/
iam.jl
8554 lines (7945 loc) · 383 KB
/
iam.jl
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
# This file is auto-generated by AWSMetadata.jl
using AWS
using AWS.AWSServices: iam
using AWS.Compat
using AWS.UUIDs
"""
add_client_idto_open_idconnect_provider(client_id, open_idconnect_provider_arn)
add_client_idto_open_idconnect_provider(client_id, open_idconnect_provider_arn, params::Dict{String,<:Any})
Adds a new client ID (also known as audience) to the list of client IDs already registered
for the specified IAM OpenID Connect (OIDC) provider resource. This operation is
idempotent; it does not fail or return an error if you add an existing client ID to the
provider.
# Arguments
- `client_id`: The client ID (also known as audience) to add to the IAM OpenID Connect
provider resource.
- `open_idconnect_provider_arn`: The Amazon Resource Name (ARN) of the IAM OpenID Connect
(OIDC) provider resource to add the client ID to. You can get a list of OIDC provider ARNs
by using the ListOpenIDConnectProviders operation.
"""
function add_client_idto_open_idconnect_provider(
ClientID, OpenIDConnectProviderArn; aws_config::AbstractAWSConfig=global_aws_config()
)
return iam(
"AddClientIDToOpenIDConnectProvider",
Dict{String,Any}(
"ClientID" => ClientID, "OpenIDConnectProviderArn" => OpenIDConnectProviderArn
);
aws_config=aws_config,
feature_set=SERVICE_FEATURE_SET,
)
end
function add_client_idto_open_idconnect_provider(
ClientID,
OpenIDConnectProviderArn,
params::AbstractDict{String};
aws_config::AbstractAWSConfig=global_aws_config(),
)
return iam(
"AddClientIDToOpenIDConnectProvider",
Dict{String,Any}(
mergewith(
_merge,
Dict{String,Any}(
"ClientID" => ClientID,
"OpenIDConnectProviderArn" => OpenIDConnectProviderArn,
),
params,
),
);
aws_config=aws_config,
feature_set=SERVICE_FEATURE_SET,
)
end
"""
add_role_to_instance_profile(instance_profile_name, role_name)
add_role_to_instance_profile(instance_profile_name, role_name, params::Dict{String,<:Any})
Adds the specified IAM role to the specified instance profile. An instance profile can
contain only one role, and this quota cannot be increased. You can remove the existing role
and then add a different role to an instance profile. You must then wait for the change to
appear across all of Amazon Web Services because of eventual consistency. To force the
change, you must disassociate the instance profile and then associate the instance profile,
or you can stop your instance and then restart it. The caller of this operation must be
granted the PassRole permission on the IAM role by a permissions policy. For more
information about roles, see Working with roles. For more information about instance
profiles, see About instance profiles.
# Arguments
- `instance_profile_name`: The name of the instance profile to update. This parameter
allows (through its regex pattern) a string of characters consisting of upper and lowercase
alphanumeric characters with no spaces. You can also include any of the following
characters: _+=,.@-
- `role_name`: The name of the role to add. This parameter allows (through its regex
pattern) a string of characters consisting of upper and lowercase alphanumeric characters
with no spaces. You can also include any of the following characters: _+=,.@-
"""
function add_role_to_instance_profile(
InstanceProfileName, RoleName; aws_config::AbstractAWSConfig=global_aws_config()
)
return iam(
"AddRoleToInstanceProfile",
Dict{String,Any}(
"InstanceProfileName" => InstanceProfileName, "RoleName" => RoleName
);
aws_config=aws_config,
feature_set=SERVICE_FEATURE_SET,
)
end
function add_role_to_instance_profile(
InstanceProfileName,
RoleName,
params::AbstractDict{String};
aws_config::AbstractAWSConfig=global_aws_config(),
)
return iam(
"AddRoleToInstanceProfile",
Dict{String,Any}(
mergewith(
_merge,
Dict{String,Any}(
"InstanceProfileName" => InstanceProfileName, "RoleName" => RoleName
),
params,
),
);
aws_config=aws_config,
feature_set=SERVICE_FEATURE_SET,
)
end
"""
add_user_to_group(group_name, user_name)
add_user_to_group(group_name, user_name, params::Dict{String,<:Any})
Adds the specified user to the specified group.
