Class: Aws::IAM::Resource

Inherits:
Object
  • Object
show all
Defined in:
gems/aws-sdk-iam/lib/aws-sdk-iam/resource.rb,
gems/aws-sdk-iam/lib/aws-sdk-iam/customizations/resource.rb

Overview

This class provides a resource oriented interface for IAM. To create a resource object:

resource = Aws::IAM::Resource.new(region: 'us-west-2')

You can supply a client object with custom configuration that will be used for all resource operations. If you do not pass :client, a default client will be constructed.

client = Aws::IAM::Client.new(region: 'us-west-2')
resource = Aws::IAM::Resource.new(client: client)

Actions collapse

Associations collapse

Instance Method Summary collapse

Constructor Details

#initialize(options = {}) ⇒ Resource

Returns a new instance of Resource.

Parameters:

  • options ({}) (defaults to: {})

Options Hash (options):



27
28
29
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/resource.rb', line 27

def initialize(options = {})
  @client = options[:client] || Client.new(options)
end

Instance Method Details

#account_password_policyAccountPasswordPolicy



971
972
973
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/resource.rb', line 971

def 
  AccountPasswordPolicy.new(client: @client)
end

#account_summaryAccountSummary

Returns:



976
977
978
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/resource.rb', line 976

def 
  AccountSummary.new(client: @client)
end

#change_password(options = {}) ⇒ EmptyStructure

Examples:

Request syntax with placeholder values


iam.change_password({
  old_password: "passwordType", # required
  new_password: "passwordType", # required
})

Parameters:

  • options (Hash) (defaults to: {})

    ({})

Options Hash (options):

  • :old_password (required, String)

    The IAM user's current password.

  • :new_password (required, String)

    The new password. The new password must conform to the Amazon Web Services account's password policy, if one exists.

    The regex pattern that is used to validate this parameter is a string of characters. That string can include almost any printable ASCII character from the space (\u0020) through the end of the ASCII character range (\u00FF). You can also include the tab (\u0009), line feed (\u000A), and carriage return (\u000D) characters. Any of these characters are valid in a password. However, many tools, such as the Amazon Web Services Management Console, might restrict the ability to type certain characters because they have special meaning within that tool.

Returns:

  • (EmptyStructure)


65
66
67
68
69
70
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/resource.rb', line 65

def change_password(options = {})
  resp = Aws::Plugins::UserAgent.feature('resource') do
    @client.change_password(options)
  end
  resp.data
end

#clientClient

Returns:



32
33
34
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/resource.rb', line 32

def client
  @client
end

#create_account_alias(options = {}) ⇒ EmptyStructure

Examples:

Request syntax with placeholder values


iam.({
  account_alias: "accountAliasType", # required
})

Parameters:

  • options (Hash) (defaults to: {})

    ({})

Options Hash (options):

  • :account_alias (required, String)

    The account alias to create.

    This parameter allows (through its regex pattern) a string of characters consisting of lowercase letters, digits, and dashes. You cannot start or finish with a dash, nor can you have two dashes in a row.

Returns:

  • (EmptyStructure)


90
91
92
93
94
95
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/resource.rb', line 90

def (options = {})
  resp = Aws::Plugins::UserAgent.feature('resource') do
    @client.(options)
  end
  resp.data
end

#create_account_password_policy(options = {}) ⇒ AccountPasswordPolicy

Examples:

Request syntax with placeholder values


accountpasswordpolicy = iam.({
  minimum_password_length: 1,
  require_symbols: false,
  require_numbers: false,
  require_uppercase_characters: false,
  require_lowercase_characters: false,
  allow_users_to_change_password: false,
  max_password_age: 1,
  password_reuse_prevention: 1,
  hard_expiry: false,
})

Parameters:

  • options (Hash) (defaults to: {})

    ({})

Options Hash (options):

  • :minimum_password_length (Integer)

    The minimum number of characters allowed in an IAM user password.

    If you do not specify a value for this parameter, then the operation uses the default value of 6.

  • :require_symbols (Boolean)

    Specifies whether IAM user passwords must contain at least one of the following non-alphanumeric characters:

    ! @ # $ % ^ & * ( ) _ + - = [ ] \{ \} | '

    If you do not specify a value for this parameter, then the operation uses the default value of false. The result is that passwords do not require at least one symbol character.

  • :require_numbers (Boolean)

    Specifies whether IAM user passwords must contain at least one numeric character (0 to 9).

    If you do not specify a value for this parameter, then the operation uses the default value of false. The result is that passwords do not require at least one numeric character.

