com.amazonaws.services.identitymanagement
Class AmazonIdentityManagementClient

java.lang.Object
  com.amazonaws.AmazonWebServiceClient
      com.amazonaws.services.identitymanagement.AmazonIdentityManagementClient

All Implemented Interfaces:

AmazonIdentityManagement

Direct Known Subclasses:

AmazonIdentityManagementAsyncClient

public class AmazonIdentityManagementClient
extends AmazonWebServiceClient
implements AmazonIdentityManagement

Client for accessing AmazonIdentityManagement. All service calls made using this client are blocking, and will not return until the service call completes.

AWS Identity and Access Management

AWS Identity and Access Management (IAM) is a web service that enables Amazon Web Services (AWS) customers to manage users and user permissions under their AWS account.

This is the AWS Identity and Access Management API Reference. This guide describes who should read this guide and other resources related to IAM.

Use of this guide assumes you are familiar with the following:

• Basic understanding of web services (for information, go to W3 Schools Web Services Tutorial at http://www.w3schools.com/webservices/default.asp ).
• XML (for information, go to W3 Schools XML Tutorial at http://www.w3schools.com/xml/default.asp ).
• JSON (for information, go to http://json.org )
• The specific AWS products you are using or plan to use (e.g., Amazon Elastic Compute Cloud (Amazon EC2), Amazon Simple Storage Service (Amazon S3), etc.)

If you're new to AWS and need additional technical information about a specific AWS product, you can find the product's technical documentation at http://aws.amazon.com/documentation/ .

We will refer to Amazon AWS Identity and Access Management using the the abbreviated form IAM; all copyrights and legal protections still apply.

Constructor Summary

AmazonIdentityManagementClient(AWSCredentials awsCredentials)
Constructs a new client to invoke service methods on AmazonIdentityManagement using the specified AWS account credentials.

AmazonIdentityManagementClient(AWSCredentials awsCredentials, ClientConfiguration clientConfiguration)
Constructs a new client to invoke service methods on AmazonIdentityManagement using the specified AWS account credentials and client configuration options.

Method Summary

void	addUserToGroup(AddUserToGroupRequest addUserToGroupRequest) Adds the specified user to the specified group.
CreateAccessKeyResult	createAccessKey() Creates a new AWS Secret Access Key and corresponding AWS Access Key ID for the specified user.
CreateAccessKeyResult	createAccessKey(CreateAccessKeyRequest createAccessKeyRequest) Creates a new AWS Secret Access Key and corresponding AWS Access Key ID for the specified user.
CreateGroupResult	createGroup(CreateGroupRequest createGroupRequest) Creates a new group.
CreateLoginProfileResult	createLoginProfile(CreateLoginProfileRequest createLoginProfileRequest) Creates a login profile for the specified user, giving the user the ability to access AWS services such as the AWS Management Console.
CreateUserResult	createUser(CreateUserRequest createUserRequest) Creates a new user for your account.
void	deactivateMFADevice(DeactivateMFADeviceRequest deactivateMFADeviceRequest) Deactivates the specified MFA device and removes it from association with the user for which it was originally enabled.
void	deleteAccessKey(DeleteAccessKeyRequest deleteAccessKeyRequest) Deletes the access key associated with the specified user.
void	deleteGroup(DeleteGroupRequest deleteGroupRequest) Deletes the specified group.
void	deleteGroupPolicy(DeleteGroupPolicyRequest deleteGroupPolicyRequest) Deletes the specified policy that is associated with the specified group.
void	deleteLoginProfile(DeleteLoginProfileRequest deleteLoginProfileRequest) Deletes the login profile for the specified user, which terminates the user's ability to access AWS services through the IAM login page.
void	deleteSigningCertificate(DeleteSigningCertificateRequest deleteSigningCertificateRequest) Deletes the specified signing certificate associated with the specified user.
void	deleteUser(DeleteUserRequest deleteUserRequest) Deletes the specified user.
void	deleteUserPolicy(DeleteUserPolicyRequest deleteUserPolicyRequest) Deletes the specified policy associated with the specified user.
void	enableMFADevice(EnableMFADeviceRequest enableMFADeviceRequest) Enables the specified MFA device and associates it with the specified user.
ResponseMetadata	getCachedResponseMetadata(AmazonWebServiceRequest request) Returns additional metadata for a previously executed successful, request, typically used for debugging issues where a service isn't acting as expected.
GetGroupResult	getGroup(GetGroupRequest getGroupRequest) Returns a list of users that are in the specified group.
GetGroupPolicyResult	getGroupPolicy(GetGroupPolicyRequest getGroupPolicyRequest) Retrieves the specified policy document for the specified group.
GetLoginProfileResult	getLoginProfile(GetLoginProfileRequest getLoginProfileRequest) Retrieves the login profile for the specified user.
GetUserResult	getUser() Retrieves information about the specified user, including the user's path, GUID, and ARN.
GetUserResult	getUser(GetUserRequest getUserRequest) Retrieves information about the specified user, including the user's path, GUID, and ARN.
GetUserPolicyResult	getUserPolicy(GetUserPolicyRequest getUserPolicyRequest) Retrieves the specified policy document for the specified user.
ListAccessKeysResult	listAccessKeys() Returns information about the Access Key IDs associated with the specified user.
ListAccessKeysResult	listAccessKeys(ListAccessKeysRequest listAccessKeysRequest) Returns information about the Access Key IDs associated with the specified user.
ListGroupPoliciesResult	listGroupPolicies(ListGroupPoliciesRequest listGroupPoliciesRequest) Lists the names of the policies associated with the specified group.
ListGroupsResult	listGroups() Lists the groups that have the specified path prefix.
ListGroupsResult	listGroups(ListGroupsRequest listGroupsRequest) Lists the groups that have the specified path prefix.
ListGroupsForUserResult	listGroupsForUser(ListGroupsForUserRequest listGroupsForUserRequest) Lists the groups the specified user belongs to.
ListMFADevicesResult	listMFADevices(ListMFADevicesRequest listMFADevicesRequest) Lists the MFA devices associated with the specified user.
ListSigningCertificatesResult	listSigningCertificates() Returns information about the signing certificates associated with the specified user.
ListSigningCertificatesResult	listSigningCertificates(ListSigningCertificatesRequest listSigningCertificatesRequest) Returns information about the signing certificates associated with the specified user.
ListUserPoliciesResult	listUserPolicies(ListUserPoliciesRequest listUserPoliciesRequest) Lists the names of the policies associated with the specified user.
ListUsersResult	listUsers() Lists the users that have the specified path prefix.
ListUsersResult	listUsers(ListUsersRequest listUsersRequest) Lists the users that have the specified path prefix.
void	putGroupPolicy(PutGroupPolicyRequest putGroupPolicyRequest) Adds (or updates) a policy document associated with the specified group.
void	putUserPolicy(PutUserPolicyRequest putUserPolicyRequest) Adds (or updates) a policy document associated with the specified user.
void	removeUserFromGroup(RemoveUserFromGroupRequest removeUserFromGroupRequest) Removes the specified user from the specified group.
void	resyncMFADevice(ResyncMFADeviceRequest resyncMFADeviceRequest) Synchronizes the specified MFA device with AWS servers.
void	updateAccessKey(UpdateAccessKeyRequest updateAccessKeyRequest) Changes the status of the specified access key from Active to Inactive, or vice versa.
void	updateGroup(UpdateGroupRequest updateGroupRequest) Updates the name and/or the path of the specified group.
void	updateLoginProfile(UpdateLoginProfileRequest updateLoginProfileRequest) Updates the login profile for the specified user.
void	updateSigningCertificate(UpdateSigningCertificateRequest updateSigningCertificateRequest) Changes the status of the specified signing certificate from active to disabled, or vice versa.
void	updateUser(UpdateUserRequest updateUserRequest) Updates the name and/or the path of the specified user.
UploadSigningCertificateResult	uploadSigningCertificate(UploadSigningCertificateRequest uploadSigningCertificateRequest) Uploads an X.509 signing certificate and associates it with the specified user.

