lib/aws-sdk-iam/client.rb in aws-sdk-iam-1.74.0 vs lib/aws-sdk-iam/client.rb in aws-sdk-iam-1.75.0

- old
+ new

@@ -1296,14 +1296,14 @@ # access Amazon Web Services. # # <note markdown="1"> Amazon Web Services secures communication with some OIDC identity # providers (IdPs) through our library of trusted certificate # authorities (CAs) instead of using a certificate thumbprint to verify - # your IdP server certificate. These OIDC IdPs include Google, and those - # that use an Amazon S3 bucket to host a JSON Web Key Set (JWKS) - # endpoint. In these cases, your legacy thumbprint remains in your - # configuration, but is no longer used for validation. + # your IdP server certificate. These OIDC IdPs include Google, Auth0, + # and those that use an Amazon S3 bucket to host a JSON Web Key Set + # (JWKS) endpoint. In these cases, your legacy thumbprint remains in + # your configuration, but is no longer used for validation. # # </note> # # <note markdown="1"> The trust for the OIDC provider is derived from the IAM provider that # this operation creates. Therefore, it is best to limit access to the @@ -1788,13 +1788,28 @@ # # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html # # @option params [String] :permissions_boundary - # The ARN of the policy that is used to set the permissions boundary for - # the role. + # The ARN of the managed policy that is used to set the permissions + # boundary for the role. # + # A permissions boundary policy defines the maximum permissions that + # identity-based policies can grant to an entity, but does not grant + # permissions. Permissions boundaries do not define the maximum + # permissions that a resource-based policy can grant to an entity. To + # learn more, see [Permissions boundaries for IAM entities][1] in the + # *IAM User Guide*. + # + # For more information about policy types, see [Policy types ][2] in the + # *IAM User Guide*. + # + # + # + # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html + # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policy-types + # # @option params [Array<Types::Tag>] :tags # A list of tags that you want to attach to the new role. Each tag # consists of a key name and an associated value. For more information # about tagging, see [Tagging IAM resources][1] in the *IAM User Guide*. # @@ -2181,13 +2196,28 @@ # IAM user, group, role, and policy names must be unique within the # account. Names are not distinguished by case. For example, you cannot # create resources named both "MyResource" and "myresource". # # @option params [String] :permissions_boundary - # The ARN of the policy that is used to set the permissions boundary for - # the user. + # The ARN of the managed policy that is used to set the permissions + # boundary for the user. # + # A permissions boundary policy defines the maximum permissions that + # identity-based policies can grant to an entity, but does not grant + # permissions. Permissions boundaries do not define the maximum + # permissions that a resource-based policy can grant to an entity. To + # learn more, see [Permissions boundaries for IAM entities][1] in the + # *IAM User Guide*. + # + # For more information about policy types, see [Policy types ][2] in the + # *IAM User Guide*. + # + # + # + # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html + # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policy-types + # # @option params [Array<Types::Tag>] :tags # A list of tags that you want to attach to the new user. Each tag # consists of a key name and an associated value. For more information # about tagging, see [Tagging IAM resources][1] in the *IAM User Guide*. # @@ -2914,22 +2944,33 @@ def delete_policy_version(params = {}, options = {}) req = build_request(:delete_policy_version, params) req.send_request(options) end - # Deletes the specified role. The role must not have any policies - # attached. For more information about roles, see [Working with - # roles][1]. + # Deletes the specified role. Unlike the Amazon Web Services Management + # Console, when you delete a role programmatically, you must delete the + # items attached to the role manually, or the deletion fails. For more + # information, see [Deleting an IAM role][1]. Before attempting to + # delete a role, remove the following attached items: # + # * Inline policies (DeleteRolePolicy) + # + # * Attached managed policies (DetachRolePolicy) + # + # * Instance profile (RemoveRoleFromInstanceProfile) + # + # * Optional – Delete instance profile after detaching from role for + # resource clean up (DeleteInstanceProfile) + # # Make sure that you do not have any Amazon EC2 instances running with # the role