  • :require_uppercase_characters (Boolean)

    Specifies whether IAM user passwords must contain at least one uppercase character from the ISO basic Latin alphabet (A to Z).

    If you do not specify a value for this parameter, then the operation uses the default value of false. The result is that passwords do not require at least one uppercase character.

  • :require_lowercase_characters (Boolean)

    Specifies whether IAM user passwords must contain at least one lowercase character from the ISO basic Latin alphabet (a to z).

    If you do not specify a value for this parameter, then the operation uses the default value of false. The result is that passwords do not require at least one lowercase character.

  • :allow_users_to_change_password (Boolean)

    Allows all IAM users in your account to use the Amazon Web Services Management Console to change their own passwords. For more information, see Permitting IAM users to change their own passwords in the IAM User Guide.

    If you do not specify a value for this parameter, then the operation uses the default value of false. The result is that IAM users in the account do not automatically have permissions to change their own password.

  • :max_password_age (Integer)

    The number of days that an IAM user password is valid.

    If you do not specify a value for this parameter, then the operation uses the default value of 0. The result is that IAM user passwords never expire.

  • :password_reuse_prevention (Integer)

    Specifies the number of previous passwords that IAM users are prevented from reusing.

    If you do not specify a value for this parameter, then the operation uses the default value of 0. The result is that IAM users are not prevented from reusing previous passwords.

  • :hard_expiry (Boolean)

    Prevents IAM users who are accessing the account via the Amazon Web Services Management Console from setting a new console password after their password has expired. The IAM user cannot access the console until an administrator resets the password.

    If you do not specify a value for this parameter, then the operation uses the default value of false. The result is that IAM users can change their passwords after they expire and continue to sign in as the user.

    In the Amazon Web Services Management Console, the custom password policy option Allow users to change their own password gives IAM users permissions to iam:ChangePassword for only their user and to the iam:GetAccountPasswordPolicy action. This option does not attach a permissions policy to each user, rather the permissions are applied at the account-level for all users by IAM. IAM users with iam:ChangePassword permission and active access keys can reset their own expired console password using the CLI or API.

Returns:



195
196
197
198
199
200
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/resource.rb', line 195

def (options = {})
  Aws::Plugins::UserAgent.feature('resource') do
    @client.(options)
  end
  AccountPasswordPolicy.new(client: @client)
end

#create_group(options = {}) ⇒ Group

Examples:

Request syntax with placeholder values


group = iam.create_group({
  path: "pathType",
  group_name: "groupNameType", # required
})

Parameters:

  • options (Hash) (defaults to: {})

    ({})

Options Hash (options):

  • :path (String)

    The path to the group. For more information about paths, see IAM identifiers in the IAM User Guide.

    This parameter is optional. If it is not included, it defaults to a slash (/).

    This parameter allows (through its regex pattern) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (\u0021) through the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.

  • :group_name (required, String)

    The name of the group to create. Do not include the path in this value.

    IAM user, group, role, and policy names must be unique within the account. Names are not distinguished by case. For example, you cannot create resources named both "MyResource" and "myresource".

Returns:



235
236
237
238
239
240
241
242
243
244
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/resource.rb', line 235

def create_group(options = {})
  resp = Aws::Plugins::UserAgent.feature('resource') do
    @client.create_group(options)
  end
  Group.new(
    name: options[:group_name],
    data: resp.data.group,
    client: @client
  )
end

#create_instance_profile(options = {}) ⇒ InstanceProfile

Examples:

Request syntax with placeholder values


instanceprofile = iam.create_instance_profile({
  instance_profile_name: "instanceProfileNameType", # required
  path: "pathType",
  tags: [
    {
      key: "tagKeyType", # required
      value: "tagValueType", # required
    },
  ],
})

Parameters:

  • options (Hash) (defaults to: {})

    ({})

Options Hash (options):

  • :instance_profile_name (required, String)

    The name of the instance profile to create.

    This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

  • :path (String)

    The path to the instance profile. For more information about paths, see IAM Identifiers in the IAM User Guide.

    This parameter is optional. If it is not included, it defaults to a slash (/).

    This parameter allows (through its regex pattern) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (\u0021) through the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.

  • :tags (Array<Types::Tag>)

    A list of tags that you want to attach to the newly created IAM instance profile. Each tag consists of a key name and an associated value. For more information about tagging, see Tagging IAM resources in the IAM User Guide.

    If any one of the tags is invalid or if you exceed the allowed maximum number of tags, then the entire request fails and the resource is not created.

