com.amazonaws.services.iamrolesanywhere

Class AWSIAMRolesAnywhereClient

java.lang.Object

com.amazonaws.AmazonWebServiceClient

com.amazonaws.services.iamrolesanywhere.AWSIAMRolesAnywhereClient

All Implemented Interfaces:

AWSIAMRolesAnywhere

Direct Known Subclasses:

AWSIAMRolesAnywhereAsyncClient

@ThreadSafe
 @Generated(value="com.amazonaws:aws-java-sdk-code-generator")
public class AWSIAMRolesAnywhereClient
extends AmazonWebServiceClient
implements AWSIAMRolesAnywhere

Client for accessing IAM Roles Anywhere. All service calls made using this client are blocking, and will not return until the service call completes.

AWS Identity and Access Management Roles Anywhere provides a secure way for your workloads such as servers, containers, and applications running outside of AWS to obtain Temporary AWS credentials. Your workloads can use the same IAM policies and roles that you have configured with native AWS applications to access AWS resources. Using IAM Roles Anywhere will eliminate the need to manage long term credentials for workloads running outside of AWS.

To use IAM Roles Anywhere customer workloads will need to use X.509 certificates issued by their Certificate Authority (CA) . The Certificate Authority (CA) needs to be registered with IAM Roles Anywhere as a trust anchor to establish trust between customer PKI and IAM Roles Anywhere. Customers who do not manage their own PKI system can use AWS Certificate Manager Private Certificate Authority (ACM PCA) to create a Certificate Authority and use that to establish trust with IAM Roles Anywhere

This guide describes the IAM rolesanywhere operations that you can call programmatically. For general information about IAM Roles Anywhere see https://docs.aws.amazon.com/

Field Summary

Fields

Modifier and Type	Field and Description
protected static ClientConfigurationFactory	configFactory Client configuration factory providing ClientConfigurations tailored to this client

Fields inherited from class com.amazonaws.AmazonWebServiceClient

client, clientConfiguration, endpoint, isEndpointOverridden, LOGGING_AWS_REQUEST_METRIC, requestHandler2s, timeOffset

Fields inherited from interface com.amazonaws.services.iamrolesanywhere.AWSIAMRolesAnywhere

ENDPOINT_PREFIX

Method Summary

Modifier and Type	Method and Description
static AWSIAMRolesAnywhereClientBuilder	builder()
CreateProfileResult	createProfile(CreateProfileRequest request) Creates a profile.
CreateTrustAnchorResult	createTrustAnchor(CreateTrustAnchorRequest request) Creates a trust anchor.
DeleteCrlResult	deleteCrl(DeleteCrlRequest request) Deletes a certificate revocation list (CRL).
DeleteProfileResult	deleteProfile(DeleteProfileRequest request) Deletes a profile.
DeleteTrustAnchorResult	deleteTrustAnchor(DeleteTrustAnchorRequest request) Deletes a trust anchor.
DisableCrlResult	disableCrl(DisableCrlRequest request) Disables a certificate revocation list (CRL).
DisableProfileResult	disableProfile(DisableProfileRequest request) Disables a profile.
DisableTrustAnchorResult	disableTrustAnchor(DisableTrustAnchorRequest request) Disables a trust anchor.
EnableCrlResult	enableCrl(EnableCrlRequest request) Enables a certificate revocation list (CRL).
EnableProfileResult	enableProfile(EnableProfileRequest request) Enables the roles in a profile to receive session credentials in CreateSession.
EnableTrustAnchorResult	enableTrustAnchor(EnableTrustAnchorRequest request) Enables a trust anchor.
ResponseMetadata	getCachedResponseMetadata(AmazonWebServiceRequest request) Returns additional metadata for a previously executed successful, request, typically used for debugging issues where a service isn't acting as expected.
GetCrlResult	getCrl(GetCrlRequest request) Gets a certificate revocation list (CRL).
GetProfileResult	getProfile(GetProfileRequest request) Gets a profile.
GetSubjectResult	getSubject(GetSubjectRequest request) Gets a Subject.
GetTrustAnchorResult	getTrustAnchor(GetTrustAnchorRequest request) Gets a trust anchor.
ImportCrlResult	importCrl(ImportCrlRequest request) Imports the certificate revocation list (CRL).
ListCrlsResult	listCrls(ListCrlsRequest request) Lists all Crls in the authenticated account and Amazon Web Services Region.
ListProfilesResult	listProfiles(ListProfilesRequest request) Lists all profiles in the authenticated account and Amazon Web Services Region.
ListSubjectsResult	listSubjects(ListSubjectsRequest request) Lists the subjects in the authenticated account and Amazon Web Services Region.
ListTagsForResourceResult	listTagsForResource(ListTagsForResourceRequest request) Lists the tags attached to the resource.
ListTrustAnchorsResult	listTrustAnchors(ListTrustAnchorsRequest request) Lists the trust anchors in the authenticated account and Amazon Web Services Region.
void	shutdown() Shuts down this client object, releasing any resources that might be held open.
TagResourceResult	tagResource(TagResourceRequest request) Attaches tags to a resource.
UntagResourceResult	untagResource(UntagResourceRequest request) Removes tags from the resource.
UpdateCrlResult	updateCrl(UpdateCrlRequest request) Updates the certificate revocation list (CRL).
UpdateProfileResult	updateProfile(UpdateProfileRequest request) Updates the profile.
UpdateTrustAnchorResult	updateTrustAnchor(UpdateTrustAnchorRequest request) Updates the trust anchor.You establish trust between IAM Roles Anywhere and your certificate authority (CA) by configuring a trust anchor.

