Was this content helpful?
How could we make this article more helpful?
The IAM endpoint (https://iam.example.lyve.seagate.com) allows managing user accounts and permissions. Requests to the IAM endpoint must be signed specifying "iam" as service.
A user can access the system either by logging in via email and password, or via one of its access keys, and perform actions according to its role and attached policies. Note that, for all users, the username coincides with the email.
A user belong to one of the following roles:
| Role | Description |
|---|---|
| Root | Is the initial and main user of the account, has permissions on all buckets, and is able to manage users and policies. It cannot be deleted. |
| Admin | Can manage users and policies, with the exception of the Root account. |
| User | Can perform operations on buckets according to the policies it is attached. Can change own password, create and revoke own access keys. |
A policy defines a set of permissions on buckets, and can be attached to a set of users.
Attaches a policy to a user.
| Parameter | Description |
|---|---|
| Action | Must be set to AttachUserPolicy |
| Version | Must be set to 2010-05-08 |
| UserName | Name of the user the policy will be attached to |
| PolicyArn | ARN of the policy to attach |
POST / HTTP/1.1
Host: iam.example.lyve.seagate.com
Content-Length: 86
Content-Type: application/x-www-form-urlencoded
Authorization: [...]
X-Amz-Date: [...]
Action=AttachUserPolicy&
PolicyArn=arn:aws:iam::000000000000:policy/SomePolicy&
UserName=user@example.com&
Version=2010-05-08
<AttachUserPolicyResponse xmlns="https://iam.amazonaws.com/doc/2010-05-08/">
<ResponseMetadata>
<RequestId>gf7hb0r6v5ix</RequestId>
</ResponseMetadata>
</AttachUserPolicyResponse>
Changes the password of the user making the request. It requires providing the old password.
| Parameter | Description |
|---|---|
| Action | Must be set to ChangePassword |
| Version | Must be set to 2010-05-08 |
| OldPassword | Old password of the current user |
| NewPassword | New password for the current user. Must be at least 10 characters and contain numbers, lowercase and uppercase letters |
POST / HTTP/1.1
Host: iam.example.lyve.seagate.com
Content-Length: 86
Content-Type: application/x-www-form-urlencoded
Authorization: [...]
X-Amz-Date: [...]
Action=ChangePassword&
OldPassword=Password00&
NewPassword=Password01&
Version=2010-05-08
<ChangePasswordResponse xmlns="https://iam.amazonaws.com/doc/2010-05-08/">
<ResponseMetadata>
<RequestId>EXAMPLE</RequestId>
</ResponseMetadata>
</ChangePasswordResponse>
Creates a new access key for the specified user.
| Parameter | Description |
|---|---|
| Action | Must be set to CreateAccessKey |
| Version | Must be set to 2010-05-08 |
| UserName | Username of the user for whom the access key should be created. If not specified, it defaults to the user making the request. |
POST / HTTP/1.1
Host: iam.example.lyve.seagate.com
Content-Length: [...]
Content-Type: application/x-www-form-urlencoded
Authorization: [...]
X-Amz-Date: [...]
Action=CreateAccessKey&
UserName=user@example.com&
Version=2010-05-08
<CreateAccessKeyResponse xmlns="https://iam.amazonaws.com/doc/2010-05-08/">
<ResponseMetadata>
<RequestId>830kau3a8zis</RequestId>
</ResponseMetadata>
<CreateAccessKeyResult>
<AccessKey>
<UserName>user@example.com</UserName>
<AccessKeyId>AWS4AKIAKMEQGHROSDH7BKLB4QMNZAVANP4PGEZYJSWPBI4P4GTWGXDC</AccessKeyId>
<Status>Active</Status>
<SecretAccessKey>HCXL33NNPWX2EVEFHUZIGM234UJ64PUP2444OIFE3EOZHGVUG2GQ</SecretAccessKey>
</AccessKey>
</CreateAccessKeyResult>
</CreateAccessKeyResponse>
Creates a new policy. Note that, except for the PolicyDocument, the other parameters cannot be updated after creation.
| Parameter | Description |
|---|---|
| Action | Must be set to CreatePolicy |
| Version | Must be set to 2010-05-08 |
| Description | User-friendly description of the policy |
| PolicyDocument | Policy document in the AWS policy format |
| PolicyName | Name for the new policy |
Newlines added for clarity.
POST / HTTP/1.1
Host: iam.example.lyve.seagate.com
Content-Length: [...]
Content-Type: application/x-www-form-urlencoded
Authorization: [...]
X-Amz-Date: [...]
Action=CreatePolicy&
Description=Gives all permissions for the bucket "abc-bucket"&
Path=/&
PolicyDocument={"Statement":[{"Action":["s3:GetObject","s3:PutObject","s3:DeleteObject","s3:ListBucket"],"Effect":"Allow","Resource":"arn:aws:s3:::abc-bucket*"},{"Action":["s3:ListAllMyBuckets"],"Effect":"Allow","Resource":"*"}],"Version":"2012-10-17","Managed":true}&
PolicyName=NewPolicy4567&
Version=2010-05-08
<CreatePolicyResponse xmlns="https://iam.amazonaws.com/doc/2010-05-08/">
<ResponseMetadata>
<RequestId>zd167x71f527</RequestId>
</ResponseMetadata>
<CreatePolicyResult>
<Policy>
<PolicyName>NewPolicy4567</PolicyName>
<DefaultVersionId>v1</DefaultVersionId>
<PolicyId>ANPASMVHTBHTUB7AMZUTK</PolicyId>
<Path>/</Path>
<Arn>arn:aws:iam::000000000000:policy/NewPolicy4567</Arn>
<AttachmentCount>0</AttachmentCount>
<CreateDate>2019-03-25T09:16:31.497Z</CreateDate>
<UpdateDate>2019-03-25T09:16:31.497Z</UpdateDate>
<Description></Description>
</Policy>
</CreatePolicyResult>
</CreatePolicyResponse>
Updates a policy, creating a new version
| Parameter | Description |
|---|---|
| Action | Must be set to CreatePolicyVersion |
| Version | Must be set to 2010-05-08 |
| SetAsDefault | If set to true, sets the new version as default, making it in effect |
| PolicyDocument | Policy document in the AWS policy format |
| PolicyArn | ARN of the policy to update |
Newlines added for clarity.