Returns:



304
305
306
307
308
309
310
311
312
313
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/resource.rb', line 304

def create_instance_profile(options = {})
  resp = Aws::Plugins::UserAgent.feature('resource') do
    @client.create_instance_profile(options)
  end
  InstanceProfile.new(
    name: options[:instance_profile_name],
    data: resp.data.instance_profile,
    client: @client
  )
end

#create_policy(options = {}) ⇒ Policy

Examples:

Request syntax with placeholder values


policy = iam.create_policy({
  policy_name: "policyNameType", # required
  path: "policyPathType",
  policy_document: "policyDocumentType", # required
  description: "policyDescriptionType",
  tags: [
    {
      key: "tagKeyType", # required
      value: "tagValueType", # required
    },
  ],
})

Parameters:

  • options (Hash) (defaults to: {})

    ({})

Options Hash (options):

  • :policy_name (required, String)

    The friendly name of the policy.

    IAM user, group, role, and policy names must be unique within the account. Names are not distinguished by case. For example, you cannot create resources named both "MyResource" and "myresource".

  • :path (String)

    The path for the policy.

    For more information about paths, see IAM identifiers in the IAM User Guide.

    This parameter is optional. If it is not included, it defaults to a slash (/).

    This parameter allows (through its regex pattern) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (\u0021) through the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.

    You cannot use an asterisk (*) in the path name.

  • :policy_document (required, String)

    The JSON policy document that you want to use as the content for the new policy.

    You must provide policies in JSON format in IAM. However, for CloudFormation templates formatted in YAML, you can provide the policy in JSON or YAML format. CloudFormation always converts a YAML policy to JSON format before submitting it to IAM.

    The maximum length of the policy document that you can pass in this operation, including whitespace, is listed below. To view the maximum character counts of a managed policy with no whitespaces, see IAM and STS character quotas.

    To learn more about JSON policy grammar, see Grammar of the IAM JSON policy language in the IAM User Guide.

    The regex pattern used to validate this parameter is a string of characters consisting of the following:

    • Any printable ASCII character ranging from the space character (\u0020) through the end of the ASCII character range

    • The printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF)

    • The special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D)

  • :description (String)

    A friendly description of the policy.

    Typically used to store information about the permissions defined in the policy. For example, "Grants access to production DynamoDB tables."

    The policy description is immutable. After a value is assigned, it cannot be changed.

  • :tags (Array<Types::Tag>)

    A list of tags that you want to attach to the new IAM customer managed policy. Each tag consists of a key name and an associated value. For more information about tagging, see Tagging IAM resources in the IAM User Guide.

    If any one of the tags is invalid or if you exceed the allowed maximum number of tags, then the entire request fails and the resource is not created.

Returns:



419
420
421
422
423
424
425
426
427
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/resource.rb', line 419

def create_policy(options = {})
  resp = Aws::Plugins::UserAgent.feature('resource') do
    @client.create_policy(options)
  end
  Policy.new(
    arn: resp.data.policy.arn,
    client: @client
  )
end

#create_role(options = {}) ⇒ Role

Examples:

Request syntax with placeholder values


role = iam.create_role({
  path: "pathType",
  role_name: "roleNameType", # required
  assume_role_policy_document: "policyDocumentType", # required
  description: "roleDescriptionType",
  max_session_duration: 1,
  permissions_boundary: "arnType",
  tags: [
    {
      key: "tagKeyType", # required
      value: "tagValueType", # required
    },
  ],
})

Parameters:

  • options (Hash) (defaults to: {})

    ({})

Options Hash (options):

  • :path (String)

    The path to the role. For more information about paths, see IAM Identifiers in the IAM User Guide.

    This parameter is optional. If it is not included, it defaults to a slash (/).

    This parameter allows (through its regex pattern) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (\u0021) through the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.

  • :role_name (required, String)

    The name of the role to create.

    IAM user, group, role, and policy names must be unique within the account. Names are not distinguished by case. For example, you cannot create resources named both "MyResource" and "myresource".

    This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

  • :assume_role_policy_document (required, String)

    The trust relationship policy document that grants an entity permission to assume the role.

    In IAM, you must provide a JSON policy that has been converted to a string. However, for CloudFormation templates formatted in YAML, you can provide the policy in JSON or YAML format. CloudFormation always converts a YAML policy to JSON format before submitting it to IAM.

    The regex pattern used to validate this parameter is a string of characters consisting of the following:

    • Any printable ASCII character ranging from the space character (\u0020) through the end of the ASCII character range

    • The printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF)

    • The special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D)

    Upon success, the response includes the same trust policy in JSON format.

  • :description (String)

    A description of the role.

