Documentation ¶
Index ¶
- type AccessAdvisorUsageGranularityType
- type AccessDetail
- type AccessKey
- type AccessKeyLastUsed
- type AccessKeyMetadata
- type AssignmentStatusType
- type AttachedPermissionsBoundary
- type AttachedPolicy
- type ConcurrentModificationException
- type ContextEntry
- type ContextKeyTypeEnum
- type CredentialReportExpiredException
- type CredentialReportNotPresentException
- type CredentialReportNotReadyException
- type DeleteConflictException
- type DeletionTaskFailureReasonType
- type DeletionTaskStatusType
- type DuplicateCertificateException
- type DuplicateSSHPublicKeyException
- type EncodingType
- type EntityAlreadyExistsException
- type EntityDetails
- type EntityInfo
- type EntityTemporarilyUnmodifiableException
- type EntityType
- type ErrorDetails
- type EvaluationResult
- type GlobalEndpointTokenVersion
- type Group
- type GroupDetail
- type InstanceProfile
- type InvalidAuthenticationCodeException
- type InvalidCertificateException
- type InvalidInputException
- type InvalidPublicKeyException
- type InvalidUserTypeException
- type JobStatusType
- type KeyPairMismatchException
- type LimitExceededException
- type ListPoliciesGrantingServiceAccessEntry
- type LoginProfile
- type MFADevice
- type MalformedCertificateException
- type MalformedPolicyDocumentException
- type ManagedPolicyDetail
- type NoSuchEntityException
- type OpenIDConnectProviderListEntry
- type OpenIdIdpCommunicationErrorException
- type OrganizationsDecisionDetail
- type PasswordPolicy
- type PasswordPolicyViolationException
- type PermissionsBoundaryAttachmentType
- type PermissionsBoundaryDecisionDetail
- type Policy
- type PolicyDetail
- type PolicyEvaluationDecisionType
- type PolicyEvaluationException
- type PolicyGrantingServiceAccess
- type PolicyGroup
- type PolicyNotAttachableException
- type PolicyOwnerEntityType
- type PolicyRole
- type PolicyScopeType
- type PolicySourceType
- type PolicyType
- type PolicyUsageType
- type PolicyUser
- type PolicyVersion
- type Position
- type ReportFormatType
- type ReportGenerationLimitExceededException
- type ReportStateType
- type ResourceSpecificResult
- type Role
- type RoleDetail
- type RoleLastUsed
- type RoleUsageType
- type SAMLProviderListEntry
- type SSHPublicKey
- type SSHPublicKeyMetadata
- type ServerCertificate
- type ServerCertificateMetadata
- type ServiceFailureException
- type ServiceLastAccessed
- type ServiceNotSupportedException
- type ServiceSpecificCredential
- type ServiceSpecificCredentialMetadata
- type SigningCertificate
- type SortKeyType
- type Statement
- type StatusType
- type SummaryKeyType
- type Tag
- type TrackedActionLastAccessed
- type UnmodifiableEntityException
- type UnrecognizedPublicKeyEncodingException
- type User
- type UserDetail
- type VirtualMFADevice
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AccessAdvisorUsageGranularityType ¶
type AccessAdvisorUsageGranularityType string
const ( AccessAdvisorUsageGranularityTypeServiceLevel AccessAdvisorUsageGranularityType = "SERVICE_LEVEL" AccessAdvisorUsageGranularityTypeActionLevel AccessAdvisorUsageGranularityType = "ACTION_LEVEL" )
Enum values for AccessAdvisorUsageGranularityType
func (AccessAdvisorUsageGranularityType) Values ¶
func (AccessAdvisorUsageGranularityType) Values() []AccessAdvisorUsageGranularityType
Values returns all known values for AccessAdvisorUsageGranularityType. Note that this can be expanded in the future, and so it is only as up to date as the client.
The ordering of this slice is not guaranteed to be stable across updates.
type AccessDetail ¶
type AccessDetail struct { // The name of the service in which access was attempted. // // This member is required. ServiceName *string // The namespace of the service in which access was attempted. // // To learn the service namespace of a service, see [Actions, resources, and condition keys for Amazon Web Services services] in the Service Authorization // Reference. Choose the name of the service to view details for that service. In // the first paragraph, find the service prefix. For example, (service prefix: a4b) // . For more information about service namespaces, see [Amazon Web Services service namespaces]in the Amazon Web Services // General Reference. // // [Amazon Web Services service namespaces]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#genref-aws-service-namespaces // [Actions, resources, and condition keys for Amazon Web Services services]: https://docs.aws.amazon.com/service-authorization/latest/reference/reference_policies_actions-resources-contextkeys.html // // This member is required. ServiceNamespace *string // The path of the Organizations entity (root, organizational unit, or account) // from which an authenticated principal last attempted to access the service. // Amazon Web Services does not report unauthenticated requests. // // This field is null if no principals (IAM users, IAM roles, or root user) in the // reported Organizations entity attempted to access the service within the [tracking period]. // // [tracking period]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period EntityPath *string // The date and time, in [ISO 8601 date-time format], when an authenticated principal most recently attempted // to access the service. Amazon Web Services does not report unauthenticated // requests. // // This field is null if no principals in the reported Organizations entity // attempted to access the service within the [tracking period]. // // [tracking period]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period // [ISO 8601 date-time format]: http://www.iso.org/iso/iso8601 LastAuthenticatedTime *time.Time // The Region where the last service access attempt occurred. // // This field is null if no principals in the reported Organizations entity // attempted to access the service within the [tracking period]. // // [tracking period]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period Region *string // The number of accounts with authenticated principals (root user, IAM users, and // IAM roles) that attempted to access the service in the tracking period. TotalAuthenticatedEntities *int32 // contains filtered or unexported fields }
An object that contains details about when a principal in the reported Organizations entity last attempted to access an Amazon Web Services service. A principal can be an IAM user, an IAM role, or the Amazon Web Services account root user within the reported Organizations entity.
This data type is a response element in the GetOrganizationsAccessReport operation.
type AccessKey ¶
type AccessKey struct { // The ID for this access key. // // This member is required. AccessKeyId *string // The secret key used to sign requests. // // This member is required. SecretAccessKey *string // The status of the access key. Active means that the key is valid for API calls, // while Inactive means it is not. // // This member is required. Status StatusType // The name of the IAM user that the access key is associated with. // // This member is required. UserName *string // The date when the access key was created. CreateDate *time.Time // contains filtered or unexported fields }
Contains information about an Amazon Web Services access key.
This data type is used as a response element in the CreateAccessKey and ListAccessKeys operations.
The SecretAccessKey value is returned only in response to CreateAccessKey. You can get a secret access key only when you first create an access key; you cannot recover the secret access key later. If you lose a secret access key, you must create a new access key.
type AccessKeyLastUsed ¶
type AccessKeyLastUsed struct { // The date and time, in [ISO 8601 date-time format], when the access key was most recently used. This field // is null in the following situations: // // - The user does not have an access key. // // - An access key exists but has not been used since IAM began tracking this // information. // // - There is no sign-in data associated with the user. // // [ISO 8601 date-time format]: http://www.iso.org/iso/iso8601 // // This member is required. LastUsedDate *time.Time // The Amazon Web Services Region where this access key was most recently used. // The value for this field is "N/A" in the following situations: // // - The user does not have an access key. // // - An access key exists but has not been used since IAM began tracking this // information. // // - There is no sign-in data associated with the user. // // For more information about Amazon Web Services Regions, see [Regions and endpoints] in the Amazon Web // Services General Reference. // // [Regions and endpoints]: https://docs.aws.amazon.com/general/latest/gr/rande.html // // This member is required. Region *string // The name of the Amazon Web Services service with which this access key was most // recently used. The value of this field is "N/A" in the following situations: // // - The user does not have an access key. // // - An access key exists but has not been used since IAM started tracking this // information. // // - There is no sign-in data associated with the user. // // This member is required. ServiceName *string // contains filtered or unexported fields }
Contains information about the last time an Amazon Web Services access key was used since IAM began tracking this information on April 22, 2015.
This data type is used as a response element in the GetAccessKeyLastUsed operation.
type AccessKeyMetadata ¶
type AccessKeyMetadata struct { // The ID for this access key. AccessKeyId *string // The date when the access key was created. CreateDate *time.Time // The status of the access key. Active means that the key is valid for API calls; // Inactive means it is not. Status StatusType // The name of the IAM user that the key is associated with. UserName *string // contains filtered or unexported fields }
Contains information about an Amazon Web Services access key, without its secret key.
This data type is used as a response element in the ListAccessKeys operation.
type AssignmentStatusType ¶
type AssignmentStatusType string
const ( AssignmentStatusTypeAssigned AssignmentStatusType = "Assigned" AssignmentStatusTypeUnassigned AssignmentStatusType = "Unassigned" AssignmentStatusTypeAny AssignmentStatusType = "Any" )
Enum values for AssignmentStatusType
func (AssignmentStatusType) Values ¶
func (AssignmentStatusType) Values() []AssignmentStatusType
Values returns all known values for AssignmentStatusType. Note that this can be expanded in the future, and so it is only as up to date as the client.
The ordering of this slice is not guaranteed to be stable across updates.
type AttachedPermissionsBoundary ¶
type AttachedPermissionsBoundary struct { // The ARN of the policy used to set the permissions boundary for the user or // role. PermissionsBoundaryArn *string // The permissions boundary usage type that indicates what type of IAM resource // is used as the permissions boundary for an entity. This data type can only have // a value of Policy . PermissionsBoundaryType PermissionsBoundaryAttachmentType // contains filtered or unexported fields }
Contains information about an attached permissions boundary.
An attached permissions boundary is a managed policy that has been attached to a user or role to set the permissions boundary.
For more information about permissions boundaries, see Permissions boundaries for IAM identities in the IAM User Guide.
type AttachedPolicy ¶
type AttachedPolicy struct { // The Amazon Resource Name (ARN). ARNs are unique identifiers for Amazon Web // Services resources. // // For more information about ARNs, go to [Amazon Resource Names (ARNs)] in the Amazon Web Services General // Reference. // // [Amazon Resource Names (ARNs)]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html PolicyArn *string // The friendly name of the attached policy. PolicyName *string // contains filtered or unexported fields }
Contains information about an attached policy.
An attached policy is a managed policy that has been attached to a user, group, or role. This data type is used as a response element in the ListAttachedGroupPolicies, ListAttachedRolePolicies, ListAttachedUserPolicies, and GetAccountAuthorizationDetails operations.
For more information about managed policies, refer to Managed policies and inline policies in the IAM User Guide.
type ConcurrentModificationException ¶
type ConcurrentModificationException struct { Message *string ErrorCodeOverride *string // contains filtered or unexported fields }
The request was rejected because multiple requests to change this object were submitted simultaneously. Wait a few minutes and submit your request again.
func (*ConcurrentModificationException) Error ¶
func (e *ConcurrentModificationException) Error() string
func (*ConcurrentModificationException) ErrorCode ¶
func (e *ConcurrentModificationException) ErrorCode() string
func (*ConcurrentModificationException) ErrorFault ¶
func (e *ConcurrentModificationException) ErrorFault() smithy.ErrorFault
func (*ConcurrentModificationException) ErrorMessage ¶
func (e *ConcurrentModificationException) ErrorMessage() string
type ContextEntry ¶
type ContextEntry struct { // The full name of a condition context key, including the service prefix. For // example, aws:SourceIp or s3:VersionId . ContextKeyName *string // The data type of the value (or values) specified in the ContextKeyValues // parameter. ContextKeyType ContextKeyTypeEnum // The value (or values, if the condition context key supports multiple values) to // provide to the simulation when the key is referenced by a Condition element in // an input policy. ContextKeyValues []string // contains filtered or unexported fields }
Contains information about a condition context key. It includes the name of the key and specifies the value (or values, if the context key supports multiple values) to use in the simulation. This information is used when evaluating the Condition elements of the input policies.
