AWS - Identity and Access Management
AWS - IAM Pack.#
This Integration is part of theAmazon Web Services Identity and Access Management (IAM)
For detailed instructions about setting up authentication, see: AWS Integrations - Authentication.
#
Configure AWS - IAM in CortexParameter | Description | Required |
---|---|---|
roleArn | Role Arn | False |
roleSessionName | Role Session Name | False |
defaultRegion | AWS Default Region | False |
sessionDuration | Role Session Duration | False |
access_key | Access Key | False |
secret_key | Secret Key | False |
timeout | The time in seconds till a timeout exception is reached. You can specify just the read timeout (for example 60) or also the connect timeout followed after a comma (for example 60,10). If a connect timeout is not specified, a default of 10 second will be used. | False |
retries | The maximum number of retry attempts when connection or throttling errors are encountered. Set to 0 to disable retries. The default value is 5 and the limit is 10. Note: Increasing the number of retries will increase the execution time. | False |
insecure | Trust any certificate (not secure) | False |
proxy | Use system proxy settings | False |
#
CommandsYou can execute these commands from the CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
#
aws-iam-create-userCreates a new IAM user for your AWS account.
#
Base Commandaws-iam-create-user
#
InputArgument Name | Description | Required |
---|---|---|
userName | The name of the user to create. | Required |
path | The path for the user name. This parameter is optional. If it is not included, it defaults to a slash (/). | Optional |
roleArn | The Amazon Resource Name (ARN) of the role to assume. | Optional |
roleSessionName | An identifier for the assumed role session. | Optional |
roleSessionDuration | The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
AWS.IAM.Users.UserName | string | The friendly name identifying the user. |
AWS.IAM.Users.UserId | string | The stable and unique string identifying the user. |
AWS.IAM.Users.Arn | string | The Amazon Resource Name (ARN) that identifies the user. |
AWS.IAM.Users.CreateDate | date | The date and time, when the user was created. |
AWS.IAM.Users.Path | string | The path to the user. |
#
Command Example!aws-iam-create-user userName=Test path=/testusers/
#
aws-iam-get-userRetrieves information about the specified IAM user, including the user's creation date, path, unique ID, and ARN.
#
Base Commandaws-iam-get-user
#
InputArgument Name | Description | Required |
---|---|---|
userName | The name of the user to get information about. | Required |
roleArn | The Amazon Resource Name (ARN) of the role to assume. | Optional |
roleSessionName | An identifier for the assumed role session. | Optional |
roleSessionDuration | The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
AWS.IAM.Users.UserName | string | The friendly name identifying the user. |
AWS.IAM.Users.UserId | string | The stable and unique string identifying the user. |
AWS.IAM.Users.Arn | string | The Amazon Resource Name (ARN) that identifies the user. |
AWS.IAM.Users.CreateDate | date | The date and time when the user was created. |
AWS.IAM.Users.Path | string | The path to the user. |
AWS.IAM.Users.PasswordLastUsed | date | The date and time, when the user's password was last used to sign in to an AWS website. |
#
Command Example !aws-iam-get-user userName=test
#
aws-iam-list-usersLists the IAM users, returns all users in the AWS account.
#
Base Commandaws-iam-list-users
#
InputArgument Name | Description | Required |
---|---|---|
roleArn | The Amazon Resource Name (ARN) of the role to assume. | Optional |
roleSessionName | An identifier for the assumed role session. | Optional |
roleSessionDuration | The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
AWS.IAM.Users.UserName | string | The friendly name identifying the user. |
AWS.IAM.Users.UserId | string | The stable and unique string identifying the user. |
AWS.IAM.Users.Arn | string | The Amazon Resource Name (ARN) that identifies the user. |
AWS.IAM.Users.CreateDate | date | The date and time when the user was created. |
AWS.IAM.Users.Path | string | The path to the user. |
AWS.IAM.Users.PasswordLastUsed | date | The date and time when the password was last used. |
#
Command Example !aws-iam-list-users
#
aws-iam-update-userUpdates the name and/or the path of the specified IAM user.
#
Base Commandaws-iam-update-user
#
InputArgument Name | Description | Required |
---|---|---|
oldUserName | Name of the user to update. | Required |
newUserName | New name for the user. Include this parameter only if you're changing the user's name. | Optional |
newPath | New path for the IAM user. Include this parameter only if you're changing the user's path. | Optional |
roleArn | The Amazon Resource Name (ARN) of the role to assume. | Optional |
roleSessionName | An identifier for the assumed role session. | Optional |
roleSessionDuration | The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role. | Optional |
#
Context OutputThere is no context output for this command.
#
Command Example!aws-iam-update-user oldUserName=test newUserName=NewUserName34 newPath=/iamtest/
#
aws-iam-delete-userDeletes the specified IAM user. The user must not belong to any groups or have any access keys, signing certificates, or attached policies.
#
Base Commandaws-iam-delete-user
#
InputArgument Name | Description | Required |
---|---|---|
userName | The name of the user to delete. | Required |
roleArn | The Amazon Resource Name (ARN) of the role to assume. | Optional |
roleSessionName | An identifier for the assumed role session. | Optional |
roleSessionDuration | The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role. | Optional |
#
Context OutputThere is no context output for this command.
#
Command Example!aws-iam-delete-user userName=userName34
#
aws-iam-update-login-profileChanges the password for the specified IAM user.
#
Base Commandaws-iam-update-login-profile
#
InputArgument Name | Description | Required |
---|---|---|
userName | The name of the user whose password you want to update. | Required |
newPassword | The new password for the specified IAM user. | Required |
passwordResetRequired | Allows this new password to be used only once by requiring the specified IAM user to set a new password on next sign-in. Possible values are: True, False. | Required |
roleArn | The Amazon Resource Name (ARN) of the role to assume. | Optional |
roleSessionName | An identifier for the assumed role session. | Optional |
roleSessionDuration | The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role. | Optional |
#
Context OutputThere is no context output for this command.
#
Command Example!aws-iam-update-login-profile userName=userName34 newPassword=ArdVaEC@1#$F%g% passwordResetRequired=True raw-response=true
#
aws-iam-create-groupCreates a new iam group.
#
Base Commandaws-iam-create-group
#
InputArgument Name | Description | Required |
---|---|---|
groupName | The name of the group to create. Do not include the path in this value. | Optional |
path | The path to the group. | Optional |
roleArn | The Amazon Resource Name (ARN) of the role to assume. | Optional |
roleSessionName | An identifier for the assumed role session. | Optional |
roleSessionDuration | The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
AWS.IAM.Groups.GroupName | string | The friendly name that identifies the group. |
AWS.IAM.Groups.GroupId | string | The stable and unique string identifying the group. |
AWS.IAM.Groups.Arn | string | The Amazon Resource Name (ARN) specifying the group. |
AWS.IAM.Groups.CreateDate | date | The date and time when the group was created. |
AWS.IAM.Groups.Path | string | The path to the group. |
#
Command Example!aws-iam-create-group groupName=test path=/testgroups/
#
aws-iam-list-groupsLists all the IAM groups in the AWS account
#
Base Commandaws-iam-list-groups
#
InputArgument Name | Description | Required |
---|---|---|
roleArn | The Amazon Resource Name (ARN) of the role to assume. | Optional |
roleSessionName | An identifier for the assumed role session. | Optional |
roleSessionDuration | The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
AWS.IAM.Groups.GroupName | string | The friendly name that identifies the group. |
AWS.IAM.Groups.GroupId | string | The stable and unique string identifying the group. |
AWS.IAM.Groups.Arn | string | The Amazon Resource Name (ARN) specifying the group. |
AWS.IAM.Groups.CreateDate | date | The date and time when the group was created. |
AWS.IAM.Groups.Path | string | The path to the group. |
#
Command Example !aws-iam-list-groups
#
aws-iam-list-groups-for-userLists the IAM groups that the specified IAM user belongs to.
