Class: Aws::IAM::Resource

Inherits:

Object

• Object
• Aws::IAM::Resource

Defined in:

lib/aws-sdk-iam/resource.rb,
lib/aws-sdk-iam/customizations/resource.rb

Overview

This class provides a resource oriented interface for IAM. To create a resource object:

resource = Aws::IAM::Resource.new(region: 'us-west-2')

You can supply a client object with custom configuration that will be used for all resource operations. If you do not pass ‘:client`, a default client will be constructed.

client = Aws::IAM::Client.new(region: 'us-west-2')
resource = Aws::IAM::Resource.new(client: client)

Actions

• #change_password(options = {}) ⇒ EmptyStructure
• #create_account_alias(options = {}) ⇒ EmptyStructure
• #create_account_password_policy(options = {}) ⇒ AccountPasswordPolicy
• #create_group(options = {}) ⇒ Group
• #create_instance_profile(options = {}) ⇒ InstanceProfile
• #create_policy(options = {}) ⇒ Policy
• #create_role(options = {}) ⇒ Role
• #create_saml_provider(options = {}) ⇒ SamlProvider
• #create_server_certificate(options = {}) ⇒ ServerCertificate
• #create_signing_certificate(options = {}) ⇒ SigningCertificate
• #create_user(options = {}) ⇒ User
• #create_virtual_mfa_device(options = {}) ⇒ VirtualMfaDevice

Associations

• #account_password_policy ⇒ AccountPasswordPolicy
• #account_summary ⇒ AccountSummary
• #current_user ⇒ CurrentUser
• #group(name) ⇒ Group
• #groups(options = {}) ⇒ Group::Collection
• #instance_profile(name) ⇒ InstanceProfile
• #instance_profiles(options = {}) ⇒ InstanceProfile::Collection
• #policies(options = {}) ⇒ Policy::Collection
• #policy(arn) ⇒ Policy
• #role(name) ⇒ Role
• #roles(options = {}) ⇒ Role::Collection
• #saml_provider(arn) ⇒ SamlProvider
• #saml_providers(options = {}) ⇒ SamlProvider::Collection
• #server_certificate(name) ⇒ ServerCertificate
• #server_certificates(options = {}) ⇒ ServerCertificate::Collection
• #user(name) ⇒ User
• #users(options = {}) ⇒ User::Collection
• #virtual_mfa_device(serial_number) ⇒ VirtualMfaDevice
• #virtual_mfa_devices(options = {}) ⇒ VirtualMfaDevice::Collection

Instance Method Summary

• #client ⇒ Client
• #delete_account_alias ⇒ Seahorse::Client::Response, false

  Returns the response from Client#delete_account_alias if an alias was deleted.

• #initialize(options = {}) ⇒ Resource constructor

  A new instance of Resource.

Constructor Details

#initialize(options = {}) ⇒ Resource

Returns a new instance of Resource.

Parameters:

• options ({}) (defaults to: {})

Options Hash (options):

• :client (Client)

# File 'lib/aws-sdk-iam/resource.rb', line 25

def initialize(options = {})
  @client = options[:client] || Client.new(options)
end

Instance Method Details

#account_password_policy ⇒ AccountPasswordPolicy

Returns:

• (AccountPasswordPolicy)

# File 'lib/aws-sdk-iam/resource.rb', line 776

def account_password_policy
  AccountPasswordPolicy.new(client: @client)
end

#account_summary ⇒ AccountSummary

Returns:

• (AccountSummary)

# File 'lib/aws-sdk-iam/resource.rb', line 781

def account_summary
  AccountSummary.new(client: @client)
end

#change_password(options = {}) ⇒ EmptyStructure

Examples:

Request syntax with placeholder values

iam.change_password({
  old_password: "passwordType", # required
  new_password: "passwordType", # required
})

Parameters:

• options (Hash) (defaults to: {}) —

  ({})

Options Hash (options):

• :old_password (required, String) —

  The IAM user’s current password.

• :new_password (required, String) —

  The new password. The new password must conform to the AWS account’s password policy, if one exists.

  The [regex pattern] that is used to validate this parameter is a string of characters. That string can include almost any printable ASCII character from the space (‘u0020`) through the end of the ASCII character range (`u00FF`). You can also include the tab (`u0009`), line feed (`u000A`), and carriage return (`u000D`) characters. Any of these characters are valid in a password. However, many tools, such as the AWS Management Console, might restrict the ability to type certain characters because they have special meaning within that tool.

  [1]: wikipedia.org/wiki/regex

Returns:

• (EmptyStructure)

# File 'lib/aws-sdk-iam/resource.rb', line 62

def change_password(options = {})
  resp = @client.change_password(options)
  resp.data
end

#client ⇒ Client

Returns:

• (Client)

# File 'lib/aws-sdk-iam/resource.rb', line 30

def client
  @client
end

#create_account_alias(options = {}) ⇒ EmptyStructure

Examples:

Request syntax with placeholder values

iam.create_account_alias({
  account_alias: "accountAliasType", # required
})

Parameters:

• options (Hash) (defaults to: {}) —

  ({})

Options Hash (options):

• :account_alias (required, String) —

  The account alias to create.

