or run

tessl search
Log in

Version

Files

docs

amazon-cloudwatch.mdamazon-dynamodb.mdamazon-ec2.mdamazon-s3.mdauthentication.mdaws-iam.mdaws-lambda.mdclient-management.mderror-handling.mdindex.md
tile.json

aws-iam.mddocs/

AWS IAM

Identity and access management service for securely controlling access to AWS services and resources through users, groups, roles, and policies.

Capabilities

IAM Client Interface

Main interface for AWS Identity and Access Management operations.

/**
 * AWS Identity and Access Management client interface
 */
public interface AmazonIdentityManagement {
    String ENDPOINT_PREFIX = "iam";
    
    // User management
    CreateUserResult createUser(CreateUserRequest createUserRequest);
    GetUserResult getUser(GetUserRequest getUserRequest);
    GetUserResult getUser(); // Get current user
    ListUsersResult listUsers(ListUsersRequest listUsersRequest);
    ListUsersResult listUsers();
    UpdateUserResult updateUser(UpdateUserRequest updateUserRequest);
    DeleteUserResult deleteUser(DeleteUserRequest deleteUserRequest);
    
    // Group management
    CreateGroupResult createGroup(CreateGroupRequest createGroupRequest);
    GetGroupResult getGroup(GetGroupRequest getGroupRequest);
    ListGroupsResult listGroups(ListGroupsRequest listGroupsRequest);
    DeleteGroupResult deleteGroup(DeleteGroupRequest deleteGroupRequest);
    AddUserToGroupResult addUserToGroup(AddUserToGroupRequest addUserToGroupRequest);
    RemoveUserFromGroupResult removeUserFromGroup(RemoveUserFromGroupRequest removeUserFromGroupRequest);
    
    // Role management
    CreateRoleResult createRole(CreateRoleRequest createRoleRequest);
    GetRoleResult getRole(GetRoleRequest getRoleRequest);
    ListRolesResult listRoles(ListRolesRequest listRolesRequest);
    UpdateRoleResult updateRole(UpdateRoleRequest updateRoleRequest);
    DeleteRoleResult deleteRole(DeleteRoleRequest deleteRoleRequest);
    
    // Policy management
    CreatePolicyResult createPolicy(CreatePolicyRequest createPolicyRequest);
    GetPolicyResult getPolicy(GetPolicyRequest getPolicyRequest);
    ListPoliciesResult listPolicies(ListPoliciesRequest listPoliciesRequest);
    DeletePolicyResult deletePolicy(DeletePolicyRequest deletePolicyRequest);
    
    // Policy attachment
    AttachUserPolicyResult attachUserPolicy(AttachUserPolicyRequest attachUserPolicyRequest);
    DetachUserPolicyResult detachUserPolicy(DetachUserPolicyRequest detachUserPolicyRequest);
    AttachGroupPolicyResult attachGroupPolicy(AttachGroupPolicyRequest attachGroupPolicyRequest);
    AttachRolePolicyResult attachRolePolicy(AttachRolePolicyRequest attachRolePolicyRequest);
    
    // Access keys
    CreateAccessKeyResult createAccessKey(CreateAccessKeyRequest createAccessKeyRequest);
    ListAccessKeysResult listAccessKeys(ListAccessKeysRequest listAccessKeysRequest);
    UpdateAccessKeyResult updateAccessKey(UpdateAccessKeyRequest updateAccessKeyRequest);
    DeleteAccessKeyResult deleteAccessKey(DeleteAccessKeyRequest deleteAccessKeyRequest);
    
    // Lifecycle management
    void shutdown();
}

IAM Client Builder

/**
 * Builder for creating AWS IAM clients
 */
public final class AmazonIdentityManagementClientBuilder extends AwsClientBuilder<AmazonIdentityManagementClientBuilder, AmazonIdentityManagement> {
    public static AmazonIdentityManagementClientBuilder standard();
    public static AmazonIdentityManagement defaultClient();
}

User Management

/**
 * Request for creating an IAM user
 */
public class CreateUserRequest extends AmazonWebServiceRequest {
    public CreateUserRequest();
    
    public String getUserName();
    public String getPath();
    public List<Tag> getTags();
    
    public CreateUserRequest withUserName(String userName);
    public CreateUserRequest withPath(String path);
    public CreateUserRequest withTags(Tag... tags);
}

