IAM and STS SoS updates (JS SDK) (awsdocs#2536)

* IAM and STS SoS Co-authored-by: Morgan Gangwere <[email protected]>
wmwang · Dec 6, 2021 · 2b228ec · 2b228ec
1 parent 60425e7
commit 2b228ec
Show file tree

Hide file tree

Showing 78 changed files with 1,030 additions and 215 deletions.
diff --git a/.doc_gen/metadata/iam_metadata.yaml b/.doc_gen/metadata/iam_metadata.yaml
diff --git a/.doc_gen/metadata/sts_metadata.yaml b/.doc_gen/metadata/sts_metadata.yaml
@@ -19,6 +19,25 @@ sts_AssumeRole:
                 temporary credentials to list &S3; buckets for the account.
               snippet_tags:
                 - python.example_code.sts.Scenario_AssumeRoleMfa_list_buckets
+    JavaScript:
+      versions:
+        - sdk_version: 3
+          github: javascriptv3/example_code/sts
+          sdkguide:
+          excerpts:
+            - description: Create the client.
+              snippet_tags:
+                - sts.JavaScript.createclientv3
+            - description: Assume the &IAM; role.
+              snippet_tags:
+                - iam.JavaScript.sts.AssumeRoleV3
+        - sdk_version: 2
+          github: javascript/example_code/sts
+          sdkguide:
+          excerpts:
+            - description:
+              snippet_tags:
+                - sts.JavaScript.assumeRole
   services:
     sts: {AssumeRole}
 sts_GetSessionToken:

diff --git a/javascript/example_code/iam/iam_accesskeylastused.js b/javascript/example_code/iam/iam_accesskeylastused.js
@@ -14,7 +14,7 @@
  */
 
 //snippet-sourcedescription:[iam_accesskeylastused.js demonstrates how to retrieve information about the last time an IAM access key was used.]
-//snippet-keyword:[JavaScript]
+//snippet-keyword:[JavaScript]
 //snippet-sourcesyntax:[javascript]
 //snippet-keyword:[Code Sample]
 //snippet-keyword:[AWS Identity and Access Management (IAM)]

diff --git a/javascript/example_code/iam/iam_attachrolepolicy.js b/javascript/example_code/iam/iam_attachrolepolicy.js
@@ -14,7 +14,7 @@
  */
 
 //snippet-sourcedescription:[iam_attachrolepolicy.js demonstrates how to attach a managed policy to an IAM role.]
-//snippet-keyword:[JavaScript]
+//snippet-keyword:[JavaScript]
 //snippet-sourcesyntax:[javascript]
 //snippet-keyword:[Code Sample]
 //snippet-keyword:[AWS Identity and Access Management (IAM)]

diff --git a/javascript/example_code/iam/iam_createaccesskeys.js b/javascript/example_code/iam/iam_createaccesskeys.js
@@ -14,7 +14,7 @@
  */
 
 //snippet-sourcedescription:[iam_createaccesskeys.js demonstrates how to create a new AWS access key and AWS access key ID for an IAM user.]
-//snippet-keyword:[JavaScript]
+//snippet-keyword:[JavaScript]
 //snippet-sourcesyntax:[javascript]
 //snippet-keyword:[Code Sample]
 //snippet-keyword:[AWS Identity and Access Management (IAM)]

diff --git a/javascript/example_code/iam/iam_createaccountalias.js b/javascript/example_code/iam/iam_createaccountalias.js
@@ -14,7 +14,7 @@
  */
 
 //snippet-sourcedescription:[iam_createaccountalias.js demonstrates how to create an alias for an AWS account.]
-//snippet-keyword:[JavaScript]
+//snippet-keyword:[JavaScript]
 //snippet-sourcesyntax:[javascript]
 //snippet-keyword:[Code Sample]
 //snippet-keyword:[AWS Identity and Access Management (IAM)]

diff --git a/javascript/example_code/iam/iam_createpolicy.js b/javascript/example_code/iam/iam_createpolicy.js
@@ -14,7 +14,7 @@
  */
 
