com.amazonaws.services.iamrolesanywhere.AWSIAMRolesAnywhere Maven / Gradle / Ivy
Show all versions of aws-java-sdk-iamrolesanywhere Show documentation
/*
* Copyright 2019-2024 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with
* the License. A copy of the License is located at
*
* http://aws.amazon.com/apache2.0
*
* or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
* CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions
* and limitations under the License.
*/
package com.amazonaws.services.iamrolesanywhere;
import javax.annotation.Generated;
import com.amazonaws.*;
import com.amazonaws.regions.*;
import com.amazonaws.services.iamrolesanywhere.model.*;
/**
* Interface for accessing IAM Roles Anywhere.
*
* Note: Do not directly implement this interface, new methods are added to it regularly. Extend from
* {@link com.amazonaws.services.iamrolesanywhere.AbstractAWSIAMRolesAnywhere} instead.
*
*
*
* Identity and Access Management Roles Anywhere provides a secure way for your workloads such as servers, containers,
* and applications that run outside of Amazon Web Services to obtain temporary Amazon Web Services credentials. Your
* workloads can use the same IAM policies and roles you have for native Amazon Web Services applications to access
* Amazon Web Services resources. Using IAM Roles Anywhere eliminates the need to manage long-term credentials for
* workloads running outside of Amazon Web Services.
*
*
* To use IAM Roles Anywhere, your workloads must use X.509 certificates issued by their certificate authority (CA). You
* register the CA with IAM Roles Anywhere as a trust anchor to establish trust between your public key infrastructure
* (PKI) and IAM Roles Anywhere. If you don't manage your own PKI system, you can use Private Certificate Authority to
* create a CA and then use that to establish trust with IAM Roles Anywhere.
*
*
* This guide describes the IAM Roles Anywhere operations that you can call programmatically. For more information about
* IAM Roles Anywhere, see the IAM Roles Anywhere User
* Guide.
*
*/
@Generated("com.amazonaws:aws-java-sdk-code-generator")
public interface AWSIAMRolesAnywhere {
/**
* The region metadata service name for computing region endpoints. You can use this value to retrieve metadata
* (such as supported regions) of the service.
*
* @see RegionUtils#getRegionsForService(String)
*/
String ENDPOINT_PREFIX = "rolesanywhere";
/**
*
* Creates a profile, a list of the roles that Roles Anywhere service is trusted to assume. You use profiles
* to intersect permissions with IAM managed policies.
*
*
* Required permissions: rolesanywhere:CreateProfile.
*
*
* @param createProfileRequest
* @return Result of the CreateProfile operation returned by the service.
* @throws ValidationException
* Validation exception error.
* @throws AccessDeniedException
* You do not have sufficient access to perform this action.
* @sample AWSIAMRolesAnywhere.CreateProfile
* @see AWS
* API Documentation
*/
CreateProfileResult createProfile(CreateProfileRequest createProfileRequest);
/**
*
* Creates a trust anchor to establish trust between IAM Roles Anywhere and your certificate authority (CA). You can
* define a trust anchor as a reference to an Private Certificate Authority (Private CA) or by uploading a CA
* certificate. Your Amazon Web Services workloads can authenticate with the trust anchor using certificates issued
* by the CA in exchange for temporary Amazon Web Services credentials.
*
*
* Required permissions: rolesanywhere:CreateTrustAnchor.
*
*
* @param createTrustAnchorRequest
* @return Result of the CreateTrustAnchor operation returned by the service.
* @throws ValidationException
* Validation exception error.
* @throws AccessDeniedException
* You do not have sufficient access to perform this action.
* @sample AWSIAMRolesAnywhere.CreateTrustAnchor
* @see AWS API Documentation
*/
CreateTrustAnchorResult createTrustAnchor(CreateTrustAnchorRequest createTrustAnchorRequest);
/**
*
* Delete an entry from the attribute mapping rules enforced by a given profile.
*
*
* @param deleteAttributeMappingRequest
* @return Result of the DeleteAttributeMapping operation returned by the service.
* @throws ValidationException
* Validation exception error.
* @throws ResourceNotFoundException
* The resource could not be found.
* @throws AccessDeniedException
* You do not have sufficient access to perform this action.
* @sample AWSIAMRolesAnywhere.DeleteAttributeMapping
* @see AWS API Documentation
*/
DeleteAttributeMappingResult deleteAttributeMapping(DeleteAttributeMappingRequest deleteAttributeMappingRequest);
/**
*
* Deletes a certificate revocation list (CRL).