# Arguments
- `group_name`: The name of the group to update. This parameter allows (through its regex
pattern) a string of characters consisting of upper and lowercase alphanumeric characters
with no spaces. You can also include any of the following characters: _+=,.@-
- `user_name`: The name of the user to add. This parameter allows (through its regex
pattern) a string of characters consisting of upper and lowercase alphanumeric characters
with no spaces. You can also include any of the following characters: _+=,.@-
"""
function add_user_to_group(
GroupName, UserName; aws_config::AbstractAWSConfig=global_aws_config()
)
return iam(
"AddUserToGroup",
Dict{String,Any}("GroupName" => GroupName, "UserName" => UserName);
aws_config=aws_config,
feature_set=SERVICE_FEATURE_SET,
)
end
function add_user_to_group(
GroupName,
UserName,
params::AbstractDict{String};
aws_config::AbstractAWSConfig=global_aws_config(),
)
return iam(
"AddUserToGroup",
Dict{String,Any}(
mergewith(
_merge,
Dict{String,Any}("GroupName" => GroupName, "UserName" => UserName),
params,
),
);
aws_config=aws_config,
feature_set=SERVICE_FEATURE_SET,
)
end
"""
attach_group_policy(group_name, policy_arn)
attach_group_policy(group_name, policy_arn, params::Dict{String,<:Any})
Attaches the specified managed policy to the specified IAM group. You use this operation to
attach a managed policy to a group. To embed an inline policy in a group, use
PutGroupPolicy. As a best practice, you can validate your IAM policies. To learn more, see
Validating IAM policies in the IAM User Guide. For more information about policies, see
Managed policies and inline policies in the IAM User Guide.
# Arguments
- `group_name`: The name (friendly name, not ARN) of the group to attach the policy to.
This parameter allows (through its regex pattern) a string of characters consisting of
upper and lowercase alphanumeric characters with no spaces. You can also include any of the
following characters: _+=,.@-
- `policy_arn`: The Amazon Resource Name (ARN) of the IAM policy you want to attach. For
more information about ARNs, see Amazon Resource Names (ARNs) in the Amazon Web Services
General Reference.
"""
function attach_group_policy(
GroupName, PolicyArn; aws_config::AbstractAWSConfig=global_aws_config()
)
return iam(
"AttachGroupPolicy",
Dict{String,Any}("GroupName" => GroupName, "PolicyArn" => PolicyArn);
aws_config=aws_config,
feature_set=SERVICE_FEATURE_SET,
)
end
function attach_group_policy(
GroupName,
PolicyArn,
params::AbstractDict{String};
aws_config::AbstractAWSConfig=global_aws_config(),
)
return iam(
"AttachGroupPolicy",
Dict{String,Any}(
mergewith(
_merge,
Dict{String,Any}("GroupName" => GroupName, "PolicyArn" => PolicyArn),
params,
),
);
aws_config=aws_config,
feature_set=SERVICE_FEATURE_SET,
)
end
"""
attach_role_policy(policy_arn, role_name)
attach_role_policy(policy_arn, role_name, params::Dict{String,<:Any})
Attaches the specified managed policy to the specified IAM role. When you attach a managed
policy to a role, the managed policy becomes part of the role's permission (access) policy.
You cannot use a managed policy as the role's trust policy. The role's trust policy is
created at the same time as the role, using CreateRole. You can update a role's trust
policy using UpdateAssumeRolePolicy. Use this operation to attach a managed policy to a
role. To embed an inline policy in a role, use PutRolePolicy. For more information about
policies, see Managed policies and inline policies in the IAM User Guide. As a best
practice, you can validate your IAM policies. To learn more, see Validating IAM policies in
the IAM User Guide.
# Arguments
- `policy_arn`: The Amazon Resource Name (ARN) of the IAM policy you want to attach. For
more information about ARNs, see Amazon Resource Names (ARNs) in the Amazon Web Services
General Reference.
- `role_name`: The name (friendly name, not ARN) of the role to attach the policy to. This
parameter allows (through its regex pattern) a string of characters consisting of upper and
lowercase alphanumeric characters with no spaces. You can also include any of the following
characters: _+=,.@-
"""
function attach_role_policy(
PolicyArn, RoleName; aws_config::AbstractAWSConfig=global_aws_config()
)
return iam(
"AttachRolePolicy",
Dict{String,Any}("PolicyArn" => PolicyArn, "RoleName" => RoleName);
aws_config=aws_config,
feature_set=SERVICE_FEATURE_SET,
)
end
function attach_role_policy(
PolicyArn,
RoleName,
params::AbstractDict{String};
aws_config::AbstractAWSConfig=global_aws_config(),
)
return iam(
"AttachRolePolicy",
Dict{String,Any}(
mergewith(
_merge,
Dict{String,Any}("PolicyArn" => PolicyArn, "RoleName" => RoleName),
params,
),
);
aws_config=aws_config,
feature_set=SERVICE_FEATURE_SET,
)
end
"""
attach_user_policy(policy_arn, user_name)
attach_user_policy(policy_arn, user_name, params::Dict{String,<:Any})
Attaches the specified managed policy to the specified user. You use this operation to
attach a managed policy to a user. To embed an inline policy in a user, use PutUserPolicy.
As a best practice, you can validate your IAM policies. To learn more, see Validating IAM
policies in the IAM User Guide. For more information about policies, see Managed policies
and inline policies in the IAM User Guide.
# Arguments
- `policy_arn`: The Amazon Resource Name (ARN) of the IAM policy you want to attach. For
more information about ARNs, see Amazon Resource Names (ARNs) in the Amazon Web Services
General Reference.
- `user_name`: The name (friendly name, not ARN) of the IAM user to attach the policy to.
