # can update a role's trust policy using UpdateAssumeRolePolicy. For # more information about IAM roles, go to [Using Roles to Delegate # Permissions and Federate Identities][1]. # # A role can also have a managed policy attached to it. To attach a # managed policy to a role, use AttachRolePolicy. To create a new # managed policy, use CreatePolicy. For information about policies, see # [Managed Policies and Inline Policies][2] in the *IAM User Guide*. # # For information about limits on the number of inline policies that you # can embed with a role, see [Limitations on IAM Entities][3] in the # *IAM User Guide*. # # Because policy documents can be large, you should use POST rather than # GET when calling `PutRolePolicy`. For general information about using # the Query API with IAM, go to [Making Query Requests][4] in the *IAM # User Guide*. # # # # # # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/roles-toplevel.html # [2]: http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html # [3]: http://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html # [4]: http://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_UsingQueryAPI.html # # @option params [required, String] :role_name # The name of the role to associate the policy with. # # This parameter allows (per its [regex pattern][1]) a string of # characters consisting of upper and lowercase alphanumeric characters # with no spaces. You can also include any of the following characters: # \_+=,.@- # # # # [1]: http://wikipedia.org/wiki/regex # # @option params [required, String] :policy_name # The name of the policy document. # # This parameter allows (per its [regex pattern][1]) a string of # characters consisting of upper and lowercase alphanumeric characters # with no spaces. You can also include any of the following characters: # =,.@- # # # # [1]: http://wikipedia.org/wiki/regex # # @option params [required, String] :policy_document # The policy document. # # The [regex pattern][1] used to validate this parameter is a string of # characters consisting of any printable ASCII character ranging from # the space character (\\u0020) through end of the ASCII character range # as well as the printable characters in the Basic Latin and Latin-1 # Supplement character set (through \\u00FF). It also includes the # special characters tab (\\u0009), line feed (\\u000A), and carriage # return (\\u000D). # # # # [1]: http://wikipedia.org/wiki/regex # # @return [Struct] Returns an empty {Seahorse::Client::Response response}. # # @example Request syntax with placeholder values # # resp = client.put_role_policy({ # role_name: "roleNameType", # required # policy_name: "policyNameType", # required # policy_document: "policyDocumentType", # required # }) # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/PutRolePolicy AWS API Documentation # # @overload put_role_policy(params = {}) # @param [Hash] params ({}) def put_role_policy(params = {}, options = {}) req = build_request(:put_role_policy, params) req.send_request(options) end # Adds or updates an inline policy document that is embedded in the # specified IAM user. # # An IAM user can also have a managed policy attached to it. To attach a # managed policy to a user, use AttachUserPolicy. To create a new # managed policy, use CreatePolicy. For information about policies, see # [Managed Policies and Inline Policies][1] in the *IAM User Guide*. # # For information about limits on the number of inline policies that you # can embed in a user, see [Limitations on IAM Entities][2] in the *IAM # User Guide*. # # Because policy documents can be large, you should use POST rather than # GET when calling `PutUserPolicy`. For general information about using # the Query API with IAM, go to [Making Query Requests][3] in the *IAM # User Guide*. # # # # # # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html # [2]: http://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html # [3]: http://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_UsingQueryAPI.html # # @option params [required, String] :user_name # The name of the user to associate the policy with. # # This parameter allows (per its [regex pattern][1]) a string of # characters consisting of upper and lowercase alphanumeric characters # with no spaces. You can also include any of the following characters: # =,.@- # # # # [1]: http://wikipedia.org/wiki/regex # # @option params [required, String] :policy_name # The name of the policy document. # # This parameter allows (per its [regex pattern][1]) a string of # characters consisting of upper and lowercase alphanumeric characters # with no spaces. You can also include any of the following characters: # =,.@- # # # # [1]: http://wikipedia.org/wiki/regex # # @option params [required, String] :policy_document # The policy document. # # The [regex pattern][1] used to validate this parameter is a string of # characters consisting of any printable ASCII character ranging from # the space character (\\u0020) through end of the ASCII character range # as well as the printable characters in the Basic Latin and Latin-1 # Supplement character set (through \\u00FF). It also includes the # special characters tab (\\u0009), line feed (\\u000A), and carriage # return (\\u000D). # # # # [1]: http://wikipedia.org/wiki/regex # # @return [Struct] Returns an empty {Seahorse::Client::Response response}. # # @example Request syntax with placeholder values # # resp = client.put_user_policy({ # user_name: "existingUserNameType", # required # policy_name: "policyNameType", # required # policy_document: "policyDocumentType", # required # }) # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/PutUserPolicy AWS API Documentation # # @overload put_user_policy(params = {}) # @param [Hash] params ({}) def put_user_policy(params = {}, options = {}) req = build_request(:put_user_policy, params) req.send_request(options) end # Removes the specified client ID (also known as audience) from the list # of client IDs registered for the specified IAM OpenID Connect (OIDC) # provider resource object. # # This action is idempotent; it does not fail or return an error if you # try to remove a client ID that does not exist. # # @option params [required, String] :open_id_connect_provider_arn # The Amazon Resource Name (ARN) of the IAM OIDC provider resource to # remove the client ID from. You can get a list of OIDC provider ARNs by # using the ListOpenIDConnectProviders action. # # For more information about ARNs, see [Amazon Resource Names (ARNs) and # AWS Service Namespaces][1] in the *AWS General Reference*. # # # # [1]: http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html # # @option params [required, String] :client_id # The client ID (also known as audience) to remove from the IAM OIDC # provider resource. For more information about client IDs, see # CreateOpenIDConnectProvider. # # @return [Struct] Returns an empty {Seahorse::Client::Response response}. # # @example Request syntax with placeholder values # # resp = client.remove_client_id_from_open_id_connect_provider({ # open_id_connect_provider_arn: "arnType", # required # client_id: "clientIDType", # required # }) # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/RemoveClientIDFromOpenIDConnectProvider AWS API Documentation # # @overload remove_client_id_from_open_id_connect_provider(params = {}) # @param [Hash] params ({}) def remove_client_id_from_open_id_connect_provider(params = {}, options = {}) req = build_request(:remove_client_id_from_open_id_connect_provider, params) req.send_request(options) end # Removes the specified IAM role from the specified EC2 instance # profile. # # Make sure you do not have any Amazon EC2 instances running with the # role you are about to remove from the instance profile. Removing a # role from an instance profile that is associated with a running # instance might break any applications running on the instance. # # For more information about IAM roles, go to [Working with Roles][1]. # For more information about instance profiles, go to [About Instance # Profiles][2]. # # # # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/WorkingWithRoles.html # [2]: http://docs.aws.amazon.com/IAM/latest/UserGuide/AboutInstanceProfiles.html # # @option params [required, String] :instance_profile_name # The name of the instance profile to update. # # This parameter allows (per its [regex pattern][1]) a string of # characters consisting of upper and lowercase alphanumeric characters # with no spaces. You can also include any of the following characters: # =,.@- # # # # [1]: http://wikipedia.org/wiki/regex # # @option params [required, String] :role_name # The name of the role to remove. # # This parameter allows (per its [regex pattern][1]) a string of # characters consisting of upper and lowercase alphanumeric characters # with no spaces. You can also include any of the following characters: # \_+=,.@- # # # # [1]: http://wikipedia.org/wiki/regex # # @return [Struct] Returns an empty {Seahorse::Client::Response response}. # # @example Request syntax with placeholder values # # resp = client.remove_role_from_instance_profile({ # instance_profile_name: "instanceProfileNameType", # required # role_name: "roleNameType", # required # }) # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/RemoveRoleFromInstanceProfile AWS API Documentation # # @overload remove_role_from_instance_profile(params = {}) # @param [Hash] params ({}) def remove_role_from_instance_profile(params = {}, options = {}) req = build_request(:remove_role_from_instance_profile, params) req.send_request(options) end # Removes the specified user from the specified group. # # @option params [required, String] :group_name # The name of the group to update. # # This parameter allows (per its [regex pattern][1]) a string of # characters consisting of upper and lowercase alphanumeric characters # with no spaces. You can also include any of the following characters: # =,.@- # # # # [1]: http://wikipedia.org/wiki/regex # # @option params [required, String] :user_name # The name of the user to remove. # # This parameter allows (per its [regex pattern][1]) a string of # characters consisting of upper and lowercase alphanumeric characters # with no spaces. You can also include any of the following characters: # =,.@- # # # # [1]: http://wikipedia.org/wiki/regex # # @return [Struct] Returns an empty {Seahorse::Client::Response response}. # # @example Request syntax with placeholder values # # resp = client.remove_user_from_group({ # group_name: "groupNameType", # required # user_name: "existingUserNameType", # required # }) # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/RemoveUserFromGroup AWS API Documentation # # @overload remove_user_from_group(params = {}) # @param [Hash] params ({}) def remove_user_from_group(params = {}, options = {}) req = build_request(:remove_user_from_group, params) req.send_request(options) end # Resets the password for a service-specific credential. The new # password is AWS generated and cryptographically strong. It cannot be # configured by the user. Resetting the password immediately invalidates # the previous password associated with this user. # # @option params [String] :user_name # The name of the IAM user associated with the service-specific # credential. If this value is not specified, then the operation assumes # the user whose credentials are used to call the operation. # # This parameter allows (per its [regex pattern][1]) a string of # characters consisting of upper and lowercase alphanumeric characters # with no spaces. You can also include any of the following characters: # =,.