Ada lebih banyak contoh AWS SDK yang tersedia di repo Contoh [SDK AWS Doc](https://github.com/awsdocs/aws-doc-sdk-examples). GitHub
Terjemahan disediakan oleh mesin penerjemah. Jika konten terjemahan yang diberikan bertentangan dengan versi bahasa Inggris aslinya, utamakan versi bahasa Inggris.
# Contoh IAM menggunakan SDK for Ruby
Contoh kode berikut menunjukkan cara melakukan tindakan dan mengimplementasikan skenario umum dengan menggunakan AWS SDK untuk Ruby with IAM.
*Dasar-dasar* adalah contoh kode yang menunjukkan kepada Anda bagaimana melakukan operasi penting dalam suatu layanan.
*Tindakan* merupakan kutipan kode dari program yang lebih besar dan harus dijalankan dalam konteks. Sementara tindakan menunjukkan cara memanggil fungsi layanan individual, Anda dapat melihat tindakan dalam konteks dalam skenario terkait.
Setiap contoh menyertakan tautan ke kode sumber lengkap, di mana Anda dapat menemukan instruksi tentang cara mengatur dan menjalankan kode dalam konteks.
**Topics**
+ [Memulai](#get_started)
+ [Hal-hal mendasar](#basics)
+ [Tindakan](#actions)
## Memulai
### Halo IAM
Contoh kode berikut menunjukkan bagaimana memulai menggunakan IAM.
**SDK untuk Ruby**
Ada lebih banyak tentang GitHub. Temukan contoh lengkapnya dan pelajari cara mengatur dan menjalankannya di [Repositori Contoh Kode AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/ruby/example_code/iam#code-examples).
```
require 'aws-sdk-iam'
require 'logger'
# IAMManager is a class responsible for managing IAM operations
# such as listing all IAM policies in the current AWS account.
class IAMManager
def initialize(client)
@client = client
@logger = Logger.new($stdout)
end
# Lists and prints all IAM policies in the current AWS account.
def list_policies
@logger.info('Here are the IAM policies in your account:')
paginator = @client.list_policies
policies = []
paginator.each_page do |page|
policies.concat(page.policies)
end
if policies.empty?
@logger.info("You don't have any IAM policies.")
else
policies.each do |policy|
@logger.info("- #{policy.policy_name}")
end
end
end
end
if $PROGRAM_NAME == __FILE__
iam_client = Aws::IAM::Client.new
manager = IAMManager.new(iam_client)
manager.list_policies
end
```
+ Untuk detail API, lihat [ListPolicies](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/ListPolicies)di *Referensi AWS SDK untuk Ruby API*.
## Hal-hal mendasar
### Pelajari dasar-dasarnya
Contoh kode berikut menunjukkan cara membuat pengguna dan mengambil peran.
**Awas**
Untuk menghindari risiko keamanan, jangan gunakan pengguna IAM untuk otentikasi saat mengembangkan perangkat lunak yang dibuat khusus atau bekerja dengan data nyata. Sebaliknya, gunakan federasi dengan penyedia identitas seperti [AWS IAM Identity Center](https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html).
+ Buat pengguna tanpa izin.
+ Buat peran yang memberikan izin untuk mencantumkan bucket Amazon S3 untuk akun tersebut.
+ Tambahkan kebijakan agar pengguna dapat mengambil peran tersebut.
+ Asumsikan peran dan daftar bucket S3 menggunakan kredenal sementara, lalu bersihkan sumber daya.
**SDK untuk Ruby**
Ada lebih banyak tentang GitHub. Temukan contoh lengkapnya dan pelajari cara mengatur dan menjalankannya di [Repositori Contoh Kode AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/ruby/example_code/iam#code-examples).
Buat pengguna IAM dan peran yang memberikan izin untuk mencantumkan bucket Amazon S3. Pengguna hanya memiliki hak untuk mengambil peran. Setelah mengambil peran, gunakan kredensyal sementara untuk membuat daftar bucket untuk akun.
```
# Wraps the scenario actions.
class ScenarioCreateUserAssumeRole
attr_reader :iam_client
# @param [Aws::IAM::Client] iam_client: The AWS IAM client.
def initialize(iam_client, logger: Logger.new($stdout))
@iam_client = iam_client
@logger = logger
end
# Waits for the specified number of seconds.
#
# @param duration [Integer] The number of seconds to wait.
def wait(duration)
puts('Give AWS time to propagate resources...')
sleep(duration)
end
# Creates a user.
#
# @param user_name [String] The name to give the user.
# @return [Aws::IAM::User] The newly created user.
def create_user(user_name)
user = @iam_client.create_user(user_name: user_name).user
@logger.info("Created demo user named #{user.user_name}.")
rescue Aws::Errors::ServiceError => e
@logger.info('Tried and failed to create demo user.')
@logger.info("\t#{e.code}: #{e.message}")
@logger.info("\nCan't continue the demo without a user!")
raise
else
user
end
# Creates an access key for a user.
#
# @param user [Aws::IAM::User] The user that owns the key.
# @return [Aws::IAM::AccessKeyPair] The newly created access key.
def create_access_key_pair(user)
user_key = @iam_client.create_access_key(user_name: user.user_name).access_key
@logger.info("Created accesskey pair for user #{user.user_name}.")
rescue Aws::Errors::ServiceError => e
@logger.info("Couldn't create access keys for user #{user.user_name}.")
@logger.info("\t#{e.code}: #{e.message}")
raise
else
user_key
end
# Creates a role that can be assumed by a user.
#
# @param role_name [String] The name to give the role.
# @param user [Aws::IAM::User] The user who is granted permission to assume the role.
# @return [Aws::IAM::Role] The newly created role.
def create_role(role_name, user)
trust_policy = {
Version: '2012-10-17',
Statement: [{
Effect: 'Allow',
Principal: { 'AWS': user.arn },
Action: 'sts:AssumeRole'
}]
}.to_json
role = @iam_client.create_role(
role_name: role_name,
assume_role_policy_document: trust_policy
).role
@logger.info("Created role #{role.role_name}.")
rescue Aws::Errors::ServiceError => e
@logger.info("Couldn't create a role for the demo. Here's why: ")
@logger.info("\t#{e.code}: #{e.message}")
raise
else
role
end
# Creates a policy that grants permission to list S3 buckets in the account, and
# then attaches the policy to a role.
#
# @param policy_name [String] The name to give the policy.
# @param role [Aws::IAM::Role] The role that the policy is attached to.
# @return [Aws::IAM::Policy] The newly created policy.
def create_and_attach_role_policy(policy_name, role)
policy_document = {
Version: '2012-10-17',
Statement: [{
Effect: 'Allow',
Action: 's3:ListAllMyBuckets',
Resource: 'arn:aws:s3:::*'
}]
}.to_json
policy = @iam_client.create_policy(
policy_name: policy_name,
policy_document: policy_document
).policy
@iam_client.attach_role_policy(
role_name: role.role_name,
policy_arn: policy.arn
)
@logger.info("Created policy #{policy.policy_name} and attached it to role #{role.role_name}.")
rescue Aws::Errors::ServiceError => e
@logger.info("Couldn't create a policy and attach it to role #{role.role_name}. Here's why: ")
@logger.info("\t#{e.code}: #{e.message}")
raise
end
# Creates an inline policy for a user that lets the user assume a role.
#
# @param policy_name [String] The name to give the policy.
# @param user [Aws::IAM::User] The user that owns the policy.
# @param role [Aws::IAM::Role] The role that can be assumed.
# @return [Aws::IAM::UserPolicy] The newly created policy.
def create_user_policy(policy_name, user, role)
policy_document = {
Version: '2012-10-17',
Statement: [{
Effect: 'Allow',
Action: 'sts:AssumeRole',
Resource: role.arn
}]
}.to_json
@iam_client.put_user_policy(
user_name: user.user_name,
policy_name: policy_name,
policy_document: policy_document
)
puts("Created an inline policy for #{user.user_name} that lets the user assume role #{role.role_name}.")
rescue Aws::Errors::ServiceError => e
@logger.info("Couldn't create an inline policy for user #{user.user_name}. Here's why: ")
@logger.info("\t#{e.code}: #{e.message}")
raise
end
# Creates an Amazon S3 resource with specified credentials. This is separated into a
# factory function so that it can be mocked for unit testing.
#
# @param credentials [Aws::Credentials] The credentials used by the Amazon S3 resource.
def create_s3_resource(credentials)
Aws::S3::Resource.new(client: Aws::S3::Client.new(credentials: credentials))
end
# Lists the S3 buckets for the account, using the specified Amazon S3 resource.
# Because the resource uses credentials with limited access, it may not be able to
# list the S3 buckets.
#
# @param s3_resource [Aws::S3::Resource] An Amazon S3 resource.
def list_buckets(s3_resource)
count = 10
s3_resource.buckets.each do |bucket|
@logger.info "\t#{bucket.name}"
count -= 1
break if count.zero?
end
rescue Aws::Errors::ServiceError => e
if e.code == 'AccessDenied'
puts('Attempt to list buckets with no permissions: AccessDenied.')
