Skip to main content

AWS - Identity and Access Management

This Integration is part of the AWS - IAM Pack.#

Amazon Web Services Identity and Access Management (IAM)

For detailed instructions about setting up authentication, see: AWS Integrations - Authentication.

Configure AWS - IAM in Cortex#

ParameterDescriptionRequired
roleArnRole ArnFalse
roleSessionNameRole Session NameFalse
defaultRegionAWS Default RegionFalse
sessionDurationRole Session DurationFalse
access_keyAccess KeyFalse
secret_keySecret KeyFalse
timeoutThe time in seconds till a timeout exception is reached. You can specify just the read timeout (for example 60) or also the connect timeout followed after a comma (for example 60,10). If a connect timeout is not specified, a default of 10 second will be used.False
retriesThe maximum number of retry attempts when connection or throttling errors are encountered. Set to 0 to disable retries. The default value is 5 and the limit is 10. Note: Increasing the number of retries will increase the execution time.False
insecureTrust any certificate (not secure)False
proxyUse system proxy settingsFalse

Commands#

You can execute these commands from the CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

aws-iam-create-user#


Creates a new IAM user for your AWS account.

Base Command#

aws-iam-create-user

Input#

Argument NameDescriptionRequired
userNameThe name of the user to create.Required
pathThe path for the user name. This parameter is optional. If it is not included, it defaults to a slash (/).Optional
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional

Context Output#

PathTypeDescription
AWS.IAM.Users.UserNamestringThe friendly name identifying the user.
AWS.IAM.Users.UserIdstringThe stable and unique string identifying the user.
AWS.IAM.Users.ArnstringThe Amazon Resource Name (ARN) that identifies the user.
AWS.IAM.Users.CreateDatedateThe date and time, when the user was created.
AWS.IAM.Users.PathstringThe path to the user.

Command Example#

!aws-iam-create-user userName=Test path=/testusers/

aws-iam-get-user#


Retrieves information about the specified IAM user, including the user's creation date, path, unique ID, and ARN.

Base Command#

aws-iam-get-user

Input#

Argument NameDescriptionRequired
userNameThe name of the user to get information about.Required
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional

Context Output#

PathTypeDescription
AWS.IAM.Users.UserNamestringThe friendly name identifying the user.
AWS.IAM.Users.UserIdstringThe stable and unique string identifying the user.
AWS.IAM.Users.ArnstringThe Amazon Resource Name (ARN) that identifies the user.
AWS.IAM.Users.CreateDatedateThe date and time when the user was created.
AWS.IAM.Users.PathstringThe path to the user.
AWS.IAM.Users.PasswordLastUseddateThe date and time, when the user's password was last used to sign in to an AWS website.

Command Example#

!aws-iam-get-user userName=test

aws-iam-list-users#


Lists the IAM users, returns all users in the AWS account.

Base Command#

aws-iam-list-users

Input#

Argument NameDescriptionRequired
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional

Context Output#

PathTypeDescription
AWS.IAM.Users.UserNamestringThe friendly name identifying the user.
AWS.IAM.Users.UserIdstringThe stable and unique string identifying the user.
AWS.IAM.Users.ArnstringThe Amazon Resource Name (ARN) that identifies the user.
AWS.IAM.Users.CreateDatedateThe date and time when the user was created.
AWS.IAM.Users.PathstringThe path to the user.
AWS.IAM.Users.PasswordLastUseddateThe date and time when the password was last used.

Command Example#

!aws-iam-list-users

aws-iam-update-user#


Updates the name and/or the path of the specified IAM user.

Base Command#

aws-iam-update-user

Input#

Argument NameDescriptionRequired
oldUserNameName of the user to update.Required
newUserNameNew name for the user. Include this parameter only if you're changing the user's name.Optional
newPathNew path for the IAM user. Include this parameter only if you're changing the user's path.Optional
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional

Context Output#

There is no context output for this command.

Command Example#

!aws-iam-update-user oldUserName=test newUserName=NewUserName34 newPath=/iamtest/

aws-iam-delete-user#


Deletes the specified IAM user. The user must not belong to any groups or have any access keys, signing certificates, or attached policies.

Base Command#

aws-iam-delete-user

Input#

Argument NameDescriptionRequired
userNameThe name of the user to delete.Required
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional

Context Output#

There is no context output for this command.

Command Example#

!aws-iam-delete-user userName=userName34

aws-iam-update-login-profile#


Changes the password for the specified IAM user.

Base Command#

aws-iam-update-login-profile

Input#

Argument NameDescriptionRequired
userNameThe name of the user whose password you want to update.Required
newPasswordThe new password for the specified IAM user.Required
passwordResetRequiredAllows this new password to be used only once by requiring the specified IAM user to set a new password on next sign-in. Possible values are: True, False.Required
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional

Context Output#

There is no context output for this command.

Command Example#

!aws-iam-update-login-profile userName=userName34 newPassword=ArdVaEC@1#$F%g% passwordResetRequired=True raw-response=true

aws-iam-create-group#


Creates a new iam group.

Base Command#

aws-iam-create-group

Input#

Argument NameDescriptionRequired
groupNameThe name of the group to create. Do not include the path in this value.Optional
pathThe path to the group.Optional
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional

Context Output#

PathTypeDescription
AWS.IAM.Groups.GroupNamestringThe friendly name that identifies the group.
AWS.IAM.Groups.GroupIdstringThe stable and unique string identifying the group.
AWS.IAM.Groups.ArnstringThe Amazon Resource Name (ARN) specifying the group.
AWS.IAM.Groups.CreateDatedateThe date and time when the group was created.
AWS.IAM.Groups.PathstringThe path to the group.

Command Example#

!aws-iam-create-group groupName=test path=/testgroups/

aws-iam-list-groups#


Lists all the IAM groups in the AWS account

Base Command#

aws-iam-list-groups

Input#

Argument NameDescriptionRequired
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional

Context Output#

PathTypeDescription
AWS.IAM.Groups.GroupNamestringThe friendly name that identifies the group.
AWS.IAM.Groups.GroupIdstringThe stable and unique string identifying the group.
AWS.IAM.Groups.ArnstringThe Amazon Resource Name (ARN) specifying the group.
AWS.IAM.Groups.CreateDatedateThe date and time when the group was created.
AWS.IAM.Groups.PathstringThe path to the group.

Command Example#

!aws-iam-list-groups

aws-iam-list-groups-for-user#


Lists the IAM groups that the specified IAM user belongs to.