@- # # # # [1]: http://wikipedia.org/wiki/regex # # @option params [required, String] :service_specific_credential_id # The unique identifier of the service-specific credential. # # This parameter allows (per its [regex pattern][1]) a string of # characters that can consist of any upper or lowercased letter or # digit. # # # # [1]: http://wikipedia.org/wiki/regex # # @return [Types::ResetServiceSpecificCredentialResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::ResetServiceSpecificCredentialResponse#service_specific_credential #service_specific_credential} => Types::ServiceSpecificCredential # # @example Request syntax with placeholder values # # resp = client.reset_service_specific_credential({ # user_name: "userNameType", # service_specific_credential_id: "serviceSpecificCredentialId", # required # }) # # @example Response structure # # resp.service_specific_credential.create_date #=> Time # resp.service_specific_credential.service_name #=> String # resp.service_specific_credential.service_user_name #=> String # resp.service_specific_credential.service_password #=> String # resp.service_specific_credential.service_specific_credential_id #=> String # resp.service_specific_credential.user_name #=> String # resp.service_specific_credential.status #=> String, one of "Active", "Inactive" # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ResetServiceSpecificCredential AWS API Documentation # # @overload reset_service_specific_credential(params = {}) # @param [Hash] params ({}) def reset_service_specific_credential(params = {}, options = {}) req = build_request(:reset_service_specific_credential, params) req.send_request(options) end # Synchronizes the specified MFA device with its IAM resource object on # the AWS servers. # # For more information about creating and working with virtual MFA # devices, go to [Using a Virtual MFA Device][1] in the *IAM User # Guide*. # # # # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_VirtualMFA.html # # @option params [required, String] :user_name # The name of the user whose MFA device you want to resynchronize. # # This parameter allows (per its [regex pattern][1]) a string of # characters consisting of upper and lowercase alphanumeric characters # with no spaces. You can also include any of the following characters: # =,.@- # # # # [1]: http://wikipedia.org/wiki/regex # # @option params [required, String] :serial_number # Serial number that uniquely identifies the MFA device. # # This parameter allows (per its [regex pattern][1]) a string of # characters consisting of upper and lowercase alphanumeric characters # with no spaces. You can also include any of the following characters: # =,.@- # # # # [1]: http://wikipedia.org/wiki/regex # # @option params [required, String] :authentication_code_1 # An authentication code emitted by the device. # # The format for this parameter is a sequence of six digits. # # @option params [required, String] :authentication_code_2 # A subsequent authentication code emitted by the device. # # The format for this parameter is a sequence of six digits. # # @return [Struct] Returns an empty {Seahorse::Client::Response response}. # # @example Request syntax with placeholder values # # resp = client.resync_mfa_device({ # user_name: "existingUserNameType", # required # serial_number: "serialNumberType", # required # authentication_code_1: "authenticationCodeType", # required # authentication_code_2: "authenticationCodeType", # required # }) # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ResyncMFADevice AWS API Documentation # # @overload resync_mfa_device(params = {}) # @param [Hash] params ({}) def resync_mfa_device(params = {}, options = {}) req = build_request(:resync_mfa_device, params) req.send_request(options) end # Sets the specified version of the specified policy as the policy's # default (operative) version. # # This action affects all users, groups, and roles that the policy is # attached to. To list the users, groups, and roles that the policy is # attached to, use the ListEntitiesForPolicy API. # # For information about managed policies, see [Managed Policies and # Inline Policies][1] in the *IAM User Guide*. # # # # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html # # @option params [required, String] :policy_arn # The Amazon Resource Name (ARN) of the IAM policy whose default version # you want to set. # # For more information about ARNs, see [Amazon Resource Names (ARNs) and # AWS Service Namespaces][1] in the *AWS General Reference*. # # # # [1]: http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html # # @option params [required, String] :version_id # The version of the policy to set as the default (operative) version. # # For more information about managed policy versions, see [Versioning # for Managed Policies][1] in the *IAM User Guide*. # # # # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html # # @return [Struct] Returns an empty {Seahorse::Client::Response response}. # # @example Request syntax with placeholder values # # resp = client.set_default_policy_version({ # policy_arn: "arnType", # required # version_id: "policyVersionIdType", # required # }) # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/SetDefaultPolicyVersion AWS API Documentation # # @overload set_default_policy_version(params = {}) # @param [Hash] params ({}) def set_default_policy_version(params = {}, options = {}) req = build_request(:set_default_policy_version, params) req.send_request(options) end # Simulate how a set of IAM policies and optionally a resource-based # policy works with a list of API actions and AWS resources to determine # the policies' effective permissions. The policies are provided as # strings. # # The simulation does not perform the API actions; it only checks the # authorization to determine if the simulated policies allow or deny the # actions. # # If you want to simulate existing policies attached to an IAM user, # group, or role, use SimulatePrincipalPolicy instead. # # Context keys are variables maintained by AWS and its services that # provide details about the context of an API query request. You can use # the `Condition` element of an IAM policy to evaluate context keys. To # get the list of context keys that the policies require for correct # simulation, use GetContextKeysForCustomPolicy. # # If the output is long, you can use `MaxItems` and `Marker` parameters # to paginate the results. # # @option params [required, Array] :policy_input_list # A list of policy documents to include in the simulation. Each document # is specified as a string containing the complete, valid JSON text of # an IAM policy. Do not include any resource-based policies in this # parameter. Any resource-based policy must be submitted with the # `ResourcePolicy` parameter. The policies cannot be "scope-down" # policies, such as you could include in a call to # [GetFederationToken][1] or one of the [AssumeRole][2] APIs to restrict # what a user can do while using the temporary credentials. # # The [regex pattern][3] used to validate this parameter is a string of # characters consisting of any printable ASCII character ranging from # the space character (\\u0020) through end of the ASCII character range # as well as the printable characters in the Basic Latin and Latin-1 # Supplement character set (through \\u00FF). It also includes the # special characters tab (\\u0009), line feed (\\u000A), and carriage # return (\\u000D). # # # # [1]: http://docs.aws.amazon.com/IAM/latest/APIReference/API_GetFederationToken.html # [2]: http://docs.aws.amazon.com/IAM/latest/APIReference/API_AssumeRole.html # [3]: http://wikipedia.org/wiki/regex # # @option params [required, Array] :action_names # A list of names of API actions to evaluate in the simulation. Each # action is evaluated against each resource. Each action must include # the service identifier, such as `iam:CreateUser`. # # @option params [Array] :resource_arns # A list of ARNs of AWS resources to include in the simulation. If this # parameter is not provided then the value defaults to `*` (all # resources). Each API in the `ActionNames` parameter is evaluated for # each resource in this list. The simulation determines the access # result (allowed or denied) of each combination and reports it in the # response. # # The simulation does not automatically retrieve policies for the # specified resources. If you want to include a resource policy in the # simulation, then you must include the policy as a string in the # `ResourcePolicy` parameter. # # If you include a `ResourcePolicy`, then it must be applicable to all # of the resources included in the simulation or you receive an invalid # input error. # # For more information about ARNs, see [Amazon Resource Names (ARNs) and # AWS Service Namespaces][1] in the *AWS General Reference*. # # # # [1]: http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html # # @option params [String] :resource_policy # A resource-based policy to include in the simulation provided as a # string. Each resource in the simulation is treated as if it had this # policy attached. You can include only one resource-based policy in a # simulation. # # The [regex pattern][1] used to validate this parameter is a string of # characters consisting of any printable ASCII character ranging from # the space character (\\u0020) through end of the ASCII character range # as well as the printable characters in the Basic Latin and Latin-1 # Supplement character set (through \\u00FF). It also includes the # special characters tab (\\u0009), line feed (\\u000A), and carriage # return (\\u000D). # # # # [1]: http://wikipedia.org/wiki/regex # # @option params [String] :resource_owner # An AWS account ID that specifies the owner of any simulated resource # that does not identify its owner in the resource ARN, such as an S3 # bucket or object. If `ResourceOwner` is specified, it is also used as # the account owner of any `ResourcePolicy` included in the simulation. # If the `ResourceOwner` parameter is not specified, then the owner of # the resources and the resource policy defaults to the account of the # identity provided in `CallerArn`. This parameter is required only if # you specify a resource-based policy and account that owns the resource # is different from the account that owns the simulated calling user # `CallerArn`. # # @option params [String] :caller_arn # The ARN of the IAM user that you want to use as the simulated caller # of the APIs. `CallerArn` is required if you include a `ResourcePolicy` # so