Methods inherited from class com.amazonaws.AmazonWebServiceClient

setEndpoint, shutdown

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface com.amazonaws.services.identitymanagement.AmazonIdentityManagement

setEndpoint, shutdown

Constructor Detail

AmazonIdentityManagementClient

public AmazonIdentityManagementClient(AWSCredentials awsCredentials)

Constructs a new client to invoke service methods on AmazonIdentityManagement using the specified AWS account credentials.

All service calls made using this new client object are blocking, and will not return until the service call completes.

Parameters:

awsCredentials - The AWS credentials (access key ID and secret key) to use when authenticating with AWS services.

AmazonIdentityManagementClient

public AmazonIdentityManagementClient(AWSCredentials awsCredentials,
                                      ClientConfiguration clientConfiguration)

Constructs a new client to invoke service methods on AmazonIdentityManagement using the specified AWS account credentials and client configuration options.

All service calls made using this new client object are blocking, and will not return until the service call completes.

Parameters:

awsCredentials - The AWS credentials (access key ID and secret key) to use when authenticating with AWS services.

clientConfiguration - The client configuration options controlling how this client connects to AmazonIdentityManagement (ex: proxy settings, retry counts, etc.).

Method Detail

listGroups

public ListGroupsResult listGroups(ListGroupsRequest listGroupsRequest)
                            throws AmazonServiceException,
                                   AmazonClientException

Lists the groups that have the specified path prefix.

You can paginate the results using the MaxItems and Marker parameters.

Specified by:

listGroups in interface AmazonIdentityManagement

Parameters:

listGroupsRequest - Container for the necessary parameters to execute the ListGroups service method on AmazonIdentityManagement.

Returns:

The response from the ListGroups service method, as returned by AmazonIdentityManagement.

Throws:

AmazonClientException - If any internal errors are encountered inside the client while attempting to make the request or handle the response. For example if a network connection is not available.

AmazonServiceException - If an error response is returned by AmazonIdentityManagement indicating either a problem with the data in the request, or a server side issue.

deleteAccessKey

public void deleteAccessKey(DeleteAccessKeyRequest deleteAccessKeyRequest)
                     throws AmazonServiceException,
                            AmazonClientException

Deletes the access key associated with the specified user.

If the UserName field is not specified, the UserName is determined implicitly based on the AWS Access Key ID used to sign the request. Because this action works for access keys under the account, this API can be used to manage root credentials even if the account has no associated users.

Specified by:

deleteAccessKey in interface AmazonIdentityManagement

Parameters:

deleteAccessKeyRequest - Container for the necessary parameters to execute the DeleteAccessKey service method on AmazonIdentityManagement.

Throws:

NoSuchEntityException

AmazonClientException - If any internal errors are encountered inside the client while attempting to make the request or handle the response. For example if a network connection is not available.

AmazonServiceException - If an error response is returned by AmazonIdentityManagement indicating either a problem with the data in the request, or a server side issue.

listSigningCertificates

public ListSigningCertificatesResult listSigningCertificates(ListSigningCertificatesRequest listSigningCertificatesRequest)
                                                      throws AmazonServiceException,
                                                             AmazonClientException

Returns information about the signing certificates associated with the specified user. If there are none, the action returns an empty list.

Although each user is limited to a small number of signing certificates, you can still paginate the results using the MaxItems and Marker parameters.

If the UserName field is not specified, the UserName is determined implicitly based on the AWS Access Key ID used to sign the request. Because this action works for access keys under the account, this API can be used to manage root credentials even if the account has no associated users.

Specified by:

listSigningCertificates in interface AmazonIdentityManagement

Parameters:

listSigningCertificatesRequest - Container for the necessary parameters to execute the ListSigningCertificates service method on AmazonIdentityManagement.

Returns:

The response from the ListSigningCertificates service method, as returned by AmazonIdentityManagement.

Throws:

NoSuchEntityException

AmazonClientException - If any internal errors are encountered inside the client while attempting to make the request or handle the response. For example if a network connection is not available.

AmazonServiceException - If an error response is returned by AmazonIdentityManagement indicating either a problem with the data in the request, or a server side issue.

uploadSigningCertificate

public UploadSigningCertificateResult uploadSigningCertificate(UploadSigningCertificateRequest uploadSigningCertificateRequest)
                                                        throws AmazonServiceException,
                                                               AmazonClientException

Uploads an X.509 signing certificate and associates it with the specified user. Some AWS services use X.509 signing certificates to validate requests that are signed with a corresponding private key. When you upload the certificate, its default status is Active.

