IAMRolesAnywhere / Client / create_profile

create_profile#

IAMRolesAnywhere.Client.create_profile(**kwargs)#

Creates a profile, a list of the roles that Roles Anywhere service is trusted to assume. You use profiles to intersect permissions with IAM managed policies.

Required permissions: rolesanywhere:CreateProfile.

See also: AWS API Documentation

Request Syntax

response = client.create_profile(
    durationSeconds=123,
    enabled=True|False,
    managedPolicyArns=[
        'string',
    ],
    name='string',
    requireInstanceProperties=True|False,
    roleArns=[
        'string',
    ],
    sessionPolicy='string',
    tags=[
        {
            'key': 'string',
            'value': 'string'
        },
    ]
)
Parameters:
  • durationSeconds (integer) – Used to determine how long sessions vended using this profile are valid for. See the Expiration section of the CreateSession API documentation page for more details.

  • enabled (boolean) – Specifies whether the profile is enabled.

  • managedPolicyArns (list) –

    A list of managed policy ARNs that apply to the vended session credentials.

    • (string) –

  • name (string) –

    [REQUIRED]

    The name of the profile.

  • requireInstanceProperties (boolean) – Specifies whether instance properties are required in temporary credential requests with this profile.

  • roleArns (list) –

    [REQUIRED]

    A list of IAM roles that this profile can assume in a temporary credential request.

    • (string) –

  • sessionPolicy (string) – A session policy that applies to the trust boundary of the vended session credentials.

  • tags (list) –

    The tags to attach to the profile.

    • (dict) –

      A label that consists of a key and value you define.

      • key (string) – [REQUIRED]

        The tag key.

      • value (string) – [REQUIRED]

        The tag value.

Return type:

dict

Returns:

Response Syntax

{
    'profile': {
        'createdAt': datetime(2015, 1, 1),
        'createdBy': 'string',
        'durationSeconds': 123,
        'enabled': True|False,
        'managedPolicyArns': [
            'string',
        ],
        'name': 'string',
        'profileArn': 'string',
        'profileId': 'string',
        'requireInstanceProperties': True|False,
        'roleArns': [
            'string',
        ],
        'sessionPolicy': 'string',
        'updatedAt': datetime(2015, 1, 1)
    }
}

Response Structure

  • (dict) –

    • profile (dict) –

      The state of the profile after a read or write operation.

      • createdAt (datetime) –

        The ISO-8601 timestamp when the profile was created.

      • createdBy (string) –

        The Amazon Web Services account that created the profile.

      • durationSeconds (integer) –

        Used to determine how long sessions vended using this profile are valid for. See the Expiration section of the CreateSession API documentation page for more details.

      • enabled (boolean) –

        Indicates whether the profile is enabled.

      • managedPolicyArns (list) –

        A list of managed policy ARNs that apply to the vended session credentials.

        • (string) –

      • name (string) –

        The name of the profile.

      • profileArn (string) –

        The ARN of the profile.

      • profileId (string) –

        The unique identifier of the profile.

      • requireInstanceProperties (boolean) –

        Specifies whether instance properties are required in temporary credential requests with this profile.

      • roleArns (list) –

        A list of IAM roles that this profile can assume in a temporary credential request.

        • (string) –

      • sessionPolicy (string) –

        A session policy that applies to the trust boundary of the vended session credentials.

      • updatedAt (datetime) –

        The ISO-8601 timestamp when the profile was last updated.

Exceptions

  • IAMRolesAnywhere.Client.exceptions.ValidationException

  • IAMRolesAnywhere.Client.exceptions.AccessDeniedException