that the policy's `Principal` element has a value to use in # evaluating the policy. # # You can specify only the ARN of an IAM user. You cannot specify the # ARN of an assumed role, federated user, or a service principal. # # @option params [Array] :context_entries # A list of context keys and corresponding values for the simulation to # use. Whenever a context key is evaluated in one of the simulated IAM # permission policies, the corresponding value is supplied. # # @option params [String] :resource_handling_option # Specifies the type of simulation to run. Different APIs that support # resource-based policies require different combinations of resources. # By specifying the type of simulation to run, you enable the policy # simulator to enforce the presence of the required resources to ensure # reliable simulation results. If your simulation does not match one of # the following scenarios, then you can omit this parameter. The # following list shows each of the supported scenario values and the # resources that you must define to run the simulation. # # Each of the EC2 scenarios requires that you specify instance, image, # and security-group resources. If your scenario includes an EBS volume, # then you must specify that volume as a resource. If the EC2 scenario # includes VPC, then you must supply the network-interface resource. If # it includes an IP subnet, then you must specify the subnet resource. # For more information on the EC2 scenario options, see [Supported # Platforms][1] in the *AWS EC2 User Guide*. # # * **EC2-Classic-InstanceStore** # # instance, image, security-group # # * **EC2-Classic-EBS** # # instance, image, security-group, volume # # * **EC2-VPC-InstanceStore** # # instance, image, security-group, network-interface # # * **EC2-VPC-InstanceStore-Subnet** # # instance, image, security-group, network-interface, subnet # # * **EC2-VPC-EBS** # # instance, image, security-group, network-interface, volume # # * **EC2-VPC-EBS-Subnet** # # instance, image, security-group, network-interface, subnet, volume # # # # [1]: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-supported-platforms.html # # @option params [Integer] :max_items # (Optional) Use this only when paginating results to indicate the # maximum number of items you want in the response. If additional items # exist beyond the maximum you specify, the `IsTruncated` response # element is `true`. # # If you do not include this parameter, it defaults to 100. Note that # IAM might return fewer results, even when there are more results # available. In that case, the `IsTruncated` response element returns # `true` and `Marker` contains a value to include in the subsequent call # that tells the service where to continue from. # # @option params [String] :marker # Use this parameter only when paginating results and only after you # receive a response indicating that the results are truncated. Set it # to the value of the `Marker` element in the response that you received # to indicate where the next call should start. # # @return [Types::SimulatePolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::SimulatePolicyResponse#evaluation_results #evaluation_results} => Array<Types::EvaluationResult> # * {Types::SimulatePolicyResponse#is_truncated #is_truncated} => Boolean # * {Types::SimulatePolicyResponse#marker #marker} => String # # @example Request syntax with placeholder values # # resp = client.simulate_custom_policy({ # policy_input_list: ["policyDocumentType"], # required # action_names: ["ActionNameType"], # required # resource_arns: ["ResourceNameType"], # resource_policy: "policyDocumentType", # resource_owner: "ResourceNameType", # caller_arn: "ResourceNameType", # context_entries: [ # { # context_key_name: "ContextKeyNameType", # context_key_values: ["ContextKeyValueType"], # context_key_type: "string", # accepts string, stringList, numeric, numericList, boolean, booleanList, ip, ipList, binary, binaryList, date, dateList # }, # ], # resource_handling_option: "ResourceHandlingOptionType", # max_items: 1, # marker: "markerType", # }) # # @example Response structure # # resp.evaluation_results #=> Array # resp.evaluation_results[0].eval_action_name #=> String # resp.evaluation_results[0].eval_resource_name #=> String # resp.evaluation_results[0].eval_decision #=> String, one of "allowed", "explicitDeny", "implicitDeny" # resp.evaluation_results[0].matched_statements #=> Array # resp.evaluation_results[0].matched_statements[0].source_policy_id #=> String # resp.evaluation_results[0].matched_statements[0].source_policy_type #=> String, one of "user", "group", "role", "aws-managed", "user-managed", "resource", "none" # resp.evaluation_results[0].matched_statements[0].start_position.line #=> Integer # resp.evaluation_results[0].matched_statements[0].start_position.column #=> Integer # resp.evaluation_results[0].matched_statements[0].end_position.line #=> Integer # resp.evaluation_results[0].matched_statements[0].end_position.column #=> Integer # resp.evaluation_results[0].missing_context_values #=> Array # resp.evaluation_results[0].missing_context_values[0] #=> String # resp.evaluation_results[0].organizations_decision_detail.allowed_by_organizations #=> Boolean # resp.evaluation_results[0].eval_decision_details #=> Hash # resp.evaluation_results[0].eval_decision_details["EvalDecisionSourceType"] #=> String, one of "allowed", "explicitDeny", "implicitDeny" # resp.evaluation_results[0].resource_specific_results #=> Array # resp.evaluation_results[0].resource_specific_results[0].eval_resource_name #=> String # resp.evaluation_results[0].resource_specific_results[0].eval_resource_decision #=> String, one of "allowed", "explicitDeny", "implicitDeny" # resp.evaluation_results[0].resource_specific_results[0].matched_statements #=> Array # resp.evaluation_results[0].resource_specific_results[0].matched_statements[0].source_policy_id #=> String # resp.evaluation_results[0].resource_specific_results[0].matched_statements[0].source_policy_type #=> String, one of "user", "group", "role", "aws-managed", "user-managed", "resource", "none" # resp.evaluation_results[0].resource_specific_results[0].matched_statements[0].start_position.line #=> Integer # resp.evaluation_results[0].resource_specific_results[0].matched_statements[0].start_position.column #=> Integer # resp.evaluation_results[0].resource_specific_results[0].matched_statements[0].end_position.line #=> Integer # resp.evaluation_results[0].resource_specific_results[0].matched_statements[0].end_position.column #=> Integer # resp.evaluation_results[0].resource_specific_results[0].missing_context_values #=> Array # resp.evaluation_results[0].resource_specific_results[0].missing_context_values[0] #=> String # resp.evaluation_results[0].resource_specific_results[0].eval_decision_details #=> Hash # resp.evaluation_results[0].resource_specific_results[0].eval_decision_details["EvalDecisionSourceType"] #=> String, one of "allowed", "explicitDeny", "implicitDeny" # resp.is_truncated #=> Boolean # resp.marker #=> String # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/SimulateCustomPolicy AWS API Documentation # # @overload simulate_custom_policy(params = {}) # @param [Hash] params ({}) def simulate_custom_policy(params = {}, options = {}) req = build_request(:simulate_custom_policy, params) req.send_request(options) end # Simulate how a set of IAM policies attached to an IAM entity works # with a list of API actions and AWS resources to determine the # policies' effective permissions. The entity can be an IAM user, # group, or role. If you specify a user, then the simulation also # includes all of the policies that are attached to groups that the user # belongs to . # # You can optionally include a list of one or more additional policies # specified as strings to include in the simulation. If you want to # simulate only policies specified as strings, use SimulateCustomPolicy # instead. # # You can also optionally include one resource-based policy to be # evaluated with each of the resources included in the simulation. # # The simulation does not perform the API actions, it only checks the # authorization to determine if the simulated policies allow or deny the # actions. # # **Note:** This API discloses information about the permissions granted # to other users. If you do not want users to see other user's # permissions, then consider allowing them to use SimulateCustomPolicy # instead. # # Context keys are variables maintained by AWS and its services that # provide details about the context of an API query request. You can use # the `Condition` element of an IAM policy to evaluate context keys. To # get the list of context keys that the policies require for correct # simulation, use GetContextKeysForPrincipalPolicy. # # If the output is long, you can use the `MaxItems` and `Marker` # parameters to paginate the results. # # @option params [required, String] :policy_source_arn # The Amazon Resource Name (ARN) of a user, group, or role whose # policies you want to include in the simulation. If you specify a user, # group, or role, the simulation includes all policies that are # associated with that entity. If you specify a user, the simulation # also includes all policies that are attached to any groups the user # belongs to. # # For more information about ARNs, see [Amazon Resource Names (ARNs) and # AWS Service Namespaces][1] in the *AWS General Reference*. # # # # [1]: http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html # # @option params [Array] :policy_input_list # An optional list of additional policy documents to include in the # simulation. Each document is specified as a string containing the # complete, valid JSON text of an IAM policy. # # The [regex pattern][1] used to validate this parameter is a string of # characters consisting of any printable ASCII character ranging from # the space character (\\u0020) through end of the ASCII character range # as well as the printable characters in the Basic Latin and Latin-1 # Supplement character set (through \\u00FF). It also includes the # special characters tab (\\u0009), line feed (\\u000A), and carriage # return (\\u000D). # # # # [1]: http://wikipedia.org/wiki/regex # # @option params [required, Array] :action_names # A list of names of API actions to evaluate in the simulation. Each # action is evaluated for each resource. Each action must include the # service identifier, such as `iam:CreateUser`. # # @option params [Array] :resource_arns # A list of ARNs of AWS resources to include in the simulation. If this # parameter is not provided then the value defaults to `*` (all # resources). Each API in the `ActionNames` parameter is evaluated for # each resource in this list. The simulation determines the access # result (allowed or denied) of each combination and reports it in the # response. # # The simulation does not automatically retrieve policies for the # specified resources. If you want to include a resource policy in the # simulation, then you must include the policy as a string in the # `ResourcePolicy` parameter. # # For