1{ 2 "version": "1.0", 3 "examples": { 4 "AddClientIDToOpenIDConnectProvider": [ 5 { 6 "input": { 7 "ClientID": "my-application-ID", 8 "OpenIDConnectProviderArn": "arn:aws:iam::123456789012:oidc-provider/server.example.com" 9 }, 10 "comments": { 11 "input": { 12 }, 13 "output": { 14 } 15 }, 16 "description": "The following add-client-id-to-open-id-connect-provider command adds the client ID my-application-ID to the OIDC provider named server.example.com:", 17 "id": "028e91f4-e2a6-4d59-9e3b-4965a3fb19be", 18 "title": "To add a client ID (audience) to an Open-ID Connect (OIDC) provider" 19 } 20 ], 21 "AddRoleToInstanceProfile": [ 22 { 23 "input": { 24 "InstanceProfileName": "Webserver", 25 "RoleName": "S3Access" 26 }, 27 "comments": { 28 "input": { 29 }, 30 "output": { 31 } 32 }, 33 "description": "The following command adds the role named S3Access to the instance profile named Webserver:", 34 "id": "c107fac3-edb6-4827-8a71-8863ec91c81f", 35 "title": "To add a role to an instance profile" 36 } 37 ], 38 "AddUserToGroup": [ 39 { 40 "input": { 41 "GroupName": "Admins", 42 "UserName": "Bob" 43 }, 44 "comments": { 45 "input": { 46 }, 47 "output": { 48 } 49 }, 50 "description": "The following command adds an IAM user named Bob to the IAM group named Admins:", 51 "id": "619c7e6b-09f8-4036-857b-51a6ea5027ca", 52 "title": "To add a user to an IAM group" 53 } 54 ], 55 "AttachGroupPolicy": [ 56 { 57 "input": { 58 "GroupName": "Finance", 59 "PolicyArn": "arn:aws:iam::aws:policy/ReadOnlyAccess" 60 }, 61 "comments": { 62 "input": { 63 }, 64 "output": { 65 } 66 }, 67 "description": "The following command attaches the AWS managed policy named ReadOnlyAccess to the IAM group named Finance.", 68 "id": "87551489-86f0-45db-9889-759936778f2b", 69 "title": "To attach a managed policy to an IAM group" 70 } 71 ], 72 "AttachRolePolicy": [ 73 { 74 "input": { 75 "PolicyArn": "arn:aws:iam::aws:policy/ReadOnlyAccess", 76 "RoleName": "ReadOnlyRole" 77 }, 78 "comments": { 79 "input": { 80 }, 81 "output": { 82 } 83 }, 84 "description": "The following command attaches the AWS managed policy named ReadOnlyAccess to the IAM role named ReadOnlyRole.", 85 "id": "3e1b8c7c-99c8-4fc4-a20c-131fe3f22c7e", 86 "title": "To attach a managed policy to an IAM role" 87 } 88 ], 89 "AttachUserPolicy": [ 90 { 91 "input": { 92 "PolicyArn": "arn:aws:iam::aws:policy/AdministratorAccess", 93 "UserName": "Alice" 94 }, 95 "comments": { 96 "input": { 97 }, 98 "output": { 99 } 100 }, 101 "description": "The following command attaches the AWS managed policy named AdministratorAccess to the IAM user named Alice.", 102 "id": "1372ebd8-9475-4b1a-a479-23b6fd4b8b3e", 103 "title": "To attach a managed policy to an IAM user" 104 } 105 ], 106 "ChangePassword": [ 107 { 108 "input": { 109 "NewPassword": "]35d/{pB9Fo9wJ", 110 "OldPassword": "3s0K_;xh4~8XXI" 111 }, 112 "comments": { 113 "input": { 114 }, 115 "output": { 116 } 117 }, 118 "description": "The following command changes the password for the current IAM user.", 119 "id": "3a80c66f-bffb-46df-947c-1e8fa583b470", 120 "title": "To change the password for your IAM user" 121 } 122 ], 123 "CreateAccessKey": [ 124 { 125 "input": { 126 "UserName": "Bob" 127 }, 128 "output": { 129 "AccessKey": { 130 "AccessKeyId": "AKIAIOSFODNN7EXAMPLE", 131 "CreateDate": "2015-03-09T18:39:23.411Z", 132 "SecretAccessKey": "wJalrXUtnFEMI/K7MDENG/bPxRfiCYzEXAMPLEKEY", 133 "Status": "Active", 134 "UserName": "Bob" 135 } 136 }, 137 "comments": { 138 "input": { 139 }, 140 "output": { 141 } 142 }, 143 "description": "The following command creates an access key (access key ID and secret access key) for the IAM user named Bob.", 144 "id": "1fbb3211-4cf2-41db-8c20-ba58d9f5802d", 145 "title": "To create an access key for an IAM user" 146 } 147 ], 148 "CreateAccountAlias": [ 149 { 150 "input": { 151 "AccountAlias": "examplecorp" 152 }, 153 "comments": { 154 "input": { 155 }, 156 "output": { 157 } 158 }, 159 "description": "The following command associates the alias examplecorp to your AWS account.", 160 "id": "5adaf6fb-94fc-4ca2-b825-2fbc2062add1", 161 "title": "To create an account alias" 162 } 163 ], 164 "CreateGroup": [ 165 { 166 "input": { 167 "GroupName": "Admins" 168 }, 169 "output": { 170 "Group": { 171 "Arn": "arn:aws:iam::123456789012:group/Admins", 