Class: Aws::SSOAdmin::Client

Inherits:
Seahorse::Client::Base show all
Includes:
ClientStubs
Defined in:
gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb

Overview

An API client for SSOAdmin. To construct a client, you need to configure a :region and :credentials.

client = Aws::SSOAdmin::Client.new(
  region: region_name,
  credentials: credentials,
  # ...
)

For details on configuring region and credentials see the developer guide.

See #initialize for a full list of supported configuration options.

Instance Attribute Summary

Attributes inherited from Seahorse::Client::Base

#config, #handlers

API Operations collapse

Instance Method Summary collapse

Methods included from ClientStubs

#api_requests, #stub_data, #stub_responses

Methods inherited from Seahorse::Client::Base

add_plugin, api, clear_plugins, define, new, #operation_names, plugins, remove_plugin, set_api, set_plugins

Methods included from Seahorse::Client::HandlerBuilder

#handle, #handle_request, #handle_response

Constructor Details

#initialize(options) ⇒ Client

Returns a new instance of Client.

Parameters:

  • options (Hash)

Options Hash (options):

  • :credentials (required, Aws::CredentialProvider)

    Your AWS credentials. This can be an instance of any one of the following classes:

    • Aws::Credentials - Used for configuring static, non-refreshing credentials.

    • Aws::SharedCredentials - Used for loading static credentials from a shared file, such as ~/.aws/config.

    • Aws::AssumeRoleCredentials - Used when you need to assume a role.

    • Aws::AssumeRoleWebIdentityCredentials - Used when you need to assume a role after providing credentials via the web.

    • Aws::SSOCredentials - Used for loading credentials from AWS SSO using an access token generated from aws login.

    • Aws::ProcessCredentials - Used for loading credentials from a process that outputs to stdout.

    • Aws::InstanceProfileCredentials - Used for loading credentials from an EC2 IMDS on an EC2 instance.

    • Aws::ECSCredentials - Used for loading credentials from instances running in ECS.

    • Aws::CognitoIdentityCredentials - Used for loading credentials from the Cognito Identity service.

    When :credentials are not configured directly, the following locations will be searched for credentials:

    • Aws.config[:credentials]
    • The :access_key_id, :secret_access_key, and :session_token options.
    • ENV['AWS_ACCESS_KEY_ID'], ENV['AWS_SECRET_ACCESS_KEY']
    • ~/.aws/credentials
    • ~/.aws/config
    • EC2/ECS IMDS instance profile - When used by default, the timeouts are very aggressive. Construct and pass an instance of Aws::InstanceProfileCredentails or Aws::ECSCredentials to enable retries and extended timeouts. Instance profile credential fetching can be disabled by setting ENV['AWS_EC2_METADATA_DISABLED'] to true.
  • :region (required, String)

    The AWS region to connect to. The configured :region is used to determine the service :endpoint. When not passed, a default :region is searched for in the following locations:

    • Aws.config[:region]
    • ENV['AWS_REGION']
    • ENV['AMAZON_REGION']
    • ENV['AWS_DEFAULT_REGION']
    • ~/.aws/credentials
    • ~/.aws/config
  • :access_key_id (String)
  • :active_endpoint_cache (Boolean) — default: false

    When set to true, a thread polling for endpoints will be running in the background every 60 secs (default). Defaults to false.

  • :adaptive_retry_wait_to_fill (Boolean) — default: true

    Used only in adaptive retry mode. When true, the request will sleep until there is sufficent client side capacity to retry the request. When false, the request will raise a RetryCapacityNotAvailableError and will not retry instead of sleeping.

  • :client_side_monitoring (Boolean) — default: false

    When true, client-side metrics will be collected for all API requests from this client.

  • :client_side_monitoring_client_id (String) — default: ""

    Allows you to provide an identifier for this client which will be attached to all generated client side metrics. Defaults to an empty string.

  • :client_side_monitoring_host (String) — default: "127.0.0.1"

    Allows you to specify the DNS hostname or IPv4 or IPv6 address that the client side monitoring agent is running on, where client metrics will be published via UDP.

  • :client_side_monitoring_port (Integer) — default: 31000

    Required for publishing client metrics. The port that the client side monitoring agent is running on, where client metrics will be published via UDP.

  • :client_side_monitoring_publisher (Aws::ClientSideMonitoring::Publisher) — default: Aws::ClientSideMonitoring::Publisher

    Allows you to provide a custom client-side monitoring publisher class. By default, will use the Client Side Monitoring Agent Publisher.

  • :convert_params (Boolean) — default: true

    When true, an attempt is made to coerce request parameters into the required types.

  • :correct_clock_skew (Boolean) — default: true

    Used only in standard and adaptive retry modes. Specifies whether to apply a clock skew correction and retry requests with skewed client clocks.

  • :defaults_mode (String) — default: "legacy"

    See DefaultsModeConfiguration for a list of the accepted modes and the configuration defaults that are included.

  • :disable_host_prefix_injection (Boolean) — default: false

    Set to true to disable SDK automatically adding host prefix to default service endpoint when available.

  • :endpoint (String)

    The client endpoint is normally constructed from the :region option. You should only configure an :endpoint when connecting to test or custom endpoints. This should be a valid HTTP(S) URI.

  • :endpoint_cache_max_entries (Integer) — default: 1000

    Used for the maximum size limit of the LRU cache storing endpoints data for endpoint discovery enabled operations. Defaults to 1000.

  • :endpoint_cache_max_threads (Integer) — default: 10

    Used for the maximum threads in use for polling endpoints to be cached, defaults to 10.

  • :endpoint_cache_poll_interval (Integer) — default: 60

    When :endpoint_discovery and :active_endpoint_cache is enabled, Use this option to config the time interval in seconds for making requests fetching endpoints information. Defaults to 60 sec.

  • :endpoint_discovery (Boolean) — default: false

    When set to true, endpoint discovery will be enabled for operations when available.

  • :log_formatter (Aws::Log::Formatter) — default: Aws::Log::Formatter.default

    The log formatter.

  • :log_level (Symbol) — default: :info

    The log level to send messages to the :logger at.

  • :logger (Logger)

    The Logger instance to send log messages to. If this option is not set, logging will be disabled.

  • :max_attempts (Integer) — default: 3

    An integer representing the maximum number attempts that will be made for a single request, including the initial attempt. For example, setting this value to 5 will result in a request being retried up to 4 times. Used in standard and adaptive retry modes.

  • :profile (String) — default: "default"

    Used when loading credentials from the shared credentials file at HOME/.aws/credentials. When not specified, 'default' is used.

  • :retry_backoff (Proc)

    A proc or lambda used for backoff. Defaults to 2**retries * retry_base_delay. This option is only used in the legacy retry mode.

  • :retry_base_delay (Float) — default: 0.3

    The base delay in seconds used by the default backoff function. This option is only used in the legacy retry mode.