more information about ARNs, see [Amazon Resource Names (ARNs) and # AWS Service Namespaces][1] in the *AWS General Reference*. # # # # [1]: http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html # # @option params [String] :resource_policy # A resource-based policy to include in the simulation provided as a # string. Each resource in the simulation is treated as if it had this # policy attached. You can include only one resource-based policy in a # simulation. # # The [regex pattern][1] used to validate this parameter is a string of # characters consisting of any printable ASCII character ranging from # the space character (\\u0020) through end of the ASCII character range # as well as the printable characters in the Basic Latin and Latin-1 # Supplement character set (through \\u00FF). It also includes the # special characters tab (\\u0009), line feed (\\u000A), and carriage # return (\\u000D). # # # # [1]: http://wikipedia.org/wiki/regex # # @option params [String] :resource_owner # An AWS account ID that specifies the owner of any simulated resource # that does not identify its owner in the resource ARN, such as an S3 # bucket or object. If `ResourceOwner` is specified, it is also used as # the account owner of any `ResourcePolicy` included in the simulation. # If the `ResourceOwner` parameter is not specified, then the owner of # the resources and the resource policy defaults to the account of the # identity provided in `CallerArn`. This parameter is required only if # you specify a resource-based policy and account that owns the resource # is different from the account that owns the simulated calling user # `CallerArn`. # # @option params [String] :caller_arn # The ARN of the IAM user that you want to specify as the simulated # caller of the APIs. If you do not specify a `CallerArn`, it defaults # to the ARN of the user that you specify in `PolicySourceArn`, if you # specified a user. If you include both a `PolicySourceArn` (for # example, `arn:aws:iam::123456789012:user/David`) and a `CallerArn` # (for example, `arn:aws:iam::123456789012:user/Bob`), the result is # that you simulate calling the APIs as Bob, as if Bob had David's # policies. # # You can specify only the ARN of an IAM user. You cannot specify the # ARN of an assumed role, federated user, or a service principal. # # `CallerArn` is required if you include a `ResourcePolicy` and the # `PolicySourceArn` is not the ARN for an IAM user. This is required so # that the resource-based policy's `Principal` element has a value to # use in evaluating the policy. # # For more information about ARNs, see [Amazon Resource Names (ARNs) and # AWS Service Namespaces][1] in the *AWS General Reference*. # # # # [1]: http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html # # @option params [Array] :context_entries # A list of context keys and corresponding values for the simulation to # use. Whenever a context key is evaluated in one of the simulated IAM # permission policies, the corresponding value is supplied. # # @option params [String] :resource_handling_option # Specifies the type of simulation to run. Different APIs that support # resource-based policies require different combinations of resources. # By specifying the type of simulation to run, you enable the policy # simulator to enforce the presence of the required resources to ensure # reliable simulation results. If your simulation does not match one of # the following scenarios, then you can omit this parameter. The # following list shows each of the supported scenario values and the # resources that you must define to run the simulation. # # Each of the EC2 scenarios requires that you specify instance, image, # and security-group resources. If your scenario includes an EBS volume, # then you must specify that volume as a resource. If the EC2 scenario # includes VPC, then you must supply the network-interface resource. If # it includes an IP subnet, then you must specify the subnet resource. # For more information on the EC2 scenario options, see [Supported # Platforms][1] in the *AWS EC2 User Guide*. # # * **EC2-Classic-InstanceStore** # # instance, image, security-group # # * **EC2-Classic-EBS** # # instance, image, security-group, volume # # * **EC2-VPC-InstanceStore** # # instance, image, security-group, network-interface # # * **EC2-VPC-InstanceStore-Subnet** # # instance, image, security-group, network-interface, subnet # # * **EC2-VPC-EBS** # # instance, image, security-group, network-interface, volume # # * **EC2-VPC-EBS-Subnet** # # instance, image, security-group, network-interface, subnet, volume # # # # [1]: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-supported-platforms.html # # @option params [Integer] :max_items # (Optional) Use this only when paginating results to indicate the # maximum number of items you want in the response. If additional items # exist beyond the maximum you specify, the `IsTruncated` response # element is `true`. # # If you do not include this parameter, it defaults to 100. Note that # IAM might return fewer results, even when there are more results # available. In that case, the `IsTruncated` response element returns # `true` and `Marker` contains a value to include in the subsequent call # that tells the service where to continue from. # # @option params [String] :marker # Use this parameter only when paginating results and only after you # receive a response indicating that the results are truncated. Set it # to the value of the `Marker` element in the response that you received # to indicate where the next call should start. # # @return [Types::SimulatePolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::SimulatePolicyResponse#evaluation_results #evaluation_results} => Array<Types::EvaluationResult> # * {Types::SimulatePolicyResponse#is_truncated #is_truncated} => Boolean # * {Types::SimulatePolicyResponse#marker #marker} => String # # @example Request syntax with placeholder values # # resp = client.simulate_principal_policy({ # policy_source_arn: "arnType", # required # policy_input_list: ["policyDocumentType"], # action_names: ["ActionNameType"], # required # resource_arns: ["ResourceNameType"], # resource_policy: "policyDocumentType", # resource_owner: "ResourceNameType", # caller_arn: "ResourceNameType", # context_entries: [ # { # context_key_name: "ContextKeyNameType", # context_key_values: ["ContextKeyValueType"], # context_key_type: "string", # accepts string, stringList, numeric, numericList, boolean, booleanList, ip, ipList, binary, binaryList, date, dateList # }, # ], # resource_handling_option: "ResourceHandlingOptionType", # max_items: 1, # marker: "markerType", # }) # # @example Response structure # # resp.evaluation_results #=> Array # resp.evaluation_results[0].eval_action_name #=> String # resp.evaluation_results[0].eval_resource_name #=> String # resp.evaluation_results[0].eval_decision #=> String, one of "allowed", "explicitDeny", "implicitDeny" # resp.evaluation_results[0].matched_statements #=> Array # resp.evaluation_results[0].matched_statements[0].source_policy_id #=> String # resp.evaluation_results[0].matched_statements[0].source_policy_type #=> String, one of "user", "group", "role", "aws-managed", "user-managed", "resource", "none" # resp.evaluation_results[0].matched_statements[0].start_position.line #=> Integer # resp.evaluation_results[0].matched_statements[0].start_position.column #=> Integer # resp.evaluation_results[0].matched_statements[0].end_position.line #=> Integer # resp.evaluation_results[0].matched_statements[0].end_position.column #=> Integer # resp.evaluation_results[0].missing_context_values #=> Array # resp.evaluation_results[0].missing_context_values[0] #=> String # resp.evaluation_results[0].organizations_decision_detail.allowed_by_organizations #=> Boolean # resp.evaluation_results[0].eval_decision_details #=> Hash # resp.evaluation_results[0].eval_decision_details["EvalDecisionSourceType"] #=> String, one of "allowed", "explicitDeny", "implicitDeny" # resp.evaluation_results[0].resource_specific_results #=> Array # resp.evaluation_results[0].resource_specific_results[0].eval_resource_name #=> String # resp.evaluation_results[0].resource_specific_results[0].eval_resource_decision #=> String, one of "allowed", "explicitDeny", "implicitDeny" # resp.evaluation_results[0].resource_specific_results[0].matched_statements #=> Array # resp.evaluation_results[0].resource_specific_results[0].matched_statements[0].source_policy_id #=> String # resp.evaluation_results[0].resource_specific_results[0].matched_statements[0].source_policy_type #=> String, one of "user", "group", "role", "aws-managed", "user-managed", "resource", "none" # resp.evaluation_results[0].resource_specific_results[0].matched_statements[0].start_position.line #=> Integer # resp.evaluation_results[0].resource_specific_results[0].matched_statements[0].start_position.column #=> Integer # resp.evaluation_results[0].resource_specific_results[0].matched_statements[0].end_position.line #=> Integer # resp.evaluation_results[0].resource_specific_results[0].matched_statements[0].end_position.column #=> Integer # resp.evaluation_results[0].resource_specific_results[0].missing_context_values #=> Array # resp.evaluation_results[0].resource_specific_results[0].missing_context_values[0] #=> String # resp.evaluation_results[0].resource_specific_results[0].eval_decision_details #=> Hash # resp.evaluation_results[0].resource_specific_results[0].eval_decision_details["EvalDecisionSourceType"] #=> String, one of "allowed", "explicitDeny", "implicitDeny" # resp.is_truncated #=> Boolean # resp.marker #=> String # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/SimulatePrincipalPolicy AWS API Documentation # # @overload simulate_principal_policy(params = {}) # @param [Hash] params ({}) def simulate_principal_policy(params = {}, options = {}) req = build_request(:simulate_principal_policy, params) req.send_request(options) end # Changes the status of the specified access key from Active to # Inactive, or vice versa. This action can be used to disable a user's # key as part of a key rotation work flow. # # If the `UserName` field is not specified, the UserName is determined # implicitly based on the AWS access key ID used to sign the request. # Because this action works for access keys under the AWS account, you # can use this action to manage root credentials even if the AWS account # has no associated users. # # For information about rotating keys, see [Managing Keys and # Certificates][1] in the *IAM User Guide*. # # # # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/ManagingCredentials.html # # @option params [String] :user_name # The name of the user whose key you want to update. # # This parameter allows (per its [regex pattern][1]) a string of # characters consisting of upper and lowercase alphanumeric characters # with no spaces. You can also include any of the following characters: # =,.