POST / HTTP/1.1
Host: iam.example.lyve.seagate.com
Content-Length: [...]
Content-Type: application/x-www-form-urlencoded
Authorization: [...]
X-Amz-Date: [...]
Action=CreatePolicyVersion&
PolicyArn=arn:aws:iam::000000000000:policy/NewPolicy4567&
PolicyDocument={"Statement":[{"Action":["s3:GetObject","s3:ListBucket"],"Effect":"Allow","Resource":"*"},{"Action":["s3:ListAllMyBuckets"],"Effect":"Allow","Resource":"*"}],"Version":"2012-10-17"}&
SetAsDefault=true&
Version=2010-05-08
<CreatePolicyVersionResponse xmlns="https://iam.amazonaws.com/doc/2010-05-08/">
<ResponseMetadata>
<RequestId>kbslm8tegjc8</RequestId>
</ResponseMetadata>
<CreatePolicyVersionResult>
<PolicyVersion>
<IsDefaultVersion>true</IsDefaultVersion>
<VersionId>vGRC019YCN3QZ</VersionId>
<CreateDate>2019-03-25T09:16:31.497Z</CreateDate>
</PolicyVersion>
</CreatePolicyVersionResult>
</CreatePolicyVersionResponse>
Creates a new user with the specified email address.
| Parameter | Description |
|---|---|
| Action | Must be set to CreateUser |
| Version | Must be set to 2010-05-08 |
| UserName | Email of the user to create |
POST / HTTP/1.1
Host: iam.example.lyve.seagate.com
Content-Length: [...]
Content-Type: application/x-www-form-urlencoded
Authorization: [...]
X-Amz-Date: [...]
Action=CreateUser&
UserName=user2@example.com&
Version=2010-05-08
<CreateUserResponse xmlns="https://iam.amazonaws.com/doc/2010-05-08/">
<ResponseMetadata>
<RequestId>t3v4bkwxvk0k</RequestId>
</ResponseMetadata>
<CreateUserResult>
<User>
<Path></Path>
<UserName>cshhkvuc3sym@example.com</UserName>
<UserId>100000000546</UserId>
<Arn>arn:aws:iam::000000000000:user/cshhkvuc3sym@example.com</Arn>
</User>
</CreateUserResult>
</CreateUserResponse>
Deletes the specified access key. Both the email of the user the key belongs to and the access key id should be specified. If the email of the user is not provided, it defaults to the user making the request.
| Parameter | Description |
|---|---|
| Action | Must be set to DeleteAccessKey |
| Version | Must be set to 2010-05-08 |
| UserName | Email of the user whose access key should be deleted |
| AccessKeyId | ID of the access key to delete |
Newlines added for clarity.
POST / HTTP/1.1
Host: iam.example.lyve.seagate.com
Content-Length: [...]
Content-Type: application/x-www-form-urlencoded
Authorization: [...]
X-Amz-Date: [...]
AccessKeyId=AWS4AKIAUAAECGIBEUZO3FG2GZBERAAGU2RXEVJYATF2A5XYSYCHCK4V&
Action=DeleteAccessKey&
UserName=user2@example.com&
Version=2010-05-08
<DeleteAccessKeyResponse xmlns="https://iam.amazonaws.com/doc/2010-05-08/">
<ResponseMetadata>
<RequestId>wztbdx32kks5</RequestId>
</ResponseMetadata>
</DeleteAccessKeyResponse>
Deletes the specified policy, if this is not attached to any user, and all of its previous versions (if any) have been previously deleted. You can use respectively DetachUserPolicy and DeletePolicyVersion to detach the policy from users, and to remove the previous policy versions.
| Parameter | Description |
|---|---|
| Action | Must be set to DeletePolicy |
| Version | Must be set to 2010-05-08 |
| PolicyArn | ARN of the policy to delete |
Newlines added for clarity.
POST / HTTP/1.1
Host: iam.example.lyve.seagate.com
Content-Length: [...]
Content-Type: application/x-www-form-urlencoded
Authorization: [...]
X-Amz-Date: [...]
Action=DeletePolicy&
PolicyArn=arn:aws:iam::000000000000:policy/TestA24152&
Version=2010-05-08
<DeletePolicyResponse xmlns="https://iam.amazonaws.com/doc/2010-05-08/">
<ResponseMetadata>
<RequestId>alweq16xfjj9</RequestId>
</ResponseMetadata>
</DeletePolicyResponse>
Deletes the specified policy, if this is not attached to any user, and all of its previous versions (if any) have been previously deleted. You can use respectively DetachUserPolicy and DeletePolicyVersion to detach the policy from users, and to remove the previous policy versions.
| Parameter | Description |
|---|---|
| Action | Must be set to DeletePolicyVersion |
| Version | Must be set to 2010-05-08 |
| PolicyArn | ARN of the policy whose version you wish to delete |
| VersionId | ID of the version to delete, as returned by GetPolicy or ListPolicyVersions |
Newlines added for clarity.
POST / HTTP/1.1
Host: iam.example.lyve.seagate.com
Content-Length: [...]
Content-Type: application/x-www-form-urlencoded
Authorization: [...]
X-Amz-Date: [...]
Action=DeletePolicy&
PolicyArn=arn:aws:iam::000000000000:policy/TestA24152&
VersionId=vMFW10Z4EF4HL&
Version=2010-05-08
<DeletePolicyVersionResponse xmlns="https://iam.amazonaws.com/doc/2010-05-08/">
<ResponseMetadata>
<RequestId>caonjqj712u7</RequestId>
</ResponseMetadata>
</DeletePolicyVersionResponse>
Deletes the specified user. Note that before deleting the user, you must first delete all of its keys, and detach all policies from it. Note also that a user cannot delete itself, and that a root user cannot be deleted.
| Parameter | Description |
|---|---|
| Action | Must be set to DeletePolicyVersion |
| Version | Must be set to 2010-05-08 |
| UserName | Email of the user to delete |
Newlines added for clarity.
POST / HTTP/1.1
Host: iam.example.lyve.seagate.com
Content-Length: [...]
