Copyright | (c) 2013-2018 Brendan Hay |
---|---|
License | Mozilla Public License, v. 2.0. |
Maintainer | Brendan Hay <brendan.g.hay+amazonka@gmail.com> |
Stability | auto-generated |
Portability | non-portable (GHC extensions) |
Safe Haskell | None |
Language | Haskell2010 |
Network.AWS.IAM
Contents
- Service Configuration
- Errors
- CredentialReportNotPresentException
- CredentialReportNotReadyException
- MalformedPolicyDocumentException
- EntityAlreadyExistsException
- MalformedCertificateException
- CredentialReportExpiredException
- UnmodifiableEntityException
- DuplicateCertificateException
- DeleteConflictException
- NoSuchEntityException
- InvalidCertificateException
- PolicyNotAttachableException
- ServiceNotSupportedException
- UnrecognizedPublicKeyEncodingException
- InvalidUserTypeException
- ServiceFailureException
- InvalidInputException
- InvalidPublicKeyException
- InvalidAuthenticationCodeException
- EntityTemporarilyUnmodifiableException
- DuplicateSSHPublicKeyException
- KeyPairMismatchException
- PolicyEvaluationException
- PasswordPolicyViolationException
- LimitExceededException
- Waiters
- Operations
- GetContextKeysForPrincipalPolicy
- ListPolicies (Paginated)
- CreatePolicy
- ListInstanceProfilesForRole (Paginated)
- AttachGroupPolicy
- CreateAccessKey
- ListSSHPublicKeys (Paginated)
- ListOpenIdConnectProviders
- CreateVirtualMFADevice
- DeleteAccountPasswordPolicy
- UpdateAccountPasswordPolicy
- AttachRolePolicy
- UpdateSSHPublicKey
- DeleteSSHPublicKey
- GetUserPolicy
- UpdateServiceSpecificCredential
- DeleteServiceSpecificCredential
- ListAttachedRolePolicies (Paginated)
- GetRole
- DeactivateMFADevice
- CreateOpenIdConnectProvider
- DeleteVirtualMFADevice
- ListRoles (Paginated)
- ListUserPolicies (Paginated)
- UploadSSHPublicKey
- SimulateCustomPolicy (Paginated)
- UpdateRole
- DeleteRole
- ListUsers (Paginated)
- UpdateOpenIdConnectProviderThumbprint
- PutUserPolicy
- GetSSHPublicKey
- DetachGroupPolicy
- GetOpenIdConnectProvider
- DeleteUserPolicy
- CreateRole
- ResetServiceSpecificCredential
- GetCredentialReport
- GetAccountSummary
- ListGroupPolicies (Paginated)
- DeletePolicyVersion
- DeleteInstanceProfile
- DetachRolePolicy
- RemoveRoleFromInstanceProfile
- CreatePolicyVersion
- CreateInstanceProfile
- CreateSAMLProvider
- GetAccountAuthorizationDetails (Paginated)
- GetServiceLinkedRoleDeletionStatus
- DeleteAccountAlias
- DetachUserPolicy
- RemoveUserFromGroup
- DeleteGroupPolicy
- PutGroupPolicy
- GetLoginProfile
- GetGroupPolicy
- ChangePassword
- ListServerCertificates (Paginated)
- DeleteServiceLinkedRole
- DeletePolicy
- UpdateAssumeRolePolicy
- GetInstanceProfile
- CreateLoginProfile
- GetSAMLProvider
- AddRoleToInstanceProfile
- ListGroupsForUser (Paginated)
- ListEntitiesForPolicy (Paginated)
- AddUserToGroup
- SimulatePrincipalPolicy (Paginated)
- GetPolicyVersion
- CreateServiceLinkedRole
- ListServiceSpecificCredentials
- DeleteOpenIdConnectProvider
- GetUser
- ListSigningCertificates (Paginated)
- DeleteSigningCertificate
- UpdateSigningCertificate
- ListAttachedUserPolicies (Paginated)
- RemoveClientIdFromOpenIdConnectProvider
- AttachUserPolicy
- CreateServiceSpecificCredential
- ListVirtualMFADevices (Paginated)
- ResyncMFADevice
- DeleteAccessKey
- UpdateAccessKey
- ListAccessKeys (Paginated)
- GetRolePolicy
- CreateUser
- PutRolePolicy
- GetContextKeysForCustomPolicy
- UploadSigningCertificate
- DeleteRolePolicy
- GetAccountPasswordPolicy
- GetAccessKeyLastUsed
- UpdateUser
- DeleteUser
- AddClientIdToOpenIdConnectProvider
- ListRolePolicies (Paginated)
- CreateAccountAlias
- ListInstanceProfiles (Paginated)
- EnableMFADevice
- ListAccountAliases (Paginated)
- DeleteSAMLProvider
- UpdateSAMLProvider
- CreateGroup
- ListMFADevices (Paginated)
- UploadServerCertificate
- SetDefaultPolicyVersion
- ListPolicyVersions (Paginated)
- UpdateRoleDescription
- ListSAMLProviders
- GetServerCertificate
- DeleteGroup
- UpdateGroup
- ListGroups (Paginated)
- GenerateCredentialReport
- GetPolicy
- UpdateLoginProfile
- DeleteLoginProfile
- GetGroup (Paginated)
- DeleteServerCertificate
- UpdateServerCertificate
- ListAttachedGroupPolicies (Paginated)
- Types
- AssignmentStatusType
- ContextKeyTypeEnum
- DeletionTaskStatusType
- EncodingType
- EntityType
- PolicyEvaluationDecisionType
- PolicyScopeType
- PolicySourceType
- ReportFormatType
- ReportStateType
- StatusType
- SummaryKeyType
- AccessKeyInfo
- AccessKeyLastUsed
- AccessKeyMetadata
- AttachedPolicy
- ContextEntry
- DeletionTaskFailureReasonType
- EvaluationResult
- GetContextKeysForPolicyResponse
- Group
- GroupDetail
- InstanceProfile
- LoginProfile
- MFADevice
- ManagedPolicyDetail
- OpenIdConnectProviderListEntry
- OrganizationsDecisionDetail
- PasswordPolicy
- Policy
- PolicyDetail
- PolicyGroup
- PolicyRole
- PolicyUser
- PolicyVersion
- Position
- ResourceSpecificResult
- Role
- RoleDetail
- RoleUsageType
- SAMLProviderListEntry
- SSHPublicKey
- SSHPublicKeyMetadata
- ServerCertificate
- ServerCertificateMetadata
- ServiceSpecificCredential
- ServiceSpecificCredentialMetadata
- SigningCertificate
- SimulatePolicyResponse
- Statement
- User
- UserDetail
- VirtualMFADevice
Description
AWS Identity and Access Management
AWS Identity and Access Management (IAM) is a web service that you can use to manage users and user permissions under your AWS account. This guide provides descriptions of IAM actions that you can call programmatically. For general information about IAM, see AWS Identity and Access Management (IAM) . For the user guide for IAM, see Using IAM .
We recommend that you use the AWS SDKs to make programmatic API calls to IAM. However, you can also use the IAM Query API to make direct calls to the IAM web service. To learn more about the IAM Query API, see Making Query Requests in the Using IAM guide. IAM supports GET and POST requests for all actions. That is, the API does not require you to use GET for some actions and POST for others. However, GET requests are subject to the limitation size of a URL. Therefore, for operations that require larger sizes, use a POST request.
Signing Requests
Requests must be signed using an access key ID and a secret access key. We strongly recommend that you do not use your AWS account access key ID and secret access key for everyday work with IAM. You can use the access key ID and secret access key for an IAM user or you can use the AWS Security Token Service to generate temporary security credentials and use those to sign requests.
To sign requests, we recommend that you use Signature Version 4 . If you have an existing application that uses Signature Version 2, you do not have to update it to use Signature Version 4. However, some operations now require Signature Version 4. The documentation for operations that require version 4 indicate this requirement.
Additional Resources
For more information, see the following:
- AWS Security Credentials . This topic provides general information about the types of credentials used for accessing AWS.
- IAM Best Practices . This topic presents a list of suggestions for using the IAM service to help secure your AWS resources.
- Signing AWS API Requests . This set of topics walk you through the process of signing a request using an access key ID and secret access key.
