paws.security.identity package

accessanalyzer

Access Analyzer

accessanalyzer_create_archive_rule

Creates an archive rule for the specified analyzer

accessanalyzer_delete_analyzer

Deletes the specified analyzer

accessanalyzer_check_no_public_access

Checks whether a resource policy can grant public access to the specified resource type

accessanalyzer_create_analyzer

Creates an analyzer for your account

accessanalyzer_create_access_preview

Creates an access preview that allows you to preview IAM Access Analyzer findings for your resource before deploying resource permissions

accessanalyzer_cancel_policy_generation

Cancels the requested policy generation

accessanalyzer_apply_archive_rule

Retroactively applies the archive rule to existing findings that meet the archive rule criteria

accessanalyzer_check_no_new_access

Checks whether new access is allowed for an updated policy when compared to the existing policy

accessanalyzer_check_access_not_granted

Checks whether the specified access isn't allowed by a policy

accessanalyzer_delete_archive_rule

Deletes the specified archive rule

accessanalyzer_get_generated_policy

Retrieves the policy that was generated using StartPolicyGeneration

accessanalyzer_generate_finding_recommendation

Creates a recommendation for an unused permissions finding

accessanalyzer_get_analyzer

Retrieves information about the specified analyzer

accessanalyzer_get_finding_v2

Retrieves information about the specified finding

accessanalyzer_get_finding_recommendation

Retrieves information about a finding recommendation for the specified analyzer

accessanalyzer_get_archive_rule

Retrieves information about an archive rule

accessanalyzer_get_analyzed_resource

Retrieves information about a resource that was analyzed

accessanalyzer_get_finding

Retrieves information about the specified finding

accessanalyzer_get_access_preview

Retrieves information about an access preview for the specified analyzer

accessanalyzer_list_policy_generations

Lists all of the policy generations requested in the last seven days

accessanalyzer_list_archive_rules

Retrieves a list of archive rules created for the specified analyzer

accessanalyzer_list_tags_for_resource

Retrieves a list of tags applied to the specified resource

accessanalyzer_list_findings

Retrieves a list of findings generated by the specified analyzer

accessanalyzer_list_findings_v2

Retrieves a list of findings generated by the specified analyzer

accessanalyzer_list_access_preview_findings

Retrieves a list of access preview findings generated by the specified access preview

accessanalyzer_list_analyzed_resources

Retrieves a list of resources of the specified type that have been analyzed by the specified external access analyzer

accessanalyzer_list_access_previews

Retrieves a list of access previews for the specified analyzer

accessanalyzer_start_policy_generation

Starts the policy generation request

accessanalyzer_list_analyzers

Retrieves a list of analyzers

account

AWS Account

account_disable_region

Disables (opts-out) a particular Region for an account

account_delete_alternate_contact

Deletes the specified alternate contact from an Amazon Web Services account

accessanalyzer_start_resource_scan

Immediately starts a scan of the policies applied to the specified resource

account_accept_primary_email_update

Accepts the request that originated from StartPrimaryEmailUpdate to update the primary email address (also known as the root user email address) for the specified account

accessanalyzer_update_findings

Updates the status for the specified findings

accessanalyzer_tag_resource

Adds a tag to the specified resource

accessanalyzer_untag_resource

Removes a tag from the specified resource

accessanalyzer_update_archive_rule

Updates the criteria and values for the specified archive rule

accessanalyzer_validate_policy

Requests the validation of a policy and returns a list of findings

account_put_alternate_contact

Modifies the specified alternate contact attached to an Amazon Web Services account

acm

AWS Certificate Manager

account_get_primary_email

Retrieves the primary email address for the specified account

account_get_region_opt_status

Retrieves the opt-in status of a particular Region

account_enable_region

Enables (opts-in) a particular Region for an account

account_get_alternate_contact

Retrieves the specified alternate contact attached to an Amazon Web Services account

account_list_regions

Lists all the Regions for a given account and their respective opt-in statuses

account_get_contact_information

Retrieves the primary contact information of an Amazon Web Services account

account_start_primary_email_update

Starts the process to update the primary email address for the specified account

account_put_contact_information

Updates the primary contact information of an Amazon Web Services account

acm_import_certificate

Imports a certificate into Certificate Manager (ACM) to use with services that are integrated with ACM

acm_list_tags_for_certificate

Lists the tags that have been applied to the ACM certificate

acm_put_account_configuration

Adds or modifies account-level configurations in ACM

acm_export_certificate

Exports a private certificate issued by a private certificate authority (CA) for use anywhere

acm_get_account_configuration

Returns the account configuration options associated with an Amazon Web Services account

acm_get_certificate

Retrieves a certificate and its certificate chain

acm_add_tags_to_certificate

Adds one or more tags to an ACM certificate

acm_describe_certificate

Returns detailed metadata about the specified ACM certificate

acm_delete_certificate

Deletes a certificate and its associated private key

acm_list_certificates

Retrieves a list of certificate ARNs and domain names

acmpca_create_certificate_authority_audit_report

Creates an audit report that lists every time that your CA private key is used

acmpca

AWS Certificate Manager Private Certificate Authority

acm_renew_certificate

Renews an eligible ACM certificate

acmpca_delete_certificate_authority

Deletes a private certificate authority (CA)

acm_remove_tags_from_certificate

Remove one or more tags from an ACM certificate

acm_request_certificate

Requests an ACM certificate for use with other Amazon Web Services services

acmpca_create_certificate_authority

Creates a root or subordinate private certificate authority (CA)

acm_resend_validation_email

Resends the email that requests domain ownership validation

acm_update_certificate_options

Updates a certificate

acmpca_create_permission

Grants one or more permissions on a private CA to the Certificate Manager (ACM) service principal (acm

acmpca_import_certificate_authority_certificate

Imports a signed private CA certificate into Amazon Web Services Private CA

acmpca_get_certificate

Retrieves a certificate from your private CA or one that has been shared with you

acmpca_describe_certificate_authority

Lists information about your private certificate authority (CA) or one that has been shared with you

acmpca_get_certificate_authority_certificate

Retrieves the certificate and certificate chain for your private certificate authority (CA) or one that has been shared with you

acmpca_issue_certificate

Uses your private certificate authority (CA), or one that has been shared with you, to issue a client certificate

acmpca_delete_permission

Revokes permissions on a private CA granted to the Certificate Manager (ACM) service principal (acm

acmpca_get_policy

Retrieves the resource-based policy attached to a private CA

acmpca_get_certificate_authority_csr

Retrieves the certificate signing request (CSR) for your private certificate authority (CA)

acmpca_describe_certificate_authority_audit_report

Lists information about a specific audit report created by calling the CreateCertificateAuthorityAuditReport action

acmpca_delete_policy

Deletes the resource-based policy attached to a private CA

clouddirectory

Amazon CloudDirectory

acmpca_revoke_certificate

Revokes a certificate that was issued inside Amazon Web Services Private CA

acmpca_list_certificate_authorities

Lists the private certificate authorities that you created by using the CreateCertificateAuthority action

acmpca_restore_certificate_authority

Restores a certificate authority (CA) that is in the DELETED state

acmpca_list_tags

Lists the tags, if any, that are associated with your private CA or one that has been shared with you

acmpca_untag_certificate_authority

Remove one or more tags from your private CA

acmpca_put_policy

Attaches a resource-based policy to a private CA

acmpca_update_certificate_authority

Updates the status or configuration of a private certificate authority (CA)

clouddirectory_apply_schema

Copies the input published schema, at the specified version, into the Directory with the same name and version as that of the published schema

acmpca_list_permissions

List all permissions on a private CA, if any, granted to the Certificate Manager (ACM) service principal (acm

acmpca_tag_certificate_authority

Adds one or more tags to your private CA

clouddirectory_attach_object

Attaches an existing object to another object

clouddirectory_attach_policy

Attaches a policy object to a regular object

clouddirectory_add_facet_to_object

Adds a new Facet to an object

clouddirectory_attach_to_index

Attaches the specified object to the specified index

clouddirectory_create_directory

Creates a Directory by copying the published schema into the directory

clouddirectory_attach_typed_link

Attaches a typed link to a specified source and target object

clouddirectory_create_facet

Creates a new Facet in a schema

clouddirectory_delete_directory

Deletes a directory

clouddirectory_create_index

Creates an index object

clouddirectory_create_object

Creates an object in a Directory

clouddirectory_batch_write

Performs all the write operations in a batch

clouddirectory_create_schema

Creates a new schema in a development state

clouddirectory_create_typed_link_facet

Creates a TypedLinkFacet

clouddirectory_delete_typed_link_facet

Deletes a TypedLinkFacet

clouddirectory_batch_read

Performs all the read operations in a batch

clouddirectory_detach_from_index

Detaches the specified object from the specified index

clouddirectory_delete_schema

Deletes a given schema

clouddirectory_get_link_attributes

Retrieves attributes that are associated with a typed link

clouddirectory_delete_object

Deletes an object and its associated attributes

clouddirectory_delete_facet

Deletes a given Facet

clouddirectory_enable_directory

Enables the specified directory

clouddirectory_get_directory

Retrieves metadata about a directory

clouddirectory_get_applied_schema_version

Returns current applied schema version ARN, including the minor version in use

clouddirectory_get_facet

Gets details of the Facet, such as facet name, attributes, Rules, or ObjectType

clouddirectory_detach_object

Detaches a given object from the parent object

clouddirectory_get_object_attributes

Retrieves attributes within a facet that are associated with an object

clouddirectory_disable_directory

Disables the specified directory

clouddirectory_detach_policy

Detaches a policy from an object

clouddirectory_detach_typed_link

Detaches a typed link from a specified source and target object

clouddirectory_list_policy_attachments

Returns all of the ObjectIdentifiers to which a given policy is attached

clouddirectory_list_directories

Lists directories created within an account

clouddirectory_list_applied_schema_arns

Lists schema major versions applied to a directory

clouddirectory_list_development_schema_arns

Retrieves each Amazon Resource Name (ARN) of schemas in the development state

clouddirectory_list_facet_names

Retrieves the names of facets that exist in a schema

clouddirectory_get_schema_as_json

Retrieves a JSON representation of the schema

clouddirectory_get_typed_link_facet_information

Returns the identity attribute order for a specific TypedLinkFacet

clouddirectory_list_facet_attributes

Retrieves attributes attached to the facet

clouddirectory_list_incoming_typed_links

Returns a paginated list of all the incoming TypedLinkSpecifier information for an object

clouddirectory_get_object_information

Retrieves metadata about an object

clouddirectory_list_attached_indices

Lists indices attached to the specified object

clouddirectory_list_object_attributes

Lists all attributes that are associated with an object

clouddirectory_list_typed_link_facet_attributes

Returns a paginated list of all attribute definitions for a particular TypedLinkFacet

clouddirectory_list_index

Lists objects attached to the specified index

clouddirectory_list_outgoing_typed_links

Returns a paginated list of all the outgoing TypedLinkSpecifier information for an object

clouddirectory_list_object_children

Returns a paginated list of child objects that are associated with a given object

clouddirectory_list_object_policies

Returns policies attached to an object in pagination fashion

clouddirectory_put_schema_from_json

Allows a schema to be updated using JSON upload

clouddirectory_list_object_parents

Lists parent objects that are associated with a given object in pagination fashion

clouddirectory_list_object_parent_paths

Retrieves all available parent paths for any object type such as node, leaf node, policy node, and index node objects

clouddirectory_update_facet

Does the following:

clouddirectory_list_typed_link_facet_names

Returns a paginated list of TypedLink facet names for a particular schema

clouddirectory_list_managed_schema_arns

Lists the major version families of each managed schema

clouddirectory_untag_resource

An API operation for removing tags from a resource

clouddirectory_publish_schema

Publishes a development schema with a major version and a recommended minor version

clouddirectory_lookup_policy

Lists all policies from the root of the Directory to the object specified

clouddirectory_list_published_schema_arns

Lists the major version families of each published schema

clouddirectory_list_tags_for_resource

Returns tags for a resource

cloudhsm_add_tags_to_resource

This is documentation for AWS CloudHSM Classic

clouddirectory_update_link_attributes

Updates a given typed link’s attributes

clouddirectory_update_object_attributes

Updates a given object's attributes

clouddirectory_remove_facet_from_object

Removes the specified facet from the specified object

clouddirectory_update_schema

Updates the schema name with a new name

clouddirectory_update_typed_link_facet

Updates a TypedLinkFacet

cloudhsm

Amazon CloudHSM

clouddirectory_upgrade_published_schema

Upgrades a published schema under a new minor version revision using the current contents of DevelopmentSchemaArn

clouddirectory_upgrade_applied_schema

Upgrades a single directory in-place using the PublishedSchemaArn with schema updates found in MinorVersion

cloudhsm_create_hapg

This is documentation for AWS CloudHSM Classic

clouddirectory_tag_resource

An API operation for adding tags to a resource

cloudhsm_delete_hapg

This is documentation for AWS CloudHSM Classic

cloudhsm_list_hsms

This is documentation for AWS CloudHSM Classic

cloudhsm_create_luna_client

This is documentation for AWS CloudHSM Classic

cloudhsm_list_available_zones

This is documentation for AWS CloudHSM Classic

cloudhsm_list_hapgs

This is documentation for AWS CloudHSM Classic

cloudhsm_describe_hapg

This is documentation for AWS CloudHSM Classic

cloudhsm_describe_hsm

This is documentation for AWS CloudHSM Classic

cloudhsm_create_hsm

This is documentation for AWS CloudHSM Classic

cloudhsmv2_create_cluster

Creates a new CloudHSM cluster

cloudhsm_list_tags_for_resource

This is documentation for AWS CloudHSM Classic

cloudhsmv2_copy_backup_to_region

Copy an CloudHSM cluster backup to a different region

cloudhsm_get_config

This is documentation for AWS CloudHSM Classic

cloudhsm_delete_hsm

This is documentation for AWS CloudHSM Classic

cloudhsm_modify_luna_client

This is documentation for AWS CloudHSM Classic

cloudhsmv2_describe_backups

Gets information about backups of CloudHSM clusters

cloudhsmv2_delete_resource_policy

Deletes an CloudHSM resource policy

cloudhsmv2_create_hsm

Creates a new hardware security module (HSM) in the specified CloudHSM cluster

cloudhsm_delete_luna_client

This is documentation for AWS CloudHSM Classic

cloudhsmv2_delete_backup

Deletes a specified CloudHSM backup

cloudhsm_describe_luna_client

This is documentation for AWS CloudHSM Classic

cloudhsm_modify_hapg

This is documentation for AWS CloudHSM Classic

cloudhsm_modify_hsm

This is documentation for AWS CloudHSM Classic

cloudhsmv2

AWS CloudHSM V2

cloudhsmv2_delete_cluster

Deletes the specified CloudHSM cluster

cloudhsm_remove_tags_from_resource

This is documentation for AWS CloudHSM Classic

cloudhsmv2_initialize_cluster

Claims an CloudHSM cluster by submitting the cluster certificate issued by your issuing certificate authority (CA) and the CA's root certificate

cloudhsmv2_delete_hsm

Deletes the specified HSM

cloudhsmv2_list_tags

Gets a list of tags for the specified CloudHSM cluster

cloudhsmv2_modify_cluster

Modifies CloudHSM cluster

cloudhsmv2_modify_backup_attributes

Modifies attributes for CloudHSM backup

cognitoidentity

Amazon Cognito Identity

cognitoidentity_get_open_id_token_for_developer_identity

Registers (or retrieves) a Cognito IdentityId and an OpenID Connect token for a user authenticated by your backend authentication process

cognitoidentity_get_identity_pool_roles

Gets the roles for an identity pool

cognitoidentity_delete_identities

Deletes identities from an identity pool

cognitoidentity_create_identity_pool

Creates a new identity pool

cognitoidentity_get_credentials_for_identity

Returns credentials for the provided identity ID

cognitoidentity_delete_identity_pool

Deletes an identity pool

cognitoidentity_get_id

Generates (or retrieves) a Cognito ID

cloudhsmv2_tag_resource

Adds or overwrites one or more tags for the specified CloudHSM cluster

cloudhsmv2_get_resource_policy

Retrieves the resource policy document attached to a given resource

cloudhsm_list_luna_clients

This is documentation for AWS CloudHSM Classic

cloudhsmv2_describe_clusters

Gets information about CloudHSM clusters

cloudhsmv2_untag_resource

Removes the specified tag or tags from the specified CloudHSM cluster

cognitoidentity_get_principal_tag_attribute_map

Use GetPrincipalTagAttributeMap to list all mappings between PrincipalTags and user attributes

cognitoidentity_get_open_id_token

Gets an OpenID token, using a known Cognito ID

cloudhsmv2_put_resource_policy

Creates or updates an CloudHSM resource policy

cognitoidentity_merge_developer_identities

Merges two users having different IdentityIds, existing in the same identity pool, and identified by the same developer provider

cognitoidentity_list_identities

Lists the identities in an identity pool

cognitoidentity_list_identity_pools

Lists all of the Cognito identity pools registered for your account

cognitoidentity_set_principal_tag_attribute_map

You can use this operation to use default (username and clientID) attribute or custom attribute mappings

