ExAws.Iam.Core

AWS Identity and Access Management

AWS Identity and Access Management

AWS Identity and Access Management (IAM) is a web service that you can use to manage users and user permissions under your AWS account. This guide provides descriptions of IAM actions that you can call programmatically. For general information about IAM, see AWS Identity and Access Management (IAM). For the user guide for IAM, see Using IAM.

Note:AWS provides SDKs that consist of libraries and sample code for various programming languages and platforms (Java, Ruby, .NET, iOS, Android, etc.). The SDKs provide a convenient way to create programmatic access to IAM and AWS. For example, the SDKs take care of tasks such as cryptographically signing requests (see below), managing errors, and retrying requests automatically. For information about the AWS SDKs, including how to download and install them, see the Tools for Amazon Web Services page. We recommend that you use the AWS SDKs to make programmatic API calls to IAM. However, you can also use the IAM Query API to make direct calls to the IAM web service. To learn more about the IAM Query API, see Making Query Requests in the Using IAM guide. IAM supports GET and POST requests for all actions. That is, the API does not require you to use GET for some actions and POST for others. However, GET requests are subject to the limitation size of a URL. Therefore, for operations that require larger sizes, use a POST request.

Signing Requests

Requests must be signed using an access key ID and a secret access key. We strongly recommend that you do not use your AWS account access key ID and secret access key for everyday work with IAM. You can use the access key ID and secret access key for an IAM user or you can use the AWS Security Token Service to generate temporary security credentials and use those to sign requests.

To sign requests, we recommend that you use Signature Version 4. If you have an existing application that uses Signature Version 2, you do not have to update it to use Signature Version 4. However, some operations now require Signature Version 4. The documentation for operations that require version 4 indicate this requirement.

Additional Resources

For more information, see the following:

Source

Summary

add_client_id_to_open_id_connect_provider!(client, input)

Same as add_client_id_to_open_id_connect_provider/2 but raise on error

add_client_id_to_open_id_connect_provider(client, input)

AddClientIDToOpenIDConnectProvider

add_role_to_instance_profile!(client, input)

Same as add_role_to_instance_profile/2 but raise on error

add_role_to_instance_profile(client, input)

AddRoleToInstanceProfile

add_user_to_group!(client, input)

Same as add_user_to_group/2 but raise on error

add_user_to_group(client, input)

AddUserToGroup

attach_group_policy!(client, input)

Same as attach_group_policy/2 but raise on error

attach_group_policy(client, input)

AttachGroupPolicy

attach_role_policy!(client, input)

Same as attach_role_policy/2 but raise on error

attach_role_policy(client, input)

AttachRolePolicy

attach_user_policy!(client, input)

Same as attach_user_policy/2 but raise on error

attach_user_policy(client, input)

AttachUserPolicy

change_password!(client, input)

Same as change_password/2 but raise on error

change_password(client, input)

ChangePassword

create_access_key!(client, input)

Same as create_access_key/2 but raise on error

create_access_key(client, input)

CreateAccessKey

create_account_alias!(client, input)

Same as create_account_alias/2 but raise on error

create_account_alias(client, input)

CreateAccountAlias

create_group!(client, input)

Same as create_group/2 but raise on error

create_group(client, input)

CreateGroup

create_instance_profile!(client, input)

Same as create_instance_profile/2 but raise on error

create_instance_profile(client, input)

CreateInstanceProfile

create_login_profile!(client, input)

Same as create_login_profile/2 but raise on error

create_login_profile(client, input)

CreateLoginProfile

create_open_id_connect_provider!(client, input)

Same as create_open_id_connect_provider/2 but raise on error

create_open_id_connect_provider(client, input)

CreateOpenIDConnectProvider

create_policy!(client, input)

Same as create_policy/2 but raise on error

create_policy(client, input)

CreatePolicy

create_policy_version!(client, input)

Same as create_policy_version/2 but raise on error

create_policy_version(client, input)

CreatePolicyVersion

create_role!(client, input)

Same as create_role/2 but raise on error

create_role(client, input)

CreateRole

create_saml_provider!(client, input)

Same as create_saml_provider/2 but raise on error

create_saml_provider(client, input)

CreateSAMLProvider

create_user!(client, input)

Same as create_user/2 but raise on error

create_user(client, input)

CreateUser

create_virtual_mfa_device!(client, input)

Same as create_virtual_mfa_device/2 but raise on error

create_virtual_mfa_device(client, input)

CreateVirtualMFADevice

deactivate_mfa_device!(client, input)

Same as deactivate_mfa_device/2 but raise on error

deactivate_mfa_device(client, input)

DeactivateMFADevice

delete_access_key!(client, input)

Same as delete_access_key/2 but raise on error

delete_access_key(client, input)

DeleteAccessKey

delete_account_alias!(client, input)

Same as delete_account_alias/2 but raise on error

delete_account_alias(client, input)

DeleteAccountAlias

delete_account_password_policy!(client)

Same as delete_account_password_policy/2 but raise on error

delete_account_password_policy(client)

DeleteAccountPasswordPolicy

delete_group!(client, input)

Same as delete_group/2 but raise on error

delete_group(client, input)

DeleteGroup

delete_group_policy!(client, input)

Same as delete_group_policy/2 but raise on error

delete_group_policy(client, input)

DeleteGroupPolicy

delete_instance_profile!(client, input)

Same as delete_instance_profile/2 but raise on error

delete_instance_profile(client, input)

DeleteInstanceProfile

delete_login_profile!(client, input)

Same as delete_login_profile/2 but raise on error

delete_login_profile(client, input)

DeleteLoginProfile

delete_open_id_connect_provider!(client, input)

Same as delete_open_id_connect_provider/2 but raise on error

delete_open_id_connect_provider(client, input)

DeleteOpenIDConnectProvider

delete_policy!(client, input)

Same as delete_policy/2 but raise on error

delete_policy(client, input)

DeletePolicy

delete_policy_version!(client, input)

Same as delete_policy_version/2 but raise on error

delete_policy_version(client, input)

DeletePolicyVersion

delete_role!(client, input)

Same as delete_role/2 but raise on error

delete_role(client, input)

DeleteRole

delete_role_policy!(client, input)

Same as delete_role_policy/2 but raise on error

delete_role_policy(client, input)

DeleteRolePolicy

delete_saml_provider!(client, input)

Same as delete_saml_provider/2 but raise on error

delete_saml_provider(client, input)

DeleteSAMLProvider

delete_server_certificate!(client, input)

Same as delete_server_certificate/2 but raise on error

delete_server_certificate(client, input)

DeleteServerCertificate

delete_signing_certificate!(client, input)

Same as delete_signing_certificate/2 but raise on error

delete_signing_certificate(client, input)

DeleteSigningCertificate

delete_ssh_public_key!(client, input)

Same as delete_ssh_public_key/2 but raise on error

delete_ssh_public_key(client, input)

DeleteSSHPublicKey

delete_user!(client, input)

Same as delete_user/2 but raise on error

delete_user(client, input)

DeleteUser

delete_user_policy!(client, input)

Same as delete_user_policy/2 but raise on error

delete_user_policy(client, input)

DeleteUserPolicy

delete_virtual_mfa_device!(client, input)

Same as delete_virtual_mfa_device/2 but raise on error

delete_virtual_mfa_device(client, input)

DeleteVirtualMFADevice

detach_group_policy!(client, input)

Same as detach_group_policy/2 but raise on error

detach_group_policy(client, input)

DetachGroupPolicy

detach_role_policy!(client, input)

Same as detach_role_policy/2 but raise on error

detach_role_policy(client, input)

DetachRolePolicy

detach_user_policy!(client, input)

Same as detach_user_policy/2 but raise on error

detach_user_policy(client, input)

DetachUserPolicy

enable_mfa_device!(client, input)

Same as enable_mfa_device/2 but raise on error

enable_mfa_device(client, input)

EnableMFADevice

generate_credential_report!(client)

Same as generate_credential_report/2 but raise on error

generate_credential_report(client)

GenerateCredentialReport

get_access_key_last_used!(client, input)

Same as get_access_key_last_used/2 but raise on error

get_access_key_last_used(client, input)

GetAccessKeyLastUsed

get_account_authorization_details!(client, input)

Same as get_account_authorization_details/2 but raise on error

get_account_authorization_details(client, input)

GetAccountAuthorizationDetails

get_account_password_policy!(client)

Same as get_account_password_policy/2 but raise on error

get_account_password_policy(client)

GetAccountPasswordPolicy

get_account_summary!(client)

Same as get_account_summary/2 but raise on error

get_account_summary(client)

GetAccountSummary

get_credential_report!(client)

Same as get_credential_report/2 but raise on error

get_credential_report(client)

GetCredentialReport

get_group!(client, input)

Same as get_group/2 but raise on error

get_group(client, input)

GetGroup

get_group_policy!(client, input)

Same as get_group_policy/2 but raise on error

get_group_policy(client, input)

GetGroupPolicy

get_instance_profile!(client, input)

Same as get_instance_profile/2 but raise on error

get_instance_profile(client, input)

GetInstanceProfile

get_login_profile!(client, input)

Same as get_login_profile/2 but raise on error

get_login_profile(client, input)

GetLoginProfile

get_open_id_connect_provider!(client, input)

Same as get_open_id_connect_provider/2 but raise on error

get_open_id_connect_provider(client, input)

GetOpenIDConnectProvider

get_policy!(client, input)

Same as get_policy/2 but raise on error

get_policy(client, input)

GetPolicy

get_policy_version!(client, input)

Same as get_policy_version/2 but raise on error

get_policy_version(client, input)

GetPolicyVersion

get_role!(client, input)

Same as get_role/2 but raise on error

get_role(client, input)

GetRole

get_role_policy!(client, input)

Same as get_role_policy/2 but raise on error

get_role_policy(client, input)

GetRolePolicy

get_saml_provider!(client, input)

Same as get_saml_provider/2 but raise on error

get_saml_provider(client, input)

GetSAMLProvider

get_server_certificate!(client, input)

Same as get_server_certificate/2 but raise on error

get_server_certificate(client, input)

GetServerCertificate

get_ssh_public_key!(client, input)

Same as get_ssh_public_key/2 but raise on error

get_ssh_public_key(client, input)

GetSSHPublicKey

get_user!(client, input)

Same as get_user/2 but raise on error

get_user(client, input)

GetUser

get_user_policy!(client, input)

Same as get_user_policy/2 but raise on error

get_user_policy(client, input)

GetUserPolicy

list_access_keys!(client, input)

Same as list_access_keys/2 but raise on error

list_access_keys(client, input)

ListAccessKeys

list_account_aliases!(client, input)

Same as list_account_aliases/2 but raise on error

list_account_aliases(client, input)

ListAccountAliases

list_attached_group_policies!(client, input)

Same as list_attached_group_policies/2 but raise on error

list_attached_group_policies(client, input)