you are about to delete. Deleting a role or instance profile # that is associated with a running instance will break any applications # running on the instance. # # # - # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/WorkingWithRoles.html + # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_manage_delete.html#roles-managingrole-deleting-cli # # @option params [required, String] :role_name # The name of the role to delete. # # This parameter allows (through its [regex pattern][1]) a string of @@ -9354,13 +9395,28 @@ # @option params [required, String] :role_name # The name (friendly name, not ARN) of the IAM role for which you want # to set the permissions boundary. # # @option params [required, String] :permissions_boundary - # The ARN of the policy that is used to set the permissions boundary for - # the role. + # The ARN of the managed policy that is used to set the permissions + # boundary for the role. # + # A permissions boundary policy defines the maximum permissions that + # identity-based policies can grant to an entity, but does not grant + # permissions. Permissions boundaries do not define the maximum + # permissions that a resource-based policy can grant to an entity. To + # learn more, see [Permissions boundaries for IAM entities][1] in the + # *IAM User Guide*. + # + # For more information about policy types, see [Policy types ][2] in the + # *IAM User Guide*. + # + # + # + # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html + # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policy-types + # # @return [Struct] Returns an empty {Seahorse::Client::Response response}. # # @example Request syntax with placeholder values # # resp = client.put_role_permissions_boundary({ @@ -9507,13 +9563,28 @@ # @option params [required, String] :user_name # The name (friendly name, not ARN) of the IAM user for which you want # to set the permissions boundary. # # @option params [required, String] :permissions_boundary - # The ARN of the policy that is used to set the permissions boundary for - # the user. + # The ARN of the managed policy that is used to set the permissions + # boundary for the user. # + # A permissions boundary policy defines the maximum permissions that + # identity-based policies can grant to an entity, but does not grant + # permissions. Permissions boundaries do not define the maximum + # permissions that a resource-based policy can grant to an entity. To + # learn more, see [Permissions boundaries for IAM entities][1] in the + # *IAM User Guide*. + # + # For more information about policy types, see [Policy types ][2] in the + # *IAM User Guide*. + # + # + # + # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html + # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policy-types + # # @return [Struct] Returns an empty {Seahorse::Client::Response response}. # # @example Request syntax with placeholder values # # resp = client.put_user_permissions_boundary({ @@ -10069,16 +10140,23 @@ # GetContextKeysForCustomPolicy. # # If the output is long, you can use `MaxItems` and `Marker` parameters # to paginate the results. # - # For more information about using the policy simulator, see [Testing - # IAM policies with the IAM policy simulator ][1]in the *IAM User - # Guide*. + # <note markdown="1"> The IAM policy simulator evaluates statements in the identity-based + # policy and the inputs that you provide during simulation. The policy + # simulator results can differ from your live Amazon Web Services + # environment. We recommend that you check your policies against your + # live Amazon Web Services environment after testing using the policy + # simulator to confirm that you have the desired results. For more + # information about using the policy simulator, see [Testing IAM + # policies with the IAM policy simulator ][1]in the *IAM User Guide*. # + # </note> # # + # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_testing-policies.html # # @option params [required, Array<String>] :policy_input_list # A list of policy documents to include in the simulation. Each document # is specified as a string containing the complete, valid JSON text of @@ -10171,12 +10249,16 @@ # input error. # # For more information about ARNs, see [Amazon Resource Names (ARNs)][1] # in the *Amazon Web Services General Reference*. # + # <note markdown="1"> Simulation of resource-based policies isn't supported for IAM roles. # + # </note> # + # + # # [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html # # @option params [String] :resource_policy # A resource-based policy to include in the simulation provided as a # string. Each resource in the simulation is treated