Methods inherited from class com.amazonaws.AmazonWebServiceClient

addRequestHandler, addRequestHandler, beforeClientExecution, beforeMarshalling, calculateCRC32FromCompressedData, checkMutability, configureRegion, createExecutionContext, createExecutionContext, createExecutionContext, createSignerProvider, endClientExecution, endClientExecution, getClientConfiguration, getClientId, getEndpointPrefix, getMonitoringListeners, getRequestMetricsCollector, getServiceAbbreviation, getServiceName, getServiceNameIntern, getSigner, getSignerByURI, getSignerOverride, getSignerProvider, getSignerRegionOverride, getSigningRegion, getTimeOffset, isCsmEnabled, isEndpointOverridden, isProfilingEnabled, isRequestMetricsEnabled, makeImmutable, removeRequestHandler, removeRequestHandler, requestMetricCollector, setEndpoint, setEndpoint, setEndpointPrefix, setRegion, setServiceNameIntern, setSignerRegionOverride, setTimeOffset, shouldGenerateClientSideMonitoringEvents, useStrictHostNameVerification, withEndpoint, withRegion, withRegion, withTimeOffset

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

configFactory

protected static final ClientConfigurationFactory configFactory

Client configuration factory providing ClientConfigurations tailored to this client

Method Detail

builder

public static AWSIAMRolesAnywhereClientBuilder builder()

createProfile

public CreateProfileResult createProfile(CreateProfileRequest request)

Creates a profile. A profile is configuration resource to list the roles that RolesAnywhere service is trusted to assume. In addition, by applying a profile you can intersect permissions with IAM managed policies.

Required permissions: rolesanywhere:CreateProfile.

Specified by:

createProfile in interface AWSIAMRolesAnywhere

Parameters:

createProfileRequest -

Returns:

Result of the CreateProfile operation returned by the service.

Throws:

ValidationException - Validation exception error.

AccessDeniedException - You do not have sufficient access to perform this action.

See Also:

AWS API Documentation

createTrustAnchor

public CreateTrustAnchorResult createTrustAnchor(CreateTrustAnchorRequest request)

Creates a trust anchor. You establish trust between IAM Roles Anywhere and your certificate authority (CA) by configuring a trust anchor. A Trust Anchor is defined either as a reference to a AWS Certificate Manager Private Certificate Authority (ACM PCA), or by uploading a Certificate Authority (CA) certificate. Your AWS workloads can authenticate with the trust anchor using certificates issued by the trusted Certificate Authority (CA) in exchange for temporary AWS credentials.