ListAttachedGroupPolicies

list_attached_role_policies!(client, input)

Same as list_attached_role_policies/2 but raise on error

list_attached_role_policies(client, input)

ListAttachedRolePolicies

list_attached_user_policies!(client, input)

Same as list_attached_user_policies/2 but raise on error

list_attached_user_policies(client, input)

ListAttachedUserPolicies

list_entities_for_policy!(client, input)

Same as list_entities_for_policy/2 but raise on error

list_entities_for_policy(client, input)

ListEntitiesForPolicy

list_group_policies!(client, input)

Same as list_group_policies/2 but raise on error

list_group_policies(client, input)

ListGroupPolicies

list_groups!(client, input)

Same as list_groups/2 but raise on error

list_groups(client, input)

ListGroups

list_groups_for_user!(client, input)

Same as list_groups_for_user/2 but raise on error

list_groups_for_user(client, input)

ListGroupsForUser

list_instance_profiles!(client, input)

Same as list_instance_profiles/2 but raise on error

list_instance_profiles(client, input)

ListInstanceProfiles

list_instance_profiles_for_role!(client, input)

Same as list_instance_profiles_for_role/2 but raise on error

list_instance_profiles_for_role(client, input)

ListInstanceProfilesForRole

list_mfa_devices!(client, input)

Same as list_mfa_devices/2 but raise on error

list_mfa_devices(client, input)

ListMFADevices

list_open_id_connect_providers!(client, input)

Same as list_open_id_connect_providers/2 but raise on error

list_open_id_connect_providers(client, input)

ListOpenIDConnectProviders

list_policies!(client, input)

Same as list_policies/2 but raise on error

list_policies(client, input)

ListPolicies

list_policy_versions!(client, input)

Same as list_policy_versions/2 but raise on error

list_policy_versions(client, input)

ListPolicyVersions

list_role_policies!(client, input)

Same as list_role_policies/2 but raise on error

list_role_policies(client, input)

ListRolePolicies

list_roles!(client, input)

Same as list_roles/2 but raise on error

list_roles(client, input)

ListRoles

list_saml_providers!(client, input)

Same as list_saml_providers/2 but raise on error

list_saml_providers(client, input)

ListSAMLProviders

list_server_certificates!(client, input)

Same as list_server_certificates/2 but raise on error

list_server_certificates(client, input)

ListServerCertificates

list_signing_certificates!(client, input)

Same as list_signing_certificates/2 but raise on error

list_signing_certificates(client, input)

ListSigningCertificates

list_ssh_public_keys!(client, input)

Same as list_ssh_public_keys/2 but raise on error

list_ssh_public_keys(client, input)

ListSSHPublicKeys

list_user_policies!(client, input)

Same as list_user_policies/2 but raise on error

list_user_policies(client, input)

ListUserPolicies

list_users!(client, input)

Same as list_users/2 but raise on error

list_users(client, input)

ListUsers

list_virtual_mfa_devices!(client, input)

Same as list_virtual_mfa_devices/2 but raise on error

list_virtual_mfa_devices(client, input)

ListVirtualMFADevices

put_group_policy!(client, input)

Same as put_group_policy/2 but raise on error

put_group_policy(client, input)

PutGroupPolicy

put_role_policy!(client, input)

Same as put_role_policy/2 but raise on error

put_role_policy(client, input)

PutRolePolicy

put_user_policy!(client, input)

Same as put_user_policy/2 but raise on error

put_user_policy(client, input)

PutUserPolicy

remove_client_id_from_open_id_connect_provider!(client, input)

Same as remove_client_id_from_open_id_connect_provider/2 but raise on error

remove_client_id_from_open_id_connect_provider(client, input)

RemoveClientIDFromOpenIDConnectProvider

remove_role_from_instance_profile!(client, input)

Same as remove_role_from_instance_profile/2 but raise on error

remove_role_from_instance_profile(client, input)

RemoveRoleFromInstanceProfile

remove_user_from_group!(client, input)

Same as remove_user_from_group/2 but raise on error

remove_user_from_group(client, input)

RemoveUserFromGroup

resync_mfa_device!(client, input)

Same as resync_mfa_device/2 but raise on error

resync_mfa_device(client, input)

ResyncMFADevice

set_default_policy_version!(client, input)

Same as set_default_policy_version/2 but raise on error

set_default_policy_version(client, input)

SetDefaultPolicyVersion

update_access_key!(client, input)

Same as update_access_key/2 but raise on error

update_access_key(client, input)

UpdateAccessKey

update_account_password_policy!(client, input)

Same as update_account_password_policy/2 but raise on error

update_account_password_policy(client, input)

UpdateAccountPasswordPolicy

update_assume_role_policy!(client, input)

Same as update_assume_role_policy/2 but raise on error

update_assume_role_policy(client, input)

UpdateAssumeRolePolicy

update_group!(client, input)

Same as update_group/2 but raise on error

update_group(client, input)

UpdateGroup

update_login_profile!(client, input)

Same as update_login_profile/2 but raise on error

update_login_profile(client, input)

UpdateLoginProfile

update_open_id_connect_provider_thumbprint!(client, input)

Same as update_open_id_connect_provider_thumbprint/2 but raise on error

update_open_id_connect_provider_thumbprint(client, input)

UpdateOpenIDConnectProviderThumbprint

update_saml_provider!(client, input)

Same as update_saml_provider/2 but raise on error

update_saml_provider(client, input)

UpdateSAMLProvider

update_server_certificate!(client, input)

Same as update_server_certificate/2 but raise on error

update_server_certificate(client, input)

UpdateServerCertificate

update_signing_certificate!(client, input)

Same as update_signing_certificate/2 but raise on error

update_signing_certificate(client, input)

UpdateSigningCertificate

update_ssh_public_key!(client, input)

Same as update_ssh_public_key/2 but raise on error

update_ssh_public_key(client, input)

UpdateSSHPublicKey

update_user!(client, input)

Same as update_user/2 but raise on error

update_user(client, input)

UpdateUser

upload_server_certificate!(client, input)

Same as upload_server_certificate/2 but raise on error

upload_server_certificate(client, input)

UploadServerCertificate

upload_signing_certificate!(client, input)

Same as upload_signing_certificate/2 but raise on error

upload_signing_certificate(client, input)

UploadSigningCertificate

upload_ssh_public_key!(client, input)

Same as upload_ssh_public_key/2 but raise on error

upload_ssh_public_key(client, input)

UploadSSHPublicKey

Types

access_key_metadata :: [access_key_id: access_key_id_type, create_date: date_type, status: status_type, user_name: user_name_type]

delete_open_id_connect_provider_request :: [{:open_id_connect_provider_arn, arn_type}]

client_id_type :: binary

max_items_type :: integer

update_ssh_public_key_request :: [ssh_public_key_id: public_key_id_type, status: status_type, user_name: user_name_type]

boolean_object_type :: boolean

update_server_certificate_request :: [new_path: path_type, new_server_certificate_name: server_certificate_name_type, server_certificate_name: server_certificate_name_type]

path_prefix_type :: binary

create_saml_provider_response :: [{:saml_provider_arn, arn_type}]

create_policy_response :: [{:policy, policy}]

access_key_id_type :: binary

get_credential_report_response :: [content: report_content_type, generated_time: date_type, report_format: report_format_type]

create_user_response :: [{:user, user}]

update_group_request :: [group_name: group_name_type, new_group_name: group_name_type, new_path: path_type]

thumbprint_type :: binary

path_type :: binary

arn_type :: binary

list_policy_versions_request :: [marker: marker_type, max_items: max_items_type, policy_arn: arn_type]

password_type :: binary

get_role_request :: [{:role_name, role_name_type}]

private_key_type :: binary

attach_group_policy_request :: [group_name: group_name_type, policy_arn: arn_type]

update_login_profile_request :: [password: password_type, password_reset_required: boolean_object_type, user_name: user_name_type]

role :: [arn: arn_type, assume_role_policy_document: policy_document_type, create_date: date_type, path: path_type, role_id: id_type, role_name: role_name_type]

list_policies_request :: [marker: marker_type, max_items: max_items_type, only_attached: boolean_type, path_prefix: policy_path_type, scope: policy_scope_type]

create_role_response :: [{:role, role}]

user :: [arn: arn_type, create_date: date_type, password_last_used: date_type, path: path_type, user_id: id_type, user_name: user_name_type]

ssh_public_key_metadata :: [ssh_public_key_id: public_key_id_type, status: status_type, upload_date: date_type, user_name: user_name_type]

serial_number_type :: binary

update_open_id_connect_provider_thumbprint_request :: [open_id_connect_provider_arn: arn_type, thumbprint_list: thumbprint_list_type]

put_group_policy_request :: [group_name: group_name_type, policy_document: policy_document_type, policy_name: policy_name_type]

remove_client_id_from_open_id_connect_provider_request :: [client_id: client_id_type, open_id_connect_provider_arn: arn_type]

create_role_request :: [assume_role_policy_document: policy_document_type, path: path_type, role_name: role_name_type]

group_name_type :: binary

user_detail :: [arn: arn_type, attached_managed_policies: attached_policies_list_type, create_date: date_type, group_list: group_name_list_type, path: path_type, user_id: id_type, user_name: user_name_type, user_policy_list: policy_detail_list_type]

policy_scope_type :: binary

get_role_policy_response :: [policy_document: policy_document_type, policy_name: policy_name_type, role_name: role_name_type]

list_group_policies_response :: [is_truncated: boolean_type, marker: marker_type, policy_names: policy_name_list_type]

policy_group :: [{:group_name, group_name_type}]

get_saml_provider_request :: [{:saml_provider_arn, arn_type}]

server_certificate_metadata :: [arn: arn_type, expiration: date_type, path: path_type, server_certificate_id: id_type, server_certificate_name: server_certificate_name_type, upload_date: date_type]

get_open_id_connect_provider_request :: [{:open_id_connect_provider_arn, arn_type}]

get_group_policy_response :: [group_name: group_name_type, policy_document: policy_document_type, policy_name: policy_name_type]

status_type :: binary

create_open_id_connect_provider_response :: [{:open_id_connect_provider_arn, arn_type}]

ssh_public_key :: [fingerprint: public_key_fingerprint_type, ssh_public_key_body: public_key_material_type, ssh_public_key_id: public_key_id_type, status: status_type, upload_date: date_type, user_name: user_name_type]

list_groups_response :: [groups: group_list_type, is_truncated: boolean_type, marker: marker_type]

create_policy_version_request :: [policy_arn: arn_type, policy_document: policy_document_type, set_as_default: boolean_type]

report_state_type :: binary

list_server_certificates_response :: [is_truncated: boolean_type, marker: marker_type, server_certificate_metadata_list: server_certificate_metadata_list_type]

policy_version :: [create_date: date_type, document: policy_document_type, is_default_version: boolean_type, version_id: policy_version_id_type]

