Sono disponibili altri esempi AWS SDK nel repository [AWS Doc SDK](https://github.com/awsdocs/aws-doc-sdk-examples) Examples. GitHub
Le traduzioni sono generate tramite traduzione automatica. In caso di conflitto tra il contenuto di una traduzione e la versione originale in Inglese, quest'ultima prevarrà.
# Esempi per IAM con SDK per Ruby
I seguenti esempi di codice mostrano come eseguire azioni e implementare scenari comuni utilizzando AWS SDK per Ruby with IAM.
*Nozioni di base*: esempi di codice che mostrano come eseguire le operazioni essenziali all’interno di un servizio.
Le *azioni* sono estratti di codice da programmi più grandi e devono essere eseguite nel contesto. Sebbene le azioni mostrino come richiamare le singole funzioni del servizio, è possibile visualizzarle contestualizzate negli scenari correlati.
Ogni esempio include un link al codice sorgente completo, in cui vengono fornite le istruzioni su come configurare ed eseguire il codice nel contesto.
**Topics**
+ [Nozioni di base](#get_started)
+ [Nozioni di base](#basics)
+ [Azioni](#actions)
## Nozioni di base
### Hello IAM
Il seguente esempio di codice mostra come iniziare a utilizzare IAM.
**SDK per Ruby**
C'è altro da fare GitHub. Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/ruby/example_code/iam#code-examples).
```
require 'aws-sdk-iam'
require 'logger'
# IAMManager is a class responsible for managing IAM operations
# such as listing all IAM policies in the current AWS account.
class IAMManager
def initialize(client)
@client = client
@logger = Logger.new($stdout)
end
# Lists and prints all IAM policies in the current AWS account.
def list_policies
@logger.info('Here are the IAM policies in your account:')
paginator = @client.list_policies
policies = []
paginator.each_page do |page|
policies.concat(page.policies)
end
if policies.empty?
@logger.info("You don't have any IAM policies.")
else
policies.each do |policy|
@logger.info("- #{policy.policy_name}")
end
end
end
end
if $PROGRAM_NAME == __FILE__
iam_client = Aws::IAM::Client.new
manager = IAMManager.new(iam_client)
manager.list_policies
end
```
+ Per i dettagli sull'API, [ListPolicies](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/ListPolicies)consulta *AWS SDK per Ruby API Reference*.
## Nozioni di base
### Informazioni di base
L’esempio di codice seguente mostra come creare un utente e assumere un ruolo.
**avvertimento**
Per evitare rischi per la sicurezza, non utilizzare gli utenti IAM per l’autenticazione quando sviluppi software creato ad hoc o lavori con dati reali. Utilizza invece la federazione con un provider di identità come [AWS IAM Identity Center](https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html).
+ Crea un utente che non disponga di autorizzazioni.
+ Crea un ruolo che conceda l’autorizzazione per elencare i bucket Amazon S3 per l’account.
+ Aggiungi una policy per consentire all’utente di assumere il ruolo.
+ Assumi il ruolo ed elenca i bucket S3 utilizzando le credenziali temporanee, quindi ripulisci le risorse.
**SDK per Ruby**
C'è altro su GitHub. Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/ruby/example_code/iam#code-examples).
Crea un utente IAM che conceda l’autorizzazione per elencare i bucket Amazon S3. L’utente dispone dei diritti soltanto per assumere il ruolo. Dopo aver assunto il ruolo, utilizza le credenziali temporanee per elencare i bucket per l’account.
```
# Wraps the scenario actions.
class ScenarioCreateUserAssumeRole
attr_reader :iam_client
# @param [Aws::IAM::Client] iam_client: The AWS IAM client.
def initialize(iam_client, logger: Logger.new($stdout))
@iam_client = iam_client
@logger = logger
end
# Waits for the specified number of seconds.
#
# @param duration [Integer] The number of seconds to wait.
def wait(duration)
puts('Give AWS time to propagate resources...')
sleep(duration)
end
# Creates a user.
#
# @param user_name [String] The name to give the user.
# @return [Aws::IAM::User] The newly created user.
def create_user(user_name)
user = @iam_client.create_user(user_name: user_name).user
@logger.info("Created demo user named #{user.user_name}.")
rescue Aws::Errors::ServiceError => e
@logger.info('Tried and failed to create demo user.')
@logger.info("\t#{e.code}: #{e.message}")
@logger.info("\nCan't continue the demo without a user!")
raise
else
user
end
# Creates an access key for a user.
#
# @param user [Aws::IAM::User] The user that owns the key.
# @return [Aws::IAM::AccessKeyPair] The newly created access key.
def create_access_key_pair(user)
user_key = @iam_client.create_access_key(user_name: user.user_name).access_key
@logger.info("Created accesskey pair for user #{user.user_name}.")
rescue Aws::Errors::ServiceError => e
@logger.info("Couldn't create access keys for user #{user.user_name}.")
@logger.info("\t#{e.code}: #{e.message}")
raise
else
user_key
end
# Creates a role that can be assumed by a user.
#
# @param role_name [String] The name to give the role.
# @param user [Aws::IAM::User] The user who is granted permission to assume the role.
# @return [Aws::IAM::Role] The newly created role.
def create_role(role_name, user)
trust_policy = {
Version: '2012-10-17',
Statement: [{
Effect: 'Allow',
Principal: { 'AWS': user.arn },
Action: 'sts:AssumeRole'
}]
}.to_json
role = @iam_client.create_role(
role_name: role_name,
assume_role_policy_document: trust_policy
).role
@logger.info("Created role #{role.role_name}.")
rescue Aws::Errors::ServiceError => e
@logger.info("Couldn't create a role for the demo. Here's why: ")
@logger.info("\t#{e.code}: #{e.message}")
raise
else
role
end
# Creates a policy that grants permission to list S3 buckets in the account, and
# then attaches the policy to a role.
#
# @param policy_name [String] The name to give the policy.
# @param role [Aws::IAM::Role] The role that the policy is attached to.
# @return [Aws::IAM::Policy] The newly created policy.
def create_and_attach_role_policy(policy_name, role)
policy_document = {
Version: '2012-10-17',
Statement: [{
Effect: 'Allow',
Action: 's3:ListAllMyBuckets',
Resource: 'arn:aws:s3:::*'
}]
}.to_json
policy = @iam_client.create_policy(
policy_name: policy_name,
policy_document: policy_document
).policy
@iam_client.attach_role_policy(
role_name: role.role_name,
policy_arn: policy.arn
)
@logger.info("Created policy #{policy.policy_name} and attached it to role #{role.role_name}.")
rescue Aws::Errors::ServiceError => e
@logger.info("Couldn't create a policy and attach it to role #{role.role_name}. Here's why: ")
@logger.info("\t#{e.code}: #{e.message}")
raise
end
# Creates an inline policy for a user that lets the user assume a role.
#
# @param policy_name [String] The name to give the policy.
# @param user [Aws::IAM::User] The user that owns the policy.
# @param role [Aws::IAM::Role] The role that can be assumed.
# @return [Aws::IAM::UserPolicy] The newly created policy.
def create_user_policy(policy_name, user, role)
policy_document = {
Version: '2012-10-17',
Statement: [{
Effect: 'Allow',
Action: 'sts:AssumeRole',
Resource: role.arn
}]
}.to_json
@iam_client.put_user_policy(
user_name: user.user_name,
policy_name: policy_name,
policy_document: policy_document
)
puts("Created an inline policy for #{user.user_name} that lets the user assume role #{role.role_name}.")
rescue Aws::Errors::ServiceError => e
@logger.info("Couldn't create an inline policy for user #{user.user_name}. Here's why: ")
@logger.info("\t#{e.code}: #{e.message}")
raise
end
# Creates an Amazon S3 resource with specified credentials. This is separated into a
# factory function so that it can be mocked for unit testing.
#
# @param credentials [Aws::Credentials] The credentials used by the Amazon S3 resource.
def create_s3_resource(credentials)
Aws::S3::Resource.new(client: Aws::S3::Client.new(credentials: credentials))
end
# Lists the S3 buckets for the account, using the specified Amazon S3 resource.
# Because the resource uses credentials with limited access, it may not be able to
# list the S3 buckets.
#
# @param s3_resource [Aws::S3::Resource] An Amazon S3 resource.
def list_buckets(s3_resource)
count = 10
s3_resource.buckets.each do |bucket|
@logger.info "\t#{bucket.name}"
count -= 1
break if count.zero?
