AWS Certificate Manager Private Certificate Authority
acmpca_create_certificate_authority_audit_report
Creates an audit report that lists every time that your CA private key
is used
acmpca_delete_certificate_authority
Deletes a private certificate authority (CA)
Lists all the permissions, if any, that have been assigned by a private
CA
Revokes permissions that a private CA assigned to a designated AWS
service
acmpca_restore_certificate_authority
Restores a certificate authority (CA) that is in the DELETED state
clouddirectory_create_index
Creates an index object
clouddirectory_create_object
Creates an object in a Directory
Lists the tags, if any, that are associated with your private CA
acmpca_revoke_certificate
Revokes a certificate that you issued by calling the IssueCertificate
operation
acmpca_create_certificate_authority
Creates a private subordinate certificate authority (CA)
Assigns permissions from a private CA to a designated AWS service
Renews an eligable ACM certificate
acmpca_describe_certificate_authority
Lists information about your private certificate authority (CA)
acmpca_describe_certificate_authority_audit_report
Lists information about a specific audit report created by calling the
CreateCertificateAuthorityAuditReport operation
acmpca_tag_certificate_authority
Adds one or more tags to your private CA
acmpca_get_certificate_authority_csr
Retrieves the certificate signing request (CSR) for your private
certificate authority (CA)
Requests an ACM certificate for use with other AWS services
acmpca_import_certificate_authority_certificate
Imports your signed private CA certificate into ACM PCA
clouddirectory_add_facet_to_object
Adds a new Facet to an object
clouddirectory_apply_schema
Copies the input published schema, at the specified version, into the
Directory with the same name and version as that of the published schema
Returns detailed metadata about the specified ACM certificate
Uses your private certificate authority (CA) to issue a client
certificate
acmpca_list_certificate_authorities
Lists the private certificate authorities that you created by using the
CreateCertificateAuthority operation
clouddirectory_attach_object
Attaches an existing object to another object
clouddirectory_detach_object
Detaches a given object from the parent object
clouddirectory_attach_policy
Attaches a policy object to a regular object
clouddirectory_create_schema
Creates a new schema in a development state
clouddirectory_detach_policy
Detaches a policy from an object
clouddirectory_batch_read
Performs all the read operations in a batch
clouddirectory_get_link_attributes
Retrieves attributes that are associated with a typed link
clouddirectory_create_typed_link_facet
Creates a TypedLinkFacet
clouddirectory_enable_directory
Enables the specified directory
acm_update_certificate_options
Updates a certificate
acm_resend_validation_email
Resends the email that requests domain ownership validation
clouddirectory_get_object_attributes
Retrieves attributes within a facet that are associated with an object
clouddirectory_attach_to_index
Attaches the specified object to the specified index
clouddirectory_list_object_children
Returns a paginated list of child objects that are associated with a
given object
clouddirectory_list_object_attributes
Lists all attributes that are associated with an object
Retrieves a certificate from your private CA
clouddirectory_batch_write
Performs all the write operations in a batch
acmpca_untag_certificate_authority
Remove one or more tags from your private CA
acmpca_get_certificate_authority_certificate
Retrieves the certificate and certificate chain for your private
certificate authority (CA)
clouddirectory_list_typed_link_facet_names
Returns a paginated list of TypedLink facet names for a particular
schema
clouddirectory_lookup_policy
Lists all policies from the root of the Directory to the object
specified
clouddirectory_get_applied_schema_version
Returns current applied schema version ARN, including the minor version
in use
clouddirectory_delete_directory
Deletes a directory
clouddirectory_delete_facet
Deletes a given Facet
clouddirectory_get_object_information
Retrieves metadata about an object
clouddirectory_detach_typed_link
Detaches a typed link from a specified source and target object
clouddirectory_disable_directory
Disables the specified directory
clouddirectory_get_typed_link_facet_information
Returns the identity attribute order for a specific TypedLinkFacet
This is documentation for AWS CLOUDHSM CLASSIC
clouddirectory_update_typed_link_facet
Updates a TypedLinkFacet
clouddirectory_update_schema
Updates the schema name with a new name
clouddirectory_list_facet_attributes
Retrieves attributes attached to the facet
clouddirectory_list_directories
Lists directories created within an account
cloudhsm_delete_luna_client
This is documentation for AWS CLOUDHSM CLASSIC
This is documentation for AWS CLOUDHSM CLASSIC
cloudhsm_list_luna_clients
This is documentation for AWS CLOUDHSM CLASSIC
clouddirectory_get_schema_as_json
Retrieves a JSON representation of the schema
cloudhsmv2_copy_backup_to_region
Copy an AWS CloudHSM cluster backup to a different region
acmpca_update_certificate_authority
Updates the status or configuration of a private certificate authority
(CA)
clouddirectory_list_applied_schema_arns
Lists schema major versions applied to a directory
clouddirectory_attach_typed_link
Attaches a typed link to a specified source and target object
clouddirectory_detach_from_index
Detaches the specified object from the specified index
clouddirectory_delete_typed_link_facet
Deletes a TypedLinkFacet
clouddirectory_get_directory
Retrieves metadata about a directory
cloudhsmv2_create_cluster
Creates a new AWS CloudHSM cluster
clouddirectory_list_object_parent_paths
Retrieves all available parent paths for any object type such as node,
leaf node, policy node, and index node objects
Amazon CloudDirectory
clouddirectory_untag_resource
An API operation for removing tags from a resource
clouddirectory_list_object_parents
Lists parent objects that are associated with a given object in
pagination fashion
clouddirectory_create_directory
Creates a Directory by copying the published schema into the directory
clouddirectory_delete_schema
Deletes a given schema
clouddirectory_create_facet
Creates a new Facet in a schema
clouddirectory_delete_object
Deletes an object and its associated attributes
clouddirectory_list_index
Lists objects attached to the specified index
clouddirectory_update_object_attributes
Updates a given object's attributes
clouddirectory_update_link_attributes
Updates a given typed link<U+00E2><U+20AC><U+2122>s attributes
clouddirectory_list_attached_indices
Lists indices attached to the specified object
clouddirectory_update_facet
Does the following: 1
Amazon CloudHSM
Gets details of the Facet, such as facet name, attributes, Rules, or
ObjectType
clouddirectory_list_development_schema_arns
Retrieves each Amazon Resource Name (ARN) of schemas in the development
state
clouddirectory_list_policy_attachments
Returns all of the ObjectIdentifiers to which a given policy is attached
clouddirectory_list_managed_schema_arns
Lists the major version families of each managed schema
clouddirectory_list_object_policies
Returns policies attached to an object in pagination fashion
cloudhsm_add_tags_to_resource
This is documentation for AWS CLOUDHSM CLASSIC
cloudhsmv2_untag_resource
Removes the specified tag or tags from the specified AWS CloudHSM
cluster
cloudhsm_list_tags_for_resource
This is documentation for AWS CLOUDHSM CLASSIC
clouddirectory_list_published_schema_arns
Lists the major version families of each published schema
This is documentation for AWS CLOUDHSM CLASSIC
clouddirectory_remove_facet_from_object
Removes the specified facet from the specified object
clouddirectory_list_facet_names
Retrieves the names of facets that exist in a schema
cloudhsm_describe_luna_client
This is documentation for AWS CLOUDHSM CLASSIC
cloudhsm_remove_tags_from_resource
This is documentation for AWS CLOUDHSM CLASSIC
AWS CloudHSM V2
clouddirectory_list_incoming_typed_links
Returns a paginated list of all the incoming TypedLinkSpecifier
information for an object
This is documentation for AWS CLOUDHSM CLASSIC
clouddirectory_list_tags_for_resource
Returns tags for a resource
clouddirectory_list_outgoing_typed_links
Returns a paginated list of all the outgoing TypedLinkSpecifier
information for an object
clouddirectory_tag_resource
An API operation for adding tags to a resource
This is documentation for AWS CLOUDHSM CLASSIC
Creates a new hardware security module (HSM) in the specified AWS
CloudHSM cluster
Deletes a specified AWS CloudHSM backup
Amazon Cognito Identity
Generates (or retrieves) a Cognito ID
Adds or overwrites one or more tags for the specified AWS CloudHSM
cluster
cloudhsmv2_restore_backup
Restores a specified AWS CloudHSM backup that is in the PENDING_DELETION
state
This is documentation for AWS CLOUDHSM CLASSIC
clouddirectory_list_typed_link_facet_attributes
Returns a paginated list of all attribute definitions for a particular
TypedLinkFacet
cloudhsm_list_available_zones
This is documentation for AWS CLOUDHSM CLASSIC
clouddirectory_publish_schema
Publishes a development schema with a major version and a recommended
minor version
clouddirectory_upgrade_applied_schema
Upgrades a single directory in-place using the PublishedSchemaArn with
schema updates found in MinorVersion
cognitoidentity_list_tags_for_resource
Lists the tags that are assigned to an Amazon Cognito identity pool
cognitoidentity_lookup_developer_identity
Retrieves the IdentityID associated with a DeveloperUserIdentifier or
the list of DeveloperUserIdentifier values associated with an IdentityId
for an existing identity
cognitoidentity_create_identity_pool
Creates a new identity pool
cognitoidentityprovider_admin_confirm_sign_up
Confirms user registration as an admin without using a confirmation code
This is documentation for AWS CLOUDHSM CLASSIC
cognitoidentity_describe_identity_pool
Gets details about a particular identity pool, including the pool name,
