Weitere AWS SDK-Beispiele sind im GitHub Repo [AWS Doc SDK Examples](https://github.com/awsdocs/aws-doc-sdk-examples) verfügbar.
Die vorliegende Übersetzung wurde maschinell erstellt. Im Falle eines Konflikts oder eines Widerspruchs zwischen dieser übersetzten Fassung und der englischen Fassung (einschließlich infolge von Verzögerungen bei der Übersetzung) ist die englische Fassung maßgeblich.
# IAM-Beispiele unter Verwendung von SDK für Ruby
Die folgenden Codebeispiele zeigen Ihnen, wie Sie mithilfe von AWS SDK für Ruby mit IAM Aktionen ausführen und allgemeine Szenarien implementieren.
Bei *Grundlagen* handelt es sich um Codebeispiele, die Ihnen zeigen, wie Sie die wesentlichen Vorgänge innerhalb eines Services ausführen.
*Aktionen* sind Codeauszüge aus größeren Programmen und müssen im Kontext ausgeführt werden. Während Aktionen Ihnen zeigen, wie Sie einzelne Service-Funktionen aufrufen, können Sie Aktionen im Kontext der zugehörigen Szenarien anzeigen.
Jedes Beispiel enthält einen Link zum vollständigen Quellcode, wo Sie Anweisungen zum Einrichten und Ausführen des Codes im Kodex finden.
**Topics**
+ [Erste Schritte](#get_started)
+ [Grundlagen](#basics)
+ [Aktionen](#actions)
## Erste Schritte
### Hello IAM
Das folgende Codebeispiel zeigt, wie Sie mit IAM beginnen.
**SDK für Ruby**
Es gibt noch mehr dazu. GitHub Hier finden Sie das vollständige Beispiel und erfahren, wie Sie das [AWS -Code-Beispiel-](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/ruby/example_code/iam#code-examples) einrichten und ausführen.
```
require 'aws-sdk-iam'
require 'logger'
# IAMManager is a class responsible for managing IAM operations
# such as listing all IAM policies in the current AWS account.
class IAMManager
def initialize(client)
@client = client
@logger = Logger.new($stdout)
end
# Lists and prints all IAM policies in the current AWS account.
def list_policies
@logger.info('Here are the IAM policies in your account:')
paginator = @client.list_policies
policies = []
paginator.each_page do |page|
policies.concat(page.policies)
end
if policies.empty?
@logger.info("You don't have any IAM policies.")
else
policies.each do |policy|
@logger.info("- #{policy.policy_name}")
end
end
end
end
if $PROGRAM_NAME == __FILE__
iam_client = Aws::IAM::Client.new
manager = IAMManager.new(iam_client)
manager.list_policies
end
```
+ Einzelheiten zur API finden Sie [ListPolicies](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/ListPolicies)in der *AWS SDK für Ruby API-Referenz*.
## Grundlagen
### Kennenlernen der Grundlagen
Das folgende Codebeispiel veranschaulicht, wie Sie einen Benutzer erstellen und eine Rolle annehmen lassen.
**Warnung**
Um Sicherheitsrisiken zu vermeiden, sollten Sie IAM-Benutzer nicht zur Authentifizierung verwenden, wenn Sie speziell entwickelte Software entwickeln oder mit echten Daten arbeiten. Verwenden Sie stattdessen den Verbund mit einem Identitätsanbieter wie [AWS IAM Identity Center](https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html).
+ Erstellen Sie einen Benutzer ohne Berechtigungen.
+ Erstellen einer Rolle, die die Berechtigung zum Auflisten von Amazon-S3-Buckets für das Konto erteilt.
+ Hinzufügen einer Richtlinie, damit der Benutzer die Rolle übernehmen kann.
+ Übernehmen Sie die Rolle und listen Sie S3-Buckets mit temporären Anmeldeinformationen auf, und bereinigen Sie dann die Ressourcen.
**SDK für Ruby**
Es gibt noch mehr dazu GitHub. Hier finden Sie das vollständige Beispiel und erfahren, wie Sie das [AWS -Code-Beispiel-](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/ruby/example_code/iam#code-examples) einrichten und ausführen.
Erstellen Sie einen IAM-Benutzer und eine Rolle, die die Berechtigung zum Auflisten von Amazon-S3-Buckets erteilt. Der Benutzer hat nur Rechte, um die Rolle anzunehmen. Nachdem Sie die Rolle übernommen haben, verwenden Sie temporäre Anmeldeinformationen, um Buckets für das Konto aufzulisten.
```
# Wraps the scenario actions.
class ScenarioCreateUserAssumeRole
attr_reader :iam_client
# @param [Aws::IAM::Client] iam_client: The AWS IAM client.
def initialize(iam_client, logger: Logger.new($stdout))
@iam_client = iam_client
@logger = logger
end
# Waits for the specified number of seconds.
#
# @param duration [Integer] The number of seconds to wait.
def wait(duration)
puts('Give AWS time to propagate resources...')
sleep(duration)
end
# Creates a user.
#
# @param user_name [String] The name to give the user.
# @return [Aws::IAM::User] The newly created user.
def create_user(user_name)
user = @iam_client.create_user(user_name: user_name).user
@logger.info("Created demo user named #{user.user_name}.")
rescue Aws::Errors::ServiceError => e
@logger.info('Tried and failed to create demo user.')
@logger.info("\t#{e.code}: #{e.message}")
@logger.info("\nCan't continue the demo without a user!")
raise
else
user
end
# Creates an access key for a user.
#
# @param user [Aws::IAM::User] The user that owns the key.
# @return [Aws::IAM::AccessKeyPair] The newly created access key.
def create_access_key_pair(user)
user_key = @iam_client.create_access_key(user_name: user.user_name).access_key
@logger.info("Created accesskey pair for user #{user.user_name}.")
rescue Aws::Errors::ServiceError => e
@logger.info("Couldn't create access keys for user #{user.user_name}.")
@logger.info("\t#{e.code}: #{e.message}")
raise
else
user_key
end
# Creates a role that can be assumed by a user.
#
# @param role_name [String] The name to give the role.
# @param user [Aws::IAM::User] The user who is granted permission to assume the role.
# @return [Aws::IAM::Role] The newly created role.
def create_role(role_name, user)
trust_policy = {
Version: '2012-10-17',
Statement: [{
Effect: 'Allow',
Principal: { 'AWS': user.arn },
Action: 'sts:AssumeRole'
}]
}.to_json
role = @iam_client.create_role(
role_name: role_name,
assume_role_policy_document: trust_policy
).role
@logger.info("Created role #{role.role_name}.")
rescue Aws::Errors::ServiceError => e
@logger.info("Couldn't create a role for the demo. Here's why: ")
@logger.info("\t#{e.code}: #{e.message}")
raise
else
role
end
# Creates a policy that grants permission to list S3 buckets in the account, and
# then attaches the policy to a role.
#
# @param policy_name [String] The name to give the policy.
# @param role [Aws::IAM::Role] The role that the policy is attached to.
# @return [Aws::IAM::Policy] The newly created policy.
def create_and_attach_role_policy(policy_name, role)
policy_document = {
Version: '2012-10-17',
Statement: [{
Effect: 'Allow',
Action: 's3:ListAllMyBuckets',
Resource: 'arn:aws:s3:::*'
}]
}.to_json
policy = @iam_client.create_policy(
policy_name: policy_name,
policy_document: policy_document
).policy
@iam_client.attach_role_policy(
role_name: role.role_name,
policy_arn: policy.arn
)
@logger.info("Created policy #{policy.policy_name} and attached it to role #{role.role_name}.")
rescue Aws::Errors::ServiceError => e
@logger.info("Couldn't create a policy and attach it to role #{role.role_name}. Here's why: ")
@logger.info("\t#{e.code}: #{e.message}")
raise
end
# Creates an inline policy for a user that lets the user assume a role.
#
# @param policy_name [String] The name to give the policy.
# @param user [Aws::IAM::User] The user that owns the policy.
# @param role [Aws::IAM::Role] The role that can be assumed.
# @return [Aws::IAM::UserPolicy] The newly created policy.
def create_user_policy(policy_name, user, role)
policy_document = {
Version: '2012-10-17',
Statement: [{
Effect: 'Allow',
Action: 'sts:AssumeRole',
Resource: role.arn
}]
}.to_json
@iam_client.put_user_policy(
user_name: user.user_name,
policy_name: policy_name,
policy_document: policy_document
)
puts("Created an inline policy for #{user.user_name} that lets the user assume role #{role.role_name}.")
rescue Aws::Errors::ServiceError => e
@logger.info("Couldn't create an inline policy for user #{user.user_name}. Here's why: ")
@logger.info("\t#{e.code}: #{e.message}")
raise
end
# Creates an Amazon S3 resource with specified credentials. This is separated into a
# factory function so that it can be mocked for unit testing.
#
# @param credentials [Aws::Credentials] The credentials used by the Amazon S3 resource.
def create_s3_resource(credentials)
Aws::S3::Resource.new(client: Aws::S3::Client.new(credentials: credentials))
end
# Lists the S3 buckets for the account, using the specified Amazon S3 resource.
# Because the resource uses credentials with limited access, it may not be able to
# list the S3 buckets.
#
# @param s3_resource [Aws::S3::Resource] An Amazon S3 resource.
def list_buckets(s3_resource)
count = 10
s3_resource.buckets.each do |bucket|
@logger.info "\t#{bucket.name}"
count -= 1
break if count.zero?
