com.amazonaws.services.identitymanagement.AmazonIdentityManagement Maven / Gradle / Ivy

Go to download

Show more of this group Show more artifacts with this name
Show all versions of aws-java-sdk-iam Show documentation

The AWS Java SDK for AWS IAM module holds the client classes that are used for communicating with AWS Identity and Access Management Service

The newest version!

/* * Copyright 2020-2025 Amazon.com, Inc. or its affiliates. All Rights Reserved. * * Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with * the License. A copy of the License is located at * * http://aws.amazon.com/apache2.0 * * or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR * CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions * and limitations under the License. */ package com.amazonaws.services.identitymanagement; import javax.annotation.Generated; import com.amazonaws.*; import com.amazonaws.regions.*; import com.amazonaws.services.identitymanagement.model.*; import com.amazonaws.services.identitymanagement.waiters.AmazonIdentityManagementWaiters; /** * Interface for accessing IAM. * * Note: Do not directly implement this interface, new methods are added to it regularly. Extend from * {@link com.amazonaws.services.identitymanagement.AbstractAmazonIdentityManagement} instead. * * * Identity and Access Management * * Identity and Access Management (IAM) is a web service for securely controlling access to Amazon Web Services * services. With IAM, you can centrally manage users, security credentials such as access keys, and permissions that * control which Amazon Web Services resources users and applications can access. For more information about IAM, see Identity and Access Management (IAM) and the Identity and Access Management User Guide. * */ @Generated("com.amazonaws:aws-java-sdk-code-generator") public interface AmazonIdentityManagement { /** * The region metadata service name for computing region endpoints. You can use this value to retrieve metadata * (such as supported regions) of the service. * * @see RegionUtils#getRegionsForService(String) */ String ENDPOINT_PREFIX = "iam"; /** * Overrides the default endpoint for this client ("iam.amazonaws.com"). Callers can use this method to control * which AWS region they want to work with. * * Callers can pass in just the endpoint (ex: "iam.amazonaws.com") or a full URL, including the protocol (ex: * "iam.amazonaws.com"). If the protocol is not specified here, the default protocol from this client's * {@link ClientConfiguration} will be used, which by default is HTTPS. * * For more information on using AWS regions with the AWS SDK for Java, and a complete list of all available * endpoints for all AWS services, see: https://docs.aws.amazon.com/sdk-for-java/v1/developer-guide/java-dg-region-selection.html#region-selection- * choose-endpoint * * This method is not threadsafe. An endpoint should be configured when the client is created and before any * service requests are made. Changing it afterwards creates inevitable race conditions for any service requests in * transit or retrying. * * @param endpoint * The endpoint (ex: "iam.amazonaws.com") or a full URL, including the protocol (ex: "iam.amazonaws.com") of * the region specific AWS endpoint this client will communicate with. * @deprecated use {@link AwsClientBuilder#setEndpointConfiguration(AwsClientBuilder.EndpointConfiguration)} for * example: * {@code builder.setEndpointConfiguration(new EndpointConfiguration(endpoint, signingRegion));} */ @Deprecated void setEndpoint(String endpoint); /** * An alternative to {@link AmazonIdentityManagement#setEndpoint(String)}, sets the regional endpoint for this * client's service calls. Callers can use this method to control which AWS region they want to work with. * * By default, all service endpoints in all regions use the https protocol. To use http instead, specify it in the * {@link ClientConfiguration} supplied at construction. * * This method is not threadsafe. A region should be configured when the client is created and before any service * requests are made. Changing it afterwards creates inevitable race conditions for any service requests in transit * or retrying. * * @param region * The region this client will communicate with. See {@link Region#getRegion(com.amazonaws.regions.Regions)} * for accessing a given region. Must not be null and must be a region where the service is available. * * @see Region#getRegion(com.amazonaws.regions.Regions) * @see Region#createClient(Class, com.amazonaws.auth.AWSCredentialsProvider, ClientConfiguration) * @see Region#isServiceSupported(String) * @deprecated use {@link AwsClientBuilder#setRegion(String)} */ @Deprecated void setRegion(Region region); /** * * Adds a new client ID (also known as audience) to the list of client IDs already registered for the specified IAM * OpenID Connect (OIDC) provider resource. * * * This operation is idempotent; it does not fail or return an error if you add an existing client ID to the * provider. * * * @param addClientIDToOpenIDConnectProviderRequest * @return Result of the AddClientIDToOpenIDConnectProvider operation returned by the service. * @throws InvalidInputException * The request was rejected because an invalid or out-of-range value was supplied for an input parameter. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account limits. The error message describes the limit exceeded. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.AddClientIDToOpenIDConnectProvider * @see AWS API Documentation */ AddClientIDToOpenIDConnectProviderResult addClientIDToOpenIDConnectProvider( AddClientIDToOpenIDConnectProviderRequest addClientIDToOpenIDConnectProviderRequest); /** * * Adds the specified IAM role to the specified instance profile. An instance profile can contain only one role, and * this quota cannot be increased. You can remove the existing role and then add a different role to an instance * profile. You must then wait for the change to appear across all of Amazon Web Services because of eventual consistency. To force the change, you must * * disassociate the instance profile and then associate the * instance profile, or you can stop your instance and then restart it. * * * * The caller of this operation must be granted the PassRole permission on the IAM role by a * permissions policy. * * * * For more information about roles, see IAM roles in the IAM User Guide. * For more information about instance profiles, see Using * instance profiles in the IAM User Guide. * * * @param addRoleToInstanceProfileRequest * @return Result of the AddRoleToInstanceProfile operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws EntityAlreadyExistsException * The request was rejected because it attempted to create a resource that already exists. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account limits. The error message describes the limit exceeded. * @throws UnmodifiableEntityException * The request was rejected because service-linked roles are protected Amazon Web Services resources. Only * the service that depends on the service-linked role can modify or delete the role on your behalf. The * error message includes the name of the service that depends on this service-linked role. You must request * the change through that service. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.AddRoleToInstanceProfile * @see AWS * API Documentation */ AddRoleToInstanceProfileResult addRoleToInstanceProfile(AddRoleToInstanceProfileRequest addRoleToInstanceProfileRequest); /** * * Adds the specified user to the specified group. * * * @param addUserToGroupRequest * @return Result of the AddUserToGroup operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account limits. The error message describes the limit exceeded. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.AddUserToGroup * @see AWS API * Documentation */ AddUserToGroupResult addUserToGroup(AddUserToGroupRequest addUserToGroupRequest); /** * * Attaches the specified managed policy to the specified IAM group. * * * You use this operation to attach a managed policy to a group. To embed an inline policy in a group, use PutGroupPolicy * . * * * As a best practice, you can validate your IAM policies. To learn more, see Validating IAM * policies in the IAM User Guide. * * * For more information about policies, see Managed policies and * inline policies in the IAM User Guide. * * * @param attachGroupPolicyRequest * @return Result of the AttachGroupPolicy operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account limits. The error message describes the limit exceeded. * @throws InvalidInputException * The request was rejected because an invalid or out-of-range value was supplied for an input parameter. * @throws PolicyNotAttachableException * The request failed because Amazon Web Services service role policies can only be attached to the * service-linked role for that service. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.AttachGroupPolicy * @see AWS API * Documentation */ AttachGroupPolicyResult attachGroupPolicy(AttachGroupPolicyRequest attachGroupPolicyRequest); /** * * Attaches the specified managed policy to the specified IAM role. When you attach a managed policy to a role, the * managed policy becomes part of the role's permission (access) policy. * * * * You cannot use a managed policy as the role's trust policy. The role's trust policy is created at the same time * as the role, using * CreateRole . You can update a role's trust policy using * UpdateAssumerolePolicy . * * * * Use this operation to attach a managed policy to a role. To embed an inline policy in a role, use PutRolePolicy * . For more information about policies, see Managed policies and * inline policies in the IAM User Guide. * * * As a best practice, you can validate your IAM policies. To learn more, see Validating IAM * policies in the IAM User Guide. * * * @param attachRolePolicyRequest * @return Result of the AttachRolePolicy operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account limits. The error message describes the limit exceeded. * @throws InvalidInputException * The request was rejected because an invalid or out-of-range value was supplied for an input parameter. * @throws UnmodifiableEntityException * The request was rejected because service-linked roles are protected Amazon Web Services resources. Only * the service that depends on the service-linked role can modify or delete the role on your behalf. The * error message includes the name of the service that depends on this service-linked role. You must request * the change through that service. * @throws PolicyNotAttachableException * The request failed because Amazon Web Services service role policies can only be attached to the * service-linked role for that service. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.AttachRolePolicy * @see AWS API * Documentation */ AttachRolePolicyResult attachRolePolicy(AttachRolePolicyRequest attachRolePolicyRequest); /** * * Attaches the specified managed policy to the specified user. * * * You use this operation to attach a managed policy to a user. To embed an inline policy in a user, use PutUserPolicy * . * * * As a best practice, you can validate your IAM policies. To learn more, see Validating IAM * policies in the IAM User Guide. * * * For more information about policies, see Managed policies and * inline policies in the IAM User Guide. * * * @param attachUserPolicyRequest * @return Result of the AttachUserPolicy operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account limits. The error message describes the limit exceeded. * @throws InvalidInputException * The request was rejected because an invalid or out-of-range value was supplied for an input parameter. * @throws PolicyNotAttachableException * The request failed because Amazon Web Services service role policies can only be attached to the * service-linked role for that service. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.AttachUserPolicy * @see AWS API * Documentation */ AttachUserPolicyResult attachUserPolicy(AttachUserPolicyRequest attachUserPolicyRequest); /** * * Changes the password of the IAM user who is calling this operation. This operation can be performed using the * CLI, the Amazon Web Services API, or the My Security Credentials page in the Amazon Web Services * Management Console. The Amazon Web Services account root user password is not affected by this operation. * * * Use UpdateLoginProfile to use the CLI, the Amazon Web Services API, or the Users page in the IAM * console to change the password for any IAM user. For more information about modifying passwords, see Managing passwords in the * IAM User Guide. * * * @param changePasswordRequest * @return Result of the ChangePassword operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws InvalidUserTypeException * The request was rejected because the type of user for the transaction was incorrect. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account limits. The error message describes the limit exceeded. * @throws EntityTemporarilyUnmodifiableException * The request was rejected because it referenced an entity that is temporarily unmodifiable, such as a user * name that was deleted and then recreated. The error indicates that the request is likely to succeed if * you try again after waiting several minutes. The error message describes the entity. * @throws PasswordPolicyViolationException * The request was rejected because the provided password did not meet the requirements imposed by the * account password policy. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.ChangePassword * @see AWS API * Documentation */ ChangePasswordResult changePassword(ChangePasswordRequest changePasswordRequest); /** * * Creates a new Amazon Web Services secret access key and corresponding Amazon Web Services access key ID for the * specified user. The default status for new keys is Active. * * * If you do not specify a user name, IAM determines the user name implicitly based on the Amazon Web Services * access key ID signing the request. This operation works for access keys under the Amazon Web Services account. * Consequently, you can use this operation to manage Amazon Web Services account root user credentials. This is * true even if the Amazon Web Services account has no associated users. * * * For information about quotas on the number of keys you can create, see IAM and STS quotas in the * IAM User Guide. * * * * To ensure the security of your Amazon Web Services account, the secret access key is accessible only during key * and user creation. You must save the key (for example, in a text file) if you want to be able to access it again. * If a secret key is lost, you can delete the access keys for the associated user and then create new keys. * * * * @param createAccessKeyRequest * @return Result of the CreateAccessKey operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account limits. The error message describes the limit exceeded. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.CreateAccessKey * @see AWS API * Documentation */ CreateAccessKeyResult createAccessKey(CreateAccessKeyRequest createAccessKeyRequest); /** * Simplified method form for invoking the CreateAccessKey operation. * * @see #createAccessKey(CreateAccessKeyRequest) */ CreateAccessKeyResult createAccessKey(); /** * * Creates an alias for your Amazon Web Services account. For information about using an Amazon Web Services account * alias, see Creating, * deleting, and listing an Amazon Web Services account alias in the Amazon Web Services Sign-In User * Guide. * * * @param createAccountAliasRequest * @return Result of the CreateAccountAlias operation returned by the service. * @throws ConcurrentModificationException * The request was rejected because multiple requests to change this object were submitted simultaneously. * Wait a few minutes and submit your request again. * @throws EntityAlreadyExistsException * The request was rejected because it attempted to create a resource that already exists. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account limits. The error message describes the limit exceeded. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.CreateAccountAlias * @see AWS API * Documentation */ CreateAccountAliasResult createAccountAlias(CreateAccountAliasRequest createAccountAliasRequest); /** * * Creates a new group. * * * For information about the number of groups you can create, see IAM and STS quotas in the * IAM User Guide. * * * @param createGroupRequest * @return Result of the CreateGroup operation returned by the service. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account limits. The error message describes the limit exceeded. * @throws EntityAlreadyExistsException * The request was rejected because it attempted to create a resource that already exists. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.CreateGroup * @see AWS API * Documentation */ CreateGroupResult createGroup(CreateGroupRequest createGroupRequest); /** * * Creates a new instance profile. For information about instance profiles, see Using roles for * applications on Amazon EC2 in the IAM User Guide, and Instance profiles in the Amazon EC2 User Guide. * * * For information about the number of instance profiles you can create, see IAM object quotas in the * IAM User Guide. * * * @param createInstanceProfileRequest * @return Result of the CreateInstanceProfile operation returned by the service. * @throws EntityAlreadyExistsException * The request was rejected because it attempted to create a resource that already exists. * @throws InvalidInputException * The request was rejected because an invalid or out-of-range value was supplied for an input parameter. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account limits. The error message describes the limit exceeded. * @throws ConcurrentModificationException * The request was rejected because multiple requests to change this object were submitted simultaneously. * Wait a few minutes and submit your request again. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.CreateInstanceProfile * @see AWS API * Documentation */ CreateInstanceProfileResult createInstanceProfile(CreateInstanceProfileRequest createInstanceProfileRequest); /** * * Creates a password for the specified IAM user. A password allows an IAM user to access Amazon Web Services * services through the Amazon Web Services Management Console. * * * You can use the CLI, the Amazon Web Services API, or the Users page in the IAM console to create a * password for any IAM user. Use ChangePassword to update your own existing password in the My Security * Credentials page in the Amazon Web Services Management Console. * * * For more information about managing passwords, see Managing passwords in the * IAM User Guide. * * * @param createLoginProfileRequest * @return Result of the CreateLoginProfile operation returned by the service. * @throws EntityAlreadyExistsException * The request was rejected because it attempted to create a resource that already exists. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws PasswordPolicyViolationException * The request was rejected because the provided password did not meet the requirements imposed by the * account password policy. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account limits. The error message describes the limit exceeded. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.CreateLoginProfile * @see AWS API * Documentation */ CreateLoginProfileResult createLoginProfile(CreateLoginProfileRequest createLoginProfileRequest); /** * * Creates an IAM entity to describe an identity provider (IdP) that supports OpenID Connect (OIDC). * * * The OIDC provider that you create with this operation can be used as a principal in a role's trust policy. Such a * policy establishes a trust relationship between Amazon Web Services and the OIDC provider. * * * If you are using an OIDC identity provider from Google, Facebook, or Amazon Cognito, you don't need to create a * separate IAM identity provider. These OIDC identity providers are already built-in to Amazon Web Services and are * available for your use. Instead, you can move directly to creating new roles using your identity provider. To * learn more, see Creating a role for web * identity or OpenID connect federation in the IAM User Guide. * * * When you create the IAM OIDC provider, you specify the following: * * * * * The URL of the OIDC identity provider (IdP) to trust * * * * * A list of client IDs (also known as audiences) that identify the application or applications allowed to * authenticate using the OIDC provider * * * * * A list of tags that are attached to the specified IAM OIDC provider * * * * * A list of thumbprints of one or more server certificates that the IdP uses * * * * * You get all of this information from the OIDC IdP you want to use to access Amazon Web Services. * * * * Amazon Web Services secures communication with some OIDC identity providers (IdPs) through our library of trusted * root certificate authorities (CAs) instead of using a certificate thumbprint to verify your IdP server * certificate. In these cases, your legacy thumbprint remains in your configuration, but is no longer used for * validation. These OIDC IdPs include Auth0, GitHub, GitLab, Google, and those that use an Amazon S3 bucket to host * a JSON Web Key Set (JWKS) endpoint. * * * * The trust for the OIDC provider is derived from the IAM provider that this operation creates. Therefore, it is * best to limit access to the CreateOpenIDConnectProvider operation to highly privileged users. * * * * @param createOpenIDConnectProviderRequest * @return Result of the CreateOpenIDConnectProvider operation returned by the service. * @throws InvalidInputException * The request was rejected because an invalid or out-of-range value was supplied for an input parameter. * @throws EntityAlreadyExistsException * The request was rejected because it attempted to create a resource that already exists. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account limits. The error message describes the limit exceeded. * @throws ConcurrentModificationException * The request was rejected because multiple requests to change this object were submitted simultaneously. * Wait a few minutes and submit your request again. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @throws OpenIdIdpCommunicationErrorException * The request failed because IAM cannot connect to the OpenID Connect identity provider URL. * @sample AmazonIdentityManagement.CreateOpenIDConnectProvider * @see AWS API Documentation */ CreateOpenIDConnectProviderResult createOpenIDConnectProvider(CreateOpenIDConnectProviderRequest createOpenIDConnectProviderRequest); /** * * Creates a new managed policy for your Amazon Web Services account. * * * This operation creates a policy version with a version identifier of v1 and sets v1 as the policy's * default version. For more information about policy versions, see Versioning for managed * policies in the IAM User Guide. * * * As a best practice, you can validate your IAM policies. To learn more, see Validating IAM * policies in the IAM User Guide. * * * For more information about managed policies in general, see Managed policies and * inline policies in the IAM User Guide. * * * @param createPolicyRequest * @return Result of the CreatePolicy operation returned by the service. * @throws InvalidInputException * The request was rejected because an invalid or out-of-range value was supplied for an input parameter. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account limits. The error message describes the limit exceeded. * @throws EntityAlreadyExistsException * The request was rejected because it attempted to create a resource that already exists. * @throws MalformedPolicyDocumentException * The request was rejected because the policy document was malformed. The error message describes the * specific error. * @throws ConcurrentModificationException * The request was rejected because multiple requests to change this object were submitted simultaneously. * Wait a few minutes and submit your request again. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.CreatePolicy * @see AWS API * Documentation */ CreatePolicyResult createPolicy(CreatePolicyRequest createPolicyRequest); /** * * Creates a new version of the specified managed policy. To update a managed policy, you create a new policy * version. A managed policy can have up to five versions. If the policy has five versions, you must delete an * existing version using DeletePolicyVersion before you create a new version. * * * Optionally, you can set the new version as the policy's default version. The default version is the version that * is in effect for the IAM users, groups, and roles to which the policy is attached. * * * For more information about managed policy versions, see Versioning for managed * policies in the IAM User Guide. * * * @param createPolicyVersionRequest * @return Result of the CreatePolicyVersion operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws MalformedPolicyDocumentException * The request was rejected because the policy document was malformed. The error message describes the * specific error. * @throws InvalidInputException * The request was rejected because an invalid or out-of-range value was supplied for an input parameter. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account limits. The error message describes the limit exceeded. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.CreatePolicyVersion * @see AWS API * Documentation */ CreatePolicyVersionResult createPolicyVersion(CreatePolicyVersionRequest createPolicyVersionRequest); /** * * Creates a new role for your Amazon Web Services account. * * * For more information about roles, see IAM roles in the IAM User Guide. * For information about quotas for role names and the number of roles you can create, see IAM and STS quotas in the * IAM User Guide. * * * @param createRoleRequest * @return Result of the CreateRole operation returned by the service. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account limits. The error message describes the limit exceeded. * @throws InvalidInputException * The request was rejected because an invalid or out-of-range value was supplied for an input parameter. * @throws EntityAlreadyExistsException * The request was rejected because it attempted to create a resource that already exists. * @throws MalformedPolicyDocumentException * The request was rejected because the policy document was malformed. The error message describes the * specific error. * @throws ConcurrentModificationException * The request was rejected because multiple requests to change this object were submitted simultaneously. * Wait a few minutes and submit your request again. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.CreateRole * @see AWS API * Documentation */ CreateRoleResult createRole(CreateRoleRequest createRoleRequest); /** * * Creates an IAM resource that describes an identity provider (IdP) that supports SAML 2.0. * * * The SAML provider resource that you create with this operation can be used as a principal in an IAM role's trust * policy. Such a policy can enable federated users who sign in using the SAML IdP to assume the role. You can * create an IAM role that supports Web-based single sign-on (SSO) to the Amazon Web Services Management Console or * one that supports API access to Amazon Web Services. * * * When you create the SAML provider resource, you upload a SAML metadata document that you get from your IdP. That * document includes the issuer's name, expiration information, and keys that can be used to validate the SAML * authentication response (assertions) that the IdP sends. You must generate the metadata document using the * identity management software that is used as your organization's IdP. * * * * This operation requires Signature Version 4. * * * * For more information, see Enabling SAML * 2.0 federated users to access the Amazon Web Services Management Console and About SAML 2.0-based * federation in the IAM User Guide. * * * @param createSAMLProviderRequest * @return Result of the CreateSAMLProvider operation returned by the service. * @throws InvalidInputException * The request was rejected because an invalid or out-of-range value was supplied for an input parameter. * @throws EntityAlreadyExistsException * The request was rejected because it attempted to create a resource that already exists. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account limits. The error message describes the limit exceeded. * @throws ConcurrentModificationException * The request was rejected because multiple requests to change this object were submitted simultaneously. * Wait a few minutes and submit your request again. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.CreateSAMLProvider * @see AWS API * Documentation */ CreateSAMLProviderResult createSAMLProvider(CreateSAMLProviderRequest createSAMLProviderRequest); /** * * Creates an IAM role that is linked to a specific Amazon Web Services service. The service controls the attached * policies and when the role can be deleted. This helps ensure that the service is not broken by an unexpectedly * changed or deleted role, which could put your Amazon Web Services resources into an unknown state. Allowing the * service to control the role helps improve service stability and proper cleanup when a service and its role are no * longer needed. For more information, see Using service-linked * roles in the IAM User Guide. * * * To attach a policy to this service-linked role, you must make the request using the Amazon Web Services service * that depends on this role. * * * @param createServiceLinkedRoleRequest * @return Result of the CreateServiceLinkedRole operation returned by the service. * @throws InvalidInputException * The request was rejected because an invalid or out-of-range value was supplied for an input parameter. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account limits. The error message describes the limit exceeded. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.CreateServiceLinkedRole * @see AWS * API Documentation */ CreateServiceLinkedRoleResult createServiceLinkedRole(CreateServiceLinkedRoleRequest createServiceLinkedRoleRequest); /** * * Generates a set of credentials consisting of a user name and password that can be used to access the service * specified in the request. These credentials are generated by IAM, and can be used only for the specified service. * * * You can have a maximum of two sets of service-specific credentials for each supported service per user. * * * You can create service-specific credentials for CodeCommit and Amazon Keyspaces (for Apache Cassandra). * * * You can reset the password to a new service-generated value by calling ResetServiceSpecificCredential. * * * For more information about service-specific credentials, see Using IAM with CodeCommit: * Git credentials, SSH keys, and Amazon Web Services access keys in the IAM User Guide. * * * @param createServiceSpecificCredentialRequest * @return Result of the CreateServiceSpecificCredential operation returned by the service. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account limits. The error message describes the limit exceeded. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws ServiceNotSupportedException * The specified service does not support service-specific credentials. * @sample AmazonIdentityManagement.CreateServiceSpecificCredential * @see AWS API Documentation */ CreateServiceSpecificCredentialResult createServiceSpecificCredential(CreateServiceSpecificCredentialRequest createServiceSpecificCredentialRequest); /** * * Creates a new IAM user for your Amazon Web Services account. * * * For information about quotas for the number of IAM users you can create, see IAM and STS quotas in the * IAM User Guide. * * * @param createUserRequest * @return Result of the CreateUser operation returned by the service. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account limits. The error message describes the limit exceeded. * @throws EntityAlreadyExistsException * The request was rejected because it attempted to create a resource that already exists. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws InvalidInputException * The request was rejected because an invalid or out-of-range value was supplied for an input parameter. * @throws ConcurrentModificationException * The request was rejected because multiple requests to change this object were submitted simultaneously. * Wait a few minutes and submit your request again. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.CreateUser * @see AWS API * Documentation */ CreateUserResult createUser(CreateUserRequest createUserRequest); /** * * Creates a new virtual MFA device for the Amazon Web Services account. After creating the virtual MFA, use * EnableMFADevice to attach the MFA device to an IAM user. For more information about creating and working * with virtual MFA devices, see Using a virtual MFA device in * the IAM User Guide. * * * For information about the maximum number of MFA devices you can create, see IAM and STS quotas in the * IAM User Guide. * * * * The seed information contained in the QR code and the Base32 string should be treated like any other secret * access information. In other words, protect the seed information as you would your Amazon Web Services access * keys or your passwords. After you provision your virtual device, you should ensure that the information is * destroyed following secure procedures. * * * * @param createVirtualMFADeviceRequest * @return Result of the CreateVirtualMFADevice operation returned by the service. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account limits. The error message describes the limit exceeded. * @throws InvalidInputException * The request was rejected because an invalid or out-of-range value was supplied for an input parameter. * @throws EntityAlreadyExistsException * The request was rejected because it attempted to create a resource that already exists. * @throws ConcurrentModificationException * The request was rejected because multiple requests to change this object were submitted simultaneously. * Wait a few minutes and submit your request again. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.CreateVirtualMFADevice * @see AWS API * Documentation */ CreateVirtualMFADeviceResult createVirtualMFADevice(CreateVirtualMFADeviceRequest createVirtualMFADeviceRequest); /** * * Deactivates the specified MFA device and removes it from association with the user name for which it was * originally enabled. * * * For more information about creating and working with virtual MFA devices, see Enabling a virtual multi-factor * authentication (MFA) device in the IAM User Guide. * * * @param deactivateMFADeviceRequest * @return Result of the DeactivateMFADevice operation returned by the service. * @throws EntityTemporarilyUnmodifiableException * The request was rejected because it referenced an entity that is temporarily unmodifiable, such as a user * name that was deleted and then recreated. The error indicates that the request is likely to succeed if * you try again after waiting several minutes. The error message describes the entity. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account limits. The error message describes the limit exceeded. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @throws ConcurrentModificationException * The request was rejected because multiple requests to change this object were submitted simultaneously. * Wait a few minutes and submit your request again. * @sample AmazonIdentityManagement.DeactivateMFADevice * @see AWS API * Documentation */ DeactivateMFADeviceResult deactivateMFADevice(DeactivateMFADeviceRequest deactivateMFADeviceRequest); /** * * Deletes the access key pair associated with the specified IAM user. * * * If you do not specify a user name, IAM determines the user name implicitly based on the Amazon Web Services * access key ID signing the request. This operation works for access keys under the Amazon Web Services account. * Consequently, you can use this operation to manage Amazon Web Services account root user credentials even if the * Amazon Web Services account has no associated users. * * * @param deleteAccessKeyRequest * @return Result of the DeleteAccessKey operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account limits. The error message describes the limit exceeded. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.DeleteAccessKey * @see AWS API * Documentation */ DeleteAccessKeyResult deleteAccessKey(DeleteAccessKeyRequest deleteAccessKeyRequest); /** * * Deletes the specified Amazon Web Services account alias. For information about using an Amazon Web Services * account alias, see Creating, deleting, and * listing an Amazon Web Services account alias in the Amazon Web Services Sign-In User Guide. * * * @param deleteAccountAliasRequest * @return Result of the DeleteAccountAlias operation returned by the service. * @throws ConcurrentModificationException * The request was rejected because multiple requests to change this object were submitted simultaneously. * Wait a few minutes and submit your request again. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account limits. The error message describes the limit exceeded. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.DeleteAccountAlias * @see AWS API * Documentation */ DeleteAccountAliasResult deleteAccountAlias(DeleteAccountAliasRequest deleteAccountAliasRequest); /** * * Deletes the password policy for the Amazon Web Services account. There are no parameters. * * * @param deleteAccountPasswordPolicyRequest * @return Result of the DeleteAccountPasswordPolicy operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account limits. The error message describes the limit exceeded. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.DeleteAccountPasswordPolicy * @see AWS API Documentation */ DeleteAccountPasswordPolicyResult deleteAccountPasswordPolicy(DeleteAccountPasswordPolicyRequest deleteAccountPasswordPolicyRequest); /** * Simplified method form for invoking the DeleteAccountPasswordPolicy operation. * * @see #deleteAccountPasswordPolicy(DeleteAccountPasswordPolicyRequest) */ DeleteAccountPasswordPolicyResult deleteAccountPasswordPolicy(); /** * * Deletes the specified IAM group. The group must not contain any users or have any attached policies. * * * @param deleteGroupRequest * @return Result of the DeleteGroup operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws DeleteConflictException * The request was rejected because it attempted to delete a resource that has attached subordinate * entities. The error message describes these entities. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account limits. The error message describes the limit exceeded. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.DeleteGroup * @see AWS API * Documentation */ DeleteGroupResult deleteGroup(DeleteGroupRequest deleteGroupRequest); /** * * Deletes the specified inline policy that is embedded in the specified IAM group. * * * A group can also have managed policies attached to it. To detach a managed policy from a group, use * DetachGroupPolicy. For more information about policies, refer to Managed policies and * inline policies in the IAM User Guide. * * * @param deleteGroupPolicyRequest * @return Result of the DeleteGroupPolicy operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account limits. The error message describes the limit exceeded. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.DeleteGroupPolicy * @see AWS API * Documentation */ DeleteGroupPolicyResult deleteGroupPolicy(DeleteGroupPolicyRequest deleteGroupPolicyRequest); /** * * Deletes the specified instance profile. The instance profile must not have an associated role. * * * * Make sure that you do not have any Amazon EC2 instances running with the instance profile you are about to * delete. Deleting a role or instance profile that is associated with a running instance will break any * applications running on the instance. * * * * For more information about instance profiles, see Using * instance profiles in the IAM User Guide. * * * @param deleteInstanceProfileRequest * @return Result of the DeleteInstanceProfile operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws DeleteConflictException * The request was rejected because it attempted to delete a resource that has attached subordinate * entities. The error message describes these entities. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account limits. The error message describes the limit exceeded. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.DeleteInstanceProfile * @see AWS API * Documentation */ DeleteInstanceProfileResult deleteInstanceProfile(DeleteInstanceProfileRequest deleteInstanceProfileRequest); /** * * Deletes the password for the specified IAM user, For more information, see Managing * passwords for IAM users. * * * You can use the CLI, the Amazon Web Services API, or the Users page in the IAM console to delete a * password for any IAM user. You can use ChangePassword to update, but not delete, your own password in the * My Security Credentials page in the Amazon Web Services Management Console. * * * * Deleting a user's password does not prevent a user from accessing Amazon Web Services through the command line * interface or the API. To prevent all user access, you must also either make any access keys inactive or delete * them. For more information about making keys inactive or deleting them, see UpdateAccessKey and * DeleteAccessKey. * * * * @param deleteLoginProfileRequest * @return Result of the DeleteLoginProfile operation returned by the service. * @throws EntityTemporarilyUnmodifiableException * The request was rejected because it referenced an entity that is temporarily unmodifiable, such as a user * name that was deleted and then recreated. The error indicates that the request is likely to succeed if * you try again after waiting several minutes. The error message describes the entity. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account limits. The error message describes the limit exceeded. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.DeleteLoginProfile * @see AWS API * Documentation */ DeleteLoginProfileResult deleteLoginProfile(DeleteLoginProfileRequest deleteLoginProfileRequest); /** * * Deletes an OpenID Connect identity provider (IdP) resource object in IAM. * * * Deleting an IAM OIDC provider resource does not update any roles that reference the provider as a principal in * their trust policies. Any attempt to assume a role that references a deleted provider fails. * * * This operation is idempotent; it does not fail or return an error if you call the operation for a provider that * does not exist. * * * @param deleteOpenIDConnectProviderRequest * @return Result of the DeleteOpenIDConnectProvider operation returned by the service. * @throws InvalidInputException * The request was rejected because an invalid or out-of-range value was supplied for an input parameter. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.DeleteOpenIDConnectProvider * @see AWS API Documentation */ DeleteOpenIDConnectProviderResult deleteOpenIDConnectProvider(DeleteOpenIDConnectProviderRequest deleteOpenIDConnectProviderRequest); /** * * Deletes the specified managed policy. * * * Before you can delete a managed policy, you must first detach the policy from all users, groups, and roles that * it is attached to. In addition, you must delete all the policy's versions. The following steps describe the * process for deleting a managed policy: * * * * * Detach the policy from all users, groups, and roles that the policy is attached to, using * DetachUserPolicy, DetachGroupPolicy, or DetachRolePolicy. To list all the users, groups, and * roles that a policy is attached to, use ListEntitiesForPolicy. * * * * * Delete all versions of the policy using DeletePolicyVersion. To list the policy's versions, use * ListPolicyVersions. You cannot use DeletePolicyVersion to delete the version that is marked as the * default version. You delete the policy's default version in the next step of the process. * * * * * Delete the policy (this automatically deletes the policy's default version) using this operation. * * * * * For information about managed policies, see Managed policies and * inline policies in the IAM User Guide. * * * @param deletePolicyRequest * @return Result of the DeletePolicy operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account limits. The error message describes the limit exceeded. * @throws InvalidInputException * The request was rejected because an invalid or out-of-range value was supplied for an input parameter. * @throws DeleteConflictException * The request was rejected because it attempted to delete a resource that has attached subordinate * entities. The error message describes these entities. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.DeletePolicy * @see AWS API * Documentation */ DeletePolicyResult deletePolicy(DeletePolicyRequest deletePolicyRequest); /** * * Deletes the specified version from the specified managed policy. * * * You cannot delete the default version from a policy using this operation. To delete the default version from a * policy, use DeletePolicy. To find out which version of a policy is marked as the default version, use * ListPolicyVersions. * * * For information about versions for managed policies, see Versioning for managed * policies in the IAM User Guide. * * * @param deletePolicyVersionRequest * @return Result of the DeletePolicyVersion operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account limits. The error message describes the limit exceeded. * @throws InvalidInputException * The request was rejected because an invalid or out-of-range value was supplied for an input parameter. * @throws DeleteConflictException * The request was rejected because it attempted to delete a resource that has attached subordinate * entities. The error message describes these entities. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.DeletePolicyVersion * @see AWS API * Documentation */ DeletePolicyVersionResult deletePolicyVersion(DeletePolicyVersionRequest deletePolicyVersionRequest); /** * * Deletes the specified role. Unlike the Amazon Web Services Management Console, when you delete a role * programmatically, you must delete the items attached to the role manually, or the deletion fails. For more * information, see Deleting an IAM role. Before attempting to delete a role, remove the following attached items: * * * * * Inline policies (DeleteRolePolicy) * * * * * Attached managed policies (DetachRolePolicy) * * * * * Instance profile (RemoveRoleFromInstanceProfile) * * * * * Optional – Delete instance profile after detaching from role for resource clean up (DeleteInstanceProfile) * * * * * * Make sure that you do not have any Amazon EC2 instances running with the role you are about to delete. Deleting a * role or instance profile that is associated with a running instance will break any applications running on the * instance. * * * * @param deleteRoleRequest * @return Result of the DeleteRole operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws DeleteConflictException * The request was rejected because it attempted to delete a resource that has attached subordinate * entities. The error message describes these entities. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account limits. The error message describes the limit exceeded. * @throws UnmodifiableEntityException * The request was rejected because service-linked roles are protected Amazon Web Services resources. Only * the service that depends on the service-linked role can modify or delete the role on your behalf. The * error message includes the name of the service that depends on this service-linked role. You must request * the change through that service. * @throws ConcurrentModificationException * The request was rejected because multiple requests to change this object were submitted simultaneously. * Wait a few minutes and submit your request again. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.DeleteRole * @see AWS API * Documentation */ DeleteRoleResult deleteRole(DeleteRoleRequest deleteRoleRequest); /** * * Deletes the permissions boundary for the specified IAM role. * * * You cannot set the boundary for a service-linked role. * * * * Deleting the permissions boundary for a role might increase its permissions. For example, it might allow anyone * who assumes the role to perform all the actions granted in its permissions policies. * * * * @param deleteRolePermissionsBoundaryRequest * @return Result of the DeleteRolePermissionsBoundary operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws UnmodifiableEntityException * The request was rejected because service-linked roles are protected Amazon Web Services resources. Only * the service that depends on the service-linked role can modify or delete the role on your behalf. The * error message includes the name of the service that depends on this service-linked role. You must request * the change through that service. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.DeleteRolePermissionsBoundary * @see AWS API Documentation */ DeleteRolePermissionsBoundaryResult deleteRolePermissionsBoundary(DeleteRolePermissionsBoundaryRequest deleteRolePermissionsBoundaryRequest); /** * * Deletes the specified inline policy that is embedded in the specified IAM role. * * * A role can also have managed policies attached to it. To detach a managed policy from a role, use * DetachRolePolicy. For more information about policies, refer to Managed policies and * inline policies in the IAM User Guide. * * * @param deleteRolePolicyRequest * @return Result of the DeleteRolePolicy operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account limits. The error message describes the limit exceeded. * @throws UnmodifiableEntityException * The request was rejected because service-linked roles are protected Amazon Web Services resources. Only * the service that depends on the service-linked role can modify or delete the role on your behalf. The * error message includes the name of the service that depends on this service-linked role. You must request * the change through that service. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.DeleteRolePolicy * @see AWS API * Documentation */ DeleteRolePolicyResult deleteRolePolicy(DeleteRolePolicyRequest deleteRolePolicyRequest); /** * * Deletes a SAML provider resource in IAM. * * * Deleting the provider resource from IAM does not update any roles that reference the SAML provider resource's ARN * as a principal in their trust policies. Any attempt to assume a role that references a non-existent provider * resource ARN fails. * * * * This operation requires Signature Version 4. * * * * @param deleteSAMLProviderRequest * @return Result of the DeleteSAMLProvider operation returned by the service. * @throws InvalidInputException * The request was rejected because an invalid or out-of-range value was supplied for an input parameter. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account limits. The error message describes the limit exceeded. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.DeleteSAMLProvider * @see AWS API * Documentation */ DeleteSAMLProviderResult deleteSAMLProvider(DeleteSAMLProviderRequest deleteSAMLProviderRequest); /** * * Deletes the specified SSH public key. * * * The SSH public key deleted by this operation is used only for authenticating the associated IAM user to an * CodeCommit repository. For more information about using SSH keys to authenticate to an CodeCommit repository, see * Set up * CodeCommit for SSH connections in the CodeCommit User Guide. * * * @param deleteSSHPublicKeyRequest * @return Result of the DeleteSSHPublicKey operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @sample AmazonIdentityManagement.DeleteSSHPublicKey * @see AWS API * Documentation */ DeleteSSHPublicKeyResult deleteSSHPublicKey(DeleteSSHPublicKeyRequest deleteSSHPublicKeyRequest); /** * * Deletes the specified server certificate. * * * For more information about working with server certificates, see Working with server * certificates in the IAM User Guide. This topic also includes a list of Amazon Web Services services * that can use the server certificates that you manage with IAM. * * * * If you are using a server certificate with Elastic Load Balancing, deleting the certificate could have * implications for your application. If Elastic Load Balancing doesn't detect the deletion of bound certificates, * it may continue to use the certificates. This could cause Elastic Load Balancing to stop accepting traffic. We * recommend that you remove the reference to the certificate from Elastic Load Balancing before using this command * to delete the certificate. For more information, see DeleteLoadBalancerListeners in the Elastic Load Balancing API Reference. * * * * @param deleteServerCertificateRequest * @return Result of the DeleteServerCertificate operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws DeleteConflictException * The request was rejected because it attempted to delete a resource that has attached subordinate * entities. The error message describes these entities. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account limits. The error message describes the limit exceeded. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.DeleteServerCertificate * @see AWS * API Documentation */ DeleteServerCertificateResult deleteServerCertificate(DeleteServerCertificateRequest deleteServerCertificateRequest); /** * * Submits a service-linked role deletion request and returns a DeletionTaskId, which you can use to * check the status of the deletion. Before you call this operation, confirm that the role has no active sessions * and that any resources used by the role in the linked service are deleted. If you call this operation more than * once for the same service-linked role and an earlier deletion task is not complete, then the * DeletionTaskId of the earlier request is returned. * * * If you submit a deletion request for a service-linked role whose linked service is still accessing a resource, * then the deletion task fails. If it fails, the GetServiceLinkedRoleDeletionStatus operation returns the * reason for the failure, usually including the resources that must be deleted. To delete the service-linked role, * you must first remove those resources from the linked service and then submit the deletion request again. * Resources are specific to the service that is linked to the role. For more information about removing resources * from a service, see the Amazon Web Services documentation for your * service. * * * For more information about service-linked roles, see Roles terms and concepts: Amazon Web Services service-linked role in the IAM User Guide. * * * @param deleteServiceLinkedRoleRequest * @return Result of the DeleteServiceLinkedRole operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account limits. The error message describes the limit exceeded. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.DeleteServiceLinkedRole * @see AWS * API Documentation */ DeleteServiceLinkedRoleResult deleteServiceLinkedRole(DeleteServiceLinkedRoleRequest deleteServiceLinkedRoleRequest); /** * * Deletes the specified service-specific credential. * * * @param deleteServiceSpecificCredentialRequest * @return Result of the DeleteServiceSpecificCredential operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @sample AmazonIdentityManagement.DeleteServiceSpecificCredential * @see AWS API Documentation */ DeleteServiceSpecificCredentialResult deleteServiceSpecificCredential(DeleteServiceSpecificCredentialRequest deleteServiceSpecificCredentialRequest); /** * * Deletes a signing certificate associated with the specified IAM user. * * * If you do not specify a user name, IAM determines the user name implicitly based on the Amazon Web Services * access key ID signing the request. This operation works for access keys under the Amazon Web Services account. * Consequently, you can use this operation to manage Amazon Web Services account root user credentials even if the * Amazon Web Services account has no associated IAM users. * * * @param deleteSigningCertificateRequest * @return Result of the DeleteSigningCertificate operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account limits. The error message describes the limit exceeded. * @throws ConcurrentModificationException * The request was rejected because multiple requests to change this object were submitted simultaneously. * Wait a few minutes and submit your request again. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.DeleteSigningCertificate * @see AWS * API Documentation */ DeleteSigningCertificateResult deleteSigningCertificate(DeleteSigningCertificateRequest deleteSigningCertificateRequest); /** * * Deletes the specified IAM user. Unlike the Amazon Web Services Management Console, when you delete a user * programmatically, you must delete the items attached to the user manually, or the deletion fails. For more * information, see Deleting an * IAM user. Before attempting to delete a user, remove the following items: * * * * * Password (DeleteLoginProfile) * * * * * Access keys (DeleteAccessKey) * * * * * Signing certificate (DeleteSigningCertificate) * * * * * SSH public key (DeleteSSHPublicKey) * * * * * Git credentials (DeleteServiceSpecificCredential) * * * * * Multi-factor authentication (MFA) device (DeactivateMFADevice, DeleteVirtualMFADevice) * * * * * Inline policies (DeleteUserPolicy) * * * * * Attached managed policies (DetachUserPolicy) * * * * * Group memberships (RemoveUserFromGroup) * * * * * @param deleteUserRequest * @return Result of the DeleteUser operation returned by the service. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account limits. The error message describes the limit exceeded. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws DeleteConflictException * The request was rejected because it attempted to delete a resource that has attached subordinate * entities. The error message describes these entities. * @throws ConcurrentModificationException * The request was rejected because multiple requests to change this object were submitted simultaneously. * Wait a few minutes and submit your request again. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.DeleteUser * @see AWS API * Documentation */ DeleteUserResult deleteUser(DeleteUserRequest deleteUserRequest); /** * * Deletes the permissions boundary for the specified IAM user. * * * * Deleting the permissions boundary for a user might increase its permissions by allowing the user to perform all * the actions granted in its permissions policies. * * * * @param deleteUserPermissionsBoundaryRequest * @return Result of the DeleteUserPermissionsBoundary operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.DeleteUserPermissionsBoundary * @see AWS API Documentation */ DeleteUserPermissionsBoundaryResult deleteUserPermissionsBoundary(DeleteUserPermissionsBoundaryRequest deleteUserPermissionsBoundaryRequest); /** * * Deletes the specified inline policy that is embedded in the specified IAM user. * * * A user can also have managed policies attached to it. To detach a managed policy from a user, use * DetachUserPolicy. For more information about policies, refer to Managed policies and * inline policies in the IAM User Guide. * * * @param deleteUserPolicyRequest * @return Result of the DeleteUserPolicy operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account limits. The error message describes the limit exceeded. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.DeleteUserPolicy * @see AWS API * Documentation */ DeleteUserPolicyResult deleteUserPolicy(DeleteUserPolicyRequest deleteUserPolicyRequest); /** * * Deletes a virtual MFA device. * * * * You must deactivate a user's virtual MFA device before you can delete it. For information about deactivating MFA * devices, see DeactivateMFADevice. * * * * @param deleteVirtualMFADeviceRequest * @return Result of the DeleteVirtualMFADevice operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws DeleteConflictException * The request was rejected because it attempted to delete a resource that has attached subordinate * entities. The error message describes these entities. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account limits. The error message describes the limit exceeded. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @throws ConcurrentModificationException * The request was rejected because multiple requests to change this object were submitted simultaneously. * Wait a few minutes and submit your request again. * @sample AmazonIdentityManagement.DeleteVirtualMFADevice * @see AWS API * Documentation */ DeleteVirtualMFADeviceResult deleteVirtualMFADevice(DeleteVirtualMFADeviceRequest deleteVirtualMFADeviceRequest); /** * * Removes the specified managed policy from the specified IAM group. * * * A group can also have inline policies embedded with it. To delete an inline policy, use DeleteGroupPolicy. * For information about policies, see Managed policies and * inline policies in the IAM User Guide. * * * @param detachGroupPolicyRequest * @return Result of the DetachGroupPolicy operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account limits. The error message describes the limit exceeded. * @throws InvalidInputException * The request was rejected because an invalid or out-of-range value was supplied for an input parameter. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.DetachGroupPolicy * @see AWS API * Documentation */ DetachGroupPolicyResult detachGroupPolicy(DetachGroupPolicyRequest detachGroupPolicyRequest); /** * * Removes the specified managed policy from the specified role. * * * A role can also have inline policies embedded with it. To delete an inline policy, use DeleteRolePolicy. * For information about policies, see Managed policies and * inline policies in the IAM User Guide. * * * @param detachRolePolicyRequest * @return Result of the DetachRolePolicy operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account limits. The error message describes the limit exceeded. * @throws InvalidInputException * The request was rejected because an invalid or out-of-range value was supplied for an input parameter. * @throws UnmodifiableEntityException * The request was rejected because service-linked roles are protected Amazon Web Services resources. Only * the service that depends on the service-linked role can modify or delete the role on your behalf. The * error message includes the name of the service that depends on this service-linked role. You must request * the change through that service. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.DetachRolePolicy * @see AWS API * Documentation */ DetachRolePolicyResult detachRolePolicy(DetachRolePolicyRequest detachRolePolicyRequest); /** * * Removes the specified managed policy from the specified user. * * * A user can also have inline policies embedded with it. To delete an inline policy, use DeleteUserPolicy. * For information about policies, see Managed policies and * inline policies in the IAM User Guide. * * * @param detachUserPolicyRequest * @return Result of the DetachUserPolicy operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account limits. The error message describes the limit exceeded. * @throws InvalidInputException * The request was rejected because an invalid or out-of-range value was supplied for an input parameter. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.DetachUserPolicy * @see AWS API * Documentation */ DetachUserPolicyResult detachUserPolicy(DetachUserPolicyRequest detachUserPolicyRequest); /** * * Enables the specified MFA device and associates it with the specified IAM user. When enabled, the MFA device is * required for every subsequent login by the IAM user associated with the device. * * * @param enableMFADeviceRequest * @return Result of the EnableMFADevice operation returned by the service. * @throws EntityAlreadyExistsException * The request was rejected because it attempted to create a resource that already exists. * @throws EntityTemporarilyUnmodifiableException * The request was rejected because it referenced an entity that is temporarily unmodifiable, such as a user * name that was deleted and then recreated. The error indicates that the request is likely to succeed if * you try again after waiting several minutes. The error message describes the entity. * @throws InvalidAuthenticationCodeException * The request was rejected because the authentication code was not recognized. The error message describes * the specific error. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account limits. The error message describes the limit exceeded. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @throws ConcurrentModificationException * The request was rejected because multiple requests to change this object were submitted simultaneously. * Wait a few minutes and submit your request again. * @sample AmazonIdentityManagement.EnableMFADevice * @see AWS API * Documentation */ EnableMFADeviceResult enableMFADevice(EnableMFADeviceRequest enableMFADeviceRequest); /** * * Generates a credential report for the Amazon Web Services account. For more information about the credential * report, see Getting credential * reports in the IAM User Guide. * * * @param generateCredentialReportRequest * @return Result of the GenerateCredentialReport operation returned by the service. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account limits. The error message describes the limit exceeded. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.GenerateCredentialReport * @see AWS * API Documentation */ GenerateCredentialReportResult generateCredentialReport(GenerateCredentialReportRequest generateCredentialReportRequest); /** * Simplified method form for invoking the GenerateCredentialReport operation. * * @see #generateCredentialReport(GenerateCredentialReportRequest) */ GenerateCredentialReportResult generateCredentialReport(); /** * * Generates a report for service last accessed data for Organizations. You can generate a report for any entities * (organization root, organizational unit, or account) or policies in your organization. * * * To call this operation, you must be signed in using your Organizations management account credentials. You can * use your long-term IAM user or root user credentials, or temporary credentials from assuming an IAM role. SCPs * must be enabled for your organization root. You must have the required IAM and Organizations permissions. For * more information, see Refining permissions * using service last accessed data in the IAM User Guide. * * * You can generate a service last accessed data report for entities by specifying only the entity's path. This data * includes a list of services that are allowed by any service control policies (SCPs) that apply to the entity. * * * You can generate a service last accessed data report for a policy by specifying an entity's path and an optional * Organizations policy ID. This data includes a list of services that are allowed by the specified SCP. * * * For each service in both report types, the data includes the most recent account activity that the policy allows * to account principals in the entity or the entity's children. For important information about the data, reporting * period, permissions required, troubleshooting, and supported Regions see Reducing permissions * using service last accessed data in the IAM User Guide. * * * * The data includes all attempts to access Amazon Web Services, not just the successful ones. This includes all * attempts that were made using the Amazon Web Services Management Console, the Amazon Web Services API through any * of the SDKs, or any of the command line tools. An unexpected entry in the service last accessed data does not * mean that an account has been compromised, because the request might have been denied. Refer to your CloudTrail * logs as the authoritative source for information about all API calls and whether they were successful or denied * access. For more information, see Logging IAM events with * CloudTrail in the IAM User Guide. * * * * This operation returns a JobId. Use this parameter in the * GetOrganizationsAccessReport operation to check the status of the report generation. To * check the status of this request, use the JobId parameter in the * GetOrganizationsAccessReport operation and test the JobStatus response * parameter. When the job is complete, you can retrieve the report. * * * To generate a service last accessed data report for entities, specify an entity path without specifying the * optional Organizations policy ID. The type of entity that you specify determines the data returned in the report. * * * * * Root – When you specify the organizations root as the entity, the resulting report lists all of the * services allowed by SCPs that are attached to your root. For each service, the report includes data for all * accounts in your organization except the management account, because the management account is not limited by * SCPs. * * * * * OU – When you specify an organizational unit (OU) as the entity, the resulting report lists all of the * services allowed by SCPs that are attached to the OU and its parents. For each service, the report includes data * for all accounts in the OU or its children. This data excludes the management account, because the management * account is not limited by SCPs. * * * * * management account – When you specify the management account, the resulting report lists all Amazon Web * Services services, because the management account is not limited by SCPs. For each service, the report includes * data for only the management account. * * * * * Account – When you specify another account as the entity, the resulting report lists all of the services * allowed by SCPs that are attached to the account and its parents. For each service, the report includes data for * only the specified account. * * * * * To generate a service last accessed data report for policies, specify an entity path and the optional * Organizations policy ID. The type of entity that you specify determines the data returned for each service. * * * * * Root – When you specify the root entity and a policy ID, the resulting report lists all of the services * that are allowed by the specified SCP. For each service, the report includes data for all accounts in your * organization to which the SCP applies. This data excludes the management account, because the management account * is not limited by SCPs. If the SCP is not attached to any entities in the organization, then the report will * return a list of services with no data. * * * * * OU – When you specify an OU entity and a policy ID, the resulting report lists all of the services that * are allowed by the specified SCP. For each service, the report includes data for all accounts in the OU or its * children to which the SCP applies. This means that other accounts outside the OU that are affected by the SCP * might not be included in the data. This data excludes the management account, because the management account is * not limited by SCPs. If the SCP is not attached to the OU or one of its children, the report will return a list * of services with no data. * * * * * management account – When you specify the management account, the resulting report lists all Amazon Web * Services services, because the management account is not limited by SCPs. If you specify a policy ID in the CLI * or API, the policy is ignored. For each service, the report includes data for only the management account. * * * * * Account – When you specify another account entity and a policy ID, the resulting report lists all of the * services that are allowed by the specified SCP. For each service, the report includes data for only the specified * account. This means that other accounts in the organization that are affected by the SCP might not be included in * the data. If the SCP is not attached to the account, the report will return a list of services with no data. * * * * * * Service last accessed data does not use other policy types when determining whether a principal could access a * service. These other policy types include identity-based policies, resource-based policies, access control lists, * IAM permissions boundaries, and STS assume role policies. It only applies SCP logic. For more about the * evaluation of policy types, see Evaluating policies in the IAM User Guide. * * * * For more information about service last accessed data, see Reducing policy scope * by viewing user activity in the IAM User Guide. * * * @param generateOrganizationsAccessReportRequest * @return Result of the GenerateOrganizationsAccessReport operation returned by the service. * @throws ReportGenerationLimitExceededException * The request failed because the maximum number of concurrent requests for this account are already * running. * @sample AmazonIdentityManagement.GenerateOrganizationsAccessReport * @see AWS API Documentation */ GenerateOrganizationsAccessReportResult generateOrganizationsAccessReport(GenerateOrganizationsAccessReportRequest generateOrganizationsAccessReportRequest); /** * * Generates a report that includes details about when an IAM resource (user, group, role, or policy) was last used * in an attempt to access Amazon Web Services services. Recent activity usually appears within four hours. IAM * reports activity for at least the last 400 days, or less if your Region began supporting this feature within the * last year. For more information, see Regions where data is tracked. For more information about services and actions for which action last * accessed information is displayed, see IAM * action last accessed information services and actions. * * * * The service last accessed data includes all attempts to access an Amazon Web Services API, not just the * successful ones. This includes all attempts that were made using the Amazon Web Services Management Console, the * Amazon Web Services API through any of the SDKs, or any of the command line tools. An unexpected entry in the * service last accessed data does not mean that your account has been compromised, because the request might have * been denied. Refer to your CloudTrail logs as the authoritative source for information about all API calls and * whether they were successful or denied access. For more information, see Logging IAM events with * CloudTrail in the IAM User Guide. * * * * The GenerateServiceLastAccessedDetails operation returns a JobId. Use this parameter in * the following operations to retrieve the following details from your report: * * * * * GetServiceLastAccessedDetails – Use this operation for users, groups, roles, or policies to list every * Amazon Web Services service that the resource could access using permissions policies. For each service, the * response includes information about the most recent access attempt. * * * The JobId returned by GenerateServiceLastAccessedDetail must be used by the same role * within a session, or by the same user when used to call GetServiceLastAccessedDetail. * * * * * GetServiceLastAccessedDetailsWithEntities – Use this operation for groups and policies to list information * about the associated entities (users or roles) that attempted to access a specific Amazon Web Services service. * * * * * To check the status of the GenerateServiceLastAccessedDetails request, use the JobId * parameter in the same operations and test the JobStatus response parameter. * * * For additional information about the permissions policies that allow an identity (user, group, or role) to access * specific services, use the ListPoliciesGrantingServiceAccess operation. * * * * Service last accessed data does not use other policy types when determining whether a resource could access a * service. These other policy types include resource-based policies, access control lists, Organizations policies, * IAM permissions boundaries, and STS assume role policies. It only applies permissions policy logic. For more * about the evaluation of policy types, see Evaluating policies in the IAM User Guide. * * * * For more information about service and action last accessed data, see Reducing permissions * using service last accessed data in the IAM User Guide. * * * @param generateServiceLastAccessedDetailsRequest * @return Result of the GenerateServiceLastAccessedDetails operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws InvalidInputException * The request was rejected because an invalid or out-of-range value was supplied for an input parameter. * @sample AmazonIdentityManagement.GenerateServiceLastAccessedDetails * @see AWS API Documentation */ GenerateServiceLastAccessedDetailsResult generateServiceLastAccessedDetails( GenerateServiceLastAccessedDetailsRequest generateServiceLastAccessedDetailsRequest); /** * * Retrieves information about when the specified access key was last used. The information includes the date and * time of last use, along with the Amazon Web Services service and Region that were specified in the last request * made with that key. * * * @param getAccessKeyLastUsedRequest * @return Result of the GetAccessKeyLastUsed operation returned by the service. * @sample AmazonIdentityManagement.GetAccessKeyLastUsed * @see AWS API * Documentation */ GetAccessKeyLastUsedResult getAccessKeyLastUsed(GetAccessKeyLastUsedRequest getAccessKeyLastUsedRequest); /** * * Retrieves information about all IAM users, groups, roles, and policies in your Amazon Web Services account, * including their relationships to one another. Use this operation to obtain a snapshot of the configuration of IAM * permissions (users, groups, roles, and policies) in your account. * * * * Policies returned by this operation are URL-encoded compliant with RFC 3986. You can use a URL decoding method to convert the policy * back to plain JSON text. For example, if you use Java, you can use the decode method of the * java.net.URLDecoder utility class in the Java SDK. Other languages and SDKs provide similar * functionality. * * * * You can optionally filter the results using the Filter parameter. You can paginate the results using * the MaxItems and Marker parameters. * * * @param getAccountAuthorizationDetailsRequest * @return Result of the GetAccountAuthorizationDetails operation returned by the service. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.GetAccountAuthorizationDetails * @see AWS API Documentation */ GetAccountAuthorizationDetailsResult getAccountAuthorizationDetails(GetAccountAuthorizationDetailsRequest getAccountAuthorizationDetailsRequest); /** * Simplified method form for invoking the GetAccountAuthorizationDetails operation. * * @see #getAccountAuthorizationDetails(GetAccountAuthorizationDetailsRequest) */ GetAccountAuthorizationDetailsResult getAccountAuthorizationDetails(); /** * * Retrieves the password policy for the Amazon Web Services account. This tells you the complexity requirements and * mandatory rotation periods for the IAM user passwords in your account. For more information about using a * password policy, see Managing an IAM * password policy. * * * @param getAccountPasswordPolicyRequest * @return Result of the GetAccountPasswordPolicy operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.GetAccountPasswordPolicy * @see AWS * API Documentation */ GetAccountPasswordPolicyResult getAccountPasswordPolicy(GetAccountPasswordPolicyRequest getAccountPasswordPolicyRequest); /** * Simplified method form for invoking the GetAccountPasswordPolicy operation. * * @see #getAccountPasswordPolicy(GetAccountPasswordPolicyRequest) */ GetAccountPasswordPolicyResult getAccountPasswordPolicy(); /** * * Retrieves information about IAM entity usage and IAM quotas in the Amazon Web Services account. * * * For information about IAM quotas, see IAM and STS quotas in the * IAM User Guide. * * * @param getAccountSummaryRequest * @return Result of the GetAccountSummary operation returned by the service. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.GetAccountSummary * @see AWS API * Documentation */ GetAccountSummaryResult getAccountSummary(GetAccountSummaryRequest getAccountSummaryRequest); /** * Simplified method form for invoking the GetAccountSummary operation. * * @see #getAccountSummary(GetAccountSummaryRequest) */ GetAccountSummaryResult getAccountSummary(); /** * * Gets a list of all of the context keys referenced in the input policies. The policies are supplied as a list of * one or more strings. To get the context keys from policies associated with an IAM user, group, or role, use * GetContextKeysForPrincipalPolicy. * * * Context keys are variables maintained by Amazon Web Services and its services that provide details about the * context of an API query request. Context keys can be evaluated by testing against a value specified in an IAM * policy. Use GetContextKeysForCustomPolicy to understand what key names and values you must supply * when you call SimulateCustomPolicy. Note that all parameters are shown in unencoded form here for clarity * but must be URL encoded to be included as a part of a real HTML request. * * * @param getContextKeysForCustomPolicyRequest * @return Result of the GetContextKeysForCustomPolicy operation returned by the service. * @throws InvalidInputException * The request was rejected because an invalid or out-of-range value was supplied for an input parameter. * @sample AmazonIdentityManagement.GetContextKeysForCustomPolicy * @see AWS API Documentation */ GetContextKeysForCustomPolicyResult getContextKeysForCustomPolicy(GetContextKeysForCustomPolicyRequest getContextKeysForCustomPolicyRequest); /** * * Gets a list of all of the context keys referenced in all the IAM policies that are attached to the specified IAM * entity. The entity can be an IAM user, group, or role. If you specify a user, then the request also includes all * of the policies attached to groups that the user is a member of. * * * You can optionally include a list of one or more additional policies, specified as strings. If you want to * include only a list of policies by string, use GetContextKeysForCustomPolicy instead. * * * Note: This operation discloses information about the permissions granted to other users. If you do not * want users to see other user's permissions, then consider allowing them to use * GetContextKeysForCustomPolicy instead. * * * Context keys are variables maintained by Amazon Web Services and its services that provide details about the * context of an API query request. Context keys can be evaluated by testing against a value in an IAM policy. Use * GetContextKeysForPrincipalPolicy to understand what key names and values you must supply when you call * SimulatePrincipalPolicy. * * * @param getContextKeysForPrincipalPolicyRequest * @return Result of the GetContextKeysForPrincipalPolicy operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws InvalidInputException * The request was rejected because an invalid or out-of-range value was supplied for an input parameter. * @sample AmazonIdentityManagement.GetContextKeysForPrincipalPolicy * @see AWS API Documentation */ GetContextKeysForPrincipalPolicyResult getContextKeysForPrincipalPolicy(GetContextKeysForPrincipalPolicyRequest getContextKeysForPrincipalPolicyRequest); /** * * Retrieves a credential report for the Amazon Web Services account. For more information about the credential * report, see Getting credential * reports in the IAM User Guide. * * * @param getCredentialReportRequest * @return Result of the GetCredentialReport operation returned by the service. * @throws CredentialReportNotPresentException * The request was rejected because the credential report does not exist. To generate a credential report, * use GenerateCredentialReport. * @throws CredentialReportExpiredException * The request was rejected because the most recent credential report has expired. To generate a new * credential report, use GenerateCredentialReport. For more information about credential report * expiration, see Getting credential * reports in the IAM User Guide. * @throws CredentialReportNotReadyException * The request was rejected because the credential report is still being generated. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.GetCredentialReport * @see AWS API * Documentation */ GetCredentialReportResult getCredentialReport(GetCredentialReportRequest getCredentialReportRequest); /** * Simplified method form for invoking the GetCredentialReport operation. * * @see #getCredentialReport(GetCredentialReportRequest) */ GetCredentialReportResult getCredentialReport(); /** * * Returns a list of IAM users that are in the specified IAM group. You can paginate the results using the * MaxItems and Marker parameters. * * * @param getGroupRequest * @return Result of the GetGroup operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.GetGroup * @see AWS API * Documentation */ GetGroupResult getGroup(GetGroupRequest getGroupRequest); /** * * Retrieves the specified inline policy document that is embedded in the specified IAM group. * * * * Policies returned by this operation are URL-encoded compliant with RFC 3986. You can use a URL decoding method to convert the policy * back to plain JSON text. For example, if you use Java, you can use the decode method of the * java.net.URLDecoder utility class in the Java SDK. Other languages and SDKs provide similar * functionality. * * * * An IAM group can also have managed policies attached to it. To retrieve a managed policy document that is * attached to a group, use GetPolicy to determine the policy's default version, then use * GetPolicyVersion to retrieve the policy document. * * * For more information about policies, see Managed policies and * inline policies in the IAM User Guide. * * * @param getGroupPolicyRequest * @return Result of the GetGroupPolicy operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.GetGroupPolicy * @see AWS API * Documentation */ GetGroupPolicyResult getGroupPolicy(GetGroupPolicyRequest getGroupPolicyRequest); /** * * Retrieves information about the specified instance profile, including the instance profile's path, GUID, ARN, and * role. For more information about instance profiles, see Using * instance profiles in the IAM User Guide. * * * @param getInstanceProfileRequest * @return Result of the GetInstanceProfile operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.GetInstanceProfile * @see AWS API * Documentation */ GetInstanceProfileResult getInstanceProfile(GetInstanceProfileRequest getInstanceProfileRequest); /** * * Retrieves the user name for the specified IAM user. A login profile is created when you create a password for the * user to access the Amazon Web Services Management Console. If the user does not exist or does not have a * password, the operation returns a 404 (NoSuchEntity) error. * * * If you create an IAM user with access to the console, the CreateDate reflects the date you created * the initial password for the user. * * * If you create an IAM user with programmatic access, and then later add a password for the user to access the * Amazon Web Services Management Console, the CreateDate reflects the initial password creation date. * A user with programmatic access does not have a login profile unless you create a password for the user to access * the Amazon Web Services Management Console. * * * @param getLoginProfileRequest * @return Result of the GetLoginProfile operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.GetLoginProfile * @see AWS API * Documentation */ GetLoginProfileResult getLoginProfile(GetLoginProfileRequest getLoginProfileRequest); /** * * Retrieves information about an MFA device for a specified user. * * * @param getMFADeviceRequest * @return Result of the GetMFADevice operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.GetMFADevice * @see AWS API * Documentation */ GetMFADeviceResult getMFADevice(GetMFADeviceRequest getMFADeviceRequest); /** * * Returns information about the specified OpenID Connect (OIDC) provider resource object in IAM. * * * @param getOpenIDConnectProviderRequest * @return Result of the GetOpenIDConnectProvider operation returned by the service. * @throws InvalidInputException * The request was rejected because an invalid or out-of-range value was supplied for an input parameter. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.GetOpenIDConnectProvider * @see AWS * API Documentation */ GetOpenIDConnectProviderResult getOpenIDConnectProvider(GetOpenIDConnectProviderRequest getOpenIDConnectProviderRequest); /** * * Retrieves the service last accessed data report for Organizations that was previously generated using the * GenerateOrganizationsAccessReport operation. This operation retrieves the status of your * report job and the report contents. * * * Depending on the parameters that you passed when you generated the report, the data returned could include * different information. For details, see GenerateOrganizationsAccessReport. * * * To call this operation, you must be signed in to the management account in your organization. SCPs must be * enabled for your organization root. You must have permissions to perform this operation. For more information, * see Refining * permissions using service last accessed data in the IAM User Guide. * * * For each service that principals in an account (root user, IAM users, or IAM roles) could access using SCPs, the * operation returns details about the most recent access attempt. If there was no attempt, the service is listed * without details about the most recent attempt to access the service. If the operation fails, it returns the * reason that it failed. * * * By default, the list is sorted by service namespace. * * * @param getOrganizationsAccessReportRequest * @return Result of the GetOrganizationsAccessReport operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @sample AmazonIdentityManagement.GetOrganizationsAccessReport * @see AWS API Documentation */ GetOrganizationsAccessReportResult getOrganizationsAccessReport(GetOrganizationsAccessReportRequest getOrganizationsAccessReportRequest); /** * * Retrieves information about the specified managed policy, including the policy's default version and the total * number of IAM users, groups, and roles to which the policy is attached. To retrieve the list of the specific * users, groups, and roles that the policy is attached to, use ListEntitiesForPolicy. This operation returns * metadata about the policy. To retrieve the actual policy document for a specific version of the policy, use * GetPolicyVersion. * * * This operation retrieves information about managed policies. To retrieve information about an inline policy that * is embedded with an IAM user, group, or role, use GetUserPolicy, GetGroupPolicy, or * GetRolePolicy. * * * For more information about policies, see Managed policies and * inline policies in the IAM User Guide. * * * @param getPolicyRequest * @return Result of the GetPolicy operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws InvalidInputException * The request was rejected because an invalid or out-of-range value was supplied for an input parameter. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.GetPolicy * @see AWS API * Documentation */ GetPolicyResult getPolicy(GetPolicyRequest getPolicyRequest); /** * * Retrieves information about the specified version of the specified managed policy, including the policy document. * * * * Policies returned by this operation are URL-encoded compliant with RFC 3986. You can use a URL decoding method to convert the policy * back to plain JSON text. For example, if you use Java, you can use the decode method of the * java.net.URLDecoder utility class in the Java SDK. Other languages and SDKs provide similar * functionality. * * * * To list the available versions for a policy, use ListPolicyVersions. * * * This operation retrieves information about managed policies. To retrieve information about an inline policy that * is embedded in a user, group, or role, use GetUserPolicy, GetGroupPolicy, or GetRolePolicy. * * * For more information about the types of policies, see Managed policies and * inline policies in the IAM User Guide. * * * For more information about managed policy versions, see Versioning for managed * policies in the IAM User Guide. * * * @param getPolicyVersionRequest * @return Result of the GetPolicyVersion operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws InvalidInputException * The request was rejected because an invalid or out-of-range value was supplied for an input parameter. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.GetPolicyVersion * @see AWS API * Documentation */ GetPolicyVersionResult getPolicyVersion(GetPolicyVersionRequest getPolicyVersionRequest); /** * * Retrieves information about the specified role, including the role's path, GUID, ARN, and the role's trust policy * that grants permission to assume the role. For more information about roles, see IAM roles in the IAM User Guide. * * * * Policies returned by this operation are URL-encoded compliant with RFC 3986. You can use a URL decoding method to convert the policy * back to plain JSON text. For example, if you use Java, you can use the decode method of the * java.net.URLDecoder utility class in the Java SDK. Other languages and SDKs provide similar * functionality. * * * * @param getRoleRequest * @return Result of the GetRole operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.GetRole * @see AWS API * Documentation */ GetRoleResult getRole(GetRoleRequest getRoleRequest); /** * * Retrieves the specified inline policy document that is embedded with the specified IAM role. * * * * Policies returned by this operation are URL-encoded compliant with RFC 3986. You can use a URL decoding method to convert the policy * back to plain JSON text. For example, if you use Java, you can use the decode method of the * java.net.URLDecoder utility class in the Java SDK. Other languages and SDKs provide similar * functionality. * * * * An IAM role can also have managed policies attached to it. To retrieve a managed policy document that is attached * to a role, use GetPolicy to determine the policy's default version, then use GetPolicyVersion to * retrieve the policy document. * * * For more information about policies, see Managed policies and * inline policies in the IAM User Guide. * * * For more information about roles, see IAM roles in the IAM User Guide. * * * @param getRolePolicyRequest * @return Result of the GetRolePolicy operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.GetRolePolicy * @see AWS API * Documentation */ GetRolePolicyResult getRolePolicy(GetRolePolicyRequest getRolePolicyRequest); /** * * Returns the SAML provider metadocument that was uploaded when the IAM SAML provider resource object was created * or updated. * * * * This operation requires Signature Version 4. * * * * @param getSAMLProviderRequest * @return Result of the GetSAMLProvider operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws InvalidInputException * The request was rejected because an invalid or out-of-range value was supplied for an input parameter. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.GetSAMLProvider * @see AWS API * Documentation */ GetSAMLProviderResult getSAMLProvider(GetSAMLProviderRequest getSAMLProviderRequest); /** * * Retrieves the specified SSH public key, including metadata about the key. * * * The SSH public key retrieved by this operation is used only for authenticating the associated IAM user to an * CodeCommit repository. For more information about using SSH keys to authenticate to an CodeCommit repository, see * Set up * CodeCommit for SSH connections in the CodeCommit User Guide. * * * @param getSSHPublicKeyRequest * @return Result of the GetSSHPublicKey operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws UnrecognizedPublicKeyEncodingException * The request was rejected because the public key encoding format is unsupported or unrecognized. * @sample AmazonIdentityManagement.GetSSHPublicKey * @see AWS API * Documentation */ GetSSHPublicKeyResult getSSHPublicKey(GetSSHPublicKeyRequest getSSHPublicKeyRequest); /** * * Retrieves information about the specified server certificate stored in IAM. * * * For more information about working with server certificates, see Working with server * certificates in the IAM User Guide. This topic includes a list of Amazon Web Services services that * can use the server certificates that you manage with IAM. * * * @param getServerCertificateRequest * @return Result of the GetServerCertificate operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.GetServerCertificate * @see AWS API * Documentation */ GetServerCertificateResult getServerCertificate(GetServerCertificateRequest getServerCertificateRequest); /** * * Retrieves a service last accessed report that was created using the * GenerateServiceLastAccessedDetails operation. You can use the JobId parameter in * GetServiceLastAccessedDetails to retrieve the status of your report job. When the report is * complete, you can retrieve the generated report. The report includes a list of Amazon Web Services services that * the resource (user, group, role, or managed policy) can access. * * * * Service last accessed data does not use other policy types when determining whether a resource could access a * service. These other policy types include resource-based policies, access control lists, Organizations policies, * IAM permissions boundaries, and STS assume role policies. It only applies permissions policy logic. For more * about the evaluation of policy types, see Evaluating policies in the IAM User Guide. * * * * For each service that the resource could access using permissions policies, the operation returns details about * the most recent access attempt. If there was no attempt, the service is listed without details about the most * recent attempt to access the service. If the operation fails, the GetServiceLastAccessedDetails * operation returns the reason that it failed. * * * The GetServiceLastAccessedDetails operation returns a list of services. This list includes the * number of entities that have attempted to access the service and the date and time of the last attempt. It also * returns the ARN of the following entity, depending on the resource ARN that you used to generate the report: * * * * * User – Returns the user ARN that you used to generate the report * * * * * Group – Returns the ARN of the group member (user) that last attempted to access the service * * * * * Role – Returns the role ARN that you used to generate the report * * * * * Policy – Returns the ARN of the user or role that last used the policy to attempt to access the service * * * * * By default, the list is sorted by service namespace. * * * If you specified ACTION_LEVEL granularity when you generated the report, this operation returns * service and action last accessed data. This includes the most recent access attempt for each tracked action * within a service. Otherwise, this operation returns only service data. * * * For more information about service and action last accessed data, see Reducing permissions * using service last accessed data in the IAM User Guide. * * * @param getServiceLastAccessedDetailsRequest * @return Result of the GetServiceLastAccessedDetails operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws InvalidInputException * The request was rejected because an invalid or out-of-range value was supplied for an input parameter. * @sample AmazonIdentityManagement.GetServiceLastAccessedDetails * @see AWS API Documentation */ GetServiceLastAccessedDetailsResult getServiceLastAccessedDetails(GetServiceLastAccessedDetailsRequest getServiceLastAccessedDetailsRequest); /** * * After you generate a group or policy report using the GenerateServiceLastAccessedDetails operation, * you can use the JobId parameter in GetServiceLastAccessedDetailsWithEntities. This * operation retrieves the status of your report job and a list of entities that could have used group or policy * permissions to access the specified service. * * * * * Group – For a group report, this operation returns a list of users in the group that could have used the * group’s policies in an attempt to access the service. * * * * * Policy – For a policy report, this operation returns a list of entities (users or roles) that could have * used the policy in an attempt to access the service. * * * * * You can also use this operation for user or role reports to retrieve details about those entities. * * * If the operation fails, the GetServiceLastAccessedDetailsWithEntities operation returns the reason * that it failed. * * * By default, the list of associated entities is sorted by date, with the most recent access listed first. * * * @param getServiceLastAccessedDetailsWithEntitiesRequest * @return Result of the GetServiceLastAccessedDetailsWithEntities operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws InvalidInputException * The request was rejected because an invalid or out-of-range value was supplied for an input parameter. * @sample AmazonIdentityManagement.GetServiceLastAccessedDetailsWithEntities * @see AWS API Documentation */ GetServiceLastAccessedDetailsWithEntitiesResult getServiceLastAccessedDetailsWithEntities( GetServiceLastAccessedDetailsWithEntitiesRequest getServiceLastAccessedDetailsWithEntitiesRequest); /** * * Retrieves the status of your service-linked role deletion. After you use DeleteServiceLinkedRole to submit * a service-linked role for deletion, you can use the DeletionTaskId parameter in * GetServiceLinkedRoleDeletionStatus to check the status of the deletion. If the deletion fails, this * operation returns the reason that it failed, if that information is returned by the service. * * * @param getServiceLinkedRoleDeletionStatusRequest * @return Result of the GetServiceLinkedRoleDeletionStatus operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws InvalidInputException * The request was rejected because an invalid or out-of-range value was supplied for an input parameter. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.GetServiceLinkedRoleDeletionStatus * @see AWS API Documentation */ GetServiceLinkedRoleDeletionStatusResult getServiceLinkedRoleDeletionStatus( GetServiceLinkedRoleDeletionStatusRequest getServiceLinkedRoleDeletionStatusRequest); /** * * Retrieves information about the specified IAM user, including the user's creation date, path, unique ID, and ARN. * * * If you do not specify a user name, IAM determines the user name implicitly based on the Amazon Web Services * access key ID used to sign the request to this operation. * * * @param getUserRequest * @return Result of the GetUser operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.GetUser * @see AWS API * Documentation */ GetUserResult getUser(GetUserRequest getUserRequest); /** * Simplified method form for invoking the GetUser operation. * * @see #getUser(GetUserRequest) */ GetUserResult getUser(); /** * * Retrieves the specified inline policy document that is embedded in the specified IAM user. * * * * Policies returned by this operation are URL-encoded compliant with RFC 3986. You can use a URL decoding method to convert the policy * back to plain JSON text. For example, if you use Java, you can use the decode method of the * java.net.URLDecoder utility class in the Java SDK. Other languages and SDKs provide similar * functionality. * * * * An IAM user can also have managed policies attached to it. To retrieve a managed policy document that is attached * to a user, use GetPolicy to determine the policy's default version. Then use GetPolicyVersion to * retrieve the policy document. * * * For more information about policies, see Managed policies and * inline policies in the IAM User Guide. * * * @param getUserPolicyRequest * @return Result of the GetUserPolicy operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.GetUserPolicy * @see AWS API * Documentation */ GetUserPolicyResult getUserPolicy(GetUserPolicyRequest getUserPolicyRequest); /** * * Returns information about the access key IDs associated with the specified IAM user. If there is none, the * operation returns an empty list. * * * Although each user is limited to a small number of keys, you can still paginate the results using the * MaxItems and Marker parameters. * * * If the UserName is not specified, the user name is determined implicitly based on the Amazon Web * Services access key ID used to sign the request. If a temporary access key is used, then UserName is * required. If a long-term key is assigned to the user, then UserName is not required. * * * This operation works for access keys under the Amazon Web Services account. If the Amazon Web Services account * has no associated users, the root user returns it's own access key IDs by running this command. * * * * To ensure the security of your Amazon Web Services account, the secret access key is accessible only during key * and user creation. * * * * @param listAccessKeysRequest * @return Result of the ListAccessKeys operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.ListAccessKeys * @see AWS API * Documentation */ ListAccessKeysResult listAccessKeys(ListAccessKeysRequest listAccessKeysRequest); /** * Simplified method form for invoking the ListAccessKeys operation. * * @see #listAccessKeys(ListAccessKeysRequest) */ ListAccessKeysResult listAccessKeys(); /** * * Lists the account alias associated with the Amazon Web Services account (Note: you can have only one). For * information about using an Amazon Web Services account alias, see Creating, deleting, and * listing an Amazon Web Services account alias in the Amazon Web Services Sign-In User Guide. * * * @param listAccountAliasesRequest * @return Result of the ListAccountAliases operation returned by the service. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.ListAccountAliases * @see AWS API * Documentation */ ListAccountAliasesResult listAccountAliases(ListAccountAliasesRequest listAccountAliasesRequest); /** * Simplified method form for invoking the ListAccountAliases operation. * * @see #listAccountAliases(ListAccountAliasesRequest) */ ListAccountAliasesResult listAccountAliases(); /** * * Lists all managed policies that are attached to the specified IAM group. * * * An IAM group can also have inline policies embedded with it. To list the inline policies for a group, use * ListGroupPolicies. For information about policies, see Managed policies and * inline policies in the IAM User Guide. * * * You can paginate the results using the MaxItems and Marker parameters. You can use the * PathPrefix parameter to limit the list of policies to only those matching the specified path prefix. * If there are no policies attached to the specified group (or none that match the specified path prefix), the * operation returns an empty list. * * * @param listAttachedGroupPoliciesRequest * @return Result of the ListAttachedGroupPolicies operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws InvalidInputException * The request was rejected because an invalid or out-of-range value was supplied for an input parameter. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.ListAttachedGroupPolicies * @see AWS * API Documentation */ ListAttachedGroupPoliciesResult listAttachedGroupPolicies(ListAttachedGroupPoliciesRequest listAttachedGroupPoliciesRequest); /** * * Lists all managed policies that are attached to the specified IAM role. * * * An IAM role can also have inline policies embedded with it. To list the inline policies for a role, use * ListRolePolicies. For information about policies, see Managed policies and * inline policies in the IAM User Guide. * * * You can paginate the results using the MaxItems and Marker parameters. You can use the * PathPrefix parameter to limit the list of policies to only those matching the specified path prefix. * If there are no policies attached to the specified role (or none that match the specified path prefix), the * operation returns an empty list. * * * @param listAttachedRolePoliciesRequest * @return Result of the ListAttachedRolePolicies operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws InvalidInputException * The request was rejected because an invalid or out-of-range value was supplied for an input parameter. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.ListAttachedRolePolicies * @see AWS * API Documentation */ ListAttachedRolePoliciesResult listAttachedRolePolicies(ListAttachedRolePoliciesRequest listAttachedRolePoliciesRequest); /** * * Lists all managed policies that are attached to the specified IAM user. * * * An IAM user can also have inline policies embedded with it. To list the inline policies for a user, use * ListUserPolicies. For information about policies, see Managed policies and * inline policies in the IAM User Guide. * * * You can paginate the results using the MaxItems and Marker parameters. You can use the * PathPrefix parameter to limit the list of policies to only those matching the specified path prefix. * If there are no policies attached to the specified group (or none that match the specified path prefix), the * operation returns an empty list. * * * @param listAttachedUserPoliciesRequest * @return Result of the ListAttachedUserPolicies operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws InvalidInputException * The request was rejected because an invalid or out-of-range value was supplied for an input parameter. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.ListAttachedUserPolicies * @see AWS * API Documentation */ ListAttachedUserPoliciesResult listAttachedUserPolicies(ListAttachedUserPoliciesRequest listAttachedUserPoliciesRequest); /** * * Lists all IAM users, groups, and roles that the specified managed policy is attached to. * * * You can use the optional EntityFilter parameter to limit the results to a particular type of entity * (users, groups, or roles). For example, to list only the roles that are attached to the specified policy, set * EntityFilter to Role. * * * You can paginate the results using the MaxItems and Marker parameters. * * * @param listEntitiesForPolicyRequest * @return Result of the ListEntitiesForPolicy operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws InvalidInputException * The request was rejected because an invalid or out-of-range value was supplied for an input parameter. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.ListEntitiesForPolicy * @see AWS API * Documentation */ ListEntitiesForPolicyResult listEntitiesForPolicy(ListEntitiesForPolicyRequest listEntitiesForPolicyRequest); /** * * Lists the names of the inline policies that are embedded in the specified IAM group. * * * An IAM group can also have managed policies attached to it. To list the managed policies that are attached to a * group, use ListAttachedGroupPolicies. For more information about policies, see Managed policies and * inline policies in the IAM User Guide. * * * You can paginate the results using the MaxItems and Marker parameters. If there are no * inline policies embedded with the specified group, the operation returns an empty list. * * * @param listGroupPoliciesRequest * @return Result of the ListGroupPolicies operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.ListGroupPolicies * @see AWS API * Documentation */ ListGroupPoliciesResult listGroupPolicies(ListGroupPoliciesRequest listGroupPoliciesRequest); /** * * Lists the IAM groups that have the specified path prefix. * * * You can paginate the results using the MaxItems and Marker parameters. * * * @param listGroupsRequest * @return Result of the ListGroups operation returned by the service. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.ListGroups * @see AWS API * Documentation */ ListGroupsResult listGroups(ListGroupsRequest listGroupsRequest); /** * Simplified method form for invoking the ListGroups operation. * * @see #listGroups(ListGroupsRequest) */ ListGroupsResult listGroups(); /** * * Lists the IAM groups that the specified IAM user belongs to. * * * You can paginate the results using the MaxItems and Marker parameters. * * * @param listGroupsForUserRequest * @return Result of the ListGroupsForUser operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.ListGroupsForUser * @see AWS API * Documentation */ ListGroupsForUserResult listGroupsForUser(ListGroupsForUserRequest listGroupsForUserRequest); /** * * Lists the tags that are attached to the specified IAM instance profile. The returned list of tags is sorted by * tag key. For more information about tagging, see Tagging IAM resources in the IAM User * Guide. * * * @param listInstanceProfileTagsRequest * @return Result of the ListInstanceProfileTags operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.ListInstanceProfileTags * @see AWS * API Documentation */ ListInstanceProfileTagsResult listInstanceProfileTags(ListInstanceProfileTagsRequest listInstanceProfileTagsRequest); /** * * Lists the instance profiles that have the specified path prefix. If there are none, the operation returns an * empty list. For more information about instance profiles, see Using * instance profiles in the IAM User Guide. * * * * IAM resource-listing operations return a subset of the available attributes for the resource. For example, this * operation does not return tags, even though they are an attribute of the returned object. To view all of the * information for an instance profile, see GetInstanceProfile. * * * * You can paginate the results using the MaxItems and Marker parameters. * * * @param listInstanceProfilesRequest * @return Result of the ListInstanceProfiles operation returned by the service. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.ListInstanceProfiles * @see AWS API * Documentation */ ListInstanceProfilesResult listInstanceProfiles(ListInstanceProfilesRequest listInstanceProfilesRequest); /** * Simplified method form for invoking the ListInstanceProfiles operation. * * @see #listInstanceProfiles(ListInstanceProfilesRequest) */ ListInstanceProfilesResult listInstanceProfiles(); /** * * Lists the instance profiles that have the specified associated IAM role. If there are none, the operation returns * an empty list. For more information about instance profiles, go to Using * instance profiles in the IAM User Guide. * * * You can paginate the results using the MaxItems and Marker parameters. * * * @param listInstanceProfilesForRoleRequest * @return Result of the ListInstanceProfilesForRole operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.ListInstanceProfilesForRole * @see AWS API Documentation */ ListInstanceProfilesForRoleResult listInstanceProfilesForRole(ListInstanceProfilesForRoleRequest listInstanceProfilesForRoleRequest); /** * * Lists the tags that are attached to the specified IAM virtual multi-factor authentication (MFA) device. The * returned list of tags is sorted by tag key. For more information about tagging, see Tagging IAM resources in the IAM User * Guide. * * * @param listMFADeviceTagsRequest * @return Result of the ListMFADeviceTags operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws InvalidInputException * The request was rejected because an invalid or out-of-range value was supplied for an input parameter. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.ListMFADeviceTags * @see AWS API * Documentation */ ListMFADeviceTagsResult listMFADeviceTags(ListMFADeviceTagsRequest listMFADeviceTagsRequest); /** * * Lists the MFA devices for an IAM user. If the request includes a IAM user name, then this operation lists all the * MFA devices associated with the specified user. If you do not specify a user name, IAM determines the user name * implicitly based on the Amazon Web Services access key ID signing the request for this operation. * * * You can paginate the results using the MaxItems and Marker parameters. * * * @param listMFADevicesRequest * @return Result of the ListMFADevices operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.ListMFADevices * @see AWS API * Documentation */ ListMFADevicesResult listMFADevices(ListMFADevicesRequest listMFADevicesRequest); /** * Simplified method form for invoking the ListMFADevices operation. * * @see #listMFADevices(ListMFADevicesRequest) */ ListMFADevicesResult listMFADevices(); /** * * Lists the tags that are attached to the specified OpenID Connect (OIDC)-compatible identity provider. The * returned list of tags is sorted by tag key. For more information, see About web identity * federation. * * * For more information about tagging, see Tagging IAM resources in the IAM User * Guide. * * * @param listOpenIDConnectProviderTagsRequest * @return Result of the ListOpenIDConnectProviderTags operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @throws InvalidInputException * The request was rejected because an invalid or out-of-range value was supplied for an input parameter. * @sample AmazonIdentityManagement.ListOpenIDConnectProviderTags * @see AWS API Documentation */ ListOpenIDConnectProviderTagsResult listOpenIDConnectProviderTags(ListOpenIDConnectProviderTagsRequest listOpenIDConnectProviderTagsRequest); /** * * Lists information about the IAM OpenID Connect (OIDC) provider resource objects defined in the Amazon Web * Services account. * * * * IAM resource-listing operations return a subset of the available attributes for the resource. For example, this * operation does not return tags, even though they are an attribute of the returned object. To view all of the * information for an OIDC provider, see GetOpenIDConnectProvider. * * * * @param listOpenIDConnectProvidersRequest * @return Result of the ListOpenIDConnectProviders operation returned by the service. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.ListOpenIDConnectProviders * @see AWS * API Documentation */ ListOpenIDConnectProvidersResult listOpenIDConnectProviders(ListOpenIDConnectProvidersRequest listOpenIDConnectProvidersRequest); /** * Simplified method form for invoking the ListOpenIDConnectProviders operation. * * @see #listOpenIDConnectProviders(ListOpenIDConnectProvidersRequest) */ ListOpenIDConnectProvidersResult listOpenIDConnectProviders(); /** * * Lists all the managed policies that are available in your Amazon Web Services account, including your own * customer-defined managed policies and all Amazon Web Services managed policies. * * * You can filter the list of policies that is returned using the optional OnlyAttached, * Scope, and PathPrefix parameters. For example, to list only the customer managed * policies in your Amazon Web Services account, set Scope to Local. To list only Amazon * Web Services managed policies, set Scope to AWS. * * * You can paginate the results using the MaxItems and Marker parameters. * * * For more information about managed policies, see Managed policies and * inline policies in the IAM User Guide. * * * * IAM resource-listing operations return a subset of the available attributes for the resource. For example, this * operation does not return tags, even though they are an attribute of the returned object. To view all of the * information for a customer manged policy, see GetPolicy. * * * * @param listPoliciesRequest * @return Result of the ListPolicies operation returned by the service. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.ListPolicies * @see AWS API * Documentation */ ListPoliciesResult listPolicies(ListPoliciesRequest listPoliciesRequest); /** * Simplified method form for invoking the ListPolicies operation. * * @see #listPolicies(ListPoliciesRequest) */ ListPoliciesResult listPolicies(); /** * * Retrieves a list of policies that the IAM identity (user, group, or role) can use to access each specified * service. * * * * This operation does not use other policy types when determining whether a resource could access a service. These * other policy types include resource-based policies, access control lists, Organizations policies, IAM permissions * boundaries, and STS assume role policies. It only applies permissions policy logic. For more about the evaluation * of policy types, see Evaluating policies in the IAM User Guide. * * * * The list of policies returned by the operation depends on the ARN of the identity that you provide. * * * * * User – The list of policies includes the managed and inline policies that are attached to the user * directly. The list also includes any additional managed and inline policies that are attached to the group to * which the user belongs. * * * * * Group – The list of policies includes only the managed and inline policies that are attached to the group * directly. Policies that are attached to the group’s user are not included. * * * * * Role – The list of policies includes only the managed and inline policies that are attached to the role. * * * * * For each managed policy, this operation returns the ARN and policy name. For each inline policy, it returns the * policy name and the entity to which it is attached. Inline policies do not have an ARN. For more information * about these policy types, see Managed policies * and inline policies in the IAM User Guide. * * * Policies that are attached to users and roles as permissions boundaries are not returned. To view which managed * policy is currently used to set the permissions boundary for a user or role, use the GetUser or * GetRole operations. * * * @param listPoliciesGrantingServiceAccessRequest * @return Result of the ListPoliciesGrantingServiceAccess operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws InvalidInputException * The request was rejected because an invalid or out-of-range value was supplied for an input parameter. * @sample AmazonIdentityManagement.ListPoliciesGrantingServiceAccess * @see AWS API Documentation */ ListPoliciesGrantingServiceAccessResult listPoliciesGrantingServiceAccess(ListPoliciesGrantingServiceAccessRequest listPoliciesGrantingServiceAccessRequest); /** * * Lists the tags that are attached to the specified IAM customer managed policy. The returned list of tags is * sorted by tag key. For more information about tagging, see Tagging IAM resources in the IAM User * Guide. * * * @param listPolicyTagsRequest * @return Result of the ListPolicyTags operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @throws InvalidInputException * The request was rejected because an invalid or out-of-range value was supplied for an input parameter. * @sample AmazonIdentityManagement.ListPolicyTags * @see AWS API * Documentation */ ListPolicyTagsResult listPolicyTags(ListPolicyTagsRequest listPolicyTagsRequest); /** * * Lists information about the versions of the specified managed policy, including the version that is currently set * as the policy's default version. * * * For more information about managed policies, see Managed policies and * inline policies in the IAM User Guide. * * * @param listPolicyVersionsRequest * @return Result of the ListPolicyVersions operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws InvalidInputException * The request was rejected because an invalid or out-of-range value was supplied for an input parameter. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.ListPolicyVersions * @see AWS API * Documentation */ ListPolicyVersionsResult listPolicyVersions(ListPolicyVersionsRequest listPolicyVersionsRequest); /** * * Lists the names of the inline policies that are embedded in the specified IAM role. * * * An IAM role can also have managed policies attached to it. To list the managed policies that are attached to a * role, use ListAttachedRolePolicies. For more information about policies, see Managed policies and * inline policies in the IAM User Guide. * * * You can paginate the results using the MaxItems and Marker parameters. If there are no * inline policies embedded with the specified role, the operation returns an empty list. * * * @param listRolePoliciesRequest * @return Result of the ListRolePolicies operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.ListRolePolicies * @see AWS API * Documentation */ ListRolePoliciesResult listRolePolicies(ListRolePoliciesRequest listRolePoliciesRequest); /** * * Lists the tags that are attached to the specified role. The returned list of tags is sorted by tag key. For more * information about tagging, see Tagging * IAM resources in the IAM User Guide. * * * @param listRoleTagsRequest * @return Result of the ListRoleTags operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.ListRoleTags * @see AWS API * Documentation */ ListRoleTagsResult listRoleTags(ListRoleTagsRequest listRoleTagsRequest); /** * * Lists the IAM roles that have the specified path prefix. If there are none, the operation returns an empty list. * For more information about roles, see IAM roles in the IAM User Guide. * * * * IAM resource-listing operations return a subset of the available attributes for the resource. This operation does * not return the following attributes, even though they are an attribute of the returned object: * * * * * PermissionsBoundary * * * * * RoleLastUsed * * * * * Tags * * * * * To view all of the information for a role, see GetRole. * * * * You can paginate the results using the MaxItems and Marker parameters. * * * @param listRolesRequest * @return Result of the ListRoles operation returned by the service. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.ListRoles * @see AWS API * Documentation */ ListRolesResult listRoles(ListRolesRequest listRolesRequest); /** * Simplified method form for invoking the ListRoles operation. * * @see #listRoles(ListRolesRequest) */ ListRolesResult listRoles(); /** * * Lists the tags that are attached to the specified Security Assertion Markup Language (SAML) identity provider. * The returned list of tags is sorted by tag key. For more information, see About SAML 2.0-based * federation. * * * For more information about tagging, see Tagging IAM resources in the IAM User * Guide. * * * @param listSAMLProviderTagsRequest * @return Result of the ListSAMLProviderTags operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @throws InvalidInputException * The request was rejected because an invalid or out-of-range value was supplied for an input parameter. * @sample AmazonIdentityManagement.ListSAMLProviderTags * @see AWS API * Documentation */ ListSAMLProviderTagsResult listSAMLProviderTags(ListSAMLProviderTagsRequest listSAMLProviderTagsRequest); /** * * Lists the SAML provider resource objects defined in IAM in the account. IAM resource-listing operations return a * subset of the available attributes for the resource. For example, this operation does not return tags, even * though they are an attribute of the returned object. To view all of the information for a SAML provider, see * GetSAMLProvider. * * * * This operation requires Signature Version 4. * * * * @param listSAMLProvidersRequest * @return Result of the ListSAMLProviders operation returned by the service. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.ListSAMLProviders * @see AWS API * Documentation */ ListSAMLProvidersResult listSAMLProviders(ListSAMLProvidersRequest listSAMLProvidersRequest); /** * Simplified method form for invoking the ListSAMLProviders operation. * * @see #listSAMLProviders(ListSAMLProvidersRequest) */ ListSAMLProvidersResult listSAMLProviders(); /** * * Returns information about the SSH public keys associated with the specified IAM user. If none exists, the * operation returns an empty list. * * * The SSH public keys returned by this operation are used only for authenticating the IAM user to an CodeCommit * repository. For more information about using SSH keys to authenticate to an CodeCommit repository, see Set up CodeCommit * for SSH connections in the CodeCommit User Guide. * * * Although each user is limited to a small number of keys, you can still paginate the results using the * MaxItems and Marker parameters. * * * @param listSSHPublicKeysRequest * @return Result of the ListSSHPublicKeys operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @sample AmazonIdentityManagement.ListSSHPublicKeys * @see AWS API * Documentation */ ListSSHPublicKeysResult listSSHPublicKeys(ListSSHPublicKeysRequest listSSHPublicKeysRequest); /** * Simplified method form for invoking the ListSSHPublicKeys operation. * * @see #listSSHPublicKeys(ListSSHPublicKeysRequest) */ ListSSHPublicKeysResult listSSHPublicKeys(); /** * * Lists the tags that are attached to the specified IAM server certificate. The returned list of tags is sorted by * tag key. For more information about tagging, see Tagging IAM resources in the IAM User * Guide. * * * * For certificates in a Region supported by Certificate Manager (ACM), we recommend that you don't use IAM server * certificates. Instead, use ACM to provision, manage, and deploy your server certificates. For more information * about IAM server certificates, Working with server * certificates in the IAM User Guide. * * * * @param listServerCertificateTagsRequest * @return Result of the ListServerCertificateTags operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.ListServerCertificateTags * @see AWS * API Documentation */ ListServerCertificateTagsResult listServerCertificateTags(ListServerCertificateTagsRequest listServerCertificateTagsRequest); /** * * Lists the server certificates stored in IAM that have the specified path prefix. If none exist, the operation * returns an empty list. * * * You can paginate the results using the MaxItems and Marker parameters. * * * For more information about working with server certificates, see Working with server * certificates in the IAM User Guide. This topic also includes a list of Amazon Web Services services * that can use the server certificates that you manage with IAM. * * * * IAM resource-listing operations return a subset of the available attributes for the resource. For example, this * operation does not return tags, even though they are an attribute of the returned object. To view all of the * information for a servercertificate, see GetServerCertificate. * * * * @param listServerCertificatesRequest * @return Result of the ListServerCertificates operation returned by the service. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.ListServerCertificates * @see AWS API * Documentation */ ListServerCertificatesResult listServerCertificates(ListServerCertificatesRequest listServerCertificatesRequest); /** * Simplified method form for invoking the ListServerCertificates operation. * * @see #listServerCertificates(ListServerCertificatesRequest) */ ListServerCertificatesResult listServerCertificates(); /** * * Returns information about the service-specific credentials associated with the specified IAM user. If none * exists, the operation returns an empty list. The service-specific credentials returned by this operation are used * only for authenticating the IAM user to a specific service. For more information about using service-specific * credentials to authenticate to an Amazon Web Services service, see Set up service-specific * credentials in the CodeCommit User Guide. * * * @param listServiceSpecificCredentialsRequest * @return Result of the ListServiceSpecificCredentials operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws ServiceNotSupportedException * The specified service does not support service-specific credentials. * @sample AmazonIdentityManagement.ListServiceSpecificCredentials * @see AWS API Documentation */ ListServiceSpecificCredentialsResult listServiceSpecificCredentials(ListServiceSpecificCredentialsRequest listServiceSpecificCredentialsRequest); /** * * Returns information about the signing certificates associated with the specified IAM user. If none exists, the * operation returns an empty list. * * * Although each user is limited to a small number of signing certificates, you can still paginate the results using * the MaxItems and Marker parameters. * * * If the UserName field is not specified, the user name is determined implicitly based on the Amazon * Web Services access key ID used to sign the request for this operation. This operation works for access keys * under the Amazon Web Services account. Consequently, you can use this operation to manage Amazon Web Services * account root user credentials even if the Amazon Web Services account has no associated users. * * * @param listSigningCertificatesRequest * @return Result of the ListSigningCertificates operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.ListSigningCertificates * @see AWS * API Documentation */ ListSigningCertificatesResult listSigningCertificates(ListSigningCertificatesRequest listSigningCertificatesRequest); /** * Simplified method form for invoking the ListSigningCertificates operation. * * @see #listSigningCertificates(ListSigningCertificatesRequest) */ ListSigningCertificatesResult listSigningCertificates(); /** * * Lists the names of the inline policies embedded in the specified IAM user. * * * An IAM user can also have managed policies attached to it. To list the managed policies that are attached to a * user, use ListAttachedUserPolicies. For more information about policies, see Managed policies and * inline policies in the IAM User Guide. * * * You can paginate the results using the MaxItems and Marker parameters. If there are no * inline policies embedded with the specified user, the operation returns an empty list. * * * @param listUserPoliciesRequest * @return Result of the ListUserPolicies operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.ListUserPolicies * @see AWS API * Documentation */ ListUserPoliciesResult listUserPolicies(ListUserPoliciesRequest listUserPoliciesRequest); /** * * Lists the tags that are attached to the specified IAM user. The returned list of tags is sorted by tag key. For * more information about tagging, see Tagging IAM resources in the IAM User * Guide. * * * @param listUserTagsRequest * @return Result of the ListUserTags operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.ListUserTags * @see AWS API * Documentation */ ListUserTagsResult listUserTags(ListUserTagsRequest listUserTagsRequest); /** * * Lists the IAM users that have the specified path prefix. If no path prefix is specified, the operation returns * all users in the Amazon Web Services account. If there are none, the operation returns an empty list. * * * * IAM resource-listing operations return a subset of the available attributes for the resource. This operation does * not return the following attributes, even though they are an attribute of the returned object: * * * * * PermissionsBoundary * * * * * Tags * * * * * To view all of the information for a user, see GetUser. * * * * You can paginate the results using the MaxItems and Marker parameters. * * * @param listUsersRequest * @return Result of the ListUsers operation returned by the service. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.ListUsers * @see AWS API * Documentation */ ListUsersResult listUsers(ListUsersRequest listUsersRequest); /** * Simplified method form for invoking the ListUsers operation. * * @see #listUsers(ListUsersRequest) */ ListUsersResult listUsers(); /** * * Lists the virtual MFA devices defined in the Amazon Web Services account by assignment status. If you do not * specify an assignment status, the operation returns a list of all virtual MFA devices. Assignment status can be * Assigned, Unassigned, or Any. * * * * IAM resource-listing operations return a subset of the available attributes for the resource. For example, this * operation does not return tags, even though they are an attribute of the returned object. To view tag information * for a virtual MFA device, see ListMFADeviceTags. * * * * You can paginate the results using the MaxItems and Marker parameters. * * * @param listVirtualMFADevicesRequest * @return Result of the ListVirtualMFADevices operation returned by the service. * @sample AmazonIdentityManagement.ListVirtualMFADevices * @see AWS API * Documentation */ ListVirtualMFADevicesResult listVirtualMFADevices(ListVirtualMFADevicesRequest listVirtualMFADevicesRequest); /** * Simplified method form for invoking the ListVirtualMFADevices operation. * * @see #listVirtualMFADevices(ListVirtualMFADevicesRequest) */ ListVirtualMFADevicesResult listVirtualMFADevices(); /** * * Adds or updates an inline policy document that is embedded in the specified IAM group. * * * A user can also have managed policies attached to it. To attach a managed policy to a group, use * AttachGroupPolicy . To create a new managed policy, use CreatePolicy . * For information about policies, see Managed policies and * inline policies in the IAM User Guide. * * * For information about the maximum number of inline policies that you can embed in a group, see IAM and STS quotas in the * IAM User Guide. * * * * Because policy documents can be large, you should use POST rather than GET when calling * PutGroupPolicy. For general information about using the Query API with IAM, see Making query requests in the * IAM User Guide. * * * * @param putGroupPolicyRequest * @return Result of the PutGroupPolicy operation returned by the service. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account limits. The error message describes the limit exceeded. * @throws MalformedPolicyDocumentException * The request was rejected because the policy document was malformed. The error message describes the * specific error. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.PutGroupPolicy * @see AWS API * Documentation */ PutGroupPolicyResult putGroupPolicy(PutGroupPolicyRequest putGroupPolicyRequest); /** * * Adds or updates the policy that is specified as the IAM role's permissions boundary. You can use an Amazon Web * Services managed policy or a customer managed policy to set the boundary for a role. Use the boundary to control * the maximum permissions that the role can have. Setting a permissions boundary is an advanced feature that can * affect the permissions for the role. * * * You cannot set the boundary for a service-linked role. * * * * Policies used as permissions boundaries do not provide permissions. You must also attach a permissions policy to * the role. To learn how the effective permissions for a role are evaluated, see IAM JSON policy * evaluation logic in the IAM User Guide. * * * * @param putRolePermissionsBoundaryRequest * @return Result of the PutRolePermissionsBoundary operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws InvalidInputException * The request was rejected because an invalid or out-of-range value was supplied for an input parameter. * @throws UnmodifiableEntityException * The request was rejected because service-linked roles are protected Amazon Web Services resources. Only * the service that depends on the service-linked role can modify or delete the role on your behalf. The * error message includes the name of the service that depends on this service-linked role. You must request * the change through that service. * @throws PolicyNotAttachableException * The request failed because Amazon Web Services service role policies can only be attached to the * service-linked role for that service. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.PutRolePermissionsBoundary * @see AWS * API Documentation */ PutRolePermissionsBoundaryResult putRolePermissionsBoundary(PutRolePermissionsBoundaryRequest putRolePermissionsBoundaryRequest); /** * * Adds or updates an inline policy document that is embedded in the specified IAM role. * * * When you embed an inline policy in a role, the inline policy is used as part of the role's access (permissions) * policy. The role's trust policy is created at the same time as the role, using CreateRole . You * can update a role's trust policy using * UpdateAssumeRolePolicy . For more information about roles, see IAM roles in the IAM User * Guide. * * * A role can also have a managed policy attached to it. To attach a managed policy to a role, use * AttachRolePolicy . To create a new managed policy, use CreatePolicy . * For information about policies, see Managed policies and * inline policies in the IAM User Guide. * * * For information about the maximum number of inline policies that you can embed with a role, see IAM and STS quotas in the * IAM User Guide. * * * * Because policy documents can be large, you should use POST rather than GET when calling * PutRolePolicy. For general information about using the Query API with IAM, see Making query requests in the * IAM User Guide. * * * * @param putRolePolicyRequest * @return Result of the PutRolePolicy operation returned by the service. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account limits. The error message describes the limit exceeded. * @throws MalformedPolicyDocumentException * The request was rejected because the policy document was malformed. The error message describes the * specific error. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws UnmodifiableEntityException * The request was rejected because service-linked roles are protected Amazon Web Services resources. Only * the service that depends on the service-linked role can modify or delete the role on your behalf. The * error message includes the name of the service that depends on this service-linked role. You must request * the change through that service. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.PutRolePolicy * @see AWS API * Documentation */ PutRolePolicyResult putRolePolicy(PutRolePolicyRequest putRolePolicyRequest); /** * * Adds or updates the policy that is specified as the IAM user's permissions boundary. You can use an Amazon Web * Services managed policy or a customer managed policy to set the boundary for a user. Use the boundary to control * the maximum permissions that the user can have. Setting a permissions boundary is an advanced feature that can * affect the permissions for the user. * * * * Policies that are used as permissions boundaries do not provide permissions. You must also attach a permissions * policy to the user. To learn how the effective permissions for a user are evaluated, see IAM JSON policy * evaluation logic in the IAM User Guide. * * * * @param putUserPermissionsBoundaryRequest * @return Result of the PutUserPermissionsBoundary operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws InvalidInputException * The request was rejected because an invalid or out-of-range value was supplied for an input parameter. * @throws PolicyNotAttachableException * The request failed because Amazon Web Services service role policies can only be attached to the * service-linked role for that service. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.PutUserPermissionsBoundary * @see AWS * API Documentation */ PutUserPermissionsBoundaryResult putUserPermissionsBoundary(PutUserPermissionsBoundaryRequest putUserPermissionsBoundaryRequest); /** * * Adds or updates an inline policy document that is embedded in the specified IAM user. * * * An IAM user can also have a managed policy attached to it. To attach a managed policy to a user, use * AttachUserPolicy . To create a new managed policy, use CreatePolicy . * For information about policies, see Managed policies and * inline policies in the IAM User Guide. * * * For information about the maximum number of inline policies that you can embed in a user, see IAM and STS quotas in the * IAM User Guide. * * * * Because policy documents can be large, you should use POST rather than GET when calling * PutUserPolicy. For general information about using the Query API with IAM, see Making query requests in the * IAM User Guide. * * * * @param putUserPolicyRequest * @return Result of the PutUserPolicy operation returned by the service. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account limits. The error message describes the limit exceeded. * @throws MalformedPolicyDocumentException * The request was rejected because the policy document was malformed. The error message describes the * specific error. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.PutUserPolicy * @see AWS API * Documentation */ PutUserPolicyResult putUserPolicy(PutUserPolicyRequest putUserPolicyRequest); /** * * Removes the specified client ID (also known as audience) from the list of client IDs registered for the specified * IAM OpenID Connect (OIDC) provider resource object. * * * This operation is idempotent; it does not fail or return an error if you try to remove a client ID that does not * exist. * * * @param removeClientIDFromOpenIDConnectProviderRequest * @return Result of the RemoveClientIDFromOpenIDConnectProvider operation returned by the service. * @throws InvalidInputException * The request was rejected because an invalid or out-of-range value was supplied for an input parameter. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.RemoveClientIDFromOpenIDConnectProvider * @see AWS API Documentation */ RemoveClientIDFromOpenIDConnectProviderResult removeClientIDFromOpenIDConnectProvider( RemoveClientIDFromOpenIDConnectProviderRequest removeClientIDFromOpenIDConnectProviderRequest); /** * * Removes the specified IAM role from the specified Amazon EC2 instance profile. * * * * Make sure that you do not have any Amazon EC2 instances running with the role you are about to remove from the * instance profile. Removing a role from an instance profile that is associated with a running instance might break * any applications running on the instance. * * * * For more information about roles, see IAM roles in the IAM User Guide. * For more information about instance profiles, see Using * instance profiles in the IAM User Guide. * * * @param removeRoleFromInstanceProfileRequest * @return Result of the RemoveRoleFromInstanceProfile operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account limits. The error message describes the limit exceeded. * @throws UnmodifiableEntityException * The request was rejected because service-linked roles are protected Amazon Web Services resources. Only * the service that depends on the service-linked role can modify or delete the role on your behalf. The * error message includes the name of the service that depends on this service-linked role. You must request * the change through that service. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.RemoveRoleFromInstanceProfile * @see AWS API Documentation */ RemoveRoleFromInstanceProfileResult removeRoleFromInstanceProfile(RemoveRoleFromInstanceProfileRequest removeRoleFromInstanceProfileRequest); /** * * Removes the specified user from the specified group. * * * @param removeUserFromGroupRequest * @return Result of the RemoveUserFromGroup operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account limits. The error message describes the limit exceeded. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.RemoveUserFromGroup * @see AWS API * Documentation */ RemoveUserFromGroupResult removeUserFromGroup(RemoveUserFromGroupRequest removeUserFromGroupRequest); /** * * Resets the password for a service-specific credential. The new password is Amazon Web Services generated and * cryptographically strong. It cannot be configured by the user. Resetting the password immediately invalidates the * previous password associated with this user. * * * @param resetServiceSpecificCredentialRequest * @return Result of the ResetServiceSpecificCredential operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @sample AmazonIdentityManagement.ResetServiceSpecificCredential * @see AWS API Documentation */ ResetServiceSpecificCredentialResult resetServiceSpecificCredential(ResetServiceSpecificCredentialRequest resetServiceSpecificCredentialRequest); /** * * Synchronizes the specified MFA device with its IAM resource object on the Amazon Web Services servers. * * * For more information about creating and working with virtual MFA devices, see Using a virtual MFA device in * the IAM User Guide. * * * @param resyncMFADeviceRequest * @return Result of the ResyncMFADevice operation returned by the service. * @throws InvalidAuthenticationCodeException * The request was rejected because the authentication code was not recognized. The error message describes * the specific error. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account limits. The error message describes the limit exceeded. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @throws ConcurrentModificationException * The request was rejected because multiple requests to change this object were submitted simultaneously. * Wait a few minutes and submit your request again. * @sample AmazonIdentityManagement.ResyncMFADevice * @see AWS API * Documentation */ ResyncMFADeviceResult resyncMFADevice(ResyncMFADeviceRequest resyncMFADeviceRequest); /** * * Sets the specified version of the specified policy as the policy's default (operative) version. * * * This operation affects all users, groups, and roles that the policy is attached to. To list the users, groups, * and roles that the policy is attached to, use ListEntitiesForPolicy. * * * For information about managed policies, see Managed policies and * inline policies in the IAM User Guide. * * * @param setDefaultPolicyVersionRequest * @return Result of the SetDefaultPolicyVersion operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws InvalidInputException * The request was rejected because an invalid or out-of-range value was supplied for an input parameter. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account limits. The error message describes the limit exceeded. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.SetDefaultPolicyVersion * @see AWS * API Documentation */ SetDefaultPolicyVersionResult setDefaultPolicyVersion(SetDefaultPolicyVersionRequest setDefaultPolicyVersionRequest); /** * * Sets the specified version of the global endpoint token as the token version used for the Amazon Web Services * account. * * * By default, Security Token Service (STS) is available as a global service, and all STS requests go to a single * endpoint at https://sts.amazonaws.com. Amazon Web Services recommends using Regional STS endpoints * to reduce latency, build in redundancy, and increase session token availability. For information about Regional * endpoints for STS, see Security Token Service * endpoints and quotas in the Amazon Web Services General Reference. * * * If you make an STS call to the global endpoint, the resulting session tokens might be valid in some Regions but * not others. It depends on the version that is set in this operation. Version 1 tokens are valid only in Amazon * Web Services Regions that are available by default. These tokens do not work in manually enabled Regions, such as * Asia Pacific (Hong Kong). Version 2 tokens are valid in all Regions. However, version 2 tokens are longer and * might affect systems where you temporarily store tokens. For information, see Activating and * deactivating STS in an Amazon Web Services Region in the IAM User Guide. * * * To view the current session token version, see the GlobalEndpointTokenVersion entry in the response * of the GetAccountSummary operation. * * * @param setSecurityTokenServicePreferencesRequest * @return Result of the SetSecurityTokenServicePreferences operation returned by the service. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.SetSecurityTokenServicePreferences * @see AWS API Documentation */ SetSecurityTokenServicePreferencesResult setSecurityTokenServicePreferences( SetSecurityTokenServicePreferencesRequest setSecurityTokenServicePreferencesRequest); /** * * Simulate how a set of IAM policies and optionally a resource-based policy works with a list of API operations and * Amazon Web Services resources to determine the policies' effective permissions. The policies are provided as * strings. * * * The simulation does not perform the API operations; it only checks the authorization to determine if the * simulated policies allow or deny the operations. You can simulate resources that don't exist in your account. * * * If you want to simulate existing policies that are attached to an IAM user, group, or role, use * SimulatePrincipalPolicy instead. * * * Context keys are variables that are maintained by Amazon Web Services and its services and which provide details * about the context of an API query request. You can use the Condition element of an IAM policy to * evaluate context keys. To get the list of context keys that the policies require for correct simulation, use * GetContextKeysForCustomPolicy. * * * If the output is long, you can use MaxItems and Marker parameters to paginate the * results. * * * * The IAM policy simulator evaluates statements in the identity-based policy and the inputs that you provide during * simulation. The policy simulator results can differ from your live Amazon Web Services environment. We recommend * that you check your policies against your live Amazon Web Services environment after testing using the policy * simulator to confirm that you have the desired results. For more information about using the policy simulator, * see Testing IAM * policies with the IAM policy simulator in the IAM User Guide. * * * * @param simulateCustomPolicyRequest * @return Result of the SimulateCustomPolicy operation returned by the service. * @throws InvalidInputException * The request was rejected because an invalid or out-of-range value was supplied for an input parameter. * @throws PolicyEvaluationException * The request failed because a provided policy could not be successfully evaluated. An additional detailed * message indicates the source of the failure. * @sample AmazonIdentityManagement.SimulateCustomPolicy * @see AWS API * Documentation */ SimulateCustomPolicyResult simulateCustomPolicy(SimulateCustomPolicyRequest simulateCustomPolicyRequest); /** * * Simulate how a set of IAM policies attached to an IAM entity works with a list of API operations and Amazon Web * Services resources to determine the policies' effective permissions. The entity can be an IAM user, group, or * role. If you specify a user, then the simulation also includes all of the policies that are attached to groups * that the user belongs to. You can simulate resources that don't exist in your account. * * * You can optionally include a list of one or more additional policies specified as strings to include in the * simulation. If you want to simulate only policies specified as strings, use SimulateCustomPolicy instead. * * * You can also optionally include one resource-based policy to be evaluated with each of the resources included in * the simulation for IAM users only. * * * The simulation does not perform the API operations; it only checks the authorization to determine if the * simulated policies allow or deny the operations. * * * Note: This operation discloses information about the permissions granted to other users. If you do not * want users to see other user's permissions, then consider allowing them to use SimulateCustomPolicy * instead. * * * Context keys are variables maintained by Amazon Web Services and its services that provide details about the * context of an API query request. You can use the Condition element of an IAM policy to evaluate * context keys. To get the list of context keys that the policies require for correct simulation, use * GetContextKeysForPrincipalPolicy. * * * If the output is long, you can use the MaxItems and Marker parameters to paginate the * results. * * * * The IAM policy simulator evaluates statements in the identity-based policy and the inputs that you provide during * simulation. The policy simulator results can differ from your live Amazon Web Services environment. We recommend * that you check your policies against your live Amazon Web Services environment after testing using the policy * simulator to confirm that you have the desired results. For more information about using the policy simulator, * see Testing IAM * policies with the IAM policy simulator in the IAM User Guide. * * * * @param simulatePrincipalPolicyRequest * @return Result of the SimulatePrincipalPolicy operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws InvalidInputException * The request was rejected because an invalid or out-of-range value was supplied for an input parameter. * @throws PolicyEvaluationException * The request failed because a provided policy could not be successfully evaluated. An additional detailed * message indicates the source of the failure. * @sample AmazonIdentityManagement.SimulatePrincipalPolicy * @see AWS * API Documentation */ SimulatePrincipalPolicyResult simulatePrincipalPolicy(SimulatePrincipalPolicyRequest simulatePrincipalPolicyRequest); /** * * Adds one or more tags to an IAM instance profile. If a tag with the same key name already exists, then that tag * is overwritten with the new value. * * * Each tag consists of a key name and an associated value. By assigning tags to your resources, you can do the * following: * * * * * Administrative grouping and discovery - Attach tags to resources to aid in organization and search. For * example, you could search for all resources with the key name Project and the value * MyImportantProject. Or search for all resources with the key name Cost Center and the value * 41200. * * * * * Access control - Include tags in IAM user-based and resource-based policies. You can use tags to restrict * access to only an IAM instance profile that has a specified tag attached. For examples of policies that show how * to use tags to control access, see Control access using IAM tags in the * IAM User Guide. * * * * * * * * If any one of the tags is invalid or if you exceed the allowed maximum number of tags, then the entire request * fails and the resource is not created. For more information about tagging, see Tagging IAM resources in the IAM User * Guide. * * * * * Amazon Web Services always interprets the tag Value as a single string. If you need to store an * array, you can store comma-separated values in the string. However, you must interpret the value in your code. * * * * * * @param tagInstanceProfileRequest * @return Result of the TagInstanceProfile operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws InvalidInputException * The request was rejected because an invalid or out-of-range value was supplied for an input parameter. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account limits. The error message describes the limit exceeded. * @throws ConcurrentModificationException * The request was rejected because multiple requests to change this object were submitted simultaneously. * Wait a few minutes and submit your request again. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.TagInstanceProfile * @see AWS API * Documentation */ TagInstanceProfileResult tagInstanceProfile(TagInstanceProfileRequest tagInstanceProfileRequest); /** * * Adds one or more tags to an IAM virtual multi-factor authentication (MFA) device. If a tag with the same key name * already exists, then that tag is overwritten with the new value. * * * A tag consists of a key name and an associated value. By assigning tags to your resources, you can do the * following: * * * * * Administrative grouping and discovery - Attach tags to resources to aid in organization and search. For * example, you could search for all resources with the key name Project and the value * MyImportantProject. Or search for all resources with the key name Cost Center and the value * 41200. * * * * * Access control - Include tags in IAM user-based and resource-based policies. You can use tags to restrict * access to only an IAM virtual MFA device that has a specified tag attached. For examples of policies that show * how to use tags to control access, see Control access using IAM tags in the * IAM User Guide. * * * * * * * * If any one of the tags is invalid or if you exceed the allowed maximum number of tags, then the entire request * fails and the resource is not created. For more information about tagging, see Tagging IAM resources in the IAM User * Guide. * * * * * Amazon Web Services always interprets the tag Value as a single string. If you need to store an * array, you can store comma-separated values in the string. However, you must interpret the value in your code. * * * * * * @param tagMFADeviceRequest * @return Result of the TagMFADevice operation returned by the service. * @throws InvalidInputException * The request was rejected because an invalid or out-of-range value was supplied for an input parameter. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account limits. The error message describes the limit exceeded. * @throws ConcurrentModificationException * The request was rejected because multiple requests to change this object were submitted simultaneously. * Wait a few minutes and submit your request again. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.TagMFADevice * @see AWS API * Documentation */ TagMFADeviceResult tagMFADevice(TagMFADeviceRequest tagMFADeviceRequest); /** * * Adds one or more tags to an OpenID Connect (OIDC)-compatible identity provider. For more information about these * providers, see About web * identity federation. If a tag with the same key name already exists, then that tag is overwritten with the * new value. * * * A tag consists of a key name and an associated value. By assigning tags to your resources, you can do the * following: * * * * * Administrative grouping and discovery - Attach tags to resources to aid in organization and search. For * example, you could search for all resources with the key name Project and the value * MyImportantProject. Or search for all resources with the key name Cost Center and the value * 41200. * * * * * Access control - Include tags in IAM identity-based and resource-based policies. You can use tags to * restrict access to only an OIDC provider that has a specified tag attached. For examples of policies that show * how to use tags to control access, see Control access using IAM tags in the * IAM User Guide. * * * * * * * * If any one of the tags is invalid or if you exceed the allowed maximum number of tags, then the entire request * fails and the resource is not created. For more information about tagging, see Tagging IAM resources in the IAM User * Guide. * * * * * Amazon Web Services always interprets the tag Value as a single string. If you need to store an * array, you can store comma-separated values in the string. However, you must interpret the value in your code. * * * * * * @param tagOpenIDConnectProviderRequest * @return Result of the TagOpenIDConnectProvider operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account limits. The error message describes the limit exceeded. * @throws InvalidInputException * The request was rejected because an invalid or out-of-range value was supplied for an input parameter. * @throws ConcurrentModificationException * The request was rejected because multiple requests to change this object were submitted simultaneously. * Wait a few minutes and submit your request again. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.TagOpenIDConnectProvider * @see AWS * API Documentation */ TagOpenIDConnectProviderResult tagOpenIDConnectProvider(TagOpenIDConnectProviderRequest tagOpenIDConnectProviderRequest); /** * * Adds one or more tags to an IAM customer managed policy. If a tag with the same key name already exists, then * that tag is overwritten with the new value. * * * A tag consists of a key name and an associated value. By assigning tags to your resources, you can do the * following: * * * * * Administrative grouping and discovery - Attach tags to resources to aid in organization and search. For * example, you could search for all resources with the key name Project and the value * MyImportantProject. Or search for all resources with the key name Cost Center and the value * 41200. * * * * * Access control - Include tags in IAM user-based and resource-based policies. You can use tags to restrict * access to only an IAM customer managed policy that has a specified tag attached. For examples of policies that * show how to use tags to control access, see Control access using IAM tags in the * IAM User Guide. * * * * * * * * If any one of the tags is invalid or if you exceed the allowed maximum number of tags, then the entire request * fails and the resource is not created. For more information about tagging, see Tagging IAM resources in the IAM User * Guide. * * * * * Amazon Web Services always interprets the tag Value as a single string. If you need to store an * array, you can store comma-separated values in the string. However, you must interpret the value in your code. * * * * * * @param tagPolicyRequest * @return Result of the TagPolicy operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account limits. The error message describes the limit exceeded. * @throws InvalidInputException * The request was rejected because an invalid or out-of-range value was supplied for an input parameter. * @throws ConcurrentModificationException * The request was rejected because multiple requests to change this object were submitted simultaneously. * Wait a few minutes and submit your request again. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.TagPolicy * @see AWS API * Documentation */ TagPolicyResult tagPolicy(TagPolicyRequest tagPolicyRequest); /** * * Adds one or more tags to an IAM role. The role can be a regular role or a service-linked role. If a tag with the * same key name already exists, then that tag is overwritten with the new value. * * * A tag consists of a key name and an associated value. By assigning tags to your resources, you can do the * following: * * * * * Administrative grouping and discovery - Attach tags to resources to aid in organization and search. For * example, you could search for all resources with the key name Project and the value * MyImportantProject. Or search for all resources with the key name Cost Center and the value * 41200. * * * * * Access control - Include tags in IAM user-based and resource-based policies. You can use tags to restrict * access to only an IAM role that has a specified tag attached. You can also restrict access to only those * resources that have a certain tag attached. For examples of policies that show how to use tags to control access, * see Control access using IAM tags * in the IAM User Guide. * * * * * Cost allocation - Use tags to help track which individuals and teams are using which Amazon Web Services * resources. * * * * * * * * If any one of the tags is invalid or if you exceed the allowed maximum number of tags, then the entire request * fails and the resource is not created. For more information about tagging, see Tagging IAM resources in the IAM User * Guide. * * * * * Amazon Web Services always interprets the tag Value as a single string. If you need to store an * array, you can store comma-separated values in the string. However, you must interpret the value in your code. * * * * * * For more information about tagging, see Tagging IAM identities in the IAM * User Guide. * * * @param tagRoleRequest * @return Result of the TagRole operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account limits. The error message describes the limit exceeded. * @throws InvalidInputException * The request was rejected because an invalid or out-of-range value was supplied for an input parameter. * @throws ConcurrentModificationException * The request was rejected because multiple requests to change this object were submitted simultaneously. * Wait a few minutes and submit your request again. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.TagRole * @see AWS API * Documentation */ TagRoleResult tagRole(TagRoleRequest tagRoleRequest); /** * * Adds one or more tags to a Security Assertion Markup Language (SAML) identity provider. For more information * about these providers, see About SAML 2.0-based * federation . If a tag with the same key name already exists, then that tag is overwritten with the new value. * * * A tag consists of a key name and an associated value. By assigning tags to your resources, you can do the * following: * * * * * Administrative grouping and discovery - Attach tags to resources to aid in organization and search. For * example, you could search for all resources with the key name Project and the value * MyImportantProject. Or search for all resources with the key name Cost Center and the value * 41200. * * * * * Access control - Include tags in IAM user-based and resource-based policies. You can use tags to restrict * access to only a SAML identity provider that has a specified tag attached. For examples of policies that show how * to use tags to control access, see Control access using IAM tags in the * IAM User Guide. * * * * * * * * If any one of the tags is invalid or if you exceed the allowed maximum number of tags, then the entire request * fails and the resource is not created. For more information about tagging, see Tagging IAM resources in the IAM User * Guide. * * * * * Amazon Web Services always interprets the tag Value as a single string. If you need to store an * array, you can store comma-separated values in the string. However, you must interpret the value in your code. * * * * * * @param tagSAMLProviderRequest * @return Result of the TagSAMLProvider operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account limits. The error message describes the limit exceeded. * @throws InvalidInputException * The request was rejected because an invalid or out-of-range value was supplied for an input parameter. * @throws ConcurrentModificationException * The request was rejected because multiple requests to change this object were submitted simultaneously. * Wait a few minutes and submit your request again. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.TagSAMLProvider * @see AWS API * Documentation */ TagSAMLProviderResult tagSAMLProvider(TagSAMLProviderRequest tagSAMLProviderRequest); /** * * Adds one or more tags to an IAM server certificate. If a tag with the same key name already exists, then that tag * is overwritten with the new value. * * * * For certificates in a Region supported by Certificate Manager (ACM), we recommend that you don't use IAM server * certificates. Instead, use ACM to provision, manage, and deploy your server certificates. For more information * about IAM server certificates, Working with server * certificates in the IAM User Guide. * * * * A tag consists of a key name and an associated value. By assigning tags to your resources, you can do the * following: * * * * * Administrative grouping and discovery - Attach tags to resources to aid in organization and search. For * example, you could search for all resources with the key name Project and the value * MyImportantProject. Or search for all resources with the key name Cost Center and the value * 41200. * * * * * Access control - Include tags in IAM user-based and resource-based policies. You can use tags to restrict * access to only a server certificate that has a specified tag attached. For examples of policies that show how to * use tags to control access, see Control access using IAM tags in the * IAM User Guide. * * * * * Cost allocation - Use tags to help track which individuals and teams are using which Amazon Web Services * resources. * * * * * * * * If any one of the tags is invalid or if you exceed the allowed maximum number of tags, then the entire request * fails and the resource is not created. For more information about tagging, see Tagging IAM resources in the IAM User * Guide. * * * * * Amazon Web Services always interprets the tag Value as a single string. If you need to store an * array, you can store comma-separated values in the string. However, you must interpret the value in your code. * * * * * * @param tagServerCertificateRequest * @return Result of the TagServerCertificate operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws InvalidInputException * The request was rejected because an invalid or out-of-range value was supplied for an input parameter. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account limits. The error message describes the limit exceeded. * @throws ConcurrentModificationException * The request was rejected because multiple requests to change this object were submitted simultaneously. * Wait a few minutes and submit your request again. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.TagServerCertificate * @see AWS API * Documentation */ TagServerCertificateResult tagServerCertificate(TagServerCertificateRequest tagServerCertificateRequest); /** * * Adds one or more tags to an IAM user. If a tag with the same key name already exists, then that tag is * overwritten with the new value. * * * A tag consists of a key name and an associated value. By assigning tags to your resources, you can do the * following: * * * * * Administrative grouping and discovery - Attach tags to resources to aid in organization and search. For * example, you could search for all resources with the key name Project and the value * MyImportantProject. Or search for all resources with the key name Cost Center and the value * 41200. * * * * * Access control - Include tags in IAM identity-based and resource-based policies. You can use tags to * restrict access to only an IAM requesting user that has a specified tag attached. You can also restrict access to * only those resources that have a certain tag attached. For examples of policies that show how to use tags to * control access, see Control access * using IAM tags in the IAM User Guide. * * * * * Cost allocation - Use tags to help track which individuals and teams are using which Amazon Web Services * resources. * * * * * * * * If any one of the tags is invalid or if you exceed the allowed maximum number of tags, then the entire request * fails and the resource is not created. For more information about tagging, see Tagging IAM resources in the IAM User * Guide. * * * * * Amazon Web Services always interprets the tag Value as a single string. If you need to store an * array, you can store comma-separated values in the string. However, you must interpret the value in your code. * * * * * * For more information about tagging, see Tagging IAM identities in the IAM * User Guide. * * * @param tagUserRequest * @return Result of the TagUser operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account limits. The error message describes the limit exceeded. * @throws InvalidInputException * The request was rejected because an invalid or out-of-range value was supplied for an input parameter. * @throws ConcurrentModificationException * The request was rejected because multiple requests to change this object were submitted simultaneously. * Wait a few minutes and submit your request again. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.TagUser * @see AWS API * Documentation */ TagUserResult tagUser(TagUserRequest tagUserRequest); /** * * Removes the specified tags from the IAM instance profile. For more information about tagging, see Tagging IAM resources in the IAM User * Guide. * * * @param untagInstanceProfileRequest * @return Result of the UntagInstanceProfile operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws InvalidInputException * The request was rejected because an invalid or out-of-range value was supplied for an input parameter. * @throws ConcurrentModificationException * The request was rejected because multiple requests to change this object were submitted simultaneously. * Wait a few minutes and submit your request again. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.UntagInstanceProfile * @see AWS API * Documentation */ UntagInstanceProfileResult untagInstanceProfile(UntagInstanceProfileRequest untagInstanceProfileRequest); /** * * Removes the specified tags from the IAM virtual multi-factor authentication (MFA) device. For more information * about tagging, see Tagging IAM * resources in the IAM User Guide. * * * @param untagMFADeviceRequest * @return Result of the UntagMFADevice operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws InvalidInputException * The request was rejected because an invalid or out-of-range value was supplied for an input parameter. * @throws ConcurrentModificationException * The request was rejected because multiple requests to change this object were submitted simultaneously. * Wait a few minutes and submit your request again. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.UntagMFADevice * @see AWS API * Documentation */ UntagMFADeviceResult untagMFADevice(UntagMFADeviceRequest untagMFADeviceRequest); /** * * Removes the specified tags from the specified OpenID Connect (OIDC)-compatible identity provider in IAM. For more * information about OIDC providers, see About web identity * federation. For more information about tagging, see Tagging IAM resources in the IAM User * Guide. * * * @param untagOpenIDConnectProviderRequest * @return Result of the UntagOpenIDConnectProvider operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws InvalidInputException * The request was rejected because an invalid or out-of-range value was supplied for an input parameter. * @throws ConcurrentModificationException * The request was rejected because multiple requests to change this object were submitted simultaneously. * Wait a few minutes and submit your request again. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.UntagOpenIDConnectProvider * @see AWS * API Documentation */ UntagOpenIDConnectProviderResult untagOpenIDConnectProvider(UntagOpenIDConnectProviderRequest untagOpenIDConnectProviderRequest); /** * * Removes the specified tags from the customer managed policy. For more information about tagging, see Tagging IAM resources in the IAM User * Guide. * * * @param untagPolicyRequest * @return Result of the UntagPolicy operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws InvalidInputException * The request was rejected because an invalid or out-of-range value was supplied for an input parameter. * @throws ConcurrentModificationException * The request was rejected because multiple requests to change this object were submitted simultaneously. * Wait a few minutes and submit your request again. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.UntagPolicy * @see AWS API * Documentation */ UntagPolicyResult untagPolicy(UntagPolicyRequest untagPolicyRequest); /** * * Removes the specified tags from the role. For more information about tagging, see Tagging IAM resources in the IAM User * Guide. * * * @param untagRoleRequest * @return Result of the UntagRole operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws ConcurrentModificationException * The request was rejected because multiple requests to change this object were submitted simultaneously. * Wait a few minutes and submit your request again. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.UntagRole * @see AWS API * Documentation */ UntagRoleResult untagRole(UntagRoleRequest untagRoleRequest); /** * * Removes the specified tags from the specified Security Assertion Markup Language (SAML) identity provider in IAM. * For more information about these providers, see About web identity * federation. For more information about tagging, see Tagging IAM resources in the IAM User * Guide. * * * @param untagSAMLProviderRequest * @return Result of the UntagSAMLProvider operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws InvalidInputException * The request was rejected because an invalid or out-of-range value was supplied for an input parameter. * @throws ConcurrentModificationException * The request was rejected because multiple requests to change this object were submitted simultaneously. * Wait a few minutes and submit your request again. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.UntagSAMLProvider * @see AWS API * Documentation */ UntagSAMLProviderResult untagSAMLProvider(UntagSAMLProviderRequest untagSAMLProviderRequest); /** * * Removes the specified tags from the IAM server certificate. For more information about tagging, see Tagging IAM resources in the IAM User * Guide. * * * * For certificates in a Region supported by Certificate Manager (ACM), we recommend that you don't use IAM server * certificates. Instead, use ACM to provision, manage, and deploy your server certificates. For more information * about IAM server certificates, Working with server * certificates in the IAM User Guide. * * * * @param untagServerCertificateRequest * @return Result of the UntagServerCertificate operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws InvalidInputException * The request was rejected because an invalid or out-of-range value was supplied for an input parameter. * @throws ConcurrentModificationException * The request was rejected because multiple requests to change this object were submitted simultaneously. * Wait a few minutes and submit your request again. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.UntagServerCertificate * @see AWS API * Documentation */ UntagServerCertificateResult untagServerCertificate(UntagServerCertificateRequest untagServerCertificateRequest); /** * * Removes the specified tags from the user. For more information about tagging, see Tagging IAM resources in the IAM User * Guide. * * * @param untagUserRequest * @return Result of the UntagUser operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws ConcurrentModificationException * The request was rejected because multiple requests to change this object were submitted simultaneously. * Wait a few minutes and submit your request again. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.UntagUser * @see AWS API * Documentation */ UntagUserResult untagUser(UntagUserRequest untagUserRequest); /** * * Changes the status of the specified access key from Active to Inactive, or vice versa. This operation can be used * to disable a user's key as part of a key rotation workflow. * * * If the UserName is not specified, the user name is determined implicitly based on the Amazon Web * Services access key ID used to sign the request. If a temporary access key is used, then UserName is * required. If a long-term key is assigned to the user, then UserName is not required. This operation * works for access keys under the Amazon Web Services account. Consequently, you can use this operation to manage * Amazon Web Services account root user credentials even if the Amazon Web Services account has no associated * users. * * * For information about rotating keys, see Managing keys and * certificates in the IAM User Guide. * * * @param updateAccessKeyRequest * @return Result of the UpdateAccessKey operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account limits. The error message describes the limit exceeded. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.UpdateAccessKey * @see AWS API * Documentation */ UpdateAccessKeyResult updateAccessKey(UpdateAccessKeyRequest updateAccessKeyRequest); /** * * Updates the password policy settings for the Amazon Web Services account. * * * * This operation does not support partial updates. No parameters are required, but if you do not specify a * parameter, that parameter's value reverts to its default value. See the Request Parameters section for * each parameter's default value. Also note that some parameters do not allow the default parameter to be * explicitly set. Instead, to invoke the default value, do not include that parameter when you invoke the * operation. * * * * For more information about using a password policy, see Managing an IAM * password policy in the IAM User Guide. * * * @param updateAccountPasswordPolicyRequest * @return Result of the UpdateAccountPasswordPolicy operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws MalformedPolicyDocumentException * The request was rejected because the policy document was malformed. The error message describes the * specific error. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account limits. The error message describes the limit exceeded. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.UpdateAccountPasswordPolicy * @see AWS API Documentation */ UpdateAccountPasswordPolicyResult updateAccountPasswordPolicy(UpdateAccountPasswordPolicyRequest updateAccountPasswordPolicyRequest); /** * * Updates the policy that grants an IAM entity permission to assume a role. This is typically referred to as the * "role trust policy". For more information about roles, see Using roles to delegate permissions * and federate identities. * * * @param updateAssumeRolePolicyRequest * @return Result of the UpdateAssumeRolePolicy operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws MalformedPolicyDocumentException * The request was rejected because the policy document was malformed. The error message describes the * specific error. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account limits. The error message describes the limit exceeded. * @throws UnmodifiableEntityException * The request was rejected because service-linked roles are protected Amazon Web Services resources. Only * the service that depends on the service-linked role can modify or delete the role on your behalf. The * error message includes the name of the service that depends on this service-linked role. You must request * the change through that service. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.UpdateAssumeRolePolicy * @see AWS API * Documentation */ UpdateAssumeRolePolicyResult updateAssumeRolePolicy(UpdateAssumeRolePolicyRequest updateAssumeRolePolicyRequest); /** * * Updates the name and/or the path of the specified IAM group. * * * * You should understand the implications of changing a group's path or name. For more information, see Renaming users and * groups in the IAM User Guide. * * * * The person making the request (the principal), must have permission to change the role group with the old name * and the new name. For example, to change the group named Managers to MGRs, the * principal must have a policy that allows them to update both groups. If the principal has permission to update * the Managers group, but not the MGRs group, then the update fails. For more information * about permissions, see Access * management. * * * * @param updateGroupRequest * @return Result of the UpdateGroup operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws EntityAlreadyExistsException * The request was rejected because it attempted to create a resource that already exists. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account limits. The error message describes the limit exceeded. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.UpdateGroup * @see AWS API * Documentation */ UpdateGroupResult updateGroup(UpdateGroupRequest updateGroupRequest); /** * * Changes the password for the specified IAM user. You can use the CLI, the Amazon Web Services API, or the * Users page in the IAM console to change the password for any IAM user. Use ChangePassword to change * your own password in the My Security Credentials page in the Amazon Web Services Management Console. * * * For more information about modifying passwords, see Managing passwords in the * IAM User Guide. * * * @param updateLoginProfileRequest * @return Result of the UpdateLoginProfile operation returned by the service. * @throws EntityTemporarilyUnmodifiableException * The request was rejected because it referenced an entity that is temporarily unmodifiable, such as a user * name that was deleted and then recreated. The error indicates that the request is likely to succeed if * you try again after waiting several minutes. The error message describes the entity. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws PasswordPolicyViolationException * The request was rejected because the provided password did not meet the requirements imposed by the * account password policy. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account limits. The error message describes the limit exceeded. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.UpdateLoginProfile * @see AWS API * Documentation */ UpdateLoginProfileResult updateLoginProfile(UpdateLoginProfileRequest updateLoginProfileRequest); /** * * Replaces the existing list of server certificate thumbprints associated with an OpenID Connect (OIDC) provider * resource object with a new list of thumbprints. * * * The list that you pass with this operation completely replaces the existing list of thumbprints. (The lists are * not merged.) * * * Typically, you need to update a thumbprint only when the identity provider certificate changes, which occurs * rarely. However, if the provider's certificate does change, any attempt to assume an IAM role that * specifies the OIDC provider as a principal fails until the certificate thumbprint is updated. * * * * Amazon Web Services secures communication with some OIDC identity providers (IdPs) through our library of trusted * root certificate authorities (CAs) instead of using a certificate thumbprint to verify your IdP server * certificate. In these cases, your legacy thumbprint remains in your configuration, but is no longer used for * validation. These OIDC IdPs include Auth0, GitHub, GitLab, Google, and those that use an Amazon S3 bucket to host * a JSON Web Key Set (JWKS) endpoint. * * * * Trust for the OIDC provider is derived from the provider certificate and is validated by the thumbprint. * Therefore, it is best to limit access to the UpdateOpenIDConnectProviderThumbprint operation to * highly privileged users. * * * * @param updateOpenIDConnectProviderThumbprintRequest * @return Result of the UpdateOpenIDConnectProviderThumbprint operation returned by the service. * @throws InvalidInputException * The request was rejected because an invalid or out-of-range value was supplied for an input parameter. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.UpdateOpenIDConnectProviderThumbprint * @see AWS API Documentation */ UpdateOpenIDConnectProviderThumbprintResult updateOpenIDConnectProviderThumbprint( UpdateOpenIDConnectProviderThumbprintRequest updateOpenIDConnectProviderThumbprintRequest); /** * * Updates the description or maximum session duration setting of a role. * * * @param updateRoleRequest * @return Result of the UpdateRole operation returned by the service. * @throws UnmodifiableEntityException * The request was rejected because service-linked roles are protected Amazon Web Services resources. Only * the service that depends on the service-linked role can modify or delete the role on your behalf. The * error message includes the name of the service that depends on this service-linked role. You must request * the change through that service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.UpdateRole * @see AWS API * Documentation */ UpdateRoleResult updateRole(UpdateRoleRequest updateRoleRequest); /** * * Use UpdateRole instead. * * * Modifies only the description of a role. This operation performs the same function as the * Description parameter in the UpdateRole operation. * * * @param updateRoleDescriptionRequest * @return Result of the UpdateRoleDescription operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws UnmodifiableEntityException * The request was rejected because service-linked roles are protected Amazon Web Services resources. Only * the service that depends on the service-linked role can modify or delete the role on your behalf. The * error message includes the name of the service that depends on this service-linked role. You must request * the change through that service. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.UpdateRoleDescription * @see AWS API * Documentation */ UpdateRoleDescriptionResult updateRoleDescription(UpdateRoleDescriptionRequest updateRoleDescriptionRequest); /** * * Updates the metadata document for an existing SAML provider resource object. * * * * This operation requires Signature Version 4. * * * * @param updateSAMLProviderRequest * @return Result of the UpdateSAMLProvider operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws InvalidInputException * The request was rejected because an invalid or out-of-range value was supplied for an input parameter. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account limits. The error message describes the limit exceeded. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.UpdateSAMLProvider * @see AWS API * Documentation */ UpdateSAMLProviderResult updateSAMLProvider(UpdateSAMLProviderRequest updateSAMLProviderRequest); /** * * Sets the status of an IAM user's SSH public key to active or inactive. SSH public keys that are inactive cannot * be used for authentication. This operation can be used to disable a user's SSH public key as part of a key * rotation work flow. * * * The SSH public key affected by this operation is used only for authenticating the associated IAM user to an * CodeCommit repository. For more information about using SSH keys to authenticate to an CodeCommit repository, see * Set up * CodeCommit for SSH connections in the CodeCommit User Guide. * * * @param updateSSHPublicKeyRequest * @return Result of the UpdateSSHPublicKey operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @sample AmazonIdentityManagement.UpdateSSHPublicKey * @see AWS API * Documentation */ UpdateSSHPublicKeyResult updateSSHPublicKey(UpdateSSHPublicKeyRequest updateSSHPublicKeyRequest); /** * * Updates the name and/or the path of the specified server certificate stored in IAM. * * * For more information about working with server certificates, see Working with server * certificates in the IAM User Guide. This topic also includes a list of Amazon Web Services services * that can use the server certificates that you manage with IAM. * * * * You should understand the implications of changing a server certificate's path or name. For more information, see * Renaming a server certificate in the IAM User Guide. * * * * The person making the request (the principal), must have permission to change the server certificate with the old * name and the new name. For example, to change the certificate named ProductionCert to * ProdCert, the principal must have a policy that allows them to update both certificates. If the * principal has permission to update the ProductionCert group, but not the ProdCert * certificate, then the update fails. For more information about permissions, see Access management in the IAM User * Guide. * * * * @param updateServerCertificateRequest * @return Result of the UpdateServerCertificate operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws EntityAlreadyExistsException * The request was rejected because it attempted to create a resource that already exists. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account limits. The error message describes the limit exceeded. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.UpdateServerCertificate * @see AWS * API Documentation */ UpdateServerCertificateResult updateServerCertificate(UpdateServerCertificateRequest updateServerCertificateRequest); /** * * Sets the status of a service-specific credential to Active or Inactive. * Service-specific credentials that are inactive cannot be used for authentication to the service. This operation * can be used to disable a user's service-specific credential as part of a credential rotation work flow. * * * @param updateServiceSpecificCredentialRequest * @return Result of the UpdateServiceSpecificCredential operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @sample AmazonIdentityManagement.UpdateServiceSpecificCredential * @see AWS API Documentation */ UpdateServiceSpecificCredentialResult updateServiceSpecificCredential(UpdateServiceSpecificCredentialRequest updateServiceSpecificCredentialRequest); /** * * Changes the status of the specified user signing certificate from active to disabled, or vice versa. This * operation can be used to disable an IAM user's signing certificate as part of a certificate rotation work flow. * * * If the UserName field is not specified, the user name is determined implicitly based on the Amazon * Web Services access key ID used to sign the request. This operation works for access keys under the Amazon Web * Services account. Consequently, you can use this operation to manage Amazon Web Services account root user * credentials even if the Amazon Web Services account has no associated users. * * * @param updateSigningCertificateRequest * @return Result of the UpdateSigningCertificate operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account limits. The error message describes the limit exceeded. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.UpdateSigningCertificate * @see AWS * API Documentation */ UpdateSigningCertificateResult updateSigningCertificate(UpdateSigningCertificateRequest updateSigningCertificateRequest); /** * * Updates the name and/or the path of the specified IAM user. * * * * You should understand the implications of changing an IAM user's path or name. For more information, see Renaming an IAM * user and Renaming an * IAM group in the IAM User Guide. * * * * To change a user name, the requester must have appropriate permissions on both the source object and the target * object. For example, to change Bob to Robert, the entity making the request must have permission on Bob and * Robert, or must have permission on all (*). For more information about permissions, see Permissions and policies. * * * * @param updateUserRequest * @return Result of the UpdateUser operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account limits. The error message describes the limit exceeded. * @throws EntityAlreadyExistsException * The request was rejected because it attempted to create a resource that already exists. * @throws EntityTemporarilyUnmodifiableException * The request was rejected because it referenced an entity that is temporarily unmodifiable, such as a user * name that was deleted and then recreated. The error indicates that the request is likely to succeed if * you try again after waiting several minutes. The error message describes the entity. * @throws ConcurrentModificationException * The request was rejected because multiple requests to change this object were submitted simultaneously. * Wait a few minutes and submit your request again. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.UpdateUser * @see AWS API * Documentation */ UpdateUserResult updateUser(UpdateUserRequest updateUserRequest); /** * * Uploads an SSH public key and associates it with the specified IAM user. * * * The SSH public key uploaded by this operation can be used only for authenticating the associated IAM user to an * CodeCommit repository. For more information about using SSH keys to authenticate to an CodeCommit repository, see * Set up * CodeCommit for SSH connections in the CodeCommit User Guide. * * * @param uploadSSHPublicKeyRequest * @return Result of the UploadSSHPublicKey operation returned by the service. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account limits. The error message describes the limit exceeded. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws InvalidPublicKeyException * The request was rejected because the public key is malformed or otherwise invalid. * @throws DuplicateSSHPublicKeyException * The request was rejected because the SSH public key is already associated with the specified IAM user. * @throws UnrecognizedPublicKeyEncodingException * The request was rejected because the public key encoding format is unsupported or unrecognized. * @sample AmazonIdentityManagement.UploadSSHPublicKey * @see AWS API * Documentation */ UploadSSHPublicKeyResult uploadSSHPublicKey(UploadSSHPublicKeyRequest uploadSSHPublicKeyRequest); /** * * Uploads a server certificate entity for the Amazon Web Services account. The server certificate entity includes a * public key certificate, a private key, and an optional certificate chain, which should all be PEM-encoded. * * * We recommend that you use Certificate Manager to provision, * manage, and deploy your server certificates. With ACM you can request a certificate, deploy it to Amazon Web * Services resources, and let ACM handle certificate renewals for you. Certificates provided by ACM are free. For * more information about using ACM, see the Certificate * Manager User Guide. * * * For more information about working with server certificates, see Working with server * certificates in the IAM User Guide. This topic includes a list of Amazon Web Services services that * can use the server certificates that you manage with IAM. * * * For information about the number of server certificates you can upload, see IAM and STS quotas in the * IAM User Guide. * * * * Because the body of the public key certificate, private key, and the certificate chain can be large, you should * use POST rather than GET when calling UploadServerCertificate. For information about setting up * signatures and authorization through the API, see Signing Amazon Web Services * API requests in the Amazon Web Services General Reference. For general information about using the * Query API with IAM, see Calling the * API by making HTTP query requests in the IAM User Guide. * * * * @param uploadServerCertificateRequest * @return Result of the UploadServerCertificate operation returned by the service. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account limits. The error message describes the limit exceeded. * @throws InvalidInputException * The request was rejected because an invalid or out-of-range value was supplied for an input parameter. * @throws EntityAlreadyExistsException * The request was rejected because it attempted to create a resource that already exists. * @throws MalformedCertificateException * The request was rejected because the certificate was malformed or expired. The error message describes * the specific error. * @throws KeyPairMismatchException * The request was rejected because the public key certificate and the private key do not match. * @throws ConcurrentModificationException * The request was rejected because multiple requests to change this object were submitted simultaneously. * Wait a few minutes and submit your request again. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.UploadServerCertificate * @see AWS * API Documentation */ UploadServerCertificateResult uploadServerCertificate(UploadServerCertificateRequest uploadServerCertificateRequest); /** * * Uploads an X.509 signing certificate and associates it with the specified IAM user. Some Amazon Web Services * services require you to use certificates to validate requests that are signed with a corresponding private key. * When you upload the certificate, its default status is Active. * * * For information about when you would use an X.509 signing certificate, see Managing server * certificates in IAM in the IAM User Guide. * * * If the UserName is not specified, the IAM user name is determined implicitly based on the Amazon Web * Services access key ID used to sign the request. This operation works for access keys under the Amazon Web * Services account. Consequently, you can use this operation to manage Amazon Web Services account root user * credentials even if the Amazon Web Services account has no associated users. * * * * Because the body of an X.509 certificate can be large, you should use POST rather than GET when calling * UploadSigningCertificate. For information about setting up signatures and authorization through the * API, see Signing Amazon Web * Services API requests in the Amazon Web Services General Reference. For general information about * using the Query API with IAM, see Making query requests in the * IAM User Guide. * * * * @param uploadSigningCertificateRequest * @return Result of the UploadSigningCertificate operation returned by the service. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account limits. The error message describes the limit exceeded. * @throws EntityAlreadyExistsException * The request was rejected because it attempted to create a resource that already exists. * @throws MalformedCertificateException * The request was rejected because the certificate was malformed or expired. The error message describes * the specific error. * @throws InvalidCertificateException * The request was rejected because the certificate is invalid. * @throws DuplicateCertificateException * The request was rejected because the same certificate is associated with an IAM user in the account. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws ConcurrentModificationException * The request was rejected because multiple requests to change this object were submitted simultaneously. * Wait a few minutes and submit your request again. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.UploadSigningCertificate * @see AWS * API Documentation */ UploadSigningCertificateResult uploadSigningCertificate(UploadSigningCertificateRequest uploadSigningCertificateRequest); /** * Shuts down this client object, releasing any resources that might be held open. This is an optional method, and * callers are not expected to call it, but can if they want to explicitly release any open resources. Once a client * has been shutdown, it should not be used to make any more requests. */ void shutdown(); /** * Returns additional metadata for a previously executed successful request, typically used for debugging issues * where a service isn't acting as expected. This data isn't considered part of the result data returned by an * operation, so it's available through this separate, diagnostic interface. *

* Response metadata is only cached for a limited period of time, so if you need to access this extra diagnostic * information for an executed request, you should use this method to retrieve it as soon as possible after * executing a request. * * @param request * The originally executed request. * * @return The response metadata for the specified request, or null if none is available. */ ResponseMetadata getCachedResponseMetadata(AmazonWebServiceRequest request); AmazonIdentityManagementWaiters waiters(); }