@Generated(value="com.amazonaws:aws-java-sdk-code-generator") public interface AWSIAMRolesAnywhere
Note: Do not directly implement this interface, new methods are added to it regularly. Extend from
AbstractAWSIAMRolesAnywhere
instead.
Identity and Access Management Roles Anywhere provides a secure way for your workloads such as servers, containers, and applications that run outside of Amazon Web Services to obtain temporary Amazon Web Services credentials. Your workloads can use the same IAM policies and roles you have for native Amazon Web Services applications to access Amazon Web Services resources. Using IAM Roles Anywhere eliminates the need to manage long-term credentials for workloads running outside of Amazon Web Services.
To use IAM Roles Anywhere, your workloads must use X.509 certificates issued by their certificate authority (CA). You register the CA with IAM Roles Anywhere as a trust anchor to establish trust between your public key infrastructure (PKI) and IAM Roles Anywhere. If you don't manage your own PKI system, you can use Private Certificate Authority to create a CA and then use that to establish trust with IAM Roles Anywhere.
This guide describes the IAM Roles Anywhere operations that you can call programmatically. For more information about IAM Roles Anywhere, see the IAM Roles Anywhere User Guide.
Modifier and Type | Field and Description |
---|---|
static String |
ENDPOINT_PREFIX
The region metadata service name for computing region endpoints.
|
Modifier and Type | Method and Description |
---|---|
CreateProfileResult |
createProfile(CreateProfileRequest createProfileRequest)
Creates a profile, a list of the roles that Roles Anywhere service is trusted to assume.
|
CreateTrustAnchorResult |
createTrustAnchor(CreateTrustAnchorRequest createTrustAnchorRequest)
Creates a trust anchor to establish trust between IAM Roles Anywhere and your certificate authority (CA).
|
DeleteAttributeMappingResult |
deleteAttributeMapping(DeleteAttributeMappingRequest deleteAttributeMappingRequest)
Delete an entry from the attribute mapping rules enforced by a given profile.
|
DeleteCrlResult |
deleteCrl(DeleteCrlRequest deleteCrlRequest)
Deletes a certificate revocation list (CRL).
|
DeleteProfileResult |
deleteProfile(DeleteProfileRequest deleteProfileRequest)
Deletes a profile.
|
DeleteTrustAnchorResult |
deleteTrustAnchor(DeleteTrustAnchorRequest deleteTrustAnchorRequest)
Deletes a trust anchor.
|
DisableCrlResult |
disableCrl(DisableCrlRequest disableCrlRequest)
Disables a certificate revocation list (CRL).
|
DisableProfileResult |
disableProfile(DisableProfileRequest disableProfileRequest)
Disables a profile.
|
DisableTrustAnchorResult |
disableTrustAnchor(DisableTrustAnchorRequest disableTrustAnchorRequest)
Disables a trust anchor.
|
EnableCrlResult |
enableCrl(EnableCrlRequest enableCrlRequest)
Enables a certificate revocation list (CRL).
|
EnableProfileResult |
enableProfile(EnableProfileRequest enableProfileRequest)
Enables temporary credential requests for a profile.
|
EnableTrustAnchorResult |
enableTrustAnchor(EnableTrustAnchorRequest enableTrustAnchorRequest)
Enables a trust anchor.
|
ResponseMetadata |
getCachedResponseMetadata(AmazonWebServiceRequest request)
Returns additional metadata for a previously executed successful request, typically used for debugging issues
where a service isn't acting as expected.
|
GetCrlResult |
getCrl(GetCrlRequest getCrlRequest)
Gets a certificate revocation list (CRL).
|
GetProfileResult |
getProfile(GetProfileRequest getProfileRequest)
Gets a profile.
|
GetSubjectResult |
getSubject(GetSubjectRequest getSubjectRequest)
Gets a subject, which associates a certificate identity with authentication attempts.
|
GetTrustAnchorResult |
getTrustAnchor(GetTrustAnchorRequest getTrustAnchorRequest)
Gets a trust anchor.
|
ImportCrlResult |
importCrl(ImportCrlRequest importCrlRequest)
Imports the certificate revocation list (CRL).
|
ListCrlsResult |
listCrls(ListCrlsRequest listCrlsRequest)
Lists all certificate revocation lists (CRL) in the authenticated account and Amazon Web Services Region.
|
ListProfilesResult |
listProfiles(ListProfilesRequest listProfilesRequest)
Lists all profiles in the authenticated account and Amazon Web Services Region.
|
ListSubjectsResult |
listSubjects(ListSubjectsRequest listSubjectsRequest)
Lists the subjects in the authenticated account and Amazon Web Services Region.
|
ListTagsForResourceResult |
listTagsForResource(ListTagsForResourceRequest listTagsForResourceRequest)
Lists the tags attached to the resource.