Synopsis
- iam :: Service
- _CredentialReportNotPresentException :: AsError a => Getting (First ServiceError) a ServiceError
- _CredentialReportNotReadyException :: AsError a => Getting (First ServiceError) a ServiceError
- _MalformedPolicyDocumentException :: AsError a => Getting (First ServiceError) a ServiceError
- _EntityAlreadyExistsException :: AsError a => Getting (First ServiceError) a ServiceError
- _MalformedCertificateException :: AsError a => Getting (First ServiceError) a ServiceError
- _CredentialReportExpiredException :: AsError a => Getting (First ServiceError) a ServiceError
- _UnmodifiableEntityException :: AsError a => Getting (First ServiceError) a ServiceError
- _DuplicateCertificateException :: AsError a => Getting (First ServiceError) a ServiceError
- _DeleteConflictException :: AsError a => Getting (First ServiceError) a ServiceError
- _NoSuchEntityException :: AsError a => Getting (First ServiceError) a ServiceError
- _InvalidCertificateException :: AsError a => Getting (First ServiceError) a ServiceError
- _PolicyNotAttachableException :: AsError a => Getting (First ServiceError) a ServiceError
- _ServiceNotSupportedException :: AsError a => Getting (First ServiceError) a ServiceError
- _UnrecognizedPublicKeyEncodingException :: AsError a => Getting (First ServiceError) a ServiceError
- _InvalidUserTypeException :: AsError a => Getting (First ServiceError) a ServiceError
- _ServiceFailureException :: AsError a => Getting (First ServiceError) a ServiceError
- _InvalidInputException :: AsError a => Getting (First ServiceError) a ServiceError
- _InvalidPublicKeyException :: AsError a => Getting (First ServiceError) a ServiceError
- _InvalidAuthenticationCodeException :: AsError a => Getting (First ServiceError) a ServiceError
- _EntityTemporarilyUnmodifiableException :: AsError a => Getting (First ServiceError) a ServiceError
- _DuplicateSSHPublicKeyException :: AsError a => Getting (First ServiceError) a ServiceError
- _KeyPairMismatchException :: AsError a => Getting (First ServiceError) a ServiceError
- _PolicyEvaluationException :: AsError a => Getting (First ServiceError) a ServiceError
- _PasswordPolicyViolationException :: AsError a => Getting (First ServiceError) a ServiceError
- _LimitExceededException :: AsError a => Getting (First ServiceError) a ServiceError
- instanceProfileExists :: Wait GetInstanceProfile
- userExists :: Wait GetUser
- module Network.AWS.IAM.GetContextKeysForPrincipalPolicy
- module Network.AWS.IAM.ListPolicies
- module Network.AWS.IAM.CreatePolicy
- module Network.AWS.IAM.ListInstanceProfilesForRole
- module Network.AWS.IAM.AttachGroupPolicy
- module Network.AWS.IAM.CreateAccessKey
- module Network.AWS.IAM.ListSSHPublicKeys
- module Network.AWS.IAM.ListOpenIdConnectProviders
- module Network.AWS.IAM.CreateVirtualMFADevice
- module Network.AWS.IAM.DeleteAccountPasswordPolicy
- module Network.AWS.IAM.UpdateAccountPasswordPolicy
- module Network.AWS.IAM.AttachRolePolicy
- module Network.AWS.IAM.UpdateSSHPublicKey
- module Network.AWS.IAM.DeleteSSHPublicKey
- module Network.AWS.IAM.GetUserPolicy
- module Network.AWS.IAM.UpdateServiceSpecificCredential
- module Network.AWS.IAM.DeleteServiceSpecificCredential
- module Network.AWS.IAM.ListAttachedRolePolicies
- module Network.AWS.IAM.GetRole
- module Network.AWS.IAM.DeactivateMFADevice
- module Network.AWS.IAM.CreateOpenIdConnectProvider
- module Network.AWS.IAM.DeleteVirtualMFADevice
- module Network.AWS.IAM.ListRoles
- module Network.AWS.IAM.ListUserPolicies
- module Network.AWS.IAM.UploadSSHPublicKey
- module Network.AWS.IAM.SimulateCustomPolicy
- module Network.AWS.IAM.UpdateRole
- module Network.AWS.IAM.DeleteRole
- module Network.AWS.IAM.ListUsers
- module Network.AWS.IAM.UpdateOpenIdConnectProviderThumbprint
- module Network.AWS.IAM.PutUserPolicy
- module Network.AWS.IAM.GetSSHPublicKey
- module Network.AWS.IAM.DetachGroupPolicy
- module Network.AWS.IAM.GetOpenIdConnectProvider
- module Network.AWS.IAM.DeleteUserPolicy
- module Network.AWS.IAM.CreateRole
- module Network.AWS.IAM.ResetServiceSpecificCredential
- module Network.AWS.IAM.GetCredentialReport
- module Network.AWS.IAM.GetAccountSummary
- module Network.AWS.IAM.ListGroupPolicies
- module Network.AWS.IAM.DeletePolicyVersion
- module Network.AWS.IAM.DeleteInstanceProfile
- module Network.AWS.IAM.DetachRolePolicy
- module Network.AWS.IAM.RemoveRoleFromInstanceProfile
- module Network.AWS.IAM.CreatePolicyVersion
- module Network.AWS.IAM.CreateInstanceProfile
- module Network.AWS.IAM.CreateSAMLProvider
- module Network.AWS.IAM.GetAccountAuthorizationDetails
- module Network.AWS.IAM.GetServiceLinkedRoleDeletionStatus
- module Network.AWS.IAM.DeleteAccountAlias
- module Network.AWS.IAM.DetachUserPolicy
- module Network.AWS.IAM.RemoveUserFromGroup
- module Network.AWS.IAM.DeleteGroupPolicy
- module Network.AWS.IAM.PutGroupPolicy
- module Network.AWS.IAM.GetLoginProfile
- module Network.AWS.IAM.GetGroupPolicy
- module Network.AWS.IAM.ChangePassword
- module Network.AWS.IAM.ListServerCertificates
- module Network.AWS.IAM.DeleteServiceLinkedRole
- module Network.AWS.IAM.DeletePolicy
- module Network.AWS.IAM.UpdateAssumeRolePolicy
- module Network.AWS.IAM.GetInstanceProfile
- module Network.AWS.IAM.CreateLoginProfile
- module Network.AWS.IAM.GetSAMLProvider
- module Network.AWS.IAM.AddRoleToInstanceProfile
- module Network.AWS.IAM.ListGroupsForUser
- module Network.AWS.IAM.ListEntitiesForPolicy
- module Network.AWS.IAM.AddUserToGroup
- module Network.AWS.IAM.SimulatePrincipalPolicy
- module Network.AWS.IAM.GetPolicyVersion
- module Network.AWS.IAM.CreateServiceLinkedRole
- module Network.AWS.IAM.ListServiceSpecificCredentials
- module Network.AWS.IAM.DeleteOpenIdConnectProvider
- module Network.AWS.IAM.GetUser
- module Network.AWS.IAM.ListSigningCertificates
- module Network.AWS.IAM.DeleteSigningCertificate
- module Network.AWS.IAM.UpdateSigningCertificate
- module Network.AWS.IAM.ListAttachedUserPolicies
- module Network.AWS.IAM.RemoveClientIdFromOpenIdConnectProvider
- module Network.AWS.IAM.AttachUserPolicy
- module Network.AWS.IAM.CreateServiceSpecificCredential
- module Network.AWS.IAM.ListVirtualMFADevices
- module Network.AWS.IAM.ResyncMFADevice
- module Network.AWS.IAM.DeleteAccessKey
- module Network.AWS.IAM.UpdateAccessKey
- module Network.AWS.IAM.ListAccessKeys
- module Network.AWS.IAM.GetRolePolicy
- module Network.AWS.IAM.CreateUser
- module Network.AWS.IAM.PutRolePolicy
- module Network.AWS.IAM.GetContextKeysForCustomPolicy
- module Network.AWS.IAM.UploadSigningCertificate
- module Network.AWS.IAM.DeleteRolePolicy
- module Network.AWS.IAM.GetAccountPasswordPolicy
- module Network.AWS.IAM.GetAccessKeyLastUsed
- module Network.AWS.IAM.UpdateUser
- module Network.AWS.IAM.DeleteUser
- module Network.AWS.IAM.AddClientIdToOpenIdConnectProvider
- module Network.AWS.IAM.ListRolePolicies
- module Network.AWS.IAM.CreateAccountAlias
- module Network.AWS.IAM.ListInstanceProfiles
- module Network.AWS.IAM.EnableMFADevice
- module Network.AWS.IAM.ListAccountAliases
- module Network.AWS.IAM.DeleteSAMLProvider
- module Network.AWS.IAM.UpdateSAMLProvider
- module Network.AWS.IAM.CreateGroup
- module Network.AWS.IAM.ListMFADevices
- module Network.AWS.IAM.UploadServerCertificate
- module Network.AWS.IAM.SetDefaultPolicyVersion