@- # # # # [1]: http://wikipedia.org/wiki/regex # # @option params [required, String] :access_key_id # The access key ID of the secret access key you want to update. # # This parameter allows (per its [regex pattern][1]) a string of # characters that can consist of any upper or lowercased letter or # digit. # # # # [1]: http://wikipedia.org/wiki/regex # # @option params [required, String] :status # The status you want to assign to the secret access key. `Active` means # the key can be used for API calls to AWS, while `Inactive` means the # key cannot be used. # # @return [Struct] Returns an empty {Seahorse::Client::Response response}. # # @example Request syntax with placeholder values # # resp = client.update_access_key({ # user_name: "existingUserNameType", # access_key_id: "accessKeyIdType", # required # status: "Active", # required, accepts Active, Inactive # }) # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UpdateAccessKey AWS API Documentation # # @overload update_access_key(params = {}) # @param [Hash] params ({}) def update_access_key(params = {}, options = {}) req = build_request(:update_access_key, params) req.send_request(options) end # Updates the password policy settings for the AWS account. # # This action does not support partial updates. No parameters are # required, but if you do not specify a parameter, that parameter's # value reverts to its default value. See the **Request Parameters** # section for each parameter's default value. # # # # For more information about using a password policy, see [Managing an # IAM Password Policy][1] in the *IAM User Guide*. # # # # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingPasswordPolicies.html # # @option params [Integer] :minimum_password_length # The minimum number of characters allowed in an IAM user password. # # Default value: 6 # # @option params [Boolean] :require_symbols # Specifies whether IAM user passwords must contain at least one of the # following non-alphanumeric characters: # # ! @ # $ % ^ &amp; * ( ) \_ + - = \[ \] \\\{ \\} \| ' # # Default value: false # # @option params [Boolean] :require_numbers # Specifies whether IAM user passwords must contain at least one numeric # character (0 to 9). # # Default value: false # # @option params [Boolean] :require_uppercase_characters # Specifies whether IAM user passwords must contain at least one # uppercase character from the ISO basic Latin alphabet (A to Z). # # Default value: false # # @option params [Boolean] :require_lowercase_characters # Specifies whether IAM user passwords must contain at least one # lowercase character from the ISO basic Latin alphabet (a to z). # # Default value: false # # @option params [Boolean] :allow_users_to_change_password # Allows all IAM users in your account to use the AWS Management Console # to change their own passwords. For more information, see [Letting IAM # Users Change Their Own Passwords][1] in the *IAM User Guide*. # # Default value: false # # # # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/HowToPwdIAMUser.html # # @option params [Integer] :max_password_age # The number of days that an IAM user password is valid. The default # value of 0 means IAM user passwords never expire. # # Default value: 0 # # @option params [Integer] :password_reuse_prevention # Specifies the number of previous passwords that IAM users are # prevented from reusing. The default value of 0 means IAM users are not # prevented from reusing previous passwords. # # Default value: 0 # # @option params [Boolean] :hard_expiry # Prevents IAM users from setting a new password after their password # has expired. # # Default value: false # # @return [Struct] Returns an empty {Seahorse::Client::Response response}. # # @example Request syntax with placeholder values # # resp = client.update_account_password_policy({ # minimum_password_length: 1, # require_symbols: false, # require_numbers: false, # require_uppercase_characters: false, # require_lowercase_characters: false, # allow_users_to_change_password: false, # max_password_age: 1, # password_reuse_prevention: 1, # hard_expiry: false, # }) # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UpdateAccountPasswordPolicy AWS API Documentation # # @overload update_account_password_policy(params = {}) # @param [Hash] params ({}) def update_account_password_policy(params = {}, options = {}) req = build_request(:update_account_password_policy, params) req.send_request(options) end # Updates the policy that grants an IAM entity permission to assume a # role. This is typically referred to as the "role trust policy". For # more information about roles, go to [Using Roles to Delegate # Permissions and Federate Identities][1]. # # # # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/roles-toplevel.html # # @option params [required, String] :role_name # The name of the role to update with the new policy. # # This parameter allows (per its [regex pattern][1]) a string of # characters consisting of upper and lowercase alphanumeric characters # with no spaces. You can also include any of the following characters: # \_+=,.@- # # # # [1]: http://wikipedia.org/wiki/regex # # @option params [required, String] :policy_document # The policy that grants an entity permission to assume the role. # # The [regex pattern][1] used to validate this parameter is a string of # characters consisting of any printable ASCII character ranging from # the space character (\\u0020) through end of the ASCII character range # as well as the printable characters in the Basic Latin and Latin-1 # Supplement character set (through \\u00FF). It also includes the # special characters tab (\\u0009), line feed (\\u000A), and carriage # return (\\u000D). # # # # [1]: http://wikipedia.org/wiki/regex # # @return [Struct] Returns an empty {Seahorse::Client::Response response}. # # @example Request syntax with placeholder values # # resp = client.update_assume_role_policy({ # role_name: "roleNameType", # required # policy_document: "policyDocumentType", # required # }) # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UpdateAssumeRolePolicy AWS API Documentation # # @overload update_assume_role_policy(params = {}) # @param [Hash] params ({}) def update_assume_role_policy(params = {}, options = {}) req = build_request(:update_assume_role_policy, params) req.send_request(options) end # Updates the name and/or the path of the specified IAM group. # # You should understand the implications of changing a group's path or # name. For more information, see [Renaming Users and Groups][1] in the # *IAM User Guide*. # # To change an IAM group name the requester must have appropriate # permissions on both the source object and the target object. For # example, to change "Managers" to "MGRs", the entity making the # request must have permission on both "Managers" and "MGRs", or # must have permission on all (*). For more information about # permissions, see [Permissions and Policies][2]. # # # # # # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_WorkingWithGroupsAndUsers.html # [2]: http://docs.aws.amazon.com/IAM/latest/UserGuide/PermissionsAndPolicies.html # # @option params [required, String] :group_name # Name of the IAM group to update. If you're changing the name of the # group, this is the original name. # # This parameter allows (per its [regex pattern][1]) a string of # characters consisting of upper and lowercase alphanumeric characters # with no spaces. You can also include any of the following characters: # =,.@- # # # # [1]: http://wikipedia.org/wiki/regex # # @option params [String] :new_path # New path for the IAM group. Only include this if changing the group's # path. # # This paramater allows (per its [regex pattern][1]) a string of # characters consisting of either a forward slash (/) by itself or a # string that must begin and end with forward slashes, containing any # ASCII character from the ! (\\u0021) thru the DEL character (\\u007F), # including most punctuation characters, digits, and upper and # lowercased letters. # # # # [1]: http://wikipedia.org/wiki/regex # # @option params [String] :new_group_name # New name for the IAM group. Only include this if changing the group's # name. # # This parameter allows (per its [regex pattern][1]) a string of # characters consisting of upper and lowercase alphanumeric characters # with no spaces. You can also include any of the following characters: # =,.@- # # # # [1]: http://wikipedia.org/wiki/regex # # @return [Struct] Returns an empty {Seahorse::Client::Response response}. # # @example Request syntax with placeholder values # # resp = client.update_group({ # group_name: "groupNameType", # required # new_path: "pathType", # new_group_name: "groupNameType", # }) # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UpdateGroup AWS API Documentation # # @overload update_group(params = {}) # @param [Hash] params ({}) def update_group(params = {}, options = {}) req = build_request(:update_group, params) req.send_request(options) end # Changes the password for the specified IAM user. # # IAM users can change their own passwords by calling ChangePassword. # For more information about modifying passwords, see [Managing # Passwords][1] in the *IAM User Guide*. # # # # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingLogins.html # # @option params [required, String] :user_name # The name of the user whose password you want to update. # # This parameter allows (per its [regex pattern][1]) a string of # characters consisting of upper and lowercase alphanumeric characters # with no spaces. You can also include any of the following characters: # =,.