*
* Identity and Access Management (IAM) is a web service for securely controlling access to Amazon Web Services * services. With IAM, you can centrally manage users, security credentials such as access keys, and permissions that * control which Amazon Web Services resources users and applications can access. For more information about IAM, see Identity and Access Management (IAM) and the Identity and Access Management User Guide. *
*/ @ThreadSafe @Generated("com.amazonaws:aws-java-sdk-code-generator") public class AmazonIdentityManagementClient extends AmazonWebServiceClient implements AmazonIdentityManagement { /** Provider for AWS credentials. */ private final AWSCredentialsProvider awsCredentialsProvider; private static final Log log = LogFactory.getLog(AmazonIdentityManagement.class); /** Default signing name for the service. */ private static final String DEFAULT_SIGNING_NAME = "iam"; private volatile AmazonIdentityManagementWaiters waiters; /** Client configuration factory providing ClientConfigurations tailored to this client */ protected static final ClientConfigurationFactory configFactory = new ClientConfigurationFactory(); private final AdvancedConfig advancedConfig; /** * Map of exception unmarshallers for all modeled exceptions */ private final Map* All service calls made using this new client object are blocking, and will not return until the service call * completes. * * @see DefaultAWSCredentialsProviderChain * @deprecated use {@link AmazonIdentityManagementClientBuilder#defaultClient()} */ @Deprecated public AmazonIdentityManagementClient() { this(DefaultAWSCredentialsProviderChain.getInstance(), configFactory.getConfig()); } /** * Constructs a new client to invoke service methods on IAM. A credentials provider chain will be used that searches * for credentials in this order: *
* All service calls made using this new client object are blocking, and will not return until the service call * completes. * * @param clientConfiguration * The client configuration options controlling how this client connects to IAM (ex: proxy settings, retry * counts, etc.). * * @see DefaultAWSCredentialsProviderChain * @deprecated use {@link AmazonIdentityManagementClientBuilder#withClientConfiguration(ClientConfiguration)} */ @Deprecated public AmazonIdentityManagementClient(ClientConfiguration clientConfiguration) { this(DefaultAWSCredentialsProviderChain.getInstance(), clientConfiguration); } /** * Constructs a new client to invoke service methods on IAM using the specified AWS account credentials. * *
* All service calls made using this new client object are blocking, and will not return until the service call * completes. * * @param awsCredentials * The AWS credentials (access key ID and secret key) to use when authenticating with AWS services. * @deprecated use {@link AmazonIdentityManagementClientBuilder#withCredentials(AWSCredentialsProvider)} for * example: * {@code AmazonIdentityManagementClientBuilder.standard().withCredentials(new AWSStaticCredentialsProvider(awsCredentials)).build();} */ @Deprecated public AmazonIdentityManagementClient(AWSCredentials awsCredentials) { this(awsCredentials, configFactory.getConfig()); } /** * Constructs a new client to invoke service methods on IAM using the specified AWS account credentials and client * configuration options. * *
* All service calls made using this new client object are blocking, and will not return until the service call * completes. * * @param awsCredentials * The AWS credentials (access key ID and secret key) to use when authenticating with AWS services. * @param clientConfiguration * The client configuration options controlling how this client connects to IAM (ex: proxy settings, retry * counts, etc.). * @deprecated use {@link AmazonIdentityManagementClientBuilder#withCredentials(AWSCredentialsProvider)} and * {@link AmazonIdentityManagementClientBuilder#withClientConfiguration(ClientConfiguration)} */ @Deprecated public AmazonIdentityManagementClient(AWSCredentials awsCredentials, ClientConfiguration clientConfiguration) { super(clientConfiguration); this.awsCredentialsProvider = new StaticCredentialsProvider(awsCredentials); this.advancedConfig = AdvancedConfig.EMPTY; init(); } /** * Constructs a new client to invoke service methods on IAM using the specified AWS account credentials provider. * *
* All service calls made using this new client object are blocking, and will not return until the service call * completes. * * @param awsCredentialsProvider * The AWS credentials provider which will provide credentials to authenticate requests with AWS services. * @deprecated use {@link AmazonIdentityManagementClientBuilder#withCredentials(AWSCredentialsProvider)} */ @Deprecated public AmazonIdentityManagementClient(AWSCredentialsProvider awsCredentialsProvider) { this(awsCredentialsProvider, configFactory.getConfig()); } /** * Constructs a new client to invoke service methods on IAM using the specified AWS account credentials provider and * client configuration options. * *
* All service calls made using this new client object are blocking, and will not return until the service call * completes. * * @param awsCredentialsProvider * The AWS credentials provider which will provide credentials to authenticate requests with AWS services. * @param clientConfiguration * The client configuration options controlling how this client connects to IAM (ex: proxy settings, retry * counts, etc.). * @deprecated use {@link AmazonIdentityManagementClientBuilder#withCredentials(AWSCredentialsProvider)} and * {@link AmazonIdentityManagementClientBuilder#withClientConfiguration(ClientConfiguration)} */ @Deprecated public AmazonIdentityManagementClient(AWSCredentialsProvider awsCredentialsProvider, ClientConfiguration clientConfiguration) { this(awsCredentialsProvider, clientConfiguration, null); } /** * Constructs a new client to invoke service methods on IAM using the specified AWS account credentials provider, * client configuration options, and request metric collector. * *
* All service calls made using this new client object are blocking, and will not return until the service call * completes. * * @param awsCredentialsProvider * The AWS credentials provider which will provide credentials to authenticate requests with AWS services. * @param clientConfiguration * The client configuration options controlling how this client connects to IAM (ex: proxy settings, retry * counts, etc.). * @param requestMetricCollector * optional request metric collector * @deprecated use {@link AmazonIdentityManagementClientBuilder#withCredentials(AWSCredentialsProvider)} and * {@link AmazonIdentityManagementClientBuilder#withClientConfiguration(ClientConfiguration)} and * {@link AmazonIdentityManagementClientBuilder#withMetricsCollector(RequestMetricCollector)} */ @Deprecated public AmazonIdentityManagementClient(AWSCredentialsProvider awsCredentialsProvider, ClientConfiguration clientConfiguration, RequestMetricCollector requestMetricCollector) { super(clientConfiguration, requestMetricCollector); this.awsCredentialsProvider = awsCredentialsProvider; this.advancedConfig = AdvancedConfig.EMPTY; init(); } public static AmazonIdentityManagementClientBuilder builder() { return AmazonIdentityManagementClientBuilder.standard(); } /** * Constructs a new client to invoke service methods on IAM using the specified parameters. * *
* All service calls made using this new client object are blocking, and will not return until the service call * completes. * * @param clientParams * Object providing client parameters. */ AmazonIdentityManagementClient(AwsSyncClientParams clientParams) { this(clientParams, false); } /** * Constructs a new client to invoke service methods on IAM using the specified parameters. * *
* All service calls made using this new client object are blocking, and will not return until the service call * completes. * * @param clientParams * Object providing client parameters. */ AmazonIdentityManagementClient(AwsSyncClientParams clientParams, boolean endpointDiscoveryEnabled) { super(clientParams); this.awsCredentialsProvider = clientParams.getCredentialsProvider(); this.advancedConfig = clientParams.getAdvancedConfig(); init(); } private void init() { if (exceptionUnmarshallersMap.get("ConcurrentModification") == null) { exceptionUnmarshallersMap.put("ConcurrentModification", new ConcurrentModificationExceptionUnmarshaller()); } exceptionUnmarshallers.add(new ConcurrentModificationExceptionUnmarshaller()); if (exceptionUnmarshallersMap.get("UnmodifiableEntity") == null) { exceptionUnmarshallersMap.put("UnmodifiableEntity", new UnmodifiableEntityExceptionUnmarshaller()); } exceptionUnmarshallers.add(new UnmodifiableEntityExceptionUnmarshaller()); if (exceptionUnmarshallersMap.get("LimitExceeded") == null) { exceptionUnmarshallersMap.put("LimitExceeded", new LimitExceededExceptionUnmarshaller()); } exceptionUnmarshallers.add(new LimitExceededExceptionUnmarshaller()); if (exceptionUnmarshallersMap.get("NoSuchEntity") == null) { exceptionUnmarshallersMap.put("NoSuchEntity", new NoSuchEntityExceptionUnmarshaller()); } exceptionUnmarshallers.add(new NoSuchEntityExceptionUnmarshaller()); if (exceptionUnmarshallersMap.get("EntityTemporarilyUnmodifiable") == null) { exceptionUnmarshallersMap.put("EntityTemporarilyUnmodifiable", new EntityTemporarilyUnmodifiableExceptionUnmarshaller()); } exceptionUnmarshallers.add(new EntityTemporarilyUnmodifiableExceptionUnmarshaller()); if (exceptionUnmarshallersMap.get("NotSupportedService") == null) { exceptionUnmarshallersMap.put("NotSupportedService", new ServiceNotSupportedExceptionUnmarshaller()); } exceptionUnmarshallers.add(new ServiceNotSupportedExceptionUnmarshaller()); if (exceptionUnmarshallersMap.get("ReportInProgress") == null) { exceptionUnmarshallersMap.put("ReportInProgress", new CredentialReportNotReadyExceptionUnmarshaller()); } exceptionUnmarshallers.add(new CredentialReportNotReadyExceptionUnmarshaller()); if (exceptionUnmarshallersMap.get("ServiceFailure") == null) { exceptionUnmarshallersMap.put("ServiceFailure", new ServiceFailureExceptionUnmarshaller()); } exceptionUnmarshallers.add(new ServiceFailureExceptionUnmarshaller()); if (exceptionUnmarshallersMap.get("InvalidPublicKey") == null) { exceptionUnmarshallersMap.put("InvalidPublicKey", new InvalidPublicKeyExceptionUnmarshaller()); } exceptionUnmarshallers.add(new InvalidPublicKeyExceptionUnmarshaller()); if (exceptionUnmarshallersMap.get("PolicyEvaluation") == null) { exceptionUnmarshallersMap.put("PolicyEvaluation", new PolicyEvaluationExceptionUnmarshaller()); } exceptionUnmarshallers.add(new PolicyEvaluationExceptionUnmarshaller()); if (exceptionUnmarshallersMap.get("InvalidInput") == null) { exceptionUnmarshallersMap.put("InvalidInput", new InvalidInputExceptionUnmarshaller()); } exceptionUnmarshallers.add(new InvalidInputExceptionUnmarshaller()); if (exceptionUnmarshallersMap.get("PolicyNotAttachable") == null) { exceptionUnmarshallersMap.put("PolicyNotAttachable", new PolicyNotAttachableExceptionUnmarshaller()); } exceptionUnmarshallers.add(new PolicyNotAttachableExceptionUnmarshaller()); if (exceptionUnmarshallersMap.get("MalformedCertificate") == null) { exceptionUnmarshallersMap.put("MalformedCertificate", new