r102168 MediaWiki - Code Review archive

Repository:MediaWiki
Revision:r102167‎ | r102168 | r102169 >
Date:10:17, 6 November 2011
Author:reedy
Status:deferred
Tags:
Comment:
aws-sdk 1.4.6
Modified paths:
  • /trunk/extensions/OpenStackManager/aws-sdk/_docs/CHANGELOG.md (modified) (history)
  • /trunk/extensions/OpenStackManager/aws-sdk/sdk.class.php (modified) (history)
  • /trunk/extensions/OpenStackManager/aws-sdk/services/iam.class.php (modified) (history)

Diff [purge]

Index: trunk/extensions/OpenStackManager/aws-sdk/_docs/CHANGELOG.md
@@ -1,3 +1,15 @@
 2+# Changelog: 1.4.6 "Xezat"
 3+<http://finalfantasy.wikia.com/wiki/Xezat>
 4+
 5+Launched Thursday, November 3, 2011
 6+
 7+## Service Classes
 8+### AmazonIAM
 9+* **New:** Support for a virtual MFA device. A virtual MFA device uses a software application that can generate six-digit authentication codes that are Open AuTHentication Time-based One-Time Password (OATHTOTP)-compatible. The software application can run on any mobile hardware device, including a smartphone.
 10+
 11+
 12+----
 13+
214 # Changelog: 1.4.5 "Weiss"
315 <http://finalfantasy.wikia.com/wiki/Weiss>
416
Index: trunk/extensions/OpenStackManager/aws-sdk/sdk.class.php
@@ -125,9 +125,9 @@
126126 // INTERMEDIARY CONSTANTS
127127
128128 define('CFRUNTIME_NAME', 'aws-sdk-php');
129 -define('CFRUNTIME_VERSION', '1.4.5');
 129+define('CFRUNTIME_VERSION', '1.4.6');
130130 // define('CFRUNTIME_BUILD', gmdate('YmdHis', filemtime(__FILE__))); // @todo: Hardcode for release.
131 -define('CFRUNTIME_BUILD', '20111021191027');
 131+define('CFRUNTIME_BUILD', '20111103191027');
132132 define('CFRUNTIME_USERAGENT', CFRUNTIME_NAME . '/' . CFRUNTIME_VERSION . ' PHP/' . PHP_VERSION . ' ' . str_replace(' ', '_', php_uname('s')) . '/' . str_replace(' ', '_', php_uname('r')) . ' Arch/' . php_uname('m') . ' SAPI/' . php_sapi_name() . ' Integer/' . PHP_INT_MAX . ' Build/' . CFRUNTIME_BUILD . __aws_sdk_ua_callback());
133133
134134
Index: trunk/extensions/OpenStackManager/aws-sdk/services/iam.class.php
@@ -15,40 +15,46 @@
1616 */
1717
1818 /**
 19+ * This is the Amazon Web Services (AWS) Identity and Access Management (IAM) API Reference. This
 20+ * guide provides descriptions of the IAM API as well as links to related content in the guide,
 21+ * <a href="http://docs.amazonwebservices.com/IAM/latest/UserGuide/" target="_blank">Using
 22+ * IAM</a>.
1923 *
 24+ * IAM is a web service that enables AWS customers to manage users and user permissions under
 25+ * their AWS account. For more information about this product go to <a href=
 26+ * "http://aws.amazon.com/iam/" target="_blank">AWS Identity and Access Management (IAM)</a>. For
 27+ * specific information about setting up signatures and authorization through the API, go to
 28+ * <a href="http://docs.amazonwebservices.com/IAM/latest/UserGuide/IAM_UsingQueryAPI.html" target=
 29+ * "_blank">Making Query Requests</a> in <em>Using AWS Identity and Access Management</em>.
2030 *
21 - * This is the AWS Identity and Access Management (IAM) API Reference. This guide provides descriptions of the IAM API as well as links to
22 - * related content in the guide, <a href="http://docs.amazonwebservices.com/IAM/latest/UserGuide/">Using IAM</a>.
 31+ * If you're new to AWS and need additional technical information about a specific AWS product,
 32+ * you can find the product'stechnical documentation at <a href=
 33+ * "http://aws.amazon.com/documentation/" target=
 34+ * "_blank">http://aws.amazon.com/documentation/</a>.
2335 *
24 - * AWS Identity and Access Management (IAM) is a web service that enables Amazon Web Services (AWS) customers to manage Users and User
25 - * permissions under their AWS Account.
 36+ * We will refer to Amazon AWS Identity and Access Management using the abbreviated form IAM. All
 37+ * copyrights and legal protections still apply.
2638 *
27 - * For more information about this product go to <a href="http://aws.amazon.com/iam/">AWS Identity and Access Management (IAM)</a>. For
28 - * specific information about setting up signatures and authorization through the API, go to <a
29 - * href="http://docs.amazonwebservices.com/IAM/latest/UserGuide/IAM_UsingQueryAPI.html">Making Query Requests</a> in the Using IAM guide.
30 - *
31 - * If you're new to AWS and need additional technical information about a specific AWS product, you can find the product's technical
32 - * documentation at <a href="http://aws.amazon.com/documentation/">http://aws.amazon.com/documentation/</a>.
33 - *
34 - * We will refer to Amazon AWS Identity and Access Management using the abbreviated form IAM. All copyrights and legal protections still apply.
35 - *
36 - * @version Thu Sep 01 21:21:56 PDT 2011
 39+ * @version 2011.11.03
3740 * @license See the included NOTICE.md file for complete information.
3841 * @copyright See the included NOTICE.md file for complete information.
39 - * @link http://aws.amazon.com/iam/Amazon Identity and Access Management Service
40 - * @link http://aws.amazon.com/documentation/iam/Amazon Identity and Access Management Service documentation
 42+ * @link http://aws.amazon.com/iam/ AWS Identity and Access Management
 43+ * @link http://aws.amazon.com/iam/documentation/ AWS Identity and Access Management documentation
4144 */
4245 class AmazonIAM extends CFRuntime
4346 {
44 -
4547 /*%******************************************************************************************%*/
4648 // CLASS CONSTANTS
4749
4850 /**
49 - * Specify the default queue URL.
 51+ * Specify the queue URL for the United States East (Northern Virginia) Region.
5052 */
51 - const DEFAULT_URL = 'iam.amazonaws.com';
 53+ const REGION_US_E1 = 'iam.amazonaws.com';
5254
 55+ /**
 56+ * Default service endpoint.
 57+ */
 58+ const DEFAULT_URL = self::REGION_US_E1;
5359
5460
5561 /*%******************************************************************************************%*/
@@ -85,307 +91,315 @@
8692
8793
8894 /*%******************************************************************************************%*/
 95+ // SETTERS
 96+
 97+ /**
 98+ * This allows you to explicitly sets the region for the service to use.
 99+ *
 100+ * @param string $region (Required) The region to explicitly set. Available options are <REGION_US_E1>.
 101+ * @return $this A reference to the current instance.
 102+ */
 103+ public function set_region($region)
 104+ {
 105+ $this->set_hostname($region);
 106+ return $this;
 107+ }
 108+
 109+
 110+ /*%******************************************************************************************%*/
89111 // SERVICE METHODS
90112
91113 /**
 114+ * Adds the specified user to the specified group.
92115 *
93 - * Lists the groups that have the specified path prefix.
94 - *
95 - * You can paginate the results using the <code>MaxItems</code> and <code>Marker</code> parameters.
96 - *
 116+ * @param string $group_name (Required) Name of the group to update. [Constraints: The value must be between 1 and 128 characters, and must match the following regular expression pattern: <code>[\w+=,.@-]*</code>]
 117+ * @param string $user_name (Required) Name of the user to add. [Constraints: The value must be between 1 and 64 characters, and must match the following regular expression pattern: <code>[\w+=,.@-]*</code>]
97118 * @param array $opt (Optional) An associative array of parameters that can have the following keys: <ul>
98 - * <li><code>PathPrefix</code> - <code>string</code> - Optional - The path prefix for filtering the results. For example: <code>/division_abc/subdivision_xyz/</code>, which would get all groups whose path starts with <code>/division_abc/subdivision_xyz/</code>. This parameter is optional. If it is not included, it defaults to a slash (/), listing all groups. </li>
99 - * <li><code>Marker</code> - <code>string</code> - Optional - Use this only when paginating results, and only in a subsequent request after you've received a response where the results are truncated. Set it to the value of the <code>Marker</code> element in the response you just received. </li>
100 - * <li><code>MaxItems</code> - <code>integer</code> - Optional - Use this only when paginating results to indicate the maximum number of groups you want in the response. If there are additional groups beyond the maximum you specify, the <code>IsTruncated</code> response element is <code>true</code>. </li>
101119 * <li><code>curlopts</code> - <code>array</code> - Optional - A set of values to pass directly into <code>curl_setopt()</code>, where the key is a pre-defined <code>CURLOPT_*</code> constant.</li>
102120 * <li><code>returnCurlHandle</code> - <code>boolean</code> - Optional - A private toggle specifying that the cURL handle be returned rather than actually completing the request. This toggle is useful for manually managed batch requests.</li></ul>
103121 * @return CFResponse A <CFResponse> object containing a parsed HTTP response.
104122 */
105 - public function list_groups($opt = null)
 123+ public function add_user_to_group($group_name, $user_name, $opt = null)
106124 {
107125 if (!$opt) $opt = array();
 126+ $opt['GroupName'] = $group_name;
 127+ $opt['UserName'] = $user_name;
108128
109 - return $this->authenticate('ListGroups', $opt, $this->hostname);
 129+ return $this->authenticate('AddUserToGroup', $opt, $this->hostname);
110130 }
111131
112132 /**
 133+ * Creates a new AWS Secret Access Key and corresponding AWS Access Key ID for the specified user.
 134+ * The default status for new keys is <code>Active</code>.
113135 *
114 - * Deletes the access key associated with the specified User.
 136+ * If you do not specify a user name, IAM determines the user name implicitly based on the AWS
 137+ * Access Key ID signing the request. Because this action works for access keys under the AWS
 138+ * account, you can use this API to manage root credentials even if the AWS account has no
 139+ * associated users.
115140 *
116 - * If you do not specify a User name, IAM determines the User name implicitly based on the AWS Access Key ID signing the request. Because this
117 - * action works for access keys under the AWS Account, you can use this API to manage root credentials even if the AWS Account has no
118 - * associated Users.
 141+ * For information about limits on the number of keys you can create, see <a href=
 142+ * "http://docs.amazonwebservices.com/IAM/latest/UserGuide/index.html?LimitationsOnEntities.html"
 143+ * target="_blank">Limitations on IAM Entities</a> in <em>Using AWS Identity and Access
 144+ * Management</em>.
119145 *
120 - * @param string $access_key_id (Required) The Access Key ID for the Access Key ID and Secret Access Key you want to delete.
 146+ * <p class="important">
 147+ * To ensure the security of your AWS account, the Secret Access Key is accessible only during key
 148+ * and user creation. You must save the key (for example, in a text file) if you want to be able
 149+ * to access it again. If a secret key is lost, you can delete the access keys for the associated
 150+ * user and then create new keys.
 151+ * </p>
 152+ *
121153 * @param array $opt (Optional) An associative array of parameters that can have the following keys: <ul>
122 - * <li><code>UserName</code> - <code>string</code> - Optional - Name of the User whose key you want to delete. </li>
 154+ * <li><code>UserName</code> - <code>string</code> - Optional - The user name that the new key will belong to. [Constraints: The value must be between 1 and 64 characters, and must match the following regular expression pattern: <code>[\w+=,.@-]*</code>]</li>
123155 * <li><code>curlopts</code> - <code>array</code> - Optional - A set of values to pass directly into <code>curl_setopt()</code>, where the key is a pre-defined <code>CURLOPT_*</code> constant.</li>
124156 * <li><code>returnCurlHandle</code> - <code>boolean</code> - Optional - A private toggle specifying that the cURL handle be returned rather than actually completing the request. This toggle is useful for manually managed batch requests.</li></ul>
125157 * @return CFResponse A <CFResponse> object containing a parsed HTTP response.
126158 */
127 - public function delete_access_key($access_key_id, $opt = null)
 159+ public function create_access_key($opt = null)
128160 {
129161 if (!$opt) $opt = array();
130 - $opt['AccessKeyId'] = $access_key_id;
131162
132 - return $this->authenticate('DeleteAccessKey', $opt, $this->hostname);
 163+ return $this->authenticate('CreateAccessKey', $opt, $this->hostname);
133164 }
134165
135166 /**
 167+ * This action creates an alias for your AWS account. For information about using an AWS account
 168+ * alias, see <a href="http://docs.amazonwebservices.com/IAM/latest/UserGuide/AccountAlias.html"
 169+ * target="_blank">Using an Alias for Your AWS Account ID</a> in <em>Using AWS Identity and Access
 170+ * Management</em>.
136171 *
137 - * Deletes the specified AWS Account alias. For information about using an AWS Account alias, see <a
138 - * href="http://docs.amazonwebservices.com/IAM/latest/UserGuide/AccountAlias.html">Using an Alias for Your AWS Account ID</a> in <i>Using AWS
139 - * Identity and Access Management</i>.
140 - *
141 - * @param string $account_alias (Required) Name of the account alias to delete.
 172+ * @param string $account_alias (Required) Name of the account alias to create. [Constraints: The value must be between 3 and 63 characters, and must match the following regular expression pattern: <code>^[a-z0-9](([a-z0-9]|-(?!-))*[a-z0-9])?$</code>]
142173 * @param array $opt (Optional) An associative array of parameters that can have the following keys: <ul>
143174 * <li><code>curlopts</code> - <code>array</code> - Optional - A set of values to pass directly into <code>curl_setopt()</code>, where the key is a pre-defined <code>CURLOPT_*</code> constant.</li>
144175 * <li><code>returnCurlHandle</code> - <code>boolean</code> - Optional - A private toggle specifying that the cURL handle be returned rather than actually completing the request. This toggle is useful for manually managed batch requests.</li></ul>
145176 * @return CFResponse A <CFResponse> object containing a parsed HTTP response.
146177 */
147 - public function delete_account_alias($account_alias, $opt = null)
 178+ public function create_account_alias($account_alias, $opt = null)
148179 {
149180 if (!$opt) $opt = array();
150181 $opt['AccountAlias'] = $account_alias;
151182
152 - return $this->authenticate('DeleteAccountAlias', $opt, $this->hostname);
 183+ return $this->authenticate('CreateAccountAlias', $opt, $this->hostname);
153184 }
154185
155186 /**
 187+ * Creates a new group.
156188 *
157 - * Returns information about the signing certificates associated with the specified User. If there are none, the action returns an empty list.
 189+ * For information about the number of groups you can create, see <a href=
 190+ * "http://docs.amazonwebservices.com/IAM/latest/UserGuide/index.html?LimitationsOnEntities.html"
 191+ * target="_blank">Limitations on IAM Entities</a> in <em>Using AWS Identity and Access
 192+ * Management</em>.
158193 *
159 - * Although each User is limited to a small number of signing certificates, you can still paginate the results using the <code>MaxItems</code>
160 - * and <code>Marker</code> parameters.
161 - *
162 - * If the <code>UserName</code> field is not specified, the UserName is determined implicitly based on the AWS Access Key ID used to sign the
163 - * request. Because this action works for access keys under the AWS Account, this API can be used to manage root credentials even if the AWS
164 - * Account has no associated Users.
165 - *
 194+ * @param string $group_name (Required) Name of the group to create. Do not include the path in this value. [Constraints: The value must be between 1 and 128 characters, and must match the following regular expression pattern: <code>[\w+=,.@-]*</code>]
166195 * @param array $opt (Optional) An associative array of parameters that can have the following keys: <ul>
167 - * <li><code>UserName</code> - <code>string</code> - Optional - The name of the User. </li>
168 - * <li><code>Marker</code> - <code>string</code> - Optional - Use this only when paginating results, and only in a subsequent request after you've received a response where the results are truncated. Set it to the value of the <code>Marker</code> element in the response you just received. </li>
169 - * <li><code>MaxItems</code> - <code>integer</code> - Optional - Use this only when paginating results to indicate the maximum number of certificate IDs you want in the response. If there are additional certificate IDs beyond the maximum you specify, the <code>IsTruncated</code> response element is <code>true</code>. </li>
 196+ * <li><code>Path</code> - <code>string</code> - Optional - The path to the group. For more information about paths, see <a href="http://docs.amazonwebservices.com/IAM/latest/UserGuide/index.html?Using_Identifiers.html" target="_blank">Identifiers for IAM Entities</a> in <em>Using AWS Identity and Access Management</em>. This parameter is optional. If it is not included, it defaults to a slash (/). [Constraints: The value must be between 1 and 512 characters, and must match the following regular expression pattern: <code>(\u002F)|(\u002F[\u0021-\u007F]+\u002F)</code>]</li>
170197 * <li><code>curlopts</code> - <code>array</code> - Optional - A set of values to pass directly into <code>curl_setopt()</code>, where the key is a pre-defined <code>CURLOPT_*</code> constant.</li>
171198 * <li><code>returnCurlHandle</code> - <code>boolean</code> - Optional - A private toggle specifying that the cURL handle be returned rather than actually completing the request. This toggle is useful for manually managed batch requests.</li></ul>
172199 * @return CFResponse A <CFResponse> object containing a parsed HTTP response.
173200 */
174 - public function list_signing_certificates($opt = null)
 201+ public function create_group($group_name, $opt = null)
175202 {
176203 if (!$opt) $opt = array();
 204+ $opt['GroupName'] = $group_name;
177205
178 - return $this->authenticate('ListSigningCertificates', $opt, $this->hostname);
 206+ return $this->authenticate('CreateGroup', $opt, $this->hostname);
179207 }
180208
181209 /**
 210+ * Creates a login profile for the specified user, giving the user the ability to access AWS
 211+ * services such as the AWS Management Console. For more information about login profiles, see
 212+ * <a href=
 213+ * "http://docs.amazonwebservices.com/IAM/latest/UserGuide/index.html?Using_ManagingLogins.html"
 214+ * target="_blank">Creating or Deleting a User Login Profile</a> in <em>Using AWS Identity and
 215+ * Access Management</em>.