If the UserName field is not specified, the UserName is determined implicitly based on the AWS Access Key ID used to sign the request. Because this action works for access keys under the account, this API can be used to manage root credentials even if the account has no associated users.

NOTE:Because the body of a X.509 certificate can be large, you should use POST rather than GET when calling UploadSigningCertificate. For more information, see Using the Query API in the AWS Identity and Access Management User Guide.

Specified by:

uploadSigningCertificate in interface AmazonIdentityManagement

Parameters:

uploadSigningCertificateRequest - Container for the necessary parameters to execute the UploadSigningCertificate service method on AmazonIdentityManagement.

Returns:

The response from the UploadSigningCertificate service method, as returned by AmazonIdentityManagement.

Throws:

MalformedCertificateException

NoSuchEntityException

LimitExceededException

EntityAlreadyExistsException

AmazonClientException - If any internal errors are encountered inside the client while attempting to make the request or handle the response. For example if a network connection is not available.

AmazonServiceException - If an error response is returned by AmazonIdentityManagement indicating either a problem with the data in the request, or a server side issue.

deleteUserPolicy

public void deleteUserPolicy(DeleteUserPolicyRequest deleteUserPolicyRequest)
                      throws AmazonServiceException,
                             AmazonClientException

Deletes the specified policy associated with the specified user.

Specified by:

deleteUserPolicy in interface AmazonIdentityManagement

Parameters:

deleteUserPolicyRequest - Container for the necessary parameters to execute the DeleteUserPolicy service method on AmazonIdentityManagement.

Throws:

NoSuchEntityException

AmazonClientException - If any internal errors are encountered inside the client while attempting to make the request or handle the response. For example if a network connection is not available.

AmazonServiceException - If an error response is returned by AmazonIdentityManagement indicating either a problem with the data in the request, or a server side issue.

putUserPolicy

public void putUserPolicy(PutUserPolicyRequest putUserPolicyRequest)
                   throws AmazonServiceException,
                          AmazonClientException

Adds (or updates) a policy document associated with the specified user. For information about how to write a policy, refer to the AWS Identity and Access Management User Guide .

For information about limits on the number of policies you can associate with a user, see Limitations on AWS IAM Entities in the AWS Identity and Access Management User Guide .

NOTE:Because policy documents can be large, you should use POST rather than GET when calling PutUserPolicy. For more information, see Using the Query API in the AWS Identity and Access Management User Guide.

Specified by:

putUserPolicy in interface AmazonIdentityManagement

Parameters:

putUserPolicyRequest - Container for the necessary parameters to execute the PutUserPolicy service method on AmazonIdentityManagement.

Throws:

MalformedPolicyDocumentException

NoSuchEntityException

LimitExceededException

AmazonClientException - If any internal errors are encountered inside the client while attempting to make the request or handle the response. For example if a network connection is not available.

AmazonServiceException - If an error response is returned by AmazonIdentityManagement indicating either a problem with the data in the request, or a server side issue.

getUserPolicy

public GetUserPolicyResult getUserPolicy(GetUserPolicyRequest getUserPolicyRequest)
                                  throws AmazonServiceException,
                                         AmazonClientException

Retrieves the specified policy document for the specified user. The returned policy is URL-encoded according to RFC 3986. For more information about RFC 3986, go to http://www.faqs.org/rfcs/rfc3986.html.

Specified by:

getUserPolicy in interface AmazonIdentityManagement

Parameters:

getUserPolicyRequest - Container for the necessary parameters to execute the GetUserPolicy service method on AmazonIdentityManagement.

Returns:

The response from the GetUserPolicy service method, as returned by AmazonIdentityManagement.

Throws:

NoSuchEntityException

AmazonClientException - If any internal errors are encountered inside the client while attempting to make the request or handle the response. For example if a network connection is not available.

AmazonServiceException - If an error response is returned by AmazonIdentityManagement indicating either a problem with the data in the request, or a server side issue.

updateLoginProfile

public void updateLoginProfile(UpdateLoginProfileRequest updateLoginProfileRequest)
                        throws AmazonServiceException,
                               AmazonClientException

Updates the login profile for the specified user. Use this API to change the user's password.

Specified by:

updateLoginProfile in interface AmazonIdentityManagement

Parameters:

updateLoginProfileRequest - Container for the necessary parameters to execute the UpdateLoginProfile service method on AmazonIdentityManagement.

Throws:

EntityTemporarilyUnmodifiableException

NoSuchEntityException

AmazonClientException - If any internal errors are encountered inside the client while attempting to make the request or handle the response. For example if a network connection is not available.

AmazonServiceException - If an error response is returned by AmazonIdentityManagement indicating either a problem with the data in the request, or a server side issue.

updateUser

public void updateUser(UpdateUserRequest updateUserRequest)
                throws AmazonServiceException,
                       AmazonClientException

Updates the name and/or the path of the specified user.

IMPORTANT: You should understand the implications of changing a user's path or name. For more information, see Renaming Users and Groups in the AWS Identity and Access Management User Guide.

Specified by:

updateUser in interface AmazonIdentityManagement

Parameters:

updateUserRequest - Container for the necessary parameters to execute the UpdateUser service method on AmazonIdentityManagement.

Throws:

EntityTemporarilyUnmodifiableException

NoSuchEntityException

EntityAlreadyExistsException

AmazonClientException - If any internal errors are encountered inside the client while attempting to make the request or handle the response. For example if a network connection is not available.

AmazonServiceException - If an error response is returned by AmazonIdentityManagement indicating either a problem with the data in the request, or a server side issue.

deleteLoginProfile

public void deleteLoginProfile(DeleteLoginProfileRequest deleteLoginProfileRequest)
                        throws AmazonServiceException,
                               AmazonClientException

Deletes the login profile for the specified user, which terminates the user's ability to access AWS services through the IAM login page.

IMPORTANT:Deleting a user's login profile does not prevent a user from accessing IAM through the command line interface or the API. To prevent a user from accessing IAM through the command line interface or the API you must either make the access key inactive or delete it. For more information about making keys inactive or deleting them, see UpdateAccessKey and DeleteAccessKey.

