salt.modules.boto_iam

Connection module for Amazon IAM

New in version 2014.7.0.

configuration:

This module accepts explicit iam credentials but can also utilize IAM roles assigned to the instance through Instance Profiles. Dynamic credentials are then automatically obtained from AWS API and no further configuration is necessary. More Information available at:

http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html

If IAM roles are not used you need to specify them either in a pillar or in the minion's config file:

iam.keyid: GKTADJGHEIQSXMKKRBJ08H
iam.key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs
iam.region: us-east-1

It's also possible to specify key, keyid and region via a profile, either as a passed in dict, or as a string to pull from pillars or minion config:

myprofile:
    keyid: GKTADJGHEIQSXMKKRBJ08H
    key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs
    region: us-east-1
depends:

boto

salt.modules.boto_iam.add_user_to_group(user_name, group_name, region=None, key=None, keyid=None, profile=None)

Add user to group.

New in version 2015.8.0.

CLI Example:

salt myminion boto_iam.add_user_to_group myuser mygroup
salt.modules.boto_iam.associate_profile_to_role(profile_name, role_name, region=None, key=None, keyid=None, profile=None)

Associate an instance profile with an IAM role.

CLI Example:

salt myminion boto_iam.associate_profile_to_role myirole myiprofile
salt.modules.boto_iam.attach_group_policy(policy_name, group_name, region=None, key=None, keyid=None, profile=None)

Attach a managed policy to a group.

CLI Example:

salt myminion boto_iam.attach_group_policy mypolicy mygroup
salt.modules.boto_iam.attach_role_policy(policy_name, role_name, region=None, key=None, keyid=None, profile=None)

Attach a managed policy to a role.

CLI Example:

salt myminion boto_iam.attach_role_policy mypolicy myrole
salt.modules.boto_iam.attach_user_policy(policy_name, user_name, region=None, key=None, keyid=None, profile=None)

Attach a managed policy to a user.

CLI Example:

salt myminion boto_iam.attach_user_policy mypolicy myuser
salt.modules.boto_iam.build_policy(region=None, key=None, keyid=None, profile=None)

Build a default assume role policy.

New in version 2015.8.0.

CLI Example:

salt myminion boto_iam.build_policy
salt.modules.boto_iam.create_access_key(user_name, region=None, key=None, keyid=None, profile=None)

Create access key id for a user.

New in version 2015.8.0.

CLI Example:

salt myminion boto_iam.create_access_key myuser
salt.modules.boto_iam.create_group(group_name, path=None, region=None, key=None, keyid=None, profile=None)

Create a group.

New in version 2015.8.0.

CLI Example:

salt myminion boto_iam.create_group group
salt.modules.boto_iam.create_instance_profile(name, region=None, key=None, keyid=None, profile=None)

Create an instance profile.

CLI Example:

salt myminion boto_iam.create_instance_profile myiprofile
salt.modules.boto_iam.create_login_profile(user_name, password, region=None, key=None, keyid=None, profile=None)

Creates a login profile for the specified user, give the user the ability to access AWS services and the AWS Management Console.

New in version 2015.8.0.

CLI Example:

salt myminion boto_iam.create_login_profile user_name password
salt.modules.boto_iam.create_policy(policy_name, policy_document, path=None, description=None, region=None, key=None, keyid=None, profile=None)

Create a policy.

CLI Example:

salt myminios boto_iam.create_policy mypolicy '{"Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Action": ["s3:Get*", "s3:List*"], "Resource": ["arn:aws:s3:::my-bucket/shared/*"]},]}'
salt.modules.boto_iam.create_policy_version(policy_name, policy_document, set_as_default=None, region=None, key=None, keyid=None, profile=None)

Create a policy version.

CLI Example:

salt myminios boto_iam.create_policy_version mypolicy '{"Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Action": ["s3:Get*", "s3:List*"], "Resource": ["arn:aws:s3:::my-bucket/shared/*"]},]}'
salt.modules.boto_iam.create_role(name, policy_document=None, path=None, region=None, key=None, keyid=None, profile=None)

Create an instance role.

CLI Example:

salt myminion boto_iam.create_role myrole
salt.modules.boto_iam.create_role_policy(role_name, policy_name, policy, region=None, key=None, keyid=None, profile=None)

Create or modify a role policy.

CLI Example:

salt myminion boto_iam.create_role_policy myirole mypolicy '{"MyPolicy": "Statement": [{"Action": ["sqs:*"], "Effect": "Allow", "Resource": ["arn:aws:sqs:*:*:*"], "Sid": "MyPolicySqs1"}]}'
salt.modules.boto_iam.create_saml_provider(name, saml_metadata_document, region=None, key=None, keyid=None, profile=None)

Create SAML provider

CLI Example:

salt myminion boto_iam.create_saml_provider my_saml_provider_name saml_metadata_document
salt.modules.boto_iam.create_user(user_name, path=None, region=None, key=None, keyid=None, profile=None)

Create a user.

New in version 2015.8.0.

CLI Example:

salt myminion boto_iam.create_user myuser
salt.modules.boto_iam.deactivate_mfa_device(user_name, serial, region=None, key=None, keyid=None, profile=None)

Deactivates the specified MFA device and removes it from association with the user.

New in version 2016.3.0.

CLI Example:

salt myminion boto_iam.deactivate_mfa_device user_name serial_num
salt.modules.boto_iam.delete_access_key(access_key_id, user_name=None, region=None, key=None, keyid=None, profile=None)

Delete access key id from a user.

New in version 2015.8.0.

CLI Example:

salt myminion boto_iam.delete_access_key myuser
salt.modules.boto_iam.delete_group(group_name, region=None, key=None, keyid=None, profile=None)

Delete a group policy.

CLI Example:

salt myminion boto_iam.delete_group mygroup
salt.modules.boto_iam.delete_group_policy(group_name, policy_name, region=None, key=None, keyid=None, profile=None)

Delete a group policy.

CLI Example:

salt myminion boto_iam.delete_group_policy mygroup mypolicy
salt.modules.boto_iam.delete_instance_profile(name, region=None, key=None, keyid=None, profile=None)

Delete an instance profile.

CLI Example:

salt myminion boto_iam.delete_instance_profile myiprofile
salt.modules.boto_iam.delete_login_profile(user_name, region=None, key=None, keyid=None, profile=None)

Deletes a login profile for the specified user.

New in version 2016.3.0.

CLI Example:

salt myminion boto_iam.delete_login_profile user_name
salt.modules.boto_iam.delete_policy(policy_name, region=None, key=None, keyid=None, profile=None)

Delete a policy.

CLI Example:

salt myminion boto_iam.delete_policy mypolicy
salt.modules.boto_iam.delete_policy_version(policy_name, version_id, region=None, key=None, keyid=None, profile=None)

Delete a policy version.

CLI Example:

salt myminion boto_iam.delete_policy_version mypolicy v1
salt.modules.boto_iam.delete_role(name, region=None, key=None, keyid=None, profile=None)

Delete an IAM role.

CLI Example:

salt myminion boto_iam.delete_role myirole
salt.modules.boto_iam.delete_role_policy(role_name, policy_name, region=None, key=None, keyid=None, profile=None)

Delete a role policy.

CLI Example:

salt myminion boto_iam.delete_role_policy myirole mypolicy
salt.modules.boto_iam.delete_saml_provider(name, region=None, key=None, keyid=None, profile=None)

Delete SAML provider

CLI Example:

salt myminion boto_iam.delete_saml_provider my_saml_provider_name
salt.modules.boto_iam.delete_server_cert(cert_name, region=None, key=None, keyid=None, profile=None)

Deletes a certificate from Amazon.

New in version 2015.8.0.

CLI Example:

salt myminion boto_iam.delete_server_cert mycert_name
salt.modules.boto_iam.delete_user(user_name, region=None, key=None, keyid=None, profile=None)

Delete a user.

New in version 2015.8.0.

CLI Example:

salt myminion boto_iam.delete_user myuser
salt.modules.boto_iam.delete_user_policy(user_name, policy_name, region=None, key=None, keyid=None, profile=None)

Delete a user policy.

CLI Example:

salt myminion boto_iam.delete_user_policy myuser mypolicy
salt.modules.boto_iam.delete_virtual_mfa_device(serial, region=None, key=None, keyid=None, profile=None)

Deletes the specified virtual MFA device.

CLI Example:

salt myminion boto_iam.delete_virtual_mfa_device serial_num
salt.modules.boto_iam.describe_role(name, region=None, key=None, keyid=None, profile=None)

Get information for a role.

CLI Example:

salt myminion boto_iam.describe_role myirole
salt.modules.boto_iam.detach_group_policy(policy_name, group_name, region=None, key=None, keyid=None, profile=None)

Detach a managed policy to a group.

CLI Example:

salt myminion boto_iam.detach_group_policy mypolicy mygroup
salt.modules.boto_iam.detach_role_policy(policy_name, role_name, region=None, key=None, keyid=None, profile=None)

Detach a managed policy to a role.

CLI Example:

salt myminion boto_iam.detach_role_policy mypolicy myrole
salt.modules.boto_iam.detach_user_policy(policy_name, user_name, region=None, key=None, keyid=None, profile=None)

Detach a managed policy to a user.

CLI Example:

salt myminion boto_iam.detach_user_policy mypolicy myuser
salt.modules.boto_iam.disassociate_profile_from_role(profile_name, role_name, region=None, key=None, keyid=None, profile=None)

Disassociate an instance profile from an IAM role.

CLI Example:

salt myminion boto_iam.disassociate_profile_from_role myirole myiprofile
salt.modules.boto_iam.export_roles(path_prefix='/', region=None, key=None, keyid=None, profile=None)

Get all IAM role details. Produces results that can be used to create an sls file.

CLI Example:

salt-call boto_iam.export_roles --out=txt | sed "s/local: //" > iam_roles.sls
salt.modules.boto_iam.export_users(path_prefix='/', region=None, key=None, keyid=None, profile=None)

Get all IAM user details. Produces results that can be used to create an sls file.

New in version 2016.3.0.

CLI Example:

salt-call boto_iam.export_users --out=txt | sed "s/local: //" > iam_users.sls
salt.modules.boto_iam.get_account_id(region=None, key=None, keyid=None, profile=None)

Get a the AWS account id associated with the used credentials.

CLI Example:

salt myminion boto_iam.get_account_id
salt.modules.boto_iam.get_account_policy(region=None, key=None, keyid=None, profile=None)

Get account policy for the AWS account.

New in version 2015.8.0.

CLI Example:

salt myminion boto_iam.get_account_policy
salt.modules.boto_iam.get_all_access_keys(user_name, marker=None, max_items=None, region=None, key=None, keyid=None, profile=None)

Get all access keys from a user.

New in version 2015.8.0.

CLI Example:

salt myminion boto_iam.get_all_access_keys myuser
salt.modules.boto_iam.get_all_group_policies(group_name, region=None, key=None, keyid=None, profile=None)

Get a list of policy names from a group.

CLI Example:

salt myminion boto_iam.get_all_group_policies mygroup
salt.modules.boto_iam.get_all_groups(path_prefix='/', region=None, key=None, keyid=None, profile=None)

Get and return all IAM group details, starting at the optional path.

New in version 2016.3.0.

CLI Example:

salt-call boto_iam.get_all_groups
salt.modules.boto_iam.get_all_instance_profiles(path_prefix='/', region=None, key=None, keyid=None, profile=None)

Get and return all IAM instance profiles, starting at the optional path.

New in version 2016.11.0.

CLI Example:

salt-call boto_iam.get_all_instance_profiles
salt.modules.boto_iam.get_all_mfa_devices(user_name, region=None, key=None, keyid=None, profile=None)

Get all MFA devices associated with an IAM user.

New in version 2016.3.0.

CLI Example:

salt myminion boto_iam.get_all_mfa_devices user_name
salt.modules.boto_iam.get_all_roles(path_prefix=None, region=None, key=None, keyid=None, profile=None)

Get and return all IAM role details, starting at the optional path.

New in version 2016.3.0.

CLI Example:

salt-call boto_iam.get_all_roles
salt.modules.boto_iam.get_all_user_policies(user_name, marker=None, max_items=None, region=None, key=None, keyid=None, profile=None)

Get all user policies.

New in version 2015.8.0.

CLI Example:

salt myminion boto_iam.get_all_user_policies myuser
salt.modules.boto_iam.get_all_users(path_prefix='/', region=None, key=None, keyid=None, profile=None)

Get and return all IAM user details, starting at the optional path.

New in version 2016.3.0.

CLI Example:

salt-call boto_iam.get_all_users
salt.modules.boto_iam.get_group(group_name, region=None, key=None, keyid=None, profile=None)

Get group information.

New in version 2015.8.0.

CLI Example:

salt myminion boto_iam.get_group mygroup
salt.modules.boto_iam.get_group_members(group_name, region=None, key=None, keyid=None, profile=None)

Get group information.

New in version 2016.3.0.

CLI Example:

salt myminion boto_iam.get_group mygroup
salt.modules.boto_iam.get_group_policy(group_name, policy_name, region=None, key=None, keyid=None, profile=None)

Retrieves the specified policy document for the specified group.

New in version 2015.8.0.

CLI Example:

salt myminion boto_iam.get_group_policy mygroup policyname
salt.modules.boto_iam.get_policy(policy_name, region=None, key=None, keyid=None, profile=None)

Check to see if policy exists.

CLI Example:

salt myminion boto_iam.instance_profile_exists myiprofile
salt.modules.boto_iam.get_policy_version(policy_name, version_id, region=None, key=None, keyid=None, profile=None)

Check to see if policy exists.

CLI Example:

salt myminion boto_iam.instance_profile_exists myiprofile
salt.modules.boto_iam.get_role_policy(role_name, policy_name, region=None, key=None, keyid=None, profile=None)

Get a role policy.

CLI Example:

salt myminion boto_iam.get_role_policy myirole mypolicy
salt.modules.boto_iam.get_saml_provider(name, region=None, key=None, keyid=None, profile=None)

Get SAML provider document.

CLI Example:

salt myminion boto_iam.get_saml_provider arn
salt.modules.boto_iam.get_saml_provider_arn(name, region=None, key=None, keyid=None, profile=None)

Get SAML provider

CLI Example:

salt myminion boto_iam.get_saml_provider_arn my_saml_provider_name
salt.modules.boto_iam.get_server_certificate(cert_name, region=None, key=None, keyid=None, profile=None)

Returns certificate information from Amazon

New in version 2015.8.0.

CLI Example:

salt myminion boto_iam.get_server_certificate mycert_name
salt.modules.boto_iam.get_user(user_name=None, region=None, key=None, keyid=None, profile=None)

Get user information.

New in version 2015.8.0.

CLI Example:

salt myminion boto_iam.get_user myuser
salt.modules.boto_iam.get_user_policy(user_name, policy_name, region=None, key=None, keyid=None, profile=None)

Retrieves the specified policy document for the specified user.

New in version 2015.8.0.

CLI Example:

salt myminion boto_iam.get_user_policy myuser mypolicyname
salt.modules.boto_iam.instance_profile_exists(name, region=None, key=None, keyid=None, profile=None)

Check to see if an instance profile exists.

CLI Example:

salt myminion boto_iam.instance_profile_exists myiprofile
salt.modules.boto_iam.list_attached_group_policies(group_name, path_prefix=None, entity_filter=None, region=None, key=None, keyid=None, profile=None)

List entities attached to the given group.

CLI Example:

salt myminion boto_iam.list_entities_for_policy mypolicy
salt.modules.boto_iam.list_attached_role_policies(role_name, path_prefix=None, entity_filter=None, region=None, key=None, keyid=None, profile=None)

List entities attached to the given role.

CLI Example:

salt myminion boto_iam.list_entities_for_policy mypolicy
salt.modules.boto_iam.list_attached_user_policies(user_name, path_prefix=None, entity_filter=None, region=None, key=None, keyid=None, profile=None)

List entities attached to the given user.

CLI Example:

salt myminion boto_iam.list_entities_for_policy mypolicy
salt.modules.boto_iam.list_entities_for_policy(policy_name, path_prefix=None, entity_filter=None, region=None, key=None, keyid=None, profile=None)

List entities that a policy is attached to.

CLI Example:

salt myminion boto_iam.list_entities_for_policy mypolicy
salt.modules.boto_iam.list_instance_profiles(path_prefix='/', region=None, key=None, keyid=None, profile=None)

List all IAM instance profiles, starting at the optional path.

New in version 2016.11.0.

CLI Example:

salt-call boto_iam.list_instance_profiles
salt.modules.boto_iam.list_policies(region=None, key=None, keyid=None, profile=None)

List policies.

CLI Example:

salt myminion boto_iam.list_policies
salt.modules.boto_iam.list_policy_versions(policy_name, region=None, key=None, keyid=None, profile=None)

List versions of a policy.

CLI Example:

salt myminion boto_iam.list_policy_versions mypolicy
salt.modules.boto_iam.list_role_policies(role_name, region=None, key=None, keyid=None, profile=None)

Get a list of policy names from a role.

CLI Example:

salt myminion boto_iam.list_role_policies myirole
salt.modules.boto_iam.list_saml_providers(region=None, key=None, keyid=None, profile=None)

List SAML providers.

CLI Example:

salt myminion boto_iam.list_saml_providers
salt.modules.boto_iam.policy_exists(policy_name, region=None, key=None, keyid=None, profile=None)

Check to see if policy exists.

CLI Example:

salt myminion boto_iam.instance_profile_exists myiprofile
salt.modules.boto_iam.policy_version_exists(policy_name, version_id, region=None, key=None, keyid=None, profile=None)

Check to see if policy exists.

CLI Example:

salt myminion boto_iam.instance_profile_exists myiprofile
salt.modules.boto_iam.profile_associated(role_name, profile_name, region, key, keyid, profile)

Check to see if an instance profile is associated with an IAM role.

CLI Example:

salt myminion boto_iam.profile_associated myirole myiprofile
salt.modules.boto_iam.put_group_policy(group_name, policy_name, policy_json, region=None, key=None, keyid=None, profile=None)

Adds or updates the specified policy document for the specified group.

New in version 2015.8.0.

CLI Example:

salt myminion boto_iam.put_group_policy mygroup policyname policyrules
salt.modules.boto_iam.put_user_policy(user_name, policy_name, policy_json, region=None, key=None, keyid=None, profile=None)

Adds or updates the specified policy document for the specified user.

New in version 2015.8.0.

CLI Example:

salt myminion boto_iam.put_user_policy myuser policyname policyrules
salt.modules.boto_iam.remove_user_from_group(group_name, user_name, region=None, key=None, keyid=None, profile=None)

Remove user from group.

New in version 2015.8.0.

CLI Example:

salt myminion boto_iam.remove_user_from_group mygroup myuser
salt.modules.boto_iam.role_exists(name, region=None, key=None, keyid=None, profile=None)

Check to see if an IAM role exists.

CLI Example:

salt myminion boto_iam.role_exists myirole
salt.modules.boto_iam.set_default_policy_version(policy_name, version_id, region=None, key=None, keyid=None, profile=None)

Set the default version of a policy.

CLI Example:

salt myminion boto_iam.set_default_policy_version mypolicy v1
salt.modules.boto_iam.update_account_password_policy(allow_users_to_change_password=None, hard_expiry=None, max_password_age=None, minimum_password_length=None, password_reuse_prevention=None, require_lowercase_characters=None, require_numbers=None, require_symbols=None, require_uppercase_characters=None, region=None, key=None, keyid=None, profile=None)

Update the password policy for the AWS account.

New in version 2015.8.0.

CLI Example:

salt myminion boto_iam.update_account_password_policy True
salt.modules.boto_iam.update_assume_role_policy(role_name, policy_document, region=None, key=None, keyid=None, profile=None)

Update an assume role policy for a role.

New in version 2015.8.0.

CLI Example:

salt myminion boto_iam.update_assume_role_policy myrole '{"Statement":"..."}'
salt.modules.boto_iam.update_saml_provider(name, saml_metadata_document, region=None, key=None, keyid=None, profile=None)

Update SAML provider.

CLI Example:

salt myminion boto_iam.update_saml_provider my_saml_provider_name saml_metadata_document
salt.modules.boto_iam.upload_server_cert(cert_name, cert_body, private_key, cert_chain=None, path=None, region=None, key=None, keyid=None, profile=None)

Upload a certificate to Amazon.

New in version 2015.8.0.

CLI Example:

salt myminion boto_iam.upload_server_cert mycert_name crt priv_key
Parameters:

  • cert_name -- The name for the server certificate. Do not include the path in this value.

  • cert_body -- The contents of the public key certificate in PEM-encoded format.

  • private_key -- The contents of the private key in PEM-encoded format.

  • cert_chain -- The contents of the certificate chain. This is typically a concatenation of the PEM-encoded public key certificates of the chain.

  • path -- The path for the server certificate.

  • region -- The name of the region to connect to.

  • key -- The key to be used in order to connect

  • keyid -- The keyid to be used in order to connect

  • profile -- The profile that contains a dict of region, key, keyid

Returns:

True / False

salt.modules.boto_iam.user_exists_in_group(user_name, group_name, region=None, key=None, keyid=None, profile=None)

Check if user exists in group.

New in version 2015.8.0.

CLI Example:

salt myminion boto_iam.user_exists_in_group myuser mygroup

Generated on October 23, 2024 at 09:02:05 UTC.

You are viewing docs for the previous stable release, 3006.9. Switch to docs for the latest stable release, 3007.1, or to a recent doc build from the master branch.


saltproject.io

© 2024 VMware, Inc. | Privacy Policy