This data type is used as an input parameter to SimulateCustomPolicy and SimulatePrincipalPolicy.
type ContextKeyTypeEnum ¶
type ContextKeyTypeEnum string
const ( ContextKeyTypeEnumString ContextKeyTypeEnum = "string" ContextKeyTypeEnumStringList ContextKeyTypeEnum = "stringList" ContextKeyTypeEnumNumeric ContextKeyTypeEnum = "numeric" ContextKeyTypeEnumNumericList ContextKeyTypeEnum = "numericList" ContextKeyTypeEnumBoolean ContextKeyTypeEnum = "boolean" ContextKeyTypeEnumBooleanList ContextKeyTypeEnum = "booleanList" ContextKeyTypeEnumIp ContextKeyTypeEnum = "ip" ContextKeyTypeEnumIpList ContextKeyTypeEnum = "ipList" ContextKeyTypeEnumBinary ContextKeyTypeEnum = "binary" ContextKeyTypeEnumBinaryList ContextKeyTypeEnum = "binaryList" ContextKeyTypeEnumDate ContextKeyTypeEnum = "date" ContextKeyTypeEnumDateList ContextKeyTypeEnum = "dateList" )
Enum values for ContextKeyTypeEnum
func (ContextKeyTypeEnum) Values ¶
func (ContextKeyTypeEnum) Values() []ContextKeyTypeEnum
Values returns all known values for ContextKeyTypeEnum. Note that this can be expanded in the future, and so it is only as up to date as the client.
The ordering of this slice is not guaranteed to be stable across updates.
type CredentialReportExpiredException ¶
type CredentialReportExpiredException struct { Message *string ErrorCodeOverride *string // contains filtered or unexported fields }
The request was rejected because the most recent credential report has expired. To generate a new credential report, use GenerateCredentialReport. For more information about credential report expiration, see Getting credential reportsin the IAM User Guide.
func (*CredentialReportExpiredException) Error ¶
func (e *CredentialReportExpiredException) Error() string
func (*CredentialReportExpiredException) ErrorCode ¶
func (e *CredentialReportExpiredException) ErrorCode() string
func (*CredentialReportExpiredException) ErrorFault ¶
func (e *CredentialReportExpiredException) ErrorFault() smithy.ErrorFault
func (*CredentialReportExpiredException) ErrorMessage ¶
func (e *CredentialReportExpiredException) ErrorMessage() string
type CredentialReportNotPresentException ¶
type CredentialReportNotPresentException struct { Message *string ErrorCodeOverride *string // contains filtered or unexported fields }
The request was rejected because the credential report does not exist. To generate a credential report, use GenerateCredentialReport.
func (*CredentialReportNotPresentException) Error ¶
func (e *CredentialReportNotPresentException) Error() string
func (*CredentialReportNotPresentException) ErrorCode ¶
func (e *CredentialReportNotPresentException) ErrorCode() string
func (*CredentialReportNotPresentException) ErrorFault ¶
func (e *CredentialReportNotPresentException) ErrorFault() smithy.ErrorFault
func (*CredentialReportNotPresentException) ErrorMessage ¶
func (e *CredentialReportNotPresentException) ErrorMessage() string
type CredentialReportNotReadyException ¶
type CredentialReportNotReadyException struct { Message *string ErrorCodeOverride *string // contains filtered or unexported fields }
The request was rejected because the credential report is still being generated.
func (*CredentialReportNotReadyException) Error ¶
func (e *CredentialReportNotReadyException) Error() string
func (*CredentialReportNotReadyException) ErrorCode ¶
func (e *CredentialReportNotReadyException) ErrorCode() string
func (*CredentialReportNotReadyException) ErrorFault ¶
func (e *CredentialReportNotReadyException) ErrorFault() smithy.ErrorFault
func (*CredentialReportNotReadyException) ErrorMessage ¶
func (e *CredentialReportNotReadyException) ErrorMessage() string
type DeleteConflictException ¶
type DeleteConflictException struct { Message *string ErrorCodeOverride *string // contains filtered or unexported fields }
The request was rejected because it attempted to delete a resource that has attached subordinate entities. The error message describes these entities.
func (*DeleteConflictException) Error ¶
func (e *DeleteConflictException) Error() string
func (*DeleteConflictException) ErrorCode ¶
func (e *DeleteConflictException) ErrorCode() string
func (*DeleteConflictException) ErrorFault ¶
func (e *DeleteConflictException) ErrorFault() smithy.ErrorFault
func (*DeleteConflictException) ErrorMessage ¶
func (e *DeleteConflictException) ErrorMessage() string
type DeletionTaskFailureReasonType ¶
type DeletionTaskFailureReasonType struct { // A short description of the reason that the service-linked role deletion failed. Reason *string // A list of objects that contains details about the service-linked role deletion // failure, if that information is returned by the service. If the service-linked // role has active sessions or if any resources that were used by the role have not // been deleted from the linked service, the role can't be deleted. This parameter // includes a list of the resources that are associated with the role and the // Region in which the resources are being used. RoleUsageList []RoleUsageType // contains filtered or unexported fields }
The reason that the service-linked role deletion failed.
This data type is used as a response element in the GetServiceLinkedRoleDeletionStatus operation.
type DeletionTaskStatusType ¶
type DeletionTaskStatusType string
const ( DeletionTaskStatusTypeSucceeded DeletionTaskStatusType = "SUCCEEDED" DeletionTaskStatusTypeInProgress DeletionTaskStatusType = "IN_PROGRESS" DeletionTaskStatusTypeFailed DeletionTaskStatusType = "FAILED" DeletionTaskStatusTypeNotStarted DeletionTaskStatusType = "NOT_STARTED" )
Enum values for DeletionTaskStatusType
func (DeletionTaskStatusType) Values ¶
func (DeletionTaskStatusType) Values() []DeletionTaskStatusType
Values returns all known values for DeletionTaskStatusType. Note that this can be expanded in the future, and so it is only as up to date as the client.
The ordering of this slice is not guaranteed to be stable across updates.
type DuplicateCertificateException ¶
type DuplicateCertificateException struct { Message *string ErrorCodeOverride *string // contains filtered or unexported fields }
The request was rejected because the same certificate is associated with an IAM user in the account.
func (*DuplicateCertificateException) Error ¶
func (e *DuplicateCertificateException) Error() string
func (*DuplicateCertificateException) ErrorCode ¶
func (e *DuplicateCertificateException) ErrorCode() string
func (*DuplicateCertificateException) ErrorFault ¶
func (e *DuplicateCertificateException) ErrorFault() smithy.ErrorFault
func (*DuplicateCertificateException) ErrorMessage ¶
func (e *DuplicateCertificateException) ErrorMessage() string
type DuplicateSSHPublicKeyException ¶
type DuplicateSSHPublicKeyException struct { Message *string ErrorCodeOverride *string // contains filtered or unexported fields }
The request was rejected because the SSH public key is already associated with the specified IAM user.
func (*DuplicateSSHPublicKeyException) Error ¶
func (e *DuplicateSSHPublicKeyException) Error() string
func (*DuplicateSSHPublicKeyException) ErrorCode ¶
func (e *DuplicateSSHPublicKeyException) ErrorCode() string
func (*DuplicateSSHPublicKeyException) ErrorFault ¶
func (e *DuplicateSSHPublicKeyException) ErrorFault() smithy.ErrorFault
func (*DuplicateSSHPublicKeyException) ErrorMessage ¶
func (e *DuplicateSSHPublicKeyException) ErrorMessage() string
type EncodingType ¶
type EncodingType string
const ( EncodingTypeSsh EncodingType = "SSH" EncodingTypePem EncodingType = "PEM" )
Enum values for EncodingType
func (EncodingType) Values ¶
func (EncodingType) Values() []EncodingType
Values returns all known values for EncodingType. Note that this can be expanded in the future, and so it is only as up to date as the client.
The ordering of this slice is not guaranteed to be stable across updates.
type EntityAlreadyExistsException ¶
type EntityAlreadyExistsException struct { Message *string ErrorCodeOverride *string // contains filtered or unexported fields }
The request was rejected because it attempted to create a resource that already exists.
func (*EntityAlreadyExistsException) Error ¶
func (e *EntityAlreadyExistsException) Error() string
func (*EntityAlreadyExistsException) ErrorCode ¶
func (e *EntityAlreadyExistsException) ErrorCode() string
func (*EntityAlreadyExistsException) ErrorFault ¶
func (e *EntityAlreadyExistsException) ErrorFault() smithy.ErrorFault
func (*EntityAlreadyExistsException) ErrorMessage ¶
func (e *EntityAlreadyExistsException) ErrorMessage() string
type EntityDetails ¶
type EntityDetails struct { // The EntityInfo object that contains details about the entity (user or role). // // This member is required. EntityInfo *EntityInfo // The date and time, in [ISO 8601 date-time format], when the authenticated entity last attempted to access // Amazon Web Services. Amazon Web Services does not report unauthenticated // requests. // // This field is null if no IAM entities attempted to access the service within // the [tracking period]. // // [tracking period]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period // [ISO 8601 date-time format]: http://www.iso.org/iso/iso8601 LastAuthenticated *time.Time // contains filtered or unexported fields }
An object that contains details about when the IAM entities (users or roles) were last used in an attempt to access the specified Amazon Web Services service.
This data type is a response element in the GetServiceLastAccessedDetailsWithEntities operation.
type EntityInfo ¶
type EntityInfo struct { // The Amazon Resource Name (ARN). ARNs are unique identifiers for Amazon Web // Services resources. // // For more information about ARNs, go to [Amazon Resource Names (ARNs)] in the Amazon Web Services General // Reference. // // [Amazon Resource Names (ARNs)]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html // // This member is required. Arn *string // The identifier of the entity (user or role). // // This member is required. Id *string // The name of the entity (user or role). // // This member is required. Name *string // The type of entity (user or role). // // This member is required. Type PolicyOwnerEntityType // The path to the entity (user or role). For more information about paths, see [IAM identifiers] // in the IAM User Guide. // // [IAM identifiers]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html Path *string // contains filtered or unexported fields }
Contains details about the specified entity (user or role).
This data type is an element of the EntityDetails object.
type EntityTemporarilyUnmodifiableException ¶
type EntityTemporarilyUnmodifiableException struct { Message *string ErrorCodeOverride *string // contains filtered or unexported fields }
The request was rejected because it referenced an entity that is temporarily unmodifiable, such as a user name that was deleted and then recreated. The error indicates that the request is likely to succeed if you try again after waiting several minutes. The error message describes the entity.
func (*EntityTemporarilyUnmodifiableException) Error ¶
func (e *EntityTemporarilyUnmodifiableException) Error() string
func (*EntityTemporarilyUnmodifiableException) ErrorCode ¶
func (e *EntityTemporarilyUnmodifiableException) ErrorCode() string
func (*EntityTemporarilyUnmodifiableException) ErrorFault ¶
func (e *EntityTemporarilyUnmodifiableException) ErrorFault() smithy.ErrorFault
func (*EntityTemporarilyUnmodifiableException) ErrorMessage ¶
func (e *EntityTemporarilyUnmodifiableException) ErrorMessage() string
type EntityType ¶
type EntityType string
const ( EntityTypeUser EntityType = "User" EntityTypeRole EntityType = "Role" EntityTypeGroup EntityType = "Group" EntityTypeLocalManagedPolicy EntityType = "LocalManagedPolicy" EntityTypeAWSManagedPolicy EntityType = "AWSManagedPolicy" )
Enum values for EntityType
func (EntityType) Values ¶
func (EntityType) Values() []EntityType
Values returns all known values for EntityType. Note that this can be expanded in the future, and so it is only as up to date as the client.
