API version '2010-05-08' of the Amazon Identity and Access Management SDK configuration.

The request was rejected because the credential report does not exist. To generate a credential report, use GenerateCredentialReport.

The request was rejected because the credential report is still being generated.

The request was rejected because the policy document was malformed. The error message describes the specific error.

The request was rejected because it attempted to create a resource that already exists.

The request was rejected because the certificate was malformed or expired. The error message describes the specific error.

The request was rejected because the most recent credential report has expired. To generate a new credential report, use GenerateCredentialReport. For more information about credential report expiration, see Getting Credential Reports in the IAM User Guide.

The request was rejected because the same certificate is associated with an IAM user in the account.

The request was rejected because it attempted to delete a resource that has attached subordinate entities. The error message describes these entities.

The request was rejected because it referenced an entity that does not exist. The error message describes the entity.

The request was rejected because the certificate is invalid.

The request was rejected because the public key encoding format is unsupported or unrecognized.

The request was rejected because the type of user for the transaction was incorrect.

The request processing has failed because of an unknown error, exception or failure.

The request was rejected because an invalid or out-of-range value was supplied for an input parameter.

The request was rejected because the public key is malformed or otherwise invalid.

The request was rejected because the authentication code was not recognized. The error message describes the specific error.

The request was rejected because it referenced an entity that is temporarily unmodifiable, such as a user name that was deleted and then recreated. The error indicates that the request is likely to succeed if you try again after waiting several minutes. The error message describes the entity.

The request was rejected because the SSH public key is already associated with the specified IAM user.

The request was rejected because the public key certificate and the private key do not match.

The request failed because a provided policy could not be successfully evaluated. An additional detail message indicates the source of the failure.

The request was rejected because the provided password did not meet the requirements imposed by the account password policy.

The request was rejected because it attempted to create resources beyond the current AWS account limits. The error message describes the limit exceeded.

Contains information about an AWS access key.

This data type is used as a response element in the CreateAccessKey and ListAccessKeys actions.

The SecretAccessKey value is returned only in response to CreateAccessKey. You can get a secret access key only when you first create an access key; you cannot recover the secret access key later. If you lose a secret access key, you must create a new access key.

See: accessKey smart constructor.

Creates a value of AccessKey with the minimum fields required to make a request.

Use one of the following lenses to modify other fields as desired:

• akCreateDate
• akUserName
• akAccessKeyId
• akStatus
• akSecretAccessKey

The date when the access key was created.

The name of the IAM user that the access key is associated with.

The ID for this access key.

The status of the access key. Active means the key is valid for API calls, while Inactive means it is not.

The secret key used to sign requests.

Contains information about the last time an AWS access key was used.

This data type is used as a response element in the GetAccessKeyLastUsed action.

See: accessKeyLastUsed smart constructor.

Creates a value of AccessKeyLastUsed with the minimum fields required to make a request.

Use one of the following lenses to modify other fields as desired:

• akluLastUsedDate
• akluServiceName
• akluRegion

The date and time, in ISO 8601 date-time format, when the access key was most recently used. This field is null when:

• The user does not have an access key.
• An access key exists but has never been used, at least not since IAM started tracking this information on April 22nd, 2015.
• There is no sign-in data associated with the user

The name of the AWS service with which this access key was most recently used. This field is null when:

• The user does not have an access key.
• An access key exists but has never been used, at least not since IAM started tracking this information on April 22nd, 2015.
• There is no sign-in data associated with the user

The AWS region where this access key was most recently used. This field is null when:

• The user does not have an access key.
• An access key exists but has never been used, at least not since IAM started tracking this information on April 22nd, 2015.
• There is no sign-in data associated with the user

For more information about AWS regions, see Regions and Endpoints in the Amazon Web Services General Reference.

Contains information about an AWS access key, without its secret key.

This data type is used as a response element in the ListAccessKeys action.

See: accessKeyMetadata smart constructor.

Creates a value of AccessKeyMetadata with the minimum fields required to make a request.

