1{ 2 "version": "1.0", 3 "examples": { 4 "AssumeRole": [ 5 { 6 "input": { 7 "DurationSeconds": 3600, 8 "ExternalId": "123ABC", 9 "Policy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"Stmt1\",\"Effect\":\"Allow\",\"Action\":\"s3:*\",\"Resource\":\"*\"}]}", 10 "RoleArn": "arn:aws:iam::123456789012:role/demo", 11 "RoleSessionName": "Bob" 12 }, 13 "output": { 14 "AssumedRoleUser": { 15 "Arn": "arn:aws:sts::123456789012:assumed-role/demo/Bob", 16 "AssumedRoleId": "ARO123EXAMPLE123:Bob" 17 }, 18 "Credentials": { 19 "AccessKeyId": "AKIAIOSFODNN7EXAMPLE", 20 "Expiration": "2011-07-15T23:28:33.359Z", 21 "SecretAccessKey": "wJalrXUtnFEMI/K7MDENG/bPxRfiCYzEXAMPLEKEY", 22 "SessionToken": "AQoDYXdzEPT//////////wEXAMPLEtc764bNrC9SAPBSM22wDOk4x4HIZ8j4FZTwdQWLWsKWHGBuFqwAeMicRXmxfpSPfIeoIYRqTflfKD8YUuwthAx7mSEI/qkPpKPi/kMcGdQrmGdeehM4IC1NtBmUpp2wUE8phUZampKsburEDy0KPkyQDYwT7WZ0wq5VSXDvp75YU9HFvlRd8Tx6q6fE8YQcHNVXAkiY9q6d+xo0rKwT38xVqr7ZD0u0iPPkUL64lIZbqBAz+scqKmlzm8FDrypNC9Yjc8fPOLn9FX9KSYvKTr4rvx3iSIlTJabIQwj2ICCR/oLxBA==" 23 }, 24 "PackedPolicySize": 6 25 }, 26 "comments": { 27 "input": { 28 }, 29 "output": { 30 } 31 }, 32 "description": "", 33 "id": "to-assume-a-role-1480532402212", 34 "title": "To assume a role" 35 } 36 ], 37 "AssumeRoleWithWebIdentity": [ 38 { 39 "input": { 40 "DurationSeconds": 3600, 41 "ProviderId": "www.amazon.com", 42 "RoleArn": "arn:aws:iam::123456789012:role/FederatedWebIdentityRole", 43 "RoleSessionName": "app1", 44 "WebIdentityToken": "Atza%7CIQEBLjAsAhRFiXuWpUXuRvQ9PZL3GMFcYevydwIUFAHZwXZXXXXXXXXJnrulxKDHwy87oGKPznh0D6bEQZTSCzyoCtL_8S07pLpr0zMbn6w1lfVZKNTBdDansFBmtGnIsIapjI6xKR02Yc_2bQ8LZbUXSGm6Ry6_BG7PrtLZtj_dfCTj92xNGed-CrKqjG7nPBjNIL016GGvuS5gSvPRUxWES3VYfm1wl7WTI7jn-Pcb6M-buCgHhFOzTQxod27L9CqnOLio7N3gZAGpsp6n1-AJBOCJckcyXe2c6uD0srOJeZlKUm2eTDVMf8IehDVI0r1QOnTV6KzzAI3OY87Vd_cVMQ" 45 }, 46 "output": { 47 "AssumedRoleUser": { 48 "Arn": "arn:aws:sts::123456789012:assumed-role/FederatedWebIdentityRole/app1", 49 "AssumedRoleId": "AROACLKWSDQRAOEXAMPLE:app1" 50 }, 51 "Audience": "[email protected]", 52 "Credentials": { 53 "AccessKeyId": "AKIAIOSFODNN7EXAMPLE", 54 "Expiration": "2014-10-24T23:00:23Z", 55 "SecretAccessKey": "wJalrXUtnFEMI/K7MDENG/bPxRfiCYzEXAMPLEKEY", 56 "SessionToken": "AQoDYXdzEE0a8ANXXXXXXXXNO1ewxE5TijQyp+IEXAMPLE" 57 }, 58 "PackedPolicySize": 123, 59 "Provider": "www.amazon.com", 60 "SubjectFromWebIdentityToken": "amzn1.account.AF6RHO7KZU5XRVQJGXK6HEXAMPLE" 61 }, 62 "comments": { 63 "input": { 64 }, 65 "output": { 66 } 67 }, 68 "description": "", 69 "id": "to-assume-a-role-as-an-openid-connect-federated-user-1480533445696", 70 "title": "To assume a role as an OpenID Connect-federated user" 71 } 72 ], 73 "DecodeAuthorizationMessage": [ 74 { 75 "input": { 76 "EncodedMessage": "<encoded-message>" 77 }, 78 "output": { 79 "DecodedMessage": "{\"allowed\": \"false\",\"explicitDeny\": \"false\",\"matchedStatements\": \"\",\"failures\": \"\",\"context\": {\"principal\": {\"id\": \"AIDACKCEVSQ6C2EXAMPLE\",\"name\": \"Bob\",\"arn\": \"arn:aws:iam::123456789012:user/Bob\"},\"action\": \"ec2:StopInstances\",\"resource\": \"arn:aws:ec2:us-east-1:123456789012:instance/i-dd01c9bd\",\"conditions\": [{\"item\": {\"key\": \"ec2:Tenancy\",\"values\": [\"default\"]},{\"item\": {\"key\": \"ec2:ResourceTag/elasticbeanstalk:environment-name\",\"values\": [\"Default-Environment\"]}},(Additional items ...)]