Note

You are viewing the documentation for an older version of boto (boto2).

Boto3, the next version of Boto, is now stable and recommended for general use. It can be used side-by-side with Boto in the same project, so it is easy to start using Boto3 in your existing projects as well as new projects. Going forward, API updates and all new feature work will be focused on Boto3.

For more information, see the documentation for boto3.

IAM

boto.iam

class boto.iam.IAMRegionInfo(connection=None, name=None, endpoint=None, connection_cls=None)
connect(**kw_params)

Connect to this Region’s endpoint. Returns an connection object pointing to the endpoint associated with this region. You may pass any of the arguments accepted by the connection class’s constructor as keyword arguments and they will be passed along to the connection object.

Return type:Connection object
Returns:The connection to this regions endpoint
boto.iam.connect_to_region(region_name, **kw_params)

Given a valid region name, return a boto.iam.connection.IAMConnection.

Type:str
Parameters:region_name – The name of the region to connect to.
Return type:boto.iam.connection.IAMConnection or None
Returns:A connection to the given region, or None if an invalid region name is given
boto.iam.regions()

Get all available regions for the IAM service.

Return type:list
Returns:A list of boto.regioninfo.RegionInfo instances

boto.iam.connection

class boto.iam.connection.IAMConnection(aws_access_key_id=None, aws_secret_access_key=None, is_secure=True, port=None, proxy=None, proxy_port=None, proxy_user=None, proxy_pass=None, host='iam.amazonaws.com', debug=0, https_connection_factory=None, path='/', security_token=None, validate_certs=True, profile_name=None)
APIVersion = '2010-05-08'
add_role_to_instance_profile(instance_profile_name, role_name)

Adds the specified role to the specified instance profile.

Parameters:
  • instance_profile_name (string) – Name of the instance profile to update.
  • role_name (string) – Name of the role to add.
add_user_to_group(group_name, user_name)

Add a user to a group

Parameters:
  • group_name (string) – The name of the group
  • user_name (string) – The to be added to the group.
attach_group_policy(policy_arn, group_name)
Parameters:
  • policy_arn (string) – The ARN of the policy to attach
  • group_name (string) – Group to attach the policy to
attach_role_policy(policy_arn, role_name)
Parameters:
  • policy_arn (string) – The ARN of the policy to attach
  • role_name (string) – Role to attach the policy to
attach_user_policy(policy_arn, user_name)
Parameters:
  • policy_arn (string) – The ARN of the policy to attach
  • user_name (string) – User to attach the policy to
create_access_key(user_name=None)

Create a new AWS Secret Access Key and corresponding AWS Access Key ID for the specified user. The default status for new keys is Active

If the user_name is not specified, the user_name is determined implicitly based on the AWS Access Key ID used to sign the request.

Parameters:user_name (string) – The username of the user
create_account_alias(alias)

Creates a new alias for the AWS account.

For more information on account id aliases, please see http://goo.gl/ToB7G

Parameters:alias (string) – The alias to attach to the account.
create_group(group_name, path='/')

Create a group.

Parameters:
  • group_name (string) – The name of the new group
  • path (string) – The path to the group (Optional). Defaults to /.
create_instance_profile(instance_profile_name, path=None)

Creates a new instance profile.

Parameters:
  • instance_profile_name (string) – Name of the instance profile to create.
  • path (string) – The path to the instance profile.
create_login_profile(user_name, password)

Creates a login profile for the specified user, give the user the ability to access AWS services and the AWS Management Console.

Parameters:
  • user_name (string) – The name of the user
  • password (string) – The new password for the user
create_policy(policy_name, policy_document, path='/', description=None)

Create a policy.

Parameters:policy_name (string) – The name of the new policy

:type policy_document string :param policy_document: The document of the new policy

Parameters:
  • path (string) – The path in which the policy will be created. Defaults to /.
  • path – A description of the new policy.
create_policy_version(policy_arn, policy_document, set_as_default=None)

Create a policy version.

Parameters:policy_arn (string) – The ARN of the policy

:type policy_document string :param policy_document: The document of the new policy version

Parameters:set_as_default (bool) – Sets the policy version as default Defaults to None.
create_role(role_name, assume_role_policy_document=None, path=None)

Creates a new role for your AWS account.

