Class: Aws::IAM::AccountPasswordPolicy

Inherits:

Object

• Object
• Aws::IAM::AccountPasswordPolicy

Extended by:

Deprecations

Defined in:

lib/aws-sdk-iam/account_password_policy.rb

Defined Under Namespace

Classes: Collection

Read-Only Attributes

• #allow_users_to_change_password ⇒ Boolean

  Specifies whether IAM users are allowed to change their own password.

• #expire_passwords ⇒ Boolean

  Indicates whether passwords in the account expire.

• #hard_expiry ⇒ Boolean

  Specifies whether IAM users are prevented from setting a new password via the Amazon Web Services Management Console after their password has expired.

• #max_password_age ⇒ Integer

  The number of days that an IAM user password is valid.

• #minimum_password_length ⇒ Integer

  Minimum length to require for IAM user passwords.

• #password_reuse_prevention ⇒ Integer

  Specifies the number of previous passwords that IAM users are prevented from reusing.

• #require_lowercase_characters ⇒ Boolean

  Specifies whether IAM user passwords must contain at least one lowercase character (a to z).

• #require_numbers ⇒ Boolean

  Specifies whether IAM user passwords must contain at least one numeric character (0 to 9).

• #require_symbols ⇒ Boolean

  Specifies whether IAM user passwords must contain at least one of the following symbols:.

• #require_uppercase_characters ⇒ Boolean

  Specifies whether IAM user passwords must contain at least one uppercase character (A to Z).

Actions

• #delete(options = {}) ⇒ EmptyStructure
• #identifiers ⇒ Object deprecated private Deprecated.
• #update(options = {}) ⇒ EmptyStructure

Instance Method Summary

• #client ⇒ Client
• #data ⇒ Types::PasswordPolicy

  Returns the data for this AccountPasswordPolicy.

• #data_loaded? ⇒ Boolean

  Returns ‘true` if this resource is loaded.

• #initialize(options = {}) ⇒ AccountPasswordPolicy constructor

  A new instance of AccountPasswordPolicy.

• #load ⇒ self (also: #reload)

  Loads, or reloads #data for the current AccountPasswordPolicy.

• #wait_until(options = {}) {|resource| ... } ⇒ Resource deprecated Deprecated.

  Use [Aws::IAM::Client] #wait_until instead

Constructor Details

#initialize(options = {}) ⇒ AccountPasswordPolicy

Returns a new instance of AccountPasswordPolicy.

Options Hash (options):

• :client (Client)

# File 'lib/aws-sdk-iam/account_password_policy.rb', line 18

def initialize(*args)
  options = Hash === args.last ? args.pop.dup : {}
  @data = options.delete(:data)
  @client = options.delete(:client) || Client.new(options)
  @waiter_block_warned = false
end

Instance Method Details

#allow_users_to_change_password ⇒ Boolean

Specifies whether IAM users are allowed to change their own password. Gives IAM users permissions to ‘iam:ChangePassword` for only their user and to the `iam:GetAccountPasswordPolicy` action. This option does not attach a permissions policy to each user, rather the permissions are applied at the account-level for all users by IAM.

Returns:

• (Boolean)

# File 'lib/aws-sdk-iam/account_password_policy.rb', line 69

def allow_users_to_change_password
  data[:allow_users_to_change_password]
end

#client ⇒ Client

Returns:

• (Client)

# File 'lib/aws-sdk-iam/account_password_policy.rb', line 108

def client
  @client
end

#data ⇒ Types::PasswordPolicy

Returns the data for this Aws::IAM::AccountPasswordPolicy. Calls Client#get_account_password_policy if #data_loaded? is ‘false`.

Returns:

• (Types::PasswordPolicy) —

  Returns the data for this Aws::IAM::AccountPasswordPolicy. Calls Client#get_account_password_policy if #data_loaded? is ‘false`.

# File 'lib/aws-sdk-iam/account_password_policy.rb', line 130

def data
  load unless @data
  @data
end

#data_loaded? ⇒ Boolean

Returns ‘true` if this resource is loaded. Accessing attributes or #data on an unloaded resource will trigger a call to #load.

Returns:

• (Boolean) —

  Returns ‘true` if this resource is loaded. Accessing attributes or #data on an unloaded resource will trigger a call to #load.

# File 'lib/aws-sdk-iam/account_password_policy.rb', line 138

def data_loaded?
  !!@data
end

#delete(options = {}) ⇒ EmptyStructure

Examples:

Request syntax with placeholder values

account_password_policy.delete()

Parameters:

• options (Hash) (defaults to: {}) —

  ({})

Returns:

• (EmptyStructure)

# File 'lib/aws-sdk-iam/account_password_policy.rb', line 248

def delete(options = {})
  resp = Aws::Plugins::UserAgent.feature('resource') do
    @client.delete_account_password_policy(options)
  end
  resp.data
end

#expire_passwords ⇒ Boolean

Indicates whether passwords in the account expire. Returns true if ‘MaxPasswordAge` contains a value greater than 0. Returns false if MaxPasswordAge is 0 or not present.