- module Network.AWS.IAM.ListPolicyVersions
- module Network.AWS.IAM.UpdateRoleDescription
- module Network.AWS.IAM.ListSAMLProviders
- module Network.AWS.IAM.GetServerCertificate
- module Network.AWS.IAM.DeleteGroup
- module Network.AWS.IAM.UpdateGroup
- module Network.AWS.IAM.ListGroups
- module Network.AWS.IAM.GenerateCredentialReport
- module Network.AWS.IAM.GetPolicy
- module Network.AWS.IAM.UpdateLoginProfile
- module Network.AWS.IAM.DeleteLoginProfile
- module Network.AWS.IAM.GetGroup
- module Network.AWS.IAM.DeleteServerCertificate
- module Network.AWS.IAM.UpdateServerCertificate
- module Network.AWS.IAM.ListAttachedGroupPolicies
- data AssignmentStatusType
- = Any
- | Assigned
- | Unassigned
- data ContextKeyTypeEnum
- = Binary
- | BinaryList
- | Boolean
- | BooleanList
- | Date
- | DateList
- | IP
- | IPList
- | Numeric
- | NumericList
- | String
- | StringList
- data DeletionTaskStatusType
- data EncodingType
- data EntityType
- data PolicyEvaluationDecisionType
- data PolicyScopeType
- data PolicySourceType
- = AWSManaged
- | Group
- | None
- | Resource
- | Role
- | User
- | UserManaged
- data ReportFormatType = TextCSV
- data ReportStateType
- data StatusType
- data SummaryKeyType
- = AccessKeysPerUserQuota
- | AccountAccessKeysPresent
- | AccountMFAEnabled
- | AccountSigningCertificatesPresent
- | AttachedPoliciesPerGroupQuota
- | AttachedPoliciesPerRoleQuota
- | AttachedPoliciesPerUserQuota
- | GroupPolicySizeQuota
- | Groups
- | GroupsPerUserQuota
- | GroupsQuota
- | MFADevices
- | MFADevicesInUse
- | Policies
- | PoliciesQuota
- | PolicySizeQuota
- | PolicyVersionsInUse
- | PolicyVersionsInUseQuota
- | ServerCertificates
- | ServerCertificatesQuota
- | SigningCertificatesPerUserQuota
- | UserPolicySizeQuota
- | Users
- | UsersQuota
- | VersionsPerPolicyQuota
- data AccessKeyInfo
- accessKeyInfo :: Text -> AccessKey -> StatusType -> Text -> AccessKeyInfo
- akiCreateDate :: Lens' AccessKeyInfo (Maybe UTCTime)
- akiUserName :: Lens' AccessKeyInfo Text
- akiAccessKeyId :: Lens' AccessKeyInfo AccessKey
- akiStatus :: Lens' AccessKeyInfo StatusType
- akiSecretAccessKey :: Lens' AccessKeyInfo Text
- data AccessKeyLastUsed
- accessKeyLastUsed :: UTCTime -> Text -> Text -> AccessKeyLastUsed
- akluLastUsedDate :: Lens' AccessKeyLastUsed UTCTime
- akluServiceName :: Lens' AccessKeyLastUsed Text
- akluRegion :: Lens' AccessKeyLastUsed Text
- data AccessKeyMetadata
- accessKeyMetadata :: AccessKeyMetadata
- akmStatus :: Lens' AccessKeyMetadata (Maybe StatusType)
- akmCreateDate :: Lens' AccessKeyMetadata (Maybe UTCTime)
- akmUserName :: Lens' AccessKeyMetadata (Maybe Text)
- akmAccessKeyId :: Lens' AccessKeyMetadata (Maybe AccessKey)
- data AttachedPolicy
- attachedPolicy :: AttachedPolicy
- apPolicyName :: Lens' AttachedPolicy (Maybe Text)
- apPolicyARN :: Lens' AttachedPolicy (Maybe Text)
- data ContextEntry
- contextEntry :: ContextEntry
- ceContextKeyValues :: Lens' ContextEntry [Text]
- ceContextKeyName :: Lens' ContextEntry (Maybe Text)
- ceContextKeyType :: Lens' ContextEntry (Maybe ContextKeyTypeEnum)
- data DeletionTaskFailureReasonType
- deletionTaskFailureReasonType :: DeletionTaskFailureReasonType
- dtfrtRoleUsageList :: Lens' DeletionTaskFailureReasonType [RoleUsageType]
- dtfrtReason :: Lens' DeletionTaskFailureReasonType (Maybe Text)
- data EvaluationResult
- evaluationResult :: Text -> PolicyEvaluationDecisionType -> EvaluationResult
- erMatchedStatements :: Lens' EvaluationResult [Statement]
- erEvalDecisionDetails :: Lens' EvaluationResult (HashMap Text PolicyEvaluationDecisionType)
- erResourceSpecificResults :: Lens' EvaluationResult [ResourceSpecificResult]
- erEvalResourceName :: Lens' EvaluationResult (Maybe Text)
- erMissingContextValues :: Lens' EvaluationResult [Text]
- erOrganizationsDecisionDetail :: Lens' EvaluationResult (Maybe OrganizationsDecisionDetail)
- erEvalActionName :: Lens' EvaluationResult Text
- erEvalDecision :: Lens' EvaluationResult PolicyEvaluationDecisionType
- data GetContextKeysForPolicyResponse
- getContextKeysForPolicyResponse :: GetContextKeysForPolicyResponse
- gckfpContextKeyNames :: Lens' GetContextKeysForPolicyResponse [Text]
- data Group
- group' :: Text -> Text -> Text -> Text -> UTCTime -> Group
- gPath :: Lens' Group Text
- gGroupName :: Lens' Group Text
- gGroupId :: Lens' Group Text
- gARN :: Lens' Group Text
- gCreateDate :: Lens' Group UTCTime
- data GroupDetail
- groupDetail :: GroupDetail
- gdARN :: Lens' GroupDetail (Maybe Text)
- gdPath :: Lens' GroupDetail (Maybe Text)
- gdCreateDate :: Lens' GroupDetail (Maybe UTCTime)
- gdGroupId :: Lens' GroupDetail (Maybe Text)
- gdGroupPolicyList :: Lens' GroupDetail [PolicyDetail]
- gdGroupName :: Lens' GroupDetail (Maybe Text)
- gdAttachedManagedPolicies :: Lens' GroupDetail [AttachedPolicy]
- data InstanceProfile
- instanceProfile :: Text -> Text -> Text -> Text -> UTCTime -> InstanceProfile
- ipPath :: Lens' InstanceProfile Text
- ipInstanceProfileName :: Lens' InstanceProfile Text
- ipInstanceProfileId :: Lens' InstanceProfile Text
- ipARN :: Lens' InstanceProfile Text
- ipCreateDate :: Lens' InstanceProfile UTCTime
- ipRoles :: Lens' InstanceProfile [Role]
- data LoginProfile
- loginProfile :: Text -> UTCTime -> LoginProfile
- lpPasswordResetRequired :: Lens' LoginProfile (Maybe Bool)
- lpUserName :: Lens' LoginProfile Text
- lpCreateDate :: Lens' LoginProfile UTCTime
- data MFADevice
- mfaDevice :: Text -> Text -> UTCTime -> MFADevice
- mdUserName :: Lens' MFADevice Text
- mdSerialNumber :: Lens' MFADevice Text
- mdEnableDate :: Lens' MFADevice UTCTime
- data ManagedPolicyDetail
- managedPolicyDetail :: ManagedPolicyDetail
- mpdPolicyName :: Lens' ManagedPolicyDetail (Maybe Text)
- mpdARN :: Lens' ManagedPolicyDetail (Maybe Text)
- mpdUpdateDate :: Lens' ManagedPolicyDetail (Maybe UTCTime)
- mpdPolicyId :: Lens' ManagedPolicyDetail (Maybe Text)
- mpdPath :: Lens' ManagedPolicyDetail (Maybe Text)
- mpdPolicyVersionList :: Lens' ManagedPolicyDetail [PolicyVersion]
- mpdCreateDate :: Lens' ManagedPolicyDetail (Maybe UTCTime)
- mpdIsAttachable :: Lens' ManagedPolicyDetail (Maybe Bool)
- mpdDefaultVersionId :: Lens' ManagedPolicyDetail (Maybe Text)
- mpdAttachmentCount :: Lens' ManagedPolicyDetail (Maybe Int)
- mpdDescription :: Lens' ManagedPolicyDetail (Maybe Text)
- data OpenIdConnectProviderListEntry
- openIdConnectProviderListEntry :: OpenIdConnectProviderListEntry
- oicpleARN :: Lens' OpenIdConnectProviderListEntry (Maybe Text)
- data OrganizationsDecisionDetail
- organizationsDecisionDetail :: OrganizationsDecisionDetail
- oddAllowedByOrganizations :: Lens' OrganizationsDecisionDetail (Maybe Bool)
- data PasswordPolicy
- passwordPolicy :: PasswordPolicy
- ppExpirePasswords :: Lens' PasswordPolicy (Maybe Bool)
- ppMinimumPasswordLength :: Lens' PasswordPolicy (Maybe Natural)
- ppRequireNumbers :: Lens' PasswordPolicy (Maybe Bool)
- ppPasswordReusePrevention :: Lens' PasswordPolicy (Maybe Natural)
- ppRequireLowercaseCharacters :: Lens' PasswordPolicy (Maybe Bool)
- ppMaxPasswordAge :: Lens' PasswordPolicy (Maybe Natural)
- ppHardExpiry :: Lens' PasswordPolicy (Maybe Bool)
- ppRequireSymbols :: Lens' PasswordPolicy (Maybe Bool)
- ppRequireUppercaseCharacters :: Lens' PasswordPolicy (Maybe Bool)
- ppAllowUsersToChangePassword :: Lens' PasswordPolicy (Maybe Bool)
- data Policy
- policy :: Policy