 //snippet-sourcedescription:[iam_createpolicy.js demonstrates how to create a managed policy for an AWS account.]
-//snippet-keyword:[JavaScript]
+//snippet-keyword:[JavaScript]
 //snippet-sourcesyntax:[javascript]
 //snippet-keyword:[Code Sample]
 //snippet-keyword:[AWS Identity and Access Management (IAM)]

diff --git a/javascript/example_code/iam/iam_createuser.js b/javascript/example_code/iam/iam_createuser.js
@@ -14,7 +14,7 @@
  */
 
 //snippet-sourcedescription:[iam_createuser.js demonstrates how to create an IAM user for an AWS account.]
-//snippet-keyword:[JavaScript]
+//snippet-keyword:[JavaScript]
 //snippet-sourcesyntax:[javascript]
 //snippet-keyword:[Code Sample]
 //snippet-keyword:[AWS Identity and Access Management (IAM)]

diff --git a/javascript/example_code/iam/iam_deleteaccesskey.js b/javascript/example_code/iam/iam_deleteaccesskey.js
@@ -14,7 +14,7 @@
  */
 
 //snippet-sourcedescription:[iam_deleteaccesskey.js demonstrates how to delete the AWS access key pair for an IAM user.]
-//snippet-keyword:[JavaScript]
+//snippet-keyword:[JavaScript]
 //snippet-sourcesyntax:[javascript]
 //snippet-keyword:[Code Sample]
 //snippet-keyword:[AWS Identity and Access Management (IAM)]

diff --git a/javascript/example_code/iam/iam_deleteaccountalias.js b/javascript/example_code/iam/iam_deleteaccountalias.js
@@ -14,7 +14,7 @@
  */
 
 //snippet-sourcedescription:[iam_deleteaccountalias.js demonstrates how to delete an alias for an AWS account.]
-//snippet-keyword:[JavaScript]
+//snippet-keyword:[JavaScript]
 //snippet-sourcesyntax:[javascript]
 //snippet-keyword:[Code Sample]
 //snippet-keyword:[AWS Identity and Access Management (IAM)]

diff --git a/javascript/example_code/iam/iam_deleteservercert.js b/javascript/example_code/iam/iam_deleteservercert.js
@@ -14,7 +14,7 @@
  */
 
 //snippet-sourcedescription:[iam_deleteservercert.js demonstrates how to delete an IAM SSL/TLS server certificate.]
-//snippet-keyword:[JavaScript]
+//snippet-keyword:[JavaScript]
 //snippet-sourcesyntax:[javascript]
 //snippet-keyword:[Code Sample]
 //snippet-keyword:[AWS Identity and Access Management (IAM)]

diff --git a/javascript/example_code/iam/iam_deleteuser.js b/javascript/example_code/iam/iam_deleteuser.js
@@ -14,7 +14,7 @@
  */
 
 //snippet-sourcedescription:[iam_deleteuser.js demonstrates how to delete an IAM user from an AWS account.]
-//snippet-keyword:[JavaScript]
+//snippet-keyword:[JavaScript]
 //snippet-sourcesyntax:[javascript]
 //snippet-keyword:[Code Sample]
 //snippet-keyword:[AWS Identity and Access Management (IAM)]

diff --git a/javascript/example_code/iam/iam_detachrolepolicy.js b/javascript/example_code/iam/iam_detachrolepolicy.js
@@ -14,7 +14,7 @@
  */
 
 //snippet-sourcedescription:[iam_detachrolepolicy.js demonstrates how to detach a managed policy from an IAM role.]
-//snippet-keyword:[JavaScript]
+//snippet-keyword:[JavaScript]
 //snippet-sourcesyntax:[javascript]
 //snippet-keyword:[Code Sample]
 //snippet-keyword:[AWS Identity and Access Management (IAM)]

diff --git a/javascript/example_code/iam/iam_getpolicy.js b/javascript/example_code/iam/iam_getpolicy.js
@@ -14,7 +14,7 @@
  */
 
