String userName
The name of the IAM user that the access key is associated with.
String accessKeyId
The ID for this access key.
String status
The status of the access key. Active means the key is valid
for API calls, while Inactive means it is not.
String secretAccessKey
The secret key used to sign requests.
Date createDate
The date when the access key was created.
Date lastUsedDate
The date and time, in ISO 8601 date-time format, when the access key was most recently used. This field is null when:
The user does not have an access key.
An access key exists but has never been used, at least not since IAM started tracking this information on April 22nd, 2015.
There is no sign-in data associated with the user
String serviceName
The name of the AWS service with which this access key was most recently used. This field is null when:
The user does not have an access key.
An access key exists but has never been used, at least not since IAM started tracking this information on April 22nd, 2015.
There is no sign-in data associated with the user
String region
The AWS region where this access key was most recently used. This field is null when:
The user does not have an access key.
An access key exists but has never been used, at least not since IAM started tracking this information on April 22nd, 2015.
There is no sign-in data associated with the user
For more information about AWS regions, see Regions and Endpoints in the Amazon Web Services General Reference.
String userName
The name of the IAM user that the key is associated with.
String accessKeyId
The ID for this access key.
String status
The status of the access key. Active means the key is valid
for API calls; Inactive means it is not.
Date createDate
The date when the access key was created.
String openIDConnectProviderArn
The Amazon Resource Name (ARN) of the IAM OpenID Connect (OIDC) provider to add the client ID to. You can get a list of OIDC provider ARNs by using the ListOpenIDConnectProviders action.
String clientID
The client ID (also known as audience) to add to the IAM OpenID Connect provider.
String contextKeyName
The full name of a condition context key, including the service prefix.
For example, aws:SourceIp or s3:VersionId.
com.amazonaws.internal.SdkInternalList<T> contextKeyValues
The value (or values, if the condition context key supports multiple
values) to provide to the simulation for use when the key is referenced
by a Condition element in an input policy.
String contextKeyType
The data type of the value (or values) specified in the
ContextKeyValues parameter.
String userName
The user name that the new key will belong to.
AccessKey accessKey
Information about the access key.
String accountAlias
The account alias to create.
String path
The path to the group. For more information about paths, see IAM Identifiers in the Using IAM guide.
This parameter is optional. If it is not included, it defaults to a slash (/).
String groupName
The name of the group to create. Do not include the path in this value.
Group group
Information about the group.
String instanceProfileName
The name of the instance profile to create.
String path
The path to the instance profile. For more information about paths, see IAM Identifiers in the Using IAM guide.
This parameter is optional. If it is not included, it defaults to a slash (/).
InstanceProfile instanceProfile
Information about the instance profile.
LoginProfile loginProfile
The user name and password create date.
String url
The URL of the identity provider. The URL must begin with "https://" and
should correspond to the iss claim in the provider's OpenID
Connect ID tokens. Per the OIDC standard, path components are allowed but
query parameters are not. Typically the URL consists of only a host name,
like "https://server.example.org" or "https://example.com".
You cannot register the same provider multiple times in a single AWS account. If you try to submit a URL that has already been used for an OpenID Connect provider in the AWS account, you will get an error.
com.amazonaws.internal.SdkInternalList<T> clientIDList
A list of client IDs (also known as audiences). When a mobile or web app
registers with an OpenID Connect provider, they establish a value that
identifies the application. (This is the value that's sent as the
client_id parameter on OAuth requests.)
You can register multiple client IDs with the same provider. For example, you might have multiple applications that use the same OIDC provider. You cannot register more than 100 client IDs with a single IAM OIDC provider.
There is no defined format for a client ID. The
CreateOpenIDConnectProviderRequest action accepts client IDs
up to 255 characters long.
com.amazonaws.internal.SdkInternalList<T> thumbprintList
A list of server certificate thumbprints for the OpenID Connect (OIDC) identity provider's server certificate(s). Typically this list includes only one entry. However, IAM lets you have up to five thumbprints for an OIDC provider. This lets you maintain multiple thumbprints if the identity provider is rotating certificates.
The server certificate thumbprint is the hex-encoded SHA-1 hash value of the X.509 certificate used by the domain where the OpenID Connect provider makes its keys available. It is always a 40-character string.
You must provide at least one thumbprint when creating an IAM OIDC
provider. For example, if the OIDC provider is
server.example.com and the provider stores its keys at
"https://keys.server.example.com/openid-connect", the thumbprint string
would be the hex-encoded SHA-1 hash value of the certificate used by
https://keys.server.example.com.
For more information about obtaining the OIDC provider's thumbprint, see Obtaining the Thumbprint for an OpenID Connect Provider in the IAM User Guide.
String openIDConnectProviderArn
The Amazon Resource Name (ARN) of the IAM OpenID Connect provider that was created. For more information, see OpenIDConnectProviderListEntry.
String policyName
The name of the policy document.
String path
The path for the policy.
For more information about paths, see IAM Identifiers in the IAM User Guide.
This parameter is optional. If it is not included, it defaults to a slash (/).
String policyDocument
The policy document.
String description
A friendly description of the policy.
Typically used to store information about the permissions defined in the policy. For example, "Grants access to production DynamoDB tables."
The policy description is immutable. After a value is assigned, it cannot be changed.
Policy policy
Information about the policy.
String policyArn
String policyDocument
The policy document.
Boolean setAsDefault
Specifies whether to set this version as the policy's default version.
When this parameter is true, the new policy version becomes
the operative version; that is, the version that is in effect for the IAM
users, groups, and roles that the policy is attached to.
For more information about managed policy versions, see Versioning for Managed Policies in the IAM User Guide.
PolicyVersion policyVersion
Information about the policy version.
String path
The path to the role. For more information about paths, see IAM Identifiers in the Using IAM guide.
This parameter is optional. If it is not included, it defaults to a slash (/).
String roleName
The name of the role to create.
String assumeRolePolicyDocument
The trust relationship policy document that grants an entity permission to assume the role.
Role role
Information about the role.
String sAMLMetadataDocument
An XML document generated by an identity provider (IdP) that supports SAML 2.0. The document includes the issuer's name, expiration information, and keys that can be used to validate the SAML authentication response (assertions) that are received from the IdP. You must generate the metadata document using the identity management software that is used as your organization's IdP.
For more information, see About SAML 2.0-based Federation in the IAM User Guide
String name
The name of the provider to create.
String sAMLProviderArn
The Amazon Resource Name (ARN) of the SAML provider.
String path
The path for the user name. For more information about paths, see IAM Identifiers in the Using IAM guide.
This parameter is optional. If it is not included, it defaults to a slash (/).
String userName
The name of the user to create.
User user
Information about the user.
String path
The path for the virtual MFA device. For more information about paths, see IAM Identifiers in the Using IAM guide.
This parameter is optional. If it is not included, it defaults to a slash (/).
String virtualMFADeviceName
The name of the virtual MFA device. Use with path to uniquely identify a virtual MFA device.
VirtualMFADevice virtualMFADevice
A newly created virtual MFA device.
String accountAlias
The name of the account alias to delete.
String groupName
The name of the group to delete.
String instanceProfileName
The name of the instance profile to delete.
String userName
The name of the user whose password you want to delete.
String openIDConnectProviderArn
The Amazon Resource Name (ARN) of the IAM OpenID Connect provider to delete. You can get a list of OpenID Connect provider ARNs by using the ListOpenIDConnectProviders action.
String policyArn
String policyArn
String versionId
The policy version to delete.
For more information about managed policy versions, see Versioning for Managed Policies in the IAM User Guide.
String roleName
The name of the role to delete.
String sAMLProviderArn
The Amazon Resource Name (ARN) of the SAML provider to delete.
String serverCertificateName
The name of the server certificate you want to delete.
String userName
The name of the user to delete.
String serialNumber
The serial number that uniquely identifies the MFA device. For virtual MFA devices, the serial number is the same as the ARN.
String userName
The name of the user for whom you want to enable the MFA device.
String serialNumber
The serial number that uniquely identifies the MFA device. For virtual MFA devices, the serial number is the device ARN.
String authenticationCode1
An authentication code emitted by the device.
String authenticationCode2
A subsequent authentication code emitted by the device.
String evalActionName
The name of the API action tested on the indicated resource.
String evalResourceName
The ARN of the resource that the indicated API action was tested on.
String evalDecision
The result of the simulation.
com.amazonaws.internal.SdkInternalList<T> matchedStatements
A list of the statements in the input policies that determine the result for this scenario. Remember that even if multiple statements allow the action on the resource, if only one statement denies that action, then the explicit deny overrides any allow, and the deny statement is the only entry included in the result.
com.amazonaws.internal.SdkInternalList<T> missingContextValues
A list of context keys that are required by the included input policies but that were not provided by one of the input parameters. To discover the context keys used by a set of policies, you can call GetContextKeysForCustomPolicy or GetContextKeysForPrincipalPolicy.
If the response includes any keys in this list, then the reported results might be untrustworthy because the simulation could not completely evaluate all of the conditions specified in the policies that would occur in a real world request.
com.amazonaws.internal.SdkInternalMap<K,V> evalDecisionDetails
Additional details about the results of the evaluation decision. When there are both IAM policies and resource policies, this parameter explains how each set of policies contributes to the final evaluation decision. When simulating cross-account access to a resource, both the resource-based policy and the caller's IAM policy must grant access. See How IAM Roles Differ from Resource-based Policies
com.amazonaws.internal.SdkInternalList<T> resourceSpecificResults
The individual results of the simulation of the API action specified in EvalActionName on each resource.