This parameter allows (through its regex pattern) a string of characters consisting of
upper and lowercase alphanumeric characters with no spaces. You can also include any of the
following characters: _+=,.@-
"""
function attach_user_policy(
PolicyArn, UserName; aws_config::AbstractAWSConfig=global_aws_config()
)
return iam(
"AttachUserPolicy",
Dict{String,Any}("PolicyArn" => PolicyArn, "UserName" => UserName);
aws_config=aws_config,
feature_set=SERVICE_FEATURE_SET,
)
end
function attach_user_policy(
PolicyArn,
UserName,
params::AbstractDict{String};
aws_config::AbstractAWSConfig=global_aws_config(),
)
return iam(
"AttachUserPolicy",
Dict{String,Any}(
mergewith(
_merge,
Dict{String,Any}("PolicyArn" => PolicyArn, "UserName" => UserName),
params,
),
);
aws_config=aws_config,
feature_set=SERVICE_FEATURE_SET,
)
end
"""
change_password(new_password, old_password)
change_password(new_password, old_password, params::Dict{String,<:Any})
Changes the password of the IAM user who is calling this operation. This operation can be
performed using the CLI, the Amazon Web Services API, or the My Security Credentials page
in the Amazon Web Services Management Console. The Amazon Web Services account root user
password is not affected by this operation. Use UpdateLoginProfile to use the CLI, the
Amazon Web Services API, or the Users page in the IAM console to change the password for
any IAM user. For more information about modifying passwords, see Managing passwords in the
IAM User Guide.
# Arguments
- `new_password`: The new password. The new password must conform to the Amazon Web
Services account's password policy, if one exists. The regex pattern that is used to
validate this parameter is a string of characters. That string can include almost any
printable ASCII character from the space (u0020) through the end of the ASCII character
range (u00FF). You can also include the tab (u0009), line feed (u000A), and carriage return
(u000D) characters. Any of these characters are valid in a password. However, many tools,
such as the Amazon Web Services Management Console, might restrict the ability to type
certain characters because they have special meaning within that tool.
- `old_password`: The IAM user's current password.
"""
function change_password(
NewPassword, OldPassword; aws_config::AbstractAWSConfig=global_aws_config()
)
return iam(
"ChangePassword",
Dict{String,Any}("NewPassword" => NewPassword, "OldPassword" => OldPassword);
aws_config=aws_config,
feature_set=SERVICE_FEATURE_SET,
)
end
function change_password(
NewPassword,
OldPassword,
params::AbstractDict{String};
aws_config::AbstractAWSConfig=global_aws_config(),
)
return iam(
"ChangePassword",
Dict{String,Any}(
mergewith(
_merge,
Dict{String,Any}(
"NewPassword" => NewPassword, "OldPassword" => OldPassword
),
params,
),
);
aws_config=aws_config,
feature_set=SERVICE_FEATURE_SET,
)
end
"""
create_access_key()
create_access_key(params::Dict{String,<:Any})
Creates a new Amazon Web Services secret access key and corresponding Amazon Web Services
access key ID for the specified user. The default status for new keys is Active. If you do
not specify a user name, IAM determines the user name implicitly based on the Amazon Web
Services access key ID signing the request. This operation works for access keys under the
Amazon Web Services account. Consequently, you can use this operation to manage Amazon Web
Services account root user credentials. This is true even if the Amazon Web Services
account has no associated users. For information about quotas on the number of keys you
can create, see IAM and STS quotas in the IAM User Guide. To ensure the security of your
Amazon Web Services account, the secret access key is accessible only during key and user
creation. You must save the key (for example, in a text file) if you want to be able to
access it again. If a secret key is lost, you can delete the access keys for the associated
user and then create new keys.
# Optional Parameters
Optional parameters can be passed as a `params::Dict{String,<:Any}`. Valid keys are:
- `"UserName"`: The name of the IAM user that the new key will belong to. This parameter
allows (through its regex pattern) a string of characters consisting of upper and lowercase
alphanumeric characters with no spaces. You can also include any of the following
characters: _+=,.@-
"""
function create_access_key(; aws_config::AbstractAWSConfig=global_aws_config())
return iam("CreateAccessKey"; aws_config=aws_config, feature_set=SERVICE_FEATURE_SET)
end
function create_access_key(
params::AbstractDict{String}; aws_config::AbstractAWSConfig=global_aws_config()
)
return iam(
"CreateAccessKey", params; aws_config=aws_config, feature_set=SERVICE_FEATURE_SET
)
end
"""
create_account_alias(account_alias)
create_account_alias(account_alias, params::Dict{String,<:Any})
Creates an alias for your Amazon Web Services account. For information about using an
Amazon Web Services account alias, see Creating, deleting, and listing an Amazon Web
Services account alias in the Amazon Web Services Sign-In User Guide.
# Arguments
- `account_alias`: The account alias to create. This parameter allows (through its regex
pattern) a string of characters consisting of lowercase letters, digits, and dashes. You
cannot start or finish with a dash, nor can you have two dashes in a row.
