IAM
- class iam.group
-
Example:
resources = storage_connector.read_resources( service="iam", resource_type="group") for resource in resources: resource.load() print(resource.urn) print(resource.arn) print(resource.create_date) print(resource.group_id) print(resource.group_name) print(resource.path) print(resource.group_managed_policy_attachments)
- arn
The Amazon Resource Name (ARN) specifying the group. For more information about ARNs and how to use them in policies, see IAM identifiers in the IAM User Guide .
- create_date
The date and time, in ISO 8601 date-time format , when the group was created.
- group_id
The stable and unique string identifying the group. For more information about IDs, see IAM identifiers in the IAM User Guide .
- group_name
The friendly name that identifies the group.
- path
The path to the group. For more information about paths, see IAM identifiers in the IAM User Guide .
- group_managed_policy_attachments
Contains the response to a successful ListAttachedGroupPolicies request.
- class iam.group.group_policy
A subresource of
iam.group
.Example:
resources = storage_connector.read_resources( service="iam", resource_type="group_policy") for resource in resources: resource.load() print(resource.urn) print(resource.policy_document) print(resource.policy_name)
- policy_document
The policy document. IAM stores policies in JSON format. However, resources that were created using CloudFormation templates can be formatted in YAML. CloudFormation always converts a YAML policy to JSON format before submitting it to IAM.
- policy_name
The name of the policy.
- class iam.instance_profile
-
Example:
resources = storage_connector.read_resources( service="iam", resource_type="instance_profile") for resource in resources: resource.load() print(resource.urn) print(resource.arn) print(resource.create_date) print(resource.instance_profile_id) print(resource.instance_profile_name) print(resource.path) print(resource.roles_attribute) print(resource.tags)
- arn
The Amazon Resource Name (ARN) specifying the instance profile. For more information about ARNs and how to use them in policies, see IAM identifiers in the IAM User Guide .
- create_date
The date when the instance profile was created.
- instance_profile_id
The stable and unique string identifying the instance profile. For more information about IDs, see IAM identifiers in the IAM User Guide .
- instance_profile_name
The name identifying the instance profile.
- path
The path to the instance profile. For more information about paths, see IAM identifiers in the IAM User Guide .
- roles_attribute
The role associated with the instance profile.
- tags
A list of tags that are attached to the instance profile. For more information about tagging, see Tagging IAM resources in the IAM User Guide .
- class iam.policy
-
Example:
resources = storage_connector.read_resources( service="iam", resource_type="policy") for resource in resources: resource.load() print(resource.urn) print(resource.attachment_count) print(resource.create_date) print(resource.default_version_id) print(resource.description) print(resource.is_attachable) print(resource.path) print(resource.permissions_boundary_usage_count) print(resource.policy_id) print(resource.policy_name) print(resource.tags) print(resource.update_date)
- attachment_count
The number of entities (users, groups, and roles) that the policy is attached to.
- create_date
The date and time, in ISO 8601 date-time format , when the policy was created.
- default_version_id
The identifier for the version of the policy that is set as the default version.
- description
A friendly description of the policy. This element is included in the response to the GetPolicy operation. It is not included in the response to the ListPolicies operation.
- is_attachable
Specifies whether the policy can be attached to an IAM user, group, or role.
- path
The path to the policy. For more information about paths, see IAM identifiers in the IAM User Guide .
- permissions_boundary_usage_count
The number of entities (users and roles) for which the policy is used to set the permissions boundary. For more information about permissions boundaries, see Permissions boundaries for IAM identities in the IAM User Guide .
- policy_id
The stable and unique string identifying the policy. For more information about IDs, see IAM identifiers in the IAM User Guide .
- policy_name
The friendly name (not ARN) identifying the policy.
- tags
A list of tags that are attached to the instance profile. For more information about tagging, see Tagging IAM resources in the IAM User Guide .
- update_date
The date and time, in ISO 8601 date-time format , when the policy was last updated. When a policy has only one version, this field contains the date and time when the policy was created. When a policy has more than one version, this field contains the date and time when the most recent policy version was created.
- class iam.policy.policy_version
A subresource of
iam.policy
.Default JMESPath Filters:
['[?IsDefaultVersion==`true`]']
Example:
resources = storage_connector.read_resources( service="iam", resource_type="policy_version") for resource in resources: resource.load() print(resource.urn) print(resource.create_date) print(resource.document) print(resource.is_default_version)
- create_date
The date and time, in ISO 8601 date-time format , when the policy version was created.