login_profile :: [create_date: date_type, password_reset_required: boolean_type, user_name: user_name_type]

summary_value_type :: integer

virtual_mfa_device :: [base32_string_seed: bootstrap_datum, enable_date: date_type, qr_code_png: bootstrap_datum, serial_number: serial_number_type, user: user]

get_saml_provider_response :: [create_date: date_type, saml_metadata_document: saml_metadata_document_type, valid_until: date_type]

date_type :: integer

list_role_policies_response :: [is_truncated: boolean_type, marker: marker_type, policy_names: policy_name_list_type]

get_group_request :: [group_name: group_name_type, marker: marker_type, max_items: max_items_type]

add_client_id_to_open_id_connect_provider_request :: [client_id: client_id_type, open_id_connect_provider_arn: arn_type]

get_ssh_public_key_request :: [encoding: encoding_type, ssh_public_key_id: public_key_id_type, user_name: user_name_type]

summary_key_type :: binary

get_user_response :: [{:user, user}]

policy_detail :: [policy_document: policy_document_type, policy_name: policy_name_type]

list_roles_response :: [is_truncated: boolean_type, marker: marker_type, roles: role_list_type]

managed_policy_detail :: [arn: arn_type, attachment_count: attachment_count_type, create_date: date_type, default_version_id: policy_version_id_type, description: policy_description_type, is_attachable: boolean_type, path: policy_path_type, policy_id: id_type, policy_name: policy_name_type, policy_version_list: policy_document_version_list_type, update_date: date_type]

role_detail :: [arn: arn_type, assume_role_policy_document: policy_document_type, attached_managed_policies: attached_policies_list_type, create_date: date_type, instance_profile_list: instance_profile_list_type, path: path_type, role_id: id_type, role_name: role_name_type, role_policy_list: policy_detail_list_type]

password_policy :: [allow_users_to_change_password: boolean_type, expire_passwords: boolean_type, hard_expiry: boolean_object_type, max_password_age: max_password_age_type, minimum_password_length: minimum_password_length_type, password_reuse_prevention: password_reuse_prevention_type, require_lowercase_characters: boolean_type, require_numbers: boolean_type, require_symbols: boolean_type, require_uppercase_characters: boolean_type]

list_entities_for_policy_response :: [is_truncated: boolean_type, marker: marker_type, policy_groups: policy_group_list_type, policy_roles: policy_role_list_type, policy_users: policy_user_list_type]

resync_mfa_device_request :: [authentication_code1: authentication_code_type, authentication_code2: authentication_code_type, serial_number: serial_number_type, user_name: existing_user_name_type]

get_group_response :: [group: group, is_truncated: boolean_type, marker: marker_type, users: user_list_type]

instance_profile :: [arn: arn_type, create_date: date_type, instance_profile_id: id_type, instance_profile_name: instance_profile_name_type, path: path_type, roles: role_list_type]

detach_user_policy_request :: [policy_arn: arn_type, user_name: user_name_type]

list_policies_response :: [is_truncated: boolean_type, marker: marker_type, policies: policy_list_type]

delete_saml_provider_request :: [{:saml_provider_arn, arn_type}]

list_ssh_public_keys_response :: [is_truncated: boolean_type, marker: marker_type, ssh_public_keys: ssh_public_key_list_type]

policy :: [arn: arn_type, attachment_count: attachment_count_type, create_date: date_type, default_version_id: policy_version_id_type, description: policy_description_type, is_attachable: boolean_type, path: policy_path_type, policy_id: id_type, policy_name: policy_name_type, update_date: date_type]

detach_group_policy_request :: [group_name: group_name_type, policy_arn: arn_type]

access_key :: [access_key_id: access_key_id_type, create_date: date_type, secret_access_key: access_key_secret_type, status: status_type, user_name: user_name_type]

attach_user_policy_request :: [policy_arn: arn_type, user_name: user_name_type]

get_policy_response :: [{:policy, policy}]

update_account_password_policy_request :: [allow_users_to_change_password: boolean_type, hard_expiry: boolean_object_type, max_password_age: max_password_age_type, minimum_password_length: minimum_password_length_type, password_reuse_prevention: password_reuse_prevention_type, require_lowercase_characters: boolean_type, require_numbers: boolean_type, require_symbols: boolean_type, require_uppercase_characters: boolean_type]

change_password_request :: [new_password: password_type, old_password: password_type]

list_users_response :: [is_truncated: boolean_type, marker: marker_type, users: user_list_type]

delete_role_request :: [{:role_name, role_name_type}]

detach_role_policy_request :: [policy_arn: arn_type, role_name: role_name_type]

entity_type :: binary

enable_mfa_device_request :: [authentication_code1: authentication_code_type, authentication_code2: authentication_code_type, serial_number: serial_number_type, user_name: existing_user_name_type]

delete_policy_request :: [{:policy_arn, arn_type}]

signing_certificate :: [certificate_body: certificate_body_type, certificate_id: certificate_id_type, status: status_type, upload_date: date_type, user_name: user_name_type]

list_user_policies_response :: [is_truncated: boolean_type, marker: marker_type, policy_names: policy_name_list_type]

bootstrap_datum :: binary

list_roles_request :: [marker: marker_type, max_items: max_items_type, path_prefix: path_prefix_type]

create_login_profile_request :: [password: password_type, password_reset_required: boolean_type, user_name: user_name_type]

list_groups_request :: [marker: marker_type, max_items: max_items_type, path_prefix: path_prefix_type]

list_users_request :: [marker: marker_type, max_items: max_items_type, path_prefix: path_prefix_type]

update_saml_provider_response :: [{:saml_provider_arn, arn_type}]

report_format_type :: binary

string_type :: binary

policy_user :: [{:user_name, user_name_type}]

list_account_aliases_response :: [account_aliases: account_alias_list_type, is_truncated: boolean_type, marker: marker_type]

attach_role_policy_request :: [policy_arn: arn_type, role_name: role_name_type]

get_policy_request :: [{:policy_arn, arn_type}]

public_key_id_type :: binary

get_login_profile_response :: [{:login_profile, login_profile}]

list_access_keys_response :: [access_key_metadata: access_key_metadata_list_type, is_truncated: boolean_type, marker: marker_type]

attached_policy :: [policy_arn: arn_type, policy_name: policy_name_type]

marker_type :: binary

get_role_response :: [{:role, role}]

put_role_policy_request :: [policy_document: policy_document_type, policy_name: policy_name_type, role_name: role_name_type]

update_saml_provider_request :: [saml_metadata_document: saml_metadata_document_type, saml_provider_arn: arn_type]

update_user_request :: [new_path: path_type, new_user_name: user_name_type, user_name: existing_user_name_type]

upload_server_certificate_request :: [certificate_body: certificate_body_type, certificate_chain: certificate_chain_type, path: path_type, private_key: private_key_type, server_certificate_name: server_certificate_name_type]

policy_role :: [{:role_name, role_name_type}]

account_alias_type :: binary

list_entities_for_policy_request :: [entity_filter: entity_type, marker: marker_type, max_items: max_items_type, path_prefix: path_type, policy_arn: arn_type]

create_group_response :: [{:group, group}]

list_mfa_devices_response :: [is_truncated: boolean_type, mfa_devices: mfa_device_list_type, marker: marker_type]

boolean_type :: boolean

role_name_type :: binary

access_key_last_used :: [last_used_date: date_type, region: string_type, service_name: string_type]

id_type :: binary

saml_provider_list_entry :: [arn: arn_type, create_date: date_type, valid_until: date_type]

policy_path_type :: binary

policy_name_type :: binary

server_certificate :: [certificate_body: certificate_body_type, certificate_chain: certificate_chain_type, server_certificate_metadata: server_certificate_metadata]

encoding_type :: binary

group :: [arn: arn_type, create_date: date_type, group_id: id_type, group_name: group_name_type, path: path_type]

user_name_type :: binary

group_detail :: [arn: arn_type, attached_managed_policies: attached_policies_list_type, create_date: date_type, group_id: id_type, group_name: group_name_type, group_policy_list: policy_detail_list_type, path: path_type]

mfa_device :: [enable_date: date_type, serial_number: serial_number_type, user_name: user_name_type]

Functions

add_client_id_to_open_id_connect_provider(client, input)

Specs:

AddClientIDToOpenIDConnectProvider

Adds a new client ID (also known as audience) to the list of client IDs already registered for the specified IAM OpenID Connect provider.

This action is idempotent; it does not fail or return an error if you add an existing client ID to the provider.

Source
add_client_id_to_open_id_connect_provider!(client, input)

Specs:

Same as add_client_id_to_open_id_connect_provider/2 but raise on error.

Source
add_role_to_instance_profile(client, input)

Specs:

AddRoleToInstanceProfile

Adds the specified role to the specified instance profile. For more information about roles, go to Working with Roles. For more information about instance profiles, go to About Instance Profiles.

Source
add_role_to_instance_profile!(client, input)

Specs:

Same as add_role_to_instance_profile/2 but raise on error.

Source
add_user_to_group(client, input)

Specs:

AddUserToGroup

Adds the specified user to the specified group.

Source
add_user_to_group!(client, input)

Specs:

Same as add_user_to_group/2 but raise on error.

Source
attach_group_policy(client, input)

Specs:

AttachGroupPolicy

Attaches the specified managed policy to the specified group.

You use this API to attach a managed policy to a group. To embed an inline policy in a group, use PutGroupPolicy.

For more information about policies, refer to Managed Policies and Inline Policies in the Using IAM guide.

Source
attach_group_policy!(client, input)

Specs:

Same as attach_group_policy/2 but raise on error.

Source
attach_role_policy(client, input)

Specs:

AttachRolePolicy

Attaches the specified managed policy to the specified role.

When you attach a managed policy to a role, the managed policy is used as the role’s access (permissions) policy. You cannot use a managed policy as the role’s trust policy. The role’s trust policy is created at the same time as the role, using CreateRole. You can update a role’s trust policy using UpdateAssumeRolePolicy.

Use this API to attach a managed policy to a role. To embed an inline policy in a role, use PutRolePolicy. For more information about policies, refer to Managed Policies and Inline Policies in the Using IAM guide.

Source
attach_role_policy!(client, input)

Specs:

Same as attach_role_policy/2 but raise on error.

Source
attach_user_policy(client, input)

Specs:

AttachUserPolicy

Attaches the specified managed policy to the specified user.

You use this API to attach a managed policy to a user. To embed an inline policy in a user, use PutUserPolicy.

For more information about policies, refer to Managed Policies and Inline Policies in the Using IAM guide.

Source
attach_user_policy!(client, input)

Specs:

Same as attach_user_policy/2 but raise on error.

Source
change_password(client, input)

Specs:

ChangePassword

Changes the password of the IAM user who is calling this action. The root account password is not affected by this action.

To change the password for a different user, see UpdateLoginProfile. For more information about modifying passwords, see Managing Passwords in the Using IAM guide.

