Management of access keys, signing certificates, SSH keys, MFA devices, and other security credentials.
Creates a new AWS secret access key and corresponding AWS access key ID for the specified user.
/**
* Creates a new AWS secret access key and corresponding AWS access key ID for the specified user
* @param UserName - The name of the IAM user that the new key will belong to (defaults to current user if not specified)
*/
interface CreateAccessKeyCommandInput {
UserName?: string;
}
interface CreateAccessKeyCommandOutput {
AccessKey: AccessKey;
}Usage Example:
import { IAMClient, CreateAccessKeyCommand } from "@aws-sdk/client-iam";
const client = new IAMClient({ region: "us-east-1" });
// Create access key for specific user
const command = new CreateAccessKeyCommand({
UserName: "developer-john"
});
const result = await client.send(command);
console.log("Access Key ID:", result.AccessKey.AccessKeyId);
console.log("Secret Access Key:", result.AccessKey.SecretAccessKey);
// Create access key for current user
const currentUserCommand = new CreateAccessKeyCommand({});
const currentUserResult = await client.send(currentUserCommand);Deletes the access key pair associated with the specified IAM user.
/**
* Deletes the access key pair associated with the specified IAM user
* @param UserName - The name of the user whose access key pair you want to delete (defaults to current user if not specified)
* @param AccessKeyId - The access key ID for the access key ID and secret access key you want to delete
*/
interface DeleteAccessKeyCommandInput {
UserName?: string;
AccessKeyId: string;
}
interface DeleteAccessKeyCommandOutput {}Returns information about the access key IDs associated with the specified IAM user.
/**
* Returns information about the access key IDs associated with the specified IAM user
* @param UserName - The name of the user (defaults to current user if not specified)
* @param Marker - Use this parameter only when paginating results
* @param MaxItems - Use this only when paginating results to indicate the maximum number of items you want in the response
*/
interface ListAccessKeysCommandInput {
UserName?: string;
Marker?: string;
MaxItems?: number;
}
interface ListAccessKeysCommandOutput {
AccessKeyMetadata: AccessKeyMetadata[];
IsTruncated?: boolean;
Marker?: string;
}Changes the status of the specified access key from Active to Inactive, or vice versa.
/**
* Changes the status of the specified access key from Active to Inactive, or vice versa
* @param UserName - The name of the user whose key you want to update (defaults to current user if not specified)
* @param AccessKeyId - The access key ID of the secret access key you want to update
* @param Status - The status you want to assign to the secret access key
*/
interface UpdateAccessKeyCommandInput {
UserName?: string;
AccessKeyId: string;
Status: StatusType;
}
interface UpdateAccessKeyCommandOutput {}Returns information about when the specified access key was last used.
/**
* Retrieves information about when the specified access key was last used
* @param AccessKeyId - The identifier of an access key
*/
interface GetAccessKeyLastUsedCommandInput {
AccessKeyId: string;
}
interface GetAccessKeyLastUsedCommandOutput {
UserName?: string;
AccessKeyLastUsed?: AccessKeyLastUsed;
}Uploads a server certificate entity for the AWS account.
/**
* Uploads a server certificate entity for the AWS account
* @param ServerCertificateName - The name for the server certificate
* @param CertificateBody - The contents of the public key certificate in PEM-encoded format
* @param PrivateKey - The contents of the private key in PEM-encoded format
* @param CertificateChain - The contents of the certificate chain
* @param Path - The path for the server certificate (default: /)
* @param Tags - A list of tags that you want to attach to the new IAM server certificate
*/
interface UploadServerCertificateCommandInput {
ServerCertificateName: string;
CertificateBody: string;
PrivateKey: string;
CertificateChain?: string;
Path?: string;
Tags?: Tag[];
}
interface UploadServerCertificateCommandOutput {
ServerCertificateMetadata?: ServerCertificateMetadata;
Tags?: Tag[];
}Deletes the specified server certificate.
/**
* Deletes the specified server certificate
* @param ServerCertificateName - The name of the server certificate you want to delete
*/
interface DeleteServerCertificateCommandInput {
ServerCertificateName: string;
}
interface DeleteServerCertificateCommandOutput {}Retrieves information about the specified server certificate stored in IAM.
/**
* Retrieves information about the specified server certificate stored in IAM
* @param ServerCertificateName - The name of the server certificate you want to retrieve information about
*/
interface GetServerCertificateCommandInput {
ServerCertificateName: string;
}
interface GetServerCertificateCommandOutput {
ServerCertificate: ServerCertificate;
}Lists the server certificates stored in IAM that have the specified path prefix.
/**
* Lists the server certificates stored in IAM that have the specified path prefix
* @param PathPrefix - The path prefix for filtering server certificates (default: /)
* @param Marker - Use this parameter only when paginating results
* @param MaxItems - Use this only when paginating results to indicate the maximum number of items you want in the response
*/
interface ListServerCertificatesCommandInput {
PathPrefix?: string;
Marker?: string;
MaxItems?: number;
}
interface ListServerCertificatesCommandOutput {
ServerCertificateMetadataList: ServerCertificateMetadata[];
IsTruncated?: boolean;
Marker?: string;
}Updates the name and/or the path of the specified server certificate stored in IAM.
/**
* Updates the name and/or the path of the specified server certificate stored in IAM
* @param ServerCertificateName - The name of the server certificate that you want to update
* @param NewPath - The new path for the server certificate
* @param NewServerCertificateName - The new name for the server certificate
*/
interface UpdateServerCertificateCommandInput {
ServerCertificateName: string;
NewPath?: string;
NewServerCertificateName?: string;
}
interface UpdateServerCertificateCommandOutput {}Uploads an X.509 signing certificate and associates it with the specified IAM user.
/**
* Uploads an X.509 signing certificate and associates it with the specified IAM user
* @param UserName - The name of the user the signing certificate is for (defaults to current user if not specified)
* @param CertificateBody - The contents of the signing certificate
*/
interface UploadSigningCertificateCommandInput {
UserName?: string;
CertificateBody: string;
}
interface UploadSigningCertificateCommandOutput {
Certificate: SigningCertificate;
}Deletes a signing certificate associated with the specified IAM user.
/**
* Deletes a signing certificate associated with the specified IAM user
* @param UserName - The name of the user the signing certificate belongs to (defaults to current user if not specified)
* @param CertificateId - The ID of the signing certificate to delete
*/
interface DeleteSigningCertificateCommandInput {
UserName?: string;
CertificateId: string;
}
interface DeleteSigningCertificateCommandOutput {}Changes the status of the specified user signing certificate from active to disabled, or vice versa.
/**
* Changes the status of the specified user signing certificate from active to disabled, or vice versa
* @param UserName - The name of the IAM user the signing certificate belongs to (defaults to current user if not specified)
* @param CertificateId - The ID of the signing certificate you want to update
* @param Status - The status you want to assign to the certificate
*/
interface UpdateSigningCertificateCommandInput {
UserName?: string;
CertificateId: string;
Status: StatusType;
}
interface UpdateSigningCertificateCommandOutput {}Returns information about the signing certificates associated with the specified IAM user.
/**
* Returns information about the signing certificates associated with the specified IAM user
* @param UserName - The name of the IAM user whose signing certificates you want to examine (defaults to current user if not specified)
* @param Marker - Use this parameter only when paginating results
* @param MaxItems - Use this only when paginating results to indicate the maximum number of items you want in the response
*/
interface ListSigningCertificatesCommandInput {
UserName?: string;
Marker?: string;
MaxItems?: number;
}
interface ListSigningCertificatesCommandOutput {
Certificates: SigningCertificate[];
IsTruncated?: boolean;
Marker?: string;
}Uploads an SSH public key and associates it with the specified IAM user.