Base Command#

aws-iam-list-groups-for-user

Input#

Argument NameDescriptionRequired
userNameThe name of the user to list groups for.Required
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional

Context Output#

PathTypeDescription
AWS.IAM.Users.Groups.GroupNamestringThe friendly name that identifies the group.
AWS.IAM.Users.Groups.GroupIdstringThe stable and unique string identifying the group
AWS.IAM.Users.Groups.ArnstringThe Amazon Resource Name (ARN) specifying the group.
AWS.IAM.Users.Groups.CreateDatedateThe date and time when the group was created.
AWS.IAM.Users.Groups.PathstringThe path to the group.

Command Example#

aws-iam-list-groups-for-user userName=test

aws-iam-add-user-to-group#


Adds the specified user to the specified group.

Base Command#

aws-iam-add-user-to-group

Input#

Argument NameDescriptionRequired
userNameThe name of the user to add.Required
groupNameThe name of the group to update.Required
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional

Context Output#

There is no context output for this command.

Command Example#

!aws-iam-add-user-to-group userName=userName34 groupName=test

aws-iam-create-access-key#


Creates a new AWS secret access key and corresponding AWS access key ID for the specified user. The default status for new keys is Active .

Base Command#

aws-iam-create-access-key

Input#

Argument NameDescriptionRequired
userNameThe name of the IAM user that the new key will belong to. If username is not provided, the account name configured in your integration will be used.Optional
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional

Context Output#

PathTypeDescription
AWS.IAM.Users.AccessKeys.AccessKeyIdstringThe ID for this access key.
AWS.IAM.Users.AccessKeys.SecretAccessKeystringThe secret key used to sign requests.
AWS.IAM.Users.AccessKeys.StatusstringThe status of the access key. Active means that the key is valid for API calls, while Inactive means it is not.
AWS.IAM.Users.AccessKeys.CreateDatedateThe date when the access key was created.

Command Example#

!aws-iam-create-access-key userName=userName34

aws-iam-update-access-key#


Changes the status of the specified access key from Active to Inactive, or vice versa. This operation can be used to disable a user's key as part of a key rotation workflow.

Base Command#

aws-iam-update-access-key

Input#

Argument NameDescriptionRequired
userNameThe name of the user whose key you want to update. If username is not provided, the account name configured in your integration .Optional
accessKeyIdThe access key ID of the secret access key you want to update.Required
statusThe status you want to assign to the secret access key. Active means that the key can be used for API calls to AWS, while Inactive means that the key cannot be used. Possible values are: Active, Inactive.Required
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional

Context Output#

There is no context output for this command.

Command Example#

!aws-iam-update-access-key userName=test accessKeyId=AKIAJSFAUQ7EDFPN7Y2D2A status=Inactive

aws-iam-list-access-keys-for-user#


Returns information about the access key IDs associated with the specified IAM user.

Base Command#

aws-iam-list-access-keys-for-user

Input#

Argument NameDescriptionRequired
userNameThe name of the user.Required
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional

Context Output#

PathTypeDescription
AWS.IAM.Users.AccessKeys.AccessKeyIdstringThe ID for this access key.
AWS.IAM.Users.AccessKeys.StatusstringThe status of the access key. Active means the key is valid for API calls; Inactive means it is not.
AWS.IAM.Users.AccessKeys.CreateDatedateThe date when the access key was created.
AWS.IAM.Users.AccessKeys.UserNamestringThe name of the IAM user that the key is associated with.

Command Example#

!aws-iam-list-access-keys-for-user userName=userName34

aws-iam-list-policies#


Lists all the managed policies that are available in your AWS account, including your own customer-defined managed policies and all AWS managed policies.

Base Command#

aws-iam-list-policies

Input#

Argument NameDescriptionRequired
scopeThe scope to use for filtering the results. To list only AWS managed policies, set Scope to AWS. To list only the customer managed policies in your AWS account, set Scope to Local. Possible values are: All, AWS, Local. Default is All.Optional
onlyAttachedA flag to filter the results to only the attached policies. When OnlyAttached is true , the returned list contains only the policies that are attached to an IAM user, group, or role. When OnlyAttached is false , or when the parameter is not included, all policies are returned. Possible values are: True, False. Default is False.Optional
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional

Context Output#

PathTypeDescription
AWS.IAM.Policies.PolicyNamestringThe friendly name (not ARN) identifying the policy.
AWS.IAM.Policies.PolicyIdstringThe stable and unique string identifying the policy.
AWS.IAM.Policies.ArnstringThe Amazon Resource Name (ARN).
AWS.IAM.Policies.PathstringThe path to the policy.
AWS.IAM.Policies.DefaultVersionIdstringThe identifier for the version of the policy that is set as the default version.
AWS.IAM.Policies.IsAttachablestringSpecifies whether the policy can be attached to an IAM user, group, or role.
AWS.IAM.Policies.CreateDatedatewhen the policy was created.
AWS.IAM.Policies.UpdateDatedatewhen the policy was last updated.
AWS.IAM.Policies.AttachmentCountnumberThe number of entities (users, groups, and roles) that the policy is attached to.

Command Example#

!aws-iam-list-policies scope=AWS onlyAttached=True

aws-iam-list-roles#


Lists all IAM roles

Base Command#

aws-iam-list-roles

Input#

Argument NameDescriptionRequired
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional

Context Output#

PathTypeDescription
AWS.IAM.Roles.RoleNamestringThe friendly name that identifies the role.
AWS.IAM.Roles.RoleIdstringThe stable and unique string identifying the role.
AWS.IAM.Roles.ArnstringThe Amazon Resource Name (ARN) specifying the role.
AWS.IAM.Roles.CreateDatedateThe date and time when the role was created.
AWS.IAM.Roles.PathstringThe path to the role.
AWS.IAM.Roles.AssumeRolePolicyDocumentstringThe policy that grants an entity permission to assume the role.
AWS.IAM.Roles.DescriptionstringA description of the role that you provide.
AWS.IAM.Roles.MaxSessionDurationnumberThe maximum session duration (in seconds) for the specified role. Anyone who uses the AWS CLI or API to assume the role can specify the duration using the optional DurationSeconds API parameter or duration-seconds CLI parameter.

Command Example#

!aws-iam-list-roles

aws-iam-attach-policy#


Attaches the specified managed policy to the specified IAM Entity.

Base Command#

aws-iam-attach-policy

Input#

Argument NameDescriptionRequired
typeThe Type of IAM Entity. Possible values are: User, Group, Role.Required
entityNameThe name (friendly name, not ARN) of the IAM Entity to attach the policy to.Optional
policyArnThe Amazon Resource Name (ARN) of the IAM policy you want to attach.Optional

Context Output#

There is no context output for this command.