Specified by:

deleteLoginProfile in interface AmazonIdentityManagement

Parameters:

deleteLoginProfileRequest - Container for the necessary parameters to execute the DeleteLoginProfile service method on AmazonIdentityManagement.

Throws:

EntityTemporarilyUnmodifiableException

NoSuchEntityException

AmazonClientException - If any internal errors are encountered inside the client while attempting to make the request or handle the response. For example if a network connection is not available.

AmazonServiceException - If an error response is returned by AmazonIdentityManagement indicating either a problem with the data in the request, or a server side issue.

updateSigningCertificate

public void updateSigningCertificate(UpdateSigningCertificateRequest updateSigningCertificateRequest)
                              throws AmazonServiceException,
                                     AmazonClientException

Changes the status of the specified signing certificate from active to disabled, or vice versa. This action can be used to disable a user's signing certificate as part of a certificate rotation workflow.

If the UserName field is not specified, the UserName is determined implicitly based on the AWS Access Key ID used to sign the request. Because this action works for access keys under the account, this API can be used to manage root credentials even if the account has no associated users.

For information about rotating certificates, see Managing Keys and Certificates in the AWS Identity and Access Management User Guide .

Specified by:

updateSigningCertificate in interface AmazonIdentityManagement

Parameters:

updateSigningCertificateRequest - Container for the necessary parameters to execute the UpdateSigningCertificate service method on AmazonIdentityManagement.

Throws:

NoSuchEntityException

AmazonClientException - If any internal errors are encountered inside the client while attempting to make the request or handle the response. For example if a network connection is not available.

AmazonServiceException - If an error response is returned by AmazonIdentityManagement indicating either a problem with the data in the request, or a server side issue.

listUsers

public ListUsersResult listUsers(ListUsersRequest listUsersRequest)
                          throws AmazonServiceException,
                                 AmazonClientException

Lists the users that have the specified path prefix. If there are none, the action returns an empty list.

You can paginate the results using the MaxItems and Marker parameters.

Specified by:

listUsers in interface AmazonIdentityManagement

Parameters:

listUsersRequest - Container for the necessary parameters to execute the ListUsers service method on AmazonIdentityManagement.

Returns:

The response from the ListUsers service method, as returned by AmazonIdentityManagement.

Throws:

AmazonClientException - If any internal errors are encountered inside the client while attempting to make the request or handle the response. For example if a network connection is not available.

AmazonServiceException - If an error response is returned by AmazonIdentityManagement indicating either a problem with the data in the request, or a server side issue.

deleteGroupPolicy

public void deleteGroupPolicy(DeleteGroupPolicyRequest deleteGroupPolicyRequest)
                       throws AmazonServiceException,
                              AmazonClientException

Deletes the specified policy that is associated with the specified group.

Specified by:

deleteGroupPolicy in interface AmazonIdentityManagement

Parameters:

deleteGroupPolicyRequest - Container for the necessary parameters to execute the DeleteGroupPolicy service method on AmazonIdentityManagement.

Throws:

NoSuchEntityException

AmazonClientException - If any internal errors are encountered inside the client while attempting to make the request or handle the response. For example if a network connection is not available.

AmazonServiceException - If an error response is returned by AmazonIdentityManagement indicating either a problem with the data in the request, or a server side issue.

updateGroup

public void updateGroup(UpdateGroupRequest updateGroupRequest)
                 throws AmazonServiceException,
                        AmazonClientException

Updates the name and/or the path of the specified group.

IMPORTANT: You should understand the implications of changing a group's path or name. For more information, see Renaming Users and Groups in the AWS Identity and Access Management User Guide.

Specified by:

updateGroup in interface AmazonIdentityManagement

Parameters:

updateGroupRequest - Container for the necessary parameters to execute the UpdateGroup service method on AmazonIdentityManagement.

Throws:

NoSuchEntityException

AmazonClientException - If any internal errors are encountered inside the client while attempting to make the request or handle the response. For example if a network connection is not available.

AmazonServiceException - If an error response is returned by AmazonIdentityManagement indicating either a problem with the data in the request, or a server side issue.

putGroupPolicy

public void putGroupPolicy(PutGroupPolicyRequest putGroupPolicyRequest)
                    throws AmazonServiceException,
                           AmazonClientException

Adds (or updates) a policy document associated with the specified group. For information about how to write a policy, refer to the AWS Identity and Access Management User Guide .

For information about limits on the number of policies you can associate with a group, see Limitations on AWS IAM Entities in the AWS Identity and Access Management User Guide .

NOTE:Because policy documents can be large, you should use POST rather than GET when calling PutGroupPolicy. For more information, see Using the Query API in the AWS Identity and Access Management User Guide.

Specified by:

putGroupPolicy in interface AmazonIdentityManagement

Parameters:

putGroupPolicyRequest - Container for the necessary parameters to execute the PutGroupPolicy service method on AmazonIdentityManagement.

Throws:

MalformedPolicyDocumentException

NoSuchEntityException

LimitExceededException

EntityAlreadyExistsException

AmazonClientException - If any internal errors are encountered inside the client while attempting to make the request or handle the response. For example if a network connection is not available.

AmazonServiceException - If an error response is returned by AmazonIdentityManagement indicating either a problem with the data in the request, or a server side issue.

createUser

public CreateUserResult createUser(CreateUserRequest createUserRequest)
                            throws AmazonServiceException,
                                   AmazonClientException

Creates a new user for your account.

For information about limitations on the number of users you can create, see Limitations on AWS IAM Entities in the AWS Identity and Access Management User Guide .

Specified by:

createUser in interface AmazonIdentityManagement

Parameters:

createUserRequest - Container for the necessary parameters to execute the CreateUser service method on AmazonIdentityManagement.

Returns:

The response from the CreateUser service method, as returned by AmazonIdentityManagement.

Throws:

NoSuchEntityException

LimitExceededException

EntityAlreadyExistsException

AmazonClientException - If any internal errors are encountered inside the client while attempting to make the request or handle the response. For example if a network connection is not available.

AmazonServiceException - If an error response is returned by AmazonIdentityManagement indicating either a problem with the data in the request, or a server side issue.

deleteSigningCertificate

public void deleteSigningCertificate(DeleteSigningCertificateRequest deleteSigningCertificateRequest)
                              throws AmazonServiceException,
                                     AmazonClientException

Deletes the specified signing certificate associated with the specified user.