182216 *
183 - * Uploads an X.509 signing certificate and associates it with the specified User. Some AWS services use X.509 signing certificates to validate
184 - * requests that are signed with a corresponding private key. When you upload the certificate, its default status is <code>Active</code>.
185 - *
186 - * If the <code>UserName</code> field is not specified, the User name is determined implicitly based on the AWS Access Key ID used to sign the
187 - * request. Because this action works for access keys under the AWS Account, this API can be used to manage root credentials even if the AWS
188 - * Account has no associated Users.
189 - *
190 - * Because the body of a X.509 certificate can be large, you should use POST rather than GET when calling
191 - * <code>UploadSigningCertificate</code>. For more information, see <a
192 - * href="http://docs.amazonwebservices.com/IAM/latest/UserGuide/index.html?IAM_UsingQueryAPI.html">Making Query Requests</a> in <i>Using AWS
193 - * Identity and Access Management</i>.
194 - *
195 - * @param string $certificate_body (Required) The contents of the signing certificate.
 217+ * @param string $user_name (Required) Name of the user to create a login profile for. [Constraints: The value must be between 1 and 64 characters, and must match the following regular expression pattern: <code>[\w+=,.@-]*</code>]
 218+ * @param string $password (Required) The new password for the user name. [Constraints: The value must be between 1 and 128 characters, and must match the following regular expression pattern: <code>[\u0009\u000A\u000D\u0020-\u00FF]+</code>]
196219 * @param array $opt (Optional) An associative array of parameters that can have the following keys: <ul>
197 - * <li><code>UserName</code> - <code>string</code> - Optional - Name of the User the signing certificate is for. </li>
198220 * <li><code>curlopts</code> - <code>array</code> - Optional - A set of values to pass directly into <code>curl_setopt()</code>, where the key is a pre-defined <code>CURLOPT_*</code> constant.</li>
199221 * <li><code>returnCurlHandle</code> - <code>boolean</code> - Optional - A private toggle specifying that the cURL handle be returned rather than actually completing the request. This toggle is useful for manually managed batch requests.</li></ul>
200222 * @return CFResponse A <CFResponse> object containing a parsed HTTP response.
201223 */
202 - public function upload_signing_certificate($certificate_body, $opt = null)
 224+ public function create_login_profile($user_name, $password, $opt = null)
203225 {
204226 if (!$opt) $opt = array();
205 - $opt['CertificateBody'] = $certificate_body;
 227+ $opt['UserName'] = $user_name;
 228+ $opt['Password'] = $password;
206229
207 - return $this->authenticate('UploadSigningCertificate', $opt, $this->hostname);
 230+ return $this->authenticate('CreateLoginProfile', $opt, $this->hostname);
208231 }
209232
210233 /**
 234+ * Creates a new user for your AWS account.
211235 *
212 - * Deletes the specified policy associated with the specified User.
 236+ * For information about limitations on the number of users you can create, see <a href=
 237+ * "http://docs.amazonwebservices.com/IAM/latest/UserGuide/index.html?LimitationsOnEntities.html"
 238+ * target="_blank">Limitations on IAM Entities</a> in <em>Using AWS Identity and Access
 239+ * Management</em>.
213240 *
214 - * @param string $user_name (Required) Name of the User the policy is associated with.
215 - * @param string $policy_name (Required) Name of the policy document to delete.
 241+ * @param string $user_name (Required) Name of the user to create. [Constraints: The value must be between 1 and 64 characters, and must match the following regular expression pattern: <code>[\w+=,.@-]*</code>]
216242 * @param array $opt (Optional) An associative array of parameters that can have the following keys: <ul>
 243+ * <li><code>Path</code> - <code>string</code> - Optional - The path for the user name. For more information about paths, see <a href="http://docs.amazonwebservices.com/IAM/latest/UserGuide/index.html?Using_Identifiers.html" target="_blank">Identifiers for IAM Entities</a> in <em>Using AWS Identity and Access Management</em>. This parameter is optional. If it is not included, it defaults to a slash (/). [Constraints: The value must be between 1 and 512 characters, and must match the following regular expression pattern: <code>(\u002F)|(\u002F[\u0021-\u007F]+\u002F)</code>]</li>
217244 * <li><code>curlopts</code> - <code>array</code> - Optional - A set of values to pass directly into <code>curl_setopt()</code>, where the key is a pre-defined <code>CURLOPT_*</code> constant.</li>
218245 * <li><code>returnCurlHandle</code> - <code>boolean</code> - Optional - A private toggle specifying that the cURL handle be returned rather than actually completing the request. This toggle is useful for manually managed batch requests.</li></ul>
219246 * @return CFResponse A <CFResponse> object containing a parsed HTTP response.
220247 */
221 - public function delete_user_policy($user_name, $policy_name, $opt = null)
 248+ public function create_user($user_name, $opt = null)
222249 {
223250 if (!$opt) $opt = array();
224251 $opt['UserName'] = $user_name;
225 - $opt['PolicyName'] = $policy_name;
226252
227 - return $this->authenticate('DeleteUserPolicy', $opt, $this->hostname);
 253+ return $this->authenticate('CreateUser', $opt, $this->hostname);
228254 }
229255
230256 /**
 257+ * Creates a new virtual MFA device for the AWS account. After creating the virtual MFA, use
 258+ * <a href="http://docs.amazonwebservices.com/IAM/latest/APIReference/API_EnableMFADevice.html"
 259+ * target="_blank">EnableMFADevice</a> to attach the MFA device to an IAM user. For more
 260+ * information about creating and working with virtual MFA devices, go to <a href=
 261+ * "http://docs.amazonwebservices.com/IAM/latest/UserGuide/index.html?Using_VirtualMFA.html"
 262+ * target="_blank">Using a Virtual MFA Device</a> in <em>Using AWS Identity and Access
 263+ * Management</em>.
231264 *
232 - * Adds (or updates) a policy document associated with the specified User. For information about policies, refer to <a
233 - * href="http://docs.amazonwebservices.com/IAM/latest/UserGuide/index.html?PoliciesOverview.html">Overview of Policies</a> in <i>Using AWS
234 - * Identity and Access Management</i>.
 265+ * For information about limits on the number of MFA devices you can create, see <a href=
 266+ * "http://docs.amazonwebservices.com/IAM/latest/UserGuide/index.html?LimitationsOnEntities.html"
 267+ * target="_blank">Limitations on Entities</a> in <em>Using AWS Identity and Access
 268+ * Management</em>.
235269 *
236 - * For information about limits on the number of policies you can associate with a User, see <a
237 - * href="http://docs.amazonwebservices.com/IAM/2010-05-08/UserGuide/index.html?LimitationsOnEntities.html">Limitations on IAM Entities</a> in
238 - * <i>Using AWS Identity and Access Management</i>.
 270+ * <p class="important">
 271+ * The seed information contained in the QR code and the Base32 string should be treated like any
 272+ * other secret access information, such as your AWS access keys or your passwords. After you
 273+ * provision your virtual device, you should ensure that the information is destroyed following
 274+ * secure procedures.
 275+ * </p>
239276 *
240 - * Because policy documents can be large, you should use POST rather than GET when calling <code>PutUserPolicy</code>. For more information,
241 - * see <a href="http://docs.amazonwebservices.com/IAM/latest/UserGuide/index.html?IAM_UsingQueryAPI.html">Making Query Requests</a> in <i>Using
242 - * AWS Identity and Access Management</i>.
243 - *
244 - * @param string $user_name (Required) Name of the User to associate the policy with.
245 - * @param string $policy_name (Required) Name of the policy document.
246 - * @param string $policy_document (Required) The policy document.
 277+ * @param string $virtual_mfa_device_name (Required) The name of the virtual MFA device. Use with path to uniquely identify a virtual MFA device. [Constraints: The value must be more than 1 characters, and must match the following regular expression pattern: <code>[\w+=,.@-]*</code>]
247278 * @param array $opt (Optional) An associative array of parameters that can have the following keys: <ul>
 279+ * <li><code>Path</code> - <code>string</code> - Optional - The path for the virtual MFA device. For more information about paths, see <a href="http://docs.amazonwebservices.com/IAM/latest/UserGuide/index.html?Using_Identifiers.html" target="_blank">Identifiers for IAM Entities</a> in <em>Using AWS Identity and Access Management</em>. This parameter is optional. If it is not included, it defaults to a slash (/). [Constraints: The value must be between 1 and 512 characters, and must match the following regular expression pattern: <code>(\u002F)|(\u002F[\u0021-\u007F]+\u002F)</code>]</li>
248280 * <li><code>curlopts</code> - <code>array</code> - Optional - A set of values to pass directly into <code>curl_setopt()</code>, where the key is a pre-defined <code>CURLOPT_*</code> constant.</li>
249281 * <li><code>returnCurlHandle</code> - <code>boolean</code> - Optional - A private toggle specifying that the cURL handle be returned rather than actually completing the request. This toggle is useful for manually managed batch requests.</li></ul>
250282 * @return CFResponse A <CFResponse> object containing a parsed HTTP response.
251283 */
252 - public function put_user_policy($user_name, $policy_name, $policy_document, $opt = null)
 284+ public function create_virtual_mfa_device($virtual_mfa_device_name, $opt = null)
253285 {
254286 if (!$opt) $opt = array();
255 - $opt['UserName'] = $user_name;
256 - $opt['PolicyName'] = $policy_name;
257 - $opt['PolicyDocument'] = $policy_document;
 287+ $opt['VirtualMFADeviceName'] = $virtual_mfa_device_name;
258288
259 - return $this->authenticate('PutUserPolicy', $opt, $this->hostname);
 289+ return $this->authenticate('CreateVirtualMFADevice', $opt, $this->hostname);
260290 }
261291
262292 /**
 293+ * Deactivates the specified MFA device and removes it from association with the user name for
 294+ * which it was originally enabled.
263295 *
264 - * Lists the server certificates that have the specified path prefix. If none exist, the action returns an empty list.
265 - *
266 - * You can paginate the results using the <code>MaxItems</code> and <code>Marker</code> parameters.
267 - *
 296+ * @param string $user_name (Required) Name of the user whose MFA device you want to deactivate. [Constraints: The value must be between 1 and 64 characters, and must match the following regular expression pattern: <code>[\w+=,.@-]*</code>]
 297+ * @param string $serial_number (Required) The serial number that uniquely identifies the MFA device. For virtual MFA devices, the serial number is the device ARN. [Constraints: The value must be between 9 and 256 characters, and must match the following regular expression pattern: <code>[\w+=/:,.@-]*</code>]
268298 * @param array $opt (Optional) An associative array of parameters that can have the following keys: <ul>
269 - * <li><code>PathPrefix</code> - <code>string</code> - Optional - The path prefix for filtering the results. For example: <code>/company/servercerts</code> would get all server certificates for which the path starts with <code>/company/servercerts</code>. This parameter is optional. If it is not included, it defaults to a slash (/), listing all server certificates. </li>
270 - * <li><code>Marker</code> - <code>string</code> - Optional - Use this only when paginating results, and only in a subsequent request after you've received a response where the results are truncated. Set it to the value of the <code>Marker</code> element in the response you just received. </li>
271 - * <li><code>MaxItems</code> - <code>integer</code> - Optional - Use this only when paginating results to indicate the maximum number of server certificates you want in the response. If there are additional server certificates beyond the maximum you specify, the <code>IsTruncated</code> response element will be set to <code>true</code>. </li>
272299 * <li><code>curlopts</code> - <code>array</code> - Optional - A set of values to pass directly into <code>curl_setopt()</code>, where the key is a pre-defined <code>CURLOPT_*</code> constant.</li>
273300 * <li><code>returnCurlHandle</code> - <code>boolean</code> - Optional - A private toggle specifying that the cURL handle be returned rather than actually completing the request. This toggle is useful for manually managed batch requests.</li></ul>
274301 * @return CFResponse A <CFResponse> object containing a parsed HTTP response.
275302 */
276 - public function list_server_certificates($opt = null)
 303+ public function deactivate_mfa_device($user_name, $serial_number, $opt = null)
277304 {
278305 if (!$opt) $opt = array();
 306+ $opt['UserName'] = $user_name;
 307+ $opt['SerialNumber'] = $serial_number;
279308
280 - return $this->authenticate('ListServerCertificates', $opt, $this->hostname);
 309+ return $this->authenticate('DeactivateMFADevice', $opt, $this->hostname);
281310 }
282311
283312 /**
 313+ * Deletes the access key associated with the specified user.
284314 *
285 - * Retrieves the specified policy document for the specified User. The returned policy is URL-encoded according to RFC 3986. For more
286 - * information about RFC 3986, go to <a href="http://www.faqs.org/rfcs/rfc3986.html">http://www.faqs.org/rfcs/rfc3986.html</a>.
 315+ * If you do not specify a user name, IAM determines the user name implicitly based on the AWS
 316+ * Access Key ID signing the request. Because this action works for access keys under the AWS
 317+ * account, you can use this API to manage root credentials even if the AWS account has no
 318+ * associated users.
287319 *
288 - * @param string $user_name (Required) Name of the User who the policy is associated with.
289 - * @param string $policy_name (Required) Name of the policy document to get.
 320+ * @param string $access_key_id (Required) The Access Key ID for the Access Key ID and Secret Access Key you want to delete. [Constraints: The value must be between 16 and 32 characters, and must match the following regular expression pattern: <code>[\w]*</code>]
290321 * @param array $opt (Optional) An associative array of parameters that can have the following keys: <ul>
 322+ * <li><code>UserName</code> - <code>string</code> - Optional - Name of the user whose key you want to delete. [Constraints: The value must be between 1 and 64 characters, and must match the following regular expression pattern: <code>[\w+=,.@-]*</code>]</li>
291323 * <li><code>curlopts</code> - <code>array</code> - Optional - A set of values to pass directly into <code>curl_setopt()</code>, where the key is a pre-defined <code>CURLOPT_*</code> constant.</li>
292324 * <li><code>returnCurlHandle</code> - <code>boolean</code> - Optional - A private toggle specifying that the cURL handle be returned rather than actually completing the request. This toggle is useful for manually managed batch requests.</li></ul>
293325 * @return CFResponse A <CFResponse> object containing a parsed HTTP response.
294326 */
295 - public function get_user_policy($user_name, $policy_name, $opt = null)
 327+ public function delete_access_key($access_key_id, $opt = null)
296328 {
297329 if (!$opt) $opt = array();
298 - $opt['UserName'] = $user_name;
299 - $opt['PolicyName'] = $policy_name;
 330+ $opt['AccessKeyId'] = $access_key_id;
300331
301 - return $this->authenticate('GetUserPolicy', $opt, $this->hostname);
 332+ return $this->authenticate('DeleteAccessKey', $opt, $this->hostname);
302333 }
303334
304335 /**
 336+ * Deletes the specified AWS account alias. For information about using an AWS account alias, see
 337+ * <a href="http://docs.amazonwebservices.com/IAM/latest/UserGuide/AccountAlias.html" target=
 338+ * "_blank">Using an Alias for Your AWS Account ID</a> in <em>Using AWS Identity and Access
 339+ * Management</em>.
305340 *
306 - * Updates the login profile for the specified User. Use this API to change the User's password.
307 - *
308 - * @param string $user_name (Required) Name of the User whose login profile you want to update.
 341+ * @param string $account_alias (Required) Name of the account alias to delete. [Constraints: The value must be between 3 and 63 characters, and must match the following regular expression pattern: <code>^[a-z0-9](([a-z0-9]|-(?!-))*[a-z0-9])?$</code>]
309342 * @param array $opt (Optional) An associative array of parameters that can have the following keys: <ul>
310 - * <li><code>Password</code> - <code>string</code> - Optional - The new password for the User name. </li>
311343 * <li><code>curlopts</code> - <code>array</code> - Optional - A set of values to pass directly into <code>curl_setopt()</code>, where the key is a pre-defined <code>CURLOPT_*</code> constant.</li>
312344 * <li><code>returnCurlHandle</code> - <code>boolean</code> - Optional - A private toggle specifying that the cURL handle be returned rather than actually completing the request. This toggle is useful for manually managed batch requests.</li></ul>
313345 * @return CFResponse A <CFResponse> object containing a parsed HTTP response.
314346 */
315 - public function update_login_profile($user_name, $opt = null)
 347+ public function delete_account_alias($account_alias, $opt = null)
316348 {
317349 if (!$opt) $opt = array();
318 - $opt['UserName'] = $user_name;
 350+ $opt['AccountAlias'] = $account_alias;
319351
320 - return $this->authenticate('UpdateLoginProfile', $opt, $this->hostname);
 352+ return $this->authenticate('DeleteAccountAlias', $opt, $this->hostname);
321353 }
322354
323355 /**
 356+ * Deletes the specified group. The group must not contain any users or have any attached
 357+ * policies.
324358 *
325 - * Updates the name and/or the path of the specified server certificate.
326 - *
327 - * You should understand the implications of changing a server certificate's path or name. For more information, see <a
328 - * href="http://docs.amazonwebservices.com/IAM/latest/UserGuide/ManagingServerCerts.html">Managing Server Certificates</a> in <i>Using AWS
329 - * Identity and Access Management</i>.
330 - *
331 - * To change a server certificate name the requester must have appropriate permissions on both the source object and the target object. For
332 - * example, to change the name from ProductionCert to ProdCert, the entity making the request must have permission on ProductionCert and
333 - * ProdCert, or must have permission on all (*). For more information about permissions, see <a
334 - * href="http://docs.amazonwebservices.com/IAM/2010-05-08/UserGuide/PermissionsAndPolicies.html">Permissions and Policies</a>.
