View a markdown version of this page

Data retrieval APIs for AWS Identity and Access Management (IAM) - AWS Online Register of Data Formats

Data retrieval APIs for AWS Identity and Access Management (IAM)

AWS Identity and Access Management (IAM) provides the following APIs for data retrieval.

Actions Description Access level
GenerateCredentialReportGenerate a credential report for the AWS accountRead
GenerateOrganizationsAccessReportGenerate an access report for an AWS Organizations entityRead
GenerateServiceLastAccessedDetailsGenerate a service last accessed data report for an IAM resourceRead
GetAccessKeyLastUsedRetrieve information about when the specified access key was last usedRead
GetAccountAuthorizationDetailsRetrieve information about all IAM users, groups, roles, and policies in your AWS account, including their relationships to one anotherRead
GetAccountEmailAddressRetrieve the email address that is associated with the accountRead
GetAccountNameRetrieve the account name that is associated with the accountRead
GetAccountPasswordPolicyRetrieve the password policy for the AWS accountRead
GetAccountSummaryRetrieve information about IAM entity usage and IAM quotas in the AWS accountList
GetCloudFrontPublicKeyRetrieve information about the specified CloudFront public keyRead
GetContextKeysForCustomPolicyRetrieve a list of all of the context keys that are referenced in the specified policyRead
GetContextKeysForPrincipalPolicyRetrieve a list of all context keys that are referenced in all IAM policies that are attached to the specified IAM identity (user, group, or role)Read
GetCredentialReportRetrieve a credential report for the AWS accountRead
GetDelegationRequestRetrieves information about a specific delegation requestRead
GetGroupRetrieve a list of IAM users in the specified IAM groupRead
GetGroupPolicyRetrieve an inline policy document that is embedded in the specified IAM groupRead
GetHumanReadableSummaryRetrieves a human readable summary for a given entity. At this time, only delegation request are supportedRead
GetInstanceProfileRetrieve information about the specified instance profile, including the instance profile's path, GUID, ARN, and roleRead
GetLoginProfileRetrieve the user name and password creation date for the specified IAM userList
GetMFADeviceRetrieve information about an MFA device for the specified userRead
GetOpenIDConnectProviderRetrieve information about the specified OpenID Connect (OIDC) provider resource in IAMRead
GetOrganizationsAccessReportRetrieve an AWS Organizations access reportRead
GetOutboundWebIdentityFederationInfoRetrieves the configuration information for the outbound identity federation feature for the callers accountRead
GetPolicyRetrieve information about the specified managed policy, including the policy's default version and the total number of identities to which the policy is attachedRead
GetPolicyVersionRetrieve information about a version of the specified managed policy, including the policy documentRead
GetRoleRetrieve information about the specified role, including the role's path, GUID, ARN, and the role's trust policyRead
GetRolePolicyRetrieve an inline policy document that is embedded with the specified IAM roleRead
GetSAMLProviderRetrieve the SAML provider metadocument that was uploaded when the IAM SAML provider resource was created or updatedRead
GetSSHPublicKeyRetrieve the specified SSH public key, including metadata about the keyRead
GetServerCertificateRetrieve information about the specified server certificate stored in IAMRead
GetServiceLastAccessedDetailsRetrieve information about the service last accessed data reportRead
GetServiceLastAccessedDetailsWithEntitiesRetrieve information about the entities from the service last accessed data reportRead
GetServiceLinkedRoleDeletionStatusRetrieve an IAM service-linked role deletion statusRead
GetUserRetrieve information about the specified IAM user, including the user's creation date, path, unique ID, and ARNRead
GetUserPolicyRetrieve an inline policy document that is embedded in the specified IAM userRead
ListAccessKeysList information about the access key IDs that are associated with the specified IAM userList
ListAccountAliasesList the account alias that is associated with the AWS accountList
ListAttachedGroupPoliciesList all managed policies that are attached to the specified IAM groupList
ListAttachedRolePoliciesList all managed policies that are attached to the specified IAM roleList
ListAttachedUserPoliciesList all managed policies that are attached to the specified IAM userList
ListCloudFrontPublicKeysList all current CloudFront public keys for the accountList
ListDelegationRequestsLists delegation requests based on the specified criteriaList
ListEntitiesForPolicyList all IAM identities to which the specified managed policy is attachedList
ListGroupPoliciesList the names of the inline policies that are embedded in the specified IAM groupList
ListGroupsList the IAM groups that have the specified path prefixList
ListGroupsForUserList the IAM groups that the specified IAM user belongs toList
ListInstanceProfileTagsList the tags that are attached to the specified instance profileList
ListInstanceProfilesList the instance profiles that have the specified path prefixList
ListInstanceProfilesForRoleList the instance profiles that have the specified associated IAM roleList
ListMFADeviceTagsList the tags that are attached to the specified virtual mfa deviceList
ListMFADevicesList the MFA devices for an IAM userList
ListOpenIDConnectProviderTagsList the tags that are attached to the specified OpenID Connect providerList
ListOpenIDConnectProvidersList information about the IAM OpenID Connect (OIDC) provider resource objects that are defined in the AWS accountList
ListOrganizationsFeaturesList the centralized root access features enabled for your organizationList
ListPoliciesList all managed policiesList
ListPoliciesGrantingServiceAccessList information about the policies that grant an entity access to a specific serviceList
ListPolicyTagsList the tags that are attached to the specified managed policyList
ListPolicyVersionsList information about the versions of the specified managed policy, including the version that is currently set as the policy's default versionList
ListRolePoliciesList the names of the inline policies that are embedded in the specified IAM roleList
ListRoleTagsList the tags that are attached to the specified IAM roleList
ListRolesList the IAM roles that have the specified path prefixList
ListSAMLProviderTagsList the tags that are attached to the specified SAML providerList
ListSAMLProvidersList the SAML provider resources in IAMList
ListSSHPublicKeysList information about the SSH public keys that are associated with the specified IAM userList
ListSTSRegionalEndpointsStatusList the status of all active STS regional endpointsList
ListServerCertificateTagsList the tags that are attached to the specified server certificateList
ListServerCertificatesList the server certificates that have the specified path prefixList
ListServiceSpecificCredentialsList the service-specific credentials that are associated with the specified IAM userList
ListSigningCertificatesList information about the signing certificates that are associated with the specified IAM userList
ListUserPoliciesList the names of the inline policies that are embedded in the specified IAM userList
ListUserTagsList the tags that are attached to the specified IAM userList
ListUsersList the IAM users that have the specified path prefixList
ListVirtualMFADevicesList virtual MFA devices by assignment statusList
SimulateCustomPolicySimulate whether an identity-based policy or resource-based policy provides permissions for specific API operations and resourcesRead
SimulatePrincipalPolicySimulate whether an identity-based policy that is attached to a specified IAM entity (user or role) provides permissions for specific API operations and resourcesRead