"""
function create_account_alias(
AccountAlias; aws_config::AbstractAWSConfig=global_aws_config()
)
return iam(
"CreateAccountAlias",
Dict{String,Any}("AccountAlias" => AccountAlias);
aws_config=aws_config,
feature_set=SERVICE_FEATURE_SET,
)
end
function create_account_alias(
AccountAlias,
params::AbstractDict{String};
aws_config::AbstractAWSConfig=global_aws_config(),
)
return iam(
"CreateAccountAlias",
Dict{String,Any}(
mergewith(_merge, Dict{String,Any}("AccountAlias" => AccountAlias), params)
);
aws_config=aws_config,
feature_set=SERVICE_FEATURE_SET,
)
end
"""
create_group(group_name)
create_group(group_name, params::Dict{String,<:Any})
Creates a new group. For information about the number of groups you can create, see IAM
and STS quotas in the IAM User Guide.
# Arguments
- `group_name`: The name of the group to create. Do not include the path in this value. IAM
user, group, role, and policy names must be unique within the account. Names are not
distinguished by case. For example, you cannot create resources named both \"MyResource\"
and \"myresource\".
# Optional Parameters
Optional parameters can be passed as a `params::Dict{String,<:Any}`. Valid keys are:
- `"Path"`: The path to the group. For more information about paths, see IAM identifiers
in the IAM User Guide. This parameter is optional. If it is not included, it defaults to a
slash (/). This parameter allows (through its regex pattern) a string of characters
consisting of either a forward slash (/) by itself or a string that must begin and end with
forward slashes. In addition, it can contain any ASCII character from the ! (u0021) through
the DEL character (u007F), including most punctuation characters, digits, and upper and
lowercased letters.
"""
function create_group(GroupName; aws_config::AbstractAWSConfig=global_aws_config())
return iam(
"CreateGroup",
Dict{String,Any}("GroupName" => GroupName);
aws_config=aws_config,
feature_set=SERVICE_FEATURE_SET,
)
end
function create_group(
GroupName,
params::AbstractDict{String};
aws_config::AbstractAWSConfig=global_aws_config(),
)
return iam(
"CreateGroup",
Dict{String,Any}(
mergewith(_merge, Dict{String,Any}("GroupName" => GroupName), params)
);
aws_config=aws_config,
feature_set=SERVICE_FEATURE_SET,
)
end
"""
create_instance_profile(instance_profile_name)
create_instance_profile(instance_profile_name, params::Dict{String,<:Any})
Creates a new instance profile. For information about instance profiles, see Using roles
for applications on Amazon EC2 in the IAM User Guide, and Instance profiles in the Amazon
EC2 User Guide. For information about the number of instance profiles you can create, see
IAM object quotas in the IAM User Guide.
# Arguments
- `instance_profile_name`: The name of the instance profile to create. This parameter
allows (through its regex pattern) a string of characters consisting of upper and lowercase
alphanumeric characters with no spaces. You can also include any of the following
characters: _+=,.@-
# Optional Parameters
Optional parameters can be passed as a `params::Dict{String,<:Any}`. Valid keys are:
- `"Path"`: The path to the instance profile. For more information about paths, see IAM
Identifiers in the IAM User Guide. This parameter is optional. If it is not included, it
defaults to a slash (/). This parameter allows (through its regex pattern) a string of
characters consisting of either a forward slash (/) by itself or a string that must begin
and end with forward slashes. In addition, it can contain any ASCII character from the !
(u0021) through the DEL character (u007F), including most punctuation characters, digits,
and upper and lowercased letters.
- `"Tags"`: A list of tags that you want to attach to the newly created IAM instance
profile. Each tag consists of a key name and an associated value. For more information
about tagging, see Tagging IAM resources in the IAM User Guide. If any one of the tags is
invalid or if you exceed the allowed maximum number of tags, then the entire request fails
and the resource is not created.
"""
function create_instance_profile(
InstanceProfileName; aws_config::AbstractAWSConfig=global_aws_config()
)
return iam(
"CreateInstanceProfile",
Dict{String,Any}("InstanceProfileName" => InstanceProfileName);
aws_config=aws_config,
feature_set=SERVICE_FEATURE_SET,
)
end
function create_instance_profile(
InstanceProfileName,
params::AbstractDict{String};
aws_config::AbstractAWSConfig=global_aws_config(),
)
return iam(
"CreateInstanceProfile",
Dict{String,Any}(
mergewith(
_merge,
Dict{String,Any}("InstanceProfileName" => InstanceProfileName),
params,
),
);
aws_config=aws_config,
feature_set=SERVICE_FEATURE_SET,
)
end
"""
create_login_profile(password, user_name)
create_login_profile(password, user_name, params::Dict{String,<:Any})
Creates a password for the specified IAM user. A password allows an IAM user to access
Amazon Web Services services through the Amazon Web Services Management Console. You can
use the CLI, the Amazon Web Services API, or the Users page in the IAM console to create a
password for any IAM user. Use ChangePassword to update your own existing password in the
My Security Credentials page in the Amazon Web Services Management Console. For more
information about managing passwords, see Managing passwords in the IAM User Guide.
