RubyGems - aws-sdk-ssoadmin - Versions diffs - 1.0.0 → 1.5.0 - Mend

aws-sdk-ssoadmin 1.0.0 → 1.5.0

Files changed (6) hide show

checksums.yaml +4 -4
data/lib/aws-sdk-ssoadmin.rb +2 -1
data/lib/aws-sdk-ssoadmin/client.rb +210 -6
data/lib/aws-sdk-ssoadmin/client_api.rb +111 -0
data/lib/aws-sdk-ssoadmin/types.rb +270 -8
metadata +4 -4

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 78d783a645187efcf7dce2479fc3fe2a1d351075628a297a7b3289d724d99b6e
-  data.tar.gz: 1b8c5e150cb4eeddd208a37b6e213207fd93429a8ddd040c566d0357178c20f1
+  metadata.gz: e07a29693cb8e03889e5dce716990d04b7ac038dad09bebcb8c902be40d36631
+  data.tar.gz: 8c567ab0105278b17b9ac847e6160d9c3d5d62fdbeb716eeacb0db4a091da315
 SHA512:
-  metadata.gz: 92985c1203c9f42d6dbac2b7b53dd58be3bbf45bd5182f49e1fa05bbb5406bcacacda821013a6f477a951d02177003953a2bcc4354a223019d2abea9d52cd5fa
-  data.tar.gz: 82841762be02e70d77f0fa2a977995c2fd918d9b3cc304430b560e2b5b5d5ea27ccd6dce9b3af5409273d9dae8bb4a0154c91c5caf4505910449bf3270f1a2fb
+  metadata.gz: 7fa248ad13c651f9b1aa6fe378462b39147fc539006fc918fa3b1b31dd666029bcebdc42ae19cdf3c4ba59b326b49b0597ca40758425b066cb66e99f5afeedb7
+  data.tar.gz: 632241cbb2d94cc4011b7311123dcf9b18c98ee380acd6dc3e5ecef42215f77b4a8da24895598a261a8cc390546576d1ce6264f2d1e8173a330a0b22a39a87ea

data/lib/aws-sdk-ssoadmin.rb CHANGED Viewed

@@ -7,6 +7,7 @@
 #
 # WARNING ABOUT GENERATED CODE
 require 'aws-sdk-core'
 require 'aws-sigv4'
@@ -47,6 +48,6 @@ require_relative 'aws-sdk-ssoadmin/customizations'
 # @!group service
 module Aws::SSOAdmin
-  GEM_VERSION = '1.0.0'
+  GEM_VERSION = '1.5.0'
 end

data/lib/aws-sdk-ssoadmin/client.rb CHANGED Viewed

@@ -339,6 +339,13 @@ module Aws::SSOAdmin
     # Attaches an IAM managed policy ARN to a permission set.
     #
+    # <note markdown="1"> If the permission set is already referenced by one or more account
+    # assignments, you will need to call ` ProvisionPermissionSet ` after
+    # this action to apply the corresponding IAM policy updates to all
+    # assigned accounts.
+    #
+    #  </note>
+    #
     # @option params [required, String] :instance_arn
     #   The ARN of the SSO instance under which the operation will be
     #   executed. For more information about ARNs, see [Amazon Resource Names
@@ -380,6 +387,16 @@ module Aws::SSOAdmin
     #
     #  </note>
     #
+    # <note markdown="1"> As part of a successful `CreateAccountAssignment` call, the specified
+    # permission set will automatically be provisioned to the account in the
+    # form of an IAM policy attached to the SSO-created IAM role. If the
+    # permission set is subsequently updated, the corresponding IAM policies
+    # attached to roles in your accounts will not be updated automatically.
+    # In this case, you will need to call ` ProvisionPermissionSet ` to make
+    # these updates.
+    #
+    #  </note>
+    #
     # @option params [required, String] :instance_arn
     #   The ARN of the SSO instance under which the operation will be
     #   executed. For more information about ARNs, see [Amazon Resource Names
@@ -388,7 +405,8 @@ module Aws::SSOAdmin
     #   *AWS General Reference*.
     #
     # @option params [required, String] :target_id
-    #   The identifier for the chosen target.
+    #   TargetID is an AWS account identifier, typically a 10-12 digit string
+    #   (For example, 123456789012).
     #
     # @option params [required, String] :target_type
     #   The entity type for which the assignment will be created.
@@ -401,7 +419,11 @@ module Aws::SSOAdmin
     #   The entity type for which the assignment will be created.
     #
     # @option params [required, String] :principal_id
-    #   The identifier of the principal.
+    #   An identifier for an object in AWS SSO, such as a user or group.
+    #   PrincipalIds are GUIDs (For example,
+    #   f81d4fae-7dec-11d0-a765-00a0c91e6bf6). For more information about
+    #   PrincipalIds in AWS SSO, see the [AWS SSO Identity Store API
+    #   Reference](/singlesignon/latest/IdentityStoreAPIReference/welcome.html).
     #
     # @return [Types::CreateAccountAssignmentResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -439,8 +461,60 @@ module Aws::SSOAdmin
       req.send_request(options)
     end
+    # Enables the attributes-based access control (ABAC) feature for the
+    # specified AWS SSO instance. You can also specify new attributes to add
+    # to your ABAC configuration during the enabling process. For more
+    # information about ABAC, see [Attribute-Based Access
+    # Control](/singlesignon/latest/userguide/abac.html) in the *AWS SSO
+    # User Guide*.
+    #
+    # @option params [required, String] :instance_arn
+    #   The ARN of the SSO instance under which the operation will be
+    #   executed.
+    #
+    # @option params [required, Types::InstanceAccessControlAttributeConfiguration] :instance_access_control_attribute_configuration
+    #   Specifies the AWS SSO identity store attributes to add to your ABAC
+    #   configuration. When using an external identity provider as an identity
+    #   source, you can pass attributes through the SAML assertion as an
+    #   alternative to configuring attributes from the AWS SSO identity store.
+    #   If a SAML assertion passes any of these attributes, AWS SSO will
+    #   replace the attribute value with the value from the AWS SSO identity
+    #   store.