 //snippet-sourcedescription:[iam_getpolicy.js demonstrates how to retrieve information about an IAM managed policy.]
-//snippet-keyword:[JavaScript]
+//snippet-keyword:[JavaScript]
 //snippet-sourcesyntax:[javascript]
 //snippet-keyword:[Code Sample]
 //snippet-keyword:[AWS Identity and Access Management (IAM)]

diff --git a/javascript/example_code/iam/iam_getservercert.js b/javascript/example_code/iam/iam_getservercert.js
@@ -14,7 +14,7 @@
  */
 
 //snippet-sourcedescription:[iam_getservercert.js demonstrates how to retrieve information about an IAM SSL/TLS server certificate.]
-//snippet-keyword:[JavaScript]
+//snippet-keyword:[JavaScript]
 //snippet-sourcesyntax:[javascript]
 //snippet-keyword:[Code Sample]
 //snippet-keyword:[AWS Identity and Access Management (IAM)]

diff --git a/javascript/example_code/iam/iam_listaccesskeys.js b/javascript/example_code/iam/iam_listaccesskeys.js
@@ -14,7 +14,7 @@
  */
 
 //snippet-sourcedescription:[iam_listaccesskeys.js demonstrates how to retrieve information about the access keys of an IAM user.]
-//snippet-keyword:[JavaScript]
+//snippet-keyword:[JavaScript]
 //snippet-sourcesyntax:[javascript]
 //snippet-keyword:[Code Sample]
 //snippet-keyword:[AWS Identity and Access Management (IAM)]

diff --git a/javascript/example_code/iam/iam_listaccountaliases.js b/javascript/example_code/iam/iam_listaccountaliases.js
@@ -14,7 +14,7 @@
  */
 
 //snippet-sourcedescription:[iam_listaccountaliases.js demonstrates how to retrieve information about the aliases for an AWS account.]
-//snippet-keyword:[JavaScript]
+//snippet-keyword:[JavaScript]
 //snippet-sourcesyntax:[javascript]
 //snippet-keyword:[Code Sample]
 //snippet-keyword:[AWS Identity and Access Management (IAM)]

diff --git a/javascript/example_code/iam/iam_listservercerts.js b/javascript/example_code/iam/iam_listservercerts.js
@@ -14,7 +14,7 @@
  */
 
 //snippet-sourcedescription:[iam_listservercerts.js demonstrates how to list the IAM SSL/TLS server certificates.]
-//snippet-keyword:[JavaScript]
+//snippet-keyword:[JavaScript]
 //snippet-sourcesyntax:[javascript]
 //snippet-keyword:[Code Sample]
 //snippet-keyword:[AWS Identity and Access Management (IAM)]

diff --git a/javascript/example_code/iam/iam_listusers.js b/javascript/example_code/iam/iam_listusers.js
@@ -14,7 +14,7 @@
  */
 
 //snippet-sourcedescription:[iam_listusers.js demonstrates how to list IAM users.]
-//snippet-keyword:[JavaScript]
+//snippet-keyword:[JavaScript]
 //snippet-sourcesyntax:[javascript]
 //snippet-keyword:[Code Sample]
 //snippet-keyword:[AWS Identity and Access Management (IAM)]

diff --git a/javascript/example_code/iam/iam_updateaccesskey.js b/javascript/example_code/iam/iam_updateaccesskey.js
@@ -14,7 +14,7 @@
  */
 
 //snippet-sourcedescription:[iam_updateaccesskey.js demonstrates how to update the status of an IAM user's access key.]
-//snippet-keyword:[JavaScript]
+//snippet-keyword:[JavaScript]
 //snippet-sourcesyntax:[javascript]
 //snippet-keyword:[Code Sample]
 //snippet-keyword:[AWS Identity and Access Management (IAM)]

diff --git a/javascript/example_code/iam/iam_updateservercert.js b/javascript/example_code/iam/iam_updateservercert.js
@@ -14,7 +14,7 @@
  */
 
