Copyright | (c) 2013-2016 Brendan Hay |
---|---|
License | Mozilla Public License, v. 2.0. |
Maintainer | Brendan Hay <brendan.g.hay@gmail.com> |
Stability | auto-generated |
Portability | non-portable (GHC extensions) |
Safe Haskell | None |
Language | Haskell2010 |
- Service Configuration
- Errors
- CredentialReportNotPresentException
- CredentialReportNotReadyException
- MalformedPolicyDocumentException
- EntityAlreadyExistsException
- MalformedCertificateException
- CredentialReportExpiredException
- DuplicateCertificateException
- DeleteConflictException
- NoSuchEntityException
- InvalidCertificateException
- UnrecognizedPublicKeyEncodingException
- InvalidUserTypeException
- ServiceFailureException
- InvalidInputException
- InvalidPublicKeyException
- InvalidAuthenticationCodeException
- EntityTemporarilyUnmodifiableException
- DuplicateSSHPublicKeyException
- KeyPairMismatchException
- PolicyEvaluationException
- PasswordPolicyViolationException
- LimitExceededException
- Waiters
- Operations
- GetContextKeysForPrincipalPolicy
- ListPolicies (Paginated)
- CreatePolicy
- ListInstanceProfilesForRole (Paginated)
- AttachGroupPolicy
- CreateAccessKey
- ListSSHPublicKeys
- ListOpenIdConnectProviders
- CreateVirtualMFADevice
- DeleteAccountPasswordPolicy
- UpdateAccountPasswordPolicy
- AttachRolePolicy
- UpdateSSHPublicKey
- DeleteSSHPublicKey
- GetUserPolicy
- ListAttachedRolePolicies (Paginated)
- GetRole
- DeactivateMFADevice
- CreateOpenIdConnectProvider
- DeleteVirtualMFADevice
- ListRoles (Paginated)
- ListUserPolicies (Paginated)
- UploadSSHPublicKey
- SimulateCustomPolicy
- DeleteRole
- ListUsers (Paginated)
- UpdateOpenIdConnectProviderThumbprint
- PutUserPolicy
- GetSSHPublicKey
- DetachGroupPolicy
- GetOpenIdConnectProvider
- DeleteUserPolicy
- CreateRole
- GetCredentialReport
- GetAccountSummary
- ListGroupPolicies (Paginated)
- DeletePolicyVersion
- DeleteInstanceProfile
- DetachRolePolicy
- RemoveRoleFromInstanceProfile
- CreatePolicyVersion
- CreateInstanceProfile
- CreateSAMLProvider
- GetAccountAuthorizationDetails
- DeleteAccountAlias
- DetachUserPolicy
- RemoveUserFromGroup
- DeleteGroupPolicy
- PutGroupPolicy
- GetLoginProfile
- GetGroupPolicy
- ChangePassword
- ListServerCertificates (Paginated)
- DeletePolicy
- UpdateAssumeRolePolicy
- GetInstanceProfile
- CreateLoginProfile
- GetSAMLProvider
- AddRoleToInstanceProfile
- ListGroupsForUser (Paginated)
- ListEntitiesForPolicy (Paginated)
- AddUserToGroup
- SimulatePrincipalPolicy
- GetPolicyVersion
- DeleteOpenIdConnectProvider
- GetUser
- ListSigningCertificates (Paginated)
- DeleteSigningCertificate
- UpdateSigningCertificate
- ListAttachedUserPolicies (Paginated)
- RemoveClientIdFromOpenIdConnectProvider
- AttachUserPolicy
- ListVirtualMFADevices (Paginated)
- ResyncMFADevice
- DeleteAccessKey
- UpdateAccessKey
- ListAccessKeys (Paginated)
- GetRolePolicy
- CreateUser
- PutRolePolicy
- GetContextKeysForCustomPolicy
- UploadSigningCertificate
- DeleteRolePolicy
- GetAccountPasswordPolicy
- GetAccessKeyLastUsed
- UpdateUser
- DeleteUser
- AddClientIdToOpenIdConnectProvider
- ListRolePolicies (Paginated)
- CreateAccountAlias
- ListInstanceProfiles (Paginated)
- EnableMFADevice
- ListAccountAliases (Paginated)
- DeleteSAMLProvider
- UpdateSAMLProvider
- CreateGroup
- ListMFADevices (Paginated)
- UploadServerCertificate
- SetDefaultPolicyVersion
- ListPolicyVersions (Paginated)
- ListSAMLProviders
- GetServerCertificate
- DeleteGroup
- UpdateGroup
- ListGroups (Paginated)
- GenerateCredentialReport
- GetPolicy
- UpdateLoginProfile
- DeleteLoginProfile
- GetGroup (Paginated)
- DeleteServerCertificate
- UpdateServerCertificate
- ListAttachedGroupPolicies (Paginated)
- Types
- AssignmentStatusType
- ContextKeyTypeEnum
- EncodingType
- EntityType
- PolicyEvaluationDecisionType
- PolicyScopeType
- PolicySourceType
- ReportFormatType
- ReportStateType
- StatusType
- SummaryKeyType
- AccessKey
- AccessKeyLastUsed
- AccessKeyMetadata
- AttachedPolicy
- ContextEntry
- EvaluationResult
- GetContextKeysForPolicyResponse
- Group
- GroupDetail
- InstanceProfile
- LoginProfile
- MFADevice
- ManagedPolicyDetail
- OpenIdConnectProviderListEntry
- PasswordPolicy
- Policy
- PolicyDetail
- PolicyGroup
- PolicyRole
- PolicyUser
- PolicyVersion
- Position
- ResourceSpecificResult
- Role
- RoleDetail
- SAMLProviderListEntry
- SSHPublicKey
- SSHPublicKeyMetadata
- ServerCertificate
- ServerCertificateMetadata
- SigningCertificate
- SimulatePolicyResponse
- Statement
- User
- UserDetail
- VirtualMFADevice
AWS Identity and Access Management
AWS Identity and Access Management (IAM) is a web service that you can use to manage users and user permissions under your AWS account. This guide provides descriptions of IAM actions that you can call programmatically. For general information about IAM, see AWS Identity and Access Management (IAM). For the user guide for IAM, see Using IAM.
AWS provides SDKs that consist of libraries and sample code for various programming languages and platforms (Java, Ruby, .NET, iOS, Android, etc.). The SDKs provide a convenient way to create programmatic access to IAM and AWS. For example, the SDKs take care of tasks such as cryptographically signing requests (see below), managing errors, and retrying requests automatically. For information about the AWS SDKs, including how to download and install them, see the Tools for Amazon Web Services page.
We recommend that you use the AWS SDKs to make programmatic API calls to IAM. However, you can also use the IAM Query API to make direct calls to the IAM web service. To learn more about the IAM Query API, see Making Query Requests in the Using IAM guide. IAM supports GET and POST requests for all actions. That is, the API does not require you to use GET for some actions and POST for others. However, GET requests are subject to the limitation size of a URL. Therefore, for operations that require larger sizes, use a POST request.
Signing Requests
Requests must be signed using an access key ID and a secret access key. We strongly recommend that you do not use your AWS account access key ID and secret access key for everyday work with IAM. You can use the access key ID and secret access key for an IAM user or you can use the AWS Security Token Service to generate temporary security credentials and use those to sign requests.
To sign requests, we recommend that you use Signature Version 4. If you have an existing application that uses Signature Version 2, you do not have to update it to use Signature Version 4. However, some operations now require Signature Version 4. The documentation for operations that require version 4 indicate this requirement.
Additional Resources
For more information, see the following:
- AWS Security Credentials. This topic provides general information about the types of credentials used for accessing AWS.
- IAM Best Practices. This topic presents a list of suggestions for using the IAM service to help secure your AWS resources.
- Signing AWS API Requests. This set of topics walk you through the process of signing a request using an access key ID and secret access key.