+    #
+    # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.create_instance_access_control_attribute_configuration({
+    #     instance_arn: "InstanceArn", # required
+    #     instance_access_control_attribute_configuration: { # required
+    #       access_control_attributes: [ # required
+    #         {
+    #           key: "AccessControlAttributeKey", # required
+    #           value: { # required
+    #             source: ["AccessControlAttributeValueSource"], # required
+    #           },
+    #         },
+    #       ],
+    #     },
+    #   })
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/CreateInstanceAccessControlAttributeConfiguration AWS API Documentation
+    #
+    # @overload create_instance_access_control_attribute_configuration(params = {})
+    # @param [Hash] params ({})
+    def create_instance_access_control_attribute_configuration(params = {}, options = {})
+      req = build_request(:create_instance_access_control_attribute_configuration, params)
+      req.send_request(options)
+    end
     # Creates a permission set within a specified SSO instance.
     #
+    # <note markdown="1"> To grant users and groups access to AWS account resources, use `
+    # CreateAccountAssignment `.
+    #
+    #  </note>
+    #
     # @option params [required, String] :name
     #   The name of the PermissionSet.
     #
@@ -514,7 +588,8 @@ module Aws::SSOAdmin
     #   *AWS General Reference*.
     #
     # @option params [required, String] :target_id
-    #   The identifier for the chosen target.
+    #   TargetID is an AWS account identifier, typically a 10-12 digit string
+    #   (For example, 123456789012).
     #
     # @option params [required, String] :target_type
     #   The entity type for which the assignment will be deleted.
@@ -526,7 +601,11 @@ module Aws::SSOAdmin
     #   The entity type for which the assignment will be deleted.
     #
     # @option params [required, String] :principal_id
-    #   The identifier of the principal.
+    #   An identifier for an object in AWS SSO, such as a user or group.
+    #   PrincipalIds are GUIDs (For example,
+    #   f81d4fae-7dec-11d0-a765-00a0c91e6bf6). For more information about
+    #   PrincipalIds in AWS SSO, see the [AWS SSO Identity Store API
+    #   Reference](/singlesignon/latest/IdentityStoreAPIReference/welcome.html).
     #
     # @return [Types::DeleteAccountAssignmentResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -594,6 +673,36 @@ module Aws::SSOAdmin
       req.send_request(options)
     end
+    # Disables the attributes-based access control (ABAC) feature for the
+    # specified AWS SSO instance and deletes all of the attribute mappings
+    # that have been configured. Once deleted, any attributes that are
+    # received from an identity source and any custom attributes you have
+    # previously configured will not be passed. For more information about
+    # ABAC, see [Attribute-Based Access
+    # Control](/singlesignon/latest/userguide/abac.html) in the *AWS SSO
+    # User Guide*.
+    #
+    # @option params [required, String] :instance_arn
+    #   The ARN of the SSO instance under which the operation will be
+    #   executed.
+    #
+    # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.delete_instance_access_control_attribute_configuration({
+    #     instance_arn: "InstanceArn", # required
+    #   })
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/DeleteInstanceAccessControlAttributeConfiguration AWS API Documentation
+    #
+    # @overload delete_instance_access_control_attribute_configuration(params = {})
+    # @param [Hash] params ({})
+    def delete_instance_access_control_attribute_configuration(params = {}, options = {})
+      req = build_request(:delete_instance_access_control_attribute_configuration, params)
+      req.send_request(options)
+    end
     # Deletes the specified permission set.
     #
     # @option params [required, String] :instance_arn
@@ -712,6 +821,48 @@ module Aws::SSOAdmin
       req.send_request(options)
     end
+    # Returns the list of AWS SSO identity store attributes that have been
+    # configured to work with attributes-based access control (ABAC) for the
+    # specified AWS SSO instance. This will not return attributes configured
+    # and sent by an external identity provider. For more information about
+    # ABAC, see [Attribute-Based Access
+    # Control](/singlesignon/latest/userguide/abac.html) in the *AWS SSO
+    # User Guide*.
+    #
+    # @option params [required, String] :instance_arn
+    #   The ARN of the SSO instance under which the operation will be
+    #   executed.
+    #
+    # @return [Types::DescribeInstanceAccessControlAttributeConfigurationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::DescribeInstanceAccessControlAttributeConfigurationResponse#status #status} => String
+    #   * {Types::DescribeInstanceAccessControlAttributeConfigurationResponse#status_reason #status_reason} => String
+    #   * {Types::DescribeInstanceAccessControlAttributeConfigurationResponse#instance_access_control_attribute_configuration #instance_access_control_attribute_configuration} => Types::InstanceAccessControlAttributeConfiguration
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.describe_instance_access_control_attribute_configuration({
+    #     instance_arn: "InstanceArn", # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.status #=> String, one of "ENABLED", "CREATION_IN_PROGRESS", "CREATION_FAILED"
+    #   resp.status_reason #=> String
+    #   resp.instance_access_control_attribute_configuration.access_control_attributes #=> Array
+    #   resp.instance_access_control_attribute_configuration.access_control_attributes[0].key #=> String
+    #   resp.instance_access_control_attribute_configuration.access_control_attributes[0].value.source #=> Array
+    #   resp.instance_access_control_attribute_configuration.access_control_attributes[0].value.source[0] #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/DescribeInstanceAccessControlAttributeConfiguration AWS API Documentation
+    #
+    # @overload describe_instance_access_control_attribute_configuration(params = {})
+    # @param [Hash] params ({})
+    def describe_instance_access_control_attribute_configuration(params = {}, options = {})
+      req = build_request(:describe_instance_access_control_attribute_configuration, params)
+      req.send_request(options)
+    end
     # Gets the details of the permission set.
     #
     # @option params [required, String] :instance_arn
@@ -1399,7 +1550,8 @@ module Aws::SSOAdmin
     #   The ARN of the permission set.
     #
     # @option params [String] :target_id
-    #   The identifier for the chosen target.
+    #   TargetID is an AWS account identifier, typically a 10-12 digit string
+    #   (For example, 123456789012).