end
rescue Aws::Errors::ServiceError => e
if e.code == 'AccessDenied'
puts('Attempt to list buckets with no permissions: AccessDenied.')
else
@logger.info("Couldn't list buckets for the account. Here's why: ")
@logger.info("\t#{e.code}: #{e.message}")
raise
end
end
# Creates an AWS Security Token Service (AWS STS) client with specified credentials.
# This is separated into a factory function so that it can be mocked for unit testing.
#
# @param key_id [String] The ID of the access key used by the STS client.
# @param key_secret [String] The secret part of the access key used by the STS client.
def create_sts_client(key_id, key_secret)
Aws::STS::Client.new(access_key_id: key_id, secret_access_key: key_secret)
end
# Gets temporary credentials that can be used to assume a role.
#
# @param role_arn [String] The ARN of the role that is assumed when these credentials
# are used.
# @param sts_client [AWS::STS::Client] An AWS STS client.
# @return [Aws::AssumeRoleCredentials] The credentials that can be used to assume the role.
def assume_role(role_arn, sts_client)
credentials = Aws::AssumeRoleCredentials.new(
client: sts_client,
role_arn: role_arn,
role_session_name: 'create-use-assume-role-scenario'
)
@logger.info("Assumed role '#{role_arn}', got temporary credentials.")
credentials
end
# Deletes a role. If the role has policies attached, they are detached and
# deleted before the role is deleted.
#
# @param role_name [String] The name of the role to delete.
def delete_role(role_name)
@iam_client.list_attached_role_policies(role_name: role_name).attached_policies.each do |policy|
@iam_client.detach_role_policy(role_name: role_name, policy_arn: policy.policy_arn)
@iam_client.delete_policy(policy_arn: policy.policy_arn)
@logger.info("Detached and deleted policy #{policy.policy_name}.")
end
@iam_client.delete_role({ role_name: role_name })
@logger.info("Role deleted: #{role_name}.")
rescue Aws::Errors::ServiceError => e
@logger.info("Couldn't detach policies and delete role #{role.name}. Here's why:")
@logger.info("\t#{e.code}: #{e.message}")
raise
end
# Deletes a user. If the user has inline policies or access keys, they are deleted
# before the user is deleted.
#
# @param user [Aws::IAM::User] The user to delete.
def delete_user(user_name)
user = @iam_client.list_access_keys(user_name: user_name).access_key_metadata
user.each do |key|
@iam_client.delete_access_key({ access_key_id: key.access_key_id, user_name: user_name })
@logger.info("Deleted access key #{key.access_key_id} for user '#{user_name}'.")
end
@iam_client.delete_user(user_name: user_name)
@logger.info("Deleted user '#{user_name}'.")
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error deleting user '#{user_name}': #{e.message}")
end
end
# Runs the IAM create a user and assume a role scenario.
def run_scenario(scenario)
puts('-' * 88)
puts('Welcome to the IAM create a user and assume a role demo!')
puts('-' * 88)
user = scenario.create_user("doc-example-user-#{Random.uuid}")
user_key = scenario.create_access_key_pair(user)
scenario.wait(10)
role = scenario.create_role("doc-example-role-#{Random.uuid}", user)
scenario.create_and_attach_role_policy("doc-example-role-policy-#{Random.uuid}", role)
scenario.create_user_policy("doc-example-user-policy-#{Random.uuid}", user, role)
scenario.wait(10)
puts('Try to list buckets with credentials for a user who has no permissions.')
puts('Expect AccessDenied from this call.')
scenario.list_buckets(
scenario.create_s3_resource(Aws::Credentials.new(user_key.access_key_id, user_key.secret_access_key))
)
puts('Now, assume the role that grants permission.')
temp_credentials = scenario.assume_role(
role.arn, scenario.create_sts_client(user_key.access_key_id, user_key.secret_access_key)
)
puts('Here are your buckets:')
scenario.list_buckets(scenario.create_s3_resource(temp_credentials))
puts("Deleting role '#{role.role_name}' and attached policies.")
scenario.delete_role(role.role_name)
puts("Deleting user '#{user.user_name}', policies, and keys.")
scenario.delete_user(user.user_name)
puts('Thanks for watching!')
puts('-' * 88)
rescue Aws::Errors::ServiceError => e
puts('Something went wrong with the demo.')
puts("\t#{e.code}: #{e.message}")
end
run_scenario(ScenarioCreateUserAssumeRole.new(Aws::IAM::Client.new)) if $PROGRAM_NAME == __FILE__
```
+ Per informazioni dettagliate sull’API, consulta i seguenti argomenti nella *documentazione di riferimento dell’API AWS SDK per Ruby *.
+ [AttachRolePolicy](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/AttachRolePolicy)
+ [CreateAccessKey](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/CreateAccessKey)
+ [CreatePolicy](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/CreatePolicy)
+ [CreateRole](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/CreateRole)
+ [CreateUser](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/CreateUser)
+ [DeleteAccessKey](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/DeleteAccessKey)
+ [DeletePolicy](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/DeletePolicy)
+ [DeleteRole](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/DeleteRole)
+ [DeleteUser](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/DeleteUser)
+ [DeleteUserPolicy](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/DeleteUserPolicy)
+ [DetachRolePolicy](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/DetachRolePolicy)
+ [PutUserPolicy](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/PutUserPolicy)
## Azioni
### `AttachRolePolicy`
Il seguente esempio di codice mostra come usare`AttachRolePolicy`.
**SDK per Ruby**
C'è altro da fare GitHub. Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/ruby/example_code/iam#code-examples).
Questo modulo di esempio elenca, crea, collega e scollega le policy relative ai ruoli.
```
# Manages policies in AWS Identity and Access Management (IAM)
class RolePolicyManager
# Initialize with an AWS IAM client
#
# @param iam_client [Aws::IAM::Client] An initialized IAM client
def initialize(iam_client, logger: Logger.new($stdout))
@iam_client = iam_client
@logger = logger
@logger.progname = 'PolicyManager'
end
# Creates a policy
#
# @param policy_name [String] The name of the policy
# @param policy_document [Hash] The policy document
# @return [String] The policy ARN if successful, otherwise nil
def create_policy(policy_name, policy_document)
response = @iam_client.create_policy(
policy_name: policy_name,
policy_document: policy_document.to_json
)
response.policy.arn
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error creating policy: #{e.message}")
nil
end
# Fetches an IAM policy by its ARN
# @param policy_arn [String] the ARN of the IAM policy to retrieve
# @return [Aws::IAM::Types::GetPolicyResponse] the policy object if found
def get_policy(policy_arn)
response = @iam_client.get_policy(policy_arn: policy_arn)
policy = response.policy
@logger.info("Got policy '#{policy.policy_name}'. Its ID is: #{policy.policy_id}.")
policy
rescue Aws::IAM::Errors::NoSuchEntity
@logger.error("Couldn't get policy '#{policy_arn}'. The policy does not exist.")
raise
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Couldn't get policy '#{policy_arn}'. Here's why: #{e.code}: #{e.message}")
raise
end
# Attaches a policy to a role
#
# @param role_name [String] The name of the role
# @param policy_arn [String] The policy ARN
# @return [Boolean] true if successful, false otherwise
def attach_policy_to_role(role_name, policy_arn)
@iam_client.attach_role_policy(
role_name: role_name,
policy_arn: policy_arn
)
true
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error attaching policy to role: #{e.message}")
false
end
# Lists policy ARNs attached to a role
#
# @param role_name [String] The name of the role
# @return [Array] List of policy ARNs
def list_attached_policy_arns(role_name)
response = @iam_client.list_attached_role_policies(role_name: role_name)
response.attached_policies.map(&:policy_arn)
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error listing policies attached to role: #{e.message}")
[]
end
# Detaches a policy from a role
#
# @param role_name [String] The name of the role
# @param policy_arn [String] The policy ARN
# @return [Boolean] true if successful, false otherwise
def detach_policy_from_role(role_name, policy_arn)
@iam_client.detach_role_policy(
role_name: role_name,
policy_arn: policy_arn
)
true
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error detaching policy from role: #{e.message}")
false
end
end
```
+ Per i dettagli sull'API, [AttachRolePolicy](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/AttachRolePolicy)consulta *AWS SDK per Ruby API Reference*.
### `AttachUserPolicy`
Il seguente esempio di codice mostra come utilizzare`AttachUserPolicy`.