335 - *
336 - * @param string $server_certificate_name (Required) The name of the server certificate that you want to update.
 359+ * @param string $group_name (Required) Name of the group to delete. [Constraints: The value must be between 1 and 128 characters, and must match the following regular expression pattern: <code>[\w+=,.@-]*</code>]
337360 * @param array $opt (Optional) An associative array of parameters that can have the following keys: <ul>
338 - * <li><code>NewPath</code> - <code>string</code> - Optional - The new path for the server certificate. Include this only if you are updating the server certificate's path. </li>
339 - * <li><code>NewServerCertificateName</code> - <code>string</code> - Optional - The new name for the server certificate. Include this only if you are updating the server certificate's name. </li>
340361 * <li><code>curlopts</code> - <code>array</code> - Optional - A set of values to pass directly into <code>curl_setopt()</code>, where the key is a pre-defined <code>CURLOPT_*</code> constant.</li>
341362 * <li><code>returnCurlHandle</code> - <code>boolean</code> - Optional - A private toggle specifying that the cURL handle be returned rather than actually completing the request. This toggle is useful for manually managed batch requests.</li></ul>
342363 * @return CFResponse A <CFResponse> object containing a parsed HTTP response.
343364 */
344 - public function update_server_certificate($server_certificate_name, $opt = null)
 365+ public function delete_group($group_name, $opt = null)
345366 {
346367 if (!$opt) $opt = array();
347 - $opt['ServerCertificateName'] = $server_certificate_name;
 368+ $opt['GroupName'] = $group_name;
348369
349 - return $this->authenticate('UpdateServerCertificate', $opt, $this->hostname);
 370+ return $this->authenticate('DeleteGroup', $opt, $this->hostname);
350371 }
351372
352373 /**
 374+ * Deletes the specified policy that is associated with the specified group.
353375 *
354 - * Updates the name and/or the path of the specified User.
355 - *
356 - * You should understand the implications of changing a User's path or name. For more information, see <a
357 - * href="http://docs.amazonwebservices.com/IAM/latest/UserGuide/index.html?Using_Renaming.html">Renaming Users and Groups</a> in <i>Using AWS
358 - * Identity and Access Management</i>.
359 - *
360 - * To change a User name the requester must have appropriate permissions on both the source object and the target object. For example, to
361 - * change Bob to Robert, the entity making the request must have permission on Bob and Robert, or must have permission on all (*). For more
362 - * information about permissions, see <a
363 - * href="http://docs.amazonwebservices.com/IAM/2010-05-08/UserGuide/PermissionsAndPolicies.html">Permissions and Policies</a>.
364 - *
365 - * @param string $user_name (Required) Name of the User to update. If you're changing the name of the User, this is the original User name.
 376+ * @param string $group_name (Required) Name of the group the policy is associated with. [Constraints: The value must be between 1 and 128 characters, and must match the following regular expression pattern: <code>[\w+=,.@-]*</code>]
 377+ * @param string $policy_name (Required) Name of the policy document to delete. [Constraints: The value must be between 1 and 128 characters, and must match the following regular expression pattern: <code>[\w+=,.@-]*</code>]
366378 * @param array $opt (Optional) An associative array of parameters that can have the following keys: <ul>
367 - * <li><code>NewPath</code> - <code>string</code> - Optional - New path for the User. Include this parameter only if you're changing the User's path. </li>
368 - * <li><code>NewUserName</code> - <code>string</code> - Optional - New name for the User. Include this parameter only if you're changing the User's name. </li>
369379 * <li><code>curlopts</code> - <code>array</code> - Optional - A set of values to pass directly into <code>curl_setopt()</code>, where the key is a pre-defined <code>CURLOPT_*</code> constant.</li>
370380 * <li><code>returnCurlHandle</code> - <code>boolean</code> - Optional - A private toggle specifying that the cURL handle be returned rather than actually completing the request. This toggle is useful for manually managed batch requests.</li></ul>
371381 * @return CFResponse A <CFResponse> object containing a parsed HTTP response.
372382 */
373 - public function update_user($user_name, $opt = null)
 383+ public function delete_group_policy($group_name, $policy_name, $opt = null)
374384 {
375385 if (!$opt) $opt = array();
376 - $opt['UserName'] = $user_name;
 386+ $opt['GroupName'] = $group_name;
 387+ $opt['PolicyName'] = $policy_name;
377388
378 - return $this->authenticate('UpdateUser', $opt, $this->hostname);
 389+ return $this->authenticate('DeleteGroupPolicy', $opt, $this->hostname);
379390 }
380391
381392 /**
 393+ * Deletes the login profile for the specified user, which terminates the user's ability to access
 394+ * AWS services through the IAM login page.
382395 *
383 - * Deletes the login profile for the specified User, which terminates the User's ability to access AWS services through the IAM login page.
 396+ * <p class="important">
 397+ * Deleting a user's login profile does not prevent a user from accessing IAM through the command
 398+ * line interface or the API. To prevent all user access you must also either make the access key
 399+ * inactive or delete it. For more information about making keys inactive or deleting them, see
 400+ * <code>UpdateAccessKey</code> and <code>DeleteAccessKey</code>.
 401+ * </p>
384402 *
385 - * Deleting a User's login profile does not prevent a User from accessing IAM through the command line interface or the API. To prevent all
386 - * User access you must also either make the access key inactive or delete it. For more information about making keys inactive or deleting
387 - * them, see UpdateAccessKey and DeleteAccessKey.
388 - *
389 - * @param string $user_name (Required) Name of the User whose login profile you want to delete.
 403+ * @param string $user_name (Required) Name of the user whose login profile you want to delete. [Constraints: The value must be between 1 and 64 characters, and must match the following regular expression pattern: <code>[\w+=,.@-]*</code>]
390404 * @param array $opt (Optional) An associative array of parameters that can have the following keys: <ul>
391405 * <li><code>curlopts</code> - <code>array</code> - Optional - A set of values to pass directly into <code>curl_setopt()</code>, where the key is a pre-defined <code>CURLOPT_*</code> constant.</li>
392406 * <li><code>returnCurlHandle</code> - <code>boolean</code> - Optional - A private toggle specifying that the cURL handle be returned rather than actually completing the request. This toggle is useful for manually managed batch requests.</li></ul>
@@ -400,597 +414,639 @@
401415 }
402416
403417 /**
 418+ * Deletes the specified server certificate.
404419 *
405 - * Changes the status of the specified signing certificate from active to disabled, or vice versa. This action can be used to disable a User's
406 - * signing certificate as part of a certificate rotation workflow.
 420+ * <p class="important">
 421+ * If you are using a server certificate with Elastic Load Balancing, deleting the certificate
 422+ * could have implications for your application. If Elastic Load Balancing doesn't detect the
 423+ * deletion of bound certificates, it may continue to use the certificates. This could cause
 424+ * Elastic Load Balancing to stop accepting traffic. We recommend that you remove the reference to
 425+ * the certificate from Elastic Load Balancing before using this command to delete the
 426+ * certificate. For more information, go to <a href=
 427+ * "http://docs.amazonwebservices.com/ElasticLoadBalancing/latest/APIReference/API_DeleteLoadBalancerListeners.html"
 428+ * target="blank">DeleteLoadBalancerListeners</a> in the <em>Elastic Load Balancing API
 429+ * Reference</em>.
 430+ * </p>
407431 *
408 - * If the <code>UserName</code> field is not specified, the UserName is determined implicitly based on the AWS Access Key ID used to sign the
409 - * request. Because this action works for access keys under the AWS Account, this API can be used to manage root credentials even if the AWS
410 - * Account has no associated Users.
411 - *
412 - * For information about rotating certificates, see <a
413 - * href="http://docs.amazonwebservices.com/IAM/latest/UserGuide/index.html?ManagingCredentials.html">Managing Keys and Certificates</a> in
414 - * <i>Using AWS Identity and Access Management</i>.
415 - *
416 - * @param string $certificate_id (Required) The ID of the signing certificate you want to update.
417 - * @param string $status (Required) The status you want to assign to the certificate. <code>Active</code> means the certificate can be used for API calls to AWS, while <code>Inactive</code> means the certificate cannot be used. [Allowed values: <code>Active</code>, <code>Inactive</code>]
 432+ * @param string $server_certificate_name (Required) The name of the server certificate you want to delete. [Constraints: The value must be between 1 and 128 characters, and must match the following regular expression pattern: <code>[\w+=,.@-]*</code>]
418433 * @param array $opt (Optional) An associative array of parameters that can have the following keys: <ul>
419 - * <li><code>UserName</code> - <code>string</code> - Optional - Name of the User the signing certificate belongs to. </li>
420434 * <li><code>curlopts</code> - <code>array</code> - Optional - A set of values to pass directly into <code>curl_setopt()</code>, where the key is a pre-defined <code>CURLOPT_*</code> constant.</li>
421435 * <li><code>returnCurlHandle</code> - <code>boolean</code> - Optional - A private toggle specifying that the cURL handle be returned rather than actually completing the request. This toggle is useful for manually managed batch requests.</li></ul>
422436 * @return CFResponse A <CFResponse> object containing a parsed HTTP response.
423437 */
424 - public function update_signing_certificate($certificate_id, $status, $opt = null)
 438+ public function delete_server_certificate($server_certificate_name, $opt = null)
425439 {
426440 if (!$opt) $opt = array();
427 - $opt['CertificateId'] = $certificate_id;
428 - $opt['Status'] = $status;
 441+ $opt['ServerCertificateName'] = $server_certificate_name;
429442
430 - return $this->authenticate('UpdateSigningCertificate', $opt, $this->hostname);
 443+ return $this->authenticate('DeleteServerCertificate', $opt, $this->hostname);
431444 }
432445
433446 /**
 447+ * Deletes the specified signing certificate associated with the specified user.
434448 *
435 - * Deletes the specified policy that is associated with the specified group.
 449+ * If you do not specify a user name, IAM determines the user name implicitly based on the AWS
 450+ * Access Key ID signing the request. Because this action works for access keys under the AWS
 451+ * account, you can use this API to manage root credentials even if the AWS account has no
 452+ * associated users.
436453 *
437 - * @param string $group_name (Required) Name of the group the policy is associated with.
438 - * @param string $policy_name (Required) Name of the policy document to delete.
 454+ * @param string $certificate_id (Required) ID of the signing certificate to delete. [Constraints: The value must be between 24 and 128 characters, and must match the following regular expression pattern: <code>[\w]*</code>]
439455 * @param array $opt (Optional) An associative array of parameters that can have the following keys: <ul>
 456+ * <li><code>UserName</code> - <code>string</code> - Optional - Name of the user the signing certificate belongs to. [Constraints: The value must be between 1 and 64 characters, and must match the following regular expression pattern: <code>[\w+=,.@-]*</code>]</li>
440457 * <li><code>curlopts</code> - <code>array</code> - Optional - A set of values to pass directly into <code>curl_setopt()</code>, where the key is a pre-defined <code>CURLOPT_*</code> constant.</li>
441458 * <li><code>returnCurlHandle</code> - <code>boolean</code> - Optional - A private toggle specifying that the cURL handle be returned rather than actually completing the request. This toggle is useful for manually managed batch requests.</li></ul>
442459 * @return CFResponse A <CFResponse> object containing a parsed HTTP response.
443460 */
444 - public function delete_group_policy($group_name, $policy_name, $opt = null)
 461+ public function delete_signing_certificate($certificate_id, $opt = null)
445462 {
446463 if (!$opt) $opt = array();
447 - $opt['GroupName'] = $group_name;
448 - $opt['PolicyName'] = $policy_name;
 464+ $opt['CertificateId'] = $certificate_id;
449465
450 - return $this->authenticate('DeleteGroupPolicy', $opt, $this->hostname);
 466+ return $this->authenticate('DeleteSigningCertificate', $opt, $this->hostname);
451467 }
452468
453469 /**
 470+ * Deletes the specified user. The user must not belong to any groups, have any keys or signing
 471+ * certificates, or have any attached policies.
454472 *
455 - * Lists the Users that have the specified path prefix. If there are none, the action returns an empty list.
456 - *
457 - * You can paginate the results using the <code>MaxItems</code> and <code>Marker</code> parameters.
458 - *
 473+ * @param string $user_name (Required) Name of the user to delete. [Constraints: The value must be between 1 and 64 characters, and must match the following regular expression pattern: <code>[\w+=,.@-]*</code>]
459474 * @param array $opt (Optional) An associative array of parameters that can have the following keys: <ul>
460 - * <li><code>PathPrefix</code> - <code>string</code> - Optional - The path prefix for filtering the results. For example: <code>/division_abc/subdivision_xyz/</code>, which would get all User names whose path starts with <code>/division_abc/subdivision_xyz/</code>. This parameter is optional. If it is not included, it defaults to a slash (/), listing all User names. </li>
461 - * <li><code>Marker</code> - <code>string</code> - Optional - Use this parameter only when paginating results, and only in a subsequent request after you've received a response where the results are truncated. Set it to the value of the <code>Marker</code> element in the response you just received. </li>
462 - * <li><code>MaxItems</code> - <code>integer</code> - Optional - Use this parameter only when paginating results to indicate the maximum number of User names you want in the response. If there are additional User names beyond the maximum you specify, the <code>IsTruncated</code> response element is <code>true</code>. </li>
463475 * <li><code>curlopts</code> - <code>array</code> - Optional - A set of values to pass directly into <code>curl_setopt()</code>, where the key is a pre-defined <code>CURLOPT_*</code> constant.</li>
464476 * <li><code>returnCurlHandle</code> - <code>boolean</code> - Optional - A private toggle specifying that the cURL handle be returned rather than actually completing the request. This toggle is useful for manually managed batch requests.</li></ul>
465477 * @return CFResponse A <CFResponse> object containing a parsed HTTP response.
466478 */
467 - public function list_users($opt = null)
 479+ public function delete_user($user_name, $opt = null)
468480 {
469481 if (!$opt) $opt = array();
 482+ $opt['UserName'] = $user_name;
470483
471 - return $this->authenticate('ListUsers', $opt, $this->hostname);
 484+ return $this->authenticate('DeleteUser', $opt, $this->hostname);
472485 }
473486
474487 /**
 488+ * Deletes the specified policy associated with the specified user.
475489 *
476 - * Updates the name and/or the path of the specified group.
477 - *
478 - * You should understand the implications of changing a group's path or name. For more information, see <a
479 - * href="http://docs.amazonwebservices.com/IAM/latest/UserGuide/index.html?Using_Renaming.html">Renaming Users and Groups</a> in <i>Using AWS
480 - * Identity and Access Management</i>.
481 - *
482 - * To change a group name the requester must have appropriate permissions on both the source object and the target object. For example, to
483 - * change Managers to MGRs, the entity making the request must have permission on Managers and MGRs, or must have permission on all (*). For
484 - * more information about permissions, see <a
485 - * href="http://docs.amazonwebservices.com/IAM/2010-05-08/UserGuide/PermissionsAndPolicies.html">Permissions and Policies</a>.
486 - *
487 - * @param string $group_name (Required) Name of the group to update. If you're changing the name of the group, this is the original name.
 490+ * @param string $user_name (Required) Name of the user the policy is associated with. [Constraints: The value must be between 1 and 64 characters, and must match the following regular expression pattern: <code>[\w+=,.@-]*</code>]
 491+ * @param string $policy_name (Required) Name of the policy document to delete. [Constraints: The value must be between 1 and 128 characters, and must match the following regular expression pattern: <code>[\w+=,.@-]*</code>]
488492 * @param array $opt (Optional) An associative array of parameters that can have the following keys: <ul>
489 - * <li><code>NewPath</code> - <code>string</code> - Optional - New path for the group. Only include this if changing the group's path. </li>
490 - * <li><code>NewGroupName</code> - <code>string</code> - Optional - New name for the group. Only include this if changing the group's name. </li>
491493 * <li><code>curlopts</code> - <code>array</code> - Optional - A set of values to pass directly into <code>curl_setopt()</code>, where the key is a pre-defined <code>CURLOPT_*</code> constant.</li>
492494 * <li><code>returnCurlHandle</code> - <code>boolean</code> - Optional - A private toggle specifying that the cURL handle be returned rather than actually completing the request. This toggle is useful for manually managed batch requests.</li></ul>
493495 * @return CFResponse A <CFResponse> object containing a parsed HTTP response.
494496 */
495 - public function update_group($group_name, $opt = null)
 497+ public function delete_user_policy($user_name, $policy_name, $opt = null)
496498 {
497499 if (!$opt) $opt = array();
498 - $opt['GroupName'] = $group_name;
 500+ $opt['UserName'] = $user_name;
 501+ $opt['PolicyName'] = $policy_name;
499502
500 - return $this->authenticate('UpdateGroup', $opt, $this->hostname);
 503+ return $this->authenticate('DeleteUserPolicy', $opt, $this->hostname);
501504 }
502505
503506 /**
 507+ * Deletes a virtual MFA device.
504508 *
505 - * Retrieves information about the specified server certificate.
 509+ * <p class="note">
 510+ * You must deactivate a user's virtual MFA device before you can delete it. For information about
 511+ * deactivating MFA devices, see <a href=
 512+ * "http://docs.amazonwebservices.com/IAM/latest/APIReference/API_DeactivateMFADevice.html">DeactivateMFADevice</a>.
 513+ * </p>
506514 *
507 - * @param string $server_certificate_name (Required) The name of the server certificate you want to retrieve information about.
