types

package
v0.0.0-...-68f2935 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 24, 2024 License: Apache-2.0 Imports: 4 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type AccessAdvisorUsageGranularityType

type AccessAdvisorUsageGranularityType string
const (
	AccessAdvisorUsageGranularityTypeServiceLevel AccessAdvisorUsageGranularityType = "SERVICE_LEVEL"
	AccessAdvisorUsageGranularityTypeActionLevel  AccessAdvisorUsageGranularityType = "ACTION_LEVEL"
)

Enum values for AccessAdvisorUsageGranularityType

func (AccessAdvisorUsageGranularityType) Values

Values returns all known values for AccessAdvisorUsageGranularityType. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type AccessDetail

type AccessDetail struct {

	// The name of the service in which access was attempted.
	//
	// This member is required.
	ServiceName *string

	// The namespace of the service in which access was attempted.
	//
	// To learn the service namespace of a service, see [Actions, resources, and condition keys for Amazon Web Services services] in the Service Authorization
	// Reference. Choose the name of the service to view details for that service. In
	// the first paragraph, find the service prefix. For example, (service prefix: a4b)
	// . For more information about service namespaces, see [Amazon Web Services service namespaces]in the Amazon Web Services
	// General Reference.
	//
	// [Amazon Web Services service namespaces]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#genref-aws-service-namespaces
	// [Actions, resources, and condition keys for Amazon Web Services services]: https://docs.aws.amazon.com/service-authorization/latest/reference/reference_policies_actions-resources-contextkeys.html
	//
	// This member is required.
	ServiceNamespace *string

	// The path of the Organizations entity (root, organizational unit, or account)
	// from which an authenticated principal last attempted to access the service.
	// Amazon Web Services does not report unauthenticated requests.
	//
	// This field is null if no principals (IAM users, IAM roles, or root user) in the
	// reported Organizations entity attempted to access the service within the [tracking period].
	//
	// [tracking period]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period
	EntityPath *string

	// The date and time, in [ISO 8601 date-time format], when an authenticated principal most recently attempted
	// to access the service. Amazon Web Services does not report unauthenticated
	// requests.
	//
	// This field is null if no principals in the reported Organizations entity
	// attempted to access the service within the [tracking period].
	//
	// [tracking period]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period
	// [ISO 8601 date-time format]: http://www.iso.org/iso/iso8601
	LastAuthenticatedTime *time.Time

	// The Region where the last service access attempt occurred.
	//
	// This field is null if no principals in the reported Organizations entity
	// attempted to access the service within the [tracking period].
	//
	// [tracking period]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period
	Region *string

	// The number of accounts with authenticated principals (root user, IAM users, and
	// IAM roles) that attempted to access the service in the tracking period.
	TotalAuthenticatedEntities *int32
	// contains filtered or unexported fields
}

An object that contains details about when a principal in the reported Organizations entity last attempted to access an Amazon Web Services service. A principal can be an IAM user, an IAM role, or the Amazon Web Services account root user within the reported Organizations entity.

This data type is a response element in the GetOrganizationsAccessReport operation.

type AccessKey

type AccessKey struct {

	// The ID for this access key.
	//
	// This member is required.
	AccessKeyId *string

	// The secret key used to sign requests.
	//
	// This member is required.
	SecretAccessKey *string

	// The status of the access key. Active means that the key is valid for API calls,
	// while Inactive means it is not.
	//
	// This member is required.
	Status StatusType

	// The name of the IAM user that the access key is associated with.
	//
	// This member is required.
	UserName *string

	// The date when the access key was created.
	CreateDate *time.Time
	// contains filtered or unexported fields
}

Contains information about an Amazon Web Services access key.

This data type is used as a response element in the CreateAccessKey and ListAccessKeys operations.

The SecretAccessKey value is returned only in response to CreateAccessKey. You can get a secret access key only when you first create an access key; you cannot recover the secret access key later. If you lose a secret access key, you must create a new access key.

type AccessKeyLastUsed

type AccessKeyLastUsed struct {

	// The date and time, in [ISO 8601 date-time format], when the access key was most recently used. This field
	// is null in the following situations:
	//
	//   - The user does not have an access key.
	//
	//   - An access key exists but has not been used since IAM began tracking this
	//   information.
	//
	//   - There is no sign-in data associated with the user.
	//
	// [ISO 8601 date-time format]: http://www.iso.org/iso/iso8601
	//
	// This member is required.
	LastUsedDate *time.Time

	// The Amazon Web Services Region where this access key was most recently used.
	// The value for this field is "N/A" in the following situations:
	//
	//   - The user does not have an access key.
	//
	//   - An access key exists but has not been used since IAM began tracking this
	//   information.
	//
	//   - There is no sign-in data associated with the user.
	//
	// For more information about Amazon Web Services Regions, see [Regions and endpoints] in the Amazon Web
	// Services General Reference.
	//
	// [Regions and endpoints]: https://docs.aws.amazon.com/general/latest/gr/rande.html
	//
	// This member is required.
	Region *string

	// The name of the Amazon Web Services service with which this access key was most
	// recently used. The value of this field is "N/A" in the following situations:
	//
	//   - The user does not have an access key.
	//
	//   - An access key exists but has not been used since IAM started tracking this
	//   information.
	//
	//   - There is no sign-in data associated with the user.
	//
	// This member is required.
	ServiceName *string
	// contains filtered or unexported fields
}

Contains information about the last time an Amazon Web Services access key was used since IAM began tracking this information on April 22, 2015.

This data type is used as a response element in the GetAccessKeyLastUsed operation.

type AccessKeyMetadata

type AccessKeyMetadata struct {

	// The ID for this access key.
	AccessKeyId *string

	// The date when the access key was created.
	CreateDate *time.Time

	// The status of the access key. Active means that the key is valid for API calls;
	// Inactive means it is not.
	Status StatusType

	// The name of the IAM user that the key is associated with.
	UserName *string
	// contains filtered or unexported fields
}

Contains information about an Amazon Web Services access key, without its secret key.

This data type is used as a response element in the ListAccessKeys operation.

type AssignmentStatusType

type AssignmentStatusType string
const (
	AssignmentStatusTypeAssigned   AssignmentStatusType = "Assigned"
	AssignmentStatusTypeUnassigned AssignmentStatusType = "Unassigned"
	AssignmentStatusTypeAny        AssignmentStatusType = "Any"
)

Enum values for AssignmentStatusType

func (AssignmentStatusType) Values

Values returns all known values for AssignmentStatusType. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type AttachedPermissionsBoundary

type AttachedPermissionsBoundary struct {

	//  The ARN of the policy used to set the permissions boundary for the user or
	// role.
	PermissionsBoundaryArn *string

	//  The permissions boundary usage type that indicates what type of IAM resource
	// is used as the permissions boundary for an entity. This data type can only have
	// a value of Policy .
	PermissionsBoundaryType PermissionsBoundaryAttachmentType
	// contains filtered or unexported fields
}

Contains information about an attached permissions boundary.

An attached permissions boundary is a managed policy that has been attached to a user or role to set the permissions boundary.

For more information about permissions boundaries, see Permissions boundaries for IAM identities in the IAM User Guide.

type AttachedPolicy

type AttachedPolicy struct {

	// The Amazon Resource Name (ARN). ARNs are unique identifiers for Amazon Web
	// Services resources.
	//
	// For more information about ARNs, go to [Amazon Resource Names (ARNs)] in the Amazon Web Services General
	// Reference.
	//
	// [Amazon Resource Names (ARNs)]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
	PolicyArn *string

	// The friendly name of the attached policy.
	PolicyName *string
	// contains filtered or unexported fields
}

Contains information about an attached policy.

An attached policy is a managed policy that has been attached to a user, group, or role. This data type is used as a response element in the ListAttachedGroupPolicies, ListAttachedRolePolicies, ListAttachedUserPolicies, and GetAccountAuthorizationDetails operations.

For more information about managed policies, refer to Managed policies and inline policies in the IAM User Guide.

type ConcurrentModificationException

type ConcurrentModificationException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

The request was rejected because multiple requests to change this object were submitted simultaneously. Wait a few minutes and submit your request again.

func (*ConcurrentModificationException) Error

func (*ConcurrentModificationException) ErrorCode

func (e *ConcurrentModificationException) ErrorCode() string

func (*ConcurrentModificationException) ErrorFault

func (*ConcurrentModificationException) ErrorMessage

func (e *ConcurrentModificationException) ErrorMessage() string

type ContextEntry

type ContextEntry struct {

	// The full name of a condition context key, including the service prefix. For
	// example, aws:SourceIp or s3:VersionId .
	ContextKeyName *string

	// The data type of the value (or values) specified in the ContextKeyValues
	// parameter.
	ContextKeyType ContextKeyTypeEnum

	// The value (or values, if the condition context key supports multiple values) to
	// provide to the simulation when the key is referenced by a Condition element in
	// an input policy.
	ContextKeyValues []string
	// contains filtered or unexported fields
}

Contains information about a condition context key. It includes the name of the key and specifies the value (or values, if the context key supports multiple values) to use in the simulation. This information is used when evaluating the Condition elements of the input policies.