- iam :: Service
- _CredentialReportNotPresentException :: AsError a => Getting (First ServiceError) a ServiceError
- _CredentialReportNotReadyException :: AsError a => Getting (First ServiceError) a ServiceError
- _MalformedPolicyDocumentException :: AsError a => Getting (First ServiceError) a ServiceError
- _EntityAlreadyExistsException :: AsError a => Getting (First ServiceError) a ServiceError
- _MalformedCertificateException :: AsError a => Getting (First ServiceError) a ServiceError
- _CredentialReportExpiredException :: AsError a => Getting (First ServiceError) a ServiceError
- _DuplicateCertificateException :: AsError a => Getting (First ServiceError) a ServiceError
- _DeleteConflictException :: AsError a => Getting (First ServiceError) a ServiceError
- _NoSuchEntityException :: AsError a => Getting (First ServiceError) a ServiceError
- _InvalidCertificateException :: AsError a => Getting (First ServiceError) a ServiceError
- _UnrecognizedPublicKeyEncodingException :: AsError a => Getting (First ServiceError) a ServiceError
- _InvalidUserTypeException :: AsError a => Getting (First ServiceError) a ServiceError
- _ServiceFailureException :: AsError a => Getting (First ServiceError) a ServiceError
- _InvalidInputException :: AsError a => Getting (First ServiceError) a ServiceError
- _InvalidPublicKeyException :: AsError a => Getting (First ServiceError) a ServiceError
- _InvalidAuthenticationCodeException :: AsError a => Getting (First ServiceError) a ServiceError
- _EntityTemporarilyUnmodifiableException :: AsError a => Getting (First ServiceError) a ServiceError
- _DuplicateSSHPublicKeyException :: AsError a => Getting (First ServiceError) a ServiceError
- _KeyPairMismatchException :: AsError a => Getting (First ServiceError) a ServiceError
- _PolicyEvaluationException :: AsError a => Getting (First ServiceError) a ServiceError
- _PasswordPolicyViolationException :: AsError a => Getting (First ServiceError) a ServiceError
- _LimitExceededException :: AsError a => Getting (First ServiceError) a ServiceError
- instanceProfileExists :: Wait GetInstanceProfile
- userExists :: Wait GetUser
- module Network.AWS.IAM.GetContextKeysForPrincipalPolicy
- module Network.AWS.IAM.ListPolicies
- module Network.AWS.IAM.CreatePolicy
- module Network.AWS.IAM.ListInstanceProfilesForRole
- module Network.AWS.IAM.AttachGroupPolicy
- module Network.AWS.IAM.CreateAccessKey
- module Network.AWS.IAM.ListSSHPublicKeys
- module Network.AWS.IAM.ListOpenIdConnectProviders
- module Network.AWS.IAM.CreateVirtualMFADevice
- module Network.AWS.IAM.DeleteAccountPasswordPolicy
- module Network.AWS.IAM.UpdateAccountPasswordPolicy
- module Network.AWS.IAM.AttachRolePolicy
- module Network.AWS.IAM.UpdateSSHPublicKey
- module Network.AWS.IAM.DeleteSSHPublicKey
- module Network.AWS.IAM.GetUserPolicy
- module Network.AWS.IAM.ListAttachedRolePolicies
- module Network.AWS.IAM.GetRole
- module Network.AWS.IAM.DeactivateMFADevice
- module Network.AWS.IAM.CreateOpenIdConnectProvider
- module Network.AWS.IAM.DeleteVirtualMFADevice
- module Network.AWS.IAM.ListRoles
- module Network.AWS.IAM.ListUserPolicies
- module Network.AWS.IAM.UploadSSHPublicKey
- module Network.AWS.IAM.SimulateCustomPolicy
- module Network.AWS.IAM.DeleteRole
- module Network.AWS.IAM.ListUsers
- module Network.AWS.IAM.UpdateOpenIdConnectProviderThumbprint
- module Network.AWS.IAM.PutUserPolicy
- module Network.AWS.IAM.GetSSHPublicKey
- module Network.AWS.IAM.DetachGroupPolicy
- module Network.AWS.IAM.GetOpenIdConnectProvider
- module Network.AWS.IAM.DeleteUserPolicy
- module Network.AWS.IAM.CreateRole
- module Network.AWS.IAM.GetCredentialReport
- module Network.AWS.IAM.GetAccountSummary
- module Network.AWS.IAM.ListGroupPolicies
- module Network.AWS.IAM.DeletePolicyVersion
- module Network.AWS.IAM.DeleteInstanceProfile
- module Network.AWS.IAM.DetachRolePolicy
- module Network.AWS.IAM.RemoveRoleFromInstanceProfile
- module Network.AWS.IAM.CreatePolicyVersion
- module Network.AWS.IAM.CreateInstanceProfile
- module Network.AWS.IAM.CreateSAMLProvider
- module Network.AWS.IAM.GetAccountAuthorizationDetails
- module Network.AWS.IAM.DeleteAccountAlias
- module Network.AWS.IAM.DetachUserPolicy
- module Network.AWS.IAM.RemoveUserFromGroup
- module Network.AWS.IAM.DeleteGroupPolicy
- module Network.AWS.IAM.PutGroupPolicy
- module Network.AWS.IAM.GetLoginProfile
- module Network.AWS.IAM.GetGroupPolicy
- module Network.AWS.IAM.ChangePassword
- module Network.AWS.IAM.ListServerCertificates
- module Network.AWS.IAM.DeletePolicy
- module Network.AWS.IAM.UpdateAssumeRolePolicy
- module Network.AWS.IAM.GetInstanceProfile
- module Network.AWS.IAM.CreateLoginProfile
- module Network.AWS.IAM.GetSAMLProvider
- module Network.AWS.IAM.AddRoleToInstanceProfile
- module Network.AWS.IAM.ListGroupsForUser
- module Network.AWS.IAM.ListEntitiesForPolicy
- module Network.AWS.IAM.AddUserToGroup
- module Network.AWS.IAM.SimulatePrincipalPolicy
- module Network.AWS.IAM.GetPolicyVersion
- module Network.AWS.IAM.DeleteOpenIdConnectProvider
- module Network.AWS.IAM.GetUser
- module Network.AWS.IAM.ListSigningCertificates
- module Network.AWS.IAM.DeleteSigningCertificate
- module Network.AWS.IAM.UpdateSigningCertificate
- module Network.AWS.IAM.ListAttachedUserPolicies
- module Network.AWS.IAM.RemoveClientIdFromOpenIdConnectProvider
- module Network.AWS.IAM.AttachUserPolicy
- module Network.AWS.IAM.ListVirtualMFADevices
- module Network.AWS.IAM.ResyncMFADevice
- module Network.AWS.IAM.DeleteAccessKey
- module Network.AWS.IAM.UpdateAccessKey
- module Network.AWS.IAM.ListAccessKeys
- module Network.AWS.IAM.GetRolePolicy
- module Network.AWS.IAM.CreateUser
- module Network.AWS.IAM.PutRolePolicy
- module Network.AWS.IAM.GetContextKeysForCustomPolicy
- module Network.AWS.IAM.UploadSigningCertificate
- module Network.AWS.IAM.DeleteRolePolicy
- module Network.AWS.IAM.GetAccountPasswordPolicy
- module Network.AWS.IAM.GetAccessKeyLastUsed
- module Network.AWS.IAM.UpdateUser
- module Network.AWS.IAM.DeleteUser
- module Network.AWS.IAM.AddClientIdToOpenIdConnectProvider
- module Network.AWS.IAM.ListRolePolicies
- module Network.AWS.IAM.CreateAccountAlias
- module Network.AWS.IAM.ListInstanceProfiles
- module Network.AWS.IAM.EnableMFADevice
- module Network.AWS.IAM.ListAccountAliases
- module Network.AWS.IAM.DeleteSAMLProvider
- module Network.AWS.IAM.UpdateSAMLProvider
- module Network.AWS.IAM.CreateGroup
- module Network.AWS.IAM.ListMFADevices
- module Network.AWS.IAM.UploadServerCertificate
- module Network.AWS.IAM.SetDefaultPolicyVersion
- module Network.AWS.IAM.ListPolicyVersions
- module Network.AWS.IAM.ListSAMLProviders
- module Network.AWS.IAM.GetServerCertificate
- module Network.AWS.IAM.DeleteGroup
- module Network.AWS.IAM.UpdateGroup
- module Network.AWS.IAM.ListGroups
- module Network.AWS.IAM.GenerateCredentialReport
- module Network.AWS.IAM.GetPolicy
- module Network.AWS.IAM.UpdateLoginProfile
- module Network.AWS.IAM.DeleteLoginProfile
- module Network.AWS.IAM.GetGroup
- module Network.AWS.IAM.DeleteServerCertificate
- module Network.AWS.IAM.UpdateServerCertificate
- module Network.AWS.IAM.ListAttachedGroupPolicies
- data AssignmentStatusType
- = Any
- | Assigned
- | Unassigned
- data ContextKeyTypeEnum
- = Binary
- | BinaryList
- | Boolean
- | BooleanList
- | Date
- | DateList
- | IP
- | IPList
- | Numeric
- | NumericList
- | String
- | StringList
- data EncodingType
- data EntityType
- data PolicyEvaluationDecisionType
- data PolicyScopeType
- data PolicySourceType
- = AWSManaged
- | Group
- | None
- | Resource
- | Role
- | User
- | UserManaged
- data ReportFormatType = TextCSV
- data ReportStateType
- data StatusType
- data SummaryKeyType
- = AccessKeysPerUserQuota
- | AccountAccessKeysPresent
- | AccountMFAEnabled
- | AccountSigningCertificatesPresent
- | AttachedPoliciesPerGroupQuota
- | AttachedPoliciesPerRoleQuota
- | AttachedPoliciesPerUserQuota
- | GroupPolicySizeQuota
- | Groups
- | GroupsPerUserQuota
- | GroupsQuota
- | MFADevices
- | MFADevicesInUse
- | Policies
- | PoliciesQuota
- | PolicySizeQuota
- | PolicyVersionsInUse
- | PolicyVersionsInUseQuota
- | ServerCertificates
- | ServerCertificatesQuota
- | SigningCertificatesPerUserQuota
- | UserPolicySizeQuota
- | Users
- | UsersQuota
- | VersionsPerPolicyQuota
- data AccessKey
- accessKey :: Text -> Text -> StatusType -> Text -> AccessKey
- akCreateDate :: Lens' AccessKey (Maybe UTCTime)
- akUserName :: Lens' AccessKey Text
- akAccessKeyId :: Lens' AccessKey Text
- akStatus :: Lens' AccessKey StatusType
- akSecretAccessKey :: Lens' AccessKey Text
- data AccessKeyLastUsed
- accessKeyLastUsed :: UTCTime -> Text -> Text -> AccessKeyLastUsed
- akluLastUsedDate :: Lens' AccessKeyLastUsed UTCTime
- akluServiceName :: Lens' AccessKeyLastUsed Text
- akluRegion :: Lens' AccessKeyLastUsed Text
- data AccessKeyMetadata
- accessKeyMetadata :: AccessKeyMetadata