MalformedCertificateExceptionUnmarshaller()); } exceptionUnmarshallers.add(new MalformedCertificateExceptionUnmarshaller()); if (exceptionUnmarshallersMap.get("MalformedPolicyDocument") == null) { exceptionUnmarshallersMap.put("MalformedPolicyDocument", new MalformedPolicyDocumentExceptionUnmarshaller()); } exceptionUnmarshallers.add(new MalformedPolicyDocumentExceptionUnmarshaller()); if (exceptionUnmarshallersMap.get("DeleteConflict") == null) { exceptionUnmarshallersMap.put("DeleteConflict", new DeleteConflictExceptionUnmarshaller()); } exceptionUnmarshallers.add(new DeleteConflictExceptionUnmarshaller()); if (exceptionUnmarshallersMap.get("InvalidCertificate") == null) { exceptionUnmarshallersMap.put("InvalidCertificate", new InvalidCertificateExceptionUnmarshaller()); } exceptionUnmarshallers.add(new InvalidCertificateExceptionUnmarshaller()); if (exceptionUnmarshallersMap.get("PasswordPolicyViolation") == null) { exceptionUnmarshallersMap.put("PasswordPolicyViolation", new PasswordPolicyViolationExceptionUnmarshaller()); } exceptionUnmarshallers.add(new PasswordPolicyViolationExceptionUnmarshaller()); if (exceptionUnmarshallersMap.get("ReportExpired") == null) { exceptionUnmarshallersMap.put("ReportExpired", new CredentialReportExpiredExceptionUnmarshaller()); } exceptionUnmarshallers.add(new CredentialReportExpiredExceptionUnmarshaller()); if (exceptionUnmarshallersMap.get("InvalidUserType") == null) { exceptionUnmarshallersMap.put("InvalidUserType", new InvalidUserTypeExceptionUnmarshaller()); } exceptionUnmarshallers.add(new InvalidUserTypeExceptionUnmarshaller()); if (exceptionUnmarshallersMap.get("DuplicateSSHPublicKey") == null) { exceptionUnmarshallersMap.put("DuplicateSSHPublicKey", new DuplicateSSHPublicKeyExceptionUnmarshaller()); } exceptionUnmarshallers.add(new DuplicateSSHPublicKeyExceptionUnmarshaller()); if (exceptionUnmarshallersMap.get("DuplicateCertificate") == null) { exceptionUnmarshallersMap.put("DuplicateCertificate", new DuplicateCertificateExceptionUnmarshaller()); } exceptionUnmarshallers.add(new DuplicateCertificateExceptionUnmarshaller()); if (exceptionUnmarshallersMap.get("KeyPairMismatch") == null) { exceptionUnmarshallersMap.put("KeyPairMismatch", new KeyPairMismatchExceptionUnmarshaller()); } exceptionUnmarshallers.add(new KeyPairMismatchExceptionUnmarshaller()); if (exceptionUnmarshallersMap.get("EntityAlreadyExists") == null) { exceptionUnmarshallersMap.put("EntityAlreadyExists", new EntityAlreadyExistsExceptionUnmarshaller()); } exceptionUnmarshallers.add(new EntityAlreadyExistsExceptionUnmarshaller()); if (exceptionUnmarshallersMap.get("InvalidAuthenticationCode") == null) { exceptionUnmarshallersMap.put("InvalidAuthenticationCode", new InvalidAuthenticationCodeExceptionUnmarshaller()); } exceptionUnmarshallers.add(new InvalidAuthenticationCodeExceptionUnmarshaller()); if (exceptionUnmarshallersMap.get("ReportNotPresent") == null) { exceptionUnmarshallersMap.put("ReportNotPresent", new CredentialReportNotPresentExceptionUnmarshaller()); } exceptionUnmarshallers.add(new CredentialReportNotPresentExceptionUnmarshaller()); if (exceptionUnmarshallersMap.get("UnrecognizedPublicKeyEncoding") == null) { exceptionUnmarshallersMap.put("UnrecognizedPublicKeyEncoding", new UnrecognizedPublicKeyEncodingExceptionUnmarshaller()); } exceptionUnmarshallers.add(new UnrecognizedPublicKeyEncodingExceptionUnmarshaller()); if (exceptionUnmarshallersMap.get("ReportGenerationLimitExceeded") == null) { exceptionUnmarshallersMap.put("ReportGenerationLimitExceeded", new ReportGenerationLimitExceededExceptionUnmarshaller()); } exceptionUnmarshallers.add(new ReportGenerationLimitExceededExceptionUnmarshaller()); defaultUnmarshaller = new StandardErrorUnmarshaller(com.amazonaws.services.identitymanagement.model.AmazonIdentityManagementException.class); exceptionUnmarshallers.add(new StandardErrorUnmarshaller(com.amazonaws.services.identitymanagement.model.AmazonIdentityManagementException.class)); setServiceNameIntern(DEFAULT_SIGNING_NAME); setEndpointPrefix(ENDPOINT_PREFIX); // calling this.setEndPoint(...) will also modify the signer accordingly this.setEndpoint("iam.amazonaws.com"); HandlerChainFactory chainFactory = new HandlerChainFactory(); requestHandler2s.addAll(chainFactory.newRequestHandlerChain("/com/amazonaws/services/identitymanagement/request.handlers")); requestHandler2s.addAll(chainFactory.newRequestHandler2Chain("/com/amazonaws/services/identitymanagement/request.handler2s")); requestHandler2s.addAll(chainFactory.getGlobalHandlers()); } /** *
* Adds a new client ID (also known as audience) to the list of client IDs already registered for the specified IAM * OpenID Connect (OIDC) provider resource. *
** This operation is idempotent; it does not fail or return an error if you add an existing client ID to the * provider. *
* * @param addClientIDToOpenIDConnectProviderRequest * @return Result of the AddClientIDToOpenIDConnectProvider operation returned by the service. * @throws InvalidInputException * The request was rejected because an invalid or out-of-range value was supplied for an input parameter. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account limits. The error message describes the limit exceeded. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.AddClientIDToOpenIDConnectProvider * @see AWS API Documentation */ @Override public AddClientIDToOpenIDConnectProviderResult addClientIDToOpenIDConnectProvider(AddClientIDToOpenIDConnectProviderRequest request) { request = beforeClientExecution(request); return executeAddClientIDToOpenIDConnectProvider(request); } @SdkInternalApi final AddClientIDToOpenIDConnectProviderResult executeAddClientIDToOpenIDConnectProvider( AddClientIDToOpenIDConnectProviderRequest addClientIDToOpenIDConnectProviderRequest) { ExecutionContext executionContext = createExecutionContext(addClientIDToOpenIDConnectProviderRequest); AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics(); awsRequestMetrics.startEvent(Field.ClientExecuteTime); Request* Adds the specified IAM role to the specified instance profile. An instance profile can contain only one role, and * this quota cannot be increased. You can remove the existing role and then add a different role to an instance * profile. You must then wait for the change to appear across all of Amazon Web Services because of eventual consistency. To force the change, you must * * disassociate the instance profile and then associate the * instance profile, or you can stop your instance and then restart it. *
*
* The caller of this operation must be granted the PassRole permission on the IAM role by a
* permissions policy.
*
* For more information about roles, see IAM roles in the IAM User Guide. * For more information about instance profiles, see Using * instance profiles in the IAM User Guide. *
* * @param addRoleToInstanceProfileRequest * @return Result of the AddRoleToInstanceProfile operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws EntityAlreadyExistsException * The request was rejected because it attempted to create a resource that already exists. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account limits. The error message describes the limit exceeded. * @throws UnmodifiableEntityException * The request was rejected because service-linked roles are protected Amazon Web Services resources. Only * the service that depends on the service-linked role can modify or delete the role on your behalf. The * error message includes the name of the service that depends on this service-linked role. You must request * the change through that service. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.AddRoleToInstanceProfile * @see AWS * API Documentation */ @Override public AddRoleToInstanceProfileResult addRoleToInstanceProfile(AddRoleToInstanceProfileRequest request) { request = beforeClientExecution(request); return executeAddRoleToInstanceProfile(request); } @SdkInternalApi final AddRoleToInstanceProfileResult executeAddRoleToInstanceProfile(AddRoleToInstanceProfileRequest addRoleToInstanceProfileRequest) { ExecutionContext executionContext = createExecutionContext(addRoleToInstanceProfileRequest); AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics(); awsRequestMetrics.startEvent(Field.ClientExecuteTime); Request* Adds the specified user to the specified group. *
* * @param addUserToGroupRequest * @return Result of the AddUserToGroup operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account limits. The error message describes the limit exceeded. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.AddUserToGroup * @see AWS API * Documentation */ @Override public AddUserToGroupResult addUserToGroup(AddUserToGroupRequest request) { request = beforeClientExecution(request); return executeAddUserToGroup(request); } @SdkInternalApi final AddUserToGroupResult executeAddUserToGroup(AddUserToGroupRequest addUserToGroupRequest) { ExecutionContext executionContext = createExecutionContext(addUserToGroupRequest); AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics(); awsRequestMetrics.startEvent(Field.ClientExecuteTime); Request* Attaches the specified managed policy to the specified IAM group. *
*
* You use this operation to attach a managed policy to a group. To embed an inline policy in a group, use PutGroupPolicy
* .
*
* As a best practice, you can validate your IAM policies. To learn more, see Validating IAM * policies in the IAM User Guide. *
** For more information about policies, see Managed policies and * inline policies in the IAM User Guide. *
* * @param attachGroupPolicyRequest * @return Result of the AttachGroupPolicy operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account limits. The error message describes the limit exceeded. * @throws InvalidInputException * The request was rejected because an invalid or out-of-range value was supplied for an input parameter. * @throws PolicyNotAttachableException * The request failed because Amazon Web Services service role policies can only be attached to the * service-linked role for that service. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.AttachGroupPolicy * @see AWS API * Documentation */ @Override public AttachGroupPolicyResult attachGroupPolicy(AttachGroupPolicyRequest request) { request = beforeClientExecution(request); return executeAttachGroupPolicy(request); } @SdkInternalApi final AttachGroupPolicyResult executeAttachGroupPolicy(AttachGroupPolicyRequest attachGroupPolicyRequest) { ExecutionContext executionContext = createExecutionContext(attachGroupPolicyRequest); AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics(); awsRequestMetrics.startEvent(Field.ClientExecuteTime); Request* Attaches the specified managed policy to the specified IAM role. When you attach a managed policy to a role, the * managed policy becomes part of the role's permission (access) policy. *
*
* You cannot use a managed policy as the role's trust policy. The role's trust policy is created at the same time
* as the role, using
* CreateRole . You can update a role's trust policy using
* UpdateAssumerolePolicy .
*
* Use this operation to attach a managed policy to a role. To embed an inline policy in a role, use PutRolePolicy
* . For more information about policies, see Managed policies and
* inline policies in the IAM User Guide.