String accessKeyId
The identifier of an access key.
String userName
The name of the AWS IAM user that owns this access key.
AccessKeyLastUsed accessKeyLastUsed
Contains information about the last time the access key was used.
com.amazonaws.internal.SdkInternalList<T> filter
A list of entity types (user, group, role, local managed policy, or AWS managed policy) for filtering the results.
Integer maxItems
Use this only when paginating results to indicate the maximum number of
items you want in the response. If additional items exist beyond the
maximum you specify, the IsTruncated response element is
true.
This parameter is optional. If you do not include it, it defaults to 100.
Note that IAM might return fewer results, even when there are more
results available. In that case, the IsTruncated response
element returns true and Marker contains a
value to include in the subsequent call that tells the service where to
continue from.
String marker
Use this parameter only when paginating results and only after you
receive a response indicating that the results are truncated. Set it to
the value of the Marker element in the response that you
received to indicate where the next call should start.
com.amazonaws.internal.SdkInternalList<T> userDetailList
A list containing information about IAM users.
com.amazonaws.internal.SdkInternalList<T> groupDetailList
A list containing information about IAM groups.
com.amazonaws.internal.SdkInternalList<T> roleDetailList
A list containing information about IAM roles.
com.amazonaws.internal.SdkInternalList<T> policies
A list containing information about managed policies.
Boolean isTruncated
A flag that indicates whether there are more items to return. If your
results were truncated, you can make a subsequent pagination request
using the Marker request parameter to retrieve more items.
Note that IAM might return fewer than the MaxItems number of
results even when there are more results available. We recommend that you
check IsTruncated after every call to ensure that you
receive all of your results.
String marker
When IsTruncated is true, this element is
present and contains the value to use for the Marker
parameter in a subsequent pagination request.
PasswordPolicy passwordPolicy
com.amazonaws.internal.SdkInternalMap<K,V> summaryMap
A set of key value pairs containing information about IAM entity usage and IAM quotas.
SummaryMap contains the following keys:
AccessKeysPerUserQuota
The maximum number of active access keys allowed for each IAM user.
AccountAccessKeysPresent
This value is 1 if the AWS account (root) has an access key, otherwise it is 0.
AccountMFAEnabled
This value is 1 if the AWS account (root) has an MFA device assigned, otherwise it is 0.
AccountSigningCertificatesPresent
This value is 1 if the AWS account (root) has a signing certificate, otherwise it is 0.
AssumeRolePolicySizeQuota
The maximum allowed size for assume role policy documents (trust policies), in non-whitespace characters.
AttachedPoliciesPerGroupQuota
The maximum number of managed policies that can be attached to an IAM group.
AttachedPoliciesPerRoleQuota
The maximum number of managed policies that can be attached to an IAM role.
AttachedPoliciesPerUserQuota
The maximum number of managed policies that can be attached to an IAM user.
GroupPolicySizeQuota
The maximum allowed size for the aggregate of all inline policies embedded in an IAM group, in non-whitespace characters.
Groups
The number of IAM groups in the AWS account.
GroupsPerUserQuota
The maximum number of IAM groups each IAM user can belong to.
GroupsQuota
The maximum number of IAM groups allowed in the AWS account.
InstanceProfiles
The number of instance profiles in the AWS account.
InstanceProfilesQuota
The maximum number of instance profiles allowed in the AWS account.
MFADevices
The number of MFA devices in the AWS account, including those assigned and unassigned.
MFADevicesInUse
The number of MFA devices that have been assigned to an IAM user or to the AWS account (root).
Policies
The number of customer managed policies in the AWS account.
PoliciesQuota
The maximum number of customer managed policies allowed in the AWS account.
PolicySizeQuota
The maximum allowed size of a customer managed policy, in non-whitespace characters.
PolicyVersionsInUse
The number of managed policies that are attached to IAM users, groups, or roles in the AWS account.
PolicyVersionsInUseQuota
The maximum number of managed policies that can be attached to IAM users, groups, or roles in the AWS account.
Providers
The number of identity providers in the AWS account.
RolePolicySizeQuota
The maximum allowed size for the aggregate of all inline policies (access policies, not the trust policy) embedded in an IAM role, in non-whitespace characters.
Roles
The number of IAM roles in the AWS account.
RolesQuota
The maximum number of IAM roles allowed in the AWS account.
ServerCertificates
The number of server certificates in the AWS account.
ServerCertificatesQuota
The maximum number of server certificates allowed in the AWS account.
SigningCertificatesPerUserQuota
The maximum number of X.509 signing certificates allowed for each IAM user.
UserPolicySizeQuota
The maximum allowed size for the aggregate of all inline policies embedded in an IAM user, in non-whitespace characters.
Users
The number of IAM users in the AWS account.
UsersQuota
The maximum number of IAM users allowed in the AWS account.
VersionsPerPolicyQuota
The maximum number of policy versions allowed for each managed policy.
com.amazonaws.internal.SdkInternalList<T> policyInputList
A list of policies for which you want list of context keys used in
Condition elements. Each document is specified as a string
containing the complete, valid JSON text of an IAM policy.
com.amazonaws.internal.SdkInternalList<T> contextKeyNames
The list of context keys that are used in the Condition
elements of the input policies.
String policySourceArn
The ARN of a user, group, or role whose policies contain the context keys that you want listed. If you specify a user, the list includes context keys that are found in all policies attached to the user as well as to all groups that the user is a member of. If you pick a group or a role, then it includes only those context keys that are found in policies attached to that entity. Note that all parameters are shown in unencoded form here for clarity, but must be URL encoded to be included as a part of a real HTML request.
com.amazonaws.internal.SdkInternalList<T> policyInputList
A optional list of additional policies for which you want list of context
keys used in Condition elements.
com.amazonaws.internal.SdkInternalList<T> contextKeyNames
The list of context keys that are used in the Condition
elements of the input policies.
ByteBuffer content
Contains the credential report. The report is Base64-encoded.
String reportFormat
The format (MIME type) of the credential report.
Date generatedTime
The date and time when the credential report was created, in ISO 8601 date-time format.
String groupName
The name of the group.
String marker
Use this parameter only when paginating results and only after you
receive a response indicating that the results are truncated. Set it to
the value of the Marker element in the response that you
received to indicate where the next call should start.
Integer maxItems
Use this only when paginating results to indicate the maximum number of
items you want in the response. If additional items exist beyond the
maximum you specify, the IsTruncated response element is
true.
This parameter is optional. If you do not include it, it defaults to 100.
Note that IAM might return fewer results, even when there are more
results available. In that case, the IsTruncated response
element returns true and Marker contains a
value to include in the subsequent call that tells the service where to
continue from.
Group group
Information about the group.
com.amazonaws.internal.SdkInternalList<T> users
A list of users in the group.
Boolean isTruncated
A flag that indicates whether there are more items to return. If your
results were truncated, you can make a subsequent pagination request
using the Marker request parameter to retrieve more items.
Note that IAM might return fewer than the MaxItems number of
results even when there are more results available. We recommend that you
check IsTruncated after every call to ensure that you
receive all of your results.
String marker
When IsTruncated is true, this element is
present and contains the value to use for the Marker
parameter in a subsequent pagination request.
String instanceProfileName
The name of the instance profile to get information about.
InstanceProfile instanceProfile
Information about the instance profile.
String userName
The name of the user whose login profile you want to retrieve.
LoginProfile loginProfile
The user name and password create date for the user.
String openIDConnectProviderArn
The Amazon Resource Name (ARN) of the IAM OpenID Connect (OIDC) provider to get information for. You can get a list of OIDC provider ARNs by using the ListOpenIDConnectProviders action.
String url
The URL that the IAM OpenID Connect provider is associated with. For more information, see CreateOpenIDConnectProvider.
com.amazonaws.internal.SdkInternalList<T> clientIDList
A list of client IDs (also known as audiences) that are associated with the specified IAM OpenID Connect provider. For more information, see CreateOpenIDConnectProvider.
com.amazonaws.internal.SdkInternalList<T> thumbprintList
A list of certificate thumbprints that are associated with the specified IAM OpenID Connect provider. For more information, see CreateOpenIDConnectProvider.
Date createDate
The date and time when the IAM OpenID Connect provider entity was created in the AWS account.
String policyArn
Policy policy
Information about the policy.
PolicyVersion policyVersion
Information about the policy version.
For more information about managed policy versions, see Versioning for Managed Policies in the IAM User Guide.
String roleName
The name of the role to get information about.
Role role
Information about the role.
String sAMLProviderArn
The Amazon Resource Name (ARN) of the SAML provider to get information about.
String serverCertificateName
The name of the server certificate you want to retrieve information about.
ServerCertificate serverCertificate
Information about the server certificate.
String userName
The name of the IAM user associated with the SSH public key.
String sSHPublicKeyId
The unique identifier for the SSH public key.
String encoding
Specifies the public key encoding format to use in the response. To
retrieve the public key in ssh-rsa format, use SSH. To
retrieve the public key in PEM format, use PEM.
SSHPublicKey sSHPublicKey
Information about the SSH public key.
String userName
The name of the user to get information about.
