AWS SDK for Go V2 code examples for IAM
Purpose
These examples demonstrates how to perform several
AWS Identity and Access Management (IAM)
operations using version 2 of the AWS SDK for Go.
Prerequisites
You must have an AWS account, and have your default credentials and AWS Region
configured as described in
Configuring the AWS SDK for Go
in the AWS SDK for Go Developer Guide.
Running the code
AccessKeyLastUsed/AccessKeyLastUsedv2.go
This example retrieves when an IAM access key was last used,
including the AWS Region and with which service.
go run AccessKeyLastUsedv2.go -k KeyID
- KeyID is the ID of the access key.
The unit test accepts a similar value in config.json.
AttachUserPolicy/AttachUserPolicyv2.go
This example attaches an Amazon DynamoDB full-access policy to an IAM role.
go run AttachUserPolicyv2.go -n ROLE-NAME
- ROLE-NAME is the name of the role to which the policy is attached.
The unit test accepts a similar value in config.json.
CreateAccessKey/CreateAccessKeyv2.go
This example creates a new IAM access key for a user.
go run CreateAccessKeyv2.go -u USER-NAME
- USER-NAME is the name of the user for whom the new key is created.
CreateAccountAlias/CreateAccountAliasv2.go
This example creates an alias for your IAM account.
go run CreateAccountAliasv2.go -a ALIAS
- ALIAS is the alias created for your account.
The unit test accepts a similar value in config.json.
CreatePolicy/CreatePolicyv2.go
This example creates an IAM policy.
go run CreatePolicyv2.go -n POLICY-NAME
- POLICY-NAME is the name of the policy to create.
The unit test accepts a similar value in config.json.
CreateUser/CreateUserv2.go
This example creates an IAM user.
go run CreateUserv2.go -u USER-NAME
- USER-NAME is the name of the user to create.
The unit test accepts a similar value in config.json.
DeleteAccessKey/DeleteAccessKeyv2.go
This example deletes an IAM access key.
go run DeleteAccessKeyv2.go -k KeyID -u USER-NAME
- KEYID is the access key to delete.
- USER-NAME is the name of the user deleting the key.
The unit test accepts similar values in config.json.
DeleteAccountAlias/DeleteAccountAliasv2.go
This example deletes an alias for your IAM account.
go run DeleteAccountAliasv2.go -a ALIAS
- ALIAS is the account alias to delete.
The unit test accepts a similar value in config.json.
DeleteServerCert/DeleteServerCertv2.go
This example deletes an IAM server certificate.
go run DeleteServerCertv2.go -c CERTIFICATE-NAME
- CERTIFICATE-NAME is the name of the server certificate to delete.
The unit test accepts a similar value in config.json.
DeleteUser/DeleteUserv2.go
This example deletes an IAM user.
go run DeleteUserv2.go -u USER-NAME
- USER-NAME is the name of the user to delete.
The unit test accepts a similar value in config.json.
DetachUserPolicy/DetachUserPolicyv2.go
This example detaches an Amazon DynamoDB full-access policy from an IAM role.
go run DetachUserPolicyv2.go -r ROLE-NAME
- ROLE-NAME is the name of the role from which the policy is detached.
The unit test accepts a similar value in config.json.
GetPolicy/GetPolicyv2.go
This example retrieves the description of the IAM policy with the specified ARN.
go run GetPolicyv2.go -p POLICY-ARN
- POLICY-ARN is the ARN of the policy.
The unit test accepts a similar value in config.json.
GetServerCert/GetServerCertv2.go
This example retrieves an IAM server certificate.
go run GetServerCertv2.go -c CERTIFICATE
- CERTIFICATE is the name of the server certificate.
The unit test accepts a similar value in config.json.
ListAccessKeys/ListAccessKeysv2.go
This example retrieves the access keys for your IAM account.
go run ListAccessKeysv2.go -u USER-NAME -m MAX-KEYS
- USER-NAME is the name of the user for which the keys are listed.
- MAX-KEYS is the maximum number of keys to display.
If this value is negative, the code example sets it to 10.
The unit test accepts similar values in config.json.
ListAccountAliases/ListAccountAliasesv2.go
This example retrieves the aliases for your IAM account.
go run ListAccountAliasesv2.go [-m MAX-ITEMS]
- MAX-ITEMS is the maximum number of aliases to show.
If this value is less than zero, the code example sets it to 10.
The unit test accepts a similar value in config.json.
ListAdmins/ListAdminsv2.go
This example lists the number IAM users and those who have administrative privileges.
go run ListAdminsv2.go [-d]
- -d to list the user and administrator names.
The unit test accepts a similar value in config.json.
ListServerCerts/ListServerCertsv2.go
This example retrieves the server certificates.
go run ListServerCertsv2.go
ListUsers/ListUsersv2.go
This example retrieves a list of your IAM users.
go run ListUsersv2.go [-m MAX-USERS]
- MAX-USERS is the maximum number of users to list.
The code example restricts this to the range of 0 to 100.
The default value is 10.
UpdateAccessKey/UpdateAccessKeyv2.go
This example sets the status of an IAM access key to active.
go run UpdateAccessKeyv2.go -k KeyID -u USER-NAME
- KEYID is the access key to activate.
- USER-NAME is the name of the user activating the key.
The unit test accepts similar values in config.json.
UpdateServerCert/UpdateServerCertv2.go
This example renames an IAM server certificate.
go run UpdateServerCert/UpdateServerCertv2.go -c CERTIFICATE-NAME -n NEW-NAME
- CERTIFICATE-NAME is the original name of the server certificate.
- NEW-NAME is the new name of the server certificate.
The unit test accepts similar values in config.json.
UpdateUser/UpdateUserv2.go
This example changes the name of the user.
go run UpdateUserv2.go -u USER-NAME -n NEW-NAME
- USER-NAME is the name of the user to change.
- NEW-NAME is the new name of the user.
The unit test accepts similar values in config.json.
Notes
- We recommend that you grant this code least privilege,
or at most the minimum permissions required to perform the task.
For more information, see
Grant Least Privilege
in the AWS Identity and Access Management User Guide.
- This code has not been tested in all AWS Regions.
Some AWS services are available only in specific
Regions.
- Running this code might result in charges to your AWS account.
Running the unit tests
Unit tests should delete any resources they create.
However, they might result in charges to your
AWS account.
To run a unit test, enter:
go test
You should see something like the following,
where PATH is the path to the folder containing the Go files:
PASS
ok PATH 6.593s
If you want to see any log messages, enter:
go test -v
You should see some additional log messages.
The last two lines should be similar to the previous output shown.
Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. SPDX-License-Identifier: Apache-2.0