lib/aws-sdk-iam/client.rb in aws-sdk-iam-1.3.0 vs lib/aws-sdk-iam/client.rb in aws-sdk-iam-1.4.0
- old
+ new
@@ -147,17 +147,17 @@
# Adds a new client ID (also known as audience) to the list of client
# IDs already registered for the specified IAM OpenID Connect (OIDC)
# provider resource.
#
- # This action is idempotent; it does not fail or return an error if you
- # add an existing client ID to the provider.
+ # This operation is idempotent; it does not fail or return an error if
+ # you add an existing client ID to the provider.
#
# @option params [required, String] :open_id_connect_provider_arn
# The Amazon Resource Name (ARN) of the IAM OpenID Connect (OIDC)
# provider resource to add the client ID to. You can get a list of OIDC
- # provider ARNs by using the ListOpenIDConnectProviders action.
+ # provider ARNs by using the ListOpenIDConnectProviders operation.
#
# @option params [required, String] :client_id
# The client ID (also known as audience) to add to the IAM OpenID
# Connect provider resource.
#
@@ -190,33 +190,41 @@
req.send_request(options)
end
# Adds the specified IAM role to the specified instance profile. An
# instance profile can contain only one role, and this limit cannot be
- # increased.
+ # increased. You can remove the existing role and then add a different
+ # role to an instance profile. You must then wait for the change to
+ # appear across all of AWS because of [eventual consistency][1]. To
+ # force the change, you must [disassociate the instance profile][2] and
+ # then [associate the instance profile][3], or you can stop your
+ # instance and then restart it.
#
# <note markdown="1"> The caller of this API must be granted the `PassRole` permission on
# the IAM role by a permission policy.
#
# </note>
#
- # For more information about roles, go to [Working with Roles][1]. For
+ # For more information about roles, go to [Working with Roles][4]. For
# more information about instance profiles, go to [About Instance
- # Profiles][2].
+ # Profiles][5].
#
#
#
- # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/WorkingWithRoles.html
- # [2]: http://docs.aws.amazon.com/IAM/latest/UserGuide/AboutInstanceProfiles.html
+ # [1]: https://en.wikipedia.org/wiki/Eventual_consistency
+ # [2]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DisassociateIamInstanceProfile.html
+ # [3]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AssociateIamInstanceProfile.html
+ # [4]: http://docs.aws.amazon.com/IAM/latest/UserGuide/WorkingWithRoles.html
+ # [5]: http://docs.aws.amazon.com/IAM/latest/UserGuide/AboutInstanceProfiles.html
#
# @option params [required, String] :instance_profile_name
# The name of the instance profile to update.
#
# This parameter allows (per its [regex pattern][1]) a string of
# characters consisting of upper and lowercase alphanumeric characters
# with no spaces. You can also include any of the following characters:
- # =,.@-
+ # \_+=,.@-
#
#
#
# [1]: http://wikipedia.org/wiki/regex
#
@@ -266,11 +274,11 @@
# The name of the group to update.
#
# This parameter allows (per its [regex pattern][1]) a string of
# characters consisting of upper and lowercase alphanumeric characters
# with no spaces. You can also include any of the following characters:
- # =,.@-
+ # \_+=,.@-
#
#
#
# [1]: http://wikipedia.org/wiki/regex
#
@@ -278,11 +286,11 @@
# The name of the user to add.
#
# This parameter allows (per its [regex pattern][1]) a string of
# characters consisting of upper and lowercase alphanumeric characters
# with no spaces. You can also include any of the following characters:
- # =,.@-
+ # \_+=,.@-
#
#
#
# [1]: http://wikipedia.org/wiki/regex
#
@@ -331,11 +339,11 @@
# to.
#
# This parameter allows (per its [regex pattern][1]) a string of
# characters consisting of upper and lowercase alphanumeric characters
# with no spaces. You can also include any of the following characters:
- # =,.@-
+ # \_+=,.@-
#
#
#
# [1]: http://wikipedia.org/wiki/regex
#
@@ -464,11 +472,11 @@
# to.
#
# This parameter allows (per its [regex pattern][1]) a string of
# characters consisting of upper and lowercase alphanumeric characters
# with no spaces. You can also include any of the following characters:
- # =,.@-
+ # \_+=,.@-
#
#
#
# [1]: http://wikipedia.org/wiki/regex
#
@@ -508,12 +516,12 @@
def attach_user_policy(params = {}, options = {})
req = build_request(:attach_user_policy, params)
req.send_request(options)
end
- # Changes the password of the IAM user who is calling this action. The
- # root account password is not affected by this action.
+ # Changes the password of the IAM user who is calling this operation.
+ # The AWS account root user password is not affected by this operation.
#
# To change the password for a different user, see UpdateLoginProfile.
# For more information about modifying passwords, see [Managing
# Passwords][1] in the *IAM User Guide*.
#
@@ -526,18 +534,18 @@
#
# @option params [required, String] :new_password
# The new password. The new password must conform to the AWS account's
# password policy, if one exists.
#
- # The [regex pattern][1] used to validate this parameter is a string of
- # characters consisting of almost any printable ASCII character from the
- # space (\\u0020) through the end of the ASCII character range
- # (\\u00FF). You can also include the tab (\\u0009), line feed
- # (\\u000A), and carriage return (\\u000D) characters. Although any of
- # these characters are valid in a password, note that many tools, such
- # as the AWS Management Console, might restrict the ability to enter
- # certain characters because they have special meaning within that tool.
+ # The [regex pattern][1] that is used to validate this parameter is a
+ # string of characters. That string can include almost any printable
+ # ASCII character from the space (\\u0020) through the end of the ASCII
+ # character range (\\u00FF). You can also include the tab (\\u0009),
+ # line feed (\\u000A), and carriage return (\\u000D) characters. Any of
+ # these characters are valid in a password. However, many tools, such as
+ # the AWS Management Console, might restrict the ability to type certain
+ # characters because they have special meaning within that tool.
#
#
#
# [1]: http://wikipedia.org/wiki/regex
#
@@ -573,13 +581,13 @@
# ID for the specified user. The default status for new keys is
# `Active`.
#
# If you do not specify a user name, IAM determines the user name
# implicitly based on the AWS access key ID signing the request. Because
- # this action works for access keys under the AWS account, you can use
- # this action to manage root credentials even if the AWS account has no
- # associated users.
+ # this operation works for access keys under the AWS account, you can
+ # use this operation to manage AWS account root user credentials. This
+ # is true even if the AWS account has no associated users.
#
# For information about limits on the number of keys you can create, see
# [Limitations on IAM Entities][1] in the *IAM User Guide*.
#
# To ensure the security of your AWS account, the secret access key is
@@ -596,11 +604,11 @@
# The name of the IAM user that the new key will belong to.
#
# This parameter allows (per its [regex pattern][1]) a string of
# characters consisting of upper and lowercase alphanumeric characters
# with no spaces. You can also include any of the following characters:
- # =,.@-
+ # \_+=,.@-
#
#
#
# [1]: http://wikipedia.org/wiki/regex
#
@@ -711,16 +719,16 @@
# Identifiers][1] in the *IAM User Guide*.
#
# This parameter is optional. If it is not included, it defaults to a
# slash (/).
#
- # This paramater allows (per its [regex pattern][2]) a string of
+ # This parameter allows (per its [regex pattern][2]) a string of
# characters consisting of either a forward slash (/) by itself or a
- # string that must begin and end with forward slashes, containing any
- # ASCII character from the ! (\\u0021) thru the DEL character (\\u007F),
- # including most punctuation characters, digits, and upper and
- # lowercased letters.
+ # string that must begin and end with forward slashes. In addition, it
+ # can contain any ASCII character from the ! (\\u0021) through the DEL
+ # character (\\u007F), including most punctuation characters, digits,
+ # and upper and lowercased letters.
#
#
#
# [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html
# [2]: http://wikipedia.org/wiki/regex
@@ -730,13 +738,13 @@
# value.
#
# This parameter allows (per its [regex pattern][1]) a string of
# characters consisting of upper and lowercase alphanumeric characters
# with no spaces. You can also include any of the following characters:
- # =,.@-. The group name must be unique within the account. Group names
- # are not distinguished by case. For example, you cannot create groups
- # named both "ADMINS" and "admins".
+ # \_+=,.@-. The group name must be unique within the account. Group
+ # names are not distinguished by case. For example, you cannot create
+ # groups named both "ADMINS" and "admins".
#
#
#
# [1]: http://wikipedia.org/wiki/regex
#
@@ -803,11 +811,11 @@
# The name of the instance profile to create.
#
# This parameter allows (per its [regex pattern][1]) a string of
# characters consisting of upper and lowercase alphanumeric characters
# with no spaces. You can also include any of the following characters:
- # =,.@-
+ # \_+=,.@-
#
#
#
# [1]: http://wikipedia.org/wiki/regex
#
@@ -816,16 +824,16 @@
# see [IAM Identifiers][1] in the *IAM User Guide*.
#
# This parameter is optional. If it is not included, it defaults to a
# slash (/).
#
- # This paramater allows (per its [regex pattern][2]) a string of
+ # This parameter allows (per its [regex pattern][2]) a string of
# characters consisting of either a forward slash (/) by itself or a
- # string that must begin and end with forward slashes, containing any
- # ASCII character from the ! (\\u0021) thru the DEL character (\\u007F),
- # including most punctuation characters, digits, and upper and
- # lowercased letters.
+ # string that must begin and end with forward slashes. In addition, it
+ # can contain any ASCII character from the ! (\\u0021) through the DEL
+ # character (\\u007F), including most punctuation characters, digits,
+ # and upper and lowercased letters.
#
#
#
# [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html
# [2]: http://wikipedia.org/wiki/regex
@@ -877,10 +885,11 @@
# resp.instance_profile.roles[0].role_id #=> String
# resp.instance_profile.roles[0].arn #=> String
# resp.instance_profile.roles[0].create_date #=> Time
# resp.instance_profile.roles[0].assume_role_policy_document #=> String
# resp.instance_profile.roles[0].description #=> String
+ # resp.instance_profile.roles[0].max_session_duration #=> Integer
#
# @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateInstanceProfile AWS API Documentation
#
# @overload create_instance_profile(params = {})
# @param [Hash] params ({})
@@ -903,27 +912,27 @@
# already exist.
#
# This parameter allows (per its [regex pattern][1]) a string of
# characters consisting of upper and lowercase alphanumeric characters
# with no spaces. You can also include any of the following characters:
- # =,.@-
+ # \_+=,.@-
#
#
#
# [1]: http://wikipedia.org/wiki/regex
#
# @option params [required, String] :password
# The new password for the user.
#
- # The [regex pattern][1] used to validate this parameter is a string of
- # characters consisting of almost any printable ASCII character from the
- # space (\\u0020) through the end of the ASCII character range
- # (\\u00FF). You can also include the tab (\\u0009), line feed
- # (\\u000A), and carriage return (\\u000D) characters. Although any of
- # these characters are valid in a password, note that many tools, such
- # as the AWS Management Console, might restrict the ability to enter
- # certain characters because they have special meaning within that tool.
+ # The [regex pattern][1] that is used to validate this parameter is a
+ # string of characters. That string can include almost any printable
+ # ASCII character from the space (\\u0020) through the end of the ASCII
+ # character range (\\u00FF). You can also include the tab (\\u0009),
+ # line feed (\\u000A), and carriage return (\\u000D) characters. Any of
+ # these characters are valid in a password. However, many tools, such as
+ # the AWS Management Console, might restrict the ability to type certain
+ # characters because they have special meaning within that tool.
#
#
#
# [1]: http://wikipedia.org/wiki/regex
#
@@ -981,39 +990,43 @@
# Creates an IAM entity to describe an identity provider (IdP) that
# supports [OpenID Connect (OIDC)][1].
#
# The OIDC provider that you create with this operation can be used as a
- # principal in a role's trust policy to establish a trust relationship
- # between AWS and the OIDC provider.
+ # principal in a role's trust policy. Such a policy establishes a trust
+ # relationship between AWS and the OIDC provider.
#
- # When you create the IAM OIDC provider, you specify the URL of the OIDC
- # identity provider (IdP) to trust, a list of client IDs (also known as
- # audiences) that identify the application or applications that are
- # allowed to authenticate using the OIDC provider, and a list of
- # thumbprints of the server certificate(s) that the IdP uses. You get
- # all of this information from the OIDC IdP that you want to use for
- # access to AWS.
+ # When you create the IAM OIDC provider, you specify the following:
#
- # <note markdown="1"> Because trust for the OIDC provider is ultimately derived from the IAM
- # provider that this action creates, it is a best practice to limit
- # access to the CreateOpenIDConnectProvider action to highly-privileged
- # users.
+ # * The URL of the OIDC identity provider (IdP) to trust
#
+ # * A list of client IDs (also known as audiences) that identify the
+ # application or applications that are allowed to authenticate using
+ # the OIDC provider
+ #
+ # * A list of thumbprints of the server certificate(s) that the IdP
+ # uses.
+ #
+ # You get all of this information from the OIDC IdP that you want to use
+ # to access AWS.
+ #
+ # <note markdown="1"> Because trust for the OIDC provider is derived from the IAM provider
+ # that this operation creates, it is best to limit access to the
+ # CreateOpenIDConnectProvider operation to highly privileged users.
+ #
# </note>
#
#
#
# [1]: http://openid.net/connect/
#
# @option params [required, String] :url
- # The URL of the identity provider. The URL must begin with "https://"
+ # The URL of the identity provider. The URL must begin with `https://`
# and should correspond to the `iss` claim in the provider's OpenID
# Connect ID tokens. Per the OIDC standard, path components are allowed
# but query parameters are not. Typically the URL consists of only a
- # host name, like "https://server.example.org" or
- # "https://example.com".
+ # hostname, like `https://server.example.org` or `https://example.com`.
#
# You cannot register the same provider multiple times in a single AWS
# account. If you try to submit a URL that has already been used for an
# OpenID Connect provider in the AWS account, you will get an error.
#
@@ -1027,30 +1040,30 @@
# example, you might have multiple applications that use the same OIDC
# provider. You cannot register more than 100 client IDs with a single
# IAM OIDC provider.
#
# There is no defined format for a client ID. The
- # `CreateOpenIDConnectProviderRequest` action accepts client IDs up to
- # 255 characters long.
+ # `CreateOpenIDConnectProviderRequest` operation accepts client IDs up
+ # to 255 characters long.
#
# @option params [required, Array<String>] :thumbprint_list
# A list of server certificate thumbprints for the OpenID Connect (OIDC)
- # identity provider's server certificate(s). Typically this list
- # includes only one entry. However, IAM lets you have up to five
- # thumbprints for an OIDC provider. This lets you maintain multiple
- # thumbprints if the identity provider is rotating certificates.
+ # identity provider's server certificates. Typically this list includes
+ # only one entry. However, IAM lets you have up to five thumbprints for
+ # an OIDC provider. This lets you maintain multiple thumbprints if the
+ # identity provider is rotating certificates.
#
# The server certificate thumbprint is the hex-encoded SHA-1 hash value
# of the X.509 certificate used by the domain where the OpenID Connect
# provider makes its keys available. It is always a 40-character string.
#
# You must provide at least one thumbprint when creating an IAM OIDC
- # provider. For example, if the OIDC provider is `server.example.com`
- # and the provider stores its keys at
- # "https://keys.server.example.com/openid-connect", the thumbprint
- # string would be the hex-encoded SHA-1 hash value of the certificate
- # used by https://keys.server.example.com.
+ # provider. For example, assume that the OIDC provider is
+ # `server.example.com` and the provider stores its keys at
+ # https://keys.server.example.com/openid-connect. In that case, the
+ # thumbprint string would be the hex-encoded SHA-1 hash value of the
+ # certificate used by https://keys.server.example.com.
#
# For more information about obtaining the OIDC provider's thumbprint,
# see [Obtaining the Thumbprint for an OpenID Connect Provider][1] in
# the *IAM User Guide*.
#
@@ -1123,11 +1136,11 @@
# The friendly name of the policy.
#
# This parameter allows (per its [regex pattern][1]) a string of
# characters consisting of upper and lowercase alphanumeric characters
# with no spaces. You can also include any of the following characters:
- # =,.@-+
+ # \_+=,.@-
#
#
#
# [1]: http://wikipedia.org/wiki/regex
#
@@ -1138,16 +1151,16 @@
# User Guide*.
#
# This parameter is optional. If it is not included, it defaults to a
# slash (/).
#
- # This paramater allows (per its [regex pattern][2]) a string of
+ # This parameter allows (per its [regex pattern][2]) a string of
# characters consisting of either a forward slash (/) by itself or a
- # string that must begin and end with forward slashes, containing any
- # ASCII character from the ! (\\u0021) thru the DEL character (\\u007F),
- # including most punctuation characters, digits, and upper and
- # lowercased letters.
+ # string that must begin and end with forward slashes. In addition, it
+ # can contain any ASCII character from the ! (\\u0021) through the DEL
+ # character (\\u007F), including most punctuation characters, digits,
+ # and upper and lowercased letters.
#
#
#
# [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html
# [2]: http://wikipedia.org/wiki/regex
@@ -1155,19 +1168,23 @@
# @option params [required, String] :policy_document
# The JSON policy document that you want to use as the content for the
# new policy.
#
# The [regex pattern][1] used to validate this parameter is a string of
- # characters consisting of any printable ASCII character ranging from
- # the space character (\\u0020) through end of the ASCII character range
- # as well as the printable characters in the Basic Latin and Latin-1
- # Supplement character set (through \\u00FF). It also includes the
- # special characters tab (\\u0009), line feed (\\u000A), and carriage
- # return (\\u000D).
