💾 Archived View for gmi.noulin.net › gitRepositories › git-off › file › src › node_modules › aws-sdk… captured on 2024-09-29 at 00:41:46. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2023-01-29)
-=-=-=-=-=-=-
iam.d.ts (308713B)
1 import {Request} from '../lib/request';
2 import {Response} from '../lib/response';
3 import {AWSError} from '../lib/error';
4 import {Service} from '../lib/service';
5 import {ServiceConfigurationOptions} from '../lib/service';
6 import {ConfigBase as Config} from '../lib/config';
7 interface Blob {}
8 declare class IAM extends Service {
9 /**
10 * Constructs a service object. This object has one method for each API operation.
11 */
12 constructor(options?: IAM.Types.ClientConfiguration)
13 config: Config & IAM.Types.ClientConfiguration;
14 /**
15 * Adds a new client ID (also known as audience) to the list of client IDs already registered for the specified IAM OpenID Connect (OIDC) provider resource. This action is idempotent; it does not fail or return an error if you add an existing client ID to the provider.
16 */
17 addClientIDToOpenIDConnectProvider(params: IAM.Types.AddClientIDToOpenIDConnectProviderRequest, callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
18 /**
19 * Adds a new client ID (also known as audience) to the list of client IDs already registered for the specified IAM OpenID Connect (OIDC) provider resource. This action is idempotent; it does not fail or return an error if you add an existing client ID to the provider.
20 */
21 addClientIDToOpenIDConnectProvider(callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
22 /**
23 * Adds the specified IAM role to the specified instance profile. The caller of this API must be granted the PassRole permission on the IAM role by a permission policy. For more information about roles, go to Working with Roles. For more information about instance profiles, go to About Instance Profiles.
24 */
25 addRoleToInstanceProfile(params: IAM.Types.AddRoleToInstanceProfileRequest, callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
26 /**
27 * Adds the specified IAM role to the specified instance profile. The caller of this API must be granted the PassRole permission on the IAM role by a permission policy. For more information about roles, go to Working with Roles. For more information about instance profiles, go to About Instance Profiles.
28 */
29 addRoleToInstanceProfile(callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
30 /**
31 * Adds the specified user to the specified group.
32 */
33 addUserToGroup(params: IAM.Types.AddUserToGroupRequest, callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
34 /**
35 * Adds the specified user to the specified group.
36 */
37 addUserToGroup(callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
38 /**
39 * Attaches the specified managed policy to the specified IAM group. You use this API to attach a managed policy to a group. To embed an inline policy in a group, use PutGroupPolicy. For more information about policies, see Managed Policies and Inline Policies in the IAM User Guide.
40 */
41 attachGroupPolicy(params: IAM.Types.AttachGroupPolicyRequest, callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
42 /**
43 * Attaches the specified managed policy to the specified IAM group. You use this API to attach a managed policy to a group. To embed an inline policy in a group, use PutGroupPolicy. For more information about policies, see Managed Policies and Inline Policies in the IAM User Guide.
44 */
45 attachGroupPolicy(callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
46 /**
47 * Attaches the specified managed policy to the specified IAM role. When you attach a managed policy to a role, the managed policy becomes part of the role's permission (access) policy. You cannot use a managed policy as the role's trust policy. The role's trust policy is created at the same time as the role, using CreateRole. You can update a role's trust policy using UpdateAssumeRolePolicy. Use this API to attach a managed policy to a role. To embed an inline policy in a role, use PutRolePolicy. For more information about policies, see Managed Policies and Inline Policies in the IAM User Guide.
48 */
49 attachRolePolicy(params: IAM.Types.AttachRolePolicyRequest, callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
50 /**
51 * Attaches the specified managed policy to the specified IAM role. When you attach a managed policy to a role, the managed policy becomes part of the role's permission (access) policy. You cannot use a managed policy as the role's trust policy. The role's trust policy is created at the same time as the role, using CreateRole. You can update a role's trust policy using UpdateAssumeRolePolicy. Use this API to attach a managed policy to a role. To embed an inline policy in a role, use PutRolePolicy. For more information about policies, see Managed Policies and Inline Policies in the IAM User Guide.
52 */
53 attachRolePolicy(callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
54 /**
55 * Attaches the specified managed policy to the specified user. You use this API to attach a managed policy to a user. To embed an inline policy in a user, use PutUserPolicy. For more information about policies, see Managed Policies and Inline Policies in the IAM User Guide.
56 */
57 attachUserPolicy(params: IAM.Types.AttachUserPolicyRequest, callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
58 /**
59 * Attaches the specified managed policy to the specified user. You use this API to attach a managed policy to a user. To embed an inline policy in a user, use PutUserPolicy. For more information about policies, see Managed Policies and Inline Policies in the IAM User Guide.
60 */
61 attachUserPolicy(callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
62 /**
63 * Changes the password of the IAM user who is calling this action. The root account password is not affected by this action. To change the password for a different user, see UpdateLoginProfile. For more information about modifying passwords, see Managing Passwords in the IAM User Guide.
64 */
65 changePassword(params: IAM.Types.ChangePasswordRequest, callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
66 /**
67 * Changes the password of the IAM user who is calling this action. The root account password is not affected by this action. To change the password for a different user, see UpdateLoginProfile. For more information about modifying passwords, see Managing Passwords in the IAM User Guide.
68 */
69 changePassword(callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
70 /**
71 * Creates a new AWS secret access key and corresponding AWS access key ID for the specified user. The default status for new keys is Active. If you do not specify a user name, IAM determines the user name implicitly based on the AWS access key ID signing the request. Because this action works for access keys under the AWS account, you can use this action to manage root credentials even if the AWS account has no associated users. For information about limits on the number of keys you can create, see Limitations on IAM Entities in the IAM User Guide. To ensure the security of your AWS account, the secret access key is accessible only during key and user creation. You must save the key (for example, in a text file) if you want to be able to access it again. If a secret key is lost, you can delete the access keys for the associated user and then create new keys.
72 */
73 createAccessKey(params: IAM.Types.CreateAccessKeyRequest, callback?: (err: AWSError, data: IAM.Types.CreateAccessKeyResponse) => void): Request<IAM.Types.CreateAccessKeyResponse, AWSError>;
74 /**
75 * Creates a new AWS secret access key and corresponding AWS access key ID for the specified user. The default status for new keys is Active. If you do not specify a user name, IAM determines the user name implicitly based on the AWS access key ID signing the request. Because this action works for access keys under the AWS account, you can use this action to manage root credentials even if the AWS account has no associated users. For information about limits on the number of keys you can create, see Limitations on IAM Entities in the IAM User Guide. To ensure the security of your AWS account, the secret access key is accessible only during key and user creation. You must save the key (for example, in a text file) if you want to be able to access it again. If a secret key is lost, you can delete the access keys for the associated user and then create new keys.
76 */
77 createAccessKey(callback?: (err: AWSError, data: IAM.Types.CreateAccessKeyResponse) => void): Request<IAM.Types.CreateAccessKeyResponse, AWSError>;
78 /**
79 * Creates an alias for your AWS account. For information about using an AWS account alias, see Using an Alias for Your AWS Account ID in the IAM User Guide.
80 */
81 createAccountAlias(params: IAM.Types.CreateAccountAliasRequest, callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
82 /**
83 * Creates an alias for your AWS account. For information about using an AWS account alias, see Using an Alias for Your AWS Account ID in the IAM User Guide.
84 */
85 createAccountAlias(callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
86 /**
87 * Creates a new group. For information about the number of groups you can create, see Limitations on IAM Entities in the IAM User Guide.
88 */
89 createGroup(params: IAM.Types.CreateGroupRequest, callback?: (err: AWSError, data: IAM.Types.CreateGroupResponse) => void): Request<IAM.Types.CreateGroupResponse, AWSError>;
90 /**
91 * Creates a new group. For information about the number of groups you can create, see Limitations on IAM Entities in the IAM User Guide.
92 */
93 createGroup(callback?: (err: AWSError, data: IAM.Types.CreateGroupResponse) => void): Request<IAM.Types.CreateGroupResponse, AWSError>;
94 /**
95 * Creates a new instance profile. For information about instance profiles, go to About Instance Profiles. For information about the number of instance profiles you can create, see Limitations on IAM Entities in the IAM User Guide.
96 */
97 createInstanceProfile(params: IAM.Types.CreateInstanceProfileRequest, callback?: (err: AWSError, data: IAM.Types.CreateInstanceProfileResponse) => void): Request<IAM.Types.CreateInstanceProfileResponse, AWSError>;
98 /**
99 * Creates a new instance profile. For information about instance profiles, go to About Instance Profiles. For information about the number of instance profiles you can create, see Limitations on IAM Entities in the IAM User Guide.
100 */
101 createInstanceProfile(callback?: (err: AWSError, data: IAM.Types.CreateInstanceProfileResponse) => void): Request<IAM.Types.CreateInstanceProfileResponse, AWSError>;
102 /**
103 * Creates a password for the specified user, giving the user the ability to access AWS services through the AWS Management Console. For more information about managing passwords, see Managing Passwords in the IAM User Guide.
104 */
105 createLoginProfile(params: IAM.Types.CreateLoginProfileRequest, callback?: (err: AWSError, data: IAM.Types.CreateLoginProfileResponse) => void): Request<IAM.Types.CreateLoginProfileResponse, AWSError>;
106 /**
107 * Creates a password for the specified user, giving the user the ability to access AWS services through the AWS Management Console. For more information about managing passwords, see Managing Passwords in the IAM User Guide.
108 */
109 createLoginProfile(callback?: (err: AWSError, data: IAM.Types.CreateLoginProfileResponse) => void): Request<IAM.Types.CreateLoginProfileResponse, AWSError>;
110 /**
111 * Creates an IAM entity to describe an identity provider (IdP) that supports OpenID Connect (OIDC). The OIDC provider that you create with this operation can be used as a principal in a role's trust policy to establish a trust relationship between AWS and the OIDC provider. When you create the IAM OIDC provider, you specify the URL of the OIDC identity provider (IdP) to trust, a list of client IDs (also known as audiences) that identify the application or applications that are allowed to authenticate using the OIDC provider, and a list of thumbprints of the server certificate(s) that the IdP uses. You get all of this information from the OIDC IdP that you want to use for access to AWS. Because trust for the OIDC provider is ultimately derived from the IAM provider that this action creates, it is a best practice to limit access to the CreateOpenIDConnectProvider action to highly-privileged users.
112 */
113 createOpenIDConnectProvider(params: IAM.Types.CreateOpenIDConnectProviderRequest, callback?: (err: AWSError, data: IAM.Types.CreateOpenIDConnectProviderResponse) => void): Request<IAM.Types.CreateOpenIDConnectProviderResponse, AWSError>;
114 /**
115 * Creates an IAM entity to describe an identity provider (IdP) that supports OpenID Connect (OIDC). The OIDC provider that you create with this operation can be used as a principal in a role's trust policy to establish a trust relationship between AWS and the OIDC provider. When you create the IAM OIDC provider, you specify the URL of the OIDC identity provider (IdP) to trust, a list of client IDs (also known as audiences) that identify the application or applications that are allowed to authenticate using the OIDC provider, and a list of thumbprints of the server certificate(s) that the IdP uses. You get all of this information from the OIDC IdP that you want to use for access to AWS. Because trust for the OIDC provider is ultimately derived from the IAM provider that this action creates, it is a best practice to limit access to the CreateOpenIDConnectProvider action to highly-privileged users.
116 */
117 createOpenIDConnectProvider(callback?: (err: AWSError, data: IAM.Types.CreateOpenIDConnectProviderResponse) => void): Request<IAM.Types.CreateOpenIDConnectProviderResponse, AWSError>;
118 /**
119 * Creates a new managed policy for your AWS account. This operation creates a policy version with a version identifier of v1 and sets v1 as the policy's default version. For more information about policy versions, see Versioning for Managed Policies in the IAM User Guide. For more information about managed policies in general, see Managed Policies and Inline Policies in the IAM User Guide.
120 */
121 createPolicy(params: IAM.Types.CreatePolicyRequest, callback?: (err: AWSError, data: IAM.Types.CreatePolicyResponse) => void): Request<IAM.Types.CreatePolicyResponse, AWSError>;
122 /**
123 * Creates a new managed policy for your AWS account. This operation creates a policy version with a version identifier of v1 and sets v1 as the policy's default version. For more information about policy versions, see Versioning for Managed Policies in the IAM User Guide. For more information about managed policies in general, see Managed Policies and Inline Policies in the IAM User Guide.
124 */
125 createPolicy(callback?: (err: AWSError, data: IAM.Types.CreatePolicyResponse) => void): Request<IAM.Types.CreatePolicyResponse, AWSError>;
126 /**
127 * Creates a new version of the specified managed policy. To update a managed policy, you create a new policy version. A managed policy can have up to five versions. If the policy has five versions, you must delete an existing version using DeletePolicyVersion before you create a new version. Optionally, you can set the new version as the policy's default version. The default version is the version that is in effect for the IAM users, groups, and roles to which the policy is attached. For more information about managed policy versions, see Versioning for Managed Policies in the IAM User Guide.
128 */
129 createPolicyVersion(params: IAM.Types.CreatePolicyVersionRequest, callback?: (err: AWSError, data: IAM.Types.CreatePolicyVersionResponse) => void): Request<IAM.Types.CreatePolicyVersionResponse, AWSError>;
130 /**
131 * Creates a new version of the specified managed policy. To update a managed policy, you create a new policy version. A managed policy can have up to five versions. If the policy has five versions, you must delete an existing version using DeletePolicyVersion before you create a new version. Optionally, you can set the new version as the policy's default version. The default version is the version that is in effect for the IAM users, groups, and roles to which the policy is attached. For more information about managed policy versions, see Versioning for Managed Policies in the IAM User Guide.
132 */
133 createPolicyVersion(callback?: (err: AWSError, data: IAM.Types.CreatePolicyVersionResponse) => void): Request<IAM.Types.CreatePolicyVersionResponse, AWSError>;
134 /**
135 * Creates a new role for your AWS account. For more information about roles, go to Working with Roles. For information about limitations on role names and the number of roles you can create, go to Limitations on IAM Entities in the IAM User Guide.
136 */
137 createRole(params: IAM.Types.CreateRoleRequest, callback?: (err: AWSError, data: IAM.Types.CreateRoleResponse) => void): Request<IAM.Types.CreateRoleResponse, AWSError>;
138 /**
139 * Creates a new role for your AWS account. For more information about roles, go to Working with Roles. For information about limitations on role names and the number of roles you can create, go to Limitations on IAM Entities in the IAM User Guide.
140 */
141 createRole(callback?: (err: AWSError, data: IAM.Types.CreateRoleResponse) => void): Request<IAM.Types.CreateRoleResponse, AWSError>;
142 /**
143 * Creates an IAM resource that describes an identity provider (IdP) that supports SAML 2.0. The SAML provider resource that you create with this operation can be used as a principal in an IAM role's trust policy to enable federated users who sign-in using the SAML IdP to assume the role. You can create an IAM role that supports Web-based single sign-on (SSO) to the AWS Management Console or one that supports API access to AWS. When you create the SAML provider resource, you upload an a SAML metadata document that you get from your IdP and that includes the issuer's name, expiration information, and keys that can be used to validate the SAML authentication response (assertions) that the IdP sends. You must generate the metadata document using the identity management software that is used as your organization's IdP. This operation requires Signature Version 4. For more information, see Enabling SAML 2.0 Federated Users to Access the AWS Management Console and About SAML 2.0-based Federation in the IAM User Guide.
144 */
145 createSAMLProvider(params: IAM.Types.CreateSAMLProviderRequest, callback?: (err: AWSError, data: IAM.Types.CreateSAMLProviderResponse) => void): Request<IAM.Types.CreateSAMLProviderResponse, AWSError>;
146 /**
147 * Creates an IAM resource that describes an identity provider (IdP) that supports SAML 2.0. The SAML provider resource that you create with this operation can be used as a principal in an IAM role's trust policy to enable federated users who sign-in using the SAML IdP to assume the role. You can create an IAM role that supports Web-based single sign-on (SSO) to the AWS Management Console or one that supports API access to AWS. When you create the SAML provider resource, you upload an a SAML metadata document that you get from your IdP and that includes the issuer's name, expiration information, and keys that can be used to validate the SAML authentication response (assertions) that the IdP sends. You must generate the metadata document using the identity management software that is used as your organization's IdP. This operation requires Signature Version 4. For more information, see Enabling SAML 2.0 Federated Users to Access the AWS Management Console and About SAML 2.0-based Federation in the IAM User Guide.
148 */
149 createSAMLProvider(callback?: (err: AWSError, data: IAM.Types.CreateSAMLProviderResponse) => void): Request<IAM.Types.CreateSAMLProviderResponse, AWSError>;
150 /**
151 * Creates a new IAM user for your AWS account. For information about limitations on the number of IAM users you can create, see Limitations on IAM Entities in the IAM User Guide.
152 */
153 createUser(params: IAM.Types.CreateUserRequest, callback?: (err: AWSError, data: IAM.Types.CreateUserResponse) => void): Request<IAM.Types.CreateUserResponse, AWSError>;
154 /**
155 * Creates a new IAM user for your AWS account. For information about limitations on the number of IAM users you can create, see Limitations on IAM Entities in the IAM User Guide.
156 */
157 createUser(callback?: (err: AWSError, data: IAM.Types.CreateUserResponse) => void): Request<IAM.Types.CreateUserResponse, AWSError>;
158 /**
159 * Creates a new virtual MFA device for the AWS account. After creating the virtual MFA, use EnableMFADevice to attach the MFA device to an IAM user. For more information about creating and working with virtual MFA devices, go to Using a Virtual MFA Device in the IAM User Guide. For information about limits on the number of MFA devices you can create, see Limitations on Entities in the IAM User Guide. The seed information contained in the QR code and the Base32 string should be treated like any other secret access information, such as your AWS access keys or your passwords. After you provision your virtual device, you should ensure that the information is destroyed following secure procedures.
160 */
161 createVirtualMFADevice(params: IAM.Types.CreateVirtualMFADeviceRequest, callback?: (err: AWSError, data: IAM.Types.CreateVirtualMFADeviceResponse) => void): Request<IAM.Types.CreateVirtualMFADeviceResponse, AWSError>;
162 /**
163 * Creates a new virtual MFA device for the AWS account. After creating the virtual MFA, use EnableMFADevice to attach the MFA device to an IAM user. For more information about creating and working with virtual MFA devices, go to Using a Virtual MFA Device in the IAM User Guide. For information about limits on the number of MFA devices you can create, see Limitations on Entities in the IAM User Guide. The seed information contained in the QR code and the Base32 string should be treated like any other secret access information, such as your AWS access keys or your passwords. After you provision your virtual device, you should ensure that the information is destroyed following secure procedures.
164 */
165 createVirtualMFADevice(callback?: (err: AWSError, data: IAM.Types.CreateVirtualMFADeviceResponse) => void): Request<IAM.Types.CreateVirtualMFADeviceResponse, AWSError>;
166 /**
167 * Deactivates the specified MFA device and removes it from association with the user name for which it was originally enabled. For more information about creating and working with virtual MFA devices, go to Using a Virtual MFA Device in the IAM User Guide.
168 */
169 deactivateMFADevice(params: IAM.Types.DeactivateMFADeviceRequest, callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
170 /**
171 * Deactivates the specified MFA device and removes it from association with the user name for which it was originally enabled. For more information about creating and working with virtual MFA devices, go to Using a Virtual MFA Device in the IAM User Guide.
172 */
173 deactivateMFADevice(callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
174 /**
175 * Deletes the access key pair associated with the specified IAM user. If you do not specify a user name, IAM determines the user name implicitly based on the AWS access key ID signing the request. Because this action works for access keys under the AWS account, you can use this action to manage root credentials even if the AWS account has no associated users.
176 */
177 deleteAccessKey(params: IAM.Types.DeleteAccessKeyRequest, callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
178 /**
179 * Deletes the access key pair associated with the specified IAM user. If you do not specify a user name, IAM determines the user name implicitly based on the AWS access key ID signing the request. Because this action works for access keys under the AWS account, you can use this action to manage root credentials even if the AWS account has no associated users.
180 */
181 deleteAccessKey(callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
182 /**
183 * Deletes the specified AWS account alias. For information about using an AWS account alias, see Using an Alias for Your AWS Account ID in the IAM User Guide.
184 */
185 deleteAccountAlias(params: IAM.Types.DeleteAccountAliasRequest, callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
186 /**
187 * Deletes the specified AWS account alias. For information about using an AWS account alias, see Using an Alias for Your AWS Account ID in the IAM User Guide.
188 */
189 deleteAccountAlias(callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
190 /**
191 * Deletes the password policy for the AWS account. There are no parameters.
192 */
193 deleteAccountPasswordPolicy(callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
194 /**
195 * Deletes the specified IAM group. The group must not contain any users or have any attached policies.
196 */
197 deleteGroup(params: IAM.Types.DeleteGroupRequest, callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
198 /**
199 * Deletes the specified IAM group. The group must not contain any users or have any attached policies.
200 */
201 deleteGroup(callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
202 /**
203 * Deletes the specified inline policy that is embedded in the specified IAM group. A group can also have managed policies attached to it. To detach a managed policy from a group, use DetachGroupPolicy. For more information about policies, refer to Managed Policies and Inline Policies in the IAM User Guide.
204 */
205 deleteGroupPolicy(params: IAM.Types.DeleteGroupPolicyRequest, callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
206 /**
207 * Deletes the specified inline policy that is embedded in the specified IAM group. A group can also have managed policies attached to it. To detach a managed policy from a group, use DetachGroupPolicy. For more information about policies, refer to Managed Policies and Inline Policies in the IAM User Guide.
208 */
209 deleteGroupPolicy(callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
210 /**
211 * Deletes the specified instance profile. The instance profile must not have an associated role. Make sure you do not have any Amazon EC2 instances running with the instance profile you are about to delete. Deleting a role or instance profile that is associated with a running instance will break any applications running on the instance. For more information about instance profiles, go to About Instance Profiles.
212 */
213 deleteInstanceProfile(params: IAM.Types.DeleteInstanceProfileRequest, callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
214 /**
215 * Deletes the specified instance profile. The instance profile must not have an associated role. Make sure you do not have any Amazon EC2 instances running with the instance profile you are about to delete. Deleting a role or instance profile that is associated with a running instance will break any applications running on the instance. For more information about instance profiles, go to About Instance Profiles.
216 */
217 deleteInstanceProfile(callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
218 /**
219 * Deletes the password for the specified IAM user, which terminates the user's ability to access AWS services through the AWS Management Console. Deleting a user's password does not prevent a user from accessing AWS through the command line interface or the API. To prevent all user access you must also either make any access keys inactive or delete them. For more information about making keys inactive or deleting them, see UpdateAccessKey and DeleteAccessKey.
220 */
221 deleteLoginProfile(params: IAM.Types.DeleteLoginProfileRequest, callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
222 /**
223 * Deletes the password for the specified IAM user, which terminates the user's ability to access AWS services through the AWS Management Console. Deleting a user's password does not prevent a user from accessing AWS through the command line interface or the API. To prevent all user access you must also either make any access keys inactive or delete them. For more information about making keys inactive or deleting them, see UpdateAccessKey and DeleteAccessKey.
224 */
225 deleteLoginProfile(callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
226 /**
227 * Deletes an OpenID Connect identity provider (IdP) resource object in IAM. Deleting an IAM OIDC provider resource does not update any roles that reference the provider as a principal in their trust policies. Any attempt to assume a role that references a deleted provider fails. This action is idempotent; it does not fail or return an error if you call the action for a provider that does not exist.
228 */
229 deleteOpenIDConnectProvider(params: IAM.Types.DeleteOpenIDConnectProviderRequest, callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
230 /**
231 * Deletes an OpenID Connect identity provider (IdP) resource object in IAM. Deleting an IAM OIDC provider resource does not update any roles that reference the provider as a principal in their trust policies. Any attempt to assume a role that references a deleted provider fails. This action is idempotent; it does not fail or return an error if you call the action for a provider that does not exist.
232 */
233 deleteOpenIDConnectProvider(callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
234 /**
235 * Deletes the specified managed policy. Before you can delete a managed policy, you must first detach the policy from all users, groups, and roles that it is attached to, and you must delete all of the policy's versions. The following steps describe the process for deleting a managed policy: Detach the policy from all users, groups, and roles that the policy is attached to, using the DetachUserPolicy, DetachGroupPolicy, or DetachRolePolicy APIs. To list all the users, groups, and roles that a policy is attached to, use ListEntitiesForPolicy. Delete all versions of the policy using DeletePolicyVersion. To list the policy's versions, use ListPolicyVersions. You cannot use DeletePolicyVersion to delete the version that is marked as the default version. You delete the policy's default version in the next step of the process. Delete the policy (this automatically deletes the policy's default version) using this API. For information about managed policies, see Managed Policies and Inline Policies in the IAM User Guide.
236 */
237 deletePolicy(params: IAM.Types.DeletePolicyRequest, callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
238 /**
239 * Deletes the specified managed policy. Before you can delete a managed policy, you must first detach the policy from all users, groups, and roles that it is attached to, and you must delete all of the policy's versions. The following steps describe the process for deleting a managed policy: Detach the policy from all users, groups, and roles that the policy is attached to, using the DetachUserPolicy, DetachGroupPolicy, or DetachRolePolicy APIs. To list all the users, groups, and roles that a policy is attached to, use ListEntitiesForPolicy. Delete all versions of the policy using DeletePolicyVersion. To list the policy's versions, use ListPolicyVersions. You cannot use DeletePolicyVersion to delete the version that is marked as the default version. You delete the policy's default version in the next step of the process. Delete the policy (this automatically deletes the policy's default version) using this API. For information about managed policies, see Managed Policies and Inline Policies in the IAM User Guide.
240 */
241 deletePolicy(callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
242 /**
243 * Deletes the specified version from the specified managed policy. You cannot delete the default version from a policy using this API. To delete the default version from a policy, use DeletePolicy. To find out which version of a policy is marked as the default version, use ListPolicyVersions. For information about versions for managed policies, see Versioning for Managed Policies in the IAM User Guide.
244 */
245 deletePolicyVersion(params: IAM.Types.DeletePolicyVersionRequest, callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
246 /**
247 * Deletes the specified version from the specified managed policy. You cannot delete the default version from a policy using this API. To delete the default version from a policy, use DeletePolicy. To find out which version of a policy is marked as the default version, use ListPolicyVersions. For information about versions for managed policies, see Versioning for Managed Policies in the IAM User Guide.
248 */
249 deletePolicyVersion(callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
250 /**
251 * Deletes the specified role. The role must not have any policies attached. For more information about roles, go to Working with Roles. Make sure you do not have any Amazon EC2 instances running with the role you are about to delete. Deleting a role or instance profile that is associated with a running instance will break any applications running on the instance.
252 */
253 deleteRole(params: IAM.Types.DeleteRoleRequest, callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
254 /**
255 * Deletes the specified role. The role must not have any policies attached. For more information about roles, go to Working with Roles. Make sure you do not have any Amazon EC2 instances running with the role you are about to delete. Deleting a role or instance profile that is associated with a running instance will break any applications running on the instance.
256 */
257 deleteRole(callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
258 /**
259 * Deletes the specified inline policy that is embedded in the specified IAM role. A role can also have managed policies attached to it. To detach a managed policy from a role, use DetachRolePolicy. For more information about policies, refer to Managed Policies and Inline Policies in the IAM User Guide.
260 */
261 deleteRolePolicy(params: IAM.Types.DeleteRolePolicyRequest, callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
262 /**
263 * Deletes the specified inline policy that is embedded in the specified IAM role. A role can also have managed policies attached to it. To detach a managed policy from a role, use DetachRolePolicy. For more information about policies, refer to Managed Policies and Inline Policies in the IAM User Guide.
264 */
265 deleteRolePolicy(callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
266 /**
267 * Deletes a SAML provider resource in IAM. Deleting the provider resource from IAM does not update any roles that reference the SAML provider resource's ARN as a principal in their trust policies. Any attempt to assume a role that references a non-existent provider resource ARN fails. This operation requires Signature Version 4.
268 */
269 deleteSAMLProvider(params: IAM.Types.DeleteSAMLProviderRequest, callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
270 /**
271 * Deletes a SAML provider resource in IAM. Deleting the provider resource from IAM does not update any roles that reference the SAML provider resource's ARN as a principal in their trust policies. Any attempt to assume a role that references a non-existent provider resource ARN fails. This operation requires Signature Version 4.
272 */
273 deleteSAMLProvider(callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
274 /**
275 * Deletes the specified SSH public key. The SSH public key deleted by this action is used only for authenticating the associated IAM user to an AWS CodeCommit repository. For more information about using SSH keys to authenticate to an AWS CodeCommit repository, see Set up AWS CodeCommit for SSH Connections in the AWS CodeCommit User Guide.
276 */
277 deleteSSHPublicKey(params: IAM.Types.DeleteSSHPublicKeyRequest, callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
278 /**
279 * Deletes the specified SSH public key. The SSH public key deleted by this action is used only for authenticating the associated IAM user to an AWS CodeCommit repository. For more information about using SSH keys to authenticate to an AWS CodeCommit repository, see Set up AWS CodeCommit for SSH Connections in the AWS CodeCommit User Guide.
280 */
281 deleteSSHPublicKey(callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
282 /**
283 * Deletes the specified server certificate. For more information about working with server certificates, including a list of AWS services that can use the server certificates that you manage with IAM, go to Working with Server Certificates in the IAM User Guide. If you are using a server certificate with Elastic Load Balancing, deleting the certificate could have implications for your application. If Elastic Load Balancing doesn't detect the deletion of bound certificates, it may continue to use the certificates. This could cause Elastic Load Balancing to stop accepting traffic. We recommend that you remove the reference to the certificate from Elastic Load Balancing before using this command to delete the certificate. For more information, go to DeleteLoadBalancerListeners in the Elastic Load Balancing API Reference.