  • :retry_jitter (Symbol) — default: :none

    A delay randomiser function used by the default backoff function. Some predefined functions can be referenced by name - :none, :equal, :full, otherwise a Proc that takes and returns a number. This option is only used in the legacy retry mode.

    @see https://www.awsarchitectureblog.com/2015/03/backoff.html

  • :retry_limit (Integer) — default: 3

    The maximum number of times to retry failed requests. Only ~ 500 level server errors and certain ~ 400 level client errors are retried. Generally, these are throttling errors, data checksum errors, networking errors, timeout errors, auth errors, endpoint discovery, and errors from expired credentials. This option is only used in the legacy retry mode.

  • :retry_max_delay (Integer) — default: 0

    The maximum number of seconds to delay between retries (0 for no limit) used by the default backoff function. This option is only used in the legacy retry mode.

  • :retry_mode (String) — default: "legacy"

    Specifies which retry algorithm to use. Values are:

    • legacy - The pre-existing retry behavior. This is default value if no retry mode is provided.

    • standard - A standardized set of retry rules across the AWS SDKs. This includes support for retry quotas, which limit the number of unsuccessful retries a client can make.

    • adaptive - An experimental retry mode that includes all the functionality of standard mode along with automatic client side throttling. This is a provisional mode that may change behavior in the future.

  • :secret_access_key (String)
  • :session_token (String)
  • :simple_json (Boolean) — default: false

    Disables request parameter conversion, validation, and formatting. Also disable response data type conversions. This option is useful when you want to ensure the highest level of performance by avoiding overhead of walking request parameters and response data structures.

    When :simple_json is enabled, the request parameters hash must be formatted exactly as the DynamoDB API expects.

  • :stub_responses (Boolean) — default: false

    Causes the client to return stubbed responses. By default fake responses are generated and returned. You can specify the response data to return or errors to raise by calling ClientStubs#stub_responses. See ClientStubs for more information.

    Please note When response stubbing is enabled, no HTTP requests are made, and retries are disabled.

  • :use_dualstack_endpoint (Boolean)

    When set to true, dualstack enabled endpoints (with .aws TLD) will be used if available.

  • :use_fips_endpoint (Boolean)

    When set to true, fips compatible endpoints will be used if available. When a fips region is used, the region is normalized and this config is set to true.

  • :validate_params (Boolean) — default: true

    When true, request parameters are validated before sending the request.

  • :http_proxy (URI::HTTP, String)

    A proxy to send requests through. Formatted like 'http://proxy.com:123'.

  • :http_open_timeout (Float) — default: 15

    The number of seconds to wait when opening a HTTP session before raising a Timeout::Error.

  • :http_read_timeout (Float) — default: 60

    The default number of seconds to wait for response data. This value can safely be set per-request on the session.

  • :http_idle_timeout (Float) — default: 5

    The number of seconds a connection is allowed to sit idle before it is considered stale. Stale connections are closed and removed from the pool before making a request.

  • :http_continue_timeout (Float) — default: 1

    The number of seconds to wait for a 100-continue response before sending the request body. This option has no effect unless the request has "Expect" header set to "100-continue". Defaults to nil which disables this behaviour. This value can safely be set per request on the session.

  • :ssl_timeout (Float) — default: nil

    Sets the SSL timeout in seconds.

  • :http_wire_trace (Boolean) — default: false

    When true, HTTP debug output will be sent to the :logger.

  • :ssl_verify_peer (Boolean) — default: true

    When true, SSL peer certificates are verified when establishing a connection.

  • :ssl_ca_bundle (String)

    Full path to the SSL certificate authority bundle file that should be used when verifying peer certificates. If you do not pass :ssl_ca_bundle or :ssl_ca_directory the the system default will be used if available.

  • :ssl_ca_directory (String)

    Full path of the directory that contains the unbundled SSL certificate authority files for verifying peer certificates. If you do not pass :ssl_ca_bundle or :ssl_ca_directory the the system default will be used if available.



358
359
360
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 358

def initialize(*args)
  super
end

Instance Method Details

#attach_customer_managed_policy_reference_to_permission_set(params = {}) ⇒ Struct

Attaches the specified customer managed policy to the specified PermissionSet.

Examples:

Request syntax with placeholder values


resp = client.attach_customer_managed_policy_reference_to_permission_set({
  instance_arn: "InstanceArn", # required
  permission_set_arn: "PermissionSetArn", # required
  customer_managed_policy_reference: { # required
    name: "ManagedPolicyName", # required
    path: "ManagedPolicyPath",
  },
})

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :instance_arn (required, String)

    The ARN of the IAM Identity Center instance under which the operation will be executed.

  • :permission_set_arn (required, String)

    The ARN of the PermissionSet.

  • :customer_managed_policy_reference (required, Types::CustomerManagedPolicyReference)

    Specifies the name and path of a customer managed policy. You must have an IAM policy that matches the name and path in each AWS account where you want to deploy your permission set.

Returns:

  • (Struct)

    Returns an empty response.

See Also:



396
397
398
399
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 396

def attach_customer_managed_policy_reference_to_permission_set(params = {}, options = {})
  req = build_request(:attach_customer_managed_policy_reference_to_permission_set, params)
  req.send_request(options)
end

#attach_managed_policy_to_permission_set(params = {}) ⇒ Struct

Attaches an AWS managed policy ARN to a permission set.

If the permission set is already referenced by one or more account assignments, you will need to call ProvisionPermissionSet after this operation. Calling ProvisionPermissionSet applies the corresponding IAM policy updates to all assigned accounts.

Examples:

Request syntax with placeholder values


resp = client.attach_managed_policy_to_permission_set({
  instance_arn: "InstanceArn", # required
  permission_set_arn: "PermissionSetArn", # required
  managed_policy_arn: "ManagedPolicyArn", # required
})

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :instance_arn (required, String)

    The ARN of the IAM Identity Center instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.

  • :permission_set_arn (required, String)

    The ARN of the PermissionSet that the managed policy should be attached to.

  • :managed_policy_arn (required, String)

    The AWS managed policy ARN to be attached to a permission set.

Returns:

  • (Struct)

    Returns an empty response.

See Also:



438
439
440
441
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 438

def attach_managed_policy_to_permission_set(params = {}, options = {})
  req = build_request(:attach_managed_policy_to_permission_set, params)
  req.send_request(options)
end

#create_account_assignment(params = {}) ⇒ Types::CreateAccountAssignmentResponse

Assigns access to a principal for a specified AWS account using a specified permission set.

The term principal here refers to a user or group that is defined in IAM Identity Center.

As part of a successful CreateAccountAssignment call, the specified permission set will automatically be provisioned to the account in the form of an IAM policy. That policy is attached to the IAM role created in IAM Identity Center. If the permission set is subsequently updated, the corresponding IAM policies attached to roles in your accounts will not be updated automatically. In this case, you must call ProvisionPermissionSet to make these updates.

After a successful response, call DescribeAccountAssignmentCreationStatus to describe the status of an assignment creation request.

Examples:

Request syntax with placeholder values


resp = client.({
  instance_arn: "InstanceArn", # required
  target_id: "TargetId", # required
  target_type: "AWS_ACCOUNT", # required, accepts AWS_ACCOUNT
  permission_set_arn: "PermissionSetArn", # required
  principal_type: "USER", # required, accepts USER, GROUP
  principal_id: "PrincipalId", # required
})

Response structure


resp..status #=> String, one of "IN_PROGRESS", "FAILED", "SUCCEEDED"
resp..request_id #=> String
resp..failure_reason #=> String
resp..target_id #=> String
resp..target_type #=> String, one of "AWS_ACCOUNT"
resp..permission_set_arn #=> String
resp..principal_type #=> String, one of "USER", "GROUP"
resp..principal_id #=> String
resp..created_date #=> Time

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :instance_arn (required, String)

    The ARN of the IAM Identity Center instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.

  • :target_id (required, String)

    TargetID is an AWS account identifier, typically a 10-12 digit string (For example, 123456789012).

  • :target_type (required, String)

    The entity type for which the assignment will be created.

  • :permission_set_arn (required, String)

    The ARN of the permission set that the admin wants to grant the principal access to.

  • :principal_type (required, String)

    The entity type for which the assignment will be created.

  • :principal_id (required, String)

    An identifier for an object in IAM Identity Center, such as a user or group. PrincipalIds are GUIDs (For example, f81d4fae-7dec-11d0-a765-00a0c91e6bf6). For more information about PrincipalIds in IAM Identity Center, see the IAM Identity Center Identity Store API Reference.

Returns:

See Also:



527
528
529
530
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 527

def (params = {}, options = {})
  req = build_request(:create_account_assignment, params)
  req.send_request(options)
end

#create_instance_access_control_attribute_configuration(params = {}) ⇒ Struct

Enables the attributes-based access control (ABAC) feature for the specified IAM Identity Center instance. You can also specify new attributes to add to your ABAC configuration during the enabling process. For more information about ABAC, see Attribute-Based Access Control in the IAM Identity Center User Guide.

After a successful response, call DescribeInstanceAccessControlAttributeConfiguration to validate that InstanceAccessControlAttributeConfiguration was created.

Examples:

Request syntax with placeholder values


resp = client.create_instance_access_control_attribute_configuration({
  instance_arn: "InstanceArn", # required
  instance_access_control_attribute_configuration: { # required
    access_control_attributes: [ # required
      {
        key: "AccessControlAttributeKey", # required
        value: { # required
          source: ["AccessControlAttributeValueSource"], # required
        },
      },
    ],
  },
})

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :instance_arn (required, String)

    The ARN of the IAM Identity Center instance under which the operation will be executed.

  • :instance_access_control_attribute_configuration (required, Types::InstanceAccessControlAttributeConfiguration)

    Specifies the IAM Identity Center identity store attributes to add to your ABAC configuration. When using an external identity provider as an identity source, you can pass attributes through the SAML assertion. Doing so provides an alternative to configuring attributes from the IAM Identity Center identity store. If a SAML assertion passes any of these attributes, IAM Identity Center will replace the attribute value with the value from the IAM Identity Center identity store.

Returns:

  • (Struct)

    Returns an empty response.

See Also:



581
582
583
584
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 581

def create_instance_access_control_attribute_configuration(params = {}, options = {})
  req = build_request(:create_instance_access_control_attribute_configuration, params)
  req.send_request(options)
end

#create_permission_set(params = {}) ⇒ Types::CreatePermissionSetResponse

Creates a permission set within a specified IAM Identity Center instance.

To grant users and groups access to AWS account resources, use CreateAccountAssignment.

Examples:

Request syntax with placeholder values


resp = client.create_permission_set({
  name: "PermissionSetName", # required
  description: "PermissionSetDescription",
  instance_arn: "InstanceArn", # required
  session_duration: "Duration",
  relay_state: "RelayState",
  tags: [
    {
      key: "TagKey", # required
      value: "TagValue", # required
    },
  ],
})

Response structure


resp.permission_set.name #=> String
resp.permission_set.permission_set_arn #=> String
resp.permission_set.description #=> String
resp.permission_set.created_date #=> Time
resp.permission_set.session_duration #=> String
resp.permission_set.relay_state #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :name (required, String)

    The name of the PermissionSet.

  • :description (String)

    The description of the PermissionSet.

  • :instance_arn (required, String)

    The ARN of the IAM Identity Center instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.

  • :session_duration (String)

    The length of time that the application user sessions are valid in the ISO-8601 standard.

  • :relay_state (String)

    Used to redirect users within the application during the federation authentication process.

  • :tags (Array<Types::Tag>)

    The tags to attach to the new PermissionSet.

Returns:

See Also:



651
652
653
654
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 651

def create_permission_set(params = {}, options = {})
  req = build_request(:create_permission_set, params)
  req.send_request(options)
end

#delete_account_assignment(params = {}) ⇒ Types::DeleteAccountAssignmentResponse

Deletes a principal's access from a specified AWS account using a specified permission set.

After a successful response, call DescribeAccountAssignmentCreationStatus to describe the status of an assignment deletion request.

Examples:

Request syntax with placeholder values


resp = client.({
  instance_arn: "InstanceArn", # required
  target_id: "TargetId", # required
  target_type: "AWS_ACCOUNT", # required, accepts AWS_ACCOUNT
  permission_set_arn: "PermissionSetArn", # required
  principal_type: "USER", # required, accepts USER, GROUP
  principal_id: "PrincipalId", # required
})

Response structure


resp..status #=> String, one of "IN_PROGRESS", "FAILED", "SUCCEEDED"
resp..request_id #=> String
resp..failure_reason #=> String
resp..target_id #=> String
resp..target_type #=> String, one of "AWS_ACCOUNT"
resp..permission_set_arn #=> String
resp..principal_type #=> String, one of "USER", "GROUP"
resp..principal_id #=> String
resp..created_date #=> Time

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :instance_arn (required, String)

    The ARN of the IAM Identity Center instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.

  • :target_id (required, String)

    TargetID is an AWS account identifier, typically a 10-12 digit string (For example, 123456789012).

  • :target_type (required, String)

    The entity type for which the assignment will be deleted.

  • :permission_set_arn (required, String)

    The ARN of the permission set that will be used to remove access.

  • :principal_type (required, String)

    The entity type for which the assignment will be deleted.

  • :principal_id (required, String)

    An identifier for an object in IAM Identity Center, such as a user or group. PrincipalIds are GUIDs (For example, f81d4fae-7dec-11d0-a765-00a0c91e6bf6). For more information about PrincipalIds in IAM Identity Center, see the IAM Identity Center Identity Store API Reference.

Returns:

See Also:



724
725
726
727
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 724

def (params = {}, options = {})
  req = build_request(:delete_account_assignment, params)
  req.send_request(options)
end

#delete_inline_policy_from_permission_set(params = {}) ⇒ Struct

Deletes the inline policy from a specified permission set.

Examples:

Request syntax with placeholder values


resp = client.delete_inline_policy_from_permission_set({
  instance_arn: "InstanceArn", # required
  permission_set_arn: "PermissionSetArn", # required
})

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :instance_arn (required, String)

    The ARN of the IAM Identity Center instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.

  • :permission_set_arn (required, String)

    The ARN of the permission set that will be used to remove access.

Returns:

  • (Struct)

    Returns an empty response.

See Also:



754
755
756
757
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 754

def delete_inline_policy_from_permission_set(params = {}, options = {})
  req = build_request(:delete_inline_policy_from_permission_set, params)
  req.send_request(options)
end

#delete_instance_access_control_attribute_configuration(params = {}) ⇒ Struct

Disables the attributes-based access control (ABAC) feature for the specified IAM Identity Center instance and deletes all of the attribute mappings that have been configured. Once deleted, any attributes that are received from an identity source and any custom attributes you have previously configured will not be passed. For more information about ABAC, see Attribute-Based Access Control in the IAM Identity Center User Guide.

Examples:

Request syntax with placeholder values


resp = client.delete_instance_access_control_attribute_configuration({
  instance_arn: "InstanceArn", # required
})

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :instance_arn (required, String)

    The ARN of the IAM Identity Center instance under which the operation will be executed.

Returns:

  • (Struct)

    Returns an empty response.

See Also:



784
785
786
787
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 784

def delete_instance_access_control_attribute_configuration(params = {}, options = {})
  req = build_request(:delete_instance_access_control_attribute_configuration, params)
  req.send_request(options)
end

#delete_permission_set(params = {}) ⇒ Struct

Deletes the specified permission set.

Examples:

Request syntax with placeholder values


resp = client.delete_permission_set({
  instance_arn: "InstanceArn", # required
  permission_set_arn: "PermissionSetArn", # required
})

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :instance_arn (required, String)

    The ARN of the IAM Identity Center instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.

  • :permission_set_arn (required, String)

    The ARN of the permission set that should be deleted.

Returns:

  • (Struct)

    Returns an empty response.

See Also:



814
815
816
817
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 814

def delete_permission_set(params = {}, options = {})
  req = build_request(:delete_permission_set, params)
  req.send_request(options)
end

#delete_permissions_boundary_from_permission_set(params = {}) ⇒ Struct

Deletes the permissions boundary from a specified PermissionSet.

Examples:

Request syntax with placeholder values


resp = client.delete_permissions_boundary_from_permission_set({
  instance_arn: "InstanceArn", # required
  permission_set_arn: "PermissionSetArn", # required
})

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :instance_arn (required, String)

    The ARN of the IAM Identity Center instance under which the operation will be executed.

  • :permission_set_arn (required, String)

    The ARN of the PermissionSet.

Returns:

  • (Struct)

    Returns an empty response.

See Also:



841
842
843
844
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 841

def delete_permissions_boundary_from_permission_set(params = {}, options = {})
  req = build_request(:delete_permissions_boundary_from_permission_set, params)
  req.send_request(options)
end

#describe_account_assignment_creation_status(params = {}) ⇒ Types::DescribeAccountAssignmentCreationStatusResponse

Describes the status of the assignment creation request.

Examples:

Request syntax with placeholder values


resp = client.({
  instance_arn: "InstanceArn", # required
  account_assignment_creation_request_id: "UUId", # required
})

Response structure


resp..status #=> String, one of "IN_PROGRESS", "FAILED", "SUCCEEDED"
resp..request_id #=> String
resp..failure_reason #=> String
resp..target_id #=> String
resp..target_type #=> String, one of "AWS_ACCOUNT"
resp..permission_set_arn #=> String
resp..principal_type #=> String, one of "USER", "GROUP"
resp..principal_id #=> String
resp..created_date #=> Time

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :instance_arn (required, String)

    The ARN of the IAM Identity Center instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.

  • :account_assignment_creation_request_id (required, String)

    The identifier that is used to track the request operation progress.

Returns:

See Also:



885
886
887
888
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 885

def (params = {}, options = {})
  req = build_request(:describe_account_assignment_creation_status, params)
  req.send_request(options)
end

#describe_account_assignment_deletion_status(params = {}) ⇒ Types::DescribeAccountAssignmentDeletionStatusResponse

Describes the status of the assignment deletion request.

Examples:

Request syntax with placeholder values


resp = client.({
  instance_arn: "InstanceArn", # required
  account_assignment_deletion_request_id: "UUId", # required
})

Response structure


resp..status #=> String, one of "IN_PROGRESS", "FAILED", "SUCCEEDED"
resp..request_id #=> String
resp..failure_reason #=> String
resp..target_id #=> String
resp..target_type #=> String, one of "AWS_ACCOUNT"
resp..permission_set_arn #=> String
resp..principal_type #=> String, one of "USER", "GROUP"
resp..principal_id #=> String
resp..created_date #=> Time

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :instance_arn (required, String)

    The ARN of the IAM Identity Center instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.

  • :account_assignment_deletion_request_id (required, String)

    The identifier that is used to track the request operation progress.

Returns:

See Also:



929
930
931
932
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 929

def (params = {}, options = {})
  req = build_request(:describe_account_assignment_deletion_status, params)
  req.send_request(options)
end

#describe_instance_access_control_attribute_configuration(params = {}) ⇒ Types::DescribeInstanceAccessControlAttributeConfigurationResponse

Returns the list of IAM Identity Center identity store attributes that have been configured to work with attributes-based access control (ABAC) for the specified IAM Identity Center instance. This will not return attributes configured and sent by an external identity provider. For more information about ABAC, see Attribute-Based Access Control in the IAM Identity Center User Guide.

Examples:

Request syntax with placeholder values


resp = client.describe_instance_access_control_attribute_configuration({
  instance_arn: "InstanceArn", # required
})

Response structure


resp.status #=> String, one of "ENABLED", "CREATION_IN_PROGRESS", "CREATION_FAILED"
resp.status_reason #=> String
resp.instance_access_control_attribute_configuration.access_control_attributes #=> Array
resp.instance_access_control_attribute_configuration.access_control_attributes[0].key #=> String
resp.instance_access_control_attribute_configuration.access_control_attributes[0].value.source #=> Array
resp.instance_access_control_attribute_configuration.access_control_attributes[0].value.source[0] #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :instance_arn (required, String)

    The ARN of the IAM Identity Center instance under which the operation will be executed.

Returns:

See Also:



971
972
973
974
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 971

def describe_instance_access_control_attribute_configuration(params = {}, options = {})
  req = build_request(:describe_instance_access_control_attribute_configuration, params)
  req.send_request(options)
end

#describe_permission_set(params = {}) ⇒ Types::DescribePermissionSetResponse

Gets the details of the permission set.

Examples:

Request syntax with placeholder values


resp = client.describe_permission_set({
  instance_arn: "InstanceArn", # required
  permission_set_arn: "PermissionSetArn", # required
})

Response structure


resp.permission_set.name #=> String
resp.permission_set.permission_set_arn #=> String
resp.permission_set.description #=> String
resp.permission_set.created_date #=> Time
resp.permission_set.session_duration #=> String
resp.permission_set.relay_state #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :instance_arn (required, String)

    The ARN of the IAM Identity Center instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.

  • :permission_set_arn (required, String)

    The ARN of the permission set.

Returns:

See Also:



1012
1013
1014
1015
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 1012

def describe_permission_set(params = {}, options = {})
  req = build_request(:describe_permission_set, params)
  req.send_request(options)
end

#describe_permission_set_provisioning_status(params = {}) ⇒ Types::DescribePermissionSetProvisioningStatusResponse

Describes the status for the given permission set provisioning request.

Examples:

Request syntax with placeholder values


resp = client.describe_permission_set_provisioning_status({
  instance_arn: "InstanceArn", # required
  provision_permission_set_request_id: "UUId", # required
})

Response structure


resp.permission_set_provisioning_status.status #=> String, one of "IN_PROGRESS", "FAILED", "SUCCEEDED"
resp.permission_set_provisioning_status.request_id #=> String
resp.permission_set_provisioning_status. #=> String
resp.permission_set_provisioning_status.permission_set_arn #=> String
resp.permission_set_provisioning_status.failure_reason #=> String
resp.permission_set_provisioning_status.created_date #=> Time

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :instance_arn (required, String)

    The ARN of the IAM Identity Center instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.

  • :provision_permission_set_request_id (required, String)

    The identifier that is provided by the ProvisionPermissionSet call to retrieve the current status of the provisioning workflow.

Returns:

See Also:



1055
1056
1057
1058
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 1055

def describe_permission_set_provisioning_status(params = {}, options = {})
  req = build_request(:describe_permission_set_provisioning_status, params)
  req.send_request(options)
end

#detach_customer_managed_policy_reference_from_permission_set(params = {}) ⇒ Struct

Detaches the specified customer managed policy from the specified PermissionSet.

Examples:

Request syntax with placeholder values


resp = client.detach_customer_managed_policy_reference_from_permission_set({
  instance_arn: "InstanceArn", # required
  permission_set_arn: "PermissionSetArn", # required
  customer_managed_policy_reference: { # required
    name: "ManagedPolicyName", # required
    path: "ManagedPolicyPath",
  },
})

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :instance_arn (required, String)

    The ARN of the IAM Identity Center instance under which the operation will be executed.

  • :permission_set_arn (required, String)

    The ARN of the PermissionSet.

  • :customer_managed_policy_reference (required, Types::CustomerManagedPolicyReference)

    Specifies the name and path of a customer managed policy. You must have an IAM policy that matches the name and path in each AWS account where you want to deploy your permission set.

Returns:

  • (Struct)

    Returns an empty response.

See Also:



1092
1093
1094
1095
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 1092

def detach_customer_managed_policy_reference_from_permission_set(params = {}, options = {})
  req = build_request(:detach_customer_managed_policy_reference_from_permission_set, params)
  req.send_request(options)
end

#detach_managed_policy_from_permission_set(params = {}) ⇒ Struct

Detaches the attached AWS managed policy ARN from the specified permission set.

Examples:

Request syntax with placeholder values


resp = client.detach_managed_policy_from_permission_set({
  instance_arn: "InstanceArn", # required
  permission_set_arn: "PermissionSetArn", # required
  managed_policy_arn: "ManagedPolicyArn", # required
})

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :instance_arn (required, String)

    The ARN of the IAM Identity Center instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.

  • :permission_set_arn (required, String)

    The ARN of the PermissionSet from which the policy should be detached.

  • :managed_policy_arn (required, String)

    The AWS managed policy ARN to be detached from a permission set.

Returns:

  • (Struct)

    Returns an empty response.

See Also:



1127
1128
1129
1130
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 1127

def detach_managed_policy_from_permission_set(params = {}, options = {})
  req = build_request(:detach_managed_policy_from_permission_set, params)
  req.send_request(options)
end

#get_inline_policy_for_permission_set(params = {}) ⇒ Types::GetInlinePolicyForPermissionSetResponse

Obtains the inline policy assigned to the permission set.

Examples:

Request syntax with placeholder values


resp = client.get_inline_policy_for_permission_set({
  instance_arn: "InstanceArn", # required
  permission_set_arn: "PermissionSetArn", # required
})

Response structure


resp.inline_policy #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :instance_arn (required, String)

    The ARN of the IAM Identity Center instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.

  • :permission_set_arn (required, String)

    The ARN of the permission set.

Returns:

See Also:



1163
1164
1165
1166
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 1163

def get_inline_policy_for_permission_set(params = {}, options = {})
  req = build_request(:get_inline_policy_for_permission_set, params)
  req.send_request(options)
end

#get_permissions_boundary_for_permission_set(params = {}) ⇒ Types::GetPermissionsBoundaryForPermissionSetResponse

Obtains the permissions boundary for a specified PermissionSet.

Examples:

Request syntax with placeholder values


resp = client.get_permissions_boundary_for_permission_set({
  instance_arn: "InstanceArn", # required
  permission_set_arn: "PermissionSetArn", # required
})

Response structure


resp.permissions_boundary.customer_managed_policy_reference.name #=> String
resp.permissions_boundary.customer_managed_policy_reference.path #=> String
resp.permissions_boundary.managed_policy_arn #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :instance_arn (required, String)

    The ARN of the IAM Identity Center instance under which the operation will be executed.

  • :permission_set_arn (required, String)

    The ARN of the PermissionSet.

Returns:

See Also:



1198
1199
1200
1201
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 1198

def get_permissions_boundary_for_permission_set(params = {}, options = {})
  req = build_request(:get_permissions_boundary_for_permission_set, params)
  req.send_request(options)
end

#list_account_assignment_creation_status(params = {}) ⇒ Types::ListAccountAssignmentCreationStatusResponse

Lists the status of the AWS account assignment creation requests for a specified IAM Identity Center instance.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Request syntax with placeholder values


resp = client.({
  instance_arn: "InstanceArn", # required
  max_results: 1,
  next_token: "Token",
  filter: {
    status: "IN_PROGRESS", # accepts IN_PROGRESS, FAILED, SUCCEEDED
  },
})

Response structure


resp. #=> Array
resp.[0].status #=> String, one of "IN_PROGRESS", "FAILED", "SUCCEEDED"
resp.[0].request_id #=> String
resp.[0].created_date #=> Time
resp.next_token #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :instance_arn (required, String)

    The ARN of the IAM Identity Center instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.

  • :max_results (Integer)

    The maximum number of results to display for the assignment.

  • :next_token (String)

    The pagination token for the list API. Initially the value is null. Use the output of previous API calls to make subsequent calls.

  • :filter (Types::OperationStatusFilter)

    Filters results based on the passed attribute value.

Returns:

See Also:



1253
1254
1255
1256
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 1253

def (params = {}, options = {})
  req = build_request(:list_account_assignment_creation_status, params)
  req.send_request(options)
end

#list_account_assignment_deletion_status(params = {}) ⇒ Types::ListAccountAssignmentDeletionStatusResponse

Lists the status of the AWS account assignment deletion requests for a specified IAM Identity Center instance.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Request syntax with placeholder values


resp = client.({
  instance_arn: "InstanceArn", # required
  max_results: 1,
  next_token: "Token",
  filter: {
    status: "IN_PROGRESS", # accepts IN_PROGRESS, FAILED, SUCCEEDED
  },
})

Response structure


resp. #=> Array
resp.[0].status #=> String, one of "IN_PROGRESS", "FAILED", "SUCCEEDED"
resp.[0].request_id #=> String
resp.[0].created_date #=> Time
resp.next_token #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :instance_arn (required, String)

    The ARN of the IAM Identity Center instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.

  • :max_results (Integer)

    The maximum number of results to display for the assignment.

  • :next_token (String)

    The pagination token for the list API. Initially the value is null. Use the output of previous API calls to make subsequent calls.

  • :filter (Types::OperationStatusFilter)

    Filters results based on the passed attribute value.

Returns:

See Also:



1308
1309
1310
1311
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 1308

def (params = {}, options = {})
  req = build_request(:list_account_assignment_deletion_status, params)
  req.send_request(options)
end

#list_account_assignments(params = {}) ⇒ Types::ListAccountAssignmentsResponse

Lists the assignee of the specified AWS account with the specified permission set.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Request syntax with placeholder values


resp = client.({
  instance_arn: "InstanceArn", # required
  account_id: "TargetId", # required
  permission_set_arn: "PermissionSetArn", # required
  max_results: 1,
  next_token: "Token",
})

Response structure


resp. #=> Array
resp.[0]. #=> String
resp.[0].permission_set_arn #=> String
resp.[0].principal_type #=> String, one of "USER", "GROUP"
resp.[0].principal_id #=> String
resp.next_token #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :instance_arn (required, String)

    The ARN of the IAM Identity Center instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.

  • :account_id (required, String)

    The identifier of the AWS account from which to list the assignments.

  • :permission_set_arn (required, String)

    The ARN of the permission set from which to list assignments.

  • :max_results (Integer)

    The maximum number of results to display for the assignment.

  • :next_token (String)

    The pagination token for the list API. Initially the value is null. Use the output of previous API calls to make subsequent calls.

Returns:

See Also:



1366
1367
1368
1369
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 1366

def (params = {}, options = {})
  req = build_request(:list_account_assignments, params)
  req.send_request(options)
end

#list_accounts_for_provisioned_permission_set(params = {}) ⇒ Types::ListAccountsForProvisionedPermissionSetResponse

Lists all the AWS accounts where the specified permission set is provisioned.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Request syntax with placeholder values


resp = client.list_accounts_for_provisioned_permission_set({
  instance_arn: "InstanceArn", # required
  permission_set_arn: "PermissionSetArn", # required
  provisioning_status: "LATEST_PERMISSION_SET_PROVISIONED", # accepts LATEST_PERMISSION_SET_PROVISIONED, LATEST_PERMISSION_SET_NOT_PROVISIONED
  max_results: 1,
  next_token: "Token",
})

Response structure


resp. #=> Array
resp.[0] #=> String
resp.next_token #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :instance_arn (required, String)

    The ARN of the IAM Identity Center instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.

  • :permission_set_arn (required, String)

    The ARN of the PermissionSet from which the associated AWS accounts will be listed.

  • :provisioning_status (String)

    The permission set provisioning status for an AWS account.

  • :max_results (Integer)

    The maximum number of results to display for the PermissionSet.

  • :next_token (String)

    The pagination token for the list API. Initially the value is null. Use the output of previous API calls to make subsequent calls.

Returns:

See Also:



1422
1423
1424
1425
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 1422

def list_accounts_for_provisioned_permission_set(params = {}, options = {})
  req = build_request(:list_accounts_for_provisioned_permission_set, params)
  req.send_request(options)
end

#list_customer_managed_policy_references_in_permission_set(params = {}) ⇒ Types::ListCustomerManagedPolicyReferencesInPermissionSetResponse

Lists all customer managed policies attached to a specified PermissionSet.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Request syntax with placeholder values


resp = client.list_customer_managed_policy_references_in_permission_set({
  instance_arn: "InstanceArn", # required
  permission_set_arn: "PermissionSetArn", # required
  max_results: 1,
  next_token: "Token",
})

Response structure


resp.customer_managed_policy_references #=> Array
resp.customer_managed_policy_references[0].name #=> String
resp.customer_managed_policy_references[0].path #=> String
resp.next_token #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :instance_arn (required, String)

    The ARN of the IAM Identity Center instance under which the operation will be executed.

  • :permission_set_arn (required, String)

    The ARN of the PermissionSet.

  • :max_results (Integer)

    The maximum number of results to display for the list call.

  • :next_token (String)

    The pagination token for the list API. Initially the value is null. Use the output of previous API calls to make subsequent calls.

Returns:

See Also:



1471
1472
1473
1474
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 1471

def list_customer_managed_policy_references_in_permission_set(params = {}, options = {})
  req = build_request(:list_customer_managed_policy_references_in_permission_set, params)
  req.send_request(options)
end

#list_instances(params = {}) ⇒ Types::ListInstancesResponse

Lists the IAM Identity Center instances that the caller has access to.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Request syntax with placeholder values


resp = client.list_instances({
  max_results: 1,
  next_token: "Token",
})

Response structure


resp.instances #=> Array
resp.instances[0].instance_arn #=> String
resp.instances[0].identity_store_id #=> String
resp.next_token #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :max_results (Integer)

    The maximum number of results to display for the instance.

  • :next_token (String)

    The pagination token for the list API. Initially the value is null. Use the output of previous API calls to make subsequent calls.

Returns:

See Also:



1510
1511
1512
1513
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 1510

def list_instances(params = {}, options = {})
  req = build_request(:list_instances, params)
  req.send_request(options)
end

#list_managed_policies_in_permission_set(params = {}) ⇒ Types::ListManagedPoliciesInPermissionSetResponse

Lists the AWS managed policy that is attached to a specified permission set.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Request syntax with placeholder values


resp = client.list_managed_policies_in_permission_set({
  instance_arn: "InstanceArn", # required
  permission_set_arn: "PermissionSetArn", # required
  max_results: 1,
  next_token: "Token",
})

Response structure


resp.attached_managed_policies #=> Array
resp.attached_managed_policies[0].name #=> String
resp.attached_managed_policies[0].arn #=> String
resp.next_token #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :instance_arn (required, String)

    The ARN of the IAM Identity Center instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.

  • :permission_set_arn (required, String)

    The ARN of the PermissionSet whose managed policies will be listed.

  • :max_results (Integer)

    The maximum number of results to display for the PermissionSet.

  • :next_token (String)

    The pagination token for the list API. Initially the value is null. Use the output of previous API calls to make subsequent calls.

Returns:

See Also:



1562
1563
1564
1565
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 1562

def list_managed_policies_in_permission_set(params = {}, options = {})
  req = build_request(:list_managed_policies_in_permission_set, params)
  req.send_request(options)
end

#list_permission_set_provisioning_status(params = {}) ⇒ Types::ListPermissionSetProvisioningStatusResponse

Lists the status of the permission set provisioning requests for a specified IAM Identity Center instance.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Request syntax with placeholder values


resp = client.list_permission_set_provisioning_status({
  instance_arn: "InstanceArn", # required
  max_results: 1,
  next_token: "Token",
  filter: {
    status: "IN_PROGRESS", # accepts IN_PROGRESS, FAILED, SUCCEEDED
  },
})

Response structure


resp.permission_sets_provisioning_status #=> Array
resp.permission_sets_provisioning_status[0].status #=> String, one of "IN_PROGRESS", "FAILED", "SUCCEEDED"
resp.permission_sets_provisioning_status[0].request_id #=> String
resp.permission_sets_provisioning_status[0].created_date #=> Time
resp.next_token #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :instance_arn (required, String)

    The ARN of the IAM Identity Center instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.

  • :max_results (Integer)

    The maximum number of results to display for the assignment.

  • :next_token (String)

    The pagination token for the list API. Initially the value is null. Use the output of previous API calls to make subsequent calls.

  • :filter (Types::OperationStatusFilter)

    Filters results based on the passed attribute value.

Returns:

See Also:



1617
1618
1619
1620
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 1617

def list_permission_set_provisioning_status(params = {}, options = {})
  req = build_request(:list_permission_set_provisioning_status, params)
  req.send_request(options)
end

#list_permission_sets(params = {}) ⇒ Types::ListPermissionSetsResponse

Lists the PermissionSets in an IAM Identity Center instance.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Request syntax with placeholder values


resp = client.list_permission_sets({
  instance_arn: "InstanceArn", # required
  next_token: "Token",
  max_results: 1,
})

Response structure


resp.permission_sets #=> Array
resp.permission_sets[0] #=> String
resp.next_token #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :instance_arn (required, String)

    The ARN of the IAM Identity Center instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.

  • :next_token (String)

    The pagination token for the list API. Initially the value is null. Use the output of previous API calls to make subsequent calls.

  • :max_results (Integer)

    The maximum number of results to display for the assignment.

Returns:

See Also:



1663
1664
1665
1666
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 1663

def list_permission_sets(params = {}, options = {})
  req = build_request(:list_permission_sets, params)
  req.send_request(options)
end

#list_permission_sets_provisioned_to_account(params = {}) ⇒ Types::ListPermissionSetsProvisionedToAccountResponse

Lists all the permission sets that are provisioned to a specified AWS account.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Request syntax with placeholder values


resp = client.({
  instance_arn: "InstanceArn", # required
  account_id: "AccountId", # required
  provisioning_status: "LATEST_PERMISSION_SET_PROVISIONED", # accepts LATEST_PERMISSION_SET_PROVISIONED, LATEST_PERMISSION_SET_NOT_PROVISIONED
  max_results: 1,
  next_token: "Token",
})

Response structure


resp.next_token #=> String
resp.permission_sets #=> Array
resp.permission_sets[0] #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :instance_arn (required, String)

    The ARN of the IAM Identity Center instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.

  • :account_id (required, String)

    The identifier of the AWS account from which to list the assignments.

  • :provisioning_status (String)

    The status object for the permission set provisioning operation.

  • :max_results (Integer)

    The maximum number of results to display for the assignment.

  • :next_token (String)

    The pagination token for the list API. Initially the value is null. Use the output of previous API calls to make subsequent calls.

Returns:

See Also:



1718
1719
1720
1721
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 1718

def (params = {}, options = {})
  req = build_request(:list_permission_sets_provisioned_to_account, params)
  req.send_request(options)
end

#list_tags_for_resource(params = {}) ⇒ Types::ListTagsForResourceResponse

Lists the tags that are attached to a specified resource.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Request syntax with placeholder values


resp = client.list_tags_for_resource({
  instance_arn: "InstanceArn", # required
  resource_arn: "TaggableResourceArn", # required
  next_token: "Token",
})

Response structure


resp.tags #=> Array
resp.tags[0].key #=> String
resp.tags[0].value #=> String
resp.next_token #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :instance_arn (required, String)

    The ARN of the IAM Identity Center instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.

  • :resource_arn (required, String)

    The ARN of the resource with the tags to be listed.

  • :next_token (String)

    The pagination token for the list API. Initially the value is null. Use the output of previous API calls to make subsequent calls.

Returns:

See Also:



1765
1766
1767
1768
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 1765

def list_tags_for_resource(params = {}, options = {})
  req = build_request(:list_tags_for_resource, params)
  req.send_request(options)
end

#provision_permission_set(params = {}) ⇒ Types::ProvisionPermissionSetResponse

The process by which a specified permission set is provisioned to the specified target.

Examples:

Request syntax with placeholder values


resp = client.provision_permission_set({
  instance_arn: "InstanceArn", # required
  permission_set_arn: "PermissionSetArn", # required
  target_id: "TargetId",
  target_type: "AWS_ACCOUNT", # required, accepts AWS_ACCOUNT, ALL_PROVISIONED_ACCOUNTS
})

Response structure


resp.permission_set_provisioning_status.status #=> String, one of "IN_PROGRESS", "FAILED", "SUCCEEDED"
resp.permission_set_provisioning_status.request_id #=> String
resp.permission_set_provisioning_status. #=> String
resp.permission_set_provisioning_status.permission_set_arn #=> String
resp.permission_set_provisioning_status.failure_reason #=> String
resp.permission_set_provisioning_status.created_date #=> Time

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :instance_arn (required, String)

    The ARN of the IAM Identity Center instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.

  • :permission_set_arn (required, String)

    The ARN of the permission set.

  • :target_id (String)

    TargetID is an AWS account identifier, typically a 10-12 digit string (For example, 123456789012).

  • :target_type (required, String)

    The entity type for which the assignment will be created.

Returns:

See Also:



1816
1817
1818
1819
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 1816

def provision_permission_set(params = {}, options = {})
  req = build_request(:provision_permission_set, params)
  req.send_request(options)
end

#put_inline_policy_to_permission_set(params = {}) ⇒ Struct

Attaches an inline policy to a permission set.

If the permission set is already referenced by one or more account assignments, you will need to call ProvisionPermissionSet after this action to apply the corresponding IAM policy updates to all assigned accounts.

Examples:

Request syntax with placeholder values


resp = client.put_inline_policy_to_permission_set({
  instance_arn: "InstanceArn", # required
  permission_set_arn: "PermissionSetArn", # required
  inline_policy: "PermissionSetPolicyDocument", # required
})

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :instance_arn (required, String)

    The ARN of the IAM Identity Center instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.

  • :permission_set_arn (required, String)

    The ARN of the permission set.

  • :inline_policy (required, String)

    The inline policy to attach to a PermissionSet.

Returns:

  • (Struct)

    Returns an empty response.

See Also:



1857
1858
1859
1860
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 1857

def put_inline_policy_to_permission_set(params = {}, options = {})
  req = build_request(:put_inline_policy_to_permission_set, params)
  req.send_request(options)
end

#put_permissions_boundary_to_permission_set(params = {}) ⇒ Struct

Attaches an AWS managed or customer managed policy to the specified PermissionSet as a permissions boundary.

Examples:

Request syntax with placeholder values


resp = client.put_permissions_boundary_to_permission_set({
  instance_arn: "InstanceArn", # required
  permission_set_arn: "PermissionSetArn", # required
  permissions_boundary: { # required
    customer_managed_policy_reference: {
      name: "ManagedPolicyName", # required
      path: "ManagedPolicyPath",
    },
    managed_policy_arn: "ManagedPolicyArn",
  },
})

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :instance_arn (required, String)

    The ARN of the IAM Identity Center instance under which the operation will be executed.

  • :permission_set_arn (required, String)

    The ARN of the PermissionSet.

  • :permissions_boundary (required, Types::PermissionsBoundary)

    The permissions boundary that you want to attach to a PermissionSet.

Returns:

  • (Struct)

    Returns an empty response.

See Also:



1895
1896
1897
1898
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 1895

def put_permissions_boundary_to_permission_set(params = {}, options = {})
  req = build_request(:put_permissions_boundary_to_permission_set, params)
  req.send_request(options)
end

#tag_resource(params = {}) ⇒ Struct

Associates a set of tags with a specified resource.

Examples:

Request syntax with placeholder values


resp = client.tag_resource({
  instance_arn: "InstanceArn", # required
  resource_arn: "TaggableResourceArn", # required
  tags: [ # required
    {
      key: "TagKey", # required
      value: "TagValue", # required
    },
  ],
})

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :instance_arn (required, String)

    The ARN of the IAM Identity Center instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.

  • :resource_arn (required, String)

    The ARN of the resource with the tags to be listed.

  • :tags (required, Array<Types::Tag>)

    A set of key-value pairs that are used to manage the resource.

Returns:

  • (Struct)

    Returns an empty response.

See Also:



1934
1935
1936
1937
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 1934

def tag_resource(params = {}, options = {})
  req = build_request(:tag_resource, params)
  req.send_request(options)
end

#untag_resource(params = {}) ⇒ Struct

Disassociates a set of tags from a specified resource.

Examples:

Request syntax with placeholder values


resp = client.untag_resource({
  instance_arn: "InstanceArn", # required
  resource_arn: "TaggableResourceArn", # required
  tag_keys: ["TagKey"], # required
})

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :instance_arn (required, String)

    The ARN of the IAM Identity Center instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.

  • :resource_arn (required, String)

    The ARN of the resource with the tags to be listed.

  • :tag_keys (required, Array<String>)

    The keys of tags that are attached to the resource.

Returns:

  • (Struct)

    Returns an empty response.

See Also:



1968
1969
1970
1971
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 1968

def untag_resource(params = {}, options = {})
  req = build_request(:untag_resource, params)
  req.send_request(options)
end

#update_instance_access_control_attribute_configuration(params = {}) ⇒ Struct

Updates the IAM Identity Center identity store attributes that you can use with the IAM Identity Center instance for attributes-based access control (ABAC). When using an external identity provider as an identity source, you can pass attributes through the SAML assertion as an alternative to configuring attributes from the IAM Identity Center identity store. If a SAML assertion passes any of these attributes, IAM Identity Center replaces the attribute value with the value from the IAM Identity Center identity store. For more information about ABAC, see Attribute-Based Access Control in the IAM Identity Center User Guide.

Examples:

Request syntax with placeholder values


resp = client.update_instance_access_control_attribute_configuration({
  instance_arn: "InstanceArn", # required
  instance_access_control_attribute_configuration: { # required
    access_control_attributes: [ # required
      {
        key: "AccessControlAttributeKey", # required
        value: { # required
          source: ["AccessControlAttributeValueSource"], # required
        },
      },
    ],
  },
})

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :instance_arn (required, String)

    The ARN of the IAM Identity Center instance under which the operation will be executed.

  • :instance_access_control_attribute_configuration (required, Types::InstanceAccessControlAttributeConfiguration)

    Updates the attributes for your ABAC configuration.

Returns:

  • (Struct)

    Returns an empty response.

See Also:



2014
2015
2016
2017
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 2014

def update_instance_access_control_attribute_configuration(params = {}, options = {})
  req = build_request(:update_instance_access_control_attribute_configuration, params)
  req.send_request(options)
end

#update_permission_set(params = {}) ⇒ Struct

Updates an existing permission set.

Examples:

Request syntax with placeholder values


resp = client.update_permission_set({
  instance_arn: "InstanceArn", # required
  permission_set_arn: "PermissionSetArn", # required
  description: "PermissionSetDescription",
  session_duration: "Duration",
  relay_state: "RelayState",
})

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :instance_arn (required, String)

    The ARN of the IAM Identity Center instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.

  • :permission_set_arn (required, String)

    The ARN of the permission set.

  • :description (String)

    The description of the PermissionSet.

  • :session_duration (String)

    The length of time that the application user sessions are valid for in the ISO-8601 standard.

  • :relay_state (String)

    Used to redirect users within the application during the federation authentication process.

Returns:

  • (Struct)

    Returns an empty response.

See Also:



2058
2059
2060
2061
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 2058

def update_permission_set(params = {}, options = {})
  req = build_request(:update_permission_set, params)
  req.send_request(options)
end