The policy grants permission to an EC2 instance to assume the role. The policy is URL-encoded according to RFC 3986. Currently, only EC2 instances can assume roles.

Parameters:
  • role_name (string) – Name of the role to create.
  • assume_role_policy_document (string or dict) – The policy that grants an entity permission to assume the role.
  • path (string) – The path to the role.
create_saml_provider(saml_metadata_document, name)

Creates an IAM entity to describe an identity provider (IdP) that supports SAML 2.0.

The SAML provider that you create with this operation can be used as a principal in a role’s trust policy to establish a trust relationship between AWS and a SAML identity provider. You can create an IAM role that supports Web-based single sign-on (SSO) to the AWS Management Console or one that supports API access to AWS.

When you create the SAML provider, you upload an a SAML metadata document that you get from your IdP and that includes the issuer’s name, expiration information, and keys that can be used to validate the SAML authentication response (assertions) that are received from the IdP. You must generate the metadata document using the identity management software that is used as your organization’s IdP. This operation requires `Signature Version 4`_. For more information, see `Giving Console Access Using SAML`_ and `Creating Temporary Security Credentials for SAML Federation`_ in the Using Temporary Credentials guide.

Parameters:saml_metadata_document (string) – An XML document generated by an identity provider (IdP) that supports SAML 2.0. The document includes the issuer’s name, expiration information, and keys that can be used to validate the SAML authentication response (assertions) that are received from the IdP. You must generate the metadata document using the identity management software that is used as your organization’s IdP.
For more information, see `Creating Temporary Security Credentials for
SAML Federation`_ in the Using Temporary Security Credentials guide.
Parameters:name (string) – The name of the provider to create.
create_user(user_name, path='/')

Create a user.

Parameters:
  • user_name (string) – The name of the new user
  • path (string) – The path in which the user will be created. Defaults to /.
create_virtual_mfa_device(path, device_name)

Creates a new virtual MFA device for the AWS account.

After creating the virtual MFA, use enable-mfa-device to attach the MFA device to an IAM user.

Parameters:
  • path (string) – The path for the virtual MFA device.
  • device_name (string) – The name of the virtual MFA device. Used with path to uniquely identify a virtual MFA device.
deactivate_mfa_device(user_name, serial_number)

Deactivates the specified MFA device and removes it from association with the user.

Parameters:
  • user_name (string) – The username of the user
  • serial_number (string) – The serial number which uniquely identifies the MFA device.
delete_access_key(access_key_id, user_name=None)

Delete an access key associated with a user.

If the user_name is not specified, it is determined implicitly based on the AWS Access Key ID used to sign the request.

Parameters:
  • access_key_id (string) – The ID of the access key to be deleted.
  • user_name (string) – The username of the user
delete_account_alias(alias)

Deletes an alias for the AWS account.

For more information on account id aliases, please see http://goo.gl/ToB7G

Parameters:alias (string) – The alias to remove from the account.
delete_account_password_policy()

Delete the password policy currently set for the AWS account.

delete_group(group_name)

Delete a group. The group must not contain any Users or have any attached policies

Parameters:group_name (string) – The name of the group to delete.
delete_group_policy(group_name, policy_name)

Deletes the specified policy document for the specified group.

Parameters:
  • group_name (string) – The name of the group the policy is associated with.
  • policy_name (string) – The policy document to delete.
delete_instance_profile(instance_profile_name)

Deletes the specified instance profile. The instance profile must not have an associated role.

Parameters:instance_profile_name (string) – Name of the instance profile to delete.
delete_login_profile(user_name)

Deletes the login profile associated with the specified user.

Parameters:user_name (string) – The name of the user to delete.
delete_policy(policy_arn)

Delete a policy.

Parameters:policy_arn (string) – The ARN of the policy to delete
delete_policy_version(policy_arn, version_id)

Delete a policy version.

Parameters:
  • policy_arn (string) – The ARN of the policy to delete a version from
  • version_id (string) – The id of the version to delete
delete_role(role_name)

Deletes the specified role. The role must not have any policies attached.

Parameters:role_name (string) – Name of the role to delete.
delete_role_policy(role_name, policy_name)

Deletes the specified policy associated with the specified role.