Source
change_password!(client, input)

Specs:

  • change_password!(client :: ExAws.Iam.t, input :: change_password_request) :: ExAws.Request.Query.success_t | no_return

Same as change_password/2 but raise on error.

Source
create_access_key(client, input)

Specs:

CreateAccessKey

Creates a new AWS secret access key and corresponding AWS access key ID for the specified user. The default status for new keys is Active.

If you do not specify a user name, IAM determines the user name implicitly based on the AWS access key ID signing the request. Because this action works for access keys under the AWS account, you can use this action to manage root credentials even if the AWS account has no associated users.

For information about limits on the number of keys you can create, see Limitations on IAM Entities in the Using IAM guide.

To ensure the security of your AWS account, the secret access key is accessible only during key and user creation. You must save the key (for example, in a text file) if you want to be able to access it again. If a secret key is lost, you can delete the access keys for the associated user and then create new keys.

Source
create_access_key!(client, input)

Specs:

Same as create_access_key/2 but raise on error.

Source
create_account_alias(client, input)

Specs:

CreateAccountAlias

Creates an alias for your AWS account. For information about using an AWS account alias, see Using an Alias for Your AWS Account ID in the Using IAM guide.

Source
create_account_alias!(client, input)

Specs:

Same as create_account_alias/2 but raise on error.

Source
create_group(client, input)

Specs:

  • create_group(client :: ExAws.Iam.t, input :: create_group_request) :: ExAws.Request.Query.response_t

CreateGroup

Creates a new group.

For information about the number of groups you can create, see Limitations on IAM Entities in the Using IAM guide.

Source
create_group!(client, input)

Specs:

  • create_group!(client :: ExAws.Iam.t, input :: create_group_request) :: ExAws.Request.Query.success_t | no_return

Same as create_group/2 but raise on error.

Source
create_instance_profile(client, input)

Specs:

CreateInstanceProfile

Creates a new instance profile. For information about instance profiles, go to About Instance Profiles.

For information about the number of instance profiles you can create, see Limitations on IAM Entities in the Using IAM guide.

Source
create_instance_profile!(client, input)

Specs:

Same as create_instance_profile/2 but raise on error.

Source
create_login_profile(client, input)

Specs:

CreateLoginProfile

Creates a password for the specified user, giving the user the ability to access AWS services through the AWS Management Console. For more information about managing passwords, see Managing Passwords in the Using IAM guide.

Source
create_login_profile!(client, input)

Specs:

Same as create_login_profile/2 but raise on error.

Source
create_open_id_connect_provider(client, input)

Specs:

CreateOpenIDConnectProvider

Creates an IAM entity to describe an identity provider (IdP) that supports OpenID Connect (OIDC).

The OIDC provider that you create with this operation can be used as a principal in a role’s trust policy to establish a trust relationship between AWS and the OIDC provider.

When you create the IAM OIDC provider, you specify the URL of the OIDC identity provider (IdP) to trust, a list of client IDs (also known as audiences) that identify the application or applications that are allowed to authenticate using the OIDC provider, and a list of thumbprints of the server certificate(s) that the IdP uses. You get all of this information from the OIDC IdP that you want to use for access to AWS.

Note:Because trust for the OIDC provider is ultimately derived from the IAM provider that this action creates, it is a best practice to limit access to the CreateOpenIDConnectProvider action to highly-privileged users.

Source
create_open_id_connect_provider!(client, input)

Specs:

Same as create_open_id_connect_provider/2 but raise on error.

Source
create_policy(client, input)

Specs:

CreatePolicy

Creates a new managed policy for your AWS account.

This operation creates a policy version with a version identifier of v1 and sets v1 as the policy’s default version. For more information about policy versions, see Versioning for Managed Policies in the Using IAM guide.

For more information about managed policies in general, refer to Managed Policies and Inline Policies in the Using IAM guide.

Source
create_policy!(client, input)

Specs:

  • create_policy!(client :: ExAws.Iam.t, input :: create_policy_request) :: ExAws.Request.Query.success_t | no_return

Same as create_policy/2 but raise on error.

Source
create_policy_version(client, input)

Specs:

CreatePolicyVersion

Creates a new version of the specified managed policy. To update a managed policy, you create a new policy version. A managed policy can have up to five versions. If the policy has five versions, you must delete an existing version using DeletePolicyVersion before you create a new version.

Optionally, you can set the new version as the policy’s default version. The default version is the operative version; that is, the version that is in effect for the IAM users, groups, and roles that the policy is attached to.

For more information about managed policy versions, see Versioning for Managed Policies in the Using IAM guide.

Source
create_policy_version!(client, input)

Specs:

Same as create_policy_version/2 but raise on error.

Source
create_role(client, input)

Specs:

  • create_role(client :: ExAws.Iam.t, input :: create_role_request) :: ExAws.Request.Query.response_t

CreateRole

Creates a new role for your AWS account. For more information about roles, go to Working with Roles. For information about limitations on role names and the number of roles you can create, go to Limitations on IAM Entities in the Using IAM guide.

The policy in the following example grants permission to an EC2 instance to assume the role.

Source
create_role!(client, input)

Specs:

  • create_role!(client :: ExAws.Iam.t, input :: create_role_request) :: ExAws.Request.Query.success_t | no_return

Same as create_role/2 but raise on error.

Source
create_saml_provider(client, input)

Specs:

CreateSAMLProvider

Creates an IAM entity to describe an identity provider (IdP) that supports SAML 2.0.

The SAML provider that you create with this operation can be used as a principal in a role’s trust policy to establish a trust relationship between AWS and a SAML identity provider. You can create an IAM role that supports Web-based single sign-on (SSO) to the AWS Management Console or one that supports API access to AWS.

When you create the SAML provider, you upload an a SAML metadata document that you get from your IdP and that includes the issuer’s name, expiration information, and keys that can be used to validate the SAML authentication response (assertions) that are received from the IdP. You must generate the metadata document using the identity management software that is used as your organization’s IdP.

Note: This operation requires Signature Version 4. For more information, see Giving Console Access Using SAML and Creating Temporary Security Credentials for SAML Federation in the Using Temporary Credentials guide.

Source
create_saml_provider!(client, input)

Specs:

Same as create_saml_provider/2 but raise on error.

Source
create_user(client, input)

Specs:

  • create_user(client :: ExAws.Iam.t, input :: create_user_request) :: ExAws.Request.Query.response_t

CreateUser

Creates a new user for your AWS account.

For information about limitations on the number of users you can create, see Limitations on IAM Entities in the Using IAM guide.

Source
create_user!(client, input)

Specs:

  • create_user!(client :: ExAws.Iam.t, input :: create_user_request) :: ExAws.Request.Query.success_t | no_return

Same as create_user/2 but raise on error.

Source
create_virtual_mfa_device(client, input)

Specs:

CreateVirtualMFADevice

Creates a new virtual MFA device for the AWS account. After creating the virtual MFA, use EnableMFADevice to attach the MFA device to an IAM user. For more information about creating and working with virtual MFA devices, go to Using a Virtual MFA Device in the Using IAM guide.

For information about limits on the number of MFA devices you can create, see Limitations on Entities in the Using IAM guide.

The seed information contained in the QR code and the Base32 string should be treated like any other secret access information, such as your AWS access keys or your passwords. After you provision your virtual device, you should ensure that the information is destroyed following secure procedures.

Source
create_virtual_mfa_device!(client, input)

Specs:

Same as create_virtual_mfa_device/2 but raise on error.

Source
deactivate_mfa_device(client, input)

Specs:

DeactivateMFADevice

Deactivates the specified MFA device and removes it from association with the user name for which it was originally enabled.

For more information about creating and working with virtual MFA devices, go to Using a Virtual MFA Device in the Using IAM guide.

Source
deactivate_mfa_device!(client, input)

Specs:

Same as deactivate_mfa_device/2 but raise on error.

Source
delete_access_key(client, input)

Specs:

DeleteAccessKey

Deletes the access key associated with the specified user.

If you do not specify a user name, IAM determines the user name implicitly based on the AWS access key ID signing the request. Because this action works for access keys under the AWS account, you can use this action to manage root credentials even if the AWS account has no associated users.

Source
delete_access_key!(client, input)

Specs:

Same as delete_access_key/2 but raise on error.

Source
delete_account_alias(client, input)

Specs:

DeleteAccountAlias

Deletes the specified AWS account alias. For information about using an AWS account alias, see Using an Alias for Your AWS Account ID in the Using IAM guide.

Source
delete_account_alias!(client, input)

Specs:

Same as delete_account_alias/2 but raise on error.

Source
delete_account_password_policy(client)

Specs:

  • delete_account_password_policy(client :: ExAws.Iam.t) :: ExAws.Request.Query.response_t

DeleteAccountPasswordPolicy

Deletes the password policy for the AWS account.

Source
delete_account_password_policy!(client)

Specs:

  • delete_account_password_policy!(client :: ExAws.Iam.t) :: ExAws.Request.Query.success_t | no_return

Same as delete_account_password_policy/2 but raise on error.

Source
delete_group(client, input)

Specs:

  • delete_group(client :: ExAws.Iam.t, input :: delete_group_request) :: ExAws.Request.Query.response_t

DeleteGroup

Deletes the specified group. The group must not contain any users or have any attached policies.

Source
delete_group!(client, input)

Specs:

  • delete_group!(client :: ExAws.Iam.t, input :: delete_group_request) :: ExAws.Request.Query.success_t | no_return

Same as delete_group/2 but raise on error.

Source
delete_group_policy(client, input)

Specs:

DeleteGroupPolicy

Deletes the specified inline policy that is embedded in the specified group.

A group can also have managed policies attached to it. To detach a managed policy from a group, use DetachGroupPolicy. For more information about policies, refer to Managed Policies and Inline Policies in the Using IAM guide.

Source
delete_group_policy!(client, input)

Specs:

Same as delete_group_policy/2 but raise on error.

Source
delete_instance_profile(client, input)

Specs:

DeleteInstanceProfile

Deletes the specified instance profile. The instance profile must not have an associated role.

Make sure you do not have any Amazon EC2 instances running with the instance profile you are about to delete. Deleting a role or instance profile that is associated with a running instance will break any applications running on the instance. For more information about instance profiles, go to About Instance Profiles.

Source
delete_instance_profile!(client, input)

Specs:

Same as delete_instance_profile/2 but raise on error.

Source
delete_login_profile(client, input)

Specs:

DeleteLoginProfile

Deletes the password for the specified user, which terminates the user’s ability to access AWS services through the AWS Management Console.

Deleting a user’s password does not prevent a user from accessing IAM through the command line interface or the API. To prevent all user access you must also either make the access key inactive or delete it. For more information about making keys inactive or deleting them, see UpdateAccessKey and DeleteAccessKey.

Source
delete_login_profile!(client, input)

Specs:

Same as delete_login_profile/2 but raise on error.

