Class: Aws::SSOAdmin::Client

Inherits:
Seahorse::Client::Base show all
Includes:
ClientStubs
Defined in:
gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb

Overview

An API client for SSOAdmin. To construct a client, you need to configure a :region and :credentials.

client = Aws::SSOAdmin::Client.new(
  region: region_name,
  credentials: credentials,
  # ...
)

For details on configuring region and credentials see the developer guide.

See #initialize for a full list of supported configuration options.

Instance Attribute Summary

Attributes inherited from Seahorse::Client::Base

#config, #handlers

API Operations collapse

Instance Method Summary collapse

Methods included from ClientStubs

#api_requests, #stub_data, #stub_responses

Methods inherited from Seahorse::Client::Base

add_plugin, api, clear_plugins, define, new, #operation_names, plugins, remove_plugin, set_api, set_plugins

Methods included from Seahorse::Client::HandlerBuilder

#handle, #handle_request, #handle_response

Constructor Details

#initialize(options) ⇒ Client

Returns a new instance of Client.

Parameters:

  • options (Hash)

Options Hash (options):

  • :credentials (required, Aws::CredentialProvider)

    Your AWS credentials. This can be an instance of any one of the following classes:

    • Aws::Credentials - Used for configuring static, non-refreshing credentials.

    • Aws::SharedCredentials - Used for loading static credentials from a shared file, such as ~/.aws/config.

    • Aws::AssumeRoleCredentials - Used when you need to assume a role.

    • Aws::AssumeRoleWebIdentityCredentials - Used when you need to assume a role after providing credentials via the web.

    • Aws::SSOCredentials - Used for loading credentials from AWS SSO using an access token generated from aws login.

    • Aws::ProcessCredentials - Used for loading credentials from a process that outputs to stdout.

    • Aws::InstanceProfileCredentials - Used for loading credentials from an EC2 IMDS on an EC2 instance.

    • Aws::ECSCredentials - Used for loading credentials from instances running in ECS.

    • Aws::CognitoIdentityCredentials - Used for loading credentials from the Cognito Identity service.

    When :credentials are not configured directly, the following locations will be searched for credentials:

    • Aws.config[:credentials]
    • The :access_key_id, :secret_access_key, and :session_token options.
    • ENV['AWS_ACCESS_KEY_ID'], ENV['AWS_SECRET_ACCESS_KEY']
    • ~/.aws/credentials
    • ~/.aws/config
    • EC2/ECS IMDS instance profile - When used by default, the timeouts are very aggressive. Construct and pass an instance of Aws::InstanceProfileCredentails or Aws::ECSCredentials to enable retries and extended timeouts.
  • :region (required, String)

    The AWS region to connect to. The configured :region is used to determine the service :endpoint. When not passed, a default :region is searched for in the following locations:

    • Aws.config[:region]
    • ENV['AWS_REGION']
    • ENV['AMAZON_REGION']
    • ENV['AWS_DEFAULT_REGION']
    • ~/.aws/credentials
    • ~/.aws/config
  • :access_key_id (String)
  • :active_endpoint_cache (Boolean) — default: false

    When set to true, a thread polling for endpoints will be running in the background every 60 secs (default). Defaults to false.

  • :adaptive_retry_wait_to_fill (Boolean) — default: true

    Used only in adaptive retry mode. When true, the request will sleep until there is sufficent client side capacity to retry the request. When false, the request will raise a RetryCapacityNotAvailableError and will not retry instead of sleeping.

  • :client_side_monitoring (Boolean) — default: false

    When true, client-side metrics will be collected for all API requests from this client.

  • :client_side_monitoring_client_id (String) — default: ""

    Allows you to provide an identifier for this client which will be attached to all generated client side metrics. Defaults to an empty string.

  • :client_side_monitoring_host (String) — default: "127.0.0.1"

    Allows you to specify the DNS hostname or IPv4 or IPv6 address that the client side monitoring agent is running on, where client metrics will be published via UDP.

  • :client_side_monitoring_port (Integer) — default: 31000

    Required for publishing client metrics. The port that the client side monitoring agent is running on, where client metrics will be published via UDP.

  • :client_side_monitoring_publisher (Aws::ClientSideMonitoring::Publisher) — default: Aws::ClientSideMonitoring::Publisher

    Allows you to provide a custom client-side monitoring publisher class. By default, will use the Client Side Monitoring Agent Publisher.

  • :convert_params (Boolean) — default: true

    When true, an attempt is made to coerce request parameters into the required types.

  • :correct_clock_skew (Boolean) — default: true

    Used only in standard and adaptive retry modes. Specifies whether to apply a clock skew correction and retry requests with skewed client clocks.

  • :disable_host_prefix_injection (Boolean) — default: false

    Set to true to disable SDK automatically adding host prefix to default service endpoint when available.

  • :endpoint (String)

    The client endpoint is normally constructed from the :region option. You should only configure an :endpoint when connecting to test or custom endpoints. This should be a valid HTTP(S) URI.

  • :endpoint_cache_max_entries (Integer) — default: 1000

    Used for the maximum size limit of the LRU cache storing endpoints data for endpoint discovery enabled operations. Defaults to 1000.

  • :endpoint_cache_max_threads (Integer) — default: 10

    Used for the maximum threads in use for polling endpoints to be cached, defaults to 10.

  • :endpoint_cache_poll_interval (Integer) — default: 60

    When :endpoint_discovery and :active_endpoint_cache is enabled, Use this option to config the time interval in seconds for making requests fetching endpoints information. Defaults to 60 sec.

  • :endpoint_discovery (Boolean) — default: false

    When set to true, endpoint discovery will be enabled for operations when available.

  • :log_formatter (Aws::Log::Formatter) — default: Aws::Log::Formatter.default

    The log formatter.

  • :log_level (Symbol) — default: :info

    The log level to send messages to the :logger at.

  • :logger (Logger)

    The Logger instance to send log messages to. If this option is not set, logging will be disabled.

  • :max_attempts (Integer) — default: 3

    An integer representing the maximum number attempts that will be made for a single request, including the initial attempt. For example, setting this value to 5 will result in a request being retried up to 4 times. Used in standard and adaptive retry modes.

  • :profile (String) — default: "default"

    Used when loading credentials from the shared credentials file at HOME/.aws/credentials. When not specified, 'default' is used.

  • :retry_backoff (Proc)

    A proc or lambda used for backoff. Defaults to 2**retries * retry_base_delay. This option is only used in the legacy retry mode.

  • :retry_base_delay (Float) — default: 0.3

    The base delay in seconds used by the default backoff function. This option is only used in the legacy retry mode.

  • :retry_jitter (Symbol) — default: :none

    A delay randomiser function used by the default backoff function. Some predefined functions can be referenced by name - :none, :equal, :full, otherwise a Proc that takes and returns a number. This option is only used in the legacy retry mode.

    @see https://www.awsarchitectureblog.com/2015/03/backoff.html

  • :retry_limit (Integer) — default: 3

    The maximum number of times to retry failed requests. Only ~ 500 level server errors and certain ~ 400 level client errors are retried. Generally, these are throttling errors, data checksum errors, networking errors, timeout errors, auth errors, endpoint discovery, and errors from expired credentials. This option is only used in the legacy retry mode.

  • :retry_max_delay (Integer) — default: 0

    The maximum number of seconds to delay between retries (0 for no limit) used by the default backoff function. This option is only used in the legacy retry mode.

  • :retry_mode (String) — default: "legacy"

    Specifies which retry algorithm to use. Values are:

    • legacy - The pre-existing retry behavior. This is default value if no retry mode is provided.

    • standard - A standardized set of retry rules across the AWS SDKs. This includes support for retry quotas, which limit the number of unsuccessful retries a client can make.

    • adaptive - An experimental retry mode that includes all the functionality of standard mode along with automatic client side throttling. This is a provisional mode that may change behavior in the future.

  • :secret_access_key (String)
  • :session_token (String)
  • :simple_json (Boolean) — default: false

    Disables request parameter conversion, validation, and formatting. Also disable response data type conversions. This option is useful when you want to ensure the highest level of performance by avoiding overhead of walking request parameters and response data structures.

    When :simple_json is enabled, the request parameters hash must be formatted exactly as the DynamoDB API expects.

  • :stub_responses (Boolean) — default: false

    Causes the client to return stubbed responses. By default fake responses are generated and returned. You can specify the response data to return or errors to raise by calling ClientStubs#stub_responses. See ClientStubs for more information.

    Please note When response stubbing is enabled, no HTTP requests are made, and retries are disabled.

  • :validate_params (Boolean) — default: true

    When true, request parameters are validated before sending the request.

  • :http_proxy (URI::HTTP, String)

    A proxy to send requests through. Formatted like 'http://proxy.com:123'.

  • :http_open_timeout (Float) — default: 15

    The number of seconds to wait when opening a HTTP session before raising a Timeout::Error.

  • :http_read_timeout (Integer) — default: 60

    The default number of seconds to wait for response data. This value can safely be set per-request on the session.

  • :http_idle_timeout (Float) — default: 5

    The number of seconds a connection is allowed to sit idle before it is considered stale. Stale connections are closed and removed from the pool before making a request.

  • :http_continue_timeout (Float) — default: 1

    The number of seconds to wait for a 100-continue response before sending the request body. This option has no effect unless the request has "Expect" header set to "100-continue". Defaults to nil which disables this behaviour. This value can safely be set per request on the session.

  • :http_wire_trace (Boolean) — default: false

    When true, HTTP debug output will be sent to the :logger.

  • :ssl_verify_peer (Boolean) — default: true

    When true, SSL peer certificates are verified when establishing a connection.

  • :ssl_ca_bundle (String)

    Full path to the SSL certificate authority bundle file that should be used when verifying peer certificates. If you do not pass :ssl_ca_bundle or :ssl_ca_directory the the system default will be used if available.

  • :ssl_ca_directory (String)

    Full path of the directory that contains the unbundled SSL certificate authority files for verifying peer certificates. If you do not pass :ssl_ca_bundle or :ssl_ca_directory the the system default will be used if available.



334
335
336
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 334

def initialize(*args)
  super
end

Instance Method Details

#attach_managed_policy_to_permission_set(params = {}) ⇒ Struct

Attaches an IAM managed policy ARN to a permission set.

If the permission set is already referenced by one or more account assignments, you will need to call ProvisionPermissionSet after this operation. Calling ProvisionPermissionSet applies the corresponding IAM policy updates to all assigned accounts.

Examples:

Request syntax with placeholder values


resp = client.attach_managed_policy_to_permission_set({
  instance_arn: "InstanceArn", # required
  permission_set_arn: "PermissionSetArn", # required
  managed_policy_arn: "ManagedPolicyArn", # required
})

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :instance_arn (required, String)

    The ARN of the SSO instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.

  • :permission_set_arn (required, String)

    The ARN of the PermissionSet that the managed policy should be attached to.

  • :managed_policy_arn (required, String)

    The IAM managed policy ARN to be attached to a permission set.

Returns:

  • (Struct)

    Returns an empty response.

See Also:



377
378
379
380
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 377

def attach_managed_policy_to_permission_set(params = {}, options = {})
  req = build_request(:attach_managed_policy_to_permission_set, params)
  req.send_request(options)
end

#create_account_assignment(params = {}) ⇒ Types::CreateAccountAssignmentResponse

Assigns access to a principal for a specified Amazon Web Services account using a specified permission set.

The term principal here refers to a user or group that is defined in Amazon Web Services SSO.

As part of a successful CreateAccountAssignment call, the specified permission set will automatically be provisioned to the account in the form of an IAM policy. That policy is attached to the SSO-created IAM role. If the permission set is subsequently updated, the corresponding IAM policies attached to roles in your accounts will not be updated automatically. In this case, you must call ProvisionPermissionSet to make these updates.

Examples:

Request syntax with placeholder values


resp = client.({
  instance_arn: "InstanceArn", # required
  target_id: "TargetId", # required
  target_type: "AWS_ACCOUNT", # required, accepts AWS_ACCOUNT
  permission_set_arn: "PermissionSetArn", # required
  principal_type: "USER", # required, accepts USER, GROUP
  principal_id: "PrincipalId", # required
})

Response structure


resp..status #=> String, one of "IN_PROGRESS", "FAILED", "SUCCEEDED"
resp..request_id #=> String
resp..failure_reason #=> String
resp..target_id #=> String
resp..target_type #=> String, one of "AWS_ACCOUNT"
resp..permission_set_arn #=> String
resp..principal_type #=> String, one of "USER", "GROUP"
resp..principal_id #=> String
resp..created_date #=> Time

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :instance_arn (required, String)

    The ARN of the SSO instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.

  • :target_id (required, String)

    TargetID is an Amazon Web Services account identifier, typically a 10-12 digit string (For example, 123456789012).

  • :target_type (required, String)

    The entity type for which the assignment will be created.

  • :permission_set_arn (required, String)

    The ARN of the permission set that the admin wants to grant the principal access to.

  • :principal_type (required, String)

    The entity type for which the assignment will be created.

  • :principal_id (required, String)

    An identifier for an object in Amazon Web Services SSO, such as a user or group. PrincipalIds are GUIDs (For example, f81d4fae-7dec-11d0-a765-00a0c91e6bf6). For more information about PrincipalIds in Amazon Web Services SSO, see the Amazon Web Services SSO Identity Store API Reference.

Returns:

See Also:



460
461
462
463
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 460

def (params = {}, options = {})
  req = build_request(:create_account_assignment, params)
  req.send_request(options)
end

#create_instance_access_control_attribute_configuration(params = {}) ⇒ Struct

Enables the attributes-based access control (ABAC) feature for the specified Amazon Web Services SSO instance. You can also specify new attributes to add to your ABAC configuration during the enabling process. For more information about ABAC, see Attribute-Based Access Control in the Amazon Web Services SSO User Guide.

Examples:

Request syntax with placeholder values


resp = client.create_instance_access_control_attribute_configuration({
  instance_arn: "InstanceArn", # required
  instance_access_control_attribute_configuration: { # required
    access_control_attributes: [ # required
      {
        key: "AccessControlAttributeKey", # required
        value: { # required
          source: ["AccessControlAttributeValueSource"], # required
        },
      },
    ],
  },
})

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :instance_arn (required, String)

    The ARN of the SSO instance under which the operation will be executed.

  • :instance_access_control_attribute_configuration (required, Types::InstanceAccessControlAttributeConfiguration)

    Specifies the Amazon Web Services SSO identity store attributes to add to your ABAC configuration. When using an external identity provider as an identity source, you can pass attributes through the SAML assertion. Doing so provides an alternative to configuring attributes from the Amazon Web Services SSO identity store. If a SAML assertion passes any of these attributes, Amazon Web Services SSO will replace the attribute value with the value from the Amazon Web Services SSO identity store.

Returns:

  • (Struct)

    Returns an empty response.

See Also:



508
509
510
511
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 508

def create_instance_access_control_attribute_configuration(params = {}, options = {})
  req = build_request(:create_instance_access_control_attribute_configuration, params)
  req.send_request(options)
end

#create_permission_set(params = {}) ⇒ Types::CreatePermissionSetResponse

Creates a permission set within a specified SSO instance.

To grant users and groups access to Amazon Web Services account resources, use CreateAccountAssignment.

Examples:

Request syntax with placeholder values


resp = client.create_permission_set({
  name: "PermissionSetName", # required
  description: "PermissionSetDescription",
  instance_arn: "InstanceArn", # required
  session_duration: "Duration",
  relay_state: "RelayState",
  tags: [
    {
      key: "TagKey",
      value: "TagValue",
    },
  ],
})

Response structure


resp.permission_set.name #=> String
resp.permission_set.permission_set_arn #=> String
resp.permission_set.description #=> String
resp.permission_set.created_date #=> Time
resp.permission_set.session_duration #=> String
resp.permission_set.relay_state #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :name (required, String)

    The name of the PermissionSet.

  • :description (String)

    The description of the PermissionSet.

  • :instance_arn (required, String)

    The ARN of the SSO instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.

  • :session_duration (String)

    The length of time that the application user sessions are valid in the ISO-8601 standard.

  • :relay_state (String)

    Used to redirect users within the application during the federation authentication process.

  • :tags (Array<Types::Tag>)

    The tags to attach to the new PermissionSet.

Returns:

See Also:



577
578
579
580
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 577

def create_permission_set(params = {}, options = {})
  req = build_request(:create_permission_set, params)
  req.send_request(options)
end

#delete_account_assignment(params = {}) ⇒ Types::DeleteAccountAssignmentResponse

Deletes a principal's access from a specified Amazon Web Services account using a specified permission set.

Examples:

Request syntax with placeholder values


resp = client.({
  instance_arn: "InstanceArn", # required
  target_id: "TargetId", # required
  target_type: "AWS_ACCOUNT", # required, accepts AWS_ACCOUNT
  permission_set_arn: "PermissionSetArn", # required
  principal_type: "USER", # required, accepts USER, GROUP
  principal_id: "PrincipalId", # required
})

Response structure


resp..status #=> String, one of "IN_PROGRESS", "FAILED", "SUCCEEDED"
resp..request_id #=> String
resp..failure_reason #=> String
resp..target_id #=> String
resp..target_type #=> String, one of "AWS_ACCOUNT"
resp..permission_set_arn #=> String
resp..principal_type #=> String, one of "USER", "GROUP"
resp..principal_id #=> String
resp..created_date #=> Time

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :instance_arn (required, String)

    The ARN of the SSO instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.

  • :target_id (required, String)

    TargetID is an Amazon Web Services account identifier, typically a 10-12 digit string (For example, 123456789012).

  • :target_type (required, String)

    The entity type for which the assignment will be deleted.

  • :permission_set_arn (required, String)

    The ARN of the permission set that will be used to remove access.

  • :principal_type (required, String)

    The entity type for which the assignment will be deleted.

  • :principal_id (required, String)

    An identifier for an object in Amazon Web Services SSO, such as a user or group. PrincipalIds are GUIDs (For example, f81d4fae-7dec-11d0-a765-00a0c91e6bf6). For more information about PrincipalIds in Amazon Web Services SSO, see the Amazon Web Services SSO Identity Store API Reference.

Returns:

See Also:



644
645
646
647
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 644

def (params = {}, options = {})
  req = build_request(:delete_account_assignment, params)
  req.send_request(options)
end

#delete_inline_policy_from_permission_set(params = {}) ⇒ Struct

Deletes the inline policy from a specified permission set.

Examples:

Request syntax with placeholder values


resp = client.delete_inline_policy_from_permission_set({
  instance_arn: "InstanceArn", # required
  permission_set_arn: "PermissionSetArn", # required
})

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :instance_arn (required, String)

    The ARN of the SSO instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.

  • :permission_set_arn (required, String)

    The ARN of the permission set that will be used to remove access.

Returns:

  • (Struct)

    Returns an empty response.

See Also:



674
675
676
677
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 674

def delete_inline_policy_from_permission_set(params = {}, options = {})
  req = build_request(:delete_inline_policy_from_permission_set, params)
  req.send_request(options)
end

#delete_instance_access_control_attribute_configuration(params = {}) ⇒ Struct

Disables the attributes-based access control (ABAC) feature for the specified Amazon Web Services SSO instance and deletes all of the attribute mappings that have been configured. Once deleted, any attributes that are received from an identity source and any custom attributes you have previously configured will not be passed. For more information about ABAC, see Attribute-Based Access Control in the Amazon Web Services SSO User Guide.

Examples:

Request syntax with placeholder values


resp = client.delete_instance_access_control_attribute_configuration({
  instance_arn: "InstanceArn", # required
})

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :instance_arn (required, String)

    The ARN of the SSO instance under which the operation will be executed.

Returns:

  • (Struct)

    Returns an empty response.

See Also:



704
705
706
707
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 704

def delete_instance_access_control_attribute_configuration(params = {}, options = {})
  req = build_request(:delete_instance_access_control_attribute_configuration, params)
  req.send_request(options)
end

#delete_permission_set(params = {}) ⇒ Struct

Deletes the specified permission set.

Examples:

Request syntax with placeholder values


resp = client.delete_permission_set({
  instance_arn: "InstanceArn", # required
  permission_set_arn: "PermissionSetArn", # required
})

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :instance_arn (required, String)

    The ARN of the SSO instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.

  • :permission_set_arn (required, String)

    The ARN of the permission set that should be deleted.

Returns:

  • (Struct)

    Returns an empty response.

See Also:



734
735
736
737
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 734

def delete_permission_set(params = {}, options = {})
  req = build_request(:delete_permission_set, params)
  req.send_request(options)
end

#describe_account_assignment_creation_status(params = {}) ⇒ Types::DescribeAccountAssignmentCreationStatusResponse

Describes the status of the assignment creation request.

Examples:

Request syntax with placeholder values


resp = client.({
  instance_arn: "InstanceArn", # required
  account_assignment_creation_request_id: "UUId", # required
})

Response structure


resp..status #=> String, one of "IN_PROGRESS", "FAILED", "SUCCEEDED"
resp..request_id #=> String
resp..failure_reason #=> String
resp..target_id #=> String
resp..target_type #=> String, one of "AWS_ACCOUNT"
resp..permission_set_arn #=> String
resp..principal_type #=> String, one of "USER", "GROUP"
resp..principal_id #=> String
resp..created_date #=> Time

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :instance_arn (required, String)

    The ARN of the SSO instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.

  • :account_assignment_creation_request_id (required, String)

    The identifier that is used to track the request operation progress.

Returns:

See Also:



778
779
780
781
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 778

def (params = {}, options = {})
  req = build_request(:describe_account_assignment_creation_status, params)
  req.send_request(options)
end

#describe_account_assignment_deletion_status(params = {}) ⇒ Types::DescribeAccountAssignmentDeletionStatusResponse

Describes the status of the assignment deletion request.

Examples:

Request syntax with placeholder values


resp = client.({
  instance_arn: "InstanceArn", # required
  account_assignment_deletion_request_id: "UUId", # required
})

Response structure


resp..status #=> String, one of "IN_PROGRESS", "FAILED", "SUCCEEDED"
resp..request_id #=> String
resp..failure_reason #=> String
resp..target_id #=> String
resp..target_type #=> String, one of "AWS_ACCOUNT"
resp..permission_set_arn #=> String
resp..principal_type #=> String, one of "USER", "GROUP"
resp..principal_id #=> String
resp..created_date #=> Time

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :instance_arn (required, String)

    The ARN of the SSO instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.

  • :account_assignment_deletion_request_id (required, String)

    The identifier that is used to track the request operation progress.

Returns:

See Also:



822
823
824
825
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 822

def (params = {}, options = {})
  req = build_request(:describe_account_assignment_deletion_status, params)
  req.send_request(options)
end

#describe_instance_access_control_attribute_configuration(params = {}) ⇒ Types::DescribeInstanceAccessControlAttributeConfigurationResponse

Returns the list of Amazon Web Services SSO identity store attributes that have been configured to work with attributes-based access control (ABAC) for the specified Amazon Web Services SSO instance. This will not return attributes configured and sent by an external identity provider. For more information about ABAC, see Attribute-Based Access Control in the Amazon Web Services SSO User Guide.

Examples:

Request syntax with placeholder values


resp = client.describe_instance_access_control_attribute_configuration({
  instance_arn: "InstanceArn", # required
})

Response structure


resp.status #=> String, one of "ENABLED", "CREATION_IN_PROGRESS", "CREATION_FAILED"
resp.status_reason #=> String
resp.instance_access_control_attribute_configuration.access_control_attributes #=> Array
resp.instance_access_control_attribute_configuration.access_control_attributes[0].key #=> String
resp.instance_access_control_attribute_configuration.access_control_attributes[0].value.source #=> Array
resp.instance_access_control_attribute_configuration.access_control_attributes[0].value.source[0] #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :instance_arn (required, String)

    The ARN of the SSO instance under which the operation will be executed.

Returns:

See Also:



864
865
866
867
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 864

def describe_instance_access_control_attribute_configuration(params = {}, options = {})
  req = build_request(:describe_instance_access_control_attribute_configuration, params)
  req.send_request(options)
end

#describe_permission_set(params = {}) ⇒ Types::DescribePermissionSetResponse

Gets the details of the permission set.

Examples:

Request syntax with placeholder values


resp = client.describe_permission_set({
  instance_arn: "InstanceArn", # required
  permission_set_arn: "PermissionSetArn", # required
})

Response structure


resp.permission_set.name #=> String
resp.permission_set.permission_set_arn #=> String
resp.permission_set.description #=> String
resp.permission_set.created_date #=> Time
resp.permission_set.session_duration #=> String
resp.permission_set.relay_state #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

Returns:

See Also:



905
906
907
908
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 905

def describe_permission_set(params = {}, options = {})
  req = build_request(:describe_permission_set, params)
  req.send_request(options)
end

#describe_permission_set_provisioning_status(params = {}) ⇒ Types::DescribePermissionSetProvisioningStatusResponse

Describes the status for the given permission set provisioning request.

Examples:

Request syntax with placeholder values


resp = client.describe_permission_set_provisioning_status({
  instance_arn: "InstanceArn", # required
  provision_permission_set_request_id: "UUId", # required
})

Response structure


resp.permission_set_provisioning_status.status #=> String, one of "IN_PROGRESS", "FAILED", "SUCCEEDED"
resp.permission_set_provisioning_status.request_id #=> String
resp.permission_set_provisioning_status. #=> String
resp.permission_set_provisioning_status.permission_set_arn #=> String
resp.permission_set_provisioning_status.failure_reason #=> String
resp.permission_set_provisioning_status.created_date #=> Time

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :instance_arn (required, String)

    The ARN of the SSO instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.

  • :provision_permission_set_request_id (required, String)

    The identifier that is provided by the ProvisionPermissionSet call to retrieve the current status of the provisioning workflow.

Returns:

See Also:



948
949
950
951
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 948

def describe_permission_set_provisioning_status(params = {}, options = {})
  req = build_request(:describe_permission_set_provisioning_status, params)
  req.send_request(options)
end

#detach_managed_policy_from_permission_set(params = {}) ⇒ Struct

Detaches the attached IAM managed policy ARN from the specified permission set.

Examples:

Request syntax with placeholder values


resp = client.detach_managed_policy_from_permission_set({
  instance_arn: "InstanceArn", # required
  permission_set_arn: "PermissionSetArn", # required
  managed_policy_arn: "ManagedPolicyArn", # required
})

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :instance_arn (required, String)

    The ARN of the SSO instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.

  • :permission_set_arn (required, String)

    The ARN of the PermissionSet from which the policy should be detached.

  • :managed_policy_arn (required, String)

    The IAM managed policy ARN to be attached to a permission set.

Returns:

  • (Struct)

    Returns an empty response.

See Also:



983
984
985
986
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 983

def detach_managed_policy_from_permission_set(params = {}, options = {})
  req = build_request(:detach_managed_policy_from_permission_set, params)
  req.send_request(options)
end

#get_inline_policy_for_permission_set(params = {}) ⇒ Types::GetInlinePolicyForPermissionSetResponse

Obtains the inline policy assigned to the permission set.

Examples:

Request syntax with placeholder values


resp = client.get_inline_policy_for_permission_set({
  instance_arn: "InstanceArn", # required
  permission_set_arn: "PermissionSetArn", # required
})

Response structure


resp.inline_policy #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

Returns:

See Also:



1019
1020
1021
1022
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 1019

def get_inline_policy_for_permission_set(params = {}, options = {})
  req = build_request(:get_inline_policy_for_permission_set, params)
  req.send_request(options)
end

#list_account_assignment_creation_status(params = {}) ⇒ Types::ListAccountAssignmentCreationStatusResponse

Lists the status of the Amazon Web Services account assignment creation requests for a specified SSO instance.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Request syntax with placeholder values


resp = client.({
  instance_arn: "InstanceArn", # required
  max_results: 1,
  next_token: "Token",
  filter: {
    status: "IN_PROGRESS", # accepts IN_PROGRESS, FAILED, SUCCEEDED
  },
})

Response structure


resp. #=> Array
resp.[0].status #=> String, one of "IN_PROGRESS", "FAILED", "SUCCEEDED"
resp.[0].request_id #=> String
resp.[0].created_date #=> Time
resp.next_token #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :instance_arn (required, String)

    The ARN of the SSO instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.

  • :max_results (Integer)

    The maximum number of results to display for the assignment.

  • :next_token (String)

    The pagination token for the list API. Initially the value is null. Use the output of previous API calls to make subsequent calls.

  • :filter (Types::OperationStatusFilter)

    Filters results based on the passed attribute value.

Returns:

See Also:



1074
1075
1076
1077
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 1074

def (params = {}, options = {})
  req = build_request(:list_account_assignment_creation_status, params)
  req.send_request(options)
end

#list_account_assignment_deletion_status(params = {}) ⇒ Types::ListAccountAssignmentDeletionStatusResponse

Lists the status of the Amazon Web Services account assignment deletion requests for a specified SSO instance.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Request syntax with placeholder values


resp = client.({
  instance_arn: "InstanceArn", # required
  max_results: 1,
  next_token: "Token",
  filter: {
    status: "IN_PROGRESS", # accepts IN_PROGRESS, FAILED, SUCCEEDED
  },
})

Response structure


resp. #=> Array
resp.[0].status #=> String, one of "IN_PROGRESS", "FAILED", "SUCCEEDED"
resp.[0].request_id #=> String
resp.[0].created_date #=> Time
resp.next_token #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :instance_arn (required, String)

    The ARN of the SSO instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.

  • :max_results (Integer)

    The maximum number of results to display for the assignment.

  • :next_token (String)

    The pagination token for the list API. Initially the value is null. Use the output of previous API calls to make subsequent calls.

  • :filter (Types::OperationStatusFilter)

    Filters results based on the passed attribute value.

Returns:

See Also:



1129
1130
1131
1132
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 1129

def (params = {}, options = {})
  req = build_request(:list_account_assignment_deletion_status, params)
  req.send_request(options)
end

#list_account_assignments(params = {}) ⇒ Types::ListAccountAssignmentsResponse

Lists the assignee of the specified Amazon Web Services account with the specified permission set.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Request syntax with placeholder values


resp = client.({
  instance_arn: "InstanceArn", # required
  account_id: "TargetId", # required
  permission_set_arn: "PermissionSetArn", # required
  max_results: 1,
  next_token: "Token",
})

Response structure


resp. #=> Array
resp.[0]. #=> String
resp.[0].permission_set_arn #=> String
resp.[0].principal_type #=> String, one of "USER", "GROUP"
resp.[0].principal_id #=> String
resp.next_token #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :instance_arn (required, String)

    The ARN of the SSO instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.

  • :account_id (required, String)

    The identifier of the Amazon Web Services account from which to list the assignments.

  • :permission_set_arn (required, String)

    The ARN of the permission set from which to list assignments.

  • :max_results (Integer)

    The maximum number of results to display for the assignment.

  • :next_token (String)

    The pagination token for the list API. Initially the value is null. Use the output of previous API calls to make subsequent calls.

Returns:

See Also:



1188
1189
1190
1191
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 1188

def (params = {}, options = {})
  req = build_request(:list_account_assignments, params)
  req.send_request(options)
end

#list_accounts_for_provisioned_permission_set(params = {}) ⇒ Types::ListAccountsForProvisionedPermissionSetResponse

Lists all the Amazon Web Services accounts where the specified permission set is provisioned.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Request syntax with placeholder values


resp = client.list_accounts_for_provisioned_permission_set({
  instance_arn: "InstanceArn", # required
  permission_set_arn: "PermissionSetArn", # required
  provisioning_status: "LATEST_PERMISSION_SET_PROVISIONED", # accepts LATEST_PERMISSION_SET_PROVISIONED, LATEST_PERMISSION_SET_NOT_PROVISIONED
  max_results: 1,
  next_token: "Token",
})

Response structure


resp. #=> Array
resp.[0] #=> String
resp.next_token #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :instance_arn (required, String)

    The ARN of the SSO instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.

  • :permission_set_arn (required, String)

    The ARN of the PermissionSet from which the associated Amazon Web Services accounts will be listed.

  • :provisioning_status (String)

    The permission set provisioning status for an Amazon Web Services account.

  • :max_results (Integer)

    The maximum number of results to display for the PermissionSet.

  • :next_token (String)

    The pagination token for the list API. Initially the value is null. Use the output of previous API calls to make subsequent calls.

Returns:

See Also:



1245
1246
1247
1248
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 1245

def list_accounts_for_provisioned_permission_set(params = {}, options = {})
  req = build_request(:list_accounts_for_provisioned_permission_set, params)
  req.send_request(options)
end

#list_instances(params = {}) ⇒ Types::ListInstancesResponse

Lists the SSO instances that the caller has access to.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Request syntax with placeholder values


resp = client.list_instances({
  max_results: 1,
  next_token: "Token",
})

Response structure


resp.instances #=> Array
resp.instances[0].instance_arn #=> String
resp.instances[0].identity_store_id #=> String
resp.next_token #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :max_results (Integer)

    The maximum number of results to display for the instance.

  • :next_token (String)

    The pagination token for the list API. Initially the value is null. Use the output of previous API calls to make subsequent calls.

Returns:

See Also:



1284
1285
1286
1287
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 1284

def list_instances(params = {}, options = {})
  req = build_request(:list_instances, params)
  req.send_request(options)
end

#list_managed_policies_in_permission_set(params = {}) ⇒ Types::ListManagedPoliciesInPermissionSetResponse

Lists the IAM managed policy that is attached to a specified permission set.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Request syntax with placeholder values


resp = client.list_managed_policies_in_permission_set({
  instance_arn: "InstanceArn", # required
  permission_set_arn: "PermissionSetArn", # required
  max_results: 1,
  next_token: "Token",
})

Response structure


resp.attached_managed_policies #=> Array
resp.attached_managed_policies[0].name #=> String
resp.attached_managed_policies[0].arn #=> String
resp.next_token #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :instance_arn (required, String)

    The ARN of the SSO instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.

  • :permission_set_arn (required, String)

    The ARN of the PermissionSet whose managed policies will be listed.

  • :max_results (Integer)

    The maximum number of results to display for the PermissionSet.

  • :next_token (String)

    The pagination token for the list API. Initially the value is null. Use the output of previous API calls to make subsequent calls.

Returns:

See Also:



1336
1337
1338
1339
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 1336

def list_managed_policies_in_permission_set(params = {}, options = {})
  req = build_request(:list_managed_policies_in_permission_set, params)
  req.send_request(options)
end

#list_permission_set_provisioning_status(params = {}) ⇒ Types::ListPermissionSetProvisioningStatusResponse

Lists the status of the permission set provisioning requests for a specified SSO instance.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Request syntax with placeholder values


resp = client.list_permission_set_provisioning_status({
  instance_arn: "InstanceArn", # required
  max_results: 1,
  next_token: "Token",
  filter: {
    status: "IN_PROGRESS", # accepts IN_PROGRESS, FAILED, SUCCEEDED
  },
})

Response structure


resp.permission_sets_provisioning_status #=> Array
resp.permission_sets_provisioning_status[0].status #=> String, one of "IN_PROGRESS", "FAILED", "SUCCEEDED"
resp.permission_sets_provisioning_status[0].request_id #=> String
resp.permission_sets_provisioning_status[0].created_date #=> Time
resp.next_token #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :instance_arn (required, String)

    The ARN of the SSO instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.

  • :max_results (Integer)

    The maximum number of results to display for the assignment.

  • :next_token (String)

    The pagination token for the list API. Initially the value is null. Use the output of previous API calls to make subsequent calls.

  • :filter (Types::OperationStatusFilter)

    Filters results based on the passed attribute value.

Returns:

See Also:



1391
1392
1393
1394
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 1391

def list_permission_set_provisioning_status(params = {}, options = {})
  req = build_request(:list_permission_set_provisioning_status, params)
  req.send_request(options)
end

#list_permission_sets(params = {}) ⇒ Types::ListPermissionSetsResponse

Lists the PermissionSets in an SSO instance.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Request syntax with placeholder values


resp = client.list_permission_sets({
  instance_arn: "InstanceArn", # required
  next_token: "Token",
  max_results: 1,
})

Response structure


resp.permission_sets #=> Array
resp.permission_sets[0] #=> String
resp.next_token #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :instance_arn (required, String)

    The ARN of the SSO instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.

  • :next_token (String)

    The pagination token for the list API. Initially the value is null. Use the output of previous API calls to make subsequent calls.

  • :max_results (Integer)

    The maximum number of results to display for the assignment.

Returns:

See Also:



1437
1438
1439
1440
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 1437

def list_permission_sets(params = {}, options = {})
  req = build_request(:list_permission_sets, params)
  req.send_request(options)
end

#list_permission_sets_provisioned_to_account(params = {}) ⇒ Types::ListPermissionSetsProvisionedToAccountResponse

Lists all the permission sets that are provisioned to a specified Amazon Web Services account.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Request syntax with placeholder values


resp = client.({
  instance_arn: "InstanceArn", # required
  account_id: "AccountId", # required
  provisioning_status: "LATEST_PERMISSION_SET_PROVISIONED", # accepts LATEST_PERMISSION_SET_PROVISIONED, LATEST_PERMISSION_SET_NOT_PROVISIONED
  max_results: 1,
  next_token: "Token",
})

Response structure


resp.next_token #=> String
resp.permission_sets #=> Array
resp.permission_sets[0] #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :instance_arn (required, String)

    The ARN of the SSO instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.

  • :account_id (required, String)

    The identifier of the Amazon Web Services account from which to list the assignments.

  • :provisioning_status (String)

    The status object for the permission set provisioning operation.

  • :max_results (Integer)

    The maximum number of results to display for the assignment.

  • :next_token (String)

    The pagination token for the list API. Initially the value is null. Use the output of previous API calls to make subsequent calls.

Returns:

See Also:



1493
1494
1495
1496
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 1493

def (params = {}, options = {})
  req = build_request(:list_permission_sets_provisioned_to_account, params)
  req.send_request(options)
end

#list_tags_for_resource(params = {}) ⇒ Types::ListTagsForResourceResponse

Lists the tags that are attached to a specified resource.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Request syntax with placeholder values


resp = client.list_tags_for_resource({
  instance_arn: "InstanceArn", # required
  resource_arn: "GeneralArn", # required
  next_token: "Token",
})

Response structure


resp.tags #=> Array
resp.tags[0].key #=> String
resp.tags[0].value #=> String
resp.next_token #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :instance_arn (required, String)

    The ARN of the SSO instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.

  • :resource_arn (required, String)

    The ARN of the resource with the tags to be listed.

  • :next_token (String)

    The pagination token for the list API. Initially the value is null. Use the output of previous API calls to make subsequent calls.

Returns:

See Also:



1540
1541
1542
1543
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 1540

def list_tags_for_resource(params = {}, options = {})
  req = build_request(:list_tags_for_resource, params)
  req.send_request(options)
end

#provision_permission_set(params = {}) ⇒ Types::ProvisionPermissionSetResponse

The process by which a specified permission set is provisioned to the specified target.

Examples:

Request syntax with placeholder values


resp = client.provision_permission_set({
  instance_arn: "InstanceArn", # required
  permission_set_arn: "PermissionSetArn", # required
  target_id: "TargetId",
  target_type: "AWS_ACCOUNT", # required, accepts AWS_ACCOUNT, ALL_PROVISIONED_ACCOUNTS
})

Response structure


resp.permission_set_provisioning_status.status #=> String, one of "IN_PROGRESS", "FAILED", "SUCCEEDED"
resp.permission_set_provisioning_status.request_id #=> String
resp.permission_set_provisioning_status. #=> String
resp.permission_set_provisioning_status.permission_set_arn #=> String
resp.permission_set_provisioning_status.failure_reason #=> String
resp.permission_set_provisioning_status.created_date #=> Time

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :instance_arn (required, String)

    The ARN of the SSO instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.

  • :permission_set_arn (required, String)

    The ARN of the permission set.

  • :target_id (String)

    TargetID is an Amazon Web Services account identifier, typically a 10-12 digit string (For example, 123456789012).

  • :target_type (required, String)

    The entity type for which the assignment will be created.

Returns:

See Also:



1591
1592
1593
1594
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 1591

def provision_permission_set(params = {}, options = {})
  req = build_request(:provision_permission_set, params)
  req.send_request(options)
end

#put_inline_policy_to_permission_set(params = {}) ⇒ Struct

Attaches an IAM inline policy to a permission set.

If the permission set is already referenced by one or more account assignments, you will need to call ProvisionPermissionSet after this action to apply the corresponding IAM policy updates to all assigned accounts.

Examples:

Request syntax with placeholder values


resp = client.put_inline_policy_to_permission_set({
  instance_arn: "InstanceArn", # required
  permission_set_arn: "PermissionSetArn", # required
  inline_policy: "PermissionSetPolicyDocument", # required
})

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :instance_arn (required, String)

    The ARN of the SSO instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.

  • :permission_set_arn (required, String)

    The ARN of the permission set.

  • :inline_policy (required, String)

    The IAM inline policy to attach to a PermissionSet.

Returns:

  • (Struct)

    Returns an empty response.

See Also:



1632
1633
1634
1635
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 1632

def put_inline_policy_to_permission_set(params = {}, options = {})
  req = build_request(:put_inline_policy_to_permission_set, params)
  req.send_request(options)
end

#tag_resource(params = {}) ⇒ Struct

Associates a set of tags with a specified resource.

Examples:

Request syntax with placeholder values


resp = client.tag_resource({
  instance_arn: "InstanceArn", # required
  resource_arn: "GeneralArn", # required
  tags: [ # required
    {
      key: "TagKey",
      value: "TagValue",
    },
  ],
})

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :instance_arn (required, String)

    The ARN of the SSO instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.

  • :resource_arn (required, String)

    The ARN of the resource with the tags to be listed.

  • :tags (required, Array<Types::Tag>)

    A set of key-value pairs that are used to manage the resource.

Returns:

  • (Struct)

    Returns an empty response.

See Also:



1671
1672
1673
1674
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 1671

def tag_resource(params = {}, options = {})
  req = build_request(:tag_resource, params)
  req.send_request(options)
end

#untag_resource(params = {}) ⇒ Struct

Disassociates a set of tags from a specified resource.

Examples:

Request syntax with placeholder values


resp = client.untag_resource({
  instance_arn: "InstanceArn", # required
  resource_arn: "GeneralArn", # required
  tag_keys: ["TagKey"], # required
})

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :instance_arn (required, String)

    The ARN of the SSO instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.

  • :resource_arn (required, String)

    The ARN of the resource with the tags to be listed.

  • :tag_keys (required, Array<String>)

    The keys of tags that are attached to the resource.

Returns:

  • (Struct)

    Returns an empty response.

See Also:



1705
1706
1707
1708
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 1705

def untag_resource(params = {}, options = {})
  req = build_request(:untag_resource, params)
  req.send_request(options)
end

#update_instance_access_control_attribute_configuration(params = {}) ⇒ Struct

Updates the Amazon Web Services SSO identity store attributes that you can use with the Amazon Web Services SSO instance for attributes-based access control (ABAC). When using an external identity provider as an identity source, you can pass attributes through the SAML assertion as an alternative to configuring attributes from the Amazon Web Services SSO identity store. If a SAML assertion passes any of these attributes, Amazon Web Services SSO replaces the attribute value with the value from the Amazon Web Services SSO identity store. For more information about ABAC, see Attribute-Based Access Control in the Amazon Web Services SSO User Guide.

Examples:

Request syntax with placeholder values


resp = client.update_instance_access_control_attribute_configuration({
  instance_arn: "InstanceArn", # required
  instance_access_control_attribute_configuration: { # required
    access_control_attributes: [ # required
      {
        key: "AccessControlAttributeKey", # required
        value: { # required
          source: ["AccessControlAttributeValueSource"], # required
        },
      },
    ],
  },
})

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :instance_arn (required, String)

    The ARN of the SSO instance under which the operation will be executed.

  • :instance_access_control_attribute_configuration (required, Types::InstanceAccessControlAttributeConfiguration)

    Updates the attributes for your ABAC configuration.

Returns:

  • (Struct)

    Returns an empty response.

See Also:



1751
1752
1753
1754
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 1751

def update_instance_access_control_attribute_configuration(params = {}, options = {})
  req = build_request(:update_instance_access_control_attribute_configuration, params)
  req.send_request(options)
end

#update_permission_set(params = {}) ⇒ Struct

Updates an existing permission set.

Examples:

Request syntax with placeholder values


resp = client.update_permission_set({
  instance_arn: "InstanceArn", # required
  permission_set_arn: "PermissionSetArn", # required
  description: "PermissionSetDescription",
  session_duration: "Duration",
  relay_state: "RelayState",
})

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :instance_arn (required, String)

    The ARN of the SSO instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.

  • :permission_set_arn (required, String)

    The ARN of the permission set.

  • :description (String)

    The description of the PermissionSet.

  • :session_duration (String)

    The length of time that the application user sessions are valid for in the ISO-8601 standard.

  • :relay_state (String)

    Used to redirect users within the application during the federation authentication process.

Returns:

  • (Struct)

    Returns an empty response.

See Also:



1795
1796
1797
1798
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 1795

def update_permission_set(params = {}, options = {})
  req = build_request(:update_permission_set, params)
  req.send_request(options)
end