Operations Descriptions and Examples

This section provides in-depth descriptions of each operation, empowering you to harness the full potential of IAM in effectively managing access and permissions within your system.

Users and Groups management

Users management

  • create-user: Create a new user in IAM with the specified parameters.

  • create-login-profile: Create a password for an IAM user.

  • delete-user: Delete an existing user from IAM.

  • list-users: Retrieve a list of all users in IAM.

aws iam create-user --user-name "youruser@yourdomain.com" --endpoint-url h ttps://iam.impossibleapi.net --region us-west-1 --profile=aws

Groups management

  • create-group: Create a new group in IAM with the given attributes.

  • delete-group: Delete an existing group from IAM.

  • list-groups: Retrieve a list of all groups in IAM.

  • get-group: Retrieve detailed information about a specific group in IAM.

aws iam create-group --group-name your_group_name --endpoint-url https://iam.impossibleapi.net --region us-west-1 --profile=aws

Users and groups advanced operations

  • add-user-to-group: Add a user to a specific group in IAM.

  • remove-user-from-group: Remove a user from a specific group in IAM.

  • list-groups-for-user: Retrieve a list of groups associated with a particular user.

aws iam add-user-to-group --user-name "youruser@yourdomain.com" --group-name your_group_name --endpoint-url https://iam.impossibleapi.net --region us-west-1 --profile=aws

Access keys management

  • create-access-key: Generate a new access key for an IAM user.

  • list-access-keys: Retrieve a list of access keys associated with an IAM user.

aws iam create-access-key --user-name "youruser@yourdomain.com" --endpoint-url https://iam.impossibleapi.net --region us-west-1 --profile=aws

Policies management

Policies: basic operations

  • Create a new policy in IAM with the specified permissions.

When creating a policy, you have two options for specifying the policy document. You can either include the policy directly in the command using the "--policy-document" parameter, or you can create a separate JSON file (e.g., policy.json) containing the policy and use the "--policy-document file://policy.json" format where file://policy.json is the local path to your policy.json file.

Policies versions are not supported. Please use "--version-id 1" for the get-policy-version subcommand.

Please also beware of the limitations.

  • delete-policy: Delete an existing policy from IAM.

  • get-policy-version: Retrieve full information about a specific version of a policy in IAM.

  • Retrieve a list of all policies in IAM.

aws iam create-policy --policy-name your_policy_name --policy-document '{"Version": "2012-10-17", "Statement": [{"Effect": "Allow", "Action": ["s3:GetObject", "s3:GetObjectVersion", "s3:PutObject"], "Resource": ["arn:aws:s3:::bucket_name/*"]}]}' --endpoint-url https://iam.impossibleapi.net --region us-west-1 --profile=aws

How to retrieve your CanonicalID.

Policies: advanced operations

  • attach-group-policy: Attach a policy to a specific group in IAM.

  • detach-group-policy: Detach a policy from a specific group in IAM.

  • list-attached-group-policies: Retrieve a list of policies attached to a specific group in IAM.

aws iam attach-group-policy --group-name your_group_name --policy-arn arn:ipcld:iam::YourCanonicalID:policy/your_policy_name --endpoint-url https://iam.impossibleapi.net --region us-west-1 --profile=aws

Last updated