Returns:

• (Boolean)

# File 'lib/aws-sdk-iam/account_password_policy.rb', line 77

def expire_passwords
  data[:expire_passwords]
end

#hard_expiry ⇒ Boolean

Specifies whether IAM users are prevented from setting a new password via the Amazon Web Services Management Console after their password has expired. The IAM user cannot access the console until an administrator resets the password. IAM users with ‘iam:ChangePassword` permission and active access keys can reset their own expired console password using the CLI or API.

Returns:

• (Boolean)

# File 'lib/aws-sdk-iam/account_password_policy.rb', line 101

def hard_expiry
  data[:hard_expiry]
end

#identifiers ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Deprecated.

# File 'lib/aws-sdk-iam/account_password_policy.rb', line 362

def identifiers
  {}
end

#load ⇒ self Also known as: reload

Loads, or reloads #data for the current Aws::IAM::AccountPasswordPolicy. Returns ‘self` making it possible to chain methods.

account_password_policy.reload.data

Returns:

• (self)

# File 'lib/aws-sdk-iam/account_password_policy.rb', line 118

def load
  resp = Aws::Plugins::UserAgent.feature('resource') do
    @client.get_account_password_policy
  end
  @data = resp.password_policy
  self
end

#max_password_age ⇒ Integer

The number of days that an IAM user password is valid.

Returns:

• (Integer)

# File 'lib/aws-sdk-iam/account_password_policy.rb', line 83

def max_password_age
  data[:max_password_age]
end

#minimum_password_length ⇒ Integer

Minimum length to require for IAM user passwords.

Returns:

• (Integer)

# File 'lib/aws-sdk-iam/account_password_policy.rb', line 29

def minimum_password_length
  data[:minimum_password_length]
end

#password_reuse_prevention ⇒ Integer

Specifies the number of previous passwords that IAM users are prevented from reusing.

Returns:

• (Integer)

# File 'lib/aws-sdk-iam/account_password_policy.rb', line 90

def password_reuse_prevention
  data[:password_reuse_prevention]
end

#require_lowercase_characters ⇒ Boolean

Specifies whether IAM user passwords must contain at least one lowercase character (a to z).

Returns:

• (Boolean)

# File 'lib/aws-sdk-iam/account_password_policy.rb', line 59

def require_lowercase_characters
  data[:require_lowercase_characters]
end

#require_numbers ⇒ Boolean

Specifies whether IAM user passwords must contain at least one numeric character (0 to 9).

Returns:

• (Boolean)

# File 'lib/aws-sdk-iam/account_password_policy.rb', line 45

def require_numbers
  data[:require_numbers]
end

#require_symbols ⇒ Boolean

Specifies whether IAM user passwords must contain at least one of the following symbols:

! @ # $ % ^ & * ( ) _ + - = [ ] \{ \} | ‘

Returns:

• (Boolean)

# File 'lib/aws-sdk-iam/account_password_policy.rb', line 38

def require_symbols
  data[:require_symbols]
end

#require_uppercase_characters ⇒ Boolean

Specifies whether IAM user passwords must contain at least one uppercase character (A to Z).

Returns:

• (Boolean)

# File 'lib/aws-sdk-iam/account_password_policy.rb', line 52

def require_uppercase_characters
  data[:require_uppercase_characters]
end

#update(options = {}) ⇒ EmptyStructure

Examples:

Request syntax with placeholder values

account_password_policy.update({
  minimum_password_length: 1,
  require_symbols: false,
  require_numbers: false,
  require_uppercase_characters: false,
  require_lowercase_characters: false,
  allow_users_to_change_password: false,
  max_password_age: 1,
  password_reuse_prevention: 1,
  hard_expiry: false,
})

Parameters:

• options (Hash) (defaults to: {}) —

  ({})

Options Hash (options):

• :minimum_password_length (Integer) —

  The minimum number of characters allowed in an IAM user password.

  If you do not specify a value for this parameter, then the operation uses the default value of ‘6`.

• :require_symbols (Boolean) —

  Specifies whether IAM user passwords must contain at least one of the following non-alphanumeric characters:

  ! @ # $ % ^ & * ( ) _ + - = [ ] \{ \} | ‘

  If you do not specify a value for this parameter, then the operation uses the default value of ‘false`. The result is that passwords do not require at least one symbol character.

• :require_numbers (Boolean) —

  Specifies whether IAM user passwords must contain at least one numeric character (0 to 9).

  If you do not specify a value for this parameter, then the operation uses the default value of ‘false`. The result is that passwords do not require at least one numeric character.

• :require_uppercase_characters (Boolean) —

  Specifies whether IAM user passwords must contain at least one uppercase character from the ISO basic Latin alphabet (A to Z).

  If you do not specify a value for this parameter, then the operation uses the default value of ‘false`. The result is that passwords do not require at least one uppercase character.

• :require_lowercase_characters (Boolean) —

  Specifies whether IAM user passwords must contain at least one lowercase character from the ISO basic Latin alphabet (a to z).