Required permissions: rolesanywhere:CreateTrustAnchor.

Specified by:

createTrustAnchor in interface AWSIAMRolesAnywhere

Parameters:

createTrustAnchorRequest -

Returns:

Result of the CreateTrustAnchor operation returned by the service.

Throws:

ValidationException - Validation exception error.

AccessDeniedException - You do not have sufficient access to perform this action.

See Also:

AWS API Documentation

deleteCrl

public DeleteCrlResult deleteCrl(DeleteCrlRequest request)

Deletes a certificate revocation list (CRL).

Required permissions: rolesanywhere:DeleteCrl.

Specified by:

deleteCrl in interface AWSIAMRolesAnywhere

Parameters:

deleteCrlRequest -

Returns:

Result of the DeleteCrl operation returned by the service.

Throws:

ResourceNotFoundException - The resource could not be found.

AccessDeniedException - You do not have sufficient access to perform this action.

See Also:

AWS API Documentation

deleteProfile

public DeleteProfileResult deleteProfile(DeleteProfileRequest request)

Deletes a profile.

Required permissions: rolesanywhere:DeleteProfile.

Specified by:

deleteProfile in interface AWSIAMRolesAnywhere

Parameters:

deleteProfileRequest -

Returns:

Result of the DeleteProfile operation returned by the service.

Throws:

ResourceNotFoundException - The resource could not be found.

AccessDeniedException - You do not have sufficient access to perform this action.

See Also:

AWS API Documentation

deleteTrustAnchor

public DeleteTrustAnchorResult deleteTrustAnchor(DeleteTrustAnchorRequest request)

Deletes a trust anchor.

Required permissions: rolesanywhere:DeleteTrustAnchor.

Specified by:

deleteTrustAnchor in interface AWSIAMRolesAnywhere

Parameters:

deleteTrustAnchorRequest -

Returns:

Result of the DeleteTrustAnchor operation returned by the service.

Throws:

ResourceNotFoundException - The resource could not be found.

AccessDeniedException - You do not have sufficient access to perform this action.

See Also:

AWS API Documentation

disableCrl

public DisableCrlResult disableCrl(DisableCrlRequest request)

Disables a certificate revocation list (CRL).

Required permissions: rolesanywhere:DisableCrl.

Specified by:

disableCrl in interface AWSIAMRolesAnywhere

Parameters:

disableCrlRequest -

Returns:

Result of the DisableCrl operation returned by the service.

Throws:

ResourceNotFoundException - The resource could not be found.

AccessDeniedException - You do not have sufficient access to perform this action.

See Also:

AWS API Documentation

disableProfile

public DisableProfileResult disableProfile(DisableProfileRequest request)

Disables a profile. When disabled, CreateSession requests with this profile fail.

Required permissions: rolesanywhere:DisableProfile.

Specified by:

disableProfile in interface AWSIAMRolesAnywhere

Parameters:

disableProfileRequest -

Returns:

Result of the DisableProfile operation returned by the service.

Throws:

ResourceNotFoundException - The resource could not be found.

AccessDeniedException - You do not have sufficient access to perform this action.

See Also:

AWS API Documentation

disableTrustAnchor

public DisableTrustAnchorResult disableTrustAnchor(DisableTrustAnchorRequest request)

Disables a trust anchor. When disabled, CreateSession requests specifying this trust anchor are unauthorized.

Required permissions: rolesanywhere:DisableTrustAnchor.

Specified by:

disableTrustAnchor in interface AWSIAMRolesAnywhere

Parameters:

disableTrustAnchorRequest -

Returns:

Result of the DisableTrustAnchor operation returned by the service.

Throws:

ResourceNotFoundException - The resource could not be found.

AccessDeniedException - You do not have sufficient access to perform this action.