else
@logger.info("Couldn't list buckets for the account. Here's why: ")
@logger.info("\t#{e.code}: #{e.message}")
raise
end
end
# Creates an AWS Security Token Service (AWS STS) client with specified credentials.
# This is separated into a factory function so that it can be mocked for unit testing.
#
# @param key_id [String] The ID of the access key used by the STS client.
# @param key_secret [String] The secret part of the access key used by the STS client.
def create_sts_client(key_id, key_secret)
Aws::STS::Client.new(access_key_id: key_id, secret_access_key: key_secret)
end
# Gets temporary credentials that can be used to assume a role.
#
# @param role_arn [String] The ARN of the role that is assumed when these credentials
# are used.
# @param sts_client [AWS::STS::Client] An AWS STS client.
# @return [Aws::AssumeRoleCredentials] The credentials that can be used to assume the role.
def assume_role(role_arn, sts_client)
credentials = Aws::AssumeRoleCredentials.new(
client: sts_client,
role_arn: role_arn,
role_session_name: 'create-use-assume-role-scenario'
)
@logger.info("Assumed role '#{role_arn}', got temporary credentials.")
credentials
end
# Deletes a role. If the role has policies attached, they are detached and
# deleted before the role is deleted.
#
# @param role_name [String] The name of the role to delete.
def delete_role(role_name)
@iam_client.list_attached_role_policies(role_name: role_name).attached_policies.each do |policy|
@iam_client.detach_role_policy(role_name: role_name, policy_arn: policy.policy_arn)
@iam_client.delete_policy(policy_arn: policy.policy_arn)
@logger.info("Detached and deleted policy #{policy.policy_name}.")
end
@iam_client.delete_role({ role_name: role_name })
@logger.info("Role deleted: #{role_name}.")
rescue Aws::Errors::ServiceError => e
@logger.info("Couldn't detach policies and delete role #{role.name}. Here's why:")
@logger.info("\t#{e.code}: #{e.message}")
raise
end
# Deletes a user. If the user has inline policies or access keys, they are deleted
# before the user is deleted.
#
# @param user [Aws::IAM::User] The user to delete.
def delete_user(user_name)
user = @iam_client.list_access_keys(user_name: user_name).access_key_metadata
user.each do |key|
@iam_client.delete_access_key({ access_key_id: key.access_key_id, user_name: user_name })
@logger.info("Deleted access key #{key.access_key_id} for user '#{user_name}'.")
end
@iam_client.delete_user(user_name: user_name)
@logger.info("Deleted user '#{user_name}'.")
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error deleting user '#{user_name}': #{e.message}")
end
end
# Runs the IAM create a user and assume a role scenario.
def run_scenario(scenario)
puts('-' * 88)
puts('Welcome to the IAM create a user and assume a role demo!')
puts('-' * 88)
user = scenario.create_user("doc-example-user-#{Random.uuid}")
user_key = scenario.create_access_key_pair(user)
scenario.wait(10)
role = scenario.create_role("doc-example-role-#{Random.uuid}", user)
scenario.create_and_attach_role_policy("doc-example-role-policy-#{Random.uuid}", role)
scenario.create_user_policy("doc-example-user-policy-#{Random.uuid}", user, role)
scenario.wait(10)
puts('Try to list buckets with credentials for a user who has no permissions.')
puts('Expect AccessDenied from this call.')
scenario.list_buckets(
scenario.create_s3_resource(Aws::Credentials.new(user_key.access_key_id, user_key.secret_access_key))
)
puts('Now, assume the role that grants permission.')
temp_credentials = scenario.assume_role(
role.arn, scenario.create_sts_client(user_key.access_key_id, user_key.secret_access_key)
)
puts('Here are your buckets:')
scenario.list_buckets(scenario.create_s3_resource(temp_credentials))
puts("Deleting role '#{role.role_name}' and attached policies.")
scenario.delete_role(role.role_name)
puts("Deleting user '#{user.user_name}', policies, and keys.")
scenario.delete_user(user.user_name)
puts('Thanks for watching!')
puts('-' * 88)
rescue Aws::Errors::ServiceError => e
puts('Something went wrong with the demo.')
puts("\t#{e.code}: #{e.message}")
end
run_scenario(ScenarioCreateUserAssumeRole.new(Aws::IAM::Client.new)) if $PROGRAM_NAME == __FILE__
```
+ Untuk detail API, lihat topik berikut di *Referensi API AWS SDK untuk Ruby *.
+ [AttachRolePolicy](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/AttachRolePolicy)
+ [CreateAccessKey](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/CreateAccessKey)
+ [CreatePolicy](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/CreatePolicy)
+ [CreateRole](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/CreateRole)
+ [CreateUser](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/CreateUser)
+ [DeleteAccessKey](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/DeleteAccessKey)
+ [DeletePolicy](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/DeletePolicy)
+ [DeleteRole](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/DeleteRole)
+ [DeleteUser](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/DeleteUser)
+ [DeleteUserPolicy](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/DeleteUserPolicy)
+ [DetachRolePolicy](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/DetachRolePolicy)
+ [PutUserPolicy](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/PutUserPolicy)
## Tindakan
### `AttachRolePolicy`
Contoh kode berikut menunjukkan cara menggunakan`AttachRolePolicy`.
**SDK untuk Ruby**
Ada lebih banyak tentang GitHub. Temukan contoh lengkapnya dan pelajari cara mengatur dan menjalankannya di [Repositori Contoh Kode AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/ruby/example_code/iam#code-examples).
Modul contoh ini mencantumkan, membuat, melampirkan, dan melepaskan kebijakan peran.
```
# Manages policies in AWS Identity and Access Management (IAM)
class RolePolicyManager
# Initialize with an AWS IAM client
#
# @param iam_client [Aws::IAM::Client] An initialized IAM client
def initialize(iam_client, logger: Logger.new($stdout))
@iam_client = iam_client
@logger = logger
@logger.progname = 'PolicyManager'
end
# Creates a policy
#
# @param policy_name [String] The name of the policy
# @param policy_document [Hash] The policy document
# @return [String] The policy ARN if successful, otherwise nil
def create_policy(policy_name, policy_document)
response = @iam_client.create_policy(
policy_name: policy_name,
policy_document: policy_document.to_json
)
response.policy.arn
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error creating policy: #{e.message}")
nil
end
# Fetches an IAM policy by its ARN
# @param policy_arn [String] the ARN of the IAM policy to retrieve
# @return [Aws::IAM::Types::GetPolicyResponse] the policy object if found
def get_policy(policy_arn)
response = @iam_client.get_policy(policy_arn: policy_arn)
policy = response.policy
@logger.info("Got policy '#{policy.policy_name}'. Its ID is: #{policy.policy_id}.")
policy
rescue Aws::IAM::Errors::NoSuchEntity
@logger.error("Couldn't get policy '#{policy_arn}'. The policy does not exist.")
raise
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Couldn't get policy '#{policy_arn}'. Here's why: #{e.code}: #{e.message}")
raise
end
# Attaches a policy to a role
#
# @param role_name [String] The name of the role
# @param policy_arn [String] The policy ARN
# @return [Boolean] true if successful, false otherwise
def attach_policy_to_role(role_name, policy_arn)
@iam_client.attach_role_policy(
role_name: role_name,
policy_arn: policy_arn
)
true
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error attaching policy to role: #{e.message}")
false
end
# Lists policy ARNs attached to a role
#
# @param role_name [String] The name of the role
# @return [Array] List of policy ARNs
def list_attached_policy_arns(role_name)
response = @iam_client.list_attached_role_policies(role_name: role_name)
response.attached_policies.map(&:policy_arn)
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error listing policies attached to role: #{e.message}")
[]
end
# Detaches a policy from a role
#
# @param role_name [String] The name of the role
# @param policy_arn [String] The policy ARN
# @return [Boolean] true if successful, false otherwise
def detach_policy_from_role(role_name, policy_arn)
@iam_client.detach_role_policy(
role_name: role_name,
policy_arn: policy_arn
)
true
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error detaching policy from role: #{e.message}")
false
end
end
```
+ Untuk detail API, lihat [AttachRolePolicy](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/AttachRolePolicy)di *Referensi AWS SDK untuk Ruby API*.
### `AttachUserPolicy`
Contoh kode berikut menunjukkan cara menggunakan`AttachUserPolicy`.
**SDK untuk Ruby**
Ada lebih banyak tentang GitHub. Temukan contoh lengkapnya dan pelajari cara mengatur dan menjalankannya di [Repositori Contoh Kode AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/ruby/example_code/iam#code-examples).
```
# Attaches a policy to a user
#
# @param user_name [String] The name of the user
# @param policy_arn [String] The Amazon Resource Name (ARN) of the policy
# @return [Boolean] true if successful, false otherwise
def attach_policy_to_user(user_name, policy_arn)
@iam_client.attach_user_policy(
user_name: user_name,
policy_arn: policy_arn
)
true
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error attaching policy to user: #{e.message}")
false
end
```
+ Untuk detail API, lihat [AttachUserPolicy](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/AttachUserPolicy)di *Referensi AWS SDK untuk Ruby API*.
### `CreateAccessKey`
Contoh kode berikut menunjukkan cara menggunakan`CreateAccessKey`.
**SDK untuk Ruby**
Ada lebih banyak tentang GitHub. Temukan contoh lengkapnya dan pelajari cara mengatur dan menjalankannya di [Repositori Contoh Kode AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/ruby/example_code/iam#code-examples).
Modul contoh ini mencantumkan, membuat, menonaktifkan, dan menghapus kunci akses.
```
# Manages access keys for IAM users
class AccessKeyManager
def initialize(iam_client, logger: Logger.new($stdout))
@iam_client = iam_client
@logger = logger
@logger.progname = 'AccessKeyManager'
end
# Lists access keys for a user
#
# @param user_name [String] The name of the user.
def list_access_keys(user_name)
response = @iam_client.list_access_keys(user_name: user_name)
if response.access_key_metadata.empty?
@logger.info("No access keys found for user '#{user_name}'.")
else
response.access_key_metadata.map(&:access_key_id)
end
rescue Aws::IAM::Errors::NoSuchEntity
@logger.error("Error listing access keys: cannot find user '#{user_name}'.")
[]
rescue StandardError => e
@logger.error("Error listing access keys: #{e.message}")
[]
end
# Creates an access key for a user
#
# @param user_name [String] The name of the user.
# @return [Boolean]
def create_access_key(user_name)
response = @iam_client.create_access_key(user_name: user_name)
access_key = response.access_key
@logger.info("Access key created for user '#{user_name}': #{access_key.access_key_id}")
access_key
rescue Aws::IAM::Errors::LimitExceeded
@logger.error('Error creating access key: limit exceeded. Cannot create more.')
nil
rescue StandardError => e
@logger.error("Error creating access key: #{e.message}")
nil
end
# Deactivates an access key
#
# @param user_name [String] The name of the user.
# @param access_key_id [String] The ID for the access key.
# @return [Boolean]
def deactivate_access_key(user_name, access_key_id)
@iam_client.update_access_key(
user_name: user_name,
access_key_id: access_key_id,
status: 'Inactive'
)
true
rescue StandardError => e
@logger.error("Error deactivating access key: #{e.message}")
false
end
# Deletes an access key
#
# @param user_name [String] The name of the user.
# @param access_key_id [String] The ID for the access key.
# @return [Boolean]
def delete_access_key(user_name, access_key_id)
@iam_client.delete_access_key(
user_name: user_name,
access_key_id: access_key_id
)
true
rescue StandardError => e
@logger.error("Error deleting access key: #{e.message}")
false
end
end
```
+ Untuk detail API, lihat [CreateAccessKey](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/CreateAccessKey)di *Referensi AWS SDK untuk Ruby API*.
### `CreateAccountAlias`
Contoh kode berikut menunjukkan cara menggunakan`CreateAccountAlias`.
**SDK untuk Ruby**
Ada lebih banyak tentang GitHub. Temukan contoh lengkapnya dan pelajari cara mengatur dan menjalankannya di [Repositori Contoh Kode AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/ruby/example_code/iam#code-examples).
Buat daftar, buat, dan hapus alias akun.
```
class IAMAliasManager
# Initializes the IAM client and logger
#
# @param iam_client [Aws::IAM::Client] An initialized IAM client.
def initialize(iam_client, logger: Logger.new($stdout))
@iam_client = iam_client
@logger = logger
end
# Lists available AWS account aliases.
def list_aliases
response = @iam_client.list_account_aliases
if response.account_aliases.count.positive?
@logger.info('Account aliases are:')
response.account_aliases.each { |account_alias| @logger.info(" #{account_alias}") }
else
@logger.info('No account aliases found.')
end
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error listing account aliases: #{e.message}")
end
# Creates an AWS account alias.
#
# @param account_alias [String] The name of the account alias to create.
# @return [Boolean] true if the account alias was created; otherwise, false.
def create_account_alias(account_alias)
@iam_client.create_account_alias(account_alias: account_alias)
true
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error creating account alias: #{e.message}")
false
end
# Deletes an AWS account alias.
#
# @param account_alias [String] The name of the account alias to delete.
# @return [Boolean] true if the account alias was deleted; otherwise, false.
def delete_account_alias(account_alias)
@iam_client.delete_account_alias(account_alias: account_alias)
true
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error deleting account alias: #{e.message}")
false
end
end
```
+ Untuk detail API, lihat [CreateAccountAlias](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/CreateAccountAlias)di *Referensi AWS SDK untuk Ruby API*.
### `CreatePolicy`
Contoh kode berikut menunjukkan cara menggunakan`CreatePolicy`.
**SDK untuk Ruby**
Ada lebih banyak tentang GitHub. Temukan contoh lengkapnya dan pelajari cara mengatur dan menjalankannya di [Repositori Contoh Kode AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/ruby/example_code/iam#code-examples).
Modul contoh ini mencantumkan, membuat, melampirkan, dan melepaskan kebijakan peran.
```
# Manages policies in AWS Identity and Access Management (IAM)
class RolePolicyManager
# Initialize with an AWS IAM client
#
# @param iam_client [Aws::IAM::Client] An initialized IAM client
def initialize(iam_client, logger: Logger.new($stdout))
@iam_client = iam_client
@logger = logger
@logger.progname = 'PolicyManager'
end
# Creates a policy
#
# @param policy_name [String] The name of the policy
# @param policy_document [Hash] The policy document
# @return [String] The policy ARN if successful, otherwise nil
def create_policy(policy_name, policy_document)
response = @iam_client.create_policy(
policy_name: policy_name,
policy_document: policy_document.to_json
)
response.policy.arn
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error creating policy: #{e.message}")
nil
end
# Fetches an IAM policy by its ARN
# @param policy_arn [String] the ARN of the IAM policy to retrieve
# @return [Aws::IAM::Types::GetPolicyResponse] the policy object if found
def get_policy(policy_arn)
response = @iam_client.get_policy(policy_arn: policy_arn)
policy = response.policy
@logger.info("Got policy '#{policy.policy_name}'. Its ID is: #{policy.policy_id}.")
policy
rescue Aws::IAM::Errors::NoSuchEntity
@logger.error("Couldn't get policy '#{policy_arn}'. The policy does not exist.")
raise
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Couldn't get policy '#{policy_arn}'. Here's why: #{e.code}: #{e.message}")
raise
end
# Attaches a policy to a role
#
# @param role_name [String] The name of the role
# @param policy_arn [String] The policy ARN
# @return [Boolean] true if successful, false otherwise
def attach_policy_to_role(role_name, policy_arn)
@iam_client.attach_role_policy(
role_name: role_name,
policy_arn: policy_arn
)
true
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error attaching policy to role: #{e.message}")
false
end
# Lists policy ARNs attached to a role
#
# @param role_name [String] The name of the role
# @return [Array] List of policy ARNs
def list_attached_policy_arns(role_name)
response = @iam_client.list_attached_role_policies(role_name: role_name)
response.attached_policies.map(&:policy_arn)
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error listing policies attached to role: #{e.message}")
[]
end
# Detaches a policy from a role
#
# @param role_name [String] The name of the role
# @param policy_arn [String] The policy ARN
# @return [Boolean] true if successful, false otherwise
def detach_policy_from_role(role_name, policy_arn)
@iam_client.detach_role_policy(
role_name: role_name,
policy_arn: policy_arn
)
true
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error detaching policy from role: #{e.message}")
false
end
end
```
+ Untuk detail API, lihat [CreatePolicy](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/CreatePolicy)di *Referensi AWS SDK untuk Ruby API*.
### `CreateRole`
Contoh kode berikut menunjukkan cara menggunakan`CreateRole`.
**SDK untuk Ruby**
Ada lebih banyak tentang GitHub. Temukan contoh lengkapnya dan pelajari cara mengatur dan menjalankannya di [Repositori Contoh Kode AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/ruby/example_code/iam#code-examples).
```
# Creates a role and attaches policies to it.
#
# @param role_name [String] The name of the role.
# @param assume_role_policy_document [Hash] The trust relationship policy document.
# @param policy_arns [Array] The ARNs of the policies to attach.
# @return [String, nil] The ARN of the new role if successful, or nil if an error occurred.
def create_role(role_name, assume_role_policy_document, policy_arns)
response = @iam_client.create_role(
role_name: role_name,
assume_role_policy_document: assume_role_policy_document.to_json
)
role_arn = response.role.arn
policy_arns.each do |policy_arn|
@iam_client.attach_role_policy(
role_name: role_name,
policy_arn: policy_arn
)
end
role_arn
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error creating role: #{e.message}")
nil
end
```
+ Untuk detail API, lihat [CreateRole](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/CreateRole)di *Referensi AWS SDK untuk Ruby API*.
### `CreateServiceLinkedRole`
Contoh kode berikut menunjukkan cara menggunakan`CreateServiceLinkedRole`.
