Table of Contents
IAM.
Client
¶A low-level client representing AWS Identity and Access Management (IAM):
import boto3
client = boto3.client('iam')
These are the available methods:
add_client_id_to_open_id_connect_provider()
add_role_to_instance_profile()
add_user_to_group()
attach_group_policy()
attach_role_policy()
attach_user_policy()
can_paginate()
change_password()
create_access_key()
create_account_alias()
create_group()
create_instance_profile()
create_login_profile()
create_open_id_connect_provider()
create_policy()
create_policy_version()
create_role()
create_saml_provider()
create_user()
create_virtual_mfa_device()
deactivate_mfa_device()
delete_access_key()
delete_account_alias()
delete_account_password_policy()
delete_group()
delete_group_policy()
delete_instance_profile()
delete_login_profile()
delete_open_id_connect_provider()
delete_policy()
delete_policy_version()
delete_role()
delete_role_policy()
delete_saml_provider()
delete_server_certificate()
delete_signing_certificate()
delete_ssh_public_key()
delete_user()
delete_user_policy()
delete_virtual_mfa_device()
detach_group_policy()
detach_role_policy()
detach_user_policy()
enable_mfa_device()
generate_credential_report()
generate_presigned_url()
get_access_key_last_used()
get_account_authorization_details()
get_account_password_policy()
get_account_summary()
get_credential_report()
get_group()
get_group_policy()
get_instance_profile()
get_login_profile()
get_open_id_connect_provider()
get_paginator()
get_policy()
get_policy_version()
get_role()
get_role_policy()
get_saml_provider()
get_server_certificate()
get_ssh_public_key()
get_user()
get_user_policy()
get_waiter()
list_access_keys()
list_account_aliases()
list_attached_group_policies()
list_attached_role_policies()
list_attached_user_policies()
list_entities_for_policy()
list_group_policies()
list_groups()
list_groups_for_user()
list_instance_profiles()
list_instance_profiles_for_role()
list_mfa_devices()
list_open_id_connect_providers()
list_policies()
list_policy_versions()
list_role_policies()
list_roles()
list_saml_providers()
list_server_certificates()
list_signing_certificates()
list_ssh_public_keys()
list_user_policies()
list_users()
list_virtual_mfa_devices()
put_group_policy()
put_role_policy()
put_user_policy()
remove_client_id_from_open_id_connect_provider()
remove_role_from_instance_profile()
remove_user_from_group()
resync_mfa_device()
set_default_policy_version()
update_access_key()
update_account_password_policy()
update_assume_role_policy()
update_group()
update_login_profile()
update_open_id_connect_provider_thumbprint()
update_saml_provider()
update_server_certificate()
update_signing_certificate()
update_ssh_public_key()
update_user()
upload_server_certificate()
upload_signing_certificate()
upload_ssh_public_key()
add_client_id_to_open_id_connect_provider
(**kwargs)¶Adds a new client ID (also known as audience) to the list of client IDs already registered for the specified IAM OpenID Connect provider.
This action is idempotent; it does not fail or return an error if you add an existing client ID to the provider.
Request Syntax
response = client.add_client_id_to_open_id_connect_provider(
OpenIDConnectProviderArn='string',
ClientID='string'
)
Parameters: |
|
---|---|
Returns: | None |
add_role_to_instance_profile
(**kwargs)¶Adds the specified role to the specified instance profile. For more information about roles, go to Working with Roles . For more information about instance profiles, go to About Instance Profiles .
Request Syntax
response = client.add_role_to_instance_profile(
InstanceProfileName='string',
RoleName='string'
)
Parameters: |
|
---|---|
Returns: | None |
add_user_to_group
(**kwargs)¶Adds the specified user to the specified group.
Request Syntax
response = client.add_user_to_group(
GroupName='string',
UserName='string'
)
Parameters: |
|
---|---|
Returns: | None |
attach_group_policy
(**kwargs)¶Attaches the specified managed policy to the specified group.
You use this API to attach a managed policy to a group. To embed an inline policy in a group, use PutGroupPolicy .
For more information about policies, refer to Managed Policies and Inline Policies in the Using IAM guide.
Request Syntax
response = client.attach_group_policy(
GroupName='string',
PolicyArn='string'
)
Parameters: |
|
---|---|
Returns: | None |
attach_role_policy
(**kwargs)¶Attaches the specified managed policy to the specified role.
When you attach a managed policy to a role, the managed policy is used as the role's access (permissions) policy. You cannot use a managed policy as the role's trust policy. The role's trust policy is created at the same time as the role, using CreateRole . You can update a role's trust policy using UpdateAssumeRolePolicy .
Use this API to attach a managed policy to a role. To embed an inline policy in a role, use PutRolePolicy . For more information about policies, refer to Managed Policies and Inline Policies in the Using IAM guide.
Request Syntax
response = client.attach_role_policy(
RoleName='string',
PolicyArn='string'
)
Parameters: |
|
---|---|
Returns: | None |
attach_user_policy
(**kwargs)¶Attaches the specified managed policy to the specified user.
You use this API to attach a managed policy to a user. To embed an inline policy in a user, use PutUserPolicy .
For more information about policies, refer to Managed Policies and Inline Policies in the Using IAM guide.
Request Syntax
response = client.attach_user_policy(
UserName='string',
PolicyArn='string'
)
Parameters: |
|
---|---|
Returns: | None |
can_paginate
(operation_name)¶Check if an operation can be paginated.
Parameters: | operation_name (string) -- The operation name. This is the same name
as the method name on the client. For example, if the
method name is create_foo , and you'd normally invoke the
operation as client.create_foo(**kwargs) , if the
create_foo operation can be paginated, you can use the
call client.get_paginator("create_foo") . |
---|---|
Returns: | True if the operation can be paginated,
False otherwise. |
change_password
(**kwargs)¶Changes the password of the IAM user who is calling this action. The root account password is not affected by this action.
To change the password for a different user, see UpdateLoginProfile . For more information about modifying passwords, see Managing Passwords in the Using IAM guide.
Request Syntax
response = client.change_password(
OldPassword='string',
NewPassword='string'
)
Parameters: |
|
---|---|
Returns: | None |
create_access_key
(**kwargs)¶Creates a new AWS secret access key and corresponding AWS access key ID for the specified user. The default status for new keys is Active
.
If you do not specify a user name, IAM determines the user name implicitly based on the AWS access key ID signing the request. Because this action works for access keys under the AWS account, you can use this action to manage root credentials even if the AWS account has no associated users.
For information about limits on the number of keys you can create, see Limitations on IAM Entities in the Using IAM guide.
Warning
To ensure the security of your AWS account, the secret access key is accessible only during key and user creation. You must save the key (for example, in a text file) if you want to be able to access it again. If a secret key is lost, you can delete the access keys for the associated user and then create new keys.
Request Syntax
response = client.create_access_key(
UserName='string'
)
Parameters: | UserName (string) -- The user name that the new key will belong to. |
---|---|
Return type: | dict |
Returns: | Response Syntax{
'AccessKey': {
'UserName': 'string',
'AccessKeyId': 'string',
'Status': 'Active'|'Inactive',
'SecretAccessKey': 'string',
'CreateDate': datetime(2015, 1, 1)
}
}
Response Structure
|
create_account_alias
(**kwargs)¶Creates an alias for your AWS account. For information about using an AWS account alias, see Using an Alias for Your AWS Account ID in the Using IAM guide.
Request Syntax
response = client.create_account_alias(
AccountAlias='string'
)
Parameters: | AccountAlias (string) -- [REQUIRED] The account alias to create. |
---|---|
Returns: | None |
create_group
(**kwargs)¶Creates a new group.
For information about the number of groups you can create, see Limitations on IAM Entities in the Using IAM guide.
Request Syntax
response = client.create_group(
Path='string',
GroupName='string'
)
Parameters: |
|
---|---|
Return type: | dict |
Returns: | Response Syntax {
'Group': {
'Path': 'string',
'GroupName': 'string',
'GroupId': 'string',
'Arn': 'string',
'CreateDate': datetime(2015, 1, 1)
}
}
Response Structure
|
create_instance_profile
(**kwargs)¶Creates a new instance profile. For information about instance profiles, go to About Instance Profiles .
For information about the number of instance profiles you can create, see Limitations on IAM Entities in the Using IAM guide.
Request Syntax
response = client.create_instance_profile(
InstanceProfileName='string',
Path='string'
)
Parameters: |
|
---|---|
Return type: | dict |
Returns: | Response Syntax {
'InstanceProfile': {
'Path': 'string',
'InstanceProfileName': 'string',
'InstanceProfileId': 'string',
'Arn': 'string',
'CreateDate': datetime(2015, 1, 1),
'Roles': [
{
'Path': 'string',
'RoleName': 'string',
'RoleId': 'string',
'Arn': 'string',
'CreateDate': datetime(2015, 1, 1),
'AssumeRolePolicyDocument': 'string'
},
]
}
}
Response Structure
|
create_login_profile
(**kwargs)¶Creates a password for the specified user, giving the user the ability to access AWS services through the AWS Management Console. For more information about managing passwords, see Managing Passwords in the Using IAM guide.
Request Syntax
response = client.create_login_profile(
UserName='string',
Password='string',
PasswordResetRequired=True|False
)
Parameters: |
|
---|---|
Return type: | dict |
Returns: | Response Syntax {
'LoginProfile': {
'UserName': 'string',
'CreateDate': datetime(2015, 1, 1),
'PasswordResetRequired': True|False
}
}
Response Structure
|
create_open_id_connect_provider
(**kwargs)¶Creates an IAM entity to describe an identity provider (IdP) that supports OpenID Connect (OIDC) .
The OIDC provider that you create with this operation can be used as a principal in a role's trust policy to establish a trust relationship between AWS and the OIDC provider.
When you create the IAM OIDC provider, you specify the URL of the OIDC identity provider (IdP) to trust, a list of client IDs (also known as audiences) that identify the application or applications that are allowed to authenticate using the OIDC provider, and a list of thumbprints of the server certificate(s) that the IdP uses. You get all of this information from the OIDC IdP that you want to use for access to AWS.
Note
Because trust for the OIDC provider is ultimately derived from the IAM provider that this action creates, it is a best practice to limit access to the CreateOpenIDConnectProvider action to highly-privileged users.
Request Syntax
response = client.create_open_id_connect_provider(
Url='string',
ClientIDList=[
'string',
],
ThumbprintList=[
'string',
]
)
Parameters: |
|
---|---|
Return type: | dict |
Returns: | Response Syntax {
'OpenIDConnectProviderArn': 'string'
}
Response Structure
|
create_policy
(**kwargs)¶Creates a new managed policy for your AWS account.
This operation creates a policy version with a version identifier of v1
and sets v1 as the policy's default version. For more information about policy versions, see Versioning for Managed Policies in the Using IAM guide.
For more information about managed policies in general, refer to Managed Policies and Inline Policies in the Using IAM guide.
Request Syntax
response = client.create_policy(
PolicyName='string',
Path='string',
PolicyDocument='string',
Description='string'
)
Parameters: |
|
---|---|
Return type: | dict |
Returns: | Response Syntax {
'Policy': {
'PolicyName': 'string',
'PolicyId': 'string',
'Arn': 'string',
'Path': 'string',
'DefaultVersionId': 'string',
'AttachmentCount': 123,
'IsAttachable': True|False,
'Description': 'string',
'CreateDate': datetime(2015, 1, 1),
'UpdateDate': datetime(2015, 1, 1)
}
}
Response Structure
|
create_policy_version
(**kwargs)¶Creates a new version of the specified managed policy. To update a managed policy, you create a new policy version. A managed policy can have up to five versions. If the policy has five versions, you must delete an existing version using DeletePolicyVersion before you create a new version.
Optionally, you can set the new version as the policy's default version. The default version is the operative version; that is, the version that is in effect for the IAM users, groups, and roles that the policy is attached to.
For more information about managed policy versions, see Versioning for Managed Policies in the Using IAM guide.
Request Syntax
response = client.create_policy_version(
PolicyArn='string',
PolicyDocument='string',
SetAsDefault=True|False
)
Parameters: |
|
---|---|
Return type: | dict |
Returns: | Response Syntax {
'PolicyVersion': {
'Document': 'string',
'VersionId': 'string',
'IsDefaultVersion': True|False,
'CreateDate': datetime(2015, 1, 1)
}
}
Response Structure
|
create_role
(**kwargs)¶Creates a new role for your AWS account. For more information about roles, go to Working with Roles . For information about limitations on role names and the number of roles you can create, go to Limitations on IAM Entities in the Using IAM guide.
The policy in the following example grants permission to an EC2 instance to assume the role.
Request Syntax
response = client.create_role(
Path='string',
RoleName='string',
AssumeRolePolicyDocument='string'
)
Parameters: |
|
---|---|
Return type: | dict |
Returns: | Response Syntax {
'Role': {
'Path': 'string',
'RoleName': 'string',
'RoleId': 'string',
'Arn': 'string',
'CreateDate': datetime(2015, 1, 1),
'AssumeRolePolicyDocument': 'string'
}
}
Response Structure
|
create_saml_provider
(**kwargs)¶Creates an IAM entity to describe an identity provider (IdP) that supports SAML 2.0.
The SAML provider that you create with this operation can be used as a principal in a role's trust policy to establish a trust relationship between AWS and a SAML identity provider. You can create an IAM role that supports Web-based single sign-on (SSO) to the AWS Management Console or one that supports API access to AWS.
When you create the SAML provider, you upload an a SAML metadata document that you get from your IdP and that includes the issuer's name, expiration information, and keys that can be used to validate the SAML authentication response (assertions) that are received from the IdP. You must generate the metadata document using the identity management software that is used as your organization's IdP.
Note
This operation requires Signature Version 4 .
For more information, see Giving Console Access Using SAML and Creating Temporary Security Credentials for SAML Federation in the Using Temporary Credentials guide.
Request Syntax
response = client.create_saml_provider(
SAMLMetadataDocument='string',
Name='string'
)
Parameters: |
|
---|---|
Return type: | dict |
Returns: | Response Syntax {
'SAMLProviderArn': 'string'
}
Response Structure
|
create_user
(**kwargs)¶Creates a new user for your AWS account.
For information about limitations on the number of users you can create, see Limitations on IAM Entities in the Using IAM guide.
Request Syntax
response = client.create_user(
Path='string',
UserName='string'
)
Parameters: |
|
---|---|
Return type: | dict |
Returns: | Response Syntax {
'User': {
'Path': 'string',
'UserName': 'string',
'UserId': 'string',
'Arn': 'string',
'CreateDate': datetime(2015, 1, 1),
'PasswordLastUsed': datetime(2015, 1, 1)
}
}
Response Structure
|
create_virtual_mfa_device
(**kwargs)¶Creates a new virtual MFA device for the AWS account. After creating the virtual MFA, use EnableMFADevice to attach the MFA device to an IAM user. For more information about creating and working with virtual MFA devices, go to Using a Virtual MFA Device in the Using IAM guide.
For information about limits on the number of MFA devices you can create, see Limitations on Entities in the Using IAM guide.
Warning
The seed information contained in the QR code and the Base32 string should be treated like any other secret access information, such as your AWS access keys or your passwords. After you provision your virtual device, you should ensure that the information is destroyed following secure procedures.
Request Syntax
response = client.create_virtual_mfa_device(
Path='string',
VirtualMFADeviceName='string'
)
Parameters: |
|
---|---|
Return type: | dict |
Returns: | Response Syntax {
'VirtualMFADevice': {
'SerialNumber': 'string',
'Base32StringSeed': b'bytes',
'QRCodePNG': b'bytes',
'User': {
'Path': 'string',
'UserName': 'string',
'UserId': 'string',
'Arn': 'string',
'CreateDate': datetime(2015, 1, 1),
'PasswordLastUsed': datetime(2015, 1, 1)
},
'EnableDate': datetime(2015, 1, 1)
}
}
Response Structure
|
deactivate_mfa_device
(**kwargs)¶Deactivates the specified MFA device and removes it from association with the user name for which it was originally enabled.
For more information about creating and working with virtual MFA devices, go to Using a Virtual MFA Device in the Using IAM guide.
Request Syntax
response = client.deactivate_mfa_device(
UserName='string',
SerialNumber='string'
)
Parameters: |
|
---|---|
Returns: | None |
delete_access_key
(**kwargs)¶Deletes the access key associated with the specified user.
If you do not specify a user name, IAM determines the user name implicitly based on the AWS access key ID signing the request. Because this action works for access keys under the AWS account, you can use this action to manage root credentials even if the AWS account has no associated users.
Request Syntax
response = client.delete_access_key(
UserName='string',
AccessKeyId='string'
)
Parameters: |
|
---|---|
Returns: | None |
delete_account_alias
(**kwargs)¶Deletes the specified AWS account alias. For information about using an AWS account alias, see Using an Alias for Your AWS Account ID in the Using IAM guide.
Request Syntax
response = client.delete_account_alias(
AccountAlias='string'
)
Parameters: | AccountAlias (string) -- [REQUIRED] The name of the account alias to delete. |
---|---|
Returns: | None |
delete_account_password_policy
()¶Deletes the password policy for the AWS account.
Request Syntax
response = client.delete_account_password_policy()
Returns: | None |
---|
delete_group
(**kwargs)¶Deletes the specified group. The group must not contain any users or have any attached policies.
Request Syntax
response = client.delete_group(
GroupName='string'
)
Parameters: | GroupName (string) -- [REQUIRED] The name of the group to delete. |
---|---|
Returns: | None |
delete_group_policy
(**kwargs)¶Deletes the specified inline policy that is embedded in the specified group.
A group can also have managed policies attached to it. To detach a managed policy from a group, use DetachGroupPolicy . For more information about policies, refer to Managed Policies and Inline Policies in the Using IAM guide.
Request Syntax
response = client.delete_group_policy(
GroupName='string',
PolicyName='string'
)
Parameters: |
|
---|---|
Returns: | None |
delete_instance_profile
(**kwargs)¶Deletes the specified instance profile. The instance profile must not have an associated role.
Warning
Make sure you do not have any Amazon EC2 instances running with the instance profile you are about to delete. Deleting a role or instance profile that is associated with a running instance will break any applications running on the instance.
For more information about instance profiles, go to About Instance Profiles .
Request Syntax
response = client.delete_instance_profile(
InstanceProfileName='string'
)
Parameters: | InstanceProfileName (string) -- [REQUIRED] The name of the instance profile to delete. |
---|---|
Returns: | None |
delete_login_profile
(**kwargs)¶Deletes the password for the specified user, which terminates the user's ability to access AWS services through the AWS Management Console.
Warning
Deleting a user's password does not prevent a user from accessing IAM through the command line interface or the API. To prevent all user access you must also either make the access key inactive or delete it. For more information about making keys inactive or deleting them, see UpdateAccessKey and DeleteAccessKey .
Request Syntax
response = client.delete_login_profile(
UserName='string'
)
Parameters: | UserName (string) -- [REQUIRED] The name of the user whose password you want to delete. |
---|---|
Returns: | None |
delete_open_id_connect_provider
(**kwargs)¶Deletes an IAM OpenID Connect identity provider.
Deleting an OIDC provider does not update any roles that reference the provider as a principal in their trust policies. Any attempt to assume a role that references a provider that has been deleted will fail.
This action is idempotent; it does not fail or return an error if you call the action for a provider that was already deleted.
Request Syntax
response = client.delete_open_id_connect_provider(
OpenIDConnectProviderArn='string'
)
Parameters: | OpenIDConnectProviderArn (string) -- [REQUIRED] The Amazon Resource Name (ARN) of the IAM OpenID Connect provider to delete. You can get a list of OpenID Connect provider ARNs by using the ListOpenIDConnectProviders action. |
---|---|
Returns: | None |
delete_policy
(**kwargs)¶Deletes the specified managed policy.
Before you can delete a managed policy, you must detach the policy from all users, groups, and roles that it is attached to, and you must delete all of the policy's versions. The following steps describe the process for deleting a managed policy:
For information about managed policies, refer to Managed Policies and Inline Policies in the Using IAM guide.
Request Syntax
response = client.delete_policy(
PolicyArn='string'
)
Parameters: | PolicyArn (string) -- [REQUIRED] The Amazon Resource Name (ARN). ARNs are unique identifiers for AWS resources. For more information about ARNs, go to Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference . |
---|---|
Returns: | None |
delete_policy_version
(**kwargs)¶Deletes the specified version of the specified managed policy.
You cannot delete the default version of a policy using this API. To delete the default version of a policy, use DeletePolicy . To find out which version of a policy is marked as the default version, use ListPolicyVersions .
For information about versions for managed policies, refer to Versioning for Managed Policies in the Using IAM guide.
Request Syntax
response = client.delete_policy_version(
PolicyArn='string',
VersionId='string'
)
Parameters: |
|
---|---|
Returns: | None |
delete_role
(**kwargs)¶Deletes the specified role. The role must not have any policies attached. For more information about roles, go to Working with Roles .
Warning
Make sure you do not have any Amazon EC2 instances running with the role you are about to delete. Deleting a role or instance profile that is associated with a running instance will break any applications running on the instance.
Request Syntax
response = client.delete_role(
RoleName='string'
)
Parameters: | RoleName (string) -- [REQUIRED] The name of the role to delete. |
---|---|
Returns: | None |
delete_role_policy
(**kwargs)¶Deletes the specified inline policy that is embedded in the specified role.
A role can also have managed policies attached to it. To detach a managed policy from a role, use DetachRolePolicy . For more information about policies, refer to Managed Policies and Inline Policies in the Using IAM guide.
Request Syntax
response = client.delete_role_policy(
RoleName='string',
PolicyName='string'
)
Parameters: |
|
---|---|
Returns: | None |
delete_saml_provider
(**kwargs)¶Deletes a SAML provider.
Deleting the provider does not update any roles that reference the SAML provider as a principal in their trust policies. Any attempt to assume a role that references a SAML provider that has been deleted will fail.
Note
This operation requires Signature Version 4 .
Request Syntax
response = client.delete_saml_provider(
SAMLProviderArn='string'
)
Parameters: | SAMLProviderArn (string) -- [REQUIRED] The Amazon Resource Name (ARN) of the SAML provider to delete. |
---|---|
Returns: | None |
delete_server_certificate
(**kwargs)¶Deletes the specified server certificate.
Warning
If you are using a server certificate with Elastic Load Balancing, deleting the certificate could have implications for your application. If Elastic Load Balancing doesn't detect the deletion of bound certificates, it may continue to use the certificates. This could cause Elastic Load Balancing to stop accepting traffic. We recommend that you remove the reference to the certificate from Elastic Load Balancing before using this command to delete the certificate. For more information, go to DeleteLoadBalancerListeners in the Elastic Load Balancing API Reference .
Request Syntax
response = client.delete_server_certificate(
ServerCertificateName='string'
)
Parameters: | ServerCertificateName (string) -- [REQUIRED] The name of the server certificate you want to delete. |
---|---|
Returns: | None |
delete_signing_certificate
(**kwargs)¶Deletes the specified signing certificate associated with the specified user.
If you do not specify a user name, IAM determines the user name implicitly based on the AWS access key ID signing the request. Because this action works for access keys under the AWS account, you can use this action to manage root credentials even if the AWS account has no associated users.
Request Syntax
response = client.delete_signing_certificate(
UserName='string',
CertificateId='string'
)
Parameters: |
|
---|---|
Returns: | None |
delete_ssh_public_key
(**kwargs)¶Deletes the specified SSH public key.
The SSH public key deleted by this action is used only for authenticating the associated IAM user to an AWS CodeCommit repository. For more information about using SSH keys to authenticate to an AWS CodeCommit repository, see Set up AWS CodeCommit for SSH Connections in the AWS CodeCommit User Guide .
Request Syntax
response = client.delete_ssh_public_key(
UserName='string',
SSHPublicKeyId='string'
)
Parameters: |
|
---|---|
Returns: | None |
delete_user
(**kwargs)¶Deletes the specified user. The user must not belong to any groups, have any keys or signing certificates, or have any attached policies.
Request Syntax
response = client.delete_user(
UserName='string'
)
Parameters: | UserName (string) -- [REQUIRED] The name of the user to delete. |
---|---|
Returns: | None |
delete_user_policy
(**kwargs)¶Deletes the specified inline policy that is embedded in the specified user.
A user can also have managed policies attached to it. To detach a managed policy from a user, use DetachUserPolicy . For more information about policies, refer to Managed Policies and Inline Policies in the Using IAM guide.
Request Syntax
response = client.delete_user_policy(
UserName='string',
PolicyName='string'
)
Parameters: |
|
---|---|
Returns: | None |
delete_virtual_mfa_device
(**kwargs)¶Deletes a virtual MFA device.
Note
You must deactivate a user's virtual MFA device before you can delete it. For information about deactivating MFA devices, see DeactivateMFADevice .
Request Syntax
response = client.delete_virtual_mfa_device(
SerialNumber='string'
)
Parameters: | SerialNumber (string) -- [REQUIRED] The serial number that uniquely identifies the MFA device. For virtual MFA devices, the serial number is the same as the ARN. |
---|---|
Returns: | None |
detach_group_policy
(**kwargs)¶Removes the specified managed policy from the specified group.
A group can also have inline policies embedded with it. To delete an inline policy, use the DeleteGroupPolicy API. For information about policies, refer to Managed Policies and Inline Policies in the Using IAM guide.