172 "CreateDate": "2015-03-09T20:30:24.940Z", 173 "GroupId": "AIDGPMS9RO4H3FEXAMPLE", 174 "GroupName": "Admins", 175 "Path": "/" 176 } 177 }, 178 "comments": { 179 "input": { 180 }, 181 "output": { 182 } 183 }, 184 "description": "The following command creates an IAM group named Admins.", 185 "id": "d5da2a90-5e69-4ef7-8ae8-4c33dc21fd21", 186 "title": "To create an IAM group" 187 } 188 ], 189 "CreateInstanceProfile": [ 190 { 191 "input": { 192 "InstanceProfileName": "Webserver" 193 }, 194 "output": { 195 "InstanceProfile": { 196 "Arn": "arn:aws:iam::123456789012:instance-profile/Webserver", 197 "CreateDate": "2015-03-09T20:33:19.626Z", 198 "InstanceProfileId": "AIPAJMBYC7DLSPEXAMPLE", 199 "InstanceProfileName": "Webserver", 200 "Path": "/", 201 "Roles": [ 202 203 ] 204 } 205 }, 206 "comments": { 207 "input": { 208 }, 209 "output": { 210 } 211 }, 212 "description": "The following command creates an instance profile named Webserver that is ready to have a role attached and then be associated with an EC2 instance.", 213 "id": "5d84e6ae-5921-4e39-8454-10232cd9ff9a", 214 "title": "To create an instance profile" 215 } 216 ], 217 "CreateLoginProfile": [ 218 { 219 "input": { 220 "Password": "h]6EszR}vJ*m", 221 "PasswordResetRequired": true, 222 "UserName": "Bob" 223 }, 224 "output": { 225 "LoginProfile": { 226 "CreateDate": "2015-03-10T20:55:40.274Z", 227 "PasswordResetRequired": true, 228 "UserName": "Bob" 229 } 230 }, 231 "comments": { 232 "input": { 233 }, 234 "output": { 235 } 236 }, 237 "description": "The following command changes IAM user Bob's password and sets the flag that required Bob to change the password the next time he signs in.", 238 "id": "c63795bc-3444-40b3-89df-83c474ef88be", 239 "title": "To create an instance profile" 240 } 241 ], 242 "CreateOpenIDConnectProvider": [ 243 { 244 "input": { 245 "ClientIDList": [ 246 "my-application-id" 247 ], 248 "ThumbprintList": [ 249 "3768084dfb3d2b68b7897bf5f565da8efEXAMPLE" 250 ], 251 "Url": "https://server.example.com" 252 }, 253 "output": { 254 "OpenIDConnectProviderArn": "arn:aws:iam::123456789012:oidc-provider/server.example.com" 255 }, 256 "comments": { 257 "input": { 258 }, 259 "output": { 260 } 261 }, 262 "description": "The following example defines a new OIDC provider in IAM with a client ID of my-application-id and pointing at the server with a URL of https://server.example.com.", 263 "id": "4e4a6bff-cc97-4406-922e-0ab4a82cdb63", 264 "title": "To create an instance profile" 265 } 266 ], 267 "CreateRole": [ 268 { 269 "input": { 270 "AssumeRolePolicyDocument": "<URL-encoded-JSON>", 271 "Path": "/", 272 "RoleName": "Test-Role" 273 }, 274 "output": { 275 "Role": { 276 "Arn": "arn:aws:iam::123456789012:role/Test-Role", 277 "AssumeRolePolicyDocument": "<URL-encoded-JSON>", 278 "CreateDate": "2013-06-07T20:43:32.821Z", 279 "Path": "/", 280 "RoleId": "AKIAIOSFODNN7EXAMPLE", 281 "RoleName": "Test-Role" 282 } 283 }, 284 "comments": { 285 "input": { 286 }, 287 "output": { 288 } 289 }, 290 "description": "The following command creates a role named Test-Role and attaches a trust policy to it that is provided as a URL-encoded JSON string.", 291 "id": "eaaa4b5f-51f1-4f73-b0d3-30127040eff8", 292 "title": "To create an IAM role" 293 } 294 ], 295 "CreateUser": [ 296 { 297 "input": { 298 "UserName": "Bob" 299 }, 300 "output": { 301 "User": { 302 "Arn": "arn:aws:iam::123456789012:user/Bob", 303 "CreateDate": "2013-06-08T03:20:41.270Z", 304 "Path": "/", 305 "UserId": "AKIAIOSFODNN7EXAMPLE", 306 "UserName": "Bob" 307 } 308 }, 309 "comments": { 310 "input": { 311 }, 312 "output": { 313 } 314 }, 315 "description": "The following create-user command creates an IAM user named Bob in the current account.", 316 "id": "eb15f90b-e5f5-4af8-a594-e4e82b181a62", 317 "title": "To create an IAM user" 318 } 319 ], 320 "DeleteAccessKey": [ 321 { 322 "input": { 323 "AccessKeyId": "AKIDPMS9RO4H3FEXAMPLE", 324 "UserName": "Bob" 325 }, 326 "comments": { 327 "input": { 328 }, 329 "output": { 330 } 331 }, 332 "description": "The following command deletes one access key (access key ID and secret access key) assigned to the IAM user named Bob.", 333 "id": "61a785a7-d30a-415a-ae18-ab9236e56871", 334 "title": "To delete an access key for an IAM user" 335 } 336 ], 337 "DeleteAccountAlias": [ 338 { 339 "input": { 340 "AccountAlias": "mycompany" 341 }, 342 "comments": { 343 "input": { 344 }, 345 "output": { 346 } 347 }, 348 "description": "The following command removes the alias mycompany from the current AWS account:", 349 "id": "7abeca65-04a8-4500-a890-47f1092bf766", 350 "title": "To delete an account alias" 351 } 352 ], 353 "DeleteAccountPasswordPolicy": [ 354 { 355 "comments": { 356 "input": { 357 }, 358 "output": { 359 } 360 }, 361 "description": "The following command removes the password policy from the current AWS account:", 362 "id": "9ddf755e-495c-49bc-ae3b-ea6cc9b8ebcf", 363 "title": "To delete the current account password policy" 364 } 365 ], 366 "DeleteGroupPolicy": [ 367 { 368 "input": { 369 "GroupName": "Admins", 370 "PolicyName": "ExamplePolicy" 371 }, 372 "comments": { 373 "input": { 374 }, 375 "output": { 376 } 377 }, 378 "description": "The following command deletes the policy named ExamplePolicy from the group named Admins:", 379 "id": "e683f2bd-98a4-4fe0-bb66-33169c692d4a", 380 "title": "To delete a policy from an IAM group" 381 } 382 ], 383 "DeleteInstanceProfile": [ 384 { 385 "input": { 386 "InstanceProfileName": "ExampleInstanceProfile" 387 }, 388 "comments": { 389 "input": { 390 }, 391 "output": { 392 } 393 }, 394 "description": "The following command deletes the instance profile named ExampleInstanceProfile", 395 "id": "12d74fb8-3433-49db-8171-a1fc764e354d", 396 "title": "To delete an instance profile" 397 } 398 ], 399 "DeleteLoginProfile": [ 400 { 401 "input": { 402 "UserName": "Bob" 403 }, 404 "comments": { 405 "input": { 406 }, 407 "output": { 408 } 409 }, 410 "description": "The following command deletes the password for the IAM user named Bob.", 411 "id": "1fe57059-fc73-42e2-b992-517b7d573b5c", 412 "title": "To delete a password for an IAM user" 413 } 414 ], 415 "DeleteRole": [ 416 { 417 "input": { 418 "RoleName": "Test-Role" 419 }, 420 "comments": { 421 "input": { 422 }, 423 "output": { 424 } 425 }, 426 "description": "The following command removes the role named Test-Role.", 427 "id": "053cdf74-9bda-44b8-bdbb-140fd5a32603", 428 "title": "To delete an IAM role" 429 } 430 ], 431 "DeleteRolePolicy": [ 432 { 433 "input": { 434 "PolicyName": "ExamplePolicy", 435 "RoleName": "Test-Role" 436 }, 437 "comments": { 438 "input": { 439 }, 440 "output": { 441 } 442 }, 443 "description": "The following command removes the policy named ExamplePolicy from the role named Test-Role.", 444 "id": "9c667336-fde3-462c-b8f3-950800821e27", 445 "title": "To remove a policy from an IAM role" 446 } 447 ], 448 "DeleteSigningCertificate": [ 449 { 450 "input": { 451 "CertificateId": "TA7SMP42TDN5Z26OBPJE7EXAMPLE", 452 "UserName": "Anika" 453 }, 454 "comments": { 455 "input": { 456 }, 457 "output": { 458 } 459 }, 460 "description": "The following command deletes the specified signing certificate for the IAM user named Anika.", 461 "id": "e3357586-ba9c-4070-b35b-d1a899b71987", 462 "title": "To delete a signing certificate for an IAM user" 463 } 464 ], 465 "DeleteUser": [ 466 { 467 "input": { 468 "UserName": "Bob" 469 }, 470 "comments": { 471 "input": { 472 }, 473 "output": { 474 } 475 }, 476 "description": "The following command removes the IAM user named Bob from the current account.", 477 "id": "a13dc3f9-59fe-42d9-abbb-fb98b204fdf0", 478 "title": "To delete an IAM user" 479 } 480 ], 481 "DeleteUserPolicy": [ 482 { 483 "input": { 484 "PolicyName": "ExamplePolicy", 485 "UserName": "Juan" 486 }, 487 "comments": { 488 "input": { 489 }, 490 "output": { 491 } 492 }, 493 "description": "The following delete-user-policy command removes the specified policy from the IAM user named Juan:", 494 "id": "34f07ddc-9bc1-4f52-bc59-cd0a3ccd06c8", 495 "title": "To remove a policy from an IAM user" 496 } 497 ], 498 "DeleteVirtualMFADevice": [ 499 { 500 "input": { 501 "SerialNumber": "arn:aws:iam::123456789012:mfa/ExampleName" 502 }, 503 "comments": { 504 "input": { 505 }, 506 "output": { 507 } 508 }, 509 "description": "The following delete-virtual-mfa-device command removes the specified MFA device from the current AWS account.", 510 "id": "2933b08b-dbe7-4b89-b8c1-fdf75feea1ee", 511 "title": "To remove a virtual MFA device" 512 } 513 ], 514 "GetAccountPasswordPolicy": [ 