boto3_iam¶
Connection module for Amazon IAM using boto3.¶
Renamed from
boto_iamtoboto3_iamand rewritten to use the boto3 IAM client API directly viasaltext.boto3.utils.boto3mod. The legacy boto2 code path has been removed.
- depends:
boto3 >= 1.28.0
botocore >= 1.31.0
- configuration:
This module accepts explicit IAM credentials but can also utilize IAM roles assigned to the instance through Instance Profiles. Dynamic credentials are then automatically obtained from AWS API and no further configuration is necessary. More Information available at:
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html
If IAM roles are not used you need to specify them either in the minion’s config file or as a profile. For example, to specify them in the minion’s config file:
iam.keyid: GKTADJGHEIQSXMKKRBJ08H
iam.key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs
A region may also be specified in the configuration:
iam.region: us-east-1
It’s also possible to specify key, keyid and region via a profile, either as a passed in dict, or as a string to pull from pillars or minion config:
myprofile:
keyid: GKTADJGHEIQSXMKKRBJ08H
key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs
region: us-east-1
Added in version 1.0.0.
- saltext.boto3.modules.boto3_iam.instance_profile_exists(name, region=None, key=None, keyid=None, profile=None)[source]¶
Check to see if an instance profile exists.
CLI Example:
salt myminion boto3_iam.instance_profile_exists myiprofile
- saltext.boto3.modules.boto3_iam.create_instance_profile(name, region=None, key=None, keyid=None, profile=None)[source]¶
Create an instance profile.
CLI Example:
salt myminion boto3_iam.create_instance_profile myiprofile
- saltext.boto3.modules.boto3_iam.delete_instance_profile(name, region=None, key=None, keyid=None, profile=None)[source]¶
Delete an instance profile.
CLI Example:
salt myminion boto3_iam.delete_instance_profile myiprofile
- saltext.boto3.modules.boto3_iam.get_all_instance_profiles(path_prefix='/', region=None, key=None, keyid=None, profile=None)[source]¶
Get and return all IAM instance profiles, starting at the optional path.
CLI Example:
salt-call boto3_iam.get_all_instance_profiles
- saltext.boto3.modules.boto3_iam.list_instance_profiles(path_prefix='/', region=None, key=None, keyid=None, profile=None)[source]¶
List all IAM instance profiles, starting at the optional path.
CLI Example:
salt-call boto3_iam.list_instance_profiles
- saltext.boto3.modules.boto3_iam.role_exists(name, region=None, key=None, keyid=None, profile=None)[source]¶
Check to see if an IAM role exists.
CLI Example:
salt myminion boto3_iam.role_exists myirole
- saltext.boto3.modules.boto3_iam.describe_role(name, region=None, key=None, keyid=None, profile=None)[source]¶
Get information for a role.
CLI Example:
salt myminion boto3_iam.describe_role myirole
- saltext.boto3.modules.boto3_iam.create_role(name, policy_document=None, path=None, region=None, key=None, keyid=None, profile=None)[source]¶
Create an instance role.
CLI Example:
salt myminion boto3_iam.create_role myrole
- saltext.boto3.modules.boto3_iam.delete_role(name, region=None, key=None, keyid=None, profile=None)[source]¶
Delete an IAM role.
CLI Example:
salt myminion boto3_iam.delete_role myirole
- saltext.boto3.modules.boto3_iam.profile_associated(role_name, profile_name, region, key, keyid, profile)[source]¶
Check to see if an instance profile is associated with an IAM role.
CLI Example:
salt myminion boto3_iam.profile_associated myirole myiprofile
- saltext.boto3.modules.boto3_iam.associate_profile_to_role(profile_name, role_name, region=None, key=None, keyid=None, profile=None)[source]¶
Associate an instance profile with an IAM role.
CLI Example:
salt myminion boto3_iam.associate_profile_to_role myirole myiprofile
- saltext.boto3.modules.boto3_iam.disassociate_profile_from_role(profile_name, role_name, region=None, key=None, keyid=None, profile=None)[source]¶
Disassociate an instance profile from an IAM role.
CLI Example:
salt myminion boto3_iam.disassociate_profile_from_role myirole myiprofile
- saltext.boto3.modules.boto3_iam.list_role_policies(role_name, region=None, key=None, keyid=None, profile=None)[source]¶
Get a list of inline policy names from a role.
CLI Example:
salt myminion boto3_iam.list_role_policies myirole
- saltext.boto3.modules.boto3_iam.get_role_policy(role_name, policy_name, region=None, key=None, keyid=None, profile=None)[source]¶
Get a role policy.
CLI Example:
salt myminion boto3_iam.get_role_policy myirole mypolicy
- saltext.boto3.modules.boto3_iam.create_role_policy(role_name, policy_name, policy, region=None, key=None, keyid=None, profile=None)[source]¶
Create or modify a role policy.
CLI Example:
salt myminion boto3_iam.create_role_policy myirole mypolicy '{...}'
- saltext.boto3.modules.boto3_iam.delete_role_policy(role_name, policy_name, region=None, key=None, keyid=None, profile=None)[source]¶
Delete a role policy.
CLI Example:
salt myminion boto3_iam.delete_role_policy myirole mypolicy
- saltext.boto3.modules.boto3_iam.update_assume_role_policy(role_name, policy_document, region=None, key=None, keyid=None, profile=None)[source]¶
Update an assume role policy for a role.
CLI Example:
salt myminion boto3_iam.update_assume_role_policy myrole '{"Statement":"..."}'
- saltext.boto3.modules.boto3_iam.build_policy(region=None, key=None, keyid=None, profile=None)[source]¶
Build a default assume role policy for EC2.
CLI Example:
salt myminion boto3_iam.build_policy
- saltext.boto3.modules.boto3_iam.get_all_roles(path_prefix=None, region=None, key=None, keyid=None, profile=None)[source]¶
Get and return all IAM role details, starting at the optional path.
CLI Example:
salt-call boto3_iam.get_all_roles
- saltext.boto3.modules.boto3_iam.get_user(user_name=None, region=None, key=None, keyid=None, profile=None)[source]¶
Get user information.
CLI Example:
salt myminion boto3_iam.get_user myuser
- saltext.boto3.modules.boto3_iam.create_user(user_name, path=None, region=None, key=None, keyid=None, profile=None)[source]¶
Create a user.
CLI Example:
salt myminion boto3_iam.create_user myuser
- saltext.boto3.modules.boto3_iam.delete_user(user_name, region=None, key=None, keyid=None, profile=None)[source]¶
Delete a user.
CLI Example:
salt myminion boto3_iam.delete_user myuser
- saltext.boto3.modules.boto3_iam.get_all_access_keys(user_name, marker=None, max_items=None, region=None, key=None, keyid=None, profile=None)[source]¶
Get all access keys for a user.
Returns a dict with an
AccessKeyMetadatalist.CLI Example:
salt myminion boto3_iam.get_all_access_keys myuser
- saltext.boto3.modules.boto3_iam.create_access_key(user_name, region=None, key=None, keyid=None, profile=None)[source]¶
Create access key id for a user.
CLI Example:
salt myminion boto3_iam.create_access_key myuser
- saltext.boto3.modules.boto3_iam.delete_access_key(access_key_id, user_name=None, region=None, key=None, keyid=None, profile=None)[source]¶
Delete access key id from a user.
CLI Example:
salt myminion boto3_iam.delete_access_key myuser
- saltext.boto3.modules.boto3_iam.get_all_users(path_prefix='/', region=None, key=None, keyid=None, profile=None)[source]¶
Get and return all IAM user details, starting at the optional path.
CLI Example:
salt-call boto3_iam.get_all_users
- saltext.boto3.modules.boto3_iam.get_all_user_policies(user_name, marker=None, max_items=None, region=None, key=None, keyid=None, profile=None)[source]¶
Get all inline user policy names.
CLI Example:
salt myminion boto3_iam.get_all_user_policies myuser
- saltext.boto3.modules.boto3_iam.get_user_policy(user_name, policy_name, region=None, key=None, keyid=None, profile=None)[source]¶
Retrieves the specified inline policy document for the specified user.
CLI Example:
salt myminion boto3_iam.get_user_policy myuser mypolicyname
- saltext.boto3.modules.boto3_iam.put_user_policy(user_name, policy_name, policy_json, region=None, key=None, keyid=None, profile=None)[source]¶
Adds or updates the specified inline policy document for the specified user.
CLI Example:
salt myminion boto3_iam.put_user_policy myuser policyname policyrules
- saltext.boto3.modules.boto3_iam.delete_user_policy(user_name, policy_name, region=None, key=None, keyid=None, profile=None)[source]¶
Delete an inline user policy.
CLI Example:
salt myminion boto3_iam.delete_user_policy myuser mypolicy
- saltext.boto3.modules.boto3_iam.get_group(group_name, region=None, key=None, keyid=None, profile=None)[source]¶
Get group information.