ID description, creation date, and current number of users
cognitoidentityprovider_admin_create_user
Creates a new user in the specified user pool
cognitoidentity_get_identity_pool_roles
Gets the roles for an identity pool
clouddirectory_upgrade_published_schema
Upgrades a published schema under a new minor version revision using the
current contents of DevelopmentSchemaArn
cognitoidentity_delete_identities
Deletes identities from an identity pool
cognitoidentity_tag_resource
Assigns a set of tags to an Amazon Cognito identity pool
cognitoidentity_get_credentials_for_identity
Returns credentials for the provided identity ID
cognitoidentity_update_identity_pool
Updates an identity pool
cognitoidentity_list_identities
Lists the identities in an identity pool
cognitoidentity_list_identity_pools
Lists all of the Cognito identity pools registered for your account
clouddirectory_put_schema_from_json
Allows a schema to be updated using JSON upload
This is documentation for AWS CLOUDHSM CLASSIC
cloudhsm_modify_luna_client
This is documentation for AWS CLOUDHSM CLASSIC
cognitoidentityprovider_admin_list_user_auth_events
Lists a history of user activity and any risks detected as part of
Amazon Cognito advanced security
cloudhsm_create_luna_client
This is documentation for AWS CLOUDHSM CLASSIC
cognitoidentity_get_open_id_token
Gets an OpenID token, using a known Cognito ID
cognitoidentity_get_open_id_token_for_developer_identity
Registers (or retrieves) a Cognito IdentityId and an OpenID Connect
token for a user authenticated by your backend authentication process
cloudhsmv2_describe_backups
Gets information about backups of AWS CloudHSM clusters
cloudhsmv2_describe_clusters
Gets information about AWS CloudHSM clusters
Amazon Cognito Identity Provider
cognitoidentityprovider_admin_delete_user
Deletes a user as an administrator
cognitoidentityprovider_admin_delete_user_attributes
Deletes the user attributes in a user pool as an administrator
cognitoidentityprovider_admin_remove_user_from_group
Removes the specified user from the specified group
cognitoidentity_merge_developer_identities
Merges two users having different IdentityIds, existing in the same
identity pool, and identified by the same developer provider
cognitoidentity_set_identity_pool_roles
Sets the roles for an identity pool
This is documentation for AWS CLOUDHSM CLASSIC
This is documentation for AWS CLOUDHSM CLASSIC
cognitoidentityprovider_admin_disable_provider_for_user
Disables the user from signing in with the specified external (SAML or
social) identity provider
This is documentation for AWS CLOUDHSM CLASSIC
cloudhsmv2_delete_cluster
Deletes the specified AWS CloudHSM cluster
cognitoidentity_unlink_developer_identity
Unlinks a DeveloperUserIdentifier from an existing identity
cognitoidentityprovider_admin_reset_user_password
Resets the specified user's password in a user pool as an administrator
cognitoidentityprovider_add_custom_attributes
Adds additional user attributes to the user pool schema
cognitoidentityprovider_admin_respond_to_auth_challenge
Responds to an authentication challenge, as an administrator
cognitoidentityprovider_admin_user_global_sign_out
Signs out users from all devices, as an administrator
cognitoidentityprovider_get_device
Gets the device
cognitoidentityprovider_admin_update_user_attributes
Updates the specified user's attributes, including developer attributes,
as an administrator
cognitoidentityprovider_create_resource_server
Creates a new OAuth2
cognitoidentityprovider_create_identity_provider
Creates an identity provider for a user pool
cognitoidentityprovider_admin_add_user_to_group
Adds the specified user to the specified group
cognitoidentityprovider_admin_get_device
Gets the device, as an administrator
cognitoidentityprovider_admin_get_user
Gets the specified user by user name in a user pool as an administrator
cognitoidentityprovider_confirm_device
Confirms tracking of the device
cognitoidentityprovider_delete_resource_server
Deletes a resource server
cloudhsmv2_initialize_cluster
Claims an AWS CloudHSM cluster by submitting the cluster certificate
issued by your issuing certificate authority (CA) and the CA's root
certificate
Gets a list of tags for the specified AWS CloudHSM cluster
cognitoidentity_describe_identity
Returns metadata related to the given identity, including when the
identity was created and any associated linked logins
Deletes the specified HSM
cognitoidentity_delete_identity_pool
Deletes an identity pool
cognitoidentity_unlink_identity
Unlinks a federated identity from an existing account
cognitoidentity_untag_resource
Removes the specified tags from an Amazon Cognito identity pool
cognitoidentityprovider_delete_user
Allows a user to delete himself or herself
cognitoidentityprovider_admin_enable_user
Enables the specified user as an administrator
cognitoidentityprovider_get_group
Gets a group
cognitoidentityprovider_associate_software_token
Returns a unique generated shared secret key code for the user account
cognitoidentityprovider_respond_to_auth_challenge
Responds to the authentication challenge
cognitoidentityprovider_resend_confirmation_code
Resends the confirmation (for confirmation of registration) to a
specific user in the user pool
cognitoidentityprovider_get_user_pool_mfa_config
Gets the user pool multi-factor authentication (MFA) configuration
cognitoidentityprovider_admin_disable_user
Disables the specified user as an administrator
cognitoidentityprovider_get_user_attribute_verification_code
Gets the user attribute verification code for the specified attribute
name
cognitoidentityprovider_admin_list_devices
Lists devices, as an administrator
cognitoidentityprovider_get_identity_provider_by_identifier
Gets the specified identity provider
cognitoidentityprovider_get_signing_certificate
This method takes a user pool ID, and returns the signing certificate
cognitoidentityprovider_change_password
Changes the password for a specified user in a user pool
cognitoidentityprovider_admin_update_auth_event_feedback
Provides feedback for an authentication event as to whether it was from
a valid user
cognitoidentityprovider_create_user_pool_client
Creates the user pool client
cognitoidentityprovider_admin_list_groups_for_user
Lists the groups that the user belongs to
cognitoidentityprovider_initiate_auth
Initiates the authentication flow
cognitoidentityprovider_global_sign_out
Signs out users from all devices
cognitoidentityprovider_create_user_pool_domain
Creates a new domain for a user pool
cognitoidentityprovider_delete_user_attributes
Deletes the attributes for a user
cognitoidentityprovider_list_users
Lists the users in the Amazon Cognito user pool
cognitoidentityprovider_set_user_mfa_preference
Set the user's multi-factor authentication (MFA) method preference
cognitoidentityprovider_confirm_forgot_password
Allows a user to enter a confirmation code to reset a forgotten password
cognitoidentityprovider_list_users_in_group
Lists the users in the specified group
cognitoidentityprovider_admin_forget_device
Forgets the device, as an administrator
directoryservice_accept_shared_directory
Accepts a directory sharing request that was sent from the directory
owner account
cognitoidentityprovider_tag_resource
Assigns a set of tags to an Amazon Cognito user pool
cognitoidentityprovider_untag_resource
Removes the specified tags from an Amazon Cognito user pool
cognitoidentityprovider_admin_update_device_status
Updates the device status as an administrator
cognitoidentityprovider_set_user_pool_mfa_config
Set the user pool MFA configuration
cognitoidentityprovider_update_user_pool
Updates the specified user pool with the specified attributes
cognitoidentityprovider_confirm_sign_up
Confirms registration of a user and handles the existing alias from a
previous user
cognitoidentityprovider_update_user_pool_client
Updates the specified user pool app client with the specified attributes
directoryservice_add_ip_routes
If the DNS server for your on-premises domain uses a publicly
addressable IP address, you must add a CIDR address block to correctly
route traffic to and from your Microsoft AD on Amazon Web Services
cognitoidentityprovider_delete_user_pool
Deletes the specified Amazon Cognito user pool
cognitoidentityprovider_describe_risk_configuration
Describes the risk configuration
cognitoidentityprovider_delete_identity_provider
Deletes an identity provider for a user pool
cognitoidentityprovider_delete_group
Deletes a group
cognitosync_describe_identity_usage
Gets usage information for an identity, including number of datasets and
data usage
cognitoidentityprovider_describe_user_pool_domain
Gets information about a domain
directoryservice_delete_directory
Deletes an AWS Directory Service directory
cognitoidentityprovider_forget_device
Forgets the specified device
cognitosync_get_bulk_publish_details
Get the status of the last BulkPublish operation for an identity pool
directoryservice_delete_log_subscription
Deletes the specified log subscription
cognitoidentityprovider_create_group
Creates a new group in the specified user pool
cognitosync_set_cognito_events
Sets the AWS Lambda function for a given event type for an identity pool
cognitosync_set_identity_pool_configuration
Sets the necessary configuration for push sync
cognitoidentityprovider_describe_user_import_job
Describes the user import job
cognitoidentityprovider_get_ui_customization
Gets the UI Customization information for a particular app client's app
UI, if there is something set
directoryservice_connect_directory
Creates an AD Connector to connect to an on-premises directory
directoryservice_enable_radius
Enables multi-factor authentication (MFA) with the Remote Authentication
Dial In User Service (RADIUS) server for an AD Connector or Microsoft AD
directory
cognitoidentityprovider_describe_user_pool
Returns the configuration information and metadata of the specified user
pool
directoryservice_create_alias
Creates an alias for a directory and assigns the alias to the directory
directoryservice_enable_sso
Enables single sign-on for a directory
directoryservice_describe_directories
Obtains information about the directories that belong to this account
cognitoidentityprovider_get_user
Gets the user attributes and metadata for a user
directoryservice_reset_user_password
Resets the password for any user in your AWS Managed Microsoft AD or
Simple AD directory
cognitoidentityprovider_describe_user_pool_client
Client method for returning the configuration information and metadata
of the specified user pool app client
cognitoidentityprovider_list_identity_providers
Lists information about all identity providers for a user pool
cognitoidentityprovider_describe_identity_provider
Gets information about a specific identity provider
cognitoidentityprovider_describe_resource_server
Describes a resource server
cognitoidentityprovider_forgot_password
Calling this API causes a message to be sent to the end user with a
confirmation code that is required to change the user's password
cognitoidentityprovider_list_user_pool_clients
Lists the clients that have been created for the specified user pool
cognitoidentityprovider_get_csv_header
Gets the header information for the
cognitoidentityprovider_set_risk_configuration
Configures actions on detected risks
directoryservice_restore_from_snapshot
Restores a directory using an existing directory snapshot
cognitoidentityprovider_set_ui_customization
Sets the UI customization information for a user pool's built-in app UI
cognitoidentityprovider_list_resource_servers
Lists the resource servers for a user pool
cognitoidentityprovider_set_user_settings
Sets the user settings like multi-factor authentication (MFA)
cognitoidentityprovider_list_user_pools
Lists the user pools associated with an AWS account
cognitoidentityprovider_update_resource_server
Updates the name and scopes of resource server
cognitoidentityprovider_sign_up
Registers the user in the specified user pool and creates a user name,
password, and user attributes
cognitoidentityprovider_update_user_attributes
Allows a user to update a specific attribute (one at a time)
cognitosync_describe_dataset
Gets meta data about a dataset by identity and dataset name
cognitoidentityprovider_update_group
Updates the specified group with the specified attributes
directoryservice_describe_domain_controllers
Provides information about any domain controllers in your directory
cognitoidentityprovider_update_identity_provider
Updates identity provider information for a user pool
fms_list_compliance_status
Returns an array of PolicyComplianceStatus objects in the response
Creates an AWS Firewall Manager policy
Returns a MemberAccounts object that lists the member accounts in the
administrator's AWS organization
cognitoidentityprovider_list_tags_for_resource
Lists the tags that are assigned to an Amazon Cognito user pool
directoryservice_list_ip_routes
Lists the address blocks that you have added to a directory
cognitoidentityprovider_list_user_import_jobs
Lists the user import jobs
directoryservice_list_log_subscriptions
Lists the active log subscriptions for the AWS account
cognitosync_get_cognito_events
Gets the events and the corresponding Lambda functions associated with
an identity pool
cognitoidentityprovider_admin_initiate_auth
Initiates the authentication flow, as an administrator
Amazon Cognito Sync
cognitoidentityprovider_update_auth_event_feedback
Provides the feedback for an authentication event whether it was from a
valid user or not
cognitoidentityprovider_update_device_status
Updates the device status
cognitoidentityprovider_verify_user_attribute
Verifies the specified user attributes in the user pool
cognitosync_get_identity_pool_configuration
Gets the configuration settings of an identity pool
directoryservice_update_number_of_domain_controllers
Adds or removes domain controllers to or from the directory
Amazon GuardDuty
cognitosync_describe_identity_pool_usage
Gets usage details (for example, data storage) about a particular
identity pool
guardduty_decline_invitations
Declines invitations sent to the current member account by AWS account
specified by their account IDs
guardduty_delete_detector
Deletes a Amazon GuardDuty detector specified by the detector ID
cognitosync_subscribe_to_dataset
Subscribes to receive notifications when a dataset is modified by
another device
guardduty_disassociate_members
Disassociates GuardDuty member accounts (to the current GuardDuty master
account) specified by the account IDs
Initiates a bulk publish of all existing datasets for an Identity Pool
to the configured stream
cognitosync_unsubscribe_from_dataset
Unsubscribes from receiving notifications when a dataset is modified by
another device
cognitosync_delete_dataset
Deletes the specific dataset
directoryservice_create_directory
Creates a Simple AD directory
cognitoidentityprovider_admin_link_provider_for_user
Links an existing user account in a user pool (DestinationUser) to an
identity from an external identity provider (SourceUser) based on a
specified attribute name and value from the external identity provider
Retrieves an Amazon GuardDuty detector specified by the detectorId
directoryservice_update_radius
Updates the Remote Authentication Dial In User Service (RADIUS) server
information for an AD Connector or Microsoft AD directory
directoryservice_add_tags_to_resource
Adds or overwrites one or more tags for the specified directory
Gets paginated records, optionally changed after a particular sync count
for a dataset and identity
Lists details about all member accounts for the current GuardDuty master
account
directoryservice_cancel_schema_extension
Cancels an in-progress schema extension to a Microsoft AD directory
guardduty_create_detector
Creates a single Amazon GuardDuty detector
Creates a filter using the specified finding criteria
guardduty_list_threat_intel_sets
Lists the ThreatIntelSets of the GuardDuty service specified by the
detector ID
cognitosync_register_device
Registers a device to receive push sync notifications
cognitoidentityprovider_admin_set_user_settings
Sets all the user settings for a specified user name
cognitoidentityprovider_admin_set_user_mfa_preference
Sets the user's multi-factor authentication (MFA) preference
Attaches the specified managed policy to the specified user
directoryservice_deregister_event_topic
Removes the specified directory as a publisher to the specified SNS
topic
cognitoidentityprovider_create_user_import_job
Creates the user import job
cognitoidentityprovider_create_user_pool
Creates a new Amazon Cognito user pool and sets the password policy for
the pool
cognitoidentityprovider_delete_user_pool_client
Allows the developer to delete the user pool client
directoryservice_create_log_subscription
Creates a subscription to forward real time Directory Service domain
controller security logs to the specified CloudWatch log group in your
AWS account
cognitoidentityprovider_delete_user_pool_domain
Deletes a domain for a user pool
Changes the password of the IAM user who is calling this operation
guardduty_delete_threat_intel_set
Deletes ThreatIntelSet specified by the ThreatIntelSet ID
guardduty_disassociate_from_master_account
Disassociates the current GuardDuty member account from its master
account
directoryservice_describe_snapshots
Obtains information about the directory snapshots that belong to this
account
directoryservice_describe_trusts
Obtains information about the trust relationships for this account
directoryservice_describe_conditional_forwarders
Obtains information about the conditional forwarders for this account
directoryservice_create_microsoft_ad
Creates an AWS Managed Microsoft AD directory
guardduty_get_findings_statistics
Lists Amazon GuardDuty findings' statistics for the specified detector
ID
directoryservice_get_directory_limits
Obtains directory limit information for the current region
directoryservice_remove_ip_routes
Removes IP address blocks from a directory
guardduty_get_invitations_count
Returns the count of all GuardDuty membership invitations that were sent
to the current member account except the currently accepted invitation
directoryservice_get_snapshot_limits
Obtains the manual snapshot limits for a directory
directoryservice_remove_tags_from_resource
Removes tags from a directory
directoryservice_register_event_topic
Associates a directory with an SNS topic
cognitoidentityprovider_list_devices
Lists the devices
Firewall Management Service
directoryservice_create_snapshot
Creates a snapshot of a Simple AD or Microsoft AD directory in the AWS
cloud
Creates a new managed policy for your AWS account
fms_associate_admin_account
Sets the AWS Firewall Manager administrator account
guardduty_start_monitoring_members
Re-enables GuardDuty to monitor findings of the member accounts
specified by the account IDs
iam_create_policy_version
Creates a new version of the specified managed policy
directoryservice_reject_shared_directory
Rejects a directory sharing request that was sent from the directory
owner account
directoryservice_delete_snapshot
Deletes a directory snapshot
guardduty_stop_monitoring_members
Disables GuardDuty from monitoring findings of the member accounts
specified by the account IDs
cognitoidentityprovider_list_groups
Lists the groups associated with a user pool
Returns information about the specified AWS Firewall Manager policy
iam_delete_policy_version
Deletes the specified version from the specified managed policy
fms_get_protection_status
If you created a Shield Advanced policy, returns policy-level attack
summary information in the event of a potential DDoS attack
cognitoidentityprovider_start_user_import_job
Starts the user import
cognitoidentityprovider_stop_user_import_job
Stops the user import job
directoryservice_update_trust
Updates the trust that has been set up between your AWS Managed
Microsoft AD directory and an on-premises Active Directory
Deletes the specified role
cognitoidentityprovider_update_user_pool_domain
Updates the Secure Sockets Layer (SSL) certificate for the custom domain
for your user pool
cognitoidentityprovider_verify_software_token
Use this API to register a user's entered TOTP code and mark the user's
software token MFA status as "verified" if successful
cognitosync_list_datasets
Lists datasets for an identity
AWS Identity and Access Management
Returns an array of PolicySummary objects in the response
directoryservice_delete_trust
Deletes an existing trust relationship between your AWS Managed
Microsoft AD directory and an external domain
directoryservice_verify_trust
AWS Directory Service for Microsoft Active Directory allows you to
configure and verify trust relationships
directoryservice_describe_event_topics
Obtains information about which SNS topics receive status messages from
the specified directory
fms_disassociate_admin_account
Disassociates the account that has been set as the AWS Firewall Manager
administrator account
iam_add_client_id_to_open_id_connect_provider
Adds a new client ID (also known as audience) to the list of client IDs
already registered for the specified IAM OpenID Connect (OIDC) provider
resource
iam_delete_role_permissions_boundary
Deletes the permissions boundary for the specified IAM role
directoryservice_describe_shared_directories
Returns the shared directories in your account
Deletes the specified inline policy that is embedded in the specified
IAM role
Returns the AWS Organizations master account that is associated with AWS
Firewall Manager as the AWS Firewall Manager administrator
directoryservice_unshare_directory
Stops the directory sharing between the directory owner and consumer
accounts
Removes the specified managed policy from the specified user
cognitosync_list_identity_pool_usage
Gets a list of identity pools registered with Cognito
directoryservice_update_conditional_forwarder
Updates a conditional forwarder that has been set up for your AWS
directory
Deletes the filter specified by the filter name
fms_delete_notification_channel
Deletes an AWS Firewall Manager association with the IAM role and the
Amazon Simple Notification Service (SNS) topic that is used to record
AWS Firewall Manager SNS logs
Attaches the specified managed policy to the specified IAM group
cognitosync_update_records
Posts updates to records and adds and deletes records for a dataset and
user
guardduty_delete_invitations
Deletes invitations sent to the current member account by AWS accounts
specified by their account IDs
Attaches the specified managed policy to the specified IAM role
Retrieves GuardDuty member accounts (to the current GuardDuty master
account) specified by the account IDs
Enables the specified MFA device and associates it with the specified
IAM user
Permanently deletes an AWS Firewall Manager policy
Creates a new role for your AWS account
AWS Directory Service
iam_get_credential_report
Retrieves a credential report for the AWS account
guardduty_accept_invitation
Accepts the invitation to be monitored by a master GuardDuty account
Returns a list of IAM users that are in the specified IAM group
fms_put_notification_channel
Designates the IAM role and Amazon Simple Notification Service (SNS)
topic that AWS Firewall Manager uses to record SNS logs
Creates an IAM resource that describes an identity provider (IdP) that
supports SAML 2
guardduty_get_threat_intel_set
Retrieves the ThreatIntelSet that is specified by the ThreatIntelSet ID
guardduty_archive_findings
Archives Amazon GuardDuty findings specified by the list of finding IDs
Deletes the IPSet specified by the IPSet ID
Retrieves information about the specified managed policy, including the
policy's default version and the total number of IAM users, groups, and
roles to which the policy is attached
Returns the details of the filter specified by the filter name
Invites other AWS accounts (created as members of the current AWS
account by CreateMembers) to enable GuardDuty and allow the current AWS
account to view and manage these accounts' GuardDuty findings on their
behalf as the master account
Deletes the specified IAM group
Lists detectorIds of all the existing Amazon GuardDuty detector
resources
Describes Amazon GuardDuty findings specified by finding IDs
Deletes the specified inline policy that is embedded in the specified
IAM group
directoryservice_create_computer
Creates a computer account in the specified directory, and joins the
computer to the directory
Returns a paginated list of the current filters
iam_delete_service_linked_role
Submits a service-linked role deletion request and returns a
DeletionTaskId, which you can use to check the status of the deletion
directoryservice_create_conditional_forwarder
Creates a conditional forwarder associated with your AWS directory
Retrieves information about the specified version of the specified
managed policy, including the policy document
iam_delete_service_specific_credential
Deletes the specified service-specific credential
guardduty_unarchive_findings
Unarchives Amazon GuardDuty findings specified by the list of finding
IDs
Lists Amazon GuardDuty findings for the specified detector ID
guardduty_update_detector
Updates an Amazon GuardDuty detector specified by the detectorId
iam_list_attached_group_policies
Lists all managed policies that are attached to the specified IAM group
iam_list_attached_role_policies
Lists all managed policies that are attached to the specified IAM role
Deletes the specified AWS account alias
Deletes GuardDuty member accounts (to the current GuardDuty master
account) specified by the account IDs
Updates the IPSet specified by the IPSet ID
iam_add_role_to_instance_profile
Adds the specified IAM role to the specified instance profile
iam_delete_account_password_policy
Deletes the password policy for the AWS account
Deletes the specified IAM user
guardduty_update_threat_intel_set
Updates the ThreatIntelSet specified by ThreatIntelSet ID
iam_delete_user_permissions_boundary
Deletes the permissions boundary for the specified IAM user
iam_generate_credential_report
Generates a credential report for the AWS account
Creates a password for the specified user, giving the user the ability
to access AWS services through the AWS Management Console
iam_list_open_id_connect_providers
Lists information about the IAM OpenID Connect (OIDC) provider resource
objects defined in the AWS account
Adds the specified user to the specified group
iam_generate_service_last_accessed_details
Generates a request for a report that includes details about when an IAM
resource (user, group, role, or policy) was last used in an attempt to
access AWS services
directoryservice_create_trust
AWS Directory Service for Microsoft Active Directory allows you to
configure trust relationships
Retrieves the specified inline policy document that is embedded in the
specified IAM group
iam_get_service_last_accessed_details
After you generate a user, group, role, or policy report using the
GenerateServiceLastAccessedDetails operation, you can use the JobId
parameter in GetServiceLastAccessedDetails
iam_get_service_last_accessed_details_with_entities
After you generate a group or policy report using the
GenerateServiceLastAccessedDetails operation, you can use the JobId
parameter in GetServiceLastAccessedDetailsWithEntities
Creates an alias for your AWS account
Creates a new AWS secret access key and corresponding AWS access key ID
for the specified user
Retrieves information about the specified instance profile, including
the instance profile's path, GUID, ARN, and role
Lists all the managed policies that are available in your AWS account,
including your own customer-defined managed policies and all AWS managed
policies
iam_list_signing_certificates
Returns information about the signing certificates associated with the
specified IAM user
Retrieves information about the specified role, including the role's
path, GUID, ARN, and the role's trust policy that grants permission to
assume the role
Retrieves the specified inline policy document that is embedded with the
specified IAM role
Returns information about the SSH public keys associated with the
specified IAM user
directoryservice_delete_conditional_forwarder
Deletes a conditional forwarder that has been set up for your AWS
directory
iam_deactivate_mfa_device
Deactivates the specified MFA device and removes it from association
with the user name for which it was originally enabled
Lists the tags that are attached to the specified role
Lists the names of the inline policies that are embedded in the
specified IAM role
Deletes the access key pair associated with the specified IAM user
Returns information about the access key IDs associated with the
specified IAM user
Lists the IAM roles that have the specified path prefix
Lists the account alias associated with the AWS account (Note: you can
have only one)
iam_delete_open_id_connect_provider
Deletes an OpenID Connect identity provider (IdP) resource object in IAM
Lists the SAML provider resource objects defined in IAM in the account
Deletes the specified managed policy
iam_remove_role_from_instance_profile
Removes the specified IAM role from the specified EC2 instance profile
iam_remove_user_from_group
Removes the specified user from the specified group
Adds or updates an inline policy document that is embedded in the
specified IAM role
iam_create_open_id_connect_provider
Creates an IAM entity to describe an identity provider (IdP) that
supports OpenID Connect (OIDC)
directoryservice_disable_radius
Disables multi-factor authentication (MFA) with the Remote
Authentication Dial In User Service (RADIUS) server for an AD Connector
or Microsoft AD directory
Lists the IAM groups that the specified IAM user belongs to
iam_simulate_principal_policy
Simulate how a set of IAM policies attached to an IAM entity works with
a list of API operations and AWS resources to determine the policies'
effective permissions
Creates a new IAM user for your AWS account
iam_put_user_permissions_boundary
Adds or updates the policy that is specified as the IAM user's
permissions boundary
directoryservice_disable_sso
Disables single-sign on for a directory
iam_list_instance_profiles
Lists the instance profiles that have the specified path prefix
Adds one or more tags to an IAM role
iam_update_server_certificate
Updates the name and/or the path of the specified server certificate
stored in IAM
iam_update_open_id_connect_provider_thumbprint
Replaces the existing list of server certificate thumbprints associated
with an OpenID Connect (OIDC) provider resource object with a new list
of thumbprints
Updates the description or maximum session duration setting of a role
directoryservice_list_schema_extensions
Lists all schema extensions applied to a Microsoft AD Directory
iam_create_virtual_mfa_device
Creates a new virtual MFA device for the AWS account
Lists the IAM users that have the specified path prefix
Deletes a SAML provider resource in IAM
inspector_describe_findings
Describes the findings that are specified by the ARNs of the findings
iam_list_virtual_mfa_devices
Lists the virtual MFA devices defined in the AWS account by assignment
status
iam_update_service_specific_credential
Sets the status of a service-specific credential to Active or Inactive
Updates the name and/or the path of the specified IAM user
iam_delete_signing_certificate
Deletes a signing certificate associated with the specified IAM user
Adds or updates an inline policy document that is embedded in the
specified IAM group
inspector_describe_resource_groups
Describes the resource groups that are specified by the ARNs of the
resource groups
inspector_get_exclusions_preview
Retrieves the exclusions preview (a list of ExclusionPreview objects)
specified by the preview token
directoryservice_list_tags_for_resource
Lists all tags on a directory
iam_put_role_permissions_boundary
Adds or updates the policy that is specified as the IAM role's
permissions boundary
iam_delete_ssh_public_key
Deletes the specified SSH public key
iam_upload_server_certificate
Uploads a server certificate entity for the AWS account
inspector_describe_assessment_targets
Describes the assessment targets that are specified by the ARNs of the
assessment targets
iam_delete_server_certificate
Deletes the specified server certificate
iam_get_access_key_last_used
Retrieves information about when the specified access key was last used
Adds one or more tags to an IAM user
Removes the specified tags from the role
Removes the specified managed policy from the specified IAM group
inspector_get_telemetry_metadata
Information about the data that is collected for the specified
assessment run
inspector_describe_assessment_templates
Describes the assessment templates that are specified by the ARNs of the
assessment templates
directoryservice_share_directory
Shares a specified directory (DirectoryId) in your AWS account
(directory owner) with another AWS account (directory consumer)
iam_get_account_authorization_details
Retrieves information about all IAM users, groups, roles, and policies
in your AWS account, including their relationships to one another
iam_update_role_description
Use UpdateRole instead
iam_get_account_password_policy
Retrieves the password policy for the AWS account
directoryservice_start_schema_extension
Applies a schema extension to a Microsoft AD directory
Retrieves information about IAM entity usage and IAM quotas in the AWS
account
Removes the specified managed policy from the specified role
Lists findings that are generated by the assessment runs that are
specified by the ARNs of the assessment runs
inspector_list_rules_packages
Lists all available Amazon Inspector rules packages
Creates a customer master key (CMK) in the caller's AWS account
fms_get_compliance_detail
Returns detailed compliance information about the specified member
account
Decrypts ciphertext
kms_describe_custom_key_stores
Gets information about custom key stores in the account and region
kms_delete_imported_key_material
Deletes key material that you previously imported
iam_get_service_linked_role_deletion_status
Retrieves the status of your service-linked role deletion
Updates the metadata document for an existing SAML provider resource
object
Retrieves the user name and password-creation date for the specified IAM
user
Gets a key policy attached to the specified customer master key (CMK)
inspector_list_event_subscriptions
Lists all the event subscriptions for the assessment template that is
specified by the ARN of the assessment template
inspector_create_exclusions_preview
Starts the generation of an exclusions preview for the specified
assessment template
inspector_create_resource_group
Creates a resource group using the specified set of tags (key and value
pairs) that are used to select the EC2 instances to be included in an
Amazon Inspector assessment target
iam_get_open_id_connect_provider
Returns information about the specified OpenID Connect (OIDC) provider
resource object in IAM
kms_get_key_rotation_status
Gets a Boolean value that indicates whether automatic rotation of the
key material is enabled for the specified customer master key (CMK)
fms_get_notification_channel
Returns information about the Amazon Simple Notification Service (SNS)
topic that is used to record AWS Firewall Manager SNS logs
Gets a list of all grants for the specified customer master key (CMK)
Creates a new IPSet - a list of trusted IP addresses that have been
whitelisted for secure communication with AWS infrastructure and
applications
Retrieves the specified SSH public key, including metadata about the key
Removes the specified tags from the specified customer master key (CMK)
inspector_list_exclusions
List exclusions that are generated by the assessment run
Creates member accounts of the current AWS account by specifying a list
of AWS account IDs
guardduty_create_sample_findings
Generates example findings of types specified by the list of finding
types
Associates an existing alias with a different customer master key (CMK)
Returns the SAML provider metadocument that was uploaded when the IAM
SAML provider resource object was created or updated
guardduty_create_threat_intel_set
Create a new ThreatIntelSet
iam_get_server_certificate
Retrieves information about the specified server certificate stored in
IAM
ram_enable_sharing_with_aws_organization
Enables resource sharing within your organization
inspector_delete_assessment_run
Deletes the assessment run that is specified by the ARN of the
assessment run
Returns the details on the Security Hub member accounts that are
specified by the account IDs
inspector_delete_assessment_target
Deletes the assessment target that is specified by the ARN of the
assessment target
inspector_list_tags_for_resource
Lists all tags associated with an assessment template
ram_get_resource_policies
Gets the policies for the specifies resources
AWS Key Management Service
Previews the agents installed on the EC2 instances that are part of the
specified assessment target
iam_list_attached_user_policies
Lists all managed policies that are attached to the specified IAM user
Retrieves the IPSet specified by the IPSet ID
iam_list_entities_for_policy
Lists all IAM users, groups, and roles that the specified managed policy
is attached to
shield_describe_emergency_contact_settings
Lists the email addresses that the DRT can use to contact you during a
suspected attack
secretsmanager_tag_resource
Attaches one or more tags, each consisting of a key name and a value, to
the specified secret
Lists the names of the inline policies that are embedded in the
specified IAM group
Lists the IAM groups that have the specified path prefix
Cancels the deletion of a customer master key (CMK)
guardduty_get_master_account
Provides the details for the GuardDuty master account to the current
GuardDuty member account
Sets the key state of a customer master key (CMK) to enabled
securityhub_disable_security_hub
Disables the AWS Security Hub Service
guardduty_list_invitations
Lists all GuardDuty membership invitations that were sent to the current
AWS account
iam_list_policies_granting_service_access
Retrieves a list of policies that the IAM identity (user, group, or
role) can use to access each specified service
Enables automatic rotation of the key material for the specified
customer master key (CMK)
inspector_stop_assessment_run
Stops the assessment run that is specified by the ARN of the assessment
run
secretsmanager_untag_resource
Removes one or more tags from the specified secret
wafregional_delete_permission_policy
Permanently deletes an IAM policy from the specified RuleGroup
Lists information about the versions of the specified managed policy,
including the version that is currently set as the policy's default
version
iam_list_server_certificates
Lists the server certificates stored in IAM that have the specified path
prefix
iam_list_instance_profiles_for_role
Lists the instance profiles that have the specified associated IAM role
Adds the specified tags to the specified resource share
securityhub_delete_insight
Deletes an insight that is specified by the insight ARN
kms_generate_data_key_without_plaintext
Returns a data encryption key encrypted under a customer master key
(CMK)
AWS Resource Access Manager
inspector_subscribe_to_event
Enables the process of sending Amazon Simple Notification Service (SNS)
notifications about a specified event to a specified SNS topic
iam_remove_client_id_from_open_id_connect_provider
Removes the specified client ID (also known as audience) from the list
of client IDs registered for the specified IAM OpenID Connect (OIDC)
provider resource object
Returns the IPSet that is specified by IPSetId
Lists the MFA devices for an IAM user
Returns a random byte string that is cryptographically secure
secretsmanager_get_resource_policy
Retrieves the JSON text of the resource-based policy document that's
attached to the specified secret
Returns a list of all tags for the specified customer master key (CMK)
iam_reset_service_specific_credential
Resets the password for a service-specific credential
kms_create_custom_key_store
Creates a custom key store that is associated with an AWS CloudHSM
cluster that you own and manage
Synchronizes the specified MFA device with its IAM resource object on
the AWS servers
iam_list_service_specific_credentials
Returns information about the service-specific credentials associated
with the specified IAM user
iam_upload_ssh_public_key
Uploads an SSH public key and associates it with the specified IAM user
ram_accept_resource_share_invitation
Accepts an invitation to a resource share from another AWS account
securityhub_delete_invitations
Deletes invitations that are sent to this AWS account (invitee) by the
AWS accounts (inviters) that are specified by their account IDs
Gets a list of all customer master keys (CMKs) in the caller's AWS
account and region
Adds or updates an inline policy document that is embedded in the
specified IAM user
iam_update_ssh_public_key
Sets the status of an IAM user's SSH public key to active or inactive
iam_update_account_password_policy
Updates the password policy settings for the AWS account
secretsmanager_put_secret_value
Stores a new encrypted secret value in the specified secret
iam_update_assume_role_policy
Updates the policy that grants an IAM entity permission to assume a role
Lists the IPSets of the GuardDuty service specified by the detector ID
iam_set_default_policy_version
Sets the specified version of the specified policy as the policy's
default (operative) version
Permanently deletes a Rule
iam_update_signing_certificate
Changes the status of the specified user signing certificate from active
to disabled, or vice versa
kms_list_retirable_grants
Returns a list of all grants for which the grant's RetiringPrincipal
matches the one specified
Lists and describes insights that are specified by insight ARNs
Adds a grant to a customer master key (CMK)
waf_update_rate_based_rule
Inserts or deletes Predicate objects in a rule and updates the RateLimit
in the rule
securityhub_get_invitations_count
Returns the count of all Security Hub membership invitations that were
sent to the current member account, not including the currently accepted
invitation
Updates the filter specified by the filter name
Gets a list of all aliases in the caller's AWS account and region
secretsmanager_get_secret_value
Retrieves the contents of the encrypted fields SecretString or
SecretBinary from the specified version of a secret, whichever contains
content
guardduty_update_findings_feedback
Marks specified Amazon GuardDuty findings as useful or not useful
iam_simulate_custom_policy
Simulate how a set of IAM policies and optionally a resource-based
policy works with a list of API operations and AWS resources to
determine the policies' effective permissions
Amazon Macie
inspector_list_assessment_run_agents
Lists the agents of the assessment runs that are specified by the ARNs
of the assessment runs
Updates the name and/or the path of the specified IAM group
inspector_create_assessment_target
Creates a new assessment target using the ARN of the resource group that
is generated by CreateResourceGroup
Changes the password for the specified IAM user
Creates a new group
Deletes the specified alias
macie_associate_member_account
Associates a specified AWS account with Amazon Macie as a member account
securityhub_get_master_account
Provides the details for the Security Hub master account to the current
member account
ram_get_resource_share_invitations
Gets the specified invitations for resource sharing
inspector_list_assessment_runs
Lists the assessment runs that correspond to the assessment templates
that are specified by the ARNs of the assessment templates
iam_create_instance_profile
Creates a new instance profile
Creates a WebACL, which contains the Rules that identify the CloudFront
web requests that you want to allow, block, or count
Permanently deletes a RuleGroup
secretsmanager_rotate_secret
Configures and starts the asynchronous process of rotating this secret
iam_create_service_linked_role
Creates an IAM role that is linked to a specific AWS service
wafregional_list_size_constraint_sets
Returns an array of SizeConstraintSetSummary objects
iam_create_service_specific_credential
Generates a set of credentials consisting of a user name and password
that can be used to access the service specified in the request
inspector_create_assessment_template
Creates an assessment template for the assessment target that is
specified by the ARN of the assessment target
Returns an array of ByteMatchSetSummary objects
inspector_describe_cross_account_access_role
Describes the IAM role that enables Amazon Inspector to access your AWS
account
inspector_describe_exclusions
Describes the exclusions that are specified by the exclusions' ARNs
inspector_start_assessment_run
Starts the assessment run specified by the ARN of the assessment
template
inspector_list_assessment_targets
Lists the ARNs of the assessment targets within this AWS account
ram_get_resource_share_associations
Gets the associations for the specified resource share
iam_upload_signing_certificate
Uploads an X
shield_describe_drt_access
Returns the current role and list of Amazon S3 log buckets used by the
DDoS Response team (DRT) to access your AWS account while assisting with
attack mitigation
inspector_list_assessment_templates
Lists the assessment templates that correspond to the assessment targets
that are specified by the ARNs of the assessment targets
Disables automatic rotation of the key material for the specified
customer master key (CMK)
kms_disconnect_custom_key_store
Disconnects the custom key store from its associated AWS CloudHSM
cluster
Encrypts plaintext into ciphertext by using a customer master key (CMK)
iam_delete_instance_profile
Deletes the specified instance profile
kms_delete_custom_key_store
Deletes a custom key store
Creates an XssMatchSet, which you use to allow, block, or count requests
that contain cross-site scripting attacks in the specified part of web
requests
secretsmanager_list_secret_version_ids
Lists all of the versions attached to the specified secret
Deletes the password for the specified IAM user, which terminates the
user's ability to access AWS services through the AWS Management Console
Returns a data encryption key that you can use in your application to
encrypt data locally
waf_delete_logging_configuration
Permanently deletes the LoggingConfiguration from the specified web ACL
shield_associate_drt_log_bucket
Authorizes the DDoS Response team (DRT) to access the specified Amazon
S3 bucket containing your flow logs
Retires a grant
Deletes the specified inline policy that is embedded in the specified
IAM user
wafregional_update_web_acl
Inserts or deletes ActivatedRule objects in a WebACL
waf_put_logging_configuration
Associates a LoggingConfiguration with a specified web ACL
ram_delete_resource_share
Deletes the specified resource share
Gets the names of the key policies that are attached to a customer
master key (CMK)
inspector_set_tags_for_resource
Sets tags (key and value pairs) to the assessment template that is
specified by the ARN of the assessment template
wafregional_list_logging_configurations
Returns an array of LoggingConfiguration objects
Inserts or deletes XssMatchTuple objects (filters) in an XssMatchSet
AWS Shield
macie_associate_s3_resources
Associates specified S3 resources with Amazon Macie for monitoring and
data classification
AWS Security Token Service
Encrypts data on the server side with a new customer master key (CMK)
without exposing the plaintext of the data on the client side
inspector_unsubscribe_from_event
Disables the process of sending Amazon Simple Notification Service (SNS)
notifications about a specified event to a specified SNS topic
iam_delete_virtual_mfa_device
Deletes a virtual MFA device
shield_update_subscription
Updates the details of an existing subscription
waf_list_sql_injection_match_sets
Returns an array of SqlInjectionMatchSet objects
inspector_update_assessment_target
Updates the assessment target that is specified by the ARN of the
assessment target
shield_create_subscription
Activates AWS Shield Advanced for an account
waf_update_byte_match_set
Inserts or deletes ByteMatchTuple objects (filters) in a ByteMatchSet
macie_update_s3_resources
Updates the classification types for the specified S3 resources
macie_disassociate_member_account
Removes the specified member account from Amazon Macie
waf_get_regex_pattern_set
Returns the RegexPatternSet specified by RegexPatternSetId
Revokes the specified grant for the specified customer master key (CMK)
iam_get_context_keys_for_custom_policy
Gets a list of all of the context keys referenced in the input policies
waf_get_logging_configuration
Returns the LoggingConfiguration for the specified web ACL
Attaches a key policy to the specified customer master key (CMK)
iam_get_context_keys_for_principal_policy
Gets a list of all of the context keys referenced in all the IAM
policies that are attached to the specified IAM entity
Retrieves information about the specified IAM user, including the user's
creation date, path, unique ID, and ARN
shield_update_emergency_contact_settings
Updates the details of the list of email addresses that the DRT can use
to contact you during a suspected attack
Lists all the S3 resources associated with Amazon Macie
secretsmanager_cancel_rotate_secret
Disables automatic scheduled rotation and cancels the rotation of a
secret if one is currently in progress
ram_disassociate_resource_share
Disassociates the specified principals or resources from the specified
resource share
Enables AWS Shield Advanced for a specific AWS resource
Lists the tags that are attached to the specified user
Retrieves the specified inline policy document that is embedded in the
specified IAM user
Removes the specified tags from the user
Lists the names of the inline policies embedded in the specified IAM
user
Changes the status of the specified access key from Active to Inactive,
or vice versa
Permanently deletes an IPSet
Amazon Inspector
secretsmanager_restore_secret
Cancels the scheduled deletion of a secret by removing the DeletedDate
time stamp
waf_put_permission_policy
Attaches a IAM policy to the specified resource
Deletes an AWS Shield Advanced Protection
inspector_add_attributes_to_findings
Assigns attributes (key and value pairs) to the findings that are
specified by the ARNs of the findings
wafregional_disassociate_web_acl
Removes a web ACL from the specified resource, either an application
load balancer or Amazon API Gateway stage
macie_disassociate_s3_resources
Removes specified S3 resources from being monitored by Amazon Macie
Returns the Rule that is specified by the RuleId that you included in
the GetRule request
Removes the specified tags from the specified resource share
securityhub_disassociate_from_master_account
Disassociates the current Security Hub member account from its master
account
ram_update_resource_share
Updates the specified resource share
wafregional_delete_logging_configuration
Permanently deletes the LoggingConfiguration from the specified web ACL
AWS Secrets Manager
Returns an array of RuleSummary objects
secretsmanager_describe_secret
Retrieves the details of a secret
waf_update_regex_match_set
Inserts or deletes RegexMatchTuple objects (filters) in a RegexMatchSet
macie_list_member_accounts
Lists all Amazon Macie member accounts for the current Amazon Macie
master account
sts_assume_role_with_web_identity
Returns a set of temporary security credentials for users who have been
authenticated in a mobile or web application with a web identity
provider, such as Amazon Cognito, Login with Amazon, Facebook, Google,
or any OpenID Connect-compatible identity provider
waf_create_sql_injection_match_set
Creates a SqlInjectionMatchSet, which you use to allow, block, or count
requests that contain snippets of SQL code in a specified part of web
requests
secretsmanager_list_secrets
Lists all of the secrets that are stored by Secrets Manager in the AWS
account
wafregional_delete_xss_match_set
Permanently deletes an XssMatchSet
wafregional_associate_web_acl
Associates a web ACL with a resource, either an application load
balancer or Amazon API Gateway stage
securityhub_disable_import_findings_for_product
Stops you from being able to import findings generated by integrated
third-party providers into Security Hub
Lists and describes Security Hub-aggregated findings that are specified
by filter attributes
ram_associate_resource_share
Associates the specified resource share with the specified principals
and resources
secretsmanager_get_random_password
Generates a random password of the specified complexity
waf_get_change_token_status
Returns the status of a ChangeToken that you got by calling
GetChangeToken
securityhub_delete_members
Deletes the Security Hub member accounts that are specified by the
account IDs
sts_decode_authorization_message
Decodes additional information about the authorization status of a
request from an encoded message returned in response to an AWS request
wafregional_create_byte_match_set
Creates a ByteMatchSet
wafregional_create_geo_match_set
Creates an GeoMatchSet, which you use to specify which web requests you
want to allow or block based on the country that the requests originate
from
wafregional_create_size_constraint_set
Creates a SizeConstraintSet
Creates a Rule, which contains the IPSet objects, ByteMatchSet objects,
and other predicates that identify the requests that you want to block
ram_create_resource_share
Creates a resource share
inspector_delete_assessment_template
Deletes the assessment template that is specified by the ARN of the
assessment template
Returns the RuleGroup that is specified by the RuleGroupId that you
included in the GetRuleGroup request
secretsmanager_put_resource_policy
Attaches the contents of the specified resource-based permission policy
to a secret
Returns the XssMatchSet that is specified by XssMatchSetId
shield_associate_drt_role
Authorizes the DDoS Response team (DRT), using the specified role, to
access your AWS account to assist with DDoS attack mitigation during
potential attacks
wafregional_get_rate_based_rule_managed_keys
Returns an array of IP addresses currently being blocked by the
RateBasedRule that is specified by the RuleId
securityhub_get_insight_results
Lists the results of the Security Hub insight specified by the insight
ARN
Returns details about the IAM identity whose credentials are used to
call the API
Creates a RuleGroup
securityhub_create_insight
Creates an insight, which is a consolidation of findings that identifies
a security area that requires attention or intervention
Returns an array of XssMatchSet objects
inspector_describe_assessment_runs
Describes the assessment runs that are specified by the ARNs of the
assessment runs
wafregional_create_rate_based_rule
Creates a RateBasedRule
shield_disassociate_drt_log_bucket
Removes the DDoS Response team's (DRT) access to the specified Amazon S3
bucket containing your flow logs
Returns an array of IPSetSummary objects in the response
waf_delete_regex_pattern_set
Permanently deletes a RegexPatternSet
securityhub_batch_import_findings
Imports security findings that are generated by the integrated
third-party products into Security Hub
wafregional_get_regex_match_set
Returns the RegexMatchSet specified by RegexMatchSetId
Returns the RateBasedRule that is specified by the RuleId that you
included in the GetRateBasedRule request
Gets the specified resource shares or all of your resource shares
waf_delete_regex_match_set
Permanently deletes a RegexMatchSet
securityhub_list_enabled_products_for_import
Lists all Security Hub-integrated third-party findings providers
Returns a set of temporary security credentials (consisting of an access
key ID, a secret access key, and a security token) for a federated user
Returns an array of RuleGroup objects
shield_disassociate_drt_role
Removes the DDoS Response team's (DRT) access to your AWS account
inspector_describe_rules_packages
Describes the rules packages that are specified by the ARNs of the rules
packages
inspector_get_assessment_report
Produces an assessment report that includes detailed and comprehensive
results of a specified assessment run
shield_describe_protection
Lists the details of a Protection object
securityhub_invite_members
Invites other AWS accounts to enable Security Hub and become Security
Hub member accounts
Lists the principals with access to the specified resource
Returns the WebACL that is specified by WebACLId
inspector_register_cross_account_access_role
Registers the IAM role that grants Amazon Inspector access to AWS
Services needed to perform security assessments
inspector_remove_attributes_from_findings
Removes entire attributes (key and value pairs) from the findings that
are specified by the ARNs of the findings where an attribute with the
specified key exists
waf_list_size_constraint_sets
Returns an array of SizeConstraintSetSummary objects
kms_connect_custom_key_store
Connects or reconnects a custom key store to its associated AWS CloudHSM
cluster
securityhub_batch_disable_standards
Disables the standards specified by the standards subscription ARNs
securityhub_list_invitations
Lists all Security Hub membership invitations that were sent to the
current AWS account
Lists all Protection objects for the account
waf_list_activated_rules_in_rule_group
Returns an array of ActivatedRule objects
wafregional_delete_regex_pattern_set
Permanently deletes a RegexPatternSet
shield_describe_subscription
Provides details about the AWS Shield Advanced subscription for an
account
wafregional_update_sql_injection_match_set
Inserts or deletes SqlInjectionMatchTuple objects (filters) in a
SqlInjectionMatchSet
secretsmanager_create_secret
Creates a new secret
secretsmanager_update_secret
Modifies many of the details of the specified secret
Inserts or deletes GeoMatchConstraint objects in an GeoMatchSet
waf_delete_sql_injection_match_set
Permanently deletes a SqlInjectionMatchSet
waf_create_regex_match_set
Creates a RegexMatchSet
waf_get_permission_policy
Returns the IAM policy attached to the RuleGroup
secretsmanager_update_secret_version_stage
Modifies the staging labels attached to a version of a secret
Returns the GeoMatchSet that is specified by GeoMatchSetId
waf_list_regex_match_sets
Returns an array of RegexMatchSetSummary objects
waf_create_regex_pattern_set
Creates a RegexPatternSet
waf_update_size_constraint_set
Inserts or deletes SizeConstraint objects (filters) in a
SizeConstraintSet
waf_delete_size_constraint_set
Permanently deletes a SizeConstraintSet
wafregional_get_geo_match_set
Returns the GeoMatchSet that is specified by GeoMatchSetId
wafregional_create_regex_match_set
Creates a RegexMatchSet
securityhub_batch_enable_standards
Enables the standards specified by the standards ARNs
Gets detailed information about a specified number of requests--a
sample--that AWS WAF randomly selects from among the first 5,000
requests that your AWS resource received during a time range that you
choose
Returns a set of temporary credentials for an AWS account or IAM user
wafregional_create_sql_injection_match_set
Creates a SqlInjectionMatchSet, which you use to allow, block, or count
requests that contain snippets of SQL code in a specified part of web
requests
Creates a display name for a customer master key (CMK)
Sets the state of a customer master key (CMK) to disabled, thereby
preventing its use for cryptographic operations
securityhub_enable_import_findings_for_product
Enables you to import findings generated by integrated third-party
providers into Security Hub
Inserts or deletes IPSetDescriptor objects in an IPSet
securityhub_disassociate_members
Disassociates the Security Hub member accounts that are specified by the
account IDs from their master account
wafregional_delete_web_acl
Permanently deletes a WebACL
waf_update_regex_pattern_set
Inserts or deletes RegexPatternString objects in a RegexPatternSet
waf_create_rate_based_rule
Creates a RateBasedRule
kms_get_parameters_for_import
Returns the items you need in order to import key material into AWS KMS
from your existing key management infrastructure
Inserts or deletes ActivatedRule objects in a WebACL
AWS WAF
Returns an array of IPSetSummary objects in the response
wafregional_create_xss_match_set
Creates an XssMatchSet, which you use to allow, block, or count requests
that contain cross-site scripting attacks in the specified part of web
requests
Inserts or deletes ActivatedRule objects in a RuleGroup
