IAM Roles Anywhere

{'acceptRoleSessionName': 'boolean'}

{'profile': {'acceptRoleSessionName': 'boolean'}}

Creates a profile, a list of the roles that Roles Anywhere service is trusted to assume. You use profiles to intersect permissions with IAM managed policies.

Required permissions: rolesanywhere:CreateProfile.

See also: AWS API Documentation

Request Syntax

client.create_profile(
    acceptRoleSessionName=True|False,
    durationSeconds=123,
    enabled=True|False,
    managedPolicyArns=[
        'string',
    ],
    name='string',
    requireInstanceProperties=True|False,
    roleArns=[
        'string',
    ],
    sessionPolicy='string',
    tags=[
        {
            'key': 'string',
            'value': 'string'
        },
    ]
)

type acceptRoleSessionName:

boolean

param acceptRoleSessionName:

Used to determine if a custom role session name will be accepted in a temporary credential request.

type durationSeconds:

integer

param durationSeconds:

Used to determine how long sessions vended using this profile are valid for. See the Expiration section of the CreateSession API documentation page for more details. In requests, if this value is not provided, the default value will be 3600.

type enabled:

boolean

param enabled:

Specifies whether the profile is enabled.

type managedPolicyArns:

list

param managedPolicyArns:

A list of managed policy ARNs that apply to the vended session credentials.

• (string) --

type name:

string

param name:

[REQUIRED]

The name of the profile.

type requireInstanceProperties:

boolean

param requireInstanceProperties:

Specifies whether instance properties are required in temporary credential requests with this profile.

type roleArns:

list

param roleArns:

[REQUIRED]

A list of IAM roles that this profile can assume in a temporary credential request.

• (string) --

type sessionPolicy:

string

param sessionPolicy:

A session policy that applies to the trust boundary of the vended session credentials.

type tags:

list

param tags:

The tags to attach to the profile.

• (dict) --

  A label that consists of a key and value you define.

  • key (string) -- [REQUIRED]

    The tag key.

  • value (string) -- [REQUIRED]

    The tag value.

rtype:

dict

returns:

Response Syntax

{
    'profile': {
        'acceptRoleSessionName': True|False,
        'attributeMappings': [
            {
                'certificateField': 'x509Subject'|'x509Issuer'|'x509SAN',
                'mappingRules': [
                    {
                        'specifier': 'string'
                    },
                ]
            },
        ],
        'createdAt': datetime(2015, 1, 1),
        'createdBy': 'string',
        'durationSeconds': 123,
        'enabled': True|False,
        'managedPolicyArns': [
            'string',
        ],
        'name': 'string',
        'profileArn': 'string',
        'profileId': 'string',
        'requireInstanceProperties': True|False,
        'roleArns': [
            'string',
        ],
        'sessionPolicy': 'string',
        'updatedAt': datetime(2015, 1, 1)
    }
}

Response Structure

• (dict) --

  • profile (dict) --

    The state of the profile after a read or write operation.

    • acceptRoleSessionName (boolean) --

      Used to determine if a custom role session name will be accepted in a temporary credential request.

    • attributeMappings (list) --

      A mapping applied to the authenticating end-entity certificate.

      • (dict) --

        A mapping applied to the authenticating end-entity certificate.

        • certificateField (string) --

          Fields (x509Subject, x509Issuer and x509SAN) within X.509 certificates.

        • mappingRules (list) --

          A list of mapping entries for every supported specifier or sub-field.

          • (dict) --

            A single mapping entry for each supported specifier or sub-field.

            • specifier (string) --

              Specifier within a certificate field, such as CN, OU, or UID from the Subject field.

    • createdAt (datetime) --

      The ISO-8601 timestamp when the profile was created.

    • createdBy (string) --

      The Amazon Web Services account that created the profile.

    • durationSeconds (integer) --

      Used to determine how long sessions vended using this profile are valid for. See the Expiration section of the CreateSession API documentation page for more details. In requests, if this value is not provided, the default value will be 3600.