*
*
* Required permissions: rolesanywhere:DeleteCrl.
*
*
* @param deleteCrlRequest
* @return Result of the DeleteCrl operation returned by the service.
* @throws ResourceNotFoundException
* The resource could not be found.
* @throws AccessDeniedException
* You do not have sufficient access to perform this action.
* @sample AWSIAMRolesAnywhere.DeleteCrl
* @see AWS API
* Documentation
*/
DeleteCrlResult deleteCrl(DeleteCrlRequest deleteCrlRequest);
/**
*
* Deletes a profile.
*
*
* Required permissions: rolesanywhere:DeleteProfile.
*
*
* @param deleteProfileRequest
* @return Result of the DeleteProfile operation returned by the service.
* @throws ResourceNotFoundException
* The resource could not be found.
* @throws AccessDeniedException
* You do not have sufficient access to perform this action.
* @sample AWSIAMRolesAnywhere.DeleteProfile
* @see AWS
* API Documentation
*/
DeleteProfileResult deleteProfile(DeleteProfileRequest deleteProfileRequest);
/**
*
* Deletes a trust anchor.
*
*
* Required permissions: rolesanywhere:DeleteTrustAnchor.
*
*
* @param deleteTrustAnchorRequest
* @return Result of the DeleteTrustAnchor operation returned by the service.
* @throws ResourceNotFoundException
* The resource could not be found.
* @throws AccessDeniedException
* You do not have sufficient access to perform this action.
* @sample AWSIAMRolesAnywhere.DeleteTrustAnchor
* @see AWS API Documentation
*/
DeleteTrustAnchorResult deleteTrustAnchor(DeleteTrustAnchorRequest deleteTrustAnchorRequest);
/**
*
* Disables a certificate revocation list (CRL).
*
*
* Required permissions: rolesanywhere:DisableCrl.
*
*
* @param disableCrlRequest
* @return Result of the DisableCrl operation returned by the service.
* @throws ResourceNotFoundException
* The resource could not be found.
* @throws AccessDeniedException
* You do not have sufficient access to perform this action.
* @sample AWSIAMRolesAnywhere.DisableCrl
* @see AWS API
* Documentation
*/
DisableCrlResult disableCrl(DisableCrlRequest disableCrlRequest);
/**
*
* Disables a profile. When disabled, temporary credential requests with this profile fail.
*
*
* Required permissions: rolesanywhere:DisableProfile.
*
*
* @param disableProfileRequest
* @return Result of the DisableProfile operation returned by the service.
* @throws ResourceNotFoundException
* The resource could not be found.
* @throws AccessDeniedException
* You do not have sufficient access to perform this action.
* @sample AWSIAMRolesAnywhere.DisableProfile
* @see AWS
* API Documentation
*/
DisableProfileResult disableProfile(DisableProfileRequest disableProfileRequest);
/**
*
* Disables a trust anchor. When disabled, temporary credential requests specifying this trust anchor are
* unauthorized.
*
*
* Required permissions: rolesanywhere:DisableTrustAnchor.
*
*
* @param disableTrustAnchorRequest
* @return Result of the DisableTrustAnchor operation returned by the service.
* @throws ResourceNotFoundException
* The resource could not be found.
* @throws AccessDeniedException
* You do not have sufficient access to perform this action.
* @sample AWSIAMRolesAnywhere.DisableTrustAnchor
* @see AWS API Documentation
*/
DisableTrustAnchorResult disableTrustAnchor(DisableTrustAnchorRequest disableTrustAnchorRequest);
/**
*
* Enables a certificate revocation list (CRL). When enabled, certificates stored in the CRL are unauthorized to
* receive session credentials.
*
*
* Required permissions: rolesanywhere:EnableCrl.
*
*
* @param enableCrlRequest
* @return Result of the EnableCrl operation returned by the service.
* @throws ResourceNotFoundException
* The resource could not be found.
* @throws AccessDeniedException
* You do not have sufficient access to perform this action.
* @sample AWSIAMRolesAnywhere.EnableCrl
* @see AWS API
* Documentation
*/
EnableCrlResult enableCrl(EnableCrlRequest enableCrlRequest);
/**
*
* Enables temporary credential requests for a profile.
*
*
* Required permissions: rolesanywhere:EnableProfile.
*
*
* @param enableProfileRequest
* @return Result of the EnableProfile operation returned by the service.
* @throws ResourceNotFoundException
* The resource could not be found.
* @throws AccessDeniedException
* You do not have sufficient access to perform this action.
