1// Code generated by smithy-go-codegen DO NOT EDIT. 2 3package types 4 5import ( 6 "time" 7) 8 9// An object that contains details about when a principal in the reported AWS 10// Organizations entity last attempted to access an AWS service. A principal can be 11// an IAM user, an IAM role, or the AWS account root user within the reported 12// Organizations entity. This data type is a response element in the 13// GetOrganizationsAccessReport operation. 14type AccessDetail struct { 15 16 // The name of the service in which access was attempted. 17 // 18 // This member is required. 19 ServiceName *string 20 21 // The namespace of the service in which access was attempted. To learn the service 22 // namespace of a service, go to Actions, Resources, and Condition Keys for AWS 23 // Services 24 // (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_actions-resources-contextkeys.html) 25 // in the IAM User Guide. Choose the name of the service to view details for that 26 // service. In the first paragraph, find the service prefix. For example, (service 27 // prefix: a4b). For more information about service namespaces, see AWS Service 28 // Namespaces 29 // (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#genref-aws-service-namespaces) 30 // in the AWS General Reference. 31 // 32 // This member is required. 33 ServiceNamespace *string 34 35 // The path of the Organizations entity (root, organizational unit, or account) 36 // from which an authenticated principal last attempted to access the service. AWS 37 // does not report unauthenticated requests. This field is null if no principals 38 // (IAM users, IAM roles, or root users) in the reported Organizations entity 39 // attempted to access the service within the reporting period 40 // (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period). 41 EntityPath *string 42 43 // The date and time, in ISO 8601 date-time format 44 // (http://www.iso.org/iso/iso8601), when an authenticated principal most recently 45 // attempted to access the service. AWS does not report unauthenticated requests. 46 // This field is null if no principals in the reported Organizations entity 47 // attempted to access the service within the reporting period 48 // (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period). 49 LastAuthenticatedTime *time.Time 50 51 // The Region where the last service access attempt occurred. This field is null if 52 // no principals in the reported Organizations entity attempted to access the 53 // service within the reporting period 54 // (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period). 55 Region *string 56 57 // The number of accounts with authenticated principals (root users, IAM users, and 58 // IAM roles) that attempted to access the service in the reporting period. 59 TotalAuthenticatedEntities *int32 60} 61 62// Contains information about an AWS access key. This data type is used as a 63// response element in the CreateAccessKey and ListAccessKeys operations. The 64// SecretAccessKey value is returned only in response to CreateAccessKey. You can 65// get a secret access key only when you first create an access key; you cannot 66// recover the secret access key later. If you lose a secret access key, you must 67// create a new access key. 68type AccessKey struct { 69 70 // The ID for this access key. 71 // 72 // This member is required. 73 AccessKeyId *string 74 75 // The secret key used to sign requests. 76 // 77 // This member is required. 78 SecretAccessKey *string 79 80 // The status of the access key. Active means that the key is valid for API calls, 81 // while Inactive means it is not. 82 // 83 // This member is required. 84 Status StatusType 85 86 // The name of the IAM user that the access key is associated with. 87 // 88 // This member is required. 89 UserName *string 90 91 // The date when the access key was created. 92 CreateDate *time.Time 93} 94 95// Contains information about the last time an AWS access key was used since IAM 96// began tracking this information on April 22, 2015. This data type is used as a 97// response element in the GetAccessKeyLastUsed operation. 98type AccessKeyLastUsed struct { 99 100 // The date and time, in ISO 8601 date-time format 101 // (http://www.iso.org/iso/iso8601), when the access key was most recently used. 102 // This field is null in the following situations: 103 // 104 // * The user does not have an 105 // access key. 106 // 107 // * An access key exists but has not been used since IAM began 108 // tracking this information. 109 // 110 // * There is no sign-in data associated with the user. 111 // 112 // This member is required. 113 LastUsedDate *time.Time 114 115 // The AWS Region where this access key was most recently used. The value for this 116 // field is "N/A" in the following situations: 117 // 118 // * The user does not have an access 119 // key. 120 // 121 // * An access key exists but has not been used since IAM began tracking this 122 // information. 123 // 124 // * There is no sign-in data associated with the user. 125 // 126 // For more 127 // information about AWS Regions, see Regions and Endpoints 128 // (https://docs.aws.amazon.com/general/latest/gr/rande.html) in the Amazon Web 129 // Services General Reference. 130 // 131 // This member is required. 132 Region *string 133 134 // The name of the AWS service with which this access key was most recently used. 135 // The value of this field is "N/A" in the following situations: 136 // 137 // * The user does 138 // not have an access key. 139 // 140 // * An access key exists but has not been used since IAM 141 // started tracking this information. 142 // 143 // * There is no sign-in data associated with 144 // the user. 145 // 146 // This member is required. 147 ServiceName *string 148} 149 150// Contains information about an AWS access key, without its secret key. This data 151// type is used as a response element in the ListAccessKeys operation. 152type AccessKeyMetadata struct { 153 154 // The ID for this access key. 155 AccessKeyId *string 156 157 // The date when the access key was created. 158 CreateDate *time.Time 159 160 // The status of the access key. Active means that the key is valid for API calls; 161 // Inactive means it is not. 162 Status StatusType 163 164 // The name of the IAM user that the key is associated with. 165 UserName *string 166} 167 168// Contains information about an attached permissions boundary. An attached 169// permissions boundary is a managed policy that has been attached to a user or 170// role to set the permissions boundary. For more information about permissions 171// boundaries, see Permissions Boundaries for IAM Identities 172// (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html) 173// in the IAM User Guide. 174type AttachedPermissionsBoundary struct { 175 176 // The ARN of the policy used to set the permissions boundary for the user or role. 177 PermissionsBoundaryArn *string 178 179 // The permissions boundary usage type that indicates what type of IAM resource is 180 // used as the permissions boundary for an entity. This data type can only have a 181 // value of Policy. 182 PermissionsBoundaryType PermissionsBoundaryAttachmentType 183} 184 185// Contains information about an attached policy. An attached policy is a managed 186// policy that has been attached to a user, group, or role. This data type is used 187// as a response element in the ListAttachedGroupPolicies, 188// ListAttachedRolePolicies, ListAttachedUserPolicies, and 189// GetAccountAuthorizationDetails operations. For more information about managed 190// policies, refer to Managed Policies and Inline Policies 191// (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) 192// in the IAM User Guide. 193type AttachedPolicy struct { 194 195 // The Amazon Resource Name (ARN). ARNs are unique identifiers for AWS resources. 196 // For more information about ARNs, go to Amazon Resource Names (ARNs) and AWS 197 // Service Namespaces 198 // (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) in 199 // the AWS General Reference. 200 PolicyArn *string 201 202 // The friendly name of the attached policy. 203 PolicyName *string 204} 205 206// Contains information about a condition context key. It includes the name of the 207// key and specifies the value (or values, if the context key supports multiple 208// values) to use in the simulation. This information is used when evaluating the 209// Condition elements of the input policies. This data type is used as an input 210// parameter to SimulateCustomPolicy and SimulatePrincipalPolicy. 