AWS.RolesAnywhere — AWS SDK for JavaScript (original) (raw)

We recommend that you migrate to AWS SDK for JavaScript v3. For dates, additional details, and information on how to migrate, please refer to the linked announcement.

Overview

Constructs a service interface object. Each API operation is exposed as a function on service.

Service Description

Identity and Access Management Roles Anywhere provides a secure way for your workloads such as servers, containers, and applications that run outside of Amazon Web Services to obtain temporary Amazon Web Services credentials. Your workloads can use the same IAM policies and roles you have for native Amazon Web Services applications to access Amazon Web Services resources. Using IAM Roles Anywhere eliminates the need to manage long-term credentials for workloads running outside of Amazon Web Services.

To use IAM Roles Anywhere, your workloads must use X.509 certificates issued by their certificate authority (CA). You register the CA with IAM Roles Anywhere as a trust anchor to establish trust between your public key infrastructure (PKI) and IAM Roles Anywhere. If you don't manage your own PKI system, you can use Private Certificate Authority to create a CA and then use that to establish trust with IAM Roles Anywhere.

This guide describes the IAM Roles Anywhere operations that you can call programmatically. For more information about IAM Roles Anywhere, see the IAM Roles Anywhere User Guide.

Sending a Request Using RolesAnywhere

var rolesanywhere = new AWS.RolesAnywhere();
rolesanywhere.createProfile(params, function (err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Locking the API Version

In order to ensure that the RolesAnywhere object uses this specific API, you can construct the object by passing the apiVersion option to the constructor:

var rolesanywhere = new AWS.RolesAnywhere({apiVersion: '2018-05-10'});

You can also set the API version globally in AWS.config.apiVersions using the rolesanywhere service identifier:

AWS.config.apiVersions = {
  rolesanywhere: '2018-05-10',
  // other service API versions
};

var rolesanywhere = new AWS.RolesAnywhere();

Constructor Summarycollapse

• new AWS.RolesAnywhere(options = {}) ⇒ Object constructor
  Constructs a service object.

Property Summarycollapse

• endpoint ⇒ AWS.Endpoint readwrite
  An Endpoint object representing the endpoint URL for service requests.

Properties inherited from AWS.Service

apiVersions

Method Summarycollapse

• createProfile(params = {}, callback) ⇒ AWS.Request
  Creates a profile, a list of the roles that Roles Anywhere service is trusted to assume.
• createTrustAnchor(params = {}, callback) ⇒ AWS.Request
  Creates a trust anchor to establish trust between IAM Roles Anywhere and your certificate authority (CA).
• deleteAttributeMapping(params = {}, callback) ⇒ AWS.Request
  Delete an entry from the attribute mapping rules enforced by a given profile.
  .
• deleteCrl(params = {}, callback) ⇒ AWS.Request
  Deletes a certificate revocation list (CRL).
  Required permissions: rolesanywhere:DeleteCrl.
• deleteProfile(params = {}, callback) ⇒ AWS.Request
  Deletes a profile.
  Required permissions: rolesanywhere:DeleteProfile.
• deleteTrustAnchor(params = {}, callback) ⇒ AWS.Request
  Deletes a trust anchor.
  Required permissions: rolesanywhere:DeleteTrustAnchor.
• disableCrl(params = {}, callback) ⇒ AWS.Request
  Disables a certificate revocation list (CRL).
  Required permissions: rolesanywhere:DisableCrl.
• disableProfile(params = {}, callback) ⇒ AWS.Request
• disableTrustAnchor(params = {}, callback) ⇒ AWS.Request
• enableCrl(params = {}, callback) ⇒ AWS.Request
  Enables a certificate revocation list (CRL).
• enableProfile(params = {}, callback) ⇒ AWS.Request
  Enables temporary credential requests for a profile.
• enableTrustAnchor(params = {}, callback) ⇒ AWS.Request
• getCrl(params = {}, callback) ⇒ AWS.Request
  Gets a certificate revocation list (CRL).
  Required permissions: rolesanywhere:GetCrl.
• getProfile(params = {}, callback) ⇒ AWS.Request
  Gets a profile.
  Required permissions: rolesanywhere:GetProfile.
• getSubject(params = {}, callback) ⇒ AWS.Request
  Gets a subject, which associates a certificate identity with authentication attempts.
• getTrustAnchor(params = {}, callback) ⇒ AWS.Request
  Gets a trust anchor.
  Required permissions: rolesanywhere:GetTrustAnchor.
• importCrl(params = {}, callback) ⇒ AWS.Request
  Imports the certificate revocation list (CRL).
• listCrls(params = {}, callback) ⇒ AWS.Request
  Lists all certificate revocation lists (CRL) in the authenticated account and Amazon Web Services Region.
  Required permissions: rolesanywhere:ListCrls.
• listProfiles(params = {}, callback) ⇒ AWS.Request
  Lists all profiles in the authenticated account and Amazon Web Services Region.
  Required permissions: rolesanywhere:ListProfiles.
• listSubjects(params = {}, callback) ⇒ AWS.Request
  Lists the subjects in the authenticated account and Amazon Web Services Region.
  Required permissions: rolesanywhere:ListSubjects.
• listTagsForResource(params = {}, callback) ⇒ AWS.Request
  Lists the tags attached to the resource.
  Required permissions: rolesanywhere:ListTagsForResource.
• listTrustAnchors(params = {}, callback) ⇒ AWS.Request
  Lists the trust anchors in the authenticated account and Amazon Web Services Region.
  Required permissions: rolesanywhere:ListTrustAnchors.
• putAttributeMapping(params = {}, callback) ⇒ AWS.Request
  Put an entry in the attribute mapping rules that will be enforced by a given profile.
• putNotificationSettings(params = {}, callback) ⇒ AWS.Request
  Attaches a list of notification settings to a trust anchor.
  A notification setting includes information such as event name, threshold, status of the notification setting, and the channel to notify.
  Required permissions: rolesanywhere:PutNotificationSettings.
• resetNotificationSettings(params = {}, callback) ⇒ AWS.Request
  Resets the custom notification setting to IAM Roles Anywhere default setting.
• tagResource(params = {}, callback) ⇒ AWS.Request
  Attaches tags to a resource.
  Required permissions: rolesanywhere:TagResource.
• untagResource(params = {}, callback) ⇒ AWS.Request
  Removes tags from the resource.
  Required permissions: rolesanywhere:UntagResource.
• updateCrl(params = {}, callback) ⇒ AWS.Request
  Updates the certificate revocation list (CRL).
• updateProfile(params = {}, callback) ⇒ AWS.Request
  Updates a profile, a list of the roles that IAM Roles Anywhere service is trusted to assume.
• updateTrustAnchor(params = {}, callback) ⇒ AWS.Request

Methods inherited from AWS.Service

makeRequest, makeUnauthenticatedRequest, waitFor, setupRequestListeners, defineService

Constructor Details

new AWS.RolesAnywhere(options = {}) ⇒ Object

Constructs a service object. This object has one method for each API operation.

Property Details

endpoint ⇒ AWS.Endpoint

Returns an Endpoint object representing the endpoint URL for service requests.

Method Details

createProfile(params = {}, callback) ⇒ AWS.Request

Creates a profile, a list of the roles that Roles Anywhere service is trusted to assume. You use profiles to intersect permissions with IAM managed policies.

Required permissions: rolesanywhere:CreateProfile.

createTrustAnchor(params = {}, callback) ⇒ AWS.Request

Creates a trust anchor to establish trust between IAM Roles Anywhere and your certificate authority (CA). You can define a trust anchor as a reference to an Private Certificate Authority (Private CA) or by uploading a CA certificate. Your Amazon Web Services workloads can authenticate with the trust anchor using certificates issued by the CA in exchange for temporary Amazon Web Services credentials.

Required permissions: rolesanywhere:CreateTrustAnchor.

deleteAttributeMapping(params = {}, callback) ⇒ AWS.Request

Delete an entry from the attribute mapping rules enforced by a given profile.

deleteCrl(params = {}, callback) ⇒ AWS.Request

Deletes a certificate revocation list (CRL).

Required permissions: rolesanywhere:DeleteCrl.

deleteProfile(params = {}, callback) ⇒ AWS.Request

Deletes a profile.

Required permissions: rolesanywhere:DeleteProfile.

deleteTrustAnchor(params = {}, callback) ⇒ AWS.Request

Deletes a trust anchor.

Required permissions: rolesanywhere:DeleteTrustAnchor.

disableCrl(params = {}, callback) ⇒ AWS.Request

Disables a certificate revocation list (CRL).

Required permissions: rolesanywhere:DisableCrl.

disableProfile(params = {}, callback) ⇒ AWS.Request

Disables a profile. When disabled, temporary credential requests with this profile fail.

Required permissions: rolesanywhere:DisableProfile.

disableTrustAnchor(params = {}, callback) ⇒ AWS.Request

Disables a trust anchor. When disabled, temporary credential requests specifying this trust anchor are unauthorized.

Required permissions: rolesanywhere:DisableTrustAnchor.

enableCrl(params = {}, callback) ⇒ AWS.Request

Enables a certificate revocation list (CRL). When enabled, certificates stored in the CRL are unauthorized to receive session credentials.

Required permissions: rolesanywhere:EnableCrl.

enableProfile(params = {}, callback) ⇒ AWS.Request

Enables temporary credential requests for a profile.

Required permissions: rolesanywhere:EnableProfile.

enableTrustAnchor(params = {}, callback) ⇒ AWS.Request

Enables a trust anchor. When enabled, certificates in the trust anchor chain are authorized for trust validation.

Required permissions: rolesanywhere:EnableTrustAnchor.

getCrl(params = {}, callback) ⇒ AWS.Request

Gets a certificate revocation list (CRL).

Required permissions: rolesanywhere:GetCrl.

getProfile(params = {}, callback) ⇒ AWS.Request

Gets a profile.

Required permissions: rolesanywhere:GetProfile.

getSubject(params = {}, callback) ⇒ AWS.Request

Gets a subject, which associates a certificate identity with authentication attempts. The subject stores auditing information such as the status of the last authentication attempt, the certificate data used in the attempt, and the last time the associated identity attempted authentication.

Required permissions: rolesanywhere:GetSubject.

getTrustAnchor(params = {}, callback) ⇒ AWS.Request

Gets a trust anchor.

Required permissions: rolesanywhere:GetTrustAnchor.

importCrl(params = {}, callback) ⇒ AWS.Request

Imports the certificate revocation list (CRL). A CRL is a list of certificates that have been revoked by the issuing certificate Authority (CA).In order to be properly imported, a CRL must be in PEM format. IAM Roles Anywhere validates against the CRL before issuing credentials.

Required permissions: rolesanywhere:ImportCrl.

listCrls(params = {}, callback) ⇒ AWS.Request

Lists all certificate revocation lists (CRL) in the authenticated account and Amazon Web Services Region.

Required permissions: rolesanywhere:ListCrls.

listProfiles(params = {}, callback) ⇒ AWS.Request

Lists all profiles in the authenticated account and Amazon Web Services Region.

Required permissions: rolesanywhere:ListProfiles.

listSubjects(params = {}, callback) ⇒ AWS.Request

Lists the subjects in the authenticated account and Amazon Web Services Region.

Required permissions: rolesanywhere:ListSubjects.

listTagsForResource(params = {}, callback) ⇒ AWS.Request

Lists the tags attached to the resource.

Required permissions: rolesanywhere:ListTagsForResource.

listTrustAnchors(params = {}, callback) ⇒ AWS.Request

Lists the trust anchors in the authenticated account and Amazon Web Services Region.

Required permissions: rolesanywhere:ListTrustAnchors.

putAttributeMapping(params = {}, callback) ⇒ AWS.Request

Put an entry in the attribute mapping rules that will be enforced by a given profile. A mapping specifies a certificate field and one or more specifiers that have contextual meanings.

putNotificationSettings(params = {}, callback) ⇒ AWS.Request

Attaches a list of notification settings to a trust anchor.

A notification setting includes information such as event name, threshold, status of the notification setting, and the channel to notify.

Required permissions: rolesanywhere:PutNotificationSettings.

resetNotificationSettings(params = {}, callback) ⇒ AWS.Request

Resets the custom notification setting to IAM Roles Anywhere default setting.

Required permissions: rolesanywhere:ResetNotificationSettings.

tagResource(params = {}, callback) ⇒ AWS.Request

Attaches tags to a resource.

Required permissions: rolesanywhere:TagResource.

untagResource(params = {}, callback) ⇒ AWS.Request

Removes tags from the resource.

Required permissions: rolesanywhere:UntagResource.

updateCrl(params = {}, callback) ⇒ AWS.Request

Updates the certificate revocation list (CRL). A CRL is a list of certificates that have been revoked by the issuing certificate authority (CA). IAM Roles Anywhere validates against the CRL before issuing credentials.

Required permissions: rolesanywhere:UpdateCrl.

updateProfile(params = {}, callback) ⇒ AWS.Request

Updates a profile, a list of the roles that IAM Roles Anywhere service is trusted to assume. You use profiles to intersect permissions with IAM managed policies.

Required permissions: rolesanywhere:UpdateProfile.

updateTrustAnchor(params = {}, callback) ⇒ AWS.Request

Updates a trust anchor. You establish trust between IAM Roles Anywhere and your certificate authority (CA) by configuring a trust anchor. You can define a trust anchor as a reference to an Private Certificate Authority (Private CA) or by uploading a CA certificate. Your Amazon Web Services workloads can authenticate with the trust anchor using certificates issued by the CA in exchange for temporary Amazon Web Services credentials.

Required permissions: rolesanywhere:UpdateTrustAnchor.