RolesAnywhere class

Identity and Access Management Roles Anywhere provides a secure way for your workloads such as servers, containers, and applications that run outside of Amazon Web Services to obtain temporary Amazon Web Services credentials. Your workloads can use the same IAM policies and roles you have for native Amazon Web Services applications to access Amazon Web Services resources. Using IAM Roles Anywhere eliminates the need to manage long-term credentials for workloads running outside of Amazon Web Services.

To use IAM Roles Anywhere, your workloads must use X.509 certificates issued by their certificate authority (CA). You register the CA with IAM Roles Anywhere as a trust anchor to establish trust between your public key infrastructure (PKI) and IAM Roles Anywhere. If you don't manage your own PKI system, you can use Private Certificate Authority to create a CA and then use that to establish trust with IAM Roles Anywhere.

This guide describes the IAM Roles Anywhere operations that you can call programmatically. For more information about IAM Roles Anywhere, see the IAM Roles Anywhere User Guide.

Constructors

RolesAnywhere({required String region, AwsClientCredentials? credentials, AwsClientCredentialsProvider? credentialsProvider, Client? client, String? endpointUrl})

Properties

hashCode → int

The hash code for this object.

no setter, inherited

runtimeType → Type

A representation of the runtime type of the object.

no setter, inherited

Methods

close() → void

Closes the internal HTTP client if none was provided at creation. If a client was passed as a constructor argument, this becomes a noop.

createProfile({required String name, required List<String> roleArns, bool? acceptRoleSessionName, int? durationSeconds, bool? enabled, List<String>? managedPolicyArns, bool? requireInstanceProperties, String? sessionPolicy, List<Tag>? tags}) → Future<ProfileDetailResponse>

Creates a profile, a list of the roles that Roles Anywhere service is trusted to assume. You use profiles to intersect permissions with IAM managed policies.

createTrustAnchor({required String name, required Source source, bool? enabled, List<NotificationSetting>? notificationSettings, List<Tag>? tags}) → Future<TrustAnchorDetailResponse>

Creates a trust anchor to establish trust between IAM Roles Anywhere and your certificate authority (CA). You can define a trust anchor as a reference to an Private Certificate Authority (Private CA) or by uploading a CA certificate. Your Amazon Web Services workloads can authenticate with the trust anchor using certificates issued by the CA in exchange for temporary Amazon Web Services credentials.

deleteAttributeMapping({required CertificateField certificateField, required String profileId, List<String>? specifiers}) → Future<DeleteAttributeMappingResponse>

Delete an entry from the attribute mapping rules enforced by a given profile.

deleteCrl({required String crlId}) → Future<CrlDetailResponse>

Deletes a certificate revocation list (CRL).

deleteProfile({required String profileId}) → Future<ProfileDetailResponse>

Deletes a profile.

deleteTrustAnchor({required String trustAnchorId}) → Future<TrustAnchorDetailResponse>

Deletes a trust anchor.

disableCrl({required String crlId}) → Future<CrlDetailResponse>

Disables a certificate revocation list (CRL).

disableProfile({required String profileId}) → Future<ProfileDetailResponse>

Disables a profile. When disabled, temporary credential requests with this profile fail.

disableTrustAnchor({required String trustAnchorId}) → Future<TrustAnchorDetailResponse>

Disables a trust anchor. When disabled, temporary credential requests specifying this trust anchor are unauthorized.

enableCrl({required String crlId}) → Future<CrlDetailResponse>

Enables a certificate revocation list (CRL). When enabled, certificates stored in the CRL are unauthorized to receive session credentials.

enableProfile({required String profileId}) → Future<ProfileDetailResponse>

Enables temporary credential requests for a profile.

enableTrustAnchor({required String trustAnchorId}) → Future<TrustAnchorDetailResponse>

Enables a trust anchor. When enabled, certificates in the trust anchor chain are authorized for trust validation.

getCrl({required String crlId}) → Future<CrlDetailResponse>

Gets a certificate revocation list (CRL).

