| Copyright | (c) 2013-2021 Brendan Hay |
|---|---|
| License | Mozilla Public License, v. 2.0. |
| Maintainer | Brendan Hay <brendan.g.hay+amazonka@gmail.com> |
| Stability | auto-generated |
| Portability | non-portable (GHC extensions) |
| Safe Haskell | None |
Amazonka.IAM.Types
Contents
- Service Configuration
- Errors
- AccessAdvisorUsageGranularityType
- AssignmentStatusType
- ContextKeyTypeEnum
- DeletionTaskStatusType
- EncodingType
- EntityType
- GlobalEndpointTokenVersion
- JobStatusType
- PermissionsBoundaryAttachmentType
- PolicyEvaluationDecisionType
- PolicyOwnerEntityType
- PolicyScopeType
- PolicySourceType
- PolicyType
- PolicyUsageType
- ReportFormatType
- ReportStateType
- SortKeyType
- StatusType
- SummaryKeyType
- AccessDetail
- AccessKeyInfo
- AccessKeyLastUsed
- AccessKeyMetadata
- AttachedPermissionsBoundary
- AttachedPolicy
- ContextEntry
- DeletionTaskFailureReasonType
- EntityDetails
- EntityInfo
- ErrorDetails
- EvaluationResult
- GetContextKeysForPolicyResponse
- Group
- GroupDetail
- InstanceProfile
- ListPoliciesGrantingServiceAccessEntry
- LoginProfile
- MFADevice
- ManagedPolicyDetail
- OpenIDConnectProviderListEntry
- OrganizationsDecisionDetail
- PasswordPolicy
- PermissionsBoundaryDecisionDetail
- Policy
- PolicyDetail
- PolicyGrantingServiceAccess
- PolicyGroup
- PolicyRole
- PolicyUser
- PolicyVersion
- Position
- ResourceSpecificResult
- Role
- RoleDetail
- RoleLastUsed
- RoleUsageType
- SAMLProviderListEntry
- SSHPublicKey
- SSHPublicKeyMetadata
- ServerCertificate
- ServerCertificateMetadata
- ServiceLastAccessed
- ServiceSpecificCredential
- ServiceSpecificCredentialMetadata
- SigningCertificate
- SimulatePolicyResponse
- Statement
- Tag
- TrackedActionLastAccessed
- User
- UserDetail
- VirtualMFADevice
Description
Synopsis
- defaultService :: Service
- _CredentialReportNotPresentException :: AsError a => Getting (First ServiceError) a ServiceError
- _CredentialReportNotReadyException :: AsError a => Getting (First ServiceError) a ServiceError
- _MalformedPolicyDocumentException :: AsError a => Getting (First ServiceError) a ServiceError
- _EntityAlreadyExistsException :: AsError a => Getting (First ServiceError) a ServiceError
- _MalformedCertificateException :: AsError a => Getting (First ServiceError) a ServiceError
- _CredentialReportExpiredException :: AsError a => Getting (First ServiceError) a ServiceError
- _UnmodifiableEntityException :: AsError a => Getting (First ServiceError) a ServiceError
- _DuplicateCertificateException :: AsError a => Getting (First ServiceError) a ServiceError
- _DeleteConflictException :: AsError a => Getting (First ServiceError) a ServiceError
- _NoSuchEntityException :: AsError a => Getting (First ServiceError) a ServiceError
- _InvalidCertificateException :: AsError a => Getting (First ServiceError) a ServiceError
- _PolicyNotAttachableException :: AsError a => Getting (First ServiceError) a ServiceError
- _ServiceNotSupportedException :: AsError a => Getting (First ServiceError) a ServiceError
- _UnrecognizedPublicKeyEncodingException :: AsError a => Getting (First ServiceError) a ServiceError
- _ReportGenerationLimitExceededException :: AsError a => Getting (First ServiceError) a ServiceError
- _InvalidUserTypeException :: AsError a => Getting (First ServiceError) a ServiceError
- _ServiceFailureException :: AsError a => Getting (First ServiceError) a ServiceError
- _ConcurrentModificationException :: AsError a => Getting (First ServiceError) a ServiceError
- _InvalidInputException :: AsError a => Getting (First ServiceError) a ServiceError
- _InvalidPublicKeyException :: AsError a => Getting (First ServiceError) a ServiceError
- _InvalidAuthenticationCodeException :: AsError a => Getting (First ServiceError) a ServiceError
- _EntityTemporarilyUnmodifiableException :: AsError a => Getting (First ServiceError) a ServiceError
- _DuplicateSSHPublicKeyException :: AsError a => Getting (First ServiceError) a ServiceError
- _KeyPairMismatchException :: AsError a => Getting (First ServiceError) a ServiceError
- _PolicyEvaluationException :: AsError a => Getting (First ServiceError) a ServiceError
- _PasswordPolicyViolationException :: AsError a => Getting (First ServiceError) a ServiceError
- _LimitExceededException :: AsError a => Getting (First ServiceError) a ServiceError
- newtype AccessAdvisorUsageGranularityType where
- newtype AssignmentStatusType where
- newtype ContextKeyTypeEnum where
- ContextKeyTypeEnum' { }
- pattern ContextKeyTypeEnum_Binary :: ContextKeyTypeEnum
- pattern ContextKeyTypeEnum_BinaryList :: ContextKeyTypeEnum
- pattern ContextKeyTypeEnum_Boolean :: ContextKeyTypeEnum
- pattern ContextKeyTypeEnum_BooleanList :: ContextKeyTypeEnum
- pattern ContextKeyTypeEnum_Date :: ContextKeyTypeEnum
- pattern ContextKeyTypeEnum_DateList :: ContextKeyTypeEnum
- pattern ContextKeyTypeEnum_Ip :: ContextKeyTypeEnum
- pattern ContextKeyTypeEnum_IpList :: ContextKeyTypeEnum
- pattern ContextKeyTypeEnum_Numeric :: ContextKeyTypeEnum
- pattern ContextKeyTypeEnum_NumericList :: ContextKeyTypeEnum
- pattern ContextKeyTypeEnum_String :: ContextKeyTypeEnum
- pattern ContextKeyTypeEnum_StringList :: ContextKeyTypeEnum
- newtype DeletionTaskStatusType where
- newtype EncodingType where
- EncodingType' { }
- pattern EncodingType_PEM :: EncodingType
- pattern EncodingType_SSH :: EncodingType
- newtype EntityType where
- EntityType' { }
- pattern EntityType_AWSManagedPolicy :: EntityType
- pattern EntityType_Group :: EntityType
- pattern EntityType_LocalManagedPolicy :: EntityType
- pattern EntityType_Role :: EntityType
- pattern EntityType_User :: EntityType
- newtype GlobalEndpointTokenVersion where
- newtype JobStatusType where
- JobStatusType' { }
- pattern JobStatusType_COMPLETED :: JobStatusType
- pattern JobStatusType_FAILED :: JobStatusType
- pattern JobStatusType_IN_PROGRESS :: JobStatusType
- newtype PermissionsBoundaryAttachmentType where
- newtype PolicyEvaluationDecisionType where
- newtype PolicyOwnerEntityType where
- newtype PolicyScopeType where
- PolicyScopeType' { }
- pattern PolicyScopeType_AWS :: PolicyScopeType
- pattern PolicyScopeType_All :: PolicyScopeType
- pattern PolicyScopeType_Local :: PolicyScopeType
- newtype PolicySourceType where
- PolicySourceType' { }
- pattern PolicySourceType_Aws_managed :: PolicySourceType
- pattern PolicySourceType_Group :: PolicySourceType
- pattern PolicySourceType_None :: PolicySourceType
- pattern PolicySourceType_Resource :: PolicySourceType
- pattern PolicySourceType_Role :: PolicySourceType
- pattern PolicySourceType_User :: PolicySourceType
- pattern PolicySourceType_User_managed :: PolicySourceType
- newtype PolicyType where
- PolicyType' { }
- pattern PolicyType_INLINE :: PolicyType
- pattern PolicyType_MANAGED :: PolicyType
- newtype PolicyUsageType where
- newtype ReportFormatType where
- ReportFormatType' { }
- pattern ReportFormatType_Text_csv :: ReportFormatType
- newtype ReportStateType where
- ReportStateType' { }
- pattern ReportStateType_COMPLETE :: ReportStateType
- pattern ReportStateType_INPROGRESS :: ReportStateType
- pattern ReportStateType_STARTED :: ReportStateType
- newtype SortKeyType where
- newtype StatusType where
- StatusType' { }
- pattern StatusType_Active :: StatusType
- pattern StatusType_Inactive :: StatusType
- newtype SummaryKeyType where
- SummaryKeyType' { }
- pattern SummaryKeyType_AccessKeysPerUserQuota :: SummaryKeyType
- pattern SummaryKeyType_AccountAccessKeysPresent :: SummaryKeyType
- pattern SummaryKeyType_AccountMFAEnabled :: SummaryKeyType
- pattern SummaryKeyType_AccountSigningCertificatesPresent :: SummaryKeyType
- pattern SummaryKeyType_AttachedPoliciesPerGroupQuota :: SummaryKeyType
- pattern SummaryKeyType_AttachedPoliciesPerRoleQuota :: SummaryKeyType
- pattern SummaryKeyType_AttachedPoliciesPerUserQuota :: SummaryKeyType
- pattern SummaryKeyType_GlobalEndpointTokenVersion :: SummaryKeyType
- pattern SummaryKeyType_GroupPolicySizeQuota :: SummaryKeyType
- pattern SummaryKeyType_Groups :: SummaryKeyType
- pattern SummaryKeyType_GroupsPerUserQuota :: SummaryKeyType
- pattern SummaryKeyType_GroupsQuota :: SummaryKeyType
- pattern SummaryKeyType_MFADevices :: SummaryKeyType
- pattern SummaryKeyType_MFADevicesInUse :: SummaryKeyType
- pattern SummaryKeyType_Policies :: SummaryKeyType
- pattern SummaryKeyType_PoliciesQuota :: SummaryKeyType
- pattern SummaryKeyType_PolicySizeQuota :: SummaryKeyType
- pattern SummaryKeyType_PolicyVersionsInUse :: SummaryKeyType
- pattern SummaryKeyType_PolicyVersionsInUseQuota :: SummaryKeyType
- pattern SummaryKeyType_ServerCertificates :: SummaryKeyType
- pattern SummaryKeyType_ServerCertificatesQuota :: SummaryKeyType
- pattern SummaryKeyType_SigningCertificatesPerUserQuota :: SummaryKeyType
- pattern SummaryKeyType_UserPolicySizeQuota :: SummaryKeyType
- pattern SummaryKeyType_Users :: SummaryKeyType
- pattern SummaryKeyType_UsersQuota :: SummaryKeyType
- pattern SummaryKeyType_VersionsPerPolicyQuota :: SummaryKeyType
- data AccessDetail = AccessDetail' {}
- newAccessDetail :: Text -> Text -> AccessDetail
- accessDetail_entityPath :: Lens' AccessDetail (Maybe Text)
- accessDetail_region :: Lens' AccessDetail (Maybe Text)
- accessDetail_lastAuthenticatedTime :: Lens' AccessDetail (Maybe UTCTime)
- accessDetail_totalAuthenticatedEntities :: Lens' AccessDetail (Maybe Int)
- accessDetail_serviceName :: Lens' AccessDetail Text
- accessDetail_serviceNamespace :: Lens' AccessDetail Text
- data AccessKeyInfo = AccessKeyInfo' {}
- newAccessKeyInfo :: Text -> AccessKey -> StatusType -> Text -> AccessKeyInfo
- accessKeyInfo_createDate :: Lens' AccessKeyInfo (Maybe UTCTime)
- accessKeyInfo_userName :: Lens' AccessKeyInfo Text
- accessKeyInfo_accessKeyId :: Lens' AccessKeyInfo AccessKey
- accessKeyInfo_status :: Lens' AccessKeyInfo StatusType
- accessKeyInfo_secretAccessKey :: Lens' AccessKeyInfo Text
- data AccessKeyLastUsed = AccessKeyLastUsed' {
- lastUsedDate :: ISO8601
- serviceName :: Text
- region :: Text
- newAccessKeyLastUsed :: UTCTime -> Text -> Text -> AccessKeyLastUsed
- accessKeyLastUsed_lastUsedDate :: Lens' AccessKeyLastUsed UTCTime
- accessKeyLastUsed_serviceName :: Lens' AccessKeyLastUsed Text
- accessKeyLastUsed_region :: Lens' AccessKeyLastUsed Text
- data AccessKeyMetadata = AccessKeyMetadata' {}
- newAccessKeyMetadata :: AccessKeyMetadata
- accessKeyMetadata_status :: Lens' AccessKeyMetadata (Maybe StatusType)
- accessKeyMetadata_createDate :: Lens' AccessKeyMetadata (Maybe UTCTime)
- accessKeyMetadata_userName :: Lens' AccessKeyMetadata (Maybe Text)
- accessKeyMetadata_accessKeyId :: Lens' AccessKeyMetadata (Maybe AccessKey)
- data AttachedPermissionsBoundary = AttachedPermissionsBoundary' {}
- newAttachedPermissionsBoundary :: AttachedPermissionsBoundary
- attachedPermissionsBoundary_permissionsBoundaryType :: Lens' AttachedPermissionsBoundary (Maybe PermissionsBoundaryAttachmentType)
- attachedPermissionsBoundary_permissionsBoundaryArn :: Lens' AttachedPermissionsBoundary (Maybe Text)
- data AttachedPolicy = AttachedPolicy' {}
- newAttachedPolicy :: AttachedPolicy
- attachedPolicy_policyName :: Lens' AttachedPolicy (Maybe Text)
- attachedPolicy_policyArn :: Lens' AttachedPolicy (Maybe Text)
- data ContextEntry = ContextEntry' {}
- newContextEntry :: ContextEntry
- contextEntry_contextKeyValues :: Lens' ContextEntry (Maybe [Text])
- contextEntry_contextKeyName :: Lens' ContextEntry (Maybe Text)
- contextEntry_contextKeyType :: Lens' ContextEntry (Maybe ContextKeyTypeEnum)
- data DeletionTaskFailureReasonType = DeletionTaskFailureReasonType' {
- roleUsageList :: Maybe [RoleUsageType]
- reason :: Maybe Text
- newDeletionTaskFailureReasonType :: DeletionTaskFailureReasonType
- deletionTaskFailureReasonType_roleUsageList :: Lens' DeletionTaskFailureReasonType (Maybe [RoleUsageType])
- deletionTaskFailureReasonType_reason :: Lens' DeletionTaskFailureReasonType (Maybe Text)
- data EntityDetails = EntityDetails' {}
- newEntityDetails :: EntityInfo -> EntityDetails
- entityDetails_lastAuthenticated :: Lens' EntityDetails (Maybe UTCTime)
- entityDetails_entityInfo :: Lens' EntityDetails EntityInfo
- data EntityInfo = EntityInfo' {}
- newEntityInfo :: Text -> Text -> PolicyOwnerEntityType -> Text -> EntityInfo
- entityInfo_path :: Lens' EntityInfo (Maybe Text)
- entityInfo_arn :: Lens' EntityInfo Text
- entityInfo_name :: Lens' EntityInfo Text
- entityInfo_type :: Lens' EntityInfo PolicyOwnerEntityType
- entityInfo_id :: Lens' EntityInfo Text
- data ErrorDetails = ErrorDetails' {}
- newErrorDetails :: Text -> Text -> ErrorDetails
- errorDetails_message :: Lens' ErrorDetails Text
- errorDetails_code :: Lens' ErrorDetails Text
- data EvaluationResult = EvaluationResult' {
- matchedStatements :: Maybe [Statement]
- evalDecisionDetails :: Maybe (HashMap Text PolicyEvaluationDecisionType)
- resourceSpecificResults :: Maybe [ResourceSpecificResult]
- evalResourceName :: Maybe Text
- missingContextValues :: Maybe [Text]
- permissionsBoundaryDecisionDetail :: Maybe PermissionsBoundaryDecisionDetail
- organizationsDecisionDetail :: Maybe OrganizationsDecisionDetail
- evalActionName :: Text
- evalDecision :: PolicyEvaluationDecisionType
- newEvaluationResult :: Text -> PolicyEvaluationDecisionType -> EvaluationResult
- evaluationResult_matchedStatements :: Lens' EvaluationResult (Maybe [Statement])
- evaluationResult_evalDecisionDetails :: Lens' EvaluationResult (Maybe (HashMap Text PolicyEvaluationDecisionType))
- evaluationResult_resourceSpecificResults :: Lens' EvaluationResult (Maybe [ResourceSpecificResult])
- evaluationResult_evalResourceName :: Lens' EvaluationResult (Maybe Text)
- evaluationResult_missingContextValues :: Lens' EvaluationResult (Maybe [Text])
- evaluationResult_permissionsBoundaryDecisionDetail :: Lens' EvaluationResult (Maybe PermissionsBoundaryDecisionDetail)
- evaluationResult_organizationsDecisionDetail :: Lens' EvaluationResult (Maybe OrganizationsDecisionDetail)
- evaluationResult_evalActionName :: Lens' EvaluationResult Text
- evaluationResult_evalDecision :: Lens' EvaluationResult PolicyEvaluationDecisionType
- data GetContextKeysForPolicyResponse = GetContextKeysForPolicyResponse' {
- contextKeyNames :: Maybe [Text]
- newGetContextKeysForPolicyResponse :: GetContextKeysForPolicyResponse
- getContextKeysForPolicyResponse_contextKeyNames :: Lens' GetContextKeysForPolicyResponse (Maybe [Text])
- data Group = Group' {}
- newGroup :: Text -> Text -> Text -> Text -> UTCTime -> Group
- group_path :: Lens' Group Text
- group_groupName :: Lens' Group Text
- group_groupId :: Lens' Group Text
- group_arn :: Lens' Group Text
- group_createDate :: Lens' Group UTCTime
- data GroupDetail = GroupDetail' {
- arn :: Maybe Text
- path :: Maybe Text
- createDate :: Maybe ISO8601
- groupId :: Maybe Text
- groupPolicyList :: Maybe [PolicyDetail]
- groupName :: Maybe Text
- attachedManagedPolicies :: Maybe [AttachedPolicy]
- newGroupDetail :: GroupDetail
- groupDetail_arn :: Lens' GroupDetail (Maybe Text)
- groupDetail_path :: Lens' GroupDetail (Maybe Text)
- groupDetail_createDate :: Lens' GroupDetail (Maybe UTCTime)
- groupDetail_groupId :: Lens' GroupDetail (Maybe Text)
- groupDetail_groupPolicyList :: Lens' GroupDetail (Maybe [PolicyDetail])
- groupDetail_groupName :: Lens' GroupDetail (Maybe Text)
- groupDetail_attachedManagedPolicies :: Lens' GroupDetail (Maybe [AttachedPolicy])
- data InstanceProfile = InstanceProfile' {
- tags :: Maybe [Tag]
- path :: Text
- instanceProfileName :: Text
- instanceProfileId :: Text
- arn :: Text
- createDate :: ISO8601
- roles :: [Role]
- newInstanceProfile :: Text -> Text -> Text -> Text -> UTCTime -> InstanceProfile
- instanceProfile_tags :: Lens' InstanceProfile (Maybe [Tag])
- instanceProfile_path :: Lens' InstanceProfile Text
- instanceProfile_instanceProfileName :: Lens' InstanceProfile Text
- instanceProfile_instanceProfileId :: Lens' InstanceProfile Text
- instanceProfile_arn :: Lens' InstanceProfile Text
- instanceProfile_createDate :: Lens' InstanceProfile UTCTime
- instanceProfile_roles :: Lens' InstanceProfile [Role]
- data ListPoliciesGrantingServiceAccessEntry = ListPoliciesGrantingServiceAccessEntry' {}
- newListPoliciesGrantingServiceAccessEntry :: ListPoliciesGrantingServiceAccessEntry
- listPoliciesGrantingServiceAccessEntry_serviceNamespace :: Lens' ListPoliciesGrantingServiceAccessEntry (Maybe Text)
- listPoliciesGrantingServiceAccessEntry_policies :: Lens' ListPoliciesGrantingServiceAccessEntry (Maybe [PolicyGrantingServiceAccess])
- data LoginProfile = LoginProfile' {}
- newLoginProfile :: Text -> UTCTime -> LoginProfile
- loginProfile_passwordResetRequired :: Lens' LoginProfile (Maybe Bool)
- loginProfile_userName :: Lens' LoginProfile Text
- loginProfile_createDate :: Lens' LoginProfile UTCTime
- data MFADevice = MFADevice' {
- userName :: Text
- serialNumber :: Text
- enableDate :: ISO8601
- newMFADevice :: Text -> Text -> UTCTime -> MFADevice
- mfaDevice_userName :: Lens' MFADevice Text
- mfaDevice_serialNumber :: Lens' MFADevice Text
- mfaDevice_enableDate :: Lens' MFADevice UTCTime
- data ManagedPolicyDetail = ManagedPolicyDetail' {
- policyName :: Maybe Text
- arn :: Maybe Text
- updateDate :: Maybe ISO8601
- policyId :: Maybe Text
- path :: Maybe Text
- policyVersionList :: Maybe [PolicyVersion]
- createDate :: Maybe ISO8601
- isAttachable :: Maybe Bool
- permissionsBoundaryUsageCount :: Maybe Int