/**
* Uploads an SSH public key and associates it with the specified IAM user
* @param UserName - The name of the IAM user to associate the SSH public key with
* @param SSHPublicKeyBody - The SSH public key
*/
interface UploadSSHPublicKeyCommandInput {
UserName: string;
SSHPublicKeyBody: string;
}
interface UploadSSHPublicKeyCommandOutput {
SSHPublicKey?: SSHPublicKey;
}Deletes the specified SSH public key.
/**
* Deletes the specified SSH public key
* @param UserName - The name of the IAM user associated with the SSH public key
* @param SSHPublicKeyId - The unique identifier for the SSH public key
*/
interface DeleteSSHPublicKeyCommandInput {
UserName: string;
SSHPublicKeyId: string;
}
interface DeleteSSHPublicKeyCommandOutput {}Retrieves the specified SSH public key, including metadata about the key.
/**
* Retrieves the specified SSH public key, including metadata about the key
* @param UserName - The name of the IAM user associated with the SSH public key
* @param SSHPublicKeyId - The unique identifier for the SSH public key
* @param Encoding - Specifies the public key encoding format to use in the response
*/
interface GetSSHPublicKeyCommandInput {
UserName: string;
SSHPublicKeyId: string;
Encoding: EncodingType;
}
interface GetSSHPublicKeyCommandOutput {
SSHPublicKey?: SSHPublicKey;
}Returns information about the SSH public keys associated with the specified IAM user.
/**
* Returns information about the SSH public keys associated with the specified IAM user
* @param UserName - The name of the IAM user to list SSH public keys for (defaults to current user if not specified)
* @param Marker - Use this parameter only when paginating results
* @param MaxItems - Use this only when paginating results to indicate the maximum number of items you want in the response
*/
interface ListSSHPublicKeysCommandInput {
UserName?: string;
Marker?: string;
MaxItems?: number;
}
interface ListSSHPublicKeysCommandOutput {
SSHPublicKeys?: SSHPublicKeyMetadata[];
IsTruncated?: boolean;
Marker?: string;
}Updates the status of the specified user's SSH public key to active or inactive.
/**
* Updates the status of the specified user's SSH public key to active or inactive
* @param UserName - The name of the IAM user associated with the SSH public key
* @param SSHPublicKeyId - The unique identifier for the SSH public key
* @param Status - The status to assign to the SSH public key
*/
interface UpdateSSHPublicKeyCommandInput {
UserName: string;
SSHPublicKeyId: string;
Status: StatusType;
}
interface UpdateSSHPublicKeyCommandOutput {}Creates a new virtual MFA device for the AWS account.
/**
* Creates a new virtual MFA device for the AWS account
* @param VirtualMFADeviceName - The name of the virtual MFA device
* @param Path - The path for the virtual MFA device (default: /)
* @param Tags - A list of tags that you want to attach to the new IAM virtual MFA device
*/
interface CreateVirtualMFADeviceCommandInput {
VirtualMFADeviceName: string;
Path?: string;
Tags?: Tag[];
}
interface CreateVirtualMFADeviceCommandOutput {
VirtualMFADevice: VirtualMFADevice;
}Deletes a virtual MFA device.
/**
* Deletes a virtual MFA device
* @param SerialNumber - The serial number that uniquely identifies the MFA device
*/
interface DeleteVirtualMFADeviceCommandInput {
SerialNumber: string;
}
interface DeleteVirtualMFADeviceCommandOutput {}Lists the virtual MFA devices defined in the AWS account by assignment status.
/**
* Lists the virtual MFA devices defined in the AWS account by assignment status
* @param AssignmentStatus - The status (Unassigned or Assigned) of the devices to list
* @param Marker - Use this parameter only when paginating results
* @param MaxItems - Use this only when paginating results to indicate the maximum number of items you want in the response
*/
interface ListVirtualMFADevicesCommandInput {
AssignmentStatus?: AssignmentStatusType;
Marker?: string;
MaxItems?: number;
}
interface ListVirtualMFADevicesCommandOutput {
VirtualMFADevices: VirtualMFADevice[];
IsTruncated?: boolean;
Marker?: string;
}Enables the specified MFA device and associates it with the specified IAM user.