This parameter is optional. If it is not included, it defaults to the user making the request.
User user
Information about the user.
String path
The path to the group. For more information about paths, see IAM Identifiers in the Using IAM guide.
String groupName
The friendly name that identifies the group.
String groupId
The stable and unique string identifying the group. For more information about IDs, see IAM Identifiers in the Using IAM guide.
String arn
The Amazon Resource Name (ARN) specifying the group. For more information about ARNs and how to use them in policies, see IAM Identifiers in the Using IAM guide.
Date createDate
The date and time, in ISO 8601 date-time format, when the group was created.
String path
The path to the group. For more information about paths, see IAM Identifiers in the Using IAM guide.
String groupName
The friendly name that identifies the group.
String groupId
The stable and unique string identifying the group. For more information about IDs, see IAM Identifiers in the Using IAM guide.
String arn
Date createDate
The date and time, in ISO 8601 date-time format, when the group was created.
com.amazonaws.internal.SdkInternalList<T> groupPolicyList
A list of the inline policies embedded in the group.
com.amazonaws.internal.SdkInternalList<T> attachedManagedPolicies
A list of the managed policies attached to the group.
String path
The path to the instance profile. For more information about paths, see IAM Identifiers in the Using IAM guide.
String instanceProfileName
The name identifying the instance profile.
String instanceProfileId
The stable and unique string identifying the instance profile. For more information about IDs, see IAM Identifiers in the Using IAM guide.
String arn
The Amazon Resource Name (ARN) specifying the instance profile. For more information about ARNs and how to use them in policies, see IAM Identifiers in the Using IAM guide.
Date createDate
The date when the instance profile was created.
com.amazonaws.internal.SdkInternalList<T> roles
The role associated with the instance profile.
String userName
The name of the user.
String marker
Use this parameter only when paginating results and only after you
receive a response indicating that the results are truncated. Set it to
the value of the Marker element in the response that you
received to indicate where the next call should start.
Integer maxItems
Use this only when paginating results to indicate the maximum number of
items you want in the response. If additional items exist beyond the
maximum you specify, the IsTruncated response element is
true.
This parameter is optional. If you do not include it, it defaults to 100.
Note that IAM might return fewer results, even when there are more
results available. In that case, the IsTruncated response
element returns true and Marker contains a
value to include in the subsequent call that tells the service where to
continue from.
com.amazonaws.internal.SdkInternalList<T> accessKeyMetadata
A list of access key metadata.
Boolean isTruncated
A flag that indicates whether there are more items to return. If your
results were truncated, you can make a subsequent pagination request
using the Marker request parameter to retrieve more items.
Note that IAM might return fewer than the MaxItems number of
results even when there are more results available. We recommend that you
check IsTruncated after every call to ensure that you
receive all of your results.
String marker
When IsTruncated is true, this element is
present and contains the value to use for the Marker
parameter in a subsequent pagination request.
String marker
Use this parameter only when paginating results and only after you
receive a response indicating that the results are truncated. Set it to
the value of the Marker element in the response that you
received to indicate where the next call should start.
Integer maxItems
Use this only when paginating results to indicate the maximum number of
items you want in the response. If additional items exist beyond the
maximum you specify, the IsTruncated response element is
true.
This parameter is optional. If you do not include it, it defaults to 100.
Note that IAM might return fewer results, even when there are more
results available. In that case, the IsTruncated response
element returns true and Marker contains a
value to include in the subsequent call that tells the service where to
continue from.
com.amazonaws.internal.SdkInternalList<T> accountAliases
A list of aliases associated with the account. AWS supports only one alias per account.
Boolean isTruncated
A flag that indicates whether there are more items to return. If your
results were truncated, you can make a subsequent pagination request
using the Marker request parameter to retrieve more items.
Note that IAM might return fewer than the MaxItems number of
results even when there are more results available. We recommend that you
check IsTruncated after every call to ensure that you
receive all of your results.
String marker
When IsTruncated is true, this element is
present and contains the value to use for the Marker
parameter in a subsequent pagination request.
String groupName
The name (friendly name, not ARN) of the group to list attached policies for.
String pathPrefix
The path prefix for filtering the results. This parameter is optional. If it is not included, it defaults to a slash (/), listing all policies.
String marker
Use this parameter only when paginating results and only after you
receive a response indicating that the results are truncated. Set it to
the value of the Marker element in the response that you
received to indicate where the next call should start.
Integer maxItems
Use this only when paginating results to indicate the maximum number of
items you want in the response. If additional items exist beyond the
maximum you specify, the IsTruncated response element is
true.
This parameter is optional. If you do not include it, it defaults to 100.
Note that IAM might return fewer results, even when there are more
results available. In that case, the IsTruncated response
element returns true and Marker contains a
value to include in the subsequent call that tells the service where to
continue from.
com.amazonaws.internal.SdkInternalList<T> attachedPolicies
A list of the attached policies.
Boolean isTruncated
A flag that indicates whether there are more items to return. If your
results were truncated, you can make a subsequent pagination request
using the Marker request parameter to retrieve more items.
Note that IAM might return fewer than the MaxItems number of
results even when there are more results available. We recommend that you
check IsTruncated after every call to ensure that you
receive all of your results.
String marker
When IsTruncated is true, this element is
present and contains the value to use for the Marker
parameter in a subsequent pagination request.
String roleName
The name (friendly name, not ARN) of the role to list attached policies for.
String pathPrefix
The path prefix for filtering the results. This parameter is optional. If it is not included, it defaults to a slash (/), listing all policies.
String marker
Use this parameter only when paginating results and only after you
receive a response indicating that the results are truncated. Set it to
the value of the Marker element in the response that you
received to indicate where the next call should start.
Integer maxItems
Use this only when paginating results to indicate the maximum number of
items you want in the response. If additional items exist beyond the
maximum you specify, the IsTruncated response element is
true.
This parameter is optional. If you do not include it, it defaults to 100.
Note that IAM might return fewer results, even when there are more
results available. In that case, the IsTruncated response
element returns true and Marker contains a
value to include in the subsequent call that tells the service where to
continue from.
com.amazonaws.internal.SdkInternalList<T> attachedPolicies
A list of the attached policies.
Boolean isTruncated
A flag that indicates whether there are more items to return. If your
results were truncated, you can make a subsequent pagination request
using the Marker request parameter to retrieve more items.
Note that IAM might return fewer than the MaxItems number of
results even when there are more results available. We recommend that you
check IsTruncated after every call to ensure that you
receive all of your results.
String marker
When IsTruncated is true, this element is
present and contains the value to use for the Marker
parameter in a subsequent pagination request.
String userName
The name (friendly name, not ARN) of the user to list attached policies for.
String pathPrefix
The path prefix for filtering the results. This parameter is optional. If it is not included, it defaults to a slash (/), listing all policies.
String marker
Use this parameter only when paginating results and only after you
receive a response indicating that the results are truncated. Set it to
the value of the Marker element in the response that you
received to indicate where the next call should start.
Integer maxItems
Use this only when paginating results to indicate the maximum number of
items you want in the response. If additional items exist beyond the
maximum you specify, the IsTruncated response element is
true.
This parameter is optional. If you do not include it, it defaults to 100.
Note that IAM might return fewer results, even when there are more
results available. In that case, the IsTruncated response
element returns true and Marker contains a
value to include in the subsequent call that tells the service where to
continue from.
com.amazonaws.internal.SdkInternalList<T> attachedPolicies
A list of the attached policies.
Boolean isTruncated
A flag that indicates whether there are more items to return. If your
results were truncated, you can make a subsequent pagination request
using the Marker request parameter to retrieve more items.
Note that IAM might return fewer than the MaxItems number of
results even when there are more results available. We recommend that you
check IsTruncated after every call to ensure that you
receive all of your results.
String marker
When IsTruncated is true, this element is
present and contains the value to use for the Marker
parameter in a subsequent pagination request.
String policyArn
String entityFilter
The entity type to use for filtering the results.
For example, when EntityFilter is Role, only
the roles that are attached to the specified policy are returned. This
parameter is optional. If it is not included, all attached entities
(users, groups, and roles) are returned.
String pathPrefix
The path prefix for filtering the results. This parameter is optional. If it is not included, it defaults to a slash (/), listing all entities.
String marker
Use this parameter only when paginating results and only after you
receive a response indicating that the results are truncated. Set it to
the value of the Marker element in the response that you
received to indicate where the next call should start.
Integer maxItems
Use this only when paginating results to indicate the maximum number of
items you want in the response. If additional items exist beyond the
maximum you specify, the IsTruncated response element is
true.
This parameter is optional. If you do not include it, it defaults to 100.
Note that IAM might return fewer results, even when there are more
results available. In that case, the IsTruncated response
element returns true and Marker contains a
value to include in the subsequent call that tells the service where to
continue from.
com.amazonaws.internal.SdkInternalList<T> policyGroups
A list of groups that the policy is attached to.
com.amazonaws.internal.SdkInternalList<T> policyUsers
A list of users that the policy is attached to.
com.amazonaws.internal.SdkInternalList<T> policyRoles
A list of roles that the policy is attached to.
Boolean isTruncated
A flag that indicates whether there are more items to return. If your
results were truncated, you can make a subsequent pagination request
using the Marker request parameter to retrieve more items.
