IAM code examples for the SDK for Go

Overview

Shows how to use the AWS SDK for Go (v2) to manage AWS Identity and Access Management (IAM) resources.

IAM is a web service for securely controlling access to AWS services. With IAM, you can centrally manage users, security credentials such as access keys, and permissions that control which AWS resources users and applications can access.

⚠️ Important

• Running this code might result in charges to your AWS account.
• Running the tests might result in charges to your AWS account.
• We recommend that you grant your code least privilege. At most, grant only the minimum permissions required to perform the task. For more information, see Grant least privilege.
• This code is not tested in every AWS Region. For more information, see AWS Regional Services.

Code examples

Get started

• Hello IAM (ListPolicies)

Single actions

Code excerpts that show you how to call individual service functions.

• Attach a policy to a role (AttachRolePolicy)
• Create a policy (CreatePolicy)
• Create a role (CreateRole)
• Create a service-linked role (CreateServiceLinkedRole)
• Create a user (CreateUser)
• Create an access key (CreateAccessKey)
• Create an inline policy for a user (PutUserPolicy)
• Delete a policy (DeletePolicy)
• Delete a role (DeleteRole)
• Delete a service-linked role (DeleteServiceLinkedRole)
• Delete a user (DeleteUser)
• Delete an access key (DeleteAccessKey)
• Delete an inline policy from a user (DeleteUserPolicy)
• Detach a policy from a role (DetachRolePolicy)
• Get a policy (GetPolicy)
• Get a role (GetRole)
• Get a user (GetUser)
• Get the account password policy (GetAccountPasswordPolicy)
• List SAML providers (ListSAMLProviders)
• List a user's access keys (ListAccessKeys)
• List groups (ListGroups)
• List inline policies for a role (ListRolePolicies)
• List inline policies for a user (ListUserPolicies)
• List policies (ListPolicies)
• List policies attached to a role (ListAttachedRolePolicies)
• List roles (ListRoles)
• List users (ListUsers)

Scenarios

Code examples that show you how to accomplish a specific task by calling multiple functions within the same service.

• Create a user and assume a role

Run the examples

Prerequisites

Prerequisites for running the examples for this service can be found in the README in the GoV2 folder.

Instructions

Hello IAM

Get started using the SDK for Go with IAM by listing policies in your account.

go run ./hello

Create a user and assume a role

This interactive scenario runs at a command prompt and shows you how to use IAM to do the following:

1. Create a user who has no permissions.
2. Create a role that grants permission to list Amazon Simple Storage Service (Amazon S3) buckets for the account.
3. Add a policy to let the user assume the role.
4. Try and fail to list buckets without permissions.
5. Assume the role and list S3 buckets using temporary credentials.
6. Delete the policy, role, and user.

Install all required resources and start the example by running the following in the iam folder at a command prompt.

go run ./cmd -scenario assumerole

Tests

⚠️ Running the tests might result in charges to your AWS account.

Instructions for running the tests for this service can be found in the README in the GoV2 folder.

Additional resources

• IAM User Guide
• IAM API Reference
• SDK for Go IAM package

---

Copyright Amazon.com, Inc. or its affiliates.

All Rights Reserved. SPDX-License-Identifier: Apache-2.0