 //snippet-sourcedescription:[iam_updateservercert.js demonstrates how to update the name of an IAM SSL/TLS server certificate.]
-//snippet-keyword:[JavaScript]
+//snippet-keyword:[JavaScript]
 //snippet-sourcesyntax:[javascript]
 //snippet-keyword:[Code Sample]
 //snippet-keyword:[AWS Identity and Access Management (IAM)]

diff --git a/javascript/example_code/iam/iam_updateuser.js b/javascript/example_code/iam/iam_updateuser.js
@@ -14,7 +14,7 @@
  */
 
 //snippet-sourcedescription:[iam_updateuser.js demonstrates how to update the name of an IAM user.]
-//snippet-keyword:[JavaScript]
+//snippet-keyword:[JavaScript]
 //snippet-sourcesyntax:[javascript]
 //snippet-keyword:[Code Sample]
 //snippet-keyword:[AWS Identity and Access Management (IAM)]

diff --git a/...script/example_code/iam/sts_assumerole.js → ...script/example_code/sts/sts_assumerole.js b/...script/example_code/iam/sts_assumerole.js → ...script/example_code/sts/sts_assumerole.js
@@ -1,5 +1,5 @@
 
-//snippet-sourcedescription:[sts_assumerole.js demonstrates how to use STS to assume an IAM Role.]
+//snippet-sourcedescription:[sts_assumerole.test.js demonstrates how to use STS to assume an IAM Role.]
 //snippet-keyword:[JavaScript]
 //snippet-sourcesyntax:[javascript]
 //snippet-keyword:[Code Sample]
@@ -15,6 +15,8 @@
 
 // ABOUT THIS NODE.JS SAMPLE: This sample is part of the SDK for JavaScript Developer Guide topic at
 // https://docs.aws.amazon.com/sdk-for-javascript/v2/developer-guide/sts-examples-policies.html
+
+// snippet-start:[sts.JavaScript.assumeRole]
 // Load the AWS SDK for Node.js
 const AWS = require('aws-sdk');
 // Set the region 
@@ -54,3 +56,5 @@ function stsGetCallerIdentity(creds) {
         }
     });    
 }
+// snippet-end:[sts.JavaScript.assumeRole]
+
diff --git a/javascriptv3/example_code/iam/README.md b/javascriptv3/example_code/iam/README.md
@@ -4,53 +4,71 @@ Amazon IAM enables you to manage access to AWS services and resources securely.
 ## Code examples
 This is a workspace where you can find the following AWS SDK for JavaScript version 3 (v3) Amazon IAM examples. 
 
