IAM¶
boto.iam¶
boto.iam.connection¶
-
class
boto.iam.connection.
IAMConnection
(aws_access_key_id=None, aws_secret_access_key=None, is_secure=True, port=None, proxy=None, proxy_port=None, proxy_user=None, proxy_pass=None, host='iam.amazonaws.com', debug=0, https_connection_factory=None, path='/', security_token=None)¶ -
APIVersion
= '2010-05-08'¶
-
add_role_to_instance_profile
(instance_profile_name, role_name)¶ Adds the specified role to the specified instance profile.
Parameters:
-
add_user_to_group
(group_name, user_name)¶ Add a user to a group
Parameters:
-
create_access_key
(user_name=None)¶ Create a new AWS Secret Access Key and corresponding AWS Access Key ID for the specified user. The default status for new keys is Active
If the user_name is not specified, the user_name is determined implicitly based on the AWS Access Key ID used to sign the request.
Parameters: user_name (string) – The username of the user
-
create_account_alias
(alias)¶ Creates a new alias for the AWS account.
For more information on account id aliases, please see http://goo.gl/ToB7G
Parameters: alias (string) – The alias to attach to the account.
-
create_group
(group_name, path='/')¶ Create a group.
Parameters:
-
create_instance_profile
(instance_profile_name, path=None)¶ Creates a new instance profile.
Parameters:
-
create_login_profile
(user_name, password)¶ Creates a login profile for the specified user, give the user the ability to access AWS services and the AWS Management Console.
Parameters:
-
create_role
(role_name, assume_role_policy_document=None, path=None)¶ Creates a new role for your AWS account.
The policy grants permission to an EC2 instance to assume the role. The policy is URL-encoded according to RFC 3986. Currently, only EC2 instances can assume roles.
Parameters:
-
create_user
(user_name, path='/')¶ Create a user.
Parameters:
-
deactivate_mfa_device
(user_name, serial_number)¶ Deactivates the specified MFA device and removes it from association with the user.
Parameters: - user_name (string) – The username of the user
- seriasl_number – The serial number which uniquely identifies the MFA device.
-
delete_access_key
(access_key_id, user_name=None)¶ Delete an access key associated with a user.
If the user_name is not specified, it is determined implicitly based on the AWS Access Key ID used to sign the request.
Parameters:
-
delete_account_alias
(alias)¶ Deletes an alias for the AWS account.
For more information on account id aliases, please see http://goo.gl/ToB7G
Parameters: alias (string) – The alias to remove from the account.
-
delete_group
(group_name)¶ Delete a group. The group must not contain any Users or have any attached policies
Parameters: group_name (string) – The name of the group to delete.
-
delete_group_policy
(group_name, policy_name)¶ Deletes the specified policy document for the specified group.
Parameters:
-
delete_instance_profile
(instance_profile_name)¶ Deletes the specified instance profile. The instance profile must not have an associated role.
Parameters: instance_profile_name (string) – Name of the instance profile to delete.
-
delete_login_profile
(user_name)¶ Deletes the login profile associated with the specified user.
Parameters: user_name (string) – The name of the user to delete.
-
delete_role
(role_name)¶ Deletes the specified role. The role must not have any policies attached.
Parameters: role_name (string) – Name of the role to delete.
-
delete_role_policy
(role_name, policy_name)¶ Deletes the specified policy associated with the specified role.
Parameters:
-
delete_server_cert
(cert_name)¶ Delete the specified server certificate.
Parameters: cert_name (string) – The name of the server certificate you want to delete.
-
delete_signing_cert
(cert_id, user_name=None)¶ Delete a signing certificate associated with a user.
If the user_name is not specified, it is determined implicitly based on the AWS Access Key ID used to sign the request.
Parameters:
-
delete_user
(user_name)¶ Delete a user including the user’s path, GUID and ARN.
If the user_name is not specified, the user_name is determined implicitly based on the AWS Access Key ID used to sign the request.
Parameters: user_name (string) – The name of the user to delete.