- akmStatus :: Lens' AccessKeyMetadata (Maybe StatusType)
- akmCreateDate :: Lens' AccessKeyMetadata (Maybe UTCTime)
- akmUserName :: Lens' AccessKeyMetadata (Maybe Text)
- akmAccessKeyId :: Lens' AccessKeyMetadata (Maybe Text)
- data AttachedPolicy
- attachedPolicy :: AttachedPolicy
- apPolicyName :: Lens' AttachedPolicy (Maybe Text)
- apPolicyARN :: Lens' AttachedPolicy (Maybe Text)
- data ContextEntry
- contextEntry :: ContextEntry
- ceContextKeyValues :: Lens' ContextEntry [Text]
- ceContextKeyName :: Lens' ContextEntry (Maybe Text)
- ceContextKeyType :: Lens' ContextEntry (Maybe ContextKeyTypeEnum)
- data EvaluationResult
- evaluationResult :: Text -> PolicyEvaluationDecisionType -> EvaluationResult
- erMatchedStatements :: Lens' EvaluationResult [Statement]
- erEvalDecisionDetails :: Lens' EvaluationResult (HashMap Text PolicyEvaluationDecisionType)
- erResourceSpecificResults :: Lens' EvaluationResult [ResourceSpecificResult]
- erEvalResourceName :: Lens' EvaluationResult (Maybe Text)
- erMissingContextValues :: Lens' EvaluationResult [Text]
- erEvalActionName :: Lens' EvaluationResult Text
- erEvalDecision :: Lens' EvaluationResult PolicyEvaluationDecisionType
- data GetContextKeysForPolicyResponse
- getContextKeysForPolicyResponse :: GetContextKeysForPolicyResponse
- gckfpContextKeyNames :: Lens' GetContextKeysForPolicyResponse [Text]
- data Group
- group' :: Text -> Text -> Text -> Text -> UTCTime -> Group
- gPath :: Lens' Group Text
- gGroupName :: Lens' Group Text
- gGroupId :: Lens' Group Text
- gARN :: Lens' Group Text
- gCreateDate :: Lens' Group UTCTime
- data GroupDetail
- groupDetail :: GroupDetail
- gdARN :: Lens' GroupDetail (Maybe Text)
- gdPath :: Lens' GroupDetail (Maybe Text)
- gdCreateDate :: Lens' GroupDetail (Maybe UTCTime)
- gdGroupId :: Lens' GroupDetail (Maybe Text)
- gdGroupPolicyList :: Lens' GroupDetail [PolicyDetail]
- gdGroupName :: Lens' GroupDetail (Maybe Text)
- gdAttachedManagedPolicies :: Lens' GroupDetail [AttachedPolicy]
- data InstanceProfile
- instanceProfile :: Text -> Text -> Text -> Text -> UTCTime -> InstanceProfile
- ipPath :: Lens' InstanceProfile Text
- ipInstanceProfileName :: Lens' InstanceProfile Text
- ipInstanceProfileId :: Lens' InstanceProfile Text
- ipARN :: Lens' InstanceProfile Text
- ipCreateDate :: Lens' InstanceProfile UTCTime
- ipRoles :: Lens' InstanceProfile [Role]
- data LoginProfile
- loginProfile :: Text -> UTCTime -> LoginProfile
- lpPasswordResetRequired :: Lens' LoginProfile (Maybe Bool)
- lpUserName :: Lens' LoginProfile Text
- lpCreateDate :: Lens' LoginProfile UTCTime
- data MFADevice
- mfaDevice :: Text -> Text -> UTCTime -> MFADevice
- mdUserName :: Lens' MFADevice Text
- mdSerialNumber :: Lens' MFADevice Text
- mdEnableDate :: Lens' MFADevice UTCTime
- data ManagedPolicyDetail
- managedPolicyDetail :: ManagedPolicyDetail
- mpdPolicyName :: Lens' ManagedPolicyDetail (Maybe Text)
- mpdARN :: Lens' ManagedPolicyDetail (Maybe Text)
- mpdUpdateDate :: Lens' ManagedPolicyDetail (Maybe UTCTime)
- mpdPolicyId :: Lens' ManagedPolicyDetail (Maybe Text)
- mpdPath :: Lens' ManagedPolicyDetail (Maybe Text)
- mpdPolicyVersionList :: Lens' ManagedPolicyDetail [PolicyVersion]
- mpdCreateDate :: Lens' ManagedPolicyDetail (Maybe UTCTime)
- mpdIsAttachable :: Lens' ManagedPolicyDetail (Maybe Bool)
- mpdDefaultVersionId :: Lens' ManagedPolicyDetail (Maybe Text)
- mpdAttachmentCount :: Lens' ManagedPolicyDetail (Maybe Int)
- mpdDescription :: Lens' ManagedPolicyDetail (Maybe Text)
- data OpenIdConnectProviderListEntry
- openIdConnectProviderListEntry :: OpenIdConnectProviderListEntry
- oicpleARN :: Lens' OpenIdConnectProviderListEntry (Maybe Text)
- data PasswordPolicy
- passwordPolicy :: PasswordPolicy
- ppExpirePasswords :: Lens' PasswordPolicy (Maybe Bool)
- ppMinimumPasswordLength :: Lens' PasswordPolicy (Maybe Natural)
- ppRequireNumbers :: Lens' PasswordPolicy (Maybe Bool)
- ppPasswordReusePrevention :: Lens' PasswordPolicy (Maybe Natural)
- ppRequireLowercaseCharacters :: Lens' PasswordPolicy (Maybe Bool)
- ppMaxPasswordAge :: Lens' PasswordPolicy (Maybe Natural)
- ppHardExpiry :: Lens' PasswordPolicy (Maybe Bool)
- ppRequireSymbols :: Lens' PasswordPolicy (Maybe Bool)
- ppRequireUppercaseCharacters :: Lens' PasswordPolicy (Maybe Bool)
- ppAllowUsersToChangePassword :: Lens' PasswordPolicy (Maybe Bool)
- data Policy
- policy :: Policy
- pPolicyName :: Lens' Policy (Maybe Text)
- pARN :: Lens' Policy (Maybe Text)
- pUpdateDate :: Lens' Policy (Maybe UTCTime)
- pPolicyId :: Lens' Policy (Maybe Text)
- pPath :: Lens' Policy (Maybe Text)
- pCreateDate :: Lens' Policy (Maybe UTCTime)
- pIsAttachable :: Lens' Policy (Maybe Bool)
- pDefaultVersionId :: Lens' Policy (Maybe Text)
- pAttachmentCount :: Lens' Policy (Maybe Int)
- pDescription :: Lens' Policy (Maybe Text)
- data PolicyDetail
- policyDetail :: PolicyDetail
- pdPolicyDocument :: Lens' PolicyDetail (Maybe Text)
- pdPolicyName :: Lens' PolicyDetail (Maybe Text)
- data PolicyGroup
- policyGroup :: PolicyGroup
- pgGroupId :: Lens' PolicyGroup (Maybe Text)
- pgGroupName :: Lens' PolicyGroup (Maybe Text)
- data PolicyRole
- policyRole :: PolicyRole
- prRoleName :: Lens' PolicyRole (Maybe Text)
- prRoleId :: Lens' PolicyRole (Maybe Text)
- data PolicyUser
- policyUser :: PolicyUser
- puUserName :: Lens' PolicyUser (Maybe Text)
- puUserId :: Lens' PolicyUser (Maybe Text)
- data PolicyVersion
- policyVersion :: PolicyVersion
- pvVersionId :: Lens' PolicyVersion (Maybe Text)
- pvCreateDate :: Lens' PolicyVersion (Maybe UTCTime)
- pvDocument :: Lens' PolicyVersion (Maybe Text)
- pvIsDefaultVersion :: Lens' PolicyVersion (Maybe Bool)
- data Position
- position :: Position
- pLine :: Lens' Position (Maybe Int)
- pColumn :: Lens' Position (Maybe Int)
- data ResourceSpecificResult
- resourceSpecificResult :: Text -> PolicyEvaluationDecisionType -> ResourceSpecificResult
- rsrMatchedStatements :: Lens' ResourceSpecificResult [Statement]
- rsrEvalDecisionDetails :: Lens' ResourceSpecificResult (HashMap Text PolicyEvaluationDecisionType)
- rsrMissingContextValues :: Lens' ResourceSpecificResult [Text]
- rsrEvalResourceName :: Lens' ResourceSpecificResult Text
- rsrEvalResourceDecision :: Lens' ResourceSpecificResult PolicyEvaluationDecisionType
- data Role
- role' :: Text -> Text -> Text -> Text -> UTCTime -> Role
- rAssumeRolePolicyDocument :: Lens' Role (Maybe Text)
- rPath :: Lens' Role Text
- rRoleName :: Lens' Role Text
- rRoleId :: Lens' Role Text
- rARN :: Lens' Role Text
- rCreateDate :: Lens' Role UTCTime
- data RoleDetail
- roleDetail :: RoleDetail
- rdAssumeRolePolicyDocument :: Lens' RoleDetail (Maybe Text)
- rdARN :: Lens' RoleDetail (Maybe Text)
- rdPath :: Lens' RoleDetail (Maybe Text)
- rdInstanceProfileList :: Lens' RoleDetail [InstanceProfile]
- rdCreateDate :: Lens' RoleDetail (Maybe UTCTime)
- rdRoleName :: Lens' RoleDetail (Maybe Text)
- rdRoleId :: Lens' RoleDetail (Maybe Text)
- rdRolePolicyList :: Lens' RoleDetail [PolicyDetail]
- rdAttachedManagedPolicies :: Lens' RoleDetail [AttachedPolicy]
- data SAMLProviderListEntry
- sAMLProviderListEntry :: SAMLProviderListEntry
- samlpleARN :: Lens' SAMLProviderListEntry (Maybe Text)
- samlpleCreateDate :: Lens' SAMLProviderListEntry (Maybe UTCTime)
- samlpleValidUntil :: Lens' SAMLProviderListEntry (Maybe UTCTime)
- data SSHPublicKey
- sshPublicKey :: Text -> Text -> Text -> Text -> StatusType -> SSHPublicKey
- spkUploadDate :: Lens' SSHPublicKey (Maybe UTCTime)
- spkUserName :: Lens' SSHPublicKey Text
- spkSSHPublicKeyId :: Lens' SSHPublicKey Text
- spkFingerprint :: Lens' SSHPublicKey Text
- spkSSHPublicKeyBody :: Lens' SSHPublicKey Text
- spkStatus :: Lens' SSHPublicKey StatusType
- data SSHPublicKeyMetadata
- sshPublicKeyMetadata :: Text -> Text -> StatusType -> UTCTime -> SSHPublicKeyMetadata
- spkmUserName :: Lens' SSHPublicKeyMetadata Text
- spkmSSHPublicKeyId :: Lens' SSHPublicKeyMetadata Text
- spkmStatus :: Lens' SSHPublicKeyMetadata StatusType
- spkmUploadDate :: Lens' SSHPublicKeyMetadata UTCTime
- data ServerCertificate
- serverCertificate :: ServerCertificateMetadata -> Text -> ServerCertificate
- sCertificateChain :: Lens' ServerCertificate (Maybe Text)
- sServerCertificateMetadata :: Lens' ServerCertificate ServerCertificateMetadata
- sCertificateBody :: Lens' ServerCertificate Text
- data ServerCertificateMetadata
- serverCertificateMetadata :: Text -> Text -> Text -> Text -> ServerCertificateMetadata
- scmUploadDate :: Lens' ServerCertificateMetadata (Maybe UTCTime)
- scmExpiration :: Lens' ServerCertificateMetadata (Maybe UTCTime)
- scmPath :: Lens' ServerCertificateMetadata Text
- scmServerCertificateName :: Lens' ServerCertificateMetadata Text
- scmServerCertificateId :: Lens' ServerCertificateMetadata Text
- scmARN :: Lens' ServerCertificateMetadata Text
- data SigningCertificate