Parameters:
  • role_name (string) – Name of the role associated with the policy.
  • policy_name (string) – Name of the policy to delete.
delete_saml_provider(saml_provider_arn)

Deletes a SAML provider.

Deleting the provider does not update any roles that reference the SAML provider as a principal in their trust policies. Any attempt to assume a role that references a SAML provider that has been deleted will fail. This operation requires `Signature Version 4`_.

Parameters:saml_provider_arn (string) – The Amazon Resource Name (ARN) of the SAML provider to delete.
delete_server_cert(cert_name)

Delete the specified server certificate.

Parameters:cert_name (string) – The name of the server certificate you want to delete.
delete_signing_cert(cert_id, user_name=None)

Delete a signing certificate associated with a user.

If the user_name is not specified, it is determined implicitly based on the AWS Access Key ID used to sign the request.

Parameters:
  • user_name (string) – The username of the user
  • cert_id (string) – The ID of the certificate.
delete_user(user_name)

Delete a user including the user’s path, GUID and ARN.

If the user_name is not specified, the user_name is determined implicitly based on the AWS Access Key ID used to sign the request.

Parameters:user_name (string) – The name of the user to delete.
delete_user_policy(user_name, policy_name)

Deletes the specified policy document for the specified user.

Parameters:
  • user_name (string) – The name of the user the policy is associated with.
  • policy_name (string) – The policy document to delete.
detach_group_policy(policy_arn, group_name)
Parameters:
  • policy_arn (string) – The ARN of the policy to detach
  • group_name (string) – Group to detach the policy from
detach_role_policy(policy_arn, role_name)
Parameters:
  • policy_arn (string) – The ARN of the policy to detach
  • role_name (string) – Role to detach the policy from
detach_user_policy(policy_arn, user_name)
Parameters:
  • policy_arn (string) – The ARN of the policy to detach
  • user_name (string) – User to detach the policy from
enable_mfa_device(user_name, serial_number, auth_code_1, auth_code_2)

Enables the specified MFA device and associates it with the specified user.

Parameters:
  • user_name (string) – The username of the user
  • serial_number (string) – The serial number which uniquely identifies the MFA device.
  • auth_code_1 (string) – An authentication code emitted by the device.
  • auth_code_2 (string) – A subsequent authentication code emitted by the device.
generate_credential_report()

Generates a credential report for an account

A new credential report can only be generated every 4 hours. If one hasn’t been generated in the last 4 hours then get_credential_report will error when called

get_account_alias()

Get the alias for the current account.

This is referred to in the docs as list_account_aliases, but it seems you can only have one account alias currently.

For more information on account id aliases, please see http://goo.gl/ToB7G

get_account_password_policy()

Returns the password policy for the AWS account.

get_account_summary()

Get the alias for the current account.

This is referred to in the docs as list_account_aliases, but it seems you can only have one account alias currently.

For more information on account id aliases, please see http://goo.gl/ToB7G

get_all_access_keys(user_name, marker=None, max_items=None)

Get all access keys associated with an account.

Parameters:
  • user_name (string) – The username of the user
  • marker (string) – Use this only when paginating results and only in follow-up request after you’ve received a response where the results are truncated. Set this to the value of the Marker element in the response you just received.
  • max_items (int) – Use this only when paginating results to indicate the maximum number of groups you want in the response.
get_all_group_policies(group_name, marker=None, max_items=None)

List the names of the policies associated with the specified group.

Parameters:
  • group_name (string) – The name of the group the policy is associated with.
  • marker (string) – Use this only when paginating results and only in follow-up request after you’ve received a response where the results are truncated. Set this to the value of the Marker element in the response you just received.
  • max_items (int) – Use this only when paginating results to indicate the maximum number of groups you want in the response.
get_all_groups(path_prefix='/', marker=None, max_items=None)

List the groups that have the specified path prefix.

Parameters:
  • path_prefix (string) – If provided, only groups whose paths match the provided prefix will be returned.
  • marker (string) – Use this only when paginating results and only in follow-up request after you’ve received a response where the results are truncated. Set this to the value of the Marker element in the response you just received.
  • max_items (int) – Use this only when paginating results to indicate the maximum number of groups you want in the response.
get_all_mfa_devices(user_name, marker=None, max_items=None)

Get all MFA devices associated with an account.

