AWS IAM Actions
Add an AWS IAM User to an AWS IAM Group.
Property | Value | Description |
|---|---|---|
iamConnection* | expression, variable | the AWS IAM connection |
groupName* | text, expression, variable | the groupname |
userName* | text, expression, variable | the username |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
Example
# add John Doe to the PowerUsers group memberAdded = addAWSIAMGroupMember(conn, "PowerUsers, "JDoe")
Create an Access Key for an AWS IAM User.
Property | Value | Description |
|---|---|---|
iamConnection* | expression, variable | the AWS IAM connection |
userName* | expression, variable | the username |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
Example
# create a new access key for John Doe
accessKey = createAWSIAMAccessKey(conn, , "JDoe")
# and EMail it to him because this is the only time we have
access to the secret key
sendEmail(Global.emailHost, Global.emailUser,, Global.emailUser,
"JDoe@example.com, "AWS Access", "John Doe,
Here are your new AWS API access keys:
aws_access_key_id = " + accessKey.accessKeyId + "
aws_secret_access_key = " +accessKey.secretAccessKey)Delete Access Key from AWS IAM User.
Property | Value | Description |
|---|---|---|
iamConnection* | expression, variable | the AWS IAM connection |
userName* | text, expression, variable | the username |
accessKeyId* | text, expression, variable | the access key id |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
Example
# find and delete all of John Doe's access keys
accessKeys = getAWSIAMAccessKeys(conn, "JDoe")
forEach(accesskey, accessKeys) {
deleteAWSIAMAccessKey(conn, "JDoe", accessKey.accessKeyId)
}Delete an AWS IAM Group.
Property | Value | Description |
|---|---|---|
iamConnection* | expression, variable | the AWS IAM connection |
groupName* | text, expression, variable | the groupname |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
Example
# delete power users group deleteAWSIAMGroup(conn, "PowerUsers")
Delete an AWS IAM User.
Property | Value | Description |
|---|---|---|
iamConnection* | expression, variable | the AWS IAM connection |
userName* | text, expression, variable | the username |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
Example
# delete John Doe deleteAWSIAMUser(conn, "JDoe")
Delete an AWS IAM User password.
Property | Value | Description |
|---|---|---|
iamConnection* | expression, variable | the AWS IAM connection |
userName* | text, expression, variable | the username |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
Example
# delete John Doe's password deleteAWSIAMUserPassword(conn, "JDoe")
Get the Access Key metadata for an AWS IAM User.
Property | Value | Description |
|---|---|---|
iamConnection* | expression, variable | the AWS IAM connection |
userName* | expression, variable | the username |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
Example
# find and delete all of John Doe's access keys
accessKeys = getAWSIAMAccessKeys(conn, "JDoe")
forEach(accesskey, accessKeys) {
deleteAWSIAMAccessKey(conn, "JDoe", accessKey.accessKeyId)
}Get an AWS IAM Group.
Property | Value | Description |
|---|---|---|
iamConnection* | expression, variable | the AWS IAM connection |
groupName | text, expression, variable | the groupname |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
Example
# get the power users group powerUsersGroup = getAWSIAMGroup(conn, "PowerUsers")
Get usernames that are members of an AWS IAM Group.
Property | Value | Description |
|---|---|---|
iamConnection* | expression, variable | the AWS IAM connection |
groupName* | text, expression, variable | the groupname |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
Example
# get the power users group members and log them
powerUsers = getAWSIAMGroup(conn, "PowerUsers")
forEach(powerUser, powerUsers) {
log(powerUser)
}Get AWS IAM Groups.
Property | Value | Description |
|---|---|---|
iamConnection* | expression, variable | the AWS IAM connection |
pathPrefix | text, expression, variable | the path prefix for filter results (default: all paths) |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
Example
# get the existing groups and log the names
groups = getAWSIAMGroups(conn)
forEach(group, groups) {
log(group["groupName"])
}Get an AWS IAM User.
Property | Value | Description |
|---|---|---|
iamConnection* | expression, variable | the AWS IAM connection |
userName | text, expression, variable | the username |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
Example
# get the John Doe user jdoe = getAWSIAMUser(conn, "JDoe")
Get names of the groups to which an AWS IAM User belongs.
Property | Value | Description |
|---|---|---|
iamConnection* | expression, variable | the AWS IAM connection |
userName* | text, expression, variable | the username |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
Example
# get and log the groups that John Doe belongs to
groups = getAWSIAMUserGroups(conn, "JDoe")
forEach(group, groups) {
log(group)
}Get AWS IAM Users.
Property | Value | Description |
|---|---|---|
iamConnection* | expression, variable | the AWS IAM connection |
pathPrefix | text, expression, variable | the path prefix for filter results (default: all paths) |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
Example
# get and log all the user names
users = getAWSIAMUsers(conn)
forEach(user, users) {
log(user["userName"])
}Checks if an AWS IAM User has a password.