- signingCertificate :: Text -> Text -> Text -> StatusType -> SigningCertificate
- scUploadDate :: Lens' SigningCertificate (Maybe UTCTime)
- scUserName :: Lens' SigningCertificate Text
- scCertificateId :: Lens' SigningCertificate Text
- scCertificateBody :: Lens' SigningCertificate Text
- scStatus :: Lens' SigningCertificate StatusType
- data SimulatePolicyResponse
- simulatePolicyResponse :: SimulatePolicyResponse
- spEvaluationResults :: Lens' SimulatePolicyResponse [EvaluationResult]
- spMarker :: Lens' SimulatePolicyResponse (Maybe Text)
- spIsTruncated :: Lens' SimulatePolicyResponse (Maybe Bool)
- data Statement
- statement :: Statement
- sSourcePolicyType :: Lens' Statement (Maybe PolicySourceType)
- sSourcePolicyId :: Lens' Statement (Maybe Text)
- sEndPosition :: Lens' Statement (Maybe Position)
- sStartPosition :: Lens' Statement (Maybe Position)
- data User
- user :: Text -> Text -> Text -> Text -> UTCTime -> User
- uPasswordLastUsed :: Lens' User (Maybe UTCTime)
- uPath :: Lens' User Text
- uUserName :: Lens' User Text
- uUserId :: Lens' User Text
- uARN :: Lens' User Text
- uCreateDate :: Lens' User UTCTime
- data UserDetail
- userDetail :: UserDetail
- udGroupList :: Lens' UserDetail [Text]
- udARN :: Lens' UserDetail (Maybe Text)
- udPath :: Lens' UserDetail (Maybe Text)
- udCreateDate :: Lens' UserDetail (Maybe UTCTime)
- udUserName :: Lens' UserDetail (Maybe Text)
- udUserId :: Lens' UserDetail (Maybe Text)
- udUserPolicyList :: Lens' UserDetail [PolicyDetail]
- udAttachedManagedPolicies :: Lens' UserDetail [AttachedPolicy]
- data VirtualMFADevice
- virtualMFADevice :: Text -> VirtualMFADevice
- vmdQRCodePNG :: Lens' VirtualMFADevice (Maybe ByteString)
- vmdBase32StringSeed :: Lens' VirtualMFADevice (Maybe ByteString)
- vmdUser :: Lens' VirtualMFADevice (Maybe User)
- vmdEnableDate :: Lens' VirtualMFADevice (Maybe UTCTime)
- vmdSerialNumber :: Lens' VirtualMFADevice Text
Service Configuration
API version '2010-05-08' of the Amazon Identity and Access Management SDK configuration.
Errors
Error matchers are designed for use with the functions provided by
Control.Exception.Lens.
This allows catching (and rethrowing) service specific errors returned
by IAM
.
CredentialReportNotPresentException
_CredentialReportNotPresentException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The request was rejected because the credential report does not exist. To generate a credential report, use GenerateCredentialReport.
CredentialReportNotReadyException
_CredentialReportNotReadyException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The request was rejected because the credential report is still being generated.
MalformedPolicyDocumentException
_MalformedPolicyDocumentException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The request was rejected because the policy document was malformed. The error message describes the specific error.
EntityAlreadyExistsException
_EntityAlreadyExistsException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The request was rejected because it attempted to create a resource that already exists.
MalformedCertificateException
_MalformedCertificateException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The request was rejected because the certificate was malformed or expired. The error message describes the specific error.
CredentialReportExpiredException
_CredentialReportExpiredException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The request was rejected because the most recent credential report has expired. To generate a new credential report, use GenerateCredentialReport. For more information about credential report expiration, see Getting Credential Reports in the IAM User Guide.
DuplicateCertificateException
_DuplicateCertificateException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The request was rejected because the same certificate is associated with an IAM user in the account.
DeleteConflictException
_DeleteConflictException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The request was rejected because it attempted to delete a resource that has attached subordinate entities. The error message describes these entities.
NoSuchEntityException
_NoSuchEntityException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The request was rejected because it referenced an entity that does not exist. The error message describes the entity.
InvalidCertificateException
_InvalidCertificateException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The request was rejected because the certificate is invalid.
UnrecognizedPublicKeyEncodingException
_UnrecognizedPublicKeyEncodingException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The request was rejected because the public key encoding format is unsupported or unrecognized.
InvalidUserTypeException
_InvalidUserTypeException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The request was rejected because the type of user for the transaction was incorrect.
ServiceFailureException
_ServiceFailureException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The request processing has failed because of an unknown error, exception or failure.
InvalidInputException
_InvalidInputException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The request was rejected because an invalid or out-of-range value was supplied for an input parameter.
InvalidPublicKeyException
_InvalidPublicKeyException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The request was rejected because the public key is malformed or otherwise invalid.
InvalidAuthenticationCodeException
_InvalidAuthenticationCodeException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The request was rejected because the authentication code was not recognized. The error message describes the specific error.
EntityTemporarilyUnmodifiableException
_EntityTemporarilyUnmodifiableException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The request was rejected because it referenced an entity that is temporarily unmodifiable, such as a user name that was deleted and then recreated. The error indicates that the request is likely to succeed if you try again after waiting several minutes. The error message describes the entity.
DuplicateSSHPublicKeyException
_DuplicateSSHPublicKeyException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The request was rejected because the SSH public key is already associated with the specified IAM user.
KeyPairMismatchException
_KeyPairMismatchException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The request was rejected because the public key certificate and the private key do not match.
PolicyEvaluationException
_PolicyEvaluationException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The request failed because a provided policy could not be successfully evaluated. An additional detail message indicates the source of the failure.
PasswordPolicyViolationException
_PasswordPolicyViolationException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The request was rejected because the provided password did not meet the requirements imposed by the account password policy.
LimitExceededException
_LimitExceededException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The request was rejected because it attempted to create resources beyond the current AWS account limits. The error message describes the limit exceeded.
Waiters
Waiters poll by repeatedly sending a request until some remote success condition
configured by the Wait
specification is fulfilled. The Wait
specification
determines how many attempts should be made, in addition to delay and retry strategies.
InstanceProfileExists
instanceProfileExists :: Wait GetInstanceProfile Source #
Polls GetInstanceProfile
every 1 seconds until a
successful state is reached. An error is returned after 40 failed checks.
UserExists
userExists :: Wait GetUser Source #
Polls GetUser
every 1 seconds until a
successful state is reached. An error is returned after 20 failed checks.
Operations
Some AWS operations return results that are incomplete and require subsequent
requests in order to obtain the entire result set. The process of sending
subsequent requests to continue where a previous request left off is called
pagination. For example, the ListObjects
operation of Amazon S3 returns up to
1000 objects at a time, and you must send subsequent requests with the
appropriate Marker in order to retrieve the next page of results.
Operations that have an AWSPager
instance can transparently perform subsequent
requests, correctly setting Markers and other request facets to iterate through
the entire result set of a truncated API operation. Operations which support
this have an additional note in the documentation.
Many operations have the ability to filter results on the server side. See the individual operation parameters for details.