*
* As a best practice, you can validate your IAM policies. To learn more, see Validating IAM * policies in the IAM User Guide. *
* * @param attachRolePolicyRequest * @return Result of the AttachRolePolicy operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account limits. The error message describes the limit exceeded. * @throws InvalidInputException * The request was rejected because an invalid or out-of-range value was supplied for an input parameter. * @throws UnmodifiableEntityException * The request was rejected because service-linked roles are protected Amazon Web Services resources. Only * the service that depends on the service-linked role can modify or delete the role on your behalf. The * error message includes the name of the service that depends on this service-linked role. You must request * the change through that service. * @throws PolicyNotAttachableException * The request failed because Amazon Web Services service role policies can only be attached to the * service-linked role for that service. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.AttachRolePolicy * @see AWS API * Documentation */ @Override public AttachRolePolicyResult attachRolePolicy(AttachRolePolicyRequest request) { request = beforeClientExecution(request); return executeAttachRolePolicy(request); } @SdkInternalApi final AttachRolePolicyResult executeAttachRolePolicy(AttachRolePolicyRequest attachRolePolicyRequest) { ExecutionContext executionContext = createExecutionContext(attachRolePolicyRequest); AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics(); awsRequestMetrics.startEvent(Field.ClientExecuteTime); Request* Attaches the specified managed policy to the specified user. *
*
* You use this operation to attach a managed policy to a user. To embed an inline policy in a user, use PutUserPolicy
* .
*
* As a best practice, you can validate your IAM policies. To learn more, see Validating IAM * policies in the IAM User Guide. *
** For more information about policies, see Managed policies and * inline policies in the IAM User Guide. *
* * @param attachUserPolicyRequest * @return Result of the AttachUserPolicy operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account limits. The error message describes the limit exceeded. * @throws InvalidInputException * The request was rejected because an invalid or out-of-range value was supplied for an input parameter. * @throws PolicyNotAttachableException * The request failed because Amazon Web Services service role policies can only be attached to the * service-linked role for that service. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.AttachUserPolicy * @see AWS API * Documentation */ @Override public AttachUserPolicyResult attachUserPolicy(AttachUserPolicyRequest request) { request = beforeClientExecution(request); return executeAttachUserPolicy(request); } @SdkInternalApi final AttachUserPolicyResult executeAttachUserPolicy(AttachUserPolicyRequest attachUserPolicyRequest) { ExecutionContext executionContext = createExecutionContext(attachUserPolicyRequest); AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics(); awsRequestMetrics.startEvent(Field.ClientExecuteTime); Request* Changes the password of the IAM user who is calling this operation. This operation can be performed using the * CLI, the Amazon Web Services API, or the My Security Credentials page in the Amazon Web Services * Management Console. The Amazon Web Services account root user password is not affected by this operation. *
** Use UpdateLoginProfile to use the CLI, the Amazon Web Services API, or the Users page in the IAM * console to change the password for any IAM user. For more information about modifying passwords, see Managing passwords in the * IAM User Guide. *
* * @param changePasswordRequest * @return Result of the ChangePassword operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws InvalidUserTypeException * The request was rejected because the type of user for the transaction was incorrect. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account limits. The error message describes the limit exceeded. * @throws EntityTemporarilyUnmodifiableException * The request was rejected because it referenced an entity that is temporarily unmodifiable, such as a user * name that was deleted and then recreated. The error indicates that the request is likely to succeed if * you try again after waiting several minutes. The error message describes the entity. * @throws PasswordPolicyViolationException * The request was rejected because the provided password did not meet the requirements imposed by the * account password policy. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.ChangePassword * @see AWS API * Documentation */ @Override public ChangePasswordResult changePassword(ChangePasswordRequest request) { request = beforeClientExecution(request); return executeChangePassword(request); } @SdkInternalApi final ChangePasswordResult executeChangePassword(ChangePasswordRequest changePasswordRequest) { ExecutionContext executionContext = createExecutionContext(changePasswordRequest); AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics(); awsRequestMetrics.startEvent(Field.ClientExecuteTime); Request
* Creates a new Amazon Web Services secret access key and corresponding Amazon Web Services access key ID for the
* specified user. The default status for new keys is Active.
*
* If you do not specify a user name, IAM determines the user name implicitly based on the Amazon Web Services * access key ID signing the request. This operation works for access keys under the Amazon Web Services account. * Consequently, you can use this operation to manage Amazon Web Services account root user credentials. This is * true even if the Amazon Web Services account has no associated users. *
** For information about quotas on the number of keys you can create, see IAM and STS quotas in the * IAM User Guide. *
** To ensure the security of your Amazon Web Services account, the secret access key is accessible only during key * and user creation. You must save the key (for example, in a text file) if you want to be able to access it again. * If a secret key is lost, you can delete the access keys for the associated user and then create new keys. *
** Creates an alias for your Amazon Web Services account. For information about using an Amazon Web Services account * alias, see Creating, * deleting, and listing an Amazon Web Services account alias in the Amazon Web Services Sign-In User * Guide. *
* * @param createAccountAliasRequest * @return Result of the CreateAccountAlias operation returned by the service. * @throws ConcurrentModificationException * The request was rejected because multiple requests to change this object were submitted simultaneously. * Wait a few minutes and submit your request again. * @throws EntityAlreadyExistsException * The request was rejected because it attempted to create a resource that already exists. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account limits. The error message describes the limit exceeded. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.CreateAccountAlias * @see AWS API * Documentation */ @Override public CreateAccountAliasResult createAccountAlias(CreateAccountAliasRequest request) { request = beforeClientExecution(request); return executeCreateAccountAlias(request); } @SdkInternalApi final CreateAccountAliasResult executeCreateAccountAlias(CreateAccountAliasRequest createAccountAliasRequest) { ExecutionContext executionContext = createExecutionContext(createAccountAliasRequest); AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics(); awsRequestMetrics.startEvent(Field.ClientExecuteTime); Request* Creates a new group. *
** For information about the number of groups you can create, see IAM and STS quotas in the * IAM User Guide. *
* * @param createGroupRequest * @return Result of the CreateGroup operation returned by the service. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account limits. The error message describes the limit exceeded. * @throws EntityAlreadyExistsException * The request was rejected because it attempted to create a resource that already exists. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.CreateGroup * @see AWS API * Documentation */ @Override public CreateGroupResult createGroup(CreateGroupRequest request) { request = beforeClientExecution(request); return executeCreateGroup(request); } @SdkInternalApi final CreateGroupResult executeCreateGroup(CreateGroupRequest createGroupRequest) { ExecutionContext executionContext = createExecutionContext(createGroupRequest); AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics(); awsRequestMetrics.startEvent(Field.ClientExecuteTime); Request* Creates a new instance profile. For information about instance profiles, see Using roles for * applications on Amazon EC2 in the IAM User Guide, and Instance profiles in the Amazon EC2 User Guide. *
** For information about the number of instance profiles you can create, see IAM object quotas in the * IAM User Guide. *
* * @param createInstanceProfileRequest * @return Result of the CreateInstanceProfile operation returned by the service. * @throws EntityAlreadyExistsException * The request was rejected because it attempted to create a resource that already exists. * @throws InvalidInputException * The request was rejected because an invalid or out-of-range value was supplied for an input parameter. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account limits. The error message describes the limit exceeded. * @throws ConcurrentModificationException * The request was rejected because multiple requests to change this object were submitted simultaneously. * Wait a few minutes and submit your request again. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.CreateInstanceProfile * @see AWS API * Documentation */ @Override public CreateInstanceProfileResult createInstanceProfile(CreateInstanceProfileRequest request) { request = beforeClientExecution(request); return executeCreateInstanceProfile(request); } @SdkInternalApi final CreateInstanceProfileResult executeCreateInstanceProfile(CreateInstanceProfileRequest createInstanceProfileRequest) { ExecutionContext executionContext = createExecutionContext(createInstanceProfileRequest); AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics(); awsRequestMetrics.startEvent(Field.ClientExecuteTime); Request* Creates a password for the specified IAM user. A password allows an IAM user to access Amazon Web Services * services through the Amazon Web Services Management Console. *
** You can use the CLI, the Amazon Web Services API, or the Users page in the IAM console to create a * password for any IAM user. Use ChangePassword to update your own existing password in the My Security * Credentials page in the Amazon Web Services Management Console. *
** For more information about managing passwords, see Managing passwords in the * IAM User Guide. *
* * @param createLoginProfileRequest * @return Result of the CreateLoginProfile operation returned by the service. * @throws EntityAlreadyExistsException * The request was rejected because it attempted to create a resource that already exists. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws PasswordPolicyViolationException * The request was rejected because the provided password did not meet the requirements imposed by the * account password policy. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account limits. The error message describes the limit exceeded. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.CreateLoginProfile * @see AWS API * Documentation */ @Override public CreateLoginProfileResult createLoginProfile(CreateLoginProfileRequest request) { request = beforeClientExecution(request); return executeCreateLoginProfile(request); } @SdkInternalApi final CreateLoginProfileResult executeCreateLoginProfile(CreateLoginProfileRequest createLoginProfileRequest) { ExecutionContext executionContext = createExecutionContext(createLoginProfileRequest); AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics(); awsRequestMetrics.startEvent(Field.ClientExecuteTime); Request* Creates an IAM entity to describe an identity provider (IdP) that supports OpenID Connect (OIDC). *
** The OIDC provider that you create with this operation can be used as a principal in a role's trust policy. Such a * policy establishes a trust relationship between Amazon Web Services and the OIDC provider. *
** If you are using an OIDC identity provider from Google, Facebook, or Amazon Cognito, you don't need to create a * separate IAM identity provider. These OIDC identity providers are already built-in to Amazon Web Services and are * available for your use. Instead, you can move directly to creating new roles using your identity provider. To * learn more, see Creating a role for web * identity or OpenID connect federation in the IAM User Guide. *
** When you create the IAM OIDC provider, you specify the following: *
** The URL of the OIDC identity provider (IdP) to trust *
** A list of client IDs (also known as audiences) that identify the application or applications allowed to * authenticate using the OIDC provider *
** A list of tags that are attached to the specified IAM OIDC provider *
** A list of thumbprints of one or more server certificates that the IdP uses *
** You get all of this information from the OIDC IdP you want to use to access Amazon Web Services. *
** Amazon Web Services secures communication with some OIDC identity providers (IdPs) through our library of trusted * root certificate authorities (CAs) instead of using a certificate thumbprint to verify your IdP server * certificate. These OIDC IdPs include Auth0, GitHub, Google, and those that use an Amazon S3 bucket to host a JSON * Web Key Set (JWKS) endpoint. In these cases, your legacy thumbprint remains in your configuration, but is no * longer used for validation. *
** The trust for the OIDC provider is derived from the IAM provider that this operation creates. Therefore, it is * best to limit access to the CreateOpenIDConnectProvider operation to highly privileged users. *
** Creates a new managed policy for your Amazon Web Services account. *
*
* This operation creates a policy version with a version identifier of v1 and sets v1 as the policy's
* default version. For more information about policy versions, see Versioning for managed
* policies in the IAM User Guide.
