Impossible Cloud Storage Help
  • Company overview
    • What is Impossible Cloud
  • Getting Started
    • Getting Started with Impossible Cloud Storage
      • Setting up
      • Next steps
      • Getting support
  • Impossible cloud storage Guide
    • Storage Console URLs and API Endpoints
    • Storage Console
      • Accessing the console
        • Signing up for Impossible Cloud Storage
        • Signing in to Impossible Cloud Storage
        • Session lifetime limits
      • Interacting with the console
        • Navigating the menu
        • Using the panel
    • Buckets and Objects
      • Creating a bucket
      • Storing objects in a bucket
      • Interacting with objects
      • Creating folders in a bucket
      • Interacting with folders and buckets
      • Public File Sharing via URLs
      • Emptying a Bucket
      • Limitations
      • Versioning and object lock
        • Enabling versioning
        • Using versioning
        • Enabling object lock
        • Using object lock
    • Access keys
    • CLI User Guide
      • AWS CLI installation instructions
      • AWS CLI configuration
      • Using Impossible Cloud with AWS CLI
      • AWS CLI basic commands
      • AWS CLI advanced commands
        • Examples
      • AWS CLI for cloud-to-cloud migration scenarios
      • AWS CLI Credentials & Config chain
      • AWS CLI: IAM
        • Limitations
        • List of supported operations
        • Operations Descriptions and Examples
    • Usage
      • Storage Calculation
      • Fair use policy
    • Profile settings
      • Multi-Factor Authentication (MFA)
        • Enabling and Disabling MFA
        • MFA Reset
        • Organization-Wide Policies
  • Security
    • Securing Your Data
    • Identity Access Management (IAM)
      • Managing Users
      • Managing Groups
      • Managing Policies
    • CORS support
      • Limitations
      • CORS Configuration
  • Troubleshooting & Common Questions
    • Common errors
      • I can only see 'buckets' and 'keys' in the menu of the console
      • I can delete objects despite object lock & retention enabled
      • Cannot remove bucket [name]. The bucket you tried to delete is not empty. You must delete all ...
      • Errors while creating a bucket
    • FAQ
      • How to collect HAR log
      • How does pricing work?
      • What are the rules for setting a password?
      • What are the rules for naming buckets?
      • How to retrieve your CanonicalID
      • How to delete thousands of objects via aws cli
      • How does Impossible Cloud handle tax collection?
  • Integrations with other applications
    • Backup Software Integrations Guides
      • Acronis Cyber Infrastructure: creating a backup storage
      • Backup Exec: configuring Cloud Storage
      • Comet Backup: creating a storage vault using storage templates
      • Duplicati: adding a Backup Destination
      • HYCU: adding a Target
      • Impossible Surveillance Cloud
        • Step 1: Create a bucket in Impossible Cloud Console
        • Step 2: Create a subuser and assign policy
        • Step 3: Indentify VMS
          • XProtect
          • MOBOTIX
          • Siviellance
          • Velocity Vision
          • Other
      • MSP360: configuring a Storage Account in the management console
      • Nakivo: creating a Backup Repository
      • Tiger Bridge: configuring Tiger Bridge Target
      • Veeam: adding a Backup Repository
      • Storware: Adding a Backup Destination
    • Cloud Storage Browsers Integrations Guides
      • Cyberduck
        • Using Cyberduck with Impossible Cloud Storage
      • S3 Browser
        • Configuring S3 Browser with Impossible Cloud Bucket
      • CloudBerry Explorer
        • Adding a new Storage Account
      • CloudBerry Drive
        • Add Storage Account in CloudBerry Drive
    • Media Management Software Integrations Guides
      • Iconik: Media Management & Collaboration tool
        • Iconik Integration: Configuring Cloud Storage
    • NAS Applications Integrations Guides
      • QNAP Hybrid Backup Sync
        • Creating a Backup Job to Impossible Cloud Storage
      • Synology Hyper Backup
        • Creating a Backup Task to Impossible Cloud Storage
  • Other support resources
    • Other support resources
    • Impossible Cloud Management Console (ICMC)
Powered by GitBook
On this page
  • Users and Groups management
  • Users management
  • Groups management
  • Users and groups advanced operations
  • Access keys management
  • Policies management
  • Policies: basic operations
  • Policies: advanced operations

Was this helpful?

  1. Impossible cloud storage Guide
  2. CLI User Guide
  3. AWS CLI: IAM

Operations Descriptions and Examples

This section provides in-depth descriptions of each operation, empowering you to harness the full potential of IAM in effectively managing access and permissions within your system.

Users and Groups management

Users management

  • create-user: Create a new user in IAM with the specified parameters.

  • create-login-profile: Create a password for an IAM user.

  • delete-user: Delete an existing user from IAM.