Command Example#

!aws-iam-attach-policy type=User entityName=userName34 policyArn=arn:aws:iam::aws:policy/AmazonSQSFullAccess

aws-iam-detach-policy#


Removes the specified managed policy from the specified IAM Entity.

Base Command#

aws-iam-detach-policy

Input#

Argument NameDescriptionRequired
typeIAM Entity Type. Possible values are: User, Group, Role.Required
entityNameThe name (friendly name, not ARN) of the IAM Entity to detach the policy from.Optional
policyArnThe Amazon Resource Name (ARN) of the IAM policy you want to detach.Optional
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional

Context Output#

There is no context output for this command.

Command Example#

!aws-iam-detach-policy type=User entityName=userName34 policyArn=arn:aws:iam::aws:policy/AmazonSQSFullAccess

aws-iam-delete-login-profile#


Deletes the password for the specified IAM user, which terminates the user's ability to access AWS services through the AWS Management Console.

Base Command#

aws-iam-delete-login-profile

Input#

Argument NameDescriptionRequired
userNameThe name of the user whose password you want to delete.Required
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional

Context Output#

There is no context output for this command.

Command Example#

!aws-iam-delete-login-profile userName=userName34

aws-iam-delete-group#


Deletes the specified IAM group. The group must not contain any users or have any attached policies.

Base Command#

aws-iam-delete-group

Input#

Argument NameDescriptionRequired
groupNameThe name of the IAM group to delete.Required
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional

Context Output#

There is no context output for this command.

Command Example#

!aws-iam-delete-group groupName=Group123

aws-iam-remove-user-from-group#


Removes the specified user from the specified group.

Base Command#

aws-iam-remove-user-from-group

Input#

Argument NameDescriptionRequired
userNameThe name of the user to remove.Required
groupNameThe name of the group to update.Required
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional

Context Output#

There is no context output for this command.

Command Example#

!aws-iam-remove-user-from-group userName=userName34 groupName=Group123

aws-iam-create-login-profile#


Creates a password for the specified user, giving the user the ability to access AWS services through the AWS Management Console.

Base Command#

aws-iam-create-login-profile

Input#

Argument NameDescriptionRequired
userNameThe name of the IAM user to create a password for. The user must already exist.Required
passwordThe new password for the user.Required
passwordResetRequiredSpecifies whether the user is required to set a new password on next sign-in. Possible values are: True, False.Optional
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional

Context Output#

There is no context output for this command.

Command Example#

!aws-iam-create-login-profile userName=userName34 password=Avd#sdf$12VB6*cvg passwordResetRequired=True

aws-iam-delete-access-key#


Deletes the access key pair associated with the specified IAM user.

Base Command#

aws-iam-delete-access-key

Input#

Argument NameDescriptionRequired
userNamehe name of the user whose access key pair you want to delete. If username is not provided, the account name configured in your integration will be used.Optional
AccessKeyIdThe access key ID for the access key ID and secret access key you want to delete.Required
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional

Context Output#

There is no context output for this command.

Command Example#

!aws-iam-delete-access-key userName=userName34 AccessKeyId=ABCDEFGGHDJQ7E7X5PADN7Y2D2A

aws-iam-create-instance-profile#


Creates a new instance profile.

Base Command#

aws-iam-create-instance-profile

Input#

Argument NameDescriptionRequired
instanceProfileNameThe name of the instance profile to create.Required
pathThe path to the instance profile.Optional
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional

Context Output#

PathTypeDescription
AWS.IAM.InstanceProfiles.PathstringThe path to the instance profile.
AWS.IAM.InstanceProfiles.InstanceProfileNamestringThe name identifying the instance profile.
AWS.IAM.InstanceProfiles.InstanceProfileIdstringThe stable and unique string identifying the instance profile.
AWS.IAM.InstanceProfiles.ArnstringThe Amazon Resource Name (ARN) specifying the instance profile.
AWS.IAM.InstanceProfiles.CreateDatedateThe date when the instance profile was created.

Command Example#

!aws-iam-create-instance-profile instanceProfileName=testprofile path=/test/

aws-iam-delete-instance-profile#


Deletes the specified instance profile. The instance profile must not have an associated role.

Base Command#

aws-iam-delete-instance-profile

Input#

Argument NameDescriptionRequired
instanceProfileNameThe name of the instance profile to delete.Required
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional

Context Output#

There is no context output for this command.

Command Example#

!aws-iam-delete-instance-profile instanceProfileName=testprofile

aws-iam-list-instance-profiles#


Lists all the instance profiles tin your AWS account.

Base Command#

aws-iam-list-instance-profiles

Input#

Argument NameDescriptionRequired
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional

Context Output#

PathTypeDescription
AWS.IAM.InstanceProfiles.PathstringThe path to the instance profile.
AWS.IAM.InstanceProfiles.InstanceProfileNamestringThe name identifying the instance profile.
AWS.IAM.InstanceProfiles.InstanceProfileIdstringThe stable and unique string identifying the instance profile.
AWS.IAM.InstanceProfiles.ArnstringThe Amazon Resource Name (ARN) specifying the instance profile.
AWS.IAM.InstanceProfiles.CreateDatedateThe date when the instance profile was created.
AWS.IAM.InstanceProfiles.Roles.PathstringThe path to the role.
AWS.IAM.InstanceProfiles.Roles.RoleNamestringThe friendly name that identifies the role.
AWS.IAM.InstanceProfiles.Roles.RoleIdstringThe stable and unique string identifying the role.
AWS.IAM.InstanceProfiles.Roles.ArnstringThe Amazon Resource Name (ARN) specifying the role.
AWS.IAM.InstanceProfiles.Roles.CreateDatedateThe date and time, when the role was created.
AWS.IAM.InstanceProfiles.Roles.AssumeRolePolicyDocumentstringThe policy that grants an entity permission to assume the role.
AWS.IAM.InstanceProfiles.Roles.DescriptionstringA description of the role that you provide.
AWS.IAM.InstanceProfiles.Roles.MaxSessionDurationnumberThe maximum session duration (in seconds) for the specified role.

Command Example#

!aws-iam-list-instance-profiles

aws-iam-add-role-to-instance-profile#


Adds the specified IAM role to the specified instance profile. An instance profile can contain only one role, and this limit cannot be increased. You can remove the existing role and then add a different role to an instance profile.