/**
* Enables the specified MFA device and associates it with the specified IAM user
* @param UserName - The name of the IAM user for whom you want to enable the MFA device
* @param SerialNumber - The serial number that uniquely identifies the MFA device
* @param AuthenticationCode1 - An authentication code emitted by the device
* @param AuthenticationCode2 - A subsequent authentication code emitted by the device
*/
interface EnableMFADeviceCommandInput {
UserName: string;
SerialNumber: string;
AuthenticationCode1: string;
AuthenticationCode2: string;
}
interface EnableMFADeviceCommandOutput {}Deactivates the specified MFA device and removes it from association with the user name for which it was originally enabled.
/**
* Deactivates the specified MFA device and removes it from association with the user name for which it was originally enabled
* @param UserName - The name of the user whose MFA device you want to deactivate
* @param SerialNumber - The serial number that uniquely identifies the MFA device
*/
interface DeactivateMFADeviceCommandInput {
UserName: string;
SerialNumber: string;
}
interface DeactivateMFADeviceCommandOutput {}Lists the MFA devices for an IAM user.
/**
* Lists the MFA devices for an IAM user
* @param UserName - The name of the user whose MFA devices you want to list (defaults to current user if not specified)
* @param Marker - Use this parameter only when paginating results
* @param MaxItems - Use this only when paginating results to indicate the maximum number of items you want in the response
*/
interface ListMFADevicesCommandInput {
UserName?: string;
Marker?: string;
MaxItems?: number;
}
interface ListMFADevicesCommandOutput {
MFADevices: MFADevice[];
IsTruncated?: boolean;
Marker?: string;
}Synchronizes the specified MFA device with its IAM resource object on the AWS servers.
/**
* Synchronizes the specified MFA device with its IAM resource object on the AWS servers
* @param UserName - The name of the user whose MFA device you want to resynchronize
* @param SerialNumber - Serial number that uniquely identifies the MFA device
* @param AuthenticationCode1 - An authentication code emitted by the device
* @param AuthenticationCode2 - A subsequent authentication code emitted by the device
*/
interface ResyncMFADeviceCommandInput {
UserName: string;
SerialNumber: string;
AuthenticationCode1: string;
AuthenticationCode2: string;
}
interface ResyncMFADeviceCommandOutput {}Generates a set of credentials consisting of a user name and password that can be used to access the service specified in the request.
/**
* Generates a set of credentials consisting of a user name and password that can be used to access the service specified in the request
* @param UserName - The name of the IAM user that is to be associated with the credentials
* @param ServiceName - The name of the AWS service that is to be associated with the credentials
*/
interface CreateServiceSpecificCredentialCommandInput {
UserName: string;
ServiceName: string;
}
interface CreateServiceSpecificCredentialCommandOutput {
ServiceSpecificCredential?: ServiceSpecificCredential;
}Deletes the specified service-specific credential.
/**
* Deletes the specified service-specific credential
* @param UserName - The name of the IAM user associated with the service-specific credential
* @param ServiceSpecificCredentialId - The unique identifier of the service-specific credential
*/
interface DeleteServiceSpecificCredentialCommandInput {
UserName: string;
ServiceSpecificCredentialId: string;
}
interface DeleteServiceSpecificCredentialCommandOutput {}Sets the status of a service-specific credential to Active or Inactive.
/**
* Sets the status of a service-specific credential to Active or Inactive
* @param UserName - The name of the IAM user associated with the service-specific credential
* @param ServiceSpecificCredentialId - The unique identifier of the service-specific credential
* @param Status - The status to be assigned to the service-specific credential
*/
interface UpdateServiceSpecificCredentialCommandInput {
UserName: string;
ServiceSpecificCredentialId: string;
Status: StatusType;
}
interface UpdateServiceSpecificCredentialCommandOutput {}Resets the password for a service-specific credential.