Request Syntax
response = client.detach_group_policy(
GroupName='string',
PolicyArn='string'
)
Parameters: |
|
---|---|
Returns: | None |
detach_role_policy
(**kwargs)¶Removes the specified managed policy from the specified role.
A role can also have inline policies embedded with it. To delete an inline policy, use the DeleteRolePolicy API. For information about policies, refer to Managed Policies and Inline Policies in the Using IAM guide.
Request Syntax
response = client.detach_role_policy(
RoleName='string',
PolicyArn='string'
)
Parameters: |
|
---|---|
Returns: | None |
detach_user_policy
(**kwargs)¶Removes the specified managed policy from the specified user.
A user can also have inline policies embedded with it. To delete an inline policy, use the DeleteUserPolicy API. For information about policies, refer to Managed Policies and Inline Policies in the Using IAM guide.
Request Syntax
response = client.detach_user_policy(
UserName='string',
PolicyArn='string'
)
Parameters: |
|
---|---|
Returns: | None |
enable_mfa_device
(**kwargs)¶Enables the specified MFA device and associates it with the specified user name. When enabled, the MFA device is required for every subsequent login by the user name associated with the device.
Request Syntax
response = client.enable_mfa_device(
UserName='string',
SerialNumber='string',
AuthenticationCode1='string',
AuthenticationCode2='string'
)
Parameters: |
|
---|---|
Returns: | None |
generate_credential_report
()¶Generates a credential report for the AWS account. For more information about the credential report, see Getting Credential Reports in the Using IAM guide.
Request Syntax
response = client.generate_credential_report()
Return type: | dict |
---|---|
Returns: | Response Syntax{
'State': 'STARTED'|'INPROGRESS'|'COMPLETE',
'Description': 'string'
}
Response Structure
|
generate_presigned_url
(ClientMethod, Params=None, ExpiresIn=3600, HttpMethod=None)¶Generate a presigned url given a client, its method, and arguments
Parameters: |
|
---|---|
Returns: | The presigned url |
get_access_key_last_used
(**kwargs)¶Retrieves information about when the specified access key was last used. The information includes the date and time of last use, along with the AWS service and region that were specified in the last request made with that key.
Request Syntax
response = client.get_access_key_last_used(
AccessKeyId='string'
)
Parameters: | AccessKeyId (string) -- [REQUIRED] The identifier of an access key. |
---|---|
Return type: | dict |
Returns: | Response Syntax{
'UserName': 'string',
'AccessKeyLastUsed': {
'LastUsedDate': datetime(2015, 1, 1),
'ServiceName': 'string',
'Region': 'string'
}
}
Response Structure
|
Retrieves information about all IAM users, groups, roles, and policies in your account, including their relationships to one another. Use this API to obtain a snapshot of the configuration of IAM permissions (users, groups, roles, and policies) in your account.
You can optionally filter the results using the Filter
parameter. You can paginate the results using the MaxItems
and Marker
parameters.
Request Syntax
response = client.get_account_authorization_details(
Filter=[
'User'|'Role'|'Group'|'LocalManagedPolicy'|'AWSManagedPolicy',
],
MaxItems=123,
Marker='string'
)
Parameters: |
|
---|---|
Return type: | dict |
Returns: | Response Syntax {
'UserDetailList': [
{
'Path': 'string',
'UserName': 'string',
'UserId': 'string',
'Arn': 'string',
'CreateDate': datetime(2015, 1, 1),
'UserPolicyList': [
{
'PolicyName': 'string',
'PolicyDocument': 'string'
},
],
'GroupList': [
'string',
],
'AttachedManagedPolicies': [
{
'PolicyName': 'string',
'PolicyArn': 'string'
},
]
},
],
'GroupDetailList': [
{
'Path': 'string',
'GroupName': 'string',
'GroupId': 'string',
'Arn': 'string',
'CreateDate': datetime(2015, 1, 1),
'GroupPolicyList': [
{
'PolicyName': 'string',
'PolicyDocument': 'string'
},
],
'AttachedManagedPolicies': [
{
'PolicyName': 'string',
'PolicyArn': 'string'
},
]
},
],
'RoleDetailList': [
{
'Path': 'string',
'RoleName': 'string',
'RoleId': 'string',
'Arn': 'string',
'CreateDate': datetime(2015, 1, 1),
'AssumeRolePolicyDocument': 'string',
'InstanceProfileList': [
{
'Path': 'string',
'InstanceProfileName': 'string',
'InstanceProfileId': 'string',
'Arn': 'string',
'CreateDate': datetime(2015, 1, 1),
'Roles': [
{
'Path': 'string',
'RoleName': 'string',
'RoleId': 'string',
'Arn': 'string',
'CreateDate': datetime(2015, 1, 1),
'AssumeRolePolicyDocument': 'string'
},
]
},
],
'RolePolicyList': [
{
'PolicyName': 'string',
'PolicyDocument': 'string'
},
],
'AttachedManagedPolicies': [
{
'PolicyName': 'string',
'PolicyArn': 'string'
},
]
},
],
'Policies': [
{
'PolicyName': 'string',
'PolicyId': 'string',
'Arn': 'string',
'Path': 'string',
'DefaultVersionId': 'string',
'AttachmentCount': 123,
'IsAttachable': True|False,
'Description': 'string',
'CreateDate': datetime(2015, 1, 1),
'UpdateDate': datetime(2015, 1, 1),
'PolicyVersionList': [
{
'Document': 'string',
'VersionId': 'string',
'IsDefaultVersion': True|False,
'CreateDate': datetime(2015, 1, 1)
},
]
},
],
'IsTruncated': True|False,
'Marker': 'string'
}
Response Structure
|
get_account_password_policy
()¶Retrieves the password policy for the AWS account. For more information about using a password policy, go to Managing an IAM Password Policy .
Request Syntax
response = client.get_account_password_policy()
Return type: | dict |
---|---|
Returns: | Response Syntax{
'PasswordPolicy': {
'MinimumPasswordLength': 123,
'RequireSymbols': True|False,
'RequireNumbers': True|False,
'RequireUppercaseCharacters': True|False,
'RequireLowercaseCharacters': True|False,
'AllowUsersToChangePassword': True|False,
'ExpirePasswords': True|False,
'MaxPasswordAge': 123,
'PasswordReusePrevention': 123,
'HardExpiry': True|False
}
}
Response Structure
|
get_account_summary
()¶Retrieves information about IAM entity usage and IAM quotas in the AWS account.
For information about limitations on IAM entities, see Limitations on IAM Entities in the Using IAM guide.
Request Syntax
response = client.get_account_summary()
Return type: | dict |
---|---|
Returns: | Response Syntax{
'SummaryMap': {
'string': 123
}
}
Response Structure
|
get_credential_report
()¶Retrieves a credential report for the AWS account. For more information about the credential report, see Getting Credential Reports in the Using IAM guide.
Request Syntax
response = client.get_credential_report()
Return type: | dict |
---|---|
Returns: | Response Syntax{
'Content': b'bytes',
'ReportFormat': 'text/csv',
'GeneratedTime': datetime(2015, 1, 1)
}
Response Structure
|
get_group
(**kwargs)¶Returns a list of users that are in the specified group. You can paginate the results using the MaxItems
and Marker
parameters.
Request Syntax
response = client.get_group(
GroupName='string',
Marker='string',
MaxItems=123
)
Parameters: |
|
---|---|
Return type: | dict |
Returns: | Response Syntax {
'Group': {
'Path': 'string',
'GroupName': 'string',
'GroupId': 'string',
'Arn': 'string',
'CreateDate': datetime(2015, 1, 1)
},
'Users': [
{
'Path': 'string',
'UserName': 'string',
'UserId': 'string',
'Arn': 'string',
'CreateDate': datetime(2015, 1, 1),
'PasswordLastUsed': datetime(2015, 1, 1)
},
],
'IsTruncated': True|False,
'Marker': 'string'
}
Response Structure
|
get_group_policy
(**kwargs)¶Retrieves the specified inline policy document that is embedded in the specified group.
A group can also have managed policies attached to it. To retrieve a managed policy document that is attached to a group, use GetPolicy to determine the policy's default version, then use GetPolicyVersion to retrieve the policy document.
For more information about policies, refer to Managed Policies and Inline Policies in the Using IAM guide.
Request Syntax
response = client.get_group_policy(
GroupName='string',
PolicyName='string'
)
Parameters: |
|
---|---|
Return type: | dict |
Returns: | Response Syntax {
'GroupName': 'string',
'PolicyName': 'string',
'PolicyDocument': 'string'
}
Response Structure
|
get_instance_profile
(**kwargs)¶Retrieves information about the specified instance profile, including the instance profile's path, GUID, ARN, and role. For more information about instance profiles, go to About Instance Profiles . For more information about ARNs, go to ARNs .
Request Syntax
response = client.get_instance_profile(
InstanceProfileName='string'
)
Parameters: | InstanceProfileName (string) -- [REQUIRED] The name of the instance profile to get information about. |
---|---|
Return type: | dict |
Returns: | Response Syntax{
'InstanceProfile': {
'Path': 'string',
'InstanceProfileName': 'string',
'InstanceProfileId': 'string',
'Arn': 'string',
'CreateDate': datetime(2015, 1, 1),
'Roles': [
{
'Path': 'string',
'RoleName': 'string',
'RoleId': 'string',
'Arn': 'string',
'CreateDate': datetime(2015, 1, 1),
'AssumeRolePolicyDocument': 'string'
},
]
}
}
Response Structure
|
get_login_profile
(**kwargs)¶Retrieves the user name and password-creation date for the specified user. If the user has not been assigned a password, the action returns a 404 (NoSuchEntity
) error.
Request Syntax
response = client.get_login_profile(
UserName='string'
)
Parameters: | UserName (string) -- [REQUIRED] The name of the user whose login profile you want to retrieve. |
---|---|
Return type: | dict |
Returns: | Response Syntax{
'LoginProfile': {
'UserName': 'string',
'CreateDate': datetime(2015, 1, 1),
'PasswordResetRequired': True|False
}
}
Response Structure
|
get_open_id_connect_provider
(**kwargs)¶Returns information about the specified OpenID Connect provider.
Request Syntax
response = client.get_open_id_connect_provider(
OpenIDConnectProviderArn='string'
)
Parameters: | OpenIDConnectProviderArn (string) -- [REQUIRED] The Amazon Resource Name (ARN) of the IAM OpenID Connect (OIDC) provider to get information for. You can get a list of OIDC provider ARNs by using the ListOpenIDConnectProviders action. |
---|---|
Return type: | dict |
Returns: | Response Syntax{
'Url': 'string',
'ClientIDList': [
'string',
],
'ThumbprintList': [
'string',
],
'CreateDate': datetime(2015, 1, 1)
}
Response Structure
|
get_paginator
(operation_name)¶Create a paginator for an operation.
Parameters: | operation_name (string) -- The operation name. This is the same name
as the method name on the client. For example, if the
method name is create_foo , and you'd normally invoke the
operation as client.create_foo(**kwargs) , if the
create_foo operation can be paginated, you can use the
call client.get_paginator("create_foo") . |
---|---|
Raises OperationNotPageableError: | |
Raised if the operation is not
pageable. You can use the client.can_paginate method to
check if an operation is pageable. |
|
Return type: | L{botocore.paginate.Paginator} |
Returns: | A paginator object. |
get_policy
(**kwargs)¶Retrieves information about the specified managed policy, including the policy's default version and the total number of users, groups, and roles that the policy is attached to. For a list of the specific users, groups, and roles that the policy is attached to, use the ListEntitiesForPolicy API. This API returns metadata about the policy. To retrieve the policy document for a specific version of the policy, use GetPolicyVersion .
This API retrieves information about managed policies. To retrieve information about an inline policy that is embedded with a user, group, or role, use the GetUserPolicy , GetGroupPolicy , or GetRolePolicy API.
For more information about policies, refer to Managed Policies and Inline Policies in the Using IAM guide.
Request Syntax
response = client.get_policy(
PolicyArn='string'
)
Parameters: | PolicyArn (string) -- [REQUIRED] The Amazon Resource Name (ARN). ARNs are unique identifiers for AWS resources. For more information about ARNs, go to Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference . |
---|---|
Return type: | dict |
Returns: | Response Syntax{
'Policy': {
'PolicyName': 'string',
'PolicyId': 'string',
'Arn': 'string',
'Path': 'string',
'DefaultVersionId': 'string',
'AttachmentCount': 123,
'IsAttachable': True|False,
'Description': 'string',
'CreateDate': datetime(2015, 1, 1),
'UpdateDate': datetime(2015, 1, 1)
}
}
Response Structure
|
get_policy_version
(**kwargs)¶Retrieves information about the specified version of the specified managed policy, including the policy document.
To list the available versions for a policy, use ListPolicyVersions .
This API retrieves information about managed policies. To retrieve information about an inline policy that is embedded in a user, group, or role, use the GetUserPolicy , GetGroupPolicy , or GetRolePolicy API.
For more information about the types of policies, refer to Managed Policies and Inline Policies in the Using IAM guide.
Request Syntax
response = client.get_policy_version(
PolicyArn='string',
VersionId='string'
)
Parameters: |
|
---|---|
Return type: | dict |
Returns: | Response Syntax {
'PolicyVersion': {
'Document': 'string',
'VersionId': 'string',
'IsDefaultVersion': True|False,
'CreateDate': datetime(2015, 1, 1)
}
}
Response Structure
|
get_role
(**kwargs)¶Retrieves information about the specified role, including the role's path, GUID, ARN, and the policy granting permission to assume the role. For more information about ARNs, go to ARNs . For more information about roles, go to Working with Roles .
Request Syntax
response = client.get_role(
RoleName='string'
)
Parameters: | RoleName (string) -- [REQUIRED] The name of the role to get information about. |
---|---|
Return type: | dict |
Returns: | Response Syntax{
'Role': {
'Path': 'string',
'RoleName': 'string',
'RoleId': 'string',
'Arn': 'string',
'CreateDate': datetime(2015, 1, 1),
'AssumeRolePolicyDocument': 'string'
}
}
Response Structure
|
get_role_policy
(**kwargs)¶Retrieves the specified inline policy document that is embedded with the specified role.
A role can also have managed policies attached to it. To retrieve a managed policy document that is attached to a role, use GetPolicy to determine the policy's default version, then use GetPolicyVersion to retrieve the policy document.
For more information about policies, refer to Managed Policies and Inline Policies in the Using IAM guide.
For more information about roles, go to Using Roles to Delegate Permissions and Federate Identities .
Request Syntax
response = client.get_role_policy(
RoleName='string',
PolicyName='string'
)
Parameters: |
|
---|---|
Return type: | dict |
Returns: | Response Syntax {
'RoleName': 'string',
'PolicyName': 'string',
'PolicyDocument': 'string'
}
Response Structure
|
get_saml_provider
(**kwargs)¶Returns the SAML provider metadocument that was uploaded when the provider was created or updated.
Note
This operation requires Signature Version 4 .
Request Syntax
response = client.get_saml_provider(
SAMLProviderArn='string'
)
Parameters: | SAMLProviderArn (string) -- [REQUIRED] The Amazon Resource Name (ARN) of the SAML provider to get information about. |
---|---|
Return type: | dict |
Returns: | Response Syntax{
'SAMLMetadataDocument': 'string',
'CreateDate': datetime(2015, 1, 1),
'ValidUntil': datetime(2015, 1, 1)
}
Response Structure
|
get_server_certificate
(**kwargs)¶Retrieves information about the specified server certificate.
Request Syntax
response = client.get_server_certificate(
ServerCertificateName='string'
)
Parameters: | ServerCertificateName (string) -- [REQUIRED] The name of the server certificate you want to retrieve information about. |
---|---|
Return type: | dict |
Returns: | Response Syntax{
'ServerCertificate': {
'ServerCertificateMetadata': {
'Path': 'string',
'ServerCertificateName': 'string',
'ServerCertificateId': 'string',
'Arn': 'string',
'UploadDate': datetime(2015, 1, 1),
'Expiration': datetime(2015, 1, 1)
},
'CertificateBody': 'string',
'CertificateChain': 'string'
}
}
Response Structure
|
get_ssh_public_key
(**kwargs)¶Retrieves the specified SSH public key, including metadata about the key.
The SSH public key retrieved by this action is used only for authenticating the associated IAM user to an AWS CodeCommit repository. For more information about using SSH keys to authenticate to an AWS CodeCommit repository, see Set up AWS CodeCommit for SSH Connections in the AWS CodeCommit User Guide .
Request Syntax
response = client.get_ssh_public_key(
UserName='string',
SSHPublicKeyId='string',
Encoding='SSH'|'PEM'
)
Parameters: |
|
---|---|
Return type: | dict |
Returns: | Response Syntax {
'SSHPublicKey': {
'UserName': 'string',
'SSHPublicKeyId': 'string',
'Fingerprint': 'string',
'SSHPublicKeyBody': 'string',
'Status': 'Active'|'Inactive',
'UploadDate': datetime(2015, 1, 1)
}
}
Response Structure
|
get_user
(**kwargs)¶Retrieves information about the specified user, including the user's creation date, path, unique ID, and ARN.
If you do not specify a user name, IAM determines the user name implicitly based on the AWS access key ID used to sign the request.
Request Syntax
response = client.get_user(
UserName='string'
)
Parameters: | UserName (string) -- The name of the user to get information about. This parameter is optional. If it is not included, it defaults to the user making the request. |
---|---|
Return type: | dict |
Returns: | Response Syntax{
'User': {
'Path': 'string',
'UserName': 'string',
'UserId': 'string',
'Arn': 'string',
'CreateDate': datetime(2015, 1, 1),
'PasswordLastUsed': datetime(2015, 1, 1)
}
}
Response Structure
|
get_user_policy
(**kwargs)¶Retrieves the specified inline policy document that is embedded in the specified user.
A user can also have managed policies attached to it. To retrieve a managed policy document that is attached to a user, use GetPolicy to determine the policy's default version, then use GetPolicyVersion to retrieve the policy document.
For more information about policies, refer to Managed Policies and Inline Policies in the Using IAM guide.
Request Syntax
response = client.get_user_policy(
UserName='string',
PolicyName='string'
)
Parameters: |
|
---|---|
Return type: | dict |
Returns: | Response Syntax {
'UserName': 'string',
'PolicyName': 'string',
'PolicyDocument': 'string'
}
Response Structure
|
get_waiter
(waiter_name)¶list_access_keys
(**kwargs)¶Returns information about the access key IDs associated with the specified user. If there are none, the action returns an empty list.
Although each user is limited to a small number of keys, you can still paginate the results using the MaxItems
and Marker
parameters.
If the UserName
field is not specified, the UserName is determined implicitly based on the AWS access key ID used to sign the request. Because this action works for access keys under the AWS account, you can use this action to manage root credentials even if the AWS account has no associated users.
Note
To ensure the security of your AWS account, the secret access key is accessible only during key and user creation.
Request Syntax
response = client.list_access_keys(
UserName='string',
Marker='string',
MaxItems=123
)
Parameters: |
|
---|---|
Return type: | dict |
Returns: | Response Syntax {
'AccessKeyMetadata': [
{
'UserName': 'string',
'AccessKeyId': 'string',
'Status': 'Active'|'Inactive',
'CreateDate': datetime(2015, 1, 1)
},
],
'IsTruncated': True|False,
'Marker': 'string'
}
Response Structure
|
list_account_aliases
(**kwargs)¶Lists the account aliases associated with the account. For information about using an AWS account alias, see Using an Alias for Your AWS Account ID in the Using IAM guide.
You can paginate the results using the MaxItems
and Marker
parameters.
Request Syntax
response = client.list_account_aliases(
Marker='string',
MaxItems=123
)
Parameters: |
|
---|---|
Return type: | dict |
Returns: | Response Syntax {
'AccountAliases': [
'string',
],
'IsTruncated': True|False,
'Marker': 'string'
}
Response Structure
|
list_attached_group_policies
(**kwargs)¶Lists all managed policies that are attached to the specified group.
A group can also have inline policies embedded with it. To list the inline policies for a group, use the ListGroupPolicies API. For information about policies, refer to Managed Policies and Inline Policies in the Using IAM guide.
You can paginate the results using the MaxItems
and Marker
parameters. You can use the PathPrefix
parameter to limit the list of policies to only those matching the specified path prefix. If there are no policies attached to the specified group (or none that match the specified path prefix), the action returns an empty list.
Request Syntax
response = client.list_attached_group_policies(
GroupName='string',
PathPrefix='string',
Marker='string',
MaxItems=123
)
Parameters: |
|
---|---|
Return type: | dict |
Returns: | Response Syntax {
'AttachedPolicies': [
{
'PolicyName': 'string',
'PolicyArn': 'string'
},
],
'IsTruncated': True|False,
'Marker': 'string'
}
Response Structure
|
list_attached_role_policies
(**kwargs)¶Lists all managed policies that are attached to the specified role.
A role can also have inline policies embedded with it. To list the inline policies for a role, use the ListRolePolicies API. For information about policies, refer to Managed Policies and Inline Policies in the Using IAM guide.
You can paginate the results using the MaxItems
and Marker
parameters. You can use the PathPrefix
parameter to limit the list of policies to only those matching the specified path prefix. If there are no policies attached to the specified role (or none that match the specified path prefix), the action returns an empty list.
Request Syntax
response = client.list_attached_role_policies(
RoleName='string',
PathPrefix='string',
Marker='string',
MaxItems=123
)
Parameters: |
|
---|---|
Return type: | dict |
Returns: | Response Syntax {
'AttachedPolicies': [
{
'PolicyName': 'string',
'PolicyArn': 'string'
},
],
'IsTruncated': True|False,
'Marker': 'string'
}
Response Structure
|
list_attached_user_policies
(**kwargs)¶Lists all managed policies that are attached to the specified user.
A user can also have inline policies embedded with it. To list the inline policies for a user, use the ListUserPolicies API. For information about policies, refer to Managed Policies and Inline Policies in the Using IAM guide.
You can paginate the results using the MaxItems
and Marker
parameters. You can use the PathPrefix
parameter to limit the list of policies to only those matching the specified path prefix. If there are no policies attached to the specified group (or none that match the specified path prefix), the action returns an empty list.
Request Syntax
response = client.list_attached_user_policies(
UserName='string',
PathPrefix='string',
Marker='string',
MaxItems=123
)
Parameters: |
|
---|---|
Return type: | dict |
Returns: | Response Syntax {
'AttachedPolicies': [
{
'PolicyName': 'string',
'PolicyArn': 'string'
},
],
'IsTruncated': True|False,
'Marker': 'string'
}
Response Structure
|
list_entities_for_policy
(**kwargs)¶Lists all users, groups, and roles that the specified managed policy is attached to.
You can use the optional EntityFilter
parameter to limit the results to a particular type of entity (users, groups, or roles). For example, to list only the roles that are attached to the specified policy, set EntityFilter
to Role
.
You can paginate the results using the MaxItems
and Marker
parameters.
Request Syntax
response = client.list_entities_for_policy(
PolicyArn='string',
EntityFilter='User'|'Role'|'Group'|'LocalManagedPolicy'|'AWSManagedPolicy',
PathPrefix='string',
Marker='string',
MaxItems=123
)
Parameters: |
|
---|---|
Return type: | dict |
Returns: | Response Syntax {
'PolicyGroups': [
{
'GroupName': 'string'
},
],
'PolicyUsers': [
{
'UserName': 'string'
},
],
'PolicyRoles': [
{
'RoleName': 'string'
},
],
'IsTruncated': True|False,
'Marker': 'string'
}
Response Structure
|
list_group_policies
(**kwargs)¶Lists the names of the inline policies that are embedded in the specified group.
A group can also have managed policies attached to it. To list the managed policies that are attached to a group, use ListAttachedGroupPolicies . For more information about policies, refer to Managed Policies and Inline Policies in the Using IAM guide.
You can paginate the results using the MaxItems
and Marker
parameters. If there are no inline policies embedded with the specified group, the action returns an empty list.
Request Syntax
response = client.list_group_policies(
GroupName='string',
Marker='string',
MaxItems=123
)
Parameters: |
|
---|---|
Return type: | dict |
Returns: | Response Syntax {
'PolicyNames': [
'string',
],
'IsTruncated': True|False,
'Marker': 'string'
}
Response Structure
|
list_groups
(**kwargs)¶Lists the groups that have the specified path prefix.
You can paginate the results using the MaxItems
and Marker
parameters.
Request Syntax
response = client.list_groups(
PathPrefix='string',
Marker='string',
MaxItems=123
)
Parameters: |
|
---|---|
Return type: | dict |
Returns: | Response Syntax {
'Groups': [
{
'Path': 'string',
'GroupName': 'string',
'GroupId': 'string',
'Arn': 'string',
'CreateDate': datetime(2015, 1, 1)
},
],
'IsTruncated': True|False,
'Marker': 'string'
}
Response Structure
|
list_groups_for_user
(**kwargs)¶Lists the groups the specified user belongs to.
You can paginate the results using the MaxItems
and Marker
parameters.
Request Syntax
response = client.list_groups_for_user(
UserName='string',
Marker='string',
MaxItems=123
)
Parameters: |
|
---|---|
Return type: | dict |
Returns: | Response Syntax {
'Groups': [
{
'Path': 'string',
'GroupName': 'string',
'GroupId': 'string',
'Arn': 'string',
'CreateDate': datetime(2015, 1, 1)
},
],
'IsTruncated': True|False,
'Marker': 'string'
}
Response Structure
|
list_instance_profiles
(**kwargs)¶Lists the instance profiles that have the specified path prefix. If there are none, the action returns an empty list. For more information about instance profiles, go to About Instance Profiles .
