AWS SDK for .NET
Developer Guide

Managing IAM Users

This .NET example shows you how to retrieve a list of IAM users, create and delete IAM users, and update an IAM user name.

You can create and manage users in IAM using these methods of the AmazonIdentityManagementServiceClient class:

For more information about IAM users, see IAM Users in the IAM User Guide.

For information about limitations on the number of IAM users you can create, see Limitations on IAM Entities in the IAM User Guide.

Create a User for Your AWS Account

Create an AmazonIdentityManagementServiceClient object. Next, create a CreateUserRequest object containing the user name you want to use for the new user. Call the CreateUser method of the AmazonIAMClient object. If the user name doesn't currently exist, display the name and the ARN for the user on the console. If the name already exists, write a message to that effect to the console.

var client = new AmazonIdentityManagementServiceClient(); var request = new CreateUserRequest { UserName = "DemoUser" }; try { var response = client.CreateUser(request); Console.WriteLine("User Name = '{0}', ARN = '{1}'", response.User.UserName, response.User.Arn); } catch (EntityAlreadyExistsException) { Console.WriteLine("User 'DemoUser' already exists."); }

List Users in Your AWS Account

This example lists the IAM users that have the specified path prefix. If no path prefix is specified, the action returns all users in the AWS account. If there are no users, the action returns an empty list.

Create an AmazonIdentityManagementServiceClient object. Next, create a ListUsersRequest object containing the parameters needed to list your users. Limit the number returned by setting the MaxItems parameter to 10. Call the ListUsers method of the AmazonIdentityManagementServiceClient object. Write each user's name and creation date to the console.

public static void ListUsers() { var iamClient = new AmazonIdentityManagementServiceClient(); var requestUsers = new ListUsersRequest() { MaxItems = 10 }; var responseUsers = iamClient.ListUsers(requestUsers); foreach (var user in responseUsers.Users) { Console.WriteLine("User " + user.UserName + " Created: " + user.CreateDate.ToShortDateString()); } }

Update a User's Name

This example shows how to update the name or the path of the specified IAM user. Be sure you understand the implications of changing an IAM user's path or name. For more information, see Renaming an IAM User in the IAM User Guide.

Create an AmazonIdentityManagementServiceClient object. Next, create an UpdateUserRequest object, specifying both the current and new user names as parameters. Call the UpdateUser method of the AmazonIdentityManagementServiceClient object.

public static void UpdateUser() { var client = new AmazonIdentityManagementServiceClient(); var request = new UpdateUserRequest { UserName = "DemoUser", NewUserName = "NewUser" }; try { var response = client.UpdateUser(request); } catch (EntityAlreadyExistsException) { Console.WriteLine("User 'NewUser' already exists."); } }

Get Information about a User

This example shows how to retrieve information about the specified IAM user, including the user's creation date, path, unique ID, and ARN. If you don't specify a user name, IAM determines the user name implicitly based on the AWS access key ID used to sign the request to this API.

Create an AmazonIdentityManagementServiceClient object. Next, create a GetUserRequest object containing the user name you want to get information about. Call the GetUser method of the AmazonIdentityManagementServiceClient object to get the information. If the user doesn't exist, an exception is thrown.

public static void GetUser() { var client = new AmazonIdentityManagementServiceClient(); var request = new GetUserRequest() { UserName = "DemoUser" }; try { var response = client.GetUser(request); Console.WriteLine("Creation date: " + response.User.CreateDate.ToShortDateString()); Console.WriteLine("Password last used: " + response.User.PasswordLastUsed.ToShortDateString()); Console.WriteLine("UserId = " + response.User.UserId); } catch (NoSuchEntityException) { Console.WriteLine("User 'DemoUser' does not exist."); } }

Delete a User

This example shows how to delete the specified IAM user. The user must not belong to any groups or have any access keys, signing certificates, or attached policies.

Create an AmazonIdentityManagementServiceClient object. Next, create a DeleteUserRequest object containing the parameters needed, which consists of the user name you want to delete. Call the DeleteUser method of the AmazonIdentityManagementServiceClient object to delete it. If the user doesn't exist, an exception is thrown.

public static void DeleteUser() { var client = new AmazonIdentityManagementServiceClient(); var request = new DeleteUserRequest() { UserName = "DemoUser" }; try { var response = client.DeleteUser(request); } catch (NoSuchEntityException) { Console.WriteLine("User DemoUser' does not exist."); } }