  This parameter allows (through its [regex pattern]) a string of characters consisting of lowercase letters, digits, and dashes. You cannot start or finish with a dash, nor can you have two dashes in a row.

  [1]: wikipedia.org/wiki/regex

Returns:

• (EmptyStructure)

# File 'lib/aws-sdk-iam/resource.rb', line 85

def create_account_alias(options = {})
  resp = @client.create_account_alias(options)
  resp.data
end

#create_account_password_policy(options = {}) ⇒ AccountPasswordPolicy

Examples:

Request syntax with placeholder values

accountpasswordpolicy = iam.create_account_password_policy({
  minimum_password_length: 1,
  require_symbols: false,
  require_numbers: false,
  require_uppercase_characters: false,
  require_lowercase_characters: false,
  allow_users_to_change_password: false,
  max_password_age: 1,
  password_reuse_prevention: 1,
  hard_expiry: false,
})

Parameters:

• options (Hash) (defaults to: {}) —

  ({})

Options Hash (options):

• :minimum_password_length (Integer) —

  The minimum number of characters allowed in an IAM user password.

  If you do not specify a value for this parameter, then the operation uses the default value of ‘6`.

• :require_symbols (Boolean) —

  Specifies whether IAM user passwords must contain at least one of the following non-alphanumeric characters:

  ! @ # $ % ^ & * ( ) _ + - = [ ] \{ \} | ‘

  If you do not specify a value for this parameter, then the operation uses the default value of ‘false`. The result is that passwords do not require at least one symbol character.

• :require_numbers (Boolean) —

  Specifies whether IAM user passwords must contain at least one numeric character (0 to 9).

  If you do not specify a value for this parameter, then the operation uses the default value of ‘false`. The result is that passwords do not require at least one numeric character.

• :require_uppercase_characters (Boolean) —

  Specifies whether IAM user passwords must contain at least one uppercase character from the ISO basic Latin alphabet (A to Z).

  If you do not specify a value for this parameter, then the operation uses the default value of ‘false`. The result is that passwords do not require at least one uppercase character.

• :require_lowercase_characters (Boolean) —

  Specifies whether IAM user passwords must contain at least one lowercase character from the ISO basic Latin alphabet (a to z).

  If you do not specify a value for this parameter, then the operation uses the default value of ‘false`. The result is that passwords do not require at least one lowercase character.

• :allow_users_to_change_password (Boolean) —

  Allows all IAM users in your account to use the AWS Management Console to change their own passwords. For more information, see [Letting IAM Users Change Their Own Passwords] in the *IAM User Guide*.

  If you do not specify a value for this parameter, then the operation uses the default value of ‘false`. The result is that IAM users in the account do not automatically have permissions to change their own password.

  [1]: docs.aws.amazon.com/IAM/latest/UserGuide/HowToPwdIAMUser.html

• :max_password_age (Integer) —

  The number of days that an IAM user password is valid.

  If you do not specify a value for this parameter, then the operation uses the default value of ‘0`. The result is that IAM user passwords never expire.

• :password_reuse_prevention (Integer) —

  Specifies the number of previous passwords that IAM users are prevented from reusing.

  If you do not specify a value for this parameter, then the operation uses the default value of ‘0`. The result is that IAM users are not prevented from reusing previous passwords.

• :hard_expiry (Boolean) —

  Prevents IAM users from setting a new password after their password has expired. The IAM user cannot be accessed until an administrator resets the password.

  If you do not specify a value for this parameter, then the operation uses the default value of ‘false`. The result is that IAM users can change their passwords after they expire and continue to sign in as the user.

Returns:

• (AccountPasswordPolicy)

# File 'lib/aws-sdk-iam/resource.rb', line 175

def create_account_password_policy(options = {})
  resp = @client.update_account_password_policy(options)
  AccountPasswordPolicy.new(client: @client)
end

#create_group(options = {}) ⇒ Group

Examples:

Request syntax with placeholder values

group = iam.create_group({
  path: "pathType",
  group_name: "groupNameType", # required
})

Parameters:

• options (Hash) (defaults to: {}) —

  ({})

Options Hash (options):

• :path (String) —

  The path to the group. For more information about paths, see [IAM Identifiers] in the *IAM User Guide*.

  This parameter is optional. If it is not included, it defaults to a slash (/).

  This parameter allows (through its [regex pattern]) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (‘u0021`) through the DEL character (`u007F`), including most punctuation characters, digits, and upper and lowercased letters.

  [1]: docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html [2]: wikipedia.org/wiki/regex

• :group_name (required, String) —

  The name of the group to create. Do not include the path in this value.

  IAM user, group, role, and policy names must be unique within the account. Names are not distinguished by case. For example, you cannot create resources named both “MyResource” and “myresource”.

