salt.modules.boto_iam#

Connection module for Amazon IAM

New in version 2014.7.0.

configuration:

This module accepts explicit iam credentials but can also utilize IAM roles assigned to the instance through Instance Profiles. Dynamic credentials are then automatically obtained from AWS API and no further configuration is necessary. More Information available at:

http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html

If IAM roles are not used you need to specify them either in a pillar or in the minion's config file:

iam.keyid: GKTADJGHEIQSXMKKRBJ08H
iam.key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs
iam.region: us-east-1

It's also possible to specify key, keyid and region via a profile, either as a passed in dict, or as a string to pull from pillars or minion config:

myprofile:
    keyid: GKTADJGHEIQSXMKKRBJ08H
    key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs
    region: us-east-1

depends:

boto

salt.modules.boto_iam.add_user_to_group(user_name, group_name, region=None, key=None, keyid=None, profile=None)#

Add user to group.

New in version 2015.8.0.

CLI Example:

salt myminion boto_iam.add_user_to_group myuser mygroup

salt.modules.boto_iam.associate_profile_to_role(profile_name, role_name, region=None, key=None, keyid=None, profile=None)#

Associate an instance profile with an IAM role.

CLI Example:

salt myminion boto_iam.associate_profile_to_role myirole myiprofile

salt.modules.boto_iam.attach_group_policy(policy_name, group_name, region=None, key=None, keyid=None, profile=None)#

Attach a managed policy to a group.

CLI Example:

salt myminion boto_iam.attach_group_policy mypolicy mygroup

salt.modules.boto_iam.attach_role_policy(policy_name, role_name, region=None, key=None, keyid=None, profile=None)#

Attach a managed policy to a role.

CLI Example:

salt myminion boto_iam.attach_role_policy mypolicy myrole

salt.modules.boto_iam.attach_user_policy(policy_name, user_name, region=None, key=None, keyid=None, profile=None)#

Attach a managed policy to a user.

CLI Example:

salt myminion boto_iam.attach_user_policy mypolicy myuser

salt.modules.boto_iam.build_policy(region=None, key=None, keyid=None, profile=None)#

Build a default assume role policy.

New in version 2015.8.0.

CLI Example:

salt myminion boto_iam.build_policy

salt.modules.boto_iam.create_access_key(user_name, region=None, key=None, keyid=None, profile=None)#

Create access key id for a user.

New in version 2015.8.0.

CLI Example:

salt myminion boto_iam.create_access_key myuser

salt.modules.boto_iam.create_group(group_name, path=None, region=None, key=None, keyid=None, profile=None)#

Create a group.

New in version 2015.8.0.

CLI Example:

salt myminion boto_iam.create_group group

salt.modules.boto_iam.create_instance_profile(name, region=None, key=None, keyid=None, profile=None)#

Create an instance profile.

CLI Example:

salt myminion boto_iam.create_instance_profile myiprofile

salt.modules.boto_iam.create_login_profile(user_name, password, region=None, key=None, keyid=None, profile=None)#

Creates a login profile for the specified user, give the user the ability to access AWS services and the AWS Management Console.

New in version 2015.8.0.

CLI Example:

salt myminion boto_iam.create_login_profile user_name password

salt.modules.boto_iam.create_policy(policy_name, policy_document, path=None, description=None, region=None, key=None, keyid=None, profile=None)#

Create a policy.

CLI Example:

salt myminios boto_iam.create_policy mypolicy '{"Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Action": ["s3:Get*", "s3:List*"], "Resource": ["arn:aws:s3:::my-bucket/shared/*"]},]}'

salt.modules.boto_iam.create_policy_version(policy_name, policy_document, set_as_default=None, region=None, key=None, keyid=None, profile=None)#

Create a policy version.

CLI Example:

salt myminios boto_iam.create_policy_version mypolicy '{"Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Action": ["s3:Get*", "s3:List*"], "Resource": ["arn:aws:s3:::my-bucket/shared/*"]},]}'

salt.modules.boto_iam.create_role(name, policy_document=None, path=None, region=None, key=None, keyid=None, profile=None)#

Create an instance role.

CLI Example:

salt myminion boto_iam.create_role myrole

salt.modules.boto_iam.create_role_policy(role_name, policy_name, policy, region=None, key=None, keyid=None, profile=None)#

Create or modify a role policy.

CLI Example:

salt myminion boto_iam.create_role_policy myirole mypolicy '{"MyPolicy": "Statement": [{"Action": ["sqs:*"], "Effect": "Allow", "Resource": ["arn:aws:sqs:*:*:*"], "Sid": "MyPolicySqs1"}]}'

salt.modules.boto_iam.create_saml_provider(name, saml_metadata_document, region=None, key=None, keyid=None, profile=None)#

Create SAML provider

CLI Example:

salt myminion boto_iam.create_saml_provider my_saml_provider_name saml_metadata_document

salt.modules.boto_iam.create_user(user_name, path=None, region=None, key=None, keyid=None, profile=None)#

Create a user.

New in version 2015.8.0.

CLI Example:

salt myminion boto_iam.create_user myuser

salt.modules.boto_iam.deactivate_mfa_device(user_name, serial, region=None, key=None, keyid=None, profile=None)#

Deactivates the specified MFA device and removes it from association with the user.

New in version 2016.3.0.

CLI Example:

salt myminion boto_iam.deactivate_mfa_device user_name serial_num

salt.modules.boto_iam.delete_access_key(access_key_id, user_name=None, region=None, key=None, keyid=None, profile=None)#

Delete access key id from a user.

New in version 2015.8.0.

CLI Example:

salt myminion boto_iam.delete_access_key myuser

salt.modules.boto_iam.delete_group(group_name, region=None, key=None, keyid=None, profile=None)#

Delete a group policy.

CLI Example:

salt myminion boto_iam.delete_group mygroup

salt.modules.boto_iam.delete_group_policy(group_name, policy_name, region=None, key=None, keyid=None, profile=None)#

Delete a group policy.

CLI Example:

salt myminion boto_iam.delete_group_policy mygroup mypolicy

salt.modules.boto_iam.delete_instance_profile(name, region=None, key=None, keyid=None, profile=None)#

Delete an instance profile.

CLI Example:

salt myminion boto_iam.delete_instance_profile myiprofile

salt.modules.boto_iam.delete_login_profile(user_name, region=None, key=None, keyid=None, profile=None)#

Deletes a login profile for the specified user.

New in version 2016.3.0.

CLI Example:

salt myminion boto_iam.delete_login_profile user_name

salt.modules.boto_iam.delete_policy(policy_name, region=None, key=None, keyid=None, profile=None)#

Delete a policy.

CLI Example:

salt myminion boto_iam.delete_policy mypolicy

salt.modules.boto_iam.delete_policy_version(policy_name, version_id, region=None, key=None, keyid=None, profile=None)#

Delete a policy version.

CLI Example:

salt myminion boto_iam.delete_policy_version mypolicy v1

salt.modules.boto_iam.delete_role(name, region=None, key=None, keyid=None, profile=None)#

Delete an IAM role.

CLI Example:

salt myminion boto_iam.delete_role myirole

salt.modules.boto_iam.delete_role_policy(role_name, policy_name, region=None, key=None, keyid=None, profile=None)#

Delete a role policy.

CLI Example:

salt myminion boto_iam.delete_role_policy myirole mypolicy

salt.modules.boto_iam.delete_saml_provider(name, region=None, key=None, keyid=None, profile=None)#

Delete SAML provider

CLI Example:

salt myminion boto_iam.delete_saml_provider my_saml_provider_name

salt.modules.boto_iam.delete_server_cert(cert_name, region=None, key=None, keyid=None, profile=None)#

Deletes a certificate from Amazon.

New in version 2015.8.0.

CLI Example:

salt myminion boto_iam.delete_server_cert mycert_name

salt.modules.boto_iam.delete_user(user_name, region=None, key=None, keyid=None, profile=None)#

Delete a user.

New in version 2015.8.0.

CLI Example:

salt myminion boto_iam.delete_user myuser

salt.modules.boto_iam.delete_user_policy(user_name, policy_name, region=None, key=None, keyid=None, profile=None)#

Delete a user policy.

CLI Example:

salt myminion boto_iam.delete_user_policy myuser mypolicy

salt.modules.boto_iam.delete_virtual_mfa_device(serial, region=None, key=None, keyid=None, profile=None)#

Deletes the specified virtual MFA device.

CLI Example:

salt myminion boto_iam.delete_virtual_mfa_device serial_num

salt.modules.boto_iam.describe_role(name, region=None, key=None, keyid=None, profile=None)#

Get information for a role.

CLI Example:

salt myminion boto_iam.describe_role myirole

salt.modules.boto_iam.detach_group_policy(policy_name, group_name, region=None, key=None, keyid=None, profile=None)#

Detach a managed policy to a group.

CLI Example:

salt myminion boto_iam.detach_group_policy mypolicy mygroup

salt.modules.boto_iam.detach_role_policy(policy_name, role_name, region=None, key=None, keyid=None, profile=None)#

Detach a managed policy to a role.

CLI Example:

salt myminion boto_iam.detach_role_policy mypolicy myrole

salt.modules.boto_iam.detach_user_policy(policy_name, user_name, region=None, key=None, keyid=None, profile=None)#

Detach a managed policy to a user.

CLI Example:

salt myminion boto_iam.detach_user_policy mypolicy myuser

salt.modules.boto_iam.disassociate_profile_from_role(profile_name, role_name, region=None, key=None, keyid=None, profile=None)#

Disassociate an instance profile from an IAM role.

CLI Example:

salt myminion boto_iam.disassociate_profile_from_role myirole myiprofile

salt.modules.boto_iam.export_roles(path_prefix='/', region=None, key=None, keyid=None, profile=None)#

Get all IAM role details. Produces results that can be used to create an sls file.

CLI Example:

salt-call boto_iam.export_roles --out=txt | sed "s/local: //" > iam_roles.sls

salt.modules.boto_iam.export_users(path_prefix='/', region=None, key=None, keyid=None, profile=None)#

Get all IAM user details. Produces results that can be used to create an sls file.

New in version 2016.3.0.

CLI Example:

salt-call boto_iam.export_users --out=txt | sed "s/local: //" > iam_users.sls

salt.modules.boto_iam.get_account_id(region=None, key=None, keyid=None, profile=None)#

Get a the AWS account id associated with the used credentials.

CLI Example:

salt myminion boto_iam.get_account_id

salt.modules.boto_iam.get_account_policy(region=None, key=None, keyid=None, profile=None)#

Get account policy for the AWS account.

New in version 2015.8.0.

CLI Example:

salt myminion boto_iam.get_account_policy

salt.modules.boto_iam.get_all_access_keys(user_name, marker=None, max_items=None, region=None, key=None, keyid=None, profile=None)#

Get all access keys from a user.

New in version 2015.8.0.

CLI Example:

salt myminion boto_iam.get_all_access_keys myuser

salt.modules.boto_iam.get_all_group_policies(group_name, region=None, key=None, keyid=None, profile=None)#

Get a list of policy names from a group.

CLI Example:

salt myminion boto_iam.get_all_group_policies mygroup

salt.modules.boto_iam.get_all_groups(path_prefix='/', region=None, key=None, keyid=None, profile=None)#

Get and return all IAM group details, starting at the optional path.

New in version 2016.3.0.

CLI Example:

salt-call boto_iam.get_all_groups

salt.modules.boto_iam.get_all_instance_profiles(path_prefix='/', region=None, key=None, keyid=None, profile=None)#

Get and return all IAM instance profiles, starting at the optional path.

New in version 2016.11.0.

CLI Example:

salt-call boto_iam.get_all_instance_profiles

salt.modules.boto_iam.get_all_mfa_devices(user_name, region=None, key=None, keyid=None, profile=None)#

Get all MFA devices associated with an IAM user.

New in version 2016.3.0.

CLI Example:

salt myminion boto_iam.get_all_mfa_devices user_name

salt.modules.boto_iam.get_all_roles(path_prefix=None, region=None, key=None, keyid=None, profile=None)#

Get and return all IAM role details, starting at the optional path.

New in version 2016.3.0.

CLI Example:

salt-call boto_iam.get_all_roles

salt.modules.boto_iam.get_all_user_policies(user_name, marker=None, max_items=None, region=None, key=None, keyid=None, profile=None)#

Get all user policies.

New in version 2015.8.0.

CLI Example:

salt myminion boto_iam.get_all_user_policies myuser

salt.modules.boto_iam.get_all_users(path_prefix='/', region=None, key=None, keyid=None, profile=None)#

Get and return all IAM user details, starting at the optional path.

New in version 2016.3.0.

CLI Example:

salt-call boto_iam.get_all_users

salt.modules.boto_iam.get_group(group_name, region=None, key=None, keyid=None, profile=None)#

Get group information.

New in version 2015.8.0.

CLI Example:

salt myminion boto_iam.get_group mygroup

salt.modules.boto_iam.get_group_members(group_name, region=None, key=None, keyid=None, profile=None)#

Get group information.

New in version 2016.3.0.

CLI Example:

salt myminion boto_iam.get_group mygroup

salt.modules.boto_iam.get_group_policy(group_name, policy_name, region=None, key=None, keyid=None, profile=None)#

Retrieves the specified policy document for the specified group.

New in version 2015.8.0.

CLI Example:

salt myminion boto_iam.get_group_policy mygroup policyname

salt.modules.boto_iam.get_policy(policy_name, region=None, key=None, keyid=None, profile=None)#

Check to see if policy exists.

CLI Example:

salt myminion boto_iam.instance_profile_exists myiprofile

salt.modules.boto_iam.get_policy_version(policy_name, version_id, region=None, key=None, keyid=None, profile=None)#

Check to see if policy exists.

CLI Example:

salt myminion boto_iam.instance_profile_exists myiprofile

salt.modules.boto_iam.get_role_policy(role_name, policy_name, region=None, key=None, keyid=None, profile=None)#

Get a role policy.

CLI Example:

salt myminion boto_iam.get_role_policy myirole mypolicy

salt.modules.boto_iam.get_saml_provider(name, region=None, key=None, keyid=None, profile=None)#

Get SAML provider document.

CLI Example:

salt myminion boto_iam.get_saml_provider arn

salt.modules.boto_iam.get_saml_provider_arn(name, region=None, key=None, keyid=None, profile=None)#

Get SAML provider

CLI Example:

salt myminion boto_iam.get_saml_provider_arn my_saml_provider_name

salt.modules.boto_iam.get_server_certificate(cert_name, region=None, key=None, keyid=None, profile=None)#

Returns certificate information from Amazon

New in version 2015.8.0.

CLI Example:

salt myminion boto_iam.get_server_certificate mycert_name

salt.modules.boto_iam.get_user(user_name=None, region=None, key=None, keyid=None, profile=None)#

Get user information.

New in version 2015.8.0.

CLI Example:

salt myminion boto_iam.get_user myuser

salt.modules.boto_iam.get_user_policy(user_name, policy_name, region=None, key=None, keyid=None, profile=None)#

Retrieves the specified policy document for the specified user.

New in version 2015.8.0.

CLI Example:

salt myminion boto_iam.get_user_policy myuser mypolicyname

salt.modules.boto_iam.instance_profile_exists(name, region=None, key=None, keyid=None, profile=None)#

Check to see if an instance profile exists.

CLI Example:

salt myminion boto_iam.instance_profile_exists myiprofile

salt.modules.boto_iam.list_attached_group_policies(group_name, path_prefix=None, entity_filter=None, region=None, key=None, keyid=None, profile=None)#

List entities attached to the given group.

CLI Example:

salt myminion boto_iam.list_entities_for_policy mypolicy

salt.modules.boto_iam.list_attached_role_policies(role_name, path_prefix=None, entity_filter=None, region=None, key=None, keyid=None, profile=None)#

List entities attached to the given role.

CLI Example:

salt myminion boto_iam.list_entities_for_policy mypolicy

salt.modules.boto_iam.list_attached_user_policies(user_name, path_prefix=None, entity_filter=None, region=None, key=None, keyid=None, profile=None)#

List entities attached to the given user.

CLI Example:

salt myminion boto_iam.list_entities_for_policy mypolicy

salt.modules.boto_iam.list_entities_for_policy(policy_name, path_prefix=None, entity_filter=None, region=None, key=None, keyid=None, profile=None)#

List entities that a policy is attached to.

CLI Example:

salt myminion boto_iam.list_entities_for_policy mypolicy

salt.modules.boto_iam.list_instance_profiles(path_prefix='/', region=None, key=None, keyid=None, profile=None)#

List all IAM instance profiles, starting at the optional path.

New in version 2016.11.0.

CLI Example:

salt-call boto_iam.list_instance_profiles

salt.modules.boto_iam.list_policies(region=None, key=None, keyid=None, profile=None)#

List policies.

CLI Example:

salt myminion boto_iam.list_policies

salt.modules.boto_iam.list_policy_versions(policy_name, region=None, key=None, keyid=None, profile=None)#

List versions of a policy.

CLI Example:

salt myminion boto_iam.list_policy_versions mypolicy

salt.modules.boto_iam.list_role_policies(role_name, region=None, key=None, keyid=None, profile=None)#

Get a list of policy names from a role.

CLI Example:

salt myminion boto_iam.list_role_policies myirole

salt.modules.boto_iam.list_saml_providers(region=None, key=None, keyid=None, profile=None)#

List SAML providers.

CLI Example:

salt myminion boto_iam.list_saml_providers

salt.modules.boto_iam.policy_exists(policy_name, region=None, key=None, keyid=None, profile=None)#

Check to see if policy exists.

CLI Example:

salt myminion boto_iam.instance_profile_exists myiprofile

salt.modules.boto_iam.policy_version_exists(policy_name, version_id, region=None, key=None, keyid=None, profile=None)#

Check to see if policy exists.

CLI Example:

salt myminion boto_iam.instance_profile_exists myiprofile

salt.modules.boto_iam.profile_associated(role_name, profile_name, region, key, keyid, profile)#

Check to see if an instance profile is associated with an IAM role.

CLI Example:

salt myminion boto_iam.profile_associated myirole myiprofile

salt.modules.boto_iam.put_group_policy(group_name, policy_name, policy_json, region=None, key=None, keyid=None, profile=None)#

Adds or updates the specified policy document for the specified group.

New in version 2015.8.0.

CLI Example:

salt myminion boto_iam.put_group_policy mygroup policyname policyrules

salt.modules.boto_iam.put_user_policy(user_name, policy_name, policy_json, region=None, key=None, keyid=None, profile=None)#

Adds or updates the specified policy document for the specified user.

New in version 2015.8.0.

CLI Example:

salt myminion boto_iam.put_user_policy myuser policyname policyrules

salt.modules.boto_iam.remove_user_from_group(group_name, user_name, region=None, key=None, keyid=None, profile=None)#

Remove user from group.

New in version 2015.8.0.

CLI Example:

salt myminion boto_iam.remove_user_from_group mygroup myuser

salt.modules.boto_iam.role_exists(name, region=None, key=None, keyid=None, profile=None)#

Check to see if an IAM role exists.

CLI Example:

salt myminion boto_iam.role_exists myirole

salt.modules.boto_iam.set_default_policy_version(policy_name, version_id, region=None, key=None, keyid=None, profile=None)#

Set the default version of a policy.

CLI Example:

salt myminion boto_iam.set_default_policy_version mypolicy v1

salt.modules.boto_iam.update_account_password_policy(allow_users_to_change_password=None, hard_expiry=None, max_password_age=None, minimum_password_length=None, password_reuse_prevention=None, require_lowercase_characters=None, require_numbers=None, require_symbols=None, require_uppercase_characters=None, region=None, key=None, keyid=None, profile=None)#

Update the password policy for the AWS account.

New in version 2015.8.0.

CLI Example:

salt myminion boto_iam.update_account_password_policy True

salt.modules.boto_iam.update_assume_role_policy(role_name, policy_document, region=None, key=None, keyid=None, profile=None)#

Update an assume role policy for a role.

New in version 2015.8.0.

CLI Example:

salt myminion boto_iam.update_assume_role_policy myrole '{"Statement":"..."}'

salt.modules.boto_iam.update_saml_provider(name, saml_metadata_document, region=None, key=None, keyid=None, profile=None)#

Update SAML provider.

CLI Example:

salt myminion boto_iam.update_saml_provider my_saml_provider_name saml_metadata_document

salt.modules.boto_iam.upload_server_cert(cert_name, cert_body, private_key, cert_chain=None, path=None, region=None, key=None, keyid=None, profile=None)#

Upload a certificate to Amazon.

New in version 2015.8.0.

CLI Example:

salt myminion boto_iam.upload_server_cert mycert_name crt priv_key

Parameters:

cert_name -- The name for the server certificate. Do not include the path in this value.
cert_body -- The contents of the public key certificate in PEM-encoded format.
private_key -- The contents of the private key in PEM-encoded format.
cert_chain -- The contents of the certificate chain. This is typically a concatenation of the PEM-encoded public key certificates of the chain.
path -- The path for the server certificate.
region -- The name of the region to connect to.
key -- The key to be used in order to connect
keyid -- The keyid to be used in order to connect
profile -- The profile that contains a dict of region, key, keyid

Returns:

True / False

salt.modules.boto_iam.user_exists_in_group(user_name, group_name, region=None, key=None, keyid=None, profile=None)#

Check if user exists in group.

New in version 2015.8.0.

CLI Example:

salt myminion boto_iam.user_exists_in_group myuser mygroup

Table of Contents

salt.modules.boto_iam#