Parameters:
  • user_name (string) – The username of the user
  • marker (string) – Use this only when paginating results and only in follow-up request after you’ve received a response where the results are truncated. Set this to the value of the Marker element in the response you just received.
  • max_items (int) – Use this only when paginating results to indicate the maximum number of groups you want in the response.
get_all_server_certs(path_prefix='/', marker=None, max_items=None)

Lists the server certificates that have the specified path prefix. If none exist, the action returns an empty list.

Parameters:
  • path_prefix (string) – If provided, only certificates whose paths match the provided prefix will be returned.
  • marker (string) – Use this only when paginating results and only in follow-up request after you’ve received a response where the results are truncated. Set this to the value of the Marker element in the response you just received.
  • max_items (int) – Use this only when paginating results to indicate the maximum number of groups you want in the response.
get_all_signing_certs(marker=None, max_items=None, user_name=None)

Get all signing certificates associated with an account.

If the user_name is not specified, it is determined implicitly based on the AWS Access Key ID used to sign the request.

Parameters:
  • marker (string) – Use this only when paginating results and only in follow-up request after you’ve received a response where the results are truncated. Set this to the value of the Marker element in the response you just received.
  • max_items (int) – Use this only when paginating results to indicate the maximum number of groups you want in the response.
  • user_name (string) – The username of the user
get_all_user_policies(user_name, marker=None, max_items=None)

List the names of the policies associated with the specified user.

Parameters:
  • user_name (string) – The name of the user the policy is associated with.
  • marker (string) – Use this only when paginating results and only in follow-up request after you’ve received a response where the results are truncated. Set this to the value of the Marker element in the response you just received.
  • max_items (int) – Use this only when paginating results to indicate the maximum number of groups you want in the response.
get_all_users(path_prefix='/', marker=None, max_items=None)

List the users that have the specified path prefix.

Parameters:
  • path_prefix (string) – If provided, only users whose paths match the provided prefix will be returned.
  • marker (string) – Use this only when paginating results and only in follow-up request after you’ve received a response where the results are truncated. Set this to the value of the Marker element in the response you just received.
  • max_items (int) – Use this only when paginating results to indicate the maximum number of groups you want in the response.
get_credential_report()

Retrieves a credential report for an account

A report must have been generated in the last 4 hours to succeed. The report is returned as a base64 encoded blob within the response.

get_group(group_name, marker=None, max_items=None)

Return a list of users that are in the specified group.

Parameters:
  • group_name (string) – The name of the group whose information should be returned.
  • marker (string) – Use this only when paginating results and only in follow-up request after you’ve received a response where the results are truncated. Set this to the value of the Marker element in the response you just received.
  • max_items (int) – Use this only when paginating results to indicate the maximum number of groups you want in the response.
get_group_policy(group_name, policy_name)

Retrieves the specified policy document for the specified group.

Parameters:
  • group_name (string) – The name of the group the policy is associated with.
  • policy_name (string) – The policy document to get.
get_groups_for_user(user_name, marker=None, max_items=None)

List the groups that a specified user belongs to.

Parameters:
  • user_name (string) – The name of the user to list groups for.
  • marker (string) – Use this only when paginating results and only in follow-up request after you’ve received a response where the results are truncated. Set this to the value of the Marker element in the response you just received.
  • max_items (int) – Use this only when paginating results to indicate the maximum number of groups you want in the response.
get_instance_profile(instance_profile_name)

Retrieves information about the specified instance profile, including the instance profile’s path, GUID, ARN, and role.

Parameters:instance_profile_name (string) – Name of the instance profile to get information about.
get_login_profiles(user_name)

Retrieves the login profile for the specified user.

Parameters:user_name (string) – The username of the user
get_policy(policy_arn)

Get policy information.

Parameters:policy_arn (string) – The ARN of the policy to get information for
get_policy_version(policy_arn, version_id)

Get policy information.

Parameters:
  • policy_arn (string) – The ARN of the policy to get information for a specific version
  • version_id (string) – The id of the version to get information for
get_response(action, params, path='/', parent=None, verb='POST', list_marker='Set')

Utility method to handle calls to IAM and parsing of responses.

get_role(role_name)

Retrieves information about the specified role, including the role’s path, GUID, ARN, and the policy granting permission to EC2 to assume the role.