Note that IAM might return fewer than the MaxItems number of
results even when there are more results available. We recommend that you
check IsTruncated after every call to ensure that you
receive all of your results.
String marker
When IsTruncated is true, this element is
present and contains the value to use for the Marker
parameter in a subsequent pagination request.
String groupName
The name of the group to list policies for.
String marker
Use this parameter only when paginating results and only after you
receive a response indicating that the results are truncated. Set it to
the value of the Marker element in the response that you
received to indicate where the next call should start.
Integer maxItems
Use this only when paginating results to indicate the maximum number of
items you want in the response. If additional items exist beyond the
maximum you specify, the IsTruncated response element is
true.
This parameter is optional. If you do not include it, it defaults to 100.
Note that IAM might return fewer results, even when there are more
results available. In that case, the IsTruncated response
element returns true and Marker contains a
value to include in the subsequent call that tells the service where to
continue from.
com.amazonaws.internal.SdkInternalList<T> policyNames
A list of policy names.
Boolean isTruncated
A flag that indicates whether there are more items to return. If your
results were truncated, you can make a subsequent pagination request
using the Marker request parameter to retrieve more items.
Note that IAM might return fewer than the MaxItems number of
results even when there are more results available. We recommend that you
check IsTruncated after every call to ensure that you
receive all of your results.
String marker
When IsTruncated is true, this element is
present and contains the value to use for the Marker
parameter in a subsequent pagination request.
String userName
The name of the user to list groups for.
String marker
Use this parameter only when paginating results and only after you
receive a response indicating that the results are truncated. Set it to
the value of the Marker element in the response that you
received to indicate where the next call should start.
Integer maxItems
Use this only when paginating results to indicate the maximum number of
items you want in the response. If additional items exist beyond the
maximum you specify, the IsTruncated response element is
true.
This parameter is optional. If you do not include it, it defaults to 100.
Note that IAM might return fewer results, even when there are more
results available. In that case, the IsTruncated response
element returns true and Marker contains a
value to include in the subsequent call that tells the service where to
continue from.
com.amazonaws.internal.SdkInternalList<T> groups
A list of groups.
Boolean isTruncated
A flag that indicates whether there are more items to return. If your
results were truncated, you can make a subsequent pagination request
using the Marker request parameter to retrieve more items.
Note that IAM might return fewer than the MaxItems number of
results even when there are more results available. We recommend that you
check IsTruncated after every call to ensure that you
receive all of your results.
String marker
When IsTruncated is true, this element is
present and contains the value to use for the Marker
parameter in a subsequent pagination request.
String pathPrefix
The path prefix for filtering the results. For example, the prefix
/division_abc/subdivision_xyz/ gets all groups whose path
starts with /division_abc/subdivision_xyz/.
This parameter is optional. If it is not included, it defaults to a slash (/), listing all groups.
String marker
Use this parameter only when paginating results and only after you
receive a response indicating that the results are truncated. Set it to
the value of the Marker element in the response that you
received to indicate where the next call should start.
Integer maxItems
Use this only when paginating results to indicate the maximum number of
items you want in the response. If additional items exist beyond the
maximum you specify, the IsTruncated response element is
true.
This parameter is optional. If you do not include it, it defaults to 100.
Note that IAM might return fewer results, even when there are more
results available. In that case, the IsTruncated response
element returns true and Marker contains a
value to include in the subsequent call that tells the service where to
continue from.
com.amazonaws.internal.SdkInternalList<T> groups
A list of groups.
Boolean isTruncated
A flag that indicates whether there are more items to return. If your
results were truncated, you can make a subsequent pagination request
using the Marker request parameter to retrieve more items.
Note that IAM might return fewer than the MaxItems number of
results even when there are more results available. We recommend that you
check IsTruncated after every call to ensure that you
receive all of your results.
String marker
When IsTruncated is true, this element is
present and contains the value to use for the Marker
parameter in a subsequent pagination request.
String roleName
The name of the role to list instance profiles for.
String marker
Use this parameter only when paginating results and only after you
receive a response indicating that the results are truncated. Set it to
the value of the Marker element in the response that you
received to indicate where the next call should start.
Integer maxItems
Use this only when paginating results to indicate the maximum number of
items you want in the response. If additional items exist beyond the
maximum you specify, the IsTruncated response element is
true.
This parameter is optional. If you do not include it, it defaults to 100.
Note that IAM might return fewer results, even when there are more
results available. In that case, the IsTruncated response
element returns true and Marker contains a
value to include in the subsequent call that tells the service where to
continue from.
com.amazonaws.internal.SdkInternalList<T> instanceProfiles
A list of instance profiles.
Boolean isTruncated
A flag that indicates whether there are more items to return. If your
results were truncated, you can make a subsequent pagination request
using the Marker request parameter to retrieve more items.
Note that IAM might return fewer than the MaxItems number of
results even when there are more results available. We recommend that you
check IsTruncated after every call to ensure that you
receive all of your results.
String marker
When IsTruncated is true, this element is
present and contains the value to use for the Marker
parameter in a subsequent pagination request.
String pathPrefix
The path prefix for filtering the results. For example, the prefix
/application_abc/component_xyz/ gets all instance profiles
whose path starts with /application_abc/component_xyz/.
This parameter is optional. If it is not included, it defaults to a slash (/), listing all instance profiles.
String marker
Use this parameter only when paginating results and only after you
receive a response indicating that the results are truncated. Set it to
the value of the Marker element in the response that you
received to indicate where the next call should start.
Integer maxItems
Use this only when paginating results to indicate the maximum number of
items you want in the response. If additional items exist beyond the
maximum you specify, the IsTruncated response element is
true.
This parameter is optional. If you do not include it, it defaults to 100.
Note that IAM might return fewer results, even when there are more
results available. In that case, the IsTruncated response
element returns true and Marker contains a
value to include in the subsequent call that tells the service where to
continue from.
com.amazonaws.internal.SdkInternalList<T> instanceProfiles
A list of instance profiles.
Boolean isTruncated
A flag that indicates whether there are more items to return. If your
results were truncated, you can make a subsequent pagination request
using the Marker request parameter to retrieve more items.
Note that IAM might return fewer than the MaxItems number of
results even when there are more results available. We recommend that you
check IsTruncated after every call to ensure that you
receive all of your results.
String marker
When IsTruncated is true, this element is
present and contains the value to use for the Marker
parameter in a subsequent pagination request.
String userName
The name of the user whose MFA devices you want to list.
String marker
Use this parameter only when paginating results and only after you
receive a response indicating that the results are truncated. Set it to
the value of the Marker element in the response that you
received to indicate where the next call should start.
Integer maxItems
Use this only when paginating results to indicate the maximum number of
items you want in the response. If additional items exist beyond the
maximum you specify, the IsTruncated response element is
true.
This parameter is optional. If you do not include it, it defaults to 100.
Note that IAM might return fewer results, even when there are more
results available. In that case, the IsTruncated response
element returns true and Marker contains a
value to include in the subsequent call that tells the service where to
continue from.
com.amazonaws.internal.SdkInternalList<T> mFADevices
A list of MFA devices.
Boolean isTruncated
A flag that indicates whether there are more items to return. If your
results were truncated, you can make a subsequent pagination request
using the Marker request parameter to retrieve more items.
Note that IAM might return fewer than the MaxItems number of
results even when there are more results available. We recommend that you
check IsTruncated after every call to ensure that you
receive all of your results.
String marker
When IsTruncated is true, this element is
present and contains the value to use for the Marker
parameter in a subsequent pagination request.
com.amazonaws.internal.SdkInternalList<T> openIDConnectProviderList
The list of IAM OpenID Connect providers in the AWS account.
String scope
The scope to use for filtering the results.
To list only AWS managed policies, set Scope to
AWS. To list only the customer managed policies in your AWS
account, set Scope to Local.
This parameter is optional. If it is not included, or if it is set to
All, all policies are returned.
Boolean onlyAttached
A flag to filter the results to only the attached policies.
When OnlyAttached is true, the returned list
contains only the policies that are attached to a user, group, or role.
When OnlyAttached is false, or when the
parameter is not included, all policies are returned.
String pathPrefix
The path prefix for filtering the results. This parameter is optional. If it is not included, it defaults to a slash (/), listing all policies.
String marker
Use this parameter only when paginating results and only after you
receive a response indicating that the results are truncated. Set it to
the value of the Marker element in the response that you
received to indicate where the next call should start.
Integer maxItems
Use this only when paginating results to indicate the maximum number of
items you want in the response. If additional items exist beyond the
maximum you specify, the IsTruncated response element is
true.
This parameter is optional. If you do not include it, it defaults to 100.
Note that IAM might return fewer results, even when there are more
results available. In that case, the IsTruncated response
element returns true and Marker contains a
value to include in the subsequent call that tells the service where to
continue from.
com.amazonaws.internal.SdkInternalList<T> policies
A list of policies.
Boolean isTruncated
A flag that indicates whether there are more items to return. If your
results were truncated, you can make a subsequent pagination request
using the Marker request parameter to retrieve more items.
Note that IAM might return fewer than the MaxItems number of
results even when there are more results available. We recommend that you
check IsTruncated after every call to ensure that you
receive all of your results.
String marker
When IsTruncated is true, this element is
present and contains the value to use for the Marker
parameter in a subsequent pagination request.