Source
delete_open_id_connect_provider(client, input)

Specs:

DeleteOpenIDConnectProvider

Deletes an IAM OpenID Connect identity provider.

Deleting an OIDC provider does not update any roles that reference the provider as a principal in their trust policies. Any attempt to assume a role that references a provider that has been deleted will fail.

This action is idempotent; it does not fail or return an error if you call the action for a provider that was already deleted.

Source
delete_open_id_connect_provider!(client, input)

Specs:

Same as delete_open_id_connect_provider/2 but raise on error.

Source
delete_policy(client, input)

Specs:

DeletePolicy

Deletes the specified managed policy.

Before you can delete a managed policy, you must detach the policy from all users, groups, and roles that it is attached to, and you must delete all of the policy’s versions. The following steps describe the process for deleting a managed policy:

  • Detach the policy from all users, groups, and roles that the policy is attached to, using the DetachUserPolicy, DetachGroupPolicy, or DetachRolePolicy APIs. To list all the users, groups, and roles that a policy is attached to, use ListEntitiesForPolicy.

  • Delete all versions of the policy using DeletePolicyVersion. To list the policy’s versions, use ListPolicyVersions. You cannot use DeletePolicyVersion to delete the version that is marked as the default version. You delete the policy’s default version in the next step of the process.

  • Delete the policy (this automatically deletes the policy’s default version) using this API.

For information about managed policies, refer to Managed Policies and Inline Policies in the Using IAM guide.

Source
delete_policy!(client, input)

Specs:

  • delete_policy!(client :: ExAws.Iam.t, input :: delete_policy_request) :: ExAws.Request.Query.success_t | no_return

Same as delete_policy/2 but raise on error.

Source
delete_policy_version(client, input)

Specs:

DeletePolicyVersion

Deletes the specified version of the specified managed policy.

You cannot delete the default version of a policy using this API. To delete the default version of a policy, use DeletePolicy. To find out which version of a policy is marked as the default version, use ListPolicyVersions.

For information about versions for managed policies, refer to Versioning for Managed Policies in the Using IAM guide.

Source
delete_policy_version!(client, input)

Specs:

Same as delete_policy_version/2 but raise on error.

Source
delete_role(client, input)

Specs:

  • delete_role(client :: ExAws.Iam.t, input :: delete_role_request) :: ExAws.Request.Query.response_t

DeleteRole

Deletes the specified role. The role must not have any policies attached. For more information about roles, go to Working with Roles.

Make sure you do not have any Amazon EC2 instances running with the role you are about to delete. Deleting a role or instance profile that is associated with a running instance will break any applications running on the instance.

Source
delete_role!(client, input)

Specs:

  • delete_role!(client :: ExAws.Iam.t, input :: delete_role_request) :: ExAws.Request.Query.success_t | no_return

Same as delete_role/2 but raise on error.

Source
delete_role_policy(client, input)

Specs:

DeleteRolePolicy

Deletes the specified inline policy that is embedded in the specified role.

A role can also have managed policies attached to it. To detach a managed policy from a role, use DetachRolePolicy. For more information about policies, refer to Managed Policies and Inline Policies in the Using IAM guide.

Source
delete_role_policy!(client, input)

Specs:

Same as delete_role_policy/2 but raise on error.

Source
delete_saml_provider(client, input)

Specs:

DeleteSAMLProvider

Deletes a SAML provider.

Deleting the provider does not update any roles that reference the SAML provider as a principal in their trust policies. Any attempt to assume a role that references a SAML provider that has been deleted will fail.

Note: This operation requires Signature Version 4.

Source
delete_saml_provider!(client, input)

Specs:

Same as delete_saml_provider/2 but raise on error.

Source
delete_server_certificate(client, input)

Specs:

DeleteServerCertificate

Deletes the specified server certificate.

If you are using a server certificate with Elastic Load Balancing, deleting the certificate could have implications for your application. If Elastic Load Balancing doesn’t detect the deletion of bound certificates, it may continue to use the certificates. This could cause Elastic Load Balancing to stop accepting traffic. We recommend that you remove the reference to the certificate from Elastic Load Balancing before using this command to delete the certificate. For more information, go to DeleteLoadBalancerListeners in the Elastic Load Balancing API Reference.

Source
delete_server_certificate!(client, input)

Specs:

Same as delete_server_certificate/2 but raise on error.

Source
delete_signing_certificate(client, input)

Specs:

DeleteSigningCertificate

Deletes the specified signing certificate associated with the specified user.

If you do not specify a user name, IAM determines the user name implicitly based on the AWS access key ID signing the request. Because this action works for access keys under the AWS account, you can use this action to manage root credentials even if the AWS account has no associated users.

Source
delete_signing_certificate!(client, input)

Specs:

Same as delete_signing_certificate/2 but raise on error.

Source
delete_ssh_public_key(client, input)

Specs:

DeleteSSHPublicKey

Deletes the specified SSH public key.

The SSH public key deleted by this action is used only for authenticating the associated IAM user to an AWS CodeCommit repository. For more information about using SSH keys to authenticate to an AWS CodeCommit repository, see Set up AWS CodeCommit for SSH Connections in the AWS CodeCommit User Guide.

Source
delete_ssh_public_key!(client, input)

Specs:

Same as delete_ssh_public_key/2 but raise on error.

Source
delete_user(client, input)

Specs:

  • delete_user(client :: ExAws.Iam.t, input :: delete_user_request) :: ExAws.Request.Query.response_t

DeleteUser

Deletes the specified user. The user must not belong to any groups, have any keys or signing certificates, or have any attached policies.

Source
delete_user!(client, input)

Specs:

  • delete_user!(client :: ExAws.Iam.t, input :: delete_user_request) :: ExAws.Request.Query.success_t | no_return

Same as delete_user/2 but raise on error.

Source
delete_user_policy(client, input)

Specs:

DeleteUserPolicy

Deletes the specified inline policy that is embedded in the specified user.

A user can also have managed policies attached to it. To detach a managed policy from a user, use DetachUserPolicy. For more information about policies, refer to Managed Policies and Inline Policies in the Using IAM guide.

Source
delete_user_policy!(client, input)

Specs:

Same as delete_user_policy/2 but raise on error.

Source
delete_virtual_mfa_device(client, input)

Specs:

DeleteVirtualMFADevice

Deletes a virtual MFA device.

Note: You must deactivate a user’s virtual MFA device before you can delete it. For information about deactivating MFA devices, see DeactivateMFADevice.

Source
delete_virtual_mfa_device!(client, input)

Specs:

Same as delete_virtual_mfa_device/2 but raise on error.

Source
detach_group_policy(client, input)

Specs:

DetachGroupPolicy

Removes the specified managed policy from the specified group.

A group can also have inline policies embedded with it. To delete an inline policy, use the DeleteGroupPolicy API. For information about policies, refer to Managed Policies and Inline Policies in the Using IAM guide.

Source
detach_group_policy!(client, input)

Specs:

Same as detach_group_policy/2 but raise on error.

Source
detach_role_policy(client, input)

Specs:

DetachRolePolicy

Removes the specified managed policy from the specified role.

A role can also have inline policies embedded with it. To delete an inline policy, use the DeleteRolePolicy API. For information about policies, refer to Managed Policies and Inline Policies in the Using IAM guide.

Source
detach_role_policy!(client, input)

Specs:

Same as detach_role_policy/2 but raise on error.

Source
detach_user_policy(client, input)

Specs:

DetachUserPolicy

Removes the specified managed policy from the specified user.

A user can also have inline policies embedded with it. To delete an inline policy, use the DeleteUserPolicy API. For information about policies, refer to Managed Policies and Inline Policies in the Using IAM guide.

Source
detach_user_policy!(client, input)

Specs:

Same as detach_user_policy/2 but raise on error.

Source
enable_mfa_device(client, input)

Specs:

EnableMFADevice

Enables the specified MFA device and associates it with the specified user name. When enabled, the MFA device is required for every subsequent login by the user name associated with the device.

Source
enable_mfa_device!(client, input)

Specs:

Same as enable_mfa_device/2 but raise on error.

Source
generate_credential_report(client)

Specs:

  • generate_credential_report(client :: ExAws.Iam.t) :: ExAws.Request.Query.response_t

GenerateCredentialReport

Generates a credential report for the AWS account. For more information about the credential report, see Getting Credential Reports in the Using IAM guide.

Source
generate_credential_report!(client)

Specs:

  • generate_credential_report!(client :: ExAws.Iam.t) :: ExAws.Request.Query.success_t | no_return

Same as generate_credential_report/2 but raise on error.

Source
get_access_key_last_used(client, input)

Specs:

GetAccessKeyLastUsed

Retrieves information about when the specified access key was last used. The information includes the date and time of last use, along with the AWS service and region that were specified in the last request made with that key.

Source
get_access_key_last_used!(client, input)

Specs:

Same as get_access_key_last_used/2 but raise on error.

Source
get_account_authorization_details(client, input)

Specs:

GetAccountAuthorizationDetails

Retrieves information about all IAM users, groups, roles, and policies in your account, including their relationships to one another. Use this API to obtain a snapshot of the configuration of IAM permissions (users, groups, roles, and policies) in your account.

You can optionally filter the results using the Filter parameter. You can paginate the results using the MaxItems and Marker parameters.

Source
get_account_authorization_details!(client, input)

Specs:

Same as get_account_authorization_details/2 but raise on error.

Source
get_account_password_policy(client)

Specs:

  • get_account_password_policy(client :: ExAws.Iam.t) :: ExAws.Request.Query.response_t

GetAccountPasswordPolicy

Retrieves the password policy for the AWS account. For more information about using a password policy, go to Managing an IAM Password Policy.

Source
get_account_password_policy!(client)

Specs:

  • get_account_password_policy!(client :: ExAws.Iam.t) :: ExAws.Request.Query.success_t | no_return

Same as get_account_password_policy/2 but raise on error.

Source
get_account_summary(client)

Specs:

  • get_account_summary(client :: ExAws.Iam.t) :: ExAws.Request.Query.response_t

GetAccountSummary

Retrieves information about IAM entity usage and IAM quotas in the AWS account.

For information about limitations on IAM entities, see Limitations on IAM Entities in the Using IAM guide.

Source
get_account_summary!(client)

Specs:

  • get_account_summary!(client :: ExAws.Iam.t) :: ExAws.Request.Query.success_t | no_return

Same as get_account_summary/2 but raise on error.

Source
get_credential_report(client)

Specs:

  • get_credential_report(client :: ExAws.Iam.t) :: ExAws.Request.Query.response_t

GetCredentialReport

Retrieves a credential report for the AWS account. For more information about the credential report, see Getting Credential Reports in the Using IAM guide.

Source
get_credential_report!(client)

Specs:

  • get_credential_report!(client :: ExAws.Iam.t) :: ExAws.Request.Query.success_t | no_return

Same as get_credential_report/2 but raise on error.