You can paginate the results using the MaxItems
and Marker
parameters.
Request Syntax
response = client.list_instance_profiles(
PathPrefix='string',
Marker='string',
MaxItems=123
)
Parameters: |
|
---|---|
Return type: | dict |
Returns: | Response Syntax {
'InstanceProfiles': [
{
'Path': 'string',
'InstanceProfileName': 'string',
'InstanceProfileId': 'string',
'Arn': 'string',
'CreateDate': datetime(2015, 1, 1),
'Roles': [
{
'Path': 'string',
'RoleName': 'string',
'RoleId': 'string',
'Arn': 'string',
'CreateDate': datetime(2015, 1, 1),
'AssumeRolePolicyDocument': 'string'
},
]
},
],
'IsTruncated': True|False,
'Marker': 'string'
}
Response Structure
|
list_instance_profiles_for_role
(**kwargs)¶Lists the instance profiles that have the specified associated role. If there are none, the action returns an empty list. For more information about instance profiles, go to About Instance Profiles .
You can paginate the results using the MaxItems
and Marker
parameters.
Request Syntax
response = client.list_instance_profiles_for_role(
RoleName='string',
Marker='string',
MaxItems=123
)
Parameters: |
|
---|---|
Return type: | dict |
Returns: | Response Syntax {
'InstanceProfiles': [
{
'Path': 'string',
'InstanceProfileName': 'string',
'InstanceProfileId': 'string',
'Arn': 'string',
'CreateDate': datetime(2015, 1, 1),
'Roles': [
{
'Path': 'string',
'RoleName': 'string',
'RoleId': 'string',
'Arn': 'string',
'CreateDate': datetime(2015, 1, 1),
'AssumeRolePolicyDocument': 'string'
},
]
},
],
'IsTruncated': True|False,
'Marker': 'string'
}
Response Structure
|
list_mfa_devices
(**kwargs)¶Lists the MFA devices. If the request includes the user name, then this action lists all the MFA devices associated with the specified user name. If you do not specify a user name, IAM determines the user name implicitly based on the AWS access key ID signing the request.
You can paginate the results using the MaxItems
and Marker
parameters.
Request Syntax
response = client.list_mfa_devices(
UserName='string',
Marker='string',
MaxItems=123
)
Parameters: |
|
---|---|
Return type: | dict |
Returns: | Response Syntax {
'MFADevices': [
{
'UserName': 'string',
'SerialNumber': 'string',
'EnableDate': datetime(2015, 1, 1)
},
],
'IsTruncated': True|False,
'Marker': 'string'
}
Response Structure
|
list_open_id_connect_providers
()¶Lists information about the OpenID Connect providers in the AWS account.
Request Syntax
response = client.list_open_id_connect_providers()
Return type: | dict |
---|---|
Returns: | Response Syntax{
'OpenIDConnectProviderList': [
{
'Arn': 'string'
},
]
}
Response Structure
|
list_policies
(**kwargs)¶Lists all the managed policies that are available to your account, including your own customer managed policies and all AWS managed policies.
You can filter the list of policies that is returned using the optional OnlyAttached
, Scope
, and PathPrefix
parameters. For example, to list only the customer managed policies in your AWS account, set Scope
to Local
. To list only AWS managed policies, set Scope
to AWS
.
You can paginate the results using the MaxItems
and Marker
parameters.
For more information about managed policies, refer to Managed Policies and Inline Policies in the Using IAM guide.
Request Syntax
response = client.list_policies(
Scope='All'|'AWS'|'Local',
OnlyAttached=True|False,
PathPrefix='string',
Marker='string',
MaxItems=123
)
Parameters: |
|
---|---|
Return type: | dict |
Returns: | Response Syntax {
'Policies': [
{
'PolicyName': 'string',
'PolicyId': 'string',
'Arn': 'string',
'Path': 'string',
'DefaultVersionId': 'string',
'AttachmentCount': 123,
'IsAttachable': True|False,
'Description': 'string',
'CreateDate': datetime(2015, 1, 1),
'UpdateDate': datetime(2015, 1, 1)
},
],
'IsTruncated': True|False,
'Marker': 'string'
}
Response Structure
|
list_policy_versions
(**kwargs)¶Lists information about the versions of the specified managed policy, including the version that is set as the policy's default version.
For more information about managed policies, refer to Managed Policies and Inline Policies in the Using IAM guide.
Request Syntax
response = client.list_policy_versions(
PolicyArn='string',
Marker='string',
MaxItems=123
)
Parameters: |
|
---|---|
Return type: | dict |
Returns: | Response Syntax {
'Versions': [
{
'Document': 'string',
'VersionId': 'string',
'IsDefaultVersion': True|False,
'CreateDate': datetime(2015, 1, 1)
},
],
'IsTruncated': True|False,
'Marker': 'string'
}
Response Structure
|
list_role_policies
(**kwargs)¶Lists the names of the inline policies that are embedded in the specified role.
A role can also have managed policies attached to it. To list the managed policies that are attached to a role, use ListAttachedRolePolicies . For more information about policies, refer to Managed Policies and Inline Policies in the Using IAM guide.
You can paginate the results using the MaxItems
and Marker
parameters. If there are no inline policies embedded with the specified role, the action returns an empty list.
Request Syntax
response = client.list_role_policies(
RoleName='string',
Marker='string',
MaxItems=123
)
Parameters: |
|
---|---|
Return type: | dict |
Returns: | Response Syntax {
'PolicyNames': [
'string',
],
'IsTruncated': True|False,
'Marker': 'string'
}
Response Structure
|
list_roles
(**kwargs)¶Lists the roles that have the specified path prefix. If there are none, the action returns an empty list. For more information about roles, go to Working with Roles .
You can paginate the results using the MaxItems
and Marker
parameters.
Request Syntax
response = client.list_roles(
PathPrefix='string',
Marker='string',
MaxItems=123
)
Parameters: |
|
---|---|
Return type: | dict |
Returns: | Response Syntax {
'Roles': [
{
'Path': 'string',
'RoleName': 'string',
'RoleId': 'string',
'Arn': 'string',
'CreateDate': datetime(2015, 1, 1),
'AssumeRolePolicyDocument': 'string'
},
],
'IsTruncated': True|False,
'Marker': 'string'
}
Response Structure
|
list_saml_providers
()¶Lists the SAML providers in the account.
Note
This operation requires Signature Version 4 .
Request Syntax
response = client.list_saml_providers()
Return type: | dict |
---|---|
Returns: | Response Syntax{
'SAMLProviderList': [
{
'Arn': 'string',
'ValidUntil': datetime(2015, 1, 1),
'CreateDate': datetime(2015, 1, 1)
},
]
}
Response Structure
|
list_server_certificates
(**kwargs)¶Lists the server certificates that have the specified path prefix. If none exist, the action returns an empty list.
You can paginate the results using the MaxItems
and Marker
parameters.
Request Syntax
response = client.list_server_certificates(
PathPrefix='string',
Marker='string',
MaxItems=123
)
Parameters: |
|
---|---|
Return type: | dict |
Returns: | Response Syntax {
'ServerCertificateMetadataList': [
{
'Path': 'string',
'ServerCertificateName': 'string',
'ServerCertificateId': 'string',
'Arn': 'string',
'UploadDate': datetime(2015, 1, 1),
'Expiration': datetime(2015, 1, 1)
},
],
'IsTruncated': True|False,
'Marker': 'string'
}
Response Structure
|
list_signing_certificates
(**kwargs)¶Returns information about the signing certificates associated with the specified user. If there are none, the action returns an empty list.
Although each user is limited to a small number of signing certificates, you can still paginate the results using the MaxItems
and Marker
parameters.
If the UserName
field is not specified, the user name is determined implicitly based on the AWS access key ID used to sign the request. Because this action works for access keys under the AWS account, you can use this action to manage root credentials even if the AWS account has no associated users.
Request Syntax
response = client.list_signing_certificates(
UserName='string',
Marker='string',
MaxItems=123
)
Parameters: |
|
---|---|
Return type: | dict |
Returns: | Response Syntax {
'Certificates': [
{
'UserName': 'string',
'CertificateId': 'string',
'CertificateBody': 'string',
'Status': 'Active'|'Inactive',
'UploadDate': datetime(2015, 1, 1)
},
],
'IsTruncated': True|False,
'Marker': 'string'
}
Response Structure
|
list_ssh_public_keys
(**kwargs)¶Returns information about the SSH public keys associated with the specified IAM user. If there are none, the action returns an empty list.
The SSH public keys returned by this action are used only for authenticating the IAM user to an AWS CodeCommit repository. For more information about using SSH keys to authenticate to an AWS CodeCommit repository, see Set up AWS CodeCommit for SSH Connections in the AWS CodeCommit User Guide .
Although each user is limited to a small number of keys, you can still paginate the results using the MaxItems
and Marker
parameters.
Request Syntax
response = client.list_ssh_public_keys(
UserName='string',
Marker='string',
MaxItems=123
)
Parameters: |
|
---|---|
Return type: | dict |
Returns: | Response Syntax {
'SSHPublicKeys': [
{
'UserName': 'string',
'SSHPublicKeyId': 'string',
'Status': 'Active'|'Inactive',
'UploadDate': datetime(2015, 1, 1)
},
],
'IsTruncated': True|False,
'Marker': 'string'
}
Response Structure
|
list_user_policies
(**kwargs)¶Lists the names of the inline policies embedded in the specified user.
A user can also have managed policies attached to it. To list the managed policies that are attached to a user, use ListAttachedUserPolicies . For more information about policies, refer to Managed Policies and Inline Policies in the Using IAM guide.
You can paginate the results using the MaxItems
and Marker
parameters. If there are no inline policies embedded with the specified user, the action returns an empty list.
Request Syntax
response = client.list_user_policies(
UserName='string',
Marker='string',
MaxItems=123
)
Parameters: |
|
---|---|
Return type: | dict |
Returns: | Response Syntax {
'PolicyNames': [
'string',
],
'IsTruncated': True|False,
'Marker': 'string'
}
Response Structure
|
list_users
(**kwargs)¶Lists the IAM users that have the specified path prefix. If no path prefix is specified, the action returns all users in the AWS account. If there are none, the action returns an empty list.
You can paginate the results using the MaxItems
and Marker
parameters.
Request Syntax
response = client.list_users(
PathPrefix='string',
Marker='string',
MaxItems=123
)
Parameters: |
|
---|---|
Return type: | dict |
Returns: | Response Syntax {
'Users': [
{
'Path': 'string',
'UserName': 'string',
'UserId': 'string',
'Arn': 'string',
'CreateDate': datetime(2015, 1, 1),
'PasswordLastUsed': datetime(2015, 1, 1)
},
],
'IsTruncated': True|False,
'Marker': 'string'
}
Response Structure
|
list_virtual_mfa_devices
(**kwargs)¶Lists the virtual MFA devices under the AWS account by assignment status. If you do not specify an assignment status, the action returns a list of all virtual MFA devices. Assignment status can be Assigned
, Unassigned
, or Any
.
You can paginate the results using the MaxItems
and Marker
parameters.
Request Syntax
response = client.list_virtual_mfa_devices(
AssignmentStatus='Assigned'|'Unassigned'|'Any',
Marker='string',
MaxItems=123
)
Parameters: |
|
---|---|
Return type: | dict |
Returns: | Response Syntax {
'VirtualMFADevices': [
{
'SerialNumber': 'string',
'Base32StringSeed': b'bytes',
'QRCodePNG': b'bytes',
'User': {
'Path': 'string',
'UserName': 'string',
'UserId': 'string',
'Arn': 'string',
'CreateDate': datetime(2015, 1, 1),
'PasswordLastUsed': datetime(2015, 1, 1)
},
'EnableDate': datetime(2015, 1, 1)
},
],
'IsTruncated': True|False,
'Marker': 'string'
}
Response Structure
|
put_group_policy
(**kwargs)¶Adds (or updates) an inline policy document that is embedded in the specified group.
A user can also have managed policies attached to it. To attach a managed policy to a group, use AttachGroupPolicy . To create a new managed policy, use CreatePolicy . For information about policies, refer to Managed Policies and Inline Policies in the Using IAM guide.
For information about limits on the number of inline policies that you can embed in a group, see Limitations on IAM Entities in the Using IAM guide.
Note
Because policy documents can be large, you should use POST rather than GET when calling PutGroupPolicy
. For general information about using the Query API with IAM, go to Making Query Requests in the Using IAM guide.
Request Syntax
response = client.put_group_policy(
GroupName='string',
PolicyName='string',
PolicyDocument='string'
)
Parameters: |
|
---|---|
Returns: | None |
put_role_policy
(**kwargs)¶Adds (or updates) an inline policy document that is embedded in the specified role.
When you embed an inline policy in a role, the inline policy is used as the role's access (permissions) policy. The role's trust policy is created at the same time as the role, using CreateRole . You can update a role's trust policy using UpdateAssumeRolePolicy . For more information about roles, go to Using Roles to Delegate Permissions and Federate Identities .
A role can also have a managed policy attached to it. To attach a managed policy to a role, use AttachRolePolicy . To create a new managed policy, use CreatePolicy . For information about policies, refer to Managed Policies and Inline Policies in the Using IAM guide.
For information about limits on the number of inline policies that you can embed with a role, see Limitations on IAM Entities in the Using IAM guide.
Note
Because policy documents can be large, you should use POST rather than GET when calling PutRolePolicy
. For general information about using the Query API with IAM, go to Making Query Requests in the Using IAM guide.
Request Syntax
response = client.put_role_policy(
RoleName='string',
PolicyName='string',
PolicyDocument='string'
)
Parameters: |
|
---|---|
Returns: | None |
put_user_policy
(**kwargs)¶Adds (or updates) an inline policy document that is embedded in the specified user.
A user can also have a managed policy attached to it. To attach a managed policy to a user, use AttachUserPolicy . To create a new managed policy, use CreatePolicy . For information about policies, refer to Managed Policies and Inline Policies in the Using IAM guide.
For information about limits on the number of inline policies that you can embed in a user, see Limitations on IAM Entities in the Using IAM guide.
Note
Because policy documents can be large, you should use POST rather than GET when calling PutUserPolicy
. For general information about using the Query API with IAM, go to Making Query Requests in the Using IAM guide.
Request Syntax
response = client.put_user_policy(
UserName='string',
PolicyName='string',
PolicyDocument='string'
)
Parameters: |
|
---|---|
Returns: | None |
remove_client_id_from_open_id_connect_provider
(**kwargs)¶Removes the specified client ID (also known as audience) from the list of client IDs registered for the specified IAM OpenID Connect provider.
This action is idempotent; it does not fail or return an error if you try to remove a client ID that was removed previously.
Request Syntax
response = client.remove_client_id_from_open_id_connect_provider(
OpenIDConnectProviderArn='string',
ClientID='string'
)
Parameters: |
|
---|---|
Returns: | None |
remove_role_from_instance_profile
(**kwargs)¶Removes the specified role from the specified instance profile.
Warning
Make sure you do not have any Amazon EC2 instances running with the role you are about to remove from the instance profile. Removing a role from an instance profile that is associated with a running instance will break any applications running on the instance.
For more information about roles, go to Working with Roles . For more information about instance profiles, go to About Instance Profiles .
Request Syntax
response = client.remove_role_from_instance_profile(
InstanceProfileName='string',
RoleName='string'
)
Parameters: |
|
---|---|
Returns: | None |
remove_user_from_group
(**kwargs)¶Removes the specified user from the specified group.
Request Syntax
response = client.remove_user_from_group(
GroupName='string',
UserName='string'
)
Parameters: |
|
---|---|
Returns: | None |
resync_mfa_device
(**kwargs)¶Synchronizes the specified MFA device with AWS servers.
For more information about creating and working with virtual MFA devices, go to Using a Virtual MFA Device in the Using IAM guide.
Request Syntax
response = client.resync_mfa_device(
UserName='string',
SerialNumber='string',
AuthenticationCode1='string',
AuthenticationCode2='string'
)
Parameters: |
|
---|---|
Returns: | None |
set_default_policy_version
(**kwargs)¶Sets the specified version of the specified policy as the policy's default (operative) version.
This action affects all users, groups, and roles that the policy is attached to. To list the users, groups, and roles that the policy is attached to, use the ListEntitiesForPolicy API.
For information about managed policies, refer to Managed Policies and Inline Policies in the Using IAM guide.
Request Syntax
response = client.set_default_policy_version(
PolicyArn='string',
VersionId='string'
)
Parameters: |
|
---|---|
Returns: | None |
update_access_key
(**kwargs)¶Changes the status of the specified access key from Active to Inactive, or vice versa. This action can be used to disable a user's key as part of a key rotation work flow.
If the UserName
field is not specified, the UserName is determined implicitly based on the AWS access key ID used to sign the request. Because this action works for access keys under the AWS account, you can use this action to manage root credentials even if the AWS account has no associated users.
For information about rotating keys, see Managing Keys and Certificates in the Using IAM guide.
Request Syntax
response = client.update_access_key(
UserName='string',
AccessKeyId='string',
Status='Active'|'Inactive'
)
Parameters: |
|
---|---|
Returns: | None |
update_account_password_policy
(**kwargs)¶Updates the password policy settings for the AWS account.
Note
This action does not support partial updates. No parameters are required, but if you do not specify a parameter, that parameter's value reverts to its default value. See the Request Parameters section for each parameter's default value.
For more information about using a password policy, see Managing an IAM Password Policy in the Using IAM guide.
Request Syntax
response = client.update_account_password_policy(
MinimumPasswordLength=123,
RequireSymbols=True|False,
RequireNumbers=True|False,
RequireUppercaseCharacters=True|False,
RequireLowercaseCharacters=True|False,
AllowUsersToChangePassword=True|False,
MaxPasswordAge=123,
PasswordReusePrevention=123,
HardExpiry=True|False
)
Parameters: |
|
---|---|
Returns: | None |
update_assume_role_policy
(**kwargs)¶Updates the policy that grants an entity permission to assume a role. For more information about roles, go to Using Roles to Delegate Permissions and Federate Identities .
Request Syntax
response = client.update_assume_role_policy(
RoleName='string',
PolicyDocument='string'
)
Parameters: |
|
---|---|
Returns: | None |
update_group
(**kwargs)¶Updates the name and/or the path of the specified group.
Warning
You should understand the implications of changing a group's path or name. For more information, see Renaming Users and Groups in the Using IAM guide.
Note
To change a group name the requester must have appropriate permissions on both the source object and the target object. For example, to change Managers to MGRs, the entity making the request must have permission on Managers and MGRs, or must have permission on all (*). For more information about permissions, see Permissions and Policies .
Request Syntax
response = client.update_group(
GroupName='string',
NewPath='string',
NewGroupName='string'
)
Parameters: |
|
---|---|
Returns: | None |
update_login_profile
(**kwargs)¶Changes the password for the specified user.
Users can change their own passwords by calling ChangePassword . For more information about modifying passwords, see Managing Passwords in the Using IAM guide.
Request Syntax
response = client.update_login_profile(
UserName='string',
Password='string',
PasswordResetRequired=True|False
)
Parameters: |
|
---|---|
Returns: | None |
update_open_id_connect_provider_thumbprint
(**kwargs)¶Replaces the existing list of server certificate thumbprints with a new list.
The list that you pass with this action completely replaces the existing list of thumbprints. (The lists are not merged.)
Typically, you need to update a thumbprint only when the identity provider's certificate changes, which occurs rarely. However, if the provider's certificate does change, any attempt to assume an IAM role that specifies the OIDC provider as a principal will fail until the certificate thumbprint is updated.
Note
Because trust for the OpenID Connect provider is ultimately derived from the provider's certificate and is validated by the thumbprint, it is a best practice to limit access to the UpdateOpenIDConnectProviderThumbprint
action to highly-privileged users.
Request Syntax
response = client.update_open_id_connect_provider_thumbprint(
OpenIDConnectProviderArn='string',
ThumbprintList=[
'string',
]
)
Parameters: |
|
---|---|
Returns: | None |
update_saml_provider
(**kwargs)¶Updates the metadata document for an existing SAML provider.
Note
This operation requires Signature Version 4 .
Request Syntax
response = client.update_saml_provider(
SAMLMetadataDocument='string',
SAMLProviderArn='string'
)
Parameters: |
|
---|---|
Return type: | dict |
Returns: | Response Syntax {
'SAMLProviderArn': 'string'
}
Response Structure
|
update_server_certificate
(**kwargs)¶Updates the name and/or the path of the specified server certificate.
Warning
You should understand the implications of changing a server certificate's path or name. For more information, see Managing Server Certificates in the Using IAM guide.
Note
To change a server certificate name the requester must have appropriate permissions on both the source object and the target object. For example, to change the name from ProductionCert to ProdCert, the entity making the request must have permission on ProductionCert and ProdCert, or must have permission on all (*). For more information about permissions, see Permissions and Policies .
Request Syntax
response = client.update_server_certificate(
ServerCertificateName='string',
NewPath='string',
NewServerCertificateName='string'
)
Parameters: |
|
---|---|
Returns: | None |
update_signing_certificate
(**kwargs)¶Changes the status of the specified signing certificate from active to disabled, or vice versa. This action can be used to disable a user's signing certificate as part of a certificate rotation work flow.
If the UserName
field is not specified, the UserName is determined implicitly based on the AWS access key ID used to sign the request. Because this action works for access keys under the AWS account, you can use this action to manage root credentials even if the AWS account has no associated users.
Request Syntax
response = client.update_signing_certificate(
UserName='string',
CertificateId='string',
Status='Active'|'Inactive'
)
Parameters: |
|
---|---|
Returns: | None |
update_ssh_public_key
(**kwargs)¶Sets the status of the specified SSH public key to active or inactive. SSH public keys that are inactive cannot be used for authentication. This action can be used to disable a user's SSH public key as part of a key rotation work flow.
The SSH public key affected by this action is used only for authenticating the associated IAM user to an AWS CodeCommit repository. For more information about using SSH keys to authenticate to an AWS CodeCommit repository, see Set up AWS CodeCommit for SSH Connections in the AWS CodeCommit User Guide .
Request Syntax
response = client.update_ssh_public_key(
UserName='string',
SSHPublicKeyId='string',
Status='Active'|'Inactive'
)
Parameters: |
|
---|---|
Returns: | None |
update_user
(**kwargs)¶Updates the name and/or the path of the specified user.
Warning
You should understand the implications of changing a user's path or name. For more information, see Renaming Users and Groups in the Using IAM guide.
Note
To change a user name the requester must have appropriate permissions on both the source object and the target object. For example, to change Bob to Robert, the entity making the request must have permission on Bob and Robert, or must have permission on all (*). For more information about permissions, see Permissions and Policies .
Request Syntax
response = client.update_user(
UserName='string',
NewPath='string',
NewUserName='string'
)
Parameters: |
|
---|---|
Returns: | None |
upload_server_certificate
(**kwargs)¶Uploads a server certificate entity for the AWS account. The server certificate entity includes a public key certificate, a private key, and an optional certificate chain, which should all be PEM-encoded.
For information about the number of server certificates you can upload, see Limitations on IAM Entities in the Using IAM guide.
Note
Because the body of the public key certificate, private key, and the certificate chain can be large, you should use POST rather than GET when calling UploadServerCertificate
. For information about setting up signatures and authorization through the API, go to Signing AWS API Requests in the AWS General Reference . For general information about using the Query API with IAM, go to Making Query Requests in the Using IAM guide.
Request Syntax
response = client.upload_server_certificate(
Path='string',
ServerCertificateName='string',
CertificateBody='string',
PrivateKey='string',
CertificateChain='string'
)
Parameters: |
|
---|---|
Return type: | dict |
Returns: | Response Syntax {
'ServerCertificateMetadata': {
'Path': 'string',
'ServerCertificateName': 'string',
'ServerCertificateId': 'string',
'Arn': 'string',
'UploadDate': datetime(2015, 1, 1),
'Expiration': datetime(2015, 1, 1)
}
}
Response Structure
|
upload_signing_certificate
(**kwargs)¶Uploads an X.509 signing certificate and associates it with the specified user. Some AWS services use X.509 signing certificates to validate requests that are signed with a corresponding private key. When you upload the certificate, its default status is Active
.
If the UserName
field is not specified, the user name is determined implicitly based on the AWS access key ID used to sign the request. Because this action works for access keys under the AWS account, you can use this action to manage root credentials even if the AWS account has no associated users.
Note
Because the body of a X.509 certificate can be large, you should use POST rather than GET when calling UploadSigningCertificate
. For information about setting up signatures and authorization through the API, go to Signing AWS API Requests in the AWS General Reference . For general information about using the Query API with IAM, go to Making Query Requests in the Using IAM guide.
Request Syntax
response = client.upload_signing_certificate(
UserName='string',
CertificateBody='string'
)
Parameters: |
|
---|---|
Return type: | dict |
Returns: | Response Syntax {
'Certificate': {
'UserName': 'string',
'CertificateId': 'string',
'CertificateBody': 'string',
'Status': 'Active'|'Inactive',
'UploadDate': datetime(2015, 1, 1)
}
}
Response Structure
|
upload_ssh_public_key
(**kwargs)¶Uploads an SSH public key and associates it with the specified IAM user.
