Skip to content

/AWS1/IF_RLA=>CREATEPROFILE()

About CreateProfile

Creates a profile, a list of the roles that Roles Anywhere service is trusted to assume. You use profiles to intersect permissions with IAM managed policies.

Required permissions: rolesanywhere:CreateProfile.

Method Signature

METHODS /AWS1/IF_RLA~CREATEPROFILE
  IMPORTING
    !IV_NAME TYPE /AWS1/RLARESOURCENAME OPTIONAL
    !IV_REQUIREINSTANCEPROPERTIES TYPE /AWS1/RLABOOLEAN OPTIONAL
    !IV_SESSIONPOLICY TYPE /AWS1/RLASTRING OPTIONAL
    !IT_ROLEARNS TYPE /AWS1/CL_RLAROLEARNLIST_W=>TT_ROLEARNLIST OPTIONAL
    !IT_MANAGEDPOLICYARNS TYPE /AWS1/CL_RLAMANAGEDPLYLIST_W=>TT_MANAGEDPOLICYLIST OPTIONAL
    !IV_DURATIONSECONDS TYPE /AWS1/RLAINTEGER OPTIONAL
    !IV_ENABLED TYPE /AWS1/RLABOOLEAN OPTIONAL
    !IT_TAGS TYPE /AWS1/CL_RLATAG=>TT_TAGLIST OPTIONAL
    !IV_ACCEPTROLESESSIONNAME TYPE /AWS1/RLABOOLEAN OPTIONAL
  RETURNING
    VALUE(OO_OUTPUT) TYPE REF TO /aws1/cl_rlaprofiledetailrsp
  RAISING
    /AWS1/CX_RLAACCESSDENIEDEX
    /AWS1/CX_RLAVALIDATIONEX
    /AWS1/CX_RLACLIENTEXC
    /AWS1/CX_RLASERVEREXC
    /AWS1/CX_RT_TECHNICAL_GENERIC
    /AWS1/CX_RT_SERVICE_GENERIC.

IMPORTING

Required arguments:

iv_name TYPE /AWS1/RLARESOURCENAME /AWS1/RLARESOURCENAME

The name of the profile.

it_rolearns TYPE /AWS1/CL_RLAROLEARNLIST_W=>TT_ROLEARNLIST TT_ROLEARNLIST

A list of IAM roles that this profile can assume in a temporary credential request.

Optional arguments:

iv_requireinstanceproperties TYPE /AWS1/RLABOOLEAN /AWS1/RLABOOLEAN

Specifies whether instance properties are required in temporary credential requests with this profile.

iv_sessionpolicy TYPE /AWS1/RLASTRING /AWS1/RLASTRING

A session policy that applies to the trust boundary of the vended session credentials.

it_managedpolicyarns TYPE /AWS1/CL_RLAMANAGEDPLYLIST_W=>TT_MANAGEDPOLICYLIST TT_MANAGEDPOLICYLIST

A list of managed policy ARNs that apply to the vended session credentials.

iv_durationseconds TYPE /AWS1/RLAINTEGER /AWS1/RLAINTEGER

Used to determine how long sessions vended using this profile are valid for. See the Expiration section of the CreateSession API documentation page for more details. In requests, if this value is not provided, the default value will be 3600.

iv_enabled TYPE /AWS1/RLABOOLEAN /AWS1/RLABOOLEAN

Specifies whether the profile is enabled.

it_tags TYPE /AWS1/CL_RLATAG=>TT_TAGLIST TT_TAGLIST

The tags to attach to the profile.

iv_acceptrolesessionname TYPE /AWS1/RLABOOLEAN /AWS1/RLABOOLEAN

Used to determine if a custom role session name will be accepted in a temporary credential request.

RETURNING

oo_output TYPE REF TO /aws1/cl_rlaprofiledetailrsp /AWS1/CL_RLAPROFILEDETAILRSP

Domain /AWS1/RT_ACCOUNT_ID
Primitive Type NUMC

Examples

Syntax Example

This is an example of the syntax for calling the method. It includes every possible argument and initializes every possible value. The data provided is not necessarily semantically accurate (for example the value "string" may be provided for something that is intended to be an instance ID, or in some cases two arguments may be mutually exclusive). The syntax shows the ABAP syntax for creating the various data structures.

DATA(lo_result) = lo_client->createprofile(
  it_managedpolicyarns = VALUE /aws1/cl_rlamanagedplylist_w=>tt_managedpolicylist(
    ( new /aws1/cl_rlamanagedplylist_w( |string| ) )
  )
  it_rolearns = VALUE /aws1/cl_rlarolearnlist_w=>tt_rolearnlist(
    ( new /aws1/cl_rlarolearnlist_w( |string| ) )
  )
  it_tags = VALUE /aws1/cl_rlatag=>tt_taglist(
    (
      new /aws1/cl_rlatag(
        iv_key = |string|
        iv_value = |string|
      )
    )
  )
  iv_acceptrolesessionname = ABAP_TRUE
  iv_durationseconds = 123
  iv_enabled = ABAP_TRUE
  iv_name = |string|
  iv_requireinstanceproperties = ABAP_TRUE
  iv_sessionpolicy = |string|
).

This is an example of reading all possible response values

lo_result = lo_result.
IF lo_result IS NOT INITIAL.
  lo_profiledetail = lo_result->get_profile( ).
  IF lo_profiledetail IS NOT INITIAL.
    lv_uuid = lo_profiledetail->get_profileid( ).
    lv_profilearn = lo_profiledetail->get_profilearn( ).
    lv_resourcename = lo_profiledetail->get_name( ).
    lv_boolean = lo_profiledetail->get_requireinstanceprps( ).
    lv_boolean = lo_profiledetail->get_enabled( ).
    lv_string = lo_profiledetail->get_createdby( ).
    lv_string = lo_profiledetail->get_sessionpolicy( ).
    LOOP AT lo_profiledetail->get_rolearns( ) into lo_row.
      lo_row_1 = lo_row.
      IF lo_row_1 IS NOT INITIAL.
        lv_rolearn = lo_row_1->get_value( ).
      ENDIF.
    ENDLOOP.
    LOOP AT lo_profiledetail->get_managedpolicyarns( ) into lo_row_2.
      lo_row_3 = lo_row_2.
      IF lo_row_3 IS NOT INITIAL.
        lv_string = lo_row_3->get_value( ).
      ENDIF.
    ENDLOOP.
    lv_timestamp = lo_profiledetail->get_createdat( ).
    lv_timestamp = lo_profiledetail->get_updatedat( ).
    lv_integer = lo_profiledetail->get_durationseconds( ).
    lv_boolean = lo_profiledetail->get_acceptrolesessionname( ).
    LOOP AT lo_profiledetail->get_attributemappings( ) into lo_row_4.
      lo_row_5 = lo_row_4.
      IF lo_row_5 IS NOT INITIAL.
        lv_certificatefield = lo_row_5->get_certificatefield( ).
        LOOP AT lo_row_5->get_mappingrules( ) into lo_row_6.
          lo_row_7 = lo_row_6.
          IF lo_row_7 IS NOT INITIAL.
            lv_string = lo_row_7->get_specifier( ).
          ENDIF.
        ENDLOOP.
      ENDIF.
    ENDLOOP.
  ENDIF.
ENDIF.