Source
get_group(client, input)

Specs:

  • get_group(client :: ExAws.Iam.t, input :: get_group_request) :: ExAws.Request.Query.response_t

GetGroup

Returns a list of users that are in the specified group. You can paginate the results using the MaxItems and Marker parameters.

Source
get_group!(client, input)

Specs:

  • get_group!(client :: ExAws.Iam.t, input :: get_group_request) :: ExAws.Request.Query.success_t | no_return

Same as get_group/2 but raise on error.

Source
get_group_policy(client, input)

Specs:

GetGroupPolicy

Retrieves the specified inline policy document that is embedded in the specified group.

A group can also have managed policies attached to it. To retrieve a managed policy document that is attached to a group, use GetPolicy to determine the policy’s default version, then use GetPolicyVersion to retrieve the policy document.

For more information about policies, refer to Managed Policies and Inline Policies in the Using IAM guide.

Source
get_group_policy!(client, input)

Specs:

  • get_group_policy!(client :: ExAws.Iam.t, input :: get_group_policy_request) :: ExAws.Request.Query.success_t | no_return

Same as get_group_policy/2 but raise on error.

Source
get_instance_profile(client, input)

Specs:

GetInstanceProfile

Retrieves information about the specified instance profile, including the instance profile’s path, GUID, ARN, and role. For more information about instance profiles, go to About Instance Profiles. For more information about ARNs, go to ARNs.

Source
get_instance_profile!(client, input)

Specs:

Same as get_instance_profile/2 but raise on error.

Source
get_login_profile(client, input)

Specs:

GetLoginProfile

Retrieves the user name and password-creation date for the specified user. If the user has not been assigned a password, the action returns a 404 (NoSuchEntity) error.

Source
get_login_profile!(client, input)

Specs:

Same as get_login_profile/2 but raise on error.

Source
get_open_id_connect_provider(client, input)

Specs:

GetOpenIDConnectProvider

Returns information about the specified OpenID Connect provider.

Source
get_open_id_connect_provider!(client, input)

Specs:

Same as get_open_id_connect_provider/2 but raise on error.

Source
get_policy(client, input)

Specs:

  • get_policy(client :: ExAws.Iam.t, input :: get_policy_request) :: ExAws.Request.Query.response_t

GetPolicy

Retrieves information about the specified managed policy, including the policy’s default version and the total number of users, groups, and roles that the policy is attached to. For a list of the specific users, groups, and roles that the policy is attached to, use the ListEntitiesForPolicy API. This API returns metadata about the policy. To retrieve the policy document for a specific version of the policy, use GetPolicyVersion.

This API retrieves information about managed policies. To retrieve information about an inline policy that is embedded with a user, group, or role, use the GetUserPolicy, GetGroupPolicy, or GetRolePolicy API.

For more information about policies, refer to Managed Policies and Inline Policies in the Using IAM guide.

Source
get_policy!(client, input)

Specs:

  • get_policy!(client :: ExAws.Iam.t, input :: get_policy_request) :: ExAws.Request.Query.success_t | no_return

Same as get_policy/2 but raise on error.

Source
get_policy_version(client, input)

Specs:

GetPolicyVersion

Retrieves information about the specified version of the specified managed policy, including the policy document.

To list the available versions for a policy, use ListPolicyVersions.

This API retrieves information about managed policies. To retrieve information about an inline policy that is embedded in a user, group, or role, use the GetUserPolicy, GetGroupPolicy, or GetRolePolicy API.

For more information about the types of policies, refer to Managed Policies and Inline Policies in the Using IAM guide.

Source
get_policy_version!(client, input)

Specs:

Same as get_policy_version/2 but raise on error.

Source
get_role(client, input)

Specs:

  • get_role(client :: ExAws.Iam.t, input :: get_role_request) :: ExAws.Request.Query.response_t

GetRole

Retrieves information about the specified role, including the role’s path, GUID, ARN, and the policy granting permission to assume the role. For more information about ARNs, go to ARNs. For more information about roles, go to Working with Roles.

Source
get_role!(client, input)

Specs:

  • get_role!(client :: ExAws.Iam.t, input :: get_role_request) :: ExAws.Request.Query.success_t | no_return

Same as get_role/2 but raise on error.

Source
get_role_policy(client, input)

Specs:

GetRolePolicy

Retrieves the specified inline policy document that is embedded with the specified role.

A role can also have managed policies attached to it. To retrieve a managed policy document that is attached to a role, use GetPolicy to determine the policy’s default version, then use GetPolicyVersion to retrieve the policy document.

For more information about policies, refer to Managed Policies and Inline Policies in the Using IAM guide.

For more information about roles, go to Using Roles to Delegate Permissions and Federate Identities.

Source
get_role_policy!(client, input)

Specs:

  • get_role_policy!(client :: ExAws.Iam.t, input :: get_role_policy_request) :: ExAws.Request.Query.success_t | no_return

Same as get_role_policy/2 but raise on error.

Source
get_saml_provider(client, input)

Specs:

GetSAMLProvider

Returns the SAML provider metadocument that was uploaded when the provider was created or updated.

Note:This operation requires Signature Version 4.

Source
get_saml_provider!(client, input)

Specs:

Same as get_saml_provider/2 but raise on error.

Source
get_server_certificate(client, input)

Specs:

GetServerCertificate

Retrieves information about the specified server certificate.

Source
get_server_certificate!(client, input)

Specs:

Same as get_server_certificate/2 but raise on error.

Source
get_ssh_public_key(client, input)

Specs:

GetSSHPublicKey

Retrieves the specified SSH public key, including metadata about the key.

The SSH public key retrieved by this action is used only for authenticating the associated IAM user to an AWS CodeCommit repository. For more information about using SSH keys to authenticate to an AWS CodeCommit repository, see Set up AWS CodeCommit for SSH Connections in the AWS CodeCommit User Guide.

Source
get_ssh_public_key!(client, input)

Specs:

Same as get_ssh_public_key/2 but raise on error.

Source
get_user(client, input)

Specs:

  • get_user(client :: ExAws.Iam.t, input :: get_user_request) :: ExAws.Request.Query.response_t

GetUser

Retrieves information about the specified user, including the user’s creation date, path, unique ID, and ARN.

If you do not specify a user name, IAM determines the user name implicitly based on the AWS access key ID used to sign the request.

Source
get_user!(client, input)

Specs:

  • get_user!(client :: ExAws.Iam.t, input :: get_user_request) :: ExAws.Request.Query.success_t | no_return

Same as get_user/2 but raise on error.

Source
get_user_policy(client, input)

Specs:

GetUserPolicy

Retrieves the specified inline policy document that is embedded in the specified user.

A user can also have managed policies attached to it. To retrieve a managed policy document that is attached to a user, use GetPolicy to determine the policy’s default version, then use GetPolicyVersion to retrieve the policy document.

For more information about policies, refer to Managed Policies and Inline Policies in the Using IAM guide.

Source
get_user_policy!(client, input)

Specs:

  • get_user_policy!(client :: ExAws.Iam.t, input :: get_user_policy_request) :: ExAws.Request.Query.success_t | no_return

Same as get_user_policy/2 but raise on error.

Source
list_access_keys(client, input)

Specs:

ListAccessKeys

Returns information about the access key IDs associated with the specified user. If there are none, the action returns an empty list.

Although each user is limited to a small number of keys, you can still paginate the results using the MaxItems and Marker parameters.

If the UserName field is not specified, the UserName is determined implicitly based on the AWS access key ID used to sign the request. Because this action works for access keys under the AWS account, you can use this action to manage root credentials even if the AWS account has no associated users.

Note:To ensure the security of your AWS account, the secret access key is accessible only during key and user creation.

Source
list_access_keys!(client, input)

Specs:

  • list_access_keys!(client :: ExAws.Iam.t, input :: list_access_keys_request) :: ExAws.Request.Query.success_t | no_return

Same as list_access_keys/2 but raise on error.

Source
list_account_aliases(client, input)

Specs:

ListAccountAliases

Lists the account aliases associated with the account. For information about using an AWS account alias, see Using an Alias for Your AWS Account ID in the Using IAM guide.

You can paginate the results using the MaxItems and Marker parameters.

Source
list_account_aliases!(client, input)

Specs:

Same as list_account_aliases/2 but raise on error.

Source
list_attached_group_policies(client, input)

Specs:

ListAttachedGroupPolicies

Lists all managed policies that are attached to the specified group.

A group can also have inline policies embedded with it. To list the inline policies for a group, use the ListGroupPolicies API. For information about policies, refer to Managed Policies and Inline Policies in the Using IAM guide.

You can paginate the results using the MaxItems and Marker parameters. You can use the PathPrefix parameter to limit the list of policies to only those matching the specified path prefix. If there are no policies attached to the specified group (or none that match the specified path prefix), the action returns an empty list.

Source
list_attached_group_policies!(client, input)

Specs:

Same as list_attached_group_policies/2 but raise on error.

Source
list_attached_role_policies(client, input)

Specs:

ListAttachedRolePolicies

Lists all managed policies that are attached to the specified role.

A role can also have inline policies embedded with it. To list the inline policies for a role, use the ListRolePolicies API. For information about policies, refer to Managed Policies and Inline Policies in the Using IAM guide.

You can paginate the results using the MaxItems and Marker parameters. You can use the PathPrefix parameter to limit the list of policies to only those matching the specified path prefix. If there are no policies attached to the specified role (or none that match the specified path prefix), the action returns an empty list.

Source
list_attached_role_policies!(client, input)

Specs:

Same as list_attached_role_policies/2 but raise on error.

Source
list_attached_user_policies(client, input)

Specs:

ListAttachedUserPolicies

Lists all managed policies that are attached to the specified user.

A user can also have inline policies embedded with it. To list the inline policies for a user, use the ListUserPolicies API. For information about policies, refer to Managed Policies and Inline Policies in the Using IAM guide.

You can paginate the results using the MaxItems and Marker parameters. You can use the PathPrefix parameter to limit the list of policies to only those matching the specified path prefix. If there are no policies attached to the specified group (or none that match the specified path prefix), the action returns an empty list.

Source
list_attached_user_policies!(client, input)

Specs:

Same as list_attached_user_policies/2 but raise on error.

Source
list_entities_for_policy(client, input)

Specs:

ListEntitiesForPolicy

Lists all users, groups, and roles that the specified managed policy is attached to.

You can use the optional EntityFilter parameter to limit the results to a particular type of entity (users, groups, or roles). For example, to list only the roles that are attached to the specified policy, set EntityFilter to Role.

You can paginate the results using the MaxItems and Marker parameters.

Source
list_entities_for_policy!(client, input)

Specs:

Same as list_entities_for_policy/2 but raise on error.

Source
list_group_policies(client, input)

Specs:

ListGroupPolicies

Lists the names of the inline policies that are embedded in the specified group.