cognitoidentity_unlink_identity

Unlinks a federated identity from an existing account

cognitoidentity_unlink_developer_identity

Unlinks a DeveloperUserIdentifier from an existing identity

cognitoidentity_list_tags_for_resource

Lists the tags that are assigned to an Amazon Cognito identity pool

cognitoidentity_set_identity_pool_roles

Sets the roles for an identity pool

cognitoidentity_lookup_developer_identity

Retrieves the IdentityID associated with a DeveloperUserIdentifier or the list of DeveloperUserIdentifier values associated with an IdentityId for an existing identity

cognitoidentity_tag_resource

Assigns a set of tags to the specified Amazon Cognito identity pool

cloudhsmv2_restore_backup

Restores a specified CloudHSM backup that is in the PENDING_DELETION state

cognitoidentity_describe_identity_pool

Gets details about a particular identity pool, including the pool name, ID description, creation date, and current number of users

cognitoidentity_describe_identity

Returns metadata related to the given identity, including when the identity was created and any associated linked logins

cognitoidentity_untag_resource

Removes the specified tags from the specified Amazon Cognito identity pool

cognitoidentityprovider_admin_delete_user

Deletes a user as an administrator

cognitoidentityprovider_admin_confirm_sign_up

This IAM-authenticated API operation confirms user sign-up as an administrator

cognitoidentityprovider_admin_add_user_to_group

Adds a user to a group

cognitoidentityprovider_admin_delete_user_attributes

Deletes the user attributes in a user pool as an administrator

cognitoidentity_update_identity_pool

Updates an identity pool

cognitoidentityprovider_admin_disable_provider_for_user

Prevents the user from signing in with the specified external (SAML or social) identity provider (IdP)

cognitoidentityprovider_admin_create_user

Creates a new user in the specified user pool

cognitoidentityprovider

Amazon Cognito Identity Provider

cognitoidentityprovider_admin_enable_user

Enables the specified user as an administrator

cognitoidentityprovider_add_custom_attributes

Adds additional user attributes to the user pool schema

cognitoidentityprovider_admin_disable_user

Deactivates a user and revokes all access tokens for the user

cognitoidentityprovider_admin_link_provider_for_user

Links an existing user account in a user pool (DestinationUser) to an identity from an external IdP (SourceUser) based on a specified attribute name and value from the external IdP

cognitoidentityprovider_admin_get_device

Gets the device, as an administrator

cognitoidentityprovider_admin_forget_device

Forgets the device, as an administrator

cognitoidentityprovider_admin_get_user

Gets the specified user by user name in a user pool as an administrator

cognitoidentityprovider_admin_reset_user_password

Resets the specified user's password in a user pool as an administrator

cognitoidentityprovider_admin_list_user_auth_events

A history of user activity and any risks detected as part of Amazon Cognito advanced security

cognitoidentityprovider_admin_list_groups_for_user

Lists the groups that a user belongs to

cognitoidentityprovider_admin_remove_user_from_group

Removes the specified user from the specified group

cognitoidentityprovider_admin_list_devices

Lists devices, as an administrator

cognitoidentityprovider_admin_initiate_auth

Initiates the authentication flow, as an administrator

cognitoidentityprovider_admin_set_user_password

Sets the specified user's password in a user pool as an administrator

cognitoidentityprovider_admin_update_auth_event_feedback

Provides feedback for an authentication event indicating if it was from a valid user

cognitoidentityprovider_change_password

Changes the password for a specified user in a user pool

cognitoidentityprovider_admin_respond_to_auth_challenge

Some API operations in a user pool generate a challenge, like a prompt for an MFA code, for device authentication that bypasses MFA, or for a custom authentication challenge

cognitoidentityprovider_admin_user_global_sign_out

Invalidates the identity, access, and refresh tokens that Amazon Cognito issued to a user

cognitoidentityprovider_admin_set_user_mfa_preference

The user's multi-factor authentication (MFA) preference, including which MFA options are activated, and if any are preferred

cognitoidentityprovider_admin_update_device_status

Updates the device status as an administrator

cognitoidentityprovider_admin_set_user_settings

This action is no longer supported

cognitoidentityprovider_admin_update_user_attributes

This action might generate an SMS text message

cognitoidentityprovider_associate_software_token

Begins setup of time-based one-time password (TOTP) multi-factor authentication (MFA) for a user, with a unique private key that Amazon Cognito generates and returns in the API response

cognitoidentityprovider_confirm_device

Confirms tracking of the device

cognitoidentityprovider_create_user_pool_domain

Creates a new domain for a user pool

cognitoidentityprovider_confirm_forgot_password

Allows a user to enter a confirmation code to reset a forgotten password

cognitoidentityprovider_create_user_pool_client

Creates the user pool client

cognitoidentityprovider_create_group

Creates a new group in the specified user pool

cognitoidentityprovider_create_resource_server

Creates a new OAuth2

cognitoidentityprovider_confirm_sign_up

This public API operation provides a code that Amazon Cognito sent to your user when they signed up in your user pool via the SignUp API operation

cognitoidentityprovider_create_identity_provider

Adds a configuration and trust relationship between a third-party identity provider (IdP) and a user pool

cognitoidentityprovider_delete_user_pool_domain

Deletes a domain for a user pool

cognitoidentityprovider_delete_user_pool

Deletes the specified Amazon Cognito user pool

cognitoidentityprovider_delete_user

Allows a user to delete their own user profile

cognitoidentityprovider_delete_group

Deletes a group

cognitoidentityprovider_create_user_pool

This action might generate an SMS text message

cognitoidentityprovider_describe_identity_provider

Gets information about a specific IdP

cognitoidentityprovider_describe_resource_server

Describes a resource server

cognitoidentityprovider_create_user_import_job

Creates a user import job

cognitoidentityprovider_delete_user_pool_client

Allows the developer to delete the user pool client

cognitoidentityprovider_delete_identity_provider

Deletes an IdP for a user pool

cognitoidentityprovider_get_group

Gets a group

cognitoidentityprovider_describe_risk_configuration

Describes the risk configuration

cognitoidentityprovider_delete_user_attributes

Deletes the attributes for a user

cognitoidentityprovider_delete_resource_server

Deletes a resource server

cognitoidentityprovider_describe_user_pool_domain

Gets information about a domain

cognitoidentityprovider_forget_device

Forgets the specified device

cognitoidentityprovider_forgot_password

Calling this API causes a message to be sent to the end user with a confirmation code that is required to change the user's password

cognitoidentityprovider_get_device

Gets the device

cognitoidentityprovider_get_csv_header

Gets the header information for the comma-separated value (CSV) file to be used as input for the user import job

cognitoidentityprovider_describe_user_pool

Returns the configuration information and metadata of the specified user pool

cognitoidentityprovider_describe_user_import_job

Describes the user import job

cognitoidentityprovider_describe_user_pool_client

Client method for returning the configuration information and metadata of the specified user pool app client

cognitoidentityprovider_get_user_pool_mfa_config

Gets the user pool multi-factor authentication (MFA) configuration

cognitoidentityprovider_get_identity_provider_by_identifier

Gets the specified IdP

cognitoidentityprovider_get_ui_customization

Gets the user interface (UI) Customization information for a particular app client's app UI, if any such information exists for the client

cognitoidentityprovider_get_signing_certificate

This method takes a user pool ID, and returns the signing certificate

cognitoidentityprovider_get_log_delivery_configuration

Gets the logging configuration of a user pool

cognitoidentityprovider_get_user

Gets the user attributes and metadata for a user

cognitoidentityprovider_list_devices

Lists the sign-in devices that Amazon Cognito has registered to the current user

cognitoidentityprovider_initiate_auth

Initiates sign-in for a user in the Amazon Cognito user directory

cognitoidentityprovider_get_user_attribute_verification_code

Generates a user attribute verification code for the specified attribute name

cognitoidentityprovider_global_sign_out

Invalidates the identity, access, and refresh tokens that Amazon Cognito issued to a user

cognitoidentityprovider_list_tags_for_resource

Lists the tags that are assigned to an Amazon Cognito user pool

cognitoidentityprovider_list_groups

Lists the groups associated with a user pool

cognitoidentityprovider_resend_confirmation_code

Resends the confirmation (for confirmation of registration) to a specific user in the user pool

cognitoidentityprovider_list_user_pool_clients

Lists the clients that have been created for the specified user pool

cognitoidentityprovider_list_resource_servers

Lists the resource servers for a user pool

cognitoidentityprovider_list_user_pools

Lists the user pools associated with an Amazon Web Services account

cognitoidentityprovider_list_identity_providers

Lists information about all IdPs for a user pool

cognitoidentityprovider_list_users

Lists users and their basic details in a user pool

cognitoidentityprovider_list_user_import_jobs

Lists user import jobs for a user pool

cognitoidentityprovider_list_users_in_group

Lists the users in the specified group

cognitoidentityprovider_set_log_delivery_configuration

Sets up or modifies the logging configuration of a user pool

cognitoidentityprovider_set_user_settings

This action is no longer supported

cognitoidentityprovider_revoke_token

Revokes all of the access tokens generated by, and at the same time as, the specified refresh token

cognitoidentityprovider_set_ui_customization

Sets the user interface (UI) customization information for a user pool's built-in app UI

cognitoidentityprovider_sign_up

Registers the user in the specified user pool and creates a user name, password, and user attributes

cognitoidentityprovider_set_user_mfa_preference

Set the user's multi-factor authentication (MFA) method preference, including which MFA factors are activated and if any are preferred

cognitoidentityprovider_set_user_pool_mfa_config

Sets the user pool multi-factor authentication (MFA) configuration

cognitoidentityprovider_respond_to_auth_challenge

Some API operations in a user pool generate a challenge, like a prompt for an MFA code, for device authentication that bypasses MFA, or for a custom authentication challenge

cognitoidentityprovider_start_user_import_job

Starts the user import

cognitoidentityprovider_set_risk_configuration

Configures actions on detected risks

cognitoidentityprovider_update_resource_server

Updates the name and scopes of resource server

cognitoidentityprovider_tag_resource

Assigns a set of tags to an Amazon Cognito user pool

cognitoidentityprovider_untag_resource

Removes the specified tags from an Amazon Cognito user pool

cognitoidentityprovider_update_identity_provider

Updates IdP information for a user pool

cognitoidentityprovider_update_user_attributes

With this operation, your users can update one or more of their attributes with their own credentials

cognitoidentityprovider_update_auth_event_feedback

Provides the feedback for an authentication event, whether it was from a valid user or not

cognitoidentityprovider_update_device_status

Updates the device status

cognitosync

Amazon Cognito Sync

cognitoidentityprovider_update_user_pool

This action might generate an SMS text message

cognitoidentityprovider_stop_user_import_job

Stops the user import job

cognitoidentityprovider_update_group

Updates the specified group with the specified attributes

cognitoidentityprovider_verify_software_token

Use this API to register a user's entered time-based one-time password (TOTP) code and mark the user's software token MFA status as "verified" if successful

cognitosync_delete_dataset

Deletes the specific dataset

cognitosync_register_device

Registers a device to receive push sync notifications

cognitoidentityprovider_verify_user_attribute

Verifies the specified user attributes in the user pool

cognitosync_describe_dataset

Gets meta data about a dataset by identity and dataset name

cognitosync_describe_identity_usage

Gets usage information for an identity, including number of datasets and data usage

cognitosync_describe_identity_pool_usage

Gets usage details (for example, data storage) about a particular identity pool

cognitosync_bulk_publish

Initiates a bulk publish of all existing datasets for an Identity Pool to the configured stream

cognitosync_set_identity_pool_configuration

Sets the necessary configuration for push sync

cognitosync_list_identity_pool_usage

Gets a list of identity pools registered with Cognito

cognitosync_subscribe_to_dataset

Subscribes to receive notifications when a dataset is modified by another device

cognitosync_list_records

Gets paginated records, optionally changed after a particular sync count for a dataset and identity

cognitoidentityprovider_update_user_pool_domain

Updates the Secure Sockets Layer (SSL) certificate for the custom domain for your user pool

cognitosync_set_cognito_events

Sets the AWS Lambda function for a given event type for an identity pool

cognitosync_get_bulk_publish_details

Get the status of the last BulkPublish operation for an identity pool

cognitosync_get_cognito_events

Gets the events and the corresponding Lambda functions associated with an identity pool

cognitoidentityprovider_update_user_pool_client

Updates the specified user pool app client with the specified attributes

cognitosync_get_identity_pool_configuration

Gets the configuration settings of an identity pool

detective_batch_get_graph_member_datasources

Gets data source package information for the behavior graph

cognitosync_list_datasets

Lists datasets for an identity

detective

Amazon Detective

detective_batch_get_membership_datasources

Gets information on the data source package history for an account

detective_accept_invitation

Accepts an invitation for the member account to contribute data to a behavior graph

detective_create_graph

Creates a new behavior graph for the calling account, and sets that account as the administrator account

cognitosync_unsubscribe_from_dataset

Unsubscribes from receiving notifications when a dataset is modified by another device

detective_delete_graph

Disables the specified behavior graph and queues it to be deleted

cognitosync_update_records

Posts updates to records and adds and deletes records for a dataset and user

detective_get_investigation

Detective investigations lets you investigate IAM users and IAM roles using indicators of compromise

detective_describe_organization_configuration

Returns information about the configuration for the organization behavior graph

detective_disable_organization_admin_account

Removes the Detective administrator account in the current Region

detective_create_members

CreateMembers is used to send invitations to accounts

detective_get_members

Returns the membership details for specified member accounts for a behavior graph

detective_start_monitoring_member

Sends a request to enable data ingest for a member account that has a status of ACCEPTED_BUT_DISABLED

detective_list_graphs

Returns the list of behavior graphs that the calling account is an administrator account of

detective_start_investigation

Detective investigations lets you investigate IAM users and IAM roles using indicators of compromise

detective_delete_members

Removes the specified member accounts from the behavior graph

detective_list_members

Retrieves the list of member accounts for a behavior graph

detective_list_investigations

Detective investigations lets you investigate IAM users and IAM roles using indicators of compromise

detective_list_datasource_packages

Lists data source packages in the behavior graph

detective_list_invitations

Retrieves the list of open and accepted behavior graph invitations for the member account

detective_reject_invitation

Rejects an invitation to contribute the account data to a behavior graph

detective_disassociate_membership

Removes the member account from the specified behavior graph

detective_list_indicators

Gets the indicators from an investigation

detective_untag_resource

Removes tags from a behavior graph

detective_list_tags_for_resource

Returns the tag values that are assigned to a behavior graph

detective_update_datasource_packages

Starts a data source packages for the behavior graph

detective_tag_resource

Applies tag values to a behavior graph

detective_list_organization_admin_accounts

Returns information about the Detective administrator account for an organization

detective_enable_organization_admin_account

Designates the Detective administrator account for the organization in the current Region

directoryservice_add_tags_to_resource

Adds or overwrites one or more tags for the specified directory

directoryservice_cancel_schema_extension

Cancels an in-progress schema extension to a Microsoft AD directory

directoryservice

AWS Directory Service

directoryservice_accept_shared_directory

Accepts a directory sharing request that was sent from the directory owner account

directoryservice_create_alias

Creates an alias for a directory and assigns the alias to the directory

directoryservice_connect_directory

Creates an AD Connector to connect to a self-managed directory

detective_update_investigation_state

Updates the state of an investigation

directoryservice_create_snapshot

Creates a snapshot of a Simple AD or Microsoft AD directory in the Amazon Web Services cloud

directoryservice_add_region

Adds two domain controllers in the specified Region for the specified directory

directoryservice_create_log_subscription

Creates a subscription to forward real-time Directory Service domain controller security logs to the specified Amazon CloudWatch log group in your Amazon Web Services account

directoryservice_create_microsoft_ad

Creates a Microsoft AD directory in the Amazon Web Services Cloud

directoryservice_create_directory

Creates a Simple AD directory

directoryservice_create_trust

Directory Service for Microsoft Active Directory allows you to configure trust relationships

directoryservice_add_ip_routes

If the DNS server for your self-managed domain uses a publicly addressable IP address, you must add a CIDR address block to correctly route traffic to and from your Microsoft AD on Amazon Web Services

directoryservice_delete_log_subscription

Deletes the specified log subscription

directoryservice_delete_directory

Deletes an Directory Service directory

detective_update_organization_configuration

Updates the configuration for the Organizations integration in the current Region

directoryservice_delete_conditional_forwarder

Deletes a conditional forwarder that has been set up for your Amazon Web Services directory

directoryservice_create_conditional_forwarder

Creates a conditional forwarder associated with your Amazon Web Services directory

directoryservice_delete_trust

Deletes an existing trust relationship between your Managed Microsoft AD directory and an external domain

directoryservice_deregister_event_topic

Removes the specified directory as a publisher to the specified Amazon SNS topic

directoryservice_delete_snapshot

Deletes a directory snapshot

directoryservice_deregister_certificate

Deletes from the system the certificate that was registered for secure LDAP or client certificate authentication

directoryservice_describe_settings

Retrieves information about the configurable settings for the specified directory

directoryservice_describe_event_topics

Obtains information about which Amazon SNS topics receive status messages from the specified directory

