{
"api_version": "2010-05-08",
"type": "query",
"result_wrapped": true,
"signature_version": "v4",
"service_full_name": "AWS Identity and Access Management",
"service_abbreviation": "IAM",
"global_endpoint": "iam.amazonaws.com",
"endpoint_prefix": "iam",
"xmlnamespace": "https://iam.amazonaws.com/doc/2010-05-08/",
"documentation": "\n\t\t
AWS Identity and Access Management (IAM) is a web service that you can use to manage users and user permissions\n\t\t\tunder your AWS account. This guide provides descriptions of the IAM API. For general\n\t\t\tinformation about IAM, see AWS Identity\n\t\t\t\tand Access Management (IAM). For the user guide for IAM, see Using IAM.
\n\t\t\n\t\tUsing the IAM Query API, you make direct calls to the IAM web service. IAM supports\n\t\t\tGET and POST requests for all actions. That is, the API does not require you to use GET for\n\t\t\tsome actions and POST for others. However, GET requests are subject to the limitation size of\n\t\t\ta URL; although this limit is browser dependent, a typical limit is 2048 bytes. Therefore, for\n\t\t\toperations that require larger sizes, you must use a POST request.
\n\t\t\n\t\tSigning Requests
Requests must be signed using an access key ID and a secret\n\t\t\taccess key. We strongly recommend that you do not use your AWS account access key ID and\n\t\t\tsecret access key for everyday work with IAM. You can use the access key ID and secret access\n\t\t\tkey for an IAM user or you can use the AWS Security Token Service to generate temporary security credentials\n\t\t\tand use those to sign requests.
To sign requests, we recommend that you use Signature Version 4. If\n\t\t\tyou have an existing application that uses Signature Version 2, you do not have to update it\n\t\t\tto use Signature Version 4. However, some operations now require Signature Version 4. The\n\t\t\tdocumentation for operations that require version 4 indicate this requirement.
\n\t\t\n\n\t\tAdditional Resources
\n\t\tFor more information, see the following:
Name of the instance profile to update.
\n\t", "required": true }, "RoleName": { "shape_name": "roleNameType", "type": "string", "min_length": 1, "max_length": 64, "pattern": "[\\w+=,.@-]*", "documentation": "\n\t\tName of the role to add.
\n\t", "required": true } }, "documentation": " " }, "output": null, "errors": [ { "shape_name": "NoSuchEntityException", "type": "structure", "members": { "message": { "shape_name": "noSuchEntityMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it referenced an entity that does not exist. The error\n\t\t\tmessage describes the entity.
\n\t" }, { "shape_name": "EntityAlreadyExistsException", "type": "structure", "members": { "message": { "shape_name": "entityAlreadyExistsMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it attempted to create a resource that already exists.
\n\t" }, { "shape_name": "LimitExceededException", "type": "structure", "members": { "message": { "shape_name": "limitExceededMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it attempted to create resources beyond the current AWS\n\t\t\taccount limits. The error message describes the limit exceeded.
\n\t" } ], "documentation": "\n\t\tAdds the specified role to the specified instance profile. For more information about roles,\n\t\t\tgo to Working with\n\t\t\t\tRoles. For more information about instance profiles, go to About Instance\n\t\t\t\tProfiles.
\n\t\tName of the group to update.
\n\t", "required": true }, "UserName": { "shape_name": "existingUserNameType", "type": "string", "min_length": 1, "max_length": 128, "pattern": "[\\w+=,.@-]*", "documentation": "\n\t\tName of the user to add.
\n\t", "required": true } }, "documentation": " " }, "output": null, "errors": [ { "shape_name": "NoSuchEntityException", "type": "structure", "members": { "message": { "shape_name": "noSuchEntityMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it referenced an entity that does not exist. The error\n\t\t\tmessage describes the entity.
\n\t" }, { "shape_name": "LimitExceededException", "type": "structure", "members": { "message": { "shape_name": "limitExceededMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it attempted to create resources beyond the current AWS\n\t\t\taccount limits. The error message describes the limit exceeded.
\n\t" } ], "documentation": "\n\t\tAdds the specified user to the specified group.
\n\t\tThe request was rejected because it referenced an entity that does not exist. The error\n\t\t\tmessage describes the entity.
\n\t" }, { "shape_name": "InvalidUserTypeException", "type": "structure", "members": { "message": { "shape_name": "invalidUserTypeMessage", "type": "string", "documentation": null } }, "documentation": "\n\t\tThe request was rejected because the type of user for the transaction was incorrect.
\n\t" }, { "shape_name": "LimitExceededException", "type": "structure", "members": { "message": { "shape_name": "limitExceededMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it attempted to create resources beyond the current AWS\n\t\t\taccount limits. The error message describes the limit exceeded.
\n\t" }, { "shape_name": "EntityTemporarilyUnmodifiableException", "type": "structure", "members": { "message": { "shape_name": "entityTemporarilyUnmodifiableMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it referenced an entity that is temporarily unmodifiable,\n\t\t\tsuch as a user name that was deleted and then recreated. The error indicates that the request\n\t\t\tis likely to succeed if you try again after waiting several minutes. The error message\n\t\t\tdescribes the entity.
\n\t" } ], "documentation": "\n\t\tChanges the password of the IAM user calling ChangePassword
. The root account\n\t\t\tpassword is not affected by this action. For information about modifying passwords, see Managing Passwords.
The user name that the new key will belong to.
\n\t" } }, "documentation": " " }, "output": { "shape_name": "CreateAccessKeyResponse", "type": "structure", "members": { "AccessKey": { "shape_name": "AccessKey", "type": "structure", "members": { "UserName": { "shape_name": "userNameType", "type": "string", "min_length": 1, "max_length": 64, "pattern": "[\\w+=,.@-]*", "documentation": "\n\t\tName of the user the key is associated with.
\n\t", "required": true }, "AccessKeyId": { "shape_name": "accessKeyIdType", "type": "string", "min_length": 16, "max_length": 32, "pattern": "[\\w]*", "documentation": "\n\t\tThe ID for this access key.
\n\t", "required": true }, "Status": { "shape_name": "statusType", "type": "string", "enum": [ "Active", "Inactive" ], "documentation": "\n\t\tThe status of the access key. Active
means the key is valid for API calls, while\n\t\t\t\tInactive
means it is not.
The secret key used to sign requests.
\n\t", "required": true }, "CreateDate": { "shape_name": "dateType", "type": "timestamp", "documentation": "\n\t\tThe date when the access key was created.
\n\t" } }, "documentation": "\n\t\tInformation about the access key.
\n\t", "required": true } }, "documentation": "\n\t\tContains the result of a successful invocation of the CreateAccessKey action.
\n\t" }, "errors": [ { "shape_name": "NoSuchEntityException", "type": "structure", "members": { "message": { "shape_name": "noSuchEntityMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it referenced an entity that does not exist. The error\n\t\t\tmessage describes the entity.
\n\t" }, { "shape_name": "LimitExceededException", "type": "structure", "members": { "message": { "shape_name": "limitExceededMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it attempted to create resources beyond the current AWS\n\t\t\taccount limits. The error message describes the limit exceeded.
\n\t" } ], "documentation": "\n\t\tCreates a new AWS secret access key and corresponding AWS access key ID for the specified\n\t\t\tuser. The default status for new keys is Active
.
If you do not specify a user name, IAM determines the user name implicitly based on the AWS\n\t\t\taccess key ID signing the request. Because this action works for access keys under the AWS\n\t\t\taccount, you can use this API to manage root credentials even if the AWS account has no\n\t\t\tassociated users.
\n\t\tFor information about limits on the number of keys you can create, see Limitations on IAM Entities in Using AWS Identity and Access\n\t\t\t\tManagement.
\n\t\tName of the account alias to create.
\n\t", "required": true } }, "documentation": " " }, "output": null, "errors": [ { "shape_name": "EntityAlreadyExistsException", "type": "structure", "members": { "message": { "shape_name": "entityAlreadyExistsMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it attempted to create a resource that already exists.
\n\t" }, { "shape_name": "LimitExceededException", "type": "structure", "members": { "message": { "shape_name": "limitExceededMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it attempted to create resources beyond the current AWS\n\t\t\taccount limits. The error message describes the limit exceeded.
\n\t" } ], "documentation": "\n\t\tThis action creates an alias for your AWS account. For information about using an AWS account\n\t\t\talias, see Using an Alias for Your AWS Account ID in Using AWS Identity and Access\n\t\t\t\tManagement.
\n\t\tThe path to the group. For more information about paths, see Identifiers for IAM Entities in Using AWS Identity and Access\n\t\t\t\tManagement.
\n\t\tThis parameter is optional. If it is not included, it defaults to a slash (/).
\n\t" }, "GroupName": { "shape_name": "groupNameType", "type": "string", "min_length": 1, "max_length": 128, "pattern": "[\\w+=,.@-]*", "documentation": "\n\t\tName of the group to create. Do not include the path in this value.
\n\t", "required": true } }, "documentation": " " }, "output": { "shape_name": "CreateGroupResponse", "type": "structure", "members": { "Group": { "shape_name": "Group", "type": "structure", "members": { "Path": { "shape_name": "pathType", "type": "string", "min_length": 1, "max_length": 512, "pattern": "(\\u002F)|(\\u002F[\\u0021-\\u007F]+\\u002F)", "documentation": "\n\t\tPath to the group. For more information about paths, see Identifiers for IAM Entities in Using AWS Identity and Access\n\t\t\t\tManagement.
\n\t", "required": true }, "GroupName": { "shape_name": "groupNameType", "type": "string", "min_length": 1, "max_length": 128, "pattern": "[\\w+=,.@-]*", "documentation": "\n\t\tThe name that identifies the group.
\n\t", "required": true }, "GroupId": { "shape_name": "idType", "type": "string", "min_length": 16, "max_length": 32, "pattern": "[\\w]*", "documentation": "\n\t\tThe stable and unique string identifying the group. For more information about IDs, see Identifiers for IAM Entities in Using AWS Identity and Access\n\t\t\t\tManagement.
\n\t", "required": true }, "Arn": { "shape_name": "arnType", "type": "string", "min_length": 20, "max_length": 2048, "documentation": "\n\t\tThe Amazon Resource Name (ARN) specifying the group. For more information about ARNs and how\n\t\t\tto use them in policies, see Identifiers for IAM Entities in Using AWS Identity and Access\n\t\t\t\tManagement.
\n\t", "required": true }, "CreateDate": { "shape_name": "dateType", "type": "timestamp", "documentation": "\n\t\tThe date when the group was created.
\n\t", "required": true } }, "documentation": "\n\t\tInformation about the group.
\n\t", "required": true } }, "documentation": "\n\t\tContains the result of a successful invocation of the CreateGroup action.
\n\t" }, "errors": [ { "shape_name": "LimitExceededException", "type": "structure", "members": { "message": { "shape_name": "limitExceededMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it attempted to create resources beyond the current AWS\n\t\t\taccount limits. The error message describes the limit exceeded.
\n\t" }, { "shape_name": "EntityAlreadyExistsException", "type": "structure", "members": { "message": { "shape_name": "entityAlreadyExistsMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it attempted to create a resource that already exists.
\n\t" }, { "shape_name": "NoSuchEntityException", "type": "structure", "members": { "message": { "shape_name": "noSuchEntityMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it referenced an entity that does not exist. The error\n\t\t\tmessage describes the entity.
\n\t" } ], "documentation": "\n\t\tCreates a new group.
\n\t\tFor information about the number of groups you can create, see Limitations on IAM Entities in Using AWS Identity and Access\n\t\t\t\tManagement.
\n\t\tName of the instance profile to create.
\n\t", "required": true }, "Path": { "shape_name": "pathType", "type": "string", "min_length": 1, "max_length": 512, "pattern": "(\\u002F)|(\\u002F[\\u0021-\\u007F]+\\u002F)", "documentation": "\n\t\tThe path to the instance profile. For more information about paths, see Identifiers for IAM Entities in Using AWS Identity and Access\n\t\t\t\tManagement.
\n\t\tThis parameter is optional. If it is not included, it defaults to a slash (/).
\n\t" } }, "documentation": " " }, "output": { "shape_name": "CreateInstanceProfileResponse", "type": "structure", "members": { "InstanceProfile": { "shape_name": "InstanceProfile", "type": "structure", "members": { "Path": { "shape_name": "pathType", "type": "string", "min_length": 1, "max_length": 512, "pattern": "(\\u002F)|(\\u002F[\\u0021-\\u007F]+\\u002F)", "documentation": "\n\t\tPath to the instance profile. For more information about paths, see Identifiers for IAM Entities in Using AWS Identity and Access\n\t\t\t\tManagement.
\n\t", "required": true }, "InstanceProfileName": { "shape_name": "instanceProfileNameType", "type": "string", "min_length": 1, "max_length": 128, "pattern": "[\\w+=,.@-]*", "documentation": "\n\t\tThe name identifying the instance profile.
\n\t", "required": true }, "InstanceProfileId": { "shape_name": "idType", "type": "string", "min_length": 16, "max_length": 32, "pattern": "[\\w]*", "documentation": "\n\t\tThe stable and unique string identifying the instance profile. For more information about\n\t\t\tIDs, see Identifiers for IAM Entities in Using AWS Identity and Access\n\t\t\t\tManagement.
\n\t", "required": true }, "Arn": { "shape_name": "arnType", "type": "string", "min_length": 20, "max_length": 2048, "documentation": "\n\t\tThe Amazon Resource Name (ARN) specifying the instance profile. For more information about\n\t\t\tARNs and how to use them in policies, see Identifiers for IAM Entities in Using AWS Identity and Access\n\t\t\t\tManagement.
\n\t", "required": true }, "CreateDate": { "shape_name": "dateType", "type": "timestamp", "documentation": "\n\t\tThe date when the instance profile was created.
\n\t", "required": true }, "Roles": { "shape_name": "roleListType", "type": "list", "members": { "shape_name": "Role", "type": "structure", "members": { "Path": { "shape_name": "pathType", "type": "string", "min_length": 1, "max_length": 512, "pattern": "(\\u002F)|(\\u002F[\\u0021-\\u007F]+\\u002F)", "documentation": "\n\t\tPath to the role. For more information about paths, see Identifiers for IAM Entities in Using AWS Identity and Access\n\t\t\t\tManagement.
\n\t", "required": true }, "RoleName": { "shape_name": "roleNameType", "type": "string", "min_length": 1, "max_length": 64, "pattern": "[\\w+=,.@-]*", "documentation": "\n\t\tThe name identifying the role.
\n\t", "required": true }, "RoleId": { "shape_name": "idType", "type": "string", "min_length": 16, "max_length": 32, "pattern": "[\\w]*", "documentation": "\n\t\tThe stable and unique string identifying the role. For more information about IDs, see Identifiers for IAM Entities in Using AWS Identity and Access\n\t\t\t\tManagement.
\n\t", "required": true }, "Arn": { "shape_name": "arnType", "type": "string", "min_length": 20, "max_length": 2048, "documentation": "\n\t\tThe Amazon Resource Name (ARN) specifying the role. For more information about ARNs and how\n\t\t\tto use them in policies, see Identifiers for IAM Entities in Using AWS Identity and Access\n\t\t\t\tManagement.
\n\t", "required": true }, "CreateDate": { "shape_name": "dateType", "type": "timestamp", "documentation": "\n\t\tThe date when the role was created.
\n\t", "required": true }, "AssumeRolePolicyDocument": { "shape_name": "policyDocumentType", "type": "string", "pattern": "[\\u0009\\u000A\\u000D\\u0020-\\u00FF]+", "min_length": 1, "max_length": 131072, "documentation": "\n\t\tThe policy that grants an entity permission to assume the role.
\n\t\tThe returned policy is URL-encoded according to RFC 3986. For more information about RFC\n\t\t\t3986, go to http://www.faqs.org/rfcs/rfc3986.html.
\n\t" } }, "documentation": "\n\t\tThe Role data type contains information about a role.
\n\t\tThis data type is used as a response element in the following actions:
\n\t\tThe role associated with the instance profile.
\n\t", "required": true } }, "documentation": "\n\t\tInformation about the instance profile.
\n\t", "required": true } }, "documentation": "\n\t\tContains the result of a successful invocation of the CreateInstanceProfile\n\t\t\taction.
\n\t" }, "errors": [ { "shape_name": "EntityAlreadyExistsException", "type": "structure", "members": { "message": { "shape_name": "entityAlreadyExistsMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it attempted to create a resource that already exists.
\n\t" }, { "shape_name": "LimitExceededException", "type": "structure", "members": { "message": { "shape_name": "limitExceededMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it attempted to create resources beyond the current AWS\n\t\t\taccount limits. The error message describes the limit exceeded.
\n\t" } ], "documentation": "\n\t\tCreates a new instance profile. For information about instance profiles, go to About Instance\n\t\t\t\tProfiles.
\n\t\tFor information about the number of instance profiles you can create, see Limitations on IAM Entities in Using AWS Identity and Access\n\t\t\t\tManagement.
\n\t\tName of the user to create a password for.
\n\t", "required": true }, "Password": { "shape_name": "passwordType", "type": "string", "min_length": 1, "max_length": 128, "pattern": "[\\u0009\\u000A\\u000D\\u0020-\\u00FF]+", "sensitive": true, "documentation": "\n\t\tThe new password for the user name.
\n\t", "required": true } }, "documentation": " " }, "output": { "shape_name": "CreateLoginProfileResponse", "type": "structure", "members": { "LoginProfile": { "shape_name": "LoginProfile", "type": "structure", "members": { "UserName": { "shape_name": "userNameType", "type": "string", "min_length": 1, "max_length": 64, "pattern": "[\\w+=,.@-]*", "documentation": "\n\t\tThe name of the user, which can be used for signing into the AWS Management Console.
\n\t", "required": true }, "CreateDate": { "shape_name": "dateType", "type": "timestamp", "documentation": "\n\t\tThe date when the password for the user was created.
\n\t", "required": true } }, "documentation": "\n\t\tThe user name and password create date.
\n\t", "required": true } }, "documentation": "\n\t\tContains the result of a successful invocation of the CreateLoginProfile action.
\n\t" }, "errors": [ { "shape_name": "EntityAlreadyExistsException", "type": "structure", "members": { "message": { "shape_name": "entityAlreadyExistsMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it attempted to create a resource that already exists.
\n\t" }, { "shape_name": "NoSuchEntityException", "type": "structure", "members": { "message": { "shape_name": "noSuchEntityMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it referenced an entity that does not exist. The error\n\t\t\tmessage describes the entity.
\n\t" }, { "shape_name": "PasswordPolicyViolationException", "type": "structure", "members": { "message": { "shape_name": "passwordPolicyViolationMessage", "type": "string", "documentation": null } }, "documentation": "\n\t\tThe request was rejected because the provided password did not meet the requirements imposed\n\t\t\tby the account password policy.
\n\t" }, { "shape_name": "LimitExceededException", "type": "structure", "members": { "message": { "shape_name": "limitExceededMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it attempted to create resources beyond the current AWS\n\t\t\taccount limits. The error message describes the limit exceeded.
\n\t" } ], "documentation": "\n\t\tCreates a password for the specified user, giving the user the ability to access AWS services\n\t\t\tthrough the AWS Management Console. For more information about managing passwords, see Managing Passwords in Using IAM.
\n\t\tThe path to the role. For more information about paths, see Identifiers for IAM Entities in Using AWS Identity and Access\n\t\t\t\tManagement.
\n\t\tThis parameter is optional. If it is not included, it defaults to a slash (/).
\n\t" }, "RoleName": { "shape_name": "roleNameType", "type": "string", "min_length": 1, "max_length": 64, "pattern": "[\\w+=,.@-]*", "documentation": "\n\t\tName of the role to create.
\n\t", "required": true }, "AssumeRolePolicyDocument": { "shape_name": "policyDocumentType", "type": "string", "pattern": "[\\u0009\\u000A\\u000D\\u0020-\\u00FF]+", "min_length": 1, "max_length": 131072, "documentation": "\n\t\tThe policy that grants an entity permission to assume the role.
\n\t", "required": true } }, "documentation": " " }, "output": { "shape_name": "CreateRoleResponse", "type": "structure", "members": { "Role": { "shape_name": "Role", "type": "structure", "members": { "Path": { "shape_name": "pathType", "type": "string", "min_length": 1, "max_length": 512, "pattern": "(\\u002F)|(\\u002F[\\u0021-\\u007F]+\\u002F)", "documentation": "\n\t\tPath to the role. For more information about paths, see Identifiers for IAM Entities in Using AWS Identity and Access\n\t\t\t\tManagement.
\n\t", "required": true }, "RoleName": { "shape_name": "roleNameType", "type": "string", "min_length": 1, "max_length": 64, "pattern": "[\\w+=,.@-]*", "documentation": "\n\t\tThe name identifying the role.
\n\t", "required": true }, "RoleId": { "shape_name": "idType", "type": "string", "min_length": 16, "max_length": 32, "pattern": "[\\w]*", "documentation": "\n\t\tThe stable and unique string identifying the role. For more information about IDs, see Identifiers for IAM Entities in Using AWS Identity and Access\n\t\t\t\tManagement.
\n\t", "required": true }, "Arn": { "shape_name": "arnType", "type": "string", "min_length": 20, "max_length": 2048, "documentation": "\n\t\tThe Amazon Resource Name (ARN) specifying the role. For more information about ARNs and how\n\t\t\tto use them in policies, see Identifiers for IAM Entities in Using AWS Identity and Access\n\t\t\t\tManagement.
\n\t", "required": true }, "CreateDate": { "shape_name": "dateType", "type": "timestamp", "documentation": "\n\t\tThe date when the role was created.
\n\t", "required": true }, "AssumeRolePolicyDocument": { "shape_name": "policyDocumentType", "type": "string", "pattern": "[\\u0009\\u000A\\u000D\\u0020-\\u00FF]+", "min_length": 1, "max_length": 131072, "documentation": "\n\t\tThe policy that grants an entity permission to assume the role.
\n\t\tThe returned policy is URL-encoded according to RFC 3986. For more information about RFC\n\t\t\t3986, go to http://www.faqs.org/rfcs/rfc3986.html.
\n\t" } }, "documentation": "\n\t\tInformation about the role.
\n\t", "required": true } }, "documentation": "\n\t\tContains the result of a successful invocation of the CreateRole action.
\n\t" }, "errors": [ { "shape_name": "LimitExceededException", "type": "structure", "members": { "message": { "shape_name": "limitExceededMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it attempted to create resources beyond the current AWS\n\t\t\taccount limits. The error message describes the limit exceeded.
\n\t" }, { "shape_name": "EntityAlreadyExistsException", "type": "structure", "members": { "message": { "shape_name": "entityAlreadyExistsMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it attempted to create a resource that already exists.
\n\t" }, { "shape_name": "MalformedPolicyDocumentException", "type": "structure", "members": { "message": { "shape_name": "malformedPolicyDocumentMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because the policy document was malformed. The error message\n\t\t\tdescribes the specific error.
\n\t" } ], "documentation": "\n\t\tCreates a new role for your AWS account. For more information about roles, go to Working with Roles.\n\t\t\tFor information about limitations on role names and the number of roles you can create, go to\n\t\t\t\tLimitations on IAM Entities in Using AWS Identity and Access\n\t\t\t\tManagement.
\n\t\tThe policy grants permission to an EC2 instance to assume the role. The policy is URL-encoded\n\t\t\taccording to RFC 3986. For more information about RFC 3986, go to http://www.faqs.org/rfcs/rfc3986.html.\n\t\t\tCurrently, only EC2 instances can assume roles.
\n\t\tAn XML document generated by an identity provider (IdP) that supports SAML 2.0. The document\n\t\t\tincludes the issuer's name, expiration information, and keys that can be used to validate the\n\t\t\tSAML authentication response (assertions) that are received from the IdP. You must generate\n\t\t\tthe metadata document using the identity management software that is used as your\n\t\t\torganization's IdP.
\n\t\t\n\t\tFor more information, see Creating Temporary Security Credentials for SAML Federation in the Using Temporary\n\t\t\t\tSecurity Credentials guide.
\n\t\t\n\t", "required": true }, "Name": { "shape_name": "SAMLProviderNameType", "type": "string", "min_length": 1, "max_length": 128, "pattern": "[\\w._-]*", "documentation": "\n\t\tThe name of the provider to create.
\n\t", "required": true } }, "documentation": " " }, "output": { "shape_name": "CreateSAMLProviderResponse", "type": "structure", "members": { "SAMLProviderArn": { "shape_name": "arnType", "type": "string", "min_length": 20, "max_length": 2048, "documentation": "\n\t\tThe Amazon Resource Name (ARN) of the SAML provider.
\n\t" } }, "documentation": "\n\t\tContains the result of a successful invocation of the CreateSAMLProvider action.
\n\t" }, "errors": [ { "shape_name": "InvalidInputException", "type": "structure", "members": { "message": { "shape_name": "invalidInputMessage", "type": "string", "documentation": null } }, "documentation": null }, { "shape_name": "EntityAlreadyExistsException", "type": "structure", "members": { "message": { "shape_name": "entityAlreadyExistsMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it attempted to create a resource that already exists.
\n\t" }, { "shape_name": "LimitExceededException", "type": "structure", "members": { "message": { "shape_name": "limitExceededMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it attempted to create resources beyond the current AWS\n\t\t\taccount limits. The error message describes the limit exceeded.
\n\t" } ], "documentation": "\n\t\tCreates an IAM entity to describe an identity provider (IdP) that supports SAML 2.0.
\n\t\tThe SAML provider that you create with this operation can be used as a principal in a role's\n\t\t\ttrust policy to establish a trust relationship between AWS and a SAML identity provider. You\n\t\t\tcan create an IAM role that supports Web-based single sign-on (SSO) to the AWS Management Console or one\n\t\t\tthat supports API access to AWS.
\n\t\t\n\t\tWhen you create the SAML provider, you upload an a SAML metadata document that you get from\n\t\t\tyour IdP and that includes the issuer's name, expiration information, and keys that can be\n\t\t\tused to validate the SAML authentication response (assertions) that are received from the IdP.\n\t\t\tYou must generate the metadata document using the identity management software that is used as\n\t\t\tyour organization's IdP.
\n\t\t\n\t\tFor more information, see Giving Console Access Using SAML and Creating\n\t\t\t\tTemporary Security Credentials for SAML Federation in the Using Temporary\n\t\t\t\tCredentials guide.
\n\t\tThe path for the user name. For more information about paths, see Identifiers for IAM Entities in Using AWS Identity and Access\n\t\t\t\tManagement.
\n\t\tThis parameter is optional. If it is not included, it defaults to a slash (/).
\n\t" }, "UserName": { "shape_name": "userNameType", "type": "string", "min_length": 1, "max_length": 64, "pattern": "[\\w+=,.@-]*", "documentation": "\n\t\tName of the user to create.
\n\t", "required": true } }, "documentation": " " }, "output": { "shape_name": "CreateUserResponse", "type": "structure", "members": { "User": { "shape_name": "User", "type": "structure", "members": { "Path": { "shape_name": "pathType", "type": "string", "min_length": 1, "max_length": 512, "pattern": "(\\u002F)|(\\u002F[\\u0021-\\u007F]+\\u002F)", "documentation": "\n\t\tPath to the user. For more information about paths, see Identifiers for IAM Entities in Using AWS Identity and Access\n\t\t\t\tManagement.
\n\t", "required": true }, "UserName": { "shape_name": "userNameType", "type": "string", "min_length": 1, "max_length": 64, "pattern": "[\\w+=,.@-]*", "documentation": "\n\t\tThe name identifying the user.
\n\t", "required": true }, "UserId": { "shape_name": "idType", "type": "string", "min_length": 16, "max_length": 32, "pattern": "[\\w]*", "documentation": "\n\t\tThe stable and unique string identifying the user. For more information about IDs, see Identifiers for IAM Entities in Using AWS Identity and Access\n\t\t\t\tManagement.
\n\t", "required": true }, "Arn": { "shape_name": "arnType", "type": "string", "min_length": 20, "max_length": 2048, "documentation": "\n\t\tThe Amazon Resource Name (ARN) specifying the user. For more information about ARNs and how\n\t\t\tto use them in policies, see Identifiers for IAM Entities in Using AWS Identity and Access\n\t\t\t\tManagement.
\n\t", "required": true }, "CreateDate": { "shape_name": "dateType", "type": "timestamp", "documentation": "\n\t\tThe date when the user was created.
\n\t", "required": true } }, "documentation": "\n\t\tInformation about the user.
\n\t" } }, "documentation": "\n\t\tContains the result of a successful invocation of the CreateUser action.
\n\t" }, "errors": [ { "shape_name": "LimitExceededException", "type": "structure", "members": { "message": { "shape_name": "limitExceededMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it attempted to create resources beyond the current AWS\n\t\t\taccount limits. The error message describes the limit exceeded.
\n\t" }, { "shape_name": "EntityAlreadyExistsException", "type": "structure", "members": { "message": { "shape_name": "entityAlreadyExistsMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it attempted to create a resource that already exists.
\n\t" }, { "shape_name": "NoSuchEntityException", "type": "structure", "members": { "message": { "shape_name": "noSuchEntityMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it referenced an entity that does not exist. The error\n\t\t\tmessage describes the entity.
\n\t" } ], "documentation": "\n\t\tCreates a new user for your AWS account.
\n\t\tFor information about limitations on the number of users you can create, see Limitations on IAM Entities in Using AWS Identity and Access\n\t\t\t\tManagement.
\n\t\tThe path for the virtual MFA device. For more information about paths, see Identifiers for IAM Entities in Using AWS Identity and Access\n\t\t\t\tManagement.
\n\t\tThis parameter is optional. If it is not included, it defaults to a slash (/).
\n\t" }, "VirtualMFADeviceName": { "shape_name": "virtualMFADeviceName", "type": "string", "pattern": "[\\w+=,.@-]*", "min_length": 1, "documentation": "\n\t\tThe name of the virtual MFA device. Use with path to uniquely identify a virtual MFA\n\t\t\tdevice.
\n\t", "required": true } }, "documentation": null }, "output": { "shape_name": "CreateVirtualMFADeviceResponse", "type": "structure", "members": { "VirtualMFADevice": { "shape_name": "VirtualMFADevice", "type": "structure", "members": { "SerialNumber": { "shape_name": "serialNumberType", "type": "string", "min_length": 9, "max_length": 256, "pattern": "[\\w+=/:,.@-]*", "documentation": "\n\t\tThe serial number associated with VirtualMFADevice
.
The Base32 seed defined as specified in RFC3548. The Base32StringSeed
is Base64-encoded.
A QR code PNG image that encodes otpauth://totp/$virtualMFADeviceName@$AccountName?\n\t\t\t\tsecret=$Base32String where $virtualMFADeviceName is one of the create call arguments,\n\t\t\tAccountName is the user name if set (accountId otherwise), and Base32String is the seed in\n\t\t\tBase32 format. The Base32String
is Base64-encoded.
Path to the user. For more information about paths, see Identifiers for IAM Entities in Using AWS Identity and Access\n\t\t\t\tManagement.
\n\t", "required": true }, "UserName": { "shape_name": "userNameType", "type": "string", "min_length": 1, "max_length": 64, "pattern": "[\\w+=,.@-]*", "documentation": "\n\t\tThe name identifying the user.
\n\t", "required": true }, "UserId": { "shape_name": "idType", "type": "string", "min_length": 16, "max_length": 32, "pattern": "[\\w]*", "documentation": "\n\t\tThe stable and unique string identifying the user. For more information about IDs, see Identifiers for IAM Entities in Using AWS Identity and Access\n\t\t\t\tManagement.
\n\t", "required": true }, "Arn": { "shape_name": "arnType", "type": "string", "min_length": 20, "max_length": 2048, "documentation": "\n\t\tThe Amazon Resource Name (ARN) specifying the user. For more information about ARNs and how\n\t\t\tto use them in policies, see Identifiers for IAM Entities in Using AWS Identity and Access\n\t\t\t\tManagement.
\n\t", "required": true }, "CreateDate": { "shape_name": "dateType", "type": "timestamp", "documentation": "\n\t\tThe date when the user was created.
\n\t", "required": true } }, "documentation": "\n\t\tThe User data type contains information about a user.
\n\t\tThis data type is used as a response element in the following actions:
\n\t\tA newly created virtual MFA device.
\n\t", "required": true } }, "documentation": "\n\t\tContains the result of a successful invocation of the CreateVirtualMFADevice\n\t\t\taction.
\n\t" }, "errors": [ { "shape_name": "LimitExceededException", "type": "structure", "members": { "message": { "shape_name": "limitExceededMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it attempted to create resources beyond the current AWS\n\t\t\taccount limits. The error message describes the limit exceeded.
\n\t" }, { "shape_name": "EntityAlreadyExistsException", "type": "structure", "members": { "message": { "shape_name": "entityAlreadyExistsMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it attempted to create a resource that already exists.
\n\t" } ], "documentation": "\n\t\tCreates a new virtual MFA device for the AWS account. After creating the virtual MFA, use EnableMFADevice to attach the MFA device to an IAM user. For more information about\n\t\t\tcreating and working with virtual MFA devices, go to Using a Virtual MFA Device in Using AWS Identity and Access Management.
\n\t\tFor information about limits on the number of MFA devices you can create, see Limitations on Entities in Using AWS Identity and Access\n\t\t\t\tManagement.
\n\t\tName of the user whose MFA device you want to deactivate.
\n\t", "required": true }, "SerialNumber": { "shape_name": "serialNumberType", "type": "string", "min_length": 9, "max_length": 256, "pattern": "[\\w+=/:,.@-]*", "documentation": "\n\t\tThe serial number that uniquely identifies the MFA device. For virtual MFA devices, the\n\t\t\tserial number is the device ARN.
\n\t", "required": true } }, "documentation": " " }, "output": null, "errors": [ { "shape_name": "EntityTemporarilyUnmodifiableException", "type": "structure", "members": { "message": { "shape_name": "entityTemporarilyUnmodifiableMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it referenced an entity that is temporarily unmodifiable,\n\t\t\tsuch as a user name that was deleted and then recreated. The error indicates that the request\n\t\t\tis likely to succeed if you try again after waiting several minutes. The error message\n\t\t\tdescribes the entity.
\n\t" }, { "shape_name": "NoSuchEntityException", "type": "structure", "members": { "message": { "shape_name": "noSuchEntityMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it referenced an entity that does not exist. The error\n\t\t\tmessage describes the entity.
\n\t" }, { "shape_name": "LimitExceededException", "type": "structure", "members": { "message": { "shape_name": "limitExceededMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it attempted to create resources beyond the current AWS\n\t\t\taccount limits. The error message describes the limit exceeded.
\n\t" } ], "documentation": "\n\t\tDeactivates the specified MFA device and removes it from association with the user name for\n\t\t\twhich it was originally enabled.
\n\t\tName of the user whose key you want to delete.
\n\t" }, "AccessKeyId": { "shape_name": "accessKeyIdType", "type": "string", "min_length": 16, "max_length": 32, "pattern": "[\\w]*", "documentation": "\n\t\tThe access key ID for the access key ID and secret access key you want to delete.
\n\t", "required": true } }, "documentation": " " }, "output": null, "errors": [ { "shape_name": "NoSuchEntityException", "type": "structure", "members": { "message": { "shape_name": "noSuchEntityMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it referenced an entity that does not exist. The error\n\t\t\tmessage describes the entity.
\n\t" }, { "shape_name": "LimitExceededException", "type": "structure", "members": { "message": { "shape_name": "limitExceededMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it attempted to create resources beyond the current AWS\n\t\t\taccount limits. The error message describes the limit exceeded.
\n\t" } ], "documentation": "\n\t\tDeletes the access key associated with the specified user.
\n\t\tIf you do not specify a user name, IAM determines the user name implicitly based on the AWS\n\t\t\taccess key ID signing the request. Because this action works for access keys under the AWS\n\t\t\taccount, you can use this API to manage root credentials even if the AWS account has no\n\t\t\tassociated users.
\n\t\tName of the account alias to delete.
\n\t", "required": true } }, "documentation": " " }, "output": null, "errors": [ { "shape_name": "NoSuchEntityException", "type": "structure", "members": { "message": { "shape_name": "noSuchEntityMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it referenced an entity that does not exist. The error\n\t\t\tmessage describes the entity.
\n\t" }, { "shape_name": "LimitExceededException", "type": "structure", "members": { "message": { "shape_name": "limitExceededMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it attempted to create resources beyond the current AWS\n\t\t\taccount limits. The error message describes the limit exceeded.
\n\t" } ], "documentation": "\n\t\tDeletes the specified AWS account alias. For information about using an AWS account alias,\n\t\t\tsee Using an\n\t\t\t\tAlias for Your AWS Account ID in Using AWS Identity and Access Management.
\n\t\tThe request was rejected because it referenced an entity that does not exist. The error\n\t\t\tmessage describes the entity.
\n\t" } ], "documentation": "\n\t\tDeletes the password policy for the AWS account.
\n\t\tName of the group to delete.
\n\t", "required": true } }, "documentation": " " }, "output": null, "errors": [ { "shape_name": "NoSuchEntityException", "type": "structure", "members": { "message": { "shape_name": "noSuchEntityMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it referenced an entity that does not exist. The error\n\t\t\tmessage describes the entity.
\n\t" }, { "shape_name": "DeleteConflictException", "type": "structure", "members": { "message": { "shape_name": "deleteConflictMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it attempted to delete a resource that has attached\n\t\t\tsubordinate entities. The error message describes these entities.
\n\t" }, { "shape_name": "LimitExceededException", "type": "structure", "members": { "message": { "shape_name": "limitExceededMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it attempted to create resources beyond the current AWS\n\t\t\taccount limits. The error message describes the limit exceeded.
\n\t" } ], "documentation": "\n\t\tDeletes the specified group. The group must not contain any users or have any attached\n\t\t\tpolicies.
\n\t\tName of the group the policy is associated with.
\n\t", "required": true }, "PolicyName": { "shape_name": "policyNameType", "type": "string", "min_length": 1, "max_length": 128, "pattern": "[\\w+=,.@-]*", "documentation": "\n\t\tName of the policy document to delete.
\n\t", "required": true } }, "documentation": " " }, "output": null, "errors": [ { "shape_name": "NoSuchEntityException", "type": "structure", "members": { "message": { "shape_name": "noSuchEntityMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it referenced an entity that does not exist. The error\n\t\t\tmessage describes the entity.
\n\t" }, { "shape_name": "LimitExceededException", "type": "structure", "members": { "message": { "shape_name": "limitExceededMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it attempted to create resources beyond the current AWS\n\t\t\taccount limits. The error message describes the limit exceeded.
\n\t" } ], "documentation": "\n\t\tDeletes the specified policy that is associated with the specified group.
\n\t\tName of the instance profile to delete.
\n\t", "required": true } }, "documentation": " " }, "output": null, "errors": [ { "shape_name": "NoSuchEntityException", "type": "structure", "members": { "message": { "shape_name": "noSuchEntityMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it referenced an entity that does not exist. The error\n\t\t\tmessage describes the entity.
\n\t" }, { "shape_name": "DeleteConflictException", "type": "structure", "members": { "message": { "shape_name": "deleteConflictMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it attempted to delete a resource that has attached\n\t\t\tsubordinate entities. The error message describes these entities.
\n\t" }, { "shape_name": "LimitExceededException", "type": "structure", "members": { "message": { "shape_name": "limitExceededMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it attempted to create resources beyond the current AWS\n\t\t\taccount limits. The error message describes the limit exceeded.
\n\t" } ], "documentation": "\n\t\tDeletes the specified instance profile. The instance profile must not have an associated\n\t\t\trole.
