Module types

Data structures used by operation inputs/outputs.

Modules

builders

Builders

error

Error types that AWS Identity and Access Management can respond with.

Structs

AccessDetail

An object that contains details about when a principal in the reported Organizations entity last attempted to access an Amazon Web Services service. A principal can be an IAM user, an IAM role, or the Amazon Web Services account root user within the reported Organizations entity.

This data type is a response element in the GetOrganizationsAccessReport operation.

AccessKey

Contains information about an Amazon Web Services access key.

This data type is used as a response element in the CreateAccessKey and ListAccessKeys operations.

The SecretAccessKey value is returned only in response to CreateAccessKey. You can get a secret access key only when you first create an access key; you cannot recover the secret access key later. If you lose a secret access key, you must create a new access key.

AccessKeyLastUsed

Contains information about the last time an Amazon Web Services access key was used since IAM began tracking this information on April 22, 2015.

This data type is used as a response element in the GetAccessKeyLastUsed operation.

AccessKeyMetadata

Contains information about an Amazon Web Services access key, without its secret key.

This data type is used as a response element in the ListAccessKeys operation.

AttachedPermissionsBoundary

Contains information about an attached permissions boundary.

An attached permissions boundary is a managed policy that has been attached to a user or role to set the permissions boundary.

For more information about permissions boundaries, see Permissions boundaries for IAM identities in the IAM User Guide.

AttachedPolicy

Contains information about an attached policy.

An attached policy is a managed policy that has been attached to a user, group, or role. This data type is used as a response element in the ListAttachedGroupPolicies, ListAttachedRolePolicies, ListAttachedUserPolicies, and GetAccountAuthorizationDetails operations.

For more information about managed policies, refer to Managed policies and inline policies in the IAM User Guide.

ContextEntry

Contains information about a condition context key. It includes the name of the key and specifies the value (or values, if the context key supports multiple values) to use in the simulation. This information is used when evaluating the Condition elements of the input policies.

This data type is used as an input parameter to SimulateCustomPolicy and SimulatePrincipalPolicy.

DeletionTaskFailureReasonType

The reason that the service-linked role deletion failed.

This data type is used as a response element in the GetServiceLinkedRoleDeletionStatus operation.

EntityDetails

An object that contains details about when the IAM entities (users or roles) were last used in an attempt to access the specified Amazon Web Services service.

This data type is a response element in the GetServiceLastAccessedDetailsWithEntities operation.

EntityInfo

Contains details about the specified entity (user or role).

This data type is an element of the EntityDetails object.

ErrorDetails

Contains information about the reason that the operation failed.

This data type is used as a response element in the GetOrganizationsAccessReport, GetServiceLastAccessedDetails, and GetServiceLastAccessedDetailsWithEntities operations.

EvaluationResult

Contains the results of a simulation.

This data type is used by the return parameter of SimulateCustomPolicy and SimulatePrincipalPolicy .

Group

Contains information about an IAM group entity.

This data type is used as a response element in the following operations:

• CreateGroup

• GetGroup

• ListGroups

GroupDetail

Contains information about an IAM group, including all of the group's policies.

This data type is used as a response element in the GetAccountAuthorizationDetails operation.

InstanceProfile

Contains information about an instance profile.

This data type is used as a response element in the following operations:

• CreateInstanceProfile

• GetInstanceProfile

• ListInstanceProfiles

• ListInstanceProfilesForRole

ListPoliciesGrantingServiceAccessEntry

Contains details about the permissions policies that are attached to the specified identity (user, group, or role).

This data type is used as a response element in the ListPoliciesGrantingServiceAccess operation.

LoginProfile

Contains the user name and password create date for a user.

This data type is used as a response element in the CreateLoginProfile and GetLoginProfile operations.

ManagedPolicyDetail

Contains information about a managed policy, including the policy's ARN, versions, and the number of principal entities (users, groups, and roles) that the policy is attached to.

This data type is used as a response element in the GetAccountAuthorizationDetails operation.

For more information about managed policies, see Managed policies and inline policies in the IAM User Guide.

MfaDevice

Contains information about an MFA device.

This data type is used as a response element in the ListMFADevices operation.

OpenIdConnectProviderListEntry

Contains the Amazon Resource Name (ARN) for an IAM OpenID Connect provider.

OrganizationsDecisionDetail

Contains information about the effect that Organizations has on a policy simulation.

PasswordPolicy

Contains information about the account password policy.

This data type is used as a response element in the GetAccountPasswordPolicy operation.

PermissionsBoundaryDecisionDetail

Contains information about the effect that a permissions boundary has on a policy simulation when the boundary is applied to an IAM entity.

Policy

Contains information about a managed policy.

This data type is used as a response element in the CreatePolicy, GetPolicy, and ListPolicies operations.

For more information about managed policies, refer to Managed policies and inline policies in the IAM User Guide.

PolicyDetail

Contains information about an IAM policy, including the policy document.

This data type is used as a response element in the GetAccountAuthorizationDetails operation.

PolicyGrantingServiceAccess

Contains details about the permissions policies that are attached to the specified identity (user, group, or role).

This data type is an element of the ListPoliciesGrantingServiceAccessEntry object.

PolicyGroup

Contains information about a group that a managed policy is attached to.

This data type is used as a response element in the ListEntitiesForPolicy operation.

For more information about managed policies, refer to Managed policies and inline policies in the IAM User Guide.

PolicyRole

Contains information about a role that a managed policy is attached to.

This data type is used as a response element in the ListEntitiesForPolicy operation.

For more information about managed policies, refer to Managed policies and inline policies in the IAM User Guide.

PolicyUser

Contains information about a user that a managed policy is attached to.

This data type is used as a response element in the ListEntitiesForPolicy operation.

For more information about managed policies, refer to Managed policies and inline policies in the IAM User Guide.

PolicyVersion

Contains information about a version of a managed policy.

This data type is used as a response element in the CreatePolicyVersion, GetPolicyVersion, ListPolicyVersions, and GetAccountAuthorizationDetails operations.

For more information about managed policies, refer to Managed policies and inline policies in the IAM User Guide.

Position

Contains the row and column of a location of a Statement element in a policy document.

This data type is used as a member of the Statement type.

ResourceSpecificResult

Contains the result of the simulation of a single API operation call on a single resource.

This data type is used by a member of the EvaluationResult data type.

Role

Contains information about an IAM role. This structure is returned as a response element in several API operations that interact with roles.

RoleDetail

Contains information about an IAM role, including all of the role's policies.

This data type is used as a response element in the GetAccountAuthorizationDetails operation.

RoleLastUsed

Contains information about the last time that an IAM role was used. This includes the date and time and the Region in which the role was last used. Activity is only reported for the trailing 400 days. This period can be shorter if your Region began supporting these features within the last year. The role might have been used more than 400 days ago. For more information, see Regions where data is tracked in the IAM user Guide.

This data type is returned as a response element in the GetRole and GetAccountAuthorizationDetails operations.

RoleUsageType

An object that contains details about how a service-linked role is used, if that information is returned by the service.

This data type is used as a response element in the GetServiceLinkedRoleDeletionStatus operation.

SamlPrivateKey

Contains the private keys for the SAML provider.

This data type is used as a response element in the GetSAMLProvider operation.

SamlProviderListEntry

Contains the list of SAML providers for this account.

ServerCertificate

Contains information about a server certificate.

This data type is used as a response element in the GetServerCertificate operation.

ServerCertificateMetadata

Contains information about a server certificate without its certificate body, certificate chain, and private key.

This data type is used as a response element in the UploadServerCertificate and ListServerCertificates operations.

ServiceLastAccessed

Contains details about the most recent attempt to access the service.

This data type is used as a response element in the GetServiceLastAccessedDetails operation.

ServiceSpecificCredential

Contains the details of a service-specific credential.

ServiceSpecificCredentialMetadata

Contains additional details about a service-specific credential.

SigningCertificate

Contains information about an X.509 signing certificate.

This data type is used as a response element in the UploadSigningCertificate and ListSigningCertificates operations.

SshPublicKey

Contains information about an SSH public key.

This data type is used as a response element in the GetSSHPublicKey and UploadSSHPublicKey operations.

SshPublicKeyMetadata

Contains information about an SSH public key, without the key's body or fingerprint.

This data type is used as a response element in the ListSSHPublicKeys operation.

Statement

Contains a reference to a Statement element in a policy document that determines the result of the simulation.

This data type is used by the MatchedStatements member of the EvaluationResult type.

Tag

A structure that represents user-provided metadata that can be associated with an IAM resource. For more information about tagging, see Tagging IAM resources in the IAM User Guide.

TrackedActionLastAccessed

Contains details about the most recent attempt to access an action within the service.

This data type is used as a response element in the GetServiceLastAccessedDetails operation.

User

Contains information about an IAM user entity.

This data type is used as a response element in the following operations:

• CreateUser

• GetUser

• ListUsers

UserDetail

Contains information about an IAM user, including all the user's policies and all the IAM groups the user is in.

This data type is used as a response element in the GetAccountAuthorizationDetails operation.

VirtualMfaDevice

Contains information about a virtual MFA device.

Enums

AccessAdvisorUsageGranularityType

When writing a match expression against AccessAdvisorUsageGranularityType, it is important to ensure your code is forward-compatible. That is, if a match arm handles a case for a feature that is supported by the service but has not been represented as an enum variant in a current version of SDK, your code should continue to work when you upgrade SDK to a future version in which the enum does include a variant for that feature.

AssertionEncryptionModeType

When writing a match expression against AssertionEncryptionModeType, it is important to ensure your code is forward-compatible. That is, if a match arm handles a case for a feature that is supported by the service but has not been represented as an enum variant in a current version of SDK, your code should continue to work when you upgrade SDK to a future version in which the enum does include a variant for that feature.

AssignmentStatusType

When writing a match expression against AssignmentStatusType, it is important to ensure your code is forward-compatible. That is, if a match arm handles a case for a feature that is supported by the service but has not been represented as an enum variant in a current version of SDK, your code should continue to work when you upgrade SDK to a future version in which the enum does include a variant for that feature.

ContextKeyTypeEnum

When writing a match expression against ContextKeyTypeEnum, it is important to ensure your code is forward-compatible. That is, if a match arm handles a case for a feature that is supported by the service but has not been represented as an enum variant in a current version of SDK, your code should continue to work when you upgrade SDK to a future version in which the enum does include a variant for that feature.

DeletionTaskStatusType

When writing a match expression against DeletionTaskStatusType, it is important to ensure your code is forward-compatible. That is, if a match arm handles a case for a feature that is supported by the service but has not been represented as an enum variant in a current version of SDK, your code should continue to work when you upgrade SDK to a future version in which the enum does include a variant for that feature.

EncodingType

When writing a match expression against EncodingType, it is important to ensure your code is forward-compatible. That is, if a match arm handles a case for a feature that is supported by the service but has not been represented as an enum variant in a current version of SDK, your code should continue to work when you upgrade SDK to a future version in which the enum does include a variant for that feature.

EntityType

When writing a match expression against EntityType, it is important to ensure your code is forward-compatible. That is, if a match arm handles a case for a feature that is supported by the service but has not been represented as an enum variant in a current version of SDK, your code should continue to work when you upgrade SDK to a future version in which the enum does include a variant for that feature.

FeatureType

When writing a match expression against FeatureType, it is important to ensure your code is forward-compatible. That is, if a match arm handles a case for a feature that is supported by the service but has not been represented as an enum variant in a current version of SDK, your code should continue to work when you upgrade SDK to a future version in which the enum does include a variant for that feature.

GlobalEndpointTokenVersion

When writing a match expression against GlobalEndpointTokenVersion, it is important to ensure your code is forward-compatible. That is, if a match arm handles a case for a feature that is supported by the service but has not been represented as an enum variant in a current version of SDK, your code should continue to work when you upgrade SDK to a future version in which the enum does include a variant for that feature.

JobStatusType

When writing a match expression against JobStatusType, it is important to ensure your code is forward-compatible. That is, if a match arm handles a case for a feature that is supported by the service but has not been represented as an enum variant in a current version of SDK, your code should continue to work when you upgrade SDK to a future version in which the enum does include a variant for that feature.

PermissionsBoundaryAttachmentType

When writing a match expression against PermissionsBoundaryAttachmentType, it is important to ensure your code is forward-compatible. That is, if a match arm handles a case for a feature that is supported by the service but has not been represented as an enum variant in a current version of SDK, your code should continue to work when you upgrade SDK to a future version in which the enum does include a variant for that feature.

PolicyEvaluationDecisionType

When writing a match expression against PolicyEvaluationDecisionType, it is important to ensure your code is forward-compatible. That is, if a match arm handles a case for a feature that is supported by the service but has not been represented as an enum variant in a current version of SDK, your code should continue to work when you upgrade SDK to a future version in which the enum does include a variant for that feature.

PolicyOwnerEntityType

When writing a match expression against PolicyOwnerEntityType, it is important to ensure your code is forward-compatible. That is, if a match arm handles a case for a feature that is supported by the service but has not been represented as an enum variant in a current version of SDK, your code should continue to work when you upgrade SDK to a future version in which the enum does include a variant for that feature.

PolicyScopeType

When writing a match expression against PolicyScopeType, it is important to ensure your code is forward-compatible. That is, if a match arm handles a case for a feature that is supported by the service but has not been represented as an enum variant in a current version of SDK, your code should continue to work when you upgrade SDK to a future version in which the enum does include a variant for that feature.

PolicySourceType

When writing a match expression against PolicySourceType, it is important to ensure your code is forward-compatible. That is, if a match arm handles a case for a feature that is supported by the service but has not been represented as an enum variant in a current version of SDK, your code should continue to work when you upgrade SDK to a future version in which the enum does include a variant for that feature.

PolicyType

When writing a match expression against PolicyType, it is important to ensure your code is forward-compatible. That is, if a match arm handles a case for a feature that is supported by the service but has not been represented as an enum variant in a current version of SDK, your code should continue to work when you upgrade SDK to a future version in which the enum does include a variant for that feature.

PolicyUsageType

When writing a match expression against PolicyUsageType, it is important to ensure your code is forward-compatible. That is, if a match arm handles a case for a feature that is supported by the service but has not been represented as an enum variant in a current version of SDK, your code should continue to work when you upgrade SDK to a future version in which the enum does include a variant for that feature.

ReportFormatType

When writing a match expression against ReportFormatType, it is important to ensure your code is forward-compatible. That is, if a match arm handles a case for a feature that is supported by the service but has not been represented as an enum variant in a current version of SDK, your code should continue to work when you upgrade SDK to a future version in which the enum does include a variant for that feature.

ReportStateType

When writing a match expression against ReportStateType, it is important to ensure your code is forward-compatible. That is, if a match arm handles a case for a feature that is supported by the service but has not been represented as an enum variant in a current version of SDK, your code should continue to work when you upgrade SDK to a future version in which the enum does include a variant for that feature.

SortKeyType

When writing a match expression against SortKeyType, it is important to ensure your code is forward-compatible. That is, if a match arm handles a case for a feature that is supported by the service but has not been represented as an enum variant in a current version of SDK, your code should continue to work when you upgrade SDK to a future version in which the enum does include a variant for that feature.

StatusType

When writing a match expression against StatusType, it is important to ensure your code is forward-compatible. That is, if a match arm handles a case for a feature that is supported by the service but has not been represented as an enum variant in a current version of SDK, your code should continue to work when you upgrade SDK to a future version in which the enum does include a variant for that feature.

SummaryKeyType

When writing a match expression against SummaryKeyType, it is important to ensure your code is forward-compatible. That is, if a match arm handles a case for a feature that is supported by the service but has not been represented as an enum variant in a current version of SDK, your code should continue to work when you upgrade SDK to a future version in which the enum does include a variant for that feature.