Property | Value | Description |
|---|---|---|
iamConnection* | expression, variable | the AWS IAM connection |
userName* | text, expression, variable | the username |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
Example
# check if John Doe has a password and set the default one if not
hasPassword = hasAWSIAMUserPassword(conn, "JDoe")
if(!hasPassword) {
setAWSIAMUserPassword(conn, "JDoe",<Password>)
} else {
}Open a connection to AWS Identity Access Management.
Property | Value | Description |
|---|---|---|
accessKey | text, expression, variable | the AWS access key (default: use appliance credentials) |
secretKey | password, string, expression, variable | the AWS secret key (default: use appliance credentials) |
stsRoleArn | text, expression, password, variable | The AWS ARN. Depending upon the environment, it may be necessary to create Temporary Security Credentials or use IAM Roles. |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
Example
# open the connection conn = openAWSIAMConnection(Global.awsAccessKey,) # do some stuff # close the connection close(conn)
Open an AWS IAM Group iterator.
Property | Value | Description |
|---|---|---|
iamConnection* | expression, variable | the AWS IAM connection |
pathPrefix | text, expression, variable | the path prefix for filter results (default: all paths) |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
Example
# iterate the existing groups and log the names
groupIterator = openAWSIAMGroupIterator(conn)
forEach(group, groupIterator) {
log(group["groupName"])
}Open an AWS IAM User iterator.
Property | Value | Description |
|---|---|---|
iamConnection* | expression, variable | the AWS IAM connection |
pathPrefix | text, expression, variable | the path prefix for filter results (default: all paths) |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
Example
# iterate the existing groups and log the names
userIterator = openAWSIAMUserIterator(conn)
forEach(user, userIterator) {
log(user["userName"])
}Remove an AWS IAM User from an AWS IAM Group.
Property | Value | Description |
|---|---|---|
iamConnection* | expression, variable | the AWS IAM connection |
groupName* | text, expression, variable | the groupname |
userName* | text, expression, variable | the username |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
Example
# remove John Doe from the PowerUsers group memberRemoved = removeAWSIAMGroupMember(conn, "PowerUsers, "JDoe")
Create or update an AWS IAM Group.
Property | Value | Description |
|---|---|---|
iamConnection* | expression, variable | the AWS IAM connection |
record* | expression, variable | the AWS IAM Group Record to save |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
Example
# create power users group groupTemplate = createRecord(false) setRecordFieldValue(groupTemplate, "groupName", "PowerUsers") setRecordFieldValue(groupTemplate, "path", "/") group = saveAWSIAMGroup(conn, groupTemplate) # rename group and change path renameGroupRecord = createRecord(false) setRecordFieldValue(renameGroupRecord, "groupName", "PowerUsers") setRecordFieldValue(renameGroupRecord, "newGroupName", "MyPowerUsers") setRecordFieldValue(renameGroupRecord, "Path", "/mygroups/") renamedGroupRecord = saveAWSIAMGroup(conn, renameGroupRecord)
Create or update an AWS IAM User.
Property | Value | Description |
|---|---|---|
iamConnection* | expression, variable | the AWS IAM connection |
record* | expression, variable | the AWS IAM User Record to save |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
Example
# create John Doe user userTemplate = createRecord(false) setRecordFieldValue(userTemplate, "userName", "JDoe") setRecordFieldValue(userTemplate, "path", "/") jdoe = saveAWSIAMUser(conn, userTemplate) # rename user and change path renameUserRecord = createRecord(false) setRecordFieldValue(renameUserRecord, "userName", "JDoe") setRecordFieldValue(renameUserRecord, "newUserName", "JohnDoe") setRecordFieldValue(renameUserRecord, "Path", "/myusers/") renamedUserRecord = saveAWSIAMUser(conn, renameUserRecord)
Set the activation status of an Access Key for AWS IAM User.
Property | Value | Description |
|---|---|---|
iamConnection* | expression, variable | the AWS IAM connection |
userName* | text, expression, variable | the username |
accessKeyId* | text, expression, variable | the access key id |
status* | choice (Active, Inactive), text, expression, variable | the desired status |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
Example
# find and deactivate all of John Doe's access keys
accessKeys = getAWSIAMAccessKeys(conn, "JDoe")
forEach(accesskey, accessKeys) {
setAWSIAMAccessKeyStatus(conn, "JDoe", accessKey.accessKeyId,
"Inactive")
}Set an AWS IAM User password.
Property | Value | Description |
|---|---|---|
iamConnection* | expression, variable | the AWS IAM connection |
userName* | text, expression, variable | the username |
password* | password, string, expression, variable | the new password |
resetRequired | boolean, expression, variable | whether or not the user is required to reset password on next login (default: false) |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
Example
# check if John Doe has a password and set the default one if not
hasPassword = hasAWSIAMUserPassword(conn, "JDoe")
if(!hasPassword) {
setAWSIAMUserPassword(conn, "JDoe",<Password>)
} else {
}