The ordering of this slice is not guaranteed to be stable across updates.
type ErrorDetails ¶
type ErrorDetails struct { // The error code associated with the operation failure. // // This member is required. Code *string // Detailed information about the reason that the operation failed. // // This member is required. Message *string // contains filtered or unexported fields }
Contains information about the reason that the operation failed.
This data type is used as a response element in the GetOrganizationsAccessReport, GetServiceLastAccessedDetails, and GetServiceLastAccessedDetailsWithEntities operations.
type EvaluationResult ¶
type EvaluationResult struct { // The name of the API operation tested on the indicated resource. // // This member is required. EvalActionName *string // The result of the simulation. // // This member is required. EvalDecision PolicyEvaluationDecisionType // Additional details about the results of the cross-account evaluation decision. // This parameter is populated for only cross-account simulations. It contains a // brief summary of how each policy type contributes to the final evaluation // decision. // // If the simulation evaluates policies within the same account and includes a // resource ARN, then the parameter is present but the response is empty. If the // simulation evaluates policies within the same account and specifies all // resources ( * ), then the parameter is not returned. // // When you make a cross-account request, Amazon Web Services evaluates the // request in the trusting account and the trusted account. The request is allowed // only if both evaluations return true . For more information about how policies // are evaluated, see [Evaluating policies within a single account]. // // If an Organizations SCP included in the evaluation denies access, the // simulation ends. In this case, policy evaluation does not proceed any further // and this parameter is not returned. // // [Evaluating policies within a single account]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-basics EvalDecisionDetails map[string]PolicyEvaluationDecisionType // The ARN of the resource that the indicated API operation was tested on. EvalResourceName *string // A list of the statements in the input policies that determine the result for // this scenario. Remember that even if multiple statements allow the operation on // the resource, if only one statement denies that operation, then the explicit // deny overrides any allow. In addition, the deny statement is the only entry // included in the result. MatchedStatements []Statement // A list of context keys that are required by the included input policies but // that were not provided by one of the input parameters. This list is used when // the resource in a simulation is "*", either explicitly, or when the ResourceArns // parameter blank. If you include a list of resources, then any missing context // values are instead included under the ResourceSpecificResults section. To // discover the context keys used by a set of policies, you can call GetContextKeysForCustomPolicyor GetContextKeysForPrincipalPolicy. MissingContextValues []string // A structure that details how Organizations and its service control policies // affect the results of the simulation. Only applies if the simulated user's // account is part of an organization. OrganizationsDecisionDetail *OrganizationsDecisionDetail // Contains information about the effect that a permissions boundary has on a // policy simulation when the boundary is applied to an IAM entity. PermissionsBoundaryDecisionDetail *PermissionsBoundaryDecisionDetail // The individual results of the simulation of the API operation specified in // EvalActionName on each resource. ResourceSpecificResults []ResourceSpecificResult // contains filtered or unexported fields }
Contains the results of a simulation.
This data type is used by the return parameter of SimulateCustomPolicy and SimulatePrincipalPolicy.
type GlobalEndpointTokenVersion ¶
type GlobalEndpointTokenVersion string
const ( GlobalEndpointTokenVersionV1Token GlobalEndpointTokenVersion = "v1Token" GlobalEndpointTokenVersionV2Token GlobalEndpointTokenVersion = "v2Token" )
Enum values for GlobalEndpointTokenVersion
func (GlobalEndpointTokenVersion) Values ¶
func (GlobalEndpointTokenVersion) Values() []GlobalEndpointTokenVersion
Values returns all known values for GlobalEndpointTokenVersion. Note that this can be expanded in the future, and so it is only as up to date as the client.
The ordering of this slice is not guaranteed to be stable across updates.
type Group ¶
type Group struct { // The Amazon Resource Name (ARN) specifying the group. For more information // about ARNs and how to use them in policies, see [IAM identifiers]in the IAM User Guide. // // [IAM identifiers]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html // // This member is required. Arn *string // The date and time, in [ISO 8601 date-time format], when the group was created. // // [ISO 8601 date-time format]: http://www.iso.org/iso/iso8601 // // This member is required. CreateDate *time.Time // The stable and unique string identifying the group. For more information about // IDs, see [IAM identifiers]in the IAM User Guide. // // [IAM identifiers]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html // // This member is required. GroupId *string // The friendly name that identifies the group. // // This member is required. GroupName *string // The path to the group. For more information about paths, see [IAM identifiers] in the IAM User // Guide. // // [IAM identifiers]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html // // This member is required. Path *string // contains filtered or unexported fields }
Contains information about an IAM group entity.
This data type is used as a response element in the following operations:
CreateGroup ¶
GetGroup ¶
ListGroups
type GroupDetail ¶
type GroupDetail struct { // The Amazon Resource Name (ARN). ARNs are unique identifiers for Amazon Web // Services resources. // // For more information about ARNs, go to [Amazon Resource Names (ARNs)] in the Amazon Web Services General // Reference. // // [Amazon Resource Names (ARNs)]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html Arn *string // A list of the managed policies attached to the group. AttachedManagedPolicies []AttachedPolicy // The date and time, in [ISO 8601 date-time format], when the group was created. // // [ISO 8601 date-time format]: http://www.iso.org/iso/iso8601 CreateDate *time.Time // The stable and unique string identifying the group. For more information about // IDs, see [IAM identifiers]in the IAM User Guide. // // [IAM identifiers]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html GroupId *string // The friendly name that identifies the group. GroupName *string // A list of the inline policies embedded in the group. GroupPolicyList []PolicyDetail // The path to the group. For more information about paths, see [IAM identifiers] in the IAM User // Guide. // // [IAM identifiers]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html Path *string // contains filtered or unexported fields }
Contains information about an IAM group, including all of the group's policies.
This data type is used as a response element in the GetAccountAuthorizationDetails operation.
type InstanceProfile ¶
type InstanceProfile struct { // The Amazon Resource Name (ARN) specifying the instance profile. For more // information about ARNs and how to use them in policies, see [IAM identifiers]in the IAM User // Guide. // // [IAM identifiers]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html // // This member is required. Arn *string // The date when the instance profile was created. // // This member is required. CreateDate *time.Time // The stable and unique string identifying the instance profile. For more // information about IDs, see [IAM identifiers]in the IAM User Guide. // // [IAM identifiers]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html // // This member is required. InstanceProfileId *string // The name identifying the instance profile. // // This member is required. InstanceProfileName *string // The path to the instance profile. For more information about paths, see [IAM identifiers] in // the IAM User Guide. // // [IAM identifiers]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html // // This member is required. Path *string // The role associated with the instance profile. // // This member is required. Roles []Role // A list of tags that are attached to the instance profile. For more information // about tagging, see [Tagging IAM resources]in the IAM User Guide. // // [Tagging IAM resources]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html Tags []Tag // contains filtered or unexported fields }
Contains information about an instance profile.
This data type is used as a response element in the following operations:
CreateInstanceProfile ¶
GetInstanceProfile ¶
ListInstanceProfiles ¶
ListInstanceProfilesForRole
type InvalidAuthenticationCodeException ¶
type InvalidAuthenticationCodeException struct { Message *string ErrorCodeOverride *string // contains filtered or unexported fields }
The request was rejected because the authentication code was not recognized. The error message describes the specific error.
func (*InvalidAuthenticationCodeException) Error ¶
func (e *InvalidAuthenticationCodeException) Error() string
func (*InvalidAuthenticationCodeException) ErrorCode ¶
func (e *InvalidAuthenticationCodeException) ErrorCode() string
func (*InvalidAuthenticationCodeException) ErrorFault ¶
func (e *InvalidAuthenticationCodeException) ErrorFault() smithy.ErrorFault
func (*InvalidAuthenticationCodeException) ErrorMessage ¶
func (e *InvalidAuthenticationCodeException) ErrorMessage() string
type InvalidCertificateException ¶
type InvalidCertificateException struct { Message *string ErrorCodeOverride *string // contains filtered or unexported fields }
The request was rejected because the certificate is invalid.
func (*InvalidCertificateException) Error ¶
func (e *InvalidCertificateException) Error() string
func (*InvalidCertificateException) ErrorCode ¶
func (e *InvalidCertificateException) ErrorCode() string
func (*InvalidCertificateException) ErrorFault ¶
func (e *InvalidCertificateException) ErrorFault() smithy.ErrorFault
func (*InvalidCertificateException) ErrorMessage ¶
func (e *InvalidCertificateException) ErrorMessage() string
type InvalidInputException ¶
type InvalidInputException struct { Message *string ErrorCodeOverride *string // contains filtered or unexported fields }
The request was rejected because an invalid or out-of-range value was supplied for an input parameter.
func (*InvalidInputException) Error ¶
func (e *InvalidInputException) Error() string
func (*InvalidInputException) ErrorCode ¶
func (e *InvalidInputException) ErrorCode() string
func (*InvalidInputException) ErrorFault ¶
func (e *InvalidInputException) ErrorFault() smithy.ErrorFault
func (*InvalidInputException) ErrorMessage ¶
func (e *InvalidInputException) ErrorMessage() string
type InvalidPublicKeyException ¶
type InvalidPublicKeyException struct { Message *string ErrorCodeOverride *string // contains filtered or unexported fields }
The request was rejected because the public key is malformed or otherwise invalid.
func (*InvalidPublicKeyException) Error ¶
func (e *InvalidPublicKeyException) Error() string
func (*InvalidPublicKeyException) ErrorCode ¶
func (e *InvalidPublicKeyException) ErrorCode() string
func (*InvalidPublicKeyException) ErrorFault ¶
func (e *InvalidPublicKeyException) ErrorFault() smithy.ErrorFault
func (*InvalidPublicKeyException) ErrorMessage ¶
func (e *InvalidPublicKeyException) ErrorMessage() string
type InvalidUserTypeException ¶
type InvalidUserTypeException struct { Message *string ErrorCodeOverride *string // contains filtered or unexported fields }
The request was rejected because the type of user for the transaction was incorrect.
func (*InvalidUserTypeException) Error ¶
func (e *InvalidUserTypeException) Error() string
func (*InvalidUserTypeException) ErrorCode ¶
func (e *InvalidUserTypeException) ErrorCode() string
func (*InvalidUserTypeException) ErrorFault ¶
func (e *InvalidUserTypeException) ErrorFault() smithy.ErrorFault
func (*InvalidUserTypeException) ErrorMessage ¶
func (e *InvalidUserTypeException) ErrorMessage() string
type JobStatusType ¶
type JobStatusType string
const ( JobStatusTypeInProgress JobStatusType = "IN_PROGRESS" JobStatusTypeCompleted JobStatusType = "COMPLETED" JobStatusTypeFailed JobStatusType = "FAILED" )
Enum values for JobStatusType
func (JobStatusType) Values ¶
func (JobStatusType) Values() []JobStatusType
Values returns all known values for JobStatusType. Note that this can be expanded in the future, and so it is only as up to date as the client.
