String serviceName
The name of the service in which access was attempted.
String serviceNamespace
The namespace of the service in which access was attempted.
To learn the service namespace of a service, go to Actions, Resources, and Condition Keys for AWS Services in the IAM User Guide. Choose the name of the
service to view details for that service. In the first paragraph, find the service prefix. For example,
(service prefix: a4b). For more information about service namespaces, see AWS Service Namespaces in the AWS General Reference.
String region
The Region where the last service access attempt occurred.
This field is null if no principals in the reported Organizations entity attempted to access the service within the reporting period.
String entityPath
The path of the Organizations entity (root, organizational unit, or account) from which an authenticated principal last attempted to access the service. AWS does not report unauthenticated requests.
This field is null if no principals (IAM users, IAM roles, or root users) in the reported Organizations entity attempted to access the service within the reporting period.
Date lastAuthenticatedTime
The date and time, in ISO 8601 date-time format, when an authenticated principal most recently attempted to access the service. AWS does not report unauthenticated requests.
This field is null if no principals in the reported Organizations entity attempted to access the service within the reporting period.
Integer totalAuthenticatedEntities
The number of accounts with authenticated principals (root users, IAM users, and IAM roles) that attempted to access the service in the reporting period.
String userName
The name of the IAM user that the access key is associated with.
String accessKeyId
The ID for this access key.
String status
The status of the access key. Active means that the key is valid for API calls, while
Inactive means it is not.
String secretAccessKey
The secret key used to sign requests.
Date createDate
The date when the access key was created.
Date lastUsedDate
The date and time, in ISO 8601 date-time format, when the access key was most recently used. This field is null in the following situations:
The user does not have an access key.
An access key exists but has not been used since IAM began tracking this information.
There is no sign-in data associated with the user.
String serviceName
The name of the AWS service with which this access key was most recently used. The value of this field is "N/A" in the following situations:
The user does not have an access key.
An access key exists but has not been used since IAM started tracking this information.
There is no sign-in data associated with the user.
String region
The AWS Region where this access key was most recently used. The value for this field is "N/A" in the following situations:
The user does not have an access key.
An access key exists but has not been used since IAM began tracking this information.
There is no sign-in data associated with the user.
For more information about AWS Regions, see Regions and Endpoints in the Amazon Web Services General Reference.
String userName
The name of the IAM user that the key is associated with.
String accessKeyId
The ID for this access key.
String status
The status of the access key. Active means that the key is valid for API calls;
Inactive means it is not.
Date createDate
The date when the access key was created.
String openIDConnectProviderArn
The Amazon Resource Name (ARN) of the IAM OpenID Connect (OIDC) provider resource to add the client ID to. You can get a list of OIDC provider ARNs by using the ListOpenIDConnectProviders operation.
String clientID
The client ID (also known as audience) to add to the IAM OpenID Connect provider resource.
String instanceProfileName
The name of the instance profile to update.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
String roleName
The name of the role to add.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
String groupName
The name of the group to update.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
String userName
The name of the user to add.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
String permissionsBoundaryType
The permissions boundary usage type that indicates what type of IAM resource is used as the permissions boundary
for an entity. This data type can only have a value of Policy.
String permissionsBoundaryArn
The ARN of the policy used to set the permissions boundary for the user or role.
String groupName
The name (friendly name, not ARN) of the group to attach the policy to.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
String policyArn
The Amazon Resource Name (ARN) of the IAM policy you want to attach.
For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.
String roleName
The name (friendly name, not ARN) of the role to attach the policy to.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
String policyArn
The Amazon Resource Name (ARN) of the IAM policy you want to attach.
For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.
String userName
The name (friendly name, not ARN) of the IAM user to attach the policy to.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
String policyArn
The Amazon Resource Name (ARN) of the IAM policy you want to attach.
For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.
String oldPassword
The IAM user's current password.
String newPassword
The new password. The new password must conform to the AWS account's password policy, if one exists.
The regex pattern that is used to validate this parameter is a
string of characters. That string can include almost any printable ASCII character from the space (
) through the end of the ASCII character range (ÿ). You can also include the tab (
), line feed (
), and carriage return (
) characters. Any
of these characters are valid in a password. However, many tools, such as the AWS Management Console, might
restrict the ability to type certain characters because they have special meaning within that tool.
String contextKeyName
The full name of a condition context key, including the service prefix. For example, aws:SourceIp or
s3:VersionId.
SdkInternalList<T> contextKeyValues
The value (or values, if the condition context key supports multiple values) to provide to the simulation when
the key is referenced by a Condition element in an input policy.
String contextKeyType
The data type of the value (or values) specified in the ContextKeyValues parameter.
String userName
The name of the IAM user that the new key will belong to.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
AccessKey accessKey
A structure with details about the access key.
String accountAlias
The account alias to create.
This parameter allows (through its regex pattern) a string of characters consisting of lowercase letters, digits, and dashes. You cannot start or finish with a dash, nor can you have two dashes in a row.
String path
The path to the group. For more information about paths, see IAM Identifiers in the IAM User Guide.
This parameter is optional. If it is not included, it defaults to a slash (/).
This parameter allows (through its regex pattern) a string of
characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward
slashes. In addition, it can contain any ASCII character from the ! (!) through the DEL
character (), including most punctuation characters, digits, and upper and lowercased letters.
String groupName
The name of the group to create. Do not include the path in this value.
IAM user, group, role, and policy names must be unique within the account. Names are not distinguished by case. For example, you cannot create resources named both "MyResource" and "myresource".
Group group
A structure containing details about the new group.
String instanceProfileName
The name of the instance profile to create.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
String path
The path to the instance profile. For more information about paths, see IAM Identifiers in the IAM User Guide.
This parameter is optional. If it is not included, it defaults to a slash (/).
This parameter allows (through its regex pattern) a string of
characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward
slashes. In addition, it can contain any ASCII character from the ! (!) through the DEL
character (), including most punctuation characters, digits, and upper and lowercased letters.
InstanceProfile instanceProfile
A structure containing details about the new instance profile.
String userName
The name of the IAM user to create a password for. The user must already exist.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
String password
The new password for the user.
The regex pattern that is used to validate this parameter is a
string of characters. That string can include almost any printable ASCII character from the space (
) through the end of the ASCII character range (ÿ). You can also include the tab (
), line feed (
), and carriage return (
) characters. Any
of these characters are valid in a password. However, many tools, such as the AWS Management Console, might
restrict the ability to type certain characters because they have special meaning within that tool.
Boolean passwordResetRequired
Specifies whether the user is required to set a new password on next sign-in.
LoginProfile loginProfile
A structure containing the user name and password create date.
String url
The URL of the identity provider. The URL must begin with https:// and should correspond to the
iss claim in the provider's OpenID Connect ID tokens. Per the OIDC standard, path components are
allowed but query parameters are not. Typically the URL consists of only a hostname, like
https://server.example.org or https://example.com.
You cannot register the same provider multiple times in a single AWS account. If you try to submit a URL that has already been used for an OpenID Connect provider in the AWS account, you will get an error.
SdkInternalList<T> clientIDList
A list of client IDs (also known as audiences). When a mobile or web app registers with an OpenID Connect
provider, they establish a value that identifies the application. (This is the value that's sent as the
client_id parameter on OAuth requests.)
You can register multiple client IDs with the same provider. For example, you might have multiple applications that use the same OIDC provider. You cannot register more than 100 client IDs with a single IAM OIDC provider.
There is no defined format for a client ID. The CreateOpenIDConnectProviderRequest operation accepts
client IDs up to 255 characters long.
SdkInternalList<T> thumbprintList
A list of server certificate thumbprints for the OpenID Connect (OIDC) identity provider's server certificates. Typically this list includes only one entry. However, IAM lets you have up to five thumbprints for an OIDC provider. This lets you maintain multiple thumbprints if the identity provider is rotating certificates.
The server certificate thumbprint is the hex-encoded SHA-1 hash value of the X.509 certificate used by the domain where the OpenID Connect provider makes its keys available. It is always a 40-character string.
You must provide at least one thumbprint when creating an IAM OIDC provider. For example, assume that the OIDC
provider is server.example.com and the provider stores its keys at
https://keys.server.example.com/openid-connect. In that case, the thumbprint string would be the hex-encoded
SHA-1 hash value of the certificate used by https://keys.server.example.com.
For more information about obtaining the OIDC provider's thumbprint, see Obtaining the Thumbprint for an OpenID Connect Provider in the IAM User Guide.
String openIDConnectProviderArn
The Amazon Resource Name (ARN) of the new IAM OpenID Connect provider that is created. For more information, see OpenIDConnectProviderListEntry.
String policyName
The friendly name of the policy.
IAM user, group, role, and policy names must be unique within the account. Names are not distinguished by case. For example, you cannot create resources named both "MyResource" and "myresource".
String path
The path for the policy.
For more information about paths, see IAM Identifiers in the IAM User Guide.
This parameter is optional. If it is not included, it defaults to a slash (/).
This parameter allows (through its regex pattern) a string of
characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward
slashes. In addition, it can contain any ASCII character from the ! (!) through the DEL
character (), including most punctuation characters, digits, and upper and lowercased letters.
String policyDocument
The JSON policy document that you want to use as the content for the new policy.
You must provide policies in JSON format in IAM. However, for AWS CloudFormation templates formatted in YAML, you can provide the policy in JSON or YAML format. AWS CloudFormation always converts a YAML policy to JSON format before submitting it to IAM.
The regex pattern used to validate this parameter is a string of characters consisting of the following:
Any printable ASCII character ranging from the space character ( ) through the end of the ASCII
character range
The printable characters in the Basic Latin and Latin-1 Supplement character set (through ÿ)
The special characters tab ( ), line feed (
), and carriage return (
)
String description
A friendly description of the policy.
Typically used to store information about the permissions defined in the policy. For example, "Grants access to production DynamoDB tables."
The policy description is immutable. After a value is assigned, it cannot be changed.
Policy policy
A structure containing details about the new policy.
String policyArn
The Amazon Resource Name (ARN) of the IAM policy to which you want to add a new version.
For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.
String policyDocument
The JSON policy document that you want to use as the content for this new version of the policy.
You must provide policies in JSON format in IAM. However, for AWS CloudFormation templates formatted in YAML, you can provide the policy in JSON or YAML format. AWS CloudFormation always converts a YAML policy to JSON format before submitting it to IAM.
The regex pattern used to validate this parameter is a string of characters consisting of the following:
Any printable ASCII character ranging from the space character ( ) through the end of the ASCII
character range
The printable characters in the Basic Latin and Latin-1 Supplement character set (through ÿ)
The special characters tab ( ), line feed (
), and carriage return (
)
Boolean setAsDefault
Specifies whether to set this version as the policy's default version.
When this parameter is true, the new policy version becomes the operative version. That is, it
becomes the version that is in effect for the IAM users, groups, and roles that the policy is attached to.
For more information about managed policy versions, see Versioning for Managed Policies in the IAM User Guide.
PolicyVersion policyVersion
A structure containing details about the new policy version.
String path
The path to the role. For more information about paths, see IAM Identifiers in the IAM User Guide.
This parameter is optional. If it is not included, it defaults to a slash (/).
This parameter allows (through its regex pattern) a string of
characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward
slashes. In addition, it can contain any ASCII character from the ! (!) through the DEL
character (), including most punctuation characters, digits, and upper and lowercased letters.
String roleName
The name of the role to create.
IAM user, group, role, and policy names must be unique within the account. Names are not distinguished by case. For example, you cannot create resources named both "MyResource" and "myresource".
String assumeRolePolicyDocument
The trust relationship policy document that grants an entity permission to assume the role.
In IAM, you must provide a JSON policy that has been converted to a string. However, for AWS CloudFormation templates formatted in YAML, you can provide the policy in JSON or YAML format. AWS CloudFormation always converts a YAML policy to JSON format before submitting it to IAM.
The regex pattern used to validate this parameter is a string of characters consisting of the following:
Any printable ASCII character ranging from the space character ( ) through the end of the ASCII
character range
The printable characters in the Basic Latin and Latin-1 Supplement character set (through ÿ)
The special characters tab ( ), line feed (
), and carriage return (
)
Upon success, the response includes the same trust policy in JSON format.
String description
A description of the role.
Integer maxSessionDuration
The maximum session duration (in seconds) that you want to set for the specified role. If you do not specify a value for this setting, the default maximum of one hour is applied. This setting can have a value from 1 hour to 12 hours.
Anyone who assumes the role from the AWS CLI or API can use the DurationSeconds API parameter or the
duration-seconds CLI parameter to request a longer session. The MaxSessionDuration
setting determines the maximum duration that can be requested using the DurationSeconds parameter.
If users don't specify a value for the DurationSeconds parameter, their security credentials are
valid for one hour by default. This applies when you use the AssumeRole* API operations or the
assume-role* CLI operations but does not apply when you use those operations to create a console
URL. For more information, see Using
IAM Roles in the IAM User Guide.
String permissionsBoundary
The ARN of the policy that is used to set the permissions boundary for the role.
SdkInternalList<T> tags
A list of tags that you want to attach to the newly created role. Each tag consists of a key name and an associated value. For more information about tagging, see Tagging IAM Identities in the IAM User Guide.
If any one of the tags is invalid or if you exceed the allowed number of tags per role, then the entire request fails and the role is not created.
Role role
A structure containing details about the new role.
String sAMLMetadataDocument
An XML document generated by an identity provider (IdP) that supports SAML 2.0. The document includes the issuer's name, expiration information, and keys that can be used to validate the SAML authentication response (assertions) that are received from the IdP. You must generate the metadata document using the identity management software that is used as your organization's IdP.
For more information, see About SAML 2.0-based Federation in the IAM User Guide
String name
The name of the provider to create.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
String sAMLProviderArn
The Amazon Resource Name (ARN) of the new SAML provider resource in IAM.
String aWSServiceName
The service principal for the AWS service to which this role is attached. You use a string similar to a URL but
without the http:// in front. For example: elasticbeanstalk.amazonaws.com.
Service principals are unique and case-sensitive. To find the exact service principal for your service-linked role, see AWS Services That Work with IAM in the IAM User Guide. Look for the services that have Yes in the Service-Linked Role column. Choose the Yes link to view the service-linked role documentation for that service.
String description
The description of the role.
String customSuffix
A string that you provide, which is combined with the service-provided prefix to form the complete role name. If
you make multiple requests for the same service, then you must supply a different CustomSuffix for
each request. Otherwise the request fails with a duplicate role name error. For example, you could add
-1 or -debug to the suffix.
Some services do not support the CustomSuffix parameter. If you provide an optional suffix and the
operation fails, try the operation again without the suffix.
String userName
The name of the IAM user that is to be associated with the credentials. The new service-specific credentials have the same permissions as the associated user except that they can be used only to access the specified service.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
String serviceName
The name of the AWS service that is to be associated with the credentials. The service you specify here is the only service that can be accessed using these credentials.
ServiceSpecificCredential serviceSpecificCredential
A structure that contains information about the newly created service-specific credential.
This is the only time that the password for this credential set is available. It cannot be recovered later. Instead, you must reset the password with ResetServiceSpecificCredential.
String path
The path for the user name. For more information about paths, see IAM Identifiers in the IAM User Guide.
This parameter is optional. If it is not included, it defaults to a slash (/).