#
Base Commandaws-iam-list-groups-for-user
#
InputArgument Name | Description | Required |
---|---|---|
userName | The name of the user to list groups for. | Required |
roleArn | The Amazon Resource Name (ARN) of the role to assume. | Optional |
roleSessionName | An identifier for the assumed role session. | Optional |
roleSessionDuration | The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
AWS.IAM.Users.Groups.GroupName | string | The friendly name that identifies the group. |
AWS.IAM.Users.Groups.GroupId | string | The stable and unique string identifying the group |
AWS.IAM.Users.Groups.Arn | string | The Amazon Resource Name (ARN) specifying the group. |
AWS.IAM.Users.Groups.CreateDate | date | The date and time when the group was created. |
AWS.IAM.Users.Groups.Path | string | The path to the group. |
#
Command Exampleaws-iam-list-groups-for-user userName=test
#
aws-iam-add-user-to-groupAdds the specified user to the specified group.
#
Base Commandaws-iam-add-user-to-group
#
InputArgument Name | Description | Required |
---|---|---|
userName | The name of the user to add. | Required |
groupName | The name of the group to update. | Required |
roleArn | The Amazon Resource Name (ARN) of the role to assume. | Optional |
roleSessionName | An identifier for the assumed role session. | Optional |
roleSessionDuration | The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role. | Optional |
#
Context OutputThere is no context output for this command.
#
Command Example!aws-iam-add-user-to-group userName=userName34 groupName=test
#
aws-iam-create-access-keyCreates a new AWS secret access key and corresponding AWS access key ID for the specified user. The default status for new keys is Active .
#
Base Commandaws-iam-create-access-key
#
InputArgument Name | Description | Required |
---|---|---|
userName | The name of the IAM user that the new key will belong to. If username is not provided, the account name configured in your integration will be used. | Optional |
roleArn | The Amazon Resource Name (ARN) of the role to assume. | Optional |
roleSessionName | An identifier for the assumed role session. | Optional |
roleSessionDuration | The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
AWS.IAM.Users.AccessKeys.AccessKeyId | string | The ID for this access key. |
AWS.IAM.Users.AccessKeys.SecretAccessKey | string | The secret key used to sign requests. |
AWS.IAM.Users.AccessKeys.Status | string | The status of the access key. Active means that the key is valid for API calls, while Inactive means it is not. |
AWS.IAM.Users.AccessKeys.CreateDate | date | The date when the access key was created. |
#
Command Example!aws-iam-create-access-key userName=userName34
#
aws-iam-update-access-keyChanges the status of the specified access key from Active to Inactive, or vice versa. This operation can be used to disable a user's key as part of a key rotation workflow.
#
Base Commandaws-iam-update-access-key
#
InputArgument Name | Description | Required |
---|---|---|
userName | The name of the user whose key you want to update. If username is not provided, the account name configured in your integration . | Optional |
accessKeyId | The access key ID of the secret access key you want to update. | Required |
status | The status you want to assign to the secret access key. Active means that the key can be used for API calls to AWS, while Inactive means that the key cannot be used. Possible values are: Active, Inactive. | Required |
roleArn | The Amazon Resource Name (ARN) of the role to assume. | Optional |
roleSessionName | An identifier for the assumed role session. | Optional |
roleSessionDuration | The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role. | Optional |
#
Context OutputThere is no context output for this command.
#
Command Example!aws-iam-update-access-key userName=test accessKeyId=AKIAJSFAUQ7EDFPN7Y2D2A status=Inactive
#
aws-iam-list-access-keys-for-userReturns information about the access key IDs associated with the specified IAM user.
#
Base Commandaws-iam-list-access-keys-for-user
#
InputArgument Name | Description | Required |
---|---|---|
userName | The name of the user. | Required |
roleArn | The Amazon Resource Name (ARN) of the role to assume. | Optional |
roleSessionName | An identifier for the assumed role session. | Optional |
roleSessionDuration | The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
AWS.IAM.Users.AccessKeys.AccessKeyId | string | The ID for this access key. |
AWS.IAM.Users.AccessKeys.Status | string | The status of the access key. Active means the key is valid for API calls; Inactive means it is not. |
AWS.IAM.Users.AccessKeys.CreateDate | date | The date when the access key was created. |
AWS.IAM.Users.AccessKeys.UserName | string | The name of the IAM user that the key is associated with. |
#
Command Example!aws-iam-list-access-keys-for-user userName=userName34
#
aws-iam-list-policiesLists all the managed policies that are available in your AWS account, including your own customer-defined managed policies and all AWS managed policies.
#
Base Commandaws-iam-list-policies
#
InputArgument Name | Description | Required |
---|---|---|
scope | The scope to use for filtering the results. To list only AWS managed policies, set Scope to AWS. To list only the customer managed policies in your AWS account, set Scope to Local. Possible values are: All, AWS, Local. Default is All. | Optional |
onlyAttached | A flag to filter the results to only the attached policies. When OnlyAttached is true , the returned list contains only the policies that are attached to an IAM user, group, or role. When OnlyAttached is false , or when the parameter is not included, all policies are returned. Possible values are: True, False. Default is False. | Optional |
roleArn | The Amazon Resource Name (ARN) of the role to assume. | Optional |
roleSessionName | An identifier for the assumed role session. | Optional |
roleSessionDuration | The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
AWS.IAM.Policies.PolicyName | string | The friendly name (not ARN) identifying the policy. |
AWS.IAM.Policies.PolicyId | string | The stable and unique string identifying the policy. |
AWS.IAM.Policies.Arn | string | The Amazon Resource Name (ARN). |
AWS.IAM.Policies.Path | string | The path to the policy. |
AWS.IAM.Policies.DefaultVersionId | string | The identifier for the version of the policy that is set as the default version. |
AWS.IAM.Policies.IsAttachable | string | Specifies whether the policy can be attached to an IAM user, group, or role. |
AWS.IAM.Policies.CreateDate | date | when the policy was created. |
AWS.IAM.Policies.UpdateDate | date | when the policy was last updated. |
AWS.IAM.Policies.AttachmentCount | number | The number of entities (users, groups, and roles) that the policy is attached to. |
#
Command Example !aws-iam-list-policies scope=AWS onlyAttached=True
#
aws-iam-list-rolesLists all IAM roles
#
Base Commandaws-iam-list-roles
#
InputArgument Name | Description | Required |
---|---|---|
roleArn | The Amazon Resource Name (ARN) of the role to assume. | Optional |
roleSessionName | An identifier for the assumed role session. | Optional |
roleSessionDuration | The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
AWS.IAM.Roles.RoleName | string | The friendly name that identifies the role. |
AWS.IAM.Roles.RoleId | string | The stable and unique string identifying the role. |
AWS.IAM.Roles.Arn | string | The Amazon Resource Name (ARN) specifying the role. |
AWS.IAM.Roles.CreateDate | date | The date and time when the role was created. |
AWS.IAM.Roles.Path | string | The path to the role. |
AWS.IAM.Roles.AssumeRolePolicyDocument | string | The policy that grants an entity permission to assume the role. |
AWS.IAM.Roles.Description | string | A description of the role that you provide. |
AWS.IAM.Roles.MaxSessionDuration | number | The maximum session duration (in seconds) for the specified role. Anyone who uses the AWS CLI or API to assume the role can specify the duration using the optional DurationSeconds API parameter or duration-seconds CLI parameter. |
#
Command Example !aws-iam-list-roles
#
aws-iam-attach-policyAttaches the specified managed policy to the specified IAM Entity.