Content-Type: application/x-www-form-urlencoded
Authorization: [...]
X-Amz-Date: [...]
Action=DeleteUser
&UserName=TestUser256@example.com
&Version=2010-05-08
<DeleteUserResponse xmlns="https://iam.amazonaws.com/doc/2010-05-08/">
<ResponseMetadata>
<RequestId>5tk62707tkxv</RequestId>
</ResponseMetadata>
</DeleteUserResponse>
Detaches a policy from a user.
| Parameter | Description |
|---|---|
| Action | Must be set to DetachUserPolicy |
| Version | Must be set to 2010-05-08 |
| UserName | Email of the user to delete |
| PolicyArn | ARN of the policy the to detach |
Newlines added for clarity.
POST / HTTP/1.1
Host: iam.example.lyve.seagate.com
Content-Length: [...]
Content-Type: application/x-www-form-urlencoded
Authorization: [...]
X-Amz-Date: [...]
Action=DetachUserPolicy&
PolicyArn=arn:aws:iam::000000000000:policy/ABCABC&
UserName=user1@example.com&
Version=2010-05-08
<DetachUserPolicyResponse xmlns="https://iam.amazonaws.com/doc/2010-05-08/">
<ResponseMetadata>
<RequestId>a95qpalps1gc</RequestId>
</ResponseMetadata>
</DetachUserPolicyResponse>
Gets metadata about a given policy
| Parameter | Description |
|---|---|
| Action | Must be set to GetPolicy |
| Version | Must be set to 2010-05-08 |
| PolicyArn | ARN of the policy |
Newlines added for clarity.
POST / HTTP/1.1
Host: iam.example.lyve.seagate.com
Content-Length: [...]
Content-Type: application/x-www-form-urlencoded
Authorization: [...]
X-Amz-Date: [...]
Action=GetPolicy&
PolicyArn=arn:aws:iam::000000000000:policy/ABCABC&
Version=2010-05-08
<GetPolicyResponse xmlns="https://iam.amazonaws.com/doc/2010-05-08/">
<ResponseMetadata>
<RequestId>1hxikd7dm49b</RequestId>
</ResponseMetadata>
<GetPolicyResult>
<Policy>
<PolicyName>ABCABC</PolicyName>
<DefaultVersionId>vMFW10Z4EF4HL</DefaultVersionId>
<PolicyId>ANVAP1OHCTVKCZR4TWB3F</PolicyId>
<Path>/</Path>
<Arn>arn:aws:iam::000000000000:policy/ABCABC</Arn>
<AttachmentCount>2</AttachmentCount>
<CreateDate>2019-03-14T11:23:36.776Z</CreateDate>
<UpdateDate>2019-03-14T11:23:36.776Z</UpdateDate>
<Description>policy description</Description>
</Policy>
</GetPolicyResult>
</GetPolicyResponse>
Gets the specified policy version, with its policy document
| Parameter | Description |
|---|---|
| Action | Must be set to GetPolicyVersion |
| Version | Must be set to 2010-05-08 |
| PolicyArn | ARN of the policy |
| VersionId | ID of the policy version |
Newlines added for clarity.
POST / HTTP/1.1
Host: iam.example.lyve.seagate.com
Content-Length: [...]
Content-Type: application/x-www-form-urlencoded
Authorization: [...]
X-Amz-Date: [...]
Action=GetPolicyVersion&
PolicyArn=arn:aws:iam::000000000000:policy/ABCABC&
Version=2010-05-08&
VersionId=vMFW10Z4EF4HL
<GetPolicyVersionResponse xmlns="https://iam.amazonaws.com/doc/2010-05-08/">
<ResponseMetadata>
<RequestId>s9h55m6gm6st</RequestId>
</ResponseMetadata>
<GetPolicyVersionResult>
<PolicyVersion>
<Document>{"Statement":[{"Action":["s3:GetObject","s3:PutObject","s3:DeleteObject","s3:ListBucket"],"Effect":"Allow","Resource":"arn:aws:s3:::testbucket*"},{"Action":["s3:PutObject","s3:DeleteObject"],"Effect":"Allow","Resource":"arn:aws:s3:::abc-bucket*"},{"Action":["s3:ListAllMyBuckets"],"Effect":"Allow","Resource":"*"}],"Version":"2012-10-17","Managed":true}</Document>
<IsDefaultVersion>true</IsDefaultVersion>
<VersionId>vMFW10Z4EF4HL</VersionId>
<CreateDate>2019-03-14T11:23:36.776Z</CreateDate>
</PolicyVersion>
</GetPolicyVersionResult>
</GetPolicyVersionResponse>
Retrieves a list of the access keys belonging to a given user
| Parameter | Description |
|---|---|
| Action | Must be set to ListAccessKeys |
| Version | Must be set to 2010-05-08 |
| UserName | Email of the user whose access keys should be listed |
Newlines added for clarity.
POST / HTTP/1.1
Host: iam.example.lyve.seagate.com
Content-Length: [...]
Content-Type: application/x-www-form-urlencoded
Authorization: [...]
X-Amz-Date: [...]
Action=ListAccessKeys&
UserName=user@example.com&
Version=2010-05-08
<ListAccessKeysResponse xmlns="https://iam.amazonaws.com/doc/2010-05-08/">
<ResponseMetadata>
<RequestId>hhbsxpz2r66y</RequestId>
</ResponseMetadata>
<ListAccessKeysResult>
<AccessKeyMetadata>
<member>
<UserName>user@example.com</UserName>
<AccessKeyId>AWS4AKIANWYVBGWUGE2PQY7HPOH4QNI6SDDSA6UPQFCTRFLHVCKBZCGA</AccessKeyId>
<Status>Active</Status>
<CreateDate>2019-03-15T16:56:56.434Z</CreateDate>
</member>
<member>
<UserName>user@example.com</UserName>
<AccessKeyId>AWS4AMQVFJACLX5R6FCBRFR3Z2LMYP5KBFBQCVQW3JFARBENYJC6SLZA</AccessKeyId>
<Status>Active</Status>
<CreateDate>2019-03-14T12:00:30.358Z</CreateDate>
</member>
</AccessKeyMetadata>
<UserName>user@example.com</UserName>
<IsTruncated>false</IsTruncated>
</ListAccessKeysResult>
</ListAccessKeysResponse>
Retrieves a list of the policies attached to a given user.
| Parameter | Description |
|---|---|
| Action | Must be set to ListAttachedUserPolicies |
| Version | Must be set to 2010-05-08 |
| UserName | Email of the user whose attached policies should be listed |
Newlines added for clarity.