  • :max_session_duration (Integer)

    The maximum session duration (in seconds) that you want to set for the specified role. If you do not specify a value for this setting, the default value of one hour is applied. This setting can have a value from 1 hour to 12 hours.

    Anyone who assumes the role from the CLI or API can use the DurationSeconds API parameter or the duration-seconds CLI parameter to request a longer session. The MaxSessionDuration setting determines the maximum duration that can be requested using the DurationSeconds parameter. If users don't specify a value for the DurationSeconds parameter, their security credentials are valid for one hour by default. This applies when you use the AssumeRole* API operations or the assume-role* CLI operations but does not apply when you use those operations to create a console URL. For more information, see Using IAM roles in the IAM User Guide.

  • :permissions_boundary (String)

    The ARN of the managed policy that is used to set the permissions boundary for the role.

    A permissions boundary policy defines the maximum permissions that identity-based policies can grant to an entity, but does not grant permissions. Permissions boundaries do not define the maximum permissions that a resource-based policy can grant to an entity. To learn more, see Permissions boundaries for IAM entities in the IAM User Guide.

    For more information about policy types, see Policy types in the IAM User Guide.

  • :tags (Array<Types::Tag>)

    A list of tags that you want to attach to the new role. Each tag consists of a key name and an associated value. For more information about tagging, see Tagging IAM resources in the IAM User Guide.

    If any one of the tags is invalid or if you exceed the allowed maximum number of tags, then the entire request fails and the resource is not created.

Returns:



561
562
563
564
565
566
567
568
569
570
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/resource.rb', line 561

def create_role(options = {})
  resp = Aws::Plugins::UserAgent.feature('resource') do
    @client.create_role(options)
  end
  Role.new(
    name: options[:role_name],
    data: resp.data.role,
    client: @client
  )
end

#create_saml_provider(options = {}) ⇒ SamlProvider

Examples:

Request syntax with placeholder values


samlprovider = iam.create_saml_provider({
  saml_metadata_document: "SAMLMetadataDocumentType", # required
  name: "SAMLProviderNameType", # required
  tags: [
    {
      key: "tagKeyType", # required
      value: "tagValueType", # required
    },
  ],
})

Parameters:

  • options (Hash) (defaults to: {})

    ({})

Options Hash (options):

  • :saml_metadata_document (required, String)

    An XML document generated by an identity provider (IdP) that supports SAML 2.0. The document includes the issuer's name, expiration information, and keys that can be used to validate the SAML authentication response (assertions) that are received from the IdP. You must generate the metadata document using the identity management software that is used as your organization's IdP.

    For more information, see About SAML 2.0-based federation in the IAM User Guide

  • :name (required, String)

    The name of the provider to create.

    This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

  • :tags (Array<Types::Tag>)

    A list of tags that you want to attach to the new IAM SAML provider. Each tag consists of a key name and an associated value. For more information about tagging, see Tagging IAM resources in the IAM User Guide.

    If any one of the tags is invalid or if you exceed the allowed maximum number of tags, then the entire request fails and the resource is not created.

Returns:



626
627
628
629
630
631
632
633
634
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/resource.rb', line 626

def create_saml_provider(options = {})
  resp = Aws::Plugins::UserAgent.feature('resource') do
    @client.create_saml_provider(options)
  end
  SamlProvider.new(
    arn: resp.data.saml_provider_arn,
    client: @client
  )
end

#create_server_certificate(options = {}) ⇒ ServerCertificate

Examples:

Request syntax with placeholder values


servercertificate = iam.create_server_certificate({
  path: "pathType",
  server_certificate_name: "serverCertificateNameType", # required
  certificate_body: "certificateBodyType", # required
  private_key: "privateKeyType", # required
  certificate_chain: "certificateChainType",
  tags: [
    {
      key: "tagKeyType", # required
      value: "tagValueType", # required
    },
  ],
})

Parameters:

  • options (Hash) (defaults to: {})

    ({})

Options Hash (options):

  • :path (String)

    The path for the server certificate. For more information about paths, see IAM identifiers in the IAM User Guide.

    This parameter is optional. If it is not included, it defaults to a slash (/). This parameter allows (through its regex pattern) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (\u0021) through the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.

    If you are uploading a server certificate specifically for use with Amazon CloudFront distributions, you must specify a path using the path parameter. The path must begin with /cloudfront and must include a trailing slash (for example, /cloudfront/test/).

  • :server_certificate_name (required, String)

    The name for the server certificate. Do not include the path in this value. The name of the certificate cannot contain any spaces.