- pPolicyName :: Lens' Policy (Maybe Text)
- pARN :: Lens' Policy (Maybe Text)
- pUpdateDate :: Lens' Policy (Maybe UTCTime)
- pPolicyId :: Lens' Policy (Maybe Text)
- pPath :: Lens' Policy (Maybe Text)
- pCreateDate :: Lens' Policy (Maybe UTCTime)
- pIsAttachable :: Lens' Policy (Maybe Bool)
- pDefaultVersionId :: Lens' Policy (Maybe Text)
- pAttachmentCount :: Lens' Policy (Maybe Int)
- pDescription :: Lens' Policy (Maybe Text)
- data PolicyDetail
- policyDetail :: PolicyDetail
- pdPolicyDocument :: Lens' PolicyDetail (Maybe Text)
- pdPolicyName :: Lens' PolicyDetail (Maybe Text)
- data PolicyGroup
- policyGroup :: PolicyGroup
- pgGroupId :: Lens' PolicyGroup (Maybe Text)
- pgGroupName :: Lens' PolicyGroup (Maybe Text)
- data PolicyRole
- policyRole :: PolicyRole
- prRoleName :: Lens' PolicyRole (Maybe Text)
- prRoleId :: Lens' PolicyRole (Maybe Text)
- data PolicyUser
- policyUser :: PolicyUser
- puUserName :: Lens' PolicyUser (Maybe Text)
- puUserId :: Lens' PolicyUser (Maybe Text)
- data PolicyVersion
- policyVersion :: PolicyVersion
- pvVersionId :: Lens' PolicyVersion (Maybe Text)
- pvCreateDate :: Lens' PolicyVersion (Maybe UTCTime)
- pvDocument :: Lens' PolicyVersion (Maybe Text)
- pvIsDefaultVersion :: Lens' PolicyVersion (Maybe Bool)
- data Position
- position :: Position
- pLine :: Lens' Position (Maybe Int)
- pColumn :: Lens' Position (Maybe Int)
- data ResourceSpecificResult
- resourceSpecificResult :: Text -> PolicyEvaluationDecisionType -> ResourceSpecificResult
- rsrMatchedStatements :: Lens' ResourceSpecificResult [Statement]
- rsrEvalDecisionDetails :: Lens' ResourceSpecificResult (HashMap Text PolicyEvaluationDecisionType)
- rsrMissingContextValues :: Lens' ResourceSpecificResult [Text]
- rsrEvalResourceName :: Lens' ResourceSpecificResult Text
- rsrEvalResourceDecision :: Lens' ResourceSpecificResult PolicyEvaluationDecisionType
- data Role
- role' :: Text -> Text -> Text -> Text -> UTCTime -> Role
- rMaxSessionDuration :: Lens' Role (Maybe Natural)
- rAssumeRolePolicyDocument :: Lens' Role (Maybe Text)
- rDescription :: Lens' Role (Maybe Text)
- rPath :: Lens' Role Text
- rRoleName :: Lens' Role Text
- rRoleId :: Lens' Role Text
- rARN :: Lens' Role Text
- rCreateDate :: Lens' Role UTCTime
- data RoleDetail
- roleDetail :: RoleDetail
- rdAssumeRolePolicyDocument :: Lens' RoleDetail (Maybe Text)
- rdARN :: Lens' RoleDetail (Maybe Text)
- rdPath :: Lens' RoleDetail (Maybe Text)
- rdInstanceProfileList :: Lens' RoleDetail [InstanceProfile]
- rdCreateDate :: Lens' RoleDetail (Maybe UTCTime)
- rdRoleName :: Lens' RoleDetail (Maybe Text)
- rdRoleId :: Lens' RoleDetail (Maybe Text)
- rdRolePolicyList :: Lens' RoleDetail [PolicyDetail]
- rdAttachedManagedPolicies :: Lens' RoleDetail [AttachedPolicy]
- data RoleUsageType
- roleUsageType :: RoleUsageType
- rutResources :: Lens' RoleUsageType [Text]
- rutRegion :: Lens' RoleUsageType (Maybe Text)
- data SAMLProviderListEntry
- sAMLProviderListEntry :: SAMLProviderListEntry
- samlpleARN :: Lens' SAMLProviderListEntry (Maybe Text)
- samlpleCreateDate :: Lens' SAMLProviderListEntry (Maybe UTCTime)
- samlpleValidUntil :: Lens' SAMLProviderListEntry (Maybe UTCTime)
- data SSHPublicKey
- sshPublicKey :: Text -> Text -> Text -> Text -> StatusType -> SSHPublicKey
- spkUploadDate :: Lens' SSHPublicKey (Maybe UTCTime)
- spkUserName :: Lens' SSHPublicKey Text
- spkSSHPublicKeyId :: Lens' SSHPublicKey Text
- spkFingerprint :: Lens' SSHPublicKey Text
- spkSSHPublicKeyBody :: Lens' SSHPublicKey Text
- spkStatus :: Lens' SSHPublicKey StatusType
- data SSHPublicKeyMetadata
- sshPublicKeyMetadata :: Text -> Text -> StatusType -> UTCTime -> SSHPublicKeyMetadata
- spkmUserName :: Lens' SSHPublicKeyMetadata Text
- spkmSSHPublicKeyId :: Lens' SSHPublicKeyMetadata Text
- spkmStatus :: Lens' SSHPublicKeyMetadata StatusType
- spkmUploadDate :: Lens' SSHPublicKeyMetadata UTCTime
- data ServerCertificate
- serverCertificate :: ServerCertificateMetadata -> Text -> ServerCertificate
- sCertificateChain :: Lens' ServerCertificate (Maybe Text)
- sServerCertificateMetadata :: Lens' ServerCertificate ServerCertificateMetadata
- sCertificateBody :: Lens' ServerCertificate Text
- data ServerCertificateMetadata
- serverCertificateMetadata :: Text -> Text -> Text -> Text -> ServerCertificateMetadata
- scmUploadDate :: Lens' ServerCertificateMetadata (Maybe UTCTime)
- scmExpiration :: Lens' ServerCertificateMetadata (Maybe UTCTime)
- scmPath :: Lens' ServerCertificateMetadata Text
- scmServerCertificateName :: Lens' ServerCertificateMetadata Text
- scmServerCertificateId :: Lens' ServerCertificateMetadata Text
- scmARN :: Lens' ServerCertificateMetadata Text
- data ServiceSpecificCredential
- serviceSpecificCredential :: UTCTime -> Text -> Text -> Text -> Text -> Text -> StatusType -> ServiceSpecificCredential
- sscCreateDate :: Lens' ServiceSpecificCredential UTCTime
- sscServiceName :: Lens' ServiceSpecificCredential Text
- sscServiceUserName :: Lens' ServiceSpecificCredential Text
- sscServicePassword :: Lens' ServiceSpecificCredential Text
- sscServiceSpecificCredentialId :: Lens' ServiceSpecificCredential Text
- sscUserName :: Lens' ServiceSpecificCredential Text
- sscStatus :: Lens' ServiceSpecificCredential StatusType
- data ServiceSpecificCredentialMetadata
- serviceSpecificCredentialMetadata :: Text -> StatusType -> Text -> UTCTime -> Text -> Text -> ServiceSpecificCredentialMetadata
- sscmUserName :: Lens' ServiceSpecificCredentialMetadata Text
- sscmStatus :: Lens' ServiceSpecificCredentialMetadata StatusType
- sscmServiceUserName :: Lens' ServiceSpecificCredentialMetadata Text
- sscmCreateDate :: Lens' ServiceSpecificCredentialMetadata UTCTime
- sscmServiceSpecificCredentialId :: Lens' ServiceSpecificCredentialMetadata Text
- sscmServiceName :: Lens' ServiceSpecificCredentialMetadata Text
- data SigningCertificate
- signingCertificate :: Text -> Text -> Text -> StatusType -> SigningCertificate
- scUploadDate :: Lens' SigningCertificate (Maybe UTCTime)
- scUserName :: Lens' SigningCertificate Text
- scCertificateId :: Lens' SigningCertificate Text
- scCertificateBody :: Lens' SigningCertificate Text
- scStatus :: Lens' SigningCertificate StatusType
- data SimulatePolicyResponse
- simulatePolicyResponse :: SimulatePolicyResponse
- spEvaluationResults :: Lens' SimulatePolicyResponse [EvaluationResult]
- spMarker :: Lens' SimulatePolicyResponse (Maybe Text)
- spIsTruncated :: Lens' SimulatePolicyResponse (Maybe Bool)
- data Statement
- statement :: Statement
- sSourcePolicyType :: Lens' Statement (Maybe PolicySourceType)
- sSourcePolicyId :: Lens' Statement (Maybe Text)
- sEndPosition :: Lens' Statement (Maybe Position)
- sStartPosition :: Lens' Statement (Maybe Position)
- data User
- user :: Text -> Text -> Text -> Text -> UTCTime -> User
- uPasswordLastUsed :: Lens' User (Maybe UTCTime)
- uPath :: Lens' User Text
- uUserName :: Lens' User Text
- uUserId :: Lens' User Text
- uARN :: Lens' User Text
- uCreateDate :: Lens' User UTCTime
- data UserDetail
- userDetail :: UserDetail
- udGroupList :: Lens' UserDetail [Text]
- udARN :: Lens' UserDetail (Maybe Text)
- udPath :: Lens' UserDetail (Maybe Text)
- udCreateDate :: Lens' UserDetail (Maybe UTCTime)
- udUserName :: Lens' UserDetail (Maybe Text)
- udUserId :: Lens' UserDetail (Maybe Text)
- udUserPolicyList :: Lens' UserDetail [PolicyDetail]
