@attr_reader [Symbol] status The status of this access key.
Status may be +:active+ or +:inactive+.
@return [String] Returns the access key id.
@return [String] Returns the access key id.
@return [User,nil] Returns the user this access key belongs to.
Returns +nil+ if this access key belongs to the AWS account and not a specific user.
@param [String] #access_key_id The id of this access key. @param [Hash] options @option [String] :user The IAM user this access key belongs to.
If +:user+ is omitted then this access key belongs to the AWS account.
# File lib/aws/iam/access_key.rb, line 27 def initialize access_key_id, options = {} @id = access_key_id options[:secret_value] = nil unless options.has_key?(:secret_value) @user = options[:user] @user ? super(@user, options) : super(options) end
Activates this access key.
@example
access_key.activate! access_key.status # => :active
@return [nil]
# File lib/aws/iam/access_key.rb, line 109 def activate! self.status = 'Active' nil end
@return [Boolean] Returns true if this access key is active.
# File lib/aws/iam/access_key.rb, line 92 def active? status == :active end
Returns a hash that should be saved somewhere safe.
access_keys = iam.access_keys.create access_keys.credentials #=> { :access_key_id => '...', :secret_access_key => '...' }
You can also use these credentials to make requests:
s3 = AWS::S3.new(access_keys.credentials)
s3.buckets.create('newbucket')
@return [Hash] Returns a hash with the access key id and
secret access key.
# File lib/aws/iam/access_key.rb, line 147 def credentials { :access_key_id => id, :secret_access_key => secret } end
Deactivates this access key.
@example
access_key.deactivate! access_key.status # => :inactive
@return [nil] @return [nil]
# File lib/aws/iam/access_key.rb, line 123 def deactivate! self.status = 'Inactive' nil end
Deletes the access key.
# File lib/aws/iam/access_key.rb, line 129 def delete client.delete_access_key(resource_options) nil end
@return [Boolean] Returns true if this access key is inactive.
# File lib/aws/iam/access_key.rb, line 97 def inactive? status == :inactive end
Returns the secret access key.
You can only access the secret for newly created access keys. Calling
secret on existing access keys raises an error.
@example Getting the secret from a newly created access key
access_key = iam.access_keys.create access_key.secret #=> 'SECRET_ACCESS_KEY'
@example Failing to get the secret from an existing access key.
access_key = iam.access_keys.first access_key.secret #=> raises a runtime error
@return [String] Returns the secret access key.
# File lib/aws/iam/access_key.rb, line 78 def secret secret_value or raise 'secret is only available for new access keys' end
@return [String,nil] Returns the name of the user this access key
belogns to. If the access key belongs to the account, +nil+ is returned.
# File lib/aws/iam/access_key.rb, line 87 def user_name @user ? @user.name : nil end
IAM does not provide a request for “get access keys”. Also note, we do not page the response. This is because restrictions on how many access keys an account / user may have is fewer than one page of results. @private
# File lib/aws/iam/access_key.rb, line 166 def get_resource attribute options = user ? { :user_name => user.name } : {} client.list_access_keys(options) end
@private
# File lib/aws/iam/access_key.rb, line 173 def matches_response_object? obj user_name = obj.respond_to?(:user_name) ? obj.user_name : nil obj.access_key_id == self.id and user_name == self.user_name end
@private
# File lib/aws/iam/access_key.rb, line 153 def resource_identifiers identifiers = [] identifiers << [:access_key_id, id] identifiers << [:user_name, user.name] if user identifiers end