Data retrieval APIs for AWS Identity and Access Management (IAM)
AWS Identity and Access Management (IAM) provides the following APIs for data retrieval.
| Actions | Description | Access level |
|---|---|---|
| GenerateCredentialReport | Generate a credential report for the AWS account | Read |
| GenerateOrganizationsAccessReport | Generate an access report for an AWS Organizations entity | Read |
| GenerateServiceLastAccessedDetails | Generate a service last accessed data report for an IAM resource | Read |
| GetAccessKeyLastUsed | Retrieve information about when the specified access key was last used | Read |
| GetAccountAuthorizationDetails | Retrieve information about all IAM users, groups, roles, and policies in your AWS account, including their relationships to one another | Read |
| GetAccountEmailAddress | Retrieve the email address that is associated with the account | Read |
| GetAccountName | Retrieve the account name that is associated with the account | Read |
| GetAccountPasswordPolicy | Retrieve the password policy for the AWS account | Read |
| GetAccountSummary | Retrieve information about IAM entity usage and IAM quotas in the AWS account | List |
| GetCloudFrontPublicKey | Retrieve information about the specified CloudFront public key | Read |
| GetContextKeysForCustomPolicy | Retrieve a list of all of the context keys that are referenced in the specified policy | Read |
| GetContextKeysForPrincipalPolicy | Retrieve a list of all context keys that are referenced in all IAM policies that are attached to the specified IAM identity (user, group, or role) | Read |
| GetCredentialReport | Retrieve a credential report for the AWS account | Read |
| GetGroup | Retrieve a list of IAM users in the specified IAM group | Read |
| GetGroupPolicy | Retrieve an inline policy document that is embedded in the specified IAM group | Read |
| GetInstanceProfile | Retrieve information about the specified instance profile, including the instance profile's path, GUID, ARN, and role | Read |
| GetLoginProfile | Retrieve the user name and password creation date for the specified IAM user | List |
| GetMFADevice | Retrieve information about an MFA device for the specified user | Read |
| GetOpenIDConnectProvider | Retrieve information about the specified OpenID Connect (OIDC) provider resource in IAM | Read |
| GetOrganizationsAccessReport | Retrieve an AWS Organizations access report | Read |
| GetPolicy | Retrieve information about the specified managed policy, including the policy's default version and the total number of identities to which the policy is attached | Read |
| GetPolicyVersion | Retrieve information about a version of the specified managed policy, including the policy document | Read |
| GetRole | Retrieve information about the specified role, including the role's path, GUID, ARN, and the role's trust policy | Read |
| GetRolePolicy | Retrieve an inline policy document that is embedded with the specified IAM role | Read |
| GetSAMLProvider | Retrieve the SAML provider metadocument that was uploaded when the IAM SAML provider resource was created or updated | Read |
| GetSSHPublicKey | Retrieve the specified SSH public key, including metadata about the key | Read |
| GetServerCertificate | Retrieve information about the specified server certificate stored in IAM | Read |
| GetServiceLastAccessedDetails | Retrieve information about the service last accessed data report | Read |
| GetServiceLastAccessedDetailsWithEntities | Retrieve information about the entities from the service last accessed data report | Read |
| GetServiceLinkedRoleDeletionStatus | Retrieve an IAM service-linked role deletion status | Read |
| GetUser | Retrieve information about the specified IAM user, including the user's creation date, path, unique ID, and ARN | Read |
| GetUserPolicy | Retrieve an inline policy document that is embedded in the specified IAM user | Read |
| ListAccessKeys | List information about the access key IDs that are associated with the specified IAM user | List |
| ListAccountAliases | List the account alias that is associated with the AWS account | List |
| ListAttachedGroupPolicies | List all managed policies that are attached to the specified IAM group | List |
| ListAttachedRolePolicies | List all managed policies that are attached to the specified IAM role | List |
| ListAttachedUserPolicies | List all managed policies that are attached to the specified IAM user | List |
| ListCloudFrontPublicKeys | List all current CloudFront public keys for the account | List |
| ListEntitiesForPolicy | List all IAM identities to which the specified managed policy is attached | List |
| ListGroupPolicies | List the names of the inline policies that are embedded in the specified IAM group | List |
| ListGroups | List the IAM groups that have the specified path prefix | List |
| ListGroupsForUser | List the IAM groups that the specified IAM user belongs to | List |
| ListInstanceProfileTags | List the tags that are attached to the specified instance profile | List |
| ListInstanceProfiles | List the instance profiles that have the specified path prefix | List |
| ListInstanceProfilesForRole | List the instance profiles that have the specified associated IAM role | List |
| ListMFADeviceTags | List the tags that are attached to the specified virtual mfa device | List |
| ListMFADevices | List the MFA devices for an IAM user | List |
| ListOpenIDConnectProviderTags | List the tags that are attached to the specified OpenID Connect provider | List |
| ListOpenIDConnectProviders | List information about the IAM OpenID Connect (OIDC) provider resource objects that are defined in the AWS account | List |
| ListOrganizationsFeatures | List the centralized root access features enabled for your organization | List |
| ListPolicies | List all managed policies | List |
| ListPoliciesGrantingServiceAccess | List information about the policies that grant an entity access to a specific service | List |
| ListPolicyTags | List the tags that are attached to the specified managed policy | List |
| ListPolicyVersions | List information about the versions of the specified managed policy, including the version that is currently set as the policy's default version | List |
| ListRolePolicies | List the names of the inline policies that are embedded in the specified IAM role | List |
| ListRoleTags | List the tags that are attached to the specified IAM role | List |
| ListRoles | List the IAM roles that have the specified path prefix | List |
| ListSAMLProviderTags | List the tags that are attached to the specified SAML provider | List |
| ListSAMLProviders | List the SAML provider resources in IAM | List |
| ListSSHPublicKeys | List information about the SSH public keys that are associated with the specified IAM user | List |
| ListSTSRegionalEndpointsStatus | List the status of all active STS regional endpoints | List |
| ListServerCertificateTags | List the tags that are attached to the specified server certificate | List |
| ListServerCertificates | List the server certificates that have the specified path prefix | List |
| ListServiceSpecificCredentials | List the service-specific credentials that are associated with the specified IAM user | List |
| ListSigningCertificates | List information about the signing certificates that are associated with the specified IAM user | List |
| ListUserPolicies | List the names of the inline policies that are embedded in the specified IAM user | List |
| ListUserTags | List the tags that are attached to the specified IAM user | List |
| ListUsers | List the IAM users that have the specified path prefix | List |
| ListVirtualMFADevices | List virtual MFA devices by assignment status | List |
| SimulateCustomPolicy | Simulate whether an identity-based policy or resource-based policy provides permissions for specific API operations and resources | Read |
| SimulatePrincipalPolicy | Simulate whether an identity-based policy that is attached to a specified IAM entity (user or role) provides permissions for specific API operations and resources | Read |
