AWS SDK for JavaScript IAM Client for Node.js, Browser and React Native.
Identity and Access Management
Identity and Access Management (IAM) is a web service for securely controlling
access to Amazon Web Services services. With IAM, you can centrally manage users, security credentials
such as access keys, and permissions that control which Amazon Web Services resources users and
applications can access. For more information about IAM, see Identity and Access Management (IAM) and the Identity and Access Management User Guide.
Programmatic access to IAM
We recommend that you use the Amazon Web Services SDKs to make programmatic API calls to IAM. The Amazon Web Services
SDKs consist of libraries and sample code for various programming languages and platforms
(for example, Java, Ruby, .NET, iOS, and Android). The SDKs provide a convenient way to
create programmatic access to IAM and Amazon Web Services. For example, the SDKs take care of tasks such as
cryptographically signing requests, managing errors, and retrying requests automatically.
For more information, see Tools to build on
Amazon Web Services.
Alternatively, you can also use the IAM Query API to make direct calls to the IAM
service. For more information about calling the IAM Query API, see Making query
requests in the Identity and Access Management User Guide. IAM supports GET and
POST requests for all actions. That is, the API does not require you to use GET for some
actions and POST for others. However, GET requests are subject to the limitation size of a
URL. Therefore, for operations that require larger sizes, use a POST request.
Signing requests
Requests must be signed using an access key ID and a secret access key. We strongly
recommend that you do not use your Amazon Web Services account access key ID and secret access key for
everyday work with IAM. You can use the access key ID and secret access key for an
IAM user or you can use the Security Token Service to generate temporary security credentials and use
those to sign requests.
To sign requests, we recommend that you use Signature Version 4. If you have an
existing application that uses Signature Version 2, you do not have to update it to use
Signature Version 4. However, some operations now require Signature Version 4. The
documentation for operations that require version 4 indicate this requirement.
Additional resources
To install this package, use the CLI of your favorite package manager:
npm install @aws-sdk/client-iam
yarn add @aws-sdk/client-iam
pnpm add @aws-sdk/client-iam
The AWS SDK is modulized by clients and commands.
To send a request, you only need to import the IAMClient and
the commands you need, for example ListGroupsCommand:
const { IAMClient, ListGroupsCommand } = require("@aws-sdk/client-iam");
import { IAMClient, ListGroupsCommand } from "@aws-sdk/client-iam";
To send a request:
- Instantiate a client with configuration (e.g. credentials, region).
- Instantiate a command with input parameters.
- Call the
send operation on the client, providing the command object as input.
const client = new IAMClient({ region: "REGION" });
const params = { };
const command = new ListGroupsCommand(params);
We recommend using the await
operator to wait for the promise returned by send operation as follows:
try {
const data = await client.send(command);
} catch (error) {
} finally {
}
You can also use Promise chaining.
client
.send(command)
.then((data) => {
})
.catch((error) => {
})
.finally(() => {
});
The aggregated client class is exported from the same package, but without the "Client" suffix.
IAM extends IAMClient and additionally supports all operations, waiters, and paginators as methods.
This style may be familiar to you from the AWS SDK for JavaScript v2.
If you are bundling the AWS SDK, we recommend using only the bare-bones client (IAMClient).
More details are in the blog post on
modular packages in AWS SDK for JavaScript.
import { IAM } from "@aws-sdk/client-iam";
const client = new IAM({ region: "REGION" });
try {
const data = await client.listGroups(params);
} catch (error) {
}
client
.listGroups(params)
.then((data) => {
})
.catch((error) => {
});
client.listGroups(params, (err, data) => {
});
When the service returns an exception, the error will include the exception information,
as well as response metadata (e.g. request id).
try {
const data = await client.send(command);
} catch (error) {
const { requestId, cfId, extendedRequestId } = error.$metadata;
console.log({ requestId, cfId, extendedRequestId });
}
See also docs/ERROR_HANDLING.
Please use these community resources for getting help.
We use GitHub issues for tracking bugs and feature requests, but have limited bandwidth to address them.
To test your universal JavaScript code in Node.js, browser and react-native environments,
visit our code samples repo.
This client code is generated automatically. Any modifications will be overwritten the next time the @aws-sdk/client-iam package is updated.
To contribute to client you can check our generate clients scripts.
This SDK is distributed under the
Apache License, Version 2.0,
see LICENSE for more information.
AcceptDelegationRequest
Command API Reference / Input / Output
AddClientIDToOpenIDConnectProvider
Command API Reference / Input / Output
AddRoleToInstanceProfile
Command API Reference / Input / Output
AddUserToGroup
Command API Reference / Input / Output
AssociateDelegationRequest
Command API Reference / Input / Output
AttachGroupPolicy
Command API Reference / Input / Output
AttachRolePolicy
Command API Reference / Input / Output
AttachUserPolicy
Command API Reference / Input / Output
ChangePassword
Command API Reference / Input / Output
CreateAccessKey
Command API Reference / Input / Output
CreateAccountAlias
Command API Reference / Input / Output
CreateDelegationRequest
Command API Reference / Input / Output
CreateGroup
Command API Reference / Input / Output
CreateInstanceProfile
Command API Reference / Input / Output
CreateLoginProfile
Command API Reference / Input / Output
CreateOpenIDConnectProvider
Command API Reference / Input / Output
CreatePolicy
Command API Reference / Input / Output
CreatePolicyVersion
Command API Reference / Input / Output
CreateRole
Command API Reference / Input / Output
CreateSAMLProvider
Command API Reference / Input / Output
CreateServiceLinkedRole
Command API Reference / Input / Output
CreateServiceSpecificCredential
Command API Reference / Input / Output
CreateUser
Command API Reference / Input / Output
CreateVirtualMFADevice
Command API Reference / Input / Output
DeactivateMFADevice
Command API Reference / Input / Output
DeleteAccessKey
Command API Reference / Input / Output
DeleteAccountAlias
Command API Reference / Input / Output
DeleteAccountPasswordPolicy
Command API Reference / Input / Output
DeleteGroup
Command API Reference / Input / Output
DeleteGroupPolicy
Command API Reference / Input / Output
DeleteInstanceProfile
Command API Reference / Input / Output
DeleteLoginProfile
Command API Reference / Input / Output
DeleteOpenIDConnectProvider
Command API Reference / Input / Output
DeletePolicy
Command API Reference / Input / Output
DeletePolicyVersion
Command API Reference / Input / Output
DeleteRole
Command API Reference / Input / Output
DeleteRolePermissionsBoundary
Command API Reference / Input / Output
DeleteRolePolicy
Command API Reference / Input / Output
DeleteSAMLProvider
Command API Reference / Input / Output
DeleteServerCertificate
Command API Reference / Input / Output
DeleteServiceLinkedRole
Command API Reference / Input / Output
DeleteServiceSpecificCredential
Command API Reference / Input / Output
DeleteSigningCertificate
Command API Reference / Input / Output
DeleteSSHPublicKey
Command API Reference / Input / Output
DeleteUser
Command API Reference / Input / Output
DeleteUserPermissionsBoundary
Command API Reference / Input / Output
DeleteUserPolicy
Command API Reference / Input / Output
DeleteVirtualMFADevice
Command API Reference / Input / Output
DetachGroupPolicy
Command API Reference / Input / Output
DetachRolePolicy
Command API Reference / Input / Output
DetachUserPolicy
Command API Reference / Input / Output
DisableOrganizationsRootCredentialsManagement
Command API Reference / Input / Output
DisableOrganizationsRootSessions
Command API Reference / Input / Output
DisableOutboundWebIdentityFederation
Command API Reference / Input / Output
EnableMFADevice
Command API Reference / Input / Output
EnableOrganizationsRootCredentialsManagement
Command API Reference / Input / Output
EnableOrganizationsRootSessions
Command API Reference / Input / Output
EnableOutboundWebIdentityFederation
Command API Reference / Input / Output
GenerateCredentialReport
Command API Reference / Input / Output
GenerateOrganizationsAccessReport
Command API Reference / Input / Output
GenerateServiceLastAccessedDetails
Command API Reference / Input / Output
GetAccessKeyLastUsed
Command API Reference / Input / Output
GetAccountAuthorizationDetails
Command API Reference / Input / Output
GetAccountPasswordPolicy
Command API Reference / Input / Output
GetAccountSummary
Command API Reference / Input / Output
GetContextKeysForCustomPolicy
Command API Reference / Input / Output
GetContextKeysForPrincipalPolicy
Command API Reference / Input / Output
GetCredentialReport
Command API Reference / Input / Output
GetDelegationRequest
Command API Reference / Input / Output
GetGroup
Command API Reference / Input / Output
GetGroupPolicy
Command API Reference / Input / Output
GetHumanReadableSummary
Command API Reference / Input / Output
GetInstanceProfile
Command API Reference / Input / Output
GetLoginProfile
Command API Reference / Input / Output
GetMFADevice
Command API Reference / Input / Output
GetOpenIDConnectProvider
Command API Reference / Input / Output
GetOrganizationsAccessReport
Command API Reference / Input / Output
GetOutboundWebIdentityFederationInfo
Command API Reference / Input / Output
GetPolicy
Command API Reference / Input / Output
GetPolicyVersion
Command API Reference / Input / Output
GetRole
Command API Reference / Input / Output
GetRolePolicy
Command API Reference / Input / Output
GetSAMLProvider
Command API Reference / Input / Output
GetServerCertificate
Command API Reference / Input / Output
GetServiceLastAccessedDetails
Command API Reference / Input / Output
GetServiceLastAccessedDetailsWithEntities
Command API Reference / Input / Output
GetServiceLinkedRoleDeletionStatus
Command API Reference / Input / Output
GetSSHPublicKey
Command API Reference / Input / Output
GetUser
Command API Reference / Input / Output
GetUserPolicy
Command API Reference / Input / Output
ListAccessKeys
Command API Reference / Input / Output
ListAccountAliases
Command API Reference / Input / Output
ListAttachedGroupPolicies
Command API Reference / Input / Output
ListAttachedRolePolicies
Command API Reference / Input / Output
ListAttachedUserPolicies
Command API Reference / Input / Output
ListDelegationRequests
Command API Reference / Input / Output
ListEntitiesForPolicy
Command API Reference / Input / Output
ListGroupPolicies
Command API Reference / Input / Output
ListGroups
Command API Reference / Input / Output
ListGroupsForUser
Command API Reference / Input / Output
ListInstanceProfiles
Command API Reference / Input / Output
ListInstanceProfilesForRole
Command API Reference / Input / Output
ListInstanceProfileTags
Command API Reference / Input / Output
ListMFADevices
Command API Reference / Input / Output
ListMFADeviceTags
Command API Reference / Input / Output
ListOpenIDConnectProviders
Command API Reference / Input / Output
ListOpenIDConnectProviderTags
Command API Reference / Input / Output
ListOrganizationsFeatures
Command API Reference / Input / Output
ListPolicies
Command API Reference / Input / Output
ListPoliciesGrantingServiceAccess
Command API Reference / Input / Output
ListPolicyTags
Command API Reference / Input / Output
ListPolicyVersions
Command API Reference / Input / Output
ListRolePolicies
Command API Reference / Input / Output
ListRoles
Command API Reference / Input / Output
ListRoleTags
Command API Reference / Input / Output
ListSAMLProviders
Command API Reference / Input / Output
ListSAMLProviderTags
Command API Reference / Input / Output
ListServerCertificates
Command API Reference / Input / Output
ListServerCertificateTags
Command API Reference / Input / Output
ListServiceSpecificCredentials
Command API Reference / Input / Output
ListSigningCertificates
Command API Reference / Input / Output
ListSSHPublicKeys
Command API Reference / Input / Output
ListUserPolicies
Command API Reference / Input / Output
ListUsers
Command API Reference / Input / Output
ListUserTags
Command API Reference / Input / Output
ListVirtualMFADevices
Command API Reference / Input / Output
PutGroupPolicy
Command API Reference / Input / Output
PutRolePermissionsBoundary
Command API Reference / Input / Output
PutRolePolicy
Command API Reference / Input / Output
PutUserPermissionsBoundary
Command API Reference / Input / Output
PutUserPolicy
Command API Reference / Input / Output
RejectDelegationRequest
Command API Reference / Input / Output
RemoveClientIDFromOpenIDConnectProvider
Command API Reference / Input / Output
RemoveRoleFromInstanceProfile
Command API Reference / Input / Output
RemoveUserFromGroup
Command API Reference / Input / Output
ResetServiceSpecificCredential
Command API Reference / Input / Output
ResyncMFADevice
Command API Reference / Input / Output
SendDelegationToken
Command API Reference / Input / Output
SetDefaultPolicyVersion
Command API Reference / Input / Output
SetSecurityTokenServicePreferences
Command API Reference / Input / Output
SimulateCustomPolicy
Command API Reference / Input / Output
SimulatePrincipalPolicy
Command API Reference / Input / Output
TagInstanceProfile
Command API Reference / Input / Output
TagMFADevice
Command API Reference / Input / Output
TagOpenIDConnectProvider
Command API Reference / Input / Output
TagPolicy
Command API Reference / Input / Output
TagRole
Command API Reference / Input / Output
TagSAMLProvider
Command API Reference / Input / Output
TagServerCertificate
Command API Reference / Input / Output
TagUser
Command API Reference / Input / Output
UntagInstanceProfile
Command API Reference / Input / Output
UntagMFADevice
Command API Reference / Input / Output
UntagOpenIDConnectProvider
Command API Reference / Input / Output
UntagPolicy
Command API Reference / Input / Output
UntagRole
Command API Reference / Input / Output
UntagSAMLProvider
Command API Reference / Input / Output
UntagServerCertificate
Command API Reference / Input / Output
UntagUser
Command API Reference / Input / Output
UpdateAccessKey
Command API Reference / Input / Output
UpdateAccountPasswordPolicy
Command API Reference / Input / Output
UpdateAssumeRolePolicy
Command API Reference / Input / Output
UpdateDelegationRequest
Command API Reference / Input / Output
UpdateGroup
Command API Reference / Input / Output
UpdateLoginProfile
Command API Reference / Input / Output
UpdateOpenIDConnectProviderThumbprint
Command API Reference / Input / Output
UpdateRole
Command API Reference / Input / Output
UpdateRoleDescription
Command API Reference / Input / Output
UpdateSAMLProvider
Command API Reference / Input / Output
UpdateServerCertificate
Command API Reference / Input / Output
UpdateServiceSpecificCredential
Command API Reference / Input / Output
UpdateSigningCertificate
Command API Reference / Input / Output
UpdateSSHPublicKey
Command API Reference / Input / Output
UpdateUser
Command API Reference / Input / Output
UploadServerCertificate
Command API Reference / Input / Output
UploadSigningCertificate
Command API Reference / Input / Output
UploadSSHPublicKey
Command API Reference / Input / Output