Use one of the following lenses to modify other fields as desired:

• akmStatus
• akmCreateDate
• akmUserName
• akmAccessKeyId

The status of the access key. Active means the key is valid for API calls; Inactive means it is not.

The date when the access key was created.

The name of the IAM user that the key is associated with.

The ID for this access key.

Contains information about an attached policy.

An attached policy is a managed policy that has been attached to a user, group, or role. This data type is used as a response element in the ListAttachedGroupPolicies, ListAttachedRolePolicies, ListAttachedUserPolicies, and GetAccountAuthorizationDetails actions.

For more information about managed policies, refer to Managed Policies and Inline Policies in the Using IAM guide.

See: attachedPolicy smart constructor.

Creates a value of AttachedPolicy with the minimum fields required to make a request.

Use one of the following lenses to modify other fields as desired:

• apPolicyName
• apPolicyARN

The friendly name of the attached policy.

Undocumented member.

Contains information about a condition context key. It includes the name of the key and specifies the value (or values, if the context key supports multiple values) to use in the simulation. This information is used when evaluating the Condition elements of the input policies.

This data type is used as an input parameter to SimulatePolicy.

See: contextEntry smart constructor.

Creates a value of ContextEntry with the minimum fields required to make a request.

Use one of the following lenses to modify other fields as desired:

• ceContextKeyValues
• ceContextKeyName
• ceContextKeyType

The value (or values, if the condition context key supports multiple values) to provide to the simulation for use when the key is referenced by a Condition element in an input policy.

The full name of a condition context key, including the service prefix. For example, 'aws:SourceIp' or 's3:VersionId'.

The data type of the value (or values) specified in the ContextKeyValues parameter.

Contains the results of a simulation.

This data type is used by the return parameter of SimulatePolicy.

See: evaluationResult smart constructor.

Creates a value of EvaluationResult with the minimum fields required to make a request.

Use one of the following lenses to modify other fields as desired:

• erMatchedStatements
• erEvalDecisionDetails
• erMissingContextValues
• erEvalActionName
• erEvalResourceName
• erEvalDecision

A list of the statements in the input policies that determine the result for this scenario. Remember that even if multiple statements allow the action on the resource, if only one statement denies that action, then the explicit deny overrides any allow, and the deny statement is the only entry included in the result.

Additional details about the results of the evaluation decision. When there are both IAM policies and resource policies, this parameter explains how each set of policies contributes to the final evaluation decision. When simulating cross-account access to a resource, both the resource-based policy and the caller's IAM policy must grant access. See How IAM Roles Differ from Resource-based Policies

A list of context keys that are required by the included input policies but that were not provided by one of the input parameters. To discover the context keys used by a set of policies, you can call GetContextKeysForCustomPolicy or GetContextKeysForPrincipalPolicy.

If the response includes any keys in this list, then the reported results might be untrustworthy because the simulation could not completely evaluate all of the conditions specified in the policies that would occur in a real world request.

The name of the API action tested on the indicated resource.

The ARN of the resource that the indicated API action was tested on.

The result of the simulation.

Contains the response to a successful GetContextKeysForPrincipalPolicy or GetContextKeysForCustomPolicy request.

See: getContextKeysForPolicyResponse smart constructor.

Creates a value of GetContextKeysForPolicyResponse with the minimum fields required to make a request.

Use one of the following lenses to modify other fields as desired:

• gckfpContextKeyNames

The list of context keys that are used in the Condition elements of the input policies.

Contains information about an IAM group entity.

This data type is used as a response element in the following actions:

• CreateGroup
• GetGroup
• ListGroups

See: group' smart constructor.

Creates a value of Group with the minimum fields required to make a request.

Use one of the following lenses to modify other fields as desired:

• gPath
• gGroupName
• gGroupId
• gARN
• gCreateDate

The path to the group. For more information about paths, see IAM Identifiers in the Using IAM guide.

The friendly name that identifies the group.

The stable and unique string identifying the group. For more information about IDs, see IAM Identifiers in the Using IAM guide.

