lib/aws-sdk-iam/client.rb in aws-sdk-iam-1.113.0 vs lib/aws-sdk-iam/client.rb in aws-sdk-iam-1.114.0
- old
+ new
@@ -1267,27 +1267,36 @@
#
#
#
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingLogins.html
#
- # @option params [required, String] :user_name
+ # @option params [String] :user_name
# The name of the IAM user to create a password for. The user must
# already exist.
#
- # This parameter allows (through its [regex pattern][1]) a string of
+ # This parameter is optional. If no user name is included, it defaults
+ # to the principal making the request. When you make this request with
+ # root user credentials, you must use an [AssumeRoot][1] session to omit
+ # the user name.
+ #
+ # This parameter allows (through its [regex pattern][2]) a string of
# characters consisting of upper and lowercase alphanumeric characters
# with no spaces. You can also include any of the following characters:
# \_+=,.@-
#
#
#
- # [1]: http://wikipedia.org/wiki/regex
+ # [1]: https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRoot.html
+ # [2]: http://wikipedia.org/wiki/regex
#
- # @option params [required, String] :password
+ # @option params [String] :password
# The new password for the user.
#
- # The [regex pattern][1] that is used to validate this parameter is a
+ # This parameter must be omitted when you make the request with an
+ # [AssumeRoot][1] session. It is required in all other cases.
+ #
+ # The [regex pattern][2] that is used to validate this parameter is a
# string of characters. That string can include almost any printable
# ASCII character from the space (`\u0020`) through the end of the ASCII
# character range (`\u00FF`). You can also include the tab (`\u0009`),
# line feed (`\u000A`), and carriage return (`\u000D`) characters. Any
# of these characters are valid in a password. However, many tools, such
@@ -1295,11 +1304,12 @@
# ability to type certain characters because they have special meaning
# within that tool.
#
#
#
- # [1]: http://wikipedia.org/wiki/regex
+ # [1]: https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRoot.html
+ # [2]: http://wikipedia.org/wiki/regex
#
# @option params [Boolean] :password_reset_required
# Specifies whether the user is required to set a new password on next
# sign-in.
#
@@ -1329,12 +1339,12 @@
# }
#
# @example Request syntax with placeholder values
#
# resp = client.create_login_profile({
- # user_name: "userNameType", # required
- # password: "passwordType", # required
+ # user_name: "userNameType",
+ # password: "passwordType",
# password_reset_required: false,
# })
#
# @example Response structure
#
@@ -2517,21 +2527,27 @@
#
#
#
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_VirtualMFA.html
#
- # @option params [required, String] :user_name
+ # @option params [String] :user_name
# The name of the user whose MFA device you want to deactivate.
#
- # This parameter allows (through its [regex pattern][1]) a string of
+ # This parameter is optional. If no user name is included, it defaults
+ # to the principal making the request. When you make this request with
+ # root user credentials, you must use an [AssumeRoot][1] session to omit
+ # the user name.
+ #
+ # This parameter allows (through its [regex pattern][2]) a string of
# characters consisting of upper and lowercase alphanumeric characters
# with no spaces. You can also include any of the following characters:
# \_+=,.@-
#
#
#
- # [1]: http://wikipedia.org/wiki/regex
+ # [1]: https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRoot.html
+ # [2]: http://wikipedia.org/wiki/regex
#
# @option params [required, String] :serial_number
# The serial number that uniquely identifies the MFA device. For virtual
# MFA devices, the serial number is the device ARN.
#
@@ -2547,11 +2563,11 @@
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
#
# @example Request syntax with placeholder values
#
# resp = client.deactivate_mfa_device({
- # user_name: "existingUserNameType", # required
+ # user_name: "existingUserNameType",
# serial_number: "serialNumberType", # required
# })
#
# @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeactivateMFADevice AWS API Documentation
#
@@ -2859,21 +2875,27 @@
#
#
#
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_admin-change-user.html
#
- # @option params [required, String] :user_name
+ # @option params [String] :user_name
# The name of the user whose password you want to delete.
#
- # This parameter allows (through its [regex pattern][1]) a string of
+ # This parameter is optional. If no user name is included, it defaults
+ # to the principal making the request. When you make this request with
+ # root user credentials, you must use an [AssumeRoot][1] session to omit
+ # the user name.