     #
     # @option params [required, String] :target_type
     #   The entity type for which the assignment will be created.
@@ -1437,6 +1589,13 @@ module Aws::SSOAdmin
     # Attaches an IAM inline policy to a permission set.
     #
+    # <note markdown="1"> If the permission set is already referenced by one or more account
+    # assignments, you will need to call ` ProvisionPermissionSet ` after
+    # this action to apply the corresponding IAM policy updates to all
+    # assigned accounts.
+    #
+    #  </note>
+    #
     # @option params [required, String] :instance_arn
     #   The ARN of the SSO instance under which the operation will be
     #   executed. For more information about ARNs, see [Amazon Resource Names
@@ -1542,6 +1701,51 @@ module Aws::SSOAdmin
       req.send_request(options)
     end
+    # Updates the AWS SSO identity store attributes to use with the AWS SSO
+    # instance for attributes-based access control (ABAC). When using an
+    # external identity provider as an identity source, you can pass
+    # attributes through the SAML assertion as an alternative to configuring
+    # attributes from the AWS SSO identity store. If a SAML assertion passes
+    # any of these attributes, AWS SSO will replace the attribute value with
+    # the value from the AWS SSO identity store. For more information about
+    # ABAC, see [Attribute-Based Access
+    # Control](/singlesignon/latest/userguide/abac.html) in the *AWS SSO
+    # User Guide*.
+    #
+    # @option params [required, String] :instance_arn
+    #   The ARN of the SSO instance under which the operation will be
+    #   executed.
+    #
+    # @option params [required, Types::InstanceAccessControlAttributeConfiguration] :instance_access_control_attribute_configuration
+    #   Updates the attributes for your ABAC configuration.
+    #
+    # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.update_instance_access_control_attribute_configuration({
+    #     instance_arn: "InstanceArn", # required
+    #     instance_access_control_attribute_configuration: { # required
+    #       access_control_attributes: [ # required
+    #         {
+    #           key: "AccessControlAttributeKey", # required
+    #           value: { # required
+    #             source: ["AccessControlAttributeValueSource"], # required
+    #           },
+    #         },
+    #       ],
+    #     },
+    #   })
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/UpdateInstanceAccessControlAttributeConfiguration AWS API Documentation
+    #
+    # @overload update_instance_access_control_attribute_configuration(params = {})
+    # @param [Hash] params ({})
+    def update_instance_access_control_attribute_configuration(params = {}, options = {})
+      req = build_request(:update_instance_access_control_attribute_configuration, params)
+      req.send_request(options)
+    end
     # Updates an existing permission set.
     #
     # @option params [required, String] :instance_arn
@@ -1599,7 +1803,7 @@ module Aws::SSOAdmin
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-ssoadmin'
-      context[:gem_version] = '1.0.0'
+      context[:gem_version] = '1.5.0'
       Seahorse::Client::Request.new(handlers, context)
     end

data/lib/aws-sdk-ssoadmin/client_api.rb CHANGED Viewed

@@ -13,6 +13,12 @@ module Aws::SSOAdmin
     include Seahorse::Model
+    AccessControlAttribute = Shapes::StructureShape.new(name: 'AccessControlAttribute')
+    AccessControlAttributeKey = Shapes::StringShape.new(name: 'AccessControlAttributeKey')
+    AccessControlAttributeList = Shapes::ListShape.new(name: 'AccessControlAttributeList')
+    AccessControlAttributeValue = Shapes::StructureShape.new(name: 'AccessControlAttributeValue')
+    AccessControlAttributeValueSource = Shapes::StringShape.new(name: 'AccessControlAttributeValueSource')
+    AccessControlAttributeValueSourceList = Shapes::ListShape.new(name: 'AccessControlAttributeValueSourceList')
     AccessDeniedException = Shapes::StructureShape.new(name: 'AccessDeniedException')
     AccessDeniedExceptionMessage = Shapes::StringShape.new(name: 'AccessDeniedExceptionMessage')
     AccountAssignment = Shapes::StructureShape.new(name: 'AccountAssignment')
@@ -30,6 +36,8 @@ module Aws::SSOAdmin
     ConflictExceptionMessage = Shapes::StringShape.new(name: 'ConflictExceptionMessage')
     CreateAccountAssignmentRequest = Shapes::StructureShape.new(name: 'CreateAccountAssignmentRequest')
     CreateAccountAssignmentResponse = Shapes::StructureShape.new(name: 'CreateAccountAssignmentResponse')
+    CreateInstanceAccessControlAttributeConfigurationRequest = Shapes::StructureShape.new(name: 'CreateInstanceAccessControlAttributeConfigurationRequest')
+    CreateInstanceAccessControlAttributeConfigurationResponse = Shapes::StructureShape.new(name: 'CreateInstanceAccessControlAttributeConfigurationResponse')
     CreatePermissionSetRequest = Shapes::StructureShape.new(name: 'CreatePermissionSetRequest')
     CreatePermissionSetResponse = Shapes::StructureShape.new(name: 'CreatePermissionSetResponse')
     Date = Shapes::TimestampShape.new(name: 'Date')
@@ -37,12 +45,16 @@ module Aws::SSOAdmin
     DeleteAccountAssignmentResponse = Shapes::StructureShape.new(name: 'DeleteAccountAssignmentResponse')
     DeleteInlinePolicyFromPermissionSetRequest = Shapes::StructureShape.new(name: 'DeleteInlinePolicyFromPermissionSetRequest')
     DeleteInlinePolicyFromPermissionSetResponse = Shapes::StructureShape.new(name: 'DeleteInlinePolicyFromPermissionSetResponse')
+    DeleteInstanceAccessControlAttributeConfigurationRequest = Shapes::StructureShape.new(name: 'DeleteInstanceAccessControlAttributeConfigurationRequest')
+    DeleteInstanceAccessControlAttributeConfigurationResponse = Shapes::StructureShape.new(name: 'DeleteInstanceAccessControlAttributeConfigurationResponse')