- document
The policy document. The policy document is returned in the response to the GetPolicyVersion and GetAccountAuthorizationDetails operations. It is not returned in the response to the CreatePolicyVersion or ListPolicyVersions operations. The policy document returned in this structure is URL-encoded compliant with RFC 3986 . You can use a URL decoding method to convert the policy back to plain JSON text. For example, if you use Java, you can use the
decode
method of thejava.net.URLDecoder
utility class in the Java SDK. Other languages and SDKs provide similar functionality.
- is_default_version
Specifies whether the policy version is set as the policy’s default version.
- class iam.role
-
Example:
resources = storage_connector.read_resources( service="iam", resource_type="role") for resource in resources: resource.load() print(resource.urn) print(resource.arn) print(resource.assume_role_policy_document) print(resource.create_date) print(resource.description) print(resource.max_session_duration) print(resource.path) print(resource.permissions_boundary) print(resource.role_id) print(resource.role_last_used) print(resource.role_name) print(resource.tags) print(resource.role_managed_policy_attachments)
- arn
The Amazon Resource Name (ARN) specifying the role. For more information about ARNs and how to use them in policies, see IAM identifiers in the IAM User Guide guide.
- assume_role_policy_document
The policy that grants an entity permission to assume the role.
- create_date
The date and time, in ISO 8601 date-time format , when the role was created.
- description
A description of the role that you provide.
- max_session_duration
The maximum session duration (in seconds) for the specified role. Anyone who uses the CLI, or API to assume the role can specify the duration using the optional
DurationSeconds
API parameter orduration-seconds
CLI parameter.
- path
The path to the role. For more information about paths, see IAM identifiers in the IAM User Guide .
- permissions_boundary
The ARN of the policy used to set the permissions boundary for the role. For more information about permissions boundaries, see Permissions boundaries for IAM identities in the IAM User Guide .
- role_id
The stable and unique string identifying the role. For more information about IDs, see IAM identifiers in the IAM User Guide .
- role_last_used
Contains information about the last time that an IAM role was used. This includes the date and time and the Region in which the role was last used. Activity is only reported for the trailing 400 days. This period can be shorter if your Region began supporting these features within the last year. The role might have been used more than 400 days ago. For more information, see Regions where data is tracked in the IAM User Guide .
- role_name
The friendly name that identifies the role.
- tags
A list of tags that are attached to the role. For more information about tagging, see Tagging IAM resources in the IAM User Guide .
- role_managed_policy_attachments
Contains the response to a successful ListAttachedRolePolicies request.
- class iam.role.role_policy
A subresource of
iam.role
.Example:
resources = storage_connector.read_resources( service="iam", resource_type="role_policy") for resource in resources: resource.load() print(resource.urn) print(resource.policy_document) print(resource.policy_name)
- policy_document
The policy document. IAM stores policies in JSON format. However, resources that were created using CloudFormation templates can be formatted in YAML. CloudFormation always converts a YAML policy to JSON format before submitting it to IAM.
- policy_name
The name of the policy.
- class iam.saml_provider
Example:
resources = storage_connector.read_resources( service="iam", resource_type="saml_provider") for resource in resources: resource.load() print(resource.urn) print(resource.create_date) print(resource.saml_metadata_document) print(resource.tags) print(resource.valid_until)
- create_date
The date and time when the SAML provider was created.
- saml_metadata_document
The XML metadata document that includes information about an identity provider.
- tags
A list of tags that are attached to the specified IAM SAML provider. The returned list of tags is sorted by tag key. For more information about tagging, see Tagging IAM resources in the IAM User Guide .
- valid_until
The expiration date and time for the SAML provider.
- class iam.server_certificate
Example:
resources = storage_connector.read_resources( service="iam", resource_type="server_certificate") for resource in resources: resource.load() print(resource.urn) print(resource.certificate_body) print(resource.certificate_chain) print(resource.server_certificate_metadata) print(resource.tags)
- certificate_body
The contents of the public key certificate.
- certificate_chain
The contents of the public key certificate chain.
- server_certificate_metadata
The meta information of the server certificate, such as its name, path, ID, and ARN.
- tags
A list of tags that are attached to the server certificate. For more information about tagging, see Tagging IAM resources in the IAM User Guide .