This parameter allows (through its regex pattern) a string of
characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward
slashes. In addition, it can contain any ASCII character from the ! (!) through the DEL
character (), including most punctuation characters, digits, and upper and lowercased letters.
String userName
The name of the user to create.
IAM user, group, role, and policy names must be unique within the account. Names are not distinguished by case. For example, you cannot create resources named both "MyResource" and "myresource".
String permissionsBoundary
The ARN of the policy that is used to set the permissions boundary for the user.
SdkInternalList<T> tags
A list of tags that you want to attach to the newly created user. Each tag consists of a key name and an associated value. For more information about tagging, see Tagging IAM Identities in the IAM User Guide.
If any one of the tags is invalid or if you exceed the allowed number of tags per user, then the entire request fails and the user is not created.
User user
A structure with details about the new IAM user.
String path
The path for the virtual MFA device. For more information about paths, see IAM Identifiers in the IAM User Guide.
This parameter is optional. If it is not included, it defaults to a slash (/).
This parameter allows (through its regex pattern) a string of
characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward
slashes. In addition, it can contain any ASCII character from the ! (!) through the DEL
character (), including most punctuation characters, digits, and upper and lowercased letters.
String virtualMFADeviceName
The name of the virtual MFA device. Use with path to uniquely identify a virtual MFA device.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
VirtualMFADevice virtualMFADevice
A structure containing details about the new virtual MFA device.
String userName
The name of the user whose MFA device you want to deactivate.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
String serialNumber
The serial number that uniquely identifies the MFA device. For virtual MFA devices, the serial number is the device ARN.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@:/-
String userName
The name of the user whose access key pair you want to delete.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
String accessKeyId
The access key ID for the access key ID and secret access key you want to delete.
This parameter allows (through its regex pattern) a string of characters that can consist of any upper or lowercased letter or digit.
String accountAlias
The name of the account alias to delete.
This parameter allows (through its regex pattern) a string of characters consisting of lowercase letters, digits, and dashes. You cannot start or finish with a dash, nor can you have two dashes in a row.
String groupName
The name (friendly name, not ARN) identifying the group that the policy is embedded in.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
String policyName
The name identifying the policy document to delete.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
String groupName
The name of the IAM group to delete.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
String instanceProfileName
The name of the instance profile to delete.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
String userName
The name of the user whose password you want to delete.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
String openIDConnectProviderArn
The Amazon Resource Name (ARN) of the IAM OpenID Connect provider resource object to delete. You can get a list of OpenID Connect provider resource ARNs by using the ListOpenIDConnectProviders operation.
String policyArn
The Amazon Resource Name (ARN) of the IAM policy you want to delete.
For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.
String policyArn
The Amazon Resource Name (ARN) of the IAM policy from which you want to delete a version.
For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.
String versionId
The policy version to delete.
This parameter allows (through its regex pattern) a string of characters that consists of the lowercase letter 'v' followed by one or two digits, and optionally followed by a period '.' and a string of letters and digits.
For more information about managed policy versions, see Versioning for Managed Policies in the IAM User Guide.
String roleName
The name (friendly name, not ARN) of the IAM role from which you want to remove the permissions boundary.
String roleName
The name (friendly name, not ARN) identifying the role that the policy is embedded in.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
String policyName
The name of the inline policy to delete from the specified IAM role.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
String roleName
The name of the role to delete.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
String sAMLProviderArn
The Amazon Resource Name (ARN) of the SAML provider to delete.
String serverCertificateName
The name of the server certificate you want to delete.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
String roleName
The name of the service-linked role to be deleted.
String deletionTaskId
The deletion task identifier that you can use to check the status of the deletion. This identifier is returned in
the format task/aws-service-role/<service-principal-name>/<role-name>/<task-uuid>.
String userName
The name of the IAM user associated with the service-specific credential. If this value is not specified, then the operation assumes the user whose credentials are used to call the operation.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
String serviceSpecificCredentialId
The unique identifier of the service-specific credential. You can get this value by calling ListServiceSpecificCredentials.
This parameter allows (through its regex pattern) a string of characters that can consist of any upper or lowercased letter or digit.
String userName
The name of the user the signing certificate belongs to.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
String certificateId
The ID of the signing certificate to delete.
The format of this parameter, as described by its regex pattern, is a string of characters that can be upper- or lower-cased letters or digits.
String userName
The name of the IAM user associated with the SSH public key.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
String sSHPublicKeyId
The unique identifier for the SSH public key.
This parameter allows (through its regex pattern) a string of characters that can consist of any upper or lowercased letter or digit.
String userName
The name (friendly name, not ARN) of the IAM user from which you want to remove the permissions boundary.
String userName
The name (friendly name, not ARN) identifying the user that the policy is embedded in.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
String policyName
The name identifying the policy document to delete.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
String userName
The name of the user to delete.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
String serialNumber
The serial number that uniquely identifies the MFA device. For virtual MFA devices, the serial number is the same as the ARN.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@:/-
String reason
A short description of the reason that the service-linked role deletion failed.
SdkInternalList<T> roleUsageList
A list of objects that contains details about the service-linked role deletion failure, if that information is returned by the service. If the service-linked role has active sessions or if any resources that were used by the role have not been deleted from the linked service, the role can't be deleted. This parameter includes a list of the resources that are associated with the role and the Region in which the resources are being used.
String groupName
The name (friendly name, not ARN) of the IAM group to detach the policy from.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
String policyArn
The Amazon Resource Name (ARN) of the IAM policy you want to detach.
For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.
String roleName
The name (friendly name, not ARN) of the IAM role to detach the policy from.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
String policyArn
The Amazon Resource Name (ARN) of the IAM policy you want to detach.
For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.
String userName
The name (friendly name, not ARN) of the IAM user to detach the policy from.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
String policyArn
The Amazon Resource Name (ARN) of the IAM policy you want to detach.
For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.
String userName
The name of the IAM user for whom you want to enable the MFA device.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
String serialNumber
The serial number that uniquely identifies the MFA device. For virtual MFA devices, the serial number is the device ARN.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@:/-
String authenticationCode1
An authentication code emitted by the device.
The format for this parameter is a string of six digits.
Submit your request immediately after generating the authentication codes. If you generate the codes and then wait too long to submit the request, the MFA device successfully associates with the user but the MFA device becomes out of sync. This happens because time-based one-time passwords (TOTP) expire after a short period of time. If this happens, you can resync the device.
String authenticationCode2
A subsequent authentication code emitted by the device.
The format for this parameter is a string of six digits.
Submit your request immediately after generating the authentication codes. If you generate the codes and then wait too long to submit the request, the MFA device successfully associates with the user but the MFA device becomes out of sync. This happens because time-based one-time passwords (TOTP) expire after a short period of time. If this happens, you can resync the device.
EntityInfo entityInfo
The EntityInfo object that contains details about the entity (user or role).
Date lastAuthenticated
The date and time, in ISO 8601 date-time format, when the authenticated entity last attempted to access AWS. AWS does not report unauthenticated requests.
This field is null if no IAM entities attempted to access the service within the reporting period.
String arn
String name
The name of the entity (user or role).
String type
The type of entity (user or role).
String id
The identifier of the entity (user or role).
String path
The path to the entity (user or role). For more information about paths, see IAM Identifiers in the IAM User Guide.
String evalActionName
The name of the API operation tested on the indicated resource.
String evalResourceName
The ARN of the resource that the indicated API operation was tested on.
String evalDecision
The result of the simulation.
SdkInternalList<T> matchedStatements
A list of the statements in the input policies that determine the result for this scenario. Remember that even if multiple statements allow the operation on the resource, if only one statement denies that operation, then the explicit deny overrides any allow. In addition, the deny statement is the only entry included in the result.
SdkInternalList<T> missingContextValues
A list of context keys that are required by the included input policies but that were not provided by one of the
input parameters. This list is used when the resource in a simulation is "*", either explicitly, or when the
ResourceArns parameter blank. If you include a list of resources, then any missing context values
are instead included under the ResourceSpecificResults section. To discover the context keys used by
a set of policies, you can call GetContextKeysForCustomPolicy or GetContextKeysForPrincipalPolicy.
OrganizationsDecisionDetail organizationsDecisionDetail
A structure that details how Organizations and its service control policies affect the results of the simulation. Only applies if the simulated user's account is part of an organization.
PermissionsBoundaryDecisionDetail permissionsBoundaryDecisionDetail
Contains information about the effect that a permissions boundary has on a policy simulation when the boundary is applied to an IAM entity.
SdkInternalMap<K,V> evalDecisionDetails
Additional details about the results of the cross-account evaluation decision. This parameter is populated for only cross-account simulations. It contains a brief summary of how each policy type contributes to the final evaluation decision.
If the simulation evaluates policies within the same account and includes a resource ARN, then the parameter is
present but the response is empty. If the simulation evaluates policies within the same account and specifies all
resources (*), then the parameter is not returned.
When you make a cross-account request, AWS evaluates the request in the trusting account and the trusted account.
The request is allowed only if both evaluations return true. For more information about how policies
are evaluated, see Evaluating Policies Within a Single Account.
If an AWS Organizations SCP included in the evaluation denies access, the simulation ends. In this case, policy evaluation does not proceed any further and this parameter is not returned.
SdkInternalList<T> resourceSpecificResults
The individual results of the simulation of the API operation specified in EvalActionName on each resource.
String entityPath
The path of the AWS Organizations entity (root, OU, or account). You can build an entity path using the known
structure of your organization. For example, assume that your account ID is 123456789012 and its
parent OU ID is ou-rge0-awsabcde. The organization root ID is r-f6g7h8i9j0example and
your organization ID is o-a1b2c3d4e5. Your entity path is
o-a1b2c3d4e5/r-f6g7h8i9j0example/ou-rge0-awsabcde/123456789012.
String organizationsPolicyId
The identifier of the AWS Organizations service control policy (SCP). This parameter is optional.
This ID is used to generate information about when an account principal that is limited by the SCP attempted to access an AWS service.
String jobId
The job identifier that you can use in the GetOrganizationsAccessReport operation.
String arn
The ARN of the IAM resource (user, group, role, or managed policy) used to generate information about when the resource was last used in an attempt to access an AWS service.
String granularity
The level of detail that you want to generate. You can specify whether you want to generate information about the last attempt to access services or actions. If you specify service-level granularity, this operation generates only service data. If you specify action-level granularity, it generates service and action data. If you don't include this optional parameter, the operation generates service data.
String jobId
The JobId that you can use in the GetServiceLastAccessedDetails or
GetServiceLastAccessedDetailsWithEntities operations. The JobId returned by
GenerateServiceLastAccessedDetail must be used by the same role within a session, or by the same
user when used to call GetServiceLastAccessedDetail.
String accessKeyId
The identifier of an access key.
This parameter allows (through its regex pattern) a string of characters that can consist of any upper or lowercased letter or digit.
String userName
The name of the AWS IAM user that owns this access key.
AccessKeyLastUsed accessKeyLastUsed
Contains information about the last time the access key was used.
SdkInternalList<T> filter
A list of entity types used to filter the results. Only the entities that match the types you specify are
included in the output. Use the value LocalManagedPolicy to include customer managed policies.
The format for this parameter is a comma-separated (if more than one) list of strings. Each string value in the list must be one of the valid values listed below.
Integer maxItems
Use this only when paginating results to indicate the maximum number of items you want in the response. If
additional items exist beyond the maximum you specify, the IsTruncated response element is
true.
If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer
results, even when there are more results available. In that case, the IsTruncated response element
returns true, and Marker contains a value to include in the subsequent call that tells
the service where to continue from.
String marker
Use this parameter only when paginating results and only after you receive a response indicating that the results
are truncated. Set it to the value of the Marker element in the response that you received to
indicate where the next call should start.
SdkInternalList<T> userDetailList
A list containing information about IAM users.
SdkInternalList<T> groupDetailList
A list containing information about IAM groups.
SdkInternalList<T> roleDetailList
A list containing information about IAM roles.
SdkInternalList<T> policies
A list containing information about managed policies.
Boolean isTruncated
A flag that indicates whether there are more items to return. If your results were truncated, you can make a
subsequent pagination request using the Marker request parameter to retrieve more items. Note that
IAM might return fewer than the MaxItems number of results even when there are more results
available. We recommend that you check IsTruncated after every call to ensure that you receive all
your results.
String marker
When IsTruncated is true, this element is present and contains the value to use for the
Marker parameter in a subsequent pagination request.
PasswordPolicy passwordPolicy
A structure that contains details about the account's password policy.
SdkInternalMap<K,V> summaryMap
A set of key–value pairs containing information about IAM entity usage and IAM quotas.
SdkInternalList<T> policyInputList
A list of policies for which you want the list of context keys referenced in those policies. Each document is specified as a string containing the complete, valid JSON text of an IAM policy.
The regex pattern used to validate this parameter is a string of characters consisting of the following:
Any printable ASCII character ranging from the space character ( ) through the end of the ASCII
character range
The printable characters in the Basic Latin and Latin-1 Supplement character set (through ÿ)
The special characters tab ( ), line feed (
), and carriage return (
)
SdkInternalList<T> contextKeyNames
The list of context keys that are referenced in the input policies.
String policySourceArn
The ARN of a user, group, or role whose policies contain the context keys that you want listed. If you specify a user, the list includes context keys that are found in all policies that are attached to the user. The list also includes all groups that the user is a member of. If you pick a group or a role, then it includes only those context keys that are found in policies attached to that entity. Note that all parameters are shown in unencoded form here for clarity, but must be URL encoded to be included as a part of a real HTML request.
For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.
SdkInternalList<T> policyInputList
An optional list of additional policies for which you want the list of context keys that are referenced.
The regex pattern used to validate this parameter is a string of characters consisting of the following:
Any printable ASCII character ranging from the space character ( ) through the end of the ASCII
character range
The printable characters in the Basic Latin and Latin-1 Supplement character set (through ÿ)
The special characters tab ( ), line feed (
), and carriage return (
)
SdkInternalList<T> contextKeyNames
The list of context keys that are referenced in the input policies.
ByteBuffer content
Contains the credential report. The report is Base64-encoded.
String reportFormat
The format (MIME type) of the credential report.
Date generatedTime
The date and time when the credential report was created, in ISO 8601 date-time format.
String groupName
The name of the group the policy is associated with.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
String policyName
The name of the policy document to get.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
String groupName
The group the policy is associated with.
String policyName
The name of the policy.
String policyDocument
The policy document.
IAM stores policies in JSON format. However, resources that were created using AWS CloudFormation templates can be formatted in YAML. AWS CloudFormation always converts a YAML policy to JSON format before submitting it to IAM.
String groupName
The name of the group.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
String marker
Use this parameter only when paginating results and only after you receive a response indicating that the results
are truncated. Set it to the value of the Marker element in the response that you received to
indicate where the next call should start.
Integer maxItems
Use this only when paginating results to indicate the maximum number of items you want in the response. If
additional items exist beyond the maximum you specify, the IsTruncated response element is
true.
If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer
results, even when there are more results available. In that case, the IsTruncated response element
returns true, and Marker contains a value to include in the subsequent call that tells
the service where to continue from.
Group group
A structure that contains details about the group.
SdkInternalList<T> users
A list of users in the group.
Boolean isTruncated
A flag that indicates whether there are more items to return. If your results were truncated, you can make a
subsequent pagination request using the Marker request parameter to retrieve more items. Note that
IAM might return fewer than the MaxItems number of results even when there are more results
available. We recommend that you check IsTruncated after every call to ensure that you receive all
your results.