This data type is used as an input parameter to SimulateCustomPolicy and SimulatePrincipalPolicy.

type ContextKeyTypeEnum

type ContextKeyTypeEnum string
const (
	ContextKeyTypeEnumString      ContextKeyTypeEnum = "string"
	ContextKeyTypeEnumStringList  ContextKeyTypeEnum = "stringList"
	ContextKeyTypeEnumNumeric     ContextKeyTypeEnum = "numeric"
	ContextKeyTypeEnumNumericList ContextKeyTypeEnum = "numericList"
	ContextKeyTypeEnumBoolean     ContextKeyTypeEnum = "boolean"
	ContextKeyTypeEnumBooleanList ContextKeyTypeEnum = "booleanList"
	ContextKeyTypeEnumIp          ContextKeyTypeEnum = "ip"
	ContextKeyTypeEnumIpList      ContextKeyTypeEnum = "ipList"
	ContextKeyTypeEnumBinary      ContextKeyTypeEnum = "binary"
	ContextKeyTypeEnumBinaryList  ContextKeyTypeEnum = "binaryList"
	ContextKeyTypeEnumDate        ContextKeyTypeEnum = "date"
	ContextKeyTypeEnumDateList    ContextKeyTypeEnum = "dateList"
)

Enum values for ContextKeyTypeEnum

func (ContextKeyTypeEnum) Values

Values returns all known values for ContextKeyTypeEnum. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type CredentialReportExpiredException

type CredentialReportExpiredException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

The request was rejected because the most recent credential report has expired. To generate a new credential report, use GenerateCredentialReport. For more information about credential report expiration, see Getting credential reportsin the IAM User Guide.

func (*CredentialReportExpiredException) Error

func (*CredentialReportExpiredException) ErrorCode

func (*CredentialReportExpiredException) ErrorFault

func (*CredentialReportExpiredException) ErrorMessage

func (e *CredentialReportExpiredException) ErrorMessage() string

type CredentialReportNotPresentException

type CredentialReportNotPresentException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

The request was rejected because the credential report does not exist. To generate a credential report, use GenerateCredentialReport.

func (*CredentialReportNotPresentException) Error

func (*CredentialReportNotPresentException) ErrorCode

func (*CredentialReportNotPresentException) ErrorFault

func (*CredentialReportNotPresentException) ErrorMessage

func (e *CredentialReportNotPresentException) ErrorMessage() string

type CredentialReportNotReadyException

type CredentialReportNotReadyException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

The request was rejected because the credential report is still being generated.

func (*CredentialReportNotReadyException) Error

func (*CredentialReportNotReadyException) ErrorCode

func (*CredentialReportNotReadyException) ErrorFault

func (*CredentialReportNotReadyException) ErrorMessage

func (e *CredentialReportNotReadyException) ErrorMessage() string

type DeleteConflictException

type DeleteConflictException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

The request was rejected because it attempted to delete a resource that has attached subordinate entities. The error message describes these entities.

func (*DeleteConflictException) Error

func (e *DeleteConflictException) Error() string

func (*DeleteConflictException) ErrorCode

func (e *DeleteConflictException) ErrorCode() string

func (*DeleteConflictException) ErrorFault

func (e *DeleteConflictException) ErrorFault() smithy.ErrorFault

func (*DeleteConflictException) ErrorMessage

func (e *DeleteConflictException) ErrorMessage() string

type DeletionTaskFailureReasonType

type DeletionTaskFailureReasonType struct {

	// A short description of the reason that the service-linked role deletion failed.
	Reason *string

	// A list of objects that contains details about the service-linked role deletion
	// failure, if that information is returned by the service. If the service-linked
	// role has active sessions or if any resources that were used by the role have not
	// been deleted from the linked service, the role can't be deleted. This parameter
	// includes a list of the resources that are associated with the role and the
	// Region in which the resources are being used.
	RoleUsageList []RoleUsageType
	// contains filtered or unexported fields
}

The reason that the service-linked role deletion failed.

This data type is used as a response element in the GetServiceLinkedRoleDeletionStatus operation.

type DeletionTaskStatusType

type DeletionTaskStatusType string
const (
	DeletionTaskStatusTypeSucceeded  DeletionTaskStatusType = "SUCCEEDED"
	DeletionTaskStatusTypeInProgress DeletionTaskStatusType = "IN_PROGRESS"
	DeletionTaskStatusTypeFailed     DeletionTaskStatusType = "FAILED"
	DeletionTaskStatusTypeNotStarted DeletionTaskStatusType = "NOT_STARTED"
)

Enum values for DeletionTaskStatusType

func (DeletionTaskStatusType) Values

Values returns all known values for DeletionTaskStatusType. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type DuplicateCertificateException

type DuplicateCertificateException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

The request was rejected because the same certificate is associated with an IAM user in the account.

func (*DuplicateCertificateException) Error

func (*DuplicateCertificateException) ErrorCode

func (e *DuplicateCertificateException) ErrorCode() string

func (*DuplicateCertificateException) ErrorFault

func (*DuplicateCertificateException) ErrorMessage

func (e *DuplicateCertificateException) ErrorMessage() string

type DuplicateSSHPublicKeyException

type DuplicateSSHPublicKeyException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

The request was rejected because the SSH public key is already associated with the specified IAM user.

func (*DuplicateSSHPublicKeyException) Error

func (*DuplicateSSHPublicKeyException) ErrorCode

func (e *DuplicateSSHPublicKeyException) ErrorCode() string

func (*DuplicateSSHPublicKeyException) ErrorFault

func (*DuplicateSSHPublicKeyException) ErrorMessage

func (e *DuplicateSSHPublicKeyException) ErrorMessage() string

type EncodingType

type EncodingType string
const (
	EncodingTypeSsh EncodingType = "SSH"
	EncodingTypePem EncodingType = "PEM"
)

Enum values for EncodingType

func (EncodingType) Values

func (EncodingType) Values() []EncodingType

Values returns all known values for EncodingType. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type EntityAlreadyExistsException

type EntityAlreadyExistsException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

The request was rejected because it attempted to create a resource that already exists.

func (*EntityAlreadyExistsException) Error

func (*EntityAlreadyExistsException) ErrorCode

func (e *EntityAlreadyExistsException) ErrorCode() string

func (*EntityAlreadyExistsException) ErrorFault

func (*EntityAlreadyExistsException) ErrorMessage

func (e *EntityAlreadyExistsException) ErrorMessage() string

type EntityDetails

type EntityDetails struct {

	// The EntityInfo object that contains details about the entity (user or role).
	//
	// This member is required.
	EntityInfo *EntityInfo

	// The date and time, in [ISO 8601 date-time format], when the authenticated entity last attempted to access
	// Amazon Web Services. Amazon Web Services does not report unauthenticated
	// requests.
	//
	// This field is null if no IAM entities attempted to access the service within
	// the [tracking period].
	//
	// [tracking period]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period
	// [ISO 8601 date-time format]: http://www.iso.org/iso/iso8601
	LastAuthenticated *time.Time
	// contains filtered or unexported fields
}

An object that contains details about when the IAM entities (users or roles) were last used in an attempt to access the specified Amazon Web Services service.

This data type is a response element in the GetServiceLastAccessedDetailsWithEntities operation.

type EntityInfo

type EntityInfo struct {

	// The Amazon Resource Name (ARN). ARNs are unique identifiers for Amazon Web
	// Services resources.
	//
	// For more information about ARNs, go to [Amazon Resource Names (ARNs)] in the Amazon Web Services General
	// Reference.
	//
	// [Amazon Resource Names (ARNs)]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
	//
	// This member is required.
	Arn *string

	// The identifier of the entity (user or role).
	//
	// This member is required.
	Id *string

	// The name of the entity (user or role).
	//
	// This member is required.
	Name *string

	// The type of entity (user or role).
	//
	// This member is required.
	Type PolicyOwnerEntityType

	// The path to the entity (user or role). For more information about paths, see [IAM identifiers]
	// in the IAM User Guide.
	//
	// [IAM identifiers]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html
	Path *string
	// contains filtered or unexported fields
}

Contains details about the specified entity (user or role).

This data type is an element of the EntityDetails object.

type EntityTemporarilyUnmodifiableException

type EntityTemporarilyUnmodifiableException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

The request was rejected because it referenced an entity that is temporarily unmodifiable, such as a user name that was deleted and then recreated. The error indicates that the request is likely to succeed if you try again after waiting several minutes. The error message describes the entity.

func (*EntityTemporarilyUnmodifiableException) Error

func (*EntityTemporarilyUnmodifiableException) ErrorCode

func (*EntityTemporarilyUnmodifiableException) ErrorFault

func (*EntityTemporarilyUnmodifiableException) ErrorMessage

type EntityType

type EntityType string
const (
	EntityTypeUser               EntityType = "User"
	EntityTypeRole               EntityType = "Role"
	EntityTypeGroup              EntityType = "Group"
	EntityTypeLocalManagedPolicy EntityType = "LocalManagedPolicy"
	EntityTypeAWSManagedPolicy   EntityType = "AWSManagedPolicy"
)

Enum values for EntityType

func (EntityType) Values

func (EntityType) Values() []EntityType

Values returns all known values for EntityType. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type ErrorDetails

type ErrorDetails struct {

	// The error code associated with the operation failure.
	//
	// This member is required.
	Code *string

	// Detailed information about the reason that the operation failed.
	//
	// This member is required.
	Message *string
	// contains filtered or unexported fields
}

Contains information about the reason that the operation failed.

This data type is used as a response element in the GetOrganizationsAccessReport, GetServiceLastAccessedDetails, and GetServiceLastAccessedDetailsWithEntities operations.

type EvaluationResult

type EvaluationResult struct {

	// The name of the API operation tested on the indicated resource.
	//
	// This member is required.
	EvalActionName *string

	// The result of the simulation.
	//
	// This member is required.
	EvalDecision PolicyEvaluationDecisionType

	// Additional details about the results of the cross-account evaluation decision.
	// This parameter is populated for only cross-account simulations. It contains a
	// brief summary of how each policy type contributes to the final evaluation
	// decision.
	//
	// If the simulation evaluates policies within the same account and includes a
	// resource ARN, then the parameter is present but the response is empty. If the
	// simulation evaluates policies within the same account and specifies all
	// resources ( * ), then the parameter is not returned.
	//
	// When you make a cross-account request, Amazon Web Services evaluates the
	// request in the trusting account and the trusted account. The request is allowed
	// only if both evaluations return true . For more information about how policies
	// are evaluated, see [Evaluating policies within a single account].
	//
	// If an Organizations SCP included in the evaluation denies access, the
	// simulation ends. In this case, policy evaluation does not proceed any further
	// and this parameter is not returned.
	//
	// [Evaluating policies within a single account]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-basics
	EvalDecisionDetails map[string]PolicyEvaluationDecisionType

	// The ARN of the resource that the indicated API operation was tested on.
	EvalResourceName *string

	// A list of the statements in the input policies that determine the result for
	// this scenario. Remember that even if multiple statements allow the operation on
	// the resource, if only one statement denies that operation, then the explicit
	// deny overrides any allow. In addition, the deny statement is the only entry
	// included in the result.
	MatchedStatements []Statement

	// A list of context keys that are required by the included input policies but
	// that were not provided by one of the input parameters. This list is used when
	// the resource in a simulation is "*", either explicitly, or when the ResourceArns
	// parameter blank. If you include a list of resources, then any missing context
	// values are instead included under the ResourceSpecificResults section. To
	// discover the context keys used by a set of policies, you can call GetContextKeysForCustomPolicyor GetContextKeysForPrincipalPolicy.
	MissingContextValues []string

	// A structure that details how Organizations and its service control policies
	// affect the results of the simulation. Only applies if the simulated user's
	// account is part of an organization.
	OrganizationsDecisionDetail *OrganizationsDecisionDetail

	// Contains information about the effect that a permissions boundary has on a
	// policy simulation when the boundary is applied to an IAM entity.
	PermissionsBoundaryDecisionDetail *PermissionsBoundaryDecisionDetail

	// The individual results of the simulation of the API operation specified in
	// EvalActionName on each resource.
	ResourceSpecificResults []ResourceSpecificResult
	// contains filtered or unexported fields
}

Contains the results of a simulation.

