AWS services or capabilities described in AWS Documentation may vary by region/location. Click Getting Started with Amazon AWS to see specific differences applicable to the China (Beijing) Region.

Managing IAM Users

Note

These code snippets assume that you understand the material in Getting Started and have configured default AWS credentials using the information in Providing AWS Credentials.

Create a User#

Use the IAMClient CreateUser function, passing it a CreateUserRequest with the name of the user to create.

Includes:

#include <aws/core/Aws.h>
#include <aws/iam/IAMClient.h>
#include <aws/iam/model/CreateUserRequest.h>
#include <aws/iam/model/CreateUserResult.h>

Code:

Aws::IAM::IAMClient iam;
Aws::IAM::Model::CreateUserRequest create_request;
create_request.SetUserName(user_name);

auto create_outcome = iam.CreateUser(create_request);
if(!create_outcome.IsSuccess()) {
    std::cout << "Error creating IAM user " << user_name << ":" <<
        create_outcome.GetError().GetMessage() << std::endl;
    return;
}

This call will fail if the user already exists. You can avoid this by first verifying if the user exists or not by calling the IAMClient GetUser function. The function will fail with Aws::IAM::IAMErrors::NO_SUCH_ENTITY if the user doesn't already exist.

Includes:

#include <aws/core/Aws.h>
#include <aws/iam/IAMClient.h>
#include <aws/iam/model/GetUserRequest.h>
#include <aws/iam/model/GetUserResult.h>

Code:

Aws::IAM::IAMClient iam;
Aws::IAM::Model::GetUserRequest get_request;
get_request.SetUserName(user_name);

auto get_outcome = iam.GetUser(get_request);
if(get_outcome.IsSuccess()) {
    std::cout << "IAM user " << user_name << " already exists" << std::endl;
    return;
} else if (get_outcome.GetError().GetErrorType() !=
        Aws::IAM::IAMErrors::NO_SUCH_ENTITY) {
    std::cout << "Error checking existence of IAM user " << user_name << ":"
        << get_outcome.GetError().GetMessage() << std::endl;
    return;
}

See the complete example.

Listing Users#

List the existing IAM users for your account by calling the IAMClient ListUsers function, passing it a ListUsersRequest object. The list of users is returned in a ListUsersResult object that you can use to get information about the users.

The result may be paginated; to check to see if there are more results available, check the value of GetResult().GetIsTruncated(). If true, then set a marker on the request and call ListUsers again to get the next batch of users. This code demonstrates the technique.

Includes:

#include <aws/core/Aws.h>
#include <aws/iam/IAMClient.h>
#include <aws/iam/model/ListUsersRequest.h>
#include <aws/iam/model/ListUsersResult.h>

Code:

Aws::IAM::IAMClient iam;
Aws::IAM::Model::ListUsersRequest request;

bool done = false;
bool header = false;
while (!done)
{
    auto outcome = iam.ListUsers(request);
    if (!outcome.IsSuccess()) {
        std::cout << "Failed to list iam users:" <<
            outcome.GetError().GetMessage() << std::endl;
        break;
    }

    if (!header) {
        std::cout << std::left << std::setw(32) << "Name" <<
            std::setw(30) << "ID" << std::setw(64) << "Arn" <<
            std::setw(20) << "CreateDate" << std::endl;
        header = true;
    }

    const auto &users = outcome.GetResult().GetUsers();
    for (const auto &user : users) {
        std::cout << std::left << std::setw(32) << user.GetUserName() <<
            std::setw(30) << user.GetUserId() << std::setw(64) <<
            user.GetArn() << std::setw(20) <<
            user.GetCreateDate().ToGmtString(DATE_FORMAT) << std::endl;
    }

    if (outcome.GetResult().GetIsTruncated()) {
        request.SetMarker(outcome.GetResult().GetMarker());
    } else {
        done = true;
    }
}

See the complete example.

Update a User#

To update an existing user, create an UpdateUserRequest and pass it to the IAMClient UpdateUser member function.

Includes:

#include <aws/core/Aws.h>
#include <aws/iam/IAMClient.h>
#include <aws/iam/model/UpdateUserRequest.h>

Code:

Aws::IAM::Model::UpdateUserRequest request;
request.SetUserName(old_name);
request.SetNewUserName(new_name);

auto outcome = iam.UpdateUser(request);
if (outcome.IsSuccess()) {
    std::cout << "IAM user " << old_name <<
        " successfully updated with new user name " << new_name <<
        std::endl;
} else {
    std::cout << "Error updating user name for IAM user " << old_name <<
        ":" << outcome.GetError().GetMessage() << std::endl;
}

See the complete example.

Delete a User#

To delete an existing user, call the IAMClient DeleteUser function, passing it a DeleteUserRequest object containing the name of the user to delete.

Includes:

#include <aws/core/Aws.h>
#include <aws/iam/IAMClient.h>
#include <aws/iam/model/DeleteUserRequest.h>

Code:

Aws::IAM::IAMClient iam;
Aws::IAM::Model::DeleteUserRequest request;
request.SetUserName(user_name);
auto outcome = iam.DeleteUser(request);
if(!outcome.IsSuccess()) {
    std::cout << "Error deleting IAM user " << user_name << ": " <<
        outcome.GetError().GetMessage() << std::endl;
    return;
}
std::cout << "Successfully deleted IAM user " << user_name << std::endl;

See the complete example.