String marker
When IsTruncated is true, this element is present and contains the value to use for the
Marker parameter in a subsequent pagination request.
String instanceProfileName
The name of the instance profile to get information about.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
InstanceProfile instanceProfile
A structure containing details about the instance profile.
String userName
The name of the user whose login profile you want to retrieve.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
LoginProfile loginProfile
A structure containing the user name and password create date for the user.
String openIDConnectProviderArn
The Amazon Resource Name (ARN) of the OIDC provider resource object in IAM to get information for. You can get a list of OIDC provider resource ARNs by using the ListOpenIDConnectProviders operation.
For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.
String url
The URL that the IAM OIDC provider resource object is associated with. For more information, see CreateOpenIDConnectProvider.
SdkInternalList<T> clientIDList
A list of client IDs (also known as audiences) that are associated with the specified IAM OIDC provider resource object. For more information, see CreateOpenIDConnectProvider.
SdkInternalList<T> thumbprintList
A list of certificate thumbprints that are associated with the specified IAM OIDC provider resource object. For more information, see CreateOpenIDConnectProvider.
Date createDate
The date and time when the IAM OIDC provider resource object was created in the AWS account.
String jobId
The identifier of the request generated by the GenerateOrganizationsAccessReport operation.
Integer maxItems
Use this only when paginating results to indicate the maximum number of items you want in the response. If
additional items exist beyond the maximum you specify, the IsTruncated response element is
true.
If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer
results, even when there are more results available. In that case, the IsTruncated response element
returns true, and Marker contains a value to include in the subsequent call that tells
the service where to continue from.
String marker
Use this parameter only when paginating results and only after you receive a response indicating that the results
are truncated. Set it to the value of the Marker element in the response that you received to
indicate where the next call should start.
String sortKey
The key that is used to sort the results. If you choose the namespace key, the results are returned in alphabetical order. If you choose the time key, the results are sorted numerically by the date and time.
String jobStatus
The status of the job.
Date jobCreationDate
The date and time, in ISO 8601 date-time format, when the report job was created.
Date jobCompletionDate
The date and time, in ISO 8601 date-time format, when the generated report job was completed or failed.
This field is null if the job is still in progress, as indicated by a job status value of
IN_PROGRESS.
Integer numberOfServicesAccessible
The number of services that the applicable SCPs allow account principals to access.
Integer numberOfServicesNotAccessed
The number of services that account principals are allowed but did not attempt to access.
SdkInternalList<T> accessDetails
An object that contains details about the most recent attempt to access the service.
Boolean isTruncated
A flag that indicates whether there are more items to return. If your results were truncated, you can make a
subsequent pagination request using the Marker request parameter to retrieve more items. Note that
IAM might return fewer than the MaxItems number of results even when there are more results
available. We recommend that you check IsTruncated after every call to ensure that you receive all
your results.
String marker
When IsTruncated is true, this element is present and contains the value to use for the
Marker parameter in a subsequent pagination request.
ErrorDetails errorDetails
String policyArn
The Amazon Resource Name (ARN) of the managed policy that you want information about.
For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.
Policy policy
A structure containing details about the policy.
String policyArn
The Amazon Resource Name (ARN) of the managed policy that you want information about.
For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.
String versionId
Identifies the policy version to retrieve.
This parameter allows (through its regex pattern) a string of characters that consists of the lowercase letter 'v' followed by one or two digits, and optionally followed by a period '.' and a string of letters and digits.
PolicyVersion policyVersion
A structure containing details about the policy version.
String roleName
The name of the role associated with the policy.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
String policyName
The name of the policy document to get.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
String roleName
The role the policy is associated with.
String policyName
The name of the policy.
String policyDocument
The policy document.
IAM stores policies in JSON format. However, resources that were created using AWS CloudFormation templates can be formatted in YAML. AWS CloudFormation always converts a YAML policy to JSON format before submitting it to IAM.
String roleName
The name of the IAM role to get information about.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
Role role
A structure containing details about the IAM role.
String sAMLProviderArn
The Amazon Resource Name (ARN) of the SAML provider resource object in IAM to get information about.
For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.
String serverCertificateName
The name of the server certificate you want to retrieve information about.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
ServerCertificate serverCertificate
A structure containing details about the server certificate.
String jobId
The ID of the request generated by the GenerateServiceLastAccessedDetails operation. The
JobId returned by GenerateServiceLastAccessedDetail must be used by the same role
within a session, or by the same user when used to call GetServiceLastAccessedDetail.
Integer maxItems
Use this only when paginating results to indicate the maximum number of items you want in the response. If
additional items exist beyond the maximum you specify, the IsTruncated response element is
true.
If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer
results, even when there are more results available. In that case, the IsTruncated response element
returns true, and Marker contains a value to include in the subsequent call that tells
the service where to continue from.
String marker
Use this parameter only when paginating results and only after you receive a response indicating that the results
are truncated. Set it to the value of the Marker element in the response that you received to
indicate where the next call should start.
String jobStatus
The status of the job.
String jobType
The type of job. Service jobs return information about when each service was last accessed. Action jobs also include information about when tracked actions within the service were last accessed.
Date jobCreationDate
The date and time, in ISO 8601 date-time format, when the report job was created.
SdkInternalList<T> servicesLastAccessed
A ServiceLastAccessed object that contains details about the most recent attempt to access the
service.
Date jobCompletionDate
The date and time, in ISO 8601 date-time format, when the generated report job was completed or failed.
This field is null if the job is still in progress, as indicated by a job status value of
IN_PROGRESS.
Boolean isTruncated
A flag that indicates whether there are more items to return. If your results were truncated, you can make a
subsequent pagination request using the Marker request parameter to retrieve more items. Note that
IAM might return fewer than the MaxItems number of results even when there are more results
available. We recommend that you check IsTruncated after every call to ensure that you receive all
your results.
String marker
When IsTruncated is true, this element is present and contains the value to use for the
Marker parameter in a subsequent pagination request.
ErrorDetails error
An object that contains details about the reason the operation failed.
String jobId
The ID of the request generated by the GenerateServiceLastAccessedDetails operation.
String serviceNamespace
The service namespace for an AWS service. Provide the service namespace to learn when the IAM entity last attempted to access the specified service.
To learn the service namespace for a service, go to Actions, Resources, and Condition Keys for AWS Services in the IAM User Guide. Choose the name of the
service to view details for that service. In the first paragraph, find the service prefix. For example,
(service prefix: a4b). For more information about service namespaces, see AWS Service Namespaces in the AWS General Reference.
Integer maxItems
Use this only when paginating results to indicate the maximum number of items you want in the response. If
additional items exist beyond the maximum you specify, the IsTruncated response element is
true.
If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer
results, even when there are more results available. In that case, the IsTruncated response element
returns true, and Marker contains a value to include in the subsequent call that tells
the service where to continue from.
String marker
Use this parameter only when paginating results and only after you receive a response indicating that the results
are truncated. Set it to the value of the Marker element in the response that you received to
indicate where the next call should start.
String jobStatus
The status of the job.
Date jobCreationDate
The date and time, in ISO 8601 date-time format, when the report job was created.
Date jobCompletionDate
The date and time, in ISO 8601 date-time format, when the generated report job was completed or failed.
This field is null if the job is still in progress, as indicated by a job status value of
IN_PROGRESS.
SdkInternalList<T> entityDetailsList
An EntityDetailsList object that contains details about when an IAM entity (user or role) used group
or policy permissions in an attempt to access the specified AWS service.
Boolean isTruncated
A flag that indicates whether there are more items to return. If your results were truncated, you can make a
subsequent pagination request using the Marker request parameter to retrieve more items. Note that
IAM might return fewer than the MaxItems number of results even when there are more results
available. We recommend that you check IsTruncated after every call to ensure that you receive all
your results.
String marker
When IsTruncated is true, this element is present and contains the value to use for the
Marker parameter in a subsequent pagination request.
ErrorDetails error
An object that contains details about the reason the operation failed.
String deletionTaskId
The deletion task identifier. This identifier is returned by the DeleteServiceLinkedRole operation in the
format task/aws-service-role/<service-principal-name>/<role-name>/<task-uuid>.
String status
The status of the deletion.
DeletionTaskFailureReasonType reason
An object that contains details about the reason the deletion failed.
String userName
The name of the IAM user associated with the SSH public key.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
String sSHPublicKeyId
The unique identifier for the SSH public key.
This parameter allows (through its regex pattern) a string of characters that can consist of any upper or lowercased letter or digit.
String encoding
Specifies the public key encoding format to use in the response. To retrieve the public key in ssh-rsa format,
use SSH. To retrieve the public key in PEM format, use PEM.
SSHPublicKey sSHPublicKey
A structure containing details about the SSH public key.
String userName
The name of the user who the policy is associated with.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
String policyName
The name of the policy document to get.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
String userName
The user the policy is associated with.
String policyName
The name of the policy.
String policyDocument
The policy document.
IAM stores policies in JSON format. However, resources that were created using AWS CloudFormation templates can be formatted in YAML. AWS CloudFormation always converts a YAML policy to JSON format before submitting it to IAM.
String userName
The name of the user to get information about.
This parameter is optional. If it is not included, it defaults to the user making the request. This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
User user
A structure containing details about the IAM user.
Due to a service issue, password last used data does not include password use from May 3, 2018 22:50 PDT to May 23, 2018 14:08 PDT. This affects last sign-in dates shown in the IAM console and password last used dates in the IAM credential report, and returned by this GetUser API. If users signed in during the affected time, the password last used date that is returned is the date the user last signed in before May 3, 2018. For users that signed in after May 23, 2018 14:08 PDT, the returned password last used date is accurate.
You can use password last used information to identify unused credentials for deletion. For example, you might delete users who did not sign in to AWS in the last 90 days. In cases like this, we recommend that you adjust your evaluation window to include dates after May 23, 2018. Alternatively, if your users use access keys to access AWS programmatically you can refer to access key last used information because it is accurate for all dates.
String path
The path to the group. For more information about paths, see IAM Identifiers in the IAM User Guide.
String groupName
The friendly name that identifies the group.
String groupId
The stable and unique string identifying the group. For more information about IDs, see IAM Identifiers in the IAM User Guide.
String arn
The Amazon Resource Name (ARN) specifying the group. For more information about ARNs and how to use them in policies, see IAM Identifiers in the IAM User Guide.
Date createDate
The date and time, in ISO 8601 date-time format, when the group was created.
String path
The path to the group. For more information about paths, see IAM Identifiers in the IAM User Guide.
String groupName
The friendly name that identifies the group.
String groupId
The stable and unique string identifying the group. For more information about IDs, see IAM Identifiers in the IAM User Guide.
String arn
Date createDate
The date and time, in ISO 8601 date-time format, when the group was created.
SdkInternalList<T> groupPolicyList
A list of the inline policies embedded in the group.
SdkInternalList<T> attachedManagedPolicies
A list of the managed policies attached to the group.
String path
The path to the instance profile. For more information about paths, see IAM Identifiers in the IAM User Guide.
String instanceProfileName
The name identifying the instance profile.
String instanceProfileId
The stable and unique string identifying the instance profile. For more information about IDs, see IAM Identifiers in the IAM User Guide.
String arn
The Amazon Resource Name (ARN) specifying the instance profile. For more information about ARNs and how to use them in policies, see IAM Identifiers in the IAM User Guide.
Date createDate
The date when the instance profile was created.
SdkInternalList<T> roles
The role associated with the instance profile.
String userName
The name of the user.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
String marker
Use this parameter only when paginating results and only after you receive a response indicating that the results
are truncated. Set it to the value of the Marker element in the response that you received to
indicate where the next call should start.
Integer maxItems
Use this only when paginating results to indicate the maximum number of items you want in the response. If
additional items exist beyond the maximum you specify, the IsTruncated response element is
true.
If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer
results, even when there are more results available. In that case, the IsTruncated response element
returns true, and Marker contains a value to include in the subsequent call that tells
the service where to continue from.
SdkInternalList<T> accessKeyMetadata
A list of objects containing metadata about the access keys.
Boolean isTruncated
A flag that indicates whether there are more items to return. If your results were truncated, you can make a
subsequent pagination request using the Marker request parameter to retrieve more items. Note that
IAM might return fewer than the MaxItems number of results even when there are more results
available. We recommend that you check IsTruncated after every call to ensure that you receive all
your results.
String marker
When IsTruncated is true, this element is present and contains the value to use for the
Marker parameter in a subsequent pagination request.
String marker
Use this parameter only when paginating results and only after you receive a response indicating that the results
are truncated. Set it to the value of the Marker element in the response that you received to
indicate where the next call should start.
Integer maxItems
Use this only when paginating results to indicate the maximum number of items you want in the response. If
additional items exist beyond the maximum you specify, the IsTruncated response element is
true.
If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer
results, even when there are more results available. In that case, the IsTruncated response element
returns true, and Marker contains a value to include in the subsequent call that tells
the service where to continue from.
SdkInternalList<T> accountAliases
A list of aliases associated with the account. AWS supports only one alias per account.
Boolean isTruncated
A flag that indicates whether there are more items to return. If your results were truncated, you can make a
subsequent pagination request using the Marker request parameter to retrieve more items. Note that
IAM might return fewer than the MaxItems number of results even when there are more results
available. We recommend that you check IsTruncated after every call to ensure that you receive all
your results.
String marker
When IsTruncated is true, this element is present and contains the value to use for the
Marker parameter in a subsequent pagination request.
String groupName
The name (friendly name, not ARN) of the group to list attached policies for.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
String pathPrefix
The path prefix for filtering the results. This parameter is optional. If it is not included, it defaults to a slash (/), listing all policies.
This parameter allows (through its regex pattern) a string of
characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward
slashes. In addition, it can contain any ASCII character from the ! (!) through the DEL
character (), including most punctuation characters, digits, and upper and lowercased letters.
String marker
Use this parameter only when paginating results and only after you receive a response indicating that the results
are truncated. Set it to the value of the Marker element in the response that you received to
indicate where the next call should start.
Integer maxItems
Use this only when paginating results to indicate the maximum number of items you want in the response. If
additional items exist beyond the maximum you specify, the IsTruncated response element is
true.
If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer
results, even when there are more results available. In that case, the IsTruncated response element
returns true, and Marker contains a value to include in the subsequent call that tells
the service where to continue from.
SdkInternalList<T> attachedPolicies
A list of the attached policies.
Boolean isTruncated
A flag that indicates whether there are more items to return. If your results were truncated, you can make a
subsequent pagination request using the Marker request parameter to retrieve more items. Note that
IAM might return fewer than the MaxItems number of results even when there are more results
available. We recommend that you check IsTruncated after every call to ensure that you receive all
your results.
String marker
When IsTruncated is true, this element is present and contains the value to use for the
Marker parameter in a subsequent pagination request.
String roleName
The name (friendly name, not ARN) of the role to list attached policies for.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
String pathPrefix
The path prefix for filtering the results. This parameter is optional. If it is not included, it defaults to a slash (/), listing all policies.
This parameter allows (through its regex pattern) a string of
characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward
slashes. In addition, it can contain any ASCII character from the ! (!) through the DEL
character (), including most punctuation characters, digits, and upper and lowercased letters.
