@aws-sdk/client-iam

What is @aws-sdk/client-iam?

The @aws-sdk/client-iam npm package is part of the AWS SDK for JavaScript v3. It provides a modular way to interact with AWS Identity and Access Management (IAM), allowing developers to manage users, groups, roles, and policies programmatically. This package is useful for automating IAM tasks, integrating IAM management into custom applications, and managing permissions within AWS environments.

What are @aws-sdk/client-iam's main functionalities?

User Management

This feature allows for the creation, modification, and deletion of IAM users. The provided code sample demonstrates how to create a new IAM user.

const { IAMClient, CreateUserCommand } = require('@aws-sdk/client-iam');

const client = new IAMClient({ region: 'us-west-2' });
const createUserParams = { UserName: 'NewUser' };
const createUserCommand = new CreateUserCommand(createUserParams);

client.send(createUserCommand).then(response => console.log(response)).catch(error => console.error(error));

Role Management

This feature manages IAM roles, including their creation and the policies attached to them. The code sample shows how to create a new role with an assume role policy.

const { IAMClient, CreateRoleCommand } = require('@aws-sdk/client-iam');

const client = new IAMClient({ region: 'us-west-2' });
const createRoleParams = {
  RoleName: 'NewRole',
  AssumeRolePolicyDocument: JSON.stringify({
    Version: '2012-10-17',
    Statement: [{
      Effect: 'Allow',
      Principal: { 'Service': 'ec2.amazonaws.com' },
      Action: 'sts:AssumeRole'
    }]
  })
};
const createRoleCommand = new CreateRoleCommand(createRoleParams);

client.send(createRoleCommand).then(response => console.log(response)).catch(error => console.error(error));

Policy Management

This feature involves the creation, updating, and deletion of IAM policies. The code sample illustrates how to create a new policy that allows actions on specified resources.

const { IAMClient, CreatePolicyCommand } = require('@aws-sdk/client-iam');

const client = new IAMClient({ region: 'us-west-2' });
const createPolicyParams = {
  PolicyName: 'NewPolicy',
  PolicyDocument: JSON.stringify({
    Version: '2012-10-17',
    Statement: [{
      Effect: 'Allow',
      Action: 'logs:CreateLogGroup',
      Resource: 'arn:aws:logs:us-west-2:123456789012:*'
    }]
  })
};
const createPolicyCommand = new CreatePolicyCommand(createPolicyParams);

client.send(createPolicyCommand).then(response => console.log(response)).catch(error => console.error(error));

Other packages similar to @aws-sdk/client-iam

aws-sdk

The aws-sdk package is the older version of the AWS SDK for JavaScript. It includes support for IAM and other AWS services in a single package, unlike @aws-sdk/client-iam which is modular. The aws-sdk is less modular but can be easier for simple applications that need multiple AWS services.

google-auth-library

While not for AWS, google-auth-library is similar in functionality for Google Cloud. It provides authentication and authorization functionalities for Google Cloud services, similar to how @aws-sdk/client-iam manages IAM for AWS. The comparison highlights how both packages are essential for managing security in cloud environments, albeit for different providers.

README

@aws-sdk/client-iam

For SDK usage, please step to SDK reademe.