# Arguments
- `password`: The new password for the user. The regex pattern that is used to validate
this parameter is a string of characters. That string can include almost any printable
ASCII character from the space (u0020) through the end of the ASCII character range
(u00FF). You can also include the tab (u0009), line feed (u000A), and carriage return
(u000D) characters. Any of these characters are valid in a password. However, many tools,
such as the Amazon Web Services Management Console, might restrict the ability to type
certain characters because they have special meaning within that tool.
- `user_name`: The name of the IAM user to create a password for. The user must already
exist. This parameter allows (through its regex pattern) a string of characters consisting
of upper and lowercase alphanumeric characters with no spaces. You can also include any of
the following characters: _+=,.@-
# Optional Parameters
Optional parameters can be passed as a `params::Dict{String,<:Any}`. Valid keys are:
- `"PasswordResetRequired"`: Specifies whether the user is required to set a new password
on next sign-in.
"""
function create_login_profile(
Password, UserName; aws_config::AbstractAWSConfig=global_aws_config()
)
return iam(
"CreateLoginProfile",
Dict{String,Any}("Password" => Password, "UserName" => UserName);
aws_config=aws_config,
feature_set=SERVICE_FEATURE_SET,
)
end
function create_login_profile(
Password,
UserName,
params::AbstractDict{String};
aws_config::AbstractAWSConfig=global_aws_config(),
)
return iam(
"CreateLoginProfile",
Dict{String,Any}(
mergewith(
_merge,
Dict{String,Any}("Password" => Password, "UserName" => UserName),
params,
),
);
aws_config=aws_config,
feature_set=SERVICE_FEATURE_SET,
)
end
"""
create_open_idconnect_provider(thumbprint_list, url)
create_open_idconnect_provider(thumbprint_list, url, params::Dict{String,<:Any})
Creates an IAM entity to describe an identity provider (IdP) that supports OpenID Connect
(OIDC). The OIDC provider that you create with this operation can be used as a principal in
a role's trust policy. Such a policy establishes a trust relationship between Amazon Web
Services and the OIDC provider. If you are using an OIDC identity provider from Google,
Facebook, or Amazon Cognito, you don't need to create a separate IAM identity provider.
These OIDC identity providers are already built-in to Amazon Web Services and are available
for your use. Instead, you can move directly to creating new roles using your identity
provider. To learn more, see Creating a role for web identity or OpenID connect federation
in the IAM User Guide. When you create the IAM OIDC provider, you specify the following:
The URL of the OIDC identity provider (IdP) to trust A list of client IDs (also known as
audiences) that identify the application or applications allowed to authenticate using the
OIDC provider A list of tags that are attached to the specified IAM OIDC provider A
list of thumbprints of one or more server certificates that the IdP uses You get all of
this information from the OIDC IdP you want to use to access Amazon Web Services. Amazon
Web Services secures communication with some OIDC identity providers (IdPs) through our
library of trusted certificate authorities (CAs) instead of using a certificate thumbprint
to verify your IdP server certificate. These OIDC IdPs include Google, Auth0, and those
that use an Amazon S3 bucket to host a JSON Web Key Set (JWKS) endpoint. In these cases,
your legacy thumbprint remains in your configuration, but is no longer used for validation.
The trust for the OIDC provider is derived from the IAM provider that this operation
creates. Therefore, it is best to limit access to the CreateOpenIDConnectProvider operation
to highly privileged users.
# Arguments
- `thumbprint_list`: A list of server certificate thumbprints for the OpenID Connect (OIDC)
identity provider's server certificates. Typically this list includes only one entry.
However, IAM lets you have up to five thumbprints for an OIDC provider. This lets you
maintain multiple thumbprints if the identity provider is rotating certificates. The server
certificate thumbprint is the hex-encoded SHA-1 hash value of the X.509 certificate used by
the domain where the OpenID Connect provider makes its keys available. It is always a
40-character string. You must provide at least one thumbprint when creating an IAM OIDC
provider. For example, assume that the OIDC provider is server.example.com and the provider
stores its keys at https://keys.server.example.com/openid-connect. In that case, the
thumbprint string would be the hex-encoded SHA-1 hash value of the certificate used by
https://keys.server.example.com. For more information about obtaining the OIDC provider
thumbprint, see Obtaining the thumbprint for an OpenID Connect provider in the IAM user
Guide.
- `url`: The URL of the identity provider. The URL must begin with https:// and should
correspond to the iss claim in the provider's OpenID Connect ID tokens. Per the OIDC
standard, path components are allowed but query parameters are not. Typically the URL
consists of only a hostname, like https://server.example.org or https://example.com. The
URL should not contain a port number. You cannot register the same provider multiple times
in a single Amazon Web Services account. If you try to submit a URL that has already been
used for an OpenID Connect provider in the Amazon Web Services account, you will get an
error.