String marker
Use this parameter only when paginating results and only after you receive a response indicating that the results
are truncated. Set it to the value of the Marker element in the response that you received to
indicate where the next call should start.
Integer maxItems
Use this only when paginating results to indicate the maximum number of items you want in the response. If
additional items exist beyond the maximum you specify, the IsTruncated response element is
true.
If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer
results, even when there are more results available. In that case, the IsTruncated response element
returns true, and Marker contains a value to include in the subsequent call that tells
the service where to continue from.
SdkInternalList<T> attachedPolicies
A list of the attached policies.
Boolean isTruncated
A flag that indicates whether there are more items to return. If your results were truncated, you can make a
subsequent pagination request using the Marker request parameter to retrieve more items. Note that
IAM might return fewer than the MaxItems number of results even when there are more results
available. We recommend that you check IsTruncated after every call to ensure that you receive all
your results.
String marker
When IsTruncated is true, this element is present and contains the value to use for the
Marker parameter in a subsequent pagination request.
String userName
The name (friendly name, not ARN) of the user to list attached policies for.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
String pathPrefix
The path prefix for filtering the results. This parameter is optional. If it is not included, it defaults to a slash (/), listing all policies.
This parameter allows (through its regex pattern) a string of
characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward
slashes. In addition, it can contain any ASCII character from the ! (!) through the DEL
character (), including most punctuation characters, digits, and upper and lowercased letters.
String marker
Use this parameter only when paginating results and only after you receive a response indicating that the results
are truncated. Set it to the value of the Marker element in the response that you received to
indicate where the next call should start.
Integer maxItems
Use this only when paginating results to indicate the maximum number of items you want in the response. If
additional items exist beyond the maximum you specify, the IsTruncated response element is
true.
If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer
results, even when there are more results available. In that case, the IsTruncated response element
returns true, and Marker contains a value to include in the subsequent call that tells
the service where to continue from.
SdkInternalList<T> attachedPolicies
A list of the attached policies.
Boolean isTruncated
A flag that indicates whether there are more items to return. If your results were truncated, you can make a
subsequent pagination request using the Marker request parameter to retrieve more items. Note that
IAM might return fewer than the MaxItems number of results even when there are more results
available. We recommend that you check IsTruncated after every call to ensure that you receive all
your results.
String marker
When IsTruncated is true, this element is present and contains the value to use for the
Marker parameter in a subsequent pagination request.
String policyArn
The Amazon Resource Name (ARN) of the IAM policy for which you want the versions.
For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.
String entityFilter
The entity type to use for filtering the results.
For example, when EntityFilter is Role, only the roles that are attached to the
specified policy are returned. This parameter is optional. If it is not included, all attached entities (users,
groups, and roles) are returned. The argument for this parameter must be one of the valid values listed below.
String pathPrefix
The path prefix for filtering the results. This parameter is optional. If it is not included, it defaults to a slash (/), listing all entities.
This parameter allows (through its regex pattern) a string of
characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward
slashes. In addition, it can contain any ASCII character from the ! (!) through the DEL
character (), including most punctuation characters, digits, and upper and lowercased letters.
String policyUsageFilter
The policy usage method to use for filtering the results.
To list only permissions policies, set PolicyUsageFilter to PermissionsPolicy. To list
only the policies used to set permissions boundaries, set the value to PermissionsBoundary.
This parameter is optional. If it is not included, all policies are returned.
String marker
Use this parameter only when paginating results and only after you receive a response indicating that the results
are truncated. Set it to the value of the Marker element in the response that you received to
indicate where the next call should start.
Integer maxItems
Use this only when paginating results to indicate the maximum number of items you want in the response. If
additional items exist beyond the maximum you specify, the IsTruncated response element is
true.
If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer
results, even when there are more results available. In that case, the IsTruncated response element
returns true, and Marker contains a value to include in the subsequent call that tells
the service where to continue from.
SdkInternalList<T> policyGroups
A list of IAM groups that the policy is attached to.
SdkInternalList<T> policyUsers
A list of IAM users that the policy is attached to.
SdkInternalList<T> policyRoles
A list of IAM roles that the policy is attached to.
Boolean isTruncated
A flag that indicates whether there are more items to return. If your results were truncated, you can make a
subsequent pagination request using the Marker request parameter to retrieve more items. Note that
IAM might return fewer than the MaxItems number of results even when there are more results
available. We recommend that you check IsTruncated after every call to ensure that you receive all
your results.
String marker
When IsTruncated is true, this element is present and contains the value to use for the
Marker parameter in a subsequent pagination request.
String groupName
The name of the group to list policies for.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
String marker
Use this parameter only when paginating results and only after you receive a response indicating that the results
are truncated. Set it to the value of the Marker element in the response that you received to
indicate where the next call should start.
Integer maxItems
Use this only when paginating results to indicate the maximum number of items you want in the response. If
additional items exist beyond the maximum you specify, the IsTruncated response element is
true.
If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer
results, even when there are more results available. In that case, the IsTruncated response element
returns true, and Marker contains a value to include in the subsequent call that tells
the service where to continue from.
SdkInternalList<T> policyNames
A list of policy names.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
Boolean isTruncated
A flag that indicates whether there are more items to return. If your results were truncated, you can make a
subsequent pagination request using the Marker request parameter to retrieve more items. Note that
IAM might return fewer than the MaxItems number of results even when there are more results
available. We recommend that you check IsTruncated after every call to ensure that you receive all
your results.
String marker
When IsTruncated is true, this element is present and contains the value to use for the
Marker parameter in a subsequent pagination request.
String userName
The name of the user to list groups for.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
String marker
Use this parameter only when paginating results and only after you receive a response indicating that the results
are truncated. Set it to the value of the Marker element in the response that you received to
indicate where the next call should start.
Integer maxItems
Use this only when paginating results to indicate the maximum number of items you want in the response. If
additional items exist beyond the maximum you specify, the IsTruncated response element is
true.
If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer
results, even when there are more results available. In that case, the IsTruncated response element
returns true, and Marker contains a value to include in the subsequent call that tells
the service where to continue from.
SdkInternalList<T> groups
A list of groups.
Boolean isTruncated
A flag that indicates whether there are more items to return. If your results were truncated, you can make a
subsequent pagination request using the Marker request parameter to retrieve more items. Note that
IAM might return fewer than the MaxItems number of results even when there are more results
available. We recommend that you check IsTruncated after every call to ensure that you receive all
your results.
String marker
When IsTruncated is true, this element is present and contains the value to use for the
Marker parameter in a subsequent pagination request.
String pathPrefix
The path prefix for filtering the results. For example, the prefix /division_abc/subdivision_xyz/
gets all groups whose path starts with /division_abc/subdivision_xyz/.
This parameter is optional. If it is not included, it defaults to a slash (/), listing all groups. This parameter
allows (through its regex pattern) a string of characters
consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In
addition, it can contain any ASCII character from the ! (!) through the DEL character (
), including most punctuation characters, digits, and upper and lowercased letters.
String marker
Use this parameter only when paginating results and only after you receive a response indicating that the results
are truncated. Set it to the value of the Marker element in the response that you received to
indicate where the next call should start.
Integer maxItems
Use this only when paginating results to indicate the maximum number of items you want in the response. If
additional items exist beyond the maximum you specify, the IsTruncated response element is
true.
If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer
results, even when there are more results available. In that case, the IsTruncated response element
returns true, and Marker contains a value to include in the subsequent call that tells
the service where to continue from.
SdkInternalList<T> groups
A list of groups.
Boolean isTruncated
A flag that indicates whether there are more items to return. If your results were truncated, you can make a
subsequent pagination request using the Marker request parameter to retrieve more items. Note that
IAM might return fewer than the MaxItems number of results even when there are more results
available. We recommend that you check IsTruncated after every call to ensure that you receive all
your results.
String marker
When IsTruncated is true, this element is present and contains the value to use for the
Marker parameter in a subsequent pagination request.
String roleName
The name of the role to list instance profiles for.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
String marker
Use this parameter only when paginating results and only after you receive a response indicating that the results
are truncated. Set it to the value of the Marker element in the response that you received to
indicate where the next call should start.
Integer maxItems
Use this only when paginating results to indicate the maximum number of items you want in the response. If
additional items exist beyond the maximum you specify, the IsTruncated response element is
true.
If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer
results, even when there are more results available. In that case, the IsTruncated response element
returns true, and Marker contains a value to include in the subsequent call that tells
the service where to continue from.
SdkInternalList<T> instanceProfiles
A list of instance profiles.
Boolean isTruncated
A flag that indicates whether there are more items to return. If your results were truncated, you can make a
subsequent pagination request using the Marker request parameter to retrieve more items. Note that
IAM might return fewer than the MaxItems number of results even when there are more results
available. We recommend that you check IsTruncated after every call to ensure that you receive all
your results.
String marker
When IsTruncated is true, this element is present and contains the value to use for the
Marker parameter in a subsequent pagination request.
String pathPrefix
The path prefix for filtering the results. For example, the prefix /application_abc/component_xyz/
gets all instance profiles whose path starts with /application_abc/component_xyz/.
This parameter is optional. If it is not included, it defaults to a slash (/), listing all instance profiles.
This parameter allows (through its regex pattern) a string of
characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward
slashes. In addition, it can contain any ASCII character from the ! (!) through the DEL
character (), including most punctuation characters, digits, and upper and lowercased letters.
String marker
Use this parameter only when paginating results and only after you receive a response indicating that the results
are truncated. Set it to the value of the Marker element in the response that you received to
indicate where the next call should start.
Integer maxItems
Use this only when paginating results to indicate the maximum number of items you want in the response. If
additional items exist beyond the maximum you specify, the IsTruncated response element is
true.
If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer
results, even when there are more results available. In that case, the IsTruncated response element
returns true, and Marker contains a value to include in the subsequent call that tells
the service where to continue from.
SdkInternalList<T> instanceProfiles
A list of instance profiles.
Boolean isTruncated
A flag that indicates whether there are more items to return. If your results were truncated, you can make a
subsequent pagination request using the Marker request parameter to retrieve more items. Note that
IAM might return fewer than the MaxItems number of results even when there are more results
available. We recommend that you check IsTruncated after every call to ensure that you receive all
your results.
String marker
When IsTruncated is true, this element is present and contains the value to use for the
Marker parameter in a subsequent pagination request.
String userName
The name of the user whose MFA devices you want to list.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
String marker
Use this parameter only when paginating results and only after you receive a response indicating that the results
are truncated. Set it to the value of the Marker element in the response that you received to
indicate where the next call should start.
Integer maxItems
Use this only when paginating results to indicate the maximum number of items you want in the response. If
additional items exist beyond the maximum you specify, the IsTruncated response element is
true.
If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer
results, even when there are more results available. In that case, the IsTruncated response element
returns true, and Marker contains a value to include in the subsequent call that tells
the service where to continue from.
SdkInternalList<T> mFADevices
A list of MFA devices.
Boolean isTruncated
A flag that indicates whether there are more items to return. If your results were truncated, you can make a
subsequent pagination request using the Marker request parameter to retrieve more items. Note that
IAM might return fewer than the MaxItems number of results even when there are more results
available. We recommend that you check IsTruncated after every call to ensure that you receive all
your results.
String marker
When IsTruncated is true, this element is present and contains the value to use for the
Marker parameter in a subsequent pagination request.
SdkInternalList<T> openIDConnectProviderList
The list of IAM OIDC provider resource objects defined in the AWS account.
String serviceNamespace
The namespace of the service that was accessed.
To learn the service namespace of a service, go to Actions, Resources, and Condition Keys for AWS Services in the IAM User Guide. Choose the name of the
service to view details for that service. In the first paragraph, find the service prefix. For example,
(service prefix: a4b). For more information about service namespaces, see AWS Service Namespaces in the AWS General Reference.
SdkInternalList<T> policies
The PoliciesGrantingServiceAccess object that contains details about the policy.
String marker
Use this parameter only when paginating results and only after you receive a response indicating that the results
are truncated. Set it to the value of the Marker element in the response that you received to
indicate where the next call should start.
String arn
The ARN of the IAM identity (user, group, or role) whose policies you want to list.
SdkInternalList<T> serviceNamespaces
The service namespace for the AWS services whose policies you want to list.
To learn the service namespace for a service, go to Actions, Resources, and Condition Keys for AWS Services in the IAM User Guide. Choose the name of the
service to view details for that service. In the first paragraph, find the service prefix. For example,
(service prefix: a4b). For more information about service namespaces, see AWS Service Namespaces in the AWS General Reference.
SdkInternalList<T> policiesGrantingServiceAccess
A ListPoliciesGrantingServiceAccess object that contains details about the permissions policies
attached to the specified identity (user, group, or role).
Boolean isTruncated
A flag that indicates whether there are more items to return. If your results were truncated, you can make a
subsequent pagination request using the Marker request parameter to retrieve more items. We
recommend that you check IsTruncated after every call to ensure that you receive all your results.
String marker
When IsTruncated is true, this element is present and contains the value to use for the
Marker parameter in a subsequent pagination request.
String scope
The scope to use for filtering the results.
To list only AWS managed policies, set Scope to AWS. To list only the customer managed
policies in your AWS account, set Scope to Local.
This parameter is optional. If it is not included, or if it is set to All, all policies are
returned.
Boolean onlyAttached
A flag to filter the results to only the attached policies.
When OnlyAttached is true, the returned list contains only the policies that are
attached to an IAM user, group, or role. When OnlyAttached is false, or when the
parameter is not included, all policies are returned.
String pathPrefix
The path prefix for filtering the results. This parameter is optional. If it is not included, it defaults to a
slash (/), listing all policies. This parameter allows (through its regex pattern) a string of characters consisting of either a forward
slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any
ASCII character from the ! (!) through the DEL character (), including most
punctuation characters, digits, and upper and lowercased letters.
String policyUsageFilter
The policy usage method to use for filtering the results.
To list only permissions policies, set PolicyUsageFilter to PermissionsPolicy. To list
only the policies used to set permissions boundaries, set the value to PermissionsBoundary.
This parameter is optional. If it is not included, all policies are returned.
String marker
Use this parameter only when paginating results and only after you receive a response indicating that the results
are truncated. Set it to the value of the Marker element in the response that you received to
indicate where the next call should start.
Integer maxItems
Use this only when paginating results to indicate the maximum number of items you want in the response. If
additional items exist beyond the maximum you specify, the IsTruncated response element is
true.
If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer
results, even when there are more results available. In that case, the IsTruncated response element
returns true, and Marker contains a value to include in the subsequent call that tells
the service where to continue from.
SdkInternalList<T> policies
A list of policies.
Boolean isTruncated
A flag that indicates whether there are more items to return. If your results were truncated, you can make a
subsequent pagination request using the Marker request parameter to retrieve more items. Note that
IAM might return fewer than the MaxItems number of results even when there are more results
available. We recommend that you check IsTruncated after every call to ensure that you receive all
your results.
String marker
When IsTruncated is true, this element is present and contains the value to use for the
Marker parameter in a subsequent pagination request.
String policyArn
The Amazon Resource Name (ARN) of the IAM policy for which you want the versions.
For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.
String marker
Use this parameter only when paginating results and only after you receive a response indicating that the results
are truncated. Set it to the value of the Marker element in the response that you received to
indicate where the next call should start.
Integer maxItems
Use this only when paginating results to indicate the maximum number of items you want in the response. If
additional items exist beyond the maximum you specify, the IsTruncated response element is
true.