* @sample AWSIAMRolesAnywhere.EnableProfile
* @see AWS
* API Documentation
*/
EnableProfileResult enableProfile(EnableProfileRequest enableProfileRequest);
/**
*
* Enables a trust anchor. When enabled, certificates in the trust anchor chain are authorized for trust validation.
*
*
* Required permissions: rolesanywhere:EnableTrustAnchor.
*
*
* @param enableTrustAnchorRequest
* @return Result of the EnableTrustAnchor operation returned by the service.
* @throws ResourceNotFoundException
* The resource could not be found.
* @throws AccessDeniedException
* You do not have sufficient access to perform this action.
* @sample AWSIAMRolesAnywhere.EnableTrustAnchor
* @see AWS API Documentation
*/
EnableTrustAnchorResult enableTrustAnchor(EnableTrustAnchorRequest enableTrustAnchorRequest);
/**
*
* Gets a certificate revocation list (CRL).
*
*
* Required permissions: rolesanywhere:GetCrl.
*
*
* @param getCrlRequest
* @return Result of the GetCrl operation returned by the service.
* @throws ResourceNotFoundException
* The resource could not be found.
* @sample AWSIAMRolesAnywhere.GetCrl
* @see AWS API
* Documentation
*/
GetCrlResult getCrl(GetCrlRequest getCrlRequest);
/**
*
* Gets a profile.
*
*
* Required permissions: rolesanywhere:GetProfile.
*
*
* @param getProfileRequest
* @return Result of the GetProfile operation returned by the service.
* @throws ResourceNotFoundException
* The resource could not be found.
* @throws AccessDeniedException
* You do not have sufficient access to perform this action.
* @sample AWSIAMRolesAnywhere.GetProfile
* @see AWS API
* Documentation
*/
GetProfileResult getProfile(GetProfileRequest getProfileRequest);
/**
*
* Gets a subject, which associates a certificate identity with authentication attempts. The subject stores
* auditing information such as the status of the last authentication attempt, the certificate data used in the
* attempt, and the last time the associated identity attempted authentication.
*
*
* Required permissions: rolesanywhere:GetSubject.
*
*
* @param getSubjectRequest
* @return Result of the GetSubject operation returned by the service.
* @throws ResourceNotFoundException
* The resource could not be found.
* @throws AccessDeniedException
* You do not have sufficient access to perform this action.
* @sample AWSIAMRolesAnywhere.GetSubject
* @see AWS API
* Documentation
*/
GetSubjectResult getSubject(GetSubjectRequest getSubjectRequest);
/**
*
* Gets a trust anchor.
*
*
* Required permissions: rolesanywhere:GetTrustAnchor.
*
*
* @param getTrustAnchorRequest
* @return Result of the GetTrustAnchor operation returned by the service.
* @throws ValidationException
* Validation exception error.
* @throws ResourceNotFoundException
* The resource could not be found.
* @throws AccessDeniedException
* You do not have sufficient access to perform this action.
* @sample AWSIAMRolesAnywhere.GetTrustAnchor
* @see AWS
* API Documentation
*/
GetTrustAnchorResult getTrustAnchor(GetTrustAnchorRequest getTrustAnchorRequest);
/**
*
* Imports the certificate revocation list (CRL). A CRL is a list of certificates that have been revoked by the
* issuing certificate Authority (CA).In order to be properly imported, a CRL must be in PEM format. IAM Roles
* Anywhere validates against the CRL before issuing credentials.
*
*
* Required permissions: rolesanywhere:ImportCrl.
*
*
* @param importCrlRequest
* @return Result of the ImportCrl operation returned by the service.
* @throws ValidationException
* Validation exception error.
* @throws AccessDeniedException
* You do not have sufficient access to perform this action.
* @sample AWSIAMRolesAnywhere.ImportCrl
* @see AWS API
* Documentation
*/
ImportCrlResult importCrl(ImportCrlRequest importCrlRequest);
/**
*
* Lists all certificate revocation lists (CRL) in the authenticated account and Amazon Web Services Region.
*
*
* Required permissions: rolesanywhere:ListCrls.
*
*
* @param listCrlsRequest
* @return Result of the ListCrls operation returned by the service.
* @throws ValidationException
* Validation exception error.
* @throws AccessDeniedException
* You do not have sufficient access to perform this action.
* @sample AWSIAMRolesAnywhere.ListCrls
* @see AWS API
* Documentation
*/
ListCrlsResult listCrls(ListCrlsRequest listCrlsRequest);
/**
*
* Lists all profiles in the authenticated account and Amazon Web Services Region.