Returns the IPSet that is specified by IPSetId
wafregional_get_rule_group
Returns the RuleGroup that is specified by the RuleGroupId that you
included in the GetRuleGroup request
waf_update_sql_injection_match_set
Inserts or deletes SqlInjectionMatchTuple objects (filters) in a
SqlInjectionMatchSet
Returns the ByteMatchSet specified by ByteMatchSetId
Provides detailed information about the specified customer master key
(CMK)
Returns an array of GeoMatchSetSummary objects in the response
Lists details about all member accounts for the current Security Hub
master account
Adds or edits tags for a customer master key (CMK)
waf_list_subscribed_rule_groups
Returns an array of RuleGroup objects that you are subscribed to
Returns a set of temporary security credentials (consisting of an access
key ID, a secret access key, and a security token) that you can use to
access AWS resources that you might not normally have access to
sts_assume_role_with_saml
Returns a set of temporary security credentials for users who have been
authenticated via a SAML authentication response
wafregional_delete_rate_based_rule
Permanently deletes a RateBasedRule
wafregional_create_web_acl
Creates a WebACL, which contains the Rules that identify the CloudFront
web requests that you want to allow, block, or count
wafregional_list_sql_injection_match_sets
Returns an array of SqlInjectionMatchSet objects
wafregional_delete_sql_injection_match_set
Permanently deletes a SqlInjectionMatchSet
AWS WAF Regional
Creates an IPSet, which you use to specify which web requests that you
want to allow or block based on the IP addresses that the requests
originate from
Creates a Rule, which contains the IPSet objects, ByteMatchSet objects,
and other predicates that identify the requests that you want to block
Imports key material into an existing AWS KMS customer master key (CMK)
that was created without key material
kms_schedule_key_deletion
Schedules the deletion of a customer master key (CMK)
wafregional_get_regex_pattern_set
Returns the RegexPatternSet specified by RegexPatternSetId
waf_create_size_constraint_set
Creates a SizeConstraintSet
kms_update_custom_key_store
Changes the properties of a custom key store
wafregional_create_ip_set
Creates an IPSet, which you use to specify which web requests that you
want to allow or block based on the IP addresses that the requests
originate from
wafregional_update_regex_pattern_set
Inserts or deletes RegexPatternString objects in a RegexPatternSet
Permanently deletes a Rule
wafregional_update_byte_match_set
Inserts or deletes ByteMatchTuple objects (filters) in a ByteMatchSet
wafregional_get_size_constraint_set
Returns the SizeConstraintSet specified by SizeConstraintSetId
securityhub_update_findings
Updates the AWS Security Hub-aggregated findings specified by the filter
attributes
wafregional_list_activated_rules_in_rule_group
Returns an array of ActivatedRule objects
wafregional_delete_regex_match_set
Permanently deletes a RegexMatchSet
wafregional_get_sql_injection_match_set
Returns the SqlInjectionMatchSet that is specified by
SqlInjectionMatchSetId
wafregional_list_rule_groups
Returns an array of RuleGroup objects
kms_update_key_description
Updates the description of a customer master key (CMK)
Returns an array of RuleSummary objects
wafregional_get_change_token_status
Returns the status of a ChangeToken that you got by calling
GetChangeToken
wafregional_update_xss_match_set
Inserts or deletes XssMatchTuple objects (filters) in an XssMatchSet
wafregional_put_permission_policy
Attaches a IAM policy to the specified resource
secretsmanager_delete_resource_policy
Deletes the resource-based permission policy that's attached to the
secret
wafregional_list_xss_match_sets
Returns an array of XssMatchSet objects
waf_get_sql_injection_match_set
Returns the SqlInjectionMatchSet that is specified by
SqlInjectionMatchSetId
When you want to create, update, or delete AWS WAF objects, get a change
token and include the change token in the create, update, or delete
request
waf_list_regex_pattern_sets
Returns an array of RegexPatternSetSummary objects
waf_get_size_constraint_set
Returns the SizeConstraintSet specified by SizeConstraintSetId
Returns an array of WebACLSummary objects in the response
wafregional_list_geo_match_sets
Returns an array of GeoMatchSetSummary objects in the response
wafregional_get_sampled_requests
Gets detailed information about a specified number of requests--a
sample--that AWS WAF randomly selects from among the first 5,000
requests that your AWS resource received during a time range that you
choose
wafregional_put_logging_configuration
Associates a LoggingConfiguration with a specified web ACL
Lists the resources that the specified principal can access
wafregional_create_regex_pattern_set
Creates a RegexPatternSet
wafregional_delete_byte_match_set
Permanently deletes a ByteMatchSet
ram_reject_resource_share_invitation
Rejects an invitation to a resource share from another AWS account
wafregional_delete_ip_set
Permanently deletes an IPSet
Inserts or deletes Predicate objects in a Rule
waf_delete_rate_based_rule
Permanently deletes a RateBasedRule
wafregional_get_xss_match_set
Returns the XssMatchSet that is specified by XssMatchSetId
wafregional_get_logging_configuration
Returns the LoggingConfiguration for the specified web ACL
wafregional_create_rule_group
Creates a RuleGroup
wafregional_list_subscribed_rule_groups
Returns an array of RuleGroup objects that you are subscribed to
wafregional_get_permission_policy
Returns the IAM policy attached to the RuleGroup
wafregional_get_rate_based_rule
Returns the RateBasedRule that is specified by the RuleId that you
included in the GetRateBasedRule request
secretsmanager_delete_secret
Deletes an entire secret and all of its versions
wafregional_list_byte_match_sets
Returns an array of ByteMatchSetSummary objects
wafregional_list_web_ac_ls
Returns an array of WebACLSummary objects in the response
Inserts or deletes Predicate objects in a Rule
Creates an GeoMatchSet, which you use to specify which web requests you
want to allow or block based on the country that the requests originate
from
wafregional_get_byte_match_set
Returns the ByteMatchSet specified by ByteMatchSetId
wafregional_delete_geo_match_set
Permanently deletes a GeoMatchSet
wafregional_update_rate_based_rule
Inserts or deletes Predicate objects in a rule and updates the RateLimit
in the rule
wafregional_update_regex_match_set
Inserts or deletes RegexMatchTuple objects (filters) in a RegexMatchSet
wafregional_get_change_token
When you want to create, update, or delete AWS WAF objects, get a change
token and include the change token in the create, update, or delete
request
AWS SecurityHub
wafregional_list_regex_pattern_sets
Returns an array of RegexPatternSetSummary objects
securityhub_decline_invitations
Declines invitations that are sent to this AWS account (invitee) by the
AWS accounts (inviters) that are specified by the account IDs
securityhub_accept_invitation
Accepts the invitation to be monitored by a master SecurityHub account
wafregional_list_resources_for_web_acl
Returns an array of resources associated with the specified web ACL
wafregional_update_size_constraint_set
Inserts or deletes SizeConstraint objects (filters) in a
SizeConstraintSet
waf_get_rate_based_rule_managed_keys
Returns an array of IP addresses currently being blocked by the
RateBasedRule that is specified by the RuleId
wafregional_update_rule_group
Inserts or deletes ActivatedRule objects in a RuleGroup
shield_delete_subscription
Removes AWS Shield Advanced from an account
wafregional_get_web_acl_for_resource
Returns the web ACL for the specified resource, either an application
load balancer or Amazon API Gateway stage
securityhub_create_members
Creates member Security Hub accounts in the current AWS account (which
becomes the master Security Hub account) that has Security Hub enabled
securityhub_enable_security_hub
Enables the AWS Security Hub service
waf_delete_permission_policy
Permanently deletes an IAM policy from the specified RuleGroup
securityhub_get_enabled_standards
Lists and describes enabled standards
Describes the details of a DDoS attack
securityhub_update_insight
Updates the AWS Security Hub insight specified by the insight ARN
waf_create_byte_match_set
Creates a ByteMatchSet
Returns all ongoing DDoS attacks or all DDoS attacks during a specified
time period
shield_get_subscription_state
Returns the SubscriptionState, either Active or Inactive
wafregional_list_rate_based_rules
Returns an array of RuleSummary objects
Permanently deletes a GeoMatchSet
waf_delete_byte_match_set
Permanently deletes a ByteMatchSet
Permanently deletes a WebACL
Permanently deletes an XssMatchSet
Returns the WebACL that is specified by WebACLId
wafregional_delete_rule_group
Permanently deletes a RuleGroup
waf_list_logging_configurations
Returns an array of LoggingConfiguration objects
Returns the RegexMatchSet specified by RegexMatchSetId
wafregional_delete_size_constraint_set
Permanently deletes a SizeConstraintSet
waf_list_rate_based_rules
Returns an array of RuleSummary objects
Returns the Rule that is specified by the RuleId that you included in
the GetRule request
wafregional_update_ip_set
Inserts or deletes IPSetDescriptor objects in an IPSet
wafregional_update_geo_match_set
Inserts or deletes GeoMatchConstraint objects in an GeoMatchSet
wafregional_list_regex_match_sets
Returns an array of RegexMatchSetSummary objects
AWS Certificate Manager
Deletes a certificate and its associated private key
Imports a certificate into AWS Certificate Manager (ACM) to use with
services that are integrated with ACM
acm_list_tags_for_certificate
Lists the tags that have been applied to the ACM certificate
Retrieves a certificate specified by an ARN and its certificate chain
Exports a private certificate issued by a private certificate authority
(CA) for use anywhere
acm_remove_tags_from_certificate
Remove one or more tags from an ACM certificate
acm_add_tags_to_certificate
Adds one or more tags to an ACM certificate
Retrieves a list of certificate ARNs and domain names