Returns:

• (Group)

# File 'lib/aws-sdk-iam/resource.rb', line 213

def create_group(options = {})
  resp = @client.create_group(options)
  Group.new(
    name: options[:group_name],
    data: resp.data.group,
    client: @client
  )
end

#create_instance_profile(options = {}) ⇒ InstanceProfile

Examples:

Request syntax with placeholder values

instanceprofile = iam.create_instance_profile({
  instance_profile_name: "instanceProfileNameType", # required
  path: "pathType",
})

Parameters:

• options (Hash) (defaults to: {}) —

  ({})

Options Hash (options):

• :instance_profile_name (required, String) —

  The name of the instance profile to create.

  This parameter allows (through its [regex pattern]) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

  [1]: wikipedia.org/wiki/regex

• :path (String) —

  The path to the instance profile. For more information about paths, see [IAM Identifiers] in the *IAM User Guide*.

  This parameter is optional. If it is not included, it defaults to a slash (/).

  This parameter allows (through its [regex pattern]) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (‘u0021`) through the DEL character (`u007F`), including most punctuation characters, digits, and upper and lowercased letters.

  [1]: docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html [2]: wikipedia.org/wiki/regex

Returns:

• (InstanceProfile)

# File 'lib/aws-sdk-iam/resource.rb', line 259

def create_instance_profile(options = {})
  resp = @client.create_instance_profile(options)
  InstanceProfile.new(
    name: options[:instance_profile_name],
    data: resp.data.instance_profile,
    client: @client
  )
end

#create_policy(options = {}) ⇒ Policy

Examples:

Request syntax with placeholder values

policy = iam.create_policy({
  policy_name: "policyNameType", # required
  path: "policyPathType",
  policy_document: "policyDocumentType", # required
  description: "policyDescriptionType",
})

Parameters:

• options (Hash) (defaults to: {}) —

  ({})

Options Hash (options):

• :policy_name (required, String) —

  The friendly name of the policy.

  IAM user, group, role, and policy names must be unique within the account. Names are not distinguished by case. For example, you cannot create resources named both “MyResource” and “myresource”.

• :path (String) —

  The path for the policy.

  For more information about paths, see [IAM Identifiers] in the *IAM User Guide*.

  This parameter is optional. If it is not included, it defaults to a slash (/).

  This parameter allows (through its [regex pattern]) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (‘u0021`) through the DEL character (`u007F`), including most punctuation characters, digits, and upper and lowercased letters.

  [1]: docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html [2]: wikipedia.org/wiki/regex

• :policy_document (required, String) —

  The JSON policy document that you want to use as the content for the new policy.

  You must provide policies in JSON format in IAM. However, for AWS CloudFormation templates formatted in YAML, you can provide the policy in JSON or YAML format. AWS CloudFormation always converts a YAML policy to JSON format before submitting it to IAM.

  The [regex pattern] used to validate this parameter is a string of characters consisting of the following:

  • Any printable ASCII character ranging from the space character (‘u0020`) through the end of the ASCII character range

  • The printable characters in the Basic Latin and Latin-1 Supplement character set (through ‘u00FF`)

  • The special characters tab (‘u0009`), line feed (`u000A`), and carriage return (`u000D`)

  [1]: wikipedia.org/wiki/regex

• :description (String) —

  A friendly description of the policy.

  Typically used to store information about the permissions defined in the policy. For example, “Grants access to production DynamoDB tables.”

  The policy description is immutable. After a value is assigned, it cannot be changed.

Returns:

• (Policy)

# File 'lib/aws-sdk-iam/resource.rb', line 337

def create_policy(options = {})
  resp = @client.create_policy(options)
  Policy.new(
    arn: resp.data.policy.arn,
    client: @client
  )
end

#create_role(options = {}) ⇒ Role

Examples:

Request syntax with placeholder values

role = iam.create_role({
  path: "pathType",
  role_name: "roleNameType", # required
  assume_role_policy_document: "policyDocumentType", # required
  description: "roleDescriptionType",
  max_session_duration: 1,
  permissions_boundary: "arnType",
  tags: [
    {
      key: "tagKeyType", # required
      value: "tagValueType", # required
    },
  ],
})

Parameters:

• options (Hash) (defaults to: {}) —

  ({})

Options Hash (options):

• :path (String) —

  The path to the role. For more information about paths, see [IAM Identifiers] in the *IAM User Guide*.

  This parameter is optional. If it is not included, it defaults to a slash (/).

  This parameter allows (through its [regex pattern]) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (‘u0021`) through the DEL character (`u007F`), including most punctuation characters, digits, and upper and lowercased letters.

  [1]: docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html [2]: wikipedia.org/wiki/regex

• :role_name (required, String) —

  The name of the role to create.

  IAM user, group, role, and policy names must be unique within the account. Names are not distinguished by case. For example, you cannot create resources named both “MyResource” and “myresource”.