284 */
285 deleteServerCertificate(params: IAM.Types.DeleteServerCertificateRequest, callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
286 /**
287 * Deletes the specified server certificate. For more information about working with server certificates, including a list of AWS services that can use the server certificates that you manage with IAM, go to Working with Server Certificates in the IAM User Guide. If you are using a server certificate with Elastic Load Balancing, deleting the certificate could have implications for your application. If Elastic Load Balancing doesn't detect the deletion of bound certificates, it may continue to use the certificates. This could cause Elastic Load Balancing to stop accepting traffic. We recommend that you remove the reference to the certificate from Elastic Load Balancing before using this command to delete the certificate. For more information, go to DeleteLoadBalancerListeners in the Elastic Load Balancing API Reference.
288 */
289 deleteServerCertificate(callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
290 /**
291 * Deletes a signing certificate associated with the specified IAM user. If you do not specify a user name, IAM determines the user name implicitly based on the AWS access key ID signing the request. Because this action works for access keys under the AWS account, you can use this action to manage root credentials even if the AWS account has no associated IAM users.
292 */
293 deleteSigningCertificate(params: IAM.Types.DeleteSigningCertificateRequest, callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
294 /**
295 * Deletes a signing certificate associated with the specified IAM user. If you do not specify a user name, IAM determines the user name implicitly based on the AWS access key ID signing the request. Because this action works for access keys under the AWS account, you can use this action to manage root credentials even if the AWS account has no associated IAM users.
296 */
297 deleteSigningCertificate(callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
298 /**
299 * Deletes the specified IAM user. The user must not belong to any groups or have any access keys, signing certificates, or attached policies.
300 */
301 deleteUser(params: IAM.Types.DeleteUserRequest, callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
302 /**
303 * Deletes the specified IAM user. The user must not belong to any groups or have any access keys, signing certificates, or attached policies.
304 */
305 deleteUser(callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
306 /**
307 * Deletes the specified inline policy that is embedded in the specified IAM user. A user can also have managed policies attached to it. To detach a managed policy from a user, use DetachUserPolicy. For more information about policies, refer to Managed Policies and Inline Policies in the IAM User Guide.
308 */
309 deleteUserPolicy(params: IAM.Types.DeleteUserPolicyRequest, callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
310 /**
311 * Deletes the specified inline policy that is embedded in the specified IAM user. A user can also have managed policies attached to it. To detach a managed policy from a user, use DetachUserPolicy. For more information about policies, refer to Managed Policies and Inline Policies in the IAM User Guide.
312 */
313 deleteUserPolicy(callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
314 /**
315 * Deletes a virtual MFA device. You must deactivate a user's virtual MFA device before you can delete it. For information about deactivating MFA devices, see DeactivateMFADevice.
316 */
317 deleteVirtualMFADevice(params: IAM.Types.DeleteVirtualMFADeviceRequest, callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
318 /**
319 * Deletes a virtual MFA device. You must deactivate a user's virtual MFA device before you can delete it. For information about deactivating MFA devices, see DeactivateMFADevice.
320 */
321 deleteVirtualMFADevice(callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
322 /**
323 * Removes the specified managed policy from the specified IAM group. A group can also have inline policies embedded with it. To delete an inline policy, use the DeleteGroupPolicy API. For information about policies, see Managed Policies and Inline Policies in the IAM User Guide.
324 */
325 detachGroupPolicy(params: IAM.Types.DetachGroupPolicyRequest, callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
326 /**
327 * Removes the specified managed policy from the specified IAM group. A group can also have inline policies embedded with it. To delete an inline policy, use the DeleteGroupPolicy API. For information about policies, see Managed Policies and Inline Policies in the IAM User Guide.
328 */
329 detachGroupPolicy(callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
330 /**
331 * Removes the specified managed policy from the specified role. A role can also have inline policies embedded with it. To delete an inline policy, use the DeleteRolePolicy API. For information about policies, see Managed Policies and Inline Policies in the IAM User Guide.
332 */
333 detachRolePolicy(params: IAM.Types.DetachRolePolicyRequest, callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
334 /**
335 * Removes the specified managed policy from the specified role. A role can also have inline policies embedded with it. To delete an inline policy, use the DeleteRolePolicy API. For information about policies, see Managed Policies and Inline Policies in the IAM User Guide.
336 */
337 detachRolePolicy(callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
338 /**
339 * Removes the specified managed policy from the specified user. A user can also have inline policies embedded with it. To delete an inline policy, use the DeleteUserPolicy API. For information about policies, see Managed Policies and Inline Policies in the IAM User Guide.
340 */
341 detachUserPolicy(params: IAM.Types.DetachUserPolicyRequest, callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
342 /**
343 * Removes the specified managed policy from the specified user. A user can also have inline policies embedded with it. To delete an inline policy, use the DeleteUserPolicy API. For information about policies, see Managed Policies and Inline Policies in the IAM User Guide.
344 */
345 detachUserPolicy(callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
346 /**
347 * Enables the specified MFA device and associates it with the specified IAM user. When enabled, the MFA device is required for every subsequent login by the IAM user associated with the device.
348 */
349 enableMFADevice(params: IAM.Types.EnableMFADeviceRequest, callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
350 /**
351 * Enables the specified MFA device and associates it with the specified IAM user. When enabled, the MFA device is required for every subsequent login by the IAM user associated with the device.
352 */
353 enableMFADevice(callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
354 /**
355 * Generates a credential report for the AWS account. For more information about the credential report, see Getting Credential Reports in the IAM User Guide.
356 */
357 generateCredentialReport(callback?: (err: AWSError, data: IAM.Types.GenerateCredentialReportResponse) => void): Request<IAM.Types.GenerateCredentialReportResponse, AWSError>;
358 /**
359 * Retrieves information about when the specified access key was last used. The information includes the date and time of last use, along with the AWS service and region that were specified in the last request made with that key.
360 */
361 getAccessKeyLastUsed(params: IAM.Types.GetAccessKeyLastUsedRequest, callback?: (err: AWSError, data: IAM.Types.GetAccessKeyLastUsedResponse) => void): Request<IAM.Types.GetAccessKeyLastUsedResponse, AWSError>;
362 /**
363 * Retrieves information about when the specified access key was last used. The information includes the date and time of last use, along with the AWS service and region that were specified in the last request made with that key.
364 */
365 getAccessKeyLastUsed(callback?: (err: AWSError, data: IAM.Types.GetAccessKeyLastUsedResponse) => void): Request<IAM.Types.GetAccessKeyLastUsedResponse, AWSError>;
366 /**
367 * Retrieves information about all IAM users, groups, roles, and policies in your AWS account, including their relationships to one another. Use this API to obtain a snapshot of the configuration of IAM permissions (users, groups, roles, and policies) in your account. You can optionally filter the results using the Filter parameter. You can paginate the results using the MaxItems and Marker parameters.
368 */
369 getAccountAuthorizationDetails(params: IAM.Types.GetAccountAuthorizationDetailsRequest, callback?: (err: AWSError, data: IAM.Types.GetAccountAuthorizationDetailsResponse) => void): Request<IAM.Types.GetAccountAuthorizationDetailsResponse, AWSError>;
370 /**
371 * Retrieves information about all IAM users, groups, roles, and policies in your AWS account, including their relationships to one another. Use this API to obtain a snapshot of the configuration of IAM permissions (users, groups, roles, and policies) in your account. You can optionally filter the results using the Filter parameter. You can paginate the results using the MaxItems and Marker parameters.
372 */
373 getAccountAuthorizationDetails(callback?: (err: AWSError, data: IAM.Types.GetAccountAuthorizationDetailsResponse) => void): Request<IAM.Types.GetAccountAuthorizationDetailsResponse, AWSError>;
374 /**
375 * Retrieves the password policy for the AWS account. For more information about using a password policy, go to Managing an IAM Password Policy.
376 */
377 getAccountPasswordPolicy(callback?: (err: AWSError, data: IAM.Types.GetAccountPasswordPolicyResponse) => void): Request<IAM.Types.GetAccountPasswordPolicyResponse, AWSError>;
378 /**
379 * Retrieves information about IAM entity usage and IAM quotas in the AWS account. For information about limitations on IAM entities, see Limitations on IAM Entities in the IAM User Guide.
380 */
381 getAccountSummary(callback?: (err: AWSError, data: IAM.Types.GetAccountSummaryResponse) => void): Request<IAM.Types.GetAccountSummaryResponse, AWSError>;
382 /**
383 * Gets a list of all of the context keys referenced in the input policies. The policies are supplied as a list of one or more strings. To get the context keys from policies associated with an IAM user, group, or role, use GetContextKeysForPrincipalPolicy. Context keys are variables maintained by AWS and its services that provide details about the context of an API query request, and can be evaluated by testing against a value specified in an IAM policy. Use GetContextKeysForCustomPolicy to understand what key names and values you must supply when you call SimulateCustomPolicy. Note that all parameters are shown in unencoded form here for clarity, but must be URL encoded to be included as a part of a real HTML request.
384 */
385 getContextKeysForCustomPolicy(params: IAM.Types.GetContextKeysForCustomPolicyRequest, callback?: (err: AWSError, data: IAM.Types.GetContextKeysForPolicyResponse) => void): Request<IAM.Types.GetContextKeysForPolicyResponse, AWSError>;
386 /**
387 * Gets a list of all of the context keys referenced in the input policies. The policies are supplied as a list of one or more strings. To get the context keys from policies associated with an IAM user, group, or role, use GetContextKeysForPrincipalPolicy. Context keys are variables maintained by AWS and its services that provide details about the context of an API query request, and can be evaluated by testing against a value specified in an IAM policy. Use GetContextKeysForCustomPolicy to understand what key names and values you must supply when you call SimulateCustomPolicy. Note that all parameters are shown in unencoded form here for clarity, but must be URL encoded to be included as a part of a real HTML request.
388 */
389 getContextKeysForCustomPolicy(callback?: (err: AWSError, data: IAM.Types.GetContextKeysForPolicyResponse) => void): Request<IAM.Types.GetContextKeysForPolicyResponse, AWSError>;
390 /**
391 * Gets a list of all of the context keys referenced in all of the IAM policies attached to the specified IAM entity. The entity can be an IAM user, group, or role. If you specify a user, then the request also includes all of the policies attached to groups that the user is a member of. You can optionally include a list of one or more additional policies, specified as strings. If you want to include only a list of policies by string, use GetContextKeysForCustomPolicy instead. Note: This API discloses information about the permissions granted to other users. If you do not want users to see other user's permissions, then consider allowing them to use GetContextKeysForCustomPolicy instead. Context keys are variables maintained by AWS and its services that provide details about the context of an API query request, and can be evaluated by testing against a value in an IAM policy. Use GetContextKeysForPrincipalPolicy to understand what key names and values you must supply when you call SimulatePrincipalPolicy.
392 */
393 getContextKeysForPrincipalPolicy(params: IAM.Types.GetContextKeysForPrincipalPolicyRequest, callback?: (err: AWSError, data: IAM.Types.GetContextKeysForPolicyResponse) => void): Request<IAM.Types.GetContextKeysForPolicyResponse, AWSError>;
394 /**
395 * Gets a list of all of the context keys referenced in all of the IAM policies attached to the specified IAM entity. The entity can be an IAM user, group, or role. If you specify a user, then the request also includes all of the policies attached to groups that the user is a member of. You can optionally include a list of one or more additional policies, specified as strings. If you want to include only a list of policies by string, use GetContextKeysForCustomPolicy instead. Note: This API discloses information about the permissions granted to other users. If you do not want users to see other user's permissions, then consider allowing them to use GetContextKeysForCustomPolicy instead. Context keys are variables maintained by AWS and its services that provide details about the context of an API query request, and can be evaluated by testing against a value in an IAM policy. Use GetContextKeysForPrincipalPolicy to understand what key names and values you must supply when you call SimulatePrincipalPolicy.
396 */
397 getContextKeysForPrincipalPolicy(callback?: (err: AWSError, data: IAM.Types.GetContextKeysForPolicyResponse) => void): Request<IAM.Types.GetContextKeysForPolicyResponse, AWSError>;
398 /**
399 * Retrieves a credential report for the AWS account. For more information about the credential report, see Getting Credential Reports in the IAM User Guide.
400 */
401 getCredentialReport(callback?: (err: AWSError, data: IAM.Types.GetCredentialReportResponse) => void): Request<IAM.Types.GetCredentialReportResponse, AWSError>;
402 /**
403 * Returns a list of IAM users that are in the specified IAM group. You can paginate the results using the MaxItems and Marker parameters.
404 */
405 getGroup(params: IAM.Types.GetGroupRequest, callback?: (err: AWSError, data: IAM.Types.GetGroupResponse) => void): Request<IAM.Types.GetGroupResponse, AWSError>;
406 /**
407 * Returns a list of IAM users that are in the specified IAM group. You can paginate the results using the MaxItems and Marker parameters.
408 */
409 getGroup(callback?: (err: AWSError, data: IAM.Types.GetGroupResponse) => void): Request<IAM.Types.GetGroupResponse, AWSError>;
410 /**
411 * Retrieves the specified inline policy document that is embedded in the specified IAM group. Policies returned by this API are URL-encoded compliant with RFC 3986. You can use a URL decoding method to convert the policy back to plain JSON text. For example, if you use Java, you can use the decode method of the java.net.URLDecoder utility class in the Java SDK. Other languages and SDKs provide similar functionality. An IAM group can also have managed policies attached to it. To retrieve a managed policy document that is attached to a group, use GetPolicy to determine the policy's default version, then use GetPolicyVersion to retrieve the policy document. For more information about policies, see Managed Policies and Inline Policies in the IAM User Guide.
412 */
413 getGroupPolicy(params: IAM.Types.GetGroupPolicyRequest, callback?: (err: AWSError, data: IAM.Types.GetGroupPolicyResponse) => void): Request<IAM.Types.GetGroupPolicyResponse, AWSError>;
414 /**
415 * Retrieves the specified inline policy document that is embedded in the specified IAM group. Policies returned by this API are URL-encoded compliant with RFC 3986. You can use a URL decoding method to convert the policy back to plain JSON text. For example, if you use Java, you can use the decode method of the java.net.URLDecoder utility class in the Java SDK. Other languages and SDKs provide similar functionality. An IAM group can also have managed policies attached to it. To retrieve a managed policy document that is attached to a group, use GetPolicy to determine the policy's default version, then use GetPolicyVersion to retrieve the policy document. For more information about policies, see Managed Policies and Inline Policies in the IAM User Guide.
416 */
417 getGroupPolicy(callback?: (err: AWSError, data: IAM.Types.GetGroupPolicyResponse) => void): Request<IAM.Types.GetGroupPolicyResponse, AWSError>;
418 /**
419 * Retrieves information about the specified instance profile, including the instance profile's path, GUID, ARN, and role. For more information about instance profiles, see About Instance Profiles in the IAM User Guide.
420 */
421 getInstanceProfile(params: IAM.Types.GetInstanceProfileRequest, callback?: (err: AWSError, data: IAM.Types.GetInstanceProfileResponse) => void): Request<IAM.Types.GetInstanceProfileResponse, AWSError>;
422 /**
423 * Retrieves information about the specified instance profile, including the instance profile's path, GUID, ARN, and role. For more information about instance profiles, see About Instance Profiles in the IAM User Guide.
424 */
425 getInstanceProfile(callback?: (err: AWSError, data: IAM.Types.GetInstanceProfileResponse) => void): Request<IAM.Types.GetInstanceProfileResponse, AWSError>;
426 /**
427 * Retrieves the user name and password-creation date for the specified IAM user. If the user has not been assigned a password, the action returns a 404 (NoSuchEntity) error.
428 */
429 getLoginProfile(params: IAM.Types.GetLoginProfileRequest, callback?: (err: AWSError, data: IAM.Types.GetLoginProfileResponse) => void): Request<IAM.Types.GetLoginProfileResponse, AWSError>;
430 /**
431 * Retrieves the user name and password-creation date for the specified IAM user. If the user has not been assigned a password, the action returns a 404 (NoSuchEntity) error.
432 */
433 getLoginProfile(callback?: (err: AWSError, data: IAM.Types.GetLoginProfileResponse) => void): Request<IAM.Types.GetLoginProfileResponse, AWSError>;
434 /**
435 * Returns information about the specified OpenID Connect (OIDC) provider resource object in IAM.
436 */
437 getOpenIDConnectProvider(params: IAM.Types.GetOpenIDConnectProviderRequest, callback?: (err: AWSError, data: IAM.Types.GetOpenIDConnectProviderResponse) => void): Request<IAM.Types.GetOpenIDConnectProviderResponse, AWSError>;
438 /**
439 * Returns information about the specified OpenID Connect (OIDC) provider resource object in IAM.
440 */
441 getOpenIDConnectProvider(callback?: (err: AWSError, data: IAM.Types.GetOpenIDConnectProviderResponse) => void): Request<IAM.Types.GetOpenIDConnectProviderResponse, AWSError>;
442 /**
443 * Retrieves information about the specified managed policy, including the policy's default version and the total number of IAM users, groups, and roles to which the policy is attached. To retrieve the list of the specific users, groups, and roles that the policy is attached to, use the ListEntitiesForPolicy API. This API returns metadata about the policy. To retrieve the actual policy document for a specific version of the policy, use GetPolicyVersion. This API retrieves information about managed policies. To retrieve information about an inline policy that is embedded with an IAM user, group, or role, use the GetUserPolicy, GetGroupPolicy, or GetRolePolicy API. For more information about policies, see Managed Policies and Inline Policies in the IAM User Guide.
444 */
445 getPolicy(params: IAM.Types.GetPolicyRequest, callback?: (err: AWSError, data: IAM.Types.GetPolicyResponse) => void): Request<IAM.Types.GetPolicyResponse, AWSError>;
446 /**
447 * Retrieves information about the specified managed policy, including the policy's default version and the total number of IAM users, groups, and roles to which the policy is attached. To retrieve the list of the specific users, groups, and roles that the policy is attached to, use the ListEntitiesForPolicy API. This API returns metadata about the policy. To retrieve the actual policy document for a specific version of the policy, use GetPolicyVersion. This API retrieves information about managed policies. To retrieve information about an inline policy that is embedded with an IAM user, group, or role, use the GetUserPolicy, GetGroupPolicy, or GetRolePolicy API. For more information about policies, see Managed Policies and Inline Policies in the IAM User Guide.
448 */
449 getPolicy(callback?: (err: AWSError, data: IAM.Types.GetPolicyResponse) => void): Request<IAM.Types.GetPolicyResponse, AWSError>;
450 /**
451 * Retrieves information about the specified version of the specified managed policy, including the policy document. Policies returned by this API are URL-encoded compliant with RFC 3986. You can use a URL decoding method to convert the policy back to plain JSON text. For example, if you use Java, you can use the decode method of the java.net.URLDecoder utility class in the Java SDK. Other languages and SDKs provide similar functionality. To list the available versions for a policy, use ListPolicyVersions. This API retrieves information about managed policies. To retrieve information about an inline policy that is embedded in a user, group, or role, use the GetUserPolicy, GetGroupPolicy, or GetRolePolicy API. For more information about the types of policies, see Managed Policies and Inline Policies in the IAM User Guide. For more information about managed policy versions, see Versioning for Managed Policies in the IAM User Guide.
452 */
453 getPolicyVersion(params: IAM.Types.GetPolicyVersionRequest, callback?: (err: AWSError, data: IAM.Types.GetPolicyVersionResponse) => void): Request<IAM.Types.GetPolicyVersionResponse, AWSError>;
454 /**
455 * Retrieves information about the specified version of the specified managed policy, including the policy document. Policies returned by this API are URL-encoded compliant with RFC 3986. You can use a URL decoding method to convert the policy back to plain JSON text. For example, if you use Java, you can use the decode method of the java.net.URLDecoder utility class in the Java SDK. Other languages and SDKs provide similar functionality. To list the available versions for a policy, use ListPolicyVersions. This API retrieves information about managed policies. To retrieve information about an inline policy that is embedded in a user, group, or role, use the GetUserPolicy, GetGroupPolicy, or GetRolePolicy API. For more information about the types of policies, see Managed Policies and Inline Policies in the IAM User Guide. For more information about managed policy versions, see Versioning for Managed Policies in the IAM User Guide.
456 */
457 getPolicyVersion(callback?: (err: AWSError, data: IAM.Types.GetPolicyVersionResponse) => void): Request<IAM.Types.GetPolicyVersionResponse, AWSError>;
458 /**
459 * Retrieves information about the specified role, including the role's path, GUID, ARN, and the role's trust policy that grants permission to assume the role. For more information about roles, see Working with Roles. Policies returned by this API are URL-encoded compliant with RFC 3986. You can use a URL decoding method to convert the policy back to plain JSON text. For example, if you use Java, you can use the decode method of the java.net.URLDecoder utility class in the Java SDK. Other languages and SDKs provide similar functionality.
460 */
461 getRole(params: IAM.Types.GetRoleRequest, callback?: (err: AWSError, data: IAM.Types.GetRoleResponse) => void): Request<IAM.Types.GetRoleResponse, AWSError>;
462 /**
463 * Retrieves information about the specified role, including the role's path, GUID, ARN, and the role's trust policy that grants permission to assume the role. For more information about roles, see Working with Roles. Policies returned by this API are URL-encoded compliant with RFC 3986. You can use a URL decoding method to convert the policy back to plain JSON text. For example, if you use Java, you can use the decode method of the java.net.URLDecoder utility class in the Java SDK. Other languages and SDKs provide similar functionality.
464 */
465 getRole(callback?: (err: AWSError, data: IAM.Types.GetRoleResponse) => void): Request<IAM.Types.GetRoleResponse, AWSError>;
466 /**
467 * Retrieves the specified inline policy document that is embedded with the specified IAM role. Policies returned by this API are URL-encoded compliant with RFC 3986. You can use a URL decoding method to convert the policy back to plain JSON text. For example, if you use Java, you can use the decode method of the java.net.URLDecoder utility class in the Java SDK. Other languages and SDKs provide similar functionality. An IAM role can also have managed policies attached to it. To retrieve a managed policy document that is attached to a role, use GetPolicy to determine the policy's default version, then use GetPolicyVersion to retrieve the policy document. For more information about policies, see Managed Policies and Inline Policies in the IAM User Guide. For more information about roles, see Using Roles to Delegate Permissions and Federate Identities.
468 */
469 getRolePolicy(params: IAM.Types.GetRolePolicyRequest, callback?: (err: AWSError, data: IAM.Types.GetRolePolicyResponse) => void): Request<IAM.Types.GetRolePolicyResponse, AWSError>;
470 /**
471 * Retrieves the specified inline policy document that is embedded with the specified IAM role. Policies returned by this API are URL-encoded compliant with RFC 3986. You can use a URL decoding method to convert the policy back to plain JSON text. For example, if you use Java, you can use the decode method of the java.net.URLDecoder utility class in the Java SDK. Other languages and SDKs provide similar functionality. An IAM role can also have managed policies attached to it. To retrieve a managed policy document that is attached to a role, use GetPolicy to determine the policy's default version, then use GetPolicyVersion to retrieve the policy document. For more information about policies, see Managed Policies and Inline Policies in the IAM User Guide. For more information about roles, see Using Roles to Delegate Permissions and Federate Identities.
472 */
473 getRolePolicy(callback?: (err: AWSError, data: IAM.Types.GetRolePolicyResponse) => void): Request<IAM.Types.GetRolePolicyResponse, AWSError>;
474 /**
475 * Returns the SAML provider metadocument that was uploaded when the IAM SAML provider resource object was created or updated. This operation requires Signature Version 4.
476 */
477 getSAMLProvider(params: IAM.Types.GetSAMLProviderRequest, callback?: (err: AWSError, data: IAM.Types.GetSAMLProviderResponse) => void): Request<IAM.Types.GetSAMLProviderResponse, AWSError>;
478 /**
479 * Returns the SAML provider metadocument that was uploaded when the IAM SAML provider resource object was created or updated. This operation requires Signature Version 4.
480 */
481 getSAMLProvider(callback?: (err: AWSError, data: IAM.Types.GetSAMLProviderResponse) => void): Request<IAM.Types.GetSAMLProviderResponse, AWSError>;
482 /**
483 * Retrieves the specified SSH public key, including metadata about the key. The SSH public key retrieved by this action is used only for authenticating the associated IAM user to an AWS CodeCommit repository. For more information about using SSH keys to authenticate to an AWS CodeCommit repository, see Set up AWS CodeCommit for SSH Connections in the AWS CodeCommit User Guide.
484 */
485 getSSHPublicKey(params: IAM.Types.GetSSHPublicKeyRequest, callback?: (err: AWSError, data: IAM.Types.GetSSHPublicKeyResponse) => void): Request<IAM.Types.GetSSHPublicKeyResponse, AWSError>;
486 /**
487 * Retrieves the specified SSH public key, including metadata about the key. The SSH public key retrieved by this action is used only for authenticating the associated IAM user to an AWS CodeCommit repository. For more information about using SSH keys to authenticate to an AWS CodeCommit repository, see Set up AWS CodeCommit for SSH Connections in the AWS CodeCommit User Guide.
488 */
489 getSSHPublicKey(callback?: (err: AWSError, data: IAM.Types.GetSSHPublicKeyResponse) => void): Request<IAM.Types.GetSSHPublicKeyResponse, AWSError>;
490 /**
491 * Retrieves information about the specified server certificate stored in IAM. For more information about working with server certificates, including a list of AWS services that can use the server certificates that you manage with IAM, go to Working with Server Certificates in the IAM User Guide.
492 */
493 getServerCertificate(params: IAM.Types.GetServerCertificateRequest, callback?: (err: AWSError, data: IAM.Types.GetServerCertificateResponse) => void): Request<IAM.Types.GetServerCertificateResponse, AWSError>;
494 /**
495 * Retrieves information about the specified server certificate stored in IAM. For more information about working with server certificates, including a list of AWS services that can use the server certificates that you manage with IAM, go to Working with Server Certificates in the IAM User Guide.
496 */
497 getServerCertificate(callback?: (err: AWSError, data: IAM.Types.GetServerCertificateResponse) => void): Request<IAM.Types.GetServerCertificateResponse, AWSError>;
498 /**
499 * Retrieves information about the specified IAM user, including the user's creation date, path, unique ID, and ARN. If you do not specify a user name, IAM determines the user name implicitly based on the AWS access key ID used to sign the request to this API.
500 */
501 getUser(params: IAM.Types.GetUserRequest, callback?: (err: AWSError, data: IAM.Types.GetUserResponse) => void): Request<IAM.Types.GetUserResponse, AWSError>;
502 /**
503 * Retrieves information about the specified IAM user, including the user's creation date, path, unique ID, and ARN. If you do not specify a user name, IAM determines the user name implicitly based on the AWS access key ID used to sign the request to this API.
504 */
505 getUser(callback?: (err: AWSError, data: IAM.Types.GetUserResponse) => void): Request<IAM.Types.GetUserResponse, AWSError>;
506 /**
507 * Retrieves the specified inline policy document that is embedded in the specified IAM user. Policies returned by this API are URL-encoded compliant with RFC 3986. You can use a URL decoding method to convert the policy back to plain JSON text. For example, if you use Java, you can use the decode method of the java.net.URLDecoder utility class in the Java SDK. Other languages and SDKs provide similar functionality. An IAM user can also have managed policies attached to it. To retrieve a managed policy document that is attached to a user, use GetPolicy to determine the policy's default version, then use GetPolicyVersion to retrieve the policy document. For more information about policies, see Managed Policies and Inline Policies in the IAM User Guide.
508 */
509 getUserPolicy(params: IAM.Types.GetUserPolicyRequest, callback?: (err: AWSError, data: IAM.Types.GetUserPolicyResponse) => void): Request<IAM.Types.GetUserPolicyResponse, AWSError>;
510 /**
511 * Retrieves the specified inline policy document that is embedded in the specified IAM user. Policies returned by this API are URL-encoded compliant with RFC 3986. You can use a URL decoding method to convert the policy back to plain JSON text. For example, if you use Java, you can use the decode method of the java.net.URLDecoder utility class in the Java SDK. Other languages and SDKs provide similar functionality. An IAM user can also have managed policies attached to it. To retrieve a managed policy document that is attached to a user, use GetPolicy to determine the policy's default version, then use GetPolicyVersion to retrieve the policy document. For more information about policies, see Managed Policies and Inline Policies in the IAM User Guide.
512 */
513 getUserPolicy(callback?: (err: AWSError, data: IAM.Types.GetUserPolicyResponse) => void): Request<IAM.Types.GetUserPolicyResponse, AWSError>;
514 /**
515 * Returns information about the access key IDs associated with the specified IAM user. If there are none, the action returns an empty list. Although each user is limited to a small number of keys, you can still paginate the results using the MaxItems and Marker parameters. If the UserName field is not specified, the UserName is determined implicitly based on the AWS access key ID used to sign the request. Because this action works for access keys under the AWS account, you can use this action to manage root credentials even if the AWS account has no associated users. To ensure the security of your AWS account, the secret access key is accessible only during key and user creation.
516 */
517 listAccessKeys(params: IAM.Types.ListAccessKeysRequest, callback?: (err: AWSError, data: IAM.Types.ListAccessKeysResponse) => void): Request<IAM.Types.ListAccessKeysResponse, AWSError>;
518 /**
519 * Returns information about the access key IDs associated with the specified IAM user. If there are none, the action returns an empty list. Although each user is limited to a small number of keys, you can still paginate the results using the MaxItems and Marker parameters. If the UserName field is not specified, the UserName is determined implicitly based on the AWS access key ID used to sign the request. Because this action works for access keys under the AWS account, you can use this action to manage root credentials even if the AWS account has no associated users. To ensure the security of your AWS account, the secret access key is accessible only during key and user creation.
520 */
521 listAccessKeys(callback?: (err: AWSError, data: IAM.Types.ListAccessKeysResponse) => void): Request<IAM.Types.ListAccessKeysResponse, AWSError>;
522 /**
523 * Lists the account alias associated with the AWS account (Note: you can have only one). For information about using an AWS account alias, see Using an Alias for Your AWS Account ID in the IAM User Guide.
