AWS SDK for C++  1.9.126
AWS SDK for C++
AccessManagementClient.h
Go to the documentation of this file.
1 
5 #pragma once
6 
8 
11 
12 #include <functional>
13 
14 namespace Aws
15 {
16 namespace CognitoIdentity
17 {
18 
20 
21 } // namespace CognitoIdentity;
22 
23 namespace IAM
24 {
25 
26 class IAMClient;
27 
28 namespace Model
29 {
30 class Group;
31 class Policy;
32 class Role;
33 class User;
34 
35 } // Model
36 } // namespace IAM
37 
38 namespace AccessManagement
39 {
40 
41 enum class QueryResult
42 {
43  YES,
44  NO,
45  FAILURE
46 };
47 
49 {
50  AUTHENTICATED,
52 };
53 
55 {
56  public:
57 
58  AccessManagementClient(std::shared_ptr< Aws::IAM::IAMClient >& iamClient, std::shared_ptr< Aws::CognitoIdentity::CognitoIdentityClient >& cognitoClient);
60 
61  using PolicyGeneratorFunction = std::function< Aws::String(void) >;
62 
63  // Misc
65 
66  // Compound Operation API for IAM
67  bool GetOrCreateGroup (const Aws::String& groupName, Aws::IAM::Model::Group& groupData);
68  bool GetOrCreatePolicy(const Aws::String& policyName, const PolicyGeneratorFunction& policyGenerator, Aws::IAM::Model::Policy& policyData);
69  bool GetOrCreateRole (const Aws::String& roleName, const PolicyGeneratorFunction& assumedPolicyGenerator, Aws::IAM::Model::Role& roleData);
70  bool GetOrCreateUser (const Aws::String& userName, Aws::IAM::Model::User& userData);
72 
73  bool AttachPolicyToGroupIfNot(const Aws::IAM::Model::Policy& policyData, const Aws::String& groupName);
74  bool AttachPolicyToRoleIfNot (const Aws::IAM::Model::Policy& policyData, const Aws::String& roleName);
75  bool AttachPolicyToUserIfNot (const Aws::IAM::Model::Policy& policyData, const Aws::String& userName);
76 
77  bool AddUserToGroupIfNot(const Aws::String& userName, const Aws::String& groupName);
78 
79  bool VerifyOrCreateCredentialsFileForUser(const Aws::String& credentialsFilename, const Aws::String& userName);
80 
81  // Compound Operation API for Cognito
82  bool GetOrCreateIdentityPool(const Aws::String& poolName, bool allowUnauthenticated, Aws::String& identityPoolId);
83 
84  bool BindRoleToIdentityPoolIfNot(const Aws::String& identityPoolId, const Aws::String& roleArn, IdentityPoolRoleBindingType roleKey);
85 
86 
87  // Simple IAM API
88  // State query
89  QueryResult GetGroup (const Aws::String& groupName, Aws::IAM::Model::Group& groupData);
90  QueryResult GetPolicy(const Aws::String& policyName, Aws::IAM::Model::Policy& policyData);
91  QueryResult GetRole (const Aws::String& roleName, Aws::IAM::Model::Role& roleData);
92  QueryResult GetUser (const Aws::String& userName, Aws::IAM::Model::User& userData);
93 
94  // Creation
95  bool CreateGroup (const Aws::String& groupName, Aws::IAM::Model::Group& groupData);
96  bool CreatePolicy(const Aws::String& policyName, const Aws::String& policyDocument, Aws::IAM::Model::Policy& policyData);
97  bool CreateRole (const Aws::String& roleName, const Aws::String& assumedPolicyDocument, Aws::IAM::Model::Role& roleData);
98  bool CreateUser (const Aws::String& userName, Aws::IAM::Model::User& userData);
99 
100  // Policy-Principal Relations
101  bool AttachPolicyToGroup(const Aws::String& policyArn, const Aws::String& groupName);
102  bool AttachPolicyToRole (const Aws::String& policyArn, const Aws::String& roleName);
103  bool AttachPolicyToUser (const Aws::String& policyArn, const Aws::String& userName);
104 
105  bool DetachPolicyFromGroup(const Aws::String& policyArn, const Aws::String& groupName);
106  bool DetachPolicyFromRole (const Aws::String& policyArn, const Aws::String& roleName);
107  bool DetachPolicyFromUser (const Aws::String& policyArn, const Aws::String& userName);
108 
