Title:	AWS IAM Client Package
Version:	0.1.8
Description:	A simple client for the Amazon Web Services ('AWS') Identity and Access Management ('IAM') 'API' https://aws.amazon.com/iam/.
License:	GPL-2 | GPL-3 [expanded from: GPL (≥ 2)]
Imports:	utils, httr, xml2, jsonlite, aws.signature (≥ 0.3.4)
URL:	https://github.com/cloudyr/aws.iam
BugReports:	https://github.com/cloudyr/aws.iam/issues
RoxygenNote:	7.1.0
NeedsCompilation:	no
Packaged:	2020-04-07 01:30:38 UTC; svnuser
Author:	Thomas J. Leeper [aut], Simon Urbanek [cre, ctb]
Maintainer:	Simon Urbanek <simon.urbanek@R-project.org>
Repository:	CRAN
Date/Publication:	2020-04-07 09:50:16 UTC

aws.iam

Description

AWS IAM and STS Client Package

Details

A simple client package for the Amazon Web Services (AWS) Identity and Access Management (IAM) and Simple Token Service (STS) APIs.

Author(s)

Thomas J. Leeper <thosjleeper@gmail.com>

References

IAM Documentation

Manage IAM Polices

Description

Retrieve, create, update, and delete IAM Role, User, and Group Polices

Usage

add_policy(user, group, role, policy, doc, ...)

update_policy(role, doc, ...)

get_policy(policy, user, group, role, ...)

delete_policy(user, group, role, policy, ...)

list_policies(user, group, role, n, marker, ...)

Arguments

Value

add_policy and get_policy return objects of class “iam_policy”. update_policy and delete_policy return a logical TRUE (if successful) or an error. list_policies returns a list of IAM role objects.

Change Password

Description

Change password for currently authenticated user

Usage

change_pwd(old, new, ...)

get_pwd_policy(...)

set_pwd_policy(
  allowchange,
  hardexpire,
  age,
  length,
  previous,
  requirements,
  ...
)

Arguments

Value

get_pwd_policy returns a list. change_pwd and set_pwd_policy return a logical TRUE (if successful).

References

IAM Password Policies

Manage IAM Account Aliases

Description

Retrieve, create, update, and delete IAM Account Aliases

Usage

create_alias(alias, ...)

delete_alias(alias, ...)

list_aliases(n, marker, ...)

Arguments

Value

create_alias and delete_alias return a logical TRUE (if successful). list_aliases returns a list of objects of class “iam_alias”.

References

AWS Account Aliases

Manage IAM User Groups

Description

Retrieve, create, update, and delete IAM user groups

Usage

create_group(group, path, ...)

update_group(group, name, path, ...)

delete_group(group, ...)

get_group_users(group, n, marker, ...)

list_groups(user, n, marker, path, ...)

add_user(user, group, ...)

remove_user(user, group, ...)

Arguments

Value

create_group and get_group return objects of class “iam_group”. update_group and delete_group, add_user, and remove_user return a logical TRUE (if successful) or an error. list_groups returns a list of IAM group objects. get_group_users returns a list of objects of class “iam_user”, with a “iam_group” attribute.

See Also

create_user, create_role,

Examples

## Not run: 
 list_groups()

# create group
(g <- create_group("example"))
# rename
update_group(g, "example2")
list_groups()

# create example user
u <- create_user("example-user")
# add user to group
add_user(u, "example2")

get_group_users("example2")

# cleanup
remove_user(u, "example2")
delete_user(u)
delete_group("example2")

## End(Not run)

Manage Access Keys/Credentials

Description

Retrieve, create, update, and delete IAM access keys

Usage

create_key(user, ...)

update_key(key, user, status, ...)

delete_key(key, user, ...)

list_keys(user, n, marker, ...)

Arguments

Value

create_user and get_user return objects of class “iam_user”. update_user and delete_user return a logical TRUE (if successful) or an error. list_users returns a list of IAM user objects.

See Also

create_user

Examples

## Not run: 
# list access keys
list_keys()

# create a user key
u <- create_user("example-user")
str(k <- create_key(u))

# toggle key status to inactive
update_key(k, u, "Inactive")
list_keys(u)

# cleanup
delete_key(k)
delete_user(u)

## End(Not run)

Instance Profiles

Description

Create, retrieve, list, and delete EC2 Instance Profiles

Usage

create_profile(profile, path, ...)

delete_profile(profile, ...)

get_profile(profile, ...)

list_profiles(role, n, marker, path, ...)

Arguments

Value

An object of class “iam_instance_profile”.

References

About Instance Profiles API Documentation: CreateInstanceProfile API Documentation: DeleteInstanceProfile API Documentation: GetInstanceProfile API Documentation: ListInstanceProfiles

Manage IAM Roles

Description

Retrieve, create, update, and delete IAM Roles

Usage

create_role(role, policy, path, ...)

delete_role(role, ...)

add_profile_role(role, profile, ...)

remove_profile_role(role, profile, ...)

list_roles(n, marker, path, ...)

