aws-sdk-ssoadmin 1.0.0 → 1.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 78d783a645187efcf7dce2479fc3fe2a1d351075628a297a7b3289d724d99b6e
4
- data.tar.gz: 1b8c5e150cb4eeddd208a37b6e213207fd93429a8ddd040c566d0357178c20f1
3
+ metadata.gz: e07a29693cb8e03889e5dce716990d04b7ac038dad09bebcb8c902be40d36631
4
+ data.tar.gz: 8c567ab0105278b17b9ac847e6160d9c3d5d62fdbeb716eeacb0db4a091da315
5
5
  SHA512:
6
- metadata.gz: 92985c1203c9f42d6dbac2b7b53dd58be3bbf45bd5182f49e1fa05bbb5406bcacacda821013a6f477a951d02177003953a2bcc4354a223019d2abea9d52cd5fa
7
- data.tar.gz: 82841762be02e70d77f0fa2a977995c2fd918d9b3cc304430b560e2b5b5d5ea27ccd6dce9b3af5409273d9dae8bb4a0154c91c5caf4505910449bf3270f1a2fb
6
+ metadata.gz: 7fa248ad13c651f9b1aa6fe378462b39147fc539006fc918fa3b1b31dd666029bcebdc42ae19cdf3c4ba59b326b49b0597ca40758425b066cb66e99f5afeedb7
7
+ data.tar.gz: 632241cbb2d94cc4011b7311123dcf9b18c98ee380acd6dc3e5ecef42215f77b4a8da24895598a261a8cc390546576d1ce6264f2d1e8173a330a0b22a39a87ea
@@ -7,6 +7,7 @@
7
7
  #
8
8
  # WARNING ABOUT GENERATED CODE
9
9
 
10
+
10
11
  require 'aws-sdk-core'
11
12
  require 'aws-sigv4'
12
13
 
@@ -47,6 +48,6 @@ require_relative 'aws-sdk-ssoadmin/customizations'
47
48
  # @!group service
48
49
  module Aws::SSOAdmin
49
50
 
50
- GEM_VERSION = '1.0.0'
51
+ GEM_VERSION = '1.5.0'
51
52
 
52
53
  end
@@ -339,6 +339,13 @@ module Aws::SSOAdmin
339
339
 
340
340
  # Attaches an IAM managed policy ARN to a permission set.
341
341
  #
342
+ # <note markdown="1"> If the permission set is already referenced by one or more account
343
+ # assignments, you will need to call ` ProvisionPermissionSet ` after
344
+ # this action to apply the corresponding IAM policy updates to all
345
+ # assigned accounts.
346
+ #
347
+ # </note>
348
+ #
342
349
  # @option params [required, String] :instance_arn
343
350
  # The ARN of the SSO instance under which the operation will be
344
351
  # executed. For more information about ARNs, see [Amazon Resource Names
@@ -380,6 +387,16 @@ module Aws::SSOAdmin
380
387
  #
381
388
  # </note>
382
389
  #
390
+ # <note markdown="1"> As part of a successful `CreateAccountAssignment` call, the specified
391
+ # permission set will automatically be provisioned to the account in the
392
+ # form of an IAM policy attached to the SSO-created IAM role. If the
393
+ # permission set is subsequently updated, the corresponding IAM policies
394
+ # attached to roles in your accounts will not be updated automatically.
395
+ # In this case, you will need to call ` ProvisionPermissionSet ` to make
396
+ # these updates.
397
+ #
398
+ # </note>
399
+ #
383
400
  # @option params [required, String] :instance_arn
384
401
  # The ARN of the SSO instance under which the operation will be
385
402
  # executed. For more information about ARNs, see [Amazon Resource Names
@@ -388,7 +405,8 @@ module Aws::SSOAdmin
388
405
  # *AWS General Reference*.
389
406
  #
390
407
  # @option params [required, String] :target_id
391
- # The identifier for the chosen target.
408
+ # TargetID is an AWS account identifier, typically a 10-12 digit string
409
+ # (For example, 123456789012).
392
410
  #
393
411
  # @option params [required, String] :target_type
394
412
  # The entity type for which the assignment will be created.
@@ -401,7 +419,11 @@ module Aws::SSOAdmin
401
419
  # The entity type for which the assignment will be created.
402
420
  #
403
421
  # @option params [required, String] :principal_id
404
- # The identifier of the principal.
422
+ # An identifier for an object in AWS SSO, such as a user or group.
423
+ # PrincipalIds are GUIDs (For example,
424
+ # f81d4fae-7dec-11d0-a765-00a0c91e6bf6). For more information about
425
+ # PrincipalIds in AWS SSO, see the [AWS SSO Identity Store API
426
+ # Reference](/singlesignon/latest/IdentityStoreAPIReference/welcome.html).
405
427
  #
406
428
  # @return [Types::CreateAccountAssignmentResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
407
429
  #
@@ -439,8 +461,60 @@ module Aws::SSOAdmin
439
461
  req.send_request(options)
440
462
  end
441
463
 
464
+ # Enables the attributes-based access control (ABAC) feature for the
465
+ # specified AWS SSO instance. You can also specify new attributes to add
466
+ # to your ABAC configuration during the enabling process. For more
467
+ # information about ABAC, see [Attribute-Based Access
468
+ # Control](/singlesignon/latest/userguide/abac.html) in the *AWS SSO
469
+ # User Guide*.
470
+ #
471
+ # @option params [required, String] :instance_arn
472
+ # The ARN of the SSO instance under which the operation will be
473
+ # executed.
474
+ #
475
+ # @option params [required, Types::InstanceAccessControlAttributeConfiguration] :instance_access_control_attribute_configuration
476
+ # Specifies the AWS SSO identity store attributes to add to your ABAC
477
+ # configuration. When using an external identity provider as an identity
478
+ # source, you can pass attributes through the SAML assertion as an
479
+ # alternative to configuring attributes from the AWS SSO identity store.
480
+ # If a SAML assertion passes any of these attributes, AWS SSO will
481
+ # replace the attribute value with the value from the AWS SSO identity
482
+ # store.
483
+ #
484
+ # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
485
+ #
486
+ # @example Request syntax with placeholder values
487
+ #
488
+ # resp = client.create_instance_access_control_attribute_configuration({
489
+ # instance_arn: "InstanceArn", # required
490
+ # instance_access_control_attribute_configuration: { # required
491
+ # access_control_attributes: [ # required
492
+ # {
493
+ # key: "AccessControlAttributeKey", # required
494
+ # value: { # required
495
+ # source: ["AccessControlAttributeValueSource"], # required
496
+ # },
497
+ # },
498
+ # ],
499
+ # },
500
+ # })
501
+ #
502
+ # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/CreateInstanceAccessControlAttributeConfiguration AWS API Documentation
503
+ #
504
+ # @overload create_instance_access_control_attribute_configuration(params = {})
505
+ # @param [Hash] params ({})
506
+ def create_instance_access_control_attribute_configuration(params = {}, options = {})
507
+ req = build_request(:create_instance_access_control_attribute_configuration, params)
508
+ req.send_request(options)
509
+ end
510
+
442
511
  # Creates a permission set within a specified SSO instance.
443
512
  #
513
+ # <note markdown="1"> To grant users and groups access to AWS account resources, use `
514
+ # CreateAccountAssignment `.
515
+ #
516
+ # </note>
517
+ #
444
518
  # @option params [required, String] :name
445
519
  # The name of the PermissionSet.
446
520
  #
@@ -514,7 +588,8 @@ module Aws::SSOAdmin
514
588
  # *AWS General Reference*.
515
589
  #
516
590
  # @option params [required, String] :target_id
517
- # The identifier for the chosen target.
591
+ # TargetID is an AWS account identifier, typically a 10-12 digit string
592
+ # (For example, 123456789012).
518
593
  #
519
594
  # @option params [required, String] :target_type
520
595
  # The entity type for which the assignment will be deleted.
@@ -526,7 +601,11 @@ module Aws::SSOAdmin
526
601
  # The entity type for which the assignment will be deleted.
527
602
  #
528
603
  # @option params [required, String] :principal_id
529
- # The identifier of the principal.
604
+ # An identifier for an object in AWS SSO, such as a user or group.
605
+ # PrincipalIds are GUIDs (For example,
606
+ # f81d4fae-7dec-11d0-a765-00a0c91e6bf6). For more information about
607
+ # PrincipalIds in AWS SSO, see the [AWS SSO Identity Store API
608
+ # Reference](/singlesignon/latest/IdentityStoreAPIReference/welcome.html).
530
609
  #
531
610
  # @return [Types::DeleteAccountAssignmentResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
532
611
  #
@@ -594,6 +673,36 @@ module Aws::SSOAdmin
594
673
  req.send_request(options)
595
674
  end
596
675
 
