Skip to content

Client

iamrolesanywhere R Documentation

IAM Roles Anywhere

Description

Identity and Access Management Roles Anywhere provides a secure way for your workloads such as servers, containers, and applications that run outside of Amazon Web Services to obtain temporary Amazon Web Services credentials. Your workloads can use the same IAM policies and roles you have for native Amazon Web Services applications to access Amazon Web Services resources. Using IAM Roles Anywhere eliminates the need to manage long-term credentials for workloads running outside of Amazon Web Services.

To use IAM Roles Anywhere, your workloads must use X.509 certificates issued by their certificate authority (CA). You register the CA with IAM Roles Anywhere as a trust anchor to establish trust between your public key infrastructure (PKI) and IAM Roles Anywhere. If you don't manage your own PKI system, you can use Private Certificate Authority to create a CA and then use that to establish trust with IAM Roles Anywhere.

This guide describes the IAM Roles Anywhere operations that you can call programmatically. For more information about IAM Roles Anywhere, see the IAM Roles Anywhere User Guide.

Usage

iamrolesanywhere(
  config = list(),
  credentials = list(),
  endpoint = NULL,
  region = NULL
)

Arguments

config

Optional configuration of credentials, endpoint, and/or region.

  • credentials:

    • creds:

      • access_key_id: AWS access key ID

      • secret_access_key: AWS secret access key

      • session_token: AWS temporary session token

    • profile: The name of a profile to use. If not given, then the default profile is used.

    • anonymous: Set anonymous credentials.

  • endpoint: The complete URL to use for the constructed client.

  • region: The AWS Region used in instantiating the client.

  • close_connection: Immediately close all HTTP connections.

  • timeout: The time in seconds till a timeout exception is thrown when attempting to make a connection. The default is 60 seconds.

  • s3_force_path_style: Set this to true to force the request to use path-style addressing, i.e. ⁠http://s3.amazonaws.com/BUCKET/KEY⁠.

  • sts_regional_endpoint: Set sts regional endpoint resolver to regional or legacy https://docs.aws.amazon.com/sdkref/latest/guide/feature-sts-regionalized-endpoints.html

credentials

Optional credentials shorthand for the config parameter

  • creds:

    • access_key_id: AWS access key ID

    • secret_access_key: AWS secret access key

    • session_token: AWS temporary session token

  • profile: The name of a profile to use. If not given, then the default profile is used.

  • anonymous: Set anonymous credentials.

endpoint

Optional shorthand for complete URL to use for the constructed client.

region

Optional shorthand for AWS Region used in instantiating the client.

Value

A client for the service. You can call the service's operations using syntax like svc$operation(...), where svc is the name you've assigned to the client. The available operations are listed in the Operations section.

Service syntax

svc <- iamrolesanywhere(
  config = list(
    credentials = list(
      creds = list(
        access_key_id = "string",
        secret_access_key = "string",
        session_token = "string"
      ),
      profile = "string",
      anonymous = "logical"
    ),
    endpoint = "string",
    region = "string",
    close_connection = "logical",
    timeout = "numeric",
    s3_force_path_style = "logical",
    sts_regional_endpoint = "string"
  ),
  credentials = list(
    creds = list(
      access_key_id = "string",
      secret_access_key = "string",
      session_token = "string"
    ),
    profile = "string",
    anonymous = "logical"
  ),
  endpoint = "string",
  region = "string"
)

Operations

create_profile
Creates a profile, a list of the roles that Roles Anywhere service is trusted to assume
create_trust_anchor
Creates a trust anchor to establish trust between IAM Roles Anywhere and your certificate authority (CA)
delete_attribute_mapping
Delete an entry from the attribute mapping rules enforced by a given profile
delete_crl
Deletes a certificate revocation list (CRL)
delete_profile
Deletes a profile
delete_trust_anchor
Deletes a trust anchor
disable_crl
Disables a certificate revocation list (CRL)
disable_profile
Disables a profile
disable_trust_anchor
Disables a trust anchor
enable_crl
Enables a certificate revocation list (CRL)
enable_profile
Enables temporary credential requests for a profile
enable_trust_anchor
Enables a trust anchor
get_crl
Gets a certificate revocation list (CRL)
get_profile
Gets a profile
get_subject
Gets a subject, which associates a certificate identity with authentication attempts
get_trust_anchor
Gets a trust anchor
import_crl
Imports the certificate revocation list (CRL)
list_crls
Lists all certificate revocation lists (CRL) in the authenticated account and Amazon Web Services Region
list_profiles
Lists all profiles in the authenticated account and Amazon Web Services Region
list_subjects
Lists the subjects in the authenticated account and Amazon Web Services Region
list_tags_for_resource
Lists the tags attached to the resource
list_trust_anchors
Lists the trust anchors in the authenticated account and Amazon Web Services Region
put_attribute_mapping
Put an entry in the attribute mapping rules that will be enforced by a given profile
put_notification_settings
Attaches a list of notification settings to a trust anchor
reset_notification_settings
Resets the custom notification setting to IAM Roles Anywhere default setting
tag_resource
Attaches tags to a resource
untag_resource
Removes tags from the resource
update_crl
Updates the certificate revocation list (CRL)
update_profile
Updates a profile, a list of the roles that IAM Roles Anywhere service is trusted to assume
update_trust_anchor
Updates a trust anchor

Examples

## Not run: 
svc <- iamrolesanywhere()
svc$create_profile(
  Foo = 123
)

## End(Not run)