Class: Aws::SSOAdmin::Client
- Inherits:
-
Seahorse::Client::Base
- Object
- Seahorse::Client::Base
- Aws::SSOAdmin::Client
- Includes:
- ClientStubs
- Defined in:
- gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb
Overview
An API client for SSOAdmin. To construct a client, you need to configure a :region
and :credentials
.
client = Aws::SSOAdmin::Client.new(
region: region_name,
credentials: credentials,
# ...
)
For details on configuring region and credentials see the developer guide.
See #initialize for a full list of supported configuration options.
Instance Attribute Summary
Attributes inherited from Seahorse::Client::Base
API Operations collapse
-
#attach_managed_policy_to_permission_set(params = {}) ⇒ Struct
Attaches an IAM managed policy ARN to a permission set.
-
#create_account_assignment(params = {}) ⇒ Types::CreateAccountAssignmentResponse
Assigns access to a principal for a specified Amazon Web Services account using a specified permission set.
-
#create_instance_access_control_attribute_configuration(params = {}) ⇒ Struct
Enables the attributes-based access control (ABAC) feature for the specified Amazon Web Services SSO instance.
-
#create_permission_set(params = {}) ⇒ Types::CreatePermissionSetResponse
Creates a permission set within a specified SSO instance.
-
#delete_account_assignment(params = {}) ⇒ Types::DeleteAccountAssignmentResponse
Deletes a principal's access from a specified Amazon Web Services account using a specified permission set.
-
#delete_inline_policy_from_permission_set(params = {}) ⇒ Struct
Deletes the inline policy from a specified permission set.
-
#delete_instance_access_control_attribute_configuration(params = {}) ⇒ Struct
Disables the attributes-based access control (ABAC) feature for the specified Amazon Web Services SSO instance and deletes all of the attribute mappings that have been configured.
-
#delete_permission_set(params = {}) ⇒ Struct
Deletes the specified permission set.
-
#describe_account_assignment_creation_status(params = {}) ⇒ Types::DescribeAccountAssignmentCreationStatusResponse
Describes the status of the assignment creation request.
-
#describe_account_assignment_deletion_status(params = {}) ⇒ Types::DescribeAccountAssignmentDeletionStatusResponse
Describes the status of the assignment deletion request.
-
#describe_instance_access_control_attribute_configuration(params = {}) ⇒ Types::DescribeInstanceAccessControlAttributeConfigurationResponse
Returns the list of Amazon Web Services SSO identity store attributes that have been configured to work with attributes-based access control (ABAC) for the specified Amazon Web Services SSO instance.
-
#describe_permission_set(params = {}) ⇒ Types::DescribePermissionSetResponse
Gets the details of the permission set.
-
#describe_permission_set_provisioning_status(params = {}) ⇒ Types::DescribePermissionSetProvisioningStatusResponse
Describes the status for the given permission set provisioning request.
-
#detach_managed_policy_from_permission_set(params = {}) ⇒ Struct
Detaches the attached IAM managed policy ARN from the specified permission set.
-
#get_inline_policy_for_permission_set(params = {}) ⇒ Types::GetInlinePolicyForPermissionSetResponse
Obtains the inline policy assigned to the permission set.
-
#list_account_assignment_creation_status(params = {}) ⇒ Types::ListAccountAssignmentCreationStatusResponse
Lists the status of the Amazon Web Services account assignment creation requests for a specified SSO instance.
-
#list_account_assignment_deletion_status(params = {}) ⇒ Types::ListAccountAssignmentDeletionStatusResponse
Lists the status of the Amazon Web Services account assignment deletion requests for a specified SSO instance.
-
#list_account_assignments(params = {}) ⇒ Types::ListAccountAssignmentsResponse
Lists the assignee of the specified Amazon Web Services account with the specified permission set.
-
#list_accounts_for_provisioned_permission_set(params = {}) ⇒ Types::ListAccountsForProvisionedPermissionSetResponse
Lists all the Amazon Web Services accounts where the specified permission set is provisioned.
-
#list_instances(params = {}) ⇒ Types::ListInstancesResponse
Lists the SSO instances that the caller has access to.
-
#list_managed_policies_in_permission_set(params = {}) ⇒ Types::ListManagedPoliciesInPermissionSetResponse
Lists the IAM managed policy that is attached to a specified permission set.
-
#list_permission_set_provisioning_status(params = {}) ⇒ Types::ListPermissionSetProvisioningStatusResponse
Lists the status of the permission set provisioning requests for a specified SSO instance.
-
#list_permission_sets(params = {}) ⇒ Types::ListPermissionSetsResponse
Lists the PermissionSets in an SSO instance.
-
#list_permission_sets_provisioned_to_account(params = {}) ⇒ Types::ListPermissionSetsProvisionedToAccountResponse
Lists all the permission sets that are provisioned to a specified Amazon Web Services account.
-
#list_tags_for_resource(params = {}) ⇒ Types::ListTagsForResourceResponse
Lists the tags that are attached to a specified resource.
-
#provision_permission_set(params = {}) ⇒ Types::ProvisionPermissionSetResponse
The process by which a specified permission set is provisioned to the specified target.
-
#put_inline_policy_to_permission_set(params = {}) ⇒ Struct
Attaches an IAM inline policy to a permission set.
-
#tag_resource(params = {}) ⇒ Struct
Associates a set of tags with a specified resource.
-
#untag_resource(params = {}) ⇒ Struct
Disassociates a set of tags from a specified resource.
-
#update_instance_access_control_attribute_configuration(params = {}) ⇒ Struct
Updates the Amazon Web Services SSO identity store attributes that you can use with the Amazon Web Services SSO instance for attributes-based access control (ABAC).
-
#update_permission_set(params = {}) ⇒ Struct
Updates an existing permission set.
Instance Method Summary collapse
-
#initialize(options) ⇒ Client
constructor
A new instance of Client.
Methods included from ClientStubs
#api_requests, #stub_data, #stub_responses
Methods inherited from Seahorse::Client::Base
add_plugin, api, clear_plugins, define, new, #operation_names, plugins, remove_plugin, set_api, set_plugins
Methods included from Seahorse::Client::HandlerBuilder
#handle, #handle_request, #handle_response
Constructor Details
#initialize(options) ⇒ Client
Returns a new instance of Client.
358 359 360 |
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 358 def initialize(*args) super end |
Instance Method Details
#attach_managed_policy_to_permission_set(params = {}) ⇒ Struct
Attaches an IAM managed policy ARN to a permission set.
ProvisionPermissionSet
after
this operation. Calling ProvisionPermissionSet
applies the
corresponding IAM policy updates to all assigned accounts.
401 402 403 404 |
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 401 def (params = {}, = {}) req = build_request(:attach_managed_policy_to_permission_set, params) req.send_request() end |
#create_account_assignment(params = {}) ⇒ Types::CreateAccountAssignmentResponse
Assigns access to a principal for a specified Amazon Web Services account using a specified permission set.
CreateAccountAssignment
call, the specified
permission set will automatically be provisioned to the account in the
form of an IAM policy. That policy is attached to the SSO-created IAM
role. If the permission set is subsequently updated, the corresponding
IAM policies attached to roles in your accounts will not be updated
automatically. In this case, you must call ProvisionPermissionSet
to make these updates.
484 485 486 487 |
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 484 def create_account_assignment(params = {}, = {}) req = build_request(:create_account_assignment, params) req.send_request() end |
#create_instance_access_control_attribute_configuration(params = {}) ⇒ Struct
Enables the attributes-based access control (ABAC) feature for the specified Amazon Web Services SSO instance. You can also specify new attributes to add to your ABAC configuration during the enabling process. For more information about ABAC, see Attribute-Based Access Control in the Amazon Web Services SSO User Guide.
532 533 534 535 |
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 532 def create_instance_access_control_attribute_configuration(params = {}, = {}) req = build_request(:create_instance_access_control_attribute_configuration, params) req.send_request() end |
#create_permission_set(params = {}) ⇒ Types::CreatePermissionSetResponse
Creates a permission set within a specified SSO instance.
CreateAccountAssignment
.
601 602 603 604 |
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 601 def (params = {}, = {}) req = build_request(:create_permission_set, params) req.send_request() end |
#delete_account_assignment(params = {}) ⇒ Types::DeleteAccountAssignmentResponse
Deletes a principal's access from a specified Amazon Web Services account using a specified permission set.
668 669 670 671 |
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 668 def delete_account_assignment(params = {}, = {}) req = build_request(:delete_account_assignment, params) req.send_request() end |
#delete_inline_policy_from_permission_set(params = {}) ⇒ Struct
Deletes the inline policy from a specified permission set.
698 699 700 701 |
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 698 def (params = {}, = {}) req = build_request(:delete_inline_policy_from_permission_set, params) req.send_request() end |
#delete_instance_access_control_attribute_configuration(params = {}) ⇒ Struct
Disables the attributes-based access control (ABAC) feature for the specified Amazon Web Services SSO instance and deletes all of the attribute mappings that have been configured. Once deleted, any attributes that are received from an identity source and any custom attributes you have previously configured will not be passed. For more information about ABAC, see Attribute-Based Access Control in the Amazon Web Services SSO User Guide.
728 729 730 731 |
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 728 def delete_instance_access_control_attribute_configuration(params = {}, = {}) req = build_request(:delete_instance_access_control_attribute_configuration, params) req.send_request() end |
#delete_permission_set(params = {}) ⇒ Struct
Deletes the specified permission set.
758 759 760 761 |
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 758 def (params = {}, = {}) req = build_request(:delete_permission_set, params) req.send_request() end |
#describe_account_assignment_creation_status(params = {}) ⇒ Types::DescribeAccountAssignmentCreationStatusResponse
Describes the status of the assignment creation request.
802 803 804 805 |
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 802 def describe_account_assignment_creation_status(params = {}, = {}) req = build_request(:describe_account_assignment_creation_status, params) req.send_request() end |
#describe_account_assignment_deletion_status(params = {}) ⇒ Types::DescribeAccountAssignmentDeletionStatusResponse
Describes the status of the assignment deletion request.
846 847 848 849 |
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 846 def describe_account_assignment_deletion_status(params = {}, = {}) req = build_request(:describe_account_assignment_deletion_status, params) req.send_request() end |
#describe_instance_access_control_attribute_configuration(params = {}) ⇒ Types::DescribeInstanceAccessControlAttributeConfigurationResponse
Returns the list of Amazon Web Services SSO identity store attributes that have been configured to work with attributes-based access control (ABAC) for the specified Amazon Web Services SSO instance. This will not return attributes configured and sent by an external identity provider. For more information about ABAC, see Attribute-Based Access Control in the Amazon Web Services SSO User Guide.
888 889 890 891 |
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 888 def describe_instance_access_control_attribute_configuration(params = {}, = {}) req = build_request(:describe_instance_access_control_attribute_configuration, params) req.send_request() end |
#describe_permission_set(params = {}) ⇒ Types::DescribePermissionSetResponse
Gets the details of the permission set.
929 930 931 932 |
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 929 def (params = {}, = {}) req = build_request(:describe_permission_set, params) req.send_request() end |
#describe_permission_set_provisioning_status(params = {}) ⇒ Types::DescribePermissionSetProvisioningStatusResponse
Describes the status for the given permission set provisioning request.
972 973 974 975 |
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 972 def (params = {}, = {}) req = build_request(:describe_permission_set_provisioning_status, params) req.send_request() end |
#detach_managed_policy_from_permission_set(params = {}) ⇒ Struct
Detaches the attached IAM managed policy ARN from the specified permission set.
1007 1008 1009 1010 |
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 1007 def (params = {}, = {}) req = build_request(:detach_managed_policy_from_permission_set, params) req.send_request() end |
#get_inline_policy_for_permission_set(params = {}) ⇒ Types::GetInlinePolicyForPermissionSetResponse
Obtains the inline policy assigned to the permission set.
1043 1044 1045 1046 |
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 1043 def (params = {}, = {}) req = build_request(:get_inline_policy_for_permission_set, params) req.send_request() end |
#list_account_assignment_creation_status(params = {}) ⇒ Types::ListAccountAssignmentCreationStatusResponse
Lists the status of the Amazon Web Services account assignment creation requests for a specified SSO instance.
The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.
1098 1099 1100 1101 |
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 1098 def list_account_assignment_creation_status(params = {}, = {}) req = build_request(:list_account_assignment_creation_status, params) req.send_request() end |
#list_account_assignment_deletion_status(params = {}) ⇒ Types::ListAccountAssignmentDeletionStatusResponse
Lists the status of the Amazon Web Services account assignment deletion requests for a specified SSO instance.
The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.
1153 1154 1155 1156 |
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 1153 def list_account_assignment_deletion_status(params = {}, = {}) req = build_request(:list_account_assignment_deletion_status, params) req.send_request() end |
#list_account_assignments(params = {}) ⇒ Types::ListAccountAssignmentsResponse
Lists the assignee of the specified Amazon Web Services account with the specified permission set.
The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.
1212 1213 1214 1215 |
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 1212 def list_account_assignments(params = {}, = {}) req = build_request(:list_account_assignments, params) req.send_request() end |
#list_accounts_for_provisioned_permission_set(params = {}) ⇒ Types::ListAccountsForProvisionedPermissionSetResponse
Lists all the Amazon Web Services accounts where the specified permission set is provisioned.
The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.
1269 1270 1271 1272 |
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 1269 def (params = {}, = {}) req = build_request(:list_accounts_for_provisioned_permission_set, params) req.send_request() end |
#list_instances(params = {}) ⇒ Types::ListInstancesResponse
Lists the SSO instances that the caller has access to.
The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.
1308 1309 1310 1311 |
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 1308 def list_instances(params = {}, = {}) req = build_request(:list_instances, params) req.send_request() end |
#list_managed_policies_in_permission_set(params = {}) ⇒ Types::ListManagedPoliciesInPermissionSetResponse
Lists the IAM managed policy that is attached to a specified permission set.
The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.
1360 1361 1362 1363 |
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 1360 def (params = {}, = {}) req = build_request(:list_managed_policies_in_permission_set, params) req.send_request() end |
#list_permission_set_provisioning_status(params = {}) ⇒ Types::ListPermissionSetProvisioningStatusResponse
Lists the status of the permission set provisioning requests for a specified SSO instance.
The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.
1415 1416 1417 1418 |
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 1415 def (params = {}, = {}) req = build_request(:list_permission_set_provisioning_status, params) req.send_request() end |
#list_permission_sets(params = {}) ⇒ Types::ListPermissionSetsResponse
Lists the PermissionSets in an SSO instance.
The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.
1461 1462 1463 1464 |
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 1461 def (params = {}, = {}) req = build_request(:list_permission_sets, params) req.send_request() end |
#list_permission_sets_provisioned_to_account(params = {}) ⇒ Types::ListPermissionSetsProvisionedToAccountResponse
Lists all the permission sets that are provisioned to a specified Amazon Web Services account.
The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.
1517 1518 1519 1520 |
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 1517 def (params = {}, = {}) req = build_request(:list_permission_sets_provisioned_to_account, params) req.send_request() end |
#list_tags_for_resource(params = {}) ⇒ Types::ListTagsForResourceResponse
Lists the tags that are attached to a specified resource.
The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.
1564 1565 1566 1567 |
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 1564 def (params = {}, = {}) req = build_request(:list_tags_for_resource, params) req.send_request() end |
#provision_permission_set(params = {}) ⇒ Types::ProvisionPermissionSetResponse
The process by which a specified permission set is provisioned to the specified target.
1615 1616 1617 1618 |
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 1615 def (params = {}, = {}) req = build_request(:provision_permission_set, params) req.send_request() end |
#put_inline_policy_to_permission_set(params = {}) ⇒ Struct
Attaches an IAM inline policy to a permission set.
ProvisionPermissionSet
after
this action to apply the corresponding IAM policy updates to all
assigned accounts.
1656 1657 1658 1659 |
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 1656 def (params = {}, = {}) req = build_request(:put_inline_policy_to_permission_set, params) req.send_request() end |
#tag_resource(params = {}) ⇒ Struct
Associates a set of tags with a specified resource.
1695 1696 1697 1698 |
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 1695 def tag_resource(params = {}, = {}) req = build_request(:tag_resource, params) req.send_request() end |
#untag_resource(params = {}) ⇒ Struct
Disassociates a set of tags from a specified resource.
1729 1730 1731 1732 |
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 1729 def untag_resource(params = {}, = {}) req = build_request(:untag_resource, params) req.send_request() end |
#update_instance_access_control_attribute_configuration(params = {}) ⇒ Struct
Updates the Amazon Web Services SSO identity store attributes that you can use with the Amazon Web Services SSO instance for attributes-based access control (ABAC). When using an external identity provider as an identity source, you can pass attributes through the SAML assertion as an alternative to configuring attributes from the Amazon Web Services SSO identity store. If a SAML assertion passes any of these attributes, Amazon Web Services SSO replaces the attribute value with the value from the Amazon Web Services SSO identity store. For more information about ABAC, see Attribute-Based Access Control in the Amazon Web Services SSO User Guide.
1775 1776 1777 1778 |
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 1775 def update_instance_access_control_attribute_configuration(params = {}, = {}) req = build_request(:update_instance_access_control_attribute_configuration, params) req.send_request() end |
#update_permission_set(params = {}) ⇒ Struct
Updates an existing permission set.
1819 1820 1821 1822 |
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 1819 def (params = {}, = {}) req = build_request(:update_permission_set, params) req.send_request() end |