+ #
+ # This parameter allows (through its [regex pattern][2]) a string of
# characters consisting of upper and lowercase alphanumeric characters
# with no spaces. You can also include any of the following characters:
# \_+=,.@-
#
#
#
- # [1]: http://wikipedia.org/wiki/regex
+ # [1]: https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRoot.html
+ # [2]: http://wikipedia.org/wiki/regex
#
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
#
#
# @example Example: To delete a password for an IAM user
@@ -2885,11 +2907,11 @@
# })
#
# @example Request syntax with placeholder values
#
# resp = client.delete_login_profile({
- # user_name: "userNameType", # required
+ # user_name: "userNameType",
# })
#
# @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DeleteLoginProfile AWS API Documentation
#
# @overload delete_login_profile(params = {})
@@ -3858,10 +3880,95 @@
def detach_user_policy(params = {}, options = {})
req = build_request(:detach_user_policy, params)
req.send_request(options)
end
+ # Disables the management of privileged root user credentials across
+ # member accounts in your organization. When you disable this feature,
+ # the management account and the delegated admininstrator for IAM can no
+ # longer manage root user credentials for member accounts in your
+ # organization.
+ #
+ # @return [Types::DisableOrganizationsRootCredentialsManagementResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+ #
+ # * {Types::DisableOrganizationsRootCredentialsManagementResponse#organization_id #organization_id} => String
+ # * {Types::DisableOrganizationsRootCredentialsManagementResponse#enabled_features #enabled_features} => Array<String>
+ #
+ #
+ # @example Example: To disable the RootCredentialsManagement feature in your organization
+ #
+ # # The following command disables the management of privileged root user credentials across member accounts in your
+ # # organization.
+ #
+ # resp = client.disable_organizations_root_credentials_management({
+ # })
+ #
+ # resp.to_h outputs the following:
+ # {
+ # enabled_features: [
+ # "RootSessions",
+ # ],
+ # organization_id: "o-aa111bb222",
+ # }
+ #
+ # @example Response structure
+ #
+ # resp.organization_id #=> String
+ # resp.enabled_features #=> Array
+ # resp.enabled_features[0] #=> String, one of "RootCredentialsManagement", "RootSessions"
+ #
+ # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DisableOrganizationsRootCredentialsManagement AWS API Documentation
+ #
+ # @overload disable_organizations_root_credentials_management(params = {})
+ # @param [Hash] params ({})
+ def disable_organizations_root_credentials_management(params = {}, options = {})
+ req = build_request(:disable_organizations_root_credentials_management, params)
+ req.send_request(options)
+ end
+
+ # Disables root user sessions for privileged tasks across member
+ # accounts in your organization. When you disable this feature, the
+ # management account and the delegated admininstrator for IAM can no
+ # longer perform privileged tasks on member accounts in your
+ # organization.
+ #
+ # @return [Types::DisableOrganizationsRootSessionsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+ #
+ # * {Types::DisableOrganizationsRootSessionsResponse#organization_id #organization_id} => String
+ # * {Types::DisableOrganizationsRootSessionsResponse#enabled_features #enabled_features} => Array<String>
+ #
+ #
+ # @example Example: To disable the RootSessions feature in your organization
+ #
+ # # The following command disables root user sessions for privileged tasks across member accounts in your organization.
+ #
+ # resp = client.disable_organizations_root_sessions({
+ # })
+ #
+ # resp.to_h outputs the following:
+ # {
+ # enabled_features: [
+ # "RootCredentialsManagement",
+ # ],
+ # organization_id: "o-aa111bb222",
+ # }
+ #
+ # @example Response structure
+ #
+ # resp.organization_id #=> String
+ # resp.enabled_features #=> Array
+ # resp.enabled_features[0] #=> String, one of "RootCredentialsManagement", "RootSessions"
+ #
+ # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/DisableOrganizationsRootSessions AWS API Documentation
+ #
+ # @overload disable_organizations_root_sessions(params = {})
+ # @param [Hash] params ({})
+ def disable_organizations_root_sessions(params = {}, options = {})
+ req = build_request(:disable_organizations_root_sessions, params)
+ req.send_request(options)
+ end
+
# Enables the specified MFA device and associates it with the specified
# IAM user. When enabled, the MFA device is required for every
# subsequent login by the IAM user associated with the device.
#
# @option params [required, String] :user_name
@@ -3939,10 +4046,128 @@
def enable_mfa_device(params = {}, options = {})
req = build_request(:enable_mfa_device, params)
req.send_request(options)
end
+ # Enables the management of privileged root user credentials across
+ # member accounts in your organization. When you enable root credentials
+ # management for [centralized root access][1], the management account
+ # and the delegated admininstrator for IAM can manage root user
+ # credentials for member accounts in your organization.