Base Command#

aws-iam-add-role-to-instance-profile

Input#

Argument NameDescriptionRequired
instanceProfileNameThe name of the instance profile to update.Required
roleNameThe name of the role to add.Required
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional

Context Output#

PathTypeDescription
AWS.IAM.InstanceProfiles.PathstringThe path to the instance profile.
AWS.IAM.InstanceProfiles.InstanceProfileNamestringThe name identifying the instance profile.
AWS.IAM.InstanceProfiles.InstanceProfileIdstringThe stable and unique string identifying the instance profile.
AWS.IAM.InstanceProfiles.ArnstringThe Amazon Resource Name (ARN) specifying the instance profile.
AWS.IAM.InstanceProfiles.CreateDatedateThe date when the instance profile was created.
AWS.IAM.InstanceProfiles.Roles.PathstringThe path to the role.
AWS.IAM.InstanceProfiles.Roles.RoleNamestringThe friendly name that identifies the role.
AWS.IAM.InstanceProfiles.Roles.RoleIdstringThe stable and unique string identifying the role.
AWS.IAM.InstanceProfiles.Roles.ArnstringThe Amazon Resource Name (ARN) specifying the role.
AWS.IAM.InstanceProfiles.Roles.CreateDatedateThe date and time, when the role was created.
AWS.IAM.InstanceProfiles.Roles.AssumeRolePolicyDocumentstringThe policy that grants an entity permission to assume the role.
AWS.IAM.InstanceProfiles.Roles.DescriptionstringA description of the role that you provide.
AWS.IAM.InstanceProfiles.Roles.MaxSessionDurationnumberThe maximum session duration (in seconds) for the specified role.

Command Example#

!aws-iam-add-role-to-instance-profile instanceProfileName=testprofile roleName=EC2ReadOnly

aws-iam-remove-role-from-instance-profile#


Removes the specified IAM role from the specified EC2 instance profile.

Base Command#

aws-iam-remove-role-from-instance-profile

Input#

Argument NameDescriptionRequired
instanceProfileNameThe name of the instance profile to update.Required
roleNameThe name of the role to remove.Required
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional

Context Output#

PathTypeDescription
AWS.IAM.InstanceProfiles.PathstringThe path to the instance profile.
AWS.IAM.InstanceProfiles.InstanceProfileNamestringThe name identifying the instance profile.
AWS.IAM.InstanceProfiles.InstanceProfileIdstringThe stable and unique string identifying the instance profile.
AWS.IAM.InstanceProfiles.ArnstringThe Amazon Resource Name (ARN) specifying the instance profile.
AWS.IAM.InstanceProfiles.CreateDatedateThe date when the instance profile was created.
AWS.IAM.InstanceProfiles.Roles.PathstringThe path to the role.
AWS.IAM.InstanceProfiles.Roles.RoleNamestringThe friendly name that identifies the role.
AWS.IAM.InstanceProfiles.Roles.RoleIdstringThe stable and unique string identifying the role.
AWS.IAM.InstanceProfiles.Roles.ArnstringThe Amazon Resource Name (ARN) specifying the role.
AWS.IAM.InstanceProfiles.Roles.CreateDatedateThe date and time, when the role was created.
AWS.IAM.InstanceProfiles.Roles.AssumeRolePolicyDocumentstringThe policy that grants an entity permission to assume the role.
AWS.IAM.InstanceProfiles.Roles.DescriptionstringA description of the role that you provide.
AWS.IAM.InstanceProfiles.Roles.MaxSessionDurationnumberThe maximum session duration (in seconds) for the specified role.

Command Example#

!aws-iam-remove-role-from-instance-profile instanceProfileName=testprofile roleName=EC2ReadOnly

aws-iam-list-instance-profiles-for-role#


Lists the instance profiles that have the specified associated IAM role.

Base Command#

aws-iam-list-instance-profiles-for-role

Input#

Argument NameDescriptionRequired
roleNameThe name of the role to list instance profiles for.Required
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional

Context Output#

PathTypeDescription
AWS.IAM.InstanceProfiles.PathstringThe path to the instance profile.
AWS.IAM.InstanceProfiles.InstanceProfileNamestringThe name identifying the instance profile.
AWS.IAM.InstanceProfiles.InstanceProfileIdstringThe stable and unique string identifying the instance profile.
AWS.IAM.InstanceProfiles.ArnstringThe Amazon Resource Name (ARN) specifying the instance profile.
AWS.IAM.InstanceProfiles.CreateDatedateThe date when the instance profile was created.
AWS.IAM.InstanceProfiles.Roles.PathstringThe path to the role.
AWS.IAM.InstanceProfiles.Roles.RoleNamestringThe friendly name that identifies the role.
AWS.IAM.InstanceProfiles.Roles.RoleIdstringThe stable and unique string identifying the role.
AWS.IAM.InstanceProfiles.Roles.ArnstringThe Amazon Resource Name (ARN) specifying the role.
AWS.IAM.InstanceProfiles.Roles.CreateDatedateThe date and time, when the role was created.
AWS.IAM.InstanceProfiles.Roles.AssumeRolePolicyDocumentstringThe policy that grants an entity permission to assume the role.
AWS.IAM.InstanceProfiles.Roles.DescriptionstringA description of the role that you provide.
AWS.IAM.InstanceProfiles.Roles.MaxSessionDurationnumberThe maximum session duration (in seconds) for the specified role.

Command Example#

!aws-iam-list-instance-profiles-for-role roleName=EC2ReadOnly

aws-iam-get-instance-profile#


Retrieves information about the specified instance profile.

Base Command#

aws-iam-get-instance-profile

Input#

Argument NameDescriptionRequired
instanceProfileNameThe name of the instance profile to get information about.Required
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional

Context Output#

PathTypeDescription
AWS.IAM.InstanceProfiles.PathstringThe path to the instance profile.
AWS.IAM.InstanceProfiles.InstanceProfileNamestringThe name identifying the instance profile.
AWS.IAM.InstanceProfiles.InstanceProfileIdstringThe stable and unique string identifying the instance profile.
AWS.IAM.InstanceProfiles.ArnstringThe Amazon Resource Name (ARN) specifying the instance profile.
AWS.IAM.InstanceProfiles.CreateDatedateThe date when the instance profile was created.
AWS.IAM.InstanceProfiles.Roles.PathstringThe path to the role.
AWS.IAM.InstanceProfiles.Roles.RoleNamestringThe friendly name that identifies the role.
AWS.IAM.InstanceProfiles.Roles.RoleIdstringThe stable and unique string identifying the role.
AWS.IAM.InstanceProfiles.Roles.ArnstringThe Amazon Resource Name (ARN) specifying the role.
AWS.IAM.InstanceProfiles.Roles.CreateDatedateThe date and time, when the role was created.
AWS.IAM.InstanceProfiles.Roles.AssumeRolePolicyDocumentstringThe policy that grants an entity permission to assume the role.
AWS.IAM.InstanceProfiles.Roles.DescriptionstringA description of the role that you provide.
AWS.IAM.InstanceProfiles.Roles. MaxSessionDurationnumberThe maximum session duration (in seconds) for the specified role.