POST / HTTP/1.1
Host: iam.example.lyve.seagate.com
Content-Length: [...]
Content-Type: application/x-www-form-urlencoded
Authorization: [...]
X-Amz-Date: [...]
Action=ListAttachedUserPolicies&
UserName=user@example.com&
Version=2010-05-08
<ListAttachedUserPoliciesResponse xmlns="https://iam.amazonaws.com/doc/2010-05-08/">
<ResponseMetadata>
<RequestId>6brrrkcl3nem</RequestId>
</ResponseMetadata>
<ListAttachedUserPoliciesResult>
<AttachedPolicies>
<member>
<PolicyName>Policy1</PolicyName>
<PolicyArn>arn:aws:iam::000000000000:policy/Policy1</PolicyArn>
</member>
</AttachedPolicies>
<IsTruncated>false</IsTruncated>
<Marker></Marker>
</ListAttachedUserPoliciesResult>
</ListAttachedUserPoliciesResponse>
Retrieves a list of all the users to which the specified policy is attached.
| Parameter | Description |
|---|---|
| Action | Must be set to ListEntitiesForPolicy |
| Version | Must be set to 2010-05-08 |
| PolicyArn | ARN of the policy |
Newlines added for clarity.
POST / HTTP/1.1
Host: iam.example.lyve.seagate.com
Content-Length: [...]
Content-Type: application/x-www-form-urlencoded
Authorization: [...]
X-Amz-Date: [...]
Action=ListEntitiesForPolicy
&PolicyArn=arn:aws:iam::000000000000:policy/ABCABC
&Version=2010-05-08
<ListEntitiesForPolicyResponse xmlns="https://iam.amazonaws.com/doc/2010-05-08/">
<ResponseMetadata>
<RequestId>7pzdvnk5er4i</RequestId>
</ResponseMetadata>
<ListEntitiesForPolicyResult>
<PolicyUsers>
<member>
<UserName>user2@example.com</UserName>
</member>
<member>
<UserName>user@example.com</UserName>
</member>
</PolicyUsers>
<PolicyRoles></PolicyRoles>
<PolicyGroups></PolicyGroups>
<IsTruncated>false</IsTruncated>
</ListEntitiesForPolicyResult>
</ListEntitiesForPolicyResponse>
Retrieves a list of all the policies. The list can be optionally filtered by specifying PathPrefix or OnlyAttached.
| Parameter | Description |
|---|---|
| Action | Must be set to ListPolicies |
| Version | Must be set to 2010-05-08 |
| PathPrefix | If specified, only the policies having a Path with the given prefix are returned |
| OnlyAttached | If specified, only the policies attached to some user are returned |
Newlines added for clarity.
POST / HTTP/1.1
Host: iam.example.lyve.seagate.com
Content-Length: [...]
Content-Type: application/x-www-form-urlencoded
Authorization: [...]
X-Amz-Date: [...]
Action=ListPolicies
&Version=2010-05-08
<ListPoliciesResponse xmlns="https://iam.amazonaws.com/doc/2010-05-08/">
<ResponseMetadata>
<RequestId>s5eb8nlvydf2</RequestId>
</ResponseMetadata>
<ListPoliciesResult>
<Policies>
<member>
<PolicyName>Policy1</PolicyName>
<DefaultVersionId>vMFW10Z4EF4HL</DefaultVersionId>
<PolicyId>ANVAP1OHCTVKCZR4TWB3F</PolicyId>
<Path>/</Path>
<Arn>arn:aws:iam::000000000000:policy/Policy1</Arn>
<AttachmentCount>2</AttachmentCount>
<CreateDate>2019-03-14T11:23:36.776Z</CreateDate>
<UpdateDate>2019-03-14T11:23:36.776Z</UpdateDate>
<Description>first test policy</Description>
</member>
<member>
<PolicyName>Policy2</PolicyName>
<DefaultVersionId>v0169a042bpk3</DefaultVersionId>
<PolicyId>ANVAEQ3KKQOMWALATC1QT</PolicyId>
<Path>/</Path>
<Arn>arn:aws:iam::000000000000:policy/Policy2</Arn>
<AttachmentCount>3</AttachmentCount>
<CreateDate>2019-03-12T14:11:38.767Z</CreateDate>
<UpdateDate>2019-03-12T14:11:38.767Z</UpdateDate>
<Description>second test policy</Description>
</member>
</Policies>
<IsTruncated>false</IsTruncated>
<Marker></Marker>
</ListPoliciesResult>
</ListPoliciesResponse>
Retrieves a list of versions of a specified policy
| Parameter | Description |
|---|---|
| Action | Must be set to ListPolicyVersions |
| Version | Must be set to 2010-05-08 |
| PolicyArn | ARN of the policy |
Newlines added for clarity.
POST / HTTP/1.1
Host: iam.example.lyve.seagate.com
Content-Length: [...]
Content-Type: application/x-www-form-urlencoded
Authorization: [...]
X-Amz-Date: [...]
Action=ListPolicyVersions
&PolicyArn=arn:aws:iam::000000000000:policy/TestPolicy
&Version=2010-05-08
<ListPolicyVersionsResponse xmlns="https://iam.amazonaws.com/doc/2010-05-08/">
<ResponseMetadata>
<RequestId>s77xvbxffqqb</RequestId>
</ResponseMetadata>
<ListPolicyVersionsResult>
<Versions>
<member>
<IsDefaultVersion>false</IsDefaultVersion>
<VersionId>v1</VersionId>
<CreateDate>2019-03-14T11:23:36.776Z</CreateDate>
</member>
<member>
<IsDefaultVersion>true</IsDefaultVersion>
<VersionId>v2Z0F1XI574I7</VersionId>
<CreateDate>2019-03-14T11:37:20.523Z</CreateDate>
</member>
</Versions>
<IsTruncated>false</IsTruncated>
<Marker></Marker>
</ListPolicyVersionsResult>
</ListPolicyVersionsResponse>
List all users.
| Parameter | Description |
|---|---|
| Action | Must be set to ListUsers |
| Marker | Pagination support. Unused. |
| MaxItems | Pagination support. Unused. |
| PathPrefix | User filtering. Not supported yet. |
| Version | Must be set to 2010-05-08 |
Newlines added for clarity.