String policyArn
String marker
Use this parameter only when paginating results and only after you
receive a response indicating that the results are truncated. Set it to
the value of the Marker element in the response that you
received to indicate where the next call should start.
Integer maxItems
Use this only when paginating results to indicate the maximum number of
items you want in the response. If additional items exist beyond the
maximum you specify, the IsTruncated response element is
true.
This parameter is optional. If you do not include it, it defaults to 100.
Note that IAM might return fewer results, even when there are more
results available. In that case, the IsTruncated response
element returns true and Marker contains a
value to include in the subsequent call that tells the service where to
continue from.
com.amazonaws.internal.SdkInternalList<T> versions
A list of policy versions.
For more information about managed policy versions, see Versioning for Managed Policies in the IAM User Guide.
Boolean isTruncated
A flag that indicates whether there are more items to return. If your
results were truncated, you can make a subsequent pagination request
using the Marker request parameter to retrieve more items.
Note that IAM might return fewer than the MaxItems number of
results even when there are more results available. We recommend that you
check IsTruncated after every call to ensure that you
receive all of your results.
String marker
When IsTruncated is true, this element is
present and contains the value to use for the Marker
parameter in a subsequent pagination request.
String roleName
The name of the role to list policies for.
String marker
Use this parameter only when paginating results and only after you
receive a response indicating that the results are truncated. Set it to
the value of the Marker element in the response that you
received to indicate where the next call should start.
Integer maxItems
Use this only when paginating results to indicate the maximum number of
items you want in the response. If additional items exist beyond the
maximum you specify, the IsTruncated response element is
true.
This parameter is optional. If you do not include it, it defaults to 100.
Note that IAM might return fewer results, even when there are more
results available. In that case, the IsTruncated response
element returns true and Marker contains a
value to include in the subsequent call that tells the service where to
continue from.
com.amazonaws.internal.SdkInternalList<T> policyNames
A list of policy names.
Boolean isTruncated
A flag that indicates whether there are more items to return. If your
results were truncated, you can make a subsequent pagination request
using the Marker request parameter to retrieve more items.
Note that IAM might return fewer than the MaxItems number of
results even when there are more results available. We recommend that you
check IsTruncated after every call to ensure that you
receive all of your results.
String marker
When IsTruncated is true, this element is
present and contains the value to use for the Marker
parameter in a subsequent pagination request.
String pathPrefix
The path prefix for filtering the results. For example, the prefix
/application_abc/component_xyz/ gets all roles whose path
starts with /application_abc/component_xyz/.
This parameter is optional. If it is not included, it defaults to a slash (/), listing all roles.
String marker
Use this parameter only when paginating results and only after you
receive a response indicating that the results are truncated. Set it to
the value of the Marker element in the response that you
received to indicate where the next call should start.
Integer maxItems
Use this only when paginating results to indicate the maximum number of
items you want in the response. If additional items exist beyond the
maximum you specify, the IsTruncated response element is
true.
This parameter is optional. If you do not include it, it defaults to 100.
Note that IAM might return fewer results, even when there are more
results available. In that case, the IsTruncated response
element returns true and Marker contains a
value to include in the subsequent call that tells the service where to
continue from.
com.amazonaws.internal.SdkInternalList<T> roles
A list of roles.
Boolean isTruncated
A flag that indicates whether there are more items to return. If your
results were truncated, you can make a subsequent pagination request
using the Marker request parameter to retrieve more items.
Note that IAM might return fewer than the MaxItems number of
results even when there are more results available. We recommend that you
check IsTruncated after every call to ensure that you
receive all of your results.
String marker
When IsTruncated is true, this element is
present and contains the value to use for the Marker
parameter in a subsequent pagination request.
com.amazonaws.internal.SdkInternalList<T> sAMLProviderList
The list of SAML providers for this account.
String pathPrefix
The path prefix for filtering the results. For example:
/company/servercerts would get all server certificates for
which the path starts with /company/servercerts.
This parameter is optional. If it is not included, it defaults to a slash (/), listing all server certificates.
String marker
Use this parameter only when paginating results and only after you
receive a response indicating that the results are truncated. Set it to
the value of the Marker element in the response that you
received to indicate where the next call should start.
Integer maxItems
Use this only when paginating results to indicate the maximum number of
items you want in the response. If additional items exist beyond the
maximum you specify, the IsTruncated response element is
true.
This parameter is optional. If you do not include it, it defaults to 100.
Note that IAM might return fewer results, even when there are more
results available. In that case, the IsTruncated response
element returns true and Marker contains a
value to include in the subsequent call that tells the service where to
continue from.
com.amazonaws.internal.SdkInternalList<T> serverCertificateMetadataList
A list of server certificates.
Boolean isTruncated
A flag that indicates whether there are more items to return. If your
results were truncated, you can make a subsequent pagination request
using the Marker request parameter to retrieve more items.
Note that IAM might return fewer than the MaxItems number of
results even when there are more results available. We recommend that you
check IsTruncated after every call to ensure that you
receive all of your results.
String marker
When IsTruncated is true, this element is
present and contains the value to use for the Marker
parameter in a subsequent pagination request.
String userName
The name of the user.
String marker
Use this parameter only when paginating results and only after you
receive a response indicating that the results are truncated. Set it to
the value of the Marker element in the response that you
received to indicate where the next call should start.
Integer maxItems
Use this only when paginating results to indicate the maximum number of
items you want in the response. If additional items exist beyond the
maximum you specify, the IsTruncated response element is
true.
This parameter is optional. If you do not include it, it defaults to 100.
Note that IAM might return fewer results, even when there are more
results available. In that case, the IsTruncated response
element returns true and Marker contains a
value to include in the subsequent call that tells the service where to
continue from.
com.amazonaws.internal.SdkInternalList<T> certificates
A list of the user's signing certificate information.
Boolean isTruncated
A flag that indicates whether there are more items to return. If your
results were truncated, you can make a subsequent pagination request
using the Marker request parameter to retrieve more items.
Note that IAM might return fewer than the MaxItems number of
results even when there are more results available. We recommend that you
check IsTruncated after every call to ensure that you
receive all of your results.
String marker
When IsTruncated is true, this element is
present and contains the value to use for the Marker
parameter in a subsequent pagination request.
String userName
The name of the IAM user to list SSH public keys for. If none is specified, the UserName field is determined implicitly based on the AWS access key used to sign the request.
String marker
Use this parameter only when paginating results and only after you
receive a response indicating that the results are truncated. Set it to
the value of the Marker element in the response that you
received to indicate where the next call should start.
Integer maxItems
Use this only when paginating results to indicate the maximum number of
items you want in the response. If additional items exist beyond the
maximum you specify, the IsTruncated response element is
true.
This parameter is optional. If you do not include it, it defaults to 100.
Note that IAM might return fewer results, even when there are more
results available. In that case, the IsTruncated response
element returns true and Marker contains a
value to include in the subsequent call that tells the service where to
continue from.
com.amazonaws.internal.SdkInternalList<T> sSHPublicKeys
A list of SSH public keys.
Boolean isTruncated
A flag that indicates whether there are more items to return. If your
results were truncated, you can make a subsequent pagination request
using the Marker request parameter to retrieve more items.
Note that IAM might return fewer than the MaxItems number of
results even when there are more results available. We recommend that you
check IsTruncated after every call to ensure that you
receive all of your results.
String marker
When IsTruncated is true, this element is
present and contains the value to use for the Marker
parameter in a subsequent pagination request.
String userName
The name of the user to list policies for.
String marker
Use this parameter only when paginating results and only after you
receive a response indicating that the results are truncated. Set it to
the value of the Marker element in the response that you
received to indicate where the next call should start.
Integer maxItems
Use this only when paginating results to indicate the maximum number of
items you want in the response. If additional items exist beyond the
maximum you specify, the IsTruncated response element is
true.
This parameter is optional. If you do not include it, it defaults to 100.
Note that IAM might return fewer results, even when there are more
results available. In that case, the IsTruncated response
element returns true and Marker contains a
value to include in the subsequent call that tells the service where to
continue from.
com.amazonaws.internal.SdkInternalList<T> policyNames
A list of policy names.
Boolean isTruncated
A flag that indicates whether there are more items to return. If your
results were truncated, you can make a subsequent pagination request
using the Marker request parameter to retrieve more items.
Note that IAM might return fewer than the MaxItems number of
results even when there are more results available. We recommend that you
check IsTruncated after every call to ensure that you
receive all of your results.
String marker
When IsTruncated is true, this element is
present and contains the value to use for the Marker
parameter in a subsequent pagination request.
String pathPrefix
The path prefix for filtering the results. For example:
/division_abc/subdivision_xyz/, which would get all user
names whose path starts with /division_abc/subdivision_xyz/.
This parameter is optional. If it is not included, it defaults to a slash (/), listing all user names.
String marker
Use this parameter only when paginating results and only after you
receive a response indicating that the results are truncated. Set it to
the value of the Marker element in the response that you
received to indicate where the next call should start.
Integer maxItems
Use this only when paginating results to indicate the maximum number of
items you want in the response. If additional items exist beyond the
maximum you specify, the IsTruncated response element is
true.
This parameter is optional. If you do not include it, it defaults to 100.
Note that IAM might return fewer results, even when there are more
results available. In that case, the IsTruncated response
element returns true and Marker contains a
value to include in the subsequent call that tells the service where to
continue from.
com.amazonaws.internal.SdkInternalList<T> users
A list of users.