If the UserName field is not specified, the UserName is determined implicitly based on the AWS Access Key ID used to sign the request. Because this action works for access keys under the account, this API can be used to manage root credentials even if the account has no associated users.

Specified by:

deleteSigningCertificate in interface AmazonIdentityManagement

Parameters:

deleteSigningCertificateRequest - Container for the necessary parameters to execute the DeleteSigningCertificate service method on AmazonIdentityManagement.

Throws:

NoSuchEntityException

AmazonClientException - If any internal errors are encountered inside the client while attempting to make the request or handle the response. For example if a network connection is not available.

AmazonServiceException - If an error response is returned by AmazonIdentityManagement indicating either a problem with the data in the request, or a server side issue.

enableMFADevice

public void enableMFADevice(EnableMFADeviceRequest enableMFADeviceRequest)
                     throws AmazonServiceException,
                            AmazonClientException

Enables the specified MFA device and associates it with the specified user. Once enabled, the MFA device is required for every subsequent login by the user associated with the device.

Specified by:

enableMFADevice in interface AmazonIdentityManagement

Parameters:

enableMFADeviceRequest - Container for the necessary parameters to execute the EnableMFADevice service method on AmazonIdentityManagement.

Throws:

EntityTemporarilyUnmodifiableException

NoSuchEntityException

InvalidAuthenticationCodeException

LimitExceededException

EntityAlreadyExistsException

AmazonClientException - If any internal errors are encountered inside the client while attempting to make the request or handle the response. For example if a network connection is not available.

AmazonServiceException - If an error response is returned by AmazonIdentityManagement indicating either a problem with the data in the request, or a server side issue.

listUserPolicies

public ListUserPoliciesResult listUserPolicies(ListUserPoliciesRequest listUserPoliciesRequest)
                                        throws AmazonServiceException,
                                               AmazonClientException

Lists the names of the policies associated with the specified user. If there are none, the action returns an empty list.

You can paginate the results using the MaxItems and Marker parameters.

Specified by:

listUserPolicies in interface AmazonIdentityManagement

Parameters:

listUserPoliciesRequest - Container for the necessary parameters to execute the ListUserPolicies service method on AmazonIdentityManagement.

Returns:

The response from the ListUserPolicies service method, as returned by AmazonIdentityManagement.

Throws:

NoSuchEntityException

AmazonClientException - If any internal errors are encountered inside the client while attempting to make the request or handle the response. For example if a network connection is not available.

AmazonServiceException - If an error response is returned by AmazonIdentityManagement indicating either a problem with the data in the request, or a server side issue.

listAccessKeys

public ListAccessKeysResult listAccessKeys(ListAccessKeysRequest listAccessKeysRequest)
                                    throws AmazonServiceException,
                                           AmazonClientException

Returns information about the Access Key IDs associated with the specified user. If there are none, the action returns an empty list.

Although each user is limited to a small number of keys, you can still paginate the results using the MaxItems and Marker parameters.

If the UserName field is not specified, the UserName is determined implicitly based on the AWS Access Key ID used to sign the request. Because this action works for access keys under the account, this API can be used to manage root credentials even if the account has no associated users.

NOTE:To ensure the security of your account, the secret access key is accesible only during key and user creation.

Specified by:

listAccessKeys in interface AmazonIdentityManagement

Parameters:

listAccessKeysRequest - Container for the necessary parameters to execute the ListAccessKeys service method on AmazonIdentityManagement.

Returns:

The response from the ListAccessKeys service method, as returned by AmazonIdentityManagement.

Throws:

NoSuchEntityException

AmazonClientException - If any internal errors are encountered inside the client while attempting to make the request or handle the response. For example if a network connection is not available.

AmazonServiceException - If an error response is returned by AmazonIdentityManagement indicating either a problem with the data in the request, or a server side issue.

getLoginProfile

public GetLoginProfileResult getLoginProfile(GetLoginProfileRequest getLoginProfileRequest)
                                      throws AmazonServiceException,
                                             AmazonClientException

Retrieves the login profile for the specified user.

Specified by:

getLoginProfile in interface AmazonIdentityManagement

Parameters:

getLoginProfileRequest - Container for the necessary parameters to execute the GetLoginProfile service method on AmazonIdentityManagement.

Returns:

The response from the GetLoginProfile service method, as returned by AmazonIdentityManagement.

Throws:

NoSuchEntityException

AmazonClientException - If any internal errors are encountered inside the client while attempting to make the request or handle the response. For example if a network connection is not available.

AmazonServiceException - If an error response is returned by AmazonIdentityManagement indicating either a problem with the data in the request, or a server side issue.

listGroupsForUser

public ListGroupsForUserResult listGroupsForUser(ListGroupsForUserRequest listGroupsForUserRequest)
                                          throws AmazonServiceException,
                                                 AmazonClientException

Lists the groups the specified user belongs to.

You can paginate the results using the MaxItems and Marker parameters.

Specified by:

listGroupsForUser in interface AmazonIdentityManagement

Parameters:

listGroupsForUserRequest - Container for the necessary parameters to execute the ListGroupsForUser service method on AmazonIdentityManagement.

Returns:

The response from the ListGroupsForUser service method, as returned by AmazonIdentityManagement.

Throws:

NoSuchEntityException

AmazonClientException - If any internal errors are encountered inside the client while attempting to make the request or handle the response. For example if a network connection is not available.

AmazonServiceException - If an error response is returned by AmazonIdentityManagement indicating either a problem with the data in the request, or a server side issue.

createGroup

public CreateGroupResult createGroup(CreateGroupRequest createGroupRequest)
                              throws AmazonServiceException,
                                     AmazonClientException

Creates a new group.

For information about the number of groups you can create, see Limitations on AWS IAM Entities in the AWS Identity and Access Management User Guide .

Specified by:

createGroup in interface AmazonIdentityManagement

Parameters:

createGroupRequest - Container for the necessary parameters to execute the CreateGroup service method on AmazonIdentityManagement.

Returns:

The response from the CreateGroup service method, as returned by AmazonIdentityManagement.

