Management of IAM groups and roles for organizing users and defining assumable identities.
Creates a new IAM group for your AWS account.
/**
* Creates a new group for your AWS account
* @param GroupName - The name of the group to create
* @param Path - The path to the group (default: /)
*/
interface CreateGroupCommandInput {
GroupName: string;
Path?: string;
}
interface CreateGroupCommandOutput {
Group: Group;
}Usage Example:
import { IAMClient, CreateGroupCommand } from "@aws-sdk/client-iam";
const client = new IAMClient({ region: "us-east-1" });
const command = new CreateGroupCommand({
GroupName: "Developers",
Path: "/teams/"
});
const result = await client.send(command);
console.log("Created group:", result.Group.GroupName);Deletes the specified IAM group.
/**
* Deletes the specified IAM group
* @param GroupName - The name of the IAM group to delete
*/
interface DeleteGroupCommandInput {
GroupName: string;
}
interface DeleteGroupCommandOutput {}Returns a list of IAM users that are in the specified IAM group.
/**
* Returns a list of IAM users that are in the specified IAM group
* @param GroupName - The name of the group
* @param Marker - Use this parameter only when paginating results
* @param MaxItems - Use this only when paginating results to indicate the maximum number of items you want in the response
*/
interface GetGroupCommandInput {
GroupName: string;
Marker?: string;
MaxItems?: number;
}
interface GetGroupCommandOutput {
Group: Group;
Users: User[];
IsTruncated?: boolean;
Marker?: string;
}Lists the IAM groups that have the specified path prefix.
/**
* Lists the IAM groups that have the specified path prefix
* @param PathPrefix - The path prefix for filtering groups (default: /)
* @param Marker - Use this parameter only when paginating results
* @param MaxItems - Use this only when paginating results to indicate the maximum number of items you want in the response
*/
interface ListGroupsCommandInput {
PathPrefix?: string;
Marker?: string;
MaxItems?: number;
}
interface ListGroupsCommandOutput {
Groups: Group[];
IsTruncated?: boolean;
Marker?: string;
}Updates the name and/or the path of the specified IAM group.
/**
* Updates the name and/or the path of the specified IAM group
* @param GroupName - Name of the group to update
* @param NewPath - New path for the group
* @param NewGroupName - New name for the group
*/
interface UpdateGroupCommandInput {
GroupName: string;
NewPath?: string;
NewGroupName?: string;
}
interface UpdateGroupCommandOutput {}Creates a new role for your AWS account.
/**
* Creates a new role for your AWS account
* @param RoleName - The name of the role to create
* @param AssumeRolePolicyDocument - The trust relationship policy document that grants an entity permission to assume the role
* @param Path - The path to the role (default: /)
* @param Description - A description of the role
* @param MaxSessionDuration - The maximum session duration (in seconds) that you want to set for the specified role
* @param PermissionsBoundary - The ARN of the policy that is used to set the permissions boundary for the role
* @param Tags - A list of tags that you want to attach to the new role
*/
interface CreateRoleCommandInput {
RoleName: string;
AssumeRolePolicyDocument: string;
Path?: string;
Description?: string;
MaxSessionDuration?: number;
PermissionsBoundary?: string;
Tags?: Tag[];
}
interface CreateRoleCommandOutput {
Role: Role;
}Usage Example:
import { IAMClient, CreateRoleCommand } from "@aws-sdk/client-iam";
const client = new IAMClient({ region: "us-east-1" });
const trustPolicy = {
Version: "2012-10-17",
Statement: [
{
Effect: "Allow",
Principal: {
Service: "ec2.amazonaws.com"
},
Action: "sts:AssumeRole"
}
]
};
const command = new CreateRoleCommand({
RoleName: "EC2-Role",
AssumeRolePolicyDocument: JSON.stringify(trustPolicy),
Description: "Role for EC2 instances",
MaxSessionDuration: 3600,
Tags: [
{ Key: "Environment", Value: "Production" }
]
});
const result = await client.send(command);
console.log("Created role:", result.Role.RoleName);Deletes the specified role.
/**
* Deletes the specified role
* @param RoleName - The name of the role to delete
*/
interface DeleteRoleCommandInput {
RoleName: string;
}
interface DeleteRoleCommandOutput {}Retrieves information about the specified role.
/**
* Retrieves information about the specified role
* @param RoleName - The name of the IAM role to get information about
*/
interface GetRoleCommandInput {
RoleName: string;
}
interface GetRoleCommandOutput {
Role: Role;
}Lists the IAM roles that have the specified path prefix.
/**
* Lists the IAM roles that have the specified path prefix
* @param PathPrefix - The path prefix for filtering roles (default: /)
* @param Marker - Use this parameter only when paginating results
* @param MaxItems - Use this only when paginating results to indicate the maximum number of items you want in the response
*/
interface ListRolesCommandInput {
PathPrefix?: string;
Marker?: string;
MaxItems?: number;
}
interface ListRolesCommandOutput {
Roles: Role[];
IsTruncated?: boolean;
Marker?: string;
}Updates the description or maximum session duration setting of a role.
/**
* Updates the description or maximum session duration setting of a role
* @param RoleName - The name of the role that you want to modify
* @param Description - The new description that you want to apply to the specified role
* @param MaxSessionDuration - The maximum session duration (in seconds) that you want to set for the specified role
*/
interface UpdateRoleCommandInput {
RoleName: string;
Description?: string;
MaxSessionDuration?: number;
}
interface UpdateRoleCommandOutput {}Updates the policy that grants an entity permission to assume a role.
/**
* Updates the policy that grants an entity permission to assume a role
* @param RoleName - The name of the role to update with the new policy
* @param PolicyDocument - The policy that grants an entity permission to assume the role
*/
interface UpdateAssumeRolePolicyCommandInput {
RoleName: string;
PolicyDocument: string;
}
interface UpdateAssumeRolePolicyCommandOutput {}Updates the description of a role.
/**
* Use UpdateRole operation instead - this updates only the description of a role
* @param RoleName - The name of the role that you want to modify
* @param Description - The new description that you want to apply to the specified role
*/
interface UpdateRoleDescriptionCommandInput {
RoleName: string;
Description: string;
}
interface UpdateRoleDescriptionCommandOutput {
Role?: Role;
}Instance profiles provide a way for EC2 instances to be granted permissions.
Creates a new instance profile.
/**
* Creates a new instance profile
* @param InstanceProfileName - The name of the instance profile to create
* @param Path - The path to the instance profile (default: /)
* @param Tags - A list of tags that you want to attach to the new instance profile
*/
interface CreateInstanceProfileCommandInput {
InstanceProfileName: string;
Path?: string;
Tags?: Tag[];
}
interface CreateInstanceProfileCommandOutput {
InstanceProfile: InstanceProfile;
}Deletes the specified instance profile.
/**
* Deletes the specified instance profile
* @param InstanceProfileName - The name of the instance profile to delete
*/
interface DeleteInstanceProfileCommandInput {
InstanceProfileName: string;
}
interface DeleteInstanceProfileCommandOutput {}Retrieves information about the specified instance profile.
/**
* Retrieves information about the specified instance profile
* @param InstanceProfileName - The name of the instance profile to get information about
*/
interface GetInstanceProfileCommandInput {
InstanceProfileName: string;
}
interface GetInstanceProfileCommandOutput {
InstanceProfile: InstanceProfile;
}Lists the instance profiles that have the specified path prefix.
/**
* Lists the instance profiles that have the specified path prefix
* @param PathPrefix - The path prefix for filtering instance profiles (default: /)
* @param Marker - Use this parameter only when paginating results
* @param MaxItems - Use this only when paginating results to indicate the maximum number of items you want in the response
*/
interface ListInstanceProfilesCommandInput {
PathPrefix?: string;
Marker?: string;
MaxItems?: number;
}
interface ListInstanceProfilesCommandOutput {
InstanceProfiles: InstanceProfile[];
IsTruncated?: boolean;
Marker?: string;
}Lists the instance profiles that have the specified associated IAM role.
/**
* Lists the instance profiles that have the specified associated IAM role
* @param RoleName - The name of the role to list instance profiles for
* @param Marker - Use this parameter only when paginating results
* @param MaxItems - Use this only when paginating results to indicate the maximum number of items you want in the response
*/
interface ListInstanceProfilesForRoleCommandInput {
RoleName: string;
Marker?: string;
MaxItems?: number;
}
interface ListInstanceProfilesForRoleCommandOutput {
InstanceProfiles: InstanceProfile[];
IsTruncated?: boolean;
Marker?: string;
}Adds the specified IAM role to the specified instance profile.
/**
* Adds the specified IAM role to the specified instance profile
* @param InstanceProfileName - The name of the instance profile to update
* @param RoleName - The name of the role to add
*/
interface AddRoleToInstanceProfileCommandInput {
InstanceProfileName: string;
RoleName: string;
}
interface AddRoleToInstanceProfileCommandOutput {}Removes the specified IAM role from the specified EC2 instance profile.
/**
* Removes the specified IAM role from the specified EC2 instance profile
* @param InstanceProfileName - The name of the instance profile to update
* @param RoleName - The name of the role to remove
*/
interface RemoveRoleFromInstanceProfileCommandInput {
InstanceProfileName: string;
RoleName: string;
}
interface RemoveRoleFromInstanceProfileCommandOutput {}Service-linked roles are predefined by AWS services and include permissions that the service requires.
Creates an IAM role that is linked to a specific AWS service.
/**
* Creates an IAM role that is linked to a specific AWS service
* @param AWSServiceName - The service principal for the AWS service to which this role is attached
* @param Description - The description of the role
* @param CustomSuffix - A string that you provide, which is combined with the service-provided prefix to form the complete role name
*/
interface CreateServiceLinkedRoleCommandInput {
AWSServiceName: string;
Description?: string;
CustomSuffix?: string;
}
interface CreateServiceLinkedRoleCommandOutput {
Role?: Role;
}Submits a service-linked role deletion request and returns a DeletionTaskId.
/**
* Submits a service-linked role deletion request and returns a DeletionTaskId
* @param RoleName - The name of the service-linked role to be deleted
*/
interface DeleteServiceLinkedRoleCommandInput {
RoleName: string;
}
interface DeleteServiceLinkedRoleCommandOutput {
DeletionTaskId: string;
}Retrieves the status of your service-linked role deletion.
/**
* Retrieves the status of your service-linked role deletion
* @param DeletionTaskId - The deletion task identifier returned by the DeleteServiceLinkedRole operation
*/
interface GetServiceLinkedRoleDeletionStatusCommandInput {
DeletionTaskId: string;
}
interface GetServiceLinkedRoleDeletionStatusCommandOutput {
Status: DeletionTaskStatusType;
Reason?: DeletionTaskFailureReasonType;
}Adds one or more tags to an IAM role.
/**
* Adds one or more tags to an IAM role
* @param RoleName - The name of the IAM role to which you want to add tags
* @param Tags - The list of tags that you want to attach to the IAM role
*/
interface TagRoleCommandInput {
RoleName: string;
Tags: Tag[];
}
interface TagRoleCommandOutput {}Removes the specified tags from the specified role.
/**
* Removes the specified tags from the specified role
* @param RoleName - The name of the IAM role from which you want to remove tags
* @param TagKeys - A list of key names as a simple array of strings
*/
interface UntagRoleCommandInput {
RoleName: string;
TagKeys: string[];
}
interface UntagRoleCommandOutput {}Lists the tags that are attached to the specified role.
/**
* Lists the tags that are attached to the specified role
* @param RoleName - The name of the IAM role for which you want to see the list of tags
* @param Marker - Use this parameter only when paginating results
* @param MaxItems - Use this only when paginating results to indicate the maximum number of items you want in the response
*/
interface ListRoleTagsCommandInput {
RoleName: string;
Marker?: string;
MaxItems?: number;
}
interface ListRoleTagsCommandOutput {
Tags: Tag[];
IsTruncated?: boolean;
Marker?: string;
}interface Group {
Path: string;
GroupName: string;
GroupId: string;
Arn: string;
CreateDate: Date;
}
interface Role {
Path: string;
RoleName: string;
RoleId: string;
Arn: string;
CreateDate: Date;
AssumeRolePolicyDocument?: string;
Description?: string;
MaxSessionDuration?: number;
PermissionsBoundary?: AttachedPermissionsBoundary;
Tags?: Tag[];
RoleLastUsed?: RoleLastUsed;
}
interface InstanceProfile {
Path: string;
InstanceProfileName: string;
InstanceProfileId: string;
Arn: string;
CreateDate: Date;
Roles: Role[];
Tags?: Tag[];
}
interface RoleLastUsed {
LastUsedDate?: Date;
Region?: string;
}
interface User {
Path: string;
UserName: string;
UserId: string;
Arn: string;
CreateDate: Date;
PasswordLastUsed?: Date;
PermissionsBoundary?: AttachedPermissionsBoundary;
Tags?: Tag[];
}
interface Tag {
Key: string;
Value: string;
}
interface AttachedPermissionsBoundary {
PermissionsBoundaryType?: PermissionsBoundaryAttachmentType;
PermissionsBoundaryArn?: string;
}
enum PermissionsBoundaryAttachmentType {
PermissionsBoundaryPolicy = "PermissionsBoundaryPolicy"
}
enum DeletionTaskStatusType {
SUCCEEDED = "SUCCEEDED",
IN_PROGRESS = "IN_PROGRESS",
FAILED = "FAILED",
NOT_STARTED = "NOT_STARTED"
}
interface DeletionTaskFailureReasonType {
Reason?: string;
RoleUsageList?: RoleUsageType[];
}
interface RoleUsageType {
Region?: string;
Resources?: string[];
}