GetContextKeysForPrincipalPolicy
ListPolicies (Paginated)
module Network.AWS.IAM.ListPolicies
CreatePolicy
module Network.AWS.IAM.CreatePolicy
ListInstanceProfilesForRole (Paginated)
AttachGroupPolicy
CreateAccessKey
ListSSHPublicKeys
ListOpenIdConnectProviders
CreateVirtualMFADevice
DeleteAccountPasswordPolicy
UpdateAccountPasswordPolicy
AttachRolePolicy
UpdateSSHPublicKey
DeleteSSHPublicKey
GetUserPolicy
ListAttachedRolePolicies (Paginated)
GetRole
module Network.AWS.IAM.GetRole
DeactivateMFADevice
CreateOpenIdConnectProvider
DeleteVirtualMFADevice
ListRoles (Paginated)
module Network.AWS.IAM.ListRoles
ListUserPolicies (Paginated)
UploadSSHPublicKey
SimulateCustomPolicy
DeleteRole
module Network.AWS.IAM.DeleteRole
ListUsers (Paginated)
module Network.AWS.IAM.ListUsers
UpdateOpenIdConnectProviderThumbprint
PutUserPolicy
GetSSHPublicKey
DetachGroupPolicy
GetOpenIdConnectProvider
DeleteUserPolicy
CreateRole
module Network.AWS.IAM.CreateRole
GetCredentialReport
GetAccountSummary
ListGroupPolicies (Paginated)
DeletePolicyVersion
DeleteInstanceProfile
DetachRolePolicy
RemoveRoleFromInstanceProfile
CreatePolicyVersion
CreateInstanceProfile
CreateSAMLProvider
GetAccountAuthorizationDetails
DeleteAccountAlias
DetachUserPolicy
RemoveUserFromGroup
DeleteGroupPolicy
PutGroupPolicy
GetLoginProfile
GetGroupPolicy
ChangePassword
ListServerCertificates (Paginated)
DeletePolicy
module Network.AWS.IAM.DeletePolicy
UpdateAssumeRolePolicy
GetInstanceProfile
CreateLoginProfile
GetSAMLProvider
AddRoleToInstanceProfile
ListGroupsForUser (Paginated)
ListEntitiesForPolicy (Paginated)
AddUserToGroup
SimulatePrincipalPolicy
GetPolicyVersion
DeleteOpenIdConnectProvider
GetUser
module Network.AWS.IAM.GetUser
ListSigningCertificates (Paginated)
DeleteSigningCertificate
UpdateSigningCertificate
ListAttachedUserPolicies (Paginated)
RemoveClientIdFromOpenIdConnectProvider
AttachUserPolicy
ListVirtualMFADevices (Paginated)
ResyncMFADevice
DeleteAccessKey
UpdateAccessKey
ListAccessKeys (Paginated)
GetRolePolicy
CreateUser
module Network.AWS.IAM.CreateUser
PutRolePolicy
GetContextKeysForCustomPolicy
UploadSigningCertificate
DeleteRolePolicy
GetAccountPasswordPolicy
GetAccessKeyLastUsed
UpdateUser
module Network.AWS.IAM.UpdateUser
DeleteUser
module Network.AWS.IAM.DeleteUser
AddClientIdToOpenIdConnectProvider
ListRolePolicies (Paginated)
CreateAccountAlias
ListInstanceProfiles (Paginated)
EnableMFADevice
ListAccountAliases (Paginated)
DeleteSAMLProvider
UpdateSAMLProvider
CreateGroup
module Network.AWS.IAM.CreateGroup
ListMFADevices (Paginated)
UploadServerCertificate
SetDefaultPolicyVersion
ListPolicyVersions (Paginated)
ListSAMLProviders
GetServerCertificate
DeleteGroup
module Network.AWS.IAM.DeleteGroup
UpdateGroup
module Network.AWS.IAM.UpdateGroup
ListGroups (Paginated)
module Network.AWS.IAM.ListGroups
GenerateCredentialReport
GetPolicy
module Network.AWS.IAM.GetPolicy
UpdateLoginProfile
DeleteLoginProfile
GetGroup (Paginated)
module Network.AWS.IAM.GetGroup
DeleteServerCertificate
UpdateServerCertificate
ListAttachedGroupPolicies (Paginated)
Types
AssignmentStatusType
data AssignmentStatusType Source #
ContextKeyTypeEnum
data ContextKeyTypeEnum Source #
EncodingType
data EncodingType Source #
EntityType
data EntityType Source #
PolicyEvaluationDecisionType
data PolicyEvaluationDecisionType Source #
PolicyScopeType
data PolicyScopeType Source #
PolicySourceType
data PolicySourceType Source #
ReportFormatType
data ReportFormatType Source #
ReportStateType
data ReportStateType Source #
StatusType
data StatusType Source #
SummaryKeyType
data SummaryKeyType Source #
AccessKey
Contains information about an AWS access key.
This data type is used as a response element in the CreateAccessKey and ListAccessKeys actions.
The SecretAccessKey
value is returned only in response to CreateAccessKey. You can get a secret access key only when you first create an access key; you cannot recover the secret access key later. If you lose a secret access key, you must create a new access key.
See: accessKey
smart constructor.
Creates a value of AccessKey
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
akUserName :: Lens' AccessKey Text Source #
The name of the IAM user that the access key is associated with.
AccessKeyLastUsed
data AccessKeyLastUsed Source #
Contains information about the last time an AWS access key was used.
This data type is used as a response element in the GetAccessKeyLastUsed action.
See: accessKeyLastUsed
smart constructor.
Creates a value of AccessKeyLastUsed
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
akluLastUsedDate :: Lens' AccessKeyLastUsed UTCTime Source #
The date and time, in ISO 8601 date-time format, when the access key was most recently used. This field is null when:
- The user does not have an access key.
- An access key exists but has never been used, at least not since IAM started tracking this information on April 22nd, 2015.
- There is no sign-in data associated with the user
akluServiceName :: Lens' AccessKeyLastUsed Text Source #
The name of the AWS service with which this access key was most recently used. This field is null when:
- The user does not have an access key.
- An access key exists but has never been used, at least not since IAM started tracking this information on April 22nd, 2015.
- There is no sign-in data associated with the user
akluRegion :: Lens' AccessKeyLastUsed Text Source #
The AWS region where this access key was most recently used. This field is null when:
- The user does not have an access key.
- An access key exists but has never been used, at least not since IAM started tracking this information on April 22nd, 2015.
- There is no sign-in data associated with the user
For more information about AWS regions, see Regions and Endpoints in the Amazon Web Services General Reference.
AccessKeyMetadata
data AccessKeyMetadata Source #
Contains information about an AWS access key, without its secret key.
This data type is used as a response element in the ListAccessKeys action.
See: accessKeyMetadata
smart constructor.
accessKeyMetadata :: AccessKeyMetadata Source #
Creates a value of AccessKeyMetadata
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
akmCreateDate :: Lens' AccessKeyMetadata (Maybe UTCTime) Source #
The date when the access key was created.
akmUserName :: Lens' AccessKeyMetadata (Maybe Text) Source #
The name of the IAM user that the key is associated with.
akmAccessKeyId :: Lens' AccessKeyMetadata (Maybe Text) Source #
The ID for this access key.
AttachedPolicy
data AttachedPolicy Source #
Contains information about an attached policy.
An attached policy is a managed policy that has been attached to a user, group, or role. This data type is used as a response element in the ListAttachedGroupPolicies, ListAttachedRolePolicies, ListAttachedUserPolicies, and GetAccountAuthorizationDetails actions.
For more information about managed policies, refer to Managed Policies and Inline Policies in the Using IAM guide.
See: attachedPolicy
smart constructor.
attachedPolicy :: AttachedPolicy Source #
Creates a value of AttachedPolicy
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
apPolicyName :: Lens' AttachedPolicy (Maybe Text) Source #
The friendly name of the attached policy.
apPolicyARN :: Lens' AttachedPolicy (Maybe Text) Source #
Undocumented member.
ContextEntry
data ContextEntry Source #
Contains information about a condition context key. It includes the name of the key and specifies the value (or values, if the context key supports multiple values) to use in the simulation. This information is used when evaluating the Condition
elements of the input policies.
This data type is used as an input parameter to SimulatePolicy
.
See: contextEntry
smart constructor.
contextEntry :: ContextEntry Source #
Creates a value of ContextEntry
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
ceContextKeyValues :: Lens' ContextEntry [Text] Source #
The value (or values, if the condition context key supports multiple values) to provide to the simulation for use when the key is referenced by a Condition
element in an input policy.
ceContextKeyName :: Lens' ContextEntry (Maybe Text) Source #
The full name of a condition context key, including the service prefix. For example, 'aws:SourceIp' or 's3:VersionId'.
ceContextKeyType :: Lens' ContextEntry (Maybe ContextKeyTypeEnum) Source #
The data type of the value (or values) specified in the ContextKeyValues
parameter.
EvaluationResult
data EvaluationResult Source #
Contains the results of a simulation.
This data type is used by the return parameter of SimulatePolicy
.
See: evaluationResult
smart constructor.
Creates a value of EvaluationResult
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
erMatchedStatements :: Lens' EvaluationResult [Statement] Source #
A list of the statements in the input policies that determine the result for this scenario. Remember that even if multiple statements allow the action on the resource, if only one statement denies that action, then the explicit deny overrides any allow, and the deny statement is the only entry included in the result.
erEvalDecisionDetails :: Lens' EvaluationResult (HashMap Text PolicyEvaluationDecisionType) Source #
Additional details about the results of the evaluation decision. When there are both IAM policies and resource policies, this parameter explains how each set of policies contributes to the final evaluation decision. When simulating cross-account access to a resource, both the resource-based policy and the caller's IAM policy must grant access. See How IAM Roles Differ from Resource-based Policies
erResourceSpecificResults :: Lens' EvaluationResult [ResourceSpecificResult] Source #
The individual results of the simulation of the API action specified in EvalActionName on each resource.
erEvalResourceName :: Lens' EvaluationResult (Maybe Text) Source #
The ARN of the resource that the indicated API action was tested on.
erMissingContextValues :: Lens' EvaluationResult [Text] Source #
A list of context keys that are required by the included input policies but that were not provided by one of the input parameters. This list is used when the resource in a simulation is "*", either explicitly, or when the ResourceArns
parameter blank. If you include a list of resources, then any missing context values are instead included under the ResourceSpecificResults
section. To discover the context keys used by a set of policies, you can call GetContextKeysForCustomPolicy or GetContextKeysForPrincipalPolicy.
If the response includes any keys in this list, then the reported results might be untrustworthy because the simulation could not completely evaluate all of the conditions specified in the policies that would occur in a real world request.
erEvalActionName :: Lens' EvaluationResult Text Source #
The name of the API action tested on the indicated resource.
erEvalDecision :: Lens' EvaluationResult PolicyEvaluationDecisionType Source #
The result of the simulation.
GetContextKeysForPolicyResponse
data GetContextKeysForPolicyResponse Source #
Contains the response to a successful GetContextKeysForPrincipalPolicy or GetContextKeysForCustomPolicy request.
