AccountAssignment - AWS Single Sign-On

AccountAssignment

The assignment that indicates a principal's limited access to a specified AWS account with a specified permission set.

Note

The term principal here refers to a user or group that is defined in AWS SSO.

Contents

AccountId

The identifier of the AWS account.

Type: String

Pattern: \d{12}

Required: No

PermissionSetArn

The ARN of the permission set. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.

Type: String

Length Constraints: Minimum length of 10. Maximum length of 1224.

Pattern: arn:aws:sso:::permissionSet/(sso)?ins-[a-zA-Z0-9-.]{16}/ps-[a-zA-Z0-9-./]{16}

Required: No

PrincipalId

An identifier for an object in AWS SSO, such as a user or group. PrincipalIds are GUIDs (For example, f81d4fae-7dec-11d0-a765-00a0c91e6bf6). For more information about PrincipalIds in AWS SSO, see the AWS SSO Identity Store API Reference.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 47.

Pattern: ^([0-9a-f]{10}-|)[A-Fa-f0-9]{8}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{12}$

Required: No

PrincipalType

The entity type for which the assignment will be created.

Type: String

Valid Values: USER | GROUP

Required: No

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: