IAM

iam.group

class iam.group
../_images/iam_group.gv.png

Discovery Example:

>>> from cloudwanderer import CloudWanderer, ServiceResourceType
>>> from cloudwanderer.storage_connectors import GremlinStorageConnector
>>> cloud_wanderer = CloudWanderer(storage_connectors=[
...        GremlinStorageConnector(
...          endpoint_url="ws://localhost:8182",
...        )
...    ])
>>> cloud_wanderer.write_resources(
...     service_resource_types=[ServiceResourceType("iam","group")]
... )

OpenCypher Example:

How to query resources of this type using OpenCypher in Neptune.

MATCH (group:aws_iam_group)
RETURN *

Gremlin Example:

How to query resources of this type using Gremlin in Neptune/local Gremlin.

g.V().hasLabel('aws_iam_group').out().path().by(valueMap(true))
arn

The Amazon Resource Name (ARN) specifying the group. For more information about ARNs and how to use them in policies, see IAM identifiers in the IAM User Guide .

create_date

The date and time, in ISO 8601 date-time format , when the group was created.

group_id

The stable and unique string identifying the group. For more information about IDs, see IAM identifiers in the IAM User Guide .

group_name

The friendly name that identifies the group.

path

The path to the group. For more information about paths, see IAM identifiers in the IAM User Guide .

group_managed_policy_attachments

Contains the response to a successful ListAttachedGroupPolicies request.

iam.group.group_policy

class iam.group.group_policy

A subresource of iam.group.

../_images/iam_group_policy.gv.png

Discovery Example:

>>> from cloudwanderer import CloudWanderer, ServiceResourceType
>>> from cloudwanderer.storage_connectors import GremlinStorageConnector
>>> cloud_wanderer = CloudWanderer(storage_connectors=[
...        GremlinStorageConnector(
...          endpoint_url="ws://localhost:8182",
...        )
...    ])
>>> cloud_wanderer.write_resources(
...     service_resource_types=[ServiceResourceType("iam","group_policy")]
... )

OpenCypher Example:

How to query resources of this type using OpenCypher in Neptune.

MATCH (group_policy:aws_iam_group_policy)
RETURN *

Gremlin Example:

How to query resources of this type using Gremlin in Neptune/local Gremlin.

g.V().hasLabel('aws_iam_group_policy').out().path().by(valueMap(true))
policy_document

The policy document. IAM stores policies in JSON format. However, resources that were created using CloudFormation templates can be formatted in YAML. CloudFormation always converts a YAML policy to JSON format before submitting it to IAM.

policy_name

The name of the policy.

iam.instance_profile

class iam.instance_profile
../_images/iam_instance_profile.gv.png

Discovery Example:

>>> from cloudwanderer import CloudWanderer, ServiceResourceType
>>> from cloudwanderer.storage_connectors import GremlinStorageConnector
>>> cloud_wanderer = CloudWanderer(storage_connectors=[
...        GremlinStorageConnector(
...          endpoint_url="ws://localhost:8182",
...        )
...    ])
>>> cloud_wanderer.write_resources(
...     service_resource_types=[ServiceResourceType("iam","instance_profile")]
... )

OpenCypher Example:

How to query resources of this type using OpenCypher in Neptune.

MATCH (instance_profile:aws_iam_instance_profile)
RETURN *

Gremlin Example:

How to query resources of this type using Gremlin in Neptune/local Gremlin.

g.V().hasLabel('aws_iam_instance_profile').out().path().by(valueMap(true))
arn

The Amazon Resource Name (ARN) specifying the instance profile. For more information about ARNs and how to use them in policies, see IAM identifiers in the IAM User Guide .

create_date

The date when the instance profile was created.

instance_profile_id

The stable and unique string identifying the instance profile. For more information about IDs, see IAM identifiers in the IAM User Guide .

instance_profile_name

The name identifying the instance profile.

path

The path to the instance profile. For more information about paths, see IAM identifiers in the IAM User Guide .

roles_attribute

The role associated with the instance profile.

tags

A list of tags that are attached to the instance profile. For more information about tagging, see Tagging IAM resources in the IAM User Guide .

iam.policy

class iam.policy
../_images/iam_policy.gv.png

Discovery Example:

>>> from cloudwanderer import CloudWanderer, ServiceResourceType
>>> from cloudwanderer.storage_connectors import GremlinStorageConnector
>>> cloud_wanderer = CloudWanderer(storage_connectors=[
...        GremlinStorageConnector(
...          endpoint_url="ws://localhost:8182",
...        )
...    ])
>>> cloud_wanderer.write_resources(
...     service_resource_types=[ServiceResourceType("iam","policy")]
... )

OpenCypher Example:

How to query resources of this type using OpenCypher in Neptune.

MATCH (policy:aws_iam_policy)
RETURN *

Gremlin Example:

How to query resources of this type using Gremlin in Neptune/local Gremlin.

g.V().hasLabel('aws_iam_policy').out().path().by(valueMap(true))
attachment_count

The number of entities (users, groups, and roles) that the policy is attached to.

create_date

The date and time, in ISO 8601 date-time format , when the policy was created.

default_version_id

The identifier for the version of the policy that is set as the default version.

description

A friendly description of the policy. This element is included in the response to the GetPolicy operation. It is not included in the response to the ListPolicies operation.

is_attachable

Specifies whether the policy can be attached to an IAM user, group, or role.

path

The path to the policy. For more information about paths, see IAM identifiers in the IAM User Guide .

permissions_boundary_usage_count

The number of entities (users and roles) for which the policy is used to set the permissions boundary. For more information about permissions boundaries, see Permissions boundaries for IAM identities in the IAM User Guide .

policy_id

The stable and unique string identifying the policy. For more information about IDs, see IAM identifiers in the IAM User Guide .

policy_name

The friendly name (not ARN) identifying the policy.

tags

A list of tags that are attached to the instance profile. For more information about tagging, see Tagging IAM resources in the IAM User Guide .

update_date

The date and time, in ISO 8601 date-time format , when the policy was last updated. When a policy has only one version, this field contains the date and time when the policy was created. When a policy has more than one version, this field contains the date and time when the most recent policy version was created.

iam.policy.policy_version

class iam.policy.policy_version

A subresource of iam.policy.

../_images/iam_policy_version.gv.png

Default JMESPath Filters: ['[?IsDefaultVersion==`true`]']

Discovery Example:

>>> from cloudwanderer import CloudWanderer, ServiceResourceType
>>> from cloudwanderer.storage_connectors import GremlinStorageConnector
>>> cloud_wanderer = CloudWanderer(storage_connectors=[
...        GremlinStorageConnector(
...          endpoint_url="ws://localhost:8182",
...        )
...    ])
>>> cloud_wanderer.write_resources(
...     service_resource_types=[ServiceResourceType("iam","policy_version")]
... )

OpenCypher Example:

How to query resources of this type using OpenCypher in Neptune.

MATCH (policy_version:aws_iam_policy_version)
RETURN *

Gremlin Example:

How to query resources of this type using Gremlin in Neptune/local Gremlin.

g.V().hasLabel('aws_iam_policy_version').out().path().by(valueMap(true))
create_date

The date and time, in ISO 8601 date-time format , when the policy version was created.

document

The policy document. The policy document is returned in the response to the GetPolicyVersion and GetAccountAuthorizationDetails operations. It is not returned in the response to the CreatePolicyVersion or ListPolicyVersions operations. The policy document returned in this structure is URL-encoded compliant with RFC 3986 . You can use a URL decoding method to convert the policy back to plain JSON text. For example, if you use Java, you can use the decode method of the java.net.URLDecoder utility class in the Java SDK. Other languages and SDKs provide similar functionality.

is_default_version

Specifies whether the policy version is set as the policy’s default version.

iam.role

class iam.role
../_images/iam_role.gv.png

Discovery Example:

>>> from cloudwanderer import CloudWanderer, ServiceResourceType
>>> from cloudwanderer.storage_connectors import GremlinStorageConnector
>>> cloud_wanderer = CloudWanderer(storage_connectors=[
...        GremlinStorageConnector(
...          endpoint_url="ws://localhost:8182",
...        )
...    ])
>>> cloud_wanderer.write_resources(
...     service_resource_types=[ServiceResourceType("iam","role")]
... )

OpenCypher Example:

How to query resources of this type using OpenCypher in Neptune.

MATCH (role:aws_iam_role)
RETURN *

Gremlin Example:

How to query resources of this type using Gremlin in Neptune/local Gremlin.

g.V().hasLabel('aws_iam_role').out().path().by(valueMap(true))
arn

The Amazon Resource Name (ARN) specifying the role. For more information about ARNs and how to use them in policies, see IAM identifiers in the IAM User Guide guide.

assume_role_policy_document

The policy that grants an entity permission to assume the role.

create_date

The date and time, in ISO 8601 date-time format , when the role was created.

description

A description of the role that you provide.

max_session_duration

The maximum session duration (in seconds) for the specified role. Anyone who uses the CLI, or API to assume the role can specify the duration using the optional DurationSeconds API parameter or duration-seconds CLI parameter.

path

The path to the role. For more information about paths, see IAM identifiers in the IAM User Guide .

permissions_boundary

The ARN of the policy used to set the permissions boundary for the role. For more information about permissions boundaries, see Permissions boundaries for IAM identities in the IAM User Guide .

role_id

The stable and unique string identifying the role. For more information about IDs, see IAM identifiers in the IAM User Guide .

role_last_used

Contains information about the last time that an IAM role was used. This includes the date and time and the Region in which the role was last used. Activity is only reported for the trailing 400 days. This period can be shorter if your Region began supporting these features within the last year. The role might have been used more than 400 days ago. For more information, see Regions where data is tracked in the IAM User Guide .

role_name

The friendly name that identifies the role.

tags

A list of tags that are attached to the role. For more information about tagging, see Tagging IAM resources in the IAM User Guide .

role_managed_policy_attachments

Contains the response to a successful ListAttachedRolePolicies request.

iam.role.role_policy

class iam.role.role_policy

A subresource of iam.role.

../_images/iam_role_policy.gv.png

Discovery Example:

>>> from cloudwanderer import CloudWanderer, ServiceResourceType
>>> from cloudwanderer.storage_connectors import GremlinStorageConnector
>>> cloud_wanderer = CloudWanderer(storage_connectors=[
...        GremlinStorageConnector(
...          endpoint_url="ws://localhost:8182",
...        )
...    ])
>>> cloud_wanderer.write_resources(
...     service_resource_types=[ServiceResourceType("iam","role_policy")]
... )

OpenCypher Example:

How to query resources of this type using OpenCypher in Neptune.

MATCH (role_policy:aws_iam_role_policy)
RETURN *

Gremlin Example:

How to query resources of this type using Gremlin in Neptune/local Gremlin.

g.V().hasLabel('aws_iam_role_policy').out().path().by(valueMap(true))
policy_document

The policy document. IAM stores policies in JSON format. However, resources that were created using CloudFormation templates can be formatted in YAML. CloudFormation always converts a YAML policy to JSON format before submitting it to IAM.

policy_name

The name of the policy.

iam.saml_provider

class iam.saml_provider

Discovery Example:

>>> from cloudwanderer import CloudWanderer, ServiceResourceType
>>> from cloudwanderer.storage_connectors import GremlinStorageConnector
>>> cloud_wanderer = CloudWanderer(storage_connectors=[
...        GremlinStorageConnector(
...          endpoint_url="ws://localhost:8182",
...        )
...    ])
>>> cloud_wanderer.write_resources(
...     service_resource_types=[ServiceResourceType("iam","saml_provider")]
... )

OpenCypher Example:

How to query resources of this type using OpenCypher in Neptune.

MATCH (saml_provider:aws_iam_saml_provider)
RETURN *

Gremlin Example:

How to query resources of this type using Gremlin in Neptune/local Gremlin.

g.V().hasLabel('aws_iam_saml_provider').out().path().by(valueMap(true))
create_date

The date and time when the SAML provider was created.

saml_metadata_document

The XML metadata document that includes information about an identity provider.

tags

A list of tags that are attached to the specified IAM SAML provider. The returned list of tags is sorted by tag key. For more information about tagging, see Tagging IAM resources in the IAM User Guide .

valid_until

The expiration date and time for the SAML provider.

iam.server_certificate

class iam.server_certificate

Discovery Example:

>>> from cloudwanderer import CloudWanderer, ServiceResourceType
>>> from cloudwanderer.storage_connectors import GremlinStorageConnector
>>> cloud_wanderer = CloudWanderer(storage_connectors=[
...        GremlinStorageConnector(
...          endpoint_url="ws://localhost:8182",
...        )
...    ])
>>> cloud_wanderer.write_resources(
...     service_resource_types=[ServiceResourceType("iam","server_certificate")]
... )

OpenCypher Example:

How to query resources of this type using OpenCypher in Neptune.

MATCH (server_certificate:aws_iam_server_certificate)
RETURN *

Gremlin Example:

How to query resources of this type using Gremlin in Neptune/local Gremlin.

g.V().hasLabel('aws_iam_server_certificate').out().path().by(valueMap(true))
certificate_body

The contents of the public key certificate.

certificate_chain

The contents of the public key certificate chain.

server_certificate_metadata

The meta information of the server certificate, such as its name, path, ID, and ARN.

tags

A list of tags that are attached to the server certificate. For more information about tagging, see Tagging IAM resources in the IAM User Guide .

iam.user

class iam.user
../_images/iam_user.gv.png

Discovery Example:

>>> from cloudwanderer import CloudWanderer, ServiceResourceType
>>> from cloudwanderer.storage_connectors import GremlinStorageConnector
>>> cloud_wanderer = CloudWanderer(storage_connectors=[
...        GremlinStorageConnector(
...          endpoint_url="ws://localhost:8182",
...        )
...    ])
>>> cloud_wanderer.write_resources(
...     service_resource_types=[ServiceResourceType("iam","user")]
... )

OpenCypher Example:

How to query resources of this type using OpenCypher in Neptune.

MATCH (user:aws_iam_user)
RETURN *

Gremlin Example:

How to query resources of this type using Gremlin in Neptune/local Gremlin.

g.V().hasLabel('aws_iam_user').out().path().by(valueMap(true))
arn

The Amazon Resource Name (ARN) that identifies the user. For more information about ARNs and how to use ARNs in policies, see IAM Identifiers in the IAM User Guide .

create_date

The date and time, in ISO 8601 date-time format , when the user was created.

password_last_used

The date and time, in ISO 8601 date-time format , when the user’s password was last used to sign in to an Amazon Web Services website. For a list of Amazon Web Services websites that capture a user’s last sign-in time, see the Credential reports topic in the IAM User Guide . If a password is used more than once in a five-minute span, only the first use is returned in this field. If the field is null (no value), then it indicates that they never signed in with a password. This can be because: * The user never had a password. * A password exists but has not been used since IAM started tracking this information on October 20, 2014. A null value does not mean that the user never had a password. Also, if the user does not currently have a password but had one in the past, then this field contains the date and time the most recent password was used. This value is returned only in the GetUser and ListUsers operations.

path

The path to the user. For more information about paths, see IAM identifiers in the IAM User Guide . The ARN of the policy used to set the permissions boundary for the user.

permissions_boundary

For more information about permissions boundaries, see Permissions boundaries for IAM identities in the IAM User Guide .

tags

A list of tags that are associated with the user. For more information about tagging, see Tagging IAM resources in the IAM User Guide .

user_id

The stable and unique string identifying the user. For more information about IDs, see IAM identifiers in the IAM User Guide .

user_name

The friendly name identifying the user.

user_managed_policy_attachments

Contains the response to a successful ListAttachedUserPolicies request.

iam.user.access_key

class iam.user.access_key

A subresource of iam.user.

../_images/iam_access_key.gv.png

Discovery Example:

>>> from cloudwanderer import CloudWanderer, ServiceResourceType
>>> from cloudwanderer.storage_connectors import GremlinStorageConnector
>>> cloud_wanderer = CloudWanderer(storage_connectors=[
...        GremlinStorageConnector(
...          endpoint_url="ws://localhost:8182",
...        )
...    ])
>>> cloud_wanderer.write_resources(
...     service_resource_types=[ServiceResourceType("iam","access_key")]
... )

OpenCypher Example:

How to query resources of this type using OpenCypher in Neptune.

MATCH (access_key:aws_iam_access_key)
RETURN *

Gremlin Example:

How to query resources of this type using Gremlin in Neptune/local Gremlin.

g.V().hasLabel('aws_iam_access_key').out().path().by(valueMap(true))
access_key_id

The ID for this access key.

create_date

The date when the access key was created.

status

The status of the access key. Active means that the key is valid for API calls; Inactive means it is not.

iam.user.mfa_device

class iam.user.mfa_device

A subresource of iam.user.

../_images/iam_mfa_device.gv.png

Discovery Example:

>>> from cloudwanderer import CloudWanderer, ServiceResourceType
>>> from cloudwanderer.storage_connectors import GremlinStorageConnector
>>> cloud_wanderer = CloudWanderer(storage_connectors=[
...        GremlinStorageConnector(
...          endpoint_url="ws://localhost:8182",
...        )
...    ])
>>> cloud_wanderer.write_resources(
...     service_resource_types=[ServiceResourceType("iam","mfa_device")]
... )

OpenCypher Example:

How to query resources of this type using OpenCypher in Neptune.

