com.amazonaws.services.identitymanagement.AmazonIdentityManagementClient Maven / Gradle / Ivy
Show all versions of aws-java-sdk-iam Show documentation
/*
* Copyright 2020-2025 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with
* the License. A copy of the License is located at
*
* http://aws.amazon.com/apache2.0
*
* or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
* CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions
* and limitations under the License.
*/
package com.amazonaws.services.identitymanagement;
import org.w3c.dom.*;
import java.net.*;
import java.util.*;
import javax.annotation.Generated;
import org.apache.commons.logging.*;
import com.amazonaws.*;
import com.amazonaws.annotation.SdkInternalApi;
import com.amazonaws.auth.*;
import com.amazonaws.handlers.*;
import com.amazonaws.http.*;
import com.amazonaws.internal.*;
import com.amazonaws.internal.auth.*;
import com.amazonaws.metrics.*;
import com.amazonaws.regions.*;
import com.amazonaws.transform.*;
import com.amazonaws.util.*;
import com.amazonaws.protocol.json.*;
import com.amazonaws.util.AWSRequestMetrics.Field;
import com.amazonaws.annotation.ThreadSafe;
import com.amazonaws.client.AwsSyncClientParams;
import com.amazonaws.client.builder.AdvancedConfig;
import com.amazonaws.services.identitymanagement.AmazonIdentityManagementClientBuilder;
import com.amazonaws.services.identitymanagement.waiters.AmazonIdentityManagementWaiters;
import com.amazonaws.AmazonServiceException;
import com.amazonaws.services.identitymanagement.model.*;
import com.amazonaws.services.identitymanagement.model.transform.*;
/**
* Client for accessing IAM. All service calls made using this client are blocking, and will not return until the
* service call completes.
*
* Identity and Access Management
*
* Identity and Access Management (IAM) is a web service for securely controlling access to Amazon Web Services
* services. With IAM, you can centrally manage users, security credentials such as access keys, and permissions that
* control which Amazon Web Services resources users and applications can access. For more information about IAM, see Identity and Access Management (IAM) and the Identity and Access Management User Guide.
*
*/
@ThreadSafe
@Generated("com.amazonaws:aws-java-sdk-code-generator")
public class AmazonIdentityManagementClient extends AmazonWebServiceClient implements AmazonIdentityManagement {
/** Provider for AWS credentials. */
private final AWSCredentialsProvider awsCredentialsProvider;
private static final Log log = LogFactory.getLog(AmazonIdentityManagement.class);
/** Default signing name for the service. */
private static final String DEFAULT_SIGNING_NAME = "iam";
private volatile AmazonIdentityManagementWaiters waiters;
/** Client configuration factory providing ClientConfigurations tailored to this client */
protected static final ClientConfigurationFactory configFactory = new ClientConfigurationFactory();
private final AdvancedConfig advancedConfig;
/**
* Map of exception unmarshallers for all modeled exceptions
*/
private final Map> exceptionUnmarshallersMap = new HashMap>();
/**
* List of exception unmarshallers for all modeled exceptions Even though this exceptionUnmarshallers is not used in
* Clients, this is not removed since this was directly used by Client extended classes. Using this list can cause
* performance impact.
*/
protected final List> exceptionUnmarshallers = new ArrayList>();
protected Unmarshaller defaultUnmarshaller;
/**
* Constructs a new client to invoke service methods on IAM. A credentials provider chain will be used that searches
* for credentials in this order:
*
* - Environment Variables - AWS_ACCESS_KEY_ID and AWS_SECRET_KEY
* - Java System Properties - aws.accessKeyId and aws.secretKey
* - Instance profile credentials delivered through the Amazon EC2 metadata service
*
*
*
* All service calls made using this new client object are blocking, and will not return until the service call
* completes.
*
* @see DefaultAWSCredentialsProviderChain
* @deprecated use {@link AmazonIdentityManagementClientBuilder#defaultClient()}
*/
@Deprecated
public AmazonIdentityManagementClient() {
this(DefaultAWSCredentialsProviderChain.getInstance(), configFactory.getConfig());
}
/**
* Constructs a new client to invoke service methods on IAM. A credentials provider chain will be used that searches
* for credentials in this order:
*
* - Environment Variables - AWS_ACCESS_KEY_ID and AWS_SECRET_KEY
* - Java System Properties - aws.accessKeyId and aws.secretKey
* - Instance profile credentials delivered through the Amazon EC2 metadata service
*
*
*
* All service calls made using this new client object are blocking, and will not return until the service call
* completes.
*
* @param clientConfiguration
* The client configuration options controlling how this client connects to IAM (ex: proxy settings, retry
* counts, etc.).
*
* @see DefaultAWSCredentialsProviderChain
* @deprecated use {@link AmazonIdentityManagementClientBuilder#withClientConfiguration(ClientConfiguration)}
*/
@Deprecated
public AmazonIdentityManagementClient(ClientConfiguration clientConfiguration) {
this(DefaultAWSCredentialsProviderChain.getInstance(), clientConfiguration);
}
/**
* Constructs a new client to invoke service methods on IAM using the specified AWS account credentials.
*
*
* All service calls made using this new client object are blocking, and will not return until the service call
* completes.
*
* @param awsCredentials
* The AWS credentials (access key ID and secret key) to use when authenticating with AWS services.
* @deprecated use {@link AmazonIdentityManagementClientBuilder#withCredentials(AWSCredentialsProvider)} for
* example:
* {@code AmazonIdentityManagementClientBuilder.standard().withCredentials(new AWSStaticCredentialsProvider(awsCredentials)).build();}
*/
@Deprecated
public AmazonIdentityManagementClient(AWSCredentials awsCredentials) {
this(awsCredentials, configFactory.getConfig());
}
/**
* Constructs a new client to invoke service methods on IAM using the specified AWS account credentials and client
* configuration options.
*
*
* All service calls made using this new client object are blocking, and will not return until the service call
* completes.
*
* @param awsCredentials
* The AWS credentials (access key ID and secret key) to use when authenticating with AWS services.
* @param clientConfiguration
* The client configuration options controlling how this client connects to IAM (ex: proxy settings, retry
* counts, etc.).
* @deprecated use {@link AmazonIdentityManagementClientBuilder#withCredentials(AWSCredentialsProvider)} and
* {@link AmazonIdentityManagementClientBuilder#withClientConfiguration(ClientConfiguration)}
*/
@Deprecated
public AmazonIdentityManagementClient(AWSCredentials awsCredentials, ClientConfiguration clientConfiguration) {
super(clientConfiguration);
this.awsCredentialsProvider = new StaticCredentialsProvider(awsCredentials);
this.advancedConfig = AdvancedConfig.EMPTY;
init();
}
/**
* Constructs a new client to invoke service methods on IAM using the specified AWS account credentials provider.
*
*
* All service calls made using this new client object are blocking, and will not return until the service call
* completes.
*
* @param awsCredentialsProvider
* The AWS credentials provider which will provide credentials to authenticate requests with AWS services.
* @deprecated use {@link AmazonIdentityManagementClientBuilder#withCredentials(AWSCredentialsProvider)}
*/
@Deprecated
public AmazonIdentityManagementClient(AWSCredentialsProvider awsCredentialsProvider) {
this(awsCredentialsProvider, configFactory.getConfig());
}
/**
* Constructs a new client to invoke service methods on IAM using the specified AWS account credentials provider and
* client configuration options.
*
*
* All service calls made using this new client object are blocking, and will not return until the service call
* completes.
*
* @param awsCredentialsProvider
* The AWS credentials provider which will provide credentials to authenticate requests with AWS services.
* @param clientConfiguration
* The client configuration options controlling how this client connects to IAM (ex: proxy settings, retry
* counts, etc.).
* @deprecated use {@link AmazonIdentityManagementClientBuilder#withCredentials(AWSCredentialsProvider)} and
* {@link AmazonIdentityManagementClientBuilder#withClientConfiguration(ClientConfiguration)}
*/
@Deprecated
public AmazonIdentityManagementClient(AWSCredentialsProvider awsCredentialsProvider, ClientConfiguration clientConfiguration) {
this(awsCredentialsProvider, clientConfiguration, null);
}
/**
* Constructs a new client to invoke service methods on IAM using the specified AWS account credentials provider,
* client configuration options, and request metric collector.
*
*
* All service calls made using this new client object are blocking, and will not return until the service call
* completes.
*
* @param awsCredentialsProvider
* The AWS credentials provider which will provide credentials to authenticate requests with AWS services.
* @param clientConfiguration
* The client configuration options controlling how this client connects to IAM (ex: proxy settings, retry
* counts, etc.).
* @param requestMetricCollector
* optional request metric collector
* @deprecated use {@link AmazonIdentityManagementClientBuilder#withCredentials(AWSCredentialsProvider)} and
* {@link AmazonIdentityManagementClientBuilder#withClientConfiguration(ClientConfiguration)} and
* {@link AmazonIdentityManagementClientBuilder#withMetricsCollector(RequestMetricCollector)}
*/
@Deprecated
public AmazonIdentityManagementClient(AWSCredentialsProvider awsCredentialsProvider, ClientConfiguration clientConfiguration,
RequestMetricCollector requestMetricCollector) {
super(clientConfiguration, requestMetricCollector);
this.awsCredentialsProvider = awsCredentialsProvider;
this.advancedConfig = AdvancedConfig.EMPTY;
init();
}
public static AmazonIdentityManagementClientBuilder builder() {
return AmazonIdentityManagementClientBuilder.standard();
}
/**
* Constructs a new client to invoke service methods on IAM using the specified parameters.
*
*
* All service calls made using this new client object are blocking, and will not return until the service call
* completes.
*
* @param clientParams
* Object providing client parameters.
*/
AmazonIdentityManagementClient(AwsSyncClientParams clientParams) {
this(clientParams, false);
}
/**
* Constructs a new client to invoke service methods on IAM using the specified parameters.
*
*
* All service calls made using this new client object are blocking, and will not return until the service call
* completes.
*
* @param clientParams
* Object providing client parameters.
*/
AmazonIdentityManagementClient(AwsSyncClientParams clientParams, boolean endpointDiscoveryEnabled) {
super(clientParams);
this.awsCredentialsProvider = clientParams.getCredentialsProvider();
this.advancedConfig = clientParams.getAdvancedConfig();
init();
}
private void init() {
if (exceptionUnmarshallersMap.get("ConcurrentModification") == null) {
exceptionUnmarshallersMap.put("ConcurrentModification", new ConcurrentModificationExceptionUnmarshaller());
}
exceptionUnmarshallers.add(new ConcurrentModificationExceptionUnmarshaller());
if (exceptionUnmarshallersMap.get("UnmodifiableEntity") == null) {
exceptionUnmarshallersMap.put("UnmodifiableEntity", new UnmodifiableEntityExceptionUnmarshaller());
}
exceptionUnmarshallers.add(new UnmodifiableEntityExceptionUnmarshaller());
if (exceptionUnmarshallersMap.get("LimitExceeded") == null) {
exceptionUnmarshallersMap.put("LimitExceeded", new LimitExceededExceptionUnmarshaller());
}
exceptionUnmarshallers.add(new LimitExceededExceptionUnmarshaller());
if (exceptionUnmarshallersMap.get("NoSuchEntity") == null) {
exceptionUnmarshallersMap.put("NoSuchEntity", new NoSuchEntityExceptionUnmarshaller());
}
exceptionUnmarshallers.add(new NoSuchEntityExceptionUnmarshaller());
if (exceptionUnmarshallersMap.get("EntityTemporarilyUnmodifiable") == null) {
exceptionUnmarshallersMap.put("EntityTemporarilyUnmodifiable", new EntityTemporarilyUnmodifiableExceptionUnmarshaller());
}
exceptionUnmarshallers.add(new EntityTemporarilyUnmodifiableExceptionUnmarshaller());
if (exceptionUnmarshallersMap.get("NotSupportedService") == null) {
exceptionUnmarshallersMap.put("NotSupportedService", new ServiceNotSupportedExceptionUnmarshaller());
}
exceptionUnmarshallers.add(new ServiceNotSupportedExceptionUnmarshaller());
if (exceptionUnmarshallersMap.get("OpenIdIdpCommunicationError") == null) {
exceptionUnmarshallersMap.put("OpenIdIdpCommunicationError", new OpenIdIdpCommunicationErrorExceptionUnmarshaller());
}
exceptionUnmarshallers.add(new OpenIdIdpCommunicationErrorExceptionUnmarshaller());
if (exceptionUnmarshallersMap.get("ReportInProgress") == null) {
exceptionUnmarshallersMap.put("ReportInProgress", new CredentialReportNotReadyExceptionUnmarshaller());
}
exceptionUnmarshallers.add(new CredentialReportNotReadyExceptionUnmarshaller());
if (exceptionUnmarshallersMap.get("ServiceFailure") == null) {
exceptionUnmarshallersMap.put("ServiceFailure", new ServiceFailureExceptionUnmarshaller());
}
exceptionUnmarshallers.add(new ServiceFailureExceptionUnmarshaller());
if (exceptionUnmarshallersMap.get("InvalidPublicKey") == null) {
exceptionUnmarshallersMap.put("InvalidPublicKey", new InvalidPublicKeyExceptionUnmarshaller());
}
exceptionUnmarshallers.add(new InvalidPublicKeyExceptionUnmarshaller());
if (exceptionUnmarshallersMap.get("PolicyEvaluation") == null) {
exceptionUnmarshallersMap.put("PolicyEvaluation", new PolicyEvaluationExceptionUnmarshaller());
}
exceptionUnmarshallers.add(new PolicyEvaluationExceptionUnmarshaller());
if (exceptionUnmarshallersMap.get("InvalidInput") == null) {
exceptionUnmarshallersMap.put("InvalidInput", new InvalidInputExceptionUnmarshaller());
}
exceptionUnmarshallers.add(new InvalidInputExceptionUnmarshaller());
if (exceptionUnmarshallersMap.get("PolicyNotAttachable") == null) {
exceptionUnmarshallersMap.put("PolicyNotAttachable", new PolicyNotAttachableExceptionUnmarshaller());
}
exceptionUnmarshallers.add(new PolicyNotAttachableExceptionUnmarshaller());
if (exceptionUnmarshallersMap.get("MalformedCertificate") == null) {
exceptionUnmarshallersMap.put("MalformedCertificate", new MalformedCertificateExceptionUnmarshaller());
}
exceptionUnmarshallers.add(new MalformedCertificateExceptionUnmarshaller());
if (exceptionUnmarshallersMap.get("MalformedPolicyDocument") == null) {
exceptionUnmarshallersMap.put("MalformedPolicyDocument", new MalformedPolicyDocumentExceptionUnmarshaller());
}
exceptionUnmarshallers.add(new MalformedPolicyDocumentExceptionUnmarshaller());
if (exceptionUnmarshallersMap.get("DeleteConflict") == null) {
exceptionUnmarshallersMap.put("DeleteConflict", new DeleteConflictExceptionUnmarshaller());
}
exceptionUnmarshallers.add(new DeleteConflictExceptionUnmarshaller());
if (exceptionUnmarshallersMap.get("InvalidCertificate") == null) {
exceptionUnmarshallersMap.put("InvalidCertificate", new InvalidCertificateExceptionUnmarshaller());
}
exceptionUnmarshallers.add(new InvalidCertificateExceptionUnmarshaller());
if (exceptionUnmarshallersMap.get("PasswordPolicyViolation") == null) {
exceptionUnmarshallersMap.put("PasswordPolicyViolation", new PasswordPolicyViolationExceptionUnmarshaller());
}
exceptionUnmarshallers.add(new PasswordPolicyViolationExceptionUnmarshaller());
if (exceptionUnmarshallersMap.get("ReportExpired") == null) {
exceptionUnmarshallersMap.put("ReportExpired", new CredentialReportExpiredExceptionUnmarshaller());
}
exceptionUnmarshallers.add(new CredentialReportExpiredExceptionUnmarshaller());
if (exceptionUnmarshallersMap.get("InvalidUserType") == null) {
exceptionUnmarshallersMap.put("InvalidUserType", new InvalidUserTypeExceptionUnmarshaller());
}
exceptionUnmarshallers.add(new InvalidUserTypeExceptionUnmarshaller());
if (exceptionUnmarshallersMap.get("DuplicateSSHPublicKey") == null) {
exceptionUnmarshallersMap.put("DuplicateSSHPublicKey", new DuplicateSSHPublicKeyExceptionUnmarshaller());
}
exceptionUnmarshallers.add(new DuplicateSSHPublicKeyExceptionUnmarshaller());
if (exceptionUnmarshallersMap.get("DuplicateCertificate") == null) {
exceptionUnmarshallersMap.put("DuplicateCertificate", new DuplicateCertificateExceptionUnmarshaller());
}
exceptionUnmarshallers.add(new DuplicateCertificateExceptionUnmarshaller());
if (exceptionUnmarshallersMap.get("KeyPairMismatch") == null) {
exceptionUnmarshallersMap.put("KeyPairMismatch", new KeyPairMismatchExceptionUnmarshaller());
}
exceptionUnmarshallers.add(new KeyPairMismatchExceptionUnmarshaller());
if (exceptionUnmarshallersMap.get("EntityAlreadyExists") == null) {
exceptionUnmarshallersMap.put("EntityAlreadyExists", new EntityAlreadyExistsExceptionUnmarshaller());
}
exceptionUnmarshallers.add(new EntityAlreadyExistsExceptionUnmarshaller());
if (exceptionUnmarshallersMap.get("InvalidAuthenticationCode") == null) {
exceptionUnmarshallersMap.put("InvalidAuthenticationCode", new InvalidAuthenticationCodeExceptionUnmarshaller());
}
exceptionUnmarshallers.add(new InvalidAuthenticationCodeExceptionUnmarshaller());
if (exceptionUnmarshallersMap.get("ReportNotPresent") == null) {
exceptionUnmarshallersMap.put("ReportNotPresent", new CredentialReportNotPresentExceptionUnmarshaller());
}
exceptionUnmarshallers.add(new CredentialReportNotPresentExceptionUnmarshaller());
if (exceptionUnmarshallersMap.get("UnrecognizedPublicKeyEncoding") == null) {
exceptionUnmarshallersMap.put("UnrecognizedPublicKeyEncoding", new UnrecognizedPublicKeyEncodingExceptionUnmarshaller());
}
exceptionUnmarshallers.add(new UnrecognizedPublicKeyEncodingExceptionUnmarshaller());
if (exceptionUnmarshallersMap.get("ReportGenerationLimitExceeded") == null) {
exceptionUnmarshallersMap.put("ReportGenerationLimitExceeded", new ReportGenerationLimitExceededExceptionUnmarshaller());
}
exceptionUnmarshallers.add(new ReportGenerationLimitExceededExceptionUnmarshaller());
defaultUnmarshaller = new StandardErrorUnmarshaller(com.amazonaws.services.identitymanagement.model.AmazonIdentityManagementException.class);
exceptionUnmarshallers.add(new StandardErrorUnmarshaller(com.amazonaws.services.identitymanagement.model.AmazonIdentityManagementException.class));
setServiceNameIntern(DEFAULT_SIGNING_NAME);
setEndpointPrefix(ENDPOINT_PREFIX);
// calling this.setEndPoint(...) will also modify the signer accordingly
this.setEndpoint("iam.amazonaws.com");
HandlerChainFactory chainFactory = new HandlerChainFactory();
requestHandler2s.addAll(chainFactory.newRequestHandlerChain("/com/amazonaws/services/identitymanagement/request.handlers"));
requestHandler2s.addAll(chainFactory.newRequestHandler2Chain("/com/amazonaws/services/identitymanagement/request.handler2s"));
requestHandler2s.addAll(chainFactory.getGlobalHandlers());
}
/**
*
* Adds a new client ID (also known as audience) to the list of client IDs already registered for the specified IAM
* OpenID Connect (OIDC) provider resource.