# Optional Parameters
Optional parameters can be passed as a `params::Dict{String,<:Any}`. Valid keys are:
- `"ClientIDList"`: Provides a list of client IDs, also known as audiences. When a mobile
or web app registers with an OpenID Connect provider, they establish a value that
identifies the application. This is the value that's sent as the client_id parameter on
OAuth requests. You can register multiple client IDs with the same provider. For example,
you might have multiple applications that use the same OIDC provider. You cannot register
more than 100 client IDs with a single IAM OIDC provider. There is no defined format for a
client ID. The CreateOpenIDConnectProviderRequest operation accepts client IDs up to 255
characters long.
- `"Tags"`: A list of tags that you want to attach to the new IAM OpenID Connect (OIDC)
provider. Each tag consists of a key name and an associated value. For more information
about tagging, see Tagging IAM resources in the IAM User Guide. If any one of the tags is
invalid or if you exceed the allowed maximum number of tags, then the entire request fails
and the resource is not created.
"""
function create_open_idconnect_provider(
ThumbprintList, Url; aws_config::AbstractAWSConfig=global_aws_config()
)
return iam(
"CreateOpenIDConnectProvider",
Dict{String,Any}("ThumbprintList" => ThumbprintList, "Url" => Url);
aws_config=aws_config,
feature_set=SERVICE_FEATURE_SET,
)
end
function create_open_idconnect_provider(
ThumbprintList,
Url,
params::AbstractDict{String};
aws_config::AbstractAWSConfig=global_aws_config(),
)
return iam(
"CreateOpenIDConnectProvider",
Dict{String,Any}(
mergewith(
_merge,
Dict{String,Any}("ThumbprintList" => ThumbprintList, "Url" => Url),
params,
),
);
aws_config=aws_config,
feature_set=SERVICE_FEATURE_SET,
)
end
"""
create_policy(policy_document, policy_name)
create_policy(policy_document, policy_name, params::Dict{String,<:Any})
Creates a new managed policy for your Amazon Web Services account. This operation creates a
policy version with a version identifier of v1 and sets v1 as the policy's default version.
For more information about policy versions, see Versioning for managed policies in the IAM
User Guide. As a best practice, you can validate your IAM policies. To learn more, see
Validating IAM policies in the IAM User Guide. For more information about managed policies
in general, see Managed policies and inline policies in the IAM User Guide.
# Arguments
- `policy_document`: The JSON policy document that you want to use as the content for the
new policy. You must provide policies in JSON format in IAM. However, for CloudFormation
templates formatted in YAML, you can provide the policy in JSON or YAML format.
CloudFormation always converts a YAML policy to JSON format before submitting it to IAM.
The maximum length of the policy document that you can pass in this operation, including
whitespace, is listed below. To view the maximum character counts of a managed policy with
no whitespaces, see IAM and STS character quotas. To learn more about JSON policy grammar,
see Grammar of the IAM JSON policy language in the IAM User Guide. The regex pattern used
to validate this parameter is a string of characters consisting of the following: Any
printable ASCII character ranging from the space character (u0020) through the end of the
ASCII character range The printable characters in the Basic Latin and Latin-1 Supplement
character set (through u00FF) The special characters tab (u0009), line feed (u000A), and
carriage return (u000D)
- `policy_name`: The friendly name of the policy. IAM user, group, role, and policy names
must be unique within the account. Names are not distinguished by case. For example, you
cannot create resources named both \"MyResource\" and \"myresource\".
# Optional Parameters
Optional parameters can be passed as a `params::Dict{String,<:Any}`. Valid keys are:
- `"Description"`: A friendly description of the policy. Typically used to store
information about the permissions defined in the policy. For example, \"Grants access to
production DynamoDB tables.\" The policy description is immutable. After a value is
assigned, it cannot be changed.
- `"Path"`: The path for the policy. For more information about paths, see IAM identifiers
in the IAM User Guide. This parameter is optional. If it is not included, it defaults to a
slash (/). This parameter allows (through its regex pattern) a string of characters
consisting of either a forward slash (/) by itself or a string that must begin and end with
forward slashes. In addition, it can contain any ASCII character from the ! (u0021) through
the DEL character (u007F), including most punctuation characters, digits, and upper and
lowercased letters. You cannot use an asterisk (*) in the path name.
- `"Tags"`: A list of tags that you want to attach to the new IAM customer managed policy.
Each tag consists of a key name and an associated value. For more information about
tagging, see Tagging IAM resources in the IAM User Guide. If any one of the tags is
invalid or if you exceed the allowed maximum number of tags, then the entire request fails
and the resource is not created.