\n\t\tFor more information about instance profiles, go to About Instance\n\t\t\t\tProfiles.
\n\t\tName of the user whose password you want to delete.
\n\t", "required": true } }, "documentation": " " }, "output": null, "errors": [ { "shape_name": "EntityTemporarilyUnmodifiableException", "type": "structure", "members": { "message": { "shape_name": "entityTemporarilyUnmodifiableMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it referenced an entity that is temporarily unmodifiable,\n\t\t\tsuch as a user name that was deleted and then recreated. The error indicates that the request\n\t\t\tis likely to succeed if you try again after waiting several minutes. The error message\n\t\t\tdescribes the entity.
\n\t" }, { "shape_name": "NoSuchEntityException", "type": "structure", "members": { "message": { "shape_name": "noSuchEntityMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it referenced an entity that does not exist. The error\n\t\t\tmessage describes the entity.
\n\t" }, { "shape_name": "LimitExceededException", "type": "structure", "members": { "message": { "shape_name": "limitExceededMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it attempted to create resources beyond the current AWS\n\t\t\taccount limits. The error message describes the limit exceeded.
\n\t" } ], "documentation": "\n\t\tDeletes the password for the specified user, which terminates the user's ability to access\n\t\t\tAWS services through the AWS Management Console.
\n\t\tName of the role to delete.
\n\t", "required": true } }, "documentation": " " }, "output": null, "errors": [ { "shape_name": "NoSuchEntityException", "type": "structure", "members": { "message": { "shape_name": "noSuchEntityMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it referenced an entity that does not exist. The error\n\t\t\tmessage describes the entity.
\n\t" }, { "shape_name": "DeleteConflictException", "type": "structure", "members": { "message": { "shape_name": "deleteConflictMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it attempted to delete a resource that has attached\n\t\t\tsubordinate entities. The error message describes these entities.
\n\t" }, { "shape_name": "LimitExceededException", "type": "structure", "members": { "message": { "shape_name": "limitExceededMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it attempted to create resources beyond the current AWS\n\t\t\taccount limits. The error message describes the limit exceeded.
\n\t" } ], "documentation": "\n\t\tDeletes the specified role. The role must not have any policies attached. For more\n\t\t\tinformation about roles, go to Working with\n\t\t\tRoles.
\n\t\tName of the role the associated with the policy.
\n\t", "required": true }, "PolicyName": { "shape_name": "policyNameType", "type": "string", "min_length": 1, "max_length": 128, "pattern": "[\\w+=,.@-]*", "documentation": "\n\t\tName of the policy document to delete.
\n\t", "required": true } }, "documentation": null }, "output": null, "errors": [ { "shape_name": "NoSuchEntityException", "type": "structure", "members": { "message": { "shape_name": "noSuchEntityMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it referenced an entity that does not exist. The error\n\t\t\tmessage describes the entity.
\n\t" }, { "shape_name": "LimitExceededException", "type": "structure", "members": { "message": { "shape_name": "limitExceededMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it attempted to create resources beyond the current AWS\n\t\t\taccount limits. The error message describes the limit exceeded.
\n\t" } ], "documentation": "\n\t\tDeletes the specified policy associated with the specified role.
\n\t\tThe Amazon Resource Name (ARN) of the SAML provider to delete.
\n\t", "required": true } }, "documentation": " " }, "output": null, "errors": [ { "shape_name": "InvalidInputException", "type": "structure", "members": { "message": { "shape_name": "invalidInputMessage", "type": "string", "documentation": null } }, "documentation": null } ], "documentation": "\n\t\tDeletes a SAML provider.
\n\t\tDeleting the provider does not update any roles that reference the SAML provider as a\n\t\t\tprincipal in their trust policies. Any attempt to assume a role that references a SAML\n\t\t\tprovider that has been deleted will fail.
\n\t\tThe name of the server certificate you want to delete.
\n\t", "required": true } }, "documentation": " " }, "output": null, "errors": [ { "shape_name": "NoSuchEntityException", "type": "structure", "members": { "message": { "shape_name": "noSuchEntityMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it referenced an entity that does not exist. The error\n\t\t\tmessage describes the entity.
\n\t" }, { "shape_name": "DeleteConflictException", "type": "structure", "members": { "message": { "shape_name": "deleteConflictMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it attempted to delete a resource that has attached\n\t\t\tsubordinate entities. The error message describes these entities.
\n\t" }, { "shape_name": "LimitExceededException", "type": "structure", "members": { "message": { "shape_name": "limitExceededMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it attempted to create resources beyond the current AWS\n\t\t\taccount limits. The error message describes the limit exceeded.
\n\t" } ], "documentation": "\n\t\tDeletes the specified server certificate.
\n\t\tName of the user the signing certificate belongs to.
\n\t" }, "CertificateId": { "shape_name": "certificateIdType", "type": "string", "min_length": 24, "max_length": 128, "pattern": "[\\w]*", "documentation": "\n\t\tID of the signing certificate to delete.
\n\t", "required": true } }, "documentation": " " }, "output": null, "errors": [ { "shape_name": "NoSuchEntityException", "type": "structure", "members": { "message": { "shape_name": "noSuchEntityMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it referenced an entity that does not exist. The error\n\t\t\tmessage describes the entity.
\n\t" }, { "shape_name": "LimitExceededException", "type": "structure", "members": { "message": { "shape_name": "limitExceededMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it attempted to create resources beyond the current AWS\n\t\t\taccount limits. The error message describes the limit exceeded.
\n\t" } ], "documentation": "\n\t\tDeletes the specified signing certificate associated with the specified user.
\n\t\tIf you do not specify a user name, IAM determines the user name implicitly based on the AWS\n\t\t\taccess key ID signing the request. Because this action works for access keys under the AWS\n\t\t\taccount, you can use this API to manage root credentials even if the AWS account has no\n\t\t\tassociated users.
\n\t\tName of the user to delete.
\n\t", "required": true } }, "documentation": " " }, "output": null, "errors": [ { "shape_name": "LimitExceededException", "type": "structure", "members": { "message": { "shape_name": "limitExceededMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it attempted to create resources beyond the current AWS\n\t\t\taccount limits. The error message describes the limit exceeded.
\n\t" }, { "shape_name": "NoSuchEntityException", "type": "structure", "members": { "message": { "shape_name": "noSuchEntityMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it referenced an entity that does not exist. The error\n\t\t\tmessage describes the entity.
\n\t" }, { "shape_name": "DeleteConflictException", "type": "structure", "members": { "message": { "shape_name": "deleteConflictMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it attempted to delete a resource that has attached\n\t\t\tsubordinate entities. The error message describes these entities.
\n\t" } ], "documentation": "\n\t\tDeletes the specified user. The user must not belong to any groups, have any keys or signing\n\t\t\tcertificates, or have any attached policies.
\n\t\tName of the user the policy is associated with.
\n\t", "required": true }, "PolicyName": { "shape_name": "policyNameType", "type": "string", "min_length": 1, "max_length": 128, "pattern": "[\\w+=,.@-]*", "documentation": "\n\t\tName of the policy document to delete.
\n\t", "required": true } }, "documentation": " " }, "output": null, "errors": [ { "shape_name": "NoSuchEntityException", "type": "structure", "members": { "message": { "shape_name": "noSuchEntityMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it referenced an entity that does not exist. The error\n\t\t\tmessage describes the entity.
\n\t" }, { "shape_name": "LimitExceededException", "type": "structure", "members": { "message": { "shape_name": "limitExceededMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it attempted to create resources beyond the current AWS\n\t\t\taccount limits. The error message describes the limit exceeded.
\n\t" } ], "documentation": "\n\t\tDeletes the specified policy associated with the specified user.
\n\t\tThe serial number that uniquely identifies the MFA device. For virtual MFA devices, the\n\t\t\tserial number is the same as the ARN.
\n\t", "required": true } }, "documentation": null }, "output": null, "errors": [ { "shape_name": "NoSuchEntityException", "type": "structure", "members": { "message": { "shape_name": "noSuchEntityMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it referenced an entity that does not exist. The error\n\t\t\tmessage describes the entity.
\n\t" }, { "shape_name": "DeleteConflictException", "type": "structure", "members": { "message": { "shape_name": "deleteConflictMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it attempted to delete a resource that has attached\n\t\t\tsubordinate entities. The error message describes these entities.
\n\t" }, { "shape_name": "LimitExceededException", "type": "structure", "members": { "message": { "shape_name": "limitExceededMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it attempted to create resources beyond the current AWS\n\t\t\taccount limits. The error message describes the limit exceeded.
\n\t" } ], "documentation": "\n\t\tDeletes a virtual MFA device.
\n\t\tName of the user for whom you want to enable the MFA device.
\n\t", "required": true }, "SerialNumber": { "shape_name": "serialNumberType", "type": "string", "min_length": 9, "max_length": 256, "pattern": "[\\w+=/:,.@-]*", "documentation": "\n\t\tThe serial number that uniquely identifies the MFA device. For virtual MFA devices, the\n\t\t\tserial number is the device ARN.
\n\t", "required": true }, "AuthenticationCode1": { "shape_name": "authenticationCodeType", "type": "string", "min_length": 6, "max_length": 6, "pattern": "[\\d]*", "documentation": "\n\t\tAn authentication code emitted by the device.
\n\t", "required": true }, "AuthenticationCode2": { "shape_name": "authenticationCodeType", "type": "string", "min_length": 6, "max_length": 6, "pattern": "[\\d]*", "documentation": "\n\t\tA subsequent authentication code emitted by the device.
\n\t", "required": true } }, "documentation": " " }, "output": null, "errors": [ { "shape_name": "EntityAlreadyExistsException", "type": "structure", "members": { "message": { "shape_name": "entityAlreadyExistsMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it attempted to create a resource that already exists.
\n\t" }, { "shape_name": "EntityTemporarilyUnmodifiableException", "type": "structure", "members": { "message": { "shape_name": "entityTemporarilyUnmodifiableMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it referenced an entity that is temporarily unmodifiable,\n\t\t\tsuch as a user name that was deleted and then recreated. The error indicates that the request\n\t\t\tis likely to succeed if you try again after waiting several minutes. The error message\n\t\t\tdescribes the entity.
\n\t" }, { "shape_name": "InvalidAuthenticationCodeException", "type": "structure", "members": { "message": { "shape_name": "invalidAuthenticationCodeMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because the authentication code was not recognized. The error\n\t\t\tmessage describes the specific error.
\n\t" }, { "shape_name": "LimitExceededException", "type": "structure", "members": { "message": { "shape_name": "limitExceededMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it attempted to create resources beyond the current AWS\n\t\t\taccount limits. The error message describes the limit exceeded.
\n\t" }, { "shape_name": "NoSuchEntityException", "type": "structure", "members": { "message": { "shape_name": "noSuchEntityMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it referenced an entity that does not exist. The error\n\t\t\tmessage describes the entity.
\n\t" } ], "documentation": "\n\t\tEnables the specified MFA device and associates it with the specified user name. When\n\t\t\tenabled, the MFA device is required for every subsequent login by the user name associated\n\t\t\twith the device.
\n\t\tMinimum length to require for IAM user passwords.
\n\t" }, "RequireSymbols": { "shape_name": "booleanType", "type": "boolean", "documentation": "\n\t\tSpecifies whether to require symbols for IAM user passwords.
\n\t" }, "RequireNumbers": { "shape_name": "booleanType", "type": "boolean", "documentation": "\n\t\tSpecifies whether to require numbers for IAM user passwords.
\n\t" }, "RequireUppercaseCharacters": { "shape_name": "booleanType", "type": "boolean", "documentation": "\n\t\tSpecifies whether to require uppercase characters for IAM user passwords.
\n\t" }, "RequireLowercaseCharacters": { "shape_name": "booleanType", "type": "boolean", "documentation": "\n\t\tSpecifies whether to require lowercase characters for IAM user passwords.
\n\t" }, "AllowUsersToChangePassword": { "shape_name": "booleanType", "type": "boolean", "documentation": "\n\t\tSpecifies whether to allow IAM users to change their own password.
\n\t" }, "ExpirePasswords": { "shape_name": "booleanType", "type": "boolean", "documentation": null }, "MaxPasswordAge": { "shape_name": "maxPasswordAgeType", "type": "integer", "documentation": null } }, "documentation": "\n\t\tThe PasswordPolicy data type contains information about the account password policy.
\n\t\tThis data type is used as a response element in the action GetAccountPasswordPolicy.\n\t\t
\n\t", "required": true } }, "documentation": "\n\t\tContains the result of a successful invocation of the GetAccountPasswordPolicy\n\t\t\taction.
\n\t" }, "errors": [ { "shape_name": "NoSuchEntityException", "type": "structure", "members": { "message": { "shape_name": "noSuchEntityMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it referenced an entity that does not exist. The error\n\t\t\tmessage describes the entity.
\n\t" } ], "documentation": "\n\t\tRetrieves the password policy for the AWS account. For more information about using a\n\t\t\tpassword policy, go to Managing an\n\t\t\t\tIAM Password Policy.
\n\t\tA set of key value pairs containing account-level information.
\n\t\t\n\t\t\tSummaryMap
contains the following keys:
AccessKeysPerUserQuota
- Maximum number of access keys that can be\n\t\t\t\t\t\tcreated per user
AccountMFAEnabled
- 1 if the root account has an MFA device assigned to\n\t\t\t\t\t\tit, 0 otherwise
AssumeRolePolicySizeQuota
- Maximum allowed size for assume role policy\n\t\t\t\t\t\tdocuments (in kilobytes)
GroupPolicySizeQuota
- Maximum allowed size for Group policy documents\n\t\t\t\t\t\t(in kilobytes)
Groups
- Number of Groups for the AWS account
GroupsPerUserQuota
- Maximum number of groups a user can belong\n\t\t\t\t\tto
GroupsQuota
- Maximum groups allowed for the AWS account
InstanceProfiles
- Number of instance profiles for the AWS\n\t\t\t\t\taccount
InstanceProfilesQuota
- Maximum instance profiles allowed for the AWS\n\t\t\t\t\t\taccount
MFADevices
- Number of MFA devices, either assigned or\n\t\t\t\t\tunassigned
MFADevicesInUse
- Number of MFA devices that have been assigned to an\n\t\t\t\t\t\tIAM user or to the root account
RolePolicySizeQuota
- Maximum allowed size for role policy documents (in\n\t\t\t\t\t\tkilobytes)
Roles
- Number of roles for the AWS account
RolesQuota
- Maximum roles allowed for the AWS account
ServerCertificates
- Number of server certificates for the AWS\n\t\t\t\t\t\taccount
ServerCertificatesQuota
- Maximum server certificates allowed for the\n\t\t\t\t\t\tAWS account
SigningCertificatesPerUserQuota
- Maximum number of X509 certificates\n\t\t\t\t\t\tallowed for a user
UserPolicySizeQuota
- Maximum allowed size for user policy documents (in\n\t\t\t\t\t\tkilobytes)
Users
- Number of users for the AWS account
UsersQuota
- Maximum users allowed for the AWS account
Contains the result of a successful invocation of the GetAccountSummary action.
\n\t" }, "errors": [], "documentation": "\n\t\tRetrieves account level information about account entity usage and IAM quotas.
\n\t\tFor information about limitations on IAM entities, see Limitations on IAM Entities in Using AWS Identity and Access\n\t\t\t\tManagement.
\n\t\tName of the group.
\n\t", "required": true }, "Marker": { "shape_name": "markerType", "type": "string", "min_length": 1, "max_length": 320, "pattern": "[\\u0020-\\u00FF]*", "documentation": "\n\t\tUse this only when paginating results, and only in a subsequent request after you've received\n\t\t\ta response where the results are truncated. Set it to the value of the Marker
\n\t\t\telement in the response you just received.
Use this only when paginating results to indicate the maximum number of user names you want\n\t\t\tin the response. If there are additional user names beyond the maximum you specify, the\n\t\t\t\tIsTruncated
response element is true
. This parameter is optional.\n\t\t\tIf you do not include it, it defaults to 100.
Path to the group. For more information about paths, see Identifiers for IAM Entities in Using AWS Identity and Access\n\t\t\t\tManagement.
\n\t", "required": true }, "GroupName": { "shape_name": "groupNameType", "type": "string", "min_length": 1, "max_length": 128, "pattern": "[\\w+=,.@-]*", "documentation": "\n\t\tThe name that identifies the group.
\n\t", "required": true }, "GroupId": { "shape_name": "idType", "type": "string", "min_length": 16, "max_length": 32, "pattern": "[\\w]*", "documentation": "\n\t\tThe stable and unique string identifying the group. For more information about IDs, see Identifiers for IAM Entities in Using AWS Identity and Access\n\t\t\t\tManagement.
\n\t", "required": true }, "Arn": { "shape_name": "arnType", "type": "string", "min_length": 20, "max_length": 2048, "documentation": "\n\t\tThe Amazon Resource Name (ARN) specifying the group. For more information about ARNs and how\n\t\t\tto use them in policies, see Identifiers for IAM Entities in Using AWS Identity and Access\n\t\t\t\tManagement.
\n\t", "required": true }, "CreateDate": { "shape_name": "dateType", "type": "timestamp", "documentation": "\n\t\tThe date when the group was created.
\n\t", "required": true } }, "documentation": "\n\t\tInformation about the group.
\n\t", "required": true }, "Users": { "shape_name": "userListType", "type": "list", "members": { "shape_name": "User", "type": "structure", "members": { "Path": { "shape_name": "pathType", "type": "string", "min_length": 1, "max_length": 512, "pattern": "(\\u002F)|(\\u002F[\\u0021-\\u007F]+\\u002F)", "documentation": "\n\t\tPath to the user. For more information about paths, see Identifiers for IAM Entities in Using AWS Identity and Access\n\t\t\t\tManagement.
\n\t", "required": true }, "UserName": { "shape_name": "userNameType", "type": "string", "min_length": 1, "max_length": 64, "pattern": "[\\w+=,.@-]*", "documentation": "\n\t\tThe name identifying the user.
\n\t", "required": true }, "UserId": { "shape_name": "idType", "type": "string", "min_length": 16, "max_length": 32, "pattern": "[\\w]*", "documentation": "\n\t\tThe stable and unique string identifying the user. For more information about IDs, see Identifiers for IAM Entities in Using AWS Identity and Access\n\t\t\t\tManagement.
\n\t", "required": true }, "Arn": { "shape_name": "arnType", "type": "string", "min_length": 20, "max_length": 2048, "documentation": "\n\t\tThe Amazon Resource Name (ARN) specifying the user. For more information about ARNs and how\n\t\t\tto use them in policies, see Identifiers for IAM Entities in Using AWS Identity and Access\n\t\t\t\tManagement.
\n\t", "required": true }, "CreateDate": { "shape_name": "dateType", "type": "timestamp", "documentation": "\n\t\tThe date when the user was created.
\n\t", "required": true } }, "documentation": "\n\t\tThe User data type contains information about a user.
\n\t\tThis data type is used as a response element in the following actions:
\n\t\tA list of users in the group.
\n\t", "required": true }, "IsTruncated": { "shape_name": "booleanType", "type": "boolean", "documentation": "\n\t\tA flag that indicates whether there are more user names to list. If your results were\n\t\t\ttruncated, you can make a subsequent pagination request using the Marker
request\n\t\t\tparameter to retrieve more user names in the list.
If IsTruncated is true
, then this element is present and contains the value to\n\t\t\tuse for the Marker
parameter in a subsequent pagination request.
Contains the result of a successful invocation of the GetGroup action.
\n\t" }, "errors": [ { "shape_name": "NoSuchEntityException", "type": "structure", "members": { "message": { "shape_name": "noSuchEntityMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it referenced an entity that does not exist. The error\n\t\t\tmessage describes the entity.
\n\t" } ], "documentation": "\n\t\tReturns a list of users that are in the specified group. You can paginate the results using\n\t\t\tthe MaxItems
and Marker
parameters.
Name of the group the policy is associated with.