The ordering of this slice is not guaranteed to be stable across updates.
type KeyPairMismatchException ¶
type KeyPairMismatchException struct { Message *string ErrorCodeOverride *string // contains filtered or unexported fields }
The request was rejected because the public key certificate and the private key do not match.
func (*KeyPairMismatchException) Error ¶
func (e *KeyPairMismatchException) Error() string
func (*KeyPairMismatchException) ErrorCode ¶
func (e *KeyPairMismatchException) ErrorCode() string
func (*KeyPairMismatchException) ErrorFault ¶
func (e *KeyPairMismatchException) ErrorFault() smithy.ErrorFault
func (*KeyPairMismatchException) ErrorMessage ¶
func (e *KeyPairMismatchException) ErrorMessage() string
type LimitExceededException ¶
type LimitExceededException struct { Message *string ErrorCodeOverride *string // contains filtered or unexported fields }
The request was rejected because it attempted to create resources beyond the current Amazon Web Services account limits. The error message describes the limit exceeded.
func (*LimitExceededException) Error ¶
func (e *LimitExceededException) Error() string
func (*LimitExceededException) ErrorCode ¶
func (e *LimitExceededException) ErrorCode() string
func (*LimitExceededException) ErrorFault ¶
func (e *LimitExceededException) ErrorFault() smithy.ErrorFault
func (*LimitExceededException) ErrorMessage ¶
func (e *LimitExceededException) ErrorMessage() string
type ListPoliciesGrantingServiceAccessEntry ¶
type ListPoliciesGrantingServiceAccessEntry struct { // The PoliciesGrantingServiceAccess object that contains details about the policy. Policies []PolicyGrantingServiceAccess // The namespace of the service that was accessed. // // To learn the service namespace of a service, see [Actions, resources, and condition keys for Amazon Web Services services] in the Service Authorization // Reference. Choose the name of the service to view details for that service. In // the first paragraph, find the service prefix. For example, (service prefix: a4b) // . For more information about service namespaces, see [Amazon Web Services service namespaces]in the Amazon Web Services // General Reference. // // [Amazon Web Services service namespaces]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#genref-aws-service-namespaces // [Actions, resources, and condition keys for Amazon Web Services services]: https://docs.aws.amazon.com/service-authorization/latest/reference/reference_policies_actions-resources-contextkeys.html ServiceNamespace *string // contains filtered or unexported fields }
Contains details about the permissions policies that are attached to the specified identity (user, group, or role).
This data type is used as a response element in the ListPoliciesGrantingServiceAccess operation.
type LoginProfile ¶
type LoginProfile struct { // The date when the password for the user was created. // // This member is required. CreateDate *time.Time // The name of the user, which can be used for signing in to the Amazon Web // Services Management Console. // // This member is required. UserName *string // Specifies whether the user is required to set a new password on next sign-in. PasswordResetRequired bool // contains filtered or unexported fields }
Contains the user name and password create date for a user.
This data type is used as a response element in the CreateLoginProfile and GetLoginProfile operations.
type MFADevice ¶
type MFADevice struct { // The date when the MFA device was enabled for the user. // // This member is required. EnableDate *time.Time // The serial number that uniquely identifies the MFA device. For virtual MFA // devices, the serial number is the device ARN. // // This member is required. SerialNumber *string // The user with whom the MFA device is associated. // // This member is required. UserName *string // contains filtered or unexported fields }
Contains information about an MFA device.
This data type is used as a response element in the ListMFADevices operation.
type MalformedCertificateException ¶
type MalformedCertificateException struct { Message *string ErrorCodeOverride *string // contains filtered or unexported fields }
The request was rejected because the certificate was malformed or expired. The error message describes the specific error.
func (*MalformedCertificateException) Error ¶
func (e *MalformedCertificateException) Error() string
func (*MalformedCertificateException) ErrorCode ¶
func (e *MalformedCertificateException) ErrorCode() string
func (*MalformedCertificateException) ErrorFault ¶
func (e *MalformedCertificateException) ErrorFault() smithy.ErrorFault
func (*MalformedCertificateException) ErrorMessage ¶
func (e *MalformedCertificateException) ErrorMessage() string
type MalformedPolicyDocumentException ¶
type MalformedPolicyDocumentException struct { Message *string ErrorCodeOverride *string // contains filtered or unexported fields }
The request was rejected because the policy document was malformed. The error message describes the specific error.
func (*MalformedPolicyDocumentException) Error ¶
func (e *MalformedPolicyDocumentException) Error() string
func (*MalformedPolicyDocumentException) ErrorCode ¶
func (e *MalformedPolicyDocumentException) ErrorCode() string
func (*MalformedPolicyDocumentException) ErrorFault ¶
func (e *MalformedPolicyDocumentException) ErrorFault() smithy.ErrorFault
func (*MalformedPolicyDocumentException) ErrorMessage ¶
func (e *MalformedPolicyDocumentException) ErrorMessage() string
type ManagedPolicyDetail ¶
type ManagedPolicyDetail struct { // The Amazon Resource Name (ARN). ARNs are unique identifiers for Amazon Web // Services resources. // // For more information about ARNs, go to [Amazon Resource Names (ARNs)] in the Amazon Web Services General // Reference. // // [Amazon Resource Names (ARNs)]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html Arn *string // The number of principal entities (users, groups, and roles) that the policy is // attached to. AttachmentCount *int32 // The date and time, in [ISO 8601 date-time format], when the policy was created. // // [ISO 8601 date-time format]: http://www.iso.org/iso/iso8601 CreateDate *time.Time // The identifier for the version of the policy that is set as the default // (operative) version. // // For more information about policy versions, see [Versioning for managed policies] in the IAM User Guide. // // [Versioning for managed policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html DefaultVersionId *string // A friendly description of the policy. Description *string // Specifies whether the policy can be attached to an IAM user, group, or role. IsAttachable bool // The path to the policy. // // For more information about paths, see [IAM identifiers] in the IAM User Guide. // // [IAM identifiers]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html Path *string // The number of entities (users and roles) for which the policy is used as the // permissions boundary. // // For more information about permissions boundaries, see [Permissions boundaries for IAM identities] in the IAM User Guide. // // [Permissions boundaries for IAM identities]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html PermissionsBoundaryUsageCount *int32 // The stable and unique string identifying the policy. // // For more information about IDs, see [IAM identifiers] in the IAM User Guide. // // [IAM identifiers]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html PolicyId *string // The friendly name (not ARN) identifying the policy. PolicyName *string // A list containing information about the versions of the policy. PolicyVersionList []PolicyVersion // The date and time, in [ISO 8601 date-time format], when the policy was last updated. // // When a policy has only one version, this field contains the date and time when // the policy was created. When a policy has more than one version, this field // contains the date and time when the most recent policy version was created. // // [ISO 8601 date-time format]: http://www.iso.org/iso/iso8601 UpdateDate *time.Time // contains filtered or unexported fields }
Contains information about a managed policy, including the policy's ARN, versions, and the number of principal entities (users, groups, and roles) that the policy is attached to.
This data type is used as a response element in the GetAccountAuthorizationDetails operation.
For more information about managed policies, see Managed policies and inline policies in the IAM User Guide.
type NoSuchEntityException ¶
type NoSuchEntityException struct { Message *string ErrorCodeOverride *string // contains filtered or unexported fields }
The request was rejected because it referenced a resource entity that does not exist. The error message describes the resource.
func (*NoSuchEntityException) Error ¶
func (e *NoSuchEntityException) Error() string
func (*NoSuchEntityException) ErrorCode ¶
func (e *NoSuchEntityException) ErrorCode() string
func (*NoSuchEntityException) ErrorFault ¶
func (e *NoSuchEntityException) ErrorFault() smithy.ErrorFault
func (*NoSuchEntityException) ErrorMessage ¶
func (e *NoSuchEntityException) ErrorMessage() string
type OpenIDConnectProviderListEntry ¶
type OpenIDConnectProviderListEntry struct { // The Amazon Resource Name (ARN). ARNs are unique identifiers for Amazon Web // Services resources. // // For more information about ARNs, go to [Amazon Resource Names (ARNs)] in the Amazon Web Services General // Reference. // // [Amazon Resource Names (ARNs)]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html Arn *string // contains filtered or unexported fields }
Contains the Amazon Resource Name (ARN) for an IAM OpenID Connect provider.
type OpenIdIdpCommunicationErrorException ¶
type OpenIdIdpCommunicationErrorException struct { Message *string ErrorCodeOverride *string // contains filtered or unexported fields }
The request failed because IAM cannot connect to the OpenID Connect identity provider URL.
func (*OpenIdIdpCommunicationErrorException) Error ¶
func (e *OpenIdIdpCommunicationErrorException) Error() string
func (*OpenIdIdpCommunicationErrorException) ErrorCode ¶
func (e *OpenIdIdpCommunicationErrorException) ErrorCode() string
func (*OpenIdIdpCommunicationErrorException) ErrorFault ¶
func (e *OpenIdIdpCommunicationErrorException) ErrorFault() smithy.ErrorFault
func (*OpenIdIdpCommunicationErrorException) ErrorMessage ¶
func (e *OpenIdIdpCommunicationErrorException) ErrorMessage() string
type OrganizationsDecisionDetail ¶
type OrganizationsDecisionDetail struct { // Specifies whether the simulated operation is allowed by the Organizations // service control policies that impact the simulated user's account. AllowedByOrganizations bool // contains filtered or unexported fields }
Contains information about the effect that Organizations has on a policy simulation.
type PasswordPolicy ¶
type PasswordPolicy struct { // Specifies whether IAM users are allowed to change their own password. Gives IAM // users permissions to iam:ChangePassword for only their user and to the // iam:GetAccountPasswordPolicy action. This option does not attach a permissions // policy to each user, rather the permissions are applied at the account-level for // all users by IAM. AllowUsersToChangePassword bool // Indicates whether passwords in the account expire. Returns true if // MaxPasswordAge contains a value greater than 0. Returns false if MaxPasswordAge // is 0 or not present. ExpirePasswords bool // Specifies whether IAM users are prevented from setting a new password via the // Amazon Web Services Management Console after their password has expired. The IAM // user cannot access the console until an administrator resets the password. IAM // users with iam:ChangePassword permission and active access keys can reset their // own expired console password using the CLI or API. HardExpiry *bool // The number of days that an IAM user password is valid. MaxPasswordAge *int32 // Minimum length to require for IAM user passwords. MinimumPasswordLength *int32 // Specifies the number of previous passwords that IAM users are prevented from // reusing. PasswordReusePrevention *int32 // Specifies whether IAM user passwords must contain at least one lowercase // character (a to z). RequireLowercaseCharacters bool // Specifies whether IAM user passwords must contain at least one numeric // character (0 to 9). RequireNumbers bool // Specifies whether IAM user passwords must contain at least one of the following // symbols: // // ! @ # $ % ^ & * ( ) _ + - = [ ] { } | ' RequireSymbols bool // Specifies whether IAM user passwords must contain at least one uppercase // character (A to Z). RequireUppercaseCharacters bool // contains filtered or unexported fields }
Contains information about the account password policy.