POST / HTTP/1.1
Host: iam.example.lyve.seagate.com
Content-Length: [...]
Content-Type: application/x-www-form-urlencoded
Authorization: [...]
X-Amz-Date: [...]
Action=ListUsers
&Version=2010-05-08
<ListUsersResponse xmlns="https://iam.amazonaws.com/doc/2010-05-08/">
<ResponseMetadata>
<RequestId>mujpkfxe7slp</RequestId>
</ResponseMetadata>
<ListUsersResult>
<Users>
<member>
<UserId>100000000042</UserId>
<Path>/</Path>
<UserName>testuser@example.com</UserName>
<Arn>arn:aws:iam::000000000000:user/testuser@example.com</Arn>
<CreateDate>2019-03-25T10:56:28.523Z</CreateDate>
<PasswordLastUsed>2019-03-25T10:56:28.523Z</PasswordLastUsed>
</member>
<member>
<UserId>100000000024</UserId>
<Path></Path>
<UserName>example@example.com</UserName>
<Arn>arn:aws:iam::000000000000:user/example@example.com</Arn>
<CreateDate>2019-03-25T10:56:28.523Z</CreateDate>
<PasswordLastUsed>2019-03-25T10:56:28.523Z</PasswordLastUsed>
</member>
</Users>
<IsTruncated>false</IsTruncated>
</ListUsersResult>
</ListUsersResponse>
Set the specified version of a policy as the default (active) version.
Note that this changes the currently active version for all attached entities.
| Parameter | Description |
|---|---|
| Action | Must be set to SetDefaultPolicyVersion |
| PolicyArn | ARN of the policy. example: arn:aws:iam::123456789012:policy/policy-name |
| VersionId | Version of the policy that you want as default |
| Version | Must be set to 2010-05-08 |
Newlines added for clarity.
POST / HTTP/1.1
Host: iam.example.lyve.seagate.com
User-Agent: [...]
Content-Type: application/x-www-form-urlencoded; charset=utf-8
X-Amz-Content-Sha256: [...]
X-Amz-Date: 20190325T103156Z
Authorization: [...]
Content-Length: [...]
Action=SetDefaultPolicyVersion
&PolicyArn=arn:aws:iam::123456789012:policy/policy-name
&VersionId=v42
&Version=2010-05-08
<SetDefaultPolicyResponse xmlns="https://iam.amazonaws.com/doc/2010-05-08/">
<ResponseMetadata>
<RequestId>42bgut3b75zt</RequestId>
</ResponseMetadata>
</SetDefaultPolicyResponse>
Changes the password for the specified IAM user. For the current user use the "ChangePassword" API instead
| Parameter | Description |
|---|---|
| Action | Must be set to UpdateLoginProfile |
| Password | New password. Needs uppercase, lowercase, digits and at least 10 total characters |
| PasswordResetRequired | True/false |
| UserName | Username to reset the password to |
| Version | Must be set to 2010-05-08 |
Newlines added for clarity.
POST / HTTP/1.1
Host: iam.example.lyve.seagate.com
User-Agent: [...]
Content-Type: application/x-www-form-urlencoded; charset=utf-8
X-Amz-Content-Sha256: [...]
X-Amz-Date: 20190325T103156Z
Authorization: [...]
Content-Length: [...]
Action=UpdateLoginProfile
&Password=Password22
&PasswordResetRequired=false
&UserName=testuser@example.com
&Version=2010-05-08
<UpdateLoginProfileResponse xmlns="https://iam.amazonaws.com/doc/2010-05-08/">
<ResponseMetadata>
<RequestId>27bgut3b75zt</RequestId>
</ResponseMetadata>
</UpdateLoginProfileResponse>
Retrieves information about a list of users. If no user is specified, information about the current user is returned. Only Root or Admin users can retrieve information about other users.
| Parameter | Description |
|---|---|
| Action | Must be set to RSGetUserInfo |
| Version | Must be set to 2010-05-08 |
| UserList.$number | Username whose information should be retrieved |
The response is a json document containing, for each user:
Newlines added for clarity.
POST / HTTP/1.1
Host: iam.example.lyve.seagate.com
User-Agent: [...]
Content-Type: application/x-www-form-urlencoded; charset=utf-8
X-Amz-Content-Sha256: [...]
X-Amz-Date: 20190325T103156Z
Authorization: [...]
Content-Length: [...]
Action=RSGetUserInfo&
UserList.1=firstuser%40example.com&
UserList.2=seconduser%40example.com&
UserList.3=nonexistent&
Version=2010-05-08
[
{
"Id": "100000000780",
"Name": "firstuser@example.com",
"PwdMustChange": true,
"Email": "firstuser@example.com",
"Firstname": "First",
"Lastname": "User",
"Type": "admin",
"CreatedOn": "2019-05-02T06:26:06.818Z",
"LastAccess": "0001-01-01T00:00:00Z",
"Path": "",
"Root": "example",
"AuthMethod": "password"
},
{
"Id": "100000000781",
"Name": "seconduser@example.com",
"PwdMustChange": true,
"Email": "seconduser@example.com",
"Firstname": "First",
"Lastname": "User",
"Type": "user",
"CreatedOn": "2019-05-02T06:26:06.859Z",
"LastAccess": "0001-01-01T00:00:00Z",
"Path": "",
"Root": "example",
"AuthMethod": "federated"
}
]
Sets information for a given user.
| Parameter | Description |
|---|---|
| Action | Must be set to RSSetUserInfo |
| Version | Must be set to 2010-05-08 |
| Name | User whose information should be set |
| Firstname | First name to set |
| Lastname | Last name to set |
| Type | Type of user (root, admin, user) |
Returns a status code reflecting the outcome of the operation.
Newlines added for clarity.
POST / HTTP/1.1
Host: iam.example.lyve.seagate.com
User-Agent: [...]
