# IAM code examples for the SDK for PHP ## Overview Shows how to use the AWS SDK for PHP to work with AWS Identity and Access Management (IAM). *IAM is a web service for securely controlling access to AWS services. With IAM, you can centrally manage permissions in your AWS account.* ## ⚠ Important * Running this code might result in charges to your AWS account. * Running the tests might result in charges to your AWS account. * We recommend that you grant your code least privilege. At most, grant only the minimum permissions required to perform the task. For more information, see [Grant least privilege](https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#grant-least-privilege). * This code is not tested in every AWS Region. For more information, see [AWS Regional Services](https://aws.amazon.com/about-aws/global-infrastructure/regional-product-services). ## Code examples ### Prerequisites For prerequisites, see the [README](../../README.md#Prerequisites) in the `php` folder. ### Single actions Code excerpts that show you how to call individual service functions. * [Attach a policy to a role](GettingStartedWithIAM.php#L45) (`AttachRolePolicy`) * [Create a policy](GettingStartedWithIAM.php#L45) (`CreatePolicy`) * [Create a role](GettingStartedWithIAM.php#L45) (`CreateRole`) * [Create a service-linked role](GettingStartedWithIAM.php#L45) (`CreateServiceLinkedRole`) * [Create a user](GettingStartedWithIAM.php#L45) (`CreateUser`) * [Get a policy](GettingStartedWithIAM.php#L45) (`GetPolicy`) * [Get a role](GettingStartedWithIAM.php#L45) (`GetRole`) * [Get the account password policy](GettingStartedWithIAM.php#L45) (`GetAccountPasswordPolicy`) * [List SAML providers](GettingStartedWithIAM.php#L45) (`ListSAMLProviders`) * [List groups](GettingStartedWithIAM.php#L45) (`ListGroups`) * [List inline policies for a role](GettingStartedWithIAM.php#L45) (`ListRolePolicies`) * [List policies](GettingStartedWithIAM.php#L45) (`ListPolicies`) * [List policies attached to a role](GettingStartedWithIAM.php#L45) (`ListAttachedRolePolicies`) * [List roles](GettingStartedWithIAM.php#L45) (`ListRoles`) * [List users](GettingStartedWithIAM.php#L45) (`ListUsers`) ### Scenarios Code examples that show you how to accomplish a specific task by calling multiple functions within the same service. * [Create a user and assume a role](GettingStartedWithIAM.php) ## Run the examples ### Instructions Run the example with the following command: `php GettingStartedWithIAM.php` #### Create a user and assume a role This example shows you how to create a user and assume a role. * Create a user with no permissions. * Create a role that grants permission to list Amazon S3 buckets for the account. * Add a policy to let the user assume the role. * Assume the role and list S3 buckets using temporary credentials, then clean up resources. ### Tests ⚠ Running tests might result in charges to your AWS account. To find instructions for running these tests, see the [README](../../README.md#Tests) in the `php` folder. ## Additional resources * [IAM User Guide](https://docs.aws.amazon.com/IAM/latest/UserGuide/introduction.html) * [IAM API Reference](https://docs.aws.amazon.com/IAM/latest/APIReference/welcome.html) * [SDK for PHP IAM reference](https://docs.aws.amazon.com/aws-sdk-php/v3/api/namespace-Aws.Iam.html) --- Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. SPDX-License-Identifier: Apache-2.0