*
*
* This operation is idempotent; it does not fail or return an error if you add an existing client ID to the
* provider.
*
*
* @param addClientIDToOpenIDConnectProviderRequest
* @return Result of the AddClientIDToOpenIDConnectProvider operation returned by the service.
* @throws InvalidInputException
* The request was rejected because an invalid or out-of-range value was supplied for an input parameter.
* @throws NoSuchEntityException
* The request was rejected because it referenced a resource entity that does not exist. The error message
* describes the resource.
* @throws LimitExceededException
* The request was rejected because it attempted to create resources beyond the current Amazon Web Services
* account limits. The error message describes the limit exceeded.
* @throws ServiceFailureException
* The request processing has failed because of an unknown error, exception or failure.
* @sample AmazonIdentityManagement.AddClientIDToOpenIDConnectProvider
* @see AWS API Documentation
*/
@Override
public AddClientIDToOpenIDConnectProviderResult addClientIDToOpenIDConnectProvider(AddClientIDToOpenIDConnectProviderRequest request) {
request = beforeClientExecution(request);
return executeAddClientIDToOpenIDConnectProvider(request);
}
@SdkInternalApi
final AddClientIDToOpenIDConnectProviderResult executeAddClientIDToOpenIDConnectProvider(
AddClientIDToOpenIDConnectProviderRequest addClientIDToOpenIDConnectProviderRequest) {
ExecutionContext executionContext = createExecutionContext(addClientIDToOpenIDConnectProviderRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new AddClientIDToOpenIDConnectProviderRequestMarshaller()
.marshall(super.beforeMarshalling(addClientIDToOpenIDConnectProviderRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "IAM");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "AddClientIDToOpenIDConnectProvider");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
StaxResponseHandler responseHandler = new StaxResponseHandler(
new AddClientIDToOpenIDConnectProviderResultStaxUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Adds the specified IAM role to the specified instance profile. An instance profile can contain only one role, and
* this quota cannot be increased. You can remove the existing role and then add a different role to an instance
* profile. You must then wait for the change to appear across all of Amazon Web Services because of eventual consistency. To force the change, you must
*
* disassociate the instance profile and then associate the
* instance profile, or you can stop your instance and then restart it.
*
*
*
* The caller of this operation must be granted the PassRole permission on the IAM role by a
* permissions policy.
*
*
*
* For more information about roles, see IAM roles in the IAM User Guide.
* For more information about instance profiles, see Using
* instance profiles in the IAM User Guide.
*
*
* @param addRoleToInstanceProfileRequest
* @return Result of the AddRoleToInstanceProfile operation returned by the service.
* @throws NoSuchEntityException
* The request was rejected because it referenced a resource entity that does not exist. The error message
* describes the resource.
* @throws EntityAlreadyExistsException
* The request was rejected because it attempted to create a resource that already exists.
* @throws LimitExceededException
* The request was rejected because it attempted to create resources beyond the current Amazon Web Services
* account limits. The error message describes the limit exceeded.
* @throws UnmodifiableEntityException
* The request was rejected because service-linked roles are protected Amazon Web Services resources. Only
* the service that depends on the service-linked role can modify or delete the role on your behalf. The
* error message includes the name of the service that depends on this service-linked role. You must request
* the change through that service.
* @throws ServiceFailureException
* The request processing has failed because of an unknown error, exception or failure.
* @sample AmazonIdentityManagement.AddRoleToInstanceProfile
* @see AWS
* API Documentation
*/
@Override
public AddRoleToInstanceProfileResult addRoleToInstanceProfile(AddRoleToInstanceProfileRequest request) {
request = beforeClientExecution(request);
return executeAddRoleToInstanceProfile(request);
}
@SdkInternalApi
final AddRoleToInstanceProfileResult executeAddRoleToInstanceProfile(AddRoleToInstanceProfileRequest addRoleToInstanceProfileRequest) {
ExecutionContext executionContext = createExecutionContext(addRoleToInstanceProfileRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new AddRoleToInstanceProfileRequestMarshaller().marshall(super.beforeMarshalling(addRoleToInstanceProfileRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "IAM");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "AddRoleToInstanceProfile");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
StaxResponseHandler responseHandler = new StaxResponseHandler(
new AddRoleToInstanceProfileResultStaxUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Adds the specified user to the specified group.
*
*
* @param addUserToGroupRequest
* @return Result of the AddUserToGroup operation returned by the service.
* @throws NoSuchEntityException
* The request was rejected because it referenced a resource entity that does not exist. The error message
* describes the resource.
* @throws LimitExceededException
* The request was rejected because it attempted to create resources beyond the current Amazon Web Services
* account limits. The error message describes the limit exceeded.
* @throws ServiceFailureException
* The request processing has failed because of an unknown error, exception or failure.
* @sample AmazonIdentityManagement.AddUserToGroup
* @see AWS API
* Documentation
*/
@Override
public AddUserToGroupResult addUserToGroup(AddUserToGroupRequest request) {
request = beforeClientExecution(request);
return executeAddUserToGroup(request);
}
@SdkInternalApi
final AddUserToGroupResult executeAddUserToGroup(AddUserToGroupRequest addUserToGroupRequest) {
ExecutionContext executionContext = createExecutionContext(addUserToGroupRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new AddUserToGroupRequestMarshaller().marshall(super.beforeMarshalling(addUserToGroupRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "IAM");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "AddUserToGroup");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
StaxResponseHandler responseHandler = new StaxResponseHandler(
new AddUserToGroupResultStaxUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Attaches the specified managed policy to the specified IAM group.
*
*
* You use this operation to attach a managed policy to a group. To embed an inline policy in a group, use PutGroupPolicy
* .
*
*
* As a best practice, you can validate your IAM policies. To learn more, see Validating IAM
* policies in the IAM User Guide.
*
*
* For more information about policies, see Managed policies and
* inline policies in the IAM User Guide.
*
*
* @param attachGroupPolicyRequest
* @return Result of the AttachGroupPolicy operation returned by the service.
* @throws NoSuchEntityException
* The request was rejected because it referenced a resource entity that does not exist. The error message
* describes the resource.
* @throws LimitExceededException
* The request was rejected because it attempted to create resources beyond the current Amazon Web Services
* account limits. The error message describes the limit exceeded.
* @throws InvalidInputException
* The request was rejected because an invalid or out-of-range value was supplied for an input parameter.
* @throws PolicyNotAttachableException
* The request failed because Amazon Web Services service role policies can only be attached to the
* service-linked role for that service.
* @throws ServiceFailureException
* The request processing has failed because of an unknown error, exception or failure.
* @sample AmazonIdentityManagement.AttachGroupPolicy
* @see AWS API
* Documentation
*/
@Override
public AttachGroupPolicyResult attachGroupPolicy(AttachGroupPolicyRequest request) {
request = beforeClientExecution(request);
return executeAttachGroupPolicy(request);
}
@SdkInternalApi
final AttachGroupPolicyResult executeAttachGroupPolicy(AttachGroupPolicyRequest attachGroupPolicyRequest) {
ExecutionContext executionContext = createExecutionContext(attachGroupPolicyRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new AttachGroupPolicyRequestMarshaller().marshall(super.beforeMarshalling(attachGroupPolicyRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "IAM");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "AttachGroupPolicy");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
StaxResponseHandler responseHandler = new StaxResponseHandler(
new AttachGroupPolicyResultStaxUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Attaches the specified managed policy to the specified IAM role. When you attach a managed policy to a role, the
* managed policy becomes part of the role's permission (access) policy.
*
*
*
* You cannot use a managed policy as the role's trust policy. The role's trust policy is created at the same time
* as the role, using
* CreateRole . You can update a role's trust policy using
* UpdateAssumerolePolicy .
*
*
*
* Use this operation to attach a managed policy to a role. To embed an inline policy in a role, use PutRolePolicy
* . For more information about policies, see Managed policies and
* inline policies in the IAM User Guide.
*
*
* As a best practice, you can validate your IAM policies. To learn more, see Validating IAM
* policies in the IAM User Guide.
*
*
* @param attachRolePolicyRequest
* @return Result of the AttachRolePolicy operation returned by the service.
* @throws NoSuchEntityException
* The request was rejected because it referenced a resource entity that does not exist. The error message
* describes the resource.
* @throws LimitExceededException
* The request was rejected because it attempted to create resources beyond the current Amazon Web Services
* account limits. The error message describes the limit exceeded.
* @throws InvalidInputException
* The request was rejected because an invalid or out-of-range value was supplied for an input parameter.
* @throws UnmodifiableEntityException
* The request was rejected because service-linked roles are protected Amazon Web Services resources. Only
* the service that depends on the service-linked role can modify or delete the role on your behalf. The
* error message includes the name of the service that depends on this service-linked role. You must request
* the change through that service.
* @throws PolicyNotAttachableException
* The request failed because Amazon Web Services service role policies can only be attached to the
* service-linked role for that service.
* @throws ServiceFailureException
* The request processing has failed because of an unknown error, exception or failure.
* @sample AmazonIdentityManagement.AttachRolePolicy
* @see AWS API
* Documentation
*/
@Override
public AttachRolePolicyResult attachRolePolicy(AttachRolePolicyRequest request) {
request = beforeClientExecution(request);
return executeAttachRolePolicy(request);
}
@SdkInternalApi
final AttachRolePolicyResult executeAttachRolePolicy(AttachRolePolicyRequest attachRolePolicyRequest) {
ExecutionContext executionContext = createExecutionContext(attachRolePolicyRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new AttachRolePolicyRequestMarshaller().marshall(super.beforeMarshalling(attachRolePolicyRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "IAM");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "AttachRolePolicy");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
StaxResponseHandler responseHandler = new StaxResponseHandler(
new AttachRolePolicyResultStaxUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Attaches the specified managed policy to the specified user.
*
*
* You use this operation to attach a managed policy to a user. To embed an inline policy in a user, use PutUserPolicy
* .
*
*
* As a best practice, you can validate your IAM policies. To learn more, see Validating IAM
* policies in the IAM User Guide.
*
*
* For more information about policies, see Managed policies and
* inline policies in the IAM User Guide.
*
*
* @param attachUserPolicyRequest
* @return Result of the AttachUserPolicy operation returned by the service.
* @throws NoSuchEntityException
* The request was rejected because it referenced a resource entity that does not exist. The error message
* describes the resource.
* @throws LimitExceededException
* The request was rejected because it attempted to create resources beyond the current Amazon Web Services
* account limits. The error message describes the limit exceeded.
* @throws InvalidInputException
* The request was rejected because an invalid or out-of-range value was supplied for an input parameter.
* @throws PolicyNotAttachableException
* The request failed because Amazon Web Services service role policies can only be attached to the
* service-linked role for that service.
* @throws ServiceFailureException
* The request processing has failed because of an unknown error, exception or failure.
* @sample AmazonIdentityManagement.AttachUserPolicy
* @see AWS API
* Documentation
*/
@Override
public AttachUserPolicyResult attachUserPolicy(AttachUserPolicyRequest request) {
request = beforeClientExecution(request);
return executeAttachUserPolicy(request);
}
@SdkInternalApi
final AttachUserPolicyResult executeAttachUserPolicy(AttachUserPolicyRequest attachUserPolicyRequest) {
ExecutionContext executionContext = createExecutionContext(attachUserPolicyRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new AttachUserPolicyRequestMarshaller().marshall(super.beforeMarshalling(attachUserPolicyRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "IAM");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "AttachUserPolicy");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
StaxResponseHandler responseHandler = new StaxResponseHandler(
new AttachUserPolicyResultStaxUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Changes the password of the IAM user who is calling this operation. This operation can be performed using the
* CLI, the Amazon Web Services API, or the My Security Credentials page in the Amazon Web Services
* Management Console. The Amazon Web Services account root user password is not affected by this operation.
*
*
* Use UpdateLoginProfile to use the CLI, the Amazon Web Services API, or the Users page in the IAM
* console to change the password for any IAM user. For more information about modifying passwords, see Managing passwords in the
* IAM User Guide.
*
*
* @param changePasswordRequest
* @return Result of the ChangePassword operation returned by the service.
* @throws NoSuchEntityException
* The request was rejected because it referenced a resource entity that does not exist. The error message
* describes the resource.
* @throws InvalidUserTypeException
* The request was rejected because the type of user for the transaction was incorrect.
* @throws LimitExceededException
* The request was rejected because it attempted to create resources beyond the current Amazon Web Services
* account limits. The error message describes the limit exceeded.
* @throws EntityTemporarilyUnmodifiableException
* The request was rejected because it referenced an entity that is temporarily unmodifiable, such as a user
* name that was deleted and then recreated. The error indicates that the request is likely to succeed if
* you try again after waiting several minutes. The error message describes the entity.
* @throws PasswordPolicyViolationException
* The request was rejected because the provided password did not meet the requirements imposed by the
* account password policy.
* @throws ServiceFailureException
* The request processing has failed because of an unknown error, exception or failure.
* @sample AmazonIdentityManagement.ChangePassword
* @see AWS API
* Documentation
*/
@Override
public ChangePasswordResult changePassword(ChangePasswordRequest request) {
request = beforeClientExecution(request);
return executeChangePassword(request);
}
@SdkInternalApi
final ChangePasswordResult executeChangePassword(ChangePasswordRequest changePasswordRequest) {
ExecutionContext executionContext = createExecutionContext(changePasswordRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new ChangePasswordRequestMarshaller().marshall(super.beforeMarshalling(changePasswordRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "IAM");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "ChangePassword");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
StaxResponseHandler responseHandler = new StaxResponseHandler(
new ChangePasswordResultStaxUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Creates a new Amazon Web Services secret access key and corresponding Amazon Web Services access key ID for the
* specified user. The default status for new keys is Active.
*
*
* If you do not specify a user name, IAM determines the user name implicitly based on the Amazon Web Services
* access key ID signing the request. This operation works for access keys under the Amazon Web Services account.
* Consequently, you can use this operation to manage Amazon Web Services account root user credentials. This is
* true even if the Amazon Web Services account has no associated users.
*
*
* For information about quotas on the number of keys you can create, see IAM and STS quotas in the
* IAM User Guide.
*
*
*
* To ensure the security of your Amazon Web Services account, the secret access key is accessible only during key
* and user creation. You must save the key (for example, in a text file) if you want to be able to access it again.
* If a secret key is lost, you can delete the access keys for the associated user and then create new keys.
*
*
*
* @param createAccessKeyRequest
* @return Result of the CreateAccessKey operation returned by the service.
* @throws NoSuchEntityException
* The request was rejected because it referenced a resource entity that does not exist. The error message
* describes the resource.
* @throws LimitExceededException
* The request was rejected because it attempted to create resources beyond the current Amazon Web Services
* account limits. The error message describes the limit exceeded.
* @throws ServiceFailureException
* The request processing has failed because of an unknown error, exception or failure.
* @sample AmazonIdentityManagement.CreateAccessKey
* @see AWS API
* Documentation
*/
@Override
public CreateAccessKeyResult createAccessKey(CreateAccessKeyRequest request) {
request = beforeClientExecution(request);
return executeCreateAccessKey(request);
}
@SdkInternalApi
final CreateAccessKeyResult executeCreateAccessKey(CreateAccessKeyRequest createAccessKeyRequest) {
ExecutionContext executionContext = createExecutionContext(createAccessKeyRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new CreateAccessKeyRequestMarshaller().marshall(super.beforeMarshalling(createAccessKeyRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "IAM");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "CreateAccessKey");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
StaxResponseHandler responseHandler = new StaxResponseHandler(
new CreateAccessKeyResultStaxUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
@Override
public CreateAccessKeyResult createAccessKey() {
return createAccessKey(new CreateAccessKeyRequest());
}
/**
*
* Creates an alias for your Amazon Web Services account. For information about using an Amazon Web Services account
* alias, see Creating,
* deleting, and listing an Amazon Web Services account alias in the Amazon Web Services Sign-In User
* Guide.
*
*
* @param createAccountAliasRequest
* @return Result of the CreateAccountAlias operation returned by the service.
* @throws ConcurrentModificationException
* The request was rejected because multiple requests to change this object were submitted simultaneously.
* Wait a few minutes and submit your request again.
* @throws EntityAlreadyExistsException
* The request was rejected because it attempted to create a resource that already exists.
* @throws LimitExceededException
* The request was rejected because it attempted to create resources beyond the current Amazon Web Services
* account limits. The error message describes the limit exceeded.
* @throws ServiceFailureException
* The request processing has failed because of an unknown error, exception or failure.
* @sample AmazonIdentityManagement.CreateAccountAlias
* @see AWS API
* Documentation
*/
@Override
public CreateAccountAliasResult createAccountAlias(CreateAccountAliasRequest request) {
request = beforeClientExecution(request);
return executeCreateAccountAlias(request);
}
@SdkInternalApi
final CreateAccountAliasResult executeCreateAccountAlias(CreateAccountAliasRequest createAccountAliasRequest) {
ExecutionContext executionContext = createExecutionContext(createAccountAliasRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new CreateAccountAliasRequestMarshaller().marshall(super.beforeMarshalling(createAccountAliasRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "IAM");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "CreateAccountAlias");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
StaxResponseHandler responseHandler = new StaxResponseHandler(
new CreateAccountAliasResultStaxUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Creates a new group.
*
*
* For information about the number of groups you can create, see IAM and STS quotas in the
* IAM User Guide.
*
*
* @param createGroupRequest
* @return Result of the CreateGroup operation returned by the service.
* @throws LimitExceededException
* The request was rejected because it attempted to create resources beyond the current Amazon Web Services
* account limits. The error message describes the limit exceeded.
* @throws EntityAlreadyExistsException
* The request was rejected because it attempted to create a resource that already exists.
* @throws NoSuchEntityException
* The request was rejected because it referenced a resource entity that does not exist. The error message
* describes the resource.
* @throws ServiceFailureException
* The request processing has failed because of an unknown error, exception or failure.
* @sample AmazonIdentityManagement.CreateGroup
* @see AWS API
* Documentation
*/
@Override
public CreateGroupResult createGroup(CreateGroupRequest request) {
request = beforeClientExecution(request);
return executeCreateGroup(request);
}
@SdkInternalApi
final CreateGroupResult executeCreateGroup(CreateGroupRequest createGroupRequest) {
ExecutionContext executionContext = createExecutionContext(createGroupRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new CreateGroupRequestMarshaller().marshall(super.beforeMarshalling(createGroupRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "IAM");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "CreateGroup");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
StaxResponseHandler responseHandler = new StaxResponseHandler(new CreateGroupResultStaxUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Creates a new instance profile. For information about instance profiles, see Using roles for
* applications on Amazon EC2 in the IAM User Guide, and Instance profiles in the Amazon EC2 User Guide.
*
*
* For information about the number of instance profiles you can create, see IAM object quotas in the
* IAM User Guide.
*
*
* @param createInstanceProfileRequest
* @return Result of the CreateInstanceProfile operation returned by the service.
* @throws EntityAlreadyExistsException
* The request was rejected because it attempted to create a resource that already exists.
* @throws InvalidInputException
* The request was rejected because an invalid or out-of-range value was supplied for an input parameter.
* @throws LimitExceededException
* The request was rejected because it attempted to create resources beyond the current Amazon Web Services
* account limits. The error message describes the limit exceeded.
* @throws ConcurrentModificationException
* The request was rejected because multiple requests to change this object were submitted simultaneously.
* Wait a few minutes and submit your request again.
* @throws ServiceFailureException
* The request processing has failed because of an unknown error, exception or failure.
* @sample AmazonIdentityManagement.CreateInstanceProfile
* @see AWS API
* Documentation
*/
@Override
public CreateInstanceProfileResult createInstanceProfile(CreateInstanceProfileRequest request) {
request = beforeClientExecution(request);
return executeCreateInstanceProfile(request);
}
@SdkInternalApi
final CreateInstanceProfileResult executeCreateInstanceProfile(CreateInstanceProfileRequest createInstanceProfileRequest) {
ExecutionContext executionContext = createExecutionContext(createInstanceProfileRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new CreateInstanceProfileRequestMarshaller().marshall(super.beforeMarshalling(createInstanceProfileRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "IAM");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "CreateInstanceProfile");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
StaxResponseHandler responseHandler = new StaxResponseHandler(
new CreateInstanceProfileResultStaxUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Creates a password for the specified IAM user. A password allows an IAM user to access Amazon Web Services
* services through the Amazon Web Services Management Console.
*
*
* You can use the CLI, the Amazon Web Services API, or the Users page in the IAM console to create a
* password for any IAM user. Use ChangePassword to update your own existing password in the My Security
* Credentials page in the Amazon Web Services Management Console.
*
*
* For more information about managing passwords, see Managing passwords in the
* IAM User Guide.
*
*
* @param createLoginProfileRequest
* @return Result of the CreateLoginProfile operation returned by the service.
* @throws EntityAlreadyExistsException
* The request was rejected because it attempted to create a resource that already exists.
* @throws NoSuchEntityException
* The request was rejected because it referenced a resource entity that does not exist. The error message
* describes the resource.
* @throws PasswordPolicyViolationException
* The request was rejected because the provided password did not meet the requirements imposed by the
* account password policy.
* @throws LimitExceededException
* The request was rejected because it attempted to create resources beyond the current Amazon Web Services
* account limits. The error message describes the limit exceeded.
* @throws ServiceFailureException
* The request processing has failed because of an unknown error, exception or failure.
* @sample AmazonIdentityManagement.CreateLoginProfile
* @see AWS API
* Documentation
*/
@Override
public CreateLoginProfileResult createLoginProfile(CreateLoginProfileRequest request) {
request = beforeClientExecution(request);
return executeCreateLoginProfile(request);
}
@SdkInternalApi
final CreateLoginProfileResult executeCreateLoginProfile(CreateLoginProfileRequest createLoginProfileRequest) {
ExecutionContext executionContext = createExecutionContext(createLoginProfileRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new CreateLoginProfileRequestMarshaller().marshall(super.beforeMarshalling(createLoginProfileRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "IAM");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "CreateLoginProfile");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
StaxResponseHandler responseHandler = new StaxResponseHandler(
new CreateLoginProfileResultStaxUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Creates an IAM entity to describe an identity provider (IdP) that supports OpenID Connect (OIDC).
*
*
* The OIDC provider that you create with this operation can be used as a principal in a role's trust policy. Such a
* policy establishes a trust relationship between Amazon Web Services and the OIDC provider.
*
*
* If you are using an OIDC identity provider from Google, Facebook, or Amazon Cognito, you don't need to create a
* separate IAM identity provider. These OIDC identity providers are already built-in to Amazon Web Services and are
* available for your use. Instead, you can move directly to creating new roles using your identity provider. To
* learn more, see Creating a role for web
* identity or OpenID connect federation in the IAM User Guide.
*
*
* When you create the IAM OIDC provider, you specify the following:
*
*
* -
*
* The URL of the OIDC identity provider (IdP) to trust
*
*
* -
*
* A list of client IDs (also known as audiences) that identify the application or applications allowed to
* authenticate using the OIDC provider
*
*
* -
*
* A list of tags that are attached to the specified IAM OIDC provider
*
*
* -
*
* A list of thumbprints of one or more server certificates that the IdP uses
*
*
*
*
* You get all of this information from the OIDC IdP you want to use to access Amazon Web Services.
*
*
*
* Amazon Web Services secures communication with some OIDC identity providers (IdPs) through our library of trusted
* root certificate authorities (CAs) instead of using a certificate thumbprint to verify your IdP server
* certificate. In these cases, your legacy thumbprint remains in your configuration, but is no longer used for
* validation. These OIDC IdPs include Auth0, GitHub, GitLab, Google, and those that use an Amazon S3 bucket to host
* a JSON Web Key Set (JWKS) endpoint.
*
*
*
* The trust for the OIDC provider is derived from the IAM provider that this operation creates. Therefore, it is
* best to limit access to the CreateOpenIDConnectProvider operation to highly privileged users.
*
*
*
* @param createOpenIDConnectProviderRequest
* @return Result of the CreateOpenIDConnectProvider operation returned by the service.
* @throws InvalidInputException
* The request was rejected because an invalid or out-of-range value was supplied for an input parameter.
* @throws EntityAlreadyExistsException
* The request was rejected because it attempted to create a resource that already exists.
* @throws LimitExceededException
* The request was rejected because it attempted to create resources beyond the current Amazon Web Services
* account limits. The error message describes the limit exceeded.
* @throws ConcurrentModificationException
* The request was rejected because multiple requests to change this object were submitted simultaneously.
* Wait a few minutes and submit your request again.
* @throws ServiceFailureException
* The request processing has failed because of an unknown error, exception or failure.
* @throws OpenIdIdpCommunicationErrorException
* The request failed because IAM cannot connect to the OpenID Connect identity provider URL.
* @sample AmazonIdentityManagement.CreateOpenIDConnectProvider
* @see AWS API Documentation
*/
@Override
public CreateOpenIDConnectProviderResult createOpenIDConnectProvider(CreateOpenIDConnectProviderRequest request) {
request = beforeClientExecution(request);
return executeCreateOpenIDConnectProvider(request);
}
@SdkInternalApi
final CreateOpenIDConnectProviderResult executeCreateOpenIDConnectProvider(CreateOpenIDConnectProviderRequest createOpenIDConnectProviderRequest) {
ExecutionContext executionContext = createExecutionContext(createOpenIDConnectProviderRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new CreateOpenIDConnectProviderRequestMarshaller().marshall(super.beforeMarshalling(createOpenIDConnectProviderRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "IAM");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "CreateOpenIDConnectProvider");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
StaxResponseHandler responseHandler = new StaxResponseHandler(
new CreateOpenIDConnectProviderResultStaxUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Creates a new managed policy for your Amazon Web Services account.
*
*
* This operation creates a policy version with a version identifier of v1 and sets v1 as the policy's
* default version. For more information about policy versions, see Versioning for managed
* policies in the IAM User Guide.
*
*
* As a best practice, you can validate your IAM policies. To learn more, see Validating IAM
* policies in the IAM User Guide.
*
*
* For more information about managed policies in general, see Managed policies and
* inline policies in the IAM User Guide.
*
*
* @param createPolicyRequest
* @return Result of the CreatePolicy operation returned by the service.
* @throws InvalidInputException
* The request was rejected because an invalid or out-of-range value was supplied for an input parameter.
* @throws LimitExceededException
* The request was rejected because it attempted to create resources beyond the current Amazon Web Services
* account limits. The error message describes the limit exceeded.
* @throws EntityAlreadyExistsException
* The request was rejected because it attempted to create a resource that already exists.
* @throws MalformedPolicyDocumentException
* The request was rejected because the policy document was malformed. The error message describes the
* specific error.
* @throws ConcurrentModificationException
* The request was rejected because multiple requests to change this object were submitted simultaneously.
* Wait a few minutes and submit your request again.
* @throws ServiceFailureException
* The request processing has failed because of an unknown error, exception or failure.
* @sample AmazonIdentityManagement.CreatePolicy
* @see AWS API
* Documentation
*/
@Override
public CreatePolicyResult createPolicy(CreatePolicyRequest request) {
request = beforeClientExecution(request);
return executeCreatePolicy(request);
}
@SdkInternalApi
final CreatePolicyResult executeCreatePolicy(CreatePolicyRequest createPolicyRequest) {
ExecutionContext executionContext = createExecutionContext(createPolicyRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new CreatePolicyRequestMarshaller().marshall(super.beforeMarshalling(createPolicyRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "IAM");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "CreatePolicy");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
StaxResponseHandler responseHandler = new StaxResponseHandler(new CreatePolicyResultStaxUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Creates a new version of the specified managed policy. To update a managed policy, you create a new policy
* version. A managed policy can have up to five versions. If the policy has five versions, you must delete an
* existing version using DeletePolicyVersion before you create a new version.
*
*
* Optionally, you can set the new version as the policy's default version. The default version is the version that
* is in effect for the IAM users, groups, and roles to which the policy is attached.
*
*
* For more information about managed policy versions, see Versioning for managed
* policies in the IAM User Guide.
*
*
* @param createPolicyVersionRequest
* @return Result of the CreatePolicyVersion operation returned by the service.
* @throws NoSuchEntityException
* The request was rejected because it referenced a resource entity that does not exist. The error message
* describes the resource.
* @throws MalformedPolicyDocumentException
* The request was rejected because the policy document was malformed. The error message describes the
* specific error.
* @throws InvalidInputException
* The request was rejected because an invalid or out-of-range value was supplied for an input parameter.
* @throws LimitExceededException
* The request was rejected because it attempted to create resources beyond the current Amazon Web Services
* account limits. The error message describes the limit exceeded.
* @throws ServiceFailureException
* The request processing has failed because of an unknown error, exception or failure.
* @sample AmazonIdentityManagement.CreatePolicyVersion
* @see AWS API
* Documentation
*/
@Override
public CreatePolicyVersionResult createPolicyVersion(CreatePolicyVersionRequest request) {
request = beforeClientExecution(request);
return executeCreatePolicyVersion(request);
}
@SdkInternalApi
final CreatePolicyVersionResult executeCreatePolicyVersion(CreatePolicyVersionRequest createPolicyVersionRequest) {
ExecutionContext executionContext = createExecutionContext(createPolicyVersionRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new CreatePolicyVersionRequestMarshaller().marshall(super.beforeMarshalling(createPolicyVersionRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "IAM");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "CreatePolicyVersion");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
StaxResponseHandler responseHandler = new StaxResponseHandler(
new CreatePolicyVersionResultStaxUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Creates a new role for your Amazon Web Services account.
*
*
* For more information about roles, see IAM roles in the IAM User Guide.
* For information about quotas for role names and the number of roles you can create, see IAM and STS quotas in the
* IAM User Guide.
*
*
* @param createRoleRequest
* @return Result of the CreateRole operation returned by the service.
* @throws LimitExceededException
* The request was rejected because it attempted to create resources beyond the current Amazon Web Services
* account limits. The error message describes the limit exceeded.
* @throws InvalidInputException
* The request was rejected because an invalid or out-of-range value was supplied for an input parameter.
* @throws EntityAlreadyExistsException
* The request was rejected because it attempted to create a resource that already exists.
* @throws MalformedPolicyDocumentException
* The request was rejected because the policy document was malformed. The error message describes the
* specific error.
* @throws ConcurrentModificationException
* The request was rejected because multiple requests to change this object were submitted simultaneously.
* Wait a few minutes and submit your request again.
* @throws ServiceFailureException
* The request processing has failed because of an unknown error, exception or failure.
* @sample AmazonIdentityManagement.CreateRole
* @see AWS API
* Documentation
*/
@Override
public CreateRoleResult createRole(CreateRoleRequest request) {
request = beforeClientExecution(request);
return executeCreateRole(request);
}
@SdkInternalApi
final CreateRoleResult executeCreateRole(CreateRoleRequest createRoleRequest) {
ExecutionContext executionContext = createExecutionContext(createRoleRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new CreateRoleRequestMarshaller().marshall(super.beforeMarshalling(createRoleRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "IAM");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "CreateRole");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
StaxResponseHandler responseHandler = new StaxResponseHandler(new CreateRoleResultStaxUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Creates an IAM resource that describes an identity provider (IdP) that supports SAML 2.0.
*
*
* The SAML provider resource that you create with this operation can be used as a principal in an IAM role's trust
* policy. Such a policy can enable federated users who sign in using the SAML IdP to assume the role. You can
* create an IAM role that supports Web-based single sign-on (SSO) to the Amazon Web Services Management Console or
* one that supports API access to Amazon Web Services.
*
*
* When you create the SAML provider resource, you upload a SAML metadata document that you get from your IdP. That
* document includes the issuer's name, expiration information, and keys that can be used to validate the SAML
* authentication response (assertions) that the IdP sends. You must generate the metadata document using the
* identity management software that is used as your organization's IdP.
*
*
*
* This operation requires Signature Version 4.
*
*
*
* For more information, see Enabling SAML
* 2.0 federated users to access the Amazon Web Services Management Console and About SAML 2.0-based
* federation in the IAM User Guide.
*
*
* @param createSAMLProviderRequest
* @return Result of the CreateSAMLProvider operation returned by the service.
* @throws InvalidInputException
* The request was rejected because an invalid or out-of-range value was supplied for an input parameter.
* @throws EntityAlreadyExistsException
* The request was rejected because it attempted to create a resource that already exists.
* @throws LimitExceededException
* The request was rejected because it attempted to create resources beyond the current Amazon Web Services
* account limits. The error message describes the limit exceeded.
* @throws ConcurrentModificationException
* The request was rejected because multiple requests to change this object were submitted simultaneously.
* Wait a few minutes and submit your request again.
* @throws ServiceFailureException
* The request processing has failed because of an unknown error, exception or failure.
* @sample AmazonIdentityManagement.CreateSAMLProvider
* @see AWS API
* Documentation
*/
@Override
public CreateSAMLProviderResult createSAMLProvider(CreateSAMLProviderRequest request) {
request = beforeClientExecution(request);
return executeCreateSAMLProvider(request);
}
@SdkInternalApi
final CreateSAMLProviderResult executeCreateSAMLProvider(CreateSAMLProviderRequest createSAMLProviderRequest) {
ExecutionContext executionContext = createExecutionContext(createSAMLProviderRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new CreateSAMLProviderRequestMarshaller().marshall(super.beforeMarshalling(createSAMLProviderRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "IAM");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "CreateSAMLProvider");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
StaxResponseHandler responseHandler = new StaxResponseHandler(
new CreateSAMLProviderResultStaxUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Creates an IAM role that is linked to a specific Amazon Web Services service. The service controls the attached
* policies and when the role can be deleted. This helps ensure that the service is not broken by an unexpectedly
* changed or deleted role, which could put your Amazon Web Services resources into an unknown state. Allowing the
* service to control the role helps improve service stability and proper cleanup when a service and its role are no
* longer needed. For more information, see Using service-linked
* roles in the IAM User Guide.
*
*
* To attach a policy to this service-linked role, you must make the request using the Amazon Web Services service
* that depends on this role.
*
*
* @param createServiceLinkedRoleRequest
* @return Result of the CreateServiceLinkedRole operation returned by the service.
* @throws InvalidInputException
* The request was rejected because an invalid or out-of-range value was supplied for an input parameter.
* @throws LimitExceededException
* The request was rejected because it attempted to create resources beyond the current Amazon Web Services
* account limits. The error message describes the limit exceeded.
* @throws NoSuchEntityException
* The request was rejected because it referenced a resource entity that does not exist. The error message
* describes the resource.
* @throws ServiceFailureException
* The request processing has failed because of an unknown error, exception or failure.
* @sample AmazonIdentityManagement.CreateServiceLinkedRole
* @see AWS
* API Documentation
*/
@Override
public CreateServiceLinkedRoleResult createServiceLinkedRole(CreateServiceLinkedRoleRequest request) {
request = beforeClientExecution(request);
return executeCreateServiceLinkedRole(request);
}
@SdkInternalApi
final CreateServiceLinkedRoleResult executeCreateServiceLinkedRole(CreateServiceLinkedRoleRequest createServiceLinkedRoleRequest) {
ExecutionContext executionContext = createExecutionContext(createServiceLinkedRoleRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new CreateServiceLinkedRoleRequestMarshaller().marshall(super.beforeMarshalling(createServiceLinkedRoleRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "IAM");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "CreateServiceLinkedRole");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
StaxResponseHandler responseHandler = new StaxResponseHandler(
new CreateServiceLinkedRoleResultStaxUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Generates a set of credentials consisting of a user name and password that can be used to access the service
* specified in the request. These credentials are generated by IAM, and can be used only for the specified service.
*
*
* You can have a maximum of two sets of service-specific credentials for each supported service per user.
*
*
* You can create service-specific credentials for CodeCommit and Amazon Keyspaces (for Apache Cassandra).
*
*
* You can reset the password to a new service-generated value by calling ResetServiceSpecificCredential.
*
*
* For more information about service-specific credentials, see Using IAM with CodeCommit:
* Git credentials, SSH keys, and Amazon Web Services access keys in the IAM User Guide.
*
*
* @param createServiceSpecificCredentialRequest
* @return Result of the CreateServiceSpecificCredential operation returned by the service.
* @throws LimitExceededException
* The request was rejected because it attempted to create resources beyond the current Amazon Web Services
* account limits. The error message describes the limit exceeded.
* @throws NoSuchEntityException
* The request was rejected because it referenced a resource entity that does not exist. The error message
* describes the resource.
* @throws ServiceNotSupportedException
* The specified service does not support service-specific credentials.
* @sample AmazonIdentityManagement.CreateServiceSpecificCredential
* @see AWS API Documentation
*/
@Override
public CreateServiceSpecificCredentialResult createServiceSpecificCredential(CreateServiceSpecificCredentialRequest request) {
request = beforeClientExecution(request);
return executeCreateServiceSpecificCredential(request);
}
@SdkInternalApi
final CreateServiceSpecificCredentialResult executeCreateServiceSpecificCredential(
CreateServiceSpecificCredentialRequest createServiceSpecificCredentialRequest) {
ExecutionContext executionContext = createExecutionContext(createServiceSpecificCredentialRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new CreateServiceSpecificCredentialRequestMarshaller().marshall(super.beforeMarshalling(createServiceSpecificCredentialRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "IAM");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "CreateServiceSpecificCredential");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
StaxResponseHandler responseHandler = new StaxResponseHandler(
new CreateServiceSpecificCredentialResultStaxUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Creates a new IAM user for your Amazon Web Services account.
*
*
* For information about quotas for the number of IAM users you can create, see IAM and STS quotas in the
* IAM User Guide.
*
*
* @param createUserRequest
* @return Result of the CreateUser operation returned by the service.
* @throws LimitExceededException
* The request was rejected because it attempted to create resources beyond the current Amazon Web Services
* account limits. The error message describes the limit exceeded.
* @throws EntityAlreadyExistsException
* The request was rejected because it attempted to create a resource that already exists.
* @throws NoSuchEntityException
* The request was rejected because it referenced a resource entity that does not exist. The error message
* describes the resource.
* @throws InvalidInputException
* The request was rejected because an invalid or out-of-range value was supplied for an input parameter.
* @throws ConcurrentModificationException
* The request was rejected because multiple requests to change this object were submitted simultaneously.
* Wait a few minutes and submit your request again.
* @throws ServiceFailureException
* The request processing has failed because of an unknown error, exception or failure.
* @sample AmazonIdentityManagement.CreateUser
* @see AWS API
* Documentation
*/
@Override
public CreateUserResult createUser(CreateUserRequest request) {
request = beforeClientExecution(request);
return executeCreateUser(request);
}
@SdkInternalApi
final CreateUserResult executeCreateUser(CreateUserRequest createUserRequest) {
ExecutionContext executionContext = createExecutionContext(createUserRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new CreateUserRequestMarshaller().marshall(super.beforeMarshalling(createUserRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "IAM");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "CreateUser");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
StaxResponseHandler responseHandler = new StaxResponseHandler(new CreateUserResultStaxUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Creates a new virtual MFA device for the Amazon Web Services account. After creating the virtual MFA, use
* EnableMFADevice to attach the MFA device to an IAM user. For more information about creating and working
* with virtual MFA devices, see Using a virtual MFA device in
* the IAM User Guide.
*
*
* For information about the maximum number of MFA devices you can create, see IAM and STS quotas in the
* IAM User Guide.
*
*
*
* The seed information contained in the QR code and the Base32 string should be treated like any other secret
* access information. In other words, protect the seed information as you would your Amazon Web Services access
* keys or your passwords. After you provision your virtual device, you should ensure that the information is
* destroyed following secure procedures.
*
*
*
* @param createVirtualMFADeviceRequest
* @return Result of the CreateVirtualMFADevice operation returned by the service.
* @throws LimitExceededException
* The request was rejected because it attempted to create resources beyond the current Amazon Web Services
* account limits. The error message describes the limit exceeded.
* @throws InvalidInputException
* The request was rejected because an invalid or out-of-range value was supplied for an input parameter.
* @throws EntityAlreadyExistsException
* The request was rejected because it attempted to create a resource that already exists.
* @throws ConcurrentModificationException
* The request was rejected because multiple requests to change this object were submitted simultaneously.
* Wait a few minutes and submit your request again.
* @throws ServiceFailureException
* The request processing has failed because of an unknown error, exception or failure.
* @sample AmazonIdentityManagement.CreateVirtualMFADevice
* @see AWS API
* Documentation
*/
@Override
public CreateVirtualMFADeviceResult createVirtualMFADevice(CreateVirtualMFADeviceRequest request) {
request = beforeClientExecution(request);
return executeCreateVirtualMFADevice(request);
}
@SdkInternalApi
final CreateVirtualMFADeviceResult executeCreateVirtualMFADevice(CreateVirtualMFADeviceRequest createVirtualMFADeviceRequest) {
ExecutionContext executionContext = createExecutionContext(createVirtualMFADeviceRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new CreateVirtualMFADeviceRequestMarshaller().marshall(super.beforeMarshalling(createVirtualMFADeviceRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "IAM");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "CreateVirtualMFADevice");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
StaxResponseHandler responseHandler = new StaxResponseHandler(
new CreateVirtualMFADeviceResultStaxUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Deactivates the specified MFA device and removes it from association with the user name for which it was
* originally enabled.
*
*
* For more information about creating and working with virtual MFA devices, see Enabling a virtual multi-factor
* authentication (MFA) device in the IAM User Guide.
*
*
* @param deactivateMFADeviceRequest
* @return Result of the DeactivateMFADevice operation returned by the service.
* @throws EntityTemporarilyUnmodifiableException
* The request was rejected because it referenced an entity that is temporarily unmodifiable, such as a user
* name that was deleted and then recreated. The error indicates that the request is likely to succeed if
* you try again after waiting several minutes. The error message describes the entity.
* @throws NoSuchEntityException
* The request was rejected because it referenced a resource entity that does not exist. The error message
* describes the resource.
* @throws LimitExceededException
* The request was rejected because it attempted to create resources beyond the current Amazon Web Services
* account limits. The error message describes the limit exceeded.
* @throws ServiceFailureException
* The request processing has failed because of an unknown error, exception or failure.
* @throws ConcurrentModificationException
* The request was rejected because multiple requests to change this object were submitted simultaneously.
* Wait a few minutes and submit your request again.
* @sample AmazonIdentityManagement.DeactivateMFADevice
* @see AWS API
* Documentation
*/
@Override
public DeactivateMFADeviceResult deactivateMFADevice(DeactivateMFADeviceRequest request) {
request = beforeClientExecution(request);
return executeDeactivateMFADevice(request);
}
@SdkInternalApi
final DeactivateMFADeviceResult executeDeactivateMFADevice(DeactivateMFADeviceRequest deactivateMFADeviceRequest) {
ExecutionContext executionContext = createExecutionContext(deactivateMFADeviceRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new DeactivateMFADeviceRequestMarshaller().marshall(super.beforeMarshalling(deactivateMFADeviceRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "IAM");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "DeactivateMFADevice");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
StaxResponseHandler responseHandler = new StaxResponseHandler(
new DeactivateMFADeviceResultStaxUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Deletes the access key pair associated with the specified IAM user.
*
*
* If you do not specify a user name, IAM determines the user name implicitly based on the Amazon Web Services
* access key ID signing the request. This operation works for access keys under the Amazon Web Services account.
* Consequently, you can use this operation to manage Amazon Web Services account root user credentials even if the
* Amazon Web Services account has no associated users.
*
*
* @param deleteAccessKeyRequest
* @return Result of the DeleteAccessKey operation returned by the service.
* @throws NoSuchEntityException
* The request was rejected because it referenced a resource entity that does not exist. The error message
* describes the resource.
* @throws LimitExceededException
* The request was rejected because it attempted to create resources beyond the current Amazon Web Services
* account limits. The error message describes the limit exceeded.
* @throws ServiceFailureException
* The request processing has failed because of an unknown error, exception or failure.
* @sample AmazonIdentityManagement.DeleteAccessKey
* @see AWS API
* Documentation
*/
@Override
public DeleteAccessKeyResult deleteAccessKey(DeleteAccessKeyRequest request) {
request = beforeClientExecution(request);
return executeDeleteAccessKey(request);
}
@SdkInternalApi
final DeleteAccessKeyResult executeDeleteAccessKey(DeleteAccessKeyRequest deleteAccessKeyRequest) {
ExecutionContext executionContext = createExecutionContext(deleteAccessKeyRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new DeleteAccessKeyRequestMarshaller().marshall(super.beforeMarshalling(deleteAccessKeyRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "IAM");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "DeleteAccessKey");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
StaxResponseHandler responseHandler = new StaxResponseHandler(
new DeleteAccessKeyResultStaxUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Deletes the specified Amazon Web Services account alias. For information about using an Amazon Web Services
* account alias, see Creating, deleting, and
* listing an Amazon Web Services account alias in the Amazon Web Services Sign-In User Guide.
*
*
* @param deleteAccountAliasRequest
* @return Result of the DeleteAccountAlias operation returned by the service.
* @throws ConcurrentModificationException
* The request was rejected because multiple requests to change this object were submitted simultaneously.
* Wait a few minutes and submit your request again.
* @throws NoSuchEntityException
* The request was rejected because it referenced a resource entity that does not exist. The error message
* describes the resource.
* @throws LimitExceededException
* The request was rejected because it attempted to create resources beyond the current Amazon Web Services
* account limits. The error message describes the limit exceeded.
* @throws ServiceFailureException
* The request processing has failed because of an unknown error, exception or failure.
* @sample AmazonIdentityManagement.DeleteAccountAlias
* @see AWS API
* Documentation
*/
@Override
public DeleteAccountAliasResult deleteAccountAlias(DeleteAccountAliasRequest request) {
request = beforeClientExecution(request);
return executeDeleteAccountAlias(request);
}
@SdkInternalApi
final DeleteAccountAliasResult executeDeleteAccountAlias(DeleteAccountAliasRequest deleteAccountAliasRequest) {
ExecutionContext executionContext = createExecutionContext(deleteAccountAliasRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new DeleteAccountAliasRequestMarshaller().marshall(super.beforeMarshalling(deleteAccountAliasRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "IAM");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "DeleteAccountAlias");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
StaxResponseHandler responseHandler = new StaxResponseHandler(
new DeleteAccountAliasResultStaxUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Deletes the password policy for the Amazon Web Services account. There are no parameters.
*
*
* @param deleteAccountPasswordPolicyRequest
* @return Result of the DeleteAccountPasswordPolicy operation returned by the service.
* @throws NoSuchEntityException
* The request was rejected because it referenced a resource entity that does not exist. The error message
* describes the resource.
* @throws LimitExceededException
* The request was rejected because it attempted to create resources beyond the current Amazon Web Services
* account limits. The error message describes the limit exceeded.
* @throws ServiceFailureException
* The request processing has failed because of an unknown error, exception or failure.
* @sample AmazonIdentityManagement.DeleteAccountPasswordPolicy
* @see AWS API Documentation
*/
@Override
public DeleteAccountPasswordPolicyResult deleteAccountPasswordPolicy(DeleteAccountPasswordPolicyRequest request) {
request = beforeClientExecution(request);
return executeDeleteAccountPasswordPolicy(request);
}
@SdkInternalApi
final DeleteAccountPasswordPolicyResult executeDeleteAccountPasswordPolicy(DeleteAccountPasswordPolicyRequest deleteAccountPasswordPolicyRequest) {
ExecutionContext executionContext = createExecutionContext(deleteAccountPasswordPolicyRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new DeleteAccountPasswordPolicyRequestMarshaller().marshall(super.beforeMarshalling(deleteAccountPasswordPolicyRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "IAM");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "DeleteAccountPasswordPolicy");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
StaxResponseHandler responseHandler = new StaxResponseHandler(
new DeleteAccountPasswordPolicyResultStaxUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
@Override
public DeleteAccountPasswordPolicyResult deleteAccountPasswordPolicy() {
return deleteAccountPasswordPolicy(new DeleteAccountPasswordPolicyRequest());
}
/**
*
* Deletes the specified IAM group. The group must not contain any users or have any attached policies.
*
*
* @param deleteGroupRequest
* @return Result of the DeleteGroup operation returned by the service.
* @throws NoSuchEntityException
* The request was rejected because it referenced a resource entity that does not exist. The error message
* describes the resource.
* @throws DeleteConflictException
* The request was rejected because it attempted to delete a resource that has attached subordinate
* entities. The error message describes these entities.
* @throws LimitExceededException
* The request was rejected because it attempted to create resources beyond the current Amazon Web Services
* account limits. The error message describes the limit exceeded.
* @throws ServiceFailureException
* The request processing has failed because of an unknown error, exception or failure.
