users
Used to retrieve a list of users in a region or create a users resource, use user to operate on an individual resource.
Overview
| Name | users |
| Type | Resource |
| Description | Creates a new IAM user for your AWS-account.<br/> For information about quotas for the number of IAM users you can create, see [IAM and quotas](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) in the *IAM User Guide*. |
| Id | aws.iam.users |
Fields
| Name | Datatype | Description |
|---|---|---|
user_name | string | The name of the user to create. Do not include the path in this value.<br/> This parameter allows (per its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-. The user name must be unique within the account. User names are not distinguished by case. For example, you cannot create users named both "John" and "john".<br/> If you don't specify a name, CFN generates a unique physical ID and uses that ID for the user name.<br/> If you specify a name, you must specify the ``CAPABILITY_NAMED_IAM`` value to acknowledge your template's capabilities. For more information, see [Acknowledging Resources in Templates](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-template.html#using-iam-capabilities).<br/> Naming an IAM resource can cause an unrecoverable error if you reuse the same template in multiple Regions. To prevent this, we recommend using ``Fn::Join`` and ``AWS::Region`` to create a Region-specific name, as in the following example: ``{"Fn::Join": ["", [{"Ref": "AWS::Region"}, {"Ref": "MyResourceName"}]]}``. |
region | string | AWS region. |
Methods
| Name | Accessible by | Required Params |
|---|---|---|
create_resource | INSERT | data__DesiredState, region |
list_resource | SELECT | region |
SELECT Example
SELECT
region,
user_name
FROM aws.iam.users
Permissions
To operate on the users resource, the following permissions are required:
Create
iam:CreateLoginProfile,
iam:AddUserToGroup,
iam:PutUserPolicy,
iam:AttachUserPolicy,
iam:CreateUser,
iam:GetUser,
iam:TagUser
List
iam:listUsers