as if it had this @@ -10198,12 +10280,16 @@ # character set (through `\u00FF`) # # * The special characters tab (`\u0009`), line feed (`\u000A`), and # carriage return (`\u000D`) # + # <note markdown="1"> Simulation of resource-based policies isn't supported for IAM roles. # + # </note> # + # + # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length # [2]: http://wikipedia.org/wiki/regex # # @option params [String] :resource_owner # An ARN representing the Amazon Web Services account ID that specifies @@ -10380,11 +10466,12 @@ # specified as strings to include in the simulation. If you want to # simulate only policies specified as strings, use SimulateCustomPolicy # instead. # # You can also optionally include one resource-based policy to be - # evaluated with each of the resources included in the simulation. + # evaluated with each of the resources included in the simulation for + # IAM users only. # # The simulation does not perform the API operations; it only checks the # authorization to determine if the simulated policies allow or deny the # operations. # @@ -10401,16 +10488,23 @@ # GetContextKeysForPrincipalPolicy. # # If the output is long, you can use the `MaxItems` and `Marker` # parameters to paginate the results. # - # For more information about using the policy simulator, see [Testing - # IAM policies with the IAM policy simulator ][1]in the *IAM User - # Guide*. + # <note markdown="1"> The IAM policy simulator evaluates statements in the identity-based + # policy and the inputs that you provide during simulation. The policy + # simulator results can differ from your live Amazon Web Services + # environment. We recommend that you check your policies against your + # live Amazon Web Services environment after testing using the policy + # simulator to confirm that you have the desired results. For more + # information about using the policy simulator, see [Testing IAM + # policies with the IAM policy simulator ][1]in the *IAM User Guide*. # + # </note> # # + # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_testing-policies.html # # @option params [required, String] :policy_source_arn # The Amazon Resource Name (ARN) of a user, group, or role whose # policies you want to include in the simulation. If you specify a user, @@ -10509,12 +10603,16 @@ # `ResourcePolicy` parameter. # # For more information about ARNs, see [Amazon Resource Names (ARNs)][1] # in the *Amazon Web Services General Reference*. # + # <note markdown="1"> Simulation of resource-based policies isn't supported for IAM roles. # + # </note> # + # + # # [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html # # @option params [String] :resource_policy # A resource-based policy to include in the simulation provided as a # string. Each resource in the simulation is treated as if it had this @@ -10536,12 +10634,16 @@ # character set (through `\u00FF`) # # * The special characters tab (`\u0009`), line feed (`\u000A`), and # carriage return (`\u000D`) # + # <note markdown="1"> Simulation of resource-based policies isn't supported for IAM roles. # + # </note> # + # + # # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length # [2]: http://wikipedia.org/wiki/regex # # @option params [String] :resource_owner # An Amazon Web Services account ID that specifies the owner of any @@ -12253,14 +12355,14 @@ # certificate thumbprint is updated. # # <note markdown="1"> Amazon Web Services secures communication with some OIDC identity # providers (IdPs) through our library of trusted certificate # authorities (CAs) instead of using a certificate thumbprint to verify - # your IdP server certificate. These OIDC IdPs include Google, and those - # that use an Amazon S3 bucket to host a JSON Web Key Set (JWKS) - # endpoint. In these cases, your legacy thumbprint remains in your - # configuration, but is no longer used for validation. + # your IdP server certificate. These OIDC IdPs include Google, Auth0, + # and those that use an Amazon S3 bucket to host a JSON Web Key Set + # (JWKS) endpoint. In these cases, your legacy thumbprint remains in + # your configuration, but is no longer used for validation. # # </note> # # <note markdown="1"> Trust for the OIDC provider is derived from the provider certificate # and is validated by the thumbprint. Therefore, it is best to limit @@ -13231,10 +13333,10 @@ operation: config.api.operation(operation_name), client: self, params: params, config: config) context[:gem_name] = 'aws-sdk-iam' - context[:gem_version] = '1.74.0' + context[:gem_version] = '1.75.0' Seahorse::Client::Request.new(handlers, context) end # Polls an API operation until a resource enters a desired state. #