\n\t", "required": true }, "PolicyName": { "shape_name": "policyNameType", "type": "string", "min_length": 1, "max_length": 128, "pattern": "[\\w+=,.@-]*", "documentation": "\n\t\tName of the policy document to get.
\n\t", "required": true } }, "documentation": " " }, "output": { "shape_name": "GetGroupPolicyResponse", "type": "structure", "members": { "GroupName": { "shape_name": "groupNameType", "type": "string", "min_length": 1, "max_length": 128, "pattern": "[\\w+=,.@-]*", "documentation": "\n\t\tThe group the policy is associated with.
\n\t", "required": true }, "PolicyName": { "shape_name": "policyNameType", "type": "string", "min_length": 1, "max_length": 128, "pattern": "[\\w+=,.@-]*", "documentation": "\n\t\tThe name of the policy.
\n\t", "required": true }, "PolicyDocument": { "shape_name": "policyDocumentType", "type": "string", "pattern": "[\\u0009\\u000A\\u000D\\u0020-\\u00FF]+", "min_length": 1, "max_length": 131072, "documentation": "\n\t\tThe policy document.
\n\t", "required": true } }, "documentation": "\n\t\tContains the result of a successful invocation of the GetGroupPolicy action.
\n\t" }, "errors": [ { "shape_name": "NoSuchEntityException", "type": "structure", "members": { "message": { "shape_name": "noSuchEntityMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it referenced an entity that does not exist. The error\n\t\t\tmessage describes the entity.
\n\t" } ], "documentation": "\n\t\tRetrieves the specified policy document for the specified group. The returned policy is\n\t\t\tURL-encoded according to RFC 3986. For more information about RFC 3986, go to http://www.faqs.org/rfcs/rfc3986.html.
\n\t\tName of the instance profile to get information about.
\n\t", "required": true } }, "documentation": " " }, "output": { "shape_name": "GetInstanceProfileResponse", "type": "structure", "members": { "InstanceProfile": { "shape_name": "InstanceProfile", "type": "structure", "members": { "Path": { "shape_name": "pathType", "type": "string", "min_length": 1, "max_length": 512, "pattern": "(\\u002F)|(\\u002F[\\u0021-\\u007F]+\\u002F)", "documentation": "\n\t\tPath to the instance profile. For more information about paths, see Identifiers for IAM Entities in Using AWS Identity and Access\n\t\t\t\tManagement.
\n\t", "required": true }, "InstanceProfileName": { "shape_name": "instanceProfileNameType", "type": "string", "min_length": 1, "max_length": 128, "pattern": "[\\w+=,.@-]*", "documentation": "\n\t\tThe name identifying the instance profile.
\n\t", "required": true }, "InstanceProfileId": { "shape_name": "idType", "type": "string", "min_length": 16, "max_length": 32, "pattern": "[\\w]*", "documentation": "\n\t\tThe stable and unique string identifying the instance profile. For more information about\n\t\t\tIDs, see Identifiers for IAM Entities in Using AWS Identity and Access\n\t\t\t\tManagement.
\n\t", "required": true }, "Arn": { "shape_name": "arnType", "type": "string", "min_length": 20, "max_length": 2048, "documentation": "\n\t\tThe Amazon Resource Name (ARN) specifying the instance profile. For more information about\n\t\t\tARNs and how to use them in policies, see Identifiers for IAM Entities in Using AWS Identity and Access\n\t\t\t\tManagement.
\n\t", "required": true }, "CreateDate": { "shape_name": "dateType", "type": "timestamp", "documentation": "\n\t\tThe date when the instance profile was created.
\n\t", "required": true }, "Roles": { "shape_name": "roleListType", "type": "list", "members": { "shape_name": "Role", "type": "structure", "members": { "Path": { "shape_name": "pathType", "type": "string", "min_length": 1, "max_length": 512, "pattern": "(\\u002F)|(\\u002F[\\u0021-\\u007F]+\\u002F)", "documentation": "\n\t\tPath to the role. For more information about paths, see Identifiers for IAM Entities in Using AWS Identity and Access\n\t\t\t\tManagement.
\n\t", "required": true }, "RoleName": { "shape_name": "roleNameType", "type": "string", "min_length": 1, "max_length": 64, "pattern": "[\\w+=,.@-]*", "documentation": "\n\t\tThe name identifying the role.
\n\t", "required": true }, "RoleId": { "shape_name": "idType", "type": "string", "min_length": 16, "max_length": 32, "pattern": "[\\w]*", "documentation": "\n\t\tThe stable and unique string identifying the role. For more information about IDs, see Identifiers for IAM Entities in Using AWS Identity and Access\n\t\t\t\tManagement.
\n\t", "required": true }, "Arn": { "shape_name": "arnType", "type": "string", "min_length": 20, "max_length": 2048, "documentation": "\n\t\tThe Amazon Resource Name (ARN) specifying the role. For more information about ARNs and how\n\t\t\tto use them in policies, see Identifiers for IAM Entities in Using AWS Identity and Access\n\t\t\t\tManagement.
\n\t", "required": true }, "CreateDate": { "shape_name": "dateType", "type": "timestamp", "documentation": "\n\t\tThe date when the role was created.
\n\t", "required": true }, "AssumeRolePolicyDocument": { "shape_name": "policyDocumentType", "type": "string", "pattern": "[\\u0009\\u000A\\u000D\\u0020-\\u00FF]+", "min_length": 1, "max_length": 131072, "documentation": "\n\t\tThe policy that grants an entity permission to assume the role.
\n\t\tThe returned policy is URL-encoded according to RFC 3986. For more information about RFC\n\t\t\t3986, go to http://www.faqs.org/rfcs/rfc3986.html.
\n\t" } }, "documentation": "\n\t\tThe Role data type contains information about a role.
\n\t\tThis data type is used as a response element in the following actions:
\n\t\tThe role associated with the instance profile.
\n\t", "required": true } }, "documentation": "\n\t\tInformation about the instance profile.
\n\t", "required": true } }, "documentation": "\n\t\tContains the result of a successful invocation of the GetInstanceProfile action.
\n\t" }, "errors": [ { "shape_name": "NoSuchEntityException", "type": "structure", "members": { "message": { "shape_name": "noSuchEntityMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it referenced an entity that does not exist. The error\n\t\t\tmessage describes the entity.
\n\t" } ], "documentation": "\n\t\tRetrieves information about the specified instance profile, including the instance profile's\n\t\t\tpath, GUID, ARN, and role. For more information about instance profiles, go to About Instance\n\t\t\t\tProfiles. For more information about ARNs, go to ARNs.
\n\t\tName of the user whose login profile you want to retrieve.
\n\t", "required": true } }, "documentation": " " }, "output": { "shape_name": "GetLoginProfileResponse", "type": "structure", "members": { "LoginProfile": { "shape_name": "LoginProfile", "type": "structure", "members": { "UserName": { "shape_name": "userNameType", "type": "string", "min_length": 1, "max_length": 64, "pattern": "[\\w+=,.@-]*", "documentation": "\n\t\tThe name of the user, which can be used for signing into the AWS Management Console.
\n\t", "required": true }, "CreateDate": { "shape_name": "dateType", "type": "timestamp", "documentation": "\n\t\tThe date when the password for the user was created.
\n\t", "required": true } }, "documentation": "\n\t\tUser name and password create date for the user.
\n\t", "required": true } }, "documentation": "\n\t\tContains the result of a successful invocation of the GetLoginProfile action.
\n\t" }, "errors": [ { "shape_name": "NoSuchEntityException", "type": "structure", "members": { "message": { "shape_name": "noSuchEntityMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it referenced an entity that does not exist. The error\n\t\t\tmessage describes the entity.
\n\t" } ], "documentation": "\n\t\tRetrieves the user name and password-creation date for the specified user. If the user has\n\t\t\tnot been assigned a password, the action returns a 404 (NoSuchEntity
) error.
Name of the role to get information about.
\n\t", "required": true } }, "documentation": " " }, "output": { "shape_name": "GetRoleResponse", "type": "structure", "members": { "Role": { "shape_name": "Role", "type": "structure", "members": { "Path": { "shape_name": "pathType", "type": "string", "min_length": 1, "max_length": 512, "pattern": "(\\u002F)|(\\u002F[\\u0021-\\u007F]+\\u002F)", "documentation": "\n\t\tPath to the role. For more information about paths, see Identifiers for IAM Entities in Using AWS Identity and Access\n\t\t\t\tManagement.
\n\t", "required": true }, "RoleName": { "shape_name": "roleNameType", "type": "string", "min_length": 1, "max_length": 64, "pattern": "[\\w+=,.@-]*", "documentation": "\n\t\tThe name identifying the role.
\n\t", "required": true }, "RoleId": { "shape_name": "idType", "type": "string", "min_length": 16, "max_length": 32, "pattern": "[\\w]*", "documentation": "\n\t\tThe stable and unique string identifying the role. For more information about IDs, see Identifiers for IAM Entities in Using AWS Identity and Access\n\t\t\t\tManagement.
\n\t", "required": true }, "Arn": { "shape_name": "arnType", "type": "string", "min_length": 20, "max_length": 2048, "documentation": "\n\t\tThe Amazon Resource Name (ARN) specifying the role. For more information about ARNs and how\n\t\t\tto use them in policies, see Identifiers for IAM Entities in Using AWS Identity and Access\n\t\t\t\tManagement.
\n\t", "required": true }, "CreateDate": { "shape_name": "dateType", "type": "timestamp", "documentation": "\n\t\tThe date when the role was created.
\n\t", "required": true }, "AssumeRolePolicyDocument": { "shape_name": "policyDocumentType", "type": "string", "pattern": "[\\u0009\\u000A\\u000D\\u0020-\\u00FF]+", "min_length": 1, "max_length": 131072, "documentation": "\n\t\tThe policy that grants an entity permission to assume the role.
\n\t\tThe returned policy is URL-encoded according to RFC 3986. For more information about RFC\n\t\t\t3986, go to http://www.faqs.org/rfcs/rfc3986.html.
\n\t" } }, "documentation": "\n\t\tInformation about the role.
\n\t", "required": true } }, "documentation": "\n\t\tContains the result of a successful invocation of the GetRole action.
\n\t" }, "errors": [ { "shape_name": "NoSuchEntityException", "type": "structure", "members": { "message": { "shape_name": "noSuchEntityMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it referenced an entity that does not exist. The error\n\t\t\tmessage describes the entity.
\n\t" } ], "documentation": "\n\t\tRetrieves information about the specified role, including the role's path, GUID, ARN, and the\n\t\t\tpolicy granting permission to EC2 to assume the role. For more information about ARNs, go to\n\t\t\t\tARNs. For more information about roles, go to Working with\n\t\t\tRoles.
\n\t\tThe returned policy is URL-encoded according to RFC 3986. For more information about RFC\n\t\t\t3986, go to http://www.faqs.org/rfcs/rfc3986.html.
\n\t\tName of the role associated with the policy.
\n\t", "required": true }, "PolicyName": { "shape_name": "policyNameType", "type": "string", "min_length": 1, "max_length": 128, "pattern": "[\\w+=,.@-]*", "documentation": "\n\t\tName of the policy document to get.
\n\t", "required": true } }, "documentation": " " }, "output": { "shape_name": "GetRolePolicyResponse", "type": "structure", "members": { "RoleName": { "shape_name": "roleNameType", "type": "string", "min_length": 1, "max_length": 64, "pattern": "[\\w+=,.@-]*", "documentation": "\n\t\tThe role the policy is associated with.
\n\t", "required": true }, "PolicyName": { "shape_name": "policyNameType", "type": "string", "min_length": 1, "max_length": 128, "pattern": "[\\w+=,.@-]*", "documentation": "\n\t\tThe name of the policy.
\n\t", "required": true }, "PolicyDocument": { "shape_name": "policyDocumentType", "type": "string", "pattern": "[\\u0009\\u000A\\u000D\\u0020-\\u00FF]+", "min_length": 1, "max_length": 131072, "documentation": "\n\t\tThe policy document.
\n\t", "required": true } }, "documentation": "\n\t\tContains the result of a successful invocation of the GetRolePolicy action.
\n\t" }, "errors": [ { "shape_name": "NoSuchEntityException", "type": "structure", "members": { "message": { "shape_name": "noSuchEntityMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it referenced an entity that does not exist. The error\n\t\t\tmessage describes the entity.
\n\t" } ], "documentation": "\n\t\tRetrieves the specified policy document for the specified role. For more information about\n\t\t\troles, go to Working with\n\t\t\t\tRoles.
\n\t\tThe returned policy is URL-encoded according to RFC 3986. For more information about RFC\n\t\t\t3986, go to http://www.faqs.org/rfcs/rfc3986.html.
\n\t\tThe Amazon Resource Name (ARN) of the SAML provider to get information about.
\n\t", "required": true } }, "documentation": " " }, "output": { "shape_name": "GetSAMLProviderResponse", "type": "structure", "members": { "SAMLMetadataDocument": { "shape_name": "SAMLMetadataDocumentType", "type": "string", "min_length": 1000, "max_length": 10000000, "documentation": "\n\t\tThe XML metadata document that includes information about an identity provider.
\n\t" }, "CreateDate": { "shape_name": "dateType", "type": "timestamp", "documentation": "\n\t\tThe date and time when the SAML provider was created.
\n\t" }, "ValidUntil": { "shape_name": "dateType", "type": "timestamp", "documentation": "\n\t\tThe expiration date and time for the SAML provider.
\n\t" } }, "documentation": "\n\t\tContains the result of a successful invocation of the GetSAMLProvider action.
\n\t" }, "errors": [ { "shape_name": "NoSuchEntityException", "type": "structure", "members": { "message": { "shape_name": "noSuchEntityMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it referenced an entity that does not exist. The error\n\t\t\tmessage describes the entity.
\n\t" }, { "shape_name": "InvalidInputException", "type": "structure", "members": { "message": { "shape_name": "invalidInputMessage", "type": "string", "documentation": null } }, "documentation": null } ], "documentation": "\n\t\tReturns the SAML provider metadocument that was uploaded when the provider was created or\n\t\t\tupdated.
\n\t\tThe name of the server certificate you want to retrieve information about.
\n\t", "required": true } }, "documentation": " " }, "output": { "shape_name": "GetServerCertificateResponse", "type": "structure", "members": { "ServerCertificate": { "shape_name": "ServerCertificate", "type": "structure", "members": { "ServerCertificateMetadata": { "shape_name": "ServerCertificateMetadata", "type": "structure", "members": { "Path": { "shape_name": "pathType", "type": "string", "min_length": 1, "max_length": 512, "pattern": "(\\u002F)|(\\u002F[\\u0021-\\u007F]+\\u002F)", "documentation": "\n\t\tPath to the server certificate. For more information about paths, see Identifiers for IAM Entities in Using AWS Identity and Access\n\t\t\t\tManagement.
\n\t", "required": true }, "ServerCertificateName": { "shape_name": "serverCertificateNameType", "type": "string", "min_length": 1, "max_length": 128, "pattern": "[\\w+=,.@-]*", "documentation": "\n\t\tThe name that identifies the server certificate.
\n\t", "required": true }, "ServerCertificateId": { "shape_name": "idType", "type": "string", "min_length": 16, "max_length": 32, "pattern": "[\\w]*", "documentation": "\n\t\tThe stable and unique string identifying the server certificate. For more information about\n\t\t\tIDs, see Identifiers for IAM Entities in Using AWS Identity and Access\n\t\t\t\tManagement.
\n\t", "required": true }, "Arn": { "shape_name": "arnType", "type": "string", "min_length": 20, "max_length": 2048, "documentation": "\n\t\tThe Amazon Resource Name (ARN) specifying the server certificate. For more information about\n\t\t\tARNs and how to use them in policies, see Identifiers for IAM Entities in Using AWS Identity and Access\n\t\t\t\tManagement.
\n\t", "required": true }, "UploadDate": { "shape_name": "dateType", "type": "timestamp", "documentation": "\n\t\tThe date when the server certificate was uploaded.
\n\t" } }, "documentation": "\n\t\tThe meta information of the server certificate, such as its name, path, ID, and ARN.
\n\t", "required": true }, "CertificateBody": { "shape_name": "certificateBodyType", "type": "string", "min_length": 1, "max_length": 16384, "pattern": "[\\u0009\\u000A\\u000D\\u0020-\\u00FF]+", "documentation": "\n\t\tThe contents of the public key certificate.
\n\t", "required": true }, "CertificateChain": { "shape_name": "certificateChainType", "type": "string", "min_length": 1, "max_length": 2097152, "pattern": "[\\u0009\\u000A\\u000D\\u0020-\\u00FF]*", "documentation": "\n\t\tThe contents of the public key certificate chain.
\n\t" } }, "documentation": "\n\t\tInformation about the server certificate.
\n\t", "required": true } }, "documentation": "\n\t\tContains the result of a successful invocation of the GetServerCertificate action.
\n\t" }, "errors": [ { "shape_name": "NoSuchEntityException", "type": "structure", "members": { "message": { "shape_name": "noSuchEntityMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it referenced an entity that does not exist. The error\n\t\t\tmessage describes the entity.
\n\t" } ], "documentation": "\n\t\tRetrieves information about the specified server certificate.
\n\t\tName of the user to get information about.
\n\t\tThis parameter is optional. If it is not included, it defaults to the user making the\n\t\t\trequest.
\n\t" } }, "documentation": " " }, "output": { "shape_name": "GetUserResponse", "type": "structure", "members": { "User": { "shape_name": "User", "type": "structure", "members": { "Path": { "shape_name": "pathType", "type": "string", "min_length": 1, "max_length": 512, "pattern": "(\\u002F)|(\\u002F[\\u0021-\\u007F]+\\u002F)", "documentation": "\n\t\tPath to the user. For more information about paths, see Identifiers for IAM Entities in Using AWS Identity and Access\n\t\t\t\tManagement.
\n\t", "required": true }, "UserName": { "shape_name": "userNameType", "type": "string", "min_length": 1, "max_length": 64, "pattern": "[\\w+=,.@-]*", "documentation": "\n\t\tThe name identifying the user.
\n\t", "required": true }, "UserId": { "shape_name": "idType", "type": "string", "min_length": 16, "max_length": 32, "pattern": "[\\w]*", "documentation": "\n\t\tThe stable and unique string identifying the user. For more information about IDs, see Identifiers for IAM Entities in Using AWS Identity and Access\n\t\t\t\tManagement.
\n\t", "required": true }, "Arn": { "shape_name": "arnType", "type": "string", "min_length": 20, "max_length": 2048, "documentation": "\n\t\tThe Amazon Resource Name (ARN) specifying the user. For more information about ARNs and how\n\t\t\tto use them in policies, see Identifiers for IAM Entities in Using AWS Identity and Access\n\t\t\t\tManagement.
\n\t", "required": true }, "CreateDate": { "shape_name": "dateType", "type": "timestamp", "documentation": "\n\t\tThe date when the user was created.
\n\t", "required": true } }, "documentation": "\n\t\tInformation about the user.
\n\t", "required": true } }, "documentation": "\n\t\tContains the result of a successful invocation of the GetUser action.
\n\t" }, "errors": [ { "shape_name": "NoSuchEntityException", "type": "structure", "members": { "message": { "shape_name": "noSuchEntityMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it referenced an entity that does not exist. The error\n\t\t\tmessage describes the entity.
\n\t" } ], "documentation": "\n\t\tRetrieves information about the specified user, including the user's path, unique ID, and\n\t\t\tARN.
\n\t\tIf you do not specify a user name, IAM determines the user name implicitly based on the AWS\n\t\t\taccess key ID signing the request.
\n\t\tName of the user who the policy is associated with.
\n\t", "required": true }, "PolicyName": { "shape_name": "policyNameType", "type": "string", "min_length": 1, "max_length": 128, "pattern": "[\\w+=,.@-]*", "documentation": "\n\t\tName of the policy document to get.