**SDK per Ruby**
C'è altro da fare GitHub. Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/ruby/example_code/iam#code-examples).
```
# Attaches a policy to a user
#
# @param user_name [String] The name of the user
# @param policy_arn [String] The Amazon Resource Name (ARN) of the policy
# @return [Boolean] true if successful, false otherwise
def attach_policy_to_user(user_name, policy_arn)
@iam_client.attach_user_policy(
user_name: user_name,
policy_arn: policy_arn
)
true
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error attaching policy to user: #{e.message}")
false
end
```
+ Per i dettagli sull'API, [AttachUserPolicy](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/AttachUserPolicy)consulta *AWS SDK per Ruby API Reference*.
### `CreateAccessKey`
Il seguente esempio di codice mostra come utilizzare`CreateAccessKey`.
**SDK per Ruby**
C'è altro da fare GitHub. Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/ruby/example_code/iam#code-examples).
Questo modulo di esempio elenca, crea, disattiva ed elimina le chiavi di accesso.
```
# Manages access keys for IAM users
class AccessKeyManager
def initialize(iam_client, logger: Logger.new($stdout))
@iam_client = iam_client
@logger = logger
@logger.progname = 'AccessKeyManager'
end
# Lists access keys for a user
#
# @param user_name [String] The name of the user.
def list_access_keys(user_name)
response = @iam_client.list_access_keys(user_name: user_name)
if response.access_key_metadata.empty?
@logger.info("No access keys found for user '#{user_name}'.")
else
response.access_key_metadata.map(&:access_key_id)
end
rescue Aws::IAM::Errors::NoSuchEntity
@logger.error("Error listing access keys: cannot find user '#{user_name}'.")
[]
rescue StandardError => e
@logger.error("Error listing access keys: #{e.message}")
[]
end
# Creates an access key for a user
#
# @param user_name [String] The name of the user.
# @return [Boolean]
def create_access_key(user_name)
response = @iam_client.create_access_key(user_name: user_name)
access_key = response.access_key
@logger.info("Access key created for user '#{user_name}': #{access_key.access_key_id}")
access_key
rescue Aws::IAM::Errors::LimitExceeded
@logger.error('Error creating access key: limit exceeded. Cannot create more.')
nil
rescue StandardError => e
@logger.error("Error creating access key: #{e.message}")
nil
end
# Deactivates an access key
#
# @param user_name [String] The name of the user.
# @param access_key_id [String] The ID for the access key.
# @return [Boolean]
def deactivate_access_key(user_name, access_key_id)
@iam_client.update_access_key(
user_name: user_name,
access_key_id: access_key_id,
status: 'Inactive'
)
true
rescue StandardError => e
@logger.error("Error deactivating access key: #{e.message}")
false
end
# Deletes an access key
#
# @param user_name [String] The name of the user.
# @param access_key_id [String] The ID for the access key.
# @return [Boolean]
def delete_access_key(user_name, access_key_id)
@iam_client.delete_access_key(
user_name: user_name,
access_key_id: access_key_id
)
true
rescue StandardError => e
@logger.error("Error deleting access key: #{e.message}")
false
end
end
```
+ Per i dettagli sull'API, [CreateAccessKey](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/CreateAccessKey)consulta *AWS SDK per Ruby API Reference*.
### `CreateAccountAlias`
Il seguente esempio di codice mostra come utilizzare`CreateAccountAlias`.
**SDK per Ruby**
C'è altro da fare GitHub. Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/ruby/example_code/iam#code-examples).
Elenca, crea ed elimina gli alias degli account.
```
class IAMAliasManager
# Initializes the IAM client and logger
#
# @param iam_client [Aws::IAM::Client] An initialized IAM client.
def initialize(iam_client, logger: Logger.new($stdout))
@iam_client = iam_client
@logger = logger
end
# Lists available AWS account aliases.
def list_aliases
response = @iam_client.list_account_aliases
if response.account_aliases.count.positive?
@logger.info('Account aliases are:')
response.account_aliases.each { |account_alias| @logger.info(" #{account_alias}") }
else
@logger.info('No account aliases found.')
end
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error listing account aliases: #{e.message}")
end
# Creates an AWS account alias.
#
# @param account_alias [String] The name of the account alias to create.
# @return [Boolean] true if the account alias was created; otherwise, false.
def create_account_alias(account_alias)
@iam_client.create_account_alias(account_alias: account_alias)
true
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error creating account alias: #{e.message}")
false
end
# Deletes an AWS account alias.
#
# @param account_alias [String] The name of the account alias to delete.
# @return [Boolean] true if the account alias was deleted; otherwise, false.
def delete_account_alias(account_alias)
@iam_client.delete_account_alias(account_alias: account_alias)
true
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error deleting account alias: #{e.message}")
false
end
end
```
+ Per i dettagli sull'API, [CreateAccountAlias](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/CreateAccountAlias)consulta *AWS SDK per Ruby API Reference*.
### `CreatePolicy`
Il seguente esempio di codice mostra come utilizzare`CreatePolicy`.
**SDK per Ruby**
C'è altro da fare GitHub. Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/ruby/example_code/iam#code-examples).
Questo modulo di esempio elenca, crea, collega e scollega le policy relative ai ruoli.
```
# Manages policies in AWS Identity and Access Management (IAM)
class RolePolicyManager
# Initialize with an AWS IAM client
#
# @param iam_client [Aws::IAM::Client] An initialized IAM client
def initialize(iam_client, logger: Logger.new($stdout))
@iam_client = iam_client
@logger = logger
@logger.progname = 'PolicyManager'
end
# Creates a policy
#
# @param policy_name [String] The name of the policy
# @param policy_document [Hash] The policy document
# @return [String] The policy ARN if successful, otherwise nil
def create_policy(policy_name, policy_document)
response = @iam_client.create_policy(
policy_name: policy_name,
policy_document: policy_document.to_json
)
response.policy.arn
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error creating policy: #{e.message}")
nil
end
# Fetches an IAM policy by its ARN
# @param policy_arn [String] the ARN of the IAM policy to retrieve
# @return [Aws::IAM::Types::GetPolicyResponse] the policy object if found
def get_policy(policy_arn)
response = @iam_client.get_policy(policy_arn: policy_arn)
policy = response.policy
@logger.info("Got policy '#{policy.policy_name}'. Its ID is: #{policy.policy_id}.")
policy
rescue Aws::IAM::Errors::NoSuchEntity
@logger.error("Couldn't get policy '#{policy_arn}'. The policy does not exist.")
raise
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Couldn't get policy '#{policy_arn}'. Here's why: #{e.code}: #{e.message}")
raise
end
# Attaches a policy to a role
#
# @param role_name [String] The name of the role
# @param policy_arn [String] The policy ARN
# @return [Boolean] true if successful, false otherwise
def attach_policy_to_role(role_name, policy_arn)
@iam_client.attach_role_policy(
role_name: role_name,
policy_arn: policy_arn
)
true
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error attaching policy to role: #{e.message}")
false
end
# Lists policy ARNs attached to a role
#
# @param role_name [String] The name of the role
# @return [Array] List of policy ARNs
def list_attached_policy_arns(role_name)
response = @iam_client.list_attached_role_policies(role_name: role_name)
response.attached_policies.map(&:policy_arn)
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error listing policies attached to role: #{e.message}")
[]
end
# Detaches a policy from a role
#
# @param role_name [String] The name of the role
# @param policy_arn [String] The policy ARN
# @return [Boolean] true if successful, false otherwise
def detach_policy_from_role(role_name, policy_arn)
@iam_client.detach_role_policy(
role_name: role_name,
policy_arn: policy_arn
)
true
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error detaching policy from role: #{e.message}")
false
end
end
```
+ Per i dettagli sull'API, [CreatePolicy](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/CreatePolicy)consulta *AWS SDK per Ruby API Reference*.
### `CreateRole`
Il seguente esempio di codice mostra come utilizzare`CreateRole`.
**SDK per Ruby**
C'è altro da fare GitHub. Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/ruby/example_code/iam#code-examples).