See: getContextKeysForPolicyResponse
smart constructor.
getContextKeysForPolicyResponse :: GetContextKeysForPolicyResponse Source #
Creates a value of GetContextKeysForPolicyResponse
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
gckfpContextKeyNames :: Lens' GetContextKeysForPolicyResponse [Text] Source #
The list of context keys that are used in the Condition
elements of the input policies.
Group
Contains information about an IAM group entity.
This data type is used as a response element in the following actions:
See: group'
smart constructor.
Creates a value of Group
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
gPath :: Lens' Group Text Source #
The path to the group. For more information about paths, see IAM Identifiers in the Using IAM guide.
gGroupId :: Lens' Group Text Source #
The stable and unique string identifying the group. For more information about IDs, see IAM Identifiers in the Using IAM guide.
gARN :: Lens' Group Text Source #
The Amazon Resource Name (ARN) specifying the group. For more information about ARNs and how to use them in policies, see IAM Identifiers in the Using IAM guide.
gCreateDate :: Lens' Group UTCTime Source #
The date and time, in ISO 8601 date-time format, when the group was created.
GroupDetail
data GroupDetail Source #
Contains information about an IAM group, including all of the group's policies.
This data type is used as a response element in the GetAccountAuthorizationDetails action.
See: groupDetail
smart constructor.
groupDetail :: GroupDetail Source #
Creates a value of GroupDetail
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
gdPath :: Lens' GroupDetail (Maybe Text) Source #
The path to the group. For more information about paths, see IAM Identifiers in the Using IAM guide.
gdCreateDate :: Lens' GroupDetail (Maybe UTCTime) Source #
The date and time, in ISO 8601 date-time format, when the group was created.
gdGroupId :: Lens' GroupDetail (Maybe Text) Source #
The stable and unique string identifying the group. For more information about IDs, see IAM Identifiers in the Using IAM guide.
gdGroupPolicyList :: Lens' GroupDetail [PolicyDetail] Source #
A list of the inline policies embedded in the group.
gdGroupName :: Lens' GroupDetail (Maybe Text) Source #
The friendly name that identifies the group.
gdAttachedManagedPolicies :: Lens' GroupDetail [AttachedPolicy] Source #
A list of the managed policies attached to the group.
InstanceProfile
data InstanceProfile Source #
Contains information about an instance profile.
This data type is used as a response element in the following actions:
See: instanceProfile
smart constructor.
Creates a value of InstanceProfile
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
ipPath :: Lens' InstanceProfile Text Source #
The path to the instance profile. For more information about paths, see IAM Identifiers in the Using IAM guide.
ipInstanceProfileName :: Lens' InstanceProfile Text Source #
The name identifying the instance profile.
ipInstanceProfileId :: Lens' InstanceProfile Text Source #
The stable and unique string identifying the instance profile. For more information about IDs, see IAM Identifiers in the Using IAM guide.
ipARN :: Lens' InstanceProfile Text Source #
The Amazon Resource Name (ARN) specifying the instance profile. For more information about ARNs and how to use them in policies, see IAM Identifiers in the Using IAM guide.
ipCreateDate :: Lens' InstanceProfile UTCTime Source #
The date when the instance profile was created.
LoginProfile
data LoginProfile Source #
Contains the user name and password create date for a user.
This data type is used as a response element in the CreateLoginProfile and GetLoginProfile actions.
See: loginProfile
smart constructor.
Creates a value of LoginProfile
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
lpPasswordResetRequired :: Lens' LoginProfile (Maybe Bool) Source #
Specifies whether the user is required to set a new password on next sign-in.
lpUserName :: Lens' LoginProfile Text Source #
The name of the user, which can be used for signing in to the AWS Management Console.
lpCreateDate :: Lens' LoginProfile UTCTime Source #
The date when the password for the user was created.
MFADevice
Contains information about an MFA device.
This data type is used as a response element in the ListMFADevices action.
See: mfaDevice
smart constructor.
Creates a value of MFADevice
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
mdSerialNumber :: Lens' MFADevice Text Source #
The serial number that uniquely identifies the MFA device. For virtual MFA devices, the serial number is the device ARN.
mdEnableDate :: Lens' MFADevice UTCTime Source #
The date when the MFA device was enabled for the user.
ManagedPolicyDetail
data ManagedPolicyDetail Source #
Contains information about a managed policy, including the policy's ARN, versions, and the number of principal entities (users, groups, and roles) that the policy is attached to.
This data type is used as a response element in the GetAccountAuthorizationDetails action.
For more information about managed policies, see Managed Policies and Inline Policies in the Using IAM guide.
See: managedPolicyDetail
smart constructor.
managedPolicyDetail :: ManagedPolicyDetail Source #
Creates a value of ManagedPolicyDetail
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
mpdPolicyName :: Lens' ManagedPolicyDetail (Maybe Text) Source #
The friendly name (not ARN) identifying the policy.
mpdUpdateDate :: Lens' ManagedPolicyDetail (Maybe UTCTime) Source #
The date and time, in ISO 8601 date-time format, when the policy was last updated.
When a policy has only one version, this field contains the date and time when the policy was created. When a policy has more than one version, this field contains the date and time when the most recent policy version was created.
mpdPolicyId :: Lens' ManagedPolicyDetail (Maybe Text) Source #
The stable and unique string identifying the policy.
For more information about IDs, see IAM Identifiers in the Using IAM guide.
mpdPath :: Lens' ManagedPolicyDetail (Maybe Text) Source #
The path to the policy.
For more information about paths, see IAM Identifiers in the Using IAM guide.
mpdPolicyVersionList :: Lens' ManagedPolicyDetail [PolicyVersion] Source #
A list containing information about the versions of the policy.
mpdCreateDate :: Lens' ManagedPolicyDetail (Maybe UTCTime) Source #
The date and time, in ISO 8601 date-time format, when the policy was created.
mpdIsAttachable :: Lens' ManagedPolicyDetail (Maybe Bool) Source #
Specifies whether the policy can be attached to an IAM user, group, or role.
mpdDefaultVersionId :: Lens' ManagedPolicyDetail (Maybe Text) Source #
The identifier for the version of the policy that is set as the default (operative) version.
For more information about policy versions, see Versioning for Managed Policies in the Using IAM guide.
mpdAttachmentCount :: Lens' ManagedPolicyDetail (Maybe Int) Source #
The number of principal entities (users, groups, and roles) that the policy is attached to.
mpdDescription :: Lens' ManagedPolicyDetail (Maybe Text) Source #
A friendly description of the policy.
OpenIdConnectProviderListEntry
data OpenIdConnectProviderListEntry Source #
Contains the Amazon Resource Name (ARN) for an IAM OpenID Connect provider.
See: openIdConnectProviderListEntry
smart constructor.
openIdConnectProviderListEntry :: OpenIdConnectProviderListEntry Source #
Creates a value of OpenIdConnectProviderListEntry
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
PasswordPolicy
data PasswordPolicy Source #
Contains information about the account password policy.
This data type is used as a response element in the GetAccountPasswordPolicy action.
See: passwordPolicy
smart constructor.
passwordPolicy :: PasswordPolicy Source #
Creates a value of PasswordPolicy
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
ppExpirePasswords :: Lens' PasswordPolicy (Maybe Bool) Source #
Indicates whether passwords in the account expire. Returns true if MaxPasswordAge is contains a value greater than 0. Returns false if MaxPasswordAge is 0 or not present.
ppMinimumPasswordLength :: Lens' PasswordPolicy (Maybe Natural) Source #
Minimum length to require for IAM user passwords.
ppRequireNumbers :: Lens' PasswordPolicy (Maybe Bool) Source #
Specifies whether to require numbers for IAM user passwords.
ppPasswordReusePrevention :: Lens' PasswordPolicy (Maybe Natural) Source #
Specifies the number of previous passwords that IAM users are prevented from reusing.
ppRequireLowercaseCharacters :: Lens' PasswordPolicy (Maybe Bool) Source #
Specifies whether to require lowercase characters for IAM user passwords.
ppMaxPasswordAge :: Lens' PasswordPolicy (Maybe Natural) Source #
The number of days that an IAM user password is valid.
ppHardExpiry :: Lens' PasswordPolicy (Maybe Bool) Source #
Specifies whether IAM users are prevented from setting a new password after their password has expired.
ppRequireSymbols :: Lens' PasswordPolicy (Maybe Bool) Source #
Specifies whether to require symbols for IAM user passwords.
ppRequireUppercaseCharacters :: Lens' PasswordPolicy (Maybe Bool) Source #
Specifies whether to require uppercase characters for IAM user passwords.
ppAllowUsersToChangePassword :: Lens' PasswordPolicy (Maybe Bool) Source #
Specifies whether IAM users are allowed to change their own password.
Policy
Contains information about a managed policy.
This data type is used as a response element in the CreatePolicy, GetPolicy, and ListPolicies actions.
For more information about managed policies, refer to Managed Policies and Inline Policies in the Using IAM guide.
See: policy
smart constructor.
Creates a value of Policy
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
pPolicyName :: Lens' Policy (Maybe Text) Source #
The friendly name (not ARN) identifying the policy.
pUpdateDate :: Lens' Policy (Maybe UTCTime) Source #
The date and time, in ISO 8601 date-time format, when the policy was last updated.
When a policy has only one version, this field contains the date and time when the policy was created. When a policy has more than one version, this field contains the date and time when the most recent policy version was created.
pPolicyId :: Lens' Policy (Maybe Text) Source #
The stable and unique string identifying the policy.
For more information about IDs, see IAM Identifiers in the Using IAM guide.
pPath :: Lens' Policy (Maybe Text) Source #
The path to the policy.
