DeleteSigningCertificate

DeleteSigningCertificate

Deletes a signing certificate associated with the specified IAM user.

If you do not specify a user name, IAM determines the user name implicitly based on the AWS access key ID signing the request. This operation works for access keys under the AWS account. Consequently, you can use this operation to manage AWS account root user credentials even if the AWS account has no associated IAM users.

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters (p. 563).

CertificateId

The ID of the signing certificate to delete.

The format of this parameter, as described by its regex pattern, is a string of characters that can be upper- or lower-cased letters or digits.

Type: String

Length Constraints: Minimum length of 24. Maximum length of 128.

Pattern: [\w]+

Required: Yes UserName

The name of the user the signing certificate belongs to.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters:

_+=,.@-Type: String

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: [\w+=,.@-]+

Required: No

Errors

For information about the errors that are common to all actions, see Common Errors (p. 565).

LimitExceeded

The request was rejected because it attempted to create resources beyond the current AWS account limits. The error message describes the limit exceeded.

HTTP Status Code: 409 NoSuchEntity

The request was rejected because it referenced a resource entity that does not exist. The error message describes the resource.

Examples

HTTP Status Code: 404 ServiceFailure

The request processing has failed because of an unknown error, exception or failure.

HTTP Status Code: 500

Examples

Example

This example illustrates one usage of DeleteSigningCertificate.

Sample Request

https://iam.amazonaws.com/?Action=DeleteSigningCertificate

&UserName=Bob

&CertificateId=TA7SMP42TDN5Z26OBPJE7EXAMPLE

&Version=2010-05-08

&AUTHPARAMS

Sample Response

<DeleteSigningCertificateResponse xmlns="https://iam.amazonaws.com/doc/2010-05-08/">

<ResponseMetadata>

<RequestId>7a62c49f-347e-4fc4-9331-6e8eEXAMPLE</RequestId>

</ResponseMetadata>

</DeleteSigningCertificateResponse>

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface

• AWS SDK for .NET

• AWS SDK for C++

• AWS SDK for Go

• AWS SDK for Java V2

• AWS SDK for JavaScript

• AWS SDK for PHP V3

• AWS SDK for Python

• AWS SDK for Ruby V3

DeleteSSHPublicKey

DeleteSSHPublicKey

Deletes the specified SSH public key.

The SSH public key deleted by this operation is used only for authenticating the associated IAM user to an CodeCommit repository. For more information about using SSH keys to authenticate to an CodeCommit repository, see Set up CodeCommit for SSH connections in the CodeCommit User Guide.

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters (p. 563).

SSHPublicKeyId

The unique identifier for the SSH public key.

This parameter allows (through its regex pattern) a string of characters that can consist of any upper or lowercased letter or digit.

Type: String

Length Constraints: Minimum length of 20. Maximum length of 128.

Pattern: [\w]+

Required: Yes UserName

The name of the IAM user associated with the SSH public key.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters:

_+=,.@-Type: String

Length Constraints: Minimum length of 1. Maximum length of 64.

Pattern: [\w+=,.@-]+

Required: Yes

Errors

For information about the errors that are common to all actions, see Common Errors (p. 565).

NoSuchEntity

The request was rejected because it referenced a resource entity that does not exist. The error message describes the resource.

HTTP Status Code: 404

Examples

Examples

Example

This example illustrates one usage of DeleteSSHPublicKey.

Sample Request

https://iam.amazonaws.com/?Action=DeleteSSHPublicKey

&SSHPublicKeyId=APKAEIVFHP46CEXAMPLE

&UserName=Jane

&Version=2010-05-08

&AUTHPARAMS

Sample Response

<DeleteSSHPublicKeyResponse xmlns="https://iam.amazonaws.com/doc/2010-05-08/">

<ResponseMetadata>

<RequestId>1a21282e-f36e-11e4-a53b-6b544EXAMPLE</RequestId>

</ResponseMetadata>

</DeleteSSHPublicKeyResponse>

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface

• AWS SDK for .NET

• AWS SDK for C++

• AWS SDK for Go

• AWS SDK for Java V2

• AWS SDK for JavaScript

• AWS SDK for PHP V3

• AWS SDK for Python

• AWS SDK for Ruby V3

DeleteUser

DeleteUser

Deletes the specified IAM user. Unlike the AWS Management Console, when you delete a user programmatically, you must delete the items attached to the user manually, or the deletion fails. For more information, see Deleting an IAM user. Before attempting to delete a user, remove the following items:

• Password (DeleteLoginProfile (p. 84))

• Access keys (DeleteAccessKey (p. 72))

• Signing certificate (DeleteSigningCertificate (p. 108))

• SSH public key (DeleteSSHPublicKey (p. 110))

• Git credentials (DeleteServiceSpecificCredential (p. 106))

• Multi-factor authentication (MFA) device (DeactivateMFADevice (p. 69), DeleteVirtualMFADevice (p. 119))

• Inline policies (DeleteUserPolicy (p. 117))

• Attached managed policies (DetachUserPolicy (p. 126))

• Group memberships (RemoveUserFromGroup (p. 344))

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters (p. 563).

UserName

The name of the user to delete.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters:

_+=,.@-Type: String

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: [\w+=,.@-]+

Required: Yes

Errors

For information about the errors that are common to all actions, see Common Errors (p. 565).

ConcurrentModification

The request was rejected because multiple requests to change this object were submitted simultaneously. Wait a few minutes and submit your request again.

HTTP Status Code: 409 DeleteConflict

The request was rejected because it attempted to delete a resource that has attached subordinate entities. The error message describes these entities.

Examples

HTTP Status Code: 409 LimitExceeded

The request was rejected because it attempted to create resources beyond the current AWS account limits. The error message describes the limit exceeded.

HTTP Status Code: 409 NoSuchEntity

The request was rejected because it referenced a resource entity that does not exist. The error message describes the resource.

HTTP Status Code: 404 ServiceFailure

The request processing has failed because of an unknown error, exception or failure.

HTTP Status Code: 500

Examples

Example

This example illustrates one usage of DeleteUser.

Sample Request

https://iam.amazonaws.com/?Action=DeleteUser

&UserName=Bob

&Version=2010-05-08

&AUTHPARAMS

Sample Response

<DeleteUserResponse xmlns="https://iam.amazonaws.com/doc/2010-05-08/">

<ResponseMetadata>

<RequestId>7a62c49f-347e-4fc4-9331-6e8eEXAMPLE</RequestId>

</ResponseMetadata>

</DeleteUserResponse>

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface

• AWS SDK for .NET

• AWS SDK for C++

• AWS SDK for Go

• AWS SDK for Java V2

• AWS SDK for JavaScript

• AWS SDK for PHP V3

• AWS SDK for Python

See Also

• AWS SDK for Ruby V3

DeleteUserPermissionsBoundary

DeleteUserPermissionsBoundary

Deletes the permissions boundary for the specified IAM user.

Important

Deleting the permissions boundary for a user might increase its permissions by allowing the user to perform all the actions granted in its permissions policies.

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters (p. 563).

UserName

The name (friendly name, not ARN) of the IAM user from which you want to remove the permissions boundary.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 64.

Pattern: [\w+=,.@-]+

Required: Yes

Errors

For information about the errors that are common to all actions, see Common Errors (p. 565).

NoSuchEntity

The request was rejected because it referenced a resource entity that does not exist. The error message describes the resource.

HTTP Status Code: 404 ServiceFailure

The request processing has failed because of an unknown error, exception or failure.

HTTP Status Code: 500

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface

• AWS SDK for .NET

• AWS SDK for C++

• AWS SDK for Go

• AWS SDK for Java V2

• AWS SDK for JavaScript

• AWS SDK for PHP V3

See Also

• AWS SDK for Python

• AWS SDK for Ruby V3

DeleteUserPolicy

DeleteUserPolicy

Deletes the specified inline policy that is embedded in the specified IAM user.

A user can also have managed policies attached to it. To detach a managed policy from a user, use DetachUserPolicy (p. 126). For more information about policies, refer to Managed policies and inline policies in the IAM User Guide.

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters (p. 563).

PolicyName

The name identifying the policy document to delete.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters:

_+=,.@-Type: String

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: [\w+=,.@-]+

Required: Yes UserName

The name (friendly name, not ARN) identifying the user that the policy is embedded in.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters:

_+=,.@-Type: String

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: [\w+=,.@-]+

Required: Yes

Errors

For information about the errors that are common to all actions, see Common Errors (p. 565).

LimitExceeded

The request was rejected because it attempted to create resources beyond the current AWS account limits. The error message describes the limit exceeded.

HTTP Status Code: 409 NoSuchEntity

The request was rejected because it referenced a resource entity that does not exist. The error message describes the resource.

Examples

HTTP Status Code: 404 ServiceFailure

The request processing has failed because of an unknown error, exception or failure.

HTTP Status Code: 500

Examples

Example

This example illustrates one usage of DeleteUserPolicy.

Sample Request

https://iam.amazonaws.com/?Action=DeleteUserPolicy

&UserName=Bob

&PolicyName=AllAccessPolicy

&Version=2010-05-08

&AUTHPARAMS

Sample Response

<DeleteUserPolicyResponse xmlns="https://iam.amazonaws.com/doc/2010-05-08/">

<ResponseMetadata>

<RequestId>7a62c49f-347e-4fc4-9331-6e8eEXAMPLE</RequestId>

</ResponseMetadata>

</DeleteUserPolicyResponse>

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface

• AWS SDK for .NET

• AWS SDK for C++

• AWS SDK for Go

• AWS SDK for Java V2

• AWS SDK for JavaScript

• AWS SDK for PHP V3

• AWS SDK for Python

• AWS SDK for Ruby V3

DeleteVirtualMFADevice

DeleteVirtualMFADevice

Deletes a virtual MFA device.

Note

You must deactivate a user's virtual MFA device before you can delete it. For information about deactivating MFA devices, see DeactivateMFADevice (p. 69).

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters (p. 563).

SerialNumber

The serial number that uniquely identifies the MFA device. For virtual MFA devices, the serial number is the same as the ARN.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters:

=,.@:/-Type: String

Length Constraints: Minimum length of 9. Maximum length of 256.

Pattern: [\w+=/:,.@-]+

Required: Yes

Errors

For information about the errors that are common to all actions, see Common Errors (p. 565).

DeleteConflict

The request was rejected because it attempted to delete a resource that has attached subordinate entities. The error message describes these entities.

HTTP Status Code: 409 LimitExceeded

The request was rejected because it attempted to create resources beyond the current AWS account limits. The error message describes the limit exceeded.

HTTP Status Code: 409 NoSuchEntity

The request was rejected because it referenced a resource entity that does not exist. The error message describes the resource.

HTTP Status Code: 404 ServiceFailure

The request processing has failed because of an unknown error, exception or failure.

HTTP Status Code: 500

Examples

Examples

Example

This example illustrates one usage of DeleteVirtualMFADevice.

Sample Request

https://iam.amazonaws.com/?Action=DeleteVirtualMFADevice

&SerialNumber=arn:aws:iam::123456789012:mfa/ExampleName

&Version=2010-05-08

&AUTHPARAMS

Sample Response

<DeleteVirtualMFADeviceResponse xmlns="https://iam.amazonaws.com/doc/2010-05-08/">

<ResponseMetadata>

<RequestId>7a62c49f-347e-4fc4-9331-6e8eEXAMPLE</RequestId>

</ResponseMetadata>

</DeleteVirtualMFADeviceResponse>

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface

• AWS SDK for .NET

• AWS SDK for C++

• AWS SDK for Go

• AWS SDK for Java V2

• AWS SDK for JavaScript

• AWS SDK for PHP V3

• AWS SDK for Python

• AWS SDK for Ruby V3

DetachGroupPolicy

DetachGroupPolicy

Removes the specified managed policy from the specified IAM group.

A group can also have inline policies embedded with it. To delete an inline policy, use

DeleteGroupPolicy (p. 80). For information about policies, see Managed policies and inline policies in the IAM User Guide.

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters (p. 563).

GroupName

The name (friendly name, not ARN) of the IAM group to detach the policy from.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters:

_+=,.@-Type: String

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: [\w+=,.@-]+

Required: Yes PolicyArn

The Amazon Resource Name (ARN) of the IAM policy you want to detach.

For more information about ARNs, see Amazon Resource Names (ARNs) in the AWS General Reference.

Type: String

Length Constraints: Minimum length of 20. Maximum length of 2048.

Required: Yes

Errors

For information about the errors that are common to all actions, see Common Errors (p. 565).

InvalidInput

The request was rejected because an invalid or out-of-range value was supplied for an input parameter.

HTTP Status Code: 400 LimitExceeded

The request was rejected because it attempted to create resources beyond the current AWS account limits. The error message describes the limit exceeded.

HTTP Status Code: 409

Examples

NoSuchEntity

The request was rejected because it referenced a resource entity that does not exist. The error message describes the resource.

HTTP Status Code: 404 ServiceFailure

The request processing has failed because of an unknown error, exception or failure.

HTTP Status Code: 500

Examples

Example

This example illustrates one usage of DetachGroupPolicy.

Sample Request

https://iam.amazonaws.com/?Action=DetachGroupPolicy

&GroupName=Finance

&PolicyArn=arn:aws:iam::aws:policy/ReadOnlyAccess

&Version=2010-05-08

&AUTHPARAMS

Sample Response

<DetachGroupPolicyResponse xmlns="https://iam.amazonaws.com/doc/2010-05-08/">

<ResponseMetadata>

<RequestId>d4faa7aa-3d1d-11e4-a4a0-cffb9EXAMPLE</RequestId>

</ResponseMetadata>

</DetachGroupPolicyResponse>

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface

• AWS SDK for .NET

• AWS SDK for C++

• AWS SDK for Go

• AWS SDK for Java V2

• AWS SDK for JavaScript

• AWS SDK for PHP V3

• AWS SDK for Python

• AWS SDK for Ruby V3

DetachRolePolicy

DetachRolePolicy

Removes the specified managed policy from the specified role.

A role can also have inline policies embedded with it. To delete an inline policy, use

DeleteRolePolicy (p. 97). For information about policies, see Managed policies and inline policies in the IAM User Guide.

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters (p. 563).

PolicyArn

The Amazon Resource Name (ARN) of the IAM policy you want to detach.

For more information about ARNs, see Amazon Resource Names (ARNs) in the AWS General Reference.

Type: String

Length Constraints: Minimum length of 20. Maximum length of 2048.

Required: Yes RoleName

The name (friendly name, not ARN) of the IAM role to detach the policy from.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters:

_+=,.@-Type: String

Length Constraints: Minimum length of 1. Maximum length of 64.

Pattern: [\w+=,.@-]+

Required: Yes

Errors

For information about the errors that are common to all actions, see Common Errors (p. 565).

InvalidInput

The request was rejected because an invalid or out-of-range value was supplied for an input parameter.

HTTP Status Code: 400 LimitExceeded

The request was rejected because it attempted to create resources beyond the current AWS account limits. The error message describes the limit exceeded.

HTTP Status Code: 409

Examples

NoSuchEntity

The request was rejected because it referenced a resource entity that does not exist. The error message describes the resource.

HTTP Status Code: 404 ServiceFailure

The request processing has failed because of an unknown error, exception or failure.

HTTP Status Code: 500 UnmodifiableEntity

The request was rejected because only the service that depends on the service-linked role can modify or delete the role on your behalf. The error message includes the name of the service that depends on this service-linked role. You must request the change through that service.

HTTP Status Code: 400

Examples

Example

This example illustrates one usage of DetachRolePolicy.

Sample Request

https://iam.amazonaws.com/?Action=DetachRolePolicy

&PolicyArn=arn:aws:iam::aws:policy/ReadOnlyAccess

&RoleName=ReadOnlyRole

&Version=2010-05-08

&AUTHPARAMS

Sample Response

<DetachRolePolicyResponse xmlns="https://iam.amazonaws.com/doc/2010-05-08/">

<ResponseMetadata>

<RequestId>4c80ccf4-3d1e-11e4-a4a0-cffb9EXAMPLE</RequestId>

</ResponseMetadata>

</DetachRolePolicyResponse>

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface

• AWS SDK for .NET

• AWS SDK for C++

• AWS SDK for Go

• AWS SDK for Java V2

• AWS SDK for JavaScript

• AWS SDK for PHP V3

• AWS SDK for Python

See Also

• AWS SDK for Ruby V3

DetachUserPolicy

DetachUserPolicy

Removes the specified managed policy from the specified user.

A user can also have inline policies embedded with it. To delete an inline policy, use

DeleteUserPolicy (p. 117). For information about policies, see Managed policies and inline policies in the IAM User Guide.

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters (p. 563).

PolicyArn

The Amazon Resource Name (ARN) of the IAM policy you want to detach.

For more information about ARNs, see Amazon Resource Names (ARNs) in the AWS General Reference.

Type: String

Length Constraints: Minimum length of 20. Maximum length of 2048.

Required: Yes UserName

The name (friendly name, not ARN) of the IAM user to detach the policy from.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters:

_+=,.@-Type: String

Length Constraints: Minimum length of 1. Maximum length of 64.

Pattern: [\w+=,.@-]+

Required: Yes

Errors

For information about the errors that are common to all actions, see Common Errors (p. 565).

InvalidInput

The request was rejected because an invalid or out-of-range value was supplied for an input parameter.

HTTP Status Code: 400 LimitExceeded

The request was rejected because it attempted to create resources beyond the current AWS account limits. The error message describes the limit exceeded.

HTTP Status Code: 409

Examples

NoSuchEntity

The request was rejected because it referenced a resource entity that does not exist. The error message describes the resource.

HTTP Status Code: 404 ServiceFailure

The request processing has failed because of an unknown error, exception or failure.

HTTP Status Code: 500

Examples

Example

This example illustrates one usage of DetachUserPolicy.

Sample Request

https://iam.amazonaws.com/?Action=DetachUserPolicy

&PolicyArn=arn:aws:iam::aws:policy/AdministratorAccess

&UserName=Alice

&Version=2010-05-08

&AUTHPARAMS

Sample Response

<DetachUserPolicyResponse xmlns="https://iam.amazonaws.com/doc/2010-05-08/">

<ResponseMetadata>

<RequestId>85ba31fa-3d1f-11e4-a4a0-cffb9EXAMPLE</RequestId>

</ResponseMetadata>

</DetachUserPolicyResponse>

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface

• AWS SDK for .NET

• AWS SDK for C++

• AWS SDK for Go

• AWS SDK for Java V2

• AWS SDK for JavaScript

• AWS SDK for JavaScript

在文檔中 AWS Identity and Access Management API Reference API Version 2010-05-08 (頁 128-200)