Arguments

Value

create_role and get_role return objects of class “iam_role”. update_role and delete_role return a logical TRUE (if successful) or an error. list_roles returns a list of IAM role objects.

See Also

create_user, create_group,

Manage IAM Users

Description

Retrieve, create, update, and delete IAM Users

Usage

create_user(user, path, ...)

update_user(user, name, path, ...)

get_user(user, ...)

delete_user(user, ...)

list_users(n, marker, path, ...)

Arguments

Value

create_user and get_user return objects of class “iam_user”. update_user and delete_user return a logical TRUE (if successful) or an error. list_users returns a list of IAM user objects.

Examples

## Not run: 
list_users()

# create example user
u <- create_user("example-user")

# cleanup
delete_user(u)

## End(Not run)

Get Account Details

Description

Retrieve IAM Account Details. This is useful as a “hello world!” test.

Usage

get_account(...)

credential_report(...)

auth_details(type, n, marker, ...)

Arguments

Details

get_account returns a list of account details. credential_report generates and/or retrieves a credential report. auth_details returns a list of group, user, role, and policy details.

Value

A list containing various account details.

Examples

## Not run: 
# account details
get_aaccount()

# big list of authorizations
auth_details()

## End(Not run)

Temporary Session Tokens

Description

Get a temporary credentials (i.e., a Session Token)

Usage

get_session_token(duration = 900, id, code, tags, use = FALSE, ...)

get_federation_token(duration = 900, name, policy, use = FALSE, ...)

get_caller_identity(...)

assume_role(
  role,
  session,
  duration,
  id,
  code,
  externalid,
  policy,
  tags,
  transitive.tags,
  use = FALSE,
  ...
)

Arguments

Details

get_caller_identity returns the account ID and ARN for the currently credentialled user. This can be used to confirm that an assumed role has indeed been assumed.

get_session_token and get_federation_token generate and return temporary credentials.

Details about the underlying behavior of the various API endpoints can be found at Requesting Temporary Security Credentials.

Value

A list.

References

API Reference: GetCallerIdentity API Reference: GetSessionToken API Reference: GetFederationToken API Reference: AssumeRole API Reference: AssumeRoleWithSAML API Reference: AssumeRoleWithWebIdentity

Examples

## Not run: 
get_caller_identity() # check current identity

x <- get_session_token() # get token (T1) but do not use
set_credentials(x)       # now use those credentials

x <- get_session_token(use = TRUE) # get and use another temp token (T2)
get_caller_identity() # check that token is in use

# assume a role
r <- assume_role("arn:aws:iam::111111111111:role/my-role", "test", use=TRUE)
get_caller_identity() # check that the role has been assumed

restore_credentials() # return to credentials of T2
restore_credentials() # return to credentials of T1
restore_credentials() # return to root credentials
get_caller_identity() # check identity, again

## End(Not run)

Workhorse API Query Functions

Description

These are the low-level API querying functions for IAM and STS. Users do not need to use these directly.

Usage

iamHTTP(
  verb = "GET",
  query,
  headers = list(),
  body = "",
  version = "2010-05-08",
  verbose = getOption("verbose", FALSE),
  region = Sys.getenv("AWS_DEFAULT_REGION", "us-east-1"),
  key = NULL,
  secret = NULL,
  session_token = NULL,
  ...
)

stsHTTP(
  query,
  headers = list(),
  body = "",
  version = "2011-06-15",
  verbose = getOption("verbose", FALSE),
  region = Sys.getenv("AWS_DEFAULT_REGION", "us-east-1"),
  key = NULL,
  secret = NULL,
  session_token = NULL,
  ...
)

Arguments

Save/restore/manage session credentials

Description

The following functions manage the environment variables AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY and AWS_SESSION_TOKEN used for credentials for all AWS API calls.

save_credentials saves the current credentials to a stack of credentials kept in the session. Always returns TRUE.

restore_credentials restores the last saved credentials and pops them off the stack.

delete_saved_credentials removes the last saved credentials without using them.

set_credentials uses credentials list as supplied by the REST API and makes them current by assigning their values to the corresponding AWS_* environment variables. If save.previous is TRUE then the currently used credentials are first saved on the stack ebfore being replaced with the new ones.

Most functions in the STS section call set_credentials() automatically if use = TRUE is set.

Usage

save_credentials()

set_credentials(credentials, save.previous = TRUE)

delete_saved_credentials(all = FALSE)

restore_credentials(pop = TRUE, root = FALSE)

Arguments

Details

Since aws.iam version 0.1.8 the credentials are kept on a stack, so it is possible to use save_credentials() several times without restoring them. This allows role chaining. At the end of a chained session it is possible to get back to the main credentials using restore_credentials(pop=TRUE, root=TRUE).