211type ContextEntry struct { 212 213 // The full name of a condition context key, including the service prefix. For 214 // example, aws:SourceIp or s3:VersionId. 215 ContextKeyName *string 216 217 // The data type of the value (or values) specified in the ContextKeyValues 218 // parameter. 219 ContextKeyType ContextKeyTypeEnum 220 221 // The value (or values, if the condition context key supports multiple values) to 222 // provide to the simulation when the key is referenced by a Condition element in 223 // an input policy. 224 ContextKeyValues []string 225} 226 227// The reason that the service-linked role deletion failed. This data type is used 228// as a response element in the GetServiceLinkedRoleDeletionStatus operation. 229type DeletionTaskFailureReasonType struct { 230 231 // A short description of the reason that the service-linked role deletion failed. 232 Reason *string 233 234 // A list of objects that contains details about the service-linked role deletion 235 // failure, if that information is returned by the service. If the service-linked 236 // role has active sessions or if any resources that were used by the role have not 237 // been deleted from the linked service, the role can't be deleted. This parameter 238 // includes a list of the resources that are associated with the role and the 239 // Region in which the resources are being used. 240 RoleUsageList []RoleUsageType 241} 242 243// An object that contains details about when the IAM entities (users or roles) 244// were last used in an attempt to access the specified AWS service. This data type 245// is a response element in the GetServiceLastAccessedDetailsWithEntities 246// operation. 247type EntityDetails struct { 248 249 // The EntityInfo object that contains details about the entity (user or role). 250 // 251 // This member is required. 252 EntityInfo *EntityInfo 253 254 // The date and time, in ISO 8601 date-time format 255 // (http://www.iso.org/iso/iso8601), when the authenticated entity last attempted 256 // to access AWS. AWS does not report unauthenticated requests. This field is null 257 // if no IAM entities attempted to access the service within the reporting period 258 // (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period). 259 LastAuthenticated *time.Time 260} 261 262// Contains details about the specified entity (user or role). This data type is an 263// element of the EntityDetails object. 264type EntityInfo struct { 265 266 // The Amazon Resource Name (ARN). ARNs are unique identifiers for AWS resources. 267 // For more information about ARNs, go to Amazon Resource Names (ARNs) and AWS 268 // Service Namespaces 269 // (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) in 270 // the AWS General Reference. 271 // 272 // This member is required. 273 Arn *string 274 275 // The identifier of the entity (user or role). 276 // 277 // This member is required. 278 Id *string 279 280 // The name of the entity (user or role). 281 // 282 // This member is required. 283 Name *string 284 285 // The type of entity (user or role). 286 // 287 // This member is required. 288 Type PolicyOwnerEntityType 289 290 // The path to the entity (user or role). For more information about paths, see IAM 291 // Identifiers 292 // (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the 293 // IAM User Guide. 294 Path *string 295} 296 297// Contains information about the reason that the operation failed. This data type 298// is used as a response element in the GetOrganizationsAccessReport, 299// GetServiceLastAccessedDetails, and GetServiceLastAccessedDetailsWithEntities 300// operations. 301type ErrorDetails struct { 302 303 // The error code associated with the operation failure. 304 // 305 // This member is required. 306 Code *string 307 308 // Detailed information about the reason that the operation failed. 309 // 310 // This member is required. 311 Message *string 312} 313 314// Contains the results of a simulation. This data type is used by the return 315// parameter of SimulateCustomPolicy and SimulatePrincipalPolicy. 316type EvaluationResult struct { 317 318 // The name of the API operation tested on the indicated resource. 319 // 320 // This member is required. 321 EvalActionName *string 322 323 // The result of the simulation. 324 // 325 // This member is required. 326 EvalDecision PolicyEvaluationDecisionType 327 328 // Additional details about the results of the cross-account evaluation decision. 329 // This parameter is populated for only cross-account simulations. It contains a 330 // brief summary of how each policy type contributes to the final evaluation 331 // decision. If the simulation evaluates policies within the same account and 332 // includes a resource ARN, then the parameter is present but the response is 333 // empty. If the simulation evaluates policies within the same account and 334 // specifies all resources (*), then the parameter is not returned. When you make a 335 // cross-account request, AWS evaluates the request in the trusting account and the 336 // trusted account. The request is allowed only if both evaluations return true. 337 // For more information about how policies are evaluated, see Evaluating Policies 338 // Within a Single Account 339 // (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-basics). 340 // If an AWS Organizations SCP included in the evaluation denies access, the 341 // simulation ends. In this case, policy evaluation does not proceed any further 342 // and this parameter is not returned. 343 EvalDecisionDetails map[string]PolicyEvaluationDecisionType 344 345 // The ARN of the resource that the indicated API operation was tested on. 346 EvalResourceName *string 347 348 // A list of the statements in the input policies that determine the result for 349 // this scenario. Remember that even if multiple statements allow the operation on 350 // the resource, if only one statement denies that operation, then the explicit 351 // deny overrides any allow. In addition, the deny statement is the only entry 352 // included in the result. 353 MatchedStatements []Statement 354 355 // A list of context keys that are required by the included input policies but that 356 // were not provided by one of the input parameters. This list is used when the 357 // resource in a simulation is "*", either explicitly, or when the ResourceArns 358 // parameter blank. If you include a list of resources, then any missing context 359 // values are instead included under the ResourceSpecificResults section. To 360 // discover the context keys used by a set of policies, you can call 361 // GetContextKeysForCustomPolicy or GetContextKeysForPrincipalPolicy. 362 MissingContextValues []string 363 364 // A structure that details how Organizations and its service control policies 365 // affect the results of the simulation. Only applies if the simulated user's 366 // account is part of an organization. 367 OrganizationsDecisionDetail *OrganizationsDecisionDetail 368 369 // Contains information about the effect that a permissions boundary has on a 370 // policy simulation when the boundary is applied to an IAM entity. 371 PermissionsBoundaryDecisionDetail *PermissionsBoundaryDecisionDetail 372 373 // The individual results of the simulation of the API operation specified in 374 // EvalActionName on each resource. 375 ResourceSpecificResults []ResourceSpecificResult 376} 377 378// Contains information about an IAM group entity. This data type is used as a 379// response element in the following operations: 380// 381// * CreateGroup 382// 383// * GetGroup 384// 385// * 386// ListGroups 387type Group struct { 388 389 // The Amazon Resource Name (ARN) specifying the group. For more information about 390 // ARNs and how to use them in policies, see IAM Identifiers 391 // (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the 392 // IAM User Guide. 393 // 394 // This member is required. 395 Arn *string 396 397 // The date and time, in ISO 8601 date-time format 398 // (http://www.iso.org/iso/iso8601), when the group was created. 399 // 400 // This member is required. 401 CreateDate *time.Time 402 403 // The stable and unique string identifying the group. For more information about 404 // IDs, see IAM Identifiers 405 // (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the 406 // IAM User Guide. 407 // 408 // This member is required. 409 GroupId *string 410 411 // The friendly name that identifies the group. 412 // 413 // This member is required. 414 GroupName *string 415 416 // The path to the group. For more information about paths, see IAM Identifiers 417 // (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the 418 // IAM User Guide. 419 // 420 // This member is required. 