IAM¶
boto.iam¶
boto.iam.connection¶
-
class
boto.iam.connection.
IAMConnection
(aws_access_key_id=None, aws_secret_access_key=None, is_secure=True, port=None, proxy=None, proxy_port=None, proxy_user=None, proxy_pass=None, host='iam.amazonaws.com', debug=0, https_connection_factory=None, path='/')¶ -
APIVersion
= '2010-05-08'¶
-
add_user_to_group
(group_name, user_name)¶ Add a user to a group
Parameters:
-
create_access_key
(user_name=None)¶ Create a new AWS Secret Access Key and corresponding AWS Access Key ID for the specified user. The default status for new keys is Active
If the user_name is not specified, the user_name is determined implicitly based on the AWS Access Key ID used to sign the request.
Parameters: user_name (string) – The username of the user
-
create_account_alias
(alias)¶ Creates a new alias for the AWS account.
For more information on account id aliases, please see http://goo.gl/ToB7G
Parameters: alias (string) – The alias to attach to the account.
-
create_group
(group_name, path='/')¶ Create a group.
Parameters:
-
create_login_profile
(user_name, password)¶ Creates a login profile for the specified user, give the user the ability to access AWS services and the AWS Management Console.
Parameters:
-
create_user
(user_name, path='/')¶ Create a user.
Parameters:
-
deactivate_mfa_device
(user_name, serial_number)¶ Deactivates the specified MFA device and removes it from association with the user.
Parameters: - user_name (string) – The username of the user
- seriasl_number – The serial number which uniquely identifies the MFA device.
-
delete_access_key
(access_key_id, user_name=None)¶ Delete an access key associated with a user.
If the user_name is not specified, it is determined implicitly based on the AWS Access Key ID used to sign the request.
Parameters:
-
delete_account_alias
(alias)¶ Deletes an alias for the AWS account.
For more information on account id aliases, please see http://goo.gl/ToB7G
Parameters: alias (string) – The alias to remove from the account.
-
delete_group
(group_name)¶ Delete a group. The group must not contain any Users or have any attached policies
Parameters: group_name (string) – The name of the group to delete.
-
delete_group_policy
(group_name, policy_name)¶ Deletes the specified policy document for the specified group.
Parameters:
-
delete_login_profile
(user_name)¶ Deletes the login profile associated with the specified user.
Parameters: user_name (string) – The name of the user to delete.
-
delete_server_cert
(cert_name)¶ Delete the specified server certificate.
Parameters: cert_name (string) – The name of the server certificate you want to delete.
-
delete_signing_cert
(cert_id, user_name=None)¶ Delete a signing certificate associated with a user.
If the user_name is not specified, it is determined implicitly based on the AWS Access Key ID used to sign the request.
Parameters:
-
delete_user
(user_name)¶ Delete a user including the user’s path, GUID and ARN.
If the user_name is not specified, the user_name is determined implicitly based on the AWS Access Key ID used to sign the request.
Parameters: user_name (string) – The name of the user to delete.
-
delete_user_policy
(user_name, policy_name)¶ Deletes the specified policy document for the specified user.
Parameters:
-
enable_mfa_device
(user_name, serial_number, auth_code_1, auth_code_2)¶ Enables the specified MFA device and associates it with the specified user.
Parameters:
-
get_account_alias
()¶ Get the alias for the current account.
This is referred to in the docs as list_account_aliases, but it seems you can only have one account alias currently.
For more information on account id aliases, please see http://goo.gl/ToB7G
-
get_account_summary
()¶ Get the alias for the current account.
This is referred to in the docs as list_account_aliases, but it seems you can only have one account alias currently.
For more information on account id aliases, please see http://goo.gl/ToB7G
-
get_all_access_keys
(user_name, marker=None, max_items=None)¶ Get all access keys associated with an account.
Parameters: - user_name (string) – The username of the user
- marker (string) – Use this only when paginating results and only in follow-up request after you’ve received a response where the results are truncated. Set this to the value of the Marker element in the response you just received.