* @sample AmazonIdentityManagement.DeleteGroup
* @see AWS API
* Documentation
*/
@Override
public DeleteGroupResult deleteGroup(DeleteGroupRequest request) {
request = beforeClientExecution(request);
return executeDeleteGroup(request);
}
@SdkInternalApi
final DeleteGroupResult executeDeleteGroup(DeleteGroupRequest deleteGroupRequest) {
ExecutionContext executionContext = createExecutionContext(deleteGroupRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new DeleteGroupRequestMarshaller().marshall(super.beforeMarshalling(deleteGroupRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "IAM");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "DeleteGroup");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
StaxResponseHandler responseHandler = new StaxResponseHandler(new DeleteGroupResultStaxUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Deletes the specified inline policy that is embedded in the specified IAM group.
*
*
* A group can also have managed policies attached to it. To detach a managed policy from a group, use
* DetachGroupPolicy. For more information about policies, refer to Managed policies and
* inline policies in the IAM User Guide.
*
*
* @param deleteGroupPolicyRequest
* @return Result of the DeleteGroupPolicy operation returned by the service.
* @throws NoSuchEntityException
* The request was rejected because it referenced a resource entity that does not exist. The error message
* describes the resource.
* @throws LimitExceededException
* The request was rejected because it attempted to create resources beyond the current Amazon Web Services
* account limits. The error message describes the limit exceeded.
* @throws ServiceFailureException
* The request processing has failed because of an unknown error, exception or failure.
* @sample AmazonIdentityManagement.DeleteGroupPolicy
* @see AWS API
* Documentation
*/
@Override
public DeleteGroupPolicyResult deleteGroupPolicy(DeleteGroupPolicyRequest request) {
request = beforeClientExecution(request);
return executeDeleteGroupPolicy(request);
}
@SdkInternalApi
final DeleteGroupPolicyResult executeDeleteGroupPolicy(DeleteGroupPolicyRequest deleteGroupPolicyRequest) {
ExecutionContext executionContext = createExecutionContext(deleteGroupPolicyRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new DeleteGroupPolicyRequestMarshaller().marshall(super.beforeMarshalling(deleteGroupPolicyRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "IAM");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "DeleteGroupPolicy");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
StaxResponseHandler responseHandler = new StaxResponseHandler(
new DeleteGroupPolicyResultStaxUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Deletes the specified instance profile. The instance profile must not have an associated role.
*
*
*
* Make sure that you do not have any Amazon EC2 instances running with the instance profile you are about to
* delete. Deleting a role or instance profile that is associated with a running instance will break any
* applications running on the instance.
*
*
*
* For more information about instance profiles, see Using
* instance profiles in the IAM User Guide.
*
*
* @param deleteInstanceProfileRequest
* @return Result of the DeleteInstanceProfile operation returned by the service.
* @throws NoSuchEntityException
* The request was rejected because it referenced a resource entity that does not exist. The error message
* describes the resource.
* @throws DeleteConflictException
* The request was rejected because it attempted to delete a resource that has attached subordinate
* entities. The error message describes these entities.
* @throws LimitExceededException
* The request was rejected because it attempted to create resources beyond the current Amazon Web Services
* account limits. The error message describes the limit exceeded.
* @throws ServiceFailureException
* The request processing has failed because of an unknown error, exception or failure.
* @sample AmazonIdentityManagement.DeleteInstanceProfile
* @see AWS API
* Documentation
*/
@Override
public DeleteInstanceProfileResult deleteInstanceProfile(DeleteInstanceProfileRequest request) {
request = beforeClientExecution(request);
return executeDeleteInstanceProfile(request);
}
@SdkInternalApi
final DeleteInstanceProfileResult executeDeleteInstanceProfile(DeleteInstanceProfileRequest deleteInstanceProfileRequest) {
ExecutionContext executionContext = createExecutionContext(deleteInstanceProfileRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new DeleteInstanceProfileRequestMarshaller().marshall(super.beforeMarshalling(deleteInstanceProfileRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "IAM");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "DeleteInstanceProfile");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
StaxResponseHandler responseHandler = new StaxResponseHandler(
new DeleteInstanceProfileResultStaxUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Deletes the password for the specified IAM user, For more information, see Managing
* passwords for IAM users.
*
*
* You can use the CLI, the Amazon Web Services API, or the Users page in the IAM console to delete a
* password for any IAM user. You can use ChangePassword to update, but not delete, your own password in the
* My Security Credentials page in the Amazon Web Services Management Console.
*
*
*
* Deleting a user's password does not prevent a user from accessing Amazon Web Services through the command line
* interface or the API. To prevent all user access, you must also either make any access keys inactive or delete
* them. For more information about making keys inactive or deleting them, see UpdateAccessKey and
* DeleteAccessKey.
*
*
*
* @param deleteLoginProfileRequest
* @return Result of the DeleteLoginProfile operation returned by the service.
* @throws EntityTemporarilyUnmodifiableException
* The request was rejected because it referenced an entity that is temporarily unmodifiable, such as a user
* name that was deleted and then recreated. The error indicates that the request is likely to succeed if
* you try again after waiting several minutes. The error message describes the entity.
* @throws NoSuchEntityException
* The request was rejected because it referenced a resource entity that does not exist. The error message
* describes the resource.
* @throws LimitExceededException
* The request was rejected because it attempted to create resources beyond the current Amazon Web Services
* account limits. The error message describes the limit exceeded.
* @throws ServiceFailureException
* The request processing has failed because of an unknown error, exception or failure.
* @sample AmazonIdentityManagement.DeleteLoginProfile
* @see AWS API
* Documentation
*/
@Override
public DeleteLoginProfileResult deleteLoginProfile(DeleteLoginProfileRequest request) {
request = beforeClientExecution(request);
return executeDeleteLoginProfile(request);
}
@SdkInternalApi
final DeleteLoginProfileResult executeDeleteLoginProfile(DeleteLoginProfileRequest deleteLoginProfileRequest) {
ExecutionContext executionContext = createExecutionContext(deleteLoginProfileRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new DeleteLoginProfileRequestMarshaller().marshall(super.beforeMarshalling(deleteLoginProfileRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "IAM");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "DeleteLoginProfile");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
StaxResponseHandler responseHandler = new StaxResponseHandler(
new DeleteLoginProfileResultStaxUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Deletes an OpenID Connect identity provider (IdP) resource object in IAM.
*
*
* Deleting an IAM OIDC provider resource does not update any roles that reference the provider as a principal in
* their trust policies. Any attempt to assume a role that references a deleted provider fails.
*
*
* This operation is idempotent; it does not fail or return an error if you call the operation for a provider that
* does not exist.
*
*
* @param deleteOpenIDConnectProviderRequest
* @return Result of the DeleteOpenIDConnectProvider operation returned by the service.
* @throws InvalidInputException
* The request was rejected because an invalid or out-of-range value was supplied for an input parameter.
* @throws NoSuchEntityException
* The request was rejected because it referenced a resource entity that does not exist. The error message
* describes the resource.
* @throws ServiceFailureException
* The request processing has failed because of an unknown error, exception or failure.
* @sample AmazonIdentityManagement.DeleteOpenIDConnectProvider
* @see AWS API Documentation
*/
@Override
public DeleteOpenIDConnectProviderResult deleteOpenIDConnectProvider(DeleteOpenIDConnectProviderRequest request) {
request = beforeClientExecution(request);
return executeDeleteOpenIDConnectProvider(request);
}
@SdkInternalApi
final DeleteOpenIDConnectProviderResult executeDeleteOpenIDConnectProvider(DeleteOpenIDConnectProviderRequest deleteOpenIDConnectProviderRequest) {
ExecutionContext executionContext = createExecutionContext(deleteOpenIDConnectProviderRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new DeleteOpenIDConnectProviderRequestMarshaller().marshall(super.beforeMarshalling(deleteOpenIDConnectProviderRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "IAM");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "DeleteOpenIDConnectProvider");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
StaxResponseHandler responseHandler = new StaxResponseHandler(
new DeleteOpenIDConnectProviderResultStaxUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Deletes the specified managed policy.
*
*
* Before you can delete a managed policy, you must first detach the policy from all users, groups, and roles that
* it is attached to. In addition, you must delete all the policy's versions. The following steps describe the
* process for deleting a managed policy:
*
*
* -
*
* Detach the policy from all users, groups, and roles that the policy is attached to, using
* DetachUserPolicy, DetachGroupPolicy, or DetachRolePolicy. To list all the users, groups, and
* roles that a policy is attached to, use ListEntitiesForPolicy.
*
*
* -
*
* Delete all versions of the policy using DeletePolicyVersion. To list the policy's versions, use
* ListPolicyVersions. You cannot use DeletePolicyVersion to delete the version that is marked as the
* default version. You delete the policy's default version in the next step of the process.
*
*
* -
*
* Delete the policy (this automatically deletes the policy's default version) using this operation.
*
*
*
*
* For information about managed policies, see Managed policies and
* inline policies in the IAM User Guide.
*
*
* @param deletePolicyRequest
* @return Result of the DeletePolicy operation returned by the service.
* @throws NoSuchEntityException
* The request was rejected because it referenced a resource entity that does not exist. The error message
* describes the resource.
* @throws LimitExceededException
* The request was rejected because it attempted to create resources beyond the current Amazon Web Services
* account limits. The error message describes the limit exceeded.
* @throws InvalidInputException
* The request was rejected because an invalid or out-of-range value was supplied for an input parameter.
* @throws DeleteConflictException
* The request was rejected because it attempted to delete a resource that has attached subordinate
* entities. The error message describes these entities.
* @throws ServiceFailureException
* The request processing has failed because of an unknown error, exception or failure.
* @sample AmazonIdentityManagement.DeletePolicy
* @see AWS API
* Documentation
*/
@Override
public DeletePolicyResult deletePolicy(DeletePolicyRequest request) {
request = beforeClientExecution(request);
return executeDeletePolicy(request);
}
@SdkInternalApi
final DeletePolicyResult executeDeletePolicy(DeletePolicyRequest deletePolicyRequest) {
ExecutionContext executionContext = createExecutionContext(deletePolicyRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new DeletePolicyRequestMarshaller().marshall(super.beforeMarshalling(deletePolicyRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "IAM");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "DeletePolicy");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
StaxResponseHandler responseHandler = new StaxResponseHandler(new DeletePolicyResultStaxUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Deletes the specified version from the specified managed policy.
*
*
* You cannot delete the default version from a policy using this operation. To delete the default version from a
* policy, use DeletePolicy. To find out which version of a policy is marked as the default version, use
* ListPolicyVersions.
*
*
* For information about versions for managed policies, see Versioning for managed
* policies in the IAM User Guide.
*
*
* @param deletePolicyVersionRequest
* @return Result of the DeletePolicyVersion operation returned by the service.
* @throws NoSuchEntityException
* The request was rejected because it referenced a resource entity that does not exist. The error message
* describes the resource.
* @throws LimitExceededException
* The request was rejected because it attempted to create resources beyond the current Amazon Web Services
* account limits. The error message describes the limit exceeded.
* @throws InvalidInputException
* The request was rejected because an invalid or out-of-range value was supplied for an input parameter.
* @throws DeleteConflictException
* The request was rejected because it attempted to delete a resource that has attached subordinate
* entities. The error message describes these entities.
* @throws ServiceFailureException
* The request processing has failed because of an unknown error, exception or failure.
* @sample AmazonIdentityManagement.DeletePolicyVersion
* @see AWS API
* Documentation
*/
@Override
public DeletePolicyVersionResult deletePolicyVersion(DeletePolicyVersionRequest request) {
request = beforeClientExecution(request);
return executeDeletePolicyVersion(request);
}
@SdkInternalApi
final DeletePolicyVersionResult executeDeletePolicyVersion(DeletePolicyVersionRequest deletePolicyVersionRequest) {
ExecutionContext executionContext = createExecutionContext(deletePolicyVersionRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new DeletePolicyVersionRequestMarshaller().marshall(super.beforeMarshalling(deletePolicyVersionRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "IAM");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "DeletePolicyVersion");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
StaxResponseHandler responseHandler = new StaxResponseHandler(
new DeletePolicyVersionResultStaxUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Deletes the specified role. Unlike the Amazon Web Services Management Console, when you delete a role
* programmatically, you must delete the items attached to the role manually, or the deletion fails. For more
* information, see Deleting an IAM role. Before attempting to delete a role, remove the following attached items:
*
*
* -
*
* Inline policies (DeleteRolePolicy)
*
*
* -
*
* Attached managed policies (DetachRolePolicy)
*
*
* -
*
* Instance profile (RemoveRoleFromInstanceProfile)
*
*
* -
*
* Optional – Delete instance profile after detaching from role for resource clean up (DeleteInstanceProfile)
*
*
*
*
*
* Make sure that you do not have any Amazon EC2 instances running with the role you are about to delete. Deleting a
* role or instance profile that is associated with a running instance will break any applications running on the
* instance.
*
*
*
* @param deleteRoleRequest
* @return Result of the DeleteRole operation returned by the service.
* @throws NoSuchEntityException
* The request was rejected because it referenced a resource entity that does not exist. The error message
* describes the resource.
* @throws DeleteConflictException
* The request was rejected because it attempted to delete a resource that has attached subordinate
* entities. The error message describes these entities.
* @throws LimitExceededException
* The request was rejected because it attempted to create resources beyond the current Amazon Web Services
* account limits. The error message describes the limit exceeded.
* @throws UnmodifiableEntityException
* The request was rejected because service-linked roles are protected Amazon Web Services resources. Only
* the service that depends on the service-linked role can modify or delete the role on your behalf. The
* error message includes the name of the service that depends on this service-linked role. You must request
* the change through that service.
* @throws ConcurrentModificationException
* The request was rejected because multiple requests to change this object were submitted simultaneously.
* Wait a few minutes and submit your request again.
* @throws ServiceFailureException
* The request processing has failed because of an unknown error, exception or failure.
* @sample AmazonIdentityManagement.DeleteRole
* @see AWS API
* Documentation
*/
@Override
public DeleteRoleResult deleteRole(DeleteRoleRequest request) {
request = beforeClientExecution(request);
return executeDeleteRole(request);
}
@SdkInternalApi
final DeleteRoleResult executeDeleteRole(DeleteRoleRequest deleteRoleRequest) {
ExecutionContext executionContext = createExecutionContext(deleteRoleRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new DeleteRoleRequestMarshaller().marshall(super.beforeMarshalling(deleteRoleRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "IAM");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "DeleteRole");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
StaxResponseHandler responseHandler = new StaxResponseHandler(new DeleteRoleResultStaxUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Deletes the permissions boundary for the specified IAM role.
*
*
* You cannot set the boundary for a service-linked role.
*
*
*
* Deleting the permissions boundary for a role might increase its permissions. For example, it might allow anyone
* who assumes the role to perform all the actions granted in its permissions policies.
*
*
*
* @param deleteRolePermissionsBoundaryRequest
* @return Result of the DeleteRolePermissionsBoundary operation returned by the service.
* @throws NoSuchEntityException
* The request was rejected because it referenced a resource entity that does not exist. The error message
* describes the resource.
* @throws UnmodifiableEntityException
* The request was rejected because service-linked roles are protected Amazon Web Services resources. Only
* the service that depends on the service-linked role can modify or delete the role on your behalf. The
* error message includes the name of the service that depends on this service-linked role. You must request
* the change through that service.
* @throws ServiceFailureException
* The request processing has failed because of an unknown error, exception or failure.
* @sample AmazonIdentityManagement.DeleteRolePermissionsBoundary
* @see AWS API Documentation
*/
@Override
public DeleteRolePermissionsBoundaryResult deleteRolePermissionsBoundary(DeleteRolePermissionsBoundaryRequest request) {
request = beforeClientExecution(request);
return executeDeleteRolePermissionsBoundary(request);
}
@SdkInternalApi
final DeleteRolePermissionsBoundaryResult executeDeleteRolePermissionsBoundary(DeleteRolePermissionsBoundaryRequest deleteRolePermissionsBoundaryRequest) {
ExecutionContext executionContext = createExecutionContext(deleteRolePermissionsBoundaryRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new DeleteRolePermissionsBoundaryRequestMarshaller().marshall(super.beforeMarshalling(deleteRolePermissionsBoundaryRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "IAM");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "DeleteRolePermissionsBoundary");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
StaxResponseHandler responseHandler = new StaxResponseHandler(
new DeleteRolePermissionsBoundaryResultStaxUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Deletes the specified inline policy that is embedded in the specified IAM role.
*
*
* A role can also have managed policies attached to it. To detach a managed policy from a role, use
* DetachRolePolicy. For more information about policies, refer to Managed policies and
* inline policies in the IAM User Guide.
*
*
* @param deleteRolePolicyRequest
* @return Result of the DeleteRolePolicy operation returned by the service.
* @throws NoSuchEntityException
* The request was rejected because it referenced a resource entity that does not exist. The error message
* describes the resource.
* @throws LimitExceededException
* The request was rejected because it attempted to create resources beyond the current Amazon Web Services
* account limits. The error message describes the limit exceeded.
* @throws UnmodifiableEntityException
* The request was rejected because service-linked roles are protected Amazon Web Services resources. Only
* the service that depends on the service-linked role can modify or delete the role on your behalf. The
* error message includes the name of the service that depends on this service-linked role. You must request
* the change through that service.