676
+ # Disables the attributes-based access control (ABAC) feature for the
677
+ # specified AWS SSO instance and deletes all of the attribute mappings
678
+ # that have been configured. Once deleted, any attributes that are
679
+ # received from an identity source and any custom attributes you have
680
+ # previously configured will not be passed. For more information about
681
+ # ABAC, see [Attribute-Based Access
682
+ # Control](/singlesignon/latest/userguide/abac.html) in the *AWS SSO
683
+ # User Guide*.
684
+ #
685
+ # @option params [required, String] :instance_arn
686
+ # The ARN of the SSO instance under which the operation will be
687
+ # executed.
688
+ #
689
+ # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
690
+ #
691
+ # @example Request syntax with placeholder values
692
+ #
693
+ # resp = client.delete_instance_access_control_attribute_configuration({
694
+ # instance_arn: "InstanceArn", # required
695
+ # })
696
+ #
697
+ # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/DeleteInstanceAccessControlAttributeConfiguration AWS API Documentation
698
+ #
699
+ # @overload delete_instance_access_control_attribute_configuration(params = {})
700
+ # @param [Hash] params ({})
701
+ def delete_instance_access_control_attribute_configuration(params = {}, options = {})
702
+ req = build_request(:delete_instance_access_control_attribute_configuration, params)
703
+ req.send_request(options)
704
+ end
705
+
597
706
  # Deletes the specified permission set.
598
707
  #
599
708
  # @option params [required, String] :instance_arn
@@ -712,6 +821,48 @@ module Aws::SSOAdmin
712
821
  req.send_request(options)
713
822
  end
714
823
 
824
+ # Returns the list of AWS SSO identity store attributes that have been
825
+ # configured to work with attributes-based access control (ABAC) for the
826
+ # specified AWS SSO instance. This will not return attributes configured
827
+ # and sent by an external identity provider. For more information about
828
+ # ABAC, see [Attribute-Based Access
829
+ # Control](/singlesignon/latest/userguide/abac.html) in the *AWS SSO
830
+ # User Guide*.
831
+ #
832
+ # @option params [required, String] :instance_arn
833
+ # The ARN of the SSO instance under which the operation will be
834
+ # executed.
835
+ #
836
+ # @return [Types::DescribeInstanceAccessControlAttributeConfigurationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
837
+ #
838
+ # * {Types::DescribeInstanceAccessControlAttributeConfigurationResponse#status #status} => String
839
+ # * {Types::DescribeInstanceAccessControlAttributeConfigurationResponse#status_reason #status_reason} => String
840
+ # * {Types::DescribeInstanceAccessControlAttributeConfigurationResponse#instance_access_control_attribute_configuration #instance_access_control_attribute_configuration} => Types::InstanceAccessControlAttributeConfiguration
841
+ #
842
+ # @example Request syntax with placeholder values
843
+ #
844
+ # resp = client.describe_instance_access_control_attribute_configuration({
845
+ # instance_arn: "InstanceArn", # required
846
+ # })
847
+ #
848
+ # @example Response structure
849
+ #
850
+ # resp.status #=> String, one of "ENABLED", "CREATION_IN_PROGRESS", "CREATION_FAILED"
851
+ # resp.status_reason #=> String
852
+ # resp.instance_access_control_attribute_configuration.access_control_attributes #=> Array
853
+ # resp.instance_access_control_attribute_configuration.access_control_attributes[0].key #=> String
854
+ # resp.instance_access_control_attribute_configuration.access_control_attributes[0].value.source #=> Array
855
+ # resp.instance_access_control_attribute_configuration.access_control_attributes[0].value.source[0] #=> String
856
+ #
857
+ # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/DescribeInstanceAccessControlAttributeConfiguration AWS API Documentation
858
+ #
859
+ # @overload describe_instance_access_control_attribute_configuration(params = {})
860
+ # @param [Hash] params ({})
861
+ def describe_instance_access_control_attribute_configuration(params = {}, options = {})
862
+ req = build_request(:describe_instance_access_control_attribute_configuration, params)
863
+ req.send_request(options)
864
+ end
865
+
715
866
  # Gets the details of the permission set.
716
867
  #
717
868
  # @option params [required, String] :instance_arn
@@ -1399,7 +1550,8 @@ module Aws::SSOAdmin
1399
1550
  # The ARN of the permission set.
1400
1551
  #
1401
1552
  # @option params [String] :target_id
1402
- # The identifier for the chosen target.
1553
+ # TargetID is an AWS account identifier, typically a 10-12 digit string
1554
+ # (For example, 123456789012).
1403
1555
  #
1404
1556
  # @option params [required, String] :target_type
1405
1557
  # The entity type for which the assignment will be created.
@@ -1437,6 +1589,13 @@ module Aws::SSOAdmin
1437
1589
 
