Identity & Access Management

PasswordPolicy

class PasswordPolicy

You can set password policy on an Amazon account resource:

aws.add_password_policy(
    min_password_length=16,
)
min_password_length
require_symbols
require_numbers
require_uppercase
require_lowercase
allow_users_to_change_password
expire_passwords
max_password_age
password_reuse_prevention

Must be between 1 and 24.

hard_expiry

InstanceProfile

class InstanceProfile

You can create an InstanceProfile from an amazon account resource:

instance_profile = aws.add_instance_profile(
    name="my-instance-profile",
    roles=[my_role],
)
name
path
roles

A list of Role resources.

Role

class Role

You can create a Role from an amazon account resource:

role = aws.add_role(
    name="my-role",
    policies = {
        "s3-access": {
            # ... IAM policy definition ...
        }
    }
)
name
path
assume_role_policy

This field is a policy that describes who or what can assume this role. For example, if this is a role for EC2 instances you could set it to:

aws.add_role(
    name="my-role"
    assume_role_policy={
        "Statement": [{
            "Effect": "Allow",
            "Principal": {"Service": ["ec2.amazonaws.com"]},
            "Action": ["sts:AssumeRole"],
        }],
    },
)
policies

A dictionary of policies that apply when assuming this role.

ServerCertificate

class ServerCertificate

In order to use SSL with a touchdown.aws.cloudfront.Distribution or a touchdown.aws.elb.LoadBalancer you’ll first need to upload the SSL certificate to IAM with the ServerCertificate resource.

name
path
certificate_body
certificate_chain
private_key