end
rescue Aws::Errors::ServiceError => e
if e.code == 'AccessDenied'
puts('Attempt to list buckets with no permissions: AccessDenied.')
else
@logger.info("Couldn't list buckets for the account. Here's why: ")
@logger.info("\t#{e.code}: #{e.message}")
raise
end
end
# Creates an AWS Security Token Service (AWS STS) client with specified credentials.
# This is separated into a factory function so that it can be mocked for unit testing.
#
# @param key_id [String] The ID of the access key used by the STS client.
# @param key_secret [String] The secret part of the access key used by the STS client.
def create_sts_client(key_id, key_secret)
Aws::STS::Client.new(access_key_id: key_id, secret_access_key: key_secret)
end
# Gets temporary credentials that can be used to assume a role.
#
# @param role_arn [String] The ARN of the role that is assumed when these credentials
# are used.
# @param sts_client [AWS::STS::Client] An AWS STS client.
# @return [Aws::AssumeRoleCredentials] The credentials that can be used to assume the role.
def assume_role(role_arn, sts_client)
credentials = Aws::AssumeRoleCredentials.new(
client: sts_client,
role_arn: role_arn,
role_session_name: 'create-use-assume-role-scenario'
)
@logger.info("Assumed role '#{role_arn}', got temporary credentials.")
credentials
end
# Deletes a role. If the role has policies attached, they are detached and
# deleted before the role is deleted.
#
# @param role_name [String] The name of the role to delete.
def delete_role(role_name)
@iam_client.list_attached_role_policies(role_name: role_name).attached_policies.each do |policy|
@iam_client.detach_role_policy(role_name: role_name, policy_arn: policy.policy_arn)
@iam_client.delete_policy(policy_arn: policy.policy_arn)
@logger.info("Detached and deleted policy #{policy.policy_name}.")
end
@iam_client.delete_role({ role_name: role_name })
@logger.info("Role deleted: #{role_name}.")
rescue Aws::Errors::ServiceError => e
@logger.info("Couldn't detach policies and delete role #{role.name}. Here's why:")
@logger.info("\t#{e.code}: #{e.message}")
raise
end
# Deletes a user. If the user has inline policies or access keys, they are deleted
# before the user is deleted.
#
# @param user [Aws::IAM::User] The user to delete.
def delete_user(user_name)
user = @iam_client.list_access_keys(user_name: user_name).access_key_metadata
user.each do |key|
@iam_client.delete_access_key({ access_key_id: key.access_key_id, user_name: user_name })
@logger.info("Deleted access key #{key.access_key_id} for user '#{user_name}'.")
end
@iam_client.delete_user(user_name: user_name)
@logger.info("Deleted user '#{user_name}'.")
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error deleting user '#{user_name}': #{e.message}")
end
end
# Runs the IAM create a user and assume a role scenario.
def run_scenario(scenario)
puts('-' * 88)
puts('Welcome to the IAM create a user and assume a role demo!')
puts('-' * 88)
user = scenario.create_user("doc-example-user-#{Random.uuid}")
user_key = scenario.create_access_key_pair(user)
scenario.wait(10)
role = scenario.create_role("doc-example-role-#{Random.uuid}", user)
scenario.create_and_attach_role_policy("doc-example-role-policy-#{Random.uuid}", role)
scenario.create_user_policy("doc-example-user-policy-#{Random.uuid}", user, role)
scenario.wait(10)
puts('Try to list buckets with credentials for a user who has no permissions.')
puts('Expect AccessDenied from this call.')
scenario.list_buckets(
scenario.create_s3_resource(Aws::Credentials.new(user_key.access_key_id, user_key.secret_access_key))
)
puts('Now, assume the role that grants permission.')
temp_credentials = scenario.assume_role(
role.arn, scenario.create_sts_client(user_key.access_key_id, user_key.secret_access_key)
)
puts('Here are your buckets:')
scenario.list_buckets(scenario.create_s3_resource(temp_credentials))
puts("Deleting role '#{role.role_name}' and attached policies.")
scenario.delete_role(role.role_name)
puts("Deleting user '#{user.user_name}', policies, and keys.")
scenario.delete_user(user.user_name)
puts('Thanks for watching!')
puts('-' * 88)
rescue Aws::Errors::ServiceError => e
puts('Something went wrong with the demo.')
puts("\t#{e.code}: #{e.message}")
end
run_scenario(ScenarioCreateUserAssumeRole.new(Aws::IAM::Client.new)) if $PROGRAM_NAME == __FILE__
```
+ Weitere API-Informationen finden Sie in den folgenden Themen der *AWS SDK für Ruby -API-Referenz*.
+ [AttachRolePolicy](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/AttachRolePolicy)
+ [CreateAccessKey](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/CreateAccessKey)
+ [CreatePolicy](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/CreatePolicy)
+ [CreateRole](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/CreateRole)
+ [CreateUser](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/CreateUser)
+ [DeleteAccessKey](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/DeleteAccessKey)
+ [DeletePolicy](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/DeletePolicy)
+ [DeleteRole](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/DeleteRole)
+ [DeleteUser](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/DeleteUser)
+ [DeleteUserPolicy](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/DeleteUserPolicy)
+ [DetachRolePolicy](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/DetachRolePolicy)
+ [PutUserPolicy](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/PutUserPolicy)
## Aktionen
### `AttachRolePolicy`
Das folgende Codebeispiel zeigt, wie man es benutzt`AttachRolePolicy`.
**SDK für Ruby**
Es gibt noch mehr dazu GitHub. Hier finden Sie das vollständige Beispiel und erfahren, wie Sie das [AWS -Code-Beispiel-](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/ruby/example_code/iam#code-examples) einrichten und ausführen.
In diesem Beispielmodul werden Rollenrichtlinien aufgelistet, erstellt, angefügt und getrennt.
```
# Manages policies in AWS Identity and Access Management (IAM)
class RolePolicyManager
# Initialize with an AWS IAM client
#
# @param iam_client [Aws::IAM::Client] An initialized IAM client
def initialize(iam_client, logger: Logger.new($stdout))
@iam_client = iam_client
@logger = logger
@logger.progname = 'PolicyManager'
end
# Creates a policy
#
# @param policy_name [String] The name of the policy
# @param policy_document [Hash] The policy document
# @return [String] The policy ARN if successful, otherwise nil
def create_policy(policy_name, policy_document)
response = @iam_client.create_policy(
policy_name: policy_name,
policy_document: policy_document.to_json
)
response.policy.arn
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error creating policy: #{e.message}")
nil
end
# Fetches an IAM policy by its ARN
# @param policy_arn [String] the ARN of the IAM policy to retrieve
# @return [Aws::IAM::Types::GetPolicyResponse] the policy object if found
def get_policy(policy_arn)
response = @iam_client.get_policy(policy_arn: policy_arn)
policy = response.policy
@logger.info("Got policy '#{policy.policy_name}'. Its ID is: #{policy.policy_id}.")
policy
rescue Aws::IAM::Errors::NoSuchEntity
@logger.error("Couldn't get policy '#{policy_arn}'. The policy does not exist.")
raise
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Couldn't get policy '#{policy_arn}'. Here's why: #{e.code}: #{e.message}")
raise
end
# Attaches a policy to a role
#
# @param role_name [String] The name of the role
# @param policy_arn [String] The policy ARN
# @return [Boolean] true if successful, false otherwise
def attach_policy_to_role(role_name, policy_arn)
@iam_client.attach_role_policy(
role_name: role_name,
policy_arn: policy_arn
)
true
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error attaching policy to role: #{e.message}")
false
end
# Lists policy ARNs attached to a role
#
# @param role_name [String] The name of the role
# @return [Array] List of policy ARNs
def list_attached_policy_arns(role_name)
response = @iam_client.list_attached_role_policies(role_name: role_name)
response.attached_policies.map(&:policy_arn)
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error listing policies attached to role: #{e.message}")
[]
end
# Detaches a policy from a role
#
# @param role_name [String] The name of the role
# @param policy_arn [String] The policy ARN
# @return [Boolean] true if successful, false otherwise
def detach_policy_from_role(role_name, policy_arn)
@iam_client.detach_role_policy(
role_name: role_name,
policy_arn: policy_arn
)
true
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error detaching policy from role: #{e.message}")
false
end
end
```
+ Einzelheiten zur API finden Sie [AttachRolePolicy](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/AttachRolePolicy)in der *AWS SDK für Ruby API-Referenz*.
### `AttachUserPolicy`
Das folgende Codebeispiel zeigt die Verwendung`AttachUserPolicy`.
**SDK für Ruby**
Es gibt noch mehr dazu GitHub. Hier finden Sie das vollständige Beispiel und erfahren, wie Sie das [AWS -Code-Beispiel-](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/ruby/example_code/iam#code-examples) einrichten und ausführen.
