2025/06/30 - AWS Identity and Access Management - 14 updated api methods
Changes Updated IAM ServiceSpecificCredential support to include expiration, API Key output format instead of username and password for services that will support API keys, and the ability to list credentials for all users in the account for a given service configuration.
{'AccessKey': {'Status': {'Expired'}}}
Creates a new Amazon Web Services secret access key and corresponding Amazon Web Services access key ID for the specified user. The default status for new keys is Active.
If you do not specify a user name, IAM determines the user name implicitly based on the Amazon Web Services access key ID signing the request. This operation works for access keys under the Amazon Web Services account. Consequently, you can use this operation to manage Amazon Web Services account root user credentials. This is true even if the Amazon Web Services account has no associated users.
For information about quotas on the number of keys you can create, see IAM and STS quotas in the IAM User Guide.
See also: AWS API Documentation
Request Syntax
client.create_access_key(
UserName='string'
)
string
The name of the IAM user that the new key will belong to.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
dict
Response Syntax
{
'AccessKey': {
'UserName': 'string',
'AccessKeyId': 'string',
'Status': 'Active'|'Inactive'|'Expired',
'SecretAccessKey': 'string',
'CreateDate': datetime(2015, 1, 1)
}
}
Response Structure
(dict) --
Contains the response to a successful CreateAccessKey request.
AccessKey (dict) --
A structure with details about the access key.
UserName (string) --
The name of the IAM user that the access key is associated with.
AccessKeyId (string) --
The ID for this access key.
Status (string) --
The status of the access key. Active means that the key is valid for API calls, while Inactive means it is not.
SecretAccessKey (string) --
The secret key used to sign requests.
CreateDate (datetime) --
The date when the access key was created.
{'CredentialAgeDays': 'integer'}
Response {'ServiceSpecificCredential': {'ExpirationDate': 'timestamp',
'ServiceCredentialAlias': 'string',
'ServiceCredentialSecret': 'string',
'Status': {'Expired'}}}
Generates a set of credentials consisting of a user name and password that can be used to access the service specified in the request. These credentials are generated by IAM, and can be used only for the specified service.
You can have a maximum of two sets of service-specific credentials for each supported service per user.
You can create service-specific credentials for Amazon Bedrock, CodeCommit and Amazon Keyspaces (for Apache Cassandra).
You can reset the password to a new service-generated value by calling ResetServiceSpecificCredential.
For more information about service-specific credentials, see Service-specific credentials for IAM users in the IAM User Guide.
See also: AWS API Documentation
Request Syntax
client.create_service_specific_credential(
UserName='string',
ServiceName='string',
CredentialAgeDays=123
)
string
[REQUIRED]
The name of the IAM user that is to be associated with the credentials. The new service-specific credentials have the same permissions as the associated user except that they can be used only to access the specified service.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
string
[REQUIRED]
The name of the Amazon Web Services service that is to be associated with the credentials. The service you specify here is the only service that can be accessed using these credentials.
integer
The number of days until the service specific credential expires. This field is only valid for Bedrock API keys and must be a positive integer. When not specified, the credential will not expire.
dict
Response Syntax
{
'ServiceSpecificCredential': {
'CreateDate': datetime(2015, 1, 1),
'ExpirationDate': datetime(2015, 1, 1),
'ServiceName': 'string',
'ServiceUserName': 'string',
'ServicePassword': 'string',
'ServiceCredentialAlias': 'string',
'ServiceCredentialSecret': 'string',
'ServiceSpecificCredentialId': 'string',
'UserName': 'string',
'Status': 'Active'|'Inactive'|'Expired'
}
}
Response Structure
(dict) --
ServiceSpecificCredential (dict) --
A structure that contains information about the newly created service-specific credential.
CreateDate (datetime) --
The date and time, in ISO 8601 date-time format, when the service-specific credential were created.
ExpirationDate (datetime) --
The date and time when the service specific credential expires. This field is only present for Bedrock API keys that were created with an expiration period.
ServiceName (string) --
The name of the service associated with the service-specific credential.
ServiceUserName (string) --
The generated user name for the service-specific credential. This value is generated by combining the IAM user's name combined with the ID number of the Amazon Web Services account, as in jane-at-123456789012, for example. This value cannot be configured by the user.
ServicePassword (string) --
The generated password for the service-specific credential.
ServiceCredentialAlias (string) --
For Bedrock API keys, this is the public portion of the credential that includes the IAM user name and a suffix containing version and creation information.
ServiceCredentialSecret (string) --
For Bedrock API keys, this is the secret portion of the credential that should be used to authenticate API calls. This value is returned only when the credential is created.
ServiceSpecificCredentialId (string) --
The unique identifier for the service-specific credential.
UserName (string) --
The name of the IAM user associated with the service-specific credential.
Status (string) --
The status of the service-specific credential. Active means that the key is valid for API calls, while Inactive means it is not.
{'SSHPublicKey': {'Status': {'Expired'}}}
Retrieves the specified SSH public key, including metadata about the key.
The SSH public key retrieved by this operation is used only for authenticating the associated IAM user to an CodeCommit repository. For more information about using SSH keys to authenticate to an CodeCommit repository, see Set up CodeCommit for SSH connections in the CodeCommit User Guide.
See also: AWS API Documentation
Request Syntax
client.get_ssh_public_key(
UserName='string',
SSHPublicKeyId='string',
Encoding='SSH'|'PEM'
)
string
[REQUIRED]
The name of the IAM user associated with the SSH public key.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
string
[REQUIRED]
The unique identifier for the SSH public key.
This parameter allows (through its regex pattern) a string of characters that can consist of any upper or lowercased letter or digit.
string
[REQUIRED]
Specifies the public key encoding format to use in the response. To retrieve the public key in ssh-rsa format, use SSH. To retrieve the public key in PEM format, use PEM.
dict
Response Syntax
{
'SSHPublicKey': {
'UserName': 'string',
'SSHPublicKeyId': 'string',
'Fingerprint': 'string',
'SSHPublicKeyBody': 'string',
'Status': 'Active'|'Inactive'|'Expired',
'UploadDate': datetime(2015, 1, 1)
}
}
Response Structure
(dict) --
Contains the response to a successful GetSSHPublicKey request.
SSHPublicKey (dict) --
A structure containing details about the SSH public key.
UserName (string) --
The name of the IAM user associated with the SSH public key.
SSHPublicKeyId (string) --
The unique identifier for the SSH public key.
Fingerprint (string) --
The MD5 message digest of the SSH public key.
SSHPublicKeyBody (string) --
The SSH public key.
Status (string) --
The status of the SSH public key. Active means that the key can be used for authentication with an CodeCommit repository. Inactive means that the key cannot be used.
UploadDate (datetime) --
The date and time, in ISO 8601 date-time format, when the SSH public key was uploaded.
{'AccessKeyMetadata': {'Status': {'Expired'}}}
Returns information about the access key IDs associated with the specified IAM user. If there is none, the operation returns an empty list.
Although each user is limited to a small number of keys, you can still paginate the results using the MaxItems and Marker parameters.
If the UserName is not specified, the user name is determined implicitly based on the Amazon Web Services access key ID used to sign the request. If a temporary access key is used, then UserName is required. If a long-term key is assigned to the user, then UserName is not required.
This operation works for access keys under the Amazon Web Services account. If the Amazon Web Services account has no associated users, the root user returns it's own access key IDs by running this command.
See also: AWS API Documentation
Request Syntax
client.list_access_keys(
UserName='string',
Marker='string',
MaxItems=123
)
string
The name of the user.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
string
Use this parameter only when paginating results and only after you receive a response indicating that the results are truncated. Set it to the value of the Marker element in the response that you received to indicate where the next call should start.
integer
Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the IsTruncated response element is true.
If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true, and Marker contains a value to include in the subsequent call that tells the service where to continue from.
dict
Response Syntax
{
'AccessKeyMetadata': [
{
'UserName': 'string',
'AccessKeyId': 'string',
'Status': 'Active'|'Inactive'|'Expired',
'CreateDate': datetime(2015, 1, 1)
},
],
'IsTruncated': True|False,
'Marker': 'string'
}
Response Structure
(dict) --
Contains the response to a successful ListAccessKeys request.
AccessKeyMetadata (list) --
A list of objects containing metadata about the access keys.
(dict) --
Contains information about an Amazon Web Services access key, without its secret key.
This data type is used as a response element in the ListAccessKeys operation.
UserName (string) --
The name of the IAM user that the key is associated with.
AccessKeyId (string) --
The ID for this access key.
Status (string) --
The status of the access key. Active means that the key is valid for API calls; Inactive means it is not.
CreateDate (datetime) --
The date when the access key was created.
IsTruncated (boolean) --
A flag that indicates whether there are more items to return. If your results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items. Note that IAM might return fewer than the MaxItems number of results even when there are more results available. We recommend that you check IsTruncated after every call to ensure that you receive all your results.
Marker (string) --
When IsTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent pagination request.
{'SSHPublicKeys': {'Status': {'Expired'}}}
Returns information about the SSH public keys associated with the specified IAM user. If none exists, the operation returns an empty list.
The SSH public keys returned by this operation are used only for authenticating the IAM user to an CodeCommit repository. For more information about using SSH keys to authenticate to an CodeCommit repository, see Set up CodeCommit for SSH connections in the CodeCommit User Guide.
Although each user is limited to a small number of keys, you can still paginate the results using the MaxItems and Marker parameters.
See also: AWS API Documentation
Request Syntax
client.list_ssh_public_keys(
UserName='string',
Marker='string',
MaxItems=123
)
string
The name of the IAM user to list SSH public keys for. If none is specified, the UserName field is determined implicitly based on the Amazon Web Services access key used to sign the request.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
string
Use this parameter only when paginating results and only after you receive a response indicating that the results are truncated. Set it to the value of the Marker element in the response that you received to indicate where the next call should start.
integer
Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the IsTruncated response element is true.
If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true, and Marker contains a value to include in the subsequent call that tells the service where to continue from.
dict
Response Syntax
{
'SSHPublicKeys': [
{
'UserName': 'string',
'SSHPublicKeyId': 'string',
'Status': 'Active'|'Inactive'|'Expired',
'UploadDate': datetime(2015, 1, 1)
},
],
'IsTruncated': True|False,
'Marker': 'string'
}
Response Structure
(dict) --
Contains the response to a successful ListSSHPublicKeys request.
SSHPublicKeys (list) --
A list of the SSH public keys assigned to IAM user.
(dict) --
Contains information about an SSH public key, without the key's body or fingerprint.
This data type is used as a response element in the ListSSHPublicKeys operation.
UserName (string) --
The name of the IAM user associated with the SSH public key.
SSHPublicKeyId (string) --
The unique identifier for the SSH public key.
Status (string) --
The status of the SSH public key. Active means that the key can be used for authentication with an CodeCommit repository. Inactive means that the key cannot be used.
UploadDate (datetime) --
The date and time, in ISO 8601 date-time format, when the SSH public key was uploaded.
IsTruncated (boolean) --
A flag that indicates whether there are more items to return. If your results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items. Note that IAM might return fewer than the MaxItems number of results even when there are more results available. We recommend that you check IsTruncated after every call to ensure that you receive all your results.
Marker (string) --
When IsTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent pagination request.
{'AllUsers': 'boolean', 'Marker': 'string', 'MaxItems': 'integer'}
Response {'IsTruncated': 'boolean',
'Marker': 'string',
'ServiceSpecificCredentials': {'ExpirationDate': 'timestamp',
'ServiceCredentialAlias': 'string',
'Status': {'Expired'}}}
Returns information about the service-specific credentials associated with the specified IAM user. If none exists, the operation returns an empty list. The service-specific credentials returned by this operation are used only for authenticating the IAM user to a specific service. For more information about using service-specific credentials to authenticate to an Amazon Web Services service, see Set up service-specific credentials in the CodeCommit User Guide.
See also: AWS API Documentation
Request Syntax
client.list_service_specific_credentials(
UserName='string',
ServiceName='string',
AllUsers=True|False,
Marker='string',
MaxItems=123
)
string
The name of the user whose service-specific credentials you want information about. If this value is not specified, then the operation assumes the user whose credentials are used to call the operation.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
string
Filters the returned results to only those for the specified Amazon Web Services service. If not specified, then Amazon Web Services returns service-specific credentials for all services.
boolean
A flag indicating whether to list service specific credentials for all users. This parameter cannot be specified together with UserName. When true, returns all credentials associated with the specified service.
string
Use this parameter only when paginating results and only after you receive a response indicating that the results are truncated. Set it to the value of the Marker from the response that you received to indicate where the next call should start.
integer
Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the IsTruncated response element is true.
dict
Response Syntax
{
'ServiceSpecificCredentials': [
{
'UserName': 'string',
'Status': 'Active'|'Inactive'|'Expired',
'ServiceUserName': 'string',
'ServiceCredentialAlias': 'string',
'CreateDate': datetime(2015, 1, 1),
'ExpirationDate': datetime(2015, 1, 1),
'ServiceSpecificCredentialId': 'string',
'ServiceName': 'string'
},
],
'Marker': 'string',
'IsTruncated': True|False
}
Response Structure
(dict) --
ServiceSpecificCredentials (list) --
A list of structures that each contain details about a service-specific credential.
(dict) --
Contains additional details about a service-specific credential.
UserName (string) --
The name of the IAM user associated with the service-specific credential.
Status (string) --
The status of the service-specific credential. Active means that the key is valid for API calls, while Inactive means it is not.
ServiceUserName (string) --
The generated user name for the service-specific credential.
ServiceCredentialAlias (string) --
For Bedrock API keys, this is the public portion of the credential that includes the IAM user name and a suffix containing version and creation information.
CreateDate (datetime) --
The date and time, in ISO 8601 date-time format, when the service-specific credential were created.
ExpirationDate (datetime) --
The date and time when the service specific credential expires. This field is only present for Bedrock API keys that were created with an expiration period.
ServiceSpecificCredentialId (string) --
The unique identifier for the service-specific credential.
ServiceName (string) --
The name of the service associated with the service-specific credential.
Marker (string) --
When IsTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent pagination request.
IsTruncated (boolean) --
A flag that indicates whether there are more items to return. If your results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items.
{'Certificates': {'Status': {'Expired'}}}
Returns information about the signing certificates associated with the specified IAM user. If none exists, the operation returns an empty list.
Although each user is limited to a small number of signing certificates, you can still paginate the results using the MaxItems and Marker parameters.
If the UserName field is not specified, the user name is determined implicitly based on the Amazon Web Services access key ID used to sign the request for this operation. This operation works for access keys under the Amazon Web Services account. Consequently, you can use this operation to manage Amazon Web Services account root user credentials even if the Amazon Web Services account has no associated users.
See also: AWS API Documentation
Request Syntax
client.list_signing_certificates(
UserName='string',
Marker='string',
MaxItems=123
)
string
The name of the IAM user whose signing certificates you want to examine.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
string
Use this parameter only when paginating results and only after you receive a response indicating that the results are truncated. Set it to the value of the Marker element in the response that you received to indicate where the next call should start.
integer
Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the IsTruncated response element is true.
If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true, and Marker contains a value to include in the subsequent call that tells the service where to continue from.
dict
Response Syntax
{
'Certificates': [
{
'UserName': 'string',
'CertificateId': 'string',
'CertificateBody': 'string',
'Status': 'Active'|'Inactive'|'Expired',
'UploadDate': datetime(2015, 1, 1)
},
],
'IsTruncated': True|False,
'Marker': 'string'
}
Response Structure
(dict) --
Contains the response to a successful ListSigningCertificates request.
Certificates (list) --
A list of the user's signing certificate information.
(dict) --
Contains information about an X.509 signing certificate.
This data type is used as a response element in the UploadSigningCertificate and ListSigningCertificates operations.
UserName (string) --
The name of the user the signing certificate is associated with.
CertificateId (string) --
The ID for the signing certificate.
CertificateBody (string) --
The contents of the signing certificate.
Status (string) --
The status of the signing certificate. Active means that the key is valid for API calls, while Inactive means it is not.
UploadDate (datetime) --
The date when the signing certificate was uploaded.
IsTruncated (boolean) --
A flag that indicates whether there are more items to return. If your results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items. Note that IAM might return fewer than the MaxItems number of results even when there are more results available. We recommend that you check IsTruncated after every call to ensure that you receive all your results.
Marker (string) --
When IsTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent pagination request.
{'ServiceSpecificCredential': {'ExpirationDate': 'timestamp',
'ServiceCredentialAlias': 'string',
'ServiceCredentialSecret': 'string',
'Status': {'Expired'}}}
Resets the password for a service-specific credential. The new password is Amazon Web Services generated and cryptographically strong. It cannot be configured by the user. Resetting the password immediately invalidates the previous password associated with this user.
See also: AWS API Documentation
Request Syntax
client.reset_service_specific_credential(
UserName='string',
ServiceSpecificCredentialId='string'
)
string
The name of the IAM user associated with the service-specific credential. If this value is not specified, then the operation assumes the user whose credentials are used to call the operation.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
string
[REQUIRED]
The unique identifier of the service-specific credential.
This parameter allows (through its regex pattern) a string of characters that can consist of any upper or lowercased letter or digit.
dict
Response Syntax
{
'ServiceSpecificCredential': {
'CreateDate': datetime(2015, 1, 1),
'ExpirationDate': datetime(2015, 1, 1),
'ServiceName': 'string',
'ServiceUserName': 'string',
'ServicePassword': 'string',
'ServiceCredentialAlias': 'string',
'ServiceCredentialSecret': 'string',
'ServiceSpecificCredentialId': 'string',
'UserName': 'string',
'Status': 'Active'|'Inactive'|'Expired'
}
}
Response Structure
(dict) --
ServiceSpecificCredential (dict) --
A structure with details about the updated service-specific credential, including the new password.
CreateDate (datetime) --
The date and time, in ISO 8601 date-time format, when the service-specific credential were created.
ExpirationDate (datetime) --
The date and time when the service specific credential expires. This field is only present for Bedrock API keys that were created with an expiration period.
ServiceName (string) --
The name of the service associated with the service-specific credential.
ServiceUserName (string) --
The generated user name for the service-specific credential. This value is generated by combining the IAM user's name combined with the ID number of the Amazon Web Services account, as in jane-at-123456789012, for example. This value cannot be configured by the user.
ServicePassword (string) --
The generated password for the service-specific credential.
ServiceCredentialAlias (string) --
For Bedrock API keys, this is the public portion of the credential that includes the IAM user name and a suffix containing version and creation information.
ServiceCredentialSecret (string) --
For Bedrock API keys, this is the secret portion of the credential that should be used to authenticate API calls. This value is returned only when the credential is created.
ServiceSpecificCredentialId (string) --
The unique identifier for the service-specific credential.
UserName (string) --
The name of the IAM user associated with the service-specific credential.
Status (string) --
The status of the service-specific credential. Active means that the key is valid for API calls, while Inactive means it is not.
{'Status': {'Expired'}}
Changes the status of the specified access key from Active to Inactive, or vice versa. This operation can be used to disable a user's key as part of a key rotation workflow.
If the UserName is not specified, the user name is determined implicitly based on the Amazon Web Services access key ID used to sign the request. If a temporary access key is used, then UserName is required. If a long-term key is assigned to the user, then UserName is not required. This operation works for access keys under the Amazon Web Services account. Consequently, you can use this operation to manage Amazon Web Services account root user credentials even if the Amazon Web Services account has no associated users.
For information about rotating keys, see Managing keys and certificates in the IAM User Guide.
See also: AWS API Documentation
Request Syntax
client.update_access_key(
UserName='string',
AccessKeyId='string',
Status='Active'|'Inactive'|'Expired'
)
string
The name of the user whose key you want to update.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
string
[REQUIRED]
The access key ID of the secret access key you want to update.
This parameter allows (through its regex pattern) a string of characters that can consist of any upper or lowercased letter or digit.
string
[REQUIRED]
The status you want to assign to the secret access key. Active means that the key can be used for programmatic calls to Amazon Web Services, while Inactive means that the key cannot be used.
None
{'Status': {'Expired'}}
Sets the status of an IAM user's SSH public key to active or inactive. SSH public keys that are inactive cannot be used for authentication. This operation can be used to disable a user's SSH public key as part of a key rotation work flow.
The SSH public key affected by this operation is used only for authenticating the associated IAM user to an CodeCommit repository. For more information about using SSH keys to authenticate to an CodeCommit repository, see Set up CodeCommit for SSH connections in the CodeCommit User Guide.
See also: AWS API Documentation
Request Syntax
client.update_ssh_public_key(
UserName='string',
SSHPublicKeyId='string',
Status='Active'|'Inactive'|'Expired'
)
string
[REQUIRED]
The name of the IAM user associated with the SSH public key.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
string
[REQUIRED]
The unique identifier for the SSH public key.
This parameter allows (through its regex pattern) a string of characters that can consist of any upper or lowercased letter or digit.
string
[REQUIRED]
The status to assign to the SSH public key. Active means that the key can be used for authentication with an CodeCommit repository. Inactive means that the key cannot be used.
None
{'Status': {'Expired'}}
Sets the status of a service-specific credential to Active or Inactive. Service-specific credentials that are inactive cannot be used for authentication to the service. This operation can be used to disable a user's service-specific credential as part of a credential rotation work flow.
See also: AWS API Documentation
Request Syntax
client.update_service_specific_credential(
UserName='string',
ServiceSpecificCredentialId='string',
Status='Active'|'Inactive'|'Expired'
)
string
The name of the IAM user associated with the service-specific credential. If you do not specify this value, then the operation assumes the user whose credentials are used to call the operation.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
string
[REQUIRED]
The unique identifier of the service-specific credential.
This parameter allows (through its regex pattern) a string of characters that can consist of any upper or lowercased letter or digit.
string
[REQUIRED]
The status to be assigned to the service-specific credential.
None
{'Status': {'Expired'}}
Changes the status of the specified user signing certificate from active to disabled, or vice versa. This operation can be used to disable an IAM user's signing certificate as part of a certificate rotation work flow.
If the UserName field is not specified, the user name is determined implicitly based on the Amazon Web Services access key ID used to sign the request. This operation works for access keys under the Amazon Web Services account. Consequently, you can use this operation to manage Amazon Web Services account root user credentials even if the Amazon Web Services account has no associated users.
See also: AWS API Documentation
Request Syntax
client.update_signing_certificate(
UserName='string',
CertificateId='string',
Status='Active'|'Inactive'|'Expired'
)
string
The name of the IAM user the signing certificate belongs to.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
string
[REQUIRED]
The ID of the signing certificate you want to update.
This parameter allows (through its regex pattern) a string of characters that can consist of any upper or lowercased letter or digit.
string
[REQUIRED]
The status you want to assign to the certificate. Active means that the certificate can be used for programmatic calls to Amazon Web Services Inactive means that the certificate cannot be used.
None
{'SSHPublicKey': {'Status': {'Expired'}}}
Uploads an SSH public key and associates it with the specified IAM user.
The SSH public key uploaded by this operation can be used only for authenticating the associated IAM user to an CodeCommit repository. For more information about using SSH keys to authenticate to an CodeCommit repository, see Set up CodeCommit for SSH connections in the CodeCommit User Guide.
See also: AWS API Documentation
Request Syntax
client.upload_ssh_public_key(
UserName='string',
SSHPublicKeyBody='string'
)
string
[REQUIRED]
The name of the IAM user to associate the SSH public key with.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
string
[REQUIRED]
The SSH public key. The public key must be encoded in ssh-rsa format or PEM format. The minimum bit-length of the public key is 2048 bits. For example, you can generate a 2048-bit key, and the resulting PEM file is 1679 bytes long.
The regex pattern used to validate this parameter is a string of characters consisting of the following:
Any printable ASCII character ranging from the space character ( \u0020) through the end of the ASCII character range
The printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF)
The special characters tab ( \u0009), line feed ( \u000A), and carriage return ( \u000D)
dict
Response Syntax
{
'SSHPublicKey': {
'UserName': 'string',
'SSHPublicKeyId': 'string',
'Fingerprint': 'string',
'SSHPublicKeyBody': 'string',
'Status': 'Active'|'Inactive'|'Expired',
'UploadDate': datetime(2015, 1, 1)
}
}
Response Structure
(dict) --
Contains the response to a successful UploadSSHPublicKey request.
SSHPublicKey (dict) --
Contains information about the SSH public key.
UserName (string) --
The name of the IAM user associated with the SSH public key.
SSHPublicKeyId (string) --
The unique identifier for the SSH public key.
Fingerprint (string) --
The MD5 message digest of the SSH public key.
SSHPublicKeyBody (string) --
The SSH public key.
Status (string) --
The status of the SSH public key. Active means that the key can be used for authentication with an CodeCommit repository. Inactive means that the key cannot be used.
UploadDate (datetime) --
The date and time, in ISO 8601 date-time format, when the SSH public key was uploaded.
{'Certificate': {'Status': {'Expired'}}}
Uploads an X.509 signing certificate and associates it with the specified IAM user. Some Amazon Web Services services require you to use certificates to validate requests that are signed with a corresponding private key. When you upload the certificate, its default status is Active.
For information about when you would use an X.509 signing certificate, see Managing server certificates in IAM in the IAM User Guide.
If the UserName is not specified, the IAM user name is determined implicitly based on the Amazon Web Services access key ID used to sign the request. This operation works for access keys under the Amazon Web Services account. Consequently, you can use this operation to manage Amazon Web Services account root user credentials even if the Amazon Web Services account has no associated users.
See also: AWS API Documentation
Request Syntax
client.upload_signing_certificate(
UserName='string',
CertificateBody='string'
)
string
The name of the user the signing certificate is for.
This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
string
[REQUIRED]
The contents of the signing certificate.
The regex pattern used to validate this parameter is a string of characters consisting of the following:
Any printable ASCII character ranging from the space character ( \u0020) through the end of the ASCII character range
The printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF)
The special characters tab ( \u0009), line feed ( \u000A), and carriage return ( \u000D)
dict
Response Syntax
{
'Certificate': {
'UserName': 'string',
'CertificateId': 'string',
'CertificateBody': 'string',
'Status': 'Active'|'Inactive'|'Expired',
'UploadDate': datetime(2015, 1, 1)
}
}
Response Structure
(dict) --
Contains the response to a successful UploadSigningCertificate request.
Certificate (dict) --
Information about the certificate.
UserName (string) --
The name of the user the signing certificate is associated with.
CertificateId (string) --
The ID for the signing certificate.
CertificateBody (string) --
The contents of the signing certificate.
Status (string) --
The status of the signing certificate. Active means that the key is valid for API calls, while Inactive means it is not.
UploadDate (datetime) --
The date when the signing certificate was uploaded.