Merge pull request #8243 from elysahall/awsdocs-10-16-23

CLI examples for iam, sts, networkmanager
aws · Oct 24, 2023 · 6e0239d · 6e0239d
2 parents 0e1c4fb + 7497695
commit 6e0239d
Show file tree

Hide file tree

Showing 171 changed files with 2,103 additions and 1,706 deletions.
diff --git a/awscli/examples/iam/add-client-id-to-open-id-connect-provider.rst b/awscli/examples/iam/add-client-id-to-open-id-connect-provider.rst
@@ -1,11 +1,13 @@
 **To add a client ID (audience) to an Open-ID Connect (OIDC) provider**
 
-The following ``add-client-id-to-open-id-connect-provider`` command adds the client ID ``my-application-ID`` to the OIDC provider named ``server.example.com``::
+The following ``add-client-id-to-open-id-connect-provider`` command adds the client ID ``my-application-ID`` to the OIDC provider named ``server.example.com``. ::
 
-  aws iam add-client-id-to-open-id-connect-provider --client-id my-application-ID --open-id-connect-provider-arn arn:aws:iam::123456789012:oidc-provider/server.example.com
+    aws iam add-client-id-to-open-id-connect-provider \
+        --client-id my-application-ID \
+        --open-id-connect-provider-arn arn:aws:iam::123456789012:oidc-provider/server.example.com
 
-To create an OIDC provider, use the ``create-open-id-connect-provider`` command.
+This command produces no output.
 
-For more information, see `Using OpenID Connect Identity Providers`_ in the *Using IAM* guide.
+To create an OIDC provider, use the ``create-open-id-connect-provider`` command.
 
-.. _`Using OpenID Connect Identity Providers`: http://docs.aws.amazon.com/IAM/latest/UserGuide/identity-providers-oidc.html
+For more information, see `Creating OpenID Connect (OIDC) identity providers <https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_oidc.html>`__ in the *AWS IAM User Guide*.
diff --git a/awscli/examples/iam/add-role-to-instance-profile.rst b/awscli/examples/iam/add-role-to-instance-profile.rst
@@ -1,11 +1,13 @@
 **To add a role to an instance profile**
 
-The following ``add-role-to-instance-profile`` command adds the role named ``S3Access`` to the instance profile named ``Webserver``::
+The following ``add-role-to-instance-profile`` command adds the role named ``S3Access`` to the instance profile named ``Webserver``. ::
 
-  aws iam add-role-to-instance-profile --role-name S3Access --instance-profile-name Webserver
+    aws iam add-role-to-instance-profile \
+        --role-name S3Access \
+        --instance-profile-name Webserver
 
-To create an instance profile, use the ``create-instance-profile`` command.
+This command produces no output.
 
-For more information, see `Using IAM Roles to Delegate Permissions to Applications that Run on Amazon EC2`_ in the *Using IAM* guide.
+To create an instance profile, use the ``create-instance-profile`` command.
 
-.. _`Using IAM Roles to Delegate Permissions to Applications that Run on Amazon EC2`: http://docs.aws.amazon.com/IAM/latest/UserGuide/roles-usingrole-ec2instance.html
+For more information, see `Using an IAM role to grant permissions to applications running on Amazon EC2 instances <https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html>`__ in the *AWS IAM User Guide*.
diff --git a/awscli/examples/iam/add-user-to-group.rst b/awscli/examples/iam/add-user-to-group.rst
@@ -1,10 +1,11 @@
 **To add a user to an IAM group**
 
-The following ``add-user-to-group`` command adds an IAM user named ``Bob`` to the IAM group named ``Admins``::
+The following ``add-user-to-group`` command adds an IAM user named ``Bob`` to the IAM group named ``Admins``. ::
 
-  aws iam add-user-to-group --user-name Bob --group-name Admins
+    aws iam add-user-to-group \
+        --user-name Bob \
+        --group-name Admins
 
-For more information, see `Adding and Removing Users in an IAM Group`_ in the *Using IAM* guide.
-
-.. _`Adding and Removing Users in an IAM Group`: http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_AddOrRemoveUsersFromGroup.html
+This command produces no output.
 