*
* As a best practice, you can validate your IAM policies. To learn more, see Validating IAM * policies in the IAM User Guide. *
** For more information about managed policies in general, see Managed policies and * inline policies in the IAM User Guide. *
* * @param createPolicyRequest * @return Result of the CreatePolicy operation returned by the service. * @throws InvalidInputException * The request was rejected because an invalid or out-of-range value was supplied for an input parameter. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account limits. The error message describes the limit exceeded. * @throws EntityAlreadyExistsException * The request was rejected because it attempted to create a resource that already exists. * @throws MalformedPolicyDocumentException * The request was rejected because the policy document was malformed. The error message describes the * specific error. * @throws ConcurrentModificationException * The request was rejected because multiple requests to change this object were submitted simultaneously. * Wait a few minutes and submit your request again. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.CreatePolicy * @see AWS API * Documentation */ @Override public CreatePolicyResult createPolicy(CreatePolicyRequest request) { request = beforeClientExecution(request); return executeCreatePolicy(request); } @SdkInternalApi final CreatePolicyResult executeCreatePolicy(CreatePolicyRequest createPolicyRequest) { ExecutionContext executionContext = createExecutionContext(createPolicyRequest); AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics(); awsRequestMetrics.startEvent(Field.ClientExecuteTime); Request* Creates a new version of the specified managed policy. To update a managed policy, you create a new policy * version. A managed policy can have up to five versions. If the policy has five versions, you must delete an * existing version using DeletePolicyVersion before you create a new version. *
** Optionally, you can set the new version as the policy's default version. The default version is the version that * is in effect for the IAM users, groups, and roles to which the policy is attached. *
** For more information about managed policy versions, see Versioning for managed * policies in the IAM User Guide. *
* * @param createPolicyVersionRequest * @return Result of the CreatePolicyVersion operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws MalformedPolicyDocumentException * The request was rejected because the policy document was malformed. The error message describes the * specific error. * @throws InvalidInputException * The request was rejected because an invalid or out-of-range value was supplied for an input parameter. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account limits. The error message describes the limit exceeded. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.CreatePolicyVersion * @see AWS API * Documentation */ @Override public CreatePolicyVersionResult createPolicyVersion(CreatePolicyVersionRequest request) { request = beforeClientExecution(request); return executeCreatePolicyVersion(request); } @SdkInternalApi final CreatePolicyVersionResult executeCreatePolicyVersion(CreatePolicyVersionRequest createPolicyVersionRequest) { ExecutionContext executionContext = createExecutionContext(createPolicyVersionRequest); AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics(); awsRequestMetrics.startEvent(Field.ClientExecuteTime); Request* Creates a new role for your Amazon Web Services account. *
** For more information about roles, see IAM roles in the IAM User Guide. * For information about quotas for role names and the number of roles you can create, see IAM and STS quotas in the * IAM User Guide. *
* * @param createRoleRequest * @return Result of the CreateRole operation returned by the service. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account limits. The error message describes the limit exceeded. * @throws InvalidInputException * The request was rejected because an invalid or out-of-range value was supplied for an input parameter. * @throws EntityAlreadyExistsException * The request was rejected because it attempted to create a resource that already exists. * @throws MalformedPolicyDocumentException * The request was rejected because the policy document was malformed. The error message describes the * specific error. * @throws ConcurrentModificationException * The request was rejected because multiple requests to change this object were submitted simultaneously. * Wait a few minutes and submit your request again. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.CreateRole * @see AWS API * Documentation */ @Override public CreateRoleResult createRole(CreateRoleRequest request) { request = beforeClientExecution(request); return executeCreateRole(request); } @SdkInternalApi final CreateRoleResult executeCreateRole(CreateRoleRequest createRoleRequest) { ExecutionContext executionContext = createExecutionContext(createRoleRequest); AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics(); awsRequestMetrics.startEvent(Field.ClientExecuteTime); Request* Creates an IAM resource that describes an identity provider (IdP) that supports SAML 2.0. *
** The SAML provider resource that you create with this operation can be used as a principal in an IAM role's trust * policy. Such a policy can enable federated users who sign in using the SAML IdP to assume the role. You can * create an IAM role that supports Web-based single sign-on (SSO) to the Amazon Web Services Management Console or * one that supports API access to Amazon Web Services. *
** When you create the SAML provider resource, you upload a SAML metadata document that you get from your IdP. That * document includes the issuer's name, expiration information, and keys that can be used to validate the SAML * authentication response (assertions) that the IdP sends. You must generate the metadata document using the * identity management software that is used as your organization's IdP. *
** This operation requires Signature Version 4. *
** For more information, see Enabling SAML * 2.0 federated users to access the Amazon Web Services Management Console and About SAML 2.0-based * federation in the IAM User Guide. *
* * @param createSAMLProviderRequest * @return Result of the CreateSAMLProvider operation returned by the service. * @throws InvalidInputException * The request was rejected because an invalid or out-of-range value was supplied for an input parameter. * @throws EntityAlreadyExistsException * The request was rejected because it attempted to create a resource that already exists. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account limits. The error message describes the limit exceeded. * @throws ConcurrentModificationException * The request was rejected because multiple requests to change this object were submitted simultaneously. * Wait a few minutes and submit your request again. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.CreateSAMLProvider * @see AWS API * Documentation */ @Override public CreateSAMLProviderResult createSAMLProvider(CreateSAMLProviderRequest request) { request = beforeClientExecution(request); return executeCreateSAMLProvider(request); } @SdkInternalApi final CreateSAMLProviderResult executeCreateSAMLProvider(CreateSAMLProviderRequest createSAMLProviderRequest) { ExecutionContext executionContext = createExecutionContext(createSAMLProviderRequest); AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics(); awsRequestMetrics.startEvent(Field.ClientExecuteTime); Request* Creates an IAM role that is linked to a specific Amazon Web Services service. The service controls the attached * policies and when the role can be deleted. This helps ensure that the service is not broken by an unexpectedly * changed or deleted role, which could put your Amazon Web Services resources into an unknown state. Allowing the * service to control the role helps improve service stability and proper cleanup when a service and its role are no * longer needed. For more information, see Using service-linked * roles in the IAM User Guide. *
** To attach a policy to this service-linked role, you must make the request using the Amazon Web Services service * that depends on this role. *
* * @param createServiceLinkedRoleRequest * @return Result of the CreateServiceLinkedRole operation returned by the service. * @throws InvalidInputException * The request was rejected because an invalid or out-of-range value was supplied for an input parameter. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account limits. The error message describes the limit exceeded. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.CreateServiceLinkedRole * @see AWS * API Documentation */ @Override public CreateServiceLinkedRoleResult createServiceLinkedRole(CreateServiceLinkedRoleRequest request) { request = beforeClientExecution(request); return executeCreateServiceLinkedRole(request); } @SdkInternalApi final CreateServiceLinkedRoleResult executeCreateServiceLinkedRole(CreateServiceLinkedRoleRequest createServiceLinkedRoleRequest) { ExecutionContext executionContext = createExecutionContext(createServiceLinkedRoleRequest); AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics(); awsRequestMetrics.startEvent(Field.ClientExecuteTime); Request* Generates a set of credentials consisting of a user name and password that can be used to access the service * specified in the request. These credentials are generated by IAM, and can be used only for the specified service. *
** You can have a maximum of two sets of service-specific credentials for each supported service per user. *
** You can create service-specific credentials for CodeCommit and Amazon Keyspaces (for Apache Cassandra). *
** You can reset the password to a new service-generated value by calling ResetServiceSpecificCredential. *
** For more information about service-specific credentials, see Using IAM with CodeCommit: * Git credentials, SSH keys, and Amazon Web Services access keys in the IAM User Guide. *
* * @param createServiceSpecificCredentialRequest * @return Result of the CreateServiceSpecificCredential operation returned by the service. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account limits. The error message describes the limit exceeded. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws ServiceNotSupportedException * The specified service does not support service-specific credentials. * @sample AmazonIdentityManagement.CreateServiceSpecificCredential * @see AWS API Documentation */ @Override public CreateServiceSpecificCredentialResult createServiceSpecificCredential(CreateServiceSpecificCredentialRequest request) { request = beforeClientExecution(request); return executeCreateServiceSpecificCredential(request); } @SdkInternalApi final CreateServiceSpecificCredentialResult executeCreateServiceSpecificCredential( CreateServiceSpecificCredentialRequest createServiceSpecificCredentialRequest) { ExecutionContext executionContext = createExecutionContext(createServiceSpecificCredentialRequest); AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics(); awsRequestMetrics.startEvent(Field.ClientExecuteTime); Request* Creates a new IAM user for your Amazon Web Services account. *
** For information about quotas for the number of IAM users you can create, see IAM and STS quotas in the * IAM User Guide. *
* * @param createUserRequest * @return Result of the CreateUser operation returned by the service. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account limits. The error message describes the limit exceeded. * @throws EntityAlreadyExistsException * The request was rejected because it attempted to create a resource that already exists. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws InvalidInputException * The request was rejected because an invalid or out-of-range value was supplied for an input parameter. * @throws ConcurrentModificationException * The request was rejected because multiple requests to change this object were submitted simultaneously. * Wait a few minutes and submit your request again. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.CreateUser * @see AWS API * Documentation */ @Override public CreateUserResult createUser(CreateUserRequest request) { request = beforeClientExecution(request); return executeCreateUser(request); } @SdkInternalApi final CreateUserResult executeCreateUser(CreateUserRequest createUserRequest) { ExecutionContext executionContext = createExecutionContext(createUserRequest); AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics(); awsRequestMetrics.startEvent(Field.ClientExecuteTime); Request* Creates a new virtual MFA device for the Amazon Web Services account. After creating the virtual MFA, use * EnableMFADevice to attach the MFA device to an IAM user. For more information about creating and working * with virtual MFA devices, see Using a virtual MFA device in * the IAM User Guide. *
** For information about the maximum number of MFA devices you can create, see IAM and STS quotas in the * IAM User Guide. *
** The seed information contained in the QR code and the Base32 string should be treated like any other secret * access information. In other words, protect the seed information as you would your Amazon Web Services access * keys or your passwords. After you provision your virtual device, you should ensure that the information is * destroyed following secure procedures. *
** Deactivates the specified MFA device and removes it from association with the user name for which it was * originally enabled. *
** For more information about creating and working with virtual MFA devices, see Enabling a virtual multi-factor * authentication (MFA) device in the IAM User Guide. *
* * @param deactivateMFADeviceRequest * @return Result of the DeactivateMFADevice operation returned by the service. * @throws EntityTemporarilyUnmodifiableException * The request was rejected because it referenced an entity that is temporarily unmodifiable, such as a user * name that was deleted and then recreated. The error indicates that the request is likely to succeed if * you try again after waiting several minutes. The error message describes the entity. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account limits. The error message describes the limit exceeded. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @throws ConcurrentModificationException * The request was rejected because multiple requests to change this object were submitted simultaneously. * Wait a few minutes and submit your request again. * @sample AmazonIdentityManagement.DeactivateMFADevice * @see AWS API * Documentation */ @Override public DeactivateMFADeviceResult deactivateMFADevice(DeactivateMFADeviceRequest request) { request = beforeClientExecution(request); return executeDeactivateMFADevice(request); } @SdkInternalApi final DeactivateMFADeviceResult executeDeactivateMFADevice(DeactivateMFADeviceRequest deactivateMFADeviceRequest) { ExecutionContext executionContext = createExecutionContext(deactivateMFADeviceRequest); AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics(); awsRequestMetrics.startEvent(Field.ClientExecuteTime); Request* Deletes the access key pair associated with the specified IAM user. *
