IAM Roles Anywhere 2018-05-10
- Client: Aws\RolesAnywhere\RolesAnywhereClient
- Service ID: rolesanywhere
- Version: 2018-05-10
This page describes the parameters and results for the operations of the IAM Roles Anywhere (2018-05-10), and shows how to use the Aws\RolesAnywhere\RolesAnywhereClient object to call the described operations. This documentation is specific to the 2018-05-10 API version of the service.
Operation Summary
Each of the following operations can be created from a client using
$client->getCommand('CommandName'), where "CommandName" is the
name of one of the following operations. Note: a command is a value that
encapsulates an operation and the parameters used to create an HTTP request.
You can also create and send a command immediately using the magic methods
available on a client object: $client->commandName(/* parameters */).
You can send the command asynchronously (returning a promise) by appending the
word "Async" to the operation name: $client->commandNameAsync(/* parameters */).
- CreateProfile ( array $params = [] )
Creates a profile.
- CreateTrustAnchor ( array $params = [] )
Creates a trust anchor.
- DeleteCrl ( array $params = [] )
Deletes a certificate revocation list (CRL).
- DeleteProfile ( array $params = [] )
Deletes a profile.
- DeleteTrustAnchor ( array $params = [] )
Deletes a trust anchor.
- DisableCrl ( array $params = [] )
Disables a certificate revocation list (CRL).
- DisableProfile ( array $params = [] )
Disables a profile.
- DisableTrustAnchor ( array $params = [] )
Disables a trust anchor.
- EnableCrl ( array $params = [] )
Enables a certificate revocation list (CRL).
- EnableProfile ( array $params = [] )
Enables the roles in a profile to receive session credentials in CreateSession.
- EnableTrustAnchor ( array $params = [] )
Enables a trust anchor.
- GetCrl ( array $params = [] )
Gets a certificate revocation list (CRL).
- GetProfile ( array $params = [] )
Gets a profile.
- GetSubject ( array $params = [] )
Gets a Subject.
- GetTrustAnchor ( array $params = [] )
Gets a trust anchor.
- ImportCrl ( array $params = [] )
Imports the certificate revocation list (CRL).
- ListCrls ( array $params = [] )
Lists all Crls in the authenticated account and Amazon Web Services Region.
- ListProfiles ( array $params = [] )
Lists all profiles in the authenticated account and Amazon Web Services Region.
- ListSubjects ( array $params = [] )
Lists the subjects in the authenticated account and Amazon Web Services Region.
- ListTagsForResource ( array $params = [] )
Lists the tags attached to the resource.
- ListTrustAnchors ( array $params = [] )
Lists the trust anchors in the authenticated account and Amazon Web Services Region.
- TagResource ( array $params = [] )
Attaches tags to a resource.
- UntagResource ( array $params = [] )
Removes tags from the resource.
- UpdateCrl ( array $params = [] )
Updates the certificate revocation list (CRL).
- UpdateProfile ( array $params = [] )
Updates the profile.
- UpdateTrustAnchor ( array $params = [] )
Updates the trust anchor.
Paginators
Paginators handle automatically iterating over paginated API results. Paginators are associated with specific API operations, and they accept the parameters that the corresponding API operation accepts. You can get a paginator from a client class using getPaginator($paginatorName, $operationParameters). This client supports the following paginators:
Operations
CreateProfile
$result = $client->createProfile([/* ... */]); $promise = $client->createProfileAsync([/* ... */]);
Creates a profile. A profile is configuration resource to list the roles that RolesAnywhere service is trusted to assume. In addition, by applying a profile you can intersect permissions with IAM managed policies.
Required permissions: rolesanywhere:CreateProfile.
Parameter Syntax
$result = $client->createProfile([
'durationSeconds' => <integer>,
'enabled' => true || false,
'managedPolicyArns' => ['<string>', ...],
'name' => '<string>', // REQUIRED
'requireInstanceProperties' => true || false,
'roleArns' => ['<string>', ...], // REQUIRED
'sessionPolicy' => '<string>',
'tags' => [
[
'key' => '<string>', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
]);
Parameter Details
Members
- durationSeconds
-
- Type: int
The number of seconds the vended session credentials are valid for.
- enabled
-
- Type: boolean
Specifies whether the profile is enabled.
- managedPolicyArns
-
- Type: Array of strings
A list of managed policy ARNs that apply to the vended session credentials.
- name
-
- Required: Yes
- Type: string
The name of the profile.
- requireInstanceProperties
-
- Type: boolean
Specifies whether instance properties are required in CreateSession requests with this profile.
- roleArns
-
- Required: Yes
- Type: Array of strings
A list of IAM roles that this profile can assume in a CreateSession operation.
- sessionPolicy
-
- Type: string
A session policy that applies to the trust boundary of the vended session credentials.
- tags
-
- Type: Array of Tag structures
The tags to attach to the profile.
Result Syntax
[
'profile' => [
'createdAt' => <DateTime>,
'createdBy' => '<string>',
'durationSeconds' => <integer>,
'enabled' => true || false,
'managedPolicyArns' => ['<string>', ...],
'name' => '<string>',
'profileArn' => '<string>',
'profileId' => '<string>',
'requireInstanceProperties' => true || false,
'roleArns' => ['<string>', ...],
'sessionPolicy' => '<string>',
'updatedAt' => <DateTime>,
],
]
Result Details
Members
- profile
-
- Type: ProfileDetail structure
The state of the profile after a read or write operation.