1438
1590
  # Attaches an IAM inline policy to a permission set.
1439
1591
  #
1592
+ # <note markdown="1"> If the permission set is already referenced by one or more account
1593
+ # assignments, you will need to call ` ProvisionPermissionSet ` after
1594
+ # this action to apply the corresponding IAM policy updates to all
1595
+ # assigned accounts.
1596
+ #
1597
+ # </note>
1598
+ #
1440
1599
  # @option params [required, String] :instance_arn
1441
1600
  # The ARN of the SSO instance under which the operation will be
1442
1601
  # executed. For more information about ARNs, see [Amazon Resource Names
@@ -1542,6 +1701,51 @@ module Aws::SSOAdmin
1542
1701
  req.send_request(options)
1543
1702
  end
1544
1703
 
1704
+ # Updates the AWS SSO identity store attributes to use with the AWS SSO
1705
+ # instance for attributes-based access control (ABAC). When using an
1706
+ # external identity provider as an identity source, you can pass
1707
+ # attributes through the SAML assertion as an alternative to configuring
1708
+ # attributes from the AWS SSO identity store. If a SAML assertion passes
1709
+ # any of these attributes, AWS SSO will replace the attribute value with
1710
+ # the value from the AWS SSO identity store. For more information about
1711
+ # ABAC, see [Attribute-Based Access
1712
+ # Control](/singlesignon/latest/userguide/abac.html) in the *AWS SSO
1713
+ # User Guide*.
1714
+ #
1715
+ # @option params [required, String] :instance_arn
1716
+ # The ARN of the SSO instance under which the operation will be
1717
+ # executed.
1718
+ #
1719
+ # @option params [required, Types::InstanceAccessControlAttributeConfiguration] :instance_access_control_attribute_configuration
1720
+ # Updates the attributes for your ABAC configuration.
1721
+ #
1722
+ # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
1723
+ #
1724
+ # @example Request syntax with placeholder values
1725
+ #
1726
+ # resp = client.update_instance_access_control_attribute_configuration({
1727
+ # instance_arn: "InstanceArn", # required
1728
+ # instance_access_control_attribute_configuration: { # required
1729
+ # access_control_attributes: [ # required
1730
+ # {
1731
+ # key: "AccessControlAttributeKey", # required
1732
+ # value: { # required
1733
+ # source: ["AccessControlAttributeValueSource"], # required
1734
+ # },
1735
+ # },
1736
+ # ],
1737
+ # },
1738
+ # })
1739
+ #
1740
+ # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/UpdateInstanceAccessControlAttributeConfiguration AWS API Documentation
1741
+ #
1742
+ # @overload update_instance_access_control_attribute_configuration(params = {})
1743
+ # @param [Hash] params ({})
1744
+ def update_instance_access_control_attribute_configuration(params = {}, options = {})
1745
+ req = build_request(:update_instance_access_control_attribute_configuration, params)
1746
+ req.send_request(options)
1747
+ end
1748
+
1545
1749
  # Updates an existing permission set.
1546
1750
  #
1547
1751
  # @option params [required, String] :instance_arn
@@ -1599,7 +1803,7 @@ module Aws::SSOAdmin
1599
1803
  params: params,
1600
1804
  config: config)
1601
1805
  context[:gem_name] = 'aws-sdk-ssoadmin'
1602
- context[:gem_version] = '1.0.0'
1806
+ context[:gem_version] = '1.5.0'
1603
1807
  Seahorse::Client::Request.new(handlers, context)
1604
1808
  end
1605
1809
 