**SDK untuk Ruby**
Ada lebih banyak tentang GitHub. Temukan contoh lengkapnya dan pelajari cara mengatur dan menjalankannya di [Repositori Contoh Kode AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/ruby/example_code/iam#code-examples).
```
# Creates a service-linked role
#
# @param service_name [String] The service name to create the role for.
# @param description [String] The description of the service-linked role.
# @param suffix [String] Suffix for customizing role name.
# @return [String] The name of the created role
def create_service_linked_role(service_name, description, suffix)
response = @iam_client.create_service_linked_role(
aws_service_name: service_name, description: description, custom_suffix: suffix
)
role_name = response.role.role_name
@logger.info("Created service-linked role #{role_name}.")
role_name
rescue Aws::Errors::ServiceError => e
@logger.error("Couldn't create service-linked role for #{service_name}. Here's why:")
@logger.error("\t#{e.code}: #{e.message}")
raise
end
```
+ Untuk detail API, lihat [CreateServiceLinkedRole](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/CreateServiceLinkedRole)di *Referensi AWS SDK untuk Ruby API*.
### `CreateUser`
Contoh kode berikut menunjukkan cara menggunakan`CreateUser`.
**SDK untuk Ruby**
Ada lebih banyak tentang GitHub. Temukan contoh lengkapnya dan pelajari cara mengatur dan menjalankannya di [Repositori Contoh Kode AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/ruby/example_code/iam#code-examples).
```
# Creates a user and their login profile
#
# @param user_name [String] The name of the user
# @param initial_password [String] The initial password for the user
# @return [String, nil] The ID of the user if created, or nil if an error occurred
def create_user(user_name, initial_password)
response = @iam_client.create_user(user_name: user_name)
@iam_client.wait_until(:user_exists, user_name: user_name)
@iam_client.create_login_profile(
user_name: user_name,
password: initial_password,
password_reset_required: true
)
@logger.info("User '#{user_name}' created successfully.")
response.user.user_id
rescue Aws::IAM::Errors::EntityAlreadyExists
@logger.error("Error creating user '#{user_name}': user already exists.")
nil
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error creating user '#{user_name}': #{e.message}")
nil
end
```
+ Untuk detail API, lihat [CreateUser](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/CreateUser)di *Referensi AWS SDK untuk Ruby API*.
### `DeleteAccessKey`
Contoh kode berikut menunjukkan cara menggunakan`DeleteAccessKey`.
**SDK untuk Ruby**
Ada lebih banyak tentang GitHub. Temukan contoh lengkapnya dan pelajari cara mengatur dan menjalankannya di [Repositori Contoh Kode AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/ruby/example_code/iam#code-examples).
Modul contoh ini mencantumkan, membuat, menonaktifkan, dan menghapus kunci akses.
```
# Manages access keys for IAM users
class AccessKeyManager
def initialize(iam_client, logger: Logger.new($stdout))
@iam_client = iam_client
@logger = logger
@logger.progname = 'AccessKeyManager'
end
# Lists access keys for a user
#
# @param user_name [String] The name of the user.
def list_access_keys(user_name)
response = @iam_client.list_access_keys(user_name: user_name)
if response.access_key_metadata.empty?
@logger.info("No access keys found for user '#{user_name}'.")
else
response.access_key_metadata.map(&:access_key_id)
end
rescue Aws::IAM::Errors::NoSuchEntity
@logger.error("Error listing access keys: cannot find user '#{user_name}'.")
[]
rescue StandardError => e
@logger.error("Error listing access keys: #{e.message}")
[]
end
# Creates an access key for a user
#
# @param user_name [String] The name of the user.
# @return [Boolean]
def create_access_key(user_name)
response = @iam_client.create_access_key(user_name: user_name)
access_key = response.access_key
@logger.info("Access key created for user '#{user_name}': #{access_key.access_key_id}")
access_key
rescue Aws::IAM::Errors::LimitExceeded
@logger.error('Error creating access key: limit exceeded. Cannot create more.')
nil
rescue StandardError => e
@logger.error("Error creating access key: #{e.message}")
nil
end
# Deactivates an access key
#
# @param user_name [String] The name of the user.
# @param access_key_id [String] The ID for the access key.
# @return [Boolean]
def deactivate_access_key(user_name, access_key_id)
@iam_client.update_access_key(
user_name: user_name,
access_key_id: access_key_id,
status: 'Inactive'
)
true
rescue StandardError => e
@logger.error("Error deactivating access key: #{e.message}")
false
end
# Deletes an access key
#
# @param user_name [String] The name of the user.
# @param access_key_id [String] The ID for the access key.
# @return [Boolean]
def delete_access_key(user_name, access_key_id)
@iam_client.delete_access_key(
user_name: user_name,
access_key_id: access_key_id
)
true
rescue StandardError => e
@logger.error("Error deleting access key: #{e.message}")
false
end
end
```
+ Untuk detail API, lihat [DeleteAccessKey](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/DeleteAccessKey)di *Referensi AWS SDK untuk Ruby API*.
### `DeleteAccountAlias`
Contoh kode berikut menunjukkan cara menggunakan`DeleteAccountAlias`.
**SDK untuk Ruby**
Ada lebih banyak tentang GitHub. Temukan contoh lengkapnya dan pelajari cara mengatur dan menjalankannya di [Repositori Contoh Kode AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/ruby/example_code/iam#code-examples).
Buat daftar, buat, dan hapus alias akun.
```
class IAMAliasManager
# Initializes the IAM client and logger
#
# @param iam_client [Aws::IAM::Client] An initialized IAM client.
def initialize(iam_client, logger: Logger.new($stdout))
@iam_client = iam_client
@logger = logger
end
# Lists available AWS account aliases.
def list_aliases
response = @iam_client.list_account_aliases
if response.account_aliases.count.positive?
@logger.info('Account aliases are:')
response.account_aliases.each { |account_alias| @logger.info(" #{account_alias}") }
else
@logger.info('No account aliases found.')
end
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error listing account aliases: #{e.message}")
end
# Creates an AWS account alias.
#
# @param account_alias [String] The name of the account alias to create.
# @return [Boolean] true if the account alias was created; otherwise, false.
def create_account_alias(account_alias)
@iam_client.create_account_alias(account_alias: account_alias)
true
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error creating account alias: #{e.message}")
false
end
# Deletes an AWS account alias.
#
# @param account_alias [String] The name of the account alias to delete.
# @return [Boolean] true if the account alias was deleted; otherwise, false.
def delete_account_alias(account_alias)
@iam_client.delete_account_alias(account_alias: account_alias)
true
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error deleting account alias: #{e.message}")
false
end
end
```
+ Untuk detail API, lihat [DeleteAccountAlias](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/DeleteAccountAlias)di *Referensi AWS SDK untuk Ruby API*.
### `DeleteRole`
Contoh kode berikut menunjukkan cara menggunakan`DeleteRole`.
**SDK untuk Ruby**
Ada lebih banyak tentang GitHub. Temukan contoh lengkapnya dan pelajari cara mengatur dan menjalankannya di [Repositori Contoh Kode AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/ruby/example_code/iam#code-examples).
```
# Deletes a role and its attached policies.
#
# @param role_name [String] The name of the role to delete.
def delete_role(role_name)
# Detach and delete attached policies
@iam_client.list_attached_role_policies(role_name: role_name).each do |response|
response.attached_policies.each do |policy|
@iam_client.detach_role_policy({
role_name: role_name,
policy_arn: policy.policy_arn
})
# Check if the policy is a customer managed policy (not AWS managed)
unless policy.policy_arn.include?('aws:policy/')
@iam_client.delete_policy({ policy_arn: policy.policy_arn })
@logger.info("Deleted customer managed policy #{policy.policy_name}.")
end
end
end
# Delete the role
@iam_client.delete_role({ role_name: role_name })
@logger.info("Deleted role #{role_name}.")
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Couldn't detach policies and delete role #{role_name}. Here's why:")
@logger.error("\t#{e.code}: #{e.message}")
raise
end
```
+ Untuk detail API, lihat [DeleteRole](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/DeleteRole)di *Referensi AWS SDK untuk Ruby API*.
### `DeleteServerCertificate`
Contoh kode berikut menunjukkan cara menggunakan`DeleteServerCertificate`.
**SDK untuk Ruby**
Ada lebih banyak tentang GitHub. Temukan contoh lengkapnya dan pelajari cara mengatur dan menjalankannya di [Repositori Contoh Kode AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/ruby/example_code/iam#code-examples).
Daftar, perbarui, dan hapus sertifikat server.
```
class ServerCertificateManager
def initialize(iam_client, logger: Logger.new($stdout))
@iam_client = iam_client
@logger = logger
@logger.progname = 'ServerCertificateManager'
end
# Creates a new server certificate.
# @param name [String] the name of the server certificate
# @param certificate_body [String] the contents of the certificate
# @param private_key [String] the private key contents
# @return [Boolean] returns true if the certificate was successfully created
def create_server_certificate(name, certificate_body, private_key)
@iam_client.upload_server_certificate({
server_certificate_name: name,
certificate_body: certificate_body,
private_key: private_key
})
true
rescue Aws::IAM::Errors::ServiceError => e
puts "Failed to create server certificate: #{e.message}"
false
end
# Lists available server certificate names.
def list_server_certificate_names
response = @iam_client.list_server_certificates
if response.server_certificate_metadata_list.empty?
@logger.info('No server certificates found.')
return
end
response.server_certificate_metadata_list.each do |certificate_metadata|
@logger.info("Certificate Name: #{certificate_metadata.server_certificate_name}")
end
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error listing server certificates: #{e.message}")
end
# Updates the name of a server certificate.
def update_server_certificate_name(current_name, new_name)
@iam_client.update_server_certificate(
server_certificate_name: current_name,
new_server_certificate_name: new_name
)
@logger.info("Server certificate name updated from '#{current_name}' to '#{new_name}'.")
true
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error updating server certificate name: #{e.message}")
false
end
# Deletes a server certificate.
def delete_server_certificate(name)
@iam_client.delete_server_certificate(server_certificate_name: name)
@logger.info("Server certificate '#{name}' deleted.")
true
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error deleting server certificate: #{e.message}")
false
end
end
```
+ Untuk detail API, lihat [DeleteServerCertificate](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/DeleteServerCertificate)di *Referensi AWS SDK untuk Ruby API*.
### `DeleteServiceLinkedRole`
Contoh kode berikut menunjukkan cara menggunakan`DeleteServiceLinkedRole`.
**SDK untuk Ruby**
Ada lebih banyak tentang GitHub. Temukan contoh lengkapnya dan pelajari cara mengatur dan menjalankannya di [Repositori Contoh Kode AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/ruby/example_code/iam#code-examples).
```
# Deletes a service-linked role.
#
# @param role_name [String] The name of the role to delete.
def delete_service_linked_role(role_name)
response = @iam_client.delete_service_linked_role(role_name: role_name)
task_id = response.deletion_task_id
check_deletion_status(role_name, task_id)
rescue Aws::Errors::ServiceError => e
handle_deletion_error(e, role_name)
end
private
# Checks the deletion status of a service-linked role
#
# @param role_name [String] The name of the role being deleted
# @param task_id [String] The task ID for the deletion process
def check_deletion_status(role_name, task_id)
loop do
response = @iam_client.get_service_linked_role_deletion_status(
deletion_task_id: task_id
)
status = response.status
@logger.info("Deletion of #{role_name} #{status}.")
break if %w[SUCCEEDED FAILED].include?(status)
sleep(3)
end
end
# Handles deletion error
#
# @param e [Aws::Errors::ServiceError] The error encountered during deletion
# @param role_name [String] The name of the role attempted to delete
def handle_deletion_error(e, role_name)
return if e.code == 'NoSuchEntity'
@logger.error("Couldn't delete #{role_name}. Here's why:")
@logger.error("\t#{e.code}: #{e.message}")
raise
end
```
+ Untuk detail API, lihat [DeleteServiceLinkedRole](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/DeleteServiceLinkedRole)di *Referensi AWS SDK untuk Ruby API*.
### `DeleteUser`
Contoh kode berikut menunjukkan cara menggunakan`DeleteUser`.
**SDK untuk Ruby**
Ada lebih banyak tentang GitHub. Temukan contoh lengkapnya dan pelajari cara mengatur dan menjalankannya di [Repositori Contoh Kode AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/ruby/example_code/iam#code-examples).
```
# Deletes a user and their associated resources
#
# @param user_name [String] The name of the user to delete
def delete_user(user_name)
user = @iam_client.list_access_keys(user_name: user_name).access_key_metadata
user.each do |key|
@iam_client.delete_access_key({ access_key_id: key.access_key_id, user_name: user_name })
@logger.info("Deleted access key #{key.access_key_id} for user '#{user_name}'.")
end
@iam_client.delete_user(user_name: user_name)
@logger.info("Deleted user '#{user_name}'.")
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error deleting user '#{user_name}': #{e.message}")
end
```
+ Untuk detail API, lihat [DeleteUser](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/DeleteUser)di *Referensi AWS SDK untuk Ruby API*.
### `DeleteUserPolicy`
Contoh kode berikut menunjukkan cara menggunakan`DeleteUserPolicy`.
**SDK untuk Ruby**
Ada lebih banyak tentang GitHub. Temukan contoh lengkapnya dan pelajari cara mengatur dan menjalankannya di [Repositori Contoh Kode AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/ruby/example_code/iam#code-examples).
```
# Deletes a user and their associated resources
#
# @param user_name [String] The name of the user to delete
def delete_user(user_name)
user = @iam_client.list_access_keys(user_name: user_name).access_key_metadata
user.each do |key|
@iam_client.delete_access_key({ access_key_id: key.access_key_id, user_name: user_name })
@logger.info("Deleted access key #{key.access_key_id} for user '#{user_name}'.")
end
@iam_client.delete_user(user_name: user_name)
@logger.info("Deleted user '#{user_name}'.")
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error deleting user '#{user_name}': #{e.message}")
end
```
+ Untuk detail API, lihat [DeleteUserPolicy](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/DeleteUserPolicy)di *Referensi AWS SDK untuk Ruby API*.
### `DetachRolePolicy`
Contoh kode berikut menunjukkan cara menggunakan`DetachRolePolicy`.
**SDK untuk Ruby**
Ada lebih banyak tentang GitHub. Temukan contoh lengkapnya dan pelajari cara mengatur dan menjalankannya di [Repositori Contoh Kode AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/ruby/example_code/iam#code-examples).
Modul contoh ini mencantumkan, membuat, melampirkan, dan melepaskan kebijakan peran.
```
# Manages policies in AWS Identity and Access Management (IAM)
class RolePolicyManager
# Initialize with an AWS IAM client
#
# @param iam_client [Aws::IAM::Client] An initialized IAM client
def initialize(iam_client, logger: Logger.new($stdout))
@iam_client = iam_client
@logger = logger
@logger.progname = 'PolicyManager'
end
# Creates a policy
#
# @param policy_name [String] The name of the policy
# @param policy_document [Hash] The policy document
# @return [String] The policy ARN if successful, otherwise nil
def create_policy(policy_name, policy_document)
response = @iam_client.create_policy(
policy_name: policy_name,
policy_document: policy_document.to_json
)
response.policy.arn
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error creating policy: #{e.message}")
nil
end
# Fetches an IAM policy by its ARN
# @param policy_arn [String] the ARN of the IAM policy to retrieve
# @return [Aws::IAM::Types::GetPolicyResponse] the policy object if found
def get_policy(policy_arn)
response = @iam_client.get_policy(policy_arn: policy_arn)
policy = response.policy
@logger.info("Got policy '#{policy.policy_name}'. Its ID is: #{policy.policy_id}.")
policy
rescue Aws::IAM::Errors::NoSuchEntity
@logger.error("Couldn't get policy '#{policy_arn}'. The policy does not exist.")
raise
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Couldn't get policy '#{policy_arn}'. Here's why: #{e.code}: #{e.message}")
raise
end
# Attaches a policy to a role
#
# @param role_name [String] The name of the role
# @param policy_arn [String] The policy ARN
# @return [Boolean] true if successful, false otherwise
def attach_policy_to_role(role_name, policy_arn)
@iam_client.attach_role_policy(
role_name: role_name,
policy_arn: policy_arn
)
true
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error attaching policy to role: #{e.message}")
false
end
# Lists policy ARNs attached to a role
#
# @param role_name [String] The name of the role
# @return [Array] List of policy ARNs
def list_attached_policy_arns(role_name)
response = @iam_client.list_attached_role_policies(role_name: role_name)
response.attached_policies.map(&:policy_arn)
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error listing policies attached to role: #{e.message}")
[]
end
# Detaches a policy from a role
#
# @param role_name [String] The name of the role
# @param policy_arn [String] The policy ARN
# @return [Boolean] true if successful, false otherwise
def detach_policy_from_role(role_name, policy_arn)
@iam_client.detach_role_policy(
role_name: role_name,
policy_arn: policy_arn
)
true
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error detaching policy from role: #{e.message}")
false
end
end
```
+ Untuk detail API, lihat [DetachRolePolicy](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/DetachRolePolicy)di *Referensi AWS SDK untuk Ruby API*.
### `DetachUserPolicy`
Contoh kode berikut menunjukkan cara menggunakan`DetachUserPolicy`.
**SDK untuk Ruby**
Ada lebih banyak tentang GitHub. Temukan contoh lengkapnya dan pelajari cara mengatur dan menjalankannya di [Repositori Contoh Kode AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/ruby/example_code/iam#code-examples).
```
# Detaches a policy from a user
#
# @param user_name [String] The name of the user
# @param policy_arn [String] The ARN of the policy to detach
# @return [Boolean] true if the policy was successfully detached, false otherwise
def detach_user_policy(user_name, policy_arn)
@iam_client.detach_user_policy(
user_name: user_name,
policy_arn: policy_arn
)
@logger.info("Policy '#{policy_arn}' detached from user '#{user_name}' successfully.")
true
rescue Aws::IAM::Errors::NoSuchEntity
@logger.error('Error detaching policy: Policy or user does not exist.')
false
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error detaching policy from user '#{user_name}': #{e.message}")
false
end
```
+ Untuk detail API, lihat [DetachUserPolicy](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/DetachUserPolicy)di *Referensi AWS SDK untuk Ruby API*.
### `GetAccountPasswordPolicy`
Contoh kode berikut menunjukkan cara menggunakan`GetAccountPasswordPolicy`.
**SDK untuk Ruby**
Ada lebih banyak tentang GitHub. Temukan contoh lengkapnya dan pelajari cara mengatur dan menjalankannya di [Repositori Contoh Kode AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/ruby/example_code/iam#code-examples).
```
# Class to manage IAM account password policies
class PasswordPolicyManager
attr_accessor :iam_client, :logger
def initialize(iam_client, logger: Logger.new($stdout))
@iam_client = iam_client
@logger = logger
@logger.progname = 'IAMPolicyManager'
end
# Retrieves and logs the account password policy
def print_account_password_policy
response = @iam_client.get_account_password_policy
@logger.info("The account password policy is: #{response.password_policy.to_h}")
rescue Aws::IAM::Errors::NoSuchEntity
@logger.info('The account does not have a password policy.')
rescue Aws::Errors::ServiceError => e
@logger.error("Couldn't print the account password policy. Error: #{e.code} - #{e.message}")
raise
end
end
```
+ Untuk detail API, lihat [GetAccountPasswordPolicy](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/GetAccountPasswordPolicy)di *Referensi AWS SDK untuk Ruby API*.
### `GetPolicy`
Contoh kode berikut menunjukkan cara menggunakan`GetPolicy`.
**SDK untuk Ruby**
Ada lebih banyak tentang GitHub. Temukan contoh lengkapnya dan pelajari cara mengatur dan menjalankannya di [Repositori Contoh Kode AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/ruby/example_code/iam#code-examples).
```
# Fetches an IAM policy by its ARN
# @param policy_arn [String] the ARN of the IAM policy to retrieve
# @return [Aws::IAM::Types::GetPolicyResponse] the policy object if found
def get_policy(policy_arn)
response = @iam_client.get_policy(policy_arn: policy_arn)
policy = response.policy
@logger.info("Got policy '#{policy.policy_name}'. Its ID is: #{policy.policy_id}.")
policy
rescue Aws::IAM::Errors::NoSuchEntity
@logger.error("Couldn't get policy '#{policy_arn}'. The policy does not exist.")
raise
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Couldn't get policy '#{policy_arn}'. Here's why: #{e.code}: #{e.message}")
raise
end
```
+ Untuk detail API, lihat [GetPolicy](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/GetPolicy)di *Referensi AWS SDK untuk Ruby API*.
### `GetRole`
Contoh kode berikut menunjukkan cara menggunakan`GetRole`.
**SDK untuk Ruby**
Ada lebih banyak tentang GitHub. Temukan contoh lengkapnya dan pelajari cara mengatur dan menjalankannya di [Repositori Contoh Kode AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/ruby/example_code/iam#code-examples).
```
# Gets data about a role.
#
# @param name [String] The name of the role to look up.
# @return [Aws::IAM::Role] The retrieved role.
def get_role(name)
role = @iam_client.get_role({
role_name: name
}).role
puts("Got data for role '#{role.role_name}'. Its ARN is '#{role.arn}'.")
rescue Aws::Errors::ServiceError => e
puts("Couldn't get data for role '#{name}' Here's why:")
puts("\t#{e.code}: #{e.message}")
raise
else
role
end
```
+ Untuk detail API, lihat [GetRole](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/GetRole)di *Referensi AWS SDK untuk Ruby API*.
### `GetUser`
Contoh kode berikut menunjukkan cara menggunakan`GetUser`.
**SDK untuk Ruby**
Ada lebih banyak tentang GitHub. Temukan contoh lengkapnya dan pelajari cara mengatur dan menjalankannya di [Repositori Contoh Kode AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/ruby/example_code/iam#code-examples).
```
# Retrieves a user's details
#
# @param user_name [String] The name of the user to retrieve
# @return [Aws::IAM::Types::User, nil] The user object if found, or nil if an error occurred
def get_user(user_name)
response = @iam_client.get_user(user_name: user_name)
response.user
rescue Aws::IAM::Errors::NoSuchEntity
@logger.error("User '#{user_name}' not found.")
nil
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error retrieving user '#{user_name}': #{e.message}")
nil
end
```
+ Untuk detail API, lihat [GetUser](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/GetUser)di *Referensi AWS SDK untuk Ruby API*.
### `ListAccessKeys`
Contoh kode berikut menunjukkan cara menggunakan`ListAccessKeys`.
**SDK untuk Ruby**
Ada lebih banyak tentang GitHub. Temukan contoh lengkapnya dan pelajari cara mengatur dan menjalankannya di [Repositori Contoh Kode AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/ruby/example_code/iam#code-examples).
Modul contoh ini mencantumkan, membuat, menonaktifkan, dan menghapus kunci akses.
```
# Manages access keys for IAM users
class AccessKeyManager
def initialize(iam_client, logger: Logger.new($stdout))
@iam_client = iam_client
@logger = logger
@logger.progname = 'AccessKeyManager'
end
# Lists access keys for a user
#
# @param user_name [String] The name of the user.
def list_access_keys(user_name)
response = @iam_client.list_access_keys(user_name: user_name)
if response.access_key_metadata.empty?
@logger.info("No access keys found for user '#{user_name}'.")
else
response.access_key_metadata.map(&:access_key_id)
end
rescue Aws::IAM::Errors::NoSuchEntity
@logger.error("Error listing access keys: cannot find user '#{user_name}'.")
[]
rescue StandardError => e
@logger.error("Error listing access keys: #{e.message}")
[]
end
# Creates an access key for a user
#
# @param user_name [String] The name of the user.
# @return [Boolean]
def create_access_key(user_name)
response = @iam_client.create_access_key(user_name: user_name)
access_key = response.access_key
@logger.info("Access key created for user '#{user_name}': #{access_key.access_key_id}")
access_key
rescue Aws::IAM::Errors::LimitExceeded
@logger.error('Error creating access key: limit exceeded. Cannot create more.')
nil
rescue StandardError => e
@logger.error("Error creating access key: #{e.message}")
nil
end
# Deactivates an access key
#
# @param user_name [String] The name of the user.
# @param access_key_id [String] The ID for the access key.
# @return [Boolean]
def deactivate_access_key(user_name, access_key_id)
@iam_client.update_access_key(
user_name: user_name,
access_key_id: access_key_id,
status: 'Inactive'
)
true
rescue StandardError => e
@logger.error("Error deactivating access key: #{e.message}")
false
end
# Deletes an access key
#
# @param user_name [String] The name of the user.
# @param access_key_id [String] The ID for the access key.
# @return [Boolean]
def delete_access_key(user_name, access_key_id)
@iam_client.delete_access_key(
user_name: user_name,
access_key_id: access_key_id
)
true
rescue StandardError => e
@logger.error("Error deleting access key: #{e.message}")
false
end
end
```
+ Untuk detail API, lihat [ListAccessKeys](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/ListAccessKeys)di *Referensi AWS SDK untuk Ruby API*.
### `ListAccountAliases`
Contoh kode berikut menunjukkan cara menggunakan`ListAccountAliases`.
**SDK untuk Ruby**
Ada lebih banyak tentang GitHub. Temukan contoh lengkapnya dan pelajari cara mengatur dan menjalankannya di [Repositori Contoh Kode AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/ruby/example_code/iam#code-examples).
Buat daftar, buat, dan hapus alias akun.
```
class IAMAliasManager
# Initializes the IAM client and logger
#
# @param iam_client [Aws::IAM::Client] An initialized IAM client.
def initialize(iam_client, logger: Logger.new($stdout))
@iam_client = iam_client
@logger = logger
end
# Lists available AWS account aliases.
def list_aliases
response = @iam_client.list_account_aliases
if response.account_aliases.count.positive?
@logger.info('Account aliases are:')
response.account_aliases.each { |account_alias| @logger.info(" #{account_alias}") }
else
@logger.info('No account aliases found.')
end
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error listing account aliases: #{e.message}")
end
# Creates an AWS account alias.
#
# @param account_alias [String] The name of the account alias to create.
# @return [Boolean] true if the account alias was created; otherwise, false.
def create_account_alias(account_alias)
@iam_client.create_account_alias(account_alias: account_alias)
true
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error creating account alias: #{e.message}")
false
end
# Deletes an AWS account alias.
#
# @param account_alias [String] The name of the account alias to delete.
# @return [Boolean] true if the account alias was deleted; otherwise, false.
def delete_account_alias(account_alias)
@iam_client.delete_account_alias(account_alias: account_alias)
true
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error deleting account alias: #{e.message}")
false
end
end
```
+ Untuk detail API, lihat [ListAccountAliases](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/ListAccountAliases)di *Referensi AWS SDK untuk Ruby API*.
### `ListAttachedRolePolicies`
Contoh kode berikut menunjukkan cara menggunakan`ListAttachedRolePolicies`.
**SDK untuk Ruby**
Ada lebih banyak tentang GitHub. Temukan contoh lengkapnya dan pelajari cara mengatur dan menjalankannya di [Repositori Contoh Kode AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/ruby/example_code/iam#code-examples).
Modul contoh ini mencantumkan, membuat, melampirkan, dan melepaskan kebijakan peran.
```
# Manages policies in AWS Identity and Access Management (IAM)
class RolePolicyManager
# Initialize with an AWS IAM client
#
# @param iam_client [Aws::IAM::Client] An initialized IAM client
def initialize(iam_client, logger: Logger.new($stdout))
@iam_client = iam_client
@logger = logger
@logger.progname = 'PolicyManager'
end
# Creates a policy
#
# @param policy_name [String] The name of the policy
# @param policy_document [Hash] The policy document
# @return [String] The policy ARN if successful, otherwise nil
def create_policy(policy_name, policy_document)
response = @iam_client.create_policy(
policy_name: policy_name,
policy_document: policy_document.to_json
)
response.policy.arn
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error creating policy: #{e.message}")
nil
end
# Fetches an IAM policy by its ARN
# @param policy_arn [String] the ARN of the IAM policy to retrieve
# @return [Aws::IAM::Types::GetPolicyResponse] the policy object if found
def get_policy(policy_arn)
response = @iam_client.get_policy(policy_arn: policy_arn)
policy = response.policy
@logger.info("Got policy '#{policy.policy_name}'. Its ID is: #{policy.policy_id}.")
policy
rescue Aws::IAM::Errors::NoSuchEntity
@logger.error("Couldn't get policy '#{policy_arn}'. The policy does not exist.")
raise
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Couldn't get policy '#{policy_arn}'. Here's why: #{e.code}: #{e.message}")
raise
end
# Attaches a policy to a role
#
# @param role_name [String] The name of the role
# @param policy_arn [String] The policy ARN
# @return [Boolean] true if successful, false otherwise
def attach_policy_to_role(role_name, policy_arn)
@iam_client.attach_role_policy(
role_name: role_name,
policy_arn: policy_arn
)
true
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error attaching policy to role: #{e.message}")
false
end
# Lists policy ARNs attached to a role
#
# @param role_name [String] The name of the role
# @return [Array] List of policy ARNs
def list_attached_policy_arns(role_name)
response = @iam_client.list_attached_role_policies(role_name: role_name)
response.attached_policies.map(&:policy_arn)
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error listing policies attached to role: #{e.message}")
[]
end
# Detaches a policy from a role
#
# @param role_name [String] The name of the role
# @param policy_arn [String] The policy ARN
# @return [Boolean] true if successful, false otherwise
def detach_policy_from_role(role_name, policy_arn)
@iam_client.detach_role_policy(
role_name: role_name,
policy_arn: policy_arn
)
true
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error detaching policy from role: #{e.message}")
false
end
end
```
+ Untuk detail API, lihat [ListAttachedRolePolicies](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/ListAttachedRolePolicies)di *Referensi AWS SDK untuk Ruby API*.
### `ListGroups`
Contoh kode berikut menunjukkan cara menggunakan`ListGroups`.
**SDK untuk Ruby**
Ada lebih banyak tentang GitHub. Temukan contoh lengkapnya dan pelajari cara mengatur dan menjalankannya di [Repositori Contoh Kode AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/ruby/example_code/iam#code-examples).
```
# A class to manage IAM operations via the AWS SDK client
class IamGroupManager
# Initializes the IamGroupManager class
# @param iam_client [Aws::IAM::Client] An instance of the IAM client
def initialize(iam_client, logger: Logger.new($stdout))
@iam_client = iam_client
@logger = logger
end
# Lists up to a specified number of groups for the account.
# @param count [Integer] The maximum number of groups to list.
# @return [Aws::IAM::Client::Response]
def list_groups(count)
response = @iam_client.list_groups(max_items: count)
response.groups.each do |group|
@logger.info("\t#{group.group_name}")
end
response
rescue Aws::Errors::ServiceError => e
@logger.error("Couldn't list groups for the account. Here's why:")
@logger.error("\t#{e.code}: #{e.message}")
raise
end
end
```
+ Untuk detail API, lihat [ListGroups](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/ListGroups)di *Referensi AWS SDK untuk Ruby API*.
### `ListPolicies`
Contoh kode berikut menunjukkan cara menggunakan`ListPolicies`.
**SDK untuk Ruby**
Ada lebih banyak tentang GitHub. Temukan contoh lengkapnya dan pelajari cara mengatur dan menjalankannya di [Repositori Contoh Kode AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/ruby/example_code/iam#code-examples).
Modul contoh ini mencantumkan, membuat, melampirkan, dan melepaskan kebijakan peran.
```
# Manages policies in AWS Identity and Access Management (IAM)
class RolePolicyManager
# Initialize with an AWS IAM client
#
# @param iam_client [Aws::IAM::Client] An initialized IAM client
def initialize(iam_client, logger: Logger.new($stdout))
@iam_client = iam_client
@logger = logger
@logger.progname = 'PolicyManager'
end
# Creates a policy
#
# @param policy_name [String] The name of the policy
# @param policy_document [Hash] The policy document
# @return [String] The policy ARN if successful, otherwise nil
def create_policy(policy_name, policy_document)
response = @iam_client.create_policy(
policy_name: policy_name,
policy_document: policy_document.to_json
)
response.policy.arn
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error creating policy: #{e.message}")
nil
end
# Fetches an IAM policy by its ARN
# @param policy_arn [String] the ARN of the IAM policy to retrieve
# @return [Aws::IAM::Types::GetPolicyResponse] the policy object if found
def get_policy(policy_arn)
response = @iam_client.get_policy(policy_arn: policy_arn)
policy = response.policy
@logger.info("Got policy '#{policy.policy_name}'. Its ID is: #{policy.policy_id}.")
policy
rescue Aws::IAM::Errors::NoSuchEntity
@logger.error("Couldn't get policy '#{policy_arn}'. The policy does not exist.")
raise
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Couldn't get policy '#{policy_arn}'. Here's why: #{e.code}: #{e.message}")
raise
end
# Attaches a policy to a role
#
# @param role_name [String] The name of the role
# @param policy_arn [String] The policy ARN
# @return [Boolean] true if successful, false otherwise
def attach_policy_to_role(role_name, policy_arn)
@iam_client.attach_role_policy(
role_name: role_name,
policy_arn: policy_arn
)
true
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error attaching policy to role: #{e.message}")
false
end
# Lists policy ARNs attached to a role
#
# @param role_name [String] The name of the role
# @return [Array] List of policy ARNs
def list_attached_policy_arns(role_name)
response = @iam_client.list_attached_role_policies(role_name: role_name)
response.attached_policies.map(&:policy_arn)
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error listing policies attached to role: #{e.message}")
[]
end
# Detaches a policy from a role
#
# @param role_name [String] The name of the role
# @param policy_arn [String] The policy ARN
# @return [Boolean] true if successful, false otherwise
def detach_policy_from_role(role_name, policy_arn)
@iam_client.detach_role_policy(
role_name: role_name,
policy_arn: policy_arn
)
true
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error detaching policy from role: #{e.message}")
false
end
end
```
+ Untuk detail API, lihat [ListPolicies](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/ListPolicies)di *Referensi AWS SDK untuk Ruby API*.
### `ListRolePolicies`
Contoh kode berikut menunjukkan cara menggunakan`ListRolePolicies`.
**SDK untuk Ruby**
Ada lebih banyak tentang GitHub. Temukan contoh lengkapnya dan pelajari cara mengatur dan menjalankannya di [Repositori Contoh Kode AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/ruby/example_code/iam#code-examples).
```
# Lists policy ARNs attached to a role
#
# @param role_name [String] The name of the role
# @return [Array] List of policy ARNs
def list_attached_policy_arns(role_name)
response = @iam_client.list_attached_role_policies(role_name: role_name)
response.attached_policies.map(&:policy_arn)
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error listing policies attached to role: #{e.message}")
[]
end
```
+ Untuk detail API, lihat [ListRolePolicies](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/ListRolePolicies)di *Referensi AWS SDK untuk Ruby API*.
### `ListRoles`
Contoh kode berikut menunjukkan cara menggunakan`ListRoles`.
**SDK untuk Ruby**
Ada lebih banyak tentang GitHub. Temukan contoh lengkapnya dan pelajari cara mengatur dan menjalankannya di [Repositori Contoh Kode AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/ruby/example_code/iam#code-examples).
