create_profile

IAMRolesAnywhere.Client.create_profile(**kwargs)

Creates a profile. A profile is configuration resource to list the roles that RolesAnywhere service is trusted to assume. In addition, by applying a profile you can intersect permissions with IAM managed policies.

Required permissions: rolesanywhere:CreateProfile .

See also: AWS API Documentation

Request Syntax

response = client.create_profile(
    durationSeconds=123,
    enabled=True|False,
    managedPolicyArns=[
        'string',
    ],
    name='string',
    requireInstanceProperties=True|False,
    roleArns=[
        'string',
    ],
    sessionPolicy='string',
    tags=[
        {
            'key': 'string',
            'value': 'string'
        },
    ]
)
Parameters
  • durationSeconds (integer) -- The number of seconds the vended session credentials are valid for.
  • enabled (boolean) -- Specifies whether the profile is enabled.
  • managedPolicyArns (list) --

    A list of managed policy ARNs that apply to the vended session credentials.

    • (string) --
  • name (string) --

    [REQUIRED]

    The name of the profile.

  • requireInstanceProperties (boolean) -- Specifies whether instance properties are required in CreateSession requests with this profile.
  • roleArns (list) --

    [REQUIRED]

    A list of IAM roles that this profile can assume in a CreateSession operation.

    • (string) --
  • sessionPolicy (string) -- A session policy that applies to the trust boundary of the vended session credentials.
  • tags (list) --

    The tags to attach to the profile.

    • (dict) --

      A label that consists of a key and value you define.

      • key (string) -- [REQUIRED]

        The tag key.

      • value (string) -- [REQUIRED]

        The tag value.

Return type

dict

Returns

Response Syntax

{
    'profile': {
        'createdAt': datetime(2015, 1, 1),
        'createdBy': 'string',
        'durationSeconds': 123,
        'enabled': True|False,
        'managedPolicyArns': [
            'string',
        ],
        'name': 'string',
        'profileArn': 'string',
        'profileId': 'string',
        'requireInstanceProperties': True|False,
        'roleArns': [
            'string',
        ],
        'sessionPolicy': 'string',
        'updatedAt': datetime(2015, 1, 1)
    }
}

Response Structure

  • (dict) --

    • profile (dict) --

      The state of the profile after a read or write operation.

      • createdAt (datetime) --

        The ISO-8601 timestamp when the profile was created.

      • createdBy (string) --

        The Amazon Web Services account that created the profile.

      • durationSeconds (integer) --

        The number of seconds the vended session credentials are valid for.

      • enabled (boolean) --

        Indicates whether the profile is enabled.

      • managedPolicyArns (list) --

        A list of managed policy ARNs that apply to the vended session credentials.

        • (string) --
      • name (string) --

        The name of the profile.

      • profileArn (string) --

        The ARN of the profile.

      • profileId (string) --

        The unique identifier of the profile.

      • requireInstanceProperties (boolean) --

        Specifies whether instance properties are required in CreateSession requests with this profile.

      • roleArns (list) --

        A list of IAM roles that this profile can assume in a CreateSession operation.

        • (string) --
      • sessionPolicy (string) --

        A session policy that applies to the trust boundary of the vended session credentials.

      • updatedAt (datetime) --

        The ISO-8601 timestamp when the profile was last updated.

Exceptions

  • IAMRolesAnywhere.Client.exceptions.ValidationException
  • IAMRolesAnywhere.Client.exceptions.AccessDeniedException