MATCH (mfa_device:aws_iam_mfa_device)
RETURN *

Gremlin Example:

How to query resources of this type using Gremlin in Neptune/local Gremlin.

g.V().hasLabel('aws_iam_mfa_device').out().path().by(valueMap(true))
enable_date

The date when the MFA device was enabled for the user.

iam.user.signing_certificate

class iam.user.signing_certificate

A subresource of iam.user.

../_images/iam_signing_certificate.gv.png

Discovery Example:

>>> from cloudwanderer import CloudWanderer, ServiceResourceType
>>> from cloudwanderer.storage_connectors import GremlinStorageConnector
>>> cloud_wanderer = CloudWanderer(storage_connectors=[
...        GremlinStorageConnector(
...          endpoint_url="ws://localhost:8182",
...        )
...    ])
>>> cloud_wanderer.write_resources(
...     service_resource_types=[ServiceResourceType("iam","signing_certificate")]
... )

OpenCypher Example:

How to query resources of this type using OpenCypher in Neptune.

MATCH (signing_certificate:aws_iam_signing_certificate)
RETURN *

Gremlin Example:

How to query resources of this type using Gremlin in Neptune/local Gremlin.

g.V().hasLabel('aws_iam_signing_certificate').out().path().by(valueMap(true))
certificate_body

The contents of the signing certificate.

certificate_id

The ID for the signing certificate.

status

The status of the signing certificate. Active means that the key is valid for API calls, while Inactive means it is not.

upload_date

The date when the signing certificate was uploaded.

iam.user.user_policy

class iam.user.user_policy

A subresource of iam.user.

../_images/iam_user_policy.gv.png

Discovery Example:

>>> from cloudwanderer import CloudWanderer, ServiceResourceType
>>> from cloudwanderer.storage_connectors import GremlinStorageConnector
>>> cloud_wanderer = CloudWanderer(storage_connectors=[
...        GremlinStorageConnector(
...          endpoint_url="ws://localhost:8182",
...        )
...    ])
>>> cloud_wanderer.write_resources(
...     service_resource_types=[ServiceResourceType("iam","user_policy")]
... )

OpenCypher Example:

How to query resources of this type using OpenCypher in Neptune.

MATCH (user_policy:aws_iam_user_policy)
RETURN *

Gremlin Example:

How to query resources of this type using Gremlin in Neptune/local Gremlin.

g.V().hasLabel('aws_iam_user_policy').out().path().by(valueMap(true))
policy_document

The policy document. IAM stores policies in JSON format. However, resources that were created using CloudFormation templates can be formatted in YAML. CloudFormation always converts a YAML policy to JSON format before submitting it to IAM.

policy_name

The name of the policy.

iam.virtual_mfa_device

class iam.virtual_mfa_device

Discovery Example:

>>> from cloudwanderer import CloudWanderer, ServiceResourceType
>>> from cloudwanderer.storage_connectors import GremlinStorageConnector
>>> cloud_wanderer = CloudWanderer(storage_connectors=[
...        GremlinStorageConnector(
...          endpoint_url="ws://localhost:8182",
...        )
...    ])
>>> cloud_wanderer.write_resources(
...     service_resource_types=[ServiceResourceType("iam","virtual_mfa_device")]
... )

OpenCypher Example:

How to query resources of this type using OpenCypher in Neptune.

MATCH (virtual_mfa_device:aws_iam_virtual_mfa_device)
RETURN *

Gremlin Example:

How to query resources of this type using Gremlin in Neptune/local Gremlin.

g.V().hasLabel('aws_iam_virtual_mfa_device').out().path().by(valueMap(true))
base32_string_seed

The base32 seed defined as specified in RFC3548 . The Base32StringSeed is base64-encoded.

enable_date

The date and time on which the virtual MFA device was enabled.

qr_code_png

A QR code PNG image that encodes otpauth://totp/$virtualMFADeviceName@$AccountName?secret=$Base32String where $virtualMFADeviceName is one of the create call arguments. AccountName is the user name if set (otherwise, the account ID otherwise), and Base32String is the seed in base32 format. The Base32String value is base64-encoded.

tags

A list of tags that are attached to the virtual MFA device. For more information about tagging, see Tagging IAM resources in the IAM User Guide .

user_attribute

The IAM user associated with this virtual MFA device.