If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer
results, even when there are more results available. In that case, the IsTruncated response element
returns true, and Marker contains a value to include in the subsequent call that tells
the service where to continue from.
SdkInternalList<T> versions
A list of policy versions.
For more information about managed policy versions, see Versioning for Managed Policies in the IAM User Guide.
Boolean isTruncated
A flag that indicates whether there are more items to return. If your results were truncated, you can make a
subsequent pagination request using the Marker request parameter to retrieve more items. Note that
IAM might return fewer than the MaxItems number of results even when there are more results
available. We recommend that you check IsTruncated after every call to ensure that you receive all
your results.
String marker
When IsTruncated is true, this element is present and contains the value to use for the
Marker parameter in a subsequent pagination request.
String roleName
The name of the role to list policies for.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
String marker
Use this parameter only when paginating results and only after you receive a response indicating that the results
are truncated. Set it to the value of the Marker element in the response that you received to
indicate where the next call should start.
Integer maxItems
Use this only when paginating results to indicate the maximum number of items you want in the response. If
additional items exist beyond the maximum you specify, the IsTruncated response element is
true.
If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer
results, even when there are more results available. In that case, the IsTruncated response element
returns true, and Marker contains a value to include in the subsequent call that tells
the service where to continue from.
SdkInternalList<T> policyNames
A list of policy names.
Boolean isTruncated
A flag that indicates whether there are more items to return. If your results were truncated, you can make a
subsequent pagination request using the Marker request parameter to retrieve more items. Note that
IAM might return fewer than the MaxItems number of results even when there are more results
available. We recommend that you check IsTruncated after every call to ensure that you receive all
your results.
String marker
When IsTruncated is true, this element is present and contains the value to use for the
Marker parameter in a subsequent pagination request.
String pathPrefix
The path prefix for filtering the results. For example, the prefix /application_abc/component_xyz/
gets all roles whose path starts with /application_abc/component_xyz/.
This parameter is optional. If it is not included, it defaults to a slash (/), listing all roles. This parameter
allows (through its regex pattern) a string of characters
consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In
addition, it can contain any ASCII character from the ! (!) through the DEL character (
), including most punctuation characters, digits, and upper and lowercased letters.
String marker
Use this parameter only when paginating results and only after you receive a response indicating that the results
are truncated. Set it to the value of the Marker element in the response that you received to
indicate where the next call should start.
Integer maxItems
Use this only when paginating results to indicate the maximum number of items you want in the response. If
additional items exist beyond the maximum you specify, the IsTruncated response element is
true.
If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer
results, even when there are more results available. In that case, the IsTruncated response element
returns true, and Marker contains a value to include in the subsequent call that tells
the service where to continue from.
SdkInternalList<T> roles
A list of roles.
Boolean isTruncated
A flag that indicates whether there are more items to return. If your results were truncated, you can make a
subsequent pagination request using the Marker request parameter to retrieve more items. Note that
IAM might return fewer than the MaxItems number of results even when there are more results
available. We recommend that you check IsTruncated after every call to ensure that you receive all
your results.
String marker
When IsTruncated is true, this element is present and contains the value to use for the
Marker parameter in a subsequent pagination request.
String roleName
The name of the IAM role for which you want to see the list of tags.
This parameter accepts (through its regex pattern) a string of characters that consist of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
String marker
Use this parameter only when paginating results and only after you receive a response indicating that the results
are truncated. Set it to the value of the Marker element in the response that you received to
indicate where the next call should start.
Integer maxItems
(Optional) Use this only when paginating results to indicate the maximum number of items that you want in the
response. If additional items exist beyond the maximum that you specify, the IsTruncated response
element is true.
If you do not include this parameter, it defaults to 100. Note that IAM might return fewer results, even when
more results are available. In that case, the IsTruncated response element returns true
, and Marker contains a value to include in the subsequent call that tells the service where to
continue from.
SdkInternalList<T> tags
The list of tags currently that is attached to the role. Each tag consists of a key name and an associated value. If no tags are attached to the specified role, the response contains an empty list.
Boolean isTruncated
A flag that indicates whether there are more items to return. If your results were truncated, you can use the
Marker request parameter to make a subsequent pagination request that retrieves more items. Note
that IAM might return fewer than the MaxItems number of results even when more results are
available. Check IsTruncated after every call to ensure that you receive all of your results.
String marker
When IsTruncated is true, this element is present and contains the value to use for the
Marker parameter in a subsequent pagination request.
SdkInternalList<T> sAMLProviderList
The list of SAML provider resource objects defined in IAM for this AWS account.
String pathPrefix
The path prefix for filtering the results. For example: /company/servercerts would get all server
certificates for which the path starts with /company/servercerts.
This parameter is optional. If it is not included, it defaults to a slash (/), listing all server certificates.
This parameter allows (through its regex pattern) a string of
characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward
slashes. In addition, it can contain any ASCII character from the ! (!) through the DEL
character (), including most punctuation characters, digits, and upper and lowercased letters.
String marker
Use this parameter only when paginating results and only after you receive a response indicating that the results
are truncated. Set it to the value of the Marker element in the response that you received to
indicate where the next call should start.
Integer maxItems
Use this only when paginating results to indicate the maximum number of items you want in the response. If
additional items exist beyond the maximum you specify, the IsTruncated response element is
true.
If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer
results, even when there are more results available. In that case, the IsTruncated response element
returns true, and Marker contains a value to include in the subsequent call that tells
the service where to continue from.
SdkInternalList<T> serverCertificateMetadataList
A list of server certificates.
Boolean isTruncated
A flag that indicates whether there are more items to return. If your results were truncated, you can make a
subsequent pagination request using the Marker request parameter to retrieve more items. Note that
IAM might return fewer than the MaxItems number of results even when there are more results
available. We recommend that you check IsTruncated after every call to ensure that you receive all
your results.
String marker
When IsTruncated is true, this element is present and contains the value to use for the
Marker parameter in a subsequent pagination request.
String userName
The name of the user whose service-specific credentials you want information about. If this value is not specified, then the operation assumes the user whose credentials are used to call the operation.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
String serviceName
Filters the returned results to only those for the specified AWS service. If not specified, then AWS returns service-specific credentials for all services.
SdkInternalList<T> serviceSpecificCredentials
A list of structures that each contain details about a service-specific credential.
String userName
The name of the IAM user whose signing certificates you want to examine.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
String marker
Use this parameter only when paginating results and only after you receive a response indicating that the results
are truncated. Set it to the value of the Marker element in the response that you received to
indicate where the next call should start.
Integer maxItems
Use this only when paginating results to indicate the maximum number of items you want in the response. If
additional items exist beyond the maximum you specify, the IsTruncated response element is
true.
If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer
results, even when there are more results available. In that case, the IsTruncated response element
returns true, and Marker contains a value to include in the subsequent call that tells
the service where to continue from.
SdkInternalList<T> certificates
A list of the user's signing certificate information.
Boolean isTruncated
A flag that indicates whether there are more items to return. If your results were truncated, you can make a
subsequent pagination request using the Marker request parameter to retrieve more items. Note that
IAM might return fewer than the MaxItems number of results even when there are more results
available. We recommend that you check IsTruncated after every call to ensure that you receive all
your results.
String marker
When IsTruncated is true, this element is present and contains the value to use for the
Marker parameter in a subsequent pagination request.
String userName
The name of the IAM user to list SSH public keys for. If none is specified, the UserName field is
determined implicitly based on the AWS access key used to sign the request.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
String marker
Use this parameter only when paginating results and only after you receive a response indicating that the results
are truncated. Set it to the value of the Marker element in the response that you received to
indicate where the next call should start.
Integer maxItems
Use this only when paginating results to indicate the maximum number of items you want in the response. If
additional items exist beyond the maximum you specify, the IsTruncated response element is
true.
If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer
results, even when there are more results available. In that case, the IsTruncated response element
returns true, and Marker contains a value to include in the subsequent call that tells
the service where to continue from.
SdkInternalList<T> sSHPublicKeys
A list of the SSH public keys assigned to IAM user.
Boolean isTruncated
A flag that indicates whether there are more items to return. If your results were truncated, you can make a
subsequent pagination request using the Marker request parameter to retrieve more items. Note that
IAM might return fewer than the MaxItems number of results even when there are more results
available. We recommend that you check IsTruncated after every call to ensure that you receive all
your results.
String marker
When IsTruncated is true, this element is present and contains the value to use for the
Marker parameter in a subsequent pagination request.
String userName
The name of the user to list policies for.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
String marker
Use this parameter only when paginating results and only after you receive a response indicating that the results
are truncated. Set it to the value of the Marker element in the response that you received to
indicate where the next call should start.
Integer maxItems
Use this only when paginating results to indicate the maximum number of items you want in the response. If
additional items exist beyond the maximum you specify, the IsTruncated response element is
true.
If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer
results, even when there are more results available. In that case, the IsTruncated response element
returns true, and Marker contains a value to include in the subsequent call that tells
the service where to continue from.
SdkInternalList<T> policyNames
A list of policy names.
Boolean isTruncated
A flag that indicates whether there are more items to return. If your results were truncated, you can make a
subsequent pagination request using the Marker request parameter to retrieve more items. Note that
IAM might return fewer than the MaxItems number of results even when there are more results
available. We recommend that you check IsTruncated after every call to ensure that you receive all
your results.
String marker
When IsTruncated is true, this element is present and contains the value to use for the
Marker parameter in a subsequent pagination request.
String pathPrefix
The path prefix for filtering the results. For example: /division_abc/subdivision_xyz/, which would
get all user names whose path starts with /division_abc/subdivision_xyz/.
This parameter is optional. If it is not included, it defaults to a slash (/), listing all user names. This
parameter allows (through its regex pattern) a string of characters
consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In
addition, it can contain any ASCII character from the ! (!) through the DEL character (
), including most punctuation characters, digits, and upper and lowercased letters.
String marker
Use this parameter only when paginating results and only after you receive a response indicating that the results
are truncated. Set it to the value of the Marker element in the response that you received to
indicate where the next call should start.
Integer maxItems
Use this only when paginating results to indicate the maximum number of items you want in the response. If
additional items exist beyond the maximum you specify, the IsTruncated response element is
true.
If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer
results, even when there are more results available. In that case, the IsTruncated response element
returns true, and Marker contains a value to include in the subsequent call that tells
the service where to continue from.
SdkInternalList<T> users
A list of users.
Boolean isTruncated
A flag that indicates whether there are more items to return. If your results were truncated, you can make a
subsequent pagination request using the Marker request parameter to retrieve more items. Note that
IAM might return fewer than the MaxItems number of results even when there are more results
available. We recommend that you check IsTruncated after every call to ensure that you receive all
your results.
String marker
When IsTruncated is true, this element is present and contains the value to use for the
Marker parameter in a subsequent pagination request.
String userName
The name of the IAM user whose tags you want to see.
This parameter accepts (through its regex pattern) a string of characters that consist of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
String marker
Use this parameter only when paginating results and only after you receive a response indicating that the results
are truncated. Set it to the value of the Marker element in the response that you received to
indicate where the next call should start.
Integer maxItems
(Optional) Use this only when paginating results to indicate the maximum number of items that you want in the
response. If additional items exist beyond the maximum that you specify, the IsTruncated response
element is true.
If you do not include this parameter, it defaults to 100. Note that IAM might return fewer results, even when
more results are available. In that case, the IsTruncated response element returns true
, and Marker contains a value to include in the subsequent call that tells the service where to
continue from.
SdkInternalList<T> tags
The list of tags that are currently attached to the user. Each tag consists of a key name and an associated value. If no tags are attached to the specified user, the response contains an empty list.
Boolean isTruncated
A flag that indicates whether there are more items to return. If your results were truncated, you can use the
Marker request parameter to make a subsequent pagination request that retrieves more items. Note
that IAM might return fewer than the MaxItems number of results even when more results are
available. Check IsTruncated after every call to ensure that you receive all of your results.
String marker
When IsTruncated is true, this element is present and contains the value to use for the
Marker parameter in a subsequent pagination request.
String assignmentStatus
The status (Unassigned or Assigned) of the devices to list. If you do not specify an
AssignmentStatus, the operation defaults to Any, which lists both assigned and
unassigned virtual MFA devices.,
String marker
Use this parameter only when paginating results and only after you receive a response indicating that the results
are truncated. Set it to the value of the Marker element in the response that you received to
indicate where the next call should start.
Integer maxItems
Use this only when paginating results to indicate the maximum number of items you want in the response. If
additional items exist beyond the maximum you specify, the IsTruncated response element is
true.
If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer
results, even when there are more results available. In that case, the IsTruncated response element
returns true, and Marker contains a value to include in the subsequent call that tells
the service where to continue from.
SdkInternalList<T> virtualMFADevices
The list of virtual MFA devices in the current account that match the AssignmentStatus value that
was passed in the request.
Boolean isTruncated
A flag that indicates whether there are more items to return. If your results were truncated, you can make a
subsequent pagination request using the Marker request parameter to retrieve more items. Note that
IAM might return fewer than the MaxItems number of results even when there are more results
available. We recommend that you check IsTruncated after every call to ensure that you receive all
your results.
String marker
When IsTruncated is true, this element is present and contains the value to use for the
Marker parameter in a subsequent pagination request.
String userName
The name of the user, which can be used for signing in to the AWS Management Console.
Date createDate
The date when the password for the user was created.
Boolean passwordResetRequired
Specifies whether the user is required to set a new password on next sign-in.
String policyName
The friendly name (not ARN) identifying the policy.
String policyId
The stable and unique string identifying the policy.
For more information about IDs, see IAM Identifiers in the IAM User Guide.
String arn
String path
The path to the policy.
For more information about paths, see IAM Identifiers in the IAM User Guide.
String defaultVersionId
The identifier for the version of the policy that is set as the default (operative) version.
For more information about policy versions, see Versioning for Managed Policies in the IAM User Guide.
Integer attachmentCount
The number of principal entities (users, groups, and roles) that the policy is attached to.
Integer permissionsBoundaryUsageCount
The number of entities (users and roles) for which the policy is used as the permissions boundary.
For more information about permissions boundaries, see Permissions Boundaries for IAM Identities in the IAM User Guide.
Boolean isAttachable
Specifies whether the policy can be attached to an IAM user, group, or role.
String description
A friendly description of the policy.
Date createDate
The date and time, in ISO 8601 date-time format, when the policy was created.
Date updateDate
The date and time, in ISO 8601 date-time format, when the policy was last updated.
When a policy has only one version, this field contains the date and time when the policy was created. When a policy has more than one version, this field contains the date and time when the most recent policy version was created.
SdkInternalList<T> policyVersionList
A list containing information about the versions of the policy.
String userName
The user with whom the MFA device is associated.
String serialNumber
The serial number that uniquely identifies the MFA device. For virtual MFA devices, the serial number is the device ARN.
Date enableDate
The date when the MFA device was enabled for the user.
String arn
Boolean allowedByOrganizations
Specifies whether the simulated operation is allowed by the Organizations service control policies that impact the simulated user's account.
Integer minimumPasswordLength
Minimum length to require for IAM user passwords.
Boolean requireSymbols
Specifies whether to require symbols for IAM user passwords.
Boolean requireNumbers
Specifies whether to require numbers for IAM user passwords.
Boolean requireUppercaseCharacters
Specifies whether to require uppercase characters for IAM user passwords.