-- [Access last key used](src/iam_accesskeylastused.js)
-- [Attach a policy to a role](src/iam_attachrolepolicy.js)
-- [Create access keys](src/iam_createaccesskeys.js)
-- [Create an account alias](src/iam_createaccountalias.js)
-- [Create an IAM policy](src/iam_createpolicy.js)
-- [Create an IAM user](src/iam_createuser.js)
-- [Delete access keys](src/iam_deleteaccesskey.js)
-- [Delete an account alias](src/iam_deleteaccountalias.js)
-- [Delete a server certificate](src/iam_deleteservercert.js)
-- [Delete an IAM user](src/iam_deleteuser.js)
-- [Detact a policy from an IAM role](src/iam_detachrolepolicy.js)
-- [Get an IAM policy](src/iam_getpolicy.js)
-- [Get a server certificate](src/iam_getservercert.js)
-- [List access keys](src/iam_listaccesskeys.js)
-- [List account aliases](src/iam_listaccountaliases.js)
-- [List server certificated](src/iam_listservercerts.js)
-- [List IAM users](src/iam_listusers.js)
-- [Update access key](src/iam_updateaccesskey.js)
-- [Update server certificate](src/iam_updateservercert.js)
-- [Update an IAM user](src/iam_updateuser.js)
-- [Assume a role](src/sts_assumerole.js)
-
-**Note**: All code examples are written in ECMAscript 6 (ES6). For guidelines on converting to CommonJS, see 
-[JavaScript ES6/CommonJS syntax](https://docs.aws.amazon.com/sdk-for-javascript/v3/developer-guide/sdk-example-javascript-syntax.html).
-
-## Getting started
+- [Access last key used](src/iam_accesskeylastused.js) (GetAccessKeyLastUsedCommand)
+- [Attach a policy to a role](src/iam_attachrolepolicy.js) (ListAttachedRolePoliciesCommand)
+- [Create access keys](src/iam_createaccesskeys.js) (CreateAccessKeyCommand)
+- [Create an account alias](src/iam_createaccountalias.js) (CreateAccountAliasCommand)
+- [Create an IAM policy](src/iam_createpolicy.js) (CreatePolicyCommand)
+- [Create an IAM user](src/iam_createuser.js) (GetUserCommand)
+- [Delete access keys](src/iam_deleteaccesskey.js) (DeleteAccessKeyCommand)
+- [Delete an account alias](src/iam_deleteaccountalias.js) (DeleteAccountAliasCommand)
+- [Delete a server certificate](src/iam_deleteservercert.js) (DeleteServerCertificateCommand)
+- [Delete an IAM user](src/iam_deleteuser.js) (GetUserCommand, DeleteUserCommand)
+- [Detact a policy from an IAM role](src/iam_detachrolepolicy.js) (ListAttachedRolePoliciesCommand)
+- [Get an IAM policy](src/iam_getpolicy.js) (GetPolicyCommand)
+- [Get a server certificate](src/iam_getservercert.js) (GetServerCertificateCommand)
+- [List access keys](src/iam_listaccesskeys.js) (ListAccessKeysCommand)
+- [List account aliases](src/iam_listaccountaliases.js) (ListAccountAliasesCommand)
+- [List server certificates](src/iam_listservercerts.js) (ListServerCertificatesCommand)
+- [List IAM users](src/iam_listusers.js) (ListUsersCommand)
+- [Update access key](src/iam_updateaccesskey.js) (UpdateAccessKeyCommand)
+- [Update server certificate](src/iam_updateservercert.js) (UpdateServerCertificateCommand)
+- [Update an IAM user](src/iam_updateuser.js) (UpdateUserCommand)
+
+**Note**: All code examples are written in ECMAscript 6 (ES6). For guidelines on converting to CommonJS, see
+[JavaScript ES6/CommonJS syntax](https://docs.aws.amazon.com/sdk-for-javascript/v3/developer-guide/sdk-examples-javascript-syntax.html).
+
+## Important
+
+- As an AWS best practice, grant this code least privilege, or only the
+  permissions required to perform a task. For more information, see
+  [Grant least privilege](https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#grant-least-privilege)
+  in the *AWS Identity and Access Management User Guide*.
+- This code has not been tested in all AWS Regions. Some AWS services are
+  available only in specific AWS Regions. For more information, see the
+  [AWS Regional Services List](https://aws.amazon.com/about-aws/global-infrastructure/regional-product-services/)
+  on the AWS website.
+- Running this code might result in charges to your AWS account.
+
+## Running the code
+
+### Prerequisites
+- An AWS account. To create an account, see [How do I create and activate a new AWS account](https://aws.amazon.com/premiumsupport/knowledge-center/create-and-activate-aws-account/) on the AWS Premium Support website.
+- AWS credentials. For details, see  [Setting credentials in Node.js](https://docs.aws.amazon.com/sdk-for-javascript/v3/developer-guide/setting-credentials-node.html) in the
+  *AWS SDK for Javascript (v3) Developer Guide*.
 
 1. Clone the [AWS SDK Code Samples repo](https://github.com/awsdocs/aws-doc-sdk-examples) to your local environment. See [the Github documentation](https://docs.github.com/en/github/creating-cloning-and-archiving-repositories/cloning-a-repository) for instructions.
 
-2. Install the dependencies listed in the package.json in the folder containing the example(s).
+2. Install the dependencies listed in the package.json.
 
