Configuration parameters
roleArn— Role ArnroleSessionName— Role Session NamedefaultRegion— AWS Default Region (required)sessionDuration— Role Session Durationcredentials— Access Keyaccess_key— Access Keysecret_key— Secret Keytimeout— Timeoutretries— Retriessts_regional_endpoint— AWS STS Regional Endpointsinsecure— Trust any certificate (not secure)proxy— Use system proxy settings
Commands (66)
-
aws-iam-access-key-update-quick-actionImmediately disables a specific IAM access key. This stops all CLI, SDK, and API-based communication for this key ID without deleting it, enabling forensic recovery or re-enabling if the key is found to be safe.
-
aws-iam-account-password-policy-update-quick-actionUpdates the password policy to require a minimum length of 14 characters, at least one lowercase letter, one uppercase letter, one symbol. Allows users to reset password, disallow reuse of the last 24 passwords and set password expiration to 90 days. It runs the aws-iam-update-account-password-policy CLI command in your AWS environment and requires the 'iam:UpdateAccountPasswordPolicy' permission.
-
aws-iam-add-role-to-instance-profileAdds the specified IAM role to the specified instance profile. An instance profile can contain only one role, and this limit cannot be increased. You can remove the existing role and then add a different role to an instance profile.
-
aws-iam-add-user-to-groupAdds the specified user to the specified group.
-
aws-iam-attach-policyAttaches the specified managed policy to the specified IAM Entity.
-
aws-iam-create-access-keyCreates a new AWS secret access key and corresponding AWS access key ID for the specified user. The default status for new keys is Active .
-
aws-iam-create-account-aliasCreates an alias for your AWS account.
-
aws-iam-create-groupCreates a new iam group.
-
aws-iam-create-instance-profileCreates a new instance profile.
-
aws-iam-create-login-profileCreates a password for the specified user, giving the user the ability to access AWS services through the AWS Management Console.
-
aws-iam-create-policyCreates a new managed policy for your AWS account. This operation creates a policy version with a version identifier of v1 and sets v1 as the policy's default version.
-
aws-iam-create-policy-versionCreates a new version of the specified managed policy. To update a managed policy, you create a new policy version. A managed policy can have up to five versions. If the policy has five versions, you must delete an existing version using DeletePolicyVersion before you create a new version. Optionally, you can set the new version as the policy's default version. The default version is the version that is in effect for the IAM users, groups, and roles to which the policy is attached.
-
aws-iam-create-roleCreates a new role for your AWS account.
-
aws-iam-create-userCreates a new IAM user for your AWS account.
-
aws-iam-deactivate-mfa-devicesDeactivates the specified MFA device and removes it from association with the user name for which it was originally enabled.
-
aws-iam-delete-access-keyDeletes the access key pair associated with the specified IAM user.
-
aws-iam-delete-account-aliasDeletes the specified AWS account alias.
-
aws-iam-delete-groupDeletes the specified IAM group. The group must not contain any users or have any attached policies.
-
aws-iam-delete-instance-profileDeletes the specified instance profile. The instance profile must not have an associated role.
-
aws-iam-delete-login-profileDeletes the password for the specified IAM user, which terminates the user's ability to access AWS services through the AWS Management Console.
-
aws-iam-delete-mfa-devicesDeletes a virtual MFA device.
-
aws-iam-delete-policyDeletes the specified managed policy. Before you can delete a managed policy, you must first detach the policy from all users, groups, and roles that it is attached to. In addition you must delete all the policy's versions.
-
aws-iam-delete-policy-versionDeletes the specified version from the specified managed policy. You cannot delete the default version from a policy using this API. To delete the default version from a policy, use DeletePolicy . To find out which version of a policy is marked as the default version, use ListPolicyVersions .
-
aws-iam-delete-roleDeletes the specified role. The role must not have any policies attached.
-
aws-iam-delete-userDeletes the specified IAM user. The user must not belong to any groups or have any access keys, signing certificates, or attached policies.
-
aws-iam-detach-policyRemoves the specified managed policy from the specified IAM Entity.
-
aws-iam-get-access-key-last-usedRetrieves information about when the specified access key was last used. The information includes the date and time of last use, along with the AWS service and region that were specified in the last request made with that key.