*
*
* Required permissions: rolesanywhere:ListProfiles.
*
*
* @param listProfilesRequest
* @return Result of the ListProfiles operation returned by the service.
* @throws ValidationException
* Validation exception error.
* @throws AccessDeniedException
* You do not have sufficient access to perform this action.
* @sample AWSIAMRolesAnywhere.ListProfiles
* @see AWS API
* Documentation
*/
ListProfilesResult listProfiles(ListProfilesRequest listProfilesRequest);
/**
*
* Lists the subjects in the authenticated account and Amazon Web Services Region.
*
*
* Required permissions: rolesanywhere:ListSubjects.
*
*
* @param listSubjectsRequest
* @return Result of the ListSubjects operation returned by the service.
* @throws ValidationException
* Validation exception error.
* @throws AccessDeniedException
* You do not have sufficient access to perform this action.
* @sample AWSIAMRolesAnywhere.ListSubjects
* @see AWS API
* Documentation
*/
ListSubjectsResult listSubjects(ListSubjectsRequest listSubjectsRequest);
/**
*
* Lists the tags attached to the resource.
*
*
* Required permissions: rolesanywhere:ListTagsForResource.
*
*
* @param listTagsForResourceRequest
* @return Result of the ListTagsForResource operation returned by the service.
* @throws ValidationException
* Validation exception error.
* @throws ResourceNotFoundException
* The resource could not be found.
* @throws AccessDeniedException
* You do not have sufficient access to perform this action.
* @sample AWSIAMRolesAnywhere.ListTagsForResource
* @see AWS API Documentation
*/
ListTagsForResourceResult listTagsForResource(ListTagsForResourceRequest listTagsForResourceRequest);
/**
*
* Lists the trust anchors in the authenticated account and Amazon Web Services Region.
*
*
* Required permissions: rolesanywhere:ListTrustAnchors.
*
*
* @param listTrustAnchorsRequest
* @return Result of the ListTrustAnchors operation returned by the service.
* @throws ValidationException
* Validation exception error.
* @throws AccessDeniedException
* You do not have sufficient access to perform this action.
* @sample AWSIAMRolesAnywhere.ListTrustAnchors
* @see AWS
* API Documentation
*/
ListTrustAnchorsResult listTrustAnchors(ListTrustAnchorsRequest listTrustAnchorsRequest);
/**
*
* Put an entry in the attribute mapping rules that will be enforced by a given profile. A mapping specifies a
* certificate field and one or more specifiers that have contextual meanings.
*
*
* @param putAttributeMappingRequest
* @return Result of the PutAttributeMapping operation returned by the service.
* @throws ValidationException
* Validation exception error.
* @throws ResourceNotFoundException
* The resource could not be found.
* @throws AccessDeniedException
* You do not have sufficient access to perform this action.
* @sample AWSIAMRolesAnywhere.PutAttributeMapping
* @see AWS API Documentation
*/
PutAttributeMappingResult putAttributeMapping(PutAttributeMappingRequest putAttributeMappingRequest);
/**
*
* Attaches a list of notification settings to a trust anchor.
*
*
* A notification setting includes information such as event name, threshold, status of the notification setting,
* and the channel to notify.
*
*
* Required permissions: rolesanywhere:PutNotificationSettings.
*
*
* @param putNotificationSettingsRequest
* @return Result of the PutNotificationSettings operation returned by the service.
* @throws ValidationException
* Validation exception error.
* @throws ResourceNotFoundException
* The resource could not be found.
* @throws AccessDeniedException
* You do not have sufficient access to perform this action.
* @sample AWSIAMRolesAnywhere.PutNotificationSettings
* @see AWS API Documentation
*/
PutNotificationSettingsResult putNotificationSettings(PutNotificationSettingsRequest putNotificationSettingsRequest);
/**
*
* Resets the custom notification setting to IAM Roles Anywhere default setting.
*
*
* Required permissions: rolesanywhere:ResetNotificationSettings.
*
*
* @param resetNotificationSettingsRequest
* @return Result of the ResetNotificationSettings operation returned by the service.
* @throws ValidationException
* Validation exception error.
* @throws ResourceNotFoundException
* The resource could not be found.
* @throws AccessDeniedException
* You do not have sufficient access to perform this action.
* @sample AWSIAMRolesAnywhere.ResetNotificationSettings
* @see AWS API Documentation
*/
ResetNotificationSettingsResult resetNotificationSettings(ResetNotificationSettingsRequest resetNotificationSettingsRequest);
/**
*
* Attaches tags to a resource.