     DeletePermissionSetRequest = Shapes::StructureShape.new(name: 'DeletePermissionSetRequest')
     DeletePermissionSetResponse = Shapes::StructureShape.new(name: 'DeletePermissionSetResponse')
     DescribeAccountAssignmentCreationStatusRequest = Shapes::StructureShape.new(name: 'DescribeAccountAssignmentCreationStatusRequest')
     DescribeAccountAssignmentCreationStatusResponse = Shapes::StructureShape.new(name: 'DescribeAccountAssignmentCreationStatusResponse')
     DescribeAccountAssignmentDeletionStatusRequest = Shapes::StructureShape.new(name: 'DescribeAccountAssignmentDeletionStatusRequest')
     DescribeAccountAssignmentDeletionStatusResponse = Shapes::StructureShape.new(name: 'DescribeAccountAssignmentDeletionStatusResponse')
+    DescribeInstanceAccessControlAttributeConfigurationRequest = Shapes::StructureShape.new(name: 'DescribeInstanceAccessControlAttributeConfigurationRequest')
+    DescribeInstanceAccessControlAttributeConfigurationResponse = Shapes::StructureShape.new(name: 'DescribeInstanceAccessControlAttributeConfigurationResponse')
     DescribePermissionSetProvisioningStatusRequest = Shapes::StructureShape.new(name: 'DescribePermissionSetProvisioningStatusRequest')
     DescribePermissionSetProvisioningStatusResponse = Shapes::StructureShape.new(name: 'DescribePermissionSetProvisioningStatusResponse')
     DescribePermissionSetRequest = Shapes::StructureShape.new(name: 'DescribePermissionSetRequest')
@@ -54,6 +66,9 @@ module Aws::SSOAdmin
     GetInlinePolicyForPermissionSetRequest = Shapes::StructureShape.new(name: 'GetInlinePolicyForPermissionSetRequest')
     GetInlinePolicyForPermissionSetResponse = Shapes::StructureShape.new(name: 'GetInlinePolicyForPermissionSetResponse')
     Id = Shapes::StringShape.new(name: 'Id')
+    InstanceAccessControlAttributeConfiguration = Shapes::StructureShape.new(name: 'InstanceAccessControlAttributeConfiguration')
+    InstanceAccessControlAttributeConfigurationStatus = Shapes::StringShape.new(name: 'InstanceAccessControlAttributeConfigurationStatus')
+    InstanceAccessControlAttributeConfigurationStatusReason = Shapes::StringShape.new(name: 'InstanceAccessControlAttributeConfigurationStatusReason')
     InstanceArn = Shapes::StringShape.new(name: 'InstanceArn')
     InstanceList = Shapes::ListShape.new(name: 'InstanceList')
     InstanceMetadata = Shapes::StructureShape.new(name: 'InstanceMetadata')
@@ -122,11 +137,24 @@ module Aws::SSOAdmin
     UUId = Shapes::StringShape.new(name: 'UUId')
     UntagResourceRequest = Shapes::StructureShape.new(name: 'UntagResourceRequest')
     UntagResourceResponse = Shapes::StructureShape.new(name: 'UntagResourceResponse')
+    UpdateInstanceAccessControlAttributeConfigurationRequest = Shapes::StructureShape.new(name: 'UpdateInstanceAccessControlAttributeConfigurationRequest')
+    UpdateInstanceAccessControlAttributeConfigurationResponse = Shapes::StructureShape.new(name: 'UpdateInstanceAccessControlAttributeConfigurationResponse')
     UpdatePermissionSetRequest = Shapes::StructureShape.new(name: 'UpdatePermissionSetRequest')
     UpdatePermissionSetResponse = Shapes::StructureShape.new(name: 'UpdatePermissionSetResponse')
     ValidationException = Shapes::StructureShape.new(name: 'ValidationException')
     ValidationExceptionMessage = Shapes::StringShape.new(name: 'ValidationExceptionMessage')
+    AccessControlAttribute.add_member(:key, Shapes::ShapeRef.new(shape: AccessControlAttributeKey, required: true, location_name: "Key"))
+    AccessControlAttribute.add_member(:value, Shapes::ShapeRef.new(shape: AccessControlAttributeValue, required: true, location_name: "Value"))
+    AccessControlAttribute.struct_class = Types::AccessControlAttribute
+    AccessControlAttributeList.member = Shapes::ShapeRef.new(shape: AccessControlAttribute)
+    AccessControlAttributeValue.add_member(:source, Shapes::ShapeRef.new(shape: AccessControlAttributeValueSourceList, required: true, location_name: "Source"))
+    AccessControlAttributeValue.struct_class = Types::AccessControlAttributeValue
+    AccessControlAttributeValueSourceList.member = Shapes::ShapeRef.new(shape: AccessControlAttributeValueSource)
     AccessDeniedException.add_member(:message, Shapes::ShapeRef.new(shape: AccessDeniedExceptionMessage, location_name: "Message"))
     AccessDeniedException.struct_class = Types::AccessDeniedException
@@ -185,6 +213,12 @@ module Aws::SSOAdmin
     CreateAccountAssignmentResponse.add_member(:account_assignment_creation_status, Shapes::ShapeRef.new(shape: AccountAssignmentOperationStatus, location_name: "AccountAssignmentCreationStatus"))
     CreateAccountAssignmentResponse.struct_class = Types::CreateAccountAssignmentResponse
+    CreateInstanceAccessControlAttributeConfigurationRequest.add_member(:instance_arn, Shapes::ShapeRef.new(shape: InstanceArn, required: true, location_name: "InstanceArn"))
+    CreateInstanceAccessControlAttributeConfigurationRequest.add_member(:instance_access_control_attribute_configuration, Shapes::ShapeRef.new(shape: InstanceAccessControlAttributeConfiguration, required: true, location_name: "InstanceAccessControlAttributeConfiguration"))
+    CreateInstanceAccessControlAttributeConfigurationRequest.struct_class = Types::CreateInstanceAccessControlAttributeConfigurationRequest
+    CreateInstanceAccessControlAttributeConfigurationResponse.struct_class = Types::CreateInstanceAccessControlAttributeConfigurationResponse
     CreatePermissionSetRequest.add_member(:name, Shapes::ShapeRef.new(shape: PermissionSetName, required: true, location_name: "Name"))
     CreatePermissionSetRequest.add_member(:description, Shapes::ShapeRef.new(shape: PermissionSetDescription, location_name: "Description"))
     CreatePermissionSetRequest.add_member(:instance_arn, Shapes::ShapeRef.new(shape: InstanceArn, required: true, location_name: "InstanceArn"))
@@ -213,6 +247,11 @@ module Aws::SSOAdmin
     DeleteInlinePolicyFromPermissionSetResponse.struct_class = Types::DeleteInlinePolicyFromPermissionSetResponse
+    DeleteInstanceAccessControlAttributeConfigurationRequest.add_member(:instance_arn, Shapes::ShapeRef.new(shape: InstanceArn, required: true, location_name: "InstanceArn"))
+    DeleteInstanceAccessControlAttributeConfigurationRequest.struct_class = Types::DeleteInstanceAccessControlAttributeConfigurationRequest
+    DeleteInstanceAccessControlAttributeConfigurationResponse.struct_class = Types::DeleteInstanceAccessControlAttributeConfigurationResponse
     DeletePermissionSetRequest.add_member(:instance_arn, Shapes::ShapeRef.new(shape: InstanceArn, required: true, location_name: "InstanceArn"))
     DeletePermissionSetRequest.add_member(:permission_set_arn, Shapes::ShapeRef.new(shape: PermissionSetArn, required: true, location_name: "PermissionSetArn"))
     DeletePermissionSetRequest.struct_class = Types::DeletePermissionSetRequest
@@ -233,6 +272,14 @@ module Aws::SSOAdmin
     DescribeAccountAssignmentDeletionStatusResponse.add_member(:account_assignment_deletion_status, Shapes::ShapeRef.new(shape: AccountAssignmentOperationStatus, location_name: "AccountAssignmentDeletionStatus"))
     DescribeAccountAssignmentDeletionStatusResponse.struct_class = Types::DescribeAccountAssignmentDeletionStatusResponse
+    DescribeInstanceAccessControlAttributeConfigurationRequest.add_member(:instance_arn, Shapes::ShapeRef.new(shape: InstanceArn, required: true, location_name: "InstanceArn"))
+    DescribeInstanceAccessControlAttributeConfigurationRequest.struct_class = Types::DescribeInstanceAccessControlAttributeConfigurationRequest
+    DescribeInstanceAccessControlAttributeConfigurationResponse.add_member(:status, Shapes::ShapeRef.new(shape: InstanceAccessControlAttributeConfigurationStatus, location_name: "Status"))
+    DescribeInstanceAccessControlAttributeConfigurationResponse.add_member(:status_reason, Shapes::ShapeRef.new(shape: InstanceAccessControlAttributeConfigurationStatusReason, location_name: "StatusReason"))
+    DescribeInstanceAccessControlAttributeConfigurationResponse.add_member(:instance_access_control_attribute_configuration, Shapes::ShapeRef.new(shape: InstanceAccessControlAttributeConfiguration, location_name: "InstanceAccessControlAttributeConfiguration"))
+    DescribeInstanceAccessControlAttributeConfigurationResponse.struct_class = Types::DescribeInstanceAccessControlAttributeConfigurationResponse
     DescribePermissionSetProvisioningStatusRequest.add_member(:instance_arn, Shapes::ShapeRef.new(shape: InstanceArn, required: true, location_name: "InstanceArn"))
     DescribePermissionSetProvisioningStatusRequest.add_member(:provision_permission_set_request_id, Shapes::ShapeRef.new(shape: UUId, required: true, location_name: "ProvisionPermissionSetRequestId"))
     DescribePermissionSetProvisioningStatusRequest.struct_class = Types::DescribePermissionSetProvisioningStatusRequest
@@ -261,6 +308,9 @@ module Aws::SSOAdmin
     GetInlinePolicyForPermissionSetResponse.add_member(:inline_policy, Shapes::ShapeRef.new(shape: PermissionSetPolicyDocument, location_name: "InlinePolicy"))
     GetInlinePolicyForPermissionSetResponse.struct_class = Types::GetInlinePolicyForPermissionSetResponse
+    InstanceAccessControlAttributeConfiguration.add_member(:access_control_attributes, Shapes::ShapeRef.new(shape: AccessControlAttributeList, required: true, location_name: "AccessControlAttributes"))
+    InstanceAccessControlAttributeConfiguration.struct_class = Types::InstanceAccessControlAttributeConfiguration
     InstanceList.member = Shapes::ShapeRef.new(shape: InstanceMetadata)
     InstanceMetadata.add_member(:instance_arn, Shapes::ShapeRef.new(shape: InstanceArn, location_name: "InstanceArn"))
@@ -444,6 +494,12 @@ module Aws::SSOAdmin
     UntagResourceResponse.struct_class = Types::UntagResourceResponse
+    UpdateInstanceAccessControlAttributeConfigurationRequest.add_member(:instance_arn, Shapes::ShapeRef.new(shape: InstanceArn, required: true, location_name: "InstanceArn"))
+    UpdateInstanceAccessControlAttributeConfigurationRequest.add_member(:instance_access_control_attribute_configuration, Shapes::ShapeRef.new(shape: InstanceAccessControlAttributeConfiguration, required: true, location_name: "InstanceAccessControlAttributeConfiguration"))
+    UpdateInstanceAccessControlAttributeConfigurationRequest.struct_class = Types::UpdateInstanceAccessControlAttributeConfigurationRequest
+    UpdateInstanceAccessControlAttributeConfigurationResponse.struct_class = Types::UpdateInstanceAccessControlAttributeConfigurationResponse
     UpdatePermissionSetRequest.add_member(:instance_arn, Shapes::ShapeRef.new(shape: InstanceArn, required: true, location_name: "InstanceArn"))
     UpdatePermissionSetRequest.add_member(:permission_set_arn, Shapes::ShapeRef.new(shape: PermissionSetArn, required: true, location_name: "PermissionSetArn"))
     UpdatePermissionSetRequest.add_member(:description, Shapes::ShapeRef.new(shape: PermissionSetDescription, location_name: "Description"))
@@ -506,6 +562,20 @@ module Aws::SSOAdmin
         o.errors << Shapes::ShapeRef.new(shape: ConflictException)
       end)
+      api.add_operation(:create_instance_access_control_attribute_configuration, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "CreateInstanceAccessControlAttributeConfiguration"
+        o.http_method = "POST"
+        o.http_request_uri = "/"
+        o.input = Shapes::ShapeRef.new(shape: CreateInstanceAccessControlAttributeConfigurationRequest)
+        o.output = Shapes::ShapeRef.new(shape: CreateInstanceAccessControlAttributeConfigurationResponse)
+        o.errors << Shapes::ShapeRef.new(shape: InternalServerException)
+        o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
+        o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
+        o.errors << Shapes::ShapeRef.new(shape: ValidationException)
+        o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
+        o.errors << Shapes::ShapeRef.new(shape: ConflictException)
+      end)
       api.add_operation(:create_permission_set, Seahorse::Model::Operation.new.tap do |o|
         o.name = "CreatePermissionSet"
         o.http_method = "POST"
@@ -549,6 +619,20 @@ module Aws::SSOAdmin
         o.errors << Shapes::ShapeRef.new(shape: ConflictException)
       end)
+      api.add_operation(:delete_instance_access_control_attribute_configuration, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "DeleteInstanceAccessControlAttributeConfiguration"
+        o.http_method = "POST"
+        o.http_request_uri = "/"
+        o.input = Shapes::ShapeRef.new(shape: DeleteInstanceAccessControlAttributeConfigurationRequest)
+        o.output = Shapes::ShapeRef.new(shape: DeleteInstanceAccessControlAttributeConfigurationResponse)
+        o.errors << Shapes::ShapeRef.new(shape: InternalServerException)
+        o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
+        o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
+        o.errors << Shapes::ShapeRef.new(shape: ValidationException)
+        o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
+        o.errors << Shapes::ShapeRef.new(shape: ConflictException)
+      end)
       api.add_operation(:delete_permission_set, Seahorse::Model::Operation.new.tap do |o|
         o.name = "DeletePermissionSet"
         o.http_method = "POST"
@@ -589,6 +673,19 @@ module Aws::SSOAdmin
         o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
       end)
+      api.add_operation(:describe_instance_access_control_attribute_configuration, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "DescribeInstanceAccessControlAttributeConfiguration"
+        o.http_method = "POST"
+        o.http_request_uri = "/"
+        o.input = Shapes::ShapeRef.new(shape: DescribeInstanceAccessControlAttributeConfigurationRequest)
+        o.output = Shapes::ShapeRef.new(shape: DescribeInstanceAccessControlAttributeConfigurationResponse)
+        o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
+        o.errors << Shapes::ShapeRef.new(shape: InternalServerException)
+        o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
+        o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
+        o.errors << Shapes::ShapeRef.new(shape: ValidationException)
+      end)
       api.add_operation(:describe_permission_set, Seahorse::Model::Operation.new.tap do |o|
         o.name = "DescribePermissionSet"
         o.http_method = "POST"
@@ -888,6 +985,20 @@ module Aws::SSOAdmin
         o.errors << Shapes::ShapeRef.new(shape: ConflictException)
       end)
+      api.add_operation(:update_instance_access_control_attribute_configuration, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "UpdateInstanceAccessControlAttributeConfiguration"
+        o.http_method = "POST"
+        o.http_request_uri = "/"
+        o.input = Shapes::ShapeRef.new(shape: UpdateInstanceAccessControlAttributeConfigurationRequest)
+        o.output = Shapes::ShapeRef.new(shape: UpdateInstanceAccessControlAttributeConfigurationResponse)
+        o.errors << Shapes::ShapeRef.new(shape: InternalServerException)
+        o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
+        o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
+        o.errors << Shapes::ShapeRef.new(shape: ValidationException)
+        o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
+        o.errors << Shapes::ShapeRef.new(shape: ConflictException)
+      end)
       api.add_operation(:update_permission_set, Seahorse::Model::Operation.new.tap do |o|
         o.name = "UpdatePermissionSet"
         o.http_method = "POST"

data/lib/aws-sdk-ssoadmin/types.rb CHANGED Viewed

@@ -10,6 +10,66 @@
 module Aws::SSOAdmin
   module Types
+    # These are AWS SSO identity store attributes that you can configure for
+    # use in attributes-based access control (ABAC). You can create
+    # permission policies that determine who can access your AWS resources
+    # based upon the configured attribute value(s). When you enable ABAC and
+    # specify AccessControlAttributes, AWS SSO passes the attribute(s) value
+    # of the authenticated user into IAM for use in policy evaluation.
+    #
+    # @note When making an API call, you may pass AccessControlAttribute
+    #   data as a hash:
+    #
+    #       {
+    #         key: "AccessControlAttributeKey", # required
+    #         value: { # required
+    #           source: ["AccessControlAttributeValueSource"], # required
+    #         },
+    #       }
+    #
+    # @!attribute [rw] key
+    #   The name of the attribute associated with your identities in your
+    #   identity source. This is used to map a specified attribute in your
+    #   identity source with an attribute in AWS SSO.
+    #   @return [String]
+    #
+    # @!attribute [rw] value
+    #   The value used for mapping a specified attribute to an identity
+    #   source.
+    #   @return [Types::AccessControlAttributeValue]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/AccessControlAttribute AWS API Documentation
+    #
+    class AccessControlAttribute < Struct.new(
+      :key,
+      :value)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+    # The value used for mapping a specified attribute to an identity
+    # source.
+    #
+    # @note When making an API call, you may pass AccessControlAttributeValue
+    #   data as a hash:
+    #
+    #       {
+    #         source: ["AccessControlAttributeValueSource"], # required
+    #       }
+    #
+    # @!attribute [rw] source
+    #   The identity source to use when mapping a specified attribute to AWS
+    #   SSO.