|
ListTrustAnchorsResult |
listTrustAnchors(ListTrustAnchorsRequest listTrustAnchorsRequest)
Lists the trust anchors in the authenticated account and Amazon Web Services Region.
|
PutAttributeMappingResult |
putAttributeMapping(PutAttributeMappingRequest putAttributeMappingRequest)
Put an entry in the attribute mapping rules that will be enforced by a given profile.
|
PutNotificationSettingsResult |
putNotificationSettings(PutNotificationSettingsRequest putNotificationSettingsRequest)
Attaches a list of notification settings to a trust anchor.
|
ResetNotificationSettingsResult |
resetNotificationSettings(ResetNotificationSettingsRequest resetNotificationSettingsRequest)
Resets the custom notification setting to IAM Roles Anywhere default setting.
|
void |
shutdown()
Shuts down this client object, releasing any resources that might be held open.
|
TagResourceResult |
tagResource(TagResourceRequest tagResourceRequest)
Attaches tags to a resource.
|
UntagResourceResult |
untagResource(UntagResourceRequest untagResourceRequest)
Removes tags from the resource.
|
UpdateCrlResult |
updateCrl(UpdateCrlRequest updateCrlRequest)
Updates the certificate revocation list (CRL).
|
UpdateProfileResult |
updateProfile(UpdateProfileRequest updateProfileRequest)
Updates a profile, a list of the roles that IAM Roles Anywhere service is trusted to assume.
|
UpdateTrustAnchorResult |
updateTrustAnchor(UpdateTrustAnchorRequest updateTrustAnchorRequest)
Updates a trust anchor.
|
static final String ENDPOINT_PREFIX
CreateProfileResult createProfile(CreateProfileRequest createProfileRequest)
Creates a profile, a list of the roles that Roles Anywhere service is trusted to assume. You use profiles to intersect permissions with IAM managed policies.
Required permissions: rolesanywhere:CreateProfile
.
createProfileRequest
- ValidationException
- Validation exception error.AccessDeniedException
- You do not have sufficient access to perform this action.CreateTrustAnchorResult createTrustAnchor(CreateTrustAnchorRequest createTrustAnchorRequest)
Creates a trust anchor to establish trust between IAM Roles Anywhere and your certificate authority (CA). You can define a trust anchor as a reference to an Private Certificate Authority (Private CA) or by uploading a CA certificate. Your Amazon Web Services workloads can authenticate with the trust anchor using certificates issued by the CA in exchange for temporary Amazon Web Services credentials.
Required permissions: rolesanywhere:CreateTrustAnchor
.
createTrustAnchorRequest
- ValidationException
- Validation exception error.AccessDeniedException
- You do not have sufficient access to perform this action.DeleteAttributeMappingResult deleteAttributeMapping(DeleteAttributeMappingRequest deleteAttributeMappingRequest)
Delete an entry from the attribute mapping rules enforced by a given profile.
deleteAttributeMappingRequest
- ValidationException
- Validation exception error.ResourceNotFoundException
- The resource could not be found.AccessDeniedException
- You do not have sufficient access to perform this action.DeleteCrlResult deleteCrl(DeleteCrlRequest deleteCrlRequest)
Deletes a certificate revocation list (CRL).
Required permissions: rolesanywhere:DeleteCrl
.
deleteCrlRequest
- ResourceNotFoundException
- The resource could not be found.AccessDeniedException
- You do not have sufficient access to perform this action.DeleteProfileResult deleteProfile(DeleteProfileRequest deleteProfileRequest)
Deletes a profile.
Required permissions: rolesanywhere:DeleteProfile
.
deleteProfileRequest
- ResourceNotFoundException
- The resource could not be found.AccessDeniedException
- You do not have sufficient access to perform this action.DeleteTrustAnchorResult deleteTrustAnchor(DeleteTrustAnchorRequest deleteTrustAnchorRequest)
Deletes a trust anchor.
Required permissions: rolesanywhere:DeleteTrustAnchor
.
deleteTrustAnchorRequest
- ResourceNotFoundException
- The resource could not be found.AccessDeniedException
- You do not have sufficient access to perform this action.DisableCrlResult disableCrl(DisableCrlRequest disableCrlRequest)
Disables a certificate revocation list (CRL).
Required permissions: rolesanywhere:DisableCrl
.
disableCrlRequest
- ResourceNotFoundException
- The resource could not be found.AccessDeniedException
- You do not have sufficient access to perform this action.DisableProfileResult disableProfile(DisableProfileRequest disableProfileRequest)
Disables a profile. When disabled, temporary credential requests with this profile fail.
