Select your cookie preferences

We use cookies and similar tools to enhance your experience, provide our services, deliver relevant advertising, and make improvements. Approved third parties also use these tools to help us deliver advertising and provide certain site features.

create_profile

IAMRolesAnywhere.Client.create_profile(**kwargs)

Creates a profile. A profile is configuration resource to list the roles that RolesAnywhere service is trusted to assume. In addition, by applying a profile you can intersect permissions with IAM managed policies.

Required permissions: rolesanywhere:CreateProfile .

See also: AWS API Documentation

Request Syntax

response = client.create_profile(
    durationSeconds=123,
    enabled=True|False,
    managedPolicyArns=[
        'string',
    ],
    name='string',
    requireInstanceProperties=True|False,
    roleArns=[
        'string',
    ],
    sessionPolicy='string',
    tags=[
        {
            'key': 'string',
            'value': 'string'
        },
    ]
)
Parameters
  • durationSeconds (integer) -- The number of seconds the vended session credentials are valid for.
  • enabled (boolean) -- Specifies whether the profile is enabled.
  • managedPolicyArns (list) --

    A list of managed policy ARNs that apply to the vended session credentials.

    • (string) --
  • name (string) --

    [REQUIRED]

    The name of the profile.

  • requireInstanceProperties (boolean) -- Specifies whether instance properties are required in CreateSession requests with this profile.
  • roleArns (list) --

    [REQUIRED]

    A list of IAM roles that this profile can assume in a CreateSession operation.

    • (string) --
  • sessionPolicy (string) -- A session policy that applies to the trust boundary of the vended session credentials.
  • tags (list) --

    The tags to attach to the profile.

    • (dict) --

      A label that consists of a key and value you define.

      • key (string) -- [REQUIRED]

        The tag key.

      • value (string) -- [REQUIRED]

        The tag value.

Return type

dict

Returns

Response Syntax

{
    'profile': {
        'createdAt': datetime(2015, 1, 1),
        'createdBy': 'string',
        'durationSeconds': 123,
        'enabled': True|False,
        'managedPolicyArns': [
            'string',
        ],
        'name': 'string',
        'profileArn': 'string',
        'profileId': 'string',
        'requireInstanceProperties': True|False,
        'roleArns': [
            'string',
        ],
        'sessionPolicy': 'string',
        'updatedAt': datetime(2015, 1, 1)
    }
}

Response Structure

  • (dict) --

    • profile (dict) --

      The state of the profile after a read or write operation.

      • createdAt (datetime) --

        The ISO-8601 timestamp when the profile was created.

      • createdBy (string) --

        The Amazon Web Services account that created the profile.

      • durationSeconds (integer) --

        The number of seconds the vended session credentials are valid for.

      • enabled (boolean) --

        Indicates whether the profile is enabled.

      • managedPolicyArns (list) --

        A list of managed policy ARNs that apply to the vended session credentials.

        • (string) --
      • name (string) --

        The name of the profile.

      • profileArn (string) --

        The ARN of the profile.

      • profileId (string) --

        The unique identifier of the profile.

      • requireInstanceProperties (boolean) --

        Specifies whether instance properties are required in CreateSession requests with this profile.

      • roleArns (list) --

        A list of IAM roles that this profile can assume in a CreateSession operation.

        • (string) --
      • sessionPolicy (string) --

        A session policy that applies to the trust boundary of the vended session credentials.

      • updatedAt (datetime) --

        The ISO-8601 timestamp when the profile was last updated.

Exceptions

  • IAMRolesAnywhere.Client.exceptions.ValidationException
  • IAMRolesAnywhere.Client.exceptions.AccessDeniedException