@- # # # # [1]: http://wikipedia.org/wiki/regex # # @option params [String] :password # The new password for the specified IAM user. # # The [regex pattern][1] used to validate this parameter is a string of # characters consisting of any printable ASCII character ranging from # the space character (\\u0020) through end of the ASCII character range # as well as the printable characters in the Basic Latin and Latin-1 # Supplement character set (through \\u00FF). It also includes the # special characters tab (\\u0009), line feed (\\u000A), and carriage # return (\\u000D). However, the format can be further restricted by the # account administrator by setting a password policy on the AWS account. # For more information, see UpdateAccountPasswordPolicy. # # # # [1]: http://wikipedia.org/wiki/regex # # @option params [Boolean] :password_reset_required # Allows this new password to be used only once by requiring the # specified IAM user to set a new password on next sign-in. # # @return [Struct] Returns an empty {Seahorse::Client::Response response}. # # @example Request syntax with placeholder values # # resp = client.update_login_profile({ # user_name: "userNameType", # required # password: "passwordType", # password_reset_required: false, # }) # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UpdateLoginProfile AWS API Documentation # # @overload update_login_profile(params = {}) # @param [Hash] params ({}) def update_login_profile(params = {}, options = {}) req = build_request(:update_login_profile, params) req.send_request(options) end # Replaces the existing list of server certificate thumbprints # associated with an OpenID Connect (OIDC) provider resource object with # a new list of thumbprints. # # The list that you pass with this action completely replaces the # existing list of thumbprints. (The lists are not merged.) # # Typically, you need to update a thumbprint only when the identity # provider's certificate changes, which occurs rarely. However, if the # provider's certificate *does* change, any attempt to assume an IAM # role that specifies the OIDC provider as a principal fails until the # certificate thumbprint is updated. # # Because trust for the OIDC provider is ultimately derived from the # provider's certificate and is validated by the thumbprint, it is a # best practice to limit access to the # `UpdateOpenIDConnectProviderThumbprint` action to highly-privileged # users. # # # # @option params [required, String] :open_id_connect_provider_arn # The Amazon Resource Name (ARN) of the IAM OIDC provider resource # object for which you want to update the thumbprint. You can get a list # of OIDC provider ARNs by using the ListOpenIDConnectProviders action. # # For more information about ARNs, see [Amazon Resource Names (ARNs) and # AWS Service Namespaces][1] in the *AWS General Reference*. # # # # [1]: http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html # # @option params [required, Array] :thumbprint_list # A list of certificate thumbprints that are associated with the # specified IAM OpenID Connect provider. For more information, see # CreateOpenIDConnectProvider. # # @return [Struct] Returns an empty {Seahorse::Client::Response response}. # # @example Request syntax with placeholder values # # resp = client.update_open_id_connect_provider_thumbprint({ # open_id_connect_provider_arn: "arnType", # required # thumbprint_list: ["thumbprintType"], # required # }) # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UpdateOpenIDConnectProviderThumbprint AWS API Documentation # # @overload update_open_id_connect_provider_thumbprint(params = {}) # @param [Hash] params ({}) def update_open_id_connect_provider_thumbprint(params = {}, options = {}) req = build_request(:update_open_id_connect_provider_thumbprint, params) req.send_request(options) end # Modifies the description of a role. # # @option params [required, String] :role_name # The name of the role that you want to modify. # # @option params [required, String] :description # The new description that you want to apply to the specified role. # # @return [Types::UpdateRoleDescriptionResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::UpdateRoleDescriptionResponse#role #role} => Types::Role # # @example Request syntax with placeholder values # # resp = client.update_role_description({ # role_name: "roleNameType", # required # description: "roleDescriptionType", # required # }) # # @example Response structure # # resp.role.path #=> String # resp.role.role_name #=> String # resp.role.role_id #=> String # resp.role.arn #=> String # resp.role.create_date #=> Time # resp.role.assume_role_policy_document #=> String # resp.role.description #=> String # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UpdateRoleDescription AWS API Documentation # # @overload update_role_description(params = {}) # @param [Hash] params ({}) def update_role_description(params = {}, options = {}) req = build_request(:update_role_description, params) req.send_request(options) end # Updates the metadata document for an existing SAML provider resource # object. # # This operation requires [Signature Version 4][1]. # # # # # # [1]: http://docs.aws.amazon.com/general/latest/gr/signature-version-4.html # # @option params [required, String] :saml_metadata_document # An XML document generated by an identity provider (IdP) that supports # SAML 2.0. The document includes the issuer's name, expiration # information, and keys that can be used to validate the SAML # authentication response (assertions) that are received from the IdP. # You must generate the metadata document using the identity management # software that is used as your organization's IdP. # # @option params [required, String] :saml_provider_arn # The Amazon Resource Name (ARN) of the SAML provider to update. # # For more information about ARNs, see [Amazon Resource Names (ARNs) and # AWS Service Namespaces][1] in the *AWS General Reference*. # # # # [1]: http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html # # @return [Types::UpdateSAMLProviderResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::UpdateSAMLProviderResponse#saml_provider_arn #saml_provider_arn} => String # # @example Request syntax with placeholder values # # resp = client.update_saml_provider({ # saml_metadata_document: "SAMLMetadataDocumentType", # required # saml_provider_arn: "arnType", # required # }) # # @example Response structure # # resp.saml_provider_arn #=> String # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UpdateSAMLProvider AWS API Documentation # # @overload update_saml_provider(params = {}) # @param [Hash] params ({}) def update_saml_provider(params = {}, options = {}) req = build_request(:update_saml_provider, params) req.send_request(options) end # Sets the status of an IAM user's SSH public key to active or # inactive. SSH public keys that are inactive cannot be used for # authentication. This action can be used to disable a user's SSH # public key as part of a key rotation work flow. # # The SSH public key affected by this action is used only for # authenticating the associated IAM user to an AWS CodeCommit # repository. For more information about using SSH keys to authenticate # to an AWS CodeCommit repository, see [Set up AWS CodeCommit for SSH # Connections][1] in the *AWS CodeCommit User Guide*. # # # # [1]: http://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-credentials-ssh.html # # @option params [required, String] :user_name # The name of the IAM user associated with the SSH public key. # # This parameter allows (per its [regex pattern][1]) a string of # characters consisting of upper and lowercase alphanumeric characters # with no spaces. You can also include any of the following characters: # =,.@- # # # # [1]: http://wikipedia.org/wiki/regex # # @option params [required, String] :ssh_public_key_id # The unique identifier for the SSH public key. # # This parameter allows (per its [regex pattern][1]) a string of # characters that can consist of any upper or lowercased letter or # digit. # # # # [1]: http://wikipedia.org/wiki/regex # # @option params [required, String] :status # The status to assign to the SSH public key. `Active` means the key can # be used for authentication with an AWS CodeCommit repository. # `Inactive` means the key cannot be used. # # @return [Struct] Returns an empty {Seahorse::Client::Response response}. # # @example Request syntax with placeholder values # # resp = client.update_ssh_public_key({ # user_name: "userNameType", # required # ssh_public_key_id: "publicKeyIdType", # required # status: "Active", # required, accepts Active, Inactive # }) # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UpdateSSHPublicKey AWS API Documentation # # @overload update_ssh_public_key(params = {}) # @param [Hash] params ({}) def update_ssh_public_key(params = {}, options = {}) req = build_request(:update_ssh_public_key, params) req.send_request(options) end # Updates the name and/or the path of the specified server certificate # stored in IAM. # # For more information about working with server certificates, including # a list of AWS services that can use the server certificates that you # manage with IAM, go to [Working with Server Certificates][1] in the # *IAM User Guide*. # # You should understand the implications of changing a server # certificate's path or name. For more information, see [Renaming a # Server Certificate][2] in the *IAM User Guide*. # # To change a server certificate name the requester must have # appropriate permissions on both the source object and the target # object. For example, to change the name from "ProductionCert" to # "ProdCert", the entity making the request must have permission on # "ProductionCert" and "ProdCert", or must have permission on all # (*). For more information about permissions, see [Access # Management][3] in the *IAM User Guide*. # # # # # # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html # [2]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs_manage.html#RenamingServerCerts # [3]: http://docs.aws.amazon.com/IAM/latest/UserGuide/access.html # # @option params [required, String] :server_certificate_name # The name of the server certificate that you want to update. # # This parameter allows (per its [regex pattern][1]) a string of # characters consisting of upper and lowercase alphanumeric characters # with no spaces. You can also include any of the following characters: # =,.@- # # # # [1]: http://wikipedia.org/wiki/regex # # @option params [String] :new_path # The new path for the server certificate. Include this only if you are # updating the server certificate's path. # # This paramater allows (per its [regex pattern][1]) a string of # characters consisting of either a forward slash (/) by itself or a # string that must begin and end with forward slashes, containing any # ASCII character from the ! (\\u0021) thru the DEL character (\\u007F), # including most punctuation characters, digits, and upper and # lowercased letters. # # # # [1]: http://wikipedia.org/wiki/regex # # @option params [String] :new_server_certificate_name # The new name for the server certificate. Include this only if you are # updating the server certificate's name. The name of the certificate # cannot contain any spaces. # # This parameter allows (per its [regex pattern][1]) a string of # characters consisting of upper and lowercase alphanumeric characters # with no spaces. You can also include any of the following characters: # =,.@- # # # # [1]: http://wikipedia.org/wiki/regex # # @return [Struct] Returns an empty {Seahorse::Client::Response response}. # # @example Request syntax with placeholder values # # resp = client.update_server_certificate({ # server_certificate_name: "serverCertificateNameType", # required # new_path: "pathType", # new_server_certificate_name: "serverCertificateNameType", # }) # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UpdateServerCertificate AWS API Documentation # # @overload update_server_certificate(params = {}) # @param [Hash] params ({}) def update_server_certificate(params = {}, options = {}) req = build_request(:update_server_certificate, params) req.send_request(options) end # Sets the status of a service-specific credential to `Active` or # `Inactive`. Service-specific credentials that are inactive cannot be # used for authentication to the service. This action can be used to # disable a user’s service-specific credential as part of a credential # rotation work flow. # # @option params [String] :user_name # The name of the IAM user associated with the service-specific # credential. If you do not specify this value, then the operation # assumes the user whose credentials are used to call the operation. # # This parameter allows (per its [regex pattern][1]) a string of # characters consisting of upper and lowercase alphanumeric characters # with no spaces. You can also include any of the following characters: # =,.