+ # characters consisting of the following:
#
+ # * Any printable ASCII character ranging from the space character
+ # (\\u0020) through the end of the ASCII character range
#
+ # * The printable characters in the Basic Latin and Latin-1 Supplement
+ # character set (through \\u00FF)
#
+ # * The special characters tab (\\u0009), line feed (\\u000A), and
+ # carriage return (\\u000D)
+ #
+ #
+ #
# [1]: http://wikipedia.org/wiki/regex
#
# @option params [String] :description
# A friendly description of the policy.
#
@@ -1244,28 +1261,32 @@
# @option params [required, String] :policy_document
# The JSON policy document that you want to use as the content for this
# new version of the policy.
#
# The [regex pattern][1] used to validate this parameter is a string of
- # characters consisting of any printable ASCII character ranging from
- # the space character (\\u0020) through end of the ASCII character range
- # as well as the printable characters in the Basic Latin and Latin-1
- # Supplement character set (through \\u00FF). It also includes the
- # special characters tab (\\u0009), line feed (\\u000A), and carriage
- # return (\\u000D).
+ # characters consisting of the following:
#
+ # * Any printable ASCII character ranging from the space character
+ # (\\u0020) through the end of the ASCII character range
#
+ # * The printable characters in the Basic Latin and Latin-1 Supplement
+ # character set (through \\u00FF)
#
+ # * The special characters tab (\\u0009), line feed (\\u000A), and
+ # carriage return (\\u000D)
+ #
+ #
+ #
# [1]: http://wikipedia.org/wiki/regex
#
# @option params [Boolean] :set_as_default
# Specifies whether to set this version as the policy's default
# version.
#
# When this parameter is `true`, the new policy version becomes the
- # operative version; that is, the version that is in effect for the IAM
- # users, groups, and roles that the policy is attached to.
+ # operative version. That is, it becomes the version that is in effect
+ # for the IAM users, groups, and roles that the policy is attached to.
#
# For more information about managed policy versions, see [Versioning
# for Managed Policies][1] in the *IAM User Guide*.
#
#
@@ -1299,13 +1320,13 @@
req = build_request(:create_policy_version, params)
req.send_request(options)
end
# Creates a new role for your AWS account. For more information about
- # roles, go to [Working with Roles][1]. For information about
- # limitations on role names and the number of roles you can create, go
- # to [Limitations on IAM Entities][2] in the *IAM User Guide*.
+ # roles, go to [IAM Roles][1]. For information about limitations on role
+ # names and the number of roles you can create, go to [Limitations on
+ # IAM Entities][2] in the *IAM User Guide*.
#
#
#
# [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/WorkingWithRoles.html
# [2]: http://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html
@@ -1315,16 +1336,16 @@
# Identifiers][1] in the *IAM User Guide*.
#
# This parameter is optional. If it is not included, it defaults to a
# slash (/).
#
- # This paramater allows (per its [regex pattern][2]) a string of
+ # This parameter allows (per its [regex pattern][2]) a string of
# characters consisting of either a forward slash (/) by itself or a
- # string that must begin and end with forward slashes, containing any
- # ASCII character from the ! (\\u0021) thru the DEL character (\\u007F),
- # including most punctuation characters, digits, and upper and
- # lowercased letters.
+ # string that must begin and end with forward slashes. In addition, it
+ # can contain any ASCII character from the ! (\\u0021) through the DEL
+ # character (\\u007F), including most punctuation characters, digits,
+ # and upper and lowercased letters.
#
#
#
# [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html
# [2]: http://wikipedia.org/wiki/regex
@@ -1347,24 +1368,49 @@
# @option params [required, String] :assume_role_policy_document
# The trust relationship policy document that grants an entity
# permission to assume the role.
#
# The [regex pattern][1] used to validate this parameter is a string of
- # characters consisting of any printable ASCII character ranging from
- # the space character (\\u0020) through end of the ASCII character range
- # as well as the printable characters in the Basic Latin and Latin-1
- # Supplement character set (through \\u00FF). It also includes the
- # special characters tab (\\u0009), line feed (\\u000A), and carriage
- # return (\\u000D).
+ # characters consisting of the following:
#
+ # * Any printable ASCII character ranging from the space character
+ # (\\u0020) through the end of the ASCII character range
#
+ # * The printable characters in the Basic Latin and Latin-1 Supplement
+ # character set (through \\u00FF)
#
+ # * The special characters tab (\\u0009), line feed (\\u000A), and
+ # carriage return (\\u000D)
+ #
+ #
+ #
# [1]: http://wikipedia.org/wiki/regex
#
# @option params [String] :description
- # A customer-provided description of the role.
+ # A description of the role.
#
+ # @option params [Integer] :max_session_duration
+ # The maximum session duration (in seconds) that you want to set for the
+ # specified role. If you do not specify a value for this setting, the
+ # default maximum of one hour is applied. This setting can have a value
+ # from 1 hour to 12 hours.
+ #
+ # Anyone who assumes the role from the AWS CLI or API can use the
+ # `DurationSeconds` API parameter or the `duration-seconds` CLI
+ # parameter to request a longer session. The `MaxSessionDuration`
+ # setting determines the maximum duration that can be requested using
+ # the `DurationSeconds` parameter. If users don't specify a value for
+ # the `DurationSeconds` parameter, their security credentials are valid
+ # for one hour by default. This applies when you use the `AssumeRole*`
+ # API operations or the `assume-role*` CLI operations but does not apply
+ # when you use those operations to create a console URL. For more
+ # information, see [Using IAM Roles][1] in the *IAM User Guide*.
+ #
+ #
+ #
+ # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html
+ #
# @return [Types::CreateRoleResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
#
# * {Types::CreateRoleResponse#role #role} => Types::Role
#
#
@@ -1396,10 +1442,11 @@
# resp = client.create_role({
# path: "pathType",
# role_name: "roleNameType", # required
# assume_role_policy_document: "policyDocumentType", # required
# description: "roleDescriptionType",
+ # max_session_duration: 1,
# })
#
# @example Response structure
#
# resp.role.path #=> String
@@ -1407,10 +1454,11 @@
# resp.role.role_id #=> String
# resp.role.arn #=> String
# resp.role.create_date #=> Time
# resp.role.assume_role_policy_document #=> String
# resp.role.description #=> String
+ # resp.role.max_session_duration #=> Integer
#
# @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateRole AWS API Documentation
#
# @overload create_role(params = {})
# @param [Hash] params ({})
@@ -1421,17 +1469,18 @@
# Creates an IAM resource that describes an identity provider (IdP) that
# supports SAML 2.0.
#
# The SAML provider resource that you create with this operation can be
- # used as a principal in an IAM role's trust policy to enable federated
- # users who sign-in using the SAML IdP to assume the role. You can
- # create an IAM role that supports Web-based single sign-on (SSO) to the
- # AWS Management Console or one that supports API access to AWS.
+ # used as a principal in an IAM role's trust policy. Such a policy can
+ # enable federated users who sign-in using the SAML IdP to assume the
+ # role. You can create an IAM role that supports Web-based single
+ # sign-on (SSO) to the AWS Management Console or one that supports API
+ # access to AWS.
#
- # When you create the SAML provider resource, you upload an a SAML
- # metadata document that you get from your IdP and that includes the
+ # When you create the SAML provider resource, you upload a SAML metadata
+ # document that you get from your IdP. That document includes the
# issuer's name, expiration information, and keys that can be used to
# validate the SAML authentication response (assertions) that the IdP
# sends. You must generate the metadata document using the identity
# management software that is used as your organization's IdP.
#
@@ -1468,11 +1517,11 @@
# The name of the provider to create.
#
# This parameter allows (per its [regex pattern][1]) a string of
# characters consisting of upper and lowercase alphanumeric characters
# with no spaces. You can also include any of the following characters:
- # =,.@-
+ # \_+=,.@-
#
#
#
# [1]: http://wikipedia.org/wiki/regex
#
@@ -1506,11 +1555,11 @@
# unexpectedly changed or deleted role, which could put your AWS
# resources into an unknown state. Allowing the service to control the
# role helps improve service stability and proper cleanup when a service
# and its role are no longer needed.
#
- # The name of the role is autogenerated by combining the string that you
+ # The name of the role is generated by combining the string that you
# specify for the `AWSServiceName` parameter with the string that you
# specify for the `CustomSuffix` parameter. The resulting name must be
# unique in your account or the request fails.
#
# To attach a policy to this service-linked role, you must make the
@@ -1550,10 +1599,11 @@
# resp.role.role_id #=> String
# resp.role.arn #=> String
# resp.role.create_date #=> Time
# resp.role.assume_role_policy_document #=> String
# resp.role.description #=> String
+ # resp.role.max_session_duration #=> Integer
#
# @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateServiceLinkedRole AWS API Documentation
#
# @overload create_service_linked_role(params = {})
# @param [Hash] params ({})
@@ -1590,11 +1640,11 @@
# to access the specified service.
#
# This parameter allows (per its [regex pattern][1]) a string of
# characters consisting of upper and lowercase alphanumeric characters
# with no spaces. You can also include any of the following characters:
- # =,.@-
+ # \_+=,.@-
#
#
#
# [1]: http://wikipedia.org/wiki/regex
#
@@ -1647,16 +1697,16 @@
# Identifiers][1] in the *IAM User Guide*.
#
# This parameter is optional. If it is not included, it defaults to a
# slash (/).
#
- # This paramater allows (per its [regex pattern][2]) a string of
+ # This parameter allows (per its [regex pattern][2]) a string of
# characters consisting of either a forward slash (/) by itself or a
- # string that must begin and end with forward slashes, containing any
- # ASCII character from the ! (\\u0021) thru the DEL character (\\u007F),
- # including most punctuation characters, digits, and upper and
- # lowercased letters.
+ # string that must begin and end with forward slashes. In addition, it
+ # can contain any ASCII character from the ! (\\u0021) through the DEL
+ # character (\\u007F), including most punctuation characters, digits,
+ # and upper and lowercased letters.
#
#
#
# [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html
# [2]: http://wikipedia.org/wiki/regex
@@ -1665,11 +1715,11 @@
# The name of the user to create.
#
# This parameter allows (per its [regex pattern][1]) a string of
# characters consisting of upper and lowercase alphanumeric characters
# with no spaces. You can also include any of the following characters:
- # =,.@-. User names are not distinguished by case. For example, you
+ # \_+=,.@-. User names are not distinguished by case. For example, you
# cannot create users named both "TESTUSER" and "testuser".
#
#
#
# [1]: http://wikipedia.org/wiki/regex
@@ -1748,16 +1798,16 @@
# see [IAM Identifiers][1] in the *IAM User Guide*.
#
# This parameter is optional. If it is not included, it defaults to a
# slash (/).
#
- # This paramater allows (per its [regex pattern][2]) a string of
+ # This parameter allows (per its [regex pattern][2]) a string of
# characters consisting of either a forward slash (/) by itself or a
- # string that must begin and end with forward slashes, containing any
- # ASCII character from the ! (\\u0021) thru the DEL character (\\u007F),
- # including most punctuation characters, digits, and upper and
- # lowercased letters.
+ # string that must begin and end with forward slashes. In addition, it
+ # can contain any ASCII character from the ! (\\u0021) through the DEL
+ # character (\\u007F), including most punctuation characters, digits,
+ # and upper and lowercased letters.
#
#
#
# [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html
# [2]: http://wikipedia.org/wiki/regex
@@ -1767,11 +1817,11 @@
# a virtual MFA device.
#
# This parameter allows (per its [regex pattern][1]) a string of
# characters consisting of upper and lowercase alphanumeric characters
# with no spaces. You can also include any of the following characters:
- # =,.@-
+ # \_+=,.@-
#
#
#
# [1]: http://wikipedia.org/wiki/regex
#
@@ -1823,11 +1873,11 @@
# The name of the user whose MFA device you want to deactivate.
#
# This parameter allows (per its [regex pattern][1]) a string of
# characters consisting of upper and lowercase alphanumeric characters
# with no spaces. You can also include any of the following characters:
- # =,.@-
+ # \_+=,.@-
#
#
#
# [1]: http://wikipedia.org/wiki/regex
#
@@ -1864,21 +1914,21 @@
# Deletes the access key pair associated with the specified IAM user.
#
# If you do not specify a user name, IAM determines the user name
# implicitly based on the AWS access key ID signing the request. Because
- # this action works for access keys under the AWS account, you can use
- # this action to manage root credentials even if the AWS account has no
- # associated users.
+ # this operation works for access keys under the AWS account, you can
+ # use this operation to manage AWS account root user credentials even if
+ # the AWS account has no associated users.
#
# @option params [String] :user_name
# The name of the user whose access key pair you want to delete.
#
# This parameter allows (per its [regex pattern][1]) a string of
# characters consisting of upper and lowercase alphanumeric characters
# with no spaces. You can also include any of the following characters:
- # =,.@-
+ # \_+=,.@-
#
#
#
# [1]: http://wikipedia.org/wiki/regex
#
@@ -1997,11 +2047,11 @@
# The name of the IAM group to delete.
#
# This parameter allows (per its [regex pattern][1]) a string of
# characters consisting of upper and lowercase alphanumeric characters
# with no spaces. You can also include any of the following characters:
- # =,.@-
+ # \_+=,.@-
#
#
#
# [1]: http://wikipedia.org/wiki/regex
#
@@ -2039,11 +2089,11 @@
# policy is embedded in.
#
# This parameter allows (per its [regex pattern][1]) a string of
# characters consisting of upper and lowercase alphanumeric characters
# with no spaces. You can also include any of the following characters:
- # =,.@-
+ # \_+=,.@-
#
#
#
# [1]: http://wikipedia.org/wiki/regex
#
@@ -2051,11 +2101,11 @@
# The name identifying the policy document to delete.
#
# This parameter allows (per its [regex pattern][1]) a string of
# characters consisting of upper and lowercase alphanumeric characters
# with no spaces. You can also include any of the following characters:
- # =,.@-+
+ # \_+=,.@-
#
#
#
# [1]: http://wikipedia.org/wiki/regex
#
@@ -2088,14 +2138,14 @@
end
# Deletes the specified instance profile. The instance profile must not
# have an associated role.
#
- # Make sure you do not have any Amazon EC2 instances running with the
- # instance profile you are about to delete. Deleting a role or instance
- # profile that is associated with a running instance will break any
- # applications running on the instance.
+ # Make sure that you do not have any Amazon EC2 instances running with
+ # the instance profile you are about to delete. Deleting a role or
+ # instance profile that is associated with a running instance will break
+ # any applications running on the instance.
#
# For more information about instance profiles, go to [About Instance
# Profiles][1].
#
#
@@ -2106,11 +2156,11 @@
# The name of the instance profile to delete.
#
# This parameter allows (per its [regex pattern][1]) a string of
# characters consisting of upper and lowercase alphanumeric characters
# with no spaces. You can also include any of the following characters:
- # =,.@-
+ # \_+=,.@-
#
#
#
# [1]: http://wikipedia.org/wiki/regex
#
@@ -2154,11 +2204,11 @@
# The name of the user whose password you want to delete.
#
# This parameter allows (per its [regex pattern][1]) a string of
# characters consisting of upper and lowercase alphanumeric characters
# with no spaces. You can also include any of the following characters:
- # =,.@-
+ # \_+=,.@-
#
#
#
# [1]: http://wikipedia.org/wiki/regex
#
@@ -2193,17 +2243,18 @@
#
# Deleting an IAM OIDC provider resource does not update any roles that
# reference the provider as a principal in their trust policies. Any
# attempt to assume a role that references a deleted provider fails.
#
- # This action is idempotent; it does not fail or return an error if you
- # call the action for a provider that does not exist.
+ # This operation is idempotent; it does not fail or return an error if
+ # you call the operation for a provider that does not exist.
#
# @option params [required, String] :open_id_connect_provider_arn
# The Amazon Resource Name (ARN) of the IAM OpenID Connect provider
# resource object to delete. You can get a list of OpenID Connect
- # provider resource ARNs by using the ListOpenIDConnectProviders action.
+ # provider resource ARNs by using the ListOpenIDConnectProviders
+ # operation.
#
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
#
# @example Request syntax with placeholder values
#
@@ -2221,18 +2272,18 @@
end
# Deletes the specified managed policy.
#
# Before you can delete a managed policy, you must first detach the
- # policy from all users, groups, and roles that it is attached to, and
- # you must delete all of the policy's versions. The following steps
- # describe the process for deleting a managed policy:
+ # policy from all users, groups, and roles that it is attached to. In
+ # addition you must delete all the policy's versions. The following
+ # steps describe the process for deleting a managed policy:
#
# * Detach the policy from all users, groups, and roles that the policy
# is attached to, using the DetachUserPolicy, DetachGroupPolicy, or
- # DetachRolePolicy APIs. To list all the users, groups, and roles that
- # a policy is attached to, use ListEntitiesForPolicy.
+ # DetachRolePolicy API operations. To list all the users, groups, and
+ # roles that a policy is attached to, use ListEntitiesForPolicy.