* @throws ServiceFailureException
* The request processing has failed because of an unknown error, exception or failure.
* @sample AmazonIdentityManagement.DeleteRolePolicy
* @see AWS API
* Documentation
*/
@Override
public DeleteRolePolicyResult deleteRolePolicy(DeleteRolePolicyRequest request) {
request = beforeClientExecution(request);
return executeDeleteRolePolicy(request);
}
@SdkInternalApi
final DeleteRolePolicyResult executeDeleteRolePolicy(DeleteRolePolicyRequest deleteRolePolicyRequest) {
ExecutionContext executionContext = createExecutionContext(deleteRolePolicyRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new DeleteRolePolicyRequestMarshaller().marshall(super.beforeMarshalling(deleteRolePolicyRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "IAM");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "DeleteRolePolicy");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
StaxResponseHandler responseHandler = new StaxResponseHandler(
new DeleteRolePolicyResultStaxUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Deletes a SAML provider resource in IAM.
*
*
* Deleting the provider resource from IAM does not update any roles that reference the SAML provider resource's ARN
* as a principal in their trust policies. Any attempt to assume a role that references a non-existent provider
* resource ARN fails.
*
*
*
* This operation requires Signature Version 4.
*
*
*
* @param deleteSAMLProviderRequest
* @return Result of the DeleteSAMLProvider operation returned by the service.
* @throws InvalidInputException
* The request was rejected because an invalid or out-of-range value was supplied for an input parameter.
* @throws LimitExceededException
* The request was rejected because it attempted to create resources beyond the current Amazon Web Services
* account limits. The error message describes the limit exceeded.
* @throws NoSuchEntityException
* The request was rejected because it referenced a resource entity that does not exist. The error message
* describes the resource.
* @throws ServiceFailureException
* The request processing has failed because of an unknown error, exception or failure.
* @sample AmazonIdentityManagement.DeleteSAMLProvider
* @see AWS API
* Documentation
*/
@Override
public DeleteSAMLProviderResult deleteSAMLProvider(DeleteSAMLProviderRequest request) {
request = beforeClientExecution(request);
return executeDeleteSAMLProvider(request);
}
@SdkInternalApi
final DeleteSAMLProviderResult executeDeleteSAMLProvider(DeleteSAMLProviderRequest deleteSAMLProviderRequest) {
ExecutionContext executionContext = createExecutionContext(deleteSAMLProviderRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new DeleteSAMLProviderRequestMarshaller().marshall(super.beforeMarshalling(deleteSAMLProviderRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "IAM");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "DeleteSAMLProvider");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
StaxResponseHandler responseHandler = new StaxResponseHandler(
new DeleteSAMLProviderResultStaxUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Deletes the specified SSH public key.
*
*
* The SSH public key deleted by this operation is used only for authenticating the associated IAM user to an
* CodeCommit repository. For more information about using SSH keys to authenticate to an CodeCommit repository, see
* Set up
* CodeCommit for SSH connections in the CodeCommit User Guide.
*
*
* @param deleteSSHPublicKeyRequest
* @return Result of the DeleteSSHPublicKey operation returned by the service.
* @throws NoSuchEntityException
* The request was rejected because it referenced a resource entity that does not exist. The error message
* describes the resource.
* @sample AmazonIdentityManagement.DeleteSSHPublicKey
* @see AWS API
* Documentation
*/
@Override
public DeleteSSHPublicKeyResult deleteSSHPublicKey(DeleteSSHPublicKeyRequest request) {
request = beforeClientExecution(request);
return executeDeleteSSHPublicKey(request);
}
@SdkInternalApi
final DeleteSSHPublicKeyResult executeDeleteSSHPublicKey(DeleteSSHPublicKeyRequest deleteSSHPublicKeyRequest) {
ExecutionContext executionContext = createExecutionContext(deleteSSHPublicKeyRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new DeleteSSHPublicKeyRequestMarshaller().marshall(super.beforeMarshalling(deleteSSHPublicKeyRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "IAM");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "DeleteSSHPublicKey");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
StaxResponseHandler responseHandler = new StaxResponseHandler(
new DeleteSSHPublicKeyResultStaxUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Deletes the specified server certificate.
*
*
* For more information about working with server certificates, see Working with server
* certificates in the IAM User Guide. This topic also includes a list of Amazon Web Services services
* that can use the server certificates that you manage with IAM.
*
*
*
* If you are using a server certificate with Elastic Load Balancing, deleting the certificate could have
* implications for your application. If Elastic Load Balancing doesn't detect the deletion of bound certificates,
* it may continue to use the certificates. This could cause Elastic Load Balancing to stop accepting traffic. We
* recommend that you remove the reference to the certificate from Elastic Load Balancing before using this command
* to delete the certificate. For more information, see DeleteLoadBalancerListeners in the Elastic Load Balancing API Reference.
*
*
*
* @param deleteServerCertificateRequest
* @return Result of the DeleteServerCertificate operation returned by the service.
* @throws NoSuchEntityException
* The request was rejected because it referenced a resource entity that does not exist. The error message
* describes the resource.
* @throws DeleteConflictException
* The request was rejected because it attempted to delete a resource that has attached subordinate
* entities. The error message describes these entities.
* @throws LimitExceededException
* The request was rejected because it attempted to create resources beyond the current Amazon Web Services
* account limits. The error message describes the limit exceeded.
* @throws ServiceFailureException
* The request processing has failed because of an unknown error, exception or failure.
* @sample AmazonIdentityManagement.DeleteServerCertificate
* @see AWS
* API Documentation
*/
@Override
public DeleteServerCertificateResult deleteServerCertificate(DeleteServerCertificateRequest request) {
request = beforeClientExecution(request);
return executeDeleteServerCertificate(request);
}
@SdkInternalApi
final DeleteServerCertificateResult executeDeleteServerCertificate(DeleteServerCertificateRequest deleteServerCertificateRequest) {
ExecutionContext executionContext = createExecutionContext(deleteServerCertificateRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new DeleteServerCertificateRequestMarshaller().marshall(super.beforeMarshalling(deleteServerCertificateRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "IAM");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "DeleteServerCertificate");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
StaxResponseHandler responseHandler = new StaxResponseHandler(
new DeleteServerCertificateResultStaxUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Submits a service-linked role deletion request and returns a DeletionTaskId, which you can use to
* check the status of the deletion. Before you call this operation, confirm that the role has no active sessions
* and that any resources used by the role in the linked service are deleted. If you call this operation more than
* once for the same service-linked role and an earlier deletion task is not complete, then the
* DeletionTaskId of the earlier request is returned.
*
*
* If you submit a deletion request for a service-linked role whose linked service is still accessing a resource,
* then the deletion task fails. If it fails, the GetServiceLinkedRoleDeletionStatus operation returns the
* reason for the failure, usually including the resources that must be deleted. To delete the service-linked role,
* you must first remove those resources from the linked service and then submit the deletion request again.
* Resources are specific to the service that is linked to the role. For more information about removing resources
* from a service, see the Amazon Web Services documentation for your
* service.
*
*
* For more information about service-linked roles, see Roles terms and concepts: Amazon Web Services service-linked role in the IAM User Guide.
*
*
* @param deleteServiceLinkedRoleRequest
* @return Result of the DeleteServiceLinkedRole operation returned by the service.
* @throws NoSuchEntityException
* The request was rejected because it referenced a resource entity that does not exist. The error message
* describes the resource.
* @throws LimitExceededException
* The request was rejected because it attempted to create resources beyond the current Amazon Web Services
* account limits. The error message describes the limit exceeded.
* @throws ServiceFailureException
* The request processing has failed because of an unknown error, exception or failure.
* @sample AmazonIdentityManagement.DeleteServiceLinkedRole
* @see AWS
* API Documentation
*/
@Override
public DeleteServiceLinkedRoleResult deleteServiceLinkedRole(DeleteServiceLinkedRoleRequest request) {
request = beforeClientExecution(request);
return executeDeleteServiceLinkedRole(request);
}
@SdkInternalApi
final DeleteServiceLinkedRoleResult executeDeleteServiceLinkedRole(DeleteServiceLinkedRoleRequest deleteServiceLinkedRoleRequest) {
ExecutionContext executionContext = createExecutionContext(deleteServiceLinkedRoleRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new DeleteServiceLinkedRoleRequestMarshaller().marshall(super.beforeMarshalling(deleteServiceLinkedRoleRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "IAM");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "DeleteServiceLinkedRole");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
StaxResponseHandler responseHandler = new StaxResponseHandler(
new DeleteServiceLinkedRoleResultStaxUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Deletes the specified service-specific credential.
*
*
* @param deleteServiceSpecificCredentialRequest
* @return Result of the DeleteServiceSpecificCredential operation returned by the service.
* @throws NoSuchEntityException
* The request was rejected because it referenced a resource entity that does not exist. The error message
* describes the resource.
* @sample AmazonIdentityManagement.DeleteServiceSpecificCredential
* @see AWS API Documentation
*/
@Override
public DeleteServiceSpecificCredentialResult deleteServiceSpecificCredential(DeleteServiceSpecificCredentialRequest request) {
request = beforeClientExecution(request);
return executeDeleteServiceSpecificCredential(request);
}
@SdkInternalApi
final DeleteServiceSpecificCredentialResult executeDeleteServiceSpecificCredential(
DeleteServiceSpecificCredentialRequest deleteServiceSpecificCredentialRequest) {
ExecutionContext executionContext = createExecutionContext(deleteServiceSpecificCredentialRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new DeleteServiceSpecificCredentialRequestMarshaller().marshall(super.beforeMarshalling(deleteServiceSpecificCredentialRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "IAM");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "DeleteServiceSpecificCredential");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
StaxResponseHandler responseHandler = new StaxResponseHandler(
new DeleteServiceSpecificCredentialResultStaxUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Deletes a signing certificate associated with the specified IAM user.
*
*
* If you do not specify a user name, IAM determines the user name implicitly based on the Amazon Web Services
* access key ID signing the request. This operation works for access keys under the Amazon Web Services account.
* Consequently, you can use this operation to manage Amazon Web Services account root user credentials even if the
* Amazon Web Services account has no associated IAM users.
*
*
* @param deleteSigningCertificateRequest
* @return Result of the DeleteSigningCertificate operation returned by the service.
* @throws NoSuchEntityException
* The request was rejected because it referenced a resource entity that does not exist. The error message
* describes the resource.
* @throws LimitExceededException
* The request was rejected because it attempted to create resources beyond the current Amazon Web Services
* account limits. The error message describes the limit exceeded.
* @throws ConcurrentModificationException
* The request was rejected because multiple requests to change this object were submitted simultaneously.
* Wait a few minutes and submit your request again.
* @throws ServiceFailureException
* The request processing has failed because of an unknown error, exception or failure.
* @sample AmazonIdentityManagement.DeleteSigningCertificate
* @see AWS
* API Documentation
*/
@Override
public DeleteSigningCertificateResult deleteSigningCertificate(DeleteSigningCertificateRequest request) {
request = beforeClientExecution(request);
return executeDeleteSigningCertificate(request);
}
@SdkInternalApi
final DeleteSigningCertificateResult executeDeleteSigningCertificate(DeleteSigningCertificateRequest deleteSigningCertificateRequest) {
ExecutionContext executionContext = createExecutionContext(deleteSigningCertificateRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new DeleteSigningCertificateRequestMarshaller().marshall(super.beforeMarshalling(deleteSigningCertificateRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "IAM");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "DeleteSigningCertificate");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
StaxResponseHandler responseHandler = new StaxResponseHandler(
new DeleteSigningCertificateResultStaxUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Deletes the specified IAM user. Unlike the Amazon Web Services Management Console, when you delete a user
* programmatically, you must delete the items attached to the user manually, or the deletion fails. For more
* information, see Deleting an
* IAM user. Before attempting to delete a user, remove the following items:
*
*
* -
*
* Password (DeleteLoginProfile)
*
*
* -
*
* Access keys (DeleteAccessKey)
*
*
* -
*
* Signing certificate (DeleteSigningCertificate)
*
*
* -
*
* SSH public key (DeleteSSHPublicKey)
*
*
* -
*
* Git credentials (DeleteServiceSpecificCredential)
*
*
* -
*
* Multi-factor authentication (MFA) device (DeactivateMFADevice, DeleteVirtualMFADevice)
*
*
* -
*
* Inline policies (DeleteUserPolicy)
*
*
* -
*
* Attached managed policies (DetachUserPolicy)
*
*
* -
*
* Group memberships (RemoveUserFromGroup)
*
*
*
*
* @param deleteUserRequest
* @return Result of the DeleteUser operation returned by the service.
* @throws LimitExceededException
* The request was rejected because it attempted to create resources beyond the current Amazon Web Services
* account limits. The error message describes the limit exceeded.
* @throws NoSuchEntityException
* The request was rejected because it referenced a resource entity that does not exist. The error message
* describes the resource.
* @throws DeleteConflictException
* The request was rejected because it attempted to delete a resource that has attached subordinate
* entities. The error message describes these entities.
* @throws ConcurrentModificationException
* The request was rejected because multiple requests to change this object were submitted simultaneously.
* Wait a few minutes and submit your request again.
* @throws ServiceFailureException
* The request processing has failed because of an unknown error, exception or failure.
* @sample AmazonIdentityManagement.DeleteUser
* @see AWS API
* Documentation
*/
@Override
public DeleteUserResult deleteUser(DeleteUserRequest request) {
request = beforeClientExecution(request);
return executeDeleteUser(request);
}
@SdkInternalApi
final DeleteUserResult executeDeleteUser(DeleteUserRequest deleteUserRequest) {
ExecutionContext executionContext = createExecutionContext(deleteUserRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new DeleteUserRequestMarshaller().marshall(super.beforeMarshalling(deleteUserRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "IAM");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "DeleteUser");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
StaxResponseHandler responseHandler = new StaxResponseHandler(new DeleteUserResultStaxUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Deletes the permissions boundary for the specified IAM user.
*
*
*
* Deleting the permissions boundary for a user might increase its permissions by allowing the user to perform all
* the actions granted in its permissions policies.
*
*
*
* @param deleteUserPermissionsBoundaryRequest
* @return Result of the DeleteUserPermissionsBoundary operation returned by the service.
* @throws NoSuchEntityException
* The request was rejected because it referenced a resource entity that does not exist. The error message
* describes the resource.
* @throws ServiceFailureException
* The request processing has failed because of an unknown error, exception or failure.
* @sample AmazonIdentityManagement.DeleteUserPermissionsBoundary
* @see AWS API Documentation
*/
@Override
public DeleteUserPermissionsBoundaryResult deleteUserPermissionsBoundary(DeleteUserPermissionsBoundaryRequest request) {
request = beforeClientExecution(request);
return executeDeleteUserPermissionsBoundary(request);
}
@SdkInternalApi
final DeleteUserPermissionsBoundaryResult executeDeleteUserPermissionsBoundary(DeleteUserPermissionsBoundaryRequest deleteUserPermissionsBoundaryRequest) {
ExecutionContext executionContext = createExecutionContext(deleteUserPermissionsBoundaryRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new DeleteUserPermissionsBoundaryRequestMarshaller().marshall(super.beforeMarshalling(deleteUserPermissionsBoundaryRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "IAM");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "DeleteUserPermissionsBoundary");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
StaxResponseHandler responseHandler = new StaxResponseHandler(
new DeleteUserPermissionsBoundaryResultStaxUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Deletes the specified inline policy that is embedded in the specified IAM user.
*
*
* A user can also have managed policies attached to it. To detach a managed policy from a user, use
* DetachUserPolicy. For more information about policies, refer to Managed policies and
* inline policies in the IAM User Guide.
*
*
* @param deleteUserPolicyRequest
* @return Result of the DeleteUserPolicy operation returned by the service.
* @throws NoSuchEntityException
* The request was rejected because it referenced a resource entity that does not exist. The error message
* describes the resource.
* @throws LimitExceededException
* The request was rejected because it attempted to create resources beyond the current Amazon Web Services
* account limits. The error message describes the limit exceeded.
* @throws ServiceFailureException
* The request processing has failed because of an unknown error, exception or failure.
* @sample AmazonIdentityManagement.DeleteUserPolicy
* @see AWS API
* Documentation
*/
@Override
public DeleteUserPolicyResult deleteUserPolicy(DeleteUserPolicyRequest request) {
request = beforeClientExecution(request);
return executeDeleteUserPolicy(request);
}
@SdkInternalApi
final DeleteUserPolicyResult executeDeleteUserPolicy(DeleteUserPolicyRequest deleteUserPolicyRequest) {
ExecutionContext executionContext = createExecutionContext(deleteUserPolicyRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new DeleteUserPolicyRequestMarshaller().marshall(super.beforeMarshalling(deleteUserPolicyRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "IAM");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "DeleteUserPolicy");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
StaxResponseHandler responseHandler = new StaxResponseHandler(
new DeleteUserPolicyResultStaxUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Deletes a virtual MFA device.
*
*
*
* You must deactivate a user's virtual MFA device before you can delete it. For information about deactivating MFA
* devices, see DeactivateMFADevice.