• :assume_role_policy_document (required, String) —

  The trust relationship policy document that grants an entity permission to assume the role.

  In IAM, you must provide a JSON policy that has been converted to a string. However, for AWS CloudFormation templates formatted in YAML, you can provide the policy in JSON or YAML format. AWS CloudFormation always converts a YAML policy to JSON format before submitting it to IAM.

  The [regex pattern] used to validate this parameter is a string of characters consisting of the following:

  • Any printable ASCII character ranging from the space character (‘u0020`) through the end of the ASCII character range

  • The printable characters in the Basic Latin and Latin-1 Supplement character set (through ‘u00FF`)

  • The special characters tab (‘u0009`), line feed (`u000A`), and carriage return (`u000D`)

  Upon success, the response includes the same trust policy in JSON format.

  [1]: wikipedia.org/wiki/regex

• :description (String) —

  A description of the role.

• :max_session_duration (Integer) —

  The maximum session duration (in seconds) that you want to set for the specified role. If you do not specify a value for this setting, the default maximum of one hour is applied. This setting can have a value from 1 hour to 12 hours.

  Anyone who assumes the role from the AWS CLI or API can use the ‘DurationSeconds` API parameter or the `duration-seconds` CLI parameter to request a longer session. The `MaxSessionDuration` setting determines the maximum duration that can be requested using the `DurationSeconds` parameter. If users don’t specify a value for the ‘DurationSeconds` parameter, their security credentials are valid for one hour by default. This applies when you use the `AssumeRole*` API operations or the `assume-role*` CLI operations but does not apply when you use those operations to create a console URL. For more information, see [Using IAM Roles] in the *IAM User Guide*.

  [1]: docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html

• :permissions_boundary (String) —

  The ARN of the policy that is used to set the permissions boundary for the role.

• :tags (Array<Types::Tag>) —

  A list of tags that you want to attach to the newly created role. Each tag consists of a key name and an associated value. For more information about tagging, see [Tagging IAM Identities] in the *IAM User Guide*.

  <note markdown=“1”> If any one of the tags is invalid or if you exceed the allowed number of tags per role, then the entire request fails and the role is not created.

  </note>
  

  [1]: docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html

Returns:

• (Role)

# File 'lib/aws-sdk-iam/resource.rb', line 455

def create_role(options = {})
  resp = @client.create_role(options)
  Role.new(
    name: options[:role_name],
    data: resp.data.role,
    client: @client
  )
end

#create_saml_provider(options = {}) ⇒ SamlProvider

Examples:

Request syntax with placeholder values

samlprovider = iam.create_saml_provider({
  saml_metadata_document: "SAMLMetadataDocumentType", # required
  name: "SAMLProviderNameType", # required
})

Parameters:

• options (Hash) (defaults to: {}) —

  ({})

Options Hash (options):

• :saml_metadata_document (required, String) —

  An XML document generated by an identity provider (IdP) that supports SAML 2.0. The document includes the issuer’s name, expiration information, and keys that can be used to validate the SAML authentication response (assertions) that are received from the IdP. You must generate the metadata document using the identity management software that is used as your organization’s IdP.

  For more information, see [About SAML 2.0-based Federation] in the *IAM User Guide*

  [1]: docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html

• :name (required, String) —

  The name of the provider to create.

  This parameter allows (through its [regex pattern]) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

  [1]: wikipedia.org/wiki/regex

Returns:

• (SamlProvider)

# File 'lib/aws-sdk-iam/resource.rb', line 497

def create_saml_provider(options = {})
  resp = @client.create_saml_provider(options)
  SamlProvider.new(
    arn: resp.data.saml_provider_arn,
    client: @client
  )
end

#create_server_certificate(options = {}) ⇒ ServerCertificate

Examples:

Request syntax with placeholder values

servercertificate = iam.create_server_certificate({
  path: "pathType",
  server_certificate_name: "serverCertificateNameType", # required
  certificate_body: "certificateBodyType", # required
  private_key: "privateKeyType", # required
  certificate_chain: "certificateChainType",
})

Parameters:

• options (Hash) (defaults to: {}) —

  ({})

Options Hash (options):

• :path (String) —

  The path for the server certificate. For more information about paths, see [IAM Identifiers] in the *IAM User Guide*.

  This parameter is optional. If it is not included, it defaults to a slash (/). This parameter allows (through its [regex pattern]) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (‘u0021`) through the DEL character (`u007F`), including most punctuation characters, digits, and upper and lowercased letters.

  <note markdown=“1”> If you are uploading a server certificate specifically for use with Amazon CloudFront distributions, you must specify a path using the ‘path` parameter. The path must begin with `/cloudfront` and must include a trailing slash (for example, `/cloudfront/test/`).

  </note>
  

  [1]: docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html [2]: wikipedia.org/wiki/regex

• :server_certificate_name (required, String) —

  The name for the server certificate. Do not include the path in this value. The name of the certificate cannot contain any spaces.