This data type is used by the return parameter of SimulateCustomPolicy and SimulatePrincipalPolicy.

type GlobalEndpointTokenVersion

type GlobalEndpointTokenVersion string
const (
	GlobalEndpointTokenVersionV1Token GlobalEndpointTokenVersion = "v1Token"
	GlobalEndpointTokenVersionV2Token GlobalEndpointTokenVersion = "v2Token"
)

Enum values for GlobalEndpointTokenVersion

func (GlobalEndpointTokenVersion) Values

Values returns all known values for GlobalEndpointTokenVersion. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type Group

type Group struct {

	//  The Amazon Resource Name (ARN) specifying the group. For more information
	// about ARNs and how to use them in policies, see [IAM identifiers]in the IAM User Guide.
	//
	// [IAM identifiers]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html
	//
	// This member is required.
	Arn *string

	// The date and time, in [ISO 8601 date-time format], when the group was created.
	//
	// [ISO 8601 date-time format]: http://www.iso.org/iso/iso8601
	//
	// This member is required.
	CreateDate *time.Time

	//  The stable and unique string identifying the group. For more information about
	// IDs, see [IAM identifiers]in the IAM User Guide.
	//
	// [IAM identifiers]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html
	//
	// This member is required.
	GroupId *string

	// The friendly name that identifies the group.
	//
	// This member is required.
	GroupName *string

	// The path to the group. For more information about paths, see [IAM identifiers] in the IAM User
	// Guide.
	//
	// [IAM identifiers]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html
	//
	// This member is required.
	Path *string
	// contains filtered or unexported fields
}

Contains information about an IAM group entity.

This data type is used as a response element in the following operations:

CreateGroup

GetGroup

ListGroups

type GroupDetail

type GroupDetail struct {

	// The Amazon Resource Name (ARN). ARNs are unique identifiers for Amazon Web
	// Services resources.
	//
	// For more information about ARNs, go to [Amazon Resource Names (ARNs)] in the Amazon Web Services General
	// Reference.
	//
	// [Amazon Resource Names (ARNs)]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
	Arn *string

	// A list of the managed policies attached to the group.
	AttachedManagedPolicies []AttachedPolicy

	// The date and time, in [ISO 8601 date-time format], when the group was created.
	//
	// [ISO 8601 date-time format]: http://www.iso.org/iso/iso8601
	CreateDate *time.Time

	// The stable and unique string identifying the group. For more information about
	// IDs, see [IAM identifiers]in the IAM User Guide.
	//
	// [IAM identifiers]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html
	GroupId *string

	// The friendly name that identifies the group.
	GroupName *string

	// A list of the inline policies embedded in the group.
	GroupPolicyList []PolicyDetail

	// The path to the group. For more information about paths, see [IAM identifiers] in the IAM User
	// Guide.
	//
	// [IAM identifiers]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html
	Path *string
	// contains filtered or unexported fields
}

Contains information about an IAM group, including all of the group's policies.

This data type is used as a response element in the GetAccountAuthorizationDetails operation.

type InstanceProfile

type InstanceProfile struct {

	//  The Amazon Resource Name (ARN) specifying the instance profile. For more
	// information about ARNs and how to use them in policies, see [IAM identifiers]in the IAM User
	// Guide.
	//
	// [IAM identifiers]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html
	//
	// This member is required.
	Arn *string

	// The date when the instance profile was created.
	//
	// This member is required.
	CreateDate *time.Time

	//  The stable and unique string identifying the instance profile. For more
	// information about IDs, see [IAM identifiers]in the IAM User Guide.
	//
	// [IAM identifiers]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html
	//
	// This member is required.
	InstanceProfileId *string

	// The name identifying the instance profile.
	//
	// This member is required.
	InstanceProfileName *string

	//  The path to the instance profile. For more information about paths, see [IAM identifiers] in
	// the IAM User Guide.
	//
	// [IAM identifiers]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html
	//
	// This member is required.
	Path *string

	// The role associated with the instance profile.
	//
	// This member is required.
	Roles []Role

	// A list of tags that are attached to the instance profile. For more information
	// about tagging, see [Tagging IAM resources]in the IAM User Guide.
	//
	// [Tagging IAM resources]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
	Tags []Tag
	// contains filtered or unexported fields
}

Contains information about an instance profile.

This data type is used as a response element in the following operations:

CreateInstanceProfile

GetInstanceProfile

ListInstanceProfiles

ListInstanceProfilesForRole

type InvalidAuthenticationCodeException

type InvalidAuthenticationCodeException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

The request was rejected because the authentication code was not recognized. The error message describes the specific error.

func (*InvalidAuthenticationCodeException) Error

func (*InvalidAuthenticationCodeException) ErrorCode

func (*InvalidAuthenticationCodeException) ErrorFault

func (*InvalidAuthenticationCodeException) ErrorMessage

func (e *InvalidAuthenticationCodeException) ErrorMessage() string

type InvalidCertificateException

type InvalidCertificateException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

The request was rejected because the certificate is invalid.

func (*InvalidCertificateException) Error

func (*InvalidCertificateException) ErrorCode

func (e *InvalidCertificateException) ErrorCode() string

func (*InvalidCertificateException) ErrorFault

func (*InvalidCertificateException) ErrorMessage

func (e *InvalidCertificateException) ErrorMessage() string

type InvalidInputException

type InvalidInputException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

The request was rejected because an invalid or out-of-range value was supplied for an input parameter.

func (*InvalidInputException) Error

func (e *InvalidInputException) Error() string

func (*InvalidInputException) ErrorCode

func (e *InvalidInputException) ErrorCode() string

func (*InvalidInputException) ErrorFault

func (e *InvalidInputException) ErrorFault() smithy.ErrorFault

func (*InvalidInputException) ErrorMessage

func (e *InvalidInputException) ErrorMessage() string

type InvalidPublicKeyException

type InvalidPublicKeyException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

The request was rejected because the public key is malformed or otherwise invalid.

func (*InvalidPublicKeyException) Error

func (e *InvalidPublicKeyException) Error() string

func (*InvalidPublicKeyException) ErrorCode

func (e *InvalidPublicKeyException) ErrorCode() string

func (*InvalidPublicKeyException) ErrorFault

func (*InvalidPublicKeyException) ErrorMessage

func (e *InvalidPublicKeyException) ErrorMessage() string

type InvalidUserTypeException

type InvalidUserTypeException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

The request was rejected because the type of user for the transaction was incorrect.

func (*InvalidUserTypeException) Error

func (e *InvalidUserTypeException) Error() string

func (*InvalidUserTypeException) ErrorCode

func (e *InvalidUserTypeException) ErrorCode() string

func (*InvalidUserTypeException) ErrorFault

func (e *InvalidUserTypeException) ErrorFault() smithy.ErrorFault

func (*InvalidUserTypeException) ErrorMessage

func (e *InvalidUserTypeException) ErrorMessage() string

type JobStatusType

type JobStatusType string
const (
	JobStatusTypeInProgress JobStatusType = "IN_PROGRESS"
	JobStatusTypeCompleted  JobStatusType = "COMPLETED"
	JobStatusTypeFailed     JobStatusType = "FAILED"
)

Enum values for JobStatusType

func (JobStatusType) Values

func (JobStatusType) Values() []JobStatusType

Values returns all known values for JobStatusType. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type KeyPairMismatchException

type KeyPairMismatchException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

The request was rejected because the public key certificate and the private key do not match.

func (*KeyPairMismatchException) Error

func (e *KeyPairMismatchException) Error() string

func (*KeyPairMismatchException) ErrorCode

func (e *KeyPairMismatchException) ErrorCode() string

func (*KeyPairMismatchException) ErrorFault

func (e *KeyPairMismatchException) ErrorFault() smithy.ErrorFault

func (*KeyPairMismatchException) ErrorMessage

func (e *KeyPairMismatchException) ErrorMessage() string

type LimitExceededException

type LimitExceededException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

The request was rejected because it attempted to create resources beyond the current Amazon Web Services account limits. The error message describes the limit exceeded.

func (*LimitExceededException) Error

func (e *LimitExceededException) Error() string

func (*LimitExceededException) ErrorCode

func (e *LimitExceededException) ErrorCode() string

func (*LimitExceededException) ErrorFault

func (e *LimitExceededException) ErrorFault() smithy.ErrorFault

func (*LimitExceededException) ErrorMessage

func (e *LimitExceededException) ErrorMessage() string

type ListPoliciesGrantingServiceAccessEntry

type ListPoliciesGrantingServiceAccessEntry struct {

	// The PoliciesGrantingServiceAccess object that contains details about the policy.
	Policies []PolicyGrantingServiceAccess

	// The namespace of the service that was accessed.
	//
	// To learn the service namespace of a service, see [Actions, resources, and condition keys for Amazon Web Services services] in the Service Authorization
	// Reference. Choose the name of the service to view details for that service. In
	// the first paragraph, find the service prefix. For example, (service prefix: a4b)
	// . For more information about service namespaces, see [Amazon Web Services service namespaces]in the Amazon Web Services
	// General Reference.
	//
	// [Amazon Web Services service namespaces]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#genref-aws-service-namespaces
	// [Actions, resources, and condition keys for Amazon Web Services services]: https://docs.aws.amazon.com/service-authorization/latest/reference/reference_policies_actions-resources-contextkeys.html
	ServiceNamespace *string
	// contains filtered or unexported fields
}

Contains details about the permissions policies that are attached to the specified identity (user, group, or role).

This data type is used as a response element in the ListPoliciesGrantingServiceAccess operation.

type LoginProfile

type LoginProfile struct {

	// The date when the password for the user was created.
	//
	// This member is required.
	CreateDate *time.Time

	// The name of the user, which can be used for signing in to the Amazon Web
	// Services Management Console.
	//
	// This member is required.
	UserName *string

	// Specifies whether the user is required to set a new password on next sign-in.
	PasswordResetRequired bool
	// contains filtered or unexported fields
}

Contains the user name and password create date for a user.

This data type is used as a response element in the CreateLoginProfile and GetLoginProfile operations.

type MFADevice

type MFADevice struct {

	// The date when the MFA device was enabled for the user.
	//
	// This member is required.
	EnableDate *time.Time

	// The serial number that uniquely identifies the MFA device. For virtual MFA
	// devices, the serial number is the device ARN.
	//
	// This member is required.
	SerialNumber *string

	// The user with whom the MFA device is associated.
	//
	// This member is required.
	UserName *string
	// contains filtered or unexported fields
}

Contains information about an MFA device.

This data type is used as a response element in the ListMFADevices operation.

type MalformedCertificateException

type MalformedCertificateException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

The request was rejected because the certificate was malformed or expired. The error message describes the specific error.

func (*MalformedCertificateException) Error

func (*MalformedCertificateException) ErrorCode

func (e *MalformedCertificateException) ErrorCode() string

func (*MalformedCertificateException) ErrorFault

func (*MalformedCertificateException) ErrorMessage

func (e *MalformedCertificateException) ErrorMessage() string

type MalformedPolicyDocumentException

type MalformedPolicyDocumentException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

The request was rejected because the policy document was malformed. The error message describes the specific error.

func (*MalformedPolicyDocumentException) Error

func (*MalformedPolicyDocumentException) ErrorCode

func (*MalformedPolicyDocumentException) ErrorFault

func (*MalformedPolicyDocumentException) ErrorMessage

func (e *MalformedPolicyDocumentException) ErrorMessage() string

type ManagedPolicyDetail

type ManagedPolicyDetail struct {

	// The Amazon Resource Name (ARN). ARNs are unique identifiers for Amazon Web
	// Services resources.
	//
	// For more information about ARNs, go to [Amazon Resource Names (ARNs)] in the Amazon Web Services General
	// Reference.
	//
	// [Amazon Resource Names (ARNs)]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
	Arn *string

	// The number of principal entities (users, groups, and roles) that the policy is
	// attached to.
	AttachmentCount *int32

	// The date and time, in [ISO 8601 date-time format], when the policy was created.
	//
	// [ISO 8601 date-time format]: http://www.iso.org/iso/iso8601
	CreateDate *time.Time

	// The identifier for the version of the policy that is set as the default
	// (operative) version.
	//
	// For more information about policy versions, see [Versioning for managed policies] in the IAM User Guide.
	//
	// [Versioning for managed policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html
	DefaultVersionId *string

	// A friendly description of the policy.
	Description *string

	// Specifies whether the policy can be attached to an IAM user, group, or role.
	IsAttachable bool

	// The path to the policy.
	//
	// For more information about paths, see [IAM identifiers] in the IAM User Guide.
	//
	// [IAM identifiers]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html
	Path *string

	// The number of entities (users and roles) for which the policy is used as the
	// permissions boundary.
	//
	// For more information about permissions boundaries, see [Permissions boundaries for IAM identities] in the IAM User Guide.
	//
	// [Permissions boundaries for IAM identities]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html
	PermissionsBoundaryUsageCount *int32

	// The stable and unique string identifying the policy.
	//
	// For more information about IDs, see [IAM identifiers] in the IAM User Guide.
	//
	// [IAM identifiers]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html
	PolicyId *string

	// The friendly name (not ARN) identifying the policy.
	PolicyName *string

	// A list containing information about the versions of the policy.
	PolicyVersionList []PolicyVersion

	// The date and time, in [ISO 8601 date-time format], when the policy was last updated.
	//
	// When a policy has only one version, this field contains the date and time when
	// the policy was created. When a policy has more than one version, this field
	// contains the date and time when the most recent policy version was created.
	//
	// [ISO 8601 date-time format]: http://www.iso.org/iso/iso8601
	UpdateDate *time.Time
	// contains filtered or unexported fields
}

Contains information about a managed policy, including the policy's ARN, versions, and the number of principal entities (users, groups, and roles) that the policy is attached to.

This data type is used as a response element in the GetAccountAuthorizationDetails operation.

For more information about managed policies, see Managed policies and inline policies in the IAM User Guide.

type NoSuchEntityException

type NoSuchEntityException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

The request was rejected because it referenced a resource entity that does not exist. The error message describes the resource.

func (*NoSuchEntityException) Error

func (e *NoSuchEntityException) Error() string

func (*NoSuchEntityException) ErrorCode

func (e *NoSuchEntityException) ErrorCode() string

func (*NoSuchEntityException) ErrorFault

func (e *NoSuchEntityException) ErrorFault() smithy.ErrorFault

func (*NoSuchEntityException) ErrorMessage

func (e *NoSuchEntityException) ErrorMessage() string

type OpenIDConnectProviderListEntry

type OpenIDConnectProviderListEntry struct {

	// The Amazon Resource Name (ARN). ARNs are unique identifiers for Amazon Web
	// Services resources.
	//
	// For more information about ARNs, go to [Amazon Resource Names (ARNs)] in the Amazon Web Services General
	// Reference.
	//
	// [Amazon Resource Names (ARNs)]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
	Arn *string
	// contains filtered or unexported fields
}

Contains the Amazon Resource Name (ARN) for an IAM OpenID Connect provider.

type OpenIdIdpCommunicationErrorException

type OpenIdIdpCommunicationErrorException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

The request failed because IAM cannot connect to the OpenID Connect identity provider URL.

func (*OpenIdIdpCommunicationErrorException) Error

func (*OpenIdIdpCommunicationErrorException) ErrorCode

func (*OpenIdIdpCommunicationErrorException) ErrorFault

func (*OpenIdIdpCommunicationErrorException) ErrorMessage

func (e *OpenIdIdpCommunicationErrorException) ErrorMessage() string

type OrganizationsDecisionDetail

type OrganizationsDecisionDetail struct {

	// Specifies whether the simulated operation is allowed by the Organizations
	// service control policies that impact the simulated user's account.
	AllowedByOrganizations bool
	// contains filtered or unexported fields
}

Contains information about the effect that Organizations has on a policy simulation.

type PasswordPolicy

type PasswordPolicy struct {

	// Specifies whether IAM users are allowed to change their own password. Gives IAM
	// users permissions to iam:ChangePassword for only their user and to the
	// iam:GetAccountPasswordPolicy action. This option does not attach a permissions
	// policy to each user, rather the permissions are applied at the account-level for
	// all users by IAM.
	AllowUsersToChangePassword bool

	// Indicates whether passwords in the account expire. Returns true if
	// MaxPasswordAge contains a value greater than 0. Returns false if MaxPasswordAge
	// is 0 or not present.
	ExpirePasswords bool

	// Specifies whether IAM users are prevented from setting a new password via the
	// Amazon Web Services Management Console after their password has expired. The IAM
	// user cannot access the console until an administrator resets the password. IAM
	// users with iam:ChangePassword permission and active access keys can reset their
	// own expired console password using the CLI or API.
	HardExpiry *bool

	// The number of days that an IAM user password is valid.
	MaxPasswordAge *int32

	// Minimum length to require for IAM user passwords.
	MinimumPasswordLength *int32

	// Specifies the number of previous passwords that IAM users are prevented from
	// reusing.
	PasswordReusePrevention *int32

	// Specifies whether IAM user passwords must contain at least one lowercase
	// character (a to z).
	RequireLowercaseCharacters bool

	// Specifies whether IAM user passwords must contain at least one numeric
	// character (0 to 9).
	RequireNumbers bool

	// Specifies whether IAM user passwords must contain at least one of the following
	// symbols:
	//
	// ! @ # $ % ^ & * ( ) _ + - = [ ] { } | '
	RequireSymbols bool

	// Specifies whether IAM user passwords must contain at least one uppercase
	// character (A to Z).
	RequireUppercaseCharacters bool
	// contains filtered or unexported fields
}

Contains information about the account password policy.

This data type is used as a response element in the GetAccountPasswordPolicy operation.

type PasswordPolicyViolationException

type PasswordPolicyViolationException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

The request was rejected because the provided password did not meet the requirements imposed by the account password policy.

func (*PasswordPolicyViolationException) Error

func (*PasswordPolicyViolationException) ErrorCode

func (*PasswordPolicyViolationException) ErrorFault

func (*PasswordPolicyViolationException) ErrorMessage

func (e *PasswordPolicyViolationException) ErrorMessage() string

type PermissionsBoundaryAttachmentType

type PermissionsBoundaryAttachmentType string
const (
	PermissionsBoundaryAttachmentTypePolicy PermissionsBoundaryAttachmentType = "PermissionsBoundaryPolicy"
)

Enum values for PermissionsBoundaryAttachmentType

func (PermissionsBoundaryAttachmentType) Values

Values returns all known values for PermissionsBoundaryAttachmentType. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type PermissionsBoundaryDecisionDetail

type PermissionsBoundaryDecisionDetail struct {

	// Specifies whether an action is allowed by a permissions boundary that is
	// applied to an IAM entity (user or role). A value of true means that the
	// permissions boundary does not deny the action. This means that the policy
	// includes an Allow statement that matches the request. In this case, if an
	// identity-based policy also allows the action, the request is allowed. A value of
	// false means that either the requested action is not allowed (implicitly denied)
	// or that the action is explicitly denied by the permissions boundary. In both of
	// these cases, the action is not allowed, regardless of the identity-based policy.
	AllowedByPermissionsBoundary bool
	// contains filtered or unexported fields
}

Contains information about the effect that a permissions boundary has on a policy simulation when the boundary is applied to an IAM entity.

type Policy

type Policy struct {

	// The Amazon Resource Name (ARN). ARNs are unique identifiers for Amazon Web
	// Services resources.
	//
	// For more information about ARNs, go to [Amazon Resource Names (ARNs)] in the Amazon Web Services General
	// Reference.
	//
	// [Amazon Resource Names (ARNs)]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
	Arn *string

	// The number of entities (users, groups, and roles) that the policy is attached
	// to.
	AttachmentCount *int32

	// The date and time, in [ISO 8601 date-time format], when the policy was created.
	//
	// [ISO 8601 date-time format]: http://www.iso.org/iso/iso8601
	CreateDate *time.Time

	// The identifier for the version of the policy that is set as the default version.
	DefaultVersionId *string

	// A friendly description of the policy.
	//
	// This element is included in the response to the GetPolicy operation. It is not included
	// in the response to the ListPoliciesoperation.
	Description *string

	// Specifies whether the policy can be attached to an IAM user, group, or role.
	IsAttachable bool

	// The path to the policy.
	//
	// For more information about paths, see [IAM identifiers] in the IAM User Guide.
	//
	// [IAM identifiers]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html
	Path *string

	// The number of entities (users and roles) for which the policy is used to set
	// the permissions boundary.
	//
	// For more information about permissions boundaries, see [Permissions boundaries for IAM identities] in the IAM User Guide.
	//
	// [Permissions boundaries for IAM identities]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html
	PermissionsBoundaryUsageCount *int32

	// The stable and unique string identifying the policy.
	//
	// For more information about IDs, see [IAM identifiers] in the IAM User Guide.
	//
	// [IAM identifiers]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html
	PolicyId *string

	// The friendly name (not ARN) identifying the policy.
	PolicyName *string

	// A list of tags that are attached to the instance profile. For more information
	// about tagging, see [Tagging IAM resources]in the IAM User Guide.
	//
	// [Tagging IAM resources]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
	Tags []Tag

	// The date and time, in [ISO 8601 date-time format], when the policy was last updated.
	//
	// When a policy has only one version, this field contains the date and time when
	// the policy was created. When a policy has more than one version, this field
	// contains the date and time when the most recent policy version was created.
	//
	// [ISO 8601 date-time format]: http://www.iso.org/iso/iso8601
	UpdateDate *time.Time
	// contains filtered or unexported fields
}

Contains information about a managed policy.