```
# Attaches a policy to a user
#
# @param user_name [String] The name of the user
# @param policy_arn [String] The Amazon Resource Name (ARN) of the policy
# @return [Boolean] true if successful, false otherwise
def attach_policy_to_user(user_name, policy_arn)
@iam_client.attach_user_policy(
user_name: user_name,
policy_arn: policy_arn
)
true
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error attaching policy to user: #{e.message}")
false
end
```
+ Einzelheiten zur API finden Sie [AttachUserPolicy](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/AttachUserPolicy)in der *AWS SDK für Ruby API-Referenz*.
### `CreateAccessKey`
Das folgende Codebeispiel zeigt die Verwendung`CreateAccessKey`.
**SDK für Ruby**
Es gibt noch mehr dazu GitHub. Hier finden Sie das vollständige Beispiel und erfahren, wie Sie das [AWS -Code-Beispiel-](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/ruby/example_code/iam#code-examples) einrichten und ausführen.
In diesem Beispielmodul werden Zugriffsschlüssel aufgeführt, erstellt, deaktiviert und gelöscht.
```
# Manages access keys for IAM users
class AccessKeyManager
def initialize(iam_client, logger: Logger.new($stdout))
@iam_client = iam_client
@logger = logger
@logger.progname = 'AccessKeyManager'
end
# Lists access keys for a user
#
# @param user_name [String] The name of the user.
def list_access_keys(user_name)
response = @iam_client.list_access_keys(user_name: user_name)
if response.access_key_metadata.empty?
@logger.info("No access keys found for user '#{user_name}'.")
else
response.access_key_metadata.map(&:access_key_id)
end
rescue Aws::IAM::Errors::NoSuchEntity
@logger.error("Error listing access keys: cannot find user '#{user_name}'.")
[]
rescue StandardError => e
@logger.error("Error listing access keys: #{e.message}")
[]
end
# Creates an access key for a user
#
# @param user_name [String] The name of the user.
# @return [Boolean]
def create_access_key(user_name)
response = @iam_client.create_access_key(user_name: user_name)
access_key = response.access_key
@logger.info("Access key created for user '#{user_name}': #{access_key.access_key_id}")
access_key
rescue Aws::IAM::Errors::LimitExceeded
@logger.error('Error creating access key: limit exceeded. Cannot create more.')
nil
rescue StandardError => e
@logger.error("Error creating access key: #{e.message}")
nil
end
# Deactivates an access key
#
# @param user_name [String] The name of the user.
# @param access_key_id [String] The ID for the access key.
# @return [Boolean]
def deactivate_access_key(user_name, access_key_id)
@iam_client.update_access_key(
user_name: user_name,
access_key_id: access_key_id,
status: 'Inactive'
)
true
rescue StandardError => e
@logger.error("Error deactivating access key: #{e.message}")
false
end
# Deletes an access key
#
# @param user_name [String] The name of the user.
# @param access_key_id [String] The ID for the access key.
# @return [Boolean]
def delete_access_key(user_name, access_key_id)
@iam_client.delete_access_key(
user_name: user_name,
access_key_id: access_key_id
)
true
rescue StandardError => e
@logger.error("Error deleting access key: #{e.message}")
false
end
end
```
+ Einzelheiten zur API finden Sie [CreateAccessKey](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/CreateAccessKey)in der *AWS SDK für Ruby API-Referenz*.
### `CreateAccountAlias`
Das folgende Codebeispiel zeigt die Verwendung`CreateAccountAlias`.
**SDK für Ruby**
Es gibt noch mehr dazu GitHub. Hier finden Sie das vollständige Beispiel und erfahren, wie Sie das [AWS -Code-Beispiel-](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/ruby/example_code/iam#code-examples) einrichten und ausführen.
Konto-Aliase auflisten, erstellen und löschen.
```
class IAMAliasManager
# Initializes the IAM client and logger
#
# @param iam_client [Aws::IAM::Client] An initialized IAM client.
def initialize(iam_client, logger: Logger.new($stdout))
@iam_client = iam_client
@logger = logger
end
# Lists available AWS account aliases.
def list_aliases
response = @iam_client.list_account_aliases
if response.account_aliases.count.positive?
@logger.info('Account aliases are:')
response.account_aliases.each { |account_alias| @logger.info(" #{account_alias}") }
else
@logger.info('No account aliases found.')
end
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error listing account aliases: #{e.message}")
end
# Creates an AWS account alias.
#
# @param account_alias [String] The name of the account alias to create.
# @return [Boolean] true if the account alias was created; otherwise, false.
def create_account_alias(account_alias)
@iam_client.create_account_alias(account_alias: account_alias)
true
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error creating account alias: #{e.message}")
false
end
# Deletes an AWS account alias.
#
# @param account_alias [String] The name of the account alias to delete.
# @return [Boolean] true if the account alias was deleted; otherwise, false.
def delete_account_alias(account_alias)
@iam_client.delete_account_alias(account_alias: account_alias)
true
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error deleting account alias: #{e.message}")
false
end
end
```
+ Einzelheiten zur API finden Sie [CreateAccountAlias](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/CreateAccountAlias)in der *AWS SDK für Ruby API-Referenz*.
### `CreatePolicy`
Das folgende Codebeispiel zeigt die Verwendung`CreatePolicy`.
**SDK für Ruby**
Es gibt noch mehr dazu GitHub. Hier finden Sie das vollständige Beispiel und erfahren, wie Sie das [AWS -Code-Beispiel-](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/ruby/example_code/iam#code-examples) einrichten und ausführen.
In diesem Beispielmodul werden Rollenrichtlinien aufgelistet, erstellt, angefügt und getrennt.
```
# Manages policies in AWS Identity and Access Management (IAM)
class RolePolicyManager
# Initialize with an AWS IAM client
#
# @param iam_client [Aws::IAM::Client] An initialized IAM client
def initialize(iam_client, logger: Logger.new($stdout))
@iam_client = iam_client
@logger = logger
@logger.progname = 'PolicyManager'
end
# Creates a policy
#
# @param policy_name [String] The name of the policy
# @param policy_document [Hash] The policy document
# @return [String] The policy ARN if successful, otherwise nil
def create_policy(policy_name, policy_document)
response = @iam_client.create_policy(
policy_name: policy_name,
policy_document: policy_document.to_json
)
response.policy.arn
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error creating policy: #{e.message}")
nil
end
# Fetches an IAM policy by its ARN
# @param policy_arn [String] the ARN of the IAM policy to retrieve
# @return [Aws::IAM::Types::GetPolicyResponse] the policy object if found
def get_policy(policy_arn)
response = @iam_client.get_policy(policy_arn: policy_arn)
policy = response.policy
@logger.info("Got policy '#{policy.policy_name}'. Its ID is: #{policy.policy_id}.")
policy
rescue Aws::IAM::Errors::NoSuchEntity
@logger.error("Couldn't get policy '#{policy_arn}'. The policy does not exist.")
raise
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Couldn't get policy '#{policy_arn}'. Here's why: #{e.code}: #{e.message}")
raise
end
# Attaches a policy to a role
#
# @param role_name [String] The name of the role
# @param policy_arn [String] The policy ARN
# @return [Boolean] true if successful, false otherwise
def attach_policy_to_role(role_name, policy_arn)
@iam_client.attach_role_policy(
role_name: role_name,
policy_arn: policy_arn
)
true
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error attaching policy to role: #{e.message}")
false
end
# Lists policy ARNs attached to a role
#
# @param role_name [String] The name of the role
# @return [Array] List of policy ARNs
def list_attached_policy_arns(role_name)
response = @iam_client.list_attached_role_policies(role_name: role_name)
response.attached_policies.map(&:policy_arn)
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error listing policies attached to role: #{e.message}")
[]
end
# Detaches a policy from a role
#
# @param role_name [String] The name of the role
# @param policy_arn [String] The policy ARN
# @return [Boolean] true if successful, false otherwise
def detach_policy_from_role(role_name, policy_arn)
@iam_client.detach_role_policy(
role_name: role_name,
policy_arn: policy_arn
)
true
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error detaching policy from role: #{e.message}")
false
end
end
```
+ Einzelheiten zur API finden Sie [CreatePolicy](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/CreatePolicy)in der *AWS SDK für Ruby API-Referenz*.
### `CreateRole`
Das folgende Codebeispiel zeigt die Verwendung`CreateRole`.
**SDK für Ruby**
Es gibt noch mehr dazu GitHub. Hier finden Sie das vollständige Beispiel und erfahren, wie Sie das [AWS -Code-Beispiel-](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/ruby/example_code/iam#code-examples) einrichten und ausführen.
```
# Creates a role and attaches policies to it.
#
# @param role_name [String] The name of the role.
# @param assume_role_policy_document [Hash] The trust relationship policy document.
# @param policy_arns [Array] The ARNs of the policies to attach.
# @return [String, nil] The ARN of the new role if successful, or nil if an error occurred.
def create_role(role_name, assume_role_policy_document, policy_arns)
response = @iam_client.create_role(
role_name: role_name,
assume_role_policy_document: assume_role_policy_document.to_json
)
role_arn = response.role.arn
policy_arns.each do |policy_arn|
@iam_client.attach_role_policy(
role_name: role_name,
policy_arn: policy_arn
)
end
role_arn
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error creating role: #{e.message}")
nil
end
```
+ Einzelheiten zur API finden Sie [CreateRole](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/CreateRole)in der *AWS SDK für Ruby API-Referenz*.
### `CreateServiceLinkedRole`
Das folgende Codebeispiel zeigt die Verwendung`CreateServiceLinkedRole`.
**SDK für Ruby**
Es gibt noch mehr dazu GitHub. Hier finden Sie das vollständige Beispiel und erfahren, wie Sie das [AWS -Code-Beispiel-](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/ruby/example_code/iam#code-examples) einrichten und ausführen.
```
# Creates a service-linked role
#
# @param service_name [String] The service name to create the role for.
# @param description [String] The description of the service-linked role.
# @param suffix [String] Suffix for customizing role name.
# @return [String] The name of the created role
def create_service_linked_role(service_name, description, suffix)
response = @iam_client.create_service_linked_role(
aws_service_name: service_name, description: description, custom_suffix: suffix
)
role_name = response.role.role_name
@logger.info("Created service-linked role #{role_name}.")
role_name
rescue Aws::Errors::ServiceError => e
@logger.error("Couldn't create service-linked role for #{service_name}. Here's why:")
@logger.error("\t#{e.code}: #{e.message}")
raise
end
```
+ Einzelheiten zur API finden Sie [CreateServiceLinkedRole](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/CreateServiceLinkedRole)in der *AWS SDK für Ruby API-Referenz*.
### `CreateUser`
Das folgende Codebeispiel zeigt die Verwendung`CreateUser`.
**SDK für Ruby**
Es gibt noch mehr dazu GitHub. Hier finden Sie das vollständige Beispiel und erfahren, wie Sie das [AWS -Code-Beispiel-](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/ruby/example_code/iam#code-examples) einrichten und ausführen.
```
# Creates a user and their login profile
#
# @param user_name [String] The name of the user
# @param initial_password [String] The initial password for the user
# @return [String, nil] The ID of the user if created, or nil if an error occurred
def create_user(user_name, initial_password)
response = @iam_client.create_user(user_name: user_name)
@iam_client.wait_until(:user_exists, user_name: user_name)
@iam_client.create_login_profile(
user_name: user_name,
password: initial_password,
password_reset_required: true
)
@logger.info("User '#{user_name}' created successfully.")
response.user.user_id
rescue Aws::IAM::Errors::EntityAlreadyExists
@logger.error("Error creating user '#{user_name}': user already exists.")
nil
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error creating user '#{user_name}': #{e.message}")
nil
end
```
+ Einzelheiten zur API finden Sie [CreateUser](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/CreateUser)in der *AWS SDK für Ruby API-Referenz*.
### `DeleteAccessKey`
Das folgende Codebeispiel zeigt die Verwendung`DeleteAccessKey`.
**SDK für Ruby**
Es gibt noch mehr dazu GitHub. Hier finden Sie das vollständige Beispiel und erfahren, wie Sie das [AWS -Code-Beispiel-](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/ruby/example_code/iam#code-examples) einrichten und ausführen.
In diesem Beispielmodul werden Zugriffsschlüssel aufgeführt, erstellt, deaktiviert und gelöscht.
```
# Manages access keys for IAM users
class AccessKeyManager
def initialize(iam_client, logger: Logger.new($stdout))
@iam_client = iam_client
@logger = logger
@logger.progname = 'AccessKeyManager'
end
# Lists access keys for a user
#
# @param user_name [String] The name of the user.
def list_access_keys(user_name)
response = @iam_client.list_access_keys(user_name: user_name)
if response.access_key_metadata.empty?
@logger.info("No access keys found for user '#{user_name}'.")
else
response.access_key_metadata.map(&:access_key_id)
end
rescue Aws::IAM::Errors::NoSuchEntity
@logger.error("Error listing access keys: cannot find user '#{user_name}'.")
[]
rescue StandardError => e
@logger.error("Error listing access keys: #{e.message}")
[]
end
# Creates an access key for a user
#
# @param user_name [String] The name of the user.
# @return [Boolean]
def create_access_key(user_name)
response = @iam_client.create_access_key(user_name: user_name)
access_key = response.access_key
@logger.info("Access key created for user '#{user_name}': #{access_key.access_key_id}")
access_key
rescue Aws::IAM::Errors::LimitExceeded
@logger.error('Error creating access key: limit exceeded. Cannot create more.')
nil
rescue StandardError => e
@logger.error("Error creating access key: #{e.message}")
nil
end
# Deactivates an access key
#
# @param user_name [String] The name of the user.
# @param access_key_id [String] The ID for the access key.
# @return [Boolean]
def deactivate_access_key(user_name, access_key_id)
@iam_client.update_access_key(
user_name: user_name,
access_key_id: access_key_id,
status: 'Inactive'
)
true
rescue StandardError => e
@logger.error("Error deactivating access key: #{e.message}")
false
end
# Deletes an access key
#
# @param user_name [String] The name of the user.
# @param access_key_id [String] The ID for the access key.
# @return [Boolean]
def delete_access_key(user_name, access_key_id)
@iam_client.delete_access_key(
user_name: user_name,
access_key_id: access_key_id
)
true
rescue StandardError => e
@logger.error("Error deleting access key: #{e.message}")
false
end
end
```
+ Einzelheiten zur API finden Sie [DeleteAccessKey](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/DeleteAccessKey)in der *AWS SDK für Ruby API-Referenz*.
### `DeleteAccountAlias`
Das folgende Codebeispiel zeigt die Verwendung`DeleteAccountAlias`.
**SDK für Ruby**
Es gibt noch mehr dazu GitHub. Hier finden Sie das vollständige Beispiel und erfahren, wie Sie das [AWS -Code-Beispiel-](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/ruby/example_code/iam#code-examples) einrichten und ausführen.
Konto-Aliase auflisten, erstellen und löschen.
```
class IAMAliasManager
# Initializes the IAM client and logger
#
# @param iam_client [Aws::IAM::Client] An initialized IAM client.
def initialize(iam_client, logger: Logger.new($stdout))
@iam_client = iam_client
@logger = logger
end
# Lists available AWS account aliases.
def list_aliases
response = @iam_client.list_account_aliases
if response.account_aliases.count.positive?
@logger.info('Account aliases are:')
response.account_aliases.each { |account_alias| @logger.info(" #{account_alias}") }
else
@logger.info('No account aliases found.')
end
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error listing account aliases: #{e.message}")
end
# Creates an AWS account alias.
#
# @param account_alias [String] The name of the account alias to create.
# @return [Boolean] true if the account alias was created; otherwise, false.
def create_account_alias(account_alias)
@iam_client.create_account_alias(account_alias: account_alias)
true
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error creating account alias: #{e.message}")
false
end
# Deletes an AWS account alias.
#
# @param account_alias [String] The name of the account alias to delete.
# @return [Boolean] true if the account alias was deleted; otherwise, false.
def delete_account_alias(account_alias)
@iam_client.delete_account_alias(account_alias: account_alias)
true
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error deleting account alias: #{e.message}")
false
end
end
```
+ Einzelheiten zur API finden Sie [DeleteAccountAlias](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/DeleteAccountAlias)in der *AWS SDK für Ruby API-Referenz*.
### `DeleteRole`
Das folgende Codebeispiel zeigt die Verwendung`DeleteRole`.
**SDK für Ruby**
Es gibt noch mehr dazu GitHub. Hier finden Sie das vollständige Beispiel und erfahren, wie Sie das [AWS -Code-Beispiel-](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/ruby/example_code/iam#code-examples) einrichten und ausführen.
```
# Deletes a role and its attached policies.
#
# @param role_name [String] The name of the role to delete.
def delete_role(role_name)
# Detach and delete attached policies
@iam_client.list_attached_role_policies(role_name: role_name).each do |response|
response.attached_policies.each do |policy|
@iam_client.detach_role_policy({
role_name: role_name,
policy_arn: policy.policy_arn
})
# Check if the policy is a customer managed policy (not AWS managed)
unless policy.policy_arn.include?('aws:policy/')
@iam_client.delete_policy({ policy_arn: policy.policy_arn })
@logger.info("Deleted customer managed policy #{policy.policy_name}.")
end
end
end
# Delete the role
@iam_client.delete_role({ role_name: role_name })
@logger.info("Deleted role #{role_name}.")
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Couldn't detach policies and delete role #{role_name}. Here's why:")
@logger.error("\t#{e.code}: #{e.message}")
raise
end
```
+ Einzelheiten zur API finden Sie [DeleteRole](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/DeleteRole)in der *AWS SDK für Ruby API-Referenz*.
### `DeleteServerCertificate`
Das folgende Codebeispiel zeigt die Verwendung`DeleteServerCertificate`.
**SDK für Ruby**
Es gibt noch mehr dazu GitHub. Hier finden Sie das vollständige Beispiel und erfahren, wie Sie das [AWS -Code-Beispiel-](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/ruby/example_code/iam#code-examples) einrichten und ausführen.
Serverzertifikate auflisten, aktualisieren und löschen.