#
Base Commandaws-iam-attach-policy
#
InputArgument Name | Description | Required |
---|---|---|
type | The Type of IAM Entity. Possible values are: User, Group, Role. | Required |
entityName | The name (friendly name, not ARN) of the IAM Entity to attach the policy to. | Optional |
policyArn | The Amazon Resource Name (ARN) of the IAM policy you want to attach. | Optional |
#
Context OutputThere is no context output for this command.
#
Command Example!aws-iam-attach-policy type=User entityName=userName34 policyArn=arn:aws:iam::aws:policy/AmazonSQSFullAccess
#
aws-iam-detach-policyRemoves the specified managed policy from the specified IAM Entity.
#
Base Commandaws-iam-detach-policy
#
InputArgument Name | Description | Required |
---|---|---|
type | IAM Entity Type. Possible values are: User, Group, Role. | Required |
entityName | The name (friendly name, not ARN) of the IAM Entity to detach the policy from. | Optional |
policyArn | The Amazon Resource Name (ARN) of the IAM policy you want to detach. | Optional |
roleArn | The Amazon Resource Name (ARN) of the role to assume. | Optional |
roleSessionName | An identifier for the assumed role session. | Optional |
roleSessionDuration | The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role. | Optional |
#
Context OutputThere is no context output for this command.
#
Command Example!aws-iam-detach-policy type=User entityName=userName34 policyArn=arn:aws:iam::aws:policy/AmazonSQSFullAccess
#
aws-iam-delete-login-profileDeletes the password for the specified IAM user, which terminates the user's ability to access AWS services through the AWS Management Console.
#
Base Commandaws-iam-delete-login-profile
#
InputArgument Name | Description | Required |
---|---|---|
userName | The name of the user whose password you want to delete. | Required |
roleArn | The Amazon Resource Name (ARN) of the role to assume. | Optional |
roleSessionName | An identifier for the assumed role session. | Optional |
roleSessionDuration | The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role. | Optional |
#
Context OutputThere is no context output for this command.
#
Command Example !aws-iam-delete-login-profile userName=userName34
#
aws-iam-delete-groupDeletes the specified IAM group. The group must not contain any users or have any attached policies.
#
Base Commandaws-iam-delete-group
#
InputArgument Name | Description | Required |
---|---|---|
groupName | The name of the IAM group to delete. | Required |
roleArn | The Amazon Resource Name (ARN) of the role to assume. | Optional |
roleSessionName | An identifier for the assumed role session. | Optional |
roleSessionDuration | The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role. | Optional |
#
Context OutputThere is no context output for this command.
#
Command Example !aws-iam-delete-group groupName=Group123
#
aws-iam-remove-user-from-groupRemoves the specified user from the specified group.
#
Base Commandaws-iam-remove-user-from-group
#
InputArgument Name | Description | Required |
---|---|---|
userName | The name of the user to remove. | Required |
groupName | The name of the group to update. | Required |
roleArn | The Amazon Resource Name (ARN) of the role to assume. | Optional |
roleSessionName | An identifier for the assumed role session. | Optional |
roleSessionDuration | The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role. | Optional |
#
Context OutputThere is no context output for this command.
#
Command Example!aws-iam-remove-user-from-group userName=userName34 groupName=Group123
#
aws-iam-create-login-profileCreates a password for the specified user, giving the user the ability to access AWS services through the AWS Management Console.
#
Base Commandaws-iam-create-login-profile
#
InputArgument Name | Description | Required |
---|---|---|
userName | The name of the IAM user to create a password for. The user must already exist. | Required |
password | The new password for the user. | Required |
passwordResetRequired | Specifies whether the user is required to set a new password on next sign-in. Possible values are: True, False. | Optional |
roleArn | The Amazon Resource Name (ARN) of the role to assume. | Optional |
roleSessionName | An identifier for the assumed role session. | Optional |
roleSessionDuration | The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role. | Optional |
#
Context OutputThere is no context output for this command.
#
Command Example!aws-iam-create-login-profile userName=userName34 password=Avd#sdf$12VB6*cvg passwordResetRequired=True
#
aws-iam-delete-access-keyDeletes the access key pair associated with the specified IAM user.
#
Base Commandaws-iam-delete-access-key
#
InputArgument Name | Description | Required |
---|---|---|
userName | he name of the user whose access key pair you want to delete. If username is not provided, the account name configured in your integration will be used. | Optional |
AccessKeyId | The access key ID for the access key ID and secret access key you want to delete. | Required |
roleArn | The Amazon Resource Name (ARN) of the role to assume. | Optional |
roleSessionName | An identifier for the assumed role session. | Optional |
roleSessionDuration | The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role. | Optional |
#
Context OutputThere is no context output for this command.
#
Command Example!aws-iam-delete-access-key userName=userName34 AccessKeyId=ABCDEFGGHDJQ7E7X5PADN7Y2D2A
#
aws-iam-create-instance-profileCreates a new instance profile.
#
Base Commandaws-iam-create-instance-profile
#
InputArgument Name | Description | Required |
---|---|---|
instanceProfileName | The name of the instance profile to create. | Required |
path | The path to the instance profile. | Optional |
roleArn | The Amazon Resource Name (ARN) of the role to assume. | Optional |
roleSessionName | An identifier for the assumed role session. | Optional |
roleSessionDuration | The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
AWS.IAM.InstanceProfiles.Path | string | The path to the instance profile. |
AWS.IAM.InstanceProfiles.InstanceProfileName | string | The name identifying the instance profile. |
AWS.IAM.InstanceProfiles.InstanceProfileId | string | The stable and unique string identifying the instance profile. |
AWS.IAM.InstanceProfiles.Arn | string | The Amazon Resource Name (ARN) specifying the instance profile. |
AWS.IAM.InstanceProfiles.CreateDate | date | The date when the instance profile was created. |
#
Command Example !aws-iam-create-instance-profile instanceProfileName=testprofile path=/test/
#
aws-iam-delete-instance-profileDeletes the specified instance profile. The instance profile must not have an associated role.
#
Base Commandaws-iam-delete-instance-profile
#
InputArgument Name | Description | Required |
---|---|---|
instanceProfileName | The name of the instance profile to delete. | Required |
roleArn | The Amazon Resource Name (ARN) of the role to assume. | Optional |
roleSessionName | An identifier for the assumed role session. | Optional |
roleSessionDuration | The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role. | Optional |
#
Context OutputThere is no context output for this command.
#
Command Example!aws-iam-delete-instance-profile instanceProfileName=testprofile
#
aws-iam-list-instance-profilesLists all the instance profiles tin your AWS account.