    This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

  • :certificate_body (required, String)

    The contents of the public key certificate in PEM-encoded format.

    The regex pattern used to validate this parameter is a string of characters consisting of the following:

    • Any printable ASCII character ranging from the space character (\u0020) through the end of the ASCII character range

    • The printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF)

    • The special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D)

  • :private_key (required, String)

    The contents of the private key in PEM-encoded format.

    The regex pattern used to validate this parameter is a string of characters consisting of the following:

    • Any printable ASCII character ranging from the space character (\u0020) through the end of the ASCII character range

    • The printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF)

    • The special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D)

  • :certificate_chain (String)

    The contents of the certificate chain. This is typically a concatenation of the PEM-encoded public key certificates of the chain.

    The regex pattern used to validate this parameter is a string of characters consisting of the following:

    • Any printable ASCII character ranging from the space character (\u0020) through the end of the ASCII character range

    • The printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF)

    • The special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D)

  • :tags (Array<Types::Tag>)

    A list of tags that you want to attach to the new IAM server certificate resource. Each tag consists of a key name and an associated value. For more information about tagging, see Tagging IAM resources in the IAM User Guide.

    If any one of the tags is invalid or if you exceed the allowed maximum number of tags, then the entire request fails and the resource is not created.

Returns:



758
759
760
761
762
763
764
765
766
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/resource.rb', line 758

def create_server_certificate(options = {})
  Aws::Plugins::UserAgent.feature('resource') do
    @client.upload_server_certificate(options)
  end
  ServerCertificate.new(
    name: options[:server_certificate_name],
    client: @client
  )
end

#create_signing_certificate(options = {}) ⇒ SigningCertificate

Examples:

Request syntax with placeholder values


signingcertificate = iam.create_signing_certificate({
  user_name: "existingUserNameType",
  certificate_body: "certificateBodyType", # required
})

Parameters:

  • options (Hash) (defaults to: {})

    ({})

Options Hash (options):

  • :user_name (String)

    The name of the user the signing certificate is for.

    This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

  • :certificate_body (required, String)

    The contents of the signing certificate.

    The regex pattern used to validate this parameter is a string of characters consisting of the following:

    • Any printable ASCII character ranging from the space character (\u0020) through the end of the ASCII character range

    • The printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF)

    • The special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D)

Returns:



805
806
807
808
809
810
811
812
813
814
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/resource.rb', line 805

def create_signing_certificate(options = {})
  resp = Aws::Plugins::UserAgent.feature('resource') do
    @client.upload_signing_certificate(options)
  end
  SigningCertificate.new(
    id: resp.data.certificate.certificate_id,
    data: resp.data.certificate,
    client: @client
  )
end

#create_user(options = {}) ⇒ User

Examples:

Request syntax with placeholder values


user = iam.create_user({
  path: "pathType",
  user_name: "userNameType", # required
  permissions_boundary: "arnType",
  tags: [
    {
      key: "tagKeyType", # required
      value: "tagValueType", # required
    },
  ],
})

Parameters:

  • options (Hash) (defaults to: {})

    ({})

Options Hash (options):

  • :path (String)

    The path for the user name. For more information about paths, see IAM identifiers in the IAM User Guide.

    This parameter is optional. If it is not included, it defaults to a slash (/).

    This parameter allows (through its regex pattern) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (\u0021) through the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.

  • :user_name (required, String)

    The name of the user to create.

    IAM user, group, role, and policy names must be unique within the account. Names are not distinguished by case. For example, you cannot create resources named both "MyResource" and "myresource".

  • :permissions_boundary (String)

    The ARN of the managed policy that is used to set the permissions boundary for the user.

    A permissions boundary policy defines the maximum permissions that identity-based policies can grant to an entity, but does not grant permissions. Permissions boundaries do not define the maximum permissions that a resource-based policy can grant to an entity. To learn more, see Permissions boundaries for IAM entities in the IAM User Guide.

    For more information about policy types, see Policy types in the IAM User Guide.

  • :tags (Array<Types::Tag>)

    A list of tags that you want to attach to the new user. Each tag consists of a key name and an associated value. For more information about tagging, see Tagging IAM resources in the IAM User Guide.

    If any one of the tags is invalid or if you exceed the allowed maximum number of tags, then the entire request fails and the resource is not created.

