aws-elixir

View Source AWS.RolesAnywhere (aws-elixir v1.0.4)

Identity and Access Management Roles Anywhere provides a secure way for your workloads such as servers, containers, and applications that run outside of Amazon Web Services to obtain temporary Amazon Web Services credentials.

Your workloads can use the same IAM policies and roles you have for native Amazon Web Services applications to access Amazon Web Services resources. Using IAM Roles Anywhere eliminates the need to manage long-term credentials for workloads running outside of Amazon Web Services.

To use IAM Roles Anywhere, your workloads must use X.509 certificates issued by their certificate authority (CA). You register the CA with IAM Roles Anywhere as a trust anchor to establish trust between your public key infrastructure (PKI) and IAM Roles Anywhere. If you don't manage your own PKI system, you can use Private Certificate Authority to create a CA and then use that to establish trust with IAM Roles Anywhere.

This guide describes the IAM Roles Anywhere operations that you can call programmatically. For more information about IAM Roles Anywhere, see the IAM Roles Anywhere User Guide.

Link to this section Summary

Functions

create_profile(client, input, options \\ [])

Creates a profile, a list of the roles that Roles Anywhere service is trusted to assume.

create_trust_anchor(client, input, options \\ [])

Creates a trust anchor to establish trust between IAM Roles Anywhere and your certificate authority (CA).

delete_attribute_mapping(client, profile_id, input, options \\ [])

Delete an entry from the attribute mapping rules enforced by a given profile.

delete_crl(client, crl_id, input, options \\ [])

Deletes a certificate revocation list (CRL).

delete_profile(client, profile_id, input, options \\ [])

Deletes a profile.

delete_trust_anchor(client, trust_anchor_id, input, options \\ [])

Deletes a trust anchor.

disable_crl(client, crl_id, input, options \\ [])

Disables a certificate revocation list (CRL).

disable_profile(client, profile_id, input, options \\ [])

Disables a profile.

disable_trust_anchor(client, trust_anchor_id, input, options \\ [])

Disables a trust anchor.

enable_crl(client, crl_id, input, options \\ [])

Enables a certificate revocation list (CRL).

enable_profile(client, profile_id, input, options \\ [])

Enables temporary credential requests for a profile.

enable_trust_anchor(client, trust_anchor_id, input, options \\ [])

Enables a trust anchor.

get_crl(client, crl_id, options \\ [])

Gets a certificate revocation list (CRL).

get_profile(client, profile_id, options \\ [])

Gets a profile.

get_subject(client, subject_id, options \\ [])

Gets a subject, which associates a certificate identity with authentication attempts.

get_trust_anchor(client, trust_anchor_id, options \\ [])

Gets a trust anchor.

import_crl(client, input, options \\ [])

Imports the certificate revocation list (CRL).

list_crls(client, next_token \\ nil, page_size \\ nil, options \\ [])

Lists all certificate revocation lists (CRL) in the authenticated account and Amazon Web Services Region.

list_profiles(client, next_token \\ nil, page_size \\ nil, options \\ [])

Lists all profiles in the authenticated account and Amazon Web Services Region.

list_subjects(client, next_token \\ nil, page_size \\ nil, options \\ [])

Lists the subjects in the authenticated account and Amazon Web Services Region.

list_tags_for_resource(client, resource_arn, options \\ [])

Lists the tags attached to the resource.

list_trust_anchors(client, next_token \\ nil, page_size \\ nil, options \\ [])

Lists the trust anchors in the authenticated account and Amazon Web Services Region.

metadata()
put_attribute_mapping(client, profile_id, input, options \\ [])

Put an entry in the attribute mapping rules that will be enforced by a given profile.

put_notification_settings(client, input, options \\ [])

Attaches a list of notification settings to a trust anchor.

reset_notification_settings(client, input, options \\ [])

Resets the custom notification setting to IAM Roles Anywhere default setting.

tag_resource(client, input, options \\ [])

Attaches tags to a resource.

untag_resource(client, input, options \\ [])

Removes tags from the resource.

update_crl(client, crl_id, input, options \\ [])

Updates the certificate revocation list (CRL).

update_profile(client, profile_id, input, options \\ [])

Updates a profile, a list of the roles that IAM Roles Anywhere service is trusted to assume.

update_trust_anchor(client, trust_anchor_id, input, options \\ [])

Updates a trust anchor.

Link to this section Functions

Link to this function

create_profile(client, input, options \\ [])

View Source

Creates a profile, a list of the roles that Roles Anywhere service is trusted to assume.

You use profiles to intersect permissions with IAM managed policies.

required-permissions

 Required permissions:

rolesanywhere:CreateProfile.

Link to this function

create_trust_anchor(client, input, options \\ [])

View Source

Creates a trust anchor to establish trust between IAM Roles Anywhere and your certificate authority (CA).

You can define a trust anchor as a reference to an Private Certificate Authority (Private CA) or by uploading a CA certificate. Your Amazon Web Services workloads can authenticate with the trust anchor using certificates issued by the CA in exchange for temporary Amazon Web Services credentials.

required-permissions

 Required permissions:

rolesanywhere:CreateTrustAnchor.

Link to this function

delete_attribute_mapping(client, profile_id, input, options \\ [])

View Source

Delete an entry from the attribute mapping rules enforced by a given profile.

Link to this function

delete_crl(client, crl_id, input, options \\ [])

View Source

Deletes a certificate revocation list (CRL).

required-permissions

 Required permissions:

rolesanywhere:DeleteCrl.

Link to this function

delete_profile(client, profile_id, input, options \\ [])

View Source

Deletes a profile.

required-permissions

 Required permissions:

rolesanywhere:DeleteProfile.

Link to this function

delete_trust_anchor(client, trust_anchor_id, input, options \\ [])

View Source

Deletes a trust anchor.

required-permissions

 Required permissions:

rolesanywhere:DeleteTrustAnchor.

Link to this function

disable_crl(client, crl_id, input, options \\ [])

View Source

Disables a certificate revocation list (CRL).

required-permissions

 Required permissions:

rolesanywhere:DisableCrl.

Link to this function

disable_profile(client, profile_id, input, options \\ [])

View Source

Disables a profile.

When disabled, temporary credential requests with this profile fail.

required-permissions

 Required permissions:

rolesanywhere:DisableProfile.

Link to this function

disable_trust_anchor(client, trust_anchor_id, input, options \\ [])

View Source

Disables a trust anchor.

When disabled, temporary credential requests specifying this trust anchor are unauthorized.

required-permissions

 Required permissions:

rolesanywhere:DisableTrustAnchor.

Link to this function

enable_crl(client, crl_id, input, options \\ [])

View Source

Enables a certificate revocation list (CRL).

When enabled, certificates stored in the CRL are unauthorized to receive session credentials.

required-permissions

 Required permissions:

rolesanywhere:EnableCrl.

Link to this function

enable_profile(client, profile_id, input, options \\ [])

View Source

Enables temporary credential requests for a profile.

required-permissions

 Required permissions:

rolesanywhere:EnableProfile.

Link to this function

enable_trust_anchor(client, trust_anchor_id, input, options \\ [])

View Source

Enables a trust anchor.

When enabled, certificates in the trust anchor chain are authorized for trust validation.

required-permissions

 Required permissions:

rolesanywhere:EnableTrustAnchor.

Link to this function

get_crl(client, crl_id, options \\ [])

View Source

Gets a certificate revocation list (CRL).

required-permissions

 Required permissions:

rolesanywhere:GetCrl.

Link to this function

get_profile(client, profile_id, options \\ [])

View Source

Gets a profile.

required-permissions

 Required permissions:

rolesanywhere:GetProfile.

Link to this function

get_subject(client, subject_id, options \\ [])

View Source

Gets a subject, which associates a certificate identity with authentication attempts.

The subject stores auditing information such as the status of the last authentication attempt, the certificate data used in the attempt, and the last time the associated identity attempted authentication.

required-permissions

 Required permissions:

rolesanywhere:GetSubject.