#
Base Commandaws-iam-list-instance-profiles
#
InputArgument Name | Description | Required |
---|---|---|
roleArn | The Amazon Resource Name (ARN) of the role to assume. | Optional |
roleSessionName | An identifier for the assumed role session. | Optional |
roleSessionDuration | The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
AWS.IAM.InstanceProfiles.Path | string | The path to the instance profile. |
AWS.IAM.InstanceProfiles.InstanceProfileName | string | The name identifying the instance profile. |
AWS.IAM.InstanceProfiles.InstanceProfileId | string | The stable and unique string identifying the instance profile. |
AWS.IAM.InstanceProfiles.Arn | string | The Amazon Resource Name (ARN) specifying the instance profile. |
AWS.IAM.InstanceProfiles.CreateDate | date | The date when the instance profile was created. |
AWS.IAM.InstanceProfiles.Roles.Path | string | The path to the role. |
AWS.IAM.InstanceProfiles.Roles.RoleName | string | The friendly name that identifies the role. |
AWS.IAM.InstanceProfiles.Roles.RoleId | string | The stable and unique string identifying the role. |
AWS.IAM.InstanceProfiles.Roles.Arn | string | The Amazon Resource Name (ARN) specifying the role. |
AWS.IAM.InstanceProfiles.Roles.CreateDate | date | The date and time, when the role was created. |
AWS.IAM.InstanceProfiles.Roles.AssumeRolePolicyDocument | string | The policy that grants an entity permission to assume the role. |
AWS.IAM.InstanceProfiles.Roles.Description | string | A description of the role that you provide. |
AWS.IAM.InstanceProfiles.Roles.MaxSessionDuration | number | The maximum session duration (in seconds) for the specified role. |
#
Command Example !aws-iam-list-instance-profiles
#
aws-iam-add-role-to-instance-profileAdds the specified IAM role to the specified instance profile. An instance profile can contain only one role, and this limit cannot be increased. You can remove the existing role and then add a different role to an instance profile.
#
Base Commandaws-iam-add-role-to-instance-profile
#
InputArgument Name | Description | Required |
---|---|---|
instanceProfileName | The name of the instance profile to update. | Required |
roleName | The name of the role to add. | Required |
roleArn | The Amazon Resource Name (ARN) of the role to assume. | Optional |
roleSessionName | An identifier for the assumed role session. | Optional |
roleSessionDuration | The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
AWS.IAM.InstanceProfiles.Path | string | The path to the instance profile. |
AWS.IAM.InstanceProfiles.InstanceProfileName | string | The name identifying the instance profile. |
AWS.IAM.InstanceProfiles.InstanceProfileId | string | The stable and unique string identifying the instance profile. |
AWS.IAM.InstanceProfiles.Arn | string | The Amazon Resource Name (ARN) specifying the instance profile. |
AWS.IAM.InstanceProfiles.CreateDate | date | The date when the instance profile was created. |
AWS.IAM.InstanceProfiles.Roles.Path | string | The path to the role. |
AWS.IAM.InstanceProfiles.Roles.RoleName | string | The friendly name that identifies the role. |
AWS.IAM.InstanceProfiles.Roles.RoleId | string | The stable and unique string identifying the role. |
AWS.IAM.InstanceProfiles.Roles.Arn | string | The Amazon Resource Name (ARN) specifying the role. |
AWS.IAM.InstanceProfiles.Roles.CreateDate | date | The date and time, when the role was created. |
AWS.IAM.InstanceProfiles.Roles.AssumeRolePolicyDocument | string | The policy that grants an entity permission to assume the role. |
AWS.IAM.InstanceProfiles.Roles.Description | string | A description of the role that you provide. |
AWS.IAM.InstanceProfiles.Roles.MaxSessionDuration | number | The maximum session duration (in seconds) for the specified role. |
#
Command Example !aws-iam-add-role-to-instance-profile instanceProfileName=testprofile roleName=EC2ReadOnly
#
aws-iam-remove-role-from-instance-profileRemoves the specified IAM role from the specified EC2 instance profile.
#
Base Commandaws-iam-remove-role-from-instance-profile
#
InputArgument Name | Description | Required |
---|---|---|
instanceProfileName | The name of the instance profile to update. | Required |
roleName | The name of the role to remove. | Required |
roleArn | The Amazon Resource Name (ARN) of the role to assume. | Optional |
roleSessionName | An identifier for the assumed role session. | Optional |
roleSessionDuration | The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
AWS.IAM.InstanceProfiles.Path | string | The path to the instance profile. |
AWS.IAM.InstanceProfiles.InstanceProfileName | string | The name identifying the instance profile. |
AWS.IAM.InstanceProfiles.InstanceProfileId | string | The stable and unique string identifying the instance profile. |
AWS.IAM.InstanceProfiles.Arn | string | The Amazon Resource Name (ARN) specifying the instance profile. |
AWS.IAM.InstanceProfiles.CreateDate | date | The date when the instance profile was created. |
AWS.IAM.InstanceProfiles.Roles.Path | string | The path to the role. |
AWS.IAM.InstanceProfiles.Roles.RoleName | string | The friendly name that identifies the role. |
AWS.IAM.InstanceProfiles.Roles.RoleId | string | The stable and unique string identifying the role. |
AWS.IAM.InstanceProfiles.Roles.Arn | string | The Amazon Resource Name (ARN) specifying the role. |
AWS.IAM.InstanceProfiles.Roles.CreateDate | date | The date and time, when the role was created. |
AWS.IAM.InstanceProfiles.Roles.AssumeRolePolicyDocument | string | The policy that grants an entity permission to assume the role. |
AWS.IAM.InstanceProfiles.Roles.Description | string | A description of the role that you provide. |
AWS.IAM.InstanceProfiles.Roles.MaxSessionDuration | number | The maximum session duration (in seconds) for the specified role. |
#
Command Example!aws-iam-remove-role-from-instance-profile instanceProfileName=testprofile roleName=EC2ReadOnly
#
aws-iam-list-instance-profiles-for-roleLists the instance profiles that have the specified associated IAM role.
#
Base Commandaws-iam-list-instance-profiles-for-role
#
InputArgument Name | Description | Required |
---|---|---|
roleName | The name of the role to list instance profiles for. | Required |
roleArn | The Amazon Resource Name (ARN) of the role to assume. | Optional |
roleSessionName | An identifier for the assumed role session. | Optional |
roleSessionDuration | The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
AWS.IAM.InstanceProfiles.Path | string | The path to the instance profile. |
AWS.IAM.InstanceProfiles.InstanceProfileName | string | The name identifying the instance profile. |
AWS.IAM.InstanceProfiles.InstanceProfileId | string | The stable and unique string identifying the instance profile. |
AWS.IAM.InstanceProfiles.Arn | string | The Amazon Resource Name (ARN) specifying the instance profile. |
AWS.IAM.InstanceProfiles.CreateDate | date | The date when the instance profile was created. |
AWS.IAM.InstanceProfiles.Roles.Path | string | The path to the role. |
AWS.IAM.InstanceProfiles.Roles.RoleName | string | The friendly name that identifies the role. |
AWS.IAM.InstanceProfiles.Roles.RoleId | string | The stable and unique string identifying the role. |
AWS.IAM.InstanceProfiles.Roles.Arn | string | The Amazon Resource Name (ARN) specifying the role. |
AWS.IAM.InstanceProfiles.Roles.CreateDate | date | The date and time, when the role was created. |
AWS.IAM.InstanceProfiles.Roles.AssumeRolePolicyDocument | string | The policy that grants an entity permission to assume the role. |
AWS.IAM.InstanceProfiles.Roles.Description | string | A description of the role that you provide. |
AWS.IAM.InstanceProfiles.Roles.MaxSessionDuration | number | The maximum session duration (in seconds) for the specified role. |
#
Command Example !aws-iam-list-instance-profiles-for-role roleName=EC2ReadOnly
#
aws-iam-get-instance-profileRetrieves information about the specified instance profile.