** If you do not specify a user name, IAM determines the user name implicitly based on the Amazon Web Services * access key ID signing the request. This operation works for access keys under the Amazon Web Services account. * Consequently, you can use this operation to manage Amazon Web Services account root user credentials even if the * Amazon Web Services account has no associated users. *
* * @param deleteAccessKeyRequest * @return Result of the DeleteAccessKey operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account limits. The error message describes the limit exceeded. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.DeleteAccessKey * @see AWS API * Documentation */ @Override public DeleteAccessKeyResult deleteAccessKey(DeleteAccessKeyRequest request) { request = beforeClientExecution(request); return executeDeleteAccessKey(request); } @SdkInternalApi final DeleteAccessKeyResult executeDeleteAccessKey(DeleteAccessKeyRequest deleteAccessKeyRequest) { ExecutionContext executionContext = createExecutionContext(deleteAccessKeyRequest); AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics(); awsRequestMetrics.startEvent(Field.ClientExecuteTime); Request* Deletes the specified Amazon Web Services account alias. For information about using an Amazon Web Services * account alias, see Creating, deleting, and * listing an Amazon Web Services account alias in the Amazon Web Services Sign-In User Guide. *
* * @param deleteAccountAliasRequest * @return Result of the DeleteAccountAlias operation returned by the service. * @throws ConcurrentModificationException * The request was rejected because multiple requests to change this object were submitted simultaneously. * Wait a few minutes and submit your request again. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account limits. The error message describes the limit exceeded. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.DeleteAccountAlias * @see AWS API * Documentation */ @Override public DeleteAccountAliasResult deleteAccountAlias(DeleteAccountAliasRequest request) { request = beforeClientExecution(request); return executeDeleteAccountAlias(request); } @SdkInternalApi final DeleteAccountAliasResult executeDeleteAccountAlias(DeleteAccountAliasRequest deleteAccountAliasRequest) { ExecutionContext executionContext = createExecutionContext(deleteAccountAliasRequest); AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics(); awsRequestMetrics.startEvent(Field.ClientExecuteTime); Request* Deletes the password policy for the Amazon Web Services account. There are no parameters. *
* * @param deleteAccountPasswordPolicyRequest * @return Result of the DeleteAccountPasswordPolicy operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account limits. The error message describes the limit exceeded. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.DeleteAccountPasswordPolicy * @see AWS API Documentation */ @Override public DeleteAccountPasswordPolicyResult deleteAccountPasswordPolicy(DeleteAccountPasswordPolicyRequest request) { request = beforeClientExecution(request); return executeDeleteAccountPasswordPolicy(request); } @SdkInternalApi final DeleteAccountPasswordPolicyResult executeDeleteAccountPasswordPolicy(DeleteAccountPasswordPolicyRequest deleteAccountPasswordPolicyRequest) { ExecutionContext executionContext = createExecutionContext(deleteAccountPasswordPolicyRequest); AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics(); awsRequestMetrics.startEvent(Field.ClientExecuteTime); Request* Deletes the specified IAM group. The group must not contain any users or have any attached policies. *
* * @param deleteGroupRequest * @return Result of the DeleteGroup operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws DeleteConflictException * The request was rejected because it attempted to delete a resource that has attached subordinate * entities. The error message describes these entities. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account limits. The error message describes the limit exceeded. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.DeleteGroup * @see AWS API * Documentation */ @Override public DeleteGroupResult deleteGroup(DeleteGroupRequest request) { request = beforeClientExecution(request); return executeDeleteGroup(request); } @SdkInternalApi final DeleteGroupResult executeDeleteGroup(DeleteGroupRequest deleteGroupRequest) { ExecutionContext executionContext = createExecutionContext(deleteGroupRequest); AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics(); awsRequestMetrics.startEvent(Field.ClientExecuteTime); Request* Deletes the specified inline policy that is embedded in the specified IAM group. *
** A group can also have managed policies attached to it. To detach a managed policy from a group, use * DetachGroupPolicy. For more information about policies, refer to Managed policies and * inline policies in the IAM User Guide. *
* * @param deleteGroupPolicyRequest * @return Result of the DeleteGroupPolicy operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account limits. The error message describes the limit exceeded. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.DeleteGroupPolicy * @see AWS API * Documentation */ @Override public DeleteGroupPolicyResult deleteGroupPolicy(DeleteGroupPolicyRequest request) { request = beforeClientExecution(request); return executeDeleteGroupPolicy(request); } @SdkInternalApi final DeleteGroupPolicyResult executeDeleteGroupPolicy(DeleteGroupPolicyRequest deleteGroupPolicyRequest) { ExecutionContext executionContext = createExecutionContext(deleteGroupPolicyRequest); AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics(); awsRequestMetrics.startEvent(Field.ClientExecuteTime); Request* Deletes the specified instance profile. The instance profile must not have an associated role. *
** Make sure that you do not have any Amazon EC2 instances running with the instance profile you are about to * delete. Deleting a role or instance profile that is associated with a running instance will break any * applications running on the instance. *
** For more information about instance profiles, see Using * instance profiles in the IAM User Guide. *
* * @param deleteInstanceProfileRequest * @return Result of the DeleteInstanceProfile operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws DeleteConflictException * The request was rejected because it attempted to delete a resource that has attached subordinate * entities. The error message describes these entities. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account limits. The error message describes the limit exceeded. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.DeleteInstanceProfile * @see AWS API * Documentation */ @Override public DeleteInstanceProfileResult deleteInstanceProfile(DeleteInstanceProfileRequest request) { request = beforeClientExecution(request); return executeDeleteInstanceProfile(request); } @SdkInternalApi final DeleteInstanceProfileResult executeDeleteInstanceProfile(DeleteInstanceProfileRequest deleteInstanceProfileRequest) { ExecutionContext executionContext = createExecutionContext(deleteInstanceProfileRequest); AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics(); awsRequestMetrics.startEvent(Field.ClientExecuteTime); Request* Deletes the password for the specified IAM user, For more information, see Managing * passwords for IAM users. *
** You can use the CLI, the Amazon Web Services API, or the Users page in the IAM console to delete a * password for any IAM user. You can use ChangePassword to update, but not delete, your own password in the * My Security Credentials page in the Amazon Web Services Management Console. *
** Deleting a user's password does not prevent a user from accessing Amazon Web Services through the command line * interface or the API. To prevent all user access, you must also either make any access keys inactive or delete * them. For more information about making keys inactive or deleting them, see UpdateAccessKey and * DeleteAccessKey. *
** Deletes an OpenID Connect identity provider (IdP) resource object in IAM. *
** Deleting an IAM OIDC provider resource does not update any roles that reference the provider as a principal in * their trust policies. Any attempt to assume a role that references a deleted provider fails. *
** This operation is idempotent; it does not fail or return an error if you call the operation for a provider that * does not exist. *
* * @param deleteOpenIDConnectProviderRequest * @return Result of the DeleteOpenIDConnectProvider operation returned by the service. * @throws InvalidInputException * The request was rejected because an invalid or out-of-range value was supplied for an input parameter. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.DeleteOpenIDConnectProvider * @see AWS API Documentation */ @Override public DeleteOpenIDConnectProviderResult deleteOpenIDConnectProvider(DeleteOpenIDConnectProviderRequest request) { request = beforeClientExecution(request); return executeDeleteOpenIDConnectProvider(request); } @SdkInternalApi final DeleteOpenIDConnectProviderResult executeDeleteOpenIDConnectProvider(DeleteOpenIDConnectProviderRequest deleteOpenIDConnectProviderRequest) { ExecutionContext executionContext = createExecutionContext(deleteOpenIDConnectProviderRequest); AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics(); awsRequestMetrics.startEvent(Field.ClientExecuteTime); Request* Deletes the specified managed policy. *
** Before you can delete a managed policy, you must first detach the policy from all users, groups, and roles that * it is attached to. In addition, you must delete all the policy's versions. The following steps describe the * process for deleting a managed policy: *
** Detach the policy from all users, groups, and roles that the policy is attached to, using * DetachUserPolicy, DetachGroupPolicy, or DetachRolePolicy. To list all the users, groups, and * roles that a policy is attached to, use ListEntitiesForPolicy. *
** Delete all versions of the policy using DeletePolicyVersion. To list the policy's versions, use * ListPolicyVersions. You cannot use DeletePolicyVersion to delete the version that is marked as the * default version. You delete the policy's default version in the next step of the process. *
** Delete the policy (this automatically deletes the policy's default version) using this operation. *
** For information about managed policies, see Managed policies and * inline policies in the IAM User Guide. *
* * @param deletePolicyRequest * @return Result of the DeletePolicy operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account limits. The error message describes the limit exceeded. * @throws InvalidInputException * The request was rejected because an invalid or out-of-range value was supplied for an input parameter. * @throws DeleteConflictException * The request was rejected because it attempted to delete a resource that has attached subordinate * entities. The error message describes these entities. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.DeletePolicy * @see AWS API * Documentation */ @Override public DeletePolicyResult deletePolicy(DeletePolicyRequest request) { request = beforeClientExecution(request); return executeDeletePolicy(request); } @SdkInternalApi final DeletePolicyResult executeDeletePolicy(DeletePolicyRequest deletePolicyRequest) { ExecutionContext executionContext = createExecutionContext(deletePolicyRequest); AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics(); awsRequestMetrics.startEvent(Field.ClientExecuteTime); Request* Deletes the specified version from the specified managed policy. *
** You cannot delete the default version from a policy using this operation. To delete the default version from a * policy, use DeletePolicy. To find out which version of a policy is marked as the default version, use * ListPolicyVersions. *
** For information about versions for managed policies, see Versioning for managed * policies in the IAM User Guide. *
* * @param deletePolicyVersionRequest * @return Result of the DeletePolicyVersion operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account limits. The error message describes the limit exceeded. * @throws InvalidInputException * The request was rejected because an invalid or out-of-range value was supplied for an input parameter. * @throws DeleteConflictException * The request was rejected because it attempted to delete a resource that has attached subordinate * entities. The error message describes these entities. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.DeletePolicyVersion * @see AWS API * Documentation */ @Override public DeletePolicyVersionResult deletePolicyVersion(DeletePolicyVersionRequest request) { request = beforeClientExecution(request); return executeDeletePolicyVersion(request); } @SdkInternalApi final DeletePolicyVersionResult executeDeletePolicyVersion(DeletePolicyVersionRequest deletePolicyVersionRequest) { ExecutionContext executionContext = createExecutionContext(deletePolicyVersionRequest); AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics(); awsRequestMetrics.startEvent(Field.ClientExecuteTime); Request* Deletes the specified role. Unlike the Amazon Web Services Management Console, when you delete a role * programmatically, you must delete the items attached to the role manually, or the deletion fails. For more * information, see Deleting an IAM role. Before attempting to delete a role, remove the following attached items: *
