IAM¶
-
class
iam.
group
¶ Example:
resources = storage_connector.read_resources( service="iam", resource_type="group") for resource in resources: resource.load() print(resource.urn) print(resource.arn) print(resource.create_date) print(resource.group_id) print(resource.group_name) print(resource.path)
-
arn
¶ The Amazon Resource Name (ARN) specifying the group. For more information about ARNs and how to use them in policies, see IAM identifiers in the IAM User Guide .
-
create_date
¶ The date and time, in ISO 8601 date-time format , when the group was created.
-
group_id
¶ The stable and unique string identifying the group. For more information about IDs, see IAM identifiers in the IAM User Guide .
-
group_name
¶ The friendly name that identifies the group.
-
path
¶ The path to the group. For more information about paths, see IAM identifiers in the IAM User Guide .
-
-
class
iam.group.
group_policy
¶ A subresource of
iam.group
.Example:
resources = storage_connector.read_resources( service="iam", resource_type="group_policy") for resource in resources: resource.load() print(resource.urn) print(resource.policy_document) print(resource.policy_name)
-
policy_document
¶ The policy document. IAM stores policies in JSON format. However, resources that were created using AWS CloudFormation templates can be formatted in YAML. AWS CloudFormation always converts a YAML policy to JSON format before submitting it to IAM.
-
policy_name
¶ The name of the policy.
-
-
class
iam.
instance_profile
¶ Example:
resources = storage_connector.read_resources( service="iam", resource_type="instance_profile") for resource in resources: resource.load() print(resource.urn) print(resource.arn) print(resource.create_date) print(resource.instance_profile_id) print(resource.instance_profile_name) print(resource.path) print(resource.roles_attribute) print(resource.tags)
-
arn
¶ The Amazon Resource Name (ARN) specifying the instance profile. For more information about ARNs and how to use them in policies, see IAM identifiers in the IAM User Guide .
-
create_date
¶ The date when the instance profile was created.
-
instance_profile_id
¶ The stable and unique string identifying the instance profile. For more information about IDs, see IAM identifiers in the IAM User Guide .
-
instance_profile_name
¶ The name identifying the instance profile.
-
path
¶ The path to the instance profile. For more information about paths, see IAM identifiers in the IAM User Guide .
-
roles_attribute
¶ The role associated with the instance profile.
A list of tags that are attached to the instance profile. For more information about tagging, see Tagging IAM resources in the IAM User Guide .
-
-
class
iam.
policy
¶ Example:
resources = storage_connector.read_resources( service="iam", resource_type="policy") for resource in resources: resource.load() print(resource.urn) print(resource.attachment_count) print(resource.create_date) print(resource.default_version_id) print(resource.description) print(resource.is_attachable) print(resource.path) print(resource.permissions_boundary_usage_count) print(resource.policy_id) print(resource.policy_name) print(resource.tags) print(resource.update_date)
-
attachment_count
¶ The number of entities (users, groups, and roles) that the policy is attached to.
-
create_date
¶ The date and time, in ISO 8601 date-time format , when the policy was created.
-
default_version_id
¶ The identifier for the version of the policy that is set as the default version.
-
description
¶ A friendly description of the policy. This element is included in the response to the GetPolicy operation. It is not included in the response to the ListPolicies operation.
-
is_attachable
¶ Specifies whether the policy can be attached to an IAM user, group, or role.
-
path
¶ The path to the policy. For more information about paths, see IAM identifiers in the IAM User Guide .
-
permissions_boundary_usage_count
¶ The number of entities (users and roles) for which the policy is used to set the permissions boundary. For more information about permissions boundaries, see Permissions boundaries for IAM identities in the IAM User Guide .
-
policy_id
¶ The stable and unique string identifying the policy. For more information about IDs, see IAM identifiers in the IAM User Guide .
-
policy_name
¶ The friendly name (not ARN) identifying the policy.
A list of tags that are attached to the instance profile. For more information about tagging, see Tagging IAM resources in the IAM User Guide .
-
update_date
¶ The date and time, in ISO 8601 date-time format , when the policy was last updated. When a policy has only one version, this field contains the date and time when the policy was created. When a policy has more than one version, this field contains the date and time when the most recent policy version was created.
-
-
class
iam.policy.
policy_version
¶ A subresource of
iam.policy
.Example:
resources = storage_connector.read_resources( service="iam", resource_type="policy_version") for resource in resources: resource.load() print(resource.urn) print(resource.create_date) print(resource.document) print(resource.is_default_version)
-
create_date
¶ The date and time, in ISO 8601 date-time format , when the policy version was created.
