管理 IAM 用户 - 适用于 Ruby 的 AWS 开发工具包
AWS 文档中描述的 AWS 服务或功能可能因区域而异。要查看适用于中国区域的差异,请参阅中国的 AWS 服务入门

本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。

管理 IAM 用户

IAM 用户表示与 AWS 交互的人员或服务。有关 IAM 用户的更多信息,请参阅 IAM 用户

在此示例中,您结合使用AWS SDK for Ruby和 IAM 来:

  1. 通过使用 IAMAws::IAM::Client#list_users 来获取有关可用的 AWS 用户的信息。

  2. 通过使用 Aws::IAM::Client#create_user 来创建用户。

  3. 通过使用 Aws::IAM::Client#update_user 来更新用户的名称。

  4. 通过使用 Aws::IAM::Client#delete_user 来删除用户。

Prerequisites

在运行示例代码之前,您需要安装并配置AWS SDK for Ruby,如下所述:

Example

# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. # SPDX - License - Identifier: Apache - 2.0 # The following code example shows how to to: # 1. Get a list of user names in AWS Identity and Access Management (IAM). # 2. Create a user. # 3. Update the user's name. # 4. Delete the user. require 'aws-sdk-iam' # Gets a list of available user names in # AWS Identity and Access Management (IAM). # # @param iam_client [Aws::IAM::Client] An initialized IAM client. # @example # list_user_names(Aws::IAM::Client.new) def list_user_names(iam_client) response = iam_client.list_users if response.key?('users') && response.users.count.positive? response.users.each do |user| puts user.user_name end else puts 'No users found.' end rescue StandardError => e puts "Error listing user names: #{e.message}" end # Creates a user in AWS Identity and Access Management (IAM). # # @param iam_client [Aws::IAM::Client] An initialized IAM client. # @param user_name [String] The name of the new user. # @return [Boolean] true if the user was created; otherwise, false. # @example # exit 1 unless user_created?(Aws::IAM::Client.new, 'my-user') def user_created?(iam_client, user_name) iam_client.create_user(user_name: user_name) return true rescue Aws::IAM::Errors::EntityAlreadyExists puts "Error creating user: user '#{user_name}' already exists." return false rescue StandardError => e puts "Error creating user: #{e.message}" return false end # Changes the name of a user in AWS Identity and Access Management (IAM). # # Prerequisites: # - The user in IAM. # # @param iam_client [Aws::IAM::Client] An initialized IAM client. # @param user_current_name [String] The current name of the user. # @param user_new_name [String] The new name for the user. # @return [Boolean] true if the name of the user was changed; # otherwise, false. # @example # exit 1 unless user_name_changed?( # Aws::IAM::Client.new, # 'my-user', # 'my-changed-user' # ) def user_name_changed?(iam_client, user_current_name, user_new_name) iam_client.update_user( user_name: user_current_name, new_user_name: user_new_name ) return true rescue StandardError => e puts "Error updating user name: #{e.message}" return false end # Deletes a user in AWS Identity and Access Management (IAM). # # Prerequisites: # - The user in IAM. # # @param iam_client [Aws::IAM::Client] An initialized IAM client. # @param user_name [String] The name of the user. # @return [Boolean] true if the user was deleted; otherwise, false. # @example # exit 1 unless user_deleted?(Aws::IAM::Client.new, 'my-user') def user_deleted?(iam_client, user_name) iam_client.delete_user(user_name: user_name) return true rescue StandardError => e puts "Error deleting user: #{e.message}" return false end # Full example call: def run_me user_name = 'my-user' user_changed_name = 'my-changed-user' delete_user = true iam_client = Aws::IAM::Client.new puts "Initial user names are:\n\n" list_user_names(iam_client) puts "\nAttempting to create user '#{user_name}'..." if user_created?(iam_client, user_name) puts 'User created.' else puts 'Could not create user. Stopping program.' exit 1 end puts "User names now are:\n\n" list_user_names(iam_client) puts "\nAttempting to change the name of the user '#{user_name}' " \ "to '#{user_changed_name}'..." if user_name_changed?(iam_client, user_name, user_changed_name) puts 'User name changed.' puts "User names now are:\n\n" list_user_names(iam_client) if delete_user # Delete user with changed name. puts "\nAttempting to delete user '#{user_changed_name}'..." if user_deleted?(iam_client, user_changed_name) puts 'User deleted.' else puts 'Could not delete user. You must delete the user yourself.' end puts "User names now are:\n\n" list_user_names(iam_client) end else puts 'Could not change user name.' puts "User names now are:\n\n" list_user_names(iam_client) if delete_user # Delete user with initial name. puts "\nAttempting to delete user '#{user_name}'..." if user_deleted?(iam_client, user_name) puts 'User deleted.' else puts 'Could not delete user. You must delete the user yourself.' end puts "User names now are:\n\n" list_user_names(iam_client) end end end run_me if $PROGRAM_NAME == __FILE__