View Source AWS.RolesAnywhere (aws-elixir v0.13.3)
AWS Identity and Access Management Roles Anywhere provides a secure way for your workloads such as servers, containers, and applications running outside of AWS to obtain Temporary AWS credentials.
Your workloads can use the same IAM policies and roles that you have configured with native AWS applications to access AWS resources. Using IAM Roles Anywhere will eliminate the need to manage long term credentials for workloads running outside of AWS.
To use IAM Roles Anywhere customer workloads will need to use X.509 certificates issued by their Certificate Authority (CA) . The Certificate Authority (CA) needs to be registered with IAM Roles Anywhere as a trust anchor to establish trust between customer PKI and IAM Roles Anywhere. Customers who do not manage their own PKI system can use AWS Certificate Manager Private Certificate Authority (ACM PCA) to create a Certificate Authority and use that to establish trust with IAM Roles Anywhere
This guide describes the IAM rolesanywhere operations that you can call programmatically. For general information about IAM Roles Anywhere see https://docs.aws.amazon.com/
Link to this section Summary
Functions
Creates a profile.
Creates a trust anchor.
Deletes a certificate revocation list (CRL).
Deletes a profile.
Deletes a trust anchor.
Disables a certificate revocation list (CRL).
Disables a profile.
Disables a trust anchor.
Enables a certificate revocation list (CRL).
Enables the roles in a profile to receive session credentials in CreateSession.
Enables a trust anchor.
Gets a certificate revocation list (CRL).
Gets a profile.
Gets a Subject.
Gets a trust anchor.
Imports the certificate revocation list (CRL).
Lists all Crls in the authenticated account and Amazon Web Services Region.
Lists all profiles in the authenticated account and Amazon Web Services Region.
Lists the subjects in the authenticated account and Amazon Web Services Region.
Lists the tags attached to the resource.
Lists the trust anchors in the authenticated account and Amazon Web Services Region.
Attaches tags to a resource.
Removes tags from the resource.
Updates the certificate revocation list (CRL).
Updates the profile.
Updates the trust anchor.You establish trust between IAM Roles Anywhere and your certificate authority (CA) by configuring a trust anchor.
Link to this section Functions
Creates a profile.
A profile is configuration resource to list the roles that RolesAnywhere service is trusted to assume. In addition, by applying a profile you can intersect permissions with IAM managed policies.
Required permissions: rolesanywhere:CreateProfile
.
Creates a trust anchor.
You establish trust between IAM Roles Anywhere and your certificate authority (CA) by configuring a trust anchor. A Trust Anchor is defined either as a reference to a AWS Certificate Manager Private Certificate Authority (ACM PCA), or by uploading a Certificate Authority (CA) certificate. Your AWS workloads can authenticate with the trust anchor using certificates issued by the trusted Certificate Authority (CA) in exchange for temporary AWS credentials.
Required permissions: rolesanywhere:CreateTrustAnchor
.
Deletes a certificate revocation list (CRL).
Required permissions: rolesanywhere:DeleteCrl
.
Deletes a profile.
Required permissions: rolesanywhere:DeleteProfile
.
delete_trust_anchor(client, trust_anchor_id, input, options \\ [])
View SourceDeletes a trust anchor.
Required permissions: rolesanywhere:DeleteTrustAnchor
.
Disables a certificate revocation list (CRL).
Required permissions: rolesanywhere:DisableCrl
.
Disables a profile.
When disabled, CreateSession requests with this profile fail.
Required permissions: rolesanywhere:DisableProfile
.
disable_trust_anchor(client, trust_anchor_id, input, options \\ [])
View SourceDisables a trust anchor.
When disabled, CreateSession requests specifying this trust anchor are unauthorized.
Required permissions: rolesanywhere:DisableTrustAnchor
.
Enables a certificate revocation list (CRL).
When enabled, certificates stored in the CRL are unauthorized to receive session credentials.
Required permissions: rolesanywhere:EnableCrl
.
Enables the roles in a profile to receive session credentials in CreateSession.
Required permissions: rolesanywhere:EnableProfile
.
enable_trust_anchor(client, trust_anchor_id, input, options \\ [])
View SourceEnables a trust anchor.
When enabled, certificates in the trust anchor chain are authorized for trust validation.
Required permissions: rolesanywhere:EnableTrustAnchor
.
Gets a certificate revocation list (CRL).
Required permissions: rolesanywhere:GetCrl
.
Gets a profile.
Required permissions: rolesanywhere:GetProfile
.
Gets a Subject.
A Subject associates a certificate identity with authentication attempts by CreateSession. The Subject resources stores audit information such as status of the last authentication attempt, the certificate data used in the attempt, and the last time the associated identity attempted authentication.
Required permissions: rolesanywhere:GetSubject
.
Gets a trust anchor.
Required permissions: rolesanywhere:GetTrustAnchor
.
Imports the certificate revocation list (CRL).
CRl is a list of certificates that have been revoked by the issuing certificate Authority (CA). IAM Roles Anywhere validates against the crl list before issuing credentials.
Required permissions: rolesanywhere:ImportCrl
.
list_crls(client, next_token \\ nil, page_size \\ nil, options \\ [])
View SourceLists all Crls in the authenticated account and Amazon Web Services Region.
Required permissions: rolesanywhere:ListCrls
.
list_profiles(client, next_token \\ nil, page_size \\ nil, options \\ [])
View SourceLists all profiles in the authenticated account and Amazon Web Services Region.
Required permissions: rolesanywhere:ListProfiles
.
list_subjects(client, next_token \\ nil, page_size \\ nil, options \\ [])
View SourceLists the subjects in the authenticated account and Amazon Web Services Region.
Required permissions: rolesanywhere:ListSubjects
.
Lists the tags attached to the resource.
Required permissions: rolesanywhere:ListTagsForResource
.
list_trust_anchors(client, next_token \\ nil, page_size \\ nil, options \\ [])
View SourceLists the trust anchors in the authenticated account and Amazon Web Services Region.
Required permissions: rolesanywhere:ListTrustAnchors
.
Attaches tags to a resource.
Required permissions: rolesanywhere:TagResource
.
Removes tags from the resource.
Required permissions: rolesanywhere:UntagResource
.
Updates the certificate revocation list (CRL).
CRl is a list of certificates that have been revoked by the issuing certificate Authority (CA). IAM Roles Anywhere validates against the crl list before issuing credentials.
Required permissions: rolesanywhere:UpdateCrl
.
Updates the profile.
A profile is configuration resource to list the roles that RolesAnywhere service is trusted to assume. In addition, by applying a profile you can scope-down permissions with IAM managed policies.
Required permissions: rolesanywhere:UpdateProfile
.
update_trust_anchor(client, trust_anchor_id, input, options \\ [])
View SourceUpdates the trust anchor.You establish trust between IAM Roles Anywhere and your certificate authority (CA) by configuring a trust anchor.
A Trust Anchor is defined either as a reference to a AWS Certificate Manager Private Certificate Authority (ACM PCA), or by uploading a Certificate Authority (CA) certificate. Your AWS workloads can authenticate with the trust anchor using certificates issued by the trusted Certificate Authority (CA) in exchange for temporary AWS credentials.
Required permissions: rolesanywhere:UpdateTrustAnchor
.