*
*
* Required permissions: rolesanywhere:TagResource.
*
*
* @param tagResourceRequest
* @return Result of the TagResource operation returned by the service.
* @throws ValidationException
* Validation exception error.
* @throws ResourceNotFoundException
* The resource could not be found.
* @throws AccessDeniedException
* You do not have sufficient access to perform this action.
* @throws TooManyTagsException
* Too many tags.
* @sample AWSIAMRolesAnywhere.TagResource
* @see AWS API
* Documentation
*/
TagResourceResult tagResource(TagResourceRequest tagResourceRequest);
/**
*
* Removes tags from the resource.
*
*
* Required permissions: rolesanywhere:UntagResource.
*
*
* @param untagResourceRequest
* @return Result of the UntagResource operation returned by the service.
* @throws ValidationException
* Validation exception error.
* @throws ResourceNotFoundException
* The resource could not be found.
* @throws AccessDeniedException
* You do not have sufficient access to perform this action.
* @sample AWSIAMRolesAnywhere.UntagResource
* @see AWS
* API Documentation
*/
UntagResourceResult untagResource(UntagResourceRequest untagResourceRequest);
/**
*
* Updates the certificate revocation list (CRL). A CRL is a list of certificates that have been revoked by the
* issuing certificate authority (CA). IAM Roles Anywhere validates against the CRL before issuing credentials.
*
*
* Required permissions: rolesanywhere:UpdateCrl.
*
*
* @param updateCrlRequest
* @return Result of the UpdateCrl operation returned by the service.
* @throws ValidationException
* Validation exception error.
* @throws ResourceNotFoundException
* The resource could not be found.
* @throws AccessDeniedException
* You do not have sufficient access to perform this action.
* @sample AWSIAMRolesAnywhere.UpdateCrl
* @see AWS API
* Documentation
*/
UpdateCrlResult updateCrl(UpdateCrlRequest updateCrlRequest);
/**
*
* Updates a profile, a list of the roles that IAM Roles Anywhere service is trusted to assume. You use
* profiles to intersect permissions with IAM managed policies.
*
*
* Required permissions: rolesanywhere:UpdateProfile.
*
*
* @param updateProfileRequest
* @return Result of the UpdateProfile operation returned by the service.
* @throws ValidationException
* Validation exception error.
* @throws ResourceNotFoundException
* The resource could not be found.
* @throws AccessDeniedException
* You do not have sufficient access to perform this action.
* @sample AWSIAMRolesAnywhere.UpdateProfile
* @see AWS
* API Documentation
*/
UpdateProfileResult updateProfile(UpdateProfileRequest updateProfileRequest);
/**
*
* Updates a trust anchor. You establish trust between IAM Roles Anywhere and your certificate authority (CA) by
* configuring a trust anchor. You can define a trust anchor as a reference to an Private Certificate Authority
* (Private CA) or by uploading a CA certificate. Your Amazon Web Services workloads can authenticate with the trust
* anchor using certificates issued by the CA in exchange for temporary Amazon Web Services credentials.
*
*
* Required permissions: rolesanywhere:UpdateTrustAnchor.
*
*
* @param updateTrustAnchorRequest
* @return Result of the UpdateTrustAnchor operation returned by the service.
* @throws ValidationException
* Validation exception error.
* @throws ResourceNotFoundException
* The resource could not be found.
* @throws AccessDeniedException
* You do not have sufficient access to perform this action.
* @sample AWSIAMRolesAnywhere.UpdateTrustAnchor
* @see AWS API Documentation
*/
UpdateTrustAnchorResult updateTrustAnchor(UpdateTrustAnchorRequest updateTrustAnchorRequest);
/**
* Shuts down this client object, releasing any resources that might be held open. This is an optional method, and
* callers are not expected to call it, but can if they want to explicitly release any open resources. Once a client
* has been shutdown, it should not be used to make any more requests.
*/
void shutdown();
/**
* Returns additional metadata for a previously executed successful request, typically used for debugging issues
* where a service isn't acting as expected. This data isn't considered part of the result data returned by an
* operation, so it's available through this separate, diagnostic interface.
*
* Response metadata is only cached for a limited period of time, so if you need to access this extra diagnostic
* information for an executed request, you should use this method to retrieve it as soon as possible after
* executing a request.
*
* @param request
* The originally executed request.
*
* @return The response metadata for the specified request, or null if none is available.
*/
ResponseMetadata getCachedResponseMetadata(AmazonWebServiceRequest request);
}