  This parameter allows (through its [regex pattern]) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

  [1]: wikipedia.org/wiki/regex

• :certificate_body (required, String) —

  The contents of the public key certificate in PEM-encoded format.

  The [regex pattern] used to validate this parameter is a string of characters consisting of the following:

  • Any printable ASCII character ranging from the space character (‘u0020`) through the end of the ASCII character range

  • The printable characters in the Basic Latin and Latin-1 Supplement character set (through ‘u00FF`)

  • The special characters tab (‘u0009`), line feed (`u000A`), and carriage return (`u000D`)

  [1]: wikipedia.org/wiki/regex

• :private_key (required, String) —

  The contents of the private key in PEM-encoded format.

  The [regex pattern] used to validate this parameter is a string of characters consisting of the following:

  • Any printable ASCII character ranging from the space character (‘u0020`) through the end of the ASCII character range

  • The printable characters in the Basic Latin and Latin-1 Supplement character set (through ‘u00FF`)

  • The special characters tab (‘u0009`), line feed (`u000A`), and carriage return (`u000D`)

  [1]: wikipedia.org/wiki/regex

• :certificate_chain (String) —

  The contents of the certificate chain. This is typically a concatenation of the PEM-encoded public key certificates of the chain.

  The [regex pattern] used to validate this parameter is a string of characters consisting of the following:

  • Any printable ASCII character ranging from the space character (‘u0020`) through the end of the ASCII character range

  • The printable characters in the Basic Latin and Latin-1 Supplement character set (through ‘u00FF`)

  • The special characters tab (‘u0009`), line feed (`u000A`), and carriage return (`u000D`)

  [1]: wikipedia.org/wiki/regex

Returns:

• (ServerCertificate)

# File 'lib/aws-sdk-iam/resource.rb', line 606

def create_server_certificate(options = {})
  resp = @client.upload_server_certificate(options)
  ServerCertificate.new(
    name: options[:server_certificate_name],
    client: @client
  )
end

#create_signing_certificate(options = {}) ⇒ SigningCertificate

Examples:

Request syntax with placeholder values

signingcertificate = iam.create_signing_certificate({
  user_name: "existingUserNameType",
  certificate_body: "certificateBodyType", # required
})

Parameters:

• options (Hash) (defaults to: {}) —

  ({})

Options Hash (options):

• :user_name (String) —

  The name of the user the signing certificate is for.

  This parameter allows (through its [regex pattern]) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

  [1]: wikipedia.org/wiki/regex

• :certificate_body (required, String) —

  The contents of the signing certificate.

  The [regex pattern] used to validate this parameter is a string of characters consisting of the following:

  • Any printable ASCII character ranging from the space character (‘u0020`) through the end of the ASCII character range

  • The printable characters in the Basic Latin and Latin-1 Supplement character set (through ‘u00FF`)

  • The special characters tab (‘u0009`), line feed (`u000A`), and carriage return (`u000D`)

  [1]: wikipedia.org/wiki/regex

Returns:

• (SigningCertificate)

# File 'lib/aws-sdk-iam/resource.rb', line 651

def create_signing_certificate(options = {})
  resp = @client.upload_signing_certificate(options)
  SigningCertificate.new(
    id: resp.data.certificate.certificate_id,
    data: resp.data.certificate,
    client: @client
  )
end

#create_user(options = {}) ⇒ User

Examples:

Request syntax with placeholder values

user = iam.create_user({
  path: "pathType",
  user_name: "userNameType", # required
  permissions_boundary: "arnType",
  tags: [
    {
      key: "tagKeyType", # required
      value: "tagValueType", # required
    },
  ],
})

Parameters:

• options (Hash) (defaults to: {}) —

  ({})

Options Hash (options):

• :path (String) —

  The path for the user name. For more information about paths, see [IAM Identifiers] in the *IAM User Guide*.

  This parameter is optional. If it is not included, it defaults to a slash (/).

  This parameter allows (through its [regex pattern]) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (‘u0021`) through the DEL character (`u007F`), including most punctuation characters, digits, and upper and lowercased letters.

  [1]: docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html [2]: wikipedia.org/wiki/regex

• :user_name (required, String) —

  The name of the user to create.

  IAM user, group, role, and policy names must be unique within the account. Names are not distinguished by case. For example, you cannot create resources named both “MyResource” and “myresource”.

• :permissions_boundary (String) —

  The ARN of the policy that is used to set the permissions boundary for the user.

• :tags (Array<Types::Tag>) —

  A list of tags that you want to attach to the newly created user. Each tag consists of a key name and an associated value. For more information about tagging, see [Tagging IAM Identities] in the *IAM User Guide*.

  <note markdown=“1”> If any one of the tags is invalid or if you exceed the allowed number of tags per user, then the entire request fails and the user is not created.

