com.amazonaws.services.identitymanagement.AmazonIdentityManagement Maven / Gradle / Ivy

Go to download

Show more of this group Show more artifacts with this name
Show all versions of aws-java-sdk-iam Show documentation

The AWS Java SDK for AWS IAM module holds the client classes that are used for communicating with AWS Identity and Access Management Service

There is a newer version: 1.12.788

Show newest version

/* * Copyright 2011-2016 Amazon.com, Inc. or its affiliates. All Rights Reserved. * * Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with * the License. A copy of the License is located at * * http://aws.amazon.com/apache2.0 * * or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR * CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions * and limitations under the License. */ package com.amazonaws.services.identitymanagement; import com.amazonaws.*; import com.amazonaws.regions.*; import com.amazonaws.services.identitymanagement.model.*; import com.amazonaws.services.identitymanagement.waiters.AmazonIdentityManagementWaiters; /** * Interface for accessing IAM. * * AWS Identity and Access Management * * AWS Identity and Access Management (IAM) is a web service that you can use to manage users and user permissions under * your AWS account. This guide provides descriptions of IAM actions that you can call programmatically. For general * information about IAM, see AWS Identity and Access Management (IAM). For the * user guide for IAM, see Using IAM. * * * * AWS provides SDKs that consist of libraries and sample code for various programming languages and platforms (Java, * Ruby, .NET, iOS, Android, etc.). The SDKs provide a convenient way to create programmatic access to IAM and AWS. For * example, the SDKs take care of tasks such as cryptographically signing requests (see below), managing errors, and * retrying requests automatically. For information about the AWS SDKs, including how to download and install them, see * the Tools for Amazon Web Services page. * * * * We recommend that you use the AWS SDKs to make programmatic API calls to IAM. However, you can also use the IAM Query * API to make direct calls to the IAM web service. To learn more about the IAM Query API, see Making Query Requests in the * Using IAM guide. IAM supports GET and POST requests for all actions. That is, the API does not require you to * use GET for some actions and POST for others. However, GET requests are subject to the limitation size of a URL. * Therefore, for operations that require larger sizes, use a POST request. * * * Signing Requests * * * Requests must be signed using an access key ID and a secret access key. We strongly recommend that you do not use * your AWS account access key ID and secret access key for everyday work with IAM. You can use the access key ID and * secret access key for an IAM user or you can use the AWS Security Token Service to generate temporary security * credentials and use those to sign requests. * * * To sign requests, we recommend that you use Signature Version 4. If you have an * existing application that uses Signature Version 2, you do not have to update it to use Signature Version 4. However, * some operations now require Signature Version 4. The documentation for operations that require version 4 indicate * this requirement. * * * Additional Resources * * * For more information, see the following: * * * * * AWS Security Credentials. * This topic provides general information about the types of credentials used for accessing AWS. * * * * * IAM Best Practices. This topic * presents a list of suggestions for using the IAM service to help secure your AWS resources. * * * * * Signing AWS API Requests. * This set of topics walk you through the process of signing a request using an access key ID and secret access key. * * * */ public interface AmazonIdentityManagement { /** * The region metadata service name for computing region endpoints. You can use this value to retrieve metadata * (such as supported regions) of the service. * * @see RegionUtils#getRegionsForService(String) */ String ENDPOINT_PREFIX = "iam"; /** * Overrides the default endpoint for this client ("iam.amazonaws.com"). Callers can use this method to control * which AWS region they want to work with. * * Callers can pass in just the endpoint (ex: "iam.amazonaws.com") or a full URL, including the protocol (ex: * "iam.amazonaws.com"). If the protocol is not specified here, the default protocol from this client's * {@link ClientConfiguration} will be used, which by default is HTTPS. * * For more information on using AWS regions with the AWS SDK for Java, and a complete list of all available * endpoints for all AWS services, see: * http://developer.amazonwebservices.com/connect/entry.jspa?externalID=3912 * * This method is not threadsafe. An endpoint should be configured when the client is created and before any * service requests are made. Changing it afterwards creates inevitable race conditions for any service requests in * transit or retrying. * * @param endpoint * The endpoint (ex: "iam.amazonaws.com") or a full URL, including the protocol (ex: "iam.amazonaws.com") of * the region specific AWS endpoint this client will communicate with. */ void setEndpoint(String endpoint); /** * An alternative to {@link AmazonIdentityManagement#setEndpoint(String)}, sets the regional endpoint for this * client's service calls. Callers can use this method to control which AWS region they want to work with. * * By default, all service endpoints in all regions use the https protocol. To use http instead, specify it in the * {@link ClientConfiguration} supplied at construction. * * This method is not threadsafe. A region should be configured when the client is created and before any service * requests are made. Changing it afterwards creates inevitable race conditions for any service requests in transit * or retrying. * * @param region * The region this client will communicate with. See {@link Region#getRegion(com.amazonaws.regions.Regions)} * for accessing a given region. Must not be null and must be a region where the service is available. * * @see Region#getRegion(com.amazonaws.regions.Regions) * @see Region#createClient(Class, com.amazonaws.auth.AWSCredentialsProvider, ClientConfiguration) * @see Region#isServiceSupported(String) */ void setRegion(Region region); /** * * Adds a new client ID (also known as audience) to the list of client IDs already registered for the specified IAM * OpenID Connect (OIDC) provider resource. * * * This action is idempotent; it does not fail or return an error if you add an existing client ID to the provider. * * * @param addClientIDToOpenIDConnectProviderRequest * @return Result of the AddClientIDToOpenIDConnectProvider operation returned by the service. * @throws InvalidInputException * The request was rejected because an invalid or out-of-range value was supplied for an input parameter. * @throws NoSuchEntityException * The request was rejected because it referenced an entity that does not exist. The error message describes * the entity. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current AWS account limits. * The error message describes the limit exceeded. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.AddClientIDToOpenIDConnectProvider */ AddClientIDToOpenIDConnectProviderResult addClientIDToOpenIDConnectProvider( AddClientIDToOpenIDConnectProviderRequest addClientIDToOpenIDConnectProviderRequest); /** * * Adds the specified IAM role to the specified instance profile. * * * * The caller of this API must be granted the PassRole permission on the IAM role by a permission * policy. * * * * For more information about roles, go to Working with Roles. For more * information about instance profiles, go to About Instance Profiles. * * * @param addRoleToInstanceProfileRequest * @return Result of the AddRoleToInstanceProfile operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced an entity that does not exist. The error message describes * the entity. * @throws EntityAlreadyExistsException * The request was rejected because it attempted to create a resource that already exists. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current AWS account limits. * The error message describes the limit exceeded. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.AddRoleToInstanceProfile */ AddRoleToInstanceProfileResult addRoleToInstanceProfile(AddRoleToInstanceProfileRequest addRoleToInstanceProfileRequest); /** * * Adds the specified user to the specified group. * * * @param addUserToGroupRequest * @return Result of the AddUserToGroup operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced an entity that does not exist. The error message describes * the entity. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current AWS account limits. * The error message describes the limit exceeded. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.AddUserToGroup */ AddUserToGroupResult addUserToGroup(AddUserToGroupRequest addUserToGroupRequest); /** * * Attaches the specified managed policy to the specified IAM group. * * * You use this API to attach a managed policy to a group. To embed an inline policy in a group, use * PutGroupPolicy. * * * For more information about policies, see Managed Policies and * Inline Policies in the IAM User Guide. * * * @param attachGroupPolicyRequest * @return Result of the AttachGroupPolicy operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced an entity that does not exist. The error message describes * the entity. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current AWS account limits. * The error message describes the limit exceeded. * @throws InvalidInputException * The request was rejected because an invalid or out-of-range value was supplied for an input parameter. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.AttachGroupPolicy */ AttachGroupPolicyResult attachGroupPolicy(AttachGroupPolicyRequest attachGroupPolicyRequest); /** * * Attaches the specified managed policy to the specified IAM role. * * * When you attach a managed policy to a role, the managed policy becomes part of the role's permission (access) * policy. You cannot use a managed policy as the role's trust policy. The role's trust policy is created at the * same time as the role, using CreateRole. You can update a role's trust policy using * UpdateAssumeRolePolicy. * * * Use this API to attach a managed policy to a role. To embed an inline policy in a role, use * PutRolePolicy. For more information about policies, see Managed Policies and * Inline Policies in the IAM User Guide. * * * @param attachRolePolicyRequest * @return Result of the AttachRolePolicy operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced an entity that does not exist. The error message describes * the entity. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current AWS account limits. * The error message describes the limit exceeded. * @throws InvalidInputException * The request was rejected because an invalid or out-of-range value was supplied for an input parameter. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.AttachRolePolicy */ AttachRolePolicyResult attachRolePolicy(AttachRolePolicyRequest attachRolePolicyRequest); /** * * Attaches the specified managed policy to the specified user. * * * You use this API to attach a managed policy to a user. To embed an inline policy in a user, use * PutUserPolicy. * * * For more information about policies, see Managed Policies and * Inline Policies in the IAM User Guide. * * * @param attachUserPolicyRequest * @return Result of the AttachUserPolicy operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced an entity that does not exist. The error message describes * the entity. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current AWS account limits. * The error message describes the limit exceeded. * @throws InvalidInputException * The request was rejected because an invalid or out-of-range value was supplied for an input parameter. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.AttachUserPolicy */ AttachUserPolicyResult attachUserPolicy(AttachUserPolicyRequest attachUserPolicyRequest); /** * * Changes the password of the IAM user who is calling this action. The root account password is not affected by * this action. * * * To change the password for a different user, see UpdateLoginProfile. For more information about modifying * passwords, see Managing * Passwords in the IAM User Guide. * * * @param changePasswordRequest * @return Result of the ChangePassword operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced an entity that does not exist. The error message describes * the entity. * @throws InvalidUserTypeException * The request was rejected because the type of user for the transaction was incorrect. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current AWS account limits. * The error message describes the limit exceeded. * @throws EntityTemporarilyUnmodifiableException * The request was rejected because it referenced an entity that is temporarily unmodifiable, such as a user * name that was deleted and then recreated. The error indicates that the request is likely to succeed if * you try again after waiting several minutes. The error message describes the entity. * @throws PasswordPolicyViolationException * The request was rejected because the provided password did not meet the requirements imposed by the * account password policy. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.ChangePassword */ ChangePasswordResult changePassword(ChangePasswordRequest changePasswordRequest); /** * * Creates a new AWS secret access key and corresponding AWS access key ID for the specified user. The default * status for new keys is Active. * * * If you do not specify a user name, IAM determines the user name implicitly based on the AWS access key ID signing * the request. Because this action works for access keys under the AWS account, you can use this action to manage * root credentials even if the AWS account has no associated users. * * * For information about limits on the number of keys you can create, see Limitations on IAM Entities * in the IAM User Guide. * * * * To ensure the security of your AWS account, the secret access key is accessible only during key and user * creation. You must save the key (for example, in a text file) if you want to be able to access it again. If a * secret key is lost, you can delete the access keys for the associated user and then create new keys. * * * * @param createAccessKeyRequest * @return Result of the CreateAccessKey operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced an entity that does not exist. The error message describes * the entity. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current AWS account limits. * The error message describes the limit exceeded. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.CreateAccessKey */ CreateAccessKeyResult createAccessKey(CreateAccessKeyRequest createAccessKeyRequest); /** * Simplified method form for invoking the CreateAccessKey operation. * * @see #createAccessKey(CreateAccessKeyRequest) */ CreateAccessKeyResult createAccessKey(); /** * * Creates an alias for your AWS account. For information about using an AWS account alias, see Using an Alias for Your AWS Account * ID in the IAM User Guide. * * * @param createAccountAliasRequest * @return Result of the CreateAccountAlias operation returned by the service. * @throws EntityAlreadyExistsException * The request was rejected because it attempted to create a resource that already exists. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current AWS account limits. * The error message describes the limit exceeded. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.CreateAccountAlias */ CreateAccountAliasResult createAccountAlias(CreateAccountAliasRequest createAccountAliasRequest); /** * * Creates a new group. * * * For information about the number of groups you can create, see Limitations on IAM Entities * in the IAM User Guide. * * * @param createGroupRequest * @return Result of the CreateGroup operation returned by the service. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current AWS account limits. * The error message describes the limit exceeded. * @throws EntityAlreadyExistsException * The request was rejected because it attempted to create a resource that already exists. * @throws NoSuchEntityException * The request was rejected because it referenced an entity that does not exist. The error message describes * the entity. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.CreateGroup */ CreateGroupResult createGroup(CreateGroupRequest createGroupRequest); /** * * Creates a new instance profile. For information about instance profiles, go to About Instance Profiles. * * * For information about the number of instance profiles you can create, see Limitations on IAM Entities * in the IAM User Guide. * * * @param createInstanceProfileRequest * @return Result of the CreateInstanceProfile operation returned by the service. * @throws EntityAlreadyExistsException * The request was rejected because it attempted to create a resource that already exists. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current AWS account limits. * The error message describes the limit exceeded. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.CreateInstanceProfile */ CreateInstanceProfileResult createInstanceProfile(CreateInstanceProfileRequest createInstanceProfileRequest); /** * * Creates a password for the specified user, giving the user the ability to access AWS services through the AWS * Management Console. For more information about managing passwords, see Managing Passwords in the * IAM User Guide. * * * @param createLoginProfileRequest * @return Result of the CreateLoginProfile operation returned by the service. * @throws EntityAlreadyExistsException * The request was rejected because it attempted to create a resource that already exists. * @throws NoSuchEntityException * The request was rejected because it referenced an entity that does not exist. The error message describes * the entity. * @throws PasswordPolicyViolationException * The request was rejected because the provided password did not meet the requirements imposed by the * account password policy. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current AWS account limits. * The error message describes the limit exceeded. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.CreateLoginProfile */ CreateLoginProfileResult createLoginProfile(CreateLoginProfileRequest createLoginProfileRequest); /** * * Creates an IAM entity to describe an identity provider (IdP) that supports OpenID Connect (OIDC). * * * The OIDC provider that you create with this operation can be used as a principal in a role's trust policy to * establish a trust relationship between AWS and the OIDC provider. * * * When you create the IAM OIDC provider, you specify the URL of the OIDC identity provider (IdP) to trust, a list * of client IDs (also known as audiences) that identify the application or applications that are allowed to * authenticate using the OIDC provider, and a list of thumbprints of the server certificate(s) that the IdP uses. * You get all of this information from the OIDC IdP that you want to use for access to AWS. * * * * Because trust for the OIDC provider is ultimately derived from the IAM provider that this action creates, it is a * best practice to limit access to the CreateOpenIDConnectProvider action to highly-privileged users. * * * * @param createOpenIDConnectProviderRequest * @return Result of the CreateOpenIDConnectProvider operation returned by the service. * @throws InvalidInputException * The request was rejected because an invalid or out-of-range value was supplied for an input parameter. * @throws EntityAlreadyExistsException * The request was rejected because it attempted to create a resource that already exists. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current AWS account limits. * The error message describes the limit exceeded. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.CreateOpenIDConnectProvider */ CreateOpenIDConnectProviderResult createOpenIDConnectProvider(CreateOpenIDConnectProviderRequest createOpenIDConnectProviderRequest); /** * * Creates a new managed policy for your AWS account. * * * This operation creates a policy version with a version identifier of v1 and sets v1 as the policy's * default version. For more information about policy versions, see Versioning for Managed * Policies in the IAM User Guide. * * * For more information about managed policies in general, see Managed Policies and * Inline Policies in the IAM User Guide. * * * @param createPolicyRequest * @return Result of the CreatePolicy operation returned by the service. * @throws InvalidInputException * The request was rejected because an invalid or out-of-range value was supplied for an input parameter. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current AWS account limits. * The error message describes the limit exceeded. * @throws EntityAlreadyExistsException * The request was rejected because it attempted to create a resource that already exists. * @throws MalformedPolicyDocumentException * The request was rejected because the policy document was malformed. The error message describes the * specific error. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.CreatePolicy */ CreatePolicyResult createPolicy(CreatePolicyRequest createPolicyRequest); /** * * Creates a new version of the specified managed policy. To update a managed policy, you create a new policy * version. A managed policy can have up to five versions. If the policy has five versions, you must delete an * existing version using DeletePolicyVersion before you create a new version. * * * Optionally, you can set the new version as the policy's default version. The default version is the version that * is in effect for the IAM users, groups, and roles to which the policy is attached. * * * For more information about managed policy versions, see Versioning for Managed * Policies in the IAM User Guide. * * * @param createPolicyVersionRequest * @return Result of the CreatePolicyVersion operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced an entity that does not exist. The error message describes * the entity. * @throws MalformedPolicyDocumentException * The request was rejected because the policy document was malformed. The error message describes the * specific error. * @throws InvalidInputException * The request was rejected because an invalid or out-of-range value was supplied for an input parameter. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current AWS account limits. * The error message describes the limit exceeded. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.CreatePolicyVersion */ CreatePolicyVersionResult createPolicyVersion(CreatePolicyVersionRequest createPolicyVersionRequest); /** * * Creates a new role for your AWS account. For more information about roles, go to Working with Roles. For * information about limitations on role names and the number of roles you can create, go to Limitations on IAM Entities * in the IAM User Guide. * * * @param createRoleRequest * @return Result of the CreateRole operation returned by the service. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current AWS account limits. * The error message describes the limit exceeded. * @throws EntityAlreadyExistsException * The request was rejected because it attempted to create a resource that already exists. * @throws MalformedPolicyDocumentException * The request was rejected because the policy document was malformed. The error message describes the * specific error. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.CreateRole */ CreateRoleResult createRole(CreateRoleRequest createRoleRequest); /** * * Creates an IAM resource that describes an identity provider (IdP) that supports SAML 2.0. * * * The SAML provider resource that you create with this operation can be used as a principal in an IAM role's trust * policy to enable federated users who sign-in using the SAML IdP to assume the role. You can create an IAM role * that supports Web-based single sign-on (SSO) to the AWS Management Console or one that supports API access to * AWS. * * * When you create the SAML provider resource, you upload an a SAML metadata document that you get from your IdP and * that includes the issuer's name, expiration information, and keys that can be used to validate the SAML * authentication response (assertions) that the IdP sends. You must generate the metadata document using the * identity management software that is used as your organization's IdP. * * * * This operation requires Signature * Version 4. * * * * For more information, see Enabling SAML * 2.0 Federated Users to Access the AWS Management Console and About SAML 2.0-based * Federation in the IAM User Guide. * * * @param createSAMLProviderRequest * @return Result of the CreateSAMLProvider operation returned by the service. * @throws InvalidInputException * The request was rejected because an invalid or out-of-range value was supplied for an input parameter. * @throws EntityAlreadyExistsException * The request was rejected because it attempted to create a resource that already exists. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current AWS account limits. * The error message describes the limit exceeded. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.CreateSAMLProvider */ CreateSAMLProviderResult createSAMLProvider(CreateSAMLProviderRequest createSAMLProviderRequest); /** * * Creates a new IAM user for your AWS account. * * * For information about limitations on the number of IAM users you can create, see Limitations on IAM Entities * in the IAM User Guide. * * * @param createUserRequest * @return Result of the CreateUser operation returned by the service. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current AWS account limits. * The error message describes the limit exceeded. * @throws EntityAlreadyExistsException * The request was rejected because it attempted to create a resource that already exists. * @throws NoSuchEntityException * The request was rejected because it referenced an entity that does not exist. The error message describes * the entity. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.CreateUser */ CreateUserResult createUser(CreateUserRequest createUserRequest); /** * * Creates a new virtual MFA device for the AWS account. After creating the virtual MFA, use EnableMFADevice * to attach the MFA device to an IAM user. For more information about creating and working with virtual MFA * devices, go to Using a Virtual * MFA Device in the IAM User Guide. * * * For information about limits on the number of MFA devices you can create, see Limitations on Entities in * the IAM User Guide. * * * * The seed information contained in the QR code and the Base32 string should be treated like any other secret * access information, such as your AWS access keys or your passwords. After you provision your virtual device, you * should ensure that the information is destroyed following secure procedures. * * * * @param createVirtualMFADeviceRequest * @return Result of the CreateVirtualMFADevice operation returned by the service. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current AWS account limits. * The error message describes the limit exceeded. * @throws EntityAlreadyExistsException * The request was rejected because it attempted to create a resource that already exists. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.CreateVirtualMFADevice */ CreateVirtualMFADeviceResult createVirtualMFADevice(CreateVirtualMFADeviceRequest createVirtualMFADeviceRequest); /** * * Deactivates the specified MFA device and removes it from association with the user name for which it was * originally enabled. * * * For more information about creating and working with virtual MFA devices, go to Using a Virtual MFA Device in * the IAM User Guide. * * * @param deactivateMFADeviceRequest * @return Result of the DeactivateMFADevice operation returned by the service. * @throws EntityTemporarilyUnmodifiableException * The request was rejected because it referenced an entity that is temporarily unmodifiable, such as a user * name that was deleted and then recreated. The error indicates that the request is likely to succeed if * you try again after waiting several minutes. The error message describes the entity. * @throws NoSuchEntityException * The request was rejected because it referenced an entity that does not exist. The error message describes * the entity. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current AWS account limits. * The error message describes the limit exceeded. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.DeactivateMFADevice */ DeactivateMFADeviceResult deactivateMFADevice(DeactivateMFADeviceRequest deactivateMFADeviceRequest); /** * * Deletes the access key pair associated with the specified IAM user. * * * If you do not specify a user name, IAM determines the user name implicitly based on the AWS access key ID signing * the request. Because this action works for access keys under the AWS account, you can use this action to manage * root credentials even if the AWS account has no associated users. * * * @param deleteAccessKeyRequest * @return Result of the DeleteAccessKey operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced an entity that does not exist. The error message describes * the entity. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current AWS account limits. * The error message describes the limit exceeded. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.DeleteAccessKey */ DeleteAccessKeyResult deleteAccessKey(DeleteAccessKeyRequest deleteAccessKeyRequest); /** * * Deletes the specified AWS account alias. For information about using an AWS account alias, see Using an Alias for Your AWS Account * ID in the IAM User Guide. * * * @param deleteAccountAliasRequest * @return Result of the DeleteAccountAlias operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced an entity that does not exist. The error message describes * the entity. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current AWS account limits. * The error message describes the limit exceeded. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.DeleteAccountAlias */ DeleteAccountAliasResult deleteAccountAlias(DeleteAccountAliasRequest deleteAccountAliasRequest); /** * * Deletes the password policy for the AWS account. There are no parameters. * * * @param deleteAccountPasswordPolicyRequest * @return Result of the DeleteAccountPasswordPolicy operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced an entity that does not exist. The error message describes * the entity. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current AWS account limits. * The error message describes the limit exceeded. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.DeleteAccountPasswordPolicy */ DeleteAccountPasswordPolicyResult deleteAccountPasswordPolicy(DeleteAccountPasswordPolicyRequest deleteAccountPasswordPolicyRequest); /** * Simplified method form for invoking the DeleteAccountPasswordPolicy operation. * * @see #deleteAccountPasswordPolicy(DeleteAccountPasswordPolicyRequest) */ DeleteAccountPasswordPolicyResult deleteAccountPasswordPolicy(); /** * * Deletes the specified IAM group. The group must not contain any users or have any attached policies. * * * @param deleteGroupRequest * @return Result of the DeleteGroup operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced an entity that does not exist. The error message describes * the entity. * @throws DeleteConflictException * The request was rejected because it attempted to delete a resource that has attached subordinate * entities. The error message describes these entities. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current AWS account limits. * The error message describes the limit exceeded. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.DeleteGroup */ DeleteGroupResult deleteGroup(DeleteGroupRequest deleteGroupRequest); /** * * Deletes the specified inline policy that is embedded in the specified IAM group. * * * A group can also have managed policies attached to it. To detach a managed policy from a group, use * DetachGroupPolicy. For more information about policies, refer to Managed Policies and * Inline Policies in the IAM User Guide. * * * @param deleteGroupPolicyRequest * @return Result of the DeleteGroupPolicy operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced an entity that does not exist. The error message describes * the entity. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current AWS account limits. * The error message describes the limit exceeded. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.DeleteGroupPolicy */ DeleteGroupPolicyResult deleteGroupPolicy(DeleteGroupPolicyRequest deleteGroupPolicyRequest); /** * * Deletes the specified instance profile. The instance profile must not have an associated role. * * * * Make sure you do not have any Amazon EC2 instances running with the instance profile you are about to delete. * Deleting a role or instance profile that is associated with a running instance will break any applications * running on the instance. * * * * For more information about instance profiles, go to About Instance Profiles. * * * @param deleteInstanceProfileRequest * @return Result of the DeleteInstanceProfile operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced an entity that does not exist. The error message describes * the entity. * @throws DeleteConflictException * The request was rejected because it attempted to delete a resource that has attached subordinate * entities. The error message describes these entities. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current AWS account limits. * The error message describes the limit exceeded. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.DeleteInstanceProfile */ DeleteInstanceProfileResult deleteInstanceProfile(DeleteInstanceProfileRequest deleteInstanceProfileRequest); /** * * Deletes the password for the specified IAM user, which terminates the user's ability to access AWS services * through the AWS Management Console. * * * * Deleting a user's password does not prevent a user from accessing AWS through the command line interface or the * API. To prevent all user access you must also either make any access keys inactive or delete them. For more * information about making keys inactive or deleting them, see UpdateAccessKey and DeleteAccessKey. * * * * @param deleteLoginProfileRequest * @return Result of the DeleteLoginProfile operation returned by the service. * @throws EntityTemporarilyUnmodifiableException * The request was rejected because it referenced an entity that is temporarily unmodifiable, such as a user * name that was deleted and then recreated. The error indicates that the request is likely to succeed if * you try again after waiting several minutes. The error message describes the entity. * @throws NoSuchEntityException * The request was rejected because it referenced an entity that does not exist. The error message describes * the entity. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current AWS account limits. * The error message describes the limit exceeded. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.DeleteLoginProfile */ DeleteLoginProfileResult deleteLoginProfile(DeleteLoginProfileRequest deleteLoginProfileRequest); /** * * Deletes an OpenID Connect identity provider (IdP) resource object in IAM. * * * Deleting an IAM OIDC provider resource does not update any roles that reference the provider as a principal in * their trust policies. Any attempt to assume a role that references a deleted provider fails. * * * This action is idempotent; it does not fail or return an error if you call the action for a provider that does * not exist. * * * @param deleteOpenIDConnectProviderRequest * @return Result of the DeleteOpenIDConnectProvider operation returned by the service. * @throws InvalidInputException * The request was rejected because an invalid or out-of-range value was supplied for an input parameter. * @throws NoSuchEntityException * The request was rejected because it referenced an entity that does not exist. The error message describes * the entity. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.DeleteOpenIDConnectProvider */ DeleteOpenIDConnectProviderResult deleteOpenIDConnectProvider(DeleteOpenIDConnectProviderRequest deleteOpenIDConnectProviderRequest); /** * * Deletes the specified managed policy. * * * Before you can delete a managed policy, you must first detach the policy from all users, groups, and roles that * it is attached to, and you must delete all of the policy's versions. The following steps describe the process for * deleting a managed policy: * * * * * Detach the policy from all users, groups, and roles that the policy is attached to, using the * DetachUserPolicy, DetachGroupPolicy, or DetachRolePolicy APIs. To list all the users, * groups, and roles that a policy is attached to, use ListEntitiesForPolicy. * * * * * Delete all versions of the policy using DeletePolicyVersion. To list the policy's versions, use * ListPolicyVersions. You cannot use DeletePolicyVersion to delete the version that is marked as the * default version. You delete the policy's default version in the next step of the process. * * * * * Delete the policy (this automatically deletes the policy's default version) using this API. * * * * * For information about managed policies, see Managed Policies and * Inline Policies in the IAM User Guide. * * * @param deletePolicyRequest * @return Result of the DeletePolicy operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced an entity that does not exist. The error message describes * the entity. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current AWS account limits. * The error message describes the limit exceeded. * @throws InvalidInputException * The request was rejected because an invalid or out-of-range value was supplied for an input parameter. * @throws DeleteConflictException * The request was rejected because it attempted to delete a resource that has attached subordinate * entities. The error message describes these entities. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.DeletePolicy */ DeletePolicyResult deletePolicy(DeletePolicyRequest deletePolicyRequest); /** * * Deletes the specified version from the specified managed policy. * * * You cannot delete the default version from a policy using this API. To delete the default version from a policy, * use DeletePolicy. To find out which version of a policy is marked as the default version, use * ListPolicyVersions. * * * For information about versions for managed policies, see Versioning for Managed * Policies in the IAM User Guide. * * * @param deletePolicyVersionRequest * @return Result of the DeletePolicyVersion operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced an entity that does not exist. The error message describes * the entity. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current AWS account limits. * The error message describes the limit exceeded. * @throws InvalidInputException * The request was rejected because an invalid or out-of-range value was supplied for an input parameter. * @throws DeleteConflictException * The request was rejected because it attempted to delete a resource that has attached subordinate * entities. The error message describes these entities. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.DeletePolicyVersion */ DeletePolicyVersionResult deletePolicyVersion(DeletePolicyVersionRequest deletePolicyVersionRequest); /** * * Deletes the specified role. The role must not have any policies attached. For more information about roles, go to * Working with Roles. * * * * Make sure you do not have any Amazon EC2 instances running with the role you are about to delete. Deleting a role * or instance profile that is associated with a running instance will break any applications running on the * instance. * * * * @param deleteRoleRequest * @return Result of the DeleteRole operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced an entity that does not exist. The error message describes * the entity. * @throws DeleteConflictException * The request was rejected because it attempted to delete a resource that has attached subordinate * entities. The error message describes these entities. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current AWS account limits. * The error message describes the limit exceeded. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.DeleteRole */ DeleteRoleResult deleteRole(DeleteRoleRequest deleteRoleRequest); /** * * Deletes the specified inline policy that is embedded in the specified IAM role. * * * A role can also have managed policies attached to it. To detach a managed policy from a role, use * DetachRolePolicy. For more information about policies, refer to Managed Policies and * Inline Policies in the IAM User Guide. * * * @param deleteRolePolicyRequest * @return Result of the DeleteRolePolicy operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced an entity that does not exist. The error message describes * the entity. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current AWS account limits. * The error message describes the limit exceeded. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.DeleteRolePolicy */ DeleteRolePolicyResult deleteRolePolicy(DeleteRolePolicyRequest deleteRolePolicyRequest); /** * * Deletes a SAML provider resource in IAM. * * * Deleting the provider resource from IAM does not update any roles that reference the SAML provider resource's ARN * as a principal in their trust policies. Any attempt to assume a role that references a non-existent provider * resource ARN fails. * * * * This operation requires Signature * Version 4. * * * * @param deleteSAMLProviderRequest * @return Result of the DeleteSAMLProvider operation returned by the service. * @throws InvalidInputException * The request was rejected because an invalid or out-of-range value was supplied for an input parameter. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current AWS account limits. * The error message describes the limit exceeded. * @throws NoSuchEntityException * The request was rejected because it referenced an entity that does not exist. The error message describes * the entity. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.DeleteSAMLProvider */ DeleteSAMLProviderResult deleteSAMLProvider(DeleteSAMLProviderRequest deleteSAMLProviderRequest); /** * * Deletes the specified SSH public key. * * * The SSH public key deleted by this action is used only for authenticating the associated IAM user to an AWS * CodeCommit repository. For more information about using SSH keys to authenticate to an AWS CodeCommit repository, * see Set up AWS * CodeCommit for SSH Connections in the AWS CodeCommit User Guide. * * * @param deleteSSHPublicKeyRequest * @return Result of the DeleteSSHPublicKey operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced an entity that does not exist. The error message describes * the entity. * @sample AmazonIdentityManagement.DeleteSSHPublicKey */ DeleteSSHPublicKeyResult deleteSSHPublicKey(DeleteSSHPublicKeyRequest deleteSSHPublicKeyRequest); /** * * Deletes the specified server certificate. * * * For more information about working with server certificates, including a list of AWS services that can use the * server certificates that you manage with IAM, go to Working with Server * Certificates in the IAM User Guide. * * * * If you are using a server certificate with Elastic Load Balancing, deleting the certificate could have * implications for your application. If Elastic Load Balancing doesn't detect the deletion of bound certificates, * it may continue to use the certificates. This could cause Elastic Load Balancing to stop accepting traffic. We * recommend that you remove the reference to the certificate from Elastic Load Balancing before using this command * to delete the certificate. For more information, go to DeleteLoadBalancerListeners in the Elastic Load Balancing API Reference. * * * * @param deleteServerCertificateRequest * @return Result of the DeleteServerCertificate operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced an entity that does not exist. The error message describes * the entity. * @throws DeleteConflictException * The request was rejected because it attempted to delete a resource that has attached subordinate * entities. The error message describes these entities. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current AWS account limits. * The error message describes the limit exceeded. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.DeleteServerCertificate */ DeleteServerCertificateResult deleteServerCertificate(DeleteServerCertificateRequest deleteServerCertificateRequest); /** * * Deletes a signing certificate associated with the specified IAM user. * * * If you do not specify a user name, IAM determines the user name implicitly based on the AWS access key ID signing * the request. Because this action works for access keys under the AWS account, you can use this action to manage * root credentials even if the AWS account has no associated IAM users. * * * @param deleteSigningCertificateRequest * @return Result of the DeleteSigningCertificate operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced an entity that does not exist. The error message describes * the entity. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current AWS account limits. * The error message describes the limit exceeded. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.DeleteSigningCertificate */ DeleteSigningCertificateResult deleteSigningCertificate(DeleteSigningCertificateRequest deleteSigningCertificateRequest); /** * * Deletes the specified IAM user. The user must not belong to any groups or have any access keys, signing * certificates, or attached policies. * * * @param deleteUserRequest * @return Result of the DeleteUser operation returned by the service. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current AWS account limits. * The error message describes the limit exceeded. * @throws NoSuchEntityException * The request was rejected because it referenced an entity that does not exist. The error message describes * the entity. * @throws DeleteConflictException * The request was rejected because it attempted to delete a resource that has attached subordinate * entities. The error message describes these entities. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.DeleteUser */ DeleteUserResult deleteUser(DeleteUserRequest deleteUserRequest); /** * * Deletes the specified inline policy that is embedded in the specified IAM user. * * * A user can also have managed policies attached to it. To detach a managed policy from a user, use * DetachUserPolicy. For more information about policies, refer to Managed Policies and * Inline Policies in the IAM User Guide. * * * @param deleteUserPolicyRequest * @return Result of the DeleteUserPolicy operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced an entity that does not exist. The error message describes * the entity. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current AWS account limits. * The error message describes the limit exceeded. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.DeleteUserPolicy */ DeleteUserPolicyResult deleteUserPolicy(DeleteUserPolicyRequest deleteUserPolicyRequest); /** * * Deletes a virtual MFA device. * * * * You must deactivate a user's virtual MFA device before you can delete it. For information about deactivating MFA * devices, see DeactivateMFADevice. * * * * @param deleteVirtualMFADeviceRequest * @return Result of the DeleteVirtualMFADevice operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced an entity that does not exist. The error message describes * the entity. * @throws DeleteConflictException * The request was rejected because it attempted to delete a resource that has attached subordinate * entities. The error message describes these entities. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current AWS account limits. * The error message describes the limit exceeded. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.DeleteVirtualMFADevice */ DeleteVirtualMFADeviceResult deleteVirtualMFADevice(DeleteVirtualMFADeviceRequest deleteVirtualMFADeviceRequest); /** * * Removes the specified managed policy from the specified IAM group. * * * A group can also have inline policies embedded with it. To delete an inline policy, use the * DeleteGroupPolicy API. For information about policies, see Managed Policies and * Inline Policies in the IAM User Guide. * * * @param detachGroupPolicyRequest * @return Result of the DetachGroupPolicy operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced an entity that does not exist. The error message describes * the entity. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current AWS account limits. * The error message describes the limit exceeded. * @throws InvalidInputException * The request was rejected because an invalid or out-of-range value was supplied for an input parameter. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.DetachGroupPolicy */ DetachGroupPolicyResult detachGroupPolicy(DetachGroupPolicyRequest detachGroupPolicyRequest); /** * * Removes the specified managed policy from the specified role. * * * A role can also have inline policies embedded with it. To delete an inline policy, use the * DeleteRolePolicy API. For information about policies, see Managed Policies and * Inline Policies in the IAM User Guide. * * * @param detachRolePolicyRequest * @return Result of the DetachRolePolicy operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced an entity that does not exist. The error message describes * the entity. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current AWS account limits. * The error message describes the limit exceeded. * @throws InvalidInputException * The request was rejected because an invalid or out-of-range value was supplied for an input parameter. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.DetachRolePolicy */ DetachRolePolicyResult detachRolePolicy(DetachRolePolicyRequest detachRolePolicyRequest); /** * * Removes the specified managed policy from the specified user. * * * A user can also have inline policies embedded with it. To delete an inline policy, use the * DeleteUserPolicy API. For information about policies, see Managed Policies and * Inline Policies in the IAM User Guide. * * * @param detachUserPolicyRequest * @return Result of the DetachUserPolicy operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced an entity that does not exist. The error message describes * the entity. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current AWS account limits. * The error message describes the limit exceeded. * @throws InvalidInputException * The request was rejected because an invalid or out-of-range value was supplied for an input parameter. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.DetachUserPolicy */ DetachUserPolicyResult detachUserPolicy(DetachUserPolicyRequest detachUserPolicyRequest); /** * * Enables the specified MFA device and associates it with the specified IAM user. When enabled, the MFA device is * required for every subsequent login by the IAM user associated with the device. * * * @param enableMFADeviceRequest * @return Result of the EnableMFADevice operation returned by the service. * @throws EntityAlreadyExistsException * The request was rejected because it attempted to create a resource that already exists. * @throws EntityTemporarilyUnmodifiableException * The request was rejected because it referenced an entity that is temporarily unmodifiable, such as a user * name that was deleted and then recreated. The error indicates that the request is likely to succeed if * you try again after waiting several minutes. The error message describes the entity. * @throws InvalidAuthenticationCodeException * The request was rejected because the authentication code was not recognized. The error message describes * the specific error. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current AWS account limits. * The error message describes the limit exceeded. * @throws NoSuchEntityException * The request was rejected because it referenced an entity that does not exist. The error message describes * the entity. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.EnableMFADevice */ EnableMFADeviceResult enableMFADevice(EnableMFADeviceRequest enableMFADeviceRequest); /** * * Generates a credential report for the AWS account. For more information about the credential report, see Getting Credential Reports in * the IAM User Guide. * * * @param generateCredentialReportRequest * @return Result of the GenerateCredentialReport operation returned by the service. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current AWS account limits. * The error message describes the limit exceeded. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.GenerateCredentialReport */ GenerateCredentialReportResult generateCredentialReport(GenerateCredentialReportRequest generateCredentialReportRequest); /** * Simplified method form for invoking the GenerateCredentialReport operation. * * @see #generateCredentialReport(GenerateCredentialReportRequest) */ GenerateCredentialReportResult generateCredentialReport(); /** * * Retrieves information about when the specified access key was last used. The information includes the date and * time of last use, along with the AWS service and region that were specified in the last request made with that * key. * * * @param getAccessKeyLastUsedRequest * @return Result of the GetAccessKeyLastUsed operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced an entity that does not exist. The error message describes * the entity. * @sample AmazonIdentityManagement.GetAccessKeyLastUsed */ GetAccessKeyLastUsedResult getAccessKeyLastUsed(GetAccessKeyLastUsedRequest getAccessKeyLastUsedRequest); /** * * Retrieves information about all IAM users, groups, roles, and policies in your AWS account, including their * relationships to one another. Use this API to obtain a snapshot of the configuration of IAM permissions (users, * groups, roles, and policies) in your account. * * * You can optionally filter the results using the Filter parameter. You can paginate the results using * the MaxItems and Marker parameters. * * * @param getAccountAuthorizationDetailsRequest * @return Result of the GetAccountAuthorizationDetails operation returned by the service. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.GetAccountAuthorizationDetails */ GetAccountAuthorizationDetailsResult getAccountAuthorizationDetails(GetAccountAuthorizationDetailsRequest getAccountAuthorizationDetailsRequest); /** * Simplified method form for invoking the GetAccountAuthorizationDetails operation. * * @see #getAccountAuthorizationDetails(GetAccountAuthorizationDetailsRequest) */ GetAccountAuthorizationDetailsResult getAccountAuthorizationDetails(); /** * * Retrieves the password policy for the AWS account. For more information about using a password policy, go to Managing an IAM * Password Policy. * * * @param getAccountPasswordPolicyRequest * @return Result of the GetAccountPasswordPolicy operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced an entity that does not exist. The error message describes * the entity. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.GetAccountPasswordPolicy */ GetAccountPasswordPolicyResult getAccountPasswordPolicy(GetAccountPasswordPolicyRequest getAccountPasswordPolicyRequest); /** * Simplified method form for invoking the GetAccountPasswordPolicy operation. * * @see #getAccountPasswordPolicy(GetAccountPasswordPolicyRequest) */ GetAccountPasswordPolicyResult getAccountPasswordPolicy(); /** * * Retrieves information about IAM entity usage and IAM quotas in the AWS account. * * * For information about limitations on IAM entities, see Limitations on IAM Entities * in the IAM User Guide. * * * @param getAccountSummaryRequest * @return Result of the GetAccountSummary operation returned by the service. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.GetAccountSummary */ GetAccountSummaryResult getAccountSummary(GetAccountSummaryRequest getAccountSummaryRequest); /** * Simplified method form for invoking the GetAccountSummary operation. * * @see #getAccountSummary(GetAccountSummaryRequest) */ GetAccountSummaryResult getAccountSummary(); /** * * Gets a list of all of the context keys referenced in the input policies. The policies are supplied as a list of * one or more strings. To get the context keys from policies associated with an IAM user, group, or role, use * GetContextKeysForPrincipalPolicy. * * * Context keys are variables maintained by AWS and its services that provide details about the context of an API * query request, and can be evaluated by testing against a value specified in an IAM policy. Use * GetContextKeysForCustomPolicy to understand what key names and values you must supply when you call * SimulateCustomPolicy. Note that all parameters are shown in unencoded form here for clarity, but must be * URL encoded to be included as a part of a real HTML request. * * * @param getContextKeysForCustomPolicyRequest * @return Result of the GetContextKeysForCustomPolicy operation returned by the service. * @throws InvalidInputException * The request was rejected because an invalid or out-of-range value was supplied for an input parameter. * @sample AmazonIdentityManagement.GetContextKeysForCustomPolicy */ GetContextKeysForCustomPolicyResult getContextKeysForCustomPolicy(GetContextKeysForCustomPolicyRequest getContextKeysForCustomPolicyRequest); /** * * Gets a list of all of the context keys referenced in all of the IAM policies attached to the specified IAM * entity. The entity can be an IAM user, group, or role. If you specify a user, then the request also includes all * of the policies attached to groups that the user is a member of. * * * You can optionally include a list of one or more additional policies, specified as strings. If you want to * include only a list of policies by string, use GetContextKeysForCustomPolicy instead. * * * Note: This API discloses information about the permissions granted to other users. If you do not want * users to see other user's permissions, then consider allowing them to use GetContextKeysForCustomPolicy * instead. * * * Context keys are variables maintained by AWS and its services that provide details about the context of an API * query request, and can be evaluated by testing against a value in an IAM policy. Use * GetContextKeysForPrincipalPolicy to understand what key names and values you must supply when you call * SimulatePrincipalPolicy. * * * @param getContextKeysForPrincipalPolicyRequest * @return Result of the GetContextKeysForPrincipalPolicy operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced an entity that does not exist. The error message describes * the entity. * @throws InvalidInputException * The request was rejected because an invalid or out-of-range value was supplied for an input parameter. * @sample AmazonIdentityManagement.GetContextKeysForPrincipalPolicy */ GetContextKeysForPrincipalPolicyResult getContextKeysForPrincipalPolicy(GetContextKeysForPrincipalPolicyRequest getContextKeysForPrincipalPolicyRequest); /** * * Retrieves a credential report for the AWS account. For more information about the credential report, see Getting Credential Reports in * the IAM User Guide. * * * @param getCredentialReportRequest * @return Result of the GetCredentialReport operation returned by the service. * @throws CredentialReportNotPresentException * The request was rejected because the credential report does not exist. To generate a credential report, * use GenerateCredentialReport. * @throws CredentialReportExpiredException * The request was rejected because the most recent credential report has expired. To generate a new * credential report, use GenerateCredentialReport. For more information about credential report * expiration, see Getting * Credential Reports in the IAM User Guide. * @throws CredentialReportNotReadyException * The request was rejected because the credential report is still being generated. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.GetCredentialReport */ GetCredentialReportResult getCredentialReport(GetCredentialReportRequest getCredentialReportRequest); /** * Simplified method form for invoking the GetCredentialReport operation. * * @see #getCredentialReport(GetCredentialReportRequest) */ GetCredentialReportResult getCredentialReport(); /** * * Returns a list of IAM users that are in the specified IAM group. You can paginate the results using the * MaxItems and Marker parameters. * * * @param getGroupRequest * @return Result of the GetGroup operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced an entity that does not exist. The error message describes * the entity. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.GetGroup */ GetGroupResult getGroup(GetGroupRequest getGroupRequest); /** * * Retrieves the specified inline policy document that is embedded in the specified IAM group. * * * * Policies returned by this API are URL-encoded compliant with RFC * 3986. You can use a URL decoding method to convert the policy back to plain JSON text. For example, if you * use Java, you can use the decode method of the java.net.URLDecoder utility class in the * Java SDK. Other languages and SDKs provide similar functionality. * * * * An IAM group can also have managed policies attached to it. To retrieve a managed policy document that is * attached to a group, use GetPolicy to determine the policy's default version, then use * GetPolicyVersion to retrieve the policy document. * * * For more information about policies, see Managed Policies and * Inline Policies in the IAM User Guide. * * * @param getGroupPolicyRequest * @return Result of the GetGroupPolicy operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced an entity that does not exist. The error message describes * the entity. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.GetGroupPolicy */ GetGroupPolicyResult getGroupPolicy(GetGroupPolicyRequest getGroupPolicyRequest); /** * * Retrieves information about the specified instance profile, including the instance profile's path, GUID, ARN, and * role. For more information about instance profiles, see About Instance Profiles in * the IAM User Guide. * * * @param getInstanceProfileRequest * @return Result of the GetInstanceProfile operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced an entity that does not exist. The error message describes * the entity. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.GetInstanceProfile */ GetInstanceProfileResult getInstanceProfile(GetInstanceProfileRequest getInstanceProfileRequest); /** * * Retrieves the user name and password-creation date for the specified IAM user. If the user has not been assigned * a password, the action returns a 404 (NoSuchEntity) error. * * * @param getLoginProfileRequest * @return Result of the GetLoginProfile operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced an entity that does not exist. The error message describes * the entity. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.GetLoginProfile */ GetLoginProfileResult getLoginProfile(GetLoginProfileRequest getLoginProfileRequest); /** * * Returns information about the specified OpenID Connect (OIDC) provider resource object in IAM. * * * @param getOpenIDConnectProviderRequest * @return Result of the GetOpenIDConnectProvider operation returned by the service. * @throws InvalidInputException * The request was rejected because an invalid or out-of-range value was supplied for an input parameter. * @throws NoSuchEntityException * The request was rejected because it referenced an entity that does not exist. The error message describes * the entity. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.GetOpenIDConnectProvider */ GetOpenIDConnectProviderResult getOpenIDConnectProvider(GetOpenIDConnectProviderRequest getOpenIDConnectProviderRequest); /** * * Retrieves information about the specified managed policy, including the policy's default version and the total * number of IAM users, groups, and roles to which the policy is attached. To retrieve the list of the specific * users, groups, and roles that the policy is attached to, use the ListEntitiesForPolicy API. This API * returns metadata about the policy. To retrieve the actual policy document for a specific version of the policy, * use GetPolicyVersion. * * * This API retrieves information about managed policies. To retrieve information about an inline policy that is * embedded with an IAM user, group, or role, use the GetUserPolicy, GetGroupPolicy, or * GetRolePolicy API. * * * For more information about policies, see Managed Policies and * Inline Policies in the IAM User Guide. * * * @param getPolicyRequest * @return Result of the GetPolicy operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced an entity that does not exist. The error message describes * the entity. * @throws InvalidInputException * The request was rejected because an invalid or out-of-range value was supplied for an input parameter. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.GetPolicy */ GetPolicyResult getPolicy(GetPolicyRequest getPolicyRequest); /** * * Retrieves information about the specified version of the specified managed policy, including the policy document. * * * * Policies returned by this API are URL-encoded compliant with RFC * 3986. You can use a URL decoding method to convert the policy back to plain JSON text. For example, if you * use Java, you can use the decode method of the java.net.URLDecoder utility class in the * Java SDK. Other languages and SDKs provide similar functionality. * * * * To list the available versions for a policy, use ListPolicyVersions. * * * This API retrieves information about managed policies. To retrieve information about an inline policy that is * embedded in a user, group, or role, use the GetUserPolicy, GetGroupPolicy, or GetRolePolicy * API. * * * For more information about the types of policies, see Managed Policies and * Inline Policies in the IAM User Guide. * * * For more information about managed policy versions, see Versioning for Managed * Policies in the IAM User Guide. * * * @param getPolicyVersionRequest * @return Result of the GetPolicyVersion operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced an entity that does not exist. The error message describes * the entity. * @throws InvalidInputException * The request was rejected because an invalid or out-of-range value was supplied for an input parameter. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.GetPolicyVersion */ GetPolicyVersionResult getPolicyVersion(GetPolicyVersionRequest getPolicyVersionRequest); /** * * Retrieves information about the specified role, including the role's path, GUID, ARN, and the role's trust policy * that grants permission to assume the role. For more information about roles, see Working with Roles. * * * * Policies returned by this API are URL-encoded compliant with RFC * 3986. You can use a URL decoding method to convert the policy back to plain JSON text. For example, if you * use Java, you can use the decode method of the java.net.URLDecoder utility class in the * Java SDK. Other languages and SDKs provide similar functionality. * * * * @param getRoleRequest * @return Result of the GetRole operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced an entity that does not exist. The error message describes * the entity. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.GetRole */ GetRoleResult getRole(GetRoleRequest getRoleRequest); /** * * Retrieves the specified inline policy document that is embedded with the specified IAM role. * * * * Policies returned by this API are URL-encoded compliant with RFC * 3986. You can use a URL decoding method to convert the policy back to plain JSON text. For example, if you * use Java, you can use the decode method of the java.net.URLDecoder utility class in the * Java SDK. Other languages and SDKs provide similar functionality. * * * * An IAM role can also have managed policies attached to it. To retrieve a managed policy document that is attached * to a role, use GetPolicy to determine the policy's default version, then use GetPolicyVersion to * retrieve the policy document. * * * For more information about policies, see Managed Policies and * Inline Policies in the IAM User Guide. * * * For more information about roles, see Using Roles to Delegate Permissions * and Federate Identities. * * * @param getRolePolicyRequest * @return Result of the GetRolePolicy operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced an entity that does not exist. The error message describes * the entity. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.GetRolePolicy */ GetRolePolicyResult getRolePolicy(GetRolePolicyRequest getRolePolicyRequest); /** * * Returns the SAML provider metadocument that was uploaded when the IAM SAML provider resource object was created * or updated. * * * * This operation requires Signature * Version 4. * * * * @param getSAMLProviderRequest * @return Result of the GetSAMLProvider operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced an entity that does not exist. The error message describes * the entity. * @throws InvalidInputException * The request was rejected because an invalid or out-of-range value was supplied for an input parameter. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.GetSAMLProvider */ GetSAMLProviderResult getSAMLProvider(GetSAMLProviderRequest getSAMLProviderRequest); /** * * Retrieves the specified SSH public key, including metadata about the key. * * * The SSH public key retrieved by this action is used only for authenticating the associated IAM user to an AWS * CodeCommit repository. For more information about using SSH keys to authenticate to an AWS CodeCommit repository, * see Set up AWS * CodeCommit for SSH Connections in the AWS CodeCommit User Guide. * * * @param getSSHPublicKeyRequest * @return Result of the GetSSHPublicKey operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced an entity that does not exist. The error message describes * the entity. * @throws UnrecognizedPublicKeyEncodingException * The request was rejected because the public key encoding format is unsupported or unrecognized. * @sample AmazonIdentityManagement.GetSSHPublicKey */ GetSSHPublicKeyResult getSSHPublicKey(GetSSHPublicKeyRequest getSSHPublicKeyRequest); /** * * Retrieves information about the specified server certificate stored in IAM. * * * For more information about working with server certificates, including a list of AWS services that can use the * server certificates that you manage with IAM, go to Working with Server * Certificates in the IAM User Guide. * * * @param getServerCertificateRequest * @return Result of the GetServerCertificate operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced an entity that does not exist. The error message describes * the entity. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.GetServerCertificate */ GetServerCertificateResult getServerCertificate(GetServerCertificateRequest getServerCertificateRequest); /** * * Retrieves information about the specified IAM user, including the user's creation date, path, unique ID, and ARN. * * * If you do not specify a user name, IAM determines the user name implicitly based on the AWS access key ID used to * sign the request to this API. * * * @param getUserRequest * @return Result of the GetUser operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced an entity that does not exist. The error message describes * the entity. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.GetUser */ GetUserResult getUser(GetUserRequest getUserRequest); /** * Simplified method form for invoking the GetUser operation. * * @see #getUser(GetUserRequest) */ GetUserResult getUser(); /** * * Retrieves the specified inline policy document that is embedded in the specified IAM user. * * * * Policies returned by this API are URL-encoded compliant with RFC * 3986. You can use a URL decoding method to convert the policy back to plain JSON text. For example, if you * use Java, you can use the decode method of the java.net.URLDecoder utility class in the * Java SDK. Other languages and SDKs provide similar functionality. * * * * An IAM user can also have managed policies attached to it. To retrieve a managed policy document that is attached * to a user, use GetPolicy to determine the policy's default version, then use GetPolicyVersion to * retrieve the policy document. * * * For more information about policies, see Managed Policies and * Inline Policies in the IAM User Guide. * * * @param getUserPolicyRequest * @return Result of the GetUserPolicy operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced an entity that does not exist. The error message describes * the entity. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.GetUserPolicy */ GetUserPolicyResult getUserPolicy(GetUserPolicyRequest getUserPolicyRequest); /** * * Returns information about the access key IDs associated with the specified IAM user. If there are none, the * action returns an empty list. * * * Although each user is limited to a small number of keys, you can still paginate the results using the * MaxItems and Marker parameters. * * * If the UserName field is not specified, the UserName is determined implicitly based on the AWS * access key ID used to sign the request. Because this action works for access keys under the AWS account, you can * use this action to manage root credentials even if the AWS account has no associated users. * * * * To ensure the security of your AWS account, the secret access key is accessible only during key and user * creation. * * * * @param listAccessKeysRequest * @return Result of the ListAccessKeys operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced an entity that does not exist. The error message describes * the entity. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.ListAccessKeys */ ListAccessKeysResult listAccessKeys(ListAccessKeysRequest listAccessKeysRequest); /** * Simplified method form for invoking the ListAccessKeys operation. * * @see #listAccessKeys(ListAccessKeysRequest) */ ListAccessKeysResult listAccessKeys(); /** * * Lists the account alias associated with the AWS account (Note: you can have only one). For information about * using an AWS account alias, see Using * an Alias for Your AWS Account ID in the IAM User Guide. * * * @param listAccountAliasesRequest * @return Result of the ListAccountAliases operation returned by the service. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.ListAccountAliases */ ListAccountAliasesResult listAccountAliases(ListAccountAliasesRequest listAccountAliasesRequest); /** * Simplified method form for invoking the ListAccountAliases operation. * * @see #listAccountAliases(ListAccountAliasesRequest) */ ListAccountAliasesResult listAccountAliases(); /** * * Lists all managed policies that are attached to the specified IAM group. * * * An IAM group can also have inline policies embedded with it. To list the inline policies for a group, use the * ListGroupPolicies API. For information about policies, see Managed Policies and * Inline Policies in the IAM User Guide. * * * You can paginate the results using the MaxItems and Marker parameters. You can use the * PathPrefix parameter to limit the list of policies to only those matching the specified path prefix. * If there are no policies attached to the specified group (or none that match the specified path prefix), the * action returns an empty list. * * * @param listAttachedGroupPoliciesRequest * @return Result of the ListAttachedGroupPolicies operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced an entity that does not exist. The error message describes * the entity. * @throws InvalidInputException * The request was rejected because an invalid or out-of-range value was supplied for an input parameter. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.ListAttachedGroupPolicies */ ListAttachedGroupPoliciesResult listAttachedGroupPolicies(ListAttachedGroupPoliciesRequest listAttachedGroupPoliciesRequest); /** * * Lists all managed policies that are attached to the specified IAM role. * * * An IAM role can also have inline policies embedded with it. To list the inline policies for a role, use the * ListRolePolicies API. For information about policies, see Managed Policies and * Inline Policies in the IAM User Guide. * * * You can paginate the results using the MaxItems and Marker parameters. You can use the * PathPrefix parameter to limit the list of policies to only those matching the specified path prefix. * If there are no policies attached to the specified role (or none that match the specified path prefix), the * action returns an empty list. * * * @param listAttachedRolePoliciesRequest * @return Result of the ListAttachedRolePolicies operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced an entity that does not exist. The error message describes * the entity. * @throws InvalidInputException * The request was rejected because an invalid or out-of-range value was supplied for an input parameter. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.ListAttachedRolePolicies */ ListAttachedRolePoliciesResult listAttachedRolePolicies(ListAttachedRolePoliciesRequest listAttachedRolePoliciesRequest); /** * * Lists all managed policies that are attached to the specified IAM user. * * * An IAM user can also have inline policies embedded with it. To list the inline policies for a user, use the * ListUserPolicies API. For information about policies, see Managed Policies and * Inline Policies in the IAM User Guide. * * * You can paginate the results using the MaxItems and Marker parameters. You can use the * PathPrefix parameter to limit the list of policies to only those matching the specified path prefix. * If there are no policies attached to the specified group (or none that match the specified path prefix), the * action returns an empty list. * * * @param listAttachedUserPoliciesRequest * @return Result of the ListAttachedUserPolicies operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced an entity that does not exist. The error message describes * the entity. * @throws InvalidInputException * The request was rejected because an invalid or out-of-range value was supplied for an input parameter. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.ListAttachedUserPolicies */ ListAttachedUserPoliciesResult listAttachedUserPolicies(ListAttachedUserPoliciesRequest listAttachedUserPoliciesRequest); /** * * Lists all IAM users, groups, and roles that the specified managed policy is attached to. * * * You can use the optional EntityFilter parameter to limit the results to a particular type of entity * (users, groups, or roles). For example, to list only the roles that are attached to the specified policy, set * EntityFilter to Role. * * * You can paginate the results using the MaxItems and Marker parameters. * * * @param listEntitiesForPolicyRequest * @return Result of the ListEntitiesForPolicy operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced an entity that does not exist. The error message describes * the entity. * @throws InvalidInputException * The request was rejected because an invalid or out-of-range value was supplied for an input parameter. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.ListEntitiesForPolicy */ ListEntitiesForPolicyResult listEntitiesForPolicy(ListEntitiesForPolicyRequest listEntitiesForPolicyRequest); /** * * Lists the names of the inline policies that are embedded in the specified IAM group. * * * An IAM group can also have managed policies attached to it. To list the managed policies that are attached to a * group, use ListAttachedGroupPolicies. For more information about policies, see Managed Policies and * Inline Policies in the IAM User Guide. * * * You can paginate the results using the MaxItems and Marker parameters. If there are no * inline policies embedded with the specified group, the action returns an empty list. * * * @param listGroupPoliciesRequest * @return Result of the ListGroupPolicies operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced an entity that does not exist. The error message describes * the entity. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.ListGroupPolicies */ ListGroupPoliciesResult listGroupPolicies(ListGroupPoliciesRequest listGroupPoliciesRequest); /** * * Lists the IAM groups that have the specified path prefix. * * * You can paginate the results using the MaxItems and Marker parameters. * * * @param listGroupsRequest * @return Result of the ListGroups operation returned by the service. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.ListGroups */ ListGroupsResult listGroups(ListGroupsRequest listGroupsRequest); /** * Simplified method form for invoking the ListGroups operation. * * @see #listGroups(ListGroupsRequest) */ ListGroupsResult listGroups(); /** * * Lists the IAM groups that the specified IAM user belongs to. * * * You can paginate the results using the MaxItems and Marker parameters. * * * @param listGroupsForUserRequest * @return Result of the ListGroupsForUser operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced an entity that does not exist. The error message describes * the entity. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.ListGroupsForUser */ ListGroupsForUserResult listGroupsForUser(ListGroupsForUserRequest listGroupsForUserRequest); /** * * Lists the instance profiles that have the specified path prefix. If there are none, the action returns an empty * list. For more information about instance profiles, go to About Instance Profiles. * * * You can paginate the results using the MaxItems and Marker parameters. * * * @param listInstanceProfilesRequest * @return Result of the ListInstanceProfiles operation returned by the service. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.ListInstanceProfiles */ ListInstanceProfilesResult listInstanceProfiles(ListInstanceProfilesRequest listInstanceProfilesRequest); /** * Simplified method form for invoking the ListInstanceProfiles operation. * * @see #listInstanceProfiles(ListInstanceProfilesRequest) */ ListInstanceProfilesResult listInstanceProfiles(); /** * * Lists the instance profiles that have the specified associated IAM role. If there are none, the action returns an * empty list. For more information about instance profiles, go to About Instance Profiles. * * * You can paginate the results using the MaxItems and Marker parameters. * * * @param listInstanceProfilesForRoleRequest * @return Result of the ListInstanceProfilesForRole operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced an entity that does not exist. The error message describes * the entity. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.ListInstanceProfilesForRole */ ListInstanceProfilesForRoleResult listInstanceProfilesForRole(ListInstanceProfilesForRoleRequest listInstanceProfilesForRoleRequest); /** * * Lists the MFA devices for an IAM user. If the request includes a IAM user name, then this action lists all the * MFA devices associated with the specified user. If you do not specify a user name, IAM determines the user name * implicitly based on the AWS access key ID signing the request for this API. * * * You can paginate the results using the MaxItems and Marker parameters. * * * @param listMFADevicesRequest * @return Result of the ListMFADevices operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced an entity that does not exist. The error message describes * the entity. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.ListMFADevices */ ListMFADevicesResult listMFADevices(ListMFADevicesRequest listMFADevicesRequest); /** * Simplified method form for invoking the ListMFADevices operation. * * @see #listMFADevices(ListMFADevicesRequest) */ ListMFADevicesResult listMFADevices(); /** * * Lists information about the IAM OpenID Connect (OIDC) provider resource objects defined in the AWS account. * * * @param listOpenIDConnectProvidersRequest * @return Result of the ListOpenIDConnectProviders operation returned by the service. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.ListOpenIDConnectProviders */ ListOpenIDConnectProvidersResult listOpenIDConnectProviders(ListOpenIDConnectProvidersRequest listOpenIDConnectProvidersRequest); /** * Simplified method form for invoking the ListOpenIDConnectProviders operation. * * @see #listOpenIDConnectProviders(ListOpenIDConnectProvidersRequest) */ ListOpenIDConnectProvidersResult listOpenIDConnectProviders(); /** * * Lists all the managed policies that are available in your AWS account, including your own customer-defined * managed policies and all AWS managed policies. * * * You can filter the list of policies that is returned using the optional OnlyAttached, * Scope, and PathPrefix parameters. For example, to list only the customer managed * policies in your AWS account, set Scope to Local. To list only AWS managed policies, * set Scope to AWS. * * * You can paginate the results using the MaxItems and Marker parameters. * * * For more information about managed policies, see Managed Policies and * Inline Policies in the IAM User Guide. * * * @param listPoliciesRequest * @return Result of the ListPolicies operation returned by the service. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.ListPolicies */ ListPoliciesResult listPolicies(ListPoliciesRequest listPoliciesRequest); /** * Simplified method form for invoking the ListPolicies operation. * * @see #listPolicies(ListPoliciesRequest) */ ListPoliciesResult listPolicies(); /** * * Lists information about the versions of the specified managed policy, including the version that is currently set * as the policy's default version. * * * For more information about managed policies, see Managed Policies and * Inline Policies in the IAM User Guide. * * * @param listPolicyVersionsRequest * @return Result of the ListPolicyVersions operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced an entity that does not exist. The error message describes * the entity. * @throws InvalidInputException * The request was rejected because an invalid or out-of-range value was supplied for an input parameter. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.ListPolicyVersions */ ListPolicyVersionsResult listPolicyVersions(ListPolicyVersionsRequest listPolicyVersionsRequest); /** * * Lists the names of the inline policies that are embedded in the specified IAM role. * * * An IAM role can also have managed policies attached to it. To list the managed policies that are attached to a * role, use ListAttachedRolePolicies. For more information about policies, see Managed Policies and * Inline Policies in the IAM User Guide. * * * You can paginate the results using the MaxItems and Marker parameters. If there are no * inline policies embedded with the specified role, the action returns an empty list. * * * @param listRolePoliciesRequest * @return Result of the ListRolePolicies operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced an entity that does not exist. The error message describes * the entity. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.ListRolePolicies */ ListRolePoliciesResult listRolePolicies(ListRolePoliciesRequest listRolePoliciesRequest); /** * * Lists the IAM roles that have the specified path prefix. If there are none, the action returns an empty list. For * more information about roles, go to Working with Roles. * * * You can paginate the results using the MaxItems and Marker parameters. * * * @param listRolesRequest * @return Result of the ListRoles operation returned by the service. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.ListRoles */ ListRolesResult listRoles(ListRolesRequest listRolesRequest); /** * Simplified method form for invoking the ListRoles operation. * * @see #listRoles(ListRolesRequest) */ ListRolesResult listRoles(); /** * * Lists the SAML provider resource objects defined in IAM in the account. * * * * This operation requires Signature * Version 4. * * * * @param listSAMLProvidersRequest * @return Result of the ListSAMLProviders operation returned by the service. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.ListSAMLProviders */ ListSAMLProvidersResult listSAMLProviders(ListSAMLProvidersRequest listSAMLProvidersRequest); /** * Simplified method form for invoking the ListSAMLProviders operation. * * @see #listSAMLProviders(ListSAMLProvidersRequest) */ ListSAMLProvidersResult listSAMLProviders(); /** * * Returns information about the SSH public keys associated with the specified IAM user. If there are none, the * action returns an empty list. * * * The SSH public keys returned by this action are used only for authenticating the IAM user to an AWS CodeCommit * repository. For more information about using SSH keys to authenticate to an AWS CodeCommit repository, see Set up AWS * CodeCommit for SSH Connections in the AWS CodeCommit User Guide. * * * Although each user is limited to a small number of keys, you can still paginate the results using the * MaxItems and Marker parameters. * * * @param listSSHPublicKeysRequest * @return Result of the ListSSHPublicKeys operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced an entity that does not exist. The error message describes * the entity. * @sample AmazonIdentityManagement.ListSSHPublicKeys */ ListSSHPublicKeysResult listSSHPublicKeys(ListSSHPublicKeysRequest listSSHPublicKeysRequest); /** * Simplified method form for invoking the ListSSHPublicKeys operation. * * @see #listSSHPublicKeys(ListSSHPublicKeysRequest) */ ListSSHPublicKeysResult listSSHPublicKeys(); /** * * Lists the server certificates stored in IAM that have the specified path prefix. If none exist, the action * returns an empty list. * * * You can paginate the results using the MaxItems and Marker parameters. * * * For more information about working with server certificates, including a list of AWS services that can use the * server certificates that you manage with IAM, go to Working with Server * Certificates in the IAM User Guide. * * * @param listServerCertificatesRequest * @return Result of the ListServerCertificates operation returned by the service. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.ListServerCertificates */ ListServerCertificatesResult listServerCertificates(ListServerCertificatesRequest listServerCertificatesRequest); /** * Simplified method form for invoking the ListServerCertificates operation. * * @see #listServerCertificates(ListServerCertificatesRequest) */ ListServerCertificatesResult listServerCertificates(); /** * * Returns information about the signing certificates associated with the specified IAM user. If there are none, the * action returns an empty list. * * * Although each user is limited to a small number of signing certificates, you can still paginate the results using * the MaxItems and Marker parameters. * * * If the UserName field is not specified, the user name is determined implicitly based on the AWS * access key ID used to sign the request for this API. Because this action works for access keys under the AWS * account, you can use this action to manage root credentials even if the AWS account has no associated users. * * * @param listSigningCertificatesRequest * @return Result of the ListSigningCertificates operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced an entity that does not exist. The error message describes * the entity. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.ListSigningCertificates */ ListSigningCertificatesResult listSigningCertificates(ListSigningCertificatesRequest listSigningCertificatesRequest); /** * Simplified method form for invoking the ListSigningCertificates operation. * * @see #listSigningCertificates(ListSigningCertificatesRequest) */ ListSigningCertificatesResult listSigningCertificates(); /** * * Lists the names of the inline policies embedded in the specified IAM user. * * * An IAM user can also have managed policies attached to it. To list the managed policies that are attached to a * user, use ListAttachedUserPolicies. For more information about policies, see Managed Policies and * Inline Policies in the IAM User Guide. * * * You can paginate the results using the MaxItems and Marker parameters. If there are no * inline policies embedded with the specified user, the action returns an empty list. * * * @param listUserPoliciesRequest * @return Result of the ListUserPolicies operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced an entity that does not exist. The error message describes * the entity. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.ListUserPolicies */ ListUserPoliciesResult listUserPolicies(ListUserPoliciesRequest listUserPoliciesRequest); /** * * Lists the IAM users that have the specified path prefix. If no path prefix is specified, the action returns all * users in the AWS account. If there are none, the action returns an empty list. * * * You can paginate the results using the MaxItems and Marker parameters. * * * @param listUsersRequest * @return Result of the ListUsers operation returned by the service. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.ListUsers */ ListUsersResult listUsers(ListUsersRequest listUsersRequest); /** * Simplified method form for invoking the ListUsers operation. * * @see #listUsers(ListUsersRequest) */ ListUsersResult listUsers(); /** * * Lists the virtual MFA devices defined in the AWS account by assignment status. If you do not specify an * assignment status, the action returns a list of all virtual MFA devices. Assignment status can be * Assigned, Unassigned, or Any. * * * You can paginate the results using the MaxItems and Marker parameters. * * * @param listVirtualMFADevicesRequest * @return Result of the ListVirtualMFADevices operation returned by the service. * @sample AmazonIdentityManagement.ListVirtualMFADevices */ ListVirtualMFADevicesResult listVirtualMFADevices(ListVirtualMFADevicesRequest listVirtualMFADevicesRequest); /** * Simplified method form for invoking the ListVirtualMFADevices operation. * * @see #listVirtualMFADevices(ListVirtualMFADevicesRequest) */ ListVirtualMFADevicesResult listVirtualMFADevices(); /** * * Adds or updates an inline policy document that is embedded in the specified IAM group. * * * A user can also have managed policies attached to it. To attach a managed policy to a group, use * AttachGroupPolicy. To create a new managed policy, use CreatePolicy. For information about * policies, see Managed * Policies and Inline Policies in the IAM User Guide. * * * For information about limits on the number of inline policies that you can embed in a group, see Limitations on IAM Entities * in the IAM User Guide. * * * * Because policy documents can be large, you should use POST rather than GET when calling * PutGroupPolicy. For general information about using the Query API with IAM, go to Making Query Requests in the * IAM User Guide. * * * * @param putGroupPolicyRequest * @return Result of the PutGroupPolicy operation returned by the service. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current AWS account limits. * The error message describes the limit exceeded. * @throws MalformedPolicyDocumentException * The request was rejected because the policy document was malformed. The error message describes the * specific error. * @throws NoSuchEntityException * The request was rejected because it referenced an entity that does not exist. The error message describes * the entity. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.PutGroupPolicy */ PutGroupPolicyResult putGroupPolicy(PutGroupPolicyRequest putGroupPolicyRequest); /** * * Adds or updates an inline policy document that is embedded in the specified IAM role. * * * When you embed an inline policy in a role, the inline policy is used as part of the role's access (permissions) * policy. The role's trust policy is created at the same time as the role, using CreateRole. You can update * a role's trust policy using UpdateAssumeRolePolicy. For more information about IAM roles, go to Using Roles to Delegate Permissions * and Federate Identities. * * * A role can also have a managed policy attached to it. To attach a managed policy to a role, use * AttachRolePolicy. To create a new managed policy, use CreatePolicy. For information about policies, * see Managed Policies * and Inline Policies in the IAM User Guide. * * * For information about limits on the number of inline policies that you can embed with a role, see Limitations on IAM Entities * in the IAM User Guide. * * * * Because policy documents can be large, you should use POST rather than GET when calling * PutRolePolicy. For general information about using the Query API with IAM, go to Making Query Requests in the * IAM User Guide. * * * * @param putRolePolicyRequest * @return Result of the PutRolePolicy operation returned by the service. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current AWS account limits. * The error message describes the limit exceeded. * @throws MalformedPolicyDocumentException * The request was rejected because the policy document was malformed. The error message describes the * specific error. * @throws NoSuchEntityException * The request was rejected because it referenced an entity that does not exist. The error message describes * the entity. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.PutRolePolicy */ PutRolePolicyResult putRolePolicy(PutRolePolicyRequest putRolePolicyRequest); /** * * Adds or updates an inline policy document that is embedded in the specified IAM user. * * * An IAM user can also have a managed policy attached to it. To attach a managed policy to a user, use * AttachUserPolicy. To create a new managed policy, use CreatePolicy. For information about policies, * see Managed Policies * and Inline Policies in the IAM User Guide. * * * For information about limits on the number of inline policies that you can embed in a user, see Limitations on IAM Entities * in the IAM User Guide. * * * * Because policy documents can be large, you should use POST rather than GET when calling * PutUserPolicy. For general information about using the Query API with IAM, go to Making Query Requests in the * IAM User Guide. * * * * @param putUserPolicyRequest * @return Result of the PutUserPolicy operation returned by the service. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current AWS account limits. * The error message describes the limit exceeded. * @throws MalformedPolicyDocumentException * The request was rejected because the policy document was malformed. The error message describes the * specific error. * @throws NoSuchEntityException * The request was rejected because it referenced an entity that does not exist. The error message describes * the entity. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.PutUserPolicy */ PutUserPolicyResult putUserPolicy(PutUserPolicyRequest putUserPolicyRequest); /** * * Removes the specified client ID (also known as audience) from the list of client IDs registered for the specified * IAM OpenID Connect (OIDC) provider resource object. * * * This action is idempotent; it does not fail or return an error if you try to remove a client ID that does not * exist. * * * @param removeClientIDFromOpenIDConnectProviderRequest * @return Result of the RemoveClientIDFromOpenIDConnectProvider operation returned by the service. * @throws InvalidInputException * The request was rejected because an invalid or out-of-range value was supplied for an input parameter. * @throws NoSuchEntityException * The request was rejected because it referenced an entity that does not exist. The error message describes * the entity. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.RemoveClientIDFromOpenIDConnectProvider */ RemoveClientIDFromOpenIDConnectProviderResult removeClientIDFromOpenIDConnectProvider( RemoveClientIDFromOpenIDConnectProviderRequest removeClientIDFromOpenIDConnectProviderRequest); /** * * Removes the specified IAM role from the specified EC2 instance profile. * * * * Make sure you do not have any Amazon EC2 instances running with the role you are about to remove from the * instance profile. Removing a role from an instance profile that is associated with a running instance break any * applications running on the instance. * * * * For more information about IAM roles, go to Working with Roles. For more * information about instance profiles, go to About Instance Profiles. * * * @param removeRoleFromInstanceProfileRequest * @return Result of the RemoveRoleFromInstanceProfile operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced an entity that does not exist. The error message describes * the entity. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current AWS account limits. * The error message describes the limit exceeded. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.RemoveRoleFromInstanceProfile */ RemoveRoleFromInstanceProfileResult removeRoleFromInstanceProfile(RemoveRoleFromInstanceProfileRequest removeRoleFromInstanceProfileRequest); /** * * Removes the specified user from the specified group. * * * @param removeUserFromGroupRequest * @return Result of the RemoveUserFromGroup operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced an entity that does not exist. The error message describes * the entity. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current AWS account limits. * The error message describes the limit exceeded. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.RemoveUserFromGroup */ RemoveUserFromGroupResult removeUserFromGroup(RemoveUserFromGroupRequest removeUserFromGroupRequest); /** * * Synchronizes the specified MFA device with its IAM resource object on the AWS servers. * * * For more information about creating and working with virtual MFA devices, go to Using a Virtual MFA Device in * the IAM User Guide. * * * @param resyncMFADeviceRequest * @return Result of the ResyncMFADevice operation returned by the service. * @throws InvalidAuthenticationCodeException * The request was rejected because the authentication code was not recognized. The error message describes * the specific error. * @throws NoSuchEntityException * The request was rejected because it referenced an entity that does not exist. The error message describes * the entity. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current AWS account limits. * The error message describes the limit exceeded. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.ResyncMFADevice */ ResyncMFADeviceResult resyncMFADevice(ResyncMFADeviceRequest resyncMFADeviceRequest); /** * * Sets the specified version of the specified policy as the policy's default (operative) version. * * * This action affects all users, groups, and roles that the policy is attached to. To list the users, groups, and * roles that the policy is attached to, use the ListEntitiesForPolicy API. * * * For information about managed policies, see Managed Policies and * Inline Policies in the IAM User Guide. * * * @param setDefaultPolicyVersionRequest * @return Result of the SetDefaultPolicyVersion operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced an entity that does not exist. The error message describes * the entity. * @throws InvalidInputException * The request was rejected because an invalid or out-of-range value was supplied for an input parameter. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current AWS account limits. * The error message describes the limit exceeded. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.SetDefaultPolicyVersion */ SetDefaultPolicyVersionResult setDefaultPolicyVersion(SetDefaultPolicyVersionRequest setDefaultPolicyVersionRequest); /** * * Simulate how a set of IAM policies and optionally a resource-based policy works with a list of API actions and * AWS resources to determine the policies' effective permissions. The policies are provided as strings. * * * The simulation does not perform the API actions; it only checks the authorization to determine if the simulated * policies allow or deny the actions. * * * If you want to simulate existing policies attached to an IAM user, group, or role, use * SimulatePrincipalPolicy instead. * * * Context keys are variables maintained by AWS and its services that provide details about the context of an API * query request. You can use the Condition element of an IAM policy to evaluate context keys. To get * the list of context keys that the policies require for correct simulation, use * GetContextKeysForCustomPolicy. * * * If the output is long, you can use MaxItems and Marker parameters to paginate the * results. * * * @param simulateCustomPolicyRequest * @return Result of the SimulateCustomPolicy operation returned by the service. * @throws InvalidInputException * The request was rejected because an invalid or out-of-range value was supplied for an input parameter. * @throws PolicyEvaluationException * The request failed because a provided policy could not be successfully evaluated. An additional detail * message indicates the source of the failure. * @sample AmazonIdentityManagement.SimulateCustomPolicy */ SimulateCustomPolicyResult simulateCustomPolicy(SimulateCustomPolicyRequest simulateCustomPolicyRequest); /** * * Simulate how a set of IAM policies attached to an IAM entity works with a list of API actions and AWS resources * to determine the policies' effective permissions. The entity can be an IAM user, group, or role. If you specify a * user, then the simulation also includes all of the policies that are attached to groups that the user belongs to * . * * * You can optionally include a list of one or more additional policies specified as strings to include in the * simulation. If you want to simulate only policies specified as strings, use SimulateCustomPolicy instead. * * * You can also optionally include one resource-based policy to be evaluated with each of the resources included in * the simulation. * * * The simulation does not perform the API actions, it only checks the authorization to determine if the simulated * policies allow or deny the actions. * * * Note: This API discloses information about the permissions granted to other users. If you do not want * users to see other user's permissions, then consider allowing them to use SimulateCustomPolicy instead. * * * Context keys are variables maintained by AWS and its services that provide details about the context of an API * query request. You can use the Condition element of an IAM policy to evaluate context keys. To get * the list of context keys that the policies require for correct simulation, use * GetContextKeysForPrincipalPolicy. * * * If the output is long, you can use the MaxItems and Marker parameters to paginate the * results. * * * @param simulatePrincipalPolicyRequest * @return Result of the SimulatePrincipalPolicy operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced an entity that does not exist. The error message describes * the entity. * @throws InvalidInputException * The request was rejected because an invalid or out-of-range value was supplied for an input parameter. * @throws PolicyEvaluationException * The request failed because a provided policy could not be successfully evaluated. An additional detail * message indicates the source of the failure. * @sample AmazonIdentityManagement.SimulatePrincipalPolicy */ SimulatePrincipalPolicyResult simulatePrincipalPolicy(SimulatePrincipalPolicyRequest simulatePrincipalPolicyRequest); /** * * Changes the status of the specified access key from Active to Inactive, or vice versa. This action can be used to * disable a user's key as part of a key rotation work flow. * * * If the UserName field is not specified, the UserName is determined implicitly based on the AWS * access key ID used to sign the request. Because this action works for access keys under the AWS account, you can * use this action to manage root credentials even if the AWS account has no associated users. * * * For information about rotating keys, see Managing Keys and * Certificates in the IAM User Guide. * * * @param updateAccessKeyRequest * @return Result of the UpdateAccessKey operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced an entity that does not exist. The error message describes * the entity. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current AWS account limits. * The error message describes the limit exceeded. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.UpdateAccessKey */ UpdateAccessKeyResult updateAccessKey(UpdateAccessKeyRequest updateAccessKeyRequest); /** * * Updates the password policy settings for the AWS account. * * * * This action does not support partial updates. No parameters are required, but if you do not specify a parameter, * that parameter's value reverts to its default value. See the Request Parameters section for each * parameter's default value. * * * * For more information about using a password policy, see Managing an IAM * Password Policy in the IAM User Guide. * * * @param updateAccountPasswordPolicyRequest * @return Result of the UpdateAccountPasswordPolicy operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced an entity that does not exist. The error message describes * the entity. * @throws MalformedPolicyDocumentException * The request was rejected because the policy document was malformed. The error message describes the * specific error. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current AWS account limits. * The error message describes the limit exceeded. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.UpdateAccountPasswordPolicy */ UpdateAccountPasswordPolicyResult updateAccountPasswordPolicy(UpdateAccountPasswordPolicyRequest updateAccountPasswordPolicyRequest); /** * * Updates the policy that grants an IAM entity permission to assume a role. This is typically referred to as the * "role trust policy". For more information about roles, go to Using Roles to Delegate Permissions * and Federate Identities. * * * @param updateAssumeRolePolicyRequest * @return Result of the UpdateAssumeRolePolicy operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced an entity that does not exist. The error message describes * the entity. * @throws MalformedPolicyDocumentException * The request was rejected because the policy document was malformed. The error message describes the * specific error. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current AWS account limits. * The error message describes the limit exceeded. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.UpdateAssumeRolePolicy */ UpdateAssumeRolePolicyResult updateAssumeRolePolicy(UpdateAssumeRolePolicyRequest updateAssumeRolePolicyRequest); /** * * Updates the name and/or the path of the specified IAM group. * * * * You should understand the implications of changing a group's path or name. For more information, see Renaming Users and * Groups in the IAM User Guide. * * * * To change an IAM group name the requester must have appropriate permissions on both the source object and the * target object. For example, to change "Managers" to "MGRs", the entity making the request must have permission on * both "Managers" and "MGRs", or must have permission on all (*). For more information about permissions, see Permissions and Policies. * * * * @param updateGroupRequest * @return Result of the UpdateGroup operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced an entity that does not exist. The error message describes * the entity. * @throws EntityAlreadyExistsException * The request was rejected because it attempted to create a resource that already exists. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current AWS account limits. * The error message describes the limit exceeded. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.UpdateGroup */ UpdateGroupResult updateGroup(UpdateGroupRequest updateGroupRequest); /** * * Changes the password for the specified IAM user. * * * IAM users can change their own passwords by calling ChangePassword. For more information about modifying * passwords, see Managing * Passwords in the IAM User Guide. * * * @param updateLoginProfileRequest * @return Result of the UpdateLoginProfile operation returned by the service. * @throws EntityTemporarilyUnmodifiableException * The request was rejected because it referenced an entity that is temporarily unmodifiable, such as a user * name that was deleted and then recreated. The error indicates that the request is likely to succeed if * you try again after waiting several minutes. The error message describes the entity. * @throws NoSuchEntityException * The request was rejected because it referenced an entity that does not exist. The error message describes * the entity. * @throws PasswordPolicyViolationException * The request was rejected because the provided password did not meet the requirements imposed by the * account password policy. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current AWS account limits. * The error message describes the limit exceeded. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.UpdateLoginProfile */ UpdateLoginProfileResult updateLoginProfile(UpdateLoginProfileRequest updateLoginProfileRequest); /** * * Replaces the existing list of server certificate thumbprints associated with an OpenID Connect (OIDC) provider * resource object with a new list of thumbprints. * * * The list that you pass with this action completely replaces the existing list of thumbprints. (The lists are not * merged.) * * * Typically, you need to update a thumbprint only when the identity provider's certificate changes, which occurs * rarely. However, if the provider's certificate does change, any attempt to assume an IAM role that * specifies the OIDC provider as a principal fails until the certificate thumbprint is updated. * * * * Because trust for the OIDC provider is ultimately derived from the provider's certificate and is validated by the * thumbprint, it is a best practice to limit access to the UpdateOpenIDConnectProviderThumbprint * action to highly-privileged users. * * * * @param updateOpenIDConnectProviderThumbprintRequest * @return Result of the UpdateOpenIDConnectProviderThumbprint operation returned by the service. * @throws InvalidInputException * The request was rejected because an invalid or out-of-range value was supplied for an input parameter. * @throws NoSuchEntityException * The request was rejected because it referenced an entity that does not exist. The error message describes * the entity. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.UpdateOpenIDConnectProviderThumbprint */ UpdateOpenIDConnectProviderThumbprintResult updateOpenIDConnectProviderThumbprint( UpdateOpenIDConnectProviderThumbprintRequest updateOpenIDConnectProviderThumbprintRequest); /** * * Updates the metadata document for an existing SAML provider resource object. * * * * This operation requires Signature * Version 4. * * * * @param updateSAMLProviderRequest * @return Result of the UpdateSAMLProvider operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced an entity that does not exist. The error message describes * the entity. * @throws InvalidInputException * The request was rejected because an invalid or out-of-range value was supplied for an input parameter. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current AWS account limits. * The error message describes the limit exceeded. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.UpdateSAMLProvider */ UpdateSAMLProviderResult updateSAMLProvider(UpdateSAMLProviderRequest updateSAMLProviderRequest); /** * * Sets the status of an IAM user's SSH public key to active or inactive. SSH public keys that are inactive cannot * be used for authentication. This action can be used to disable a user's SSH public key as part of a key rotation * work flow. * * * The SSH public key affected by this action is used only for authenticating the associated IAM user to an AWS * CodeCommit repository. For more information about using SSH keys to authenticate to an AWS CodeCommit repository, * see Set up AWS * CodeCommit for SSH Connections in the AWS CodeCommit User Guide. * * * @param updateSSHPublicKeyRequest * @return Result of the UpdateSSHPublicKey operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced an entity that does not exist. The error message describes * the entity. * @sample AmazonIdentityManagement.UpdateSSHPublicKey */ UpdateSSHPublicKeyResult updateSSHPublicKey(UpdateSSHPublicKeyRequest updateSSHPublicKeyRequest); /** * * Updates the name and/or the path of the specified server certificate stored in IAM. * * * For more information about working with server certificates, including a list of AWS services that can use the * server certificates that you manage with IAM, go to Working with Server * Certificates in the IAM User Guide. * * * * You should understand the implications of changing a server certificate's path or name. For more information, see * Renaming a Server Certificate in the IAM User Guide. * * * * To change a server certificate name the requester must have appropriate permissions on both the source object and * the target object. For example, to change the name from "ProductionCert" to "ProdCert", the entity making the * request must have permission on "ProductionCert" and "ProdCert", or must have permission on all (*). For more * information about permissions, see Access * Management in the IAM User Guide. * * * * @param updateServerCertificateRequest * @return Result of the UpdateServerCertificate operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced an entity that does not exist. The error message describes * the entity. * @throws EntityAlreadyExistsException * The request was rejected because it attempted to create a resource that already exists. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current AWS account limits. * The error message describes the limit exceeded. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.UpdateServerCertificate */ UpdateServerCertificateResult updateServerCertificate(UpdateServerCertificateRequest updateServerCertificateRequest); /** * * Changes the status of the specified user signing certificate from active to disabled, or vice versa. This action * can be used to disable an IAM user's signing certificate as part of a certificate rotation work flow. * * * If the UserName field is not specified, the UserName is determined implicitly based on the AWS * access key ID used to sign the request. Because this action works for access keys under the AWS account, you can * use this action to manage root credentials even if the AWS account has no associated users. * * * @param updateSigningCertificateRequest * @return Result of the UpdateSigningCertificate operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced an entity that does not exist. The error message describes * the entity. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current AWS account limits. * The error message describes the limit exceeded. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.UpdateSigningCertificate */ UpdateSigningCertificateResult updateSigningCertificate(UpdateSigningCertificateRequest updateSigningCertificateRequest); /** * * Updates the name and/or the path of the specified IAM user. * * * * You should understand the implications of changing an IAM user's path or name. For more information, see Renaming an IAM * User and Renaming an * IAM Group in the IAM User Guide. * * * * To change a user name the requester must have appropriate permissions on both the source object and the target * object. For example, to change Bob to Robert, the entity making the request must have permission on Bob and * Robert, or must have permission on all (*). For more information about permissions, see Permissions and Policies. * * * * @param updateUserRequest * @return Result of the UpdateUser operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced an entity that does not exist. The error message describes * the entity. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current AWS account limits. * The error message describes the limit exceeded. * @throws EntityAlreadyExistsException * The request was rejected because it attempted to create a resource that already exists. * @throws EntityTemporarilyUnmodifiableException * The request was rejected because it referenced an entity that is temporarily unmodifiable, such as a user * name that was deleted and then recreated. The error indicates that the request is likely to succeed if * you try again after waiting several minutes. The error message describes the entity. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.UpdateUser */ UpdateUserResult updateUser(UpdateUserRequest updateUserRequest); /** * * Uploads an SSH public key and associates it with the specified IAM user. * * * The SSH public key uploaded by this action can be used only for authenticating the associated IAM user to an AWS * CodeCommit repository. For more information about using SSH keys to authenticate to an AWS CodeCommit repository, * see Set up AWS * CodeCommit for SSH Connections in the AWS CodeCommit User Guide. * * * @param uploadSSHPublicKeyRequest * @return Result of the UploadSSHPublicKey operation returned by the service. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current AWS account limits. * The error message describes the limit exceeded. * @throws NoSuchEntityException * The request was rejected because it referenced an entity that does not exist. The error message describes * the entity. * @throws InvalidPublicKeyException * The request was rejected because the public key is malformed or otherwise invalid. * @throws DuplicateSSHPublicKeyException * The request was rejected because the SSH public key is already associated with the specified IAM user. * @throws UnrecognizedPublicKeyEncodingException * The request was rejected because the public key encoding format is unsupported or unrecognized. * @sample AmazonIdentityManagement.UploadSSHPublicKey */ UploadSSHPublicKeyResult uploadSSHPublicKey(UploadSSHPublicKeyRequest uploadSSHPublicKeyRequest); /** * * Uploads a server certificate entity for the AWS account. The server certificate entity includes a public key * certificate, a private key, and an optional certificate chain, which should all be PEM-encoded. * * * For more information about working with server certificates, including a list of AWS services that can use the * server certificates that you manage with IAM, go to Working with Server * Certificates in the IAM User Guide. * * * For information about the number of server certificates you can upload, see Limitations on IAM Entities and * Objects in the IAM User Guide. * * * * Because the body of the public key certificate, private key, and the certificate chain can be large, you should * use POST rather than GET when calling UploadServerCertificate. For information about setting up * signatures and authorization through the API, go to Signing AWS API Requests in * the AWS General Reference. For general information about using the Query API with IAM, go to Calling the API by Making HTTP Query * Requests in the IAM User Guide. * * * * @param uploadServerCertificateRequest * @return Result of the UploadServerCertificate operation returned by the service. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current AWS account limits. * The error message describes the limit exceeded. * @throws EntityAlreadyExistsException * The request was rejected because it attempted to create a resource that already exists. * @throws MalformedCertificateException * The request was rejected because the certificate was malformed or expired. The error message describes * the specific error. * @throws KeyPairMismatchException * The request was rejected because the public key certificate and the private key do not match. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.UploadServerCertificate */ UploadServerCertificateResult uploadServerCertificate(UploadServerCertificateRequest uploadServerCertificateRequest); /** * * Uploads an X.509 signing certificate and associates it with the specified IAM user. Some AWS services use X.509 * signing certificates to validate requests that are signed with a corresponding private key. When you upload the * certificate, its default status is Active. * * * If the UserName field is not specified, the IAM user name is determined implicitly based on the AWS * access key ID used to sign the request. Because this action works for access keys under the AWS account, you can * use this action to manage root credentials even if the AWS account has no associated users. * * * * Because the body of a X.509 certificate can be large, you should use POST rather than GET when calling * UploadSigningCertificate. For information about setting up signatures and authorization through the * API, go to Signing AWS API * Requests in the AWS General Reference. For general information about using the Query API with IAM, go * to Making Query Requests in * the IAM User Guide. * * * * @param uploadSigningCertificateRequest * @return Result of the UploadSigningCertificate operation returned by the service. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current AWS account limits. * The error message describes the limit exceeded. * @throws EntityAlreadyExistsException * The request was rejected because it attempted to create a resource that already exists. * @throws MalformedCertificateException * The request was rejected because the certificate was malformed or expired. The error message describes * the specific error. * @throws InvalidCertificateException * The request was rejected because the certificate is invalid. * @throws DuplicateCertificateException * The request was rejected because the same certificate is associated with an IAM user in the account. * @throws NoSuchEntityException * The request was rejected because it referenced an entity that does not exist. The error message describes * the entity. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.UploadSigningCertificate */ UploadSigningCertificateResult uploadSigningCertificate(UploadSigningCertificateRequest uploadSigningCertificateRequest); /** * Shuts down this client object, releasing any resources that might be held open. This is an optional method, and * callers are not expected to call it, but can if they want to explicitly release any open resources. Once a client * has been shutdown, it should not be used to make any more requests. */ void shutdown(); /** * Returns additional metadata for a previously executed successful request, typically used for debugging issues * where a service isn't acting as expected. This data isn't considered part of the result data returned by an * operation, so it's available through this separate, diagnostic interface. *

* Response metadata is only cached for a limited period of time, so if you need to access this extra diagnostic * information for an executed request, you should use this method to retrieve it as soon as possible after * executing a request. * * @param request * The originally executed request. * * @return The response metadata for the specified request, or null if none is available. */ ResponseMetadata getCachedResponseMetadata(AmazonWebServiceRequest request); AmazonIdentityManagementWaiters waiters(); }