- udAttachedManagedPolicies :: Lens' UserDetail [AttachedPolicy]
- data VirtualMFADevice
- virtualMFADevice :: Text -> VirtualMFADevice
- vmdQRCodePNG :: Lens' VirtualMFADevice (Maybe ByteString)
- vmdBase32StringSeed :: Lens' VirtualMFADevice (Maybe ByteString)
- vmdUser :: Lens' VirtualMFADevice (Maybe User)
- vmdEnableDate :: Lens' VirtualMFADevice (Maybe UTCTime)
- vmdSerialNumber :: Lens' VirtualMFADevice Text
Service Configuration
API version 2010-05-08
of the Amazon Identity and Access Management SDK configuration.
Errors
Error matchers are designed for use with the functions provided by
Control.Exception.Lens.
This allows catching (and rethrowing) service specific errors returned
by IAM
.
CredentialReportNotPresentException
_CredentialReportNotPresentException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The request was rejected because the credential report does not exist. To generate a credential report, use GenerateCredentialReport
.
CredentialReportNotReadyException
_CredentialReportNotReadyException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The request was rejected because the credential report is still being generated.
MalformedPolicyDocumentException
_MalformedPolicyDocumentException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The request was rejected because the policy document was malformed. The error message describes the specific error.
EntityAlreadyExistsException
_EntityAlreadyExistsException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The request was rejected because it attempted to create a resource that already exists.
MalformedCertificateException
_MalformedCertificateException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The request was rejected because the certificate was malformed or expired. The error message describes the specific error.
CredentialReportExpiredException
_CredentialReportExpiredException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The request was rejected because the most recent credential report has expired. To generate a new credential report, use GenerateCredentialReport
. For more information about credential report expiration, see Getting Credential Reports in the IAM User Guide .
UnmodifiableEntityException
_UnmodifiableEntityException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The request was rejected because only the service that depends on the service-linked role can modify or delete the role on your behalf. The error message includes the name of the service that depends on this service-linked role. You must request the change through that service.
DuplicateCertificateException
_DuplicateCertificateException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The request was rejected because the same certificate is associated with an IAM user in the account.
DeleteConflictException
_DeleteConflictException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The request was rejected because it attempted to delete a resource that has attached subordinate entities. The error message describes these entities.
NoSuchEntityException
_NoSuchEntityException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The request was rejected because it referenced an entity that does not exist. The error message describes the entity.
InvalidCertificateException
_InvalidCertificateException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The request was rejected because the certificate is invalid.
PolicyNotAttachableException
_PolicyNotAttachableException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The request failed because AWS service role policies can only be attached to the service-linked role for that service.
ServiceNotSupportedException
_ServiceNotSupportedException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The specified service does not support service-specific credentials.
UnrecognizedPublicKeyEncodingException
_UnrecognizedPublicKeyEncodingException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The request was rejected because the public key encoding format is unsupported or unrecognized.
InvalidUserTypeException
_InvalidUserTypeException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The request was rejected because the type of user for the transaction was incorrect.
ServiceFailureException
_ServiceFailureException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The request processing has failed because of an unknown error, exception or failure.
InvalidInputException
_InvalidInputException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The request was rejected because an invalid or out-of-range value was supplied for an input parameter.
InvalidPublicKeyException
_InvalidPublicKeyException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The request was rejected because the public key is malformed or otherwise invalid.
InvalidAuthenticationCodeException
_InvalidAuthenticationCodeException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The request was rejected because the authentication code was not recognized. The error message describes the specific error.
EntityTemporarilyUnmodifiableException
_EntityTemporarilyUnmodifiableException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The request was rejected because it referenced an entity that is temporarily unmodifiable, such as a user name that was deleted and then recreated. The error indicates that the request is likely to succeed if you try again after waiting several minutes. The error message describes the entity.
DuplicateSSHPublicKeyException
_DuplicateSSHPublicKeyException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The request was rejected because the SSH public key is already associated with the specified IAM user.
KeyPairMismatchException
_KeyPairMismatchException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The request was rejected because the public key certificate and the private key do not match.
PolicyEvaluationException
_PolicyEvaluationException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The request failed because a provided policy could not be successfully evaluated. An additional detailed message indicates the source of the failure.
PasswordPolicyViolationException
_PasswordPolicyViolationException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The request was rejected because the provided password did not meet the requirements imposed by the account password policy.
LimitExceededException
_LimitExceededException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The request was rejected because it attempted to create resources beyond the current AWS account limits. The error message describes the limit exceeded.
Waiters
Waiters poll by repeatedly sending a request until some remote success condition
configured by the Wait
specification is fulfilled. The Wait
specification
determines how many attempts should be made, in addition to delay and retry strategies.
InstanceProfileExists
instanceProfileExists :: Wait GetInstanceProfile Source #
Polls GetInstanceProfile
every 1 seconds until a successful state is reached. An error is returned after 40 failed checks.
UserExists
userExists :: Wait GetUser Source #
Polls GetUser
every 1 seconds until a successful state is reached. An error is returned after 20 failed checks.
