aws-sdk-ssoadmin 1.0.0 → 1.5.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 78d783a645187efcf7dce2479fc3fe2a1d351075628a297a7b3289d724d99b6e
4
- data.tar.gz: 1b8c5e150cb4eeddd208a37b6e213207fd93429a8ddd040c566d0357178c20f1
3
+ metadata.gz: e07a29693cb8e03889e5dce716990d04b7ac038dad09bebcb8c902be40d36631
4
+ data.tar.gz: 8c567ab0105278b17b9ac847e6160d9c3d5d62fdbeb716eeacb0db4a091da315
5
5
  SHA512:
6
- metadata.gz: 92985c1203c9f42d6dbac2b7b53dd58be3bbf45bd5182f49e1fa05bbb5406bcacacda821013a6f477a951d02177003953a2bcc4354a223019d2abea9d52cd5fa
7
- data.tar.gz: 82841762be02e70d77f0fa2a977995c2fd918d9b3cc304430b560e2b5b5d5ea27ccd6dce9b3af5409273d9dae8bb4a0154c91c5caf4505910449bf3270f1a2fb
6
+ metadata.gz: 7fa248ad13c651f9b1aa6fe378462b39147fc539006fc918fa3b1b31dd666029bcebdc42ae19cdf3c4ba59b326b49b0597ca40758425b066cb66e99f5afeedb7
7
+ data.tar.gz: 632241cbb2d94cc4011b7311123dcf9b18c98ee380acd6dc3e5ecef42215f77b4a8da24895598a261a8cc390546576d1ce6264f2d1e8173a330a0b22a39a87ea
@@ -7,6 +7,7 @@
7
7
  #
8
8
  # WARNING ABOUT GENERATED CODE
9
9
 
10
+
10
11
  require 'aws-sdk-core'
11
12
  require 'aws-sigv4'
12
13
 
@@ -47,6 +48,6 @@ require_relative 'aws-sdk-ssoadmin/customizations'
47
48
  # @!group service
48
49
  module Aws::SSOAdmin
49
50
 
50
- GEM_VERSION = '1.0.0'
51
+ GEM_VERSION = '1.5.0'
51
52
 
52
53
  end
@@ -339,6 +339,13 @@ module Aws::SSOAdmin
339
339
 
340
340
  # Attaches an IAM managed policy ARN to a permission set.
341
341
  #
342
+ # <note markdown="1"> If the permission set is already referenced by one or more account
343
+ # assignments, you will need to call ` ProvisionPermissionSet ` after
344
+ # this action to apply the corresponding IAM policy updates to all
345
+ # assigned accounts.
346
+ #
347
+ # </note>
348
+ #
342
349
  # @option params [required, String] :instance_arn
343
350
  # The ARN of the SSO instance under which the operation will be
344
351
  # executed. For more information about ARNs, see [Amazon Resource Names
@@ -380,6 +387,16 @@ module Aws::SSOAdmin
380
387
  #
381
388
  # </note>
382
389
  #
390
+ # <note markdown="1"> As part of a successful `CreateAccountAssignment` call, the specified
391
+ # permission set will automatically be provisioned to the account in the
392
+ # form of an IAM policy attached to the SSO-created IAM role. If the
393
+ # permission set is subsequently updated, the corresponding IAM policies
394
+ # attached to roles in your accounts will not be updated automatically.
395
+ # In this case, you will need to call ` ProvisionPermissionSet ` to make
396
+ # these updates.
397
+ #
398
+ # </note>
399
+ #
383
400
  # @option params [required, String] :instance_arn
384
401
  # The ARN of the SSO instance under which the operation will be
385
402
  # executed. For more information about ARNs, see [Amazon Resource Names
@@ -388,7 +405,8 @@ module Aws::SSOAdmin
388
405
  # *AWS General Reference*.
389
406
  #
390
407
  # @option params [required, String] :target_id
391
- # The identifier for the chosen target.
408
+ # TargetID is an AWS account identifier, typically a 10-12 digit string
409
+ # (For example, 123456789012).
392
410
  #
393
411
  # @option params [required, String] :target_type
394
412
  # The entity type for which the assignment will be created.
@@ -401,7 +419,11 @@ module Aws::SSOAdmin
401
419
  # The entity type for which the assignment will be created.
402
420
  #
403
421
  # @option params [required, String] :principal_id
404
- # The identifier of the principal.
422
+ # An identifier for an object in AWS SSO, such as a user or group.
423
+ # PrincipalIds are GUIDs (For example,
424
+ # f81d4fae-7dec-11d0-a765-00a0c91e6bf6). For more information about
425
+ # PrincipalIds in AWS SSO, see the [AWS SSO Identity Store API
426
+ # Reference](/singlesignon/latest/IdentityStoreAPIReference/welcome.html).
405
427
  #
406
428
  # @return [Types::CreateAccountAssignmentResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
407
429
  #
@@ -439,8 +461,60 @@ module Aws::SSOAdmin
439
461
  req.send_request(options)
440
462
  end
441
463
 