+ #
+ # Before you enable centralized root access, you must have an account
+ # configured with the following settings:
+ #
+ # * You must manage your Amazon Web Services accounts in
+ # [Organizations][2].
+ #
+ # * Enable trusted access for Identity and Access Management in
+ # Organizations. For details, see [IAM and Organizations][3] in the
+ # *Organizations User Guide*.
+ #
+ #
+ #
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-user.html#id_root-user-access-management
+ # [2]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_introduction.html
+ # [3]: https://docs.aws.amazon.com/organizations/latest/userguide/services-that-can-integrate-ra.html
+ #
+ # @return [Types::EnableOrganizationsRootCredentialsManagementResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+ #
+ # * {Types::EnableOrganizationsRootCredentialsManagementResponse#organization_id #organization_id} => String
+ # * {Types::EnableOrganizationsRootCredentialsManagementResponse#enabled_features #enabled_features} => Array<String>
+ #
+ #
+ # @example Example: To enable the RootCredentialsManagement feature in your organization
+ #
+ # # The following command enables the management of privileged root user credentials across member accounts in your
+ # # organization.
+ #
+ # resp = client.enable_organizations_root_credentials_management({
+ # })
+ #
+ # resp.to_h outputs the following:
+ # {
+ # enabled_features: [
+ # "RootCredentialsManagement",
+ # ],
+ # organization_id: "o-aa111bb222",
+ # }
+ #
+ # @example Response structure
+ #
+ # resp.organization_id #=> String
+ # resp.enabled_features #=> Array
+ # resp.enabled_features[0] #=> String, one of "RootCredentialsManagement", "RootSessions"
+ #
+ # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/EnableOrganizationsRootCredentialsManagement AWS API Documentation
+ #
+ # @overload enable_organizations_root_credentials_management(params = {})
+ # @param [Hash] params ({})
+ def enable_organizations_root_credentials_management(params = {}, options = {})
+ req = build_request(:enable_organizations_root_credentials_management, params)
+ req.send_request(options)
+ end
+
+ # Allows the management account or delegated administrator to perform
+ # privileged tasks on member accounts in your organization. For more
+ # information, see [Centrally manage root access for member accounts][1]
+ # in the *Identity and Access Management User Guide*.
+ #
+ # Before you enable this feature, you must have an account configured
+ # with the following settings:
+ #
+ # * You must manage your Amazon Web Services accounts in
+ # [Organizations][2].
+ #
+ # * Enable trusted access for Identity and Access Management in
+ # Organizations. For details, see [IAM and Organizations][3] in the
+ # *Organizations User Guide*.
+ #
+ #
+ #
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-user.html#id_root-user-access-management
+ # [2]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_introduction.html
+ # [3]: https://docs.aws.amazon.com/organizations/latest/userguide/services-that-can-integrate-ra.html
+ #
+ # @return [Types::EnableOrganizationsRootSessionsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+ #
+ # * {Types::EnableOrganizationsRootSessionsResponse#organization_id #organization_id} => String
+ # * {Types::EnableOrganizationsRootSessionsResponse#enabled_features #enabled_features} => Array<String>
+ #
+ #
+ # @example Example: To enable the RootSessions feature in your organization
+ #
+ # # The following command allows the management account or delegated administrator to perform privileged tasks on member
+ # # accounts in your organization.
+ #
+ # resp = client.enable_organizations_root_sessions({
+ # })
+ #
+ # resp.to_h outputs the following:
+ # {
+ # enabled_features: [
+ # "RootCredentialsManagement",
+ # "RootSessions",
+ # ],
+ # organization_id: "o-aa111bb222",
+ # }
+ #
+ # @example Response structure
+ #
+ # resp.organization_id #=> String
+ # resp.enabled_features #=> Array
+ # resp.enabled_features[0] #=> String, one of "RootCredentialsManagement", "RootSessions"
+ #
+ # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/EnableOrganizationsRootSessions AWS API Documentation
+ #
+ # @overload enable_organizations_root_sessions(params = {})
+ # @param [Hash] params ({})
+ def enable_organizations_root_sessions(params = {}, options = {})
+ req = build_request(:enable_organizations_root_sessions, params)
+ req.send_request(options)
+ end
+
# Generates a credential report for the Amazon Web Services account. For
# more information about the credential report, see [Getting credential
# reports][1] in the *IAM User Guide*.
#
#
@@ -5064,21 +5289,27 @@
# Console, the `CreateDate` reflects the initial password creation date.
# A user with programmatic access does not have a login profile unless
# you create a password for the user to access the Amazon Web Services
# Management Console.
#
- # @option params [required, String] :user_name
+ # @option params [String] :user_name
# The name of the user whose login profile you want to retrieve.
#
- # This parameter allows (through its [regex pattern][1]) a string of
+ # This parameter is optional. If no user name is included, it defaults
+ # to the principal making the request. When you make this request with
+ # root user credentials, you must use an [AssumeRoot][1] session to omit
+ # the user name.