directoryservice_describe_shared_directories

Returns the shared directories in your account

directoryservice_describe_domain_controllers

Provides information about any domain controllers in your directory

directoryservice_create_computer

Creates an Active Directory computer object in the specified directory

directoryservice_list_ip_routes

Lists the address blocks that you have added to a directory

directoryservice_describe_client_authentication_settings

Retrieves information about the type of client authentication for the specified directory, if the type is specified

directoryservice_list_certificates

For the specified directory, lists all the certificates registered for a secure LDAP or client certificate authentication

directoryservice_disable_ldaps

Deactivates LDAP secure calls for the specified directory

directoryservice_disable_radius

Disables multi-factor authentication (MFA) with the Remote Authentication Dial In User Service (RADIUS) server for an AD Connector or Microsoft AD directory

directoryservice_describe_certificate

Displays information about the certificate registered for secure LDAP or client certificate authentication

directoryservice_get_snapshot_limits

Obtains the manual snapshot limits for a directory

directoryservice_describe_directories

Obtains information about the directories that belong to this account

directoryservice_enable_radius

Enables multi-factor authentication (MFA) with the Remote Authentication Dial In User Service (RADIUS) server for an AD Connector or Microsoft AD directory

directoryservice_describe_conditional_forwarders

Obtains information about the conditional forwarders for this account

directoryservice_enable_ldaps

Activates the switch for the specific directory to always use LDAP secure calls

directoryservice_list_log_subscriptions

Lists the active log subscriptions for the Amazon Web Services account

directoryservice_disable_client_authentication

Disables alternative client authentication methods for the specified directory

directoryservice_describe_trusts

Obtains information about the trust relationships for this account

directoryservice_list_tags_for_resource

Lists all tags on a directory

directoryservice_describe_regions

Provides information about the Regions that are configured for multi-Region replication

directoryservice_reject_shared_directory

Rejects a directory sharing request that was sent from the directory owner account

directoryservice_register_certificate

Registers a certificate for a secure LDAP or client certificate authentication

directoryservice_list_schema_extensions

Lists all schema extensions applied to a Microsoft AD Directory

directoryservice_describe_update_directory

Describes the updates of a directory for a particular update type

directoryservice_remove_tags_from_resource

Removes tags from a directory

directoryservice_remove_ip_routes

Removes IP address blocks from a directory

directoryservice_disable_sso

Disables single-sign on for a directory

directoryservice_describe_ldaps_settings

Describes the status of LDAP security for the specified directory

directoryservice_remove_region

Stops all replication and removes the domain controllers from the specified Region

directoryservice_describe_snapshots

Obtains information about the directory snapshots that belong to this account

directoryservice_enable_client_authentication

Enables alternative client authentication methods for the specified directory

directoryservice_unshare_directory

Stops the directory sharing between the directory owner and consumer accounts

directoryservice_reset_user_password

Resets the password for any user in your Managed Microsoft AD or Simple AD directory

directoryservice_update_directory_setup

Updates the directory for a particular update type

directoryservice_update_number_of_domain_controllers

Adds or removes domain controllers to or from the directory

directoryservice_restore_from_snapshot

Restores a directory using an existing directory snapshot

directoryservice_update_conditional_forwarder

Updates a conditional forwarder that has been set up for your Amazon Web Services directory

fms_get_admin_scope

Returns information about the specified account's administrative scope

directoryservice_verify_trust

Directory Service for Microsoft Active Directory allows you to configure and verify trust relationships

directoryservice_share_directory

Shares a specified directory (DirectoryId) in your Amazon Web Services account (directory owner) with another Amazon Web Services account (directory consumer)

fms_associate_third_party_firewall

Sets the Firewall Manager policy administrator as a tenant administrator of a third-party firewall service

fms_delete_protocols_list

Permanently deletes an Firewall Manager protocols list

fms_delete_resource_set

Deletes the specified ResourceSet

directoryservice_update_trust

Updates the trust that has been set up between your Managed Microsoft AD directory and an self-managed Active Directory

directoryservice_enable_sso

Enables single sign-on for a directory

directoryservice_register_event_topic

Associates a directory with an Amazon SNS topic

directoryservice_get_directory_limits

Obtains directory limit information for the current Region

fms

Firewall Management Service

fms_get_apps_list

Returns information about the specified Firewall Manager applications list

fms_get_admin_account

Returns the Organizations account that is associated with Firewall Manager as the Firewall Manager default administrator

fms_batch_associate_resource

Associate resources to a Firewall Manager resource set

fms_get_compliance_detail

Returns detailed compliance information about the specified member account

fms_get_protection_status

If you created a Shield Advanced policy, returns policy-level attack summary information in the event of a potential DDoS attack

fms_get_protocols_list

Returns information about the specified Firewall Manager protocols list

fms_list_member_accounts

Returns a MemberAccounts object that lists the member accounts in the administrator's Amazon Web Services organization

directoryservice_start_schema_extension

Applies a schema extension to a Microsoft AD directory

fms_associate_admin_account

Sets a Firewall Manager default administrator account

fms_put_policy

Creates an Firewall Manager policy

fms_get_policy

Returns information about the specified Firewall Manager policy

fms_delete_notification_channel

Deletes an Firewall Manager association with the IAM role and the Amazon Simple Notification Service (SNS) topic that is used to record Firewall Manager SNS logs

fms_get_resource_set

Gets information about a specific resource set

fms_list_policies

Returns an array of PolicySummary objects

fms_delete_policy

Permanently deletes an Firewall Manager policy

fms_list_admins_managing_account

Lists the accounts that are managing the specified Organizations member account

fms_put_protocols_list

Creates an Firewall Manager protocols list

fms_get_notification_channel

Information about the Amazon Simple Notification Service (SNS) topic that is used to record Firewall Manager SNS logs

fms_list_resource_sets

Returns an array of ResourceSetSummary objects

fms_list_tags_for_resource

Retrieves the list of tags for the specified Amazon Web Services resource

fms_list_apps_lists

Returns an array of AppsListDataSummary objects

fms_list_protocols_lists

Returns an array of ProtocolsListDataSummary objects

fms_list_admin_accounts_for_organization

Returns a AdminAccounts object that lists the Firewall Manager administrators within the organization that are onboarded to Firewall Manager by AssociateAdminAccount

fms_list_resource_set_resources

Returns an array of resources that are currently associated to a resource set

fms_get_violation_details

Retrieves violations for a resource based on the specified Firewall Manager policy and Amazon Web Services account

directoryservice_update_radius

Updates the Remote Authentication Dial In User Service (RADIUS) server information for an AD Connector or Microsoft AD directory

fms_disassociate_admin_account

Disassociates an Firewall Manager administrator account

fms_delete_apps_list

Permanently deletes an Firewall Manager applications list

directoryservice_update_settings

Updates the configurable settings for the specified directory

fms_batch_disassociate_resource

Disassociates resources from a Firewall Manager resource set

fms_list_compliance_status

Returns an array of PolicyComplianceStatus objects

fms_list_discovered_resources

Returns an array of resources in the organization's accounts that are available to be associated with a resource set

fms_put_apps_list

Creates an Firewall Manager applications list

fms_get_third_party_firewall_association_status

The onboarding status of a Firewall Manager admin account to third-party firewall vendor tenant

guardduty_create_ip_set

Creates a new IPSet, which is called a trusted IP list in the console user interface

guardduty_create_filter

Creates a filter using the specified finding criteria

fms_put_resource_set

Creates the resource set

fms_tag_resource

Adds one or more tags to an Amazon Web Services resource

guardduty_create_detector

Creates a single GuardDuty detector

guardduty_accept_invitation

Accepts the invitation to be monitored by a GuardDuty administrator account

fms_put_notification_channel

Designates the IAM role and Amazon Simple Notification Service (SNS) topic that Firewall Manager uses to record SNS logs

guardduty_archive_findings

Archives GuardDuty findings that are specified by the list of finding IDs

guardduty_create_threat_intel_set

Creates a new ThreatIntelSet

guardduty_delete_detector

Deletes an Amazon GuardDuty detector that is specified by the detector ID

guardduty_accept_administrator_invitation

Accepts the invitation to be a member account and get monitored by a GuardDuty administrator account that sent the invitation

guardduty_delete_invitations

Deletes invitations sent to the current member account by Amazon Web Services accounts specified by their account IDs

guardduty_delete_ip_set

Deletes the IPSet specified by the ipSetId

guardduty_delete_filter

Deletes the filter specified by the filter name

fms_put_admin_account

Creates or updates an Firewall Manager administrator account

fms_disassociate_third_party_firewall

Disassociates a Firewall Manager policy administrator from a third-party firewall tenant

guardduty_create_malware_protection_plan

Creates a new Malware Protection plan for the protected resource

fms_list_third_party_firewall_firewall_policies

Retrieves a list of all of the third-party firewall policies that are associated with the third-party firewall administrator's account

fms_untag_resource

Removes one or more tags from an Amazon Web Services resource

guardduty_disassociate_from_administrator_account

Disassociates the current GuardDuty member account from its administrator account

guardduty_create_members

Creates member accounts of the current Amazon Web Services account by specifying a list of Amazon Web Services account IDs

guardduty

Amazon GuardDuty

guardduty_describe_malware_scans

Returns a list of malware scans

guardduty_get_threat_intel_set

Retrieves the ThreatIntelSet that is specified by the ThreatIntelSet ID

guardduty_create_publishing_destination

Creates a publishing destination to export findings to

guardduty_disassociate_members

Disassociates GuardDuty member accounts (from the current administrator account) specified by the account IDs

guardduty_decline_invitations

Declines invitations sent to the current member account by Amazon Web Services accounts specified by their account IDs

guardduty_delete_malware_protection_plan

Deletes the Malware Protection plan ID associated with the Malware Protection plan resource

guardduty_enable_organization_admin_account

Designates an Amazon Web Services account within the organization as your GuardDuty delegated administrator

guardduty_describe_organization_configuration

Returns information about the account selected as the delegated administrator for GuardDuty

guardduty_disassociate_from_master_account

Disassociates the current GuardDuty member account from its administrator account

guardduty_create_sample_findings

Generates sample findings of types specified by the list of finding types

guardduty_delete_publishing_destination

Deletes the publishing definition with the specified destinationId

guardduty_describe_publishing_destination

Returns information about the publishing destination specified by the provided destinationId

guardduty_get_remaining_free_trial_days

Provides the number of days left for each data source used in the free trial period

guardduty_get_coverage_statistics

Retrieves aggregated statistics for your account

guardduty_disable_organization_admin_account

Removes the existing GuardDuty delegated administrator of the organization

guardduty_get_administrator_account

Provides the details of the GuardDuty administrator account associated with the current GuardDuty member account

guardduty_get_invitations_count

Returns the count of all GuardDuty membership invitations that were sent to the current member account except the currently accepted invitation

guardduty_delete_members

Deletes GuardDuty member accounts (to the current GuardDuty administrator account) specified by the account IDs

guardduty_get_ip_set

Retrieves the IPSet specified by the ipSetId

guardduty_get_findings

Describes Amazon GuardDuty findings specified by finding IDs

guardduty_delete_threat_intel_set

Deletes the ThreatIntelSet specified by the ThreatIntelSet ID

guardduty_get_members

Retrieves GuardDuty member accounts (of the current GuardDuty administrator account) specified by the account IDs

guardduty_get_master_account

Provides the details for the GuardDuty administrator account associated with the current GuardDuty member account

guardduty_get_findings_statistics

Lists Amazon GuardDuty findings statistics for the specified detector ID

guardduty_unarchive_findings

Unarchives GuardDuty findings specified by the findingIds

guardduty_get_detector

Retrieves an Amazon GuardDuty detector specified by the detectorId

guardduty_get_malware_scan_settings

Returns the details of the malware scan settings

guardduty_untag_resource

Removes tags from a resource

guardduty_get_malware_protection_plan

Retrieves the Malware Protection plan details associated with a Malware Protection plan ID

guardduty_list_malware_protection_plans

Lists the Malware Protection plan IDs associated with the protected resources in your Amazon Web Services account

guardduty_get_usage_statistics

Lists Amazon GuardDuty usage statistics over the last 30 days for the specified detector ID

guardduty_list_filters

Returns a paginated list of the current filters

guardduty_invite_members

Invites Amazon Web Services accounts to become members of an organization administered by the Amazon Web Services account that invokes this API

guardduty_list_coverage

Lists coverage details for your GuardDuty account

guardduty_get_organization_statistics

Retrieves how many active member accounts have each feature enabled within GuardDuty

guardduty_list_ip_sets

Lists the IPSets of the GuardDuty service specified by the detector ID

guardduty_get_filter

Returns the details of the filter specified by the filter name

guardduty_list_invitations

Lists all GuardDuty membership invitations that were sent to the current Amazon Web Services account

guardduty_update_detector

Updates the GuardDuty detector specified by the detector ID

guardduty_list_members

Lists details about all member accounts for the current GuardDuty administrator account

guardduty_get_member_detectors

Describes which data sources are enabled for the member account's detector

guardduty_list_findings

Lists GuardDuty findings for the specified detector ID

guardduty_list_tags_for_resource

Lists tags for a resource

guardduty_start_malware_scan

Initiates the malware scan

guardduty_stop_monitoring_members

Stops GuardDuty monitoring for the specified member accounts

guardduty_start_monitoring_members

Turns on GuardDuty monitoring of the specified member accounts

guardduty_list_threat_intel_sets

Lists the ThreatIntelSets of the GuardDuty service specified by the detector ID

guardduty_tag_resource

Adds tags to a resource

guardduty_update_filter

Updates the filter specified by the filter name

guardduty_list_organization_admin_accounts

Lists the accounts designated as GuardDuty delegated administrators

guardduty_list_publishing_destinations

Returns a list of publishing destinations associated with the specified detectorId

iam

AWS Identity and Access Management

guardduty_list_detectors

Lists detectorIds of all the existing Amazon GuardDuty detector resources

iam_add_client_id_to_open_id_connect_provider

Adds a new client ID (also known as audience) to the list of client IDs already registered for the specified IAM OpenID Connect (OIDC) provider resource

guardduty_update_findings_feedback

Marks the specified GuardDuty findings as useful or not useful

guardduty_update_ip_set

Updates the IPSet specified by the IPSet ID

guardduty_update_malware_protection_plan

Updates an existing Malware Protection plan resource

guardduty_update_threat_intel_set

Updates the ThreatIntelSet specified by the ThreatIntelSet ID

guardduty_update_publishing_destination

Updates information about the publishing destination specified by the destinationId

guardduty_update_member_detectors

Contains information on member accounts to be updated

guardduty_update_organization_configuration

Configures the delegated administrator account with the provided values

guardduty_update_malware_scan_settings

Updates the malware scan settings

iam_attach_user_policy

Attaches the specified managed policy to the specified user

iam_create_instance_profile

Creates a new instance profile

iam_add_role_to_instance_profile

Adds the specified IAM role to the specified instance profile

iam_create_access_key

Creates a new Amazon Web Services secret access key and corresponding Amazon Web Services access key ID for the specified user

iam_create_group

Creates a new group

iam_create_account_alias

Creates an alias for your Amazon Web Services account

iam_attach_group_policy

Attaches the specified managed policy to the specified IAM group

iam_change_password

Changes the password of the IAM user who is calling this operation

iam_attach_role_policy

Attaches the specified managed policy to the specified IAM role

iam_add_user_to_group

Adds the specified user to the specified group

iam_create_service_specific_credential

Generates a set of credentials consisting of a user name and password that can be used to access the service specified in the request

iam_create_service_linked_role

Creates an IAM role that is linked to a specific Amazon Web Services service

iam_create_saml_provider

Creates an IAM resource that describes an identity provider (IdP) that supports SAML 2

iam_create_login_profile

Creates a password for the specified IAM user

iam_create_virtual_mfa_device

Creates a new virtual MFA device for the Amazon Web Services account

iam_delete_instance_profile

Deletes the specified instance profile

iam_delete_account_password_policy

Deletes the password policy for the Amazon Web Services account

iam_create_open_id_connect_provider

Creates an IAM entity to describe an identity provider (IdP) that supports OpenID Connect (OIDC)

iam_create_policy

Creates a new managed policy for your Amazon Web Services account

iam_deactivate_mfa_device

Deactivates the specified MFA device and removes it from association with the user name for which it was originally enabled

iam_delete_account_alias

Deletes the specified Amazon Web Services account alias

iam_create_role

Creates a new role for your Amazon Web Services account

iam_delete_login_profile

Deletes the password for the specified IAM user, For more information, see Managing passwords for IAM users

iam_create_policy_version

Creates a new version of the specified managed policy

iam_delete_access_key

Deletes the access key pair associated with the specified IAM user

iam_delete_group_policy

Deletes the specified inline policy that is embedded in the specified IAM group

iam_delete_open_id_connect_provider

Deletes an OpenID Connect identity provider (IdP) resource object in IAM

iam_delete_policy

Deletes the specified managed policy

iam_create_user

Creates a new IAM user for your Amazon Web Services account

iam_delete_group

Deletes the specified IAM group

iam_delete_role_permissions_boundary

Deletes the permissions boundary for the specified IAM role

iam_delete_service_linked_role

Submits a service-linked role deletion request and returns a DeletionTaskId, which you can use to check the status of the deletion