\n\t", "required": true } }, "documentation": " " }, "output": { "shape_name": "GetUserPolicyResponse", "type": "structure", "members": { "UserName": { "shape_name": "existingUserNameType", "type": "string", "min_length": 1, "max_length": 128, "pattern": "[\\w+=,.@-]*", "documentation": "\n\t\tThe user the policy is associated with.
\n\t", "required": true }, "PolicyName": { "shape_name": "policyNameType", "type": "string", "min_length": 1, "max_length": 128, "pattern": "[\\w+=,.@-]*", "documentation": "\n\t\tThe name of the policy.
\n\t", "required": true }, "PolicyDocument": { "shape_name": "policyDocumentType", "type": "string", "pattern": "[\\u0009\\u000A\\u000D\\u0020-\\u00FF]+", "min_length": 1, "max_length": 131072, "documentation": "\n\t\tThe policy document.
\n\t", "required": true } }, "documentation": "\n\t\tContains the result of a successful invocation of the GetUserPolicy action.
\n\t" }, "errors": [ { "shape_name": "NoSuchEntityException", "type": "structure", "members": { "message": { "shape_name": "noSuchEntityMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it referenced an entity that does not exist. The error\n\t\t\tmessage describes the entity.
\n\t" } ], "documentation": "\n\t\tRetrieves the specified policy document for the specified user. The returned policy is\n\t\t\tURL-encoded according to RFC 3986. For more information about RFC 3986, go to http://www.faqs.org/rfcs/rfc3986.html.
\n\t\tName of the user.
\n\t" }, "Marker": { "shape_name": "markerType", "type": "string", "min_length": 1, "max_length": 320, "pattern": "[\\u0020-\\u00FF]*", "documentation": "\n\t\tUse this parameter only when paginating results, and only in a subsequent request after\n\t\t\tyou've received a response where the results are truncated. Set it to the value of the\n\t\t\t\tMarker
element in the response you just received.
Use this parameter only when paginating results to indicate the maximum number of keys you\n\t\t\twant in the response. If there are additional keys beyond the maximum you specify, the\n\t\t\t\tIsTruncated
response element is true
. This parameter is optional.\n\t\t\tIf you do not include it, it defaults to 100.
Name of the user the key is associated with.
\n\t" }, "AccessKeyId": { "shape_name": "accessKeyIdType", "type": "string", "min_length": 16, "max_length": 32, "pattern": "[\\w]*", "documentation": "\n\t\tThe ID for this access key.
\n\t" }, "Status": { "shape_name": "statusType", "type": "string", "enum": [ "Active", "Inactive" ], "documentation": "\n\t\tThe status of the access key. Active
means the key is valid for API calls, while\n\t\t\t\tInactive
means it is not.
The date when the access key was created.
\n\t" } }, "documentation": "\n\t\tThe AccessKey data type contains information about an AWS access key, without its secret\n\t\t\tkey.
\n\t\tThis data type is used as a response element in the action ListAccessKeys.
\n\t" }, "documentation": "\n\t\tA list of access key metadata.
\n\t", "required": true }, "IsTruncated": { "shape_name": "booleanType", "type": "boolean", "documentation": "\n\t\tA flag that indicates whether there are more keys to list. If your results were truncated,\n\t\t\tyou can make a subsequent pagination request using the Marker
request parameter\n\t\t\tto retrieve more keys in the list.
If IsTruncated
is true
, this element is present and contains the\n\t\t\tvalue to use for the Marker
parameter in a subsequent pagination request.
Contains the result of a successful invocation of the ListAccessKeys action.
\n\t" }, "errors": [ { "shape_name": "NoSuchEntityException", "type": "structure", "members": { "message": { "shape_name": "noSuchEntityMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it referenced an entity that does not exist. The error\n\t\t\tmessage describes the entity.
\n\t" } ], "documentation": "\n\t\tReturns information about the access key IDs associated with the specified user. If there are\n\t\t\tnone, the action returns an empty list.
\n\t\tAlthough each user is limited to a small number of keys, you can still paginate the results\n\t\t\tusing the MaxItems
and Marker
parameters.
If the UserName
field is not specified, the UserName is determined implicitly\n\t\t\tbased on the AWS access key ID used to sign the request. Because this action works for access\n\t\t\tkeys under the AWS account, this API can be used to manage root credentials even if the AWS\n\t\t\taccount has no associated users.
Use this only when paginating results, and only in a subsequent request after you've received\n\t\t\ta response where the results are truncated. Set it to the value of the Marker
\n\t\t\telement in the response you just received.
Use this only when paginating results to indicate the maximum number of account aliases you\n\t\t\twant in the response. If there are additional account aliases beyond the maximum you specify,\n\t\t\tthe IsTruncated
response element is true
. This parameter is\n\t\t\toptional. If you do not include it, it defaults to 100.
A list of aliases associated with the account.
\n\t", "required": true }, "IsTruncated": { "shape_name": "booleanType", "type": "boolean", "documentation": "\n\t\tA flag that indicates whether there are more account aliases to list. If your results were\n\t\t\ttruncated, you can make a subsequent pagination request using the Marker
request\n\t\t\tparameter to retrieve more account aliases in the list.
Use this only when paginating results, and only in a subsequent request after you've received\n\t\t\ta response where the results are truncated. Set it to the value of the Marker
\n\t\t\telement in the response you just received.
Contains the result of a successful invocation of the ListAccountAliases action.
\n\t" }, "errors": [], "documentation": "\n\t\tLists the account aliases associated with the account. For information about using an AWS\n\t\t\taccount alias, see Using an Alias for Your AWS Account ID in Using AWS Identity and\n\t\t\t\tAccess Management.
\n\t\tYou can paginate the results using the MaxItems
and Marker
\n\t\t\tparameters.
The name of the group to list policies for.
\n\t", "required": true }, "Marker": { "shape_name": "markerType", "type": "string", "min_length": 1, "max_length": 320, "pattern": "[\\u0020-\\u00FF]*", "documentation": "\n\t\tUse this only when paginating results, and only in a subsequent request after you've received\n\t\t\ta response where the results are truncated. Set it to the value of the Marker
\n\t\t\telement in the response you just received.
Use this only when paginating results to indicate the maximum number of policy names you want\n\t\t\tin the response. If there are additional policy names beyond the maximum you specify, the\n\t\t\t\tIsTruncated
response element is true
. This parameter is optional.\n\t\t\tIf you do not include it, it defaults to 100.
A list of policy names.
\n\t", "required": true }, "IsTruncated": { "shape_name": "booleanType", "type": "boolean", "documentation": "\n\t\tA flag that indicates whether there are more policy names to list. If your results were\n\t\t\ttruncated, you can make a subsequent pagination request using the Marker
request\n\t\t\tparameter to retrieve more policy names in the list.
If IsTruncated
is true
, this element is present and contains the\n\t\t\tvalue to use for the Marker
parameter in a subsequent pagination request.
Contains the result of a successful invocation of the ListGroupPolicies action.
\n\t" }, "errors": [ { "shape_name": "NoSuchEntityException", "type": "structure", "members": { "message": { "shape_name": "noSuchEntityMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it referenced an entity that does not exist. The error\n\t\t\tmessage describes the entity.
\n\t" } ], "documentation": "\n\t\tLists the names of the policies associated with the specified group. If there are none, the\n\t\t\taction returns an empty list.
\n\t\tYou can paginate the results using the MaxItems
and Marker
\n\t\t\tparameters.
The path prefix for filtering the results. For example:\n\t\t\t\t/division_abc/subdivision_xyz/
, which would get all groups whose path starts\n\t\t\twith /division_abc/subdivision_xyz/
.
This parameter is optional. If it is not included, it defaults to a slash (/), listing all\n\t\t\tgroups.
\n\t" }, "Marker": { "shape_name": "markerType", "type": "string", "min_length": 1, "max_length": 320, "pattern": "[\\u0020-\\u00FF]*", "documentation": "\n\t\tUse this only when paginating results, and only in a subsequent request after you've received\n\t\t\ta response where the results are truncated. Set it to the value of the Marker
\n\t\t\telement in the response you just received.
Use this only when paginating results to indicate the maximum number of groups you want in\n\t\t\tthe response. If there are additional groups beyond the maximum you specify, the\n\t\t\t\tIsTruncated
response element is true
. This parameter is optional.\n\t\t\tIf you do not include it, it defaults to 100.
Path to the group. For more information about paths, see Identifiers for IAM Entities in Using AWS Identity and Access\n\t\t\t\tManagement.
\n\t", "required": true }, "GroupName": { "shape_name": "groupNameType", "type": "string", "min_length": 1, "max_length": 128, "pattern": "[\\w+=,.@-]*", "documentation": "\n\t\tThe name that identifies the group.
\n\t", "required": true }, "GroupId": { "shape_name": "idType", "type": "string", "min_length": 16, "max_length": 32, "pattern": "[\\w]*", "documentation": "\n\t\tThe stable and unique string identifying the group. For more information about IDs, see Identifiers for IAM Entities in Using AWS Identity and Access\n\t\t\t\tManagement.
\n\t", "required": true }, "Arn": { "shape_name": "arnType", "type": "string", "min_length": 20, "max_length": 2048, "documentation": "\n\t\tThe Amazon Resource Name (ARN) specifying the group. For more information about ARNs and how\n\t\t\tto use them in policies, see Identifiers for IAM Entities in Using AWS Identity and Access\n\t\t\t\tManagement.
\n\t", "required": true }, "CreateDate": { "shape_name": "dateType", "type": "timestamp", "documentation": "\n\t\tThe date when the group was created.
\n\t", "required": true } }, "documentation": "\n\t\tThe Group data type contains information about a group.
\n\t\tThis data type is used as a response element in the following actions:
\n\t\tA list of groups.
\n\t", "required": true }, "IsTruncated": { "shape_name": "booleanType", "type": "boolean", "documentation": "\n\t\tA flag that indicates whether there are more groups to list. If your results were truncated,\n\t\t\tyou can make a subsequent pagination request using the Marker
request parameter\n\t\t\tto retrieve more groups in the list.
If IsTruncated
is true
, this element is present and contains the\n\t\t\tvalue to use for the Marker
parameter in a subsequent pagination request.
Contains the result of a successful invocation of the ListGroups action.
\n\t" }, "errors": [], "documentation": "\n\t\tLists the groups that have the specified path prefix.
\n\t\tYou can paginate the results using the MaxItems
and Marker
\n\t\t\tparameters.
The name of the user to list groups for.
\n\t", "required": true }, "Marker": { "shape_name": "markerType", "type": "string", "min_length": 1, "max_length": 320, "pattern": "[\\u0020-\\u00FF]*", "documentation": "\n\t\tUse this only when paginating results, and only in a subsequent request after you've received\n\t\t\ta response where the results are truncated. Set it to the value of the Marker
\n\t\t\telement in the response you just received.
Use this only when paginating results to indicate the maximum number of groups you want in\n\t\t\tthe response. If there are additional groups beyond the maximum you specify, the\n\t\t\t\tIsTruncated
response element is true
. This parameter is optional.\n\t\t\tIf you do not include it, it defaults to 100.
Path to the group. For more information about paths, see Identifiers for IAM Entities in Using AWS Identity and Access\n\t\t\t\tManagement.
\n\t", "required": true }, "GroupName": { "shape_name": "groupNameType", "type": "string", "min_length": 1, "max_length": 128, "pattern": "[\\w+=,.@-]*", "documentation": "\n\t\tThe name that identifies the group.
\n\t", "required": true }, "GroupId": { "shape_name": "idType", "type": "string", "min_length": 16, "max_length": 32, "pattern": "[\\w]*", "documentation": "\n\t\tThe stable and unique string identifying the group. For more information about IDs, see Identifiers for IAM Entities in Using AWS Identity and Access\n\t\t\t\tManagement.
\n\t", "required": true }, "Arn": { "shape_name": "arnType", "type": "string", "min_length": 20, "max_length": 2048, "documentation": "\n\t\tThe Amazon Resource Name (ARN) specifying the group. For more information about ARNs and how\n\t\t\tto use them in policies, see Identifiers for IAM Entities in Using AWS Identity and Access\n\t\t\t\tManagement.
\n\t", "required": true }, "CreateDate": { "shape_name": "dateType", "type": "timestamp", "documentation": "\n\t\tThe date when the group was created.
\n\t", "required": true } }, "documentation": "\n\t\tThe Group data type contains information about a group.
\n\t\tThis data type is used as a response element in the following actions:
\n\t\tA list of groups.
\n\t", "required": true }, "IsTruncated": { "shape_name": "booleanType", "type": "boolean", "documentation": "\n\t\tA flag that indicates whether there are more groups to list. If your results were truncated,\n\t\t\tyou can make a subsequent pagination request using the Marker
request parameter\n\t\t\tto retrieve more groups in the list.
If IsTruncated
is true
, this element is present and contains the\n\t\t\tvalue to use for the Marker
parameter in a subsequent pagination request.
Contains the result of a successful invocation of the ListGroupsForUser action.
\n\t" }, "errors": [ { "shape_name": "NoSuchEntityException", "type": "structure", "members": { "message": { "shape_name": "noSuchEntityMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it referenced an entity that does not exist. The error\n\t\t\tmessage describes the entity.
\n\t" } ], "documentation": "\n\t\tLists the groups the specified user belongs to.
\n\t\tYou can paginate the results using the MaxItems
and Marker
\n\t\t\tparameters.
The path prefix for filtering the results. For example:\n\t\t\t\t/application_abc/component_xyz/
, which would get all instance profiles whose\n\t\t\tpath starts with /application_abc/component_xyz/
.
This parameter is optional. If it is not included, it defaults to a slash (/), listing all\n\t\t\tinstance profiles.
\n\t" }, "Marker": { "shape_name": "markerType", "type": "string", "min_length": 1, "max_length": 320, "pattern": "[\\u0020-\\u00FF]*", "documentation": "\n\t\tUse this parameter only when paginating results, and only in a subsequent request after\n\t\t\tyou've received a response where the results are truncated. Set it to the value of the\n\t\t\t\tMarker
element in the response you just received.
Use this parameter only when paginating results to indicate the maximum number of user names\n\t\t\tyou want in the response. If there are additional user names beyond the maximum you specify,\n\t\t\tthe IsTruncated
response element is true
. This parameter is\n\t\t\toptional. If you do not include it, it defaults to 100.
Path to the instance profile. For more information about paths, see Identifiers for IAM Entities in Using AWS Identity and Access\n\t\t\t\tManagement.
\n\t", "required": true }, "InstanceProfileName": { "shape_name": "instanceProfileNameType", "type": "string", "min_length": 1, "max_length": 128, "pattern": "[\\w+=,.@-]*", "documentation": "\n\t\tThe name identifying the instance profile.
\n\t", "required": true }, "InstanceProfileId": { "shape_name": "idType", "type": "string", "min_length": 16, "max_length": 32, "pattern": "[\\w]*", "documentation": "\n\t\tThe stable and unique string identifying the instance profile. For more information about\n\t\t\tIDs, see Identifiers for IAM Entities in Using AWS Identity and Access\n\t\t\t\tManagement.
\n\t", "required": true }, "Arn": { "shape_name": "arnType", "type": "string", "min_length": 20, "max_length": 2048, "documentation": "\n\t\tThe Amazon Resource Name (ARN) specifying the instance profile. For more information about\n\t\t\tARNs and how to use them in policies, see Identifiers for IAM Entities in Using AWS Identity and Access\n\t\t\t\tManagement.
\n\t", "required": true }, "CreateDate": { "shape_name": "dateType", "type": "timestamp", "documentation": "\n\t\tThe date when the instance profile was created.
\n\t", "required": true }, "Roles": { "shape_name": "roleListType", "type": "list", "members": { "shape_name": "Role", "type": "structure", "members": { "Path": { "shape_name": "pathType", "type": "string", "min_length": 1, "max_length": 512, "pattern": "(\\u002F)|(\\u002F[\\u0021-\\u007F]+\\u002F)", "documentation": "\n\t\tPath to the role. For more information about paths, see Identifiers for IAM Entities in Using AWS Identity and Access\n\t\t\t\tManagement.
\n\t", "required": true }, "RoleName": { "shape_name": "roleNameType", "type": "string", "min_length": 1, "max_length": 64, "pattern": "[\\w+=,.@-]*", "documentation": "\n\t\tThe name identifying the role.
\n\t", "required": true }, "RoleId": { "shape_name": "idType", "type": "string", "min_length": 16, "max_length": 32, "pattern": "[\\w]*", "documentation": "\n\t\tThe stable and unique string identifying the role. For more information about IDs, see Identifiers for IAM Entities in Using AWS Identity and Access\n\t\t\t\tManagement.
\n\t", "required": true }, "Arn": { "shape_name": "arnType", "type": "string", "min_length": 20, "max_length": 2048, "documentation": "\n\t\tThe Amazon Resource Name (ARN) specifying the role. For more information about ARNs and how\n\t\t\tto use them in policies, see Identifiers for IAM Entities in Using AWS Identity and Access\n\t\t\t\tManagement.
\n\t", "required": true }, "CreateDate": { "shape_name": "dateType", "type": "timestamp", "documentation": "\n\t\tThe date when the role was created.
\n\t", "required": true }, "AssumeRolePolicyDocument": { "shape_name": "policyDocumentType", "type": "string", "pattern": "[\\u0009\\u000A\\u000D\\u0020-\\u00FF]+", "min_length": 1, "max_length": 131072, "documentation": "\n\t\tThe policy that grants an entity permission to assume the role.
\n\t\tThe returned policy is URL-encoded according to RFC 3986. For more information about RFC\n\t\t\t3986, go to http://www.faqs.org/rfcs/rfc3986.html.
\n\t" } }, "documentation": "\n\t\tThe Role data type contains information about a role.
\n\t\tThis data type is used as a response element in the following actions:
\n\t\tThe role associated with the instance profile.
\n\t", "required": true } }, "documentation": "\n\t\tThe InstanceProfile data type contains information about an instance profile.
\n\t\tThis data type is used as a response element in the following actions:
\n\t\tA list of instance profiles.
\n\t", "required": true }, "IsTruncated": { "shape_name": "booleanType", "type": "boolean", "documentation": "\n\t\tA flag that indicates whether there are more instance profiles to list. If your results were\n\t\t\ttruncated, you can make a subsequent pagination request using the Marker
request\n\t\t\tparameter to retrieve more instance profiles in the list.
If IsTruncated
is true
, this element is present and contains the\n\t\t\tvalue to use for the Marker
parameter in a subsequent pagination request.
Contains the result of a successful invocation of the ListInstanceProfiles action.
\n\t" }, "errors": [], "documentation": "\n\t\tLists the instance profiles that have the specified path prefix. If there are none, the\n\t\t\taction returns an empty list. For more information about instance profiles, go to About Instance\n\t\t\t\tProfiles.
\n\t\tYou can paginate the results using the MaxItems
and Marker
\n\t\t\tparameters.
The name of the role to list instance profiles for.
\n\t", "required": true }, "Marker": { "shape_name": "markerType", "type": "string", "min_length": 1, "max_length": 320, "pattern": "[\\u0020-\\u00FF]*", "documentation": "\n\t\tUse this parameter only when paginating results, and only in a subsequent request after\n\t\t\tyou've received a response where the results are truncated. Set it to the value of the\n\t\t\t\tMarker
element in the response you just received.
Use this parameter only when paginating results to indicate the maximum number of user names\n\t\t\tyou want in the response. If there are additional user names beyond the maximum you specify,\n\t\t\tthe IsTruncated
response element is true
. This parameter is\n\t\t\toptional. If you do not include it, it defaults to 100.
Path to the instance profile. For more information about paths, see Identifiers for IAM Entities in Using AWS Identity and Access\n\t\t\t\tManagement.
\n\t", "required": true }, "InstanceProfileName": { "shape_name": "instanceProfileNameType", "type": "string", "min_length": 1, "max_length": 128, "pattern": "[\\w+=,.@-]*", "documentation": "\n\t\tThe name identifying the instance profile.