  </note>
  

  [1]: docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html

Returns:

• (User)

# File 'lib/aws-sdk-iam/resource.rb', line 717

def create_user(options = {})
  resp = @client.create_user(options)
  User.new(
    name: options[:user_name],
    data: resp.data.user,
    client: @client
  )
end

#create_virtual_mfa_device(options = {}) ⇒ VirtualMfaDevice

Examples:

Request syntax with placeholder values

virtualmfadevice = iam.create_virtual_mfa_device({
  path: "pathType",
  virtual_mfa_device_name: "virtualMFADeviceName", # required
})

Parameters:

• options (Hash) (defaults to: {}) —

  ({})

Options Hash (options):

• :path (String) —

  The path for the virtual MFA device. For more information about paths, see [IAM Identifiers] in the *IAM User Guide*.

  This parameter is optional. If it is not included, it defaults to a slash (/).

  This parameter allows (through its [regex pattern]) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (‘u0021`) through the DEL character (`u007F`), including most punctuation characters, digits, and upper and lowercased letters.

  [1]: docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html [2]: wikipedia.org/wiki/regex

• :virtual_mfa_device_name (required, String) —

  The name of the virtual MFA device. Use with path to uniquely identify a virtual MFA device.

  This parameter allows (through its [regex pattern]) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

  [1]: wikipedia.org/wiki/regex

Returns:

• (VirtualMfaDevice)

# File 'lib/aws-sdk-iam/resource.rb', line 764

def create_virtual_mfa_device(options = {})
  resp = @client.create_virtual_mfa_device(options)
  VirtualMfaDevice.new(
    serial_number: resp.data.virtual_mfa_device.serial_number,
    data: resp.data.virtual_mfa_device,
    client: @client
  )
end

#current_user ⇒ CurrentUser

Returns:

• (CurrentUser)

# File 'lib/aws-sdk-iam/resource.rb', line 786

def current_user
  CurrentUser.new(client: @client)
end

#delete_account_alias ⇒ Seahorse::Client::Response, false

Returns the response from Client#delete_account_alias if an alias was deleted. Returns ‘false` if this account had no alias to remove.

Returns:

• (Seahorse::Client::Response, false) —

  Returns the response from Client#delete_account_alias if an alias was deleted. Returns ‘false` if this account had no alias to remove.

See Also:

• Client#delete_account_alias

# File 'lib/aws-sdk-iam/customizations/resource.rb', line 9

def delete_account_alias
  if name = @client.list_account_aliases.account_aliases.first
    @client.delete_account_alias(account_alias: name)
  else
    false
  end
end

#group(name) ⇒ Group

Parameters:

• name (String)

Returns:

• (Group)

# File 'lib/aws-sdk-iam/resource.rb', line 792

def group(name)
  Group.new(
    name: name,
    client: @client
  )
end

#groups(options = {}) ⇒ Group::Collection

Examples:

Request syntax with placeholder values

groups = iam.groups({
  path_prefix: "pathPrefixType",
})

Parameters:

• options (Hash) (defaults to: {}) —

  ({})

Options Hash (options):

• :path_prefix (String) —

  The path prefix for filtering the results. For example, the prefix ‘/division_abc/subdivision_xyz/` gets all groups whose path starts with `/division_abc/subdivision_xyz/`.

  This parameter is optional. If it is not included, it defaults to a slash (/), listing all groups. This parameter allows (through its [regex pattern]) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (‘u0021`) through the DEL character (`u007F`), including most punctuation characters, digits, and upper and lowercased letters.

  [1]: wikipedia.org/wiki/regex

Returns:

• (Group::Collection)

# File 'lib/aws-sdk-iam/resource.rb', line 822

def groups(options = {})
  batches = Enumerator.new do |y|
    resp = @client.list_groups(options)
    resp.each_page do |page|
      batch = []
      page.data.groups.each do |g|
        batch << Group.new(
          name: g.group_name,
          data: g,
          client: @client
        )
      end
      y.yield(batch)
    end
  end
  Group::Collection.new(batches)
end

#instance_profile(name) ⇒ InstanceProfile

Parameters:

• name (String)

Returns:

• (InstanceProfile)

# File 'lib/aws-sdk-iam/resource.rb', line 842

def instance_profile(name)
  InstanceProfile.new(
    name: name,
    client: @client
  )
end

#instance_profiles(options = {}) ⇒ InstanceProfile::Collection

Examples:

Request syntax with placeholder values

instance_profiles = iam.instance_profiles({
  path_prefix: "pathPrefixType",
})

Parameters:

• options (Hash) (defaults to: {}) —

  ({})

Options Hash (options):

• :path_prefix (String) —

  The path prefix for filtering the results. For example, the prefix ‘/application_abc/component_xyz/` gets all instance profiles whose path starts with `/application_abc/component_xyz/`.

  This parameter is optional. If it is not included, it defaults to a slash (/), listing all instance profiles. This parameter allows (through its [regex pattern]) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (‘u0021`) through the DEL character (`u007F`), including most punctuation characters, digits, and upper and lowercased letters.