+    #   @return [Array<String>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/AccessControlAttributeValue AWS API Documentation
+    #
+    class AccessControlAttributeValue < Struct.new(
+      :source)
+      SENSITIVE = []
+      include Aws::Structure
+    end
     # You do not have sufficient access to perform this action.
     #
     # @!attribute [rw] message
@@ -47,7 +107,11 @@ module Aws::SSOAdmin
     #   @return [String]
     #
     # @!attribute [rw] principal_id
-    #   The identifier of the principal.
+    #   An identifier for an object in AWS SSO, such as a user or group.
+    #   PrincipalIds are GUIDs (For example,
+    #   f81d4fae-7dec-11d0-a765-00a0c91e6bf6). For more information about
+    #   PrincipalIds in AWS SSO, see the [AWS SSO Identity Store API
+    #   Reference](/singlesignon/latest/IdentityStoreAPIReference/welcome.html).
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/AccountAssignment AWS API Documentation
@@ -79,7 +143,8 @@ module Aws::SSOAdmin
     #   @return [String]
     #
     # @!attribute [rw] target_id
-    #   The identifier for the chosen target.
+    #   TargetID is an AWS account identifier, typically a 10-12 digit
+    #   string (For example, 123456789012).
     #   @return [String]
     #
     # @!attribute [rw] target_type
@@ -98,7 +163,11 @@ module Aws::SSOAdmin
     #   @return [String]
     #
     # @!attribute [rw] principal_id
-    #   The identifier of the principal.
+    #   An identifier for an object in AWS SSO, such as a user or group.
+    #   PrincipalIds are GUIDs (For example,
+    #   f81d4fae-7dec-11d0-a765-00a0c91e6bf6). For more information about
+    #   PrincipalIds in AWS SSO, see the [AWS SSO Identity Store API
+    #   Reference](/singlesignon/latest/IdentityStoreAPIReference/welcome.html).
     #   @return [String]
     #
     # @!attribute [rw] created_date
@@ -246,7 +315,8 @@ module Aws::SSOAdmin
     #   @return [String]
     #
     # @!attribute [rw] target_id
-    #   The identifier for the chosen target.
+    #   TargetID is an AWS account identifier, typically a 10-12 digit
+    #   string (For example, 123456789012).
     #   @return [String]
     #
     # @!attribute [rw] target_type
@@ -263,7 +333,11 @@ module Aws::SSOAdmin
     #   @return [String]
     #
     # @!attribute [rw] principal_id
-    #   The identifier of the principal.
+    #   An identifier for an object in AWS SSO, such as a user or group.
+    #   PrincipalIds are GUIDs (For example,
+    #   f81d4fae-7dec-11d0-a765-00a0c91e6bf6). For more information about
+    #   PrincipalIds in AWS SSO, see the [AWS SSO Identity Store API
+    #   Reference](/singlesignon/latest/IdentityStoreAPIReference/welcome.html).
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/CreateAccountAssignmentRequest AWS API Documentation
@@ -291,6 +365,51 @@ module Aws::SSOAdmin
       include Aws::Structure
     end
+    # @note When making an API call, you may pass CreateInstanceAccessControlAttributeConfigurationRequest
+    #   data as a hash:
+    #
+    #       {
+    #         instance_arn: "InstanceArn", # required
+    #         instance_access_control_attribute_configuration: { # required
+    #           access_control_attributes: [ # required
+    #             {
+    #               key: "AccessControlAttributeKey", # required
+    #               value: { # required
+    #                 source: ["AccessControlAttributeValueSource"], # required
+    #               },
+    #             },
+    #           ],
+    #         },
+    #       }
+    #
+    # @!attribute [rw] instance_arn
+    #   The ARN of the SSO instance under which the operation will be
+    #   executed.
+    #   @return [String]
+    #
+    # @!attribute [rw] instance_access_control_attribute_configuration
+    #   Specifies the AWS SSO identity store attributes to add to your ABAC
+    #   configuration. When using an external identity provider as an
+    #   identity source, you can pass attributes through the SAML assertion
+    #   as an alternative to configuring attributes from the AWS SSO
+    #   identity store. If a SAML assertion passes any of these attributes,
+    #   AWS SSO will replace the attribute value with the value from the AWS
+    #   SSO identity store.
+    #   @return [Types::InstanceAccessControlAttributeConfiguration]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/CreateInstanceAccessControlAttributeConfigurationRequest AWS API Documentation
+    #
+    class CreateInstanceAccessControlAttributeConfigurationRequest < Struct.new(
+      :instance_arn,
+      :instance_access_control_attribute_configuration)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/CreateInstanceAccessControlAttributeConfigurationResponse AWS API Documentation
+    #
+    class CreateInstanceAccessControlAttributeConfigurationResponse < Aws::EmptyStructure; end
     # @note When making an API call, you may pass CreatePermissionSetRequest
     #   data as a hash:
     #
@@ -384,7 +503,8 @@ module Aws::SSOAdmin
     #   @return [String]
     #
     # @!attribute [rw] target_id
-    #   The identifier for the chosen target.
+    #   TargetID is an AWS account identifier, typically a 10-12 digit
+    #   string (For example, 123456789012).
     #   @return [String]
     #
     # @!attribute [rw] target_type
@@ -400,7 +520,11 @@ module Aws::SSOAdmin
     #   @return [String]
     #
     # @!attribute [rw] principal_id
-    #   The identifier of the principal.
+    #   An identifier for an object in AWS SSO, such as a user or group.
+    #   PrincipalIds are GUIDs (For example,
+    #   f81d4fae-7dec-11d0-a765-00a0c91e6bf6). For more information about
+    #   PrincipalIds in AWS SSO, see the [AWS SSO Identity Store API
+    #   Reference](/singlesignon/latest/IdentityStoreAPIReference/welcome.html).