This data type is used as a response element in the GetAccountPasswordPolicy operation.
type PasswordPolicyViolationException ¶
type PasswordPolicyViolationException struct { Message *string ErrorCodeOverride *string // contains filtered or unexported fields }
The request was rejected because the provided password did not meet the requirements imposed by the account password policy.
func (*PasswordPolicyViolationException) Error ¶
func (e *PasswordPolicyViolationException) Error() string
func (*PasswordPolicyViolationException) ErrorCode ¶
func (e *PasswordPolicyViolationException) ErrorCode() string
func (*PasswordPolicyViolationException) ErrorFault ¶
func (e *PasswordPolicyViolationException) ErrorFault() smithy.ErrorFault
func (*PasswordPolicyViolationException) ErrorMessage ¶
func (e *PasswordPolicyViolationException) ErrorMessage() string
type PermissionsBoundaryAttachmentType ¶
type PermissionsBoundaryAttachmentType string
const (
PermissionsBoundaryAttachmentTypePolicy PermissionsBoundaryAttachmentType = "PermissionsBoundaryPolicy"
)
Enum values for PermissionsBoundaryAttachmentType
func (PermissionsBoundaryAttachmentType) Values ¶
func (PermissionsBoundaryAttachmentType) Values() []PermissionsBoundaryAttachmentType
Values returns all known values for PermissionsBoundaryAttachmentType. Note that this can be expanded in the future, and so it is only as up to date as the client.
The ordering of this slice is not guaranteed to be stable across updates.
type PermissionsBoundaryDecisionDetail ¶
type PermissionsBoundaryDecisionDetail struct { // Specifies whether an action is allowed by a permissions boundary that is // applied to an IAM entity (user or role). A value of true means that the // permissions boundary does not deny the action. This means that the policy // includes an Allow statement that matches the request. In this case, if an // identity-based policy also allows the action, the request is allowed. A value of // false means that either the requested action is not allowed (implicitly denied) // or that the action is explicitly denied by the permissions boundary. In both of // these cases, the action is not allowed, regardless of the identity-based policy. AllowedByPermissionsBoundary bool // contains filtered or unexported fields }
Contains information about the effect that a permissions boundary has on a policy simulation when the boundary is applied to an IAM entity.
type Policy ¶
type Policy struct { // The Amazon Resource Name (ARN). ARNs are unique identifiers for Amazon Web // Services resources. // // For more information about ARNs, go to [Amazon Resource Names (ARNs)] in the Amazon Web Services General // Reference. // // [Amazon Resource Names (ARNs)]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html Arn *string // The number of entities (users, groups, and roles) that the policy is attached // to. AttachmentCount *int32 // The date and time, in [ISO 8601 date-time format], when the policy was created. // // [ISO 8601 date-time format]: http://www.iso.org/iso/iso8601 CreateDate *time.Time // The identifier for the version of the policy that is set as the default version. DefaultVersionId *string // A friendly description of the policy. // // This element is included in the response to the GetPolicy operation. It is not included // in the response to the ListPoliciesoperation. Description *string // Specifies whether the policy can be attached to an IAM user, group, or role. IsAttachable bool // The path to the policy. // // For more information about paths, see [IAM identifiers] in the IAM User Guide. // // [IAM identifiers]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html Path *string // The number of entities (users and roles) for which the policy is used to set // the permissions boundary. // // For more information about permissions boundaries, see [Permissions boundaries for IAM identities] in the IAM User Guide. // // [Permissions boundaries for IAM identities]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html PermissionsBoundaryUsageCount *int32 // The stable and unique string identifying the policy. // // For more information about IDs, see [IAM identifiers] in the IAM User Guide. // // [IAM identifiers]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html PolicyId *string // The friendly name (not ARN) identifying the policy. PolicyName *string // A list of tags that are attached to the instance profile. For more information // about tagging, see [Tagging IAM resources]in the IAM User Guide. // // [Tagging IAM resources]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html Tags []Tag // The date and time, in [ISO 8601 date-time format], when the policy was last updated. // // When a policy has only one version, this field contains the date and time when // the policy was created. When a policy has more than one version, this field // contains the date and time when the most recent policy version was created. // // [ISO 8601 date-time format]: http://www.iso.org/iso/iso8601 UpdateDate *time.Time // contains filtered or unexported fields }
Contains information about a managed policy.
This data type is used as a response element in the CreatePolicy, GetPolicy, and ListPolicies operations.
For more information about managed policies, refer to Managed policies and inline policies in the IAM User Guide.
type PolicyDetail ¶
type PolicyDetail struct { // The policy document. PolicyDocument *string // The name of the policy. PolicyName *string // contains filtered or unexported fields }
Contains information about an IAM policy, including the policy document.
This data type is used as a response element in the GetAccountAuthorizationDetails operation.
type PolicyEvaluationDecisionType ¶
type PolicyEvaluationDecisionType string
const ( PolicyEvaluationDecisionTypeAllowed PolicyEvaluationDecisionType = "allowed" PolicyEvaluationDecisionTypeExplicitDeny PolicyEvaluationDecisionType = "explicitDeny" PolicyEvaluationDecisionTypeImplicitDeny PolicyEvaluationDecisionType = "implicitDeny" )
Enum values for PolicyEvaluationDecisionType
func (PolicyEvaluationDecisionType) Values ¶
func (PolicyEvaluationDecisionType) Values() []PolicyEvaluationDecisionType
Values returns all known values for PolicyEvaluationDecisionType. Note that this can be expanded in the future, and so it is only as up to date as the client.
The ordering of this slice is not guaranteed to be stable across updates.
type PolicyEvaluationException ¶
type PolicyEvaluationException struct { Message *string ErrorCodeOverride *string // contains filtered or unexported fields }
The request failed because a provided policy could not be successfully evaluated. An additional detailed message indicates the source of the failure.
func (*PolicyEvaluationException) Error ¶
func (e *PolicyEvaluationException) Error() string
func (*PolicyEvaluationException) ErrorCode ¶
func (e *PolicyEvaluationException) ErrorCode() string
func (*PolicyEvaluationException) ErrorFault ¶
func (e *PolicyEvaluationException) ErrorFault() smithy.ErrorFault
func (*PolicyEvaluationException) ErrorMessage ¶
func (e *PolicyEvaluationException) ErrorMessage() string
type PolicyGrantingServiceAccess ¶
type PolicyGrantingServiceAccess struct { // The policy name. // // This member is required. PolicyName *string // The policy type. For more information about these policy types, see [Managed policies and inline policies] in the IAM // User Guide. // // [Managed policies and inline policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html // // This member is required. PolicyType PolicyType // The name of the entity (user or role) to which the inline policy is attached. // // This field is null for managed policies. For more information about these // policy types, see [Managed policies and inline policies]in the IAM User Guide. // // [Managed policies and inline policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html EntityName *string // The type of entity (user or role) that used the policy to access the service to // which the inline policy is attached. // // This field is null for managed policies. For more information about these // policy types, see [Managed policies and inline policies]in the IAM User Guide. // // [Managed policies and inline policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html EntityType PolicyOwnerEntityType // The Amazon Resource Name (ARN). ARNs are unique identifiers for Amazon Web // Services resources. // // For more information about ARNs, go to [Amazon Resource Names (ARNs)] in the Amazon Web Services General // Reference. // // [Amazon Resource Names (ARNs)]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html PolicyArn *string // contains filtered or unexported fields }
Contains details about the permissions policies that are attached to the specified identity (user, group, or role).
This data type is an element of the ListPoliciesGrantingServiceAccessEntry object.
type PolicyGroup ¶
type PolicyGroup struct { // The stable and unique string identifying the group. For more information about // IDs, see [IAM identifiers]in the IAM User Guide. // // [IAM identifiers]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html GroupId *string // The name (friendly name, not ARN) identifying the group. GroupName *string // contains filtered or unexported fields }
Contains information about a group that a managed policy is attached to.
This data type is used as a response element in the ListEntitiesForPolicy operation.
For more information about managed policies, refer to Managed policies and inline policies in the IAM User Guide.
type PolicyNotAttachableException ¶
type PolicyNotAttachableException struct { Message *string ErrorCodeOverride *string // contains filtered or unexported fields }
The request failed because Amazon Web Services service role policies can only be attached to the service-linked role for that service.
func (*PolicyNotAttachableException) Error ¶
func (e *PolicyNotAttachableException) Error() string
func (*PolicyNotAttachableException) ErrorCode ¶
func (e *PolicyNotAttachableException) ErrorCode() string
func (*PolicyNotAttachableException) ErrorFault ¶
func (e *PolicyNotAttachableException) ErrorFault() smithy.ErrorFault
func (*PolicyNotAttachableException) ErrorMessage ¶
func (e *PolicyNotAttachableException) ErrorMessage() string
type PolicyOwnerEntityType ¶
type PolicyOwnerEntityType string
const ( PolicyOwnerEntityTypeUser PolicyOwnerEntityType = "USER" PolicyOwnerEntityTypeRole PolicyOwnerEntityType = "ROLE" PolicyOwnerEntityTypeGroup PolicyOwnerEntityType = "GROUP" )
Enum values for PolicyOwnerEntityType
func (PolicyOwnerEntityType) Values ¶
func (PolicyOwnerEntityType) Values() []PolicyOwnerEntityType
Values returns all known values for PolicyOwnerEntityType. Note that this can be expanded in the future, and so it is only as up to date as the client.
The ordering of this slice is not guaranteed to be stable across updates.
type PolicyRole ¶
type PolicyRole struct { // The stable and unique string identifying the role. For more information about // IDs, see [IAM identifiers]in the IAM User Guide. // // [IAM identifiers]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html RoleId *string // The name (friendly name, not ARN) identifying the role. RoleName *string // contains filtered or unexported fields }
Contains information about a role that a managed policy is attached to.
This data type is used as a response element in the ListEntitiesForPolicy operation.
For more information about managed policies, refer to Managed policies and inline policies in the IAM User Guide.
type PolicyScopeType ¶
type PolicyScopeType string
const ( PolicyScopeTypeAll PolicyScopeType = "All" PolicyScopeTypeAws PolicyScopeType = "AWS" PolicyScopeTypeLocal PolicyScopeType = "Local" )
Enum values for PolicyScopeType
func (PolicyScopeType) Values ¶
func (PolicyScopeType) Values() []PolicyScopeType
Values returns all known values for PolicyScopeType. Note that this can be expanded in the future, and so it is only as up to date as the client.
The ordering of this slice is not guaranteed to be stable across updates.
type PolicySourceType ¶
type PolicySourceType string
const ( PolicySourceTypeUser PolicySourceType = "user" PolicySourceTypeGroup PolicySourceType = "group" PolicySourceTypeRole PolicySourceType = "role" PolicySourceTypeAwsManaged PolicySourceType = "aws-managed" PolicySourceTypeUserManaged PolicySourceType = "user-managed" PolicySourceTypeResource PolicySourceType = "resource" PolicySourceTypeNone PolicySourceType = "none" )
Enum values for PolicySourceType
func (PolicySourceType) Values ¶
func (PolicySourceType) Values() []PolicySourceType
Values returns all known values for PolicySourceType. Note that this can be expanded in the future, and so it is only as up to date as the client.
The ordering of this slice is not guaranteed to be stable across updates.
type PolicyType ¶
type PolicyType string
const ( PolicyTypeInline PolicyType = "INLINE" PolicyTypeManaged PolicyType = "MANAGED" )
Enum values for PolicyType
func (PolicyType) Values ¶
func (PolicyType) Values() []PolicyType
Values returns all known values for PolicyType. Note that this can be expanded in the future, and so it is only as up to date as the client.
The ordering of this slice is not guaranteed to be stable across updates.
type PolicyUsageType ¶
type PolicyUsageType string
const ( PolicyUsageTypePermissionsPolicy PolicyUsageType = "PermissionsPolicy" PolicyUsageTypePermissionsBoundary PolicyUsageType = "PermissionsBoundary" )
Enum values for PolicyUsageType
func (PolicyUsageType) Values ¶
func (PolicyUsageType) Values() []PolicyUsageType
Values returns all known values for PolicyUsageType. Note that this can be expanded in the future, and so it is only as up to date as the client.
