AWS IAM Actions
- 03 Jun 2022
- 5 Minutes to read
- Print
- DarkLight
AWS IAM Actions
- Updated on 03 Jun 2022
- 5 Minutes to read
- Print
- DarkLight
Article Summary
Share feedback
Thanks for sharing your feedback!
AWS IAM Actions
addAWSIAMGroupMember
Add an AWS IAM User to an AWS IAM Group.
Property | Value | Description |
iamConnection* | expression, variable | the AWS IAM connection |
groupName* | text, expression, variable | the groupname |
userName* | text, expression, variable | the username |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
# add John Doe to the PowerUsers group
memberAdded = addAWSIAMGroupMember(conn, "PowerUsers, "JDoe")createAWSIAMAccessKey
Create an Access Key for an AWS IAM User.
Property | Value | Description |
iamConnection* | expression, variable | the AWS IAM connection |
userName* | expression, variable | the username |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
# create a new access key for John Doe
accessKey = createAWSIAMAccessKey(conn, , "JDoe")
# and EMail it to him because this is the only time we have
access to the secret key
sendEmail(Global.emailHost, Global.emailUser,, Global.emailUser,
"JDoe@example.com, "AWS Access", "John Doe,
Here are your new AWS API access keys:
aws_access_key_id = " + accessKey.accessKeyId + "
aws_secret_access_key = " +accessKey.secretAccessKey)deleteAWSIAMAccessKey
Delete Access Key from AWS IAM User.
Property | Value | Description |
iamConnection* | expression, variable | the AWS IAM connection |
userName* | text, expression, variable | the username |
accessKeyId* | text, expression, variable | the access key id |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
# find and delete all of John Doe's access keys
accessKeys = getAWSIAMAccessKeys(conn, "JDoe")
forEach(accesskey, accessKeys) {
deleteAWSIAMAccessKey(conn, "JDoe", accessKey.accessKeyId)
}deleteAWSIAMGroup
Delete an AWS IAM Group.
Property | Value | Description |
iamConnection* | expression, variable | the AWS IAM connection |
groupName* | text, expression, variable | the groupname |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
# delete power users group
deleteAWSIAMGroup(conn, "PowerUsers")deleteAWSIAMUser
Delete an AWS IAM User.
Property | Value | Description |
iamConnection* | expression, variable | the AWS IAM connection |
userName* | text, expression, variable | the username |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
# delete John Doe
deleteAWSIAMUser(conn, "JDoe")deleteAWSIAMUserPassword
Delete an AWS IAM User password.
Property | Value | Description |
iamConnection* | expression, variable | the AWS IAM connection |
userName* | text, expression, variable | the username |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
# delete John Doe's password
deleteAWSIAMUserPassword(conn, "JDoe")getAWSIAMAccessKeys
Get the Access Key metadata for an AWS IAM User.
Property | Value | Description |
iamConnection* | expression, variable | the AWS IAM connection |
userName* | expression, variable | the username |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
# find and delete all of John Doe's access keys
accessKeys = getAWSIAMAccessKeys(conn, "JDoe")
forEach(accesskey, accessKeys) {
deleteAWSIAMAccessKey(conn, "JDoe", accessKey.accessKeyId)
}getAWSIAMGroup
Get an AWS IAM Group.
Property | Value | Description |
iamConnection* | expression, variable | the AWS IAM connection |
groupName | text, expression, variable | the groupname |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
# get the power users group
powerUsersGroup = getAWSIAMGroup(conn, "PowerUsers")getAWSIAMGroupMembers
Get usernames that are members of an AWS IAM Group.
Property | Value | Description |
iamConnection* | expression, variable | the AWS IAM connection |
groupName* | text, expression, variable | the groupname |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
# get the power users group members and log them
powerUsers = getAWSIAMGroup(conn, "PowerUsers")
forEach(powerUser, powerUsers) {
log(powerUser)
}getAWSIAMGroups
Get AWS IAM Groups.
Property | Value | Description |
iamConnection* | expression, variable | the AWS IAM connection |
pathPrefix | text, expression, variable | the path prefix for filter results (default: all paths) |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
# get the existing groups and log the names
groups = getAWSIAMGroups(conn)
forEach(group, groups) {
log(group["groupName"])
}getAWSIAMUser
Get an AWS IAM User.
Property | Value | Description |
iamConnection* | expression, variable | the AWS IAM connection |
userName | text, expression, variable | the username |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
# get the John Doe user
jdoe = getAWSIAMUser(conn, "JDoe")getAWSIAMUserGroups
Get names of the groups to which an AWS IAM User belongs.
Property | Value | Description |
iamConnection* | expression, variable | the AWS IAM connection |
userName* | text, expression, variable | the username |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
# get and log the groups that John Doe belongs to
groups = getAWSIAMUserGroups(conn, "JDoe")
forEach(group, groups) {
log(group)
}getAWSIAMUsers
Get AWS IAM Users.
Property | Value | Description |
iamConnection* | expression, variable | the AWS IAM connection |
pathPrefix | text, expression, variable | the path prefix for filter results (default: all paths) |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
# get and log all the user names
users = getAWSIAMUsers(conn)
forEach(user, users) {
log(user["userName"])
}hasAWSIAMUserPassword
Checks if an AWS IAM User has a password.
Property | Value | Description |
iamConnection* | expression, variable | the AWS IAM connection |
userName* | text, expression, variable | the username |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
# check if John Doe has a password and set the default one if not
hasPassword = hasAWSIAMUserPassword(conn, "JDoe")
if(!hasPassword) {
setAWSIAMUserPassword(conn, "JDoe",<Password>)
} else {
}openAWSIAMConnection
Open a connection to AWS Identity Access Management.
Property | Value | Description |
accessKey | text, expression, variable | the AWS access key (default: use appliance credentials) |
secretKey | password, string, expression, variable | the AWS secret key (default: use appliance credentials) |
stsRoleArn | text, expression, password, variable | The AWS ARN. Depending upon the environment, it may be necessary to create Temporary Security Credentials or use IAM Roles. |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
# open the connection
conn = openAWSIAMConnection(Global.awsAccessKey,)
# do some stuff
# close the connection
close(conn)openAWSIAMGroupIterator
Open an AWS IAM Group iterator.
Property | Value | Description |
iamConnection* | expression, variable | the AWS IAM connection |
pathPrefix | text, expression, variable | the path prefix for filter results (default: all paths) |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
# iterate the existing groups and log the names
groupIterator = openAWSIAMGroupIterator(conn)
forEach(group, groupIterator) {
log(group["groupName"])
}openAWSIAMUserIterator
Open an AWS IAM User iterator.
Property | Value | Description |
iamConnection* | expression, variable | the AWS IAM connection |
pathPrefix | text, expression, variable | the path prefix for filter results (default: all paths) |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
# iterate the existing groups and log the names
userIterator = openAWSIAMUserIterator(conn)
forEach(user, userIterator) {
log(user["userName"])
}removeAWSIAMGroupMember
Remove an AWS IAM User from an AWS IAM Group.
Property | Value | Description |
iamConnection* | expression, variable | the AWS IAM connection |
groupName* | text, expression, variable | the groupname |
userName* | text, expression, variable | the username |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
# remove John Doe from the PowerUsers group
memberRemoved = removeAWSIAMGroupMember(conn, "PowerUsers, "JDoe")saveAWSIAMGroup
Create or update an AWS IAM Group.
Property | Value | Description |
iamConnection* | expression, variable | the AWS IAM connection |
record* | expression, variable | the AWS IAM Group Record to save |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
# create power users group
groupTemplate = createRecord(false)
setRecordFieldValue(groupTemplate, "groupName", "PowerUsers")
setRecordFieldValue(groupTemplate, "path", "/")
group = saveAWSIAMGroup(conn, groupTemplate)
# rename group and change path
renameGroupRecord = createRecord(false)
setRecordFieldValue(renameGroupRecord, "groupName", "PowerUsers")
setRecordFieldValue(renameGroupRecord, "newGroupName", "MyPowerUsers")
setRecordFieldValue(renameGroupRecord, "Path", "/mygroups/")
renamedGroupRecord = saveAWSIAMGroup(conn, renameGroupRecord)saveAWSIAMUser
Create or update an AWS IAM User.
Property | Value | Description |
iamConnection* | expression, variable | the AWS IAM connection |
record* | expression, variable | the AWS IAM User Record to save |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
# create John Doe user
userTemplate = createRecord(false)
setRecordFieldValue(userTemplate, "userName", "JDoe")
setRecordFieldValue(userTemplate, "path", "/")
jdoe = saveAWSIAMUser(conn, userTemplate)
# rename user and change path
renameUserRecord = createRecord(false)
setRecordFieldValue(renameUserRecord, "userName", "JDoe")
setRecordFieldValue(renameUserRecord, "newUserName", "JohnDoe")
setRecordFieldValue(renameUserRecord, "Path", "/myusers/")
renamedUserRecord = saveAWSIAMUser(conn, renameUserRecord)setAWSIAMAccessKeyStatus
Set the activation status of an Access Key for AWS IAM User.
Property | Value | Description |
iamConnection* | expression, variable | the AWS IAM connection |
userName* | text, expression, variable | the username |
accessKeyId* | text, expression, variable | the access key id |
status* | choice (Active, Inactive), text, expression, variable | the desired status |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
# find and deactivate all of John Doe's access keys
accessKeys = getAWSIAMAccessKeys(conn, "JDoe")
forEach(accesskey, accessKeys) {
setAWSIAMAccessKeyStatus(conn, "JDoe", accessKey.accessKeyId,
"Inactive")
}setAWSIAMUserPassword
Set an AWS IAM User password.
Property | Value | Description |
iamConnection* | expression, variable | the AWS IAM connection |
userName* | text, expression, variable | the username |
password* | password, string, expression, variable | the new password |
resetRequired | boolean, expression, variable | whether or not the user is required to reset password on next login (default: false) |
returnVariable | expression, variable | name of the variable to be assigned to the return value |
# check if John Doe has a password and set the default one if not
hasPassword = hasAWSIAMUserPassword(conn, "JDoe")
if(!hasPassword) {
setAWSIAMUserPassword(conn, "JDoe",<Password>)
} else {
}Was this article helpful?