<!--Generated by WRITEME on 2023-08-04 12:54:07.388627 (UTC)-->
# IAM code examples for the Command Line Interface with Bash

## Overview

Shows how to use the AWS Command Line Interface with Bash to work with AWS Identity and Access Management (IAM).

<!--custom.overview.start-->
<!--custom.overview.end-->

*IAM is a web service for securely controlling access to AWS services. With IAM, you can centrally manage permissions in your AWS account.*

## ⚠ Important

* Running this code might result in charges to your AWS account.
* Running the tests might result in charges to your AWS account.
* We recommend that you grant your code least privilege. At most, grant only the minimum permissions required to perform the task. For more information, see [Grant least privilege](https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#grant-least-privilege).
* This code is not tested in every AWS Region. For more information, see [AWS Regional Services](https://aws.amazon.com/about-aws/global-infrastructure/regional-product-services).

<!--custom.important.start-->
<!--custom.important.end-->

## Code examples

### Prerequisites

For prerequisites, see the [README](../../README.md#Prerequisites) in the `aws-cli` folder.


<!--custom.prerequisites.start-->
<!--custom.prerequisites.end-->

### Single actions

Code excerpts that show you how to call individual service functions.

* [Attach a policy to a role](iam_operations.sh#L505) (`AttachRolePolicy`)
* [Create a policy](iam_operations.sh#L430) (`CreatePolicy`)
* [Create a role](iam_operations.sh#L351) (`CreateRole`)
* [Create a user](iam_operations.sh#L122) (`CreateUser`)
* [Create an access key](iam_operations.sh#L201) (`CreateAccessKey`)
* [Delete a policy](iam_operations.sh#L655) (`DeletePolicy`)
* [Delete a role](iam_operations.sh#L725) (`DeleteRole`)
* [Delete a user](iam_operations.sh#L877) (`DeleteUser`)
* [Delete an access key](iam_operations.sh#L796) (`DeleteAccessKey`)
* [Detach a policy from a role](iam_operations.sh#L580) (`DetachRolePolicy`)
* [Get a user](iam_operations.sh#L22) (`GetUser`)
* [List a user's access keys](iam_operations.sh#L282) (`ListAccessKeys`)
* [List users](iam_operations.sh#L61) (`ListUsers`)

### Scenarios

Code examples that show you how to accomplish a specific task by calling multiple
functions within the same service.

* [Create a user and assume a role](iam_create_user_assume_role_scenario.sh) 

## Run the examples

### Instructions


<!--custom.instructions.start-->
<!--custom.instructions.end-->


#### Create a user and assume a role

This example shows you how to create a user and assume a role. 

* Create a user with no permissions.
* Create a role that grants permission to list Amazon S3 buckets for the account.
* Add a policy to let the user assume the role.
* Assume the role and list S3 buckets using temporary credentials, then clean up resources.

<!--custom.scenario_prereqs.iam_Scenario_CreateUserAssumeRole.start-->
<!--custom.scenario_prereqs.iam_Scenario_CreateUserAssumeRole.end-->


<!--custom.scenarios.iam_Scenario_CreateUserAssumeRole.start-->
<!--custom.scenarios.iam_Scenario_CreateUserAssumeRole.end-->

### Tests

⚠ Running tests might result in charges to your AWS account.


To find instructions for running these tests, see the [README](../../README.md#Tests)
in the `aws-cli` folder.


<!--custom.tests.start-->
<!--custom.tests.end-->

## Additional resources

* [IAM User Guide](https://docs.aws.amazon.com/IAM/latest/UserGuide/introduction.html)
* [IAM API Reference](https://docs.aws.amazon.com/IAM/latest/APIReference/welcome.html)
* [Command Line Interface with Bash script IAM reference](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/iam/index.html)

<!--custom.resources.start-->
<!--custom.resources.end-->

---

Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.

SPDX-License-Identifier: Apache-2.0