#
# * Delete all versions of the policy using DeletePolicyVersion. To list
# the policy's versions, use ListPolicyVersions. You cannot use
# DeletePolicyVersion to delete the version that is marked as the
# default version. You delete the policy's default version in the
@@ -2336,13 +2387,13 @@
# Deletes the specified role. The role must not have any policies
# attached. For more information about roles, go to [Working with
# Roles][1].
#
- # Make sure you do not have any Amazon EC2 instances running with the
- # role you are about to delete. Deleting a role or instance profile that
- # is associated with a running instance will break any applications
+ # Make sure that you do not have any Amazon EC2 instances running with
+ # the role you are about to delete. Deleting a role or instance profile
+ # that is associated with a running instance will break any applications
# running on the instance.
#
#
#
# [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/WorkingWithRoles.html
@@ -2414,11 +2465,11 @@
# The name of the inline policy to delete from the specified IAM role.
#
# This parameter allows (per its [regex pattern][1]) a string of
# characters consisting of upper and lowercase alphanumeric characters
# with no spaces. You can also include any of the following characters:
- # =,.@-+
+ # \_+=,.@-
#
#
#
# [1]: http://wikipedia.org/wiki/regex
#
@@ -2485,11 +2536,11 @@
req.send_request(options)
end
# Deletes the specified SSH public key.
#
- # The SSH public key deleted by this action is used only for
+ # The SSH public key deleted by this operation is used only for
# authenticating the associated IAM user to an AWS CodeCommit
# repository. For more information about using SSH keys to authenticate
# to an AWS CodeCommit repository, see [Set up AWS CodeCommit for SSH
# Connections][1] in the *AWS CodeCommit User Guide*.
#
@@ -2501,11 +2552,11 @@
# The name of the IAM user associated with the SSH public key.
#
# This parameter allows (per its [regex pattern][1]) a string of
# characters consisting of upper and lowercase alphanumeric characters
# with no spaces. You can also include any of the following characters:
- # =,.@-
+ # \_+=,.@-
#
#
#
# [1]: http://wikipedia.org/wiki/regex
#
@@ -2538,14 +2589,14 @@
req.send_request(options)
end
# Deletes the specified server certificate.
#
- # For more information about working with server certificates, including
- # a list of AWS services that can use the server certificates that you
- # manage with IAM, go to [Working with Server Certificates][1] in the
- # *IAM User Guide*.
+ # For more information about working with server certificates, see
+ # [Working with Server Certificates][1] in the *IAM User Guide*. This
+ # topic also includes a list of AWS services that can use the server
+ # certificates that you manage with IAM.
#
# If you are using a server certificate with Elastic Load Balancing,
# deleting the certificate could have implications for your application.
# If Elastic Load Balancing doesn't detect the deletion of bound
# certificates, it may continue to use the certificates. This could
@@ -2564,11 +2615,11 @@
# The name of the server certificate you want to delete.
#
# This parameter allows (per its [regex pattern][1]) a string of
# characters consisting of upper and lowercase alphanumeric characters
# with no spaces. You can also include any of the following characters:
- # =,.@-
+ # \_+=,.@-
#
#
#
# [1]: http://wikipedia.org/wiki/regex
#
@@ -2598,16 +2649,17 @@
# then the `DeletionTaskId` of the earlier request is returned.
#
# If you submit a deletion request for a service-linked role whose
# linked service is still accessing a resource, then the deletion task
# fails. If it fails, the GetServiceLinkedRoleDeletionStatus API
- # operation returns the reason for the failure, including the resources
- # that must be deleted. To delete the service-linked role, you must
- # first remove those resources from the linked service and then submit
- # the deletion request again. Resources are specific to the service that
- # is linked to the role. For more information about removing resources
- # from a service, see the [AWS documentation][1] for your service.
+ # operation returns the reason for the failure, usually including the
+ # resources that must be deleted. To delete the service-linked role, you
+ # must first remove those resources from the linked service and then
+ # submit the deletion request again. Resources are specific to the
+ # service that is linked to the role. For more information about
+ # removing resources from a service, see the [AWS documentation][1] for
+ # your service.
#
# For more information about service-linked roles, see [Roles Terms and
# Concepts: AWS Service-Linked Role][2] in the *IAM User Guide*.
#
#
@@ -2649,11 +2701,11 @@
# the user whose credentials are used to call the operation.
#
# This parameter allows (per its [regex pattern][1]) a string of
# characters consisting of upper and lowercase alphanumeric characters
# with no spaces. You can also include any of the following characters:
- # =,.@-
+ # \_+=,.@-
#
#
#
# [1]: http://wikipedia.org/wiki/regex
#
@@ -2689,21 +2741,21 @@
# Deletes a signing certificate associated with the specified IAM user.
#
# If you do not specify a user name, IAM determines the user name
# implicitly based on the AWS access key ID signing the request. Because
- # this action works for access keys under the AWS account, you can use
- # this action to manage root credentials even if the AWS account has no
- # associated IAM users.
+ # this operation works for access keys under the AWS account, you can
+ # use this operation to manage AWS account root user credentials even if
+ # the AWS account has no associated IAM users.
#
# @option params [String] :user_name
# The name of the user the signing certificate belongs to.
#
# This parameter allows (per its [regex pattern][1]) a string of
# characters consisting of upper and lowercase alphanumeric characters
# with no spaces. You can also include any of the following characters:
- # =,.@-
+ # \_+=,.@-
#
#
#
# [1]: http://wikipedia.org/wiki/regex
#
@@ -2753,11 +2805,11 @@
# The name of the user to delete.
#
# This parameter allows (per its [regex pattern][1]) a string of
# characters consisting of upper and lowercase alphanumeric characters
# with no spaces. You can also include any of the following characters:
- # =,.@-
+ # \_+=,.@-
#
#
#
# [1]: http://wikipedia.org/wiki/regex
#
@@ -2804,11 +2856,11 @@
# is embedded in.
#
# This parameter allows (per its [regex pattern][1]) a string of
# characters consisting of upper and lowercase alphanumeric characters
# with no spaces. You can also include any of the following characters:
- # =,.@-
+ # \_+=,.@-
#
#
#
# [1]: http://wikipedia.org/wiki/regex
#
@@ -2816,11 +2868,11 @@
# The name identifying the policy document to delete.
#
# This parameter allows (per its [regex pattern][1]) a string of
# characters consisting of upper and lowercase alphanumeric characters
# with no spaces. You can also include any of the following characters:
- # =,.@-+
+ # \_+=,.@-
#
#
#
# [1]: http://wikipedia.org/wiki/regex
#
@@ -2915,11 +2967,11 @@
# policy from.
#
# This parameter allows (per its [regex pattern][1]) a string of
# characters consisting of upper and lowercase alphanumeric characters
# with no spaces. You can also include any of the following characters:
- # =,.@-
+ # \_+=,.@-
#
#
#
# [1]: http://wikipedia.org/wiki/regex
#
@@ -3019,11 +3071,11 @@
# from.
#
# This parameter allows (per its [regex pattern][1]) a string of
# characters consisting of upper and lowercase alphanumeric characters
# with no spaces. You can also include any of the following characters:
- # =,.@-
+ # \_+=,.@-
#
#
#
# [1]: http://wikipedia.org/wiki/regex
#
@@ -3063,11 +3115,11 @@
# The name of the IAM user for whom you want to enable the MFA device.
#
# This parameter allows (per its [regex pattern][1]) a string of
# characters consisting of upper and lowercase alphanumeric characters
# with no spaces. You can also include any of the following characters:
- # =,.@-
+ # \_+=,.@-
#
#
#
# [1]: http://wikipedia.org/wiki/regex
#
@@ -3085,11 +3137,11 @@
# [1]: http://wikipedia.org/wiki/regex
#
# @option params [required, String] :authentication_code_1
# An authentication code emitted by the device.
#
- # The format for this parameter is a string of 6 digits.
+ # The format for this parameter is a string of six digits.
#
# Submit your request immediately after generating the authentication
# codes. If you generate the codes and then wait too long to submit the
# request, the MFA device successfully associates with the user but the
# MFA device becomes out of sync. This happens because time-based
@@ -3101,11 +3153,11 @@
# [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_sync.html
#
# @option params [required, String] :authentication_code_2
# A subsequent authentication code emitted by the device.
#
- # The format for this parameter is a string of 6 digits.
+ # The format for this parameter is a string of six digits.
#
# Submit your request immediately after generating the authentication
# codes. If you generate the codes and then wait too long to submit the
# request, the MFA device successfully associates with the user but the
# MFA device becomes out of sync. This happens because time-based
@@ -3209,14 +3261,26 @@
# Retrieves information about all IAM users, groups, roles, and policies
# in your AWS account, including their relationships to one another. Use
# this API to obtain a snapshot of the configuration of IAM permissions
# (users, groups, roles, and policies) in your account.
#
+ # <note markdown="1"> Policies returned by this API are URL-encoded compliant with [RFC
+ # 3986][1]. You can use a URL decoding method to convert the policy back
+ # to plain JSON text. For example, if you use Java, you can use the
+ # `decode` method of the `java.net.URLDecoder` utility class in the Java
+ # SDK. Other languages and SDKs provide similar functionality.
+ #
+ # </note>
+ #
# You can optionally filter the results using the `Filter` parameter.
# You can paginate the results using the `MaxItems` and `Marker`
# parameters.
#
+ #
+ #
+ # [1]: https://tools.ietf.org/html/rfc3986
+ #
# @option params [Array<String>] :filter
# A list of entity types used to filter the results. Only the entities
# that match the types you specify are included in the output. Use the
# value `LocalManagedPolicy` to include customer managed policies.
#
@@ -3306,10 +3370,11 @@
# resp.role_detail_list[0].instance_profile_list[0].roles[0].role_id #=> String
# resp.role_detail_list[0].instance_profile_list[0].roles[0].arn #=> String
# resp.role_detail_list[0].instance_profile_list[0].roles[0].create_date #=> Time
# resp.role_detail_list[0].instance_profile_list[0].roles[0].assume_role_policy_document #=> String
# resp.role_detail_list[0].instance_profile_list[0].roles[0].description #=> String
+ # resp.role_detail_list[0].instance_profile_list[0].roles[0].max_session_duration #=> Integer
# resp.role_detail_list[0].role_policy_list #=> Array
# resp.role_detail_list[0].role_policy_list[0].policy_name #=> String
# resp.role_detail_list[0].role_policy_list[0].policy_document #=> String
# resp.role_detail_list[0].attached_managed_policies #=> Array
# resp.role_detail_list[0].attached_managed_policies[0].policy_name #=> String
@@ -3471,32 +3536,37 @@
# policies. The policies are supplied as a list of one or more strings.
# To get the context keys from policies associated with an IAM user,
# group, or role, use GetContextKeysForPrincipalPolicy.
#
# Context keys are variables maintained by AWS and its services that
- # provide details about the context of an API query request, and can be
- # evaluated by testing against a value specified in an IAM policy. Use
- # GetContextKeysForCustomPolicy to understand what key names and values
- # you must supply when you call SimulateCustomPolicy. Note that all
- # parameters are shown in unencoded form here for clarity, but must be
- # URL encoded to be included as a part of a real HTML request.
+ # provide details about the context of an API query request. Context
+ # keys can be evaluated by testing against a value specified in an IAM
+ # policy. Use `GetContextKeysForCustomPolicy` to understand what key
+ # names and values you must supply when you call SimulateCustomPolicy.
+ # Note that all parameters are shown in unencoded form here for clarity
+ # but must be URL encoded to be included as a part of a real HTML
+ # request.
#
# @option params [required, Array<String>] :policy_input_list
# A list of policies for which you want the list of context keys
# referenced in those policies. Each document is specified as a string
# containing the complete, valid JSON text of an IAM policy.
#
# The [regex pattern][1] used to validate this parameter is a string of
- # characters consisting of any printable ASCII character ranging from
- # the space character (\\u0020) through end of the ASCII character range
- # as well as the printable characters in the Basic Latin and Latin-1
- # Supplement character set (through \\u00FF). It also includes the
- # special characters tab (\\u0009), line feed (\\u000A), and carriage
- # return (\\u000D).
+ # characters consisting of the following:
#
+ # * Any printable ASCII character ranging from the space character
+ # (\\u0020) through the end of the ASCII character range
#
+ # * The printable characters in the Basic Latin and Latin-1 Supplement
+ # character set (through \\u00FF)
#
+ # * The special characters tab (\\u0009), line feed (\\u000A), and
+ # carriage return (\\u000D)
+ #
+ #
+ #
# [1]: http://wikipedia.org/wiki/regex
#
# @return [Types::GetContextKeysForPolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
#
# * {Types::GetContextKeysForPolicyResponse#context_key_names #context_key_names} => Array<String>
@@ -3519,15 +3589,15 @@
def get_context_keys_for_custom_policy(params = {}, options = {})
req = build_request(:get_context_keys_for_custom_policy, params)
req.send_request(options)
end
- # Gets a list of all of the context keys referenced in all of the IAM
- # policies attached to the specified IAM entity. The entity can be an
- # IAM user, group, or role. If you specify a user, then the request also
- # includes all of the policies attached to groups that the user is a
- # member of.
+ # Gets a list of all of the context keys referenced in all the IAM
+ # policies that are attached to the specified IAM entity. The entity can
+ # be an IAM user, group, or role. If you specify a user, then the
+ # request also includes all of the policies attached to groups that the
+ # user is a member of.
#
# You can optionally include a list of one or more additional policies,
# specified as strings. If you want to include *only* a list of policies
# by string, use GetContextKeysForCustomPolicy instead.
#
@@ -3535,24 +3605,24 @@
# to other users. If you do not want users to see other user's
# permissions, then consider allowing them to use
# GetContextKeysForCustomPolicy instead.
#
# Context keys are variables maintained by AWS and its services that
- # provide details about the context of an API query request, and can be
- # evaluated by testing against a value in an IAM policy. Use
+ # provide details about the context of an API query request. Context
+ # keys can be evaluated by testing against a value in an IAM policy. Use
# GetContextKeysForPrincipalPolicy to understand what key names and
# values you must supply when you call SimulatePrincipalPolicy.
#
# @option params [required, String] :policy_source_arn
# The ARN of a user, group, or role whose policies contain the context
# keys that you want listed. If you specify a user, the list includes
- # context keys that are found in all policies attached to the user as
- # well as to all groups that the user is a member of. If you pick a
- # group or a role, then it includes only those context keys that are
- # found in policies attached to that entity. Note that all parameters
- # are shown in unencoded form here for clarity, but must be URL encoded
- # to be included as a part of a real HTML request.
+ # context keys that are found in all policies that are attached to the
+ # user. The list also includes all groups that the user is a member of.
+ # If you pick a group or a role, then it includes only those context
+ # keys that are found in policies attached to that entity. Note that all
+ # parameters are shown in unencoded form here for clarity, but must be
+ # URL encoded to be included as a part of a real HTML request.
#
# For more information about ARNs, see [Amazon Resource Names (ARNs) and
# AWS Service Namespaces][1] in the *AWS General Reference*.
#
#
@@ -3562,19 +3632,23 @@
# @option params [Array<String>] :policy_input_list
# An optional list of additional policies for which you want the list of
# context keys that are referenced.
#
# The [regex pattern][1] used to validate this parameter is a string of
- # characters consisting of any printable ASCII character ranging from
- # the space character (\\u0020) through end of the ASCII character range
- # as well as the printable characters in the Basic Latin and Latin-1
- # Supplement character set (through \\u00FF). It also includes the
- # special characters tab (\\u0009), line feed (\\u000A), and carriage
- # return (\\u000D).
+ # characters consisting of the following:
#
+ # * Any printable ASCII character ranging from the space character
+ # (\\u0020) through the end of the ASCII character range
#
+ # * The printable characters in the Basic Latin and Latin-1 Supplement
+ # character set (through \\u00FF)
#
+ # * The special characters tab (\\u0009), line feed (\\u000A), and
+ # carriage return (\\u000D)
+ #
+ #
+ #
# [1]: http://wikipedia.org/wiki/regex
#
# @return [Types::GetContextKeysForPolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
#
# * {Types::GetContextKeysForPolicyResponse#context_key_names #context_key_names} => Array<String>
@@ -3636,11 +3710,11 @@
# The name of the group.
#
# This parameter allows (per its [regex pattern][1]) a string of
# characters consisting of upper and lowercase alphanumeric characters
# with no spaces. You can also include any of the following characters:
- # =,.@-
+ # \_+=,.@-
#
#
#
# [1]: http://wikipedia.org/wiki/regex
#
@@ -3731,11 +3805,11 @@
# The name of the group the policy is associated with.
#
# This parameter allows (per its [regex pattern][1]) a string of
# characters consisting of upper and lowercase alphanumeric characters
# with no spaces. You can also include any of the following characters:
- # =,.@-
+ # \_+=,.@-
#
#
#
# [1]: http://wikipedia.org/wiki/regex
#
@@ -3743,11 +3817,11 @@
# The name of the policy document to get.
#
# This parameter allows (per its [regex pattern][1]) a string of
# characters consisting of upper and lowercase alphanumeric characters
# with no spaces. You can also include any of the following characters:
- # =,.@-+
+ # \_+=,.@-
#
#
#
# [1]: http://wikipedia.org/wiki/regex
#
@@ -3792,11 +3866,11 @@
# The name of the instance profile to get information about.
#
# This parameter allows (per its [regex pattern][1]) a string of
# characters consisting of upper and lowercase alphanumeric characters
# with no spaces. You can also include any of the following characters:
- # =,.@-
+ # \_+=,.@-
#
#
#
# [1]: http://wikipedia.org/wiki/regex
#
@@ -3853,10 +3927,11 @@
# resp.instance_profile.roles[0].role_id #=> String
# resp.instance_profile.roles[0].arn #=> String
# resp.instance_profile.roles[0].create_date #=> Time
# resp.instance_profile.roles[0].assume_role_policy_document #=> String
# resp.instance_profile.roles[0].description #=> String
+ # resp.instance_profile.roles[0].max_session_duration #=> Integer
#
# @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetInstanceProfile AWS API Documentation
#
# @overload get_instance_profile(params = {})
# @param [Hash] params ({})
@@ -3864,20 +3939,20 @@
req = build_request(:get_instance_profile, params)
req.send_request(options)
end
# Retrieves the user name and password-creation date for the specified
- # IAM user. If the user has not been assigned a password, the action
+ # IAM user. If the user has not been assigned a password, the operation
# returns a 404 (`NoSuchEntity`) error.
#
# @option params [required, String] :user_name
# The name of the user whose login profile you want to retrieve.
#
# This parameter allows (per its [regex pattern][1]) a string of
# characters consisting of upper and lowercase alphanumeric characters
# with no spaces. You can also include any of the following characters:
- # =,.@-
+ # \_+=,.@-
#
#
#
# [1]: http://wikipedia.org/wiki/regex
#
@@ -3927,11 +4002,11 @@
# resource object in IAM.
#
# @option params [required, String] :open_id_connect_provider_arn
# The Amazon Resource Name (ARN) of the OIDC provider resource object in
# IAM to get information for. You can get a list of OIDC provider
- # resource ARNs by using the ListOpenIDConnectProviders action.