-
delete_user_policy
(user_name, policy_name)¶ Deletes the specified policy document for the specified user.
Parameters:
-
enable_mfa_device
(user_name, serial_number, auth_code_1, auth_code_2)¶ Enables the specified MFA device and associates it with the specified user.
Parameters:
-
get_account_alias
()¶ Get the alias for the current account.
This is referred to in the docs as list_account_aliases, but it seems you can only have one account alias currently.
For more information on account id aliases, please see http://goo.gl/ToB7G
-
get_account_summary
()¶ Get the alias for the current account.
This is referred to in the docs as list_account_aliases, but it seems you can only have one account alias currently.
For more information on account id aliases, please see http://goo.gl/ToB7G
-
get_all_access_keys
(user_name, marker=None, max_items=None)¶ Get all access keys associated with an account.
Parameters: - user_name (string) – The username of the user
- marker (string) – Use this only when paginating results and only in follow-up request after you’ve received a response where the results are truncated. Set this to the value of the Marker element in the response you just received.
- max_items (int) – Use this only when paginating results to indicate the maximum number of groups you want in the response.
-
get_all_group_policies
(group_name, marker=None, max_items=None)¶ List the names of the policies associated with the specified group.
Parameters: - group_name (string) – The name of the group the policy is associated with.
- marker (string) – Use this only when paginating results and only in follow-up request after you’ve received a response where the results are truncated. Set this to the value of the Marker element in the response you just received.
- max_items (int) – Use this only when paginating results to indicate the maximum number of groups you want in the response.
-
get_all_groups
(path_prefix='/', marker=None, max_items=None)¶ List the groups that have the specified path prefix.
Parameters: - path_prefix (string) – If provided, only groups whose paths match the provided prefix will be returned.
- marker (string) – Use this only when paginating results and only in follow-up request after you’ve received a response where the results are truncated. Set this to the value of the Marker element in the response you just received.
- max_items (int) – Use this only when paginating results to indicate the maximum number of groups you want in the response.
-
get_all_mfa_devices
(user_name, marker=None, max_items=None)¶ Get all MFA devices associated with an account.
Parameters: - user_name (string) – The username of the user
- marker (string) – Use this only when paginating results and only in follow-up request after you’ve received a response where the results are truncated. Set this to the value of the Marker element in the response you just received.
- max_items (int) – Use this only when paginating results to indicate the maximum number of groups you want in the response.
-
get_all_server_certs
(path_prefix='/', marker=None, max_items=None)¶ Lists the server certificates that have the specified path prefix. If none exist, the action returns an empty list.
Parameters: - path_prefix (string) – If provided, only certificates whose paths match the provided prefix will be returned.
- marker (string) – Use this only when paginating results and only in follow-up request after you’ve received a response where the results are truncated. Set this to the value of the Marker element in the response you just received.
- max_items (int) – Use this only when paginating results to indicate the maximum number of groups you want in the response.
-
get_all_signing_certs
(marker=None, max_items=None, user_name=None)¶ Get all signing certificates associated with an account.
If the user_name is not specified, it is determined implicitly based on the AWS Access Key ID used to sign the request.
Parameters: - marker (string) – Use this only when paginating results and only in follow-up request after you’ve received a response where the results are truncated. Set this to the value of the Marker element in the response you just received.
- max_items (int) – Use this only when paginating results to indicate the maximum number of groups you want in the response.
- user_name (string) – The username of the user
-
get_all_user_policies
(user_name, marker=None, max_items=None)¶ List the names of the policies associated with the specified user.
Parameters: - user_name (string) – The name of the user the policy is associated with.
- marker (string) – Use this only when paginating results and only in follow-up request after you’ve received a response where the results are truncated. Set this to the value of the Marker element in the response you just received.
- max_items (int) – Use this only when paginating results to indicate the maximum number of groups you want in the response.
-
get_all_users
(path_prefix='/', marker=None, max_items=None)¶ List the users that have the specified path prefix.
Parameters: - path_prefix (string) – If provided, only users whose paths match the provided prefix will be returned.
