UploadSigningCertificate
Uploads an X.509 signing certificate and associates it with the specified IAM user.
Some AWS services require you to use certificates to validate requests that are signed
with a corresponding private key. When you upload the certificate, its default status is
Active
.
For information about when you would use an X.509 signing certificate, see Managing server certificates in IAM in the IAM User Guide.
If the UserName
is not specified, the IAM user name is determined
implicitly based on the AWS access key ID used to sign the request. This operation
works for access keys under the AWS account. Consequently, you can use this operation
to manage AWS account root user credentials even if the AWS account has no associated
users.
Note
Because the body of an X.509 certificate can be large, you should use POST rather
than GET when calling UploadSigningCertificate
. For information about
setting up signatures and authorization through the API, see Signing
AWS API requests in the
AWS General Reference. For
general information about using the Query API with IAM, see Making query
requests in the IAM User Guide.
Request Parameters
For information about the parameters that are common to all actions, see Common Parameters.
- CertificateBody
-
The contents of the signing certificate.
The regex pattern
used to validate this parameter is a string of characters consisting of the following: -
Any printable ASCII character ranging from the space character (
\u0020
) through the end of the ASCII character range -
The printable characters in the Basic Latin and Latin-1 Supplement character set (through
\u00FF
) -
The special characters tab (
\u0009
), line feed (\u000A
), and carriage return (\u000D
)
Type: String
Length Constraints: Minimum length of 1. Maximum length of 16384.
Pattern:
[\u0009\u000A\u000D\u0020-\u00FF]+
Required: Yes
-
- UserName
-
The name of the user the signing certificate is for.
This parameter allows (through its regex pattern
) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@- Type: String
Length Constraints: Minimum length of 1. Maximum length of 128.
Pattern:
[\w+=,.@-]+
Required: No
Response Elements
The following element is returned by the service.
- Certificate
-
Information about the certificate.
Type: SigningCertificate object
Errors
For information about the errors that are common to all actions, see Common Errors.
- ConcurrentModification
-
The request was rejected because multiple requests to change this object were submitted simultaneously. Wait a few minutes and submit your request again.
HTTP Status Code: 409
- DuplicateCertificate
-
The request was rejected because the same certificate is associated with an IAM user in the account.
HTTP Status Code: 409
- EntityAlreadyExists
-
The request was rejected because it attempted to create a resource that already exists.
HTTP Status Code: 409
- InvalidCertificate
-
The request was rejected because the certificate is invalid.
HTTP Status Code: 400
- LimitExceeded
-
The request was rejected because it attempted to create resources beyond the current AWS account limits. The error message describes the limit exceeded.
HTTP Status Code: 409
- MalformedCertificate
-
The request was rejected because the certificate was malformed or expired. The error message describes the specific error.
HTTP Status Code: 400
- NoSuchEntity
-
The request was rejected because it referenced a resource entity that does not exist. The error message describes the resource.
HTTP Status Code: 404
- ServiceFailure
-
The request processing has failed because of an unknown error, exception or failure.
HTTP Status Code: 500
Examples
Example
This example illustrates one usage of UploadSigningCertificate.