@@ -13,6 +13,12 @@ module Aws::SSOAdmin
13
13
 
14
14
  include Seahorse::Model
15
15
 
16
+ AccessControlAttribute = Shapes::StructureShape.new(name: 'AccessControlAttribute')
17
+ AccessControlAttributeKey = Shapes::StringShape.new(name: 'AccessControlAttributeKey')
18
+ AccessControlAttributeList = Shapes::ListShape.new(name: 'AccessControlAttributeList')
19
+ AccessControlAttributeValue = Shapes::StructureShape.new(name: 'AccessControlAttributeValue')
20
+ AccessControlAttributeValueSource = Shapes::StringShape.new(name: 'AccessControlAttributeValueSource')
21
+ AccessControlAttributeValueSourceList = Shapes::ListShape.new(name: 'AccessControlAttributeValueSourceList')
16
22
  AccessDeniedException = Shapes::StructureShape.new(name: 'AccessDeniedException')
17
23
  AccessDeniedExceptionMessage = Shapes::StringShape.new(name: 'AccessDeniedExceptionMessage')
18
24
  AccountAssignment = Shapes::StructureShape.new(name: 'AccountAssignment')
@@ -30,6 +36,8 @@ module Aws::SSOAdmin
30
36
  ConflictExceptionMessage = Shapes::StringShape.new(name: 'ConflictExceptionMessage')
31
37
  CreateAccountAssignmentRequest = Shapes::StructureShape.new(name: 'CreateAccountAssignmentRequest')
32
38
  CreateAccountAssignmentResponse = Shapes::StructureShape.new(name: 'CreateAccountAssignmentResponse')
39
+ CreateInstanceAccessControlAttributeConfigurationRequest = Shapes::StructureShape.new(name: 'CreateInstanceAccessControlAttributeConfigurationRequest')
40
+ CreateInstanceAccessControlAttributeConfigurationResponse = Shapes::StructureShape.new(name: 'CreateInstanceAccessControlAttributeConfigurationResponse')
33
41
  CreatePermissionSetRequest = Shapes::StructureShape.new(name: 'CreatePermissionSetRequest')
34
42
  CreatePermissionSetResponse = Shapes::StructureShape.new(name: 'CreatePermissionSetResponse')
35
43
  Date = Shapes::TimestampShape.new(name: 'Date')
@@ -37,12 +45,16 @@ module Aws::SSOAdmin
37
45
  DeleteAccountAssignmentResponse = Shapes::StructureShape.new(name: 'DeleteAccountAssignmentResponse')
38
46
  DeleteInlinePolicyFromPermissionSetRequest = Shapes::StructureShape.new(name: 'DeleteInlinePolicyFromPermissionSetRequest')
39
47
  DeleteInlinePolicyFromPermissionSetResponse = Shapes::StructureShape.new(name: 'DeleteInlinePolicyFromPermissionSetResponse')
48
+ DeleteInstanceAccessControlAttributeConfigurationRequest = Shapes::StructureShape.new(name: 'DeleteInstanceAccessControlAttributeConfigurationRequest')
49
+ DeleteInstanceAccessControlAttributeConfigurationResponse = Shapes::StructureShape.new(name: 'DeleteInstanceAccessControlAttributeConfigurationResponse')
40
50
  DeletePermissionSetRequest = Shapes::StructureShape.new(name: 'DeletePermissionSetRequest')
41
51
  DeletePermissionSetResponse = Shapes::StructureShape.new(name: 'DeletePermissionSetResponse')
42
52
  DescribeAccountAssignmentCreationStatusRequest = Shapes::StructureShape.new(name: 'DescribeAccountAssignmentCreationStatusRequest')
43
53
  DescribeAccountAssignmentCreationStatusResponse = Shapes::StructureShape.new(name: 'DescribeAccountAssignmentCreationStatusResponse')
44
54
  DescribeAccountAssignmentDeletionStatusRequest = Shapes::StructureShape.new(name: 'DescribeAccountAssignmentDeletionStatusRequest')
45
55
  DescribeAccountAssignmentDeletionStatusResponse = Shapes::StructureShape.new(name: 'DescribeAccountAssignmentDeletionStatusResponse')
56
+ DescribeInstanceAccessControlAttributeConfigurationRequest = Shapes::StructureShape.new(name: 'DescribeInstanceAccessControlAttributeConfigurationRequest')
57
+ DescribeInstanceAccessControlAttributeConfigurationResponse = Shapes::StructureShape.new(name: 'DescribeInstanceAccessControlAttributeConfigurationResponse')
46
58
  DescribePermissionSetProvisioningStatusRequest = Shapes::StructureShape.new(name: 'DescribePermissionSetProvisioningStatusRequest')
47
59
  DescribePermissionSetProvisioningStatusResponse = Shapes::StructureShape.new(name: 'DescribePermissionSetProvisioningStatusResponse')
48
60
  DescribePermissionSetRequest = Shapes::StructureShape.new(name: 'DescribePermissionSetRequest')
@@ -54,6 +66,9 @@ module Aws::SSOAdmin
54
66
  GetInlinePolicyForPermissionSetRequest = Shapes::StructureShape.new(name: 'GetInlinePolicyForPermissionSetRequest')
55
67
  GetInlinePolicyForPermissionSetResponse = Shapes::StructureShape.new(name: 'GetInlinePolicyForPermissionSetResponse')
56
68
  Id = Shapes::StringShape.new(name: 'Id')
69
+ InstanceAccessControlAttributeConfiguration = Shapes::StructureShape.new(name: 'InstanceAccessControlAttributeConfiguration')
70
+ InstanceAccessControlAttributeConfigurationStatus = Shapes::StringShape.new(name: 'InstanceAccessControlAttributeConfigurationStatus')
71
+ InstanceAccessControlAttributeConfigurationStatusReason = Shapes::StringShape.new(name: 'InstanceAccessControlAttributeConfigurationStatusReason')
57
72
  InstanceArn = Shapes::StringShape.new(name: 'InstanceArn')
58
73
  InstanceList = Shapes::ListShape.new(name: 'InstanceList')
59
74
  InstanceMetadata = Shapes::StructureShape.new(name: 'InstanceMetadata')
@@ -122,11 +137,24 @@ module Aws::SSOAdmin
122
137
  UUId = Shapes::StringShape.new(name: 'UUId')
123
138
  UntagResourceRequest = Shapes::StructureShape.new(name: 'UntagResourceRequest')
124
139
  UntagResourceResponse = Shapes::StructureShape.new(name: 'UntagResourceResponse')
140
+ UpdateInstanceAccessControlAttributeConfigurationRequest = Shapes::StructureShape.new(name: 'UpdateInstanceAccessControlAttributeConfigurationRequest')
141
+ UpdateInstanceAccessControlAttributeConfigurationResponse = Shapes::StructureShape.new(name: 'UpdateInstanceAccessControlAttributeConfigurationResponse')
125
142
  UpdatePermissionSetRequest = Shapes::StructureShape.new(name: 'UpdatePermissionSetRequest')
126
143
  UpdatePermissionSetResponse = Shapes::StructureShape.new(name: 'UpdatePermissionSetResponse')
127
144
  ValidationException = Shapes::StructureShape.new(name: 'ValidationException')
128
145
  ValidationExceptionMessage = Shapes::StringShape.new(name: 'ValidationExceptionMessage')
129
146
 
147
+ AccessControlAttribute.add_member(:key, Shapes::ShapeRef.new(shape: AccessControlAttributeKey, required: true, location_name: "Key"))
148
+ AccessControlAttribute.add_member(:value, Shapes::ShapeRef.new(shape: AccessControlAttributeValue, required: true, location_name: "Value"))
149
+ AccessControlAttribute.struct_class = Types::AccessControlAttribute
150
+
151
+ AccessControlAttributeList.member = Shapes::ShapeRef.new(shape: AccessControlAttribute)
152
+
153
+ AccessControlAttributeValue.add_member(:source, Shapes::ShapeRef.new(shape: AccessControlAttributeValueSourceList, required: true, location_name: "Source"))
154
+ AccessControlAttributeValue.struct_class = Types::AccessControlAttributeValue
155
+
156
+ AccessControlAttributeValueSourceList.member = Shapes::ShapeRef.new(shape: AccessControlAttributeValueSource)
157
+
130
158
  AccessDeniedException.add_member(:message, Shapes::ShapeRef.new(shape: AccessDeniedExceptionMessage, location_name: "Message"))
131
159
  AccessDeniedException.struct_class = Types::AccessDeniedException
132
160
 
@@ -185,6 +213,12 @@ module Aws::SSOAdmin
185
213
  CreateAccountAssignmentResponse.add_member(:account_assignment_creation_status, Shapes::ShapeRef.new(shape: AccountAssignmentOperationStatus, location_name: "AccountAssignmentCreationStatus"))
186
214
  CreateAccountAssignmentResponse.struct_class = Types::CreateAccountAssignmentResponse
187
215
 
216
+ CreateInstanceAccessControlAttributeConfigurationRequest.add_member(:instance_arn, Shapes::ShapeRef.new(shape: InstanceArn, required: true, location_name: "InstanceArn"))
217
+ CreateInstanceAccessControlAttributeConfigurationRequest.add_member(:instance_access_control_attribute_configuration, Shapes::ShapeRef.new(shape: InstanceAccessControlAttributeConfiguration, required: true, location_name: "InstanceAccessControlAttributeConfiguration"))
218
+ CreateInstanceAccessControlAttributeConfigurationRequest.struct_class = Types::CreateInstanceAccessControlAttributeConfigurationRequest
219
+
220
+ CreateInstanceAccessControlAttributeConfigurationResponse.struct_class = Types::CreateInstanceAccessControlAttributeConfigurationResponse
221
+
188
222
  CreatePermissionSetRequest.add_member(:name, Shapes::ShapeRef.new(shape: PermissionSetName, required: true, location_name: "Name"))
189
223
  CreatePermissionSetRequest.add_member(:description, Shapes::ShapeRef.new(shape: PermissionSetDescription, location_name: "Description"))
190
224
  CreatePermissionSetRequest.add_member(:instance_arn, Shapes::ShapeRef.new(shape: InstanceArn, required: true, location_name: "InstanceArn"))
@@ -213,6 +247,11 @@ module Aws::SSOAdmin
213
247
 
214
248
  DeleteInlinePolicyFromPermissionSetResponse.struct_class = Types::DeleteInlinePolicyFromPermissionSetResponse
215
249
 
