IAM

boto.iam

boto.iam.connection

class boto.iam.connection.IAMConnection(aws_access_key_id=None, aws_secret_access_key=None, is_secure=True, port=None, proxy=None, proxy_port=None, proxy_user=None, proxy_pass=None, host='iam.amazonaws.com', debug=0, https_connection_factory=None, path='/')
APIVersion = '2010-05-08'
add_user_to_group(group_name, user_name)

Add a user to a group

Parameters:
  • group_name (string) – The name of the group
  • user_name (string) – The to be added to the group.
create_access_key(user_name=None)

Create a new AWS Secret Access Key and corresponding AWS Access Key ID for the specified user. The default status for new keys is Active

If the user_name is not specified, the user_name is determined implicitly based on the AWS Access Key ID used to sign the request.

Parameters:user_name (string) – The username of the user
create_account_alias(alias)

Creates a new alias for the AWS account.

For more information on account id aliases, please see http://goo.gl/ToB7G

Parameters:alias (string) – The alias to attach to the account.
create_group(group_name, path='/')

Create a group.

Parameters:
  • group_name (string) – The name of the new group
  • path (string) – The path to the group (Optional). Defaults to /.
create_login_profile(user_name, password)

Creates a login profile for the specified user, give the user the ability to access AWS services and the AWS Management Console.

Parameters:
  • user_name (string) – The name of the user
  • password (string) – The new password for the user
create_user(user_name, path='/')

Create a user.

Parameters:
  • user_name (string) – The name of the new user
  • path (string) – The path in which the user will be created. Defaults to /.
deactivate_mfa_device(user_name, serial_number)

Deactivates the specified MFA device and removes it from association with the user.

Parameters:
  • user_name (string) – The username of the user
  • seriasl_number – The serial number which uniquely identifies the MFA device.
delete_access_key(access_key_id, user_name=None)

Delete an access key associated with a user.

If the user_name is not specified, it is determined implicitly based on the AWS Access Key ID used to sign the request.

Parameters:
  • access_key_id (string) – The ID of the access key to be deleted.
  • user_name (string) – The username of the user
delete_account_alias(alias)

Deletes an alias for the AWS account.

For more information on account id aliases, please see http://goo.gl/ToB7G

Parameters:alias (string) – The alias to remove from the account.
delete_group(group_name)

Delete a group. The group must not contain any Users or have any attached policies

Parameters:group_name (string) – The name of the group to delete.
delete_group_policy(group_name, policy_name)

Deletes the specified policy document for the specified group.

Parameters:
  • group_name (string) – The name of the group the policy is associated with.
  • policy_name (string) – The policy document to delete.
delete_login_profile(user_name)

Deletes the login profile associated with the specified user.

Parameters:user_name (string) – The name of the user to delete.
delete_server_cert(cert_name)

Delete the specified server certificate.

Parameters:cert_name (string) – The name of the server certificate you want to delete.
delete_signing_cert(cert_id, user_name=None)

Delete a signing certificate associated with a user.

If the user_name is not specified, it is determined implicitly based on the AWS Access Key ID used to sign the request.

Parameters:
  • user_name (string) – The username of the user
  • cert_id (string) – The ID of the certificate.
delete_user(user_name)

Delete a user including the user’s path, GUID and ARN.

If the user_name is not specified, the user_name is determined implicitly based on the AWS Access Key ID used to sign the request.

Parameters:user_name (string) – The name of the user to delete.
delete_user_policy(user_name, policy_name)

Deletes the specified policy document for the specified user.

Parameters:
  • user_name (string) – The name of the user the policy is associated with.
  • policy_name (string) – The policy document to delete.
enable_mfa_device(user_name, serial_number, auth_code_1, auth_code_2)

Enables the specified MFA device and associates it with the specified user.

Parameters:
  • user_name (string) – The username of the user
  • seriasl_number – The serial number which uniquely identifies the MFA device.
  • auth_code_1 (string) – An authentication code emitted by the device.
  • auth_code_2 (string) – A subsequent authentication code emitted by the device.
get_account_alias()

Get the alias for the current account.

This is referred to in the docs as list_account_aliases, but it seems you can only have one account alias currently.

For more information on account id aliases, please see http://goo.gl/ToB7G

get_account_summary()

Get the alias for the current account.

This is referred to in the docs as list_account_aliases, but it seems you can only have one account alias currently.

For more information on account id aliases, please see http://goo.gl/ToB7G

get_all_access_keys(user_name, marker=None, max_items=None)

Get all access keys associated with an account.

Parameters:
  • user_name (string) – The username of the user
  • marker (string) – Use this only when paginating results and only in follow-up request after you’ve received a response where the results are truncated. Set this to the value of the Marker element in the response you just received.
  • max_items (int) – Use this only when paginating results to indicate the maximum number of groups you want in the response.
get_all_group_policies(group_name, marker=None, max_items=None)

List the names of the policies associated with the specified group.