For more information about paths, see IAM Identifiers in the Using IAM guide.
pCreateDate :: Lens' Policy (Maybe UTCTime) Source #
The date and time, in ISO 8601 date-time format, when the policy was created.
pIsAttachable :: Lens' Policy (Maybe Bool) Source #
Specifies whether the policy can be attached to an IAM user, group, or role.
pDefaultVersionId :: Lens' Policy (Maybe Text) Source #
The identifier for the version of the policy that is set as the default version.
pAttachmentCount :: Lens' Policy (Maybe Int) Source #
The number of entities (users, groups, and roles) that the policy is attached to.
pDescription :: Lens' Policy (Maybe Text) Source #
A friendly description of the policy.
This element is included in the response to the GetPolicy operation. It is not included in the response to the ListPolicies operation.
PolicyDetail
data PolicyDetail Source #
Contains information about an IAM policy, including the policy document.
This data type is used as a response element in the GetAccountAuthorizationDetails action.
See: policyDetail
smart constructor.
policyDetail :: PolicyDetail Source #
Creates a value of PolicyDetail
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
pdPolicyDocument :: Lens' PolicyDetail (Maybe Text) Source #
The policy document.
pdPolicyName :: Lens' PolicyDetail (Maybe Text) Source #
The name of the policy.
PolicyGroup
data PolicyGroup Source #
Contains information about a group that a managed policy is attached to.
This data type is used as a response element in the ListEntitiesForPolicy action.
For more information about managed policies, refer to Managed Policies and Inline Policies in the Using IAM guide.
See: policyGroup
smart constructor.
policyGroup :: PolicyGroup Source #
Creates a value of PolicyGroup
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
pgGroupId :: Lens' PolicyGroup (Maybe Text) Source #
The stable and unique string identifying the group. For more information about IDs, see IAM Identifiers in the IAM User Guide.
pgGroupName :: Lens' PolicyGroup (Maybe Text) Source #
The name (friendly name, not ARN) identifying the group.
PolicyRole
data PolicyRole Source #
Contains information about a role that a managed policy is attached to.
This data type is used as a response element in the ListEntitiesForPolicy action.
For more information about managed policies, refer to Managed Policies and Inline Policies in the Using IAM guide.
See: policyRole
smart constructor.
policyRole :: PolicyRole Source #
Creates a value of PolicyRole
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
prRoleName :: Lens' PolicyRole (Maybe Text) Source #
The name (friendly name, not ARN) identifying the role.
prRoleId :: Lens' PolicyRole (Maybe Text) Source #
The stable and unique string identifying the role. For more information about IDs, see IAM Identifiers in the IAM User Guide.
PolicyUser
data PolicyUser Source #
Contains information about a user that a managed policy is attached to.
This data type is used as a response element in the ListEntitiesForPolicy action.
For more information about managed policies, refer to Managed Policies and Inline Policies in the Using IAM guide.
See: policyUser
smart constructor.
policyUser :: PolicyUser Source #
Creates a value of PolicyUser
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
puUserName :: Lens' PolicyUser (Maybe Text) Source #
The name (friendly name, not ARN) identifying the user.
puUserId :: Lens' PolicyUser (Maybe Text) Source #
The stable and unique string identifying the user. For more information about IDs, see IAM Identifiers in the IAM User Guide.
PolicyVersion
data PolicyVersion Source #
Contains information about a version of a managed policy.
This data type is used as a response element in the CreatePolicyVersion, GetPolicyVersion, ListPolicyVersions, and GetAccountAuthorizationDetails actions.
For more information about managed policies, refer to Managed Policies and Inline Policies in the Using IAM guide.
See: policyVersion
smart constructor.
policyVersion :: PolicyVersion Source #
Creates a value of PolicyVersion
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
pvVersionId :: Lens' PolicyVersion (Maybe Text) Source #
The identifier for the policy version.
Policy version identifiers always begin with v
(always lowercase). When a policy is created, the first policy version is v1
.
pvCreateDate :: Lens' PolicyVersion (Maybe UTCTime) Source #
The date and time, in ISO 8601 date-time format, when the policy version was created.
pvDocument :: Lens' PolicyVersion (Maybe Text) Source #
The policy document.
The policy document is returned in the response to the GetPolicyVersion and GetAccountAuthorizationDetails operations. It is not returned in the response to the CreatePolicyVersion or ListPolicyVersions operations.
pvIsDefaultVersion :: Lens' PolicyVersion (Maybe Bool) Source #
Specifies whether the policy version is set as the policy's default version.
Position
pLine :: Lens' Position (Maybe Int) Source #
The line containing the specified position in the document.
pColumn :: Lens' Position (Maybe Int) Source #
The column in the line containing the specified position in the document.
ResourceSpecificResult
data ResourceSpecificResult Source #
Contains the result of the simulation of a single API action call on a single resource.
This data type is used by a member of the EvaluationResult data type.
See: resourceSpecificResult
smart constructor.
resourceSpecificResult Source #
Creates a value of ResourceSpecificResult
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
rsrMatchedStatements :: Lens' ResourceSpecificResult [Statement] Source #
A list of the statements in the input policies that determine the result for this part of the simulation. Remember that even if multiple statements allow the action on the resource, if any statement denies that action, then the explicit deny overrides any allow, and the deny statement is the only entry included in the result.
rsrEvalDecisionDetails :: Lens' ResourceSpecificResult (HashMap Text PolicyEvaluationDecisionType) Source #
Additional details about the results of the evaluation decision. When there are both IAM policies and resource policies, this parameter explains how each set of policies contributes to the final evaluation decision. When simulating cross-account access to a resource, both the resource-based policy and the caller's IAM policy must grant access.
rsrMissingContextValues :: Lens' ResourceSpecificResult [Text] Source #
A list of context keys that are required by the included input policies but that were not provided by one of the input parameters. This list is used when a list of ARNs is included in the ResourceArns
parameter instead of "*". If you do not specify individual resources, by setting ResourceArns
to "*" or by not including the ResourceArns
parameter, then any missing context values are instead included under the EvaluationResults
section. To discover the context keys used by a set of policies, you can call GetContextKeysForCustomPolicy or GetContextKeysForPrincipalPolicy.
rsrEvalResourceName :: Lens' ResourceSpecificResult Text Source #
The name of the simulated resource, in Amazon Resource Name (ARN) format.
rsrEvalResourceDecision :: Lens' ResourceSpecificResult PolicyEvaluationDecisionType Source #
The result of the simulation of the simulated API action on the resource specified in EvalResourceName
.
Role
Contains information about an IAM role.
This data type is used as a response element in the following actions:
See: role'
smart constructor.
Creates a value of Role
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
rAssumeRolePolicyDocument :: Lens' Role (Maybe Text) Source #
The policy that grants an entity permission to assume the role.
rPath :: Lens' Role Text Source #
The path to the role. For more information about paths, see IAM Identifiers in the Using IAM guide.
rRoleId :: Lens' Role Text Source #
The stable and unique string identifying the role. For more information about IDs, see IAM Identifiers in the Using IAM guide.
rARN :: Lens' Role Text Source #
The Amazon Resource Name (ARN) specifying the role. For more information about ARNs and how to use them in policies, see IAM Identifiers in the Using IAM guide.
rCreateDate :: Lens' Role UTCTime Source #
The date and time, in ISO 8601 date-time format, when the role was created.
RoleDetail
data RoleDetail Source #
Contains information about an IAM role, including all of the role's policies.
This data type is used as a response element in the GetAccountAuthorizationDetails action.
See: roleDetail
smart constructor.
roleDetail :: RoleDetail Source #
Creates a value of RoleDetail
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
rdAssumeRolePolicyDocument :: Lens' RoleDetail (Maybe Text) Source #
The trust policy that grants permission to assume the role.
rdPath :: Lens' RoleDetail (Maybe Text) Source #
The path to the role. For more information about paths, see IAM Identifiers in the Using IAM guide.
rdInstanceProfileList :: Lens' RoleDetail [InstanceProfile] Source #
Undocumented member.
rdCreateDate :: Lens' RoleDetail (Maybe UTCTime) Source #
The date and time, in ISO 8601 date-time format, when the role was created.
rdRoleName :: Lens' RoleDetail (Maybe Text) Source #
The friendly name that identifies the role.
rdRoleId :: Lens' RoleDetail (Maybe Text) Source #
The stable and unique string identifying the role. For more information about IDs, see IAM Identifiers in the Using IAM guide.
rdRolePolicyList :: Lens' RoleDetail [PolicyDetail] Source #
A list of inline policies embedded in the role. These policies are the role's access (permissions) policies.
rdAttachedManagedPolicies :: Lens' RoleDetail [AttachedPolicy] Source #
A list of managed policies attached to the role. These policies are the role's access (permissions) policies.
SAMLProviderListEntry
data SAMLProviderListEntry Source #
Contains the list of SAML providers for this account.
See: sAMLProviderListEntry
smart constructor.
sAMLProviderListEntry :: SAMLProviderListEntry Source #
Creates a value of SAMLProviderListEntry
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
samlpleARN :: Lens' SAMLProviderListEntry (Maybe Text) Source #
The Amazon Resource Name (ARN) of the SAML provider.
samlpleCreateDate :: Lens' SAMLProviderListEntry (Maybe UTCTime) Source #
The date and time when the SAML provider was created.
samlpleValidUntil :: Lens' SAMLProviderListEntry (Maybe UTCTime) Source #
The expiration date and time for the SAML provider.
SSHPublicKey
data SSHPublicKey Source #
Contains information about an SSH public key.
This data type is used as a response element in the GetSSHPublicKey and UploadSSHPublicKey actions.
See: sshPublicKey
smart constructor.