The Amazon Resource Name (ARN) specifying the group. For more information about ARNs and how to use them in policies, see IAM Identifiers in the Using IAM guide.

The date and time, in ISO 8601 date-time format, when the group was created.

Contains information about an IAM group, including all of the group's policies.

This data type is used as a response element in the GetAccountAuthorizationDetails action.

See: groupDetail smart constructor.

Creates a value of GroupDetail with the minimum fields required to make a request.

Use one of the following lenses to modify other fields as desired:

• gdARN
• gdPath
• gdCreateDate
• gdGroupId
• gdGroupPolicyList
• gdGroupName
• gdAttachedManagedPolicies

Undocumented member.

The path to the group. For more information about paths, see IAM Identifiers in the Using IAM guide.

The date and time, in ISO 8601 date-time format, when the group was created.

The stable and unique string identifying the group. For more information about IDs, see IAM Identifiers in the Using IAM guide.

A list of the inline policies embedded in the group.

The friendly name that identifies the group.

A list of the managed policies attached to the group.

Contains information about an instance profile.

This data type is used as a response element in the following actions:

• CreateInstanceProfile
• GetInstanceProfile
• ListInstanceProfiles
• ListInstanceProfilesForRole

See: instanceProfile smart constructor.

Creates a value of InstanceProfile with the minimum fields required to make a request.

Use one of the following lenses to modify other fields as desired:

• ipPath
• ipInstanceProfileName
• ipInstanceProfileId
• ipARN
• ipCreateDate
• ipRoles

The path to the instance profile. For more information about paths, see IAM Identifiers in the Using IAM guide.

The name identifying the instance profile.

The stable and unique string identifying the instance profile. For more information about IDs, see IAM Identifiers in the Using IAM guide.

The Amazon Resource Name (ARN) specifying the instance profile. For more information about ARNs and how to use them in policies, see IAM Identifiers in the Using IAM guide.

The date when the instance profile was created.

The role associated with the instance profile.

Contains the user name and password create date for a user.

This data type is used as a response element in the CreateLoginProfile and GetLoginProfile actions.

See: loginProfile smart constructor.

Creates a value of LoginProfile with the minimum fields required to make a request.

Use one of the following lenses to modify other fields as desired:

• lpPasswordResetRequired
• lpUserName
• lpCreateDate

Specifies whether the user is required to set a new password on next sign-in.

The name of the user, which can be used for signing in to the AWS Management Console.

The date when the password for the user was created.

Contains information about an MFA device.

This data type is used as a response element in the ListMFADevices action.

See: mfaDevice smart constructor.

Creates a value of MFADevice with the minimum fields required to make a request.

Use one of the following lenses to modify other fields as desired:

• mdUserName
• mdSerialNumber
• mdEnableDate

The user with whom the MFA device is associated.

The serial number that uniquely identifies the MFA device. For virtual MFA devices, the serial number is the device ARN.

The date when the MFA device was enabled for the user.

Contains information about a managed policy, including the policy's ARN, versions, and the number of principal entities (users, groups, and roles) that the policy is attached to.

This data type is used as a response element in the GetAccountAuthorizationDetails action.

For more information about managed policies, see Managed Policies and Inline Policies in the Using IAM guide.

See: managedPolicyDetail smart constructor.

Creates a value of ManagedPolicyDetail with the minimum fields required to make a request.

Use one of the following lenses to modify other fields as desired:

• mpdPolicyName
• mpdARN
• mpdUpdateDate
• mpdPolicyId
• mpdPath
• mpdPolicyVersionList
• mpdCreateDate
• mpdIsAttachable
• mpdDefaultVersionId
• mpdAttachmentCount
• mpdDescription

The friendly name (not ARN) identifying the policy.

Undocumented member.

The date and time, in ISO 8601 date-time format, when the policy was last updated.

When a policy has only one version, this field contains the date and time when the policy was created. When a policy has more than one version, this field contains the date and time when the most recent policy version was created.