Parameters:
  • group_name (string) – The name of the group the policy is associated with.
  • marker (string) – Use this only when paginating results and only in follow-up request after you’ve received a response where the results are truncated. Set this to the value of the Marker element in the response you just received.
  • max_items (int) – Use this only when paginating results to indicate the maximum number of groups you want in the response.
get_all_groups(path_prefix='/', marker=None, max_items=None)

List the groups that have the specified path prefix.

Parameters:
  • path_prefix (string) – If provided, only groups whose paths match the provided prefix will be returned.
  • marker (string) – Use this only when paginating results and only in follow-up request after you’ve received a response where the results are truncated. Set this to the value of the Marker element in the response you just received.
  • max_items (int) – Use this only when paginating results to indicate the maximum number of groups you want in the response.
get_all_mfa_devices(user_name, marker=None, max_items=None)

Get all MFA devices associated with an account.

Parameters:
  • user_name (string) – The username of the user
  • marker (string) – Use this only when paginating results and only in follow-up request after you’ve received a response where the results are truncated. Set this to the value of the Marker element in the response you just received.
  • max_items (int) – Use this only when paginating results to indicate the maximum number of groups you want in the response.
get_all_server_certs(path_prefix='/', marker=None, max_items=None)

Lists the server certificates that have the specified path prefix. If none exist, the action returns an empty list.

Parameters:
  • path_prefix (string) – If provided, only certificates whose paths match the provided prefix will be returned.
  • marker (string) – Use this only when paginating results and only in follow-up request after you’ve received a response where the results are truncated. Set this to the value of the Marker element in the response you just received.
  • max_items (int) – Use this only when paginating results to indicate the maximum number of groups you want in the response.
get_all_signing_certs(marker=None, max_items=None, user_name=None)

Get all signing certificates associated with an account.

If the user_name is not specified, it is determined implicitly based on the AWS Access Key ID used to sign the request.

Parameters:
  • marker (string) – Use this only when paginating results and only in follow-up request after you’ve received a response where the results are truncated. Set this to the value of the Marker element in the response you just received.
  • max_items (int) – Use this only when paginating results to indicate the maximum number of groups you want in the response.
  • user_name (string) – The username of the user
get_all_user_policies(user_name, marker=None, max_items=None)

List the names of the policies associated with the specified user.

Parameters:
  • user_name (string) – The name of the user the policy is associated with.
  • marker (string) – Use this only when paginating results and only in follow-up request after you’ve received a response where the results are truncated. Set this to the value of the Marker element in the response you just received.
  • max_items (int) – Use this only when paginating results to indicate the maximum number of groups you want in the response.
get_all_users(path_prefix='/', marker=None, max_items=None)

List the users that have the specified path prefix.

Parameters:
  • path_prefix (string) – If provided, only users whose paths match the provided prefix will be returned.
  • marker (string) – Use this only when paginating results and only in follow-up request after you’ve received a response where the results are truncated. Set this to the value of the Marker element in the response you just received.
  • max_items (int) – Use this only when paginating results to indicate the maximum number of groups you want in the response.
get_group(group_name, marker=None, max_items=None)

Return a list of users that are in the specified group.

Parameters:
  • group_name (string) – The name of the group whose information should be returned.
  • marker (string) – Use this only when paginating results and only in follow-up request after you’ve received a response where the results are truncated. Set this to the value of the Marker element in the response you just received.
  • max_items (int) – Use this only when paginating results to indicate the maximum number of groups you want in the response.
get_group_policy(group_name, policy_name)

Retrieves the specified policy document for the specified group.

Parameters:
  • group_name (string) – The name of the group the policy is associated with.
  • policy_name (string) – The policy document to get.
get_groups_for_user(user_name, marker=None, max_items=None)

List the groups that a specified user belongs to.

Parameters:
  • user_name (string) – The name of the user to list groups for.
  • marker (string) – Use this only when paginating results and only in follow-up request after you’ve received a response where the results are truncated. Set this to the value of the Marker element in the response you just received.
  • max_items (int) – Use this only when paginating results to indicate the maximum number of groups you want in the response.
get_login_profiles(user_name)

Retrieves the login profile for the specified user.

Parameters:user_name (string) – The username of the user
get_response(action, params, path='/', parent=None, verb='GET', list_marker='Set')

Utility method to handle calls to IAM and parsing of responses.

get_server_certificate(cert_name)

Retrieves information about the specified server certificate.

Parameters:cert_name (string) – The name of the server certificate you want to retrieve information about.
get_signin_url(service='ec2')

Get the URL where IAM users can use their login profile to sign in to this account’s console.