464
+ # Enables the attributes-based access control (ABAC) feature for the
465
+ # specified AWS SSO instance. You can also specify new attributes to add
466
+ # to your ABAC configuration during the enabling process. For more
467
+ # information about ABAC, see [Attribute-Based Access
468
+ # Control](/singlesignon/latest/userguide/abac.html) in the *AWS SSO
469
+ # User Guide*.
470
+ #
471
+ # @option params [required, String] :instance_arn
472
+ # The ARN of the SSO instance under which the operation will be
473
+ # executed.
474
+ #
475
+ # @option params [required, Types::InstanceAccessControlAttributeConfiguration] :instance_access_control_attribute_configuration
476
+ # Specifies the AWS SSO identity store attributes to add to your ABAC
477
+ # configuration. When using an external identity provider as an identity
478
+ # source, you can pass attributes through the SAML assertion as an
479
+ # alternative to configuring attributes from the AWS SSO identity store.
480
+ # If a SAML assertion passes any of these attributes, AWS SSO will
481
+ # replace the attribute value with the value from the AWS SSO identity
482
+ # store.
483
+ #
484
+ # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
485
+ #
486
+ # @example Request syntax with placeholder values
487
+ #
488
+ # resp = client.create_instance_access_control_attribute_configuration({
489
+ # instance_arn: "InstanceArn", # required
490
+ # instance_access_control_attribute_configuration: { # required
491
+ # access_control_attributes: [ # required
492
+ # {
493
+ # key: "AccessControlAttributeKey", # required
494
+ # value: { # required
495
+ # source: ["AccessControlAttributeValueSource"], # required
496
+ # },
497
+ # },
498
+ # ],
499
+ # },
500
+ # })
501
+ #
502
+ # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/CreateInstanceAccessControlAttributeConfiguration AWS API Documentation
503
+ #
504
+ # @overload create_instance_access_control_attribute_configuration(params = {})
505
+ # @param [Hash] params ({})
506
+ def create_instance_access_control_attribute_configuration(params = {}, options = {})
507
+ req = build_request(:create_instance_access_control_attribute_configuration, params)
508
+ req.send_request(options)
509
+ end
510
+
442
511
  # Creates a permission set within a specified SSO instance.
443
512
  #
513
+ # <note markdown="1"> To grant users and groups access to AWS account resources, use `
514
+ # CreateAccountAssignment `.
515
+ #
516
+ # </note>
517
+ #
444
518
  # @option params [required, String] :name
445
519
  # The name of the PermissionSet.
446
520
  #
@@ -514,7 +588,8 @@ module Aws::SSOAdmin
514
588
  # *AWS General Reference*.
515
589
  #
516
590
  # @option params [required, String] :target_id
517
- # The identifier for the chosen target.
591
+ # TargetID is an AWS account identifier, typically a 10-12 digit string
592
+ # (For example, 123456789012).
518
593
  #
519
594
  # @option params [required, String] :target_type
520
595
  # The entity type for which the assignment will be deleted.
@@ -526,7 +601,11 @@ module Aws::SSOAdmin
526
601
  # The entity type for which the assignment will be deleted.
527
602
  #
528
603
  # @option params [required, String] :principal_id
529
- # The identifier of the principal.
604
+ # An identifier for an object in AWS SSO, such as a user or group.
605
+ # PrincipalIds are GUIDs (For example,
606
+ # f81d4fae-7dec-11d0-a765-00a0c91e6bf6). For more information about
607
+ # PrincipalIds in AWS SSO, see the [AWS SSO Identity Store API
608
+ # Reference](/singlesignon/latest/IdentityStoreAPIReference/welcome.html).
530
609
  #
531
610
  # @return [Types::DeleteAccountAssignmentResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
532
611
  #
@@ -594,6 +673,36 @@ module Aws::SSOAdmin
594
673
  req.send_request(options)
595
674
  end
596
675
 