+ # resource ARNs by using the ListOpenIDConnectProviders operation.
#
# For more information about ARNs, see [Amazon Resource Names (ARNs) and
# AWS Service Namespaces][1] in the *AWS General Reference*.
#
#
@@ -4179,10 +4254,11 @@
# resp.role.role_id #=> String
# resp.role.arn #=> String
# resp.role.create_date #=> Time
# resp.role.assume_role_policy_document #=> String
# resp.role.description #=> String
+ # resp.role.max_session_duration #=> Integer
#
# @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetRole AWS API Documentation
#
# @overload get_role(params = {})
# @param [Hash] params ({})
@@ -4235,11 +4311,11 @@
# The name of the policy document to get.
#
# This parameter allows (per its [regex pattern][1]) a string of
# characters consisting of upper and lowercase alphanumeric characters
# with no spaces. You can also include any of the following characters:
- # =,.@-+
+ # \_+=,.@-
#
#
#
# [1]: http://wikipedia.org/wiki/regex
#
@@ -4321,11 +4397,11 @@
end
# Retrieves the specified SSH public key, including metadata about the
# key.
#
- # The SSH public key retrieved by this action is used only for
+ # The SSH public key retrieved by this operation is used only for
# authenticating the associated IAM user to an AWS CodeCommit
# repository. For more information about using SSH keys to authenticate
# to an AWS CodeCommit repository, see [Set up AWS CodeCommit for SSH
# Connections][1] in the *AWS CodeCommit User Guide*.
#
@@ -4337,11 +4413,11 @@
# The name of the IAM user associated with the SSH public key.
#
# This parameter allows (per its [regex pattern][1]) a string of
# characters consisting of upper and lowercase alphanumeric characters
# with no spaces. You can also include any of the following characters:
- # =,.@-
+ # \_+=,.@-
#
#
#
# [1]: http://wikipedia.org/wiki/regex
#
@@ -4392,14 +4468,14 @@
end
# Retrieves information about the specified server certificate stored in
# IAM.
#
- # For more information about working with server certificates, including
- # a list of AWS services that can use the server certificates that you
- # manage with IAM, go to [Working with Server Certificates][1] in the
- # *IAM User Guide*.
+ # For more information about working with server certificates, see
+ # [Working with Server Certificates][1] in the *IAM User Guide*. This
+ # topic includes a list of AWS services that can use the server
+ # certificates that you manage with IAM.
#
#
#
# [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html
#
@@ -4408,11 +4484,11 @@
# about.
#
# This parameter allows (per its [regex pattern][1]) a string of
# characters consisting of upper and lowercase alphanumeric characters
# with no spaces. You can also include any of the following characters:
- # =,.@-
+ # \_+=,.@-
#
#
#
# [1]: http://wikipedia.org/wiki/regex
#
@@ -4449,11 +4525,11 @@
# Retrieves the status of your service-linked role deletion. After you
# use the DeleteServiceLinkedRole API operation to submit a
# service-linked role for deletion, you can use the `DeletionTaskId`
# parameter in `GetServiceLinkedRoleDeletionStatus` to check the status
# of the deletion. If the deletion fails, this operation returns the
- # reason that it failed.
+ # reason that it failed, if that information is returned by the service.
#
# @option params [required, String] :deletion_task_id
# The deletion task identifier. This identifier is returned by the
# DeleteServiceLinkedRole operation in the format
# `task/aws-service-role/<service-principal-name>/<role-name>/<task-uuid>`.
@@ -4499,11 +4575,11 @@
#
# This parameter is optional. If it is not included, it defaults to the
# user making the request. This parameter allows (per its [regex
# pattern][1]) a string of characters consisting of upper and lowercase
# alphanumeric characters with no spaces. You can also include any of
- # the following characters: =,.@-
+ # the following characters: \_+=,.@-
#
#
#
# [1]: http://wikipedia.org/wiki/regex
#
@@ -4583,11 +4659,11 @@
# The name of the user who the policy is associated with.
#
# This parameter allows (per its [regex pattern][1]) a string of
# characters consisting of upper and lowercase alphanumeric characters
# with no spaces. You can also include any of the following characters:
- # =,.@-
+ # \_+=,.@-
#
#
#
# [1]: http://wikipedia.org/wiki/regex
#
@@ -4595,11 +4671,11 @@
# The name of the policy document to get.
#
# This parameter allows (per its [regex pattern][1]) a string of
# characters consisting of upper and lowercase alphanumeric characters
# with no spaces. You can also include any of the following characters:
- # =,.@-+
+ # \_+=,.@-
#
#
#
# [1]: http://wikipedia.org/wiki/regex
#
@@ -4630,21 +4706,21 @@
req = build_request(:get_user_policy, params)
req.send_request(options)
end
# Returns information about the access key IDs associated with the
- # specified IAM user. If there are none, the action returns an empty
+ # specified IAM user. If there are none, the operation returns an empty
# list.
#
# Although each user is limited to a small number of keys, you can still
# paginate the results using the `MaxItems` and `Marker` parameters.
#
- # If the `UserName` field is not specified, the UserName is determined
+ # If the `UserName` field is not specified, the user name is determined
# implicitly based on the AWS access key ID used to sign the request.
- # Because this action works for access keys under the AWS account, you
- # can use this action to manage root credentials even if the AWS account
- # has no associated users.
+ # Because this operation works for access keys under the AWS account,
+ # you can use this operation to manage AWS account root user credentials
+ # even if the AWS account has no associated users.
#
# <note markdown="1"> To ensure the security of your AWS account, the secret access key is
# accessible only during key and user creation.
#
# </note>
@@ -4653,11 +4729,11 @@
# The name of the user.
#
# This parameter allows (per its [regex pattern][1]) a string of
# characters consisting of upper and lowercase alphanumeric characters
# with no spaces. You can also include any of the following characters:
- # =,.@-
+ # \_+=,.@-
#
#
#
# [1]: http://wikipedia.org/wiki/regex
#
@@ -4819,11 +4895,11 @@
#
# You can paginate the results using the `MaxItems` and `Marker`
# parameters. You can use the `PathPrefix` parameter to limit the list
# of policies to only those matching the specified path prefix. If there
# are no policies attached to the specified group (or none that match
- # the specified path prefix), the action returns an empty list.
+ # the specified path prefix), the operation returns an empty list.
#
#
#
# [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
#
@@ -4832,27 +4908,27 @@
# policies for.
#
# This parameter allows (per its [regex pattern][1]) a string of
# characters consisting of upper and lowercase alphanumeric characters
# with no spaces. You can also include any of the following characters:
- # =,.@-
+ # \_+=,.@-
#
#
#
# [1]: http://wikipedia.org/wiki/regex
#
# @option params [String] :path_prefix
# The path prefix for filtering the results. This parameter is optional.
# If it is not included, it defaults to a slash (/), listing all
# policies.
#
- # This paramater allows (per its [regex pattern][1]) a string of
+ # This parameter allows (per its [regex pattern][1]) a string of
# characters consisting of either a forward slash (/) by itself or a
- # string that must begin and end with forward slashes, containing any
- # ASCII character from the ! (\\u0021) thru the DEL character (\\u007F),
- # including most punctuation characters, digits, and upper and
- # lowercased letters.
+ # string that must begin and end with forward slashes. In addition, it
+ # can contain any ASCII character from the ! (\\u0021) through the DEL
+ # character (\\u007F), including most punctuation characters, digits,
+ # and upper and lowercased letters.
#
#
#
# [1]: http://wikipedia.org/wiki/regex
#
@@ -4916,11 +4992,11 @@
#
# You can paginate the results using the `MaxItems` and `Marker`
# parameters. You can use the `PathPrefix` parameter to limit the list
# of policies to only those matching the specified path prefix. If there
# are no policies attached to the specified role (or none that match the
- # specified path prefix), the action returns an empty list.
+ # specified path prefix), the operation returns an empty list.
#
#
#
# [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
#
@@ -4940,16 +5016,16 @@
# @option params [String] :path_prefix
# The path prefix for filtering the results. This parameter is optional.
# If it is not included, it defaults to a slash (/), listing all
# policies.
#
- # This paramater allows (per its [regex pattern][1]) a string of
+ # This parameter allows (per its [regex pattern][1]) a string of
# characters consisting of either a forward slash (/) by itself or a
- # string that must begin and end with forward slashes, containing any
- # ASCII character from the ! (\\u0021) thru the DEL character (\\u007F),
- # including most punctuation characters, digits, and upper and
- # lowercased letters.
+ # string that must begin and end with forward slashes. In addition, it
+ # can contain any ASCII character from the ! (\\u0021) through the DEL
+ # character (\\u007F), including most punctuation characters, digits,
+ # and upper and lowercased letters.
#
#
#
# [1]: http://wikipedia.org/wiki/regex
#
@@ -5013,11 +5089,11 @@
#
# You can paginate the results using the `MaxItems` and `Marker`
# parameters. You can use the `PathPrefix` parameter to limit the list
# of policies to only those matching the specified path prefix. If there
# are no policies attached to the specified group (or none that match
- # the specified path prefix), the action returns an empty list.
+ # the specified path prefix), the operation returns an empty list.
#
#
#
# [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
#
@@ -5026,27 +5102,27 @@
# policies for.
#
# This parameter allows (per its [regex pattern][1]) a string of
# characters consisting of upper and lowercase alphanumeric characters
# with no spaces. You can also include any of the following characters:
- # =,.@-
+ # \_+=,.@-
#
#
#
# [1]: http://wikipedia.org/wiki/regex
#
# @option params [String] :path_prefix
# The path prefix for filtering the results. This parameter is optional.
# If it is not included, it defaults to a slash (/), listing all
# policies.
#
- # This paramater allows (per its [regex pattern][1]) a string of
+ # This parameter allows (per its [regex pattern][1]) a string of
# characters consisting of either a forward slash (/) by itself or a
- # string that must begin and end with forward slashes, containing any
- # ASCII character from the ! (\\u0021) thru the DEL character (\\u007F),
- # including most punctuation characters, digits, and upper and
- # lowercased letters.
+ # string that must begin and end with forward slashes. In addition, it
+ # can contain any ASCII character from the ! (\\u0021) through the DEL
+ # character (\\u007F), including most punctuation characters, digits,
+ # and upper and lowercased letters.
#
#
#
# [1]: http://wikipedia.org/wiki/regex
#
@@ -5134,16 +5210,16 @@
# @option params [String] :path_prefix
# The path prefix for filtering the results. This parameter is optional.
# If it is not included, it defaults to a slash (/), listing all
# entities.
#
- # This paramater allows (per its [regex pattern][1]) a string of
+ # This parameter allows (per its [regex pattern][1]) a string of
# characters consisting of either a forward slash (/) by itself or a
- # string that must begin and end with forward slashes, containing any
- # ASCII character from the ! (\\u0021) thru the DEL character (\\u007F),
- # including most punctuation characters, digits, and upper and
- # lowercased letters.
+ # string that must begin and end with forward slashes. In addition, it
+ # can contain any ASCII character from the ! (\\u0021) through the DEL
+ # character (\\u007F), including most punctuation characters, digits,
+ # and upper and lowercased letters.
#
#
#
# [1]: http://wikipedia.org/wiki/regex
#
@@ -5214,11 +5290,11 @@
# ListAttachedGroupPolicies. For more information about policies, see
# [Managed Policies and Inline Policies][1] in the *IAM User Guide*.
#
# You can paginate the results using the `MaxItems` and `Marker`
# parameters. If there are no inline policies embedded with the
- # specified group, the action returns an empty list.
+ # specified group, the operation returns an empty list.
#
#
#
# [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
#
@@ -5226,11 +5302,11 @@
# The name of the group to list policies for.
#
# This parameter allows (per its [regex pattern][1]) a string of
# characters consisting of upper and lowercase alphanumeric characters
# with no spaces. You can also include any of the following characters:
- # =,.@-
+ # \_+=,.@-
#
#
#
# [1]: http://wikipedia.org/wiki/regex
#
@@ -5308,16 +5384,16 @@
# The path prefix for filtering the results. For example, the prefix
# `/division_abc/subdivision_xyz/` gets all groups whose path starts
# with `/division_abc/subdivision_xyz/`.
#
# This parameter is optional. If it is not included, it defaults to a
- # slash (/), listing all groups. This paramater allows (per its [regex
+ # slash (/), listing all groups. This parameter allows (per its [regex
# pattern][1]) a string of characters consisting of either a forward
# slash (/) by itself or a string that must begin and end with forward
- # slashes, containing any ASCII character from the ! (\\u0021) thru the
- # DEL character (\\u007F), including most punctuation characters,
- # digits, and upper and lowercased letters.
+ # slashes. In addition, it can contain any ASCII character from the !
+ # (\\u0021) through the DEL character (\\u007F), including most
+ # punctuation characters, digits, and upper and lowercased letters.
#
#
#
# [1]: http://wikipedia.org/wiki/regex
#
@@ -5417,11 +5493,11 @@
# The name of the user to list groups for.
#
# This parameter allows (per its [regex pattern][1]) a string of
# characters consisting of upper and lowercase alphanumeric characters
# with no spaces. You can also include any of the following characters:
- # =,.@-
+ # \_+=,.@-
#
#
#
# [1]: http://wikipedia.org/wiki/regex
#
@@ -5505,12 +5581,13 @@
req = build_request(:list_groups_for_user, params)
req.send_request(options)
end
# Lists the instance profiles that have the specified path prefix. If
- # there are none, the action returns an empty list. For more information
- # about instance profiles, go to [About Instance Profiles][1].
+ # there are none, the operation returns an empty list. For more
+ # information about instance profiles, go to [About Instance
+ # Profiles][1].
#
# You can paginate the results using the `MaxItems` and `Marker`
# parameters.
#
#
@@ -5521,16 +5598,16 @@
# The path prefix for filtering the results. For example, the prefix
# `/application_abc/component_xyz/` gets all instance profiles whose
# path starts with `/application_abc/component_xyz/`.
#
# This parameter is optional. If it is not included, it defaults to a
- # slash (/), listing all instance profiles. This paramater allows (per
+ # slash (/), listing all instance profiles. This parameter allows (per
# its [regex pattern][1]) a string of characters consisting of either a
# forward slash (/) by itself or a string that must begin and end with
- # forward slashes, containing any ASCII character from the ! (\\u0021)
- # thru the DEL character (\\u007F), including most punctuation
- # characters, digits, and upper and lowercased letters.
+ # forward slashes. In addition, it can contain any ASCII character from
+ # the ! (\\u0021) through the DEL character (\\u007F), including most
+ # punctuation characters, digits, and upper and lowercased letters.
#
#
#
# [1]: http://wikipedia.org/wiki/regex
#
@@ -5580,10 +5657,11 @@
# resp.instance_profiles[0].roles[0].role_id #=> String
# resp.instance_profiles[0].roles[0].arn #=> String
# resp.instance_profiles[0].roles[0].create_date #=> Time
# resp.instance_profiles[0].roles[0].assume_role_policy_document #=> String
# resp.instance_profiles[0].roles[0].description #=> String
+ # resp.instance_profiles[0].roles[0].max_session_duration #=> Integer
# resp.is_truncated #=> Boolean
# resp.marker #=> String
#
# @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListInstanceProfiles AWS API Documentation
#
@@ -5593,11 +5671,11 @@
req = build_request(:list_instance_profiles, params)
req.send_request(options)
end
# Lists the instance profiles that have the specified associated IAM
- # role. If there are none, the action returns an empty list. For more
+ # role. If there are none, the operation returns an empty list. For more
# information about instance profiles, go to [About Instance
# Profiles][1].
#
# You can paginate the results using the `MaxItems` and `Marker`
# parameters.
@@ -5664,10 +5742,11 @@
# resp.instance_profiles[0].roles[0].role_id #=> String
# resp.instance_profiles[0].roles[0].arn #=> String
# resp.instance_profiles[0].roles[0].create_date #=> Time
# resp.instance_profiles[0].roles[0].assume_role_policy_document #=> String
# resp.instance_profiles[0].roles[0].description #=> String
+ # resp.instance_profiles[0].roles[0].max_session_duration #=> Integer
# resp.is_truncated #=> Boolean
# resp.marker #=> String
#
# @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListInstanceProfilesForRole AWS API Documentation
#
@@ -5677,25 +5756,25 @@
req = build_request(:list_instance_profiles_for_role, params)
req.send_request(options)
end
# Lists the MFA devices for an IAM user. If the request includes a IAM
- # user name, then this action lists all the MFA devices associated with
- # the specified user. If you do not specify a user name, IAM determines
- # the user name implicitly based on the AWS access key ID signing the
- # request for this API.