Operations
Some AWS operations return results that are incomplete and require subsequent
requests in order to obtain the entire result set. The process of sending
subsequent requests to continue where a previous request left off is called
pagination. For example, the ListObjects
operation of Amazon S3 returns up to
1000 objects at a time, and you must send subsequent requests with the
appropriate Marker in order to retrieve the next page of results.
Operations that have an AWSPager
instance can transparently perform subsequent
requests, correctly setting Markers and other request facets to iterate through
the entire result set of a truncated API operation. Operations which support
this have an additional note in the documentation.
Many operations have the ability to filter results on the server side. See the individual operation parameters for details.
GetContextKeysForPrincipalPolicy
ListPolicies (Paginated)
module Network.AWS.IAM.ListPolicies
CreatePolicy
module Network.AWS.IAM.CreatePolicy
ListInstanceProfilesForRole (Paginated)
AttachGroupPolicy
CreateAccessKey
ListSSHPublicKeys (Paginated)
ListOpenIdConnectProviders
CreateVirtualMFADevice
DeleteAccountPasswordPolicy
UpdateAccountPasswordPolicy
AttachRolePolicy
UpdateSSHPublicKey
DeleteSSHPublicKey
GetUserPolicy
UpdateServiceSpecificCredential
DeleteServiceSpecificCredential
ListAttachedRolePolicies (Paginated)
GetRole
module Network.AWS.IAM.GetRole
DeactivateMFADevice
CreateOpenIdConnectProvider
DeleteVirtualMFADevice
ListRoles (Paginated)
module Network.AWS.IAM.ListRoles
ListUserPolicies (Paginated)
UploadSSHPublicKey
SimulateCustomPolicy (Paginated)
UpdateRole
module Network.AWS.IAM.UpdateRole
DeleteRole
module Network.AWS.IAM.DeleteRole
ListUsers (Paginated)
module Network.AWS.IAM.ListUsers
UpdateOpenIdConnectProviderThumbprint
PutUserPolicy
GetSSHPublicKey
DetachGroupPolicy
GetOpenIdConnectProvider
DeleteUserPolicy
CreateRole
module Network.AWS.IAM.CreateRole
ResetServiceSpecificCredential
GetCredentialReport
GetAccountSummary
ListGroupPolicies (Paginated)
DeletePolicyVersion
DeleteInstanceProfile
DetachRolePolicy
RemoveRoleFromInstanceProfile
CreatePolicyVersion
CreateInstanceProfile
CreateSAMLProvider
GetAccountAuthorizationDetails (Paginated)
GetServiceLinkedRoleDeletionStatus
DeleteAccountAlias
DetachUserPolicy
RemoveUserFromGroup
DeleteGroupPolicy
PutGroupPolicy
GetLoginProfile
GetGroupPolicy
ChangePassword
ListServerCertificates (Paginated)
DeleteServiceLinkedRole
DeletePolicy
module Network.AWS.IAM.DeletePolicy
UpdateAssumeRolePolicy
GetInstanceProfile
CreateLoginProfile
GetSAMLProvider
AddRoleToInstanceProfile
ListGroupsForUser (Paginated)
ListEntitiesForPolicy (Paginated)
AddUserToGroup
SimulatePrincipalPolicy (Paginated)
GetPolicyVersion
CreateServiceLinkedRole
ListServiceSpecificCredentials
DeleteOpenIdConnectProvider
GetUser
module Network.AWS.IAM.GetUser
ListSigningCertificates (Paginated)
DeleteSigningCertificate
UpdateSigningCertificate
ListAttachedUserPolicies (Paginated)
RemoveClientIdFromOpenIdConnectProvider
AttachUserPolicy
CreateServiceSpecificCredential
ListVirtualMFADevices (Paginated)
ResyncMFADevice
DeleteAccessKey
UpdateAccessKey
ListAccessKeys (Paginated)
GetRolePolicy
CreateUser
module Network.AWS.IAM.CreateUser
PutRolePolicy
GetContextKeysForCustomPolicy
UploadSigningCertificate
DeleteRolePolicy
GetAccountPasswordPolicy
GetAccessKeyLastUsed
UpdateUser
module Network.AWS.IAM.UpdateUser
DeleteUser
module Network.AWS.IAM.DeleteUser
AddClientIdToOpenIdConnectProvider
ListRolePolicies (Paginated)
CreateAccountAlias
ListInstanceProfiles (Paginated)
EnableMFADevice
ListAccountAliases (Paginated)
DeleteSAMLProvider
UpdateSAMLProvider
CreateGroup
module Network.AWS.IAM.CreateGroup
ListMFADevices (Paginated)
UploadServerCertificate
SetDefaultPolicyVersion
ListPolicyVersions (Paginated)
UpdateRoleDescription
ListSAMLProviders
GetServerCertificate
DeleteGroup
module Network.AWS.IAM.DeleteGroup
UpdateGroup
module Network.AWS.IAM.UpdateGroup
ListGroups (Paginated)
module Network.AWS.IAM.ListGroups
GenerateCredentialReport
GetPolicy
module Network.AWS.IAM.GetPolicy
UpdateLoginProfile
DeleteLoginProfile
GetGroup (Paginated)
module Network.AWS.IAM.GetGroup
DeleteServerCertificate
UpdateServerCertificate
ListAttachedGroupPolicies (Paginated)
Types
AssignmentStatusType
data AssignmentStatusType Source #
Constructors
Any | |
Assigned | |
Unassigned |
Instances
ContextKeyTypeEnum
data ContextKeyTypeEnum Source #
Constructors
Binary | |
BinaryList | |
Boolean | |
BooleanList | |
Date | |
DateList | |
IP | |
IPList | |
Numeric | |
NumericList | |
String | |
StringList |
Instances
DeletionTaskStatusType
data DeletionTaskStatusType Source #
Constructors
Failed | |
InProgress | |
NotStarted | |
Succeeded |
Instances
EncodingType
data EncodingType Source #
Instances
EntityType
data EntityType Source #
Constructors
ETAWSManagedPolicy | |
ETGroup | |
ETLocalManagedPolicy | |
ETRole | |
ETUser |
Instances
PolicyEvaluationDecisionType
data PolicyEvaluationDecisionType Source #
Constructors
Allowed | |
ExplicitDeny | |
ImplicitDeny |
Instances
PolicyScopeType
data PolicyScopeType Source #
Instances
PolicySourceType
data PolicySourceType Source #
Constructors
AWSManaged | |
Group | |
None | |
Resource | |
Role | |
User | |
UserManaged |
Instances
ReportFormatType
data ReportFormatType Source #
Constructors
TextCSV |
Instances
ReportStateType
data ReportStateType Source #
Constructors
RSTComplete | |
RSTInprogress | |
RSTStarted |
Instances
StatusType
data StatusType Source #
Instances
SummaryKeyType
data SummaryKeyType Source #
Constructors
Instances
AccessKeyInfo
data AccessKeyInfo Source #
Contains information about an AWS access key.
This data type is used as a response element in the CreateAccessKey
and ListAccessKeys
operations.
See: accessKeyInfo
smart constructor.
Instances
Arguments
:: Text | |
-> AccessKey | |
-> StatusType | |
-> Text | |
-> AccessKeyInfo |
Creates a value of AccessKeyInfo
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
akiCreateDate
- The date when the access key was created.akiUserName
- The name of the IAM user that the access key is associated with.akiAccessKeyId
- The ID for this access key.akiStatus
- The status of the access key.Active
means that the key is valid for API calls, whileInactive
means it is not.akiSecretAccessKey
- The secret key used to sign requests.
akiCreateDate :: Lens' AccessKeyInfo (Maybe UTCTime) Source #
The date when the access key was created.
akiUserName :: Lens' AccessKeyInfo Text Source #
The name of the IAM user that the access key is associated with.
akiAccessKeyId :: Lens' AccessKeyInfo AccessKey Source #
The ID for this access key.
akiStatus :: Lens' AccessKeyInfo StatusType Source #
The status of the access key. Active
means that the key is valid for API calls, while Inactive
means it is not.
akiSecretAccessKey :: Lens' AccessKeyInfo Text Source #
The secret key used to sign requests.
AccessKeyLastUsed
data AccessKeyLastUsed Source #
Contains information about the last time an AWS access key was used.