@- # # # # [1]: http://wikipedia.org/wiki/regex # # @option params [required, String] :service_specific_credential_id # The unique identifier of the service-specific credential. # # This parameter allows (per its [regex pattern][1]) a string of # characters that can consist of any upper or lowercased letter or # digit. # # # # [1]: http://wikipedia.org/wiki/regex # # @option params [required, String] :status # The status to be assigned to the service-specific credential. # # @return [Struct] Returns an empty {Seahorse::Client::Response response}. # # @example Request syntax with placeholder values # # resp = client.update_service_specific_credential({ # user_name: "userNameType", # service_specific_credential_id: "serviceSpecificCredentialId", # required # status: "Active", # required, accepts Active, Inactive # }) # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UpdateServiceSpecificCredential AWS API Documentation # # @overload update_service_specific_credential(params = {}) # @param [Hash] params ({}) def update_service_specific_credential(params = {}, options = {}) req = build_request(:update_service_specific_credential, params) req.send_request(options) end # Changes the status of the specified user signing certificate from # active to disabled, or vice versa. This action can be used to disable # an IAM user's signing certificate as part of a certificate rotation # work flow. # # If the `UserName` field is not specified, the UserName is determined # implicitly based on the AWS access key ID used to sign the request. # Because this action works for access keys under the AWS account, you # can use this action to manage root credentials even if the AWS account # has no associated users. # # @option params [String] :user_name # The name of the IAM user the signing certificate belongs to. # # This parameter allows (per its [regex pattern][1]) a string of # characters consisting of upper and lowercase alphanumeric characters # with no spaces. You can also include any of the following characters: # =,.@- # # # # [1]: http://wikipedia.org/wiki/regex # # @option params [required, String] :certificate_id # The ID of the signing certificate you want to update. # # This parameter allows (per its [regex pattern][1]) a string of # characters that can consist of any upper or lowercased letter or # digit. # # # # [1]: http://wikipedia.org/wiki/regex # # @option params [required, String] :status # The status you want to assign to the certificate. `Active` means the # certificate can be used for API calls to AWS, while `Inactive` means # the certificate cannot be used. # # @return [Struct] Returns an empty {Seahorse::Client::Response response}. # # @example Request syntax with placeholder values # # resp = client.update_signing_certificate({ # user_name: "existingUserNameType", # certificate_id: "certificateIdType", # required # status: "Active", # required, accepts Active, Inactive # }) # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UpdateSigningCertificate AWS API Documentation # # @overload update_signing_certificate(params = {}) # @param [Hash] params ({}) def update_signing_certificate(params = {}, options = {}) req = build_request(:update_signing_certificate, params) req.send_request(options) end # Updates the name and/or the path of the specified IAM user. # # You should understand the implications of changing an IAM user's path # or name. For more information, see [Renaming an IAM User][1] and # [Renaming an IAM Group][2] in the *IAM User Guide*. # # To change a user name the requester must have appropriate permissions # on both the source object and the target object. For example, to # change Bob to Robert, the entity making the request must have # permission on Bob and Robert, or must have permission on all (*). For # more information about permissions, see [Permissions and Policies][3]. # # # # # # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_manage.html#id_users_renaming # [2]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_groups_manage_rename.html # [3]: http://docs.aws.amazon.com/IAM/latest/UserGuide/PermissionsAndPolicies.html # # @option params [required, String] :user_name # Name of the user to update. If you're changing the name of the user, # this is the original user name. # # This parameter allows (per its [regex pattern][1]) a string of # characters consisting of upper and lowercase alphanumeric characters # with no spaces. You can also include any of the following characters: # =,.@- # # # # [1]: http://wikipedia.org/wiki/regex # # @option params [String] :new_path # New path for the IAM user. Include this parameter only if you're # changing the user's path. # # This paramater allows (per its [regex pattern][1]) a string of # characters consisting of either a forward slash (/) by itself or a # string that must begin and end with forward slashes, containing any # ASCII character from the ! (\\u0021) thru the DEL character (\\u007F), # including most punctuation characters, digits, and upper and # lowercased letters. # # # # [1]: http://wikipedia.org/wiki/regex # # @option params [String] :new_user_name # New name for the user. Include this parameter only if you're changing # the user's name. # # This parameter allows (per its [regex pattern][1]) a string of # characters consisting of upper and lowercase alphanumeric characters # with no spaces. You can also include any of the following characters: # =,.@- # # # # [1]: http://wikipedia.org/wiki/regex # # @return [Struct] Returns an empty {Seahorse::Client::Response response}. # # @example Request syntax with placeholder values # # resp = client.update_user({ # user_name: "existingUserNameType", # required # new_path: "pathType", # new_user_name: "userNameType", # }) # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UpdateUser AWS API Documentation # # @overload update_user(params = {}) # @param [Hash] params ({}) def update_user(params = {}, options = {}) req = build_request(:update_user, params) req.send_request(options) end # Uploads an SSH public key and associates it with the specified IAM # user. # # The SSH public key uploaded by this action can be used only for # authenticating the associated IAM user to an AWS CodeCommit # repository. For more information about using SSH keys to authenticate # to an AWS CodeCommit repository, see [Set up AWS CodeCommit for SSH # Connections][1] in the *AWS CodeCommit User Guide*. # # # # [1]: http://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-credentials-ssh.html # # @option params [required, String] :user_name # The name of the IAM user to associate the SSH public key with. # # This parameter allows (per its [regex pattern][1]) a string of # characters consisting of upper and lowercase alphanumeric characters # with no spaces. You can also include any of the following characters: # =,.@- # # # # [1]: http://wikipedia.org/wiki/regex # # @option params [required, String] :ssh_public_key_body # The SSH public key. The public key must be encoded in ssh-rsa format # or PEM format. # # The [regex pattern][1] used to validate this parameter is a string of # characters consisting of any printable ASCII character ranging from # the space character (\\u0020) through end of the ASCII character range # as well as the printable characters in the Basic Latin and Latin-1 # Supplement character set (through \\u00FF). It also includes the # special characters tab (\\u0009), line feed (\\u000A), and carriage # return (\\u000D). # # # # [1]: http://wikipedia.org/wiki/regex # # @return [Types::UploadSSHPublicKeyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::UploadSSHPublicKeyResponse#ssh_public_key #ssh_public_key} => Types::SSHPublicKey # # @example Request syntax with placeholder values # # resp = client.upload_ssh_public_key({ # user_name: "userNameType", # required # ssh_public_key_body: "publicKeyMaterialType", # required # }) # # @example Response structure # # resp.ssh_public_key.user_name #=> String # resp.ssh_public_key.ssh_public_key_id #=> String # resp.ssh_public_key.fingerprint #=> String # resp.ssh_public_key.ssh_public_key_body #=> String # resp.ssh_public_key.status #=> String, one of "Active", "Inactive" # resp.ssh_public_key.upload_date #=> Time # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UploadSSHPublicKey AWS API Documentation # # @overload upload_ssh_public_key(params = {}) # @param [Hash] params ({}) def upload_ssh_public_key(params = {}, options = {}) req = build_request(:upload_ssh_public_key, params) req.send_request(options) end # Uploads a server certificate entity for the AWS account. The server # certificate entity includes a public key certificate, a private key, # and an optional certificate chain, which should all be PEM-encoded. # # We recommend that you use [AWS Certificate Manager][1] to provision, # manage, and deploy your server certificates. With ACM you can request # a certificate, deploy it to AWS resources, and let ACM handle # certificate renewals for you. Certificates provided by ACM are free. # For more information about using ACM, see the [AWS Certificate Manager # User Guide][2]. # # For more information about working with server certificates, including # a list of AWS services that can use the server certificates that you # manage with IAM, go to [Working with Server Certificates][3] in the # *IAM User Guide*. # # For information about the number of server certificates you can # upload, see [Limitations on IAM Entities and Objects][4] in the *IAM # User Guide*. # # Because the body of the public key certificate, private key, and the # certificate chain can be large, you should use POST rather than GET # when calling `UploadServerCertificate`. For information about setting # up signatures and authorization through the API, go to [Signing AWS # API Requests][5] in the *AWS General Reference*. For general # information about using the Query API with IAM, go to [Calling the API # by Making HTTP Query Requests][6] in the *IAM User Guide*. # # # # # # [1]: https://aws.amazon.com/certificate-manager/ # [2]: http://docs.aws.amazon.com/acm/latest/userguide/ # [3]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html # [4]: http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html # [5]: http://docs.aws.amazon.com/general/latest/gr/signing_aws_api_requests.html # [6]: http://docs.aws.amazon.com/IAM/latest/UserGuide/programming.html # # @option params [String] :path # The path for the server certificate. For more information about paths, # see [IAM Identifiers][1] in the *IAM User Guide*. # # This parameter is optional. If it is not included, it defaults to a # slash (/). This paramater allows (per its [regex pattern][2]) a string # of characters consisting of either a forward slash (/) by itself or a # string that must begin and end with forward slashes, containing any # ASCII character from the ! (\\u0021) thru the DEL character (\\u007F), # including most punctuation characters, digits, and upper and # lowercased letters. # # If you are uploading a server certificate specifically for use with # Amazon CloudFront distributions, you must specify a path using the # `--path` option. The path must begin with `/cloudfront` and must # include a trailing slash (for example, `/cloudfront/test/`). # # # # # # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html # [2]: http://wikipedia.org/wiki/regex # # @option params [required, String] :server_certificate_name # The name for the server certificate. Do not include the path in this # value. The name of the certificate cannot contain any spaces. # # This parameter allows (per its [regex pattern][1]) a string of # characters consisting of upper and lowercase alphanumeric characters # with no spaces. You can also include any of the following characters: # =,.