AccountAssignment - IAM Identity Center


The assignment that indicates a principal's limited access to a specified AWS account with a specified permission set.


The term principal here refers to a user or group that is defined in IAM Identity Center.



The identifier of the AWS account.

Type: String

Length Constraints: Fixed length of 12.

Pattern: \d{12}

Required: No


The ARN of the permission set. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.

Type: String

Length Constraints: Minimum length of 10. Maximum length of 1224.

Pattern: arn:(aws|aws-us-gov|aws-cn|aws-iso|aws-iso-b):sso:::permissionSet/(sso)?ins-[a-zA-Z0-9-.]{16}/ps-[a-zA-Z0-9-./]{16}

Required: No


An identifier for an object in IAM Identity Center, such as a user or group. PrincipalIds are GUIDs (For example, f81d4fae-7dec-11d0-a765-00a0c91e6bf6). For more information about PrincipalIds in IAM Identity Center, see the IAM Identity Center Identity Store API Reference.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 47.

Pattern: ^([0-9a-f]{10}-|)[A-Fa-f0-9]{8}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{12}$

Required: No


The entity type for which the assignment will be created.

Type: String

Valid Values: USER | GROUP

Required: No

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: