or run

npx @tessl/cli init

Version

Tile

Overview

Evals

Files

docs

access-keys-credentials.md account-management.md client-config.md groups-roles.md identity-providers.md index.md instance-profiles.md mfa-devices.md policy-management.md user-management.md

tile.json

AWS SDK IAM Client

AWS SDK for JavaScript IAM Client provides comprehensive Identity and Access Management functionality for Node.js, Browser and React Native applications. It enables programmatic management of AWS users, groups, roles, policies, and access credentials with over 165 IAM operations.

Package Information

Package Name: @aws-sdk/client-iam
Package Type: npm
Language: TypeScript/JavaScript
Installation: npm install @aws-sdk/client-iam

Core Imports

import { IAMClient, CreateUserCommand } from "@aws-sdk/client-iam";

For CommonJS:

const { IAMClient, CreateUserCommand } = require("@aws-sdk/client-iam");

Basic Usage

import { IAMClient, CreateUserCommand, ListUsersCommand } from "@aws-sdk/client-iam";

// Initialize client
const client = new IAMClient({ region: "us-east-1" });

// Create a user
const createUserCommand = new CreateUserCommand({
  UserName: "test-user",
  Path: "/users/"
});

try {
  const createResult = await client.send(createUserCommand);
  console.log("User created:", createResult.User?.UserName);
} catch (error) {
  console.error("Error creating user:", error);
}

// List users
const listUsersCommand = new ListUsersCommand({});
const listResult = await client.send(listUsersCommand);
console.log("Users:", listResult.Users?.map(u => u.UserName));

Architecture

The AWS IAM Client is built around several key components:

IAMClient: Low-level client class for sending commands with full configuration control
IAM: High-level service class providing method-based interface for convenience
Commands: Individual operation classes (165+ commands) for all IAM operations
Pagination: Automatic pagination support for list operations with large result sets
Waiters: Polling utilities for waiting on resource state changes
Models: Complete TypeScript type definitions for all requests, responses, and data structures

Capabilities

Client and Configuration

Core client initialization, configuration options, and authentication setup for all IAM operations.

interface IAMClientConfig {
  region?: string;
  credentials?: AwsCredentialIdentityProvider;
  endpoint?: string;
  maxAttempts?: number;
}

Client and Configuration

User Management

Comprehensive user lifecycle management including creation, deletion, modification, and access configuration.

interface CreateUserCommandInput {
  UserName: string;
  Path?: string;
  PermissionsBoundary?: string;
  Tags?: Tag[];
}

interface User {
  UserName: string;
  UserId: string;
  Arn: string;
  Path: string;
  CreateDate: Date;
  PasswordLastUsed?: Date;
  PermissionsBoundary?: AttachedPermissionsBoundary;
  Tags?: Tag[];
}

User Management

Group and Role Management

Management of IAM groups and roles for organizing users and defining assumable identities.

interface CreateGroupCommandInput {
  GroupName: string;
  Path?: string;
}

interface CreateRoleCommandInput {
  RoleName: string;
  AssumeRolePolicyDocument: string;
  Path?: string;
  Description?: string;
  MaxSessionDuration?: number;
  PermissionsBoundary?: string;
  Tags?: Tag[];
}

Group and Role Management

Policy Management

Complete policy lifecycle management including managed policies, inline policies, and policy attachments.

interface CreatePolicyCommandInput {
  PolicyName: string;
  PolicyDocument: string;
  Path?: string;
  Description?: string;
  Tags?: Tag[];
}

interface Policy {
  PolicyName?: string;
  PolicyId?: string;
  Arn?: string;
  Path?: string;
  DefaultVersionId?: string;
  AttachmentCount?: number;
  PermissionsBoundaryUsageCount?: number;
  IsAttachable?: boolean;
  Description?: string;
  CreateDate?: Date;
  UpdateDate?: Date;
  Tags?: Tag[];
}

Policy Management

Access Keys and Credentials

Management of access keys, signing certificates, SSH keys, and other security credentials.

interface CreateAccessKeyCommandInput {
  UserName?: string;
}

interface AccessKey {
  UserName: string;
  AccessKeyId: string;
  Status: StatusType;
  SecretAccessKey: string;
  CreateDate?: Date;
}

Access Keys and Credentials

MFA Devices

Multi-Factor Authentication device management for securing IAM user access with TOTP and hardware tokens.

interface CreateVirtualMFADeviceCommandInput {
  VirtualMFADeviceName: string;
  Path?: string;
}

interface VirtualMFADevice {
  SerialNumber: string;
  Base32StringSeed?: Uint8Array;
  QRCodePNG?: Uint8Array;
  User?: User;
  EnableDate?: Date;
}

MFA Devices

Identity Providers

Identity provider management for federated authentication using SAML 2.0 and OpenID Connect protocols.

interface CreateSAMLProviderCommandInput {
  Name: string;
  SAMLMetadataDocument: string;
  Tags?: Tag[];
}

interface CreateOpenIDConnectProviderCommandInput {
  Url: string;
  ClientIDList?: string[];
  ThumbprintList?: string[];
  Tags?: Tag[];
}

Identity Providers

Instance Profiles

Instance profile management for providing AWS credentials to EC2 instances and compute services through IAM roles.

interface CreateInstanceProfileCommandInput {
  InstanceProfileName: string;
  Path?: string;
  Tags?: Tag[];
}

interface InstanceProfile {
  Path: string;
  InstanceProfileName: string;
  InstanceProfileId: string;
  Arn: string;
  CreateDate: Date;
  Roles: Role[];
}

Instance Profiles

Account Management

AWS account-level IAM settings including account aliases, password policies, and security preferences.

interface CreateAccountAliasCommandInput {
  AccountAlias: string;
}

interface UpdateAccountPasswordPolicyCommandInput {
  MinimumPasswordLength?: number;
  RequireSymbols?: boolean;
  RequireNumbers?: boolean;
  RequireUppercaseCharacters?: boolean;
  RequireLowercaseCharacters?: boolean;
  AllowUsersToChangePassword?: boolean;
  MaxPasswordAge?: number;
  PasswordReusePrevention?: number;
  HardExpiry?: boolean;
}

Account Management

Common Types

interface Tag {
  Key: string;
  Value: string;
}

enum StatusType {
  Active = "Active",
  Inactive = "Inactive",
  Expired = "Expired"
}

interface AttachedPermissionsBoundary {
  PermissionsBoundaryType?: PermissionsBoundaryAttachmentType;
  PermissionsBoundaryArn?: string;
}

enum PermissionsBoundaryAttachmentType {
  PermissionsBoundaryPolicy = "PermissionsBoundaryPolicy"
}

interface IAMServiceException extends Error {
  name: string;
  message: string;
  $fault: "client" | "server";
  $metadata: ResponseMetadata;
}

interface ResponseMetadata {
  httpStatusCode?: number;
  requestId?: string;
  extendedRequestId?: string;
  cfId?: string;
  attempts?: number;
  totalRetryDelay?: number;
}

Version

Tile

Files

index.md.css-3qkkll{font-size:var(--chakra-font-sizes-sm);font-weight:var(--chakra-font-weights-normal);color:var(--chakra-colors-gray-300);}docs/

AWS SDK IAM Client

Package Information

Core Imports

Basic Usage

Architecture

Capabilities

Client and Configuration

User Management

Group and Role Management

Policy Management

Access Keys and Credentials

MFA Devices

Identity Providers

Instance Profiles

Account Management

Common Types

index.mddocs/