A group can also have managed policies attached to it. To list the managed policies that are attached to a group, use ListAttachedGroupPolicies. For more information about policies, refer to Managed Policies and Inline Policies in the Using IAM guide.

You can paginate the results using the MaxItems and Marker parameters. If there are no inline policies embedded with the specified group, the action returns an empty list.

Source
list_group_policies!(client, input)

Specs:

Same as list_group_policies/2 but raise on error.

Source
list_groups(client, input)

Specs:

  • list_groups(client :: ExAws.Iam.t, input :: list_groups_request) :: ExAws.Request.Query.response_t

ListGroups

Lists the groups that have the specified path prefix.

You can paginate the results using the MaxItems and Marker parameters.

Source
list_groups!(client, input)

Specs:

  • list_groups!(client :: ExAws.Iam.t, input :: list_groups_request) :: ExAws.Request.Query.success_t | no_return

Same as list_groups/2 but raise on error.

Source
list_groups_for_user(client, input)

Specs:

ListGroupsForUser

Lists the groups the specified user belongs to.

You can paginate the results using the MaxItems and Marker parameters.

Source
list_groups_for_user!(client, input)

Specs:

Same as list_groups_for_user/2 but raise on error.

Source
list_instance_profiles(client, input)

Specs:

ListInstanceProfiles

Lists the instance profiles that have the specified path prefix. If there are none, the action returns an empty list. For more information about instance profiles, go to About Instance Profiles.

You can paginate the results using the MaxItems and Marker parameters.

Source
list_instance_profiles!(client, input)

Specs:

Same as list_instance_profiles/2 but raise on error.

Source
list_instance_profiles_for_role(client, input)

Specs:

ListInstanceProfilesForRole

Lists the instance profiles that have the specified associated role. If there are none, the action returns an empty list. For more information about instance profiles, go to About Instance Profiles.

You can paginate the results using the MaxItems and Marker parameters.

Source
list_instance_profiles_for_role!(client, input)

Specs:

Same as list_instance_profiles_for_role/2 but raise on error.

Source
list_mfa_devices(client, input)

Specs:

ListMFADevices

Lists the MFA devices. If the request includes the user name, then this action lists all the MFA devices associated with the specified user name. If you do not specify a user name, IAM determines the user name implicitly based on the AWS access key ID signing the request.

You can paginate the results using the MaxItems and Marker parameters.

Source
list_mfa_devices!(client, input)

Specs:

  • list_mfa_devices!(client :: ExAws.Iam.t, input :: list_mfa_devices_request) :: ExAws.Request.Query.success_t | no_return

Same as list_mfa_devices/2 but raise on error.

Source
list_open_id_connect_providers(client, input)

Specs:

ListOpenIDConnectProviders

Lists information about the OpenID Connect providers in the AWS account.

Source
list_open_id_connect_providers!(client, input)

Specs:

Same as list_open_id_connect_providers/2 but raise on error.

Source
list_policies(client, input)

Specs:

ListPolicies

Lists all the managed policies that are available to your account, including your own customer managed policies and all AWS managed policies.

You can filter the list of policies that is returned using the optional OnlyAttached, Scope, and PathPrefix parameters. For example, to list only the customer managed policies in your AWS account, set Scope to Local. To list only AWS managed policies, set Scope to AWS.

You can paginate the results using the MaxItems and Marker parameters.

For more information about managed policies, refer to Managed Policies and Inline Policies in the Using IAM guide.

Source
list_policies!(client, input)

Specs:

  • list_policies!(client :: ExAws.Iam.t, input :: list_policies_request) :: ExAws.Request.Query.success_t | no_return

Same as list_policies/2 but raise on error.

Source
list_policy_versions(client, input)

Specs:

ListPolicyVersions

Lists information about the versions of the specified managed policy, including the version that is set as the policy’s default version.

For more information about managed policies, refer to Managed Policies and Inline Policies in the Using IAM guide.

Source
list_policy_versions!(client, input)

Specs:

Same as list_policy_versions/2 but raise on error.

Source
list_role_policies(client, input)

Specs:

ListRolePolicies

Lists the names of the inline policies that are embedded in the specified role.

A role can also have managed policies attached to it. To list the managed policies that are attached to a role, use ListAttachedRolePolicies. For more information about policies, refer to Managed Policies and Inline Policies in the Using IAM guide.

You can paginate the results using the MaxItems and Marker parameters. If there are no inline policies embedded with the specified role, the action returns an empty list.

Source
list_role_policies!(client, input)

Specs:

Same as list_role_policies/2 but raise on error.

Source
list_roles(client, input)

Specs:

  • list_roles(client :: ExAws.Iam.t, input :: list_roles_request) :: ExAws.Request.Query.response_t

ListRoles

Lists the roles that have the specified path prefix. If there are none, the action returns an empty list. For more information about roles, go to Working with Roles.

You can paginate the results using the MaxItems and Marker parameters.

Source
list_roles!(client, input)

Specs:

  • list_roles!(client :: ExAws.Iam.t, input :: list_roles_request) :: ExAws.Request.Query.success_t | no_return

Same as list_roles/2 but raise on error.

Source
list_saml_providers(client, input)

Specs:

ListSAMLProviders

Lists the SAML providers in the account.

Note: This operation requires Signature Version 4.

Source
list_saml_providers!(client, input)

Specs:

Same as list_saml_providers/2 but raise on error.

Source
list_server_certificates(client, input)

Specs:

ListServerCertificates

Lists the server certificates that have the specified path prefix. If none exist, the action returns an empty list.

You can paginate the results using the MaxItems and Marker parameters.

Source
list_server_certificates!(client, input)

Specs:

Same as list_server_certificates/2 but raise on error.

Source
list_signing_certificates(client, input)

Specs:

ListSigningCertificates

Returns information about the signing certificates associated with the specified user. If there are none, the action returns an empty list.

Although each user is limited to a small number of signing certificates, you can still paginate the results using the MaxItems and Marker parameters.

If the UserName field is not specified, the user name is determined implicitly based on the AWS access key ID used to sign the request. Because this action works for access keys under the AWS account, you can use this action to manage root credentials even if the AWS account has no associated users.

Source
list_signing_certificates!(client, input)

Specs:

Same as list_signing_certificates/2 but raise on error.

Source
list_ssh_public_keys(client, input)

Specs:

ListSSHPublicKeys

Returns information about the SSH public keys associated with the specified IAM user. If there are none, the action returns an empty list.

The SSH public keys returned by this action are used only for authenticating the IAM user to an AWS CodeCommit repository. For more information about using SSH keys to authenticate to an AWS CodeCommit repository, see Set up AWS CodeCommit for SSH Connections in the AWS CodeCommit User Guide.

Although each user is limited to a small number of keys, you can still paginate the results using the MaxItems and Marker parameters.

Source
list_ssh_public_keys!(client, input)

Specs:

Same as list_ssh_public_keys/2 but raise on error.

Source
list_user_policies(client, input)

Specs:

ListUserPolicies

Lists the names of the inline policies embedded in the specified user.

A user can also have managed policies attached to it. To list the managed policies that are attached to a user, use ListAttachedUserPolicies. For more information about policies, refer to Managed Policies and Inline Policies in the Using IAM guide.

You can paginate the results using the MaxItems and Marker parameters. If there are no inline policies embedded with the specified user, the action returns an empty list.

Source
list_user_policies!(client, input)

Specs:

Same as list_user_policies/2 but raise on error.

Source
list_users(client, input)

Specs:

  • list_users(client :: ExAws.Iam.t, input :: list_users_request) :: ExAws.Request.Query.response_t

ListUsers

Lists the IAM users that have the specified path prefix. If no path prefix is specified, the action returns all users in the AWS account. If there are none, the action returns an empty list.

You can paginate the results using the MaxItems and Marker parameters.

Source
list_users!(client, input)

Specs:

  • list_users!(client :: ExAws.Iam.t, input :: list_users_request) :: ExAws.Request.Query.success_t | no_return

Same as list_users/2 but raise on error.

Source
list_virtual_mfa_devices(client, input)

Specs:

ListVirtualMFADevices

Lists the virtual MFA devices under the AWS account by assignment status. If you do not specify an assignment status, the action returns a list of all virtual MFA devices. Assignment status can be Assigned, Unassigned, or Any.

You can paginate the results using the MaxItems and Marker parameters.

Source
list_virtual_mfa_devices!(client, input)

Specs:

Same as list_virtual_mfa_devices/2 but raise on error.

Source
put_group_policy(client, input)

Specs:

PutGroupPolicy

Adds (or updates) an inline policy document that is embedded in the specified group.

A user can also have managed policies attached to it. To attach a managed policy to a group, use AttachGroupPolicy. To create a new managed policy, use CreatePolicy. For information about policies, refer to Managed Policies and Inline Policies in the Using IAM guide.

For information about limits on the number of inline policies that you can embed in a group, see Limitations on IAM Entities in the Using IAM guide.

Note:Because policy documents can be large, you should use POST rather than GET when calling PutGroupPolicy. For general information about using the Query API with IAM, go to Making Query Requests in the Using IAM guide.

Source
put_group_policy!(client, input)

Specs:

  • put_group_policy!(client :: ExAws.Iam.t, input :: put_group_policy_request) :: ExAws.Request.Query.success_t | no_return

Same as put_group_policy/2 but raise on error.

Source
put_role_policy(client, input)

Specs:

PutRolePolicy

Adds (or updates) an inline policy document that is embedded in the specified role.

When you embed an inline policy in a role, the inline policy is used as the role’s access (permissions) policy. The role’s trust policy is created at the same time as the role, using CreateRole. You can update a role’s trust policy using UpdateAssumeRolePolicy. For more information about roles, go to Using Roles to Delegate Permissions and Federate Identities.

A role can also have a managed policy attached to it. To attach a managed policy to a role, use AttachRolePolicy. To create a new managed policy, use CreatePolicy. For information about policies, refer to Managed Policies and Inline Policies in the Using IAM guide.

For information about limits on the number of inline policies that you can embed with a role, see Limitations on IAM Entities in the Using IAM guide.

Note:Because policy documents can be large, you should use POST rather than GET when calling PutRolePolicy. For general information about using the Query API with IAM, go to Making Query Requests in the Using IAM guide.

Source
put_role_policy!(client, input)

Specs:

  • put_role_policy!(client :: ExAws.Iam.t, input :: put_role_policy_request) :: ExAws.Request.Query.success_t | no_return

Same as put_role_policy/2 but raise on error.

Source
put_user_policy(client, input)

Specs:

PutUserPolicy

Adds (or updates) an inline policy document that is embedded in the specified user.

A user can also have a managed policy attached to it. To attach a managed policy to a user, use AttachUserPolicy. To create a new managed policy, use CreatePolicy. For information about policies, refer to Managed Policies and Inline Policies in the Using IAM guide.

For information about limits on the number of inline policies that you can embed in a user, see Limitations on IAM Entities in the Using IAM guide.