This data type is used as a response element in the CreatePolicy, GetPolicy, and ListPolicies operations.

For more information about managed policies, refer to Managed policies and inline policies in the IAM User Guide.

type PolicyDetail

type PolicyDetail struct {

	// The policy document.
	PolicyDocument *string

	// The name of the policy.
	PolicyName *string
	// contains filtered or unexported fields
}

Contains information about an IAM policy, including the policy document.

This data type is used as a response element in the GetAccountAuthorizationDetails operation.

type PolicyEvaluationDecisionType

type PolicyEvaluationDecisionType string
const (
	PolicyEvaluationDecisionTypeAllowed      PolicyEvaluationDecisionType = "allowed"
	PolicyEvaluationDecisionTypeExplicitDeny PolicyEvaluationDecisionType = "explicitDeny"
	PolicyEvaluationDecisionTypeImplicitDeny PolicyEvaluationDecisionType = "implicitDeny"
)

Enum values for PolicyEvaluationDecisionType

func (PolicyEvaluationDecisionType) Values

Values returns all known values for PolicyEvaluationDecisionType. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type PolicyEvaluationException

type PolicyEvaluationException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

The request failed because a provided policy could not be successfully evaluated. An additional detailed message indicates the source of the failure.

func (*PolicyEvaluationException) Error

func (e *PolicyEvaluationException) Error() string

func (*PolicyEvaluationException) ErrorCode

func (e *PolicyEvaluationException) ErrorCode() string

func (*PolicyEvaluationException) ErrorFault

func (*PolicyEvaluationException) ErrorMessage

func (e *PolicyEvaluationException) ErrorMessage() string

type PolicyGrantingServiceAccess

type PolicyGrantingServiceAccess struct {

	// The policy name.
	//
	// This member is required.
	PolicyName *string

	// The policy type. For more information about these policy types, see [Managed policies and inline policies] in the IAM
	// User Guide.
	//
	// [Managed policies and inline policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html
	//
	// This member is required.
	PolicyType PolicyType

	// The name of the entity (user or role) to which the inline policy is attached.
	//
	// This field is null for managed policies. For more information about these
	// policy types, see [Managed policies and inline policies]in the IAM User Guide.
	//
	// [Managed policies and inline policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html
	EntityName *string

	// The type of entity (user or role) that used the policy to access the service to
	// which the inline policy is attached.
	//
	// This field is null for managed policies. For more information about these
	// policy types, see [Managed policies and inline policies]in the IAM User Guide.
	//
	// [Managed policies and inline policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html
	EntityType PolicyOwnerEntityType

	// The Amazon Resource Name (ARN). ARNs are unique identifiers for Amazon Web
	// Services resources.
	//
	// For more information about ARNs, go to [Amazon Resource Names (ARNs)] in the Amazon Web Services General
	// Reference.
	//
	// [Amazon Resource Names (ARNs)]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
	PolicyArn *string
	// contains filtered or unexported fields
}

Contains details about the permissions policies that are attached to the specified identity (user, group, or role).

This data type is an element of the ListPoliciesGrantingServiceAccessEntry object.

type PolicyGroup

type PolicyGroup struct {

	// The stable and unique string identifying the group. For more information about
	// IDs, see [IAM identifiers]in the IAM User Guide.
	//
	// [IAM identifiers]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html
	GroupId *string

	// The name (friendly name, not ARN) identifying the group.
	GroupName *string
	// contains filtered or unexported fields
}

Contains information about a group that a managed policy is attached to.

This data type is used as a response element in the ListEntitiesForPolicy operation.

For more information about managed policies, refer to Managed policies and inline policies in the IAM User Guide.

type PolicyNotAttachableException

type PolicyNotAttachableException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

The request failed because Amazon Web Services service role policies can only be attached to the service-linked role for that service.

func (*PolicyNotAttachableException) Error

func (*PolicyNotAttachableException) ErrorCode

func (e *PolicyNotAttachableException) ErrorCode() string

func (*PolicyNotAttachableException) ErrorFault

func (*PolicyNotAttachableException) ErrorMessage

func (e *PolicyNotAttachableException) ErrorMessage() string

type PolicyOwnerEntityType

type PolicyOwnerEntityType string
const (
	PolicyOwnerEntityTypeUser  PolicyOwnerEntityType = "USER"
	PolicyOwnerEntityTypeRole  PolicyOwnerEntityType = "ROLE"
	PolicyOwnerEntityTypeGroup PolicyOwnerEntityType = "GROUP"
)

Enum values for PolicyOwnerEntityType

func (PolicyOwnerEntityType) Values

Values returns all known values for PolicyOwnerEntityType. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type PolicyRole

type PolicyRole struct {

	// The stable and unique string identifying the role. For more information about
	// IDs, see [IAM identifiers]in the IAM User Guide.
	//
	// [IAM identifiers]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html
	RoleId *string

	// The name (friendly name, not ARN) identifying the role.
	RoleName *string
	// contains filtered or unexported fields
}

Contains information about a role that a managed policy is attached to.

This data type is used as a response element in the ListEntitiesForPolicy operation.

For more information about managed policies, refer to Managed policies and inline policies in the IAM User Guide.

type PolicyScopeType

type PolicyScopeType string
const (
	PolicyScopeTypeAll   PolicyScopeType = "All"
	PolicyScopeTypeAws   PolicyScopeType = "AWS"
	PolicyScopeTypeLocal PolicyScopeType = "Local"
)

Enum values for PolicyScopeType

func (PolicyScopeType) Values

func (PolicyScopeType) Values() []PolicyScopeType

Values returns all known values for PolicyScopeType. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type PolicySourceType

type PolicySourceType string
const (
	PolicySourceTypeUser        PolicySourceType = "user"
	PolicySourceTypeGroup       PolicySourceType = "group"
	PolicySourceTypeRole        PolicySourceType = "role"
	PolicySourceTypeAwsManaged  PolicySourceType = "aws-managed"
	PolicySourceTypeUserManaged PolicySourceType = "user-managed"
	PolicySourceTypeResource    PolicySourceType = "resource"
	PolicySourceTypeNone        PolicySourceType = "none"
)

Enum values for PolicySourceType

func (PolicySourceType) Values

Values returns all known values for PolicySourceType. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type PolicyType

type PolicyType string
const (
	PolicyTypeInline  PolicyType = "INLINE"
	PolicyTypeManaged PolicyType = "MANAGED"
)

Enum values for PolicyType

func (PolicyType) Values

func (PolicyType) Values() []PolicyType

Values returns all known values for PolicyType. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type PolicyUsageType

type PolicyUsageType string
const (
	PolicyUsageTypePermissionsPolicy   PolicyUsageType = "PermissionsPolicy"
	PolicyUsageTypePermissionsBoundary PolicyUsageType = "PermissionsBoundary"
)

Enum values for PolicyUsageType

func (PolicyUsageType) Values

func (PolicyUsageType) Values() []PolicyUsageType

Values returns all known values for PolicyUsageType. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type PolicyUser

type PolicyUser struct {

	// The stable and unique string identifying the user. For more information about
	// IDs, see [IAM identifiers]in the IAM User Guide.
	//
	// [IAM identifiers]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html
	UserId *string

	// The name (friendly name, not ARN) identifying the user.
	UserName *string
	// contains filtered or unexported fields
}

Contains information about a user that a managed policy is attached to.

This data type is used as a response element in the ListEntitiesForPolicy operation.

For more information about managed policies, refer to Managed policies and inline policies in the IAM User Guide.

type PolicyVersion

type PolicyVersion struct {

	// The date and time, in [ISO 8601 date-time format], when the policy version was created.
	//
	// [ISO 8601 date-time format]: http://www.iso.org/iso/iso8601
	CreateDate *time.Time

	// The policy document.
	//
	// The policy document is returned in the response to the GetPolicyVersion and GetAccountAuthorizationDetails operations. It is
	// not returned in the response to the CreatePolicyVersionor ListPolicyVersions operations.
	//
	// The policy document returned in this structure is URL-encoded compliant with [RFC 3986].
	// You can use a URL decoding method to convert the policy back to plain JSON text.
	// For example, if you use Java, you can use the decode method of the
	// java.net.URLDecoder utility class in the Java SDK. Other languages and SDKs
	// provide similar functionality.
	//
	// [RFC 3986]: https://tools.ietf.org/html/rfc3986
	Document *string

	// Specifies whether the policy version is set as the policy's default version.
	IsDefaultVersion bool

	// The identifier for the policy version.
	//
	// Policy version identifiers always begin with v (always lowercase). When a
	// policy is created, the first policy version is v1 .
	VersionId *string
	// contains filtered or unexported fields
}

Contains information about a version of a managed policy.

This data type is used as a response element in the CreatePolicyVersion, GetPolicyVersion, ListPolicyVersions, and GetAccountAuthorizationDetails operations.

For more information about managed policies, refer to Managed policies and inline policies in the IAM User Guide.

type Position

type Position struct {

	// The column in the line containing the specified position in the document.
	Column int32

	// The line containing the specified position in the document.
	Line int32
	// contains filtered or unexported fields
}

Contains the row and column of a location of a Statement element in a policy document.

