IAMRolesAnywhere / Client / delete_attribute_mapping

delete_attribute_mapping#

IAMRolesAnywhere.Client.delete_attribute_mapping(**kwargs)#

Delete an entry from the attribute mapping rules enforced by a given profile.

See also: AWS API Documentation

Request Syntax

response = client.delete_attribute_mapping(
    certificateField='x509Subject'|'x509Issuer'|'x509SAN',
    profileId='string',
    specifiers=[
        'string',
    ]
)
Parameters:
  • certificateField (string) –

    [REQUIRED]

    Fields (x509Subject, x509Issuer and x509SAN) within X.509 certificates.

  • profileId (string) –

    [REQUIRED]

    The unique identifier of the profile.

  • specifiers (list) –

    A list of specifiers of a certificate field; for example, CN, OU, UID from a Subject.

    • (string) –

Return type:

dict

Returns:

Response Syntax

{
    'profile': {
        'acceptRoleSessionName': True|False,
        'attributeMappings': [
            {
                'certificateField': 'x509Subject'|'x509Issuer'|'x509SAN',
                'mappingRules': [
                    {
                        'specifier': 'string'
                    },
                ]
            },
        ],
        'createdAt': datetime(2015, 1, 1),
        'createdBy': 'string',
        'durationSeconds': 123,
        'enabled': True|False,
        'managedPolicyArns': [
            'string',
        ],
        'name': 'string',
        'profileArn': 'string',
        'profileId': 'string',
        'requireInstanceProperties': True|False,
        'roleArns': [
            'string',
        ],
        'sessionPolicy': 'string',
        'updatedAt': datetime(2015, 1, 1)
    }
}

Response Structure

  • (dict) –

    • profile (dict) –

      The state of the profile after a read or write operation.

      • acceptRoleSessionName (boolean) –

        Used to determine if a custom role session name will be accepted in a temporary credential request.

      • attributeMappings (list) –

        A mapping applied to the authenticating end-entity certificate.

        • (dict) –

          A mapping applied to the authenticating end-entity certificate.

          • certificateField (string) –

            Fields (x509Subject, x509Issuer and x509SAN) within X.509 certificates.

          • mappingRules (list) –

            A list of mapping entries for every supported specifier or sub-field.

            • (dict) –

              A single mapping entry for each supported specifier or sub-field.

              • specifier (string) –

                Specifier within a certificate field, such as CN, OU, or UID from the Subject field.

      • createdAt (datetime) –

        The ISO-8601 timestamp when the profile was created.

      • createdBy (string) –

        The Amazon Web Services account that created the profile.

      • durationSeconds (integer) –

        Used to determine how long sessions vended using this profile are valid for. See the Expiration section of the CreateSession API documentation page for more details. In requests, if this value is not provided, the default value will be 3600.

      • enabled (boolean) –

        Indicates whether the profile is enabled.

      • managedPolicyArns (list) –

        A list of managed policy ARNs that apply to the vended session credentials.

        • (string) –

      • name (string) –

        The name of the profile.

      • profileArn (string) –

        The ARN of the profile.

      • profileId (string) –

        The unique identifier of the profile.

      • requireInstanceProperties (boolean) –

        Specifies whether instance properties are required in temporary credential requests with this profile.

      • roleArns (list) –

        A list of IAM roles that this profile can assume in a temporary credential request.

        • (string) –

      • sessionPolicy (string) –

        A session policy that applies to the trust boundary of the vended session credentials.

      • updatedAt (datetime) –

        The ISO-8601 timestamp when the profile was last updated.

Exceptions

  • IAMRolesAnywhere.Client.exceptions.ValidationException

  • IAMRolesAnywhere.Client.exceptions.ResourceNotFoundException

  • IAMRolesAnywhere.Client.exceptions.AccessDeniedException