class AWS::IAM
* Multifactor Authentication Devices ({MFADeviceCollection}, {MFADevice})
* Signing Certificates ({SigningCertificateCollection}, {SigningCertificate})
* Server Certificates ({ServerCertificateCollection}, {ServerCertificate})
* Policies ({Policy})
* User Login Profiles ({LoginProfile})
Other useful IAM interfaces:
= Other Interfaces
information on how to work with users and groups.
See {User}, {UserCollection}, {Group} and {GroupCollection} for more
group.users.remove(user)
# remove a user from a group
group.users.add(user)
# add a user to a group
user.groups.remove(group)
# remove a user from a group
user.groups.add(group)
# add a user to a group
group = iam.groups.create(‘Developers’)
user = iam.users.create(‘JohnDoe’)
manage permissions. Users can also be organized into groups.
Each AWS account can have multiple users. Users can be used to easily
= Users & Groups
working with access keys.
See {AccessKeyCollection} and {AccessKey} for more information about
#=> { :access_key_id => ‘ID’, :secret_access_key => ‘SECRET’ }
access_key.credentials
access_key = u.access_keys.create
u = iam.users[‘someuser’]
Users can also have access keys:
old_access_key.delete
# all done, lets clean up
# go make sure everything still works …
old_access_key.deactivate!
# now disable the old access key
# go rotate your keys/credentials …
#=> { :access_key_id => ‘ID’, :secret_access_key => ‘SECRET’ }
new_access_key.credentials
new_access_key = iam.access_keys.create
# create a new access key
old_access_key = iam.access_keys.first
# get your current access key
deactivate/activate access keys.
This makes it easy to rotate keys if you need to. You can also
You can create up to 2 access for your account and 2 for each user.
= Access Keys
#=> nil
iam.account_alias
iam.remove_account_alias
You can also remove your account alias:
#=> ‘myaccountalias’
iam.account_alias
iam.account_alias = ‘myaccountalias’
You can set the account alias on the IAM interface.
Currently IAM only supports a single account alias for each AWS account.
= Account Aliases
For a complete list of summary attributes see the {#account_summary} method.
puts “Num user quota: #{summary}”
puts “Num users: #{summary}”
summary = iam.account_summary
directly from an IAM interface object.
You can get account level information about entity usage and IAM quotas
= Account Summary
:secret_access_key => ‘YOUR_SECRET_ACCESS_KEY’)
:access_key_id => ‘YOUR_ACCESS_KEY_ID’,
iam = AWS::IAM.new(
Or you can set them directly on the IAM interface:
:secret_access_key => ‘YOUR_SECRET_ACCESS_KEY’)
:access_key_id => ‘YOUR_ACCESS_KEY_ID’,
AWS.config(
AWS.config:
You can setup default credentials for all AWS services via
= Credentials
* {AWS Identity and Access Management Documentation}[http://aws.amazon.com/documentation/iam/]
* {AWS Identity and Access Management}[http://aws.amazon.com/iam/]
For more information about IAM:
AWS Identity and Access Management (IAM).
This class is the starting point for working with
def access_keys
-
(AccessKeyCollection)- Returns a collection that represents all
def access_keys AccessKeyCollection.new(:config => config) end
def account_alias
-
(String, nil)- Returns the account alias. If this account has
def account_alias account_aliases.first end
def account_alias= account_alias
-
(String)- Returns the account alias passed.
Parameters:
-
account_alias(String) --
def account_alias= account_alias account_alias.nil? ? remove_account_alias : account_aliases.create(account_alias) end
def account_aliases
- Private: -
def account_aliases AccountAliasCollection.new(:config => config) end
def account_password_policy
-
(Hash, nil)-
def account_password_policy begin policy = client.get_account_password_policy.password_policy [ :minimum_password_length, :require_symbols?, :require_numbers?, :require_uppercase_characters?, :require_lowercase_characters?, ].inject({}) do |hash,method| key = method.to_s.sub(/\?/, '').to_sym hash.merge(key => policy.send(method)) end rescue Errors::NoSuchEntity nil end end
def account_summary
-
(Hash)-
def account_summary client.get_account_summary.data[:summary_map].inject({}) do |h,(k,v)| h.merge(Core::Inflection.ruby_name(k).to_sym => v) end end
def change_password old_password, new_password
-
(nil)-
Parameters:
-
new_password(String) -- -
old_password(String) --
def change_password old_password, new_password client_opts = {} client_opts[:old_password] = old_password client_opts[:new_password] = new_password client.change_password(client_opts) nil end
def delete_account_password_policy
-
(nil)-
def delete_account_password_policy client.delete_account_password_policy nil end
def groups
-
(GroupCollection)- Returns a collection that represents all of
Other tags:
- Example: Enumerating groups -
Example: Getting a group by name -
def groups GroupCollection.new(:config => config) end
def remove_account_alias
-
(nil)-
def remove_account_alias account_aliases.each do |account_alias| account_aliases.delete(account_alias) end nil end
def server_certificates
-
(ServerCertificateCollection)- Returns a collection that
Other tags:
- Note: - Currently, Amazon Elastic Load Balancing is the only
def server_certificates ServerCertificateCollection.new(:config => config) end
def signing_certificates
-
(SigningCertificateCollection)- Returns a collection that
def signing_certificates SigningCertificateCollection.new(:config => config) end
def update_account_password_policy options = {}
-
(nil)-
Options Hash:
(**options)-
:require_lowercase_characters(Boolean) -- -
:require_uppercase_characters(Boolean) -- -
:require_numbers(Boolean) -- -
:require_symbols(Boolean) -- -
:minimum_password_length(Integer) --
Parameters:
-
options(Hash) --
def update_account_password_policy options = {} client.update_account_password_policy(options) nil end
def users
-
(UserCollection)- Returns a collection that represents all of
Other tags:
- Example: Enumerating users -
Example: Getting a user by name -
def users UserCollection.new(:config => config) end
def virtual_mfa_devices
-
(VirtualMfaDeviceCollection)- Returns a collection that
def virtual_mfa_devices VirtualMfaDeviceCollection.new(:config => config) end