Connection module for Amazon IAM
New in version 2014.7.0.
configuration: | This module accepts explicit iam credentials but can also utilize IAM roles assigned to the instance trough Instance Profiles. Dynamic credentials are then automatically obtained from AWS API and no further configuration is necessary. More Information available at: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html
If IAM roles are not used you need to specify them either in a pillar or in the minion's config file: iam.keyid: GKTADJGHEIQSXMKKRBJ08H
iam.key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs
iam.region: us-east-1
It's also possible to specify key, keyid and region via a profile, either as a passed in dict, or as a string to pull from pillars or minion config: myprofile:
keyid: GKTADJGHEIQSXMKKRBJ08H
key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs
region: us-east-1
|
---|---|
depends: | boto |
salt.modules.boto_iam.
add_user_to_group
(user_name, group_name, region=None, key=None, keyid=None, profile=None)¶Add user to group.
New in version Beryllium.
CLI Example:
salt myminion boto_iam.add_user_to_group myuser mygroup
salt.modules.boto_iam.
associate_profile_to_role
(profile_name, role_name, region=None, key=None, keyid=None, profile=None)¶Associate an instance profile with an IAM role.
CLI Example:
salt myminion boto_iam.associate_profile_to_role myirole myiprofile
salt.modules.boto_iam.
build_policy
(region=None, key=None, keyid=None, profile=None)¶Build a default assume role policy.
New in version Beryllium.
CLI Example:
salt myminion boto_iam.build_policy
salt.modules.boto_iam.
create_access_key
(user_name, region=None, key=None, keyid=None, profile=None)¶Create access key id for a user.
New in version Beryllium.
CLI Example:
salt myminion boto_iam.create_access_key myuser
salt.modules.boto_iam.
create_group
(group_name, path=None, region=None, key=None, keyid=None, profile=None)¶Create a group.
New in version Beryllium.
CLI Example:
salt myminion boto_iam.create_group group
salt.modules.boto_iam.
create_instance_profile
(name, region=None, key=None, keyid=None, profile=None)¶Create an instance profile.
CLI Example:
salt myminion boto_iam.create_instance_profile myiprofile
salt.modules.boto_iam.
create_login_profile
(user_name, password, region=None, key=None, keyid=None, profile=None)¶Creates a login profile for the specified user, give the user the ability to access AWS services and the AWS Management Console.
New in version Beryllium.
CLI Example:
salt myminion boto_iam.create_login_profile user_name password
salt.modules.boto_iam.
create_role
(name, policy_document=None, path=None, region=None, key=None, keyid=None, profile=None)¶Create an instance role.
CLI Example:
salt myminion boto_iam.create_role myrole
salt.modules.boto_iam.
create_role_policy
(role_name, policy_name, policy, region=None, key=None, keyid=None, profile=None)¶Create or modify a role policy.
CLI Example:
salt myminion boto_iam.create_role_policy myirole mypolicy '{"MyPolicy": "Statement": [{"Action": ["sqs:*"], "Effect": "Allow", "Resource": ["arn:aws:sqs:*:*:*"], "Sid": "MyPolicySqs1"}]}'
salt.modules.boto_iam.
create_user
(user_name, path=None, region=None, key=None, keyid=None, profile=None)¶Create a user.
New in version Beryllium.
CLI Example:
salt myminion boto_iam.create_user myuser
salt.modules.boto_iam.
delete_access_key
(access_key_id, user_name=None, region=None, key=None, keyid=None, profile=None)¶Delete access key id from a user.
New in version Beryllium.
CLI Example:
salt myminion boto_iam.delete_access_key myuser
salt.modules.boto_iam.
delete_group_policy
(group_name, policy_name, region=None, key=None, keyid=None, profile=None)¶Delete a group policy.