\n\t", "required": true }, "InstanceProfileId": { "shape_name": "idType", "type": "string", "min_length": 16, "max_length": 32, "pattern": "[\\w]*", "documentation": "\n\t\tThe stable and unique string identifying the instance profile. For more information about\n\t\t\tIDs, see Identifiers for IAM Entities in Using AWS Identity and Access\n\t\t\t\tManagement.
\n\t", "required": true }, "Arn": { "shape_name": "arnType", "type": "string", "min_length": 20, "max_length": 2048, "documentation": "\n\t\tThe Amazon Resource Name (ARN) specifying the instance profile. For more information about\n\t\t\tARNs and how to use them in policies, see Identifiers for IAM Entities in Using AWS Identity and Access\n\t\t\t\tManagement.
\n\t", "required": true }, "CreateDate": { "shape_name": "dateType", "type": "timestamp", "documentation": "\n\t\tThe date when the instance profile was created.
\n\t", "required": true }, "Roles": { "shape_name": "roleListType", "type": "list", "members": { "shape_name": "Role", "type": "structure", "members": { "Path": { "shape_name": "pathType", "type": "string", "min_length": 1, "max_length": 512, "pattern": "(\\u002F)|(\\u002F[\\u0021-\\u007F]+\\u002F)", "documentation": "\n\t\tPath to the role. For more information about paths, see Identifiers for IAM Entities in Using AWS Identity and Access\n\t\t\t\tManagement.
\n\t", "required": true }, "RoleName": { "shape_name": "roleNameType", "type": "string", "min_length": 1, "max_length": 64, "pattern": "[\\w+=,.@-]*", "documentation": "\n\t\tThe name identifying the role.
\n\t", "required": true }, "RoleId": { "shape_name": "idType", "type": "string", "min_length": 16, "max_length": 32, "pattern": "[\\w]*", "documentation": "\n\t\tThe stable and unique string identifying the role. For more information about IDs, see Identifiers for IAM Entities in Using AWS Identity and Access\n\t\t\t\tManagement.
\n\t", "required": true }, "Arn": { "shape_name": "arnType", "type": "string", "min_length": 20, "max_length": 2048, "documentation": "\n\t\tThe Amazon Resource Name (ARN) specifying the role. For more information about ARNs and how\n\t\t\tto use them in policies, see Identifiers for IAM Entities in Using AWS Identity and Access\n\t\t\t\tManagement.
\n\t", "required": true }, "CreateDate": { "shape_name": "dateType", "type": "timestamp", "documentation": "\n\t\tThe date when the role was created.
\n\t", "required": true }, "AssumeRolePolicyDocument": { "shape_name": "policyDocumentType", "type": "string", "pattern": "[\\u0009\\u000A\\u000D\\u0020-\\u00FF]+", "min_length": 1, "max_length": 131072, "documentation": "\n\t\tThe policy that grants an entity permission to assume the role.
\n\t\tThe returned policy is URL-encoded according to RFC 3986. For more information about RFC\n\t\t\t3986, go to http://www.faqs.org/rfcs/rfc3986.html.
\n\t" } }, "documentation": "\n\t\tThe Role data type contains information about a role.
\n\t\tThis data type is used as a response element in the following actions:
\n\t\tThe role associated with the instance profile.
\n\t", "required": true } }, "documentation": "\n\t\tThe InstanceProfile data type contains information about an instance profile.
\n\t\tThis data type is used as a response element in the following actions:
\n\t\tA list of instance profiles.
\n\t", "required": true }, "IsTruncated": { "shape_name": "booleanType", "type": "boolean", "documentation": "\n\t\tA flag that indicates whether there are more instance profiles to list. If your results were\n\t\t\ttruncated, you can make a subsequent pagination request using the Marker
request\n\t\t\tparameter to retrieve more instance profiles in the list.
If IsTruncated
is true
, this element is present and contains the\n\t\t\tvalue to use for the Marker
parameter in a subsequent pagination request.
Contains the result of a successful invocation of the ListInstanceProfilesForRole\n\t\t\taction.
\n\t" }, "errors": [ { "shape_name": "NoSuchEntityException", "type": "structure", "members": { "message": { "shape_name": "noSuchEntityMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it referenced an entity that does not exist. The error\n\t\t\tmessage describes the entity.
\n\t" } ], "documentation": "\n\t\tLists the instance profiles that have the specified associated role. If there are none, the\n\t\t\taction returns an empty list. For more information about instance profiles, go to About Instance\n\t\t\t\tProfiles.
\n\t\tYou can paginate the results using the MaxItems
and Marker
\n\t\t\tparameters.
Name of the user whose MFA devices you want to list.
\n\t" }, "Marker": { "shape_name": "markerType", "type": "string", "min_length": 1, "max_length": 320, "pattern": "[\\u0020-\\u00FF]*", "documentation": "\n\t\tUse this only when paginating results, and only in a subsequent request after you've received\n\t\t\ta response where the results are truncated. Set it to the value of the Marker
\n\t\t\telement in the response you just received.
Use this only when paginating results to indicate the maximum number of MFA devices you want\n\t\t\tin the response. If there are additional MFA devices beyond the maximum you specify, the\n\t\t\t\tIsTruncated
response element is true
. This parameter is optional.\n\t\t\tIf you do not include it, it defaults to 100.
The user with whom the MFA device is associated.
\n\t", "required": true }, "SerialNumber": { "shape_name": "serialNumberType", "type": "string", "min_length": 9, "max_length": 256, "pattern": "[\\w+=/:,.@-]*", "documentation": "\n\t\tThe serial number that uniquely identifies the MFA device. For virtual MFA devices, the\n\t\t\tserial number is the device ARN.
\n\t", "required": true }, "EnableDate": { "shape_name": "dateType", "type": "timestamp", "documentation": "\n\t\tThe date when the MFA device was enabled for the user.
\n\t", "required": true } }, "documentation": "\n\t\tThe MFADevice
data type contains information about an MFA device.
This data type is used as a response element in the action ListMFADevices.
\n\t" }, "documentation": "\n\t\tA list of MFA devices.
\n\t", "required": true }, "IsTruncated": { "shape_name": "booleanType", "type": "boolean", "documentation": "\n\t\tA flag that indicates whether there are more MFA devices to list. If your results were\n\t\t\ttruncated, you can make a subsequent pagination request using the Marker
request\n\t\t\tparameter to retrieve more MFA devices in the list.
If IsTruncated
is true
, this element is present and contains the\n\t\t\tvalue to use for the Marker
parameter in a subsequent pagination request.
Contains the result of a successful invocation of the ListMFADevices action.
\n\t" }, "errors": [ { "shape_name": "NoSuchEntityException", "type": "structure", "members": { "message": { "shape_name": "noSuchEntityMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it referenced an entity that does not exist. The error\n\t\t\tmessage describes the entity.
\n\t" } ], "documentation": "\n\t\tLists the MFA devices. If the request includes the user name, then this action lists all the\n\t\t\tMFA devices associated with the specified user name. If you do not specify a user name, IAM\n\t\t\tdetermines the user name implicitly based on the AWS access key ID signing the request.
\n\t\tYou can paginate the results using the MaxItems
and Marker
\n\t\t\tparameters.
The name of the role to list policies for.
\n\t", "required": true }, "Marker": { "shape_name": "markerType", "type": "string", "min_length": 1, "max_length": 320, "pattern": "[\\u0020-\\u00FF]*", "documentation": "\n\t\tUse this parameter only when paginating results, and only in a subsequent request after\n\t\t\tyou've received a response where the results are truncated. Set it to the value of the\n\t\t\t\tMarker
element in the response you just received.
Use this parameter only when paginating results to indicate the maximum number of user names\n\t\t\tyou want in the response. If there are additional user names beyond the maximum you specify,\n\t\t\tthe IsTruncated
response element is true
. This parameter is\n\t\t\toptional. If you do not include it, it defaults to 100.
A list of policy names.
\n\t", "required": true }, "IsTruncated": { "shape_name": "booleanType", "type": "boolean", "documentation": "\n\t\tA flag that indicates whether there are more policy names to list. If your results were\n\t\t\ttruncated, you can make a subsequent pagination request using the Marker
request\n\t\t\tparameter to retrieve more policy names in the list.
If IsTruncated
is true
, this element is present and contains the\n\t\t\tvalue to use for the Marker
parameter in a subsequent pagination request.
Contains the result of a successful invocation of the ListRolePolicies action.
\n\t" }, "errors": [ { "shape_name": "NoSuchEntityException", "type": "structure", "members": { "message": { "shape_name": "noSuchEntityMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it referenced an entity that does not exist. The error\n\t\t\tmessage describes the entity.
\n\t" } ], "documentation": "\n\t\tLists the names of the policies associated with the specified role. If there are none, the\n\t\t\taction returns an empty list.
\n\t\tYou can paginate the results using the MaxItems
and Marker
\n\t\t\tparameters.
The path prefix for filtering the results. For example:\n\t\t\t\t/application_abc/component_xyz/
, which would get all roles whose path starts\n\t\t\twith /application_abc/component_xyz/
.
This parameter is optional. If it is not included, it defaults to a slash (/), listing all\n\t\t\troles.
\n\t" }, "Marker": { "shape_name": "markerType", "type": "string", "min_length": 1, "max_length": 320, "pattern": "[\\u0020-\\u00FF]*", "documentation": "\n\t\tUse this parameter only when paginating results, and only in a subsequent request after\n\t\t\tyou've received a response where the results are truncated. Set it to the value of the\n\t\t\t\tMarker
element in the response you just received.
Use this parameter only when paginating results to indicate the maximum number of user names\n\t\t\tyou want in the response. If there are additional user names beyond the maximum you specify,\n\t\t\tthe IsTruncated
response element is true
. This parameter is\n\t\t\toptional. If you do not include it, it defaults to 100.
Path to the role. For more information about paths, see Identifiers for IAM Entities in Using AWS Identity and Access\n\t\t\t\tManagement.
\n\t", "required": true }, "RoleName": { "shape_name": "roleNameType", "type": "string", "min_length": 1, "max_length": 64, "pattern": "[\\w+=,.@-]*", "documentation": "\n\t\tThe name identifying the role.
\n\t", "required": true }, "RoleId": { "shape_name": "idType", "type": "string", "min_length": 16, "max_length": 32, "pattern": "[\\w]*", "documentation": "\n\t\tThe stable and unique string identifying the role. For more information about IDs, see Identifiers for IAM Entities in Using AWS Identity and Access\n\t\t\t\tManagement.
\n\t", "required": true }, "Arn": { "shape_name": "arnType", "type": "string", "min_length": 20, "max_length": 2048, "documentation": "\n\t\tThe Amazon Resource Name (ARN) specifying the role. For more information about ARNs and how\n\t\t\tto use them in policies, see Identifiers for IAM Entities in Using AWS Identity and Access\n\t\t\t\tManagement.
\n\t", "required": true }, "CreateDate": { "shape_name": "dateType", "type": "timestamp", "documentation": "\n\t\tThe date when the role was created.
\n\t", "required": true }, "AssumeRolePolicyDocument": { "shape_name": "policyDocumentType", "type": "string", "pattern": "[\\u0009\\u000A\\u000D\\u0020-\\u00FF]+", "min_length": 1, "max_length": 131072, "documentation": "\n\t\tThe policy that grants an entity permission to assume the role.
\n\t\tThe returned policy is URL-encoded according to RFC 3986. For more information about RFC\n\t\t\t3986, go to http://www.faqs.org/rfcs/rfc3986.html.
\n\t" } }, "documentation": "\n\t\tThe Role data type contains information about a role.
\n\t\tThis data type is used as a response element in the following actions:
\n\t\tA list of roles.
\n\t", "required": true }, "IsTruncated": { "shape_name": "booleanType", "type": "boolean", "documentation": "\n\t\tA flag that indicates whether there are more roles to list. If your results were truncated,\n\t\t\tyou can make a subsequent pagination request using the Marker
request parameter\n\t\t\tto retrieve more roles in the list.
If IsTruncated
is true
, this element is present and contains the\n\t\t\tvalue to use for the Marker
parameter in a subsequent pagination request.
Contains the result of a successful invocation of the ListRoles action.
\n\t" }, "errors": [], "documentation": "\n\t\tLists the roles that have the specified path prefix. If there are none, the action returns an\n\t\t\tempty list. For more information about roles, go to Working with\n\t\t\tRoles.
\n\t\tYou can paginate the results using the MaxItems
and Marker
\n\t\t\tparameters.
The returned policy is URL-encoded according to RFC 3986. For more information about RFC\n\t\t\t3986, go to http://www.faqs.org/rfcs/rfc3986.html.
\n\t\tThe Amazon Resource Name (ARN) of the SAML provider.
\n\t" }, "ValidUntil": { "shape_name": "dateType", "type": "timestamp", "documentation": "\n\t\tThe expiration date and time for the SAML provider.
\n\t" }, "CreateDate": { "shape_name": "dateType", "type": "timestamp", "documentation": "\n\t\tThe date and time when the SAML provider was created.
\n\t" } }, "documentation": "\n\t\tThe list of SAML providers for this account.
\n\t" }, "documentation": "\n\t\tThe list of SAML providers for this account.
\n\t" } }, "documentation": "\n\t\tContains the result of a successful invocation of the ListSAMLProviders action.
\n\t" }, "errors": [], "documentation": "\n\t\tLists the SAML providers in the account.
\n\t\tThe path prefix for filtering the results. For example: /company/servercerts
\n\t\t\twould get all server certificates for which the path starts with\n\t\t\t\t/company/servercerts
.
This parameter is optional. If it is not included, it defaults to a slash (/), listing all\n\t\t\tserver certificates.
\n\t" }, "Marker": { "shape_name": "markerType", "type": "string", "min_length": 1, "max_length": 320, "pattern": "[\\u0020-\\u00FF]*", "documentation": "\n\t\tUse this only when paginating results, and only in a subsequent request after you've received\n\t\t\ta response where the results are truncated. Set it to the value of the Marker
\n\t\t\telement in the response you just received.
Use this only when paginating results to indicate the maximum number of server certificates\n\t\t\tyou want in the response. If there are additional server certificates beyond the maximum you\n\t\t\tspecify, the IsTruncated
response element will be set to true
. This\n\t\t\tparameter is optional. If you do not include it, it defaults to 100.
Path to the server certificate. For more information about paths, see Identifiers for IAM Entities in Using AWS Identity and Access\n\t\t\t\tManagement.
\n\t", "required": true }, "ServerCertificateName": { "shape_name": "serverCertificateNameType", "type": "string", "min_length": 1, "max_length": 128, "pattern": "[\\w+=,.@-]*", "documentation": "\n\t\tThe name that identifies the server certificate.
\n\t", "required": true }, "ServerCertificateId": { "shape_name": "idType", "type": "string", "min_length": 16, "max_length": 32, "pattern": "[\\w]*", "documentation": "\n\t\tThe stable and unique string identifying the server certificate. For more information about\n\t\t\tIDs, see Identifiers for IAM Entities in Using AWS Identity and Access\n\t\t\t\tManagement.
\n\t", "required": true }, "Arn": { "shape_name": "arnType", "type": "string", "min_length": 20, "max_length": 2048, "documentation": "\n\t\tThe Amazon Resource Name (ARN) specifying the server certificate. For more information about\n\t\t\tARNs and how to use them in policies, see Identifiers for IAM Entities in Using AWS Identity and Access\n\t\t\t\tManagement.
\n\t", "required": true }, "UploadDate": { "shape_name": "dateType", "type": "timestamp", "documentation": "\n\t\tThe date when the server certificate was uploaded.
\n\t" } }, "documentation": "\n\t\tServerCertificateMetadata contains information about a server certificate without its\n\t\t\tcertificate body, certificate chain, and private key.
\n\t\tThis data type is used as a response element in the action UploadServerCertificate and\n\t\t\t\tListServerCertificates.
\n\t" }, "documentation": "\n\t\tA list of server certificates.
\n\t", "required": true }, "IsTruncated": { "shape_name": "booleanType", "type": "boolean", "documentation": "\n\t\tA flag that indicates whether there are more server certificates to list. If your results\n\t\t\twere truncated, you can make a subsequent pagination request using the Marker
\n\t\t\trequest parameter to retrieve more server certificates in the list.
If IsTruncated
is true
, this element is present and contains the\n\t\t\tvalue to use for the Marker
parameter in a subsequent pagination request.
Contains the result of a successful invocation of the ListServerCertificates\n\t\t\taction.
\n\t" }, "errors": [], "documentation": "\n\t\tLists the server certificates that have the specified path prefix. If none exist, the action\n\t\t\treturns an empty list.
\n\t\tYou can paginate the results using the MaxItems
and Marker
\n\t\t\tparameters.
The name of the user.
\n\t" }, "Marker": { "shape_name": "markerType", "type": "string", "min_length": 1, "max_length": 320, "pattern": "[\\u0020-\\u00FF]*", "documentation": "\n\t\tUse this only when paginating results, and only in a subsequent request after you've received\n\t\t\ta response where the results are truncated. Set it to the value of the Marker
\n\t\t\telement in the response you just received.
Use this only when paginating results to indicate the maximum number of certificate IDs you\n\t\t\twant in the response. If there are additional certificate IDs beyond the maximum you specify,\n\t\t\tthe IsTruncated
response element is true
. This parameter is\n\t\t\toptional. If you do not include it, it defaults to 100.
Name of the user the signing certificate is associated with.
\n\t", "required": true }, "CertificateId": { "shape_name": "certificateIdType", "type": "string", "min_length": 24, "max_length": 128, "pattern": "[\\w]*", "documentation": "\n\t\tThe ID for the signing certificate.
\n\t", "required": true }, "CertificateBody": { "shape_name": "certificateBodyType", "type": "string", "min_length": 1, "max_length": 16384, "pattern": "[\\u0009\\u000A\\u000D\\u0020-\\u00FF]+", "documentation": "\n\t\tThe contents of the signing certificate.
\n\t", "required": true }, "Status": { "shape_name": "statusType", "type": "string", "enum": [ "Active", "Inactive" ], "documentation": "\n\t\tThe status of the signing certificate. Active
means the key is valid for API\n\t\t\tcalls, while Inactive
means it is not.
The date when the signing certificate was uploaded.
\n\t" } }, "documentation": "\n\t\tThe SigningCertificate data type contains information about an X.509 signing certificate.
\n\t\tThis data type is used as a response element in the actions UploadSigningCertificate\n\t\t\tand ListSigningCertificates.
\n\t" }, "documentation": "\n\t\tA list of the user's signing certificate information.
\n\t", "required": true }, "IsTruncated": { "shape_name": "booleanType", "type": "boolean", "documentation": "\n\t\tA flag that indicates whether there are more certificate IDs to list. If your results were\n\t\t\ttruncated, you can make a subsequent pagination request using the Marker
request\n\t\t\tparameter to retrieve more certificates in the list.
If IsTruncated
is true
, this element is present and contains the\n\t\t\tvalue to use for the Marker
parameter in a subsequent pagination request.
Contains the result of a successful invocation of the ListSigningCertificates\n\t\t\taction.
\n\t" }, "errors": [ { "shape_name": "NoSuchEntityException", "type": "structure", "members": { "message": { "shape_name": "noSuchEntityMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it referenced an entity that does not exist. The error\n\t\t\tmessage describes the entity.
\n\t" } ], "documentation": "\n\t\tReturns information about the signing certificates associated with the specified user. If\n\t\t\tthere are none, the action returns an empty list.
\n\t\tAlthough each user is limited to a small number of signing certificates, you can still\n\t\t\tpaginate the results using the MaxItems
and Marker
parameters.
If the UserName
field is not specified, the user name is determined implicitly\n\t\t\tbased on the AWS access key ID used to sign the request. Because this action works for access\n\t\t\tkeys under the AWS account, this API can be used to manage root credentials even if the AWS\n\t\t\taccount has no associated users.
The name of the user to list policies for.