  [1]: wikipedia.org/wiki/regex

Returns:

• (InstanceProfile::Collection)

# File 'lib/aws-sdk-iam/resource.rb', line 873

def instance_profiles(options = {})
  batches = Enumerator.new do |y|
    resp = @client.list_instance_profiles(options)
    resp.each_page do |page|
      batch = []
      page.data.instance_profiles.each do |i|
        batch << InstanceProfile.new(
          name: i.instance_profile_name,
          data: i,
          client: @client
        )
      end
      y.yield(batch)
    end
  end
  InstanceProfile::Collection.new(batches)
end

#policies(options = {}) ⇒ Policy::Collection

Examples:

Request syntax with placeholder values

policies = iam.policies({
  scope: "All", # accepts All, AWS, Local
  only_attached: false,
  path_prefix: "policyPathType",
  policy_usage_filter: "PermissionsPolicy", # accepts PermissionsPolicy, PermissionsBoundary
})

Parameters:

• options (Hash) (defaults to: {}) —

  ({})

Options Hash (options):

• :scope (String) —

  The scope to use for filtering the results.

  To list only AWS managed policies, set ‘Scope` to `AWS`. To list only the customer managed policies in your AWS account, set `Scope` to `Local`.

  This parameter is optional. If it is not included, or if it is set to ‘All`, all policies are returned.

• :only_attached (Boolean) —

  A flag to filter the results to only the attached policies.

  When ‘OnlyAttached` is `true`, the returned list contains only the policies that are attached to an IAM user, group, or role. When `OnlyAttached` is `false`, or when the parameter is not included, all policies are returned.

• :path_prefix (String) —

  The path prefix for filtering the results. This parameter is optional. If it is not included, it defaults to a slash (/), listing all policies. This parameter allows (through its [regex pattern]) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (‘u0021`) through the DEL character (`u007F`), including most punctuation characters, digits, and upper and lowercased letters.

  [1]: wikipedia.org/wiki/regex

• :policy_usage_filter (String) —

  The policy usage method to use for filtering the results.

  To list only permissions policies, set ‘PolicyUsageFilter` to `PermissionsPolicy`. To list only the policies used to set permissions boundaries, set the value to `PermissionsBoundary`.

  This parameter is optional. If it is not included, all policies are returned.

Returns:

• (Policy::Collection)

# File 'lib/aws-sdk-iam/resource.rb', line 940

def policies(options = {})
  batches = Enumerator.new do |y|
    resp = @client.list_policies(options)
    resp.each_page do |page|
      batch = []
      page.data.policies.each do |p|
        batch << Policy.new(
          arn: p.arn,
          data: p,
          client: @client
        )
      end
      y.yield(batch)
    end
  end
  Policy::Collection.new(batches)
end

#policy(arn) ⇒ Policy

Parameters:

• arn (String)

Returns:

• (Policy)

# File 'lib/aws-sdk-iam/resource.rb', line 960

def policy(arn)
  Policy.new(
    arn: arn,
    client: @client
  )
end

#role(name) ⇒ Role

Parameters:

• name (String)

Returns:

• (Role)

# File 'lib/aws-sdk-iam/resource.rb', line 969

def role(name)
  Role.new(
    name: name,
    client: @client
  )
end

#roles(options = {}) ⇒ Role::Collection

Examples:

Request syntax with placeholder values

roles = iam.roles({
  path_prefix: "pathPrefixType",
})

Parameters:

• options (Hash) (defaults to: {}) —

  ({})

Options Hash (options):

• :path_prefix (String) —

  The path prefix for filtering the results. For example, the prefix ‘/application_abc/component_xyz/` gets all roles whose path starts with `/application_abc/component_xyz/`.

  This parameter is optional. If it is not included, it defaults to a slash (/), listing all roles. This parameter allows (through its [regex pattern]) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (‘u0021`) through the DEL character (`u007F`), including most punctuation characters, digits, and upper and lowercased letters.

  [1]: wikipedia.org/wiki/regex

Returns:

• (Role::Collection)

# File 'lib/aws-sdk-iam/resource.rb', line 999

def roles(options = {})
  batches = Enumerator.new do |y|
    resp = @client.list_roles(options)
    resp.each_page do |page|
      batch = []
      page.data.roles.each do |r|
        batch << Role.new(
          name: r.role_name,
          data: r,
          client: @client
        )
      end
      y.yield(batch)
    end
  end
  Role::Collection.new(batches)
end

#saml_provider(arn) ⇒ SamlProvider

Parameters:

• arn (String)

Returns:

• (SamlProvider)

# File 'lib/aws-sdk-iam/resource.rb', line 1019

def saml_provider(arn)
  SamlProvider.new(
    arn: arn,
    client: @client
  )
end

#saml_providers(options = {}) ⇒ SamlProvider::Collection

Examples:

Request syntax with placeholder values

iam.saml_providers()

Parameters:

• options (Hash) (defaults to: {}) —

  ({})

Returns:

• (SamlProvider::Collection)

