AWS IAM Actions
  • 03 Jun 2022
  • 5 Minutes to read
  • Dark
    Light

AWS IAM Actions

  • Dark
    Light

Article summary

AWS IAM Actions

addAWSIAMGroupMember

Add an AWS IAM User to an AWS IAM Group.

Property

Value

Description

iamConnection*

expression, variable

the AWS IAM connection

groupName*

text, expression, variable

the groupname

userName*

text, expression, variable

the username

returnVariable

expression, variable

name of the variable to be assigned to the return value

# add John Doe to the PowerUsers group
memberAdded = addAWSIAMGroupMember(conn, "PowerUsers, "JDoe")

createAWSIAMAccessKey

Create an Access Key for an AWS IAM User.

Property

Value

Description

iamConnection*

expression, variable

the AWS IAM connection

userName*

expression, variable

the username

returnVariable

expression, variable

name of the variable to be assigned to the return value

# create a new access key for John Doe
accessKey = createAWSIAMAccessKey(conn, , "JDoe")
# and EMail it to him because this is the only time we have
access to the secret key
sendEmail(Global.emailHost, Global.emailUser,, Global.emailUser,
"JDoe@example.com, "AWS Access", "John Doe,
Here are your new AWS API access keys:
aws_access_key_id = " + accessKey.accessKeyId + "
aws_secret_access_key = " +accessKey.secretAccessKey)

deleteAWSIAMAccessKey

Delete Access Key from AWS IAM User.

Property

Value

Description

iamConnection*

expression, variable

the AWS IAM connection

userName*

text, expression, variable

the username

accessKeyId*

text, expression, variable

the access key id

returnVariable

expression, variable

name of the variable to be assigned to the return value

# find and delete all of John Doe's access keys
accessKeys = getAWSIAMAccessKeys(conn, "JDoe")
forEach(accesskey, accessKeys) {
deleteAWSIAMAccessKey(conn, "JDoe", accessKey.accessKeyId)
}

deleteAWSIAMGroup

Delete an AWS IAM Group.

Property

Value

Description

iamConnection*

expression, variable

the AWS IAM connection

groupName*

text, expression, variable

the groupname

returnVariable

expression, variable

name of the variable to be assigned to the return value

# delete power users group
deleteAWSIAMGroup(conn, "PowerUsers")

deleteAWSIAMUser

Delete an AWS IAM User.

Property

Value

Description

iamConnection*

expression, variable

the AWS IAM connection

userName*

text, expression, variable

the username

returnVariable

expression, variable

name of the variable to be assigned to the return value

# delete John Doe
deleteAWSIAMUser(conn, "JDoe")

deleteAWSIAMUserPassword

Delete an AWS IAM User password.

Property

Value

Description

iamConnection*

expression, variable

the AWS IAM connection

userName*

text, expression, variable

the username

returnVariable

expression, variable

name of the variable to be assigned to the return value

# delete John Doe's password
deleteAWSIAMUserPassword(conn, "JDoe")

getAWSIAMAccessKeys

Get the Access Key metadata for an AWS IAM User.

Property

Value

Description

iamConnection*

expression, variable

the AWS IAM connection

userName*

expression, variable

the username

returnVariable

expression, variable

name of the variable to be assigned to the return value

# find and delete all of John Doe's access keys
accessKeys = getAWSIAMAccessKeys(conn, "JDoe")
forEach(accesskey, accessKeys) {
deleteAWSIAMAccessKey(conn, "JDoe", accessKey.accessKeyId)
}

getAWSIAMGroup

Get an AWS IAM Group.

Property

Value

Description

iamConnection*

expression, variable

the AWS IAM connection

groupName

text, expression, variable

the groupname

returnVariable

expression, variable

name of the variable to be assigned to the return value

# get the power users group
powerUsersGroup = getAWSIAMGroup(conn, "PowerUsers")

getAWSIAMGroupMembers

Get usernames that are members of an AWS IAM Group.

Property

Value

Description

iamConnection*

expression, variable

the AWS IAM connection

groupName*

text, expression, variable

the groupname

returnVariable

expression, variable

name of the variable to be assigned to the return value

# get the power users group members and log them
powerUsers = getAWSIAMGroup(conn, "PowerUsers")
forEach(powerUser, powerUsers) {
log(powerUser)
}

getAWSIAMGroups

Get AWS IAM Groups.

Property

Value

Description

iamConnection*

expression, variable

the AWS IAM connection

pathPrefix

text, expression, variable

the path prefix for filter results (default: all paths)

returnVariable

expression, variable

name of the variable to be assigned to the return value

# get the existing groups and log the names
groups = getAWSIAMGroups(conn)
forEach(group, groups) {
log(group["groupName"])
}

getAWSIAMUser

Get an AWS IAM User.

Property

Value

Description

iamConnection*

expression, variable

the AWS IAM connection

userName

text, expression, variable

the username

returnVariable

expression, variable

name of the variable to be assigned to the return value

# get the John Doe user
jdoe = getAWSIAMUser(conn, "JDoe")

getAWSIAMUserGroups

Get names of the groups to which an AWS IAM User belongs.

Property

Value

Description

iamConnection*

expression, variable

the AWS IAM connection

userName*

text, expression, variable

the username

returnVariable

expression, variable

name of the variable to be assigned to the return value

# get and log the groups that John Doe belongs to
groups = getAWSIAMUserGroups(conn, "JDoe")
forEach(group, groups) {
log(group)
}

getAWSIAMUsers

Get AWS IAM Users.

Property

Value

Description

iamConnection*

expression, variable

the AWS IAM connection

pathPrefix

text, expression, variable

the path prefix for filter results (default: all paths)

returnVariable

expression, variable

name of the variable to be assigned to the return value

# get and log all the user names
users = getAWSIAMUsers(conn)
forEach(user, users) {
log(user["userName"])
}

hasAWSIAMUserPassword

Checks if an AWS IAM User has a password.

Property

Value

Description

iamConnection*

expression, variable

the AWS IAM connection

userName*

text, expression, variable

the username

returnVariable

expression, variable

name of the variable to be assigned to the return value

# check if John Doe has a password and set the default one if not
hasPassword = hasAWSIAMUserPassword(conn, "JDoe")
if(!hasPassword) {
setAWSIAMUserPassword(conn, "JDoe",<Password>)
} else {
}

openAWSIAMConnection

Open a connection to AWS Identity Access Management.

Property

Value

Description

accessKey

text, expression, variable

the AWS access key (default: use appliance credentials)

secretKey

password, string, expression, variable

the AWS secret key (default: use appliance credentials)

stsRoleArn

text, expression, password, variable

The AWS ARN. Depending upon the environment, it may be necessary to create Temporary Security Credentials or use IAM Roles.

returnVariable

expression, variable

name of the variable to be assigned to the return value

# open the connection
conn = openAWSIAMConnection(Global.awsAccessKey,)
# do some stuff
# close the connection
close(conn)

openAWSIAMGroupIterator

Open an AWS IAM Group iterator.

Property

Value

Description

iamConnection*

expression, variable

the AWS IAM connection

pathPrefix

text, expression, variable

the path prefix for filter results (default: all paths)

returnVariable

expression, variable

name of the variable to be assigned to the return value

# iterate the existing groups and log the names
groupIterator = openAWSIAMGroupIterator(conn)
forEach(group, groupIterator) {
log(group["groupName"])
}

openAWSIAMUserIterator

Open an AWS IAM User iterator.

Property

Value

Description

iamConnection*

expression, variable

the AWS IAM connection

pathPrefix

text, expression, variable

the path prefix for filter results (default: all paths)

returnVariable

expression, variable

name of the variable to be assigned to the return value

# iterate the existing groups and log the names
userIterator = openAWSIAMUserIterator(conn)
forEach(user, userIterator) {
log(user["userName"])
}

removeAWSIAMGroupMember

Remove an AWS IAM User from an AWS IAM Group.

Property

Value

Description

iamConnection*

expression, variable

the AWS IAM connection

groupName*

text, expression, variable

the groupname

userName*

text, expression, variable

the username

returnVariable

expression, variable

name of the variable to be assigned to the return value

# remove John Doe from the PowerUsers group
memberRemoved = removeAWSIAMGroupMember(conn, "PowerUsers, "JDoe")

saveAWSIAMGroup

Create or update an AWS IAM Group.

Property

Value

Description

iamConnection*

expression, variable

the AWS IAM connection

record*

expression, variable

the AWS IAM Group Record to save

returnVariable

expression, variable

name of the variable to be assigned to the return value

# create power users group
groupTemplate = createRecord(false)
setRecordFieldValue(groupTemplate, "groupName", "PowerUsers")
setRecordFieldValue(groupTemplate, "path", "/")
group = saveAWSIAMGroup(conn, groupTemplate)
# rename group and change path
renameGroupRecord = createRecord(false)
setRecordFieldValue(renameGroupRecord, "groupName", "PowerUsers")
setRecordFieldValue(renameGroupRecord, "newGroupName", "MyPowerUsers")
setRecordFieldValue(renameGroupRecord, "Path", "/mygroups/")
renamedGroupRecord = saveAWSIAMGroup(conn, renameGroupRecord)

saveAWSIAMUser

Create or update an AWS IAM User.

Property

Value

Description

iamConnection*

expression, variable

the AWS IAM connection

record*

expression, variable

the AWS IAM User Record to save

returnVariable

expression, variable

name of the variable to be assigned to the return value

# create John Doe user
userTemplate = createRecord(false)
setRecordFieldValue(userTemplate, "userName", "JDoe")
setRecordFieldValue(userTemplate, "path", "/")
jdoe = saveAWSIAMUser(conn, userTemplate)
# rename user and change path
renameUserRecord = createRecord(false)
setRecordFieldValue(renameUserRecord, "userName", "JDoe")
setRecordFieldValue(renameUserRecord, "newUserName", "JohnDoe")
setRecordFieldValue(renameUserRecord, "Path", "/myusers/")
renamedUserRecord = saveAWSIAMUser(conn, renameUserRecord)

setAWSIAMAccessKeyStatus

Set the activation status of an Access Key for AWS IAM User.

Property

Value

Description

iamConnection*

expression, variable

the AWS IAM connection

userName*

text, expression, variable

the username

accessKeyId*

text, expression, variable

the access key id

status*

choice (Active, Inactive), text, expression, variable

the desired status

returnVariable

expression, variable

name of the variable to be assigned to the return value

# find and deactivate all of John Doe's access keys
accessKeys = getAWSIAMAccessKeys(conn, "JDoe")
forEach(accesskey, accessKeys) {
setAWSIAMAccessKeyStatus(conn, "JDoe", accessKey.accessKeyId,
"Inactive")
}

setAWSIAMUserPassword

Set an AWS IAM User password.

Property

Value

Description

iamConnection*

expression, variable

the AWS IAM connection

userName*

text, expression, variable

the username

password*

password, string, expression, variable

the new password

resetRequired

boolean, expression, variable

whether or not the user is required to reset password on next login (default: false)

returnVariable

expression, variable

name of the variable to be assigned to the return value

# check if John Doe has a password and set the default one if not
hasPassword = hasAWSIAMUserPassword(conn, "JDoe")
if(!hasPassword) {
setAWSIAMUserPassword(conn, "JDoe",<Password>)
} else {
}

Was this article helpful?

ESC

Eddy AI, facilitating knowledge discovery through conversational intelligence