The ordering of this slice is not guaranteed to be stable across updates.
type PolicyUser ¶
type PolicyUser struct { // The stable and unique string identifying the user. For more information about // IDs, see [IAM identifiers]in the IAM User Guide. // // [IAM identifiers]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html UserId *string // The name (friendly name, not ARN) identifying the user. UserName *string // contains filtered or unexported fields }
Contains information about a user that a managed policy is attached to.
This data type is used as a response element in the ListEntitiesForPolicy operation.
For more information about managed policies, refer to Managed policies and inline policies in the IAM User Guide.
type PolicyVersion ¶
type PolicyVersion struct { // The date and time, in [ISO 8601 date-time format], when the policy version was created. // // [ISO 8601 date-time format]: http://www.iso.org/iso/iso8601 CreateDate *time.Time // The policy document. // // The policy document is returned in the response to the GetPolicyVersion and GetAccountAuthorizationDetails operations. It is // not returned in the response to the CreatePolicyVersionor ListPolicyVersions operations. // // The policy document returned in this structure is URL-encoded compliant with [RFC 3986]. // You can use a URL decoding method to convert the policy back to plain JSON text. // For example, if you use Java, you can use the decode method of the // java.net.URLDecoder utility class in the Java SDK. Other languages and SDKs // provide similar functionality. // // [RFC 3986]: https://tools.ietf.org/html/rfc3986 Document *string // Specifies whether the policy version is set as the policy's default version. IsDefaultVersion bool // The identifier for the policy version. // // Policy version identifiers always begin with v (always lowercase). When a // policy is created, the first policy version is v1 . VersionId *string // contains filtered or unexported fields }
Contains information about a version of a managed policy.
This data type is used as a response element in the CreatePolicyVersion, GetPolicyVersion, ListPolicyVersions, and GetAccountAuthorizationDetails operations.
For more information about managed policies, refer to Managed policies and inline policies in the IAM User Guide.
type Position ¶
type Position struct { // The column in the line containing the specified position in the document. Column int32 // The line containing the specified position in the document. Line int32 // contains filtered or unexported fields }
Contains the row and column of a location of a Statement element in a policy document.
This data type is used as a member of the Statement type.
type ReportFormatType ¶
type ReportFormatType string
const (
ReportFormatTypeTextCsv ReportFormatType = "text/csv"
)
Enum values for ReportFormatType
func (ReportFormatType) Values ¶
func (ReportFormatType) Values() []ReportFormatType
Values returns all known values for ReportFormatType. Note that this can be expanded in the future, and so it is only as up to date as the client.
The ordering of this slice is not guaranteed to be stable across updates.
type ReportGenerationLimitExceededException ¶
type ReportGenerationLimitExceededException struct { Message *string ErrorCodeOverride *string // contains filtered or unexported fields }
The request failed because the maximum number of concurrent requests for this account are already running.
func (*ReportGenerationLimitExceededException) Error ¶
func (e *ReportGenerationLimitExceededException) Error() string
func (*ReportGenerationLimitExceededException) ErrorCode ¶
func (e *ReportGenerationLimitExceededException) ErrorCode() string
func (*ReportGenerationLimitExceededException) ErrorFault ¶
func (e *ReportGenerationLimitExceededException) ErrorFault() smithy.ErrorFault
func (*ReportGenerationLimitExceededException) ErrorMessage ¶
func (e *ReportGenerationLimitExceededException) ErrorMessage() string
type ReportStateType ¶
type ReportStateType string
const ( ReportStateTypeStarted ReportStateType = "STARTED" ReportStateTypeInprogress ReportStateType = "INPROGRESS" ReportStateTypeComplete ReportStateType = "COMPLETE" )
Enum values for ReportStateType
func (ReportStateType) Values ¶
func (ReportStateType) Values() []ReportStateType
Values returns all known values for ReportStateType. Note that this can be expanded in the future, and so it is only as up to date as the client.
The ordering of this slice is not guaranteed to be stable across updates.
type ResourceSpecificResult ¶
type ResourceSpecificResult struct { // The result of the simulation of the simulated API operation on the resource // specified in EvalResourceName . // // This member is required. EvalResourceDecision PolicyEvaluationDecisionType // The name of the simulated resource, in Amazon Resource Name (ARN) format. // // This member is required. EvalResourceName *string // Additional details about the results of the evaluation decision on a single // resource. This parameter is returned only for cross-account simulations. This // parameter explains how each policy type contributes to the resource-specific // evaluation decision. EvalDecisionDetails map[string]PolicyEvaluationDecisionType // A list of the statements in the input policies that determine the result for // this part of the simulation. Remember that even if multiple statements allow the // operation on the resource, if any statement denies that operation, then the // explicit deny overrides any allow. In addition, the deny statement is the only // entry included in the result. MatchedStatements []Statement // A list of context keys that are required by the included input policies but // that were not provided by one of the input parameters. This list is used when a // list of ARNs is included in the ResourceArns parameter instead of "*". If you // do not specify individual resources, by setting ResourceArns to "*" or by not // including the ResourceArns parameter, then any missing context values are // instead included under the EvaluationResults section. To discover the context // keys used by a set of policies, you can call GetContextKeysForCustomPolicyor GetContextKeysForPrincipalPolicy. MissingContextValues []string // Contains information about the effect that a permissions boundary has on a // policy simulation when that boundary is applied to an IAM entity. PermissionsBoundaryDecisionDetail *PermissionsBoundaryDecisionDetail // contains filtered or unexported fields }
Contains the result of the simulation of a single API operation call on a single resource.
This data type is used by a member of the EvaluationResult data type.
type Role ¶
type Role struct { // The Amazon Resource Name (ARN) specifying the role. For more information about // ARNs and how to use them in policies, see [IAM identifiers]in the IAM User Guide guide. // // [IAM identifiers]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html // // This member is required. Arn *string // The date and time, in [ISO 8601 date-time format], when the role was created. // // [ISO 8601 date-time format]: http://www.iso.org/iso/iso8601 // // This member is required. CreateDate *time.Time // The path to the role. For more information about paths, see [IAM identifiers] in the IAM User // Guide. // // [IAM identifiers]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html // // This member is required. Path *string // The stable and unique string identifying the role. For more information about // IDs, see [IAM identifiers]in the IAM User Guide. // // [IAM identifiers]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html // // This member is required. RoleId *string // The friendly name that identifies the role. // // This member is required. RoleName *string // The policy that grants an entity permission to assume the role. AssumeRolePolicyDocument *string // A description of the role that you provide. Description *string // The maximum session duration (in seconds) for the specified role. Anyone who // uses the CLI, or API to assume the role can specify the duration using the // optional DurationSeconds API parameter or duration-seconds CLI parameter. MaxSessionDuration *int32 // The ARN of the policy used to set the permissions boundary for the role. // // For more information about permissions boundaries, see [Permissions boundaries for IAM identities] in the IAM User Guide. // // [Permissions boundaries for IAM identities]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html PermissionsBoundary *AttachedPermissionsBoundary // Contains information about the last time that an IAM role was used. This // includes the date and time and the Region in which the role was last used. // Activity is only reported for the trailing 400 days. This period can be shorter // if your Region began supporting these features within the last year. The role // might have been used more than 400 days ago. For more information, see [Regions where data is tracked]in the // IAM user Guide. // // [Regions where data is tracked]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#access-advisor_tracking-period RoleLastUsed *RoleLastUsed // A list of tags that are attached to the role. For more information about // tagging, see [Tagging IAM resources]in the IAM User Guide. // // [Tagging IAM resources]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html Tags []Tag // contains filtered or unexported fields }
Contains information about an IAM role. This structure is returned as a response element in several API operations that interact with roles.
type RoleDetail ¶
type RoleDetail struct { // The Amazon Resource Name (ARN). ARNs are unique identifiers for Amazon Web // Services resources. // // For more information about ARNs, go to [Amazon Resource Names (ARNs)] in the Amazon Web Services General // Reference. // // [Amazon Resource Names (ARNs)]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html Arn *string // The trust policy that grants permission to assume the role. AssumeRolePolicyDocument *string // A list of managed policies attached to the role. These policies are the role's // access (permissions) policies. AttachedManagedPolicies []AttachedPolicy // The date and time, in [ISO 8601 date-time format], when the role was created. // // [ISO 8601 date-time format]: http://www.iso.org/iso/iso8601 CreateDate *time.Time // A list of instance profiles that contain this role. InstanceProfileList []InstanceProfile // The path to the role. For more information about paths, see [IAM identifiers] in the IAM User // Guide. // // [IAM identifiers]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html Path *string // The ARN of the policy used to set the permissions boundary for the role. // // For more information about permissions boundaries, see [Permissions boundaries for IAM identities] in the IAM User Guide. // // [Permissions boundaries for IAM identities]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html PermissionsBoundary *AttachedPermissionsBoundary // The stable and unique string identifying the role. For more information about // IDs, see [IAM identifiers]in the IAM User Guide. // // [IAM identifiers]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html RoleId *string // Contains information about the last time that an IAM role was used. This // includes the date and time and the Region in which the role was last used. // Activity is only reported for the trailing 400 days. This period can be shorter // if your Region began supporting these features within the last year. The role // might have been used more than 400 days ago. For more information, see [Regions where data is tracked]in the // IAM User Guide. // // [Regions where data is tracked]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#access-advisor_tracking-period RoleLastUsed *RoleLastUsed // The friendly name that identifies the role. RoleName *string // A list of inline policies embedded in the role. These policies are the role's // access (permissions) policies. RolePolicyList []PolicyDetail // A list of tags that are attached to the role. For more information about // tagging, see [Tagging IAM resources]in the IAM User Guide. // // [Tagging IAM resources]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html Tags []Tag // contains filtered or unexported fields }
Contains information about an IAM role, including all of the role's policies.
This data type is used as a response element in the GetAccountAuthorizationDetails operation.
type RoleLastUsed ¶
type RoleLastUsed struct { // The date and time, in [ISO 8601 date-time format] that the role was last used. // // This field is null if the role has not been used within the IAM tracking // period. For more information about the tracking period, see [Regions where data is tracked]in the IAM User // Guide. // // [ISO 8601 date-time format]: http://www.iso.org/iso/iso8601 // [Regions where data is tracked]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#access-advisor_tracking-period LastUsedDate *time.Time // The name of the Amazon Web Services Region in which the role was last used. Region *string // contains filtered or unexported fields }
Contains information about the last time that an IAM role was used. This includes the date and time and the Region in which the role was last used. Activity is only reported for the trailing 400 days. This period can be shorter if your Region began supporting these features within the last year. The role might have been used more than 400 days ago. For more information, see Regions where data is trackedin the IAM user Guide.
This data type is returned as a response element in the GetRole and GetAccountAuthorizationDetails operations.
type RoleUsageType ¶
type RoleUsageType struct { // The name of the Region where the service-linked role is being used. Region *string // The name of the resource that is using the service-linked role. Resources []string // contains filtered or unexported fields }
An object that contains details about how a service-linked role is used, if that information is returned by the service.
This data type is used as a response element in the GetServiceLinkedRoleDeletionStatus operation.
type SAMLProviderListEntry ¶
type SAMLProviderListEntry struct { // The Amazon Resource Name (ARN) of the SAML provider. Arn *string // The date and time when the SAML provider was created. CreateDate *time.Time // The expiration date and time for the SAML provider. ValidUntil *time.Time // contains filtered or unexported fields }
Contains the list of SAML providers for this account.
type SSHPublicKey ¶
type SSHPublicKey struct { // The MD5 message digest of the SSH public key. // // This member is required. Fingerprint *string // The SSH public key. // // This member is required. SSHPublicKeyBody *string // The unique identifier for the SSH public key. // // This member is required. SSHPublicKeyId *string // The status of the SSH public key. Active means that the key can be used for // authentication with an CodeCommit repository. Inactive means that the key // cannot be used. // // This member is required. Status StatusType // The name of the IAM user associated with the SSH public key. // // This member is required. UserName *string // The date and time, in [ISO 8601 date-time format], when the SSH public key was uploaded. // // [ISO 8601 date-time format]: http://www.iso.org/iso/iso8601 UploadDate *time.Time // contains filtered or unexported fields }
Contains information about an SSH public key.
This data type is used as a response element in the GetSSHPublicKey and UploadSSHPublicKey operations.
type SSHPublicKeyMetadata ¶
type SSHPublicKeyMetadata struct { // The unique identifier for the SSH public key. // // This member is required. SSHPublicKeyId *string // The status of the SSH public key. Active means that the key can be used for // authentication with an CodeCommit repository. Inactive means that the key // cannot be used. // // This member is required. Status StatusType // The date and time, in [ISO 8601 date-time format], when the SSH public key was uploaded. // // [ISO 8601 date-time format]: http://www.iso.org/iso/iso8601 // // This member is required. UploadDate *time.Time // The name of the IAM user associated with the SSH public key. // // This member is required. UserName *string // contains filtered or unexported fields }
Contains information about an SSH public key, without the key's body or fingerprint.
This data type is used as a response element in the ListSSHPublicKeys operation.
type ServerCertificate ¶
type ServerCertificate struct { // The contents of the public key certificate. // // This member is required. CertificateBody *string // The meta information of the server certificate, such as its name, path, ID, and // ARN. // // This member is required. ServerCertificateMetadata *ServerCertificateMetadata // The contents of the public key certificate chain. CertificateChain *string // A list of tags that are attached to the server certificate. For more // information about tagging, see [Tagging IAM resources]in the IAM User Guide. // // [Tagging IAM resources]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html Tags []Tag // contains filtered or unexported fields }
Contains information about a server certificate.
This data type is used as a response element in the GetServerCertificate operation.
type ServerCertificateMetadata ¶
type ServerCertificateMetadata struct { // The Amazon Resource Name (ARN) specifying the server certificate. For more // information about ARNs and how to use them in policies, see [IAM identifiers]in the IAM User // Guide. // // [IAM identifiers]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html // // This member is required. Arn *string // The path to the server certificate. For more information about paths, see [IAM identifiers] in // the IAM User Guide. // // [IAM identifiers]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html // // This member is required. Path *string // The stable and unique string identifying the server certificate. For more // information about IDs, see [IAM identifiers]in the IAM User Guide. // // [IAM identifiers]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html // // This member is required. ServerCertificateId *string // The name that identifies the server certificate. // // This member is required. ServerCertificateName *string // The date on which the certificate is set to expire. Expiration *time.Time // The date when the server certificate was uploaded. UploadDate *time.Time // contains filtered or unexported fields }
Contains information about a server certificate without its certificate body, certificate chain, and private key.
This data type is used as a response element in the UploadServerCertificate and ListServerCertificates operations.
type ServiceFailureException ¶
type ServiceFailureException struct { Message *string ErrorCodeOverride *string // contains filtered or unexported fields }
The request processing has failed because of an unknown error, exception or failure.
func (*ServiceFailureException) Error ¶
func (e *ServiceFailureException) Error() string
func (*ServiceFailureException) ErrorCode ¶
func (e *ServiceFailureException) ErrorCode() string
func (*ServiceFailureException) ErrorFault ¶
func (e *ServiceFailureException) ErrorFault() smithy.ErrorFault
func (*ServiceFailureException) ErrorMessage ¶
func (e *ServiceFailureException) ErrorMessage() string
type ServiceLastAccessed ¶
type ServiceLastAccessed struct { // The name of the service in which access was attempted. // // This member is required. ServiceName *string // The namespace of the service in which access was attempted. // // To learn the service namespace of a service, see [Actions, resources, and condition keys for Amazon Web Services services] in the Service Authorization // Reference. Choose the name of the service to view details for that service. In // the first paragraph, find the service prefix. For example, (service prefix: a4b) // . For more information about service namespaces, see [Amazon Web Services Service Namespaces]in the Amazon Web Services // General Reference. // // [Amazon Web Services Service Namespaces]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#genref-aws-service-namespaces // [Actions, resources, and condition keys for Amazon Web Services services]: https://docs.aws.amazon.com/service-authorization/latest/reference/reference_policies_actions-resources-contextkeys.html // // This member is required. ServiceNamespace *string // The date and time, in [ISO 8601 date-time format], when an authenticated entity most recently attempted to // access the service. Amazon Web Services does not report unauthenticated // requests. // // This field is null if no IAM entities attempted to access the service within // the [tracking period]. // // [tracking period]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period // [ISO 8601 date-time format]: http://www.iso.org/iso/iso8601 LastAuthenticated *time.Time // The ARN of the authenticated entity (user or role) that last attempted to // access the service. Amazon Web Services does not report unauthenticated // requests. // // This field is null if no IAM entities attempted to access the service within // the [tracking period]. // // [tracking period]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period LastAuthenticatedEntity *string // The Region from which the authenticated entity (user or role) last attempted to // access the service. Amazon Web Services does not report unauthenticated // requests. // // This field is null if no IAM entities attempted to access the service within // the [tracking period]. // // [tracking period]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period LastAuthenticatedRegion *string // The total number of authenticated principals (root user, IAM users, or IAM // roles) that have attempted to access the service. // // This field is null if no principals attempted to access the service within the [tracking period]. // // [tracking period]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period TotalAuthenticatedEntities *int32 // An object that contains details about the most recent attempt to access a // tracked action within the service. // // This field is null if there no tracked actions or if the principal did not use // the tracked actions within the [tracking period]. This field is also null if the report was // generated at the service level and not the action level. For more information, // see the Granularity field in GenerateServiceLastAccessedDetails. // // [tracking period]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period TrackedActionsLastAccessed []TrackedActionLastAccessed // contains filtered or unexported fields }
Contains details about the most recent attempt to access the service.
This data type is used as a response element in the GetServiceLastAccessedDetails operation.
type ServiceNotSupportedException ¶
type ServiceNotSupportedException struct { Message *string ErrorCodeOverride *string // contains filtered or unexported fields }
The specified service does not support service-specific credentials.
func (*ServiceNotSupportedException) Error ¶
func (e *ServiceNotSupportedException) Error() string
func (*ServiceNotSupportedException) ErrorCode ¶
func (e *ServiceNotSupportedException) ErrorCode() string
func (*ServiceNotSupportedException) ErrorFault ¶
func (e *ServiceNotSupportedException) ErrorFault() smithy.ErrorFault
func (*ServiceNotSupportedException) ErrorMessage ¶
func (e *ServiceNotSupportedException) ErrorMessage() string
type ServiceSpecificCredential ¶
type ServiceSpecificCredential struct { // The date and time, in [ISO 8601 date-time format], when the service-specific credential were created. // // [ISO 8601 date-time format]: http://www.iso.org/iso/iso8601 // // This member is required. CreateDate *time.Time // The name of the service associated with the service-specific credential. // // This member is required. ServiceName *string // The generated password for the service-specific credential. // // This member is required. ServicePassword *string // The unique identifier for the service-specific credential. // // This member is required. ServiceSpecificCredentialId *string // The generated user name for the service-specific credential. This value is // generated by combining the IAM user's name combined with the ID number of the // Amazon Web Services account, as in jane-at-123456789012 , for example. This // value cannot be configured by the user. // // This member is required. ServiceUserName *string // The status of the service-specific credential. Active means that the key is // valid for API calls, while Inactive means it is not. // // This member is required. Status StatusType // The name of the IAM user associated with the service-specific credential. // // This member is required. UserName *string // contains filtered or unexported fields }
Contains the details of a service-specific credential.
type ServiceSpecificCredentialMetadata ¶
type ServiceSpecificCredentialMetadata struct { // The date and time, in [ISO 8601 date-time format], when the service-specific credential were created. // // [ISO 8601 date-time format]: http://www.iso.org/iso/iso8601 // // This member is required. CreateDate *time.Time // The name of the service associated with the service-specific credential. // // This member is required. ServiceName *string // The unique identifier for the service-specific credential. // // This member is required. ServiceSpecificCredentialId *string // The generated user name for the service-specific credential. // // This member is required. ServiceUserName *string // The status of the service-specific credential. Active means that the key is // valid for API calls, while Inactive means it is not. // // This member is required. Status StatusType // The name of the IAM user associated with the service-specific credential. // // This member is required. UserName *string // contains filtered or unexported fields }
Contains additional details about a service-specific credential.
type SigningCertificate ¶
type SigningCertificate struct { // The contents of the signing certificate. // // This member is required. CertificateBody *string // The ID for the signing certificate. // // This member is required. CertificateId *string // The status of the signing certificate. Active means that the key is valid for // API calls, while Inactive means it is not. // // This member is required. Status StatusType // The name of the user the signing certificate is associated with. // // This member is required. UserName *string // The date when the signing certificate was uploaded. UploadDate *time.Time // contains filtered or unexported fields }
Contains information about an X.509 signing certificate.
This data type is used as a response element in the UploadSigningCertificate and ListSigningCertificates operations.
type SortKeyType ¶
type SortKeyType string
const ( SortKeyTypeServiceNamespaceAscending SortKeyType = "SERVICE_NAMESPACE_ASCENDING" SortKeyTypeServiceNamespaceDescending SortKeyType = "SERVICE_NAMESPACE_DESCENDING" SortKeyTypeLastAuthenticatedTimeAscending SortKeyType = "LAST_AUTHENTICATED_TIME_ASCENDING" SortKeyTypeLastAuthenticatedTimeDescending SortKeyType = "LAST_AUTHENTICATED_TIME_DESCENDING" )
Enum values for SortKeyType
func (SortKeyType) Values ¶
func (SortKeyType) Values() []SortKeyType
Values returns all known values for SortKeyType. Note that this can be expanded in the future, and so it is only as up to date as the client.
The ordering of this slice is not guaranteed to be stable across updates.
type Statement ¶
type Statement struct { // The row and column of the end of a Statement in an IAM policy. EndPosition *Position // The identifier of the policy that was provided as an input. SourcePolicyId *string // The type of the policy. SourcePolicyType PolicySourceType // The row and column of the beginning of the Statement in an IAM policy. StartPosition *Position // contains filtered or unexported fields }
Contains a reference to a Statement element in a policy document that determines the result of the simulation.
This data type is used by the MatchedStatements member of the EvaluationResult type.
type StatusType ¶
type StatusType string
const ( StatusTypeActive StatusType = "Active" StatusTypeInactive StatusType = "Inactive" )
Enum values for StatusType
func (StatusType) Values ¶
func (StatusType) Values() []StatusType
Values returns all known values for StatusType. Note that this can be expanded in the future, and so it is only as up to date as the client.