+For more information, see `Adding and removing users in an IAM user group <https://docs.aws.amazon.com/IAM/latest/UserGuide/id_groups_manage_add-remove-users.html>`__ in the *AWS IAM User Guide*.
diff --git a/awscli/examples/iam/attach-group-policy.rst b/awscli/examples/iam/attach-group-policy.rst
@@ -1,9 +1,11 @@
 **To attach a managed policy to an IAM group**
 
-The following ``attach-group-policy`` command attaches the AWS managed policy named ``ReadOnlyAccess`` to the IAM group named ``Finance``::
+The following ``attach-group-policy`` command attaches the AWS managed policy named ``ReadOnlyAccess`` to the IAM group named ``Finance``. ::
 
-  aws iam attach-group-policy --policy-arn arn:aws:iam::aws:policy/ReadOnlyAccess --group-name Finance
+    aws iam attach-group-policy \
+        --policy-arn arn:aws:iam::aws:policy/ReadOnlyAccess \
+        --group-name Finance
 
-For more information, see `Managed Policies and Inline Policies`_ in the *Using IAM* guide.
+This command produces no output.
 
-.. _`Managed Policies and Inline Policies`: http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
+For more information, see `Managed policies and inline policies <https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html>`__ in the *AWS IAM User Guide*.
diff --git a/awscli/examples/iam/attach-role-policy.rst b/awscli/examples/iam/attach-role-policy.rst
@@ -1,9 +1,11 @@
 **To attach a managed policy to an IAM role**
 
-The following ``attach-role-policy`` command attaches the AWS managed policy named ``ReadOnlyAccess`` to the IAM role named ``ReadOnlyRole``::
+The following ``attach-role-policy`` command attaches the AWS managed policy named ``ReadOnlyAccess`` to the IAM role named ``ReadOnlyRole``. ::
 
-  aws iam attach-role-policy --policy-arn arn:aws:iam::aws:policy/ReadOnlyAccess --role-name ReadOnlyRole
+    aws iam attach-role-policy \
+        --policy-arn arn:aws:iam::aws:policy/ReadOnlyAccess \
+        --role-name ReadOnlyRole
 
-For more information, see `Managed Policies and Inline Policies`_ in the *Using IAM* guide.
+This command produces no output.
 
-.. _`Managed Policies and Inline Policies`: http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
+For more information, see `Managed policies and inline policies <https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html>`__ in the *AWS IAM User Guide*.
diff --git a/awscli/examples/iam/attach-user-policy.rst b/awscli/examples/iam/attach-user-policy.rst
@@ -1,9 +1,11 @@
 **To attach a managed policy to an IAM user**
 
-The following ``attach-user-policy`` command attaches the AWS managed policy named ``AdministratorAccess`` to the IAM user named ``Alice``::
+The following ``attach-user-policy`` command attaches the AWS managed policy named ``AdministratorAccess`` to the IAM user named ``Alice``. ::
 
-  aws iam attach-user-policy --policy-arn arn:aws:iam:ACCOUNT-ID:aws:policy/AdministratorAccess --user-name Alice
+    aws iam attach-user-policy \
+        --policy-arn arn:aws:iam::aws:policy/AdministratorAccess \
+        --user-name Alice
 
-For more information, see `Managed Policies and Inline Policies`_ in the *Using IAM* guide.
+This command produces no output.
 