This data type is used as a member of the Statement type.

type ReportFormatType

type ReportFormatType string
const (
	ReportFormatTypeTextCsv ReportFormatType = "text/csv"
)

Enum values for ReportFormatType

func (ReportFormatType) Values

Values returns all known values for ReportFormatType. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type ReportGenerationLimitExceededException

type ReportGenerationLimitExceededException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

The request failed because the maximum number of concurrent requests for this account are already running.

func (*ReportGenerationLimitExceededException) Error

func (*ReportGenerationLimitExceededException) ErrorCode

func (*ReportGenerationLimitExceededException) ErrorFault

func (*ReportGenerationLimitExceededException) ErrorMessage

type ReportStateType

type ReportStateType string
const (
	ReportStateTypeStarted    ReportStateType = "STARTED"
	ReportStateTypeInprogress ReportStateType = "INPROGRESS"
	ReportStateTypeComplete   ReportStateType = "COMPLETE"
)

Enum values for ReportStateType

func (ReportStateType) Values

func (ReportStateType) Values() []ReportStateType

Values returns all known values for ReportStateType. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type ResourceSpecificResult

type ResourceSpecificResult struct {

	// The result of the simulation of the simulated API operation on the resource
	// specified in EvalResourceName .
	//
	// This member is required.
	EvalResourceDecision PolicyEvaluationDecisionType

	// The name of the simulated resource, in Amazon Resource Name (ARN) format.
	//
	// This member is required.
	EvalResourceName *string

	// Additional details about the results of the evaluation decision on a single
	// resource. This parameter is returned only for cross-account simulations. This
	// parameter explains how each policy type contributes to the resource-specific
	// evaluation decision.
	EvalDecisionDetails map[string]PolicyEvaluationDecisionType

	// A list of the statements in the input policies that determine the result for
	// this part of the simulation. Remember that even if multiple statements allow the
	// operation on the resource, if any statement denies that operation, then the
	// explicit deny overrides any allow. In addition, the deny statement is the only
	// entry included in the result.
	MatchedStatements []Statement

	// A list of context keys that are required by the included input policies but
	// that were not provided by one of the input parameters. This list is used when a
	// list of ARNs is included in the ResourceArns parameter instead of "*". If you
	// do not specify individual resources, by setting ResourceArns to "*" or by not
	// including the ResourceArns parameter, then any missing context values are
	// instead included under the EvaluationResults section. To discover the context
	// keys used by a set of policies, you can call GetContextKeysForCustomPolicyor GetContextKeysForPrincipalPolicy.
	MissingContextValues []string

	// Contains information about the effect that a permissions boundary has on a
	// policy simulation when that boundary is applied to an IAM entity.
	PermissionsBoundaryDecisionDetail *PermissionsBoundaryDecisionDetail
	// contains filtered or unexported fields
}

Contains the result of the simulation of a single API operation call on a single resource.

This data type is used by a member of the EvaluationResult data type.

type Role

type Role struct {

	//  The Amazon Resource Name (ARN) specifying the role. For more information about
	// ARNs and how to use them in policies, see [IAM identifiers]in the IAM User Guide guide.
	//
	// [IAM identifiers]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html
	//
	// This member is required.
	Arn *string

	// The date and time, in [ISO 8601 date-time format], when the role was created.
	//
	// [ISO 8601 date-time format]: http://www.iso.org/iso/iso8601
	//
	// This member is required.
	CreateDate *time.Time

	//  The path to the role. For more information about paths, see [IAM identifiers] in the IAM User
	// Guide.
	//
	// [IAM identifiers]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html
	//
	// This member is required.
	Path *string

	//  The stable and unique string identifying the role. For more information about
	// IDs, see [IAM identifiers]in the IAM User Guide.
	//
	// [IAM identifiers]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html
	//
	// This member is required.
	RoleId *string

	// The friendly name that identifies the role.
	//
	// This member is required.
	RoleName *string

	// The policy that grants an entity permission to assume the role.
	AssumeRolePolicyDocument *string

	// A description of the role that you provide.
	Description *string

	// The maximum session duration (in seconds) for the specified role. Anyone who
	// uses the CLI, or API to assume the role can specify the duration using the
	// optional DurationSeconds API parameter or duration-seconds CLI parameter.
	MaxSessionDuration *int32

	// The ARN of the policy used to set the permissions boundary for the role.
	//
	// For more information about permissions boundaries, see [Permissions boundaries for IAM identities] in the IAM User Guide.
	//
	// [Permissions boundaries for IAM identities]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html
	PermissionsBoundary *AttachedPermissionsBoundary

	// Contains information about the last time that an IAM role was used. This
	// includes the date and time and the Region in which the role was last used.
	// Activity is only reported for the trailing 400 days. This period can be shorter
	// if your Region began supporting these features within the last year. The role
	// might have been used more than 400 days ago. For more information, see [Regions where data is tracked]in the
	// IAM user Guide.
	//
	// [Regions where data is tracked]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#access-advisor_tracking-period
	RoleLastUsed *RoleLastUsed

	// A list of tags that are attached to the role. For more information about
	// tagging, see [Tagging IAM resources]in the IAM User Guide.
	//
	// [Tagging IAM resources]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
	Tags []Tag
	// contains filtered or unexported fields
}

Contains information about an IAM role. This structure is returned as a response element in several API operations that interact with roles.

type RoleDetail

type RoleDetail struct {

	// The Amazon Resource Name (ARN). ARNs are unique identifiers for Amazon Web
	// Services resources.
	//
	// For more information about ARNs, go to [Amazon Resource Names (ARNs)] in the Amazon Web Services General
	// Reference.
	//
	// [Amazon Resource Names (ARNs)]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
	Arn *string

	// The trust policy that grants permission to assume the role.
	AssumeRolePolicyDocument *string

	// A list of managed policies attached to the role. These policies are the role's
	// access (permissions) policies.
	AttachedManagedPolicies []AttachedPolicy

	// The date and time, in [ISO 8601 date-time format], when the role was created.
	//
	// [ISO 8601 date-time format]: http://www.iso.org/iso/iso8601
	CreateDate *time.Time

	// A list of instance profiles that contain this role.
	InstanceProfileList []InstanceProfile

	// The path to the role. For more information about paths, see [IAM identifiers] in the IAM User
	// Guide.
	//
	// [IAM identifiers]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html
	Path *string

	// The ARN of the policy used to set the permissions boundary for the role.
	//
	// For more information about permissions boundaries, see [Permissions boundaries for IAM identities] in the IAM User Guide.
	//
	// [Permissions boundaries for IAM identities]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html
	PermissionsBoundary *AttachedPermissionsBoundary

	// The stable and unique string identifying the role. For more information about
	// IDs, see [IAM identifiers]in the IAM User Guide.
	//
	// [IAM identifiers]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html
	RoleId *string

	// Contains information about the last time that an IAM role was used. This
	// includes the date and time and the Region in which the role was last used.
	// Activity is only reported for the trailing 400 days. This period can be shorter
	// if your Region began supporting these features within the last year. The role
	// might have been used more than 400 days ago. For more information, see [Regions where data is tracked]in the
	// IAM User Guide.
	//
	// [Regions where data is tracked]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#access-advisor_tracking-period
	RoleLastUsed *RoleLastUsed

	// The friendly name that identifies the role.
	RoleName *string

	// A list of inline policies embedded in the role. These policies are the role's
	// access (permissions) policies.
	RolePolicyList []PolicyDetail

	// A list of tags that are attached to the role. For more information about
	// tagging, see [Tagging IAM resources]in the IAM User Guide.
	//
	// [Tagging IAM resources]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
	Tags []Tag
	// contains filtered or unexported fields
}

Contains information about an IAM role, including all of the role's policies.

This data type is used as a response element in the GetAccountAuthorizationDetails operation.

type RoleLastUsed

type RoleLastUsed struct {

	// The date and time, in [ISO 8601 date-time format] that the role was last used.
	//
	// This field is null if the role has not been used within the IAM tracking
	// period. For more information about the tracking period, see [Regions where data is tracked]in the IAM User
	// Guide.
	//
	// [ISO 8601 date-time format]: http://www.iso.org/iso/iso8601
	// [Regions where data is tracked]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#access-advisor_tracking-period
	LastUsedDate *time.Time

	// The name of the Amazon Web Services Region in which the role was last used.
	Region *string
	// contains filtered or unexported fields
}

Contains information about the last time that an IAM role was used. This includes the date and time and the Region in which the role was last used. Activity is only reported for the trailing 400 days. This period can be shorter if your Region began supporting these features within the last year. The role might have been used more than 400 days ago. For more information, see Regions where data is trackedin the IAM user Guide.

This data type is returned as a response element in the GetRole and GetAccountAuthorizationDetails operations.

type RoleUsageType

type RoleUsageType struct {

	// The name of the Region where the service-linked role is being used.
	Region *string

	// The name of the resource that is using the service-linked role.
	Resources []string
	// contains filtered or unexported fields
}

An object that contains details about how a service-linked role is used, if that information is returned by the service.

This data type is used as a response element in the GetServiceLinkedRoleDeletionStatus operation.

type SAMLProviderListEntry

type SAMLProviderListEntry struct {

	// The Amazon Resource Name (ARN) of the SAML provider.
	Arn *string

	// The date and time when the SAML provider was created.
	CreateDate *time.Time

	// The expiration date and time for the SAML provider.
	ValidUntil *time.Time
	// contains filtered or unexported fields
}

Contains the list of SAML providers for this account.

type SSHPublicKey

type SSHPublicKey struct {

	// The MD5 message digest of the SSH public key.
	//
	// This member is required.
	Fingerprint *string

	// The SSH public key.
	//
	// This member is required.
	SSHPublicKeyBody *string

	// The unique identifier for the SSH public key.
	//
	// This member is required.
	SSHPublicKeyId *string

	// The status of the SSH public key. Active means that the key can be used for
	// authentication with an CodeCommit repository. Inactive means that the key
	// cannot be used.
	//
	// This member is required.
	Status StatusType

	// The name of the IAM user associated with the SSH public key.
	//
	// This member is required.
	UserName *string

	// The date and time, in [ISO 8601 date-time format], when the SSH public key was uploaded.
	//
	// [ISO 8601 date-time format]: http://www.iso.org/iso/iso8601
	UploadDate *time.Time
	// contains filtered or unexported fields
}

Contains information about an SSH public key.

This data type is used as a response element in the GetSSHPublicKey and UploadSSHPublicKey operations.

type SSHPublicKeyMetadata

type SSHPublicKeyMetadata struct {

	// The unique identifier for the SSH public key.
	//
	// This member is required.
	SSHPublicKeyId *string

	// The status of the SSH public key. Active means that the key can be used for
	// authentication with an CodeCommit repository. Inactive means that the key
	// cannot be used.
	//
	// This member is required.
	Status StatusType

	// The date and time, in [ISO 8601 date-time format], when the SSH public key was uploaded.
	//
	// [ISO 8601 date-time format]: http://www.iso.org/iso/iso8601
	//
	// This member is required.
	UploadDate *time.Time

	// The name of the IAM user associated with the SSH public key.
	//
	// This member is required.
	UserName *string
	// contains filtered or unexported fields
}

Contains information about an SSH public key, without the key's body or fingerprint.

This data type is used as a response element in the ListSSHPublicKeys operation.

type ServerCertificate

type ServerCertificate struct {

	// The contents of the public key certificate.
	//
	// This member is required.
	CertificateBody *string

	// The meta information of the server certificate, such as its name, path, ID, and
	// ARN.
	//
	// This member is required.
	ServerCertificateMetadata *ServerCertificateMetadata

	// The contents of the public key certificate chain.
	CertificateChain *string

	// A list of tags that are attached to the server certificate. For more
	// information about tagging, see [Tagging IAM resources]in the IAM User Guide.
	//
	// [Tagging IAM resources]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
	Tags []Tag
	// contains filtered or unexported fields
}

Contains information about a server certificate.