```
class ServerCertificateManager
def initialize(iam_client, logger: Logger.new($stdout))
@iam_client = iam_client
@logger = logger
@logger.progname = 'ServerCertificateManager'
end
# Creates a new server certificate.
# @param name [String] the name of the server certificate
# @param certificate_body [String] the contents of the certificate
# @param private_key [String] the private key contents
# @return [Boolean] returns true if the certificate was successfully created
def create_server_certificate(name, certificate_body, private_key)
@iam_client.upload_server_certificate({
server_certificate_name: name,
certificate_body: certificate_body,
private_key: private_key
})
true
rescue Aws::IAM::Errors::ServiceError => e
puts "Failed to create server certificate: #{e.message}"
false
end
# Lists available server certificate names.
def list_server_certificate_names
response = @iam_client.list_server_certificates
if response.server_certificate_metadata_list.empty?
@logger.info('No server certificates found.')
return
end
response.server_certificate_metadata_list.each do |certificate_metadata|
@logger.info("Certificate Name: #{certificate_metadata.server_certificate_name}")
end
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error listing server certificates: #{e.message}")
end
# Updates the name of a server certificate.
def update_server_certificate_name(current_name, new_name)
@iam_client.update_server_certificate(
server_certificate_name: current_name,
new_server_certificate_name: new_name
)
@logger.info("Server certificate name updated from '#{current_name}' to '#{new_name}'.")
true
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error updating server certificate name: #{e.message}")
false
end
# Deletes a server certificate.
def delete_server_certificate(name)
@iam_client.delete_server_certificate(server_certificate_name: name)
@logger.info("Server certificate '#{name}' deleted.")
true
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error deleting server certificate: #{e.message}")
false
end
end
```
+ Einzelheiten zur API finden Sie [DeleteServerCertificate](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/DeleteServerCertificate)in der *AWS SDK für Ruby API-Referenz*.
### `DeleteServiceLinkedRole`
Das folgende Codebeispiel zeigt die Verwendung`DeleteServiceLinkedRole`.
**SDK für Ruby**
Es gibt noch mehr dazu GitHub. Hier finden Sie das vollständige Beispiel und erfahren, wie Sie das [AWS -Code-Beispiel-](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/ruby/example_code/iam#code-examples) einrichten und ausführen.
```
# Deletes a service-linked role.
#
# @param role_name [String] The name of the role to delete.
def delete_service_linked_role(role_name)
response = @iam_client.delete_service_linked_role(role_name: role_name)
task_id = response.deletion_task_id
check_deletion_status(role_name, task_id)
rescue Aws::Errors::ServiceError => e
handle_deletion_error(e, role_name)
end
private
# Checks the deletion status of a service-linked role
#
# @param role_name [String] The name of the role being deleted
# @param task_id [String] The task ID for the deletion process
def check_deletion_status(role_name, task_id)
loop do
response = @iam_client.get_service_linked_role_deletion_status(
deletion_task_id: task_id
)
status = response.status
@logger.info("Deletion of #{role_name} #{status}.")
break if %w[SUCCEEDED FAILED].include?(status)
sleep(3)
end
end
# Handles deletion error
#
# @param e [Aws::Errors::ServiceError] The error encountered during deletion
# @param role_name [String] The name of the role attempted to delete
def handle_deletion_error(e, role_name)
return if e.code == 'NoSuchEntity'
@logger.error("Couldn't delete #{role_name}. Here's why:")
@logger.error("\t#{e.code}: #{e.message}")
raise
end
```
+ Einzelheiten zur API finden Sie [DeleteServiceLinkedRole](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/DeleteServiceLinkedRole)in der *AWS SDK für Ruby API-Referenz*.
### `DeleteUser`
Das folgende Codebeispiel zeigt die Verwendung`DeleteUser`.
**SDK für Ruby**
Es gibt noch mehr dazu GitHub. Hier finden Sie das vollständige Beispiel und erfahren, wie Sie das [AWS -Code-Beispiel-](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/ruby/example_code/iam#code-examples) einrichten und ausführen.
```
# Deletes a user and their associated resources
#
# @param user_name [String] The name of the user to delete
def delete_user(user_name)
user = @iam_client.list_access_keys(user_name: user_name).access_key_metadata
user.each do |key|
@iam_client.delete_access_key({ access_key_id: key.access_key_id, user_name: user_name })
@logger.info("Deleted access key #{key.access_key_id} for user '#{user_name}'.")
end
@iam_client.delete_user(user_name: user_name)
@logger.info("Deleted user '#{user_name}'.")
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error deleting user '#{user_name}': #{e.message}")
end
```
+ Einzelheiten zur API finden Sie [DeleteUser](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/DeleteUser)in der *AWS SDK für Ruby API-Referenz*.
### `DeleteUserPolicy`
Das folgende Codebeispiel zeigt die Verwendung`DeleteUserPolicy`.
**SDK für Ruby**
Es gibt noch mehr dazu GitHub. Hier finden Sie das vollständige Beispiel und erfahren, wie Sie das [AWS -Code-Beispiel-](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/ruby/example_code/iam#code-examples) einrichten und ausführen.
```
# Deletes a user and their associated resources
#
# @param user_name [String] The name of the user to delete
def delete_user(user_name)
user = @iam_client.list_access_keys(user_name: user_name).access_key_metadata
user.each do |key|
@iam_client.delete_access_key({ access_key_id: key.access_key_id, user_name: user_name })
@logger.info("Deleted access key #{key.access_key_id} for user '#{user_name}'.")
end
@iam_client.delete_user(user_name: user_name)
@logger.info("Deleted user '#{user_name}'.")
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error deleting user '#{user_name}': #{e.message}")
end
```
+ Einzelheiten zur API finden Sie [DeleteUserPolicy](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/DeleteUserPolicy)in der *AWS SDK für Ruby API-Referenz*.
### `DetachRolePolicy`
Das folgende Codebeispiel zeigt die Verwendung`DetachRolePolicy`.
**SDK für Ruby**
Es gibt noch mehr dazu GitHub. Hier finden Sie das vollständige Beispiel und erfahren, wie Sie das [AWS -Code-Beispiel-](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/ruby/example_code/iam#code-examples) einrichten und ausführen.
In diesem Beispielmodul werden Rollenrichtlinien aufgelistet, erstellt, angefügt und getrennt.
```
# Manages policies in AWS Identity and Access Management (IAM)
class RolePolicyManager
# Initialize with an AWS IAM client
#
# @param iam_client [Aws::IAM::Client] An initialized IAM client
def initialize(iam_client, logger: Logger.new($stdout))
@iam_client = iam_client
@logger = logger
@logger.progname = 'PolicyManager'
end
# Creates a policy
#
# @param policy_name [String] The name of the policy
# @param policy_document [Hash] The policy document
# @return [String] The policy ARN if successful, otherwise nil
def create_policy(policy_name, policy_document)
response = @iam_client.create_policy(
policy_name: policy_name,
policy_document: policy_document.to_json
)
response.policy.arn
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error creating policy: #{e.message}")
nil
end
# Fetches an IAM policy by its ARN
# @param policy_arn [String] the ARN of the IAM policy to retrieve
# @return [Aws::IAM::Types::GetPolicyResponse] the policy object if found
def get_policy(policy_arn)
response = @iam_client.get_policy(policy_arn: policy_arn)
policy = response.policy
@logger.info("Got policy '#{policy.policy_name}'. Its ID is: #{policy.policy_id}.")
policy
rescue Aws::IAM::Errors::NoSuchEntity
@logger.error("Couldn't get policy '#{policy_arn}'. The policy does not exist.")
raise
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Couldn't get policy '#{policy_arn}'. Here's why: #{e.code}: #{e.message}")
raise
end
# Attaches a policy to a role
#
# @param role_name [String] The name of the role
# @param policy_arn [String] The policy ARN
# @return [Boolean] true if successful, false otherwise
def attach_policy_to_role(role_name, policy_arn)
@iam_client.attach_role_policy(
role_name: role_name,
policy_arn: policy_arn
)
true
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error attaching policy to role: #{e.message}")
false
end
# Lists policy ARNs attached to a role
#
# @param role_name [String] The name of the role
# @return [Array] List of policy ARNs
def list_attached_policy_arns(role_name)
response = @iam_client.list_attached_role_policies(role_name: role_name)
response.attached_policies.map(&:policy_arn)
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error listing policies attached to role: #{e.message}")
[]
end
# Detaches a policy from a role
#
# @param role_name [String] The name of the role
# @param policy_arn [String] The policy ARN
# @return [Boolean] true if successful, false otherwise
def detach_policy_from_role(role_name, policy_arn)
@iam_client.detach_role_policy(
role_name: role_name,
policy_arn: policy_arn
)
true
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error detaching policy from role: #{e.message}")
false
end
end
```
+ Einzelheiten zur API finden Sie [DetachRolePolicy](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/DetachRolePolicy)in der *AWS SDK für Ruby API-Referenz*.
### `DetachUserPolicy`
Das folgende Codebeispiel zeigt die Verwendung`DetachUserPolicy`.
**SDK für Ruby**
Es gibt noch mehr dazu GitHub. Hier finden Sie das vollständige Beispiel und erfahren, wie Sie das [AWS -Code-Beispiel-](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/ruby/example_code/iam#code-examples) einrichten und ausführen.
```
# Detaches a policy from a user
#
# @param user_name [String] The name of the user
# @param policy_arn [String] The ARN of the policy to detach
# @return [Boolean] true if the policy was successfully detached, false otherwise
def detach_user_policy(user_name, policy_arn)
@iam_client.detach_user_policy(
user_name: user_name,
policy_arn: policy_arn
)
@logger.info("Policy '#{policy_arn}' detached from user '#{user_name}' successfully.")
true
rescue Aws::IAM::Errors::NoSuchEntity
@logger.error('Error detaching policy: Policy or user does not exist.')
false
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error detaching policy from user '#{user_name}': #{e.message}")
false
end
```
+ Einzelheiten zur API finden Sie [DetachUserPolicy](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/DetachUserPolicy)in der *AWS SDK für Ruby API-Referenz*.
### `GetAccountPasswordPolicy`
Das folgende Codebeispiel zeigt die Verwendung`GetAccountPasswordPolicy`.
**SDK für Ruby**
Es gibt noch mehr dazu GitHub. Hier finden Sie das vollständige Beispiel und erfahren, wie Sie das [AWS -Code-Beispiel-](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/ruby/example_code/iam#code-examples) einrichten und ausführen.
```
# Class to manage IAM account password policies
class PasswordPolicyManager
attr_accessor :iam_client, :logger
def initialize(iam_client, logger: Logger.new($stdout))
@iam_client = iam_client
@logger = logger
@logger.progname = 'IAMPolicyManager'
end
# Retrieves and logs the account password policy
def print_account_password_policy
response = @iam_client.get_account_password_policy
@logger.info("The account password policy is: #{response.password_policy.to_h}")
rescue Aws::IAM::Errors::NoSuchEntity
@logger.info('The account does not have a password policy.')
rescue Aws::Errors::ServiceError => e
@logger.error("Couldn't print the account password policy. Error: #{e.code} - #{e.message}")
raise
end
end
```
+ Einzelheiten zur API finden Sie [GetAccountPasswordPolicy](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/GetAccountPasswordPolicy)in der *AWS SDK für Ruby API-Referenz*.
### `GetPolicy`
Das folgende Codebeispiel zeigt die Verwendung`GetPolicy`.
**SDK für Ruby**
Es gibt noch mehr dazu GitHub. Hier finden Sie das vollständige Beispiel und erfahren, wie Sie das [AWS -Code-Beispiel-](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/ruby/example_code/iam#code-examples) einrichten und ausführen.
```
# Fetches an IAM policy by its ARN
# @param policy_arn [String] the ARN of the IAM policy to retrieve
# @return [Aws::IAM::Types::GetPolicyResponse] the policy object if found
def get_policy(policy_arn)
response = @iam_client.get_policy(policy_arn: policy_arn)
policy = response.policy
@logger.info("Got policy '#{policy.policy_name}'. Its ID is: #{policy.policy_id}.")
policy
rescue Aws::IAM::Errors::NoSuchEntity
@logger.error("Couldn't get policy '#{policy_arn}'. The policy does not exist.")
raise
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Couldn't get policy '#{policy_arn}'. Here's why: #{e.code}: #{e.message}")
raise
end
```
+ Einzelheiten zur API finden Sie [GetPolicy](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/GetPolicy)in der *AWS SDK für Ruby API-Referenz*.
### `GetRole`
Das folgende Codebeispiel zeigt die Verwendung`GetRole`.
**SDK für Ruby**
Es gibt noch mehr dazu GitHub. Hier finden Sie das vollständige Beispiel und erfahren, wie Sie das [AWS -Code-Beispiel-](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/ruby/example_code/iam#code-examples) einrichten und ausführen.
```
# Gets data about a role.
#
# @param name [String] The name of the role to look up.
# @return [Aws::IAM::Role] The retrieved role.
def get_role(name)
role = @iam_client.get_role({
role_name: name
}).role
puts("Got data for role '#{role.role_name}'. Its ARN is '#{role.arn}'.")
rescue Aws::Errors::ServiceError => e
puts("Couldn't get data for role '#{name}' Here's why:")
puts("\t#{e.code}: #{e.message}")
raise
else
role
end
```
+ Einzelheiten zur API finden Sie [GetRole](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/GetRole)in der *AWS SDK für Ruby API-Referenz*.
### `GetUser`
Das folgende Codebeispiel zeigt die Verwendung`GetUser`.
**SDK für Ruby**
Es gibt noch mehr dazu GitHub. Hier finden Sie das vollständige Beispiel und erfahren, wie Sie das [AWS -Code-Beispiel-](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/ruby/example_code/iam#code-examples) einrichten und ausführen.
```
# Retrieves a user's details
#
# @param user_name [String] The name of the user to retrieve
# @return [Aws::IAM::Types::User, nil] The user object if found, or nil if an error occurred
def get_user(user_name)
response = @iam_client.get_user(user_name: user_name)
response.user
rescue Aws::IAM::Errors::NoSuchEntity
@logger.error("User '#{user_name}' not found.")
nil
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error retrieving user '#{user_name}': #{e.message}")
nil
end
```
+ Einzelheiten zur API finden Sie [GetUser](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/GetUser)in der *AWS SDK für Ruby API-Referenz*.
### `ListAccessKeys`
Das folgende Codebeispiel zeigt die Verwendung`ListAccessKeys`.
**SDK für Ruby**
Es gibt noch mehr dazu GitHub. Hier finden Sie das vollständige Beispiel und erfahren, wie Sie das [AWS -Code-Beispiel-](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/ruby/example_code/iam#code-examples) einrichten und ausführen.
In diesem Beispielmodul werden Zugriffsschlüssel aufgeführt, erstellt, deaktiviert und gelöscht.
```
# Manages access keys for IAM users
class AccessKeyManager
def initialize(iam_client, logger: Logger.new($stdout))
@iam_client = iam_client
@logger = logger
@logger.progname = 'AccessKeyManager'
end
# Lists access keys for a user
#
# @param user_name [String] The name of the user.
def list_access_keys(user_name)
response = @iam_client.list_access_keys(user_name: user_name)
if response.access_key_metadata.empty?
@logger.info("No access keys found for user '#{user_name}'.")
else
response.access_key_metadata.map(&:access_key_id)
end
rescue Aws::IAM::Errors::NoSuchEntity
@logger.error("Error listing access keys: cannot find user '#{user_name}'.")
[]
rescue StandardError => e
@logger.error("Error listing access keys: #{e.message}")
[]
end
# Creates an access key for a user
#
# @param user_name [String] The name of the user.
# @return [Boolean]
def create_access_key(user_name)
response = @iam_client.create_access_key(user_name: user_name)
access_key = response.access_key
@logger.info("Access key created for user '#{user_name}': #{access_key.access_key_id}")
access_key
rescue Aws::IAM::Errors::LimitExceeded
@logger.error('Error creating access key: limit exceeded. Cannot create more.')
nil
rescue StandardError => e
@logger.error("Error creating access key: #{e.message}")
nil
end
# Deactivates an access key
#
# @param user_name [String] The name of the user.
# @param access_key_id [String] The ID for the access key.
# @return [Boolean]
def deactivate_access_key(user_name, access_key_id)
@iam_client.update_access_key(
user_name: user_name,
access_key_id: access_key_id,
status: 'Inactive'
)
true
rescue StandardError => e
@logger.error("Error deactivating access key: #{e.message}")
false
end
# Deletes an access key
#
# @param user_name [String] The name of the user.
# @param access_key_id [String] The ID for the access key.
# @return [Boolean]
def delete_access_key(user_name, access_key_id)
@iam_client.delete_access_key(
user_name: user_name,
access_key_id: access_key_id
)
true
rescue StandardError => e
@logger.error("Error deleting access key: #{e.message}")
false
end
end
```
+ Einzelheiten zur API finden Sie [ListAccessKeys](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/ListAccessKeys)in der *AWS SDK für Ruby API-Referenz*.
### `ListAccountAliases`
Das folgende Codebeispiel zeigt die Verwendung`ListAccountAliases`.
**SDK für Ruby**
Es gibt noch mehr dazu GitHub. Hier finden Sie das vollständige Beispiel und erfahren, wie Sie das [AWS -Code-Beispiel-](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/ruby/example_code/iam#code-examples) einrichten und ausführen.
Konto-Aliase auflisten, erstellen und löschen.
```
class IAMAliasManager
# Initializes the IAM client and logger
#
# @param iam_client [Aws::IAM::Client] An initialized IAM client.
def initialize(iam_client, logger: Logger.new($stdout))
@iam_client = iam_client
@logger = logger
end
# Lists available AWS account aliases.
def list_aliases
response = @iam_client.list_account_aliases
if response.account_aliases.count.positive?
@logger.info('Account aliases are:')
response.account_aliases.each { |account_alias| @logger.info(" #{account_alias}") }
else
@logger.info('No account aliases found.')
end
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error listing account aliases: #{e.message}")
end
# Creates an AWS account alias.
#
# @param account_alias [String] The name of the account alias to create.
# @return [Boolean] true if the account alias was created; otherwise, false.
def create_account_alias(account_alias)
@iam_client.create_account_alias(account_alias: account_alias)
true
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error creating account alias: #{e.message}")
false
end
# Deletes an AWS account alias.
#
# @param account_alias [String] The name of the account alias to delete.
# @return [Boolean] true if the account alias was deleted; otherwise, false.
def delete_account_alias(account_alias)
@iam_client.delete_account_alias(account_alias: account_alias)
true
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error deleting account alias: #{e.message}")
false
end
end
```
+ Einzelheiten zur API finden Sie [ListAccountAliases](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/ListAccountAliases)in der *AWS SDK für Ruby API-Referenz*.
### `ListAttachedRolePolicies`
Das folgende Codebeispiel zeigt die Verwendung`ListAttachedRolePolicies`.
**SDK für Ruby**
Es gibt noch mehr dazu GitHub. Hier finden Sie das vollständige Beispiel und erfahren, wie Sie das [AWS -Code-Beispiel-](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/ruby/example_code/iam#code-examples) einrichten und ausführen.
In diesem Beispielmodul werden Rollenrichtlinien aufgelistet, erstellt, angefügt und getrennt.
```
# Manages policies in AWS Identity and Access Management (IAM)
class RolePolicyManager
# Initialize with an AWS IAM client
#
# @param iam_client [Aws::IAM::Client] An initialized IAM client
def initialize(iam_client, logger: Logger.new($stdout))
@iam_client = iam_client
@logger = logger
@logger.progname = 'PolicyManager'
end
# Creates a policy
#
# @param policy_name [String] The name of the policy
# @param policy_document [Hash] The policy document
# @return [String] The policy ARN if successful, otherwise nil
def create_policy(policy_name, policy_document)
response = @iam_client.create_policy(
policy_name: policy_name,
policy_document: policy_document.to_json
)
response.policy.arn
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error creating policy: #{e.message}")
nil
end
# Fetches an IAM policy by its ARN
# @param policy_arn [String] the ARN of the IAM policy to retrieve
# @return [Aws::IAM::Types::GetPolicyResponse] the policy object if found
def get_policy(policy_arn)
response = @iam_client.get_policy(policy_arn: policy_arn)
policy = response.policy
@logger.info("Got policy '#{policy.policy_name}'. Its ID is: #{policy.policy_id}.")
policy
rescue Aws::IAM::Errors::NoSuchEntity
@logger.error("Couldn't get policy '#{policy_arn}'. The policy does not exist.")
raise
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Couldn't get policy '#{policy_arn}'. Here's why: #{e.code}: #{e.message}")
raise
end
# Attaches a policy to a role
#
# @param role_name [String] The name of the role
# @param policy_arn [String] The policy ARN
# @return [Boolean] true if successful, false otherwise
def attach_policy_to_role(role_name, policy_arn)
@iam_client.attach_role_policy(
role_name: role_name,
policy_arn: policy_arn
)
true
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error attaching policy to role: #{e.message}")
false
end
# Lists policy ARNs attached to a role
#
# @param role_name [String] The name of the role
# @return [Array] List of policy ARNs
def list_attached_policy_arns(role_name)
response = @iam_client.list_attached_role_policies(role_name: role_name)
response.attached_policies.map(&:policy_arn)
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error listing policies attached to role: #{e.message}")
[]
end
# Detaches a policy from a role
#
# @param role_name [String] The name of the role
# @param policy_arn [String] The policy ARN
# @return [Boolean] true if successful, false otherwise
def detach_policy_from_role(role_name, policy_arn)
@iam_client.detach_role_policy(
role_name: role_name,
policy_arn: policy_arn
)
true
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error detaching policy from role: #{e.message}")
false
end
end
```
+ Einzelheiten zur API finden Sie [ListAttachedRolePolicies](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/ListAttachedRolePolicies)in der *AWS SDK für Ruby API-Referenz*.
### `ListGroups`
Das folgende Codebeispiel zeigt die Verwendung`ListGroups`.
**SDK für Ruby**
Es gibt noch mehr dazu GitHub. Hier finden Sie das vollständige Beispiel und erfahren, wie Sie das [AWS -Code-Beispiel-](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/ruby/example_code/iam#code-examples) einrichten und ausführen.
```
# A class to manage IAM operations via the AWS SDK client
class IamGroupManager
# Initializes the IamGroupManager class
# @param iam_client [Aws::IAM::Client] An instance of the IAM client
def initialize(iam_client, logger: Logger.new($stdout))
@iam_client = iam_client
@logger = logger
end
# Lists up to a specified number of groups for the account.
# @param count [Integer] The maximum number of groups to list.
# @return [Aws::IAM::Client::Response]
def list_groups(count)
response = @iam_client.list_groups(max_items: count)
response.groups.each do |group|
@logger.info("\t#{group.group_name}")
end
response
rescue Aws::Errors::ServiceError => e
@logger.error("Couldn't list groups for the account. Here's why:")
@logger.error("\t#{e.code}: #{e.message}")
raise
end
end
```
+ Einzelheiten zur API finden Sie [ListGroups](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/ListGroups)in der *AWS SDK für Ruby API-Referenz*.
### `ListPolicies`
Das folgende Codebeispiel zeigt die Verwendung`ListPolicies`.
**SDK für Ruby**
Es gibt noch mehr dazu GitHub. Hier finden Sie das vollständige Beispiel und erfahren, wie Sie das [AWS -Code-Beispiel-](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/ruby/example_code/iam#code-examples) einrichten und ausführen.
In diesem Beispielmodul werden Rollenrichtlinien aufgelistet, erstellt, angefügt und getrennt.
```
# Manages policies in AWS Identity and Access Management (IAM)
class RolePolicyManager
# Initialize with an AWS IAM client
#
# @param iam_client [Aws::IAM::Client] An initialized IAM client
def initialize(iam_client, logger: Logger.new($stdout))
@iam_client = iam_client
@logger = logger
@logger.progname = 'PolicyManager'
end
# Creates a policy
#
# @param policy_name [String] The name of the policy
# @param policy_document [Hash] The policy document
# @return [String] The policy ARN if successful, otherwise nil
def create_policy(policy_name, policy_document)
response = @iam_client.create_policy(
policy_name: policy_name,
policy_document: policy_document.to_json
)
response.policy.arn
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error creating policy: #{e.message}")
nil
end
# Fetches an IAM policy by its ARN
# @param policy_arn [String] the ARN of the IAM policy to retrieve
# @return [Aws::IAM::Types::GetPolicyResponse] the policy object if found
def get_policy(policy_arn)
response = @iam_client.get_policy(policy_arn: policy_arn)
policy = response.policy
@logger.info("Got policy '#{policy.policy_name}'. Its ID is: #{policy.policy_id}.")
policy
rescue Aws::IAM::Errors::NoSuchEntity
@logger.error("Couldn't get policy '#{policy_arn}'. The policy does not exist.")
raise
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Couldn't get policy '#{policy_arn}'. Here's why: #{e.code}: #{e.message}")
raise
end
# Attaches a policy to a role
#
# @param role_name [String] The name of the role
# @param policy_arn [String] The policy ARN
# @return [Boolean] true if successful, false otherwise
def attach_policy_to_role(role_name, policy_arn)
@iam_client.attach_role_policy(
role_name: role_name,
policy_arn: policy_arn
)
true
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error attaching policy to role: #{e.message}")
false
end
# Lists policy ARNs attached to a role
#
# @param role_name [String] The name of the role
# @return [Array] List of policy ARNs
def list_attached_policy_arns(role_name)
response = @iam_client.list_attached_role_policies(role_name: role_name)
response.attached_policies.map(&:policy_arn)
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error listing policies attached to role: #{e.message}")
[]
end
# Detaches a policy from a role
#
# @param role_name [String] The name of the role
# @param policy_arn [String] The policy ARN
# @return [Boolean] true if successful, false otherwise
def detach_policy_from_role(role_name, policy_arn)
@iam_client.detach_role_policy(
role_name: role_name,
policy_arn: policy_arn
)
true
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error detaching policy from role: #{e.message}")
false
end
end
```
+ Einzelheiten zur API finden Sie [ListPolicies](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/ListPolicies)in der *AWS SDK für Ruby API-Referenz*.
### `ListRolePolicies`
Das folgende Codebeispiel zeigt die Verwendung`ListRolePolicies`.
**SDK für Ruby**
Es gibt noch mehr dazu GitHub. Hier finden Sie das vollständige Beispiel und erfahren, wie Sie das [AWS -Code-Beispiel-](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/ruby/example_code/iam#code-examples) einrichten und ausführen.
```
# Lists policy ARNs attached to a role
#
# @param role_name [String] The name of the role
# @return [Array] List of policy ARNs
def list_attached_policy_arns(role_name)
response = @iam_client.list_attached_role_policies(role_name: role_name)
response.attached_policies.map(&:policy_arn)
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error listing policies attached to role: #{e.message}")
[]
end
```
+ Einzelheiten zur API finden Sie [ListRolePolicies](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/ListRolePolicies)in der *AWS SDK für Ruby API-Referenz*.
### `ListRoles`
Das folgende Codebeispiel zeigt die Verwendung`ListRoles`.
**SDK für Ruby**
Es gibt noch mehr dazu GitHub. Hier finden Sie das vollständige Beispiel und erfahren, wie Sie das [AWS -Code-Beispiel-](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/ruby/example_code/iam#code-examples) einrichten und ausführen.