-.. _`Managed Policies and Inline Policies`: http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html
+For more information, see `Managed policies and inline policies <https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html>`__ in the *AWS IAM User Guide*.
diff --git a/awscli/examples/iam/change-password.rst b/awscli/examples/iam/change-password.rst
@@ -1,22 +1,24 @@
 **To change the password for your IAM user**
 
-To change the password for your IAM user, we recommend using the ``--cli-input-json`` parameter to pass a JSON file that contains your old and new passwords. Using this method, you can use strong passwords with non-alphanumeric characters. It can be difficult to use passwords with non-alphanumeric characters when you pass them as command line parameters. To use the ``--cli-input-json`` parameter, start by using the ``change-password`` command with the ``--generate-cli-skeleton`` parameter, as in the following example::
+To change the password for your IAM user, we recommend using the ``--cli-input-json`` parameter to pass a JSON file that contains your old and new passwords. Using this method, you can use strong passwords with non-alphanumeric characters. It can be difficult to use passwords with non-alphanumeric characters when you pass them as command line parameters. To use the ``--cli-input-json`` parameter, start by using the ``change-password`` command with the ``--generate-cli-skeleton`` parameter, as in the following example. ::
 
-  aws iam change-password --generate-cli-skeleton > change-password.json
+    aws iam change-password \
+        --generate-cli-skeleton > change-password.json
 
-The previous command creates a JSON file called change-password.json that you can use to fill in your old and new passwords. For example, the file might look like this::
+The previous command creates a JSON file called change-password.json that you can use to fill in your old and new passwords. For example, the file might look like the following. ::
 
-  {
-      "OldPassword": "3s0K_;xh4~8XXI",
-      "NewPassword": "]35d/{pB9Fo9wJ"
-  }
+    {
+        "OldPassword": "3s0K_;xh4~8XXI",
+        "NewPassword": "]35d/{pB9Fo9wJ"
+    }
 
-Next, to change your password, use the ``change-password`` command again, this time passing the ``--cli-input-json`` parameter to specify your JSON file. The following ``change-password`` command uses the ``--cli-input-json`` parameter with a JSON file called change-password.json::
+Next, to change your password, use the ``change-password`` command again, this time passing the ``--cli-input-json`` parameter to specify your JSON file. The following ``change-password`` command uses the ``--cli-input-json`` parameter with a JSON file called change-password.json. ::
 
-  aws iam change-password --cli-input-json file://change-password.json
+    aws iam change-password \
+        --cli-input-json file://change-password.json
 
-This command can be called by IAM users only. If this command is called using AWS account (root) credentials, the command returns an ``InvalidUserType`` error.
+This command produces no output.
 
-For more information, see `How IAM Users Change Their Own Password`_ in the *Using IAM* guide.
+This command can be called by IAM users only. If this command is called using AWS account (root) credentials, the command returns an ``InvalidUserType`` error.
 
-.. _`How IAM Users Change Their Own Password`: http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingUserPwdSelf.html
+For more information, see `How an IAM user changes their own password <https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_user-change-own.html>`__ in the *AWS IAM User Guide*.
diff --git a/awscli/examples/iam/create-access-key.rst b/awscli/examples/iam/create-access-key.rst
@@ -1,23 +1,22 @@
 **To create an access key for an IAM user**
 
-The following ``create-access-key`` command creates an access key (access key ID and secret access key) for the IAM user named ``Bob``::
+The following ``create-access-key`` command creates an access key (access key ID and secret access key) for the IAM user named ``Bob``. ::
 
-  aws iam create-access-key --user-name Bob
+    aws iam create-access-key \
+        --user-name Bob
 
 Output::
 
-  {
-      "AccessKey": {
-          "UserName": "Bob",
-          "Status": "Active",
-          "CreateDate": "2015-03-09T18:39:23.411Z",
-          "SecretAccessKey": "wJalrXUtnFEMI/K7MDENG/bPxRfiCYzEXAMPLEKEY",
-          "AccessKeyId": "AKIAIOSFODNN7EXAMPLE"
-      }
-  }
+    {
+        "AccessKey": {
+            "UserName": "Bob",
+            "Status": "Active",
+            "CreateDate": "2015-03-09T18:39:23.411Z",
+            "SecretAccessKey": "wJalrXUtnFEMI/K7MDENG/bPxRfiCYzEXAMPLEKEY",
+            "AccessKeyId": "AKIAIOSFODNN7EXAMPLE"
+        }
+    }
 
 Store the secret access key in a secure location. If it is lost, it cannot be recovered, and you must create a new access key.
 