*
*
*
* @param deleteVirtualMFADeviceRequest
* @return Result of the DeleteVirtualMFADevice operation returned by the service.
* @throws NoSuchEntityException
* The request was rejected because it referenced a resource entity that does not exist. The error message
* describes the resource.
* @throws DeleteConflictException
* The request was rejected because it attempted to delete a resource that has attached subordinate
* entities. The error message describes these entities.
* @throws LimitExceededException
* The request was rejected because it attempted to create resources beyond the current Amazon Web Services
* account limits. The error message describes the limit exceeded.
* @throws ServiceFailureException
* The request processing has failed because of an unknown error, exception or failure.
* @throws ConcurrentModificationException
* The request was rejected because multiple requests to change this object were submitted simultaneously.
* Wait a few minutes and submit your request again.
* @sample AmazonIdentityManagement.DeleteVirtualMFADevice
* @see AWS API
* Documentation
*/
@Override
public DeleteVirtualMFADeviceResult deleteVirtualMFADevice(DeleteVirtualMFADeviceRequest request) {
request = beforeClientExecution(request);
return executeDeleteVirtualMFADevice(request);
}
@SdkInternalApi
final DeleteVirtualMFADeviceResult executeDeleteVirtualMFADevice(DeleteVirtualMFADeviceRequest deleteVirtualMFADeviceRequest) {
ExecutionContext executionContext = createExecutionContext(deleteVirtualMFADeviceRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new DeleteVirtualMFADeviceRequestMarshaller().marshall(super.beforeMarshalling(deleteVirtualMFADeviceRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "IAM");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "DeleteVirtualMFADevice");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
StaxResponseHandler responseHandler = new StaxResponseHandler(
new DeleteVirtualMFADeviceResultStaxUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Removes the specified managed policy from the specified IAM group.
*
*
* A group can also have inline policies embedded with it. To delete an inline policy, use DeleteGroupPolicy.
* For information about policies, see Managed policies and
* inline policies in the IAM User Guide.
*
*
* @param detachGroupPolicyRequest
* @return Result of the DetachGroupPolicy operation returned by the service.
* @throws NoSuchEntityException
* The request was rejected because it referenced a resource entity that does not exist. The error message
* describes the resource.
* @throws LimitExceededException
* The request was rejected because it attempted to create resources beyond the current Amazon Web Services
* account limits. The error message describes the limit exceeded.
* @throws InvalidInputException
* The request was rejected because an invalid or out-of-range value was supplied for an input parameter.
* @throws ServiceFailureException
* The request processing has failed because of an unknown error, exception or failure.
* @sample AmazonIdentityManagement.DetachGroupPolicy
* @see AWS API
* Documentation
*/
@Override
public DetachGroupPolicyResult detachGroupPolicy(DetachGroupPolicyRequest request) {
request = beforeClientExecution(request);
return executeDetachGroupPolicy(request);
}
@SdkInternalApi
final DetachGroupPolicyResult executeDetachGroupPolicy(DetachGroupPolicyRequest detachGroupPolicyRequest) {
ExecutionContext executionContext = createExecutionContext(detachGroupPolicyRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new DetachGroupPolicyRequestMarshaller().marshall(super.beforeMarshalling(detachGroupPolicyRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "IAM");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "DetachGroupPolicy");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
StaxResponseHandler responseHandler = new StaxResponseHandler(
new DetachGroupPolicyResultStaxUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Removes the specified managed policy from the specified role.
*
*
* A role can also have inline policies embedded with it. To delete an inline policy, use DeleteRolePolicy.
* For information about policies, see Managed policies and
* inline policies in the IAM User Guide.
*
*
* @param detachRolePolicyRequest
* @return Result of the DetachRolePolicy operation returned by the service.
* @throws NoSuchEntityException
* The request was rejected because it referenced a resource entity that does not exist. The error message
* describes the resource.
* @throws LimitExceededException
* The request was rejected because it attempted to create resources beyond the current Amazon Web Services
* account limits. The error message describes the limit exceeded.
* @throws InvalidInputException
* The request was rejected because an invalid or out-of-range value was supplied for an input parameter.
* @throws UnmodifiableEntityException
* The request was rejected because service-linked roles are protected Amazon Web Services resources. Only
* the service that depends on the service-linked role can modify or delete the role on your behalf. The
* error message includes the name of the service that depends on this service-linked role. You must request
* the change through that service.
* @throws ServiceFailureException
* The request processing has failed because of an unknown error, exception or failure.
* @sample AmazonIdentityManagement.DetachRolePolicy
* @see AWS API
* Documentation
*/
@Override
public DetachRolePolicyResult detachRolePolicy(DetachRolePolicyRequest request) {
request = beforeClientExecution(request);
return executeDetachRolePolicy(request);
}
@SdkInternalApi
final DetachRolePolicyResult executeDetachRolePolicy(DetachRolePolicyRequest detachRolePolicyRequest) {
ExecutionContext executionContext = createExecutionContext(detachRolePolicyRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new DetachRolePolicyRequestMarshaller().marshall(super.beforeMarshalling(detachRolePolicyRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "IAM");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "DetachRolePolicy");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
StaxResponseHandler responseHandler = new StaxResponseHandler(
new DetachRolePolicyResultStaxUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Removes the specified managed policy from the specified user.
*
*
* A user can also have inline policies embedded with it. To delete an inline policy, use DeleteUserPolicy.
* For information about policies, see Managed policies and
* inline policies in the IAM User Guide.
*
*
* @param detachUserPolicyRequest
* @return Result of the DetachUserPolicy operation returned by the service.
* @throws NoSuchEntityException
* The request was rejected because it referenced a resource entity that does not exist. The error message
* describes the resource.
* @throws LimitExceededException
* The request was rejected because it attempted to create resources beyond the current Amazon Web Services
* account limits. The error message describes the limit exceeded.
* @throws InvalidInputException
* The request was rejected because an invalid or out-of-range value was supplied for an input parameter.
* @throws ServiceFailureException
* The request processing has failed because of an unknown error, exception or failure.
* @sample AmazonIdentityManagement.DetachUserPolicy
* @see AWS API
* Documentation
*/
@Override
public DetachUserPolicyResult detachUserPolicy(DetachUserPolicyRequest request) {
request = beforeClientExecution(request);
return executeDetachUserPolicy(request);
}
@SdkInternalApi
final DetachUserPolicyResult executeDetachUserPolicy(DetachUserPolicyRequest detachUserPolicyRequest) {
ExecutionContext executionContext = createExecutionContext(detachUserPolicyRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new DetachUserPolicyRequestMarshaller().marshall(super.beforeMarshalling(detachUserPolicyRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "IAM");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "DetachUserPolicy");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
StaxResponseHandler responseHandler = new StaxResponseHandler(
new DetachUserPolicyResultStaxUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Enables the specified MFA device and associates it with the specified IAM user. When enabled, the MFA device is
* required for every subsequent login by the IAM user associated with the device.
*
*
* @param enableMFADeviceRequest
* @return Result of the EnableMFADevice operation returned by the service.
* @throws EntityAlreadyExistsException
* The request was rejected because it attempted to create a resource that already exists.
* @throws EntityTemporarilyUnmodifiableException
* The request was rejected because it referenced an entity that is temporarily unmodifiable, such as a user
* name that was deleted and then recreated. The error indicates that the request is likely to succeed if
* you try again after waiting several minutes. The error message describes the entity.
* @throws InvalidAuthenticationCodeException
* The request was rejected because the authentication code was not recognized. The error message describes
* the specific error.
* @throws LimitExceededException
* The request was rejected because it attempted to create resources beyond the current Amazon Web Services
* account limits. The error message describes the limit exceeded.
* @throws NoSuchEntityException
* The request was rejected because it referenced a resource entity that does not exist. The error message
* describes the resource.
* @throws ServiceFailureException
* The request processing has failed because of an unknown error, exception or failure.
* @throws ConcurrentModificationException
* The request was rejected because multiple requests to change this object were submitted simultaneously.
* Wait a few minutes and submit your request again.
* @sample AmazonIdentityManagement.EnableMFADevice
* @see AWS API
* Documentation
*/
@Override
public EnableMFADeviceResult enableMFADevice(EnableMFADeviceRequest request) {
request = beforeClientExecution(request);
return executeEnableMFADevice(request);
}
@SdkInternalApi
final EnableMFADeviceResult executeEnableMFADevice(EnableMFADeviceRequest enableMFADeviceRequest) {
ExecutionContext executionContext = createExecutionContext(enableMFADeviceRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new EnableMFADeviceRequestMarshaller().marshall(super.beforeMarshalling(enableMFADeviceRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "IAM");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "EnableMFADevice");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
StaxResponseHandler responseHandler = new StaxResponseHandler(
new EnableMFADeviceResultStaxUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Generates a credential report for the Amazon Web Services account. For more information about the credential
* report, see Getting credential
* reports in the IAM User Guide.
*
*
* @param generateCredentialReportRequest
* @return Result of the GenerateCredentialReport operation returned by the service.
* @throws LimitExceededException
* The request was rejected because it attempted to create resources beyond the current Amazon Web Services
* account limits. The error message describes the limit exceeded.
* @throws ServiceFailureException
* The request processing has failed because of an unknown error, exception or failure.
* @sample AmazonIdentityManagement.GenerateCredentialReport
* @see AWS
* API Documentation
*/
@Override
public GenerateCredentialReportResult generateCredentialReport(GenerateCredentialReportRequest request) {
request = beforeClientExecution(request);
return executeGenerateCredentialReport(request);
}
@SdkInternalApi
final GenerateCredentialReportResult executeGenerateCredentialReport(GenerateCredentialReportRequest generateCredentialReportRequest) {
ExecutionContext executionContext = createExecutionContext(generateCredentialReportRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new GenerateCredentialReportRequestMarshaller().marshall(super.beforeMarshalling(generateCredentialReportRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "IAM");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "GenerateCredentialReport");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
StaxResponseHandler responseHandler = new StaxResponseHandler(
new GenerateCredentialReportResultStaxUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
@Override
public GenerateCredentialReportResult generateCredentialReport() {
return generateCredentialReport(new GenerateCredentialReportRequest());
}
/**
*
* Generates a report for service last accessed data for Organizations. You can generate a report for any entities
* (organization root, organizational unit, or account) or policies in your organization.
*
*
* To call this operation, you must be signed in using your Organizations management account credentials. You can
* use your long-term IAM user or root user credentials, or temporary credentials from assuming an IAM role. SCPs
* must be enabled for your organization root. You must have the required IAM and Organizations permissions. For
* more information, see Refining permissions
* using service last accessed data in the IAM User Guide.
*
*
* You can generate a service last accessed data report for entities by specifying only the entity's path. This data
* includes a list of services that are allowed by any service control policies (SCPs) that apply to the entity.
*
*
* You can generate a service last accessed data report for a policy by specifying an entity's path and an optional
* Organizations policy ID. This data includes a list of services that are allowed by the specified SCP.
*
*
* For each service in both report types, the data includes the most recent account activity that the policy allows
* to account principals in the entity or the entity's children. For important information about the data, reporting
* period, permissions required, troubleshooting, and supported Regions see Reducing permissions
* using service last accessed data in the IAM User Guide.
*
*
*
* The data includes all attempts to access Amazon Web Services, not just the successful ones. This includes all
* attempts that were made using the Amazon Web Services Management Console, the Amazon Web Services API through any
* of the SDKs, or any of the command line tools. An unexpected entry in the service last accessed data does not
* mean that an account has been compromised, because the request might have been denied. Refer to your CloudTrail
* logs as the authoritative source for information about all API calls and whether they were successful or denied
* access. For more information, see Logging IAM events with
* CloudTrail in the IAM User Guide.
*
*
*
* This operation returns a JobId. Use this parameter in the
* GetOrganizationsAccessReport operation to check the status of the report generation. To
* check the status of this request, use the JobId parameter in the
* GetOrganizationsAccessReport operation and test the JobStatus response
* parameter. When the job is complete, you can retrieve the report.
*
*
* To generate a service last accessed data report for entities, specify an entity path without specifying the
* optional Organizations policy ID. The type of entity that you specify determines the data returned in the report.
*
*
* -
*
* Root – When you specify the organizations root as the entity, the resulting report lists all of the
* services allowed by SCPs that are attached to your root. For each service, the report includes data for all
* accounts in your organization except the management account, because the management account is not limited by
* SCPs.
*
*
* -
*
* OU – When you specify an organizational unit (OU) as the entity, the resulting report lists all of the
* services allowed by SCPs that are attached to the OU and its parents. For each service, the report includes data
* for all accounts in the OU or its children. This data excludes the management account, because the management
* account is not limited by SCPs.
*
*
* -
*
* management account – When you specify the management account, the resulting report lists all Amazon Web
* Services services, because the management account is not limited by SCPs. For each service, the report includes
* data for only the management account.
*
*
* -
*
* Account – When you specify another account as the entity, the resulting report lists all of the services
* allowed by SCPs that are attached to the account and its parents. For each service, the report includes data for
* only the specified account.
*
*
*
*
* To generate a service last accessed data report for policies, specify an entity path and the optional
* Organizations policy ID. The type of entity that you specify determines the data returned for each service.
*
*
* -
*
* Root – When you specify the root entity and a policy ID, the resulting report lists all of the services
* that are allowed by the specified SCP. For each service, the report includes data for all accounts in your
* organization to which the SCP applies. This data excludes the management account, because the management account
* is not limited by SCPs. If the SCP is not attached to any entities in the organization, then the report will
* return a list of services with no data.
*
*
* -
*
* OU – When you specify an OU entity and a policy ID, the resulting report lists all of the services that
* are allowed by the specified SCP. For each service, the report includes data for all accounts in the OU or its
* children to which the SCP applies. This means that other accounts outside the OU that are affected by the SCP
* might not be included in the data. This data excludes the management account, because the management account is
* not limited by SCPs. If the SCP is not attached to the OU or one of its children, the report will return a list
* of services with no data.
*
*
* -
*
* management account – When you specify the management account, the resulting report lists all Amazon Web
* Services services, because the management account is not limited by SCPs. If you specify a policy ID in the CLI
* or API, the policy is ignored. For each service, the report includes data for only the management account.
*
*
* -
*
* Account – When you specify another account entity and a policy ID, the resulting report lists all of the
* services that are allowed by the specified SCP. For each service, the report includes data for only the specified
* account. This means that other accounts in the organization that are affected by the SCP might not be included in
* the data. If the SCP is not attached to the account, the report will return a list of services with no data.
*
*
*
*
*
* Service last accessed data does not use other policy types when determining whether a principal could access a
* service. These other policy types include identity-based policies, resource-based policies, access control lists,
* IAM permissions boundaries, and STS assume role policies. It only applies SCP logic. For more about the
* evaluation of policy types, see Evaluating policies in the IAM User Guide.
*
*
*
* For more information about service last accessed data, see Reducing policy scope
* by viewing user activity in the IAM User Guide.
*
*
* @param generateOrganizationsAccessReportRequest
* @return Result of the GenerateOrganizationsAccessReport operation returned by the service.
* @throws ReportGenerationLimitExceededException
* The request failed because the maximum number of concurrent requests for this account are already
* running.
* @sample AmazonIdentityManagement.GenerateOrganizationsAccessReport
* @see AWS API Documentation
*/
@Override
public GenerateOrganizationsAccessReportResult generateOrganizationsAccessReport(GenerateOrganizationsAccessReportRequest request) {
request = beforeClientExecution(request);
return executeGenerateOrganizationsAccessReport(request);
}
@SdkInternalApi
final GenerateOrganizationsAccessReportResult executeGenerateOrganizationsAccessReport(
GenerateOrganizationsAccessReportRequest generateOrganizationsAccessReportRequest) {
ExecutionContext executionContext = createExecutionContext(generateOrganizationsAccessReportRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new GenerateOrganizationsAccessReportRequestMarshaller().marshall(super.beforeMarshalling(generateOrganizationsAccessReportRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "IAM");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "GenerateOrganizationsAccessReport");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
StaxResponseHandler responseHandler = new StaxResponseHandler(
new GenerateOrganizationsAccessReportResultStaxUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Generates a report that includes details about when an IAM resource (user, group, role, or policy) was last used
* in an attempt to access Amazon Web Services services. Recent activity usually appears within four hours. IAM
* reports activity for at least the last 400 days, or less if your Region began supporting this feature within the
* last year. For more information, see Regions where data is tracked. For more information about services and actions for which action last
* accessed information is displayed, see IAM
* action last accessed information services and actions.
*
*
*
* The service last accessed data includes all attempts to access an Amazon Web Services API, not just the
* successful ones. This includes all attempts that were made using the Amazon Web Services Management Console, the
* Amazon Web Services API through any of the SDKs, or any of the command line tools. An unexpected entry in the
* service last accessed data does not mean that your account has been compromised, because the request might have
* been denied. Refer to your CloudTrail logs as the authoritative source for information about all API calls and
* whether they were successful or denied access. For more information, see Logging IAM events with
* CloudTrail in the IAM User Guide.
*
*
*
* The GenerateServiceLastAccessedDetails operation returns a JobId. Use this parameter in
* the following operations to retrieve the following details from your report:
*
*
* -
*
* GetServiceLastAccessedDetails – Use this operation for users, groups, roles, or policies to list every
* Amazon Web Services service that the resource could access using permissions policies. For each service, the
* response includes information about the most recent access attempt.