Errors
-
Validation exception error.
-
You do not have sufficient access to perform this action.
CreateTrustAnchor
$result = $client->createTrustAnchor([/* ... */]); $promise = $client->createTrustAnchorAsync([/* ... */]);
Creates a trust anchor. You establish trust between IAM Roles Anywhere and your certificate authority (CA) by configuring a trust anchor. A Trust Anchor is defined either as a reference to a AWS Certificate Manager Private Certificate Authority (ACM PCA), or by uploading a Certificate Authority (CA) certificate. Your AWS workloads can authenticate with the trust anchor using certificates issued by the trusted Certificate Authority (CA) in exchange for temporary AWS credentials.
Required permissions: rolesanywhere:CreateTrustAnchor.
Parameter Syntax
$result = $client->createTrustAnchor([
'enabled' => true || false,
'name' => '<string>', // REQUIRED
'source' => [ // REQUIRED
'sourceData' => [
'acmPcaArn' => '<string>',
'x509CertificateData' => '<string>',
],
'sourceType' => 'AWS_ACM_PCA|CERTIFICATE_BUNDLE|SELF_SIGNED_REPOSITORY',
],
'tags' => [
[
'key' => '<string>', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
]);
Parameter Details
Members
- enabled
-
- Type: boolean
Specifies whether the trust anchor is enabled.
- name
-
- Required: Yes
- Type: string
The name of the trust anchor.
- source
-
- Required: Yes
- Type: Source structure
The trust anchor type and its related certificate data.
- tags
-
- Type: Array of Tag structures
The tags to attach to the trust anchor.
Result Syntax
[
'trustAnchor' => [
'createdAt' => <DateTime>,
'enabled' => true || false,
'name' => '<string>',
'source' => [
'sourceData' => [
'acmPcaArn' => '<string>',
'x509CertificateData' => '<string>',
],
'sourceType' => 'AWS_ACM_PCA|CERTIFICATE_BUNDLE|SELF_SIGNED_REPOSITORY',
],
'trustAnchorArn' => '<string>',
'trustAnchorId' => '<string>',
'updatedAt' => <DateTime>,
],
]
Result Details
Members
- trustAnchor
-
- Required: Yes
- Type: TrustAnchorDetail structure
The state of the trust anchor after a read or write operation.
Errors
-
Validation exception error.
-
You do not have sufficient access to perform this action.
DeleteCrl
$result = $client->deleteCrl([/* ... */]); $promise = $client->deleteCrlAsync([/* ... */]);
Deletes a certificate revocation list (CRL).
Required permissions: rolesanywhere:DeleteCrl.
Parameter Syntax
$result = $client->deleteCrl([
'crlId' => '<string>', // REQUIRED
]);
Parameter Details
Members
Result Syntax
[
'crl' => [
'createdAt' => <DateTime>,
'crlArn' => '<string>',
'crlData' => <string || resource || Psr\Http\Message\StreamInterface>,
'crlId' => '<string>',
'enabled' => true || false,
'name' => '<string>',
'trustAnchorArn' => '<string>',
'updatedAt' => <DateTime>,
],
]
Result Details
Members
- crl
-
- Required: Yes
- Type: CrlDetail structure
The state of the certificate revocation list (CRL) after a read or write operation.
Errors
-
The resource could not be found.
-
You do not have sufficient access to perform this action.
DeleteProfile
$result = $client->deleteProfile([/* ... */]); $promise = $client->deleteProfileAsync([/* ... */]);
Deletes a profile.
Required permissions: rolesanywhere:DeleteProfile.
Parameter Syntax
$result = $client->deleteProfile([
'profileId' => '<string>', // REQUIRED
]);
Parameter Details
Result Syntax
[
'profile' => [
'createdAt' => <DateTime>,
'createdBy' => '<string>',
'durationSeconds' => <integer>,
'enabled' => true || false,
'managedPolicyArns' => ['<string>', ...],
'name' => '<string>',
'profileArn' => '<string>',
'profileId' => '<string>',
'requireInstanceProperties' => true || false,
'roleArns' => ['<string>', ...],
'sessionPolicy' => '<string>',
'updatedAt' => <DateTime>,
],
]
Result Details
Members
- profile
-
- Type: ProfileDetail structure
The state of the profile after a read or write operation.
Errors
-
The resource could not be found.
-
You do not have sufficient access to perform this action.
DeleteTrustAnchor
$result = $client->deleteTrustAnchor([/* ... */]); $promise = $client->deleteTrustAnchorAsync([/* ... */]);
Deletes a trust anchor.
Required permissions: rolesanywhere:DeleteTrustAnchor.
Parameter Syntax
$result = $client->deleteTrustAnchor([
'trustAnchorId' => '<string>', // REQUIRED
]);
Parameter Details
Result Syntax
[
'trustAnchor' => [
'createdAt' => <DateTime>,
'enabled' => true || false,
'name' => '<string>',
'source' => [
'sourceData' => [
'acmPcaArn' => '<string>',
'x509CertificateData' => '<string>',
],
'sourceType' => 'AWS_ACM_PCA|CERTIFICATE_BUNDLE|SELF_SIGNED_REPOSITORY',
],
'trustAnchorArn' => '<string>',
'trustAnchorId' => '<string>',
'updatedAt' => <DateTime>,
],
]
Result Details
Members
- trustAnchor
-
- Required: Yes
- Type: TrustAnchorDetail structure
The state of the trust anchor after a read or write operation.