109  QueryResult IsPolicyAttachedToGroup(const Aws::String& policyName, const Aws::String& groupName);
110  QueryResult IsPolicyAttachedToRole (const Aws::String& policyName, const Aws::String& roleName);
111  QueryResult IsPolicyAttachedToUser (const Aws::String& policyName, const Aws::String& userName);
112 
113  // User-Group Relations
114  QueryResult IsUserInGroup(const Aws::String& userName, const Aws::String& groupName);
115  bool AddUserToGroup (const Aws::String& userName, const Aws::String& groupName);
116  bool RemoveUserFromGroup (const Aws::String& userName, const Aws::String& groupName);
117 
118  // Deletion
119  bool DeleteGroup (const Aws::String& groupName);
120  bool DeletePolicy(const Aws::String& policyName);
121  bool DeleteRole (const Aws::String& roleName);
122  bool DeleteUser (const Aws::String& userName);
123 
124  bool DoesCredentialsFileExist (const Aws::String& credentialsFilename);
125  bool CreateCredentialsFileForUser(const Aws::String& credentialsFilename, const Aws::String& userName);
126 
127  //
128  // Cognito integration
129  QueryResult GetIdentityPool (const Aws::String& poolName, Aws::String& identityPoolId);
130  bool CreateIdentityPool(const Aws::String& poolName, bool allowUnauthenticated, Aws::String& identityPoolId);
131  bool DeleteIdentityPool(const Aws::String& poolName);
132 
133 
135  bool BindRoleToIdentityPool (const Aws::String& identityPoolId, const Aws::String& roleArn, IdentityPoolRoleBindingType roleKey);
136 
137  private:
138 
139  bool RemoveUsersFromGroup(const Aws::String& groupName);
140  bool DetachPoliciesFromGroup(const Aws::String& groupName);
141  bool DeleteInlinePoliciesFromGroup(const Aws::String& groupName);
142 
143  bool DeleteAccessKeysForUser(const Aws::String& userName);
144  bool RemoveUserFromGroups(const Aws::String& userName);
145  bool RemoveCertificatesFromUser(const Aws::String& userName);
146  bool RemovePasswordFromUser(const Aws::String& userName);
147  bool DeleteInlinePoliciesFromUser(const Aws::String& userName);
148  bool RemoveMFAFromUser(const Aws::String& userName);
149  bool DetachPoliciesFromUser(const Aws::String& userName);
150 
151  bool RemovePolicyFromEntities(const Aws::String& policyArn);
152 
153  bool RemoveRoleFromInstanceProfiles(const Aws::String& roleName);
154  bool DeleteInlinePoliciesFromRole(const Aws::String& roleName);
155  bool DetachPoliciesFromRole(const Aws::String& roleName);
156 
157  std::shared_ptr< Aws::IAM::IAMClient > m_iamClient;
158  std::shared_ptr< Aws::CognitoIdentity::CognitoIdentityClient > m_cognitoClient;
159 
160 };
161 
162 
163 
164 
165 } // namespace AccessManagement
166 } // namespace Aws
Aws::AccessManagement::AccessManagementClient::AttachPolicyToRole
bool AttachPolicyToRole(const Aws::String &policyArn, const Aws::String &roleName)
Aws::AccessManagement::AccessManagementClient::IsRoleBoundToIdentityPool
QueryResult IsRoleBoundToIdentityPool(const Aws::String &identityPoolId, const Aws::String &roleArn, IdentityPoolRoleBindingType roleKey)
Aws::AccessManagement::AccessManagementClient::GetOrCreateRole
bool GetOrCreateRole(const Aws::String &roleName, const PolicyGeneratorFunction &assumedPolicyGenerator, Aws::IAM::Model::Role &roleData)
Aws::AccessManagement::AccessManagementClient::GetPolicy
QueryResult GetPolicy(const Aws::String &policyName, Aws::IAM::Model::Policy &policyData)
Aws::AccessManagement::AccessManagementClient::BindRoleToIdentityPoolIfNot
bool BindRoleToIdentityPoolIfNot(const Aws::String &identityPoolId, const Aws::String &roleArn, IdentityPoolRoleBindingType roleKey)
Aws::AccessManagement::AccessManagementClient::CreateUser