515 { 516 "output": { 517 "PasswordPolicy": { 518 "AllowUsersToChangePassword": false, 519 "ExpirePasswords": false, 520 "HardExpiry": false, 521 "MaxPasswordAge": 90, 522 "MinimumPasswordLength": 8, 523 "PasswordReusePrevention": 12, 524 "RequireLowercaseCharacters": false, 525 "RequireNumbers": true, 526 "RequireSymbols": true, 527 "RequireUppercaseCharacters": false 528 } 529 }, 530 "comments": { 531 "input": { 532 }, 533 "output": { 534 } 535 }, 536 "description": "The following command displays details about the password policy for the current AWS account.", 537 "id": "5e4598c7-c425-431f-8af1-19073b3c4a5f", 538 "title": "To see the current account password policy" 539 } 540 ], 541 "GetAccountSummary": [ 542 { 543 "output": { 544 "SummaryMap": { 545 "AccessKeysPerUserQuota": 2, 546 "AccountAccessKeysPresent": 1, 547 "AccountMFAEnabled": 0, 548 "AccountSigningCertificatesPresent": 0, 549 "AttachedPoliciesPerGroupQuota": 10, 550 "AttachedPoliciesPerRoleQuota": 10, 551 "AttachedPoliciesPerUserQuota": 10, 552 "GroupPolicySizeQuota": 5120, 553 "Groups": 15, 554 "GroupsPerUserQuota": 10, 555 "GroupsQuota": 100, 556 "MFADevices": 6, 557 "MFADevicesInUse": 3, 558 "Policies": 8, 559 "PoliciesQuota": 1000, 560 "PolicySizeQuota": 5120, 561 "PolicyVersionsInUse": 22, 562 "PolicyVersionsInUseQuota": 10000, 563 "ServerCertificates": 1, 564 "ServerCertificatesQuota": 20, 565 "SigningCertificatesPerUserQuota": 2, 566 "UserPolicySizeQuota": 2048, 567 "Users": 27, 568 "UsersQuota": 5000, 569 "VersionsPerPolicyQuota": 5 570 } 571 }, 572 "comments": { 573 "input": { 574 }, 575 "output": { 576 } 577 }, 578 "description": "The following command returns information about the IAM entity quotas and usage in the current AWS account.", 579 "id": "9d8447af-f344-45de-8219-2cebc3cce7f2", 580 "title": "To get information about IAM entity quotas and usage in the current account" 581 } 582 ], 583 "GetInstanceProfile": [ 584 { 585 "input": { 586 "InstanceProfileName": "ExampleInstanceProfile" 587 }, 588 "output": { 589 "InstanceProfile": { 590 "Arn": "arn:aws:iam::336924118301:instance-profile/ExampleInstanceProfile", 591 "CreateDate": "2013-06-12T23:52:02Z", 592 "InstanceProfileId": "AID2MAB8DPLSRHEXAMPLE", 593 "InstanceProfileName": "ExampleInstanceProfile", 594 "Path": "/", 595 "Roles": [ 596 { 597 "Arn": "arn:aws:iam::336924118301:role/Test-Role", 598 "AssumeRolePolicyDocument": "<URL-encoded-JSON>", 599 "CreateDate": "2013-01-09T06:33:26Z", 600 "Path": "/", 601 "RoleId": "AIDGPMS9RO4H3FEXAMPLE", 602 "RoleName": "Test-Role" 603 } 604 ] 605 } 606 }, 607 "comments": { 608 "input": { 609 }, 610 "output": { 611 } 612 }, 613 "description": "The following command gets information about the instance profile named ExampleInstanceProfile.", 614 "id": "463b9ba5-18cc-4608-9ccb-5a7c6b6e5fe7", 615 "title": "To get information about an instance profile" 616 } 617 ], 618 "GetLoginProfile": [ 619 { 620 "input": { 621 "UserName": "Anika" 622 }, 623 "output": { 624 "LoginProfile": { 625 "CreateDate": "2012-09-21T23:03:39Z", 626 "UserName": "Anika" 627 } 628 }, 629 "comments": { 630 "input": { 631 }, 632 "output": { 633 } 634 }, 635 "description": "The following command gets information about the password for the IAM user named Anika.", 636 "id": "d6b580cc-909f-4925-9caa-d425cbc1ad47", 637 "title": "To get password information for an IAM user" 638 } 639 ], 640 "GetRole": [ 641 { 642 "input": { 643 "RoleName": "Test-Role" 644 }, 645 "output": { 646 "Role": { 647 "Arn": "arn:aws:iam::123456789012:role/Test-Role", 648 "AssumeRolePolicyDocument": "<URL-encoded-JSON>", 649 "CreateDate": "2013-04-18T05:01:58Z", 650 "Path": "/", 651 "RoleId": "AIDIODR4TAW7CSEXAMPLE", 652 "RoleName": "Test-Role" 653 } 654 }, 655 "comments": { 656 "input": { 657 }, 658 "output": { 659 } 660 }, 661 "description": "The following command gets information about the role named Test-Role.", 662 "id": "5b7d03a6-340c-472d-aa77-56425950d8b0", 663 "title": "To get information about an IAM role" 664 } 665 ], 666 "GetUser": [ 667 { 668 "input": { 669 "UserName": "Bob" 670 }, 671 "output": { 672 "User": { 673 "Arn": "arn:aws:iam::123456789012:user/Bob", 674 "CreateDate": "2012-09-21T23:03:13Z", 675 "Path": "/", 676 "UserId": "AKIAIOSFODNN7EXAMPLE", 677 "UserName": "Bob" 678 } 679 }, 680 "comments": { 681 "input": { 682 }, 683 "output": { 684 } 685 }, 686 "description": "The following command gets information about the IAM user named Bob.", 687 "id": "ede000a1-9e4c-40db-bd0a-d4f95e41a6ab", 688 "title": "To get information about an IAM user" 689 } 690 ], 691 "ListAccessKeys": [ 692 { 693 "input": { 694 "UserName": "Alice" 695 }, 696 "output": { 697 "AccessKeyMetadata": [ 698 { 699 "AccessKeyId": "AKIA111111111EXAMPLE", 700 "CreateDate": "2016-12-01T22:19:58Z", 701 "Status": "Active", 702 "UserName": "Alice" 703 }, 704 { 705 "AccessKeyId": "AKIA222222222EXAMPLE", 706 "CreateDate": "2016-12-01T22:20:01Z", 707 "Status": "Active", 708 "UserName": "Alice" 709 } 710 ] 711 }, 712 "comments": { 713 "input": { 714 }, 715 "output": { 716 } 717 }, 718 "description": "The following command lists the access keys IDs for the IAM user named Alice.", 719 "id": "15571463-ebea-411a-a021-1c76bd2a3625", 720 "title": "To list the access key IDs for an IAM user" 721 } 722 ], 723 "ListAccountAliases": [ 724 { 725 "input": { 726 }, 727 "output": { 728 "AccountAliases": [ 729 "exmaple-corporation" 730 ] 731 }, 732 "comments": { 733 "input": { 734 }, 735 "output": { 736 } 737 }, 738 "description": "The following command lists the aliases for the current account.", 739 "id": "e27b457a-16f9-4e05-a006-3df7b3472741", 740 "title": "To list account aliases" 741 } 742 ], 743 "ListGroupPolicies": [ 744 { 745 "input": { 746 "GroupName": "Admins" 747 }, 748 "output": { 749 "PolicyNames": [ 750 "AdminRoot", 751 "KeyPolicy" 752 ] 753 }, 754 "comments": { 755 "input": { 756 }, 757 "output": { 758 } 759 }, 760 "description": "The following command lists the names of in-line policies that are embedded in the IAM group named Admins.", 761 "id": "02de5095-2410-4d3a-ac1b-cc40234af68f", 762 "title": "To list the in-line policies for an IAM group" 763 } 764 ], 765 "ListGroups": [ 766 { 767 "input": { 768 }, 769 "output": { 770 "Groups": [ 771 { 772 "Arn": "arn:aws:iam::123456789012:group/Admins", 773 "CreateDate": "2016-12-15T21:40:08.121Z", 774 "GroupId": "AGPA1111111111EXAMPLE", 775 "GroupName": "Admins", 776 "Path": "/division_abc/subdivision_xyz/" 777 }, 778 { 779 "Arn": "arn:aws:iam::123456789012:group/division_abc/subdivision_xyz/product_1234/engineering/Test", 780 "CreateDate": "2016-11-30T14:10:01.156Z", 781 "GroupId": "AGP22222222222EXAMPLE", 782 "GroupName": "Test", 783 "Path": "/division_abc/subdivision_xyz/product_1234/engineering/" 784 }, 785 { 786 "Arn": "arn:aws:iam::123456789012:group/division_abc/subdivision_xyz/product_1234/Managers", 787 "CreateDate": "2016-06-12T20:14:52.032Z", 788 "GroupId": "AGPI3333333333EXAMPLE", 789 "GroupName": "Managers", 790 "Path": "/division_abc/subdivision_xyz/product_1234/" 791 } 792 ] 793 }, 794 "comments": { 795 "input": { 796 }, 797 "output": { 798 } 799 }, 800 "description": "The following command lists the IAM groups in the current account:", 801 "id": "b3ab1380-2a21-42fb-8e85-503f65512c66", 802 "title": "To list the IAM groups for the current account" 803 } 804 ], 805 "ListGroupsForUser": [ 806 { 807 "input": { 808 "UserName": "Bob" 809 }, 810 "output": { 811 "Groups": [ 812 { 813 "Arn": "arn:aws:iam::123456789012:group/division_abc/subdivision_xyz/product_1234/engineering/Test", 814 "CreateDate": "2016-11-30T14:10:01.156Z", 815 "GroupId": "AGP2111111111EXAMPLE", 816 "GroupName": "Test", 817 "Path": "/division_abc/subdivision_xyz/product_1234/engineering/" 818 }, 819 { 820 "Arn": "arn:aws:iam::123456789012:group/division_abc/subdivision_xyz/product_1234/Managers", 821 "CreateDate": "2016-06-12T20:14:52.032Z", 822 "GroupId": "AGPI222222222SEXAMPLE", 823 "GroupName": "Managers", 824 "Path": "/division_abc/subdivision_xyz/product_1234/" 825 } 826 ] 827 }, 828 "comments": { 829 "input": { 830 }, 831 "output": { 832 } 833 }, 834 "description": "The following command displays the groups that the IAM user named Bob belongs to.", 835 "id": "278ec2ee-fc28-4136-83fb-433af0ae46a2", 836 "title": "To list the groups that an IAM user belongs to" 837 } 838 ], 839 "ListRoleTags": [ 840 { 841 "input": { 842 "RoleName": "taggedrole1" 843 }, 844 "output": { 845 "IsTruncated": false, 846 "Tags": [ 847 { 848 "Key": "Dept", 849 "Value": "12345" 850 }, 851 { 852 "Key": "Team", 853 "Value": "Accounting" 854 } 855 ] 856 }, 857 "comments": { 858 "input": { 859 }, 860 "output": { 861 } 862 }, 863 "description": "The following example shows how to list the tags attached to a role.", 864 "id": "to-list-the-tags-attached-to-an-iam-role-1506719238376", 865 "title": "To list the tags attached to an IAM role" 866 } 867 ], 868 "ListSigningCertificates": [ 869 { 870 "input": { 871 "UserName": "Bob" 872 }, 873 "output": { 874 "Certificates": [ 875 { 876 "CertificateBody": "-----BEGIN CERTIFICATE-----<certificate-body>-----END CERTIFICATE-----", 877 "CertificateId": "TA7SMP42TDN5Z26OBPJE7EXAMPLE", 878 "Status": "Active", 879 "UploadDate": "2013-06-06T21:40:08Z", 880 "UserName": "Bob" 881 } 882 ] 883 }, 884 "comments": { 885 "input": { 886 }, 887 "output": { 888 } 889 }, 890 "description": "The following command lists the signing certificates for the IAM user named Bob.", 891 "id": "b4c10256-4fc9-457e-b3fd-4a110d4d73dc", 892 "title": "To list the signing certificates for an IAM user" 893 } 894 ], 895 "ListUserTags": [ 896 { 897 "input": { 898 "UserName": "anika" 899 }, 900 "output": { 901 "IsTruncated": false, 902 "Tags": [ 903 { 904 "Key": "Dept", 905 "Value": "12345" 906 }, 907 { 908 "Key": "Team", 909 "Value": "Accounting" 910 } 911 ] 912 }, 913 "comments": { 914 "input": { 915 }, 916 "output": { 917 } 918 }, 919 "description": "The following example shows how to list the tags attached to a user.", 920 "id": "to-list-the-tags-attached-to-an-iam-user-1506719473186", 921 "title": "To list the tags attached to an IAM user" 922 } 923 ], 924 "ListUsers": [ 925 { 926 "input": { 927 }, 928 "output": { 929 "Users": [ 930 { 931 "Arn": "arn:aws:iam::123456789012:user/division_abc/subdivision_xyz/engineering/Juan", 932 "CreateDate": "2012-09-05T19:38:48Z", 933 "PasswordLastUsed": "2016-09-08T21:47:36Z", 934 "Path": "/division_abc/subdivision_xyz/engineering/", 935 "UserId": "AID2MAB8DPLSRHEXAMPLE", 936 "UserName": "Juan" 937 }, 938 { 939 "Arn": "arn:aws:iam::123456789012:user/division_abc/subdivision_xyz/engineering/Anika", 940 "CreateDate": "2014-04-09T15:43:45Z", 941 "PasswordLastUsed": "2016-09-24T16:18:07Z", 942 "Path": "/division_abc/subdivision_xyz/engineering/", 943 "UserId": "AIDIODR4TAW7CSEXAMPLE", 944 "UserName": "Anika" 945 } 946 ] 947 }, 948 "comments": { 949 "input": { 950 }, 951 "output": { 952 } 953 }, 954 "description": "The following command lists the IAM users in the current account.", 955 "id": "9edfbd73-03d8-4d8a-9a79-76c85e8c8298", 956 "title": "To list IAM users" 957 } 958 ], 959 "ListVirtualMFADevices": [ 960 { 961 "input": { 962 }, 963 "output": { 964 "VirtualMFADevices": [ 965 { 966 "SerialNumber": "arn:aws:iam::123456789012:mfa/ExampleMFADevice" 967 }, 968 { 969 "SerialNumber": "arn:aws:iam::123456789012:mfa/Juan" 970 } 971 ] 972 }, 973 "comments": { 974 "input": { 975 }, 976 "output": { 977 } 978 }, 979 "description": "The following command lists the virtual MFA devices that have been configured for the current account.", 980 "id": "54f9ac18-5100-4070-bec4-fe5f612710d5", 981 "title": "To list virtual MFA devices" 982 } 983 ], 984 "PutGroupPolicy": [ 985 { 986 "input": { 987 "GroupName": "Admins", 988 "PolicyDocument": "{\"Version\":\"2012-10-17\",\"Statement\":{\"Effect\":\"Allow\",\"Action\":\"*\",\"Resource\":\"*\"}}", 989 "PolicyName": "AllPerms" 990 }, 991 "comments": { 992 "input": { 993 }, 994 "output": { 995 } 996 }, 997 "description": "The following command adds a policy named AllPerms to the IAM group named Admins.", 998 "id": "4bc17418-758f-4d0f-ab0c-4d00265fec2e", 999 "title": "To add a policy to a group" 1000 } 1001 ], 1002 "PutRolePolicy": [ 1003 { 1004 "input": { 1005 "PolicyDocument": "{\"Version\":\"2012-10-17\",\"Statement\":{\"Effect\":\"Allow\",\"Action\":\"s3:*\",\"Resource\":\"*\"}}", 1006 "PolicyName": "S3AccessPolicy", 1007 "RoleName": "S3Access" 1008 }, 1009 "comments": { 1010 "input": { 1011 }, 1012 "output": { 1013 } 1014 }, 1015 "description": "The following command adds a permissions policy to the role named Test-Role.", 1016 "id": "de62fd00-46c7-4601-9e0d-71d5fbb11ecb", 1017 "title": "To attach a permissions policy to an IAM role" 1018 } 1019 ], 1020 "PutUserPolicy": [ 1021 { 1022 "input": { 1023 "PolicyDocument": "{\"Version\":\"2012-10-17\",\"Statement\":{\"Effect\":\"Allow\",\"Action\":\"*\",\"Resource\":\"*\"}}", 1024 "PolicyName": "AllAccessPolicy", 1025 "UserName": "Bob" 1026 }, 1027 "comments": { 1028 "input": { 1029 }, 1030 "output": { 1031 } 1032 }, 1033 "description": "The following command attaches a policy to the IAM user named Bob.", 1034 "id": "2551ffc6-3576-4d39-823f-30b60bffc2c7", 1035 "title": "To attach a policy to an IAM user" 1036 } 1037 ], 1038 "RemoveRoleFromInstanceProfile": [ 1039 { 1040 "input": { 1041 "InstanceProfileName": "ExampleInstanceProfile", 1042 "RoleName": "Test-Role" 1043 }, 1044 "comments": { 1045 "input": { 1046 }, 1047 "output": { 1048 } 1049 }, 1050 "description": "The following command removes the role named Test-Role from the instance profile named ExampleInstanceProfile.", 1051 "id": "6d9f46f1-9f4a-4873-b403-51a85c5c627c", 1052 "title": "To remove a role from an instance profile" 1053 } 1054 ], 1055 "RemoveUserFromGroup": [ 1056 { 1057 "input": { 1058 "GroupName": "Admins", 1059 "UserName": "Bob" 1060 }, 1061 "comments": { 1062 "input": { 1063 }, 1064 "output": { 1065 } 1066 }, 1067 "description": "The following command removes the user named Bob from the IAM group named Admins.", 1068 "id": "fb54d5b4-0caf-41d8-af0e-10a84413f174", 1069 "title": "To remove a user from an IAM group" 1070 } 1071 ], 1072 "TagRole": [ 1073 { 1074 "input": { 1075 "RoleName": "taggedrole", 1076 "Tags": [ 1077 { 1078 "Key": "Dept", 1079 "Value": "Accounting" 1080 }, 1081 { 1082 "Key": "CostCenter", 1083 "Value": "12345" 1084 } 1085 ] 1086 }, 1087 "comments": { 1088 "input": { 1089 }, 1090 "output": { 1091 } 1092 }, 1093 "description": "The following example shows how to add tags to an existing role.", 1094 "id": "to-add-a-tag-key-and-value-to-an-iam-role-1506718791513", 1095 "title": "To add a tag key and value to an IAM role" 1096 } 1097 ], 1098 "TagUser": [ 1099 { 1100 "input": { 1101 "Tags": [ 1102 { 1103 "Key": "Dept", 1104 "Value": "Accounting" 1105 }, 1106 { 1107 "Key": "CostCenter", 1108 "Value": "12345" 1109 } 1110 ], 1111 "UserName": "anika" 1112 }, 1113 "comments": { 1114 "input": { 1115 }, 1116 "output": { 1117 } 1118 }, 1119 "description": "The following example shows how to add tags to an existing user.", 1120 "id": "to-add-a-tag-key-and-value-to-an-iam-user-1506719044227", 1121 "title": "To add a tag key and value to an IAM user" 1122 } 1123 ], 1124 "UntagRole": [ 1125 { 1126 "input": { 1127 "RoleName": "taggedrole", 1128 "TagKeys": [ 1129 "Dept" 1130 ] 1131 }, 1132 "comments": { 1133 "input": { 1134 }, 1135 "output": { 1136 } 1137 }, 1138 "description": "The following example shows how to remove a tag with the key 'Dept' from a role named 'taggedrole'.", 1139 "id": "to-remove-a-tag-from-an-iam-role-1506719589943", 1140 "title": "To remove a tag from an IAM role" 1141 } 1142 ], 1143 "UntagUser": [ 1144 { 1145 "input": { 1146 "TagKeys": [ 1147 "Dept" 1148 ], 1149 "UserName": "anika" 1150 }, 1151 "comments": { 1152 "input": { 1153 }, 1154 "output": { 1155 } 1156 }, 1157 "description": "The following example shows how to remove tags that are attached to a user named 'anika'.", 1158 "id": "to-remove-a-tag-from-an-iam-user-1506719725554", 1159 "title": "To remove a tag from an IAM user" 1160 } 1161 ], 1162 "UpdateAccessKey": [ 1163 { 1164 "input": { 1165 "AccessKeyId": "AKIAIOSFODNN7EXAMPLE", 1166 "Status": "Inactive", 1167 "UserName": "Bob" 1168 }, 1169 "comments": { 1170 "input": { 1171 }, 1172 "output": { 1173 } 1174 }, 1175 "description": "The following command deactivates the specified access key (access key ID and secret access key) for the IAM user named Bob.", 1176 "id": "02b556fd-e673-49b7-ab6b-f2f9035967d0", 1177 "title": "To activate or deactivate an access key for an IAM user" 1178 } 1179 ], 1180 "UpdateAccountPasswordPolicy": [ 1181 { 1182 "input": { 1183 "MinimumPasswordLength": 8, 1184 "RequireNumbers": true 1185 }, 1186 "comments": { 1187 "input": { 1188 }, 1189 "output": { 1190 } 1191 }, 1192 "description": "The following command sets the password policy to require a minimum length of eight characters and to require one or more numbers in the password:", 1193 "id": "c263a1af-37dc-4423-8dba-9790284ef5e0", 1194 "title": "To set or change the current