Content-Type: application/x-www-form-urlencoded; charset=utf-8
X-Amz-Content-Sha256: [...]
X-Amz-Date: 20190325T103156Z
Authorization: [...]
Content-Length: [...]
Action=RSSetUserInfo&
Version=2010-05-08&
Name=firstuser@example.com&
Firstname=John&
Lastname=Smith&
Type=user
Returns the requested password reset token for a given user. Root and Admin users can obtain reset tokens for other users; in this case, the old password is immediately invalidated. Generated tokens are valid for 6 hours.
| Parameter | Description |
|---|---|
| Action | Must be set to RSGetToken |
| Version | Must be set to 2010-05-08 |
| Type | Must be set to pwd_reset |
| UserName | User whose password reset token should be obtained (defaults to the current user) |
Returns the requested password reset token in a JSON object.
Newlines added for clarity.
POST / HTTP/1.1
Host: iam.example.lyve.seagate.com
User-Agent: [...]
Content-Type: application/x-www-form-urlencoded; charset=utf-8
X-Amz-Content-Sha256: [...]
X-Amz-Date: 20190325T103156Z
Authorization: [...]
Content-Length: [...]
Action=RSGetToken&
Version=2010-05-08&
Type=pwd_reset&
UserName=firstuser%40example.com
{
"Token": "AAAAAAAAAAAAAFMCAAAAAAAAAAAAAAAATMYFBVC2V3PJH3MDVOPV62XKJYRP7K2AUE6LCEV45ZQK4IA776W4F6A2OY2XYXJCHMJ5U4MJ2NXGQTK2XVBWVHQG43A3CC2PPX5NSKI="
}
Resets a user's password using a password reset token. Note this call is not authenticated.
| Parameter | Description |
|---|---|
| Action | Must be set to RSGetToken |
| Version | Must be set to 2010-05-08 |
| Token | Password reset token |
| NewPassword | New password to set |
Returns a status code reflecting the outcome of the operation.
Newlines added for clarity.
POST / HTTP/1.1
Host: iam.example.lyve.seagate.com
User-Agent: [...]
Content-Type: application/x-www-form-urlencoded; charset=utf-8
Content-Length: [...]
Action=RSResetPassword&
Version=2010-05-08&
Token=output.Token&
NewPassword=Password24
Prepares a 2FA secret for current user. After obtaining the secret, user can enable 2FA via RSEnableTFA API. The secret expires after 30 minutes.
| Parameter | Description |
|---|---|
| Action | Must be set to RSPrepareTFA |
| Version | Must be set to 2010-05-08 |
Returns a secret key for generating time-based one-time passwords and a QR code image containing OTP URI with that secret.
POST / HTTP/1.1
Host: iam.example.lyve.seagate.com
User-Agent: [...]
Content-Type: application/x-www-form-urlencoded; charset=utf-8
X-Amz-Content-Sha256: [...]
X-Amz-Date: [...]
Authorization: [...]
Content-Length: [...]
Action=RSPrepareTFA&
Version=2010-05-08
{
"secret": "RCULN35A63IMSO5UMW6FSUJIOTUOCDE7...",
"qrCodeUrl": "data:image/png;base64,iVBORw0KGo..."
}
Verifies the received OTP and enables 2FA for current user.
| Parameter | Description |
|---|---|
| Action | Must be set to RSEnableTFA |
| Version | Must be set to 2010-05-08 |
| OTP | 6-digit OTP derived from the secret from RSPrepareTFA |
Returns 10 recovery codes that can be used instead of OTP in case the user loses their 2FA device.
POST / HTTP/1.1
Host: iam.example.lyve.seagate.com
User-Agent: [...]
Content-Type: application/x-www-form-urlencoded; charset=utf-8
X-Amz-Content-Sha256: [...]
X-Amz-Date: [...]
Authorization: [...]
Content-Length: [...]
Action=RSEnableTFA&
Version=2010-05-08&
OTP=880631
{
"recoveryCodes": [
"52895ace",
"f20f43ef",
"f1ebaf4d",
...
]
}
Disables 2FA for current user.
| Parameter | Description |
|---|---|
| Action | Must be set to RSDisableTFA |
| Version | Must be set to 2010-05-08 |
POST / HTTP/1.1
Host: iam.example.lyve.seagate.com
User-Agent: [...]
Content-Type: application/x-www-form-urlencoded; charset=utf-8
X-Amz-Content-Sha256: [...]
X-Amz-Date: [...]
Authorization: [...]
Content-Length: [...]
Action=RSDisableTFA&
Version=2010-05-08
Create a new customer under the current Reseller. This action should be performed using a Reseller account.
| Parameter | Description |
|---|---|
| CustomerName | The name of the new customer (is enforced lowercase by the backend) |
| CustomerEmail | The email of the new customer |
| AssumeRoleControl | Specify who can control "AssumeRole" option for this customer: {"reseller", "customer", ""} |
| "reseller" => only the reseller can control it | |
| "customer" => only the customer can decide if want to be managed or not | |
| "" => if not set, "AssumeRole" is disabled | |
| ReplicationEnforcement | Specify if the customer can choose the replica location |
| Regions | Is a list containing the available Regions for the given customer |
| RestrictServiceAccess | Optional; if true, customer will not have access to any services initially. Services can be enabled through iam:RSSetCustomerServiceAccessLevel action |
POST / HTTP/1.1
Host: iam.example.lyve.seagate.com
Content-Length: 182
Content-Type: application/x-www-form-urlencoded
Authorization: [...]
X-Amz-Date: [...]
Action=RSCreateCustomer&
Version=2010-05-08&
Name=NewCorp&
Email=admin%40newcorp.com&
Password=Password22&
AssumeRoleControl=customer&
ReplicationEnforcement=false&
ReplicationPolicy=%7B%7D
{
"Ok": true,
"Root": "lyve:newcorp",
"RootID": "100000000288"
}
Modify an existing customer properties.
| Parameter | Description |
|---|---|
| CustomerName | The name of the new customer |
| AssumeRoleEnabled | Set if the AssumeRole is enabled or not |
| Status | Set the status for the specified customer: "enabled", "disabled", "deleted" |
| ReplicationEnforcement | Specify if the customer can choose the replica location |
| Regions | Is a list containing the available Regions for the given customer |
POST / HTTP/1.1
Host: iam.example.lyve.seagate.com
Content-Length: 133
Content-Type: application/x-www-form-urlencoded
Authorization: [...]