Boolean isTruncated
A flag that indicates whether there are more items to return. If your
results were truncated, you can make a subsequent pagination request
using the Marker request parameter to retrieve more items.
Note that IAM might return fewer than the MaxItems number of
results even when there are more results available. We recommend that you
check IsTruncated after every call to ensure that you
receive all of your results.
String marker
When IsTruncated is true, this element is
present and contains the value to use for the Marker
parameter in a subsequent pagination request.
String assignmentStatus
The status (unassigned or assigned) of the devices to list. If you do not
specify an AssignmentStatus, the action defaults to
Any which lists both assigned and unassigned virtual MFA
devices.
String marker
Use this parameter only when paginating results and only after you
receive a response indicating that the results are truncated. Set it to
the value of the Marker element in the response that you
received to indicate where the next call should start.
Integer maxItems
Use this only when paginating results to indicate the maximum number of
items you want in the response. If additional items exist beyond the
maximum you specify, the IsTruncated response element is
true.
This parameter is optional. If you do not include it, it defaults to 100.
Note that IAM might return fewer results, even when there are more
results available. In that case, the IsTruncated response
element returns true and Marker contains a
value to include in the subsequent call that tells the service where to
continue from.
com.amazonaws.internal.SdkInternalList<T> virtualMFADevices
The list of virtual MFA devices in the current account that match the
AssignmentStatus value that was passed in the request.
Boolean isTruncated
A flag that indicates whether there are more items to return. If your
results were truncated, you can make a subsequent pagination request
using the Marker request parameter to retrieve more items.
Note that IAM might return fewer than the MaxItems number of
results even when there are more results available. We recommend that you
check IsTruncated after every call to ensure that you
receive all of your results.
String marker
When IsTruncated is true, this element is
present and contains the value to use for the Marker
parameter in a subsequent pagination request.
String userName
The name of the user, which can be used for signing in to the AWS Management Console.
Date createDate
The date when the password for the user was created.
Boolean passwordResetRequired
Specifies whether the user is required to set a new password on next sign-in.
String policyName
The friendly name (not ARN) identifying the policy.
String policyId
The stable and unique string identifying the policy.
For more information about IDs, see IAM Identifiers in the Using IAM guide.
String arn
String path
The path to the policy.
For more information about paths, see IAM Identifiers in the Using IAM guide.
String defaultVersionId
The identifier for the version of the policy that is set as the default (operative) version.
For more information about policy versions, see Versioning for Managed Policies in the Using IAM guide.
Integer attachmentCount
The number of principal entities (users, groups, and roles) that the policy is attached to.
Boolean isAttachable
Specifies whether the policy can be attached to an IAM user, group, or role.
String description
A friendly description of the policy.
Date createDate
The date and time, in ISO 8601 date-time format, when the policy was created.
Date updateDate
The date and time, in ISO 8601 date-time format, when the policy was last updated.
When a policy has only one version, this field contains the date and time when the policy was created. When a policy has more than one version, this field contains the date and time when the most recent policy version was created.
com.amazonaws.internal.SdkInternalList<T> policyVersionList
A list containing information about the versions of the policy.
String userName
The user with whom the MFA device is associated.
String serialNumber
The serial number that uniquely identifies the MFA device. For virtual MFA devices, the serial number is the device ARN.
Date enableDate
The date when the MFA device was enabled for the user.
String arn
Integer minimumPasswordLength
Minimum length to require for IAM user passwords.
Boolean requireSymbols
Specifies whether to require symbols for IAM user passwords.
Boolean requireNumbers
Specifies whether to require numbers for IAM user passwords.
Boolean requireUppercaseCharacters
Specifies whether to require uppercase characters for IAM user passwords.
Boolean requireLowercaseCharacters
Specifies whether to require lowercase characters for IAM user passwords.
Boolean allowUsersToChangePassword
Specifies whether IAM users are allowed to change their own password.
Boolean expirePasswords
Indicates whether passwords in the account expire. Returns true if MaxPasswordAge is contains a value greater than 0. Returns false if MaxPasswordAge is 0 or not present.
Integer maxPasswordAge
The number of days that an IAM user password is valid.
Integer passwordReusePrevention
Specifies the number of previous passwords that IAM users are prevented from reusing.
Boolean hardExpiry
Specifies whether IAM users are prevented from setting a new password after their password has expired.
String policyName
The friendly name (not ARN) identifying the policy.
String policyId
The stable and unique string identifying the policy.
For more information about IDs, see IAM Identifiers in the Using IAM guide.
String arn
String path
The path to the policy.
For more information about paths, see IAM Identifiers in the Using IAM guide.
String defaultVersionId
The identifier for the version of the policy that is set as the default version.
Integer attachmentCount
The number of entities (users, groups, and roles) that the policy is attached to.
Boolean isAttachable
Specifies whether the policy can be attached to an IAM user, group, or role.
String description
A friendly description of the policy.
This element is included in the response to the GetPolicy operation. It is not included in the response to the ListPolicies operation.
Date createDate
The date and time, in ISO 8601 date-time format, when the policy was created.
Date updateDate
The date and time, in ISO 8601 date-time format, when the policy was last updated.
When a policy has only one version, this field contains the date and time when the policy was created. When a policy has more than one version, this field contains the date and time when the most recent policy version was created.
String groupName
The name (friendly name, not ARN) identifying the group.
String roleName
The name (friendly name, not ARN) identifying the role.
String userName
The name (friendly name, not ARN) identifying the user.
String document
The policy document.
The policy document is returned in the response to the GetPolicyVersion and GetAccountAuthorizationDetails operations. It is not returned in the response to the CreatePolicyVersion or ListPolicyVersions operations.
String versionId
The identifier for the policy version.
Policy version identifiers always begin with v (always
lowercase). When a policy is created, the first policy version is
v1.
Boolean isDefaultVersion
Specifies whether the policy version is set as the policy's default version.
Date createDate
The date and time, in ISO 8601 date-time format, when the policy version was created.
String openIDConnectProviderArn
The Amazon Resource Name (ARN) of the IAM OpenID Connect (OIDC) provider to remove the client ID from. You can get a list of OIDC provider ARNs by using the ListOpenIDConnectProviders action.
String clientID
The client ID (also known as audience) to remove from the IAM OpenID Connect provider. For more information about client IDs, see CreateOpenIDConnectProvider.
String evalResourceName
The name of the simulated resource, in Amazon Resource Name (ARN) format.
String evalResourceDecision
The result of the simulation of the simulated API action on the resource
specified in EvalResourceName.
com.amazonaws.internal.SdkInternalList<T> matchedStatements
A list of the statements in the input policies that determine the result for this part of the simulation. Remember that even if multiple statements allow the action on the resource, if any statement denies that action, then the explicit deny overrides any allow, and the deny statement is the only entry included in the result.
com.amazonaws.internal.SdkInternalList<T> missingContextValues
A list of context keys that are required by the included input policies but that were not provided by one of the input parameters. To discover the context keys used by a set of policies, you can call GetContextKeysForCustomPolicy or GetContextKeysForPrincipalPolicy.
com.amazonaws.internal.SdkInternalMap<K,V> evalDecisionDetails
Additional details about the results of the evaluation decision. When there are both IAM policies and resource policies, this parameter explains how each set of policies contributes to the final evaluation decision. When simulating cross-account access to a resource, both the resource-based policy and the caller's IAM policy must grant access.
String userName
The name of the user whose MFA device you want to resynchronize.
String serialNumber
Serial number that uniquely identifies the MFA device.
String authenticationCode1
An authentication code emitted by the device.
String authenticationCode2
A subsequent authentication code emitted by the device.
String path
The path to the role. For more information about paths, see IAM Identifiers in the Using IAM guide.
String roleName
The friendly name that identifies the role.
String roleId
The stable and unique string identifying the role. For more information about IDs, see IAM Identifiers in the Using IAM guide.
String arn
The Amazon Resource Name (ARN) specifying the role. For more information about ARNs and how to use them in policies, see IAM Identifiers in the Using IAM guide.
Date createDate
The date and time, in ISO 8601 date-time format, when the role was created.
String assumeRolePolicyDocument
The policy that grants an entity permission to assume the role.
String path
The path to the role. For more information about paths, see IAM Identifiers in the Using IAM guide.
String roleName
The friendly name that identifies the role.
String roleId
The stable and unique string identifying the role. For more information about IDs, see IAM Identifiers in the Using IAM guide.
String arn
Date createDate
The date and time, in ISO 8601 date-time format, when the role was created.
String assumeRolePolicyDocument
The trust policy that grants permission to assume the role.
com.amazonaws.internal.SdkInternalList<T> instanceProfileList
com.amazonaws.internal.SdkInternalList<T> rolePolicyList
A list of inline policies embedded in the role. These policies are the role's access (permissions) policies.
com.amazonaws.internal.SdkInternalList<T> attachedManagedPolicies
A list of managed policies attached to the role. These policies are the role's access (permissions) policies.
ServerCertificateMetadata serverCertificateMetadata
The meta information of the server certificate, such as its name, path, ID, and ARN.
String certificateBody
The contents of the public key certificate.
String certificateChain
The contents of the public key certificate chain.
String path
The path to the server certificate. For more information about paths, see IAM Identifiers in the Using IAM guide.
String serverCertificateName
The name that identifies the server certificate.