421 Path *string 422} 423 424// Contains information about an IAM group, including all of the group's policies. 425// This data type is used as a response element in the 426// GetAccountAuthorizationDetails operation. 427type GroupDetail struct { 428 429 // The Amazon Resource Name (ARN). ARNs are unique identifiers for AWS resources. 430 // For more information about ARNs, go to Amazon Resource Names (ARNs) and AWS 431 // Service Namespaces 432 // (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) in 433 // the AWS General Reference. 434 Arn *string 435 436 // A list of the managed policies attached to the group. 437 AttachedManagedPolicies []AttachedPolicy 438 439 // The date and time, in ISO 8601 date-time format 440 // (http://www.iso.org/iso/iso8601), when the group was created. 441 CreateDate *time.Time 442 443 // The stable and unique string identifying the group. For more information about 444 // IDs, see IAM Identifiers 445 // (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the 446 // IAM User Guide. 447 GroupId *string 448 449 // The friendly name that identifies the group. 450 GroupName *string 451 452 // A list of the inline policies embedded in the group. 453 GroupPolicyList []PolicyDetail 454 455 // The path to the group. For more information about paths, see IAM Identifiers 456 // (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the 457 // IAM User Guide. 458 Path *string 459} 460 461// Contains information about an instance profile. This data type is used as a 462// response element in the following operations: 463// 464// * CreateInstanceProfile 465// 466// * 467// GetInstanceProfile 468// 469// * ListInstanceProfiles 470// 471// * ListInstanceProfilesForRole 472type InstanceProfile struct { 473 474 // The Amazon Resource Name (ARN) specifying the instance profile. For more 475 // information about ARNs and how to use them in policies, see IAM Identifiers 476 // (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the 477 // IAM User Guide. 478 // 479 // This member is required. 480 Arn *string 481 482 // The date when the instance profile was created. 483 // 484 // This member is required. 485 CreateDate *time.Time 486 487 // The stable and unique string identifying the instance profile. For more 488 // information about IDs, see IAM Identifiers 489 // (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the 490 // IAM User Guide. 491 // 492 // This member is required. 493 InstanceProfileId *string 494 495 // The name identifying the instance profile. 496 // 497 // This member is required. 498 InstanceProfileName *string 499 500 // The path to the instance profile. For more information about paths, see IAM 501 // Identifiers 502 // (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the 503 // IAM User Guide. 504 // 505 // This member is required. 506 Path *string 507 508 // The role associated with the instance profile. 509 // 510 // This member is required. 511 Roles []Role 512} 513 514// Contains details about the permissions policies that are attached to the 515// specified identity (user, group, or role). This data type is used as a response 516// element in the ListPoliciesGrantingServiceAccess operation. 517type ListPoliciesGrantingServiceAccessEntry struct { 518 519 // The PoliciesGrantingServiceAccess object that contains details about the policy. 520 Policies []PolicyGrantingServiceAccess 521 522 // The namespace of the service that was accessed. To learn the service namespace 523 // of a service, go to Actions, Resources, and Condition Keys for AWS Services 524 // (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_actions-resources-contextkeys.html) 525 // in the IAM User Guide. Choose the name of the service to view details for that 526 // service. In the first paragraph, find the service prefix. For example, (service 527 // prefix: a4b). For more information about service namespaces, see AWS Service 528 // Namespaces 529 // (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#genref-aws-service-namespaces) 530 // in the AWS General Reference. 531 ServiceNamespace *string 532} 533 534// Contains the user name and password create date for a user. This data type is 535// used as a response element in the CreateLoginProfile and GetLoginProfile 536// operations. 537type LoginProfile struct { 538 539 // The date when the password for the user was created. 540 // 541 // This member is required. 542 CreateDate *time.Time 543 544 // The name of the user, which can be used for signing in to the AWS Management 545 // Console. 546 // 547 // This member is required. 548 UserName *string 549 550 // Specifies whether the user is required to set a new password on next sign-in. 551 PasswordResetRequired bool 552} 553 554// Contains information about a managed policy, including the policy's ARN, 555// versions, and the number of principal entities (users, groups, and roles) that 556// the policy is attached to. This data type is used as a response element in the 557// GetAccountAuthorizationDetails operation. For more information about managed 558// policies, see Managed Policies and Inline Policies 559// (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) 560// in the IAM User Guide. 561type ManagedPolicyDetail struct { 562 563 // The Amazon Resource Name (ARN). ARNs are unique identifiers for AWS resources. 564 // For more information about ARNs, go to Amazon Resource Names (ARNs) and AWS 565 // Service Namespaces 566 // (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) in 567 // the AWS General Reference. 568 Arn *string 569 570 // The number of principal entities (users, groups, and roles) that the policy is 571 // attached to. 572 AttachmentCount *int32 573 574 // The date and time, in ISO 8601 date-time format 575 // (http://www.iso.org/iso/iso8601), when the policy was created. 576 CreateDate *time.Time 577 578 // The identifier for the version of the policy that is set as the default 579 // (operative) version. For more information about policy versions, see Versioning 580 // for Managed Policies 581 // (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html) 582 // in the IAM User Guide. 583 DefaultVersionId *string 584 585 // A friendly description of the policy. 586 Description *string 587 588 // Specifies whether the policy can be attached to an IAM user, group, or role. 589 IsAttachable bool 590 591 // The path to the policy. For more information about paths, see IAM Identifiers 592 // (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the 593 // IAM User Guide. 594 Path *string 595 596 // The number of entities (users and roles) for which the policy is used as the 597 // permissions boundary. For more information about permissions boundaries, see 598 // Permissions Boundaries for IAM Identities 599 // (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html) 600 // in the IAM User Guide. 601 PermissionsBoundaryUsageCount *int32 602 603 // The stable and unique string identifying the policy. For more information about 604 // IDs, see IAM Identifiers 605 // (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the 606 // IAM User Guide. 607 PolicyId *string 608 609 // The friendly name (not ARN) identifying the policy. 610 PolicyName *string 611 612 // A list containing information about the versions of the policy. 613 PolicyVersionList []PolicyVersion 614 615 // The date and time, in ISO 8601 date-time format 616 // (http://www.iso.org/iso/iso8601), when the policy was last updated. When a 617 // policy has only one version, this field contains the date and time when the 618 // policy was created. When a policy has more than one version, this field contains 619 // the date and time when the most recent policy version was created. 620 UpdateDate *time.Time 621} 622 623// Contains information about an MFA device. This data type is used as a response 624// element in the ListMFADevices operation. 625type MFADevice struct { 626 627 // The date when the MFA device was enabled for the user. 628 // 629 // This member is required. 630 EnableDate *time.Time 631 632 // The serial number that uniquely identifies the MFA device. For virtual MFA 633 // devices, the serial number is the device ARN. 634 // 635 // This member is required. 636 SerialNumber *string 637 638 // The user with whom the MFA device is associated. 639 // 640 // This member is required. 641 UserName *string 642} 643 644// Contains the Amazon Resource Name (ARN) for an IAM OpenID Connect provider. 645type OpenIDConnectProviderListEntry struct { 646 647 // The Amazon Resource Name (ARN). ARNs are unique identifiers for AWS resources. 