Command Example#

!aws-iam-get-instance-profile instanceProfileName=testprofile

aws-iam-get-role#


Retrieves information about the specified role.

Base Command#

aws-iam-get-role

Input#

Argument NameDescriptionRequired
roleNameThe name of the IAM role to get information about.Required
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional

Context Output#

PathTypeDescription
AWS.IAM.Roles.PathstringThe path to the role.
AWS.IAM.Roles.RoleNamestringThe friendly name that identifies the role.
AWS.IAM.Roles.RoleIdstringThe stable and unique string identifying the role.
AWS.IAM.Roles.ArnstringThe Amazon Resource Name (ARN) specifying the role.
AWS.IAM.Roles.CreateDatedateThe date and time, when the role was created.
AWS.IAM.Roles.AssumeRolePolicyDocumentstringThe policy that grants an entity permission to assume the role.
AWS.IAM.Roles.DescriptionstringA description of the role that you provide.
AWS.IAM.Roles.MaxSessionDurationnumberThe maximum session duration (in seconds) for the specified role.
AWS.IAM.Roles.Tags.KeystringThe tag key.
AWS.IAM.Roles.Tags.ValuestringThe tag value.

Command Example#

!aws-iam-get-role roleName=ec2readonly

aws-iam-delete-role#


Deletes the specified role. The role must not have any policies attached.

Base Command#

aws-iam-delete-role

Input#

Argument NameDescriptionRequired
roleNameThe name of the role to delete.Required
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional

Context Output#

There is no context output for this command.

Command Example#

!aws-iam-delete-role roleName=test-role

aws-iam-create-role#


Creates a new role for your AWS account.

Base Command#

aws-iam-create-role

Input#

Argument NameDescriptionRequired
roleNameThe name of the role to create.Required
assumeRolePolicyDocumentThe trust relationship policy document that grants an entity permission to assume the role.Required
pathThe path to the role.Optional
descriptionA description of the role.Optional
maxSessionDurationThe maximum session duration (in seconds) that you want to set for the specified role. If you do not specify a value for this setting, the default maximum of one hour is applied. This setting can have a value from 1 hour to 12 hours.Optional
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional

Context Output#

PathTypeDescription
AWS.IAM.Roles.RoleNamestringThe friendly name that identifies the role.
AWS.IAM.Roles.RoleIdstringThe stable and unique string identifying the role.
AWS.IAM.Roles.ArnstringThe Amazon Resource Name (ARN) specifying the role.
AWS.IAM.Roles.CreateDatedateThe date and time, when the role was created.
AWS.IAM.Roles.PathstringThe path to the role.
AWS.IAM.Roles.AssumeRolePolicyDocumentstringhe policy that grants an entity permission to assume the role.
AWS.IAM.Roles.DescriptionstringA description of the role that you provide.
AWS.IAM.Roles.MaxSessionDurationnumberThe maximum session duration (in seconds) for the specified role.

Command Example#

!aws-iam-create-role roleName=testrole assumeRolePolicyDocument="{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "ec2.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}" description="a test role"

aws-iam-create-policy#


Creates a new managed policy for your AWS account. This operation creates a policy version with a version identifier of v1 and sets v1 as the policy's default version.

Base Command#

aws-iam-create-policy

Input#

Argument NameDescriptionRequired
policyNameThe friendly name of the policy.Required
policyDocumentThe JSON policy document that you want to use as the content for the new policy.Required
pathThe path for the policy.Optional
descriptionA friendly description of the policy.Optional
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional

Context Output#

PathTypeDescription
AWS.IAM.Policies.PolicyNamestringThe friendly name (not ARN) identifying the policy.
AWS.IAM.Policies.PolicyIdstringThe stable and unique string identifying the policy.
AWS.IAM.Policies.ArnstringThe Amazon Resource Name (ARN). ARNs are unique identifiers for AWS resources.
AWS.IAM.Policies.PathstringThe path to the policy.
AWS.IAM.Policies.DefaultVersionIdstringThe identifier for the version of the policy that is set as the default version.
AWS.IAM.Policies.AttachmentCountnumberThe number of entities (users, groups, and roles) that the policy is attached to.
AWS.IAM.Policies.PermissionsBoundaryUsageCountnumberThe number of entities (users and roles) for which the policy is used to set the permissions boundary.
AWS.IAM.Policies.IsAttachablebooleanSpecifies whether the policy can be attached to an IAM user, group, or role.
AWS.IAM.Policies.DescriptionstringA friendly description of the policy.
AWS.IAM.Policies.CreateDatedateThe date and time, in ISO 8601 date-time format , when the policy was created.
AWS.IAM.Policies.UpdateDatedateThe date and time, in ISO 8601 date-time format , when the policy was last updated.

Command Example#

!aws-iam-create-policy policyName=test-policy policyDocument="{
"Version": "2012-10-17",
"Statement": \[
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": "guardduty:CreateIPSet",
"Resource": "arn:aws:guardduty:_:_:detector/_"
},
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": "guardduty:CreateDetector",
"Resource": "_"
}
\]
}"

aws-iam-delete-policy#


Deletes the specified managed policy. Before you can delete a managed policy, you must first detach the policy from all users, groups, and roles that it is attached to. In addition you must delete all the policy's versions.

Base Command#

aws-iam-delete-policy

Input#

Argument NameDescriptionRequired
policyArnThe Amazon Resource Name (ARN) of the IAM policy you want to delete.Required
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional

Context Output#

There is no context output for this command.

Command Example#

!aws-iam-delete-policy policyArn=arn:aws:iam::123456789:policy/test-policy

aws-iam-create-policy-version#


Creates a new version of the specified managed policy. To update a managed policy, you create a new policy version. A managed policy can have up to five versions. If the policy has five versions, you must delete an existing version using DeletePolicyVersion before you create a new version. Optionally, you can set the new version as the policy's default version. The default version is the version that is in effect for the IAM users, groups, and roles to which the policy is attached.

Base Command#

aws-iam-create-policy-version

Input#

Argument NameDescriptionRequired
policyArnThe Amazon Resource Name (ARN) of the IAM policy to which you want to add a new version.Required
policyDocumentThe JSON policy document that you want to use as the content for this new version of the policy.Required
setAsDefaultSpecifies whether to set this version as the policy's default version. Possible values are: True, False.Optional
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional

Context Output#

PathTypeDescription
AWS.IAM.Policies.Versions.DocumentstringThe policy document.
AWS.IAM.Policies.Versions.VersionIdstringThe identifier for the policy version.
AWS.IAM.Policies.Versions.IsDefaultVersionstringThe identifier for the policy version.
AWS.IAM.Policies.Versions.CreateDatestringThe date and time, in ISO 8601 date-time format , when the policy version was created.