+ # user name, then this operation lists all the MFA devices associated
+ # with the specified user. If you do not specify a user name, IAM
+ # determines the user name implicitly based on the AWS access key ID
+ # signing the request for this API.
#
# You can paginate the results using the `MaxItems` and `Marker`
# parameters.
#
# @option params [String] :user_name
# The name of the user whose MFA devices you want to list.
#
# This parameter allows (per its [regex pattern][1]) a string of
# characters consisting of upper and lowercase alphanumeric characters
# with no spaces. You can also include any of the following characters:
- # =,.@-
+ # \_+=,.@-
#
#
#
# [1]: http://wikipedia.org/wiki/regex
#
@@ -5809,16 +5888,16 @@
# policies are returned.
#
# @option params [String] :path_prefix
# The path prefix for filtering the results. This parameter is optional.
# If it is not included, it defaults to a slash (/), listing all
- # policies. This paramater allows (per its [regex pattern][1]) a string
+ # policies. This parameter allows (per its [regex pattern][1]) a string
# of characters consisting of either a forward slash (/) by itself or a
- # string that must begin and end with forward slashes, containing any
- # ASCII character from the ! (\\u0021) thru the DEL character (\\u007F),
- # including most punctuation characters, digits, and upper and
- # lowercased letters.
+ # string that must begin and end with forward slashes. In addition, it
+ # can contain any ASCII character from the ! (\\u0021) through the DEL
+ # character (\\u007F), including most punctuation characters, digits,
+ # and upper and lowercased letters.
#
#
#
# [1]: http://wikipedia.org/wiki/regex
#
@@ -5962,11 +6041,11 @@
# ListAttachedRolePolicies. For more information about policies, see
# [Managed Policies and Inline Policies][1] in the *IAM User Guide*.
#
# You can paginate the results using the `MaxItems` and `Marker`
# parameters. If there are no inline policies embedded with the
- # specified role, the action returns an empty list.
+ # specified role, the operation returns an empty list.
#
#
#
# [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
#
@@ -6029,11 +6108,11 @@
req = build_request(:list_role_policies, params)
req.send_request(options)
end
# Lists the IAM roles that have the specified path prefix. If there are
- # none, the action returns an empty list. For more information about
+ # none, the operation returns an empty list. For more information about
# roles, go to [Working with Roles][1].
#
# You can paginate the results using the `MaxItems` and `Marker`
# parameters.
#
@@ -6045,16 +6124,16 @@
# The path prefix for filtering the results. For example, the prefix
# `/application_abc/component_xyz/` gets all roles whose path starts
# with `/application_abc/component_xyz/`.
#
# This parameter is optional. If it is not included, it defaults to a
- # slash (/), listing all roles. This paramater allows (per its [regex
+ # slash (/), listing all roles. This parameter allows (per its [regex
# pattern][1]) a string of characters consisting of either a forward
# slash (/) by itself or a string that must begin and end with forward
- # slashes, containing any ASCII character from the ! (\\u0021) thru the
- # DEL character (\\u007F), including most punctuation characters,
- # digits, and upper and lowercased letters.
+ # slashes. In addition, it can contain any ASCII character from the !
+ # (\\u0021) through the DEL character (\\u007F), including most
+ # punctuation characters, digits, and upper and lowercased letters.
#
#
#
# [1]: http://wikipedia.org/wiki/regex
#
@@ -6098,10 +6177,11 @@
# resp.roles[0].role_id #=> String
# resp.roles[0].arn #=> String
# resp.roles[0].create_date #=> Time
# resp.roles[0].assume_role_policy_document #=> String
# resp.roles[0].description #=> String
+ # resp.roles[0].max_session_duration #=> Integer
# resp.is_truncated #=> Boolean
# resp.marker #=> String
#
# @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListRoles AWS API Documentation
#
@@ -6142,14 +6222,14 @@
req = build_request(:list_saml_providers, params)
req.send_request(options)
end
# Returns information about the SSH public keys associated with the
- # specified IAM user. If there are none, the action returns an empty
+ # specified IAM user. If there are none, the operation returns an empty
# list.
#
- # The SSH public keys returned by this action are used only for
+ # The SSH public keys returned by this operation are used only for
# authenticating the IAM user to an AWS CodeCommit repository. For more
# information about using SSH keys to authenticate to an AWS CodeCommit
# repository, see [Set up AWS CodeCommit for SSH Connections][1] in the
# *AWS CodeCommit User Guide*.
#
@@ -6160,17 +6240,17 @@
#
# [1]: http://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-credentials-ssh.html
#
# @option params [String] :user_name
# The name of the IAM user to list SSH public keys for. If none is
- # specified, the UserName field is determined implicitly based on the
+ # specified, the `UserName` field is determined implicitly based on the
# AWS access key used to sign the request.
#
# This parameter allows (per its [regex pattern][1]) a string of
# characters consisting of upper and lowercase alphanumeric characters
# with no spaces. You can also include any of the following characters:
- # =,.@-
+ # \_+=,.@-
#
#
#
# [1]: http://wikipedia.org/wiki/regex
#
@@ -6224,19 +6304,19 @@
req = build_request(:list_ssh_public_keys, params)
req.send_request(options)
end
# Lists the server certificates stored in IAM that have the specified
- # path prefix. If none exist, the action returns an empty list.
+ # path prefix. If none exist, the operation returns an empty list.
#
# You can paginate the results using the `MaxItems` and `Marker`
# parameters.
#
- # For more information about working with server certificates, including
- # a list of AWS services that can use the server certificates that you
- # manage with IAM, go to [Working with Server Certificates][1] in the
- # *IAM User Guide*.
+ # For more information about working with server certificates, see
+ # [Working with Server Certificates][1] in the *IAM User Guide*. This
+ # topic also includes a list of AWS services that can use the server
+ # certificates that you manage with IAM.
#
#
#
# [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html
#
@@ -6244,16 +6324,16 @@
# The path prefix for filtering the results. For example:
# `/company/servercerts` would get all server certificates for which the
# path starts with `/company/servercerts`.
#
# This parameter is optional. If it is not included, it defaults to a
- # slash (/), listing all server certificates. This paramater allows (per
+ # slash (/), listing all server certificates. This parameter allows (per
# its [regex pattern][1]) a string of characters consisting of either a
# forward slash (/) by itself or a string that must begin and end with
- # forward slashes, containing any ASCII character from the ! (\\u0021)
- # thru the DEL character (\\u007F), including most punctuation
- # characters, digits, and upper and lowercased letters.
+ # forward slashes. In addition, it can contain any ASCII character from
+ # the ! (\\u0021) through the DEL character (\\u007F), including most
+ # punctuation characters, digits, and upper and lowercased letters.
#
#
#
# [1]: http://wikipedia.org/wiki/regex
#
@@ -6309,30 +6389,30 @@
req = build_request(:list_server_certificates, params)
req.send_request(options)
end
# Returns information about the service-specific credentials associated
- # with the specified IAM user. If there are none, the action returns an
- # empty list. The service-specific credentials returned by this action
- # are used only for authenticating the IAM user to a specific service.
- # For more information about using service-specific credentials to
- # authenticate to an AWS service, see [Set Up service-specific
+ # with the specified IAM user. If there are none, the operation returns
+ # an empty list. The service-specific credentials returned by this
+ # operation are used only for authenticating the IAM user to a specific
+ # service. For more information about using service-specific credentials
+ # to authenticate to an AWS service, see [Set Up service-specific
# credentials][1] in the AWS CodeCommit User Guide.
#
#
#
# [1]: http://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-gc.html
#
# @option params [String] :user_name
# The name of the user whose service-specific credentials you want
- # information about. If this value is not specified then the operation
+ # information about. If this value is not specified, then the operation
# assumes the user whose credentials are used to call the operation.
#
# This parameter allows (per its [regex pattern][1]) a string of
# characters consisting of upper and lowercase alphanumeric characters
# with no spaces. You can also include any of the following characters:
- # =,.@-
+ # \_+=,.@-
#
#
#
# [1]: http://wikipedia.org/wiki/regex
#
@@ -6370,31 +6450,31 @@
req = build_request(:list_service_specific_credentials, params)
req.send_request(options)
end
# Returns information about the signing certificates associated with the
- # specified IAM user. If there are none, the action returns an empty
+ # specified IAM user. If there are none, the operation returns an empty
# list.
#
# Although each user is limited to a small number of signing
# certificates, you can still paginate the results using the `MaxItems`
# and `Marker` parameters.
#
# If the `UserName` field is not specified, the user name is determined
# implicitly based on the AWS access key ID used to sign the request for
- # this API. Because this action works for access keys under the AWS
- # account, you can use this action to manage root credentials even if
- # the AWS account has no associated users.
+ # this API. Because this operation works for access keys under the AWS
+ # account, you can use this operation to manage AWS account root user
+ # credentials even if the AWS account has no associated users.
#
# @option params [String] :user_name
# The name of the IAM user whose signing certificates you want to
# examine.
#
# This parameter allows (per its [regex pattern][1]) a string of
# characters consisting of upper and lowercase alphanumeric characters
# with no spaces. You can also include any of the following characters:
- # =,.@-
+ # \_+=,.@-
#
#
#
# [1]: http://wikipedia.org/wiki/regex
#
@@ -6480,11 +6560,11 @@
# ListAttachedUserPolicies. For more information about policies, see
# [Managed Policies and Inline Policies][1] in the *IAM User Guide*.
#
# You can paginate the results using the `MaxItems` and `Marker`
# parameters. If there are no inline policies embedded with the
- # specified user, the action returns an empty list.
+ # specified user, the operation returns an empty list.
#
#
#
# [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
#
@@ -6492,11 +6572,11 @@
# The name of the user to list policies for.
#
# This parameter allows (per its [regex pattern][1]) a string of
# characters consisting of upper and lowercase alphanumeric characters
# with no spaces. You can also include any of the following characters:
- # =,.@-
+ # \_+=,.@-
#
#
#
# [1]: http://wikipedia.org/wiki/regex
#
@@ -6547,28 +6627,28 @@
req = build_request(:list_user_policies, params)
req.send_request(options)
end
# Lists the IAM users that have the specified path prefix. If no path
- # prefix is specified, the action returns all users in the AWS account.
- # If there are none, the action returns an empty list.
+ # prefix is specified, the operation returns all users in the AWS
+ # account. If there are none, the operation returns an empty list.
#
# You can paginate the results using the `MaxItems` and `Marker`
# parameters.
#
# @option params [String] :path_prefix
# The path prefix for filtering the results. For example:
# `/division_abc/subdivision_xyz/`, which would get all user names whose
# path starts with `/division_abc/subdivision_xyz/`.
#
# This parameter is optional. If it is not included, it defaults to a
- # slash (/), listing all user names. This paramater allows (per its
+ # slash (/), listing all user names. This parameter allows (per its
# [regex pattern][1]) a string of characters consisting of either a
# forward slash (/) by itself or a string that must begin and end with
- # forward slashes, containing any ASCII character from the ! (\\u0021)
- # thru the DEL character (\\u007F), including most punctuation
- # characters, digits, and upper and lowercased letters.
+ # forward slashes. In addition, it can contain any ASCII character from
+ # the ! (\\u0021) through the DEL character (\\u007F), including most
+ # punctuation characters, digits, and upper and lowercased letters.
#
#
#
# [1]: http://wikipedia.org/wiki/regex
#
@@ -6654,20 +6734,20 @@
req = build_request(:list_users, params)
req.send_request(options)
end
# Lists the virtual MFA devices defined in the AWS account by assignment
- # status. If you do not specify an assignment status, the action returns
- # a list of all virtual MFA devices. Assignment status can be
+ # status. If you do not specify an assignment status, the operation
+ # returns a list of all virtual MFA devices. Assignment status can be
# `Assigned`, `Unassigned`, or `Any`.
#
# You can paginate the results using the `MaxItems` and `Marker`
# parameters.
#
# @option params [String] :assignment_status
# The status (`Unassigned` or `Assigned`) of the devices to list. If you
- # do not specify an `AssignmentStatus`, the action defaults to `Any`
+ # do not specify an `AssignmentStatus`, the operation defaults to `Any`
# which lists both assigned and unassigned virtual MFA devices.
#
# @option params [String] :marker
# Use this parameter only when paginating results and only after you
# receive a response indicating that the results are truncated. Set it
@@ -6774,11 +6854,11 @@
# The name of the group to associate the policy with.
#
# This parameter allows (per its [regex pattern][1]) a string of
# characters consisting of upper and lowercase alphanumeric characters
# with no spaces. You can also include any of the following characters:
- # =,.@-
+ # \_+=,.@-
#
#
#
# [1]: http://wikipedia.org/wiki/regex
#
@@ -6786,29 +6866,33 @@
# The name of the policy document.
#
# This parameter allows (per its [regex pattern][1]) a string of
# characters consisting of upper and lowercase alphanumeric characters
# with no spaces. You can also include any of the following characters:
- # =,.@-+
+ # \_+=,.@-
#
#
#
# [1]: http://wikipedia.org/wiki/regex
#
# @option params [required, String] :policy_document
# The policy document.
#
# The [regex pattern][1] used to validate this parameter is a string of
- # characters consisting of any printable ASCII character ranging from
- # the space character (\\u0020) through end of the ASCII character range
- # as well as the printable characters in the Basic Latin and Latin-1
- # Supplement character set (through \\u00FF). It also includes the
- # special characters tab (\\u0009), line feed (\\u000A), and carriage
- # return (\\u000D).
+ # characters consisting of the following:
#
+ # * Any printable ASCII character ranging from the space character
+ # (\\u0020) through the end of the ASCII character range
#
+ # * The printable characters in the Basic Latin and Latin-1 Supplement
+ # character set (through \\u00FF)
#
+ # * The special characters tab (\\u0009), line feed (\\u000A), and
+ # carriage return (\\u000D)
+ #
+ #
+ #
# [1]: http://wikipedia.org/wiki/regex
#
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
#
#
@@ -6888,29 +6972,33 @@
# The name of the policy document.
#
# This parameter allows (per its [regex pattern][1]) a string of
# characters consisting of upper and lowercase alphanumeric characters
# with no spaces. You can also include any of the following characters:
- # =,.@-+
+ # \_+=,.@-
#
#
#
# [1]: http://wikipedia.org/wiki/regex
#
# @option params [required, String] :policy_document
# The policy document.
#
# The [regex pattern][1] used to validate this parameter is a string of
- # characters consisting of any printable ASCII character ranging from
- # the space character (\\u0020) through end of the ASCII character range
- # as well as the printable characters in the Basic Latin and Latin-1
- # Supplement character set (through \\u00FF). It also includes the
- # special characters tab (\\u0009), line feed (\\u000A), and carriage
- # return (\\u000D).
+ # characters consisting of the following:
#
+ # * Any printable ASCII character ranging from the space character
+ # (\\u0020) through the end of the ASCII character range
#
+ # * The printable characters in the Basic Latin and Latin-1 Supplement
+ # character set (through \\u00FF)
#
+ # * The special characters tab (\\u0009), line feed (\\u000A), and
+ # carriage return (\\u000D)
+ #
+ #
+ #
# [1]: http://wikipedia.org/wiki/regex
#
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
#
#
@@ -6970,11 +7058,11 @@
# The name of the user to associate the policy with.
#
# This parameter allows (per its [regex pattern][1]) a string of
# characters consisting of upper and lowercase alphanumeric characters
# with no spaces. You can also include any of the following characters:
- # =,.@-
+ # \_+=,.@-
#
#
#
# [1]: http://wikipedia.org/wiki/regex
#
@@ -6982,29 +7070,33 @@
# The name of the policy document.
#
# This parameter allows (per its [regex pattern][1]) a string of
# characters consisting of upper and lowercase alphanumeric characters
# with no spaces. You can also include any of the following characters:
- # =,.@-+
+ # \_+=,.@-
#
#
#
# [1]: http://wikipedia.org/wiki/regex
#
# @option params [required, String] :policy_document
# The policy document.
#
# The [regex pattern][1] used to validate this parameter is a string of
- # characters consisting of any printable ASCII character ranging from
- # the space character (\\u0020) through end of the ASCII character range
- # as well as the printable characters in the Basic Latin and Latin-1
- # Supplement character set (through \\u00FF). It also includes the
- # special characters tab (\\u0009), line feed (\\u000A), and carriage
- # return (\\u000D).
