Skip to content

Commit

Permalink
CLI examples accessanalyzer, cognito-idp, ec2, ecr-public, ecr, ivs-r…
Browse files Browse the repository at this point in the history
…ealtime, kms, secretsmanager, securitylake
  • Loading branch information
elysahall committed Aug 23, 2024
1 parent 270416f commit 0d21220
Show file tree
Hide file tree
Showing 49 changed files with 1,469 additions and 155 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ Output::

{
"result": "PASS",
"message": "The policy document does not grant access to perform the listed actions."
"message": "The policy document does not grant access to perform one or more of the listed actions."
}

For more information, see `Previewing access with IAM Access Analyzer APIs <https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-preview-access-apis.html>`__ in the *AWS IAM User Guide*.
32 changes: 32 additions & 0 deletions awscli/examples/accessanalyzer/check-no-public-access.rst
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
**To check whether a resource policy can grant public access to the specified resource type**

The following ``check-no-public-access`` example checks whether a resource policy can grant public access to the specified resource type. ::

aws accessanalyzer check-no-public-access \
--policy-document file://check-no-public-access-myfile.json \
--resource-type AWS::S3::Bucket

Contents of ``myfile.json``::

{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "CheckNoPublicAccess",
"Effect": "Allow",
"Principal": { "AWS": "arn:aws:iam::111122223333:user/JohnDoe" },
"Action": [
"s3:GetObject"
]
}
]
}

Output::

{
"result": "PASS",
"message": "The resource policy does not grant public access for the given resource type."
}

For more information, see `Previewing access with IAM Access Analyzer APIs <https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-preview-access-apis.html>`__ in the *AWS IAM User Guide*.
32 changes: 25 additions & 7 deletions awscli/examples/cognito-idp/update-user-pool.rst
Original file line number Diff line number Diff line change
@@ -1,7 +1,25 @@
**To update a user pool**

This example adds tags to a user pool.

Command::

aws cognito-idp update-user-pool --user-pool-id us-west-2_aaaaaaaaa --user-pool-tags Team=Blue,Area=West
**To update a user pool**

The following ``update-user-pool`` example modifies a user pool with example syntax for each of the available configuration options. To update a user pool, you must specify all previously-configured options or they will reset to a default value. ::

aws cognito-idp update-user-pool --user-pool-id us-west-2_EXAMPLE \
--policies PasswordPolicy=\{MinimumLength=6,RequireUppercase=true,RequireLowercase=true,RequireNumbers=true,RequireSymbols=true,TemporaryPasswordValidityDays=7\} \
--deletion-protection ACTIVE \
--lambda-config PreSignUp="arn:aws:lambda:us-west-2:123456789012:function:cognito-test-presignup-function",PreTokenGeneration="arn:aws:lambda:us-west-2:123456789012:function:cognito-test-pretoken-function" \
--auto-verified-attributes "phone_number" "email" \
--verification-message-template \{\"SmsMessage\":\""Your code is {####}"\",\"EmailMessage\":\""Your code is {####}"\",\"EmailSubject\":\""Your verification code"\",\"EmailMessageByLink\":\""Click {##here##} to verify your email address."\",\"EmailSubjectByLink\":\""Your verification link"\",\"DefaultEmailOption\":\"CONFIRM_WITH_LINK\"\} \
--sms-authentication-message "Your code is {####}" \
--user-attribute-update-settings AttributesRequireVerificationBeforeUpdate="email","phone_number" \
--mfa-configuration "OPTIONAL" \
--device-configuration ChallengeRequiredOnNewDevice=true,DeviceOnlyRememberedOnUserPrompt=true \
--email-configuration SourceArn="arn:aws:ses:us-west-2:123456789012:identity/[email protected]",ReplyToEmailAddress="[email protected]",EmailSendingAccount=DEVELOPER,From="[email protected]",ConfigurationSet="test-configuration-set" \
--sms-configuration SnsCallerArn="arn:aws:iam::123456789012:role/service-role/SNS-SMS-Role",ExternalId="12345",SnsRegion="us-west-2" \
--admin-create-user-config AllowAdminCreateUserOnly=false,InviteMessageTemplate=\{SMSMessage=\""Welcome {username}. Your confirmation code is {####}"\",EmailMessage=\""Welcome {username}. Your confirmation code is {####}"\",EmailSubject=\""Welcome to MyMobileGame"\"\} \
--user-pool-tags "Function"="MyMobileGame","Developers"="Berlin" \
--admin-create-user-config AllowAdminCreateUserOnly=false,InviteMessageTemplate=\{SMSMessage=\""Welcome {username}. Your confirmation code is {####}"\",EmailMessage=\""Welcome {username}. Your confirmation code is {####}"\",EmailSubject=\""Welcome to MyMobileGame"\"\} \
--user-pool-add-ons AdvancedSecurityMode="AUDIT" \
--account-recovery-setting RecoveryMechanisms=\[\{Priority=1,Name="verified_email"\},\{Priority=2,Name="verified_phone_number"\}\]

This command produces no output.

For more information, see `Updating user pool configuration <https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-updating.html>`__ in the *Amazon Cognito Developer Guide*.
18 changes: 11 additions & 7 deletions awscli/examples/ec2/describe-store-image-tasks.rst
Original file line number Diff line number Diff line change
Expand Up @@ -7,13 +7,17 @@ The following ``describe-store-image-tasks`` example describes the progress of a
Output::

{
"AmiId": "ami-1234567890abcdef0",
"Bucket": "my-ami-bucket",
"ProgressPercentage": 17,
"S3ObjectKey": "ami-1234567890abcdef0.bin",
"StoreTaskState": "InProgress",
"StoreTaskFailureReason": null,
"TaskStartTime": "2022-01-01T01:01:01.001Z"
"StoreImageTaskResults": [
{
"AmiId": "ami-1234567890abcdef0",
"Bucket": "my-ami-bucket",
"ProgressPercentage": 17,
"S3objectKey": "ami-1234567890abcdef0.bin",
"StoreTaskState": "InProgress",
"StoreTaskFailureReason": null,
"TaskStartTime": "2022-01-01T01:01:01.001Z"
}
]
}

For more information about storing and restoring an AMI using S3, see `Store and restore an AMI using S3 <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ami-store-restore.html>` in the *Amazon EC2 User Guide*.
Loading

0 comments on commit 0d21220

Please sign in to comment.