-**Note**: These dependencies include the client modules for the AWS services that this example requires, 
-which are *@aws-sdk/client-iam* and *@aws-sdk/client-sts*.
 ```
 npm install node -g
-cd javascriptv3/example_code/iam
+cd javascriptv3/example_code/transcribe
 npm install
 ```
 3. In your text editor, update user variables specified in the ```Inputs``` section of the sample file.
 
 4. Run sample code:
 ```
 cd src
-node [example name].js // For example, node iam_accesskeylastused.js
+node [example name].js
 ```
 
+## Unit tests
+For more information see, the [README](../README.rst).
+
 ## Resources
-[AWS SDK for JavaScript v3](https://github.com/aws/aws-sdk-js-v3)
-[AWS SDK for JavaScript v3 Developer Guide](https://docs.aws.amazon.com/sdk-for-javascript/v3/developer-guide/iam-examples.html)
-[AWS SDK for JavaScript v3 API Reference Guide](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-iam/index.html) 
+- [AWS SDK for JavaScript v3](https://github.com/aws/aws-sdk-js-v3)
+- [AWS SDK for JavaScript v3 Developer Guide](https://docs.aws.amazon.com/sdk-for-javascript/v3/developer-guide/iam-examples.html)
+- [AWS SDK for JavaScript v3 API Reference Guide](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-iam/index.html) 
+- [Amazon DynamoDB documentation]()
diff --git a/javascriptv3/example_code/iam/src/iam_accesskeylastused.js b/javascriptv3/example_code/iam/src/iam_accesskeylastused.js
@@ -20,9 +20,9 @@ import { iamClient } from "./libs/iamClient.js";
 import { GetAccessKeyLastUsedCommand } from "@aws-sdk/client-iam";
 
 // Set the parameters
-const params = { AccessKeyId: "ACCESS_KEY_ID" }; //ACCESS_KEY_ID
+export const params = { AccessKeyId: "ACCESS_KEY_ID" }; //ACCESS_KEY_ID
 
-const run = async () => {
+export const run = async () => {
   try {
     const data = await iamClient.send(new GetAccessKeyLastUsedCommand(params));
     console.log("Success", data);
@@ -33,4 +33,4 @@ const run = async () => {
 };
 run();
 // snippet-end:[iam.JavaScript.keys.getAccessKeyLastUsedV3]
-// module.exports =  { run, params }; // For unit tests.
+
diff --git a/javascriptv3/example_code/iam/src/iam_attachrolepolicy.js b/javascriptv3/example_code/iam/src/iam_attachrolepolicy.js
@@ -26,11 +26,11 @@ import {
 // Set the parameters
 const ROLENAME = "ROLE_NAME";
 const paramsRoleList = { RoleName: ROLENAME }; //ROLE_NAME
-const params = {
+export const params = {
   PolicyArn: "arn:aws:iam::aws:policy/AmazonDynamoDBFullAccess",
   RoleName: ROLENAME,
 };
-const run = async () => {
+export const run = async () => {
   try {
     const data = await iamClient.send(
       new ListAttachedRolePoliciesCommand(paramsRoleList)
@@ -58,4 +58,4 @@ const run = async () => {
 };
 run();
 // snippet-end:[iam.JavaScript.policies.attachRolePolicyV3]
-// module.exports =  { run, params }; // For unit tests.
+
diff --git a/javascriptv3/example_code/iam/src/iam_createaccesskeys.js b/javascriptv3/example_code/iam/src/iam_createaccesskeys.js
@@ -21,9 +21,9 @@ import { iamClient } from "./libs/iamClient.js";
 import { CreateAccessKeyCommand } from "@aws-sdk/client-iam";
 
 // Set the parameters
-const params = {UserName: "IAM_USER_NAME"}; //IAM_USER_NAME
+export const params = {UserName: "IAM_USER_NAME"}; //IAM_USER_NAME
 
-const run = async () => {
+export const run = async () => {
   try {
     const data = await iamClient.send(new CreateAccessKeyCommand(params));
     console.log("Success", data);