+ # characters consisting of the following:
#
+ # * Any printable ASCII character ranging from the space character
+ # (\\u0020) through the end of the ASCII character range
#
+ # * The printable characters in the Basic Latin and Latin-1 Supplement
+ # character set (through \\u00FF)
#
+ # * The special characters tab (\\u0009), line feed (\\u000A), and
+ # carriage return (\\u000D)
+ #
+ #
+ #
# [1]: http://wikipedia.org/wiki/regex
#
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
#
#
@@ -7037,17 +7129,17 @@
# Removes the specified client ID (also known as audience) from the list
# of client IDs registered for the specified IAM OpenID Connect (OIDC)
# provider resource object.
#
- # This action is idempotent; it does not fail or return an error if you
- # try to remove a client ID that does not exist.
+ # This operation is idempotent; it does not fail or return an error if
+ # you try to remove a client ID that does not exist.
#
# @option params [required, String] :open_id_connect_provider_arn
# The Amazon Resource Name (ARN) of the IAM OIDC provider resource to
# remove the client ID from. You can get a list of OIDC provider ARNs by
- # using the ListOpenIDConnectProviders action.
+ # using the ListOpenIDConnectProviders operation.
#
# For more information about ARNs, see [Amazon Resource Names (ARNs) and
# AWS Service Namespaces][1] in the *AWS General Reference*.
#
#
@@ -7078,12 +7170,12 @@
end
# Removes the specified IAM role from the specified EC2 instance
# profile.
#
- # Make sure you do not have any Amazon EC2 instances running with the
- # role you are about to remove from the instance profile. Removing a
+ # Make sure that you do not have any Amazon EC2 instances running with
+ # the role you are about to remove from the instance profile. Removing a
# role from an instance profile that is associated with a running
# instance might break any applications running on the instance.
#
# For more information about IAM roles, go to [Working with Roles][1].
# For more information about instance profiles, go to [About Instance
@@ -7098,11 +7190,11 @@
# The name of the instance profile to update.
#
# This parameter allows (per its [regex pattern][1]) a string of
# characters consisting of upper and lowercase alphanumeric characters
# with no spaces. You can also include any of the following characters:
- # =,.@-
+ # \_+=,.@-
#
#
#
# [1]: http://wikipedia.org/wiki/regex
#
@@ -7152,11 +7244,11 @@
# The name of the group to update.
#
# This parameter allows (per its [regex pattern][1]) a string of
# characters consisting of upper and lowercase alphanumeric characters
# with no spaces. You can also include any of the following characters:
- # =,.@-
+ # \_+=,.@-
#
#
#
# [1]: http://wikipedia.org/wiki/regex
#
@@ -7164,11 +7256,11 @@
# The name of the user to remove.
#
# This parameter allows (per its [regex pattern][1]) a string of
# characters consisting of upper and lowercase alphanumeric characters
# with no spaces. You can also include any of the following characters:
- # =,.@-
+ # \_+=,.@-
#
#
#
# [1]: http://wikipedia.org/wiki/regex
#
@@ -7211,11 +7303,11 @@
# the user whose credentials are used to call the operation.
#
# This parameter allows (per its [regex pattern][1]) a string of
# characters consisting of upper and lowercase alphanumeric characters
# with no spaces. You can also include any of the following characters:
- # =,.@-
+ # \_+=,.@-
#
#
#
# [1]: http://wikipedia.org/wiki/regex
#
@@ -7275,11 +7367,11 @@
# The name of the user whose MFA device you want to resynchronize.
#
# This parameter allows (per its [regex pattern][1]) a string of
# characters consisting of upper and lowercase alphanumeric characters
# with no spaces. You can also include any of the following characters:
- # =,.@-
+ # \_+=,.@-
#
#
#
# [1]: http://wikipedia.org/wiki/regex
#
@@ -7287,11 +7379,11 @@
# Serial number that uniquely identifies the MFA device.
#
# This parameter allows (per its [regex pattern][1]) a string of
# characters consisting of upper and lowercase alphanumeric characters
# with no spaces. You can also include any of the following characters:
- # =,.@-
+ # \_+=,.@-
#
#
#
# [1]: http://wikipedia.org/wiki/regex
#
@@ -7326,11 +7418,11 @@
end
# Sets the specified version of the specified policy as the policy's
# default (operative) version.
#
- # This action affects all users, groups, and roles that the policy is
+ # This operation affects all users, groups, and roles that the policy is
# attached to. To list the users, groups, and roles that the policy is
# attached to, use the ListEntitiesForPolicy API.
#
# For information about managed policies, see [Managed Policies and
# Inline Policies][1] in the *IAM User Guide*.
@@ -7377,17 +7469,17 @@
req = build_request(:set_default_policy_version, params)
req.send_request(options)
end
# Simulate how a set of IAM policies and optionally a resource-based
- # policy works with a list of API actions and AWS resources to determine
- # the policies' effective permissions. The policies are provided as
- # strings.
+ # policy works with a list of API operations and AWS resources to
+ # determine the policies' effective permissions. The policies are
+ # provided as strings.
#
- # The simulation does not perform the API actions; it only checks the
+ # The simulation does not perform the API operations; it only checks the
# authorization to determine if the simulated policies allow or deny the
- # actions.
+ # operations.
#
# If you want to simulate existing policies attached to an IAM user,
# group, or role, use SimulatePrincipalPolicy instead.
#
# Context keys are variables maintained by AWS and its services that
@@ -7404,31 +7496,36 @@
# is specified as a string containing the complete, valid JSON text of
# an IAM policy. Do not include any resource-based policies in this
# parameter. Any resource-based policy must be submitted with the
# `ResourcePolicy` parameter. The policies cannot be "scope-down"
# policies, such as you could include in a call to
- # [GetFederationToken][1] or one of the [AssumeRole][2] APIs to restrict
- # what a user can do while using the temporary credentials.
+ # [GetFederationToken][1] or one of the [AssumeRole][2] API operations.
+ # In other words, do not use policies designed to restrict what a user
+ # can do while using the temporary credentials.
#
# The [regex pattern][3] used to validate this parameter is a string of
- # characters consisting of any printable ASCII character ranging from
- # the space character (\\u0020) through end of the ASCII character range
- # as well as the printable characters in the Basic Latin and Latin-1
- # Supplement character set (through \\u00FF). It also includes the
- # special characters tab (\\u0009), line feed (\\u000A), and carriage
- # return (\\u000D).
+ # characters consisting of the following:
#
+ # * Any printable ASCII character ranging from the space character
+ # (\\u0020) through the end of the ASCII character range
#
+ # * The printable characters in the Basic Latin and Latin-1 Supplement
+ # character set (through \\u00FF)
#
+ # * The special characters tab (\\u0009), line feed (\\u000A), and
+ # carriage return (\\u000D)
+ #
+ #
+ #
# [1]: http://docs.aws.amazon.com/IAM/latest/APIReference/API_GetFederationToken.html
# [2]: http://docs.aws.amazon.com/IAM/latest/APIReference/API_AssumeRole.html
# [3]: http://wikipedia.org/wiki/regex
#
# @option params [required, Array<String>] :action_names
- # A list of names of API actions to evaluate in the simulation. Each
- # action is evaluated against each resource. Each action must include
- # the service identifier, such as `iam:CreateUser`.
+ # A list of names of API operations to evaluate in the simulation. Each
+ # operation is evaluated against each resource. Each operation must
+ # include the service identifier, such as `iam:CreateUser`.
#
# @option params [Array<String>] :resource_arns
# A list of ARNs of AWS resources to include in the simulation. If this
# parameter is not provided then the value defaults to `*` (all
# resources). Each API in the `ActionNames` parameter is evaluated for
@@ -7457,19 +7554,23 @@
# string. Each resource in the simulation is treated as if it had this
# policy attached. You can include only one resource-based policy in a
# simulation.
#
# The [regex pattern][1] used to validate this parameter is a string of
- # characters consisting of any printable ASCII character ranging from
- # the space character (\\u0020) through end of the ASCII character range
- # as well as the printable characters in the Basic Latin and Latin-1
- # Supplement character set (through \\u00FF). It also includes the
- # special characters tab (\\u0009), line feed (\\u000A), and carriage
- # return (\\u000D).
+ # characters consisting of the following:
#
+ # * Any printable ASCII character ranging from the space character
+ # (\\u0020) through the end of the ASCII character range
#
+ # * The printable characters in the Basic Latin and Latin-1 Supplement
+ # character set (through \\u00FF)
#
+ # * The special characters tab (\\u0009), line feed (\\u000A), and
+ # carriage return (\\u000D)
+ #
+ #
+ #
# [1]: http://wikipedia.org/wiki/regex
#
# @option params [String] :resource_owner
# An AWS account ID that specifies the owner of any simulated resource
# that does not identify its owner in the resource ARN, such as an S3
@@ -7482,39 +7583,39 @@
# is different from the account that owns the simulated calling user
# `CallerArn`.
#
# @option params [String] :caller_arn
# The ARN of the IAM user that you want to use as the simulated caller
- # of the APIs. `CallerArn` is required if you include a `ResourcePolicy`
- # so that the policy's `Principal` element has a value to use in
- # evaluating the policy.
+ # of the API operations. `CallerArn` is required if you include a
+ # `ResourcePolicy` so that the policy's `Principal` element has a value
+ # to use in evaluating the policy.
#
# You can specify only the ARN of an IAM user. You cannot specify the
# ARN of an assumed role, federated user, or a service principal.
#
# @option params [Array<Types::ContextEntry>] :context_entries
# A list of context keys and corresponding values for the simulation to
# use. Whenever a context key is evaluated in one of the simulated IAM
# permission policies, the corresponding value is supplied.
#
# @option params [String] :resource_handling_option
- # Specifies the type of simulation to run. Different APIs that support
- # resource-based policies require different combinations of resources.
- # By specifying the type of simulation to run, you enable the policy
- # simulator to enforce the presence of the required resources to ensure
- # reliable simulation results. If your simulation does not match one of
- # the following scenarios, then you can omit this parameter. The
+ # Specifies the type of simulation to run. Different API operations that
+ # support resource-based policies require different combinations of
+ # resources. By specifying the type of simulation to run, you enable the
+ # policy simulator to enforce the presence of the required resources to
+ # ensure reliable simulation results. If your simulation does not match
+ # one of the following scenarios, then you can omit this parameter. The
# following list shows each of the supported scenario values and the
# resources that you must define to run the simulation.
#
# Each of the EC2 scenarios requires that you specify instance, image,
# and security-group resources. If your scenario includes an EBS volume,
# then you must specify that volume as a resource. If the EC2 scenario
# includes VPC, then you must supply the network-interface resource. If
# it includes an IP subnet, then you must specify the subnet resource.
# For more information on the EC2 scenario options, see [Supported
- # Platforms][1] in the *AWS EC2 User Guide*.
+ # Platforms][1] in the *Amazon EC2 User Guide*.
#
# * **EC2-Classic-InstanceStore**
#
# instance, image, security-group
#
@@ -7630,27 +7731,27 @@
req = build_request(:simulate_custom_policy, params)
req.send_request(options)
end
# Simulate how a set of IAM policies attached to an IAM entity works
- # with a list of API actions and AWS resources to determine the
+ # with a list of API operations and AWS resources to determine the
# policies' effective permissions. The entity can be an IAM user,
# group, or role. If you specify a user, then the simulation also
# includes all of the policies that are attached to groups that the user
- # belongs to .
+ # belongs to.
#
# You can optionally include a list of one or more additional policies
# specified as strings to include in the simulation. If you want to
# simulate only policies specified as strings, use SimulateCustomPolicy
# instead.
#
# You can also optionally include one resource-based policy to be
# evaluated with each of the resources included in the simulation.
#
- # The simulation does not perform the API actions, it only checks the
+ # The simulation does not perform the API operations, it only checks the
# authorization to determine if the simulated policies allow or deny the
- # actions.
+ # operations.
#
# **Note:** This API discloses information about the permissions granted
# to other users. If you do not want users to see other user's
# permissions, then consider allowing them to use SimulateCustomPolicy
# instead.
@@ -7683,29 +7784,33 @@
# An optional list of additional policy documents to include in the
# simulation. Each document is specified as a string containing the
# complete, valid JSON text of an IAM policy.
#
# The [regex pattern][1] used to validate this parameter is a string of
- # characters consisting of any printable ASCII character ranging from
- # the space character (\\u0020) through end of the ASCII character range
- # as well as the printable characters in the Basic Latin and Latin-1
- # Supplement character set (through \\u00FF). It also includes the
- # special characters tab (\\u0009), line feed (\\u000A), and carriage
- # return (\\u000D).
+ # characters consisting of the following:
#
+ # * Any printable ASCII character ranging from the space character
+ # (\\u0020) through the end of the ASCII character range
#
+ # * The printable characters in the Basic Latin and Latin-1 Supplement
+ # character set (through \\u00FF)
#
+ # * The special characters tab (\\u0009), line feed (\\u000A), and
+ # carriage return (\\u000D)
+ #
+ #
+ #
# [1]: http://wikipedia.org/wiki/regex
#
# @option params [required, Array<String>] :action_names
- # A list of names of API actions to evaluate in the simulation. Each
- # action is evaluated for each resource. Each action must include the
- # service identifier, such as `iam:CreateUser`.
+ # A list of names of API operations to evaluate in the simulation. Each
+ # operation is evaluated for each resource. Each operation must include
+ # the service identifier, such as `iam:CreateUser`.
#
# @option params [Array<String>] :resource_arns
# A list of ARNs of AWS resources to include in the simulation. If this
- # parameter is not provided then the value defaults to `*` (all
+ # parameter is not provided, then the value defaults to `*` (all
# resources). Each API in the `ActionNames` parameter is evaluated for
# each resource in this list. The simulation determines the access
# result (allowed or denied) of each combination and reports it in the
# response.
#
@@ -7726,19 +7831,23 @@
# string. Each resource in the simulation is treated as if it had this
# policy attached. You can include only one resource-based policy in a
# simulation.
#
# The [regex pattern][1] used to validate this parameter is a string of
- # characters consisting of any printable ASCII character ranging from
- # the space character (\\u0020) through end of the ASCII character range
- # as well as the printable characters in the Basic Latin and Latin-1
- # Supplement character set (through \\u00FF). It also includes the
- # special characters tab (\\u0009), line feed (\\u000A), and carriage
- # return (\\u000D).
+ # characters consisting of the following:
#
+ # * Any printable ASCII character ranging from the space character
+ # (\\u0020) through the end of the ASCII character range
#
+ # * The printable characters in the Basic Latin and Latin-1 Supplement
+ # character set (through \\u00FF)
#
+ # * The special characters tab (\\u0009), line feed (\\u000A), and
+ # carriage return (\\u000D)
+ #
+ #
+ #
# [1]: http://wikipedia.org/wiki/regex
#
# @option params [String] :resource_owner
# An AWS account ID that specifies the owner of any simulated resource
# that does not identify its owner in the resource ARN, such as an S3
@@ -7751,17 +7860,17 @@
# is different from the account that owns the simulated calling user
# `CallerArn`.
#
# @option params [String] :caller_arn
# The ARN of the IAM user that you want to specify as the simulated
- # caller of the APIs. If you do not specify a `CallerArn`, it defaults
- # to the ARN of the user that you specify in `PolicySourceArn`, if you
- # specified a user. If you include both a `PolicySourceArn` (for
+ # caller of the API operations. If you do not specify a `CallerArn`, it
+ # defaults to the ARN of the user that you specify in `PolicySourceArn`,
+ # if you specified a user. If you include both a `PolicySourceArn` (for
# example, `arn:aws:iam::123456789012:user/David`) and a `CallerArn`
# (for example, `arn:aws:iam::123456789012:user/Bob`), the result is
- # that you simulate calling the APIs as Bob, as if Bob had David's
- # policies.
+ # that you simulate calling the API operations as Bob, as if Bob had
+ # David's policies.
#
# You can specify only the ARN of an IAM user. You cannot specify the
# ARN of an assumed role, federated user, or a service principal.
#
# `CallerArn` is required if you include a `ResourcePolicy` and the
@@ -7780,26 +7889,26 @@
# A list of context keys and corresponding values for the simulation to
# use. Whenever a context key is evaluated in one of the simulated IAM
# permission policies, the corresponding value is supplied.
#
# @option params [String] :resource_handling_option
- # Specifies the type of simulation to run. Different APIs that support
- # resource-based policies require different combinations of resources.
- # By specifying the type of simulation to run, you enable the policy
- # simulator to enforce the presence of the required resources to ensure
- # reliable simulation results. If your simulation does not match one of
- # the following scenarios, then you can omit this parameter. The
+ # Specifies the type of simulation to run. Different API operations that
+ # support resource-based policies require different combinations of
+ # resources. By specifying the type of simulation to run, you enable the
+ # policy simulator to enforce the presence of the required resources to
+ # ensure reliable simulation results. If your simulation does not match
+ # one of the following scenarios, then you can omit this parameter. The
# following list shows each of the supported scenario values and the
# resources that you must define to run the simulation.
#
# Each of the EC2 scenarios requires that you specify instance, image,
# and security-group resources. If your scenario includes an EBS volume,
# then you must specify that volume as a resource. If the EC2 scenario
# includes VPC, then you must supply the network-interface resource. If
# it includes an IP subnet, then you must specify the subnet resource.
# For more information on the EC2 scenario options, see [Supported
- # Platforms][1] in the *AWS EC2 User Guide*.
+ # Platforms][1] in the *Amazon EC2 User Guide*.
#
# * **EC2-Classic-InstanceStore**
#
# instance, image, security-group
#
@@ -7916,18 +8025,18 @@
req = build_request(:simulate_principal_policy, params)
req.send_request(options)
end
# Changes the status of the specified access key from Active to
- # Inactive, or vice versa. This action can be used to disable a user's
- # key as part of a key rotation work flow.