-For more information, see `Managing Access Keys for IAM Users`_ in the *Using IAM* guide.
-
-.. _`Managing Access Keys for IAM Users`: http://docs.aws.amazon.com/IAM/latest/UserGuide/ManagingCredentials.html
+For more information, see `Managing access keys for IAM users <https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html>`__ in the *AWS IAM User Guide*.
diff --git a/awscli/examples/iam/create-account-alias.rst b/awscli/examples/iam/create-account-alias.rst
@@ -1,10 +1,10 @@
-**To create an account alias**
-
-The following ``create-account-alias`` command creates the alias ``examplecorp`` for your AWS account. ::
-
-    aws iam create-account-alias \
-        --account-alias examplecorp
-
-For more information, see `Your AWS account ID and its alias`_ in the *Using IAM* guide. 
-
-.. _`Your AWS Account ID and Its Alias`: <https://docs.aws.amazon.com/IAM/latest/UserGuide/console_account-alias.html>
+**To create an account alias**
+
+The following ``create-account-alias`` command creates the alias ``examplecorp`` for your AWS account. ::
+
+    aws iam create-account-alias \
+        --account-alias examplecorp
+
+This command produces no output.
+
+For more information, see `Your AWS account ID and its alias <https://docs.aws.amazon.com/IAM/latest/UserGuide/console_account-alias.html>`__ in the *AWS IAM User Guide*.
diff --git a/awscli/examples/iam/create-group.rst b/awscli/examples/iam/create-group.rst
@@ -1,21 +1,20 @@
 **To create an IAM group**
 
-The following ``create-group`` command creates an IAM group named ``Admins``::
+The following ``create-group`` command creates an IAM group named ``Admins``. ::
 
-  aws iam create-group --group-name Admins
+    aws iam create-group \
+        --group-name Admins
 
 Output::
 
-  {
-      "Group": {
-          "Path": "/",
-          "CreateDate": "2015-03-09T20:30:24.940Z",
-          "GroupId": "AIDGPMS9RO4H3FEXAMPLE",
-          "Arn": "arn:aws:iam::123456789012:group/Admins",
-          "GroupName": "Admins"
-      }
-  }
+    {
+        "Group": {
+            "Path": "/",
+            "CreateDate": "2015-03-09T20:30:24.940Z",
+            "GroupId": "AIDGPMS9RO4H3FEXAMPLE",
+            "Arn": "arn:aws:iam::123456789012:group/Admins",
+            "GroupName": "Admins"
+        }
+    }
 
-For more information, see `Creating IAM Groups`_ in the *Using IAM* guide.
-
-.. _`Creating IAM Groups`: http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_CreatingAndListingGroups.html
+For more information, see `Creating IAM user groups <https://docs.aws.amazon.com/IAM/latest/UserGuide/id_groups_create.html>`__ in the *AWS IAM User Guide*.
diff --git a/awscli/examples/iam/create-instance-profile.rst b/awscli/examples/iam/create-instance-profile.rst
@@ -1,24 +1,23 @@
 **To create an instance profile**
 
-The following ``create-instance-profile`` command creates an instance profile named ``Webserver``::
+The following ``create-instance-profile`` command creates an instance profile named ``Webserver``. ::
 
-  aws iam create-instance-profile --instance-profile-name Webserver
+    aws iam create-instance-profile \
+        --instance-profile-name Webserver
 
 Output::
 
-  {
-      "InstanceProfile": {
-          "InstanceProfileId": "AIPAJMBYC7DLSPEXAMPLE",
-          "Roles": [],
-          "CreateDate": "2015-03-09T20:33:19.626Z",
-          "InstanceProfileName": "Webserver",
-          "Path": "/",
-          "Arn": "arn:aws:iam::123456789012:instance-profile/Webserver"
-      }
-  }
+    {
+        "InstanceProfile": {
+            "InstanceProfileId": "AIPAJMBYC7DLSPEXAMPLE",
+            "Roles": [],
+            "CreateDate": "2015-03-09T20:33:19.626Z",
+            "InstanceProfileName": "Webserver",
+            "Path": "/",
+            "Arn": "arn:aws:iam::123456789012:instance-profile/Webserver"
+        }
+    }
 
 To add a role to an instance profile, use the ``add-role-to-instance-profile`` command.
 