- max_items (int) – Use this only when paginating results to indicate the maximum number of groups you want in the response.
-
get_all_group_policies
(group_name, marker=None, max_items=None)¶ List the names of the policies associated with the specified group.
Parameters: - group_name (string) – The name of the group the policy is associated with.
- marker (string) – Use this only when paginating results and only in follow-up request after you’ve received a response where the results are truncated. Set this to the value of the Marker element in the response you just received.
- max_items (int) – Use this only when paginating results to indicate the maximum number of groups you want in the response.
-
get_all_groups
(path_prefix='/', marker=None, max_items=None)¶ List the groups that have the specified path prefix.
Parameters: - path_prefix (string) – If provided, only groups whose paths match the provided prefix will be returned.
- marker (string) – Use this only when paginating results and only in follow-up request after you’ve received a response where the results are truncated. Set this to the value of the Marker element in the response you just received.
- max_items (int) – Use this only when paginating results to indicate the maximum number of groups you want in the response.
-
get_all_mfa_devices
(user_name, marker=None, max_items=None)¶ Get all MFA devices associated with an account.
Parameters: - user_name (string) – The username of the user
- marker (string) – Use this only when paginating results and only in follow-up request after you’ve received a response where the results are truncated. Set this to the value of the Marker element in the response you just received.
- max_items (int) – Use this only when paginating results to indicate the maximum number of groups you want in the response.
-
get_all_server_certs
(path_prefix='/', marker=None, max_items=None)¶ Lists the server certificates that have the specified path prefix. If none exist, the action returns an empty list.
Parameters: - path_prefix (string) – If provided, only certificates whose paths match the provided prefix will be returned.
- marker (string) – Use this only when paginating results and only in follow-up request after you’ve received a response where the results are truncated. Set this to the value of the Marker element in the response you just received.
- max_items (int) – Use this only when paginating results to indicate the maximum number of groups you want in the response.
-
get_all_signing_certs
(marker=None, max_items=None, user_name=None)¶ Get all signing certificates associated with an account.
If the user_name is not specified, it is determined implicitly based on the AWS Access Key ID used to sign the request.
Parameters: - marker (string) – Use this only when paginating results and only in follow-up request after you’ve received a response where the results are truncated. Set this to the value of the Marker element in the response you just received.
- max_items (int) – Use this only when paginating results to indicate the maximum number of groups you want in the response.
- user_name (string) – The username of the user
-
get_all_user_policies
(user_name, marker=None, max_items=None)¶ List the names of the policies associated with the specified user.
Parameters: - user_name (string) – The name of the user the policy is associated with.
- marker (string) – Use this only when paginating results and only in follow-up request after you’ve received a response where the results are truncated. Set this to the value of the Marker element in the response you just received.
- max_items (int) – Use this only when paginating results to indicate the maximum number of groups you want in the response.
-
get_all_users
(path_prefix='/', marker=None, max_items=None)¶ List the users that have the specified path prefix.
Parameters: - path_prefix (string) – If provided, only users whose paths match the provided prefix will be returned.
- marker (string) – Use this only when paginating results and only in follow-up request after you’ve received a response where the results are truncated. Set this to the value of the Marker element in the response you just received.
- max_items (int) – Use this only when paginating results to indicate the maximum number of groups you want in the response.
-
get_group
(group_name, marker=None, max_items=None)¶ Return a list of users that are in the specified group.
Parameters: - group_name (string) – The name of the group whose information should be returned.
- marker (string) – Use this only when paginating results and only in follow-up request after you’ve received a response where the results are truncated. Set this to the value of the Marker element in the response you just received.
- max_items (int) – Use this only when paginating results to indicate the maximum number of groups you want in the response.
-
get_group_policy
(group_name, policy_name)¶ Retrieves the specified policy document for the specified group.
Parameters:
-
get_groups_for_user
(user_name, marker=None, max_items=None)¶ List the groups that a specified user belongs to.
Parameters: - user_name (string) – The name of the user to list groups for.