Parameters:role_name (string) – Name of the role associated with the policy.
get_role_policy(role_name, policy_name)

Retrieves the specified policy document for the specified role.

Parameters:
  • role_name (string) – Name of the role associated with the policy.
  • policy_name (string) – Name of the policy to get.
get_saml_provider(saml_provider_arn)

Returns the SAML provider metadocument that was uploaded when the provider was created or updated. This operation requires `Signature Version 4`_.

Parameters:saml_provider_arn (string) – The Amazon Resource Name (ARN) of the SAML provider to get information about.
get_server_certificate(cert_name)

Retrieves information about the specified server certificate.

Parameters:cert_name (string) – The name of the server certificate you want to retrieve information about.
get_signin_url(service='ec2')

Get the URL where IAM users can use their login profile to sign in to this account’s console.

Parameters:service (string) – Default service to go to in the console.
get_user(user_name=None)

Retrieve information about the specified user.

If the user_name is not specified, the user_name is determined implicitly based on the AWS Access Key ID used to sign the request.

Parameters:user_name (string) – The name of the user to retrieve. If not specified, defaults to user making request.
get_user_policy(user_name, policy_name)

Retrieves the specified policy document for the specified user.

Parameters:
  • user_name (string) – The name of the user the policy is associated with.
  • policy_name (string) – The policy document to get.
list_entities_for_policy(policy_arn, path_prefix=None, marker=None, max_items=None, entity_filter=None)
Parameters:
  • policy_arn (string) – The ARN of the policy to get entities for
  • marker (string) – A marker used for pagination (received from previous accesses)
  • max_items (int) – Send only max_items; allows paginations
  • path_prefix (string) – Send only items prefixed by this path
  • entity_filter (string) – Which entity type of User | Role | Group | LocalManagedPolicy | AWSManagedPolicy to return
list_instance_profiles(path_prefix=None, marker=None, max_items=None)

Lists the instance profiles that have the specified path prefix. If there are none, the action returns an empty list.

Parameters:
  • path_prefix (string) – The path prefix for filtering the results. For example: /application_abc/component_xyz/, which would get all instance profiles whose path starts with /application_abc/component_xyz/.
  • marker (string) – Use this parameter only when paginating results, and only in a subsequent request after you’ve received a response where the results are truncated. Set it to the value of the Marker element in the response you just received.
  • max_items (int) – Use this parameter only when paginating results to indicate the maximum number of user names you want in the response.
list_instance_profiles_for_role(role_name, marker=None, max_items=None)

Lists the instance profiles that have the specified associated role. If there are none, the action returns an empty list.

Parameters:
  • role_name (string) – The name of the role to list instance profiles for.
  • marker (string) – Use this parameter only when paginating results, and only in a subsequent request after you’ve received a response where the results are truncated. Set it to the value of the Marker element in the response you just received.
  • max_items (int) – Use this parameter only when paginating results to indicate the maximum number of user names you want in the response.
list_policies(marker=None, max_items=None, only_attached=None, path_prefix=None, scope=None)

List policies of account.

Parameters:
  • marker (string) – A marker used for pagination (received from previous accesses)
  • max_items (int) – Send only max_items; allows paginations
  • only_attached (bool) – Send only policies attached to other resources
  • path_prefix (string) – Send only items prefixed by this path
  • scope (string) – AWS|Local. Choose between AWS policies or your own
list_policy_versions(policy_arn, marker=None, max_items=None)

List policy versions.

Parameters:
  • policy_arn (string) – The ARN of the policy to get versions of
  • marker (string) – A marker used for pagination (received from previous accesses)
  • max_items (int) – Send only max_items; allows paginations
list_role_policies(role_name, marker=None, max_items=None)

Lists the names of the policies associated with the specified role. If there are none, the action returns an empty list.

Parameters:
  • role_name (string) – The name of the role to list policies for.
  • marker (string) – Use this parameter only when paginating results, and only in a subsequent request after you’ve received a response where the results are truncated. Set it to the value of the marker element in the response you just received.
  • max_items (int) – Use this parameter only when paginating results to indicate the maximum number of user names you want in the response.
list_roles(path_prefix=None, marker=None, max_items=None)

Lists the roles that have the specified path prefix. If there are none, the action returns an empty list.