250
+ DeleteInstanceAccessControlAttributeConfigurationRequest.add_member(:instance_arn, Shapes::ShapeRef.new(shape: InstanceArn, required: true, location_name: "InstanceArn"))
251
+ DeleteInstanceAccessControlAttributeConfigurationRequest.struct_class = Types::DeleteInstanceAccessControlAttributeConfigurationRequest
252
+
253
+ DeleteInstanceAccessControlAttributeConfigurationResponse.struct_class = Types::DeleteInstanceAccessControlAttributeConfigurationResponse
254
+
216
255
  DeletePermissionSetRequest.add_member(:instance_arn, Shapes::ShapeRef.new(shape: InstanceArn, required: true, location_name: "InstanceArn"))
217
256
  DeletePermissionSetRequest.add_member(:permission_set_arn, Shapes::ShapeRef.new(shape: PermissionSetArn, required: true, location_name: "PermissionSetArn"))
218
257
  DeletePermissionSetRequest.struct_class = Types::DeletePermissionSetRequest
@@ -233,6 +272,14 @@ module Aws::SSOAdmin
233
272
  DescribeAccountAssignmentDeletionStatusResponse.add_member(:account_assignment_deletion_status, Shapes::ShapeRef.new(shape: AccountAssignmentOperationStatus, location_name: "AccountAssignmentDeletionStatus"))
234
273
  DescribeAccountAssignmentDeletionStatusResponse.struct_class = Types::DescribeAccountAssignmentDeletionStatusResponse
235
274
 
275
+ DescribeInstanceAccessControlAttributeConfigurationRequest.add_member(:instance_arn, Shapes::ShapeRef.new(shape: InstanceArn, required: true, location_name: "InstanceArn"))
276
+ DescribeInstanceAccessControlAttributeConfigurationRequest.struct_class = Types::DescribeInstanceAccessControlAttributeConfigurationRequest
277
+
278
+ DescribeInstanceAccessControlAttributeConfigurationResponse.add_member(:status, Shapes::ShapeRef.new(shape: InstanceAccessControlAttributeConfigurationStatus, location_name: "Status"))
279
+ DescribeInstanceAccessControlAttributeConfigurationResponse.add_member(:status_reason, Shapes::ShapeRef.new(shape: InstanceAccessControlAttributeConfigurationStatusReason, location_name: "StatusReason"))
280
+ DescribeInstanceAccessControlAttributeConfigurationResponse.add_member(:instance_access_control_attribute_configuration, Shapes::ShapeRef.new(shape: InstanceAccessControlAttributeConfiguration, location_name: "InstanceAccessControlAttributeConfiguration"))
281
+ DescribeInstanceAccessControlAttributeConfigurationResponse.struct_class = Types::DescribeInstanceAccessControlAttributeConfigurationResponse
282
+
236
283
  DescribePermissionSetProvisioningStatusRequest.add_member(:instance_arn, Shapes::ShapeRef.new(shape: InstanceArn, required: true, location_name: "InstanceArn"))
237
284
  DescribePermissionSetProvisioningStatusRequest.add_member(:provision_permission_set_request_id, Shapes::ShapeRef.new(shape: UUId, required: true, location_name: "ProvisionPermissionSetRequestId"))
238
285
  DescribePermissionSetProvisioningStatusRequest.struct_class = Types::DescribePermissionSetProvisioningStatusRequest
@@ -261,6 +308,9 @@ module Aws::SSOAdmin
261
308
  GetInlinePolicyForPermissionSetResponse.add_member(:inline_policy, Shapes::ShapeRef.new(shape: PermissionSetPolicyDocument, location_name: "InlinePolicy"))
262
309
  GetInlinePolicyForPermissionSetResponse.struct_class = Types::GetInlinePolicyForPermissionSetResponse
263
310
 
311
+ InstanceAccessControlAttributeConfiguration.add_member(:access_control_attributes, Shapes::ShapeRef.new(shape: AccessControlAttributeList, required: true, location_name: "AccessControlAttributes"))
312
+ InstanceAccessControlAttributeConfiguration.struct_class = Types::InstanceAccessControlAttributeConfiguration
313
+
264
314
  InstanceList.member = Shapes::ShapeRef.new(shape: InstanceMetadata)
265
315
 
266
316
  InstanceMetadata.add_member(:instance_arn, Shapes::ShapeRef.new(shape: InstanceArn, location_name: "InstanceArn"))
@@ -444,6 +494,12 @@ module Aws::SSOAdmin
444
494
 
445
495
  UntagResourceResponse.struct_class = Types::UntagResourceResponse
446
496
 
497
+ UpdateInstanceAccessControlAttributeConfigurationRequest.add_member(:instance_arn, Shapes::ShapeRef.new(shape: InstanceArn, required: true, location_name: "InstanceArn"))
498
+ UpdateInstanceAccessControlAttributeConfigurationRequest.add_member(:instance_access_control_attribute_configuration, Shapes::ShapeRef.new(shape: InstanceAccessControlAttributeConfiguration, required: true, location_name: "InstanceAccessControlAttributeConfiguration"))
499
+ UpdateInstanceAccessControlAttributeConfigurationRequest.struct_class = Types::UpdateInstanceAccessControlAttributeConfigurationRequest
500
+
501
+ UpdateInstanceAccessControlAttributeConfigurationResponse.struct_class = Types::UpdateInstanceAccessControlAttributeConfigurationResponse
502
+
447
503
  UpdatePermissionSetRequest.add_member(:instance_arn, Shapes::ShapeRef.new(shape: InstanceArn, required: true, location_name: "InstanceArn"))
448
504
  UpdatePermissionSetRequest.add_member(:permission_set_arn, Shapes::ShapeRef.new(shape: PermissionSetArn, required: true, location_name: "PermissionSetArn"))
449
505
  UpdatePermissionSetRequest.add_member(:description, Shapes::ShapeRef.new(shape: PermissionSetDescription, location_name: "Description"))
@@ -506,6 +562,20 @@ module Aws::SSOAdmin
506
562
  o.errors << Shapes::ShapeRef.new(shape: ConflictException)
507
563
  end)
508
564
 
565
+ api.add_operation(:create_instance_access_control_attribute_configuration, Seahorse::Model::Operation.new.tap do |o|
566
+ o.name = "CreateInstanceAccessControlAttributeConfiguration"
567
+ o.http_method = "POST"
568
+ o.http_request_uri = "/"
569
+ o.input = Shapes::ShapeRef.new(shape: CreateInstanceAccessControlAttributeConfigurationRequest)
570
+ o.output = Shapes::ShapeRef.new(shape: CreateInstanceAccessControlAttributeConfigurationResponse)
571
+ o.errors << Shapes::ShapeRef.new(shape: InternalServerException)
572
+ o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
573
+ o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
574
+ o.errors << Shapes::ShapeRef.new(shape: ValidationException)
575
+ o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
576
+ o.errors << Shapes::ShapeRef.new(shape: ConflictException)
577
+ end)
578
+
509
579
  api.add_operation(:create_permission_set, Seahorse::Model::Operation.new.tap do |o|
510
580
  o.name = "CreatePermissionSet"
511
581
  o.http_method = "POST"
@@ -549,6 +619,20 @@ module Aws::SSOAdmin
549
619
  o.errors << Shapes::ShapeRef.new(shape: ConflictException)
550
620
  end)
551
621
 
622
+ api.add_operation(:delete_instance_access_control_attribute_configuration, Seahorse::Model::Operation.new.tap do |o|
623
+ o.name = "DeleteInstanceAccessControlAttributeConfiguration"
624
+ o.http_method = "POST"
625
+ o.http_request_uri = "/"
626
+ o.input = Shapes::ShapeRef.new(shape: DeleteInstanceAccessControlAttributeConfigurationRequest)
627
+ o.output = Shapes::ShapeRef.new(shape: DeleteInstanceAccessControlAttributeConfigurationResponse)
628
+ o.errors << Shapes::ShapeRef.new(shape: InternalServerException)
629
+ o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
630
+ o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
631
+ o.errors << Shapes::ShapeRef.new(shape: ValidationException)
632
+ o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
633
+ o.errors << Shapes::ShapeRef.new(shape: ConflictException)
634
+ end)
635
+
552
636
  api.add_operation(:delete_permission_set, Seahorse::Model::Operation.new.tap do |o|
553
637
  o.name = "DeletePermissionSet"
554
638
  o.http_method = "POST"
@@ -589,6 +673,19 @@ module Aws::SSOAdmin
589
673
  o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
590
674
  end)
591
675
 
676
+ api.add_operation(:describe_instance_access_control_attribute_configuration, Seahorse::Model::Operation.new.tap do |o|
677
+ o.name = "DescribeInstanceAccessControlAttributeConfiguration"
678
+ o.http_method = "POST"
679
+ o.http_request_uri = "/"
680
+ o.input = Shapes::ShapeRef.new(shape: DescribeInstanceAccessControlAttributeConfigurationRequest)
681
+ o.output = Shapes::ShapeRef.new(shape: DescribeInstanceAccessControlAttributeConfigurationResponse)
682
+ o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
683
+ o.errors << Shapes::ShapeRef.new(shape: InternalServerException)
684
+ o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
685
+ o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
686
+ o.errors << Shapes::ShapeRef.new(shape: ValidationException)
687
+ end)
688
+
592
689
  api.add_operation(:describe_permission_set, Seahorse::Model::Operation.new.tap do |o|
593
690
  o.name = "DescribePermissionSet"
594
691
  o.http_method = "POST"
@@ -888,6 +985,20 @@ module Aws::SSOAdmin
888
985
  o.errors << Shapes::ShapeRef.new(shape: ConflictException)
889
986
  end)
890
987
 
988
+ api.add_operation(:update_instance_access_control_attribute_configuration, Seahorse::Model::Operation.new.tap do |o|
989
+ o.name = "UpdateInstanceAccessControlAttributeConfiguration"
990
+ o.http_method = "POST"
991
+ o.http_request_uri = "/"
992
+ o.input = Shapes::ShapeRef.new(shape: UpdateInstanceAccessControlAttributeConfigurationRequest)
993
+ o.output = Shapes::ShapeRef.new(shape: UpdateInstanceAccessControlAttributeConfigurationResponse)
994
+ o.errors << Shapes::ShapeRef.new(shape: InternalServerException)
995
+ o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
996
+ o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
997
+ o.errors << Shapes::ShapeRef.new(shape: ValidationException)
998
+ o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
999
+ o.errors << Shapes::ShapeRef.new(shape: ConflictException)
1000
+ end)
1001
+
891
1002
  api.add_operation(:update_permission_set, Seahorse::Model::Operation.new.tap do |o|
892
1003
  o.name = "UpdatePermissionSet"
893
1004
  o.http_method = "POST"
@@ -10,6 +10,66 @@
10
10
  module Aws::SSOAdmin
11
11
  module Types
12
12
 
13
+ # These are AWS SSO identity store attributes that you can configure for
14
+ # use in attributes-based access control (ABAC). You can create
15
+ # permission policies that determine who can access your AWS resources
16
+ # based upon the configured attribute value(s). When you enable ABAC and
17
+ # specify AccessControlAttributes, AWS SSO passes the attribute(s) value
18
+ # of the authenticated user into IAM for use in policy evaluation.
19
+ #
20
+ # @note When making an API call, you may pass AccessControlAttribute
21
+ # data as a hash:
22
+ #
23
+ # {
24
+ # key: "AccessControlAttributeKey", # required
25
+ # value: { # required
26
+ # source: ["AccessControlAttributeValueSource"], # required
27
+ # },
28
+ # }
29
+ #
30
+ # @!attribute [rw] key
31
+ # The name of the attribute associated with your identities in your
32
+ # identity source. This is used to map a specified attribute in your
33
+ # identity source with an attribute in AWS SSO.
34
+ # @return [String]
35
+ #
36
+ # @!attribute [rw] value
37
+ # The value used for mapping a specified attribute to an identity
38
+ # source.
39
+ # @return [Types::AccessControlAttributeValue]
40
+ #
41
+ # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/AccessControlAttribute AWS API Documentation
42
+ #
43
+ class AccessControlAttribute < Struct.new(
44
+ :key,
45
+ :value)
46
+ SENSITIVE = []
47
+ include Aws::Structure
48
+ end
49
+
50
+ # The value used for mapping a specified attribute to an identity
51
+ # source.
52
+ #
53
+ # @note When making an API call, you may pass AccessControlAttributeValue
54
+ # data as a hash:
55
+ #
56
+ # {
57
+ # source: ["AccessControlAttributeValueSource"], # required
58
+ # }
59
+ #
60
+ # @!attribute [rw] source
61
+ # The identity source to use when mapping a specified attribute to AWS
62
+ # SSO.
63
+ # @return [Array<String>]
64
+ #
65
+ # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/AccessControlAttributeValue AWS API Documentation
66
+ #
67
+ class AccessControlAttributeValue < Struct.new(
68
+ :source)
69
+ SENSITIVE = []
70
+ include Aws::Structure
71
+ end
72
+
13
73
  # You do not have sufficient access to perform this action.
14
74
  #
15
75
  # @!attribute [rw] message
@@ -47,7 +107,11 @@ module Aws::SSOAdmin
47
107
  # @return [String]
48
108
  #
49
109
  # @!attribute [rw] principal_id
50
- # The identifier of the principal.
110
+ # An identifier for an object in AWS SSO, such as a user or group.
111
+ # PrincipalIds are GUIDs (For example,
112
+ # f81d4fae-7dec-11d0-a765-00a0c91e6bf6). For more information about
113
+ # PrincipalIds in AWS SSO, see the [AWS SSO Identity Store API
114
+ # Reference](/singlesignon/latest/IdentityStoreAPIReference/welcome.html).
51
115
  # @return [String]
52
116
  #
53
117
  # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/AccountAssignment AWS API Documentation
@@ -79,7 +143,8 @@ module Aws::SSOAdmin
79
143
  # @return [String]
80
144
  #
81
145
  # @!attribute [rw] target_id
82
- # The identifier for the chosen target.
146
+ # TargetID is an AWS account identifier, typically a 10-12 digit
147
+ # string (For example, 123456789012).
83
148
  # @return [String]
84
149
  #
85
150
  # @!attribute [rw] target_type
@@ -98,7 +163,11 @@ module Aws::SSOAdmin
98
163
  # @return [String]
99
164
  #
100
165
  # @!attribute [rw] principal_id
101
- # The identifier of the principal.
166
+ # An identifier for an object in AWS SSO, such as a user or group.
167
+ # PrincipalIds are GUIDs (For example,
168
+ # f81d4fae-7dec-11d0-a765-00a0c91e6bf6). For more information about
169
+ # PrincipalIds in AWS SSO, see the [AWS SSO Identity Store API
170
+ # Reference](/singlesignon/latest/IdentityStoreAPIReference/welcome.html).
102
171
  # @return [String]
103
172
  #
104
173
  # @!attribute [rw] created_date
@@ -246,7 +315,8 @@ module Aws::SSOAdmin
246
315
  # @return [String]
247
316
  #
248
317
  # @!attribute [rw] target_id
249
- # The identifier for the chosen target.
318
+ # TargetID is an AWS account identifier, typically a 10-12 digit
319
+ # string (For example, 123456789012).
250
320
  # @return [String]
251
321
  #
252
322
  # @!attribute [rw] target_type
@@ -263,7 +333,11 @@ module Aws::SSOAdmin
263
333
  # @return [String]
264
334
  #
265
335
  # @!attribute [rw] principal_id
266
- # The identifier of the principal.
336
+ # An identifier for an object in AWS SSO, such as a user or group.
337
+ # PrincipalIds are GUIDs (For example,
338
+ # f81d4fae-7dec-11d0-a765-00a0c91e6bf6). For more information about
339
+ # PrincipalIds in AWS SSO, see the [AWS SSO Identity Store API
340
+ # Reference](/singlesignon/latest/IdentityStoreAPIReference/welcome.html).
267
341
  # @return [String]
268
342
  #
269
343
  # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/CreateAccountAssignmentRequest AWS API Documentation
@@ -291,6 +365,51 @@ module Aws::SSOAdmin
291
365
  include Aws::Structure
292
366
  end
293
367
 
368
+ # @note When making an API call, you may pass CreateInstanceAccessControlAttributeConfigurationRequest
369
+ # data as a hash:
370
+ #
371
+ # {
372
+ # instance_arn: "InstanceArn", # required
373
+ # instance_access_control_attribute_configuration: { # required
374
+ # access_control_attributes: [ # required
375
+ # {
376
+ # key: "AccessControlAttributeKey", # required
377
+ # value: { # required
378
+ # source: ["AccessControlAttributeValueSource"], # required
379
+ # },
380
+ # },
381
+ # ],
382
+ # },
383
+ # }
384
+ #
385
+ # @!attribute [rw] instance_arn
386
+ # The ARN of the SSO instance under which the operation will be
387
+ # executed.
388
+ # @return [String]
389
+ #
390
+ # @!attribute [rw] instance_access_control_attribute_configuration
391
+ # Specifies the AWS SSO identity store attributes to add to your ABAC
392
+ # configuration. When using an external identity provider as an
393
+ # identity source, you can pass attributes through the SAML assertion
394
+ # as an alternative to configuring attributes from the AWS SSO
395
+ # identity store. If a SAML assertion passes any of these attributes,
396
+ # AWS SSO will replace the attribute value with the value from the AWS
397
+ # SSO identity store.
398
+ # @return [Types::InstanceAccessControlAttributeConfiguration]
399
+ #
400
+ # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/CreateInstanceAccessControlAttributeConfigurationRequest AWS API Documentation
401
+ #
402
+ class CreateInstanceAccessControlAttributeConfigurationRequest < Struct.new(
403
+ :instance_arn,
404
+ :instance_access_control_attribute_configuration)
405
+ SENSITIVE = []
406
+ include Aws::Structure
407
+ end
408
+
409
+ # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/CreateInstanceAccessControlAttributeConfigurationResponse AWS API Documentation
410
+ #
411
+ class CreateInstanceAccessControlAttributeConfigurationResponse < Aws::EmptyStructure; end
412
+
294
413
  # @note When making an API call, you may pass CreatePermissionSetRequest
295
414
  # data as a hash:
296
415
  #
@@ -384,7 +503,8 @@ module Aws::SSOAdmin
384
503
  # @return [String]
385
504
  #
386
505
  # @!attribute [rw] target_id
387
- # The identifier for the chosen target.
506
+ # TargetID is an AWS account identifier, typically a 10-12 digit
507
+ # string (For example, 123456789012).
388
508
  # @return [String]
389
509
  #
390
510
  # @!attribute [rw] target_type
@@ -400,7 +520,11 @@ module Aws::SSOAdmin
400
520
  # @return [String]
401
521
  #
402
522
  # @!attribute [rw] principal_id
403
- # The identifier of the principal.
523
+ # An identifier for an object in AWS SSO, such as a user or group.
524
+ # PrincipalIds are GUIDs (For example,
525
+ # f81d4fae-7dec-11d0-a765-00a0c91e6bf6). For more information about
526
+ # PrincipalIds in AWS SSO, see the [AWS SSO Identity Store API
527
+ # Reference](/singlesignon/latest/IdentityStoreAPIReference/welcome.html).
404
528
  # @return [String]
405
529
  #
406
530
  # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/DeleteAccountAssignmentRequest AWS API Documentation
@@ -461,6 +585,30 @@ module Aws::SSOAdmin
461
585
  #
462
586
  class DeleteInlinePolicyFromPermissionSetResponse < Aws::EmptyStructure; end
463
587
 
588
+ # @note When making an API call, you may pass DeleteInstanceAccessControlAttributeConfigurationRequest
589
+ # data as a hash:
590
+ #
591
+ # {
592
+ # instance_arn: "InstanceArn", # required
593
+ # }
594
+ #
595
+ # @!attribute [rw] instance_arn
596
+ # The ARN of the SSO instance under which the operation will be
597
+ # executed.
598
+ # @return [String]
599
+ #
600
+ # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/DeleteInstanceAccessControlAttributeConfigurationRequest AWS API Documentation
601
+ #
602
+ class DeleteInstanceAccessControlAttributeConfigurationRequest < Struct.new(
603
+ :instance_arn)
604
+ SENSITIVE = []
605
+ include Aws::Structure
606
+ end
607
+
608
+ # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/DeleteInstanceAccessControlAttributeConfigurationResponse AWS API Documentation
609
+ #
610
+ class DeleteInstanceAccessControlAttributeConfigurationResponse < Aws::EmptyStructure; end
611
+
464
612
  # @note When making an API call, you may pass DeletePermissionSetRequest
465
613
  # data as a hash:
466
614
  #
@@ -576,6 +724,50 @@ module Aws::SSOAdmin
576
724
  include Aws::Structure
577
725
  end
578
726
 
727
+ # @note When making an API call, you may pass DescribeInstanceAccessControlAttributeConfigurationRequest
728
+ # data as a hash:
729
+ #
730
+ # {
731
+ # instance_arn: "InstanceArn", # required
732
+ # }
733
+ #
734
+ # @!attribute [rw] instance_arn
735
+ # The ARN of the SSO instance under which the operation will be
736
+ # executed.
737
+ # @return [String]
738
+ #
739
+ # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/DescribeInstanceAccessControlAttributeConfigurationRequest AWS API Documentation
740
+ #
741
+ class DescribeInstanceAccessControlAttributeConfigurationRequest < Struct.new(
742
+ :instance_arn)
743
+ SENSITIVE = []
744
+ include Aws::Structure
745
+ end
746
+
747
+ # @!attribute [rw] status
748
+ # The status of the attribute configuration process.
749
+ # @return [String]
750
+ #
751
+ # @!attribute [rw] status_reason
752
+ # Provides more details about the current status of the specified
753
+ # attribute.
754
+ # @return [String]
755
+ #
756
+ # @!attribute [rw] instance_access_control_attribute_configuration
757
+ # Gets the list of AWS SSO identity store attributes added to your
758
+ # ABAC configuration.
759
+ # @return [Types::InstanceAccessControlAttributeConfiguration]
760
+ #
761
+ # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/DescribeInstanceAccessControlAttributeConfigurationResponse AWS API Documentation
762
+ #
763
+ class DescribeInstanceAccessControlAttributeConfigurationResponse < Struct.new(
764
+ :status,
765
+ :status_reason,
766
+ :instance_access_control_attribute_configuration)
767
+ SENSITIVE = []
768
+ include Aws::Structure
769
+ end
770
+
579
771
  # @note When making an API call, you may pass DescribePermissionSetProvisioningStatusRequest
580
772
  # data as a hash:
581
773
  #
@@ -740,6 +932,36 @@ module Aws::SSOAdmin
740
932
  include Aws::Structure
741
933
  end
742
934
 
935
+ # Specifies the attributes to add to your attribute-based access control
936
+ # (ABAC) configuration.
937
+ #
938
+ # @note When making an API call, you may pass InstanceAccessControlAttributeConfiguration
939
+ # data as a hash:
940
+ #
941
+ # {
942
+ # access_control_attributes: [ # required
943
+ # {
944
+ # key: "AccessControlAttributeKey", # required
945
+ # value: { # required
946
+ # source: ["AccessControlAttributeValueSource"], # required
947
+ # },
948
+ # },
949
+ # ],
950
+ # }
951
+ #
952
+ # @!attribute [rw] access_control_attributes
953
+ # Lists the attributes that are configured for ABAC in the specified
954
+ # AWS SSO instance.
955
+ # @return [Array<Types::AccessControlAttribute>]
956
+ #
957
+ # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/InstanceAccessControlAttributeConfiguration AWS API Documentation
958
+ #
959
+ class InstanceAccessControlAttributeConfiguration < Struct.new(
960
+ :access_control_attributes)
961
+ SENSITIVE = []
962
+ include Aws::Structure
963
+ end
964
+
743
965
  # Provides information about the SSO instance.
744
966
  #
745
967
  # @!attribute [rw] instance_arn
@@ -1537,7 +1759,8 @@ module Aws::SSOAdmin
1537
1759
  # @return [String]
1538
1760
  #
1539
1761
  # @!attribute [rw] target_id
1540
- # The identifier for the chosen target.
1762
+ # TargetID is an AWS account identifier, typically a 10-12 digit
1763
+ # string (For example, 123456789012).
1541
1764
  # @return [String]
1542
1765
  #
1543
1766
  # @!attribute [rw] target_type
@@ -1759,6 +1982,45 @@ module Aws::SSOAdmin
1759
1982
  #
1760
1983
  class UntagResourceResponse < Aws::EmptyStructure; end
1761
1984
 
1985
+ # @note When making an API call, you may pass UpdateInstanceAccessControlAttributeConfigurationRequest
1986
+ # data as a hash:
1987
+ #
1988
+ # {
1989
+ # instance_arn: "InstanceArn", # required
1990
+ # instance_access_control_attribute_configuration: { # required
1991
+ # access_control_attributes: [ # required
1992
+ # {
1993
+ # key: "AccessControlAttributeKey", # required
1994
+ # value: { # required
1995
+ # source: ["AccessControlAttributeValueSource"], # required
1996
+ # },
1997
+ # },
1998
+ # ],
1999
+ # },
2000
+ # }
2001
+ #
2002
+ # @!attribute [rw] instance_arn
2003
+ # The ARN of the SSO instance under which the operation will be
2004
+ # executed.
2005
+ # @return [String]
2006
+ #
2007
+ # @!attribute [rw] instance_access_control_attribute_configuration
2008
+ # Updates the attributes for your ABAC configuration.
2009
+ # @return [Types::InstanceAccessControlAttributeConfiguration]
2010
+ #
2011
+ # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/UpdateInstanceAccessControlAttributeConfigurationRequest AWS API Documentation
2012
+ #
2013
+ class UpdateInstanceAccessControlAttributeConfigurationRequest < Struct.new(
2014
+ :instance_arn,
2015
+ :instance_access_control_attribute_configuration)
2016
+ SENSITIVE = []
2017
+ include Aws::Structure
2018
+ end
2019
+
2020
+ # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/UpdateInstanceAccessControlAttributeConfigurationResponse AWS API Documentation
2021
+ #
2022
+ class UpdateInstanceAccessControlAttributeConfigurationResponse < Aws::EmptyStructure; end
2023
+
1762
2024
  # @note When making an API call, you may pass UpdatePermissionSetRequest
1763
2025
  # data as a hash:
1764
2026
  #
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: aws-sdk-ssoadmin
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.0
4
+ version: 1.5.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Amazon Web Services
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-09-10 00:00:00.000000000 Z
11
+ date: 2021-02-02 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aws-sdk-core
@@ -19,7 +19,7 @@ dependencies:
19
19
  version: '3'
20
20
  - - ">="
21
21
  - !ruby/object:Gem::Version
22
- version: 3.99.0
22
+ version: 3.112.0
23
23
  type: :runtime
24
24
  prerelease: false
25
25
  version_requirements: !ruby/object:Gem::Requirement
@@ -29,7 +29,7 @@ dependencies:
29
29
  version: '3'
30
30
  - - ">="
31
31
  - !ruby/object:Gem::Version
32
- version: 3.99.0
32
+ version: 3.112.0
33
33
  - !ruby/object:Gem::Dependency
34
34
  name: aws-sigv4
35
35
  requirement: !ruby/object:Gem::Requirement