Required permissions: rolesanywhere:DisableProfile
.
disableProfileRequest
- ResourceNotFoundException
- The resource could not be found.AccessDeniedException
- You do not have sufficient access to perform this action.DisableTrustAnchorResult disableTrustAnchor(DisableTrustAnchorRequest disableTrustAnchorRequest)
Disables a trust anchor. When disabled, temporary credential requests specifying this trust anchor are unauthorized.
Required permissions: rolesanywhere:DisableTrustAnchor
.
disableTrustAnchorRequest
- ResourceNotFoundException
- The resource could not be found.AccessDeniedException
- You do not have sufficient access to perform this action.EnableCrlResult enableCrl(EnableCrlRequest enableCrlRequest)
Enables a certificate revocation list (CRL). When enabled, certificates stored in the CRL are unauthorized to receive session credentials.
Required permissions: rolesanywhere:EnableCrl
.
enableCrlRequest
- ResourceNotFoundException
- The resource could not be found.AccessDeniedException
- You do not have sufficient access to perform this action.EnableProfileResult enableProfile(EnableProfileRequest enableProfileRequest)
Enables temporary credential requests for a profile.
Required permissions: rolesanywhere:EnableProfile
.
enableProfileRequest
- ResourceNotFoundException
- The resource could not be found.AccessDeniedException
- You do not have sufficient access to perform this action.EnableTrustAnchorResult enableTrustAnchor(EnableTrustAnchorRequest enableTrustAnchorRequest)
Enables a trust anchor. When enabled, certificates in the trust anchor chain are authorized for trust validation.
Required permissions: rolesanywhere:EnableTrustAnchor
.
enableTrustAnchorRequest
- ResourceNotFoundException
- The resource could not be found.AccessDeniedException
- You do not have sufficient access to perform this action.GetCrlResult getCrl(GetCrlRequest getCrlRequest)
Gets a certificate revocation list (CRL).
Required permissions: rolesanywhere:GetCrl
.
getCrlRequest
- ResourceNotFoundException
- The resource could not be found.GetProfileResult getProfile(GetProfileRequest getProfileRequest)
Gets a profile.
Required permissions: rolesanywhere:GetProfile
.
getProfileRequest
- ResourceNotFoundException
- The resource could not be found.AccessDeniedException
- You do not have sufficient access to perform this action.GetSubjectResult getSubject(GetSubjectRequest getSubjectRequest)
Gets a subject, which associates a certificate identity with authentication attempts. The subject stores auditing information such as the status of the last authentication attempt, the certificate data used in the attempt, and the last time the associated identity attempted authentication.
Required permissions: rolesanywhere:GetSubject
.
getSubjectRequest
- ResourceNotFoundException
- The resource could not be found.AccessDeniedException
- You do not have sufficient access to perform this action.GetTrustAnchorResult getTrustAnchor(GetTrustAnchorRequest getTrustAnchorRequest)
Gets a trust anchor.
Required permissions: rolesanywhere:GetTrustAnchor
.
getTrustAnchorRequest
- ValidationException
- Validation exception error.ResourceNotFoundException
- The resource could not be found.AccessDeniedException
- You do not have sufficient access to perform this action.ImportCrlResult importCrl(ImportCrlRequest importCrlRequest)
Imports the certificate revocation list (CRL). A CRL is a list of certificates that have been revoked by the issuing certificate Authority (CA).In order to be properly imported, a CRL must be in PEM format. IAM Roles Anywhere validates against the CRL before issuing credentials.
Required permissions: rolesanywhere:ImportCrl
.
importCrlRequest
- ValidationException
- Validation exception error.AccessDeniedException
- You do not have sufficient access to perform this action.ListCrlsResult listCrls(ListCrlsRequest listCrlsRequest)
Lists all certificate revocation lists (CRL) in the authenticated account and Amazon Web Services Region.
Required permissions: rolesanywhere:ListCrls
.
listCrlsRequest
- ValidationException
- Validation exception error.AccessDeniedException
- You do not have sufficient access to perform this action.ListProfilesResult listProfiles(ListProfilesRequest listProfilesRequest)
Lists all profiles in the authenticated account and Amazon Web Services Region.
Required permissions: rolesanywhere:ListProfiles
.
listProfilesRequest
- ValidationException
- Validation exception error.AccessDeniedException
- You do not have sufficient access to perform this action.ListSubjectsResult listSubjects(ListSubjectsRequest listSubjectsRequest)
Lists the subjects in the authenticated account and Amazon Web Services Region.
Required permissions: rolesanywhere:ListSubjects
.
listSubjectsRequest
- ValidationException
- Validation exception error.AccessDeniedException
- You do not have sufficient access to perform this action.ListTagsForResourceResult listTagsForResource(ListTagsForResourceRequest listTagsForResourceRequest)
Lists the tags attached to the resource.