```
# Lists IAM roles up to a specified count.
# @param count [Integer] the maximum number of roles to list.
# @return [Array] the names of the roles.
def list_roles(count)
role_names = []
roles_counted = 0
@iam_client.list_roles.each_page do |page|
page.roles.each do |role|
break if roles_counted >= count
@logger.info("\t#{roles_counted + 1}: #{role.role_name}")
role_names << role.role_name
roles_counted += 1
end
break if roles_counted >= count
end
role_names
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Couldn't list roles for the account. Here's why:")
@logger.error("\t#{e.code}: #{e.message}")
raise
end
```
+ Untuk detail API, lihat [ListRoles](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/ListRoles)di *Referensi AWS SDK untuk Ruby API*.
### `ListSAMLProviders`
Contoh kode berikut menunjukkan cara menggunakan`ListSAMLProviders`.
**SDK untuk Ruby**
Ada lebih banyak tentang GitHub. Temukan contoh lengkapnya dan pelajari cara mengatur dan menjalankannya di [Repositori Contoh Kode AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/ruby/example_code/iam#code-examples).
```
class SamlProviderLister
# Initializes the SamlProviderLister with IAM client and a logger.
# @param iam_client [Aws::IAM::Client] The IAM client object.
# @param logger [Logger] The logger object for logging output.
def initialize(iam_client, logger = Logger.new($stdout))
@iam_client = iam_client
@logger = logger
end
# Lists up to a specified number of SAML providers for the account.
# @param count [Integer] The maximum number of providers to list.
# @return [Aws::IAM::Client::Response]
def list_saml_providers(count)
response = @iam_client.list_saml_providers
response.saml_provider_list.take(count).each do |provider|
@logger.info("\t#{provider.arn}")
end
response
rescue Aws::Errors::ServiceError => e
@logger.error("Couldn't list SAML providers. Here's why:")
@logger.error("\t#{e.code}: #{e.message}")
raise
end
end
```
+ Untuk detail API, lihat [Daftar SAMLProviders](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/ListSAMLProviders) di *Referensi AWS SDK untuk Ruby API*.
### `ListServerCertificates`
Contoh kode berikut menunjukkan cara menggunakan`ListServerCertificates`.
**SDK untuk Ruby**
Ada lebih banyak tentang GitHub. Temukan contoh lengkapnya dan pelajari cara mengatur dan menjalankannya di [Repositori Contoh Kode AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/ruby/example_code/iam#code-examples).
Daftar, perbarui, dan hapus sertifikat server.
```
class ServerCertificateManager
def initialize(iam_client, logger: Logger.new($stdout))
@iam_client = iam_client
@logger = logger
@logger.progname = 'ServerCertificateManager'
end
# Creates a new server certificate.
# @param name [String] the name of the server certificate
# @param certificate_body [String] the contents of the certificate
# @param private_key [String] the private key contents
# @return [Boolean] returns true if the certificate was successfully created
def create_server_certificate(name, certificate_body, private_key)
@iam_client.upload_server_certificate({
server_certificate_name: name,
certificate_body: certificate_body,
private_key: private_key
})
true
rescue Aws::IAM::Errors::ServiceError => e
puts "Failed to create server certificate: #{e.message}"
false
end
# Lists available server certificate names.
def list_server_certificate_names
response = @iam_client.list_server_certificates
if response.server_certificate_metadata_list.empty?
@logger.info('No server certificates found.')
return
end
response.server_certificate_metadata_list.each do |certificate_metadata|
@logger.info("Certificate Name: #{certificate_metadata.server_certificate_name}")
end
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error listing server certificates: #{e.message}")
end
# Updates the name of a server certificate.
def update_server_certificate_name(current_name, new_name)
@iam_client.update_server_certificate(
server_certificate_name: current_name,
new_server_certificate_name: new_name
)
@logger.info("Server certificate name updated from '#{current_name}' to '#{new_name}'.")
true
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error updating server certificate name: #{e.message}")
false
end
# Deletes a server certificate.
def delete_server_certificate(name)
@iam_client.delete_server_certificate(server_certificate_name: name)
@logger.info("Server certificate '#{name}' deleted.")
true
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error deleting server certificate: #{e.message}")
false
end
end
```
+ Untuk detail API, lihat [ListServerCertificates](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/ListServerCertificates)di *Referensi AWS SDK untuk Ruby API*.
### `ListUsers`
Contoh kode berikut menunjukkan cara menggunakan`ListUsers`.
**SDK untuk Ruby**
Ada lebih banyak tentang GitHub. Temukan contoh lengkapnya dan pelajari cara mengatur dan menjalankannya di [Repositori Contoh Kode AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/ruby/example_code/iam#code-examples).
```
# Lists all users in the AWS account
#
# @return [Array] An array of user objects
def list_users
users = []
@iam_client.list_users.each_page do |page|
page.users.each do |user|
users << user
end
end
users
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error listing users: #{e.message}")
[]
end
```
+ Untuk detail API, lihat [ListUsers](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/ListUsers)di *Referensi AWS SDK untuk Ruby API*.
### `PutUserPolicy`
Contoh kode berikut menunjukkan cara menggunakan`PutUserPolicy`.
**SDK untuk Ruby**
Ada lebih banyak tentang GitHub. Temukan contoh lengkapnya dan pelajari cara mengatur dan menjalankannya di [Repositori Contoh Kode AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/ruby/example_code/iam#code-examples).
```
# Creates an inline policy for a specified user.
# @param username [String] The name of the IAM user.
# @param policy_name [String] The name of the policy to create.
# @param policy_document [String] The JSON policy document.
# @return [Boolean]
def create_user_policy(username, policy_name, policy_document)
@iam_client.put_user_policy({
user_name: username,
policy_name: policy_name,
policy_document: policy_document
})
@logger.info("Policy #{policy_name} created for user #{username}.")
true
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Couldn't create policy #{policy_name} for user #{username}. Here's why:")
@logger.error("\t#{e.code}: #{e.message}")
false
end
```
+ Untuk detail API, lihat [PutUserPolicy](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/PutUserPolicy)di *Referensi AWS SDK untuk Ruby API*.
### `UpdateServerCertificate`
Contoh kode berikut menunjukkan cara menggunakan`UpdateServerCertificate`.
**SDK untuk Ruby**
Ada lebih banyak tentang GitHub. Temukan contoh lengkapnya dan pelajari cara mengatur dan menjalankannya di [Repositori Contoh Kode AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/ruby/example_code/iam#code-examples).
Daftar, perbarui, dan hapus sertifikat server.
```
class ServerCertificateManager
def initialize(iam_client, logger: Logger.new($stdout))
@iam_client = iam_client
@logger = logger
@logger.progname = 'ServerCertificateManager'
end
# Creates a new server certificate.
# @param name [String] the name of the server certificate
# @param certificate_body [String] the contents of the certificate
# @param private_key [String] the private key contents
# @return [Boolean] returns true if the certificate was successfully created
def create_server_certificate(name, certificate_body, private_key)
@iam_client.upload_server_certificate({
server_certificate_name: name,
certificate_body: certificate_body,
private_key: private_key
})
true
rescue Aws::IAM::Errors::ServiceError => e
puts "Failed to create server certificate: #{e.message}"
false
end
# Lists available server certificate names.
def list_server_certificate_names
response = @iam_client.list_server_certificates
if response.server_certificate_metadata_list.empty?
@logger.info('No server certificates found.')
return
end
response.server_certificate_metadata_list.each do |certificate_metadata|
@logger.info("Certificate Name: #{certificate_metadata.server_certificate_name}")
end
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error listing server certificates: #{e.message}")
end
# Updates the name of a server certificate.
def update_server_certificate_name(current_name, new_name)
@iam_client.update_server_certificate(
server_certificate_name: current_name,
new_server_certificate_name: new_name
)
@logger.info("Server certificate name updated from '#{current_name}' to '#{new_name}'.")
true
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error updating server certificate name: #{e.message}")
false
end
# Deletes a server certificate.
def delete_server_certificate(name)
@iam_client.delete_server_certificate(server_certificate_name: name)
@logger.info("Server certificate '#{name}' deleted.")
true
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error deleting server certificate: #{e.message}")
false
end
end
```
+ Untuk detail API, lihat [UpdateServerCertificate](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/UpdateServerCertificate)di *Referensi AWS SDK untuk Ruby API*.
### `UpdateUser`
Contoh kode berikut menunjukkan cara menggunakan`UpdateUser`.
**SDK untuk Ruby**
Ada lebih banyak tentang GitHub. Temukan contoh lengkapnya dan pelajari cara mengatur dan menjalankannya di [Repositori Contoh Kode AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/ruby/example_code/iam#code-examples).
```
# Updates an IAM user's name
#
# @param current_name [String] The current name of the user
# @param new_name [String] The new name of the user
def update_user_name(current_name, new_name)
@iam_client.update_user(user_name: current_name, new_user_name: new_name)
true
rescue StandardError => e
@logger.error("Error updating user name from '#{current_name}' to '#{new_name}': #{e.message}")
false
end
```
+ Untuk detail API, lihat [UpdateUser](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/UpdateUser)di *Referensi AWS SDK untuk Ruby API*.