 515+ * @param string $serial_number (Required) The serial number that uniquely identifies the MFA device. For virtual MFA devices, the serial number is the same as the ARN. [Constraints: The value must be between 9 and 256 characters, and must match the following regular expression pattern: <code>[\w+=/:,.@-]*</code>]
508516 * @param array $opt (Optional) An associative array of parameters that can have the following keys: <ul>
509517 * <li><code>curlopts</code> - <code>array</code> - Optional - A set of values to pass directly into <code>curl_setopt()</code>, where the key is a pre-defined <code>CURLOPT_*</code> constant.</li>
510518 * <li><code>returnCurlHandle</code> - <code>boolean</code> - Optional - A private toggle specifying that the cURL handle be returned rather than actually completing the request. This toggle is useful for manually managed batch requests.</li></ul>
511519 * @return CFResponse A <CFResponse> object containing a parsed HTTP response.
512520 */
513 - public function get_server_certificate($server_certificate_name, $opt = null)
 521+ public function delete_virtual_mfa_device($serial_number, $opt = null)
514522 {
515523 if (!$opt) $opt = array();
516 - $opt['ServerCertificateName'] = $server_certificate_name;
 524+ $opt['SerialNumber'] = $serial_number;
517525
518 - return $this->authenticate('GetServerCertificate', $opt, $this->hostname);
 526+ return $this->authenticate('DeleteVirtualMFADevice', $opt, $this->hostname);
519527 }
520528
521529 /**
 530+ * Enables the specified MFA device and associates it with the specified user name. When enabled,
 531+ * the MFA device is required for every subsequent login by the user name associated with the
 532+ * device.
522533 *
523 - * Adds (or updates) a policy document associated with the specified group. For information about policies, refer to <a
524 - * href="http://docs.amazonwebservices.com/IAM/latest/UserGuide/index.html?PoliciesOverview.html">Overview of Policies</a> in <i>Using AWS
525 - * Identity and Access Management</i>.
526 - *
527 - * For information about limits on the number of policies you can associate with a group, see <a
528 - * href="http://docs.amazonwebservices.com/IAM/2010-05-08/UserGuide/index.html?LimitationsOnEntities.html">Limitations on IAM Entities</a> in
529 - * <i>Using AWS Identity and Access Management</i>.
530 - *
531 - * Because policy documents can be large, you should use POST rather than GET when calling <code>PutGroupPolicy</code>. For more information,
532 - * see <a href="http://docs.amazonwebservices.com/IAM/latest/UserGuide/index.html?IAM_UsingQueryAPI.html">Making Query Requests</a> in <i>Using
533 - * AWS Identity and Access Management</i>.
534 - *
535 - * @param string $group_name (Required) Name of the group to associate the policy with.
536 - * @param string $policy_name (Required) Name of the policy document.
537 - * @param string $policy_document (Required) The policy document.
 534+ * @param string $user_name (Required) Name of the user for whom you want to enable the MFA device. [Constraints: The value must be between 1 and 64 characters, and must match the following regular expression pattern: <code>[\w+=,.@-]*</code>]
 535+ * @param string $serial_number (Required) The serial number that uniquely identifies the MFA device. For virtual MFA devices, the serial number is the device ARN. [Constraints: The value must be between 9 and 256 characters, and must match the following regular expression pattern: <code>[\w+=/:,.@-]*</code>]
 536+ * @param string $authentication_code1 (Required) An authentication code emitted by the device. [Constraints: The value must be between 6 and 6 characters, and must match the following regular expression pattern: <code>[\d]*</code>]
 537+ * @param string $authentication_code2 (Required) A subsequent authentication code emitted by the device. [Constraints: The value must be between 6 and 6 characters, and must match the following regular expression pattern: <code>[\d]*</code>]
538538 * @param array $opt (Optional) An associative array of parameters that can have the following keys: <ul>
539539 * <li><code>curlopts</code> - <code>array</code> - Optional - A set of values to pass directly into <code>curl_setopt()</code>, where the key is a pre-defined <code>CURLOPT_*</code> constant.</li>
540540 * <li><code>returnCurlHandle</code> - <code>boolean</code> - Optional - A private toggle specifying that the cURL handle be returned rather than actually completing the request. This toggle is useful for manually managed batch requests.</li></ul>
541541 * @return CFResponse A <CFResponse> object containing a parsed HTTP response.
542542 */
543 - public function put_group_policy($group_name, $policy_name, $policy_document, $opt = null)
 543+ public function enable_mfa_device($user_name, $serial_number, $authentication_code1, $authentication_code2, $opt = null)
544544 {
545545 if (!$opt) $opt = array();
546 - $opt['GroupName'] = $group_name;
547 - $opt['PolicyName'] = $policy_name;
548 - $opt['PolicyDocument'] = $policy_document;
 546+ $opt['UserName'] = $user_name;
 547+ $opt['SerialNumber'] = $serial_number;
 548+ $opt['AuthenticationCode1'] = $authentication_code1;
 549+ $opt['AuthenticationCode2'] = $authentication_code2;
549550
550 - return $this->authenticate('PutGroupPolicy', $opt, $this->hostname);
 551+ return $this->authenticate('EnableMFADevice', $opt, $this->hostname);
551552 }
552553
553554 /**
 555+ * Retrieves account level information about account entity usage and IAM quotas.
554556 *
555 - * Creates a new User for your AWS Account.
 557+ * For information about limitations on IAM entities, see <a href=
 558+ * "http://docs.amazonwebservices.com/IAM/latest/UserGuide/index.html?LimitationsOnEntities.html"
 559+ * target="_blank">Limitations on IAM Entities</a> in <em>Using AWS Identity and Access
 560+ * Management</em>.
556561 *
557 - * For information about limitations on the number of Users you can create, see <a
558 - * href="http://docs.amazonwebservices.com/IAM/latest/UserGuide/index.html?LimitationsOnEntities.html">Limitations on IAM Entities</a> in
559 - * <i>Using AWS Identity and Access Management</i>.
560 - *
561 - * @param string $user_name (Required) Name of the User to create.
562562 * @param array $opt (Optional) An associative array of parameters that can have the following keys: <ul>
563 - * <li><code>Path</code> - <code>string</code> - Optional - The path for the User name. For more information about paths, see Identifiers for IAM Entities in <i>Using AWS Identity and Access Management</i>. This parameter is optional. If it is not included, it defaults to a slash (/). </li>
564563 * <li><code>curlopts</code> - <code>array</code> - Optional - A set of values to pass directly into <code>curl_setopt()</code>, where the key is a pre-defined <code>CURLOPT_*</code> constant.</li>
565564 * <li><code>returnCurlHandle</code> - <code>boolean</code> - Optional - A private toggle specifying that the cURL handle be returned rather than actually completing the request. This toggle is useful for manually managed batch requests.</li></ul>
566565 * @return CFResponse A <CFResponse> object containing a parsed HTTP response.
567566 */
568 - public function create_user($user_name, $opt = null)
 567+ public function get_account_summary($opt = null)
569568 {
570569 if (!$opt) $opt = array();
571 - $opt['UserName'] = $user_name;
572570
573 - return $this->authenticate('CreateUser', $opt, $this->hostname);
 571+ return $this->authenticate('GetAccountSummary', $opt, $this->hostname);
574572 }
575573
576574 /**
 575+ * Returns a list of users that are in the specified group. You can paginate the results using the
 576+ * <code>MaxItems</code> and <code>Marker</code> parameters.
577577 *
578 - * Deletes the specified signing certificate associated with the specified User.
579 - *
580 - * If you do not specify a User name, IAM determines the User name implicitly based on the AWS Access Key ID signing the request. Because this
581 - * action works for access keys under the AWS Account, you can use this API to manage root credentials even if the AWS Account has no
582 - * associated Users.
583 - *
584 - * @param string $certificate_id (Required) ID of the signing certificate to delete.
 578+ * @param string $group_name (Required) Name of the group. [Constraints: The value must be between 1 and 128 characters, and must match the following regular expression pattern: <code>[\w+=,.@-]*</code>]
585579 * @param array $opt (Optional) An associative array of parameters that can have the following keys: <ul>
586 - * <li><code>UserName</code> - <code>string</code> - Optional - Name of the User the signing certificate belongs to. </li>
 580+ * <li><code>Marker</code> - <code>string</code> - Optional - Use this only when paginating results, and only in a subsequent request after you've received a response where the results are truncated. Set it to the value of the <code>Marker</code> element in the response you just received. [Constraints: The value must be between 1 and 320 characters, and must match the following regular expression pattern: <code>[\u0020-\u00FF]*</code>]</li>
 581+ * <li><code>MaxItems</code> - <code>integer</code> - Optional - Use this only when paginating results to indicate the maximum number of user names you want in the response. If there are additional user names beyond the maximum you specify, the <code>IsTruncated</code> response element is <code>true</code>.</li>
587582 * <li><code>curlopts</code> - <code>array</code> - Optional - A set of values to pass directly into <code>curl_setopt()</code>, where the key is a pre-defined <code>CURLOPT_*</code> constant.</li>
588583 * <li><code>returnCurlHandle</code> - <code>boolean</code> - Optional - A private toggle specifying that the cURL handle be returned rather than actually completing the request. This toggle is useful for manually managed batch requests.</li></ul>
589584 * @return CFResponse A <CFResponse> object containing a parsed HTTP response.
590585 */
591 - public function delete_signing_certificate($certificate_id, $opt = null)
 586+ public function get_group($group_name, $opt = null)
592587 {
593588 if (!$opt) $opt = array();
594 - $opt['CertificateId'] = $certificate_id;
 589+ $opt['GroupName'] = $group_name;
595590
596 - return $this->authenticate('DeleteSigningCertificate', $opt, $this->hostname);
 591+ return $this->authenticate('GetGroup', $opt, $this->hostname);
597592 }
598593
599594 /**
 595+ * Retrieves the specified policy document for the specified group. The returned policy is
 596+ * URL-encoded according to RFC 3986. For more information about RFC 3986, go to <a href=
 597+ * "http://www.faqs.org/rfcs/rfc3986.html">http://www.faqs.org/rfcs/rfc3986.html</a>.
600598 *
601 - * Enables the specified MFA device and associates it with the specified User name. When enabled, the MFA device is required for every
602 - * subsequent login by the User name associated with the device.
603 - *
604 - * @param string $user_name (Required) Name of the User for whom you want to enable the MFA device.
605 - * @param string $serial_number (Required) The serial number that uniquely identifies the MFA device.
606 - * @param string $authentication_code1 (Required) An authentication code emitted by the device.
607 - * @param string $authentication_code2 (Required) A subsequent authentication code emitted by the device.
 599+ * @param string $group_name (Required) Name of the group the policy is associated with. [Constraints: The value must be between 1 and 128 characters, and must match the following regular expression pattern: <code>[\w+=,.@-]*</code>]
 600+ * @param string $policy_name (Required) Name of the policy document to get. [Constraints: The value must be between 1 and 128 characters, and must match the following regular expression pattern: <code>[\w+=,.@-]*</code>]
608601 * @param array $opt (Optional) An associative array of parameters that can have the following keys: <ul>
609602 * <li><code>curlopts</code> - <code>array</code> - Optional - A set of values to pass directly into <code>curl_setopt()</code>, where the key is a pre-defined <code>CURLOPT_*</code> constant.</li>
610603 * <li><code>returnCurlHandle</code> - <code>boolean</code> - Optional - A private toggle specifying that the cURL handle be returned rather than actually completing the request. This toggle is useful for manually managed batch requests.</li></ul>
611604 * @return CFResponse A <CFResponse> object containing a parsed HTTP response.
612605 */
613 - public function enable_mfa_device($user_name, $serial_number, $authentication_code1, $authentication_code2, $opt = null)
 606+ public function get_group_policy($group_name, $policy_name, $opt = null)
614607 {
615608 if (!$opt) $opt = array();
616 - $opt['UserName'] = $user_name;
617 - $opt['SerialNumber'] = $serial_number;
618 - $opt['AuthenticationCode1'] = $authentication_code1;
619 - $opt['AuthenticationCode2'] = $authentication_code2;
 609+ $opt['GroupName'] = $group_name;
 610+ $opt['PolicyName'] = $policy_name;
620611
621 - return $this->authenticate('EnableMFADevice', $opt, $this->hostname);
 612+ return $this->authenticate('GetGroupPolicy', $opt, $this->hostname);
622613 }
623614
624615 /**
 616+ * Retrieves the login profile for the specified user.
625617 *
626 - * Lists the names of the policies associated with the specified User. If there are none, the action returns an empty list.
627 - *
628 - * You can paginate the results using the <code>MaxItems</code> and <code>Marker</code> parameters.
629 - *
630 - * @param string $user_name (Required) The name of the User to list policies for.
 618+ * @param string $user_name (Required) Name of the user whose login profile you want to retrieve. [Constraints: The value must be between 1 and 64 characters, and must match the following regular expression pattern: <code>[\w+=,.@-]*</code>]
631619 * @param array $opt (Optional) An associative array of parameters that can have the following keys: <ul>
632 - * <li><code>Marker</code> - <code>string</code> - Optional - Use this only when paginating results, and only in a subsequent request after you've received a response where the results are truncated. Set it to the value of the <code>Marker</code> element in the response you just received. </li>
633 - * <li><code>MaxItems</code> - <code>integer</code> - Optional - Use this only when paginating results to indicate the maximum number of policy names you want in the response. If there are additional policy names beyond the maximum you specify, the <code>IsTruncated</code> response element is <code>true</code>. </li>
634620 * <li><code>curlopts</code> - <code>array</code> - Optional - A set of values to pass directly into <code>curl_setopt()</code>, where the key is a pre-defined <code>CURLOPT_*</code> constant.</li>
635621 * <li><code>returnCurlHandle</code> - <code>boolean</code> - Optional - A private toggle specifying that the cURL handle be returned rather than actually completing the request. This toggle is useful for manually managed batch requests.</li></ul>
636622 * @return CFResponse A <CFResponse> object containing a parsed HTTP response.
637623 */
638 - public function list_user_policies($user_name, $opt = null)
 624+ public function get_login_profile($user_name, $opt = null)
639625 {
640626 if (!$opt) $opt = array();
641627 $opt['UserName'] = $user_name;
642628
643 - return $this->authenticate('ListUserPolicies', $opt, $this->hostname);
 629+ return $this->authenticate('GetLoginProfile', $opt, $this->hostname);
644630 }
645631
646632 /**
 633+ * Retrieves information about the specified server certificate.
647634 *
648 - * Returns information about the Access Key IDs associated with the specified User. If there are none, the action returns an empty list.
649 - *
650 - * Although each User is limited to a small number of keys, you can still paginate the results using the <code>MaxItems</code> and
651 - * <code>Marker</code> parameters.
652 - *
653 - * If the <code>UserName</code> field is not specified, the UserName is determined implicitly based on the AWS Access Key ID used to sign the
654 - * request. Because this action works for access keys under the AWS Account, this API can be used to manage root credentials even if the AWS
655 - * Account has no associated Users.
656 - *
657 - * To ensure the security of your AWS Account, the secret access key is accessible only during key and User creation.
658 - *
 635+ * @param string $server_certificate_name (Required) The name of the server certificate you want to retrieve information about. [Constraints: The value must be between 1 and 128 characters, and must match the following regular expression pattern: <code>[\w+=,.@-]*</code>]
659636 * @param array $opt (Optional) An associative array of parameters that can have the following keys: <ul>
660 - * <li><code>UserName</code> - <code>string</code> - Optional - Name of the User. </li>
661 - * <li><code>Marker</code> - <code>string</code> - Optional - Use this parameter only when paginating results, and only in a subsequent request after you've received a response where the results are truncated. Set it to the value of the <code>Marker</code> element in the response you just received. </li>
662 - * <li><code>MaxItems</code> - <code>integer</code> - Optional - Use this parameter only when paginating results to indicate the maximum number of keys you want in the response. If there are additional keys beyond the maximum you specify, the <code>IsTruncated</code> response element is <code>true</code>. </li>
663637 * <li><code>curlopts</code> - <code>array</code> - Optional - A set of values to pass directly into <code>curl_setopt()</code>, where the key is a pre-defined <code>CURLOPT_*</code> constant.</li>
664638 * <li><code>returnCurlHandle</code> - <code>boolean</code> - Optional - A private toggle specifying that the cURL handle be returned rather than actually completing the request. This toggle is useful for manually managed batch requests.</li></ul>
665639 * @return CFResponse A <CFResponse> object containing a parsed HTTP response.
666640 */
667 - public function list_access_keys($opt = null)
 641+ public function get_server_certificate($server_certificate_name, $opt = null)
668642 {
669643 if (!$opt) $opt = array();
 644+ $opt['ServerCertificateName'] = $server_certificate_name;
670645
671 - return $this->authenticate('ListAccessKeys', $opt, $this->hostname);
 646+ return $this->authenticate('GetServerCertificate', $opt, $this->hostname);
672647 }
673648
674649 /**
 650+ * Retrieves information about the specified user, including the user's path, GUID, and ARN.
675651 *
676 - * Retrieves the login profile for the specified User.
 652+ * If you do not specify a user name, IAM determines the user name implicitly based on the AWS
 653+ * Access Key ID signing the request.
677654 *
678 - * @param string $user_name (Required) Name of the User whose login profile you want to retrieve.
679655 * @param array $opt (Optional) An associative array of parameters that can have the following keys: <ul>
 656+ * <li><code>UserName</code> - <code>string</code> - Optional - Name of the user to get information about. This parameter is optional. If it is not included, it defaults to the user making the request. [Constraints: The value must be between 1 and 64 characters, and must match the following regular expression pattern: <code>[\w+=,.@-]*</code>]</li>
680657 * <li><code>curlopts</code> - <code>array</code> - Optional - A set of values to pass directly into <code>curl_setopt()</code>, where the key is a pre-defined <code>CURLOPT_*</code> constant.</li>
681658 * <li><code>returnCurlHandle</code> - <code>boolean</code> - Optional - A private toggle specifying that the cURL handle be returned rather than actually completing the request. This toggle is useful for manually managed batch requests.</li></ul>
682659 * @return CFResponse A <CFResponse> object containing a parsed HTTP response.