- defaultVersionId :: Maybe Text
- attachmentCount :: Maybe Int
- description :: Maybe Text
- newManagedPolicyDetail :: ManagedPolicyDetail
- managedPolicyDetail_policyName :: Lens' ManagedPolicyDetail (Maybe Text)
- managedPolicyDetail_arn :: Lens' ManagedPolicyDetail (Maybe Text)
- managedPolicyDetail_updateDate :: Lens' ManagedPolicyDetail (Maybe UTCTime)
- managedPolicyDetail_policyId :: Lens' ManagedPolicyDetail (Maybe Text)
- managedPolicyDetail_path :: Lens' ManagedPolicyDetail (Maybe Text)
- managedPolicyDetail_policyVersionList :: Lens' ManagedPolicyDetail (Maybe [PolicyVersion])
- managedPolicyDetail_createDate :: Lens' ManagedPolicyDetail (Maybe UTCTime)
- managedPolicyDetail_isAttachable :: Lens' ManagedPolicyDetail (Maybe Bool)
- managedPolicyDetail_permissionsBoundaryUsageCount :: Lens' ManagedPolicyDetail (Maybe Int)
- managedPolicyDetail_defaultVersionId :: Lens' ManagedPolicyDetail (Maybe Text)
- managedPolicyDetail_attachmentCount :: Lens' ManagedPolicyDetail (Maybe Int)
- managedPolicyDetail_description :: Lens' ManagedPolicyDetail (Maybe Text)
- data OpenIDConnectProviderListEntry = OpenIDConnectProviderListEntry' {}
- newOpenIDConnectProviderListEntry :: OpenIDConnectProviderListEntry
- openIDConnectProviderListEntry_arn :: Lens' OpenIDConnectProviderListEntry (Maybe Text)
- data OrganizationsDecisionDetail = OrganizationsDecisionDetail' {}
- newOrganizationsDecisionDetail :: OrganizationsDecisionDetail
- organizationsDecisionDetail_allowedByOrganizations :: Lens' OrganizationsDecisionDetail (Maybe Bool)
- data PasswordPolicy = PasswordPolicy' {
- expirePasswords :: Maybe Bool
- minimumPasswordLength :: Maybe Natural
- requireNumbers :: Maybe Bool
- passwordReusePrevention :: Maybe Natural
- requireLowercaseCharacters :: Maybe Bool
- maxPasswordAge :: Maybe Natural
- hardExpiry :: Maybe Bool
- requireSymbols :: Maybe Bool
- requireUppercaseCharacters :: Maybe Bool
- allowUsersToChangePassword :: Maybe Bool
- newPasswordPolicy :: PasswordPolicy
- passwordPolicy_expirePasswords :: Lens' PasswordPolicy (Maybe Bool)
- passwordPolicy_minimumPasswordLength :: Lens' PasswordPolicy (Maybe Natural)
- passwordPolicy_requireNumbers :: Lens' PasswordPolicy (Maybe Bool)
- passwordPolicy_passwordReusePrevention :: Lens' PasswordPolicy (Maybe Natural)
- passwordPolicy_requireLowercaseCharacters :: Lens' PasswordPolicy (Maybe Bool)
- passwordPolicy_maxPasswordAge :: Lens' PasswordPolicy (Maybe Natural)
- passwordPolicy_hardExpiry :: Lens' PasswordPolicy (Maybe Bool)
- passwordPolicy_requireSymbols :: Lens' PasswordPolicy (Maybe Bool)
- passwordPolicy_requireUppercaseCharacters :: Lens' PasswordPolicy (Maybe Bool)
- passwordPolicy_allowUsersToChangePassword :: Lens' PasswordPolicy (Maybe Bool)
- data PermissionsBoundaryDecisionDetail = PermissionsBoundaryDecisionDetail' {}
- newPermissionsBoundaryDecisionDetail :: PermissionsBoundaryDecisionDetail
- permissionsBoundaryDecisionDetail_allowedByPermissionsBoundary :: Lens' PermissionsBoundaryDecisionDetail (Maybe Bool)
- data Policy = Policy' {
- policyName :: Maybe Text
- arn :: Maybe Text
- updateDate :: Maybe ISO8601
- policyId :: Maybe Text
- path :: Maybe Text
- createDate :: Maybe ISO8601
- isAttachable :: Maybe Bool
- permissionsBoundaryUsageCount :: Maybe Int
- defaultVersionId :: Maybe Text
- attachmentCount :: Maybe Int
- description :: Maybe Text
- tags :: Maybe [Tag]
- newPolicy :: Policy
- policy_policyName :: Lens' Policy (Maybe Text)
- policy_arn :: Lens' Policy (Maybe Text)
- policy_updateDate :: Lens' Policy (Maybe UTCTime)
- policy_policyId :: Lens' Policy (Maybe Text)
- policy_path :: Lens' Policy (Maybe Text)
- policy_createDate :: Lens' Policy (Maybe UTCTime)
- policy_isAttachable :: Lens' Policy (Maybe Bool)
- policy_permissionsBoundaryUsageCount :: Lens' Policy (Maybe Int)
- policy_defaultVersionId :: Lens' Policy (Maybe Text)
- policy_attachmentCount :: Lens' Policy (Maybe Int)
- policy_description :: Lens' Policy (Maybe Text)
- policy_tags :: Lens' Policy (Maybe [Tag])
- data PolicyDetail = PolicyDetail' {}
- newPolicyDetail :: PolicyDetail
- policyDetail_policyDocument :: Lens' PolicyDetail (Maybe Text)
- policyDetail_policyName :: Lens' PolicyDetail (Maybe Text)
- data PolicyGrantingServiceAccess = PolicyGrantingServiceAccess' {}
- newPolicyGrantingServiceAccess :: Text -> PolicyType -> PolicyGrantingServiceAccess
- policyGrantingServiceAccess_entityName :: Lens' PolicyGrantingServiceAccess (Maybe Text)
- policyGrantingServiceAccess_entityType :: Lens' PolicyGrantingServiceAccess (Maybe PolicyOwnerEntityType)
- policyGrantingServiceAccess_policyArn :: Lens' PolicyGrantingServiceAccess (Maybe Text)
- policyGrantingServiceAccess_policyName :: Lens' PolicyGrantingServiceAccess Text
- policyGrantingServiceAccess_policyType :: Lens' PolicyGrantingServiceAccess PolicyType
- data PolicyGroup = PolicyGroup' {}
- newPolicyGroup :: PolicyGroup
- policyGroup_groupId :: Lens' PolicyGroup (Maybe Text)
- policyGroup_groupName :: Lens' PolicyGroup (Maybe Text)
- data PolicyRole = PolicyRole' {}
- newPolicyRole :: PolicyRole
- policyRole_roleName :: Lens' PolicyRole (Maybe Text)
- policyRole_roleId :: Lens' PolicyRole (Maybe Text)
- data PolicyUser = PolicyUser' {}
- newPolicyUser :: PolicyUser
- policyUser_userName :: Lens' PolicyUser (Maybe Text)
- policyUser_userId :: Lens' PolicyUser (Maybe Text)
- data PolicyVersion = PolicyVersion' {}
- newPolicyVersion :: PolicyVersion
- policyVersion_versionId :: Lens' PolicyVersion (Maybe Text)
- policyVersion_createDate :: Lens' PolicyVersion (Maybe UTCTime)
- policyVersion_document :: Lens' PolicyVersion (Maybe Text)
- policyVersion_isDefaultVersion :: Lens' PolicyVersion (Maybe Bool)
- data Position = Position' {}
- newPosition :: Position
- position_line :: Lens' Position (Maybe Int)
- position_column :: Lens' Position (Maybe Int)
- data ResourceSpecificResult = ResourceSpecificResult' {}
- newResourceSpecificResult :: Text -> PolicyEvaluationDecisionType -> ResourceSpecificResult
- resourceSpecificResult_matchedStatements :: Lens' ResourceSpecificResult (Maybe [Statement])
- resourceSpecificResult_evalDecisionDetails :: Lens' ResourceSpecificResult (Maybe (HashMap Text PolicyEvaluationDecisionType))
- resourceSpecificResult_missingContextValues :: Lens' ResourceSpecificResult (Maybe [Text])
- resourceSpecificResult_permissionsBoundaryDecisionDetail :: Lens' ResourceSpecificResult (Maybe PermissionsBoundaryDecisionDetail)
- resourceSpecificResult_evalResourceName :: Lens' ResourceSpecificResult Text
- resourceSpecificResult_evalResourceDecision :: Lens' ResourceSpecificResult PolicyEvaluationDecisionType
- data Role = Role' {}
- newRole :: Text -> Text -> Text -> Text -> UTCTime -> Role
- role_maxSessionDuration :: Lens' Role (Maybe Natural)
- role_assumeRolePolicyDocument :: Lens' Role (Maybe Text)
- role_roleLastUsed :: Lens' Role (Maybe RoleLastUsed)
- role_permissionsBoundary :: Lens' Role (Maybe AttachedPermissionsBoundary)
- role_description :: Lens' Role (Maybe Text)
- role_tags :: Lens' Role (Maybe [Tag])
- role_path :: Lens' Role Text
- role_roleName :: Lens' Role Text
- role_roleId :: Lens' Role Text
- role_arn :: Lens' Role Text
- role_createDate :: Lens' Role UTCTime
- data RoleDetail = RoleDetail' {
- assumeRolePolicyDocument :: Maybe Text
- arn :: Maybe Text
- path :: Maybe Text
- instanceProfileList :: Maybe [InstanceProfile]
- createDate :: Maybe ISO8601
- roleName :: Maybe Text
- roleId :: Maybe Text
- roleLastUsed :: Maybe RoleLastUsed
- permissionsBoundary :: Maybe AttachedPermissionsBoundary
- rolePolicyList :: Maybe [PolicyDetail]
- tags :: Maybe [Tag]
- attachedManagedPolicies :: Maybe [AttachedPolicy]
- newRoleDetail :: RoleDetail
- roleDetail_assumeRolePolicyDocument :: Lens' RoleDetail (Maybe Text)
- roleDetail_arn :: Lens' RoleDetail (Maybe Text)
- roleDetail_path :: Lens' RoleDetail (Maybe Text)
- roleDetail_instanceProfileList :: Lens' RoleDetail (Maybe [InstanceProfile])
- roleDetail_createDate :: Lens' RoleDetail (Maybe UTCTime)
- roleDetail_roleName :: Lens' RoleDetail (Maybe Text)
- roleDetail_roleId :: Lens' RoleDetail (Maybe Text)
- roleDetail_roleLastUsed :: Lens' RoleDetail (Maybe RoleLastUsed)
- roleDetail_permissionsBoundary :: Lens' RoleDetail (Maybe AttachedPermissionsBoundary)
- roleDetail_rolePolicyList :: Lens' RoleDetail (Maybe [PolicyDetail])
- roleDetail_tags :: Lens' RoleDetail (Maybe [Tag])
- roleDetail_attachedManagedPolicies :: Lens' RoleDetail (Maybe [AttachedPolicy])
- data RoleLastUsed = RoleLastUsed' {}
- newRoleLastUsed :: RoleLastUsed
- roleLastUsed_lastUsedDate :: Lens' RoleLastUsed (Maybe UTCTime)
- roleLastUsed_region :: Lens' RoleLastUsed (Maybe Text)
- data RoleUsageType = RoleUsageType' {}
- newRoleUsageType :: RoleUsageType
- roleUsageType_resources :: Lens' RoleUsageType (Maybe [Text])
- roleUsageType_region :: Lens' RoleUsageType (Maybe Text)
- data SAMLProviderListEntry = SAMLProviderListEntry' {
- arn :: Maybe Text
- createDate :: Maybe ISO8601
- validUntil :: Maybe ISO8601
- newSAMLProviderListEntry :: SAMLProviderListEntry
- sAMLProviderListEntry_arn :: Lens' SAMLProviderListEntry (Maybe Text)
- sAMLProviderListEntry_createDate :: Lens' SAMLProviderListEntry (Maybe UTCTime)
- sAMLProviderListEntry_validUntil :: Lens' SAMLProviderListEntry (Maybe UTCTime)
- data SSHPublicKey = SSHPublicKey' {}
- newSSHPublicKey :: Text -> Text -> Text -> Text -> StatusType -> SSHPublicKey
- sSHPublicKey_uploadDate :: Lens' SSHPublicKey (Maybe UTCTime)
- sSHPublicKey_userName :: Lens' SSHPublicKey Text
- sSHPublicKey_sSHPublicKeyId :: Lens' SSHPublicKey Text
- sSHPublicKey_fingerprint :: Lens' SSHPublicKey Text
- sSHPublicKey_sSHPublicKeyBody :: Lens' SSHPublicKey Text
- sSHPublicKey_status :: Lens' SSHPublicKey StatusType
- data SSHPublicKeyMetadata = SSHPublicKeyMetadata' {
- userName :: Text
- sSHPublicKeyId :: Text
- status :: StatusType
- uploadDate :: ISO8601
- newSSHPublicKeyMetadata :: Text -> Text -> StatusType -> UTCTime -> SSHPublicKeyMetadata
- sSHPublicKeyMetadata_userName :: Lens' SSHPublicKeyMetadata Text
- sSHPublicKeyMetadata_sSHPublicKeyId :: Lens' SSHPublicKeyMetadata Text
- sSHPublicKeyMetadata_status :: Lens' SSHPublicKeyMetadata StatusType
- sSHPublicKeyMetadata_uploadDate :: Lens' SSHPublicKeyMetadata UTCTime
- data ServerCertificate = ServerCertificate' {}
- newServerCertificate :: ServerCertificateMetadata -> Text -> ServerCertificate
- serverCertificate_certificateChain :: Lens' ServerCertificate (Maybe Text)
- serverCertificate_tags :: Lens' ServerCertificate (Maybe [Tag])
- serverCertificate_serverCertificateMetadata :: Lens' ServerCertificate ServerCertificateMetadata
- serverCertificate_certificateBody :: Lens' ServerCertificate Text
- data ServerCertificateMetadata = ServerCertificateMetadata' {}
- newServerCertificateMetadata :: Text -> Text -> Text -> Text -> ServerCertificateMetadata
- serverCertificateMetadata_uploadDate :: Lens' ServerCertificateMetadata (Maybe UTCTime)
- serverCertificateMetadata_expiration :: Lens' ServerCertificateMetadata (Maybe UTCTime)
- serverCertificateMetadata_path :: Lens' ServerCertificateMetadata Text
- serverCertificateMetadata_serverCertificateName :: Lens' ServerCertificateMetadata Text
- serverCertificateMetadata_serverCertificateId :: Lens' ServerCertificateMetadata Text
- serverCertificateMetadata_arn :: Lens' ServerCertificateMetadata Text
- data ServiceLastAccessed = ServiceLastAccessed' {}
- newServiceLastAccessed :: Text -> Text -> ServiceLastAccessed
- serviceLastAccessed_lastAuthenticated :: Lens' ServiceLastAccessed (Maybe UTCTime)
- serviceLastAccessed_trackedActionsLastAccessed :: Lens' ServiceLastAccessed (Maybe [TrackedActionLastAccessed])
- serviceLastAccessed_lastAuthenticatedEntity :: Lens' ServiceLastAccessed (Maybe Text)
- serviceLastAccessed_lastAuthenticatedRegion :: Lens' ServiceLastAccessed (Maybe Text)
- serviceLastAccessed_totalAuthenticatedEntities :: Lens' ServiceLastAccessed (Maybe Int)
- serviceLastAccessed_serviceName :: Lens' ServiceLastAccessed Text
- serviceLastAccessed_serviceNamespace :: Lens' ServiceLastAccessed Text
- data ServiceSpecificCredential = ServiceSpecificCredential' {}
- newServiceSpecificCredential :: UTCTime -> Text -> Text -> Text -> Text -> Text -> StatusType -> ServiceSpecificCredential
- serviceSpecificCredential_createDate :: Lens' ServiceSpecificCredential UTCTime
- serviceSpecificCredential_serviceName :: Lens' ServiceSpecificCredential Text
- serviceSpecificCredential_serviceUserName :: Lens' ServiceSpecificCredential Text
- serviceSpecificCredential_servicePassword :: Lens' ServiceSpecificCredential Text
- serviceSpecificCredential_serviceSpecificCredentialId :: Lens' ServiceSpecificCredential Text
- serviceSpecificCredential_userName :: Lens' ServiceSpecificCredential Text
- serviceSpecificCredential_status :: Lens' ServiceSpecificCredential StatusType
- data ServiceSpecificCredentialMetadata = ServiceSpecificCredentialMetadata' {}
- newServiceSpecificCredentialMetadata :: Text -> StatusType -> Text -> UTCTime -> Text -> Text -> ServiceSpecificCredentialMetadata
- serviceSpecificCredentialMetadata_userName :: Lens' ServiceSpecificCredentialMetadata Text
- serviceSpecificCredentialMetadata_status :: Lens' ServiceSpecificCredentialMetadata StatusType
- serviceSpecificCredentialMetadata_serviceUserName :: Lens' ServiceSpecificCredentialMetadata Text
- serviceSpecificCredentialMetadata_createDate :: Lens' ServiceSpecificCredentialMetadata UTCTime
- serviceSpecificCredentialMetadata_serviceSpecificCredentialId :: Lens' ServiceSpecificCredentialMetadata Text
- serviceSpecificCredentialMetadata_serviceName :: Lens' ServiceSpecificCredentialMetadata Text
- data SigningCertificate = SigningCertificate' {}
- newSigningCertificate :: Text -> Text -> Text -> StatusType -> SigningCertificate
- signingCertificate_uploadDate :: Lens' SigningCertificate (Maybe UTCTime)
- signingCertificate_userName :: Lens' SigningCertificate Text
- signingCertificate_certificateId :: Lens' SigningCertificate Text
- signingCertificate_certificateBody :: Lens' SigningCertificate Text
- signingCertificate_status :: Lens' SigningCertificate StatusType
- data SimulatePolicyResponse = SimulatePolicyResponse' {}
- newSimulatePolicyResponse :: SimulatePolicyResponse
- simulatePolicyResponse_evaluationResults :: Lens' SimulatePolicyResponse (Maybe [EvaluationResult])
- simulatePolicyResponse_marker :: Lens' SimulatePolicyResponse (Maybe Text)
- simulatePolicyResponse_isTruncated :: Lens' SimulatePolicyResponse (Maybe Bool)
- data Statement = Statement' {}
- newStatement :: Statement
- statement_sourcePolicyType :: Lens' Statement (Maybe PolicySourceType)
- statement_sourcePolicyId :: Lens' Statement (Maybe Text)
- statement_endPosition :: Lens' Statement (Maybe Position)
- statement_startPosition :: Lens' Statement (Maybe Position)
- data Tag = Tag' {}
- newTag :: Text -> Text -> Tag
- tag_key :: Lens' Tag Text
- tag_value :: Lens' Tag Text
- data TrackedActionLastAccessed = TrackedActionLastAccessed' {}
- newTrackedActionLastAccessed :: TrackedActionLastAccessed
- trackedActionLastAccessed_lastAccessedTime :: Lens' TrackedActionLastAccessed (Maybe UTCTime)
- trackedActionLastAccessed_actionName :: Lens' TrackedActionLastAccessed (Maybe Text)
- trackedActionLastAccessed_lastAccessedEntity :: Lens' TrackedActionLastAccessed (Maybe Text)
- trackedActionLastAccessed_lastAccessedRegion :: Lens' TrackedActionLastAccessed (Maybe Text)
- data User = User' {
- passwordLastUsed :: Maybe ISO8601
- path :: Maybe Text
- permissionsBoundary :: Maybe AttachedPermissionsBoundary
- tags :: Maybe [Tag]
- userName :: Text
- userId :: Text
- arn :: Text
- createDate :: ISO8601
- newUser :: Text -> Text -> Text -> UTCTime -> User
- user_passwordLastUsed :: Lens' User (Maybe UTCTime)
- user_path :: Lens' User (Maybe Text)
- user_permissionsBoundary :: Lens' User (Maybe AttachedPermissionsBoundary)
- user_tags :: Lens' User (Maybe [Tag])
- user_userName :: Lens' User Text
- user_userId :: Lens' User Text
- user_arn :: Lens' User Text
- user_createDate :: Lens' User UTCTime
- data UserDetail = UserDetail' {}
- newUserDetail :: UserDetail
- userDetail_groupList :: Lens' UserDetail (Maybe [Text])
- userDetail_arn :: Lens' UserDetail (Maybe Text)
- userDetail_path :: Lens' UserDetail (Maybe Text)
- userDetail_createDate :: Lens' UserDetail (Maybe UTCTime)
- userDetail_userName :: Lens' UserDetail (Maybe Text)
- userDetail_userId :: Lens' UserDetail (Maybe Text)
- userDetail_permissionsBoundary :: Lens' UserDetail (Maybe AttachedPermissionsBoundary)
- userDetail_userPolicyList :: Lens' UserDetail (Maybe [PolicyDetail])
- userDetail_tags :: Lens' UserDetail (Maybe [Tag])
- userDetail_attachedManagedPolicies :: Lens' UserDetail (Maybe [AttachedPolicy])
- data VirtualMFADevice = VirtualMFADevice' {}
- newVirtualMFADevice :: Text -> VirtualMFADevice
- virtualMFADevice_qRCodePNG :: Lens' VirtualMFADevice (Maybe ByteString)
- virtualMFADevice_base32StringSeed :: Lens' VirtualMFADevice (Maybe ByteString)
- virtualMFADevice_user :: Lens' VirtualMFADevice (Maybe User)
- virtualMFADevice_enableDate :: Lens' VirtualMFADevice (Maybe UTCTime)
- virtualMFADevice_tags :: Lens' VirtualMFADevice (Maybe [Tag])
- virtualMFADevice_serialNumber :: Lens' VirtualMFADevice Text
Service Configuration
defaultService :: Service Source #
API version 2010-05-08 of the Amazon Identity and Access Management SDK configuration.
Errors
_CredentialReportNotPresentException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The request was rejected because the credential report does not exist. To generate a credential report, use GenerateCredentialReport.
_CredentialReportNotReadyException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The request was rejected because the credential report is still being generated.
_MalformedPolicyDocumentException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The request was rejected because the policy document was malformed. The error message describes the specific error.
_EntityAlreadyExistsException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The request was rejected because it attempted to create a resource that already exists.
_MalformedCertificateException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The request was rejected because the certificate was malformed or expired. The error message describes the specific error.
_CredentialReportExpiredException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The request was rejected because the most recent credential report has expired. To generate a new credential report, use GenerateCredentialReport. For more information about credential report expiration, see Getting credential reports in the IAM User Guide.
_UnmodifiableEntityException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The request was rejected because only the service that depends on the service-linked role can modify or delete the role on your behalf. The error message includes the name of the service that depends on this service-linked role. You must request the change through that service.
_DuplicateCertificateException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The request was rejected because the same certificate is associated with an IAM user in the account.
_DeleteConflictException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The request was rejected because it attempted to delete a resource that has attached subordinate entities. The error message describes these entities.
_NoSuchEntityException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The request was rejected because it referenced a resource entity that does not exist. The error message describes the resource.
_InvalidCertificateException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The request was rejected because the certificate is invalid.
_PolicyNotAttachableException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The request failed because Amazon Web Services service role policies can only be attached to the service-linked role for that service.
_ServiceNotSupportedException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The specified service does not support service-specific credentials.
_UnrecognizedPublicKeyEncodingException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The request was rejected because the public key encoding format is unsupported or unrecognized.
_ReportGenerationLimitExceededException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The request failed because the maximum number of concurrent requests for this account are already running.
_InvalidUserTypeException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The request was rejected because the type of user for the transaction was incorrect.
_ServiceFailureException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The request processing has failed because of an unknown error, exception or failure.
_ConcurrentModificationException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The request was rejected because multiple requests to change this object were submitted simultaneously. Wait a few minutes and submit your request again.
_InvalidInputException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The request was rejected because an invalid or out-of-range value was supplied for an input parameter.
_InvalidPublicKeyException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The request was rejected because the public key is malformed or otherwise invalid.
_InvalidAuthenticationCodeException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The request was rejected because the authentication code was not recognized. The error message describes the specific error.
_EntityTemporarilyUnmodifiableException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The request was rejected because it referenced an entity that is temporarily unmodifiable, such as a user name that was deleted and then recreated. The error indicates that the request is likely to succeed if you try again after waiting several minutes. The error message describes the entity.
_DuplicateSSHPublicKeyException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The request was rejected because the SSH public key is already associated with the specified IAM user.
_KeyPairMismatchException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The request was rejected because the public key certificate and the private key do not match.
_PolicyEvaluationException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The request failed because a provided policy could not be successfully evaluated. An additional detailed message indicates the source of the failure.
_PasswordPolicyViolationException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The request was rejected because the provided password did not meet the requirements imposed by the account password policy.
_LimitExceededException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The request was rejected because it attempted to create resources beyond the current Amazon Web Services account limits. The error message describes the limit exceeded.
AccessAdvisorUsageGranularityType
newtype AccessAdvisorUsageGranularityType Source #
Constructors
| AccessAdvisorUsageGranularityType' | |
Bundled Patterns
| pattern AccessAdvisorUsageGranularityType_ACTION_LEVEL :: AccessAdvisorUsageGranularityType | |
| pattern AccessAdvisorUsageGranularityType_SERVICE_LEVEL :: AccessAdvisorUsageGranularityType |
Instances
AssignmentStatusType
newtype AssignmentStatusType Source #
Constructors
| AssignmentStatusType' | |
Fields | |
Bundled Patterns
| pattern AssignmentStatusType_Any :: AssignmentStatusType | |
| pattern AssignmentStatusType_Assigned :: AssignmentStatusType | |
| pattern AssignmentStatusType_Unassigned :: AssignmentStatusType |
Instances
ContextKeyTypeEnum
newtype ContextKeyTypeEnum Source #
Constructors
| ContextKeyTypeEnum' | |
Fields | |
Bundled Patterns
| pattern ContextKeyTypeEnum_Binary :: ContextKeyTypeEnum | |
| pattern ContextKeyTypeEnum_BinaryList :: ContextKeyTypeEnum | |
| pattern ContextKeyTypeEnum_Boolean :: ContextKeyTypeEnum | |
| pattern ContextKeyTypeEnum_BooleanList :: ContextKeyTypeEnum | |
| pattern ContextKeyTypeEnum_Date :: ContextKeyTypeEnum | |
| pattern ContextKeyTypeEnum_DateList :: ContextKeyTypeEnum | |
| pattern ContextKeyTypeEnum_Ip :: ContextKeyTypeEnum | |
| pattern ContextKeyTypeEnum_IpList :: ContextKeyTypeEnum | |
| pattern ContextKeyTypeEnum_Numeric :: ContextKeyTypeEnum | |
| pattern ContextKeyTypeEnum_NumericList :: ContextKeyTypeEnum | |
| pattern ContextKeyTypeEnum_String :: ContextKeyTypeEnum | |
| pattern ContextKeyTypeEnum_StringList :: ContextKeyTypeEnum |
Instances
DeletionTaskStatusType
newtype DeletionTaskStatusType Source #
Constructors
| DeletionTaskStatusType' | |
Fields | |
Bundled Patterns
Instances
EncodingType
newtype EncodingType Source #
Constructors
| EncodingType' | |
Fields | |
Bundled Patterns
| pattern EncodingType_PEM :: EncodingType | |
| pattern EncodingType_SSH :: EncodingType |
Instances
EntityType
newtype EntityType Source #
Constructors
| EntityType' | |
Fields | |
Bundled Patterns
| pattern EntityType_AWSManagedPolicy :: EntityType | |
| pattern EntityType_Group :: EntityType | |
| pattern EntityType_LocalManagedPolicy :: EntityType | |
| pattern EntityType_Role :: EntityType | |
| pattern EntityType_User :: EntityType |
Instances
GlobalEndpointTokenVersion
newtype GlobalEndpointTokenVersion Source #
Constructors
| GlobalEndpointTokenVersion' | |
Fields | |
Bundled Patterns
| pattern GlobalEndpointTokenVersion_V1Token :: GlobalEndpointTokenVersion | |
| pattern GlobalEndpointTokenVersion_V2Token :: GlobalEndpointTokenVersion |
Instances
JobStatusType
newtype JobStatusType Source #
Constructors
| JobStatusType' | |
Fields | |
Bundled Patterns
| pattern JobStatusType_COMPLETED :: JobStatusType | |
| pattern JobStatusType_FAILED :: JobStatusType | |
| pattern JobStatusType_IN_PROGRESS :: JobStatusType |
Instances
PermissionsBoundaryAttachmentType
newtype PermissionsBoundaryAttachmentType Source #
Constructors
| PermissionsBoundaryAttachmentType' | |
Bundled Patterns
| pattern PermissionsBoundaryAttachmentType_PermissionsBoundaryPolicy :: PermissionsBoundaryAttachmentType |
Instances
PolicyEvaluationDecisionType
newtype PolicyEvaluationDecisionType Source #
Constructors
| PolicyEvaluationDecisionType' | |
Fields | |
Bundled Patterns
Instances
PolicyOwnerEntityType
newtype PolicyOwnerEntityType Source #
Constructors
| PolicyOwnerEntityType' | |
Fields | |
Bundled Patterns
| pattern PolicyOwnerEntityType_GROUP :: PolicyOwnerEntityType | |
| pattern PolicyOwnerEntityType_ROLE :: PolicyOwnerEntityType | |
| pattern PolicyOwnerEntityType_USER :: PolicyOwnerEntityType |
Instances
PolicyScopeType
newtype PolicyScopeType Source #
Constructors
| PolicyScopeType' | |
Fields | |
Bundled Patterns
| pattern PolicyScopeType_AWS :: PolicyScopeType | |
| pattern PolicyScopeType_All :: PolicyScopeType | |
| pattern PolicyScopeType_Local :: PolicyScopeType |
Instances
PolicySourceType
newtype PolicySourceType Source #
Constructors
| PolicySourceType' | |
Fields | |
Bundled Patterns
| pattern PolicySourceType_Aws_managed :: PolicySourceType | |
| pattern PolicySourceType_Group :: PolicySourceType | |
| pattern PolicySourceType_None :: PolicySourceType | |
| pattern PolicySourceType_Resource :: PolicySourceType | |
| pattern PolicySourceType_Role :: PolicySourceType | |
| pattern PolicySourceType_User :: PolicySourceType | |
| pattern PolicySourceType_User_managed :: PolicySourceType |
Instances
PolicyType
newtype PolicyType Source #
Constructors
| PolicyType' | |
Fields | |
Bundled Patterns
| pattern PolicyType_INLINE :: PolicyType | |
| pattern PolicyType_MANAGED :: PolicyType |
Instances
PolicyUsageType
newtype PolicyUsageType Source #
The policy usage type that indicates whether the policy is used as a permissions policy or as the permissions boundary for an entity.
For more information about permissions boundaries, see Permissions boundaries for IAM identities in the IAM User Guide.
Constructors
| PolicyUsageType' | |
Fields | |
Bundled Patterns
| pattern PolicyUsageType_PermissionsBoundary :: PolicyUsageType | |
| pattern PolicyUsageType_PermissionsPolicy :: PolicyUsageType |
Instances
ReportFormatType
newtype ReportFormatType Source #
Constructors
| ReportFormatType' | |
Fields | |
Bundled Patterns
| pattern ReportFormatType_Text_csv :: ReportFormatType |
Instances
ReportStateType
newtype ReportStateType Source #
Constructors
| ReportStateType' | |
Fields | |
Bundled Patterns
| pattern ReportStateType_COMPLETE :: ReportStateType | |
| pattern ReportStateType_INPROGRESS :: ReportStateType | |
| pattern ReportStateType_STARTED :: ReportStateType |
Instances
SortKeyType
newtype SortKeyType Source #
Constructors
| SortKeyType' | |
Fields | |
Bundled Patterns
Instances
StatusType
newtype StatusType Source #
Constructors
| StatusType' | |
Fields | |
Bundled Patterns
| pattern StatusType_Active :: StatusType | |
| pattern StatusType_Inactive :: StatusType |
Instances
SummaryKeyType
newtype SummaryKeyType Source #
Constructors
| SummaryKeyType' | |
Fields | |
Bundled Patterns
Instances
AccessDetail
data AccessDetail Source #
An object that contains details about when a principal in the reported Organizations entity last attempted to access an Amazon Web Services service. A principal can be an IAM user, an IAM role, or the Amazon Web Services account root user within the reported Organizations entity.
This data type is a response element in the GetOrganizationsAccessReport operation.
See: newAccessDetail smart constructor.
Constructors
| AccessDetail' | |
Fields
| |
Instances
Arguments
| :: Text | |
| -> Text | |
| -> AccessDetail |
Create a value of AccessDetail with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:entityPath:AccessDetail', accessDetail_entityPath - The path of the Organizations entity (root, organizational unit, or
account) from which an authenticated principal last attempted to access
the service. Amazon Web Services does not report unauthenticated
requests.
This field is null if no principals (IAM users, IAM roles, or root users) in the reported Organizations entity attempted to access the service within the reporting period.
$sel:region:AccessDetail', accessDetail_region - The Region where the last service access attempt occurred.
This field is null if no principals in the reported Organizations entity attempted to access the service within the reporting period.
$sel:lastAuthenticatedTime:AccessDetail', accessDetail_lastAuthenticatedTime - The date and time,
in ISO 8601 date-time format, when an
authenticated principal most recently attempted to access the service.
Amazon Web Services does not report unauthenticated requests.
This field is null if no principals in the reported Organizations entity attempted to access the service within the reporting period.
$sel:totalAuthenticatedEntities:AccessDetail', accessDetail_totalAuthenticatedEntities - The number of accounts with authenticated principals (root users, IAM
users, and IAM roles) that attempted to access the service in the
reporting period.
$sel:serviceName:AccessDetail', accessDetail_serviceName - The name of the service in which access was attempted.
$sel:serviceNamespace:AccessDetail', accessDetail_serviceNamespace - The namespace of the service in which access was attempted.
To learn the service namespace of a service, see
Actions, resources, and condition keys for Amazon Web Services services
in the Service Authorization Reference. Choose the name of the service
to view details for that service. In the first paragraph, find the
service prefix. For example, (service prefix: a4b). For more
information about service namespaces, see
Amazon Web Services service namespaces
in the Amazon Web Services General Reference.
accessDetail_entityPath :: Lens' AccessDetail (Maybe Text) Source #
The path of the Organizations entity (root, organizational unit, or account) from which an authenticated principal last attempted to access the service. Amazon Web Services does not report unauthenticated requests.
This field is null if no principals (IAM users, IAM roles, or root users) in the reported Organizations entity attempted to access the service within the reporting period.
accessDetail_region :: Lens' AccessDetail (Maybe Text) Source #
The Region where the last service access attempt occurred.
This field is null if no principals in the reported Organizations entity attempted to access the service within the reporting period.
accessDetail_lastAuthenticatedTime :: Lens' AccessDetail (Maybe UTCTime) Source #
The date and time, in ISO 8601 date-time format, when an authenticated principal most recently attempted to access the service. Amazon Web Services does not report unauthenticated requests.
This field is null if no principals in the reported Organizations entity attempted to access the service within the reporting period.
accessDetail_totalAuthenticatedEntities :: Lens' AccessDetail (Maybe Int) Source #
The number of accounts with authenticated principals (root users, IAM users, and IAM roles) that attempted to access the service in the reporting period.
accessDetail_serviceName :: Lens' AccessDetail Text Source #
The name of the service in which access was attempted.
accessDetail_serviceNamespace :: Lens' AccessDetail Text Source #
The namespace of the service in which access was attempted.
To learn the service namespace of a service, see
Actions, resources, and condition keys for Amazon Web Services services
in the Service Authorization Reference. Choose the name of the service
to view details for that service. In the first paragraph, find the
service prefix. For example, (service prefix: a4b). For more
information about service namespaces, see
Amazon Web Services service namespaces
in the Amazon Web Services General Reference.
AccessKeyInfo
data AccessKeyInfo Source #
Contains information about an Amazon Web Services access key.
This data type is used as a response element in the CreateAccessKey and ListAccessKeys operations.
The SecretAccessKey value is returned only in response to
CreateAccessKey. You can get a secret access key only when you first
create an access key; you cannot recover the secret access key later. If
you lose a secret access key, you must create a new access key.
See: newAccessKeyInfo smart constructor.
Constructors
| AccessKeyInfo' | |
Fields
| |
Instances
Arguments
| :: Text | |
| -> AccessKey | |
| -> StatusType | |
| -> Text | |
| -> AccessKeyInfo |
Create a value of AccessKeyInfo with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:createDate:AccessKeyInfo', accessKeyInfo_createDate - The date when the access key was created.
$sel:userName:AccessKeyInfo', accessKeyInfo_userName - The name of the IAM user that the access key is associated with.
$sel:accessKeyId:AccessKeyInfo', accessKeyInfo_accessKeyId - The ID for this access key.
$sel:status:AccessKeyInfo', accessKeyInfo_status - The status of the access key. Active means that the key is valid for
API calls, while Inactive means it is not.
$sel:secretAccessKey:AccessKeyInfo', accessKeyInfo_secretAccessKey - The secret key used to sign requests.
accessKeyInfo_createDate :: Lens' AccessKeyInfo (Maybe UTCTime) Source #
The date when the access key was created.
accessKeyInfo_userName :: Lens' AccessKeyInfo Text Source #
The name of the IAM user that the access key is associated with.
accessKeyInfo_accessKeyId :: Lens' AccessKeyInfo AccessKey Source #
The ID for this access key.
accessKeyInfo_status :: Lens' AccessKeyInfo StatusType Source #
The status of the access key. Active means that the key is valid for
API calls, while Inactive means it is not.
accessKeyInfo_secretAccessKey :: Lens' AccessKeyInfo Text Source #
The secret key used to sign requests.
AccessKeyLastUsed
data AccessKeyLastUsed Source #
Contains information about the last time an Amazon Web Services access key was used since IAM began tracking this information on April 22, 2015.
This data type is used as a response element in the GetAccessKeyLastUsed operation.
See: newAccessKeyLastUsed smart constructor.
Constructors
| AccessKeyLastUsed' | |
Fields
| |
Instances
Arguments
| :: UTCTime | |
| -> Text | |
| -> Text | |
| -> AccessKeyLastUsed |
Create a value of AccessKeyLastUsed with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:lastUsedDate:AccessKeyLastUsed', accessKeyLastUsed_lastUsedDate - The date and time, in
ISO 8601 date-time format, when the
access key was most recently used. This field is null in the following
situations:
- The user does not have an access key.
- An access key exists but has not been used since IAM began tracking this information.
- There is no sign-in data associated with the user.
$sel:serviceName:AccessKeyLastUsed', accessKeyLastUsed_serviceName - The name of the Amazon Web Services service with which this access key
was most recently used. The value of this field is "N/A" in the
following situations:
- The user does not have an access key.
- An access key exists but has not been used since IAM started tracking this information.
- There is no sign-in data associated with the user.
$sel:region:AccessKeyLastUsed', accessKeyLastUsed_region - The Amazon Web Services Region where this access key was most recently
used. The value for this field is "N/A" in the following situations:
- The user does not have an access key.
- An access key exists but has not been used since IAM began tracking this information.
- There is no sign-in data associated with the user.
For more information about Amazon Web Services Regions, see Regions and endpoints in the Amazon Web Services General Reference.
accessKeyLastUsed_lastUsedDate :: Lens' AccessKeyLastUsed UTCTime Source #
The date and time, in ISO 8601 date-time format, when the access key was most recently used. This field is null in the following situations:
- The user does not have an access key.
- An access key exists but has not been used since IAM began tracking this information.
- There is no sign-in data associated with the user.
accessKeyLastUsed_serviceName :: Lens' AccessKeyLastUsed Text Source #
The name of the Amazon Web Services service with which this access key was most recently used. The value of this field is "N/A" in the following situations:
- The user does not have an access key.
- An access key exists but has not been used since IAM started tracking this information.
- There is no sign-in data associated with the user.
accessKeyLastUsed_region :: Lens' AccessKeyLastUsed Text Source #
The Amazon Web Services Region where this access key was most recently used. The value for this field is "N/A" in the following situations:
- The user does not have an access key.
- An access key exists but has not been used since IAM began tracking this information.
- There is no sign-in data associated with the user.
For more information about Amazon Web Services Regions, see Regions and endpoints in the Amazon Web Services General Reference.
AccessKeyMetadata
data AccessKeyMetadata Source #
Contains information about an Amazon Web Services access key, without its secret key.
This data type is used as a response element in the ListAccessKeys operation.
See: newAccessKeyMetadata smart constructor.
Constructors
| AccessKeyMetadata' | |
Fields
| |
Instances
newAccessKeyMetadata :: AccessKeyMetadata Source #
Create a value of AccessKeyMetadata with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:status:AccessKeyMetadata', accessKeyMetadata_status - The status of the access key. Active means that the key is valid for
API calls; Inactive means it is not.
$sel:createDate:AccessKeyMetadata', accessKeyMetadata_createDate - The date when the access key was created.
$sel:userName:AccessKeyMetadata', accessKeyMetadata_userName - The name of the IAM user that the key is associated with.
$sel:accessKeyId:AccessKeyMetadata', accessKeyMetadata_accessKeyId - The ID for this access key.
accessKeyMetadata_status :: Lens' AccessKeyMetadata (Maybe StatusType) Source #
The status of the access key. Active means that the key is valid for
API calls; Inactive means it is not.
accessKeyMetadata_createDate :: Lens' AccessKeyMetadata (Maybe UTCTime) Source #
The date when the access key was created.
accessKeyMetadata_userName :: Lens' AccessKeyMetadata (Maybe Text) Source #
The name of the IAM user that the key is associated with.
accessKeyMetadata_accessKeyId :: Lens' AccessKeyMetadata (Maybe AccessKey) Source #
The ID for this access key.
AttachedPermissionsBoundary
data AttachedPermissionsBoundary Source #
Contains information about an attached permissions boundary.
An attached permissions boundary is a managed policy that has been attached to a user or role to set the permissions boundary.
For more information about permissions boundaries, see Permissions boundaries for IAM identities in the IAM User Guide.
See: newAttachedPermissionsBoundary smart constructor.
Constructors
| AttachedPermissionsBoundary' | |
Fields
| |
Instances
newAttachedPermissionsBoundary :: AttachedPermissionsBoundary Source #
Create a value of AttachedPermissionsBoundary with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:permissionsBoundaryType:AttachedPermissionsBoundary', attachedPermissionsBoundary_permissionsBoundaryType - The permissions boundary usage type that indicates what type of IAM
resource is used as the permissions boundary for an entity. This data
type can only have a value of Policy.