- marker (string) – Use this only when paginating results and only in follow-up request after you’ve received a response where the results are truncated. Set this to the value of the Marker element in the response you just received.
- max_items (int) – Use this only when paginating results to indicate the maximum number of groups you want in the response.
-
get_group
(group_name, marker=None, max_items=None)¶ Return a list of users that are in the specified group.
Parameters: - group_name (string) – The name of the group whose information should be returned.
- marker (string) – Use this only when paginating results and only in follow-up request after you’ve received a response where the results are truncated. Set this to the value of the Marker element in the response you just received.
- max_items (int) – Use this only when paginating results to indicate the maximum number of groups you want in the response.
-
get_group_policy
(group_name, policy_name)¶ Retrieves the specified policy document for the specified group.
Parameters:
-
get_groups_for_user
(user_name, marker=None, max_items=None)¶ List the groups that a specified user belongs to.
Parameters: - user_name (string) – The name of the user to list groups for.
- marker (string) – Use this only when paginating results and only in follow-up request after you’ve received a response where the results are truncated. Set this to the value of the Marker element in the response you just received.
- max_items (int) – Use this only when paginating results to indicate the maximum number of groups you want in the response.
-
get_instance_profile
(instance_profile_name)¶ Retrieves information about the specified instance profile, including the instance profile’s path, GUID, ARN, and role.
Parameters: instance_profile_name (string) – Name of the instance profile to get information about.
-
get_login_profiles
(user_name)¶ Retrieves the login profile for the specified user.
Parameters: user_name (string) – The username of the user
-
get_response
(action, params, path='/', parent=None, verb='GET', list_marker='Set')¶ Utility method to handle calls to IAM and parsing of responses.
-
get_role
(role_name)¶ Retrieves information about the specified role, including the role’s path, GUID, ARN, and the policy granting permission to EC2 to assume the role.
Parameters: role_name (string) – Name of the role associated with the policy.
-
get_role_policy
(role_name, policy_name)¶ Retrieves the specified policy document for the specified role.
Parameters:
-
get_server_certificate
(cert_name)¶ Retrieves information about the specified server certificate.
Parameters: cert_name (string) – The name of the server certificate you want to retrieve information about.
-
get_signin_url
(service='ec2')¶ Get the URL where IAM users can use their login profile to sign in to this account’s console.
Parameters: service (string) – Default service to go to in the console.
-
get_user
(user_name=None)¶ Retrieve information about the specified user.
If the user_name is not specified, the user_name is determined implicitly based on the AWS Access Key ID used to sign the request.
Parameters: user_name (string) – The name of the user to delete. If not specified, defaults to user making request.
-
get_user_policy
(user_name, policy_name)¶ Retrieves the specified policy document for the specified user.
Parameters:
-
list_instance_profiles
(path_prefix=None, marker=None, max_items=None)¶ Lists the instance profiles that have the specified path prefix. If there are none, the action returns an empty list.
Parameters: - path_prefix (string) – The path prefix for filtering the results. For example: /application_abc/component_xyz/, which would get all instance profiles whose path starts with /application_abc/component_xyz/.
- marker (string) – Use this parameter only when paginating results, and only in a subsequent request after you’ve received a response where the results are truncated. Set it to the value of the Marker element in the response you just received.
- max_items (int) – Use this parameter only when paginating results to indicate the maximum number of user names you want in the response.
-
list_instance_profiles_for_role
(role_name, marker=None, max_items=None)¶ Lists the instance profiles that have the specified associated role. If there are none, the action returns an empty list.
Parameters: - role_name (string) – The name of the role to list instance profiles for.
- marker (string) – Use this parameter only when paginating results, and only in a subsequent request after you’ve received a response where the results are truncated. Set it to the value of the Marker element in the response you just received.
- max_items (int) – Use this parameter only when paginating results to indicate the maximum number of user names you want in the response.
-
list_role_policies
(role_name, marker=None, max_items=None)¶ Lists the names of the policies associated with the specified role. If there are none, the action returns an empty list.