iam_delete_signing_certificate

Deletes a signing certificate associated with the specified IAM user

iam_delete_ssh_public_key

Deletes the specified SSH public key

iam_delete_service_specific_credential

Deletes the specified service-specific credential

iam_delete_user_policy

Deletes the specified inline policy that is embedded in the specified IAM user

iam_delete_saml_provider

Deletes a SAML provider resource in IAM

iam_generate_credential_report

Generates a credential report for the Amazon Web Services account

iam_delete_role_policy

Deletes the specified inline policy that is embedded in the specified IAM role

iam_delete_server_certificate

Deletes the specified server certificate

iam_delete_virtual_mfa_device

Deletes a virtual MFA device

iam_detach_user_policy

Removes the specified managed policy from the specified user

iam_delete_user_permissions_boundary

Deletes the permissions boundary for the specified IAM user

iam_delete_policy_version

Deletes the specified version from the specified managed policy

iam_generate_organizations_access_report

Generates a report for service last accessed data for Organizations

iam_delete_role

Deletes the specified role

iam_delete_user

Deletes the specified IAM user

iam_detach_group_policy

Removes the specified managed policy from the specified IAM group

iam_enable_mfa_device

Enables the specified MFA device and associates it with the specified IAM user

iam_detach_role_policy

Removes the specified managed policy from the specified role

iam_get_context_keys_for_principal_policy

Gets a list of all of the context keys referenced in all the IAM policies that are attached to the specified IAM entity

iam_get_account_summary

Retrieves information about IAM entity usage and IAM quotas in the Amazon Web Services account

iam_get_group

Returns a list of IAM users that are in the specified IAM group

iam_generate_service_last_accessed_details

Generates a report that includes details about when an IAM resource (user, group, role, or policy) was last used in an attempt to access Amazon Web Services services

iam_get_group_policy

Retrieves the specified inline policy document that is embedded in the specified IAM group

iam_get_account_authorization_details

Retrieves information about all IAM users, groups, roles, and policies in your Amazon Web Services account, including their relationships to one another

iam_get_account_password_policy

Retrieves the password policy for the Amazon Web Services account

iam_get_context_keys_for_custom_policy

Gets a list of all of the context keys referenced in the input policies

iam_get_access_key_last_used

Retrieves information about when the specified access key was last used

iam_get_credential_report

Retrieves a credential report for the Amazon Web Services account

iam_get_instance_profile

Retrieves information about the specified instance profile, including the instance profile's path, GUID, ARN, and role

iam_get_mfa_device

Retrieves information about an MFA device for a specified user

iam_get_open_id_connect_provider

Returns information about the specified OpenID Connect (OIDC) provider resource object in IAM

iam_get_login_profile

Retrieves the user name for the specified IAM user

iam_get_saml_provider

Returns the SAML provider metadocument that was uploaded when the IAM SAML provider resource object was created or updated

iam_get_organizations_access_report

Retrieves the service last accessed data report for Organizations that was previously generated using the GenerateOrganizationsAccessReport operation

iam_get_policy

Retrieves information about the specified managed policy, including the policy's default version and the total number of IAM users, groups, and roles to which the policy is attached

iam_get_role_policy

Retrieves the specified inline policy document that is embedded with the specified IAM role

iam_get_policy_version

Retrieves information about the specified version of the specified managed policy, including the policy document

iam_get_role

Retrieves information about the specified role, including the role's path, GUID, ARN, and the role's trust policy that grants permission to assume the role

iam_list_account_aliases

Lists the account alias associated with the Amazon Web Services account (Note: you can have only one)

iam_get_service_last_accessed_details_with_entities

After you generate a group or policy report using the GenerateServiceLastAccessedDetails operation, you can use the JobId parameter in GetServiceLastAccessedDetailsWithEntities

iam_get_service_last_accessed_details

Retrieves a service last accessed report that was created using the GenerateServiceLastAccessedDetails operation

iam_get_server_certificate

Retrieves information about the specified server certificate stored in IAM

iam_list_access_keys

Returns information about the access key IDs associated with the specified IAM user

iam_get_user

Retrieves information about the specified IAM user, including the user's creation date, path, unique ID, and ARN

iam_get_ssh_public_key

Retrieves the specified SSH public key, including metadata about the key

iam_get_user_policy

Retrieves the specified inline policy document that is embedded in the specified IAM user

iam_list_attached_group_policies

Lists all managed policies that are attached to the specified IAM group

iam_list_attached_role_policies

Lists all managed policies that are attached to the specified IAM role

iam_list_mfa_device_tags

Lists the tags that are attached to the specified IAM virtual multi-factor authentication (MFA) device

iam_get_service_linked_role_deletion_status

Retrieves the status of your service-linked role deletion

iam_list_instance_profiles

Lists the instance profiles that have the specified path prefix

iam_list_instance_profiles_for_role

Lists the instance profiles that have the specified associated IAM role

iam_list_entities_for_policy

Lists all IAM users, groups, and roles that the specified managed policy is attached to

iam_list_groups

Lists the IAM groups that have the specified path prefix

iam_list_group_policies

Lists the names of the inline policies that are embedded in the specified IAM group

iam_list_open_id_connect_provider_tags

Lists the tags that are attached to the specified OpenID Connect (OIDC)-compatible identity provider

iam_list_policy_versions

Lists information about the versions of the specified managed policy, including the version that is currently set as the policy's default version

iam_list_groups_for_user

Lists the IAM groups that the specified IAM user belongs to

iam_list_role_tags

Lists the tags that are attached to the specified role

iam_list_roles

Lists the IAM roles that have the specified path prefix

iam_list_instance_profile_tags

Lists the tags that are attached to the specified IAM instance profile

iam_list_attached_user_policies

Lists all managed policies that are attached to the specified IAM user

iam_list_role_policies

Lists the names of the inline policies that are embedded in the specified IAM role

iam_list_mfa_devices

Lists the MFA devices for an IAM user

iam_list_policies_granting_service_access

Retrieves a list of policies that the IAM identity (user, group, or role) can use to access each specified service

iam_list_policy_tags

Lists the tags that are attached to the specified IAM customer managed policy

iam_list_saml_providers

Lists the SAML provider resource objects defined in IAM in the account

iam_list_user_tags

Lists the tags that are attached to the specified IAM user

iam_list_server_certificate_tags

Lists the tags that are attached to the specified IAM server certificate

iam_list_server_certificates

Lists the server certificates stored in IAM that have the specified path prefix

iam_list_saml_provider_tags

Lists the tags that are attached to the specified Security Assertion Markup Language (SAML) identity provider

iam_list_users

Lists the IAM users that have the specified path prefix

iam_put_role_permissions_boundary

Adds or updates the policy that is specified as the IAM role's permissions boundary

iam_put_user_policy

Adds or updates an inline policy document that is embedded in the specified IAM user

iam_list_signing_certificates

Returns information about the signing certificates associated with the specified IAM user

iam_put_user_permissions_boundary

Adds or updates the policy that is specified as the IAM user's permissions boundary

iam_list_service_specific_credentials

Returns information about the service-specific credentials associated with the specified IAM user

iam_list_policies

Lists all the managed policies that are available in your Amazon Web Services account, including your own customer-defined managed policies and all Amazon Web Services managed policies

iam_put_group_policy

Adds or updates an inline policy document that is embedded in the specified IAM group

iam_remove_role_from_instance_profile

Removes the specified IAM role from the specified Amazon EC2 instance profile

iam_list_virtual_mfa_devices

Lists the virtual MFA devices defined in the Amazon Web Services account by assignment status

iam_remove_client_id_from_open_id_connect_provider

Removes the specified client ID (also known as audience) from the list of client IDs registered for the specified IAM OpenID Connect (OIDC) provider resource object

iam_list_open_id_connect_providers

Lists information about the IAM OpenID Connect (OIDC) provider resource objects defined in the Amazon Web Services account

iam_tag_open_id_connect_provider

Adds one or more tags to an OpenID Connect (OIDC)-compatible identity provider

iam_simulate_custom_policy

Simulate how a set of IAM policies and optionally a resource-based policy works with a list of API operations and Amazon Web Services resources to determine the policies' effective permissions

iam_resync_mfa_device

Synchronizes the specified MFA device with its IAM resource object on the Amazon Web Services servers

iam_set_default_policy_version

Sets the specified version of the specified policy as the policy's default (operative) version

iam_untag_server_certificate

Removes the specified tags from the IAM server certificate

iam_untag_saml_provider

Removes the specified tags from the specified Security Assertion Markup Language (SAML) identity provider in IAM

iam_put_role_policy

Adds or updates an inline policy document that is embedded in the specified IAM role

iam_tag_mfa_device

Adds one or more tags to an IAM virtual multi-factor authentication (MFA) device

iam_list_ssh_public_keys

Returns information about the SSH public keys associated with the specified IAM user

iam_tag_user

Adds one or more tags to an IAM user

iam_tag_saml_provider

Adds one or more tags to a Security Assertion Markup Language (SAML) identity provider

iam_list_user_policies

Lists the names of the inline policies embedded in the specified IAM user

iam_set_security_token_service_preferences

Sets the specified version of the global endpoint token as the token version used for the Amazon Web Services account

iam_update_role_description

Use UpdateRole instead

iam_tag_instance_profile

Adds one or more tags to an IAM instance profile

iam_update_access_key

Changes the status of the specified access key from Active to Inactive, or vice versa

iam_untag_instance_profile

Removes the specified tags from the IAM instance profile

iam_tag_policy

Adds one or more tags to an IAM customer managed policy

iam_untag_mfa_device

Removes the specified tags from the IAM virtual multi-factor authentication (MFA) device

iam_untag_user

Removes the specified tags from the user

iam_untag_policy

Removes the specified tags from the customer managed policy

iam_simulate_principal_policy

Simulate how a set of IAM policies attached to an IAM entity works with a list of API operations and Amazon Web Services resources to determine the policies' effective permissions

iam_untag_open_id_connect_provider

Removes the specified tags from the specified OpenID Connect (OIDC)-compatible identity provider in IAM

iam_remove_user_from_group

Removes the specified user from the specified group

iam_tag_server_certificate

Adds one or more tags to an IAM server certificate

iam_reset_service_specific_credential

Resets the password for a service-specific credential

iamrolesanywhere_create_profile

Creates a profile, a list of the roles that Roles Anywhere service is trusted to assume

iam_tag_role

Adds one or more tags to an IAM role

iam_update_server_certificate

Updates the name and/or the path of the specified server certificate stored in IAM

iam_update_saml_provider

Updates the metadata document for an existing SAML provider resource object

iam_upload_signing_certificate

Uploads an X

iam_update_account_password_policy

Updates the password policy settings for the Amazon Web Services account

iamrolesanywhere_enable_profile

Enables temporary credential requests for a profile

iamrolesanywhere_get_profile

Gets a profile

iamrolesanywhere_list_subjects

Lists the subjects in the authenticated account and Amazon Web Services Region

iam_update_group

Updates the name and/or the path of the specified IAM group

iam_update_user

Updates the name and/or the path of the specified IAM user

iam_untag_role

Removes the specified tags from the role

iam_update_service_specific_credential

Sets the status of a service-specific credential to Active or Inactive

iamrolesanywhere_delete_trust_anchor

Deletes a trust anchor

iamrolesanywhere_update_crl

Updates the certificate revocation list (CRL)

iam_upload_server_certificate

Uploads a server certificate entity for the Amazon Web Services account

iamrolesanywhere

IAM Roles Anywhere

iam_update_login_profile

Changes the password for the specified IAM user

iamrolesanywhere_untag_resource

Removes tags from the resource

iamrolesanywhere_list_tags_for_resource

Lists the tags attached to the resource

iamrolesanywhere_enable_crl

Enables a certificate revocation list (CRL)

iam_update_open_id_connect_provider_thumbprint

Replaces the existing list of server certificate thumbprints associated with an OpenID Connect (OIDC) provider resource object with a new list of thumbprints

identitystore_delete_user

Deletes a user within an identity store given UserId

iam_update_assume_role_policy

Updates the policy that grants an IAM entity permission to assume a role

iamrolesanywhere_list_crls

Lists all certificate revocation lists (CRL) in the authenticated account and Amazon Web Services Region

iamrolesanywhere_disable_crl

Disables a certificate revocation list (CRL)

iam_update_role

Updates the description or maximum session duration setting of a role

iamrolesanywhere_create_trust_anchor

Creates a trust anchor to establish trust between IAM Roles Anywhere and your certificate authority (CA)

identitystore_describe_group_membership

Retrieves membership metadata and attributes from MembershipId in an identity store

iamrolesanywhere_put_attribute_mapping

Put an entry in the attribute mapping rules that will be enforced by a given profile

identitystore_describe_group

Retrieves the group metadata and attributes from GroupId in an identity store

iamrolesanywhere_disable_trust_anchor

Disables a trust anchor

iamrolesanywhere_tag_resource

Attaches tags to a resource

iamrolesanywhere_list_profiles

Lists all profiles in the authenticated account and Amazon Web Services Region

iamrolesanywhere_disable_profile

Disables a profile

iam_update_signing_certificate

Changes the status of the specified user signing certificate from active to disabled, or vice versa

inspector2_associate_member

Associates an Amazon Web Services account with an Amazon Inspector delegated administrator

iamrolesanywhere_update_profile

Updates a profile, a list of the roles that IAM Roles Anywhere service is trusted to assume

iam_update_ssh_public_key

Sets the status of an IAM user's SSH public key to active or inactive

identitystore_list_users

Lists all users in the identity store

iamrolesanywhere_get_subject

Gets a subject, which associates a certificate identity with authentication attempts

identitystore_get_group_id

Retrieves GroupId in an identity store

identitystore_update_group

For the specified group in the specified identity store, updates the group metadata and attributes

iamrolesanywhere_delete_crl

Deletes a certificate revocation list (CRL)

iamrolesanywhere_list_trust_anchors

Lists the trust anchors in the authenticated account and Amazon Web Services Region

inspector2_batch_get_member_ec_2_deep_inspection_status

Retrieves Amazon Inspector deep inspection activation status of multiple member accounts within your organization

identitystore

AWS SSO Identity Store

identitystore_is_member_in_groups

Checks the user's membership in all requested groups and returns if the member exists in all queried groups

identitystore_describe_user

Retrieves the user metadata and attributes from the UserId in an identity store

identitystore_list_group_memberships

For the specified group in the specified identity store, returns the list of all GroupMembership objects and returns results in paginated form

inspector2_list_delegated_admin_accounts

Lists information about the Amazon Inspector delegated administrator of your organization

inspector2_create_sbom_export

Creates a software bill of materials (SBOM) report

iam_upload_ssh_public_key

Uploads an SSH public key and associates it with the specified IAM user

inspector2_get_delegated_admin_account

Retrieves information about the Amazon Inspector delegated administrator for your organization

inspector2_get_configuration

Retrieves setting configurations for Inspector scans

identitystore_create_group_membership

Creates a relationship between a member and a group

inspector2_batch_update_member_ec_2_deep_inspection_status

Activates or deactivates Amazon Inspector deep inspection for the provided member accounts in your organization

identitystore_create_user

Creates a user within the specified identity store

identitystore_create_group

Creates a group within the specified identity store

inspector2_send_cis_session_telemetry

Sends a CIS session telemetry

inspector2_create_findings_report

Creates a finding report

iamrolesanywhere_delete_profile

Deletes a profile

iamrolesanywhere_import_crl

Imports the certificate revocation list (CRL)

inspector2_list_filters

Lists the filters associated with your account

iamrolesanywhere_get_trust_anchor

Gets a trust anchor

inspector2_enable_delegated_admin_account

Enables the Amazon Inspector delegated administrator for your Organizations organization

iamrolesanywhere_delete_attribute_mapping

Delete an entry from the attribute mapping rules enforced by a given profile

identitystore_delete_group

Delete a group within an identity store given GroupId

inspector2_start_cis_session

Starts a CIS session

inspector2_batch_get_finding_details

Gets vulnerability details for findings

iamrolesanywhere_enable_trust_anchor

Enables a trust anchor

inspector2_enable

Enables Amazon Inspector scans for one or more Amazon Web Services accounts

inspector2_cancel_findings_report

Cancels the given findings report

inspector2_list_finding_aggregations

Lists aggregated finding data for your environment based on specific criteria

identitystore_delete_group_membership

Delete a membership within a group given MembershipId

iamrolesanywhere_put_notification_settings

Attaches a list of notification settings to a trust anchor

inspector2_list_coverage_statistics

Lists Amazon Inspector coverage statistics for your environment

iamrolesanywhere_get_crl

Gets a certificate revocation list (CRL)

inspector2_list_findings

Lists findings for your environment

inspector2_update_cis_scan_configuration

Updates a CIS scan configuration

iamrolesanywhere_update_trust_anchor

Updates a trust anchor

identitystore_get_group_membership_id

Retrieves the MembershipId in an identity store

inspector2_stop_cis_session

Stops a CIS session

inspector2_list_coverage

Lists coverage details for you environment

inspector_describe_assessment_runs

Describes the assessment runs that are specified by the ARNs of the assessment runs

inspector2_tag_resource

Adds tags to a resource

iamrolesanywhere_reset_notification_settings

Resets the custom notification setting to IAM Roles Anywhere default setting

inspector2_get_findings_report_status

Gets the status of a findings report

identitystore_get_user_id

Retrieves the UserId in an identity store

inspector_list_tags_for_resource

Lists all tags associated with an assessment template

inspector_list_rules_packages

Lists all available Amazon Inspector rules packages

inspector_describe_assessment_targets

Describes the assessment targets that are specified by the ARNs of the assessment targets

inspector_subscribe_to_event

Enables the process of sending Amazon Simple Notification Service (SNS) notifications about a specified event to a specified SNS topic

identitystore_list_group_memberships_for_member

For the specified member in the specified identity store, returns the list of all GroupMembership objects and returns results in paginated form

inspector_create_assessment_template

Creates an assessment template for the assessment target that is specified by the ARN of the assessment target

inspector2_untag_resource

Removes tags from a resource

identitystore_list_groups

Lists all groups in the identity store

inspector_create_exclusions_preview

Starts the generation of an exclusions preview for the specified assessment template

inspector

Amazon Inspector

inspector2

Inspector2

inspector_list_assessment_templates

Lists the assessment templates that correspond to the assessment targets that are specified by the ARNs of the assessment targets

inspector_describe_exclusions

Describes the exclusions that are specified by the exclusions' ARNs

inspector_describe_findings

Describes the findings that are specified by the ARNs of the findings

inspector2_get_ec_2_deep_inspection_configuration

Retrieves the activation status of Amazon Inspector deep inspection and custom paths associated with your account

inspector2_create_filter

Creates a filter resource using specified filter criteria

inspector2_list_cis_scans

Returns a CIS scan list

inspector2_cancel_sbom_export

Cancels a software bill of materials (SBOM) report

inspector2_describe_organization_configuration

Describe Amazon Inspector configuration settings for an Amazon Web Services organization

inspector2_batch_get_code_snippet

Retrieves code snippets from findings that Amazon Inspector detected code vulnerabilities in

inspector2_create_cis_scan_configuration

Creates a CIS scan configuration

kms

AWS Key Management Service

inspector2_batch_get_free_trial_info

Gets free trial status for multiple Amazon Web Services accounts

inspector_list_findings

Lists findings that are generated by the assessment runs that are specified by the ARNs of the assessment runs

inspector2_search_vulnerabilities

Lists Amazon Inspector coverage details for a specific vulnerability

inspector2_delete_cis_scan_configuration

Deletes a CIS scan configuration

inspector2_list_cis_scan_results_aggregated_by_checks

Lists scan results aggregated by checks

inspector2_disassociate_member

Disassociates a member account from an Amazon Inspector delegated administrator

inspector2_get_cis_scan_report

Retrieves a CIS scan report

inspector2_disable_delegated_admin_account

Disables the Amazon Inspector delegated administrator for your organization

inspector2_get_encryption_key

Gets an encryption key

identitystore_update_user

For the specified user in the specified identity store, updates the user metadata and attributes

inspector2_disable

Disables Amazon Inspector scans for one or more Amazon Web Services accounts

inspector_list_event_subscriptions

Lists all the event subscriptions for the assessment template that is specified by the ARN of the assessment template

inspector2_update_org_ec_2_deep_inspection_configuration

Updates the Amazon Inspector deep inspection custom paths for your organization

inspector2_list_cis_scan_configurations

Lists CIS scan configurations

inspector2_list_usage_totals

Lists the Amazon Inspector usage totals over the last 30 days

inspector2_batch_get_account_status

Retrieves the Amazon Inspector status of multiple Amazon Web Services accounts within your environment

inspector_unsubscribe_from_event

Disables the process of sending Amazon Simple Notification Service (SNS) notifications about a specified event to a specified SNS topic

inspector_get_telemetry_metadata

Information about the data that is collected for the specified assessment run

inspector2_send_cis_session_health

Sends a CIS session health

inspector_update_assessment_target

Updates the assessment target that is specified by the ARN of the assessment target

inspector_list_assessment_runs

Lists the assessment runs that correspond to the assessment templates that are specified by the ARNs of the assessment templates

inspector2_update_filter

Specifies the action that is to be applied to the findings that match the filter

inspector2_get_cis_scan_result_details

Retrieves CIS scan result details

inspector_remove_attributes_from_findings

Removes entire attributes (key and value pairs) from the findings that are specified by the ARNs of the findings where an attribute with the specified key exists

kms_enable_key

Sets the key state of a KMS key to enabled

inspector_list_assessment_run_agents

Lists the agents of the assessment runs that are specified by the ARNs of the assessment runs

kms_derive_shared_secret

Derives a shared secret using a key agreement algorithm

inspector_list_exclusions

List exclusions that are generated by the assessment run

kms_create_alias

Creates a friendly name for a KMS key

kms_enable_key_rotation

Enables automatic rotation of the key material of the specified symmetric encryption KMS key

kms_describe_custom_key_stores

Gets information about custom key stores in the account and Region

inspector2_list_cis_scan_results_aggregated_by_target_resource

Lists scan results aggregated by a target resource

kms_disconnect_custom_key_store

Disconnects the custom key store from its backing key store

inspector2_list_account_permissions

Lists the permissions an account has to configure Amazon Inspector

inspector2_get_member

Gets member information for your organization

inspector2_get_sbom_export

Gets details of a software bill of materials (SBOM) report

inspector2_delete_filter

Deletes a filter resource

inspector2_update_encryption_key

Updates an encryption key

inspector2_reset_encryption_key

Resets an encryption key

kms_generate_mac

Generates a hash-based message authentication code (HMAC) for a message using an HMAC KMS key and a MAC algorithm that the key supports

kms_create_custom_key_store

Creates a custom key store backed by a key store that you own and manage

inspector_stop_assessment_run

Stops the assessment run that is specified by the ARN of the assessment run

inspector_start_assessment_run

Starts the assessment run specified by the ARN of the assessment template

inspector_create_resource_group

Creates a resource group using the specified set of tags (key and value pairs) that are used to select the EC2 instances to be included in an Amazon Inspector assessment target

kms_encrypt

Encrypts plaintext of up to 4,096 bytes using a KMS key

kms_generate_data_key_without_plaintext

Returns a unique symmetric data key for use outside of KMS

inspector_delete_assessment_run

Deletes the assessment run that is specified by the ARN of the assessment run

inspector_preview_agents

Previews the agents installed on the EC2 instances that are part of the specified assessment target

inspector2_update_organization_configuration

Updates the configurations for your Amazon Inspector organization

kms_list_aliases

Gets a list of aliases in the caller's Amazon Web Services account and region

inspector_describe_assessment_templates

Describes the assessment templates that are specified by the ARNs of the assessment templates

inspector_add_attributes_to_findings

Assigns attributes (key and value pairs) to the findings that are specified by the ARNs of the findings

inspector_describe_cross_account_access_role

Describes the IAM role that enables Amazon Inspector to access your AWS account

inspector2_list_tags_for_resource

Lists all tags attached to a given resource

inspector_describe_resource_groups

Describes the resource groups that are specified by the ARNs of the resource groups

kms_disable_key_rotation

Disables automatic rotation of the key material of the specified symmetric encryption KMS key

inspector_delete_assessment_template

Deletes the assessment template that is specified by the ARN of the assessment template

inspector2_list_members

List members associated with the Amazon Inspector delegated administrator for your organization

kms_generate_data_key

Returns a unique symmetric data key for use outside of KMS

kms_list_key_rotations

Returns information about all completed key material rotations for the specified KMS key

inspector_delete_assessment_target

Deletes the assessment target that is specified by the ARN of the assessment target

kms_get_public_key

Returns the public key of an asymmetric KMS key

kms_delete_imported_key_material

Deletes key material that was previously imported

kms_list_retirable_grants

Returns information about all grants in the Amazon Web Services account and Region that have the specified retiring principal

kms_import_key_material

Imports or reimports key material into an existing KMS key that was created without key material

inspector_create_assessment_target

Creates a new assessment target using the ARN of the resource group that is generated by CreateResourceGroup

kms_list_key_policies

Gets the names of the key policies that are attached to a KMS key

inspector2_update_configuration

Updates setting configurations for your Amazon Inspector account

macie2_decline_invitations

Declines Amazon Macie membership invitations that were received from specific accounts

kms_list_grants

Gets a list of all grants for the specified KMS key

inspector_describe_rules_packages

Describes the rules packages that are specified by the ARNs of the rules packages

inspector_list_assessment_targets

Lists the ARNs of the assessment targets within this AWS account

inspector_set_tags_for_resource

Sets tags (key and value pairs) to the assessment template that is specified by the ARN of the assessment template

inspector_register_cross_account_access_role

Registers the IAM role that grants Amazon Inspector access to AWS Services needed to perform security assessments

kms_connect_custom_key_store

Connects or reconnects a custom key store to its backing key store

inspector_get_exclusions_preview

Retrieves the exclusions preview (a list of ExclusionPreview objects) specified by the preview token

kms_untag_resource

Deletes tags from a customer managed key

macie2_get_finding_statistics

Retrieves (queries) aggregated statistical data about findings

macie2_create_member

Associates an account with an Amazon Macie administrator account

kms_verify_mac

Verifies the hash-based message authentication code (HMAC) for a specified message, HMAC KMS key, and MAC algorithm

macie2_create_sample_findings

Creates sample findings

kms_cancel_key_deletion

Cancels the deletion of a KMS key

inspector_get_assessment_report

Produces an assessment report that includes detailed and comprehensive results of a specified assessment run

inspector2_update_ec_2_deep_inspection_configuration

Activates, deactivates Amazon Inspector deep inspection, or updates custom paths for your account

macie2_delete_allow_list

Deletes an allow list

kms_schedule_key_deletion

Schedules the deletion of a KMS key

macie2_delete_custom_data_identifier

Soft deletes a custom data identifier

kms_update_alias

Associates an existing KMS alias with a different KMS key

kms_decrypt

Decrypts ciphertext that was encrypted by a KMS key using any of the following operations:

kms_delete_custom_key_store

Deletes a custom key store

macie2_disable_macie

Disables Amazon Macie and deletes all settings and resources for a Macie account

kms_update_custom_key_store

Changes the properties of a custom key store

kms_put_key_policy

Attaches a key policy to the specified KMS key

macie2_get_administrator_account

Retrieves information about the Amazon Macie administrator account for an account

macie2_describe_organization_configuration

Retrieves the Amazon Macie configuration settings for an organization in Organizations

macie2_list_classification_jobs

Retrieves a subset of information about one or more classification jobs

macie2_get_custom_data_identifier

Retrieves the criteria and other settings for a custom data identifier

kms_update_key_description

Updates the description of a KMS key

macie2_get_classification_scope

Retrieves the classification scope settings for an account

kms_delete_alias

Deletes the specified alias

macie2_batch_get_custom_data_identifiers

Retrieves information about one or more custom data identifiers

macie2_accept_invitation

Accepts an Amazon Macie membership invitation that was received from a specific account

macie2_test_custom_data_identifier

Tests criteria for a custom data identifier

macie2_list_classification_scopes

Retrieves a subset of information about the classification scope for an account

macie2_tag_resource

Adds or updates one or more tags (keys and values) that are associated with an Amazon Macie resource

kms_create_grant

Adds a grant to a KMS key

macie2_get_resource_profile

Retrieves (queries) sensitive data discovery statistics and the sensitivity score for an S3 bucket

macie2_get_usage_statistics

Retrieves (queries) quotas and aggregated usage data for one or more accounts

macie2_create_findings_filter

Creates and defines the criteria and other settings for a findings filter

kms_generate_data_key_pair

Returns a unique asymmetric data key pair for use outside of KMS

macie2_get_findings_filter

Retrieves the criteria and other settings for a findings filter

kms_get_key_rotation_status

Provides detailed information about the rotation status for a KMS key, including whether automatic rotation of the key material is enabled for the specified KMS key, the rotation period, and the next scheduled rotation date

kms_replicate_key

Replicates a multi-Region key into the specified Region

macie2_get_findings_publication_configuration

Retrieves the configuration settings for publishing findings to Security Hub

kms_create_key

Creates a unique customer managed KMS key in your Amazon Web Services account and Region

macie2_get_allow_list

Retrieves the settings and status of an allow list

macie2_untag_resource

Removes one or more tags (keys and values) from an Amazon Macie resource

kms_generate_data_key_pair_without_plaintext

Returns a unique asymmetric data key pair for use outside of KMS

macie2_create_invitations

Sends an Amazon Macie membership invitation to one or more accounts

kms_describe_key

Provides detailed information about a KMS key

kms_get_key_policy

Gets a key policy attached to the specified KMS key

macie2_get_usage_totals

Retrieves (queries) aggregated usage data for an account

kms_disable_key

Sets the state of a KMS key to disabled

kms_get_parameters_for_import

Returns the public key and an import token you need to import or reimport key material for a KMS key

macie2_put_findings_publication_configuration

Updates the configuration settings for publishing findings to Security Hub

macie2_get_bucket_statistics

Retrieves (queries) aggregated statistical data about all the S3 buckets that Amazon Macie monitors and analyzes for an account

macie2_get_findings

Retrieves the details of one or more findings

macie2_update_allow_list

Updates the settings for an allow list

macie2_delete_findings_filter

Deletes a findings filter

macie2_update_macie_session

Suspends or re-enables Amazon Macie, or updates the configuration settings for a Macie account

pcaconnectorad_delete_template

Deletes a template

pcaconnectorad_delete_connector

Deletes a connector for Active Directory

kms_retire_grant

Deletes a grant

pcaconnectorad_create_template_group_access_control_entry

Create a group access control entry

macie2_get_member

Retrieves information about an account that's associated with an Amazon Macie administrator account

macie2_delete_invitations

Deletes Amazon Macie membership invitations that were received from specific accounts

kms_revoke_grant

Deletes the specified grant

macie2_get_automated_discovery_configuration

Retrieves the configuration settings and status of automated sensitive data discovery for an organization or standalone account

macie2_update_sensitivity_inspection_template

Updates the settings for the sensitivity inspection template for an account

kms_generate_random

Returns a random byte string that is cryptographically secure

macie2_search_resources

Retrieves (queries) statistical data and other information about Amazon Web Services resources that Amazon Macie monitors and analyzes

pcaconnectorad_delete_template_group_access_control_entry

Deletes a group access control entry

kms_list_keys

Gets a list of all KMS keys in the caller's Amazon Web Services account and Region

pcaconnectorad_get_connector

Lists information about your connector

macie2_list_invitations

Retrieves information about Amazon Macie membership invitations that were received by an account

pcaconnectorad_list_directory_registrations

Lists the directory registrations that you created by using the https://docs

macie2_list_findings_filters

Retrieves a subset of information about all the findings filters for an account

pcaconnectorad_create_connector

Creates a connector between Amazon Web Services Private CA and an Active Directory

macie2_update_organization_configuration

Updates the Amazon Macie configuration settings for an organization in Organizations

pcaconnectorad_get_service_principal_name

Lists the service principal name that the connector uses to authenticate with Active Directory

kms_update_primary_region

Changes the primary key of a multi-Region key

macie2_update_member_session

Enables an Amazon Macie administrator to suspend or re-enable Macie for a member account

kms_sign

Creates a digital signature for a message or message digest by using the private key in an asymmetric signing KMS key

pcaconnectorad_tag_resource

Adds one or more tags to your resource

pcaconnectorad_create_directory_registration

Creates a directory registration that authorizes communication between Amazon Web Services Private CA and an Active Directory

macie2

Amazon Macie 2

macie2_update_resource_profile

Updates the sensitivity score for an S3 bucket

macie2_disassociate_from_master_account

(Deprecated) Disassociates a member account from its Amazon Macie administrator account

macie2_get_classification_export_configuration

Retrieves the configuration settings for storing data classification results

pcaconnectorad_get_template

Retrieves a certificate template that the connector uses to issue certificates from a private CA

pcaconnectorad_list_service_principal_names

Lists the service principal names that the connector uses to authenticate with Active Directory

macie2_delete_member

Deletes the association between an Amazon Macie administrator account and an account

macie2_disassociate_member

Disassociates an Amazon Macie administrator account from a member account

kms_verify

Verifies a digital signature that was generated by the Sign operation

pcaconnectorad_list_templates

Lists the templates, if any, that are associated with a connector

ram_delete_permission_version

Deletes one version of a customer managed permission

macie2_get_macie_session

Retrieves the status and configuration settings for an Amazon Macie account

kms_rotate_key_on_demand

Immediately initiates rotation of the key material of the specified symmetric encryption KMS key

kms_tag_resource

Adds or edits tags on a customer managed key

kms_list_resource_tags

Returns all tags on the specified KMS key

kms_re_encrypt

Decrypts ciphertext and then reencrypts it entirely within KMS

ram_list_permissions

Retrieves a list of available RAM permissions that you can use for the supported resource types

macie2_update_resource_profile_detections

Updates the sensitivity scoring settings for an S3 bucket

macie2_list_members

Retrieves information about the accounts that are associated with an Amazon Macie administrator account

pcaconnectorad_get_directory_registration

A structure that contains information about your directory registration

macie2_create_allow_list

Creates and defines the settings for an allow list

macie2_list_managed_data_identifiers

Retrieves information about all the managed data identifiers that Amazon Macie currently provides

ram_delete_resource_share

Deletes the specified resource share

ram_promote_permission_created_from_policy

When you attach a resource-based policy to a resource, RAM automatically creates a resource share of featureSet=CREATED_FROM_POLICY with a managed permission that has the same IAM permissions as the original resource-based policy

macie2_batch_update_automated_discovery_accounts

Changes the status of automated sensitive data discovery for one or more accounts

macie2_get_master_account

(Deprecated) Retrieves information about the Amazon Macie administrator account for an account

macie2_list_tags_for_resource

Retrieves the tags (keys and values) that are associated with an Amazon Macie resource

macie2_enable_macie

Enables Amazon Macie and specifies the configuration settings for a Macie account

macie2_enable_organization_admin_account

Designates an account as the delegated Amazon Macie administrator account for an organization in Organizations

macie2_get_reveal_configuration

Retrieves the status and configuration settings for retrieving occurrences of sensitive data reported by findings

macie2_get_sensitivity_inspection_template

Retrieves the settings for the sensitivity inspection template for an account

macie2_disable_organization_admin_account

Disables an account as the delegated Amazon Macie administrator account for an organization in Organizations

macie2_put_classification_export_configuration

Adds or updates the configuration settings for storing data classification results

pcaconnectorad

PcaConnectorAd

macie2_update_reveal_configuration

Updates the status and configuration settings for retrieving occurrences of sensitive data reported by findings

macie2_describe_buckets

Retrieves (queries) statistical data and other information about one or more S3 buckets that Amazon Macie monitors and analyzes for an account

ram_list_principals

Lists the principals that you are sharing resources with or that are sharing resources with you

pcaconnectorad_list_template_group_access_control_entries

Lists group access control entries you created

macie2_create_custom_data_identifier

Creates and defines the criteria and other settings for a custom data identifier

macie2_list_custom_data_identifiers

Retrieves a subset of information about all the custom data identifiers for an account

macie2_create_classification_job

Creates and defines the settings for a classification job

ram

AWS Resource Access Manager

macie2_get_invitations_count

Retrieves the count of Amazon Macie membership invitations that were received by an account

macie2_list_resource_profile_artifacts

Retrieves information about objects that Amazon Macie selected from an S3 bucket for automated sensitive data discovery

ram_promote_resource_share_created_from_policy

When you attach a resource-based policy to a resource, RAM automatically creates a resource share of featureSet=CREATED_FROM_POLICY with a managed permission that has the same IAM permissions as the original resource-based policy

ram_associate_resource_share_permission

Adds or replaces the RAM permission for a resource type included in a resource share

secretsmanager_put_secret_value

Creates a new version with a new encrypted secret value and attaches it to the secret

reexports

Objects exported from other packages

macie2_describe_classification_job

Retrieves the status and settings for a classification job

ram_disassociate_resource_share

Removes the specified principals or resources from participating in the specified resource share

ram_list_permission_versions

Lists the available versions of the specified RAM permission

ram_list_permission_associations

Lists information about the managed permission and its associations to any resource shares that use this managed permission

pcaconnectorad_update_template_group_access_control_entry

Update a group access control entry you created using CreateTemplateGroupAccessControlEntry

macie2_get_sensitive_data_occurrences

Retrieves occurrences of sensitive data reported by a finding

secretsmanager

AWS Secrets Manager

securityhub

AWS SecurityHub

secretsmanager_validate_resource_policy

Validates that a resource policy does not grant a wide range of principals access to your secret

secretsmanager_remove_regions_from_replication

For a secret that is replicated to other Regions, deletes the secret replicas from the Regions you specify

macie2_disassociate_from_administrator_account

Disassociates a member account from its Amazon Macie administrator account

ram_list_pending_invitation_resources

Lists the resources in a resource share that is shared with you but for which the invitation is still PENDING

ram_create_permission

Creates a customer managed permission for a specified resource type that you can attach to resource shares

securityhub_batch_get_configuration_policy_associations

Returns associations between an Security Hub configuration and a batch of target accounts, organizational units, or the root

secretsmanager_get_secret_value

Retrieves the contents of the encrypted fields SecretString or SecretBinary from the specified version of a secret, whichever contains content

ram_get_resource_shares

Retrieves details about the resource shares that you own or that are shared with you

pcaconnectorad_delete_directory_registration

Deletes a directory registration

secretsmanager_list_secret_version_ids

Lists the versions of a secret

pcaconnectorad_delete_service_principal_name

Deletes the service principal name (SPN) used by a connector to authenticate with your Active Directory

ram_tag_resource

Adds the specified tag keys and values to a resource share or managed permission

secretsmanager_delete_resource_policy

Deletes the resource-based permission policy attached to the secret

macie2_list_resource_profile_detections

Retrieves information about the types and amount of sensitive data that Amazon Macie found in an S3 bucket

pcaconnectorad_untag_resource

Removes one or more tags from your resource

macie2_list_sensitivity_inspection_templates

Retrieves a subset of information about the sensitivity inspection template for an account

macie2_update_automated_discovery_configuration

Changes the configuration settings and status of automated sensitive data discovery for an organization or standalone account

macie2_update_classification_job

Changes the status of a classification job

macie2_list_findings

Retrieves a subset of information about one or more findings

ram_list_replace_permission_associations_work

Retrieves the current status of the asynchronous tasks performed by RAM when you perform the ReplacePermissionAssociationsWork operation

ram_list_resource_share_permissions

Lists the RAM permissions that are associated with a resource share

macie2_list_allow_lists

Retrieves a subset of information about all the allow lists for an account

ram_disassociate_resource_share_permission

Removes a managed permission from a resource share

securityhub_describe_action_targets

Returns a list of the custom action targets in Security Hub in your account

securityhub_batch_enable_standards

Enables the standards specified by the provided StandardsArn

ram_set_default_permission_version

Designates the specified version number as the default version for the specified customer managed permission

securityhub_batch_get_automation_rules

Retrieves a list of details for automation rules based on rule Amazon Resource Names (ARNs)

securityhub_describe_hub

Returns details about the Hub resource in your account, including the HubArn and the time when you enabled Security Hub

securityhub_create_action_target

Creates a custom action target in Security Hub

pcaconnectorad_create_service_principal_name

Creates a service principal name (SPN) for the service account in Active Directory

macie2_update_classification_scope

Updates the classification scope settings for an account

securityhub_get_administrator_account

Provides the details for the Security Hub administrator account for the current member account

ram_accept_resource_share_invitation

Accepts an invitation to a resource share from another Amazon Web Services account

pcaconnectorad_create_template

Creates an Active Directory compatible certificate template

securityhub_batch_update_standards_control_associations

For a batch of security controls and standards, this operation updates the enablement status of a control in a standard

ram_update_resource_share

Modifies some of the properties of the specified resource share

macie2_get_sensitive_data_occurrences_availability

Checks whether occurrences of sensitive data can be retrieved for a finding

pcaconnectorad_get_template_group_access_control_entry

Retrieves the group access control entries for a template

ram_create_resource_share

Creates a resource share

securityhub_decline_invitations

Declines invitations to become a member account

ram_untag_resource

Removes the specified tag key and value pairs from the specified resource share or managed permission

ram_delete_permission

Deletes the specified customer managed permission in the Amazon Web Services Region in which you call this operation

macie2_list_automated_discovery_accounts

Retrieves the status of automated sensitive data discovery for one or more accounts

macie2_list_organization_admin_accounts

Retrieves information about the delegated Amazon Macie administrator account for an organization in Organizations

securityhub_disassociate_from_administrator_account

Disassociates the current Security Hub member account from the associated administrator account

ram_enable_sharing_with_aws_organization

Enables resource sharing within your organization in Organizations

macie2_update_findings_filter

Updates the criteria and other settings for a findings filter

pcaconnectorad_update_template

Update template configuration to define the information included in certificates

securityhub_delete_finding_aggregator

Deletes a finding aggregator

ram_list_resource_types

Lists the resource types that can be shared by RAM

ram_associate_resource_share

Adds the specified list of principals and list of resources to a resource share

pcaconnectorad_list_connectors

Lists the connectors that you created by using the https://docs

securityhub_disable_security_hub

Disables Security Hub in your account only in the current Amazon Web Services Region

ram_get_resource_share_invitations

Retrieves details about invitations that you have received for resource shares

ram_reject_resource_share_invitation

Rejects an invitation to a resource share from another Amazon Web Services account

ram_replace_permission_associations

Updates all resource shares that use a managed permission to a different managed permission

securityhub_create_automation_rule

Creates an automation rule based on input parameters

securityhub_get_finding_aggregator

Returns the current finding aggregation configuration

secretsmanager_create_secret

Creates a new secret

ram_get_resource_share_associations

Retrieves the lists of resources and principals that associated for resource shares that you own

securityhub_get_members

Returns the details for the Security Hub member accounts for the specified account IDs

securityhub_enable_security_hub

Enables Security Hub for your account in the current Region or the Region you specify in the request

securityhub_batch_disable_standards

Disables the standards specified by the provided StandardsSubscriptionArns

securityhub_list_invitations

Lists all Security Hub membership invitations that were sent to the current Amazon Web Services account

secretsmanager_update_secret_version_stage

Modifies the staging labels attached to a version of a secret

securityhub_start_configuration_policy_association

Associates a target account, organizational unit, or the root with a specified configuration

secretsmanager_update_secret

Modifies the details of a secret, including metadata and the secret value

ram_get_permission

Retrieves the contents of a managed permission in JSON format

secretsmanager_delete_secret

Deletes a secret and all of its versions

securityhub_list_members

Lists details about all member accounts for the current Security Hub administrator account

securityhub_batch_delete_automation_rules

Deletes one or more automation rules

ram_list_resources

Lists the resources that you added to a resource share or the resources that are shared with you

pcaconnectorad_list_tags_for_resource

Lists the tags, if any, that are associated with your resource

secretsmanager_cancel_rotate_secret

Turns off automatic rotation, and if a rotation is currently in progress, cancels the rotation

secretsmanager_list_secrets

Lists the secrets that are stored by Secrets Manager in the Amazon Web Services account, not including secrets that are marked for deletion

securityhub_get_security_control_definition

Retrieves the definition of a security control

ram_create_permission_version

Creates a new version of the specified customer managed permission

secretsmanager_batch_get_secret_value

Retrieves the contents of the encrypted fields SecretString or SecretBinary for up to 20 secrets

ram_get_resource_policies

Retrieves the resource policies for the specified resources that you own and have shared

secretsmanager_describe_secret

Retrieves the details of a secret

secretsmanager_get_resource_policy

Retrieves the JSON text of the resource-based policy document attached to the secret

secretsmanager_rotate_secret

Configures and starts the asynchronous process of rotating the secret

securityhub_batch_update_automation_rules

Updates one or more automation rules based on rule Amazon Resource Names (ARNs) and input parameters

secretsmanager_restore_secret

Cancels the scheduled deletion of a secret by removing the DeletedDate time stamp

securityhub_enable_import_findings_for_product

Enables the integration of a partner product with Security Hub

securityhub_get_configuration_policy_association

Returns the association between a configuration and a target account, organizational unit, or the root

secretsmanager_replicate_secret_to_regions

Replicates the secret to a new Regions

securityhub_update_insight

Updates the Security Hub insight identified by the specified insight ARN

secretsmanager_tag_resource

Attaches tags to a secret

secretsmanager_put_resource_policy

Attaches a resource-based permission policy to a secret

secretsmanager_get_random_password

Generates a random password

securityhub_update_organization_configuration

Updates the configuration of your organization in Security Hub

securityhub_create_finding_aggregator

Used to enable finding aggregation

securityhub_get_enabled_standards

Returns a list of the standards that are currently enabled

securitylake_create_aws_log_source

Adds a natively supported Amazon Web Service as an Amazon Security Lake source

securityhub_get_invitations_count

Returns the count of all Security Hub membership invitations that were sent to the current member account, not including the currently accepted invitation

securitylake_create_custom_log_source

Adds a third-party custom source in Amazon Security Lake, from the Amazon Web Services Region where you want to create a custom source

securitylake_get_data_lake_organization_configuration

Retrieves the configuration that will be automatically set up for accounts added to the organization after the organization has onboarded to Amazon Security Lake

securityhub_create_configuration_policy

Creates a configuration policy with the defined configuration

secretsmanager_stop_replication_to_replica

Removes the link between the replica secret and the primary secret and promotes the replica to a primary secret in the replica Region

securityhub_disassociate_from_master_account

This method is deprecated

securitylake_list_subscribers

List all subscribers for the specific Amazon Security Lake account ID

securityhub_delete_insight

Deletes the insight specified by the InsightArn

securityhub_disassociate_members

Disassociates the specified member accounts from the associated administrator account

securityhub_create_members

Creates a member association in Security Hub between the specified accounts and the account used to make the request, which is the administrator account

shield_associate_proactive_engagement_details

Initializes proactive engagement and sets the list of contacts for the Shield Response Team (SRT) to use

securityhub_disable_organization_admin_account

Disables a Security Hub administrator account

securityhub_get_master_account

This method is deprecated

securityhub_batch_get_security_controls

Provides details about a batch of security controls for the current Amazon Web Services account and Amazon Web Services Region

securityhub_list_organization_admin_accounts

Lists the Security Hub administrator accounts

securityhub_get_finding_history

Returns history for a Security Hub finding in the last 90 days

securityhub_delete_action_target

Deletes a custom action target from Security Hub

securityhub_get_configuration_policy

Provides information about a configuration policy

securityhub_list_security_control_definitions

Lists all of the security controls that apply to a specified standard

securityhub_batch_update_findings

Used by Security Hub customers to update information about their investigation into a finding

securitylake_create_data_lake_exception_subscription

Creates the specified notification subscription in Amazon Security Lake for the organization you specify

securityhub_enable_organization_admin_account

Designates the Security Hub administrator account for an organization

securitylake_get_data_lake_sources

Retrieves a snapshot of the current Region, including whether Amazon Security Lake is enabled for those accounts and which sources Security Lake is collecting data from

securitylake_deregister_data_lake_delegated_administrator

Deletes the Amazon Security Lake delegated administrator account for the organization

secretsmanager_untag_resource

Removes specific tags from a secret

securityhub_batch_get_standards_control_associations

For a batch of security controls and standards, identifies whether each control is currently enabled or disabled in a standard

securityhub_get_findings

Returns a list of findings that match the specified criteria

securityhub_delete_configuration_policy

Deletes a configuration policy

securitylake

Amazon Security Lake

securityhub_accept_administrator_invitation

Accepts the invitation to be a member account and be monitored by the Security Hub administrator account that the invitation was sent from

securityhub_update_standards_control

Used to control whether an individual security standard control is enabled or disabled

securityhub_create_insight

Creates a custom insight in Security Hub

securityhub_describe_standards

Returns a list of the available standards in Security Hub

securityhub_list_finding_aggregators

If finding aggregation is enabled, then ListFindingAggregators returns the ARN of the finding aggregator

securitylake_create_data_lake

Initializes an Amazon Security Lake instance with the provided (or default) configuration

securitylake_get_data_lake_exception_subscription

Retrieves the details of exception notifications for the account in Amazon Security Lake

securitylake_register_data_lake_delegated_administrator

Designates the Amazon Security Lake delegated administrator account for the organization

shield_enable_proactive_engagement

Authorizes the Shield Response Team (SRT) to use email and phone to notify contacts about escalations to the SRT and to initiate proactive customer support

securityhub_accept_invitation

This method is deprecated

securityhub_describe_standards_controls

Returns a list of security standards controls

securitylake_update_subscriber_notification

Updates an existing notification method for the subscription (SQS or HTTPs endpoint) or switches the notification subscription endpoint for a subscriber

securitylake_tag_resource

Adds or updates one or more tags that are associated with an Amazon Security Lake resource: a subscriber, or the data lake configuration for your Amazon Web Services account in a particular Amazon Web Services Region

securityhub_list_automation_rules

A list of automation rules and their metadata for the calling account

shield_create_protection_group

Creates a grouping of protected resources so they can be handled as a collective

securityhub_disable_import_findings_for_product

Disables the integration of the specified product with Security Hub

shield

AWS Shield

securityhub_delete_invitations

Deletes invitations received by the Amazon Web Services account to become a member account

securityhub_delete_members

Deletes the specified member accounts from Security Hub

securityhub_invite_members

Invites other Amazon Web Services accounts to become member accounts for the Security Hub administrator account that the invitation is sent from

shield_enable_application_layer_automatic_response

Enable the Shield Advanced automatic application layer DDoS mitigation for the protected resource

ssoadmin_delete_application_assignment

Revoke application access to an application by deleting application assignments for a user or group

securityhub_batch_import_findings

Imports security findings generated by a finding provider into Security Hub

shield_update_application_layer_automatic_response

Updates an existing Shield Advanced automatic application layer DDoS mitigation configuration for the specified resource

ssoadmin_create_application_assignment

Grant application access to a user or group

shield_update_emergency_contact_settings

Updates the details of the list of email addresses and phone numbers that the Shield Response Team (SRT) can use to contact you if you have proactive engagement enabled, for escalations to the SRT and to initiate proactive customer support

securityhub_describe_organization_configuration

Returns information about the way your organization is configured in Security Hub

securityhub_update_action_target

Updates the name and description of a custom action target in Security Hub

securityhub_list_enabled_products_for_import

Lists all findings-generating solutions (products) that you are subscribed to receive findings from in Security Hub

securityhub_start_configuration_policy_disassociation

Disassociates a target account, organizational unit, or the root from a specified configuration

securitylake_list_tags_for_resource

Retrieves the tags (keys and values) that are associated with an Amazon Security Lake resource: a subscriber, or the data lake configuration for your Amazon Web Services account in a particular Amazon Web Services Region

securityhub_update_security_hub_configuration

Updates configuration options for Security Hub

shield_list_attacks

Returns all ongoing DDoS attacks or all DDoS attacks during a specified time period

securityhub_list_tags_for_resource

Returns a list of tags associated with a resource

securityhub_describe_products

Returns information about product integrations in Security Hub

ssoadmin_describe_account_assignment_deletion_status

Describes the status of the assignment deletion request

securityhub_update_security_control

Updates the properties of a security control

ssoadmin_list_permission_sets_provisioned_to_account

Lists all the permission sets that are provisioned to a specified Amazon Web Services account

ssoadmin_delete_application_authentication_method

Deletes an authentication method from an application

ssooidc

AWS SSO OIDC

ssoadmin_describe_instance_access_control_attribute_configuration

Returns the list of IAM Identity Center identity store attributes that have been configured to work with attributes-based access control (ABAC) for the specified IAM Identity Center instance

ssoadmin_delete_trusted_token_issuer

Deletes a trusted token issuer configuration from an instance of IAM Identity Center

securitylake_delete_data_lake_exception_subscription

Deletes the specified notification subscription in Amazon Security Lake for the organization you specify

shield_associate_health_check

Adds health-based detection to the Shield Advanced protection for a resource

securitylake_create_subscriber_notification

Notifies the subscriber when new data is written to the data lake for the sources that the subscriber consumes in Security Lake

ssoadmin_list_customer_managed_policy_references_in_permission_set

Lists all customer managed policies attached to a specified PermissionSet

shield_delete_protection_group

Removes the specified protection group

securityhub_update_configuration_policy

Updates a configuration policy

securitylake_delete_aws_log_source

Removes a natively supported Amazon Web Service as an Amazon Security Lake source

shield_list_resources_in_protection_group

Retrieves the resources that are included in the protection group

ssoadmin_get_application_grant

Retrieves details about an application grant

securityhub_untag_resource

Removes one or more tags from a resource

securityhub_get_insight_results

Lists the results of the Security Hub insight specified by the insight ARN

ssoadmin_get_inline_policy_for_permission_set

Obtains the inline policy assigned to the permission set

shield_describe_subscription

Provides details about the Shield Advanced subscription for an account

ssoadmin_list_applications

Lists all applications associated with the instance of IAM Identity Center

securityhub_list_configuration_policies

Lists the configuration policies that the Security Hub delegated administrator has created for your organization

securityhub_tag_resource

Adds one or more tags to a resource

shield_disable_application_layer_automatic_response

Disable the Shield Advanced automatic application layer DDoS mitigation feature for the protected resource

shield_tag_resource

Adds or updates tags for a resource in Shield

shield_get_subscription_state

Returns the SubscriptionState, either Active or Inactive

securityhub_list_standards_control_associations

Specifies whether a control is currently enabled or disabled in each enabled standard in the calling account

shield_untag_resource

Removes tags from a resource in Shield

securitylake_list_data_lake_exceptions

Lists the Amazon Security Lake exceptions that you can use to find the source of problems and fix them

securityhub_list_configuration_policy_associations

Provides information about the associations for your configuration policies and self-managed behavior

sso

AWS Single Sign-On

ssoadmin_update_trusted_token_issuer

Updates the name of the trusted token issuer, or the path of a source attribute or destination attribute for a trusted token issuer configuration

securityhub_get_insights

Lists and describes insights for the specified insight ARNs

shield_disable_proactive_engagement

Removes authorization from the Shield Response Team (SRT) to notify contacts about escalations to the SRT and to initiate proactive customer support

shield_describe_attack_statistics

Provides information about the number and type of attacks Shield has detected in the last year for all resources that belong to your account, regardless of whether you've defined Shield protections for them

securitylake_delete_custom_log_source

Removes a custom log source from Amazon Security Lake, to stop sending data from the custom source to Security Lake

shield_create_protection

Enables Shield Advanced for a specific Amazon Web Services resource

ssoadmin_list_tags_for_resource

Lists the tags that are attached to a specified resource

ssoadmin_detach_customer_managed_policy_reference_from_permission_set

Detaches the specified customer managed policy from the specified PermissionSet

shield_delete_subscription

Removes Shield Advanced from an account

securityhub_update_findings

UpdateFindings is a deprecated operation

ssoadmin_get_permissions_boundary_for_permission_set

Obtains the permissions boundary for a specified PermissionSet

securitylake_list_data_lakes

Retrieves the Amazon Security Lake configuration object for the specified Amazon Web Services Regions

securitylake_delete_data_lake_organization_configuration

Turns off automatic enablement of Amazon Security Lake for member accounts that are added to an organization in Organizations

shield_list_tags_for_resource

Gets information about Amazon Web Services tags for a specified Amazon Resource Name (ARN) in Shield

securitylake_get_subscriber

Retrieves the subscription information for the specified subscription ID

sts_decode_authorization_message

Decodes additional information about the authorization status of a request from an encoded message returned in response to an Amazon Web Services request

ssoadmin_get_application_assignment_configuration

Retrieves the configuration of PutApplicationAssignmentConfiguration

ssoadmin_create_instance

Creates an instance of IAM Identity Center for a standalone Amazon Web Services account that is not managed by Organizations or a member Amazon Web Services account in an organization

ssoadmin_attach_customer_managed_policy_reference_to_permission_set

Attaches the specified customer managed policy to the specified PermissionSet

ssoadmin_create_instance_access_control_attribute_configuration

Enables the attributes-based access control (ABAC) feature for the specified IAM Identity Center instance

securitylake_create_subscriber

Creates a subscription permission for accounts that are already enabled in Amazon Security Lake

ssoadmin_create_permission_set

Creates a permission set within a specified IAM Identity Center instance

ssoadmin_describe_account_assignment_creation_status

Describes the status of the assignment creation request

securityhub_update_finding_aggregator

Updates the finding aggregation configuration

securitylake_delete_data_lake

When you disable Amazon Security Lake from your account, Security Lake is disabled in all Amazon Web Services Regions and it stops collecting data from your sources

securitylake_list_log_sources

Retrieves the log sources in the current Amazon Web Services Region

ssoadmin_update_instance_access_control_attribute_configuration

Updates the IAM Identity Center identity store attributes that you can use with the IAM Identity Center instance for attributes-based access control (ABAC)

sso_logout

Removes the locally stored SSO tokens from the client-side cache and sends an API call to the IAM Identity Center service to invalidate the corresponding server-side IAM Identity Center sign in session

ssoadmin_delete_application_grant

Deletes a grant from an application

sts_get_access_key_info

Returns the account identifier for the specified access key ID

ssoadmin_update_application

Updates application properties

securitylake_create_data_lake_organization_configuration

Automatically enables Amazon Security Lake for new member accounts in your organization

ssoadmin_get_application_authentication_method

Retrieves details about an authentication method used by an application

ssoadmin_list_accounts_for_provisioned_permission_set

Lists all the Amazon Web Services accounts where the specified permission set is provisioned

ssooidc_register_client

Registers a client with IAM Identity Center

securitylake_update_subscriber

Updates an existing subscription for the given Amazon Security Lake account ID

securitylake_delete_subscriber

Deletes the subscription permission and all notification settings for accounts that are already enabled in Amazon Security Lake

verifiedpermissions_batch_is_authorized

Makes a series of decisions about multiple authorization requests for one principal or resource

securitylake_update_data_lake_exception_subscription

Updates the specified notification subscription in Amazon Security Lake for the organization you specify

verifiedpermissions_batch_is_authorized_with_token

Makes a series of decisions about multiple authorization requests for one token

ssoadmin_list_instances

Lists the details of the organization and account instances of IAM Identity Center that were created in or visible to the account calling this API

shield_create_subscription

Activates Shield Advanced for an account

shield_describe_attack

Describes the details of a DDoS attack

shield_describe_protection

Lists the details of a Protection object

ssoadmin_list_account_assignments_for_principal

Retrieves a list of the IAM Identity Center associated Amazon Web Services accounts that the principal has access to

waf_create_geo_match_set

This is AWS WAF Classic documentation

ssoadmin

AWS Single Sign-On Admin

verifiedpermissions_list_policy_stores

Returns a paginated list of all policy stores in the calling Amazon Web Services account

shield_associate_drt_log_bucket

Authorizes the Shield Response Team (SRT) to access the specified Amazon S3 bucket containing log data such as Application Load Balancer access logs, CloudFront logs, or logs from third party sources

ssoadmin_describe_trusted_token_issuer

Retrieves details about a trusted token issuer configuration stored in an instance of IAM Identity Center

shield_associate_drt_role

Authorizes the Shield Response Team (SRT) using the specified role, to access your Amazon Web Services account to assist with DDoS attack mitigation during potential attacks

ssoadmin_list_managed_policies_in_permission_set

Lists the Amazon Web Services managed policy that is attached to a specified permission set

shield_describe_protection_group

Returns the specification for the specified protection group

verifiedpermissions_list_policies

Returns a paginated list of all policies stored in the specified policy store

ssooidc_start_device_authorization

Initiates device authorization by requesting a pair of verification codes from the authorization service

securitylake_untag_resource

Removes one or more tags (keys and values) from an Amazon Security Lake resource: a subscriber, or the data lake configuration for your Amazon Web Services account in a particular Amazon Web Services Region

shield_delete_protection

Deletes an Shield Advanced Protection

ssoadmin_delete_inline_policy_from_permission_set

Deletes the inline policy from a specified permission set

securitylake_delete_subscriber_notification

Deletes the specified notification subscription in Amazon Security Lake for the organization you specify

securitylake_update_data_lake

Specifies where to store your security data and for how long

shield_list_protection_groups

Retrieves ProtectionGroup objects for the account

ssoadmin_put_application_authentication_method

Adds or updates an authentication method for an application

shield_describe_drt_access

Returns the current role and list of Amazon S3 log buckets used by the Shield Response Team (SRT) to access your Amazon Web Services account while assisting with attack mitigation

waf_get_regex_pattern_set

This is AWS WAF Classic documentation

shield_disassociate_drt_log_bucket

Removes the Shield Response Team's (SRT) access to the specified Amazon S3 bucket containing the logs that you shared previously

shield_describe_emergency_contact_settings

A list of email addresses and phone numbers that the Shield Response Team (SRT) can use to contact you if you have proactive engagement enabled, for escalations to the SRT and to initiate proactive customer support

ssoadmin_delete_permission_set

Deletes the specified permission set

waf_delete_web_acl

This is AWS WAF Classic documentation

ssoadmin_delete_permissions_boundary_from_permission_set

Deletes the permissions boundary from a specified PermissionSet

sso_list_account_roles

Lists all roles that are assigned to the user for a given AWS account

ssoadmin_put_application_access_scope

Adds or updates the list of authorized targets for an IAM Identity Center access scope for an application

sts_get_caller_identity

Returns details about the IAM user or role whose credentials are used to call the operation

sso_list_accounts

Lists all AWS accounts assigned to the user

ssoadmin_delete_application

Deletes the association with the application

shield_disassociate_health_check

Removes health-based detection from the Shield Advanced protection for a resource

ssoadmin_delete_application_access_scope

Deletes an IAM Identity Center access scope from an application

shield_disassociate_drt_role

Removes the Shield Response Team's (SRT) access to your Amazon Web Services account

ssoadmin_delete_account_assignment

Deletes a principal's access from a specified Amazon Web Services account using a specified permission set

ssoadmin_list_application_grants

List the grants associated with an application

ssoadmin_describe_application

Retrieves the details of an application associated with an instance of IAM Identity Center

shield_update_subscription

Updates the details of an existing subscription

shield_list_protections

Retrieves Protection objects for the account

ssoadmin_create_trusted_token_issuer

Creates a connection to a trusted token issuer in an instance of IAM Identity Center

ssooidc_create_token

Creates and returns access and refresh tokens for clients that are authenticated using client secrets

ssoadmin_put_application_grant

Adds a grant to an application

ssoadmin_describe_application_assignment

Retrieves a direct assignment of a user or group to an application

waf_get_rule

This is AWS WAF Classic documentation

ssooidc_create_token_with_iam

Creates and returns access and refresh tokens for clients and applications that are authenticated using IAM entities

waf_create_rule_group

This is AWS WAF Classic documentation

sso_get_role_credentials

Returns the STS short-term credentials for a given role name that is assigned to the user

ssoadmin_attach_managed_policy_to_permission_set

Attaches an Amazon Web Services managed policy ARN to a permission set

waf_delete_byte_match_set

This is AWS WAF Classic documentation

ssoadmin_describe_application_provider

Retrieves details about a provider that can be used to connect an Amazon Web Services managed application or customer managed application to IAM Identity Center

ssoadmin_list_account_assignment_creation_status

Lists the status of the Amazon Web Services account assignment creation requests for a specified IAM Identity Center instance

waf_create_ip_set

This is AWS WAF Classic documentation

ssoadmin_describe_instance

Returns the details of an instance of IAM Identity Center

shield_update_protection_group

Updates an existing protection group

ssoadmin_create_account_assignment

Assigns access to a principal for a specified Amazon Web Services account using a specified permission set

ssoadmin_create_application

Creates an application in IAM Identity Center for the given application provider

waf_delete_geo_match_set

This is AWS WAF Classic documentation

ssoadmin_list_application_providers

Lists the application providers configured in the IAM Identity Center identity store

verifiedpermissions_is_authorized_with_token

Makes an authorization decision about a service request described in the parameters

waf_get_change_token

This is AWS WAF Classic documentation

sts_assume_role_with_saml

Returns a set of temporary security credentials for users who have been authenticated via a SAML authentication response

ssoadmin_detach_managed_policy_from_permission_set

Detaches the attached Amazon Web Services managed policy ARN from the specified permission set

waf_get_byte_match_set

This is AWS WAF Classic documentation

ssoadmin_get_application_access_scope

Retrieves the authorized targets for an IAM Identity Center access scope for an application

waf_list_logging_configurations

This is AWS WAF Classic documentation

waf_list_regex_match_sets

This is AWS WAF Classic documentation

waf_list_rate_based_rules

This is AWS WAF Classic documentation

ssoadmin_list_permission_set_provisioning_status

Lists the status of the permission set provisioning requests for a specified IAM Identity Center instance

waf_list_regex_pattern_sets

This is AWS WAF Classic documentation

ssoadmin_list_application_assignments_for_principal

Lists the applications to which a specified principal is assigned

ssoadmin_delete_instance_access_control_attribute_configuration

Disables the attributes-based access control (ABAC) feature for the specified IAM Identity Center instance and deletes all of the attribute mappings that have been configured

verifiedpermissions_get_identity_source

Retrieves the details about the specified identity source

waf

AWS WAF

wafregional_create_web_acl

This is AWS WAF Classic documentation

waf_update_regex_match_set

This is AWS WAF Classic documentation

waf_update_xss_match_set

This is AWS WAF Classic documentation

ssoadmin_list_application_authentication_methods

Lists all of the authentication methods supported by the specified application

sts_assume_role_with_web_identity

Returns a set of temporary security credentials for users who have been authenticated in a mobile or web application with a web identity provider

verifiedpermissions_list_policy_templates

Returns a paginated list of all policy templates in the specified policy store

waf_delete_size_constraint_set

This is AWS WAF Classic documentation

verifiedpermissions_list_identity_sources

Returns a paginated list of all of the identity sources defined in the specified policy store

ssoadmin_describe_permission_set

Gets the details of the permission set

waf_list_byte_match_sets

This is AWS WAF Classic documentation

ssoadmin_describe_permission_set_provisioning_status

Describes the status for the given permission set provisioning request

verifiedpermissions_get_policy

Retrieves information about the specified policy

verifiedpermissions_create_identity_source

Adds an identity source to a policy store–an Amazon Cognito user pool or OpenID Connect (OIDC) identity provider (IdP)

waf_create_byte_match_set

This is AWS WAF Classic documentation

waf_update_geo_match_set

This is AWS WAF Classic documentation

waf_update_regex_pattern_set

This is AWS WAF Classic documentation

ssoadmin_list_permission_sets

Lists the PermissionSets in an IAM Identity Center instance

waf_delete_regex_pattern_set

This is AWS WAF Classic documentation

verifiedpermissions_create_policy_store

Creates a policy store

ssoadmin_list_application_access_scopes

Lists the access scopes and authorized targets associated with an application

ssoadmin_delete_instance

Deletes the instance of IAM Identity Center

wafregional_delete_permission_policy

This is AWS WAF Classic documentation

wafregional_delete_sql_injection_match_set

This is AWS WAF Classic documentation

waf_update_web_acl

This is AWS WAF Classic documentation

waf_create_regex_match_set

This is AWS WAF Classic documentation

waf_list_activated_rules_in_rule_group

This is AWS WAF Classic documentation

verifiedpermissions_create_policy

Creates a Cedar policy and saves it in the specified policy store

ssoadmin_list_account_assignments

Lists the assignee of the specified Amazon Web Services account with the specified permission set

waf_list_tags_for_resource

This is AWS WAF Classic documentation

wafregional_create_web_acl_migration_stack

Creates an AWS CloudFormation WAFV2 template for the specified web ACL in the specified Amazon S3 bucket

wafregional_delete_logging_configuration

This is AWS WAF Classic documentation

ssoadmin_put_inline_policy_to_permission_set

Attaches an inline policy to a permission set

ssoadmin_list_application_assignments

Lists Amazon Web Services account users that are assigned to an application

ssoadmin_list_account_assignment_deletion_status

Lists the status of the Amazon Web Services account assignment deletion requests for a specified IAM Identity Center instance

ssoadmin_put_application_assignment_configuration

Configure how users gain access to an application

wafregional_list_logging_configurations

This is AWS WAF Classic documentation

wafregional_list_size_constraint_sets

This is AWS WAF Classic documentation

wafregional_delete_web_acl

This is AWS WAF Classic documentation

wafregional_get_regex_pattern_set

This is AWS WAF Classic documentation

wafregional_get_rule

This is AWS WAF Classic documentation

waf_get_permission_policy

This is AWS WAF Classic documentation

wafregional_list_sql_injection_match_sets

This is AWS WAF Classic documentation

waf_delete_regex_match_set

This is AWS WAF Classic documentation

ssoadmin_list_trusted_token_issuers

Lists all the trusted token issuers configured in an instance of IAM Identity Center

ssoadmin_put_permissions_boundary_to_permission_set

Attaches an Amazon Web Services managed or customer managed policy to the specified PermissionSet as a permissions boundary

verifiedpermissions_put_schema

Creates or updates the policy schema in the specified policy store

waf_update_rule_group

This is AWS WAF Classic documentation

wafregional_list_ip_sets

This is AWS WAF Classic documentation

verifiedpermissions

Amazon Verified Permissions

waf_delete_sql_injection_match_set

This is AWS WAF Classic documentation

waf_delete_ip_set

This is AWS WAF Classic documentation

waf_get_ip_set

This is AWS WAF Classic documentation

waf_create_size_constraint_set

This is AWS WAF Classic documentation

ssoadmin_untag_resource

Disassociates a set of tags from a specified resource

waf_list_subscribed_rule_groups

This is AWS WAF Classic documentation

verifiedpermissions_delete_policy_store

Deletes the specified policy store

waf_get_logging_configuration

This is AWS WAF Classic documentation

waf_put_permission_policy

This is AWS WAF Classic documentation

waf_put_logging_configuration

This is AWS WAF Classic documentation

ssoadmin_tag_resource

Associates a set of tags with a specified resource

sts_get_session_token

Returns a set of temporary credentials for an Amazon Web Services account or IAM user

waf_update_sql_injection_match_set

This is AWS WAF Classic documentation

waf_delete_logging_configuration

This is AWS WAF Classic documentation

sts_get_federation_token

Returns a set of temporary security credentials (consisting of an access key ID, a secret access key, and a security token) for a user

waf_delete_permission_policy

This is AWS WAF Classic documentation

waf_update_size_constraint_set

This is AWS WAF Classic documentation

ssoadmin_provision_permission_set

The process by which a specified permission set is provisioned to the specified target

verifiedpermissions_delete_policy_template

Deletes the specified policy template from the policy store

sts

AWS Security Token Service

waf_create_rate_based_rule

This is AWS WAF Classic documentation

wafregional_create_sql_injection_match_set

This is AWS WAF Classic documentation

waf_list_size_constraint_sets

This is AWS WAF Classic documentation

waf_delete_rule_group

This is AWS WAF Classic documentation

waf_update_rule

This is AWS WAF Classic documentation

waf_list_sql_injection_match_sets

This is AWS WAF Classic documentation

wafregional_get_rate_based_rule_managed_keys

This is AWS WAF Classic documentation

waf_update_byte_match_set

This is AWS WAF Classic documentation

wafregional_create_size_constraint_set

This is AWS WAF Classic documentation

verifiedpermissions_delete_policy

Deletes the specified policy from the policy store

wafregional_update_regex_match_set

This is AWS WAF Classic documentation

waf_list_geo_match_sets

This is AWS WAF Classic documentation

verifiedpermissions_update_policy_store

Modifies the validation setting for a policy store

wafregional_list_rate_based_rules

This is AWS WAF Classic documentation

wafregional_delete_regex_match_set

This is AWS WAF Classic documentation

wafregional_disassociate_web_acl

This is AWS WAF Classic Regional documentation

wafregional_delete_rate_based_rule

This is AWS WAF Classic documentation

verifiedpermissions_update_policy_template

Updates the specified policy template

wafregional_delete_xss_match_set

This is AWS WAF Classic documentation

wafregional_update_ip_set

This is AWS WAF Classic documentation

waf_list_ip_sets

This is AWS WAF Classic documentation

wafregional_list_byte_match_sets

This is AWS WAF Classic documentation

wafregional_update_web_acl

This is AWS WAF Classic documentation

waf_update_ip_set

This is AWS WAF Classic documentation

wafregional_update_rate_based_rule

This is AWS WAF Classic documentation

wafregional_list_rules

This is AWS WAF Classic documentation

wafv2_create_regex_pattern_set

Creates a RegexPatternSet, which you reference in a RegexPatternSetReferenceStatement, to have WAF inspect a web request component for the specified patterns

wafregional_delete_rule_group

This is AWS WAF Classic documentation

ssoadmin_update_permission_set

Updates an existing permission set

waf_delete_rule

This is AWS WAF Classic documentation

ssoadmin_update_instance

Update the details for the instance of IAM Identity Center that is owned by the Amazon Web Services account

wafregional_update_xss_match_set

This is AWS WAF Classic documentation

wafregional_list_rule_groups

This is AWS WAF Classic documentation

verifiedpermissions_get_policy_store

Retrieves details about a policy store

wafv2_create_ip_set

Creates an IPSet, which you use to identify web requests that originate from specific IP addresses or ranges of IP addresses

sts_assume_role

Returns a set of temporary security credentials that you can use to access Amazon Web Services resources

waf_get_change_token_status

This is AWS WAF Classic documentation

wafregional_list_geo_match_sets

This is AWS WAF Classic documentation

wafv2_disassociate_web_acl

Disassociates the specified regional application resource from any existing web ACL association

wafv2_describe_managed_rule_group

Provides high-level information for a managed rule group, including descriptions of the rules

waf_delete_rate_based_rule

This is AWS WAF Classic documentation

wafregional_get_geo_match_set

This is AWS WAF Classic documentation

verifiedpermissions_delete_identity_source

Deletes an identity source that references an identity provider (IdP) such as Amazon Cognito

wafv2_get_sampled_requests

Gets detailed information about a specified number of requests--a sample--that WAF randomly selects from among the first 5,000 requests that your Amazon Web Services resource received during a time range that you choose

waf_list_xss_match_sets

This is AWS WAF Classic documentation

waf_get_rate_based_rule

This is AWS WAF Classic documentation

wafregional_delete_size_constraint_set

This is AWS WAF Classic documentation

wafregional_update_regex_pattern_set

This is AWS WAF Classic documentation

wafregional_update_rule

This is AWS WAF Classic documentation

wafregional_list_regex_match_sets

This is AWS WAF Classic documentation

waf_create_regex_pattern_set

This is AWS WAF Classic documentation

wafregional_delete_byte_match_set

This is AWS WAF Classic documentation

waf_list_web_ac_ls

This is AWS WAF Classic documentation

wafv2_get_managed_rule_set

Retrieves the specified managed rule set

wafregional_update_geo_match_set

This is AWS WAF Classic documentation

verifiedpermissions_get_policy_template

Retrieve the details for the specified policy template in the specified policy store

waf_get_rule_group

This is AWS WAF Classic documentation

wafv2_get_web_acl

Retrieves the specified WebACL

waf_get_size_constraint_set

This is AWS WAF Classic documentation

wafregional_create_xss_match_set

This is AWS WAF Classic documentation

wafregional_delete_regex_pattern_set

This is AWS WAF Classic documentation

wafregional_list_xss_match_sets

This is AWS WAF Classic documentation

waf_get_geo_match_set

This is AWS WAF Classic documentation

wafv2_list_logging_configurations

Retrieves an array of your LoggingConfiguration objects

wafregional_get_regex_match_set

This is AWS WAF Classic documentation

wafregional_create_ip_set

This is AWS WAF Classic documentation

wafregional_update_byte_match_set

This is AWS WAF Classic documentation

waf_create_rule

This is AWS WAF Classic documentation

wafv2_list_ip_sets

Retrieves an array of IPSetSummary objects for the IP sets that you manage

wafv2_delete_web_acl

Deletes the specified WebACL

wafv2_update_ip_set

Updates the specified IPSet

wafregional_update_rule_group

This is AWS WAF Classic documentation

waf_get_sampled_requests

This is AWS WAF Classic documentation

verifiedpermissions_get_schema

Retrieve the details for the specified schema in the specified policy store

wafv2_update_managed_rule_set_version_expiry_date

Updates the expiration information for your managed rule set

wafregional

AWS WAF Regional

verifiedpermissions_create_policy_template

Creates a policy template

waf_update_rate_based_rule

This is AWS WAF Classic documentation

waf_get_sql_injection_match_set

This is AWS WAF Classic documentation

wafv2_list_available_managed_rule_group_versions

Returns a list of the available versions for the specified managed rule group

wafregional_get_byte_match_set

This is AWS WAF Classic documentation

wafv2_create_api_key

Creates an API key that contains a set of token domains

wafv2_list_regex_pattern_sets

Retrieves an array of RegexPatternSetSummary objects for the regex pattern sets that you manage

wafregional_list_subscribed_rule_groups

This is AWS WAF Classic documentation

wafv2_get_decrypted_api_key

Returns your API key in decrypted form

wafregional_create_rate_based_rule

This is AWS WAF Classic documentation

wafv2_check_capacity

Returns the web ACL capacity unit (WCU) requirements for a specified scope and set of rules

wafv2_tag_resource

Associates tags with the specified Amazon Web Services resource

wafv2_generate_mobile_sdk_release_url

Generates a presigned download URL for the specified release of the mobile SDK

wafv2_get_web_acl_for_resource

Retrieves the WebACL for the specified resource

wafv2_get_mobile_sdk_release

Retrieves information for the specified mobile SDK release, including release notes and tags

waf_create_web_acl

This is AWS WAF Classic documentation

wafv2_create_rule_group

Creates a RuleGroup per the specifications provided

wafv2_list_api_keys

Retrieves a list of the API keys that you've defined for the specified scope

verifiedpermissions_update_identity_source

Updates the specified identity source to use a new identity provider (IdP), or to change the mapping of identities from the IdP to a different principal entity type

wafv2_untag_resource

Disassociates tags from an Amazon Web Services resource

verifiedpermissions_update_policy

Modifies a Cedar static policy in the specified policy store

waf_create_web_acl_migration_stack

Creates an AWS CloudFormation WAFV2 template for the specified web ACL in the specified Amazon S3 bucket

waf_get_rate_based_rule_managed_keys

This is AWS WAF Classic documentation

waf_create_xss_match_set

This is AWS WAF Classic documentation

verifiedpermissions_is_authorized

Makes an authorization decision about a service request described in the parameters

wafv2_create_web_acl

Creates a WebACL per the specifications provided

waf_create_sql_injection_match_set

This is AWS WAF Classic documentation

waf_get_regex_match_set

This is AWS WAF Classic documentation

waf_get_web_acl

This is AWS WAF Classic documentation

waf_list_rules

This is AWS WAF Classic documentation

wafregional_delete_geo_match_set

This is AWS WAF Classic documentation

waf_list_rule_groups

This is AWS WAF Classic documentation

waf_delete_xss_match_set

This is AWS WAF Classic documentation

wafv2_list_available_managed_rule_groups

Retrieves an array of managed rule groups that are available for you to use

wafregional_create_byte_match_set

This is AWS WAF Classic documentation

wafregional_list_web_ac_ls

This is AWS WAF Classic documentation

waf_get_xss_match_set

This is AWS WAF Classic documentation

wafregional_get_change_token

This is AWS WAF Classic documentation

wafregional_get_change_token_status

This is AWS WAF Classic documentation

waf_untag_resource

This is AWS WAF Classic documentation

wafregional_get_web_acl_for_resource

This is AWS WAF Classic Regional documentation

wafregional_get_rule_group

This is AWS WAF Classic documentation

wafregional_get_xss_match_set

This is AWS WAF Classic documentation

waf_tag_resource

This is AWS WAF Classic documentation

wafregional_list_resources_for_web_acl

This is AWS WAF Classic Regional documentation

wafregional_create_regex_match_set

This is AWS WAF Classic documentation

wafregional_create_geo_match_set

This is AWS WAF Classic documentation

wafregional_get_permission_policy

This is AWS WAF Classic documentation

wafregional_create_rule

This is AWS WAF Classic documentation

wafregional_associate_web_acl

This is AWS WAF Classic Regional documentation

wafregional_create_rule_group

This is AWS WAF Classic documentation

wafregional_update_size_constraint_set

This is AWS WAF Classic documentation

wafregional_get_sampled_requests

This is AWS WAF Classic documentation

wafregional_get_rate_based_rule

This is AWS WAF Classic documentation

wafv2_associate_web_acl

Associates a web ACL with a regional application resource, to protect the resource

wafregional_list_regex_pattern_sets

This is AWS WAF Classic documentation

wafregional_put_permission_policy

This is AWS WAF Classic documentation

wafv2_get_regex_pattern_set

Retrieves the specified RegexPatternSet

wafregional_create_regex_pattern_set

This is AWS WAF Classic documentation

wafregional_delete_ip_set

This is AWS WAF Classic documentation

wafregional_get_web_acl

This is AWS WAF Classic documentation

wafregional_list_activated_rules_in_rule_group

This is AWS WAF Classic documentation

wafregional_delete_rule

This is AWS WAF Classic documentation

wafregional_get_ip_set

This is AWS WAF Classic documentation

wafv2_list_web_ac_ls

Retrieves an array of WebACLSummary objects for the web ACLs that you manage

wafv2_describe_managed_products_by_vendor

Provides high-level information for the managed rule groups owned by a specific vendor

wafregional_put_logging_configuration

This is AWS WAF Classic documentation

wafregional_get_logging_configuration

This is AWS WAF Classic documentation

wafv2_delete_logging_configuration

Deletes the LoggingConfiguration from the specified web ACL

wafv2_delete_ip_set

Deletes the specified IPSet

wafregional_get_sql_injection_match_set

This is AWS WAF Classic documentation

wafregional_list_tags_for_resource

This is AWS WAF Classic documentation

wafregional_get_size_constraint_set

This is AWS WAF Classic documentation

wafregional_tag_resource

This is AWS WAF Classic documentation

wafregional_update_sql_injection_match_set

This is AWS WAF Classic documentation

wafv2_update_web_acl

Updates the specified WebACL

wafv2_list_resources_for_web_acl

Retrieves an array of the Amazon Resource Names (ARNs) for the regional resources that are associated with the specified web ACL

wafregional_untag_resource

This is AWS WAF Classic documentation

wafv2_put_managed_rule_set_versions

Defines the versions of your managed rule set that you are offering to the customers

wafv2_get_permission_policy

Returns the IAM policy that is attached to the specified rule group

wafv2_delete_rule_group

Deletes the specified RuleGroup

wafv2_delete_api_key

Deletes the specified API key

wafv2_list_managed_rule_sets

Retrieves the managed rule sets that you own

wafv2_get_rate_based_statement_managed_keys

Retrieves the IP addresses that are currently blocked by a rate-based rule instance

wafv2_delete_firewall_manager_rule_groups

Deletes all rule groups that are managed by Firewall Manager for the specified web ACL

wafv2_put_logging_configuration

Enables the specified LoggingConfiguration, to start logging from a web ACL, according to the configuration provided

wafv2_list_mobile_sdk_releases

Retrieves a list of the available releases for the mobile SDK and the specified device platform

wafv2_get_rule_group

Retrieves the specified RuleGroup

wafv2_describe_all_managed_products

Provides high-level information for the Amazon Web Services Managed Rules rule groups and Amazon Web Services Marketplace managed rule groups

wafv2_delete_permission_policy

Permanently deletes an IAM policy from the specified rule group

wafv2_delete_regex_pattern_set

Deletes the specified RegexPatternSet

wafv2_list_tags_for_resource

Retrieves the TagInfoForResource for the specified resource

wafv2_list_rule_groups

Retrieves an array of RuleGroupSummary objects for the rule groups that you manage

wafv2

AWS WAFV2

wafv2_get_logging_configuration

Returns the LoggingConfiguration for the specified web ACL

wafv2_get_ip_set

Retrieves the specified IPSet

wafv2_update_regex_pattern_set

Updates the specified RegexPatternSet

wafv2_put_permission_policy

Use this to share a rule group with other accounts

wafv2_update_rule_group

Updates the specified RuleGroup

paws.security.identity (version 0.7.0)

'Amazon Web Services' Security, Identity, & Compliance Services

Description

Copy Link

Version

Install

Monthly Downloads

Version

License

Issues

Pull Requests

Stars

Forks

Repository

Maintainer

Last Published

Functions in paws.security.identity (0.7.0)