Returns:



887
888
889
890
891
892
893
894
895
896
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/resource.rb', line 887

def create_user(options = {})
  resp = Aws::Plugins::UserAgent.feature('resource') do
    @client.create_user(options)
  end
  User.new(
    name: options[:user_name],
    data: resp.data.user,
    client: @client
  )
end

#create_virtual_mfa_device(options = {}) ⇒ VirtualMfaDevice

Examples:

Request syntax with placeholder values


virtualmfadevice = iam.create_virtual_mfa_device({
  path: "pathType",
  virtual_mfa_device_name: "virtualMFADeviceName", # required
  tags: [
    {
      key: "tagKeyType", # required
      value: "tagValueType", # required
    },
  ],
})

Parameters:

  • options (Hash) (defaults to: {})

    ({})

Options Hash (options):

  • :path (String)

    The path for the virtual MFA device. For more information about paths, see IAM identifiers in the IAM User Guide.

    This parameter is optional. If it is not included, it defaults to a slash (/).

    This parameter allows (through its regex pattern) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (\u0021) through the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.

  • :virtual_mfa_device_name (required, String)

    The name of the virtual MFA device, which must be unique. Use with path to uniquely identify a virtual MFA device.

    This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

  • :tags (Array<Types::Tag>)

    A list of tags that you want to attach to the new IAM virtual MFA device. Each tag consists of a key name and an associated value. For more information about tagging, see Tagging IAM resources in the IAM User Guide.

    If any one of the tags is invalid or if you exceed the allowed maximum number of tags, then the entire request fails and the resource is not created.

Returns:



957
958
959
960
961
962
963
964
965
966
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/resource.rb', line 957

def create_virtual_mfa_device(options = {})
  resp = Aws::Plugins::UserAgent.feature('resource') do
    @client.create_virtual_mfa_device(options)
  end
  VirtualMfaDevice.new(
    serial_number: resp.data.virtual_mfa_device.serial_number,
    data: resp.data.virtual_mfa_device,
    client: @client
  )
end

#current_userCurrentUser

Returns:



981
982
983
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/resource.rb', line 981

def current_user
  CurrentUser.new(client: @client)
end

#delete_account_aliasSeahorse::Client::Response, false

Returns the response from Client#delete_account_alias if an alias was deleted. Returns false if this account had no alias to remove.

Returns:

See Also:



11
12
13
14
15
16
17
18
19
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/customizations/resource.rb', line 11

def 
  Aws::Plugins::UserAgent.feature('resource') do
    if name = @client...first
      @client.(account_alias: name)
    else
      false
    end
  end
end

#group(name) ⇒ Group

Parameters:

  • name (String)

Returns:



987
988
989
990
991
992
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/resource.rb', line 987

def group(name)
  Group.new(
    name: name,
    client: @client
  )
end

#groups(options = {}) ⇒ Group::Collection

Examples:

Request syntax with placeholder values


groups = iam.groups({
  path_prefix: "pathPrefixType",
})

Parameters:

  • options (Hash) (defaults to: {})

    ({})

Options Hash (options):

  • :path_prefix (String)

    The path prefix for filtering the results. For example, the prefix /division_abc/subdivision_xyz/ gets all groups whose path starts with /division_abc/subdivision_xyz/.

    This parameter is optional. If it is not included, it defaults to a slash (/), listing all groups. This parameter allows (through its regex pattern) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (\u0021) through the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.

Returns:



1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/resource.rb', line 1017

def groups(options = {})
  batches = Enumerator.new do |y|
    resp = Aws::Plugins::UserAgent.feature('resource') do
      @client.list_groups(options)
    end
    resp.each_page do |page|
      batch = []
      page.data.groups.each do |g|
        batch << Group.new(
          name: g.group_name,
          data: g,
          client: @client
        )
      end
      y.yield(batch)
    end
  end
  Group::Collection.new(batches)
end

#instance_profile(name) ⇒ InstanceProfile

Parameters:

  • name (String)

Returns:



1039
1040
1041
1042
1043
1044
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/resource.rb', line 1039

def instance_profile(name)
  InstanceProfile.new(
    name: name,
    client: @client
  )
end

#instance_profiles(options = {}) ⇒ InstanceProfile::Collection

Examples:

Request syntax with placeholder values


instance_profiles = iam.instance_profiles({
  path_prefix: "pathPrefixType",
})

Parameters:

  • options (Hash) (defaults to: {})

    ({})

Options Hash (options):

  • :path_prefix (String)

    The path prefix for filtering the results. For example, the prefix /application_abc/component_xyz/ gets all instance profiles whose path starts with /application_abc/component_xyz/.

    This parameter is optional. If it is not included, it defaults to a slash (/), listing all instance profiles. This parameter allows (through its regex pattern) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (\u0021) through the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.