524 */
525 listAccountAliases(params: IAM.Types.ListAccountAliasesRequest, callback?: (err: AWSError, data: IAM.Types.ListAccountAliasesResponse) => void): Request<IAM.Types.ListAccountAliasesResponse, AWSError>;
526 /**
527 * Lists the account alias associated with the AWS account (Note: you can have only one). For information about using an AWS account alias, see Using an Alias for Your AWS Account ID in the IAM User Guide.
528 */
529 listAccountAliases(callback?: (err: AWSError, data: IAM.Types.ListAccountAliasesResponse) => void): Request<IAM.Types.ListAccountAliasesResponse, AWSError>;
530 /**
531 * Lists all managed policies that are attached to the specified IAM group. An IAM group can also have inline policies embedded with it. To list the inline policies for a group, use the ListGroupPolicies API. For information about policies, see Managed Policies and Inline Policies in the IAM User Guide. You can paginate the results using the MaxItems and Marker parameters. You can use the PathPrefix parameter to limit the list of policies to only those matching the specified path prefix. If there are no policies attached to the specified group (or none that match the specified path prefix), the action returns an empty list.
532 */
533 listAttachedGroupPolicies(params: IAM.Types.ListAttachedGroupPoliciesRequest, callback?: (err: AWSError, data: IAM.Types.ListAttachedGroupPoliciesResponse) => void): Request<IAM.Types.ListAttachedGroupPoliciesResponse, AWSError>;
534 /**
535 * Lists all managed policies that are attached to the specified IAM group. An IAM group can also have inline policies embedded with it. To list the inline policies for a group, use the ListGroupPolicies API. For information about policies, see Managed Policies and Inline Policies in the IAM User Guide. You can paginate the results using the MaxItems and Marker parameters. You can use the PathPrefix parameter to limit the list of policies to only those matching the specified path prefix. If there are no policies attached to the specified group (or none that match the specified path prefix), the action returns an empty list.
536 */
537 listAttachedGroupPolicies(callback?: (err: AWSError, data: IAM.Types.ListAttachedGroupPoliciesResponse) => void): Request<IAM.Types.ListAttachedGroupPoliciesResponse, AWSError>;
538 /**
539 * Lists all managed policies that are attached to the specified IAM role. An IAM role can also have inline policies embedded with it. To list the inline policies for a role, use the ListRolePolicies API. For information about policies, see Managed Policies and Inline Policies in the IAM User Guide. You can paginate the results using the MaxItems and Marker parameters. You can use the PathPrefix parameter to limit the list of policies to only those matching the specified path prefix. If there are no policies attached to the specified role (or none that match the specified path prefix), the action returns an empty list.
540 */
541 listAttachedRolePolicies(params: IAM.Types.ListAttachedRolePoliciesRequest, callback?: (err: AWSError, data: IAM.Types.ListAttachedRolePoliciesResponse) => void): Request<IAM.Types.ListAttachedRolePoliciesResponse, AWSError>;
542 /**
543 * Lists all managed policies that are attached to the specified IAM role. An IAM role can also have inline policies embedded with it. To list the inline policies for a role, use the ListRolePolicies API. For information about policies, see Managed Policies and Inline Policies in the IAM User Guide. You can paginate the results using the MaxItems and Marker parameters. You can use the PathPrefix parameter to limit the list of policies to only those matching the specified path prefix. If there are no policies attached to the specified role (or none that match the specified path prefix), the action returns an empty list.
544 */
545 listAttachedRolePolicies(callback?: (err: AWSError, data: IAM.Types.ListAttachedRolePoliciesResponse) => void): Request<IAM.Types.ListAttachedRolePoliciesResponse, AWSError>;
546 /**
547 * Lists all managed policies that are attached to the specified IAM user. An IAM user can also have inline policies embedded with it. To list the inline policies for a user, use the ListUserPolicies API. For information about policies, see Managed Policies and Inline Policies in the IAM User Guide. You can paginate the results using the MaxItems and Marker parameters. You can use the PathPrefix parameter to limit the list of policies to only those matching the specified path prefix. If there are no policies attached to the specified group (or none that match the specified path prefix), the action returns an empty list.
548 */
549 listAttachedUserPolicies(params: IAM.Types.ListAttachedUserPoliciesRequest, callback?: (err: AWSError, data: IAM.Types.ListAttachedUserPoliciesResponse) => void): Request<IAM.Types.ListAttachedUserPoliciesResponse, AWSError>;
550 /**
551 * Lists all managed policies that are attached to the specified IAM user. An IAM user can also have inline policies embedded with it. To list the inline policies for a user, use the ListUserPolicies API. For information about policies, see Managed Policies and Inline Policies in the IAM User Guide. You can paginate the results using the MaxItems and Marker parameters. You can use the PathPrefix parameter to limit the list of policies to only those matching the specified path prefix. If there are no policies attached to the specified group (or none that match the specified path prefix), the action returns an empty list.
552 */
553 listAttachedUserPolicies(callback?: (err: AWSError, data: IAM.Types.ListAttachedUserPoliciesResponse) => void): Request<IAM.Types.ListAttachedUserPoliciesResponse, AWSError>;
554 /**
555 * Lists all IAM users, groups, and roles that the specified managed policy is attached to. You can use the optional EntityFilter parameter to limit the results to a particular type of entity (users, groups, or roles). For example, to list only the roles that are attached to the specified policy, set EntityFilter to Role. You can paginate the results using the MaxItems and Marker parameters.
556 */
557 listEntitiesForPolicy(params: IAM.Types.ListEntitiesForPolicyRequest, callback?: (err: AWSError, data: IAM.Types.ListEntitiesForPolicyResponse) => void): Request<IAM.Types.ListEntitiesForPolicyResponse, AWSError>;
558 /**
559 * Lists all IAM users, groups, and roles that the specified managed policy is attached to. You can use the optional EntityFilter parameter to limit the results to a particular type of entity (users, groups, or roles). For example, to list only the roles that are attached to the specified policy, set EntityFilter to Role. You can paginate the results using the MaxItems and Marker parameters.
560 */
561 listEntitiesForPolicy(callback?: (err: AWSError, data: IAM.Types.ListEntitiesForPolicyResponse) => void): Request<IAM.Types.ListEntitiesForPolicyResponse, AWSError>;
562 /**
563 * Lists the names of the inline policies that are embedded in the specified IAM group. An IAM group can also have managed policies attached to it. To list the managed policies that are attached to a group, use ListAttachedGroupPolicies. For more information about policies, see Managed Policies and Inline Policies in the IAM User Guide. You can paginate the results using the MaxItems and Marker parameters. If there are no inline policies embedded with the specified group, the action returns an empty list.
564 */
565 listGroupPolicies(params: IAM.Types.ListGroupPoliciesRequest, callback?: (err: AWSError, data: IAM.Types.ListGroupPoliciesResponse) => void): Request<IAM.Types.ListGroupPoliciesResponse, AWSError>;
566 /**
567 * Lists the names of the inline policies that are embedded in the specified IAM group. An IAM group can also have managed policies attached to it. To list the managed policies that are attached to a group, use ListAttachedGroupPolicies. For more information about policies, see Managed Policies and Inline Policies in the IAM User Guide. You can paginate the results using the MaxItems and Marker parameters. If there are no inline policies embedded with the specified group, the action returns an empty list.
568 */
569 listGroupPolicies(callback?: (err: AWSError, data: IAM.Types.ListGroupPoliciesResponse) => void): Request<IAM.Types.ListGroupPoliciesResponse, AWSError>;
570 /**
571 * Lists the IAM groups that have the specified path prefix. You can paginate the results using the MaxItems and Marker parameters.
572 */
573 listGroups(params: IAM.Types.ListGroupsRequest, callback?: (err: AWSError, data: IAM.Types.ListGroupsResponse) => void): Request<IAM.Types.ListGroupsResponse, AWSError>;
574 /**
575 * Lists the IAM groups that have the specified path prefix. You can paginate the results using the MaxItems and Marker parameters.
576 */
577 listGroups(callback?: (err: AWSError, data: IAM.Types.ListGroupsResponse) => void): Request<IAM.Types.ListGroupsResponse, AWSError>;
578 /**
579 * Lists the IAM groups that the specified IAM user belongs to. You can paginate the results using the MaxItems and Marker parameters.
580 */
581 listGroupsForUser(params: IAM.Types.ListGroupsForUserRequest, callback?: (err: AWSError, data: IAM.Types.ListGroupsForUserResponse) => void): Request<IAM.Types.ListGroupsForUserResponse, AWSError>;
582 /**
583 * Lists the IAM groups that the specified IAM user belongs to. You can paginate the results using the MaxItems and Marker parameters.
584 */
585 listGroupsForUser(callback?: (err: AWSError, data: IAM.Types.ListGroupsForUserResponse) => void): Request<IAM.Types.ListGroupsForUserResponse, AWSError>;
586 /**
587 * Lists the instance profiles that have the specified path prefix. If there are none, the action returns an empty list. For more information about instance profiles, go to About Instance Profiles. You can paginate the results using the MaxItems and Marker parameters.
588 */
589 listInstanceProfiles(params: IAM.Types.ListInstanceProfilesRequest, callback?: (err: AWSError, data: IAM.Types.ListInstanceProfilesResponse) => void): Request<IAM.Types.ListInstanceProfilesResponse, AWSError>;
590 /**
591 * Lists the instance profiles that have the specified path prefix. If there are none, the action returns an empty list. For more information about instance profiles, go to About Instance Profiles. You can paginate the results using the MaxItems and Marker parameters.
592 */
593 listInstanceProfiles(callback?: (err: AWSError, data: IAM.Types.ListInstanceProfilesResponse) => void): Request<IAM.Types.ListInstanceProfilesResponse, AWSError>;
594 /**
595 * Lists the instance profiles that have the specified associated IAM role. If there are none, the action returns an empty list. For more information about instance profiles, go to About Instance Profiles. You can paginate the results using the MaxItems and Marker parameters.
596 */
597 listInstanceProfilesForRole(params: IAM.Types.ListInstanceProfilesForRoleRequest, callback?: (err: AWSError, data: IAM.Types.ListInstanceProfilesForRoleResponse) => void): Request<IAM.Types.ListInstanceProfilesForRoleResponse, AWSError>;
598 /**
599 * Lists the instance profiles that have the specified associated IAM role. If there are none, the action returns an empty list. For more information about instance profiles, go to About Instance Profiles. You can paginate the results using the MaxItems and Marker parameters.
600 */
601 listInstanceProfilesForRole(callback?: (err: AWSError, data: IAM.Types.ListInstanceProfilesForRoleResponse) => void): Request<IAM.Types.ListInstanceProfilesForRoleResponse, AWSError>;
602 /**
603 * Lists the MFA devices for an IAM user. If the request includes a IAM user name, then this action lists all the MFA devices associated with the specified user. If you do not specify a user name, IAM determines the user name implicitly based on the AWS access key ID signing the request for this API. You can paginate the results using the MaxItems and Marker parameters.
604 */
605 listMFADevices(params: IAM.Types.ListMFADevicesRequest, callback?: (err: AWSError, data: IAM.Types.ListMFADevicesResponse) => void): Request<IAM.Types.ListMFADevicesResponse, AWSError>;
606 /**
607 * Lists the MFA devices for an IAM user. If the request includes a IAM user name, then this action lists all the MFA devices associated with the specified user. If you do not specify a user name, IAM determines the user name implicitly based on the AWS access key ID signing the request for this API. You can paginate the results using the MaxItems and Marker parameters.
608 */
609 listMFADevices(callback?: (err: AWSError, data: IAM.Types.ListMFADevicesResponse) => void): Request<IAM.Types.ListMFADevicesResponse, AWSError>;
610 /**
611 * Lists information about the IAM OpenID Connect (OIDC) provider resource objects defined in the AWS account.
612 */
613 listOpenIDConnectProviders(params: IAM.Types.ListOpenIDConnectProvidersRequest, callback?: (err: AWSError, data: IAM.Types.ListOpenIDConnectProvidersResponse) => void): Request<IAM.Types.ListOpenIDConnectProvidersResponse, AWSError>;
614 /**
615 * Lists information about the IAM OpenID Connect (OIDC) provider resource objects defined in the AWS account.
616 */
617 listOpenIDConnectProviders(callback?: (err: AWSError, data: IAM.Types.ListOpenIDConnectProvidersResponse) => void): Request<IAM.Types.ListOpenIDConnectProvidersResponse, AWSError>;
618 /**
619 * Lists all the managed policies that are available in your AWS account, including your own customer-defined managed policies and all AWS managed policies. You can filter the list of policies that is returned using the optional OnlyAttached, Scope, and PathPrefix parameters. For example, to list only the customer managed policies in your AWS account, set Scope to Local. To list only AWS managed policies, set Scope to AWS. You can paginate the results using the MaxItems and Marker parameters. For more information about managed policies, see Managed Policies and Inline Policies in the IAM User Guide.
620 */
621 listPolicies(params: IAM.Types.ListPoliciesRequest, callback?: (err: AWSError, data: IAM.Types.ListPoliciesResponse) => void): Request<IAM.Types.ListPoliciesResponse, AWSError>;
622 /**
623 * Lists all the managed policies that are available in your AWS account, including your own customer-defined managed policies and all AWS managed policies. You can filter the list of policies that is returned using the optional OnlyAttached, Scope, and PathPrefix parameters. For example, to list only the customer managed policies in your AWS account, set Scope to Local. To list only AWS managed policies, set Scope to AWS. You can paginate the results using the MaxItems and Marker parameters. For more information about managed policies, see Managed Policies and Inline Policies in the IAM User Guide.
624 */
625 listPolicies(callback?: (err: AWSError, data: IAM.Types.ListPoliciesResponse) => void): Request<IAM.Types.ListPoliciesResponse, AWSError>;
626 /**
627 * Lists information about the versions of the specified managed policy, including the version that is currently set as the policy's default version. For more information about managed policies, see Managed Policies and Inline Policies in the IAM User Guide.
628 */
629 listPolicyVersions(params: IAM.Types.ListPolicyVersionsRequest, callback?: (err: AWSError, data: IAM.Types.ListPolicyVersionsResponse) => void): Request<IAM.Types.ListPolicyVersionsResponse, AWSError>;
630 /**
631 * Lists information about the versions of the specified managed policy, including the version that is currently set as the policy's default version. For more information about managed policies, see Managed Policies and Inline Policies in the IAM User Guide.
632 */
633 listPolicyVersions(callback?: (err: AWSError, data: IAM.Types.ListPolicyVersionsResponse) => void): Request<IAM.Types.ListPolicyVersionsResponse, AWSError>;
634 /**
635 * Lists the names of the inline policies that are embedded in the specified IAM role. An IAM role can also have managed policies attached to it. To list the managed policies that are attached to a role, use ListAttachedRolePolicies. For more information about policies, see Managed Policies and Inline Policies in the IAM User Guide. You can paginate the results using the MaxItems and Marker parameters. If there are no inline policies embedded with the specified role, the action returns an empty list.
636 */
637 listRolePolicies(params: IAM.Types.ListRolePoliciesRequest, callback?: (err: AWSError, data: IAM.Types.ListRolePoliciesResponse) => void): Request<IAM.Types.ListRolePoliciesResponse, AWSError>;
638 /**
639 * Lists the names of the inline policies that are embedded in the specified IAM role. An IAM role can also have managed policies attached to it. To list the managed policies that are attached to a role, use ListAttachedRolePolicies. For more information about policies, see Managed Policies and Inline Policies in the IAM User Guide. You can paginate the results using the MaxItems and Marker parameters. If there are no inline policies embedded with the specified role, the action returns an empty list.
640 */
641 listRolePolicies(callback?: (err: AWSError, data: IAM.Types.ListRolePoliciesResponse) => void): Request<IAM.Types.ListRolePoliciesResponse, AWSError>;
642 /**
643 * Lists the IAM roles that have the specified path prefix. If there are none, the action returns an empty list. For more information about roles, go to Working with Roles. You can paginate the results using the MaxItems and Marker parameters.
644 */
645 listRoles(params: IAM.Types.ListRolesRequest, callback?: (err: AWSError, data: IAM.Types.ListRolesResponse) => void): Request<IAM.Types.ListRolesResponse, AWSError>;
646 /**
647 * Lists the IAM roles that have the specified path prefix. If there are none, the action returns an empty list. For more information about roles, go to Working with Roles. You can paginate the results using the MaxItems and Marker parameters.
648 */
649 listRoles(callback?: (err: AWSError, data: IAM.Types.ListRolesResponse) => void): Request<IAM.Types.ListRolesResponse, AWSError>;
650 /**
651 * Lists the SAML provider resource objects defined in IAM in the account. This operation requires Signature Version 4.
652 */
653 listSAMLProviders(params: IAM.Types.ListSAMLProvidersRequest, callback?: (err: AWSError, data: IAM.Types.ListSAMLProvidersResponse) => void): Request<IAM.Types.ListSAMLProvidersResponse, AWSError>;
654 /**
655 * Lists the SAML provider resource objects defined in IAM in the account. This operation requires Signature Version 4.
656 */
657 listSAMLProviders(callback?: (err: AWSError, data: IAM.Types.ListSAMLProvidersResponse) => void): Request<IAM.Types.ListSAMLProvidersResponse, AWSError>;
658 /**
659 * Returns information about the SSH public keys associated with the specified IAM user. If there are none, the action returns an empty list. The SSH public keys returned by this action are used only for authenticating the IAM user to an AWS CodeCommit repository. For more information about using SSH keys to authenticate to an AWS CodeCommit repository, see Set up AWS CodeCommit for SSH Connections in the AWS CodeCommit User Guide. Although each user is limited to a small number of keys, you can still paginate the results using the MaxItems and Marker parameters.
660 */
661 listSSHPublicKeys(params: IAM.Types.ListSSHPublicKeysRequest, callback?: (err: AWSError, data: IAM.Types.ListSSHPublicKeysResponse) => void): Request<IAM.Types.ListSSHPublicKeysResponse, AWSError>;
662 /**
663 * Returns information about the SSH public keys associated with the specified IAM user. If there are none, the action returns an empty list. The SSH public keys returned by this action are used only for authenticating the IAM user to an AWS CodeCommit repository. For more information about using SSH keys to authenticate to an AWS CodeCommit repository, see Set up AWS CodeCommit for SSH Connections in the AWS CodeCommit User Guide. Although each user is limited to a small number of keys, you can still paginate the results using the MaxItems and Marker parameters.
664 */
665 listSSHPublicKeys(callback?: (err: AWSError, data: IAM.Types.ListSSHPublicKeysResponse) => void): Request<IAM.Types.ListSSHPublicKeysResponse, AWSError>;
666 /**
667 * Lists the server certificates stored in IAM that have the specified path prefix. If none exist, the action returns an empty list. You can paginate the results using the MaxItems and Marker parameters. For more information about working with server certificates, including a list of AWS services that can use the server certificates that you manage with IAM, go to Working with Server Certificates in the IAM User Guide.
668 */
669 listServerCertificates(params: IAM.Types.ListServerCertificatesRequest, callback?: (err: AWSError, data: IAM.Types.ListServerCertificatesResponse) => void): Request<IAM.Types.ListServerCertificatesResponse, AWSError>;
670 /**
671 * Lists the server certificates stored in IAM that have the specified path prefix. If none exist, the action returns an empty list. You can paginate the results using the MaxItems and Marker parameters. For more information about working with server certificates, including a list of AWS services that can use the server certificates that you manage with IAM, go to Working with Server Certificates in the IAM User Guide.
672 */
673 listServerCertificates(callback?: (err: AWSError, data: IAM.Types.ListServerCertificatesResponse) => void): Request<IAM.Types.ListServerCertificatesResponse, AWSError>;
674 /**
675 * Returns information about the signing certificates associated with the specified IAM user. If there are none, the action returns an empty list. Although each user is limited to a small number of signing certificates, you can still paginate the results using the MaxItems and Marker parameters. If the UserName field is not specified, the user name is determined implicitly based on the AWS access key ID used to sign the request for this API. Because this action works for access keys under the AWS account, you can use this action to manage root credentials even if the AWS account has no associated users.
676 */
677 listSigningCertificates(params: IAM.Types.ListSigningCertificatesRequest, callback?: (err: AWSError, data: IAM.Types.ListSigningCertificatesResponse) => void): Request<IAM.Types.ListSigningCertificatesResponse, AWSError>;
678 /**
679 * Returns information about the signing certificates associated with the specified IAM user. If there are none, the action returns an empty list. Although each user is limited to a small number of signing certificates, you can still paginate the results using the MaxItems and Marker parameters. If the UserName field is not specified, the user name is determined implicitly based on the AWS access key ID used to sign the request for this API. Because this action works for access keys under the AWS account, you can use this action to manage root credentials even if the AWS account has no associated users.
680 */
681 listSigningCertificates(callback?: (err: AWSError, data: IAM.Types.ListSigningCertificatesResponse) => void): Request<IAM.Types.ListSigningCertificatesResponse, AWSError>;
682 /**
683 * Lists the names of the inline policies embedded in the specified IAM user. An IAM user can also have managed policies attached to it. To list the managed policies that are attached to a user, use ListAttachedUserPolicies. For more information about policies, see Managed Policies and Inline Policies in the IAM User Guide. You can paginate the results using the MaxItems and Marker parameters. If there are no inline policies embedded with the specified user, the action returns an empty list.
684 */
685 listUserPolicies(params: IAM.Types.ListUserPoliciesRequest, callback?: (err: AWSError, data: IAM.Types.ListUserPoliciesResponse) => void): Request<IAM.Types.ListUserPoliciesResponse, AWSError>;
686 /**
687 * Lists the names of the inline policies embedded in the specified IAM user. An IAM user can also have managed policies attached to it. To list the managed policies that are attached to a user, use ListAttachedUserPolicies. For more information about policies, see Managed Policies and Inline Policies in the IAM User Guide. You can paginate the results using the MaxItems and Marker parameters. If there are no inline policies embedded with the specified user, the action returns an empty list.
688 */
689 listUserPolicies(callback?: (err: AWSError, data: IAM.Types.ListUserPoliciesResponse) => void): Request<IAM.Types.ListUserPoliciesResponse, AWSError>;
690 /**
691 * Lists the IAM users that have the specified path prefix. If no path prefix is specified, the action returns all users in the AWS account. If there are none, the action returns an empty list. You can paginate the results using the MaxItems and Marker parameters.
692 */
693 listUsers(params: IAM.Types.ListUsersRequest, callback?: (err: AWSError, data: IAM.Types.ListUsersResponse) => void): Request<IAM.Types.ListUsersResponse, AWSError>;
694 /**
695 * Lists the IAM users that have the specified path prefix. If no path prefix is specified, the action returns all users in the AWS account. If there are none, the action returns an empty list. You can paginate the results using the MaxItems and Marker parameters.
696 */
697 listUsers(callback?: (err: AWSError, data: IAM.Types.ListUsersResponse) => void): Request<IAM.Types.ListUsersResponse, AWSError>;
698 /**
699 * Lists the virtual MFA devices defined in the AWS account by assignment status. If you do not specify an assignment status, the action returns a list of all virtual MFA devices. Assignment status can be Assigned, Unassigned, or Any. You can paginate the results using the MaxItems and Marker parameters.
700 */
701 listVirtualMFADevices(params: IAM.Types.ListVirtualMFADevicesRequest, callback?: (err: AWSError, data: IAM.Types.ListVirtualMFADevicesResponse) => void): Request<IAM.Types.ListVirtualMFADevicesResponse, AWSError>;
702 /**
703 * Lists the virtual MFA devices defined in the AWS account by assignment status. If you do not specify an assignment status, the action returns a list of all virtual MFA devices. Assignment status can be Assigned, Unassigned, or Any. You can paginate the results using the MaxItems and Marker parameters.
704 */
705 listVirtualMFADevices(callback?: (err: AWSError, data: IAM.Types.ListVirtualMFADevicesResponse) => void): Request<IAM.Types.ListVirtualMFADevicesResponse, AWSError>;
706 /**
707 * Adds or updates an inline policy document that is embedded in the specified IAM group. A user can also have managed policies attached to it. To attach a managed policy to a group, use AttachGroupPolicy. To create a new managed policy, use CreatePolicy. For information about policies, see Managed Policies and Inline Policies in the IAM User Guide. For information about limits on the number of inline policies that you can embed in a group, see Limitations on IAM Entities in the IAM User Guide. Because policy documents can be large, you should use POST rather than GET when calling PutGroupPolicy. For general information about using the Query API with IAM, go to Making Query Requests in the IAM User Guide.
708 */
709 putGroupPolicy(params: IAM.Types.PutGroupPolicyRequest, callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
710 /**
711 * Adds or updates an inline policy document that is embedded in the specified IAM group. A user can also have managed policies attached to it. To attach a managed policy to a group, use AttachGroupPolicy. To create a new managed policy, use CreatePolicy. For information about policies, see Managed Policies and Inline Policies in the IAM User Guide. For information about limits on the number of inline policies that you can embed in a group, see Limitations on IAM Entities in the IAM User Guide. Because policy documents can be large, you should use POST rather than GET when calling PutGroupPolicy. For general information about using the Query API with IAM, go to Making Query Requests in the IAM User Guide.
712 */
713 putGroupPolicy(callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
714 /**
715 * Adds or updates an inline policy document that is embedded in the specified IAM role. When you embed an inline policy in a role, the inline policy is used as part of the role's access (permissions) policy. The role's trust policy is created at the same time as the role, using CreateRole. You can update a role's trust policy using UpdateAssumeRolePolicy. For more information about IAM roles, go to Using Roles to Delegate Permissions and Federate Identities. A role can also have a managed policy attached to it. To attach a managed policy to a role, use AttachRolePolicy. To create a new managed policy, use CreatePolicy. For information about policies, see Managed Policies and Inline Policies in the IAM User Guide. For information about limits on the number of inline policies that you can embed with a role, see Limitations on IAM Entities in the IAM User Guide. Because policy documents can be large, you should use POST rather than GET when calling PutRolePolicy. For general information about using the Query API with IAM, go to Making Query Requests in the IAM User Guide.
716 */
717 putRolePolicy(params: IAM.Types.PutRolePolicyRequest, callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
718 /**
719 * Adds or updates an inline policy document that is embedded in the specified IAM role. When you embed an inline policy in a role, the inline policy is used as part of the role's access (permissions) policy. The role's trust policy is created at the same time as the role, using CreateRole. You can update a role's trust policy using UpdateAssumeRolePolicy. For more information about IAM roles, go to Using Roles to Delegate Permissions and Federate Identities. A role can also have a managed policy attached to it. To attach a managed policy to a role, use AttachRolePolicy. To create a new managed policy, use CreatePolicy. For information about policies, see Managed Policies and Inline Policies in the IAM User Guide. For information about limits on the number of inline policies that you can embed with a role, see Limitations on IAM Entities in the IAM User Guide. Because policy documents can be large, you should use POST rather than GET when calling PutRolePolicy. For general information about using the Query API with IAM, go to Making Query Requests in the IAM User Guide.
720 */
721 putRolePolicy(callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
722 /**
723 * Adds or updates an inline policy document that is embedded in the specified IAM user. An IAM user can also have a managed policy attached to it. To attach a managed policy to a user, use AttachUserPolicy. To create a new managed policy, use CreatePolicy. For information about policies, see Managed Policies and Inline Policies in the IAM User Guide. For information about limits on the number of inline policies that you can embed in a user, see Limitations on IAM Entities in the IAM User Guide. Because policy documents can be large, you should use POST rather than GET when calling PutUserPolicy. For general information about using the Query API with IAM, go to Making Query Requests in the IAM User Guide.
724 */
725 putUserPolicy(params: IAM.Types.PutUserPolicyRequest, callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
726 /**
727 * Adds or updates an inline policy document that is embedded in the specified IAM user. An IAM user can also have a managed policy attached to it. To attach a managed policy to a user, use AttachUserPolicy. To create a new managed policy, use CreatePolicy. For information about policies, see Managed Policies and Inline Policies in the IAM User Guide. For information about limits on the number of inline policies that you can embed in a user, see Limitations on IAM Entities in the IAM User Guide. Because policy documents can be large, you should use POST rather than GET when calling PutUserPolicy. For general information about using the Query API with IAM, go to Making Query Requests in the IAM User Guide.
728 */
729 putUserPolicy(callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
730 /**
731 * Removes the specified client ID (also known as audience) from the list of client IDs registered for the specified IAM OpenID Connect (OIDC) provider resource object. This action is idempotent; it does not fail or return an error if you try to remove a client ID that does not exist.
732 */
733 removeClientIDFromOpenIDConnectProvider(params: IAM.Types.RemoveClientIDFromOpenIDConnectProviderRequest, callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
734 /**
735 * Removes the specified client ID (also known as audience) from the list of client IDs registered for the specified IAM OpenID Connect (OIDC) provider resource object. This action is idempotent; it does not fail or return an error if you try to remove a client ID that does not exist.
736 */
737 removeClientIDFromOpenIDConnectProvider(callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
738 /**
739 * Removes the specified IAM role from the specified EC2 instance profile. Make sure you do not have any Amazon EC2 instances running with the role you are about to remove from the instance profile. Removing a role from an instance profile that is associated with a running instance break any applications running on the instance. For more information about IAM roles, go to Working with Roles. For more information about instance profiles, go to About Instance Profiles.
740 */
741 removeRoleFromInstanceProfile(params: IAM.Types.RemoveRoleFromInstanceProfileRequest, callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
742 /**
743 * Removes the specified IAM role from the specified EC2 instance profile. Make sure you do not have any Amazon EC2 instances running with the role you are about to remove from the instance profile. Removing a role from an instance profile that is associated with a running instance break any applications running on the instance. For more information about IAM roles, go to Working with Roles. For more information about instance profiles, go to About Instance Profiles.
744 */
745 removeRoleFromInstanceProfile(callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
746 /**
747 * Removes the specified user from the specified group.
748 */
749 removeUserFromGroup(params: IAM.Types.RemoveUserFromGroupRequest, callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
750 /**
751 * Removes the specified user from the specified group.
752 */
753 removeUserFromGroup(callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
754 /**
755 * Synchronizes the specified MFA device with its IAM resource object on the AWS servers. For more information about creating and working with virtual MFA devices, go to Using a Virtual MFA Device in the IAM User Guide.
756 */
757 resyncMFADevice(params: IAM.Types.ResyncMFADeviceRequest, callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
758 /**
759 * Synchronizes the specified MFA device with its IAM resource object on the AWS servers. For more information about creating and working with virtual MFA devices, go to Using a Virtual MFA Device in the IAM User Guide.
760 */
761 resyncMFADevice(callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
762 /**
763 * Sets the specified version of the specified policy as the policy's default (operative) version. This action affects all users, groups, and roles that the policy is attached to. To list the users, groups, and roles that the policy is attached to, use the ListEntitiesForPolicy API. For information about managed policies, see Managed Policies and Inline Policies in the IAM User Guide.
764 */
765 setDefaultPolicyVersion(params: IAM.Types.SetDefaultPolicyVersionRequest, callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
766 /**
767 * Sets the specified version of the specified policy as the policy's default (operative) version. This action affects all users, groups, and roles that the policy is attached to. To list the users, groups, and roles that the policy is attached to, use the ListEntitiesForPolicy API. For information about managed policies, see Managed Policies and Inline Policies in the IAM User Guide.
768 */
769 setDefaultPolicyVersion(callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
770 /**
771 * Simulate how a set of IAM policies and optionally a resource-based policy works with a list of API actions and AWS resources to determine the policies' effective permissions. The policies are provided as strings. The simulation does not perform the API actions; it only checks the authorization to determine if the simulated policies allow or deny the actions. If you want to simulate existing policies attached to an IAM user, group, or role, use SimulatePrincipalPolicy instead. Context keys are variables maintained by AWS and its services that provide details about the context of an API query request. You can use the Condition element of an IAM policy to evaluate context keys. To get the list of context keys that the policies require for correct simulation, use GetContextKeysForCustomPolicy. If the output is long, you can use MaxItems and Marker parameters to paginate the results.
772 */
773 simulateCustomPolicy(params: IAM.Types.SimulateCustomPolicyRequest, callback?: (err: AWSError, data: IAM.Types.SimulatePolicyResponse) => void): Request<IAM.Types.SimulatePolicyResponse, AWSError>;
774 /**
775 * Simulate how a set of IAM policies and optionally a resource-based policy works with a list of API actions and AWS resources to determine the policies' effective permissions. The policies are provided as strings. The simulation does not perform the API actions; it only checks the authorization to determine if the simulated policies allow or deny the actions. If you want to simulate existing policies attached to an IAM user, group, or role, use SimulatePrincipalPolicy instead. Context keys are variables maintained by AWS and its services that provide details about the context of an API query request. You can use the Condition element of an IAM policy to evaluate context keys. To get the list of context keys that the policies require for correct simulation, use GetContextKeysForCustomPolicy. If the output is long, you can use MaxItems and Marker parameters to paginate the results.
776 */
777 simulateCustomPolicy(callback?: (err: AWSError, data: IAM.Types.SimulatePolicyResponse) => void): Request<IAM.Types.SimulatePolicyResponse, AWSError>;
778 /**
779 * Simulate how a set of IAM policies attached to an IAM entity works with a list of API actions and AWS resources to determine the policies' effective permissions. The entity can be an IAM user, group, or role. If you specify a user, then the simulation also includes all of the policies that are attached to groups that the user belongs to . You can optionally include a list of one or more additional policies specified as strings to include in the simulation. If you want to simulate only policies specified as strings, use SimulateCustomPolicy instead. You can also optionally include one resource-based policy to be evaluated with each of the resources included in the simulation. The simulation does not perform the API actions, it only checks the authorization to determine if the simulated policies allow or deny the actions. Note: This API discloses information about the permissions granted to other users. If you do not want users to see other user's permissions, then consider allowing them to use SimulateCustomPolicy instead. Context keys are variables maintained by AWS and its services that provide details about the context of an API query request. You can use the Condition element of an IAM policy to evaluate context keys. To get the list of context keys that the policies require for correct simulation, use GetContextKeysForPrincipalPolicy. If the output is long, you can use the MaxItems and Marker parameters to paginate the results.
780 */
781 simulatePrincipalPolicy(params: IAM.Types.SimulatePrincipalPolicyRequest, callback?: (err: AWSError, data: IAM.Types.SimulatePolicyResponse) => void): Request<IAM.Types.SimulatePolicyResponse, AWSError>;
782 /**
783 * Simulate how a set of IAM policies attached to an IAM entity works with a list of API actions and AWS resources to determine the policies' effective permissions. The entity can be an IAM user, group, or role. If you specify a user, then the simulation also includes all of the policies that are attached to groups that the user belongs to . You can optionally include a list of one or more additional policies specified as strings to include in the simulation. If you want to simulate only policies specified as strings, use SimulateCustomPolicy instead. You can also optionally include one resource-based policy to be evaluated with each of the resources included in the simulation. The simulation does not perform the API actions, it only checks the authorization to determine if the simulated policies allow or deny the actions. Note: This API discloses information about the permissions granted to other users. If you do not want users to see other user's permissions, then consider allowing them to use SimulateCustomPolicy instead. Context keys are variables maintained by AWS and its services that provide details about the context of an API query request. You can use the Condition element of an IAM policy to evaluate context keys. To get the list of context keys that the policies require for correct simulation, use GetContextKeysForPrincipalPolicy. If the output is long, you can use the MaxItems and Marker parameters to paginate the results.
784 */
785 simulatePrincipalPolicy(callback?: (err: AWSError, data: IAM.Types.SimulatePolicyResponse) => void): Request<IAM.Types.SimulatePolicyResponse, AWSError>;
786 /**
787 * Changes the status of the specified access key from Active to Inactive, or vice versa. This action can be used to disable a user's key as part of a key rotation work flow. If the UserName field is not specified, the UserName is determined implicitly based on the AWS access key ID used to sign the request. Because this action works for access keys under the AWS account, you can use this action to manage root credentials even if the AWS account has no associated users. For information about rotating keys, see Managing Keys and Certificates in the IAM User Guide.
788 */
789 updateAccessKey(params: IAM.Types.UpdateAccessKeyRequest, callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
790 /**
791 * Changes the status of the specified access key from Active to Inactive, or vice versa. This action can be used to disable a user's key as part of a key rotation work flow. If the UserName field is not specified, the UserName is determined implicitly based on the AWS access key ID used to sign the request. Because this action works for access keys under the AWS account, you can use this action to manage root credentials even if the AWS account has no associated users. For information about rotating keys, see Managing Keys and Certificates in the IAM User Guide.
792 */
793 updateAccessKey(callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
794 /**
795 * Updates the password policy settings for the AWS account. This action does not support partial updates. No parameters are required, but if you do not specify a parameter, that parameter's value reverts to its default value. See the Request Parameters section for each parameter's default value. For more information about using a password policy, see Managing an IAM Password Policy in the IAM User Guide.
796 */
797 updateAccountPasswordPolicy(params: IAM.Types.UpdateAccountPasswordPolicyRequest, callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
798 /**
799 * Updates the password policy settings for the AWS account. This action does not support partial updates. No parameters are required, but if you do not specify a parameter, that parameter's value reverts to its default value. See the Request Parameters section for each parameter's default value. For more information about using a password policy, see Managing an IAM Password Policy in the IAM User Guide.
800 */
801 updateAccountPasswordPolicy(callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
802 /**
803 * Updates the policy that grants an IAM entity permission to assume a role. This is typically referred to as the "role trust policy". For more information about roles, go to Using Roles to Delegate Permissions and Federate Identities.
804 */
805 updateAssumeRolePolicy(params: IAM.Types.UpdateAssumeRolePolicyRequest, callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
806 /**
807 * Updates the policy that grants an IAM entity permission to assume a role. This is typically referred to as the "role trust policy". For more information about roles, go to Using Roles to Delegate Permissions and Federate Identities.
808 */
809 updateAssumeRolePolicy(callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
810 /**
811 * Updates the name and/or the path of the specified IAM group. You should understand the implications of changing a group's path or name. For more information, see Renaming Users and Groups in the IAM User Guide. To change an IAM group name the requester must have appropriate permissions on both the source object and the target object. For example, to change "Managers" to "MGRs", the entity making the request must have permission on both "Managers" and "MGRs", or must have permission on all (*). For more information about permissions, see Permissions and Policies.
812 */
813 updateGroup(params: IAM.Types.UpdateGroupRequest, callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
814 /**
815 * Updates the name and/or the path of the specified IAM group. You should understand the implications of changing a group's path or name. For more information, see Renaming Users and Groups in the IAM User Guide. To change an IAM group name the requester must have appropriate permissions on both the source object and the target object. For example, to change "Managers" to "MGRs", the entity making the request must have permission on both "Managers" and "MGRs", or must have permission on all (*). For more information about permissions, see Permissions and Policies.
816 */
817 updateGroup(callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
818 /**
819 * Changes the password for the specified IAM user. IAM users can change their own passwords by calling ChangePassword. For more information about modifying passwords, see Managing Passwords in the IAM User Guide.
820 */
821 updateLoginProfile(params: IAM.Types.UpdateLoginProfileRequest, callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
822 /**
823 * Changes the password for the specified IAM user. IAM users can change their own passwords by calling ChangePassword. For more information about modifying passwords, see Managing Passwords in the IAM User Guide.
824 */
825 updateLoginProfile(callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
826 /**
827 * Replaces the existing list of server certificate thumbprints associated with an OpenID Connect (OIDC) provider resource object with a new list of thumbprints. The list that you pass with this action completely replaces the existing list of thumbprints. (The lists are not merged.) Typically, you need to update a thumbprint only when the identity provider's certificate changes, which occurs rarely. However, if the provider's certificate does change, any attempt to assume an IAM role that specifies the OIDC provider as a principal fails until the certificate thumbprint is updated. Because trust for the OIDC provider is ultimately derived from the provider's certificate and is validated by the thumbprint, it is a best practice to limit access to the UpdateOpenIDConnectProviderThumbprint action to highly-privileged users.
828 */
829 updateOpenIDConnectProviderThumbprint(params: IAM.Types.UpdateOpenIDConnectProviderThumbprintRequest, callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
830 /**
831 * Replaces the existing list of server certificate thumbprints associated with an OpenID Connect (OIDC) provider resource object with a new list of thumbprints. The list that you pass with this action completely replaces the existing list of thumbprints. (The lists are not merged.) Typically, you need to update a thumbprint only when the identity provider's certificate changes, which occurs rarely. However, if the provider's certificate does change, any attempt to assume an IAM role that specifies the OIDC provider as a principal fails until the certificate thumbprint is updated. Because trust for the OIDC provider is ultimately derived from the provider's certificate and is validated by the thumbprint, it is a best practice to limit access to the UpdateOpenIDConnectProviderThumbprint action to highly-privileged users.
832 */
833 updateOpenIDConnectProviderThumbprint(callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
834 /**
835 * Updates the metadata document for an existing SAML provider resource object. This operation requires Signature Version 4.
836 */
837 updateSAMLProvider(params: IAM.Types.UpdateSAMLProviderRequest, callback?: (err: AWSError, data: IAM.Types.UpdateSAMLProviderResponse) => void): Request<IAM.Types.UpdateSAMLProviderResponse, AWSError>;
838 /**
839 * Updates the metadata document for an existing SAML provider resource object. This operation requires Signature Version 4.
840 */
841 updateSAMLProvider(callback?: (err: AWSError, data: IAM.Types.UpdateSAMLProviderResponse) => void): Request<IAM.Types.UpdateSAMLProviderResponse, AWSError>;
842 /**
843 * Sets the status of an IAM user's SSH public key to active or inactive. SSH public keys that are inactive cannot be used for authentication. This action can be used to disable a user's SSH public key as part of a key rotation work flow. The SSH public key affected by this action is used only for authenticating the associated IAM user to an AWS CodeCommit repository. For more information about using SSH keys to authenticate to an AWS CodeCommit repository, see Set up AWS CodeCommit for SSH Connections in the AWS CodeCommit User Guide.
844 */
845 updateSSHPublicKey(params: IAM.Types.UpdateSSHPublicKeyRequest, callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
846 /**
847 * Sets the status of an IAM user's SSH public key to active or inactive. SSH public keys that are inactive cannot be used for authentication. This action can be used to disable a user's SSH public key as part of a key rotation work flow. The SSH public key affected by this action is used only for authenticating the associated IAM user to an AWS CodeCommit repository. For more information about using SSH keys to authenticate to an AWS CodeCommit repository, see Set up AWS CodeCommit for SSH Connections in the AWS CodeCommit User Guide.
848 */
849 updateSSHPublicKey(callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
850 /**
851 * Updates the name and/or the path of the specified server certificate stored in IAM. For more information about working with server certificates, including a list of AWS services that can use the server certificates that you manage with IAM, go to Working with Server Certificates in the IAM User Guide. You should understand the implications of changing a server certificate's path or name. For more information, see Renaming a Server Certificate in the IAM User Guide. To change a server certificate name the requester must have appropriate permissions on both the source object and the target object. For example, to change the name from "ProductionCert" to "ProdCert", the entity making the request must have permission on "ProductionCert" and "ProdCert", or must have permission on all (*). For more information about permissions, see Access Management in the IAM User Guide.
852 */
853 updateServerCertificate(params: IAM.Types.UpdateServerCertificateRequest, callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
854 /**
855 * Updates the name and/or the path of the specified server certificate stored in IAM. For more information about working with server certificates, including a list of AWS services that can use the server certificates that you manage with IAM, go to Working with Server Certificates in the IAM User Guide. You should understand the implications of changing a server certificate's path or name. For more information, see Renaming a Server Certificate in the IAM User Guide. To change a server certificate name the requester must have appropriate permissions on both the source object and the target object. For example, to change the name from "ProductionCert" to "ProdCert", the entity making the request must have permission on "ProductionCert" and "ProdCert", or must have permission on all (*). For more information about permissions, see Access Management in the IAM User Guide.
856 */
857 updateServerCertificate(callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
858 /**
859 * Changes the status of the specified user signing certificate from active to disabled, or vice versa. This action can be used to disable an IAM user's signing certificate as part of a certificate rotation work flow. If the UserName field is not specified, the UserName is determined implicitly based on the AWS access key ID used to sign the request. Because this action works for access keys under the AWS account, you can use this action to manage root credentials even if the AWS account has no associated users.
860 */
861 updateSigningCertificate(params: IAM.Types.UpdateSigningCertificateRequest, callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
862 /**
863 * Changes the status of the specified user signing certificate from active to disabled, or vice versa. This action can be used to disable an IAM user's signing certificate as part of a certificate rotation work flow. If the UserName field is not specified, the UserName is determined implicitly based on the AWS access key ID used to sign the request. Because this action works for access keys under the AWS account, you can use this action to manage root credentials even if the AWS account has no associated users.
864 */
865 updateSigningCertificate(callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
866 /**
867 * Updates the name and/or the path of the specified IAM user. You should understand the implications of changing an IAM user's path or name. For more information, see Renaming an IAM User and Renaming an IAM Group in the IAM User Guide. To change a user name the requester must have appropriate permissions on both the source object and the target object. For example, to change Bob to Robert, the entity making the request must have permission on Bob and Robert, or must have permission on all (*). For more information about permissions, see Permissions and Policies.
868 */
869 updateUser(params: IAM.Types.UpdateUserRequest, callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
870 /**
871 * Updates the name and/or the path of the specified IAM user. You should understand the implications of changing an IAM user's path or name. For more information, see Renaming an IAM User and Renaming an IAM Group in the IAM User Guide. To change a user name the requester must have appropriate permissions on both the source object and the target object. For example, to change Bob to Robert, the entity making the request must have permission on Bob and Robert, or must have permission on all (*). For more information about permissions, see Permissions and Policies.
872 */
873 updateUser(callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
874 /**
875 * Uploads an SSH public key and associates it with the specified IAM user. The SSH public key uploaded by this action can be used only for authenticating the associated IAM user to an AWS CodeCommit repository. For more information about using SSH keys to authenticate to an AWS CodeCommit repository, see Set up AWS CodeCommit for SSH Connections in the AWS CodeCommit User Guide.
876 */
877 uploadSSHPublicKey(params: IAM.Types.UploadSSHPublicKeyRequest, callback?: (err: AWSError, data: IAM.Types.UploadSSHPublicKeyResponse) => void): Request<IAM.Types.UploadSSHPublicKeyResponse, AWSError>;
878 /**
879 * Uploads an SSH public key and associates it with the specified IAM user. The SSH public key uploaded by this action can be used only for authenticating the associated IAM user to an AWS CodeCommit repository. For more information about using SSH keys to authenticate to an AWS CodeCommit repository, see Set up AWS CodeCommit for SSH Connections in the AWS CodeCommit User Guide.
880 */
881 uploadSSHPublicKey(callback?: (err: AWSError, data: IAM.Types.UploadSSHPublicKeyResponse) => void): Request<IAM.Types.UploadSSHPublicKeyResponse, AWSError>;
882 /**
883 * Uploads a server certificate entity for the AWS account. The server certificate entity includes a public key certificate, a private key, and an optional certificate chain, which should all be PEM-encoded. For more information about working with server certificates, including a list of AWS services that can use the server certificates that you manage with IAM, go to Working with Server Certificates in the IAM User Guide. For information about the number of server certificates you can upload, see Limitations on IAM Entities and Objects in the IAM User Guide. Because the body of the public key certificate, private key, and the certificate chain can be large, you should use POST rather than GET when calling UploadServerCertificate. For information about setting up signatures and authorization through the API, go to Signing AWS API Requests in the AWS General Reference. For general information about using the Query API with IAM, go to Calling the API by Making HTTP Query Requests in the IAM User Guide.
884 */
885 uploadServerCertificate(params: IAM.Types.UploadServerCertificateRequest, callback?: (err: AWSError, data: IAM.Types.UploadServerCertificateResponse) => void): Request<IAM.Types.UploadServerCertificateResponse, AWSError>;
886 /**
887 * Uploads a server certificate entity for the AWS account. The server certificate entity includes a public key certificate, a private key, and an optional certificate chain, which should all be PEM-encoded. For more information about working with server certificates, including a list of AWS services that can use the server certificates that you manage with IAM, go to Working with Server Certificates in the IAM User Guide. For information about the number of server certificates you can upload, see Limitations on IAM Entities and Objects in the IAM User Guide. Because the body of the public key certificate, private key, and the certificate chain can be large, you should use POST rather than GET when calling UploadServerCertificate. For information about setting up signatures and authorization through the API, go to Signing AWS API Requests in the AWS General Reference. For general information about using the Query API with IAM, go to Calling the API by Making HTTP Query Requests in the IAM User Guide.
888 */
889 uploadServerCertificate(callback?: (err: AWSError, data: IAM.Types.UploadServerCertificateResponse) => void): Request<IAM.Types.UploadServerCertificateResponse, AWSError>;
890 /**
891 * Uploads an X.509 signing certificate and associates it with the specified IAM user. Some AWS services use X.509 signing certificates to validate requests that are signed with a corresponding private key. When you upload the certificate, its default status is Active. If the UserName field is not specified, the IAM user name is determined implicitly based on the AWS access key ID used to sign the request. Because this action works for access keys under the AWS account, you can use this action to manage root credentials even if the AWS account has no associated users. Because the body of a X.509 certificate can be large, you should use POST rather than GET when calling UploadSigningCertificate. For information about setting up signatures and authorization through the API, go to Signing AWS API Requests in the AWS General Reference. For general information about using the Query API with IAM, go to Making Query Requests in the IAM User Guide.
892 */
893 uploadSigningCertificate(params: IAM.Types.UploadSigningCertificateRequest, callback?: (err: AWSError, data: IAM.Types.UploadSigningCertificateResponse) => void): Request<IAM.Types.UploadSigningCertificateResponse, AWSError>;
894 /**
895 * Uploads an X.509 signing certificate and associates it with the specified IAM user. Some AWS services use X.509 signing certificates to validate requests that are signed with a corresponding private key. When you upload the certificate, its default status is Active. If the UserName field is not specified, the IAM user name is determined implicitly based on the AWS access key ID used to sign the request. Because this action works for access keys under the AWS account, you can use this action to manage root credentials even if the AWS account has no associated users. Because the body of a X.509 certificate can be large, you should use POST rather than GET when calling UploadSigningCertificate. For information about setting up signatures and authorization through the API, go to Signing AWS API Requests in the AWS General Reference. For general information about using the Query API with IAM, go to Making Query Requests in the IAM User Guide.
896 */
897 uploadSigningCertificate(callback?: (err: AWSError, data: IAM.Types.UploadSigningCertificateResponse) => void): Request<IAM.Types.UploadSigningCertificateResponse, AWSError>;
898 /**
899 * Waits for the instanceProfileExists state by periodically calling the underlying IAM.getInstanceProfileoperation every 1 seconds (at most 40 times).
900 */
901 waitFor(state: "instanceProfileExists", params: IAM.Types.GetInstanceProfileRequest, callback?: (err: AWSError, data: IAM.Types.GetInstanceProfileResponse) => void): Request<IAM.Types.GetInstanceProfileResponse, AWSError>;
902 /**
903 * Waits for the instanceProfileExists state by periodically calling the underlying IAM.getInstanceProfileoperation every 1 seconds (at most 40 times).
904 */
905 waitFor(state: "instanceProfileExists", callback?: (err: AWSError, data: IAM.Types.GetInstanceProfileResponse) => void): Request<IAM.Types.GetInstanceProfileResponse, AWSError>;
906 /**
907 * Waits for the userExists state by periodically calling the underlying IAM.getUseroperation every 1 seconds (at most 20 times).
908 */
909 waitFor(state: "userExists", params: IAM.Types.GetUserRequest, callback?: (err: AWSError, data: IAM.Types.GetUserResponse) => void): Request<IAM.Types.GetUserResponse, AWSError>;
910 /**
911 * Waits for the userExists state by periodically calling the underlying IAM.getUseroperation every 1 seconds (at most 20 times).
912 */
913 waitFor(state: "userExists", callback?: (err: AWSError, data: IAM.Types.GetUserResponse) => void): Request<IAM.Types.GetUserResponse, AWSError>;
914 }
915 declare namespace IAM.Types {
916 export interface AccessKey {
917 /**
918 * The name of the IAM user that the access key is associated with.
919 */
920 UserName: userNameType;
921 /**
922 * The ID for this access key.
923 */
924 AccessKeyId: accessKeyIdType;
925 /**
926 * The status of the access key. Active means the key is valid for API calls, while Inactive means it is not.
927 */
928 Status: statusType;
929 /**
930 * The secret key used to sign requests.
931 */
932 SecretAccessKey: accessKeySecretType;
933 /**
934 * The date when the access key was created.
935 */
936 CreateDate?: dateType;
937 }
938 export interface AccessKeyLastUsed {
939 /**
940 * The date and time, in ISO 8601 date-time format, when the access key was most recently used. This field is null when: The user does not have an access key. An access key exists but has never been used, at least not since IAM started tracking this information on April 22nd, 2015. There is no sign-in data associated with the user
941 */
942 LastUsedDate: dateType;
943 /**
944 * The name of the AWS service with which this access key was most recently used. This field is null when: The user does not have an access key. An access key exists but has never been used, at least not since IAM started tracking this information on April 22nd, 2015. There is no sign-in data associated with the user
945 */
946 ServiceName: stringType;
947 /**
948 * The AWS region where this access key was most recently used. This field is null when: The user does not have an access key. An access key exists but has never been used, at least not since IAM started tracking this information on April 22nd, 2015. There is no sign-in data associated with the user For more information about AWS regions, see Regions and Endpoints in the Amazon Web Services General Reference.
949 */
950 Region: stringType;
951 }
952 export interface AccessKeyMetadata {
953 /**
954 * The name of the IAM user that the key is associated with.
955 */
956 UserName?: userNameType;
957 /**
958 * The ID for this access key.
959 */
960 AccessKeyId?: accessKeyIdType;
961 /**
962 * The status of the access key. Active means the key is valid for API calls; Inactive means it is not.
963 */
964 Status?: statusType;
965 /**
966 * The date when the access key was created.
967 */
968 CreateDate?: dateType;
969 }
970 export type ActionNameListType = ActionNameType[];
971 export type ActionNameType = string;
972 export interface AddClientIDToOpenIDConnectProviderRequest {
973 /**
974 * The Amazon Resource Name (ARN) of the IAM OpenID Connect (OIDC) provider resource to add the client ID to. You can get a list of OIDC provider ARNs by using the ListOpenIDConnectProviders action.
975 */
976 OpenIDConnectProviderArn: arnType;
977 /**
978 * The client ID (also known as audience) to add to the IAM OpenID Connect provider resource.
979 */
980 ClientID: clientIDType;
981 }
982 export interface AddRoleToInstanceProfileRequest {
983 /**
984 * The name of the instance profile to update. The regex pattern for this parameter is a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
985 */
986 InstanceProfileName: instanceProfileNameType;
987 /**
988 * The name of the role to add. The regex pattern for this parameter is a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
989 */
990 RoleName: roleNameType;
991 }
992 export interface AddUserToGroupRequest {
993 /**
994 * The name of the group to update. The regex pattern for this parameter is a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
995 */
996 GroupName: groupNameType;
997 /**
998 * The name of the user to add. The regex pattern for this parameter is a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
999 */
1000 UserName: existingUserNameType;
1001 }
1002 export interface AttachGroupPolicyRequest {
1003 /**
1004 * The name (friendly name, not ARN) of the group to attach the policy to. The regex pattern for this parameter is a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
1005 */
1006 GroupName: groupNameType;
1007 /**
1008 * The Amazon Resource Name (ARN) of the IAM policy you want to attach. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.
1009 */
1010 PolicyArn: arnType;
1011 }
1012 export interface AttachRolePolicyRequest {
1013 /**
1014 * The name (friendly name, not ARN) of the role to attach the policy to. The regex pattern for this parameter is a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
1015 */
1016 RoleName: roleNameType;
1017 /**
1018 * The Amazon Resource Name (ARN) of the IAM policy you want to attach. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.
1019 */
1020 PolicyArn: arnType;
1021 }
1022 export interface AttachUserPolicyRequest {
1023 /**
1024 * The name (friendly name, not ARN) of the IAM user to attach the policy to. The regex pattern for this parameter is a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
1025 */
1026 UserName: userNameType;
1027 /**
1028 * The Amazon Resource Name (ARN) of the IAM policy you want to attach. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.
1029 */
1030 PolicyArn: arnType;
1031 }
1032 export interface AttachedPolicy {
1033 /**
1034 * The friendly name of the attached policy.
1035 */
1036 PolicyName?: policyNameType;
1037 PolicyArn?: arnType;
1038 }
1039 export type BootstrapDatum = Buffer|Uint8Array|Blob|string;
1040 export interface ChangePasswordRequest {
1041 /**
1042 * The IAM user's current password.
1043 */
1044 OldPassword: passwordType;
1045 /**
1046 * The new password. The new password must conform to the AWS account's password policy, if one exists. The regex pattern for this parameter is a string of characters consisting of almost any printable ASCII character from the space (\u0020) through the end of the ASCII character range (\u00FF). You can also include the tab (\u0009), line feed (\u000A), and carriage return (\u000D) characters. Although any of these characters are valid in a password, note that many tools, such as the AWS Management Console, might restrict the ability to enter certain characters because they have special meaning within that tool.
1047 */
1048 NewPassword: passwordType;
1049 }
1050 export type ColumnNumber = number;
1051 export interface ContextEntry {
1052 /**
1053 * The full name of a condition context key, including the service prefix. For example, aws:SourceIp or s3:VersionId.
1054 */
1055 ContextKeyName?: ContextKeyNameType;
1056 /**
1057 * The value (or values, if the condition context key supports multiple values) to provide to the simulation for use when the key is referenced by a Condition element in an input policy.
1058 */
1059 ContextKeyValues?: ContextKeyValueListType;
1060 /**
1061 * The data type of the value (or values) specified in the ContextKeyValues parameter.
1062 */
1063 ContextKeyType?: ContextKeyTypeEnum;
1064 }
1065 export type ContextEntryListType = ContextEntry[];
1066 export type ContextKeyNameType = string;
1067 export type ContextKeyNamesResultListType = ContextKeyNameType[];
1068 export type ContextKeyTypeEnum = "string"|"stringList"|"numeric"|"numericList"|"boolean"|"booleanList"|"ip"|"ipList"|"binary"|"binaryList"|"date"|"dateList"|string;
1069 export type ContextKeyValueListType = ContextKeyValueType[];
1070 export type ContextKeyValueType = string;
1071 export interface CreateAccessKeyRequest {
1072 /**
1073 * The name of the IAM user that the new key will belong to. The regex pattern for this parameter is a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
1074 */
1075 UserName?: existingUserNameType;
1076 }
1077 export interface CreateAccessKeyResponse {
1078 /**
1079 * A structure with details about the access key.
1080 */
1081 AccessKey: AccessKey;
1082 }
1083 export interface CreateAccountAliasRequest {
1084 /**
1085 * The account alias to create. The regex pattern for this parameter is a string of characters consisting of lowercase letters, digits, and dashes. You cannot start or finish with a dash, nor can you have two dashes in a row.
1086 */
1087 AccountAlias: accountAliasType;
1088 }
1089 export interface CreateGroupRequest {
1090 /**
1091 * The path to the group. For more information about paths, see IAM Identifiers in the IAM User Guide. This parameter is optional. If it is not included, it defaults to a slash (/). The regex pattern for this parameter is a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes, containing any ASCII character from the ! (\u0021) thru the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.
1092 */
1093 Path?: pathType;
1094 /**
1095 * The name of the group to create. Do not include the path in this value. The regex pattern for this parameter is a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-. The group name must be unique within the account. Group names are not distinguished by case. For example, you cannot create groups named both "ADMINS" and "admins".
1096 */
1097 GroupName: groupNameType;
1098 }
1099 export interface CreateGroupResponse {
1100 /**
1101 * A structure containing details about the new group.
1102 */
1103 Group: Group;
1104 }
1105 export interface CreateInstanceProfileRequest {
1106 /**
1107 * The name of the instance profile to create. The regex pattern for this parameter is a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
1108 */
1109 InstanceProfileName: instanceProfileNameType;
1110 /**
1111 * The path to the instance profile. For more information about paths, see IAM Identifiers in the IAM User Guide. This parameter is optional. If it is not included, it defaults to a slash (/). The regex pattern for this parameter is a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes, containing any ASCII character from the ! (\u0021) thru the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.
1112 */
1113 Path?: pathType;
1114 }
1115 export interface CreateInstanceProfileResponse {
1116 /**
1117 * A structure containing details about the new instance profile.
1118 */
1119 InstanceProfile: InstanceProfile;
1120 }
1121 export interface CreateLoginProfileRequest {
1122 /**
1123 * The name of the IAM user to create a password for. The user must already exist. The regex pattern for this parameter is a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
1124 */
1125 UserName: userNameType;
1126 /**
1127 * The new password for the user. The regex pattern for this parameter is a string of characters consisting of almost any printable ASCII character from the space (\u0020) through the end of the ASCII character range (\u00FF). You can also include the tab (\u0009), line feed (\u000A), and carriage return (\u000D) characters. Although any of these characters are valid in a password, note that many tools, such as the AWS Management Console, might restrict the ability to enter certain characters because they have special meaning within that tool.
1128 */
1129 Password: passwordType;
1130 /**
1131 * Specifies whether the user is required to set a new password on next sign-in.
1132 */
1133 PasswordResetRequired?: booleanType;
1134 }
1135 export interface CreateLoginProfileResponse {
1136 /**
1137 * A structure containing the user name and password create date.
1138 */
1139 LoginProfile: LoginProfile;
1140 }
1141 export interface CreateOpenIDConnectProviderRequest {
1142 /**
1143 * The URL of the identity provider. The URL must begin with "https://" and should correspond to the iss claim in the provider's OpenID Connect ID tokens. Per the OIDC standard, path components are allowed but query parameters are not. Typically the URL consists of only a host name, like "https://server.example.org" or "https://example.com". You cannot register the same provider multiple times in a single AWS account. If you try to submit a URL that has already been used for an OpenID Connect provider in the AWS account, you will get an error.
1144 */
1145 Url: OpenIDConnectProviderUrlType;
1146 /**
1147 * A list of client IDs (also known as audiences). When a mobile or web app registers with an OpenID Connect provider, they establish a value that identifies the application. (This is the value that's sent as the client_id parameter on OAuth requests.) You can register multiple client IDs with the same provider. For example, you might have multiple applications that use the same OIDC provider. You cannot register more than 100 client IDs with a single IAM OIDC provider. There is no defined format for a client ID. The CreateOpenIDConnectProviderRequest action accepts client IDs up to 255 characters long.
1148 */
1149 ClientIDList?: clientIDListType;
1150 /**
1151 * A list of server certificate thumbprints for the OpenID Connect (OIDC) identity provider's server certificate(s). Typically this list includes only one entry. However, IAM lets you have up to five thumbprints for an OIDC provider. This lets you maintain multiple thumbprints if the identity provider is rotating certificates. The server certificate thumbprint is the hex-encoded SHA-1 hash value of the X.509 certificate used by the domain where the OpenID Connect provider makes its keys available. It is always a 40-character string. You must provide at least one thumbprint when creating an IAM OIDC provider. For example, if the OIDC provider is server.example.com and the provider stores its keys at "https://keys.server.example.com/openid-connect", the thumbprint string would be the hex-encoded SHA-1 hash value of the certificate used by https://keys.server.example.com. For more information about obtaining the OIDC provider's thumbprint, see Obtaining the Thumbprint for an OpenID Connect Provider in the IAM User Guide.
1152 */
1153 ThumbprintList: thumbprintListType;
1154 }
1155 export interface CreateOpenIDConnectProviderResponse {
1156 /**
1157 * The Amazon Resource Name (ARN) of the new IAM OpenID Connect provider that is created. For more information, see OpenIDConnectProviderListEntry.
1158 */
1159 OpenIDConnectProviderArn?: arnType;
1160 }
1161 export interface CreatePolicyRequest {
1162 /**
1163 * The friendly name of the policy. The regex pattern for this parameter is a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
1164 */
1165 PolicyName: policyNameType;
1166 /**
1167 * The path for the policy. For more information about paths, see IAM Identifiers in the IAM User Guide. This parameter is optional. If it is not included, it defaults to a slash (/). The regex pattern for this parameter is a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes, containing any ASCII character from the ! (\u0021) thru the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.
1168 */
1169 Path?: policyPathType;
1170 /**
1171 * The JSON policy document that you want to use as the content for the new policy. The regex pattern for this parameter is a string of characters consisting of any printable ASCII character ranging from the space character (\u0020) through end of the ASCII character range (\u00FF). It also includes the special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D).
1172 */
1173 PolicyDocument: policyDocumentType;
1174 /**
1175 * A friendly description of the policy. Typically used to store information about the permissions defined in the policy. For example, "Grants access to production DynamoDB tables." The policy description is immutable. After a value is assigned, it cannot be changed.
1176 */
1177 Description?: policyDescriptionType;
1178 }
1179 export interface CreatePolicyResponse {
1180 /**
1181 * A structure containing details about the new policy.
1182 */
1183 Policy?: Policy;
1184 }
1185 export interface CreatePolicyVersionRequest {
1186 /**
1187 * The Amazon Resource Name (ARN) of the IAM policy to which you want to add a new version. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.
1188 */
1189 PolicyArn: arnType;
1190 /**
1191 * The JSON policy document that you want to use as the content for this new version of the policy. The regex pattern for this parameter is a string of characters consisting of any printable ASCII character ranging from the space character (\u0020) through end of the ASCII character range (\u00FF). It also includes the special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D).
1192 */
1193 PolicyDocument: policyDocumentType;
1194 /**
1195 * Specifies whether to set this version as the policy's default version. When this parameter is true, the new policy version becomes the operative version; that is, the version that is in effect for the IAM users, groups, and roles that the policy is attached to. For more information about managed policy versions, see Versioning for Managed Policies in the IAM User Guide.
1196 */
1197 SetAsDefault?: booleanType;
1198 }
1199 export interface CreatePolicyVersionResponse {
1200 /**
1201 * A structure containing details about the new policy version.
1202 */
1203 PolicyVersion?: PolicyVersion;
1204 }
1205 export interface CreateRoleRequest {
1206 /**
1207 * The path to the role. For more information about paths, see IAM Identifiers in the IAM User Guide. This parameter is optional. If it is not included, it defaults to a slash (/). The regex pattern for this parameter is a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes, containing any ASCII character from the ! (\u0021) thru the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.
1208 */
1209 Path?: pathType;
1210 /**
1211 * The name of the role to create. The regex pattern for this parameter is a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-. Role names are not distinguished by case. For example, you cannot create roles named both "PRODROLE" and "prodrole".
1212 */
1213 RoleName: roleNameType;
1214 /**
1215 * The trust relationship policy document that grants an entity permission to assume the role. The regex pattern for this parameter is a string of characters consisting of any printable ASCII character ranging from the space character (\u0020) through end of the ASCII character range (\u00FF). It also includes the special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D).
1216 */
1217 AssumeRolePolicyDocument: policyDocumentType;
1218 }
1219 export interface CreateRoleResponse {
1220 /**
1221 * A structure containing details about the new role.
1222 */
1223 Role: Role;
1224 }
1225 export interface CreateSAMLProviderRequest {
1226 /**
1227 * An XML document generated by an identity provider (IdP) that supports SAML 2.0. The document includes the issuer's name, expiration information, and keys that can be used to validate the SAML authentication response (assertions) that are received from the IdP. You must generate the metadata document using the identity management software that is used as your organization's IdP. For more information, see About SAML 2.0-based Federation in the IAM User Guide
1228 */
1229 SAMLMetadataDocument: SAMLMetadataDocumentType;
1230 /**
1231 * The name of the provider to create. The regex pattern for this parameter is a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
1232 */
1233 Name: SAMLProviderNameType;
1234 }
1235 export interface CreateSAMLProviderResponse {
1236 /**
1237 * The Amazon Resource Name (ARN) of the new SAML provider resource in IAM.
1238 */
1239 SAMLProviderArn?: arnType;
1240 }
1241 export interface CreateUserRequest {
1242 /**
1243 * The path for the user name. For more information about paths, see IAM Identifiers in the IAM User Guide. This parameter is optional. If it is not included, it defaults to a slash (/). The regex pattern for this parameter is a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes, containing any ASCII character from the ! (\u0021) thru the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.
1244 */
1245 Path?: pathType;
1246 /**
1247 * The name of the user to create. The regex pattern for this parameter is a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-. User names are not distinguished by case. For example, you cannot create users named both "TESTUSER" and "testuser".
1248 */
1249 UserName: userNameType;
1250 }
1251 export interface CreateUserResponse {
1252 /**
1253 * A structure with details about the new IAM user.
1254 */
1255 User?: User;
1256 }
1257 export interface CreateVirtualMFADeviceRequest {
1258 /**
1259 * The path for the virtual MFA device. For more information about paths, see IAM Identifiers in the IAM User Guide. This parameter is optional. If it is not included, it defaults to a slash (/). The regex pattern for this parameter is a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes, containing any ASCII character from the ! (\u0021) thru the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.
1260 */
1261 Path?: pathType;
1262 /**
1263 * The name of the virtual MFA device. Use with path to uniquely identify a virtual MFA device. The regex pattern for this parameter is a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
1264 */
1265 VirtualMFADeviceName: virtualMFADeviceName;
1266 }
1267 export interface CreateVirtualMFADeviceResponse {
1268 /**
1269 * A structure containing details about the new virtual MFA device.
1270 */
1271 VirtualMFADevice: VirtualMFADevice;
1272 }
1273 export interface DeactivateMFADeviceRequest {
1274 /**
1275 * The name of the user whose MFA device you want to deactivate. The regex pattern for this parameter is a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
1276 */
1277 UserName: existingUserNameType;
1278 /**
1279 * The serial number that uniquely identifies the MFA device. For virtual MFA devices, the serial number is the device ARN. The regex pattern for this parameter is a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =/:,.@-
1280 */
1281 SerialNumber: serialNumberType;
1282 }
1283 export interface DeleteAccessKeyRequest {
1284 /**
1285 * The name of the user whose access key pair you want to delete. The regex pattern for this parameter is a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
1286 */
1287 UserName?: existingUserNameType;
1288 /**
1289 * The access key ID for the access key ID and secret access key you want to delete. The regex pattern for this parameter is a string of characters that can consist of any upper or lowercased letter or digit.
1290 */
1291 AccessKeyId: accessKeyIdType;
1292 }
1293 export interface DeleteAccountAliasRequest {
1294 /**
1295 * The name of the account alias to delete. The regex pattern for this parameter is a string of characters consisting of lowercase letters, digits, and dashes. You cannot start or finish with a dash, nor can you have two dashes in a row.
1296 */
1297 AccountAlias: accountAliasType;
1298 }
1299 export interface DeleteGroupPolicyRequest {
1300 /**
1301 * The name (friendly name, not ARN) identifying the group that the policy is embedded in. The regex pattern for this parameter is a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
1302 */
1303 GroupName: groupNameType;
1304 /**
1305 * The name identifying the policy document to delete. The regex pattern for this parameter is a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
1306 */
1307 PolicyName: policyNameType;
1308 }
1309 export interface DeleteGroupRequest {
1310 /**
1311 * The name of the IAM group to delete. The regex pattern for this parameter is a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
1312 */
1313 GroupName: groupNameType;
1314 }
1315 export interface DeleteInstanceProfileRequest {
1316 /**
1317 * The name of the instance profile to delete. The regex pattern for this parameter is a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
1318 */
1319 InstanceProfileName: instanceProfileNameType;
1320 }
1321 export interface DeleteLoginProfileRequest {
1322 /**
1323 * The name of the user whose password you want to delete. The regex pattern for this parameter is a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
1324 */
1325 UserName: userNameType;
1326 }
1327 export interface DeleteOpenIDConnectProviderRequest {
1328 /**
1329 * The Amazon Resource Name (ARN) of the IAM OpenID Connect provider resource object to delete. You can get a list of OpenID Connect provider resource ARNs by using the ListOpenIDConnectProviders action.
1330 */
1331 OpenIDConnectProviderArn: arnType;
1332 }
1333 export interface DeletePolicyRequest {
1334 /**
1335 * The Amazon Resource Name (ARN) of the IAM policy you want to delete. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.
1336 */
1337 PolicyArn: arnType;
1338 }
1339 export interface DeletePolicyVersionRequest {
1340 /**
1341 * The Amazon Resource Name (ARN) of the IAM policy from which you want to delete a version. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.
1342 */
1343 PolicyArn: arnType;
1344 /**
1345 * The policy version to delete. The regex pattern for this parameter is a string of characters that consists of the lowercase letter 'v' followed by one or two digits, and optionally followed by a period '.' and a string of letters and digits. For more information about managed policy versions, see Versioning for Managed Policies in the IAM User Guide.
1346 */
1347 VersionId: policyVersionIdType;
1348 }
1349 export interface DeleteRolePolicyRequest {
1350 /**
1351 * The name (friendly name, not ARN) identifying the role that the policy is embedded in. The regex pattern for this parameter is a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
1352 */
1353 RoleName: roleNameType;
1354 /**
1355 * The name of the inline policy to delete from the specified IAM role. The regex pattern for this parameter is a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
1356 */
1357 PolicyName: policyNameType;
1358 }
1359 export interface DeleteRoleRequest {
1360 /**
1361 * The name of the role to delete. The regex pattern for this parameter is a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
1362 */
1363 RoleName: roleNameType;
1364 }
1365 export interface DeleteSAMLProviderRequest {
1366 /**
1367 * The Amazon Resource Name (ARN) of the SAML provider to delete.
1368 */
1369 SAMLProviderArn: arnType;
1370 }
1371 export interface DeleteSSHPublicKeyRequest {
1372 /**
1373 * The name of the IAM user associated with the SSH public key. The regex pattern for this parameter is a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
1374 */
1375 UserName: userNameType;
1376 /**
1377 * The unique identifier for the SSH public key. The regex pattern for this parameter is a string of characters that can consist of any upper or lowercased letter or digit.
1378 */
1379 SSHPublicKeyId: publicKeyIdType;
1380 }
1381 export interface DeleteServerCertificateRequest {
1382 /**
1383 * The name of the server certificate you want to delete. The regex pattern for this parameter is a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
1384 */
1385 ServerCertificateName: serverCertificateNameType;
1386 }
1387 export interface DeleteSigningCertificateRequest {
1388 /**
1389 * The name of the user the signing certificate belongs to. The regex pattern for this parameter is a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
1390 */
1391 UserName?: existingUserNameType;
1392 /**
1393 * The ID of the signing certificate to delete. The format of this parameter, as described by its regex pattern, is a string of characters that can be upper- or lower-cased letters or digits.
1394 */
1395 CertificateId: certificateIdType;
1396 }
1397 export interface DeleteUserPolicyRequest {
1398 /**
1399 * The name (friendly name, not ARN) identifying the user that the policy is embedded in. The regex pattern for this parameter is a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
1400 */
1401 UserName: existingUserNameType;
1402 /**
1403 * The name identifying the policy document to delete. The regex pattern for this parameter is a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
1404 */
1405 PolicyName: policyNameType;
1406 }
1407 export interface DeleteUserRequest {
1408 /**
1409 * The name of the user to delete. The regex pattern for this parameter is a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
1410 */
1411 UserName: existingUserNameType;
1412 }
1413 export interface DeleteVirtualMFADeviceRequest {
1414 /**
1415 * The serial number that uniquely identifies the MFA device. For virtual MFA devices, the serial number is the same as the ARN. The regex pattern for this parameter is a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =/:,.@-
1416 */
1417 SerialNumber: serialNumberType;
1418 }
1419 export interface DetachGroupPolicyRequest {
1420 /**
1421 * The name (friendly name, not ARN) of the IAM group to detach the policy from. The regex pattern for this parameter is a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
1422 */
1423 GroupName: groupNameType;
1424 /**
1425 * The Amazon Resource Name (ARN) of the IAM policy you want to detach. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.
1426 */
1427 PolicyArn: arnType;
1428 }
1429 export interface DetachRolePolicyRequest {
1430 /**
1431 * The name (friendly name, not ARN) of the IAM role to detach the policy from. The regex pattern for this parameter is a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
1432 */
1433 RoleName: roleNameType;
1434 /**
1435 * The Amazon Resource Name (ARN) of the IAM policy you want to detach. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.
1436 */
1437 PolicyArn: arnType;
1438 }
1439 export interface DetachUserPolicyRequest {
1440 /**
1441 * The name (friendly name, not ARN) of the IAM user to detach the policy from. The regex pattern for this parameter is a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
1442 */
1443 UserName: userNameType;
1444 /**
1445 * The Amazon Resource Name (ARN) of the IAM policy you want to detach. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.
1446 */
1447 PolicyArn: arnType;
1448 }
1449 export interface EnableMFADeviceRequest {
1450 /**
1451 * The name of the IAM user for whom you want to enable the MFA device. The regex pattern for this parameter is a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
1452 */
1453 UserName: existingUserNameType;
1454 /**
1455 * The serial number that uniquely identifies the MFA device. For virtual MFA devices, the serial number is the device ARN. The regex pattern for this parameter is a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =/:,.@-
1456 */
1457 SerialNumber: serialNumberType;
1458 /**
1459 * An authentication code emitted by the device. The format for this parameter is a string of 6 digits.
1460 */
1461 AuthenticationCode1: authenticationCodeType;
1462 /**
1463 * A subsequent authentication code emitted by the device. The format for this parameter is a string of 6 digits.
1464 */
1465 AuthenticationCode2: authenticationCodeType;
1466 }
1467 export type EntityType = "User"|"Role"|"Group"|"LocalManagedPolicy"|"AWSManagedPolicy"|string;
1468 export type EvalDecisionDetailsType = {[key: string]: PolicyEvaluationDecisionType};
1469 export type EvalDecisionSourceType = string;
1470 export interface EvaluationResult {
1471 /**
1472 * The name of the API action tested on the indicated resource.
1473 */
1474 EvalActionName: ActionNameType;
1475 /**
1476 * The ARN of the resource that the indicated API action was tested on.
1477 */
1478 EvalResourceName?: ResourceNameType;
1479 /**
1480 * The result of the simulation.
1481 */
1482 EvalDecision: PolicyEvaluationDecisionType;
1483 /**
1484 * A list of the statements in the input policies that determine the result for this scenario. Remember that even if multiple statements allow the action on the resource, if only one statement denies that action, then the explicit deny overrides any allow, and the deny statement is the only entry included in the result.
1485 */
1486 MatchedStatements?: StatementListType;
1487 /**
1488 * A list of context keys that are required by the included input policies but that were not provided by one of the input parameters. This list is used when the resource in a simulation is "*", either explicitly, or when the ResourceArns parameter blank. If you include a list of resources, then any missing context values are instead included under the ResourceSpecificResults section. To discover the context keys used by a set of policies, you can call GetContextKeysForCustomPolicy or GetContextKeysForPrincipalPolicy.
1489 */
1490 MissingContextValues?: ContextKeyNamesResultListType;
1491 /**
1492 * Additional details about the results of the evaluation decision. When there are both IAM policies and resource policies, this parameter explains how each set of policies contributes to the final evaluation decision. When simulating cross-account access to a resource, both the resource-based policy and the caller's IAM policy must grant access. See How IAM Roles Differ from Resource-based Policies
1493 */
1494 EvalDecisionDetails?: EvalDecisionDetailsType;
1495 /**
1496 * The individual results of the simulation of the API action specified in EvalActionName on each resource.
1497 */
1498 ResourceSpecificResults?: ResourceSpecificResultListType;
1499 }
1500 export type EvaluationResultsListType = EvaluationResult[];
1501 export interface GenerateCredentialReportResponse {
1502 /**
1503 * Information about the state of the credential report.
1504 */
1505 State?: ReportStateType;
1506 /**
1507 * Information about the credential report.
1508 */
1509 Description?: ReportStateDescriptionType;
1510 }
1511 export interface GetAccessKeyLastUsedRequest {
1512 /**
1513 * The identifier of an access key. The regex pattern for this parameter is a string of characters that can consist of any upper or lowercased letter or digit.
1514 */
1515 AccessKeyId: accessKeyIdType;
1516 }
1517 export interface GetAccessKeyLastUsedResponse {
1518 /**
1519 * The name of the AWS IAM user that owns this access key.
1520 */
1521 UserName?: existingUserNameType;
1522 /**
1523 * Contains information about the last time the access key was used.
1524 */
1525 AccessKeyLastUsed?: AccessKeyLastUsed;
1526 }
1527 export interface GetAccountAuthorizationDetailsRequest {
1528 /**
1529 * A list of entity types used to filter the results. Only the entities that match the types you specify are included in the output. Use the value LocalManagedPolicy to include customer managed policies. The format for this parameter is a comma-separated (if more than one) list of strings. Each string value in the list must be one of the valid values listed below.
1530 */
1531 Filter?: entityListType;
1532 /**
1533 * Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the IsTruncated response element is true. This parameter is optional. If you do not include it, it defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true and Marker contains a value to include in the subsequent call that tells the service where to continue from.
1534 */
1535 MaxItems?: maxItemsType;
1536 /**
1537 * Use this parameter only when paginating results and only after you receive a response indicating that the results are truncated. Set it to the value of the Marker element in the response that you received to indicate where the next call should start.
1538 */
1539 Marker?: markerType;
1540 }
1541 export interface GetAccountAuthorizationDetailsResponse {
1542 /**
1543 * A list containing information about IAM users.
1544 */
1545 UserDetailList?: userDetailListType;
1546 /**
1547 * A list containing information about IAM groups.
1548 */
1549 GroupDetailList?: groupDetailListType;
1550 /**
1551 * A list containing information about IAM roles.
1552 */
1553 RoleDetailList?: roleDetailListType;
1554 /**
1555 * A list containing information about managed policies.
1556 */
1557 Policies?: ManagedPolicyDetailListType;
1558 /**
1559 * A flag that indicates whether there are more items to return. If your results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items. Note that IAM might return fewer than the MaxItems number of results even when there are more results available. We recommend that you check IsTruncated after every call to ensure that you receive all of your results.
1560 */
1561 IsTruncated?: booleanType;
1562 /**
1563 * When IsTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent pagination request.
1564 */
1565 Marker?: markerType;
1566 }
1567 export interface GetAccountPasswordPolicyResponse {
1568 PasswordPolicy: PasswordPolicy;
1569 }
1570 export interface GetAccountSummaryResponse {
1571 /**
1572 * A set of key value pairs containing information about IAM entity usage and IAM quotas.
1573 */
1574 SummaryMap?: summaryMapType;
1575 }
1576 export interface GetContextKeysForCustomPolicyRequest {
1577 /**
1578 * A list of policies for which you want the list of context keys referenced in those policies. Each document is specified as a string containing the complete, valid JSON text of an IAM policy. The regex pattern for this parameter is a string of characters consisting of any printable ASCII character ranging from the space character (\u0020) through end of the ASCII character range (\u00FF). It also includes the special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D).
1579 */
1580 PolicyInputList: SimulationPolicyListType;
1581 }
1582 export interface GetContextKeysForPolicyResponse {
1583 /**
1584 * The list of context keys that are referenced in the input policies.
1585 */
1586 ContextKeyNames?: ContextKeyNamesResultListType;
1587 }
1588 export interface GetContextKeysForPrincipalPolicyRequest {
1589 /**
1590 * The ARN of a user, group, or role whose policies contain the context keys that you want listed. If you specify a user, the list includes context keys that are found in all policies attached to the user as well as to all groups that the user is a member of. If you pick a group or a role, then it includes only those context keys that are found in policies attached to that entity. Note that all parameters are shown in unencoded form here for clarity, but must be URL encoded to be included as a part of a real HTML request. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.
1591 */
1592 PolicySourceArn: arnType;
1593 /**
1594 * An optional list of additional policies for which you want the list of context keys that are referenced. The regex pattern for this parameter is a string of characters consisting of any printable ASCII character ranging from the space character (\u0020) through end of the ASCII character range (\u00FF). It also includes the special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D).
1595 */
1596 PolicyInputList?: SimulationPolicyListType;
1597 }
1598 export interface GetCredentialReportResponse {
1599 /**
1600 * Contains the credential report. The report is Base64-encoded.
1601 */
1602 Content?: ReportContentType;
1603 /**
1604 * The format (MIME type) of the credential report.
1605 */
1606 ReportFormat?: ReportFormatType;
1607 /**
1608 * The date and time when the credential report was created, in ISO 8601 date-time format.
1609 */
1610 GeneratedTime?: dateType;
1611 }
1612 export interface GetGroupPolicyRequest {
1613 /**
1614 * The name of the group the policy is associated with. The regex pattern for this parameter is a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
1615 */
1616 GroupName: groupNameType;
1617 /**
1618 * The name of the policy document to get. The regex pattern for this parameter is a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
1619 */
1620 PolicyName: policyNameType;
1621 }
1622 export interface GetGroupPolicyResponse {
1623 /**
1624 * The group the policy is associated with.
1625 */
1626 GroupName: groupNameType;
1627 /**
1628 * The name of the policy.
1629 */
1630 PolicyName: policyNameType;
1631 /**
1632 * The policy document.
1633 */
1634 PolicyDocument: policyDocumentType;
1635 }
1636 export interface GetGroupRequest {
1637 /**
1638 * The name of the group. The regex pattern for this parameter is a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
1639 */
1640 GroupName: groupNameType;
1641 /**
1642 * Use this parameter only when paginating results and only after you receive a response indicating that the results are truncated. Set it to the value of the Marker element in the response that you received to indicate where the next call should start.
1643 */
1644 Marker?: markerType;
1645 /**
1646 * Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the IsTruncated response element is true. This parameter is optional. If you do not include it, it defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true and Marker contains a value to include in the subsequent call that tells the service where to continue from.
1647 */
1648 MaxItems?: maxItemsType;
1649 }
1650 export interface GetGroupResponse {
1651 /**
1652 * A structure that contains details about the group.
1653 */
1654 Group: Group;
1655 /**
1656 * A list of users in the group.
1657 */
1658 Users: userListType;
1659 /**
1660 * A flag that indicates whether there are more items to return. If your results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items. Note that IAM might return fewer than the MaxItems number of results even when there are more results available. We recommend that you check IsTruncated after every call to ensure that you receive all of your results.
1661 */
1662 IsTruncated?: booleanType;
1663 /**
1664 * When IsTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent pagination request.
1665 */
1666 Marker?: markerType;
1667 }
1668 export interface GetInstanceProfileRequest {
1669 /**
1670 * The name of the instance profile to get information about. The regex pattern for this parameter is a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
1671 */
1672 InstanceProfileName: instanceProfileNameType;
1673 }
1674 export interface GetInstanceProfileResponse {
1675 /**
1676 * A structure containing details about the instance profile.
1677 */
1678 InstanceProfile: InstanceProfile;
1679 }
1680 export interface GetLoginProfileRequest {
1681 /**
1682 * The name of the user whose login profile you want to retrieve. The regex pattern for this parameter is a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
1683 */
1684 UserName: userNameType;
1685 }
1686 export interface GetLoginProfileResponse {
1687 /**
1688 * A structure containing the user name and password create date for the user.
1689 */
1690 LoginProfile: LoginProfile;
1691 }
1692 export interface GetOpenIDConnectProviderRequest {
1693 /**
1694 * The Amazon Resource Name (ARN) of the OIDC provider resource object in IAM to get information for. You can get a list of OIDC provider resource ARNs by using the ListOpenIDConnectProviders action. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.
1695 */
1696 OpenIDConnectProviderArn: arnType;
1697 }
1698 export interface GetOpenIDConnectProviderResponse {
1699 /**
1700 * The URL that the IAM OIDC provider resource object is associated with. For more information, see CreateOpenIDConnectProvider.
1701 */
1702 Url?: OpenIDConnectProviderUrlType;
1703 /**
1704 * A list of client IDs (also known as audiences) that are associated with the specified IAM OIDC provider resource object. For more information, see CreateOpenIDConnectProvider.
1705 */
1706 ClientIDList?: clientIDListType;
1707 /**
1708 * A list of certificate thumbprints that are associated with the specified IAM OIDC provider resource object. For more information, see CreateOpenIDConnectProvider.
1709 */
1710 ThumbprintList?: thumbprintListType;
1711 /**
1712 * The date and time when the IAM OIDC provider resource object was created in the AWS account.
1713 */
1714 CreateDate?: dateType;
1715 }
1716 export interface GetPolicyRequest {
1717 /**
1718 * The Amazon Resource Name (ARN) of the managed policy that you want information about. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.
1719 */
1720 PolicyArn: arnType;
1721 }
1722 export interface GetPolicyResponse {
1723 /**
1724 * A structure containing details about the policy.
1725 */
1726 Policy?: Policy;
1727 }
1728 export interface GetPolicyVersionRequest {
1729 /**
1730 * The Amazon Resource Name (ARN) of the managed policy that you want information about. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.
1731 */
1732 PolicyArn: arnType;
1733 /**
1734 * Identifies the policy version to retrieve. The regex pattern for this parameter is a string of characters that consists of the lowercase letter 'v' followed by one or two digits, and optionally followed by a period '.' and a string of letters and digits.
1735 */
1736 VersionId: policyVersionIdType;
1737 }
1738 export interface GetPolicyVersionResponse {
1739 /**
1740 * A structure containing details about the policy version.
1741 */
1742 PolicyVersion?: PolicyVersion;
1743 }
1744 export interface GetRolePolicyRequest {
1745 /**
1746 * The name of the role associated with the policy. The regex pattern for this parameter is a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
1747 */
1748 RoleName: roleNameType;
1749 /**
1750 * The name of the policy document to get. The regex pattern for this parameter is a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
1751 */
1752 PolicyName: policyNameType;
1753 }
1754 export interface GetRolePolicyResponse {
1755 /**
1756 * The role the policy is associated with.
1757 */
1758 RoleName: roleNameType;
1759 /**
1760 * The name of the policy.
1761 */
1762 PolicyName: policyNameType;
1763 /**
1764 * The policy document.
1765 */
1766 PolicyDocument: policyDocumentType;
1767 }
1768 export interface GetRoleRequest {
1769 /**
1770 * The name of the IAM role to get information about. The regex pattern for this parameter is a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
1771 */
1772 RoleName: roleNameType;
1773 }
1774 export interface GetRoleResponse {
1775 /**
1776 * A structure containing details about the IAM role.
1777 */
1778 Role: Role;
1779 }
1780 export interface GetSAMLProviderRequest {
1781 /**
1782 * The Amazon Resource Name (ARN) of the SAML provider resource object in IAM to get information about. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.
1783 */
1784 SAMLProviderArn: arnType;
1785 }
1786 export interface GetSAMLProviderResponse {
1787 /**
1788 * The XML metadata document that includes information about an identity provider.
1789 */
1790 SAMLMetadataDocument?: SAMLMetadataDocumentType;
1791 /**
1792 * The date and time when the SAML provider was created.
1793 */
1794 CreateDate?: dateType;
1795 /**
1796 * The expiration date and time for the SAML provider.
1797 */
1798 ValidUntil?: dateType;
1799 }
1800 export interface GetSSHPublicKeyRequest {
1801 /**
1802 * The name of the IAM user associated with the SSH public key. The regex pattern for this parameter is a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
1803 */
1804 UserName: userNameType;
1805 /**
1806 * The unique identifier for the SSH public key. The regex pattern for this parameter is a string of characters that can consist of any upper or lowercased letter or digit.
1807 */
1808 SSHPublicKeyId: publicKeyIdType;
1809 /**
1810 * Specifies the public key encoding format to use in the response. To retrieve the public key in ssh-rsa format, use SSH. To retrieve the public key in PEM format, use PEM.
1811 */
1812 Encoding: encodingType;
1813 }
1814 export interface GetSSHPublicKeyResponse {
1815 /**
1816 * A structure containing details about the SSH public key.
1817 */
1818 SSHPublicKey?: SSHPublicKey;
1819 }
1820 export interface GetServerCertificateRequest {
1821 /**
1822 * The name of the server certificate you want to retrieve information about. The regex pattern for this parameter is a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
1823 */
1824 ServerCertificateName: serverCertificateNameType;
1825 }
1826 export interface GetServerCertificateResponse {
1827 /**
1828 * A structure containing details about the server certificate.
1829 */
1830 ServerCertificate: ServerCertificate;
1831 }
1832 export interface GetUserPolicyRequest {
1833 /**
1834 * The name of the user who the policy is associated with. The regex pattern for this parameter is a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
1835 */
1836 UserName: existingUserNameType;
1837 /**
1838 * The name of the policy document to get. The regex pattern for this parameter is a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
1839 */
1840 PolicyName: policyNameType;
1841 }
1842 export interface GetUserPolicyResponse {
1843 /**
1844 * The user the policy is associated with.
1845 */
1846 UserName: existingUserNameType;
1847 /**
1848 * The name of the policy.
1849 */
1850 PolicyName: policyNameType;
1851 /**
1852 * The policy document.
1853 */
1854 PolicyDocument: policyDocumentType;
1855 }
1856 export interface GetUserRequest {
1857 /**
1858 * The name of the user to get information about. This parameter is optional. If it is not included, it defaults to the user making the request. The regex pattern for this parameter is a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
1859 */
1860 UserName?: existingUserNameType;
1861 }
1862 export interface GetUserResponse {
1863 /**
1864 * A structure containing details about the IAM user.
1865 */
1866 User: User;
1867 }
1868 export interface Group {
1869 /**
1870 * The path to the group. For more information about paths, see IAM Identifiers in the Using IAM guide.
1871 */
1872 Path: pathType;
1873 /**
1874 * The friendly name that identifies the group.
1875 */
1876 GroupName: groupNameType;
1877 /**
1878 * The stable and unique string identifying the group. For more information about IDs, see IAM Identifiers in the Using IAM guide.
1879 */
1880 GroupId: idType;
1881 /**
1882 * The Amazon Resource Name (ARN) specifying the group. For more information about ARNs and how to use them in policies, see IAM Identifiers in the Using IAM guide.
1883 */
1884 Arn: arnType;
1885 /**
1886 * The date and time, in ISO 8601 date-time format, when the group was created.
1887 */
1888 CreateDate: dateType;
1889 }
1890 export interface GroupDetail {
1891 /**
1892 * The path to the group. For more information about paths, see IAM Identifiers in the Using IAM guide.
1893 */
1894 Path?: pathType;
1895 /**
1896 * The friendly name that identifies the group.
1897 */
1898 GroupName?: groupNameType;
1899 /**
1900 * The stable and unique string identifying the group. For more information about IDs, see IAM Identifiers in the Using IAM guide.
1901 */
1902 GroupId?: idType;
1903 Arn?: arnType;
1904 /**
1905 * The date and time, in ISO 8601 date-time format, when the group was created.
1906 */
1907 CreateDate?: dateType;
1908 /**
1909 * A list of the inline policies embedded in the group.
1910 */
1911 GroupPolicyList?: policyDetailListType;
1912 /**
1913 * A list of the managed policies attached to the group.
1914 */
1915 AttachedManagedPolicies?: attachedPoliciesListType;
1916 }
1917 export interface InstanceProfile {
1918 /**
1919 * The path to the instance profile. For more information about paths, see IAM Identifiers in the Using IAM guide.
1920 */
1921 Path: pathType;
1922 /**
1923 * The name identifying the instance profile.
1924 */
1925 InstanceProfileName: instanceProfileNameType;
1926 /**
1927 * The stable and unique string identifying the instance profile. For more information about IDs, see IAM Identifiers in the Using IAM guide.
1928 */
1929 InstanceProfileId: idType;
1930 /**
1931 * The Amazon Resource Name (ARN) specifying the instance profile. For more information about ARNs and how to use them in policies, see IAM Identifiers in the Using IAM guide.
1932 */
1933 Arn: arnType;
1934 /**
1935 * The date when the instance profile was created.
1936 */
1937 CreateDate: dateType;
1938 /**
1939 * The role associated with the instance profile.
1940 */
1941 Roles: roleListType;
1942 }
1943 export type LineNumber = number;
1944 export interface ListAccessKeysRequest {
1945 /**
1946 * The name of the user. The regex pattern for this parameter is a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
1947 */
1948 UserName?: existingUserNameType;
1949 /**
1950 * Use this parameter only when paginating results and only after you receive a response indicating that the results are truncated. Set it to the value of the Marker element in the response that you received to indicate where the next call should start.
1951 */
1952 Marker?: markerType;
1953 /**
1954 * Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the IsTruncated response element is true. This parameter is optional. If you do not include it, it defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true and Marker contains a value to include in the subsequent call that tells the service where to continue from.
1955 */
1956 MaxItems?: maxItemsType;
1957 }
1958 export interface ListAccessKeysResponse {
1959 /**
1960 * A list of objects containing metadata about the access keys.
1961 */
1962 AccessKeyMetadata: accessKeyMetadataListType;
1963 /**
1964 * A flag that indicates whether there are more items to return. If your results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items. Note that IAM might return fewer than the MaxItems number of results even when there are more results available. We recommend that you check IsTruncated after every call to ensure that you receive all of your results.
1965 */
1966 IsTruncated?: booleanType;
1967 /**
1968 * When IsTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent pagination request.
1969 */
1970 Marker?: markerType;
1971 }
1972 export interface ListAccountAliasesRequest {
1973 /**
1974 * Use this parameter only when paginating results and only after you receive a response indicating that the results are truncated. Set it to the value of the Marker element in the response that you received to indicate where the next call should start.
1975 */
1976 Marker?: markerType;
1977 /**
1978 * Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the IsTruncated response element is true. This parameter is optional. If you do not include it, it defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true and Marker contains a value to include in the subsequent call that tells the service where to continue from.
1979 */
1980 MaxItems?: maxItemsType;
1981 }
1982 export interface ListAccountAliasesResponse {
1983 /**
1984 * A list of aliases associated with the account. AWS supports only one alias per account.
1985 */
1986 AccountAliases: accountAliasListType;
1987 /**
1988 * A flag that indicates whether there are more items to return. If your results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items. Note that IAM might return fewer than the MaxItems number of results even when there are more results available. We recommend that you check IsTruncated after every call to ensure that you receive all of your results.
1989 */
1990 IsTruncated?: booleanType;
1991 /**
1992 * When IsTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent pagination request.
1993 */
1994 Marker?: markerType;
1995 }
1996 export interface ListAttachedGroupPoliciesRequest {
1997 /**
1998 * The name (friendly name, not ARN) of the group to list attached policies for. The regex pattern for this parameter is a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
1999 */
2000 GroupName: groupNameType;
2001 /**
2002 * The path prefix for filtering the results. This parameter is optional. If it is not included, it defaults to a slash (/), listing all policies. The regex pattern for this parameter is a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes, containing any ASCII character from the ! (\u0021) thru the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.
2003 */
2004 PathPrefix?: policyPathType;
2005 /**
2006 * Use this parameter only when paginating results and only after you receive a response indicating that the results are truncated. Set it to the value of the Marker element in the response that you received to indicate where the next call should start.
2007 */
2008 Marker?: markerType;
2009 /**
2010 * Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the IsTruncated response element is true. This parameter is optional. If you do not include it, it defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true and Marker contains a value to include in the subsequent call that tells the service where to continue from.
2011 */
2012 MaxItems?: maxItemsType;
2013 }
2014 export interface ListAttachedGroupPoliciesResponse {
2015 /**
2016 * A list of the attached policies.
2017 */
2018 AttachedPolicies?: attachedPoliciesListType;
2019 /**
2020 * A flag that indicates whether there are more items to return. If your results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items. Note that IAM might return fewer than the MaxItems number of results even when there are more results available. We recommend that you check IsTruncated after every call to ensure that you receive all of your results.
2021 */
2022 IsTruncated?: booleanType;
2023 /**
2024 * When IsTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent pagination request.
2025 */
2026 Marker?: markerType;
2027 }
2028 export interface ListAttachedRolePoliciesRequest {
2029 /**
2030 * The name (friendly name, not ARN) of the role to list attached policies for. The regex pattern for this parameter is a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
2031 */
2032 RoleName: roleNameType;
2033 /**
2034 * The path prefix for filtering the results. This parameter is optional. If it is not included, it defaults to a slash (/), listing all policies. The regex pattern for this parameter is a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes, containing any ASCII character from the ! (\u0021) thru the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.
2035 */
2036 PathPrefix?: policyPathType;
2037 /**
2038 * Use this parameter only when paginating results and only after you receive a response indicating that the results are truncated. Set it to the value of the Marker element in the response that you received to indicate where the next call should start.
2039 */
2040 Marker?: markerType;
2041 /**
2042 * Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the IsTruncated response element is true. This parameter is optional. If you do not include it, it defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true and Marker contains a value to include in the subsequent call that tells the service where to continue from.
2043 */
2044 MaxItems?: maxItemsType;
2045 }
2046 export interface ListAttachedRolePoliciesResponse {
2047 /**
2048 * A list of the attached policies.
2049 */
2050 AttachedPolicies?: attachedPoliciesListType;
2051 /**
2052 * A flag that indicates whether there are more items to return. If your results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items. Note that IAM might return fewer than the MaxItems number of results even when there are more results available. We recommend that you check IsTruncated after every call to ensure that you receive all of your results.
2053 */
2054 IsTruncated?: booleanType;
2055 /**
2056 * When IsTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent pagination request.
2057 */
2058 Marker?: markerType;
2059 }
2060 export interface ListAttachedUserPoliciesRequest {
2061 /**
2062 * The name (friendly name, not ARN) of the user to list attached policies for. The regex pattern for this parameter is a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
2063 */
2064 UserName: userNameType;
2065 /**
2066 * The path prefix for filtering the results. This parameter is optional. If it is not included, it defaults to a slash (/), listing all policies. The regex pattern for this parameter is a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes, containing any ASCII character from the ! (\u0021) thru the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.
2067 */
2068 PathPrefix?: policyPathType;
2069 /**
2070 * Use this parameter only when paginating results and only after you receive a response indicating that the results are truncated. Set it to the value of the Marker element in the response that you received to indicate where the next call should start.
2071 */
2072 Marker?: markerType;
2073 /**
2074 * Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the IsTruncated response element is true. This parameter is optional. If you do not include it, it defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true and Marker contains a value to include in the subsequent call that tells the service where to continue from.
2075 */
2076 MaxItems?: maxItemsType;
2077 }
2078 export interface ListAttachedUserPoliciesResponse {
2079 /**
2080 * A list of the attached policies.
2081 */
2082 AttachedPolicies?: attachedPoliciesListType;
2083 /**
2084 * A flag that indicates whether there are more items to return. If your results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items. Note that IAM might return fewer than the MaxItems number of results even when there are more results available. We recommend that you check IsTruncated after every call to ensure that you receive all of your results.
2085 */
2086 IsTruncated?: booleanType;
2087 /**
2088 * When IsTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent pagination request.
2089 */
2090 Marker?: markerType;
2091 }
2092 export interface ListEntitiesForPolicyRequest {
2093 /**
2094 * The Amazon Resource Name (ARN) of the IAM policy for which you want the versions. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.
2095 */
2096 PolicyArn: arnType;
2097 /**
2098 * The entity type to use for filtering the results. For example, when EntityFilter is Role, only the roles that are attached to the specified policy are returned. This parameter is optional. If it is not included, all attached entities (users, groups, and roles) are returned. The argument for this parameter must be one of the valid values listed below.
2099 */
2100 EntityFilter?: EntityType;
2101 /**
2102 * The path prefix for filtering the results. This parameter is optional. If it is not included, it defaults to a slash (/), listing all entities. The regex pattern for this parameter is a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes, containing any ASCII character from the ! (\u0021) thru the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.
2103 */
2104 PathPrefix?: pathType;
2105 /**
2106 * Use this parameter only when paginating results and only after you receive a response indicating that the results are truncated. Set it to the value of the Marker element in the response that you received to indicate where the next call should start.
2107 */
2108 Marker?: markerType;
2109 /**
2110 * Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the IsTruncated response element is true. This parameter is optional. If you do not include it, it defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true and Marker contains a value to include in the subsequent call that tells the service where to continue from.
2111 */
2112 MaxItems?: maxItemsType;
2113 }
2114 export interface ListEntitiesForPolicyResponse {
2115 /**
2116 * A list of IAM groups that the policy is attached to.
2117 */
2118 PolicyGroups?: PolicyGroupListType;
2119 /**
2120 * A list of IAM users that the policy is attached to.
2121 */
2122 PolicyUsers?: PolicyUserListType;
2123 /**
2124 * A list of IAM roles that the policy is attached to.
2125 */
2126 PolicyRoles?: PolicyRoleListType;
2127 /**
2128 * A flag that indicates whether there are more items to return. If your results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items. Note that IAM might return fewer than the MaxItems number of results even when there are more results available. We recommend that you check IsTruncated after every call to ensure that you receive all of your results.
2129 */
2130 IsTruncated?: booleanType;
2131 /**
2132 * When IsTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent pagination request.
2133 */
2134 Marker?: markerType;
2135 }
2136 export interface ListGroupPoliciesRequest {
2137 /**
2138 * The name of the group to list policies for. The regex pattern for this parameter is a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
2139 */
2140 GroupName: groupNameType;
2141 /**
2142 * Use this parameter only when paginating results and only after you receive a response indicating that the results are truncated. Set it to the value of the Marker element in the response that you received to indicate where the next call should start.
2143 */
2144 Marker?: markerType;
2145 /**
2146 * Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the IsTruncated response element is true. This parameter is optional. If you do not include it, it defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true and Marker contains a value to include in the subsequent call that tells the service where to continue from.
2147 */
2148 MaxItems?: maxItemsType;
2149 }
2150 export interface ListGroupPoliciesResponse {
2151 /**
2152 * A list of policy names.
2153 */
2154 PolicyNames: policyNameListType;
2155 /**
2156 * A flag that indicates whether there are more items to return. If your results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items. Note that IAM might return fewer than the MaxItems number of results even when there are more results available. We recommend that you check IsTruncated after every call to ensure that you receive all of your results.
2157 */
2158 IsTruncated?: booleanType;
2159 /**
2160 * When IsTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent pagination request.
2161 */
2162 Marker?: markerType;
2163 }
2164 export interface ListGroupsForUserRequest {
2165 /**
2166 * The name of the user to list groups for. The regex pattern for this parameter is a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
2167 */
2168 UserName: existingUserNameType;
2169 /**
2170 * Use this parameter only when paginating results and only after you receive a response indicating that the results are truncated. Set it to the value of the Marker element in the response that you received to indicate where the next call should start.
2171 */
2172 Marker?: markerType;
2173 /**
2174 * Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the IsTruncated response element is true. This parameter is optional. If you do not include it, it defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true and Marker contains a value to include in the subsequent call that tells the service where to continue from.
2175 */
2176 MaxItems?: maxItemsType;
2177 }
2178 export interface ListGroupsForUserResponse {
2179 /**
2180 * A list of groups.
2181 */
2182 Groups: groupListType;
2183 /**
2184 * A flag that indicates whether there are more items to return. If your results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items. Note that IAM might return fewer than the MaxItems number of results even when there are more results available. We recommend that you check IsTruncated after every call to ensure that you receive all of your results.
2185 */
2186 IsTruncated?: booleanType;
2187 /**
2188 * When IsTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent pagination request.
2189 */
2190 Marker?: markerType;
2191 }
2192 export interface ListGroupsRequest {
2193 /**
2194 * The path prefix for filtering the results. For example, the prefix /division_abc/subdivision_xyz/ gets all groups whose path starts with /division_abc/subdivision_xyz/. This parameter is optional. If it is not included, it defaults to a slash (/), listing all groups. The regex pattern for this parameter is a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes, containing any ASCII character from the ! (\u0021) thru the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.
2195 */
2196 PathPrefix?: pathPrefixType;
2197 /**
2198 * Use this parameter only when paginating results and only after you receive a response indicating that the results are truncated. Set it to the value of the Marker element in the response that you received to indicate where the next call should start.
2199 */
2200 Marker?: markerType;
2201 /**
2202 * Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the IsTruncated response element is true. This parameter is optional. If you do not include it, it defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true and Marker contains a value to include in the subsequent call that tells the service where to continue from.
2203 */
2204 MaxItems?: maxItemsType;
2205 }
2206 export interface ListGroupsResponse {
2207 /**
2208 * A list of groups.
2209 */
2210 Groups: groupListType;
2211 /**
2212 * A flag that indicates whether there are more items to return. If your results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items. Note that IAM might return fewer than the MaxItems number of results even when there are more results available. We recommend that you check IsTruncated after every call to ensure that you receive all of your results.
2213 */
2214 IsTruncated?: booleanType;
2215 /**
2216 * When IsTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent pagination request.
2217 */
2218 Marker?: markerType;
2219 }
2220 export interface ListInstanceProfilesForRoleRequest {
2221 /**
2222 * The name of the role to list instance profiles for. The regex pattern for this parameter is a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
2223 */
2224 RoleName: roleNameType;
2225 /**
2226 * Use this parameter only when paginating results and only after you receive a response indicating that the results are truncated. Set it to the value of the Marker element in the response that you received to indicate where the next call should start.
2227 */
2228 Marker?: markerType;
2229 /**
2230 * Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the IsTruncated response element is true. This parameter is optional. If you do not include it, it defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true and Marker contains a value to include in the subsequent call that tells the service where to continue from.
2231 */
2232 MaxItems?: maxItemsType;
2233 }
2234 export interface ListInstanceProfilesForRoleResponse {
2235 /**
2236 * A list of instance profiles.
2237 */
2238 InstanceProfiles: instanceProfileListType;
2239 /**
2240 * A flag that indicates whether there are more items to return. If your results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items. Note that IAM might return fewer than the MaxItems number of results even when there are more results available. We recommend that you check IsTruncated after every call to ensure that you receive all of your results.
2241 */
2242 IsTruncated?: booleanType;
2243 /**
2244 * When IsTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent pagination request.
2245 */
2246 Marker?: markerType;
2247 }
2248 export interface ListInstanceProfilesRequest {
2249 /**
2250 * The path prefix for filtering the results. For example, the prefix /application_abc/component_xyz/ gets all instance profiles whose path starts with /application_abc/component_xyz/. This parameter is optional. If it is not included, it defaults to a slash (/), listing all instance profiles. The regex pattern for this parameter is a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes, containing any ASCII character from the ! (\u0021) thru the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.
2251 */
2252 PathPrefix?: pathPrefixType;
2253 /**
2254 * Use this parameter only when paginating results and only after you receive a response indicating that the results are truncated. Set it to the value of the Marker element in the response that you received to indicate where the next call should start.
2255 */
2256 Marker?: markerType;
2257 /**
2258 * Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the IsTruncated response element is true. This parameter is optional. If you do not include it, it defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true and Marker contains a value to include in the subsequent call that tells the service where to continue from.
2259 */
2260 MaxItems?: maxItemsType;
2261 }
2262 export interface ListInstanceProfilesResponse {
2263 /**
2264 * A list of instance profiles.
2265 */
2266 InstanceProfiles: instanceProfileListType;
2267 /**
2268 * A flag that indicates whether there are more items to return. If your results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items. Note that IAM might return fewer than the MaxItems number of results even when there are more results available. We recommend that you check IsTruncated after every call to ensure that you receive all of your results.
2269 */
2270 IsTruncated?: booleanType;
2271 /**
2272 * When IsTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent pagination request.
2273 */
2274 Marker?: markerType;
2275 }
2276 export interface ListMFADevicesRequest {
2277 /**
2278 * The name of the user whose MFA devices you want to list. The regex pattern for this parameter is a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
2279 */
2280 UserName?: existingUserNameType;
2281 /**
2282 * Use this parameter only when paginating results and only after you receive a response indicating that the results are truncated. Set it to the value of the Marker element in the response that you received to indicate where the next call should start.
2283 */
2284 Marker?: markerType;
2285 /**
2286 * Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the IsTruncated response element is true. This parameter is optional. If you do not include it, it defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true and Marker contains a value to include in the subsequent call that tells the service where to continue from.
2287 */
2288 MaxItems?: maxItemsType;
2289 }
2290 export interface ListMFADevicesResponse {
2291 /**
2292 * A list of MFA devices.
2293 */
2294 MFADevices: mfaDeviceListType;
2295 /**
2296 * A flag that indicates whether there are more items to return. If your results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items. Note that IAM might return fewer than the MaxItems number of results even when there are more results available. We recommend that you check IsTruncated after every call to ensure that you receive all of your results.
2297 */
2298 IsTruncated?: booleanType;
2299 /**
2300 * When IsTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent pagination request.
2301 */
2302 Marker?: markerType;
2303 }
2304 export interface ListOpenIDConnectProvidersRequest {
2305 }
2306 export interface ListOpenIDConnectProvidersResponse {
2307 /**
2308 * The list of IAM OIDC provider resource objects defined in the AWS account.
2309 */
2310 OpenIDConnectProviderList?: OpenIDConnectProviderListType;
2311 }
2312 export interface ListPoliciesRequest {
2313 /**
2314 * The scope to use for filtering the results. To list only AWS managed policies, set Scope to AWS. To list only the customer managed policies in your AWS account, set Scope to Local. This parameter is optional. If it is not included, or if it is set to All, all policies are returned.
2315 */
2316 Scope?: policyScopeType;
2317 /**
2318 * A flag to filter the results to only the attached policies. When OnlyAttached is true, the returned list contains only the policies that are attached to an IAM user, group, or role. When OnlyAttached is false, or when the parameter is not included, all policies are returned.
2319 */
2320 OnlyAttached?: booleanType;
2321 /**
2322 * The path prefix for filtering the results. This parameter is optional. If it is not included, it defaults to a slash (/), listing all policies. The regex pattern for this parameter is a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes, containing any ASCII character from the ! (\u0021) thru the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.
2323 */
2324 PathPrefix?: policyPathType;
2325 /**
2326 * Use this parameter only when paginating results and only after you receive a response indicating that the results are truncated. Set it to the value of the Marker element in the response that you received to indicate where the next call should start.
2327 */
2328 Marker?: markerType;
2329 /**
2330 * Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the IsTruncated response element is true. This parameter is optional. If you do not include it, it defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true and Marker contains a value to include in the subsequent call that tells the service where to continue from.
2331 */
2332 MaxItems?: maxItemsType;
2333 }
2334 export interface ListPoliciesResponse {
2335 /**
2336 * A list of policies.
2337 */
2338 Policies?: policyListType;
2339 /**
2340 * A flag that indicates whether there are more items to return. If your results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items. Note that IAM might return fewer than the MaxItems number of results even when there are more results available. We recommend that you check IsTruncated after every call to ensure that you receive all of your results.
2341 */
2342 IsTruncated?: booleanType;
2343 /**
2344 * When IsTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent pagination request.
2345 */
2346 Marker?: markerType;
2347 }
2348 export interface ListPolicyVersionsRequest {
2349 /**
2350 * The Amazon Resource Name (ARN) of the IAM policy for which you want the versions. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.
2351 */
2352 PolicyArn: arnType;
2353 /**
2354 * Use this parameter only when paginating results and only after you receive a response indicating that the results are truncated. Set it to the value of the Marker element in the response that you received to indicate where the next call should start.
2355 */
2356 Marker?: markerType;
2357 /**
2358 * Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the IsTruncated response element is true. This parameter is optional. If you do not include it, it defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true and Marker contains a value to include in the subsequent call that tells the service where to continue from.
2359 */
2360 MaxItems?: maxItemsType;
2361 }
2362 export interface ListPolicyVersionsResponse {
2363 /**
2364 * A list of policy versions. For more information about managed policy versions, see Versioning for Managed Policies in the IAM User Guide.
2365 */
2366 Versions?: policyDocumentVersionListType;
2367 /**
2368 * A flag that indicates whether there are more items to return. If your results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items. Note that IAM might return fewer than the MaxItems number of results even when there are more results available. We recommend that you check IsTruncated after every call to ensure that you receive all of your results.
2369 */
2370 IsTruncated?: booleanType;
2371 /**
2372 * When IsTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent pagination request.
2373 */
2374 Marker?: markerType;
2375 }
2376 export interface ListRolePoliciesRequest {
2377 /**
2378 * The name of the role to list policies for. The regex pattern for this parameter is a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
2379 */
2380 RoleName: roleNameType;
2381 /**
2382 * Use this parameter only when paginating results and only after you receive a response indicating that the results are truncated. Set it to the value of the Marker element in the response that you received to indicate where the next call should start.
2383 */
2384 Marker?: markerType;
2385 /**
2386 * Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the IsTruncated response element is true. This parameter is optional. If you do not include it, it defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true and Marker contains a value to include in the subsequent call that tells the service where to continue from.
2387 */
2388 MaxItems?: maxItemsType;
2389 }
2390 export interface ListRolePoliciesResponse {
2391 /**
2392 * A list of policy names.
2393 */
2394 PolicyNames: policyNameListType;
2395 /**
2396 * A flag that indicates whether there are more items to return. If your results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items. Note that IAM might return fewer than the MaxItems number of results even when there are more results available. We recommend that you check IsTruncated after every call to ensure that you receive all of your results.
2397 */
2398 IsTruncated?: booleanType;
2399 /**
2400 * When IsTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent pagination request.
2401 */
2402 Marker?: markerType;
2403 }
2404 export interface ListRolesRequest {
2405 /**
2406 * The path prefix for filtering the results. For example, the prefix /application_abc/component_xyz/ gets all roles whose path starts with /application_abc/component_xyz/. This parameter is optional. If it is not included, it defaults to a slash (/), listing all roles. The regex pattern for this parameter is a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes, containing any ASCII character from the ! (\u0021) thru the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.
2407 */
2408 PathPrefix?: pathPrefixType;
2409 /**
2410 * Use this parameter only when paginating results and only after you receive a response indicating that the results are truncated. Set it to the value of the Marker element in the response that you received to indicate where the next call should start.
2411 */
2412 Marker?: markerType;
2413 /**
2414 * Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the IsTruncated response element is true. This parameter is optional. If you do not include it, it defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true and Marker contains a value to include in the subsequent call that tells the service where to continue from.
2415 */
2416 MaxItems?: maxItemsType;
2417 }
2418 export interface ListRolesResponse {
2419 /**
2420 * A list of roles.
2421 */
2422 Roles: roleListType;
2423 /**
2424 * A flag that indicates whether there are more items to return. If your results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items. Note that IAM might return fewer than the MaxItems number of results even when there are more results available. We recommend that you check IsTruncated after every call to ensure that you receive all of your results.
2425 */
2426 IsTruncated?: booleanType;
2427 /**
2428 * When IsTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent pagination request.
2429 */
2430 Marker?: markerType;
2431 }
2432 export interface ListSAMLProvidersRequest {
2433 }
2434 export interface ListSAMLProvidersResponse {
2435 /**
2436 * The list of SAML provider resource objects defined in IAM for this AWS account.
2437 */
2438 SAMLProviderList?: SAMLProviderListType;
2439 }
2440 export interface ListSSHPublicKeysRequest {
2441 /**
2442 * The name of the IAM user to list SSH public keys for. If none is specified, the UserName field is determined implicitly based on the AWS access key used to sign the request. The regex pattern for this parameter is a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
2443 */
2444 UserName?: userNameType;
2445 /**
2446 * Use this parameter only when paginating results and only after you receive a response indicating that the results are truncated. Set it to the value of the Marker element in the response that you received to indicate where the next call should start.
2447 */
2448 Marker?: markerType;
2449 /**
2450 * Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the IsTruncated response element is true. This parameter is optional. If you do not include it, it defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true and Marker contains a value to include in the subsequent call that tells the service where to continue from.
2451 */
2452 MaxItems?: maxItemsType;
2453 }
2454 export interface ListSSHPublicKeysResponse {
2455 /**
2456 * A list of the SSH public keys assigned to IAM user.
2457 */
2458 SSHPublicKeys?: SSHPublicKeyListType;
2459 /**
2460 * A flag that indicates whether there are more items to return. If your results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items. Note that IAM might return fewer than the MaxItems number of results even when there are more results available. We recommend that you check IsTruncated after every call to ensure that you receive all of your results.
2461 */
2462 IsTruncated?: booleanType;
2463 /**
2464 * When IsTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent pagination request.
2465 */
2466 Marker?: markerType;
2467 }
2468 export interface ListServerCertificatesRequest {
2469 /**
2470 * The path prefix for filtering the results. For example: /company/servercerts would get all server certificates for which the path starts with /company/servercerts. This parameter is optional. If it is not included, it defaults to a slash (/), listing all server certificates. The regex pattern for this parameter is a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes, containing any ASCII character from the ! (\u0021) thru the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.
2471 */
2472 PathPrefix?: pathPrefixType;
2473 /**
2474 * Use this parameter only when paginating results and only after you receive a response indicating that the results are truncated. Set it to the value of the Marker element in the response that you received to indicate where the next call should start.
2475 */
2476 Marker?: markerType;
2477 /**
2478 * Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the IsTruncated response element is true. This parameter is optional. If you do not include it, it defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true and Marker contains a value to include in the subsequent call that tells the service where to continue from.
2479 */
2480 MaxItems?: maxItemsType;
2481 }
2482 export interface ListServerCertificatesResponse {
2483 /**
2484 * A list of server certificates.
2485 */
2486 ServerCertificateMetadataList: serverCertificateMetadataListType;
2487 /**
2488 * A flag that indicates whether there are more items to return. If your results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items. Note that IAM might return fewer than the MaxItems number of results even when there are more results available. We recommend that you check IsTruncated after every call to ensure that you receive all of your results.
2489 */
2490 IsTruncated?: booleanType;
2491 /**
2492 * When IsTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent pagination request.
2493 */
2494 Marker?: markerType;
2495 }
2496 export interface ListSigningCertificatesRequest {
2497 /**
2498 * The name of the IAM user whose signing certificates you want to examine. The regex pattern for this parameter is a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
2499 */
2500 UserName?: existingUserNameType;
2501 /**
2502 * Use this parameter only when paginating results and only after you receive a response indicating that the results are truncated. Set it to the value of the Marker element in the response that you received to indicate where the next call should start.
2503 */
2504 Marker?: markerType;
2505 /**
2506 * Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the IsTruncated response element is true. This parameter is optional. If you do not include it, it defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true and Marker contains a value to include in the subsequent call that tells the service where to continue from.
2507 */
2508 MaxItems?: maxItemsType;
2509 }
2510 export interface ListSigningCertificatesResponse {
2511 /**
2512 * A list of the user's signing certificate information.
2513 */
2514 Certificates: certificateListType;
2515 /**
2516 * A flag that indicates whether there are more items to return. If your results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items. Note that IAM might return fewer than the MaxItems number of results even when there are more results available. We recommend that you check IsTruncated after every call to ensure that you receive all of your results.
2517 */
2518 IsTruncated?: booleanType;
2519 /**
2520 * When IsTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent pagination request.
2521 */
2522 Marker?: markerType;
2523 }
2524 export interface ListUserPoliciesRequest {
2525 /**
2526 * The name of the user to list policies for. The regex pattern for this parameter is a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
2527 */
2528 UserName: existingUserNameType;
2529 /**
2530 * Use this parameter only when paginating results and only after you receive a response indicating that the results are truncated. Set it to the value of the Marker element in the response that you received to indicate where the next call should start.
2531 */
2532 Marker?: markerType;
2533 /**
2534 * Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the IsTruncated response element is true. This parameter is optional. If you do not include it, it defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true and Marker contains a value to include in the subsequent call that tells the service where to continue from.
2535 */
2536 MaxItems?: maxItemsType;
2537 }
2538 export interface ListUserPoliciesResponse {
2539 /**
2540 * A list of policy names.
2541 */
2542 PolicyNames: policyNameListType;
2543 /**
2544 * A flag that indicates whether there are more items to return. If your results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items. Note that IAM might return fewer than the MaxItems number of results even when there are more results available. We recommend that you check IsTruncated after every call to ensure that you receive all of your results.
2545 */
2546 IsTruncated?: booleanType;
2547 /**
2548 * When IsTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent pagination request.
2549 */
2550 Marker?: markerType;
2551 }
2552 export interface ListUsersRequest {
2553 /**
2554 * The path prefix for filtering the results. For example: /division_abc/subdivision_xyz/, which would get all user names whose path starts with /division_abc/subdivision_xyz/. This parameter is optional. If it is not included, it defaults to a slash (/), listing all user names. The regex pattern for this parameter is a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes, containing any ASCII character from the ! (\u0021) thru the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.
2555 */
2556 PathPrefix?: pathPrefixType;
2557 /**
2558 * Use this parameter only when paginating results and only after you receive a response indicating that the results are truncated. Set it to the value of the Marker element in the response that you received to indicate where the next call should start.
2559 */
2560 Marker?: markerType;
2561 /**
2562 * Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the IsTruncated response element is true. This parameter is optional. If you do not include it, it defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true and Marker contains a value to include in the subsequent call that tells the service where to continue from.
2563 */
2564 MaxItems?: maxItemsType;
2565 }
2566 export interface ListUsersResponse {
2567 /**
2568 * A list of users.
2569 */
2570 Users: userListType;
2571 /**
2572 * A flag that indicates whether there are more items to return. If your results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items. Note that IAM might return fewer than the MaxItems number of results even when there are more results available. We recommend that you check IsTruncated after every call to ensure that you receive all of your results.
2573 */
2574 IsTruncated?: booleanType;
2575 /**
2576 * When IsTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent pagination request.
2577 */
2578 Marker?: markerType;
2579 }
2580 export interface ListVirtualMFADevicesRequest {
2581 /**
2582 * The status (Unassigned or Assigned) of the devices to list. If you do not specify an AssignmentStatus, the action defaults to Any which lists both assigned and unassigned virtual MFA devices.
2583 */
2584 AssignmentStatus?: assignmentStatusType;
2585 /**
2586 * Use this parameter only when paginating results and only after you receive a response indicating that the results are truncated. Set it to the value of the Marker element in the response that you received to indicate where the next call should start.
2587 */
2588 Marker?: markerType;
2589 /**
2590 * Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the IsTruncated response element is true. This parameter is optional. If you do not include it, it defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true and Marker contains a value to include in the subsequent call that tells the service where to continue from.
2591 */
2592 MaxItems?: maxItemsType;
2593 }
2594 export interface ListVirtualMFADevicesResponse {
2595 /**
2596 * The list of virtual MFA devices in the current account that match the AssignmentStatus value that was passed in the request.
2597 */
2598 VirtualMFADevices: virtualMFADeviceListType;
2599 /**
2600 * A flag that indicates whether there are more items to return. If your results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items. Note that IAM might return fewer than the MaxItems number of results even when there are more results available. We recommend that you check IsTruncated after every call to ensure that you receive all of your results.
2601 */
2602 IsTruncated?: booleanType;
2603 /**
2604 * When IsTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent pagination request.
2605 */
2606 Marker?: markerType;
2607 }
2608 export interface LoginProfile {
2609 /**
2610 * The name of the user, which can be used for signing in to the AWS Management Console.
2611 */
2612 UserName: userNameType;
2613 /**
2614 * The date when the password for the user was created.
2615 */
2616 CreateDate: dateType;
2617 /**
2618 * Specifies whether the user is required to set a new password on next sign-in.
2619 */
2620 PasswordResetRequired?: booleanType;
2621 }
2622 export interface MFADevice {
2623 /**
2624 * The user with whom the MFA device is associated.
2625 */
2626 UserName: userNameType;
2627 /**
2628 * The serial number that uniquely identifies the MFA device. For virtual MFA devices, the serial number is the device ARN.
2629 */
2630 SerialNumber: serialNumberType;
2631 /**
2632 * The date when the MFA device was enabled for the user.
2633 */
2634 EnableDate: dateType;
2635 }
2636 export interface ManagedPolicyDetail {
2637 /**
2638 * The friendly name (not ARN) identifying the policy.
2639 */
2640 PolicyName?: policyNameType;
2641 /**
2642 * The stable and unique string identifying the policy. For more information about IDs, see IAM Identifiers in the Using IAM guide.
2643 */
2644 PolicyId?: idType;
2645 Arn?: arnType;
2646 /**
2647 * The path to the policy. For more information about paths, see IAM Identifiers in the Using IAM guide.
2648 */
2649 Path?: policyPathType;
2650 /**
2651 * The identifier for the version of the policy that is set as the default (operative) version. For more information about policy versions, see Versioning for Managed Policies in the Using IAM guide.
2652 */
2653 DefaultVersionId?: policyVersionIdType;
2654 /**
2655 * The number of principal entities (users, groups, and roles) that the policy is attached to.
2656 */
2657 AttachmentCount?: attachmentCountType;
2658 /**
2659 * Specifies whether the policy can be attached to an IAM user, group, or role.
2660 */
2661 IsAttachable?: booleanType;
2662 /**
2663 * A friendly description of the policy.
2664 */
2665 Description?: policyDescriptionType;
2666 /**
2667 * The date and time, in ISO 8601 date-time format, when the policy was created.
2668 */
2669 CreateDate?: dateType;
2670 /**
2671 * The date and time, in ISO 8601 date-time format, when the policy was last updated. When a policy has only one version, this field contains the date and time when the policy was created. When a policy has more than one version, this field contains the date and time when the most recent policy version was created.
2672 */
2673 UpdateDate?: dateType;
2674 /**
2675 * A list containing information about the versions of the policy.
2676 */
2677 PolicyVersionList?: policyDocumentVersionListType;
2678 }
2679 export type ManagedPolicyDetailListType = ManagedPolicyDetail[];
2680 export interface OpenIDConnectProviderListEntry {
2681 Arn?: arnType;
2682 }
2683 export type OpenIDConnectProviderListType = OpenIDConnectProviderListEntry[];
2684 export type OpenIDConnectProviderUrlType = string;
2685 export interface PasswordPolicy {
2686 /**
2687 * Minimum length to require for IAM user passwords.
2688 */
2689 MinimumPasswordLength?: minimumPasswordLengthType;
2690 /**
2691 * Specifies whether to require symbols for IAM user passwords.
2692 */
2693 RequireSymbols?: booleanType;
2694 /**
2695 * Specifies whether to require numbers for IAM user passwords.
2696 */
2697 RequireNumbers?: booleanType;
2698 /**
2699 * Specifies whether to require uppercase characters for IAM user passwords.
2700 */
2701 RequireUppercaseCharacters?: booleanType;
2702 /**
2703 * Specifies whether to require lowercase characters for IAM user passwords.
2704 */
2705 RequireLowercaseCharacters?: booleanType;
2706 /**
2707 * Specifies whether IAM users are allowed to change their own password.
2708 */
2709 AllowUsersToChangePassword?: booleanType;
2710 /**
2711 * Indicates whether passwords in the account expire. Returns true if MaxPasswordAge is contains a value greater than 0. Returns false if MaxPasswordAge is 0 or not present.
2712 */
2713 ExpirePasswords?: booleanType;
2714 /**
2715 * The number of days that an IAM user password is valid.
2716 */
2717 MaxPasswordAge?: maxPasswordAgeType;
2718 /**
2719 * Specifies the number of previous passwords that IAM users are prevented from reusing.
2720 */
2721 PasswordReusePrevention?: passwordReusePreventionType;
2722 /**
2723 * Specifies whether IAM users are prevented from setting a new password after their password has expired.
2724 */
2725 HardExpiry?: booleanObjectType;
2726 }
2727 export interface Policy {
2728 /**
2729 * The friendly name (not ARN) identifying the policy.
2730 */
2731 PolicyName?: policyNameType;
2732 /**
2733 * The stable and unique string identifying the policy. For more information about IDs, see IAM Identifiers in the Using IAM guide.
2734 */
2735 PolicyId?: idType;
2736 Arn?: arnType;
2737 /**
2738 * The path to the policy. For more information about paths, see IAM Identifiers in the Using IAM guide.
2739 */
2740 Path?: policyPathType;
2741 /**
2742 * The identifier for the version of the policy that is set as the default version.
2743 */
2744 DefaultVersionId?: policyVersionIdType;
2745 /**
2746 * The number of entities (users, groups, and roles) that the policy is attached to.
2747 */
2748 AttachmentCount?: attachmentCountType;
2749 /**
2750 * Specifies whether the policy can be attached to an IAM user, group, or role.
2751 */
2752 IsAttachable?: booleanType;
2753 /**
2754 * A friendly description of the policy. This element is included in the response to the GetPolicy operation. It is not included in the response to the ListPolicies operation.
2755 */
2756 Description?: policyDescriptionType;
2757 /**
2758 * The date and time, in ISO 8601 date-time format, when the policy was created.
2759 */
2760 CreateDate?: dateType;
2761 /**
2762 * The date and time, in ISO 8601 date-time format, when the policy was last updated. When a policy has only one version, this field contains the date and time when the policy was created. When a policy has more than one version, this field contains the date and time when the most recent policy version was created.
2763 */
2764 UpdateDate?: dateType;
2765 }
2766 export interface PolicyDetail {
2767 /**
2768 * The name of the policy.
2769 */
2770 PolicyName?: policyNameType;
2771 /**
2772 * The policy document.
2773 */
2774 PolicyDocument?: policyDocumentType;
2775 }
2776 export type PolicyEvaluationDecisionType = "allowed"|"explicitDeny"|"implicitDeny"|string;
2777 export interface PolicyGroup {
2778 /**
2779 * The name (friendly name, not ARN) identifying the group.
2780 */
2781 GroupName?: groupNameType;
2782 /**
2783 * The stable and unique string identifying the group. For more information about IDs, see IAM Identifiers in the IAM User Guide.
2784 */
2785 GroupId?: idType;
2786 }
2787 export type PolicyGroupListType = PolicyGroup[];
2788 export type PolicyIdentifierType = string;
2789 export interface PolicyRole {
2790 /**
2791 * The name (friendly name, not ARN) identifying the role.
2792 */
2793 RoleName?: roleNameType;
2794 /**
2795 * The stable and unique string identifying the role. For more information about IDs, see IAM Identifiers in the IAM User Guide.
2796 */
2797 RoleId?: idType;
2798 }
2799 export type PolicyRoleListType = PolicyRole[];
2800 export type PolicySourceType = "user"|"group"|"role"|"aws-managed"|"user-managed"|"resource"|"none"|string;
2801 export interface PolicyUser {
2802 /**
2803 * The name (friendly name, not ARN) identifying the user.
2804 */
2805 UserName?: userNameType;
2806 /**
2807 * The stable and unique string identifying the user. For more information about IDs, see IAM Identifiers in the IAM User Guide.
2808 */
2809 UserId?: idType;
2810 }
2811 export type PolicyUserListType = PolicyUser[];
2812 export interface PolicyVersion {
2813 /**
2814 * The policy document. The policy document is returned in the response to the GetPolicyVersion and GetAccountAuthorizationDetails operations. It is not returned in the response to the CreatePolicyVersion or ListPolicyVersions operations.
2815 */
2816 Document?: policyDocumentType;
2817 /**
2818 * The identifier for the policy version. Policy version identifiers always begin with v (always lowercase). When a policy is created, the first policy version is v1.
2819 */
2820 VersionId?: policyVersionIdType;
2821 /**
2822 * Specifies whether the policy version is set as the policy's default version.
2823 */
2824 IsDefaultVersion?: booleanType;
2825 /**
2826 * The date and time, in ISO 8601 date-time format, when the policy version was created.
2827 */
2828 CreateDate?: dateType;
2829 }
2830 export interface Position {
2831 /**
2832 * The line containing the specified position in the document.
2833 */
2834 Line?: LineNumber;
2835 /**
2836 * The column in the line containing the specified position in the document.
2837 */
2838 Column?: ColumnNumber;
2839 }
2840 export interface PutGroupPolicyRequest {
2841 /**
2842 * The name of the group to associate the policy with. The regex pattern for this parameter is a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
2843 */
2844 GroupName: groupNameType;
2845 /**
2846 * The name of the policy document. The regex pattern for this parameter is a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
2847 */
2848 PolicyName: policyNameType;
2849 /**
2850 * The policy document. The regex pattern for this parameter is a string of characters consisting of any printable ASCII character ranging from the space character (\u0020) through end of the ASCII character range (\u00FF). It also includes the special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D).
2851 */
2852 PolicyDocument: policyDocumentType;
2853 }
2854 export interface PutRolePolicyRequest {
2855 /**
2856 * The name of the role to associate the policy with. The regex pattern for this parameter is a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
2857 */
2858 RoleName: roleNameType;
2859 /**
2860 * The name of the policy document. The regex pattern for this parameter is a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
2861 */
2862 PolicyName: policyNameType;
2863 /**
2864 * The policy document. The regex pattern for this parameter is a string of characters consisting of any printable ASCII character ranging from the space character (\u0020) through end of the ASCII character range (\u00FF). It also includes the special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D).
2865 */
2866 PolicyDocument: policyDocumentType;
2867 }
2868 export interface PutUserPolicyRequest {
2869 /**
2870 * The name of the user to associate the policy with. The regex pattern for this parameter is a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
2871 */
2872 UserName: existingUserNameType;
2873 /**
2874 * The name of the policy document. The regex pattern for this parameter is a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
2875 */
2876 PolicyName: policyNameType;
2877 /**
2878 * The policy document. The regex pattern for this parameter is a string of characters consisting of any printable ASCII character ranging from the space character (\u0020) through end of the ASCII character range (\u00FF). It also includes the special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D).
2879 */
2880 PolicyDocument: policyDocumentType;
2881 }
2882 export interface RemoveClientIDFromOpenIDConnectProviderRequest {
2883 /**
2884 * The Amazon Resource Name (ARN) of the IAM OIDC provider resource to remove the client ID from. You can get a list of OIDC provider ARNs by using the ListOpenIDConnectProviders action. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.
2885 */
2886 OpenIDConnectProviderArn: arnType;
2887 /**
2888 * The client ID (also known as audience) to remove from the IAM OIDC provider resource. For more information about client IDs, see CreateOpenIDConnectProvider.
2889 */
2890 ClientID: clientIDType;
2891 }
2892 export interface RemoveRoleFromInstanceProfileRequest {
2893 /**
2894 * The name of the instance profile to update. The regex pattern for this parameter is a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
2895 */
2896 InstanceProfileName: instanceProfileNameType;
2897 /**
2898 * The name of the role to remove. The regex pattern for this parameter is a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
2899 */
2900 RoleName: roleNameType;
2901 }
2902 export interface RemoveUserFromGroupRequest {
2903 /**
2904 * The name of the group to update. The regex pattern for this parameter is a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
2905 */
2906 GroupName: groupNameType;
2907 /**
2908 * The name of the user to remove. The regex pattern for this parameter is a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
2909 */
2910 UserName: existingUserNameType;
2911 }
2912 export type ReportContentType = Buffer|Uint8Array|Blob|string;
2913 export type ReportFormatType = "text/csv"|string;
2914 export type ReportStateDescriptionType = string;
2915 export type ReportStateType = "STARTED"|"INPROGRESS"|"COMPLETE"|string;
2916 export type ResourceHandlingOptionType = string;
2917 export type ResourceNameListType = ResourceNameType[];
2918 export type ResourceNameType = string;
2919 export interface ResourceSpecificResult {
2920 /**
2921 * The name of the simulated resource, in Amazon Resource Name (ARN) format.
2922 */
2923 EvalResourceName: ResourceNameType;
2924 /**
2925 * The result of the simulation of the simulated API action on the resource specified in EvalResourceName.
2926 */
2927 EvalResourceDecision: PolicyEvaluationDecisionType;
2928 /**
2929 * A list of the statements in the input policies that determine the result for this part of the simulation. Remember that even if multiple statements allow the action on the resource, if any statement denies that action, then the explicit deny overrides any allow, and the deny statement is the only entry included in the result.
2930 */
2931 MatchedStatements?: StatementListType;
2932 /**
2933 * A list of context keys that are required by the included input policies but that were not provided by one of the input parameters. This list is used when a list of ARNs is included in the ResourceArns parameter instead of "*". If you do not specify individual resources, by setting ResourceArns to "*" or by not including the ResourceArns parameter, then any missing context values are instead included under the EvaluationResults section. To discover the context keys used by a set of policies, you can call GetContextKeysForCustomPolicy or GetContextKeysForPrincipalPolicy.
2934 */
2935 MissingContextValues?: ContextKeyNamesResultListType;
2936 /**
2937 * Additional details about the results of the evaluation decision. When there are both IAM policies and resource policies, this parameter explains how each set of policies contributes to the final evaluation decision. When simulating cross-account access to a resource, both the resource-based policy and the caller's IAM policy must grant access.
2938 */
2939 EvalDecisionDetails?: EvalDecisionDetailsType;
2940 }
2941 export type ResourceSpecificResultListType = ResourceSpecificResult[];
2942 export interface ResyncMFADeviceRequest {
2943 /**
2944 * The name of the user whose MFA device you want to resynchronize. The regex pattern for this parameter is a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
2945 */
2946 UserName: existingUserNameType;
2947 /**
2948 * Serial number that uniquely identifies the MFA device. The regex pattern for this parameter is a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
2949 */
2950 SerialNumber: serialNumberType;
2951 /**
2952 * An authentication code emitted by the device. The format for this parameter is a sequence of six digits.
2953 */
2954 AuthenticationCode1: authenticationCodeType;
2955 /**
2956 * A subsequent authentication code emitted by the device. The format for this parameter is a sequence of six digits.
2957 */
2958 AuthenticationCode2: authenticationCodeType;
2959 }
2960 export interface Role {
2961 /**
2962 * The path to the role. For more information about paths, see IAM Identifiers in the Using IAM guide.
2963 */
2964 Path: pathType;
2965 /**
2966 * The friendly name that identifies the role.
2967 */
2968 RoleName: roleNameType;
2969 /**
2970 * The stable and unique string identifying the role. For more information about IDs, see IAM Identifiers in the Using IAM guide.
2971 */
2972 RoleId: idType;
2973 /**
2974 * The Amazon Resource Name (ARN) specifying the role. For more information about ARNs and how to use them in policies, see IAM Identifiers in the Using IAM guide.
2975 */
2976 Arn: arnType;
2977 /**
2978 * The date and time, in ISO 8601 date-time format, when the role was created.
2979 */
2980 CreateDate: dateType;
2981 /**
2982 * The policy that grants an entity permission to assume the role.
2983 */
2984 AssumeRolePolicyDocument?: policyDocumentType;
2985 }
2986 export interface RoleDetail {
2987 /**
2988 * The path to the role. For more information about paths, see IAM Identifiers in the Using IAM guide.
2989 */
2990 Path?: pathType;
2991 /**
2992 * The friendly name that identifies the role.
2993 */
2994 RoleName?: roleNameType;
2995 /**
2996 * The stable and unique string identifying the role. For more information about IDs, see IAM Identifiers in the Using IAM guide.
2997 */
2998 RoleId?: idType;
2999 Arn?: arnType;
3000 /**
3001 * The date and time, in ISO 8601 date-time format, when the role was created.
3002 */
3003 CreateDate?: dateType;
3004 /**
3005 * The trust policy that grants permission to assume the role.
3006 */
3007 AssumeRolePolicyDocument?: policyDocumentType;
3008 InstanceProfileList?: instanceProfileListType;
3009 /**
3010 * A list of inline policies embedded in the role. These policies are the role's access (permissions) policies.
3011 */
3012 RolePolicyList?: policyDetailListType;
3013 /**
3014 * A list of managed policies attached to the role. These policies are the role's access (permissions) policies.
3015 */
3016 AttachedManagedPolicies?: attachedPoliciesListType;
3017 }
3018 export type SAMLMetadataDocumentType = string;
3019 export interface SAMLProviderListEntry {
3020 /**
3021 * The Amazon Resource Name (ARN) of the SAML provider.
3022 */
3023 Arn?: arnType;
3024 /**
3025 * The expiration date and time for the SAML provider.
3026 */
3027 ValidUntil?: dateType;
3028 /**
3029 * The date and time when the SAML provider was created.
3030 */
3031 CreateDate?: dateType;
3032 }
3033 export type SAMLProviderListType = SAMLProviderListEntry[];
3034 export type SAMLProviderNameType = string;
3035 export interface SSHPublicKey {
3036 /**
3037 * The name of the IAM user associated with the SSH public key.
3038 */
3039 UserName: userNameType;
3040 /**
3041 * The unique identifier for the SSH public key.
3042 */
3043 SSHPublicKeyId: publicKeyIdType;
3044 /**
3045 * The MD5 message digest of the SSH public key.
3046 */
3047 Fingerprint: publicKeyFingerprintType;
3048 /**
3049 * The SSH public key.
3050 */
3051 SSHPublicKeyBody: publicKeyMaterialType;
3052 /**
3053 * The status of the SSH public key. Active means the key can be used for authentication with an AWS CodeCommit repository. Inactive means the key cannot be used.
3054 */
3055 Status: statusType;
3056 /**
3057 * The date and time, in ISO 8601 date-time format, when the SSH public key was uploaded.
3058 */
3059 UploadDate?: dateType;
3060 }
3061 export type SSHPublicKeyListType = SSHPublicKeyMetadata[];
3062 export interface SSHPublicKeyMetadata {
3063 /**
3064 * The name of the IAM user associated with the SSH public key.
3065 */
3066 UserName: userNameType;
3067 /**
3068 * The unique identifier for the SSH public key.
3069 */
3070 SSHPublicKeyId: publicKeyIdType;
3071 /**
3072 * The status of the SSH public key. Active means the key can be used for authentication with an AWS CodeCommit repository. Inactive means the key cannot be used.
3073 */
3074 Status: statusType;
3075 /**
3076 * The date and time, in ISO 8601 date-time format, when the SSH public key was uploaded.
3077 */
3078 UploadDate: dateType;
3079 }
3080 export interface ServerCertificate {
3081 /**
3082 * The meta information of the server certificate, such as its name, path, ID, and ARN.
3083 */
3084 ServerCertificateMetadata: ServerCertificateMetadata;
3085 /**
3086 * The contents of the public key certificate.
3087 */
3088 CertificateBody: certificateBodyType;
3089 /**
3090 * The contents of the public key certificate chain.
3091 */
3092 CertificateChain?: certificateChainType;
3093 }
3094 export interface ServerCertificateMetadata {
3095 /**
3096 * The path to the server certificate. For more information about paths, see IAM Identifiers in the Using IAM guide.
3097 */
3098 Path: pathType;
3099 /**
3100 * The name that identifies the server certificate.
3101 */
3102 ServerCertificateName: serverCertificateNameType;
3103 /**
3104 * The stable and unique string identifying the server certificate. For more information about IDs, see IAM Identifiers in the Using IAM guide.
3105 */
3106 ServerCertificateId: idType;
3107 /**
3108 * The Amazon Resource Name (ARN) specifying the server certificate. For more information about ARNs and how to use them in policies, see IAM Identifiers in the Using IAM guide.
3109 */
3110 Arn: arnType;
3111 /**
3112 * The date when the server certificate was uploaded.
3113 */
3114 UploadDate?: dateType;
3115 /**
3116 * The date on which the certificate is set to expire.
3117 */
3118 Expiration?: dateType;
3119 }
3120 export interface SetDefaultPolicyVersionRequest {
3121 /**
3122 * The Amazon Resource Name (ARN) of the IAM policy whose default version you want to set. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.
3123 */
3124 PolicyArn: arnType;
3125 /**
3126 * The version of the policy to set as the default (operative) version. For more information about managed policy versions, see Versioning for Managed Policies in the IAM User Guide.
3127 */
3128 VersionId: policyVersionIdType;
3129 }
3130 export interface SigningCertificate {
3131 /**
3132 * The name of the user the signing certificate is associated with.
3133 */
3134 UserName: userNameType;
3135 /**
3136 * The ID for the signing certificate.
3137 */
3138 CertificateId: certificateIdType;
3139 /**
3140 * The contents of the signing certificate.
3141 */
3142 CertificateBody: certificateBodyType;
3143 /**
3144 * The status of the signing certificate. Active means the key is valid for API calls, while Inactive means it is not.
3145 */
3146 Status: statusType;
3147 /**
3148 * The date when the signing certificate was uploaded.
3149 */
3150 UploadDate?: dateType;
3151 }
3152 export interface SimulateCustomPolicyRequest {
3153 /**
3154 * A list of policy documents to include in the simulation. Each document is specified as a string containing the complete, valid JSON text of an IAM policy. Do not include any resource-based policies in this parameter. Any resource-based policy must be submitted with the ResourcePolicy parameter. The policies cannot be "scope-down" policies, such as you could include in a call to GetFederationToken or one of the AssumeRole APIs to restrict what a user can do while using the temporary credentials. The regex pattern for this parameter is a string of characters consisting of any printable ASCII character ranging from the space character (\u0020) through end of the ASCII character range (\u00FF). It also includes the special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D).
3155 */
3156 PolicyInputList: SimulationPolicyListType;
3157 /**
3158 * A list of names of API actions to evaluate in the simulation. Each action is evaluated against each resource. Each action must include the service identifier, such as iam:CreateUser.
3159 */
3160 ActionNames: ActionNameListType;
3161 /**
3162 * A list of ARNs of AWS resources to include in the simulation. If this parameter is not provided then the value defaults to * (all resources). Each API in the ActionNames parameter is evaluated for each resource in this list. The simulation determines the access result (allowed or denied) of each combination and reports it in the response. The simulation does not automatically retrieve policies for the specified resources. If you want to include a resource policy in the simulation, then you must include the policy as a string in the ResourcePolicy parameter. If you include a ResourcePolicy, then it must be applicable to all of the resources included in the simulation or you receive an invalid input error. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.
3163 */
3164 ResourceArns?: ResourceNameListType;
3165 /**
3166 * A resource-based policy to include in the simulation provided as a string. Each resource in the simulation is treated as if it had this policy attached. You can include only one resource-based policy in a simulation. The regex pattern for this parameter is a string of characters consisting of any printable ASCII character ranging from the space character (\u0020) through end of the ASCII character range (\u00FF). It also includes the special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D).
3167 */
3168 ResourcePolicy?: policyDocumentType;
3169 /**
3170 * An AWS account ID that specifies the owner of any simulated resource that does not identify its owner in the resource ARN, such as an S3 bucket or object. If ResourceOwner is specified, it is also used as the account owner of any ResourcePolicy included in the simulation. If the ResourceOwner parameter is not specified, then the owner of the resources and the resource policy defaults to the account of the identity provided in CallerArn. This parameter is required only if you specify a resource-based policy and account that owns the resource is different from the account that owns the simulated calling user CallerArn.
3171 */
3172 ResourceOwner?: ResourceNameType;
3173 /**
3174 * The ARN of the IAM user that you want to use as the simulated caller of the APIs. CallerArn is required if you include a ResourcePolicy so that the policy's Principal element has a value to use in evaluating the policy. You can specify only the ARN of an IAM user. You cannot specify the ARN of an assumed role, federated user, or a service principal.
3175 */
3176 CallerArn?: ResourceNameType;
3177 /**
3178 * A list of context keys and corresponding values for the simulation to use. Whenever a context key is evaluated in one of the simulated IAM permission policies, the corresponding value is supplied.
3179 */
3180 ContextEntries?: ContextEntryListType;
3181 /**
3182 * Specifies the type of simulation to run. Different APIs that support resource-based policies require different combinations of resources. By specifying the type of simulation to run, you enable the policy simulator to enforce the presence of the required resources to ensure reliable simulation results. If your simulation does not match one of the following scenarios, then you can omit this parameter. The following list shows each of the supported scenario values and the resources that you must define to run the simulation. Each of the EC2 scenarios requires that you specify instance, image, and security-group resources. If your scenario includes an EBS volume, then you must specify that volume as a resource. If the EC2 scenario includes VPC, then you must supply the network-interface resource. If it includes an IP subnet, then you must specify the subnet resource. For more information on the EC2 scenario options, see Supported Platforms in the AWS EC2 User Guide. EC2-Classic-InstanceStore instance, image, security-group EC2-Classic-EBS instance, image, security-group, volume EC2-VPC-InstanceStore instance, image, security-group, network-interface EC2-VPC-InstanceStore-Subnet instance, image, security-group, network-interface, subnet EC2-VPC-EBS instance, image, security-group, network-interface, volume EC2-VPC-EBS-Subnet instance, image, security-group, network-interface, subnet, volume
3183 */
3184 ResourceHandlingOption?: ResourceHandlingOptionType;
3185 /**
3186 * Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the IsTruncated response element is true. This parameter is optional. If you do not include it, it defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true and Marker contains a value to include in the subsequent call that tells the service where to continue from.
3187 */
3188 MaxItems?: maxItemsType;
3189 /**
3190 * Use this parameter only when paginating results and only after you receive a response indicating that the results are truncated. Set it to the value of the Marker element in the response that you received to indicate where the next call should start.
3191 */
3192 Marker?: markerType;
3193 }
3194 export interface SimulatePolicyResponse {
3195 /**
3196 * The results of the simulation.
3197 */
3198 EvaluationResults?: EvaluationResultsListType;
3199 /**
3200 * A flag that indicates whether there are more items to return. If your results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items. Note that IAM might return fewer than the MaxItems number of results even when there are more results available. We recommend that you check IsTruncated after every call to ensure that you receive all of your results.
3201 */
3202 IsTruncated?: booleanType;
3203 /**
3204 * When IsTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent pagination request.
3205 */
3206 Marker?: markerType;
3207 }
3208 export interface SimulatePrincipalPolicyRequest {
3209 /**
3210 * The Amazon Resource Name (ARN) of a user, group, or role whose policies you want to include in the simulation. If you specify a user, group, or role, the simulation includes all policies that are associated with that entity. If you specify a user, the simulation also includes all policies that are attached to any groups the user belongs to. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.
3211 */
3212 PolicySourceArn: arnType;
3213 /**
3214 * An optional list of additional policy documents to include in the simulation. Each document is specified as a string containing the complete, valid JSON text of an IAM policy. The regex pattern for this parameter is a string of characters consisting of any printable ASCII character ranging from the space character (\u0020) through end of the ASCII character range (\u00FF). It also includes the special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D).
3215 */
3216 PolicyInputList?: SimulationPolicyListType;
3217 /**
3218 * A list of names of API actions to evaluate in the simulation. Each action is evaluated for each resource. Each action must include the service identifier, such as iam:CreateUser.
3219 */
3220 ActionNames: ActionNameListType;
3221 /**
3222 * A list of ARNs of AWS resources to include in the simulation. If this parameter is not provided then the value defaults to * (all resources). Each API in the ActionNames parameter is evaluated for each resource in this list. The simulation determines the access result (allowed or denied) of each combination and reports it in the response. The simulation does not automatically retrieve policies for the specified resources. If you want to include a resource policy in the simulation, then you must include the policy as a string in the ResourcePolicy parameter. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.
3223 */
3224 ResourceArns?: ResourceNameListType;
3225 /**
3226 * A resource-based policy to include in the simulation provided as a string. Each resource in the simulation is treated as if it had this policy attached. You can include only one resource-based policy in a simulation. The regex pattern for this parameter is a string of characters consisting of any printable ASCII character ranging from the space character (\u0020) through end of the ASCII character range (\u00FF). It also includes the special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D).
3227 */
3228 ResourcePolicy?: policyDocumentType;
3229 /**
3230 * An AWS account ID that specifies the owner of any simulated resource that does not identify its owner in the resource ARN, such as an S3 bucket or object. If ResourceOwner is specified, it is also used as the account owner of any ResourcePolicy included in the simulation. If the ResourceOwner parameter is not specified, then the owner of the resources and the resource policy defaults to the account of the identity provided in CallerArn. This parameter is required only if you specify a resource-based policy and account that owns the resource is different from the account that owns the simulated calling user CallerArn.
3231 */
3232 ResourceOwner?: ResourceNameType;
3233 /**
3234 * The ARN of the IAM user that you want to specify as the simulated caller of the APIs. If you do not specify a CallerArn, it defaults to the ARN of the user that you specify in PolicySourceArn, if you specified a user. If you include both a PolicySourceArn (for example, arn:aws:iam::123456789012:user/David) and a CallerArn (for example, arn:aws:iam::123456789012:user/Bob), the result is that you simulate calling the APIs as Bob, as if Bob had David's policies. You can specify only the ARN of an IAM user. You cannot specify the ARN of an assumed role, federated user, or a service principal. CallerArn is required if you include a ResourcePolicy and the PolicySourceArn is not the ARN for an IAM user. This is required so that the resource-based policy's Principal element has a value to use in evaluating the policy. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.
3235 */
3236 CallerArn?: ResourceNameType;
3237 /**
3238 * A list of context keys and corresponding values for the simulation to use. Whenever a context key is evaluated in one of the simulated IAM permission policies, the corresponding value is supplied.
3239 */
3240 ContextEntries?: ContextEntryListType;
3241 /**
3242 * Specifies the type of simulation to run. Different APIs that support resource-based policies require different combinations of resources. By specifying the type of simulation to run, you enable the policy simulator to enforce the presence of the required resources to ensure reliable simulation results. If your simulation does not match one of the following scenarios, then you can omit this parameter. The following list shows each of the supported scenario values and the resources that you must define to run the simulation. Each of the EC2 scenarios requires that you specify instance, image, and security-group resources. If your scenario includes an EBS volume, then you must specify that volume as a resource. If the EC2 scenario includes VPC, then you must supply the network-interface resource. If it includes an IP subnet, then you must specify the subnet resource. For more information on the EC2 scenario options, see Supported Platforms in the AWS EC2 User Guide. EC2-Classic-InstanceStore instance, image, security-group EC2-Classic-EBS instance, image, security-group, volume EC2-VPC-InstanceStore instance, image, security-group, network-interface EC2-VPC-InstanceStore-Subnet instance, image, security-group, network-interface, subnet EC2-VPC-EBS instance, image, security-group, network-interface, volume EC2-VPC-EBS-Subnet instance, image, security-group, network-interface, subnet, volume
3243 */
3244 ResourceHandlingOption?: ResourceHandlingOptionType;
3245 /**
3246 * Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the IsTruncated response element is true. This parameter is optional. If you do not include it, it defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true and Marker contains a value to include in the subsequent call that tells the service where to continue from.
3247 */
3248 MaxItems?: maxItemsType;
3249 /**
3250 * Use this parameter only when paginating results and only after you receive a response indicating that the results are truncated. Set it to the value of the Marker element in the response that you received to indicate where the next call should start.
3251 */
3252 Marker?: markerType;
3253 }
3254 export type SimulationPolicyListType = policyDocumentType[];
3255 export interface Statement {
3256 /**
3257 * The identifier of the policy that was provided as an input.
3258 */
3259 SourcePolicyId?: PolicyIdentifierType;
3260 /**
3261 * The type of the policy.
3262 */
3263 SourcePolicyType?: PolicySourceType;
3264 /**
3265 * The row and column of the beginning of the Statement in an IAM policy.
3266 */
3267 StartPosition?: Position;
3268 /**
3269 * The row and column of the end of a Statement in an IAM policy.
3270 */
3271 EndPosition?: Position;
3272 }
3273 export type StatementListType = Statement[];
3274 export interface UpdateAccessKeyRequest {
3275 /**
3276 * The name of the user whose key you want to update. The regex pattern for this parameter is a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
3277 */
3278 UserName?: existingUserNameType;
3279 /**
3280 * The access key ID of the secret access key you want to update. The regex pattern for this parameter is a string of characters that can consist of any upper or lowercased letter or digit.
3281 */
3282 AccessKeyId: accessKeyIdType;
3283 /**
3284 * The status you want to assign to the secret access key. Active means the key can be used for API calls to AWS, while Inactive means the key cannot be used.
3285 */
3286 Status: statusType;
3287 }
3288 export interface UpdateAccountPasswordPolicyRequest {
3289 /**
3290 * The minimum number of characters allowed in an IAM user password. Default value: 6
3291 */
3292 MinimumPasswordLength?: minimumPasswordLengthType;
3293 /**
3294 * Specifies whether IAM user passwords must contain at least one of the following non-alphanumeric characters: ! @ # $ % ^ &amp; * ( ) _ + - = [ ] { } | ' Default value: false
3295 */
3296 RequireSymbols?: booleanType;
3297 /**
3298 * Specifies whether IAM user passwords must contain at least one numeric character (0 to 9). Default value: false
3299 */
3300 RequireNumbers?: booleanType;
3301 /**
3302 * Specifies whether IAM user passwords must contain at least one uppercase character from the ISO basic Latin alphabet (A to Z). Default value: false
3303 */
3304 RequireUppercaseCharacters?: booleanType;
3305 /**
3306 * Specifies whether IAM user passwords must contain at least one lowercase character from the ISO basic Latin alphabet (a to z). Default value: false
3307 */
3308 RequireLowercaseCharacters?: booleanType;
3309 /**
3310 * Allows all IAM users in your account to use the AWS Management Console to change their own passwords. For more information, see Letting IAM Users Change Their Own Passwords in the IAM User Guide. Default value: false
3311 */
3312 AllowUsersToChangePassword?: booleanType;
3313 /**
3314 * The number of days that an IAM user password is valid. The default value of 0 means IAM user passwords never expire. Default value: 0
3315 */
3316 MaxPasswordAge?: maxPasswordAgeType;
3317 /**
3318 * Specifies the number of previous passwords that IAM users are prevented from reusing. The default value of 0 means IAM users are not prevented from reusing previous passwords. Default value: 0
3319 */
3320 PasswordReusePrevention?: passwordReusePreventionType;
3321 /**
3322 * Prevents IAM users from setting a new password after their password has expired. Default value: false
3323 */
3324 HardExpiry?: booleanObjectType;
3325 }
3326 export interface UpdateAssumeRolePolicyRequest {
3327 /**
3328 * The name of the role to update with the new policy. The regex pattern for this parameter is a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
3329 */
3330 RoleName: roleNameType;
3331 /**
3332 * The policy that grants an entity permission to assume the role. The regex pattern for this parameter is a string of characters consisting of any printable ASCII character ranging from the space character (\u0020) through end of the ASCII character range (\u00FF). It also includes the special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D).
3333 */
3334 PolicyDocument: policyDocumentType;
3335 }
3336 export interface UpdateGroupRequest {
3337 /**
3338 * Name of the IAM group to update. If you're changing the name of the group, this is the original name. The regex pattern for this parameter is a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
3339 */
3340 GroupName: groupNameType;
3341 /**
3342 * New path for the IAM group. Only include this if changing the group's path. The regex pattern for this parameter is a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes, containing any ASCII character from the ! (\u0021) thru the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.
3343 */
3344 NewPath?: pathType;
3345 /**
3346 * New name for the IAM group. Only include this if changing the group's name. The regex pattern for this parameter is a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
3347 */
3348 NewGroupName?: groupNameType;
3349 }
3350 export interface UpdateLoginProfileRequest {
3351 /**
3352 * The name of the user whose password you want to update. The regex pattern for this parameter is a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
3353 */
3354 UserName: userNameType;
3355 /**
3356 * The new password for the specified IAM user. The regex pattern for this parameter is a string of characters consisting of any printable ASCII character ranging from the space character (\u0020) through end of the ASCII character range (\u00FF). It also includes the special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D). However, the format can be further restricted by the account administrator by setting a password policy on the AWS account. For more information, see UpdateAccountPasswordPolicy.
3357 */
3358 Password?: passwordType;
3359 /**
3360 * Allows this new password to be used only once by requiring the specified IAM user to set a new password on next sign-in.
3361 */
3362 PasswordResetRequired?: booleanObjectType;
3363 }
3364 export interface UpdateOpenIDConnectProviderThumbprintRequest {
3365 /**
3366 * The Amazon Resource Name (ARN) of the IAM OIDC provider resource object for which you want to update the thumbprint. You can get a list of OIDC provider ARNs by using the ListOpenIDConnectProviders action. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.
3367 */
3368 OpenIDConnectProviderArn: arnType;
3369 /**
3370 * A list of certificate thumbprints that are associated with the specified IAM OpenID Connect provider. For more information, see CreateOpenIDConnectProvider.
3371 */
3372 ThumbprintList: thumbprintListType;
3373 }
3374 export interface UpdateSAMLProviderRequest {
3375 /**
3376 * An XML document generated by an identity provider (IdP) that supports SAML 2.0. The document includes the issuer's name, expiration information, and keys that can be used to validate the SAML authentication response (assertions) that are received from the IdP. You must generate the metadata document using the identity management software that is used as your organization's IdP.
3377 */
3378 SAMLMetadataDocument: SAMLMetadataDocumentType;
3379 /**
3380 * The Amazon Resource Name (ARN) of the SAML provider to update. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.
3381 */
3382 SAMLProviderArn: arnType;
3383 }
3384 export interface UpdateSAMLProviderResponse {
3385 /**
3386 * The Amazon Resource Name (ARN) of the SAML provider that was updated.
3387 */
3388 SAMLProviderArn?: arnType;
3389 }
3390 export interface UpdateSSHPublicKeyRequest {
3391 /**
3392 * The name of the IAM user associated with the SSH public key. The regex pattern for this parameter is a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
3393 */
3394 UserName: userNameType;
3395 /**
3396 * The unique identifier for the SSH public key. The regex pattern for this parameter is a string of characters that can consist of any upper or lowercased letter or digit.
3397 */
3398 SSHPublicKeyId: publicKeyIdType;
3399 /**
3400 * The status to assign to the SSH public key. Active means the key can be used for authentication with an AWS CodeCommit repository. Inactive means the key cannot be used.
3401 */
3402 Status: statusType;
3403 }
3404 export interface UpdateServerCertificateRequest {
3405 /**
3406 * The name of the server certificate that you want to update. The regex pattern for this parameter is a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
3407 */
3408 ServerCertificateName: serverCertificateNameType;
3409 /**
3410 * The new path for the server certificate. Include this only if you are updating the server certificate's path. The regex pattern for this parameter is a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes, containing any ASCII character from the ! (\u0021) thru the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.
3411 */
3412 NewPath?: pathType;
3413 /**
3414 * The new name for the server certificate. Include this only if you are updating the server certificate's name. The name of the certificate cannot contain any spaces. The regex pattern for this parameter is a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
3415 */
3416 NewServerCertificateName?: serverCertificateNameType;
3417 }
3418 export interface UpdateSigningCertificateRequest {
3419 /**
3420 * The name of the IAM user the signing certificate belongs to. The regex pattern for this parameter is a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
3421 */
3422 UserName?: existingUserNameType;
3423 /**
3424 * The ID of the signing certificate you want to update. The regex pattern for this parameter is a string of characters that can consist of any upper or lowercased letter or digit.
3425 */
3426 CertificateId: certificateIdType;
3427 /**
3428 * The status you want to assign to the certificate. Active means the certificate can be used for API calls to AWS, while Inactive means the certificate cannot be used.
3429 */
3430 Status: statusType;
3431 }
3432 export interface UpdateUserRequest {
3433 /**
3434 * Name of the user to update. If you're changing the name of the user, this is the original user name. The regex pattern for this parameter is a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
3435 */
3436 UserName: existingUserNameType;
3437 /**
3438 * New path for the IAM user. Include this parameter only if you're changing the user's path. The regex pattern for this parameter is a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes, containing any ASCII character from the ! (\u0021) thru the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.
3439 */
3440 NewPath?: pathType;
3441 /**
3442 * New name for the user. Include this parameter only if you're changing the user's name. The regex pattern for this parameter is a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
3443 */
3444 NewUserName?: userNameType;
3445 }
3446 export interface UploadSSHPublicKeyRequest {
3447 /**
3448 * The name of the IAM user to associate the SSH public key with. The regex pattern for this parameter is a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
3449 */
3450 UserName: userNameType;
3451 /**
3452 * The SSH public key. The public key must be encoded in ssh-rsa format or PEM format. The regex pattern for this parameter is a string of characters consisting of any printable ASCII character ranging from the space character (\u0020) through end of the ASCII character range (\u00FF). It also includes the special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D).
3453 */
3454 SSHPublicKeyBody: publicKeyMaterialType;
3455 }
3456 export interface UploadSSHPublicKeyResponse {
3457 /**
3458 * Contains information about the SSH public key.
3459 */
3460 SSHPublicKey?: SSHPublicKey;
3461 }
3462 export interface UploadServerCertificateRequest {
3463 /**
3464 * The path for the server certificate. For more information about paths, see IAM Identifiers in the IAM User Guide. This parameter is optional. If it is not included, it defaults to a slash (/). The regex pattern for this parameter is a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes, containing any ASCII character from the ! (\u0021) thru the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters. If you are uploading a server certificate specifically for use with Amazon CloudFront distributions, you must specify a path using the --path option. The path must begin with /cloudfront and must include a trailing slash (for example, /cloudfront/test/).
3465 */
3466 Path?: pathType;
3467 /**
3468 * The name for the server certificate. Do not include the path in this value. The name of the certificate cannot contain any spaces. The regex pattern for this parameter is a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
3469 */
3470 ServerCertificateName: serverCertificateNameType;
3471 /**
3472 * The contents of the public key certificate in PEM-encoded format. The regex pattern for this parameter is a string of characters consisting of any printable ASCII character ranging from the space character (\u0020) through end of the ASCII character range (\u00FF). It also includes the special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D).
3473 */
3474 CertificateBody: certificateBodyType;
3475 /**
3476 * The contents of the private key in PEM-encoded format. The regex pattern for this parameter is a string of characters consisting of any printable ASCII character ranging from the space character (\u0020) through end of the ASCII character range (\u00FF). It also includes the special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D).
3477 */
3478 PrivateKey: privateKeyType;
3479 /**
3480 * The contents of the certificate chain. This is typically a concatenation of the PEM-encoded public key certificates of the chain. The regex pattern for this parameter is a string of characters consisting of any printable ASCII character ranging from the space character (\u0020) through end of the ASCII character range (\u00FF). It also includes the special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D).
3481 */
3482 CertificateChain?: certificateChainType;
3483 }
3484 export interface UploadServerCertificateResponse {
3485 /**
3486 * The meta information of the uploaded server certificate without its certificate body, certificate chain, and private key.
3487 */
3488 ServerCertificateMetadata?: ServerCertificateMetadata;
3489 }
3490 export interface UploadSigningCertificateRequest {
3491 /**
3492 * The name of the user the signing certificate is for. The regex pattern for this parameter is a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
3493 */
3494 UserName?: existingUserNameType;
3495 /**
3496 * The contents of the signing certificate. The regex pattern for this parameter is a string of characters consisting of any printable ASCII character ranging from the space character (\u0020) through end of the ASCII character range (\u00FF). It also includes the special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D).
3497 */
3498 CertificateBody: certificateBodyType;
3499 }
3500 export interface UploadSigningCertificateResponse {
3501 /**
3502 * Information about the certificate.
3503 */
3504 Certificate: SigningCertificate;
3505 }
3506 export interface User {
3507 /**
3508 * The path to the user. For more information about paths, see IAM Identifiers in the Using IAM guide.
3509 */
3510 Path: pathType;
3511 /**
3512 * The friendly name identifying the user.
3513 */
3514 UserName: userNameType;
3515 /**
3516 * The stable and unique string identifying the user. For more information about IDs, see IAM Identifiers in the Using IAM guide.
3517 */
3518 UserId: idType;
3519 /**
3520 * The Amazon Resource Name (ARN) that identifies the user. For more information about ARNs and how to use ARNs in policies, see IAM Identifiers in the Using IAM guide.
3521 */
3522 Arn: arnType;
3523 /**
3524 * The date and time, in ISO 8601 date-time format, when the user was created.
3525 */
3526 CreateDate: dateType;
3527 /**
3528 * The date and time, in ISO 8601 date-time format, when the user's password was last used to sign in to an AWS website. For a list of AWS websites that capture a user's last sign-in time, see the Credential Reports topic in the Using IAM guide. If a password is used more than once in a five-minute span, only the first use is returned in this field. This field is null (not present) when: The user does not have a password The password exists but has never been used (at least not since IAM started tracking this information on October 20th, 2014 there is no sign-in data associated with the user This value is returned only in the GetUser and ListUsers actions.
3529 */
3530 PasswordLastUsed?: dateType;
3531 }
3532 export interface UserDetail {
3533 /**
3534 * The path to the user. For more information about paths, see IAM Identifiers in the Using IAM guide.
3535 */
3536 Path?: pathType;
3537 /**
3538 * The friendly name identifying the user.
3539 */
3540 UserName?: userNameType;
3541 /**
3542 * The stable and unique string identifying the user. For more information about IDs, see IAM Identifiers in the Using IAM guide.
3543 */
3544 UserId?: idType;
3545 Arn?: arnType;
3546 /**
3547 * The date and time, in ISO 8601 date-time format, when the user was created.
3548 */
3549 CreateDate?: dateType;
3550 /**
3551 * A list of the inline policies embedded in the user.
3552 */
3553 UserPolicyList?: policyDetailListType;
3554 /**
3555 * A list of IAM groups that the user is in.
3556 */
3557 GroupList?: groupNameListType;
3558 /**
3559 * A list of the managed policies attached to the user.
3560 */
3561 AttachedManagedPolicies?: attachedPoliciesListType;
3562 }
3563 export interface VirtualMFADevice {
3564 /**
3565 * The serial number associated with VirtualMFADevice.
3566 */
3567 SerialNumber: serialNumberType;
3568 /**
3569 * The Base32 seed defined as specified in RFC3548. The Base32StringSeed is Base64-encoded.
3570 */
3571 Base32StringSeed?: BootstrapDatum;
3572 /**
3573 * A QR code PNG image that encodes otpauth://totp/$virtualMFADeviceName@$AccountName?secret=$Base32String where $virtualMFADeviceName is one of the create call arguments, AccountName is the user name if set (otherwise, the account ID otherwise), and Base32String is the seed in Base32 format. The Base32String value is Base64-encoded.
3574 */
3575 QRCodePNG?: BootstrapDatum;
3576 User?: User;
3577 /**
3578 * The date and time on which the virtual MFA device was enabled.
3579 */
3580 EnableDate?: dateType;
3581 }
3582 export type accessKeyIdType = string;
3583 export type accessKeyMetadataListType = AccessKeyMetadata[];
3584 export type accessKeySecretType = string;
3585 export type accountAliasListType = accountAliasType[];
3586 export type accountAliasType = string;
3587 export type arnType = string;
3588 export type assignmentStatusType = "Assigned"|"Unassigned"|"Any"|string;
3589 export type attachedPoliciesListType = AttachedPolicy[];
3590 export type attachmentCountType = number;
3591 export type authenticationCodeType = string;
3592 export type booleanObjectType = boolean;
3593 export type booleanType = boolean;
3594 export type certificateBodyType = string;
3595 export type certificateChainType = string;
3596 export type certificateIdType = string;
3597 export type certificateListType = SigningCertificate[];
3598 export type clientIDListType = clientIDType[];
3599 export type clientIDType = string;
3600 export type credentialReportExpiredExceptionMessage = string;
3601 export type credentialReportNotPresentExceptionMessage = string;
3602 export type credentialReportNotReadyExceptionMessage = string;
3603 export type dateType = Date;
3604 export type deleteConflictMessage = string;
3605 export type duplicateCertificateMessage = string;
3606 export type duplicateSSHPublicKeyMessage = string;
3607 export type encodingType = "SSH"|"PEM"|string;
3608 export type entityAlreadyExistsMessage = string;
3609 export type entityListType = EntityType[];
3610 export type entityTemporarilyUnmodifiableMessage = string;
3611 export type existingUserNameType = string;
3612 export type groupDetailListType = GroupDetail[];
3613 export type groupListType = Group[];
3614 export type groupNameListType = groupNameType[];
3615 export type groupNameType = string;
3616 export type idType = string;
3617 export type instanceProfileListType = InstanceProfile[];
3618 export type instanceProfileNameType = string;
3619 export type invalidAuthenticationCodeMessage = string;
3620 export type invalidCertificateMessage = string;
3621 export type invalidInputMessage = string;
3622 export type invalidPublicKeyMessage = string;
3623 export type invalidUserTypeMessage = string;
3624 export type keyPairMismatchMessage = string;
3625 export type limitExceededMessage = string;
3626 export type malformedCertificateMessage = string;
3627 export type malformedPolicyDocumentMessage = string;
3628 export type markerType = string;
3629 export type maxItemsType = number;
3630 export type maxPasswordAgeType = number;
3631 export type mfaDeviceListType = MFADevice[];
3632 export type minimumPasswordLengthType = number;
3633 export type noSuchEntityMessage = string;
3634 export type passwordPolicyViolationMessage = string;
3635 export type passwordReusePreventionType = number;
3636 export type passwordType = string;
3637 export type pathPrefixType = string;
3638 export type pathType = string;
3639 export type policyDescriptionType = string;
3640 export type policyDetailListType = PolicyDetail[];
3641 export type policyDocumentType = string;
3642 export type policyDocumentVersionListType = PolicyVersion[];
3643 export type policyEvaluationErrorMessage = string;
3644 export type policyListType = Policy[];
3645 export type policyNameListType = policyNameType[];
3646 export type policyNameType = string;
3647 export type policyPathType = string;
3648 export type policyScopeType = "All"|"AWS"|"Local"|string;
3649 export type policyVersionIdType = string;
3650 export type privateKeyType = string;
3651 export type publicKeyFingerprintType = string;
3652 export type publicKeyIdType = string;
3653 export type publicKeyMaterialType = string;
3654 export type roleDetailListType = RoleDetail[];
3655 export type roleListType = Role[];
3656 export type roleNameType = string;
3657 export type serialNumberType = string;
3658 export type serverCertificateMetadataListType = ServerCertificateMetadata[];
3659 export type serverCertificateNameType = string;
3660 export type serviceFailureExceptionMessage = string;
3661 export type statusType = "Active"|"Inactive"|string;
3662 export type stringType = string;
3663 export type summaryKeyType = "Users"|"UsersQuota"|"Groups"|"GroupsQuota"|"ServerCertificates"|"ServerCertificatesQuota"|"UserPolicySizeQuota"|"GroupPolicySizeQuota"|"GroupsPerUserQuota"|"SigningCertificatesPerUserQuota"|"AccessKeysPerUserQuota"|"MFADevices"|"MFADevicesInUse"|"AccountMFAEnabled"|"AccountAccessKeysPresent"|"AccountSigningCertificatesPresent"|"AttachedPoliciesPerGroupQuota"|"AttachedPoliciesPerRoleQuota"|"AttachedPoliciesPerUserQuota"|"Policies"|"PoliciesQuota"|"PolicySizeQuota"|"PolicyVersionsInUse"|"PolicyVersionsInUseQuota"|"VersionsPerPolicyQuota"|string;
3664 export type summaryMapType = {[key: string]: summaryValueType};
3665 export type summaryValueType = number;
3666 export type thumbprintListType = thumbprintType[];
3667 export type thumbprintType = string;
3668 export type unrecognizedPublicKeyEncodingMessage = string;
3669 export type userDetailListType = UserDetail[];
3670 export type userListType = User[];
3671 export type userNameType = string;
3672 export type virtualMFADeviceListType = VirtualMFADevice[];
3673 export type virtualMFADeviceName = string;
3674 /**
3675 * A string in YYYY-MM-DD format that represents the latest possible API version that can be used in this service. Specify 'latest' to use the latest possible version.
3676 */
3677 export type apiVersion = "2010-05-08"|"latest"|string;
3678 export interface ClientApiVersions {
3679 /**
3680 * A string in YYYY-MM-DD format that represents the latest possible API version that can be used in this service. Specify 'latest' to use the latest possible version.
3681 */
3682 apiVersion?: apiVersion;
3683 }
3684 export type ClientConfiguration = ServiceConfigurationOptions & ClientApiVersions;
3685 }
3686 export = IAM;