683660 */
684 - public function get_login_profile($user_name, $opt = null)
 661+ public function get_user($opt = null)
685662 {
686663 if (!$opt) $opt = array();
687 - $opt['UserName'] = $user_name;
688664
689 - return $this->authenticate('GetLoginProfile', $opt, $this->hostname);
 665+ return $this->authenticate('GetUser', $opt, $this->hostname);
690666 }
691667
692668 /**
 669+ * Retrieves the specified policy document for the specified user. The returned policy is
 670+ * URL-encoded according to RFC 3986. For more information about RFC 3986, go to <a href=
 671+ * "http://www.faqs.org/rfcs/rfc3986.html">http://www.faqs.org/rfcs/rfc3986.html</a>.
693672 *
694 - * Lists the groups the specified User belongs to.
695 - *
696 - * You can paginate the results using the <code>MaxItems</code> and <code>Marker</code> parameters.
697 - *
698 - * @param string $user_name (Required) The name of the User to list groups for.
 673+ * @param string $user_name (Required) Name of the user who the policy is associated with. [Constraints: The value must be between 1 and 64 characters, and must match the following regular expression pattern: <code>[\w+=,.@-]*</code>]
 674+ * @param string $policy_name (Required) Name of the policy document to get. [Constraints: The value must be between 1 and 128 characters, and must match the following regular expression pattern: <code>[\w+=,.@-]*</code>]
699675 * @param array $opt (Optional) An associative array of parameters that can have the following keys: <ul>
700 - * <li><code>Marker</code> - <code>string</code> - Optional - Use this only when paginating results, and only in a subsequent request after you've received a response where the results are truncated. Set it to the value of the <code>Marker</code> element in the response you just received. </li>
701 - * <li><code>MaxItems</code> - <code>integer</code> - Optional - Use this only when paginating results to indicate the maximum number of groups you want in the response. If there are additional groups beyond the maximum you specify, the <code>IsTruncated</code> response element is <code>true</code>. </li>
702676 * <li><code>curlopts</code> - <code>array</code> - Optional - A set of values to pass directly into <code>curl_setopt()</code>, where the key is a pre-defined <code>CURLOPT_*</code> constant.</li>
703677 * <li><code>returnCurlHandle</code> - <code>boolean</code> - Optional - A private toggle specifying that the cURL handle be returned rather than actually completing the request. This toggle is useful for manually managed batch requests.</li></ul>
704678 * @return CFResponse A <CFResponse> object containing a parsed HTTP response.
705679 */
706 - public function list_groups_for_user($user_name, $opt = null)
 680+ public function get_user_policy($user_name, $policy_name, $opt = null)
707681 {
708682 if (!$opt) $opt = array();
709683 $opt['UserName'] = $user_name;
 684+ $opt['PolicyName'] = $policy_name;
710685
711 - return $this->authenticate('ListGroupsForUser', $opt, $this->hostname);
 686+ return $this->authenticate('GetUserPolicy', $opt, $this->hostname);
712687 }
713688
714689 /**
 690+ * Returns information about the Access Key IDs associated with the specified user. If there are
 691+ * none, the action returns an empty list.
715692 *
716 - * Creates a new group.
 693+ * Although each user is limited to a small number of keys, you can still paginate the results
 694+ * using the <code>MaxItems</code> and <code>Marker</code> parameters.
717695 *
718 - * For information about the number of groups you can create, see <a
719 - * href="http://docs.amazonwebservices.com/IAM/latest/UserGuide/index.html?LimitationsOnEntities.html">Limitations on IAM Entities</a> in
720 - * <i>Using AWS Identity and Access Management</i>.
 696+ * If the <code>UserName</code> field is not specified, the UserName is determined implicitly
 697+ * based on the AWS Access Key ID used to sign the request. Because this action works for access
 698+ * keys under the AWS account, this API can be used to manage root credentials even if the AWS
 699+ * account has no associated users.
721700 *
722 - * @param string $group_name (Required) Name of the group to create. Do not include the path in this value.
 701+ * <p class="note">
 702+ * To ensure the security of your AWS account, the secret access key is accessible only during key
 703+ * and user creation.
 704+ * </p>
 705+ *
723706 * @param array $opt (Optional) An associative array of parameters that can have the following keys: <ul>
724 - * <li><code>Path</code> - <code>string</code> - Optional - The path to the group. For more information about paths, see Identifiers for IAM Entities in <i>Using AWS Identity and Access Management</i>. This parameter is optional. If it is not included, it defaults to a slash (/). </li>
 707+ * <li><code>UserName</code> - <code>string</code> - Optional - Name of the user. [Constraints: The value must be between 1 and 64 characters, and must match the following regular expression pattern: <code>[\w+=,.@-]*</code>]</li>
 708+ * <li><code>Marker</code> - <code>string</code> - Optional - Use this parameter only when paginating results, and only in a subsequent request after you've received a response where the results are truncated. Set it to the value of the <code>Marker</code> element in the response you just received. [Constraints: The value must be between 1 and 320 characters, and must match the following regular expression pattern: <code>[\u0020-\u00FF]*</code>]</li>
 709+ * <li><code>MaxItems</code> - <code>integer</code> - Optional - Use this parameter only when paginating results to indicate the maximum number of keys you want in the response. If there are additional keys beyond the maximum you specify, the <code>IsTruncated</code> response element is <code>true</code>.</li>
725710 * <li><code>curlopts</code> - <code>array</code> - Optional - A set of values to pass directly into <code>curl_setopt()</code>, where the key is a pre-defined <code>CURLOPT_*</code> constant.</li>
726711 * <li><code>returnCurlHandle</code> - <code>boolean</code> - Optional - A private toggle specifying that the cURL handle be returned rather than actually completing the request. This toggle is useful for manually managed batch requests.</li></ul>
727712 * @return CFResponse A <CFResponse> object containing a parsed HTTP response.
728713 */
729 - public function create_group($group_name, $opt = null)
 714+ public function list_access_keys($opt = null)
730715 {
731716 if (!$opt) $opt = array();
732 - $opt['GroupName'] = $group_name;
733717
734 - return $this->authenticate('CreateGroup', $opt, $this->hostname);
 718+ return $this->authenticate('ListAccessKeys', $opt, $this->hostname);
735719 }
736720
737721 /**
 722+ * Lists the account aliases associated with the account. For information about using an AWS
 723+ * account alias, see <a href=
 724+ * "http://docs.amazonwebservices.com/IAM/latest/UserGuide/AccountAlias.html" target=
 725+ * "_blank">Using an Alias for Your AWS Account ID</a> in <em>Using AWS Identity and Access
 726+ * Management</em>.
738727 *
739 - * Uploads a server certificate entity for the AWS Account. The server certificate entity includes a public key certificate, a private key, and
740 - * an optional certificate chain, which should all be PEM-encoded.
 728+ * You can paginate the results using the <code>MaxItems</code> and <code>Marker</code>
 729+ * parameters.
741730 *
742 - * For information about the number of server certificates you can upload, see <a
743 - * href="http://docs.amazonwebservices.com/IAM/latest/UserGuide/index.html?LimitationsOnEntities.html">Limitations on IAM Entities</a> in
744 - * <i>Using AWS Identity and Access Management</i>.
745 - *
746 - * Because the body of the public key certificate, private key, and the certificate chain can be large, you should use POST rather than GET
747 - * when calling <code>UploadServerCertificate</code>. For more information, see <a
748 - * href="http://docs.amazonwebservices.com/IAM/latest/UserGuide/IAM_UsingQueryAPI.html">Making Query Requests</a> in <i>Using AWS Identity and
749 - * Access Management</i>.
750 - *
751 - * @param string $server_certificate_name (Required) The name for the server certificate. Do not include the path in this value.
752 - * @param string $certificate_body (Required) The contents of the public key certificate in PEM-encoded format.
753 - * @param string $private_key (Required) The contents of the private key in PEM-encoded format.
754731 * @param array $opt (Optional) An associative array of parameters that can have the following keys: <ul>
755 - * <li><code>Path</code> - <code>string</code> - Optional - The path for the server certificate. For more information about paths, see Identifiers for IAM Entities in <i>Using AWS Identity and Access Management</i>. This parameter is optional. If it is not included, it defaults to a slash (/). </li>
756 - * <li><code>CertificateChain</code> - <code>string</code> - Optional - The contents of the certificate chain. This is typically a concatenation of the PEM-encoded public key certificates of the chain. </li>
 732+ * <li><code>Marker</code> - <code>string</code> - Optional - Use this only when paginating results, and only in a subsequent request after you've received a response where the results are truncated. Set it to the value of the <code>Marker</code> element in the response you just received. [Constraints: The value must be between 1 and 320 characters, and must match the following regular expression pattern: <code>[\u0020-\u00FF]*</code>]</li>
 733+ * <li><code>MaxItems</code> - <code>integer</code> - Optional - Use this only when paginating results to indicate the maximum number of account aliases you want in the response. If there are additional account aliases beyond the maximum you specify, the <code>IsTruncated</code> response element is <code>true</code>.</li>
757734 * <li><code>curlopts</code> - <code>array</code> - Optional - A set of values to pass directly into <code>curl_setopt()</code>, where the key is a pre-defined <code>CURLOPT_*</code> constant.</li>
758735 * <li><code>returnCurlHandle</code> - <code>boolean</code> - Optional - A private toggle specifying that the cURL handle be returned rather than actually completing the request. This toggle is useful for manually managed batch requests.</li></ul>
759736 * @return CFResponse A <CFResponse> object containing a parsed HTTP response.
760737 */
761 - public function upload_server_certificate($server_certificate_name, $certificate_body, $private_key, $opt = null)
 738+ public function list_account_aliases($opt = null)
762739 {
763740 if (!$opt) $opt = array();
764 - $opt['ServerCertificateName'] = $server_certificate_name;
765 - $opt['CertificateBody'] = $certificate_body;
766 - $opt['PrivateKey'] = $private_key;
767741
768 - return $this->authenticate('UploadServerCertificate', $opt, $this->hostname);
 742+ return $this->authenticate('ListAccountAliases', $opt, $this->hostname);
769743 }
770744
771745 /**
 746+ * Lists the names of the policies associated with the specified group. If there are none, the
 747+ * action returns an empty list.
772748 *
773 - * This action creates an alias for your AWS Account. For information about using an AWS Account alias, see <a
774 - * href="http://docs.amazonwebservices.com/IAM/latest/UserGuide/AccountAlias.html">Using an Alias for Your AWS Account ID</a> in <i>Using AWS
775 - * Identity and Access Management</i>.
 749+ * You can paginate the results using the <code>MaxItems</code> and <code>Marker</code>
 750+ * parameters.
776751 *
777 - * @param string $account_alias (Required) Name of the account alias to create
 752+ * @param string $group_name (Required) The name of the group to list policies for. [Constraints: The value must be between 1 and 128 characters, and must match the following regular expression pattern: <code>[\w+=,.@-]*</code>]
778753 * @param array $opt (Optional) An associative array of parameters that can have the following keys: <ul>
 754+ * <li><code>Marker</code> - <code>string</code> - Optional - Use this only when paginating results, and only in a subsequent request after you've received a response where the results are truncated. Set it to the value of the <code>Marker</code> element in the response you just received. [Constraints: The value must be between 1 and 320 characters, and must match the following regular expression pattern: <code>[\u0020-\u00FF]*</code>]</li>
 755+ * <li><code>MaxItems</code> - <code>integer</code> - Optional - Use this only when paginating results to indicate the maximum number of policy names you want in the response. If there are additional policy names beyond the maximum you specify, the <code>IsTruncated</code> response element is <code>true</code>.</li>
779756 * <li><code>curlopts</code> - <code>array</code> - Optional - A set of values to pass directly into <code>curl_setopt()</code>, where the key is a pre-defined <code>CURLOPT_*</code> constant.</li>
780757 * <li><code>returnCurlHandle</code> - <code>boolean</code> - Optional - A private toggle specifying that the cURL handle be returned rather than actually completing the request. This toggle is useful for manually managed batch requests.</li></ul>
781758 * @return CFResponse A <CFResponse> object containing a parsed HTTP response.
782759 */
783 - public function create_account_alias($account_alias, $opt = null)
 760+ public function list_group_policies($group_name, $opt = null)
784761 {
785762 if (!$opt) $opt = array();
786 - $opt['AccountAlias'] = $account_alias;
 763+ $opt['GroupName'] = $group_name;
787764
788 - return $this->authenticate('CreateAccountAlias', $opt, $this->hostname);
 765+ return $this->authenticate('ListGroupPolicies', $opt, $this->hostname);
789766 }
790767
791768 /**
 769+ * Lists the groups that have the specified path prefix.
792770 *
793 - * Retrieves the specified policy document for the specified group. The returned policy is URL-encoded according to RFC 3986. For more
794 - * information about RFC 3986, go to <a href="http://www.faqs.org/rfcs/rfc3986.html">http://www.faqs.org/rfcs/rfc3986.html</a>.
 771+ * You can paginate the results using the <code>MaxItems</code> and <code>Marker</code>
 772+ * parameters.
795773 *
796 - * @param string $group_name (Required) Name of the group the policy is associated with.
797 - * @param string $policy_name (Required) Name of the policy document to get.
798774 * @param array $opt (Optional) An associative array of parameters that can have the following keys: <ul>
 775+ * <li><code>PathPrefix</code> - <code>string</code> - Optional - The path prefix for filtering the results. For example: <code>/division_abc/subdivision_xyz/</code>, which would get all groups whose path starts with <code>/division_abc/subdivision_xyz/</code>. This parameter is optional. If it is not included, it defaults to a slash (/), listing all groups. [Constraints: The value must be between 1 and 512 characters, and must match the following regular expression pattern: <code>\u002F[\u0021-\u007F]*</code>]</li>
 776+ * <li><code>Marker</code> - <code>string</code> - Optional - Use this only when paginating results, and only in a subsequent request after you've received a response where the results are truncated. Set it to the value of the <code>Marker</code> element in the response you just received. [Constraints: The value must be between 1 and 320 characters, and must match the following regular expression pattern: <code>[\u0020-\u00FF]*</code>]</li>
 777+ * <li><code>MaxItems</code> - <code>integer</code> - Optional - Use this only when paginating results to indicate the maximum number of groups you want in the response. If there are additional groups beyond the maximum you specify, the <code>IsTruncated</code> response element is <code>true</code>.</li>
799778 * <li><code>curlopts</code> - <code>array</code> - Optional - A set of values to pass directly into <code>curl_setopt()</code>, where the key is a pre-defined <code>CURLOPT_*</code> constant.</li>
800779 * <li><code>returnCurlHandle</code> - <code>boolean</code> - Optional - A private toggle specifying that the cURL handle be returned rather than actually completing the request. This toggle is useful for manually managed batch requests.</li></ul>
801780 * @return CFResponse A <CFResponse> object containing a parsed HTTP response.
802781 */
803 - public function get_group_policy($group_name, $policy_name, $opt = null)
 782+ public function list_groups($opt = null)
804783 {
805784 if (!$opt) $opt = array();
806 - $opt['GroupName'] = $group_name;
807 - $opt['PolicyName'] = $policy_name;
808785
809 - return $this->authenticate('GetGroupPolicy', $opt, $this->hostname);
 786+ return $this->authenticate('ListGroups', $opt, $this->hostname);
810787 }
811788
812789 /**
 790+ * Lists the groups the specified user belongs to.
813791 *
814 - * Deletes the specified User. The User must not belong to any groups, have any keys or signing certificates, or have any attached policies.
 792+ * You can paginate the results using the <code>MaxItems</code> and <code>Marker</code>
 793+ * parameters.
815794 *
816 - * @param string $user_name (Required) Name of the User to delete.
 795+ * @param string $user_name (Required) The name of the user to list groups for. [Constraints: The value must be between 1 and 64 characters, and must match the following regular expression pattern: <code>[\w+=,.@-]*</code>]
817796 * @param array $opt (Optional) An associative array of parameters that can have the following keys: <ul>
 797+ * <li><code>Marker</code> - <code>string</code> - Optional - Use this only when paginating results, and only in a subsequent request after you've received a response where the results are truncated. Set it to the value of the <code>Marker</code> element in the response you just received. [Constraints: The value must be between 1 and 320 characters, and must match the following regular expression pattern: <code>[\u0020-\u00FF]*</code>]</li>
 798+ * <li><code>MaxItems</code> - <code>integer</code> - Optional - Use this only when paginating results to indicate the maximum number of groups you want in the response. If there are additional groups beyond the maximum you specify, the <code>IsTruncated</code> response element is <code>true</code>.</li>
818799 * <li><code>curlopts</code> - <code>array</code> - Optional - A set of values to pass directly into <code>curl_setopt()</code>, where the key is a pre-defined <code>CURLOPT_*</code> constant.</li>
819800 * <li><code>returnCurlHandle</code> - <code>boolean</code> - Optional - A private toggle specifying that the cURL handle be returned rather than actually completing the request. This toggle is useful for manually managed batch requests.</li></ul>
820801 * @return CFResponse A <CFResponse> object containing a parsed HTTP response.
821802 */
822 - public function delete_user($user_name, $opt = null)
 803+ public function list_groups_for_user($user_name, $opt = null)
823804 {
824805 if (!$opt) $opt = array();
825806 $opt['UserName'] = $user_name;
826807
827 - return $this->authenticate('DeleteUser', $opt, $this->hostname);
 808+ return $this->authenticate('ListGroupsForUser', $opt, $this->hostname);
828809 }
829810
830811 /**
 812+ * Lists the MFA devices. If the request includes the user name, then this action lists all the
 813+ * MFA devices associated with the specified user name. If you do not specify a user name, IAM
 814+ * determines the user name implicitly based on the AWS Access Key ID signing the request.