}}" 80 }, 81 "comments": { 82 "input": { 83 }, 84 "output": { 85 } 86 }, 87 "description": "", 88 "id": "to-decode-information-about-an-authorization-status-of-a-request-1480533854499", 89 "title": "To decode information about an authorization status of a request" 90 } 91 ], 92 "GetCallerIdentity": [ 93 { 94 "input": { 95 }, 96 "output": { 97 "Account": "123456789012", 98 "Arn": "arn:aws:iam::123456789012:user/Alice", 99 "UserId": "AKIAI44QH8DHBEXAMPLE" 100 }, 101 "comments": { 102 "input": { 103 }, 104 "output": { 105 } 106 }, 107 "description": "This example shows a request and response made with the credentials for a user named Alice in the AWS account 123456789012.", 108 "id": "to-get-details-about-a-calling-iam-user-1480540050376", 109 "title": "To get details about a calling IAM user" 110 }, 111 { 112 "input": { 113 }, 114 "output": { 115 "Account": "123456789012", 116 "Arn": "arn:aws:sts::123456789012:assumed-role/my-role-name/my-role-session-name", 117 "UserId": "AKIAI44QH8DHBEXAMPLE:my-role-session-name" 118 }, 119 "comments": { 120 "input": { 121 }, 122 "output": { 123 } 124 }, 125 "description": "This example shows a request and response made with temporary credentials created by AssumeRole. The name of the assumed role is my-role-name, and the RoleSessionName is set to my-role-session-name.", 126 "id": "to-get-details-about-a-calling-user-federated-with-assumerole-1480540158545", 127 "title": "To get details about a calling user federated with AssumeRole" 128 }, 129 { 130 "input": { 131 }, 132 "output": { 133 "Account": "123456789012", 134 "Arn": "arn:aws:sts::123456789012:federated-user/my-federated-user-name", 135 "UserId": "123456789012:my-federated-user-name" 136 }, 137 "comments": { 138 "input": { 139 }, 140 "output": { 141 } 142 }, 143 "description": "This example shows a request and response made with temporary credentials created by using GetFederationToken. The Name parameter is set to my-federated-user-name.", 144 "id": "to-get-details-about-a-calling-user-federated-with-getfederationtoken-1480540231316", 145 "title": "To get details about a calling user federated with GetFederationToken" 146 } 147 ], 148 "GetFederationToken": [ 149 { 150 "input": { 151 "DurationSeconds": 3600, 152 "Name": "Bob", 153 "Policy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"Stmt1\",\"Effect\":\"Allow\",\"Action\":\"s3:*\",\"Resource\":\"*\"}]}" 154 }, 155 "output": { 156 "Credentials": { 157 "AccessKeyId": "AKIAIOSFODNN7EXAMPLE", 158 "Expiration": "2011-07-15T23:28:33.359Z", 159 "SecretAccessKey": "wJalrXUtnFEMI/K7MDENG/bPxRfiCYzEXAMPLEKEY", 160 "SessionToken": "AQoDYXdzEPT//////////wEXAMPLEtc764bNrC9SAPBSM22wDOk4x4HIZ8j4FZTwdQWLWsKWHGBuFqwAeMicRXmxfpSPfIeoIYRqTflfKD8YUuwthAx7mSEI/qkPpKPi/kMcGdQrmGdeehM4IC1NtBmUpp2wUE8phUZampKsburEDy0KPkyQDYwT7WZ0wq5VSXDvp75YU9HFvlRd8Tx6q6fE8YQcHNVXAkiY9q6d+xo0rKwT38xVqr7ZD0u0iPPkUL64lIZbqBAz+scqKmlzm8FDrypNC9Yjc8fPOLn9FX9KSYvKTr4rvx3iSIlTJabIQwj2ICCR/oLxBA==" 161 }, 162 "FederatedUser": { 163 "Arn": "arn:aws:sts::123456789012:federated-user/Bob", 164 "FederatedUserId": "123456789012:Bob" 165 }, 166 "PackedPolicySize": 6 167 }, 168 "comments": { 169 "input": { 170 }, 171 "output": { 172 } 173 }, 174 "description": "", 175 "id": "to-get-temporary-credentials-for-a-role-by-using-getfederationtoken-1480540749900", 176 "title": "To get temporary credentials for a role by using GetFederationToken" 177 } 178 ], 179 "GetSessionToken": [ 180 { 181 "input": { 182 "DurationSeconds": 3600, 183 "SerialNumber": "YourMFASerialNumber", 184 "TokenCode": "123456" 185 }, 186 "output": { 187 "Credentials": { 188 "AccessKeyId": "AKIAIOSFODNN7EXAMPLE", 189 "Expiration": "2011-07-11T19:55:29.611Z", 190 "SecretAccessKey": "wJalrXUtnFEMI/K7MDENG/bPxRfiCYzEXAMPLEKEY", 191 "SessionToken": "AQoEXAMPLEH4aoAH0gNCAPyJxz4BlCFFxWNE1OPTgk5TthT+FvwqnKwRcOIfrRh3c/LTo6UDdyJwOOvEVPvLXCrrrUtdnniCEXAMPLE/IvU1dYUg2RVAJBanLiHb4IgRmpRV3zrkuWJOgQs8IZZaIv2BXIa2R4OlgkBN9bkUDNCJiBeb/AXlzBBko7b15fjrBs2+cTQtpZ3CYWFXG8C5zqx37wnOE49mRl/+OtkIKGO7fAE" 192 } 193 }, 194 "comments": { 195 "input": { 196 }, 197 "output": { 198 } 199 }, 200 "description": "", 201 "id": "to-get-temporary-credentials-for-an-iam-user-or-an-aws-account-1480540814038", 202 "title": "To get temporary credentials for an IAM user or an AWS account" 203 } 204 ] 205 } 206} 207