X-Amz-Date: [...]
Action=RSModifyCustomer&
Version=2010-05-08&
CustomerName=newcorp&
ReplicationEnforcement=false&
ReplicationPolicy=null&
Status=disabled
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Etag,X-Lyve-Size,X-Lyve-Replication-Status
Date: Mon, 14 Oct 2019 09:17:58 GMT
Content-Length: 0
Return a list of all Customers. Only a reseller account can perform this request.
POST /?Action=RSListCustomer&Version=2010-05-08
Host: iam.example.lyve.seagate.com
[
{
"Name":"newcorp",
"RootID":"100000000288",
"Active":false,
"CreatedOn":"2019-10-14T08:28:10.029Z",
"SuspendedAt":"2019-10-14T09:17:58.647Z",
"AssumeRoleControl":"customer",
"AssumeRoleEnabled":false,
"Regions":["DCA02", "SJC03"],
"ReplicationEnforcement":false
},
]
Return details about a specific customer. Only a reseller account can perform this request.
POST /?Action=RSCustomerDetails&Version=2010-05-08&CustomerName=newcorp
Host: iam.example.lyve.seagate.com
{
"Email":"admin@newcorp.com",
"LastAccess":"2019-10-12T13:17:14.760Z",
"AssumeRoleControl":"customer",
"AssumeRoleEnabled":true,
"Active":true,
"NumBuckets":3,
"NumFiles":12,
"NumUsers":2,
"NumAdminUsers":0,
"NumAdminRoots":2,
"UsedSpace":741987
}
Return a sorted list of regions available to the customer making the request and the value of the ReplicationEnforcement setting.
If ReplicationEnforcement is set to true, the customer is not able to create buckets with a different replication policy.
When called by a reseller, the Customer parameter allows retrieving the replication policy of a specific customer.
POST /?Action=RSAvailableRegions&Version=2010-05-08&Customer=newcorp
Host: iam.example.lyve.seagate.com
{
"Regions": ["SJC03", "DCA02"],
"ReplicationEnforcement": true,
}
Serves per-day statistics and billing data. The response consists of:
Stats: per-datacenter transfer statisticsUsedSpace: used and ghost space, used for billing.ObjectCount: total number of total objectsEntries are in reverse-chronological order.
| Parameter | Description |
|---|---|
| Action | Must be set to RSListBillingData |
| Version | Must be set to 2010-05-08 |
| From | ISO-8601-formatted UTC date of the first requested day |
| Till | ISO-8601-formatted UTC date of the last requested day |
POST / HTTP/1.1
Host: iam.example.lyve.seagate.com
Content-Type: application/x-www-form-urlencoded
Authorization: [...]
Action=RSListBillingData&
Version=2010-05-08&
From=2020-03-04T00%3A00%3A00.000Z&
Till=2020-04-04T00%3A00%3A00.000Z
{
"Stats": {
"DCA02": [
{
"Date": "2020-04-03T00:00:00Z",
"UploadBytes": 28398312,
"DownloadBytes": 56709864,
"DeleteBytes": 28398312
},
// ...
],
// ...
},
"UsedSpace": [
{
"Date": "2020-04-03T00:00:00Z",
"UsedSpace": 6485663588183,
"GhostSpace": 402901552935
},
// ...
],
"ObjectCount": [
{
"Date": "2020-04-03T00:00:00Z",
"ObjectCount": 18499
},
// ...
]
}
Serves recent billing metrics for the last hour. Entries for the last two minutes are omitted in order to ensure the returned data is complete.
The API returns stats aggregated by one-minute windows, ordered from the most recent to the oldest. In case there is no activity in a time window, the corresponding entry is omitted.
| Parameter | Description |
|---|---|
| Action | Must be set to RSLiveBilling |
| Version | Must be set to 2010-05-08 |
POST / HTTP/1.1
Host: iam.example.lyve.seagate.com
Content-Type: application/x-www-form-urlencoded
Authorization: [...]
Action=RSLiveBilling&
Version=2010-05-08
[
{
"date": "2020-04-23T12:35:00Z",
"uploadedBytes": 24623534,
"uploadedObjects": 3,
"deletedBytes": 0,
"deletedObjects": 0
},
{
"date": "2020-04-23T12:34:00Z",
"uploadedBytes": 24623534,
"uploadedObjects": 3,
"deletedBytes": 0,
"deletedObjects": 0
},
{
"date": "2020-04-23T12:29:00Z",
"uploadedBytes": 2786761,
"uploadedObjects": 12,
"deletedBytes": 0,
"deletedObjects": 0
}
]
Add a new whitelist rule to the current list of whitelist subnets.
| Property | Value |
|---|---|
| Permission required | ADMIN |
| Service | IAM |
| UrlPath | /api/whitelist/RSWhitelistAddRule |
| Method | PUT |
| Content-Type | json |
{
"root": <root_name>, // mandatory
"subNet": <subnet>, // mandatory
"regions": ["DCA02", "SCJ03", "DEN02", "LON01"], // optional (if empty apply to all regions)
"notes": <some notes for the reseller>, // optional
"ttl": <time to live in days after the approval> // optional
}
HTTP/1.1 200 OK
Content-Type: application/json
Date: Mon, 27 Apr 2020 14:16:59 GMT
Content-Length: 109
{"ok":true,"ruleId":"c205e1b6-8891-11ea-968c-14cc2006610b","insertedAt":"2020-04-27T16:16:59.50222599+02:00"}
Remove a rule from the current subnet whitelist.
| Property | Value |
|---|---|
| Permission required | RESELLER if the Rule is Active (was approved), ADMIN or RESELLER if the rule is still pending |
| Service | IAM |
| UrlPath | /api/whitelist/RSWhitelistDeleteRule |
| Method | DELETE |
| Content-Type | json |
{
"root": <root_name>, // mandatory
"ruleId": <rule identity number> // mandatory
}
Simple http response + json body { "ok": true/false, "errorDesc": "optional error description" }
Approve a rule in Pending state.