String serverCertificateId
The stable and unique string identifying the server certificate. For more information about IDs, see IAM Identifiers in the Using IAM guide.
String arn
The Amazon Resource Name (ARN) specifying the server certificate. For more information about ARNs and how to use them in policies, see IAM Identifiers in the Using IAM guide.
Date uploadDate
The date when the server certificate was uploaded.
Date expiration
The date on which the certificate is set to expire.
String policyArn
String versionId
The version of the policy to set as the default (operative) version.
For more information about managed policy versions, see Versioning for Managed Policies in the IAM User Guide.
String userName
The name of the user the signing certificate is associated with.
String certificateId
The ID for the signing certificate.
String certificateBody
The contents of the signing certificate.
String status
The status of the signing certificate. Active means the key
is valid for API calls, while Inactive means it is not.
Date uploadDate
The date when the signing certificate was uploaded.
com.amazonaws.internal.SdkInternalList<T> policyInputList
A list of policy documents to include in the simulation. Each document is
specified as a string containing the complete, valid JSON text of an IAM
policy. Do not include any resource-based policies in this parameter. Any
resource-based policy must be submitted with the
ResourcePolicy parameter. The policies cannot be
"scope-down" policies, such as you could include in a call to GetFederationToken or one of the AssumeRole APIs to restrict what a user can do while using the
temporary credentials.
com.amazonaws.internal.SdkInternalList<T> actionNames
A list of names of API actions to evaluate in the simulation. Each action
is evaluated against each resource. Each action must include the service
identifier, such as iam:CreateUser.
com.amazonaws.internal.SdkInternalList<T> resourceArns
A list of ARNs of AWS resources to include in the simulation. If this
parameter is not provided then the value defaults to * (all
resources). Each API in the ActionNames parameter is
evaluated for each resource in this list. The simulation determines the
access result (allowed or denied) of each combination and reports it in
the response.
The simulation does not automatically retrieve policies for the specified
resources. If you want to include a resource policy in the simulation,
then you must include the policy as a string in the
ResourcePolicy parameter.
If you include a ResourcePolicy, then it must be applicable
to all of the resources included in the simulation or you receive an
invalid input error.
String resourcePolicy
A resource-based policy to include in the simulation provided as a string. Each resource in the simulation is treated as if it had this policy attached. You can include only one resource-based policy in a simulation.
String resourceOwner
An AWS account ID that specifies the owner of any simulated resource that
does not identify its owner in the resource ARN, such as an S3 bucket or
object. If ResourceOwner is specified, it is also used as
the account owner of any ResourcePolicy included in the
simulation. If the ResourceOwner parameter is not specified,
then the owner of the resources and the resource policy defaults to the
account of the identity provided in CallerArn. This
parameter is required only if you specify a resource-based policy and
account that owns the resource is different from the account that owns
the simulated calling user CallerArn.
String callerArn
The ARN of the user that you want to use as the simulated caller of the
APIs. CallerArn is required if you include a
ResourcePolicy so that the policy's Principal
element has a value to use in evaluating the policy.
You can specify only the ARN of an IAM user. You cannot specify the ARN of an assumed role, federated user, or a service principal.
com.amazonaws.internal.SdkInternalList<T> contextEntries
A list of context keys and corresponding values for the simulation to
use. Whenever a context key is evaluated by a Condition
element in one of the simulated IAM permission policies, the
corresponding value is supplied.
String resourceHandlingOption
Specifies the type of simulation to run. Different APIs that support resource-based policies require different combinations of resources. By specifying the type of simulation to run, you enable the policy simulator to enforce the presence of the required resources to ensure reliable simulation results. If your simulation does not match one of the following scenarios, then you can omit this parameter. The following list shows each of the supported scenario values and the resources that you must define to run the simulation.
Each of the EC2 scenarios requires that you specify instance, image, and security-group resources. If your scenario includes an EBS volume, then you must specify that volume as a resource. If the EC2 scenario includes VPC, then you must supply the network-interface resource. If it includes an IP subnet, then you must specify the subnet resource. For more information on the EC2 scenario options, see Supported Platforms in the AWS EC2 User Guide.
EC2-Classic-InstanceStore
instance, image, security-group
EC2-Classic-EBS
instance, image, security-group, volume
EC2-VPC-InstanceStore
instance, image, security-group, network-interface
EC2-VPC-InstanceStore-Subnet
instance, image, security-group, network-interface, subnet
EC2-VPC-EBS
instance, image, security-group, network-interface, volume
EC2-VPC-EBS-Subnet
instance, image, security-group, network-interface, subnet, volume
Integer maxItems
Use this only when paginating results to indicate the maximum number of
items you want in the response. If additional items exist beyond the
maximum you specify, the IsTruncated response element is
true.
This parameter is optional. If you do not include it, it defaults to 100.
Note that IAM might return fewer results, even when there are more
results available. In that case, the IsTruncated response
element returns true and Marker contains a
value to include in the subsequent call that tells the service where to
continue from.
String marker
Use this parameter only when paginating results and only after you
receive a response indicating that the results are truncated. Set it to
the value of the Marker element in the response that you
received to indicate where the next call should start.
com.amazonaws.internal.SdkInternalList<T> evaluationResults
The results of the simulation.
Boolean isTruncated
A flag that indicates whether there are more items to return. If your
results were truncated, you can make a subsequent pagination request
using the Marker request parameter to retrieve more items.
Note that IAM might return fewer than the MaxItems number of
results even when there are more results available. We recommend that you
check IsTruncated after every call to ensure that you
receive all of your results.
String marker
When IsTruncated is true, this element is
present and contains the value to use for the Marker
parameter in a subsequent pagination request.
String policySourceArn
The Amazon Resource Name (ARN) of a user, group, or role whose policies you want to include in the simulation. If you specify a user, group, or role, the simulation includes all policies that are associated with that entity. If you specify a user, the simulation also includes all policies that are attached to any groups the user belongs to.
com.amazonaws.internal.SdkInternalList<T> policyInputList
An optional list of additional policy documents to include in the simulation. Each document is specified as a string containing the complete, valid JSON text of an IAM policy.
com.amazonaws.internal.SdkInternalList<T> actionNames
A list of names of API actions to evaluate in the simulation. Each action
is evaluated for each resource. Each action must include the service
identifier, such as iam:CreateUser.
com.amazonaws.internal.SdkInternalList<T> resourceArns
A list of ARNs of AWS resources to include in the simulation. If this
parameter is not provided then the value defaults to * (all
resources). Each API in the ActionNames parameter is
evaluated for each resource in this list. The simulation determines the
access result (allowed or denied) of each combination and reports it in
the response.
The simulation does not automatically retrieve policies for the specified
resources. If you want to include a resource policy in the simulation,
then you must include the policy as a string in the
ResourcePolicy parameter.
String resourcePolicy
A resource-based policy to include in the simulation provided as a string. Each resource in the simulation is treated as if it had this policy attached. You can include only one resource-based policy in a simulation.
String resourceOwner
An AWS account ID that specifies the owner of any simulated resource that
does not identify its owner in the resource ARN, such as an S3 bucket or
object. If ResourceOwner is specified, it is also used as
the account owner of any ResourcePolicy included in the
simulation. If the ResourceOwner parameter is not specified,
then the owner of the resources and the resource policy defaults to the
account of the identity provided in CallerArn. This
parameter is required only if you specify a resource-based policy and
account that owns the resource is different from the account that owns
the simulated calling user CallerArn.
String callerArn
The ARN of the user that you want to specify as the simulated caller of
the APIs. If you do not specify a CallerArn, it defaults to
the ARN of the user that you specify in PolicySourceArn, if
you specified a user. If you include both a PolicySourceArn
(for example, arn:aws:iam::123456789012:user/David) and a
CallerArn (for example,
arn:aws:iam::123456789012:user/Bob), the result is that you
simulate calling the APIs as Bob, as if Bob had David's policies.
You can specify only the ARN of an IAM user. You cannot specify the ARN of an assumed role, federated user, or a service principal.
CallerArn is required if you include a
ResourcePolicy and the PolicySourceArn is not
the ARN for an IAM user. This is required so that the resource-based
policy's Principal element has a value to use in evaluating
the policy.
com.amazonaws.internal.SdkInternalList<T> contextEntries
A list of context keys and corresponding values for the simulation to
use. Whenever a context key is evaluated by a Condition
element in one of the simulated policies, the corresponding value is
supplied.
String resourceHandlingOption
Specifies the type of simulation to run. Different APIs that support resource-based policies require different combinations of resources. By specifying the type of simulation to run, you enable the policy simulator to enforce the presence of the required resources to ensure reliable simulation results. If your simulation does not match one of the following scenarios, then you can omit this parameter. The following list shows each of the supported scenario values and the resources that you must define to run the simulation.
Each of the EC2 scenarios requires that you specify instance, image, and security-group resources. If your scenario includes an EBS volume, then you must specify that volume as a resource. If the EC2 scenario includes VPC, then you must supply the network-interface resource. If it includes an IP subnet, then you must specify the subnet resource. For more information on the EC2 scenario options, see Supported Platforms in the AWS EC2 User Guide.