This data type is used as a response element in the GetServerCertificate operation.

type ServerCertificateMetadata

type ServerCertificateMetadata struct {

	//  The Amazon Resource Name (ARN) specifying the server certificate. For more
	// information about ARNs and how to use them in policies, see [IAM identifiers]in the IAM User
	// Guide.
	//
	// [IAM identifiers]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html
	//
	// This member is required.
	Arn *string

	//  The path to the server certificate. For more information about paths, see [IAM identifiers] in
	// the IAM User Guide.
	//
	// [IAM identifiers]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html
	//
	// This member is required.
	Path *string

	//  The stable and unique string identifying the server certificate. For more
	// information about IDs, see [IAM identifiers]in the IAM User Guide.
	//
	// [IAM identifiers]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html
	//
	// This member is required.
	ServerCertificateId *string

	// The name that identifies the server certificate.
	//
	// This member is required.
	ServerCertificateName *string

	// The date on which the certificate is set to expire.
	Expiration *time.Time

	// The date when the server certificate was uploaded.
	UploadDate *time.Time
	// contains filtered or unexported fields
}

Contains information about a server certificate without its certificate body, certificate chain, and private key.

This data type is used as a response element in the UploadServerCertificate and ListServerCertificates operations.

type ServiceFailureException

type ServiceFailureException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

The request processing has failed because of an unknown error, exception or failure.

func (*ServiceFailureException) Error

func (e *ServiceFailureException) Error() string

func (*ServiceFailureException) ErrorCode

func (e *ServiceFailureException) ErrorCode() string

func (*ServiceFailureException) ErrorFault

func (e *ServiceFailureException) ErrorFault() smithy.ErrorFault

func (*ServiceFailureException) ErrorMessage

func (e *ServiceFailureException) ErrorMessage() string

type ServiceLastAccessed

type ServiceLastAccessed struct {

	// The name of the service in which access was attempted.
	//
	// This member is required.
	ServiceName *string

	// The namespace of the service in which access was attempted.
	//
	// To learn the service namespace of a service, see [Actions, resources, and condition keys for Amazon Web Services services] in the Service Authorization
	// Reference. Choose the name of the service to view details for that service. In
	// the first paragraph, find the service prefix. For example, (service prefix: a4b)
	// . For more information about service namespaces, see [Amazon Web Services Service Namespaces]in the Amazon Web Services
	// General Reference.
	//
	// [Amazon Web Services Service Namespaces]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#genref-aws-service-namespaces
	// [Actions, resources, and condition keys for Amazon Web Services services]: https://docs.aws.amazon.com/service-authorization/latest/reference/reference_policies_actions-resources-contextkeys.html
	//
	// This member is required.
	ServiceNamespace *string

	// The date and time, in [ISO 8601 date-time format], when an authenticated entity most recently attempted to
	// access the service. Amazon Web Services does not report unauthenticated
	// requests.
	//
	// This field is null if no IAM entities attempted to access the service within
	// the [tracking period].
	//
	// [tracking period]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period
	// [ISO 8601 date-time format]: http://www.iso.org/iso/iso8601
	LastAuthenticated *time.Time

	// The ARN of the authenticated entity (user or role) that last attempted to
	// access the service. Amazon Web Services does not report unauthenticated
	// requests.
	//
	// This field is null if no IAM entities attempted to access the service within
	// the [tracking period].
	//
	// [tracking period]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period
	LastAuthenticatedEntity *string

	// The Region from which the authenticated entity (user or role) last attempted to
	// access the service. Amazon Web Services does not report unauthenticated
	// requests.
	//
	// This field is null if no IAM entities attempted to access the service within
	// the [tracking period].
	//
	// [tracking period]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period
	LastAuthenticatedRegion *string

	// The total number of authenticated principals (root user, IAM users, or IAM
	// roles) that have attempted to access the service.
	//
	// This field is null if no principals attempted to access the service within the [tracking period].
	//
	// [tracking period]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period
	TotalAuthenticatedEntities *int32

	// An object that contains details about the most recent attempt to access a
	// tracked action within the service.
	//
	// This field is null if there no tracked actions or if the principal did not use
	// the tracked actions within the [tracking period]. This field is also null if the report was
	// generated at the service level and not the action level. For more information,
	// see the Granularity field in GenerateServiceLastAccessedDetails.
	//
	// [tracking period]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period
	TrackedActionsLastAccessed []TrackedActionLastAccessed
	// contains filtered or unexported fields
}

Contains details about the most recent attempt to access the service.

This data type is used as a response element in the GetServiceLastAccessedDetails operation.

type ServiceNotSupportedException

type ServiceNotSupportedException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

The specified service does not support service-specific credentials.

func (*ServiceNotSupportedException) Error

func (*ServiceNotSupportedException) ErrorCode

func (e *ServiceNotSupportedException) ErrorCode() string

func (*ServiceNotSupportedException) ErrorFault

func (*ServiceNotSupportedException) ErrorMessage

func (e *ServiceNotSupportedException) ErrorMessage() string

type ServiceSpecificCredential

type ServiceSpecificCredential struct {

	// The date and time, in [ISO 8601 date-time format], when the service-specific credential were created.
	//
	// [ISO 8601 date-time format]: http://www.iso.org/iso/iso8601
	//
	// This member is required.
	CreateDate *time.Time

	// The name of the service associated with the service-specific credential.
	//
	// This member is required.
	ServiceName *string

	// The generated password for the service-specific credential.
	//
	// This member is required.
	ServicePassword *string

	// The unique identifier for the service-specific credential.
	//
	// This member is required.
	ServiceSpecificCredentialId *string

	// The generated user name for the service-specific credential. This value is
	// generated by combining the IAM user's name combined with the ID number of the
	// Amazon Web Services account, as in jane-at-123456789012 , for example. This
	// value cannot be configured by the user.
	//
	// This member is required.
	ServiceUserName *string

	// The status of the service-specific credential. Active means that the key is
	// valid for API calls, while Inactive means it is not.
	//
	// This member is required.
	Status StatusType

	// The name of the IAM user associated with the service-specific credential.
	//
	// This member is required.
	UserName *string
	// contains filtered or unexported fields
}

Contains the details of a service-specific credential.

type ServiceSpecificCredentialMetadata

type ServiceSpecificCredentialMetadata struct {

	// The date and time, in [ISO 8601 date-time format], when the service-specific credential were created.
	//
	// [ISO 8601 date-time format]: http://www.iso.org/iso/iso8601
	//
	// This member is required.
	CreateDate *time.Time

	// The name of the service associated with the service-specific credential.
	//
	// This member is required.
	ServiceName *string

	// The unique identifier for the service-specific credential.
	//
	// This member is required.
	ServiceSpecificCredentialId *string

	// The generated user name for the service-specific credential.
	//
	// This member is required.
	ServiceUserName *string

	// The status of the service-specific credential. Active means that the key is
	// valid for API calls, while Inactive means it is not.
	//
	// This member is required.
	Status StatusType

	// The name of the IAM user associated with the service-specific credential.
	//
	// This member is required.
	UserName *string
	// contains filtered or unexported fields
}

Contains additional details about a service-specific credential.

type SigningCertificate

type SigningCertificate struct {

	// The contents of the signing certificate.
	//
	// This member is required.
	CertificateBody *string

	// The ID for the signing certificate.
	//
	// This member is required.
	CertificateId *string

	// The status of the signing certificate. Active means that the key is valid for
	// API calls, while Inactive means it is not.
	//
	// This member is required.
	Status StatusType

	// The name of the user the signing certificate is associated with.
	//
	// This member is required.
	UserName *string

	// The date when the signing certificate was uploaded.
	UploadDate *time.Time
	// contains filtered or unexported fields
}

Contains information about an X.509 signing certificate.

This data type is used as a response element in the UploadSigningCertificate and ListSigningCertificates operations.

type SortKeyType

type SortKeyType string
const (
	SortKeyTypeServiceNamespaceAscending       SortKeyType = "SERVICE_NAMESPACE_ASCENDING"
	SortKeyTypeServiceNamespaceDescending      SortKeyType = "SERVICE_NAMESPACE_DESCENDING"
	SortKeyTypeLastAuthenticatedTimeAscending  SortKeyType = "LAST_AUTHENTICATED_TIME_ASCENDING"
	SortKeyTypeLastAuthenticatedTimeDescending SortKeyType = "LAST_AUTHENTICATED_TIME_DESCENDING"
)

Enum values for SortKeyType

func (SortKeyType) Values

func (SortKeyType) Values() []SortKeyType

Values returns all known values for SortKeyType. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type Statement

type Statement struct {

	// The row and column of the end of a Statement in an IAM policy.
	EndPosition *Position

	// The identifier of the policy that was provided as an input.
	SourcePolicyId *string

	// The type of the policy.
	SourcePolicyType PolicySourceType

	// The row and column of the beginning of the Statement in an IAM policy.
	StartPosition *Position
	// contains filtered or unexported fields
}

Contains a reference to a Statement element in a policy document that determines the result of the simulation.

This data type is used by the MatchedStatements member of the EvaluationResult type.

type StatusType

type StatusType string
const (
	StatusTypeActive   StatusType = "Active"
	StatusTypeInactive StatusType = "Inactive"
)