| Property | Value |
|---|---|
| Permission required | RESELLER |
| Service | IAM |
| UrlPath | /api/whitelist/RSWhitelistApproveRule |
| Method | POST |
| Content-Type | json |
{
"root": <root_name>, // mandatory
"ruleId": <rule identity number>, // mandatory
"notes": <some notes to report> // optional
}
{
"ok": <true,false>,
"errorDesc": "" // optional,
"ruleId": <rule identity number>,
"status": <current_status>,
"updatedAt": <update ts>
}
Reject a rule in Pending state.
| Property | Value |
|---|---|
| Permission required | RESELLER |
| Service | IAM |
| UrlPath | /api/whitelist/RSWhitelistRejectRule |
| Method | POST |
| Content-Type | json |
{
"root": <root_name>, // mandatory
"ruleId": <rule identity number>, // mandatory
"notes": <some notes to report> // optional
}
{
"ok": <true,false>,
"errorDesc": "" // optional,
"ruleId": <rule identity number>,
"status": <current_status>,
"updatedAt": <update ts>
}
List all rules (subnets).
| Property | Value |
|---|---|
| Permission required | RESELLER |
| Service | IAM |
| UrlPath | /api/whitelist/RSWhitelistListRules |
| Method | GET |
| Param | Desc |
|---|---|
| root | root name |
| offset | 0 (used for pagination, not yet implemented) |
| limit | 0 (used for pagination, not yet implemented) |
{
"ok": <true,false>,
"partial": <true,false> // if true means that only some rules are returned,
"rules": [
{
"ruleId": <rule identifier>, // always present
"insertedAt": <timestamp>, // always present
"updatedAt": <timestamp>, // always present
"subNet": <subnet>, // always present
"status": <Active,Pending,Rejected,Suspended>, // always present
"regions": ["DCA02", "SCJ03", "DEN02", "LON01"], // optional (if empty apply to all regions)
"notes": <rule notes> // optional
}
],
"errorDesc": "optional error description"
}
Upcoming.
Configures a service for a customer with RestrictServiceAccess enabled.
| Property | Value |
|---|---|
| CustomerName | Name of the customer to manage |
| Service | Name of the service to manage, must be one of: |
space, transporter, insights, protect |
|
| Enabled | true / false to enable / disable the service |
| ExpirationDate | This setting has no effect if Enabled is false |
| If set, the service will be available until the specified date | |
| If omitted, the service will be available indefinitely |
POST / HTTP/1.1
Host: iam.example.lyve.seagate.com
Content-Length: 86
Content-Type: application/x-www-form-urlencoded
Authorization: [...]
X-Amz-Date: [...]
Action=RSSetCustomerServiceAccessLevel&
Service=transporter&
AccessLevel=enabled
Create SAML connection for Federated Login (SSO).
| Parameter | Description |
|---|---|
| Action | Must be set to RSCreateSAMLConnection |
| Version | Must be set to 2010-05-08 |
| MetadataXML | XML file |
POST / HTTP/1.1
Host: iam.example.lyve.seagate.com
User-Agent: [...]
Content-Type: application/x-www-form-urlencoded; charset=utf-8
Content-Length: [...]
Action=RSCreateSAMLConnection&
Version=2010-05-08&
MetadataXML=xml
{
"Success": "true",
"ProviderUrl": "https://lyvespace-dev.us.auth0.com/login/callback?connection=resellerName-account-saml",
"EntityId": "urn:lyvecloud:resellerName-account-saml",
"Expiry": "05/07/2034",
"Provider": "resellerName-account-saml"
}
Get SAML connection for Federated Login (SSO).
| Parameter | Description |
|---|---|
| Action | Must be set to RSGetSAMLConnection |
| Version | Must be set to 2010-05-08 |
POST / HTTP/1.1
Host: iam.example.lyve.seagate.com
User-Agent: [...]
Content-Type: application/x-www-form-urlencoded; charset=utf-8
Content-Length: [...]
Action=RSGetSAMLConnection&
Version=2010-05-08&
{
"ProviderUrl": "https://lyvespace-dev.us.auth0.com/login/callback?connection=resellerName-account-saml",
"EntityId": "urn:lyvecloud:resellerName-account-saml",
"Expiry": "05/07/2034",
"Provider": "resellerName-account-saml"
}
Update SAML connection for Federated Login (SSO).
| Parameter | Description |
|---|---|
| Action | Must be set to RSUpdateSAMLConnection |
| Version | Must be set to 2010-05-08 |
| MetadataXML | XML file |
POST / HTTP/1.1
Host: iam.example.lyve.seagate.com
User-Agent: [...]
Content-Type: application/x-www-form-urlencoded; charset=utf-8
Content-Length: [...]
Action=RSUpdateSAMLConnection&
Version=2010-05-08&
MetadataXML=xml
{
"Success": "true",
"ProviderUrl": "https://lyvespace-dev.us.auth0.com/login/callback?connection=resellerName-account-saml",
"EntityId": "urn:lyvecloud:resellerName-account-saml",
"Expiry": "05/07/2034",
"Provider": "resellerName-account-saml"
}
Delete SAML connection for Federated Login (SSO).
| Parameter | Description |
|---|---|
| Action | Must be set to RSDeleteSAMLConnection |
| Version | Must be set to 2010-05-08 |
POST / HTTP/1.1
Host: iam.example.lyve.seagate.com
User-Agent: [...]
Content-Type: application/x-www-form-urlencoded; charset=utf-8
Content-Length: [...]
Action=RSDeleteSAMLConnection&
Version=2010-05-08
{
"Success": "true"
}
Set user AuthMethod for login.
| Parameter | Description |
|---|---|
| Action | Must be set to RSSetUserAuthMethod |
| Version | Must be set to 2010-05-08 |
| Name | UserName |
| AuthMethod | Must be set to federated/password |
POST / HTTP/1.1
Host: iam.example.lyve.seagate.com
User-Agent: [...]
Content-Type: application/x-www-form-urlencoded; charset=utf-8
Content-Length: [...]
Action=RSSetUserAuthMethod&
Version=2010-05-08&
Name=UserName&
AuthMethod=federated