    • enabled (boolean) --

      Indicates whether the profile is enabled.

    • managedPolicyArns (list) --

      A list of managed policy ARNs that apply to the vended session credentials.

      • (string) --

    • name (string) --

      The name of the profile.

    • profileArn (string) --

      The ARN of the profile.

    • profileId (string) --

      The unique identifier of the profile.

    • requireInstanceProperties (boolean) --

      Specifies whether instance properties are required in temporary credential requests with this profile.

    • roleArns (list) --

      A list of IAM roles that this profile can assume in a temporary credential request.

      • (string) --

    • sessionPolicy (string) --

      A session policy that applies to the trust boundary of the vended session credentials.

    • updatedAt (datetime) --

      The ISO-8601 timestamp when the profile was last updated.

{'profile': {'acceptRoleSessionName': 'boolean'}}

Delete an entry from the attribute mapping rules enforced by a given profile.

See also: AWS API Documentation

Request Syntax

client.delete_attribute_mapping(
    certificateField='x509Subject'|'x509Issuer'|'x509SAN',
    profileId='string',
    specifiers=[
        'string',
    ]
)

type certificateField:

string

param certificateField:

[REQUIRED]

Fields (x509Subject, x509Issuer and x509SAN) within X.509 certificates.

type profileId:

string

param profileId:

[REQUIRED]

The unique identifier of the profile.

type specifiers:

list

param specifiers:

A list of specifiers of a certificate field; for example, CN, OU, UID from a Subject.

• (string) --

rtype:

dict

returns:

Response Syntax

{
    'profile': {
        'acceptRoleSessionName': True|False,
        'attributeMappings': [
            {
                'certificateField': 'x509Subject'|'x509Issuer'|'x509SAN',
                'mappingRules': [
                    {
                        'specifier': 'string'
                    },
                ]
            },
        ],
        'createdAt': datetime(2015, 1, 1),
        'createdBy': 'string',
        'durationSeconds': 123,
        'enabled': True|False,
        'managedPolicyArns': [
            'string',
        ],
        'name': 'string',
        'profileArn': 'string',
        'profileId': 'string',
        'requireInstanceProperties': True|False,
        'roleArns': [
            'string',
        ],
        'sessionPolicy': 'string',
        'updatedAt': datetime(2015, 1, 1)
    }
}

Response Structure

• (dict) --

  • profile (dict) --

    The state of the profile after a read or write operation.

    • acceptRoleSessionName (boolean) --

      Used to determine if a custom role session name will be accepted in a temporary credential request.

    • attributeMappings (list) --

      A mapping applied to the authenticating end-entity certificate.

      • (dict) --

        A mapping applied to the authenticating end-entity certificate.

        • certificateField (string) --

          Fields (x509Subject, x509Issuer and x509SAN) within X.509 certificates.

        • mappingRules (list) --

          A list of mapping entries for every supported specifier or sub-field.

          • (dict) --

            A single mapping entry for each supported specifier or sub-field.

            • specifier (string) --

              Specifier within a certificate field, such as CN, OU, or UID from the Subject field.

    • createdAt (datetime) --

      The ISO-8601 timestamp when the profile was created.

    • createdBy (string) --

      The Amazon Web Services account that created the profile.

    • durationSeconds (integer) --

      Used to determine how long sessions vended using this profile are valid for. See the Expiration section of the CreateSession API documentation page for more details. In requests, if this value is not provided, the default value will be 3600.

    • enabled (boolean) --

      Indicates whether the profile is enabled.

    • managedPolicyArns (list) --

      A list of managed policy ARNs that apply to the vended session credentials.

      • (string) --

    • name (string) --

      The name of the profile.

    • profileArn (string) --

      The ARN of the profile.

    • profileId (string) --

      The unique identifier of the profile.

    • requireInstanceProperties (boolean) --

      Specifies whether instance properties are required in temporary credential requests with this profile.

    • roleArns (list) --

      A list of IAM roles that this profile can assume in a temporary credential request.

      • (string) --

    • sessionPolicy (string) --

      A session policy that applies to the trust boundary of the vended session credentials.

    • updatedAt (datetime) --

      The ISO-8601 timestamp when the profile was last updated.

{'profile': {'acceptRoleSessionName': 'boolean'}}

Deletes a profile.

Required permissions: rolesanywhere:DeleteProfile.

See also: AWS API Documentation

Request Syntax

client.delete_profile(
    profileId='string'
)

type profileId:

string

param profileId:

[REQUIRED]

The unique identifier of the profile.

rtype:

dict

returns:

Response Syntax

{
    'profile': {
        'acceptRoleSessionName': True|False,
        'attributeMappings': [
            {
                'certificateField': 'x509Subject'|'x509Issuer'|'x509SAN',
                'mappingRules': [
                    {
                        'specifier': 'string'
                    },
                ]
            },
        ],
        'createdAt': datetime(2015, 1, 1),
        'createdBy': 'string',
        'durationSeconds': 123,
        'enabled': True|False,
        'managedPolicyArns': [
            'string',
        ],
        'name': 'string',
        'profileArn': 'string',
        'profileId': 'string',
        'requireInstanceProperties': True|False,
        'roleArns': [
            'string',
        ],
        'sessionPolicy': 'string',
        'updatedAt': datetime(2015, 1, 1)
    }
}

Response Structure

• (dict) --

  • profile (dict) --

    The state of the profile after a read or write operation.

    • acceptRoleSessionName (boolean) --

      Used to determine if a custom role session name will be accepted in a temporary credential request.

    • attributeMappings (list) --

      A mapping applied to the authenticating end-entity certificate.

      • (dict) --

        A mapping applied to the authenticating end-entity certificate.

        • certificateField (string) --

          Fields (x509Subject, x509Issuer and x509SAN) within X.509 certificates.

        • mappingRules (list) --

          A list of mapping entries for every supported specifier or sub-field.

          • (dict) --

            A single mapping entry for each supported specifier or sub-field.

            • specifier (string) --

              Specifier within a certificate field, such as CN, OU, or UID from the Subject field.

    • createdAt (datetime) --

      The ISO-8601 timestamp when the profile was created.

    • createdBy (string) --

      The Amazon Web Services account that created the profile.

    • durationSeconds (integer) --

      Used to determine how long sessions vended using this profile are valid for. See the Expiration section of the CreateSession API documentation page for more details. In requests, if this value is not provided, the default value will be 3600.

    • enabled (boolean) --

      Indicates whether the profile is enabled.

    • managedPolicyArns (list) --

      A list of managed policy ARNs that apply to the vended session credentials.

      • (string) --

    • name (string) --

      The name of the profile.

    • profileArn (string) --

      The ARN of the profile.

    • profileId (string) --

      The unique identifier of the profile.

    • requireInstanceProperties (boolean) --

      Specifies whether instance properties are required in temporary credential requests with this profile.

    • roleArns (list) --

      A list of IAM roles that this profile can assume in a temporary credential request.

      • (string) --

    • sessionPolicy (string) --

      A session policy that applies to the trust boundary of the vended session credentials.

    • updatedAt (datetime) --

      The ISO-8601 timestamp when the profile was last updated.

{'profile': {'acceptRoleSessionName': 'boolean'}}

Disables a profile. When disabled, temporary credential requests with this profile fail.

Required permissions: rolesanywhere:DisableProfile.

See also: AWS API Documentation

Request Syntax

client.disable_profile(
    profileId='string'
)

type profileId:

string

param profileId:

[REQUIRED]

The unique identifier of the profile.

rtype:

dict

returns:

Response Syntax

{
    'profile': {
        'acceptRoleSessionName': True|False,
        'attributeMappings': [
            {
                'certificateField': 'x509Subject'|'x509Issuer'|'x509SAN',
                'mappingRules': [
                    {
                        'specifier': 'string'
                    },
                ]
            },
        ],
        'createdAt': datetime(2015, 1, 1),
        'createdBy': 'string',
        'durationSeconds': 123,
        'enabled': True|False,
        'managedPolicyArns': [
            'string',
        ],
        'name': 'string',
        'profileArn': 'string',
        'profileId': 'string',
        'requireInstanceProperties': True|False,
        'roleArns': [
            'string',
        ],
        'sessionPolicy': 'string',
        'updatedAt': datetime(2015, 1, 1)
    }
}

Response Structure

• (dict) --

  • profile (dict) --

    The state of the profile after a read or write operation.

    • acceptRoleSessionName (boolean) --

      Used to determine if a custom role session name will be accepted in a temporary credential request.

    • attributeMappings (list) --

      A mapping applied to the authenticating end-entity certificate.

      • (dict) --

        A mapping applied to the authenticating end-entity certificate.

        • certificateField (string) --

          Fields (x509Subject, x509Issuer and x509SAN) within X.509 certificates.

        • mappingRules (list) --

          A list of mapping entries for every supported specifier or sub-field.

          • (dict) --

            A single mapping entry for each supported specifier or sub-field.

            • specifier (string) --

              Specifier within a certificate field, such as CN, OU, or UID from the Subject field.

    • createdAt (datetime) --

      The ISO-8601 timestamp when the profile was created.

    • createdBy (string) --

      The Amazon Web Services account that created the profile.

    • durationSeconds (integer) --

      Used to determine how long sessions vended using this profile are valid for. See the Expiration section of the CreateSession API documentation page for more details. In requests, if this value is not provided, the default value will be 3600.

    • enabled (boolean) --

      Indicates whether the profile is enabled.

    • managedPolicyArns (list) --

      A list of managed policy ARNs that apply to the vended session credentials.

      • (string) --

    • name (string) --

      The name of the profile.

    • profileArn (string) --

      The ARN of the profile.

    • profileId (string) --

      The unique identifier of the profile.

    • requireInstanceProperties (boolean) --

      Specifies whether instance properties are required in temporary credential requests with this profile.

    • roleArns (list) --

      A list of IAM roles that this profile can assume in a temporary credential request.

      • (string) --

    • sessionPolicy (string) --

      A session policy that applies to the trust boundary of the vended session credentials.

    • updatedAt (datetime) --

      The ISO-8601 timestamp when the profile was last updated.

{'profile': {'acceptRoleSessionName': 'boolean'}}

Enables temporary credential requests for a profile.

Required permissions: rolesanywhere:EnableProfile.

See also: AWS API Documentation

Request Syntax

client.enable_profile(
    profileId='string'
)

type profileId:

string

param profileId:

[REQUIRED]

The unique identifier of the profile.

rtype:

dict

returns:

Response Syntax

{
    'profile': {
        'acceptRoleSessionName': True|False,
        'attributeMappings': [
            {
                'certificateField': 'x509Subject'|'x509Issuer'|'x509SAN',
                'mappingRules': [
                    {
                        'specifier': 'string'
                    },
                ]
            },
        ],
        'createdAt': datetime(2015, 1, 1),
        'createdBy': 'string',
        'durationSeconds': 123,
        'enabled': True|False,
        'managedPolicyArns': [
            'string',
        ],
        'name': 'string',
        'profileArn': 'string',
        'profileId': 'string',
        'requireInstanceProperties': True|False,
        'roleArns': [
            'string',
        ],
        'sessionPolicy': 'string',
        'updatedAt': datetime(2015, 1, 1)
    }
}

Response Structure

• (dict) --

  • profile (dict) --

    The state of the profile after a read or write operation.

    • acceptRoleSessionName (boolean) --

      Used to determine if a custom role session name will be accepted in a temporary credential request.

    • attributeMappings (list) --

      A mapping applied to the authenticating end-entity certificate.

      • (dict) --

        A mapping applied to the authenticating end-entity certificate.

        • certificateField (string) --

          Fields (x509Subject, x509Issuer and x509SAN) within X.509 certificates.

        • mappingRules (list) --

          A list of mapping entries for every supported specifier or sub-field.

          • (dict) --

            A single mapping entry for each supported specifier or sub-field.

            • specifier (string) --

              Specifier within a certificate field, such as CN, OU, or UID from the Subject field.

    • createdAt (datetime) --

      The ISO-8601 timestamp when the profile was created.

    • createdBy (string) --

      The Amazon Web Services account that created the profile.

    • durationSeconds (integer) --

      Used to determine how long sessions vended using this profile are valid for. See the Expiration section of the CreateSession API documentation page for more details. In requests, if this value is not provided, the default value will be 3600.

    • enabled (boolean) --

      Indicates whether the profile is enabled.

    • managedPolicyArns (list) --

      A list of managed policy ARNs that apply to the vended session credentials.

      • (string) --

    • name (string) --

      The name of the profile.

    • profileArn (string) --

      The ARN of the profile.

    • profileId (string) --

      The unique identifier of the profile.

    • requireInstanceProperties (boolean) --

      Specifies whether instance properties are required in temporary credential requests with this profile.

    • roleArns (list) --

      A list of IAM roles that this profile can assume in a temporary credential request.

      • (string) --

    • sessionPolicy (string) --

      A session policy that applies to the trust boundary of the vended session credentials.

    • updatedAt (datetime) --

      The ISO-8601 timestamp when the profile was last updated.

{'profile': {'acceptRoleSessionName': 'boolean'}}

Gets a profile.

Required permissions: rolesanywhere:GetProfile.

See also: AWS API Documentation

Request Syntax

client.get_profile(
    profileId='string'
)

type profileId:

string

param profileId:

[REQUIRED]

The unique identifier of the profile.

rtype:

dict

returns:

Response Syntax

{
    'profile': {
        'acceptRoleSessionName': True|False,
        'attributeMappings': [
            {
                'certificateField': 'x509Subject'|'x509Issuer'|'x509SAN',
                'mappingRules': [
                    {
                        'specifier': 'string'
                    },
                ]
            },
        ],
        'createdAt': datetime(2015, 1, 1),
        'createdBy': 'string',
        'durationSeconds': 123,
        'enabled': True|False,
        'managedPolicyArns': [
            'string',
        ],
        'name': 'string',
        'profileArn': 'string',
        'profileId': 'string',
        'requireInstanceProperties': True|False,
        'roleArns': [
            'string',
        ],
        'sessionPolicy': 'string',
        'updatedAt': datetime(2015, 1, 1)
    }
}

Response Structure

• (dict) --

  • profile (dict) --

    The state of the profile after a read or write operation.

    • acceptRoleSessionName (boolean) --

      Used to determine if a custom role session name will be accepted in a temporary credential request.

    • attributeMappings (list) --

      A mapping applied to the authenticating end-entity certificate.

      • (dict) --

        A mapping applied to the authenticating end-entity certificate.

        • certificateField (string) --

          Fields (x509Subject, x509Issuer and x509SAN) within X.509 certificates.

        • mappingRules (list) --

          A list of mapping entries for every supported specifier or sub-field.

          • (dict) --

            A single mapping entry for each supported specifier or sub-field.

            • specifier (string) --

              Specifier within a certificate field, such as CN, OU, or UID from the Subject field.

    • createdAt (datetime) --

      The ISO-8601 timestamp when the profile was created.

    • createdBy (string) --

      The Amazon Web Services account that created the profile.

    • durationSeconds (integer) --

      Used to determine how long sessions vended using this profile are valid for. See the Expiration section of the CreateSession API documentation page for more details. In requests, if this value is not provided, the default value will be 3600.

    • enabled (boolean) --

      Indicates whether the profile is enabled.

    • managedPolicyArns (list) --

      A list of managed policy ARNs that apply to the vended session credentials.

      • (string) --

    • name (string) --

      The name of the profile.

    • profileArn (string) --

      The ARN of the profile.

    • profileId (string) --

      The unique identifier of the profile.

    • requireInstanceProperties (boolean) --

      Specifies whether instance properties are required in temporary credential requests with this profile.

    • roleArns (list) --

      A list of IAM roles that this profile can assume in a temporary credential request.

      • (string) --

    • sessionPolicy (string) --

      A session policy that applies to the trust boundary of the vended session credentials.

    • updatedAt (datetime) --

      The ISO-8601 timestamp when the profile was last updated.

{'profiles': {'acceptRoleSessionName': 'boolean'}}

Lists all profiles in the authenticated account and Amazon Web Services Region.

Required permissions: rolesanywhere:ListProfiles.

See also: AWS API Documentation

Request Syntax

client.list_profiles(
    nextToken='string',
    pageSize=123
)

type nextToken:

string

param nextToken:

A token that indicates where the output should continue from, if a previous request did not show all results. To get the next results, make the request again with this value.

type pageSize:

integer

param pageSize:

The number of resources in the paginated list.

rtype:

dict

returns:

Response Syntax

{
    'nextToken': 'string',
    'profiles': [
        {
            'acceptRoleSessionName': True|False,
            'attributeMappings': [
                {
                    'certificateField': 'x509Subject'|'x509Issuer'|'x509SAN',
                    'mappingRules': [
                        {
                            'specifier': 'string'
                        },
                    ]
                },
            ],
            'createdAt': datetime(2015, 1, 1),
            'createdBy': 'string',
            'durationSeconds': 123,
            'enabled': True|False,
            'managedPolicyArns': [
                'string',
            ],
            'name': 'string',
            'profileArn': 'string',
            'profileId': 'string',
            'requireInstanceProperties': True|False,
            'roleArns': [
                'string',
            ],
            'sessionPolicy': 'string',
            'updatedAt': datetime(2015, 1, 1)
        },
    ]
}

Response Structure

• (dict) --

  • nextToken (string) --

    A token that indicates where the output should continue from, if a previous request did not show all results. To get the next results, make the request again with this value.

  • profiles (list) --

    A list of profiles.

    • (dict) --

      The state of the profile after a read or write operation.

      • acceptRoleSessionName (boolean) --

        Used to determine if a custom role session name will be accepted in a temporary credential request.

      • attributeMappings (list) --

        A mapping applied to the authenticating end-entity certificate.

        • (dict) --

          A mapping applied to the authenticating end-entity certificate.

          • certificateField (string) --

            Fields (x509Subject, x509Issuer and x509SAN) within X.509 certificates.

          • mappingRules (list) --

            A list of mapping entries for every supported specifier or sub-field.

            • (dict) --

              A single mapping entry for each supported specifier or sub-field.

              • specifier (string) --

                Specifier within a certificate field, such as CN, OU, or UID from the Subject field.

      • createdAt (datetime) --

        The ISO-8601 timestamp when the profile was created.

      • createdBy (string) --

        The Amazon Web Services account that created the profile.

      • durationSeconds (integer) --

        Used to determine how long sessions vended using this profile are valid for. See the Expiration section of the CreateSession API documentation page for more details. In requests, if this value is not provided, the default value will be 3600.

      • enabled (boolean) --

        Indicates whether the profile is enabled.

      • managedPolicyArns (list) --

        A list of managed policy ARNs that apply to the vended session credentials.

        • (string) --

      • name (string) --

        The name of the profile.

      • profileArn (string) --

        The ARN of the profile.

      • profileId (string) --

        The unique identifier of the profile.

      • requireInstanceProperties (boolean) --

        Specifies whether instance properties are required in temporary credential requests with this profile.

      • roleArns (list) --

        A list of IAM roles that this profile can assume in a temporary credential request.

        • (string) --

      • sessionPolicy (string) --

        A session policy that applies to the trust boundary of the vended session credentials.

      • updatedAt (datetime) --

        The ISO-8601 timestamp when the profile was last updated.