Sample Request
https://iam.amazonaws.com/?Action=UploadSigningCertificate
&UserName=Bob
&CertificateBody=
-----BEGIN CERTIFICATE-----
MIICdzCCAeCgAwIBAgIGANc+Ha2wMA0GCSqGSIb3DQEBBQUAMFMxCzAJBgNVBAYT
AlVTMRMwEQYDVQQKEwpBbWF6b24uY29tMQwwCgYDVQQLEwNBV1MxITAfBgNVBAMT
GEFXUyBMaW1pdGVkLUFzc3VyYW5jZSBDQTAeFw0wOTAyMDQxNzE5MjdaFw0xMDAy
MDQxNzE5MjdaMFIxCzAJBgNVBAYTAlVTMRMwEQYDVQQKEwpBbWF6b24uY29tMRcw
FQYDVQQLEw5BV1MtRGV2ZWxvcGVyczEVMBMGA1UEAxMMNTdxNDl0c3ZwYjRtMIGf
MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCpB/vsOwmT/O0td1RqzKjttSBaPjbr
dqwNe9BrOyB08fw2+Ch5oonZYXfGUrT6mkYXH5fQot9HvASrzAKHO596FdJA6DmL
ywdWe1Oggk7zFSXO1Xv+3vPrJtaYxYo3eRIp7w80PMkiOv6M0XK8ubcTouODeJbf
suDqcLnLDxwsvwIDAQABo1cwVTAOBgNVHQ8BAf8EBAMCBaAwFgYDVR0lAQH/BAww
CgYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQULGNaBphBumaKbDRK
CAi0mH8B3mowDQYJKoZIhvcNAQEFBQADgYEAuKxhkXaCLGcqDuweKtO/AEw9ZePH
wr0XqsaIK2HZboqruebXEGsojK4Ks0WzwgrEynuHJwTn760xe39rSqXWIOGrOBaX
wFpWHVjTFMKk+tSDG1lssLHyYWWdFFU4AnejRGORJYNaRHgVTKjHphc5jEhHm0BX
AEaHzTpmEXAMPLE=
-----END CERTIFICATE-----
&Version=2010-05-08
&AUTHPARAMS
Sample Response
<UploadSigningCertificateResponse xmlns="https://iam.amazonaws.com/doc/2010-05-08/">
<UploadSigningCertificateResult>
<Certificate>
<UserName>Bob</UserName>
<CertificateId>TA7SMP42TDN5Z26OBPJE7EXAMPLE</CertificateId>
<CertificateBody>
-----BEGIN CERTIFICATE-----
MIICdzCCAeCgAwIBAgIGANc+Ha2wMA0GCSqGSIb3DQEBBQUAMFMxCzAJBgNVBAYT
AlVTMRMwEQYDVQQKEwpBbWF6b24uY29tMQwwCgYDVQQLEwNBV1MxITAfBgNVBAMT
GEFXUyBMaW1pdGVkLUFzc3VyYW5jZSBDQTAeFw0wOTAyMDQxNzE5MjdaFw0xMDAy
MDQxNzE5MjdaMFIxCzAJBgNVBAYTAlVTMRMwEQYDVQQKEwpBbWF6b24uY29tMRcw
FQYDVQQLEw5BV1MtRGV2ZWxvcGVyczEVMBMGA1UEAxMMNTdxNDl0c3ZwYjRtMIGf
MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCpB/vsOwmT/O0td1RqzKjttSBaPjbr
dqwNe9BrOyB08fw2+Ch5oonZYXfGUrT6mkYXH5fQot9HvASrzAKHO596FdJA6DmL
ywdWe1Oggk7zFSXO1Xv+3vPrJtaYxYo3eRIp7w80PMkiOv6M0XK8ubcTouODeJbf
suDqcLnLDxwsvwIDAQABo1cwVTAOBgNVHQ8BAf8EBAMCBaAwFgYDVR0lAQH/BAww
CgYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQULGNaBphBumaKbDRK
CAi0mH8B3mowDQYJKoZIhvcNAQEFBQADgYEAuKxhkXaCLGcqDuweKtO/AEw9ZePH
wr0XqsaIK2HZboqruebXEGsojK4Ks0WzwgrEynuHJwTn760xe39rSqXWIOGrOBaX
wFpWHVjTFMKk+tSDG1lssLHyYWWdFFU4AnejRGORJYNaRHgVTKjHphc5jEhHm0BX
AEaHzTpmEXAMPLE=
-----END CERTIFICATE-----
</CertificateBody>
<Status>Active</Status>
</Certificate>
</UploadSigningCertificateResult>
<ResponseMetadata>
<RequestId>7a62c49f-347e-4fc4-9331-6e8eEXAMPLE</RequestId>
</ResponseMetadata>
</UploadSigningCertificateResponse>
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following: