Rolesanywhere
This page documents function available when using the Rolesanywhere module, created with @service Rolesanywhere.
Index
Main.Rolesanywhere.create_profileMain.Rolesanywhere.create_trust_anchorMain.Rolesanywhere.delete_crlMain.Rolesanywhere.delete_profileMain.Rolesanywhere.delete_trust_anchorMain.Rolesanywhere.disable_crlMain.Rolesanywhere.disable_profileMain.Rolesanywhere.disable_trust_anchorMain.Rolesanywhere.enable_crlMain.Rolesanywhere.enable_profileMain.Rolesanywhere.enable_trust_anchorMain.Rolesanywhere.get_crlMain.Rolesanywhere.get_profileMain.Rolesanywhere.get_subjectMain.Rolesanywhere.get_trust_anchorMain.Rolesanywhere.import_crlMain.Rolesanywhere.list_crlsMain.Rolesanywhere.list_profilesMain.Rolesanywhere.list_subjectsMain.Rolesanywhere.list_tags_for_resourceMain.Rolesanywhere.list_trust_anchorsMain.Rolesanywhere.tag_resourceMain.Rolesanywhere.untag_resourceMain.Rolesanywhere.update_crlMain.Rolesanywhere.update_profileMain.Rolesanywhere.update_trust_anchor
Documentation
Main.Rolesanywhere.create_profile — Methodcreate_profile(name, role_arns)
create_profile(name, role_arns, params::Dict{String,<:Any})Creates a profile. A profile is configuration resource to list the roles that RolesAnywhere service is trusted to assume. In addition, by applying a profile you can intersect permissions with IAM managed policies. Required permissions: rolesanywhere:CreateProfile.
Arguments
name: The name of the profile.role_arns: A list of IAM roles that this profile can assume in a CreateSession operation.
Optional Parameters
Optional parameters can be passed as a params::Dict{String,<:Any}. Valid keys are:
"durationSeconds": The number of seconds the vended session credentials are valid for."enabled": Specifies whether the profile is enabled."managedPolicyArns": A list of managed policy ARNs that apply to the vended session credentials."requireInstanceProperties": Specifies whether instance properties are required in CreateSession requests with this profile."sessionPolicy": A session policy that applies to the trust boundary of the vended session credentials."tags": The tags to attach to the profile.
Main.Rolesanywhere.create_trust_anchor — Methodcreate_trust_anchor(name, source)
create_trust_anchor(name, source, params::Dict{String,<:Any})Creates a trust anchor. You establish trust between IAM Roles Anywhere and your certificate authority (CA) by configuring a trust anchor. A Trust Anchor is defined either as a reference to a AWS Certificate Manager Private Certificate Authority (ACM PCA), or by uploading a Certificate Authority (CA) certificate. Your AWS workloads can authenticate with the trust anchor using certificates issued by the trusted Certificate Authority (CA) in exchange for temporary AWS credentials. Required permissions: rolesanywhere:CreateTrustAnchor.
Arguments
name: The name of the trust anchor.source: The trust anchor type and its related certificate data.
Optional Parameters
Optional parameters can be passed as a params::Dict{String,<:Any}. Valid keys are:
"enabled": Specifies whether the trust anchor is enabled."tags": The tags to attach to the trust anchor.
Main.Rolesanywhere.delete_crl — Methoddelete_crl(crl_id)
delete_crl(crl_id, params::Dict{String,<:Any})Deletes a certificate revocation list (CRL). Required permissions: rolesanywhere:DeleteCrl.
Arguments
crl_id: The unique identifier of the certificate revocation list (CRL).
Main.Rolesanywhere.delete_profile — Methoddelete_profile(profile_id)
delete_profile(profile_id, params::Dict{String,<:Any})Deletes a profile. Required permissions: rolesanywhere:DeleteProfile.
Arguments
profile_id: The unique identifier of the profile.
Main.Rolesanywhere.delete_trust_anchor — Methoddelete_trust_anchor(trust_anchor_id)
delete_trust_anchor(trust_anchor_id, params::Dict{String,<:Any})Deletes a trust anchor. Required permissions: rolesanywhere:DeleteTrustAnchor.
Arguments
trust_anchor_id: The unique identifier of the trust anchor.
Main.Rolesanywhere.disable_crl — Methoddisable_crl(crl_id)
disable_crl(crl_id, params::Dict{String,<:Any})Disables a certificate revocation list (CRL). Required permissions: rolesanywhere:DisableCrl.
Arguments
crl_id: The unique identifier of the certificate revocation list (CRL).
Main.Rolesanywhere.disable_profile — Methoddisable_profile(profile_id)
disable_profile(profile_id, params::Dict{String,<:Any})Disables a profile. When disabled, CreateSession requests with this profile fail. Required permissions: rolesanywhere:DisableProfile.