Errors
-
The resource could not be found.
-
You do not have sufficient access to perform this action.
DisableCrl
$result = $client->disableCrl([/* ... */]); $promise = $client->disableCrlAsync([/* ... */]);
Disables a certificate revocation list (CRL).
Required permissions: rolesanywhere:DisableCrl.
Parameter Syntax
$result = $client->disableCrl([
'crlId' => '<string>', // REQUIRED
]);
Parameter Details
Members
Result Syntax
[
'crl' => [
'createdAt' => <DateTime>,
'crlArn' => '<string>',
'crlData' => <string || resource || Psr\Http\Message\StreamInterface>,
'crlId' => '<string>',
'enabled' => true || false,
'name' => '<string>',
'trustAnchorArn' => '<string>',
'updatedAt' => <DateTime>,
],
]
Result Details
Members
- crl
-
- Required: Yes
- Type: CrlDetail structure
The state of the certificate revocation list (CRL) after a read or write operation.
Errors
-
The resource could not be found.
-
You do not have sufficient access to perform this action.
DisableProfile
$result = $client->disableProfile([/* ... */]); $promise = $client->disableProfileAsync([/* ... */]);
Disables a profile. When disabled, CreateSession requests with this profile fail.
Required permissions: rolesanywhere:DisableProfile.
Parameter Syntax
$result = $client->disableProfile([
'profileId' => '<string>', // REQUIRED
]);
Parameter Details
Result Syntax
[
'profile' => [
'createdAt' => <DateTime>,
'createdBy' => '<string>',
'durationSeconds' => <integer>,
'enabled' => true || false,
'managedPolicyArns' => ['<string>', ...],
'name' => '<string>',
'profileArn' => '<string>',
'profileId' => '<string>',
'requireInstanceProperties' => true || false,
'roleArns' => ['<string>', ...],
'sessionPolicy' => '<string>',
'updatedAt' => <DateTime>,
],
]
Result Details
Members
- profile
-
- Type: ProfileDetail structure
The state of the profile after a read or write operation.
Errors
-
The resource could not be found.
-
You do not have sufficient access to perform this action.
DisableTrustAnchor
$result = $client->disableTrustAnchor([/* ... */]); $promise = $client->disableTrustAnchorAsync([/* ... */]);
Disables a trust anchor. When disabled, CreateSession requests specifying this trust anchor are unauthorized.
Required permissions: rolesanywhere:DisableTrustAnchor.
Parameter Syntax
$result = $client->disableTrustAnchor([
'trustAnchorId' => '<string>', // REQUIRED
]);
Parameter Details
Result Syntax
[
'trustAnchor' => [
'createdAt' => <DateTime>,
'enabled' => true || false,
'name' => '<string>',
'source' => [
'sourceData' => [
'acmPcaArn' => '<string>',
'x509CertificateData' => '<string>',
],
'sourceType' => 'AWS_ACM_PCA|CERTIFICATE_BUNDLE|SELF_SIGNED_REPOSITORY',
],
'trustAnchorArn' => '<string>',
'trustAnchorId' => '<string>',
'updatedAt' => <DateTime>,
],
]
Result Details
Members
- trustAnchor
-
- Required: Yes
- Type: TrustAnchorDetail structure
The state of the trust anchor after a read or write operation.
Errors
-
The resource could not be found.
-
You do not have sufficient access to perform this action.
EnableCrl
$result = $client->enableCrl([/* ... */]); $promise = $client->enableCrlAsync([/* ... */]);
Enables a certificate revocation list (CRL). When enabled, certificates stored in the CRL are unauthorized to receive session credentials.
Required permissions: rolesanywhere:EnableCrl.
Parameter Syntax
$result = $client->enableCrl([
'crlId' => '<string>', // REQUIRED
]);
Parameter Details
Members
Result Syntax
[
'crl' => [
'createdAt' => <DateTime>,
'crlArn' => '<string>',
'crlData' => <string || resource || Psr\Http\Message\StreamInterface>,
'crlId' => '<string>',
'enabled' => true || false,
'name' => '<string>',
'trustAnchorArn' => '<string>',
'updatedAt' => <DateTime>,
],
]
Result Details
Members
- crl
-
- Required: Yes
- Type: CrlDetail structure
The state of the certificate revocation list (CRL) after a read or write operation.
Errors
-
The resource could not be found.
-
You do not have sufficient access to perform this action.
EnableProfile
$result = $client->enableProfile([/* ... */]); $promise = $client->enableProfileAsync([/* ... */]);
Enables the roles in a profile to receive session credentials in CreateSession.
Required permissions: rolesanywhere:EnableProfile.