The SSH public key uploaded by this action can be used only for authenticating the associated IAM user to an AWS CodeCommit repository. For more information about using SSH keys to authenticate to an AWS CodeCommit repository, see Set up AWS CodeCommit for SSH Connections in the AWS CodeCommit User Guide .
Request Syntax
response = client.upload_ssh_public_key(
UserName='string',
SSHPublicKeyBody='string'
)
Parameters: |
|
---|---|
Return type: | dict |
Returns: | Response Syntax {
'SSHPublicKey': {
'UserName': 'string',
'SSHPublicKeyId': 'string',
'Fingerprint': 'string',
'SSHPublicKeyBody': 'string',
'Status': 'Active'|'Inactive',
'UploadDate': datetime(2015, 1, 1)
}
}
Response Structure
|
The available paginators are:
IAM.Paginator.get_group
IAM.Paginator.list_access_keys
IAM.Paginator.list_account_aliases
IAM.Paginator.list_group_policies
IAM.Paginator.list_groups
IAM.Paginator.list_groups_for_user
IAM.Paginator.list_instance_profiles
IAM.Paginator.list_instance_profiles_for_role
IAM.Paginator.list_mfa_devices
IAM.Paginator.list_policies
IAM.Paginator.list_role_policies
IAM.Paginator.list_roles
IAM.Paginator.list_server_certificates
IAM.Paginator.list_signing_certificates
IAM.Paginator.list_user_policies
IAM.Paginator.list_users
IAM.Paginator.list_virtual_mfa_devices
IAM.Paginator.
get_group
¶paginator = client.get_paginator('get_group')
paginate
(**kwargs)¶Creates an iterator that will paginate through responses from IAM.Client.get_group()
.
Request Syntax
response_iterator = paginator.paginate(
GroupName='string',
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
Parameters: |
|
---|---|
Return type: | dict |
Returns: | Response Syntax {
'Group': {
'Path': 'string',
'GroupName': 'string',
'GroupId': 'string',
'Arn': 'string',
'CreateDate': datetime(2015, 1, 1)
},
'Users': [
{
'Path': 'string',
'UserName': 'string',
'UserId': 'string',
'Arn': 'string',
'CreateDate': datetime(2015, 1, 1),
'PasswordLastUsed': datetime(2015, 1, 1)
},
],
'IsTruncated': True|False,
'NextToken': 'string'
}
Response Structure
|
IAM.Paginator.
list_access_keys
¶paginator = client.get_paginator('list_access_keys')
paginate
(**kwargs)¶Creates an iterator that will paginate through responses from IAM.Client.list_access_keys()
.
Request Syntax
response_iterator = paginator.paginate(
UserName='string',
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
Parameters: |
|
---|---|
Return type: | dict |
Returns: | Response Syntax {
'AccessKeyMetadata': [
{
'UserName': 'string',
'AccessKeyId': 'string',
'Status': 'Active'|'Inactive',
'CreateDate': datetime(2015, 1, 1)
},
],
'IsTruncated': True|False,
'NextToken': 'string'
}
Response Structure
|
IAM.Paginator.
list_account_aliases
¶paginator = client.get_paginator('list_account_aliases')
paginate
(**kwargs)¶Creates an iterator that will paginate through responses from IAM.Client.list_account_aliases()
.
Request Syntax
response_iterator = paginator.paginate(
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
Parameters: | PaginationConfig (dict) -- A dictionary that provides parameters to control pagination.
|
---|---|
Return type: | dict |
Returns: | Response Syntax{
'AccountAliases': [
'string',
],
'IsTruncated': True|False,
'NextToken': 'string'
}
Response Structure
|
IAM.Paginator.
list_group_policies
¶paginator = client.get_paginator('list_group_policies')
paginate
(**kwargs)¶Creates an iterator that will paginate through responses from IAM.Client.list_group_policies()
.
Request Syntax
response_iterator = paginator.paginate(
GroupName='string',
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
Parameters: |
|
---|---|
Return type: | dict |
Returns: | Response Syntax {
'PolicyNames': [
'string',
],
'IsTruncated': True|False,
'NextToken': 'string'
}
Response Structure
|
IAM.Paginator.
list_groups
¶paginator = client.get_paginator('list_groups')
paginate
(**kwargs)¶Creates an iterator that will paginate through responses from IAM.Client.list_groups()
.
Request Syntax
response_iterator = paginator.paginate(
PathPrefix='string',
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
Parameters: |
|
---|---|
Return type: | dict |
Returns: | Response Syntax {
'Groups': [
{
'Path': 'string',
'GroupName': 'string',
'GroupId': 'string',
'Arn': 'string',
'CreateDate': datetime(2015, 1, 1)
},
],
'IsTruncated': True|False,
'NextToken': 'string'
}
Response Structure
|
IAM.Paginator.
list_groups_for_user
¶paginator = client.get_paginator('list_groups_for_user')
paginate
(**kwargs)¶Creates an iterator that will paginate through responses from IAM.Client.list_groups_for_user()
.
Request Syntax
response_iterator = paginator.paginate(
UserName='string',
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
Parameters: |
|
---|---|
Return type: | dict |
Returns: | Response Syntax {
'Groups': [
{
'Path': 'string',
'GroupName': 'string',
'GroupId': 'string',
'Arn': 'string',
'CreateDate': datetime(2015, 1, 1)
},
],
'IsTruncated': True|False,
'NextToken': 'string'
}
Response Structure
|
IAM.Paginator.
list_instance_profiles
¶paginator = client.get_paginator('list_instance_profiles')
paginate
(**kwargs)¶Creates an iterator that will paginate through responses from IAM.Client.list_instance_profiles()
.
Request Syntax
response_iterator = paginator.paginate(
PathPrefix='string',
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
Parameters: |
|
---|---|
Return type: | dict |
Returns: | Response Syntax {
'InstanceProfiles': [
{
'Path': 'string',
'InstanceProfileName': 'string',
'InstanceProfileId': 'string',
'Arn': 'string',
'CreateDate': datetime(2015, 1, 1),
'Roles': [
{
'Path': 'string',
'RoleName': 'string',
'RoleId': 'string',
'Arn': 'string',
'CreateDate': datetime(2015, 1, 1),
'AssumeRolePolicyDocument': 'string'
},
]
},
],
'IsTruncated': True|False,
'NextToken': 'string'
}
Response Structure
|
IAM.Paginator.
list_instance_profiles_for_role
¶paginator = client.get_paginator('list_instance_profiles_for_role')
paginate
(**kwargs)¶Creates an iterator that will paginate through responses from IAM.Client.list_instance_profiles_for_role()
.
Request Syntax
response_iterator = paginator.paginate(
RoleName='string',
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
Parameters: |
|
---|---|
Return type: | dict |
Returns: | Response Syntax {
'InstanceProfiles': [
{
'Path': 'string',
'InstanceProfileName': 'string',
'InstanceProfileId': 'string',
'Arn': 'string',
'CreateDate': datetime(2015, 1, 1),
'Roles': [
{
'Path': 'string',
'RoleName': 'string',
'RoleId': 'string',
'Arn': 'string',
'CreateDate': datetime(2015, 1, 1),
'AssumeRolePolicyDocument': 'string'
},
]
},
],
'IsTruncated': True|False,
'NextToken': 'string'
}
Response Structure
|
IAM.Paginator.
list_mfa_devices
¶paginator = client.get_paginator('list_mfa_devices')
paginate
(**kwargs)¶Creates an iterator that will paginate through responses from IAM.Client.list_mfa_devices()
.
Request Syntax
response_iterator = paginator.paginate(
UserName='string',
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
Parameters: |
|
---|---|
Return type: | dict |
Returns: | Response Syntax {
'MFADevices': [
{
'UserName': 'string',
'SerialNumber': 'string',
'EnableDate': datetime(2015, 1, 1)
},
],
'IsTruncated': True|False,
'NextToken': 'string'
}
Response Structure
|
IAM.Paginator.
list_policies
¶paginator = client.get_paginator('list_policies')
paginate
(**kwargs)¶Creates an iterator that will paginate through responses from IAM.Client.list_policies()
.
Request Syntax
response_iterator = paginator.paginate(
Scope='All'|'AWS'|'Local',
OnlyAttached=True|False,
PathPrefix='string',
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
Parameters: |
|
---|---|
Return type: | dict |
Returns: | Response Syntax {
'Policies': [
{
'PolicyName': 'string',
'PolicyId': 'string',
'Arn': 'string',
'Path': 'string',
'DefaultVersionId': 'string',
'AttachmentCount': 123,
'IsAttachable': True|False,
'Description': 'string',
'CreateDate': datetime(2015, 1, 1),
'UpdateDate': datetime(2015, 1, 1)
},
],
'IsTruncated': True|False,
'NextToken': 'string'
}
Response Structure
|
IAM.Paginator.
list_role_policies
¶paginator = client.get_paginator('list_role_policies')
paginate
(**kwargs)¶Creates an iterator that will paginate through responses from IAM.Client.list_role_policies()
.
Request Syntax
response_iterator = paginator.paginate(
RoleName='string',
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
Parameters: |
|
---|---|
Return type: | dict |
Returns: | Response Syntax {
'PolicyNames': [
'string',
],
'IsTruncated': True|False,
'NextToken': 'string'
}
Response Structure
|
IAM.Paginator.
list_roles
¶paginator = client.get_paginator('list_roles')
paginate
(**kwargs)¶Creates an iterator that will paginate through responses from IAM.Client.list_roles()
.
Request Syntax
response_iterator = paginator.paginate(
PathPrefix='string',
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
Parameters: |
|
---|---|
Return type: | dict |
Returns: | Response Syntax {
'Roles': [
{
'Path': 'string',
'RoleName': 'string',
'RoleId': 'string',
'Arn': 'string',
'CreateDate': datetime(2015, 1, 1),
'AssumeRolePolicyDocument': 'string'
},
],
'IsTruncated': True|False,
'NextToken': 'string'
}
Response Structure
|
IAM.Paginator.
list_server_certificates
¶paginator = client.get_paginator('list_server_certificates')
paginate
(**kwargs)¶Creates an iterator that will paginate through responses from IAM.Client.list_server_certificates()
.
Request Syntax
response_iterator = paginator.paginate(
PathPrefix='string',
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
Parameters: |
|
---|---|
Return type: | dict |
Returns: | Response Syntax {
'ServerCertificateMetadataList': [
{
'Path': 'string',
'ServerCertificateName': 'string',
'ServerCertificateId': 'string',
'Arn': 'string',
'UploadDate': datetime(2015, 1, 1),
'Expiration': datetime(2015, 1, 1)
},
],
'IsTruncated': True|False,
'NextToken': 'string'
}
Response Structure
|
IAM.Paginator.
list_signing_certificates
¶paginator = client.get_paginator('list_signing_certificates')
paginate
(**kwargs)¶Creates an iterator that will paginate through responses from IAM.Client.list_signing_certificates()
.
Request Syntax
response_iterator = paginator.paginate(
UserName='string',
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
Parameters: |
|
---|---|
Return type: | dict |
Returns: | Response Syntax {
'Certificates': [
{
'UserName': 'string',
'CertificateId': 'string',
'CertificateBody': 'string',
'Status': 'Active'|'Inactive',
'UploadDate': datetime(2015, 1, 1)
},
],
'IsTruncated': True|False,
'NextToken': 'string'
}
Response Structure
|
IAM.Paginator.
list_user_policies
¶paginator = client.get_paginator('list_user_policies')
paginate
(**kwargs)¶Creates an iterator that will paginate through responses from IAM.Client.list_user_policies()
.
Request Syntax
response_iterator = paginator.paginate(
UserName='string',
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
Parameters: |
|
---|---|
Return type: | dict |
Returns: | Response Syntax {
'PolicyNames': [
'string',
],
'IsTruncated': True|False,
'NextToken': 'string'
}
Response Structure
|
IAM.Paginator.
list_users
¶paginator = client.get_paginator('list_users')
paginate
(**kwargs)¶Creates an iterator that will paginate through responses from IAM.Client.list_users()
.
Request Syntax
response_iterator = paginator.paginate(
PathPrefix='string',
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
Parameters: |
|
---|---|
Return type: | dict |
Returns: | Response Syntax {
'Users': [
{
'Path': 'string',
'UserName': 'string',
'UserId': 'string',
'Arn': 'string',
'CreateDate': datetime(2015, 1, 1),
'PasswordLastUsed': datetime(2015, 1, 1)
},
],
'IsTruncated': True|False,
'NextToken': 'string'
}
Response Structure
|
IAM.Paginator.
list_virtual_mfa_devices
¶paginator = client.get_paginator('list_virtual_mfa_devices')
paginate
(**kwargs)¶Creates an iterator that will paginate through responses from IAM.Client.list_virtual_mfa_devices()
.
Request Syntax
response_iterator = paginator.paginate(
AssignmentStatus='Assigned'|'Unassigned'|'Any',
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
Parameters: |
|
---|---|
Return type: | dict |
Returns: | Response Syntax {
'VirtualMFADevices': [
{
'SerialNumber': 'string',
'Base32StringSeed': b'bytes',
'QRCodePNG': b'bytes',
'User': {
'Path': 'string',
'UserName': 'string',
'UserId': 'string',
'Arn': 'string',
'CreateDate': datetime(2015, 1, 1),
'PasswordLastUsed': datetime(2015, 1, 1)
},
'EnableDate': datetime(2015, 1, 1)
},
],
'IsTruncated': True|False,
'NextToken': 'string'
}
Response Structure
|
IAM.
ServiceResource
¶A resource representing AWS Identity and Access Management (IAM):
import boto3
iam = boto3.resource('iam')
These are the resource's available actions:
change_password()
create_account_alias()
create_account_password_policy()
create_group()
create_instance_profile()
create_policy()
create_role()
create_saml_provider()
create_server_certificate()
create_signing_certificate()
create_user()
create_virtual_mfa_device()
These are the resource's available sub-resources:
AccessKey()
AccessKeyPair()
AccountPasswordPolicy()
AccountSummary()
AssumeRolePolicy()
CurrentUser()
Group()
GroupPolicy()
InstanceProfile()
LoginProfile()
MfaDevice()
Policy()
PolicyVersion()
Role()
RolePolicy()
SamlProvider()
ServerCertificate()
SigningCertificate()
User()
UserPolicy()
VirtualMfaDevice()
These are the resource's available collections:
groups
instance_profiles
policies
roles
saml_providers
server_certificates
users
virtual_mfa_devices
Actions
Actions call operations on resources. They may automatically handle the passing in of arguments set from identifiers and some attributes. For more information about actions refer to the Resources Introduction Guide.
change_password
(**kwargs)¶Changes the password of the IAM user who is calling this action. The root account password is not affected by this action.
To change the password for a different user, see UpdateLoginProfile . For more information about modifying passwords, see Managing Passwords in the Using IAM guide.
Request Syntax
response = iam.change_password(
OldPassword='string',
NewPassword='string'
)
Parameters: |
|
---|---|
Returns: | None |
create_account_alias
(**kwargs)¶Creates an alias for your AWS account. For information about using an AWS account alias, see Using an Alias for Your AWS Account ID in the Using IAM guide.
Request Syntax
response = iam.create_account_alias(
AccountAlias='string'
)
Parameters: | AccountAlias (string) -- [REQUIRED] The account alias to create. |
---|---|
Returns: | None |
create_account_password_policy
(**kwargs)¶Updates the password policy settings for the AWS account.
Note
This action does not support partial updates. No parameters are required, but if you do not specify a parameter, that parameter's value reverts to its default value. See the Request Parameters section for each parameter's default value.
For more information about using a password policy, see Managing an IAM Password Policy in the Using IAM guide.
Request Syntax
account_password_policy = iam.create_account_password_policy(
MinimumPasswordLength=123,
RequireSymbols=True|False,
RequireNumbers=True|False,
RequireUppercaseCharacters=True|False,
RequireLowercaseCharacters=True|False,
AllowUsersToChangePassword=True|False,
MaxPasswordAge=123,
PasswordReusePrevention=123,
HardExpiry=True|False
)
Parameters: |
|
---|---|
Return type: |
|
Returns: | A AccountPasswordPolicy resource |
create_group
(**kwargs)¶Creates a new group.
For information about the number of groups you can create, see Limitations on IAM Entities in the Using IAM guide.
Request Syntax
group = iam.create_group(
Path='string',
GroupName='string'
)
Parameters: |
|
---|---|
Return type: |
|
Returns: | A Group resource |
create_instance_profile
(**kwargs)¶Creates a new instance profile. For information about instance profiles, go to About Instance Profiles .
For information about the number of instance profiles you can create, see Limitations on IAM Entities in the Using IAM guide.
Request Syntax
instance_profile = iam.create_instance_profile(
InstanceProfileName='string',
Path='string'
)
Parameters: |
|
---|---|
Return type: |
|
Returns: | A InstanceProfile resource |
create_policy
(**kwargs)¶Creates a new managed policy for your AWS account.
This operation creates a policy version with a version identifier of v1
and sets v1 as the policy's default version. For more information about policy versions, see Versioning for Managed Policies in the Using IAM guide.
For more information about managed policies in general, refer to Managed Policies and Inline Policies in the Using IAM guide.
Request Syntax
policy = iam.create_policy(
PolicyName='string',
Path='string',
PolicyDocument='string',
Description='string'
)
Parameters: |
|
---|---|
Return type: |
|
Returns: | A Policy resource |
create_role
(**kwargs)¶Creates a new role for your AWS account. For more information about roles, go to Working with Roles . For information about limitations on role names and the number of roles you can create, go to Limitations on IAM Entities in the Using IAM guide.
The policy in the following example grants permission to an EC2 instance to assume the role.
Request Syntax
role = iam.create_role(
Path='string',
RoleName='string',
AssumeRolePolicyDocument='string'
)
Parameters: |
|
---|---|
Return type: |
|
Returns: | A Role resource |
create_saml_provider
(**kwargs)¶Creates an IAM entity to describe an identity provider (IdP) that supports SAML 2.0.
The SAML provider that you create with this operation can be used as a principal in a role's trust policy to establish a trust relationship between AWS and a SAML identity provider. You can create an IAM role that supports Web-based single sign-on (SSO) to the AWS Management Console or one that supports API access to AWS.
When you create the SAML provider, you upload an a SAML metadata document that you get from your IdP and that includes the issuer's name, expiration information, and keys that can be used to validate the SAML authentication response (assertions) that are received from the IdP. You must generate the metadata document using the identity management software that is used as your organization's IdP.
Note
This operation requires Signature Version 4 .
For more information, see Giving Console Access Using SAML and Creating Temporary Security Credentials for SAML Federation in the Using Temporary Credentials guide.
Request Syntax
saml_provider = iam.create_saml_provider(
SAMLMetadataDocument='string',
Name='string'
)
Parameters: |
|
---|---|
Return type: |
|
Returns: | A SamlProvider resource |
create_server_certificate
(**kwargs)¶Uploads a server certificate entity for the AWS account. The server certificate entity includes a public key certificate, a private key, and an optional certificate chain, which should all be PEM-encoded.
For information about the number of server certificates you can upload, see Limitations on IAM Entities in the Using IAM guide.
Note
Because the body of the public key certificate, private key, and the certificate chain can be large, you should use POST rather than GET when calling UploadServerCertificate
. For information about setting up signatures and authorization through the API, go to Signing AWS API Requests in the AWS General Reference . For general information about using the Query API with IAM, go to Making Query Requests in the Using IAM guide.
Request Syntax
server_certificate = iam.create_server_certificate(
Path='string',
ServerCertificateName='string',
CertificateBody='string',
PrivateKey='string',
CertificateChain='string'
)
Parameters: |
|
---|---|
Return type: |
|
Returns: | A ServerCertificate resource |
create_signing_certificate
(**kwargs)¶Uploads an X.509 signing certificate and associates it with the specified user. Some AWS services use X.509 signing certificates to validate requests that are signed with a corresponding private key. When you upload the certificate, its default status is Active
.
If the UserName
field is not specified, the user name is determined implicitly based on the AWS access key ID used to sign the request. Because this action works for access keys under the AWS account, you can use this action to manage root credentials even if the AWS account has no associated users.
Note
Because the body of a X.509 certificate can be large, you should use POST rather than GET when calling UploadSigningCertificate
. For information about setting up signatures and authorization through the API, go to Signing AWS API Requests in the AWS General Reference . For general information about using the Query API with IAM, go to Making Query Requests in the Using IAM guide.
Request Syntax
signing_certificate = iam.create_signing_certificate(
UserName='string',
CertificateBody='string'
)
Parameters: |
|
---|---|
Return type: |
|
Returns: | A SigningCertificate resource |
create_user
(**kwargs)¶Creates a new user for your AWS account.
For information about limitations on the number of users you can create, see Limitations on IAM Entities in the Using IAM guide.
Request Syntax
user = iam.create_user(
Path='string',
UserName='string'
)
Parameters: |
|
---|---|
Return type: |
|
Returns: | A User resource |
create_virtual_mfa_device
(**kwargs)¶Creates a new virtual MFA device for the AWS account. After creating the virtual MFA, use EnableMFADevice to attach the MFA device to an IAM user. For more information about creating and working with virtual MFA devices, go to Using a Virtual MFA Device in the Using IAM guide.
For information about limits on the number of MFA devices you can create, see Limitations on Entities in the Using IAM guide.
Warning
The seed information contained in the QR code and the Base32 string should be treated like any other secret access information, such as your AWS access keys or your passwords. After you provision your virtual device, you should ensure that the information is destroyed following secure procedures.
Request Syntax
virtual_mfa_device = iam.create_virtual_mfa_device(
Path='string',
VirtualMFADeviceName='string'
)
Parameters: |
|
---|---|
Return type: |
|
Returns: | A VirtualMfaDevice resource |
Sub-resources
Sub-resources are methods that create a new instance of a child resource. This resource's identifiers get passed along to the child. For more information about sub-resources refer to the Resources Introduction Guide.
AccessKey
(user_name, id)¶Creates a AccessKey resource.:
access_key = iam.AccessKey('user_name','id')
Parameters: |
|
---|---|
Return type: | |
Returns: | A AccessKey resource |
AccessKeyPair
(user_name, id, secret)¶Creates a AccessKeyPair resource.:
access_key_pair = iam.AccessKeyPair('user_name','id','secret')
Parameters: |
|
---|---|
Return type: | |
Returns: | A AccessKeyPair resource |
AccountPasswordPolicy
()¶Creates a AccountPasswordPolicy resource.:
account_password_policy = iam.AccountPasswordPolicy()
Return type: | IAM.AccountPasswordPolicy |
---|---|
Returns: | A AccountPasswordPolicy resource |
AccountSummary
()¶Creates a AccountSummary resource.:
account_summary = iam.AccountSummary()
Return type: | IAM.AccountSummary |
---|---|
Returns: | A AccountSummary resource |
AssumeRolePolicy
(role_name)¶Creates a AssumeRolePolicy resource.:
assume_role_policy = iam.AssumeRolePolicy('role_name')
Parameters: | role_name (string) -- The AssumeRolePolicy's role_name identifier. This must be set. |
---|---|
Return type: | IAM.AssumeRolePolicy |
Returns: | A AssumeRolePolicy resource |
CurrentUser
()¶Creates a CurrentUser resource.:
current_user = iam.CurrentUser()
Return type: | IAM.CurrentUser |
---|---|
Returns: | A CurrentUser resource |
Group
(name)¶Creates a Group resource.:
group = iam.Group('name')
Parameters: | name (string) -- The Group's name identifier. This must be set. |
---|---|
Return type: | IAM.Group |
Returns: | A Group resource |
GroupPolicy
(group_name, name)¶Creates a GroupPolicy resource.:
group_policy = iam.GroupPolicy('group_name','name')
Parameters: |
|
---|---|
Return type: | |
Returns: | A GroupPolicy resource |
InstanceProfile
(name)¶Creates a InstanceProfile resource.:
instance_profile = iam.InstanceProfile('name')
Parameters: | name (string) -- The InstanceProfile's name identifier. This must be set. |
---|---|
Return type: | IAM.InstanceProfile |
Returns: | A InstanceProfile resource |
LoginProfile
(user_name)¶Creates a LoginProfile resource.:
login_profile = iam.LoginProfile('user_name')
Parameters: | user_name (string) -- The LoginProfile's user_name identifier. This must be set. |
---|---|
Return type: | IAM.LoginProfile |
Returns: | A LoginProfile resource |
MfaDevice
(user_name, serial_number)¶Creates a MfaDevice resource.:
mfa_device = iam.MfaDevice('user_name','serial_number')
Parameters: |
|
---|---|
Return type: | |
Returns: | A MfaDevice resource |
Policy
(policy_arn)¶Creates a Policy resource.:
policy = iam.Policy('policy_arn')
Parameters: | policy_arn (string) -- The Policy's policy_arn identifier. This must be set. |
---|---|
Return type: | IAM.Policy |
Returns: | A Policy resource |
PolicyVersion
(arn, version_id)¶Creates a PolicyVersion resource.:
policy_version = iam.PolicyVersion('arn','version_id')
Parameters: |
|
---|---|
Return type: | |
Returns: | A PolicyVersion resource |
Role
(name)¶Creates a Role resource.:
role = iam.Role('name')
Parameters: | name (string) -- The Role's name identifier. This must be set. |
---|---|
Return type: | IAM.Role |
Returns: | A Role resource |
RolePolicy
(role_name, name)¶Creates a RolePolicy resource.:
role_policy = iam.RolePolicy('role_name','name')
Parameters: |
|
---|---|
Return type: | |
Returns: | A RolePolicy resource |
SamlProvider
(arn)¶Creates a SamlProvider resource.:
saml_provider = iam.SamlProvider('arn')
Parameters: | arn (string) -- The SamlProvider's arn identifier. This must be set. |
---|---|
Return type: | IAM.SamlProvider |
Returns: | A SamlProvider resource |
ServerCertificate
(name)¶Creates a ServerCertificate resource.:
server_certificate = iam.ServerCertificate('name')
Parameters: | name (string) -- The ServerCertificate's name identifier. This must be set. |
---|---|
Return type: | IAM.ServerCertificate |
Returns: | A ServerCertificate resource |
SigningCertificate
(user_name, id)¶Creates a SigningCertificate resource.:
signing_certificate = iam.SigningCertificate('user_name','id')
Parameters: |
|
---|---|
Return type: | |
Returns: | A SigningCertificate resource |
User
(name)¶Creates a User resource.:
user = iam.User('name')
Parameters: | name (string) -- The User's name identifier. This must be set. |
---|---|
Return type: | IAM.User |
Returns: | A User resource |
UserPolicy
(user_name, name)¶Creates a UserPolicy resource.:
user_policy = iam.UserPolicy('user_name','name')
Parameters: |
|
---|---|
Return type: | |
Returns: | A UserPolicy resource |
VirtualMfaDevice
(serial_number)¶Creates a VirtualMfaDevice resource.:
virtual_mfa_device = iam.VirtualMfaDevice('serial_number')
Parameters: | serial_number (string) -- The VirtualMfaDevice's serial_number identifier. This must be set. |
---|---|
Return type: | IAM.VirtualMfaDevice |
Returns: | A VirtualMfaDevice resource |
Collections
Collections provide an interface to iterate over and manipulate groups of resources. For more information about collections refer to the Resources Introduction Guide.
groups
¶all
()¶Creates an iterable of all Group resources in the collection.