"""
function create_policy(
PolicyDocument, PolicyName; aws_config::AbstractAWSConfig=global_aws_config()
)
return iam(
"CreatePolicy",
Dict{String,Any}("PolicyDocument" => PolicyDocument, "PolicyName" => PolicyName);
aws_config=aws_config,
feature_set=SERVICE_FEATURE_SET,
)
end
function create_policy(
PolicyDocument,
PolicyName,
params::AbstractDict{String};
aws_config::AbstractAWSConfig=global_aws_config(),
)
return iam(
"CreatePolicy",
Dict{String,Any}(
mergewith(
_merge,
Dict{String,Any}(
"PolicyDocument" => PolicyDocument, "PolicyName" => PolicyName
),
params,
),
);
aws_config=aws_config,
feature_set=SERVICE_FEATURE_SET,
)
end
"""
create_policy_version(policy_arn, policy_document)
create_policy_version(policy_arn, policy_document, params::Dict{String,<:Any})
Creates a new version of the specified managed policy. To update a managed policy, you
create a new policy version. A managed policy can have up to five versions. If the policy
has five versions, you must delete an existing version using DeletePolicyVersion before you
create a new version. Optionally, you can set the new version as the policy's default
version. The default version is the version that is in effect for the IAM users, groups,
and roles to which the policy is attached. For more information about managed policy
versions, see Versioning for managed policies in the IAM User Guide.
# Arguments
- `policy_arn`: The Amazon Resource Name (ARN) of the IAM policy to which you want to add a
new version. For more information about ARNs, see Amazon Resource Names (ARNs) in the
Amazon Web Services General Reference.
- `policy_document`: The JSON policy document that you want to use as the content for this
new version of the policy. You must provide policies in JSON format in IAM. However, for
CloudFormation templates formatted in YAML, you can provide the policy in JSON or YAML
format. CloudFormation always converts a YAML policy to JSON format before submitting it to
IAM. The maximum length of the policy document that you can pass in this operation,
including whitespace, is listed below. To view the maximum character counts of a managed
policy with no whitespaces, see IAM and STS character quotas. The regex pattern used to
validate this parameter is a string of characters consisting of the following: Any
printable ASCII character ranging from the space character (u0020) through the end of the
ASCII character range The printable characters in the Basic Latin and Latin-1 Supplement
character set (through u00FF) The special characters tab (u0009), line feed (u000A), and
carriage return (u000D)
# Optional Parameters
Optional parameters can be passed as a `params::Dict{String,<:Any}`. Valid keys are:
- `"SetAsDefault"`: Specifies whether to set this version as the policy's default version.
When this parameter is true, the new policy version becomes the operative version. That is,
it becomes the version that is in effect for the IAM users, groups, and roles that the
policy is attached to. For more information about managed policy versions, see Versioning
for managed policies in the IAM User Guide.
"""
function create_policy_version(
PolicyArn, PolicyDocument; aws_config::AbstractAWSConfig=global_aws_config()
)
return iam(
"CreatePolicyVersion",
Dict{String,Any}("PolicyArn" => PolicyArn, "PolicyDocument" => PolicyDocument);
aws_config=aws_config,
feature_set=SERVICE_FEATURE_SET,
)
end
function create_policy_version(
PolicyArn,
PolicyDocument,
params::AbstractDict{String};
aws_config::AbstractAWSConfig=global_aws_config(),
)
return iam(
"CreatePolicyVersion",
Dict{String,Any}(
mergewith(
_merge,
Dict{String,Any}(
"PolicyArn" => PolicyArn, "PolicyDocument" => PolicyDocument
),
params,
),
);
aws_config=aws_config,
feature_set=SERVICE_FEATURE_SET,
)
end
"""
create_role(assume_role_policy_document, role_name)
create_role(assume_role_policy_document, role_name, params::Dict{String,<:Any})
Creates a new role for your Amazon Web Services account. For more information about roles,
see IAM roles. For information about quotas for role names and the number of roles you can
create, see IAM and STS quotas in the IAM User Guide.
# Arguments
- `assume_role_policy_document`: The trust relationship policy document that grants an
entity permission to assume the role. In IAM, you must provide a JSON policy that has been
converted to a string. However, for CloudFormation templates formatted in YAML, you can
provide the policy in JSON or YAML format. CloudFormation always converts a YAML policy to
JSON format before submitting it to IAM. The regex pattern used to validate this parameter
is a string of characters consisting of the following: Any printable ASCII character
ranging from the space character (u0020) through the end of the ASCII character range The
printable characters in the Basic Latin and Latin-1 Supplement character set (through
u00FF) The special characters tab (u0009), line feed (u000A), and carriage return (u000D)
Upon success, the response includes the same trust policy in JSON format.
- `role_name`: The name of the role to create. IAM user, group, role, and policy names must
be unique within the account. Names are not distinguished by case. For example, you cannot
create resources named both \"MyResource\" and \"myresource\". This parameter allows
(through its regex pattern) a string of characters consisting of upper and lowercase
alphanumeric characters with no spaces. You can also include any of the following
characters: _+=,.@-
# Optional Parameters
Optional parameters can be passed as a `params::Dict{String,<:Any}`. Valid keys are:
- `"Description"`: A description of the role.
- `"MaxSessionDuration"`: The maximum session duration (in seconds) that you want to set
for the specified role. If you do not specify a value for this setting, the default value
of one hour is applied. This setting can have a value from 1 hour to 12 hours. Anyone who
assumes the role from the CLI or API can use the DurationSeconds API parameter or the
duration-seconds CLI parameter to request a longer session. The MaxSessionDuration setting
determines the maximum duration that can be requested using the DurationSeconds parameter.