#
Base Commandaws-iam-get-instance-profile
#
InputArgument Name | Description | Required |
---|---|---|
instanceProfileName | The name of the instance profile to get information about. | Required |
roleArn | The Amazon Resource Name (ARN) of the role to assume. | Optional |
roleSessionName | An identifier for the assumed role session. | Optional |
roleSessionDuration | The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
AWS.IAM.InstanceProfiles.Path | string | The path to the instance profile. |
AWS.IAM.InstanceProfiles.InstanceProfileName | string | The name identifying the instance profile. |
AWS.IAM.InstanceProfiles.InstanceProfileId | string | The stable and unique string identifying the instance profile. |
AWS.IAM.InstanceProfiles.Arn | string | The Amazon Resource Name (ARN) specifying the instance profile. |
AWS.IAM.InstanceProfiles.CreateDate | date | The date when the instance profile was created. |
AWS.IAM.InstanceProfiles.Roles.Path | string | The path to the role. |
AWS.IAM.InstanceProfiles.Roles.RoleName | string | The friendly name that identifies the role. |
AWS.IAM.InstanceProfiles.Roles.RoleId | string | The stable and unique string identifying the role. |
AWS.IAM.InstanceProfiles.Roles.Arn | string | The Amazon Resource Name (ARN) specifying the role. |
AWS.IAM.InstanceProfiles.Roles.CreateDate | date | The date and time, when the role was created. |
AWS.IAM.InstanceProfiles.Roles.AssumeRolePolicyDocument | string | The policy that grants an entity permission to assume the role. |
AWS.IAM.InstanceProfiles.Roles.Description | string | A description of the role that you provide. |
AWS.IAM.InstanceProfiles.Roles. MaxSessionDuration | number | The maximum session duration (in seconds) for the specified role. |
#
Command Example!aws-iam-get-instance-profile instanceProfileName=testprofile
#
aws-iam-get-roleRetrieves information about the specified role.
#
Base Commandaws-iam-get-role
#
InputArgument Name | Description | Required |
---|---|---|
roleName | The name of the IAM role to get information about. | Required |
roleArn | The Amazon Resource Name (ARN) of the role to assume. | Optional |
roleSessionName | An identifier for the assumed role session. | Optional |
roleSessionDuration | The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
AWS.IAM.Roles.Path | string | The path to the role. |
AWS.IAM.Roles.RoleName | string | The friendly name that identifies the role. |
AWS.IAM.Roles.RoleId | string | The stable and unique string identifying the role. |
AWS.IAM.Roles.Arn | string | The Amazon Resource Name (ARN) specifying the role. |
AWS.IAM.Roles.CreateDate | date | The date and time, when the role was created. |
AWS.IAM.Roles.AssumeRolePolicyDocument | string | The policy that grants an entity permission to assume the role. |
AWS.IAM.Roles.Description | string | A description of the role that you provide. |
AWS.IAM.Roles.MaxSessionDuration | number | The maximum session duration (in seconds) for the specified role. |
AWS.IAM.Roles.Tags.Key | string | The tag key. |
AWS.IAM.Roles.Tags.Value | string | The tag value. |
#
Command Example!aws-iam-get-role roleName=ec2readonly
#
aws-iam-delete-roleDeletes the specified role. The role must not have any policies attached.
#
Base Commandaws-iam-delete-role
#
InputArgument Name | Description | Required |
---|---|---|
roleName | The name of the role to delete. | Required |
roleArn | The Amazon Resource Name (ARN) of the role to assume. | Optional |
roleSessionName | An identifier for the assumed role session. | Optional |
roleSessionDuration | The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role. | Optional |
#
Context OutputThere is no context output for this command.
#
Command Example !aws-iam-delete-role roleName=test-role
#
aws-iam-create-roleCreates a new role for your AWS account.
#
Base Commandaws-iam-create-role
#
InputArgument Name | Description | Required |
---|---|---|
roleName | The name of the role to create. | Required |
assumeRolePolicyDocument | The trust relationship policy document that grants an entity permission to assume the role. | Required |
path | The path to the role. | Optional |
description | A description of the role. | Optional |
maxSessionDuration | The maximum session duration (in seconds) that you want to set for the specified role. If you do not specify a value for this setting, the default maximum of one hour is applied. This setting can have a value from 1 hour to 12 hours. | Optional |
roleArn | The Amazon Resource Name (ARN) of the role to assume. | Optional |
roleSessionName | An identifier for the assumed role session. | Optional |
roleSessionDuration | The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
AWS.IAM.Roles.RoleName | string | The friendly name that identifies the role. |
AWS.IAM.Roles.RoleId | string | The stable and unique string identifying the role. |
AWS.IAM.Roles.Arn | string | The Amazon Resource Name (ARN) specifying the role. |
AWS.IAM.Roles.CreateDate | date | The date and time, when the role was created. |
AWS.IAM.Roles.Path | string | The path to the role. |
AWS.IAM.Roles.AssumeRolePolicyDocument | string | he policy that grants an entity permission to assume the role. |
AWS.IAM.Roles.Description | string | A description of the role that you provide. |
AWS.IAM.Roles.MaxSessionDuration | number | The maximum session duration (in seconds) for the specified role. |
#
Command Example#
aws-iam-create-policyCreates a new managed policy for your AWS account. This operation creates a policy version with a version identifier of v1 and sets v1 as the policy's default version.
#
Base Commandaws-iam-create-policy
#
InputArgument Name | Description | Required |
---|---|---|
policyName | The friendly name of the policy. | Required |
policyDocument | The JSON policy document that you want to use as the content for the new policy. | Required |
path | The path for the policy. | Optional |
description | A friendly description of the policy. | Optional |
roleArn | The Amazon Resource Name (ARN) of the role to assume. | Optional |
roleSessionName | An identifier for the assumed role session. | Optional |
roleSessionDuration | The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
AWS.IAM.Policies.PolicyName | string | The friendly name (not ARN) identifying the policy. |
AWS.IAM.Policies.PolicyId | string | The stable and unique string identifying the policy. |
AWS.IAM.Policies.Arn | string | The Amazon Resource Name (ARN). ARNs are unique identifiers for AWS resources. |
AWS.IAM.Policies.Path | string | The path to the policy. |
AWS.IAM.Policies.DefaultVersionId | string | The identifier for the version of the policy that is set as the default version. |
AWS.IAM.Policies.AttachmentCount | number | The number of entities (users, groups, and roles) that the policy is attached to. |
AWS.IAM.Policies.PermissionsBoundaryUsageCount | number | The number of entities (users and roles) for which the policy is used to set the permissions boundary. |
AWS.IAM.Policies.IsAttachable | boolean | Specifies whether the policy can be attached to an IAM user, group, or role. |
AWS.IAM.Policies.Description | string | A friendly description of the policy. |
AWS.IAM.Policies.CreateDate | date | The date and time, in ISO 8601 date-time format , when the policy was created. |
AWS.IAM.Policies.UpdateDate | date | The date and time, in ISO 8601 date-time format , when the policy was last updated. |
#
Command Example#
aws-iam-delete-policyDeletes the specified managed policy. Before you can delete a managed policy, you must first detach the policy from all users, groups, and roles that it is attached to. In addition you must delete all the policy's versions.
