AWS account-level IAM settings, policies, and configuration including account aliases, password policies, and security token service preferences.
Account aliases provide friendly names for AWS accounts, making them easier to identify in sign-in URLs and account selection interfaces.
Creates an alias for your AWS account for use in the IAM sign-in page URL.
/**
* Creates an alias for your AWS account
* @param AccountAlias - The account alias to create (lowercase letters, digits, and dashes only)
*/
interface CreateAccountAliasCommandInput {
AccountAlias: string;
}Usage Example:
import { IAMClient, CreateAccountAliasCommand } from "@aws-sdk/client-iam";
const client = new IAMClient({ region: "us-east-1" });
const command = new CreateAccountAliasCommand({
AccountAlias: "my-company-production"
});
await client.send(command);
console.log("Account alias created successfully");
// Users can now sign in at: https://my-company-production.signin.aws.amazon.com/consoleLists the account alias associated with the AWS account.
/**
* Lists the account alias associated with the AWS account
* @param Marker - Use this parameter only when paginating results
* @param MaxItems - Maximum number of items to return
*/
interface ListAccountAliasesCommandInput {
Marker?: string;
MaxItems?: number;
}
interface ListAccountAliasesCommandOutput {
AccountAliases: string[];
IsTruncated?: boolean;
Marker?: string;
}Deletes the specified AWS account alias.
/**
* Deletes the specified AWS account alias
* @param AccountAlias - The name of the account alias to delete
*/
interface DeleteAccountAliasCommandInput {
AccountAlias: string;
}Retrieve comprehensive information about your AWS account's IAM usage and limits.
Retrieves information about IAM entity usage and IAM quotas in the AWS account.
/**
* Retrieves information about IAM entity usage and IAM quotas in the AWS account
*/
interface GetAccountSummaryCommandInput {}
interface GetAccountSummaryCommandOutput {
SummaryMap?: Record<SummaryKeyType, number>;
IsTruncated?: boolean;
Marker?: string;
}Usage Example:
import { IAMClient, GetAccountSummaryCommand } from "@aws-sdk/client-iam";
const command = new GetAccountSummaryCommand({});
const result = await client.send(command);
console.log("Account Summary:");
console.log("Users:", result.SummaryMap?.Users);
console.log("Groups:", result.SummaryMap?.Groups);
console.log("Roles:", result.SummaryMap?.Roles);
console.log("Policies:", result.SummaryMap?.Policies);
console.log("MFA Devices:", result.SummaryMap?.MFADevices);Get detailed information about all IAM entities in the account.
Retrieves information about all IAM users, groups, roles, and policies in your AWS account, including their relationships to one another.
/**
* Retrieves information about all IAM users, groups, roles, and policies in your AWS account
* @param Filter - A list of entity types used to filter the results
* @param Marker - Use this parameter only when paginating results
* @param MaxItems - Maximum number of items to return
*/
interface GetAccountAuthorizationDetailsCommandInput {
Filter?: EntityType[];
Marker?: string;
MaxItems?: number;
}
interface GetAccountAuthorizationDetailsCommandOutput {
UserDetailList?: UserDetail[];
GroupDetailList?: GroupDetail[];
RoleDetailList?: RoleDetail[];
Policies?: ManagedPolicyDetail[];
IsTruncated?: boolean;
Marker?: string;
}Configure and manage password requirements for IAM users in your AWS account.
Updates the password policy settings for the AWS account.