Boolean requireLowercaseCharacters
Specifies whether to require lowercase characters for IAM user passwords.
Boolean allowUsersToChangePassword
Specifies whether IAM users are allowed to change their own password.
Boolean expirePasswords
Indicates whether passwords in the account expire. Returns true if MaxPasswordAge contains a value
greater than 0. Returns false if MaxPasswordAge is 0 or not present.
Integer maxPasswordAge
The number of days that an IAM user password is valid.
Integer passwordReusePrevention
Specifies the number of previous passwords that IAM users are prevented from reusing.
Boolean hardExpiry
Specifies whether IAM users are prevented from setting a new password after their password has expired.
Boolean allowedByPermissionsBoundary
Specifies whether an action is allowed by a permissions boundary that is applied to an IAM entity (user or role).
A value of true means that the permissions boundary does not deny the action. This means that the
policy includes an Allow statement that matches the request. In this case, if an identity-based
policy also allows the action, the request is allowed. A value of false means that either the
requested action is not allowed (implicitly denied) or that the action is explicitly denied by the permissions
boundary. In both of these cases, the action is not allowed, regardless of the identity-based policy.
String policyName
The friendly name (not ARN) identifying the policy.
String policyId
The stable and unique string identifying the policy.
For more information about IDs, see IAM Identifiers in the IAM User Guide.
String arn
String path
The path to the policy.
For more information about paths, see IAM Identifiers in the IAM User Guide.
String defaultVersionId
The identifier for the version of the policy that is set as the default version.
Integer attachmentCount
The number of entities (users, groups, and roles) that the policy is attached to.
Integer permissionsBoundaryUsageCount
The number of entities (users and roles) for which the policy is used to set the permissions boundary.
For more information about permissions boundaries, see Permissions Boundaries for IAM Identities in the IAM User Guide.
Boolean isAttachable
Specifies whether the policy can be attached to an IAM user, group, or role.
String description
A friendly description of the policy.
This element is included in the response to the GetPolicy operation. It is not included in the response to the ListPolicies operation.
Date createDate
The date and time, in ISO 8601 date-time format, when the policy was created.
Date updateDate
The date and time, in ISO 8601 date-time format, when the policy was last updated.
When a policy has only one version, this field contains the date and time when the policy was created. When a policy has more than one version, this field contains the date and time when the most recent policy version was created.
String policyName
The policy name.
String policyType
The policy type. For more information about these policy types, see Managed Policies and Inline Policies in the IAM User Guide.
String policyArn
String entityType
The type of entity (user or role) that used the policy to access the service to which the inline policy is attached.
This field is null for managed policies. For more information about these policy types, see Managed Policies and Inline Policies in the IAM User Guide.
String entityName
The name of the entity (user or role) to which the inline policy is attached.
This field is null for managed policies. For more information about these policy types, see Managed Policies and Inline Policies in the IAM User Guide.
String groupName
The name (friendly name, not ARN) identifying the group.
String groupId
The stable and unique string identifying the group. For more information about IDs, see IAM Identifiers in the IAM User Guide.
String roleName
The name (friendly name, not ARN) identifying the role.
String roleId
The stable and unique string identifying the role. For more information about IDs, see IAM Identifiers in the IAM User Guide.
String userName
The name (friendly name, not ARN) identifying the user.
String userId
The stable and unique string identifying the user. For more information about IDs, see IAM Identifiers in the IAM User Guide.
String document
The policy document.
The policy document is returned in the response to the GetPolicyVersion and GetAccountAuthorizationDetails operations. It is not returned in the response to the CreatePolicyVersion or ListPolicyVersions operations.
The policy document returned in this structure is URL-encoded compliant with RFC 3986. You can use a URL decoding method to convert the policy
back to plain JSON text. For example, if you use Java, you can use the decode method of the
java.net.URLDecoder utility class in the Java SDK. Other languages and SDKs provide similar
functionality.
String versionId
The identifier for the policy version.
Policy version identifiers always begin with v (always lowercase). When a policy is created, the
first policy version is v1.
Boolean isDefaultVersion
Specifies whether the policy version is set as the policy's default version.
Date createDate
The date and time, in ISO 8601 date-time format, when the policy version was created.
String groupName
The name of the group to associate the policy with.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-.
String policyName
The name of the policy document.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
String policyDocument
The policy document.
You must provide policies in JSON format in IAM. However, for AWS CloudFormation templates formatted in YAML, you can provide the policy in JSON or YAML format. AWS CloudFormation always converts a YAML policy to JSON format before submitting it to IAM.
The regex pattern used to validate this parameter is a string of characters consisting of the following:
Any printable ASCII character ranging from the space character ( ) through the end of the ASCII
character range
The printable characters in the Basic Latin and Latin-1 Supplement character set (through ÿ)
The special characters tab ( ), line feed (
), and carriage return (
)
String roleName
The name of the role to associate the policy with.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
String policyName
The name of the policy document.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
String policyDocument
The policy document.
You must provide policies in JSON format in IAM. However, for AWS CloudFormation templates formatted in YAML, you can provide the policy in JSON or YAML format. AWS CloudFormation always converts a YAML policy to JSON format before submitting it to IAM.
The regex pattern used to validate this parameter is a string of characters consisting of the following:
Any printable ASCII character ranging from the space character ( ) through the end of the ASCII
character range
The printable characters in the Basic Latin and Latin-1 Supplement character set (through ÿ)
The special characters tab ( ), line feed (
), and carriage return (
)
String userName
The name of the user to associate the policy with.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
String policyName
The name of the policy document.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
String policyDocument
The policy document.
You must provide policies in JSON format in IAM. However, for AWS CloudFormation templates formatted in YAML, you can provide the policy in JSON or YAML format. AWS CloudFormation always converts a YAML policy to JSON format before submitting it to IAM.
The regex pattern used to validate this parameter is a string of characters consisting of the following:
Any printable ASCII character ranging from the space character ( ) through the end of the ASCII
character range
The printable characters in the Basic Latin and Latin-1 Supplement character set (through ÿ)
The special characters tab ( ), line feed (
), and carriage return (
)
String openIDConnectProviderArn
The Amazon Resource Name (ARN) of the IAM OIDC provider resource to remove the client ID from. You can get a list of OIDC provider ARNs by using the ListOpenIDConnectProviders operation.
For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.
String clientID
The client ID (also known as audience) to remove from the IAM OIDC provider resource. For more information about client IDs, see CreateOpenIDConnectProvider.
String instanceProfileName
The name of the instance profile to update.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
String roleName
The name of the role to remove.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
String groupName
The name of the group to update.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
String userName
The name of the user to remove.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
String userName
The name of the IAM user associated with the service-specific credential. If this value is not specified, then the operation assumes the user whose credentials are used to call the operation.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
String serviceSpecificCredentialId
The unique identifier of the service-specific credential.
This parameter allows (through its regex pattern) a string of characters that can consist of any upper or lowercased letter or digit.
ServiceSpecificCredential serviceSpecificCredential
A structure with details about the updated service-specific credential, including the new password.
This is the only time that you can access the password. You cannot recover the password later, but you can reset it again.
String evalResourceName
The name of the simulated resource, in Amazon Resource Name (ARN) format.
String evalResourceDecision
The result of the simulation of the simulated API operation on the resource specified in
EvalResourceName.
SdkInternalList<T> matchedStatements
A list of the statements in the input policies that determine the result for this part of the simulation. Remember that even if multiple statements allow the operation on the resource, if any statement denies that operation, then the explicit deny overrides any allow. In addition, the deny statement is the only entry included in the result.
SdkInternalList<T> missingContextValues
A list of context keys that are required by the included input policies but that were not provided by one of the
input parameters. This list is used when a list of ARNs is included in the ResourceArns parameter
instead of "*". If you do not specify individual resources, by setting ResourceArns to "*" or by not
including the ResourceArns parameter, then any missing context values are instead included under the
EvaluationResults section. To discover the context keys used by a set of policies, you can call
GetContextKeysForCustomPolicy or GetContextKeysForPrincipalPolicy.
SdkInternalMap<K,V> evalDecisionDetails
Additional details about the results of the evaluation decision on a single resource. This parameter is returned only for cross-account simulations. This parameter explains how each policy type contributes to the resource-specific evaluation decision.
PermissionsBoundaryDecisionDetail permissionsBoundaryDecisionDetail
Contains information about the effect that a permissions boundary has on a policy simulation when that boundary is applied to an IAM entity.
String userName
The name of the user whose MFA device you want to resynchronize.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
String serialNumber
Serial number that uniquely identifies the MFA device.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
String authenticationCode1
An authentication code emitted by the device.
The format for this parameter is a sequence of six digits.
String authenticationCode2
A subsequent authentication code emitted by the device.
The format for this parameter is a sequence of six digits.
String path
The path to the role. For more information about paths, see IAM Identifiers in the IAM User Guide.
String roleName
The friendly name that identifies the role.
String roleId
The stable and unique string identifying the role. For more information about IDs, see IAM Identifiers in the IAM User Guide.
String arn
The Amazon Resource Name (ARN) specifying the role. For more information about ARNs and how to use them in policies, see IAM Identifiers in the IAM User Guide guide.
Date createDate
The date and time, in ISO 8601 date-time format, when the role was created.
String assumeRolePolicyDocument
The policy that grants an entity permission to assume the role.
String description
A description of the role that you provide.
Integer maxSessionDuration
The maximum session duration (in seconds) for the specified role. Anyone who uses the AWS CLI, or API to assume
the role can specify the duration using the optional DurationSeconds API parameter or
duration-seconds CLI parameter.
AttachedPermissionsBoundary permissionsBoundary
The ARN of the policy used to set the permissions boundary for the role.
For more information about permissions boundaries, see Permissions Boundaries for IAM Identities in the IAM User Guide.
SdkInternalList<T> tags
A list of tags that are attached to the specified role. For more information about tagging, see Tagging IAM Identities in the IAM User Guide.
RoleLastUsed roleLastUsed
Contains information about the last time that an IAM role was used. This includes the date and time and the Region in which the role was last used. Activity is only reported for the trailing 400 days. This period can be shorter if your Region began supporting these features within the last year. The role might have been used more than 400 days ago. For more information, see Regions Where Data Is Tracked in the IAM User Guide.
String path
The path to the role. For more information about paths, see IAM Identifiers in the IAM User Guide.
String roleName
The friendly name that identifies the role.
String roleId
The stable and unique string identifying the role. For more information about IDs, see IAM Identifiers in the IAM User Guide.
String arn
Date createDate
The date and time, in ISO 8601 date-time format, when the role was created.
String assumeRolePolicyDocument
The trust policy that grants permission to assume the role.
SdkInternalList<T> instanceProfileList
A list of instance profiles that contain this role.
SdkInternalList<T> rolePolicyList
A list of inline policies embedded in the role. These policies are the role's access (permissions) policies.
SdkInternalList<T> attachedManagedPolicies
A list of managed policies attached to the role. These policies are the role's access (permissions) policies.
AttachedPermissionsBoundary permissionsBoundary
The ARN of the policy used to set the permissions boundary for the role.
For more information about permissions boundaries, see Permissions Boundaries for IAM Identities in the IAM User Guide.
SdkInternalList<T> tags
A list of tags that are attached to the specified role. For more information about tagging, see Tagging IAM Identities in the IAM User Guide.
RoleLastUsed roleLastUsed
Contains information about the last time that an IAM role was used. This includes the date and time and the Region in which the role was last used. Activity is only reported for the trailing 400 days. This period can be shorter if your Region began supporting these features within the last year. The role might have been used more than 400 days ago. For more information, see Regions Where Data Is Tracked in the IAM User Guide.
Date lastUsedDate
The date and time, in ISO 8601 date-time format that the role was last used.
This field is null if the role has not been used within the IAM tracking period. For more information about the tracking period, see Regions Where Data Is Tracked in the IAM User Guide.
String region
The name of the AWS Region in which the role was last used.
String region
The name of the Region where the service-linked role is being used.
SdkInternalList<T> resources
The name of the resource that is using the service-linked role.
ServerCertificateMetadata serverCertificateMetadata
The meta information of the server certificate, such as its name, path, ID, and ARN.
String certificateBody
The contents of the public key certificate.
String certificateChain
The contents of the public key certificate chain.
String path
The path to the server certificate. For more information about paths, see IAM Identifiers in the IAM User Guide.
String serverCertificateName
The name that identifies the server certificate.
String serverCertificateId
The stable and unique string identifying the server certificate. For more information about IDs, see IAM Identifiers in the IAM User Guide.
String arn
The Amazon Resource Name (ARN) specifying the server certificate. For more information about ARNs and how to use them in policies, see IAM Identifiers in the IAM User Guide.
Date uploadDate
The date when the server certificate was uploaded.
Date expiration
The date on which the certificate is set to expire.
String serviceName
The name of the service in which access was attempted.
Date lastAuthenticated
The date and time, in ISO 8601 date-time format, when an authenticated entity most recently attempted to access the service. AWS does not report unauthenticated requests.
This field is null if no IAM entities attempted to access the service within the reporting period.
String serviceNamespace
The namespace of the service in which access was attempted.
To learn the service namespace of a service, go to Actions, Resources, and Condition Keys for AWS Services in the IAM User Guide. Choose the name of the
service to view details for that service. In the first paragraph, find the service prefix. For example,
(service prefix: a4b). For more information about service namespaces, see AWS Service Namespaces in the AWS General Reference.
String lastAuthenticatedEntity
The ARN of the authenticated entity (user or role) that last attempted to access the service. AWS does not report unauthenticated requests.
This field is null if no IAM entities attempted to access the service within the reporting period.
String lastAuthenticatedRegion
The Region from which the authenticated entity (user or role) last attempted to access the service. AWS does not report unauthenticated requests.
This field is null if no IAM entities attempted to access the service within the reporting period.
Integer totalAuthenticatedEntities
The total number of authenticated principals (root user, IAM users, or IAM roles) that have attempted to access the service.
This field is null if no principals attempted to access the service within the reporting period.
SdkInternalList<T> trackedActionsLastAccessed
An object that contains details about the most recent attempt to access a tracked action within the service.
This field is null if there no tracked actions or if the principal did not use the tracked actions within the reporting period. This field is also null if the report was generated at the service level and not the
action level. For more information, see the Granularity field in
GenerateServiceLastAccessedDetails.
Date createDate
The date and time, in ISO 8601 date-time format, when the service-specific credential were created.
String serviceName
The name of the service associated with the service-specific credential.
String serviceUserName
The generated user name for the service-specific credential. This value is generated by combining the IAM user's
name combined with the ID number of the AWS account, as in jane-at-123456789012, for example. This
value cannot be configured by the user.
String servicePassword
The generated password for the service-specific credential.
String serviceSpecificCredentialId
The unique identifier for the service-specific credential.
String userName
The name of the IAM user associated with the service-specific credential.
String status
The status of the service-specific credential. Active means that the key is valid for API calls,
while Inactive means it is not.
String userName
The name of the IAM user associated with the service-specific credential.
String status
The status of the service-specific credential. Active means that the key is valid for API calls,
while Inactive means it is not.
String serviceUserName
The generated user name for the service-specific credential.
Date createDate
The date and time, in ISO 8601 date-time format, when the service-specific credential were created.
String serviceSpecificCredentialId
The unique identifier for the service-specific credential.
