AWS Identity and Access Management (IAM)
App Vendor: Amazon Web Services
App Category: Authentication(Auth)
Connector Version: 1.0.0
API Version: 1.0.0
About App
AWS Identity and Access Management (IAM) app lets you manage and control access to AWS services and resources securely. Using AWS IAM app, security analysts can create and manage AWS users, groups, policies, and security credentials such as access keys. You can define permissions to allow and deny their access to specific AWS resources.
The AWS Identity and Access Management (IAM) app is configured with the Orchestrate application to perform the following actions:
Action Name | Description |
|---|---|
List Users | The action lists the IAM users that have the specified path prefix. |
Get User Information | The action gets detailed information about a specific user. |
Update User | This action updates the user's name and also updates the user's path if required. |
Delete User | The action deletes a specific user. |
List Groups | The action lists the IAM groups that have the specified path prefix. |
List User Groups | The action lists all groups the username belongs to. |
Add User to Group | The action adds a user to a group. |
List Access Keys | The action returns information about the access key IDs associated with the specified IAM user. |
Remove User From Group | This action removes a user from a group. |
List Policies | The action lists all policies. |
List Roles | The action lists all roles. |
Get Role Information | The action retrieves details of the specified role name. |
Attach Group Policy | The action attaches a policy to a specific group. |
Detach Group Policy | The action detaches a policy from a specific group. |
Delete Access Key | The action deletes the access key pair associated with the specified IAM user. |
Configuration Parameters
The following configuration parameters are required for the AWS IAM app to communicate with the AWS Identity and Access Management enterprise application. The parameters can be configured by creating instances in the app.
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Access Key ID | Enter the access key ID to access the IAM API. | Text | Optional | |
Secret Access Key | Enter the secret key to access the IAM resources. Example: "XXXX97-2a2167-c93df33-72de34-c2fb18" | Password | Optional | |
Region Name | Enter the region name. Example: "us-east-1" | Text | Optional |
Action: List Users
The action lists the IAM users that have the specified path prefix. If no path prefix is specified, the operation returns all users in the AWS account. You can paginate the results using the set_max_users parameter.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Path prefix | Enter the path prefix for filtering the results. This parameter will list all user names whose path starts with /division_abc/subdivision_xyz/ Example: "/division_abc/subdivision_xyz/" | Text | Optional | Default value: "/" |
Set max users to fetch | Enter the maximum users to return in the response . The default value is 100. | Integer | Optional |
Example Request
[
{
"path_prefix": "/division_abc/subdivision_xyz/",
"set_max_users": 100
}
]Action Response Parameters
Parameter | Type | Description |
|---|---|---|
Users | Array | An array containing information about users. |
Path | String | The path to the user. |
UserName | String | The name of the user. |
UserId | String | The ID of the user. |
Arn | String | The Amazon Resource Name (ARN) of the user. |
CreateDate | Datetime | The date and time when the user was created. |
PasswordLastUsed | Datetime | The date and time when the user's password was last used. |
PermissionsBoundary | Object | Information about the permissions boundary of the user. |
PermissionsBoundaryType | String | The type of permissions boundary policy. |
PermissionsBoundaryArn | String | The ARN of the permissions boundary. |
Tags | Array | An array containing tags associated with the user. |
Key | String | The key of the tag. |
Value | String | The value of the tag. |
IsTruncated | Boolean | Indicates whether the list of users is truncated. |
Marker | String | A marker used for pagination. |
Action: Get User Information
The action retrieves detailed information about a specific IAM user. This action returns information such as the user's creation date, path, unique ID, and ARN.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Username | Enter the username to retrieve the details. Example: "testuser" | Text | Required |
Example Request
[
{
"username": "testuser"
}
]Action Response Parameter
Parameter | Type | Description |
|---|---|---|
User | Object | An object containing information about a user. |
Path | String | The path to the user. |
UserName | String | The name of the user. |
UserId | String | The ID of the user. |
Arn | String | The Amazon Resource Name (ARN) of the user. |
CreateDate | Datetime | The date and time when the user was created. |
PasswordLastUsed | Datetime | The date and time when the user's password was last used. |
PermissionsBoundary | Object | An object containing information about the permissions boundary. |
PermissionsBoundaryType | PermissionsBoundaryPolicy | The type of the permissions boundary policy. |
PermissionsBoundaryArn | String | The ARN of the permissions boundary. |
Tags | Array | An array containing tags associated with the user. |
Key | String | The key of the tag. |
Value | String | The value of the tag. |
Action: Update User
This action updates the IAM user's name and also updates the user's path if required. You should understand the implications of changing an IAM user's path or name.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Username | Enter the username to update. Example: "testuser" | Text | Required | |
New path | Enter the path to update the user to. Example: "newpath/division_abc/subdivision_xyz/" | Text | Optional | Default path: "/" |
New username | New username to change the current username. Example: "testuser404@sampledomain.com" | Text | Required |
Example Request
[
{
"username": "testuser",
"newpath": "newpath/division_abc/subdivision_xyz/",
"newusername": "newtestuser"
}
]Action Response Parameters
Parameter | Type | Description |
|---|---|---|
Path | String | The path of the user. |
UserName | String | The name of the user. |
UserId | String | The ID of the user. |
Arn | String | The Amazon Resource Name (ARN) of the user. |
RequestId | String | The ID of the request. |
Action: Delete User
This action deletes the specified IAM user.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Username | Enter the username to be deleted. Example: "testuser" | Text | Required |
Example Request
[
{
"username": "testuser"
}
]Action Response Parameters
Parameter | Type | Description |
|---|---|---|
DeleteUserResponse | Object | Root element of the DeleteUser response. |
ResponseMetadata | Object | Contains metadata about the request. |
RequestId | String | The unique identifier for the request. |
Action: List Groups
The action lists the IAM groups that have the specified path prefix. You can paginate the results using the set_max_groups parameter.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Path prefix | Enter the path prefix for filtering the results. Example: "/division_abc/subdivision_xyz/" | Text | Optional | |
Set max groups to fetch | Enter the maximum user groups to return in the response. | Integer | Optional | Default value: 100 |
Example Request
[
{
"path_prefix": "/division_abc/subdivision_xyz/",
"set_max_groups": 10
}
]Action Response Parameters
Parameter | Type | Description |
|---|---|---|
Groups | Array | An array containing information about groups. |
Path | String | The path of the group. |
GroupName | String | The name of the group. |
GroupId | String | The ID of the group. |
Arn | String | The Amazon Resource Name (ARN) of the group. |
CreateDate | Datetime | The date when the group was created. |
IsTruncated | Boolean | Indicates whether the response is truncated. |
Marker | String | A marker to indicate where the next call should start. |
Action: List User Groups
The action lists all groups the IAM user belongs to.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Username | Enter the username to get all the groups the user belongs to. Example: "testuser" | Text | Required | |
Max items | Enter the maximum user groups to return in the response. The default value is 100. | Integer | Optional |
Example Request
[
{
"username": “testuser",
"max_items": 10
}
]Action Response Parameters
Parameter | Type | Response |
|---|---|---|
Groups | Array | An array containing information about the groups associated with the instance. |
Path | String | The path of the group. |
GroupName | String | The name of the group. |
GroupId | String | The ID of the group. |
Arn | String | The Amazon Resource Name (ARN) of the group. |
CreateDate | Datetime | The date and time when the group was created. |
IsTruncated | Boolean | Indicates whether the response is truncated. |
Marker | String | A token to specify where to start paginating. |
Action: Add User to Group
The action adds the specified user to a specific group.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Group name | Enter the group name to add user to. Example: "samplegroup1" | Text | Required | |
Username | Enter the user to add to the group. "testuser101" | Text | Required |
Example Request
[
{
"group_name": “samplegroup1",
"username": "testuser101"
}
]Action Response Parameters
Parameter | Type | Description |
|---|---|---|
ResponseMetadata | Object | Metadata about the response. |
RequestId | String | The ID of the request. |
Action: List Access Keys
The action returns information about the access key IDs associated with the specified IAM user. If there is none, the action returns an empty list.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Username | Enter the username to list all the access keys for that user. Example: "testuser" | Text | Required | |
Set max access keys to fetch | Enter the maximum access keys to return in the response. The default value is 100. | Integer | Optional |
Example Request
[
{
"username": “testuser”,
"set_max_access_keys": 10
}
]Action Response Parameters
Parameter | Type | Description |
|---|---|---|
AccessKeyMetadata | Array | An array containing metadata about access keys. |
UserName | String | The name of the user associated with the access key. |
AccessKeyId | String | The ID of the access key. |
Status | String | The status of the access key. Possible values: 'Active', 'Inactive'. |
CreateDate | Datetime | The date and time when the access key was created. |
IsTruncated | Boolean | Indicates whether the response is truncated (true) or not (false). |
Marker | String | If IsTruncated is true, this element contains the value to use for the Marker parameter in a subsequent pagination request. |
Action: Remove User from Group
This action removes the specified IAM user from a specific group.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Group name | Enter the group name to remove the user from. Example: "samplegroup1" | Text | Required | |
Username | Enter the user to be removed from group. Example: "testuser" | Text | Required |
Example Request
[
{
"group_name": “samplegroup1",
"username": "testuser"
}
]Action Response Parameters
Parameter | Type | Description |
|---|---|---|
RemoveUserFromGroupResponse | Object | The root element containing the response details. |
ResponseMetadata | Object | Metadata about the response. |
RequestId | String | The ID of the request. |
Action: List Policies
The action lists all the policies available in your AWS account.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Path prefix | Enter the path prefix for filtering the results. Example: "/division_abc/subdivision_xyz/" | Text | Optional | Default value: "/" |
Max items | Enter the maximum policies to return in the response. The default value is 100. | Integer | Optional | |
Scope | Enter the scope to use for filtering the results. If you set the scope as "all", all the associated policies are returned. If you set the scope as "aws", only the aws managed policies are returned. Example: "all" | Text | Optional | Allowed values:
Default value:
|
Only attached | Choose to either return list containing only the policies that are attached to an IAM user, group, or role. By default, False is selected. | Boolean | Optional | Allowed values:
|
Policy usage filter | Enter the policy usage filter. To list only permissions policies, set policyusagefilter to permissionspolicy. To list only the policies used to set permissions boundaries, set the value to permissionsboundary. | Text | Optional | Allowed values:
Default value: permissionspolicy |
Example Request
[
{
"path_prefix": "/division_abc/subdivision_xyz/",
"max_items": 10,
"scope": "all",
"only_attached": "false",
"policy_usage_filter": "permissionspolicy"
}
]Action Response Parameters
Parameter | Type | Description |
|---|---|---|
Policies | Array | An array containing policy details. |
PolicyName | String | The name of the policy. |
PolicyId | String | The ID of the policy. |
Arn | String | The Amazon Resource Name (ARN) of the policy. |
Path | String | The path to the policy. |
DefaultVersionId | String | The ID of the default version of the policy. |
AttachmentCount | Number | The number of entities (users, groups, and roles) that the policy is attached to. |
PermissionsBoundaryUsageCount | Number | The number of entities (users and roles) for which the policy is used to set the permissions boundary. |
IsAttachable | Boolean | Specifies whether the policy can be attached to an entity (user, group, or role). |
Description | String | The description of the policy. |
CreateDate | Datetime | The date and time when the policy was created. |
UpdateDate | Datetime | The date and time when the policy was last updated. |
Tags | Array | An array of tags associated with the policy. |
Key | String | The key of the tag. |
Value | String | The value of the tag. |
IsTruncated | Boolean | Specifies whether the response is truncated (i.e., if there are more items to retrieve). |
Marker | String | If IsTruncated is true, this element contains the value to use for the Marker parameter in a subsequent pagination request. |
Action: List Roles
The action lists all the roles that have specified path prefix. If there are none, the action returns an empty list.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Path prefix | The path prefix for filtering the results using paths. Example: "/division_abc/subdivision_xyz/" | Text | Optional | Default value: "/" |
Set max roles to fetch | Enter the maximum roles to return in the response. The default value is 100. | Integer | Optional |
Example Request
[
{
"path_prefix": "/division_abc/subdivision_xyz/",
"set_max_roles": 10
}
]Action Response Parameters
Parameter | Type | Description |
|---|---|---|
Roles | Array | A list of roles. |
Path | String | The path to the role. |
RoleName | String | The name of the role. |
RoleId | String | The ID of the role. |
Arn | String | The Amazon Resource Name (ARN) specifying the role. |
CreateDate | Datetime | The date and time when the role was created. |
AssumeRolePolicyDocument | String | The policy that grants an entity permission to assume the role. |
Description | String | A description of the role. |
MaxSessionDuration | Number | The maximum session duration (in seconds) for the role. |
PermissionsBoundary | Object | The permissions boundary for the role. |
PermissionsBoundaryType | String | The type of the permissions boundary. |
PermissionsBoundaryArn | String | The ARN of the permissions boundary. |
Tags | Array | A list of tags attached to the role. |
Key | String | The key of the tag. |
Value | String | The value of the tag. |
RoleLastUsed | Object | Information about the last time the role was used. |
LastUsedDate | Datetime | The date and time when the role was last used. |
Region | String | The region in which the role was last used. |
IsTruncated | Boolean | Indicates whether there are more items to return. |
Marker | String | Used for paginating results. |
Action: Get Role Information
The action retrieves details of the specified role name. This action returns the role's path, GUID, ARN, and the role's trust policy.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Role name | Enter the role to retrieve the role information. Example: "S3Access" | Text | Required |
Example Request
[
{
"role_name": "S3Access"
}
]Action Response Parameters
Parameter | Type | Description |
|---|---|---|
Path | String | The path to the role. |
RoleName | String | The name of the role. |
RoleId | String | The unique identifier for the role. |
Arn | String | The Amazon Resource Name (ARN) specifying the role. |
CreateDate | Datetime | The date and time, in ISO 8601 date-time format, when the role was created. |
AssumeRolePolicyDocument | String | The trust policy that grants an entity permission to assume the role. |
Description | String | A description of the role. |
MaxSessionDuration | Number | The maximum session duration (in seconds) for the role. |
PermissionsBoundary | Object | The policy that is used to set the permissions boundary for the role. |
PermissionsBoundaryType | String | The type of the permissions boundary. |
PermissionsBoundaryArn | String | The ARN of the policy used to set the permissions boundary. |
Tags | Array | An array of tags attached to the role. |
Key | String | The key of the tag. |
Value | String | The value of the tag. |
RoleLastUsed | Object | Contains information about the last time that the role was used. |
LastUsedDate | Datetime | The date and time, in ISO 8601 date-time format, when the role was last used. |
Region | String | The AWS region in which the role was last used. |
Action: Attach Group Policy
The action attaches a policy to a specific group.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Group name | Enter the name of the group to attach the policy to. Example: "samplegroup101" | Text | Required | |
Policy ARN | Enter the amazon resource name (arn) of the iam policy you want to attach. Example: "arn:aws:iam::123456789012:policy/example-policy" | Text | Required |
Example Request
[
{
"group_name": "samplegroup101",
"policy_arn": "arn:aws:iam::123456789012:policy/example-policy"
}
]Action Response Parameters
Parameter | Type | Description |
|---|---|---|
ResponseMetadata | Object | Metadata about the response received. |
RequestId | String | The unique identifier for the request. |
Action: Detach group policy
The action can be used to detach policy attached to a specific group.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Group name | The name of the group to detach the policy to. Example: "samplegroup101" | Text | Required | |
Policy arn | The amazon resource name (arn) of the iam policy you want to detach. Example: "arn:aws:iam::123456789012:policy/example-policy" | Text | Required |
Example Request
[
{
"group_name": "samplegroup101",
"policy_arn": "arn:aws:iam::123456789012:policy/example-policy"
}
]Action Response Parameters
Parameter | Type | Description |
|---|---|---|
DetachGroupPolicyResponse | Object | The response element for detaching a group policy. |
ResponseMetadata | Object | Metadata about the request, including the request ID. |
RequestId | String | The unique identifier for the request. |
Action: Delete access key
The action is used to delete access key pair associated with the specified IAM user.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Username | Enter username to delete the access key from. Example: "testuser" | Text | Required | |
Access key ID | Enter the access key ID you want to delete. Example: "972a2167c93df3372de3" | Text | Required | The Access Key ID can be retrieved using the List Access Keys action. |
Example Request
[
{
"username": “testuser”,
"access_key_id": "972a2167c93df3372de3"
}
]Action Response Parameters
Parameter | Type | Description |
|---|---|---|
DeleteAccessKeyResponse | Object | The root element of the XML response. |
ResponseMetadata | Object | Contains metadata about the response. |
RequestId | String | The unique identifier for the request. |