Note:Because policy documents can be large, you should use POST rather than GET when calling PutUserPolicy. For general information about using the Query API with IAM, go to Making Query Requests in the Using IAM guide.

Source
put_user_policy!(client, input)

Specs:

  • put_user_policy!(client :: ExAws.Iam.t, input :: put_user_policy_request) :: ExAws.Request.Query.success_t | no_return

Same as put_user_policy/2 but raise on error.

Source
remove_client_id_from_open_id_connect_provider(client, input)

Specs:

RemoveClientIDFromOpenIDConnectProvider

Removes the specified client ID (also known as audience) from the list of client IDs registered for the specified IAM OpenID Connect provider.

This action is idempotent; it does not fail or return an error if you try to remove a client ID that was removed previously.

Source
remove_client_id_from_open_id_connect_provider!(client, input)

Specs:

Same as remove_client_id_from_open_id_connect_provider/2 but raise on error.

Source
remove_role_from_instance_profile(client, input)

Specs:

RemoveRoleFromInstanceProfile

Removes the specified role from the specified instance profile.

Make sure you do not have any Amazon EC2 instances running with the role you are about to remove from the instance profile. Removing a role from an instance profile that is associated with a running instance will break any applications running on the instance. For more information about roles, go to Working with Roles. For more information about instance profiles, go to About Instance Profiles.

Source
remove_role_from_instance_profile!(client, input)

Specs:

Same as remove_role_from_instance_profile/2 but raise on error.

Source
remove_user_from_group(client, input)

Specs:

RemoveUserFromGroup

Removes the specified user from the specified group.

Source
remove_user_from_group!(client, input)

Specs:

Same as remove_user_from_group/2 but raise on error.

Source
resync_mfa_device(client, input)

Specs:

ResyncMFADevice

Synchronizes the specified MFA device with AWS servers.

For more information about creating and working with virtual MFA devices, go to Using a Virtual MFA Device in the Using IAM guide.

Source
resync_mfa_device!(client, input)

Specs:

Same as resync_mfa_device/2 but raise on error.

Source
set_default_policy_version(client, input)

Specs:

SetDefaultPolicyVersion

Sets the specified version of the specified policy as the policy’s default (operative) version.

This action affects all users, groups, and roles that the policy is attached to. To list the users, groups, and roles that the policy is attached to, use the ListEntitiesForPolicy API.

For information about managed policies, refer to Managed Policies and Inline Policies in the Using IAM guide.

Source
set_default_policy_version!(client, input)

Specs:

Same as set_default_policy_version/2 but raise on error.

Source
update_access_key(client, input)

Specs:

UpdateAccessKey

Changes the status of the specified access key from Active to Inactive, or vice versa. This action can be used to disable a user’s key as part of a key rotation work flow.

If the UserName field is not specified, the UserName is determined implicitly based on the AWS access key ID used to sign the request. Because this action works for access keys under the AWS account, you can use this action to manage root credentials even if the AWS account has no associated users.

For information about rotating keys, see Managing Keys and Certificates in the Using IAM guide.

Source
update_access_key!(client, input)

Specs:

Same as update_access_key/2 but raise on error.

Source
update_account_password_policy(client, input)

Specs:

UpdateAccountPasswordPolicy

Updates the password policy settings for the AWS account.

Note: This action does not support partial updates. No parameters are required, but if you do not specify a parameter, that parameter’s value reverts to its default value. See the Request Parameters section for each parameter’s default value.

For more information about using a password policy, see Managing an IAM Password Policy in the Using IAM guide.

Source
update_account_password_policy!(client, input)

Specs:

Same as update_account_password_policy/2 but raise on error.

Source
update_assume_role_policy(client, input)

Specs:

UpdateAssumeRolePolicy

Updates the policy that grants an entity permission to assume a role. For more information about roles, go to Using Roles to Delegate Permissions and Federate Identities.

Source
update_assume_role_policy!(client, input)

Specs:

Same as update_assume_role_policy/2 but raise on error.

Source
update_group(client, input)

Specs:

  • update_group(client :: ExAws.Iam.t, input :: update_group_request) :: ExAws.Request.Query.response_t

UpdateGroup

Updates the name and/or the path of the specified group.

You should understand the implications of changing a group’s path or name. For more information, see Renaming Users and Groups in the Using IAM guide. Note:To change a group name the requester must have appropriate permissions on both the source object and the target object. For example, to change Managers to MGRs, the entity making the request must have permission on Managers and MGRs, or must have permission on all (*). For more information about permissions, see Permissions and Policies.

Source
update_group!(client, input)

Specs:

  • update_group!(client :: ExAws.Iam.t, input :: update_group_request) :: ExAws.Request.Query.success_t | no_return

Same as update_group/2 but raise on error.

Source
update_login_profile(client, input)

Specs:

UpdateLoginProfile

Changes the password for the specified user.

Users can change their own passwords by calling ChangePassword. For more information about modifying passwords, see Managing Passwords in the Using IAM guide.

Source
update_login_profile!(client, input)

Specs:

Same as update_login_profile/2 but raise on error.

Source
update_open_id_connect_provider_thumbprint(client, input)

Specs:

UpdateOpenIDConnectProviderThumbprint

Replaces the existing list of server certificate thumbprints with a new list.

The list that you pass with this action completely replaces the existing list of thumbprints. (The lists are not merged.)

Typically, you need to update a thumbprint only when the identity provider’s certificate changes, which occurs rarely. However, if the provider’s certificate does change, any attempt to assume an IAM role that specifies the OIDC provider as a principal will fail until the certificate thumbprint is updated.

Note:Because trust for the OpenID Connect provider is ultimately derived from the provider’s certificate and is validated by the thumbprint, it is a best practice to limit access to the UpdateOpenIDConnectProviderThumbprint action to highly-privileged users.

Source
update_open_id_connect_provider_thumbprint!(client, input)

Specs:

Same as update_open_id_connect_provider_thumbprint/2 but raise on error.

Source
update_saml_provider(client, input)

Specs:

UpdateSAMLProvider

Updates the metadata document for an existing SAML provider.

Note:This operation requires Signature Version 4.

Source
update_saml_provider!(client, input)

Specs:

Same as update_saml_provider/2 but raise on error.

Source
update_server_certificate(client, input)

Specs:

UpdateServerCertificate

Updates the name and/or the path of the specified server certificate.

You should understand the implications of changing a server certificate’s path or name. For more information, see Managing Server Certificates in the Using IAM guide. Note:To change a server certificate name the requester must have appropriate permissions on both the source object and the target object. For example, to change the name from ProductionCert to ProdCert, the entity making the request must have permission on ProductionCert and ProdCert, or must have permission on all (*). For more information about permissions, see Permissions and Policies.

Source
update_server_certificate!(client, input)

Specs:

Same as update_server_certificate/2 but raise on error.

Source
update_signing_certificate(client, input)

Specs:

UpdateSigningCertificate

Changes the status of the specified signing certificate from active to disabled, or vice versa. This action can be used to disable a user’s signing certificate as part of a certificate rotation work flow.

If the UserName field is not specified, the UserName is determined implicitly based on the AWS access key ID used to sign the request. Because this action works for access keys under the AWS account, you can use this action to manage root credentials even if the AWS account has no associated users.

Source
update_signing_certificate!(client, input)

Specs:

Same as update_signing_certificate/2 but raise on error.

Source
update_ssh_public_key(client, input)

Specs:

UpdateSSHPublicKey

Sets the status of the specified SSH public key to active or inactive. SSH public keys that are inactive cannot be used for authentication. This action can be used to disable a user’s SSH public key as part of a key rotation work flow.

The SSH public key affected by this action is used only for authenticating the associated IAM user to an AWS CodeCommit repository. For more information about using SSH keys to authenticate to an AWS CodeCommit repository, see Set up AWS CodeCommit for SSH Connections in the AWS CodeCommit User Guide.

Source
update_ssh_public_key!(client, input)

Specs:

Same as update_ssh_public_key/2 but raise on error.

Source
update_user(client, input)

Specs:

  • update_user(client :: ExAws.Iam.t, input :: update_user_request) :: ExAws.Request.Query.response_t

UpdateUser

Updates the name and/or the path of the specified user.

You should understand the implications of changing a user’s path or name. For more information, see Renaming Users and Groups in the Using IAM guide. Note: To change a user name the requester must have appropriate permissions on both the source object and the target object. For example, to change Bob to Robert, the entity making the request must have permission on Bob and Robert, or must have permission on all (*). For more information about permissions, see Permissions and Policies.

Source
update_user!(client, input)

Specs:

  • update_user!(client :: ExAws.Iam.t, input :: update_user_request) :: ExAws.Request.Query.success_t | no_return

Same as update_user/2 but raise on error.

Source
upload_server_certificate(client, input)

Specs:

UploadServerCertificate

Uploads a server certificate entity for the AWS account. The server certificate entity includes a public key certificate, a private key, and an optional certificate chain, which should all be PEM-encoded.

For information about the number of server certificates you can upload, see Limitations on IAM Entities in the Using IAM guide.

Note:Because the body of the public key certificate, private key, and the certificate chain can be large, you should use POST rather than GET when calling UploadServerCertificate. For information about setting up signatures and authorization through the API, go to Signing AWS API Requests in the AWS General Reference. For general information about using the Query API with IAM, go to Making Query Requests in the Using IAM guide.

Source
upload_server_certificate!(client, input)

Specs:

Same as upload_server_certificate/2 but raise on error.

Source
upload_signing_certificate(client, input)

Specs:

UploadSigningCertificate

Uploads an X.509 signing certificate and associates it with the specified user. Some AWS services use X.509 signing certificates to validate requests that are signed with a corresponding private key. When you upload the certificate, its default status is Active.

If the UserName field is not specified, the user name is determined implicitly based on the AWS access key ID used to sign the request. Because this action works for access keys under the AWS account, you can use this action to manage root credentials even if the AWS account has no associated users.

Note:Because the body of a X.509 certificate can be large, you should use POST rather than GET when calling UploadSigningCertificate. For information about setting up signatures and authorization through the API, go to Signing AWS API Requests in the AWS General Reference. For general information about using the Query API with IAM, go to Making Query Requests in the Using IAMguide.

Source
upload_signing_certificate!(client, input)

Specs:

Same as upload_signing_certificate/2 but raise on error.

Source
upload_ssh_public_key(client, input)

Specs:

UploadSSHPublicKey

Uploads an SSH public key and associates it with the specified IAM user.

The SSH public key uploaded by this action can be used only for authenticating the associated IAM user to an AWS CodeCommit repository. For more information about using SSH keys to authenticate to an AWS CodeCommit repository, see Set up AWS CodeCommit for SSH Connections in the AWS CodeCommit User Guide.

Source
upload_ssh_public_key!(client, input)

Specs:

Same as upload_ssh_public_key/2 but raise on error.

Source