Returns:



1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/resource.rb', line 1070

def instance_profiles(options = {})
  batches = Enumerator.new do |y|
    resp = Aws::Plugins::UserAgent.feature('resource') do
      @client.list_instance_profiles(options)
    end
    resp.each_page do |page|
      batch = []
      page.data.instance_profiles.each do |i|
        batch << InstanceProfile.new(
          name: i.instance_profile_name,
          data: i,
          client: @client
        )
      end
      y.yield(batch)
    end
  end
  InstanceProfile::Collection.new(batches)
end

#policies(options = {}) ⇒ Policy::Collection

Examples:

Request syntax with placeholder values


policies = iam.policies({
  scope: "All", # accepts All, AWS, Local
  only_attached: false,
  path_prefix: "policyPathType",
  policy_usage_filter: "PermissionsPolicy", # accepts PermissionsPolicy, PermissionsBoundary
})

Parameters:

  • options (Hash) (defaults to: {})

    ({})

Options Hash (options):

  • :scope (String)

    The scope to use for filtering the results.

    To list only Amazon Web Services managed policies, set Scope to AWS. To list only the customer managed policies in your Amazon Web Services account, set Scope to Local.

    This parameter is optional. If it is not included, or if it is set to All, all policies are returned.

  • :only_attached (Boolean)

    A flag to filter the results to only the attached policies.

    When OnlyAttached is true, the returned list contains only the policies that are attached to an IAM user, group, or role. When OnlyAttached is false, or when the parameter is not included, all policies are returned.

  • :path_prefix (String)

    The path prefix for filtering the results. This parameter is optional. If it is not included, it defaults to a slash (/), listing all policies. This parameter allows (through its regex pattern) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (\u0021) through the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.

  • :policy_usage_filter (String)

    The policy usage method to use for filtering the results.

    To list only permissions policies, set PolicyUsageFilter to PermissionsPolicy. To list only the policies used to set permissions boundaries, set the value to PermissionsBoundary.

    This parameter is optional. If it is not included, all policies are returned.

Returns:



1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/resource.rb', line 1139

def policies(options = {})
  batches = Enumerator.new do |y|
    resp = Aws::Plugins::UserAgent.feature('resource') do
      @client.list_policies(options)
    end
    resp.each_page do |page|
      batch = []
      page.data.policies.each do |p|
        batch << Policy.new(
          arn: p.arn,
          data: p,
          client: @client
        )
      end
      y.yield(batch)
    end
  end
  Policy::Collection.new(batches)
end

#policy(arn) ⇒ Policy

Parameters:

  • arn (String)

Returns:



1161
1162
1163
1164
1165
1166
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/resource.rb', line 1161

def policy(arn)
  Policy.new(
    arn: arn,
    client: @client
  )
end

#role(name) ⇒ Role

Parameters:

  • name (String)

Returns:



1170
1171
1172
1173
1174
1175
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/resource.rb', line 1170

def role(name)
  Role.new(
    name: name,
    client: @client
  )
end

#roles(options = {}) ⇒ Role::Collection

Examples:

Request syntax with placeholder values


roles = iam.roles({
  path_prefix: "pathPrefixType",
})

Parameters:

  • options (Hash) (defaults to: {})

    ({})

Options Hash (options):

  • :path_prefix (String)

    The path prefix for filtering the results. For example, the prefix /application_abc/component_xyz/ gets all roles whose path starts with /application_abc/component_xyz/.

    This parameter is optional. If it is not included, it defaults to a slash (/), listing all roles. This parameter allows (through its regex pattern) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (\u0021) through the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.

Returns:



1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/resource.rb', line 1200

def roles(options = {})
  batches = Enumerator.new do |y|
    resp = Aws::Plugins::UserAgent.feature('resource') do
      @client.list_roles(options)
    end
    resp.each_page do |page|
      batch = []
      page.data.roles.each do |r|
        batch << Role.new(
          name: r.role_name,
          data: r,
          client: @client
        )
      end
      y.yield(batch)
    end
  end
  Role::Collection.new(batches)
end

#saml_provider(arn) ⇒ SamlProvider

Parameters:

  • arn (String)

Returns:



1222
1223
1224
1225
1226
1227
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/resource.rb', line 1222

def saml_provider(arn)
  SamlProvider.new(
    arn: arn,
    client: @client
  )
end

#saml_providers(options = {}) ⇒ SamlProvider::Collection

Examples:

Request syntax with placeholder values


iam.saml_providers()

Parameters:

  • options (Hash) (defaults to: {})

    ({})

Returns:



1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/resource.rb', line 1234

def saml_providers(options = {})
  batches = Enumerator.new do |y|
    batch = []
    resp = Aws::Plugins::UserAgent.feature('resource') do
      @client.list_saml_providers(options)
    end
    resp.data.saml_provider_list.each do |s|
      batch << SamlProvider.new(
        arn: s.arn,
        client: @client
      )
    end
    y.yield(batch)
  end
  SamlProvider::Collection.new(batches)
end

#server_certificate(name) ⇒ ServerCertificate

Parameters:

  • name (String)

Returns:



1253
1254
1255
1256
1257
1258
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/resource.rb', line 1253

def server_certificate(name)
  ServerCertificate.new(
    name: name,
    client: @client
  )
end

#server_certificates(options = {}) ⇒ ServerCertificate::Collection

Examples:

Request syntax with placeholder values


server_certificates = iam.server_certificates({
  path_prefix: "pathPrefixType",
})

Parameters:

  • options (Hash) (defaults to: {})

    ({})

Options Hash (options):

  • :path_prefix (String)

    The path prefix for filtering the results. For example: /company/servercerts would get all server certificates for which the path starts with /company/servercerts.

    This parameter is optional. If it is not included, it defaults to a slash (/), listing all server certificates. This parameter allows (through its regex pattern) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (\u0021) through the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.

Returns:



1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/resource.rb', line 1284

def server_certificates(options = {})
  batches = Enumerator.new do |y|
    resp = Aws::Plugins::UserAgent.feature('resource') do
      @client.list_server_certificates(options)
    end
    resp.each_page do |page|
      batch = []
      page.data..each do |s|
        batch << ServerCertificate.new(
          name: s.server_certificate_name,
          client: @client
        )
      end
      y.yield(batch)
    end
  end
  ServerCertificate::Collection.new(batches)
end

#user(name) ⇒ User

Parameters:

  • name (String)

Returns:



1305
1306
1307
1308
1309
1310
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/resource.rb', line 1305

def user(name)
  User.new(
    name: name,
    client: @client
  )
end

#users(options = {}) ⇒ User::Collection

Examples:

Request syntax with placeholder values


users = iam.users({
  path_prefix: "pathPrefixType",
})

Parameters:

  • options (Hash) (defaults to: {})

    ({})

Options Hash (options):

  • :path_prefix (String)

    The path prefix for filtering the results. For example: /division_abc/subdivision_xyz/, which would get all user names whose path starts with /division_abc/subdivision_xyz/.

    This parameter is optional. If it is not included, it defaults to a slash (/), listing all user names. This parameter allows (through its regex pattern) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (\u0021) through the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.

Returns:



1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/resource.rb', line 1335

def users(options = {})
  batches = Enumerator.new do |y|
    resp = Aws::Plugins::UserAgent.feature('resource') do
      @client.list_users(options)
    end
    resp.each_page do |page|
      batch = []
      page.data.users.each do |u|
        batch << User.new(
          name: u.user_name,
          data: u,
          client: @client
        )
      end
      y.yield(batch)
    end
  end
  User::Collection.new(batches)
end

#virtual_mfa_device(serial_number) ⇒ VirtualMfaDevice

Parameters:

  • serial_number (String)

Returns:



1357
1358
1359
1360
1361
1362
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/resource.rb', line 1357

def virtual_mfa_device(serial_number)
  VirtualMfaDevice.new(
    serial_number: serial_number,
    client: @client
  )
end

#virtual_mfa_devices(options = {}) ⇒ VirtualMfaDevice::Collection

Examples:

Request syntax with placeholder values


virtual_mfa_devices = iam.virtual_mfa_devices({
  assignment_status: "Assigned", # accepts Assigned, Unassigned, Any
})

Parameters:

  • options (Hash) (defaults to: {})

    ({})

Options Hash (options):

  • :assignment_status (String)

    The status (Unassigned or Assigned) of the devices to list. If you do not specify an AssignmentStatus, the operation defaults to Any, which lists both assigned and unassigned virtual MFA devices.,

Returns:



1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/resource.rb', line 1375

def virtual_mfa_devices(options = {})
  batches = Enumerator.new do |y|
    resp = Aws::Plugins::UserAgent.feature('resource') do
      @client.list_virtual_mfa_devices(options)
    end
    resp.each_page do |page|
      batch = []
      page.data.virtual_mfa_devices.each do |v|
        batch << VirtualMfaDevice.new(
          serial_number: v.serial_number,
          data: v,
          client: @client
        )
      end
      y.yield(batch)
    end
  end
  VirtualMfaDevice::Collection.new(batches)
end