The stable and unique string identifying the policy.

For more information about IDs, see IAM Identifiers in the Using IAM guide.

The path to the policy.

For more information about paths, see IAM Identifiers in the Using IAM guide.

A list containing information about the versions of the policy.

The date and time, in ISO 8601 date-time format, when the policy was created.

Specifies whether the policy can be attached to an IAM user, group, or role.

The identifier for the version of the policy that is set as the default (operative) version.

For more information about policy versions, see Versioning for Managed Policies in the Using IAM guide.

The number of principal entities (users, groups, and roles) that the policy is attached to.

A friendly description of the policy.

Contains the Amazon Resource Name (ARN) for an IAM OpenID Connect provider.

See: openIdConnectProviderListEntry smart constructor.

Creates a value of OpenIdConnectProviderListEntry with the minimum fields required to make a request.

Use one of the following lenses to modify other fields as desired:

• oicpleARN

Undocumented member.

Contains information about the account password policy.

This data type is used as a response element in the GetAccountPasswordPolicy action.

See: passwordPolicy smart constructor.

Creates a value of PasswordPolicy with the minimum fields required to make a request.

Use one of the following lenses to modify other fields as desired:

• ppExpirePasswords
• ppMinimumPasswordLength
• ppRequireNumbers
• ppPasswordReusePrevention
• ppRequireLowercaseCharacters
• ppMaxPasswordAge
• ppHardExpiry
• ppRequireSymbols
• ppRequireUppercaseCharacters
• ppAllowUsersToChangePassword

Specifies whether IAM users are required to change their password after a specified number of days.

Minimum length to require for IAM user passwords.

Specifies whether to require numbers for IAM user passwords.

Specifies the number of previous passwords that IAM users are prevented from reusing.

Specifies whether to require lowercase characters for IAM user passwords.

The number of days that an IAM user password is valid.

Specifies whether IAM users are prevented from setting a new password after their password has expired.

Specifies whether to require symbols for IAM user passwords.

Specifies whether to require uppercase characters for IAM user passwords.

Specifies whether IAM users are allowed to change their own password.

Contains information about a managed policy.

This data type is used as a response element in the CreatePolicy, GetPolicy, and ListPolicies actions.

For more information about managed policies, refer to Managed Policies and Inline Policies in the Using IAM guide.

See: policy smart constructor.

Creates a value of Policy with the minimum fields required to make a request.

Use one of the following lenses to modify other fields as desired:

• pPolicyName
• pARN
• pUpdateDate
• pPolicyId
• pPath
• pCreateDate
• pIsAttachable
• pDefaultVersionId
• pAttachmentCount
• pDescription

The friendly name (not ARN) identifying the policy.

Undocumented member.

The date and time, in ISO 8601 date-time format, when the policy was last updated.

When a policy has only one version, this field contains the date and time when the policy was created. When a policy has more than one version, this field contains the date and time when the most recent policy version was created.

The stable and unique string identifying the policy.

For more information about IDs, see IAM Identifiers in the Using IAM guide.

The path to the policy.

For more information about paths, see IAM Identifiers in the Using IAM guide.

The date and time, in ISO 8601 date-time format, when the policy was created.

Specifies whether the policy can be attached to an IAM user, group, or role.

The identifier for the version of the policy that is set as the default version.

The number of entities (users, groups, and roles) that the policy is attached to.

A friendly description of the policy.

This element is included in the response to the GetPolicy operation. It is not included in the response to the ListPolicies operation.

Contains information about an IAM policy, including the policy document.

This data type is used as a response element in the GetAccountAuthorizationDetails action.

See: policyDetail smart constructor.

Creates a value of PolicyDetail with the minimum fields required to make a request.

Use one of the following lenses to modify other fields as desired:

• pdPolicyDocument
• pdPolicyName

The policy document.

The name of the policy.

Contains information about a group that a managed policy is attached to.

This data type is used as a response element in the ListEntitiesForPolicy action.

For more information about managed policies, refer to Managed Policies and Inline Policies in the Using IAM guide.

See: policyGroup smart constructor.

Creates a value of PolicyGroup with the minimum fields required to make a request.

Use one of the following lenses to modify other fields as desired:

• pgGroupName

The name (friendly name, not ARN) identifying the group.

Contains information about a role that a managed policy is attached to.

This data type is used as a response element in the ListEntitiesForPolicy action.

For more information about managed policies, refer to Managed Policies and Inline Policies in the Using IAM guide.

See: policyRole smart constructor.

Creates a value of PolicyRole with the minimum fields required to make a request.

Use one of the following lenses to modify other fields as desired:

• prRoleName

The name (friendly name, not ARN) identifying the role.

Contains information about a user that a managed policy is attached to.

This data type is used as a response element in the ListEntitiesForPolicy action.

For more information about managed policies, refer to Managed Policies and Inline Policies in the Using IAM guide.

See: policyUser smart constructor.

Creates a value of PolicyUser with the minimum fields required to make a request.

Use one of the following lenses to modify other fields as desired:

• puUserName

The name (friendly name, not ARN) identifying the user.

Contains information about a version of a managed policy.

This data type is used as a response element in the CreatePolicyVersion, GetPolicyVersion, ListPolicyVersions, and GetAccountAuthorizationDetails actions.

For more information about managed policies, refer to Managed Policies and Inline Policies in the Using IAM guide.

See: policyVersion smart constructor.

Creates a value of PolicyVersion with the minimum fields required to make a request.

Use one of the following lenses to modify other fields as desired:

• pvVersionId
• pvCreateDate
• pvDocument
• pvIsDefaultVersion

The identifier for the policy version.

Policy version identifiers always begin with v (always lowercase). When a policy is created, the first policy version is v1.

The date and time, in ISO 8601 date-time format, when the policy version was created.

The policy document.

The policy document is returned in the response to the GetPolicyVersion and GetAccountAuthorizationDetails operations. It is not returned in the response to the CreatePolicyVersion or ListPolicyVersions operations.

Specifies whether the policy version is set as the policy's default version.

Contains the row and column of a location of a Statement element in a policy document.

This data type is used as a member of the Statement type.

See: position smart constructor.

Creates a value of Position with the minimum fields required to make a request.

Use one of the following lenses to modify other fields as desired:

• pLine
• pColumn

The line containing the specified position in the document.

The column in the line containing the specified position in the document.

Contains information about an IAM role.

This data type is used as a response element in the following actions:

• CreateRole
• GetRole
• ListRoles

See: role smart constructor.

Creates a value of Role with the minimum fields required to make a request.

Use one of the following lenses to modify other fields as desired:

• rAssumeRolePolicyDocument
• rPath
• rRoleName
• rRoleId
• rARN
• rCreateDate

The policy that grants an entity permission to assume the role.

The path to the role. For more information about paths, see IAM Identifiers in the Using IAM guide.

The friendly name that identifies the role.

The stable and unique string identifying the role. For more information about IDs, see IAM Identifiers in the Using IAM guide.

The Amazon Resource Name (ARN) specifying the role. For more information about ARNs and how to use them in policies, see IAM Identifiers in the Using IAM guide.

The date and time, in ISO 8601 date-time format, when the role was created.

Contains information about an IAM role, including all of the role's policies.

This data type is used as a response element in the GetAccountAuthorizationDetails action.

See: roleDetail smart constructor.

Creates a value of RoleDetail with the minimum fields required to make a request.

Use one of the following lenses to modify other fields as desired:

• rdAssumeRolePolicyDocument
• rdARN
• rdPath
• rdInstanceProfileList
• rdCreateDate
• rdRoleName
• rdRoleId
• rdRolePolicyList
• rdAttachedManagedPolicies

The trust policy that grants permission to assume the role.

Undocumented member.

The path to the role. For more information about paths, see IAM Identifiers in the Using IAM guide.

Undocumented member.

The date and time, in ISO 8601 date-time format, when the role was created.