** Inline policies (DeleteRolePolicy) *
** Attached managed policies (DetachRolePolicy) *
** Instance profile (RemoveRoleFromInstanceProfile) *
** Optional – Delete instance profile after detaching from role for resource clean up (DeleteInstanceProfile) *
** Make sure that you do not have any Amazon EC2 instances running with the role you are about to delete. Deleting a * role or instance profile that is associated with a running instance will break any applications running on the * instance. *
** Deletes the permissions boundary for the specified IAM role. *
** You cannot set the boundary for a service-linked role. *
** Deleting the permissions boundary for a role might increase its permissions. For example, it might allow anyone * who assumes the role to perform all the actions granted in its permissions policies. *
** Deletes the specified inline policy that is embedded in the specified IAM role. *
** A role can also have managed policies attached to it. To detach a managed policy from a role, use * DetachRolePolicy. For more information about policies, refer to Managed policies and * inline policies in the IAM User Guide. *
* * @param deleteRolePolicyRequest * @return Result of the DeleteRolePolicy operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account limits. The error message describes the limit exceeded. * @throws UnmodifiableEntityException * The request was rejected because service-linked roles are protected Amazon Web Services resources. Only * the service that depends on the service-linked role can modify or delete the role on your behalf. The * error message includes the name of the service that depends on this service-linked role. You must request * the change through that service. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.DeleteRolePolicy * @see AWS API * Documentation */ @Override public DeleteRolePolicyResult deleteRolePolicy(DeleteRolePolicyRequest request) { request = beforeClientExecution(request); return executeDeleteRolePolicy(request); } @SdkInternalApi final DeleteRolePolicyResult executeDeleteRolePolicy(DeleteRolePolicyRequest deleteRolePolicyRequest) { ExecutionContext executionContext = createExecutionContext(deleteRolePolicyRequest); AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics(); awsRequestMetrics.startEvent(Field.ClientExecuteTime); Request* Deletes a SAML provider resource in IAM. *
** Deleting the provider resource from IAM does not update any roles that reference the SAML provider resource's ARN * as a principal in their trust policies. Any attempt to assume a role that references a non-existent provider * resource ARN fails. *
** This operation requires Signature Version 4. *
** Deletes the specified SSH public key. *
** The SSH public key deleted by this operation is used only for authenticating the associated IAM user to an * CodeCommit repository. For more information about using SSH keys to authenticate to an CodeCommit repository, see * Set up * CodeCommit for SSH connections in the CodeCommit User Guide. *
* * @param deleteSSHPublicKeyRequest * @return Result of the DeleteSSHPublicKey operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @sample AmazonIdentityManagement.DeleteSSHPublicKey * @see AWS API * Documentation */ @Override public DeleteSSHPublicKeyResult deleteSSHPublicKey(DeleteSSHPublicKeyRequest request) { request = beforeClientExecution(request); return executeDeleteSSHPublicKey(request); } @SdkInternalApi final DeleteSSHPublicKeyResult executeDeleteSSHPublicKey(DeleteSSHPublicKeyRequest deleteSSHPublicKeyRequest) { ExecutionContext executionContext = createExecutionContext(deleteSSHPublicKeyRequest); AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics(); awsRequestMetrics.startEvent(Field.ClientExecuteTime); Request* Deletes the specified server certificate. *
** For more information about working with server certificates, see Working with server * certificates in the IAM User Guide. This topic also includes a list of Amazon Web Services services * that can use the server certificates that you manage with IAM. *
** If you are using a server certificate with Elastic Load Balancing, deleting the certificate could have * implications for your application. If Elastic Load Balancing doesn't detect the deletion of bound certificates, * it may continue to use the certificates. This could cause Elastic Load Balancing to stop accepting traffic. We * recommend that you remove the reference to the certificate from Elastic Load Balancing before using this command * to delete the certificate. For more information, see DeleteLoadBalancerListeners in the Elastic Load Balancing API Reference. *
*
* Submits a service-linked role deletion request and returns a DeletionTaskId, which you can use to
* check the status of the deletion. Before you call this operation, confirm that the role has no active sessions
* and that any resources used by the role in the linked service are deleted. If you call this operation more than
* once for the same service-linked role and an earlier deletion task is not complete, then the
* DeletionTaskId of the earlier request is returned.
*
* If you submit a deletion request for a service-linked role whose linked service is still accessing a resource, * then the deletion task fails. If it fails, the GetServiceLinkedRoleDeletionStatus operation returns the * reason for the failure, usually including the resources that must be deleted. To delete the service-linked role, * you must first remove those resources from the linked service and then submit the deletion request again. * Resources are specific to the service that is linked to the role. For more information about removing resources * from a service, see the Amazon Web Services documentation for your * service. *
** For more information about service-linked roles, see Roles terms and concepts: Amazon Web Services service-linked role in the IAM User Guide. *
* * @param deleteServiceLinkedRoleRequest * @return Result of the DeleteServiceLinkedRole operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account limits. The error message describes the limit exceeded. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.DeleteServiceLinkedRole * @see AWS * API Documentation */ @Override public DeleteServiceLinkedRoleResult deleteServiceLinkedRole(DeleteServiceLinkedRoleRequest request) { request = beforeClientExecution(request); return executeDeleteServiceLinkedRole(request); } @SdkInternalApi final DeleteServiceLinkedRoleResult executeDeleteServiceLinkedRole(DeleteServiceLinkedRoleRequest deleteServiceLinkedRoleRequest) { ExecutionContext executionContext = createExecutionContext(deleteServiceLinkedRoleRequest); AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics(); awsRequestMetrics.startEvent(Field.ClientExecuteTime); Request* Deletes the specified service-specific credential. *
* * @param deleteServiceSpecificCredentialRequest * @return Result of the DeleteServiceSpecificCredential operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @sample AmazonIdentityManagement.DeleteServiceSpecificCredential * @see AWS API Documentation */ @Override public DeleteServiceSpecificCredentialResult deleteServiceSpecificCredential(DeleteServiceSpecificCredentialRequest request) { request = beforeClientExecution(request); return executeDeleteServiceSpecificCredential(request); } @SdkInternalApi final DeleteServiceSpecificCredentialResult executeDeleteServiceSpecificCredential( DeleteServiceSpecificCredentialRequest deleteServiceSpecificCredentialRequest) { ExecutionContext executionContext = createExecutionContext(deleteServiceSpecificCredentialRequest); AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics(); awsRequestMetrics.startEvent(Field.ClientExecuteTime); Request* Deletes a signing certificate associated with the specified IAM user. *
** If you do not specify a user name, IAM determines the user name implicitly based on the Amazon Web Services * access key ID signing the request. This operation works for access keys under the Amazon Web Services account. * Consequently, you can use this operation to manage Amazon Web Services account root user credentials even if the * Amazon Web Services account has no associated IAM users. *
* * @param deleteSigningCertificateRequest * @return Result of the DeleteSigningCertificate operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account limits. The error message describes the limit exceeded. * @throws ConcurrentModificationException * The request was rejected because multiple requests to change this object were submitted simultaneously. * Wait a few minutes and submit your request again. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.DeleteSigningCertificate * @see AWS * API Documentation */ @Override public DeleteSigningCertificateResult deleteSigningCertificate(DeleteSigningCertificateRequest request) { request = beforeClientExecution(request); return executeDeleteSigningCertificate(request); } @SdkInternalApi final DeleteSigningCertificateResult executeDeleteSigningCertificate(DeleteSigningCertificateRequest deleteSigningCertificateRequest) { ExecutionContext executionContext = createExecutionContext(deleteSigningCertificateRequest); AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics(); awsRequestMetrics.startEvent(Field.ClientExecuteTime); Request* Deletes the specified IAM user. Unlike the Amazon Web Services Management Console, when you delete a user * programmatically, you must delete the items attached to the user manually, or the deletion fails. For more * information, see Deleting an * IAM user. Before attempting to delete a user, remove the following items: *
** Password (DeleteLoginProfile) *
** Access keys (DeleteAccessKey) *
** Signing certificate (DeleteSigningCertificate) *
** SSH public key (DeleteSSHPublicKey) *
** Git credentials (DeleteServiceSpecificCredential) *
** Multi-factor authentication (MFA) device (DeactivateMFADevice, DeleteVirtualMFADevice) *
** Inline policies (DeleteUserPolicy) *
** Attached managed policies (DetachUserPolicy) *
** Group memberships (RemoveUserFromGroup) *
** Deletes the permissions boundary for the specified IAM user. *
** Deleting the permissions boundary for a user might increase its permissions by allowing the user to perform all * the actions granted in its permissions policies. *
** Deletes the specified inline policy that is embedded in the specified IAM user. *
** A user can also have managed policies attached to it. To detach a managed policy from a user, use * DetachUserPolicy. For more information about policies, refer to Managed policies and * inline policies in the IAM User Guide. *
* * @param deleteUserPolicyRequest * @return Result of the DeleteUserPolicy operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account limits. The error message describes the limit exceeded. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.DeleteUserPolicy * @see AWS API * Documentation */ @Override public DeleteUserPolicyResult deleteUserPolicy(DeleteUserPolicyRequest request) { request = beforeClientExecution(request); return executeDeleteUserPolicy(request); } @SdkInternalApi final DeleteUserPolicyResult executeDeleteUserPolicy(DeleteUserPolicyRequest deleteUserPolicyRequest) { ExecutionContext executionContext = createExecutionContext(deleteUserPolicyRequest); AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics(); awsRequestMetrics.startEvent(Field.ClientExecuteTime); Request* Deletes a virtual MFA device. *
** You must deactivate a user's virtual MFA device before you can delete it. For information about deactivating MFA * devices, see DeactivateMFADevice. *
** Removes the specified managed policy from the specified IAM group. *
** A group can also have inline policies embedded with it. To delete an inline policy, use DeleteGroupPolicy. * For information about policies, see Managed policies and * inline policies in the IAM User Guide. *
* * @param detachGroupPolicyRequest * @return Result of the DetachGroupPolicy operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account limits. The error message describes the limit exceeded. * @throws InvalidInputException * The request was rejected because an invalid or out-of-range value was supplied for an input parameter. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.DetachGroupPolicy * @see AWS API * Documentation */ @Override public DetachGroupPolicyResult detachGroupPolicy(DetachGroupPolicyRequest request) { request = beforeClientExecution(request); return executeDetachGroupPolicy(request); } @SdkInternalApi final DetachGroupPolicyResult executeDetachGroupPolicy(DetachGroupPolicyRequest detachGroupPolicyRequest) { ExecutionContext executionContext = createExecutionContext(detachGroupPolicyRequest); AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics(); awsRequestMetrics.startEvent(Field.ClientExecuteTime); Request* Removes the specified managed policy from the specified role. *
** A role can also have inline policies embedded with it. To delete an inline policy, use DeleteRolePolicy. * For information about policies, see Managed policies and * inline policies in the IAM User Guide. *
* * @param detachRolePolicyRequest * @return Result of the DetachRolePolicy operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account limits. The error message describes the limit exceeded. * @throws InvalidInputException * The request was rejected because an invalid or out-of-range value was supplied for an input parameter. * @throws UnmodifiableEntityException * The request was rejected because service-linked roles are protected Amazon Web Services resources. Only * the service that depends on the service-linked role can modify or delete the role on your behalf. The * error message includes the name of the service that depends on this service-linked role. You must request * the change through that service. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.DetachRolePolicy * @see AWS API * Documentation */ @Override public DetachRolePolicyResult detachRolePolicy(DetachRolePolicyRequest request) { request = beforeClientExecution(request); return executeDetachRolePolicy(request); } @SdkInternalApi final DetachRolePolicyResult executeDetachRolePolicy(DetachRolePolicyRequest detachRolePolicyRequest) { ExecutionContext executionContext = createExecutionContext(detachRolePolicyRequest); AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics(); awsRequestMetrics.startEvent(Field.ClientExecuteTime); Request* Removes the specified managed policy from the specified user. *