CLI Example:
salt myminion boto3_iam.get_group mygroup
- saltext.boto3.modules.boto3_iam.create_group(group_name, path=None, region=None, key=None, keyid=None, profile=None)[source]¶
Create a group.
CLI Example:
salt myminion boto3_iam.create_group group
- saltext.boto3.modules.boto3_iam.get_group_members(group_name, region=None, key=None, keyid=None, profile=None)[source]¶
Get the users that are members of a group.
CLI Example:
salt myminion boto3_iam.get_group_members mygroup
- saltext.boto3.modules.boto3_iam.user_exists_in_group(user_name, group_name, region=None, key=None, keyid=None, profile=None)[source]¶
Check if user exists in group.
CLI Example:
salt myminion boto3_iam.user_exists_in_group myuser mygroup
- saltext.boto3.modules.boto3_iam.add_user_to_group(user_name, group_name, region=None, key=None, keyid=None, profile=None)[source]¶
Add user to group.
CLI Example:
salt myminion boto3_iam.add_user_to_group myuser mygroup
- saltext.boto3.modules.boto3_iam.remove_user_from_group(group_name, user_name, region=None, key=None, keyid=None, profile=None)[source]¶
Remove user from group.
CLI Example:
salt myminion boto3_iam.remove_user_from_group mygroup myuser
- saltext.boto3.modules.boto3_iam.put_group_policy(group_name, policy_name, policy_json, region=None, key=None, keyid=None, profile=None)[source]¶
Adds or updates the specified inline policy document for the specified group.
CLI Example:
salt myminion boto3_iam.put_group_policy mygroup policyname policyrules
- saltext.boto3.modules.boto3_iam.delete_group_policy(group_name, policy_name, region=None, key=None, keyid=None, profile=None)[source]¶
Delete a group policy.
CLI Example:
salt myminion boto3_iam.delete_group_policy mygroup mypolicy
- saltext.boto3.modules.boto3_iam.get_group_policy(group_name, policy_name, region=None, key=None, keyid=None, profile=None)[source]¶
Retrieves the specified inline policy document for the specified group.
CLI Example:
salt myminion boto3_iam.get_group_policy mygroup policyname
- saltext.boto3.modules.boto3_iam.get_all_groups(path_prefix='/', region=None, key=None, keyid=None, profile=None)[source]¶
Get and return all IAM group details, starting at the optional path.
CLI Example:
salt-call boto3_iam.get_all_groups
- saltext.boto3.modules.boto3_iam.get_all_group_policies(group_name, region=None, key=None, keyid=None, profile=None)[source]¶
Get a list of inline policy names from a group.
CLI Example:
salt myminion boto3_iam.get_all_group_policies mygroup
- saltext.boto3.modules.boto3_iam.delete_group(group_name, region=None, key=None, keyid=None, profile=None)[source]¶
Delete a group.
CLI Example:
salt myminion boto3_iam.delete_group mygroup
- saltext.boto3.modules.boto3_iam.create_login_profile(user_name, password, region=None, key=None, keyid=None, profile=None)[source]¶
Creates a login profile for the specified user.
CLI Example:
salt myminion boto3_iam.create_login_profile user_name password
- saltext.boto3.modules.boto3_iam.delete_login_profile(user_name, region=None, key=None, keyid=None, profile=None)[source]¶
Deletes a login profile for the specified user.
CLI Example:
salt myminion boto3_iam.delete_login_profile user_name
- saltext.boto3.modules.boto3_iam.get_all_mfa_devices(user_name, region=None, key=None, keyid=None, profile=None)[source]¶
Get all MFA devices associated with an IAM user.
Returns a list of dicts with PascalCase keys (e.g.
SerialNumber).CLI Example:
salt myminion boto3_iam.get_all_mfa_devices user_name
- saltext.boto3.modules.boto3_iam.deactivate_mfa_device(user_name, serial, region=None, key=None, keyid=None, profile=None)[source]¶
Deactivates the specified MFA device and removes it from association with the user.
CLI Example:
salt myminion boto3_iam.deactivate_mfa_device user_name serial_num
- saltext.boto3.modules.boto3_iam.delete_virtual_mfa_device(serial, region=None, key=None, keyid=None, profile=None)[source]¶
Deletes the specified virtual MFA device.
CLI Example:
salt myminion boto3_iam.delete_virtual_mfa_device serial_num
- saltext.boto3.modules.boto3_iam.update_account_password_policy(allow_users_to_change_password=None, hard_expiry=None, max_password_age=None, minimum_password_length=None, password_reuse_prevention=None, require_lowercase_characters=None, require_numbers=None, require_symbols=None, require_uppercase_characters=None, region=None, key=None, keyid=None, profile=None)[source]¶
Update the password policy for the AWS account.
CLI Example:
salt myminion boto3_iam.update_account_password_policy True
- saltext.boto3.modules.boto3_iam.get_account_policy(region=None, key=None, keyid=None, profile=None)[source]¶
Get account password policy for the AWS account.
CLI Example:
salt myminion boto3_iam.get_account_policy
- saltext.boto3.modules.boto3_iam.get_account_id(region=None, key=None, keyid=None, profile=None)[source]¶
Get the AWS account id associated with the used credentials.
CLI Example:
salt myminion boto3_iam.get_account_id
- saltext.boto3.modules.boto3_iam.upload_server_cert(cert_name, cert_body, private_key, cert_chain=None, path=None, region=None, key=None, keyid=None, profile=None)[source]¶
Upload a server certificate.
CLI Example:
salt myminion boto3_iam.upload_server_cert mycert_name crt priv_key
- saltext.boto3.modules.boto3_iam.get_server_certificate(cert_name, region=None, key=None, keyid=None, profile=None)[source]¶
Returns certificate information for a server cert.
CLI Example:
salt myminion boto3_iam.get_server_certificate mycert_name
- saltext.boto3.modules.boto3_iam.delete_server_cert(cert_name, region=None, key=None, keyid=None, profile=None)[source]¶
Deletes a server certificate.
CLI Example:
salt myminion boto3_iam.delete_server_cert mycert_name
- saltext.boto3.modules.boto3_iam.export_users(path_prefix='/', region=None, key=None, keyid=None, profile=None)[source]¶
Get all IAM user details as a yaml sls structure.
CLI Example:
salt-call boto3_iam.export_users --out=txt | sed "s/local: //" > iam_users.sls
- saltext.boto3.modules.boto3_iam.export_roles(path_prefix='/', region=None, key=None, keyid=None, profile=None)[source]¶
Get all IAM role details as a yaml sls structure.
CLI Example:
salt-call boto3_iam.export_roles --out=txt | sed "s/local: //" > iam_roles.sls
- saltext.boto3.modules.boto3_iam.policy_exists(policy_name, region=None, key=None, keyid=None, profile=None)[source]¶
Check to see if a managed policy exists.
CLI Example:
salt myminion boto3_iam.policy_exists mypolicy
- saltext.boto3.modules.boto3_iam.get_policy(policy_name, region=None, key=None, keyid=None, profile=None)[source]¶
Get the managed policy info.
CLI Example:
salt myminion boto3_iam.get_policy mypolicy
- saltext.boto3.modules.boto3_iam.create_policy(policy_name, policy_document, path=None, description=None, region=None, key=None, keyid=None, profile=None)[source]¶
Create a managed policy.
CLI Example:
salt myminion boto3_iam.create_policy mypolicy '{"Version": "2012-10-17", ...}'
- saltext.boto3.modules.boto3_iam.delete_policy(policy_name, region=None, key=None, keyid=None, profile=None)[source]¶
Delete a managed policy.
CLI Example:
salt myminion boto3_iam.delete_policy mypolicy
- saltext.boto3.modules.boto3_iam.list_policies(region=None, key=None, keyid=None, profile=None)[source]¶
List managed policies.
Returns a list whose entries are the
Policieslist from each page.CLI Example:
salt myminion boto3_iam.list_policies
- saltext.boto3.modules.boto3_iam.policy_version_exists(policy_name, version_id, region=None, key=None, keyid=None, profile=None)[source]¶
Check to see if a managed policy version exists.
CLI Example:
salt myminion boto3_iam.policy_version_exists mypolicy v1
- saltext.boto3.modules.boto3_iam.get_policy_version(policy_name, version_id, region=None, key=None, keyid=None, profile=None)[source]¶
Get a specific version of a managed policy.
CLI Example:
salt myminion boto3_iam.get_policy_version mypolicy v1
- saltext.boto3.modules.boto3_iam.create_policy_version(policy_name, policy_document, set_as_default=None, region=None, key=None, keyid=None, profile=None)[source]¶
Create a version of a managed policy.
CLI Example:
salt myminion boto3_iam.create_policy_version mypolicy '{...}'
- saltext.boto3.modules.boto3_iam.delete_policy_version(policy_name, version_id, region=None, key=None, keyid=None, profile=None)[source]¶
Delete a version of a managed policy.
CLI Example:
salt myminion boto3_iam.delete_policy_version mypolicy v1
- saltext.boto3.modules.boto3_iam.list_policy_versions(policy_name, region=None, key=None, keyid=None, profile=None)[source]¶
List versions of a managed policy.
CLI Example:
salt myminion boto3_iam.list_policy_versions mypolicy
- saltext.boto3.modules.boto3_iam.set_default_policy_version(policy_name, version_id, region=None, key=None, keyid=None, profile=None)[source]¶
Set the default version of a managed policy.
CLI Example:
salt myminion boto3_iam.set_default_policy_version mypolicy v1
- saltext.boto3.modules.boto3_iam.attach_user_policy(policy_name, user_name, region=None, key=None, keyid=None, profile=None)[source]¶
Attach a managed policy to a user.
CLI Example:
salt myminion boto3_iam.attach_user_policy mypolicy myuser
- saltext.boto3.modules.boto3_iam.detach_user_policy(policy_name, user_name, region=None, key=None, keyid=None, profile=None)[source]¶
Detach a managed policy from a user.
CLI Example:
salt myminion boto3_iam.detach_user_policy mypolicy myuser
- saltext.boto3.modules.boto3_iam.attach_group_policy(policy_name, group_name, region=None, key=None, keyid=None, profile=None)[source]¶
Attach a managed policy to a group.
CLI Example:
salt myminion boto3_iam.attach_group_policy mypolicy mygroup
- saltext.boto3.modules.boto3_iam.detach_group_policy(policy_name, group_name, region=None, key=None, keyid=None, profile=None)[source]¶
Detach a managed policy from a group.
CLI Example:
salt myminion boto3_iam.detach_group_policy mypolicy mygroup
- saltext.boto3.modules.boto3_iam.attach_role_policy(policy_name, role_name, region=None, key=None, keyid=None, profile=None)[source]¶
Attach a managed policy to a role.
CLI Example:
salt myminion boto3_iam.attach_role_policy mypolicy myrole
- saltext.boto3.modules.boto3_iam.detach_role_policy(policy_name, role_name, region=None, key=None, keyid=None, profile=None)[source]¶
Detach a managed policy from a role.
CLI Example:
salt myminion boto3_iam.detach_role_policy mypolicy myrole
- saltext.boto3.modules.boto3_iam.list_entities_for_policy(policy_name, path_prefix=None, entity_filter=None, region=None, key=None, keyid=None, profile=None)[source]¶
List entities (users, groups, roles) that a policy is attached to.
CLI Example:
salt myminion boto3_iam.list_entities_for_policy mypolicy
- saltext.boto3.modules.boto3_iam.list_attached_user_policies(user_name, path_prefix=None, entity_filter=None, region=None, key=None, keyid=None, profile=None)[source]¶
List managed policies attached to the given user.
CLI Example:
salt myminion boto3_iam.list_attached_user_policies myuser
- saltext.boto3.modules.boto3_iam.list_attached_group_policies(group_name, path_prefix=None, entity_filter=None, region=None, key=None, keyid=None, profile=None)[source]¶
List managed policies attached to the given group.
CLI Example:
salt myminion boto3_iam.list_attached_group_policies mygroup
- saltext.boto3.modules.boto3_iam.list_attached_role_policies(role_name, path_prefix=None, entity_filter=None, region=None, key=None, keyid=None, profile=None)[source]¶
List managed policies attached to the given role.
CLI Example:
salt myminion boto3_iam.list_attached_role_policies myrole
- saltext.boto3.modules.boto3_iam.create_saml_provider(name, saml_metadata_document, region=None, key=None, keyid=None, profile=None)[source]¶
Create SAML provider.
CLI Example:
salt myminion boto3_iam.create_saml_provider name saml_metadata_document
- saltext.boto3.modules.boto3_iam.get_saml_provider_arn(name, region=None, key=None, keyid=None, profile=None)[source]¶
Get SAML provider ARN.
CLI Example:
salt myminion boto3_iam.get_saml_provider_arn my_saml_provider_name
- saltext.boto3.modules.boto3_iam.delete_saml_provider(name, region=None, key=None, keyid=None, profile=None)[source]¶
Delete SAML provider.
CLI Example:
salt myminion boto3_iam.delete_saml_provider my_saml_provider_name
- saltext.boto3.modules.boto3_iam.list_saml_providers(region=None, key=None, keyid=None, profile=None)[source]¶
List SAML provider names.
CLI Example:
salt myminion boto3_iam.list_saml_providers