Parameter Syntax
$result = $client->enableProfile([
'profileId' => '<string>', // REQUIRED
]);
Parameter Details
Result Syntax
[
'profile' => [
'createdAt' => <DateTime>,
'createdBy' => '<string>',
'durationSeconds' => <integer>,
'enabled' => true || false,
'managedPolicyArns' => ['<string>', ...],
'name' => '<string>',
'profileArn' => '<string>',
'profileId' => '<string>',
'requireInstanceProperties' => true || false,
'roleArns' => ['<string>', ...],
'sessionPolicy' => '<string>',
'updatedAt' => <DateTime>,
],
]
Result Details
Members
- profile
-
- Type: ProfileDetail structure
The state of the profile after a read or write operation.
Errors
-
The resource could not be found.
-
You do not have sufficient access to perform this action.
EnableTrustAnchor
$result = $client->enableTrustAnchor([/* ... */]); $promise = $client->enableTrustAnchorAsync([/* ... */]);
Enables a trust anchor. When enabled, certificates in the trust anchor chain are authorized for trust validation.
Required permissions: rolesanywhere:EnableTrustAnchor.
Parameter Syntax
$result = $client->enableTrustAnchor([
'trustAnchorId' => '<string>', // REQUIRED
]);
Parameter Details
Result Syntax
[
'trustAnchor' => [
'createdAt' => <DateTime>,
'enabled' => true || false,
'name' => '<string>',
'source' => [
'sourceData' => [
'acmPcaArn' => '<string>',
'x509CertificateData' => '<string>',
],
'sourceType' => 'AWS_ACM_PCA|CERTIFICATE_BUNDLE|SELF_SIGNED_REPOSITORY',
],
'trustAnchorArn' => '<string>',
'trustAnchorId' => '<string>',
'updatedAt' => <DateTime>,
],
]
Result Details
Members
- trustAnchor
-
- Required: Yes
- Type: TrustAnchorDetail structure
The state of the trust anchor after a read or write operation.
Errors
-
The resource could not be found.
-
You do not have sufficient access to perform this action.
GetCrl
$result = $client->getCrl([/* ... */]); $promise = $client->getCrlAsync([/* ... */]);
Gets a certificate revocation list (CRL).
Required permissions: rolesanywhere:GetCrl.
Parameter Syntax
$result = $client->getCrl([
'crlId' => '<string>', // REQUIRED
]);
Parameter Details
Members
Result Syntax
[
'crl' => [
'createdAt' => <DateTime>,
'crlArn' => '<string>',
'crlData' => <string || resource || Psr\Http\Message\StreamInterface>,
'crlId' => '<string>',
'enabled' => true || false,
'name' => '<string>',
'trustAnchorArn' => '<string>',
'updatedAt' => <DateTime>,
],
]
Result Details
Members
- crl
-
- Required: Yes
- Type: CrlDetail structure
The state of the certificate revocation list (CRL) after a read or write operation.
Errors
-
The resource could not be found.
GetProfile
$result = $client->getProfile([/* ... */]); $promise = $client->getProfileAsync([/* ... */]);
Gets a profile.
Required permissions: rolesanywhere:GetProfile.
Parameter Syntax
$result = $client->getProfile([
'profileId' => '<string>', // REQUIRED
]);
Parameter Details
Result Syntax
[
'profile' => [
'createdAt' => <DateTime>,
'createdBy' => '<string>',
'durationSeconds' => <integer>,
'enabled' => true || false,
'managedPolicyArns' => ['<string>', ...],
'name' => '<string>',
'profileArn' => '<string>',
'profileId' => '<string>',
'requireInstanceProperties' => true || false,
'roleArns' => ['<string>', ...],
'sessionPolicy' => '<string>',
'updatedAt' => <DateTime>,
],
]
Result Details
Members
- profile
-
- Type: ProfileDetail structure
The state of the profile after a read or write operation.
Errors
-
The resource could not be found.
-
You do not have sufficient access to perform this action.
GetSubject
$result = $client->getSubject([/* ... */]); $promise = $client->getSubjectAsync([/* ... */]);
Gets a Subject. A Subject associates a certificate identity with authentication attempts by CreateSession. The Subject resources stores audit information such as status of the last authentication attempt, the certificate data used in the attempt, and the last time the associated identity attempted authentication.
Required permissions: rolesanywhere:GetSubject.
Parameter Syntax
$result = $client->getSubject([
'subjectId' => '<string>', // REQUIRED
]);
Parameter Details
Result Syntax
[
'subject' => [
'createdAt' => <DateTime>,
'credentials' => [
[
'enabled' => true || false,
'failed' => true || false,
'issuer' => '<string>',
'seenAt' => <DateTime>,
'serialNumber' => '<string>',
'x509CertificateData' => '<string>',
],
// ...
],
'enabled' => true || false,
'instanceProperties' => [
[
'failed' => true || false,
'properties' => ['<string>', ...],
'seenAt' => <DateTime>,
],
// ...
],
'lastSeenAt' => <DateTime>,
'subjectArn' => '<string>',
'subjectId' => '<string>',
'updatedAt' => <DateTime>,
'x509Subject' => '<string>',
],
]
Result Details
Members
- subject
-
- Type: SubjectDetail structure
The state of the subject after a read or write operation.
Errors
-
The resource could not be found.
-
You do not have sufficient access to perform this action.
GetTrustAnchor
$result = $client->getTrustAnchor([/* ... */]); $promise = $client->getTrustAnchorAsync([/* ... */]);
Gets a trust anchor.