Required permissions: rolesanywhere:ListTagsForResource
.
listTagsForResourceRequest
- ValidationException
- Validation exception error.ResourceNotFoundException
- The resource could not be found.AccessDeniedException
- You do not have sufficient access to perform this action.ListTrustAnchorsResult listTrustAnchors(ListTrustAnchorsRequest listTrustAnchorsRequest)
Lists the trust anchors in the authenticated account and Amazon Web Services Region.
Required permissions: rolesanywhere:ListTrustAnchors
.
listTrustAnchorsRequest
- ValidationException
- Validation exception error.AccessDeniedException
- You do not have sufficient access to perform this action.PutAttributeMappingResult putAttributeMapping(PutAttributeMappingRequest putAttributeMappingRequest)
Put an entry in the attribute mapping rules that will be enforced by a given profile. A mapping specifies a certificate field and one or more specifiers that have contextual meanings.
putAttributeMappingRequest
- ValidationException
- Validation exception error.ResourceNotFoundException
- The resource could not be found.AccessDeniedException
- You do not have sufficient access to perform this action.PutNotificationSettingsResult putNotificationSettings(PutNotificationSettingsRequest putNotificationSettingsRequest)
Attaches a list of notification settings to a trust anchor.
A notification setting includes information such as event name, threshold, status of the notification setting, and the channel to notify.
Required permissions: rolesanywhere:PutNotificationSettings
.
putNotificationSettingsRequest
- ValidationException
- Validation exception error.ResourceNotFoundException
- The resource could not be found.AccessDeniedException
- You do not have sufficient access to perform this action.ResetNotificationSettingsResult resetNotificationSettings(ResetNotificationSettingsRequest resetNotificationSettingsRequest)
Resets the custom notification setting to IAM Roles Anywhere default setting.
Required permissions: rolesanywhere:ResetNotificationSettings
.
resetNotificationSettingsRequest
- ValidationException
- Validation exception error.ResourceNotFoundException
- The resource could not be found.AccessDeniedException
- You do not have sufficient access to perform this action.TagResourceResult tagResource(TagResourceRequest tagResourceRequest)
Attaches tags to a resource.
Required permissions: rolesanywhere:TagResource
.
tagResourceRequest
- ValidationException
- Validation exception error.ResourceNotFoundException
- The resource could not be found.AccessDeniedException
- You do not have sufficient access to perform this action.TooManyTagsException
- Too many tags.UntagResourceResult untagResource(UntagResourceRequest untagResourceRequest)
Removes tags from the resource.
Required permissions: rolesanywhere:UntagResource
.
untagResourceRequest
- ValidationException
- Validation exception error.ResourceNotFoundException
- The resource could not be found.AccessDeniedException
- You do not have sufficient access to perform this action.UpdateCrlResult updateCrl(UpdateCrlRequest updateCrlRequest)
Updates the certificate revocation list (CRL). A CRL is a list of certificates that have been revoked by the issuing certificate authority (CA). IAM Roles Anywhere validates against the CRL before issuing credentials.
Required permissions: rolesanywhere:UpdateCrl
.
updateCrlRequest
- ValidationException
- Validation exception error.ResourceNotFoundException
- The resource could not be found.AccessDeniedException
- You do not have sufficient access to perform this action.UpdateProfileResult updateProfile(UpdateProfileRequest updateProfileRequest)
Updates a profile, a list of the roles that IAM Roles Anywhere service is trusted to assume. You use profiles to intersect permissions with IAM managed policies.
Required permissions: rolesanywhere:UpdateProfile
.
updateProfileRequest
- ValidationException
- Validation exception error.ResourceNotFoundException
- The resource could not be found.AccessDeniedException
- You do not have sufficient access to perform this action.UpdateTrustAnchorResult updateTrustAnchor(UpdateTrustAnchorRequest updateTrustAnchorRequest)
Updates a trust anchor. You establish trust between IAM Roles Anywhere and your certificate authority (CA) by configuring a trust anchor. You can define a trust anchor as a reference to an Private Certificate Authority (Private CA) or by uploading a CA certificate. Your Amazon Web Services workloads can authenticate with the trust anchor using certificates issued by the CA in exchange for temporary Amazon Web Services credentials.
Required permissions: rolesanywhere:UpdateTrustAnchor
.
updateTrustAnchorRequest
- ValidationException
- Validation exception error.ResourceNotFoundException
- The resource could not be found.AccessDeniedException
- You do not have sufficient access to perform this action.void shutdown()
ResponseMetadata getCachedResponseMetadata(AmazonWebServiceRequest request)
Response metadata is only cached for a limited period of time, so if you need to access this extra diagnostic information for an executed request, you should use this method to retrieve it as soon as possible after executing a request.
request
- The originally executed request.