{'profile': {'acceptRoleSessionName': 'boolean'}}

Put an entry in the attribute mapping rules that will be enforced by a given profile. A mapping specifies a certificate field and one or more specifiers that have contextual meanings.

See also: AWS API Documentation

Request Syntax

client.put_attribute_mapping(
    certificateField='x509Subject'|'x509Issuer'|'x509SAN',
    mappingRules=[
        {
            'specifier': 'string'
        },
    ],
    profileId='string'
)

type certificateField:

string

param certificateField:

[REQUIRED]

Fields (x509Subject, x509Issuer and x509SAN) within X.509 certificates.

type mappingRules:

list

param mappingRules:

[REQUIRED]

A list of mapping entries for every supported specifier or sub-field.

• (dict) --

  A single mapping entry for each supported specifier or sub-field.

  • specifier (string) -- [REQUIRED]

    Specifier within a certificate field, such as CN, OU, or UID from the Subject field.

type profileId:

string

param profileId:

[REQUIRED]

The unique identifier of the profile.

rtype:

dict

returns:

Response Syntax

{
    'profile': {
        'acceptRoleSessionName': True|False,
        'attributeMappings': [
            {
                'certificateField': 'x509Subject'|'x509Issuer'|'x509SAN',
                'mappingRules': [
                    {
                        'specifier': 'string'
                    },
                ]
            },
        ],
        'createdAt': datetime(2015, 1, 1),
        'createdBy': 'string',
        'durationSeconds': 123,
        'enabled': True|False,
        'managedPolicyArns': [
            'string',
        ],
        'name': 'string',
        'profileArn': 'string',
        'profileId': 'string',
        'requireInstanceProperties': True|False,
        'roleArns': [
            'string',
        ],
        'sessionPolicy': 'string',
        'updatedAt': datetime(2015, 1, 1)
    }
}

Response Structure

• (dict) --

  • profile (dict) --

    The state of the profile after a read or write operation.

    • acceptRoleSessionName (boolean) --

      Used to determine if a custom role session name will be accepted in a temporary credential request.

    • attributeMappings (list) --

      A mapping applied to the authenticating end-entity certificate.

      • (dict) --

        A mapping applied to the authenticating end-entity certificate.

        • certificateField (string) --

          Fields (x509Subject, x509Issuer and x509SAN) within X.509 certificates.

        • mappingRules (list) --

          A list of mapping entries for every supported specifier or sub-field.

          • (dict) --

            A single mapping entry for each supported specifier or sub-field.

            • specifier (string) --

              Specifier within a certificate field, such as CN, OU, or UID from the Subject field.

    • createdAt (datetime) --

      The ISO-8601 timestamp when the profile was created.

    • createdBy (string) --

      The Amazon Web Services account that created the profile.

    • durationSeconds (integer) --

      Used to determine how long sessions vended using this profile are valid for. See the Expiration section of the CreateSession API documentation page for more details. In requests, if this value is not provided, the default value will be 3600.

    • enabled (boolean) --

      Indicates whether the profile is enabled.

    • managedPolicyArns (list) --

      A list of managed policy ARNs that apply to the vended session credentials.

      • (string) --

    • name (string) --

      The name of the profile.

    • profileArn (string) --

      The ARN of the profile.

    • profileId (string) --

      The unique identifier of the profile.

    • requireInstanceProperties (boolean) --

      Specifies whether instance properties are required in temporary credential requests with this profile.

    • roleArns (list) --

      A list of IAM roles that this profile can assume in a temporary credential request.

      • (string) --

    • sessionPolicy (string) --

      A session policy that applies to the trust boundary of the vended session credentials.

    • updatedAt (datetime) --

      The ISO-8601 timestamp when the profile was last updated.

{'acceptRoleSessionName': 'boolean'}

{'profile': {'acceptRoleSessionName': 'boolean'}}

Updates a profile, a list of the roles that IAM Roles Anywhere service is trusted to assume. You use profiles to intersect permissions with IAM managed policies.

Required permissions: rolesanywhere:UpdateProfile.

See also: AWS API Documentation

Request Syntax

client.update_profile(
    acceptRoleSessionName=True|False,
    durationSeconds=123,
    managedPolicyArns=[
        'string',
    ],
    name='string',
    profileId='string',
    roleArns=[
        'string',
    ],
    sessionPolicy='string'
)

type acceptRoleSessionName:

boolean

param acceptRoleSessionName:

Used to determine if a custom role session name will be accepted in a temporary credential request.

type durationSeconds:

integer

param durationSeconds:

Used to determine how long sessions vended using this profile are valid for. See the Expiration section of the CreateSession API documentation page for more details. In requests, if this value is not provided, the default value will be 3600.

type managedPolicyArns:

list

param managedPolicyArns:

A list of managed policy ARNs that apply to the vended session credentials.

• (string) --

type name:

string

param name:

The name of the profile.

type profileId:

string

param profileId:

[REQUIRED]

The unique identifier of the profile.

type roleArns:

list

param roleArns:

A list of IAM roles that this profile can assume in a temporary credential request.

• (string) --

type sessionPolicy:

string

param sessionPolicy:

A session policy that applies to the trust boundary of the vended session credentials.

rtype:

dict

returns:

Response Syntax

{
    'profile': {
        'acceptRoleSessionName': True|False,
        'attributeMappings': [
            {
                'certificateField': 'x509Subject'|'x509Issuer'|'x509SAN',
                'mappingRules': [
                    {
                        'specifier': 'string'
                    },
                ]
            },
        ],
        'createdAt': datetime(2015, 1, 1),
        'createdBy': 'string',
        'durationSeconds': 123,
        'enabled': True|False,
        'managedPolicyArns': [
            'string',
        ],
        'name': 'string',
        'profileArn': 'string',
        'profileId': 'string',
        'requireInstanceProperties': True|False,
        'roleArns': [
            'string',
        ],
        'sessionPolicy': 'string',
        'updatedAt': datetime(2015, 1, 1)
    }
}

Response Structure

• (dict) --

  • profile (dict) --

    The state of the profile after a read or write operation.

    • acceptRoleSessionName (boolean) --

      Used to determine if a custom role session name will be accepted in a temporary credential request.

    • attributeMappings (list) --

      A mapping applied to the authenticating end-entity certificate.

      • (dict) --

        A mapping applied to the authenticating end-entity certificate.

        • certificateField (string) --

          Fields (x509Subject, x509Issuer and x509SAN) within X.509 certificates.

        • mappingRules (list) --

          A list of mapping entries for every supported specifier or sub-field.

          • (dict) --

            A single mapping entry for each supported specifier or sub-field.

            • specifier (string) --

              Specifier within a certificate field, such as CN, OU, or UID from the Subject field.

    • createdAt (datetime) --

      The ISO-8601 timestamp when the profile was created.

    • createdBy (string) --

      The Amazon Web Services account that created the profile.

    • durationSeconds (integer) --

      Used to determine how long sessions vended using this profile are valid for. See the Expiration section of the CreateSession API documentation page for more details. In requests, if this value is not provided, the default value will be 3600.

    • enabled (boolean) --

      Indicates whether the profile is enabled.

    • managedPolicyArns (list) --

      A list of managed policy ARNs that apply to the vended session credentials.

      • (string) --

    • name (string) --

      The name of the profile.

    • profileArn (string) --

      The ARN of the profile.

    • profileId (string) --

      The unique identifier of the profile.

    • requireInstanceProperties (boolean) --

      Specifies whether instance properties are required in temporary credential requests with this profile.

    • roleArns (list) --

      A list of IAM roles that this profile can assume in a temporary credential request.

      • (string) --

    • sessionPolicy (string) --

      A session policy that applies to the trust boundary of the vended session credentials.

    • updatedAt (datetime) --

      The ISO-8601 timestamp when the profile was last updated.