-For more information, see `Using IAM Roles to Delegate Permissions to Applications that Run on Amazon EC2`_ in the *Using IAM* guide.
-
-.. _`Using IAM Roles to Delegate Permissions to Applications that Run on Amazon EC2`: http://docs.aws.amazon.com/IAM/latest/UserGuide/roles-usingrole-ec2instance.html
+For more information, see `Using an IAM role to grant permissions to applications running on Amazon EC2 instances <https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html>`__ in the *AWS IAM User Guide*.
diff --git a/awscli/examples/iam/create-login-profile.rst b/awscli/examples/iam/create-login-profile.rst
@@ -2,38 +2,38 @@
 
 To create a password for an IAM user, we recommend using the ``--cli-input-json`` parameter to pass a JSON file that contains the password. Using this method, you can create a strong password with non-alphanumeric characters. It can be difficult to create a password with non-alphanumeric characters when you pass it as a command line parameter.
 
-To use the ``--cli-input-json`` parameter, start by using the ``create-login-profile`` command with the ``--generate-cli-skeleton`` parameter, as in the following example::
+To use the ``--cli-input-json`` parameter, start by using the ``create-login-profile`` command with the ``--generate-cli-skeleton`` parameter, as in the following example. ::
 
-  aws iam create-login-profile --generate-cli-skeleton > create-login-profile.json
+    aws iam create-login-profile \
+        --generate-cli-skeleton > create-login-profile.json
 
 The previous command creates a JSON file called create-login-profile.json that you can use to fill in the information for a subsequent ``create-login-profile`` command. For example::
 
-  {
-      "UserName": "Bob",
-      "Password": "&1-3a6u:RA0djs",
-      "PasswordResetRequired": true
-  }
+    {
+        "UserName": "Bob",
+        "Password": "&1-3a6u:RA0djs",
+        "PasswordResetRequired": true
+    }
 
-Next, to create a password for an IAM user, use the ``create-login-profile`` command again, this time passing the ``--cli-input-json`` parameter to specify your JSON file. The following ``create-login-profile`` command uses the ``--cli-input-json`` parameter with a JSON file called create-login-profile.json::
+Next, to create a password for an IAM user, use the ``create-login-profile`` command again, this time passing the ``--cli-input-json`` parameter to specify your JSON file. The following ``create-login-profile`` command uses the ``--cli-input-json`` parameter with a JSON file called create-login-profile.json. ::
 
-  aws iam create-login-profile --cli-input-json file://create-login-profile.json
+    aws iam create-login-profile \
+        --cli-input-json file://create-login-profile.json
 
 Output::
 
-  {
-      "LoginProfile": {
-          "UserName": "Bob",
-          "CreateDate": "2015-03-10T20:55:40.274Z",
-          "PasswordResetRequired": true
-      }
-  }
+    {
+        "LoginProfile": {
+            "UserName": "Bob",
+            "CreateDate": "2015-03-10T20:55:40.274Z",
+            "PasswordResetRequired": true
+        }
+    }
 
 If the new password violates the account password policy, the command returns a ``PasswordPolicyViolation`` error.
 
 To change the password for a user that already has one, use ``update-login-profile``. To set a password policy for the account, use the ``update-account-password-policy`` command. 
 
 If the account password policy allows them to, IAM users can change their own passwords using the ``change-password`` command.
 
-For more information, see `Managing Passwords for IAM Users`_ in the *Using IAM* guide.
-
-.. _`Managing Passwords for IAM Users`: http://docs.aws.amazon.com/IAM/latest/UserGuide/credentials-add-pwd-for-user.html
+For more information, see `Managing passwords for IAM users <https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_admin-change-user.html>`__ in the *AWS IAM User Guide*.