Parameters:
  • path_prefix (string) – The path prefix for filtering the results.
  • marker (string) – Use this parameter only when paginating results, and only in a subsequent request after you’ve received a response where the results are truncated. Set it to the value of the marker element in the response you just received.
  • max_items (int) – Use this parameter only when paginating results to indicate the maximum number of user names you want in the response.
list_saml_providers()

Lists the SAML providers in the account. This operation requires `Signature Version 4`_.

list_server_certs(path_prefix='/', marker=None, max_items=None)

Lists the server certificates that have the specified path prefix. If none exist, the action returns an empty list.

Parameters:
  • path_prefix (string) – If provided, only certificates whose paths match the provided prefix will be returned.
  • marker (string) – Use this only when paginating results and only in follow-up request after you’ve received a response where the results are truncated. Set this to the value of the Marker element in the response you just received.
  • max_items (int) – Use this only when paginating results to indicate the maximum number of groups you want in the response.
put_group_policy(group_name, policy_name, policy_json)

Adds or updates the specified policy document for the specified group.

Parameters:
  • group_name (string) – The name of the group the policy is associated with.
  • policy_name (string) – The policy document to get.
  • policy_json (string) – The policy document.
put_role_policy(role_name, policy_name, policy_document)

Adds (or updates) a policy document associated with the specified role.

Parameters:
  • role_name (string) – Name of the role to associate the policy with.
  • policy_name (string) – Name of the policy document.
  • policy_document (string) – The policy document.
put_user_policy(user_name, policy_name, policy_json)

Adds or updates the specified policy document for the specified user.

Parameters:
  • user_name (string) – The name of the user the policy is associated with.
  • policy_name (string) – The policy document to get.
  • policy_json (string) – The policy document.
remove_role_from_instance_profile(instance_profile_name, role_name)

Removes the specified role from the specified instance profile.

Parameters:
  • instance_profile_name (string) – Name of the instance profile to update.
  • role_name (string) – Name of the role to remove.
remove_user_from_group(group_name, user_name)

Remove a user from a group.

Parameters:
  • group_name (string) – The name of the group
  • user_name (string) – The user to remove from the group.
resync_mfa_device(user_name, serial_number, auth_code_1, auth_code_2)

Syncronizes the specified MFA device with the AWS servers.

Parameters:
  • user_name (string) – The username of the user
  • serial_number (string) – The serial number which uniquely identifies the MFA device.
  • auth_code_1 (string) – An authentication code emitted by the device.
  • auth_code_2 (string) – A subsequent authentication code emitted by the device.
set_default_policy_version(policy_arn, version_id)

Set default policy version.

Parameters:
  • policy_arn (string) – The ARN of the policy to set the default version for
  • version_id (string) – The id of the version to set as default
update_access_key(access_key_id, status, user_name=None)

Changes the status of the specified access key from Active to Inactive or vice versa. This action can be used to disable a user’s key as part of a key rotation workflow.

If the user_name is not specified, the user_name is determined implicitly based on the AWS Access Key ID used to sign the request.

Parameters:
  • access_key_id (string) – The ID of the access key.
  • status (string) – Either Active or Inactive.
  • user_name (string) – The username of user (optional).
update_account_password_policy(allow_users_to_change_password=None, hard_expiry=None, max_password_age=None, minimum_password_length=None, password_reuse_prevention=None, require_lowercase_characters=None, require_numbers=None, require_symbols=None, require_uppercase_characters=None)

Update the password policy for the AWS account.

