AWS - IAM

Amazon Web Services Identity and Access Management (IAM).

IT Services · AWS - IAM

Configuration parameters

  • roleArn — Role Arn
  • roleSessionName — Role Session Name
  • defaultRegion — AWS Default Region (required)
  • sessionDuration — Role Session Duration
  • credentials — Access Key
  • access_key — Access Key
  • secret_key — Secret Key
  • timeout — Timeout
  • retries — Retries
  • sts_regional_endpoint — AWS STS Regional Endpoints
  • insecure — Trust any certificate (not secure)
  • proxy — Use system proxy settings

Commands (66)

  • aws-iam-access-key-update-quick-action

    Immediately disables a specific IAM access key. This stops all CLI, SDK, and API-based communication for this key ID without deleting it, enabling forensic recovery or re-enabling if the key is found to be safe.

  • aws-iam-account-password-policy-update-quick-action

    Updates the password policy to require a minimum length of 14 characters, at least one lowercase letter, one uppercase letter, one symbol. Allows users to reset password, disallow reuse of the last 24 passwords and set password expiration to 90 days. It runs the aws-iam-update-account-password-policy CLI command in your AWS environment and requires the 'iam:UpdateAccountPasswordPolicy' permission.

  • aws-iam-add-role-to-instance-profile

    Adds the specified IAM role to the specified instance profile. An instance profile can contain only one role, and this limit cannot be increased. You can remove the existing role and then add a different role to an instance profile.

  • aws-iam-add-user-to-group

    Adds the specified user to the specified group.

  • aws-iam-attach-policy

    Attaches the specified managed policy to the specified IAM Entity.

  • aws-iam-create-access-key

    Creates a new AWS secret access key and corresponding AWS access key ID for the specified user. The default status for new keys is Active .

  • aws-iam-create-account-alias

    Creates an alias for your AWS account.

  • aws-iam-create-group

    Creates a new iam group.

  • aws-iam-create-instance-profile

    Creates a new instance profile.

  • aws-iam-create-login-profile

    Creates a password for the specified user, giving the user the ability to access AWS services through the AWS Management Console.

  • aws-iam-create-policy

    Creates a new managed policy for your AWS account. This operation creates a policy version with a version identifier of v1 and sets v1 as the policy's default version.

  • aws-iam-create-policy-version

    Creates a new version of the specified managed policy. To update a managed policy, you create a new policy version. A managed policy can have up to five versions. If the policy has five versions, you must delete an existing version using DeletePolicyVersion before you create a new version. Optionally, you can set the new version as the policy's default version. The default version is the version that is in effect for the IAM users, groups, and roles to which the policy is attached.

  • aws-iam-create-role

    Creates a new role for your AWS account.

  • aws-iam-create-user

    Creates a new IAM user for your AWS account.

  • aws-iam-deactivate-mfa-devices

    Deactivates the specified MFA device and removes it from association with the user name for which it was originally enabled.

  • aws-iam-delete-access-key

    Deletes the access key pair associated with the specified IAM user.

  • aws-iam-delete-account-alias

    Deletes the specified AWS account alias.

  • aws-iam-delete-group

    Deletes the specified IAM group. The group must not contain any users or have any attached policies.

  • aws-iam-delete-instance-profile

    Deletes the specified instance profile. The instance profile must not have an associated role.

  • aws-iam-delete-login-profile

    Deletes the password for the specified IAM user, which terminates the user's ability to access AWS services through the AWS Management Console.

  • aws-iam-delete-mfa-devices

    Deletes a virtual MFA device.

  • aws-iam-delete-policy

    Deletes the specified managed policy. Before you can delete a managed policy, you must first detach the policy from all users, groups, and roles that it is attached to. In addition you must delete all the policy's versions.

  • aws-iam-delete-policy-version

    Deletes the specified version from the specified managed policy. You cannot delete the default version from a policy using this API. To delete the default version from a policy, use DeletePolicy . To find out which version of a policy is marked as the default version, use ListPolicyVersions .

  • aws-iam-delete-role

    Deletes the specified role. The role must not have any policies attached.

  • aws-iam-delete-user

    Deletes the specified IAM user. The user must not belong to any groups or have any access keys, signing certificates, or attached policies.

  • aws-iam-detach-policy

    Removes the specified managed policy from the specified IAM Entity.