:: Text | |
-> Text | |
-> Text | |
-> Text | |
-> StatusType | |
-> SSHPublicKey |
Creates a value of SSHPublicKey
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
spkUploadDate :: Lens' SSHPublicKey (Maybe UTCTime) Source #
The date and time, in ISO 8601 date-time format, when the SSH public key was uploaded.
spkUserName :: Lens' SSHPublicKey Text Source #
The name of the IAM user associated with the SSH public key.
spkSSHPublicKeyId :: Lens' SSHPublicKey Text Source #
The unique identifier for the SSH public key.
spkFingerprint :: Lens' SSHPublicKey Text Source #
The MD5 message digest of the SSH public key.
spkSSHPublicKeyBody :: Lens' SSHPublicKey Text Source #
The SSH public key.
SSHPublicKeyMetadata
data SSHPublicKeyMetadata Source #
Contains information about an SSH public key, without the key's body or fingerprint.
This data type is used as a response element in the ListSSHPublicKeys action.
See: sshPublicKeyMetadata
smart constructor.
:: Text | |
-> Text | |
-> StatusType | |
-> UTCTime | |
-> SSHPublicKeyMetadata |
Creates a value of SSHPublicKeyMetadata
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
spkmUserName :: Lens' SSHPublicKeyMetadata Text Source #
The name of the IAM user associated with the SSH public key.
spkmSSHPublicKeyId :: Lens' SSHPublicKeyMetadata Text Source #
The unique identifier for the SSH public key.
spkmUploadDate :: Lens' SSHPublicKeyMetadata UTCTime Source #
The date and time, in ISO 8601 date-time format, when the SSH public key was uploaded.
ServerCertificate
data ServerCertificate Source #
Contains information about a server certificate.
This data type is used as a response element in the GetServerCertificate action.
See: serverCertificate
smart constructor.
Creates a value of ServerCertificate
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
sCertificateChain :: Lens' ServerCertificate (Maybe Text) Source #
The contents of the public key certificate chain.
sServerCertificateMetadata :: Lens' ServerCertificate ServerCertificateMetadata Source #
The meta information of the server certificate, such as its name, path, ID, and ARN.
sCertificateBody :: Lens' ServerCertificate Text Source #
The contents of the public key certificate.
ServerCertificateMetadata
data ServerCertificateMetadata Source #
Contains information about a server certificate without its certificate body, certificate chain, and private key.
This data type is used as a response element in the UploadServerCertificate and ListServerCertificates actions.
See: serverCertificateMetadata
smart constructor.
serverCertificateMetadata Source #
:: Text | |
-> Text | |
-> Text | |
-> Text | |
-> ServerCertificateMetadata |
Creates a value of ServerCertificateMetadata
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
scmUploadDate :: Lens' ServerCertificateMetadata (Maybe UTCTime) Source #
The date when the server certificate was uploaded.
scmExpiration :: Lens' ServerCertificateMetadata (Maybe UTCTime) Source #
The date on which the certificate is set to expire.
scmPath :: Lens' ServerCertificateMetadata Text Source #
The path to the server certificate. For more information about paths, see IAM Identifiers in the Using IAM guide.
scmServerCertificateName :: Lens' ServerCertificateMetadata Text Source #
The name that identifies the server certificate.
scmServerCertificateId :: Lens' ServerCertificateMetadata Text Source #
The stable and unique string identifying the server certificate. For more information about IDs, see IAM Identifiers in the Using IAM guide.
scmARN :: Lens' ServerCertificateMetadata Text Source #
The Amazon Resource Name (ARN) specifying the server certificate. For more information about ARNs and how to use them in policies, see IAM Identifiers in the Using IAM guide.
SigningCertificate
data SigningCertificate Source #
Contains information about an X.509 signing certificate.
This data type is used as a response element in the UploadSigningCertificate and ListSigningCertificates actions.
See: signingCertificate
smart constructor.
:: Text | |
-> Text | |
-> Text | |
-> StatusType | |
-> SigningCertificate |
Creates a value of SigningCertificate
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
scUploadDate :: Lens' SigningCertificate (Maybe UTCTime) Source #
The date when the signing certificate was uploaded.
scUserName :: Lens' SigningCertificate Text Source #
The name of the user the signing certificate is associated with.
scCertificateId :: Lens' SigningCertificate Text Source #
The ID for the signing certificate.
scCertificateBody :: Lens' SigningCertificate Text Source #
The contents of the signing certificate.
SimulatePolicyResponse
data SimulatePolicyResponse Source #
Contains the response to a successful SimulatePrincipalPolicy or SimulateCustomPolicy request.
See: simulatePolicyResponse
smart constructor.
simulatePolicyResponse :: SimulatePolicyResponse Source #
Creates a value of SimulatePolicyResponse
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
spEvaluationResults :: Lens' SimulatePolicyResponse [EvaluationResult] Source #
The results of the simulation.
spMarker :: Lens' SimulatePolicyResponse (Maybe Text) Source #
When IsTruncated
is true
, this element is present and contains the value to use for the Marker
parameter in a subsequent pagination request.
spIsTruncated :: Lens' SimulatePolicyResponse (Maybe Bool) Source #
A flag that indicates whether there are more items to return. If your results were truncated, you can make a subsequent pagination request using the Marker
request parameter to retrieve more items. Note that IAM might return fewer than the MaxItems
number of results even when there are more results available. We recommend that you check IsTruncated
after every call to ensure that you receive all of your results.
Statement
Contains a reference to a Statement
element in a policy document that determines the result of the simulation.
This data type is used by the MatchedStatements
member of the EvaluationResult
type.
See: statement
smart constructor.
statement :: Statement Source #
Creates a value of Statement
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
sSourcePolicyType :: Lens' Statement (Maybe PolicySourceType) Source #
The type of the policy.
sSourcePolicyId :: Lens' Statement (Maybe Text) Source #
The identifier of the policy that was provided as an input.
sEndPosition :: Lens' Statement (Maybe Position) Source #
The row and column of the end of a Statement
in an IAM policy.
sStartPosition :: Lens' Statement (Maybe Position) Source #
The row and column of the beginning of the Statement
in an IAM policy.
User
Contains information about an IAM user entity.
This data type is used as a response element in the following actions:
See: user
smart constructor.
Creates a value of User
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
uPasswordLastUsed :: Lens' User (Maybe UTCTime) Source #
The date and time, in ISO 8601 date-time format, when the user's password was last used to sign in to an AWS website. For a list of AWS websites that capture a user's last sign-in time, see the Credential Reports topic in the Using IAM guide. If a password is used more than once in a five-minute span, only the first use is returned in this field. This field is null (not present) when:
- The user does not have a password
- The password exists but has never been used (at least not since IAM started tracking this information on October 20th, 2014
- there is no sign-in data associated with the user
This value is returned only in the GetUser and ListUsers actions.
uPath :: Lens' User Text Source #
The path to the user. For more information about paths, see IAM Identifiers in the Using IAM guide.
uUserId :: Lens' User Text Source #
The stable and unique string identifying the user. For more information about IDs, see IAM Identifiers in the Using IAM guide.
uARN :: Lens' User Text Source #
The Amazon Resource Name (ARN) that identifies the user. For more information about ARNs and how to use ARNs in policies, see IAM Identifiers in the Using IAM guide.
uCreateDate :: Lens' User UTCTime Source #
The date and time, in ISO 8601 date-time format, when the user was created.
UserDetail
data UserDetail Source #
Contains information about an IAM user, including all the user's policies and all the IAM groups the user is in.
This data type is used as a response element in the GetAccountAuthorizationDetails action.
See: userDetail
smart constructor.
userDetail :: UserDetail Source #
Creates a value of UserDetail
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
udGroupList :: Lens' UserDetail [Text] Source #
A list of IAM groups that the user is in.
udPath :: Lens' UserDetail (Maybe Text) Source #
The path to the user. For more information about paths, see IAM Identifiers in the Using IAM guide.
udCreateDate :: Lens' UserDetail (Maybe UTCTime) Source #
The date and time, in ISO 8601 date-time format, when the user was created.
udUserName :: Lens' UserDetail (Maybe Text) Source #
The friendly name identifying the user.
udUserId :: Lens' UserDetail (Maybe Text) Source #
The stable and unique string identifying the user. For more information about IDs, see IAM Identifiers in the Using IAM guide.
udUserPolicyList :: Lens' UserDetail [PolicyDetail] Source #
A list of the inline policies embedded in the user.
udAttachedManagedPolicies :: Lens' UserDetail [AttachedPolicy] Source #
A list of the managed policies attached to the user.
VirtualMFADevice
data VirtualMFADevice Source #
Contains information about a virtual MFA device.
See: virtualMFADevice
smart constructor.
Creates a value of VirtualMFADevice
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
vmdQRCodePNG :: Lens' VirtualMFADevice (Maybe ByteString) Source #
A QR code PNG image that encodes 'otpauth:\/\/totp\/>virtualMFADeviceName\'>AccountName?secret=>Base32String' where '>virtualMFADeviceName' is one of the create call arguments, AccountName
is the user name if set (otherwise, the account ID otherwise), and Base32String
is the seed in Base32 format. The Base32String
value is Base64-encoded.
Note: This Lens
automatically encodes and decodes Base64 data,
despite what the AWS documentation might say.
The underlying isomorphism will encode to Base64 representation during
serialisation, and decode from Base64 representation during deserialisation.
This Lens
accepts and returns only raw unencoded data.
vmdBase32StringSeed :: Lens' VirtualMFADevice (Maybe ByteString) Source #
The Base32 seed defined as specified in RFC3548. The Base32StringSeed
is Base64-encoded.
Note: This Lens
automatically encodes and decodes Base64 data,
despite what the AWS documentation might say.
The underlying isomorphism will encode to Base64 representation during
serialisation, and decode from Base64 representation during deserialisation.
This Lens
accepts and returns only raw unencoded data.
vmdEnableDate :: Lens' VirtualMFADevice (Maybe UTCTime) Source #
The date and time on which the virtual MFA device was enabled.
vmdSerialNumber :: Lens' VirtualMFADevice Text Source #
The serial number associated with VirtualMFADevice
.