Command Example#

!aws-iam-create-policy-version policyArn=arn:aws:iam::123456789:policy/test-policy policyDocument="{
"Version": "2012-10-17",
"Statement": \[
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": "guardduty:CreateIPSet",
"Resource": "arn:aws:guardduty:_:_:detector/_"
},
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": "guardduty:CreateDetector",
"Resource": "_"
}
\]
}" setAsDefault=True

aws-iam-delete-policy-version#


Deletes the specified version from the specified managed policy. You cannot delete the default version from a policy using this API. To delete the default version from a policy, use DeletePolicy . To find out which version of a policy is marked as the default version, use ListPolicyVersions .

Base Command#

aws-iam-delete-policy-version

Input#

Argument NameDescriptionRequired
policyArnThe Amazon Resource Name (ARN) of the IAM policy from which you want to delete a version.Required
versionIdThe policy version to delete.Required
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional

Context Output#

There is no context output for this command.

Command Example#

!aws-iam-delete-policy-version policyArn=arn:aws:iam::123456789:policy/test-policy versionId=v1

aws-iam-list-policy-versions#


Lists information about the versions of the specified managed policy, including the version that is currently set as the policy's default version.

Base Command#

aws-iam-list-policy-versions

Input#

Argument NameDescriptionRequired
policyArnThe Amazon Resource Name (ARN) of the IAM policy for which you want the versions.Required

Context Output#

PathTypeDescription
AWS.IAM.Policies.Versions.DocumentstringThe policy document.
AWS.IAM.Policies.Versions.VersionIdstringThe identifier for the policy version.
AWS.IAM.Policies.Versions.IsDefaultVersionbooleanSpecifies whether the policy version is set as the policy's default version.
AWS.IAM.Policies.Versions.CreateDatedateThe date and time, in ISO 8601 date-time format , when the policy version was created.

Command Example#

!aws-iam-list-policy-versions policyArn=arn:aws:iam::123456789:policy/test-policy

aws-iam-get-policy-version#


Retrieves information about the specified version of the specified managed policy, including the policy document.

Base Command#

aws-iam-get-policy-version

Input#

Argument NameDescriptionRequired
policyArnThe Amazon Resource Name (ARN) of the managed policy that you want information about.Required
versionIdIdentifies the policy version to retrieve.Required
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional

Context Output#

PathTypeDescription
AWS.IAM.Policies.Versions.DocumentunknownThe policy document.
AWS.IAM.Policies.Versions.VersionIdunknownThe identifier for the policy version.
AWS.IAM.Policies.Versions.IsDefaultVersionunknownSpecifies whether the policy version is set as the policy's default version.
AWS.IAM.Policies.Versions.CreateDateunknownThe date and time, in ISO 8601 date-time format , when the policy version was created.

Command Example#

!aws-iam-get-policy-version policyArn=arn:aws:iam::123456789:policy/test-policy versionId=v3

aws-iam-set-default-policy-version#


Sets the specified version of the specified policy as the policy's default (operative) version. This operation affects all users, groups, and roles that the policy is attached to.

Base Command#

aws-iam-set-default-policy-version

Input#

Argument NameDescriptionRequired
policyArnThe Amazon Resource Name (ARN) of the IAM policy whose default version you want to set.Required
versionIdThe version of the policy to set as the default (operative) version.Required
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional

Context Output#

There is no context output for this command.

Command Example#

!aws-iam-set-default-policy-version policyArn=arn:aws:iam::123456789:policy/test-policy versionId=v2

aws-iam-create-account-alias#


Creates an alias for your AWS account.

Base Command#

aws-iam-create-account-alias

Input#

Argument NameDescriptionRequired
accountAliasThe account alias to create.Required
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional

Context Output#

There is no context output for this command.

Command Example#

!aws-iam-create-account-alias accountAlias=test-alias

aws-iam-delete-account-alias#


Deletes the specified AWS account alias.

Base Command#

aws-iam-delete-account-alias

Input#

Argument NameDescriptionRequired
accountAliasThe name of the account alias to delete.Required
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional

Context Output#

There is no context output for this command.

Command Example#

!aws-iam-delete-account-alias accountAlias=demisto-test-alias

aws-iam-get-account-password-policy#


Get AWS account's password policy

Base Command#

aws-iam-get-account-password-policy

Input#

Argument NameDescriptionRequired

Context Output#

PathTypeDescription
AWS.IAM.PasswordPolicyUnknownAccount's password policy.

aws-iam-update-account-password-policy#


Create/update password policy

Base Command#

aws-iam-update-account-password-policy

Input#

Argument NameDescriptionRequired
minimumPasswordLengthThe minimum number of characters allowed in an IAM user password. Possible values are: .Optional
requireSymbolsSpecifies whether IAM user passwords must contain at least one of the non-alphanumeric characters. Can be "True" or "False". Possible values are: True, False.Optional
requireNumbersSpecifies whether IAM user passwords must contain at least one numeric character (0 to 9). Can be "True" or "False". Possible values are: True, False.Optional
requireUppercaseCharactersSpecifies whether IAM user passwords must contain at least one uppercase character from the ISO basic Latin alphabet (A to Z). Can be "True" or "False". Possible values are: True, False.Optional
requireLowercaseCharactersSpecifies whether IAM user passwords must contain at least one lowercase character from the ISO basic Latin alphabet (a to z). Can be "True" or "False". Possible values are: True, False.Optional
allowUsersToChangePasswordAllows all IAM users in your account to use the AWS Management Console to change their own passwords. Can be "True" or "False". Possible values are: True, False.Optional
maxPasswordAgeThe number of days that an IAM user password is valid. Possible values are: .Optional
passwordReusePreventionSpecifies the number of previous passwords that IAM users are prevented from reusing. Possible values are: .Optional
hardExpiryPrevents IAM users from setting a new password after their password has expired. Can be "True" or "False". Possible values are: True, False.Optional

Context Output#

There is no context output for this command.

aws-iam-list-role-policies#


Lists the names of the inline policies that are embedded in the specified IAM role.

Base Command#

aws-iam-list-role-policies

Input#

Argument NameDescriptionRequired
roleNameThe name of the role to list policies for.Required

Context Output#

PathTypeDescription
AWS.IAM.Roles.RoleName.PoliciesUnknownA list of policy names.

Command Example#

!aws-iam-list-role-policies roleName=test-RoleARN

aws-iam-get-role-policy#


Retrieves the specified inline policy document that is embedded with the specified IAM role.