648 // For more information about ARNs, go to Amazon Resource Names (ARNs) and AWS 649 // Service Namespaces 650 // (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) in 651 // the AWS General Reference. 652 Arn *string 653} 654 655// Contains information about the effect that Organizations has on a policy 656// simulation. 657type OrganizationsDecisionDetail struct { 658 659 // Specifies whether the simulated operation is allowed by the Organizations 660 // service control policies that impact the simulated user's account. 661 AllowedByOrganizations bool 662} 663 664// Contains information about the account password policy. This data type is used 665// as a response element in the GetAccountPasswordPolicy operation. 666type PasswordPolicy struct { 667 668 // Specifies whether IAM users are allowed to change their own password. 669 AllowUsersToChangePassword bool 670 671 // Indicates whether passwords in the account expire. Returns true if 672 // MaxPasswordAge contains a value greater than 0. Returns false if MaxPasswordAge 673 // is 0 or not present. 674 ExpirePasswords bool 675 676 // Specifies whether IAM users are prevented from setting a new password after 677 // their password has expired. 678 HardExpiry *bool 679 680 // The number of days that an IAM user password is valid. 681 MaxPasswordAge *int32 682 683 // Minimum length to require for IAM user passwords. 684 MinimumPasswordLength *int32 685 686 // Specifies the number of previous passwords that IAM users are prevented from 687 // reusing. 688 PasswordReusePrevention *int32 689 690 // Specifies whether to require lowercase characters for IAM user passwords. 691 RequireLowercaseCharacters bool 692 693 // Specifies whether to require numbers for IAM user passwords. 694 RequireNumbers bool 695 696 // Specifies whether to require symbols for IAM user passwords. 697 RequireSymbols bool 698 699 // Specifies whether to require uppercase characters for IAM user passwords. 700 RequireUppercaseCharacters bool 701} 702 703// Contains information about the effect that a permissions boundary has on a 704// policy simulation when the boundary is applied to an IAM entity. 705type PermissionsBoundaryDecisionDetail struct { 706 707 // Specifies whether an action is allowed by a permissions boundary that is applied 708 // to an IAM entity (user or role). A value of true means that the permissions 709 // boundary does not deny the action. This means that the policy includes an Allow 710 // statement that matches the request. In this case, if an identity-based policy 711 // also allows the action, the request is allowed. A value of false means that 712 // either the requested action is not allowed (implicitly denied) or that the 713 // action is explicitly denied by the permissions boundary. In both of these cases, 714 // the action is not allowed, regardless of the identity-based policy. 715 AllowedByPermissionsBoundary bool 716} 717 718// Contains information about a managed policy. This data type is used as a 719// response element in the CreatePolicy, GetPolicy, and ListPolicies operations. 720// For more information about managed policies, refer to Managed Policies and 721// Inline Policies 722// (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) 723// in the IAM User Guide. 724type Policy struct { 725 726 // The Amazon Resource Name (ARN). ARNs are unique identifiers for AWS resources. 727 // For more information about ARNs, go to Amazon Resource Names (ARNs) and AWS 728 // Service Namespaces 729 // (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) in 730 // the AWS General Reference. 731 Arn *string 732 733 // The number of entities (users, groups, and roles) that the policy is attached 734 // to. 735 AttachmentCount *int32 736 737 // The date and time, in ISO 8601 date-time format 738 // (http://www.iso.org/iso/iso8601), when the policy was created. 739 CreateDate *time.Time 740 741 // The identifier for the version of the policy that is set as the default version. 742 DefaultVersionId *string 743 744 // A friendly description of the policy. This element is included in the response 745 // to the GetPolicy operation. It is not included in the response to the 746 // ListPolicies operation. 747 Description *string 748 749 // Specifies whether the policy can be attached to an IAM user, group, or role. 750 IsAttachable bool 751 752 // The path to the policy. For more information about paths, see IAM Identifiers 753 // (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the 754 // IAM User Guide. 755 Path *string 756 757 // The number of entities (users and roles) for which the policy is used to set the 758 // permissions boundary. For more information about permissions boundaries, see 759 // Permissions Boundaries for IAM Identities 760 // (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html) 761 // in the IAM User Guide. 762 PermissionsBoundaryUsageCount *int32 763 764 // The stable and unique string identifying the policy. For more information about 765 // IDs, see IAM Identifiers 766 // (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the 767 // IAM User Guide. 768 PolicyId *string 769 770 // The friendly name (not ARN) identifying the policy. 771 PolicyName *string 772 773 // The date and time, in ISO 8601 date-time format 774 // (http://www.iso.org/iso/iso8601), when the policy was last updated. When a 775 // policy has only one version, this field contains the date and time when the 776 // policy was created. When a policy has more than one version, this field contains 777 // the date and time when the most recent policy version was created. 778 UpdateDate *time.Time 779} 780 781// Contains information about an IAM policy, including the policy document. This 782// data type is used as a response element in the GetAccountAuthorizationDetails 783// operation. 784type PolicyDetail struct { 785 786 // The policy document. 787 PolicyDocument *string 788 789 // The name of the policy. 790 PolicyName *string 791} 792 793// Contains details about the permissions policies that are attached to the 794// specified identity (user, group, or role). This data type is an element of the 795// ListPoliciesGrantingServiceAccessEntry object. 796type PolicyGrantingServiceAccess struct { 797 798 // The policy name. 799 // 800 // This member is required. 801 PolicyName *string 802 803 // The policy type. For more information about these policy types, see Managed 804 // Policies and Inline Policies 805 // (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html) 806 // in the IAM User Guide. 807 // 808 // This member is required. 809 PolicyType PolicyType 810 811 // The name of the entity (user or role) to which the inline policy is attached. 812 // This field is null for managed policies. For more information about these policy 813 // types, see Managed Policies and Inline Policies 814 // (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html) 815 // in the IAM User Guide. 816 EntityName *string 817 818 // The type of entity (user or role) that used the policy to access the service to 819 // which the inline policy is attached. This field is null for managed policies. 820 // For more information about these policy types, see Managed Policies and Inline 821 // Policies 822 // (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html) 823 // in the IAM User Guide. 824 EntityType PolicyOwnerEntityType 825 826 // The Amazon Resource Name (ARN). ARNs are unique identifiers for AWS resources. 827 // For more information about ARNs, go to Amazon Resource Names (ARNs) and AWS 828 // Service Namespaces 829 // (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) in 830 // the AWS General Reference. 831 PolicyArn *string 832} 833 834// Contains information about a group that a managed policy is attached to. This 835// data type is used as a response element in the ListEntitiesForPolicy operation. 836// For more information about managed policies, refer to Managed Policies and 837// Inline Policies 838// (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) 839// in the IAM User Guide. 840type PolicyGroup struct { 841 842 // The stable and unique string identifying the group. For more information about 843 // IDs, see IAM Identifiers 844 // (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html) in 845 // the IAM User Guide. 846 GroupId *string 847 848 // The name (friendly name, not ARN) identifying the group. 849 GroupName *string 850} 851 852// Contains information about a role that a managed policy is attached to. This 853// data type is used as a response element in the ListEntitiesForPolicy operation. 