#
Base Commandaws-iam-delete-policy
#
InputArgument Name | Description | Required |
---|---|---|
policyArn | The Amazon Resource Name (ARN) of the IAM policy you want to delete. | Required |
roleArn | The Amazon Resource Name (ARN) of the role to assume. | Optional |
roleSessionName | An identifier for the assumed role session. | Optional |
roleSessionDuration | The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role. | Optional |
#
Context OutputThere is no context output for this command.
#
Command Example !aws-iam-delete-policy policyArn=arn:aws:iam::123456789:policy/test-policy
#
aws-iam-create-policy-versionCreates a new version of the specified managed policy. To update a managed policy, you create a new policy version. A managed policy can have up to five versions. If the policy has five versions, you must delete an existing version using DeletePolicyVersion before you create a new version. Optionally, you can set the new version as the policy's default version. The default version is the version that is in effect for the IAM users, groups, and roles to which the policy is attached.
#
Base Commandaws-iam-create-policy-version
#
InputArgument Name | Description | Required |
---|---|---|
policyArn | The Amazon Resource Name (ARN) of the IAM policy to which you want to add a new version. | Required |
policyDocument | The JSON policy document that you want to use as the content for this new version of the policy. | Required |
setAsDefault | Specifies whether to set this version as the policy's default version. Possible values are: True, False. | Optional |
roleArn | The Amazon Resource Name (ARN) of the role to assume. | Optional |
roleSessionName | An identifier for the assumed role session. | Optional |
roleSessionDuration | The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
AWS.IAM.Policies.Versions.Document | string | The policy document. |
AWS.IAM.Policies.Versions.VersionId | string | The identifier for the policy version. |
AWS.IAM.Policies.Versions.IsDefaultVersion | string | The identifier for the policy version. |
AWS.IAM.Policies.Versions.CreateDate | string | The date and time, in ISO 8601 date-time format , when the policy version was created. |
#
Command Example#
aws-iam-delete-policy-versionDeletes the specified version from the specified managed policy. You cannot delete the default version from a policy using this API. To delete the default version from a policy, use DeletePolicy . To find out which version of a policy is marked as the default version, use ListPolicyVersions .
#
Base Commandaws-iam-delete-policy-version
#
InputArgument Name | Description | Required |
---|---|---|
policyArn | The Amazon Resource Name (ARN) of the IAM policy from which you want to delete a version. | Required |
versionId | The policy version to delete. | Required |
roleArn | The Amazon Resource Name (ARN) of the role to assume. | Optional |
roleSessionName | An identifier for the assumed role session. | Optional |
roleSessionDuration | The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role. | Optional |
#
Context OutputThere is no context output for this command.
#
Command Example!aws-iam-delete-policy-version policyArn=arn:aws:iam::123456789:policy/test-policy versionId=v1
#
aws-iam-list-policy-versionsLists information about the versions of the specified managed policy, including the version that is currently set as the policy's default version.
#
Base Commandaws-iam-list-policy-versions
#
InputArgument Name | Description | Required |
---|---|---|
policyArn | The Amazon Resource Name (ARN) of the IAM policy for which you want the versions. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
AWS.IAM.Policies.Versions.Document | string | The policy document. |
AWS.IAM.Policies.Versions.VersionId | string | The identifier for the policy version. |
AWS.IAM.Policies.Versions.IsDefaultVersion | boolean | Specifies whether the policy version is set as the policy's default version. |
AWS.IAM.Policies.Versions.CreateDate | date | The date and time, in ISO 8601 date-time format , when the policy version was created. |
#
Command Example!aws-iam-list-policy-versions policyArn=arn:aws:iam::123456789:policy/test-policy
#
aws-iam-get-policy-versionRetrieves information about the specified version of the specified managed policy, including the policy document.
#
Base Commandaws-iam-get-policy-version
#
InputArgument Name | Description | Required |
---|---|---|
policyArn | The Amazon Resource Name (ARN) of the managed policy that you want information about. | Required |
versionId | Identifies the policy version to retrieve. | Required |
roleArn | The Amazon Resource Name (ARN) of the role to assume. | Optional |
roleSessionName | An identifier for the assumed role session. | Optional |
roleSessionDuration | The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
AWS.IAM.Policies.Versions.Document | unknown | The policy document. |
AWS.IAM.Policies.Versions.VersionId | unknown | The identifier for the policy version. |
AWS.IAM.Policies.Versions.IsDefaultVersion | unknown | Specifies whether the policy version is set as the policy's default version. |
AWS.IAM.Policies.Versions.CreateDate | unknown | The date and time, in ISO 8601 date-time format , when the policy version was created. |
#
Command Example!aws-iam-get-policy-version policyArn=arn:aws:iam::123456789:policy/test-policy versionId=v3
#
aws-iam-set-default-policy-versionSets the specified version of the specified policy as the policy's default (operative) version. This operation affects all users, groups, and roles that the policy is attached to.
#
Base Commandaws-iam-set-default-policy-version
#
InputArgument Name | Description | Required |
---|---|---|
policyArn | The Amazon Resource Name (ARN) of the IAM policy whose default version you want to set. | Required |
versionId | The version of the policy to set as the default (operative) version. | Required |
roleArn | The Amazon Resource Name (ARN) of the role to assume. | Optional |
roleSessionName | An identifier for the assumed role session. | Optional |
roleSessionDuration | The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role. | Optional |
#
Context OutputThere is no context output for this command.
#
Command Example !aws-iam-set-default-policy-version policyArn=arn:aws:iam::123456789:policy/test-policy versionId=v2
#
aws-iam-create-account-aliasCreates an alias for your AWS account.
#
Base Commandaws-iam-create-account-alias
#
InputArgument Name | Description | Required |
---|---|---|
accountAlias | The account alias to create. | Required |
roleArn | The Amazon Resource Name (ARN) of the role to assume. | Optional |
roleSessionName | An identifier for the assumed role session. | Optional |
roleSessionDuration | The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role. | Optional |
#
Context OutputThere is no context output for this command.
#
Command Example !aws-iam-create-account-alias accountAlias=test-alias
#
aws-iam-delete-account-aliasDeletes the specified AWS account alias.
#
Base Commandaws-iam-delete-account-alias
#
InputArgument Name | Description | Required |
---|---|---|
accountAlias | The name of the account alias to delete. | Required |
roleArn | The Amazon Resource Name (ARN) of the role to assume. | Optional |
roleSessionName | An identifier for the assumed role session. | Optional |
roleSessionDuration | The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role. | Optional |
#
Context OutputThere is no context output for this command.
#
Command Example !aws-iam-delete-account-alias accountAlias=demisto-test-alias
#
aws-iam-get-account-password-policyGet AWS account's password policy
#
Base Commandaws-iam-get-account-password-policy
#
InputArgument Name | Description | Required |
---|
#
Context OutputPath | Type | Description |
---|---|---|
AWS.IAM.PasswordPolicy | Unknown | Account's password policy. |
#
aws-iam-update-account-password-policyCreate/update password policy
#
Base Commandaws-iam-update-account-password-policy
#
InputArgument Name | Description | Required |
---|---|---|
minimumPasswordLength | The minimum number of characters allowed in an IAM user password. Possible values are: . | Optional |
requireSymbols | Specifies whether IAM user passwords must contain at least one of the non-alphanumeric characters. Can be "True" or "False". Possible values are: True, False. | Optional |
requireNumbers | Specifies whether IAM user passwords must contain at least one numeric character (0 to 9). Can be "True" or "False". Possible values are: True, False. | Optional |
requireUppercaseCharacters | Specifies whether IAM user passwords must contain at least one uppercase character from the ISO basic Latin alphabet (A to Z). Can be "True" or "False". Possible values are: True, False. | Optional |
requireLowercaseCharacters | Specifies whether IAM user passwords must contain at least one lowercase character from the ISO basic Latin alphabet (a to z). Can be "True" or "False". Possible values are: True, False. | Optional |
allowUsersToChangePassword | Allows all IAM users in your account to use the AWS Management Console to change their own passwords. Can be "True" or "False". Possible values are: True, False. | Optional |
maxPasswordAge | The number of days that an IAM user password is valid. Possible values are: . | Optional |
passwordReusePrevention | Specifies the number of previous passwords that IAM users are prevented from reusing. Possible values are: . | Optional |
hardExpiry | Prevents IAM users from setting a new password after their password has expired. Can be "True" or "False". Possible values are: True, False. | Optional |
#
Context OutputThere is no context output for this command.
#
aws-iam-list-role-policiesLists the names of the inline policies that are embedded in the specified IAM role.
#
Base Commandaws-iam-list-role-policies
#
InputArgument Name | Description | Required |
---|---|---|
roleName | The name of the role to list policies for. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
AWS.IAM.Roles.RoleName.Policies | Unknown | A list of policy names. |
#
Command Example !aws-iam-list-role-policies roleName=test-RoleARN
#
aws-iam-get-role-policyRetrieves the specified inline policy document that is embedded with the specified IAM role.
#
Base Commandaws-iam-get-role-policy
#
InputArgument Name | Description | Required |
---|---|---|
roleName | The name of the role associated with the policy. | Required |
policyName | The name of the policy document to get. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
AWS.IAM.Roles.PolicyDocument | string | The policy document. |
#
Command Example !aws-iam-get-role-policy roleName=test-RoleARN policyName=testPolicy
#
aws-iam-get-policyRetrieves information about the specified managed policy, including the policy's default version and the total number of IAM users, groups, and roles to which the policy is attached.
#
Base Commandaws-iam-get-policy
#
InputArgument Name | Description | Required |
---|---|---|
policyName | The Amazon Resource Name (ARN) of the managed policy that you want information about. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
AWS.IAM.Policy.PolicyName | string | The friendly name (not ARN) identifying the policy. |
AWS.IAM.Policy.PolicyId | string | The stable and unique string identifying the policy. |
AWS.IAM.Policy.Arn | string | The Amazon Resource Name (ARN). ARNs are unique identifiers for Amazon Web Services resources. |
AWS.IAM.Policy.Path | string | The path to the policy. |
AWS.IAM.Policy.Description | string | A friendly description of the policy. |
#
Command Example !aws-iam-get-policy policyName=testPolicy
#
aws-iam-list-user-policiesLists the names of the inline policies embedded in the specified IAM user.
#
Base Commandaws-iam-list-user-policies
#
InputArgument Name | Description | Required |
---|---|---|
userName | The name (friendly name, not ARN) of the user to list inline policies for. | Required |
limit | Number of results to display. Default value is 50. | Optional |
page | Page number you would like to view. Each page contains page_size values. Must be used along with page_size. | Optional |
page_size | Number of results per page to display. | Optional |
marker | Starting item of the next page to view. Can be retrieved from context (AttachedPoliciesMarker). | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
AWS.IAM.UserPolicies.UserName | string | A list of the user's inline policy names. |
AWS.IAM.UserPolicies.PolicyName | string | The name of the policy. |
AWS.IAM.Users.InlinePoliciesMarker | string | First element of next page of items. |
#
Command Example !aws-iam-list-user-policies userName=testUser
#
aws-iam-list-attached-user-policesLists all managed policies that are attached to the specified IAM user.
#
Base Commandaws-iam-list-attached-user-policies
#
InputArgument Name | Description | Required |
---|---|---|
userName | The name (friendly name, not ARN) of the user to list attached policies for. | Required |
limit | Number of results to display. Default value is 50. | Optional |
page | Page number you would like to view. Each page contains page_size values. Must be used along with page_size. | Optional |
page_size | Number of results per page to display. | Optional |
marker | Starting item of the next page to view. Can be retrieved from context (AttachedPoliciesMarker). | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
AWS.IAM.AttachedUserPolicies.UserName | string | The name (friendly name, not ARN) of the user to list attached policies for. |
AWS.IAM.AttachedUserPolicies.PolicyName | string | Policy Name |
AWS.IAM.AttachedUserPolicies.PolicyArn | string | The Amazon Resource Name (ARN) of the attached policy. |
AWS.IAM.Users.AttachedPoliciesMarker | string | First element of next page of items. |
#
Command Example !aws-iam-list-attached-user-policies userName=testUser
#
aws-iam-list-attached-group-policiesLists all managed policies that are attached to the specified IAM group.
#
Base Commandaws-iam-list-attached-group-policies
#
InputArgument Name | Description | Required |
---|---|---|
groupName | The name (friendly name, not ARN) of the group to list attached policies for. | Required |
limit | Number of results to display. Default value is 50. | Optional |
page | Page number you would like to view. Each page contains page_size values. Must be used along with page_size. | Optional |
page_size | Number of results per page to display. | Optional |
marker | Starting item of the next page to view. Can be retrieved from context (AttachedPoliciesMarker). | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
AWS.IAM.AttachedGroupPolicies.GroupName | string | The name (friendly name, not ARN) of the group to list attached policies for. |
AWS.IAM.AttachedGroupPolicies.PolicyName | string | Policy Name |
AWS.IAM.AttachedGroupPolicies.PolicyArn | string | The Amazon Resource Name (ARN) of the attached policy. |
AWS.IAM.Groups.AttachedPoliciesMarker | string | First element of next page of items. |
#
Command Example !aws-iam-list-attached-group-policies groupName=testGroup
#
aws-iam-get-user-login-profileLists all managed policies that are attached to the specified IAM user.
#
Base Commandaws-iam-get-user-login-profile
#
InputArgument Name | Description | Required |
---|---|---|
userName | The name (friendly name, not ARN) of the user to retrieve login profile for. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
AWS.IAM.Users.LoginProfile.CreateDate | date | The date when the password for the user was created. |
AWS.IAM.Users.LoginProfile.PasswordResetRequired | boolean | Specifies whether the user is required to set a new password on next sign-in. |
#
Command Example !aws-iam-get-user-login-profile userName=testUser
#
aws-iam-put-role-policyAdds or updates an inline policy document that is embedded in the specified IAM role.
#
Base Commandaws-iam-put-role-policy
#
InputArgument Name | Description | Required |
---|---|---|
policyDocument | The policy document. You must provide policies in JSON format in IAM. | Required |
policyName | The name of the policy document. | Required |
roleName | The name of the role to associate the policy with. | Required |
#
Human Readable Output#
Policy {policy_name} was added to role {role_name}#
Context OutputThere is no context output for this command.
#
aws-iam-put-user-policyAdds or updates an inline policy document that is embedded in the specified IAM user.
#
Base Commandaws-iam-put-user-policy
#
InputArgument Name | Description | Required |
---|---|---|
policyDocument | The policy document. You must provide policies in JSON format in IAM. | Required |
policyName | The name of the policy document. | Required |
userName | The name of the user to associate the policy with. | Required |
#
Context OutputThere is no context output for this command.
#
Human Readable Output#
Policy {policy_name} was added to role {user_name}#
aws-iam-put-group-policyAdds or updates an inline policy document that is embedded in the specified IAM group.