Base Command#

aws-iam-get-role-policy

Input#

Argument NameDescriptionRequired
roleNameThe name of the role associated with the policy.Required
policyNameThe name of the policy document to get.Required

Context Output#

PathTypeDescription
AWS.IAM.Roles.PolicyDocumentstringThe policy document.

Command Example#

!aws-iam-get-role-policy roleName=test-RoleARN policyName=testPolicy

aws-iam-get-policy#


Retrieves information about the specified managed policy, including the policy's default version and the total number of IAM users, groups, and roles to which the policy is attached.

Base Command#

aws-iam-get-policy

Input#

Argument NameDescriptionRequired
policyNameThe Amazon Resource Name (ARN) of the managed policy that you want information about.Required

Context Output#

PathTypeDescription
AWS.IAM.Policy.PolicyNamestringThe friendly name (not ARN) identifying the policy.
AWS.IAM.Policy.PolicyIdstringThe stable and unique string identifying the policy.
AWS.IAM.Policy.ArnstringThe Amazon Resource Name (ARN). ARNs are unique identifiers for Amazon Web Services resources.
AWS.IAM.Policy.PathstringThe path to the policy.
AWS.IAM.Policy.DescriptionstringA friendly description of the policy.

Command Example#

!aws-iam-get-policy policyName=testPolicy

aws-iam-list-user-policies#


Lists the names of the inline policies embedded in the specified IAM user.

Base Command#

aws-iam-list-user-policies

Input#

Argument NameDescriptionRequired
userNameThe name (friendly name, not ARN) of the user to list inline policies for.Required
limitNumber of results to display. Default value is 50.Optional
pagePage number you would like to view. Each page contains page_size values. Must be used along with page_size.Optional
page_sizeNumber of results per page to display.Optional
markerStarting item of the next page to view. Can be retrieved from context (AttachedPoliciesMarker).Optional

Context Output#

PathTypeDescription
AWS.IAM.UserPolicies.UserNamestringA list of the user's inline policy names.
AWS.IAM.UserPolicies.PolicyNamestringThe name of the policy.
AWS.IAM.Users.InlinePoliciesMarkerstringFirst element of next page of items.

Command Example#

!aws-iam-list-user-policies userName=testUser

aws-iam-list-attached-user-polices#


Lists all managed policies that are attached to the specified IAM user.

Base Command#

aws-iam-list-attached-user-policies

Input#

Argument NameDescriptionRequired
userNameThe name (friendly name, not ARN) of the user to list attached policies for.Required
limitNumber of results to display. Default value is 50.Optional
pagePage number you would like to view. Each page contains page_size values. Must be used along with page_size.Optional
page_sizeNumber of results per page to display.Optional
markerStarting item of the next page to view. Can be retrieved from context (AttachedPoliciesMarker).Optional

Context Output#

PathTypeDescription
AWS.IAM.AttachedUserPolicies.UserNamestringThe name (friendly name, not ARN) of the user to list attached policies for.
AWS.IAM.AttachedUserPolicies.PolicyNamestringPolicy Name
AWS.IAM.AttachedUserPolicies.PolicyArnstringThe Amazon Resource Name (ARN) of the attached policy.
AWS.IAM.Users.AttachedPoliciesMarkerstringFirst element of next page of items.

Command Example#

!aws-iam-list-attached-user-policies userName=testUser

aws-iam-list-attached-group-policies#


Lists all managed policies that are attached to the specified IAM group.

Base Command#

aws-iam-list-attached-group-policies

Input#

Argument NameDescriptionRequired
groupNameThe name (friendly name, not ARN) of the group to list attached policies for.Required
limitNumber of results to display. Default value is 50.Optional
pagePage number you would like to view. Each page contains page_size values. Must be used along with page_size.Optional
page_sizeNumber of results per page to display.Optional
markerStarting item of the next page to view. Can be retrieved from context (AttachedPoliciesMarker).Optional

Context Output#

PathTypeDescription
AWS.IAM.AttachedGroupPolicies.GroupNamestringThe name (friendly name, not ARN) of the group to list attached policies for.
AWS.IAM.AttachedGroupPolicies.PolicyNamestringPolicy Name
AWS.IAM.AttachedGroupPolicies.PolicyArnstringThe Amazon Resource Name (ARN) of the attached policy.
AWS.IAM.Groups.AttachedPoliciesMarkerstringFirst element of next page of items.

Command Example#

!aws-iam-list-attached-group-policies groupName=testGroup

aws-iam-get-user-login-profile#


Lists all managed policies that are attached to the specified IAM user.

Base Command#

aws-iam-get-user-login-profile

Input#

Argument NameDescriptionRequired
userNameThe name (friendly name, not ARN) of the user to retrieve login profile for.Required

Context Output#

PathTypeDescription
AWS.IAM.Users.LoginProfile.CreateDatedateThe date when the password for the user was created.
AWS.IAM.Users.LoginProfile.PasswordResetRequiredbooleanSpecifies whether the user is required to set a new password on next sign-in.

Command Example#

!aws-iam-get-user-login-profile userName=testUser

aws-iam-put-role-policy#


Adds or updates an inline policy document that is embedded in the specified IAM role.

Base Command#

aws-iam-put-role-policy

Input#

Argument NameDescriptionRequired
policyDocumentThe policy document. You must provide policies in JSON format in IAM.Required
policyNameThe name of the policy document.Required
roleNameThe name of the role to associate the policy with.Required

Human Readable Output#

Policy {policy_name} was added to role {role_name}#

Context Output#

There is no context output for this command.

aws-iam-put-user-policy#


Adds or updates an inline policy document that is embedded in the specified IAM user.

Base Command#

aws-iam-put-user-policy

Input#

Argument NameDescriptionRequired
policyDocumentThe policy document. You must provide policies in JSON format in IAM.Required
policyNameThe name of the policy document.Required
userNameThe name of the user to associate the policy with.Required

Context Output#

There is no context output for this command.

Human Readable Output#

Policy {policy_name} was added to role {user_name}#

aws-iam-put-group-policy#


Adds or updates an inline policy document that is embedded in the specified IAM group.

Base Command#

aws-iam-put-group-policy

Input#

Argument NameDescriptionRequired
policyDocumentThe policy document. You must provide policies in JSON format in IAM.Required
policyNameThe name of the policy document.Required
groupNameThe name of the group to associate the policy with.Required

Context Output#

There is no context output for this command.

Human Readable Output#

Policy {policy_name} was added to role {group_name}#

aws-iam-tag-role#


Adds one or more tags to an IAM role. The role can be a regular role or a service-linked role. If a tag with the same key name already exists, then that tag is overwritten with the new value.