Parameters: - role_name (string) – The name of the role to list policies for.
- marker (string) – Use this parameter only when paginating results, and only in a subsequent request after you’ve received a response where the results are truncated. Set it to the value of the marker element in the response you just received.
- max_items (int) – Use this parameter only when paginating results to indicate the maximum number of user names you want in the response.
-
list_roles
(path_prefix=None, marker=None, max_items=None)¶ Lists the roles that have the specified path prefix. If there are none, the action returns an empty list.
Parameters: - path_prefix (string) – The path prefix for filtering the results.
- marker (string) – Use this parameter only when paginating results, and only in a subsequent request after you’ve received a response where the results are truncated. Set it to the value of the marker element in the response you just received.
- max_items (int) – Use this parameter only when paginating results to indicate the maximum number of user names you want in the response.
-
put_group_policy
(group_name, policy_name, policy_json)¶ Adds or updates the specified policy document for the specified group.
Parameters:
-
put_role_policy
(role_name, policy_name, policy_document)¶ Adds (or updates) a policy document associated with the specified role.
Parameters:
-
put_user_policy
(user_name, policy_name, policy_json)¶ Adds or updates the specified policy document for the specified user.
Parameters:
-
remove_role_from_instance_profile
(instance_profile_name, role_name)¶ Removes the specified role from the specified instance profile.
Parameters:
-
remove_user_from_group
(group_name, user_name)¶ Remove a user from a group.
Parameters:
-
resync_mfa_device
(user_name, serial_number, auth_code_1, auth_code_2)¶ Syncronizes the specified MFA device with the AWS servers.
Parameters:
-
update_access_key
(access_key_id, status, user_name=None)¶ Changes the status of the specified access key from Active to Inactive or vice versa. This action can be used to disable a user’s key as part of a key rotation workflow.
If the user_name is not specified, the user_name is determined implicitly based on the AWS Access Key ID used to sign the request.
Parameters:
-
update_assume_role_policy
(role_name, policy_document)¶ Updates the policy that grants an entity permission to assume a role. Currently, only an Amazon EC2 instance can assume a role.
Parameters:
-
update_group
(group_name, new_group_name=None, new_path=None)¶ Updates name and/or path of the specified group.
Parameters:
-
update_login_profile
(user_name, password)¶ Resets the password associated with the user’s login profile.
Parameters:
-
update_server_cert
(cert_name, new_cert_name=None, new_path=None)¶ Updates the name and/or the path of the specified server certificate.
Parameters: - cert_name (string) – The name of the server certificate that you want to update.
- new_cert_name (string) – The new name for the server certificate. Include this only if you are updating the server certificate’s name.
- new_path (string) – If provided, the path of the certificate will be changed to this path.
-
update_signing_cert
(cert_id, status, user_name=None)¶ Change the status of the specified signing certificate from Active to Inactive or vice versa.
If the user_name is not specified, it is determined implicitly based on the AWS Access Key ID used to sign the request.
Parameters:
-
update_user
(user_name, new_user_name=None, new_path=None)¶ Updates name and/or path of the specified user.
Parameters:
-
upload_server_cert
(cert_name, cert_body, private_key, cert_chain=None, path=None)¶ Uploads a server certificate entity for the AWS Account. The server certificate entity includes a public key certificate, a private key, and an optional certificate chain, which should all be PEM-encoded.
Parameters: - cert_name (string) – The name for the server certificate. Do not include the path in this value.
- cert_body (string) – The contents of the public key certificate in PEM-encoded format.
- private_key (string) – The contents of the private key in PEM-encoded format.
- cert_chain (string) – The contents of the certificate chain. This is typically a concatenation of the PEM-encoded public key certificates of the chain.
- path (string) – The path for the server certificate.
-
upload_signing_cert
(cert_body, user_name=None)¶ Uploads an X.509 signing certificate and associates it with the specified user.
If the user_name is not specified, it is determined implicitly based on the AWS Access Key ID used to sign the request.
Parameters:
-