account password policy" 1195 } 1196 ], 1197 "UpdateAssumeRolePolicy": [ 1198 { 1199 "input": { 1200 "PolicyDocument": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"Service\":[\"ec2.amazonaws.com\"]},\"Action\":[\"sts:AssumeRole\"]}]}", 1201 "RoleName": "S3AccessForEC2Instances" 1202 }, 1203 "comments": { 1204 "input": { 1205 }, 1206 "output": { 1207 } 1208 }, 1209 "description": "The following command updates the role trust policy for the role named Test-Role:", 1210 "id": "c9150063-d953-4e99-9576-9685872006c6", 1211 "title": "To update the trust policy for an IAM role" 1212 } 1213 ], 1214 "UpdateGroup": [ 1215 { 1216 "input": { 1217 "GroupName": "Test", 1218 "NewGroupName": "Test-1" 1219 }, 1220 "comments": { 1221 "input": { 1222 }, 1223 "output": { 1224 } 1225 }, 1226 "description": "The following command changes the name of the IAM group Test to Test-1.", 1227 "id": "f0cf1662-91ae-4278-a80e-7db54256ccba", 1228 "title": "To rename an IAM group" 1229 } 1230 ], 1231 "UpdateLoginProfile": [ 1232 { 1233 "input": { 1234 "Password": "SomeKindOfPassword123!@#", 1235 "UserName": "Bob" 1236 }, 1237 "comments": { 1238 "input": { 1239 }, 1240 "output": { 1241 } 1242 }, 1243 "description": "The following command creates or changes the password for the IAM user named Bob.", 1244 "id": "036d9498-ecdb-4ed6-a8d8-366c383d1487", 1245 "title": "To change the password for an IAM user" 1246 } 1247 ], 1248 "UpdateSigningCertificate": [ 1249 { 1250 "input": { 1251 "CertificateId": "TA7SMP42TDN5Z26OBPJE7EXAMPLE", 1252 "Status": "Inactive", 1253 "UserName": "Bob" 1254 }, 1255 "comments": { 1256 "input": { 1257 }, 1258 "output": { 1259 } 1260 }, 1261 "description": "The following command changes the status of a signing certificate for a user named Bob to Inactive.", 1262 "id": "829aee7b-efc5-4b3b-84a5-7f899b38018d", 1263 "title": "To change the active status of a signing certificate for an IAM user" 1264 } 1265 ], 1266 "UpdateUser": [ 1267 { 1268 "input": { 1269 "NewUserName": "Robert", 1270 "UserName": "Bob" 1271 }, 1272 "comments": { 1273 "input": { 1274 }, 1275 "output": { 1276 } 1277 }, 1278 "description": "The following command changes the name of the IAM user Bob to Robert. It does not change the user's path.", 1279 "id": "275d53ed-347a-44e6-b7d0-a96276154352", 1280 "title": "To change an IAM user's name" 1281 } 1282 ], 1283 "UploadServerCertificate": [ 1284 { 1285 "input": { 1286 "CertificateBody": "-----BEGIN CERTIFICATE-----<a very long certificate text string>-----END CERTIFICATE-----", 1287 "Path": "/company/servercerts/", 1288 "PrivateKey": "-----BEGIN DSA PRIVATE KEY-----<a very long private key string>-----END DSA PRIVATE KEY-----", 1289 "ServerCertificateName": "ProdServerCert" 1290 }, 1291 "output": { 1292 "ServerCertificateMetadata": { 1293 "Arn": "arn:aws:iam::123456789012:server-certificate/company/servercerts/ProdServerCert", 1294 "Expiration": "2012-05-08T01:02:03.004Z", 1295 "Path": "/company/servercerts/", 1296 "ServerCertificateId": "ASCA1111111111EXAMPLE", 1297 "ServerCertificateName": "ProdServerCert", 1298 "UploadDate": "2010-05-08T01:02:03.004Z" 1299 } 1300 }, 1301 "comments": { 1302 "input": { 1303 }, 1304 "output": { 1305 } 1306 }, 1307 "description": "The following upload-server-certificate command uploads a server certificate to your AWS account:", 1308 "id": "06eab6d1-ebf2-4bd9-839d-f7508b9a38b6", 1309 "title": "To upload a server certificate to your AWS account" 1310 } 1311 ], 1312 "UploadSigningCertificate": [ 1313 { 1314 "input": { 1315 "CertificateBody": "-----BEGIN CERTIFICATE-----<certificate-body>-----END CERTIFICATE-----", 1316 "UserName": "Bob" 1317 }, 1318 "output": { 1319 "Certificate": { 1320 "CertificateBody": "-----BEGIN CERTIFICATE-----<certificate-body>-----END CERTIFICATE-----", 1321 "CertificateId": "ID123456789012345EXAMPLE", 1322 "Status": "Active", 1323 "UploadDate": "2015-06-06T21:40:08.121Z", 1324 "UserName": "Bob" 1325 } 1326 }, 1327 "comments": { 1328 "input": { 1329 }, 1330 "output": { 1331 } 1332 }, 1333 "description": "The following command uploads a signing certificate for the IAM user named Bob.", 1334 "id": "e67489b6-7b73-4e30-9ed3-9a9e0231e458", 1335 "title": "To upload a signing certificate for an IAM user" 1336 } 1337 ] 1338 } 1339} 1340