-
aws-iam-get-account-password-policyGet AWS account's password policy.
-
aws-iam-get-instance-profileRetrieves information about the specified instance profile.
-
aws-iam-get-policyRetrieves information about the specified managed policy, including the policy's default version and the total number of IAM users, groups, and roles to which the policy is attached.
-
aws-iam-get-policy-versionRetrieves information about the specified version of the specified managed policy, including the policy document.
-
aws-iam-get-roleRetrieves information about the specified role.
-
aws-iam-get-role-policyRetrieves the specified inline policy document that is embedded with the specified IAM role.
-
aws-iam-get-userRetrieves information about the specified IAM user, including the user's creation date, path, unique ID, and ARN.
-
aws-iam-get-user-login-profileRetrieves the user login profile information for AWS management consle.
-
aws-iam-list-access-keys-for-userReturns information about the access key IDs associated with the specified IAM user.
-
aws-iam-list-attached-group-policiesLists all managed policies that are attached to the specified IAM group.
-
aws-iam-list-attached-role-policiesList all managed policies that are attached to the specified IAM role.
-
aws-iam-list-attached-user-policiesLists all managed policies that are attached to the specified IAM user.
-
aws-iam-list-groupsLists all the IAM groups in the AWS account.
-
aws-iam-list-groups-for-userLists the IAM groups that the specified IAM user belongs to.
-
aws-iam-list-instance-profilesLists all the instance profiles tin your AWS account.
-
aws-iam-list-instance-profiles-for-roleLists the instance profiles that have the specified associated IAM role.
-
aws-iam-list-mfa-devicesLists the MFA devices for an IAM user.
-
aws-iam-list-policiesLists all the managed policies that are available in your AWS account, including your own customer-defined managed policies and all AWS managed policies.
-
aws-iam-list-policy-versionsLists information about the versions of the specified managed policy, including the version that is currently set as the policy's default version.
-
aws-iam-list-role-policiesLists the names of the inline policies that are embedded in the specified IAM role.
-
aws-iam-list-rolesLists all IAM roles.
-
aws-iam-list-user-policiesLists the names of the inline policies embedded in the specified IAM user.
-
aws-iam-list-usersLists the IAM users, returns all users in the AWS account.
-
aws-iam-login-profile-delete-quick-actionPermanently deletes the IAM user's password (login profile). This prevents the user from signing into the AWS Management Console but does not deactivate their programmatic access keys or delete the IAM user itself.
-
aws-iam-put-group-policyAdds or updates an inline policy document that is embedded in the specified IAM group.
-
aws-iam-put-role-policyAdds or updates an inline policy document that is embedded in the specified IAM role.
-
aws-iam-put-user-policyAdds or updates an inline policy document that is embedded in the specified IAM user.
-
aws-iam-remove-role-from-instance-profileRemoves the specified IAM role from the specified EC2 instance profile.
-
aws-iam-remove-user-from-groupRemoves the specified user from the specified group.
-
aws-iam-set-default-policy-versionSets the specified version of the specified policy as the policy's default (operative) version. This operation affects all users, groups, and roles that the policy is attached to.
-
aws-iam-tag-roleAdds one or more tags to an IAM role. The role can be a regular role or a service-linked role. If a tag with the same key name already exists, then that tag is overwritten with the new value.
-
aws-iam-tag-userAdds one or more tags to an IAM user. If a tag with the same key name already exists, then that tag is overwritten with the new value.
-
aws-iam-untag-roleRemoves the specified tags from the role.
-
aws-iam-untag-userRemoves the specified tags from the user.
-
aws-iam-update-access-keyChanges the status of the specified access key from Active to Inactive, or vice versa. This operation can be used to disable a user's key as part of a key rotation workflow.
-
aws-iam-update-account-password-policyCreate/update password policy.
-
aws-iam-update-login-profileChanges the password for the specified IAM user.
-
aws-iam-update-userUpdates the name and/or the path of the specified IAM user.
-
aws-iam-user-policy-put-quick-actionAttaches an inline "Deny All" policy for the specified IAM user, effectively blocking the user from performing any actions on all AWS resources.