-
document
¶ The policy document. The policy document is returned in the response to the GetPolicyVersion and GetAccountAuthorizationDetails operations. It is not returned in the response to the CreatePolicyVersion or ListPolicyVersions operations. The policy document returned in this structure is URL-encoded compliant with RFC 3986 . You can use a URL decoding method to convert the policy back to plain JSON text. For example, if you use Java, you can use the
decode
method of thejava.net.URLDecoder
utility class in the Java SDK. Other languages and SDKs provide similar functionality.
-
is_default_version
¶ Specifies whether the policy version is set as the policy’s default version.
-
-
class
iam.
role
¶ Example:
resources = storage_connector.read_resources( service="iam", resource_type="role") for resource in resources: resource.load() print(resource.urn) print(resource.arn) print(resource.assume_role_policy_document) print(resource.create_date) print(resource.description) print(resource.max_session_duration) print(resource.path) print(resource.permissions_boundary) print(resource.role_id) print(resource.role_last_used) print(resource.role_name) print(resource.tags)
-
arn
¶ The Amazon Resource Name (ARN) specifying the role. For more information about ARNs and how to use them in policies, see IAM identifiers in the IAM User Guide guide.
-
assume_role_policy_document
¶ The policy that grants an entity permission to assume the role.
-
create_date
¶ The date and time, in ISO 8601 date-time format , when the role was created.
-
description
¶ A description of the role that you provide.
-
max_session_duration
¶ The maximum session duration (in seconds) for the specified role. Anyone who uses the AWS CLI, or API to assume the role can specify the duration using the optional
DurationSeconds
API parameter orduration-seconds
CLI parameter.
-
path
¶ The path to the role. For more information about paths, see IAM identifiers in the IAM User Guide .
-
permissions_boundary
¶ The ARN of the policy used to set the permissions boundary for the role. For more information about permissions boundaries, see Permissions boundaries for IAM identities in the IAM User Guide .
-
role_id
¶ The stable and unique string identifying the role. For more information about IDs, see IAM identifiers in the IAM User Guide .
-
role_last_used
¶ Contains information about the last time that an IAM role was used. This includes the date and time and the Region in which the role was last used. Activity is only reported for the trailing 400 days. This period can be shorter if your Region began supporting these features within the last year. The role might have been used more than 400 days ago. For more information, see Regions where data is tracked in the IAM User Guide .
-
role_name
¶ The friendly name that identifies the role.
A list of tags that are attached to the role. For more information about tagging, see Tagging IAM resources in the IAM User Guide .
-
-
class
iam.role.
role_policy
¶ A subresource of
iam.role
.Example:
resources = storage_connector.read_resources( service="iam", resource_type="role_policy") for resource in resources: resource.load() print(resource.urn) print(resource.policy_document) print(resource.policy_name)
-
policy_document
¶ The policy document. IAM stores policies in JSON format. However, resources that were created using AWS CloudFormation templates can be formatted in YAML. AWS CloudFormation always converts a YAML policy to JSON format before submitting it to IAM.
-
policy_name
¶ The name of the policy.
-
-
class
iam.role.
role_inline_policy_attachments
¶ A secondary attribute for the
iam.role
resource type.Example:
resources = storage_connector.read_resources( service="iam", resource_type="role") for resource in resources: resource.get_secondary_attribute(name="role_inline_policy_attachments")
-
class
iam.role.
role_managed_policy_attachments
¶ A secondary attribute for the
iam.role
resource type.Example:
resources = storage_connector.read_resources( service="iam", resource_type="role") for resource in resources: resource.get_secondary_attribute(name="role_managed_policy_attachments")
-
class
iam.
saml_provider
¶ Example:
resources = storage_connector.read_resources( service="iam", resource_type="saml_provider") for resource in resources: resource.load() print(resource.urn) print(resource.create_date) print(resource.saml_metadata_document) print(resource.tags) print(resource.valid_until)
-
create_date
¶ The date and time when the SAML provider was created.
-
saml_metadata_document
¶ The XML metadata document that includes information about an identity provider.
A list of tags that are attached to the specified IAM SAML provider. The returned list of tags is sorted by tag key. For more information about tagging, see Tagging IAM resources in the IAM User Guide .
-
valid_until
¶ The expiration date and time for the SAML provider.
-
-
class
iam.
server_certificate
¶ Example:
resources = storage_connector.read_resources( service="iam", resource_type="server_certificate") for resource in resources: resource.load() print(resource.urn) print(resource.certificate_body) print(resource.certificate_chain) print(resource.server_certificate_metadata) print(resource.tags)
-
certificate_body
¶ The contents of the public key certificate.
-
certificate_chain
¶ The contents of the public key certificate chain.
-
server_certificate_metadata
¶ The meta information of the server certificate, such as its name, path, ID, and ARN.
A list of tags that are attached to the server certificate. For more information about tagging, see Tagging IAM resources in the IAM User Guide .
-
-
class
iam.
user
¶ Example:
resources = storage_connector.read_resources( service="iam", resource_type="user") for resource in resources: resource.load() print(resource.urn) print(resource.arn) print(resource.create_date) print(resource.password_last_used) print(resource.path) print(resource.permissions_boundary) print(resource.tags) print(resource.user_id) print(resource.user_name)
-
arn
¶ The Amazon Resource Name (ARN) that identifies the user. For more information about ARNs and how to use ARNs in policies, see IAM Identifiers in the IAM User Guide .
-
create_date
¶ The date and time, in ISO 8601 date-time format , when the user was created.
-
password_last_used
¶ The date and time, in ISO 8601 date-time format , when the user’s password was last used to sign in to an AWS website. For a list of AWS websites that capture a user’s last sign-in time, see the Credential reports topic in the IAM User Guide . If a password is used more than once in a five-minute span, only the first use is returned in this field. If the field is null (no value), then it indicates that they never signed in with a password. This can be because: * The user never had a password. * A password exists but has not been used since IAM started tracking this information on October 20, 2014. A null value does not mean that the user never had a password. Also, if the user does not currently have a password but had one in the past, then this field contains the date and time the most recent password was used. This value is returned only in the GetUser and ListUsers operations.
-
path
¶ The path to the user. For more information about paths, see IAM identifiers in the IAM User Guide . The ARN of the policy used to set the permissions boundary for the user.
-
permissions_boundary
¶ For more information about permissions boundaries, see Permissions boundaries for IAM identities in the IAM User Guide .
A list of tags that are associated with the user. For more information about tagging, see Tagging IAM resources in the IAM User Guide .
-
user_id
¶ The stable and unique string identifying the user. For more information about IDs, see IAM identifiers in the IAM User Guide .
-
user_name
¶ The friendly name identifying the user.
-
-
class
iam.user.
access_key
¶ A subresource of
iam.user
.Example:
resources = storage_connector.read_resources( service="iam", resource_type="access_key") for resource in resources: resource.load() print(resource.urn) print(resource.access_key_id) print(resource.create_date) print(resource.status)
-
access_key_id
¶ The ID for this access key.
-
create_date
¶ The date when the access key was created.
-
status
¶ The status of the access key.
Active
means that the key is valid for API calls;Inactive
means it is not.
-
-
class
iam.user.
mfa_device
¶ A subresource of
iam.user
.Example:
resources = storage_connector.read_resources( service="iam", resource_type="mfa_device") for resource in resources: resource.load() print(resource.urn) print(resource.enable_date)
-
enable_date
¶ The date when the MFA device was enabled for the user.
-
-
class
iam.user.
user_policy
¶ A subresource of
iam.user
.Example:
resources = storage_connector.read_resources( service="iam", resource_type="user_policy") for resource in resources: resource.load() print(resource.urn) print(resource.policy_document) print(resource.policy_name)
-
policy_document
¶ The policy document. IAM stores policies in JSON format. However, resources that were created using AWS CloudFormation templates can be formatted in YAML. AWS CloudFormation always converts a YAML policy to JSON format before submitting it to IAM.
-
policy_name
¶ The name of the policy.
-
-
class
iam.user.
signing_certificate
¶ A subresource of
iam.user
.Example:
resources = storage_connector.read_resources( service="iam", resource_type="signing_certificate") for resource in resources: resource.load() print(resource.urn) print(resource.certificate_body) print(resource.certificate_id) print(resource.status) print(resource.upload_date)
-
certificate_body
¶ The contents of the signing certificate.
-
certificate_id
¶ The ID for the signing certificate.
-
status
¶ The status of the signing certificate.
Active
means that the key is valid for API calls, whileInactive
means it is not.
-
upload_date
¶ The date when the signing certificate was uploaded.
-
-
class
iam.
virtual_mfa_device
¶ Example:
resources = storage_connector.read_resources( service="iam", resource_type="virtual_mfa_device") for resource in resources: resource.load() print(resource.urn) print(resource.base32_string_seed) print(resource.enable_date) print(resource.qr_code_png) print(resource.tags) print(resource.user_attribute)
-
base32_string_seed
¶ The base32 seed defined as specified in RFC3548 . The
Base32StringSeed
is base64-encoded.
-
enable_date
¶ The date and time on which the virtual MFA device was enabled.
-
qr_code_png
¶ A QR code PNG image that encodes
otpauth://totp/$virtualMFADeviceName@$AccountName?secret=$Base32String
where$virtualMFADeviceName
is one of the create call arguments.AccountName
is the user name if set (otherwise, the account ID otherwise), andBase32String
is the seed in base32 format. TheBase32String
value is base64-encoded.
A list of tags that are attached to the virtual MFA device. For more information about tagging, see Tagging IAM resources in the IAM User Guide .
-
user_attribute
¶ The IAM user associated with this virtual MFA device.
-