```
# Creates a role and attaches policies to it.
#
# @param role_name [String] The name of the role.
# @param assume_role_policy_document [Hash] The trust relationship policy document.
# @param policy_arns [Array] The ARNs of the policies to attach.
# @return [String, nil] The ARN of the new role if successful, or nil if an error occurred.
def create_role(role_name, assume_role_policy_document, policy_arns)
response = @iam_client.create_role(
role_name: role_name,
assume_role_policy_document: assume_role_policy_document.to_json
)
role_arn = response.role.arn
policy_arns.each do |policy_arn|
@iam_client.attach_role_policy(
role_name: role_name,
policy_arn: policy_arn
)
end
role_arn
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error creating role: #{e.message}")
nil
end
```
+ Per i dettagli sull'API, [CreateRole](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/CreateRole)consulta *AWS SDK per Ruby API Reference*.
### `CreateServiceLinkedRole`
Il seguente esempio di codice mostra come utilizzare`CreateServiceLinkedRole`.
**SDK per Ruby**
C'è altro da fare GitHub. Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/ruby/example_code/iam#code-examples).
```
# Creates a service-linked role
#
# @param service_name [String] The service name to create the role for.
# @param description [String] The description of the service-linked role.
# @param suffix [String] Suffix for customizing role name.
# @return [String] The name of the created role
def create_service_linked_role(service_name, description, suffix)
response = @iam_client.create_service_linked_role(
aws_service_name: service_name, description: description, custom_suffix: suffix
)
role_name = response.role.role_name
@logger.info("Created service-linked role #{role_name}.")
role_name
rescue Aws::Errors::ServiceError => e
@logger.error("Couldn't create service-linked role for #{service_name}. Here's why:")
@logger.error("\t#{e.code}: #{e.message}")
raise
end
```
+ Per i dettagli sull'API, [CreateServiceLinkedRole](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/CreateServiceLinkedRole)consulta *AWS SDK per Ruby API Reference*.
### `CreateUser`
Il seguente esempio di codice mostra come utilizzare`CreateUser`.
**SDK per Ruby**
C'è altro da fare GitHub. Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/ruby/example_code/iam#code-examples).
```
# Creates a user and their login profile
#
# @param user_name [String] The name of the user
# @param initial_password [String] The initial password for the user
# @return [String, nil] The ID of the user if created, or nil if an error occurred
def create_user(user_name, initial_password)
response = @iam_client.create_user(user_name: user_name)
@iam_client.wait_until(:user_exists, user_name: user_name)
@iam_client.create_login_profile(
user_name: user_name,
password: initial_password,
password_reset_required: true
)
@logger.info("User '#{user_name}' created successfully.")
response.user.user_id
rescue Aws::IAM::Errors::EntityAlreadyExists
@logger.error("Error creating user '#{user_name}': user already exists.")
nil
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error creating user '#{user_name}': #{e.message}")
nil
end
```
+ Per i dettagli sull'API, [CreateUser](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/CreateUser)consulta *AWS SDK per Ruby API Reference*.
### `DeleteAccessKey`
Il seguente esempio di codice mostra come utilizzare`DeleteAccessKey`.
**SDK per Ruby**
C'è altro da fare GitHub. Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/ruby/example_code/iam#code-examples).
Questo modulo di esempio elenca, crea, disattiva ed elimina le chiavi di accesso.
```
# Manages access keys for IAM users
class AccessKeyManager
def initialize(iam_client, logger: Logger.new($stdout))
@iam_client = iam_client
@logger = logger
@logger.progname = 'AccessKeyManager'
end
# Lists access keys for a user
#
# @param user_name [String] The name of the user.
def list_access_keys(user_name)
response = @iam_client.list_access_keys(user_name: user_name)
if response.access_key_metadata.empty?
@logger.info("No access keys found for user '#{user_name}'.")
else
response.access_key_metadata.map(&:access_key_id)
end
rescue Aws::IAM::Errors::NoSuchEntity
@logger.error("Error listing access keys: cannot find user '#{user_name}'.")
[]
rescue StandardError => e
@logger.error("Error listing access keys: #{e.message}")
[]
end
# Creates an access key for a user
#
# @param user_name [String] The name of the user.
# @return [Boolean]
def create_access_key(user_name)
response = @iam_client.create_access_key(user_name: user_name)
access_key = response.access_key
@logger.info("Access key created for user '#{user_name}': #{access_key.access_key_id}")
access_key
rescue Aws::IAM::Errors::LimitExceeded
@logger.error('Error creating access key: limit exceeded. Cannot create more.')
nil
rescue StandardError => e
@logger.error("Error creating access key: #{e.message}")
nil
end
# Deactivates an access key
#
# @param user_name [String] The name of the user.
# @param access_key_id [String] The ID for the access key.
# @return [Boolean]
def deactivate_access_key(user_name, access_key_id)
@iam_client.update_access_key(
user_name: user_name,
access_key_id: access_key_id,
status: 'Inactive'
)
true
rescue StandardError => e
@logger.error("Error deactivating access key: #{e.message}")
false
end
# Deletes an access key
#
# @param user_name [String] The name of the user.
# @param access_key_id [String] The ID for the access key.
# @return [Boolean]
def delete_access_key(user_name, access_key_id)
@iam_client.delete_access_key(
user_name: user_name,
access_key_id: access_key_id
)
true
rescue StandardError => e
@logger.error("Error deleting access key: #{e.message}")
false
end
end
```
+ Per i dettagli sull'API, [DeleteAccessKey](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/DeleteAccessKey)consulta *AWS SDK per Ruby API Reference*.
### `DeleteAccountAlias`
Il seguente esempio di codice mostra come utilizzare`DeleteAccountAlias`.
**SDK per Ruby**
C'è altro da fare GitHub. Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/ruby/example_code/iam#code-examples).
Elenca, crea ed elimina gli alias degli account.
```
class IAMAliasManager
# Initializes the IAM client and logger
#
# @param iam_client [Aws::IAM::Client] An initialized IAM client.
def initialize(iam_client, logger: Logger.new($stdout))
@iam_client = iam_client
@logger = logger
end
# Lists available AWS account aliases.
def list_aliases
response = @iam_client.list_account_aliases
if response.account_aliases.count.positive?
@logger.info('Account aliases are:')
response.account_aliases.each { |account_alias| @logger.info(" #{account_alias}") }
else
@logger.info('No account aliases found.')
end
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error listing account aliases: #{e.message}")
end
# Creates an AWS account alias.
#
# @param account_alias [String] The name of the account alias to create.
# @return [Boolean] true if the account alias was created; otherwise, false.
def create_account_alias(account_alias)
@iam_client.create_account_alias(account_alias: account_alias)
true
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error creating account alias: #{e.message}")
false
end
# Deletes an AWS account alias.
#
# @param account_alias [String] The name of the account alias to delete.
# @return [Boolean] true if the account alias was deleted; otherwise, false.
def delete_account_alias(account_alias)
@iam_client.delete_account_alias(account_alias: account_alias)
true
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error deleting account alias: #{e.message}")
false
end
end
```
+ Per i dettagli sull'API, [DeleteAccountAlias](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/DeleteAccountAlias)consulta *AWS SDK per Ruby API Reference*.
### `DeleteRole`
Il seguente esempio di codice mostra come utilizzare`DeleteRole`.
**SDK per Ruby**
C'è altro da fare GitHub. Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/ruby/example_code/iam#code-examples).
```
# Deletes a role and its attached policies.
#
# @param role_name [String] The name of the role to delete.
def delete_role(role_name)
# Detach and delete attached policies
@iam_client.list_attached_role_policies(role_name: role_name).each do |response|
response.attached_policies.each do |policy|
@iam_client.detach_role_policy({
role_name: role_name,
policy_arn: policy.policy_arn
})
# Check if the policy is a customer managed policy (not AWS managed)
unless policy.policy_arn.include?('aws:policy/')
@iam_client.delete_policy({ policy_arn: policy.policy_arn })
@logger.info("Deleted customer managed policy #{policy.policy_name}.")
end
end
end
# Delete the role
@iam_client.delete_role({ role_name: role_name })
@logger.info("Deleted role #{role_name}.")
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Couldn't detach policies and delete role #{role_name}. Here's why:")
@logger.error("\t#{e.code}: #{e.message}")
raise
end
```
+ Per i dettagli sull'API, [DeleteRole](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/DeleteRole)consulta *AWS SDK per Ruby API Reference*.
### `DeleteServerCertificate`
Il seguente esempio di codice mostra come utilizzare`DeleteServerCertificate`.
**SDK per Ruby**
C'è altro da fare GitHub. Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/ruby/example_code/iam#code-examples).
Elenca, aggiorna ed elimina i certificati server.
```
class ServerCertificateManager
def initialize(iam_client, logger: Logger.new($stdout))
@iam_client = iam_client
@logger = logger
@logger.progname = 'ServerCertificateManager'
end
# Creates a new server certificate.
# @param name [String] the name of the server certificate
# @param certificate_body [String] the contents of the certificate
# @param private_key [String] the private key contents
# @return [Boolean] returns true if the certificate was successfully created
def create_server_certificate(name, certificate_body, private_key)
@iam_client.upload_server_certificate({
server_certificate_name: name,
certificate_body: certificate_body,
private_key: private_key
})
true
rescue Aws::IAM::Errors::ServiceError => e
puts "Failed to create server certificate: #{e.message}"
false
end
# Lists available server certificate names.
def list_server_certificate_names
response = @iam_client.list_server_certificates
if response.server_certificate_metadata_list.empty?
@logger.info('No server certificates found.')
return
end
response.server_certificate_metadata_list.each do |certificate_metadata|
@logger.info("Certificate Name: #{certificate_metadata.server_certificate_name}")
end
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error listing server certificates: #{e.message}")
end
# Updates the name of a server certificate.
def update_server_certificate_name(current_name, new_name)
@iam_client.update_server_certificate(
server_certificate_name: current_name,
new_server_certificate_name: new_name
)
@logger.info("Server certificate name updated from '#{current_name}' to '#{new_name}'.")
true
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error updating server certificate name: #{e.message}")
false
end
# Deletes a server certificate.
def delete_server_certificate(name)
@iam_client.delete_server_certificate(server_certificate_name: name)
@logger.info("Server certificate '#{name}' deleted.")
true
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error deleting server certificate: #{e.message}")
false
end
end
```
+ Per i dettagli sull'API, [DeleteServerCertificate](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/DeleteServerCertificate)consulta *AWS SDK per Ruby API Reference*.
### `DeleteServiceLinkedRole`
Il seguente esempio di codice mostra come utilizzare`DeleteServiceLinkedRole`.
**SDK per Ruby**
C'è altro da fare GitHub. Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/ruby/example_code/iam#code-examples).
```
# Deletes a service-linked role.
#
# @param role_name [String] The name of the role to delete.
def delete_service_linked_role(role_name)
response = @iam_client.delete_service_linked_role(role_name: role_name)
task_id = response.deletion_task_id
check_deletion_status(role_name, task_id)
rescue Aws::Errors::ServiceError => e
handle_deletion_error(e, role_name)
end
private
# Checks the deletion status of a service-linked role
#
# @param role_name [String] The name of the role being deleted
# @param task_id [String] The task ID for the deletion process
def check_deletion_status(role_name, task_id)
loop do
response = @iam_client.get_service_linked_role_deletion_status(
deletion_task_id: task_id
)
status = response.status
@logger.info("Deletion of #{role_name} #{status}.")
break if %w[SUCCEEDED FAILED].include?(status)
sleep(3)
end
end
# Handles deletion error
#
# @param e [Aws::Errors::ServiceError] The error encountered during deletion
# @param role_name [String] The name of the role attempted to delete
def handle_deletion_error(e, role_name)
return if e.code == 'NoSuchEntity'
@logger.error("Couldn't delete #{role_name}. Here's why:")
@logger.error("\t#{e.code}: #{e.message}")
raise
end
```
+ Per i dettagli sull'API, [DeleteServiceLinkedRole](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/DeleteServiceLinkedRole)consulta *AWS SDK per Ruby API Reference*.
### `DeleteUser`
Il seguente esempio di codice mostra come utilizzare`DeleteUser`.
**SDK per Ruby**
C'è altro da fare GitHub. Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/ruby/example_code/iam#code-examples).
```
# Deletes a user and their associated resources
#
# @param user_name [String] The name of the user to delete
def delete_user(user_name)
user = @iam_client.list_access_keys(user_name: user_name).access_key_metadata
user.each do |key|
@iam_client.delete_access_key({ access_key_id: key.access_key_id, user_name: user_name })
@logger.info("Deleted access key #{key.access_key_id} for user '#{user_name}'.")
end
@iam_client.delete_user(user_name: user_name)
@logger.info("Deleted user '#{user_name}'.")
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error deleting user '#{user_name}': #{e.message}")
end
```
+ Per i dettagli sull'API, [DeleteUser](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/DeleteUser)consulta *AWS SDK per Ruby API Reference*.
### `DeleteUserPolicy`
Il seguente esempio di codice mostra come utilizzare`DeleteUserPolicy`.
**SDK per Ruby**
C'è altro da fare GitHub. Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/ruby/example_code/iam#code-examples).
```
# Deletes a user and their associated resources
#
# @param user_name [String] The name of the user to delete
def delete_user(user_name)
user = @iam_client.list_access_keys(user_name: user_name).access_key_metadata
user.each do |key|
@iam_client.delete_access_key({ access_key_id: key.access_key_id, user_name: user_name })
@logger.info("Deleted access key #{key.access_key_id} for user '#{user_name}'.")
end
@iam_client.delete_user(user_name: user_name)
@logger.info("Deleted user '#{user_name}'.")
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error deleting user '#{user_name}': #{e.message}")
end
```
+ Per i dettagli sull'API, [DeleteUserPolicy](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/DeleteUserPolicy)consulta *AWS SDK per Ruby API Reference*.
### `DetachRolePolicy`
Il seguente esempio di codice mostra come utilizzare`DetachRolePolicy`.
**SDK per Ruby**
C'è altro da fare GitHub. Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/ruby/example_code/iam#code-examples).
Questo modulo di esempio elenca, crea, collega e scollega le policy relative ai ruoli.
```
# Manages policies in AWS Identity and Access Management (IAM)
class RolePolicyManager
# Initialize with an AWS IAM client
#
# @param iam_client [Aws::IAM::Client] An initialized IAM client
def initialize(iam_client, logger: Logger.new($stdout))
@iam_client = iam_client
@logger = logger
@logger.progname = 'PolicyManager'
end
# Creates a policy
#
# @param policy_name [String] The name of the policy
# @param policy_document [Hash] The policy document
# @return [String] The policy ARN if successful, otherwise nil
def create_policy(policy_name, policy_document)
response = @iam_client.create_policy(
policy_name: policy_name,
policy_document: policy_document.to_json
)
response.policy.arn
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error creating policy: #{e.message}")
nil
end
# Fetches an IAM policy by its ARN
# @param policy_arn [String] the ARN of the IAM policy to retrieve
# @return [Aws::IAM::Types::GetPolicyResponse] the policy object if found
def get_policy(policy_arn)
response = @iam_client.get_policy(policy_arn: policy_arn)
policy = response.policy
@logger.info("Got policy '#{policy.policy_name}'. Its ID is: #{policy.policy_id}.")
policy
rescue Aws::IAM::Errors::NoSuchEntity
@logger.error("Couldn't get policy '#{policy_arn}'. The policy does not exist.")
raise
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Couldn't get policy '#{policy_arn}'. Here's why: #{e.code}: #{e.message}")
raise
end
# Attaches a policy to a role
#
# @param role_name [String] The name of the role
# @param policy_arn [String] The policy ARN
# @return [Boolean] true if successful, false otherwise
def attach_policy_to_role(role_name, policy_arn)
@iam_client.attach_role_policy(
role_name: role_name,
policy_arn: policy_arn
)
true
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error attaching policy to role: #{e.message}")
false
end
# Lists policy ARNs attached to a role
#
# @param role_name [String] The name of the role
# @return [Array] List of policy ARNs
def list_attached_policy_arns(role_name)
response = @iam_client.list_attached_role_policies(role_name: role_name)
response.attached_policies.map(&:policy_arn)
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error listing policies attached to role: #{e.message}")
[]
end
# Detaches a policy from a role
#
# @param role_name [String] The name of the role
# @param policy_arn [String] The policy ARN
# @return [Boolean] true if successful, false otherwise
def detach_policy_from_role(role_name, policy_arn)
@iam_client.detach_role_policy(
role_name: role_name,
policy_arn: policy_arn
)
true
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error detaching policy from role: #{e.message}")
false
end
end
```
+ Per i dettagli sull'API, [DetachRolePolicy](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/DetachRolePolicy)consulta *AWS SDK per Ruby API Reference*.
### `DetachUserPolicy`
Il seguente esempio di codice mostra come utilizzare`DetachUserPolicy`.