Parameters:service (string) – Default service to go to in the console.
get_user(user_name=None)

Retrieve information about the specified user.

If the user_name is not specified, the user_name is determined implicitly based on the AWS Access Key ID used to sign the request.

Parameters:user_name (string) – The name of the user to delete. If not specified, defaults to user making request.
get_user_policy(user_name, policy_name)

Retrieves the specified policy document for the specified user.

Parameters:
  • user_name (string) – The name of the user the policy is associated with.
  • policy_name (string) – The policy document to get.
put_group_policy(group_name, policy_name, policy_json)

Adds or updates the specified policy document for the specified group.

Parameters:
  • group_name (string) – The name of the group the policy is associated with.
  • policy_name (string) – The policy document to get.
  • policy_json (string) – The policy document.
put_user_policy(user_name, policy_name, policy_json)

Adds or updates the specified policy document for the specified user.

Parameters:
  • user_name (string) – The name of the user the policy is associated with.
  • policy_name (string) – The policy document to get.
  • policy_json (string) – The policy document.
remove_user_from_group(group_name, user_name)

Remove a user from a group.

Parameters:
  • group_name (string) – The name of the group
  • user_name (string) – The user to remove from the group.
resync_mfa_device(user_name, serial_number, auth_code_1, auth_code_2)

Syncronizes the specified MFA device with the AWS servers.

Parameters:
  • user_name (string) – The username of the user
  • seriasl_number – The serial number which uniquely identifies the MFA device.
  • auth_code_1 (string) – An authentication code emitted by the device.
  • auth_code_2 (string) – A subsequent authentication code emitted by the device.
update_access_key(access_key_id, status, user_name=None)

Changes the status of the specified access key from Active to Inactive or vice versa. This action can be used to disable a user’s key as part of a key rotation workflow.

If the user_name is not specified, the user_name is determined implicitly based on the AWS Access Key ID used to sign the request.

Parameters:
  • access_key_id (string) – The ID of the access key.
  • status (string) – Either Active or Inactive.
  • user_name (string) – The username of user (optional).
update_group(group_name, new_group_name=None, new_path=None)

Updates name and/or path of the specified group.

Parameters:
  • group_name (string) – The name of the new group
  • new_group_name (string) – If provided, the name of the group will be changed to this name.
  • new_path (string) – If provided, the path of the group will be changed to this path.
update_login_profile(user_name, password)

Resets the password associated with the user’s login profile.

Parameters:
  • user_name (string) – The name of the user
  • password (string) – The new password for the user
update_server_cert(cert_name, new_cert_name=None, new_path=None)

Updates the name and/or the path of the specified server certificate.

Parameters:
  • cert_name (string) – The name of the server certificate that you want to update.
  • new_cert_name (string) – The new name for the server certificate. Include this only if you are updating the server certificate’s name.
  • new_path (string) – If provided, the path of the certificate will be changed to this path.
update_signing_cert(cert_id, status, user_name=None)

Change the status of the specified signing certificate from Active to Inactive or vice versa.

If the user_name is not specified, it is determined implicitly based on the AWS Access Key ID used to sign the request.

Parameters:
  • cert_id (string) – The ID of the signing certificate
  • status (string) – Either Active or Inactive.
  • user_name (string) – The username of the user
update_user(user_name, new_user_name=None, new_path=None)

Updates name and/or path of the specified user.

Parameters:
  • user_name (string) – The name of the user
  • new_user_name (string) – If provided, the username of the user will be changed to this username.
  • new_path (string) – If provided, the path of the user will be changed to this path.
upload_server_cert(cert_name, cert_body, private_key, cert_chain=None, path=None)

Uploads a server certificate entity for the AWS Account. The server certificate entity includes a public key certificate, a private key, and an optional certificate chain, which should all be PEM-encoded.

Parameters:
  • cert_name (string) – The name for the server certificate. Do not include the path in this value.
  • cert_body (string) – The contents of the public key certificate in PEM-encoded format.
  • private_key (string) – The contents of the private key in PEM-encoded format.
  • cert_chain (string) – The contents of the certificate chain. This is typically a concatenation of the PEM-encoded public key certificates of the chain.
  • path (string) – The path for the server certificate.
upload_signing_cert(cert_body, user_name=None)

Uploads an X.509 signing certificate and associates it with the specified user.

If the user_name is not specified, it is determined implicitly based on the AWS Access Key ID used to sign the request.

Parameters:
  • cert_body (string) – The body of the signing certificate.
  • user_name (string) – The username of the user

boto.iam.summarymap

class boto.iam.summarymap.SummaryMap(parent=None)
endElement(name, value, connection)
startElement(name, attrs, connection)