/**
 * Request for getting user information
 */
public class GetUserRequest extends AmazonWebServiceRequest {
    public GetUserRequest();
    
    public String getUserName();
    
    public GetUserRequest withUserName(String userName);
}

/**
 * IAM user information
 */
public class User {
    public String getUserName();
    public String getUserId();
    public String getPath();
    public String getArn();
    public Date getCreateDate();
    public Date getPasswordLastUsed();
    public List<Tag> getTags();
}

Usage Examples:

import com.amazonaws.services.identitymanagement.*;
import com.amazonaws.services.identitymanagement.model.*;

// Create IAM client
AmazonIdentityManagement iamClient = AmazonIdentityManagementClientBuilder.defaultClient();

// Create user
CreateUserRequest createUserRequest = new CreateUserRequest()
    .withUserName("john-doe")
    .withPath("/developers/");

CreateUserResult createUserResult = iamClient.createUser(createUserRequest);
User newUser = createUserResult.getUser();
System.out.println("Created user: " + newUser.getUserName() + " with ARN: " + newUser.getArn());

// Get user information
GetUserResult getUserResult = iamClient.getUser(new GetUserRequest().withUserName("john-doe"));
User user = getUserResult.getUser();
System.out.println("User ID: " + user.getUserId());
System.out.println("Created: " + user.getCreateDate());

// List all users
ListUsersResult listUsersResult = iamClient.listUsers();
for (User u : listUsersResult.getUsers()) {
    System.out.println("User: " + u.getUserName() + " (" + u.getArn() + ")");
}

Role Management

/**
 * Request for creating an IAM role
 */
public class CreateRoleRequest extends AmazonWebServiceRequest {
    public CreateRoleRequest();
    
    public String getRoleName();
    public String getPath();
    public String getAssumeRolePolicyDocument();
    public String getDescription();
    public Integer getMaxSessionDuration();
    public List<Tag> getTags();
    
    public CreateRoleRequest withRoleName(String roleName);
    public CreateRoleRequest withPath(String path);
    public CreateRoleRequest withAssumeRolePolicyDocument(String assumeRolePolicyDocument);
    public CreateRoleRequest withDescription(String description);
    public CreateRoleRequest withMaxSessionDuration(Integer maxSessionDuration);
}

/**
 * IAM role information
 */
public class Role {
    public String getRoleName();
    public String getRoleId();
    public String getPath();
    public String getArn();
    public Date getCreateDate();
    public String getAssumeRolePolicyDocument();
    public String getDescription();
    public Integer getMaxSessionDuration();
    public List<Tag> getTags();
}

Usage Examples:

// Create role with trust policy for EC2
String trustPolicy = "{\n" +
    "  \"Version\": \"2012-10-17\",\n" +
    "  \"Statement\": [\n" +
    "    {\n" +
    "      \"Effect\": \"Allow\",\n" +
    "      \"Principal\": {\n" +
    "        \"Service\": \"ec2.amazonaws.com\"\n" +
    "      },\n" +
    "      \"Action\": \"sts:AssumeRole\"\n" +
    "    }\n" +
    "  ]\n" +
    "}";

CreateRoleRequest createRoleRequest = new CreateRoleRequest()
    .withRoleName("EC2-S3-Access-Role")
    .withAssumeRolePolicyDocument(trustPolicy)
    .withDescription("Role for EC2 instances to access S3")
    .withPath("/service-roles/");

CreateRoleResult createRoleResult = iamClient.createRole(createRoleRequest);
Role newRole = createRoleResult.getRole();
System.out.println("Created role: " + newRole.getRoleName() + " with ARN: " + newRole.getArn());

Policy Management

/**
 * Request for creating an IAM policy
 */
public class CreatePolicyRequest extends AmazonWebServiceRequest {
    public CreatePolicyRequest();
    
    public String getPolicyName();
    public String getPath();
    public String getPolicyDocument();
    public String getDescription();
    public List<Tag> getTags();
    
    public CreatePolicyRequest withPolicyName(String policyName);
    public CreatePolicyRequest withPath(String path);
    public CreatePolicyRequest withPolicyDocument(String policyDocument);
    public CreatePolicyRequest withDescription(String description);
}

/**
 * Request for attaching a policy to a user
 */
public class AttachUserPolicyRequest extends AmazonWebServiceRequest {
    public AttachUserPolicyRequest();
    
    public String getUserName();
    public String getPolicyArn();
    
    public AttachUserPolicyRequest withUserName(String userName);
    public AttachUserPolicyRequest withPolicyArn(String policyArn);
}

