AWS Identity and Access Management (IAM)
Refer to the AWS Identity and Access Management User Guide for guidance using AWS Identity and Access Management.
API Access
The IIAMClient interface and its implementation TIAMClient provides access to all AWS Identity and Access Management operations.
program IAMListUsers;
{$APPTYPE CONSOLE}
{$R *.res}
uses
AWS.IAM,
System.SysUtils;
var
Client: IIAMClient;
Response: IIAMListUsersResponse;
begin
try
Client := TIAMClient.Create;
Response := Client.ListUsers;
if Response.IsSuccessful then
for var LUser in Response.Users do
Writeln(Format('%s: %s', [LUser.UserId, LUser.UserName]));
except
on E: Exception do
Writeln(E.ClassName, ': ', E.Message);
end;
end.
IAM Entities
IAM governs access to AWS services through policies. Policies can be attached to or embedded in users, groups, or roles.
IAM Policy Documents
IAM policy documents are JSON documents with a defined structure. As an example, here is a policy granting access to all Amazon S3 actions:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "s3:*",
"Resource": "*"
}
]
}
For details of what elements make up the JSON policy documents, refer to Amazon's IAM JSON policy element reference.
To assist in creating well-formed IAM policy documents, the
Appercept AWS SDK provides a builder utility so documents can
be expressed in Delphi/Pascal syntax. For example, to create
the same document as above, using the TIAMPolicyDocument
class's Build method:
program IAMPolicyBuilder;
{$APPTYPE CONSOLE}
{$R *.res}
uses
AWS.IAM.PolicyDocument,
System.SysUtils;
var
PolicyDocumentString: string;
begin
try
PolicyDocumentString := TIAMPolicyDocument.Build
.BeginStatement
.Effect('Allow')
.Action('s3:*')
.Resource('*')
.EndStatement
.Document
.ToString;
Writeln(PolicyDocumentString);
except
on E: Exception do
Writeln(E.ClassName, ': ', E.Message);
end;
end.