```
# Lists IAM roles up to a specified count.
# @param count [Integer] the maximum number of roles to list.
# @return [Array] the names of the roles.
def list_roles(count)
role_names = []
roles_counted = 0
@iam_client.list_roles.each_page do |page|
page.roles.each do |role|
break if roles_counted >= count
@logger.info("\t#{roles_counted + 1}: #{role.role_name}")
role_names << role.role_name
roles_counted += 1
end
break if roles_counted >= count
end
role_names
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Couldn't list roles for the account. Here's why:")
@logger.error("\t#{e.code}: #{e.message}")
raise
end
```
+ Einzelheiten zur API finden Sie [ListRoles](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/ListRoles)in der *AWS SDK für Ruby API-Referenz*.
### `ListSAMLProviders`
Das folgende Codebeispiel zeigt die Verwendung`ListSAMLProviders`.
**SDK für Ruby**
Es gibt noch mehr dazu GitHub. Hier finden Sie das vollständige Beispiel und erfahren, wie Sie das [AWS -Code-Beispiel-](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/ruby/example_code/iam#code-examples) einrichten und ausführen.
```
class SamlProviderLister
# Initializes the SamlProviderLister with IAM client and a logger.
# @param iam_client [Aws::IAM::Client] The IAM client object.
# @param logger [Logger] The logger object for logging output.
def initialize(iam_client, logger = Logger.new($stdout))
@iam_client = iam_client
@logger = logger
end
# Lists up to a specified number of SAML providers for the account.
# @param count [Integer] The maximum number of providers to list.
# @return [Aws::IAM::Client::Response]
def list_saml_providers(count)
response = @iam_client.list_saml_providers
response.saml_provider_list.take(count).each do |provider|
@logger.info("\t#{provider.arn}")
end
response
rescue Aws::Errors::ServiceError => e
@logger.error("Couldn't list SAML providers. Here's why:")
@logger.error("\t#{e.code}: #{e.message}")
raise
end
end
```
+ Einzelheiten zur API finden Sie unter [Liste SAMLProviders](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/ListSAMLProviders) in der *AWS SDK für Ruby API-Referenz*.
### `ListServerCertificates`
Das folgende Codebeispiel zeigt die Verwendung`ListServerCertificates`.
**SDK für Ruby**
Es gibt noch mehr dazu GitHub. Hier finden Sie das vollständige Beispiel und erfahren, wie Sie das [AWS -Code-Beispiel-](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/ruby/example_code/iam#code-examples) einrichten und ausführen.
Serverzertifikate auflisten, aktualisieren und löschen.
```
class ServerCertificateManager
def initialize(iam_client, logger: Logger.new($stdout))
@iam_client = iam_client
@logger = logger
@logger.progname = 'ServerCertificateManager'
end
# Creates a new server certificate.
# @param name [String] the name of the server certificate
# @param certificate_body [String] the contents of the certificate
# @param private_key [String] the private key contents
# @return [Boolean] returns true if the certificate was successfully created
def create_server_certificate(name, certificate_body, private_key)
@iam_client.upload_server_certificate({
server_certificate_name: name,
certificate_body: certificate_body,
private_key: private_key
})
true
rescue Aws::IAM::Errors::ServiceError => e
puts "Failed to create server certificate: #{e.message}"
false
end
# Lists available server certificate names.
def list_server_certificate_names
response = @iam_client.list_server_certificates
if response.server_certificate_metadata_list.empty?
@logger.info('No server certificates found.')
return
end
response.server_certificate_metadata_list.each do |certificate_metadata|
@logger.info("Certificate Name: #{certificate_metadata.server_certificate_name}")
end
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error listing server certificates: #{e.message}")
end
# Updates the name of a server certificate.
def update_server_certificate_name(current_name, new_name)
@iam_client.update_server_certificate(
server_certificate_name: current_name,
new_server_certificate_name: new_name
)
@logger.info("Server certificate name updated from '#{current_name}' to '#{new_name}'.")
true
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error updating server certificate name: #{e.message}")
false
end
# Deletes a server certificate.
def delete_server_certificate(name)
@iam_client.delete_server_certificate(server_certificate_name: name)
@logger.info("Server certificate '#{name}' deleted.")
true
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error deleting server certificate: #{e.message}")
false
end
end
```
+ Einzelheiten zur API finden Sie [ListServerCertificates](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/ListServerCertificates)in der *AWS SDK für Ruby API-Referenz*.
### `ListUsers`
Das folgende Codebeispiel zeigt die Verwendung`ListUsers`.
**SDK für Ruby**
Es gibt noch mehr dazu GitHub. Hier finden Sie das vollständige Beispiel und erfahren, wie Sie das [AWS -Code-Beispiel-](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/ruby/example_code/iam#code-examples) einrichten und ausführen.
```
# Lists all users in the AWS account
#
# @return [Array] An array of user objects
def list_users
users = []
@iam_client.list_users.each_page do |page|
page.users.each do |user|
users << user
end
end
users
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error listing users: #{e.message}")
[]
end
```
+ Einzelheiten zur API finden Sie [ListUsers](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/ListUsers)in der *AWS SDK für Ruby API-Referenz*.
### `PutUserPolicy`
Das folgende Codebeispiel zeigt die Verwendung`PutUserPolicy`.
**SDK für Ruby**
Es gibt noch mehr dazu GitHub. Hier finden Sie das vollständige Beispiel und erfahren, wie Sie das [AWS -Code-Beispiel-](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/ruby/example_code/iam#code-examples) einrichten und ausführen.
```
# Creates an inline policy for a specified user.
# @param username [String] The name of the IAM user.
# @param policy_name [String] The name of the policy to create.
# @param policy_document [String] The JSON policy document.
# @return [Boolean]
def create_user_policy(username, policy_name, policy_document)
@iam_client.put_user_policy({
user_name: username,
policy_name: policy_name,
policy_document: policy_document
})
@logger.info("Policy #{policy_name} created for user #{username}.")
true
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Couldn't create policy #{policy_name} for user #{username}. Here's why:")
@logger.error("\t#{e.code}: #{e.message}")
false
end
```
+ Einzelheiten zur API finden Sie [PutUserPolicy](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/PutUserPolicy)in der *AWS SDK für Ruby API-Referenz*.
### `UpdateServerCertificate`
Das folgende Codebeispiel zeigt die Verwendung`UpdateServerCertificate`.
**SDK für Ruby**
Es gibt noch mehr dazu GitHub. Hier finden Sie das vollständige Beispiel und erfahren, wie Sie das [AWS -Code-Beispiel-](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/ruby/example_code/iam#code-examples) einrichten und ausführen.
Serverzertifikate auflisten, aktualisieren und löschen.
```
class ServerCertificateManager
def initialize(iam_client, logger: Logger.new($stdout))
@iam_client = iam_client
@logger = logger
@logger.progname = 'ServerCertificateManager'
end
# Creates a new server certificate.
# @param name [String] the name of the server certificate
# @param certificate_body [String] the contents of the certificate
# @param private_key [String] the private key contents
# @return [Boolean] returns true if the certificate was successfully created
def create_server_certificate(name, certificate_body, private_key)
@iam_client.upload_server_certificate({
server_certificate_name: name,
certificate_body: certificate_body,
private_key: private_key
})
true
rescue Aws::IAM::Errors::ServiceError => e
puts "Failed to create server certificate: #{e.message}"
false
end
# Lists available server certificate names.
def list_server_certificate_names
response = @iam_client.list_server_certificates
if response.server_certificate_metadata_list.empty?
@logger.info('No server certificates found.')
return
end
response.server_certificate_metadata_list.each do |certificate_metadata|
@logger.info("Certificate Name: #{certificate_metadata.server_certificate_name}")
end
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error listing server certificates: #{e.message}")
end
# Updates the name of a server certificate.
def update_server_certificate_name(current_name, new_name)
@iam_client.update_server_certificate(
server_certificate_name: current_name,
new_server_certificate_name: new_name
)
@logger.info("Server certificate name updated from '#{current_name}' to '#{new_name}'.")
true
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error updating server certificate name: #{e.message}")
false
end
# Deletes a server certificate.
def delete_server_certificate(name)
@iam_client.delete_server_certificate(server_certificate_name: name)
@logger.info("Server certificate '#{name}' deleted.")
true
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error deleting server certificate: #{e.message}")
false
end
end
```
+ Einzelheiten zur API finden Sie [UpdateServerCertificate](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/UpdateServerCertificate)in der *AWS SDK für Ruby API-Referenz*.
### `UpdateUser`
Das folgende Codebeispiel zeigt die Verwendung`UpdateUser`.
**SDK für Ruby**
Es gibt noch mehr dazu GitHub. Hier finden Sie das vollständige Beispiel und erfahren, wie Sie das [AWS -Code-Beispiel-](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/ruby/example_code/iam#code-examples) einrichten und ausführen.
```
# Updates an IAM user's name
#
# @param current_name [String] The current name of the user
# @param new_name [String] The new name of the user
def update_user_name(current_name, new_name)
@iam_client.update_user(user_name: current_name, new_user_name: new_name)
true
rescue StandardError => e
@logger.error("Error updating user name from '#{current_name}' to '#{new_name}': #{e.message}")
false
end
```
+ Einzelheiten zur API finden Sie [UpdateUser](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/UpdateUser)in der *AWS SDK für Ruby API-Referenz*.