+ # Inactive, or vice versa. This operation can be used to disable a
+ # user's key as part of a key rotation workflow.
#
- # If the `UserName` field is not specified, the UserName is determined
+ # If the `UserName` field is not specified, the user name is determined
# implicitly based on the AWS access key ID used to sign the request.
- # Because this action works for access keys under the AWS account, you
- # can use this action to manage root credentials even if the AWS account
- # has no associated users.
+ # Because this operation works for access keys under the AWS account,
+ # you can use this operation to manage AWS account root user credentials
+ # even if the AWS account has no associated users.
#
# For information about rotating keys, see [Managing Keys and
# Certificates][1] in the *IAM User Guide*.
#
#
@@ -7938,11 +8047,11 @@
# The name of the user whose key you want to update.
#
# This parameter allows (per its [regex pattern][1]) a string of
# characters consisting of upper and lowercase alphanumeric characters
# with no spaces. You can also include any of the following characters:
- # =,.@-
+ # \_+=,.@-
#
#
#
# [1]: http://wikipedia.org/wiki/regex
#
@@ -7957,12 +8066,12 @@
#
# [1]: http://wikipedia.org/wiki/regex
#
# @option params [required, String] :status
# The status you want to assign to the secret access key. `Active` means
- # the key can be used for API calls to AWS, while `Inactive` means the
- # key cannot be used.
+ # that the key can be used for API calls to AWS, while `Inactive` means
+ # that the key cannot be used.
#
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
#
#
# @example Example: To activate or deactivate an access key for an IAM user
@@ -7993,15 +8102,20 @@
req.send_request(options)
end
# Updates the password policy settings for the AWS account.
#
- # <note markdown="1"> This action does not support partial updates. No parameters are
- # required, but if you do not specify a parameter, that parameter's
- # value reverts to its default value. See the **Request Parameters**
- # section for each parameter's default value.
+ # <note markdown="1"> * This operation does not support partial updates. No parameters are
+ # required, but if you do not specify a parameter, that parameter's
+ # value reverts to its default value. See the **Request Parameters**
+ # section for each parameter's default value. Also note that some
+ # parameters do not allow the default parameter to be explicitly set.
+ # Instead, to invoke the default value, do not include that parameter
+ # when you invoke the operation.
#
+ # ^
+ #
# </note>
#
# For more information about using a password policy, see [Managing an
# IAM Password Policy][1] in the *IAM User Guide*.
#
@@ -8010,67 +8124,85 @@
# [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingPasswordPolicies.html
#
# @option params [Integer] :minimum_password_length
# The minimum number of characters allowed in an IAM user password.
#
- # Default value: 6
+ # If you do not specify a value for this parameter, then the operation
+ # uses the default value of `6`.
#
# @option params [Boolean] :require_symbols
# Specifies whether IAM user passwords must contain at least one of the
# following non-alphanumeric characters:
#
# ! @ # $ % ^ &amp; * ( ) \_ + - = \[ \] \\\{ \\} \| '
#
- # Default value: false
+ # If you do not specify a value for this parameter, then the operation
+ # uses the default value of `false`. The result is that passwords do not
+ # require at least one symbol character.
#
# @option params [Boolean] :require_numbers
# Specifies whether IAM user passwords must contain at least one numeric
# character (0 to 9).
#
- # Default value: false
+ # If you do not specify a value for this parameter, then the operation
+ # uses the default value of `false`. The result is that passwords do not
+ # require at least one numeric character.
#
# @option params [Boolean] :require_uppercase_characters
# Specifies whether IAM user passwords must contain at least one
# uppercase character from the ISO basic Latin alphabet (A to Z).
#
- # Default value: false
+ # If you do not specify a value for this parameter, then the operation
+ # uses the default value of `false`. The result is that passwords do not
+ # require at least one uppercase character.
#
# @option params [Boolean] :require_lowercase_characters
# Specifies whether IAM user passwords must contain at least one
# lowercase character from the ISO basic Latin alphabet (a to z).
#
- # Default value: false
+ # If you do not specify a value for this parameter, then the operation
+ # uses the default value of `false`. The result is that passwords do not
+ # require at least one lowercase character.
#
# @option params [Boolean] :allow_users_to_change_password
# Allows all IAM users in your account to use the AWS Management Console
# to change their own passwords. For more information, see [Letting IAM
# Users Change Their Own Passwords][1] in the *IAM User Guide*.
#
- # Default value: false
+ # If you do not specify a value for this parameter, then the operation
+ # uses the default value of `false`. The result is that IAM users in the
+ # account do not automatically have permissions to change their own
+ # password.
#
#
#
# [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/HowToPwdIAMUser.html
#
# @option params [Integer] :max_password_age
- # The number of days that an IAM user password is valid. The default
- # value of 0 means IAM user passwords never expire.
+ # The number of days that an IAM user password is valid.
#
- # Default value: 0
+ # If you do not specify a value for this parameter, then the operation
+ # uses the default value of `0`. The result is that IAM user passwords
+ # never expire.
#
# @option params [Integer] :password_reuse_prevention
# Specifies the number of previous passwords that IAM users are
- # prevented from reusing. The default value of 0 means IAM users are not
+ # prevented from reusing.
+ #
+ # If you do not specify a value for this parameter, then the operation
+ # uses the default value of `0`. The result is that IAM users are not
# prevented from reusing previous passwords.
#
- # Default value: 0
- #
# @option params [Boolean] :hard_expiry
# Prevents IAM users from setting a new password after their password
- # has expired.
+ # has expired. The IAM user cannot be accessed until an administrator
+ # resets the password.
#
- # Default value: false
+ # If you do not specify a value for this parameter, then the operation
+ # uses the default value of `false`. The result is that IAM users can
+ # change their passwords after they expire and continue to sign in as
+ # the user.
#
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
#
#
# @example Example: To set or change the current account password policy
@@ -8129,19 +8261,23 @@
#
# @option params [required, String] :policy_document
# The policy that grants an entity permission to assume the role.
#
# The [regex pattern][1] used to validate this parameter is a string of
- # characters consisting of any printable ASCII character ranging from
- # the space character (\\u0020) through end of the ASCII character range
- # as well as the printable characters in the Basic Latin and Latin-1
- # Supplement character set (through \\u00FF). It also includes the
- # special characters tab (\\u0009), line feed (\\u000A), and carriage
- # return (\\u000D).
+ # characters consisting of the following:
#
+ # * Any printable ASCII character ranging from the space character
+ # (\\u0020) through the end of the ASCII character range
#
+ # * The printable characters in the Basic Latin and Latin-1 Supplement
+ # character set (through \\u00FF)
#
+ # * The special characters tab (\\u0009), line feed (\\u000A), and
+ # carriage return (\\u000D)
+ #
+ #
+ #
# [1]: http://wikipedia.org/wiki/regex
#
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
#
#
@@ -8174,47 +8310,48 @@
#
# You should understand the implications of changing a group's path or
# name. For more information, see [Renaming Users and Groups][1] in the
# *IAM User Guide*.
#
- # <note markdown="1"> To change an IAM group name the requester must have appropriate
- # permissions on both the source object and the target object. For
- # example, to change "Managers" to "MGRs", the entity making the
- # request must have permission on both "Managers" and "MGRs", or
- # must have permission on all (*). For more information about
- # permissions, see [Permissions and Policies][2].
+ # <note markdown="1"> The person making the request (the principal), must have permission to
+ # change the role group with the old name and the new name. For example,
+ # to change the group named `Managers` to `MGRs`, the principal must
+ # have a policy that allows them to update both groups. If the principal
+ # has permission to update the `Managers` group, but not the `MGRs`
+ # group, then the update fails. For more information about permissions,
+ # see [Access Management][2].
#
# </note>
#
#
#
# [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_WorkingWithGroupsAndUsers.html
- # [2]: http://docs.aws.amazon.com/IAM/latest/UserGuide/PermissionsAndPolicies.html
+ # [2]: http://docs.aws.amazon.com/IAM/latest/UserGuide/access.html
#
# @option params [required, String] :group_name
# Name of the IAM group to update. If you're changing the name of the
# group, this is the original name.
#
# This parameter allows (per its [regex pattern][1]) a string of
# characters consisting of upper and lowercase alphanumeric characters
# with no spaces. You can also include any of the following characters:
- # =,.@-
+ # \_+=,.@-
#
#
#
# [1]: http://wikipedia.org/wiki/regex
#
# @option params [String] :new_path
# New path for the IAM group. Only include this if changing the group's
# path.
#
- # This paramater allows (per its [regex pattern][1]) a string of
+ # This parameter allows (per its [regex pattern][1]) a string of
# characters consisting of either a forward slash (/) by itself or a
- # string that must begin and end with forward slashes, containing any
- # ASCII character from the ! (\\u0021) thru the DEL character (\\u007F),
- # including most punctuation characters, digits, and upper and
- # lowercased letters.
+ # string that must begin and end with forward slashes. In addition, it
+ # can contain any ASCII character from the ! (\\u0021) through the DEL
+ # character (\\u007F), including most punctuation characters, digits,
+ # and upper and lowercased letters.
#
#
#
# [1]: http://wikipedia.org/wiki/regex
#
@@ -8223,11 +8360,11 @@
# name.
#
# This parameter allows (per its [regex pattern][1]) a string of
# characters consisting of upper and lowercase alphanumeric characters
# with no spaces. You can also include any of the following characters:
- # =,.@-
+ # \_+=,.@-
#
#
#
# [1]: http://wikipedia.org/wiki/regex
#
@@ -8274,31 +8411,37 @@
# The name of the user whose password you want to update.
#
# This parameter allows (per its [regex pattern][1]) a string of
# characters consisting of upper and lowercase alphanumeric characters
# with no spaces. You can also include any of the following characters:
- # =,.@-
+ # \_+=,.@-
#
#
#
# [1]: http://wikipedia.org/wiki/regex
#
# @option params [String] :password
# The new password for the specified IAM user.
#
# The [regex pattern][1] used to validate this parameter is a string of
- # characters consisting of any printable ASCII character ranging from
- # the space character (\\u0020) through end of the ASCII character range
- # as well as the printable characters in the Basic Latin and Latin-1
- # Supplement character set (through \\u00FF). It also includes the
- # special characters tab (\\u0009), line feed (\\u000A), and carriage
- # return (\\u000D). However, the format can be further restricted by the
- # account administrator by setting a password policy on the AWS account.
- # For more information, see UpdateAccountPasswordPolicy.
+ # characters consisting of the following:
#
+ # * Any printable ASCII character ranging from the space character
+ # (\\u0020) through the end of the ASCII character range
#
+ # * The printable characters in the Basic Latin and Latin-1 Supplement
+ # character set (through \\u00FF)
#
+ # * The special characters tab (\\u0009), line feed (\\u000A), and
+ # carriage return (\\u000D)
+ #
+ # However, the format can be further restricted by the account
+ # administrator by setting a password policy on the AWS account. For
+ # more information, see UpdateAccountPasswordPolicy.
+ #
+ #
+ #
# [1]: http://wikipedia.org/wiki/regex
#
# @option params [Boolean] :password_reset_required
# Allows this new password to be used only once by requiring the
# specified IAM user to set a new password on next sign-in.
@@ -8334,31 +8477,31 @@
# Replaces the existing list of server certificate thumbprints
# associated with an OpenID Connect (OIDC) provider resource object with
# a new list of thumbprints.
#
- # The list that you pass with this action completely replaces the
+ # The list that you pass with this operation completely replaces the
# existing list of thumbprints. (The lists are not merged.)
#
# Typically, you need to update a thumbprint only when the identity
# provider's certificate changes, which occurs rarely. However, if the
# provider's certificate *does* change, any attempt to assume an IAM
# role that specifies the OIDC provider as a principal fails until the
# certificate thumbprint is updated.
#
- # <note markdown="1"> Because trust for the OIDC provider is ultimately derived from the
- # provider's certificate and is validated by the thumbprint, it is a
- # best practice to limit access to the
- # `UpdateOpenIDConnectProviderThumbprint` action to highly-privileged
- # users.
+ # <note markdown="1"> Because trust for the OIDC provider is derived from the provider's
+ # certificate and is validated by the thumbprint, it is best to limit
+ # access to the `UpdateOpenIDConnectProviderThumbprint` operation to
+ # highly privileged users.
#
# </note>
#
# @option params [required, String] :open_id_connect_provider_arn
# The Amazon Resource Name (ARN) of the IAM OIDC provider resource
# object for which you want to update the thumbprint. You can get a list
- # of OIDC provider ARNs by using the ListOpenIDConnectProviders action.
+ # of OIDC provider ARNs by using the ListOpenIDConnectProviders
+ # operation.
#
# For more information about ARNs, see [Amazon Resource Names (ARNs) and
# AWS Service Namespaces][1] in the *AWS General Reference*.
#
#
@@ -8386,15 +8529,67 @@
def update_open_id_connect_provider_thumbprint(params = {}, options = {})
req = build_request(:update_open_id_connect_provider_thumbprint, params)
req.send_request(options)
end
- # Modifies the description of a role.
+ # Updates the description or maximum session duration setting of a role.
#
# @option params [required, String] :role_name
# The name of the role that you want to modify.
#
+ # @option params [String] :description
+ # The new description that you want to apply to the specified role.
+ #
+ # @option params [Integer] :max_session_duration
+ # The maximum session duration (in seconds) that you want to set for the
+ # specified role. If you do not specify a value for this setting, the
+ # default maximum of one hour is applied. This setting can have a value
+ # from 1 hour to 12 hours.
+ #
+ # Anyone who assumes the role from the AWS CLI or API can use the
+ # `DurationSeconds` API parameter or the `duration-seconds` CLI
+ # parameter to request a longer session. The `MaxSessionDuration`
+ # setting determines the maximum duration that can be requested using
+ # the `DurationSeconds` parameter. If users don't specify a value for
+ # the `DurationSeconds` parameter, their security credentials are valid
+ # for one hour by default. This applies when you use the `AssumeRole*`
+ # API operations or the `assume-role*` CLI operations but does not apply
+ # when you use those operations to create a console URL. For more
+ # information, see [Using IAM Roles][1] in the *IAM User Guide*.
+ #
+ #
+ #
+ # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html
+ #
+ # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
+ #
+ # @example Request syntax with placeholder values
+ #
+ # resp = client.update_role({
+ # role_name: "roleNameType", # required
+ # description: "roleDescriptionType",
+ # max_session_duration: 1,
+ # })
+ #
+ # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UpdateRole AWS API Documentation
+ #
+ # @overload update_role(params = {})
+ # @param [Hash] params ({})
+ def update_role(params = {}, options = {})
+ req = build_request(:update_role, params)
+ req.send_request(options)
+ end
+
+ # Use instead.
+ #
+ # Modifies only the description of a role. This operation performs the
+ # same function as the `Description` parameter in the `UpdateRole`
+ # operation.
+ #
+ # @option params [required, String] :role_name
+ # The name of the role that you want to modify.
+ #
# @option params [required, String] :description
# The new description that you want to apply to the specified role.
#
# @return [Types::UpdateRoleDescriptionResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
#
@@ -8414,10 +8609,11 @@
# resp.role.role_id #=> String
# resp.role.arn #=> String
# resp.role.create_date #=> Time
# resp.role.assume_role_policy_document #=> String
# resp.role.description #=> String
+ # resp.role.max_session_duration #=> Integer
#
# @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UpdateRoleDescription AWS API Documentation
#
# @overload update_role_description(params = {})
# @param [Hash] params ({})
@@ -8479,14 +8675,14 @@
req.send_request(options)
end
# Sets the status of an IAM user's SSH public key to active or
# inactive. SSH public keys that are inactive cannot be used for
- # authentication. This action can be used to disable a user's SSH
+ # authentication. This operation can be used to disable a user's SSH
# public key as part of a key rotation work flow.
#
- # The SSH public key affected by this action is used only for
+ # The SSH public key affected by this operation is used only for
# authenticating the associated IAM user to an AWS CodeCommit
# repository. For more information about using SSH keys to authenticate
# to an AWS CodeCommit repository, see [Set up AWS CodeCommit for SSH
# Connections][1] in the *AWS CodeCommit User Guide*.
#
@@ -8498,11 +8694,11 @@
# The name of the IAM user associated with the SSH public key.
#
# This parameter allows (per its [regex pattern][1]) a string of
# characters consisting of upper and lowercase alphanumeric characters
# with no spaces. You can also include any of the following characters:
- # =,.@-
+ # \_+=,.@-
#
#
#
# [1]: http://wikipedia.org/wiki/regex
#
@@ -8516,13 +8712,13 @@
#
#
# [1]: http://wikipedia.org/wiki/regex
#
# @option params [required, String] :status
- # The status to assign to the SSH public key. `Active` means the key can
- # be used for authentication with an AWS CodeCommit repository.
- # `Inactive` means the key cannot be used.
+ # The status to assign to the SSH public key. `Active` means that the
+ # key can be used for authentication with an AWS CodeCommit repository.
+ # `Inactive` means that the key cannot be used.
#
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
#
# @example Request syntax with placeholder values
#
@@ -8542,25 +8738,26 @@
end
# Updates the name and/or the path of the specified server certificate
# stored in IAM.
#
- # For more information about working with server certificates, including
- # a list of AWS services that can use the server certificates that you
- # manage with IAM, go to [Working with Server Certificates][1] in the
- # *IAM User Guide*.