# File 'lib/aws-sdk-iam/resource.rb', line 1031

def saml_providers(options = {})
  batches = Enumerator.new do |y|
    batch = []
    resp = @client.list_saml_providers(options)
    resp.data.saml_provider_list.each do |s|
      batch << SamlProvider.new(
        arn: s.arn,
        client: @client
      )
    end
    y.yield(batch)
  end
  SamlProvider::Collection.new(batches)
end

#server_certificate(name) ⇒ ServerCertificate

Parameters:

• name (String)

Returns:

• (ServerCertificate)

# File 'lib/aws-sdk-iam/resource.rb', line 1048

def server_certificate(name)
  ServerCertificate.new(
    name: name,
    client: @client
  )
end

#server_certificates(options = {}) ⇒ ServerCertificate::Collection

Examples:

Request syntax with placeholder values

server_certificates = iam.server_certificates({
  path_prefix: "pathPrefixType",
})

Parameters:

• options (Hash) (defaults to: {}) —

  ({})

Options Hash (options):

• :path_prefix (String) —

  The path prefix for filtering the results. For example: ‘/company/servercerts` would get all server certificates for which the path starts with `/company/servercerts`.

  This parameter is optional. If it is not included, it defaults to a slash (/), listing all server certificates. This parameter allows (through its [regex pattern]) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (‘u0021`) through the DEL character (`u007F`), including most punctuation characters, digits, and upper and lowercased letters.

  [1]: wikipedia.org/wiki/regex

Returns:

• (ServerCertificate::Collection)

# File 'lib/aws-sdk-iam/resource.rb', line 1079

def server_certificates(options = {})
  batches = Enumerator.new do |y|
    resp = @client.list_server_certificates(options)
    resp.each_page do |page|
      batch = []
      page.data.server_certificate_metadata_list.each do |s|
        batch << ServerCertificate.new(
          name: s.server_certificate_name,
          client: @client
        )
      end
      y.yield(batch)
    end
  end
  ServerCertificate::Collection.new(batches)
end

#user(name) ⇒ User

Parameters:

• name (String)

Returns:

• (User)

# File 'lib/aws-sdk-iam/resource.rb', line 1098

def user(name)
  User.new(
    name: name,
    client: @client
  )
end

#users(options = {}) ⇒ User::Collection

Examples:

Request syntax with placeholder values

users = iam.users({
  path_prefix: "pathPrefixType",
})

Parameters:

• options (Hash) (defaults to: {}) —

  ({})

Options Hash (options):

• :path_prefix (String) —

  The path prefix for filtering the results. For example: ‘/division_abc/subdivision_xyz/`, which would get all user names whose path starts with `/division_abc/subdivision_xyz/`.

  This parameter is optional. If it is not included, it defaults to a slash (/), listing all user names. This parameter allows (through its [regex pattern]) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (‘u0021`) through the DEL character (`u007F`), including most punctuation characters, digits, and upper and lowercased letters.

  [1]: wikipedia.org/wiki/regex

Returns:

• (User::Collection)

# File 'lib/aws-sdk-iam/resource.rb', line 1128

def users(options = {})
  batches = Enumerator.new do |y|
    resp = @client.list_users(options)
    resp.each_page do |page|
      batch = []
      page.data.users.each do |u|
        batch << User.new(
          name: u.user_name,
          data: u,
          client: @client
        )
      end
      y.yield(batch)
    end
  end
  User::Collection.new(batches)
end

#virtual_mfa_device(serial_number) ⇒ VirtualMfaDevice

Parameters:

• serial_number (String)

Returns:

• (VirtualMfaDevice)

# File 'lib/aws-sdk-iam/resource.rb', line 1148

def virtual_mfa_device(serial_number)
  VirtualMfaDevice.new(
    serial_number: serial_number,
    client: @client
  )
end

#virtual_mfa_devices(options = {}) ⇒ VirtualMfaDevice::Collection

Examples:

Request syntax with placeholder values

virtual_mfa_devices = iam.virtual_mfa_devices({
  assignment_status: "Assigned", # accepts Assigned, Unassigned, Any
})

Parameters:

• options (Hash) (defaults to: {}) —

  ({})

Options Hash (options):

• :assignment_status (String) —

  The status (‘Unassigned` or `Assigned`) of the devices to list. If you do not specify an `AssignmentStatus`, the operation defaults to `Any`, which lists both assigned and unassigned virtual MFA devices.,

Returns:

• (VirtualMfaDevice::Collection)

# File 'lib/aws-sdk-iam/resource.rb', line 1166

def virtual_mfa_devices(options = {})
  batches = Enumerator.new do |y|
    resp = @client.list_virtual_mfa_devices(options)
    resp.each_page do |page|
      batch = []
      page.data.virtual_mfa_devices.each do |v|
        batch << VirtualMfaDevice.new(
          serial_number: v.serial_number,
          data: v,
          client: @client
        )
      end
      y.yield(batch)
    end
  end
  VirtualMfaDevice::Collection.new(batches)
end