This data type is used as a response element in the GetAccessKeyLastUsed
operation.
See: accessKeyLastUsed
smart constructor.
Instances
Arguments
:: UTCTime | |
-> Text | |
-> Text | |
-> AccessKeyLastUsed |
Creates a value of AccessKeyLastUsed
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
akluLastUsedDate
- The date and time, in ISO 8601 date-time format , when the access key was most recently used. This field is null in the following situations: * The user does not have an access key. * An access key exists but has never been used, at least not since IAM started tracking this information on April 22nd, 2015. * There is no sign-in data associated with the userakluServiceName
- The name of the AWS service with which this access key was most recently used. This field displays "N/A" in the following situations: * The user does not have an access key. * An access key exists but has never been used, at least not since IAM started tracking this information on April 22nd, 2015. * There is no sign-in data associated with the userakluRegion
- The AWS region where this access key was most recently used. This field is displays "NA" in the following situations: * The user does not have an access key. * An access key exists but has never been used, at least not since IAM started tracking this information on April 22nd, 2015. * There is no sign-in data associated with the user For more information about AWS regions, see <http:docs.aws.amazon.comgenerallatestgr/rande.html Regions and Endpoints> in the Amazon Web Services General Reference.
akluLastUsedDate :: Lens' AccessKeyLastUsed UTCTime Source #
The date and time, in ISO 8601 date-time format , when the access key was most recently used. This field is null in the following situations: * The user does not have an access key. * An access key exists but has never been used, at least not since IAM started tracking this information on April 22nd, 2015. * There is no sign-in data associated with the user
akluServiceName :: Lens' AccessKeyLastUsed Text Source #
The name of the AWS service with which this access key was most recently used. This field displays "N/A" in the following situations: * The user does not have an access key. * An access key exists but has never been used, at least not since IAM started tracking this information on April 22nd, 2015. * There is no sign-in data associated with the user
akluRegion :: Lens' AccessKeyLastUsed Text Source #
The AWS region where this access key was most recently used. This field is displays "NA" in the following situations: * The user does not have an access key. * An access key exists but has never been used, at least not since IAM started tracking this information on April 22nd, 2015. * There is no sign-in data associated with the user For more information about AWS regions, see <http:docs.aws.amazon.comgenerallatestgr/rande.html Regions and Endpoints> in the Amazon Web Services General Reference.
AccessKeyMetadata
data AccessKeyMetadata Source #
Contains information about an AWS access key, without its secret key.
This data type is used as a response element in the ListAccessKeys
operation.
See: accessKeyMetadata
smart constructor.
Instances
accessKeyMetadata :: AccessKeyMetadata Source #
Creates a value of AccessKeyMetadata
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
akmStatus
- The status of the access key.Active
means the key is valid for API calls;Inactive
means it is not.akmCreateDate
- The date when the access key was created.akmUserName
- The name of the IAM user that the key is associated with.akmAccessKeyId
- The ID for this access key.
akmStatus :: Lens' AccessKeyMetadata (Maybe StatusType) Source #
The status of the access key. Active
means the key is valid for API calls; Inactive
means it is not.
akmCreateDate :: Lens' AccessKeyMetadata (Maybe UTCTime) Source #
The date when the access key was created.
akmUserName :: Lens' AccessKeyMetadata (Maybe Text) Source #
The name of the IAM user that the key is associated with.
akmAccessKeyId :: Lens' AccessKeyMetadata (Maybe AccessKey) Source #
The ID for this access key.
AttachedPolicy
data AttachedPolicy Source #
Contains information about an attached policy.
An attached policy is a managed policy that has been attached to a user, group, or role. This data type is used as a response element in the ListAttachedGroupPolicies
, ListAttachedRolePolicies
, ListAttachedUserPolicies
, and GetAccountAuthorizationDetails
operations.
For more information about managed policies, refer to Managed Policies and Inline Policies in the Using IAM guide.
See: attachedPolicy
smart constructor.
Instances
attachedPolicy :: AttachedPolicy Source #
Creates a value of AttachedPolicy
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
apPolicyName
- The friendly name of the attached policy.apPolicyARN
- Undocumented member.
apPolicyName :: Lens' AttachedPolicy (Maybe Text) Source #
The friendly name of the attached policy.
apPolicyARN :: Lens' AttachedPolicy (Maybe Text) Source #
Undocumented member.
ContextEntry
data ContextEntry Source #
Contains information about a condition context key. It includes the name of the key and specifies the value (or values, if the context key supports multiple values) to use in the simulation. This information is used when evaluating the Condition
elements of the input policies.
This data type is used as an input parameter to
and SimulateCustomPolicy
.SimulateCustomPolicy
See: contextEntry
smart constructor.
Instances
contextEntry :: ContextEntry Source #
Creates a value of ContextEntry
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
ceContextKeyValues
- The value (or values, if the condition context key supports multiple values) to provide to the simulation when the key is referenced by aCondition
element in an input policy.ceContextKeyName
- The full name of a condition context key, including the service prefix. For example,aws:SourceIp
ors3:VersionId
.ceContextKeyType
- The data type of the value (or values) specified in theContextKeyValues
parameter.
ceContextKeyValues :: Lens' ContextEntry [Text] Source #
The value (or values, if the condition context key supports multiple values) to provide to the simulation when the key is referenced by a Condition
element in an input policy.
ceContextKeyName :: Lens' ContextEntry (Maybe Text) Source #
The full name of a condition context key, including the service prefix. For example, aws:SourceIp
or s3:VersionId
.
ceContextKeyType :: Lens' ContextEntry (Maybe ContextKeyTypeEnum) Source #
The data type of the value (or values) specified in the ContextKeyValues
parameter.
DeletionTaskFailureReasonType
data DeletionTaskFailureReasonType Source #
The reason that the service-linked role deletion failed.
This data type is used as a response element in the GetServiceLinkedRoleDeletionStatus
operation.
See: deletionTaskFailureReasonType
smart constructor.
Instances
deletionTaskFailureReasonType :: DeletionTaskFailureReasonType Source #
Creates a value of DeletionTaskFailureReasonType
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
dtfrtRoleUsageList
- A list of objects that contains details about the service-linked role deletion failure, if that information is returned by the service. If the service-linked role has active sessions or if any resources that were used by the role have not been deleted from the linked service, the role can't be deleted. This parameter includes a list of the resources that are associated with the role and the region in which the resources are being used.dtfrtReason
- A short description of the reason that the service-linked role deletion failed.
dtfrtRoleUsageList :: Lens' DeletionTaskFailureReasonType [RoleUsageType] Source #
A list of objects that contains details about the service-linked role deletion failure, if that information is returned by the service. If the service-linked role has active sessions or if any resources that were used by the role have not been deleted from the linked service, the role can't be deleted. This parameter includes a list of the resources that are associated with the role and the region in which the resources are being used.
dtfrtReason :: Lens' DeletionTaskFailureReasonType (Maybe Text) Source #
A short description of the reason that the service-linked role deletion failed.
EvaluationResult
data EvaluationResult Source #
Contains the results of a simulation.
This data type is used by the return parameter of
and SimulateCustomPolicy
.SimulatePrincipalPolicy
See: evaluationResult
smart constructor.
Instances
Creates a value of EvaluationResult
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
erMatchedStatements
- A list of the statements in the input policies that determine the result for this scenario. Remember that even if multiple statements allow the operation on the resource, if only one statement denies that operation, then the explicit deny overrides any allow, and the deny statement is the only entry included in the result.erEvalDecisionDetails
- Additional details about the results of the evaluation decision. When there are both IAM policies and resource policies, this parameter explains how each set of policies contributes to the final evaluation decision. When simulating cross-account access to a resource, both the resource-based policy and the caller's IAM policy must grant access. See How IAM Roles Differ from Resource-based PolicieserResourceSpecificResults
- The individual results of the simulation of the API operation specified in EvalActionName on each resource.erEvalResourceName
- The ARN of the resource that the indicated API operation was tested on.erMissingContextValues
- A list of context keys that are required by the included input policies but that were not provided by one of the input parameters. This list is used when the resource in a simulation is "*", either explicitly, or when theResourceArns
parameter blank. If you include a list of resources, then any missing context values are instead included under theResourceSpecificResults
section. To discover the context keys used by a set of policies, you can callGetContextKeysForCustomPolicy
orGetContextKeysForPrincipalPolicy
.erOrganizationsDecisionDetail
- A structure that details how AWS Organizations and its service control policies affect the results of the simulation. Only applies if the simulated user's account is part of an organization.erEvalActionName
- The name of the API operation tested on the indicated resource.erEvalDecision
- The result of the simulation.
erMatchedStatements :: Lens' EvaluationResult [Statement] Source #
A list of the statements in the input policies that determine the result for this scenario. Remember that even if multiple statements allow the operation on the resource, if only one statement denies that operation, then the explicit deny overrides any allow, and the deny statement is the only entry included in the result.
erEvalDecisionDetails :: Lens' EvaluationResult (HashMap Text PolicyEvaluationDecisionType) Source #
Additional details about the results of the evaluation decision. When there are both IAM policies and resource policies, this parameter explains how each set of policies contributes to the final evaluation decision. When simulating cross-account access to a resource, both the resource-based policy and the caller's IAM policy must grant access. See How IAM Roles Differ from Resource-based Policies
erResourceSpecificResults :: Lens' EvaluationResult [ResourceSpecificResult] Source #
The individual results of the simulation of the API operation specified in EvalActionName on each resource.
erEvalResourceName :: Lens' EvaluationResult (Maybe Text) Source #
The ARN of the resource that the indicated API operation was tested on.
erMissingContextValues :: Lens' EvaluationResult [Text] Source #
A list of context keys that are required by the included input policies but that were not provided by one of the input parameters. This list is used when the resource in a simulation is "*", either explicitly, or when the ResourceArns
parameter blank. If you include a list of resources, then any missing context values are instead included under the ResourceSpecificResults
section. To discover the context keys used by a set of policies, you can call GetContextKeysForCustomPolicy
or GetContextKeysForPrincipalPolicy
.
erOrganizationsDecisionDetail :: Lens' EvaluationResult (Maybe OrganizationsDecisionDetail) Source #
A structure that details how AWS Organizations and its service control policies affect the results of the simulation. Only applies if the simulated user's account is part of an organization.
erEvalActionName :: Lens' EvaluationResult Text Source #
The name of the API operation tested on the indicated resource.
erEvalDecision :: Lens' EvaluationResult PolicyEvaluationDecisionType Source #
The result of the simulation.
GetContextKeysForPolicyResponse
data GetContextKeysForPolicyResponse Source #
Contains the response to a successful GetContextKeysForPrincipalPolicy
or GetContextKeysForCustomPolicy
request.
See: getContextKeysForPolicyResponse
smart constructor.
Instances
getContextKeysForPolicyResponse :: GetContextKeysForPolicyResponse Source #
Creates a value of GetContextKeysForPolicyResponse
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
gckfpContextKeyNames
- The list of context keys that are referenced in the input policies.
gckfpContextKeyNames :: Lens' GetContextKeysForPolicyResponse [Text] Source #
The list of context keys that are referenced in the input policies.
Group
Contains information about an IAM group entity.
This data type is used as a response element in the following operations:
CreateGroup
GetGroup
ListGroups
See: group'
smart constructor.
Instances
Eq Group Source # | |
Data Group Source # | |
Defined in Network.AWS.IAM.Types.Product Methods gfoldl :: (forall d b. Data d => c (d -> b) -> d -> c b) -> (forall g. g -> c g) -> Group -> c Group # gunfold :: (forall b r. Data b => c (b -> r) -> c r) -> (forall r. r -> c r) -> Constr -> c Group # dataTypeOf :: Group -> DataType # dataCast1 :: Typeable t => (forall d. Data d => c (t d)) -> Maybe (c Group) # dataCast2 :: Typeable t => (forall d e. (Data d, Data e) => c (t d e)) -> Maybe (c Group) # gmapT :: (forall b. Data b => b -> b) -> Group -> Group # gmapQl :: (r -> r' -> r) -> r -> (forall d. Data d => d -> r') -> Group -> r # gmapQr :: (r' -> r -> r) -> r -> (forall d. Data d => d -> r') -> Group -> r # gmapQ :: (forall d. Data d => d -> u) -> Group -> [u] # gmapQi :: Int -> (forall d. Data d => d -> u) -> Group -> u # gmapM :: Monad m => (forall d. Data d => d -> m d) -> Group -> m Group # gmapMp :: MonadPlus m => (forall d. Data d => d -> m d) -> Group -> m Group # gmapMo :: MonadPlus m => (forall d. Data d => d -> m d) -> Group -> m Group # | |
Read Group Source # | |
Show Group Source # | |
Generic Group Source # | |
Hashable Group Source # | |
Defined in Network.AWS.IAM.Types.Product | |
FromXML Group Source # | |
NFData Group Source # | |
Defined in Network.AWS.IAM.Types.Product | |
type Rep Group Source # | |
Defined in Network.AWS.IAM.Types.Product type Rep Group = D1 (MetaData "Group" "Network.AWS.IAM.Types.Product" "amazonka-iam-1.6.1-BDjAp2BAcQu3GSS4Bsr6zu" False) (C1 (MetaCons "Group'" PrefixI True) ((S1 (MetaSel (Just "_gPath") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 Text) :*: S1 (MetaSel (Just "_gGroupName") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 Text)) :*: (S1 (MetaSel (Just "_gGroupId") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 Text) :*: (S1 (MetaSel (Just "_gARN") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 Text) :*: S1 (MetaSel (Just "_gCreateDate") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 ISO8601))))) |
Creates a value of Group
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
gPath
- The path to the group. For more information about paths, see IAM Identifiers in the Using IAM guide.gGroupName
- The friendly name that identifies the group.gGroupId
- The stable and unique string identifying the group. For more information about IDs, see IAM Identifiers in the Using IAM guide.gARN
- The Amazon Resource Name (ARN) specifying the group. For more information about ARNs and how to use them in policies, see IAM Identifiers in the Using IAM guide.gCreateDate
- The date and time, in ISO 8601 date-time format , when the group was created.
gPath :: Lens' Group Text Source #
The path to the group. For more information about paths, see IAM Identifiers in the Using IAM guide.
gGroupId :: Lens' Group Text Source #
The stable and unique string identifying the group. For more information about IDs, see IAM Identifiers in the Using IAM guide.
gARN :: Lens' Group Text Source #
The Amazon Resource Name (ARN) specifying the group. For more information about ARNs and how to use them in policies, see IAM Identifiers in the Using IAM guide.
gCreateDate :: Lens' Group UTCTime Source #
The date and time, in ISO 8601 date-time format , when the group was created.
GroupDetail
data GroupDetail Source #
Contains information about an IAM group, including all of the group's policies.
This data type is used as a response element in the GetAccountAuthorizationDetails
operation.
See: groupDetail
smart constructor.
Instances
groupDetail :: GroupDetail Source #
Creates a value of GroupDetail
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
gdARN
- Undocumented member.gdPath
- The path to the group. For more information about paths, see IAM Identifiers in the Using IAM guide.gdCreateDate
- The date and time, in ISO 8601 date-time format , when the group was created.gdGroupId
- The stable and unique string identifying the group. For more information about IDs, see IAM Identifiers in the Using IAM guide.gdGroupPolicyList
- A list of the inline policies embedded in the group.gdGroupName
- The friendly name that identifies the group.gdAttachedManagedPolicies
- A list of the managed policies attached to the group.
gdPath :: Lens' GroupDetail (Maybe Text) Source #
The path to the group. For more information about paths, see IAM Identifiers in the Using IAM guide.
gdCreateDate :: Lens' GroupDetail (Maybe UTCTime) Source #
The date and time, in ISO 8601 date-time format , when the group was created.
gdGroupId :: Lens' GroupDetail (Maybe Text) Source #
The stable and unique string identifying the group. For more information about IDs, see IAM Identifiers in the Using IAM guide.
gdGroupPolicyList :: Lens' GroupDetail [PolicyDetail] Source #
A list of the inline policies embedded in the group.
gdGroupName :: Lens' GroupDetail (Maybe Text) Source #
The friendly name that identifies the group.
gdAttachedManagedPolicies :: Lens' GroupDetail [AttachedPolicy] Source #
A list of the managed policies attached to the group.
InstanceProfile
data InstanceProfile Source #
Contains information about an instance profile.
This data type is used as a response element in the following operations:
CreateInstanceProfile
GetInstanceProfile
ListInstanceProfiles
ListInstanceProfilesForRole
See: instanceProfile
smart constructor.