|
23 | 23 | "CreateRole": "<p>Creates a new role for your Amazon Web Services account.</p> <p> For more information about roles, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html\">IAM roles</a> in the <i>IAM User Guide</i>. For information about quotas for role names and the number of roles you can create, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html\">IAM and STS quotas</a> in the <i>IAM User Guide</i>.</p>", |
24 | 24 | "CreateSAMLProvider": "<p>Creates an IAM resource that describes an identity provider (IdP) that supports SAML 2.0.</p> <p>The SAML provider resource that you create with this operation can be used as a principal in an IAM role's trust policy. Such a policy can enable federated users who sign in using the SAML IdP to assume the role. You can create an IAM role that supports Web-based single sign-on (SSO) to the Amazon Web Services Management Console or one that supports API access to Amazon Web Services.</p> <p>When you create the SAML provider resource, you upload a SAML metadata document that you get from your IdP. That document includes the issuer's name, expiration information, and keys that can be used to validate the SAML authentication response (assertions) that the IdP sends. You must generate the metadata document using the identity management software that is used as your organization's IdP.</p> <note> <p> This operation requires <a href=\"https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html\">Signature Version 4</a>.</p> </note> <p> For more information, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-saml.html\">Enabling SAML 2.0 federated users to access the Amazon Web Services Management Console</a> and <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html\">About SAML 2.0-based federation</a> in the <i>IAM User Guide</i>.</p>", |
25 | 25 | "CreateServiceLinkedRole": "<p>Creates an IAM role that is linked to a specific Amazon Web Services service. The service controls the attached policies and when the role can be deleted. This helps ensure that the service is not broken by an unexpectedly changed or deleted role, which could put your Amazon Web Services resources into an unknown state. Allowing the service to control the role helps improve service stability and proper cleanup when a service and its role are no longer needed. For more information, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/using-service-linked-roles.html\">Using service-linked roles</a> in the <i>IAM User Guide</i>. </p> <p>To attach a policy to this service-linked role, you must make the request using the Amazon Web Services service that depends on this role.</p>", |
26 | | - "CreateServiceSpecificCredential": "<p>Generates a set of credentials consisting of a user name and password that can be used to access the service specified in the request. These credentials are generated by IAM, and can be used only for the specified service. </p> <p>You can have a maximum of two sets of service-specific credentials for each supported service per user.</p> <p>You can create service-specific credentials for Amazon Bedrock, CodeCommit and Amazon Keyspaces (for Apache Cassandra).</p> <p>You can reset the password to a new service-generated value by calling <a href=\"https://docs.aws.amazon.com/IAM/latest/APIReference/API_ResetServiceSpecificCredential.html\">ResetServiceSpecificCredential</a>.</p> <p>For more information about service-specific credentials, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_bedrock.html\">Service-specific credentials for IAM users</a> in the <i>IAM User Guide</i>.</p>", |
| 26 | + "CreateServiceSpecificCredential": "<p>Generates a set of credentials consisting of a user name and password that can be used to access the service specified in the request. These credentials are generated by IAM, and can be used only for the specified service. </p> <p>You can have a maximum of two sets of service-specific credentials for each supported service per user.</p> <p>You can create service-specific credentials for Amazon Bedrock, Amazon CloudWatch Logs, CodeCommit and Amazon Keyspaces (for Apache Cassandra).</p> <p>You can reset the password to a new service-generated value by calling <a href=\"https://docs.aws.amazon.com/IAM/latest/APIReference/API_ResetServiceSpecificCredential.html\">ResetServiceSpecificCredential</a>.</p> <p>For more information about service-specific credentials, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_bedrock.html\">Service-specific credentials for IAM users</a> in the <i>IAM User Guide</i>.</p>", |
27 | 27 | "CreateUser": "<p>Creates a new IAM user for your Amazon Web Services account.</p> <p> For information about quotas for the number of IAM users you can create, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html\">IAM and STS quotas</a> in the <i>IAM User Guide</i>.</p>", |
28 | 28 | "CreateVirtualMFADevice": "<p>Creates a new virtual MFA device for the Amazon Web Services account. After creating the virtual MFA, use <a href=\"https://docs.aws.amazon.com/IAM/latest/APIReference/API_EnableMFADevice.html\">EnableMFADevice</a> to attach the MFA device to an IAM user. For more information about creating and working with virtual MFA devices, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_VirtualMFA.html\">Using a virtual MFA device</a> in the <i>IAM User Guide</i>.</p> <p>For information about the maximum number of MFA devices you can create, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html\">IAM and STS quotas</a> in the <i>IAM User Guide</i>.</p> <important> <p>The seed information contained in the QR code and the Base32 string should be treated like any other secret access information. In other words, protect the seed information as you would your Amazon Web Services access keys or your passwords. After you provision your virtual device, you should ensure that the information is destroyed following secure procedures.</p> </important>", |
29 | 29 | "DeactivateMFADevice": "<p>Deactivates the specified MFA device and removes it from association with the user name for which it was originally enabled.</p> <p>For more information about creating and working with virtual MFA devices, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_VirtualMFA.html\">Enabling a virtual multi-factor authentication (MFA) device</a> in the <i>IAM User Guide</i>.</p>", |
|
2432 | 2432 | "credentialAgeDays": { |
2433 | 2433 | "base": null, |
2434 | 2434 | "refs": { |
2435 | | - "CreateServiceSpecificCredentialRequest$CredentialAgeDays": "<p>The number of days until the service specific credential expires. This field is only valid for Bedrock API keys and must be a positive integer. When not specified, the credential will not expire.</p>" |
| 2435 | + "CreateServiceSpecificCredentialRequest$CredentialAgeDays": "<p>The number of days until the service specific credential expires. This field is only valid for Bedrock and CloudWatch Logs API keys and must be a positive integer. When not specified, the credential will not expire.</p>" |
2436 | 2436 | } |
2437 | 2437 | }, |
2438 | 2438 | "credentialReportExpiredExceptionMessage": { |
|
2466 | 2466 | "AccessKey$CreateDate": "<p>The date when the access key was created.</p>", |
2467 | 2467 | "AccessKeyLastUsed$LastUsedDate": "<p>The date and time, in <a href=\"http://www.iso.org/iso/iso8601\">ISO 8601 date-time format</a>, when the access key was most recently used. This field is null in the following situations:</p> <ul> <li> <p>The user does not have an access key.</p> </li> <li> <p>An access key exists but has not been used since IAM began tracking this information.</p> </li> <li> <p>There is no sign-in data associated with the user.</p> </li> </ul>", |
2468 | 2468 | "AccessKeyMetadata$CreateDate": "<p>The date when the access key was created.</p>", |
2469 | | - "DelegationRequest$ExpirationTime": "<p>The expiry time of this delegation request</p> <p>See the <a href=\"IAM/latest/UserGuide/temporary-delegation-building-integration.html#temporary-delegation-request-lifecycle\">Understanding the Request Lifecycle</a> for details on the life time of a delegation request at each state.</p>", |
| 2469 | + "DelegationRequest$ExpirationTime": "<p>The expiry time of this delegation request</p> <p>See the <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/temporary-delegation-building-integration.html#temporary-delegation-request-lifecycle\">Understanding the Request Lifecycle</a> for details on the life time of a delegation request at each state.</p>", |
2470 | 2470 | "DelegationRequest$CreateDate": "<p>Creation date (timestamp) of this delegation request.</p>", |
2471 | 2471 | "DelegationRequest$UpdatedTime": "<p>Last updated timestamp of the request.</p>", |
2472 | 2472 | "EntityDetails$LastAuthenticated": "<p>The date and time, in <a href=\"http://www.iso.org/iso/iso8601\">ISO 8601 date-time format</a>, when the authenticated entity last attempted to access Amazon Web Services. Amazon Web Services does not report unauthenticated requests.</p> <p>This field is null if no IAM entities attempted to access the service within the <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period\">tracking period</a>.</p>", |
|
2503 | 2503 | "ServerCertificateMetadata$Expiration": "<p>The date on which the certificate is set to expire.</p>", |
2504 | 2504 | "ServiceLastAccessed$LastAuthenticated": "<p>The date and time, in <a href=\"http://www.iso.org/iso/iso8601\">ISO 8601 date-time format</a>, when an authenticated entity most recently attempted to access the service. Amazon Web Services does not report unauthenticated requests.</p> <p>This field is null if no IAM entities attempted to access the service within the <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period\">tracking period</a>.</p>", |
2505 | 2505 | "ServiceSpecificCredential$CreateDate": "<p>The date and time, in <a href=\"http://www.iso.org/iso/iso8601\">ISO 8601 date-time format</a>, when the service-specific credential were created.</p>", |
2506 | | - "ServiceSpecificCredential$ExpirationDate": "<p>The date and time when the service specific credential expires. This field is only present for Bedrock API keys that were created with an expiration period.</p>", |
| 2506 | + "ServiceSpecificCredential$ExpirationDate": "<p>The date and time when the service specific credential expires. This field is only present for Bedrock API keys and CloudWatch Logs API keys that were created with an expiration period.</p>", |
2507 | 2507 | "ServiceSpecificCredentialMetadata$CreateDate": "<p>The date and time, in <a href=\"http://www.iso.org/iso/iso8601\">ISO 8601 date-time format</a>, when the service-specific credential were created.</p>", |
2508 | | - "ServiceSpecificCredentialMetadata$ExpirationDate": "<p>The date and time when the service specific credential expires. This field is only present for Bedrock API keys that were created with an expiration period.</p>", |
| 2508 | + "ServiceSpecificCredentialMetadata$ExpirationDate": "<p>The date and time when the service specific credential expires. This field is only present for Bedrock API keys and CloudWatch Logs API keys that were created with an expiration period.</p>", |
2509 | 2509 | "SigningCertificate$UploadDate": "<p>The date when the signing certificate was uploaded.</p>", |
2510 | 2510 | "TrackedActionLastAccessed$LastAccessedTime": "<p>The date and time, in <a href=\"http://www.iso.org/iso/iso8601\">ISO 8601 date-time format</a>, when an authenticated entity most recently attempted to access the tracked service. Amazon Web Services does not report unauthenticated requests.</p> <p>This field is null if no IAM entities attempted to access the service within the <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period\">tracking period</a>.</p>", |
2511 | 2511 | "User$CreateDate": "<p>The date and time, in <a href=\"http://www.iso.org/iso/iso8601\">ISO 8601 date-time format</a>, when the user was created.</p>", |
|
3394 | 3394 | "rolePermissionRestrictionArnListType": { |
3395 | 3395 | "base": null, |
3396 | 3396 | "refs": { |
3397 | | - "DelegationRequest$RolePermissionRestrictionArns": "<p>If the <code>PermissionPolicy</code> includes role creation permissions, this element will include the list of permissions boundary policies associated with the role creation. See <a href=\"IAM/latest/UserGuide/access_policies_boundaries.html\">Permissions boundaries for IAM entities</a> for more details about IAM permission boundaries. </p>" |
| 3397 | + "DelegationRequest$RolePermissionRestrictionArns": "<p>If the <code>PermissionPolicy</code> includes role creation permissions, this element will include the list of permissions boundary policies associated with the role creation. See <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html\">Permissions boundaries for IAM entities</a> for more details about IAM permission boundaries. </p>" |
3398 | 3398 | } |
3399 | 3399 | }, |
3400 | 3400 | "serialNumberType": { |
|
3436 | 3436 | "serviceCredentialAlias": { |
3437 | 3437 | "base": null, |
3438 | 3438 | "refs": { |
3439 | | - "ServiceSpecificCredential$ServiceCredentialAlias": "<p>For Bedrock API keys, this is the public portion of the credential that includes the IAM user name and a suffix containing version and creation information.</p>", |
3440 | | - "ServiceSpecificCredentialMetadata$ServiceCredentialAlias": "<p>For Bedrock API keys, this is the public portion of the credential that includes the IAM user name and a suffix containing version and creation information.</p>" |
| 3439 | + "ServiceSpecificCredential$ServiceCredentialAlias": "<p>For Bedrock API keys and CloudWatch Logs API keys, this is the public portion of the credential that includes the IAM user name and a suffix containing version and creation information.</p>", |
| 3440 | + "ServiceSpecificCredentialMetadata$ServiceCredentialAlias": "<p>For Bedrock API keys and CloudWatch Logs API keys, this is the public portion of the credential that includes the IAM user name and a suffix containing version and creation information.</p>" |
3441 | 3441 | } |
3442 | 3442 | }, |
3443 | 3443 | "serviceCredentialSecret": { |
3444 | 3444 | "base": null, |
3445 | 3445 | "refs": { |
3446 | | - "ServiceSpecificCredential$ServiceCredentialSecret": "<p>For Bedrock API keys, this is the secret portion of the credential that should be used to authenticate API calls. This value is returned only when the credential is created.</p>" |
| 3446 | + "ServiceSpecificCredential$ServiceCredentialSecret": "<p>For Bedrock API keys and CloudWatch Logs API keys, this is the secret portion of the credential that should be used to authenticate API calls. This value is returned only when the credential is created.</p>" |
3447 | 3447 | } |
3448 | 3448 | }, |
3449 | 3449 | "serviceFailureExceptionMessage": { |
|
3529 | 3529 | "stateType": { |
3530 | 3530 | "base": null, |
3531 | 3531 | "refs": { |
3532 | | - "DelegationRequest$State": "<p>The state of this delegation request.</p> <p>See the <a href=\"IAM/latest/UserGuide/temporary-delegation-building-integration.html#temporary-delegation-request-lifecycle\">Understanding the Request Lifecycle</a> for an explanation of how these states are transitioned.</p>" |
| 3532 | + "DelegationRequest$State": "<p>The state of this delegation request.</p> <p>See the <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/temporary-delegation-building-integration.html#temporary-delegation-request-lifecycle\">Understanding the Request Lifecycle</a> for an explanation of how these states are transitioned. </p>" |
3533 | 3533 | } |
3534 | 3534 | }, |
3535 | 3535 | "statusType": { |
|
0 commit comments