UpdateProfile - IAM Roles Anywhere

UpdateProfile

Updates a profile, a list of the roles that IAM Roles Anywhere service is trusted to assume. You use profiles to intersect permissions with IAM managed policies.

Required permissions: rolesanywhere:UpdateProfile.

Request Syntax

PATCH /profile/profileId HTTP/1.1 Content-type: application/json { "acceptRoleSessionName": boolean, "durationSeconds": number, "managedPolicyArns": [ "string" ], "name": "string", "roleArns": [ "string" ], "sessionPolicy": "string" }

URI Request Parameters

The request uses the following URI parameters.

profileId

The unique identifier of the profile.

Length Constraints: Fixed length of 36.

Pattern: [a-f0-9]{8}-([a-z0-9]{4}-){3}[a-z0-9]{12}

Required: Yes

Request Body

The request accepts the following data in JSON format.

acceptRoleSessionName

Used to determine if a custom role session name will be accepted in a temporary credential request.

Type: Boolean

Required: No

durationSeconds

Used to determine how long sessions vended using this profile are valid for. See the Expiration section of the CreateSession API documentation page for more details. In requests, if this value is not provided, the default value will be 3600.

Type: Integer

Valid Range: Minimum value of 900. Maximum value of 43200.

Required: No

managedPolicyArns

A list of managed policy ARNs that apply to the vended session credentials.

Type: Array of strings

Array Members: Minimum number of 0 items. Maximum number of 50 items.

Length Constraints: Minimum length of 1. Maximum length of 200.

Required: No

name

The name of the profile.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 255.

Pattern: ^[ a-zA-Z0-9-_]*$

Required: No

roleArns

A list of IAM roles that this profile can assume in a temporary credential request.

Type: Array of strings

Array Members: Minimum number of 0 items. Maximum number of 250 items.

Length Constraints: Minimum length of 1. Maximum length of 1011.

Pattern: ^arn:aws(-[^:]+)?:iam(:.*){2}(:role.*)$

Required: No

sessionPolicy

A session policy that applies to the trust boundary of the vended session credentials.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 100000.

Required: No

Response Syntax

HTTP/1.1 200 Content-type: application/json { "profile": { "acceptRoleSessionName": boolean, "attributeMappings": [ { "certificateField": "string", "mappingRules": [ { "specifier": "string" } ] } ], "createdAt": "string", "createdBy": "string", "durationSeconds": number, "enabled": boolean, "managedPolicyArns": [ "string" ], "name": "string", "profileArn": "string", "profileId": "string", "requireInstanceProperties": boolean, "roleArns": [ "string" ], "sessionPolicy": "string", "updatedAt": "string" } }

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

profile

The state of the profile after a read or write operation.

Type: ProfileDetail object

Errors

For information about the errors that are common to all actions, see Common Errors.

AccessDeniedException

You do not have sufficient access to perform this action.

HTTP Status Code: 403

ResourceNotFoundException

The resource could not be found.

HTTP Status Code: 404

ValidationException

Validation exception error.

HTTP Status Code: 400

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: