coto.clients.iam.
Client
(session)[source]¶A low-level client representing IAM:
import coto
session = coto.Session()
client = session.client('iam')
These are the available methods:
list_root_mfa_devices()
create_virtual_mfa_device()
enable_root_mfa_device()
deactivate_root_mfa_device()
delete_virtual_mfa_device()
create_root_access_key
()[source]¶Creates a new AWS secret access key and corresponding AWS access key ID for the account root user. The default status for new keys is Active.
response = client.create_root_access_key()
Returns: | Response Syntax{
"id": str,
"status": "Active",
"secret": str,
"createDate": int,
"deleteDate": int
}
|
---|---|
Return type: | dict |
create_virtual_mfa_device
(VirtualMFADeviceName='root-account-mfa-device', Path='/')[source]¶Creates a new virtual MFA device for the AWS account. After creating the
virtual MFA, use enable_mfa_device()
to attach the MFA device to the
account root user.
response = client.create_virtual_mfa_device(
VirtualMFADeviceName=str,
Path=str
)
Parameters: |
|
---|---|
Returns: | Response Syntax {
"serialNumber": str,
"qrCodePNG": str,
"base32StringSeed": str
}
serialNumber (str) – The serial number associated with VirtualMFADevice. qrCodePNG (str) – A QR code PNG image that encodes
base32StringSeed (str) – The Base32 seed defined as specified in RFC3548 . The Base32StringSeed is Base64-encoded. |
Return type: | dict |
deactivate_root_mfa_device
(SerialNumber)[source]¶Deactivates the specified MFA device and removes it from association with the account root user.
response = client.deactivate_root_mfa_device(
SerialNumber=str
)
Parameters: | SerialNumber (str) – The serial number that uniquely identifies the MFA device. For virtual MFA devices, the serial number is the device ARN. |
---|
delete_root_access_key
(AccessKeyId)[source]¶Deletes the access key pair associated with the account root user.
response = client.delete_root_access_key(
AccessKeyId=str,
)
Parameters: | AccessKeyId (str) – The access key ID for the access key ID and secret access key you want to delete. |
---|---|
Returns: | success |
Return type: | bool |
enable_root_mfa_device
(SerialNumber, Base32StringSeed=None, AuthenticationCode1=None, AuthenticationCode2=None)[source]¶Enables the specified MFA device and associates it with the account root user. When enabled, the MFA device is required for every subsequent login by the account root user.
Specify either the Base32StringSeed
, or both AuthenticationCode1
and AuthenticationCode2
.
response = client.enable_root_mfa_device(
SerialNumber=str,
Base32StringSeed=str,
)
or
response = client.enable_root_mfa_device(
SerialNumber=str,
AuthenticationCode1=str,
AuthenticationCode2=str,
)
Parameters: |
|
---|
get_account_info
()[source]¶Retrieves a summary of account information.
response = client.get_account_info()
Returns: | Response Syntax{
'aliases': [],
'checklistSummary': {
'checklistItems': [
{
'complete': bool,
'fetchSucceeded': bool,
'identifier': str,
},
],
'error': bool,
'errorCount': int,
'totalCompletedCount': int,
'totalCount': int
},
'errorMap': {},
'errors': [],
'invalidPolicyExist': bool,
'summaryMap': {
'AccessKeysPerUserQuota': int,
'AccountAccessKeysPresent': int,
'AccountMFAEnabled': int,
'AccountSigningCertificatesPresent': int,
'AssumeRolePolicySizeQuota': int,
'AttachedPoliciesPerGroupQuota': int,
'AttachedPoliciesPerRoleQuota': int,
'AttachedPoliciesPerUserQuota': int,
'GroupPolicySizeQuota': int,
'Groups': int,
'GroupsPerUserQuota': int,
'GroupsQuota': int,
'InstanceProfiles': int,
'InstanceProfilesQuota': int,
'MFADevices': int,
'MFADevicesInUse': int,
'Policies': int,
'PoliciesQuota': int,
'PolicySizeQuota': int,
'PolicyVersionsInUse': int,
'PolicyVersionsInUseQuota': int,
'Providers': int,
'RolePolicySizeQuota': int,
'Roles': int,
'RolesQuota': int,
'ServerCertificates': int,
'ServerCertificatesQuota': int,
'SigningCertificatesPerUserQuota': int,
'UserPolicySizeQuota': int,
'Users': int,
'UsersQuota': int,
'VersionsPerPolicyQuota': int,
}
}
|
---|---|
Return type: | dict |
list_root_access_keys
(Deleted=False)[source]¶List the access key pairs associated with the account root user.
response = client.list_root_access_keys(
Deleted=bool,
)
Parameters: | Deleted (bool) – List the deleted access key pairs |
---|---|
Returns: | Response Syntax[
{
'createDate': int,
'deleteDate': int,
'id': int,
'lastUsedDetails': {
'lastDateUsed': int,
'region': str,
'serviceName': str,
},
'status': 'Active' | 'Inactive' | 'Deleted',
},
]
|
Return type: | dict |
list_root_mfa_devices
()[source]¶Lists enabled root MFA devices.
response = client.list_root_mfa_devices()
Returns: | Response Syntax{
'serialNumber': [
str,
],
'nextItem': str,
'truncated': bool
}
|
---|---|
Return type: | dict |
update_root_access_key
(AccessKeyId, Status='Inactive')[source]¶Changes the status of the specified access key from Active to Inactive, or vice versa. This action can be used to disable a account root user’s key as part of a key rotation work flow.
response = client.activate_root_access_key(
AccessKeyId=str,
Status='Active' | 'Inactive',
)
Parameters: |
|
---|---|
Returns: | success |
Return type: | bool |