\n\t", "required": true }, "Marker": { "shape_name": "markerType", "type": "string", "min_length": 1, "max_length": 320, "pattern": "[\\u0020-\\u00FF]*", "documentation": "\n\t\tUse this only when paginating results, and only in a subsequent request after you've received\n\t\t\ta response where the results are truncated. Set it to the value of the Marker
\n\t\t\telement in the response you just received.
Use this only when paginating results to indicate the maximum number of policy names you want\n\t\t\tin the response. If there are additional policy names beyond the maximum you specify, the\n\t\t\t\tIsTruncated
response element is true
. This parameter is optional.\n\t\t\tIf you do not include it, it defaults to 100.
A list of policy names.
\n\t", "required": true }, "IsTruncated": { "shape_name": "booleanType", "type": "boolean", "documentation": "\n\t\tA flag that indicates whether there are more policy names to list. If your results were\n\t\t\ttruncated, you can make a subsequent pagination request using the Marker
request\n\t\t\tparameter to retrieve more policy names in the list.
If IsTruncated
is true
, this element is present and contains the\n\t\t\tvalue to use for the Marker
parameter in a subsequent pagination request.
Contains the result of a successful invocation of the ListUserPolicies action.
\n\t" }, "errors": [ { "shape_name": "NoSuchEntityException", "type": "structure", "members": { "message": { "shape_name": "noSuchEntityMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it referenced an entity that does not exist. The error\n\t\t\tmessage describes the entity.
\n\t" } ], "documentation": "\n\t\tLists the names of the policies associated with the specified user. If there are none, the\n\t\t\taction returns an empty list.
\n\t\tYou can paginate the results using the MaxItems
and Marker
\n\t\t\tparameters.
The path prefix for filtering the results. For example:\n\t\t\t\t/division_abc/subdivision_xyz/
, which would get all user names whose path\n\t\t\tstarts with /division_abc/subdivision_xyz/
.
This parameter is optional. If it is not included, it defaults to a slash (/), listing all\n\t\t\tuser names.
\n\t" }, "Marker": { "shape_name": "markerType", "type": "string", "min_length": 1, "max_length": 320, "pattern": "[\\u0020-\\u00FF]*", "documentation": "\n\t\tUse this parameter only when paginating results, and only in a subsequent request after\n\t\t\tyou've received a response where the results are truncated. Set it to the value of the\n\t\t\t\tMarker
element in the response you just received.
Use this parameter only when paginating results to indicate the maximum number of user names\n\t\t\tyou want in the response. If there are additional user names beyond the maximum you specify,\n\t\t\tthe IsTruncated
response element is true
. This parameter is\n\t\t\toptional. If you do not include it, it defaults to 100.
Path to the user. For more information about paths, see Identifiers for IAM Entities in Using AWS Identity and Access\n\t\t\t\tManagement.
\n\t", "required": true }, "UserName": { "shape_name": "userNameType", "type": "string", "min_length": 1, "max_length": 64, "pattern": "[\\w+=,.@-]*", "documentation": "\n\t\tThe name identifying the user.
\n\t", "required": true }, "UserId": { "shape_name": "idType", "type": "string", "min_length": 16, "max_length": 32, "pattern": "[\\w]*", "documentation": "\n\t\tThe stable and unique string identifying the user. For more information about IDs, see Identifiers for IAM Entities in Using AWS Identity and Access\n\t\t\t\tManagement.
\n\t", "required": true }, "Arn": { "shape_name": "arnType", "type": "string", "min_length": 20, "max_length": 2048, "documentation": "\n\t\tThe Amazon Resource Name (ARN) specifying the user. For more information about ARNs and how\n\t\t\tto use them in policies, see Identifiers for IAM Entities in Using AWS Identity and Access\n\t\t\t\tManagement.
\n\t", "required": true }, "CreateDate": { "shape_name": "dateType", "type": "timestamp", "documentation": "\n\t\tThe date when the user was created.
\n\t", "required": true } }, "documentation": "\n\t\tThe User data type contains information about a user.
\n\t\tThis data type is used as a response element in the following actions:
\n\t\tA list of users.
\n\t", "required": true }, "IsTruncated": { "shape_name": "booleanType", "type": "boolean", "documentation": "\n\t\tA flag that indicates whether there are more user names to list. If your results were\n\t\t\ttruncated, you can make a subsequent pagination request using the Marker
request\n\t\t\tparameter to retrieve more users in the list.
If IsTruncated
is true
, this element is present and contains the\n\t\t\tvalue to use for the Marker
parameter in a subsequent pagination request.
Contains the result of a successful invocation of the ListUsers action.
\n\t" }, "errors": [], "documentation": "\n\t\tLists the users that have the specified path prefix. If there are none, the action returns an\n\t\t\tempty list.
\n\t\tYou can paginate the results using the MaxItems
and Marker
\n\t\t\tparameters.
The status (unassigned or assigned) of the devices to list. If you do not specify an\n\t\t\t\tAssignmentStatus
, the action defaults to Any
which lists both\n\t\t\tassigned and unassigned virtual MFA devices.
Use this parameter only when paginating results, and only in a subsequent request after\n\t\t\tyou've received a response where the results are truncated. Set it to the value of the\n\t\t\t\tMarker
element in the response you just received.
Use this parameter only when paginating results to indicate the maximum number of user names\n\t\t\tyou want in the response. If there are additional user names beyond the maximum you specify,\n\t\t\tthe IsTruncated
response element is true
. This parameter is\n\t\t\toptional. If you do not include it, it defaults to 100.
The serial number associated with VirtualMFADevice
.
The Base32 seed defined as specified in RFC3548. The Base32StringSeed
is Base64-encoded.
A QR code PNG image that encodes otpauth://totp/$virtualMFADeviceName@$AccountName?\n\t\t\t\tsecret=$Base32String where $virtualMFADeviceName is one of the create call arguments,\n\t\t\tAccountName is the user name if set (accountId otherwise), and Base32String is the seed in\n\t\t\tBase32 format. The Base32String
is Base64-encoded.
Path to the user. For more information about paths, see Identifiers for IAM Entities in Using AWS Identity and Access\n\t\t\t\tManagement.
\n\t", "required": true }, "UserName": { "shape_name": "userNameType", "type": "string", "min_length": 1, "max_length": 64, "pattern": "[\\w+=,.@-]*", "documentation": "\n\t\tThe name identifying the user.
\n\t", "required": true }, "UserId": { "shape_name": "idType", "type": "string", "min_length": 16, "max_length": 32, "pattern": "[\\w]*", "documentation": "\n\t\tThe stable and unique string identifying the user. For more information about IDs, see Identifiers for IAM Entities in Using AWS Identity and Access\n\t\t\t\tManagement.
\n\t", "required": true }, "Arn": { "shape_name": "arnType", "type": "string", "min_length": 20, "max_length": 2048, "documentation": "\n\t\tThe Amazon Resource Name (ARN) specifying the user. For more information about ARNs and how\n\t\t\tto use them in policies, see Identifiers for IAM Entities in Using AWS Identity and Access\n\t\t\t\tManagement.
\n\t", "required": true }, "CreateDate": { "shape_name": "dateType", "type": "timestamp", "documentation": "\n\t\tThe date when the user was created.
\n\t", "required": true } }, "documentation": "\n\t\tThe User data type contains information about a user.
\n\t\tThis data type is used as a response element in the following actions:
\n\t\tThe VirtualMFADevice
data type contains information about a virtual MFA\n\t\t\tdevice.
A flag that indicates whether there are more items to list. If your results were truncated,\n\t\t\tyou can make a subsequent pagination request using the Marker
request parameter\n\t\t\tto retrieve more items the list.
If IsTruncated
is true
, this element is present and contains the\n\t\t\tvalue to use for the Marker
parameter in a subsequent pagination request.
Contains the result of a successful invocation of the ListVirtualMFADevices\n\t\t\taction.
\n\t" }, "errors": [], "documentation": "\n\t\t Lists the virtual MFA devices under the AWS account by assignment status. If you do not\n\t\t\tspecify an assignment status, the action returns a list of all virtual MFA devices. Assignment\n\t\t\tstatus can be Assigned
, Unassigned
, or Any
.
You can paginate the results using the MaxItems
and Marker
\n\t\t\tparameters.
Name of the group to associate the policy with.
\n\t", "required": true }, "PolicyName": { "shape_name": "policyNameType", "type": "string", "min_length": 1, "max_length": 128, "pattern": "[\\w+=,.@-]*", "documentation": "\n\t\tName of the policy document.
\n\t", "required": true }, "PolicyDocument": { "shape_name": "policyDocumentType", "type": "string", "pattern": "[\\u0009\\u000A\\u000D\\u0020-\\u00FF]+", "min_length": 1, "max_length": 131072, "documentation": "\n\t\tThe policy document.
\n\t", "required": true } }, "documentation": " " }, "output": null, "errors": [ { "shape_name": "LimitExceededException", "type": "structure", "members": { "message": { "shape_name": "limitExceededMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it attempted to create resources beyond the current AWS\n\t\t\taccount limits. The error message describes the limit exceeded.
\n\t" }, { "shape_name": "MalformedPolicyDocumentException", "type": "structure", "members": { "message": { "shape_name": "malformedPolicyDocumentMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because the policy document was malformed. The error message\n\t\t\tdescribes the specific error.
\n\t" }, { "shape_name": "NoSuchEntityException", "type": "structure", "members": { "message": { "shape_name": "noSuchEntityMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it referenced an entity that does not exist. The error\n\t\t\tmessage describes the entity.
\n\t" } ], "documentation": "\n\t\tAdds (or updates) a policy document associated with the specified group. For information\n\t\t\tabout policies, refer to Overview of Policies in Using AWS Identity and Access Management.
\n\t\tFor information about limits on the number of policies you can associate with a group, see Limitations on IAM Entities in Using AWS Identity and Access\n\t\t\t\tManagement.
\n\t\tPutGroupPolicy
. For information about setting up signatures and authorization\n\t\t\tthrough the API, go to Signing AWS API Requests in the AWS General Reference. For general information\n\t\t\tabout using the Query API with IAM, go to Making\n\t\t\t\tQuery Requests in Using IAM.Name of the role to associate the policy with.
\n\t", "required": true }, "PolicyName": { "shape_name": "policyNameType", "type": "string", "min_length": 1, "max_length": 128, "pattern": "[\\w+=,.@-]*", "documentation": "\n\t\tName of the policy document.
\n\t", "required": true }, "PolicyDocument": { "shape_name": "policyDocumentType", "type": "string", "pattern": "[\\u0009\\u000A\\u000D\\u0020-\\u00FF]+", "min_length": 1, "max_length": 131072, "documentation": "\n\t\tThe policy document.
\n\t", "required": true } }, "documentation": " " }, "output": null, "errors": [ { "shape_name": "LimitExceededException", "type": "structure", "members": { "message": { "shape_name": "limitExceededMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it attempted to create resources beyond the current AWS\n\t\t\taccount limits. The error message describes the limit exceeded.
\n\t" }, { "shape_name": "MalformedPolicyDocumentException", "type": "structure", "members": { "message": { "shape_name": "malformedPolicyDocumentMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because the policy document was malformed. The error message\n\t\t\tdescribes the specific error.
\n\t" }, { "shape_name": "NoSuchEntityException", "type": "structure", "members": { "message": { "shape_name": "noSuchEntityMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it referenced an entity that does not exist. The error\n\t\t\tmessage describes the entity.
\n\t" } ], "documentation": "\n\t\tAdds (or updates) a policy document associated with the specified role. For information about\n\t\t\tpolicies, go to Overview of Policies in Using AWS Identity and Access Management.
\n\t\tFor information about limits on the policies you can associate with a role, see Limitations on IAM Entities in Using AWS Identity and Access\n\t\t\t\tManagement.
\n\t\tPutRolePolicy
. For information about setting up signatures and authorization\n\t\t\tthrough the API, go to Signing AWS API Requests in the AWS General Reference. For general information\n\t\t\tabout using the Query API with IAM, go to Making\n\t\t\t\tQuery Requests in Using IAM.Name of the user to associate the policy with.
\n\t", "required": true }, "PolicyName": { "shape_name": "policyNameType", "type": "string", "min_length": 1, "max_length": 128, "pattern": "[\\w+=,.@-]*", "documentation": "\n\t\tName of the policy document.
\n\t", "required": true }, "PolicyDocument": { "shape_name": "policyDocumentType", "type": "string", "pattern": "[\\u0009\\u000A\\u000D\\u0020-\\u00FF]+", "min_length": 1, "max_length": 131072, "documentation": "\n\t\tThe policy document.
\n\t", "required": true } }, "documentation": " " }, "output": null, "errors": [ { "shape_name": "LimitExceededException", "type": "structure", "members": { "message": { "shape_name": "limitExceededMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it attempted to create resources beyond the current AWS\n\t\t\taccount limits. The error message describes the limit exceeded.
\n\t" }, { "shape_name": "MalformedPolicyDocumentException", "type": "structure", "members": { "message": { "shape_name": "malformedPolicyDocumentMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because the policy document was malformed. The error message\n\t\t\tdescribes the specific error.
\n\t" }, { "shape_name": "NoSuchEntityException", "type": "structure", "members": { "message": { "shape_name": "noSuchEntityMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it referenced an entity that does not exist. The error\n\t\t\tmessage describes the entity.
\n\t" } ], "documentation": "\n\t\tAdds (or updates) a policy document associated with the specified user. For information about\n\t\t\tpolicies, refer to Overview of Policies in Using AWS Identity and Access Management.
\n\t\tFor information about limits on the number of policies you can associate with a user, see Limitations on IAM Entities in Using AWS Identity and Access\n\t\t\t\tManagement.
\n\t\tPutUserPolicy
. For information about setting up signatures and authorization\n\t\t\tthrough the API, go to Signing AWS API Requests in the AWS General Reference. For general information\n\t\t\tabout using the Query API with IAM, go to Making\n\t\t\t\tQuery Requests in Using IAM.Name of the instance profile to update.
\n\t", "required": true }, "RoleName": { "shape_name": "roleNameType", "type": "string", "min_length": 1, "max_length": 64, "pattern": "[\\w+=,.@-]*", "documentation": "\n\t\tName of the role to remove.
\n\t", "required": true } }, "documentation": " " }, "output": null, "errors": [ { "shape_name": "NoSuchEntityException", "type": "structure", "members": { "message": { "shape_name": "noSuchEntityMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it referenced an entity that does not exist. The error\n\t\t\tmessage describes the entity.
\n\t" }, { "shape_name": "LimitExceededException", "type": "structure", "members": { "message": { "shape_name": "limitExceededMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it attempted to create resources beyond the current AWS\n\t\t\taccount limits. The error message describes the limit exceeded.
\n\t" } ], "documentation": "\n\t\tRemoves the specified role from the specified instance profile.
\n\t\tFor more information about roles, go to Working with Roles.\n\t\t\tFor more information about instance profiles, go to About Instance\n\t\t\t\tProfiles.
\n\t\tName of the group to update.
\n\t", "required": true }, "UserName": { "shape_name": "existingUserNameType", "type": "string", "min_length": 1, "max_length": 128, "pattern": "[\\w+=,.@-]*", "documentation": "\n\t\tName of the user to remove.
\n\t", "required": true } }, "documentation": " " }, "output": null, "errors": [ { "shape_name": "NoSuchEntityException", "type": "structure", "members": { "message": { "shape_name": "noSuchEntityMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it referenced an entity that does not exist. The error\n\t\t\tmessage describes the entity.
\n\t" }, { "shape_name": "LimitExceededException", "type": "structure", "members": { "message": { "shape_name": "limitExceededMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it attempted to create resources beyond the current AWS\n\t\t\taccount limits. The error message describes the limit exceeded.
\n\t" } ], "documentation": "\n\t\tRemoves the specified user from the specified group.
\n\t\tName of the user whose MFA device you want to resynchronize.
\n\t", "required": true }, "SerialNumber": { "shape_name": "serialNumberType", "type": "string", "min_length": 9, "max_length": 256, "pattern": "[\\w+=/:,.@-]*", "documentation": "\n\t\tSerial number that uniquely identifies the MFA device.
\n\t", "required": true }, "AuthenticationCode1": { "shape_name": "authenticationCodeType", "type": "string", "min_length": 6, "max_length": 6, "pattern": "[\\d]*", "documentation": "\n\t\tAn authentication code emitted by the device.
\n\t", "required": true }, "AuthenticationCode2": { "shape_name": "authenticationCodeType", "type": "string", "min_length": 6, "max_length": 6, "pattern": "[\\d]*", "documentation": "\n\t\tA subsequent authentication code emitted by the device.
\n\t", "required": true } }, "documentation": " " }, "output": null, "errors": [ { "shape_name": "InvalidAuthenticationCodeException", "type": "structure", "members": { "message": { "shape_name": "invalidAuthenticationCodeMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because the authentication code was not recognized. The error\n\t\t\tmessage describes the specific error.
\n\t" }, { "shape_name": "NoSuchEntityException", "type": "structure", "members": { "message": { "shape_name": "noSuchEntityMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it referenced an entity that does not exist. The error\n\t\t\tmessage describes the entity.
\n\t" }, { "shape_name": "LimitExceededException", "type": "structure", "members": { "message": { "shape_name": "limitExceededMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it attempted to create resources beyond the current AWS\n\t\t\taccount limits. The error message describes the limit exceeded.
\n\t" } ], "documentation": "\n\t\tSynchronizes the specified MFA device with AWS servers.
\n\t\tName of the user whose key you want to update.
\n\t" }, "AccessKeyId": { "shape_name": "accessKeyIdType", "type": "string", "min_length": 16, "max_length": 32, "pattern": "[\\w]*", "documentation": "\n\t\tThe access key ID of the secret access key you want to update.
\n\t", "required": true }, "Status": { "shape_name": "statusType", "type": "string", "enum": [ "Active", "Inactive" ], "documentation": "\n\t\tThe status you want to assign to the secret access key. Active
means the key can\n\t\t\tbe used for API calls to AWS, while Inactive
means the key cannot be used.
The request was rejected because it referenced an entity that does not exist. The error\n\t\t\tmessage describes the entity.
\n\t" }, { "shape_name": "LimitExceededException", "type": "structure", "members": { "message": { "shape_name": "limitExceededMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it attempted to create resources beyond the current AWS\n\t\t\taccount limits. The error message describes the limit exceeded.
\n\t" } ], "documentation": "\n\t\tChanges the status of the specified access key from Active to Inactive, or vice versa. This\n\t\t\taction can be used to disable a user's key as part of a key rotation work flow.
\n\t\tIf the UserName
field is not specified, the UserName is determined implicitly\n\t\t\tbased on the AWS access key ID used to sign the request. Because this action works for access\n\t\t\tkeys under the AWS account, this API can be used to manage root credentials even if the AWS\n\t\t\taccount has no associated users.
For information about rotating keys, see Managing Keys and Certificates in Using AWS Identity and Access\n\t\t\t\tManagement.
\n\t\tThe request was rejected because it referenced an entity that does not exist. The error\n\t\t\tmessage describes the entity.
\n\t" }, { "shape_name": "MalformedPolicyDocumentException", "type": "structure", "members": { "message": { "shape_name": "malformedPolicyDocumentMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because the policy document was malformed. The error message\n\t\t\tdescribes the specific error.
\n\t" }, { "shape_name": "LimitExceededException", "type": "structure", "members": { "message": { "shape_name": "limitExceededMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it attempted to create resources beyond the current AWS\n\t\t\taccount limits. The error message describes the limit exceeded.
\n\t" } ], "documentation": "\n\t\tUpdates the password policy settings for the account. For more information about using a\n\t\t\tpassword policy, go to Managing an\n\t\t\t\tIAM Password Policy.
\n\t\tName of the role to update.
\n\t", "required": true }, "PolicyDocument": { "shape_name": "policyDocumentType", "type": "string", "pattern": "[\\u0009\\u000A\\u000D\\u0020-\\u00FF]+", "min_length": 1, "max_length": 131072, "documentation": "\n\t\tThe policy that grants an entity permission to assume the role.