Enum values for StatusType

func (StatusType) Values

func (StatusType) Values() []StatusType

Values returns all known values for StatusType. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type SummaryKeyType

type SummaryKeyType string
const (
	SummaryKeyTypeUsers                             SummaryKeyType = "Users"
	SummaryKeyTypeUsersQuota                        SummaryKeyType = "UsersQuota"
	SummaryKeyTypeGroups                            SummaryKeyType = "Groups"
	SummaryKeyTypeGroupsQuota                       SummaryKeyType = "GroupsQuota"
	SummaryKeyTypeServerCertificates                SummaryKeyType = "ServerCertificates"
	SummaryKeyTypeServerCertificatesQuota           SummaryKeyType = "ServerCertificatesQuota"
	SummaryKeyTypeUserPolicySizeQuota               SummaryKeyType = "UserPolicySizeQuota"
	SummaryKeyTypeGroupPolicySizeQuota              SummaryKeyType = "GroupPolicySizeQuota"
	SummaryKeyTypeGroupsPerUserQuota                SummaryKeyType = "GroupsPerUserQuota"
	SummaryKeyTypeSigningCertificatesPerUserQuota   SummaryKeyType = "SigningCertificatesPerUserQuota"
	SummaryKeyTypeAccessKeysPerUserQuota            SummaryKeyType = "AccessKeysPerUserQuota"
	SummaryKeyTypeMFADevices                        SummaryKeyType = "MFADevices"
	SummaryKeyTypeMFADevicesInUse                   SummaryKeyType = "MFADevicesInUse"
	SummaryKeyTypeAccountMFAEnabled                 SummaryKeyType = "AccountMFAEnabled"
	SummaryKeyTypeAccountAccessKeysPresent          SummaryKeyType = "AccountAccessKeysPresent"
	SummaryKeyTypeAccountSigningCertificatesPresent SummaryKeyType = "AccountSigningCertificatesPresent"
	SummaryKeyTypeAttachedPoliciesPerGroupQuota     SummaryKeyType = "AttachedPoliciesPerGroupQuota"
	SummaryKeyTypeAttachedPoliciesPerRoleQuota      SummaryKeyType = "AttachedPoliciesPerRoleQuota"
	SummaryKeyTypeAttachedPoliciesPerUserQuota      SummaryKeyType = "AttachedPoliciesPerUserQuota"
	SummaryKeyTypePolicies                          SummaryKeyType = "Policies"
	SummaryKeyTypePoliciesQuota                     SummaryKeyType = "PoliciesQuota"
	SummaryKeyTypePolicySizeQuota                   SummaryKeyType = "PolicySizeQuota"
	SummaryKeyTypePolicyVersionsInUse               SummaryKeyType = "PolicyVersionsInUse"
	SummaryKeyTypePolicyVersionsInUseQuota          SummaryKeyType = "PolicyVersionsInUseQuota"
	SummaryKeyTypeVersionsPerPolicyQuota            SummaryKeyType = "VersionsPerPolicyQuota"
	SummaryKeyTypeGlobalEndpointTokenVersion        SummaryKeyType = "GlobalEndpointTokenVersion"
)

Enum values for SummaryKeyType

func (SummaryKeyType) Values

func (SummaryKeyType) Values() []SummaryKeyType

Values returns all known values for SummaryKeyType. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type Tag

type Tag struct {

	// The key name that can be used to look up or retrieve the associated value. For
	// example, Department or Cost Center are common choices.
	//
	// This member is required.
	Key *string

	// The value associated with this tag. For example, tags with a key name of
	// Department could have values such as Human Resources , Accounting , and Support
	// . Tags with a key name of Cost Center might have values that consist of the
	// number associated with the different cost centers in your company. Typically,
	// many resources have tags with the same key name but with different values.
	//
	// Amazon Web Services always interprets the tag Value as a single string. If you
	// need to store an array, you can store comma-separated values in the string.
	// However, you must interpret the value in your code.
	//
	// This member is required.
	Value *string
	// contains filtered or unexported fields
}

A structure that represents user-provided metadata that can be associated with an IAM resource. For more information about tagging, see Tagging IAM resourcesin the IAM User Guide.

type TrackedActionLastAccessed

type TrackedActionLastAccessed struct {

	// The name of the tracked action to which access was attempted. Tracked actions
	// are actions that report activity to IAM.
	ActionName *string

	// The Amazon Resource Name (ARN). ARNs are unique identifiers for Amazon Web
	// Services resources.
	//
	// For more information about ARNs, go to [Amazon Resource Names (ARNs)] in the Amazon Web Services General
	// Reference.
	//
	// [Amazon Resource Names (ARNs)]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
	LastAccessedEntity *string

	// The Region from which the authenticated entity (user or role) last attempted to
	// access the tracked action. Amazon Web Services does not report unauthenticated
	// requests.
	//
	// This field is null if no IAM entities attempted to access the service within
	// the [tracking period].
	//
	// [tracking period]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period
	LastAccessedRegion *string

	// The date and time, in [ISO 8601 date-time format], when an authenticated entity most recently attempted to
	// access the tracked service. Amazon Web Services does not report unauthenticated
	// requests.
	//
	// This field is null if no IAM entities attempted to access the service within
	// the [tracking period].
	//
	// [tracking period]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period
	// [ISO 8601 date-time format]: http://www.iso.org/iso/iso8601
	LastAccessedTime *time.Time
	// contains filtered or unexported fields
}

Contains details about the most recent attempt to access an action within the service.

This data type is used as a response element in the GetServiceLastAccessedDetails operation.

type UnmodifiableEntityException

type UnmodifiableEntityException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

The request was rejected because service-linked roles are protected Amazon Web Services resources. Only the service that depends on the service-linked role can modify or delete the role on your behalf. The error message includes the name of the service that depends on this service-linked role. You must request the change through that service.

func (*UnmodifiableEntityException) Error

func (*UnmodifiableEntityException) ErrorCode

func (e *UnmodifiableEntityException) ErrorCode() string

func (*UnmodifiableEntityException) ErrorFault

func (*UnmodifiableEntityException) ErrorMessage

func (e *UnmodifiableEntityException) ErrorMessage() string

type UnrecognizedPublicKeyEncodingException

type UnrecognizedPublicKeyEncodingException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

The request was rejected because the public key encoding format is unsupported or unrecognized.

func (*UnrecognizedPublicKeyEncodingException) Error

func (*UnrecognizedPublicKeyEncodingException) ErrorCode

func (*UnrecognizedPublicKeyEncodingException) ErrorFault

func (*UnrecognizedPublicKeyEncodingException) ErrorMessage

type User

type User struct {

	// The Amazon Resource Name (ARN) that identifies the user. For more information
	// about ARNs and how to use ARNs in policies, see [IAM Identifiers]in the IAM User Guide.
	//
	// [IAM Identifiers]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html
	//
	// This member is required.
	Arn *string

	// The date and time, in [ISO 8601 date-time format], when the user was created.
	//
	// [ISO 8601 date-time format]: http://www.iso.org/iso/iso8601
	//
	// This member is required.
	CreateDate *time.Time

	// The path to the user. For more information about paths, see [IAM identifiers] in the IAM User
	// Guide.
	//
	// The ARN of the policy used to set the permissions boundary for the user.
	//
	// [IAM identifiers]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html
	//
	// This member is required.
	Path *string

	// The stable and unique string identifying the user. For more information about
	// IDs, see [IAM identifiers]in the IAM User Guide.
	//
	// [IAM identifiers]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html
	//
	// This member is required.
	UserId *string

	// The friendly name identifying the user.
	//
	// This member is required.
	UserName *string

	// The date and time, in [ISO 8601 date-time format], when the user's password was last used to sign in to an
	// Amazon Web Services website. For a list of Amazon Web Services websites that
	// capture a user's last sign-in time, see the [Credential reports]topic in the IAM User Guide. If a
	// password is used more than once in a five-minute span, only the first use is
	// returned in this field. If the field is null (no value), then it indicates that
	// they never signed in with a password. This can be because:
	//
	//   - The user never had a password.
	//
	//   - A password exists but has not been used since IAM started tracking this
	//   information on October 20, 2014.
	//
	// A null value does not mean that the user never had a password. Also, if the
	// user does not currently have a password but had one in the past, then this field
	// contains the date and time the most recent password was used.
	//
	// This value is returned only in the GetUser and ListUsers operations.
	//
	// [Credential reports]: https://docs.aws.amazon.com/IAM/latest/UserGuide/credential-reports.html
	// [ISO 8601 date-time format]: http://www.iso.org/iso/iso8601
	PasswordLastUsed *time.Time

	// For more information about permissions boundaries, see [Permissions boundaries for IAM identities] in the IAM User Guide.
	//
	// [Permissions boundaries for IAM identities]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html
	PermissionsBoundary *AttachedPermissionsBoundary

	// A list of tags that are associated with the user. For more information about
	// tagging, see [Tagging IAM resources]in the IAM User Guide.
	//
	// [Tagging IAM resources]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
	Tags []Tag
	// contains filtered or unexported fields
}

Contains information about an IAM user entity.

This data type is used as a response element in the following operations:

CreateUser

GetUser

ListUsers

type UserDetail

type UserDetail struct {

	// The Amazon Resource Name (ARN). ARNs are unique identifiers for Amazon Web
	// Services resources.
	//
	// For more information about ARNs, go to [Amazon Resource Names (ARNs)] in the Amazon Web Services General
	// Reference.
	//
	// [Amazon Resource Names (ARNs)]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
	Arn *string

	// A list of the managed policies attached to the user.
	AttachedManagedPolicies []AttachedPolicy

	// The date and time, in [ISO 8601 date-time format], when the user was created.
	//
	// [ISO 8601 date-time format]: http://www.iso.org/iso/iso8601
	CreateDate *time.Time

	// A list of IAM groups that the user is in.
	GroupList []string

	// The path to the user. For more information about paths, see [IAM identifiers] in the IAM User
	// Guide.
	//
	// [IAM identifiers]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html
	Path *string

	// The ARN of the policy used to set the permissions boundary for the user.
	//
	// For more information about permissions boundaries, see [Permissions boundaries for IAM identities] in the IAM User Guide.
	//
	// [Permissions boundaries for IAM identities]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html
	PermissionsBoundary *AttachedPermissionsBoundary

	// A list of tags that are associated with the user. For more information about
	// tagging, see [Tagging IAM resources]in the IAM User Guide.
	//
	// [Tagging IAM resources]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
	Tags []Tag

	// The stable and unique string identifying the user. For more information about
	// IDs, see [IAM identifiers]in the IAM User Guide.
	//
	// [IAM identifiers]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html
	UserId *string

	// The friendly name identifying the user.
	UserName *string

	// A list of the inline policies embedded in the user.
	UserPolicyList []PolicyDetail
	// contains filtered or unexported fields
}

Contains information about an IAM user, including all the user's policies and all the IAM groups the user is in.

This data type is used as a response element in the GetAccountAuthorizationDetails operation.

type VirtualMFADevice

type VirtualMFADevice struct {

	// The serial number associated with VirtualMFADevice .
	//
	// This member is required.
	SerialNumber *string

	//  The base32 seed defined as specified in [RFC3548]. The Base32StringSeed is
	// base32-encoded.
	//
	// [RFC3548]: https://tools.ietf.org/html/rfc3548.txt
	Base32StringSeed []byte

	// The date and time on which the virtual MFA device was enabled.
	EnableDate *time.Time

	//  A QR code PNG image that encodes
	// otpauth://totp/$virtualMFADeviceName@$AccountName?secret=$Base32String where
	// $virtualMFADeviceName is one of the create call arguments. AccountName is the
	// user name if set (otherwise, the account ID otherwise), and Base32String is the
	// seed in base32 format. The Base32String value is base64-encoded.
	QRCodePNG []byte

	// A list of tags that are attached to the virtual MFA device. For more
	// information about tagging, see [Tagging IAM resources]in the IAM User Guide.
	//
	// [Tagging IAM resources]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
	Tags []Tag

	// The IAM user associated with this virtual MFA device.
	User *User
	// contains filtered or unexported fields
}

Contains information about a virtual MFA device.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL