CreateServiceSpecificCredential

CreateServiceSpecificCredential

Generates a set of credentials consisting of a user name and password that can be used to access the service specified in the request. These credentials are generated by IAM, and can be used only for the specified service.

You can have a maximum of two sets of service-specific credentials for each supported service per user.

You can create service-specific credentials for CodeCommit and Amazon Keyspaces (for Apache Cassandra).

You can reset the password to a new service-generated value by calling ResetServiceSpecificCredential (p. 346).

For more information about service-specific credentials, see Using IAM with CodeCommit: Git credentials, SSH keys, and AWS access keys in the IAM User Guide.

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters (p. 563).

ServiceName

The name of the AWS service that is to be associated with the credentials. The service you specify here is the only service that can be accessed using these credentials.

Type: String Required: Yes UserName

The name of the IAM user that is to be associated with the credentials. The new service-specific credentials have the same permissions as the associated user except that they can be used only to access the specified service.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters:

_+=,.@-Type: String

Length Constraints: Minimum length of 1. Maximum length of 64.

Pattern: [\w+=,.@-]+

Required: Yes

Response Elements

The following element is returned by the service.

ServiceSpecificCredential

A structure that contains information about the newly created service-specific credential.

Errors

Important

This is the only time that the password for this credential set is available.

It cannot be recovered later. Instead, you must reset the password with ResetServiceSpecificCredential (p. 346).

Type: ServiceSpecificCredential (p. 542) object

Errors

For information about the errors that are common to all actions, see Common Errors (p. 565).

LimitExceeded

The request was rejected because it attempted to create resources beyond the current AWS account limits. The error message describes the limit exceeded.

HTTP Status Code: 409 NoSuchEntity

The request was rejected because it referenced a resource entity that does not exist. The error message describes the resource.

HTTP Status Code: 404 NotSupportedService

The specified service does not support service-specific credentials.

HTTP Status Code: 404

Examples

Example

In the following example, the caller creates service-specific credentials for the IAM user named Anika in account 123456789012. The credentials can be used only with the AWS service associated with the service endpoint at codecommit.amazonaws.com .

Sample Request

https://iam.amazonaws.com/?Action=CreateServiceSpecificCredential

&UserName=Anika

&ServiceName=codecommit.amazonaws.com

&Version=2010-05-08

&AUTHPARAMS

Sample Response

<CreateServiceSpecificCredentialResponse xmlns="https://iam.amazonaws.com/doc/2010-05-08/">

<CreateServiceSpecificCredentialResult>

<ServiceSpecificCredential>

<ServicePassword>xTBAr/czp+D3EXAMPLE47lrJ6/43r2zqGwR3EXAMPLE=</ServicePassword>

<ServiceName>codecommit.amazonaws.com</ServiceName>

<UserName>anika</UserName>

<ServiceUserName>anika+1-at-123456789012</ServiceUserName>

<ServiceSpecificCredentialId>ACCA12345ABCDEXAMPLE</ServiceSpecificCredentialId>

See Also

<Status>Active</Status>

<CreateDate>2016-11-01T17:47:22.382Z</CreateDate>

</ServiceSpecificCredential>

</CreateServiceSpecificCredentialResult>

<ResponseMetadata>

<RequestId>EXAMPLE8-90ab-cdef-fedc-ba987EXAMPLE</RequestId>

</ResponseMetadata>

</CreateServiceSpecificCredentialResponse>

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface

• AWS SDK for .NET

• AWS SDK for C++

• AWS SDK for Go

• AWS SDK for Java V2

• AWS SDK for JavaScript

• AWS SDK for PHP V3

• AWS SDK for Python

• AWS SDK for Ruby V3

CreateUser

CreateUser

Creates a new IAM user for your AWS account.

For information about quotas for the number of IAM users you can create, see IAM and AWS STS quotas in the IAM User Guide.

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters (p. 563).

Path

The path for the user name. For more information about paths, see IAM identifiers in the IAM User Guide.

This parameter is optional. If it is not included, it defaults to a slash (/).

This parameter allows (through its regex pattern) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (\u0021) through the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 512.

Pattern: (\u002F)|(\u002F[\u0021-\u007F]+\u002F) Required: No

PermissionsBoundary

The ARN of the policy that is used to set the permissions boundary for the user.

Type: String

Length Constraints: Minimum length of 20. Maximum length of 2048.

Required: No Tags.member.N

A list of tags that you want to attach to the new user. Each tag consists of a key name and an associated value. For more information about tagging, see Tagging IAM resources in the IAM User Guide.

NoteIf any one of the tags is invalid or if you exceed the allowed maximum number of tags, then the entire request fails and the resource is not created.

Type: Array of Tag (p. 553) objects

Array Members: Maximum number of 50 items.

Required: No UserName

The name of the user to create.

Response Elements

IAM user, group, role, and policy names must be unique within the account. Names are not distinguished by case. For example, you cannot create resources named both "MyResource" and

"myresource".

Type: String

Length Constraints: Minimum length of 1. Maximum length of 64.

Pattern: [\w+=,.@-]+

Required: Yes

Response Elements

The following element is returned by the service.

User

A structure with details about the new IAM user.

Type: User (p. 556) object

Errors

For information about the errors that are common to all actions, see Common Errors (p. 565).

ConcurrentModification

The request was rejected because multiple requests to change this object were submitted simultaneously. Wait a few minutes and submit your request again.

HTTP Status Code: 409 EntityAlreadyExists

The request was rejected because it attempted to create a resource that already exists.

HTTP Status Code: 409 InvalidInput

The request was rejected because an invalid or out-of-range value was supplied for an input parameter.

HTTP Status Code: 400 LimitExceeded

The request was rejected because it attempted to create resources beyond the current AWS account limits. The error message describes the limit exceeded.

HTTP Status Code: 409 NoSuchEntity

The request was rejected because it referenced a resource entity that does not exist. The error message describes the resource.

HTTP Status Code: 404

Examples

ServiceFailure

The request processing has failed because of an unknown error, exception or failure.

HTTP Status Code: 500

Examples

Example

This example illustrates one usage of CreateUser.

Sample Request

https://iam.amazonaws.com/?Action=CreateUser

&Path=/division_abc/subdivision_xyz/

&UserName=Bob

&Version=2010-05-08

&AUTHPARAMS

Sample Response

<CreateUserResponse xmlns="https://iam.amazonaws.com/doc/2010-05-08/">

<CreateUserResult>

<User>

<Path>/division_abc/subdivision_xyz/</Path>

<UserName>Bob</UserName>

<UserId>AIDACKCEVSQ6C2EXAMPLE</UserId>

<Arn>arn:aws:iam::123456789012:user/division_abc/subdivision_xyz/Bob</Arn>

</User>

</CreateUserResult>

<ResponseMetadata>

<RequestId>7a62c49f-347e-4fc4-9331-6e8eEXAMPLE</RequestId>

</ResponseMetadata>

</CreateUserResponse>

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface

• AWS SDK for .NET

• AWS SDK for C++

• AWS SDK for Go

• AWS SDK for Java V2

• AWS SDK for JavaScript

• AWS SDK for PHP V3

• AWS SDK for Python

• AWS SDK for Ruby V3

CreateVirtualMFADevice

CreateVirtualMFADevice

Creates a new virtual MFA device for the AWS account. After creating the virtual MFA, use EnableMFADevice (p. 128) to attach the MFA device to an IAM user. For more information about creating and working with virtual MFA devices, see Using a virtual MFA device in the IAM User Guide.

For information about the maximum number of MFA devices you can create, see IAM and AWS STS quotas in the IAM User Guide.

Important

The seed information contained in the QR code and the Base32 string should be treated like any other secret access information. In other words, protect the seed information as you would your AWS access keys or your passwords. After you provision your virtual device, you should ensure that the information is destroyed following secure procedures.

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters (p. 563).

Path

The path for the virtual MFA device. For more information about paths, see IAM identifiers in the IAM User Guide.

This parameter is optional. If it is not included, it defaults to a slash (/).

This parameter allows (through its regex pattern) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (\u0021) through the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 512.

Pattern: (\u002F)|(\u002F[\u0021-\u007F]+\u002F) Required: No

Tags.member.N

A list of tags that you want to attach to the new IAM virtual MFA device. Each tag consists of a key name and an associated value. For more information about tagging, see Tagging IAM resources in the IAM User Guide.

NoteIf any one of the tags is invalid or if you exceed the allowed maximum number of tags, then the entire request fails and the resource is not created.

Type: Array of Tag (p. 553) objects

Array Members: Maximum number of 50 items.

Required: No VirtualMFADeviceName

The name of the virtual MFA device. Use with path to uniquely identify a virtual MFA device.

Response Elements

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters:

_+=,.@-Type: String

Length Constraints: Minimum length of 1.

Pattern: [\w+=,.@-]+

Required: Yes

Response Elements

The following element is returned by the service.

VirtualMFADevice

A structure containing details about the new virtual MFA device.

Type: VirtualMFADevice (p. 561) object

Errors

For information about the errors that are common to all actions, see Common Errors (p. 565).

ConcurrentModification

The request was rejected because multiple requests to change this object were submitted simultaneously. Wait a few minutes and submit your request again.

HTTP Status Code: 409 EntityAlreadyExists

The request was rejected because it attempted to create a resource that already exists.

HTTP Status Code: 409 InvalidInput

The request was rejected because an invalid or out-of-range value was supplied for an input parameter.

HTTP Status Code: 400 LimitExceeded

The request was rejected because it attempted to create resources beyond the current AWS account limits. The error message describes the limit exceeded.

HTTP Status Code: 409 ServiceFailure

The request processing has failed because of an unknown error, exception or failure.

HTTP Status Code: 500

Examples

Examples

Example

This example illustrates one usage of CreateVirtualMFADevice.

Sample Request

https://iam.amazonaws.com/?Action=CreateVirtualMFADevice

&VirtualMFADeviceName=ExampleName

&Version=2010-05-08

&AUTHPARAMS

Sample Response

<CreateVirtualMFADeviceResponse xmlns="https://iam.amazonaws.com/doc/2010-05-08/">

<CreateVirtualMFADeviceResult>

<VirtualMFADevice>

<SerialNumber>arn:aws:iam::123456789012:mfa/ExampleName</SerialNumber>

<Base32StringSeed>

2K5K5XTLA7GGE75TQLYEXAMPLEEXAMPLEEXAMPLECHDFW4KJYZ6UFQ75LL7COCYKM </Base32StringSeed>

<QRCodePNG>

89504E470D0A1A0AASDFAHSDFKJKLJFKALSDFJASDF <!-- byte array of png file -->

</QRCodePNG>

</VirtualMFADevice>

</CreateVirtualMFADeviceResult>

<ResponseMetadata>

<RequestId>7a62c49f-347e-4fc4-9331-6e8eEXAMPLE</RequestId>

</ResponseMetadata>

</CreateVirtualMFADeviceResponse>

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface

• AWS SDK for .NET

• AWS SDK for C++

• AWS SDK for Go

• AWS SDK for Java V2

• AWS SDK for JavaScript

• AWS SDK for PHP V3

• AWS SDK for Python

• AWS SDK for Ruby V3

DeactivateMFADevice

DeactivateMFADevice

Deactivates the specified MFA device and removes it from association with the user name for which it was originally enabled.

For more information about creating and working with virtual MFA devices, see Enabling a virtual multi-factor authentication (MFA) device in the IAM User Guide.

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters (p. 563).

SerialNumber

The serial number that uniquely identifies the MFA device. For virtual MFA devices, the serial number is the device ARN.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters:

=,.@:/-Type: String

Length Constraints: Minimum length of 9. Maximum length of 256.

Pattern: [\w+=/:,.@-]+

Required: Yes UserName

The name of the user whose MFA device you want to deactivate.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters:

_+=,.@-Type: String

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: [\w+=,.@-]+

Required: Yes

Errors

For information about the errors that are common to all actions, see Common Errors (p. 565).

EntityTemporarilyUnmodifiable

The request was rejected because it referenced an entity that is temporarily unmodifiable, such as a user name that was deleted and then recreated. The error indicates that the request is likely to succeed if you try again after waiting several minutes. The error message describes the entity.

HTTP Status Code: 409

Examples

LimitExceeded

The request was rejected because it attempted to create resources beyond the current AWS account limits. The error message describes the limit exceeded.

HTTP Status Code: 409 NoSuchEntity

The request was rejected because it referenced a resource entity that does not exist. The error message describes the resource.

HTTP Status Code: 404 ServiceFailure

The request processing has failed because of an unknown error, exception or failure.

HTTP Status Code: 500

Examples

Example

This example illustrates one usage of DeactivateMFADevice.

Sample Request

https://iam.amazonaws.com/?Action=DeactivateMFADevice

&UserName=Bob

&SerialNumber=R1234

&Version=2010-05-08

&AUTHPARAMS

Sample Response

<DeactivateMFADeviceResponse xmlns="https://iam.amazonaws.com/doc/2010-05-08/">

<ResponseMetadata>

<RequestId>7a62c49f-347e-4fc4-9331-6e8eEXAMPLE</RequestId>

</ResponseMetadata>

</DeactivateMFADeviceResponse>

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface

• AWS SDK for .NET

• AWS SDK for C++

• AWS SDK for Go

• AWS SDK for Java V2

• AWS SDK for JavaScript

• AWS SDK for PHP V3

• AWS SDK for Python

• AWS SDK for Ruby V3

See Also

DeleteAccessKey

DeleteAccessKey

Deletes the access key pair associated with the specified IAM user.

If you do not specify a user name, IAM determines the user name implicitly based on the AWS access key ID signing the request. This operation works for access keys under the AWS account. Consequently, you can use this operation to manage AWS account root user credentials even if the AWS account has no associated users.

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters (p. 563).

AccessKeyId

The access key ID for the access key ID and secret access key you want to delete.

This parameter allows (through its regex pattern) a string of characters that can consist of any upper or lowercased letter or digit.

Type: String

Length Constraints: Minimum length of 16. Maximum length of 128.

Pattern: [\w]+

Required: Yes UserName

The name of the user whose access key pair you want to delete.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters:

_+=,.@-Type: String

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: [\w+=,.@-]+

Required: No

Errors

For information about the errors that are common to all actions, see Common Errors (p. 565).

LimitExceeded

The request was rejected because it attempted to create resources beyond the current AWS account limits. The error message describes the limit exceeded.

HTTP Status Code: 409 NoSuchEntity

The request was rejected because it referenced a resource entity that does not exist. The error message describes the resource.

Examples

HTTP Status Code: 404 ServiceFailure

The request processing has failed because of an unknown error, exception or failure.

HTTP Status Code: 500

Examples

Example

This example illustrates one usage of DeleteAccessKey.

Sample Request

https://iam.amazonaws.com/?Action=DeleteAccessKey

&UserName=Bob

&AccessKeyId=AKIAIOSFODNN7EXAMPLE

&Version=2010-05-08

&AUTHPARAMS

Sample Response

<DeleteAccessKeyResponse xmlns="https://iam.amazonaws.com/doc/2010-05-08/">

<ResponseMetadata>

<RequestId>7a62c49f-347e-4fc4-9331-6e8eEXAMPLE</RequestId>

</ResponseMetadata>

</DeleteAccessKeyResponse>

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface

• AWS SDK for .NET

• AWS SDK for C++

• AWS SDK for Go

• AWS SDK for Java V2

• AWS SDK for JavaScript

• AWS SDK for PHP V3

• AWS SDK for Python

• AWS SDK for Ruby V3

DeleteAccountAlias

DeleteAccountAlias

Deletes the specified AWS account alias. For information about using an AWS account alias, see Using an alias for your AWS account ID in the IAM User Guide.

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters (p. 563).

AccountAlias

The name of the account alias to delete.

This parameter allows (through its regex pattern) a string of characters consisting of lowercase letters, digits, and dashes. You cannot start or finish with a dash, nor can you have two dashes in a row.

Type: String

Length Constraints: Minimum length of 3. Maximum length of 63.

Pattern: ^[a-z0-9](([a-z0-9]|-(?!-))*[a-z0-9])?$

Required: Yes

Errors

For information about the errors that are common to all actions, see Common Errors (p. 565).

LimitExceeded

The request was rejected because it attempted to create resources beyond the current AWS account limits. The error message describes the limit exceeded.

HTTP Status Code: 409 NoSuchEntity

The request was rejected because it referenced a resource entity that does not exist. The error message describes the resource.

HTTP Status Code: 404 ServiceFailure

The request processing has failed because of an unknown error, exception or failure.

HTTP Status Code: 500

Examples

Example

This example illustrates one usage of DeleteAccountAlias.

See Also

Sample Request

https://iam.amazonaws.com/?Action=DeleteAccountAlias

&AccountAlias=ExampleCorp

&Version=2010-05-08

&AUTHPARAMS

Sample Response

<DeleteAccountAliasResponse xmlns="https://iam.amazonaws.com/doc/2010-05-08/">

<ResponseMetadata>

<RequestId>7a62c49f-347e-4fc4-9331-6e8eEXAMPLE</RequestId>

</ResponseMetadata>

</DeleteAccountAliasResponse>

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface

• AWS SDK for .NET

• AWS SDK for C++

• AWS SDK for Go

• AWS SDK for Java V2

• AWS SDK for JavaScript

• AWS SDK for PHP V3

• AWS SDK for Python

• AWS SDK for Ruby V3

DeleteAccountPasswordPolicy

DeleteAccountPasswordPolicy

Deletes the password policy for the AWS account. There are no parameters.

Errors

For information about the errors that are common to all actions, see Common Errors (p. 565).

LimitExceeded

The request was rejected because it attempted to create resources beyond the current AWS account limits. The error message describes the limit exceeded.

HTTP Status Code: 409 NoSuchEntity

The request was rejected because it referenced a resource entity that does not exist. The error message describes the resource.

HTTP Status Code: 404 ServiceFailure

The request processing has failed because of an unknown error, exception or failure.

The request processing has failed because of an unknown error, exception or failure.

在文檔中 AWS Identity and Access Management API Reference API Version 2010-05-08 (頁 80-121)