854// For more information about managed policies, refer to Managed Policies and 855// Inline Policies 856// (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) 857// in the IAM User Guide. 858type PolicyRole struct { 859 860 // The stable and unique string identifying the role. For more information about 861 // IDs, see IAM Identifiers 862 // (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html) in 863 // the IAM User Guide. 864 RoleId *string 865 866 // The name (friendly name, not ARN) identifying the role. 867 RoleName *string 868} 869 870// Contains information about a user that a managed policy is attached to. This 871// data type is used as a response element in the ListEntitiesForPolicy operation. 872// For more information about managed policies, refer to Managed Policies and 873// Inline Policies 874// (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) 875// in the IAM User Guide. 876type PolicyUser struct { 877 878 // The stable and unique string identifying the user. For more information about 879 // IDs, see IAM Identifiers 880 // (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html) in 881 // the IAM User Guide. 882 UserId *string 883 884 // The name (friendly name, not ARN) identifying the user. 885 UserName *string 886} 887 888// Contains information about a version of a managed policy. This data type is used 889// as a response element in the CreatePolicyVersion, GetPolicyVersion, 890// ListPolicyVersions, and GetAccountAuthorizationDetails operations. For more 891// information about managed policies, refer to Managed Policies and Inline 892// Policies 893// (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) 894// in the IAM User Guide. 895type PolicyVersion struct { 896 897 // The date and time, in ISO 8601 date-time format 898 // (http://www.iso.org/iso/iso8601), when the policy version was created. 899 CreateDate *time.Time 900 901 // The policy document. The policy document is returned in the response to the 902 // GetPolicyVersion and GetAccountAuthorizationDetails operations. It is not 903 // returned in the response to the CreatePolicyVersion or ListPolicyVersions 904 // operations. The policy document returned in this structure is URL-encoded 905 // compliant with RFC 3986 (https://tools.ietf.org/html/rfc3986). You can use a URL 906 // decoding method to convert the policy back to plain JSON text. For example, if 907 // you use Java, you can use the decode method of the java.net.URLDecoder utility 908 // class in the Java SDK. Other languages and SDKs provide similar functionality. 909 Document *string 910 911 // Specifies whether the policy version is set as the policy's default version. 912 IsDefaultVersion bool 913 914 // The identifier for the policy version. Policy version identifiers always begin 915 // with v (always lowercase). When a policy is created, the first policy version is 916 // v1. 917 VersionId *string 918} 919 920// Contains the row and column of a location of a Statement element in a policy 921// document. This data type is used as a member of the Statement type. 922type Position struct { 923 924 // The column in the line containing the specified position in the document. 925 Column int32 926 927 // The line containing the specified position in the document. 928 Line int32 929} 930 931// Contains the result of the simulation of a single API operation call on a single 932// resource. This data type is used by a member of the EvaluationResult data type. 933type ResourceSpecificResult struct { 934 935 // The result of the simulation of the simulated API operation on the resource 936 // specified in EvalResourceName. 937 // 938 // This member is required. 939 EvalResourceDecision PolicyEvaluationDecisionType 940 941 // The name of the simulated resource, in Amazon Resource Name (ARN) format. 942 // 943 // This member is required. 944 EvalResourceName *string 945 946 // Additional details about the results of the evaluation decision on a single 947 // resource. This parameter is returned only for cross-account simulations. This 948 // parameter explains how each policy type contributes to the resource-specific 949 // evaluation decision. 950 EvalDecisionDetails map[string]PolicyEvaluationDecisionType 951 952 // A list of the statements in the input policies that determine the result for 953 // this part of the simulation. Remember that even if multiple statements allow the 954 // operation on the resource, if any statement denies that operation, then the 955 // explicit deny overrides any allow. In addition, the deny statement is the only 956 // entry included in the result. 957 MatchedStatements []Statement 958 959 // A list of context keys that are required by the included input policies but that 960 // were not provided by one of the input parameters. This list is used when a list 961 // of ARNs is included in the ResourceArns parameter instead of "*". If you do not 962 // specify individual resources, by setting ResourceArns to "*" or by not including 963 // the ResourceArns parameter, then any missing context values are instead included 964 // under the EvaluationResults section. To discover the context keys used by a set 965 // of policies, you can call GetContextKeysForCustomPolicy or 966 // GetContextKeysForPrincipalPolicy. 967 MissingContextValues []string 968 969 // Contains information about the effect that a permissions boundary has on a 970 // policy simulation when that boundary is applied to an IAM entity. 971 PermissionsBoundaryDecisionDetail *PermissionsBoundaryDecisionDetail 972} 973 974// Contains information about an IAM role. This structure is returned as a response 975// element in several API operations that interact with roles. 976type Role struct { 977 978 // The Amazon Resource Name (ARN) specifying the role. For more information about 979 // ARNs and how to use them in policies, see IAM Identifiers 980 // (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the 981 // IAM User Guide guide. 982 // 983 // This member is required. 984 Arn *string 985 986 // The date and time, in ISO 8601 date-time format 987 // (http://www.iso.org/iso/iso8601), when the role was created. 988 // 989 // This member is required. 990 CreateDate *time.Time 991 992 // The path to the role. For more information about paths, see IAM Identifiers 993 // (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the 994 // IAM User Guide. 995 // 996 // This member is required. 997 Path *string 998 999 // The stable and unique string identifying the role. For more information about 1000 // IDs, see IAM Identifiers 1001 // (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the 1002 // IAM User Guide. 1003 // 1004 // This member is required. 1005 RoleId *string 1006 1007 // The friendly name that identifies the role. 1008 // 1009 // This member is required. 1010 RoleName *string 1011 1012 // The policy that grants an entity permission to assume the role. 1013 AssumeRolePolicyDocument *string 1014 1015 // A description of the role that you provide. 1016 Description *string 1017 1018 // The maximum session duration (in seconds) for the specified role. Anyone who 1019 // uses the AWS CLI, or API to assume the role can specify the duration using the 1020 // optional DurationSeconds API parameter or duration-seconds CLI parameter. 1021 MaxSessionDuration *int32 1022 1023 // The ARN of the policy used to set the permissions boundary for the role. For 1024 // more information about permissions boundaries, see Permissions Boundaries for 1025 // IAM Identities 1026 // (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html) 1027 // in the IAM User Guide. 1028 PermissionsBoundary *AttachedPermissionsBoundary 1029 1030 // Contains information about the last time that an IAM role was used. This 1031 // includes the date and time and the Region in which the role was last used. 1032 // Activity is only reported for the trailing 400 days. This period can be shorter 1033 // if your Region began supporting these features within the last year. The role 1034 // might have been used more than 400 days ago. For more information, see Regions 1035 // Where Data Is Tracked 1036 // (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#access-advisor_tracking-period) 1037 // in the IAM User Guide. 1038 RoleLastUsed *RoleLastUsed 1039 1040 // A list of tags that are attached to the specified role. For more information 1041 // about tagging, see Tagging IAM Identities 1042 // (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the IAM User 1043 // Guide. 1044 Tags []Tag 1045} 1046 1047// Contains information about an IAM role, including all of the role's policies. 1048// This data type is used as a response element in the 1049// GetAccountAuthorizationDetails operation. 1050type RoleDetail struct { 1051 1052 // The Amazon Resource Name (ARN). ARNs are unique identifiers for AWS resources. 1053 // For more information about ARNs, go to Amazon Resource Names (ARNs) and AWS 1054 // Service Namespaces 1055 // (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) in 1056 // the AWS General Reference. 1057 Arn *string 1058 1059 // The trust policy that grants permission to assume the role. 1060 AssumeRolePolicyDocument *string 1061 1062 // A list of managed policies attached to the role. These policies are the role's 1063 // access (permissions) policies. 1064 AttachedManagedPolicies []AttachedPolicy 1065 1066 // The date and time, in ISO 8601 date-time format 1067 // (http://www.iso.org/iso/iso8601), when the role was created. 1068 CreateDate *time.Time 1069 1070 // A list of instance profiles that contain this role. 1071 InstanceProfileList []InstanceProfile 1072 1073 // The path to the role. For more information about paths, see IAM Identifiers 1074 // (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the 1075 // IAM User Guide. 1076 Path *string 1077 1078 // The ARN of the policy used to set the permissions boundary for the role. For 1079 // more information about permissions boundaries, see Permissions Boundaries for 1080 // IAM Identities 1081 // (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html) 1082 // in the IAM User Guide. 1083 PermissionsBoundary *AttachedPermissionsBoundary 1084 1085 // The stable and unique string identifying the role. For more information about 1086 // IDs, see IAM Identifiers 1087 // (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the 1088 // IAM User Guide. 1089 RoleId *string 1090 1091 // Contains information about the last time that an IAM role was used. This 1092 // includes the date and time and the Region in which the role was last used. 1093 // Activity is only reported for the trailing 400 days. This period can be shorter 1094 // if your Region began supporting these features within the last year. The role 1095 // might have been used more than 400 days ago. For more information, see Regions 1096 // Where Data Is Tracked 1097 // (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#access-advisor_tracking-period) 1098 // in the IAM User Guide. 1099 RoleLastUsed *RoleLastUsed 1100 1101 // The friendly name that identifies the role. 1102 RoleName *string 1103 1104 // A list of inline policies embedded in the role. These policies are the role's 1105 // access (permissions) policies. 1106 RolePolicyList []PolicyDetail 1107 1108 // A list of tags that are attached to the specified role. For more information 1109 // about tagging, see Tagging IAM Identities 1110 // (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the IAM User 1111 // Guide. 1112 Tags []Tag 1113} 1114 1115// Contains information about the last time that an IAM role was used. This 1116// includes the date and time and the Region in which the role was last used. 1117// Activity is only reported for the trailing 400 days. This period can be shorter 1118// if your Region began supporting these features within the last year. The role 1119// might have been used more than 400 days ago. For more information, see Regions 1120// Where Data Is Tracked 1121// (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#access-advisor_tracking-period) 1122// in the IAM User Guide. This data type is returned as a response element in the 1123// GetRole and GetAccountAuthorizationDetails operations. 1124type RoleLastUsed struct { 1125 1126 // The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601) 1127 // that the role was last used. This field is null if the role has not been used 1128 // within the IAM tracking period. For more information about the tracking period, 1129 // see Regions Where Data Is Tracked 1130 // (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#access-advisor_tracking-period) 1131 // in the IAM User Guide. 1132 LastUsedDate *time.Time 1133 1134 // The name of the AWS Region in which the role was last used. 1135 Region *string 1136} 1137 1138// An object that contains details about how a service-linked role is used, if that 1139// information is returned by the service. This data type is used as a response 1140// element in the GetServiceLinkedRoleDeletionStatus operation. 1141type RoleUsageType struct { 1142 1143 // The name of the Region where the service-linked role is being used. 1144 Region *string 1145 1146 // The name of the resource that is using the service-linked role. 1147 Resources []string 1148} 1149 1150// Contains the list of SAML providers for this account. 1151type SAMLProviderListEntry struct { 1152 1153 // The Amazon Resource Name (ARN) of the SAML provider. 1154 Arn *string 1155 1156 // The date and time when the SAML provider was created. 1157 CreateDate *time.Time 1158 1159 // The expiration date and time for the SAML provider. 1160 ValidUntil *time.Time 1161} 1162 1163// Contains information about a server certificate. This data type is used as a 1164// response element in the GetServerCertificate operation. 1165type ServerCertificate struct { 1166 1167 // The contents of the public key certificate. 1168 // 1169 // This member is required. 1170 CertificateBody *string 1171 1172 // The meta information of the server certificate, such as its name, path, ID, and 1173 // ARN. 1174 // 1175 // This member is required. 1176 ServerCertificateMetadata *ServerCertificateMetadata 1177 1178 // The contents of the public key certificate chain. 1179 CertificateChain *string 1180} 1181 1182// Contains information about a server certificate without its certificate body, 1183// certificate chain, and private key. This data type is used as a response element 1184// in the UploadServerCertificate and ListServerCertificates operations. 1185type ServerCertificateMetadata struct { 1186 1187 // The Amazon Resource Name (ARN) specifying the server certificate. For more 1188 // information about ARNs and how to use them in policies, see IAM Identifiers 1189 // (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the 1190 // IAM User Guide. 1191 // 1192 // This member is required. 1193 Arn *string 1194 1195 // The path to the server certificate. For more information about paths, see IAM 1196 // Identifiers 1197 // (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the 1198 // IAM User Guide. 1199 // 1200 // This member is required. 1201 Path *string 1202 1203 // The stable and unique string identifying the server certificate. For more 1204 // information about IDs, see IAM Identifiers 1205 // (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the 1206 // IAM User Guide. 1207 // 1208 // This member is required. 1209 ServerCertificateId *string 1210 1211 // The name that identifies the server certificate. 1212 // 1213 // This member is required. 1214 ServerCertificateName *string 1215 1216 // The date on which the certificate is set to expire. 1217 Expiration *time.Time 1218 1219 // The date when the server certificate was uploaded. 1220 UploadDate *time.Time 1221} 1222 1223// Contains details about the most recent attempt to access the service. This data 1224// type is used as a response element in the GetServiceLastAccessedDetails 1225// operation. 1226type ServiceLastAccessed struct { 1227 1228 // The name of the service in which access was attempted. 1229 // 1230 // This member is required. 1231 ServiceName *string 1232 1233 // The namespace of the service in which access was attempted. To learn the service 1234 // namespace of a service, go to Actions, Resources, and Condition Keys for AWS 1235 // Services 1236 // (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_actions-resources-contextkeys.html) 1237 // in the IAM User Guide. Choose the name of the service to view details for that 1238 // service. In the first paragraph, find the service prefix. For example, (service 1239 // prefix: a4b). For more information about service namespaces, see AWS Service 1240 // Namespaces 1241 // (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#genref-aws-service-namespaces) 1242 // in the AWS General Reference. 1243 // 1244 // This member is required. 1245 ServiceNamespace *string 1246 1247 // The date and time, in ISO 8601 date-time format 1248 // (http://www.iso.org/iso/iso8601), when an authenticated entity most recently 1249 // attempted to access the service. AWS does not report unauthenticated requests. 1250 // This field is null if no IAM entities attempted to access the service within the 1251 // reporting period 1252 // (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period). 1253 LastAuthenticated *time.Time 1254 1255 // The ARN of the authenticated entity (user or role) that last attempted to access 1256 // the service. AWS does not report unauthenticated requests. This field is null if 1257 // no IAM entities attempted to access the service within the reporting period 1258 // (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period). 1259 LastAuthenticatedEntity *string 1260 1261 // The Region from which the authenticated entity (user or role) last attempted to 1262 // access the service. AWS does not report unauthenticated requests. This field is 1263 // null if no IAM entities attempted to access the service within the reporting 1264 // period 1265 // (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period). 1266 LastAuthenticatedRegion *string 1267 1268 // The total number of authenticated principals (root user, IAM users, or IAM 1269 // roles) that have attempted to access the service. This field is null if no 1270 // principals attempted to access the service within the reporting period 1271 // (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period). 1272 TotalAuthenticatedEntities *int32 1273 1274 // An object that contains details about the most recent attempt to access a 1275 // tracked action within the service. This field is null if there no tracked 1276 // actions or if the principal did not use the tracked actions within the reporting 1277 // period 1278 // (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period). 1279 // This field is also null if the report was generated at the service level and not 1280 // the action level. For more information, see the Granularity field in 1281 // GenerateServiceLastAccessedDetails. 1282 TrackedActionsLastAccessed []TrackedActionLastAccessed 1283} 1284 1285// Contains the details of a service-specific credential. 1286type ServiceSpecificCredential struct { 1287 1288 // The date and time, in ISO 8601 date-time format 1289 // (http://www.iso.org/iso/iso8601), when the service-specific credential were 1290 // created. 1291 // 1292 // This member is required. 1293 CreateDate *time.Time 1294 1295 // The name of the service associated with the service-specific credential. 1296 // 1297 // This member is required. 1298 ServiceName *string 1299 1300 // The generated password for the service-specific credential. 1301 // 1302 // This member is required. 1303 ServicePassword *string 1304 1305 // The unique identifier for the service-specific credential. 1306 // 1307 // This member is required. 1308 ServiceSpecificCredentialId *string 1309 1310 // The generated user name for the service-specific credential. This value is 1311 // generated by combining the IAM user's name combined with the ID number of the 1312 // AWS account, as in jane-at-123456789012, for example. This value cannot be 1313 // configured by the user. 1314 // 1315 // This member is required. 1316 ServiceUserName *string 1317 1318 // The status of the service-specific credential. Active means that the key is 1319 // valid for API calls, while Inactive means it is not. 1320 // 1321 // This member is required. 1322 Status StatusType 1323 1324 // The name of the IAM user associated with the service-specific credential. 1325 // 1326 // This member is required. 1327 UserName *string 1328} 1329 1330// Contains additional details about a service-specific credential. 1331type ServiceSpecificCredentialMetadata struct { 1332 1333 // The date and time, in ISO 8601 date-time format 1334 // (http://www.iso.org/iso/iso8601), when the service-specific credential were 1335 // created. 1336 // 1337 // This member is required. 1338 CreateDate *time.Time 1339 1340 // The name of the service associated with the service-specific credential. 1341 // 1342 // This member is required. 1343 ServiceName *string 1344 1345 // The unique identifier for the service-specific credential. 1346 // 1347 // This member is required. 1348 ServiceSpecificCredentialId *string 1349 1350 // The generated user name for the service-specific credential. 1351 // 1352 // This member is required. 1353 ServiceUserName *string 1354 1355 // The status of the service-specific credential. Active means that the key is 1356 // valid for API calls, while Inactive means it is not. 1357 // 1358 // This member is required. 1359 Status StatusType 1360 1361 // The name of the IAM user associated with the service-specific credential. 1362 // 1363 // This member is required. 1364 UserName *string 1365} 1366 1367// Contains information about an X.509 signing certificate. This data type is used 1368// as a response element in the UploadSigningCertificate and 1369// ListSigningCertificates operations. 1370type SigningCertificate struct { 1371 1372 // The contents of the signing certificate. 1373 // 1374 // This member is required. 1375 CertificateBody *string 1376 1377 // The ID for the signing certificate. 1378 // 1379 // This member is required. 1380 CertificateId *string 1381 1382 // The status of the signing certificate. Active means that the key is valid for 1383 // API calls, while Inactive means it is not. 1384 // 1385 // This member is required. 1386 Status StatusType 1387 1388 // The name of the user the signing certificate is associated with. 1389 // 1390 // This member is required. 1391 UserName *string 1392 1393 // The date when the signing certificate was uploaded. 1394 UploadDate *time.Time 1395} 1396 1397// Contains information about an SSH public key. This data type is used as a 1398// response element in the GetSSHPublicKey and UploadSSHPublicKey operations. 1399type SSHPublicKey struct { 1400 1401 // The MD5 message digest of the SSH public key. 1402 // 1403 // This member is required. 1404 Fingerprint *string 1405 1406 // The SSH public key. 1407 // 1408 // This member is required. 1409 SSHPublicKeyBody *string 1410 1411 // The unique identifier for the SSH public key. 1412 // 1413 // This member is required. 1414 SSHPublicKeyId *string 1415 1416 // The status of the SSH public key. Active means that the key can be used for 1417 // authentication with an AWS CodeCommit repository. Inactive means that the key 1418 // cannot be used. 1419 // 1420 // This member is required. 1421 Status StatusType 1422 1423 // The name of the IAM user associated with the SSH public key. 1424 // 1425 // This member is required. 1426 UserName *string 1427 1428 // The date and time, in ISO 8601 date-time format 1429 // (http://www.iso.org/iso/iso8601), when the SSH public key was uploaded. 1430 UploadDate *time.Time 1431} 1432 1433// Contains information about an SSH public key, without the key's body or 1434// fingerprint. This data type is used as a response element in the 1435// ListSSHPublicKeys operation. 1436type SSHPublicKeyMetadata struct { 1437 1438 // The unique identifier for the SSH public key. 1439 // 1440 // This member is required. 1441 SSHPublicKeyId *string 1442 1443 // The status of the SSH public key. Active means that the key can be used for 1444 // authentication with an AWS CodeCommit repository. Inactive means that the key 1445 // cannot be used. 1446 // 1447 // This member is required. 1448 Status StatusType 1449 1450 // The date and time, in ISO 8601 date-time format 1451 // (http://www.iso.org/iso/iso8601), when the SSH public key was uploaded. 1452 // 1453 // This member is required. 1454 UploadDate *time.Time 1455 1456 // The name of the IAM user associated with the SSH public key. 1457 // 1458 // This member is required. 1459 UserName *string 1460} 1461 1462// Contains a reference to a Statement element in a policy document that determines 1463// the result of the simulation. This data type is used by the MatchedStatements 1464// member of the EvaluationResult type. 1465type Statement struct { 1466 1467 // The row and column of the end of a Statement in an IAM policy. 1468 EndPosition *Position 1469 1470 // The identifier of the policy that was provided as an input. 1471 SourcePolicyId *string 1472 1473 // The type of the policy. 1474 SourcePolicyType PolicySourceType 1475 1476 // The row and column of the beginning of the Statement in an IAM policy. 1477 StartPosition *Position 1478} 1479 1480// A structure that represents user-provided metadata that can be associated with a 1481// resource such as an IAM user or role. For more information about tagging, see 1482// Tagging IAM Identities 1483// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the IAM User 1484// Guide. 1485type Tag struct { 1486 1487 // The key name that can be used to look up or retrieve the associated value. For 1488 // example, Department or Cost Center are common choices. 1489 // 1490 // This member is required. 