Amazon Web Services Amazon Web Services: IAM - Users

Summary

This module contains actions for viewing & managing IAM user accounts.

Actions

aws.iam.users.

add_to_group

Add an IAM user to a group.

Minimum Plugin Version: 3.0.0

Input
  • aws_client: an AWSClient dictionary

  • user_name: the name of the user

  • group_name: the name of the group

Output

Nothing is outputted by this action.

Example
1
2
3
4
5
- aws.iam.users.add_to_group:
    user_name: john.smith
    group_name: ec2_auditors
  load:
    aws_client: aws_secrets

aws.iam.users.

create

Create a new IAM user.

Minimum Plugin Version: 3.0.0

Input
  • aws_client: an AWSClient dictionary

  • user_name: the name of the user

  • path: an optional path for the user (defaults to /)

  • tags: an optional dictionary of tags for the user (defaults to empty)

Output

A single IAMUser dictionary.

Example
1
2
3
4
5
6
7
8
- aws.iam.users.create:
    user_name: john.smith
    tags:
      team: engineering
      office: london
  load:
    aws_client: aws_secrets
  save: new_user

aws.iam.users.

delete

Delete an IAM user.

This action also deletes the user's:

  • Access keys
  • Signing certificate
  • SSH public key
  • Git credentials
  • Multi-factor authentication (MFA) device
  • Inline policies
  • Attached managed policies

Minimum Plugin Version: 3.0.0

Virtual MFA Devices

This action will not deactivate any virtual MFA devices assigned to the user.

If the user has any virtual MFA devices assigned to them, this action may fail.

Input
  • aws_client: an AWSClient dictionary

  • user_name: the name of the user

Output

Nothing is outputted by this action.

Example
1
2
3
4
- aws.iam.users.delete:
    user_name: john.smith
  load:
    aws_client: aws_secrets

aws.iam.users.

exists

Check if a user with the supplied name exists.

Minimum Plugin Version: 3.1.0

Input
  • aws_client: an AWSClient dictionary

  • user_name: the name of the user

Output

Outputs true if the user exists, & false if not.

Example
1
2
3
4
5
- aws.iam.users.exists:
    user_name: john.smith
  load:
    aws_client: aws_secrets
  save: user_exists

aws.iam.users.

get_all

Get all users.

Minimum Plugin Version: 3.0.0

Input
Output

A list of IAMUser dictionaries.

Example
1
2
3
4
- aws.iam.users.get_all:
  load:
    aws_client: aws_secrets
  save: all_users

aws.iam.users.

get_by_name

Get the IAM user with the supplied name.

Minimum Plugin Version: 3.1.0

Input
  • aws_client: an AWSClient dictionary

  • user_name: the name of the user

Output

A single IAMUser dictionary.

Example
1
2
3
4
5
- aws.iam.users.get_by_name:
    user_name: john.smith
  load:
    aws_client: aws_secrets
  save: user

aws.iam.users.

groups_for_user

Get the groups the supplied user is in.

Minimum Plugin Version: 3.0.0

Input
  • aws_client: an AWSClient dictionary

  • user_name: the name of the user

Output

A list of IAMGroup dictionaries.

Example
1
2
3
4
5
- aws.iam.users.groups_for_user:
    user_name: john.smith
  load:
    aws_client: aws_secrets
  save: user_groups

aws.iam.users.

input_table

Display a list of users in a table, & allow the task operator to make a selection.

The table will have the following columns:

  • Name
  • ID
  • Created At

Minimum Plugin Version: 3.0.0

Input
  • text: the title of the table

  • users: a single or list of IAMUser dictionaries

  • minimum: The minimum number of acceptable selections

  • maximum: The maximum number of acceptable selections

Output

A list of User dictionaries.

Tip
  • If neither a minimum or maximum is provided, the task operator will be able to submit 0 selections.

  • If minimum or maximum are provided, the operation will repeat until a valid number of selections is made.

Example

Finding users with get_all, saving them as all_users, & waiting for a single selection:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
- aws.iam.users.get_all:
  load:
    aws_client: aws_secrets
  save: all_users

- aws.iam.users.input_table:
    text: Choose a user
    minimum: 1
    maximum: 1
  load:
    users: all_users
  save: selected_user

aws.iam.users.

output_table

Display a list of users in a table.

The table will have the following columns:

  • Name
  • ID
  • Created At

Minimum Plugin Version: 3.0.0

Input
  • text: the title of the table

  • users: a single or list of IAMUser dictionaries

Output

Nothing is outputted by this action.

Example
1
2
3
4
5
6
7
8
9
- aws.iam.users.get_all:
  load:
    aws_client: aws_secrets
  save: all_users

- aws.iam.users.output_table:
    text: All Users
  load:
    users: all_users

aws.iam.users.

remove_from_group

Remove an IAM user from a group.

Minimum Plugin Version: 3.0.0

Input
  • aws_client: an AWSClient dictionary

  • user_name: the name of the user

  • group_name: the name of the group

Output

Nothing is outputted by this action.

Example
1
2
3
4
5
- aws.iam.users.remove_from_group:
    user_name: john.smith
    group_name: ec2_auditors
  load:
    aws_client: aws_secrets

aws.iam.users.

set_password

Set the password for an IAM user.

Minimum Plugin Version: 3.0.0

Input
  • aws_client: an AWSClient dictionary

  • user_name: the name of the user

  • password: the password to set

  • reset_required: set to true to force a password change when the user logs on (defaults to false)

Output

Nothing is outputted by this action.

Example
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
- ppa.ui.input_password:
    text: New password
  save: new_password

- aws.iam.users.set_password:
    user_name: john.smith
    reset_required: true
  load:
    password: new_password
    aws_client: aws_secrets