String serviceName
The name of the service associated with the service-specific credential.
String policyArn
The Amazon Resource Name (ARN) of the IAM policy whose default version you want to set.
For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.
String versionId
The version of the policy to set as the default (operative) version.
For more information about managed policy versions, see Versioning for Managed Policies in the IAM User Guide.
String globalEndpointTokenVersion
The version of the global endpoint token. Version 1 tokens are valid only in AWS Regions that are available by default. These tokens do not work in manually enabled Regions, such as Asia Pacific (Hong Kong). Version 2 tokens are valid in all Regions. However, version 2 tokens are longer and might affect systems where you temporarily store tokens.
For information, see Activating and Deactivating STS in an AWS Region in the IAM User Guide.
String userName
The name of the user the signing certificate is associated with.
String certificateId
The ID for the signing certificate.
String certificateBody
The contents of the signing certificate.
String status
The status of the signing certificate. Active means that the key is valid for API calls, while
Inactive means it is not.
Date uploadDate
The date when the signing certificate was uploaded.
SdkInternalList<T> policyInputList
A list of policy documents to include in the simulation. Each document is specified as a string containing the
complete, valid JSON text of an IAM policy. Do not include any resource-based policies in this parameter. Any
resource-based policy must be submitted with the ResourcePolicy parameter. The policies cannot be
"scope-down" policies, such as you could include in a call to GetFederationToken or
one of the AssumeRole API
operations. In other words, do not use policies designed to restrict what a user can do while using the temporary
credentials.
The regex pattern used to validate this parameter is a string of characters consisting of the following:
Any printable ASCII character ranging from the space character ( ) through the end of the ASCII
character range
The printable characters in the Basic Latin and Latin-1 Supplement character set (through ÿ)
The special characters tab ( ), line feed (
), and carriage return (
)
SdkInternalList<T> permissionsBoundaryPolicyInputList
The IAM permissions boundary policy to simulate. The permissions boundary sets the maximum permissions that an IAM entity can have. You can input only one permissions boundary when you pass a policy to this operation. For more information about permissions boundaries, see Permissions Boundaries for IAM Entities in the IAM User Guide. The policy input is specified as a string that contains the complete, valid JSON text of a permissions boundary policy.
The regex pattern used to validate this parameter is a string of characters consisting of the following:
Any printable ASCII character ranging from the space character ( ) through the end of the ASCII
character range
The printable characters in the Basic Latin and Latin-1 Supplement character set (through ÿ)
The special characters tab ( ), line feed (
), and carriage return (
)
SdkInternalList<T> actionNames
A list of names of API operations to evaluate in the simulation. Each operation is evaluated against each
resource. Each operation must include the service identifier, such as iam:CreateUser. This operation
does not support using wildcards (*) in an action name.
SdkInternalList<T> resourceArns
A list of ARNs of AWS resources to include in the simulation. If this parameter is not provided, then the value
defaults to * (all resources). Each API in the ActionNames parameter is evaluated for
each resource in this list. The simulation determines the access result (allowed or denied) of each combination
and reports it in the response.
The simulation does not automatically retrieve policies for the specified resources. If you want to include a
resource policy in the simulation, then you must include the policy as a string in the
ResourcePolicy parameter.
If you include a ResourcePolicy, then it must be applicable to all of the resources included in the
simulation or you receive an invalid input error.
For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.
String resourcePolicy
A resource-based policy to include in the simulation provided as a string. Each resource in the simulation is treated as if it had this policy attached. You can include only one resource-based policy in a simulation.
The regex pattern used to validate this parameter is a string of characters consisting of the following:
Any printable ASCII character ranging from the space character ( ) through the end of the ASCII
character range
The printable characters in the Basic Latin and Latin-1 Supplement character set (through ÿ)
The special characters tab ( ), line feed (
), and carriage return (
)
String resourceOwner
An ARN representing the AWS account ID that specifies the owner of any simulated resource that does not identify
its owner in the resource ARN. Examples of resource ARNs include an S3 bucket or object. If
ResourceOwner is specified, it is also used as the account owner of any ResourcePolicy
included in the simulation. If the ResourceOwner parameter is not specified, then the owner of the
resources and the resource policy defaults to the account of the identity provided in CallerArn.
This parameter is required only if you specify a resource-based policy and account that owns the resource is
different from the account that owns the simulated calling user CallerArn.
The ARN for an account uses the following syntax: arn:aws:iam::AWS-account-ID:root. For
example, to represent the account with the 112233445566 ID, use the following ARN:
arn:aws:iam::112233445566-ID:root.
String callerArn
The ARN of the IAM user that you want to use as the simulated caller of the API operations.
CallerArn is required if you include a ResourcePolicy so that the policy's
Principal element has a value to use in evaluating the policy.
You can specify only the ARN of an IAM user. You cannot specify the ARN of an assumed role, federated user, or a service principal.
SdkInternalList<T> contextEntries
A list of context keys and corresponding values for the simulation to use. Whenever a context key is evaluated in one of the simulated IAM permissions policies, the corresponding value is supplied.
String resourceHandlingOption
Specifies the type of simulation to run. Different API operations that support resource-based policies require different combinations of resources. By specifying the type of simulation to run, you enable the policy simulator to enforce the presence of the required resources to ensure reliable simulation results. If your simulation does not match one of the following scenarios, then you can omit this parameter. The following list shows each of the supported scenario values and the resources that you must define to run the simulation.
Each of the EC2 scenarios requires that you specify instance, image, and security-group resources. If your scenario includes an EBS volume, then you must specify that volume as a resource. If the EC2 scenario includes VPC, then you must supply the network-interface resource. If it includes an IP subnet, then you must specify the subnet resource. For more information on the EC2 scenario options, see Supported Platforms in the Amazon EC2 User Guide.
EC2-Classic-InstanceStore
instance, image, security-group
EC2-Classic-EBS
instance, image, security-group, volume
EC2-VPC-InstanceStore
instance, image, security-group, network-interface
EC2-VPC-InstanceStore-Subnet
instance, image, security-group, network-interface, subnet
EC2-VPC-EBS
instance, image, security-group, network-interface, volume
EC2-VPC-EBS-Subnet
instance, image, security-group, network-interface, subnet, volume
Integer maxItems
Use this only when paginating results to indicate the maximum number of items you want in the response. If
additional items exist beyond the maximum you specify, the IsTruncated response element is
true.
If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer
results, even when there are more results available. In that case, the IsTruncated response element
returns true, and Marker contains a value to include in the subsequent call that tells
the service where to continue from.
String marker
Use this parameter only when paginating results and only after you receive a response indicating that the results
are truncated. Set it to the value of the Marker element in the response that you received to
indicate where the next call should start.
SdkInternalList<T> evaluationResults
The results of the simulation.
Boolean isTruncated
A flag that indicates whether there are more items to return. If your results were truncated, you can make a
subsequent pagination request using the Marker request parameter to retrieve more items. Note that
IAM might return fewer than the MaxItems number of results even when there are more results
available. We recommend that you check IsTruncated after every call to ensure that you receive all
your results.
String marker
When IsTruncated is true, this element is present and contains the value to use for the
Marker parameter in a subsequent pagination request.
String policySourceArn
The Amazon Resource Name (ARN) of a user, group, or role whose policies you want to include in the simulation. If you specify a user, group, or role, the simulation includes all policies that are associated with that entity. If you specify a user, the simulation also includes all policies that are attached to any groups the user belongs to.
For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.
SdkInternalList<T> policyInputList
An optional list of additional policy documents to include in the simulation. Each document is specified as a string containing the complete, valid JSON text of an IAM policy.
The regex pattern used to validate this parameter is a string of characters consisting of the following:
Any printable ASCII character ranging from the space character ( ) through the end of the ASCII
character range
The printable characters in the Basic Latin and Latin-1 Supplement character set (through ÿ)
The special characters tab ( ), line feed (
), and carriage return (
)
SdkInternalList<T> permissionsBoundaryPolicyInputList
The IAM permissions boundary policy to simulate. The permissions boundary sets the maximum permissions that the entity can have. You can input only one permissions boundary when you pass a policy to this operation. An IAM entity can only have one permissions boundary in effect at a time. For example, if a permissions boundary is attached to an entity and you pass in a different permissions boundary policy using this parameter, then the new permissions boundary policy is used for the simulation. For more information about permissions boundaries, see Permissions Boundaries for IAM Entities in the IAM User Guide. The policy input is specified as a string containing the complete, valid JSON text of a permissions boundary policy.
The regex pattern used to validate this parameter is a string of characters consisting of the following:
Any printable ASCII character ranging from the space character ( ) through the end of the ASCII
character range
The printable characters in the Basic Latin and Latin-1 Supplement character set (through ÿ)
The special characters tab ( ), line feed (
), and carriage return (
)
SdkInternalList<T> actionNames
A list of names of API operations to evaluate in the simulation. Each operation is evaluated for each resource.
Each operation must include the service identifier, such as iam:CreateUser.
SdkInternalList<T> resourceArns
A list of ARNs of AWS resources to include in the simulation. If this parameter is not provided, then the value
defaults to * (all resources). Each API in the ActionNames parameter is evaluated for
each resource in this list. The simulation determines the access result (allowed or denied) of each combination
and reports it in the response.
The simulation does not automatically retrieve policies for the specified resources. If you want to include a
resource policy in the simulation, then you must include the policy as a string in the
ResourcePolicy parameter.
For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.
String resourcePolicy
A resource-based policy to include in the simulation provided as a string. Each resource in the simulation is treated as if it had this policy attached. You can include only one resource-based policy in a simulation.
The regex pattern used to validate this parameter is a string of characters consisting of the following:
Any printable ASCII character ranging from the space character ( ) through the end of the ASCII
character range
The printable characters in the Basic Latin and Latin-1 Supplement character set (through ÿ)
The special characters tab ( ), line feed (
), and carriage return (
)
String resourceOwner
An AWS account ID that specifies the owner of any simulated resource that does not identify its owner in the
resource ARN. Examples of resource ARNs include an S3 bucket or object. If ResourceOwner is
specified, it is also used as the account owner of any ResourcePolicy included in the simulation. If
the ResourceOwner parameter is not specified, then the owner of the resources and the resource
policy defaults to the account of the identity provided in CallerArn. This parameter is required
only if you specify a resource-based policy and account that owns the resource is different from the account that
owns the simulated calling user CallerArn.
String callerArn
The ARN of the IAM user that you want to specify as the simulated caller of the API operations. If you do not
specify a CallerArn, it defaults to the ARN of the user that you specify in
PolicySourceArn, if you specified a user. If you include both a PolicySourceArn (for
example, arn:aws:iam::123456789012:user/David) and a CallerArn (for example,
arn:aws:iam::123456789012:user/Bob), the result is that you simulate calling the API operations as
Bob, as if Bob had David's policies.
You can specify only the ARN of an IAM user. You cannot specify the ARN of an assumed role, federated user, or a service principal.
CallerArn is required if you include a ResourcePolicy and the
PolicySourceArn is not the ARN for an IAM user. This is required so that the resource-based policy's
Principal element has a value to use in evaluating the policy.
For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.
SdkInternalList<T> contextEntries
A list of context keys and corresponding values for the simulation to use. Whenever a context key is evaluated in one of the simulated IAM permissions policies, the corresponding value is supplied.
String resourceHandlingOption
Specifies the type of simulation to run. Different API operations that support resource-based policies require different combinations of resources. By specifying the type of simulation to run, you enable the policy simulator to enforce the presence of the required resources to ensure reliable simulation results. If your simulation does not match one of the following scenarios, then you can omit this parameter. The following list shows each of the supported scenario values and the resources that you must define to run the simulation.
Each of the EC2 scenarios requires that you specify instance, image, and security group resources. If your scenario includes an EBS volume, then you must specify that volume as a resource. If the EC2 scenario includes VPC, then you must supply the network interface resource. If it includes an IP subnet, then you must specify the subnet resource. For more information on the EC2 scenario options, see Supported Platforms in the Amazon EC2 User Guide.
EC2-Classic-InstanceStore
instance, image, security group
EC2-Classic-EBS
instance, image, security group, volume
EC2-VPC-InstanceStore
instance, image, security group, network interface
EC2-VPC-InstanceStore-Subnet
instance, image, security group, network interface, subnet
EC2-VPC-EBS
instance, image, security group, network interface, volume
EC2-VPC-EBS-Subnet
instance, image, security group, network interface, subnet, volume
Integer maxItems
Use this only when paginating results to indicate the maximum number of items you want in the response. If
additional items exist beyond the maximum you specify, the IsTruncated response element is
true.
If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer
results, even when there are more results available. In that case, the IsTruncated response element
returns true, and Marker contains a value to include in the subsequent call that tells
the service where to continue from.
String marker
Use this parameter only when paginating results and only after you receive a response indicating that the results
are truncated. Set it to the value of the Marker element in the response that you received to
indicate where the next call should start.
SdkInternalList<T> evaluationResults
The results of the simulation.
Boolean isTruncated
A flag that indicates whether there are more items to return. If your results were truncated, you can make a
subsequent pagination request using the Marker request parameter to retrieve more items. Note that
IAM might return fewer than the MaxItems number of results even when there are more results
available. We recommend that you check IsTruncated after every call to ensure that you receive all
your results.
String marker
When IsTruncated is true, this element is present and contains the value to use for the
Marker parameter in a subsequent pagination request.
String userName
The name of the IAM user associated with the SSH public key.
String sSHPublicKeyId
The unique identifier for the SSH public key.
String fingerprint
The MD5 message digest of the SSH public key.
String sSHPublicKeyBody
The SSH public key.
String status
The status of the SSH public key. Active means that the key can be used for authentication with an
AWS CodeCommit repository. Inactive means that the key cannot be used.
Date uploadDate
The date and time, in ISO 8601 date-time format, when the SSH public key was uploaded.
String userName
The name of the IAM user associated with the SSH public key.
String sSHPublicKeyId
The unique identifier for the SSH public key.
String status
The status of the SSH public key. Active means that the key can be used for authentication with an
AWS CodeCommit repository. Inactive means that the key cannot be used.
Date uploadDate
The date and time, in ISO 8601 date-time format, when the SSH public key was uploaded.
String sourcePolicyId
The identifier of the policy that was provided as an input.
String sourcePolicyType
The type of the policy.
Position startPosition
The row and column of the beginning of the Statement in an IAM policy.
Position endPosition
The row and column of the end of a Statement in an IAM policy.
String key
The key name that can be used to look up or retrieve the associated value. For example, Department
or Cost Center are common choices.
String value
The value associated with this tag. For example, tags with a key name of Department could have
values such as Human Resources, Accounting, and Support. Tags with a key
name of Cost Center might have values that consist of the number associated with the different cost
centers in your company. Typically, many resources have tags with the same key name but with different values.
AWS always interprets the tag Value as a single string. If you need to store an array, you can store
comma-separated values in the string. However, you must interpret the value in your code.
String roleName
The name of the role that you want to add tags to.
This parameter accepts (through its regex pattern) a string of characters that consist of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
SdkInternalList<T> tags
The list of tags that you want to attach to the role. Each tag consists of a key name and an associated value. You can specify this with a JSON string.
String userName
The name of the user that you want to add tags to.
This parameter accepts (through its regex pattern) a string of characters that consist of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
SdkInternalList<T> tags
The list of tags that you want to attach to the user. Each tag consists of a key name and an associated value.
