Struct IamClient 

pub struct IamClient<'a> { /* private fields */ }

Client for the AWS Identity and Access Management API.

Implementations

impl<'a> IamClient<'a>

pub async fn list_users(&self) -> Result<ListUsersResponse>

List all IAM users in the account.

pub async fn list_attached_user_policies( &self, user_name: &str, ) -> Result<ListAttachedUserPoliciesResponse>

List all managed policies attached to the specified IAM user.

pub async fn detach_user_policy( &self, user_name: &str, policy_arn: &str, ) -> Result<()>

Remove a managed policy from an IAM user.

pub async fn delete_access_key( &self, user_name: &str, access_key_id: &str, ) -> Result<()>

Delete an access key pair for an IAM user.

pub async fn list_access_keys( &self, user_name: &str, ) -> Result<ListAccessKeysResponse>

List access keys for an IAM user.

pub async fn get_access_key_last_used( &self, access_key_id: &str, ) -> Result<GetAccessKeyLastUsedResponse>

Retrieve information about when an access key was last used.

pub async fn generate_credential_report( &self, ) -> Result<GenerateCredentialReportResponse>

Generate a credential report for the AWS account.

pub async fn get_credential_report(&self) -> Result<GetCredentialReportResponse>

Retrieve a credential report for the AWS account.

pub async fn update_access_key( &self, user_name: &str, access_key_id: &str, status: &str, ) -> Result<()>

Change the status of an access key from Active to Inactive, or vice versa.

pub async fn list_mfa_devices( &self, user_name: &str, ) -> Result<ListMFADevicesResponse>

List MFA devices for an IAM user.

pub async fn get_login_profile( &self, user_name: &str, ) -> Result<GetLoginProfileResponse>

Get the login profile (console password) for an IAM user.

pub async fn get_account_summary(&self) -> Result<GetAccountSummaryResponse>

Get the account-level summary of IAM entity usage and quotas.

pub async fn get_account_password_policy( &self, ) -> Result<GetAccountPasswordPolicyResponse>

Get the account password policy.

pub async fn update_account_password_policy( &self, body: &UpdateAccountPasswordPolicyRequest, ) -> Result<()>

Update the account password policy.

pub async fn list_roles(&self) -> Result<ListRolesResponse>

List all IAM roles in the account.

pub async fn list_user_policies( &self, user_name: &str, ) -> Result<ListUserPoliciesResponse>

List inline policy names for an IAM user.

pub async fn list_groups_for_user( &self, user_name: &str, ) -> Result<ListGroupsForUserResponse>

List the groups that an IAM user belongs to.

pub async fn list_server_certificates( &self, ) -> Result<ListServerCertificatesResponse>

List all server certificates in the account.

pub async fn delete_user_policy( &self, user_name: &str, policy_name: &str, ) -> Result<()>

Delete an inline policy from an IAM user.

pub async fn attach_role_policy( &self, role_name: &str, policy_arn: &str, ) -> Result<()>

Attach a managed policy to an IAM role.

pub async fn detach_role_policy( &self, role_name: &str, policy_arn: &str, ) -> Result<()>

Detach a managed policy from an IAM role.

pub async fn create_service_linked_role( &self, aws_service_name: &str, ) -> Result<CreateServiceLinkedRoleResponse>

Create a service-linked role for an AWS service.

pub async fn get_user_policy( &self, user_name: &str, policy_name: &str, ) -> Result<GetUserPolicyResponse>

Retrieve an inline policy document embedded in an IAM user.

pub async fn list_attached_group_policies( &self, group_name: &str, ) -> Result<ListAttachedGroupPoliciesResponse>

List all managed policies attached to an IAM group.

pub async fn list_virtual_mfa_devices( &self, assignment_status: Option<&str>, ) -> Result<ListVirtualMFADevicesResponse>

Return the first page of virtual MFA devices.

assignment_status: optional filter — "Assigned", "Unassigned", or "Any" (default when None).

pub async fn list_all_virtual_mfa_devices( &self, ) -> Result<Vec<VirtualMFADevice>>

Return all virtual MFA devices in the account, following pagination.

CIS 2.5: the root account should use a hardware MFA device, not a virtual one. Any VirtualMFADevice whose serial number contains "root-account-mfa-device" indicates virtual MFA on root.

pub async fn list_policies( &self, scope: Option<&str>, marker: Option<&str>, ) -> Result<ListPoliciesResponse>

Return the first page of IAM policies.

scope: "Local" (customer-managed), "AWS" (AWS-managed), or "All" (default when None).

pub async fn list_all_policies( &self, scope: Option<&str>, ) -> Result<Vec<Policy>>

Return all IAM policies for the given scope, following pagination.

CIS 2.15: pass scope = Some("Local") to enumerate customer-managed policies, then call get_policy_version on each to inspect for unrestricted "*:*" statements.

pub async fn get_policy_version( &self, policy_arn: &str, version_id: &str, ) -> Result<GetPolicyVersionResponse>

Retrieve a specific version of a managed policy.

The document field in the response is URL-encoded JSON. Decode it with urlencoding::decode before parsing.

CIS 2.15: inspect the document for statements allowing "*" actions on "*" resources to detect policies with full admin access.

pub async fn list_entities_for_policy( &self, policy_arn: &str, ) -> Result<ListEntitiesForPolicyResponse>

Return the first page of entities (groups, users, roles) attached to a managed policy.

pub async fn list_all_entities_for_policy( &self, policy_arn: &str, ) -> Result<ListEntitiesForPolicyResponse>

Return all entities attached to a managed policy, following pagination.

Merges PolicyGroups, PolicyUsers, and PolicyRoles across all pages into a single response.

CIS 2.16: verify at least one entity is attached to AWSSupportAccess. CIS 2.21: verify no entity is attached to AWSCloudShellFullAccess (or only approved entities).