Request Syntax
group_iterator = iam.groups.all()
Return type: | iam.Group |
---|---|
Returns: | A Group resource |
filter
(**kwargs)¶Creates an iterable of all Group resources in the collection filtered by kwargs passed to method.
Request Syntax
group_iterator = iam.groups.filter(
PathPrefix='string',
Marker='string',
MaxItems=123
)
Parameters: |
|
---|---|
Return type: |
|
Returns: | A Group resource |
limit
(**kwargs)¶Creates an iterable up to a specified amount of Group resources in the collection.
Request Syntax
group_iterator = iam.groups.limit(
count=123
)
Parameters: | count (integer) -- The limit to the number of resources in the iterable. |
---|---|
Return type: | iam.Group |
Returns: | A Group resource |
page_size
(**kwargs)¶Creates an iterable of all Group resources in the collection, but limits the number of items returned by each service call by the specified amount.
Request Syntax
group_iterator = iam.groups.page_size(
count=123
)
Parameters: | count (integer) -- The number of items returned by each service call |
---|---|
Return type: | iam.Group |
Returns: | A Group resource |
instance_profiles
¶all
()Creates an iterable of all InstanceProfile resources in the collection.
Request Syntax
instance_profile_iterator = iam.instance_profiles.all()
Return type: | iam.InstanceProfile |
---|---|
Returns: | A InstanceProfile resource |
filter
(**kwargs)Creates an iterable of all InstanceProfile resources in the collection filtered by kwargs passed to method.
Request Syntax
instance_profile_iterator = iam.instance_profiles.filter(
PathPrefix='string',
Marker='string',
MaxItems=123
)
Parameters: |
|
---|---|
Return type: |
|
Returns: | A InstanceProfile resource |
limit
(**kwargs)Creates an iterable up to a specified amount of InstanceProfile resources in the collection.
Request Syntax
instance_profile_iterator = iam.instance_profiles.limit(
count=123
)
Parameters: | count (integer) -- The limit to the number of resources in the iterable. |
---|---|
Return type: | iam.InstanceProfile |
Returns: | A InstanceProfile resource |
page_size
(**kwargs)Creates an iterable of all InstanceProfile resources in the collection, but limits the number of items returned by each service call by the specified amount.
Request Syntax
instance_profile_iterator = iam.instance_profiles.page_size(
count=123
)
Parameters: | count (integer) -- The number of items returned by each service call |
---|---|
Return type: | iam.InstanceProfile |
Returns: | A InstanceProfile resource |
policies
¶all
()Creates an iterable of all Policy resources in the collection.
Request Syntax
policy_iterator = iam.policies.all()
Return type: | iam.Policy |
---|---|
Returns: | A Policy resource |
filter
(**kwargs)Creates an iterable of all Policy resources in the collection filtered by kwargs passed to method.
Request Syntax
policy_iterator = iam.policies.filter(
Scope='All'|'AWS'|'Local',
OnlyAttached=True|False,
PathPrefix='string',
Marker='string',
MaxItems=123
)
Parameters: |
|
---|---|
Return type: |
|
Returns: | A Policy resource |
limit
(**kwargs)Creates an iterable up to a specified amount of Policy resources in the collection.
Request Syntax
policy_iterator = iam.policies.limit(
count=123
)
Parameters: | count (integer) -- The limit to the number of resources in the iterable. |
---|---|
Return type: | iam.Policy |
Returns: | A Policy resource |
page_size
(**kwargs)Creates an iterable of all Policy resources in the collection, but limits the number of items returned by each service call by the specified amount.
Request Syntax
policy_iterator = iam.policies.page_size(
count=123
)
Parameters: | count (integer) -- The number of items returned by each service call |
---|---|
Return type: | iam.Policy |
Returns: | A Policy resource |
roles
¶all
()Creates an iterable of all Role resources in the collection.
Request Syntax
role_iterator = iam.roles.all()
Return type: | iam.Role |
---|---|
Returns: | A Role resource |
filter
(**kwargs)Creates an iterable of all Role resources in the collection filtered by kwargs passed to method.
Request Syntax
role_iterator = iam.roles.filter(
PathPrefix='string',
Marker='string',
MaxItems=123
)
Parameters: |
|
---|---|
Return type: |
|
Returns: | A Role resource |
limit
(**kwargs)Creates an iterable up to a specified amount of Role resources in the collection.
Request Syntax
role_iterator = iam.roles.limit(
count=123
)
Parameters: | count (integer) -- The limit to the number of resources in the iterable. |
---|---|
Return type: | iam.Role |
Returns: | A Role resource |
page_size
(**kwargs)Creates an iterable of all Role resources in the collection, but limits the number of items returned by each service call by the specified amount.
Request Syntax
role_iterator = iam.roles.page_size(
count=123
)
Parameters: | count (integer) -- The number of items returned by each service call |
---|---|
Return type: | iam.Role |
Returns: | A Role resource |
saml_providers
¶all
()Creates an iterable of all SamlProvider resources in the collection.
Request Syntax
saml_provider_iterator = iam.saml_providers.all()
Return type: | iam.SamlProvider |
---|---|
Returns: | A SamlProvider resource |
filter
()Creates an iterable of all SamlProvider resources in the collection filtered by kwargs passed to method.
Request Syntax
saml_provider_iterator = iam.saml_providers.filter()
Return type: | iam.SamlProvider |
---|---|
Returns: | A SamlProvider resource |
limit
(**kwargs)Creates an iterable up to a specified amount of SamlProvider resources in the collection.
Request Syntax
saml_provider_iterator = iam.saml_providers.limit(
count=123
)
Parameters: | count (integer) -- The limit to the number of resources in the iterable. |
---|---|
Return type: | iam.SamlProvider |
Returns: | A SamlProvider resource |
page_size
(**kwargs)Creates an iterable of all SamlProvider resources in the collection, but limits the number of items returned by each service call by the specified amount.
Request Syntax
saml_provider_iterator = iam.saml_providers.page_size(
count=123
)
Parameters: | count (integer) -- The number of items returned by each service call |
---|---|
Return type: | iam.SamlProvider |
Returns: | A SamlProvider resource |
server_certificates
¶all
()Creates an iterable of all ServerCertificate resources in the collection.
Request Syntax
server_certificate_iterator = iam.server_certificates.all()
Return type: | iam.ServerCertificate |
---|---|
Returns: | A ServerCertificate resource |
filter
(**kwargs)Creates an iterable of all ServerCertificate resources in the collection filtered by kwargs passed to method.
Request Syntax
server_certificate_iterator = iam.server_certificates.filter(
PathPrefix='string',
Marker='string',
MaxItems=123
)
Parameters: |
|
---|---|
Return type: |
|
Returns: | A ServerCertificate resource |
limit
(**kwargs)Creates an iterable up to a specified amount of ServerCertificate resources in the collection.
Request Syntax
server_certificate_iterator = iam.server_certificates.limit(
count=123
)
Parameters: | count (integer) -- The limit to the number of resources in the iterable. |
---|---|
Return type: | iam.ServerCertificate |
Returns: | A ServerCertificate resource |
page_size
(**kwargs)Creates an iterable of all ServerCertificate resources in the collection, but limits the number of items returned by each service call by the specified amount.
Request Syntax
server_certificate_iterator = iam.server_certificates.page_size(
count=123
)
Parameters: | count (integer) -- The number of items returned by each service call |
---|---|
Return type: | iam.ServerCertificate |
Returns: | A ServerCertificate resource |
users
¶all
()Creates an iterable of all User resources in the collection.
Request Syntax
user_iterator = iam.users.all()
Return type: | iam.User |
---|---|
Returns: | A User resource |
filter
(**kwargs)Creates an iterable of all User resources in the collection filtered by kwargs passed to method.
Request Syntax
user_iterator = iam.users.filter(
PathPrefix='string',
Marker='string',
MaxItems=123
)
Parameters: |
|
---|---|
Return type: |
|
Returns: | A User resource |
limit
(**kwargs)Creates an iterable up to a specified amount of User resources in the collection.
Request Syntax
user_iterator = iam.users.limit(
count=123
)
Parameters: | count (integer) -- The limit to the number of resources in the iterable. |
---|---|
Return type: | iam.User |
Returns: | A User resource |
page_size
(**kwargs)Creates an iterable of all User resources in the collection, but limits the number of items returned by each service call by the specified amount.
Request Syntax
user_iterator = iam.users.page_size(
count=123
)
Parameters: | count (integer) -- The number of items returned by each service call |
---|---|
Return type: | iam.User |
Returns: | A User resource |
virtual_mfa_devices
¶all
()Creates an iterable of all VirtualMfaDevice resources in the collection.
Request Syntax
virtual_mfa_device_iterator = iam.virtual_mfa_devices.all()
Return type: | iam.VirtualMfaDevice |
---|---|
Returns: | A VirtualMfaDevice resource |
filter
(**kwargs)Creates an iterable of all VirtualMfaDevice resources in the collection filtered by kwargs passed to method.
Request Syntax
virtual_mfa_device_iterator = iam.virtual_mfa_devices.filter(
AssignmentStatus='Assigned'|'Unassigned'|'Any',
Marker='string',
MaxItems=123
)
Parameters: |
|
---|---|
Return type: |
|
Returns: | A VirtualMfaDevice resource |
limit
(**kwargs)Creates an iterable up to a specified amount of VirtualMfaDevice resources in the collection.
Request Syntax
virtual_mfa_device_iterator = iam.virtual_mfa_devices.limit(
count=123
)
Parameters: | count (integer) -- The limit to the number of resources in the iterable. |
---|---|
Return type: | iam.VirtualMfaDevice |
Returns: | A VirtualMfaDevice resource |
page_size
(**kwargs)Creates an iterable of all VirtualMfaDevice resources in the collection, but limits the number of items returned by each service call by the specified amount.
Request Syntax
virtual_mfa_device_iterator = iam.virtual_mfa_devices.page_size(
count=123
)
Parameters: | count (integer) -- The number of items returned by each service call |
---|---|
Return type: | iam.VirtualMfaDevice |
Returns: | A VirtualMfaDevice resource |
IAM.
AccessKey
(user_name, id)¶A resource representing an AWS Identity and Access Management (IAM) AccessKey:
import boto3
iam = boto3.resource('iam')
access_key = iam.AccessKey('user_name','id')
Parameters: |
|
---|
These are the resource's available identifiers:
These are the resource's available attributes:
These are the resource's available actions:
These are the resource's available sub-resources:
Identifiers
Identifiers are properties of a resource that are set upon instantation of the resource. For more information about identifiers refer to the Resources Introduction Guide.
user_name
¶(string) The AccessKey's user_name identifier. This must be set.
id
¶(string) The AccessKey's id identifier. This must be set.
Attributes
Attributes provide access to the properties of a resource. Attributes are lazy-loaded the first time one is accessed via the load()
method.
For more information about attributes refer to the Resources Introduction Guide.
status
¶(string)
The status of the access key. Active
means the key is valid for API calls; Inactive
means it is not.
create_date
¶(datetime)
The date when the access key was created.
access_key_id
¶(string)
The ID for this access key.
Actions
Actions call operations on resources. They may automatically handle the passing in of arguments set from identifiers and some attributes. For more information about actions refer to the Resources Introduction Guide.
activate
()¶Changes the status of the specified access key from Active to Inactive, or vice versa. This action can be used to disable a user's key as part of a key rotation work flow.
If the UserName
field is not specified, the UserName is determined implicitly based on the AWS access key ID used to sign the request. Because this action works for access keys under the AWS account, you can use this action to manage root credentials even if the AWS account has no associated users.
For information about rotating keys, see Managing Keys and Certificates in the Using IAM guide.
Request Syntax
response = access_key.activate()
Returns: | None |
---|
deactivate
()¶Changes the status of the specified access key from Active to Inactive, or vice versa. This action can be used to disable a user's key as part of a key rotation work flow.
If the UserName
field is not specified, the UserName is determined implicitly based on the AWS access key ID used to sign the request. Because this action works for access keys under the AWS account, you can use this action to manage root credentials even if the AWS account has no associated users.
For information about rotating keys, see Managing Keys and Certificates in the Using IAM guide.
Request Syntax
response = access_key.deactivate()
Returns: | None |
---|
delete
()¶Deletes the access key associated with the specified user.
If you do not specify a user name, IAM determines the user name implicitly based on the AWS access key ID signing the request. Because this action works for access keys under the AWS account, you can use this action to manage root credentials even if the AWS account has no associated users.
Request Syntax
response = access_key.delete()
Returns: | None |
---|
Sub-resources
Sub-resources are methods that create a new instance of a child resource. This resource's identifiers get passed along to the child. For more information about sub-resources refer to the Resources Introduction Guide.
IAM.
AccessKeyPair
(user_name, id, secret)¶A resource representing an AWS Identity and Access Management (IAM) AccessKeyPair:
import boto3
iam = boto3.resource('iam')
access_key_pair = iam.AccessKeyPair('user_name','id','secret')
Parameters: |
|
---|
These are the resource's available identifiers:
These are the resource's available attributes:
These are the resource's available actions:
Identifiers
Identifiers are properties of a resource that are set upon instantation of the resource. For more information about identifiers refer to the Resources Introduction Guide.
user_name
¶(string) The AccessKeyPair's user_name identifier. This must be set.
id
¶(string) The AccessKeyPair's id identifier. This must be set.
secret
¶(string) The AccessKeyPair's secret identifier. This must be set.
Attributes
Attributes provide access to the properties of a resource. Attributes are lazy-loaded the first time one is accessed via the load()
method.
For more information about attributes refer to the Resources Introduction Guide.
status
¶(string)
The status of the access key. Active
means the key is valid for API calls, while Inactive
means it is not.
create_date
¶(datetime)
The date when the access key was created.
secret_access_key
¶(string)
The secret key used to sign requests.
access_key_id
¶(string)
The ID for this access key.
Actions
Actions call operations on resources. They may automatically handle the passing in of arguments set from identifiers and some attributes. For more information about actions refer to the Resources Introduction Guide.
activate
()¶Changes the status of the specified access key from Active to Inactive, or vice versa. This action can be used to disable a user's key as part of a key rotation work flow.
If the UserName
field is not specified, the UserName is determined implicitly based on the AWS access key ID used to sign the request. Because this action works for access keys under the AWS account, you can use this action to manage root credentials even if the AWS account has no associated users.
For information about rotating keys, see Managing Keys and Certificates in the Using IAM guide.
Request Syntax
response = access_key_pair.activate()
Returns: | None |
---|
deactivate
()¶Changes the status of the specified access key from Active to Inactive, or vice versa. This action can be used to disable a user's key as part of a key rotation work flow.
If the UserName
field is not specified, the UserName is determined implicitly based on the AWS access key ID used to sign the request. Because this action works for access keys under the AWS account, you can use this action to manage root credentials even if the AWS account has no associated users.
For information about rotating keys, see Managing Keys and Certificates in the Using IAM guide.
Request Syntax
response = access_key_pair.deactivate()
Returns: | None |
---|
delete
()¶Deletes the access key associated with the specified user.
If you do not specify a user name, IAM determines the user name implicitly based on the AWS access key ID signing the request. Because this action works for access keys under the AWS account, you can use this action to manage root credentials even if the AWS account has no associated users.
Request Syntax
response = access_key_pair.delete()
Returns: | None |
---|
IAM.
AccountPasswordPolicy
¶A resource representing an AWS Identity and Access Management (IAM) AccountPasswordPolicy:
import boto3
iam = boto3.resource('iam')
account_password_policy = iam.AccountPasswordPolicy()
These are the resource's available attributes:
hard_expiry
password_reuse_prevention
require_uppercase_characters
require_symbols
max_password_age
minimum_password_length
require_numbers
allow_users_to_change_password
require_lowercase_characters
expire_passwords
These are the resource's available actions:
Attributes
Attributes provide access to the properties of a resource. Attributes are lazy-loaded the first time one is accessed via the load()
method.
For more information about attributes refer to the Resources Introduction Guide.
hard_expiry
¶(boolean)
Specifies whether IAM users are prevented from setting a new password after their password has expired.
password_reuse_prevention
¶(integer)
Specifies the number of previous passwords that IAM users are prevented from reusing.
require_uppercase_characters
¶(boolean)
Specifies whether to require uppercase characters for IAM user passwords.
require_symbols
¶(boolean)
Specifies whether to require symbols for IAM user passwords.
max_password_age
¶(integer)
The number of days that an IAM user password is valid.
minimum_password_length
¶(integer)
Minimum length to require for IAM user passwords.
require_numbers
¶(boolean)
Specifies whether to require numbers for IAM user passwords.
allow_users_to_change_password
¶(boolean)
Specifies whether IAM users are allowed to change their own password.
require_lowercase_characters
¶(boolean)
Specifies whether to require lowercase characters for IAM user passwords.
expire_passwords
¶(boolean)
Specifies whether IAM users are required to change their password after a specified number of days.
Actions
Actions call operations on resources. They may automatically handle the passing in of arguments set from identifiers and some attributes. For more information about actions refer to the Resources Introduction Guide.
delete
()¶Deletes the password policy for the AWS account.
Request Syntax
response = account_password_policy.delete()
Returns: | None |
---|
load
()¶Calls iam.Client.get_account_password_policy()
to update the attributes of the AccountPasswordPolicy resource
Request Syntax
account_password_policy.load()
Returns: | None |
---|
reload
()¶Calls iam.Client.get_account_password_policy()
to update the attributes of the AccountPasswordPolicy resource
Request Syntax
account_password_policy.reload()
Returns: | None |
---|
update
(**kwargs)¶Updates the password policy settings for the AWS account.
Note
This action does not support partial updates. No parameters are required, but if you do not specify a parameter, that parameter's value reverts to its default value. See the Request Parameters section for each parameter's default value.
For more information about using a password policy, see Managing an IAM Password Policy in the Using IAM guide.
Request Syntax
response = account_password_policy.update(
MinimumPasswordLength=123,
RequireSymbols=True|False,
RequireNumbers=True|False,
RequireUppercaseCharacters=True|False,
RequireLowercaseCharacters=True|False,
AllowUsersToChangePassword=True|False,
MaxPasswordAge=123,
PasswordReusePrevention=123,
HardExpiry=True|False
)
Parameters: |
|
---|---|
Returns: | None |
IAM.
AccountSummary
¶A resource representing an AWS Identity and Access Management (IAM) AccountSummary:
import boto3
iam = boto3.resource('iam')
account_summary = iam.AccountSummary()
These are the resource's available attributes:
Attributes
Attributes provide access to the properties of a resource. Attributes are lazy-loaded the first time one is accessed via the load()
method.
For more information about attributes refer to the Resources Introduction Guide.
summary_map
¶(dict)
A set of key value pairs containing information about IAM entity usage and IAM quotas.
SummaryMap
contains the following keys:
IAM.
AssumeRolePolicy
(role_name)¶A resource representing an AWS Identity and Access Management (IAM) AssumeRolePolicy:
import boto3
iam = boto3.resource('iam')
assume_role_policy = iam.AssumeRolePolicy('role_name')
Parameters: | role_name (string) -- The AssumeRolePolicy's role_name identifier. This must be set. |
---|
These are the resource's available identifiers:
These are the resource's available actions:
These are the resource's available sub-resources:
Identifiers
Identifiers are properties of a resource that are set upon instantation of the resource. For more information about identifiers refer to the Resources Introduction Guide.
role_name
¶(string) The AssumeRolePolicy's role_name identifier. This must be set.
Actions
Actions call operations on resources. They may automatically handle the passing in of arguments set from identifiers and some attributes. For more information about actions refer to the Resources Introduction Guide.
update
(**kwargs)¶Updates the policy that grants an entity permission to assume a role. For more information about roles, go to Using Roles to Delegate Permissions and Federate Identities .
Request Syntax
response = assume_role_policy.update(
PolicyDocument='string'
)
Parameters: | PolicyDocument (string) -- [REQUIRED] The policy that grants an entity permission to assume the role. |
---|---|
Returns: | None |
Sub-resources
Sub-resources are methods that create a new instance of a child resource. This resource's identifiers get passed along to the child. For more information about sub-resources refer to the Resources Introduction Guide.
IAM.
CurrentUser
¶A resource representing an AWS Identity and Access Management (IAM) CurrentUser:
import boto3
iam = boto3.resource('iam')
current_user = iam.CurrentUser()
These are the resource's available attributes:
These are the resource's available references:
These are the resource's available collections:
Attributes
Attributes provide access to the properties of a resource. Attributes are lazy-loaded the first time one is accessed via the load()
method.
For more information about attributes refer to the Resources Introduction Guide.
create_date
¶(datetime)
The date and time, in ISO 8601 date-time format , when the user was created.
user_id
¶(string)
The stable and unique string identifying the user. For more information about IDs, see IAM Identifiers in the Using IAM guide.
user_name
¶(string)
The friendly name identifying the user.
path
¶(string)
The path to the user. For more information about paths, see IAM Identifiers in the Using IAM guide.
password_last_used
¶(datetime)
The date and time, in ISO 8601 date-time format , when the user's password was last used to sign in to an AWS website. For a list of AWS websites that capture a user's last sign-in time, see the Credential Reports topic in the Using IAM guide. If a password is used more than once in a five-minute span, only the first use is returned in this field. This field is null (not present) when:
This value is returned only in the GetUser and ListUsers actions.
arn
¶(string)
The Amazon Resource Name (ARN) that identifies the user. For more information about ARNs and how to use ARNs in policies, see IAM Identifiers in the Using IAM guide.
References
References are related resource instances that have a belongs-to relationship. For more information about references refer to the Resources Introduction Guide.
user
¶(User
) The related user if set, otherwise None
.
Collections
Collections provide an interface to iterate over and manipulate groups of resources. For more information about collections refer to the Resources Introduction Guide.
access_keys
¶all
()¶Creates an iterable of all AccessKey resources in the collection.
Request Syntax
access_key_iterator = current_user.access_keys.all()
Return type: | iam.AccessKey |
---|---|
Returns: | A AccessKey resource |
filter
(**kwargs)¶Creates an iterable of all AccessKey resources in the collection filtered by kwargs passed to method.
Request Syntax
access_key_iterator = current_user.access_keys.filter(
UserName='string',
Marker='string',
MaxItems=123
)
Parameters: |
|
---|---|
Return type: |
|
Returns: | A AccessKey resource |
limit
(**kwargs)¶Creates an iterable up to a specified amount of AccessKey resources in the collection.
Request Syntax
access_key_iterator = current_user.access_keys.limit(
count=123
)
Parameters: | count (integer) -- The limit to the number of resources in the iterable. |
---|---|
Return type: | iam.AccessKey |
Returns: | A AccessKey resource |
page_size
(**kwargs)¶Creates an iterable of all AccessKey resources in the collection, but limits the number of items returned by each service call by the specified amount.
Request Syntax
access_key_iterator = current_user.access_keys.page_size(
count=123
)
Parameters: | count (integer) -- The number of items returned by each service call |
---|---|
Return type: | iam.AccessKey |
Returns: | A AccessKey resource |
mfa_devices
¶all
()Creates an iterable of all MfaDevice resources in the collection.
Request Syntax
mfa_device_iterator = current_user.mfa_devices.all()
Return type: | iam.MfaDevice |
---|---|
Returns: | A MfaDevice resource |
filter
(**kwargs)Creates an iterable of all MfaDevice resources in the collection filtered by kwargs passed to method.
Request Syntax
mfa_device_iterator = current_user.mfa_devices.filter(
UserName='string',
Marker='string',
MaxItems=123
)
Parameters: |
|
---|---|
Return type: |
|
Returns: | A MfaDevice resource |
limit
(**kwargs)Creates an iterable up to a specified amount of MfaDevice resources in the collection.
Request Syntax
mfa_device_iterator = current_user.mfa_devices.limit(
count=123
)
Parameters: | count (integer) -- The limit to the number of resources in the iterable. |
---|---|
Return type: | iam.MfaDevice |
Returns: | A MfaDevice resource |
page_size
(**kwargs)Creates an iterable of all MfaDevice resources in the collection, but limits the number of items returned by each service call by the specified amount.
Request Syntax
mfa_device_iterator = current_user.mfa_devices.page_size(
count=123
)
Parameters: | count (integer) -- The number of items returned by each service call |
---|---|
Return type: | iam.MfaDevice |
Returns: | A MfaDevice resource |
signing_certificates
¶all
()Creates an iterable of all SigningCertificate resources in the collection.
Request Syntax
signing_certificate_iterator = current_user.signing_certificates.all()
Return type: | iam.SigningCertificate |
---|---|
Returns: | A SigningCertificate resource |
filter
(**kwargs)Creates an iterable of all SigningCertificate resources in the collection filtered by kwargs passed to method.
Request Syntax
signing_certificate_iterator = current_user.signing_certificates.filter(
UserName='string',
Marker='string',
MaxItems=123
)
Parameters: |
|
---|---|
Return type: |
|
Returns: | A SigningCertificate resource |
limit
(**kwargs)Creates an iterable up to a specified amount of SigningCertificate resources in the collection.
Request Syntax
signing_certificate_iterator = current_user.signing_certificates.limit(
count=123
)
Parameters: | count (integer) -- The limit to the number of resources in the iterable. |
---|---|
Return type: | iam.SigningCertificate |
Returns: | A SigningCertificate resource |
page_size
(**kwargs)Creates an iterable of all SigningCertificate resources in the collection, but limits the number of items returned by each service call by the specified amount.
Request Syntax
signing_certificate_iterator = current_user.signing_certificates.page_size(
count=123
)
Parameters: | count (integer) -- The number of items returned by each service call |
---|---|
Return type: | iam.SigningCertificate |
Returns: | A SigningCertificate resource |
IAM.
Group
(name)¶A resource representing an AWS Identity and Access Management (IAM) Group:
import boto3
iam = boto3.resource('iam')
group = iam.Group('name')
Parameters: | name (string) -- The Group's name identifier. This must be set. |
---|
These are the resource's available identifiers:
These are the resource's available attributes:
These are the resource's available actions:
add_user()
attach_policy()
create()
create_policy()
delete()
detach_policy()
load()
reload()
remove_user()
update()
These are the resource's available sub-resources:
These are the resource's available collections:
Identifiers
Identifiers are properties of a resource that are set upon instantation of the resource. For more information about identifiers refer to the Resources Introduction Guide.
name
¶(string) The Group's name identifier. This must be set.
Attributes
Attributes provide access to the properties of a resource. Attributes are lazy-loaded the first time one is accessed via the load()
method.
For more information about attributes refer to the Resources Introduction Guide.
path
¶(string)
The path to the group. For more information about paths, see IAM Identifiers in the Using IAM guide.
group_id
¶(string)
The stable and unique string identifying the group. For more information about IDs, see IAM Identifiers in the Using IAM guide.
create_date
¶(datetime)
The date and time, in ISO 8601 date-time format , when the group was created.
arn
¶(string)
The Amazon Resource Name (ARN) specifying the group. For more information about ARNs and how to use them in policies, see IAM Identifiers in the Using IAM guide.
group_name
¶(string)
The friendly name that identifies the group.
Actions
Actions call operations on resources. They may automatically handle the passing in of arguments set from identifiers and some attributes. For more information about actions refer to the Resources Introduction Guide.
add_user
(**kwargs)¶Adds the specified user to the specified group.
Request Syntax
response = group.add_user(
UserName='string'
)
Parameters: | UserName (string) -- [REQUIRED] The name of the user to add. |
---|---|
Returns: | None |
attach_policy
(**kwargs)¶Attaches the specified managed policy to the specified group.
You use this API to attach a managed policy to a group. To embed an inline policy in a group, use PutGroupPolicy .
For more information about policies, refer to Managed Policies and Inline Policies in the Using IAM guide.
Request Syntax
response = group.attach_policy(
PolicyArn='string'
)
Parameters: | PolicyArn (string) -- [REQUIRED] The Amazon Resource Name (ARN). ARNs are unique identifiers for AWS resources. For more information about ARNs, go to Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference . |
---|---|
Returns: | None |
create
(**kwargs)¶Creates a new group.
For information about the number of groups you can create, see Limitations on IAM Entities in the Using IAM guide.
Request Syntax
group = group.create(
Path='string',
)
Parameters: | Path (string) -- The path to the group. For more information about paths, see IAM Identifiers in the Using IAM guide. This parameter is optional. If it is not included, it defaults to a slash (/). |
---|---|
Return type: | iam.Group |
Returns: | A Group resource |
create_policy
(**kwargs)¶Adds (or updates) an inline policy document that is embedded in the specified group.
A user can also have managed policies attached to it. To attach a managed policy to a group, use AttachGroupPolicy . To create a new managed policy, use CreatePolicy . For information about policies, refer to Managed Policies and Inline Policies in the Using IAM guide.
For information about limits on the number of inline policies that you can embed in a group, see Limitations on IAM Entities in the Using IAM guide.
Note
Because policy documents can be large, you should use POST rather than GET when calling PutGroupPolicy
. For general information about using the Query API with IAM, go to Making Query Requests in the Using IAM guide.
Request Syntax
group_policy = group.create_policy(
PolicyName='string',
PolicyDocument='string'
)
Parameters: |
|
---|---|
Return type: |
|
Returns: | A GroupPolicy resource |
delete
()¶Deletes the specified group. The group must not contain any users or have any attached policies.
Request Syntax
response = group.delete()
Returns: | None |
---|
detach_policy
(**kwargs)¶Removes the specified managed policy from the specified group.
A group can also have inline policies embedded with it. To delete an inline policy, use the DeleteGroupPolicy API. For information about policies, refer to Managed Policies and Inline Policies in the Using IAM guide.
Request Syntax
response = group.detach_policy(
PolicyArn='string'
)
Parameters: | PolicyArn (string) -- [REQUIRED] The Amazon Resource Name (ARN). ARNs are unique identifiers for AWS resources. For more information about ARNs, go to Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference . |
---|---|
Returns: | None |
load
()¶Calls iam.Client.get_group()
to update the attributes of the Group resource
Request Syntax
group.load()
Returns: | None |
---|
reload
()¶Calls iam.Client.get_group()
to update the attributes of the Group resource
Request Syntax
group.reload()
Returns: | None |
---|
remove_user
(**kwargs)¶Removes the specified user from the specified group.
Request Syntax
response = group.remove_user(
UserName='string'
)
Parameters: | UserName (string) -- [REQUIRED] The name of the user to remove. |
---|---|
Returns: | None |
update
(**kwargs)¶Updates the name and/or the path of the specified group.
Warning
You should understand the implications of changing a group's path or name. For more information, see Renaming Users and Groups in the Using IAM guide.
Note
To change a group name the requester must have appropriate permissions on both the source object and the target object. For example, to change Managers to MGRs, the entity making the request must have permission on Managers and MGRs, or must have permission on all (*). For more information about permissions, see Permissions and Policies .
Request Syntax
group = group.update(
NewPath='string',
NewGroupName='string'
)
Parameters: |
|
---|---|
Return type: |
|
Returns: | A Group resource |
Sub-resources
Sub-resources are methods that create a new instance of a child resource. This resource's identifiers get passed along to the child. For more information about sub-resources refer to the Resources Introduction Guide.
Policy
(name)¶Creates a GroupPolicy resource.:
group_policy = group.Policy('name')
Parameters: | name (string) -- The Policy's name identifier. This must be set. |
---|---|
Return type: | IAM.GroupPolicy |
Returns: | A GroupPolicy resource |
Collections
Collections provide an interface to iterate over and manipulate groups of resources. For more information about collections refer to the Resources Introduction Guide.
attached_policies
¶all
()¶Creates an iterable of all Policy resources in the collection.
Request Syntax
policy_iterator = group.attached_policies.all()
Return type: | iam.Policy |
---|---|
Returns: | A Policy resource |
filter
(**kwargs)¶Creates an iterable of all Policy resources in the collection filtered by kwargs passed to method.
Request Syntax
policy_iterator = group.attached_policies.filter(
PathPrefix='string',
Marker='string',
MaxItems=123
)
Parameters: |
|
---|---|
Return type: |
|
Returns: | A Policy resource |
limit
(**kwargs)¶Creates an iterable up to a specified amount of Policy resources in the collection.
Request Syntax
policy_iterator = group.attached_policies.limit(
count=123
)
Parameters: | count (integer) -- The limit to the number of resources in the iterable. |
---|---|
Return type: | iam.Policy |
Returns: | A Policy resource |
page_size
(**kwargs)¶Creates an iterable of all Policy resources in the collection, but limits the number of items returned by each service call by the specified amount.
Request Syntax
policy_iterator = group.attached_policies.page_size(
count=123
)
Parameters: | count (integer) -- The number of items returned by each service call |
---|---|
Return type: | iam.Policy |
Returns: | A Policy resource |
policies
¶all
()Creates an iterable of all GroupPolicy resources in the collection.
Request Syntax
group_policy_iterator = group.policies.all()
Return type: | iam.GroupPolicy |
---|---|
Returns: | A GroupPolicy resource |
filter
(**kwargs)Creates an iterable of all GroupPolicy resources in the collection filtered by kwargs passed to method.
Request Syntax
group_policy_iterator = group.policies.filter(
Marker='string',
MaxItems=123
)
Parameters: |
|
---|---|
Return type: |
|
Returns: | A GroupPolicy resource |
limit
(**kwargs)Creates an iterable up to a specified amount of GroupPolicy resources in the collection.
Request Syntax
group_policy_iterator = group.policies.limit(
count=123
)
Parameters: | count (integer) -- The limit to the number of resources in the iterable. |
---|---|
Return type: | iam.GroupPolicy |
Returns: | A GroupPolicy resource |
page_size
(**kwargs)Creates an iterable of all GroupPolicy resources in the collection, but limits the number of items returned by each service call by the specified amount.
Request Syntax
group_policy_iterator = group.policies.page_size(
count=123
)
Parameters: | count (integer) -- The number of items returned by each service call |
---|---|
Return type: | iam.GroupPolicy |
Returns: | A GroupPolicy resource |
users
¶all
()Creates an iterable of all User resources in the collection.
Request Syntax
user_iterator = group.users.all()
Return type: | iam.User |
---|---|
Returns: | A User resource |
filter
(**kwargs)Creates an iterable of all User resources in the collection filtered by kwargs passed to method.
Request Syntax
user_iterator = group.users.filter(
Marker='string',
MaxItems=123
)
Parameters: |
|
---|---|
Return type: |
|
Returns: | A User resource |
limit
(**kwargs)Creates an iterable up to a specified amount of User resources in the collection.
Request Syntax
user_iterator = group.users.limit(
count=123
)
Parameters: | count (integer) -- The limit to the number of resources in the iterable. |
---|---|
Return type: | iam.User |
Returns: | A User resource |
page_size
(**kwargs)Creates an iterable of all User resources in the collection, but limits the number of items returned by each service call by the specified amount.
Request Syntax
user_iterator = group.users.page_size(
count=123
)
Parameters: | count (integer) -- The number of items returned by each service call |
---|---|
Return type: | iam.User |
Returns: | A User resource |
IAM.
GroupPolicy
(group_name, name)¶A resource representing an AWS Identity and Access Management (IAM) GroupPolicy:
import boto3
iam = boto3.resource('iam')
group_policy = iam.GroupPolicy('group_name','name')
Parameters: |
|
---|
These are the resource's available identifiers:
These are the resource's available attributes:
These are the resource's available actions:
These are the resource's available sub-resources:
Identifiers
Identifiers are properties of a resource that are set upon instantation of the resource. For more information about identifiers refer to the Resources Introduction Guide.
group_name
¶(string) The GroupPolicy's group_name identifier. This must be set.
name
¶(string) The GroupPolicy's name identifier. This must be set.
Attributes
Attributes provide access to the properties of a resource. Attributes are lazy-loaded the first time one is accessed via the load()
method.
For more information about attributes refer to the Resources Introduction Guide.
policy_document
¶(string)
The policy document.
policy_name
¶(string)
The name of the policy.
Actions
Actions call operations on resources. They may automatically handle the passing in of arguments set from identifiers and some attributes. For more information about actions refer to the Resources Introduction Guide.
delete
()¶Deletes the specified inline policy that is embedded in the specified group.
A group can also have managed policies attached to it. To detach a managed policy from a group, use DetachGroupPolicy . For more information about policies, refer to Managed Policies and Inline Policies in the Using IAM guide.
Request Syntax
response = group_policy.delete()
Returns: | None |
---|
load
()¶Calls iam.Client.get_group_policy()
to update the attributes of the GroupPolicy resource
Request Syntax
group_policy.load()
Returns: | None |
---|
put
(**kwargs)¶Adds (or updates) an inline policy document that is embedded in the specified group.
A user can also have managed policies attached to it. To attach a managed policy to a group, use AttachGroupPolicy . To create a new managed policy, use CreatePolicy . For information about policies, refer to Managed Policies and Inline Policies in the Using IAM guide.
For information about limits on the number of inline policies that you can embed in a group, see Limitations on IAM Entities in the Using IAM guide.
Note
Because policy documents can be large, you should use POST rather than GET when calling PutGroupPolicy
. For general information about using the Query API with IAM, go to Making Query Requests in the Using IAM guide.
Request Syntax
response = group_policy.put(
PolicyDocument='string'
)
Parameters: | PolicyDocument (string) -- [REQUIRED] The policy document. |
---|---|
Returns: | None |
reload
()¶Calls iam.Client.get_group_policy()
to update the attributes of the GroupPolicy resource
Request Syntax
group_policy.reload()
Returns: | None |
---|
Sub-resources
Sub-resources are methods that create a new instance of a child resource. This resource's identifiers get passed along to the child. For more information about sub-resources refer to the Resources Introduction Guide.
IAM.
InstanceProfile
(name)¶A resource representing an AWS Identity and Access Management (IAM) InstanceProfile:
import boto3
iam = boto3.resource('iam')
instance_profile = iam.InstanceProfile('name')
Parameters: | name (string) -- The InstanceProfile's name identifier. This must be set. |
---|
These are the resource's available identifiers:
These are the resource's available attributes:
These are the resource's available references:
These are the resource's available actions:
Identifiers
Identifiers are properties of a resource that are set upon instantation of the resource. For more information about identifiers refer to the Resources Introduction Guide.
name
¶(string) The InstanceProfile's name identifier. This must be set.
Attributes
Attributes provide access to the properties of a resource. Attributes are lazy-loaded the first time one is accessed via the load()
method.
For more information about attributes refer to the Resources Introduction Guide.
create_date
¶(datetime)
The date when the instance profile was created.
instance_profile_name
¶(string)
The name identifying the instance profile.
instance_profile_id
¶(string)
The stable and unique string identifying the instance profile. For more information about IDs, see IAM Identifiers in the Using IAM guide.
roles_attribute
¶(list)
The role associated with the instance profile.
path
¶(string)
The path to the instance profile. For more information about paths, see IAM Identifiers in the Using IAM guide.
arn
¶(string)
The Amazon Resource Name (ARN) specifying the instance profile. For more information about ARNs and how to use them in policies, see IAM Identifiers in the Using IAM guide.
References
References are related resource instances that have a belongs-to relationship. For more information about references refer to the Resources Introduction Guide.
roles
¶(Role
) The related roles if set, otherwise None
.
Actions
Actions call operations on resources. They may automatically handle the passing in of arguments set from identifiers and some attributes. For more information about actions refer to the Resources Introduction Guide.
add_role
(**kwargs)¶Adds the specified role to the specified instance profile. For more information about roles, go to Working with Roles . For more information about instance profiles, go to About Instance Profiles .
Request Syntax
response = instance_profile.add_role(
RoleName='string'
)
Parameters: | RoleName (string) -- [REQUIRED] The name of the role to add. |
---|---|
Returns: | None |
delete
()¶Deletes the specified instance profile. The instance profile must not have an associated role.
Warning
Make sure you do not have any Amazon EC2 instances running with the instance profile you are about to delete. Deleting a role or instance profile that is associated with a running instance will break any applications running on the instance.
For more information about instance profiles, go to About Instance Profiles .
Request Syntax
response = instance_profile.delete()
Returns: | None |
---|
load
()¶Calls iam.Client.get_instance_profile()
to update the attributes of the InstanceProfile resource
Request Syntax
instance_profile.load()
Returns: | None |
---|
reload
()¶Calls iam.Client.get_instance_profile()
to update the attributes of the InstanceProfile resource
Request Syntax
instance_profile.reload()
Returns: | None |
---|
remove_role
(**kwargs)¶Removes the specified role from the specified instance profile.
Warning
Make sure you do not have any Amazon EC2 instances running with the role you are about to remove from the instance profile. Removing a role from an instance profile that is associated with a running instance will break any applications running on the instance.
For more information about roles, go to Working with Roles . For more information about instance profiles, go to About Instance Profiles .
Request Syntax
response = instance_profile.remove_role(
RoleName='string'
)
Parameters: | RoleName (string) -- [REQUIRED] The name of the role to remove. |
---|---|
Returns: | None |
IAM.
LoginProfile
(user_name)¶A resource representing an AWS Identity and Access Management (IAM) LoginProfile:
import boto3
iam = boto3.resource('iam')
login_profile = iam.LoginProfile('user_name')
Parameters: | user_name (string) -- The LoginProfile's user_name identifier. This must be set. |
---|
These are the resource's available identifiers:
These are the resource's available attributes:
These are the resource's available actions:
These are the resource's available sub-resources:
Identifiers
Identifiers are properties of a resource that are set upon instantation of the resource. For more information about identifiers refer to the Resources Introduction Guide.
user_name
¶(string) The LoginProfile's user_name identifier. This must be set.
Attributes
Attributes provide access to the properties of a resource. Attributes are lazy-loaded the first time one is accessed via the load()
method.
For more information about attributes refer to the Resources Introduction Guide.
password_reset_required
¶(boolean)
Specifies whether the user is required to set a new password on next sign-in.
create_date
¶(datetime)
The date when the password for the user was created.
Actions
Actions call operations on resources. They may automatically handle the passing in of arguments set from identifiers and some attributes. For more information about actions refer to the Resources Introduction Guide.
create
(**kwargs)¶Creates a password for the specified user, giving the user the ability to access AWS services through the AWS Management Console. For more information about managing passwords, see Managing Passwords in the Using IAM guide.
Request Syntax
login_profile = login_profile.create(
Password='string',
PasswordResetRequired=True|False
)
Parameters: |
|
---|---|
Return type: |
|
Returns: | A LoginProfile resource |
delete
()¶Deletes the password for the specified user, which terminates the user's ability to access AWS services through the AWS Management Console.
Warning
Deleting a user's password does not prevent a user from accessing IAM through the command line interface or the API. To prevent all user access you must also either make the access key inactive or delete it. For more information about making keys inactive or deleting them, see UpdateAccessKey and DeleteAccessKey .
Request Syntax
response = login_profile.delete()
Returns: | None |
---|
load
()¶Calls iam.Client.get_login_profile()
to update the attributes of the LoginProfile resource
Request Syntax
login_profile.load()
Returns: | None |
---|
reload
()¶Calls iam.Client.get_login_profile()
to update the attributes of the LoginProfile resource
Request Syntax
login_profile.reload()
Returns: | None |
---|
update
(**kwargs)¶Changes the password for the specified user.
Users can change their own passwords by calling ChangePassword . For more information about modifying passwords, see Managing Passwords in the Using IAM guide.
Request Syntax
response = login_profile.update(
Password='string',
PasswordResetRequired=True|False
)
Parameters: |
|
---|---|
Returns: | None |
Sub-resources
Sub-resources are methods that create a new instance of a child resource. This resource's identifiers get passed along to the child. For more information about sub-resources refer to the Resources Introduction Guide.
IAM.
MfaDevice
(user_name, serial_number)¶A resource representing an AWS Identity and Access Management (IAM) MfaDevice:
import boto3
iam = boto3.resource('iam')
mfa_device = iam.MfaDevice('user_name','serial_number')
Parameters: |
|
---|
These are the resource's available identifiers:
These are the resource's available attributes:
These are the resource's available actions:
These are the resource's available sub-resources:
Identifiers
Identifiers are properties of a resource that are set upon instantation of the resource. For more information about identifiers refer to the Resources Introduction Guide.
user_name
¶(string) The MfaDevice's user_name identifier. This must be set.
serial_number
¶(string) The MfaDevice's serial_number identifier. This must be set.
Attributes
Attributes provide access to the properties of a resource. Attributes are lazy-loaded the first time one is accessed via the load()
method.
For more information about attributes refer to the Resources Introduction Guide.
enable_date
¶(datetime)
The date when the MFA device was enabled for the user.
Actions
Actions call operations on resources. They may automatically handle the passing in of arguments set from identifiers and some attributes. For more information about actions refer to the Resources Introduction Guide.
associate
(**kwargs)¶Enables the specified MFA device and associates it with the specified user name. When enabled, the MFA device is required for every subsequent login by the user name associated with the device.
Request Syntax
response = mfa_device.associate(
AuthenticationCode1='string',
AuthenticationCode2='string'
)
Parameters: |
|
---|---|
Returns: | None |
disassociate
()¶Deactivates the specified MFA device and removes it from association with the user name for which it was originally enabled.
For more information about creating and working with virtual MFA devices, go to Using a Virtual MFA Device in the Using IAM guide.
Request Syntax
response = mfa_device.disassociate()
Returns: | None |
---|
resync
(**kwargs)¶Synchronizes the specified MFA device with AWS servers.
For more information about creating and working with virtual MFA devices, go to Using a Virtual MFA Device in the Using IAM guide.
Request Syntax
response = mfa_device.resync(
AuthenticationCode1='string',
AuthenticationCode2='string'
)
Parameters: |
|
---|---|
Returns: | None |
Sub-resources
Sub-resources are methods that create a new instance of a child resource. This resource's identifiers get passed along to the child. For more information about sub-resources refer to the Resources Introduction Guide.
IAM.
Policy
(arn)¶A resource representing an AWS Identity and Access Management (IAM) Policy:
import boto3
iam = boto3.resource('iam')
policy = iam.Policy('arn')
Parameters: | arn (string) -- The Policy's arn identifier. This must be set. |
---|
These are the resource's available identifiers:
These are the resource's available attributes:
update_date
create_date
description
is_attachable
policy_name
default_version_id
attachment_count
path
policy_id
These are the resource's available references:
These are the resource's available actions:
attach_group()
attach_role()
attach_user()
create_version()
delete()
detach_group()
detach_role()
detach_user()
load()
reload()
These are the resource's available collections:
Identifiers
Identifiers are properties of a resource that are set upon instantation of the resource. For more information about identifiers refer to the Resources Introduction Guide.
arn
¶(string) The Policy's arn identifier. This must be set.
Attributes
Attributes provide access to the properties of a resource. Attributes are lazy-loaded the first time one is accessed via the load()
method.
For more information about attributes refer to the Resources Introduction Guide.
update_date
¶(datetime)
The date and time, in ISO 8601 date-time format , when the policy was last updated.
When a policy has only one version, this field contains the date and time when the policy was created. When a policy has more than one version, this field contains the date and time when the most recent policy version was created.
create_date
¶(datetime)
The date and time, in ISO 8601 date-time format , when the policy was created.
description
¶(string)
A friendly description of the policy.
This element is included in the response to the GetPolicy operation. It is not included in the response to the ListPolicies operation.
is_attachable
¶(boolean)
Specifies whether the policy can be attached to an IAM user, group, or role.
policy_name
¶(string)
The friendly name (not ARN) identifying the policy.
default_version_id
¶(string)
The identifier for the version of the policy that is set as the default version.
attachment_count
¶(integer)
The number of entities (users, groups, and roles) that the policy is attached to.
path
¶(string)
The path to the policy.
For more information about paths, see IAM Identifiers in the Using IAM guide.
policy_id
¶(string)
The stable and unique string identifying the policy.
For more information about IDs, see IAM Identifiers in the Using IAM guide.
References
References are related resource instances that have a belongs-to relationship. For more information about references refer to the Resources Introduction Guide.
default_version
¶(PolicyVersion
) The related default_version if set, otherwise None
.
Actions
Actions call operations on resources. They may automatically handle the passing in of arguments set from identifiers and some attributes. For more information about actions refer to the Resources Introduction Guide.
attach_group
(**kwargs)¶Attaches the specified managed policy to the specified group.
You use this API to attach a managed policy to a group. To embed an inline policy in a group, use PutGroupPolicy .
For more information about policies, refer to Managed Policies and Inline Policies in the Using IAM guide.
Request Syntax
response = policy.attach_group(
GroupName='string',
)
Parameters: | GroupName (string) -- [REQUIRED] The name (friendly name, not ARN) of the group to attach the policy to. |
---|---|
Returns: | None |
attach_role
(**kwargs)¶Attaches the specified managed policy to the specified role.