String actionName
The name of the tracked action to which access was attempted. Tracked actions are actions that report activity to IAM.
String lastAccessedEntity
Date lastAccessedTime
The date and time, in ISO 8601 date-time format, when an authenticated entity most recently attempted to access the tracked service. AWS does not report unauthenticated requests.
This field is null if no IAM entities attempted to access the service within the reporting period.
String lastAccessedRegion
The Region from which the authenticated entity (user or role) last attempted to access the tracked action. AWS does not report unauthenticated requests.
This field is null if no IAM entities attempted to access the service within the reporting period.
String roleName
The name of the IAM role from which you want to remove tags.
This parameter accepts (through its regex pattern) a string of characters that consist of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
SdkInternalList<T> tagKeys
A list of key names as a simple array of strings. The tags with matching keys are removed from the specified role.
String userName
The name of the IAM user from which you want to remove tags.
This parameter accepts (through its regex pattern) a string of characters that consist of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
SdkInternalList<T> tagKeys
A list of key names as a simple array of strings. The tags with matching keys are removed from the specified user.
String userName
The name of the user whose key you want to update.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
String accessKeyId
The access key ID of the secret access key you want to update.
This parameter allows (through its regex pattern) a string of characters that can consist of any upper or lowercased letter or digit.
String status
The status you want to assign to the secret access key. Active means that the key can be used for
API calls to AWS, while Inactive means that the key cannot be used.
Integer minimumPasswordLength
The minimum number of characters allowed in an IAM user password.
If you do not specify a value for this parameter, then the operation uses the default value of 6.
Boolean requireSymbols
Specifies whether IAM user passwords must contain at least one of the following non-alphanumeric characters:
! @ # $ % ^ & * ( ) _ + - = [ ] { } | '
If you do not specify a value for this parameter, then the operation uses the default value of false
. The result is that passwords do not require at least one symbol character.
Boolean requireNumbers
Specifies whether IAM user passwords must contain at least one numeric character (0 to 9).
If you do not specify a value for this parameter, then the operation uses the default value of false
. The result is that passwords do not require at least one numeric character.
Boolean requireUppercaseCharacters
Specifies whether IAM user passwords must contain at least one uppercase character from the ISO basic Latin alphabet (A to Z).
If you do not specify a value for this parameter, then the operation uses the default value of false
. The result is that passwords do not require at least one uppercase character.
Boolean requireLowercaseCharacters
Specifies whether IAM user passwords must contain at least one lowercase character from the ISO basic Latin alphabet (a to z).
If you do not specify a value for this parameter, then the operation uses the default value of false
. The result is that passwords do not require at least one lowercase character.
Boolean allowUsersToChangePassword
Allows all IAM users in your account to use the AWS Management Console to change their own passwords. For more information, see Letting IAM Users Change Their Own Passwords in the IAM User Guide.
If you do not specify a value for this parameter, then the operation uses the default value of false
. The result is that IAM users in the account do not automatically have permissions to change their own password.
Integer maxPasswordAge
The number of days that an IAM user password is valid.
If you do not specify a value for this parameter, then the operation uses the default value of 0.
The result is that IAM user passwords never expire.
Integer passwordReusePrevention
Specifies the number of previous passwords that IAM users are prevented from reusing.
If you do not specify a value for this parameter, then the operation uses the default value of 0.
The result is that IAM users are not prevented from reusing previous passwords.
Boolean hardExpiry
Prevents IAM users from setting a new password after their password has expired. The IAM user cannot be accessed until an administrator resets the password.
If you do not specify a value for this parameter, then the operation uses the default value of false
. The result is that IAM users can change their passwords after they expire and continue to sign in as the user.
String roleName
The name of the role to update with the new policy.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
String policyDocument
The policy that grants an entity permission to assume the role.
You must provide policies in JSON format in IAM. However, for AWS CloudFormation templates formatted in YAML, you can provide the policy in JSON or YAML format. AWS CloudFormation always converts a YAML policy to JSON format before submitting it to IAM.
The regex pattern used to validate this parameter is a string of characters consisting of the following:
Any printable ASCII character ranging from the space character ( ) through the end of the ASCII
character range
The printable characters in the Basic Latin and Latin-1 Supplement character set (through ÿ)
The special characters tab ( ), line feed (
), and carriage return (
)
String groupName
Name of the IAM group to update. If you're changing the name of the group, this is the original name.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
String newPath
New path for the IAM group. Only include this if changing the group's path.
This parameter allows (through its regex pattern) a string of
characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward
slashes. In addition, it can contain any ASCII character from the ! (!) through the DEL
character (), including most punctuation characters, digits, and upper and lowercased letters.
String newGroupName
New name for the IAM group. Only include this if changing the group's name.
IAM user, group, role, and policy names must be unique within the account. Names are not distinguished by case. For example, you cannot create resources named both "MyResource" and "myresource".
String userName
The name of the user whose password you want to update.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
String password
The new password for the specified IAM user.
The regex pattern used to validate this parameter is a string of characters consisting of the following:
Any printable ASCII character ranging from the space character ( ) through the end of the ASCII
character range
The printable characters in the Basic Latin and Latin-1 Supplement character set (through ÿ)
The special characters tab ( ), line feed (
), and carriage return (
)
However, the format can be further restricted by the account administrator by setting a password policy on the AWS account. For more information, see UpdateAccountPasswordPolicy.
Boolean passwordResetRequired
Allows this new password to be used only once by requiring the specified IAM user to set a new password on next sign-in.
String openIDConnectProviderArn
The Amazon Resource Name (ARN) of the IAM OIDC provider resource object for which you want to update the thumbprint. You can get a list of OIDC provider ARNs by using the ListOpenIDConnectProviders operation.
For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.
SdkInternalList<T> thumbprintList
A list of certificate thumbprints that are associated with the specified IAM OpenID Connect provider. For more information, see CreateOpenIDConnectProvider.
Role role
A structure that contains details about the modified role.
String roleName
The name of the role that you want to modify.
String description
The new description that you want to apply to the specified role.
Integer maxSessionDuration
The maximum session duration (in seconds) that you want to set for the specified role. If you do not specify a value for this setting, the default maximum of one hour is applied. This setting can have a value from 1 hour to 12 hours.
Anyone who assumes the role from the AWS CLI or API can use the DurationSeconds API parameter or the
duration-seconds CLI parameter to request a longer session. The MaxSessionDuration
setting determines the maximum duration that can be requested using the DurationSeconds parameter.
If users don't specify a value for the DurationSeconds parameter, their security credentials are
valid for one hour by default. This applies when you use the AssumeRole* API operations or the
assume-role* CLI operations but does not apply when you use those operations to create a console
URL. For more information, see Using
IAM Roles in the IAM User Guide.
String sAMLMetadataDocument
An XML document generated by an identity provider (IdP) that supports SAML 2.0. The document includes the issuer's name, expiration information, and keys that can be used to validate the SAML authentication response (assertions) that are received from the IdP. You must generate the metadata document using the identity management software that is used as your organization's IdP.
String sAMLProviderArn
The Amazon Resource Name (ARN) of the SAML provider to update.
For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.
String sAMLProviderArn
The Amazon Resource Name (ARN) of the SAML provider that was updated.
String serverCertificateName
The name of the server certificate that you want to update.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
String newPath
The new path for the server certificate. Include this only if you are updating the server certificate's path.
This parameter allows (through its regex pattern) a string of
characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward
slashes. In addition, it can contain any ASCII character from the ! (!) through the DEL
character (), including most punctuation characters, digits, and upper and lowercased letters.
String newServerCertificateName
The new name for the server certificate. Include this only if you are updating the server certificate's name. The name of the certificate cannot contain any spaces.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
String userName
The name of the IAM user associated with the service-specific credential. If you do not specify this value, then the operation assumes the user whose credentials are used to call the operation.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
String serviceSpecificCredentialId
The unique identifier of the service-specific credential.
This parameter allows (through its regex pattern) a string of characters that can consist of any upper or lowercased letter or digit.
String status
The status to be assigned to the service-specific credential.
String userName
The name of the IAM user the signing certificate belongs to.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
String certificateId
The ID of the signing certificate you want to update.
This parameter allows (through its regex pattern) a string of characters that can consist of any upper or lowercased letter or digit.
String status
The status you want to assign to the certificate. Active means that the certificate can be used for
API calls to AWS Inactive means that the certificate cannot be used.
String userName
The name of the IAM user associated with the SSH public key.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
String sSHPublicKeyId
The unique identifier for the SSH public key.
This parameter allows (through its regex pattern) a string of characters that can consist of any upper or lowercased letter or digit.
String status
The status to assign to the SSH public key. Active means that the key can be used for authentication
with an AWS CodeCommit repository. Inactive means that the key cannot be used.
String userName
Name of the user to update. If you're changing the name of the user, this is the original user name.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
String newPath
New path for the IAM user. Include this parameter only if you're changing the user's path.
This parameter allows (through its regex pattern) a string of
characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward
slashes. In addition, it can contain any ASCII character from the ! (!) through the DEL
character (), including most punctuation characters, digits, and upper and lowercased letters.
String newUserName
New name for the user. Include this parameter only if you're changing the user's name.
IAM user, group, role, and policy names must be unique within the account. Names are not distinguished by case. For example, you cannot create resources named both "MyResource" and "myresource".
String path
The path for the server certificate. For more information about paths, see IAM Identifiers in the IAM User Guide.
This parameter is optional. If it is not included, it defaults to a slash (/). This parameter allows (through its
regex pattern) a string of characters consisting of either a
forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain
any ASCII character from the ! (!) through the DEL character (), including
most punctuation characters, digits, and upper and lowercased letters.
If you are uploading a server certificate specifically for use with Amazon CloudFront distributions, you must
specify a path using the path parameter. The path must begin with /cloudfront and must
include a trailing slash (for example, /cloudfront/test/).
String serverCertificateName
The name for the server certificate. Do not include the path in this value. The name of the certificate cannot contain any spaces.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
String certificateBody
The contents of the public key certificate in PEM-encoded format.
The regex pattern used to validate this parameter is a string of characters consisting of the following:
Any printable ASCII character ranging from the space character ( ) through the end of the ASCII
character range
The printable characters in the Basic Latin and Latin-1 Supplement character set (through ÿ)
The special characters tab ( ), line feed (
), and carriage return (
)
String privateKey
The contents of the private key in PEM-encoded format.
The regex pattern used to validate this parameter is a string of characters consisting of the following:
Any printable ASCII character ranging from the space character ( ) through the end of the ASCII
character range
The printable characters in the Basic Latin and Latin-1 Supplement character set (through ÿ)
The special characters tab ( ), line feed (
), and carriage return (
)
String certificateChain
The contents of the certificate chain. This is typically a concatenation of the PEM-encoded public key certificates of the chain.
The regex pattern used to validate this parameter is a string of characters consisting of the following:
Any printable ASCII character ranging from the space character ( ) through the end of the ASCII
character range
The printable characters in the Basic Latin and Latin-1 Supplement character set (through ÿ)
The special characters tab ( ), line feed (
), and carriage return (
)
ServerCertificateMetadata serverCertificateMetadata
The meta information of the uploaded server certificate without its certificate body, certificate chain, and private key.
String userName
The name of the user the signing certificate is for.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
String certificateBody
The contents of the signing certificate.
The regex pattern used to validate this parameter is a string of characters consisting of the following:
Any printable ASCII character ranging from the space character ( ) through the end of the ASCII
character range
The printable characters in the Basic Latin and Latin-1 Supplement character set (through ÿ)
The special characters tab ( ), line feed (
), and carriage return (
)
SigningCertificate certificate
Information about the certificate.
String userName
The name of the IAM user to associate the SSH public key with.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
String sSHPublicKeyBody
The SSH public key. The public key must be encoded in ssh-rsa format or PEM format. The minimum bit-length of the public key is 2048 bits. For example, you can generate a 2048-bit key, and the resulting PEM file is 1679 bytes long.
The regex pattern used to validate this parameter is a string of characters consisting of the following:
Any printable ASCII character ranging from the space character ( ) through the end of the ASCII
character range
The printable characters in the Basic Latin and Latin-1 Supplement character set (through ÿ)
The special characters tab ( ), line feed (
), and carriage return (
)
SSHPublicKey sSHPublicKey
Contains information about the SSH public key.
String path
The path to the user. For more information about paths, see IAM Identifiers in the IAM User Guide.
String userName
The friendly name identifying the user.
String userId
The stable and unique string identifying the user. For more information about IDs, see IAM Identifiers in the IAM User Guide.
String arn
The Amazon Resource Name (ARN) that identifies the user. For more information about ARNs and how to use ARNs in policies, see IAM Identifiers in the IAM User Guide.
Date createDate
The date and time, in ISO 8601 date-time format, when the user was created.
Date passwordLastUsed
The date and time, in ISO 8601 date-time format, when the user's password was last used to sign in to an AWS website. For a list of AWS websites that capture a user's last sign-in time, see the Credential Reports topic in the IAM User Guide. If a password is used more than once in a five-minute span, only the first use is returned in this field. If the field is null (no value), then it indicates that they never signed in with a password. This can be because:
The user never had a password.
A password exists but has not been used since IAM started tracking this information on October 20, 2014.
A null value does not mean that the user never had a password. Also, if the user does not currently have a password but had one in the past, then this field contains the date and time the most recent password was used.
This value is returned only in the GetUser and ListUsers operations.
AttachedPermissionsBoundary permissionsBoundary
The ARN of the policy used to set the permissions boundary for the user.
For more information about permissions boundaries, see Permissions Boundaries for IAM Identities in the IAM User Guide.
SdkInternalList<T> tags
A list of tags that are associated with the specified user. For more information about tagging, see Tagging IAM Identities in the IAM User Guide.
String path
The path to the user. For more information about paths, see IAM Identifiers in the IAM User Guide.
String userName
The friendly name identifying the user.
String userId
The stable and unique string identifying the user. For more information about IDs, see IAM Identifiers in the IAM User Guide.
String arn
Date createDate
The date and time, in ISO 8601 date-time format, when the user was created.
SdkInternalList<T> userPolicyList
A list of the inline policies embedded in the user.
SdkInternalList<T> groupList
A list of IAM groups that the user is in.
SdkInternalList<T> attachedManagedPolicies
A list of the managed policies attached to the user.
AttachedPermissionsBoundary permissionsBoundary
The ARN of the policy used to set the permissions boundary for the user.
For more information about permissions boundaries, see Permissions Boundaries for IAM Identities in the IAM User Guide.
SdkInternalList<T> tags
A list of tags that are associated with the specified user. For more information about tagging, see Tagging IAM Identities in the IAM User Guide.
String serialNumber
The serial number associated with VirtualMFADevice.
ByteBuffer base32StringSeed
The base32 seed defined as specified in RFC3548. The
Base32StringSeed is base64-encoded.
ByteBuffer qRCodePNG
A QR code PNG image that encodes
otpauth://totp/$virtualMFADeviceName@$AccountName?secret=$Base32String where
$virtualMFADeviceName is one of the create call arguments. AccountName is the user name
if set (otherwise, the account ID otherwise), and Base32String is the seed in base32 format. The
Base32String value is base64-encoded.
User user
The IAM user associated with this virtual MFA device.
Date enableDate
The date and time on which the virtual MFA device was enabled.
Copyright © 2021. All rights reserved.