Base Command#

aws-iam-tag-role

Input#

Argument NameDescriptionRequired
roleNameThe name of the IAM role to which you want to add tags.Required
tagsA comma-separated list of Key:Value tag objects.Required

Context Output#

There is no context output for this command.

Human Readable Output#

Added the following tags to role {role_name}#

KeyValue
KeyValue

aws-iam-tag-user#


Adds one or more tags to an IAM user. If a tag with the same key name already exists, then that tag is overwritten with the new value.

Base Command#

aws-iam-tag-user

Input#

Argument NameDescriptionRequired
userNameThe name of the IAM user to which you want to add tags.Required
tagsA comma-separated list of Key:Value tag objects.Required

Context Output#

There is no context output for this command.

Human Readable Output#

Added the following tags to user {user_name}#

KeyValue
KeyValue

aws-iam-untag-user#


Removes the specified tags from the user.

Base Command#

aws-iam-untag-user

Input#

Argument NameDescriptionRequired
userNameThe name of the IAM role to which you want to untag.Required
tagKeysA comma-separated list of tag keys.Required

Context Output#

There is no context output for this command.

Human Readable Output#

Untagged the following tags from user {user_name}#

Removed keys
Key1

aws-iam-untag-role#


Removes the specified tags from the role.

Base Command#

aws-iam-untag-role

Input#

Argument NameDescriptionRequired
roleNameThe name of the IAM role to which you want to untag.Required
tagKeysA comma-separated list of tag keys.Required

Context Output#

There is no context output for this command.

Human Readable Output#

Untagged the following tags from role {role_name}#

Removed keys
Key1

aws-iam-get-access-key-last-used#


Retrieves information about when the specified access key was last used. The information includes the date and time of last use, along with the AWS service and region that were specified in the last request made with that key.

Base Command#

aws-iam-get-access-key-last-used

Input#

Argument NameDescriptionRequired
accessKeyIdThe identifier of an access key.Required

Context Output#

PathTypeDescription
AWS.IAM.AccessKey.IDstringThe access key ID.
AWS.IAM.AccessKey.UserNamestringThe username owning the given access key.
AWS.IAM.AccessKey.LastUsedServiceNamestringThe name of the service that last used the given access key.
AWS.IAM.AccessKey.LastUsedRegionstringThe name of the region where the given access key was last used.
AWS.IAM.AccessKey.LastUsedDatestringThe date when the given access key was last used.

Human Readable Output#

Found the following information about access key access_Key_Id#

IDUserNameLastUsedDateLastUsedServiceNameLastUsedRegion
access_Key_Iduser_name2023-06-06T14:32:00testHere

aws-iam-list-attached-role-policies#


List all managed policies that are attached to the specified IAM role.

Base Command#

aws-iam-list-attached-role-policies

Input#

Argument NameDescriptionRequired
roleNameThe name (friendly name, not ARN) of the role to list attached policies for.Required
pathPrefixThe path prefix for filtering the results. This parameter is optional. If it is not included, it defaults to a slash (/), listing all policies.Optional
maxItemsThe maximum number of items to return in the command's output.Optional
markerUse this parameter only when paginating results and only after you receive a response indicating that the results are truncated. Set it to the value of the Marker element in the response that you received to indicate where the next call should start.Optional

Context Output#

PathTypeDescription
AWS.IAM.Roles.AttachedPolicies.Policies.PolicyNamestringThe policy name.
AWS.IAM.Roles.AttachedPolicies.Policies.PolicyArnstringThe policy ARN.
AWS.IAM.Roles.AttachedPolicies.Policies.RoleNamestringThe queried role name.
AWS.IAM.Roles.AttachedPolicies.Query.IsTruncatedBooleanWhether there are more items to return. If the results were truncated, make a subsequent pagination request using the Marker request parameter to retrieve more items. Note that IAM might return fewer than the MaxItems number of results even when there are more results available. AWS recommends checking IsTruncated after every call to ensure that all results are received.
AWS.IAM.Roles.AttachedPolicies.Query.MarkerstringWhen IsTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent pagination request.

Command example#

!aws-iam-list-attached-role-policies roleName=myRoleName

Context Example#

{
"AWS": {
"IAM": {
"Roles": {
"AttachedPolicies": {
"Policies": [
{
"PolicyArn": "arn:aws:iam::000000000000:policy/my-policy",
"PolicyName": "my-policy-name",
"RoleName": "myRoleName"
},
{
"PolicyArn": "arn:aws:iam::000000000001:policy/my-other-policy",
"PolicyName": "my-other-policy-name",
"RoleName": "myRoleName"
}
],
"Query": {
"IsTruncated": false
}
}
}
}
}
}

Human Readable Output#

Results#

Attached Policies for Role myRoleName#

PolicyArnPolicyNameRoleName
arn:aws:iam::000000000000:policy/my-policymy-policy-namemyRoleName
arn:aws:iam::000000000001:policy/my-other-policymy-other-policy-namemyRoleName

Listed 2 attached policies for role test-role

aws-iam-list-mfa-devices#


Lists the MFA devices for an IAM user.

Base Command#

aws-iam-list-mfa-devices

Input#

Argument NameDescriptionRequired
userNameThe name of the user whose MFA devices you want to list.Required
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional
markerUse this parameter only when paginating results and only after you receive a response indicating that the results are truncated. Set it to the value of the Marker element in the response that you received to indicate where the next call should start.Optional

Context Output#

PathTypeDescription
AWS.IAM.MFADevices.Devices.UserNamestringThe user with whom the MFA device is associated.
AWS.IAM.MFADevices.Devices.SerialNumberstringThe serial number that uniquely identifies the MFA device. For virtual MFA devices, the serial number is the device ARN.
AWS.IAM.MFADevices.Devices.EnableDatedateThe date when the MFA device was enabled for the user.
MFADevices.Devices.MarkerstringFirst element of next page of items.

aws-iam-delete-mfa-devices#


Deletes a virtual MFA device.

Base Command#

aws-iam-delete-mfa-devices

Input#

Argument NameDescriptionRequired
serialNumberThe serial number that uniquely identifies the MFA device. For virtual MFA devices, the serial number is the same as the ARN.Required
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional

Context Output#

There is no context output for this command.

aws-iam-deactivate-mfa-devices#


Deactivates the specified MFA device and removes it from association with the user name for which it was originally enabled.

Base Command#

aws-iam-deactivate-mfa-devices

Input#

Argument NameDescriptionRequired
userNameThe name of the user whose MFA devices you want to list.Required
serialNumberThe serial number that uniquely identifies the MFA device. For virtual MFA devices, the serial number is the same as the ARN.Required
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional

Context Output#

There is no context output for this command.