/**
* Resets the password for a service-specific credential
* @param UserName - The name of the IAM user associated with the service-specific credential
* @param ServiceSpecificCredentialId - The unique identifier of the service-specific credential
*/
interface ResetServiceSpecificCredentialCommandInput {
UserName: string;
ServiceSpecificCredentialId: string;
}
interface ResetServiceSpecificCredentialCommandOutput {
ServiceSpecificCredential?: ServiceSpecificCredential;
}Returns information about the service-specific credentials associated with the specified IAM user.
/**
* Returns information about the service-specific credentials associated with the specified IAM user
* @param UserName - The name of the user whose service-specific credentials you want information about (defaults to current user if not specified)
* @param ServiceName - Filters the returned results to only those for the specified AWS service
*/
interface ListServiceSpecificCredentialsCommandInput {
UserName?: string;
ServiceName?: string;
}
interface ListServiceSpecificCredentialsCommandOutput {
ServiceSpecificCredentials?: ServiceSpecificCredentialMetadata[];
}interface AccessKey {
UserName: string;
AccessKeyId: string;
Status: StatusType;
SecretAccessKey: string;
CreateDate?: Date;
}
interface AccessKeyMetadata {
UserName?: string;
AccessKeyId?: string;
Status?: StatusType;
CreateDate?: Date;
}
interface AccessKeyLastUsed {
LastUsedDate: Date;
ServiceName: string;
Region: string;
}
interface ServerCertificate {
ServerCertificateMetadata: ServerCertificateMetadata;
CertificateBody: string;
CertificateChain?: string;
Tags?: Tag[];
}
interface ServerCertificateMetadata {
Path: string;
ServerCertificateName: string;
ServerCertificateId: string;
Arn: string;
UploadDate?: Date;
Expiration?: Date;
}
interface SigningCertificate {
UserName: string;
CertificateId: string;
CertificateBody: string;
Status: StatusType;
UploadDate?: Date;
}
interface SSHPublicKey {
UserName: string;
SSHPublicKeyId: string;
Fingerprint: string;
SSHPublicKeyBody: string;
Status: StatusType;
UploadDate?: Date;
}
interface SSHPublicKeyMetadata {
UserName: string;
SSHPublicKeyId: string;
Status: StatusType;
UploadDate: Date;
}
interface VirtualMFADevice {
SerialNumber: string;
Base32StringSeed?: Uint8Array;
QRCodePNG?: Uint8Array;
User?: User;
EnableDate?: Date;
Tags?: Tag[];
}
interface MFADevice {
UserName: string;
SerialNumber: string;
EnableDate: Date;
}
interface ServiceSpecificCredential {
CreateDate: Date;
ServiceName: string;
ServiceUserName: string;
ServicePassword: string;
ServiceSpecificCredentialId: string;
UserName: string;
Status: StatusType;
}
interface ServiceSpecificCredentialMetadata {
UserName: string;
Status: StatusType;
ServiceUserName: string;
CreateDate: Date;
ServiceSpecificCredentialId: string;
ServiceName: string;
}
interface Tag {
Key: string;
Value: string;
}
interface User {
Path: string;
UserName: string;
UserId: string;
Arn: string;
CreateDate: Date;
PasswordLastUsed?: Date;
PermissionsBoundary?: AttachedPermissionsBoundary;
Tags?: Tag[];
}
enum StatusType {
Active = "Active",
Inactive = "Inactive",
Expired = "Expired"
}
enum EncodingType {
SSH = "SSH",
PEM = "PEM"
}
enum AssignmentStatusType {
Assigned = "Assigned",
Unassigned = "Unassigned",
Any = "Any"
}
interface AttachedPermissionsBoundary {
PermissionsBoundaryType?: PermissionsBoundaryAttachmentType;
PermissionsBoundaryArn?: string;
}
enum PermissionsBoundaryAttachmentType {
PermissionsBoundaryPolicy = "PermissionsBoundaryPolicy"
}