1491 Key *string 1492 1493 // The value associated with this tag. For example, tags with a key name of 1494 // Department could have values such as Human Resources, Accounting, and Support. 1495 // Tags with a key name of Cost Center might have values that consist of the number 1496 // associated with the different cost centers in your company. Typically, many 1497 // resources have tags with the same key name but with different values. AWS always 1498 // interprets the tag Value as a single string. If you need to store an array, you 1499 // can store comma-separated values in the string. However, you must interpret the 1500 // value in your code. 1501 // 1502 // This member is required. 1503 Value *string 1504} 1505 1506// Contains details about the most recent attempt to access an action within the 1507// service. This data type is used as a response element in the 1508// GetServiceLastAccessedDetails operation. 1509type TrackedActionLastAccessed struct { 1510 1511 // The name of the tracked action to which access was attempted. Tracked actions 1512 // are actions that report activity to IAM. 1513 ActionName *string 1514 1515 // The Amazon Resource Name (ARN). ARNs are unique identifiers for AWS resources. 1516 // For more information about ARNs, go to Amazon Resource Names (ARNs) and AWS 1517 // Service Namespaces 1518 // (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) in 1519 // the AWS General Reference. 1520 LastAccessedEntity *string 1521 1522 // The Region from which the authenticated entity (user or role) last attempted to 1523 // access the tracked action. AWS does not report unauthenticated requests. This 1524 // field is null if no IAM entities attempted to access the service within the 1525 // reporting period 1526 // (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period). 1527 LastAccessedRegion *string 1528 1529 // The date and time, in ISO 8601 date-time format 1530 // (http://www.iso.org/iso/iso8601), when an authenticated entity most recently 1531 // attempted to access the tracked service. AWS does not report unauthenticated 1532 // requests. This field is null if no IAM entities attempted to access the service 1533 // within the reporting period 1534 // (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period). 1535 LastAccessedTime *time.Time 1536} 1537 1538// Contains information about an IAM user entity. This data type is used as a 1539// response element in the following operations: 1540// 1541// * CreateUser 1542// 1543// * GetUser 1544// 1545// * 1546// ListUsers 1547type User struct { 1548 1549 // The Amazon Resource Name (ARN) that identifies the user. For more information 1550 // about ARNs and how to use ARNs in policies, see IAM Identifiers 1551 // (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the 1552 // IAM User Guide. 1553 // 1554 // This member is required. 1555 Arn *string 1556 1557 // The date and time, in ISO 8601 date-time format 1558 // (http://www.iso.org/iso/iso8601), when the user was created. 1559 // 1560 // This member is required. 1561 CreateDate *time.Time 1562 1563 // The path to the user. For more information about paths, see IAM Identifiers 1564 // (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the 1565 // IAM User Guide. 1566 // 1567 // This member is required. 1568 Path *string 1569 1570 // The stable and unique string identifying the user. For more information about 1571 // IDs, see IAM Identifiers 1572 // (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the 1573 // IAM User Guide. 1574 // 1575 // This member is required. 1576 UserId *string 1577 1578 // The friendly name identifying the user. 1579 // 1580 // This member is required. 1581 UserName *string 1582 1583 // The date and time, in ISO 8601 date-time format 1584 // (http://www.iso.org/iso/iso8601), when the user's password was last used to sign 1585 // in to an AWS website. For a list of AWS websites that capture a user's last 1586 // sign-in time, see the Credential Reports 1587 // (https://docs.aws.amazon.com/IAM/latest/UserGuide/credential-reports.html) topic 1588 // in the IAM User Guide. If a password is used more than once in a five-minute 1589 // span, only the first use is returned in this field. If the field is null (no 1590 // value), then it indicates that they never signed in with a password. This can be 1591 // because: 1592 // 1593 // * The user never had a password. 1594 // 1595 // * A password exists but has not been 1596 // used since IAM started tracking this information on October 20, 2014. 1597 // 1598 // A null 1599 // value does not mean that the user never had a password. Also, if the user does 1600 // not currently have a password but had one in the past, then this field contains 1601 // the date and time the most recent password was used. This value is returned only 1602 // in the GetUser and ListUsers operations. 1603 PasswordLastUsed *time.Time 1604 1605 // The ARN of the policy used to set the permissions boundary for the user. For 1606 // more information about permissions boundaries, see Permissions Boundaries for 1607 // IAM Identities 1608 // (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html) 1609 // in the IAM User Guide. 1610 PermissionsBoundary *AttachedPermissionsBoundary 1611 1612 // A list of tags that are associated with the specified user. For more information 1613 // about tagging, see Tagging IAM Identities 1614 // (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the IAM User 1615 // Guide. 1616 Tags []Tag 1617} 1618 1619// Contains information about an IAM user, including all the user's policies and 1620// all the IAM groups the user is in. This data type is used as a response element 1621// in the GetAccountAuthorizationDetails operation. 1622type UserDetail struct { 1623 1624 // The Amazon Resource Name (ARN). ARNs are unique identifiers for AWS resources. 1625 // For more information about ARNs, go to Amazon Resource Names (ARNs) and AWS 1626 // Service Namespaces 1627 // (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) in 1628 // the AWS General Reference. 1629 Arn *string 1630 1631 // A list of the managed policies attached to the user. 1632 AttachedManagedPolicies []AttachedPolicy 1633 1634 // The date and time, in ISO 8601 date-time format 1635 // (http://www.iso.org/iso/iso8601), when the user was created. 1636 CreateDate *time.Time 1637 1638 // A list of IAM groups that the user is in. 1639 GroupList []string 1640 1641 // The path to the user. For more information about paths, see IAM Identifiers 1642 // (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the 1643 // IAM User Guide. 1644 Path *string 1645 1646 // The ARN of the policy used to set the permissions boundary for the user. For 1647 // more information about permissions boundaries, see Permissions Boundaries for 1648 // IAM Identities 1649 // (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html) 1650 // in the IAM User Guide. 1651 PermissionsBoundary *AttachedPermissionsBoundary 1652 1653 // A list of tags that are associated with the specified user. For more information 1654 // about tagging, see Tagging IAM Identities 1655 // (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the IAM User 1656 // Guide. 1657 Tags []Tag 1658 1659 // The stable and unique string identifying the user. For more information about 1660 // IDs, see IAM Identifiers 1661 // (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the 1662 // IAM User Guide. 1663 UserId *string 1664 1665 // The friendly name identifying the user. 1666 UserName *string 1667 1668 // A list of the inline policies embedded in the user. 1669 UserPolicyList []PolicyDetail 1670} 1671 1672// Contains information about a virtual MFA device. 1673type VirtualMFADevice struct { 1674 1675 // The serial number associated with VirtualMFADevice. 1676 // 1677 // This member is required. 1678 SerialNumber *string 1679 1680 // The base32 seed defined as specified in RFC3548 1681 // (https://tools.ietf.org/html/rfc3548.txt). The Base32StringSeed is 1682 // base64-encoded. 1683 Base32StringSeed []byte 1684 1685 // The date and time on which the virtual MFA device was enabled. 1686 EnableDate *time.Time 1687 1688 // A QR code PNG image that encodes 1689 // otpauth://totp/$virtualMFADeviceName@$AccountName?secret=$Base32String where 1690 // $virtualMFADeviceName is one of the create call arguments. AccountName is the 1691 // user name if set (otherwise, the account ID otherwise), and Base32String is the 1692 // seed in base32 format. The Base32String value is base64-encoded. 1693 QRCodePNG []byte 1694 1695 // The IAM user associated with this virtual MFA device. 1696 User *User 1697} 1698