The ordering of this slice is not guaranteed to be stable across updates.
type SummaryKeyType ¶
type SummaryKeyType string
const ( SummaryKeyTypeUsers SummaryKeyType = "Users" SummaryKeyTypeUsersQuota SummaryKeyType = "UsersQuota" SummaryKeyTypeGroups SummaryKeyType = "Groups" SummaryKeyTypeGroupsQuota SummaryKeyType = "GroupsQuota" SummaryKeyTypeServerCertificates SummaryKeyType = "ServerCertificates" SummaryKeyTypeServerCertificatesQuota SummaryKeyType = "ServerCertificatesQuota" SummaryKeyTypeUserPolicySizeQuota SummaryKeyType = "UserPolicySizeQuota" SummaryKeyTypeGroupPolicySizeQuota SummaryKeyType = "GroupPolicySizeQuota" SummaryKeyTypeGroupsPerUserQuota SummaryKeyType = "GroupsPerUserQuota" SummaryKeyTypeSigningCertificatesPerUserQuota SummaryKeyType = "SigningCertificatesPerUserQuota" SummaryKeyTypeAccessKeysPerUserQuota SummaryKeyType = "AccessKeysPerUserQuota" SummaryKeyTypeMFADevices SummaryKeyType = "MFADevices" SummaryKeyTypeMFADevicesInUse SummaryKeyType = "MFADevicesInUse" SummaryKeyTypeAccountMFAEnabled SummaryKeyType = "AccountMFAEnabled" SummaryKeyTypeAccountAccessKeysPresent SummaryKeyType = "AccountAccessKeysPresent" SummaryKeyTypeAccountSigningCertificatesPresent SummaryKeyType = "AccountSigningCertificatesPresent" SummaryKeyTypeAttachedPoliciesPerGroupQuota SummaryKeyType = "AttachedPoliciesPerGroupQuota" SummaryKeyTypeAttachedPoliciesPerRoleQuota SummaryKeyType = "AttachedPoliciesPerRoleQuota" SummaryKeyTypeAttachedPoliciesPerUserQuota SummaryKeyType = "AttachedPoliciesPerUserQuota" SummaryKeyTypePolicies SummaryKeyType = "Policies" SummaryKeyTypePoliciesQuota SummaryKeyType = "PoliciesQuota" SummaryKeyTypePolicySizeQuota SummaryKeyType = "PolicySizeQuota" SummaryKeyTypePolicyVersionsInUse SummaryKeyType = "PolicyVersionsInUse" SummaryKeyTypePolicyVersionsInUseQuota SummaryKeyType = "PolicyVersionsInUseQuota" SummaryKeyTypeVersionsPerPolicyQuota SummaryKeyType = "VersionsPerPolicyQuota" SummaryKeyTypeGlobalEndpointTokenVersion SummaryKeyType = "GlobalEndpointTokenVersion" )
Enum values for SummaryKeyType
func (SummaryKeyType) Values ¶
func (SummaryKeyType) Values() []SummaryKeyType
Values returns all known values for SummaryKeyType. Note that this can be expanded in the future, and so it is only as up to date as the client.
The ordering of this slice is not guaranteed to be stable across updates.
type Tag ¶
type Tag struct { // The key name that can be used to look up or retrieve the associated value. For // example, Department or Cost Center are common choices. // // This member is required. Key *string // The value associated with this tag. For example, tags with a key name of // Department could have values such as Human Resources , Accounting , and Support // . Tags with a key name of Cost Center might have values that consist of the // number associated with the different cost centers in your company. Typically, // many resources have tags with the same key name but with different values. // // Amazon Web Services always interprets the tag Value as a single string. If you // need to store an array, you can store comma-separated values in the string. // However, you must interpret the value in your code. // // This member is required. Value *string // contains filtered or unexported fields }
A structure that represents user-provided metadata that can be associated with an IAM resource. For more information about tagging, see Tagging IAM resourcesin the IAM User Guide.
type TrackedActionLastAccessed ¶
type TrackedActionLastAccessed struct { // The name of the tracked action to which access was attempted. Tracked actions // are actions that report activity to IAM. ActionName *string // The Amazon Resource Name (ARN). ARNs are unique identifiers for Amazon Web // Services resources. // // For more information about ARNs, go to [Amazon Resource Names (ARNs)] in the Amazon Web Services General // Reference. // // [Amazon Resource Names (ARNs)]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html LastAccessedEntity *string // The Region from which the authenticated entity (user or role) last attempted to // access the tracked action. Amazon Web Services does not report unauthenticated // requests. // // This field is null if no IAM entities attempted to access the service within // the [tracking period]. // // [tracking period]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period LastAccessedRegion *string // The date and time, in [ISO 8601 date-time format], when an authenticated entity most recently attempted to // access the tracked service. Amazon Web Services does not report unauthenticated // requests. // // This field is null if no IAM entities attempted to access the service within // the [tracking period]. // // [tracking period]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period // [ISO 8601 date-time format]: http://www.iso.org/iso/iso8601 LastAccessedTime *time.Time // contains filtered or unexported fields }
Contains details about the most recent attempt to access an action within the service.
This data type is used as a response element in the GetServiceLastAccessedDetails operation.
type UnmodifiableEntityException ¶
type UnmodifiableEntityException struct { Message *string ErrorCodeOverride *string // contains filtered or unexported fields }
The request was rejected because service-linked roles are protected Amazon Web Services resources. Only the service that depends on the service-linked role can modify or delete the role on your behalf. The error message includes the name of the service that depends on this service-linked role. You must request the change through that service.
func (*UnmodifiableEntityException) Error ¶
func (e *UnmodifiableEntityException) Error() string
func (*UnmodifiableEntityException) ErrorCode ¶
func (e *UnmodifiableEntityException) ErrorCode() string
func (*UnmodifiableEntityException) ErrorFault ¶
func (e *UnmodifiableEntityException) ErrorFault() smithy.ErrorFault
func (*UnmodifiableEntityException) ErrorMessage ¶
func (e *UnmodifiableEntityException) ErrorMessage() string
type UnrecognizedPublicKeyEncodingException ¶
type UnrecognizedPublicKeyEncodingException struct { Message *string ErrorCodeOverride *string // contains filtered or unexported fields }
The request was rejected because the public key encoding format is unsupported or unrecognized.
func (*UnrecognizedPublicKeyEncodingException) Error ¶
func (e *UnrecognizedPublicKeyEncodingException) Error() string
func (*UnrecognizedPublicKeyEncodingException) ErrorCode ¶
func (e *UnrecognizedPublicKeyEncodingException) ErrorCode() string
func (*UnrecognizedPublicKeyEncodingException) ErrorFault ¶
func (e *UnrecognizedPublicKeyEncodingException) ErrorFault() smithy.ErrorFault
func (*UnrecognizedPublicKeyEncodingException) ErrorMessage ¶
func (e *UnrecognizedPublicKeyEncodingException) ErrorMessage() string
type User ¶
type User struct { // The Amazon Resource Name (ARN) that identifies the user. For more information // about ARNs and how to use ARNs in policies, see [IAM Identifiers]in the IAM User Guide. // // [IAM Identifiers]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html // // This member is required. Arn *string // The date and time, in [ISO 8601 date-time format], when the user was created. // // [ISO 8601 date-time format]: http://www.iso.org/iso/iso8601 // // This member is required. CreateDate *time.Time // The path to the user. For more information about paths, see [IAM identifiers] in the IAM User // Guide. // // The ARN of the policy used to set the permissions boundary for the user. // // [IAM identifiers]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html // // This member is required. Path *string // The stable and unique string identifying the user. For more information about // IDs, see [IAM identifiers]in the IAM User Guide. // // [IAM identifiers]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html // // This member is required. UserId *string // The friendly name identifying the user. // // This member is required. UserName *string // The date and time, in [ISO 8601 date-time format], when the user's password was last used to sign in to an // Amazon Web Services website. For a list of Amazon Web Services websites that // capture a user's last sign-in time, see the [Credential reports]topic in the IAM User Guide. If a // password is used more than once in a five-minute span, only the first use is // returned in this field. If the field is null (no value), then it indicates that // they never signed in with a password. This can be because: // // - The user never had a password. // // - A password exists but has not been used since IAM started tracking this // information on October 20, 2014. // // A null value does not mean that the user never had a password. Also, if the // user does not currently have a password but had one in the past, then this field // contains the date and time the most recent password was used. // // This value is returned only in the GetUser and ListUsers operations. // // [Credential reports]: https://docs.aws.amazon.com/IAM/latest/UserGuide/credential-reports.html // [ISO 8601 date-time format]: http://www.iso.org/iso/iso8601 PasswordLastUsed *time.Time // For more information about permissions boundaries, see [Permissions boundaries for IAM identities] in the IAM User Guide. // // [Permissions boundaries for IAM identities]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html PermissionsBoundary *AttachedPermissionsBoundary // A list of tags that are associated with the user. For more information about // tagging, see [Tagging IAM resources]in the IAM User Guide. // // [Tagging IAM resources]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html Tags []Tag // contains filtered or unexported fields }
Contains information about an IAM user entity.
This data type is used as a response element in the following operations:
CreateUser ¶
GetUser ¶
ListUsers
type UserDetail ¶
type UserDetail struct { // The Amazon Resource Name (ARN). ARNs are unique identifiers for Amazon Web // Services resources. // // For more information about ARNs, go to [Amazon Resource Names (ARNs)] in the Amazon Web Services General // Reference. // // [Amazon Resource Names (ARNs)]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html Arn *string // A list of the managed policies attached to the user. AttachedManagedPolicies []AttachedPolicy // The date and time, in [ISO 8601 date-time format], when the user was created. // // [ISO 8601 date-time format]: http://www.iso.org/iso/iso8601 CreateDate *time.Time // A list of IAM groups that the user is in. GroupList []string // The path to the user. For more information about paths, see [IAM identifiers] in the IAM User // Guide. // // [IAM identifiers]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html Path *string // The ARN of the policy used to set the permissions boundary for the user. // // For more information about permissions boundaries, see [Permissions boundaries for IAM identities] in the IAM User Guide. // // [Permissions boundaries for IAM identities]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html PermissionsBoundary *AttachedPermissionsBoundary // A list of tags that are associated with the user. For more information about // tagging, see [Tagging IAM resources]in the IAM User Guide. // // [Tagging IAM resources]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html Tags []Tag // The stable and unique string identifying the user. For more information about // IDs, see [IAM identifiers]in the IAM User Guide. // // [IAM identifiers]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html UserId *string // The friendly name identifying the user. UserName *string // A list of the inline policies embedded in the user. UserPolicyList []PolicyDetail // contains filtered or unexported fields }
Contains information about an IAM user, including all the user's policies and all the IAM groups the user is in.
This data type is used as a response element in the GetAccountAuthorizationDetails operation.
type VirtualMFADevice ¶
type VirtualMFADevice struct { // The serial number associated with VirtualMFADevice . // // This member is required. SerialNumber *string // The base32 seed defined as specified in [RFC3548]. The Base32StringSeed is // base32-encoded. // // [RFC3548]: https://tools.ietf.org/html/rfc3548.txt Base32StringSeed []byte // The date and time on which the virtual MFA device was enabled. EnableDate *time.Time // A QR code PNG image that encodes // otpauth://totp/$virtualMFADeviceName@$AccountName?secret=$Base32String where // $virtualMFADeviceName is one of the create call arguments. AccountName is the // user name if set (otherwise, the account ID otherwise), and Base32String is the // seed in base32 format. The Base32String value is base64-encoded. QRCodePNG []byte // A list of tags that are attached to the virtual MFA device. For more // information about tagging, see [Tagging IAM resources]in the IAM User Guide. // // [Tagging IAM resources]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html Tags []Tag // The IAM user associated with this virtual MFA device. User *User // contains filtered or unexported fields }
Contains information about a virtual MFA device.