If users don't specify a value for the DurationSeconds parameter, their security
credentials are valid for one hour by default. This applies when you use the AssumeRole*
API operations or the assume-role* CLI operations but does not apply when you use those
operations to create a console URL. For more information, see Using IAM roles in the IAM
User Guide.
- `"Path"`: The path to the role. For more information about paths, see IAM Identifiers in
the IAM User Guide. This parameter is optional. If it is not included, it defaults to a
slash (/). This parameter allows (through its regex pattern) a string of characters
consisting of either a forward slash (/) by itself or a string that must begin and end with
forward slashes. In addition, it can contain any ASCII character from the ! (u0021) through
the DEL character (u007F), including most punctuation characters, digits, and upper and
lowercased letters.
- `"PermissionsBoundary"`: The ARN of the managed policy that is used to set the
permissions boundary for the role. A permissions boundary policy defines the maximum
permissions that identity-based policies can grant to an entity, but does not grant
permissions. Permissions boundaries do not define the maximum permissions that a
resource-based policy can grant to an entity. To learn more, see Permissions boundaries for
IAM entities in the IAM User Guide. For more information about policy types, see Policy
types in the IAM User Guide.
- `"Tags"`: A list of tags that you want to attach to the new role. Each tag consists of a
key name and an associated value. For more information about tagging, see Tagging IAM
resources in the IAM User Guide. If any one of the tags is invalid or if you exceed the
allowed maximum number of tags, then the entire request fails and the resource is not
created.
"""
function create_role(
AssumeRolePolicyDocument, RoleName; aws_config::AbstractAWSConfig=global_aws_config()
)
return iam(
"CreateRole",
Dict{String,Any}(
"AssumeRolePolicyDocument" => AssumeRolePolicyDocument, "RoleName" => RoleName
);
aws_config=aws_config,
feature_set=SERVICE_FEATURE_SET,
)
end
function create_role(
AssumeRolePolicyDocument,
RoleName,
params::AbstractDict{String};
aws_config::AbstractAWSConfig=global_aws_config(),
)
return iam(
"CreateRole",
Dict{String,Any}(
mergewith(
_merge,
Dict{String,Any}(
"AssumeRolePolicyDocument" => AssumeRolePolicyDocument,
"RoleName" => RoleName,
),
params,
),
);
aws_config=aws_config,
feature_set=SERVICE_FEATURE_SET,
)
end
"""
create_samlprovider(name, samlmetadata_document)
create_samlprovider(name, samlmetadata_document, params::Dict{String,<:Any})
Creates an IAM resource that describes an identity provider (IdP) that supports SAML 2.0.
The SAML provider resource that you create with this operation can be used as a principal
in an IAM role's trust policy. Such a policy can enable federated users who sign in using
the SAML IdP to assume the role. You can create an IAM role that supports Web-based single
sign-on (SSO) to the Amazon Web Services Management Console or one that supports API access
to Amazon Web Services. When you create the SAML provider resource, you upload a SAML
metadata document that you get from your IdP. That document includes the issuer's name,
expiration information, and keys that can be used to validate the SAML authentication
response (assertions) that the IdP sends. You must generate the metadata document using the
identity management software that is used as your organization's IdP. This operation
requires Signature Version 4. For more information, see Enabling SAML 2.0 federated users
to access the Amazon Web Services Management Console and About SAML 2.0-based federation in
the IAM User Guide.
# Arguments
- `name`: The name of the provider to create. This parameter allows (through its regex
pattern) a string of characters consisting of upper and lowercase alphanumeric characters
with no spaces. You can also include any of the following characters: _+=,.@-
- `samlmetadata_document`: An XML document generated by an identity provider (IdP) that
supports SAML 2.0. The document includes the issuer's name, expiration information, and
keys that can be used to validate the SAML authentication response (assertions) that are
received from the IdP. You must generate the metadata document using the identity
management software that is used as your organization's IdP. For more information, see
About SAML 2.0-based federation in the IAM User Guide
# Optional Parameters
Optional parameters can be passed as a `params::Dict{String,<:Any}`. Valid keys are:
- `"Tags"`: A list of tags that you want to attach to the new IAM SAML provider. Each tag
consists of a key name and an associated value. For more information about tagging, see
Tagging IAM resources in the IAM User Guide. If any one of the tags is invalid or if you
exceed the allowed maximum number of tags, then the entire request fails and the resource
is not created.
"""
function create_samlprovider(
Name, SAMLMetadataDocument; aws_config::AbstractAWSConfig=global_aws_config()
)
return iam(
"CreateSAMLProvider",
Dict{String,Any}("Name" => Name, "SAMLMetadataDocument" => SAMLMetadataDocument);
aws_config=aws_config,
feature_set=SERVICE_FEATURE_SET,
)
end
function create_samlprovider(
Name,
SAMLMetadataDocument,
params::AbstractDict{String};