$sel:permissionsBoundaryArn:AttachedPermissionsBoundary', attachedPermissionsBoundary_permissionsBoundaryArn - The ARN of the policy used to set the permissions boundary for the user
or role.
attachedPermissionsBoundary_permissionsBoundaryType :: Lens' AttachedPermissionsBoundary (Maybe PermissionsBoundaryAttachmentType) Source #
The permissions boundary usage type that indicates what type of IAM
resource is used as the permissions boundary for an entity. This data
type can only have a value of Policy.
attachedPermissionsBoundary_permissionsBoundaryArn :: Lens' AttachedPermissionsBoundary (Maybe Text) Source #
The ARN of the policy used to set the permissions boundary for the user or role.
AttachedPolicy
data AttachedPolicy Source #
Contains information about an attached policy.
An attached policy is a managed policy that has been attached to a user, group, or role. This data type is used as a response element in the ListAttachedGroupPolicies, ListAttachedRolePolicies, ListAttachedUserPolicies, and GetAccountAuthorizationDetails operations.
For more information about managed policies, refer to Managed policies and inline policies in the IAM User Guide.
See: newAttachedPolicy smart constructor.
Constructors
| AttachedPolicy' | |
Instances
newAttachedPolicy :: AttachedPolicy Source #
Create a value of AttachedPolicy with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:policyName:AttachedPolicy', attachedPolicy_policyName - The friendly name of the attached policy.
$sel:policyArn:AttachedPolicy', attachedPolicy_policyArn - Undocumented member.
attachedPolicy_policyName :: Lens' AttachedPolicy (Maybe Text) Source #
The friendly name of the attached policy.
attachedPolicy_policyArn :: Lens' AttachedPolicy (Maybe Text) Source #
Undocumented member.
ContextEntry
data ContextEntry Source #
Contains information about a condition context key. It includes the name
of the key and specifies the value (or values, if the context key
supports multiple values) to use in the simulation. This information is
used when evaluating the Condition elements of the input policies.
This data type is used as an input parameter to SimulateCustomPolicy and SimulatePrincipalPolicy.
See: newContextEntry smart constructor.
Constructors
| ContextEntry' | |
Fields
| |
Instances
newContextEntry :: ContextEntry Source #
Create a value of ContextEntry with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:contextKeyValues:ContextEntry', contextEntry_contextKeyValues - The value (or values, if the condition context key supports multiple
values) to provide to the simulation when the key is referenced by a
Condition element in an input policy.
$sel:contextKeyName:ContextEntry', contextEntry_contextKeyName - The full name of a condition context key, including the service prefix.
For example, aws:SourceIp or s3:VersionId.
$sel:contextKeyType:ContextEntry', contextEntry_contextKeyType - The data type of the value (or values) specified in the
ContextKeyValues parameter.
contextEntry_contextKeyValues :: Lens' ContextEntry (Maybe [Text]) Source #
The value (or values, if the condition context key supports multiple
values) to provide to the simulation when the key is referenced by a
Condition element in an input policy.
contextEntry_contextKeyName :: Lens' ContextEntry (Maybe Text) Source #
The full name of a condition context key, including the service prefix.
For example, aws:SourceIp or s3:VersionId.
contextEntry_contextKeyType :: Lens' ContextEntry (Maybe ContextKeyTypeEnum) Source #
The data type of the value (or values) specified in the
ContextKeyValues parameter.
DeletionTaskFailureReasonType
data DeletionTaskFailureReasonType Source #
The reason that the service-linked role deletion failed.
This data type is used as a response element in the GetServiceLinkedRoleDeletionStatus operation.
See: newDeletionTaskFailureReasonType smart constructor.
Constructors
| DeletionTaskFailureReasonType' | |
Fields
| |
Instances
newDeletionTaskFailureReasonType :: DeletionTaskFailureReasonType Source #
Create a value of DeletionTaskFailureReasonType with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:roleUsageList:DeletionTaskFailureReasonType', deletionTaskFailureReasonType_roleUsageList - A list of objects that contains details about the service-linked role
deletion failure, if that information is returned by the service. If the
service-linked role has active sessions or if any resources that were
used by the role have not been deleted from the linked service, the role
can't be deleted. This parameter includes a list of the resources that
are associated with the role and the Region in which the resources are
being used.
$sel:reason:DeletionTaskFailureReasonType', deletionTaskFailureReasonType_reason - A short description of the reason that the service-linked role deletion
failed.
deletionTaskFailureReasonType_roleUsageList :: Lens' DeletionTaskFailureReasonType (Maybe [RoleUsageType]) Source #
A list of objects that contains details about the service-linked role deletion failure, if that information is returned by the service. If the service-linked role has active sessions or if any resources that were used by the role have not been deleted from the linked service, the role can't be deleted. This parameter includes a list of the resources that are associated with the role and the Region in which the resources are being used.
deletionTaskFailureReasonType_reason :: Lens' DeletionTaskFailureReasonType (Maybe Text) Source #
A short description of the reason that the service-linked role deletion failed.
EntityDetails
data EntityDetails Source #
An object that contains details about when the IAM entities (users or roles) were last used in an attempt to access the specified Amazon Web Services service.
This data type is a response element in the GetServiceLastAccessedDetailsWithEntities operation.
See: newEntityDetails smart constructor.
Constructors
| EntityDetails' | |
Fields
| |
Instances
Arguments
| :: EntityInfo | |
| -> EntityDetails |
Create a value of EntityDetails with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:lastAuthenticated:EntityDetails', entityDetails_lastAuthenticated - The date and time,
in ISO 8601 date-time format, when the
authenticated entity last attempted to access Amazon Web Services.
Amazon Web Services does not report unauthenticated requests.
This field is null if no IAM entities attempted to access the service within the reporting period.
$sel:entityInfo:EntityDetails', entityDetails_entityInfo - The EntityInfo object that contains details about the entity (user or
role).
entityDetails_lastAuthenticated :: Lens' EntityDetails (Maybe UTCTime) Source #
The date and time, in ISO 8601 date-time format, when the authenticated entity last attempted to access Amazon Web Services. Amazon Web Services does not report unauthenticated requests.
This field is null if no IAM entities attempted to access the service within the reporting period.
entityDetails_entityInfo :: Lens' EntityDetails EntityInfo Source #
The EntityInfo object that contains details about the entity (user or
role).
EntityInfo
data EntityInfo Source #
Contains details about the specified entity (user or role).
This data type is an element of the EntityDetails object.
See: newEntityInfo smart constructor.
Constructors
| EntityInfo' | |
Fields
| |
Instances
Arguments
| :: Text | |
| -> Text | |
| -> PolicyOwnerEntityType | |
| -> Text | |
| -> EntityInfo |
Create a value of EntityInfo with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:path:EntityInfo', entityInfo_path - The path to the entity (user or role). For more information about paths,
see
IAM identifiers
in the IAM User Guide.
$sel:arn:EntityInfo', entityInfo_arn - Undocumented member.
$sel:name:EntityInfo', entityInfo_name - The name of the entity (user or role).
$sel:type':EntityInfo', entityInfo_type - The type of entity (user or role).
$sel:id:EntityInfo', entityInfo_id - The identifier of the entity (user or role).
entityInfo_path :: Lens' EntityInfo (Maybe Text) Source #
The path to the entity (user or role). For more information about paths, see IAM identifiers in the IAM User Guide.
entityInfo_arn :: Lens' EntityInfo Text Source #
Undocumented member.
entityInfo_name :: Lens' EntityInfo Text Source #
The name of the entity (user or role).
entityInfo_type :: Lens' EntityInfo PolicyOwnerEntityType Source #
The type of entity (user or role).
entityInfo_id :: Lens' EntityInfo Text Source #
The identifier of the entity (user or role).
ErrorDetails
data ErrorDetails Source #
Contains information about the reason that the operation failed.
This data type is used as a response element in the GetOrganizationsAccessReport, GetServiceLastAccessedDetails, and GetServiceLastAccessedDetailsWithEntities operations.
See: newErrorDetails smart constructor.
Constructors
| ErrorDetails' | |
Instances
Arguments
| :: Text | |
| -> Text | |
| -> ErrorDetails |
Create a value of ErrorDetails with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:message:ErrorDetails', errorDetails_message - Detailed information about the reason that the operation failed.
$sel:code:ErrorDetails', errorDetails_code - The error code associated with the operation failure.
errorDetails_message :: Lens' ErrorDetails Text Source #
Detailed information about the reason that the operation failed.
errorDetails_code :: Lens' ErrorDetails Text Source #
The error code associated with the operation failure.
EvaluationResult
data EvaluationResult Source #
Contains the results of a simulation.
This data type is used by the return parameter of
SimulateCustomPolicy and SimulatePrincipalPolicy .
See: newEvaluationResult smart constructor.
Constructors
| EvaluationResult' | |
Fields
| |
Instances
Arguments
| :: Text | |
| -> PolicyEvaluationDecisionType | |
| -> EvaluationResult |
Create a value of EvaluationResult with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:matchedStatements:EvaluationResult', evaluationResult_matchedStatements - A list of the statements in the input policies that determine the result
for this scenario. Remember that even if multiple statements allow the
operation on the resource, if only one statement denies that operation,
then the explicit deny overrides any allow. In addition, the deny
statement is the only entry included in the result.
$sel:evalDecisionDetails:EvaluationResult', evaluationResult_evalDecisionDetails - Additional details about the results of the cross-account evaluation
decision. This parameter is populated for only cross-account
simulations. It contains a brief summary of how each policy type
contributes to the final evaluation decision.
If the simulation evaluates policies within the same account and
includes a resource ARN, then the parameter is present but the response
is empty. If the simulation evaluates policies within the same account
and specifies all resources (*), then the parameter is not returned.
When you make a cross-account request, Amazon Web Services evaluates the
request in the trusting account and the trusted account. The request is
allowed only if both evaluations return true. For more information
about how policies are evaluated, see
Evaluating policies within a single account.
If an Organizations SCP included in the evaluation denies access, the simulation ends. In this case, policy evaluation does not proceed any further and this parameter is not returned.
$sel:resourceSpecificResults:EvaluationResult', evaluationResult_resourceSpecificResults - The individual results of the simulation of the API operation specified
in EvalActionName on each resource.
$sel:evalResourceName:EvaluationResult', evaluationResult_evalResourceName - The ARN of the resource that the indicated API operation was tested on.
$sel:missingContextValues:EvaluationResult', evaluationResult_missingContextValues - A list of context keys that are required by the included input policies
but that were not provided by one of the input parameters. This list is
used when the resource in a simulation is "*", either explicitly, or
when the ResourceArns parameter blank. If you include a list of
resources, then any missing context values are instead included under
the ResourceSpecificResults section. To discover the context keys used
by a set of policies, you can call GetContextKeysForCustomPolicy or
GetContextKeysForPrincipalPolicy.
$sel:permissionsBoundaryDecisionDetail:EvaluationResult', evaluationResult_permissionsBoundaryDecisionDetail - Contains information about the effect that a permissions boundary has on
a policy simulation when the boundary is applied to an IAM entity.
$sel:organizationsDecisionDetail:EvaluationResult', evaluationResult_organizationsDecisionDetail - A structure that details how Organizations and its service control
policies affect the results of the simulation. Only applies if the
simulated user's account is part of an organization.
$sel:evalActionName:EvaluationResult', evaluationResult_evalActionName - The name of the API operation tested on the indicated resource.
$sel:evalDecision:EvaluationResult', evaluationResult_evalDecision - The result of the simulation.
evaluationResult_matchedStatements :: Lens' EvaluationResult (Maybe [Statement]) Source #
A list of the statements in the input policies that determine the result for this scenario. Remember that even if multiple statements allow the operation on the resource, if only one statement denies that operation, then the explicit deny overrides any allow. In addition, the deny statement is the only entry included in the result.
evaluationResult_evalDecisionDetails :: Lens' EvaluationResult (Maybe (HashMap Text PolicyEvaluationDecisionType)) Source #
Additional details about the results of the cross-account evaluation decision. This parameter is populated for only cross-account simulations. It contains a brief summary of how each policy type contributes to the final evaluation decision.
If the simulation evaluates policies within the same account and
includes a resource ARN, then the parameter is present but the response
is empty. If the simulation evaluates policies within the same account
and specifies all resources (*), then the parameter is not returned.
When you make a cross-account request, Amazon Web Services evaluates the
request in the trusting account and the trusted account. The request is
allowed only if both evaluations return true. For more information
about how policies are evaluated, see
Evaluating policies within a single account.
If an Organizations SCP included in the evaluation denies access, the simulation ends. In this case, policy evaluation does not proceed any further and this parameter is not returned.
evaluationResult_resourceSpecificResults :: Lens' EvaluationResult (Maybe [ResourceSpecificResult]) Source #
The individual results of the simulation of the API operation specified in EvalActionName on each resource.
evaluationResult_evalResourceName :: Lens' EvaluationResult (Maybe Text) Source #
The ARN of the resource that the indicated API operation was tested on.
evaluationResult_missingContextValues :: Lens' EvaluationResult (Maybe [Text]) Source #
A list of context keys that are required by the included input policies
but that were not provided by one of the input parameters. This list is
used when the resource in a simulation is "*", either explicitly, or
when the ResourceArns parameter blank. If you include a list of
resources, then any missing context values are instead included under
the ResourceSpecificResults section. To discover the context keys used
by a set of policies, you can call GetContextKeysForCustomPolicy or
GetContextKeysForPrincipalPolicy.
evaluationResult_permissionsBoundaryDecisionDetail :: Lens' EvaluationResult (Maybe PermissionsBoundaryDecisionDetail) Source #
Contains information about the effect that a permissions boundary has on a policy simulation when the boundary is applied to an IAM entity.
evaluationResult_organizationsDecisionDetail :: Lens' EvaluationResult (Maybe OrganizationsDecisionDetail) Source #
A structure that details how Organizations and its service control policies affect the results of the simulation. Only applies if the simulated user's account is part of an organization.
evaluationResult_evalActionName :: Lens' EvaluationResult Text Source #
The name of the API operation tested on the indicated resource.
evaluationResult_evalDecision :: Lens' EvaluationResult PolicyEvaluationDecisionType Source #
The result of the simulation.
GetContextKeysForPolicyResponse
data GetContextKeysForPolicyResponse Source #
Contains the response to a successful GetContextKeysForPrincipalPolicy or GetContextKeysForCustomPolicy request.
See: newGetContextKeysForPolicyResponse smart constructor.
Constructors
| GetContextKeysForPolicyResponse' | |
Fields
| |
Instances
newGetContextKeysForPolicyResponse :: GetContextKeysForPolicyResponse Source #
Create a value of GetContextKeysForPolicyResponse with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:contextKeyNames:GetContextKeysForPolicyResponse', getContextKeysForPolicyResponse_contextKeyNames - The list of context keys that are referenced in the input policies.
getContextKeysForPolicyResponse_contextKeyNames :: Lens' GetContextKeysForPolicyResponse (Maybe [Text]) Source #
The list of context keys that are referenced in the input policies.
Group
Contains information about an IAM group entity.
This data type is used as a response element in the following operations:
- CreateGroup
- GetGroup
- ListGroups
See: newGroup smart constructor.
Constructors
| Group' | |
Fields
| |
Instances
| Eq Group Source # | |
| Read Group Source # | |
| Show Group Source # | |
| Generic Group Source # | |
| NFData Group Source # | |
Defined in Amazonka.IAM.Types.Group | |
| Hashable Group Source # | |
Defined in Amazonka.IAM.Types.Group | |
| FromXML Group Source # | |
| type Rep Group Source # | |
Defined in Amazonka.IAM.Types.Group type Rep Group = D1 ('MetaData "Group" "Amazonka.IAM.Types.Group" "libZSservicesZSamazonka-iamZSamazonka-iam" 'False) (C1 ('MetaCons "Group'" 'PrefixI 'True) ((S1 ('MetaSel ('Just "path") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Text) :*: S1 ('MetaSel ('Just "groupName") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Text)) :*: (S1 ('MetaSel ('Just "groupId") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Text) :*: (S1 ('MetaSel ('Just "arn") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Text) :*: S1 ('MetaSel ('Just "createDate") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 ISO8601))))) | |
Create a value of Group with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:path:Group', group_path - The path to the group. For more information about paths, see
IAM identifiers
in the IAM User Guide.
$sel:groupName:Group', group_groupName - The friendly name that identifies the group.
$sel:groupId:Group', group_groupId - The stable and unique string identifying the group. For more information
about IDs, see
IAM identifiers
in the IAM User Guide.
$sel:arn:Group', group_arn - The Amazon Resource Name (ARN) specifying the group. For more
information about ARNs and how to use them in policies, see
IAM identifiers
in the IAM User Guide.
$sel:createDate:Group', group_createDate - The date and time, in
ISO 8601 date-time format, when the
group was created.
group_path :: Lens' Group Text Source #
The path to the group. For more information about paths, see IAM identifiers in the IAM User Guide.
group_groupId :: Lens' Group Text Source #
The stable and unique string identifying the group. For more information about IDs, see IAM identifiers in the IAM User Guide.
group_arn :: Lens' Group Text Source #
The Amazon Resource Name (ARN) specifying the group. For more information about ARNs and how to use them in policies, see IAM identifiers in the IAM User Guide.
group_createDate :: Lens' Group UTCTime Source #
The date and time, in ISO 8601 date-time format, when the group was created.
GroupDetail
data GroupDetail Source #
Contains information about an IAM group, including all of the group's policies.
This data type is used as a response element in the GetAccountAuthorizationDetails operation.
See: newGroupDetail smart constructor.
Constructors
| GroupDetail' | |
Fields
| |
Instances
newGroupDetail :: GroupDetail Source #
Create a value of GroupDetail with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:arn:GroupDetail', groupDetail_arn - Undocumented member.
$sel:path:GroupDetail', groupDetail_path - The path to the group. For more information about paths, see
IAM identifiers
in the IAM User Guide.
$sel:createDate:GroupDetail', groupDetail_createDate - The date and time, in
ISO 8601 date-time format, when the
group was created.
$sel:groupId:GroupDetail', groupDetail_groupId - The stable and unique string identifying the group. For more information
about IDs, see
IAM identifiers
in the IAM User Guide.
$sel:groupPolicyList:GroupDetail', groupDetail_groupPolicyList - A list of the inline policies embedded in the group.
$sel:groupName:GroupDetail', groupDetail_groupName - The friendly name that identifies the group.
$sel:attachedManagedPolicies:GroupDetail', groupDetail_attachedManagedPolicies - A list of the managed policies attached to the group.
groupDetail_arn :: Lens' GroupDetail (Maybe Text) Source #
Undocumented member.
groupDetail_path :: Lens' GroupDetail (Maybe Text) Source #
The path to the group. For more information about paths, see IAM identifiers in the IAM User Guide.
groupDetail_createDate :: Lens' GroupDetail (Maybe UTCTime) Source #
The date and time, in ISO 8601 date-time format, when the group was created.
groupDetail_groupId :: Lens' GroupDetail (Maybe Text) Source #
The stable and unique string identifying the group. For more information about IDs, see IAM identifiers in the IAM User Guide.
groupDetail_groupPolicyList :: Lens' GroupDetail (Maybe [PolicyDetail]) Source #
A list of the inline policies embedded in the group.
groupDetail_groupName :: Lens' GroupDetail (Maybe Text) Source #
The friendly name that identifies the group.
groupDetail_attachedManagedPolicies :: Lens' GroupDetail (Maybe [AttachedPolicy]) Source #
A list of the managed policies attached to the group.
InstanceProfile
data InstanceProfile Source #
Contains information about an instance profile.
This data type is used as a response element in the following operations:
- CreateInstanceProfile
- GetInstanceProfile
- ListInstanceProfiles
- ListInstanceProfilesForRole
See: newInstanceProfile smart constructor.
Constructors
| InstanceProfile' | |
Fields
| |
Instances
Create a value of InstanceProfile with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:tags:InstanceProfile', instanceProfile_tags - A list of tags that are attached to the instance profile. For more
information about tagging, see
Tagging IAM resources
in the IAM User Guide.
$sel:path:InstanceProfile', instanceProfile_path - The path to the instance profile. For more information about paths, see
IAM identifiers
in the IAM User Guide.
$sel:instanceProfileName:InstanceProfile', instanceProfile_instanceProfileName - The name identifying the instance profile.
$sel:instanceProfileId:InstanceProfile', instanceProfile_instanceProfileId - The stable and unique string identifying the instance profile. For more
information about IDs, see
IAM identifiers
in the IAM User Guide.
$sel:arn:InstanceProfile', instanceProfile_arn - The Amazon Resource Name (ARN) specifying the instance profile. For more
information about ARNs and how to use them in policies, see
IAM identifiers
in the IAM User Guide.
$sel:createDate:InstanceProfile', instanceProfile_createDate - The date when the instance profile was created.
$sel:roles:InstanceProfile', instanceProfile_roles - The role associated with the instance profile.
instanceProfile_tags :: Lens' InstanceProfile (Maybe [Tag]) Source #
A list of tags that are attached to the instance profile. For more information about tagging, see Tagging IAM resources in the IAM User Guide.
instanceProfile_path :: Lens' InstanceProfile Text Source #
The path to the instance profile. For more information about paths, see IAM identifiers in the IAM User Guide.
instanceProfile_instanceProfileName :: Lens' InstanceProfile Text Source #
The name identifying the instance profile.
instanceProfile_instanceProfileId :: Lens' InstanceProfile Text Source #
The stable and unique string identifying the instance profile. For more information about IDs, see IAM identifiers in the IAM User Guide.
instanceProfile_arn :: Lens' InstanceProfile Text Source #
The Amazon Resource Name (ARN) specifying the instance profile. For more information about ARNs and how to use them in policies, see IAM identifiers in the IAM User Guide.
instanceProfile_createDate :: Lens' InstanceProfile UTCTime Source #
The date when the instance profile was created.
instanceProfile_roles :: Lens' InstanceProfile [Role] Source #
The role associated with the instance profile.
ListPoliciesGrantingServiceAccessEntry
data ListPoliciesGrantingServiceAccessEntry Source #
Contains details about the permissions policies that are attached to the specified identity (user, group, or role).
This data type is used as a response element in the ListPoliciesGrantingServiceAccess operation.
See: newListPoliciesGrantingServiceAccessEntry smart constructor.
Constructors
| ListPoliciesGrantingServiceAccessEntry' | |
Fields
| |
Instances
newListPoliciesGrantingServiceAccessEntry :: ListPoliciesGrantingServiceAccessEntry Source #
Create a value of ListPoliciesGrantingServiceAccessEntry with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:serviceNamespace:ListPoliciesGrantingServiceAccessEntry', listPoliciesGrantingServiceAccessEntry_serviceNamespace - The namespace of the service that was accessed.
To learn the service namespace of a service, see
Actions, resources, and condition keys for Amazon Web Services services
in the Service Authorization Reference. Choose the name of the service
to view details for that service. In the first paragraph, find the
service prefix. For example, (service prefix: a4b). For more
information about service namespaces, see
Amazon Web Services service namespaces
in the Amazon Web Services General Reference.
$sel:policies:ListPoliciesGrantingServiceAccessEntry', listPoliciesGrantingServiceAccessEntry_policies - The PoliciesGrantingServiceAccess object that contains details about
the policy.
listPoliciesGrantingServiceAccessEntry_serviceNamespace :: Lens' ListPoliciesGrantingServiceAccessEntry (Maybe Text) Source #
The namespace of the service that was accessed.
To learn the service namespace of a service, see
Actions, resources, and condition keys for Amazon Web Services services
in the Service Authorization Reference. Choose the name of the service
to view details for that service. In the first paragraph, find the
service prefix. For example, (service prefix: a4b). For more
information about service namespaces, see
Amazon Web Services service namespaces
in the Amazon Web Services General Reference.
listPoliciesGrantingServiceAccessEntry_policies :: Lens' ListPoliciesGrantingServiceAccessEntry (Maybe [PolicyGrantingServiceAccess]) Source #
The PoliciesGrantingServiceAccess object that contains details about
the policy.
LoginProfile
data LoginProfile Source #
Contains the user name and password create date for a user.
This data type is used as a response element in the CreateLoginProfile and GetLoginProfile operations.
See: newLoginProfile smart constructor.
Constructors
| LoginProfile' | |
Fields
| |
Instances
Create a value of LoginProfile with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:passwordResetRequired:LoginProfile', loginProfile_passwordResetRequired - Specifies whether the user is required to set a new password on next
sign-in.
$sel:userName:LoginProfile', loginProfile_userName - The name of the user, which can be used for signing in to the Amazon Web
Services Management Console.
$sel:createDate:LoginProfile', loginProfile_createDate - The date when the password for the user was created.
loginProfile_passwordResetRequired :: Lens' LoginProfile (Maybe Bool) Source #
Specifies whether the user is required to set a new password on next sign-in.
loginProfile_userName :: Lens' LoginProfile Text Source #
The name of the user, which can be used for signing in to the Amazon Web Services Management Console.
loginProfile_createDate :: Lens' LoginProfile UTCTime Source #
The date when the password for the user was created.
MFADevice
Contains information about an MFA device.
This data type is used as a response element in the ListMFADevices operation.
See: newMFADevice smart constructor.
Constructors
| MFADevice' | |
Fields
| |
Instances
| Eq MFADevice Source # | |
| Read MFADevice Source # | |
| Show MFADevice Source # | |
| Generic MFADevice Source # | |
| NFData MFADevice Source # | |
Defined in Amazonka.IAM.Types.MFADevice | |
| Hashable MFADevice Source # | |
Defined in Amazonka.IAM.Types.MFADevice | |
| FromXML MFADevice Source # | |
| type Rep MFADevice Source # | |
Defined in Amazonka.IAM.Types.MFADevice type Rep MFADevice = D1 ('MetaData "MFADevice" "Amazonka.IAM.Types.MFADevice" "libZSservicesZSamazonka-iamZSamazonka-iam" 'False) (C1 ('MetaCons "MFADevice'" 'PrefixI 'True) (S1 ('MetaSel ('Just "userName") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Text) :*: (S1 ('MetaSel ('Just "serialNumber") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Text) :*: S1 ('MetaSel ('Just "enableDate") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 ISO8601)))) | |
Create a value of MFADevice with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:userName:MFADevice', mfaDevice_userName - The user with whom the MFA device is associated.
$sel:serialNumber:MFADevice', mfaDevice_serialNumber - The serial number that uniquely identifies the MFA device. For virtual
MFA devices, the serial number is the device ARN.
$sel:enableDate:MFADevice', mfaDevice_enableDate - The date when the MFA device was enabled for the user.
mfaDevice_serialNumber :: Lens' MFADevice Text Source #
The serial number that uniquely identifies the MFA device. For virtual MFA devices, the serial number is the device ARN.
mfaDevice_enableDate :: Lens' MFADevice UTCTime Source #
The date when the MFA device was enabled for the user.
ManagedPolicyDetail
data ManagedPolicyDetail Source #
Contains information about a managed policy, including the policy's ARN, versions, and the number of principal entities (users, groups, and roles) that the policy is attached to.
This data type is used as a response element in the GetAccountAuthorizationDetails operation.
For more information about managed policies, see Managed policies and inline policies in the IAM User Guide.
See: newManagedPolicyDetail smart constructor.
Constructors
| ManagedPolicyDetail' | |
Fields
| |
Instances
newManagedPolicyDetail :: ManagedPolicyDetail Source #
Create a value of ManagedPolicyDetail with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:policyName:ManagedPolicyDetail', managedPolicyDetail_policyName - The friendly name (not ARN) identifying the policy.
$sel:arn:ManagedPolicyDetail', managedPolicyDetail_arn - Undocumented member.
$sel:updateDate:ManagedPolicyDetail', managedPolicyDetail_updateDate - The date and time, in
ISO 8601 date-time format, when the
policy was last updated.
When a policy has only one version, this field contains the date and time when the policy was created. When a policy has more than one version, this field contains the date and time when the most recent policy version was created.
$sel:policyId:ManagedPolicyDetail', managedPolicyDetail_policyId - The stable and unique string identifying the policy.
For more information about IDs, see IAM identifiers in the IAM User Guide.
$sel:path:ManagedPolicyDetail', managedPolicyDetail_path - The path to the policy.
For more information about paths, see IAM identifiers in the IAM User Guide.
$sel:policyVersionList:ManagedPolicyDetail', managedPolicyDetail_policyVersionList - A list containing information about the versions of the policy.
$sel:createDate:ManagedPolicyDetail', managedPolicyDetail_createDate - The date and time, in
ISO 8601 date-time format, when the
policy was created.
$sel:isAttachable:ManagedPolicyDetail', managedPolicyDetail_isAttachable - Specifies whether the policy can be attached to an IAM user, group, or
role.
$sel:permissionsBoundaryUsageCount:ManagedPolicyDetail', managedPolicyDetail_permissionsBoundaryUsageCount - The number of entities (users and roles) for which the policy is used as
the permissions boundary.
For more information about permissions boundaries, see Permissions boundaries for IAM identities in the IAM User Guide.
$sel:defaultVersionId:ManagedPolicyDetail', managedPolicyDetail_defaultVersionId - The identifier for the version of the policy that is set as the default
(operative) version.
For more information about policy versions, see Versioning for managed policies in the IAM User Guide.
$sel:attachmentCount:ManagedPolicyDetail', managedPolicyDetail_attachmentCount - The number of principal entities (users, groups, and roles) that the
policy is attached to.
$sel:description:ManagedPolicyDetail', managedPolicyDetail_description - A friendly description of the policy.
managedPolicyDetail_policyName :: Lens' ManagedPolicyDetail (Maybe Text) Source #
The friendly name (not ARN) identifying the policy.
managedPolicyDetail_arn :: Lens' ManagedPolicyDetail (Maybe Text) Source #
Undocumented member.
managedPolicyDetail_updateDate :: Lens' ManagedPolicyDetail (Maybe UTCTime) Source #
The date and time, in ISO 8601 date-time format, when the policy was last updated.
When a policy has only one version, this field contains the date and time when the policy was created. When a policy has more than one version, this field contains the date and time when the most recent policy version was created.
managedPolicyDetail_policyId :: Lens' ManagedPolicyDetail (Maybe Text) Source #
The stable and unique string identifying the policy.
For more information about IDs, see IAM identifiers in the IAM User Guide.
managedPolicyDetail_path :: Lens' ManagedPolicyDetail (Maybe Text) Source #
The path to the policy.
For more information about paths, see IAM identifiers in the IAM User Guide.
managedPolicyDetail_policyVersionList :: Lens' ManagedPolicyDetail (Maybe [PolicyVersion]) Source #
A list containing information about the versions of the policy.
managedPolicyDetail_createDate :: Lens' ManagedPolicyDetail (Maybe UTCTime) Source #
The date and time, in ISO 8601 date-time format, when the policy was created.
managedPolicyDetail_isAttachable :: Lens' ManagedPolicyDetail (Maybe Bool) Source #
Specifies whether the policy can be attached to an IAM user, group, or role.
managedPolicyDetail_permissionsBoundaryUsageCount :: Lens' ManagedPolicyDetail (Maybe Int) Source #
The number of entities (users and roles) for which the policy is used as the permissions boundary.
For more information about permissions boundaries, see Permissions boundaries for IAM identities in the IAM User Guide.
managedPolicyDetail_defaultVersionId :: Lens' ManagedPolicyDetail (Maybe Text) Source #
The identifier for the version of the policy that is set as the default (operative) version.
For more information about policy versions, see Versioning for managed policies in the IAM User Guide.
managedPolicyDetail_attachmentCount :: Lens' ManagedPolicyDetail (Maybe Int) Source #
The number of principal entities (users, groups, and roles) that the policy is attached to.
managedPolicyDetail_description :: Lens' ManagedPolicyDetail (Maybe Text) Source #
A friendly description of the policy.
OpenIDConnectProviderListEntry
data OpenIDConnectProviderListEntry Source #
Contains the Amazon Resource Name (ARN) for an IAM OpenID Connect provider.
See: newOpenIDConnectProviderListEntry smart constructor.
Constructors
| OpenIDConnectProviderListEntry' | |
Instances
newOpenIDConnectProviderListEntry :: OpenIDConnectProviderListEntry Source #
Create a value of OpenIDConnectProviderListEntry with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:arn:OpenIDConnectProviderListEntry', openIDConnectProviderListEntry_arn - Undocumented member.
openIDConnectProviderListEntry_arn :: Lens' OpenIDConnectProviderListEntry (Maybe Text) Source #
Undocumented member.
OrganizationsDecisionDetail
data OrganizationsDecisionDetail Source #
Contains information about the effect that Organizations has on a policy simulation.
See: newOrganizationsDecisionDetail smart constructor.
Constructors
| OrganizationsDecisionDetail' | |
Fields
| |
Instances
newOrganizationsDecisionDetail :: OrganizationsDecisionDetail Source #
Create a value of OrganizationsDecisionDetail with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:allowedByOrganizations:OrganizationsDecisionDetail', organizationsDecisionDetail_allowedByOrganizations - Specifies whether the simulated operation is allowed by the
Organizations service control policies that impact the simulated user's
account.
organizationsDecisionDetail_allowedByOrganizations :: Lens' OrganizationsDecisionDetail (Maybe Bool) Source #
Specifies whether the simulated operation is allowed by the Organizations service control policies that impact the simulated user's account.
PasswordPolicy
data PasswordPolicy Source #
Contains information about the account password policy.
This data type is used as a response element in the GetAccountPasswordPolicy operation.
See: newPasswordPolicy smart constructor.
Constructors
| PasswordPolicy' | |
Fields
| |
Instances
newPasswordPolicy :: PasswordPolicy Source #
Create a value of PasswordPolicy with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:expirePasswords:PasswordPolicy', passwordPolicy_expirePasswords - Indicates whether passwords in the account expire. Returns true if
MaxPasswordAge contains a value greater than 0. Returns false if
MaxPasswordAge is 0 or not present.
$sel:minimumPasswordLength:PasswordPolicy', passwordPolicy_minimumPasswordLength - Minimum length to require for IAM user passwords.
$sel:requireNumbers:PasswordPolicy', passwordPolicy_requireNumbers - Specifies whether IAM user passwords must contain at least one numeric
character (0 to 9).
$sel:passwordReusePrevention:PasswordPolicy', passwordPolicy_passwordReusePrevention - Specifies the number of previous passwords that IAM users are prevented
from reusing.
$sel:requireLowercaseCharacters:PasswordPolicy', passwordPolicy_requireLowercaseCharacters - Specifies whether IAM user passwords must contain at least one lowercase
character (a to z).
$sel:maxPasswordAge:PasswordPolicy', passwordPolicy_maxPasswordAge - The number of days that an IAM user password is valid.
$sel:hardExpiry:PasswordPolicy', passwordPolicy_hardExpiry - Specifies whether IAM users are prevented from setting a new password
after their password has expired.
$sel:requireSymbols:PasswordPolicy', passwordPolicy_requireSymbols - Specifies whether IAM user passwords must contain at least one of the
following symbols:
! @ # $ % ^ & * ( ) _ + - = [ ] { } | '
$sel:requireUppercaseCharacters:PasswordPolicy', passwordPolicy_requireUppercaseCharacters - Specifies whether IAM user passwords must contain at least one uppercase
character (A to Z).
$sel:allowUsersToChangePassword:PasswordPolicy', passwordPolicy_allowUsersToChangePassword - Specifies whether IAM users are allowed to change their own password.
passwordPolicy_expirePasswords :: Lens' PasswordPolicy (Maybe Bool) Source #
Indicates whether passwords in the account expire. Returns true if
MaxPasswordAge contains a value greater than 0. Returns false if
MaxPasswordAge is 0 or not present.
passwordPolicy_minimumPasswordLength :: Lens' PasswordPolicy (Maybe Natural) Source #
Minimum length to require for IAM user passwords.
passwordPolicy_requireNumbers :: Lens' PasswordPolicy (Maybe Bool) Source #
Specifies whether IAM user passwords must contain at least one numeric character (0 to 9).
passwordPolicy_passwordReusePrevention :: Lens' PasswordPolicy (Maybe Natural) Source #
Specifies the number of previous passwords that IAM users are prevented from reusing.
passwordPolicy_requireLowercaseCharacters :: Lens' PasswordPolicy (Maybe Bool) Source #
Specifies whether IAM user passwords must contain at least one lowercase character (a to z).
passwordPolicy_maxPasswordAge :: Lens' PasswordPolicy (Maybe Natural) Source #
The number of days that an IAM user password is valid.
passwordPolicy_hardExpiry :: Lens' PasswordPolicy (Maybe Bool) Source #
Specifies whether IAM users are prevented from setting a new password after their password has expired.
passwordPolicy_requireSymbols :: Lens' PasswordPolicy (Maybe Bool) Source #
Specifies whether IAM user passwords must contain at least one of the following symbols:
! @ # $ % ^ & * ( ) _ + - = [ ] { } | '
passwordPolicy_requireUppercaseCharacters :: Lens' PasswordPolicy (Maybe Bool) Source #
Specifies whether IAM user passwords must contain at least one uppercase character (A to Z).
passwordPolicy_allowUsersToChangePassword :: Lens' PasswordPolicy (Maybe Bool) Source #
Specifies whether IAM users are allowed to change their own password.
PermissionsBoundaryDecisionDetail
data PermissionsBoundaryDecisionDetail Source #
Contains information about the effect that a permissions boundary has on a policy simulation when the boundary is applied to an IAM entity.
See: newPermissionsBoundaryDecisionDetail smart constructor.
Constructors
| PermissionsBoundaryDecisionDetail' | |
Fields
| |
Instances
newPermissionsBoundaryDecisionDetail :: PermissionsBoundaryDecisionDetail Source #
Create a value of PermissionsBoundaryDecisionDetail with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:allowedByPermissionsBoundary:PermissionsBoundaryDecisionDetail', permissionsBoundaryDecisionDetail_allowedByPermissionsBoundary - Specifies whether an action is allowed by a permissions boundary that is
applied to an IAM entity (user or role). A value of true means that
the permissions boundary does not deny the action. This means that the
policy includes an Allow statement that matches the request. In this
case, if an identity-based policy also allows the action, the request is
allowed. A value of false means that either the requested action is
not allowed (implicitly denied) or that the action is explicitly denied
by the permissions boundary. In both of these cases, the action is not
allowed, regardless of the identity-based policy.
permissionsBoundaryDecisionDetail_allowedByPermissionsBoundary :: Lens' PermissionsBoundaryDecisionDetail (Maybe Bool) Source #
Specifies whether an action is allowed by a permissions boundary that is
applied to an IAM entity (user or role). A value of true means that
the permissions boundary does not deny the action. This means that the
policy includes an Allow statement that matches the request. In this
case, if an identity-based policy also allows the action, the request is
allowed. A value of false means that either the requested action is
not allowed (implicitly denied) or that the action is explicitly denied
by the permissions boundary. In both of these cases, the action is not
allowed, regardless of the identity-based policy.
Policy
Contains information about a managed policy.
This data type is used as a response element in the CreatePolicy, GetPolicy, and ListPolicies operations.
For more information about managed policies, refer to Managed policies and inline policies in the IAM User Guide.
See: newPolicy smart constructor.
Constructors
| Policy' | |
Fields
| |
Instances
Create a value of Policy with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:policyName:Policy', policy_policyName - The friendly name (not ARN) identifying the policy.
$sel:arn:Policy', policy_arn - Undocumented member.
$sel:updateDate:Policy', policy_updateDate - The date and time, in
ISO 8601 date-time format, when the
policy was last updated.
When a policy has only one version, this field contains the date and time when the policy was created. When a policy has more than one version, this field contains the date and time when the most recent policy version was created.
$sel:policyId:Policy', policy_policyId - The stable and unique string identifying the policy.
For more information about IDs, see IAM identifiers in the IAM User Guide.
$sel:path:Policy', policy_path - The path to the policy.
For more information about paths, see IAM identifiers in the IAM User Guide.
$sel:createDate:Policy', policy_createDate - The date and time, in
ISO 8601 date-time format, when the
policy was created.
$sel:isAttachable:Policy', policy_isAttachable - Specifies whether the policy can be attached to an IAM user, group, or
role.
$sel:permissionsBoundaryUsageCount:Policy', policy_permissionsBoundaryUsageCount - The number of entities (users and roles) for which the policy is used to
set the permissions boundary.
For more information about permissions boundaries, see Permissions boundaries for IAM identities in the IAM User Guide.
$sel:defaultVersionId:Policy', policy_defaultVersionId - The identifier for the version of the policy that is set as the default
version.
$sel:attachmentCount:Policy', policy_attachmentCount - The number of entities (users, groups, and roles) that the policy is
attached to.
$sel:description:Policy', policy_description - A friendly description of the policy.
This element is included in the response to the GetPolicy operation. It is not included in the response to the ListPolicies operation.
$sel:tags:Policy', policy_tags - A list of tags that are attached to the instance profile. For more
information about tagging, see
Tagging IAM resources
in the IAM User Guide.
policy_policyName :: Lens' Policy (Maybe Text) Source #
The friendly name (not ARN) identifying the policy.
policy_updateDate :: Lens' Policy (Maybe UTCTime) Source #
The date and time, in ISO 8601 date-time format, when the policy was last updated.
When a policy has only one version, this field contains the date and time when the policy was created. When a policy has more than one version, this field contains the date and time when the most recent policy version was created.
policy_policyId :: Lens' Policy (Maybe Text) Source #
The stable and unique string identifying the policy.
For more information about IDs, see IAM identifiers in the IAM User Guide.
policy_path :: Lens' Policy (Maybe Text) Source #
The path to the policy.
For more information about paths, see IAM identifiers in the IAM User Guide.
policy_createDate :: Lens' Policy (Maybe UTCTime) Source #
The date and time, in ISO 8601 date-time format, when the policy was created.
policy_isAttachable :: Lens' Policy (Maybe Bool) Source #
Specifies whether the policy can be attached to an IAM user, group, or role.
policy_permissionsBoundaryUsageCount :: Lens' Policy (Maybe Int) Source #
The number of entities (users and roles) for which the policy is used to set the permissions boundary.
For more information about permissions boundaries, see Permissions boundaries for IAM identities in the IAM User Guide.
policy_defaultVersionId :: Lens' Policy (Maybe Text) Source #
The identifier for the version of the policy that is set as the default version.
policy_attachmentCount :: Lens' Policy (Maybe Int) Source #
The number of entities (users, groups, and roles) that the policy is attached to.
policy_description :: Lens' Policy (Maybe Text) Source #
A friendly description of the policy.
This element is included in the response to the GetPolicy operation. It is not included in the response to the ListPolicies operation.
policy_tags :: Lens' Policy (Maybe [Tag]) Source #
A list of tags that are attached to the instance profile. For more information about tagging, see Tagging IAM resources in the IAM User Guide.
PolicyDetail
data PolicyDetail Source #
Contains information about an IAM policy, including the policy document.
This data type is used as a response element in the GetAccountAuthorizationDetails operation.
See: newPolicyDetail smart constructor.
Constructors
| PolicyDetail' | |
Fields
| |
Instances
newPolicyDetail :: PolicyDetail Source #
Create a value of PolicyDetail with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:policyDocument:PolicyDetail', policyDetail_policyDocument - The policy document.
$sel:policyName:PolicyDetail', policyDetail_policyName - The name of the policy.
policyDetail_policyDocument :: Lens' PolicyDetail (Maybe Text) Source #
The policy document.
policyDetail_policyName :: Lens' PolicyDetail (Maybe Text) Source #
The name of the policy.
PolicyGrantingServiceAccess
data PolicyGrantingServiceAccess Source #
Contains details about the permissions policies that are attached to the specified identity (user, group, or role).
This data type is an element of the ListPoliciesGrantingServiceAccessEntry object.
See: newPolicyGrantingServiceAccess smart constructor.
Constructors
| PolicyGrantingServiceAccess' | |
Fields
| |
Instances
newPolicyGrantingServiceAccess Source #
Arguments
| :: Text | |
| -> PolicyType | |
| -> PolicyGrantingServiceAccess |
Create a value of PolicyGrantingServiceAccess with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:entityName:PolicyGrantingServiceAccess', policyGrantingServiceAccess_entityName - The name of the entity (user or role) to which the inline policy is
attached.
This field is null for managed policies. For more information about these policy types, see Managed policies and inline policies in the IAM User Guide.
$sel:entityType:PolicyGrantingServiceAccess', policyGrantingServiceAccess_entityType - The type of entity (user or role) that used the policy to access the
service to which the inline policy is attached.
This field is null for managed policies. For more information about these policy types, see Managed policies and inline policies in the IAM User Guide.
$sel:policyArn:PolicyGrantingServiceAccess', policyGrantingServiceAccess_policyArn - Undocumented member.
$sel:policyName:PolicyGrantingServiceAccess', policyGrantingServiceAccess_policyName - The policy name.
$sel:policyType:PolicyGrantingServiceAccess', policyGrantingServiceAccess_policyType - The policy type. For more information about these policy types, see
Managed policies and inline policies
in the IAM User Guide.
policyGrantingServiceAccess_entityName :: Lens' PolicyGrantingServiceAccess (Maybe Text) Source #
The name of the entity (user or role) to which the inline policy is attached.
This field is null for managed policies. For more information about these policy types, see Managed policies and inline policies in the IAM User Guide.
policyGrantingServiceAccess_entityType :: Lens' PolicyGrantingServiceAccess (Maybe PolicyOwnerEntityType) Source #
The type of entity (user or role) that used the policy to access the service to which the inline policy is attached.
This field is null for managed policies. For more information about these policy types, see Managed policies and inline policies in the IAM User Guide.
policyGrantingServiceAccess_policyArn :: Lens' PolicyGrantingServiceAccess (Maybe Text) Source #
Undocumented member.
policyGrantingServiceAccess_policyName :: Lens' PolicyGrantingServiceAccess Text Source #
The policy name.
policyGrantingServiceAccess_policyType :: Lens' PolicyGrantingServiceAccess PolicyType Source #
The policy type. For more information about these policy types, see Managed policies and inline policies in the IAM User Guide.
PolicyGroup
data PolicyGroup Source #
Contains information about a group that a managed policy is attached to.
This data type is used as a response element in the ListEntitiesForPolicy operation.
For more information about managed policies, refer to Managed policies and inline policies in the IAM User Guide.
See: newPolicyGroup smart constructor.
Constructors
| PolicyGroup' | |
Instances
newPolicyGroup :: PolicyGroup Source #
Create a value of PolicyGroup with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:groupId:PolicyGroup', policyGroup_groupId - The stable and unique string identifying the group. For more information
about IDs, see
IAM identifiers
in the IAM User Guide.
$sel:groupName:PolicyGroup', policyGroup_groupName - The name (friendly name, not ARN) identifying the group.
policyGroup_groupId :: Lens' PolicyGroup (Maybe Text) Source #
The stable and unique string identifying the group. For more information about IDs, see IAM identifiers in the IAM User Guide.
policyGroup_groupName :: Lens' PolicyGroup (Maybe Text) Source #
The name (friendly name, not ARN) identifying the group.
PolicyRole
data PolicyRole Source #
Contains information about a role that a managed policy is attached to.
This data type is used as a response element in the ListEntitiesForPolicy operation.
For more information about managed policies, refer to Managed policies and inline policies in the IAM User Guide.
See: newPolicyRole smart constructor.
Constructors
| PolicyRole' | |
Instances
newPolicyRole :: PolicyRole Source #
Create a value of PolicyRole with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:roleName:PolicyRole', policyRole_roleName - The name (friendly name, not ARN) identifying the role.
$sel:roleId:PolicyRole', policyRole_roleId - The stable and unique string identifying the role. For more information
about IDs, see
IAM identifiers
in the IAM User Guide.
policyRole_roleName :: Lens' PolicyRole (Maybe Text) Source #
The name (friendly name, not ARN) identifying the role.
policyRole_roleId :: Lens' PolicyRole (Maybe Text) Source #
The stable and unique string identifying the role. For more information about IDs, see IAM identifiers in the IAM User Guide.
PolicyUser
data PolicyUser Source #
Contains information about a user that a managed policy is attached to.
This data type is used as a response element in the ListEntitiesForPolicy operation.
For more information about managed policies, refer to Managed policies and inline policies in the IAM User Guide.
See: newPolicyUser smart constructor.
Constructors
| PolicyUser' | |
Instances
newPolicyUser :: PolicyUser Source #
Create a value of PolicyUser with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:userName:PolicyUser', policyUser_userName - The name (friendly name, not ARN) identifying the user.
$sel:userId:PolicyUser', policyUser_userId - The stable and unique string identifying the user. For more information
about IDs, see
IAM identifiers
in the IAM User Guide.
policyUser_userName :: Lens' PolicyUser (Maybe Text) Source #
The name (friendly name, not ARN) identifying the user.
policyUser_userId :: Lens' PolicyUser (Maybe Text) Source #
The stable and unique string identifying the user. For more information about IDs, see IAM identifiers in the IAM User Guide.
PolicyVersion
data PolicyVersion Source #
Contains information about a version of a managed policy.
This data type is used as a response element in the CreatePolicyVersion, GetPolicyVersion, ListPolicyVersions, and GetAccountAuthorizationDetails operations.
For more information about managed policies, refer to Managed policies and inline policies in the IAM User Guide.
See: newPolicyVersion smart constructor.
Constructors
| PolicyVersion' | |
Fields
| |
Instances
newPolicyVersion :: PolicyVersion Source #
Create a value of PolicyVersion with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:versionId:PolicyVersion', policyVersion_versionId - The identifier for the policy version.
Policy version identifiers always begin with v (always lowercase).
When a policy is created, the first policy version is v1.
$sel:createDate:PolicyVersion', policyVersion_createDate - The date and time, in
ISO 8601 date-time format, when the
policy version was created.
$sel:document:PolicyVersion', policyVersion_document - The policy document.
The policy document is returned in the response to the GetPolicyVersion and GetAccountAuthorizationDetails operations. It is not returned in the response to the CreatePolicyVersion or ListPolicyVersions operations.
The policy document returned in this structure is URL-encoded compliant
with RFC 3986. You can use a URL
decoding method to convert the policy back to plain JSON text. For
example, if you use Java, you can use the decode method of the
java.net.URLDecoder utility class in the Java SDK. Other languages and
SDKs provide similar functionality.
$sel:isDefaultVersion:PolicyVersion', policyVersion_isDefaultVersion - Specifies whether the policy version is set as the policy's default
version.
policyVersion_versionId :: Lens' PolicyVersion (Maybe Text) Source #
The identifier for the policy version.
Policy version identifiers always begin with v (always lowercase).
When a policy is created, the first policy version is v1.
policyVersion_createDate :: Lens' PolicyVersion (Maybe UTCTime) Source #
The date and time, in ISO 8601 date-time format, when the policy version was created.
policyVersion_document :: Lens' PolicyVersion (Maybe Text) Source #
The policy document.
The policy document is returned in the response to the GetPolicyVersion and GetAccountAuthorizationDetails operations. It is not returned in the response to the CreatePolicyVersion or ListPolicyVersions operations.
The policy document returned in this structure is URL-encoded compliant
with RFC 3986. You can use a URL
decoding method to convert the policy back to plain JSON text. For
example, if you use Java, you can use the decode method of the
java.net.URLDecoder utility class in the Java SDK. Other languages and
SDKs provide similar functionality.
policyVersion_isDefaultVersion :: Lens' PolicyVersion (Maybe Bool) Source #
Specifies whether the policy version is set as the policy's default version.
Position
Contains the row and column of a location of a Statement element in a
policy document.
This data type is used as a member of the Statement type.
See: newPosition smart constructor.
Constructors
| Position' | |
Instances
| Eq Position Source # | |
| Read Position Source # | |
| Show Position Source # | |
| Generic Position Source # | |
| NFData Position Source # | |
Defined in Amazonka.IAM.Types.Position | |
| Hashable Position Source # | |
Defined in Amazonka.IAM.Types.Position | |
| FromXML Position Source # | |
| type Rep Position Source # | |
Defined in Amazonka.IAM.Types.Position type Rep Position = D1 ('MetaData "Position" "Amazonka.IAM.Types.Position" "libZSservicesZSamazonka-iamZSamazonka-iam" 'False) (C1 ('MetaCons "Position'" 'PrefixI 'True) (S1 ('MetaSel ('Just "line") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Int)) :*: S1 ('MetaSel ('Just "column") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Int)))) | |
newPosition :: Position Source #
Create a value of Position with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:line:Position', position_line - The line containing the specified position in the document.
$sel:column:Position', position_column - The column in the line containing the specified position in the
document.
position_line :: Lens' Position (Maybe Int) Source #
The line containing the specified position in the document.
position_column :: Lens' Position (Maybe Int) Source #
The column in the line containing the specified position in the document.
ResourceSpecificResult
data ResourceSpecificResult Source #
Contains the result of the simulation of a single API operation call on a single resource.
This data type is used by a member of the EvaluationResult data type.
See: newResourceSpecificResult smart constructor.
Constructors
| ResourceSpecificResult' | |
Fields
| |
Instances
newResourceSpecificResult Source #
Arguments
| :: Text | |
| -> PolicyEvaluationDecisionType | |
| -> ResourceSpecificResult |
Create a value of ResourceSpecificResult with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:matchedStatements:ResourceSpecificResult', resourceSpecificResult_matchedStatements - A list of the statements in the input policies that determine the result
for this part of the simulation. Remember that even if multiple
statements allow the operation on the resource, if any statement
denies that operation, then the explicit deny overrides any allow. In
addition, the deny statement is the only entry included in the result.
$sel:evalDecisionDetails:ResourceSpecificResult', resourceSpecificResult_evalDecisionDetails - Additional details about the results of the evaluation decision on a
single resource. This parameter is returned only for cross-account
simulations. This parameter explains how each policy type contributes to
the resource-specific evaluation decision.
$sel:missingContextValues:ResourceSpecificResult', resourceSpecificResult_missingContextValues - A list of context keys that are required by the included input policies
but that were not provided by one of the input parameters. This list is
used when a list of ARNs is included in the ResourceArns parameter
instead of "*". If you do not specify individual resources, by setting
ResourceArns to "*" or by not including the ResourceArns
parameter, then any missing context values are instead included under
the EvaluationResults section. To discover the context keys used by a
set of policies, you can call GetContextKeysForCustomPolicy or
GetContextKeysForPrincipalPolicy.
$sel:permissionsBoundaryDecisionDetail:ResourceSpecificResult', resourceSpecificResult_permissionsBoundaryDecisionDetail - Contains information about the effect that a permissions boundary has on
a policy simulation when that boundary is applied to an IAM entity.
$sel:evalResourceName:ResourceSpecificResult', resourceSpecificResult_evalResourceName - The name of the simulated resource, in Amazon Resource Name (ARN)
format.
$sel:evalResourceDecision:ResourceSpecificResult', resourceSpecificResult_evalResourceDecision - The result of the simulation of the simulated API operation on the
resource specified in EvalResourceName.
resourceSpecificResult_matchedStatements :: Lens' ResourceSpecificResult (Maybe [Statement]) Source #
A list of the statements in the input policies that determine the result for this part of the simulation. Remember that even if multiple statements allow the operation on the resource, if any statement denies that operation, then the explicit deny overrides any allow. In addition, the deny statement is the only entry included in the result.
resourceSpecificResult_evalDecisionDetails :: Lens' ResourceSpecificResult (Maybe (HashMap Text PolicyEvaluationDecisionType)) Source #
Additional details about the results of the evaluation decision on a single resource. This parameter is returned only for cross-account simulations. This parameter explains how each policy type contributes to the resource-specific evaluation decision.
resourceSpecificResult_missingContextValues :: Lens' ResourceSpecificResult (Maybe [Text]) Source #
A list of context keys that are required by the included input policies
but that were not provided by one of the input parameters. This list is
used when a list of ARNs is included in the ResourceArns parameter
instead of "*". If you do not specify individual resources, by setting
ResourceArns to "*" or by not including the ResourceArns
parameter, then any missing context values are instead included under
the EvaluationResults section. To discover the context keys used by a
set of policies, you can call GetContextKeysForCustomPolicy or
GetContextKeysForPrincipalPolicy.
resourceSpecificResult_permissionsBoundaryDecisionDetail :: Lens' ResourceSpecificResult (Maybe PermissionsBoundaryDecisionDetail) Source #
Contains information about the effect that a permissions boundary has on a policy simulation when that boundary is applied to an IAM entity.
resourceSpecificResult_evalResourceName :: Lens' ResourceSpecificResult Text Source #
The name of the simulated resource, in Amazon Resource Name (ARN) format.
resourceSpecificResult_evalResourceDecision :: Lens' ResourceSpecificResult PolicyEvaluationDecisionType Source #
The result of the simulation of the simulated API operation on the
resource specified in EvalResourceName.
Role
Contains information about an IAM role. This structure is returned as a response element in several API operations that interact with roles.
See: newRole smart constructor.
Constructors
| Role' | |
Fields
| |
Instances
Create a value of Role with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:maxSessionDuration:Role', role_maxSessionDuration - The maximum session duration (in seconds) for the specified role. Anyone
who uses the CLI, or API to assume the role can specify the duration
using the optional DurationSeconds API parameter or duration-seconds
CLI parameter.
$sel:assumeRolePolicyDocument:Role', role_assumeRolePolicyDocument - The policy that grants an entity permission to assume the role.
$sel:roleLastUsed:Role', role_roleLastUsed - Contains information about the last time that an IAM role was used. This
includes the date and time and the Region in which the role was last
used. Activity is only reported for the trailing 400 days. This period
can be shorter if your Region began supporting these features within the
last year. The role might have been used more than 400 days ago. For
more information, see
Regions where data is tracked
in the IAM User Guide.
$sel:permissionsBoundary:Role', role_permissionsBoundary - The ARN of the policy used to set the permissions boundary for the role.
For more information about permissions boundaries, see Permissions boundaries for IAM identities in the IAM User Guide.
$sel:description:Role', role_description - A description of the role that you provide.
$sel:tags:Role', role_tags - A list of tags that are attached to the role. For more information about
tagging, see
Tagging IAM resources
in the IAM User Guide.
$sel:path:Role', role_path - The path to the role. For more information about paths, see
IAM identifiers
in the IAM User Guide.
$sel:roleName:Role', role_roleName - The friendly name that identifies the role.
$sel:roleId:Role', role_roleId - The stable and unique string identifying the role. For more information
about IDs, see
IAM identifiers
in the IAM User Guide.
$sel:arn:Role', role_arn - The Amazon Resource Name (ARN) specifying the role. For more information
about ARNs and how to use them in policies, see
IAM identifiers
in the IAM User Guide guide.
$sel:createDate:Role', role_createDate - The date and time, in
ISO 8601 date-time format, when the
role was created.
role_maxSessionDuration :: Lens' Role (Maybe Natural) Source #
The maximum session duration (in seconds) for the specified role. Anyone
who uses the CLI, or API to assume the role can specify the duration
using the optional DurationSeconds API parameter or duration-seconds
CLI parameter.
role_assumeRolePolicyDocument :: Lens' Role (Maybe Text) Source #
The policy that grants an entity permission to assume the role.
role_roleLastUsed :: Lens' Role (Maybe RoleLastUsed) Source #
Contains information about the last time that an IAM role was used. This includes the date and time and the Region in which the role was last used. Activity is only reported for the trailing 400 days. This period can be shorter if your Region began supporting these features within the last year. The role might have been used more than 400 days ago. For more information, see Regions where data is tracked in the IAM User Guide.
role_permissionsBoundary :: Lens' Role (Maybe AttachedPermissionsBoundary) Source #
The ARN of the policy used to set the permissions boundary for the role.
For more information about permissions boundaries, see Permissions boundaries for IAM identities in the IAM User Guide.
role_tags :: Lens' Role (Maybe [Tag]) Source #
A list of tags that are attached to the role. For more information about tagging, see Tagging IAM resources in the IAM User Guide.
role_path :: Lens' Role Text Source #
The path to the role. For more information about paths, see IAM identifiers in the IAM User Guide.
role_roleId :: Lens' Role Text Source #
The stable and unique string identifying the role. For more information about IDs, see IAM identifiers in the IAM User Guide.
role_arn :: Lens' Role Text Source #
The Amazon Resource Name (ARN) specifying the role. For more information about ARNs and how to use them in policies, see IAM identifiers in the IAM User Guide guide.
role_createDate :: Lens' Role UTCTime Source #
The date and time, in ISO 8601 date-time format, when the role was created.
RoleDetail
data RoleDetail Source #
Contains information about an IAM role, including all of the role's policies.
This data type is used as a response element in the GetAccountAuthorizationDetails operation.
See: newRoleDetail smart constructor.
Constructors
| RoleDetail' | |
Fields
| |
Instances
newRoleDetail :: RoleDetail Source #
Create a value of RoleDetail with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:assumeRolePolicyDocument:RoleDetail', roleDetail_assumeRolePolicyDocument - The trust policy that grants permission to assume the role.
$sel:arn:RoleDetail', roleDetail_arn - Undocumented member.
$sel:path:RoleDetail', roleDetail_path - The path to the role. For more information about paths, see
IAM identifiers
in the IAM User Guide.
$sel:instanceProfileList:RoleDetail', roleDetail_instanceProfileList - A list of instance profiles that contain this role.
$sel:createDate:RoleDetail', roleDetail_createDate - The date and time, in
ISO 8601 date-time format, when the
role was created.
$sel:roleName:RoleDetail', roleDetail_roleName - The friendly name that identifies the role.
$sel:roleId:RoleDetail', roleDetail_roleId - The stable and unique string identifying the role. For more information
about IDs, see
IAM identifiers
in the IAM User Guide.
$sel:roleLastUsed:RoleDetail', roleDetail_roleLastUsed - Contains information about the last time that an IAM role was used. This
includes the date and time and the Region in which the role was last
used. Activity is only reported for the trailing 400 days. This period
can be shorter if your Region began supporting these features within the
last year. The role might have been used more than 400 days ago. For
more information, see
Regions where data is tracked
in the IAM User Guide.
$sel:permissionsBoundary:RoleDetail', roleDetail_permissionsBoundary - The ARN of the policy used to set the permissions boundary for the role.
For more information about permissions boundaries, see Permissions boundaries for IAM identities in the IAM User Guide.
$sel:rolePolicyList:RoleDetail', roleDetail_rolePolicyList - A list of inline policies embedded in the role. These policies are the
role's access (permissions) policies.
$sel:tags:RoleDetail', roleDetail_tags - A list of tags that are attached to the role. For more information about
tagging, see
Tagging IAM resources
in the IAM User Guide.
$sel:attachedManagedPolicies:RoleDetail', roleDetail_attachedManagedPolicies - A list of managed policies attached to the role. These policies are the
role's access (permissions) policies.
roleDetail_assumeRolePolicyDocument :: Lens' RoleDetail (Maybe Text) Source #
The trust policy that grants permission to assume the role.
roleDetail_arn :: Lens' RoleDetail (Maybe Text) Source #
Undocumented member.
roleDetail_path :: Lens' RoleDetail (Maybe Text) Source #
The path to the role. For more information about paths, see IAM identifiers in the IAM User Guide.
roleDetail_instanceProfileList :: Lens' RoleDetail (Maybe [InstanceProfile]) Source #
A list of instance profiles that contain this role.
roleDetail_createDate :: Lens' RoleDetail (Maybe UTCTime) Source #
The date and time, in ISO 8601 date-time format, when the role was created.
roleDetail_roleName :: Lens' RoleDetail (Maybe Text) Source #
The friendly name that identifies the role.
roleDetail_roleId :: Lens' RoleDetail (Maybe Text) Source #
The stable and unique string identifying the role. For more information about IDs, see IAM identifiers in the IAM User Guide.
roleDetail_roleLastUsed :: Lens' RoleDetail (Maybe RoleLastUsed) Source #
Contains information about the last time that an IAM role was used. This includes the date and time and the Region in which the role was last used. Activity is only reported for the trailing 400 days. This period can be shorter if your Region began supporting these features within the last year. The role might have been used more than 400 days ago. For more information, see Regions where data is tracked in the IAM User Guide.
roleDetail_permissionsBoundary :: Lens' RoleDetail (Maybe AttachedPermissionsBoundary) Source #
The ARN of the policy used to set the permissions boundary for the role.
For more information about permissions boundaries, see Permissions boundaries for IAM identities in the IAM User Guide.
roleDetail_rolePolicyList :: Lens' RoleDetail (Maybe [PolicyDetail]) Source #
A list of inline policies embedded in the role. These policies are the role's access (permissions) policies.
roleDetail_tags :: Lens' RoleDetail (Maybe [Tag]) Source #
A list of tags that are attached to the role. For more information about tagging, see Tagging IAM resources in the IAM User Guide.
roleDetail_attachedManagedPolicies :: Lens' RoleDetail (Maybe [AttachedPolicy]) Source #
A list of managed policies attached to the role. These policies are the role's access (permissions) policies.
RoleLastUsed
data RoleLastUsed Source #
Contains information about the last time that an IAM role was used. This includes the date and time and the Region in which the role was last used. Activity is only reported for the trailing 400 days. This period can be shorter if your Region began supporting these features within the last year. The role might have been used more than 400 days ago. For more information, see Regions where data is tracked in the IAM User Guide.
This data type is returned as a response element in the GetRole and GetAccountAuthorizationDetails operations.
See: newRoleLastUsed smart constructor.
Constructors
| RoleLastUsed' | |
Fields
| |
Instances
newRoleLastUsed :: RoleLastUsed Source #
Create a value of RoleLastUsed with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:lastUsedDate:RoleLastUsed', roleLastUsed_lastUsedDate - The date and time,
in ISO 8601 date-time format that the
role was last used.
This field is null if the role has not been used within the IAM tracking period. For more information about the tracking period, see Regions where data is tracked in the IAM User Guide.
$sel:region:RoleLastUsed', roleLastUsed_region - The name of the Amazon Web Services Region in which the role was last
used.
roleLastUsed_lastUsedDate :: Lens' RoleLastUsed (Maybe UTCTime) Source #
The date and time, in ISO 8601 date-time format that the role was last used.
This field is null if the role has not been used within the IAM tracking period. For more information about the tracking period, see Regions where data is tracked in the IAM User Guide.
roleLastUsed_region :: Lens' RoleLastUsed (Maybe Text) Source #
The name of the Amazon Web Services Region in which the role was last used.
RoleUsageType
data RoleUsageType Source #
An object that contains details about how a service-linked role is used, if that information is returned by the service.
This data type is used as a response element in the GetServiceLinkedRoleDeletionStatus operation.
See: newRoleUsageType smart constructor.
Constructors
| RoleUsageType' | |
Instances
newRoleUsageType :: RoleUsageType Source #
Create a value of RoleUsageType with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:resources:RoleUsageType', roleUsageType_resources - The name of the resource that is using the service-linked role.
$sel:region:RoleUsageType', roleUsageType_region - The name of the Region where the service-linked role is being used.
roleUsageType_resources :: Lens' RoleUsageType (Maybe [Text]) Source #
The name of the resource that is using the service-linked role.
roleUsageType_region :: Lens' RoleUsageType (Maybe Text) Source #
The name of the Region where the service-linked role is being used.
SAMLProviderListEntry
data SAMLProviderListEntry Source #
Contains the list of SAML providers for this account.
See: newSAMLProviderListEntry smart constructor.
Constructors
| SAMLProviderListEntry' | |
Fields
| |
Instances
newSAMLProviderListEntry :: SAMLProviderListEntry Source #
Create a value of SAMLProviderListEntry with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:arn:SAMLProviderListEntry', sAMLProviderListEntry_arn - The Amazon Resource Name (ARN) of the SAML provider.
$sel:createDate:SAMLProviderListEntry', sAMLProviderListEntry_createDate - The date and time when the SAML provider was created.
$sel:validUntil:SAMLProviderListEntry', sAMLProviderListEntry_validUntil - The expiration date and time for the SAML provider.
sAMLProviderListEntry_arn :: Lens' SAMLProviderListEntry (Maybe Text) Source #
The Amazon Resource Name (ARN) of the SAML provider.
sAMLProviderListEntry_createDate :: Lens' SAMLProviderListEntry (Maybe UTCTime) Source #
The date and time when the SAML provider was created.
sAMLProviderListEntry_validUntil :: Lens' SAMLProviderListEntry (Maybe UTCTime) Source #
The expiration date and time for the SAML provider.
SSHPublicKey
data SSHPublicKey Source #
Contains information about an SSH public key.
This data type is used as a response element in the GetSSHPublicKey and UploadSSHPublicKey operations.
See: newSSHPublicKey smart constructor.
Constructors
| SSHPublicKey' | |
Fields
| |
Instances
Arguments
| :: Text | |
| -> Text | |
| -> Text | |
| -> Text | |
| -> StatusType | |
| -> SSHPublicKey |
Create a value of SSHPublicKey with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:uploadDate:SSHPublicKey', sSHPublicKey_uploadDate - The date and time, in
ISO 8601 date-time format, when the SSH
public key was uploaded.
$sel:userName:SSHPublicKey', sSHPublicKey_userName - The name of the IAM user associated with the SSH public key.
$sel:sSHPublicKeyId:SSHPublicKey', sSHPublicKey_sSHPublicKeyId - The unique identifier for the SSH public key.
$sel:fingerprint:SSHPublicKey', sSHPublicKey_fingerprint - The MD5 message digest of the SSH public key.
$sel:sSHPublicKeyBody:SSHPublicKey', sSHPublicKey_sSHPublicKeyBody - The SSH public key.
$sel:status:SSHPublicKey', sSHPublicKey_status - The status of the SSH public key. Active means that the key can be
used for authentication with an CodeCommit repository. Inactive means
that the key cannot be used.
sSHPublicKey_uploadDate :: Lens' SSHPublicKey (Maybe UTCTime) Source #
The date and time, in ISO 8601 date-time format, when the SSH public key was uploaded.
sSHPublicKey_userName :: Lens' SSHPublicKey Text Source #
The name of the IAM user associated with the SSH public key.
sSHPublicKey_sSHPublicKeyId :: Lens' SSHPublicKey Text Source #
The unique identifier for the SSH public key.
sSHPublicKey_fingerprint :: Lens' SSHPublicKey Text Source #
The MD5 message digest of the SSH public key.
sSHPublicKey_sSHPublicKeyBody :: Lens' SSHPublicKey Text Source #
The SSH public key.
sSHPublicKey_status :: Lens' SSHPublicKey StatusType Source #
The status of the SSH public key. Active means that the key can be
used for authentication with an CodeCommit repository. Inactive means
that the key cannot be used.
SSHPublicKeyMetadata
data SSHPublicKeyMetadata Source #
Contains information about an SSH public key, without the key's body or fingerprint.
This data type is used as a response element in the ListSSHPublicKeys operation.
See: newSSHPublicKeyMetadata smart constructor.
Constructors
| SSHPublicKeyMetadata' | |
Fields
| |
Instances
newSSHPublicKeyMetadata Source #
Arguments
| :: Text | |
| -> Text | |
| -> StatusType | |
| -> UTCTime | |
| -> SSHPublicKeyMetadata |
Create a value of SSHPublicKeyMetadata with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:userName:SSHPublicKeyMetadata', sSHPublicKeyMetadata_userName - The name of the IAM user associated with the SSH public key.
$sel:sSHPublicKeyId:SSHPublicKeyMetadata', sSHPublicKeyMetadata_sSHPublicKeyId - The unique identifier for the SSH public key.
$sel:status:SSHPublicKeyMetadata', sSHPublicKeyMetadata_status - The status of the SSH public key. Active means that the key can be
used for authentication with an CodeCommit repository. Inactive means
that the key cannot be used.
$sel:uploadDate:SSHPublicKeyMetadata', sSHPublicKeyMetadata_uploadDate - The date and time, in
ISO 8601 date-time format, when the SSH
public key was uploaded.
sSHPublicKeyMetadata_userName :: Lens' SSHPublicKeyMetadata Text Source #
The name of the IAM user associated with the SSH public key.
sSHPublicKeyMetadata_sSHPublicKeyId :: Lens' SSHPublicKeyMetadata Text Source #
The unique identifier for the SSH public key.
sSHPublicKeyMetadata_status :: Lens' SSHPublicKeyMetadata StatusType Source #
The status of the SSH public key. Active means that the key can be
used for authentication with an CodeCommit repository. Inactive means
that the key cannot be used.
sSHPublicKeyMetadata_uploadDate :: Lens' SSHPublicKeyMetadata UTCTime Source #
The date and time, in ISO 8601 date-time format, when the SSH public key was uploaded.
ServerCertificate
data ServerCertificate Source #
Contains information about a server certificate.
This data type is used as a response element in the GetServerCertificate operation.
See: newServerCertificate smart constructor.
Constructors
| ServerCertificate' | |
Fields
| |
Instances
Arguments
| :: ServerCertificateMetadata | |
| -> Text | |
| -> ServerCertificate |
Create a value of ServerCertificate with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:certificateChain:ServerCertificate', serverCertificate_certificateChain - The contents of the public key certificate chain.
$sel:tags:ServerCertificate', serverCertificate_tags - A list of tags that are attached to the server certificate. For more
information about tagging, see
Tagging IAM resources
in the IAM User Guide.
$sel:serverCertificateMetadata:ServerCertificate', serverCertificate_serverCertificateMetadata - The meta information of the server certificate, such as its name, path,
ID, and ARN.
$sel:certificateBody:ServerCertificate', serverCertificate_certificateBody - The contents of the public key certificate.
serverCertificate_certificateChain :: Lens' ServerCertificate (Maybe Text) Source #
The contents of the public key certificate chain.
serverCertificate_tags :: Lens' ServerCertificate (Maybe [Tag]) Source #
A list of tags that are attached to the server certificate. For more information about tagging, see Tagging IAM resources in the IAM User Guide.
serverCertificate_serverCertificateMetadata :: Lens' ServerCertificate ServerCertificateMetadata Source #
The meta information of the server certificate, such as its name, path, ID, and ARN.
serverCertificate_certificateBody :: Lens' ServerCertificate Text Source #
The contents of the public key certificate.
ServerCertificateMetadata
data ServerCertificateMetadata Source #
Contains information about a server certificate without its certificate body, certificate chain, and private key.
This data type is used as a response element in the UploadServerCertificate and ListServerCertificates operations.
See: newServerCertificateMetadata smart constructor.
Constructors
| ServerCertificateMetadata' | |
Fields
| |
Instances
newServerCertificateMetadata Source #
Arguments
| :: Text | |
| -> Text | |
| -> Text | |
| -> Text | |
| -> ServerCertificateMetadata |
Create a value of ServerCertificateMetadata with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:uploadDate:ServerCertificateMetadata', serverCertificateMetadata_uploadDate - The date when the server certificate was uploaded.
$sel:expiration:ServerCertificateMetadata', serverCertificateMetadata_expiration - The date on which the certificate is set to expire.
$sel:path:ServerCertificateMetadata', serverCertificateMetadata_path - The path to the server certificate. For more information about paths,
see
IAM identifiers
in the IAM User Guide.
$sel:serverCertificateName:ServerCertificateMetadata', serverCertificateMetadata_serverCertificateName - The name that identifies the server certificate.
$sel:serverCertificateId:ServerCertificateMetadata', serverCertificateMetadata_serverCertificateId - The stable and unique string identifying the server certificate. For
more information about IDs, see
IAM identifiers
in the IAM User Guide.
$sel:arn:ServerCertificateMetadata', serverCertificateMetadata_arn - The Amazon Resource Name (ARN) specifying the server certificate. For
more information about ARNs and how to use them in policies, see
IAM identifiers
in the IAM User Guide.
serverCertificateMetadata_uploadDate :: Lens' ServerCertificateMetadata (Maybe UTCTime) Source #
The date when the server certificate was uploaded.
serverCertificateMetadata_expiration :: Lens' ServerCertificateMetadata (Maybe UTCTime) Source #
The date on which the certificate is set to expire.
serverCertificateMetadata_path :: Lens' ServerCertificateMetadata Text Source #
The path to the server certificate. For more information about paths, see IAM identifiers in the IAM User Guide.
serverCertificateMetadata_serverCertificateName :: Lens' ServerCertificateMetadata Text Source #
The name that identifies the server certificate.
serverCertificateMetadata_serverCertificateId :: Lens' ServerCertificateMetadata Text Source #
The stable and unique string identifying the server certificate. For more information about IDs, see IAM identifiers in the IAM User Guide.
serverCertificateMetadata_arn :: Lens' ServerCertificateMetadata Text Source #
The Amazon Resource Name (ARN) specifying the server certificate. For more information about ARNs and how to use them in policies, see IAM identifiers in the IAM User Guide.
ServiceLastAccessed
data ServiceLastAccessed Source #
Contains details about the most recent attempt to access the service.
This data type is used as a response element in the GetServiceLastAccessedDetails operation.
See: newServiceLastAccessed smart constructor.
Constructors
| ServiceLastAccessed' | |
Fields
| |
Instances
newServiceLastAccessed Source #
Arguments
| :: Text | |
| -> Text | |
| -> ServiceLastAccessed |
Create a value of ServiceLastAccessed with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:lastAuthenticated:ServiceLastAccessed', serviceLastAccessed_lastAuthenticated - The date and time,
in ISO 8601 date-time format, when an
authenticated entity most recently attempted to access the service.
Amazon Web Services does not report unauthenticated requests.
This field is null if no IAM entities attempted to access the service within the reporting period.
$sel:trackedActionsLastAccessed:ServiceLastAccessed', serviceLastAccessed_trackedActionsLastAccessed - An object that contains details about the most recent attempt to access
a tracked action within the service.
This field is null if there no tracked actions or if the principal did
not use the tracked actions within the
reporting period.
This field is also null if the report was generated at the service level
and not the action level. For more information, see the Granularity
field in GenerateServiceLastAccessedDetails.
$sel:lastAuthenticatedEntity:ServiceLastAccessed', serviceLastAccessed_lastAuthenticatedEntity - The ARN of the authenticated entity (user or role) that last attempted
to access the service. Amazon Web Services does not report
unauthenticated requests.
This field is null if no IAM entities attempted to access the service within the reporting period.
$sel:lastAuthenticatedRegion:ServiceLastAccessed', serviceLastAccessed_lastAuthenticatedRegion - The Region from which the authenticated entity (user or role) last
attempted to access the service. Amazon Web Services does not report
unauthenticated requests.
This field is null if no IAM entities attempted to access the service within the reporting period.
$sel:totalAuthenticatedEntities:ServiceLastAccessed', serviceLastAccessed_totalAuthenticatedEntities - The total number of authenticated principals (root user, IAM users, or
IAM roles) that have attempted to access the service.
This field is null if no principals attempted to access the service within the reporting period.
$sel:serviceName:ServiceLastAccessed', serviceLastAccessed_serviceName - The name of the service in which access was attempted.
$sel:serviceNamespace:ServiceLastAccessed', serviceLastAccessed_serviceNamespace - The namespace of the service in which access was attempted.
To learn the service namespace of a service, see
Actions, resources, and condition keys for Amazon Web Services services
in the Service Authorization Reference. Choose the name of the service
to view details for that service. In the first paragraph, find the
service prefix. For example, (service prefix: a4b). For more
information about service namespaces, see
Amazon Web Services Service Namespaces
in the Amazon Web Services General Reference.
serviceLastAccessed_lastAuthenticated :: Lens' ServiceLastAccessed (Maybe UTCTime) Source #
The date and time, in ISO 8601 date-time format, when an authenticated entity most recently attempted to access the service. Amazon Web Services does not report unauthenticated requests.
This field is null if no IAM entities attempted to access the service within the reporting period.
serviceLastAccessed_trackedActionsLastAccessed :: Lens' ServiceLastAccessed (Maybe [TrackedActionLastAccessed]) Source #
An object that contains details about the most recent attempt to access a tracked action within the service.
This field is null if there no tracked actions or if the principal did
not use the tracked actions within the
reporting period.
This field is also null if the report was generated at the service level
and not the action level. For more information, see the Granularity
field in GenerateServiceLastAccessedDetails.
serviceLastAccessed_lastAuthenticatedEntity :: Lens' ServiceLastAccessed (Maybe Text) Source #
The ARN of the authenticated entity (user or role) that last attempted to access the service. Amazon Web Services does not report unauthenticated requests.
This field is null if no IAM entities attempted to access the service within the reporting period.
serviceLastAccessed_lastAuthenticatedRegion :: Lens' ServiceLastAccessed (Maybe Text) Source #
The Region from which the authenticated entity (user or role) last attempted to access the service. Amazon Web Services does not report unauthenticated requests.
This field is null if no IAM entities attempted to access the service within the reporting period.
serviceLastAccessed_totalAuthenticatedEntities :: Lens' ServiceLastAccessed (Maybe Int) Source #
The total number of authenticated principals (root user, IAM users, or IAM roles) that have attempted to access the service.
This field is null if no principals attempted to access the service within the reporting period.
serviceLastAccessed_serviceName :: Lens' ServiceLastAccessed Text Source #
The name of the service in which access was attempted.
serviceLastAccessed_serviceNamespace :: Lens' ServiceLastAccessed Text Source #
The namespace of the service in which access was attempted.
To learn the service namespace of a service, see
Actions, resources, and condition keys for Amazon Web Services services
in the Service Authorization Reference. Choose the name of the service
to view details for that service. In the first paragraph, find the
service prefix. For example, (service prefix: a4b). For more
information about service namespaces, see
Amazon Web Services Service Namespaces
in the Amazon Web Services General Reference.
ServiceSpecificCredential
data ServiceSpecificCredential Source #
Contains the details of a service-specific credential.
See: newServiceSpecificCredential smart constructor.
Constructors
| ServiceSpecificCredential' | |
Fields
| |
Instances
newServiceSpecificCredential Source #
Arguments
| :: UTCTime | |
| -> Text | |
| -> Text | |
| -> Text | |
| -> Text | |
| -> Text | |
| -> StatusType | |
| -> ServiceSpecificCredential |
Create a value of ServiceSpecificCredential with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:createDate:ServiceSpecificCredential', serviceSpecificCredential_createDate - The date and time, in
ISO 8601 date-time format, when the
service-specific credential were created.
$sel:serviceName:ServiceSpecificCredential', serviceSpecificCredential_serviceName - The name of the service associated with the service-specific credential.
$sel:serviceUserName:ServiceSpecificCredential', serviceSpecificCredential_serviceUserName - The generated user name for the service-specific credential. This value
is generated by combining the IAM user's name combined with the ID
number of the Amazon Web Services account, as in jane-at-123456789012,
for example. This value cannot be configured by the user.
$sel:servicePassword:ServiceSpecificCredential', serviceSpecificCredential_servicePassword - The generated password for the service-specific credential.
$sel:serviceSpecificCredentialId:ServiceSpecificCredential', serviceSpecificCredential_serviceSpecificCredentialId - The unique identifier for the service-specific credential.
$sel:userName:ServiceSpecificCredential', serviceSpecificCredential_userName - The name of the IAM user associated with the service-specific
credential.
$sel:status:ServiceSpecificCredential', serviceSpecificCredential_status - The status of the service-specific credential. Active means that the
key is valid for API calls, while Inactive means it is not.
serviceSpecificCredential_createDate :: Lens' ServiceSpecificCredential UTCTime Source #
The date and time, in ISO 8601 date-time format, when the service-specific credential were created.
serviceSpecificCredential_serviceName :: Lens' ServiceSpecificCredential Text Source #
The name of the service associated with the service-specific credential.
serviceSpecificCredential_serviceUserName :: Lens' ServiceSpecificCredential Text Source #
The generated user name for the service-specific credential. This value
is generated by combining the IAM user's name combined with the ID
number of the Amazon Web Services account, as in jane-at-123456789012,
for example. This value cannot be configured by the user.
serviceSpecificCredential_servicePassword :: Lens' ServiceSpecificCredential Text Source #
The generated password for the service-specific credential.
serviceSpecificCredential_serviceSpecificCredentialId :: Lens' ServiceSpecificCredential Text Source #
The unique identifier for the service-specific credential.
serviceSpecificCredential_userName :: Lens' ServiceSpecificCredential Text Source #
The name of the IAM user associated with the service-specific credential.
serviceSpecificCredential_status :: Lens' ServiceSpecificCredential StatusType Source #
The status of the service-specific credential. Active means that the
key is valid for API calls, while Inactive means it is not.
ServiceSpecificCredentialMetadata
data ServiceSpecificCredentialMetadata Source #
Contains additional details about a service-specific credential.
See: newServiceSpecificCredentialMetadata smart constructor.
Constructors
| ServiceSpecificCredentialMetadata' | |
Fields
| |
Instances
newServiceSpecificCredentialMetadata Source #
Arguments
| :: Text | |
| -> StatusType | |
| -> Text | |
| -> UTCTime | |
| -> Text |
|
| -> Text | |
| -> ServiceSpecificCredentialMetadata |
Create a value of ServiceSpecificCredentialMetadata with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:userName:ServiceSpecificCredentialMetadata', serviceSpecificCredentialMetadata_userName - The name of the IAM user associated with the service-specific
credential.
$sel:status:ServiceSpecificCredentialMetadata', serviceSpecificCredentialMetadata_status - The status of the service-specific credential. Active means that the
key is valid for API calls, while Inactive means it is not.
$sel:serviceUserName:ServiceSpecificCredentialMetadata', serviceSpecificCredentialMetadata_serviceUserName - The generated user name for the service-specific credential.
$sel:createDate:ServiceSpecificCredentialMetadata', serviceSpecificCredentialMetadata_createDate - The date and time, in
ISO 8601 date-time format, when the
service-specific credential were created.
$sel:serviceSpecificCredentialId:ServiceSpecificCredentialMetadata', serviceSpecificCredentialMetadata_serviceSpecificCredentialId - The unique identifier for the service-specific credential.
$sel:serviceName:ServiceSpecificCredentialMetadata', serviceSpecificCredentialMetadata_serviceName - The name of the service associated with the service-specific credential.
serviceSpecificCredentialMetadata_userName :: Lens' ServiceSpecificCredentialMetadata Text Source #
The name of the IAM user associated with the service-specific credential.
serviceSpecificCredentialMetadata_status :: Lens' ServiceSpecificCredentialMetadata StatusType Source #
The status of the service-specific credential. Active means that the
key is valid for API calls, while Inactive means it is not.
serviceSpecificCredentialMetadata_serviceUserName :: Lens' ServiceSpecificCredentialMetadata Text Source #
The generated user name for the service-specific credential.
serviceSpecificCredentialMetadata_createDate :: Lens' ServiceSpecificCredentialMetadata UTCTime Source #
The date and time, in ISO 8601 date-time format, when the service-specific credential were created.
serviceSpecificCredentialMetadata_serviceSpecificCredentialId :: Lens' ServiceSpecificCredentialMetadata Text Source #
The unique identifier for the service-specific credential.
serviceSpecificCredentialMetadata_serviceName :: Lens' ServiceSpecificCredentialMetadata Text Source #
The name of the service associated with the service-specific credential.
SigningCertificate
data SigningCertificate Source #
Contains information about an X.509 signing certificate.
This data type is used as a response element in the UploadSigningCertificate and ListSigningCertificates operations.
See: newSigningCertificate smart constructor.
Constructors
| SigningCertificate' | |
Fields
| |
Instances
newSigningCertificate Source #
Arguments
| :: Text | |
| -> Text | |
| -> Text | |
| -> StatusType | |
| -> SigningCertificate |
Create a value of SigningCertificate with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:uploadDate:SigningCertificate', signingCertificate_uploadDate - The date when the signing certificate was uploaded.
$sel:userName:SigningCertificate', signingCertificate_userName - The name of the user the signing certificate is associated with.
$sel:certificateId:SigningCertificate', signingCertificate_certificateId - The ID for the signing certificate.
$sel:certificateBody:SigningCertificate', signingCertificate_certificateBody - The contents of the signing certificate.
$sel:status:SigningCertificate', signingCertificate_status - The status of the signing certificate. Active means that the key is
valid for API calls, while Inactive means it is not.
signingCertificate_uploadDate :: Lens' SigningCertificate (Maybe UTCTime) Source #
The date when the signing certificate was uploaded.
signingCertificate_userName :: Lens' SigningCertificate Text Source #
The name of the user the signing certificate is associated with.
signingCertificate_certificateId :: Lens' SigningCertificate Text Source #
The ID for the signing certificate.
signingCertificate_certificateBody :: Lens' SigningCertificate Text Source #
The contents of the signing certificate.
signingCertificate_status :: Lens' SigningCertificate StatusType Source #
The status of the signing certificate. Active means that the key is
valid for API calls, while Inactive means it is not.
SimulatePolicyResponse
data SimulatePolicyResponse Source #
Contains the response to a successful SimulatePrincipalPolicy or SimulateCustomPolicy request.
See: newSimulatePolicyResponse smart constructor.
Constructors
| SimulatePolicyResponse' | |
Fields
| |
Instances
newSimulatePolicyResponse :: SimulatePolicyResponse Source #
Create a value of SimulatePolicyResponse with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:evaluationResults:SimulatePolicyResponse', simulatePolicyResponse_evaluationResults - The results of the simulation.
$sel:marker:SimulatePolicyResponse', simulatePolicyResponse_marker - When IsTruncated is true, this element is present and contains the
value to use for the Marker parameter in a subsequent pagination
request.
$sel:isTruncated:SimulatePolicyResponse', simulatePolicyResponse_isTruncated - A flag that indicates whether there are more items to return. If your
results were truncated, you can make a subsequent pagination request
using the Marker request parameter to retrieve more items. Note that
IAM might return fewer than the MaxItems number of results even when
there are more results available. We recommend that you check
IsTruncated after every call to ensure that you receive all your
results.
simulatePolicyResponse_evaluationResults :: Lens' SimulatePolicyResponse (Maybe [EvaluationResult]) Source #
The results of the simulation.
simulatePolicyResponse_marker :: Lens' SimulatePolicyResponse (Maybe Text) Source #
When IsTruncated is true, this element is present and contains the
value to use for the Marker parameter in a subsequent pagination
request.
simulatePolicyResponse_isTruncated :: Lens' SimulatePolicyResponse (Maybe Bool) Source #
A flag that indicates whether there are more items to return. If your
results were truncated, you can make a subsequent pagination request
using the Marker request parameter to retrieve more items. Note that
IAM might return fewer than the MaxItems number of results even when
there are more results available. We recommend that you check
IsTruncated after every call to ensure that you receive all your
results.
Statement
Contains a reference to a Statement element in a policy document that
determines the result of the simulation.
This data type is used by the MatchedStatements member of the
EvaluationResult type.
See: newStatement smart constructor.
Constructors
| Statement' | |
Fields
| |
Instances
newStatement :: Statement Source #
Create a value of Statement with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:sourcePolicyType:Statement', statement_sourcePolicyType - The type of the policy.
$sel:sourcePolicyId:Statement', statement_sourcePolicyId - The identifier of the policy that was provided as an input.
$sel:endPosition:Statement', statement_endPosition - The row and column of the end of a Statement in an IAM policy.
$sel:startPosition:Statement', statement_startPosition - The row and column of the beginning of the Statement in an IAM policy.
statement_sourcePolicyType :: Lens' Statement (Maybe PolicySourceType) Source #
The type of the policy.
statement_sourcePolicyId :: Lens' Statement (Maybe Text) Source #
The identifier of the policy that was provided as an input.
statement_endPosition :: Lens' Statement (Maybe Position) Source #
The row and column of the end of a Statement in an IAM policy.
statement_startPosition :: Lens' Statement (Maybe Position) Source #
The row and column of the beginning of the Statement in an IAM policy.
Tag
A structure that represents user-provided metadata that can be associated with an IAM resource. For more information about tagging, see Tagging IAM resources in the IAM User Guide.
See: newTag smart constructor.
Constructors
| Tag' | |
Fields
| |
Instances
| Eq Tag Source # | |
| Read Tag Source # | |
| Show Tag Source # | |
| Generic Tag Source # | |
| NFData Tag Source # | |
Defined in Amazonka.IAM.Types.Tag | |
| Hashable Tag Source # | |
Defined in Amazonka.IAM.Types.Tag | |
| ToQuery Tag Source # | |
Defined in Amazonka.IAM.Types.Tag Methods toQuery :: Tag -> QueryString # | |
| FromXML Tag Source # | |
| type Rep Tag Source # | |
Defined in Amazonka.IAM.Types.Tag type Rep Tag = D1 ('MetaData "Tag" "Amazonka.IAM.Types.Tag" "libZSservicesZSamazonka-iamZSamazonka-iam" 'False) (C1 ('MetaCons "Tag'" 'PrefixI 'True) (S1 ('MetaSel ('Just "key") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Text) :*: S1 ('MetaSel ('Just "value") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Text))) | |
Create a value of Tag with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:key:Tag', tag_key - The key name that can be used to look up or retrieve the associated
value. For example, Department or Cost Center are common choices.
$sel:value:Tag', tag_value - The value associated with this tag. For example, tags with a key name of
Department could have values such as Human Resources, Accounting,
and Support. Tags with a key name of Cost Center might have values
that consist of the number associated with the different cost centers in
your company. Typically, many resources have tags with the same key name
but with different values.
Amazon Web Services always interprets the tag Value as a single
string. If you need to store an array, you can store comma-separated
values in the string. However, you must interpret the value in your
code.
tag_key :: Lens' Tag Text Source #
The key name that can be used to look up or retrieve the associated
value. For example, Department or Cost Center are common choices.
tag_value :: Lens' Tag Text Source #
The value associated with this tag. For example, tags with a key name of
Department could have values such as Human Resources, Accounting,
and Support. Tags with a key name of Cost Center might have values
that consist of the number associated with the different cost centers in
your company. Typically, many resources have tags with the same key name
but with different values.
Amazon Web Services always interprets the tag Value as a single
string. If you need to store an array, you can store comma-separated
values in the string. However, you must interpret the value in your
code.
TrackedActionLastAccessed
data TrackedActionLastAccessed Source #
Contains details about the most recent attempt to access an action within the service.
This data type is used as a response element in the GetServiceLastAccessedDetails operation.
See: newTrackedActionLastAccessed smart constructor.
Constructors
| TrackedActionLastAccessed' | |
Fields
| |
Instances
newTrackedActionLastAccessed :: TrackedActionLastAccessed Source #
Create a value of TrackedActionLastAccessed with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:lastAccessedTime:TrackedActionLastAccessed', trackedActionLastAccessed_lastAccessedTime - The date and time,
in ISO 8601 date-time format, when an
authenticated entity most recently attempted to access the tracked
service. Amazon Web Services does not report unauthenticated requests.
This field is null if no IAM entities attempted to access the service within the reporting period.
$sel:actionName:TrackedActionLastAccessed', trackedActionLastAccessed_actionName - The name of the tracked action to which access was attempted. Tracked
actions are actions that report activity to IAM.
$sel:lastAccessedEntity:TrackedActionLastAccessed', trackedActionLastAccessed_lastAccessedEntity - Undocumented member.
$sel:lastAccessedRegion:TrackedActionLastAccessed', trackedActionLastAccessed_lastAccessedRegion - The Region from which the authenticated entity (user or role) last
attempted to access the tracked action. Amazon Web Services does not
report unauthenticated requests.
This field is null if no IAM entities attempted to access the service within the reporting period.
trackedActionLastAccessed_lastAccessedTime :: Lens' TrackedActionLastAccessed (Maybe UTCTime) Source #
The date and time, in ISO 8601 date-time format, when an authenticated entity most recently attempted to access the tracked service. Amazon Web Services does not report unauthenticated requests.
This field is null if no IAM entities attempted to access the service within the reporting period.
trackedActionLastAccessed_actionName :: Lens' TrackedActionLastAccessed (Maybe Text) Source #
The name of the tracked action to which access was attempted. Tracked actions are actions that report activity to IAM.
trackedActionLastAccessed_lastAccessedEntity :: Lens' TrackedActionLastAccessed (Maybe Text) Source #
Undocumented member.
trackedActionLastAccessed_lastAccessedRegion :: Lens' TrackedActionLastAccessed (Maybe Text) Source #
The Region from which the authenticated entity (user or role) last attempted to access the tracked action. Amazon Web Services does not report unauthenticated requests.
This field is null if no IAM entities attempted to access the service within the reporting period.
User
Contains information about an IAM user entity.
This data type is used as a response element in the following operations:
- CreateUser
- GetUser
- ListUsers
See: newUser smart constructor.
Constructors
| User' | |
Fields
| |
Instances
Create a value of User with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:passwordLastUsed:User', user_passwordLastUsed - The date and time, in
ISO 8601 date-time format, when the
user's password was last used to sign in to an Amazon Web Services
website. For a list of Amazon Web Services websites that capture a
user's last sign-in time, see the
Credential reports
topic in the IAM User Guide. If a password is used more than once in a
five-minute span, only the first use is returned in this field. If the
field is null (no value), then it indicates that they never signed in
with a password. This can be because:
- The user never had a password.
- A password exists but has not been used since IAM started tracking this information on October 20, 2014.
A null value does not mean that the user never had a password. Also, if the user does not currently have a password but had one in the past, then this field contains the date and time the most recent password was used.
This value is returned only in the GetUser and ListUsers operations.
$sel:path:User', user_path - The path to the user. For more information about paths, see
IAM identifiers
in the IAM User Guide.
The ARN of the policy used to set the permissions boundary for the user.
$sel:permissionsBoundary:User', user_permissionsBoundary - For more information about permissions boundaries, see
Permissions boundaries for IAM identities
in the IAM User Guide.
$sel:tags:User', user_tags - A list of tags that are associated with the user. For more information
about tagging, see
Tagging IAM resources
in the IAM User Guide.
$sel:userName:User', user_userName - The friendly name identifying the user.
$sel:userId:User', user_userId - The stable and unique string identifying the user. For more information
about IDs, see
IAM identifiers
in the IAM User Guide.
$sel:arn:User', user_arn - The Amazon Resource Name (ARN) that identifies the user. For more
information about ARNs and how to use ARNs in policies, see
IAM Identifiers
in the IAM User Guide.
$sel:createDate:User', user_createDate - The date and time, in
ISO 8601 date-time format, when the
user was created.
user_passwordLastUsed :: Lens' User (Maybe UTCTime) Source #
The date and time, in ISO 8601 date-time format, when the user's password was last used to sign in to an Amazon Web Services website. For a list of Amazon Web Services websites that capture a user's last sign-in time, see the Credential reports topic in the IAM User Guide. If a password is used more than once in a five-minute span, only the first use is returned in this field. If the field is null (no value), then it indicates that they never signed in with a password. This can be because:
- The user never had a password.
- A password exists but has not been used since IAM started tracking this information on October 20, 2014.
A null value does not mean that the user never had a password. Also, if the user does not currently have a password but had one in the past, then this field contains the date and time the most recent password was used.
This value is returned only in the GetUser and ListUsers operations.
user_path :: Lens' User (Maybe Text) Source #
The path to the user. For more information about paths, see IAM identifiers in the IAM User Guide.
The ARN of the policy used to set the permissions boundary for the user.
user_permissionsBoundary :: Lens' User (Maybe AttachedPermissionsBoundary) Source #
For more information about permissions boundaries, see Permissions boundaries for IAM identities in the IAM User Guide.
user_tags :: Lens' User (Maybe [Tag]) Source #
A list of tags that are associated with the user. For more information about tagging, see Tagging IAM resources in the IAM User Guide.
user_userId :: Lens' User Text Source #
The stable and unique string identifying the user. For more information about IDs, see IAM identifiers in the IAM User Guide.
user_arn :: Lens' User Text Source #
The Amazon Resource Name (ARN) that identifies the user. For more information about ARNs and how to use ARNs in policies, see IAM Identifiers in the IAM User Guide.
user_createDate :: Lens' User UTCTime Source #
The date and time, in ISO 8601 date-time format, when the user was created.
UserDetail
data UserDetail Source #
Contains information about an IAM user, including all the user's policies and all the IAM groups the user is in.
This data type is used as a response element in the GetAccountAuthorizationDetails operation.
See: newUserDetail smart constructor.
Constructors
| UserDetail' | |
Fields
| |
Instances
newUserDetail :: UserDetail Source #
Create a value of UserDetail with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:groupList:UserDetail', userDetail_groupList - A list of IAM groups that the user is in.
$sel:arn:UserDetail', userDetail_arn - Undocumented member.
$sel:path:UserDetail', userDetail_path - The path to the user. For more information about paths, see
IAM identifiers
in the IAM User Guide.
$sel:createDate:UserDetail', userDetail_createDate - The date and time, in
ISO 8601 date-time format, when the
user was created.
$sel:userName:UserDetail', userDetail_userName - The friendly name identifying the user.
$sel:userId:UserDetail', userDetail_userId - The stable and unique string identifying the user. For more information
about IDs, see
IAM identifiers
in the IAM User Guide.
$sel:permissionsBoundary:UserDetail', userDetail_permissionsBoundary - The ARN of the policy used to set the permissions boundary for the user.
For more information about permissions boundaries, see Permissions boundaries for IAM identities in the IAM User Guide.
$sel:userPolicyList:UserDetail', userDetail_userPolicyList - A list of the inline policies embedded in the user.
$sel:tags:UserDetail', userDetail_tags - A list of tags that are associated with the user. For more information
about tagging, see
Tagging IAM resources
in the IAM User Guide.
$sel:attachedManagedPolicies:UserDetail', userDetail_attachedManagedPolicies - A list of the managed policies attached to the user.
userDetail_groupList :: Lens' UserDetail (Maybe [Text]) Source #
A list of IAM groups that the user is in.
userDetail_arn :: Lens' UserDetail (Maybe Text) Source #
Undocumented member.
userDetail_path :: Lens' UserDetail (Maybe Text) Source #
The path to the user. For more information about paths, see IAM identifiers in the IAM User Guide.
userDetail_createDate :: Lens' UserDetail (Maybe UTCTime) Source #
The date and time, in ISO 8601 date-time format, when the user was created.
userDetail_userName :: Lens' UserDetail (Maybe Text) Source #
The friendly name identifying the user.
userDetail_userId :: Lens' UserDetail (Maybe Text) Source #
The stable and unique string identifying the user. For more information about IDs, see IAM identifiers in the IAM User Guide.
userDetail_permissionsBoundary :: Lens' UserDetail (Maybe AttachedPermissionsBoundary) Source #
The ARN of the policy used to set the permissions boundary for the user.
For more information about permissions boundaries, see Permissions boundaries for IAM identities in the IAM User Guide.
userDetail_userPolicyList :: Lens' UserDetail (Maybe [PolicyDetail]) Source #
A list of the inline policies embedded in the user.
userDetail_tags :: Lens' UserDetail (Maybe [Tag]) Source #
A list of tags that are associated with the user. For more information about tagging, see Tagging IAM resources in the IAM User Guide.
userDetail_attachedManagedPolicies :: Lens' UserDetail (Maybe [AttachedPolicy]) Source #
A list of the managed policies attached to the user.
VirtualMFADevice
data VirtualMFADevice Source #
Contains information about a virtual MFA device.
See: newVirtualMFADevice smart constructor.
Constructors
| VirtualMFADevice' | |
Fields
| |
Instances
Arguments
| :: Text | |
| -> VirtualMFADevice |
Create a value of VirtualMFADevice with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:qRCodePNG:VirtualMFADevice', virtualMFADevice_qRCodePNG - A QR code PNG image that encodes
otpauth://totp/$virtualMFADeviceName@$AccountName?secret=$Base32String
where $virtualMFADeviceName is one of the create call arguments.
AccountName is the user name if set (otherwise, the account ID
otherwise), and Base32String is the seed in base32 format. The
Base32String value is base64-encoded.--
-- Note: This Lens automatically encodes and decodes Base64 data.
-- The underlying isomorphism will encode to Base64 representation during
-- serialisation, and decode from Base64 representation during deserialisation.
-- This Lens accepts and returns only raw unencoded data.
$sel:base32StringSeed:VirtualMFADevice', virtualMFADevice_base32StringSeed - The base32 seed defined as specified in
RFC3548. The
Base32StringSeed is base64-encoded.--
-- Note: This Lens automatically encodes and decodes Base64 data.
-- The underlying isomorphism will encode to Base64 representation during
-- serialisation, and decode from Base64 representation during deserialisation.
-- This Lens accepts and returns only raw unencoded data.
$sel:user:VirtualMFADevice', virtualMFADevice_user - The IAM user associated with this virtual MFA device.
$sel:enableDate:VirtualMFADevice', virtualMFADevice_enableDate - The date and time on which the virtual MFA device was enabled.
$sel:tags:VirtualMFADevice', virtualMFADevice_tags - A list of tags that are attached to the virtual MFA device. For more
information about tagging, see
Tagging IAM resources
in the IAM User Guide.
$sel:serialNumber:VirtualMFADevice', virtualMFADevice_serialNumber - The serial number associated with VirtualMFADevice.
virtualMFADevice_qRCodePNG :: Lens' VirtualMFADevice (Maybe ByteString) Source #
A QR code PNG image that encodes
otpauth://totp/$virtualMFADeviceName@$AccountName?secret=$Base32String
where $virtualMFADeviceName is one of the create call arguments.
AccountName is the user name if set (otherwise, the account ID
otherwise), and Base32String is the seed in base32 format. The
Base32String value is base64-encoded.--
-- Note: This Lens automatically encodes and decodes Base64 data.
-- The underlying isomorphism will encode to Base64 representation during
-- serialisation, and decode from Base64 representation during deserialisation.
-- This Lens accepts and returns only raw unencoded data.
virtualMFADevice_base32StringSeed :: Lens' VirtualMFADevice (Maybe ByteString) Source #
The base32 seed defined as specified in
RFC3548. The
Base32StringSeed is base64-encoded.--
-- Note: This Lens automatically encodes and decodes Base64 data.
-- The underlying isomorphism will encode to Base64 representation during
-- serialisation, and decode from Base64 representation during deserialisation.
-- This Lens accepts and returns only raw unencoded data.
virtualMFADevice_user :: Lens' VirtualMFADevice (Maybe User) Source #
The IAM user associated with this virtual MFA device.
virtualMFADevice_enableDate :: Lens' VirtualMFADevice (Maybe UTCTime) Source #
The date and time on which the virtual MFA device was enabled.
virtualMFADevice_tags :: Lens' VirtualMFADevice (Maybe [Tag]) Source #
A list of tags that are attached to the virtual MFA device. For more information about tagging, see Tagging IAM resources in the IAM User Guide.
virtualMFADevice_serialNumber :: Lens' VirtualMFADevice Text Source #
The serial number associated with VirtualMFADevice.