**SDK per Ruby**
C'è altro da fare GitHub. Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/ruby/example_code/iam#code-examples).
```
# Detaches a policy from a user
#
# @param user_name [String] The name of the user
# @param policy_arn [String] The ARN of the policy to detach
# @return [Boolean] true if the policy was successfully detached, false otherwise
def detach_user_policy(user_name, policy_arn)
@iam_client.detach_user_policy(
user_name: user_name,
policy_arn: policy_arn
)
@logger.info("Policy '#{policy_arn}' detached from user '#{user_name}' successfully.")
true
rescue Aws::IAM::Errors::NoSuchEntity
@logger.error('Error detaching policy: Policy or user does not exist.')
false
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error detaching policy from user '#{user_name}': #{e.message}")
false
end
```
+ Per i dettagli sull'API, [DetachUserPolicy](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/DetachUserPolicy)consulta *AWS SDK per Ruby API Reference*.
### `GetAccountPasswordPolicy`
Il seguente esempio di codice mostra come utilizzare`GetAccountPasswordPolicy`.
**SDK per Ruby**
C'è altro da fare GitHub. Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/ruby/example_code/iam#code-examples).
```
# Class to manage IAM account password policies
class PasswordPolicyManager
attr_accessor :iam_client, :logger
def initialize(iam_client, logger: Logger.new($stdout))
@iam_client = iam_client
@logger = logger
@logger.progname = 'IAMPolicyManager'
end
# Retrieves and logs the account password policy
def print_account_password_policy
response = @iam_client.get_account_password_policy
@logger.info("The account password policy is: #{response.password_policy.to_h}")
rescue Aws::IAM::Errors::NoSuchEntity
@logger.info('The account does not have a password policy.')
rescue Aws::Errors::ServiceError => e
@logger.error("Couldn't print the account password policy. Error: #{e.code} - #{e.message}")
raise
end
end
```
+ Per i dettagli sull'API, [GetAccountPasswordPolicy](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/GetAccountPasswordPolicy)consulta *AWS SDK per Ruby API Reference*.
### `GetPolicy`
Il seguente esempio di codice mostra come utilizzare`GetPolicy`.
**SDK per Ruby**
C'è altro da fare GitHub. Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/ruby/example_code/iam#code-examples).
```
# Fetches an IAM policy by its ARN
# @param policy_arn [String] the ARN of the IAM policy to retrieve
# @return [Aws::IAM::Types::GetPolicyResponse] the policy object if found
def get_policy(policy_arn)
response = @iam_client.get_policy(policy_arn: policy_arn)
policy = response.policy
@logger.info("Got policy '#{policy.policy_name}'. Its ID is: #{policy.policy_id}.")
policy
rescue Aws::IAM::Errors::NoSuchEntity
@logger.error("Couldn't get policy '#{policy_arn}'. The policy does not exist.")
raise
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Couldn't get policy '#{policy_arn}'. Here's why: #{e.code}: #{e.message}")
raise
end
```
+ Per i dettagli sull'API, [GetPolicy](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/GetPolicy)consulta *AWS SDK per Ruby API Reference*.
### `GetRole`
Il seguente esempio di codice mostra come utilizzare`GetRole`.
**SDK per Ruby**
C'è altro da fare GitHub. Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/ruby/example_code/iam#code-examples).
```
# Gets data about a role.
#
# @param name [String] The name of the role to look up.
# @return [Aws::IAM::Role] The retrieved role.
def get_role(name)
role = @iam_client.get_role({
role_name: name
}).role
puts("Got data for role '#{role.role_name}'. Its ARN is '#{role.arn}'.")
rescue Aws::Errors::ServiceError => e
puts("Couldn't get data for role '#{name}' Here's why:")
puts("\t#{e.code}: #{e.message}")
raise
else
role
end
```
+ Per i dettagli sull'API, [GetRole](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/GetRole)consulta *AWS SDK per Ruby API Reference*.
### `GetUser`
Il seguente esempio di codice mostra come utilizzare`GetUser`.
**SDK per Ruby**
C'è altro da fare GitHub. Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/ruby/example_code/iam#code-examples).
```
# Retrieves a user's details
#
# @param user_name [String] The name of the user to retrieve
# @return [Aws::IAM::Types::User, nil] The user object if found, or nil if an error occurred
def get_user(user_name)
response = @iam_client.get_user(user_name: user_name)
response.user
rescue Aws::IAM::Errors::NoSuchEntity
@logger.error("User '#{user_name}' not found.")
nil
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error retrieving user '#{user_name}': #{e.message}")
nil
end
```
+ Per i dettagli sull'API, [GetUser](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/GetUser)consulta *AWS SDK per Ruby API Reference*.
### `ListAccessKeys`
Il seguente esempio di codice mostra come utilizzare`ListAccessKeys`.
**SDK per Ruby**
C'è altro da fare GitHub. Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/ruby/example_code/iam#code-examples).
Questo modulo di esempio elenca, crea, disattiva ed elimina le chiavi di accesso.
```
# Manages access keys for IAM users
class AccessKeyManager
def initialize(iam_client, logger: Logger.new($stdout))
@iam_client = iam_client
@logger = logger
@logger.progname = 'AccessKeyManager'
end
# Lists access keys for a user
#
# @param user_name [String] The name of the user.
def list_access_keys(user_name)
response = @iam_client.list_access_keys(user_name: user_name)
if response.access_key_metadata.empty?
@logger.info("No access keys found for user '#{user_name}'.")
else
response.access_key_metadata.map(&:access_key_id)
end
rescue Aws::IAM::Errors::NoSuchEntity
@logger.error("Error listing access keys: cannot find user '#{user_name}'.")
[]
rescue StandardError => e
@logger.error("Error listing access keys: #{e.message}")
[]
end
# Creates an access key for a user
#
# @param user_name [String] The name of the user.
# @return [Boolean]
def create_access_key(user_name)
response = @iam_client.create_access_key(user_name: user_name)
access_key = response.access_key
@logger.info("Access key created for user '#{user_name}': #{access_key.access_key_id}")
access_key
rescue Aws::IAM::Errors::LimitExceeded
@logger.error('Error creating access key: limit exceeded. Cannot create more.')
nil
rescue StandardError => e
@logger.error("Error creating access key: #{e.message}")
nil
end
# Deactivates an access key
#
# @param user_name [String] The name of the user.
# @param access_key_id [String] The ID for the access key.
# @return [Boolean]
def deactivate_access_key(user_name, access_key_id)
@iam_client.update_access_key(
user_name: user_name,
access_key_id: access_key_id,
status: 'Inactive'
)
true
rescue StandardError => e
@logger.error("Error deactivating access key: #{e.message}")
false
end
# Deletes an access key
#
# @param user_name [String] The name of the user.
# @param access_key_id [String] The ID for the access key.
# @return [Boolean]
def delete_access_key(user_name, access_key_id)
@iam_client.delete_access_key(
user_name: user_name,
access_key_id: access_key_id
)
true
rescue StandardError => e
@logger.error("Error deleting access key: #{e.message}")
false
end
end
```
+ Per i dettagli sull'API, [ListAccessKeys](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/ListAccessKeys)consulta *AWS SDK per Ruby API Reference*.
### `ListAccountAliases`
Il seguente esempio di codice mostra come utilizzare`ListAccountAliases`.
**SDK per Ruby**
C'è altro da fare GitHub. Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/ruby/example_code/iam#code-examples).
Elenca, crea ed elimina gli alias degli account.
```
class IAMAliasManager
# Initializes the IAM client and logger
#
# @param iam_client [Aws::IAM::Client] An initialized IAM client.
def initialize(iam_client, logger: Logger.new($stdout))
@iam_client = iam_client
@logger = logger
end
# Lists available AWS account aliases.
def list_aliases
response = @iam_client.list_account_aliases
if response.account_aliases.count.positive?
@logger.info('Account aliases are:')
response.account_aliases.each { |account_alias| @logger.info(" #{account_alias}") }
else
@logger.info('No account aliases found.')
end
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error listing account aliases: #{e.message}")
end
# Creates an AWS account alias.
#
# @param account_alias [String] The name of the account alias to create.
# @return [Boolean] true if the account alias was created; otherwise, false.
def create_account_alias(account_alias)
@iam_client.create_account_alias(account_alias: account_alias)
true
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error creating account alias: #{e.message}")
false
end
# Deletes an AWS account alias.
#
# @param account_alias [String] The name of the account alias to delete.
# @return [Boolean] true if the account alias was deleted; otherwise, false.
def delete_account_alias(account_alias)
@iam_client.delete_account_alias(account_alias: account_alias)
true
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error deleting account alias: #{e.message}")
false
end
end
```
+ Per i dettagli sull'API, [ListAccountAliases](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/ListAccountAliases)consulta *AWS SDK per Ruby API Reference*.
### `ListAttachedRolePolicies`
Il seguente esempio di codice mostra come utilizzare`ListAttachedRolePolicies`.
**SDK per Ruby**
C'è altro da fare GitHub. Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/ruby/example_code/iam#code-examples).
Questo modulo di esempio elenca, crea, collega e scollega le policy relative ai ruoli.
```
# Manages policies in AWS Identity and Access Management (IAM)
class RolePolicyManager
# Initialize with an AWS IAM client
#
# @param iam_client [Aws::IAM::Client] An initialized IAM client
def initialize(iam_client, logger: Logger.new($stdout))
@iam_client = iam_client
@logger = logger
@logger.progname = 'PolicyManager'
end
# Creates a policy
#
# @param policy_name [String] The name of the policy
# @param policy_document [Hash] The policy document
# @return [String] The policy ARN if successful, otherwise nil
def create_policy(policy_name, policy_document)
response = @iam_client.create_policy(
policy_name: policy_name,
policy_document: policy_document.to_json
)
response.policy.arn
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error creating policy: #{e.message}")
nil
end
# Fetches an IAM policy by its ARN
# @param policy_arn [String] the ARN of the IAM policy to retrieve
# @return [Aws::IAM::Types::GetPolicyResponse] the policy object if found
def get_policy(policy_arn)
response = @iam_client.get_policy(policy_arn: policy_arn)
policy = response.policy
@logger.info("Got policy '#{policy.policy_name}'. Its ID is: #{policy.policy_id}.")
policy
rescue Aws::IAM::Errors::NoSuchEntity
@logger.error("Couldn't get policy '#{policy_arn}'. The policy does not exist.")
raise
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Couldn't get policy '#{policy_arn}'. Here's why: #{e.code}: #{e.message}")
raise
end
# Attaches a policy to a role
#
# @param role_name [String] The name of the role
# @param policy_arn [String] The policy ARN
# @return [Boolean] true if successful, false otherwise
def attach_policy_to_role(role_name, policy_arn)
@iam_client.attach_role_policy(
role_name: role_name,
policy_arn: policy_arn
)
true
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error attaching policy to role: #{e.message}")
false
end
# Lists policy ARNs attached to a role
#
# @param role_name [String] The name of the role
# @return [Array] List of policy ARNs
def list_attached_policy_arns(role_name)
response = @iam_client.list_attached_role_policies(role_name: role_name)
response.attached_policies.map(&:policy_arn)
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error listing policies attached to role: #{e.message}")
[]
end
# Detaches a policy from a role
#
# @param role_name [String] The name of the role
# @param policy_arn [String] The policy ARN
# @return [Boolean] true if successful, false otherwise
def detach_policy_from_role(role_name, policy_arn)
@iam_client.detach_role_policy(
role_name: role_name,
policy_arn: policy_arn
)
true
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error detaching policy from role: #{e.message}")
false
end
end
```
+ Per i dettagli sull'API, [ListAttachedRolePolicies](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/ListAttachedRolePolicies)consulta *AWS SDK per Ruby API Reference*.
### `ListGroups`
Il seguente esempio di codice mostra come utilizzare`ListGroups`.
**SDK per Ruby**
C'è altro da fare GitHub. Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/ruby/example_code/iam#code-examples).
```
# A class to manage IAM operations via the AWS SDK client
class IamGroupManager
# Initializes the IamGroupManager class
# @param iam_client [Aws::IAM::Client] An instance of the IAM client
def initialize(iam_client, logger: Logger.new($stdout))
@iam_client = iam_client
@logger = logger
end
# Lists up to a specified number of groups for the account.
# @param count [Integer] The maximum number of groups to list.
# @return [Aws::IAM::Client::Response]
def list_groups(count)
response = @iam_client.list_groups(max_items: count)
response.groups.each do |group|
@logger.info("\t#{group.group_name}")
end
response
rescue Aws::Errors::ServiceError => e
@logger.error("Couldn't list groups for the account. Here's why:")
@logger.error("\t#{e.code}: #{e.message}")
raise
end
end
```
+ Per i dettagli sull'API, [ListGroups](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/ListGroups)consulta *AWS SDK per Ruby API Reference*.
### `ListPolicies`
Il seguente esempio di codice mostra come utilizzare`ListPolicies`.
**SDK per Ruby**
C'è altro da fare GitHub. Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/ruby/example_code/iam#code-examples).
Questo modulo di esempio elenca, crea, collega e scollega le policy relative ai ruoli.
```
# Manages policies in AWS Identity and Access Management (IAM)
class RolePolicyManager
# Initialize with an AWS IAM client
#
# @param iam_client [Aws::IAM::Client] An initialized IAM client
def initialize(iam_client, logger: Logger.new($stdout))
@iam_client = iam_client
@logger = logger
@logger.progname = 'PolicyManager'
end
# Creates a policy
#
# @param policy_name [String] The name of the policy
# @param policy_document [Hash] The policy document
# @return [String] The policy ARN if successful, otherwise nil
def create_policy(policy_name, policy_document)
response = @iam_client.create_policy(
policy_name: policy_name,
policy_document: policy_document.to_json
)
response.policy.arn
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error creating policy: #{e.message}")
nil
end
# Fetches an IAM policy by its ARN
# @param policy_arn [String] the ARN of the IAM policy to retrieve
# @return [Aws::IAM::Types::GetPolicyResponse] the policy object if found
def get_policy(policy_arn)
response = @iam_client.get_policy(policy_arn: policy_arn)
policy = response.policy
@logger.info("Got policy '#{policy.policy_name}'. Its ID is: #{policy.policy_id}.")
policy
rescue Aws::IAM::Errors::NoSuchEntity
@logger.error("Couldn't get policy '#{policy_arn}'. The policy does not exist.")
raise
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Couldn't get policy '#{policy_arn}'. Here's why: #{e.code}: #{e.message}")
raise
end
# Attaches a policy to a role
#
# @param role_name [String] The name of the role
# @param policy_arn [String] The policy ARN
# @return [Boolean] true if successful, false otherwise
def attach_policy_to_role(role_name, policy_arn)
@iam_client.attach_role_policy(
role_name: role_name,
policy_arn: policy_arn
)
true
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error attaching policy to role: #{e.message}")
false
end
# Lists policy ARNs attached to a role
#
# @param role_name [String] The name of the role
# @return [Array] List of policy ARNs
def list_attached_policy_arns(role_name)
response = @iam_client.list_attached_role_policies(role_name: role_name)
response.attached_policies.map(&:policy_arn)
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error listing policies attached to role: #{e.message}")
[]
end
# Detaches a policy from a role
#
# @param role_name [String] The name of the role
# @param policy_arn [String] The policy ARN
# @return [Boolean] true if successful, false otherwise
def detach_policy_from_role(role_name, policy_arn)
@iam_client.detach_role_policy(
role_name: role_name,
policy_arn: policy_arn
)
true
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error detaching policy from role: #{e.message}")
false
end
end
```
+ Per i dettagli sull'API, [ListPolicies](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/ListPolicies)consulta *AWS SDK per Ruby API Reference*.
### `ListRolePolicies`
Il seguente esempio di codice mostra come utilizzare`ListRolePolicies`.
**SDK per Ruby**
C'è altro da fare GitHub. Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/ruby/example_code/iam#code-examples).
```
# Lists policy ARNs attached to a role
#
# @param role_name [String] The name of the role
# @return [Array] List of policy ARNs
def list_attached_policy_arns(role_name)
response = @iam_client.list_attached_role_policies(role_name: role_name)
response.attached_policies.map(&:policy_arn)
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error listing policies attached to role: #{e.message}")
[]
end
```
+ Per i dettagli sull'API, [ListRolePolicies](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/ListRolePolicies)consulta *AWS SDK per Ruby API Reference*.
### `ListRoles`
Il seguente esempio di codice mostra come utilizzare`ListRoles`.
**SDK per Ruby**
C'è altro da fare GitHub. Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/ruby/example_code/iam#code-examples).
```
# Lists IAM roles up to a specified count.
# @param count [Integer] the maximum number of roles to list.
# @return [Array] the names of the roles.
def list_roles(count)
role_names = []
roles_counted = 0
@iam_client.list_roles.each_page do |page|
page.roles.each do |role|
break if roles_counted >= count
@logger.info("\t#{roles_counted + 1}: #{role.role_name}")
role_names << role.role_name
roles_counted += 1
end
break if roles_counted >= count
end
role_names
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Couldn't list roles for the account. Here's why:")
@logger.error("\t#{e.code}: #{e.message}")
raise
end
```
+ Per i dettagli sull'API, [ListRoles](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/ListRoles)consulta *AWS SDK per Ruby API Reference*.
### `ListSAMLProviders`
Il seguente esempio di codice mostra come utilizzare`ListSAMLProviders`.
**SDK per Ruby**
C'è altro da fare GitHub. Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/ruby/example_code/iam#code-examples).
```
class SamlProviderLister
# Initializes the SamlProviderLister with IAM client and a logger.
# @param iam_client [Aws::IAM::Client] The IAM client object.
# @param logger [Logger] The logger object for logging output.
def initialize(iam_client, logger = Logger.new($stdout))
@iam_client = iam_client
@logger = logger
end
# Lists up to a specified number of SAML providers for the account.
# @param count [Integer] The maximum number of providers to list.
# @return [Aws::IAM::Client::Response]
def list_saml_providers(count)
response = @iam_client.list_saml_providers
response.saml_provider_list.take(count).each do |provider|
@logger.info("\t#{provider.arn}")
end
response
rescue Aws::Errors::ServiceError => e
@logger.error("Couldn't list SAML providers. Here's why:")
@logger.error("\t#{e.code}: #{e.message}")
raise
end
end
```
+ Per i dettagli sull'API, consulta [List SAMLProviders](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/ListSAMLProviders) in *AWS SDK per Ruby API Reference*.
### `ListServerCertificates`
Il seguente esempio di codice mostra come utilizzare`ListServerCertificates`.
**SDK per Ruby**
C'è altro da fare GitHub. Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/ruby/example_code/iam#code-examples).
Elenca, aggiorna ed elimina i certificati server.
```
class ServerCertificateManager
def initialize(iam_client, logger: Logger.new($stdout))
@iam_client = iam_client
@logger = logger
@logger.progname = 'ServerCertificateManager'
end
# Creates a new server certificate.
# @param name [String] the name of the server certificate
# @param certificate_body [String] the contents of the certificate
# @param private_key [String] the private key contents
# @return [Boolean] returns true if the certificate was successfully created
def create_server_certificate(name, certificate_body, private_key)
@iam_client.upload_server_certificate({
server_certificate_name: name,
certificate_body: certificate_body,
private_key: private_key
})
true
rescue Aws::IAM::Errors::ServiceError => e
puts "Failed to create server certificate: #{e.message}"
false
end
# Lists available server certificate names.
def list_server_certificate_names
response = @iam_client.list_server_certificates
if response.server_certificate_metadata_list.empty?
@logger.info('No server certificates found.')
return
end
response.server_certificate_metadata_list.each do |certificate_metadata|
@logger.info("Certificate Name: #{certificate_metadata.server_certificate_name}")
end
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error listing server certificates: #{e.message}")
end
# Updates the name of a server certificate.
def update_server_certificate_name(current_name, new_name)
@iam_client.update_server_certificate(
server_certificate_name: current_name,
new_server_certificate_name: new_name
)
@logger.info("Server certificate name updated from '#{current_name}' to '#{new_name}'.")
true
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error updating server certificate name: #{e.message}")
false
end
# Deletes a server certificate.
def delete_server_certificate(name)
@iam_client.delete_server_certificate(server_certificate_name: name)
@logger.info("Server certificate '#{name}' deleted.")
true
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error deleting server certificate: #{e.message}")
false
end
end
```
+ Per i dettagli sull'API, [ListServerCertificates](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/ListServerCertificates)consulta *AWS SDK per Ruby API Reference*.
### `ListUsers`
Il seguente esempio di codice mostra come utilizzare`ListUsers`.
**SDK per Ruby**
C'è altro da fare GitHub. Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/ruby/example_code/iam#code-examples).
```
# Lists all users in the AWS account
#
# @return [Array] An array of user objects
def list_users
users = []
@iam_client.list_users.each_page do |page|
page.users.each do |user|
users << user
end
end
users
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error listing users: #{e.message}")
[]
end
```
+ Per i dettagli sull'API, [ListUsers](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/ListUsers)consulta *AWS SDK per Ruby API Reference*.
### `PutUserPolicy`
Il seguente esempio di codice mostra come utilizzare`PutUserPolicy`.
**SDK per Ruby**
C'è altro da fare GitHub. Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/ruby/example_code/iam#code-examples).
```
# Creates an inline policy for a specified user.
# @param username [String] The name of the IAM user.
# @param policy_name [String] The name of the policy to create.
# @param policy_document [String] The JSON policy document.
# @return [Boolean]
def create_user_policy(username, policy_name, policy_document)
@iam_client.put_user_policy({
user_name: username,
policy_name: policy_name,
policy_document: policy_document
})
@logger.info("Policy #{policy_name} created for user #{username}.")
true
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Couldn't create policy #{policy_name} for user #{username}. Here's why:")
@logger.error("\t#{e.code}: #{e.message}")
false
end
```
+ Per i dettagli sull'API, [PutUserPolicy](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/PutUserPolicy)consulta *AWS SDK per Ruby API Reference*.
### `UpdateServerCertificate`
Il seguente esempio di codice mostra come utilizzare`UpdateServerCertificate`.
**SDK per Ruby**
C'è altro da fare GitHub. Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/ruby/example_code/iam#code-examples).
Elenca, aggiorna ed elimina i certificati server.
```
class ServerCertificateManager
def initialize(iam_client, logger: Logger.new($stdout))
@iam_client = iam_client
@logger = logger
@logger.progname = 'ServerCertificateManager'
end
# Creates a new server certificate.
# @param name [String] the name of the server certificate
# @param certificate_body [String] the contents of the certificate
# @param private_key [String] the private key contents
# @return [Boolean] returns true if the certificate was successfully created
def create_server_certificate(name, certificate_body, private_key)
@iam_client.upload_server_certificate({
server_certificate_name: name,
certificate_body: certificate_body,
private_key: private_key
})
true
rescue Aws::IAM::Errors::ServiceError => e
puts "Failed to create server certificate: #{e.message}"
false
end
# Lists available server certificate names.
def list_server_certificate_names
response = @iam_client.list_server_certificates
if response.server_certificate_metadata_list.empty?
@logger.info('No server certificates found.')
return
end
response.server_certificate_metadata_list.each do |certificate_metadata|
@logger.info("Certificate Name: #{certificate_metadata.server_certificate_name}")
end
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error listing server certificates: #{e.message}")
end
# Updates the name of a server certificate.
def update_server_certificate_name(current_name, new_name)
@iam_client.update_server_certificate(
server_certificate_name: current_name,
new_server_certificate_name: new_name
)
@logger.info("Server certificate name updated from '#{current_name}' to '#{new_name}'.")
true
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error updating server certificate name: #{e.message}")
false
end
# Deletes a server certificate.
def delete_server_certificate(name)
@iam_client.delete_server_certificate(server_certificate_name: name)
@logger.info("Server certificate '#{name}' deleted.")
true
rescue Aws::IAM::Errors::ServiceError => e
@logger.error("Error deleting server certificate: #{e.message}")
false
end
end
```
+ Per i dettagli sull'API, [UpdateServerCertificate](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/UpdateServerCertificate)consulta *AWS SDK per Ruby API Reference*.
### `UpdateUser`
Il seguente esempio di codice mostra come utilizzare`UpdateUser`.
**SDK per Ruby**
C'è altro da fare GitHub. Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/ruby/example_code/iam#code-examples).
```
# Updates an IAM user's name
#
# @param current_name [String] The current name of the user
# @param new_name [String] The new name of the user
def update_user_name(current_name, new_name)
@iam_client.update_user(user_name: current_name, new_user_name: new_name)
true
rescue StandardError => e
@logger.error("Error updating user name from '#{current_name}' to '#{new_name}': #{e.message}")
false
end
```
+ Per i dettagli sull'API, [UpdateUser](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/UpdateUser)consulta *AWS SDK per Ruby API Reference*.