Required permissions: rolesanywhere:GetTrustAnchor.
Parameter Syntax
$result = $client->getTrustAnchor([
'trustAnchorId' => '<string>', // REQUIRED
]);
Parameter Details
Result Syntax
[
'trustAnchor' => [
'createdAt' => <DateTime>,
'enabled' => true || false,
'name' => '<string>',
'source' => [
'sourceData' => [
'acmPcaArn' => '<string>',
'x509CertificateData' => '<string>',
],
'sourceType' => 'AWS_ACM_PCA|CERTIFICATE_BUNDLE|SELF_SIGNED_REPOSITORY',
],
'trustAnchorArn' => '<string>',
'trustAnchorId' => '<string>',
'updatedAt' => <DateTime>,
],
]
Result Details
Members
- trustAnchor
-
- Required: Yes
- Type: TrustAnchorDetail structure
The state of the trust anchor after a read or write operation.
Errors
-
Validation exception error.
-
The resource could not be found.
-
You do not have sufficient access to perform this action.
ImportCrl
$result = $client->importCrl([/* ... */]); $promise = $client->importCrlAsync([/* ... */]);
Imports the certificate revocation list (CRL). CRl is a list of certificates that have been revoked by the issuing certificate Authority (CA). IAM Roles Anywhere validates against the crl list before issuing credentials.
Required permissions: rolesanywhere:ImportCrl.
Parameter Syntax
$result = $client->importCrl([
'crlData' => <string || resource || Psr\Http\Message\StreamInterface>, // REQUIRED
'enabled' => true || false,
'name' => '<string>', // REQUIRED
'tags' => [
[
'key' => '<string>', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'trustAnchorArn' => '<string>', // REQUIRED
]);
Parameter Details
Members
- crlData
-
- Required: Yes
- Type: blob (string|resource|Psr\Http\Message\StreamInterface)
The x509 v3 specified certificate revocation list
- enabled
-
- Type: boolean
Specifies whether the certificate revocation list (CRL) is enabled.
- name
-
- Required: Yes
- Type: string
The name of the certificate revocation list (CRL).
- tags
-
- Type: Array of Tag structures
A list of tags to attach to the certificate revocation list (CRL).
- trustAnchorArn
-
- Required: Yes
- Type: string
The ARN of the TrustAnchor the certificate revocation list (CRL) will provide revocation for.
Result Syntax
[
'crl' => [
'createdAt' => <DateTime>,
'crlArn' => '<string>',
'crlData' => <string || resource || Psr\Http\Message\StreamInterface>,
'crlId' => '<string>',
'enabled' => true || false,
'name' => '<string>',
'trustAnchorArn' => '<string>',
'updatedAt' => <DateTime>,
],
]
Result Details
Members
- crl
-
- Required: Yes
- Type: CrlDetail structure
The state of the certificate revocation list (CRL) after a read or write operation.
Errors
-
Validation exception error.
-
You do not have sufficient access to perform this action.
ListCrls
$result = $client->listCrls([/* ... */]); $promise = $client->listCrlsAsync([/* ... */]);
Lists all Crls in the authenticated account and Amazon Web Services Region.
Required permissions: rolesanywhere:ListCrls.
Parameter Syntax
$result = $client->listCrls([
'nextToken' => '<string>',
'pageSize' => <integer>,
]);
Parameter Details
Members
Result Syntax
[
'crls' => [
[
'createdAt' => <DateTime>,
'crlArn' => '<string>',
'crlData' => <string || resource || Psr\Http\Message\StreamInterface>,
'crlId' => '<string>',
'enabled' => true || false,
'name' => '<string>',
'trustAnchorArn' => '<string>',
'updatedAt' => <DateTime>,
],
// ...
],
'nextToken' => '<string>',
]
Result Details
Members
- crls
-
- Type: Array of CrlDetail structures
A list of certificate revocation lists (CRL).
- nextToken
-
- Type: string
A token that indicates where the output should continue from, if a previous operation did not show all results. To get the next results, call the operation again with this value.
Errors
-
Validation exception error.
-
You do not have sufficient access to perform this action.
ListProfiles
$result = $client->listProfiles([/* ... */]); $promise = $client->listProfilesAsync([/* ... */]);
Lists all profiles in the authenticated account and Amazon Web Services Region.
Required permissions: rolesanywhere:ListProfiles.
Parameter Syntax
$result = $client->listProfiles([
'nextToken' => '<string>',
'pageSize' => <integer>,
]);
Parameter Details
Members
Result Syntax
[
'nextToken' => '<string>',
'profiles' => [
[
'createdAt' => <DateTime>,
'createdBy' => '<string>',
'durationSeconds' => <integer>,
'enabled' => true || false,
'managedPolicyArns' => ['<string>', ...],
'name' => '<string>',
'profileArn' => '<string>',
'profileId' => '<string>',
'requireInstanceProperties' => true || false,
'roleArns' => ['<string>', ...],
'sessionPolicy' => '<string>',
'updatedAt' => <DateTime>,
],
// ...
],
]
Result Details
Members
- nextToken
-
- Type: string
A token that indicates where the output should continue from, if a previous operation did not show all results. To get the next results, call the operation again with this value.