The friendly name that identifies the role.

The stable and unique string identifying the role. For more information about IDs, see IAM Identifiers in the Using IAM guide.

A list of inline policies embedded in the role. These policies are the role's access (permissions) policies.

A list of managed policies attached to the role. These policies are the role's access (permissions) policies.

Contains the list of SAML providers for this account.

See: sAMLProviderListEntry smart constructor.

Creates a value of SAMLProviderListEntry with the minimum fields required to make a request.

Use one of the following lenses to modify other fields as desired:

• samlpleARN
• samlpleCreateDate
• samlpleValidUntil

The Amazon Resource Name (ARN) of the SAML provider.

The date and time when the SAML provider was created.

The expiration date and time for the SAML provider.

Contains information about an SSH public key.

This data type is used as a response element in the GetSSHPublicKey and UploadSSHPublicKey actions.

See: sshPublicKey smart constructor.

Creates a value of SSHPublicKey with the minimum fields required to make a request.

Use one of the following lenses to modify other fields as desired:

• spkUploadDate
• spkUserName
• spkSSHPublicKeyId
• spkFingerprint
• spkSSHPublicKeyBody
• spkStatus

The date and time, in ISO 8601 date-time format, when the SSH public key was uploaded.

The name of the IAM user associated with the SSH public key.

The unique identifier for the SSH public key.

The MD5 message digest of the SSH public key.

The SSH public key.

The status of the SSH public key. Active means the key can be used for authentication with an AWS CodeCommit repository. Inactive means the key cannot be used.

Contains information about an SSH public key, without the key's body or fingerprint.

This data type is used as a response element in the ListSSHPublicKeys action.

See: sshPublicKeyMetadata smart constructor.

Creates a value of SSHPublicKeyMetadata with the minimum fields required to make a request.

Use one of the following lenses to modify other fields as desired:

• spkmUserName
• spkmSSHPublicKeyId
• spkmStatus
• spkmUploadDate

The name of the IAM user associated with the SSH public key.

The unique identifier for the SSH public key.

The status of the SSH public key. Active means the key can be used for authentication with an AWS CodeCommit repository. Inactive means the key cannot be used.

The date and time, in ISO 8601 date-time format, when the SSH public key was uploaded.

Contains information about a server certificate.

This data type is used as a response element in the GetServerCertificate action.

See: serverCertificate smart constructor.

Creates a value of ServerCertificate with the minimum fields required to make a request.

Use one of the following lenses to modify other fields as desired:

• sCertificateChain
• sServerCertificateMetadata
• sCertificateBody

The contents of the public key certificate chain.

The meta information of the server certificate, such as its name, path, ID, and ARN.

The contents of the public key certificate.

Contains information about a server certificate without its certificate body, certificate chain, and private key.

This data type is used as a response element in the UploadServerCertificate and ListServerCertificates actions.

See: serverCertificateMetadata smart constructor.

Creates a value of ServerCertificateMetadata with the minimum fields required to make a request.

Use one of the following lenses to modify other fields as desired:

• scmUploadDate
• scmExpiration
• scmPath
• scmServerCertificateName
• scmServerCertificateId
• scmARN

The date when the server certificate was uploaded.

The date on which the certificate is set to expire.

The path to the server certificate. For more information about paths, see IAM Identifiers in the Using IAM guide.

The name that identifies the server certificate.

The stable and unique string identifying the server certificate. For more information about IDs, see IAM Identifiers in the Using IAM guide.

The Amazon Resource Name (ARN) specifying the server certificate. For more information about ARNs and how to use them in policies, see IAM Identifiers in the Using IAM guide.

Contains information about an X.509 signing certificate.

This data type is used as a response element in the UploadSigningCertificate and ListSigningCertificates actions.

See: signingCertificate smart constructor.

Creates a value of SigningCertificate with the minimum fields required to make a request.

Use one of the following lenses to modify other fields as desired:

• scUploadDate
• scUserName
• scCertificateId
• scCertificateBody
• scStatus