CLI Example:
.. code-block:: bash
salt myminion boto_iam.delete_group_policy mygroup mypolicy
salt.modules.boto_iam.
delete_instance_profile
(name, region=None, key=None, keyid=None, profile=None)¶Delete an instance profile.
CLI Example:
salt myminion boto_iam.delete_instance_profile myiprofile
salt.modules.boto_iam.
delete_role
(name, region=None, key=None, keyid=None, profile=None)¶Delete an IAM role.
CLI Example:
salt myminion boto_iam.delete_role myirole
salt.modules.boto_iam.
delete_role_policy
(role_name, policy_name, region=None, key=None, keyid=None, profile=None)¶Delete a role policy.
CLI Example:
salt myminion boto_iam.delete_role_policy myirole mypolicy
salt.modules.boto_iam.
delete_server_cert
(cert_name, region=None, key=None, keyid=None, profile=None)¶Deletes a certificate from Amazon.
New in version Beryllium.
CLI Example:
salt myminion boto_iam.delete_server_cert mycert_name
salt.modules.boto_iam.
delete_user
(user_name, region=None, key=None, keyid=None, profile=None)¶Delete a user.
New in version Beryllium.
CLI Example:
salt myminion boto_iam.delete_user myuser
salt.modules.boto_iam.
delete_user_policy
(user_name, policy_name, region=None, key=None, keyid=None, profile=None)¶Delete a user policy.
CLI Example:
salt myminion boto_iam.delete_user_policy myuser mypolicy
salt.modules.boto_iam.
describe_role
(name, region=None, key=None, keyid=None, profile=None)¶Get information for a role.
CLI Example:
salt myminion boto_iam.describe_role myirole
salt.modules.boto_iam.
disassociate_profile_from_role
(profile_name, role_name, region=None, key=None, keyid=None, profile=None)¶Disassociate an instance profile from an IAM role.
CLI Example:
salt myminion boto_iam.disassociate_profile_from_role myirole myiprofile
salt.modules.boto_iam.
get_account_id
(region=None, key=None, keyid=None, profile=None)¶Get a the AWS account id associated with the used credentials.
CLI Example:
salt myminion boto_iam.get_account_id
salt.modules.boto_iam.
get_account_policy
(region=None, key=None, keyid=None, profile=None)¶Get account policy for the AWS account.
New in version Beryllium.
CLI Example:
salt myminion boto_iam.get_account_policy
salt.modules.boto_iam.
get_all_access_keys
(user_name, marker=None, max_items=None, region=None, key=None, keyid=None, profile=None)¶Get all access keys from a user.
New in version Beryllium.
CLI Example:
salt myminion boto_iam.get_all_access_keys myuser
salt.modules.boto_iam.
get_all_group_policies
(group_name, region=None, key=None, keyid=None, profile=None)¶Get a list of policy names from a group.
CLI Example:
salt myminion boto_iam.get_all_group_policies mygroup
salt.modules.boto_iam.
get_all_user_policies
(user_name, marker=None, max_items=None, region=None, key=None, keyid=None, profile=None)¶Get all user policies.
New in version Beryllium.
CLI Example:
salt myminion boto_iam.get_group mygroup
salt.modules.boto_iam.
get_group
(group_name, marker=None, max_items=None, region=None, key=None, keyid=None, profile=None)¶Get group information.
New in version Beryllium.
CLI Example:
salt myminion boto_iam.get_group mygroup
salt.modules.boto_iam.
get_group_policy
(group_name, policy_name, region=None, key=None, keyid=None, profile=None)¶Retrieves the specified policy document for the specified group.
New in version Beryllium.
CLI Example:
salt myminion boto_iam.get_group_policy mygroup policyname
salt.modules.boto_iam.
get_role_policy
(role_name, policy_name, region=None, key=None, keyid=None, profile=None)¶Get a role policy.
CLI Example:
salt myminion boto_iam.get_role_policy myirole mypolicy
salt.modules.boto_iam.
get_server_certificate
(cert_name, region=None, key=None, keyid=None, profile=None)¶Returns certificate information from Amazon
New in version Beryllium.
CLI Example:
salt myminion boto_iam.get_server_certificate mycert_name
salt.modules.boto_iam.
get_user
(user_name=None, region=None, key=None, keyid=None, profile=None)¶Get user information.
New in version Beryllium.
CLI Example:
salt myminion boto_iam.get_user myuser
salt.modules.boto_iam.
get_user_policy
(user_name, policy_name, region=None, key=None, keyid=None, profile=None)¶Retrieves the specified policy document for the specified user.
New in version Beryllium.
CLI Example:
salt myminion boto_iam.get_user_policy myuser mypolicyname
salt.modules.boto_iam.
instance_profile_exists
(name, region=None, key=None, keyid=None, profile=None)¶Check to see if an instance profile exists.
CLI Example:
salt myminion boto_iam.instance_profile_exists myiprofile
salt.modules.boto_iam.
list_role_policies
(role_name, region=None, key=None, keyid=None, profile=None)¶Get a list of policy names from a role.
CLI Example:
salt myminion boto_iam.list_role_policies myirole
salt.modules.boto_iam.
profile_associated
(role_name, profile_name, region, key, keyid, profile)¶Check to see if an instance profile is associated with an IAM role.
CLI Example:
salt myminion boto_iam.profile_associated myirole myiprofile
salt.modules.boto_iam.
put_group_policy
(group_name, policy_name, policy_json, region=None, key=None, keyid=None, profile=None)¶Adds or updates the specified policy document for the specified group.
New in version Beryllium.
CLI Example:
salt myminion boto_iam.put_group_policy mygroup policyname policyrules
salt.modules.boto_iam.
put_user_policy
(user_name, policy_name, policy_json, region=None, key=None, keyid=None, profile=None)¶Adds or updates the specified policy document for the specified user.
New in version Beryllium.
CLI Example:
salt myminion boto_iam.put_user_policy myuser policyname policyrules
salt.modules.boto_iam.
remove_user_from_group
(group_name, user_name, region=None, key=None, keyid=None, profile=None)¶Remove user from group.
New in version Beryllium.
CLI Example:
salt myminion boto_iam.remove_user_from_group mygroup myuser
salt.modules.boto_iam.
role_exists
(name, region=None, key=None, keyid=None, profile=None)¶Check to see if an IAM role exists.
CLI Example:
salt myminion boto_iam.role_exists myirole
salt.modules.boto_iam.
update_account_password_policy
(allow_users_to_change_password=None, hard_expiry=None, max_password_age=None, minimum_password_length=None, password_reuse_prevention=None, require_lowercase_characters=None, require_numbers=None, require_symbols=None, require_uppercase_characters=None, region=None, key=None, keyid=None, profile=None)¶Update the password policy for the AWS account.
New in version Beryllium.
CLI Example:
salt myminion boto_iam.update_account_password_policy True
salt.modules.boto_iam.
update_assume_role_policy
(role_name, policy_document, region=None, key=None, keyid=None, profile=None)¶Update an assume role policy for a role.
New in version Beryllium.
CLI Example:
salt myminion boto_iam.update_assume_role_policy myrole '{"Statement":"..."}'
salt.modules.boto_iam.
upload_server_cert
(cert_name, cert_body, private_key, cert_chain=None, path=None, region=None, key=None, keyid=None, profile=None)¶Upload a certificate to Amazon.
New in version Beryllium.
CLI Example:
salt myminion boto_iam.upload_server_cert mycert_name crt priv_key
Parameters: |
|
---|---|
Returns: | True / False |
salt.modules.boto_iam.
user_exists_in_group
(user_name, group_name, region=None, key=None, keyid=None, profile=None)¶Check if user exists in group.
New in version Beryllium.
CLI Example:
salt myminion boto_iam.user_exists_in_group myuser mygroup