- profiles
-
- Type: Array of ProfileDetail structures
A list of profiles.
Errors
-
Validation exception error.
-
You do not have sufficient access to perform this action.
ListSubjects
$result = $client->listSubjects([/* ... */]); $promise = $client->listSubjectsAsync([/* ... */]);
Lists the subjects in the authenticated account and Amazon Web Services Region.
Required permissions: rolesanywhere:ListSubjects.
Parameter Syntax
$result = $client->listSubjects([
'nextToken' => '<string>',
'pageSize' => <integer>,
]);
Parameter Details
Members
Result Syntax
[
'nextToken' => '<string>',
'subjects' => [
[
'createdAt' => <DateTime>,
'enabled' => true || false,
'lastSeenAt' => <DateTime>,
'subjectArn' => '<string>',
'subjectId' => '<string>',
'updatedAt' => <DateTime>,
'x509Subject' => '<string>',
],
// ...
],
]
Result Details
Members
- nextToken
-
- Type: string
A token that indicates where the output should continue from, if a previous operation did not show all results. To get the next results, call the operation again with this value.
- subjects
-
- Type: Array of SubjectSummary structures
A list of subjects.
Errors
-
Validation exception error.
-
You do not have sufficient access to perform this action.
ListTagsForResource
$result = $client->listTagsForResource([/* ... */]); $promise = $client->listTagsForResourceAsync([/* ... */]);
Lists the tags attached to the resource.
Required permissions: rolesanywhere:ListTagsForResource.
Parameter Syntax
$result = $client->listTagsForResource([
'resourceArn' => '<string>', // REQUIRED
]);
Parameter Details
Result Syntax
[
'tags' => [
[
'key' => '<string>',
'value' => '<string>',
],
// ...
],
]
Result Details
Members
- tags
-
- Type: Array of Tag structures
A list of tags attached to the resource.
Errors
-
Validation exception error.
-
The resource could not be found.
-
You do not have sufficient access to perform this action.
ListTrustAnchors
$result = $client->listTrustAnchors([/* ... */]); $promise = $client->listTrustAnchorsAsync([/* ... */]);
Lists the trust anchors in the authenticated account and Amazon Web Services Region.
Required permissions: rolesanywhere:ListTrustAnchors.
Parameter Syntax
$result = $client->listTrustAnchors([
'nextToken' => '<string>',
'pageSize' => <integer>,
]);
Parameter Details
Members
Result Syntax
[
'nextToken' => '<string>',
'trustAnchors' => [
[
'createdAt' => <DateTime>,
'enabled' => true || false,
'name' => '<string>',
'source' => [
'sourceData' => [
'acmPcaArn' => '<string>',
'x509CertificateData' => '<string>',
],
'sourceType' => 'AWS_ACM_PCA|CERTIFICATE_BUNDLE|SELF_SIGNED_REPOSITORY',
],
'trustAnchorArn' => '<string>',
'trustAnchorId' => '<string>',
'updatedAt' => <DateTime>,
],
// ...
],
]
Result Details
Members
- nextToken
-
- Type: string
A token that indicates where the output should continue from, if a previous operation did not show all results. To get the next results, call the operation again with this value.
- trustAnchors
-
- Type: Array of TrustAnchorDetail structures
A list of trust anchors.
Errors
-
Validation exception error.
-
You do not have sufficient access to perform this action.
TagResource
$result = $client->tagResource([/* ... */]); $promise = $client->tagResourceAsync([/* ... */]);
Attaches tags to a resource.
Required permissions: rolesanywhere:TagResource.
Parameter Syntax
$result = $client->tagResource([
'resourceArn' => '<string>', // REQUIRED
'tags' => [ // REQUIRED
[
'key' => '<string>', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
]);
Parameter Details
Members
- resourceArn
-
- Required: Yes
- Type: string
The ARN of the resource.
- tags
-
- Required: Yes
- Type: Array of Tag structures
The tags to attach to the resource.
Result Syntax
[]
Result Details
Errors
-
Validation exception error.
-
The resource could not be found.
-
You do not have sufficient access to perform this action.
-
Too many tags.
UntagResource
$result = $client->untagResource([/* ... */]); $promise = $client->untagResourceAsync([/* ... */]);
Removes tags from the resource.
Required permissions: rolesanywhere:UntagResource.
Parameter Syntax
$result = $client->untagResource([
'resourceArn' => '<string>', // REQUIRED
'tagKeys' => ['<string>', ...], // REQUIRED
]);
Parameter Details
Members
Result Syntax
[]
Result Details
Errors
-
Validation exception error.
-
The resource could not be found.
-
You do not have sufficient access to perform this action.
UpdateCrl
$result = $client->updateCrl([/* ... */]); $promise = $client->updateCrlAsync([/* ... */]);
Updates the certificate revocation list (CRL). CRl is a list of certificates that have been revoked by the issuing certificate Authority (CA). IAM Roles Anywhere validates against the crl list before issuing credentials.
Required permissions: rolesanywhere:UpdateCrl.