Notes: unset parameters will be reset to Amazon default settings!
Most of the password policy settings are enforced the next time your users change their passwords. When you set minimum length and character type requirements, they are enforced the next time your users change their passwords - users are not forced to change their existing passwords, even if the pre-existing passwords do not adhere to the updated password policy. When you set a password expiration period, the expiration period is enforced immediately.
Parameters:
  • allow_users_to_change_password (bool) – Allows all IAM users in your account to use the AWS Management Console to change their own passwords.
  • hard_expiry (bool) – Prevents IAM users from setting a new password after their password has expired.
  • max_password_age (int) – The number of days that an IAM user password is valid.
  • minimum_password_length (int) – The minimum number of characters allowed in an IAM user password.
  • password_reuse_prevention (int) – Specifies the number of previous passwords that IAM users are prevented from reusing.
  • require_lowercase_characters (bool) – Specifies whether IAM user passwords must contain at least one lowercase character from the ISO basic Latin alphabet (a to z).
  • require_numbers (bool) – Specifies whether IAM user passwords must contain at least one numeric character (0 to 9).
  • require_symbols (bool) – Specifies whether IAM user passwords must contain at least one of the following non-alphanumeric characters: ! @ # $ % ^ & * ( ) _ + - = [ ] { } | '
  • require_uppercase_characters (bool) – Specifies whether IAM user passwords must contain at least one uppercase character from the ISO basic Latin alphabet (A to Z).
update_assume_role_policy(role_name, policy_document)

Updates the policy that grants an entity permission to assume a role. Currently, only an Amazon EC2 instance can assume a role.

Parameters:
  • role_name (string) – Name of the role to update.
  • policy_document (string) – The policy that grants an entity permission to assume the role.
update_group(group_name, new_group_name=None, new_path=None)

Updates name and/or path of the specified group.

Parameters:
  • group_name (string) – The name of the new group
  • new_group_name (string) – If provided, the name of the group will be changed to this name.
  • new_path (string) – If provided, the path of the group will be changed to this path.
update_login_profile(user_name, password)

Resets the password associated with the user’s login profile.

Parameters:
  • user_name (string) – The name of the user
  • password (string) – The new password for the user
update_saml_provider(saml_provider_arn, saml_metadata_document)

Updates the metadata document for an existing SAML provider. This operation requires `Signature Version 4`_.

Parameters:
  • saml_provider_arn (string) – The Amazon Resource Name (ARN) of the SAML provider to update.
  • saml_metadata_document (string) – An XML document generated by an identity provider (IdP) that supports SAML 2.0. The document includes the issuer’s name, expiration information, and keys that can be used to validate the SAML authentication response (assertions) that are received from the IdP. You must generate the metadata document using the identity management software that is used as your organization’s IdP.
update_server_cert(cert_name, new_cert_name=None, new_path=None)

Updates the name and/or the path of the specified server certificate.

Parameters:
  • cert_name (string) – The name of the server certificate that you want to update.
  • new_cert_name (string) – The new name for the server certificate. Include this only if you are updating the server certificate’s name.
  • new_path (string) – If provided, the path of the certificate will be changed to this path.
update_signing_cert(cert_id, status, user_name=None)

Change the status of the specified signing certificate from Active to Inactive or vice versa.

If the user_name is not specified, it is determined implicitly based on the AWS Access Key ID used to sign the request.

Parameters:
  • cert_id (string) – The ID of the signing certificate
  • status (string) – Either Active or Inactive.
  • user_name (string) – The username of the user
update_user(user_name, new_user_name=None, new_path=None)

Updates name and/or path of the specified user.

Parameters:
  • user_name (string) – The name of the user
  • new_user_name (string) – If provided, the username of the user will be changed to this username.
  • new_path (string) – If provided, the path of the user will be changed to this path.
upload_server_cert(cert_name, cert_body, private_key, cert_chain=None, path=None)

Uploads a server certificate entity for the AWS Account. The server certificate entity includes a public key certificate, a private key, and an optional certificate chain, which should all be PEM-encoded.

Parameters:
  • cert_name (string) – The name for the server certificate. Do not include the path in this value.
  • cert_body (string) – The contents of the public key certificate in PEM-encoded format.
  • private_key (string) – The contents of the private key in PEM-encoded format.
  • cert_chain (string) – The contents of the certificate chain. This is typically a concatenation of the PEM-encoded public key certificates of the chain.
  • path (string) – The path for the server certificate.
upload_signing_cert(cert_body, user_name=None)

Uploads an X.509 signing certificate and associates it with the specified user.

If the user_name is not specified, it is determined implicitly based on the AWS Access Key ID used to sign the request.

Parameters:
  • cert_body (string) – The body of the signing certificate.
  • user_name (string) – The username of the user

boto.iam.summarymap

class boto.iam.summarymap.SummaryMap(parent=None)
endElement(name, value, connection)
startElement(name, attrs, connection)