Throws:

NoSuchEntityException

LimitExceededException

EntityAlreadyExistsException

AmazonClientException - If any internal errors are encountered inside the client while attempting to make the request or handle the response. For example if a network connection is not available.

AmazonServiceException - If an error response is returned by AmazonIdentityManagement indicating either a problem with the data in the request, or a server side issue.

deleteUser

public void deleteUser(DeleteUserRequest deleteUserRequest)
                throws AmazonServiceException,
                       AmazonClientException

Deletes the specified user. The user must not belong to any groups, have any keys or signing certificates, or have any attached policies.

Specified by:

deleteUser in interface AmazonIdentityManagement

Parameters:

deleteUserRequest - Container for the necessary parameters to execute the DeleteUser service method on AmazonIdentityManagement.

Throws:

NoSuchEntityException

DeleteConflictException

AmazonClientException - If any internal errors are encountered inside the client while attempting to make the request or handle the response. For example if a network connection is not available.

AmazonServiceException - If an error response is returned by AmazonIdentityManagement indicating either a problem with the data in the request, or a server side issue.

getGroupPolicy

public GetGroupPolicyResult getGroupPolicy(GetGroupPolicyRequest getGroupPolicyRequest)
                                    throws AmazonServiceException,
                                           AmazonClientException

Retrieves the specified policy document for the specified group. The returned policy is URL-encoded according to RFC 3986. For more information about RFC 3986, go to http://www.faqs.org/rfcs/rfc3986.html.

Specified by:

getGroupPolicy in interface AmazonIdentityManagement

Parameters:

getGroupPolicyRequest - Container for the necessary parameters to execute the GetGroupPolicy service method on AmazonIdentityManagement.

Returns:

The response from the GetGroupPolicy service method, as returned by AmazonIdentityManagement.

Throws:

NoSuchEntityException

AmazonClientException - If any internal errors are encountered inside the client while attempting to make the request or handle the response. For example if a network connection is not available.

AmazonServiceException - If an error response is returned by AmazonIdentityManagement indicating either a problem with the data in the request, or a server side issue.

deactivateMFADevice

public void deactivateMFADevice(DeactivateMFADeviceRequest deactivateMFADeviceRequest)
                         throws AmazonServiceException,
                                AmazonClientException

Deactivates the specified MFA device and removes it from association with the user for which it was originally enabled.

Specified by:

deactivateMFADevice in interface AmazonIdentityManagement

Parameters:

deactivateMFADeviceRequest - Container for the necessary parameters to execute the DeactivateMFADevice service method on AmazonIdentityManagement.

Throws:

EntityTemporarilyUnmodifiableException

NoSuchEntityException

AmazonClientException - If any internal errors are encountered inside the client while attempting to make the request or handle the response. For example if a network connection is not available.

AmazonServiceException - If an error response is returned by AmazonIdentityManagement indicating either a problem with the data in the request, or a server side issue.

removeUserFromGroup

public void removeUserFromGroup(RemoveUserFromGroupRequest removeUserFromGroupRequest)
                         throws AmazonServiceException,
                                AmazonClientException

Removes the specified user from the specified group.

Specified by:

removeUserFromGroup in interface AmazonIdentityManagement

Parameters:

removeUserFromGroupRequest - Container for the necessary parameters to execute the RemoveUserFromGroup service method on AmazonIdentityManagement.

Throws:

NoSuchEntityException

AmazonClientException - If any internal errors are encountered inside the client while attempting to make the request or handle the response. For example if a network connection is not available.

AmazonServiceException - If an error response is returned by AmazonIdentityManagement indicating either a problem with the data in the request, or a server side issue.

listGroupPolicies

public ListGroupPoliciesResult listGroupPolicies(ListGroupPoliciesRequest listGroupPoliciesRequest)
                                          throws AmazonServiceException,
                                                 AmazonClientException

Lists the names of the policies associated with the specified group. If there are none, the action returns an empty list.

You can paginate the results using the MaxItems and Marker parameters.

Specified by:

listGroupPolicies in interface AmazonIdentityManagement

Parameters:

listGroupPoliciesRequest - Container for the necessary parameters to execute the ListGroupPolicies service method on AmazonIdentityManagement.

Returns:

The response from the ListGroupPolicies service method, as returned by AmazonIdentityManagement.

Throws:

NoSuchEntityException

AmazonClientException - If any internal errors are encountered inside the client while attempting to make the request or handle the response. For example if a network connection is not available.

AmazonServiceException - If an error response is returned by AmazonIdentityManagement indicating either a problem with the data in the request, or a server side issue.

createLoginProfile

public CreateLoginProfileResult createLoginProfile(CreateLoginProfileRequest createLoginProfileRequest)
                                            throws AmazonServiceException,
                                                   AmazonClientException

Creates a login profile for the specified user, giving the user the ability to access AWS services such as the AWS Management Console. For more information about login profiles, see Managing Login Profiles and MFA Devices in the AWS Identity and Access Management User Guide .

Specified by:

createLoginProfile in interface AmazonIdentityManagement

Parameters:

createLoginProfileRequest - Container for the necessary parameters to execute the CreateLoginProfile service method on AmazonIdentityManagement.

Returns:

The response from the CreateLoginProfile service method, as returned by AmazonIdentityManagement.

Throws:

NoSuchEntityException

EntityAlreadyExistsException

AmazonClientException - If any internal errors are encountered inside the client while attempting to make the request or handle the response. For example if a network connection is not available.

AmazonServiceException - If an error response is returned by AmazonIdentityManagement indicating either a problem with the data in the request, or a server side issue.

createAccessKey

public CreateAccessKeyResult createAccessKey(CreateAccessKeyRequest createAccessKeyRequest)
                                      throws AmazonServiceException,
                                             AmazonClientException

Creates a new AWS Secret Access Key and corresponding AWS Access Key ID for the specified user. The default status for new keys is Active.

If the UserName field is not specified, the UserName is determined implicitly based on the AWS Access Key ID used to sign the request. Because this action works for access keys under the account, this API can be used to manage root credentials even if the account has no associated users.

For information about limits on the number of keys you can create, see Limitations on AWS IAM Entities in the AWS Identity and Access Management User Guide .