** A user can also have inline policies embedded with it. To delete an inline policy, use DeleteUserPolicy. * For information about policies, see Managed policies and * inline policies in the IAM User Guide. *
* * @param detachUserPolicyRequest * @return Result of the DetachUserPolicy operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account limits. The error message describes the limit exceeded. * @throws InvalidInputException * The request was rejected because an invalid or out-of-range value was supplied for an input parameter. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.DetachUserPolicy * @see AWS API * Documentation */ @Override public DetachUserPolicyResult detachUserPolicy(DetachUserPolicyRequest request) { request = beforeClientExecution(request); return executeDetachUserPolicy(request); } @SdkInternalApi final DetachUserPolicyResult executeDetachUserPolicy(DetachUserPolicyRequest detachUserPolicyRequest) { ExecutionContext executionContext = createExecutionContext(detachUserPolicyRequest); AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics(); awsRequestMetrics.startEvent(Field.ClientExecuteTime); Request* Enables the specified MFA device and associates it with the specified IAM user. When enabled, the MFA device is * required for every subsequent login by the IAM user associated with the device. *
* * @param enableMFADeviceRequest * @return Result of the EnableMFADevice operation returned by the service. * @throws EntityAlreadyExistsException * The request was rejected because it attempted to create a resource that already exists. * @throws EntityTemporarilyUnmodifiableException * The request was rejected because it referenced an entity that is temporarily unmodifiable, such as a user * name that was deleted and then recreated. The error indicates that the request is likely to succeed if * you try again after waiting several minutes. The error message describes the entity. * @throws InvalidAuthenticationCodeException * The request was rejected because the authentication code was not recognized. The error message describes * the specific error. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account limits. The error message describes the limit exceeded. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @throws ConcurrentModificationException * The request was rejected because multiple requests to change this object were submitted simultaneously. * Wait a few minutes and submit your request again. * @sample AmazonIdentityManagement.EnableMFADevice * @see AWS API * Documentation */ @Override public EnableMFADeviceResult enableMFADevice(EnableMFADeviceRequest request) { request = beforeClientExecution(request); return executeEnableMFADevice(request); } @SdkInternalApi final EnableMFADeviceResult executeEnableMFADevice(EnableMFADeviceRequest enableMFADeviceRequest) { ExecutionContext executionContext = createExecutionContext(enableMFADeviceRequest); AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics(); awsRequestMetrics.startEvent(Field.ClientExecuteTime); Request* Generates a credential report for the Amazon Web Services account. For more information about the credential * report, see Getting credential * reports in the IAM User Guide. *
* * @param generateCredentialReportRequest * @return Result of the GenerateCredentialReport operation returned by the service. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account limits. The error message describes the limit exceeded. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.GenerateCredentialReport * @see AWS * API Documentation */ @Override public GenerateCredentialReportResult generateCredentialReport(GenerateCredentialReportRequest request) { request = beforeClientExecution(request); return executeGenerateCredentialReport(request); } @SdkInternalApi final GenerateCredentialReportResult executeGenerateCredentialReport(GenerateCredentialReportRequest generateCredentialReportRequest) { ExecutionContext executionContext = createExecutionContext(generateCredentialReportRequest); AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics(); awsRequestMetrics.startEvent(Field.ClientExecuteTime); Request* Generates a report for service last accessed data for Organizations. You can generate a report for any entities * (organization root, organizational unit, or account) or policies in your organization. *
** To call this operation, you must be signed in using your Organizations management account credentials. You can * use your long-term IAM user or root user credentials, or temporary credentials from assuming an IAM role. SCPs * must be enabled for your organization root. You must have the required IAM and Organizations permissions. For * more information, see Refining permissions * using service last accessed data in the IAM User Guide. *
** You can generate a service last accessed data report for entities by specifying only the entity's path. This data * includes a list of services that are allowed by any service control policies (SCPs) that apply to the entity. *
** You can generate a service last accessed data report for a policy by specifying an entity's path and an optional * Organizations policy ID. This data includes a list of services that are allowed by the specified SCP. *
** For each service in both report types, the data includes the most recent account activity that the policy allows * to account principals in the entity or the entity's children. For important information about the data, reporting * period, permissions required, troubleshooting, and supported Regions see Reducing permissions * using service last accessed data in the IAM User Guide. *
** The data includes all attempts to access Amazon Web Services, not just the successful ones. This includes all * attempts that were made using the Amazon Web Services Management Console, the Amazon Web Services API through any * of the SDKs, or any of the command line tools. An unexpected entry in the service last accessed data does not * mean that an account has been compromised, because the request might have been denied. Refer to your CloudTrail * logs as the authoritative source for information about all API calls and whether they were successful or denied * access. For more information, see Logging IAM events with * CloudTrail in the IAM User Guide. *
*
* This operation returns a JobId. Use this parameter in the
* GetOrganizationsAccessReport operation to check the status of the report generation. To
* check the status of this request, use the JobId parameter in the
* GetOrganizationsAccessReport operation and test the JobStatus response
* parameter. When the job is complete, you can retrieve the report.
*
* To generate a service last accessed data report for entities, specify an entity path without specifying the * optional Organizations policy ID. The type of entity that you specify determines the data returned in the report. *
** Root – When you specify the organizations root as the entity, the resulting report lists all of the * services allowed by SCPs that are attached to your root. For each service, the report includes data for all * accounts in your organization except the management account, because the management account is not limited by * SCPs. *
** OU – When you specify an organizational unit (OU) as the entity, the resulting report lists all of the * services allowed by SCPs that are attached to the OU and its parents. For each service, the report includes data * for all accounts in the OU or its children. This data excludes the management account, because the management * account is not limited by SCPs. *
** management account – When you specify the management account, the resulting report lists all Amazon Web * Services services, because the management account is not limited by SCPs. For each service, the report includes * data for only the management account. *
** Account – When you specify another account as the entity, the resulting report lists all of the services * allowed by SCPs that are attached to the account and its parents. For each service, the report includes data for * only the specified account. *
** To generate a service last accessed data report for policies, specify an entity path and the optional * Organizations policy ID. The type of entity that you specify determines the data returned for each service. *
** Root – When you specify the root entity and a policy ID, the resulting report lists all of the services * that are allowed by the specified SCP. For each service, the report includes data for all accounts in your * organization to which the SCP applies. This data excludes the management account, because the management account * is not limited by SCPs. If the SCP is not attached to any entities in the organization, then the report will * return a list of services with no data. *
** OU – When you specify an OU entity and a policy ID, the resulting report lists all of the services that * are allowed by the specified SCP. For each service, the report includes data for all accounts in the OU or its * children to which the SCP applies. This means that other accounts outside the OU that are affected by the SCP * might not be included in the data. This data excludes the management account, because the management account is * not limited by SCPs. If the SCP is not attached to the OU or one of its children, the report will return a list * of services with no data. *
** management account – When you specify the management account, the resulting report lists all Amazon Web * Services services, because the management account is not limited by SCPs. If you specify a policy ID in the CLI * or API, the policy is ignored. For each service, the report includes data for only the management account. *
** Account – When you specify another account entity and a policy ID, the resulting report lists all of the * services that are allowed by the specified SCP. For each service, the report includes data for only the specified * account. This means that other accounts in the organization that are affected by the SCP might not be included in * the data. If the SCP is not attached to the account, the report will return a list of services with no data. *
** Service last accessed data does not use other policy types when determining whether a principal could access a * service. These other policy types include identity-based policies, resource-based policies, access control lists, * IAM permissions boundaries, and STS assume role policies. It only applies SCP logic. For more about the * evaluation of policy types, see Evaluating policies in the IAM User Guide. *
** For more information about service last accessed data, see Reducing policy scope * by viewing user activity in the IAM User Guide. *
* * @param generateOrganizationsAccessReportRequest * @return Result of the GenerateOrganizationsAccessReport operation returned by the service. * @throws ReportGenerationLimitExceededException * The request failed because the maximum number of concurrent requests for this account are already * running. * @sample AmazonIdentityManagement.GenerateOrganizationsAccessReport * @see AWS API Documentation */ @Override public GenerateOrganizationsAccessReportResult generateOrganizationsAccessReport(GenerateOrganizationsAccessReportRequest request) { request = beforeClientExecution(request); return executeGenerateOrganizationsAccessReport(request); } @SdkInternalApi final GenerateOrganizationsAccessReportResult executeGenerateOrganizationsAccessReport( GenerateOrganizationsAccessReportRequest generateOrganizationsAccessReportRequest) { ExecutionContext executionContext = createExecutionContext(generateOrganizationsAccessReportRequest); AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics(); awsRequestMetrics.startEvent(Field.ClientExecuteTime); Request* Generates a report that includes details about when an IAM resource (user, group, role, or policy) was last used * in an attempt to access Amazon Web Services services. Recent activity usually appears within four hours. IAM * reports activity for at least the last 400 days, or less if your Region began supporting this feature within the * last year. For more information, see Regions where data is tracked. *
** The service last accessed data includes all attempts to access an Amazon Web Services API, not just the * successful ones. This includes all attempts that were made using the Amazon Web Services Management Console, the * Amazon Web Services API through any of the SDKs, or any of the command line tools. An unexpected entry in the * service last accessed data does not mean that your account has been compromised, because the request might have * been denied. Refer to your CloudTrail logs as the authoritative source for information about all API calls and * whether they were successful or denied access. For more information, see Logging IAM events with * CloudTrail in the IAM User Guide. *
*
* The GenerateServiceLastAccessedDetails operation returns a JobId. Use this parameter in
* the following operations to retrieve the following details from your report:
*
* GetServiceLastAccessedDetails – Use this operation for users, groups, roles, or policies to list every * Amazon Web Services service that the resource could access using permissions policies. For each service, the * response includes information about the most recent access attempt. *
*
* The JobId returned by GenerateServiceLastAccessedDetail must be used by the same role
* within a session, or by the same user when used to call GetServiceLastAccessedDetail.
*
* GetServiceLastAccessedDetailsWithEntities – Use this operation for groups and policies to list information * about the associated entities (users or roles) that attempted to access a specific Amazon Web Services service. *
*
* To check the status of the GenerateServiceLastAccessedDetails request, use the JobId
* parameter in the same operations and test the JobStatus response parameter.
