Class: Aws::SSOAdmin::Client

Inherits:
Seahorse::Client::Base show all
Includes:
ClientStubs
Defined in:
gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb

Overview

An API client for SSOAdmin. To construct a client, you need to configure a :region and :credentials.

client = Aws::SSOAdmin::Client.new(
  region: region_name,
  credentials: credentials,
  # ...
)

For details on configuring region and credentials see the developer guide.

See #initialize for a full list of supported configuration options.

Instance Attribute Summary

Attributes inherited from Seahorse::Client::Base

#config, #handlers

API Operations collapse

Instance Method Summary collapse

Methods included from ClientStubs

#api_requests, #stub_data, #stub_responses

Methods inherited from Seahorse::Client::Base

add_plugin, api, clear_plugins, define, new, #operation_names, plugins, remove_plugin, set_api, set_plugins

Methods included from Seahorse::Client::HandlerBuilder

#handle, #handle_request, #handle_response

Constructor Details

#initialize(options) ⇒ Client

Returns a new instance of Client.

Parameters:

  • options (Hash)

Options Hash (options):

  • :credentials (required, Aws::CredentialProvider)

    Your AWS credentials. This can be an instance of any one of the following classes:

    • Aws::Credentials - Used for configuring static, non-refreshing credentials.

    • Aws::SharedCredentials - Used for loading static credentials from a shared file, such as ~/.aws/config.

    • Aws::AssumeRoleCredentials - Used when you need to assume a role.

    • Aws::AssumeRoleWebIdentityCredentials - Used when you need to assume a role after providing credentials via the web.

    • Aws::SSOCredentials - Used for loading credentials from AWS SSO using an access token generated from aws login.

    • Aws::ProcessCredentials - Used for loading credentials from a process that outputs to stdout.

    • Aws::InstanceProfileCredentials - Used for loading credentials from an EC2 IMDS on an EC2 instance.

    • Aws::ECSCredentials - Used for loading credentials from instances running in ECS.

    • Aws::CognitoIdentityCredentials - Used for loading credentials from the Cognito Identity service.

    When :credentials are not configured directly, the following locations will be searched for credentials:

    • Aws.config[:credentials]
    • The :access_key_id, :secret_access_key, and :session_token options.
    • ENV['AWS_ACCESS_KEY_ID'], ENV['AWS_SECRET_ACCESS_KEY']
    • ~/.aws/credentials
    • ~/.aws/config
    • EC2/ECS IMDS instance profile - When used by default, the timeouts are very aggressive. Construct and pass an instance of Aws::InstanceProfileCredentails or Aws::ECSCredentials to enable retries and extended timeouts. Instance profile credential fetching can be disabled by setting ENV['AWS_EC2_METADATA_DISABLED'] to true.
  • :region (required, String)

    The AWS region to connect to. The configured :region is used to determine the service :endpoint. When not passed, a default :region is searched for in the following locations:

    • Aws.config[:region]
    • ENV['AWS_REGION']
    • ENV['AMAZON_REGION']
    • ENV['AWS_DEFAULT_REGION']
    • ~/.aws/credentials
    • ~/.aws/config
  • :access_key_id (String)
  • :active_endpoint_cache (Boolean) — default: false

    When set to true, a thread polling for endpoints will be running in the background every 60 secs (default). Defaults to false.

  • :adaptive_retry_wait_to_fill (Boolean) — default: true

    Used only in adaptive retry mode. When true, the request will sleep until there is sufficent client side capacity to retry the request. When false, the request will raise a RetryCapacityNotAvailableError and will not retry instead of sleeping.

  • :client_side_monitoring (Boolean) — default: false

    When true, client-side metrics will be collected for all API requests from this client.

  • :client_side_monitoring_client_id (String) — default: ""

    Allows you to provide an identifier for this client which will be attached to all generated client side metrics. Defaults to an empty string.

  • :client_side_monitoring_host (String) — default: "127.0.0.1"

    Allows you to specify the DNS hostname or IPv4 or IPv6 address that the client side monitoring agent is running on, where client metrics will be published via UDP.

  • :client_side_monitoring_port (Integer) — default: 31000

    Required for publishing client metrics. The port that the client side monitoring agent is running on, where client metrics will be published via UDP.

  • :client_side_monitoring_publisher (Aws::ClientSideMonitoring::Publisher) — default: Aws::ClientSideMonitoring::Publisher

    Allows you to provide a custom client-side monitoring publisher class. By default, will use the Client Side Monitoring Agent Publisher.

  • :convert_params (Boolean) — default: true

    When true, an attempt is made to coerce request parameters into the required types.

  • :correct_clock_skew (Boolean) — default: true

    Used only in standard and adaptive retry modes. Specifies whether to apply a clock skew correction and retry requests with skewed client clocks.

  • :defaults_mode (String) — default: "legacy"

    See DefaultsModeConfiguration for a list of the accepted modes and the configuration defaults that are included.

  • :disable_host_prefix_injection (Boolean) — default: false

    Set to true to disable SDK automatically adding host prefix to default service endpoint when available.

  • :endpoint (String)

    The client endpoint is normally constructed from the :region option. You should only configure an :endpoint when connecting to test or custom endpoints. This should be a valid HTTP(S) URI.

  • :endpoint_cache_max_entries (Integer) — default: 1000

    Used for the maximum size limit of the LRU cache storing endpoints data for endpoint discovery enabled operations. Defaults to 1000.

  • :endpoint_cache_max_threads (Integer) — default: 10

    Used for the maximum threads in use for polling endpoints to be cached, defaults to 10.

  • :endpoint_cache_poll_interval (Integer) — default: 60

    When :endpoint_discovery and :active_endpoint_cache is enabled, Use this option to config the time interval in seconds for making requests fetching endpoints information. Defaults to 60 sec.

  • :endpoint_discovery (Boolean) — default: false

    When set to true, endpoint discovery will be enabled for operations when available.

  • :log_formatter (Aws::Log::Formatter) — default: Aws::Log::Formatter.default

    The log formatter.

  • :log_level (Symbol) — default: :info

    The log level to send messages to the :logger at.

  • :logger (Logger)

    The Logger instance to send log messages to. If this option is not set, logging will be disabled.

  • :max_attempts (Integer) — default: 3

    An integer representing the maximum number attempts that will be made for a single request, including the initial attempt. For example, setting this value to 5 will result in a request being retried up to 4 times. Used in standard and adaptive retry modes.

  • :profile (String) — default: "default"

    Used when loading credentials from the shared credentials file at HOME/.aws/credentials. When not specified, 'default' is used.

  • :retry_backoff (Proc)

    A proc or lambda used for backoff. Defaults to 2**retries * retry_base_delay. This option is only used in the legacy retry mode.

  • :retry_base_delay (Float) — default: 0.3

    The base delay in seconds used by the default backoff function. This option is only used in the legacy retry mode.

  • :retry_jitter (Symbol) — default: :none

    A delay randomiser function used by the default backoff function. Some predefined functions can be referenced by name - :none, :equal, :full, otherwise a Proc that takes and returns a number. This option is only used in the legacy retry mode.

    @see https://www.awsarchitectureblog.com/2015/03/backoff.html

  • :retry_limit (Integer) — default: 3

    The maximum number of times to retry failed requests. Only ~ 500 level server errors and certain ~ 400 level client errors are retried. Generally, these are throttling errors, data checksum errors, networking errors, timeout errors, auth errors, endpoint discovery, and errors from expired credentials. This option is only used in the legacy retry mode.

  • :retry_max_delay (Integer) — default: 0

    The maximum number of seconds to delay between retries (0 for no limit) used by the default backoff function. This option is only used in the legacy retry mode.

  • :retry_mode (String) — default: "legacy"

    Specifies which retry algorithm to use. Values are:

    • legacy - The pre-existing retry behavior. This is default value if no retry mode is provided.

    • standard - A standardized set of retry rules across the AWS SDKs. This includes support for retry quotas, which limit the number of unsuccessful retries a client can make.

    • adaptive - An experimental retry mode that includes all the functionality of standard mode along with automatic client side throttling. This is a provisional mode that may change behavior in the future.

  • :secret_access_key (String)
  • :session_token (String)
  • :simple_json (Boolean) — default: false

    Disables request parameter conversion, validation, and formatting. Also disable response data type conversions. This option is useful when you want to ensure the highest level of performance by avoiding overhead of walking request parameters and response data structures.

    When :simple_json is enabled, the request parameters hash must be formatted exactly as the DynamoDB API expects.

  • :stub_responses (Boolean) — default: false

    Causes the client to return stubbed responses. By default fake responses are generated and returned. You can specify the response data to return or errors to raise by calling ClientStubs#stub_responses. See ClientStubs for more information.

    Please note When response stubbing is enabled, no HTTP requests are made, and retries are disabled.

  • :use_dualstack_endpoint (Boolean)

    When set to true, dualstack enabled endpoints (with .aws TLD) will be used if available.

  • :use_fips_endpoint (Boolean)

    When set to true, fips compatible endpoints will be used if available. When a fips region is used, the region is normalized and this config is set to true.

  • :validate_params (Boolean) — default: true

    When true, request parameters are validated before sending the request.

  • :http_proxy (URI::HTTP, String)

    A proxy to send requests through. Formatted like 'http://proxy.com:123'.

  • :http_open_timeout (Float) — default: 15

    The number of seconds to wait when opening a HTTP session before raising a Timeout::Error.

  • :http_read_timeout (Float) — default: 60

    The default number of seconds to wait for response data. This value can safely be set per-request on the session.

  • :http_idle_timeout (Float) — default: 5

    The number of seconds a connection is allowed to sit idle before it is considered stale. Stale connections are closed and removed from the pool before making a request.

  • :http_continue_timeout (Float) — default: 1

    The number of seconds to wait for a 100-continue response before sending the request body. This option has no effect unless the request has "Expect" header set to "100-continue". Defaults to nil which disables this behaviour. This value can safely be set per request on the session.

  • :ssl_timeout (Float) — default: nil

    Sets the SSL timeout in seconds.

  • :http_wire_trace (Boolean) — default: false

    When true, HTTP debug output will be sent to the :logger.

  • :ssl_verify_peer (Boolean) — default: true

    When true, SSL peer certificates are verified when establishing a connection.

  • :ssl_ca_bundle (String)

    Full path to the SSL certificate authority bundle file that should be used when verifying peer certificates. If you do not pass :ssl_ca_bundle or :ssl_ca_directory the the system default will be used if available.

  • :ssl_ca_directory (String)

    Full path of the directory that contains the unbundled SSL certificate authority files for verifying peer certificates. If you do not pass :ssl_ca_bundle or :ssl_ca_directory the the system default will be used if available.



358
359
360
 
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 358

def initialize(*args)
  super
end

Instance Method Details

#attach_managed_policy_to_permission_set(params = {}) ⇒ Struct

Attaches an IAM managed policy ARN to a permission set.

If the permission set is already referenced by one or more account assignments, you will need to call ProvisionPermissionSet after this operation. Calling ProvisionPermissionSet applies the corresponding IAM policy updates to all assigned accounts.

Examples:

Request syntax with placeholder values


resp = client.attach_managed_policy_to_permission_set({
  instance_arn: "InstanceArn", # required
  permission_set_arn: "PermissionSetArn", # required
  managed_policy_arn: "ManagedPolicyArn", # required
})

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :instance_arn (required, String)

    The ARN of the SSO instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.

  • :permission_set_arn (required, String)

    The ARN of the PermissionSet that the managed policy should be attached to.

  • :managed_policy_arn (required, String)

    The IAM managed policy ARN to be attached to a permission set.

Returns:

  • (Struct)

    Returns an empty response.

See Also:



401
402
403
404
 
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 401

def attach_managed_policy_to_permission_set(params = {}, options = {})
  req = build_request(:attach_managed_policy_to_permission_set, params)
  req.send_request(options)
end

#create_account_assignment(params = {}) ⇒ Types::CreateAccountAssignmentResponse

Assigns access to a principal for a specified Amazon Web Services account using a specified permission set.

The term principal here refers to a user or group that is defined in Amazon Web Services SSO.

As part of a successful CreateAccountAssignment call, the specified permission set will automatically be provisioned to the account in the form of an IAM policy. That policy is attached to the SSO-created IAM role. If the permission set is subsequently updated, the corresponding IAM policies attached to roles in your accounts will not be updated automatically. In this case, you must call ProvisionPermissionSet to make these updates.

Examples:

Request syntax with placeholder values


resp = client.({
  instance_arn: "InstanceArn", # required
  target_id: "TargetId", # required
  target_type: "AWS_ACCOUNT", # required, accepts AWS_ACCOUNT
  permission_set_arn: "PermissionSetArn", # required
  principal_type: "USER", # required, accepts USER, GROUP
  principal_id: "PrincipalId", # required
})

Response structure


resp..status #=> String, one of "IN_PROGRESS", "FAILED", "SUCCEEDED"
resp..request_id #=> String
resp..failure_reason #=> String
resp..target_id #=> String
resp..target_type #=> String, one of "AWS_ACCOUNT"
resp..permission_set_arn #=> String
resp..principal_type #=> String, one of "USER", "GROUP"
resp..principal_id #=> String
resp..created_date #=> Time

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :instance_arn (required, String)

    The ARN of the SSO instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.

  • :target_id (required, String)

    TargetID is an Amazon Web Services account identifier, typically a 10-12 digit string (For example, 123456789012).

  • :target_type (required, String)

    The entity type for which the assignment will be created.

  • :permission_set_arn (required, String)

    The ARN of the permission set that the admin wants to grant the principal access to.

  • :principal_type (required, String)

    The entity type for which the assignment will be created.

  • :principal_id (required, String)

    An identifier for an object in Amazon Web Services SSO, such as a user or group. PrincipalIds are GUIDs (For example, f81d4fae-7dec-11d0-a765-00a0c91e6bf6). For more information about PrincipalIds in Amazon Web Services SSO, see the Amazon Web Services SSO Identity Store API Reference.

Returns:

See Also:



484
485
486
487
 
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 484

def (params = {}, options = {})
  req = build_request(:create_account_assignment, params)
  req.send_request(options)
end

#create_instance_access_control_attribute_configuration(params = {}) ⇒ Struct

Enables the attributes-based access control (ABAC) feature for the specified Amazon Web Services SSO instance. You can also specify new attributes to add to your ABAC configuration during the enabling process. For more information about ABAC, see Attribute-Based Access Control in the Amazon Web Services SSO User Guide.

Examples:

Request syntax with placeholder values


resp = client.create_instance_access_control_attribute_configuration({
  instance_arn: "InstanceArn", # required
  instance_access_control_attribute_configuration: { # required
    access_control_attributes: [ # required
      {
        key: "AccessControlAttributeKey", # required
        value: { # required
          source: ["AccessControlAttributeValueSource"], # required
        },
      },
    ],
  },
})

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :instance_arn (required, String)

    The ARN of the SSO instance under which the operation will be executed.

  • :instance_access_control_attribute_configuration (required, Types::InstanceAccessControlAttributeConfiguration)

    Specifies the Amazon Web Services SSO identity store attributes to add to your ABAC configuration. When using an external identity provider as an identity source, you can pass attributes through the SAML assertion. Doing so provides an alternative to configuring attributes from the Amazon Web Services SSO identity store. If a SAML assertion passes any of these attributes, Amazon Web Services SSO will replace the attribute value with the value from the Amazon Web Services SSO identity store.

Returns:

  • (Struct)

    Returns an empty response.

See Also:



532
533
534
535
 
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 532

def create_instance_access_control_attribute_configuration(params = {}, options = {})
  req = build_request(:create_instance_access_control_attribute_configuration, params)
  req.send_request(options)
end

#create_permission_set(params = {}) ⇒ Types::CreatePermissionSetResponse

Creates a permission set within a specified SSO instance.

To grant users and groups access to Amazon Web Services account resources, use CreateAccountAssignment.

Examples:

Request syntax with placeholder values


resp = client.create_permission_set({
  name: "PermissionSetName", # required
  description: "PermissionSetDescription",
  instance_arn: "InstanceArn", # required
  session_duration: "Duration",
  relay_state: "RelayState",
  tags: [
    {
      key: "TagKey",
      value: "TagValue",
    },
  ],
})

Response structure


resp.permission_set.name #=> String
resp.permission_set.permission_set_arn #=> String
resp.permission_set.description #=> String
resp.permission_set.created_date #=> Time
resp.permission_set.session_duration #=> String
resp.permission_set.relay_state #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :name (required, String)

    The name of the PermissionSet.

  • :description (String)

    The description of the PermissionSet.

  • :instance_arn (required, String)

    The ARN of the SSO instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.

  • :session_duration (String)

    The length of time that the application user sessions are valid in the ISO-8601 standard.

  • :relay_state (String)

    Used to redirect users within the application during the federation authentication process.

  • :tags (Array<Types::Tag>)

    The tags to attach to the new PermissionSet.

Returns:

See Also:



601
602
603
604
 
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 601

def create_permission_set(params = {}, options = {})
  req = build_request(:create_permission_set, params)
  req.send_request(options)
end

#delete_account_assignment(params = {}) ⇒ Types::DeleteAccountAssignmentResponse

Deletes a principal's access from a specified Amazon Web Services account using a specified permission set.

Examples:

Request syntax with placeholder values


resp = client.({
  instance_arn: "InstanceArn", # required
  target_id: "TargetId", # required
  target_type: "AWS_ACCOUNT", # required, accepts AWS_ACCOUNT
  permission_set_arn: "PermissionSetArn", # required
  principal_type: "USER", # required, accepts USER, GROUP
  principal_id: "PrincipalId", # required
})

Response structure


resp..status #=> String, one of "IN_PROGRESS", "FAILED", "SUCCEEDED"
resp..request_id #=> String
resp..failure_reason #=> String
resp..target_id #=> String
resp..target_type #=> String, one of "AWS_ACCOUNT"
resp..permission_set_arn #=> String
resp..principal_type #=> String, one of "USER", "GROUP"
resp..principal_id #=> String
resp..created_date #=> Time

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :instance_arn (required, String)

    The ARN of the SSO instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.

  • :target_id (required, String)

    TargetID is an Amazon Web Services account identifier, typically a 10-12 digit string (For example, 123456789012).

  • :target_type (required, String)

    The entity type for which the assignment will be deleted.

  • :permission_set_arn (required, String)

    The ARN of the permission set that will be used to remove access.

  • :principal_type (required, String)

    The entity type for which the assignment will be deleted.

  • :principal_id (required, String)

    An identifier for an object in Amazon Web Services SSO, such as a user or group. PrincipalIds are GUIDs (For example, f81d4fae-7dec-11d0-a765-00a0c91e6bf6). For more information about PrincipalIds in Amazon Web Services SSO, see the Amazon Web Services SSO Identity Store API Reference.

Returns:

See Also:



668
669
670
671
 
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 668

def (params = {}, options = {})
  req = build_request(:delete_account_assignment, params)
  req.send_request(options)
end

#delete_inline_policy_from_permission_set(params = {}) ⇒ Struct

Deletes the inline policy from a specified permission set.

Examples:

Request syntax with placeholder values


resp = client.delete_inline_policy_from_permission_set({
  instance_arn: "InstanceArn", # required
  permission_set_arn: "PermissionSetArn", # required
})

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :instance_arn (required, String)

    The ARN of the SSO instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.

  • :permission_set_arn (required, String)

    The ARN of the permission set that will be used to remove access.

Returns:

  • (Struct)

    Returns an empty response.

See Also:



698
699
700
701
 
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 698

def delete_inline_policy_from_permission_set(params = {}, options = {})
  req = build_request(:delete_inline_policy_from_permission_set, params)
  req.send_request(options)
end

#delete_instance_access_control_attribute_configuration(params = {}) ⇒ Struct

Disables the attributes-based access control (ABAC) feature for the specified Amazon Web Services SSO instance and deletes all of the attribute mappings that have been configured. Once deleted, any attributes that are received from an identity source and any custom attributes you have previously configured will not be passed. For more information about ABAC, see Attribute-Based Access Control in the Amazon Web Services SSO User Guide.

Examples:

Request syntax with placeholder values


resp = client.delete_instance_access_control_attribute_configuration({
  instance_arn: "InstanceArn", # required
})

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :instance_arn (required, String)

    The ARN of the SSO instance under which the operation will be executed.

Returns:

  • (Struct)

    Returns an empty response.

See Also:



728
729
730
731
 
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 728

def delete_instance_access_control_attribute_configuration(params = {}, options = {})
  req = build_request(:delete_instance_access_control_attribute_configuration, params)
  req.send_request(options)
end

#delete_permission_set(params = {}) ⇒ Struct

Deletes the specified permission set.

Examples:

Request syntax with placeholder values


resp = client.delete_permission_set({
  instance_arn: "InstanceArn", # required
  permission_set_arn: "PermissionSetArn", # required
})

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :instance_arn (required, String)

    The ARN of the SSO instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.

  • :permission_set_arn (required, String)

    The ARN of the permission set that should be deleted.

Returns:

  • (Struct)

    Returns an empty response.

See Also:



758
759
760
761
 
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 758

def delete_permission_set(params = {}, options = {})
  req = build_request(:delete_permission_set, params)
  req.send_request(options)
end

#describe_account_assignment_creation_status(params = {}) ⇒ Types::DescribeAccountAssignmentCreationStatusResponse

Describes the status of the assignment creation request.

Examples:

Request syntax with placeholder values


resp = client.({
  instance_arn: "InstanceArn", # required
  account_assignment_creation_request_id: "UUId", # required
})

Response structure


resp..status #=> String, one of "IN_PROGRESS", "FAILED", "SUCCEEDED"
resp..request_id #=> String
resp..failure_reason #=> String
resp..target_id #=> String
resp..target_type #=> String, one of "AWS_ACCOUNT"
resp..permission_set_arn #=> String
resp..principal_type #=> String, one of "USER", "GROUP"
resp..principal_id #=> String
resp..created_date #=> Time

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :instance_arn (required, String)

    The ARN of the SSO instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.

  • :account_assignment_creation_request_id (required, String)

    The identifier that is used to track the request operation progress.

Returns:

See Also:



802
803
804
805
 
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 802

def (params = {}, options = {})
  req = build_request(:describe_account_assignment_creation_status, params)
  req.send_request(options)
end

#describe_account_assignment_deletion_status(params = {}) ⇒ Types::DescribeAccountAssignmentDeletionStatusResponse

Describes the status of the assignment deletion request.

Examples:

Request syntax with placeholder values


resp = client.({
  instance_arn: "InstanceArn", # required
  account_assignment_deletion_request_id: "UUId", # required
})

Response structure


resp..status #=> String, one of "IN_PROGRESS", "FAILED", "SUCCEEDED"
resp..request_id #=> String
resp..failure_reason #=> String
resp..target_id #=> String
resp..target_type #=> String, one of "AWS_ACCOUNT"
resp..permission_set_arn #=> String
resp..principal_type #=> String, one of "USER", "GROUP"
resp..principal_id #=> String
resp..created_date #=> Time

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :instance_arn (required, String)

    The ARN of the SSO instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.

  • :account_assignment_deletion_request_id (required, String)

    The identifier that is used to track the request operation progress.

Returns:

See Also:



846
847
848
849
 
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 846

def (params = {}, options = {})
  req = build_request(:describe_account_assignment_deletion_status, params)
  req.send_request(options)
end

#describe_instance_access_control_attribute_configuration(params = {}) ⇒ Types::DescribeInstanceAccessControlAttributeConfigurationResponse

Returns the list of Amazon Web Services SSO identity store attributes that have been configured to work with attributes-based access control (ABAC) for the specified Amazon Web Services SSO instance. This will not return attributes configured and sent by an external identity provider. For more information about ABAC, see Attribute-Based Access Control in the Amazon Web Services SSO User Guide.

Examples:

Request syntax with placeholder values


resp = client.describe_instance_access_control_attribute_configuration({
  instance_arn: "InstanceArn", # required
})

Response structure


resp.status #=> String, one of "ENABLED", "CREATION_IN_PROGRESS", "CREATION_FAILED"
resp.status_reason #=> String
resp.instance_access_control_attribute_configuration.access_control_attributes #=> Array
resp.instance_access_control_attribute_configuration.access_control_attributes[0].key #=> String
resp.instance_access_control_attribute_configuration.access_control_attributes[0].value.source #=> Array
resp.instance_access_control_attribute_configuration.access_control_attributes[0].value.source[0] #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :instance_arn (required, String)

    The ARN of the SSO instance under which the operation will be executed.

Returns:

See Also:



888
889
890
891
 
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 888

def describe_instance_access_control_attribute_configuration(params = {}, options = {})
  req = build_request(:describe_instance_access_control_attribute_configuration, params)
  req.send_request(options)
end

#describe_permission_set(params = {}) ⇒ Types::DescribePermissionSetResponse

Gets the details of the permission set.

Examples:

Request syntax with placeholder values


resp = client.describe_permission_set({
  instance_arn: "InstanceArn", # required
  permission_set_arn: "PermissionSetArn", # required
})

Response structure


resp.permission_set.name #=> String
resp.permission_set.permission_set_arn #=> String
resp.permission_set.description #=> String
resp.permission_set.created_date #=> Time
resp.permission_set.session_duration #=> String
resp.permission_set.relay_state #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

Returns:

See Also:



929
930
931
932
 
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 929

def describe_permission_set(params = {}, options = {})
  req = build_request(:describe_permission_set, params)
  req.send_request(options)
end

#describe_permission_set_provisioning_status(params = {}) ⇒ Types::DescribePermissionSetProvisioningStatusResponse

Describes the status for the given permission set provisioning request.

Examples:

Request syntax with placeholder values


resp = client.describe_permission_set_provisioning_status({
  instance_arn: "InstanceArn", # required
  provision_permission_set_request_id: "UUId", # required
})

Response structure


resp.permission_set_provisioning_status.status #=> String, one of "IN_PROGRESS", "FAILED", "SUCCEEDED"
resp.permission_set_provisioning_status.request_id #=> String
resp.permission_set_provisioning_status. #=> String
resp.permission_set_provisioning_status.permission_set_arn #=> String
resp.permission_set_provisioning_status.failure_reason #=> String
resp.permission_set_provisioning_status.created_date #=> Time

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :instance_arn (required, String)

    The ARN of the SSO instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.

  • :provision_permission_set_request_id (required, String)

    The identifier that is provided by the ProvisionPermissionSet call to retrieve the current status of the provisioning workflow.

Returns:

See Also:



972
973
974
975
 
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 972

def describe_permission_set_provisioning_status(params = {}, options = {})
  req = build_request(:describe_permission_set_provisioning_status, params)
  req.send_request(options)
end

#detach_managed_policy_from_permission_set(params = {}) ⇒ Struct

Detaches the attached IAM managed policy ARN from the specified permission set.

Examples:

Request syntax with placeholder values


resp = client.detach_managed_policy_from_permission_set({
  instance_arn: "InstanceArn", # required
  permission_set_arn: "PermissionSetArn", # required
  managed_policy_arn: "ManagedPolicyArn", # required
})

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :instance_arn (required, String)

    The ARN of the SSO instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.

  • :permission_set_arn (required, String)

    The ARN of the PermissionSet from which the policy should be detached.

  • :managed_policy_arn (required, String)

    The IAM managed policy ARN to be attached to a permission set.

Returns:

  • (Struct)

    Returns an empty response.

See Also:



1007
1008
1009
1010
 
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 1007

def detach_managed_policy_from_permission_set(params = {}, options = {})
  req = build_request(:detach_managed_policy_from_permission_set, params)
  req.send_request(options)
end

#get_inline_policy_for_permission_set(params = {}) ⇒ Types::GetInlinePolicyForPermissionSetResponse

Obtains the inline policy assigned to the permission set.

Examples:

Request syntax with placeholder values


resp = client.get_inline_policy_for_permission_set({
  instance_arn: "InstanceArn", # required
  permission_set_arn: "PermissionSetArn", # required
})

Response structure


resp.inline_policy #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

Returns:

See Also:



1043
1044
1045
1046
 
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 1043

def get_inline_policy_for_permission_set(params = {}, options = {})
  req = build_request(:get_inline_policy_for_permission_set, params)
  req.send_request(options)
end

#list_account_assignment_creation_status(params = {}) ⇒ Types::ListAccountAssignmentCreationStatusResponse

Lists the status of the Amazon Web Services account assignment creation requests for a specified SSO instance.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Request syntax with placeholder values


resp = client.({
  instance_arn: "InstanceArn", # required
  max_results: 1,
  next_token: "Token",
  filter: {
    status: "IN_PROGRESS", # accepts IN_PROGRESS, FAILED, SUCCEEDED
  },
})

Response structure


resp. #=> Array
resp.[0].status #=> String, one of "IN_PROGRESS", "FAILED", "SUCCEEDED"
resp.[0].request_id #=> String
resp.[0].created_date #=> Time
resp.next_token #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :instance_arn (required, String)

    The ARN of the SSO instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.

  • :max_results (Integer)

    The maximum number of results to display for the assignment.

  • :next_token (String)

    The pagination token for the list API. Initially the value is null. Use the output of previous API calls to make subsequent calls.

  • :filter (Types::OperationStatusFilter)

    Filters results based on the passed attribute value.

Returns:

See Also:



1098
1099
1100
1101
 
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 1098

def (params = {}, options = {})
  req = build_request(:list_account_assignment_creation_status, params)
  req.send_request(options)
end

#list_account_assignment_deletion_status(params = {}) ⇒ Types::ListAccountAssignmentDeletionStatusResponse

Lists the status of the Amazon Web Services account assignment deletion requests for a specified SSO instance.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Request syntax with placeholder values


resp = client.({
  instance_arn: "InstanceArn", # required
  max_results: 1,
  next_token: "Token",
  filter: {
    status: "IN_PROGRESS", # accepts IN_PROGRESS, FAILED, SUCCEEDED
  },
})

Response structure


resp. #=> Array
resp.[0].status #=> String, one of "IN_PROGRESS", "FAILED", "SUCCEEDED"
resp.[0].request_id #=> String
resp.[0].created_date #=> Time
resp.next_token #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :instance_arn (required, String)

    The ARN of the SSO instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.

  • :max_results (Integer)

    The maximum number of results to display for the assignment.

  • :next_token (String)

    The pagination token for the list API. Initially the value is null. Use the output of previous API calls to make subsequent calls.

  • :filter (Types::OperationStatusFilter)

    Filters results based on the passed attribute value.

Returns:

See Also:



1153
1154
1155
1156
 
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 1153

def (params = {}, options = {})
  req = build_request(:list_account_assignment_deletion_status, params)
  req.send_request(options)
end

#list_account_assignments(params = {}) ⇒ Types::ListAccountAssignmentsResponse

Lists the assignee of the specified Amazon Web Services account with the specified permission set.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Request syntax with placeholder values


resp = client.({
  instance_arn: "InstanceArn", # required
  account_id: "TargetId", # required
  permission_set_arn: "PermissionSetArn", # required
  max_results: 1,
  next_token: "Token",
})

Response structure


resp. #=> Array
resp.[0]. #=> String
resp.[0].permission_set_arn #=> String
resp.[0].principal_type #=> String, one of "USER", "GROUP"
resp.[0].principal_id #=> String
resp.next_token #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :instance_arn (required, String)

    The ARN of the SSO instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.

  • :account_id (required, String)

    The identifier of the Amazon Web Services account from which to list the assignments.

  • :permission_set_arn (required, String)

    The ARN of the permission set from which to list assignments.

  • :max_results (Integer)

    The maximum number of results to display for the assignment.

  • :next_token (String)

    The pagination token for the list API. Initially the value is null. Use the output of previous API calls to make subsequent calls.

Returns:

See Also:



1212
1213
1214
1215
 
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 1212

def (params = {}, options = {})
  req = build_request(:list_account_assignments, params)
  req.send_request(options)
end

#list_accounts_for_provisioned_permission_set(params = {}) ⇒ Types::ListAccountsForProvisionedPermissionSetResponse

Lists all the Amazon Web Services accounts where the specified permission set is provisioned.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Request syntax with placeholder values


resp = client.list_accounts_for_provisioned_permission_set({
  instance_arn: "InstanceArn", # required
  permission_set_arn: "PermissionSetArn", # required
  provisioning_status: "LATEST_PERMISSION_SET_PROVISIONED", # accepts LATEST_PERMISSION_SET_PROVISIONED, LATEST_PERMISSION_SET_NOT_PROVISIONED
  max_results: 1,
  next_token: "Token",
})

Response structure


resp. #=> Array
resp.[0] #=> String
resp.next_token #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :instance_arn (required, String)

    The ARN of the SSO instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.

  • :permission_set_arn (required, String)

    The ARN of the PermissionSet from which the associated Amazon Web Services accounts will be listed.

  • :provisioning_status (String)

    The permission set provisioning status for an Amazon Web Services account.

  • :max_results (Integer)

    The maximum number of results to display for the PermissionSet.

  • :next_token (String)

    The pagination token for the list API. Initially the value is null. Use the output of previous API calls to make subsequent calls.

Returns:

See Also:



1269
1270
1271
1272
 
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 1269

def list_accounts_for_provisioned_permission_set(params = {}, options = {})
  req = build_request(:list_accounts_for_provisioned_permission_set, params)
  req.send_request(options)
end

#list_instances(params = {}) ⇒ Types::ListInstancesResponse

Lists the SSO instances that the caller has access to.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Request syntax with placeholder values


resp = client.list_instances({
  max_results: 1,
  next_token: "Token",
})

Response structure


resp.instances #=> Array
resp.instances[0].instance_arn #=> String
resp.instances[0].identity_store_id #=> String
resp.next_token #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :max_results (Integer)

    The maximum number of results to display for the instance.

  • :next_token (String)

    The pagination token for the list API. Initially the value is null. Use the output of previous API calls to make subsequent calls.

Returns:

See Also:



1308
1309
1310
1311
 
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 1308

def list_instances(params = {}, options = {})
  req = build_request(:list_instances, params)
  req.send_request(options)
end

#list_managed_policies_in_permission_set(params = {}) ⇒ Types::ListManagedPoliciesInPermissionSetResponse

Lists the IAM managed policy that is attached to a specified permission set.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Request syntax with placeholder values


resp = client.list_managed_policies_in_permission_set({
  instance_arn: "InstanceArn", # required
  permission_set_arn: "PermissionSetArn", # required
  max_results: 1,
  next_token: "Token",
})

Response structure


resp.attached_managed_policies #=> Array
resp.attached_managed_policies[0].name #=> String
resp.attached_managed_policies[0].arn #=> String
resp.next_token #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :instance_arn (required, String)

    The ARN of the SSO instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.

  • :permission_set_arn (required, String)

    The ARN of the PermissionSet whose managed policies will be listed.

  • :max_results (Integer)

    The maximum number of results to display for the PermissionSet.

  • :next_token (String)

    The pagination token for the list API. Initially the value is null. Use the output of previous API calls to make subsequent calls.

Returns:

See Also:



1360
1361
1362
1363
 
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 1360

def list_managed_policies_in_permission_set(params = {}, options = {})
  req = build_request(:list_managed_policies_in_permission_set, params)
  req.send_request(options)
end

#list_permission_set_provisioning_status(params = {}) ⇒ Types::ListPermissionSetProvisioningStatusResponse

Lists the status of the permission set provisioning requests for a specified SSO instance.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Request syntax with placeholder values


resp = client.list_permission_set_provisioning_status({
  instance_arn: "InstanceArn", # required
  max_results: 1,
  next_token: "Token",
  filter: {
    status: "IN_PROGRESS", # accepts IN_PROGRESS, FAILED, SUCCEEDED
  },
})

Response structure


resp.permission_sets_provisioning_status #=> Array
resp.permission_sets_provisioning_status[0].status #=> String, one of "IN_PROGRESS", "FAILED", "SUCCEEDED"
resp.permission_sets_provisioning_status[0].request_id #=> String
resp.permission_sets_provisioning_status[0].created_date #=> Time
resp.next_token #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :instance_arn (required, String)

    The ARN of the SSO instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.

  • :max_results (Integer)

    The maximum number of results to display for the assignment.

  • :next_token (String)

    The pagination token for the list API. Initially the value is null. Use the output of previous API calls to make subsequent calls.

  • :filter (Types::OperationStatusFilter)

    Filters results based on the passed attribute value.

Returns:

See Also:



1415
1416
1417
1418
 
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 1415

def list_permission_set_provisioning_status(params = {}, options = {})
  req = build_request(:list_permission_set_provisioning_status, params)
  req.send_request(options)
end

#list_permission_sets(params = {}) ⇒ Types::ListPermissionSetsResponse

Lists the PermissionSets in an SSO instance.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Request syntax with placeholder values


resp = client.list_permission_sets({
  instance_arn: "InstanceArn", # required
  next_token: "Token",
  max_results: 1,
})

Response structure


resp.permission_sets #=> Array
resp.permission_sets[0] #=> String
resp.next_token #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :instance_arn (required, String)

    The ARN of the SSO instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.

  • :next_token (String)

    The pagination token for the list API. Initially the value is null. Use the output of previous API calls to make subsequent calls.

  • :max_results (Integer)

    The maximum number of results to display for the assignment.

Returns:

See Also:



1461
1462
1463
1464
 
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 1461

def list_permission_sets(params = {}, options = {})
  req = build_request(:list_permission_sets, params)
  req.send_request(options)
end

#list_permission_sets_provisioned_to_account(params = {}) ⇒ Types::ListPermissionSetsProvisionedToAccountResponse

Lists all the permission sets that are provisioned to a specified Amazon Web Services account.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Request syntax with placeholder values


resp = client.({
  instance_arn: "InstanceArn", # required
  account_id: "AccountId", # required
  provisioning_status: "LATEST_PERMISSION_SET_PROVISIONED", # accepts LATEST_PERMISSION_SET_PROVISIONED, LATEST_PERMISSION_SET_NOT_PROVISIONED
  max_results: 1,
  next_token: "Token",
})

Response structure


resp.next_token #=> String
resp.permission_sets #=> Array
resp.permission_sets[0] #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :instance_arn (required, String)

    The ARN of the SSO instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.

  • :account_id (required, String)

    The identifier of the Amazon Web Services account from which to list the assignments.

  • :provisioning_status (String)

    The status object for the permission set provisioning operation.

  • :max_results (Integer)

    The maximum number of results to display for the assignment.

  • :next_token (String)

    The pagination token for the list API. Initially the value is null. Use the output of previous API calls to make subsequent calls.

Returns:

See Also:



1517
1518
1519
1520
 
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 1517

def (params = {}, options = {})
  req = build_request(:list_permission_sets_provisioned_to_account, params)
  req.send_request(options)
end

#list_tags_for_resource(params = {}) ⇒ Types::ListTagsForResourceResponse

Lists the tags that are attached to a specified resource.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Request syntax with placeholder values


resp = client.list_tags_for_resource({
  instance_arn: "InstanceArn", # required
  resource_arn: "GeneralArn", # required
  next_token: "Token",
})

Response structure


resp.tags #=> Array
resp.tags[0].key #=> String
resp.tags[0].value #=> String
resp.next_token #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :instance_arn (required, String)

    The ARN of the SSO instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.

  • :resource_arn (required, String)

    The ARN of the resource with the tags to be listed.

  • :next_token (String)

    The pagination token for the list API. Initially the value is null. Use the output of previous API calls to make subsequent calls.

Returns:

See Also:



1564
1565
1566
1567
 
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 1564

def list_tags_for_resource(params = {}, options = {})
  req = build_request(:list_tags_for_resource, params)
  req.send_request(options)
end

#provision_permission_set(params = {}) ⇒ Types::ProvisionPermissionSetResponse

The process by which a specified permission set is provisioned to the specified target.

Examples:

Request syntax with placeholder values


resp = client.provision_permission_set({
  instance_arn: "InstanceArn", # required
  permission_set_arn: "PermissionSetArn", # required
  target_id: "TargetId",
  target_type: "AWS_ACCOUNT", # required, accepts AWS_ACCOUNT, ALL_PROVISIONED_ACCOUNTS
})

Response structure


resp.permission_set_provisioning_status.status #=> String, one of "IN_PROGRESS", "FAILED", "SUCCEEDED"
resp.permission_set_provisioning_status.request_id #=> String
resp.permission_set_provisioning_status. #=> String
resp.permission_set_provisioning_status.permission_set_arn #=> String
resp.permission_set_provisioning_status.failure_reason #=> String
resp.permission_set_provisioning_status.created_date #=> Time

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :instance_arn (required, String)

    The ARN of the SSO instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.

  • :permission_set_arn (required, String)

    The ARN of the permission set.

  • :target_id (String)

    TargetID is an Amazon Web Services account identifier, typically a 10-12 digit string (For example, 123456789012).

  • :target_type (required, String)

    The entity type for which the assignment will be created.

Returns:

See Also:



1615
1616
1617
1618
 
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 1615

def provision_permission_set(params = {}, options = {})
  req = build_request(:provision_permission_set, params)
  req.send_request(options)
end

#put_inline_policy_to_permission_set(params = {}) ⇒ Struct

Attaches an IAM inline policy to a permission set.

If the permission set is already referenced by one or more account assignments, you will need to call ProvisionPermissionSet after this action to apply the corresponding IAM policy updates to all assigned accounts.

Examples:

Request syntax with placeholder values


resp = client.put_inline_policy_to_permission_set({
  instance_arn: "InstanceArn", # required
  permission_set_arn: "PermissionSetArn", # required
  inline_policy: "PermissionSetPolicyDocument", # required
})

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :instance_arn (required, String)

    The ARN of the SSO instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.

  • :permission_set_arn (required, String)

    The ARN of the permission set.

  • :inline_policy (required, String)

    The IAM inline policy to attach to a PermissionSet.

Returns:

  • (Struct)

    Returns an empty response.

See Also:



1656
1657
1658
1659
 
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 1656

def put_inline_policy_to_permission_set(params = {}, options = {})
  req = build_request(:put_inline_policy_to_permission_set, params)
  req.send_request(options)
end

#tag_resource(params = {}) ⇒ Struct

Associates a set of tags with a specified resource.

Examples:

Request syntax with placeholder values


resp = client.tag_resource({
  instance_arn: "InstanceArn", # required
  resource_arn: "GeneralArn", # required
  tags: [ # required
    {
      key: "TagKey",
      value: "TagValue",
    },
  ],
})

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :instance_arn (required, String)

    The ARN of the SSO instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.

  • :resource_arn (required, String)

    The ARN of the resource with the tags to be listed.

  • :tags (required, Array<Types::Tag>)

    A set of key-value pairs that are used to manage the resource.

Returns:

  • (Struct)

    Returns an empty response.

See Also:



1695
1696
1697
1698
 
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 1695

def tag_resource(params = {}, options = {})
  req = build_request(:tag_resource, params)
  req.send_request(options)
end

#untag_resource(params = {}) ⇒ Struct

Disassociates a set of tags from a specified resource.

Examples:

Request syntax with placeholder values


resp = client.untag_resource({
  instance_arn: "InstanceArn", # required
  resource_arn: "GeneralArn", # required
  tag_keys: ["TagKey"], # required
})

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :instance_arn (required, String)

    The ARN of the SSO instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.

  • :resource_arn (required, String)

    The ARN of the resource with the tags to be listed.

  • :tag_keys (required, Array<String>)

    The keys of tags that are attached to the resource.

Returns:

  • (Struct)

    Returns an empty response.

See Also:



1729
1730
1731
1732
 
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 1729

def untag_resource(params = {}, options = {})
  req = build_request(:untag_resource, params)
  req.send_request(options)
end

#update_instance_access_control_attribute_configuration(params = {}) ⇒ Struct

Updates the Amazon Web Services SSO identity store attributes that you can use with the Amazon Web Services SSO instance for attributes-based access control (ABAC). When using an external identity provider as an identity source, you can pass attributes through the SAML assertion as an alternative to configuring attributes from the Amazon Web Services SSO identity store. If a SAML assertion passes any of these attributes, Amazon Web Services SSO replaces the attribute value with the value from the Amazon Web Services SSO identity store. For more information about ABAC, see Attribute-Based Access Control in the Amazon Web Services SSO User Guide.

Examples:

Request syntax with placeholder values


resp = client.update_instance_access_control_attribute_configuration({
  instance_arn: "InstanceArn", # required
  instance_access_control_attribute_configuration: { # required
    access_control_attributes: [ # required
      {
        key: "AccessControlAttributeKey", # required
        value: { # required
          source: ["AccessControlAttributeValueSource"], # required
        },
      },
    ],
  },
})

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :instance_arn (required, String)

    The ARN of the SSO instance under which the operation will be executed.

  • :instance_access_control_attribute_configuration (required, Types::InstanceAccessControlAttributeConfiguration)

    Updates the attributes for your ABAC configuration.

Returns:

  • (Struct)

    Returns an empty response.

See Also:



1775
1776
1777
1778
 
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 1775

def update_instance_access_control_attribute_configuration(params = {}, options = {})
  req = build_request(:update_instance_access_control_attribute_configuration, params)
  req.send_request(options)
end

#update_permission_set(params = {}) ⇒ Struct

Updates an existing permission set.

Examples:

Request syntax with placeholder values


resp = client.update_permission_set({
  instance_arn: "InstanceArn", # required
  permission_set_arn: "PermissionSetArn", # required
  description: "PermissionSetDescription",
  session_duration: "Duration",
  relay_state: "RelayState",
})

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :instance_arn (required, String)

    The ARN of the SSO instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.

  • :permission_set_arn (required, String)

    The ARN of the permission set.

  • :description (String)

    The description of the PermissionSet.

  • :session_duration (String)

    The length of time that the application user sessions are valid for in the ISO-8601 standard.

  • :relay_state (String)

    Used to redirect users within the application during the federation authentication process.

Returns:

  • (Struct)

    Returns an empty response.

See Also:



1819
1820
1821
1822
 
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 1819

def update_permission_set(params = {}, options = {})
  req = build_request(:update_permission_set, params)
  req.send_request(options)
end