When you attach a managed policy to a role, the managed policy is used as the role's access (permissions) policy. You cannot use a managed policy as the role's trust policy. The role's trust policy is created at the same time as the role, using CreateRole . You can update a role's trust policy using UpdateAssumeRolePolicy .
Use this API to attach a managed policy to a role. To embed an inline policy in a role, use PutRolePolicy . For more information about policies, refer to Managed Policies and Inline Policies in the Using IAM guide.
Request Syntax
response = policy.attach_role(
RoleName='string',
)
Parameters: | RoleName (string) -- [REQUIRED] The name (friendly name, not ARN) of the role to attach the policy to. |
---|---|
Returns: | None |
attach_user
(**kwargs)¶Attaches the specified managed policy to the specified user.
You use this API to attach a managed policy to a user. To embed an inline policy in a user, use PutUserPolicy .
For more information about policies, refer to Managed Policies and Inline Policies in the Using IAM guide.
Request Syntax
response = policy.attach_user(
UserName='string',
)
Parameters: | UserName (string) -- [REQUIRED] The name (friendly name, not ARN) of the user to attach the policy to. |
---|---|
Returns: | None |
create_version
(**kwargs)¶Creates a new version of the specified managed policy. To update a managed policy, you create a new policy version. A managed policy can have up to five versions. If the policy has five versions, you must delete an existing version using DeletePolicyVersion before you create a new version.
Optionally, you can set the new version as the policy's default version. The default version is the operative version; that is, the version that is in effect for the IAM users, groups, and roles that the policy is attached to.
For more information about managed policy versions, see Versioning for Managed Policies in the Using IAM guide.
Request Syntax
policy_version = policy.create_version(
PolicyDocument='string',
SetAsDefault=True|False
)
Parameters: |
|
---|---|
Return type: |
|
Returns: | A PolicyVersion resource |
delete
()¶Deletes the specified managed policy.
Before you can delete a managed policy, you must detach the policy from all users, groups, and roles that it is attached to, and you must delete all of the policy's versions. The following steps describe the process for deleting a managed policy:
For information about managed policies, refer to Managed Policies and Inline Policies in the Using IAM guide.
Request Syntax
response = policy.delete()
Returns: | None |
---|
detach_group
(**kwargs)¶Removes the specified managed policy from the specified group.
A group can also have inline policies embedded with it. To delete an inline policy, use the DeleteGroupPolicy API. For information about policies, refer to Managed Policies and Inline Policies in the Using IAM guide.
Request Syntax
response = policy.detach_group(
GroupName='string',
)
Parameters: | GroupName (string) -- [REQUIRED] The name (friendly name, not ARN) of the group to detach the policy from. |
---|---|
Returns: | None |
detach_role
(**kwargs)¶Removes the specified managed policy from the specified role.
A role can also have inline policies embedded with it. To delete an inline policy, use the DeleteRolePolicy API. For information about policies, refer to Managed Policies and Inline Policies in the Using IAM guide.
Request Syntax
response = policy.detach_role(
RoleName='string',
)
Parameters: | RoleName (string) -- [REQUIRED] The name (friendly name, not ARN) of the role to detach the policy from. |
---|---|
Returns: | None |
detach_user
(**kwargs)¶Removes the specified managed policy from the specified user.
A user can also have inline policies embedded with it. To delete an inline policy, use the DeleteUserPolicy API. For information about policies, refer to Managed Policies and Inline Policies in the Using IAM guide.
Request Syntax
response = policy.detach_user(
UserName='string',
)
Parameters: | UserName (string) -- [REQUIRED] The name (friendly name, not ARN) of the user to detach the policy from. |
---|---|
Returns: | None |
load
()¶Calls iam.Client.get_policy()
to update the attributes of the Policy resource
Request Syntax
policy.load()
Returns: | None |
---|
reload
()¶Calls iam.Client.get_policy()
to update the attributes of the Policy resource
Request Syntax
policy.reload()
Returns: | None |
---|
Collections
Collections provide an interface to iterate over and manipulate groups of resources. For more information about collections refer to the Resources Introduction Guide.
attached_groups
¶all
()¶Creates an iterable of all Group resources in the collection.
Request Syntax
group_iterator = policy.attached_groups.all()
Return type: | iam.Group |
---|---|
Returns: | A Group resource |
filter
(**kwargs)¶Creates an iterable of all Group resources in the collection filtered by kwargs passed to method.
Request Syntax
group_iterator = policy.attached_groups.filter(
PathPrefix='string',
Marker='string',
MaxItems=123
)
Parameters: |
|
---|---|
Return type: |
|
Returns: | A Group resource |
limit
(**kwargs)¶Creates an iterable up to a specified amount of Group resources in the collection.
Request Syntax
group_iterator = policy.attached_groups.limit(
count=123
)
Parameters: | count (integer) -- The limit to the number of resources in the iterable. |
---|---|
Return type: | iam.Group |
Returns: | A Group resource |
page_size
(**kwargs)¶Creates an iterable of all Group resources in the collection, but limits the number of items returned by each service call by the specified amount.
Request Syntax
group_iterator = policy.attached_groups.page_size(
count=123
)
Parameters: | count (integer) -- The number of items returned by each service call |
---|---|
Return type: | iam.Group |
Returns: | A Group resource |
attached_roles
¶all
()Creates an iterable of all Role resources in the collection.
Request Syntax
role_iterator = policy.attached_roles.all()
Return type: | iam.Role |
---|---|
Returns: | A Role resource |
filter
(**kwargs)Creates an iterable of all Role resources in the collection filtered by kwargs passed to method.
Request Syntax
role_iterator = policy.attached_roles.filter(
PathPrefix='string',
Marker='string',
MaxItems=123
)
Parameters: |
|
---|---|
Return type: |
|
Returns: | A Role resource |
limit
(**kwargs)Creates an iterable up to a specified amount of Role resources in the collection.
Request Syntax
role_iterator = policy.attached_roles.limit(
count=123
)
Parameters: | count (integer) -- The limit to the number of resources in the iterable. |
---|---|
Return type: | iam.Role |
Returns: | A Role resource |
page_size
(**kwargs)Creates an iterable of all Role resources in the collection, but limits the number of items returned by each service call by the specified amount.
Request Syntax
role_iterator = policy.attached_roles.page_size(
count=123
)
Parameters: | count (integer) -- The number of items returned by each service call |
---|---|
Return type: | iam.Role |
Returns: | A Role resource |
attached_users
¶all
()Creates an iterable of all User resources in the collection.
Request Syntax
user_iterator = policy.attached_users.all()
Return type: | iam.User |
---|---|
Returns: | A User resource |
filter
(**kwargs)Creates an iterable of all User resources in the collection filtered by kwargs passed to method.
Request Syntax
user_iterator = policy.attached_users.filter(
PathPrefix='string',
Marker='string',
MaxItems=123
)
Parameters: |
|
---|---|
Return type: |
|
Returns: | A User resource |
limit
(**kwargs)Creates an iterable up to a specified amount of User resources in the collection.
Request Syntax
user_iterator = policy.attached_users.limit(
count=123
)
Parameters: | count (integer) -- The limit to the number of resources in the iterable. |
---|---|
Return type: | iam.User |
Returns: | A User resource |
page_size
(**kwargs)Creates an iterable of all User resources in the collection, but limits the number of items returned by each service call by the specified amount.
Request Syntax
user_iterator = policy.attached_users.page_size(
count=123
)
Parameters: | count (integer) -- The number of items returned by each service call |
---|---|
Return type: | iam.User |
Returns: | A User resource |
versions
¶all
()Creates an iterable of all PolicyVersion resources in the collection.
Request Syntax
policy_version_iterator = policy.versions.all()
Return type: | iam.PolicyVersion |
---|---|
Returns: | A PolicyVersion resource |
filter
(**kwargs)Creates an iterable of all PolicyVersion resources in the collection filtered by kwargs passed to method.
Request Syntax
policy_version_iterator = policy.versions.filter(
Marker='string',
MaxItems=123
)
Parameters: |
|
---|---|
Return type: |
|
Returns: | A PolicyVersion resource |
limit
(**kwargs)Creates an iterable up to a specified amount of PolicyVersion resources in the collection.
Request Syntax
policy_version_iterator = policy.versions.limit(
count=123
)
Parameters: | count (integer) -- The limit to the number of resources in the iterable. |
---|---|
Return type: | iam.PolicyVersion |
Returns: | A PolicyVersion resource |
page_size
(**kwargs)Creates an iterable of all PolicyVersion resources in the collection, but limits the number of items returned by each service call by the specified amount.
Request Syntax
policy_version_iterator = policy.versions.page_size(
count=123
)
Parameters: | count (integer) -- The number of items returned by each service call |
---|---|
Return type: | iam.PolicyVersion |
Returns: | A PolicyVersion resource |
IAM.
PolicyVersion
(arn, version_id)¶A resource representing an AWS Identity and Access Management (IAM) PolicyVersion:
import boto3
iam = boto3.resource('iam')
policy_version = iam.PolicyVersion('arn','version_id')
Parameters: |
|
---|
These are the resource's available identifiers:
These are the resource's available attributes:
These are the resource's available actions:
Identifiers
Identifiers are properties of a resource that are set upon instantation of the resource. For more information about identifiers refer to the Resources Introduction Guide.
arn
¶(string) The PolicyVersion's arn identifier. This must be set.
version_id
¶(string) The PolicyVersion's version_id identifier. This must be set.
Attributes
Attributes provide access to the properties of a resource. Attributes are lazy-loaded the first time one is accessed via the load()
method.
For more information about attributes refer to the Resources Introduction Guide.
document
¶(string)
The policy document.
The policy document is returned in the response to the GetPolicyVersion and GetAccountAuthorizationDetails operations. It is not returned in the response to the CreatePolicyVersion or ListPolicyVersions operations.
create_date
¶(datetime)
The date and time, in ISO 8601 date-time format , when the policy version was created.
is_default_version
¶(boolean)
Specifies whether the policy version is set as the policy's default version.
Actions
Actions call operations on resources. They may automatically handle the passing in of arguments set from identifiers and some attributes. For more information about actions refer to the Resources Introduction Guide.
delete
()¶Deletes the specified version of the specified managed policy.
You cannot delete the default version of a policy using this API. To delete the default version of a policy, use DeletePolicy . To find out which version of a policy is marked as the default version, use ListPolicyVersions .
For information about versions for managed policies, refer to Versioning for Managed Policies in the Using IAM guide.
Request Syntax
response = policy_version.delete()
Returns: | None |
---|
load
()¶Calls iam.Client.get_policy_version()
to update the attributes of the PolicyVersion resource
Request Syntax
policy_version.load()
Returns: | None |
---|
reload
()¶Calls iam.Client.get_policy_version()
to update the attributes of the PolicyVersion resource
Request Syntax
policy_version.reload()
Returns: | None |
---|
set_as_default
()¶Sets the specified version of the specified policy as the policy's default (operative) version.
This action affects all users, groups, and roles that the policy is attached to. To list the users, groups, and roles that the policy is attached to, use the ListEntitiesForPolicy API.
For information about managed policies, refer to Managed Policies and Inline Policies in the Using IAM guide.
Request Syntax
response = policy_version.set_as_default()
Returns: | None |
---|
IAM.
Role
(name)¶A resource representing an AWS Identity and Access Management (IAM) Role:
import boto3
iam = boto3.resource('iam')
role = iam.Role('name')
Parameters: | name (string) -- The Role's name identifier. This must be set. |
---|
These are the resource's available identifiers:
These are the resource's available attributes:
These are the resource's available actions:
These are the resource's available sub-resources:
These are the resource's available collections:
Identifiers
Identifiers are properties of a resource that are set upon instantation of the resource. For more information about identifiers refer to the Resources Introduction Guide.
name
¶(string) The Role's name identifier. This must be set.
Attributes
Attributes provide access to the properties of a resource. Attributes are lazy-loaded the first time one is accessed via the load()
method.
For more information about attributes refer to the Resources Introduction Guide.
create_date
¶(datetime)
The date and time, in ISO 8601 date-time format , when the role was created.
role_id
¶(string)
The stable and unique string identifying the role. For more information about IDs, see IAM Identifiers in the Using IAM guide.
assume_role_policy_document
¶(string)
The policy that grants an entity permission to assume the role.
role_name
¶(string)
The friendly name that identifies the role.
path
¶(string)
The path to the role. For more information about paths, see IAM Identifiers in the Using IAM guide.
arn
¶(string)
The Amazon Resource Name (ARN) specifying the role. For more information about ARNs and how to use them in policies, see IAM Identifiers in the Using IAM guide.
Actions
Actions call operations on resources. They may automatically handle the passing in of arguments set from identifiers and some attributes. For more information about actions refer to the Resources Introduction Guide.
attach_policy
(**kwargs)¶Attaches the specified managed policy to the specified role.
When you attach a managed policy to a role, the managed policy is used as the role's access (permissions) policy. You cannot use a managed policy as the role's trust policy. The role's trust policy is created at the same time as the role, using CreateRole . You can update a role's trust policy using UpdateAssumeRolePolicy .
Use this API to attach a managed policy to a role. To embed an inline policy in a role, use PutRolePolicy . For more information about policies, refer to Managed Policies and Inline Policies in the Using IAM guide.
Request Syntax
response = role.attach_policy(
PolicyArn='string'
)
Parameters: | PolicyArn (string) -- [REQUIRED] The Amazon Resource Name (ARN). ARNs are unique identifiers for AWS resources. For more information about ARNs, go to Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference . |
---|---|
Returns: | None |
delete
()¶Deletes the specified role. The role must not have any policies attached. For more information about roles, go to Working with Roles .
Warning
Make sure you do not have any Amazon EC2 instances running with the role you are about to delete. Deleting a role or instance profile that is associated with a running instance will break any applications running on the instance.
Request Syntax
response = role.delete()
Returns: | None |
---|
detach_policy
(**kwargs)¶Removes the specified managed policy from the specified role.
A role can also have inline policies embedded with it. To delete an inline policy, use the DeleteRolePolicy API. For information about policies, refer to Managed Policies and Inline Policies in the Using IAM guide.
Request Syntax
response = role.detach_policy(
PolicyArn='string'
)
Parameters: | PolicyArn (string) -- [REQUIRED] The Amazon Resource Name (ARN). ARNs are unique identifiers for AWS resources. For more information about ARNs, go to Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference . |
---|---|
Returns: | None |
load
()¶Calls iam.Client.get_role()
to update the attributes of the Role resource
Request Syntax
role.load()
Returns: | None |
---|
reload
()¶Calls iam.Client.get_role()
to update the attributes of the Role resource
Request Syntax
role.reload()
Returns: | None |
---|
Sub-resources
Sub-resources are methods that create a new instance of a child resource. This resource's identifiers get passed along to the child. For more information about sub-resources refer to the Resources Introduction Guide.
AssumeRolePolicy
()¶Creates a AssumeRolePolicy resource.:
assume_role_policy = role.AssumeRolePolicy()
Return type: | IAM.AssumeRolePolicy |
---|---|
Returns: | A AssumeRolePolicy resource |
Policy
(name)¶Creates a RolePolicy resource.:
role_policy = role.Policy('name')
Parameters: | name (string) -- The Policy's name identifier. This must be set. |
---|---|
Return type: | IAM.RolePolicy |
Returns: | A RolePolicy resource |
Collections
Collections provide an interface to iterate over and manipulate groups of resources. For more information about collections refer to the Resources Introduction Guide.
attached_policies
¶all
()¶Creates an iterable of all Policy resources in the collection.
Request Syntax
policy_iterator = role.attached_policies.all()
Return type: | iam.Policy |
---|---|
Returns: | A Policy resource |
filter
(**kwargs)¶Creates an iterable of all Policy resources in the collection filtered by kwargs passed to method.
Request Syntax
policy_iterator = role.attached_policies.filter(
PathPrefix='string',
Marker='string',
MaxItems=123
)
Parameters: |
|
---|---|
Return type: |
|
Returns: | A Policy resource |
limit
(**kwargs)¶Creates an iterable up to a specified amount of Policy resources in the collection.
Request Syntax
policy_iterator = role.attached_policies.limit(
count=123
)
Parameters: | count (integer) -- The limit to the number of resources in the iterable. |
---|---|
Return type: | iam.Policy |
Returns: | A Policy resource |
page_size
(**kwargs)¶Creates an iterable of all Policy resources in the collection, but limits the number of items returned by each service call by the specified amount.
Request Syntax
policy_iterator = role.attached_policies.page_size(
count=123
)
Parameters: | count (integer) -- The number of items returned by each service call |
---|---|
Return type: | iam.Policy |
Returns: | A Policy resource |
instance_profiles
¶all
()Creates an iterable of all InstanceProfile resources in the collection.
Request Syntax
instance_profile_iterator = role.instance_profiles.all()
Return type: | iam.InstanceProfile |
---|---|
Returns: | A InstanceProfile resource |
filter
(**kwargs)Creates an iterable of all InstanceProfile resources in the collection filtered by kwargs passed to method.
Request Syntax
instance_profile_iterator = role.instance_profiles.filter(
Marker='string',
MaxItems=123
)
Parameters: |
|
---|---|
Return type: |
|
Returns: | A InstanceProfile resource |
limit
(**kwargs)Creates an iterable up to a specified amount of InstanceProfile resources in the collection.
Request Syntax
instance_profile_iterator = role.instance_profiles.limit(
count=123
)
Parameters: | count (integer) -- The limit to the number of resources in the iterable. |
---|---|
Return type: | iam.InstanceProfile |
Returns: | A InstanceProfile resource |
page_size
(**kwargs)Creates an iterable of all InstanceProfile resources in the collection, but limits the number of items returned by each service call by the specified amount.
Request Syntax
instance_profile_iterator = role.instance_profiles.page_size(
count=123
)
Parameters: | count (integer) -- The number of items returned by each service call |
---|---|
Return type: | iam.InstanceProfile |
Returns: | A InstanceProfile resource |
policies
¶all
()Creates an iterable of all RolePolicy resources in the collection.
Request Syntax
role_policy_iterator = role.policies.all()
Return type: | iam.RolePolicy |
---|---|
Returns: | A RolePolicy resource |
filter
(**kwargs)Creates an iterable of all RolePolicy resources in the collection filtered by kwargs passed to method.
Request Syntax
role_policy_iterator = role.policies.filter(
Marker='string',
MaxItems=123
)
Parameters: |
|
---|---|
Return type: |
|
Returns: | A RolePolicy resource |
limit
(**kwargs)Creates an iterable up to a specified amount of RolePolicy resources in the collection.
Request Syntax
role_policy_iterator = role.policies.limit(
count=123
)
Parameters: | count (integer) -- The limit to the number of resources in the iterable. |
---|---|
Return type: | iam.RolePolicy |
Returns: | A RolePolicy resource |
page_size
(**kwargs)Creates an iterable of all RolePolicy resources in the collection, but limits the number of items returned by each service call by the specified amount.
Request Syntax
role_policy_iterator = role.policies.page_size(
count=123
)
Parameters: | count (integer) -- The number of items returned by each service call |
---|---|
Return type: | iam.RolePolicy |
Returns: | A RolePolicy resource |
IAM.
RolePolicy
(role_name, name)¶A resource representing an AWS Identity and Access Management (IAM) RolePolicy:
import boto3
iam = boto3.resource('iam')
role_policy = iam.RolePolicy('role_name','name')
Parameters: |
|
---|
These are the resource's available identifiers:
These are the resource's available attributes:
These are the resource's available actions:
These are the resource's available sub-resources:
Identifiers
Identifiers are properties of a resource that are set upon instantation of the resource. For more information about identifiers refer to the Resources Introduction Guide.
role_name
¶(string) The RolePolicy's role_name identifier. This must be set.
name
¶(string) The RolePolicy's name identifier. This must be set.
Attributes
Attributes provide access to the properties of a resource. Attributes are lazy-loaded the first time one is accessed via the load()
method.
For more information about attributes refer to the Resources Introduction Guide.
policy_document
¶(string)
The policy document.
policy_name
¶(string)
The name of the policy.
Actions
Actions call operations on resources. They may automatically handle the passing in of arguments set from identifiers and some attributes. For more information about actions refer to the Resources Introduction Guide.
delete
()¶Deletes the specified inline policy that is embedded in the specified role.
A role can also have managed policies attached to it. To detach a managed policy from a role, use DetachRolePolicy . For more information about policies, refer to Managed Policies and Inline Policies in the Using IAM guide.
Request Syntax
response = role_policy.delete()
Returns: | None |
---|
load
()¶Calls iam.Client.get_role_policy()
to update the attributes of the RolePolicy resource
Request Syntax
role_policy.load()
Returns: | None |
---|
put
(**kwargs)¶Adds (or updates) an inline policy document that is embedded in the specified role.
When you embed an inline policy in a role, the inline policy is used as the role's access (permissions) policy. The role's trust policy is created at the same time as the role, using CreateRole . You can update a role's trust policy using UpdateAssumeRolePolicy . For more information about roles, go to Using Roles to Delegate Permissions and Federate Identities .
A role can also have a managed policy attached to it. To attach a managed policy to a role, use AttachRolePolicy . To create a new managed policy, use CreatePolicy . For information about policies, refer to Managed Policies and Inline Policies in the Using IAM guide.
For information about limits on the number of inline policies that you can embed with a role, see Limitations on IAM Entities in the Using IAM guide.
Note
Because policy documents can be large, you should use POST rather than GET when calling PutRolePolicy
. For general information about using the Query API with IAM, go to Making Query Requests in the Using IAM guide.
Request Syntax
response = role_policy.put(
PolicyDocument='string'
)
Parameters: | PolicyDocument (string) -- [REQUIRED] The policy document. |
---|---|
Returns: | None |
reload
()¶Calls iam.Client.get_role_policy()
to update the attributes of the RolePolicy resource
Request Syntax
role_policy.reload()
Returns: | None |
---|
Sub-resources
Sub-resources are methods that create a new instance of a child resource. This resource's identifiers get passed along to the child. For more information about sub-resources refer to the Resources Introduction Guide.
IAM.
SamlProvider
(arn)¶A resource representing an AWS Identity and Access Management (IAM) SamlProvider:
import boto3
iam = boto3.resource('iam')
saml_provider = iam.SamlProvider('arn')
Parameters: | arn (string) -- The SamlProvider's arn identifier. This must be set. |
---|
These are the resource's available identifiers:
These are the resource's available attributes:
These are the resource's available actions:
Identifiers
Identifiers are properties of a resource that are set upon instantation of the resource. For more information about identifiers refer to the Resources Introduction Guide.
arn
¶(string) The SamlProvider's arn identifier. This must be set.
Attributes
Attributes provide access to the properties of a resource. Attributes are lazy-loaded the first time one is accessed via the load()
method.
For more information about attributes refer to the Resources Introduction Guide.
valid_until
¶(datetime)
The expiration date and time for the SAML provider.
create_date
¶(datetime)
The date and time when the SAML provider was created.
saml_metadata_document
¶(string)
The XML metadata document that includes information about an identity provider.
Actions
Actions call operations on resources. They may automatically handle the passing in of arguments set from identifiers and some attributes. For more information about actions refer to the Resources Introduction Guide.
delete
()¶Deletes a SAML provider.
Deleting the provider does not update any roles that reference the SAML provider as a principal in their trust policies. Any attempt to assume a role that references a SAML provider that has been deleted will fail.
Note
This operation requires Signature Version 4 .
Request Syntax
response = saml_provider.delete()
Returns: | None |
---|
load
()¶Calls iam.Client.get_saml_provider()
to update the attributes of the SamlProvider resource
Request Syntax
saml_provider.load()
Returns: | None |
---|
reload
()¶Calls iam.Client.get_saml_provider()
to update the attributes of the SamlProvider resource
Request Syntax
saml_provider.reload()
Returns: | None |
---|
update
(**kwargs)¶Updates the metadata document for an existing SAML provider.
Note
This operation requires Signature Version 4 .
Request Syntax
response = saml_provider.update(
SAMLMetadataDocument='string',
)
Parameters: | SAMLMetadataDocument (string) -- [REQUIRED] An XML document generated by an identity provider (IdP) that supports SAML 2.0. The document includes the issuer's name, expiration information, and keys that can be used to validate the SAML authentication response (assertions) that are received from the IdP. You must generate the metadata document using the identity management software that is used as your organization's IdP. |
---|---|
Return type: | dict |
Returns: | Response Syntax{
'SAMLProviderArn': 'string'
}
Response Structure
|
IAM.
ServerCertificate
(name)¶A resource representing an AWS Identity and Access Management (IAM) ServerCertificate:
import boto3
iam = boto3.resource('iam')
server_certificate = iam.ServerCertificate('name')
Parameters: | name (string) -- The ServerCertificate's name identifier. This must be set. |
---|
These are the resource's available identifiers:
These are the resource's available attributes:
These are the resource's available actions:
Identifiers
Identifiers are properties of a resource that are set upon instantation of the resource. For more information about identifiers refer to the Resources Introduction Guide.
name
¶(string) The ServerCertificate's name identifier. This must be set.
Attributes
Attributes provide access to the properties of a resource. Attributes are lazy-loaded the first time one is accessed via the load()
method.
For more information about attributes refer to the Resources Introduction Guide.
server_certificate_metadata
¶(dict)
The meta information of the server certificate, such as its name, path, ID, and ARN.
certificate_chain
¶(string)
The contents of the public key certificate chain.
certificate_body
¶(string)
The contents of the public key certificate.
