AWS Identity and Access Management Roles Anywhere provides a secure way for your workloads such as servers, containers, and applications running outside of AWS to obtain Temporary AWS credentials. Your workloads can use the same IAM policies and roles that you have configured with native AWS applications to access AWS resources. Using IAM Roles Anywhere will eliminate the need to manage long term credentials for workloads running outside of AWS.
To use IAM Roles Anywhere customer workloads will need to use X.509 certificates issued by their Certificate Authority (CA) . The Certificate Authority (CA) needs to be registered with IAM Roles Anywhere as a trust anchor to establish trust between customer PKI and IAM Roles Anywhere. Customers who do not manage their own PKI system can use AWS Certificate Manager Private Certificate Authority (ACM PCA) to create a Certificate Authority and use that to establish trust with IAM Roles Anywhere
This guide describes the IAM rolesanywhere operations that you can call programmatically. For general information about IAM Roles Anywhere see https://docs.aws.amazon.com/
iamrolesanywhere(config = list())A client for the service. You can call the service's operations using
syntax like svc$operation(...), where svc is the name you've assigned
to the client. The available operations are listed in the
Operations section.
Optional configuration of credentials, endpoint, and/or region.
access_key_id: AWS access key ID
secret_access_key: AWS secret access key
session_token: AWS temporary session token
profile: The name of a profile to use. If not given, then the default profile is used.
anonymous: Set anonymous credentials.
endpoint: The complete URL to use for the constructed client.
region: The AWS Region used in instantiating the client.
close_connection: Immediately close all HTTP connections.
timeout: The time in seconds till a timeout exception is thrown when attempting to make a connection. The default is 60 seconds.
s3_force_path_style: Set this to true to force the request to use path-style addressing, i.e., http://s3.amazonaws.com/BUCKET/KEY.
svc <- iamrolesanywhere(
config = list(
credentials = list(
creds = list(
access_key_id = "string",
secret_access_key = "string",
session_token = "string"
),
profile = "string",
anonymous = "logical"
),
endpoint = "string",
region = "string",
close_connection = "logical",
timeout = "numeric",
s3_force_path_style = "logical"
)
)
| create_profile | Creates a profile |
| create_trust_anchor | Creates a trust anchor |
| delete_crl | Deletes a certificate revocation list (CRL) |
| delete_profile | Deletes a profile |
| delete_trust_anchor | Deletes a trust anchor |
| disable_crl | Disables a certificate revocation list (CRL) |
| disable_profile | Disables a profile |
| disable_trust_anchor | Disables a trust anchor |
| enable_crl | Enables a certificate revocation list (CRL) |
| enable_profile | Enables the roles in a profile to receive session credentials in CreateSession |
| enable_trust_anchor | Enables a trust anchor |
| get_crl | Gets a certificate revocation list (CRL) |
| get_profile | Gets a profile |
| get_subject | Gets a Subject |
| get_trust_anchor | Gets a trust anchor |
| import_crl | Imports the certificate revocation list (CRL) |
| list_crls | Lists all Crls in the authenticated account and Amazon Web Services Region |
| list_profiles | Lists all profiles in the authenticated account and Amazon Web Services Region |
| list_subjects | Lists the subjects in the authenticated account and Amazon Web Services Region |
| list_tags_for_resource | Lists the tags attached to the resource |
| list_trust_anchors | Lists the trust anchors in the authenticated account and Amazon Web Services Region |
| tag_resource | Attaches tags to a resource |
| untag_resource | Removes tags from the resource |
| update_crl | Updates the certificate revocation list (CRL) |
| update_profile | Updates the profile |
| update_trust_anchor | Updates the trust anchor |
if (FALSE) {
svc <- iamrolesanywhere()
svc$create_profile(
Foo = 123
)
}
Run the code above in your browser using DataLab