/**
 * IAM policy information
 */
public class Policy {
    public String getPolicyName();
    public String getPolicyId();
    public String getPath();
    public String getArn();
    public String getDefaultVersionId();
    public Integer getAttachmentCount();
    public Boolean getIsAttachable();
    public String getDescription();
    public Date getCreateDate();
    public Date getUpdateDate();
}

Usage Examples:

// Create S3 read-only policy
String policyDocument = "{\n" +
    "  \"Version\": \"2012-10-17\",\n" +
    "  \"Statement\": [\n" +
    "    {\n" +
    "      \"Effect\": \"Allow\",\n" +
    "      \"Action\": [\n" +
    "        \"s3:GetObject\",\n" +
    "        \"s3:ListBucket\"\n" +
    "      ],\n" +
    "      \"Resource\": [\n" +
    "        \"arn:aws:s3:::my-bucket\",\n" +
    "        \"arn:aws:s3:::my-bucket/*\"\n" +
    "      ]\n" +
    "    }\n" +
    "  ]\n" +
    "}";

CreatePolicyRequest createPolicyRequest = new CreatePolicyRequest()
    .withPolicyName("S3ReadOnlyPolicy")
    .withPolicyDocument(policyDocument)
    .withDescription("Read-only access to specific S3 bucket");

CreatePolicyResult createPolicyResult = iamClient.createPolicy(createPolicyRequest);
Policy newPolicy = createPolicyResult.getPolicy();

// Attach policy to user
AttachUserPolicyRequest attachRequest = new AttachUserPolicyRequest()
    .withUserName("john-doe")
    .withPolicyArn(newPolicy.getArn());

iamClient.attachUserPolicy(attachRequest);
System.out.println("Attached policy to user");

// Attach policy to role
AttachRolePolicyRequest attachRoleRequest = new AttachRolePolicyRequest()
    .withRoleName("EC2-S3-Access-Role")
    .withPolicyArn(newPolicy.getArn());

iamClient.attachRolePolicy(attachRoleRequest);

Access Key Management

/**
 * Request for creating access keys
 */
public class CreateAccessKeyRequest extends AmazonWebServiceRequest {
    public CreateAccessKeyRequest();
    
    public String getUserName();
    
    public CreateAccessKeyRequest withUserName(String userName);
}

/**
 * Access key information
 */
public class AccessKey {
    public String getUserName();
    public String getAccessKeyId();
    public String getSecretAccessKey();  // Only available on creation
    public StatusType getStatus();
    public Date getCreateDate();
}

/**
 * Access key metadata (for listing)
 */
public class AccessKeyMetadata {
    public String getUserName();
    public String getAccessKeyId();
    public StatusType getStatus();
    public Date getCreateDate();
}

Usage Examples:

// Create access key for user
CreateAccessKeyRequest createKeyRequest = new CreateAccessKeyRequest()
    .withUserName("john-doe");

CreateAccessKeyResult createKeyResult = iamClient.createAccessKey(createKeyRequest);
AccessKey accessKey = createKeyResult.getAccessKey();

System.out.println("Access Key ID: " + accessKey.getAccessKeyId());
System.out.println("Secret Access Key: " + accessKey.getSecretAccessKey()); // Save securely!

// List access keys for user
ListAccessKeysRequest listKeysRequest = new ListAccessKeysRequest()
    .withUserName("john-doe");

ListAccessKeysResult listKeysResult = iamClient.listAccessKeys(listKeysRequest);
for (AccessKeyMetadata keyMetadata : listKeysResult.getAccessKeyMetadata()) {
    System.out.println("Key: " + keyMetadata.getAccessKeyId() + 
                      ", Status: " + keyMetadata.getStatus() + 
                      ", Created: " + keyMetadata.getCreateDate());
}

Types

public enum StatusType {
    Active, Inactive
}

public class Tag {
    public String getKey();
    public String getValue();
    
    public Tag withKey(String key);
    public Tag withValue(String value);
}

public class Group {
    public String getGroupName();
    public String getGroupId();
    public String getPath();
    public String getArn();
    public Date getCreateDate();
}

public class AttachedPolicy {
    public String getPolicyName();
    public String getPolicyArn();
}

public class PolicyVersion {
    public String getDocument();
    public String getVersionId();
    public Boolean getIsDefaultVersion();
    public Date getCreateDate();
}