See Also:

AWS API Documentation

enableCrl

public EnableCrlResult enableCrl(EnableCrlRequest request)

Enables a certificate revocation list (CRL). When enabled, certificates stored in the CRL are unauthorized to receive session credentials.

Required permissions: rolesanywhere:EnableCrl.

Specified by:

enableCrl in interface AWSIAMRolesAnywhere

Parameters:

enableCrlRequest -

Returns:

Result of the EnableCrl operation returned by the service.

Throws:

ResourceNotFoundException - The resource could not be found.

AccessDeniedException - You do not have sufficient access to perform this action.

See Also:

AWS API Documentation

enableProfile

public EnableProfileResult enableProfile(EnableProfileRequest request)

Enables the roles in a profile to receive session credentials in CreateSession.

Required permissions: rolesanywhere:EnableProfile.

Specified by:

enableProfile in interface AWSIAMRolesAnywhere

Parameters:

enableProfileRequest -

Returns:

Result of the EnableProfile operation returned by the service.

Throws:

ResourceNotFoundException - The resource could not be found.

AccessDeniedException - You do not have sufficient access to perform this action.

See Also:

AWS API Documentation

enableTrustAnchor

public EnableTrustAnchorResult enableTrustAnchor(EnableTrustAnchorRequest request)

Enables a trust anchor. When enabled, certificates in the trust anchor chain are authorized for trust validation.

Required permissions: rolesanywhere:EnableTrustAnchor.

Specified by:

enableTrustAnchor in interface AWSIAMRolesAnywhere

Parameters:

enableTrustAnchorRequest -

Returns:

Result of the EnableTrustAnchor operation returned by the service.

Throws:

ResourceNotFoundException - The resource could not be found.

AccessDeniedException - You do not have sufficient access to perform this action.

See Also:

AWS API Documentation

getCrl

public GetCrlResult getCrl(GetCrlRequest request)

Gets a certificate revocation list (CRL).

Required permissions: rolesanywhere:GetCrl.

Specified by:

getCrl in interface AWSIAMRolesAnywhere

Parameters:

getCrlRequest -

Returns:

Result of the GetCrl operation returned by the service.

Throws:

ResourceNotFoundException - The resource could not be found.

See Also:

AWS API Documentation

getProfile

public GetProfileResult getProfile(GetProfileRequest request)

Gets a profile.

Required permissions: rolesanywhere:GetProfile.

Specified by:

getProfile in interface AWSIAMRolesAnywhere

Parameters:

getProfileRequest -

Returns:

Result of the GetProfile operation returned by the service.

Throws:

ResourceNotFoundException - The resource could not be found.

AccessDeniedException - You do not have sufficient access to perform this action.

See Also:

AWS API Documentation

getSubject

public GetSubjectResult getSubject(GetSubjectRequest request)

Gets a Subject. A Subject associates a certificate identity with authentication attempts by CreateSession. The Subject resources stores audit information such as status of the last authentication attempt, the certificate data used in the attempt, and the last time the associated identity attempted authentication.

Required permissions: rolesanywhere:GetSubject.

Specified by:

getSubject in interface AWSIAMRolesAnywhere

Parameters:

getSubjectRequest -

Returns:

Result of the GetSubject operation returned by the service.

Throws:

ResourceNotFoundException - The resource could not be found.

AccessDeniedException - You do not have sufficient access to perform this action.

See Also:

AWS API Documentation

getTrustAnchor

public GetTrustAnchorResult getTrustAnchor(GetTrustAnchorRequest request)

Gets a trust anchor.

Required permissions: rolesanywhere:GetTrustAnchor.

Specified by:

getTrustAnchor in interface AWSIAMRolesAnywhere

Parameters:

getTrustAnchorRequest -

Returns:

Result of the GetTrustAnchor operation returned by the service.

Throws:

ValidationException - Validation exception error.

ResourceNotFoundException - The resource could not be found.

AccessDeniedException - You do not have sufficient access to perform this action.

See Also:

AWS API Documentation

importCrl

public ImportCrlResult importCrl(ImportCrlRequest request)

Imports the certificate revocation list (CRL). CRl is a list of certificates that have been revoked by the issuing certificate Authority (CA). IAM Roles Anywhere validates against the crl list before issuing credentials.

Required permissions: rolesanywhere:ImportCrl.

Specified by:

importCrl in interface AWSIAMRolesAnywhere

Parameters:

importCrlRequest -

Returns:

Result of the ImportCrl operation returned by the service.

Throws:

ValidationException - Validation exception error.

AccessDeniedException - You do not have sufficient access to perform this action.

See Also:

AWS API Documentation

listCrls

public ListCrlsResult listCrls(ListCrlsRequest request)

Lists all Crls in the authenticated account and Amazon Web Services Region.

Required permissions: rolesanywhere:ListCrls.

Specified by:

listCrls in interface AWSIAMRolesAnywhere

Parameters:

listCrlsRequest -

Returns:

Result of the ListCrls operation returned by the service.

Throws:

ValidationException - Validation exception error.

AccessDeniedException - You do not have sufficient access to perform this action.

See Also:

AWS API Documentation

listProfiles

public ListProfilesResult listProfiles(ListProfilesRequest request)

Lists all profiles in the authenticated account and Amazon Web Services Region.

Required permissions: rolesanywhere:ListProfiles.

Specified by:

listProfiles in interface AWSIAMRolesAnywhere

Parameters:

listProfilesRequest -

Returns:

Result of the ListProfiles operation returned by the service.

Throws:

ValidationException - Validation exception error.

AccessDeniedException - You do not have sufficient access to perform this action.

See Also:

AWS API Documentation

listSubjects

public ListSubjectsResult listSubjects(ListSubjectsRequest request)

Lists the subjects in the authenticated account and Amazon Web Services Region.

Required permissions: rolesanywhere:ListSubjects.

Specified by:

listSubjects in interface AWSIAMRolesAnywhere

Parameters:

listSubjectsRequest -

Returns:

Result of the ListSubjects operation returned by the service.

Throws:

ValidationException - Validation exception error.

AccessDeniedException - You do not have sufficient access to perform this action.

See Also:

AWS API Documentation

listTagsForResource

public ListTagsForResourceResult listTagsForResource(ListTagsForResourceRequest request)

Lists the tags attached to the resource.

Required permissions: rolesanywhere:ListTagsForResource.

Specified by:

listTagsForResource in interface AWSIAMRolesAnywhere

Parameters:

listTagsForResourceRequest -

Returns:

Result of the ListTagsForResource operation returned by the service.

Throws:

ValidationException - Validation exception error.

ResourceNotFoundException - The resource could not be found.

AccessDeniedException - You do not have sufficient access to perform this action.

See Also:

AWS API Documentation

listTrustAnchors

public ListTrustAnchorsResult listTrustAnchors(ListTrustAnchorsRequest request)

Lists the trust anchors in the authenticated account and Amazon Web Services Region.

Required permissions: rolesanywhere:ListTrustAnchors.

Specified by:

listTrustAnchors in interface AWSIAMRolesAnywhere

Parameters:

listTrustAnchorsRequest -

Returns:

Result of the ListTrustAnchors operation returned by the service.

Throws:

ValidationException - Validation exception error.

AccessDeniedException - You do not have sufficient access to perform this action.

See Also:

AWS API Documentation

tagResource

public TagResourceResult tagResource(TagResourceRequest request)

Attaches tags to a resource.

Required permissions: rolesanywhere:TagResource.

Specified by:

tagResource in interface AWSIAMRolesAnywhere

Parameters:

tagResourceRequest -

Returns:

Result of the TagResource operation returned by the service.

Throws:

ValidationException - Validation exception error.

ResourceNotFoundException - The resource could not be found.

AccessDeniedException - You do not have sufficient access to perform this action.

TooManyTagsException - Too many tags.

See Also:

AWS API Documentation

untagResource

public UntagResourceResult untagResource(UntagResourceRequest request)

Removes tags from the resource.

Required permissions: rolesanywhere:UntagResource.

Specified by:

untagResource in interface AWSIAMRolesAnywhere

Parameters:

untagResourceRequest -

Returns:

Result of the UntagResource operation returned by the service.

Throws:

ValidationException - Validation exception error.

ResourceNotFoundException - The resource could not be found.

AccessDeniedException - You do not have sufficient access to perform this action.

See Also:

AWS API Documentation

updateCrl

public UpdateCrlResult updateCrl(UpdateCrlRequest request)

Updates the certificate revocation list (CRL). CRl is a list of certificates that have been revoked by the issuing certificate Authority (CA). IAM Roles Anywhere validates against the crl list before issuing credentials.

Required permissions: rolesanywhere:UpdateCrl.

Specified by:

updateCrl in interface AWSIAMRolesAnywhere

Parameters:

updateCrlRequest -

Returns:

Result of the UpdateCrl operation returned by the service.

Throws:

ValidationException - Validation exception error.

ResourceNotFoundException - The resource could not be found.

AccessDeniedException - You do not have sufficient access to perform this action.

See Also:

AWS API Documentation

updateProfile

public UpdateProfileResult updateProfile(UpdateProfileRequest request)

Updates the profile. A profile is configuration resource to list the roles that RolesAnywhere service is trusted to assume. In addition, by applying a profile you can scope-down permissions with IAM managed policies.

Required permissions: rolesanywhere:UpdateProfile.

Specified by:

updateProfile in interface AWSIAMRolesAnywhere

Parameters:

updateProfileRequest -

Returns:

Result of the UpdateProfile operation returned by the service.

Throws:

ValidationException - Validation exception error.

ResourceNotFoundException - The resource could not be found.

AccessDeniedException - You do not have sufficient access to perform this action.

See Also:

AWS API Documentation

updateTrustAnchor

public UpdateTrustAnchorResult updateTrustAnchor(UpdateTrustAnchorRequest request)

Updates the trust anchor.You establish trust between IAM Roles Anywhere and your certificate authority (CA) by configuring a trust anchor. A Trust Anchor is defined either as a reference to a AWS Certificate Manager Private Certificate Authority (ACM PCA), or by uploading a Certificate Authority (CA) certificate. Your AWS workloads can authenticate with the trust anchor using certificates issued by the trusted Certificate Authority (CA) in exchange for temporary AWS credentials.

Required permissions: rolesanywhere:UpdateTrustAnchor.

Specified by:

updateTrustAnchor in interface AWSIAMRolesAnywhere

Parameters:

updateTrustAnchorRequest -

Returns:

Result of the UpdateTrustAnchor operation returned by the service.

Throws:

ValidationException - Validation exception error.

ResourceNotFoundException - The resource could not be found.

AccessDeniedException - You do not have sufficient access to perform this action.

See Also:

AWS API Documentation

getCachedResponseMetadata

public ResponseMetadata getCachedResponseMetadata(AmazonWebServiceRequest request)

Returns additional metadata for a previously executed successful, request, typically used for debugging issues where a service isn't acting as expected. This data isn't considered part of the result data returned by an operation, so it's available through this separate, diagnostic interface.

Response metadata is only cached for a limited period of time, so if you need to access this extra diagnostic information for an executed request, you should use this method to retrieve it as soon as possible after executing the request.

Specified by:

getCachedResponseMetadata in interface AWSIAMRolesAnywhere

Parameters:

request - The originally executed request

Returns:

The response metadata for the specified request, or null if none is available.

shutdown

public void shutdown()

Description copied from interface: AWSIAMRolesAnywhere

Shuts down this client object, releasing any resources that might be held open. This is an optional method, and callers are not expected to call it, but can if they want to explicitly release any open resources. Once a client has been shutdown, it should not be used to make any more requests.

Specified by:

shutdown in interface AWSIAMRolesAnywhere

Overrides:

shutdown in class AmazonWebServiceClient