831815 *
832 - * Deactivates the specified MFA device and removes it from association with the User name for which it was originally enabled.
 816+ * You can paginate the results using the <code>MaxItems</code> and <code>Marker</code>
 817+ * parameters.
833818 *
834 - * @param string $user_name (Required) Name of the User whose MFA device you want to deactivate.
835 - * @param string $serial_number (Required) The serial number that uniquely identifies the MFA device.
836819 * @param array $opt (Optional) An associative array of parameters that can have the following keys: <ul>
 820+ * <li><code>UserName</code> - <code>string</code> - Optional - Name of the user whose MFA devices you want to list. [Constraints: The value must be between 1 and 64 characters, and must match the following regular expression pattern: <code>[\w+=,.@-]*</code>]</li>
 821+ * <li><code>Marker</code> - <code>string</code> - Optional - Use this only when paginating results, and only in a subsequent request after you've received a response where the results are truncated. Set it to the value of the <code>Marker</code> element in the response you just received. [Constraints: The value must be between 1 and 320 characters, and must match the following regular expression pattern: <code>[\u0020-\u00FF]*</code>]</li>
 822+ * <li><code>MaxItems</code> - <code>integer</code> - Optional - Use this only when paginating results to indicate the maximum number of MFA devices you want in the response. If there are additional MFA devices beyond the maximum you specify, the <code>IsTruncated</code> response element is <code>true</code>.</li>
837823 * <li><code>curlopts</code> - <code>array</code> - Optional - A set of values to pass directly into <code>curl_setopt()</code>, where the key is a pre-defined <code>CURLOPT_*</code> constant.</li>
838824 * <li><code>returnCurlHandle</code> - <code>boolean</code> - Optional - A private toggle specifying that the cURL handle be returned rather than actually completing the request. This toggle is useful for manually managed batch requests.</li></ul>
839825 * @return CFResponse A <CFResponse> object containing a parsed HTTP response.
840826 */
841 - public function deactivate_mfa_device($user_name, $serial_number, $opt = null)
 827+ public function list_mfa_devices($opt = null)
842828 {
843829 if (!$opt) $opt = array();
844 - $opt['UserName'] = $user_name;
845 - $opt['SerialNumber'] = $serial_number;
846830
847 - return $this->authenticate('DeactivateMFADevice', $opt, $this->hostname);
 831+ return $this->authenticate('ListMFADevices', $opt, $this->hostname);
848832 }
849833
850834 /**
 835+ * Lists the server certificates that have the specified path prefix. If none exist, the action
 836+ * returns an empty list.
851837 *
852 - * Removes the specified User from the specified group.
 838+ * You can paginate the results using the <code>MaxItems</code> and <code>Marker</code>
 839+ * parameters.
853840 *
854 - * @param string $group_name (Required) Name of the group to update.
855 - * @param string $user_name (Required) Name of the User to remove.
856841 * @param array $opt (Optional) An associative array of parameters that can have the following keys: <ul>
 842+ * <li><code>PathPrefix</code> - <code>string</code> - Optional - The path prefix for filtering the results. For example: <code>/company/servercerts</code> would get all server certificates for which the path starts with <code>/company/servercerts</code>. This parameter is optional. If it is not included, it defaults to a slash (/), listing all server certificates. [Constraints: The value must be between 1 and 512 characters, and must match the following regular expression pattern: <code>\u002F[\u0021-\u007F]*</code>]</li>
 843+ * <li><code>Marker</code> - <code>string</code> - Optional - Use this only when paginating results, and only in a subsequent request after you've received a response where the results are truncated. Set it to the value of the <code>Marker</code> element in the response you just received. [Constraints: The value must be between 1 and 320 characters, and must match the following regular expression pattern: <code>[\u0020-\u00FF]*</code>]</li>
 844+ * <li><code>MaxItems</code> - <code>integer</code> - Optional - Use this only when paginating results to indicate the maximum number of server certificates you want in the response. If there are additional server certificates beyond the maximum you specify, the <code>IsTruncated</code> response element will be set to <code>true</code>.</li>
857845 * <li><code>curlopts</code> - <code>array</code> - Optional - A set of values to pass directly into <code>curl_setopt()</code>, where the key is a pre-defined <code>CURLOPT_*</code> constant.</li>
858846 * <li><code>returnCurlHandle</code> - <code>boolean</code> - Optional - A private toggle specifying that the cURL handle be returned rather than actually completing the request. This toggle is useful for manually managed batch requests.</li></ul>
859847 * @return CFResponse A <CFResponse> object containing a parsed HTTP response.
860848 */
861 - public function remove_user_from_group($group_name, $user_name, $opt = null)
 849+ public function list_server_certificates($opt = null)
862850 {
863851 if (!$opt) $opt = array();
864 - $opt['GroupName'] = $group_name;
865 - $opt['UserName'] = $user_name;
866852
867 - return $this->authenticate('RemoveUserFromGroup', $opt, $this->hostname);
 853+ return $this->authenticate('ListServerCertificates', $opt, $this->hostname);
868854 }
869855
870856 /**
 857+ * Returns information about the signing certificates associated with the specified user. If there
 858+ * are none, the action returns an empty list.
871859 *
872 - * Deletes the specified server certificate.
 860+ * Although each user is limited to a small number of signing certificates, you can still paginate
 861+ * the results using the <code>MaxItems</code> and <code>Marker</code> parameters.
873862 *
874 - * If your Elastic Load Balancing instances are using a server certificate, deleting the certificate could have implications for your
875 - * application. If your Elastic Load Balancing instances do not detect the deletion of bound certificates, they may continue to use the
876 - * certificates. This could cause them to stop accepting traffic. We recommend that you remove the reference to the certificate from your
877 - * Elastic Load Balancing instances before using this command to delete the certificate.
 863+ * If the <code>UserName</code> field is not specified, the user name is determined implicitly
 864+ * based on the AWS Access Key ID used to sign the request. Because this action works for access
 865+ * keys under the AWS account, this API can be used to manage root credentials even if the AWS
 866+ * account has no associated users.
878867 *
879 - * @param string $server_certificate_name (Required) The name of the server certificate you want to delete.
880868 * @param array $opt (Optional) An associative array of parameters that can have the following keys: <ul>
 869+ * <li><code>UserName</code> - <code>string</code> - Optional - The name of the user. [Constraints: The value must be between 1 and 64 characters, and must match the following regular expression pattern: <code>[\w+=,.@-]*</code>]</li>
 870+ * <li><code>Marker</code> - <code>string</code> - Optional - Use this only when paginating results, and only in a subsequent request after you've received a response where the results are truncated. Set it to the value of the <code>Marker</code> element in the response you just received. [Constraints: The value must be between 1 and 320 characters, and must match the following regular expression pattern: <code>[\u0020-\u00FF]*</code>]</li>
 871+ * <li><code>MaxItems</code> - <code>integer</code> - Optional - Use this only when paginating results to indicate the maximum number of certificate IDs you want in the response. If there are additional certificate IDs beyond the maximum you specify, the <code>IsTruncated</code> response element is <code>true</code>.</li>
881872 * <li><code>curlopts</code> - <code>array</code> - Optional - A set of values to pass directly into <code>curl_setopt()</code>, where the key is a pre-defined <code>CURLOPT_*</code> constant.</li>
882873 * <li><code>returnCurlHandle</code> - <code>boolean</code> - Optional - A private toggle specifying that the cURL handle be returned rather than actually completing the request. This toggle is useful for manually managed batch requests.</li></ul>
883874 * @return CFResponse A <CFResponse> object containing a parsed HTTP response.
884875 */
885 - public function delete_server_certificate($server_certificate_name, $opt = null)
 876+ public function list_signing_certificates($opt = null)
886877 {
887878 if (!$opt) $opt = array();
888 - $opt['ServerCertificateName'] = $server_certificate_name;
889879
890 - return $this->authenticate('DeleteServerCertificate', $opt, $this->hostname);
 880+ return $this->authenticate('ListSigningCertificates', $opt, $this->hostname);
891881 }
892882
893883 /**
 884+ * Lists the names of the policies associated with the specified user. If there are none, the
 885+ * action returns an empty list.
894886 *
895 - * Lists the names of the policies associated with the specified group. If there are none, the action returns an empty list.
 887+ * You can paginate the results using the <code>MaxItems</code> and <code>Marker</code>
 888+ * parameters.
896889 *
897 - * You can paginate the results using the <code>MaxItems</code> and <code>Marker</code> parameters.
898 - *
899 - * @param string $group_name (Required) The name of the group to list policies for.
 890+ * @param string $user_name (Required) The name of the user to list policies for. [Constraints: The value must be between 1 and 64 characters, and must match the following regular expression pattern: <code>[\w+=,.@-]*</code>]
900891 * @param array $opt (Optional) An associative array of parameters that can have the following keys: <ul>
901 - * <li><code>Marker</code> - <code>string</code> - Optional - Use this only when paginating results, and only in a subsequent request after you've received a response where the results are truncated. Set it to the value of the <code>Marker</code> element in the response you just received. </li>
902 - * <li><code>MaxItems</code> - <code>integer</code> - Optional - Use this only when paginating results to indicate the maximum number of policy names you want in the response. If there are additional policy names beyond the maximum you specify, the <code>IsTruncated</code> response element is <code>true</code>. </li>
 892+ * <li><code>Marker</code> - <code>string</code> - Optional - Use this only when paginating results, and only in a subsequent request after you've received a response where the results are truncated. Set it to the value of the <code>Marker</code> element in the response you just received. [Constraints: The value must be between 1 and 320 characters, and must match the following regular expression pattern: <code>[\u0020-\u00FF]*</code>]</li>
 893+ * <li><code>MaxItems</code> - <code>integer</code> - Optional - Use this only when paginating results to indicate the maximum number of policy names you want in the response. If there are additional policy names beyond the maximum you specify, the <code>IsTruncated</code> response element is <code>true</code>.</li>
903894 * <li><code>curlopts</code> - <code>array</code> - Optional - A set of values to pass directly into <code>curl_setopt()</code>, where the key is a pre-defined <code>CURLOPT_*</code> constant.</li>
904895 * <li><code>returnCurlHandle</code> - <code>boolean</code> - Optional - A private toggle specifying that the cURL handle be returned rather than actually completing the request. This toggle is useful for manually managed batch requests.</li></ul>
905896 * @return CFResponse A <CFResponse> object containing a parsed HTTP response.
906897 */
907 - public function list_group_policies($group_name, $opt = null)
 898+ public function list_user_policies($user_name, $opt = null)
908899 {
909900 if (!$opt) $opt = array();
910 - $opt['GroupName'] = $group_name;
 901+ $opt['UserName'] = $user_name;
911902
912 - return $this->authenticate('ListGroupPolicies', $opt, $this->hostname);
 903+ return $this->authenticate('ListUserPolicies', $opt, $this->hostname);
913904 }
914905
915906 /**
 907+ * Lists the users that have the specified path prefix. If there are none, the action returns an
 908+ * empty list.
916909 *
917 - * Creates a login profile for the specified User, giving the User the ability to access AWS services such as the AWS Management Console. For
918 - * more information about login profiles, see <a
919 - * href="http://docs.amazonwebservices.com/IAM/latest/UserGuide/index.html?Using_ManagingLoginsAndMFA.html">Managing Login Profiles and MFA
920 - * Devices</a> in <i>Using AWS Identity and Access Management</i>.
 910+ * You can paginate the results using the <code>MaxItems</code> and <code>Marker</code>
 911+ * parameters.
921912 *
922 - * @param string $user_name (Required) Name of the User to create a login profile for.
923 - * @param string $password (Required) The new password for the User name.
924913 * @param array $opt (Optional) An associative array of parameters that can have the following keys: <ul>
 914+ * <li><code>PathPrefix</code> - <code>string</code> - Optional - The path prefix for filtering the results. For example: <code>/division_abc/subdivision_xyz/</code>, which would get all user names whose path starts with <code>/division_abc/subdivision_xyz/</code>. This parameter is optional. If it is not included, it defaults to a slash (/), listing all user names. [Constraints: The value must be between 1 and 512 characters, and must match the following regular expression pattern: <code>\u002F[\u0021-\u007F]*</code>]</li>
 915+ * <li><code>Marker</code> - <code>string</code> - Optional - Use this parameter only when paginating results, and only in a subsequent request after you've received a response where the results are truncated. Set it to the value of the <code>Marker</code> element in the response you just received. [Constraints: The value must be between 1 and 320 characters, and must match the following regular expression pattern: <code>[\u0020-\u00FF]*</code>]</li>
 916+ * <li><code>MaxItems</code> - <code>integer</code> - Optional - Use this parameter only when paginating results to indicate the maximum number of user names you want in the response. If there are additional user names beyond the maximum you specify, the <code>IsTruncated</code> response element is <code>true</code>.</li>
925917 * <li><code>curlopts</code> - <code>array</code> - Optional - A set of values to pass directly into <code>curl_setopt()</code>, where the key is a pre-defined <code>CURLOPT_*</code> constant.</li>
926918 * <li><code>returnCurlHandle</code> - <code>boolean</code> - Optional - A private toggle specifying that the cURL handle be returned rather than actually completing the request. This toggle is useful for manually managed batch requests.</li></ul>
927919 * @return CFResponse A <CFResponse> object containing a parsed HTTP response.
928920 */
929 - public function create_login_profile($user_name, $password, $opt = null)
 921+ public function list_users($opt = null)
930922 {
931923 if (!$opt) $opt = array();
932 - $opt['UserName'] = $user_name;
933 - $opt['Password'] = $password;
934924
935 - return $this->authenticate('CreateLoginProfile', $opt, $this->hostname);
 925+ return $this->authenticate('ListUsers', $opt, $this->hostname);
936926 }
937927
938928 /**
 929+ * Lists the virtual MFA devices under the AWS account by assignment status. If you do not specify
 930+ * an assignment status, the action returns a list of all virtual MFA devices. Assignment status
 931+ * can be <code>Assigned</code>, <code>Unassigned</code>, or <code>Any</code>.
939932 *
940 - * Creates a new AWS Secret Access Key and corresponding AWS Access Key ID for the specified User. The default status for new keys is
941 - * <code>Active</code>.
 933+ * You can paginate the results using the <code>MaxItems</code> and <code>Marker</code>
 934+ * parameters.
942935 *
943 - * If you do not specify a User name, IAM determines the User name implicitly based on the AWS Access Key ID signing the request. Because this
944 - * action works for access keys under the AWS Account, you can use this API to manage root credentials even if the AWS Account has no
945 - * associated Users.
 936+ * @param array $opt (Optional) An associative array of parameters that can have the following keys: <ul>
 937+ * <li><code>AssignmentStatus</code> - <code>string</code> - Optional - The status (unassigned or assigned) of the devices to list. If you do not specify an <code>AssignmentStatus</code>, the action defaults to <code>Any</code> which lists both assigned and unassigned virtual MFA devices. [Allowed values: <code>Assigned</code>, <code>Unassigned</code>, <code>Any</code>]</li>
 938+ * <li><code>Marker</code> - <code>string</code> - Optional - Use this parameter only when paginating results, and only in a subsequent request after you've received a response where the results are truncated. Set it to the value of the <code>Marker</code> element in the response you just received. [Constraints: The value must be between 1 and 320 characters, and must match the following regular expression pattern: <code>[\u0020-\u00FF]*</code>]</li>
 939+ * <li><code>MaxItems</code> - <code>integer</code> - Optional - Use this parameter only when paginating results to indicate the maximum number of user names you want in the response. If there are additional user names beyond the maximum you specify, the <code>IsTruncated</code> response element is <code>true</code>.</li>
 940+ * <li><code>curlopts</code> - <code>array</code> - Optional - A set of values to pass directly into <code>curl_setopt()</code>, where the key is a pre-defined <code>CURLOPT_*</code> constant.</li>
 941+ * <li><code>returnCurlHandle</code> - <code>boolean</code> - Optional - A private toggle specifying that the cURL handle be returned rather than actually completing the request. This toggle is useful for manually managed batch requests.</li></ul>
 942+ * @return CFResponse A <CFResponse> object containing a parsed HTTP response.
 943+ */
 944+ public function list_virtual_mfa_devices($opt = null)
 945+ {
 946+ if (!$opt) $opt = array();
 947+
 948+ return $this->authenticate('ListVirtualMFADevices', $opt, $this->hostname);
 949+ }
 950+
 951+ /**
 952+ * Adds (or updates) a policy document associated with the specified group. For information about
 953+ * policies, refer to <a href=
 954+ * "http://docs.amazonwebservices.com/IAM/latest/UserGuide/index.html?PoliciesOverview.html"
 955+ * target="_blank">Overview of Policies</a> in <em>Using AWS Identity and Access Management</em>.
946956 *
947 - * For information about limits on the number of keys you can create, see <a
948 - * href="http://docs.amazonwebservices.com/IAM/2010-05-08/UserGuide/index.html?LimitationsOnEntities.html">Limitations on IAM Entities</a> in
949 - * <i>Using AWS Identity and Access Management</i>.
 957+ * For information about limits on the number of policies you can associate with a group, see
 958+ * <a href=
 959+ * "http://docs.amazonwebservices.com/IAM/latest/UserGuide/index.html?LimitationsOnEntities.html"
 960+ * target="_blank">Limitations on IAM Entities</a> in <em>Using AWS Identity and Access
 961+ * Management</em>.
950962 *
951 - * To ensure the security of your AWS Account, the Secret Access Key is accessible only during key and User creation. You must save the key
952 - * (for example, in a text file) if you want to be able to access it again. If a secret key is lost, you can delete the access keys for the
953 - * associated User and then create new keys.
 963+ * <p class="note">
 964+ * Because policy documents can be large, you should use POST rather than GET when calling
 965+ * <code>PutGroupPolicy</code>. For more information, see <a href=
 966+ * "http://docs.amazonwebservices.com/IAM/latest/UserGuide/index.html?IAM_UsingQueryAPI.html"
 967+ * target="_blank">Making Query Requests</a> in <em>Using AWS Identity and Access Management</em>.
 968+ * </p>
954969 *
 970+ * @param string $group_name (Required) Name of the group to associate the policy with. [Constraints: The value must be between 1 and 128 characters, and must match the following regular expression pattern: <code>[\w+=,.@-]*</code>]
 971+ * @param string $policy_name (Required) Name of the policy document. [Constraints: The value must be between 1 and 128 characters, and must match the following regular expression pattern: <code>[\w+=,.@-]*</code>]
 972+ * @param string $policy_document (Required) The policy document. [Constraints: The value must be between 1 and 131072 characters, and must match the following regular expression pattern: <code>[\u0009\u000A\u000D\u0020-\u00FF]+</code>]
955973 * @param array $opt (Optional) An associative array of parameters that can have the following keys: <ul>
956 - * <li><code>UserName</code> - <code>string</code> - Optional - The User name that the new key will belong to. </li>
957974 * <li><code>curlopts</code> - <code>array</code> - Optional - A set of values to pass directly into <code>curl_setopt()</code>, where the key is a pre-defined <code>CURLOPT_*</code> constant.</li>
958975 * <li><code>returnCurlHandle</code> - <code>boolean</code> - Optional - A private toggle specifying that the cURL handle be returned rather than actually completing the request. This toggle is useful for manually managed batch requests.</li></ul>
959976 * @return CFResponse A <CFResponse> object containing a parsed HTTP response.
960977 */
961 - public function create_access_key($opt = null)
 978+ public function put_group_policy($group_name, $policy_name, $policy_document, $opt = null)
962979 {
963980 if (!$opt) $opt = array();
 981+ $opt['GroupName'] = $group_name;
 982+ $opt['PolicyName'] = $policy_name;
 983+ $opt['PolicyDocument'] = $policy_document;
964984
965 - return $this->authenticate('CreateAccessKey', $opt, $this->hostname);
 985+ return $this->authenticate('PutGroupPolicy', $opt, $this->hostname);
966986 }
967987
968988 /**
 989+ * Adds (or updates) a policy document associated with the specified user. For information about
 990+ * policies, refer to <a href=
 991+ * "http://docs.amazonwebservices.com/IAM/latest/UserGuide/index.html?PoliciesOverview.html"
 992+ * target="_blank">Overview of Policies</a> in <em>Using AWS Identity and Access Management</em>.
969993 *
970 - * Retrieves information about the specified User, including the User's path, GUID, and ARN.
 994+ * For information about limits on the number of policies you can associate with a user, see
 995+ * <a href=
 996+ * "http://docs.amazonwebservices.com/IAM/latest/UserGuide/index.html?LimitationsOnEntities.html"
 997+ * target="_blank">Limitations on IAM Entities</a> in <em>Using AWS Identity and Access
 998+ * Management</em>.
971999 *
972 - * If you do not specify a User name, IAM determines the User name implicitly based on the AWS Access Key ID signing the request.
 1000+ * <p class="note">
 1001+ * Because policy documents can be large, you should use POST rather than GET when calling
 1002+ * <code>PutUserPolicy</code>. For more information, see <a href=
 1003+ * "http://docs.amazonwebservices.com/IAM/latest/UserGuide/index.html?IAM_UsingQueryAPI.html"
 1004+ * target="_blank">Making Query Requests</a> in <em>Using AWS Identity and Access Management</em>.
 1005+ * </p>
9731006 *
 1007+ * @param string $user_name (Required) Name of the user to associate the policy with. [Constraints: The value must be between 1 and 64 characters, and must match the following regular expression pattern: <code>[\w+=,.@-]*</code>]
 1008+ * @param string $policy_name (Required) Name of the policy document. [Constraints: The value must be between 1 and 128 characters, and must match the following regular expression pattern: <code>[\w+=,.@-]*</code>]
 1009+ * @param string $policy_document (Required) The policy document. [Constraints: The value must be between 1 and 131072 characters, and must match the following regular expression pattern: <code>[\u0009\u000A\u000D\u0020-\u00FF]+</code>]
9741010 * @param array $opt (Optional) An associative array of parameters that can have the following keys: <ul>
975 - * <li><code>UserName</code> - <code>string</code> - Optional - Name of the User to get information about. This parameter is optional. If it is not included, it defaults to the User making the request. </li>
9761011 * <li><code>curlopts</code> - <code>array</code> - Optional - A set of values to pass directly into <code>curl_setopt()</code>, where the key is a pre-defined <code>CURLOPT_*</code> constant.</li>
9771012 * <li><code>returnCurlHandle</code> - <code>boolean</code> - Optional - A private toggle specifying that the cURL handle be returned rather than actually completing the request. This toggle is useful for manually managed batch requests.</li></ul>
9781013 * @return CFResponse A <CFResponse> object containing a parsed HTTP response.
9791014 */
980 - public function get_user($opt = null)
 1015+ public function put_user_policy($user_name, $policy_name, $policy_document, $opt = null)
9811016 {
9821017 if (!$opt) $opt = array();
 1018+ $opt['UserName'] = $user_name;
 1019+ $opt['PolicyName'] = $policy_name;
 1020+ $opt['PolicyDocument'] = $policy_document;
9831021
984 - return $this->authenticate('GetUser', $opt, $this->hostname);
 1022+ return $this->authenticate('PutUserPolicy', $opt, $this->hostname);
9851023 }
9861024
9871025 /**
 1026+ * Removes the specified user from the specified group.
9881027 *
 1028+ * @param string $group_name (Required) Name of the group to update. [Constraints: The value must be between 1 and 128 characters, and must match the following regular expression pattern: <code>[\w+=,.@-]*</code>]
 1029+ * @param string $user_name (Required) Name of the user to remove. [Constraints: The value must be between 1 and 64 characters, and must match the following regular expression pattern: <code>[\w+=,.@-]*</code>]
 1030+ * @param array $opt (Optional) An associative array of parameters that can have the following keys: <ul>
 1031+ * <li><code>curlopts</code> - <code>array</code> - Optional - A set of values to pass directly into <code>curl_setopt()</code>, where the key is a pre-defined <code>CURLOPT_*</code> constant.</li>
 1032+ * <li><code>returnCurlHandle</code> - <code>boolean</code> - Optional - A private toggle specifying that the cURL handle be returned rather than actually completing the request. This toggle is useful for manually managed batch requests.</li></ul>
 1033+ * @return CFResponse A <CFResponse> object containing a parsed HTTP response.
 1034+ */
 1035+ public function remove_user_from_group($group_name, $user_name, $opt = null)
 1036+ {
 1037+ if (!$opt) $opt = array();
 1038+ $opt['GroupName'] = $group_name;
 1039+ $opt['UserName'] = $user_name;
 1040+
 1041+ return $this->authenticate('RemoveUserFromGroup', $opt, $this->hostname);
 1042+ }
 1043+
 1044+ /**
9891045 * Synchronizes the specified MFA device with AWS servers.
9901046 *
991 - * @param string $user_name (Required) Name of the User whose MFA device you want to resynchronize.
992 - * @param string $serial_number (Required) Serial number that uniquely identifies the MFA device.
993 - * @param string $authentication_code1 (Required) An authentication code emitted by the device.
994 - * @param string $authentication_code2 (Required) A subsequent authentication code emitted by the device.
 1047+ * @param string $user_name (Required) Name of the user whose MFA device you want to resynchronize. [Constraints: The value must be between 1 and 64 characters, and must match the following regular expression pattern: <code>[\w+=,.@-]*</code>]
 1048+ * @param string $serial_number (Required) Serial number that uniquely identifies the MFA device. [Constraints: The value must be between 9 and 256 characters, and must match the following regular expression pattern: <code>[\w+=/:,.@-]*</code>]
 1049+ * @param string $authentication_code1 (Required) An authentication code emitted by the device. [Constraints: The value must be between 6 and 6 characters, and must match the following regular expression pattern: <code>[\d]*</code>]
 1050+ * @param string $authentication_code2 (Required) A subsequent authentication code emitted by the device. [Constraints: The value must be between 6 and 6 characters, and must match the following regular expression pattern: <code>[\d]*</code>]
9951051 * @param array $opt (Optional) An associative array of parameters that can have the following keys: <ul>
9961052 * <li><code>curlopts</code> - <code>array</code> - Optional - A set of values to pass directly into <code>curl_setopt()</code>, where the key is a pre-defined <code>CURLOPT_*</code> constant.</li>
9971053 * <li><code>returnCurlHandle</code> - <code>boolean</code> - Optional - A private toggle specifying that the cURL handle be returned rather than actually completing the request. This toggle is useful for manually managed batch requests.</li></ul>
@@ -1008,156 +1064,257 @@
10091065 }
10101066
10111067 /**
 1068+ * Changes the status of the specified access key from Active to Inactive, or vice versa. This
 1069+ * action can be used to disable a user's key as part of a key rotation work flow.
10121070 *
1013 - * Lists the MFA devices associated with the specified User name.
 1071+ * If the <code>UserName</code> field is not specified, the UserName is determined implicitly
 1072+ * based on the AWS Access Key ID used to sign the request. Because this action works for access
 1073+ * keys under the AWS account, this API can be used to manage root credentials even if the AWS
 1074+ * account has no associated users.
10141075 *
1015 - * You can paginate the results using the <code>MaxItems</code> and <code>Marker</code> parameters.
 1076+ * For information about rotating keys, see <a href=
 1077+ * "http://docs.amazonwebservices.com/IAM/latest/UserGuide/index.html?ManagingCredentials.html"
 1078+ * target="_blank">Managing Keys and Certificates</a> in <em>Using AWS Identity and Access
 1079+ * Management</em>.
10161080 *
1017 - * @param string $user_name (Required) Name of the User whose MFA devices you want to list.
 1081+ * @param string $access_key_id (Required) The Access Key ID of the Secret Access Key you want to update. [Constraints: The value must be between 16 and 32 characters, and must match the following regular expression pattern: <code>[\w]*</code>]
 1082+ * @param string $status (Required) The status you want to assign to the Secret Access Key. <code>Active</code> means the key can be used for API calls to AWS, while <code>Inactive</code> means the key cannot be used. [Allowed values: <code>Active</code>, <code>Inactive</code>]
10181083 * @param array $opt (Optional) An associative array of parameters that can have the following keys: <ul>
1019 - * <li><code>Marker</code> - <code>string</code> - Optional - Use this only when paginating results, and only in a subsequent request after you've received a response where the results are truncated. Set it to the value of the <code>Marker</code> element in the response you just received. </li>
1020 - * <li><code>MaxItems</code> - <code>integer</code> - Optional - Use this only when paginating results to indicate the maximum number of keys you want in the response. If there are additional keys beyond the maximum you specify, the <code>IsTruncated</code> response element is <code>true</code>. </li>
 1084+ * <li><code>UserName</code> - <code>string</code> - Optional - Name of the user whose key you want to update. [Constraints: The value must be between 1 and 64 characters, and must match the following regular expression pattern: <code>[\w+=,.@-]*</code>]</li>
10211085 * <li><code>curlopts</code> - <code>array</code> - Optional - A set of values to pass directly into <code>curl_setopt()</code>, where the key is a pre-defined <code>CURLOPT_*</code> constant.</li>
10221086 * <li><code>returnCurlHandle</code> - <code>boolean</code> - Optional - A private toggle specifying that the cURL handle be returned rather than actually completing the request. This toggle is useful for manually managed batch requests.</li></ul>
10231087 * @return CFResponse A <CFResponse> object containing a parsed HTTP response.
10241088 */
1025 - public function list_mfa_devices($user_name, $opt = null)
 1089+ public function update_access_key($access_key_id, $status, $opt = null)
10261090 {
10271091 if (!$opt) $opt = array();
1028 - $opt['UserName'] = $user_name;
 1092+ $opt['AccessKeyId'] = $access_key_id;
 1093+ $opt['Status'] = $status;
10291094
1030 - return $this->authenticate('ListMFADevices', $opt, $this->hostname);
 1095+ return $this->authenticate('UpdateAccessKey', $opt, $this->hostname);
10311096 }
10321097
10331098 /**
 1099+ * Updates the name and/or the path of the specified group.
10341100 *
1035 - * Changes the status of the specified access key from Active to Inactive, or vice versa. This action can be used to disable a User's key as
1036 - * part of a key rotation workflow.
 1101+ * <p class="important">
 1102+ * You should understand the implications of changing a group's path or name. For more
 1103+ * information, see <a href=
 1104+ * "http://docs.amazonwebservices.com/IAM/latest/UserGuide/index.html?Using_Renaming.html" target=
 1105+ * "_blank">Renaming Users and Groups</a> in <em>Using AWS Identity and Access Management</em>.
 1106+ * </p>
 1107+ * <p class="note">
 1108+ * To change a group name the requester must have appropriate permissions on both the source
 1109+ * object and the target object. For example, to change Managers to MGRs, the entity making the
 1110+ * request must have permission on Managers and MGRs, or must have permission on all (*). For more
 1111+ * information about permissions, see <a href=
 1112+ * "http://docs.amazonwebservices.com/IAM/latest/UserGuide/PermissionsAndPolicies.html" target=
 1113+ * "blank">Permissions and Policies</a>.
 1114+ * </p>
10371115 *
1038 - * If the <code>UserName</code> field is not specified, the UserName is determined implicitly based on the AWS Access Key ID used to sign the
1039 - * request. Because this action works for access keys under the AWS Account, this API can be used to manage root credentials even if the AWS
1040 - * Account has no associated Users.
 1116+ * @param string $group_name (Required) Name of the group to update. If you're changing the name of the group, this is the original name. [Constraints: The value must be between 1 and 128 characters, and must match the following regular expression pattern: <code>[\w+=,.@-]*</code>]
 1117+ * @param array $opt (Optional) An associative array of parameters that can have the following keys: <ul>
 1118+ * <li><code>NewPath</code> - <code>string</code> - Optional - New path for the group. Only include this if changing the group's path. [Constraints: The value must be between 1 and 512 characters, and must match the following regular expression pattern: <code>(\u002F)|(\u002F[\u0021-\u007F]+\u002F)</code>]</li>
 1119+ * <li><code>NewGroupName</code> - <code>string</code> - Optional - New name for the group. Only include this if changing the group's name. [Constraints: The value must be between 1 and 128 characters, and must match the following regular expression pattern: <code>[\w+=,.@-]*</code>]</li>
 1120+ * <li><code>curlopts</code> - <code>array</code> - Optional - A set of values to pass directly into <code>curl_setopt()</code>, where the key is a pre-defined <code>CURLOPT_*</code> constant.</li>
 1121+ * <li><code>returnCurlHandle</code> - <code>boolean</code> - Optional - A private toggle specifying that the cURL handle be returned rather than actually completing the request. This toggle is useful for manually managed batch requests.</li></ul>
 1122+ * @return CFResponse A <CFResponse> object containing a parsed HTTP response.
 1123+ */
 1124+ public function update_group($group_name, $opt = null)
 1125+ {
 1126+ if (!$opt) $opt = array();
 1127+ $opt['GroupName'] = $group_name;
 1128+
 1129+ return $this->authenticate('UpdateGroup', $opt, $this->hostname);
 1130+ }
 1131+
 1132+ /**
 1133+ * Updates the login profile for the specified user. Use this API to change the user's password.
10411134 *
1042 - * For information about rotating keys, see <a
1043 - * href="http://docs.amazonwebservices.com/IAM/latest/UserGuide/index.html?ManagingCredentials.html">Managing Keys and Certificates</a> in
1044 - * <i>Using AWS Identity and Access Management</i>.
1045 - *
1046 - * @param string $access_key_id (Required) The Access Key ID of the Secret Access Key you want to update.
1047 - * @param string $status (Required) The status you want to assign to the Secret Access Key. <code>Active</code> means the key can be used for API calls to AWS, while <code>Inactive</code> means the key cannot be used. [Allowed values: <code>Active</code>, <code>Inactive</code>]
 1135+ * @param string $user_name (Required) Name of the user whose login profile you want to update. [Constraints: The value must be between 1 and 64 characters, and must match the following regular expression pattern: <code>[\w+=,.@-]*</code>]
10481136 * @param array $opt (Optional) An associative array of parameters that can have the following keys: <ul>
1049 - * <li><code>UserName</code> - <code>string</code> - Optional - Name of the User whose key you want to update. </li>
 1137+ * <li><code>Password</code> - <code>string</code> - Optional - The new password for the user name. [Constraints: The value must be between 1 and 128 characters, and must match the following regular expression pattern: <code>[\u0009\u000A\u000D\u0020-\u00FF]+</code>]</li>
10501138 * <li><code>curlopts</code> - <code>array</code> - Optional - A set of values to pass directly into <code>curl_setopt()</code>, where the key is a pre-defined <code>CURLOPT_*</code> constant.</li>
10511139 * <li><code>returnCurlHandle</code> - <code>boolean</code> - Optional - A private toggle specifying that the cURL handle be returned rather than actually completing the request. This toggle is useful for manually managed batch requests.</li></ul>
10521140 * @return CFResponse A <CFResponse> object containing a parsed HTTP response.
10531141 */
1054 - public function update_access_key($access_key_id, $status, $opt = null)
 1142+ public function update_login_profile($user_name, $opt = null)
10551143 {
10561144 if (!$opt) $opt = array();
1057 - $opt['AccessKeyId'] = $access_key_id;
1058 - $opt['Status'] = $status;
 1145+ $opt['UserName'] = $user_name;
10591146
1060 - return $this->authenticate('UpdateAccessKey', $opt, $this->hostname);
 1147+ return $this->authenticate('UpdateLoginProfile', $opt, $this->hostname);
10611148 }
10621149
10631150 /**
 1151+ * Updates the name and/or the path of the specified server certificate.
10641152 *
1065 - * Retrieves account level information about account entity usage and IAM quotas.
 1153+ * <p class="important">
 1154+ * You should understand the implications of changing a server certificate's path or name. For
 1155+ * more information, see <a href=
 1156+ * "http://docs.amazonwebservices.com/IAM/latest/UserGuide/ManagingServerCerts.html" target=
 1157+ * "_blank">Managing Server Certificates</a> in <em>Using AWS Identity and Access Management</em>.
 1158+ * </p>
 1159+ * <p class="note">
 1160+ * To change a server certificate name the requester must have appropriate permissions on both the
 1161+ * source object and the target object. For example, to change the name from ProductionCert to
 1162+ * ProdCert, the entity making the request must have permission on ProductionCert and ProdCert, or
 1163+ * must have permission on all (*). For more information about permissions, see <a href=
 1164+ * "http://docs.amazonwebservices.com/IAM/latest/UserGuide/PermissionsAndPolicies.html" target=
 1165+ * "blank">Permissions and Policies</a>.
 1166+ * </p>
10661167 *
1067 - * For information about limitations on IAM entities, see <a
1068 - * href="http://docs.amazonwebservices.com/IAM/latest/UserGuide/index.html?LimitationsOnEntities.html">Limitations on IAM Entities</a> in
1069 - * <i>Using AWS Identity and Access Management</i>.
1070 - *
 1168+ * @param string $server_certificate_name (Required) The name of the server certificate that you want to update. [Constraints: The value must be between 1 and 128 characters, and must match the following regular expression pattern: <code>[\w+=,.@-]*</code>]
10711169 * @param array $opt (Optional) An associative array of parameters that can have the following keys: <ul>
 1170+ * <li><code>NewPath</code> - <code>string</code> - Optional - The new path for the server certificate. Include this only if you are updating the server certificate's path. [Constraints: The value must be between 1 and 512 characters, and must match the following regular expression pattern: <code>(\u002F)|(\u002F[\u0021-\u007F]+\u002F)</code>]</li>
 1171+ * <li><code>NewServerCertificateName</code> - <code>string</code> - Optional - The new name for the server certificate. Include this only if you are updating the server certificate's name. [Constraints: The value must be between 1 and 128 characters, and must match the following regular expression pattern: <code>[\w+=,.@-]*</code>]</li>
10721172 * <li><code>curlopts</code> - <code>array</code> - Optional - A set of values to pass directly into <code>curl_setopt()</code>, where the key is a pre-defined <code>CURLOPT_*</code> constant.</li>
10731173 * <li><code>returnCurlHandle</code> - <code>boolean</code> - Optional - A private toggle specifying that the cURL handle be returned rather than actually completing the request. This toggle is useful for manually managed batch requests.</li></ul>
10741174 * @return CFResponse A <CFResponse> object containing a parsed HTTP response.
10751175 */
1076 - public function get_account_summary($opt = null)
 1176+ public function update_server_certificate($server_certificate_name, $opt = null)
10771177 {
10781178 if (!$opt) $opt = array();
 1179+ $opt['ServerCertificateName'] = $server_certificate_name;
10791180
1080 - return $this->authenticate('GetAccountSummary', $opt, $this->hostname);
 1181+ return $this->authenticate('UpdateServerCertificate', $opt, $this->hostname);
10811182 }
10821183
10831184 /**
 1185+ * Changes the status of the specified signing certificate from active to disabled, or vice versa.
 1186+ * This action can be used to disable a user's signing certificate as part of a certificate
 1187+ * rotation work flow.
10841188 *
1085 - * Adds the specified User to the specified group.
 1189+ * If the <code>UserName</code> field is not specified, the UserName is determined implicitly
 1190+ * based on the AWS Access Key ID used to sign the request. Because this action works for access
 1191+ * keys under the AWS account, this API can be used to manage root credentials even if the AWS
 1192+ * account has no associated users.
10861193 *
1087 - * @param string $group_name (Required) Name of the group to update.
1088 - * @param string $user_name (Required) Name of the User to add.
 1194+ * For information about rotating certificates, see <a href=
 1195+ * "http://docs.amazonwebservices.com/IAM/latest/UserGuide/index.html?ManagingCredentials.html"
 1196+ * target="_blank">Managing Keys and Certificates</a> in <em>Using AWS Identity and Access
 1197+ * Management</em>.
 1198+ *
 1199+ * @param string $certificate_id (Required) The ID of the signing certificate you want to update. [Constraints: The value must be between 24 and 128 characters, and must match the following regular expression pattern: <code>[\w]*</code>]
 1200+ * @param string $status (Required) The status you want to assign to the certificate. <code>Active</code> means the certificate can be used for API calls to AWS, while <code>Inactive</code> means the certificate cannot be used. [Allowed values: <code>Active</code>, <code>Inactive</code>]
10891201 * @param array $opt (Optional) An associative array of parameters that can have the following keys: <ul>
 1202+ * <li><code>UserName</code> - <code>string</code> - Optional - Name of the user the signing certificate belongs to. [Constraints: The value must be between 1 and 64 characters, and must match the following regular expression pattern: <code>[\w+=,.@-]*</code>]</li>
10901203 * <li><code>curlopts</code> - <code>array</code> - Optional - A set of values to pass directly into <code>curl_setopt()</code>, where the key is a pre-defined <code>CURLOPT_*</code> constant.</li>
10911204 * <li><code>returnCurlHandle</code> - <code>boolean</code> - Optional - A private toggle specifying that the cURL handle be returned rather than actually completing the request. This toggle is useful for manually managed batch requests.</li></ul>
10921205 * @return CFResponse A <CFResponse> object containing a parsed HTTP response.
10931206 */
1094 - public function add_user_to_group($group_name, $user_name, $opt = null)
 1207+ public function update_signing_certificate($certificate_id, $status, $opt = null)
10951208 {
10961209 if (!$opt) $opt = array();
1097 - $opt['GroupName'] = $group_name;
1098 - $opt['UserName'] = $user_name;
 1210+ $opt['CertificateId'] = $certificate_id;
 1211+ $opt['Status'] = $status;
10991212
1100 - return $this->authenticate('AddUserToGroup', $opt, $this->hostname);
 1213+ return $this->authenticate('UpdateSigningCertificate', $opt, $this->hostname);
11011214 }
11021215
11031216 /**
 1217+ * Updates the name and/or the path of the specified user.
11041218 *
1105 - * Returns a list of Users that are in the specified group. You can paginate the results using the <code>MaxItems</code> and
1106 - * <code>Marker</code> parameters.
 1219+ * <p class="important">
 1220+ * You should understand the implications of changing a user's path or name. For more information,
 1221+ * see <a href=
 1222+ * "http://docs.amazonwebservices.com/IAM/latest/UserGuide/index.html?Using_Renaming.html" target=
 1223+ * "_blank">Renaming Users and Groups</a> in <em>Using AWS Identity and Access Management</em>.
 1224+ * </p>
 1225+ * <p class="note">
 1226+ * To change a user name the requester must have appropriate permissions on both the source object
 1227+ * and the target object. For example, to change Bob to Robert, the entity making the request must
 1228+ * have permission on Bob and Robert, or must have permission on all (*). For more information
 1229+ * about permissions, see <a href=
 1230+ * "http://docs.amazonwebservices.com/IAM/latest/UserGuide/PermissionsAndPolicies.html" target=
 1231+ * "blank">Permissions and Policies</a>.
 1232+ * </p>
11071233 *
1108 - * @param string $group_name (Required) Name of the group.
 1234+ * @param string $user_name (Required) Name of the user to update. If you're changing the name of the user, this is the original user name. [Constraints: The value must be between 1 and 64 characters, and must match the following regular expression pattern: <code>[\w+=,.@-]*</code>]
11091235 * @param array $opt (Optional) An associative array of parameters that can have the following keys: <ul>
1110 - * <li><code>Marker</code> - <code>string</code> - Optional - Use this only when paginating results, and only in a subsequent request after you've received a response where the results are truncated. Set it to the value of the <code>Marker</code> element in the response you just received. </li>
1111 - * <li><code>MaxItems</code> - <code>integer</code> - Optional - Use this only when paginating results to indicate the maximum number of User names you want in the response. If there are additional User names beyond the maximum you specify, the <code>IsTruncated</code> response element is <code>true</code>. </li>
 1236+ * <li><code>NewPath</code> - <code>string</code> - Optional - New path for the user. Include this parameter only if you're changing the user's path. [Constraints: The value must be between 1 and 512 characters, and must match the following regular expression pattern: <code>(\u002F)|(\u002F[\u0021-\u007F]+\u002F)</code>]</li>
 1237+ * <li><code>NewUserName</code> - <code>string</code> - Optional - New name for the user. Include this parameter only if you're changing the user's name. [Constraints: The value must be between 1 and 64 characters, and must match the following regular expression pattern: <code>[\w+=,.@-]*</code>]</li>
11121238 * <li><code>curlopts</code> - <code>array</code> - Optional - A set of values to pass directly into <code>curl_setopt()</code>, where the key is a pre-defined <code>CURLOPT_*</code> constant.</li>
11131239 * <li><code>returnCurlHandle</code> - <code>boolean</code> - Optional - A private toggle specifying that the cURL handle be returned rather than actually completing the request. This toggle is useful for manually managed batch requests.</li></ul>
11141240 * @return CFResponse A <CFResponse> object containing a parsed HTTP response.
11151241 */
1116 - public function get_group($group_name, $opt = null)
 1242+ public function update_user($user_name, $opt = null)
11171243 {
11181244 if (!$opt) $opt = array();
1119 - $opt['GroupName'] = $group_name;
 1245+ $opt['UserName'] = $user_name;
11201246
1121 - return $this->authenticate('GetGroup', $opt, $this->hostname);
 1247+ return $this->authenticate('UpdateUser', $opt, $this->hostname);
11221248 }
11231249
11241250 /**
 1251+ * Uploads a server certificate entity for the AWS account. The server certificate entity includes
 1252+ * a public key certificate, a private key, and an optional certificate chain, which should all be
 1253+ * PEM-encoded.
11251254 *
1126 - * Lists the account aliases associated with the account. For information about using an AWS Account alias, see <a
1127 - * href="http://docs.amazonwebservices.com/IAM/latest/UserGuide/AccountAlias.html">Using an Alias for Your AWS Account ID</a> in <i>Using AWS
1128 - * Identity and Access Management</i>.
 1255+ * For information about the number of server certificates you can upload, see <a href=
 1256+ * "http://docs.amazonwebservices.com/IAM/latest/UserGuide/index.html?LimitationsOnEntities.html"
 1257+ * target="_blank">Limitations on IAM Entities</a> in <em>Using AWS Identity and Access
 1258+ * Management</em>.
11291259 *
1130 - * You can paginate the results using the <code>MaxItems</code> and <code>Marker</code> parameters.
 1260+ * <p class="note">
 1261+ * Because the body of the public key certificate, private key, and the certificate chain can be
 1262+ * large, you should use POST rather than GET when calling <code>UploadServerCertificate</code>.
 1263+ * For more information, see <a href=
 1264+ * "http://docs.amazonwebservices.com/IAM/latest/UserGuide/IAM_UsingQueryAPI.html" target=
 1265+ * "_blank">Making Query Requests</a> in <em>Using AWS Identity and Access Management</em>.
 1266+ * </p>
11311267 *
 1268+ * @param string $server_certificate_name (Required) The name for the server certificate. Do not include the path in this value. [Constraints: The value must be between 1 and 128 characters, and must match the following regular expression pattern: <code>[\w+=,.@-]*</code>]
 1269+ * @param string $certificate_body (Required) The contents of the public key certificate in PEM-encoded format. [Constraints: The value must be between 1 and 16384 characters, and must match the following regular expression pattern: <code>[\u0009\u000A\u000D\u0020-\u00FF]+</code>]
 1270+ * @param string $private_key (Required) The contents of the private key in PEM-encoded format. [Constraints: The value must be between 1 and 16384 characters, and must match the following regular expression pattern: <code>[\u0009\u000A\u000D\u0020-\u00FF]*</code>]
11321271 * @param array $opt (Optional) An associative array of parameters that can have the following keys: <ul>
1133 - * <li><code>Marker</code> - <code>string</code> - Optional - Use this only when paginating results, and only in a subsequent request after you've received a response where the results are truncated. Set it to the value of the <code>Marker</code> element in the response you just received. </li>
1134 - * <li><code>MaxItems</code> - <code>integer</code> - Optional - Use this only when paginating results to indicate the maximum number of account aliases you want in the response. If there are additional account aliases beyond the maximum you specify, the <code>IsTruncated</code> response element is <code>true</code>. </li>
 1272+ * <li><code>Path</code> - <code>string</code> - Optional - The path for the server certificate. For more information about paths, see <a href="http://docs.amazonwebservices.com/IAM/latest/UserGuide/index.html?Using_Identifiers.html" target="_blank">Identifiers for IAM Entities</a> in <em>Using AWS Identity and Access Management</em>. This parameter is optional. If it is not included, it defaults to a slash (/). [Constraints: The value must be between 1 and 512 characters, and must match the following regular expression pattern: <code>(\u002F)|(\u002F[\u0021-\u007F]+\u002F)</code>]</li>
 1273+ * <li><code>CertificateChain</code> - <code>string</code> - Optional - The contents of the certificate chain. This is typically a concatenation of the PEM-encoded public key certificates of the chain. [Constraints: The value must be between 1 and 2097152 characters, and must match the following regular expression pattern: <code>[\u0009\u000A\u000D\u0020-\u00FF]*</code>]</li>
11351274 * <li><code>curlopts</code> - <code>array</code> - Optional - A set of values to pass directly into <code>curl_setopt()</code>, where the key is a pre-defined <code>CURLOPT_*</code> constant.</li>
11361275 * <li><code>returnCurlHandle</code> - <code>boolean</code> - Optional - A private toggle specifying that the cURL handle be returned rather than actually completing the request. This toggle is useful for manually managed batch requests.</li></ul>
11371276 * @return CFResponse A <CFResponse> object containing a parsed HTTP response.
11381277 */
1139 - public function list_account_aliases($opt = null)
 1278+ public function upload_server_certificate($server_certificate_name, $certificate_body, $private_key, $opt = null)
11401279 {
11411280 if (!$opt) $opt = array();
 1281+ $opt['ServerCertificateName'] = $server_certificate_name;
 1282+ $opt['CertificateBody'] = $certificate_body;
 1283+ $opt['PrivateKey'] = $private_key;
11421284
1143 - return $this->authenticate('ListAccountAliases', $opt, $this->hostname);
 1285+ return $this->authenticate('UploadServerCertificate', $opt, $this->hostname);
11441286 }
11451287
11461288 /**
 1289+ * Uploads an X.509 signing certificate and associates it with the specified user. Some AWS
 1290+ * services use X.509 signing certificates to validate requests that are signed with a
 1291+ * corresponding private key. When you upload the certificate, its default status is
 1292+ * <code>Active</code>.
11471293 *
1148 - * Deletes the specified group. The group must not contain any Users or have any attached policies.
 1294+ * If the <code>UserName</code> field is not specified, the user name is determined implicitly
 1295+ * based on the AWS Access Key ID used to sign the request. Because this action works for access
 1296+ * keys under the AWS account, this API can be used to manage root credentials even if the AWS
 1297+ * account has no associated users.
11491298 *
1150 - * @param string $group_name (Required) Name of the group to delete.
 1299+ * <p class="note">
 1300+ * Because the body of a X.509 certificate can be large, you should use POST rather than GET when
 1301+ * calling <code>UploadSigningCertificate</code>. For more information, see <a href=
 1302+ * "http://docs.amazonwebservices.com/IAM/latest/UserGuide/index.html?IAM_UsingQueryAPI.html"
 1303+ * target="_blank">Making Query Requests</a> in <em>Using AWS Identity and Access Management</em>.
 1304+ * </p>
 1305+ *
 1306+ * @param string $certificate_body (Required) The contents of the signing certificate. [Constraints: The value must be between 1 and 16384 characters, and must match the following regular expression pattern: <code>[\u0009\u000A\u000D\u0020-\u00FF]+</code>]
11511307 * @param array $opt (Optional) An associative array of parameters that can have the following keys: <ul>
 1308+ * <li><code>UserName</code> - <code>string</code> - Optional - Name of the user the signing certificate is for. [Constraints: The value must be between 1 and 64 characters, and must match the following regular expression pattern: <code>[\w+=,.@-]*</code>]</li>
11521309 * <li><code>curlopts</code> - <code>array</code> - Optional - A set of values to pass directly into <code>curl_setopt()</code>, where the key is a pre-defined <code>CURLOPT_*</code> constant.</li>
11531310 * <li><code>returnCurlHandle</code> - <code>boolean</code> - Optional - A private toggle specifying that the cURL handle be returned rather than actually completing the request. This toggle is useful for manually managed batch requests.</li></ul>
11541311 * @return CFResponse A <CFResponse> object containing a parsed HTTP response.
11551312 */
1156 - public function delete_group($group_name, $opt = null)
 1313+ public function upload_signing_certificate($certificate_body, $opt = null)
11571314 {
11581315 if (!$opt) $opt = array();
1159 - $opt['GroupName'] = $group_name;
 1316+ $opt['CertificateBody'] = $certificate_body;
11601317
1161 - return $this->authenticate('DeleteGroup', $opt, $this->hostname);
 1318+ return $this->authenticate('UploadSigningCertificate', $opt, $this->hostname);
11621319 }
11631320 }
11641321
@@ -1165,7 +1322,4 @@
11661323 /*%******************************************************************************************%*/
11671324 // EXCEPTIONS
11681325
1169 -/**
1170 - * Default IAM Exception.
1171 - */
1172 -class IAM_Exception extends Exception {}
\ No newline at end of file
 1326+class IAM_Exception extends Exception {}

Status & tagging log