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/DeleteAccountAssignmentRequest AWS API Documentation
@@ -461,6 +585,30 @@ module Aws::SSOAdmin
     #
     class DeleteInlinePolicyFromPermissionSetResponse < Aws::EmptyStructure; end
+    # @note When making an API call, you may pass DeleteInstanceAccessControlAttributeConfigurationRequest
+    #   data as a hash:
+    #
+    #       {
+    #         instance_arn: "InstanceArn", # required
+    #       }
+    #
+    # @!attribute [rw] instance_arn
+    #   The ARN of the SSO instance under which the operation will be
+    #   executed.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/DeleteInstanceAccessControlAttributeConfigurationRequest AWS API Documentation
+    #
+    class DeleteInstanceAccessControlAttributeConfigurationRequest < Struct.new(
+      :instance_arn)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/DeleteInstanceAccessControlAttributeConfigurationResponse AWS API Documentation
+    #
+    class DeleteInstanceAccessControlAttributeConfigurationResponse < Aws::EmptyStructure; end
     # @note When making an API call, you may pass DeletePermissionSetRequest
     #   data as a hash:
     #
@@ -576,6 +724,50 @@ module Aws::SSOAdmin
       include Aws::Structure
     end
+    # @note When making an API call, you may pass DescribeInstanceAccessControlAttributeConfigurationRequest
+    #   data as a hash:
+    #
+    #       {
+    #         instance_arn: "InstanceArn", # required
+    #       }
+    #
+    # @!attribute [rw] instance_arn
+    #   The ARN of the SSO instance under which the operation will be
+    #   executed.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/DescribeInstanceAccessControlAttributeConfigurationRequest AWS API Documentation
+    #
+    class DescribeInstanceAccessControlAttributeConfigurationRequest < Struct.new(
+      :instance_arn)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+    # @!attribute [rw] status
+    #   The status of the attribute configuration process.
+    #   @return [String]
+    #
+    # @!attribute [rw] status_reason
+    #   Provides more details about the current status of the specified
+    #   attribute.
+    #   @return [String]
+    #
+    # @!attribute [rw] instance_access_control_attribute_configuration
+    #   Gets the list of AWS SSO identity store attributes added to your
+    #   ABAC configuration.
+    #   @return [Types::InstanceAccessControlAttributeConfiguration]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/DescribeInstanceAccessControlAttributeConfigurationResponse AWS API Documentation
+    #
+    class DescribeInstanceAccessControlAttributeConfigurationResponse < Struct.new(
+      :status,
+      :status_reason,
+      :instance_access_control_attribute_configuration)
+      SENSITIVE = []
+      include Aws::Structure
+    end
     # @note When making an API call, you may pass DescribePermissionSetProvisioningStatusRequest
     #   data as a hash:
     #
@@ -740,6 +932,36 @@ module Aws::SSOAdmin
       include Aws::Structure
     end
+    # Specifies the attributes to add to your attribute-based access control
+    # (ABAC) configuration.
+    #
+    # @note When making an API call, you may pass InstanceAccessControlAttributeConfiguration
+    #   data as a hash:
+    #
+    #       {
+    #         access_control_attributes: [ # required
+    #           {
+    #             key: "AccessControlAttributeKey", # required
+    #             value: { # required
+    #               source: ["AccessControlAttributeValueSource"], # required
+    #             },
+    #           },
+    #         ],
+    #       }
+    #
+    # @!attribute [rw] access_control_attributes
+    #   Lists the attributes that are configured for ABAC in the specified
+    #   AWS SSO instance.
+    #   @return [Array<Types::AccessControlAttribute>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/InstanceAccessControlAttributeConfiguration AWS API Documentation
+    #
+    class InstanceAccessControlAttributeConfiguration < Struct.new(
+      :access_control_attributes)
+      SENSITIVE = []
+      include Aws::Structure
+    end
     # Provides information about the SSO instance.
     #
     # @!attribute [rw] instance_arn
@@ -1537,7 +1759,8 @@ module Aws::SSOAdmin
     #   @return [String]
     #
     # @!attribute [rw] target_id
-    #   The identifier for the chosen target.
+    #   TargetID is an AWS account identifier, typically a 10-12 digit
+    #   string (For example, 123456789012).
     #   @return [String]
     #
     # @!attribute [rw] target_type
@@ -1759,6 +1982,45 @@ module Aws::SSOAdmin
     #
     class UntagResourceResponse < Aws::EmptyStructure; end
+    # @note When making an API call, you may pass UpdateInstanceAccessControlAttributeConfigurationRequest
+    #   data as a hash:
+    #
+    #       {
+    #         instance_arn: "InstanceArn", # required
+    #         instance_access_control_attribute_configuration: { # required
+    #           access_control_attributes: [ # required
+    #             {
+    #               key: "AccessControlAttributeKey", # required
+    #               value: { # required
+    #                 source: ["AccessControlAttributeValueSource"], # required
+    #               },
+    #             },
+    #           ],
+    #         },
+    #       }
+    #
+    # @!attribute [rw] instance_arn
+    #   The ARN of the SSO instance under which the operation will be
+    #   executed.
+    #   @return [String]
+    #
+    # @!attribute [rw] instance_access_control_attribute_configuration
+    #   Updates the attributes for your ABAC configuration.
+    #   @return [Types::InstanceAccessControlAttributeConfiguration]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/UpdateInstanceAccessControlAttributeConfigurationRequest AWS API Documentation
+    #
+    class UpdateInstanceAccessControlAttributeConfigurationRequest < Struct.new(
+      :instance_arn,
+      :instance_access_control_attribute_configuration)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/UpdateInstanceAccessControlAttributeConfigurationResponse AWS API Documentation
+    #
+    class UpdateInstanceAccessControlAttributeConfigurationResponse < Aws::EmptyStructure; end
     # @note When making an API call, you may pass UpdatePermissionSetRequest
     #   data as a hash:
     #

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-ssoadmin
 version: !ruby/object:Gem::Version
-  version: 1.0.0
+  version: 1.5.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-09-10 00:00:00.000000000 Z
+date: 2021-02-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core
@@ -19,7 +19,7 @@ dependencies:
         version: '3'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.99.0
+        version: 3.112.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -29,7 +29,7 @@ dependencies:
         version: '3'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.99.0
+        version: 3.112.0
 - !ruby/object:Gem::Dependency
   name: aws-sigv4
   requirement: !ruby/object:Gem::Requirement