*
* For additional information about the permissions policies that allow an identity (user, group, or role) to access * specific services, use the ListPoliciesGrantingServiceAccess operation. *
** Service last accessed data does not use other policy types when determining whether a resource could access a * service. These other policy types include resource-based policies, access control lists, Organizations policies, * IAM permissions boundaries, and STS assume role policies. It only applies permissions policy logic. For more * about the evaluation of policy types, see Evaluating policies in the IAM User Guide. *
** For more information about service and action last accessed data, see Reducing permissions * using service last accessed data in the IAM User Guide. *
* * @param generateServiceLastAccessedDetailsRequest * @return Result of the GenerateServiceLastAccessedDetails operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws InvalidInputException * The request was rejected because an invalid or out-of-range value was supplied for an input parameter. * @sample AmazonIdentityManagement.GenerateServiceLastAccessedDetails * @see AWS API Documentation */ @Override public GenerateServiceLastAccessedDetailsResult generateServiceLastAccessedDetails(GenerateServiceLastAccessedDetailsRequest request) { request = beforeClientExecution(request); return executeGenerateServiceLastAccessedDetails(request); } @SdkInternalApi final GenerateServiceLastAccessedDetailsResult executeGenerateServiceLastAccessedDetails( GenerateServiceLastAccessedDetailsRequest generateServiceLastAccessedDetailsRequest) { ExecutionContext executionContext = createExecutionContext(generateServiceLastAccessedDetailsRequest); AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics(); awsRequestMetrics.startEvent(Field.ClientExecuteTime); Request* Retrieves information about when the specified access key was last used. The information includes the date and * time of last use, along with the Amazon Web Services service and Region that were specified in the last request * made with that key. *
* * @param getAccessKeyLastUsedRequest * @return Result of the GetAccessKeyLastUsed operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @sample AmazonIdentityManagement.GetAccessKeyLastUsed * @see AWS API * Documentation */ @Override public GetAccessKeyLastUsedResult getAccessKeyLastUsed(GetAccessKeyLastUsedRequest request) { request = beforeClientExecution(request); return executeGetAccessKeyLastUsed(request); } @SdkInternalApi final GetAccessKeyLastUsedResult executeGetAccessKeyLastUsed(GetAccessKeyLastUsedRequest getAccessKeyLastUsedRequest) { ExecutionContext executionContext = createExecutionContext(getAccessKeyLastUsedRequest); AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics(); awsRequestMetrics.startEvent(Field.ClientExecuteTime); Request* Retrieves information about all IAM users, groups, roles, and policies in your Amazon Web Services account, * including their relationships to one another. Use this operation to obtain a snapshot of the configuration of IAM * permissions (users, groups, roles, and policies) in your account. *
*
* Policies returned by this operation are URL-encoded compliant with RFC 3986. You can use a URL decoding method to convert the policy
* back to plain JSON text. For example, if you use Java, you can use the decode method of the
* java.net.URLDecoder utility class in the Java SDK. Other languages and SDKs provide similar
* functionality.
*
* You can optionally filter the results using the Filter parameter. You can paginate the results using
* the MaxItems and Marker parameters.
*
* Retrieves the password policy for the Amazon Web Services account. This tells you the complexity requirements and * mandatory rotation periods for the IAM user passwords in your account. For more information about using a * password policy, see Managing an IAM * password policy. *
* * @param getAccountPasswordPolicyRequest * @return Result of the GetAccountPasswordPolicy operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.GetAccountPasswordPolicy * @see AWS * API Documentation */ @Override public GetAccountPasswordPolicyResult getAccountPasswordPolicy(GetAccountPasswordPolicyRequest request) { request = beforeClientExecution(request); return executeGetAccountPasswordPolicy(request); } @SdkInternalApi final GetAccountPasswordPolicyResult executeGetAccountPasswordPolicy(GetAccountPasswordPolicyRequest getAccountPasswordPolicyRequest) { ExecutionContext executionContext = createExecutionContext(getAccountPasswordPolicyRequest); AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics(); awsRequestMetrics.startEvent(Field.ClientExecuteTime); Request* Retrieves information about IAM entity usage and IAM quotas in the Amazon Web Services account. *
** For information about IAM quotas, see IAM and STS quotas in the * IAM User Guide. *
* * @param getAccountSummaryRequest * @return Result of the GetAccountSummary operation returned by the service. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.GetAccountSummary * @see AWS API * Documentation */ @Override public GetAccountSummaryResult getAccountSummary(GetAccountSummaryRequest request) { request = beforeClientExecution(request); return executeGetAccountSummary(request); } @SdkInternalApi final GetAccountSummaryResult executeGetAccountSummary(GetAccountSummaryRequest getAccountSummaryRequest) { ExecutionContext executionContext = createExecutionContext(getAccountSummaryRequest); AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics(); awsRequestMetrics.startEvent(Field.ClientExecuteTime); Request* Gets a list of all of the context keys referenced in the input policies. The policies are supplied as a list of * one or more strings. To get the context keys from policies associated with an IAM user, group, or role, use * GetContextKeysForPrincipalPolicy. *
*
* Context keys are variables maintained by Amazon Web Services and its services that provide details about the
* context of an API query request. Context keys can be evaluated by testing against a value specified in an IAM
* policy. Use GetContextKeysForCustomPolicy to understand what key names and values you must supply
* when you call SimulateCustomPolicy. Note that all parameters are shown in unencoded form here for clarity
* but must be URL encoded to be included as a part of a real HTML request.
*
* Gets a list of all of the context keys referenced in all the IAM policies that are attached to the specified IAM * entity. The entity can be an IAM user, group, or role. If you specify a user, then the request also includes all * of the policies attached to groups that the user is a member of. *
** You can optionally include a list of one or more additional policies, specified as strings. If you want to * include only a list of policies by string, use GetContextKeysForCustomPolicy instead. *
** Note: This operation discloses information about the permissions granted to other users. If you do not * want users to see other user's permissions, then consider allowing them to use * GetContextKeysForCustomPolicy instead. *
** Context keys are variables maintained by Amazon Web Services and its services that provide details about the * context of an API query request. Context keys can be evaluated by testing against a value in an IAM policy. Use * GetContextKeysForPrincipalPolicy to understand what key names and values you must supply when you call * SimulatePrincipalPolicy. *
* * @param getContextKeysForPrincipalPolicyRequest * @return Result of the GetContextKeysForPrincipalPolicy operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws InvalidInputException * The request was rejected because an invalid or out-of-range value was supplied for an input parameter. * @sample AmazonIdentityManagement.GetContextKeysForPrincipalPolicy * @see AWS API Documentation */ @Override public GetContextKeysForPrincipalPolicyResult getContextKeysForPrincipalPolicy(GetContextKeysForPrincipalPolicyRequest request) { request = beforeClientExecution(request); return executeGetContextKeysForPrincipalPolicy(request); } @SdkInternalApi final GetContextKeysForPrincipalPolicyResult executeGetContextKeysForPrincipalPolicy( GetContextKeysForPrincipalPolicyRequest getContextKeysForPrincipalPolicyRequest) { ExecutionContext executionContext = createExecutionContext(getContextKeysForPrincipalPolicyRequest); AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics(); awsRequestMetrics.startEvent(Field.ClientExecuteTime); Request* Retrieves a credential report for the Amazon Web Services account. For more information about the credential * report, see Getting credential * reports in the IAM User Guide. *
* * @param getCredentialReportRequest * @return Result of the GetCredentialReport operation returned by the service. * @throws CredentialReportNotPresentException * The request was rejected because the credential report does not exist. To generate a credential report, * use GenerateCredentialReport. * @throws CredentialReportExpiredException * The request was rejected because the most recent credential report has expired. To generate a new * credential report, use GenerateCredentialReport. For more information about credential report * expiration, see Getting credential * reports in the IAM User Guide. * @throws CredentialReportNotReadyException * The request was rejected because the credential report is still being generated. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.GetCredentialReport * @see AWS API * Documentation */ @Override public GetCredentialReportResult getCredentialReport(GetCredentialReportRequest request) { request = beforeClientExecution(request); return executeGetCredentialReport(request); } @SdkInternalApi final GetCredentialReportResult executeGetCredentialReport(GetCredentialReportRequest getCredentialReportRequest) { ExecutionContext executionContext = createExecutionContext(getCredentialReportRequest); AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics(); awsRequestMetrics.startEvent(Field.ClientExecuteTime); Request
* Returns a list of IAM users that are in the specified IAM group. You can paginate the results using the
* MaxItems and Marker parameters.
*
* Retrieves the specified inline policy document that is embedded in the specified IAM group. *
*
* Policies returned by this operation are URL-encoded compliant with RFC 3986. You can use a URL decoding method to convert the policy
* back to plain JSON text. For example, if you use Java, you can use the decode method of the
* java.net.URLDecoder utility class in the Java SDK. Other languages and SDKs provide similar
* functionality.
*
* An IAM group can also have managed policies attached to it. To retrieve a managed policy document that is * attached to a group, use GetPolicy to determine the policy's default version, then use * GetPolicyVersion to retrieve the policy document. *
** For more information about policies, see Managed policies and * inline policies in the IAM User Guide. *
* * @param getGroupPolicyRequest * @return Result of the GetGroupPolicy operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.GetGroupPolicy * @see AWS API * Documentation */ @Override public GetGroupPolicyResult getGroupPolicy(GetGroupPolicyRequest request) { request = beforeClientExecution(request); return executeGetGroupPolicy(request); } @SdkInternalApi final GetGroupPolicyResult executeGetGroupPolicy(GetGroupPolicyRequest getGroupPolicyRequest) { ExecutionContext executionContext = createExecutionContext(getGroupPolicyRequest); AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics(); awsRequestMetrics.startEvent(Field.ClientExecuteTime); Request* Retrieves information about the specified instance profile, including the instance profile's path, GUID, ARN, and * role. For more information about instance profiles, see Using * instance profiles in the IAM User Guide. *
* * @param getInstanceProfileRequest * @return Result of the GetInstanceProfile operation returned by the service. * @throws NoSuchEntityException * The request was rejected because it referenced a resource entity that does not exist. The error message * describes the resource. * @throws ServiceFailureException * The request processing has failed because of an unknown error, exception or failure. * @sample AmazonIdentityManagement.GetInstanceProfile * @see AWS API * Documentation */ @Override public GetInstanceProfileResult getInstanceProfile(GetInstanceProfileRequest request) { request = beforeClientExecution(request); return executeGetInstanceProfile(request); } @SdkInternalApi final GetInstanceProfileResult executeGetInstanceProfile(GetInstanceProfileRequest getInstanceProfileRequest) { ExecutionContext executionContext = createExecutionContext(getInstanceProfileRequest); AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics(); awsRequestMetrics.startEvent(Field.ClientExecuteTime); Request* Retrieves the user name for the specified IAM user. A login profile is created when you create a password for the * user to access the Amazon Web Services Management Console. If the user does not exist or does not have a * password, the operation returns a 404 (