Arguments
profile_id: The unique identifier of the profile.
Main.Rolesanywhere.disable_trust_anchor — Methoddisable_trust_anchor(trust_anchor_id)
disable_trust_anchor(trust_anchor_id, params::Dict{String,<:Any})Disables a trust anchor. When disabled, CreateSession requests specifying this trust anchor are unauthorized. Required permissions: rolesanywhere:DisableTrustAnchor.
Arguments
trust_anchor_id: The unique identifier of the trust anchor.
Main.Rolesanywhere.enable_crl — Methodenable_crl(crl_id)
enable_crl(crl_id, params::Dict{String,<:Any})Enables a certificate revocation list (CRL). When enabled, certificates stored in the CRL are unauthorized to receive session credentials. Required permissions: rolesanywhere:EnableCrl.
Arguments
crl_id: The unique identifier of the certificate revocation list (CRL).
Main.Rolesanywhere.enable_profile — Methodenable_profile(profile_id)
enable_profile(profile_id, params::Dict{String,<:Any})Enables the roles in a profile to receive session credentials in CreateSession. Required permissions: rolesanywhere:EnableProfile.
Arguments
profile_id: The unique identifier of the profile.
Main.Rolesanywhere.enable_trust_anchor — Methodenable_trust_anchor(trust_anchor_id)
enable_trust_anchor(trust_anchor_id, params::Dict{String,<:Any})Enables a trust anchor. When enabled, certificates in the trust anchor chain are authorized for trust validation. Required permissions: rolesanywhere:EnableTrustAnchor.
Arguments
trust_anchor_id: The unique identifier of the trust anchor.
Main.Rolesanywhere.get_crl — Methodget_crl(crl_id)
get_crl(crl_id, params::Dict{String,<:Any})Gets a certificate revocation list (CRL). Required permissions: rolesanywhere:GetCrl.
Arguments
crl_id: The unique identifier of the certificate revocation list (CRL).
Main.Rolesanywhere.get_profile — Methodget_profile(profile_id)
get_profile(profile_id, params::Dict{String,<:Any})Gets a profile. Required permissions: rolesanywhere:GetProfile.
Arguments
profile_id: The unique identifier of the profile.
Main.Rolesanywhere.get_subject — Methodget_subject(subject_id)
get_subject(subject_id, params::Dict{String,<:Any})Gets a Subject. A Subject associates a certificate identity with authentication attempts by CreateSession. The Subject resources stores audit information such as status of the last authentication attempt, the certificate data used in the attempt, and the last time the associated identity attempted authentication. Required permissions: rolesanywhere:GetSubject.
Arguments
subject_id: The unique identifier of the subject.
Main.Rolesanywhere.get_trust_anchor — Methodget_trust_anchor(trust_anchor_id)
get_trust_anchor(trust_anchor_id, params::Dict{String,<:Any})Gets a trust anchor. Required permissions: rolesanywhere:GetTrustAnchor.
Arguments
trust_anchor_id: The unique identifier of the trust anchor.
Main.Rolesanywhere.import_crl — Methodimport_crl(crl_data, name, trust_anchor_arn)
import_crl(crl_data, name, trust_anchor_arn, params::Dict{String,<:Any})Imports the certificate revocation list (CRL). CRl is a list of certificates that have been revoked by the issuing certificate Authority (CA). IAM Roles Anywhere validates against the crl list before issuing credentials. Required permissions: rolesanywhere:ImportCrl.
Arguments
crl_data: The x509 v3 specified certificate revocation listname: The name of the certificate revocation list (CRL).trust_anchor_arn: The ARN of the TrustAnchor the certificate revocation list (CRL) will provide revocation for.
Optional Parameters
Optional parameters can be passed as a params::Dict{String,<:Any}. Valid keys are:
"enabled": Specifies whether the certificate revocation list (CRL) is enabled."tags": A list of tags to attach to the certificate revocation list (CRL).
Main.Rolesanywhere.list_crls — Methodlist_crls()
list_crls(params::Dict{String,<:Any})Lists all Crls in the authenticated account and Amazon Web Services Region. Required permissions: rolesanywhere:ListCrls.
Optional Parameters
Optional parameters can be passed as a params::Dict{String,<:Any}. Valid keys are:
"nextToken": A token that indicates where the output should continue from, if a previous operation did not show all results. To get the next results, call the operation again with this value."pageSize": The number of resources in the paginated list.
Main.Rolesanywhere.list_profiles — Methodlist_profiles()
list_profiles(params::Dict{String,<:Any})Lists all profiles in the authenticated account and Amazon Web Services Region. Required permissions: rolesanywhere:ListProfiles.
Optional Parameters
Optional parameters can be passed as a params::Dict{String,<:Any}. Valid keys are:
"nextToken": A token that indicates where the output should continue from, if a previous operation did not show all results. To get the next results, call the operation again with this value."pageSize": The number of resources in the paginated list.
Main.Rolesanywhere.list_subjects — Methodlist_subjects()
list_subjects(params::Dict{String,<:Any})Lists the subjects in the authenticated account and Amazon Web Services Region. Required permissions: rolesanywhere:ListSubjects.
Optional Parameters
Optional parameters can be passed as a params::Dict{String,<:Any}. Valid keys are:
"nextToken": A token that indicates where the output should continue from, if a previous operation did not show all results. To get the next results, call the operation again with this value."pageSize": The number of resources in the paginated list.
Main.Rolesanywhere.list_tags_for_resource — Methodlist_tags_for_resource(resource_arn)
list_tags_for_resource(resource_arn, params::Dict{String,<:Any})Lists the tags attached to the resource. Required permissions: rolesanywhere:ListTagsForResource.
Arguments
resource_arn: The ARN of the resource.
Main.Rolesanywhere.list_trust_anchors — Methodlist_trust_anchors()
list_trust_anchors(params::Dict{String,<:Any})Lists the trust anchors in the authenticated account and Amazon Web Services Region. Required permissions: rolesanywhere:ListTrustAnchors.
Optional Parameters
Optional parameters can be passed as a params::Dict{String,<:Any}. Valid keys are:
"nextToken": A token that indicates where the output should continue from, if a previous operation did not show all results. To get the next results, call the operation again with this value."pageSize": The number of resources in the paginated list.
Main.Rolesanywhere.tag_resource — Methodtag_resource(resource_arn, tags)
tag_resource(resource_arn, tags, params::Dict{String,<:Any})Attaches tags to a resource. Required permissions: rolesanywhere:TagResource.
Arguments
resource_arn: The ARN of the resource.tags: The tags to attach to the resource.
Main.Rolesanywhere.untag_resource — Methoduntag_resource(resource_arn, tag_keys)
untag_resource(resource_arn, tag_keys, params::Dict{String,<:Any})Removes tags from the resource. Required permissions: rolesanywhere:UntagResource.
Arguments
resource_arn: The ARN of the resource.tag_keys: A list of keys. Tag keys are the unique identifiers of tags.
Main.Rolesanywhere.update_crl — Methodupdate_crl(crl_id)
update_crl(crl_id, params::Dict{String,<:Any})Updates the certificate revocation list (CRL). CRl is a list of certificates that have been revoked by the issuing certificate Authority (CA). IAM Roles Anywhere validates against the crl list before issuing credentials. Required permissions: rolesanywhere:UpdateCrl.
Arguments
crl_id: The unique identifier of the certificate revocation list (CRL).
Optional Parameters
Optional parameters can be passed as a params::Dict{String,<:Any}. Valid keys are:
"crlData": The x509 v3 specified certificate revocation list"name": The name of the Crl.
Main.Rolesanywhere.update_profile — Methodupdate_profile(profile_id)
update_profile(profile_id, params::Dict{String,<:Any})Updates the profile. A profile is configuration resource to list the roles that RolesAnywhere service is trusted to assume. In addition, by applying a profile you can scope-down permissions with IAM managed policies. Required permissions: rolesanywhere:UpdateProfile.
Arguments
profile_id: The unique identifier of the profile.
Optional Parameters
Optional parameters can be passed as a params::Dict{String,<:Any}. Valid keys are:
"durationSeconds": The number of seconds the vended session credentials are valid for."managedPolicyArns": A list of managed policy ARNs that apply to the vended session credentials."name": The name of the profile."roleArns": A list of IAM roles that this profile can assume in a CreateSession operation."sessionPolicy": A session policy that applies to the trust boundary of the vended session credentials.
Main.Rolesanywhere.update_trust_anchor — Methodupdate_trust_anchor(trust_anchor_id)
update_trust_anchor(trust_anchor_id, params::Dict{String,<:Any})Updates the trust anchor.You establish trust between IAM Roles Anywhere and your certificate authority (CA) by configuring a trust anchor. A Trust Anchor is defined either as a reference to a AWS Certificate Manager Private Certificate Authority (ACM PCA), or by uploading a Certificate Authority (CA) certificate. Your AWS workloads can authenticate with the trust anchor using certificates issued by the trusted Certificate Authority (CA) in exchange for temporary AWS credentials. Required permissions: rolesanywhere:UpdateTrustAnchor.
Arguments
trust_anchor_id: The unique identifier of the trust anchor.
Optional Parameters
Optional parameters can be passed as a params::Dict{String,<:Any}. Valid keys are:
"name": The name of the trust anchor."source": The trust anchor type and its related certificate data.