#
Base Commandaws-iam-put-group-policy
#
InputArgument Name | Description | Required |
---|---|---|
policyDocument | The policy document. You must provide policies in JSON format in IAM. | Required |
policyName | The name of the policy document. | Required |
groupName | The name of the group to associate the policy with. | Required |
#
Context OutputThere is no context output for this command.
#
Human Readable Output#
Policy {policy_name} was added to role {group_name}#
aws-iam-tag-roleAdds one or more tags to an IAM role. The role can be a regular role or a service-linked role. If a tag with the same key name already exists, then that tag is overwritten with the new value.
#
Base Commandaws-iam-tag-role
#
InputArgument Name | Description | Required |
---|---|---|
roleName | The name of the IAM role to which you want to add tags. | Required |
tags | A comma-separated list of Key:Value tag objects. | Required |
#
Context OutputThere is no context output for this command.
#
Human Readable Output#
Added the following tags to role {role_name}Key | Value |
---|---|
Key | Value |
#
aws-iam-tag-userAdds one or more tags to an IAM user. If a tag with the same key name already exists, then that tag is overwritten with the new value.
#
Base Commandaws-iam-tag-user
#
InputArgument Name | Description | Required |
---|---|---|
userName | The name of the IAM user to which you want to add tags. | Required |
tags | A comma-separated list of Key:Value tag objects. | Required |
#
Context OutputThere is no context output for this command.
#
Human Readable Output#
Added the following tags to user {user_name}Key | Value |
---|---|
Key | Value |
#
aws-iam-untag-userRemoves the specified tags from the user.
#
Base Commandaws-iam-untag-user
#
InputArgument Name | Description | Required |
---|---|---|
userName | The name of the IAM role to which you want to untag. | Required |
tagKeys | A comma-separated list of tag keys. | Required |
#
Context OutputThere is no context output for this command.
#
Human Readable Output#
Untagged the following tags from user {user_name}Removed keys |
---|
Key1 |
#
aws-iam-untag-roleRemoves the specified tags from the role.
#
Base Commandaws-iam-untag-role
#
InputArgument Name | Description | Required |
---|---|---|
roleName | The name of the IAM role to which you want to untag. | Required |
tagKeys | A comma-separated list of tag keys. | Required |
#
Context OutputThere is no context output for this command.
#
Human Readable Output#
Untagged the following tags from role {role_name}Removed keys |
---|
Key1 |
#
aws-iam-get-access-key-last-usedRetrieves information about when the specified access key was last used. The information includes the date and time of last use, along with the AWS service and region that were specified in the last request made with that key.
#
Base Commandaws-iam-get-access-key-last-used
#
InputArgument Name | Description | Required |
---|---|---|
accessKeyId | The identifier of an access key. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
AWS.IAM.AccessKey.ID | string | The access key ID. |
AWS.IAM.AccessKey.UserName | string | The username owning the given access key. |
AWS.IAM.AccessKey.LastUsedServiceName | string | The name of the service that last used the given access key. |
AWS.IAM.AccessKey.LastUsedRegion | string | The name of the region where the given access key was last used. |
AWS.IAM.AccessKey.LastUsedDate | string | The date when the given access key was last used. |
#
Human Readable Output#
Found the following information about access key access_Key_IdID | UserName | LastUsedDate | LastUsedServiceName | LastUsedRegion |
---|---|---|---|---|
access_Key_Id | user_name | 2023-06-06T14:32:00 | test | Here |
#
aws-iam-list-attached-role-policiesList all managed policies that are attached to the specified IAM role.
#
Base Commandaws-iam-list-attached-role-policies
#
InputArgument Name | Description | Required |
---|---|---|
roleName | The name (friendly name, not ARN) of the role to list attached policies for. | Required |
pathPrefix | The path prefix for filtering the results. This parameter is optional. If it is not included, it defaults to a slash (/), listing all policies. | Optional |
maxItems | The maximum number of items to return in the command's output. | Optional |
marker | Use this parameter only when paginating results and only after you receive a response indicating that the results are truncated. Set it to the value of the Marker element in the response that you received to indicate where the next call should start. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
AWS.IAM.Roles.AttachedPolicies.Policies.PolicyName | string | The policy name. |
AWS.IAM.Roles.AttachedPolicies.Policies.PolicyArn | string | The policy ARN. |
AWS.IAM.Roles.AttachedPolicies.Policies.RoleName | string | The queried role name. |
AWS.IAM.Roles.AttachedPolicies.Query.IsTruncated | Boolean | Whether there are more items to return. If the results were truncated, make a subsequent pagination request using the Marker request parameter to retrieve more items. Note that IAM might return fewer than the MaxItems number of results even when there are more results available. AWS recommends checking IsTruncated after every call to ensure that all results are received. |
AWS.IAM.Roles.AttachedPolicies.Query.Marker | string | When IsTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent pagination request. |
#
Command example!aws-iam-list-attached-role-policies roleName=myRoleName
#
Context Example#
Human Readable Output#
Results#
Attached Policies for Role myRoleName
PolicyArn PolicyName RoleName arn:aws:iam::000000000000:policy/my-policy my-policy-name myRoleName arn:aws:iam::000000000001:policy/my-other-policy my-other-policy-name myRoleName
Listed 2 attached policies for role test-role
#
aws-iam-list-mfa-devicesLists the MFA devices for an IAM user.
#
Base Commandaws-iam-list-mfa-devices
#
InputArgument Name | Description | Required |
---|---|---|
userName | The name of the user whose MFA devices you want to list. | Required |
roleArn | The Amazon Resource Name (ARN) of the role to assume. | Optional |
roleSessionName | An identifier for the assumed role session. | Optional |
roleSessionDuration | The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role. | Optional |
marker | Use this parameter only when paginating results and only after you receive a response indicating that the results are truncated. Set it to the value of the Marker element in the response that you received to indicate where the next call should start. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
AWS.IAM.MFADevices.Devices.UserName | string | The user with whom the MFA device is associated. |
AWS.IAM.MFADevices.Devices.SerialNumber | string | The serial number that uniquely identifies the MFA device. For virtual MFA devices, the serial number is the device ARN. |
AWS.IAM.MFADevices.Devices.EnableDate | date | The date when the MFA device was enabled for the user. |
MFADevices.Devices.Marker | string | First element of next page of items. |
#
aws-iam-delete-mfa-devicesDeletes a virtual MFA device.
#
Base Commandaws-iam-delete-mfa-devices
#
InputArgument Name | Description | Required |
---|---|---|
serialNumber | The serial number that uniquely identifies the MFA device. For virtual MFA devices, the serial number is the same as the ARN. | Required |
roleArn | The Amazon Resource Name (ARN) of the role to assume. | Optional |
roleSessionName | An identifier for the assumed role session. | Optional |
roleSessionDuration | The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role. | Optional |
#
Context OutputThere is no context output for this command.
#
aws-iam-deactivate-mfa-devicesDeactivates the specified MFA device and removes it from association with the user name for which it was originally enabled.
#
Base Commandaws-iam-deactivate-mfa-devices
#
InputArgument Name | Description | Required |
---|---|---|
userName | The name of the user whose MFA devices you want to list. | Required |
serialNumber | The serial number that uniquely identifies the MFA device. For virtual MFA devices, the serial number is the same as the ARN. | Required |
roleArn | The Amazon Resource Name (ARN) of the role to assume. | Optional |
roleSessionName | An identifier for the assumed role session. | Optional |
roleSessionDuration | The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role. | Optional |
#
Context OutputThere is no context output for this command.