AWS Identity and Access Management

2024/11/14 - AWS Identity and Access Management - 5 new api methods

Changes  This release includes support for five new APIs and changes to existing APIs that give AWS Organizations customers the ability to use temporary root credentials, targeted to member accounts in the organization.

ListOrganizationsFeatures (new) Link ¶

Lists the centralized root access features enabled for your organization. For more information, see Centrally manage root access for member accounts.

See also: AWS API Documentation

Request Syntax

client.list_organizations_features()
rtype:

dict

returns:

Response Syntax

{
    'OrganizationId': 'string',
    'EnabledFeatures': [
        'RootCredentialsManagement'|'RootSessions',
    ]
}

Response Structure

  • (dict) --

    • OrganizationId (string) --

      The unique identifier (ID) of an organization.

    • EnabledFeatures (list) --

      Specifies the features that are currently available in your organization.

      • (string) --

EnableOrganizationsRootSessions (new) Link ¶

Allows the management account or delegated administrator to perform privileged tasks on member accounts in your organization. For more information, see Centrally manage root access for member accounts in the Identity and Access Management User Guide.

Before you enable this feature, you must have an account configured with the following settings:

  • You must manage your Amazon Web Services accounts in Organizations.

  • Enable trusted access for Identity and Access Management in Organizations. For details, see IAM and Organizations in the Organizations User Guide.

See also: AWS API Documentation

Request Syntax

client.enable_organizations_root_sessions()
rtype:

dict

returns:

Response Syntax

{
    'OrganizationId': 'string',
    'EnabledFeatures': [
        'RootCredentialsManagement'|'RootSessions',
    ]
}

Response Structure

  • (dict) --

    • OrganizationId (string) --

      The unique identifier (ID) of an organization.

    • EnabledFeatures (list) --

      The features you have enabled for centralized root access.

      • (string) --

EnableOrganizationsRootCredentialsManagement (new) Link ¶

Enables the management of privileged root user credentials across member accounts in your organization. When you enable root credentials management for centralized root access, the management account and the delegated admininstrator for IAM can manage root user credentials for member accounts in your organization.

Before you enable centralized root access, you must have an account configured with the following settings:

  • You must manage your Amazon Web Services accounts in Organizations.

  • Enable trusted access for Identity and Access Management in Organizations. For details, see IAM and Organizations in the Organizations User Guide.

See also: AWS API Documentation

Request Syntax

client.enable_organizations_root_credentials_management()
rtype:

dict

returns:

Response Syntax

{
    'OrganizationId': 'string',
    'EnabledFeatures': [
        'RootCredentialsManagement'|'RootSessions',
    ]
}

Response Structure

  • (dict) --

    • OrganizationId (string) --

      The unique identifier (ID) of an organization.

    • EnabledFeatures (list) --

      The features you have enabled for centralized root access.

      • (string) --

DisableOrganizationsRootSessions (new) Link ¶

Disables root user sessions for privileged tasks across member accounts in your organization. When you disable this feature, the management account and the delegated admininstrator for IAM can no longer perform privileged tasks on member accounts in your organization.

See also: AWS API Documentation

Request Syntax

client.disable_organizations_root_sessions()
rtype:

dict

returns:

Response Syntax

{
    'OrganizationId': 'string',
    'EnabledFeatures': [
        'RootCredentialsManagement'|'RootSessions',
    ]
}

Response Structure

  • (dict) --

    • OrganizationId (string) --

      The unique identifier (ID) of an organization.

    • EnabledFeatures (list) --

      The features you have enabled for centralized root access of member accounts in your organization.

      • (string) --

DisableOrganizationsRootCredentialsManagement (new) Link ¶

Disables the management of privileged root user credentials across member accounts in your organization. When you disable this feature, the management account and the delegated admininstrator for IAM can no longer manage root user credentials for member accounts in your organization.

See also: AWS API Documentation

Request Syntax

client.disable_organizations_root_credentials_management()
rtype:

dict

returns:

Response Syntax

{
    'OrganizationId': 'string',
    'EnabledFeatures': [
        'RootCredentialsManagement'|'RootSessions',
    ]
}

Response Structure

  • (dict) --

    • OrganizationId (string) --

      The unique identifier (ID) of an organization.

    • EnabledFeatures (list) --

      The features enabled for centralized root access for member accounts in your organization.

      • (string) --