*
*
* The JobId returned by GenerateServiceLastAccessedDetail must be used by the same role
* within a session, or by the same user when used to call GetServiceLastAccessedDetail.
*
*
* -
*
* GetServiceLastAccessedDetailsWithEntities – Use this operation for groups and policies to list information
* about the associated entities (users or roles) that attempted to access a specific Amazon Web Services service.
*
*
*
*
* To check the status of the GenerateServiceLastAccessedDetails request, use the JobId
* parameter in the same operations and test the JobStatus response parameter.
*
*
* For additional information about the permissions policies that allow an identity (user, group, or role) to access
* specific services, use the ListPoliciesGrantingServiceAccess operation.
*
*
*
* Service last accessed data does not use other policy types when determining whether a resource could access a
* service. These other policy types include resource-based policies, access control lists, Organizations policies,
* IAM permissions boundaries, and STS assume role policies. It only applies permissions policy logic. For more
* about the evaluation of policy types, see Evaluating policies in the IAM User Guide.
*
*
*
* For more information about service and action last accessed data, see Reducing permissions
* using service last accessed data in the IAM User Guide.
*
*
* @param generateServiceLastAccessedDetailsRequest
* @return Result of the GenerateServiceLastAccessedDetails operation returned by the service.
* @throws NoSuchEntityException
* The request was rejected because it referenced a resource entity that does not exist. The error message
* describes the resource.
* @throws InvalidInputException
* The request was rejected because an invalid or out-of-range value was supplied for an input parameter.
* @sample AmazonIdentityManagement.GenerateServiceLastAccessedDetails
* @see AWS API Documentation
*/
@Override
public GenerateServiceLastAccessedDetailsResult generateServiceLastAccessedDetails(GenerateServiceLastAccessedDetailsRequest request) {
request = beforeClientExecution(request);
return executeGenerateServiceLastAccessedDetails(request);
}
@SdkInternalApi
final GenerateServiceLastAccessedDetailsResult executeGenerateServiceLastAccessedDetails(
GenerateServiceLastAccessedDetailsRequest generateServiceLastAccessedDetailsRequest) {
ExecutionContext executionContext = createExecutionContext(generateServiceLastAccessedDetailsRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new GenerateServiceLastAccessedDetailsRequestMarshaller()
.marshall(super.beforeMarshalling(generateServiceLastAccessedDetailsRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "IAM");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "GenerateServiceLastAccessedDetails");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
StaxResponseHandler responseHandler = new StaxResponseHandler(
new GenerateServiceLastAccessedDetailsResultStaxUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Retrieves information about when the specified access key was last used. The information includes the date and
* time of last use, along with the Amazon Web Services service and Region that were specified in the last request
* made with that key.
*
*
* @param getAccessKeyLastUsedRequest
* @return Result of the GetAccessKeyLastUsed operation returned by the service.
* @sample AmazonIdentityManagement.GetAccessKeyLastUsed
* @see AWS API
* Documentation
*/
@Override
public GetAccessKeyLastUsedResult getAccessKeyLastUsed(GetAccessKeyLastUsedRequest request) {
request = beforeClientExecution(request);
return executeGetAccessKeyLastUsed(request);
}
@SdkInternalApi
final GetAccessKeyLastUsedResult executeGetAccessKeyLastUsed(GetAccessKeyLastUsedRequest getAccessKeyLastUsedRequest) {
ExecutionContext executionContext = createExecutionContext(getAccessKeyLastUsedRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new GetAccessKeyLastUsedRequestMarshaller().marshall(super.beforeMarshalling(getAccessKeyLastUsedRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "IAM");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "GetAccessKeyLastUsed");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
StaxResponseHandler responseHandler = new StaxResponseHandler(
new GetAccessKeyLastUsedResultStaxUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Retrieves information about all IAM users, groups, roles, and policies in your Amazon Web Services account,
* including their relationships to one another. Use this operation to obtain a snapshot of the configuration of IAM
* permissions (users, groups, roles, and policies) in your account.
*
*
*
* Policies returned by this operation are URL-encoded compliant with RFC 3986. You can use a URL decoding method to convert the policy
* back to plain JSON text. For example, if you use Java, you can use the decode method of the
* java.net.URLDecoder utility class in the Java SDK. Other languages and SDKs provide similar
* functionality.
*
*
*
* You can optionally filter the results using the Filter parameter. You can paginate the results using
* the MaxItems and Marker parameters.
*
*
* @param getAccountAuthorizationDetailsRequest
* @return Result of the GetAccountAuthorizationDetails operation returned by the service.
* @throws ServiceFailureException
* The request processing has failed because of an unknown error, exception or failure.
* @sample AmazonIdentityManagement.GetAccountAuthorizationDetails
* @see AWS API Documentation
*/
@Override
public GetAccountAuthorizationDetailsResult getAccountAuthorizationDetails(GetAccountAuthorizationDetailsRequest request) {
request = beforeClientExecution(request);
return executeGetAccountAuthorizationDetails(request);
}
@SdkInternalApi
final GetAccountAuthorizationDetailsResult executeGetAccountAuthorizationDetails(GetAccountAuthorizationDetailsRequest getAccountAuthorizationDetailsRequest) {
ExecutionContext executionContext = createExecutionContext(getAccountAuthorizationDetailsRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new GetAccountAuthorizationDetailsRequestMarshaller().marshall(super.beforeMarshalling(getAccountAuthorizationDetailsRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "IAM");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "GetAccountAuthorizationDetails");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
StaxResponseHandler responseHandler = new StaxResponseHandler(
new GetAccountAuthorizationDetailsResultStaxUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
@Override
public GetAccountAuthorizationDetailsResult getAccountAuthorizationDetails() {
return getAccountAuthorizationDetails(new GetAccountAuthorizationDetailsRequest());
}
/**
*
* Retrieves the password policy for the Amazon Web Services account. This tells you the complexity requirements and
* mandatory rotation periods for the IAM user passwords in your account. For more information about using a
* password policy, see Managing an IAM
* password policy.
*
*
* @param getAccountPasswordPolicyRequest
* @return Result of the GetAccountPasswordPolicy operation returned by the service.
* @throws NoSuchEntityException
* The request was rejected because it referenced a resource entity that does not exist. The error message
* describes the resource.
* @throws ServiceFailureException
* The request processing has failed because of an unknown error, exception or failure.
* @sample AmazonIdentityManagement.GetAccountPasswordPolicy
* @see AWS
* API Documentation
*/
@Override
public GetAccountPasswordPolicyResult getAccountPasswordPolicy(GetAccountPasswordPolicyRequest request) {
request = beforeClientExecution(request);
return executeGetAccountPasswordPolicy(request);
}
@SdkInternalApi
final GetAccountPasswordPolicyResult executeGetAccountPasswordPolicy(GetAccountPasswordPolicyRequest getAccountPasswordPolicyRequest) {
ExecutionContext executionContext = createExecutionContext(getAccountPasswordPolicyRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new GetAccountPasswordPolicyRequestMarshaller().marshall(super.beforeMarshalling(getAccountPasswordPolicyRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "IAM");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "GetAccountPasswordPolicy");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
StaxResponseHandler responseHandler = new StaxResponseHandler(
new GetAccountPasswordPolicyResultStaxUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
@Override
public GetAccountPasswordPolicyResult getAccountPasswordPolicy() {
return getAccountPasswordPolicy(new GetAccountPasswordPolicyRequest());
}
/**
*
* Retrieves information about IAM entity usage and IAM quotas in the Amazon Web Services account.
*
*
* For information about IAM quotas, see IAM and STS quotas in the
* IAM User Guide.
*
*
* @param getAccountSummaryRequest
* @return Result of the GetAccountSummary operation returned by the service.
* @throws ServiceFailureException
* The request processing has failed because of an unknown error, exception or failure.
* @sample AmazonIdentityManagement.GetAccountSummary
* @see AWS API
* Documentation
*/
@Override
public GetAccountSummaryResult getAccountSummary(GetAccountSummaryRequest request) {
request = beforeClientExecution(request);
return executeGetAccountSummary(request);
}
@SdkInternalApi
final GetAccountSummaryResult executeGetAccountSummary(GetAccountSummaryRequest getAccountSummaryRequest) {
ExecutionContext executionContext = createExecutionContext(getAccountSummaryRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new GetAccountSummaryRequestMarshaller().marshall(super.beforeMarshalling(getAccountSummaryRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "IAM");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "GetAccountSummary");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
StaxResponseHandler responseHandler = new StaxResponseHandler(
new GetAccountSummaryResultStaxUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
@Override
public GetAccountSummaryResult getAccountSummary() {
return getAccountSummary(new GetAccountSummaryRequest());
}
/**
*
* Gets a list of all of the context keys referenced in the input policies. The policies are supplied as a list of
* one or more strings. To get the context keys from policies associated with an IAM user, group, or role, use
* GetContextKeysForPrincipalPolicy.
*
*
* Context keys are variables maintained by Amazon Web Services and its services that provide details about the
* context of an API query request. Context keys can be evaluated by testing against a value specified in an IAM
* policy. Use GetContextKeysForCustomPolicy to understand what key names and values you must supply
* when you call SimulateCustomPolicy. Note that all parameters are shown in unencoded form here for clarity
* but must be URL encoded to be included as a part of a real HTML request.
*
*
* @param getContextKeysForCustomPolicyRequest
* @return Result of the GetContextKeysForCustomPolicy operation returned by the service.
* @throws InvalidInputException
* The request was rejected because an invalid or out-of-range value was supplied for an input parameter.
* @sample AmazonIdentityManagement.GetContextKeysForCustomPolicy
* @see AWS API Documentation
*/
@Override
public GetContextKeysForCustomPolicyResult getContextKeysForCustomPolicy(GetContextKeysForCustomPolicyRequest request) {
request = beforeClientExecution(request);
return executeGetContextKeysForCustomPolicy(request);
}
@SdkInternalApi
final GetContextKeysForCustomPolicyResult executeGetContextKeysForCustomPolicy(GetContextKeysForCustomPolicyRequest getContextKeysForCustomPolicyRequest) {
ExecutionContext executionContext = createExecutionContext(getContextKeysForCustomPolicyRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new GetContextKeysForCustomPolicyRequestMarshaller().marshall(super.beforeMarshalling(getContextKeysForCustomPolicyRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "IAM");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "GetContextKeysForCustomPolicy");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
StaxResponseHandler responseHandler = new StaxResponseHandler(
new GetContextKeysForCustomPolicyResultStaxUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Gets a list of all of the context keys referenced in all the IAM policies that are attached to the specified IAM
* entity. The entity can be an IAM user, group, or role. If you specify a user, then the request also includes all
* of the policies attached to groups that the user is a member of.
*
*
* You can optionally include a list of one or more additional policies, specified as strings. If you want to
* include only a list of policies by string, use GetContextKeysForCustomPolicy instead.
*
*
* Note: This operation discloses information about the permissions granted to other users. If you do not
* want users to see other user's permissions, then consider allowing them to use
* GetContextKeysForCustomPolicy instead.
*
*
* Context keys are variables maintained by Amazon Web Services and its services that provide details about the
* context of an API query request. Context keys can be evaluated by testing against a value in an IAM policy. Use
* GetContextKeysForPrincipalPolicy to understand what key names and values you must supply when you call
* SimulatePrincipalPolicy.
*
*
* @param getContextKeysForPrincipalPolicyRequest
* @return Result of the GetContextKeysForPrincipalPolicy operation returned by the service.
* @throws NoSuchEntityException
* The request was rejected because it referenced a resource entity that does not exist. The error message
* describes the resource.
* @throws InvalidInputException
* The request was rejected because an invalid or out-of-range value was supplied for an input parameter.
* @sample AmazonIdentityManagement.GetContextKeysForPrincipalPolicy
* @see AWS API Documentation
*/
@Override
public GetContextKeysForPrincipalPolicyResult getContextKeysForPrincipalPolicy(GetContextKeysForPrincipalPolicyRequest request) {
request = beforeClientExecution(request);
return executeGetContextKeysForPrincipalPolicy(request);
}
@SdkInternalApi
final GetContextKeysForPrincipalPolicyResult executeGetContextKeysForPrincipalPolicy(
GetContextKeysForPrincipalPolicyRequest getContextKeysForPrincipalPolicyRequest) {
ExecutionContext executionContext = createExecutionContext(getContextKeysForPrincipalPolicyRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new GetContextKeysForPrincipalPolicyRequestMarshaller().marshall(super.beforeMarshalling(getContextKeysForPrincipalPolicyRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "IAM");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "GetContextKeysForPrincipalPolicy");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
StaxResponseHandler responseHandler = new StaxResponseHandler(
new GetContextKeysForPrincipalPolicyResultStaxUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Retrieves a credential report for the Amazon Web Services account. For more information about the credential
* report, see Getting credential
* reports in the IAM User Guide.
*
*
* @param getCredentialReportRequest
* @return Result of the GetCredentialReport operation returned by the service.
* @throws CredentialReportNotPresentException
* The request was rejected because the credential report does not exist. To generate a credential report,
* use GenerateCredentialReport.
* @throws CredentialReportExpiredException
* The request was rejected because the most recent credential report has expired. To generate a new
* credential report, use GenerateCredentialReport. For more information about credential report
* expiration, see Getting credential
* reports in the IAM User Guide.
* @throws CredentialReportNotReadyException
* The request was rejected because the credential report is still being generated.
* @throws ServiceFailureException
* The request processing has failed because of an unknown error, exception or failure.
* @sample AmazonIdentityManagement.GetCredentialReport
* @see AWS API
* Documentation
*/
@Override
public GetCredentialReportResult getCredentialReport(GetCredentialReportRequest request) {
request = beforeClientExecution(request);
return executeGetCredentialReport(request);
}
@SdkInternalApi
final GetCredentialReportResult executeGetCredentialReport(GetCredentialReportRequest getCredentialReportRequest) {
ExecutionContext executionContext = createExecutionContext(getCredentialReportRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new GetCredentialReportRequestMarshaller().marshall(super.beforeMarshalling(getCredentialReportRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "IAM");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "GetCredentialReport");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
StaxResponseHandler responseHandler = new StaxResponseHandler(
new GetCredentialReportResultStaxUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
@Override
public GetCredentialReportResult getCredentialReport() {
return getCredentialReport(new GetCredentialReportRequest());
}
/**
*
* Returns a list of IAM users that are in the specified IAM group. You can paginate the results using the
* MaxItems and Marker parameters.
*
*
* @param getGroupRequest
* @return Result of the GetGroup operation returned by the service.
* @throws NoSuchEntityException
* The request was rejected because it referenced a resource entity that does not exist. The error message
* describes the resource.
* @throws ServiceFailureException
* The request processing has failed because of an unknown error, exception or failure.
* @sample AmazonIdentityManagement.GetGroup
* @see AWS API
* Documentation
*/
@Override
public GetGroupResult getGroup(GetGroupRequest request) {
request = beforeClientExecution(request);
return executeGetGroup(request);
}
@SdkInternalApi
final GetGroupResult executeGetGroup(GetGroupRequest getGroupRequest) {
ExecutionContext executionContext = createExecutionContext(getGroupRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new GetGroupRequestMarshaller().marshall(super.beforeMarshalling(getGroupRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "IAM");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "GetGroup");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
StaxResponseHandler responseHandler = new StaxResponseHandler(new GetGroupResultStaxUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Retrieves the specified inline policy document that is embedded in the specified IAM group.
*
*
*
* Policies returned by this operation are URL-encoded compliant with RFC 3986. You can use a URL decoding method to convert the policy
* back to plain JSON text. For example, if you use Java, you can use the decode method of the
* java.net.URLDecoder utility class in the Java SDK. Other languages and SDKs provide similar
* functionality.
*
*
*
* An IAM group can also have managed policies attached to it. To retrieve a managed policy document that is
* attached to a group, use GetPolicy to determine the policy's default version, then use
* GetPolicyVersion to retrieve the policy document.
*
*
* For more information about policies, see Managed policies and
* inline policies in the IAM User Guide.
*
*
* @param getGroupPolicyRequest
* @return Result of the GetGroupPolicy operation returned by the service.
* @throws NoSuchEntityException
* The request was rejected because it referenced a resource entity that does not exist. The error message
* describes the resource.
* @throws ServiceFailureException
* The request processing has failed because of an unknown error, exception or failure.
* @sample AmazonIdentityManagement.GetGroupPolicy
* @see AWS API
* Documentation
*/
@Override
public GetGroupPolicyResult getGroupPolicy(GetGroupPolicyRequest request) {
request = beforeClientExecution(request);
return executeGetGroupPolicy(request);
}
@SdkInternalApi
final GetGroupPolicyResult executeGetGroupPolicy(GetGroupPolicyRequest getGroupPolicyRequest) {
ExecutionContext executionContext = createExecutionContext(getGroupPolicyRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new GetGroupPolicyRequestMarshaller().marshall(super.beforeMarshalling(getGroupPolicyRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "IAM");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "GetGroupPolicy");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
StaxResponseHandler responseHandler = new StaxResponseHandler(
new GetGroupPolicyResultStaxUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*