  If you do not specify a value for this parameter, then the operation uses the default value of ‘false`. The result is that passwords do not require at least one lowercase character.

• :allow_users_to_change_password (Boolean) —

  Allows all IAM users in your account to use the Amazon Web Services Management Console to change their own passwords. For more information, see [Permitting IAM users to change their own passwords] in the *IAM User Guide*.

  If you do not specify a value for this parameter, then the operation uses the default value of ‘false`. The result is that IAM users in the account do not automatically have permissions to change their own password.

  [1]: docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_enable-user-change.html

• :max_password_age (Integer) —

  The number of days that an IAM user password is valid.

  If you do not specify a value for this parameter, then the operation uses the default value of ‘0`. The result is that IAM user passwords never expire.

• :password_reuse_prevention (Integer) —

  Specifies the number of previous passwords that IAM users are prevented from reusing.

  If you do not specify a value for this parameter, then the operation uses the default value of ‘0`. The result is that IAM users are not prevented from reusing previous passwords.

• :hard_expiry (Boolean) —

  Prevents IAM users who are accessing the account via the Amazon Web Services Management Console from setting a new console password after their password has expired. The IAM user cannot access the console until an administrator resets the password.

  If you do not specify a value for this parameter, then the operation uses the default value of ‘false`. The result is that IAM users can change their passwords after they expire and continue to sign in as the user.

  <note markdown=“1”> In the Amazon Web Services Management Console, the custom password policy option **Allow users to change their own password** gives IAM users permissions to ‘iam:ChangePassword` for only their user and to the `iam:GetAccountPasswordPolicy` action. This option does not attach a permissions policy to each user, rather the permissions are applied at the account-level for all users by IAM. IAM users with `iam:ChangePassword` permission and active access keys can reset their own expired console password using the CLI or API.

  </note>
  

Returns:

• (EmptyStructure)

# File 'lib/aws-sdk-iam/account_password_policy.rb', line 353

def update(options = {})
  resp = Aws::Plugins::UserAgent.feature('resource') do
    @client.update_account_password_policy(options)
  end
  resp.data
end

#wait_until(options = {}) {|resource| ... } ⇒ Resource

Deprecated.

Use [Aws::IAM::Client] #wait_until instead

Note:

The waiting operation is performed on a copy. The original resource remains unchanged.

Waiter polls an API operation until a resource enters a desired state.

## Basic Usage

Waiter will polls until it is successful, it fails by entering a terminal state, or until a maximum number of attempts are made.

# polls in a loop until condition is true
resource.wait_until(options) {|resource| condition}

## Example

instance.wait_until(max_attempts:10, delay:5) do |instance|
  instance.state.name == 'running'
end

## Configuration

You can configure the maximum number of polling attempts, and the delay (in seconds) between each polling attempt. The waiting condition is set by passing a block to #wait_until:

# poll for ~25 seconds
resource.wait_until(max_attempts:5,delay:5) {|resource|...}

## Callbacks

You can be notified before each polling attempt and before each delay. If you throw ‘:success` or `:failure` from these callbacks, it will terminate the waiter.

started_at = Time.now
# poll for 1 hour, instead of a number of attempts
proc = Proc.new do |attempts, response|
  throw :failure if Time.now - started_at > 3600
end

  # disable max attempts
instance.wait_until(before_wait:proc, max_attempts:nil) {...}

## Handling Errors

When a waiter is successful, it returns the Resource. When a waiter fails, it raises an error.

begin
  resource.wait_until(...)
rescue Aws::Waiters::Errors::WaiterFailed
  # resource did not enter the desired state in time
end

attempts attempt in seconds invoked before each attempt invoked before each wait

Parameters:

• options (Hash) (defaults to: {}) —

  a customizable set of options

Options Hash (options):

• :max_attempts (Integer) — default: 10 —

  Maximum number of

• :delay (Integer) — default: 10 —

  Delay between each

• :before_attempt (Proc) — default: nil —

  Callback

• :before_wait (Proc) — default: nil —

  Callback

Yield Parameters:

• resource (Resource) —

  to be used in the waiting condition.

Returns:

• (Resource) —

  if the waiter was successful

Raises:

• (Aws::Waiters::Errors::FailureStateError) —

  Raised when the waiter terminates because the waiter has entered a state that it will not transition out of, preventing success.

  yet successful.

• (Aws::Waiters::Errors::UnexpectedError) —

  Raised when an error is encountered while polling for a resource that is not expected.

• (NotImplementedError) —

  Raised when the resource does not

# File 'lib/aws-sdk-iam/account_password_policy.rb', line 222

def wait_until(options = {}, &block)
  self_copy = self.dup
  attempts = 0
  options[:max_attempts] = 10 unless options.key?(:max_attempts)
  options[:delay] ||= 10
  options[:poller] = Proc.new do
    attempts += 1
    if block.call(self_copy)
      [:success, self_copy]
    else
      self_copy.reload unless attempts == options[:max_attempts]
      :retry
    end
  end
  Aws::Plugins::UserAgent.feature('resource') do
    Aws::Waiters::Waiter.new(options).wait({})
  end
end