getProfile({required String profileId}) → Future<ProfileDetailResponse>

Gets a profile.

getSubject({required String subjectId}) → Future<SubjectDetailResponse>

Gets a subject, which associates a certificate identity with authentication attempts. The subject stores auditing information such as the status of the last authentication attempt, the certificate data used in the attempt, and the last time the associated identity attempted authentication.

getTrustAnchor({required String trustAnchorId}) → Future<TrustAnchorDetailResponse>

Gets a trust anchor.

importCrl({required Uint8List crlData, required String name, required String trustAnchorArn, bool? enabled, List<Tag>? tags}) → Future<CrlDetailResponse>

Imports the certificate revocation list (CRL). A CRL is a list of certificates that have been revoked by the issuing certificate Authority (CA).In order to be properly imported, a CRL must be in PEM format. IAM Roles Anywhere validates against the CRL before issuing credentials.

listCrls({String? nextToken, int? pageSize}) → Future<ListCrlsResponse>

Lists all certificate revocation lists (CRL) in the authenticated account and Amazon Web Services Region.

listProfiles({String? nextToken, int? pageSize}) → Future<ListProfilesResponse>

Lists all profiles in the authenticated account and Amazon Web Services Region.

listSubjects({String? nextToken, int? pageSize}) → Future<ListSubjectsResponse>

Lists the subjects in the authenticated account and Amazon Web Services Region.

listTagsForResource({required String resourceArn}) → Future<ListTagsForResourceResponse>

Lists the tags attached to the resource.

listTrustAnchors({String? nextToken, int? pageSize}) → Future<ListTrustAnchorsResponse>

Lists the trust anchors in the authenticated account and Amazon Web Services Region.

noSuchMethod(Invocation invocation) → dynamic

Invoked when a nonexistent method or property is accessed.

inherited

putAttributeMapping({required CertificateField certificateField, required List<MappingRule> mappingRules, required String profileId}) → Future<PutAttributeMappingResponse>

Put an entry in the attribute mapping rules that will be enforced by a given profile. A mapping specifies a certificate field and one or more specifiers that have contextual meanings.

putNotificationSettings({required List<NotificationSetting> notificationSettings, required String trustAnchorId}) → Future<PutNotificationSettingsResponse>

Attaches a list of notification settings to a trust anchor.

resetNotificationSettings({required List<NotificationSettingKey> notificationSettingKeys, required String trustAnchorId}) → Future<ResetNotificationSettingsResponse>

Resets the custom notification setting to IAM Roles Anywhere default setting.

tagResource({required String resourceArn, required List<Tag> tags}) → Future<void>

Attaches tags to a resource.

toString() → String

A string representation of this object.

inherited

untagResource({required String resourceArn, required List<String> tagKeys}) → Future<void>

Removes tags from the resource.

updateCrl({required String crlId, Uint8List? crlData, String? name}) → Future<CrlDetailResponse>

Updates the certificate revocation list (CRL). A CRL is a list of certificates that have been revoked by the issuing certificate authority (CA). IAM Roles Anywhere validates against the CRL before issuing credentials.

updateProfile({required String profileId, bool? acceptRoleSessionName, int? durationSeconds, List<String>? managedPolicyArns, String? name, List<String>? roleArns, String? sessionPolicy}) → Future<ProfileDetailResponse>

Updates a profile, a list of the roles that IAM Roles Anywhere service is trusted to assume. You use profiles to intersect permissions with IAM managed policies.

updateTrustAnchor({required String trustAnchorId, String? name, Source? source}) → Future<TrustAnchorDetailResponse>

Updates a trust anchor. You establish trust between IAM Roles Anywhere and your certificate authority (CA) by configuring a trust anchor. You can define a trust anchor as a reference to an Private Certificate Authority (Private CA) or by uploading a CA certificate. Your Amazon Web Services workloads can authenticate with the trust anchor using certificates issued by the CA in exchange for temporary Amazon Web Services credentials.

Operators

operator ==(Object other) → bool

The equality operator.

inherited