IMPORTANT:To ensure the security of your account, the secret access key is accesible only during key and user creation. You must save the key (for example, in a text file) if you want to be able to access it again. If a secret key is lost, you can delete the access keys for the associated user and then create new keys.

Specified by:

createAccessKey in interface AmazonIdentityManagement

Parameters:

createAccessKeyRequest - Container for the necessary parameters to execute the CreateAccessKey service method on AmazonIdentityManagement.

Returns:

The response from the CreateAccessKey service method, as returned by AmazonIdentityManagement.

Throws:

NoSuchEntityException

LimitExceededException

AmazonClientException - If any internal errors are encountered inside the client while attempting to make the request or handle the response. For example if a network connection is not available.

AmazonServiceException - If an error response is returned by AmazonIdentityManagement indicating either a problem with the data in the request, or a server side issue.

getUser

public GetUserResult getUser(GetUserRequest getUserRequest)
                      throws AmazonServiceException,
                             AmazonClientException

Retrieves information about the specified user, including the user's path, GUID, and ARN.

If the UserName field is not specified, UserName is determined implicitly based on the AWS Access Key ID used to sign the request.

Specified by:

getUser in interface AmazonIdentityManagement

Parameters:

getUserRequest - Container for the necessary parameters to execute the GetUser service method on AmazonIdentityManagement.

Returns:

The response from the GetUser service method, as returned by AmazonIdentityManagement.

Throws:

NoSuchEntityException

AmazonClientException - If any internal errors are encountered inside the client while attempting to make the request or handle the response. For example if a network connection is not available.

AmazonServiceException - If an error response is returned by AmazonIdentityManagement indicating either a problem with the data in the request, or a server side issue.

resyncMFADevice

public void resyncMFADevice(ResyncMFADeviceRequest resyncMFADeviceRequest)
                     throws AmazonServiceException,
                            AmazonClientException

Synchronizes the specified MFA device with AWS servers.

Specified by:

resyncMFADevice in interface AmazonIdentityManagement

Parameters:

resyncMFADeviceRequest - Container for the necessary parameters to execute the ResyncMFADevice service method on AmazonIdentityManagement.

Throws:

NoSuchEntityException

InvalidAuthenticationCodeException

AmazonClientException - If any internal errors are encountered inside the client while attempting to make the request or handle the response. For example if a network connection is not available.

AmazonServiceException - If an error response is returned by AmazonIdentityManagement indicating either a problem with the data in the request, or a server side issue.

listMFADevices

public ListMFADevicesResult listMFADevices(ListMFADevicesRequest listMFADevicesRequest)
                                    throws AmazonServiceException,
                                           AmazonClientException

Lists the MFA devices associated with the specified user.

You can paginate the results using the MaxItems and Marker parameters.

Specified by:

listMFADevices in interface AmazonIdentityManagement

Parameters:

listMFADevicesRequest - Container for the necessary parameters to execute the ListMFADevices service method on AmazonIdentityManagement.

Returns:

The response from the ListMFADevices service method, as returned by AmazonIdentityManagement.

Throws:

NoSuchEntityException

AmazonClientException - If any internal errors are encountered inside the client while attempting to make the request or handle the response. For example if a network connection is not available.

AmazonServiceException - If an error response is returned by AmazonIdentityManagement indicating either a problem with the data in the request, or a server side issue.

updateAccessKey

public void updateAccessKey(UpdateAccessKeyRequest updateAccessKeyRequest)
                     throws AmazonServiceException,
                            AmazonClientException

Changes the status of the specified access key from Active to Inactive, or vice versa. This action can be used to disable a user's key as part of a key rotation workflow.

If the UserName field is not specified, the UserName is determined implicitly based on the AWS Access Key ID used to sign the request. Because this action works for access keys under the account, this API can be used to manage root credentials even if the account has no associated users.

For information about rotating keys, see Managing Keys and Certificates in the AWS Identity and Access Management User Guide .

Specified by:

updateAccessKey in interface AmazonIdentityManagement

Parameters:

updateAccessKeyRequest - Container for the necessary parameters to execute the UpdateAccessKey service method on AmazonIdentityManagement.

Throws:

NoSuchEntityException

AmazonClientException - If any internal errors are encountered inside the client while attempting to make the request or handle the response. For example if a network connection is not available.

AmazonServiceException - If an error response is returned by AmazonIdentityManagement indicating either a problem with the data in the request, or a server side issue.

addUserToGroup

public void addUserToGroup(AddUserToGroupRequest addUserToGroupRequest)
                    throws AmazonServiceException,
                           AmazonClientException

Adds the specified user to the specified group.

Specified by:

addUserToGroup in interface AmazonIdentityManagement

Parameters:

addUserToGroupRequest - Container for the necessary parameters to execute the AddUserToGroup service method on AmazonIdentityManagement.

Throws:

NoSuchEntityException

LimitExceededException

AmazonClientException - If any internal errors are encountered inside the client while attempting to make the request or handle the response. For example if a network connection is not available.

AmazonServiceException - If an error response is returned by AmazonIdentityManagement indicating either a problem with the data in the request, or a server side issue.

getGroup

public GetGroupResult getGroup(GetGroupRequest getGroupRequest)
                        throws AmazonServiceException,
                               AmazonClientException

Returns a list of users that are in the specified group. You can paginate the results using the MaxItems and Marker parameters.

Specified by:

getGroup in interface AmazonIdentityManagement

Parameters:

getGroupRequest - Container for the necessary parameters to execute the GetGroup service method on AmazonIdentityManagement.

Returns:

The response from the GetGroup service method, as returned by AmazonIdentityManagement.

Throws:

NoSuchEntityException

AmazonClientException - If any internal errors are encountered inside the client while attempting to make the request or handle the response. For example if a network connection is not available.

AmazonServiceException - If an error response is returned by AmazonIdentityManagement indicating either a problem with the data in the request, or a server side issue.

deleteGroup

public void deleteGroup(DeleteGroupRequest deleteGroupRequest)
                 throws AmazonServiceException,
                        AmazonClientException

Deletes the specified group. The group must not contain any users or have any attached policies.

Specified by:

deleteGroup in interface AmazonIdentityManagement

Parameters:

deleteGroupRequest - Container for the necessary parameters to execute the DeleteGroup service method on AmazonIdentityManagement.