- marker (string) – Use this only when paginating results and only in follow-up request after you’ve received a response where the results are truncated. Set this to the value of the Marker element in the response you just received.
- max_items (int) – Use this only when paginating results to indicate the maximum number of groups you want in the response.
-
get_login_profiles
(user_name)¶ Retrieves the login profile for the specified user.
Parameters: user_name (string) – The username of the user
-
get_response
(action, params, path='/', parent=None, verb='GET', list_marker='Set')¶ Utility method to handle calls to IAM and parsing of responses.
-
get_server_certificate
(cert_name)¶ Retrieves information about the specified server certificate.
Parameters: cert_name (string) – The name of the server certificate you want to retrieve information about.
-
get_signin_url
(service='ec2')¶ Get the URL where IAM users can use their login profile to sign in to this account’s console.
Parameters: service (string) – Default service to go to in the console.
-
get_user
(user_name=None)¶ Retrieve information about the specified user.
If the user_name is not specified, the user_name is determined implicitly based on the AWS Access Key ID used to sign the request.
Parameters: user_name (string) – The name of the user to delete. If not specified, defaults to user making request.
-
get_user_policy
(user_name, policy_name)¶ Retrieves the specified policy document for the specified user.
Parameters:
-
put_group_policy
(group_name, policy_name, policy_json)¶ Adds or updates the specified policy document for the specified group.
Parameters:
-
put_user_policy
(user_name, policy_name, policy_json)¶ Adds or updates the specified policy document for the specified user.
Parameters:
-
remove_user_from_group
(group_name, user_name)¶ Remove a user from a group.
Parameters:
-
resync_mfa_device
(user_name, serial_number, auth_code_1, auth_code_2)¶ Syncronizes the specified MFA device with the AWS servers.
Parameters:
-
update_access_key
(access_key_id, status, user_name=None)¶ Changes the status of the specified access key from Active to Inactive or vice versa. This action can be used to disable a user’s key as part of a key rotation workflow.
If the user_name is not specified, the user_name is determined implicitly based on the AWS Access Key ID used to sign the request.
Parameters:
-
update_group
(group_name, new_group_name=None, new_path=None)¶ Updates name and/or path of the specified group.
Parameters:
-
update_login_profile
(user_name, password)¶ Resets the password associated with the user’s login profile.
Parameters:
-
update_server_cert
(cert_name, new_cert_name=None, new_path=None)¶ Updates the name and/or the path of the specified server certificate.
Parameters: - cert_name (string) – The name of the server certificate that you want to update.
- new_cert_name (string) – The new name for the server certificate. Include this only if you are updating the server certificate’s name.
- new_path (string) – If provided, the path of the certificate will be changed to this path.
-
update_signing_cert
(cert_id, status, user_name=None)¶ Change the status of the specified signing certificate from Active to Inactive or vice versa.
If the user_name is not specified, it is determined implicitly based on the AWS Access Key ID used to sign the request.
Parameters:
-
update_user
(user_name, new_user_name=None, new_path=None)¶ Updates name and/or path of the specified user.
Parameters:
-
upload_server_cert
(cert_name, cert_body, private_key, cert_chain=None, path=None)¶ Uploads a server certificate entity for the AWS Account. The server certificate entity includes a public key certificate, a private key, and an optional certificate chain, which should all be PEM-encoded.
Parameters: - cert_name (string) – The name for the server certificate. Do not include the path in this value.
- cert_body (string) – The contents of the public key certificate in PEM-encoded format.
- private_key (string) – The contents of the private key in PEM-encoded format.
- cert_chain (string) – The contents of the certificate chain. This is typically a concatenation of the PEM-encoded public key certificates of the chain.
- path (string) – The path for the server certificate.
-
upload_signing_cert
(cert_body, user_name=None)¶ Uploads an X.509 signing certificate and associates it with the specified user.
If the user_name is not specified, it is determined implicitly based on the AWS Access Key ID used to sign the request.
Parameters:
-