+ # For more information about working with server certificates, see
+ # [Working with Server Certificates][1] in the *IAM User Guide*. This
+ # topic also includes a list of AWS services that can use the server
+ # certificates that you manage with IAM.
#
# You should understand the implications of changing a server
# certificate's path or name. For more information, see [Renaming a
# Server Certificate][2] in the *IAM User Guide*.
#
- # <note markdown="1"> To change a server certificate name the requester must have
- # appropriate permissions on both the source object and the target
- # object. For example, to change the name from "ProductionCert" to
- # "ProdCert", the entity making the request must have permission on
- # "ProductionCert" and "ProdCert", or must have permission on all
- # (*). For more information about permissions, see [Access
+ # <note markdown="1"> The person making the request (the principal), must have permission to
+ # change the server certificate with the old name and the new name. For
+ # example, to change the certificate named `ProductionCert` to
+ # `ProdCert`, the principal must have a policy that allows them to
+ # update both certificates. If the principal has permission to update
+ # the `ProductionCert` group, but not the `ProdCert` certificate, then
+ # the update fails. For more information about permissions, see [Access
# Management][3] in the *IAM User Guide*.
#
# </note>
#
#
@@ -8573,26 +8770,26 @@
# The name of the server certificate that you want to update.
#
# This parameter allows (per its [regex pattern][1]) a string of
# characters consisting of upper and lowercase alphanumeric characters
# with no spaces. You can also include any of the following characters:
- # =,.@-
+ # \_+=,.@-
#
#
#
# [1]: http://wikipedia.org/wiki/regex
#
# @option params [String] :new_path
# The new path for the server certificate. Include this only if you are
# updating the server certificate's path.
#
- # This paramater allows (per its [regex pattern][1]) a string of
+ # This parameter allows (per its [regex pattern][1]) a string of
# characters consisting of either a forward slash (/) by itself or a
- # string that must begin and end with forward slashes, containing any
- # ASCII character from the ! (\\u0021) thru the DEL character (\\u007F),
- # including most punctuation characters, digits, and upper and
- # lowercased letters.
+ # string that must begin and end with forward slashes. In addition, it
+ # can contain any ASCII character from the ! (\\u0021) through the DEL
+ # character (\\u007F), including most punctuation characters, digits,
+ # and upper and lowercased letters.
#
#
#
# [1]: http://wikipedia.org/wiki/regex
#
@@ -8602,11 +8799,11 @@
# cannot contain any spaces.
#
# This parameter allows (per its [regex pattern][1]) a string of
# characters consisting of upper and lowercase alphanumeric characters
# with no spaces. You can also include any of the following characters:
- # =,.@-
+ # \_+=,.@-
#
#
#
# [1]: http://wikipedia.org/wiki/regex
#
@@ -8629,11 +8826,11 @@
req.send_request(options)
end
# Sets the status of a service-specific credential to `Active` or
# `Inactive`. Service-specific credentials that are inactive cannot be
- # used for authentication to the service. This action can be used to
+ # used for authentication to the service. This operation can be used to
# disable a user’s service-specific credential as part of a credential
# rotation work flow.
#
# @option params [String] :user_name
# The name of the IAM user associated with the service-specific
@@ -8641,11 +8838,11 @@
# assumes the user whose credentials are used to call the operation.
#
# This parameter allows (per its [regex pattern][1]) a string of
# characters consisting of upper and lowercase alphanumeric characters
# with no spaces. You can also include any of the following characters:
- # =,.@-
+ # \_+=,.@-
#
#
#
# [1]: http://wikipedia.org/wiki/regex
#
@@ -8681,27 +8878,27 @@
req = build_request(:update_service_specific_credential, params)
req.send_request(options)
end
# Changes the status of the specified user signing certificate from
- # active to disabled, or vice versa. This action can be used to disable
- # an IAM user's signing certificate as part of a certificate rotation
- # work flow.
+ # active to disabled, or vice versa. This operation can be used to
+ # disable an IAM user's signing certificate as part of a certificate
+ # rotation work flow.
#
- # If the `UserName` field is not specified, the UserName is determined
+ # If the `UserName` field is not specified, the user name is determined
# implicitly based on the AWS access key ID used to sign the request.
- # Because this action works for access keys under the AWS account, you
- # can use this action to manage root credentials even if the AWS account
- # has no associated users.
+ # Because this operation works for access keys under the AWS account,
+ # you can use this operation to manage AWS account root user credentials
+ # even if the AWS account has no associated users.
#
# @option params [String] :user_name
# The name of the IAM user the signing certificate belongs to.
#
# This parameter allows (per its [regex pattern][1]) a string of
# characters consisting of upper and lowercase alphanumeric characters
# with no spaces. You can also include any of the following characters:
- # =,.@-
+ # \_+=,.@-
#
#
#
# [1]: http://wikipedia.org/wiki/regex
#
@@ -8715,12 +8912,12 @@
#
#
# [1]: http://wikipedia.org/wiki/regex
#
# @option params [required, String] :status
- # The status you want to assign to the certificate. `Active` means the
- # certificate can be used for API calls to AWS, while `Inactive` means
+ # The status you want to assign to the certificate. `Active` means that
+ # the certificate can be used for API calls to AWS `Inactive` means that
# the certificate cannot be used.
#
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
#
#
@@ -8755,11 +8952,11 @@
#
# You should understand the implications of changing an IAM user's path
# or name. For more information, see [Renaming an IAM User][1] and
# [Renaming an IAM Group][2] in the *IAM User Guide*.
#
- # <note markdown="1"> To change a user name the requester must have appropriate permissions
+ # <note markdown="1"> To change a user name, the requester must have appropriate permissions
# on both the source object and the target object. For example, to
# change Bob to Robert, the entity making the request must have
# permission on Bob and Robert, or must have permission on all (*). For
# more information about permissions, see [Permissions and Policies][3].
#
@@ -8776,26 +8973,26 @@
# this is the original user name.
#
# This parameter allows (per its [regex pattern][1]) a string of
# characters consisting of upper and lowercase alphanumeric characters
# with no spaces. You can also include any of the following characters:
- # =,.@-
+ # \_+=,.@-
#
#
#
# [1]: http://wikipedia.org/wiki/regex
#
# @option params [String] :new_path
# New path for the IAM user. Include this parameter only if you're
# changing the user's path.
#
- # This paramater allows (per its [regex pattern][1]) a string of
+ # This parameter allows (per its [regex pattern][1]) a string of
# characters consisting of either a forward slash (/) by itself or a
- # string that must begin and end with forward slashes, containing any
- # ASCII character from the ! (\\u0021) thru the DEL character (\\u007F),
- # including most punctuation characters, digits, and upper and
- # lowercased letters.
+ # string that must begin and end with forward slashes. In addition, it
+ # can contain any ASCII character from the ! (\\u0021) through the DEL
+ # character (\\u007F), including most punctuation characters, digits,
+ # and upper and lowercased letters.
#
#
#
# [1]: http://wikipedia.org/wiki/regex
#
@@ -8804,11 +9001,11 @@
# the user's name.
#
# This parameter allows (per its [regex pattern][1]) a string of
# characters consisting of upper and lowercase alphanumeric characters
# with no spaces. You can also include any of the following characters:
- # =,.@-
+ # \_+=,.@-
#
#
#
# [1]: http://wikipedia.org/wiki/regex
#
@@ -8842,11 +9039,11 @@
end
# Uploads an SSH public key and associates it with the specified IAM
# user.
#
- # The SSH public key uploaded by this action can be used only for
+ # The SSH public key uploaded by this operation can be used only for
# authenticating the associated IAM user to an AWS CodeCommit
# repository. For more information about using SSH keys to authenticate
# to an AWS CodeCommit repository, see [Set up AWS CodeCommit for SSH
# Connections][1] in the *AWS CodeCommit User Guide*.
#
@@ -8858,30 +9055,34 @@
# The name of the IAM user to associate the SSH public key with.
#
# This parameter allows (per its [regex pattern][1]) a string of
# characters consisting of upper and lowercase alphanumeric characters
# with no spaces. You can also include any of the following characters:
- # =,.@-
+ # \_+=,.@-
#
#
#
# [1]: http://wikipedia.org/wiki/regex
#
# @option params [required, String] :ssh_public_key_body
# The SSH public key. The public key must be encoded in ssh-rsa format
# or PEM format.
#
# The [regex pattern][1] used to validate this parameter is a string of
- # characters consisting of any printable ASCII character ranging from
- # the space character (\\u0020) through end of the ASCII character range
- # as well as the printable characters in the Basic Latin and Latin-1
- # Supplement character set (through \\u00FF). It also includes the
- # special characters tab (\\u0009), line feed (\\u000A), and carriage
- # return (\\u000D).
+ # characters consisting of the following:
#
+ # * Any printable ASCII character ranging from the space character
+ # (\\u0020) through the end of the ASCII character range
#
+ # * The printable characters in the Basic Latin and Latin-1 Supplement
+ # character set (through \\u00FF)
#
+ # * The special characters tab (\\u0009), line feed (\\u000A), and
+ # carriage return (\\u000D)
+ #
+ #
+ #
# [1]: http://wikipedia.org/wiki/regex
#
# @return [Types::UploadSSHPublicKeyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
#
# * {Types::UploadSSHPublicKeyResponse#ssh_public_key #ssh_public_key} => Types::SSHPublicKey
@@ -8920,14 +9121,14 @@
# a certificate, deploy it to AWS resources, and let ACM handle
# certificate renewals for you. Certificates provided by ACM are free.
# For more information about using ACM, see the [AWS Certificate Manager
# User Guide][2].
#
- # For more information about working with server certificates, including
- # a list of AWS services that can use the server certificates that you
- # manage with IAM, go to [Working with Server Certificates][3] in the
- # *IAM User Guide*.
+ # For more information about working with server certificates, see
+ # [Working with Server Certificates][3] in the *IAM User Guide*. This
+ # topic includes a list of AWS services that can use the server
+ # certificates that you manage with IAM.
#
# For information about the number of server certificates you can
# upload, see [Limitations on IAM Entities and Objects][4] in the *IAM
# User Guide*.
#
@@ -8953,20 +9154,20 @@
# @option params [String] :path
# The path for the server certificate. For more information about paths,
# see [IAM Identifiers][1] in the *IAM User Guide*.
#
# This parameter is optional. If it is not included, it defaults to a
- # slash (/). This paramater allows (per its [regex pattern][2]) a string
+ # slash (/). This parameter allows (per its [regex pattern][2]) a string
# of characters consisting of either a forward slash (/) by itself or a
- # string that must begin and end with forward slashes, containing any
- # ASCII character from the ! (\\u0021) thru the DEL character (\\u007F),
- # including most punctuation characters, digits, and upper and
- # lowercased letters.
+ # string that must begin and end with forward slashes. In addition, it
+ # can contain any ASCII character from the ! (\\u0021) through the DEL
+ # character (\\u007F), including most punctuation characters, digits,
+ # and upper and lowercased letters.
#
# <note markdown="1"> If you are uploading a server certificate specifically for use with
# Amazon CloudFront distributions, you must specify a path using the
- # `--path` option. The path must begin with `/cloudfront` and must
+ # `path` parameter. The path must begin with `/cloudfront` and must
# include a trailing slash (for example, `/cloudfront/test/`).
#
# </note>
#
#
@@ -8979,60 +9180,72 @@
# value. The name of the certificate cannot contain any spaces.
#
# This parameter allows (per its [regex pattern][1]) a string of
# characters consisting of upper and lowercase alphanumeric characters
# with no spaces. You can also include any of the following characters:
- # =,.@-
+ # \_+=,.@-
#
#
#
# [1]: http://wikipedia.org/wiki/regex
#
# @option params [required, String] :certificate_body
# The contents of the public key certificate in PEM-encoded format.
#
# The [regex pattern][1] used to validate this parameter is a string of
- # characters consisting of any printable ASCII character ranging from
- # the space character (\\u0020) through end of the ASCII character range
- # as well as the printable characters in the Basic Latin and Latin-1
- # Supplement character set (through \\u00FF). It also includes the
- # special characters tab (\\u0009), line feed (\\u000A), and carriage
- # return (\\u000D).
+ # characters consisting of the following:
#
+ # * Any printable ASCII character ranging from the space character
+ # (\\u0020) through the end of the ASCII character range
#
+ # * The printable characters in the Basic Latin and Latin-1 Supplement
+ # character set (through \\u00FF)
#
+ # * The special characters tab (\\u0009), line feed (\\u000A), and
+ # carriage return (\\u000D)
+ #
+ #
+ #
# [1]: http://wikipedia.org/wiki/regex
#
# @option params [required, String] :private_key
# The contents of the private key in PEM-encoded format.
#
# The [regex pattern][1] used to validate this parameter is a string of
- # characters consisting of any printable ASCII character ranging from
- # the space character (\\u0020) through end of the ASCII character range
- # as well as the printable characters in the Basic Latin and Latin-1
- # Supplement character set (through \\u00FF). It also includes the
- # special characters tab (\\u0009), line feed (\\u000A), and carriage
- # return (\\u000D).
+ # characters consisting of the following:
#
+ # * Any printable ASCII character ranging from the space character
+ # (\\u0020) through the end of the ASCII character range
#
+ # * The printable characters in the Basic Latin and Latin-1 Supplement
+ # character set (through \\u00FF)
#
+ # * The special characters tab (\\u0009), line feed (\\u000A), and
+ # carriage return (\\u000D)
+ #
+ #
+ #
# [1]: http://wikipedia.org/wiki/regex
#
# @option params [String] :certificate_chain
# The contents of the certificate chain. This is typically a
# concatenation of the PEM-encoded public key certificates of the chain.
#
# The [regex pattern][1] used to validate this parameter is a string of
- # characters consisting of any printable ASCII character ranging from
- # the space character (\\u0020) through end of the ASCII character range
- # as well as the printable characters in the Basic Latin and Latin-1
- # Supplement character set (through \\u00FF). It also includes the
- # special characters tab (\\u0009), line feed (\\u000A), and carriage
- # return (\\u000D).
+ # characters consisting of the following:
#
+ # * Any printable ASCII character ranging from the space character
+ # (\\u0020) through the end of the ASCII character range
#
+ # * The printable characters in the Basic Latin and Latin-1 Supplement
+ # character set (through \\u00FF)
#
+ # * The special characters tab (\\u0009), line feed (\\u000A), and
+ # carriage return (\\u000D)
+ #
+ #
+ #
# [1]: http://wikipedia.org/wiki/regex
#
# @return [Types::UploadServerCertificateResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
#
# * {Types::UploadServerCertificateResponse#server_certificate_metadata #server_certificate_metadata} => Types::ServerCertificateMetadata
@@ -9094,15 +9307,15 @@
# to validate requests that are signed with a corresponding private key.
# When you upload the certificate, its default status is `Active`.
#
# If the `UserName` field is not specified, the IAM user name is
# determined implicitly based on the AWS access key ID used to sign the
- # request. Because this action works for access keys under the AWS
- # account, you can use this action to manage root credentials even if
- # the AWS account has no associated users.
+ # request. Because this operation works for access keys under the AWS
+ # account, you can use this operation to manage AWS account root user
+ # credentials even if the AWS account has no associated users.
#
- # <note markdown="1"> Because the body of a X.509 certificate can be large, you should use
+ # <note markdown="1"> Because the body of an X.509 certificate can be large, you should use
# POST rather than GET when calling `UploadSigningCertificate`. For
# information about setting up signatures and authorization through the
# API, go to [Signing AWS API Requests][1] in the *AWS General
# Reference*. For general information about using the Query API with
# IAM, go to [Making Query Requests][2] in the *IAM User Guide*.
@@ -9118,29 +9331,33 @@
# The name of the user the signing certificate is for.
#
# This parameter allows (per its [regex pattern][1]) a string of
# characters consisting of upper and lowercase alphanumeric characters
# with no spaces. You can also include any of the following characters:
- # =,.@-
+ # \_+=,.@-
#
#
#
# [1]: http://wikipedia.org/wiki/regex
#
# @option params [required, String] :certificate_body
# The contents of the signing certificate.
#
# The [regex pattern][1] used to validate this parameter is a string of
- # characters consisting of any printable ASCII character ranging from
- # the space character (\\u0020) through end of the ASCII character range
- # as well as the printable characters in the Basic Latin and Latin-1
- # Supplement character set (through \\u00FF). It also includes the
- # special characters tab (\\u0009), line feed (\\u000A), and carriage
- # return (\\u000D).
+ # characters consisting of the following:
#
+ # * Any printable ASCII character ranging from the space character
+ # (\\u0020) through the end of the ASCII character range
#
+ # * The printable characters in the Basic Latin and Latin-1 Supplement
+ # character set (through \\u00FF)
#
+ # * The special characters tab (\\u0009), line feed (\\u000A), and
+ # carriage return (\\u000D)
+ #
+ #
+ #
# [1]: http://wikipedia.org/wiki/regex
#
# @return [Types::UploadSigningCertificateResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
#
# * {Types::UploadSigningCertificateResponse#certificate #certificate} => Types::SigningCertificate
@@ -9201,10 +9418,10 @@
operation: config.api.operation(operation_name),
client: self,
params: params,
config: config)
context[:gem_name] = 'aws-sdk-iam'
- context[:gem_version] = '1.3.0'
+ context[:gem_version] = '1.4.0'
Seahorse::Client::Request.new(handlers, context)
end
# Polls an API operation until a resource enters a desired state.
#