EC2-Classic-InstanceStore
instance, image, security-group
EC2-Classic-EBS
instance, image, security-group, volume
EC2-VPC-InstanceStore
instance, image, security-group, network-interface
EC2-VPC-InstanceStore-Subnet
instance, image, security-group, network-interface, subnet
EC2-VPC-EBS
instance, image, security-group, network-interface, volume
EC2-VPC-EBS-Subnet
instance, image, security-group, network-interface, subnet, volume
Integer maxItems
Use this only when paginating results to indicate the maximum number of
items you want in the response. If additional items exist beyond the
maximum you specify, the IsTruncated response element is
true.
This parameter is optional. If you do not include it, it defaults to 100.
Note that IAM might return fewer results, even when there are more
results available. In that case, the IsTruncated response
element returns true and Marker contains a
value to include in the subsequent call that tells the service where to
continue from.
String marker
Use this parameter only when paginating results and only after you
receive a response indicating that the results are truncated. Set it to
the value of the Marker element in the response that you
received to indicate where the next call should start.
com.amazonaws.internal.SdkInternalList<T> evaluationResults
The results of the simulation.
Boolean isTruncated
A flag that indicates whether there are more items to return. If your
results were truncated, you can make a subsequent pagination request
using the Marker request parameter to retrieve more items.
Note that IAM might return fewer than the MaxItems number of
results even when there are more results available. We recommend that you
check IsTruncated after every call to ensure that you
receive all of your results.
String marker
When IsTruncated is true, this element is
present and contains the value to use for the Marker
parameter in a subsequent pagination request.
String userName
The name of the IAM user associated with the SSH public key.
String sSHPublicKeyId
The unique identifier for the SSH public key.
String fingerprint
The MD5 message digest of the SSH public key.
String sSHPublicKeyBody
The SSH public key.
String status
The status of the SSH public key. Active means the key can
be used for authentication with an AWS CodeCommit repository.
Inactive means the key cannot be used.
Date uploadDate
The date and time, in ISO 8601 date-time format, when the SSH public key was uploaded.
String userName
The name of the IAM user associated with the SSH public key.
String sSHPublicKeyId
The unique identifier for the SSH public key.
String status
The status of the SSH public key. Active means the key can
be used for authentication with an AWS CodeCommit repository.
Inactive means the key cannot be used.
Date uploadDate
The date and time, in ISO 8601 date-time format, when the SSH public key was uploaded.
String sourcePolicyId
The identifier of the policy that was provided as an input.
String sourcePolicyType
The type of the policy.
Position startPosition
The row and column of the beginning of the Statement in an
IAM policy.
Position endPosition
The row and column of the end of a Statement in an IAM
policy.
String userName
The name of the user whose key you want to update.
String accessKeyId
The access key ID of the secret access key you want to update.
String status
The status you want to assign to the secret access key.
Active means the key can be used for API calls to AWS, while
Inactive means the key cannot be used.
Integer minimumPasswordLength
The minimum number of characters allowed in an IAM user password.
Default value: 6
Boolean requireSymbols
Specifies whether IAM user passwords must contain at least one of the following non-alphanumeric characters:
! @ # $ % ^ & * ( ) _ + - = [ ] { } | '
Default value: false
Boolean requireNumbers
Specifies whether IAM user passwords must contain at least one numeric character (0 to 9).
Default value: false
Boolean requireUppercaseCharacters
Specifies whether IAM user passwords must contain at least one uppercase character from the ISO basic Latin alphabet (A to Z).
Default value: false
Boolean requireLowercaseCharacters
Specifies whether IAM user passwords must contain at least one lowercase character from the ISO basic Latin alphabet (a to z).
Default value: false
Boolean allowUsersToChangePassword
Allows all IAM users in your account to use the AWS Management Console to change their own passwords. For more information, see Letting IAM Users Change Their Own Passwords in the IAM User Guide.
Default value: false
Integer maxPasswordAge
The number of days that an IAM user password is valid. The default value of 0 means IAM user passwords never expire.
Default value: 0
Integer passwordReusePrevention
Specifies the number of previous passwords that IAM users are prevented from reusing. The default value of 0 means IAM users are not prevented from reusing previous passwords.
Default value: 0
Boolean hardExpiry
Prevents IAM users from setting a new password after their password has expired.
Default value: false
String groupName
Name of the group to update. If you're changing the name of the group, this is the original name.
String newPath
New path for the group. Only include this if changing the group's path.
String newGroupName
New name for the group. Only include this if changing the group's name.
String openIDConnectProviderArn
The Amazon Resource Name (ARN) of the IAM OpenID Connect (OIDC) provider to update the thumbprint for. You can get a list of OIDC provider ARNs by using the ListOpenIDConnectProviders action.
com.amazonaws.internal.SdkInternalList<T> thumbprintList
A list of certificate thumbprints that are associated with the specified IAM OpenID Connect provider. For more information, see CreateOpenIDConnectProvider.
String sAMLMetadataDocument
An XML document generated by an identity provider (IdP) that supports SAML 2.0. The document includes the issuer's name, expiration information, and keys that can be used to validate the SAML authentication response (assertions) that are received from the IdP. You must generate the metadata document using the identity management software that is used as your organization's IdP.
String sAMLProviderArn
The Amazon Resource Name (ARN) of the SAML provider to update.
String sAMLProviderArn
The Amazon Resource Name (ARN) of the SAML provider that was updated.
String serverCertificateName
The name of the server certificate that you want to update.
String newPath
The new path for the server certificate. Include this only if you are updating the server certificate's path.
String newServerCertificateName
The new name for the server certificate. Include this only if you are updating the server certificate's name. The name of the certificate cannot contain any spaces.
String userName
The name of the user the signing certificate belongs to.
String certificateId
The ID of the signing certificate you want to update.
String status
The status you want to assign to the certificate. Active
means the certificate can be used for API calls to AWS, while
Inactive means the certificate cannot be used.
String userName
The name of the IAM user associated with the SSH public key.
String sSHPublicKeyId
The unique identifier for the SSH public key.
String status
The status to assign to the SSH public key. Active means the
key can be used for authentication with an AWS CodeCommit repository.
Inactive means the key cannot be used.
String userName
Name of the user to update. If you're changing the name of the user, this is the original user name.
String newPath
New path for the user. Include this parameter only if you're changing the user's path.
String newUserName
New name for the user. Include this parameter only if you're changing the user's name.
String path
The path for the server certificate. For more information about paths, see IAM Identifiers in the Using IAM guide.
This parameter is optional. If it is not included, it defaults to a slash (/).
--path option. The path must begin with
/cloudfront and must include a trailing slash (for example,
/cloudfront/test/). String serverCertificateName
The name for the server certificate. Do not include the path in this value. The name of the certificate cannot contain any spaces.
String certificateBody
The contents of the public key certificate in PEM-encoded format.
String privateKey
The contents of the private key in PEM-encoded format.
String certificateChain
The contents of the certificate chain. This is typically a concatenation of the PEM-encoded public key certificates of the chain.
ServerCertificateMetadata serverCertificateMetadata
The meta information of the uploaded server certificate without its certificate body, certificate chain, and private key.
SigningCertificate certificate
Information about the certificate.
SSHPublicKey sSHPublicKey
Contains information about the SSH public key.
String path
The path to the user. For more information about paths, see IAM Identifiers in the Using IAM guide.
String userName
The friendly name identifying the user.
String userId
The stable and unique string identifying the user. For more information about IDs, see IAM Identifiers in the Using IAM guide.
String arn
The Amazon Resource Name (ARN) that identifies the user. For more information about ARNs and how to use ARNs in policies, see IAM Identifiers in the Using IAM guide.
Date createDate
The date and time, in ISO 8601 date-time format, when the user was created.
Date passwordLastUsed
The date and time, in ISO 8601 date-time format, when the user's password was last used to sign in to an AWS website. For a list of AWS websites that capture a user's last sign-in time, see the Credential Reports topic in the Using IAM guide. If a password is used more than once in a five-minute span, only the first use is returned in this field. This field is null (not present) when:
The user does not have a password
The password exists but has never been used (at least not since IAM started tracking this information on October 20th, 2014
there is no sign-in data associated with the user
This value is returned only in the GetUser and ListUsers actions.
String path
The path to the user. For more information about paths, see IAM Identifiers in the Using IAM guide.
String userName
The friendly name identifying the user.
String userId
The stable and unique string identifying the user. For more information about IDs, see IAM Identifiers in the Using IAM guide.
String arn
Date createDate
The date and time, in ISO 8601 date-time format, when the user was created.
com.amazonaws.internal.SdkInternalList<T> userPolicyList
A list of the inline policies embedded in the user.
com.amazonaws.internal.SdkInternalList<T> groupList
A list of IAM groups that the user is in.
com.amazonaws.internal.SdkInternalList<T> attachedManagedPolicies
A list of the managed policies attached to the user.
String serialNumber
The serial number associated with VirtualMFADevice.
ByteBuffer base32StringSeed
The Base32 seed defined as specified in RFC3548. The
Base32StringSeed is Base64-encoded.
ByteBuffer qRCodePNG
A QR code PNG image that encodes
otpauth://totp/$virtualMFADeviceName@$AccountName?secret=$Base32String
where $virtualMFADeviceName is one of the create call
arguments, AccountName is the user name if set (otherwise,
the account ID otherwise), and Base32String is the seed in
Base32 format. The Base32String value is Base64-encoded.
User user
Date enableDate
The date and time on which the virtual MFA device was enabled.
Copyright © 2016. All rights reserved.