Parameter Syntax
$result = $client->updateCrl([
'crlData' => <string || resource || Psr\Http\Message\StreamInterface>,
'crlId' => '<string>', // REQUIRED
'name' => '<string>',
]);
Parameter Details
Members
Result Syntax
[
'crl' => [
'createdAt' => <DateTime>,
'crlArn' => '<string>',
'crlData' => <string || resource || Psr\Http\Message\StreamInterface>,
'crlId' => '<string>',
'enabled' => true || false,
'name' => '<string>',
'trustAnchorArn' => '<string>',
'updatedAt' => <DateTime>,
],
]
Result Details
Members
- crl
-
- Required: Yes
- Type: CrlDetail structure
The state of the certificate revocation list (CRL) after a read or write operation.
Errors
-
Validation exception error.
-
The resource could not be found.
-
You do not have sufficient access to perform this action.
UpdateProfile
$result = $client->updateProfile([/* ... */]); $promise = $client->updateProfileAsync([/* ... */]);
Updates the profile. A profile is configuration resource to list the roles that RolesAnywhere service is trusted to assume. In addition, by applying a profile you can scope-down permissions with IAM managed policies.
Required permissions: rolesanywhere:UpdateProfile.
Parameter Syntax
$result = $client->updateProfile([
'durationSeconds' => <integer>,
'managedPolicyArns' => ['<string>', ...],
'name' => '<string>',
'profileId' => '<string>', // REQUIRED
'roleArns' => ['<string>', ...],
'sessionPolicy' => '<string>',
]);
Parameter Details
Members
- durationSeconds
-
- Type: int
The number of seconds the vended session credentials are valid for.
- managedPolicyArns
-
- Type: Array of strings
A list of managed policy ARNs that apply to the vended session credentials.
- name
-
- Type: string
The name of the profile.
- profileId
-
- Required: Yes
- Type: string
The unique identifier of the profile.
- roleArns
-
- Type: Array of strings
A list of IAM roles that this profile can assume in a CreateSession operation.
- sessionPolicy
-
- Type: string
A session policy that applies to the trust boundary of the vended session credentials.
Result Syntax
[
'profile' => [
'createdAt' => <DateTime>,
'createdBy' => '<string>',
'durationSeconds' => <integer>,
'enabled' => true || false,
'managedPolicyArns' => ['<string>', ...],
'name' => '<string>',
'profileArn' => '<string>',
'profileId' => '<string>',
'requireInstanceProperties' => true || false,
'roleArns' => ['<string>', ...],
'sessionPolicy' => '<string>',
'updatedAt' => <DateTime>,
],
]
Result Details
Members
- profile
-
- Type: ProfileDetail structure
The state of the profile after a read or write operation.
Errors
-
Validation exception error.
-
The resource could not be found.
-
You do not have sufficient access to perform this action.
UpdateTrustAnchor
$result = $client->updateTrustAnchor([/* ... */]); $promise = $client->updateTrustAnchorAsync([/* ... */]);
Updates the trust anchor.You establish trust between IAM Roles Anywhere and your certificate authority (CA) by configuring a trust anchor. A Trust Anchor is defined either as a reference to a AWS Certificate Manager Private Certificate Authority (ACM PCA), or by uploading a Certificate Authority (CA) certificate. Your AWS workloads can authenticate with the trust anchor using certificates issued by the trusted Certificate Authority (CA) in exchange for temporary AWS credentials.
Required permissions: rolesanywhere:UpdateTrustAnchor.
Parameter Syntax
$result = $client->updateTrustAnchor([
'name' => '<string>',
'source' => [
'sourceData' => [
'acmPcaArn' => '<string>',
'x509CertificateData' => '<string>',
],
'sourceType' => 'AWS_ACM_PCA|CERTIFICATE_BUNDLE|SELF_SIGNED_REPOSITORY',
],
'trustAnchorId' => '<string>', // REQUIRED
]);
Parameter Details
Members
- name
-
- Type: string
The name of the trust anchor.
- source
-
- Type: Source structure
The trust anchor type and its related certificate data.
- trustAnchorId
-
- Required: Yes
- Type: string
The unique identifier of the trust anchor.
Result Syntax
[
'trustAnchor' => [
'createdAt' => <DateTime>,
'enabled' => true || false,
'name' => '<string>',
'source' => [
'sourceData' => [
'acmPcaArn' => '<string>',
'x509CertificateData' => '<string>',
],
'sourceType' => 'AWS_ACM_PCA|CERTIFICATE_BUNDLE|SELF_SIGNED_REPOSITORY',
],
'trustAnchorArn' => '<string>',
'trustAnchorId' => '<string>',
'updatedAt' => <DateTime>,
],
]
Result Details
Members
- trustAnchor
-
- Required: Yes
- Type: TrustAnchorDetail structure
The state of the trust anchor after a read or write operation.
Errors
-
Validation exception error.
-
The resource could not be found.
-
You do not have sufficient access to perform this action.
Shapes
AccessDeniedException
CredentialSummary
Description
A record of a presented X509 credential to CreateSession.
Members
- enabled
-
- Type: boolean
Indicates whether the credential is enabled.
- failed
-
- Type: boolean
Indicates whether the CreateSession operation was successful.
- issuer
-
- Type: string
The fully qualified domain name of the issuing certificate for the presented end-entity certificate.
- seenAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The ISO-8601 time stamp of when the certificate was last used in a CreateSession operation.
- serialNumber
-
- Type: string
The serial number of the certificate.