@- # # # # [1]: http://wikipedia.org/wiki/regex # # @option params [required, String] :certificate_body # The contents of the public key certificate in PEM-encoded format. # # The [regex pattern][1] used to validate this parameter is a string of # characters consisting of any printable ASCII character ranging from # the space character (\\u0020) through end of the ASCII character range # as well as the printable characters in the Basic Latin and Latin-1 # Supplement character set (through \\u00FF). It also includes the # special characters tab (\\u0009), line feed (\\u000A), and carriage # return (\\u000D). # # # # [1]: http://wikipedia.org/wiki/regex # # @option params [required, String] :private_key # The contents of the private key in PEM-encoded format. # # The [regex pattern][1] used to validate this parameter is a string of # characters consisting of any printable ASCII character ranging from # the space character (\\u0020) through end of the ASCII character range # as well as the printable characters in the Basic Latin and Latin-1 # Supplement character set (through \\u00FF). It also includes the # special characters tab (\\u0009), line feed (\\u000A), and carriage # return (\\u000D). # # # # [1]: http://wikipedia.org/wiki/regex # # @option params [String] :certificate_chain # The contents of the certificate chain. This is typically a # concatenation of the PEM-encoded public key certificates of the chain. # # The [regex pattern][1] used to validate this parameter is a string of # characters consisting of any printable ASCII character ranging from # the space character (\\u0020) through end of the ASCII character range # as well as the printable characters in the Basic Latin and Latin-1 # Supplement character set (through \\u00FF). It also includes the # special characters tab (\\u0009), line feed (\\u000A), and carriage # return (\\u000D). # # # # [1]: http://wikipedia.org/wiki/regex # # @return [Types::UploadServerCertificateResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::UploadServerCertificateResponse#server_certificate_metadata #server_certificate_metadata} => Types::ServerCertificateMetadata # # @example Request syntax with placeholder values # # resp = client.upload_server_certificate({ # path: "pathType", # server_certificate_name: "serverCertificateNameType", # required # certificate_body: "certificateBodyType", # required # private_key: "privateKeyType", # required # certificate_chain: "certificateChainType", # }) # # @example Response structure # # resp.server_certificate_metadata.path #=> String # resp.server_certificate_metadata.server_certificate_name #=> String # resp.server_certificate_metadata.server_certificate_id #=> String # resp.server_certificate_metadata.arn #=> String # resp.server_certificate_metadata.upload_date #=> Time # resp.server_certificate_metadata.expiration #=> Time # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UploadServerCertificate AWS API Documentation # # @overload upload_server_certificate(params = {}) # @param [Hash] params ({}) def upload_server_certificate(params = {}, options = {}) req = build_request(:upload_server_certificate, params) req.send_request(options) end # Uploads an X.509 signing certificate and associates it with the # specified IAM user. Some AWS services use X.509 signing certificates # to validate requests that are signed with a corresponding private key. # When you upload the certificate, its default status is `Active`. # # If the `UserName` field is not specified, the IAM user name is # determined implicitly based on the AWS access key ID used to sign the # request. Because this action works for access keys under the AWS # account, you can use this action to manage root credentials even if # the AWS account has no associated users. # # Because the body of a X.509 certificate can be large, you should use # POST rather than GET when calling `UploadSigningCertificate`. For # information about setting up signatures and authorization through the # API, go to [Signing AWS API Requests][1] in the *AWS General # Reference*. For general information about using the Query API with # IAM, go to [Making Query Requests][2] in the *IAM User Guide*. # # # # # # [1]: http://docs.aws.amazon.com/general/latest/gr/signing_aws_api_requests.html # [2]: http://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_UsingQueryAPI.html # # @option params [String] :user_name # The name of the user the signing certificate is for. # # This parameter allows (per its [regex pattern][1]) a string of # characters consisting of upper and lowercase alphanumeric characters # with no spaces. You can also include any of the following characters: # =,.@- # # # # [1]: http://wikipedia.org/wiki/regex # # @option params [required, String] :certificate_body # The contents of the signing certificate. # # The [regex pattern][1] used to validate this parameter is a string of # characters consisting of any printable ASCII character ranging from # the space character (\\u0020) through end of the ASCII character range # as well as the printable characters in the Basic Latin and Latin-1 # Supplement character set (through \\u00FF). It also includes the # special characters tab (\\u0009), line feed (\\u000A), and carriage # return (\\u000D). # # # # [1]: http://wikipedia.org/wiki/regex # # @return [Types::UploadSigningCertificateResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::UploadSigningCertificateResponse#certificate #certificate} => Types::SigningCertificate # # @example Request syntax with placeholder values # # resp = client.upload_signing_certificate({ # user_name: "existingUserNameType", # certificate_body: "certificateBodyType", # required # }) # # @example Response structure # # resp.certificate.user_name #=> String # resp.certificate.certificate_id #=> String # resp.certificate.certificate_body #=> String # resp.certificate.status #=> String, one of "Active", "Inactive" # resp.certificate.upload_date #=> Time # # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UploadSigningCertificate AWS API Documentation # # @overload upload_signing_certificate(params = {}) # @param [Hash] params ({}) def upload_signing_certificate(params = {}, options = {}) req = build_request(:upload_signing_certificate, params) req.send_request(options) end # @!endgroup # @param params ({}) # @api private def build_request(operation_name, params = {}) handlers = @handlers.for(operation_name) context = Seahorse::Client::RequestContext.new( operation_name: operation_name, operation: config.api.operation(operation_name), client: self, params: params, config: config) context[:gem_name] = 'aws-sdk-iam' context[:gem_version] = '1.0.0.rc7' Seahorse::Client::Request.new(handlers, context) end # Polls an API operation until a resource enters a desired state. # # ## Basic Usage # # A waiter will call an API operation until: # # * It is successful # * It enters a terminal state # * It makes the maximum number of attempts # # In between attempts, the waiter will sleep. # # # polls in a loop, sleeping between attempts # client.waiter_until(waiter_name, params) # # ## Configuration # # You can configure the maximum number of polling attempts, and the # delay (in seconds) between each polling attempt. You can pass # configuration as the final arguments hash. # # # poll for ~25 seconds # client.wait_until(waiter_name, params, { # max_attempts: 5, # delay: 5, # }) # # ## Callbacks # # You can be notified before each polling attempt and before each # delay. If you throw `:success` or `:failure` from these callbacks, # it will terminate the waiter. # # started_at = Time.now # client.wait_until(waiter_name, params, { # # # disable max attempts # max_attempts: nil, # # # poll for 1 hour, instead of a number of attempts # before_wait: -> (attempts, response) do # throw :failure if Time.now - started_at > 3600 # end # }) # # ## Handling Errors # # When a waiter is unsuccessful, it will raise an error. # All of the failure errors extend from # {Aws::Waiters::Errors::WaiterFailed}. # # begin # client.wait_until(...) # rescue Aws::Waiters::Errors::WaiterFailed # # resource did not enter the desired state in time # end # # ## Valid Waiters # # The following table lists the valid waiter names, the operations they call, # and the default `:delay` and `:max_attempts` values. # # | waiter_name | params | :delay | :max_attempts | # | ----------------------- | ----------------------- | -------- | ------------- | # | instance_profile_exists | {#get_instance_profile} | 1 | 40 | # | user_exists | {#get_user} | 1 | 20 | # # @raise [Errors::FailureStateError] Raised when the waiter terminates # because the waiter has entered a state that it will not transition # out of, preventing success. # # @raise [Errors::TooManyAttemptsError] Raised when the configured # maximum number of attempts have been made, and the waiter is not # yet successful. # # @raise [Errors::UnexpectedError] Raised when an error is encounted # while polling for a resource that is not expected. # # @raise [Errors::NoSuchWaiterError] Raised when you request to wait # for an unknown state. # # @return [Boolean] Returns `true` if the waiter was successful. # @param [Symbol] waiter_name # @param [Hash] params ({}) # @param [Hash] options ({}) # @option options [Integer] :max_attempts # @option options [Integer] :delay # @option options [Proc] :before_attempt # @option options [Proc] :before_wait def wait_until(waiter_name, params = {}, options = {}) w = waiter(waiter_name, options) yield(w.waiter) if block_given? # deprecated w.wait(params) end # @api private # @deprecated def waiter_names waiters.keys end private # @param [Symbol] waiter_name # @param [Hash] options ({}) def waiter(waiter_name, options = {}) waiter_class = waiters[waiter_name] if waiter_class waiter_class.new(options.merge(client: self)) else raise Aws::Waiters::Errors::NoSuchWaiterError.new(waiter_name, waiters.keys) end end def waiters { instance_profile_exists: Waiters::InstanceProfileExists, user_exists: Waiters::UserExists } end class << self # @api private attr_reader :identifier # @api private def errors_module Errors end end end end