2016/12/22 - AWS Identity and Access Management - 5 new api methods
Changes Adds service-specific credentials to IAM service to make it easier to onboard CodeCommit customers. These are username/password credentials that work with a single service.
Sets the status of a service-specific credential to Active or Inactive . Service-specific credentials that are inactive cannot be used for authentication to the service. This action can be used to disable a user’s service-specific credential as part of a credential rotation work flow.
See also: AWS API Documentation
Request Syntax
client.update_service_specific_credential(
UserName='string',
ServiceSpecificCredentialId='string',
Status='Active'|'Inactive'
)
string
The name of the IAM user associated with the service-specific credential. If you do not specify this value, then the operation assumes the user whose credentials are used to call the operation.
This parameter allows (per its regex pattern ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
string
[REQUIRED]
The unique identifier of the service-specific credential.
This parameter allows (per its regex pattern ) a string of characters that can consist of any upper or lowercased letter or digit.
string
[REQUIRED]
The status to be assigned to the service-specific credential.
None
Resets the password for a service-specific credential. The new password is AWS generated and cryptographically strong. It cannot be configured by the user. Resetting the password immediately invalidates the previous password associated with this user.
See also: AWS API Documentation
Request Syntax
client.reset_service_specific_credential(
UserName='string',
ServiceSpecificCredentialId='string'
)
string
The name of the IAM user associated with the service-specific credential. If this value is not specified, then the operation assumes the user whose credentials are used to call the operation.
This parameter allows (per its regex pattern ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
string
[REQUIRED]
The unique identifier of the service-specific credential.
This parameter allows (per its regex pattern ) a string of characters that can consist of any upper or lowercased letter or digit.
dict
Response Syntax
{
'ServiceSpecificCredential': {
'CreateDate': datetime(2015, 1, 1),
'ServiceName': 'string',
'ServiceUserName': 'string',
'ServicePassword': 'string',
'ServiceSpecificCredentialId': 'string',
'UserName': 'string',
'Status': 'Active'|'Inactive'
}
}
Response Structure
(dict) --
ServiceSpecificCredential (dict) --
A structure with details about the updated service-specific credential, including the new password.
Warning
This is the only time that you can access the password. You cannot recover the password later, but you can reset it again.
CreateDate (datetime) --
The date and time, in ISO 8601 date-time format, when the service-specific credential were created.
ServiceName (string) --
The name of the service associated with the service-specific credential.
ServiceUserName (string) --
The generated user name for the service-specific credential. This value is generated by combining the IAM user's name combined with the ID number of the AWS account, as in jane-at-123456789012 , for example. This value cannot be configured by the user.
ServicePassword (string) --
The generated password for the service-specific credential.
ServiceSpecificCredentialId (string) --
The unique identifier for the service-specific credential.
UserName (string) --
The name of the IAM user associated with the service-specific credential.
Status (string) --
The status of the service-specific credential. Active means the key is valid for API calls, while Inactive means it is not.
Returns information about the service-specific credentials associated with the specified IAM user. If there are none, the action returns an empty list. The service-specific credentials returned by this action are used only for authenticating the IAM user to a specific service. For more information about using service-specific credentials to authenticate to an AWS service, see Set Up service-specific credentials in the AWS CodeCommit User Guide.
See also: AWS API Documentation
Request Syntax
client.list_service_specific_credentials(
UserName='string',
ServiceName='string'
)
string
The name of the user whose service-specific credentials you want information about. If this value is not specified then the operation assumes the user whose credentials are used to call the operation.
This parameter allows (per its regex pattern ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
string
Filters the returned results to only those for the specified AWS service. If not specified, then AWS returns service-specific credentials for all services.
dict
Response Syntax
{
'ServiceSpecificCredentials': [
{
'UserName': 'string',
'Status': 'Active'|'Inactive',
'ServiceUserName': 'string',
'CreateDate': datetime(2015, 1, 1),
'ServiceSpecificCredentialId': 'string',
'ServiceName': 'string'
},
]
}
Response Structure
(dict) --
ServiceSpecificCredentials (list) --
A list of structures that each contain details about a service-specific credential.
(dict) --
Contains additional details about a service-specific credential.
UserName (string) --
The name of the IAM user associated with the service-specific credential.
Status (string) --
The status of the service-specific credential. Active means the key is valid for API calls, while Inactive means it is not.
ServiceUserName (string) --
The generated user name for the service-specific credential.
CreateDate (datetime) --
The date and time, in ISO 8601 date-time format, when the service-specific credential were created.
ServiceSpecificCredentialId (string) --
The unique identifier for the service-specific credential.
ServiceName (string) --
The name of the service associated with the service-specific credential.
Generates a set of credentials consisting of a user name and password that can be used to access the service specified in the request. These credentials are generated by IAM, and can be used only for the specified service.
You can have a maximum of two sets of service-specific credentials for each supported service per user.
The only supported service at this time is AWS CodeCommit.
You can reset the password to a new service-generated value by calling ResetServiceSpecificCredential.
For more information about service-specific credentials, see Using IAM with AWS CodeCommit: Git Credentials, SSH Keys, and AWS Access Keys in the IAM User Guide .
See also: AWS API Documentation
Request Syntax
client.create_service_specific_credential(
UserName='string',
ServiceName='string'
)
string
[REQUIRED]
The name of the IAM user that is to be associated with the credentials. The new service-specific credentials have the same permissions as the associated user except that they can be used only to access the specified service.
This parameter allows (per its regex pattern ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
string
[REQUIRED]
The name of the AWS service that is to be associated with the credentials. The service you specify here is the only service that can be accessed using these credentials.
dict
Response Syntax
{
'ServiceSpecificCredential': {
'CreateDate': datetime(2015, 1, 1),
'ServiceName': 'string',
'ServiceUserName': 'string',
'ServicePassword': 'string',
'ServiceSpecificCredentialId': 'string',
'UserName': 'string',
'Status': 'Active'|'Inactive'
}
}
Response Structure
(dict) --
ServiceSpecificCredential (dict) --
A structure that contains information about the newly created service-specific credential.
Warning
This is the only time that the password for this credential set is available. It cannot be recovered later. Instead, you will have to reset the password with ResetServiceSpecificCredential.
CreateDate (datetime) --
The date and time, in ISO 8601 date-time format, when the service-specific credential were created.
ServiceName (string) --
The name of the service associated with the service-specific credential.
ServiceUserName (string) --
The generated user name for the service-specific credential. This value is generated by combining the IAM user's name combined with the ID number of the AWS account, as in jane-at-123456789012 , for example. This value cannot be configured by the user.
ServicePassword (string) --
The generated password for the service-specific credential.
ServiceSpecificCredentialId (string) --
The unique identifier for the service-specific credential.
UserName (string) --
The name of the IAM user associated with the service-specific credential.
Status (string) --
The status of the service-specific credential. Active means the key is valid for API calls, while Inactive means it is not.
Deletes the specified service-specific credential.
See also: AWS API Documentation
Request Syntax
client.delete_service_specific_credential(
UserName='string',
ServiceSpecificCredentialId='string'
)
string
The name of the IAM user associated with the service-specific credential. If this value is not specified, then the operation assumes the user whose credentials are used to call the operation.
This parameter allows (per its regex pattern ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
string
[REQUIRED]
The unique identifier of the service-specific credential. You can get this value by calling ListServiceSpecificCredentials.
This parameter allows (per its regex pattern ) a string of characters that can consist of any upper or lowercased letter or digit.
None