\n\t", "required": true } }, "documentation": " " }, "output": null, "errors": [ { "shape_name": "NoSuchEntityException", "type": "structure", "members": { "message": { "shape_name": "noSuchEntityMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it referenced an entity that does not exist. The error\n\t\t\tmessage describes the entity.
\n\t" }, { "shape_name": "MalformedPolicyDocumentException", "type": "structure", "members": { "message": { "shape_name": "malformedPolicyDocumentMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because the policy document was malformed. The error message\n\t\t\tdescribes the specific error.
\n\t" }, { "shape_name": "LimitExceededException", "type": "structure", "members": { "message": { "shape_name": "limitExceededMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it attempted to create resources beyond the current AWS\n\t\t\taccount limits. The error message describes the limit exceeded.
\n\t" } ], "documentation": "\n\t\tUpdates the policy that grants an entity permission to assume a role. Currently, only an\n\t\t\tAmazon EC2 instance can assume a role. For more information about roles, go to Working with\n\t\t\tRoles.
\n\t\tName of the group to update. If you're changing the name of the group, this is the original\n\t\t\tname.
\n\t", "required": true }, "NewPath": { "shape_name": "pathType", "type": "string", "min_length": 1, "max_length": 512, "pattern": "(\\u002F)|(\\u002F[\\u0021-\\u007F]+\\u002F)", "documentation": "\n\t\tNew path for the group. Only include this if changing the group's path.
\n\t" }, "NewGroupName": { "shape_name": "groupNameType", "type": "string", "min_length": 1, "max_length": 128, "pattern": "[\\w+=,.@-]*", "documentation": "\n\t\tNew name for the group. Only include this if changing the group's name.
\n\t" } }, "documentation": " " }, "output": null, "errors": [ { "shape_name": "NoSuchEntityException", "type": "structure", "members": { "message": { "shape_name": "noSuchEntityMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it referenced an entity that does not exist. The error\n\t\t\tmessage describes the entity.
\n\t" }, { "shape_name": "EntityAlreadyExistsException", "type": "structure", "members": { "message": { "shape_name": "entityAlreadyExistsMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it attempted to create a resource that already exists.
\n\t" }, { "shape_name": "LimitExceededException", "type": "structure", "members": { "message": { "shape_name": "limitExceededMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it attempted to create resources beyond the current AWS\n\t\t\taccount limits. The error message describes the limit exceeded.
\n\t" } ], "documentation": "\n\t\tUpdates the name and/or the path of the specified group.
\n\t\tName of the user whose password you want to update.
\n\t", "required": true }, "Password": { "shape_name": "passwordType", "type": "string", "min_length": 1, "max_length": 128, "pattern": "[\\u0009\\u000A\\u000D\\u0020-\\u00FF]+", "sensitive": true, "documentation": "\n\t\tThe new password for the user name.
\n\t", "required": true } }, "documentation": null }, "output": null, "errors": [ { "shape_name": "EntityTemporarilyUnmodifiableException", "type": "structure", "members": { "message": { "shape_name": "entityTemporarilyUnmodifiableMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it referenced an entity that is temporarily unmodifiable,\n\t\t\tsuch as a user name that was deleted and then recreated. The error indicates that the request\n\t\t\tis likely to succeed if you try again after waiting several minutes. The error message\n\t\t\tdescribes the entity.
\n\t" }, { "shape_name": "NoSuchEntityException", "type": "structure", "members": { "message": { "shape_name": "noSuchEntityMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it referenced an entity that does not exist. The error\n\t\t\tmessage describes the entity.
\n\t" }, { "shape_name": "PasswordPolicyViolationException", "type": "structure", "members": { "message": { "shape_name": "passwordPolicyViolationMessage", "type": "string", "documentation": null } }, "documentation": "\n\t\tThe request was rejected because the provided password did not meet the requirements imposed\n\t\t\tby the account password policy.
\n\t" }, { "shape_name": "LimitExceededException", "type": "structure", "members": { "message": { "shape_name": "limitExceededMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it attempted to create resources beyond the current AWS\n\t\t\taccount limits. The error message describes the limit exceeded.
\n\t" } ], "documentation": "\n\t\tChanges the password for the specified user.
\n\t\tAn XML document generated by an identity provider (IdP) that supports SAML 2.0. The document\n\t\t\tincludes the issuer's name, expiration information, and keys that can be used to validate the\n\t\t\tSAML authentication response (assertions) that are received from the IdP. You must generate\n\t\t\tthe metadata document using the identity management software that is used as your\n\t\t\torganization's IdP.
\n\t", "required": true }, "SAMLProviderArn": { "shape_name": "arnType", "type": "string", "min_length": 20, "max_length": 2048, "documentation": "\n\t\tThe Amazon Resource Name (ARN) of the SAML provider to update.
\n\t", "required": true } }, "documentation": " " }, "output": { "shape_name": "UpdateSAMLProviderResponse", "type": "structure", "members": { "SAMLProviderArn": { "shape_name": "arnType", "type": "string", "min_length": 20, "max_length": 2048, "documentation": "\n\t\tThe Amazon Resource Name (ARN) of the SAML provider that was updated.
\n\t" } }, "documentation": "\n\t\tContains the result of a successful invocation of the UpdateSAMLProvider action.
\n\t" }, "errors": [ { "shape_name": "NoSuchEntityException", "type": "structure", "members": { "message": { "shape_name": "noSuchEntityMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it referenced an entity that does not exist. The error\n\t\t\tmessage describes the entity.
\n\t" }, { "shape_name": "InvalidInputException", "type": "structure", "members": { "message": { "shape_name": "invalidInputMessage", "type": "string", "documentation": null } }, "documentation": null }, { "shape_name": "LimitExceededException", "type": "structure", "members": { "message": { "shape_name": "limitExceededMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it attempted to create resources beyond the current AWS\n\t\t\taccount limits. The error message describes the limit exceeded.
\n\t" } ], "documentation": "\n\t\tUpdates the metadata document for an existing SAML provider.
\n\t\tThe name of the server certificate that you want to update.
\n\t", "required": true }, "NewPath": { "shape_name": "pathType", "type": "string", "min_length": 1, "max_length": 512, "pattern": "(\\u002F)|(\\u002F[\\u0021-\\u007F]+\\u002F)", "documentation": "\n\t\tThe new path for the server certificate. Include this only if you are updating the server\n\t\t\tcertificate's path.
\n\t" }, "NewServerCertificateName": { "shape_name": "serverCertificateNameType", "type": "string", "min_length": 1, "max_length": 128, "pattern": "[\\w+=,.@-]*", "documentation": "\n\t\tThe new name for the server certificate. Include this only if you are updating the server\n\t\t\tcertificate's name.
\n\t" } }, "documentation": " " }, "output": null, "errors": [ { "shape_name": "NoSuchEntityException", "type": "structure", "members": { "message": { "shape_name": "noSuchEntityMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it referenced an entity that does not exist. The error\n\t\t\tmessage describes the entity.
\n\t" }, { "shape_name": "EntityAlreadyExistsException", "type": "structure", "members": { "message": { "shape_name": "entityAlreadyExistsMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it attempted to create a resource that already exists.
\n\t" }, { "shape_name": "LimitExceededException", "type": "structure", "members": { "message": { "shape_name": "limitExceededMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it attempted to create resources beyond the current AWS\n\t\t\taccount limits. The error message describes the limit exceeded.
\n\t" } ], "documentation": "\n\t\tUpdates the name and/or the path of the specified server certificate.
\n\t\tName of the user the signing certificate belongs to.
\n\t" }, "CertificateId": { "shape_name": "certificateIdType", "type": "string", "min_length": 24, "max_length": 128, "pattern": "[\\w]*", "documentation": "\n\t\tThe ID of the signing certificate you want to update.
\n\t", "required": true }, "Status": { "shape_name": "statusType", "type": "string", "enum": [ "Active", "Inactive" ], "documentation": "\n\t\tThe status you want to assign to the certificate. Active
means the certificate\n\t\t\tcan be used for API calls to AWS, while Inactive
means the certificate cannot be\n\t\t\tused.
The request was rejected because it referenced an entity that does not exist. The error\n\t\t\tmessage describes the entity.
\n\t" }, { "shape_name": "LimitExceededException", "type": "structure", "members": { "message": { "shape_name": "limitExceededMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it attempted to create resources beyond the current AWS\n\t\t\taccount limits. The error message describes the limit exceeded.
\n\t" } ], "documentation": "\n\t\tChanges the status of the specified signing certificate from active to disabled, or vice\n\t\t\tversa. This action can be used to disable a user's signing certificate as part of a\n\t\t\tcertificate rotation work flow.
\n\t\tIf the UserName
field is not specified, the UserName is determined implicitly\n\t\t\tbased on the AWS access key ID used to sign the request. Because this action works for access\n\t\t\tkeys under the AWS account, this API can be used to manage root credentials even if the AWS\n\t\t\taccount has no associated users.
For information about rotating certificates, see Managing Keys and Certificates in Using AWS Identity and Access\n\t\t\t\tManagement.
\n\t\tName of the user to update. If you're changing the name of the user, this is the original\n\t\t\tuser name.
\n\t", "required": true }, "NewPath": { "shape_name": "pathType", "type": "string", "min_length": 1, "max_length": 512, "pattern": "(\\u002F)|(\\u002F[\\u0021-\\u007F]+\\u002F)", "documentation": "\n\t\tNew path for the user. Include this parameter only if you're changing the user's path.
\n\t" }, "NewUserName": { "shape_name": "userNameType", "type": "string", "min_length": 1, "max_length": 64, "pattern": "[\\w+=,.@-]*", "documentation": "\n\t\tNew name for the user. Include this parameter only if you're changing the user's name.
\n\t" } }, "documentation": " " }, "output": null, "errors": [ { "shape_name": "NoSuchEntityException", "type": "structure", "members": { "message": { "shape_name": "noSuchEntityMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it referenced an entity that does not exist. The error\n\t\t\tmessage describes the entity.
\n\t" }, { "shape_name": "LimitExceededException", "type": "structure", "members": { "message": { "shape_name": "limitExceededMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it attempted to create resources beyond the current AWS\n\t\t\taccount limits. The error message describes the limit exceeded.
\n\t" }, { "shape_name": "EntityAlreadyExistsException", "type": "structure", "members": { "message": { "shape_name": "entityAlreadyExistsMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it attempted to create a resource that already exists.
\n\t" }, { "shape_name": "EntityTemporarilyUnmodifiableException", "type": "structure", "members": { "message": { "shape_name": "entityTemporarilyUnmodifiableMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it referenced an entity that is temporarily unmodifiable,\n\t\t\tsuch as a user name that was deleted and then recreated. The error indicates that the request\n\t\t\tis likely to succeed if you try again after waiting several minutes. The error message\n\t\t\tdescribes the entity.
\n\t" } ], "documentation": "\n\t\tUpdates the name and/or the path of the specified user.
\n\t\tThe path for the server certificate. For more information about paths, see Identifiers for IAM Entities in Using AWS Identity and Access\n\t\t\t\tManagement.
\n\t\tThis parameter is optional. If it is not included, it defaults to a slash (/).
\n\t" }, "ServerCertificateName": { "shape_name": "serverCertificateNameType", "type": "string", "min_length": 1, "max_length": 128, "pattern": "[\\w+=,.@-]*", "documentation": "\n\t\tThe name for the server certificate. Do not include the path in this value.
\n\t", "required": true }, "CertificateBody": { "shape_name": "certificateBodyType", "type": "string", "min_length": 1, "max_length": 16384, "pattern": "[\\u0009\\u000A\\u000D\\u0020-\\u00FF]+", "documentation": "\n\t\tThe contents of the public key certificate in PEM-encoded format.
\n\t", "required": true }, "PrivateKey": { "shape_name": "privateKeyType", "type": "string", "min_length": 1, "max_length": 16384, "pattern": "[\\u0009\\u000A\\u000D\\u0020-\\u00FF]*", "sensitive": true, "documentation": "\n\t\tThe contents of the private key in PEM-encoded format.
\n\t", "required": true }, "CertificateChain": { "shape_name": "certificateChainType", "type": "string", "min_length": 1, "max_length": 2097152, "pattern": "[\\u0009\\u000A\\u000D\\u0020-\\u00FF]*", "documentation": "\n\t\tThe contents of the certificate chain. This is typically a concatenation of the PEM-encoded\n\t\t\tpublic key certificates of the chain.
\n\t" } }, "documentation": " " }, "output": { "shape_name": "UploadServerCertificateResponse", "type": "structure", "members": { "ServerCertificateMetadata": { "shape_name": "ServerCertificateMetadata", "type": "structure", "members": { "Path": { "shape_name": "pathType", "type": "string", "min_length": 1, "max_length": 512, "pattern": "(\\u002F)|(\\u002F[\\u0021-\\u007F]+\\u002F)", "documentation": "\n\t\tPath to the server certificate. For more information about paths, see Identifiers for IAM Entities in Using AWS Identity and Access\n\t\t\t\tManagement.
\n\t", "required": true }, "ServerCertificateName": { "shape_name": "serverCertificateNameType", "type": "string", "min_length": 1, "max_length": 128, "pattern": "[\\w+=,.@-]*", "documentation": "\n\t\tThe name that identifies the server certificate.
\n\t", "required": true }, "ServerCertificateId": { "shape_name": "idType", "type": "string", "min_length": 16, "max_length": 32, "pattern": "[\\w]*", "documentation": "\n\t\tThe stable and unique string identifying the server certificate. For more information about\n\t\t\tIDs, see Identifiers for IAM Entities in Using AWS Identity and Access\n\t\t\t\tManagement.
\n\t", "required": true }, "Arn": { "shape_name": "arnType", "type": "string", "min_length": 20, "max_length": 2048, "documentation": "\n\t\tThe Amazon Resource Name (ARN) specifying the server certificate. For more information about\n\t\t\tARNs and how to use them in policies, see Identifiers for IAM Entities in Using AWS Identity and Access\n\t\t\t\tManagement.
\n\t", "required": true }, "UploadDate": { "shape_name": "dateType", "type": "timestamp", "documentation": "\n\t\tThe date when the server certificate was uploaded.
\n\t" } }, "documentation": "\n\t\tThe meta information of the uploaded server certificate without its certificate body,\n\t\t\tcertificate chain, and private key.
\n\t" } }, "documentation": "\n\t\tContains the result of a successful invocation of the UploadServerCertificate\n\t\t\taction.
\n\t" }, "errors": [ { "shape_name": "LimitExceededException", "type": "structure", "members": { "message": { "shape_name": "limitExceededMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it attempted to create resources beyond the current AWS\n\t\t\taccount limits. The error message describes the limit exceeded.
\n\t" }, { "shape_name": "EntityAlreadyExistsException", "type": "structure", "members": { "message": { "shape_name": "entityAlreadyExistsMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it attempted to create a resource that already exists.
\n\t" }, { "shape_name": "MalformedCertificateException", "type": "structure", "members": { "message": { "shape_name": "malformedCertificateMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because the certificate was malformed or expired. The error message\n\t\t\tdescribes the specific error.
\n\t" }, { "shape_name": "KeyPairMismatchException", "type": "structure", "members": { "message": { "shape_name": "keyPairMismatchMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because the public key certificate and the private key do not\n\t\t\tmatch.
\n\t" } ], "documentation": "\n\t\tUploads a server certificate entity for the AWS account. The server certificate entity\n\t\t\tincludes a public key certificate, a private key, and an optional certificate chain, which\n\t\t\tshould all be PEM-encoded.
\n\t\tFor information about the number of server certificates you can upload, see Limitations on IAM Entities in Using AWS Identity and Access\n\t\t\t\tManagement.
\n\t\tUploadServerCertificate
. For information about setting up signatures and\n\t\t\tauthorization through the API, go to Signing AWS API Requests in the AWS General Reference. For general information\n\t\t\tabout using the Query API with IAM, go to Making\n\t\t\t\tQuery Requests in Using IAM.Name of the user the signing certificate is for.
\n\t" }, "CertificateBody": { "shape_name": "certificateBodyType", "type": "string", "min_length": 1, "max_length": 16384, "pattern": "[\\u0009\\u000A\\u000D\\u0020-\\u00FF]+", "documentation": "\n\t\tThe contents of the signing certificate.
\n\t", "required": true } }, "documentation": " " }, "output": { "shape_name": "UploadSigningCertificateResponse", "type": "structure", "members": { "Certificate": { "shape_name": "SigningCertificate", "type": "structure", "members": { "UserName": { "shape_name": "userNameType", "type": "string", "min_length": 1, "max_length": 64, "pattern": "[\\w+=,.@-]*", "documentation": "\n\t\tName of the user the signing certificate is associated with.
\n\t", "required": true }, "CertificateId": { "shape_name": "certificateIdType", "type": "string", "min_length": 24, "max_length": 128, "pattern": "[\\w]*", "documentation": "\n\t\tThe ID for the signing certificate.
\n\t", "required": true }, "CertificateBody": { "shape_name": "certificateBodyType", "type": "string", "min_length": 1, "max_length": 16384, "pattern": "[\\u0009\\u000A\\u000D\\u0020-\\u00FF]+", "documentation": "\n\t\tThe contents of the signing certificate.
\n\t", "required": true }, "Status": { "shape_name": "statusType", "type": "string", "enum": [ "Active", "Inactive" ], "documentation": "\n\t\tThe status of the signing certificate. Active
means the key is valid for API\n\t\t\tcalls, while Inactive
means it is not.
The date when the signing certificate was uploaded.
\n\t" } }, "documentation": "\n\t\tInformation about the certificate.
\n\t", "required": true } }, "documentation": "\n\t\tContains the result of a successful invocation of the UploadSigningCertificate\n\t\t\taction.
\n\t" }, "errors": [ { "shape_name": "LimitExceededException", "type": "structure", "members": { "message": { "shape_name": "limitExceededMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it attempted to create resources beyond the current AWS\n\t\t\taccount limits. The error message describes the limit exceeded.
\n\t" }, { "shape_name": "EntityAlreadyExistsException", "type": "structure", "members": { "message": { "shape_name": "entityAlreadyExistsMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it attempted to create a resource that already exists.
\n\t" }, { "shape_name": "MalformedCertificateException", "type": "structure", "members": { "message": { "shape_name": "malformedCertificateMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because the certificate was malformed or expired. The error message\n\t\t\tdescribes the specific error.
\n\t" }, { "shape_name": "InvalidCertificateException", "type": "structure", "members": { "message": { "shape_name": "invalidCertificateMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because the certificate is invalid.
\n\t" }, { "shape_name": "DuplicateCertificateException", "type": "structure", "members": { "message": { "shape_name": "duplicateCertificateMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because the same certificate is associated to another user under the\n\t\t\taccount.
\n\t" }, { "shape_name": "NoSuchEntityException", "type": "structure", "members": { "message": { "shape_name": "noSuchEntityMessage", "type": "string", "documentation": " " } }, "documentation": "\n\t\tThe request was rejected because it referenced an entity that does not exist. The error\n\t\t\tmessage describes the entity.
\n\t" } ], "documentation": "\n\t\tUploads an X.509 signing certificate and associates it with the specified user. Some AWS\n\t\t\tservices use X.509 signing certificates to validate requests that are signed with a\n\t\t\tcorresponding private key. When you upload the certificate, its default status is\n\t\t\t\tActive
.
If the UserName
field is not specified, the user name is determined implicitly\n\t\t\tbased on the AWS access key ID used to sign the request. Because this action works for access\n\t\t\tkeys under the AWS account, this API can be used to manage root credentials even if the AWS\n\t\t\taccount has no associated users.
UploadSigningCertificate
. For information about setting up\n\t\t\tsignatures and authorization through the API, go to Signing AWS API Requests in the AWS General Reference. For general information\n\t\t\tabout using the Query API with IAM, go to Making\n\t\t\t\tQuery Requests in Using IAM.