  • list-users: Retrieve a list of all users in IAM.

aws iam create-user --user-name "youruser@yourdomain.com" --endpoint-url https://iam.eu.impossibleapi.net/ --profile aws

aws iam create-login-profile --user-name "youruser@yourdomain.com" --password 'Y0urP@Ssw0rd!' --endpoint-url https://iam.eu.impossibleapi.net --profile aws

aws iam delete-user --user-name "youruser@yourdomain.com" --endpoint-url https://iam.eu.impossibleapi.net --profile aws

aws iam list-users --endpoint-url https://iam.eu.impossibleapi.net --profile aws

Groups management

  • create-group: Create a new group in IAM with the given attributes.

  • delete-group: Delete an existing group from IAM.

  • list-groups: Retrieve a list of all groups in IAM.

  • get-group: Retrieve detailed information about a specific group in IAM.

aws iam create-group --group-name your_group_name --endpoint-url https://iam.eu.impossibleapi.net --profile aws

aws iam delete-group --group-name your_group_name --endpoint-url https://iam.eu.impossibleapi.net --profile aws

aws iam list-groups --endpoint-url https://iam.eu.impossibleapi.net --profile aws

aws iam get-group --group-name your_group_name --endpoint-url https://iam.eu.impossibleapi.net --profile aws

Users and groups advanced operations

  • add-user-to-group: Add a user to a specific group in IAM.

  • remove-user-from-group: Remove a user from a specific group in IAM.

  • list-groups-for-user: Retrieve a list of groups associated with a particular user.

aws iam add-user-to-group --user-name "youruser@yourdomain.com" --group-name your_group_name --endpoint-url https://iam.eu.impossibleapi.net --profile aws

aws iam remove-user-from-group --user-name "youruser@yourdomain.com" --group-name your_group_name --endpoint-url https://iam.eu.impossibleapi.net --profile aws

aws iam list-groups-for-user --user-name "youruser@yourdomain.com" --endpoint-url https://iam.eu.impossibleapi.net --profile aws

Access keys management

  • create-access-key: Generate a new access key for an IAM user.

  • list-access-keys: Retrieve a list of access keys associated with an IAM user.

aws iam create-access-key --user-name "youruser@yourdomain.com" --endpoint-url https://iam.eu.impossibleapi.net --profile aws

aws iam list-access-keys --user-name "youruser@yourdomain.com" --endpoint-url https://iam.eu.impossibleapi.net --profile aws

aws iam delete-access-key --user-name "youruser@yourdomain.com" --access-key-id "your access key id" --endpoint-url https://iam.eu.impossibleapi.net --profile aws

Policies management

Policies: basic operations

  • Create a new policy in IAM with the specified permissions.

When creating a policy, you have two options for specifying the policy document. You can either include the policy directly in the command using the "--policy-document" parameter, or you can create a separate JSON file (e.g., policy.json) containing the policy and use the "--policy-document file://policy.json" format where file://policy.json is the local path to your policy.json file.

Policies versions are not supported. Please use "--version-id 1" for the get-policy-version subcommand.

  • delete-policy: Delete an existing policy from IAM.

  • get-policy-version: Retrieve full information about a specific version of a policy in IAM.

  • Retrieve a list of all policies in IAM.

aws iam create-policy --policy-name your_policy_name --policy-document '{"Version": "2012-10-17", "Statement": [{"Effect": "Allow", "Action": ["s3:GetObject", "s3:GetObjectVersion", "s3:PutObject"], "Resource": ["arn:aws:s3:::bucket_name/*"]}]}' --endpoint-url https://iam.eu.impossibleapi.net --profile aws

aws iam create-policy --policy-name your_policy_name --policy-document file://policy.json --endpoint-url https://iam.eu.impossibleapi.net --profile aws

aws iam delete-policy --policy-arn arn:ipcld:iam::YourCanonicalID:policy/your_policy_name --endpoint-url https://iam.eu.impossibleapi.net --profile aws

aws iam get-policy-version --policy-arn="arn:ipcld:iam::YourCanonicalID:policy/your_policy_name" --version-id 1 --endpoint-url https://iam.eu.impossibleapi.net --profile aws

aws iam list-policies --endpoint-url https://iam.eu.impossibleapi.net --profile aws

aws iam get-policy --policy-arn="arn:ipcld:iam::YourCanonicalID:policy/your_policy_name" --endpoint-url https://iam.eu.impossibleapi.net --profile aws

Policies: advanced operations

  • attach-group-policy: Attach a policy to a specific group in IAM.

  • detach-group-policy: Detach a policy from a specific group in IAM.

  • list-attached-group-policies: Retrieve a list of policies attached to a specific group in IAM.

aws iam attach-group-policy --group-name your_group_name --policy-arn arn:ipcld:iam::YourCanonicalID:policy/your_policy_name --endpoint-url https://iam.eu.impossibleapi.net --profile aws

aws iam detach-group-policy --group-name your_group_name --policy-arn arn:ipcld:iam::YourCanonicalID:policy/your_policy_name --endpoint-url https://iam.eu.impossibleapi.net --profile aws

aws iam list-attached-group-policies --group-name your_group_name --endpoint-url https://iam.eu.impossibleapi.net --profile aws

PreviousList of supported operationsNextUsage

Last updated 5 months ago

Was this helpful?

Please also beware of the .

limitations
How to retrieve your CanonicalID.