bool CreateUser(const Aws::String &userName, Aws::IAM::Model::User &userData)
Aws::AccessManagement::AccessManagementClient::DeleteUser
bool DeleteUser(const Aws::String &userName)
Aws::AccessManagement::AccessManagementClient::CreateRole
bool CreateRole(const Aws::String &roleName, const Aws::String &assumedPolicyDocument, Aws::IAM::Model::Role &roleData)
Aws::AccessManagement::AccessManagementClient::GetRole
QueryResult GetRole(const Aws::String &roleName, Aws::IAM::Model::Role &roleData)
Aws::AccessManagement::AccessManagementClient::GetAccountId
Aws::String GetAccountId()
Aws::AccessManagement::AccessManagementClient::AttachPolicyToRoleIfNot
bool AttachPolicyToRoleIfNot(const Aws::IAM::Model::Policy &policyData, const Aws::String &roleName)
Aws::AccessManagement::AccessManagementClient::DetachPolicyFromUser
bool DetachPolicyFromUser(const Aws::String &policyArn, const Aws::String &userName)
Aws::AccessManagement::AccessManagementClient::GetGroup
QueryResult GetGroup(const Aws::String &groupName, Aws::IAM::Model::Group &groupData)
Aws::AccessManagement::AccessManagementClient::RemoveUserFromGroup
bool RemoveUserFromGroup(const Aws::String &userName, const Aws::String &groupName)
Aws::AccessManagement::AccessManagementClient::CreateIdentityPool
bool CreateIdentityPool(const Aws::String &poolName, bool allowUnauthenticated, Aws::String &identityPoolId)
Aws::AccessManagement::AccessManagementClient::GetUser
QueryResult GetUser(const Aws::String &userName, Aws::IAM::Model::User &userData)
Aws::AccessManagement::AccessManagementClient::DetachPolicyFromRole
bool DetachPolicyFromRole(const Aws::String &policyArn, const Aws::String &roleName)
Aws::AccessManagement::AccessManagementClient::IsPolicyAttachedToUser
QueryResult IsPolicyAttachedToUser(const Aws::String &policyName, const Aws::String &userName)
AWS_ACCESS_MANAGEMENT_API
#define AWS_ACCESS_MANAGEMENT_API
Definition: AccessManagement_EXPORTS.h:22
Aws::AccessManagement::AccessManagementClient::IsPolicyAttachedToGroup
QueryResult IsPolicyAttachedToGroup(const Aws::String &policyName, const Aws::String &groupName)
Aws::AccessManagement::AccessManagementClient::BindRoleToIdentityPool
bool BindRoleToIdentityPool(const Aws::String &identityPoolId, const Aws::String &roleArn, IdentityPoolRoleBindingType roleKey)
Aws::AccessManagement::AccessManagementClient::GetOrCreatePolicy
bool GetOrCreatePolicy(const Aws::String &policyName, const PolicyGeneratorFunction &policyGenerator, Aws::IAM::Model::Policy &policyData)
Aws::AccessManagement::AccessManagementClient::VerifyOrCreateCredentialsFileForUser
bool VerifyOrCreateCredentialsFileForUser(const Aws::String &credentialsFilename, const Aws::String &userName)
Aws::AccessManagement::AccessManagementClient::CreatePolicy
bool CreatePolicy(const Aws::String &policyName, const Aws::String &policyDocument, Aws::IAM::Model::Policy &policyData)
Aws::IAM::Model::Policy
Definition: Policy.h:41
AccessManagement_EXPORTS.h
Aws::AccessManagement::AccessManagementClient::~AccessManagementClient
~AccessManagementClient()
Aws::AccessManagement::AccessManagementClient::ExtractAccountIdFromArn
static Aws::String ExtractAccountIdFromArn(const Aws::String &arn)
Aws::AccessManagement::IdentityPoolRoleBindingType::AUTHENTICATED
@ AUTHENTICATED
Aws::AccessManagement::AccessManagementClient::IsUserInGroup
QueryResult IsUserInGroup(const Aws::String &userName, const Aws::String &groupName)
Aws::AccessManagement::QueryResult
QueryResult
Definition: AccessManagementClient.h:42
Aws::IAM::Model::Group
Definition: Group.h:36
Aws::CognitoIdentity::CognitoIdentityClient
Definition: CognitoIdentityClient.h:191
Aws::AccessManagement::AccessManagementClient::DeleteGroup