Link to this function

get_trust_anchor(client, trust_anchor_id, options \\ [])

View Source

Gets a trust anchor.

required-permissions

 Required permissions:

rolesanywhere:GetTrustAnchor.

Link to this function

import_crl(client, input, options \\ [])

View Source

Imports the certificate revocation list (CRL).

A CRL is a list of certificates that have been revoked by the issuing certificate Authority (CA).In order to be properly imported, a CRL must be in PEM format. IAM Roles Anywhere validates against the CRL before issuing credentials.

required-permissions

 Required permissions:

rolesanywhere:ImportCrl.

Link to this function

list_crls(client, next_token \\ nil, page_size \\ nil, options \\ [])

View Source

Lists all certificate revocation lists (CRL) in the authenticated account and Amazon Web Services Region.

required-permissions

 Required permissions:

rolesanywhere:ListCrls.

Link to this function

list_profiles(client, next_token \\ nil, page_size \\ nil, options \\ [])

View Source

Lists all profiles in the authenticated account and Amazon Web Services Region.

required-permissions

 Required permissions:

rolesanywhere:ListProfiles.

Link to this function

list_subjects(client, next_token \\ nil, page_size \\ nil, options \\ [])

View Source

Lists the subjects in the authenticated account and Amazon Web Services Region.

required-permissions

 Required permissions:

rolesanywhere:ListSubjects.

Link to this function

list_tags_for_resource(client, resource_arn, options \\ [])

View Source

Lists the tags attached to the resource.

required-permissions

 Required permissions:

rolesanywhere:ListTagsForResource.

Link to this function

list_trust_anchors(client, next_token \\ nil, page_size \\ nil, options \\ [])

View Source

Lists the trust anchors in the authenticated account and Amazon Web Services Region.

required-permissions

 Required permissions:

rolesanywhere:ListTrustAnchors.

Link to this function

metadata()

View Source
Link to this function

put_attribute_mapping(client, profile_id, input, options \\ [])

View Source

Put an entry in the attribute mapping rules that will be enforced by a given profile.

A mapping specifies a certificate field and one or more specifiers that have contextual meanings.

Link to this function

put_notification_settings(client, input, options \\ [])

View Source

Attaches a list of notification settings to a trust anchor.

A notification setting includes information such as event name, threshold, status of the notification setting, and the channel to notify.

required-permissions

 Required permissions:

rolesanywhere:PutNotificationSettings.

Link to this function

reset_notification_settings(client, input, options \\ [])

View Source

Resets the custom notification setting to IAM Roles Anywhere default setting.

required-permissions

 Required permissions:

rolesanywhere:ResetNotificationSettings.

Link to this function

tag_resource(client, input, options \\ [])

View Source

Attaches tags to a resource.

required-permissions

 Required permissions:

rolesanywhere:TagResource.

Link to this function

untag_resource(client, input, options \\ [])

View Source

Removes tags from the resource.

required-permissions

 Required permissions:

rolesanywhere:UntagResource.

Link to this function

update_crl(client, crl_id, input, options \\ [])

View Source

Updates the certificate revocation list (CRL).

A CRL is a list of certificates that have been revoked by the issuing certificate authority (CA). IAM Roles Anywhere validates against the CRL before issuing credentials.

required-permissions

 Required permissions:

rolesanywhere:UpdateCrl.

Link to this function

update_profile(client, profile_id, input, options \\ [])

View Source

Updates a profile, a list of the roles that IAM Roles Anywhere service is trusted to assume.

You use profiles to intersect permissions with IAM managed policies.

required-permissions

 Required permissions:

rolesanywhere:UpdateProfile.

Link to this function

update_trust_anchor(client, trust_anchor_id, input, options \\ [])

View Source

Updates a trust anchor.

You establish trust between IAM Roles Anywhere and your certificate authority (CA) by configuring a trust anchor. You can define a trust anchor as a reference to an Private Certificate Authority (Private CA) or by uploading a CA certificate. Your Amazon Web Services workloads can authenticate with the trust anchor using certificates issued by the CA in exchange for temporary Amazon Web Services credentials.

required-permissions

 Required permissions:

rolesanywhere:UpdateTrustAnchor.