/**
* Updates the password policy settings for the AWS account
* @param MinimumPasswordLength - Minimum length to require for IAM user passwords
* @param RequireSymbols - Whether passwords must contain at least one symbol
* @param RequireNumbers - Whether passwords must contain at least one numeric character
* @param RequireUppercaseCharacters - Whether passwords must contain at least one uppercase character
* @param RequireLowercaseCharacters - Whether passwords must contain at least one lowercase character
* @param AllowUsersToChangePassword - Whether users are allowed to change their own password
* @param MaxPasswordAge - Number of days that a password is valid
* @param PasswordReusePrevention - Number of previous passwords that users are prevented from reusing
* @param HardExpiry - Whether users are prevented from setting a new password after their password has expired
*/
interface UpdateAccountPasswordPolicyCommandInput {
MinimumPasswordLength?: number;
RequireSymbols?: boolean;
RequireNumbers?: boolean;
RequireUppercaseCharacters?: boolean;
RequireLowercaseCharacters?: boolean;
AllowUsersToChangePassword?: boolean;
MaxPasswordAge?: number;
PasswordReusePrevention?: number;
HardExpiry?: boolean;
}Usage Example:
import { IAMClient, UpdateAccountPasswordPolicyCommand } from "@aws-sdk/client-iam";
const command = new UpdateAccountPasswordPolicyCommand({
MinimumPasswordLength: 12,
RequireSymbols: true,
RequireNumbers: true,
RequireUppercaseCharacters: true,
RequireLowercaseCharacters: true,
AllowUsersToChangePassword: true,
MaxPasswordAge: 90,
PasswordReusePrevention: 12,
HardExpiry: false
});
await client.send(command);
console.log("Password policy updated successfully");Retrieves the password policy for the AWS account.
/**
* Retrieves the password policy for the AWS account
*/
interface GetAccountPasswordPolicyCommandInput {}
interface GetAccountPasswordPolicyCommandOutput {
PasswordPolicy: PasswordPolicy;
}Deletes the password policy for the AWS account, reverting to default AWS password requirements.
/**
* Deletes the password policy for the AWS account
*/
interface DeleteAccountPasswordPolicyCommandInput {}Configure preferences for AWS Security Token Service (STS) behavior.
Sets the specified version of the STS global endpoint token as the token version used for the AWS account.
/**
* Sets the specified version of the STS global endpoint token
* @param GlobalEndpointTokenVersion - The version of the STS global endpoint token
*/
interface SetSecurityTokenServicePreferencesCommandInput {
GlobalEndpointTokenVersion: GlobalEndpointTokenVersion;
}Manage credentials and sessions for AWS Organizations root accounts.
/**
* Enables or disables credentials management for the Organizations root account
*/
interface EnableOrganizationsRootCredentialsManagementCommandInput {}
interface DisableOrganizationsRootCredentialsManagementCommandInput {}/**
* Enables or disables root sessions for the Organizations root account
*/
interface EnableOrganizationsRootSessionsCommandInput {}
interface DisableOrganizationsRootSessionsCommandInput {}interface PasswordPolicy {
MinimumPasswordLength?: number;
RequireSymbols?: boolean;
RequireNumbers?: boolean;
RequireUppercaseCharacters?: boolean;
RequireLowercaseCharacters?: boolean;
AllowUsersToChangePassword?: boolean;
MaxPasswordAge?: number;
PasswordReusePrevention?: number;
HardExpiry?: boolean;
}
enum SummaryKeyType {
Users = "Users",
UsersQuota = "UsersQuota",
Groups = "Groups",
GroupsQuota = "GroupsQuota",
Roles = "Roles",
RolesQuota = "RolesQuota",
Policies = "Policies",
PoliciesQuota = "PoliciesQuota",
MFADevices = "MFADevices",
MFADevicesInUse = "MFADevicesInUse",
AccountAccessKeysPresent = "AccountAccessKeysPresent",
AccountSigningCertificatesPresent = "AccountSigningCertificatesPresent"
}
enum GlobalEndpointTokenVersion {
v1Token = "v1Token",
v2Token = "v2Token"
}
enum EntityType {
User = "User",
Role = "Role",
Group = "Group",
LocalManagedPolicy = "LocalManagedPolicy",
AWSManagedPolicy = "AWSManagedPolicy"
}Strong Password Requirements:
const strongPasswordPolicy = {
MinimumPasswordLength: 14,
RequireSymbols: true,
RequireNumbers: true,
RequireUppercaseCharacters: true,
RequireLowercaseCharacters: true,
AllowUsersToChangePassword: true,
MaxPasswordAge: 60,
PasswordReusePrevention: 24,
HardExpiry: false
};Key Recommendations:
Regular Auditing:
Compliance and Governance:
Naming Conventions:
Security Considerations: