- Creates a user with no permissions.
- Creates a role and policy that grant s3:ListAllMyBuckets permission.
- Grants the user permission to assume the role.
- Creates an S3 client object as the user and tries to list buckets (this will fail).
- Gets temporary credentials by assuming the role.
- Creates a new S3 client object with the temporary credentials and lists the buckets (this will succeed).
- Deletes all the resources.
- Creates an Amazon Identity and Access Management (IAM) group.
- Adds an IAM policy to the IAM group giving it full access to Amazon S3.
- Creates a new IAM user.
- Creates an IAM access key for the user.
- Adds the user to the IAM group.
- Lists the buckets on the account.
- Proves that the user has full Amazon S3 access by creating a bucket.
- List the buckets again to show the new bucket.
- Cleans up all the resources created.
Shows how to use the AWS SDK for .NET to work with AWS Identity and Access Management (IAM).
IAM is a web service for securely controlling access to AWS services. With IAM, you can centrally manage permissions in your AWS account.
- Running this code might result in charges to your AWS account.
- Running the tests might result in charges to your AWS account.
- We recommend that you grant your code least privilege. At most, grant only the minimum permissions required to perform the task. For more information, see Grant least privilege.
- This code is not tested in every AWS Region. For more information, see AWS Regional Services.
For prerequisites, see the README in the dotnetv3
folder.
- Hello IAM (
ListPolicies
)
Code excerpts that show you how to call individual service functions.
- Add a user to a group (
AddUserToGroup
) - Attach a policy to a role (
AttachRolePolicy
) - Attach an inline policy to a role (
PutRolePolicy
) - Create a group (
CreateGroup
) - Create a policy (
CreatePolicy
) - Create a role (
CreateRole
) - Create a service-linked role (
CreateServiceLinkedRole
) - Create a user (
CreateUser
) - Create an access key (
CreateAccessKey
) - Create an inline policy for a group (
PutGroupPolicy
) - Delete a group (
DeleteGroup
) - Delete a group policy (
DeleteGroupPolicy
) - Delete a policy (
DeletePolicy
) - Delete a role (
DeleteRole
) - Delete a role policy (
DeleteRolePolicy
) - Delete a user (
DeleteUser
) - Delete an access key (
DeleteAccessKey
) - Delete an inline policy from a user (
DeleteUserPolicy
) - Detach a policy from a role (
DetachRolePolicy
) - Get a policy (
GetPolicy
) - Get a role (
GetRole
) - Get a user (
GetUser
) - Get the account password policy (
GetAccountPasswordPolicy
) - List SAML providers (
ListSAMLProviders
) - List groups (
ListGroups
) - List inline policies for a role (
ListRolePolicies
) - List policies (
ListPolicies
) - List policies attached to a role (
ListAttachedRolePolicies
) - List roles (
ListRoles
) - List users (
ListUsers
) - Remove a user from a group (
RemoveUserFromGroup
)
Code examples that show you how to accomplish a specific task by calling multiple functions within the same service.
For general instructions to run the examples, see the README in the dotnetv3
folder.
Some projects might include a settings.json file. Before compiling the project, you can change these values to match your own account and resources. Alternatively, add a settings.local.json file with your local settings, which will be loaded automatically when the application runs.
After the example compiles, you can run it from the command line. To do so, navigate to the folder that contains the .csproj file and run the following command:
dotnet run
Alternatively, you can run the example from within your IDE.
To run the examples, see the README in the dotnetv3
folder.
This example shows you how to get started using IAM.
This example shows you how to do the following:
- Create a group and grant full Amazon S3 access permissions to it.
- Create a new user with no permissions to access Amazon S3.
- Add the user to the group and show that they now have permissions for Amazon S3, then clean up resources.
This example shows you how to create a user and assume a role.
- Create a user with no permissions.
- Create a role that grants permission to list Amazon S3 buckets for the account.
- Add a policy to let the user assume the role.
- Assume the role and list S3 buckets using temporary credentials, then clean up resources.
⚠ Running tests might result in charges to your AWS account.
To find instructions for running these tests, see the README
in the dotnetv3
folder.
Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
SPDX-License-Identifier: Apache-2.0