Actions
Actions call operations on resources. They may automatically handle the passing in of arguments set from identifiers and some attributes. For more information about actions refer to the Resources Introduction Guide.
delete
()¶Deletes the specified server certificate.
Warning
If you are using a server certificate with Elastic Load Balancing, deleting the certificate could have implications for your application. If Elastic Load Balancing doesn't detect the deletion of bound certificates, it may continue to use the certificates. This could cause Elastic Load Balancing to stop accepting traffic. We recommend that you remove the reference to the certificate from Elastic Load Balancing before using this command to delete the certificate. For more information, go to DeleteLoadBalancerListeners in the Elastic Load Balancing API Reference .
Request Syntax
response = server_certificate.delete()
Returns: | None |
---|
load
()¶Calls iam.Client.get_server_certificate()
to update the attributes of the ServerCertificate resource
Request Syntax
server_certificate.load()
Returns: | None |
---|
reload
()¶Calls iam.Client.get_server_certificate()
to update the attributes of the ServerCertificate resource
Request Syntax
server_certificate.reload()
Returns: | None |
---|
update
(**kwargs)¶Updates the name and/or the path of the specified server certificate.
Warning
You should understand the implications of changing a server certificate's path or name. For more information, see Managing Server Certificates in the Using IAM guide.
Note
To change a server certificate name the requester must have appropriate permissions on both the source object and the target object. For example, to change the name from ProductionCert to ProdCert, the entity making the request must have permission on ProductionCert and ProdCert, or must have permission on all (*). For more information about permissions, see Permissions and Policies .
Request Syntax
server_certificate = server_certificate.update(
NewPath='string',
NewServerCertificateName='string'
)
Parameters: |
|
---|---|
Return type: |
|
Returns: | A ServerCertificate resource |
IAM.
SigningCertificate
(user_name, id)¶A resource representing an AWS Identity and Access Management (IAM) SigningCertificate:
import boto3
iam = boto3.resource('iam')
signing_certificate = iam.SigningCertificate('user_name','id')
Parameters: |
|
---|
These are the resource's available identifiers:
These are the resource's available attributes:
These are the resource's available actions:
These are the resource's available sub-resources:
Identifiers
Identifiers are properties of a resource that are set upon instantation of the resource. For more information about identifiers refer to the Resources Introduction Guide.
user_name
¶(string) The SigningCertificate's user_name identifier. This must be set.
id
¶(string) The SigningCertificate's id identifier. This must be set.
Attributes
Attributes provide access to the properties of a resource. Attributes are lazy-loaded the first time one is accessed via the load()
method.
For more information about attributes refer to the Resources Introduction Guide.
status
¶(string)
The status of the signing certificate. Active
means the key is valid for API calls, while Inactive
means it is not.
certificate_id
¶(string)
The ID for the signing certificate.
certificate_body
¶(string)
The contents of the signing certificate.
upload_date
¶(datetime)
The date when the signing certificate was uploaded.
Actions
Actions call operations on resources. They may automatically handle the passing in of arguments set from identifiers and some attributes. For more information about actions refer to the Resources Introduction Guide.
activate
()¶Changes the status of the specified signing certificate from active to disabled, or vice versa. This action can be used to disable a user's signing certificate as part of a certificate rotation work flow.
If the UserName
field is not specified, the UserName is determined implicitly based on the AWS access key ID used to sign the request. Because this action works for access keys under the AWS account, you can use this action to manage root credentials even if the AWS account has no associated users.
Request Syntax
response = signing_certificate.activate()
Returns: | None |
---|
deactivate
()¶Changes the status of the specified signing certificate from active to disabled, or vice versa. This action can be used to disable a user's signing certificate as part of a certificate rotation work flow.
If the UserName
field is not specified, the UserName is determined implicitly based on the AWS access key ID used to sign the request. Because this action works for access keys under the AWS account, you can use this action to manage root credentials even if the AWS account has no associated users.
Request Syntax
response = signing_certificate.deactivate()
Returns: | None |
---|
delete
()¶Deletes the specified signing certificate associated with the specified user.
If you do not specify a user name, IAM determines the user name implicitly based on the AWS access key ID signing the request. Because this action works for access keys under the AWS account, you can use this action to manage root credentials even if the AWS account has no associated users.
Request Syntax
response = signing_certificate.delete()
Returns: | None |
---|
Sub-resources
Sub-resources are methods that create a new instance of a child resource. This resource's identifiers get passed along to the child. For more information about sub-resources refer to the Resources Introduction Guide.
IAM.
User
(name)¶A resource representing an AWS Identity and Access Management (IAM) User:
import boto3
iam = boto3.resource('iam')
user = iam.User('name')
Parameters: | name (string) -- The User's name identifier. This must be set. |
---|
These are the resource's available identifiers:
These are the resource's available attributes:
These are the resource's available actions:
add_group()
attach_policy()
create()
create_access_key_pair()
create_login_profile()
create_policy()
delete()
detach_policy()
enable_mfa()
load()
reload()
remove_group()
update()
These are the resource's available sub-resources:
These are the resource's available collections:
Identifiers
Identifiers are properties of a resource that are set upon instantation of the resource. For more information about identifiers refer to the Resources Introduction Guide.
name
¶(string) The User's name identifier. This must be set.
Attributes
Attributes provide access to the properties of a resource. Attributes are lazy-loaded the first time one is accessed via the load()
method.
For more information about attributes refer to the Resources Introduction Guide.
create_date
¶(datetime)
The date and time, in ISO 8601 date-time format , when the user was created.
user_id
¶(string)
The stable and unique string identifying the user. For more information about IDs, see IAM Identifiers in the Using IAM guide.
user_name
¶(string)
The friendly name identifying the user.
path
¶(string)
The path to the user. For more information about paths, see IAM Identifiers in the Using IAM guide.
password_last_used
¶(datetime)
The date and time, in ISO 8601 date-time format , when the user's password was last used to sign in to an AWS website. For a list of AWS websites that capture a user's last sign-in time, see the Credential Reports topic in the Using IAM guide. If a password is used more than once in a five-minute span, only the first use is returned in this field. This field is null (not present) when:
This value is returned only in the GetUser and ListUsers actions.
arn
¶(string)
The Amazon Resource Name (ARN) that identifies the user. For more information about ARNs and how to use ARNs in policies, see IAM Identifiers in the Using IAM guide.
Actions
Actions call operations on resources. They may automatically handle the passing in of arguments set from identifiers and some attributes. For more information about actions refer to the Resources Introduction Guide.
add_group
(**kwargs)¶Adds the specified user to the specified group.
Request Syntax
response = user.add_group(
GroupName='string',
)
Parameters: | GroupName (string) -- [REQUIRED] The name of the group to update. |
---|---|
Returns: | None |
attach_policy
(**kwargs)¶Attaches the specified managed policy to the specified user.
You use this API to attach a managed policy to a user. To embed an inline policy in a user, use PutUserPolicy .
For more information about policies, refer to Managed Policies and Inline Policies in the Using IAM guide.
Request Syntax
response = user.attach_policy(
PolicyArn='string'
)
Parameters: | PolicyArn (string) -- [REQUIRED] The Amazon Resource Name (ARN). ARNs are unique identifiers for AWS resources. For more information about ARNs, go to Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference . |
---|---|
Returns: | None |
create
(**kwargs)¶Creates a new user for your AWS account.
For information about limitations on the number of users you can create, see Limitations on IAM Entities in the Using IAM guide.
Request Syntax
user = user.create(
Path='string',
)
Parameters: | Path (string) -- The path for the user name. For more information about paths, see IAM Identifiers in the Using IAM guide. This parameter is optional. If it is not included, it defaults to a slash (/). |
---|---|
Return type: | iam.User |
Returns: | A User resource |
create_access_key_pair
()¶Creates a new AWS secret access key and corresponding AWS access key ID for the specified user. The default status for new keys is Active
.
If you do not specify a user name, IAM determines the user name implicitly based on the AWS access key ID signing the request. Because this action works for access keys under the AWS account, you can use this action to manage root credentials even if the AWS account has no associated users.
For information about limits on the number of keys you can create, see Limitations on IAM Entities in the Using IAM guide.
Warning
To ensure the security of your AWS account, the secret access key is accessible only during key and user creation. You must save the key (for example, in a text file) if you want to be able to access it again. If a secret key is lost, you can delete the access keys for the associated user and then create new keys.
Request Syntax
access_key_pair = user.create_access_key_pair()
Return type: | iam.AccessKeyPair |
---|---|
Returns: | A AccessKeyPair resource |
create_login_profile
(**kwargs)¶Creates a password for the specified user, giving the user the ability to access AWS services through the AWS Management Console. For more information about managing passwords, see Managing Passwords in the Using IAM guide.
Request Syntax
login_profile = user.create_login_profile(
Password='string',
PasswordResetRequired=True|False
)
Parameters: |
|
---|---|
Return type: |
|
Returns: | A LoginProfile resource |
create_policy
(**kwargs)¶Adds (or updates) an inline policy document that is embedded in the specified user.
A user can also have a managed policy attached to it. To attach a managed policy to a user, use AttachUserPolicy . To create a new managed policy, use CreatePolicy . For information about policies, refer to Managed Policies and Inline Policies in the Using IAM guide.
For information about limits on the number of inline policies that you can embed in a user, see Limitations on IAM Entities in the Using IAM guide.
Note
Because policy documents can be large, you should use POST rather than GET when calling PutUserPolicy
. For general information about using the Query API with IAM, go to Making Query Requests in the Using IAM guide.
Request Syntax
user_policy = user.create_policy(
PolicyName='string',
PolicyDocument='string'
)
Parameters: |
|
---|---|
Return type: |
|
Returns: | A UserPolicy resource |
delete
()¶Deletes the specified user. The user must not belong to any groups, have any keys or signing certificates, or have any attached policies.
Request Syntax
response = user.delete()
Returns: | None |
---|
detach_policy
(**kwargs)¶Removes the specified managed policy from the specified user.
A user can also have inline policies embedded with it. To delete an inline policy, use the DeleteUserPolicy API. For information about policies, refer to Managed Policies and Inline Policies in the Using IAM guide.
Request Syntax
response = user.detach_policy(
PolicyArn='string'
)
Parameters: | PolicyArn (string) -- [REQUIRED] The Amazon Resource Name (ARN). ARNs are unique identifiers for AWS resources. For more information about ARNs, go to Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference . |
---|---|
Returns: | None |
enable_mfa
(**kwargs)¶Enables the specified MFA device and associates it with the specified user name. When enabled, the MFA device is required for every subsequent login by the user name associated with the device.
Request Syntax
mfa_device = user.enable_mfa(
SerialNumber='string',
AuthenticationCode1='string',
AuthenticationCode2='string'
)
Parameters: |
|
---|---|
Return type: |
|
Returns: | A MfaDevice resource |
load
()¶Calls iam.Client.get_user()
to update the attributes of the User resource
Request Syntax
user.load()
Returns: | None |
---|
reload
()¶Calls iam.Client.get_user()
to update the attributes of the User resource
Request Syntax
user.reload()
Returns: | None |
---|
remove_group
(**kwargs)¶Removes the specified user from the specified group.
Request Syntax
response = user.remove_group(
GroupName='string',
)
Parameters: | GroupName (string) -- [REQUIRED] The name of the group to update. |
---|---|
Returns: | None |
update
(**kwargs)¶Updates the name and/or the path of the specified user.
Warning
You should understand the implications of changing a user's path or name. For more information, see Renaming Users and Groups in the Using IAM guide.
Note
To change a user name the requester must have appropriate permissions on both the source object and the target object. For example, to change Bob to Robert, the entity making the request must have permission on Bob and Robert, or must have permission on all (*). For more information about permissions, see Permissions and Policies .
Request Syntax
user = user.update(
NewPath='string',
NewUserName='string'
)
Parameters: |
|
---|---|
Return type: |
|
Returns: | A User resource |
Sub-resources
Sub-resources are methods that create a new instance of a child resource. This resource's identifiers get passed along to the child. For more information about sub-resources refer to the Resources Introduction Guide.
AccessKey
(id)¶Creates a AccessKey resource.:
access_key = user.AccessKey('id')
Parameters: | id (string) -- The AccessKey's id identifier. This must be set. |
---|---|
Return type: | IAM.AccessKey |
Returns: | A AccessKey resource |
LoginProfile
()¶Creates a LoginProfile resource.:
login_profile = user.LoginProfile()
Return type: | IAM.LoginProfile |
---|---|
Returns: | A LoginProfile resource |
MfaDevice
(serial_number)¶Creates a MfaDevice resource.:
mfa_device = user.MfaDevice('serial_number')
Parameters: | serial_number (string) -- The MfaDevice's serial_number identifier. This must be set. |
---|---|
Return type: | IAM.MfaDevice |
Returns: | A MfaDevice resource |
Policy
(name)¶Creates a UserPolicy resource.:
user_policy = user.Policy('name')
Parameters: | name (string) -- The Policy's name identifier. This must be set. |
---|---|
Return type: | IAM.UserPolicy |
Returns: | A UserPolicy resource |
SigningCertificate
(id)¶Creates a SigningCertificate resource.:
signing_certificate = user.SigningCertificate('id')
Parameters: | id (string) -- The SigningCertificate's id identifier. This must be set. |
---|---|
Return type: | IAM.SigningCertificate |
Returns: | A SigningCertificate resource |
Collections
Collections provide an interface to iterate over and manipulate groups of resources. For more information about collections refer to the Resources Introduction Guide.
access_keys
¶all
()¶Creates an iterable of all AccessKey resources in the collection.
Request Syntax
access_key_iterator = user.access_keys.all()
Return type: | iam.AccessKey |
---|---|
Returns: | A AccessKey resource |
filter
(**kwargs)¶Creates an iterable of all AccessKey resources in the collection filtered by kwargs passed to method.
Request Syntax
access_key_iterator = user.access_keys.filter(
Marker='string',
MaxItems=123
)
Parameters: |
|
---|---|
Return type: |
|
Returns: | A AccessKey resource |
limit
(**kwargs)¶Creates an iterable up to a specified amount of AccessKey resources in the collection.
Request Syntax
access_key_iterator = user.access_keys.limit(
count=123
)
Parameters: | count (integer) -- The limit to the number of resources in the iterable. |
---|---|
Return type: | iam.AccessKey |
Returns: | A AccessKey resource |
page_size
(**kwargs)¶Creates an iterable of all AccessKey resources in the collection, but limits the number of items returned by each service call by the specified amount.
Request Syntax
access_key_iterator = user.access_keys.page_size(
count=123
)
Parameters: | count (integer) -- The number of items returned by each service call |
---|---|
Return type: | iam.AccessKey |
Returns: | A AccessKey resource |
attached_policies
¶all
()Creates an iterable of all Policy resources in the collection.
Request Syntax
policy_iterator = user.attached_policies.all()
Return type: | iam.Policy |
---|---|
Returns: | A Policy resource |
filter
(**kwargs)Creates an iterable of all Policy resources in the collection filtered by kwargs passed to method.
Request Syntax
policy_iterator = user.attached_policies.filter(
PathPrefix='string',
Marker='string',
MaxItems=123
)
Parameters: |
|
---|---|
Return type: |
|
Returns: | A Policy resource |
limit
(**kwargs)Creates an iterable up to a specified amount of Policy resources in the collection.
Request Syntax
policy_iterator = user.attached_policies.limit(
count=123
)
Parameters: | count (integer) -- The limit to the number of resources in the iterable. |
---|---|
Return type: | iam.Policy |
Returns: | A Policy resource |
page_size
(**kwargs)Creates an iterable of all Policy resources in the collection, but limits the number of items returned by each service call by the specified amount.
Request Syntax
policy_iterator = user.attached_policies.page_size(
count=123
)
Parameters: | count (integer) -- The number of items returned by each service call |
---|---|
Return type: | iam.Policy |
Returns: | A Policy resource |
groups
¶all
()Creates an iterable of all Group resources in the collection.
Request Syntax
group_iterator = user.groups.all()
Return type: | iam.Group |
---|---|
Returns: | A Group resource |
filter
(**kwargs)Creates an iterable of all Group resources in the collection filtered by kwargs passed to method.
Request Syntax
group_iterator = user.groups.filter(
Marker='string',
MaxItems=123
)
Parameters: |
|
---|---|
Return type: |
|
Returns: | A Group resource |
limit
(**kwargs)Creates an iterable up to a specified amount of Group resources in the collection.
Request Syntax
group_iterator = user.groups.limit(
count=123
)
Parameters: | count (integer) -- The limit to the number of resources in the iterable. |
---|---|
Return type: | iam.Group |
Returns: | A Group resource |
page_size
(**kwargs)Creates an iterable of all Group resources in the collection, but limits the number of items returned by each service call by the specified amount.
Request Syntax
group_iterator = user.groups.page_size(
count=123
)
Parameters: | count (integer) -- The number of items returned by each service call |
---|---|
Return type: | iam.Group |
Returns: | A Group resource |
mfa_devices
¶all
()Creates an iterable of all MfaDevice resources in the collection.
Request Syntax
mfa_device_iterator = user.mfa_devices.all()
Return type: | iam.MfaDevice |
---|---|
Returns: | A MfaDevice resource |
filter
(**kwargs)Creates an iterable of all MfaDevice resources in the collection filtered by kwargs passed to method.
Request Syntax
mfa_device_iterator = user.mfa_devices.filter(
Marker='string',
MaxItems=123
)
Parameters: |
|
---|---|
Return type: |
|
Returns: | A MfaDevice resource |
limit
(**kwargs)Creates an iterable up to a specified amount of MfaDevice resources in the collection.
Request Syntax
mfa_device_iterator = user.mfa_devices.limit(
count=123
)
Parameters: | count (integer) -- The limit to the number of resources in the iterable. |
---|---|
Return type: | iam.MfaDevice |
Returns: | A MfaDevice resource |
page_size
(**kwargs)Creates an iterable of all MfaDevice resources in the collection, but limits the number of items returned by each service call by the specified amount.
Request Syntax
mfa_device_iterator = user.mfa_devices.page_size(
count=123
)
Parameters: | count (integer) -- The number of items returned by each service call |
---|---|
Return type: | iam.MfaDevice |
Returns: | A MfaDevice resource |
policies
¶all
()Creates an iterable of all UserPolicy resources in the collection.
Request Syntax
user_policy_iterator = user.policies.all()
Return type: | iam.UserPolicy |
---|---|
Returns: | A UserPolicy resource |
filter
(**kwargs)Creates an iterable of all UserPolicy resources in the collection filtered by kwargs passed to method.
Request Syntax
user_policy_iterator = user.policies.filter(
Marker='string',
MaxItems=123
)
Parameters: |
|
---|---|
Return type: |
|
Returns: | A UserPolicy resource |
limit
(**kwargs)Creates an iterable up to a specified amount of UserPolicy resources in the collection.
Request Syntax
user_policy_iterator = user.policies.limit(
count=123
)
Parameters: | count (integer) -- The limit to the number of resources in the iterable. |
---|---|
Return type: | iam.UserPolicy |
Returns: | A UserPolicy resource |
page_size
(**kwargs)Creates an iterable of all UserPolicy resources in the collection, but limits the number of items returned by each service call by the specified amount.
Request Syntax
user_policy_iterator = user.policies.page_size(
count=123
)
Parameters: | count (integer) -- The number of items returned by each service call |
---|---|
Return type: | iam.UserPolicy |
Returns: | A UserPolicy resource |
signing_certificates
¶all
()Creates an iterable of all SigningCertificate resources in the collection.
Request Syntax
signing_certificate_iterator = user.signing_certificates.all()
Return type: | iam.SigningCertificate |
---|---|
Returns: | A SigningCertificate resource |
filter
(**kwargs)Creates an iterable of all SigningCertificate resources in the collection filtered by kwargs passed to method.
Request Syntax
signing_certificate_iterator = user.signing_certificates.filter(
Marker='string',
MaxItems=123
)
Parameters: |
|
---|---|
Return type: |
|
Returns: | A SigningCertificate resource |
limit
(**kwargs)Creates an iterable up to a specified amount of SigningCertificate resources in the collection.
Request Syntax
signing_certificate_iterator = user.signing_certificates.limit(
count=123
)
Parameters: | count (integer) -- The limit to the number of resources in the iterable. |
---|---|
Return type: | iam.SigningCertificate |
Returns: | A SigningCertificate resource |
page_size
(**kwargs)Creates an iterable of all SigningCertificate resources in the collection, but limits the number of items returned by each service call by the specified amount.
Request Syntax
signing_certificate_iterator = user.signing_certificates.page_size(
count=123
)
Parameters: | count (integer) -- The number of items returned by each service call |
---|---|
Return type: | iam.SigningCertificate |
Returns: | A SigningCertificate resource |
IAM.
UserPolicy
(user_name, name)¶A resource representing an AWS Identity and Access Management (IAM) UserPolicy:
import boto3
iam = boto3.resource('iam')
user_policy = iam.UserPolicy('user_name','name')
Parameters: |
|
---|
These are the resource's available identifiers:
These are the resource's available attributes:
These are the resource's available actions:
These are the resource's available sub-resources:
Identifiers
Identifiers are properties of a resource that are set upon instantation of the resource. For more information about identifiers refer to the Resources Introduction Guide.
user_name
¶(string) The UserPolicy's user_name identifier. This must be set.
name
¶(string) The UserPolicy's name identifier. This must be set.
Attributes
Attributes provide access to the properties of a resource. Attributes are lazy-loaded the first time one is accessed via the load()
method.
For more information about attributes refer to the Resources Introduction Guide.
policy_document
¶(string)
The policy document.
policy_name
¶(string)
The name of the policy.
Actions
Actions call operations on resources. They may automatically handle the passing in of arguments set from identifiers and some attributes. For more information about actions refer to the Resources Introduction Guide.
delete
()¶Deletes the specified inline policy that is embedded in the specified user.
A user can also have managed policies attached to it. To detach a managed policy from a user, use DetachUserPolicy . For more information about policies, refer to Managed Policies and Inline Policies in the Using IAM guide.
Request Syntax
response = user_policy.delete()
Returns: | None |
---|
load
()¶Calls iam.Client.get_user_policy()
to update the attributes of the UserPolicy resource
Request Syntax
user_policy.load()
Returns: | None |
---|
put
(**kwargs)¶Adds (or updates) an inline policy document that is embedded in the specified user.
A user can also have a managed policy attached to it. To attach a managed policy to a user, use AttachUserPolicy . To create a new managed policy, use CreatePolicy . For information about policies, refer to Managed Policies and Inline Policies in the Using IAM guide.
For information about limits on the number of inline policies that you can embed in a user, see Limitations on IAM Entities in the Using IAM guide.
Note
Because policy documents can be large, you should use POST rather than GET when calling PutUserPolicy
. For general information about using the Query API with IAM, go to Making Query Requests in the Using IAM guide.
Request Syntax
response = user_policy.put(
PolicyDocument='string'
)
Parameters: | PolicyDocument (string) -- [REQUIRED] The policy document. |
---|---|
Returns: | None |
reload
()¶Calls iam.Client.get_user_policy()
to update the attributes of the UserPolicy resource
Request Syntax
user_policy.reload()
Returns: | None |
---|
Sub-resources
Sub-resources are methods that create a new instance of a child resource. This resource's identifiers get passed along to the child. For more information about sub-resources refer to the Resources Introduction Guide.
IAM.
VirtualMfaDevice
(serial_number)¶A resource representing an AWS Identity and Access Management (IAM) VirtualMfaDevice:
import boto3
iam = boto3.resource('iam')
virtual_mfa_device = iam.VirtualMfaDevice('serial_number')
Parameters: | serial_number (string) -- The VirtualMfaDevice's serial_number identifier. This must be set. |
---|
These are the resource's available identifiers:
These are the resource's available attributes:
These are the resource's available references:
These are the resource's available actions:
Identifiers
Identifiers are properties of a resource that are set upon instantation of the resource. For more information about identifiers refer to the Resources Introduction Guide.
serial_number
¶(string) The VirtualMfaDevice's serial_number identifier. This must be set.
Attributes
Attributes provide access to the properties of a resource. Attributes are lazy-loaded the first time one is accessed via the load()
method.
For more information about attributes refer to the Resources Introduction Guide.
base_32_string_seed
¶(bytes)
The Base32 seed defined as specified in RFC3548 . The Base32StringSeed
is Base64-encoded.
qr_code_png
¶(bytes)
A QR code PNG image that encodes otpauth://totp/$virtualMFADeviceName@$AccountName?secret=$Base32String
where $virtualMFADeviceName
is one of the create call arguments, AccountName
is the user name if set (otherwise, the account ID otherwise), and Base32String
is the seed in Base32 format. The Base32String
value is Base64-encoded.
user_attribute
¶(dict)
Contains information about an IAM user entity.
This data type is used as a response element in the following actions:
enable_date
¶(datetime)
The date and time on which the virtual MFA device was enabled.
References
References are related resource instances that have a belongs-to relationship. For more information about references refer to the Resources Introduction Guide.
user
¶(User
) The related user if set, otherwise None
.
Actions
Actions call operations on resources. They may automatically handle the passing in of arguments set from identifiers and some attributes. For more information about actions refer to the Resources Introduction Guide.
delete
()¶Deletes a virtual MFA device.
Note
You must deactivate a user's virtual MFA device before you can delete it. For information about deactivating MFA devices, see DeactivateMFADevice .
Request Syntax
response = virtual_mfa_device.delete()
Returns: | None |
---|