bool DeleteGroup(const Aws::String &groupName)
Aws::AccessManagement::QueryResult::YES
@ YES
AWSString.h
Aws::AccessManagement::AccessManagementClient::DoesCredentialsFileExist
bool DoesCredentialsFileExist(const Aws::String &credentialsFilename)
Aws::AccessManagement::AccessManagementClient::GetIdentityPool
QueryResult GetIdentityPool(const Aws::String &poolName, Aws::String &identityPoolId)
Aws::AccessManagement::AccessManagementClient::AttachPolicyToGroupIfNot
bool AttachPolicyToGroupIfNot(const Aws::IAM::Model::Policy &policyData, const Aws::String &groupName)
Aws::AccessManagement::IdentityPoolRoleBindingType
IdentityPoolRoleBindingType
Definition: AccessManagementClient.h:49
Aws::AccessManagement::AccessManagementClient::DetachPolicyFromGroup
bool DetachPolicyFromGroup(const Aws::String &policyArn, const Aws::String &groupName)
Aws::IAM::IAMClient
Definition: IAMClient.h:797
Aws::AccessManagement::AccessManagementClient::PolicyGeneratorFunction
std::function< Aws::String(void) > PolicyGeneratorFunction
Definition: AccessManagementClient.h:61
Aws
Definition: AccessManagementClient.h:15
Aws::AccessManagement::AccessManagementClient::CreateCredentialsFileForUser
bool CreateCredentialsFileForUser(const Aws::String &credentialsFilename, const Aws::String &userName)
AWSMemory.h
Aws::AccessManagement::AccessManagementClient::GetOrCreateIdentityPool
bool GetOrCreateIdentityPool(const Aws::String &poolName, bool allowUnauthenticated, Aws::String &identityPoolId)
Aws::AccessManagement::AccessManagementClient::GetOrCreateGroup
bool GetOrCreateGroup(const Aws::String &groupName, Aws::IAM::Model::Group &groupData)
Aws::AccessManagement::AccessManagementClient::AccessManagementClient
AccessManagementClient(std::shared_ptr< Aws::IAM::IAMClient > &iamClient, std::shared_ptr< Aws::CognitoIdentity::CognitoIdentityClient > &cognitoClient)
Aws::String
std::basic_string< char, std::char_traits< char >, Aws::Allocator< char > > String
Definition: AWSString.h:97
Aws::AccessManagement::AccessManagementClient::AddUserToGroupIfNot
bool AddUserToGroupIfNot(const Aws::String &userName, const Aws::String &groupName)
Aws::IAM::Model::Role
Definition: Role.h:39
Aws::AccessManagement::AccessManagementClient::AttachPolicyToUserIfNot
bool AttachPolicyToUserIfNot(const Aws::IAM::Model::Policy &policyData, const Aws::String &userName)
Aws::AccessManagement::AccessManagementClient::GetOrCreateUser
bool GetOrCreateUser(const Aws::String &userName, Aws::IAM::Model::User &userData)
Aws::AccessManagement::AccessManagementClient::DeleteRole
bool DeleteRole(const Aws::String &roleName)
Aws::AccessManagement::AccessManagementClient::AddUserToGroup
bool AddUserToGroup(const Aws::String &userName, const Aws::String &groupName)
Aws::AccessManagement::AccessManagementClient::DeleteIdentityPool
bool DeleteIdentityPool(const Aws::String &poolName)
Aws::AccessManagement::AccessManagementClient
Definition: AccessManagementClient.h:55
Aws::AccessManagement::AccessManagementClient::AttachPolicyToGroup
bool AttachPolicyToGroup(const Aws::String &policyArn, const Aws::String &groupName)
Aws::AccessManagement::AccessManagementClient::IsPolicyAttachedToRole
QueryResult IsPolicyAttachedToRole(const Aws::String &policyName, const Aws::String &roleName)
Aws::AccessManagement::AccessManagementClient::DeletePolicy
bool DeletePolicy(const Aws::String &policyName)
Aws::AccessManagement::AccessManagementClient::CreateGroup
bool CreateGroup(const Aws::String &groupName, Aws::IAM::Model::Group &groupData)
Aws::AccessManagement::AccessManagementClient::AttachPolicyToUser
bool AttachPolicyToUser(const Aws::String &policyArn, const Aws::String &userName)
Aws::IAM::Model::User
Definition: User.h:39