- x509CertificateData
-
- Type: string
The PEM-encoded data of the certificate.
CrlDetail
Description
The state of the certificate revocation list (CRL) after a read or write operation.
Members
- createdAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The ISO-8601 timestamp when the certificate revocation list (CRL) was created.
- crlArn
-
- Type: string
The ARN of the certificate revocation list (CRL).
- crlData
-
- Type: blob (string|resource|Psr\Http\Message\StreamInterface)
The state of the certificate revocation list (CRL) after a read or write operation.
- crlId
-
- Type: string
The unique identifier of the certificate revocation list (CRL).
- enabled
-
- Type: boolean
Indicates whether the certificate revocation list (CRL) is enabled.
- name
-
- Type: string
The name of the certificate revocation list (CRL).
- trustAnchorArn
-
- Type: string
The ARN of the TrustAnchor the certificate revocation list (CRL) will provide revocation for.
- updatedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The ISO-8601 timestamp when the certificate revocation list (CRL) was last updated.
InstanceProperty
Description
A key-value pair you set that identifies a property of the authenticating instance.
Members
- failed
-
- Type: boolean
Indicates whether the CreateSession operation was successful.
- properties
-
- Type: Associative array of custom strings keys (InstancePropertyMapKeyString) to strings
A list of instanceProperty objects.
- seenAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The ISO-8601 time stamp of when the certificate was last used in a CreateSession operation.
ProfileDetail
Description
The state of the profile after a read or write operation.
Members
- createdAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The ISO-8601 timestamp when the profile was created.
- createdBy
-
- Type: string
The Amazon Web Services account that created the profile.
- durationSeconds
-
- Type: int
The number of seconds the vended session credentials are valid for.
- enabled
-
- Type: boolean
Indicates whether the profile is enabled.
- managedPolicyArns
-
- Type: Array of strings
A list of managed policy ARNs that apply to the vended session credentials.
- name
-
- Type: string
The name of the profile.
- profileArn
-
- Type: string
The ARN of the profile.
- profileId
-
- Type: string
The unique identifier of the profile.
- requireInstanceProperties
-
- Type: boolean
Specifies whether instance properties are required in CreateSession requests with this profile.
- roleArns
-
- Type: Array of strings
A list of IAM roles that this profile can assume in a CreateSession operation.
- sessionPolicy
-
- Type: string
A session policy that applies to the trust boundary of the vended session credentials.
- updatedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The ISO-8601 timestamp when the profile was last updated.
ResourceNotFoundException
Source
Description
The trust anchor type and its related certificate data.
Members
- sourceData
-
- Type: SourceData structure
The data field of the trust anchor depending on its type.
- sourceType
-
- Type: string
The type of the trust anchor.
SourceData
Description
The data field of the trust anchor depending on its type.
Members
- acmPcaArn
-
- Type: string
The root certificate of the Certificate Manager Private Certificate Authority specified by this ARN is used in trust validation for CreateSession operations. Included for trust anchors of type
AWS_ACM_PCA. - x509CertificateData
-
- Type: string
The PEM-encoded data for the certificate anchor. Included for trust anchors of type
CERTIFICATE_BUNDLE.
SubjectDetail
Description
The state of the subject after a read or write operation.
Members
- createdAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The ISO-8601 timestamp when the subject was created.
- credentials
-
- Type: Array of CredentialSummary structures
The temporary session credentials vended at the last authenticating call with this Subject.
- enabled
-
- Type: boolean
The enabled status of the subject.
- instanceProperties
-
- Type: Array of InstanceProperty structures
The specified instance properties associated with the request.
- lastSeenAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The ISO-8601 timestamp of the last time this Subject requested temporary session credentials.
- subjectArn
-
- Type: string
The ARN of the resource.
- subjectId
-
- Type: string
The id of the resource
- updatedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The ISO-8601 timestamp when the subject was last updated.
- x509Subject
-
- Type: string
The x509 principal identifier of the authenticating certificate.
SubjectSummary
Description
A summary representation of Subject resources returned in read operations; primarily ListSubjects.
Members
- createdAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The ISO-8601 time stamp of when the certificate was first used in a CreateSession operation.
- enabled
-
- Type: boolean
The enabled status of the Subject.
- lastSeenAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The ISO-8601 time stamp of when the certificate was last used in a CreateSession operation.
- subjectArn
-
- Type: string
The ARN of the resource.
- subjectId
-
- Type: string
The id of the resource.
- updatedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The ISO-8601 timestamp when the subject was last updated.
- x509Subject
-
- Type: string
The x509 principal identifier of the authenticating certificate.
Tag
Description
A label that consists of a key and value you define.
Members
TooManyTagsException
TrustAnchorDetail
Description
The state of the trust anchor after a read or write operation.
Members
- createdAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The ISO-8601 timestamp when the trust anchor was created.
- enabled
-
- Type: boolean
Indicates whether the trust anchor is enabled.
- name
-
- Type: string
The name of the trust anchor.
- source
-
- Type: Source structure
The trust anchor type and its related certificate data.
- trustAnchorArn
-
- Type: string
The ARN of the trust anchor.
- trustAnchorId
-
- Type: string
The unique identifier of the trust anchor.
- updatedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The ISO-8601 timestamp when the trust anchor was last updated.