Throws:

NoSuchEntityException

DeleteConflictException

AmazonClientException - If any internal errors are encountered inside the client while attempting to make the request or handle the response. For example if a network connection is not available.

AmazonServiceException - If an error response is returned by AmazonIdentityManagement indicating either a problem with the data in the request, or a server side issue.

listGroups

public ListGroupsResult listGroups()
                            throws AmazonServiceException,
                                   AmazonClientException

Lists the groups that have the specified path prefix.

You can paginate the results using the MaxItems and Marker parameters.

Specified by:

listGroups in interface AmazonIdentityManagement

Returns:

The response from the ListGroups service method, as returned by AmazonIdentityManagement.

Throws:

AmazonClientException - If any internal errors are encountered inside the client while attempting to make the request or handle the response. For example if a network connection is not available.

AmazonServiceException - If an error response is returned by AmazonIdentityManagement indicating either a problem with the data in the request, or a server side issue.

listSigningCertificates

public ListSigningCertificatesResult listSigningCertificates()
                                                      throws AmazonServiceException,
                                                             AmazonClientException

Returns information about the signing certificates associated with the specified user. If there are none, the action returns an empty list.

Although each user is limited to a small number of signing certificates, you can still paginate the results using the MaxItems and Marker parameters.

If the UserName field is not specified, the UserName is determined implicitly based on the AWS Access Key ID used to sign the request. Because this action works for access keys under the account, this API can be used to manage root credentials even if the account has no associated users.

Specified by:

listSigningCertificates in interface AmazonIdentityManagement

Returns:

The response from the ListSigningCertificates service method, as returned by AmazonIdentityManagement.

Throws:

NoSuchEntityException

AmazonClientException - If any internal errors are encountered inside the client while attempting to make the request or handle the response. For example if a network connection is not available.

AmazonServiceException - If an error response is returned by AmazonIdentityManagement indicating either a problem with the data in the request, or a server side issue.

listUsers

public ListUsersResult listUsers()
                          throws AmazonServiceException,
                                 AmazonClientException

Lists the users that have the specified path prefix. If there are none, the action returns an empty list.

You can paginate the results using the MaxItems and Marker parameters.

Specified by:

listUsers in interface AmazonIdentityManagement

Returns:

The response from the ListUsers service method, as returned by AmazonIdentityManagement.

Throws:

AmazonClientException - If any internal errors are encountered inside the client while attempting to make the request or handle the response. For example if a network connection is not available.

AmazonServiceException - If an error response is returned by AmazonIdentityManagement indicating either a problem with the data in the request, or a server side issue.

listAccessKeys

public ListAccessKeysResult listAccessKeys()
                                    throws AmazonServiceException,
                                           AmazonClientException

Returns information about the Access Key IDs associated with the specified user. If there are none, the action returns an empty list.

Although each user is limited to a small number of keys, you can still paginate the results using the MaxItems and Marker parameters.

If the UserName field is not specified, the UserName is determined implicitly based on the AWS Access Key ID used to sign the request. Because this action works for access keys under the account, this API can be used to manage root credentials even if the account has no associated users.

NOTE:To ensure the security of your account, the secret access key is accesible only during key and user creation.

Specified by:

listAccessKeys in interface AmazonIdentityManagement

Returns:

The response from the ListAccessKeys service method, as returned by AmazonIdentityManagement.

Throws:

NoSuchEntityException

AmazonClientException - If any internal errors are encountered inside the client while attempting to make the request or handle the response. For example if a network connection is not available.

AmazonServiceException - If an error response is returned by AmazonIdentityManagement indicating either a problem with the data in the request, or a server side issue.

createAccessKey

public CreateAccessKeyResult createAccessKey()
                                      throws AmazonServiceException,
                                             AmazonClientException

Creates a new AWS Secret Access Key and corresponding AWS Access Key ID for the specified user. The default status for new keys is Active.

If the UserName field is not specified, the UserName is determined implicitly based on the AWS Access Key ID used to sign the request. Because this action works for access keys under the account, this API can be used to manage root credentials even if the account has no associated users.

For information about limits on the number of keys you can create, see Limitations on AWS IAM Entities in the AWS Identity and Access Management User Guide .

IMPORTANT:To ensure the security of your account, the secret access key is accesible only during key and user creation. You must save the key (for example, in a text file) if you want to be able to access it again. If a secret key is lost, you can delete the access keys for the associated user and then create new keys.

Specified by:

createAccessKey in interface AmazonIdentityManagement

Returns:

The response from the CreateAccessKey service method, as returned by AmazonIdentityManagement.

Throws:

NoSuchEntityException

LimitExceededException

AmazonClientException - If any internal errors are encountered inside the client while attempting to make the request or handle the response. For example if a network connection is not available.

AmazonServiceException - If an error response is returned by AmazonIdentityManagement indicating either a problem with the data in the request, or a server side issue.

getUser

public GetUserResult getUser()
                      throws AmazonServiceException,
                             AmazonClientException

Retrieves information about the specified user, including the user's path, GUID, and ARN.

If the UserName field is not specified, UserName is determined implicitly based on the AWS Access Key ID used to sign the request.

Specified by:

getUser in interface AmazonIdentityManagement

Returns:

The response from the GetUser service method, as returned by AmazonIdentityManagement.

Throws:

NoSuchEntityException

AmazonClientException - If any internal errors are encountered inside the client while attempting to make the request or handle the response. For example if a network connection is not available.

AmazonServiceException - If an error response is returned by AmazonIdentityManagement indicating either a problem with the data in the request, or a server side issue.

getCachedResponseMetadata

public ResponseMetadata getCachedResponseMetadata(AmazonWebServiceRequest request)

Returns additional metadata for a previously executed successful, request, typically used for debugging issues where a service isn't acting as expected. This data isn't considered part of the result data returned by an operation, so it's available through this separate, diagnostic interface.

Response metadata is only cached for a limited period of time, so if you need to access this extra diagnostic information for an executed request, you should use this method to retrieve it as soon as possible after executing the request.

Specified by:

getCachedResponseMetadata in interface AmazonIdentityManagement

Parameters:

request - The originally executed request

Returns:

The response metadata for the specified request, or null if none is available.