+ #
+ # This parameter allows (through its [regex pattern][2]) a string of
# characters consisting of upper and lowercase alphanumeric characters
# with no spaces. You can also include any of the following characters:
# \_+=,.@-
#
#
#
- # [1]: http://wikipedia.org/wiki/regex
+ # [1]: https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRoot.html
+ # [2]: http://wikipedia.org/wiki/regex
#
# @return [Types::GetLoginProfileResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
#
# * {Types::GetLoginProfileResponse#login_profile #login_profile} => Types::LoginProfile
#
@@ -5100,11 +5331,11 @@
# }
#
# @example Request syntax with placeholder values
#
# resp = client.get_login_profile({
- # user_name: "userNameType", # required
+ # user_name: "userNameType",
# })
#
# @example Response structure
#
# resp.login_profile.user_name #=> String
@@ -6492,16 +6723,16 @@
end
# Lists the account alias associated with the Amazon Web Services
# account (Note: you can have only one). For information about using an
# Amazon Web Services account alias, see [Creating, deleting, and
- # listing an Amazon Web Services account alias][1] in the *IAM User
- # Guide*.
+ # listing an Amazon Web Services account alias][1] in the *Amazon Web
+ # Services Sign-In User Guide*.
#
#
#
- # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/console_account-alias.html#CreateAccountAlias
+ # [1]: https://docs.aws.amazon.com/signin/latest/userguide/CreateAccountAlias.html
#
# @option params [String] :marker
# Use this parameter only when paginating results and only after you
# receive a response indicating that the results are truncated. Set it
# to the value of the `Marker` element in the response that you received
@@ -7805,10 +8036,54 @@
def list_open_id_connect_providers(params = {}, options = {})
req = build_request(:list_open_id_connect_providers, params)
req.send_request(options)
end
+ # Lists the centralized root access features enabled for your
+ # organization. For more information, see [Centrally manage root access
+ # for member accounts][1].
+ #
+ #
+ #
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-user.html#id_root-user-access-management
+ #
+ # @return [Types::ListOrganizationsFeaturesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+ #
+ # * {Types::ListOrganizationsFeaturesResponse#organization_id #organization_id} => String
+ # * {Types::ListOrganizationsFeaturesResponse#enabled_features #enabled_features} => Array<String>
+ #
+ #
+ # @example Example: To list the centralized root access features enabled for your organization
+ #
+ # # he following command lists the centralized root access features enabled for your organization.
+ #
+ # resp = client.list_organizations_features({
+ # })
+ #
+ # resp.to_h outputs the following:
+ # {
+ # enabled_features: [
+ # "RootCredentialsManagement",
+ # ],
+ # organization_id: "o-aa111bb222",
+ # }
+ #
+ # @example Response structure
+ #
+ # resp.organization_id #=> String
+ # resp.enabled_features #=> Array
+ # resp.enabled_features[0] #=> String, one of "RootCredentialsManagement", "RootSessions"
+ #
+ # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListOrganizationsFeatures AWS API Documentation
+ #
+ # @overload list_organizations_features(params = {})
+ # @param [Hash] params ({})
+ def list_organizations_features(params = {}, options = {})
+ req = build_request(:list_organizations_features, params)
+ req.send_request(options)
+ end
+
# Lists all the managed policies that are available in your Amazon Web
# Services account, including your own customer-defined managed policies
# and all Amazon Web Services managed policies.
#
# You can filter the list of policies that is returned using the
@@ -13535,10 +13810,10 @@
params: params,
config: config,
tracer: tracer
)
context[:gem_name] = 'aws-sdk-iam'
- context[:gem_version] = '1.113.0'
+ context[:gem_version] = '1.114.0'
Seahorse::Client::Request.new(handlers, context)
end
# Polls an API operation until a resource enters a desired state.
#