- class iam.user
-
Example:
resources = storage_connector.read_resources( service="iam", resource_type="user") for resource in resources: resource.load() print(resource.urn) print(resource.arn) print(resource.create_date) print(resource.password_last_used) print(resource.path) print(resource.permissions_boundary) print(resource.tags) print(resource.user_id) print(resource.user_name) print(resource.user_managed_policy_attachments)
- arn
The Amazon Resource Name (ARN) that identifies the user. For more information about ARNs and how to use ARNs in policies, see IAM Identifiers in the IAM User Guide .
- create_date
The date and time, in ISO 8601 date-time format , when the user was created.
- password_last_used
The date and time, in ISO 8601 date-time format , when the user’s password was last used to sign in to an Amazon Web Services website. For a list of Amazon Web Services websites that capture a user’s last sign-in time, see the Credential reports topic in the IAM User Guide . If a password is used more than once in a five-minute span, only the first use is returned in this field. If the field is null (no value), then it indicates that they never signed in with a password. This can be because: * The user never had a password. * A password exists but has not been used since IAM started tracking this information on October 20, 2014. A null value does not mean that the user never had a password. Also, if the user does not currently have a password but had one in the past, then this field contains the date and time the most recent password was used. This value is returned only in the GetUser and ListUsers operations.
- path
The path to the user. For more information about paths, see IAM identifiers in the IAM User Guide . The ARN of the policy used to set the permissions boundary for the user.
- permissions_boundary
For more information about permissions boundaries, see Permissions boundaries for IAM identities in the IAM User Guide .
- tags
A list of tags that are associated with the user. For more information about tagging, see Tagging IAM resources in the IAM User Guide .
- user_id
The stable and unique string identifying the user. For more information about IDs, see IAM identifiers in the IAM User Guide .
- user_name
The friendly name identifying the user.
- user_managed_policy_attachments
Contains the response to a successful ListAttachedUserPolicies request.
- class iam.user.access_key
A subresource of
iam.user
.Example:
resources = storage_connector.read_resources( service="iam", resource_type="access_key") for resource in resources: resource.load() print(resource.urn) print(resource.access_key_id) print(resource.create_date) print(resource.status)
- access_key_id
The ID for this access key.
- create_date
The date when the access key was created.
- status
The status of the access key.
Active
means that the key is valid for API calls;Inactive
means it is not.
- class iam.user.mfa_device
A subresource of
iam.user
.Example:
resources = storage_connector.read_resources( service="iam", resource_type="mfa_device") for resource in resources: resource.load() print(resource.urn) print(resource.enable_date)
- enable_date
The date when the MFA device was enabled for the user.
- class iam.user.signing_certificate
A subresource of
iam.user
.Example:
resources = storage_connector.read_resources( service="iam", resource_type="signing_certificate") for resource in resources: resource.load() print(resource.urn) print(resource.certificate_body) print(resource.certificate_id) print(resource.status) print(resource.upload_date)
- certificate_body
The contents of the signing certificate.
- certificate_id
The ID for the signing certificate.
- status
The status of the signing certificate.
Active
means that the key is valid for API calls, whileInactive
means it is not.
- upload_date
The date when the signing certificate was uploaded.
- class iam.user.user_policy
A subresource of
iam.user
.Example:
resources = storage_connector.read_resources( service="iam", resource_type="user_policy") for resource in resources: resource.load() print(resource.urn) print(resource.policy_document) print(resource.policy_name)
- policy_document
The policy document. IAM stores policies in JSON format. However, resources that were created using CloudFormation templates can be formatted in YAML. CloudFormation always converts a YAML policy to JSON format before submitting it to IAM.
- policy_name
The name of the policy.
- class iam.virtual_mfa_device
Example:
resources = storage_connector.read_resources( service="iam", resource_type="virtual_mfa_device") for resource in resources: resource.load() print(resource.urn) print(resource.base32_string_seed) print(resource.enable_date) print(resource.qr_code_png) print(resource.tags) print(resource.user_attribute)
- base32_string_seed
The base32 seed defined as specified in RFC3548 . The
Base32StringSeed
is base64-encoded.
- enable_date
The date and time on which the virtual MFA device was enabled.
- qr_code_png
A QR code PNG image that encodes
otpauth://totp/$virtualMFADeviceName@$AccountName?secret=$Base32String
where$virtualMFADeviceName
is one of the create call arguments.AccountName
is the user name if set (otherwise, the account ID otherwise), andBase32String
is the seed in base32 format. TheBase32String
value is base64-encoded.
- tags
A list of tags that are attached to the virtual MFA device. For more information about tagging, see Tagging IAM resources in the IAM User Guide .
- user_attribute
The IAM user associated with this virtual MFA device.