  • aws-iam-get-access-key-last-used

    Retrieves information about when the specified access key was last used. The information includes the date and time of last use, along with the AWS service and region that were specified in the last request made with that key.

  • aws-iam-get-account-password-policy

    Get AWS account's password policy.

  • aws-iam-get-instance-profile

    Retrieves information about the specified instance profile.

  • aws-iam-get-policy

    Retrieves information about the specified managed policy, including the policy's default version and the total number of IAM users, groups, and roles to which the policy is attached.

  • aws-iam-get-policy-version

    Retrieves information about the specified version of the specified managed policy, including the policy document.

  • aws-iam-get-role

    Retrieves information about the specified role.

  • aws-iam-get-role-policy

    Retrieves the specified inline policy document that is embedded with the specified IAM role.

  • aws-iam-get-user

    Retrieves information about the specified IAM user, including the user's creation date, path, unique ID, and ARN.

  • aws-iam-get-user-login-profile

    Retrieves the user login profile information for AWS management consle.

  • aws-iam-list-access-keys-for-user

    Returns information about the access key IDs associated with the specified IAM user.

  • aws-iam-list-attached-group-policies

    Lists all managed policies that are attached to the specified IAM group.

  • aws-iam-list-attached-role-policies

    List all managed policies that are attached to the specified IAM role.

  • aws-iam-list-attached-user-policies

    Lists all managed policies that are attached to the specified IAM user.

  • aws-iam-list-groups

    Lists all the IAM groups in the AWS account.

  • aws-iam-list-groups-for-user

    Lists the IAM groups that the specified IAM user belongs to.

  • aws-iam-list-instance-profiles

    Lists all the instance profiles tin your AWS account.

  • aws-iam-list-instance-profiles-for-role

    Lists the instance profiles that have the specified associated IAM role.

  • aws-iam-list-mfa-devices

    Lists the MFA devices for an IAM user.

  • aws-iam-list-policies

    Lists all the managed policies that are available in your AWS account, including your own customer-defined managed policies and all AWS managed policies.

  • aws-iam-list-policy-versions

    Lists information about the versions of the specified managed policy, including the version that is currently set as the policy's default version.

  • aws-iam-list-role-policies

    Lists the names of the inline policies that are embedded in the specified IAM role.

  • aws-iam-list-roles

    Lists all IAM roles.

  • aws-iam-list-user-policies

    Lists the names of the inline policies embedded in the specified IAM user.

  • aws-iam-list-users

    Lists the IAM users, returns all users in the AWS account.

  • aws-iam-login-profile-delete-quick-action

    Permanently deletes the IAM user's password (login profile). This prevents the user from signing into the AWS Management Console but does not deactivate their programmatic access keys or delete the IAM user itself.

  • aws-iam-put-group-policy

    Adds or updates an inline policy document that is embedded in the specified IAM group.

  • aws-iam-put-role-policy

    Adds or updates an inline policy document that is embedded in the specified IAM role.

  • aws-iam-put-user-policy

    Adds or updates an inline policy document that is embedded in the specified IAM user.

  • aws-iam-remove-role-from-instance-profile

    Removes the specified IAM role from the specified EC2 instance profile.

  • aws-iam-remove-user-from-group

    Removes the specified user from the specified group.

  • aws-iam-set-default-policy-version

    Sets the specified version of the specified policy as the policy's default (operative) version. This operation affects all users, groups, and roles that the policy is attached to.

  • aws-iam-tag-role

    Adds one or more tags to an IAM role. The role can be a regular role or a service-linked role. If a tag with the same key name already exists, then that tag is overwritten with the new value.

  • aws-iam-tag-user

    Adds one or more tags to an IAM user. If a tag with the same key name already exists, then that tag is overwritten with the new value.

  • aws-iam-untag-role

    Removes the specified tags from the role.

  • aws-iam-untag-user

    Removes the specified tags from the user.

  • aws-iam-update-access-key

    Changes the status of the specified access key from Active to Inactive, or vice versa. This operation can be used to disable a user's key as part of a key rotation workflow.

  • aws-iam-update-account-password-policy

    Create/update password policy.

  • aws-iam-update-login-profile

    Changes the password for the specified IAM user.

  • aws-iam-update-user

    Updates the name and/or the path of the specified IAM user.

  • aws-iam-user-policy-put-quick-action

    Attaches an inline "Deny All" policy for the specified IAM user, effectively blocking the user from performing any actions on all AWS resources.