676
+ # Disables the attributes-based access control (ABAC) feature for the
677
+ # specified AWS SSO instance and deletes all of the attribute mappings
678
+ # that have been configured. Once deleted, any attributes that are
679
+ # received from an identity source and any custom attributes you have
680
+ # previously configured will not be passed. For more information about
681
+ # ABAC, see [Attribute-Based Access
682
+ # Control](/singlesignon/latest/userguide/abac.html) in the *AWS SSO
683
+ # User Guide*.
684
+ #
685
+ # @option params [required, String] :instance_arn
686
+ # The ARN of the SSO instance under which the operation will be
687
+ # executed.
688
+ #
689
+ # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
690
+ #
691
+ # @example Request syntax with placeholder values
692
+ #
693
+ # resp = client.delete_instance_access_control_attribute_configuration({
694
+ # instance_arn: "InstanceArn", # required
695
+ # })
696
+ #
697
+ # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/DeleteInstanceAccessControlAttributeConfiguration AWS API Documentation
698
+ #
699
+ # @overload delete_instance_access_control_attribute_configuration(params = {})
700
+ # @param [Hash] params ({})
701
+ def delete_instance_access_control_attribute_configuration(params = {}, options = {})
702
+ req = build_request(:delete_instance_access_control_attribute_configuration, params)
703
+ req.send_request(options)
704
+ end
705
+
597
706
  # Deletes the specified permission set.
598
707
  #
599
708
  # @option params [required, String] :instance_arn
@@ -712,6 +821,48 @@ module Aws::SSOAdmin
712
821
  req.send_request(options)
713
822
  end
714
823
 
824
+ # Returns the list of AWS SSO identity store attributes that have been
825
+ # configured to work with attributes-based access control (ABAC) for the
826
+ # specified AWS SSO instance. This will not return attributes configured
827
+ # and sent by an external identity provider. For more information about
828
+ # ABAC, see [Attribute-Based Access
829
+ # Control](/singlesignon/latest/userguide/abac.html) in the *AWS SSO
830
+ # User Guide*.
831
+ #
832
+ # @option params [required, String] :instance_arn
833
+ # The ARN of the SSO instance under which the operation will be
834
+ # executed.
835
+ #
836
+ # @return [Types::DescribeInstanceAccessControlAttributeConfigurationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
837
+ #
838
+ # * {Types::DescribeInstanceAccessControlAttributeConfigurationResponse#status #status} => String
839
+ # * {Types::DescribeInstanceAccessControlAttributeConfigurationResponse#status_reason #status_reason} => String
840
+ # * {Types::DescribeInstanceAccessControlAttributeConfigurationResponse#instance_access_control_attribute_configuration #instance_access_control_attribute_configuration} => Types::InstanceAccessControlAttributeConfiguration
841
+ #
842
+ # @example Request syntax with placeholder values
843
+ #
844
+ # resp = client.describe_instance_access_control_attribute_configuration({
845
+ # instance_arn: "InstanceArn", # required
846
+ # })
847
+ #
848
+ # @example Response structure
849
+ #
850
+ # resp.status #=> String, one of "ENABLED", "CREATION_IN_PROGRESS", "CREATION_FAILED"
851
+ # resp.status_reason #=> String
852
+ # resp.instance_access_control_attribute_configuration.access_control_attributes #=> Array
853
+ # resp.instance_access_control_attribute_configuration.access_control_attributes[0].key #=> String
854
+ # resp.instance_access_control_attribute_configuration.access_control_attributes[0].value.source #=> Array
855
+ # resp.instance_access_control_attribute_configuration.access_control_attributes[0].value.source[0] #=> String
856
+ #
857
+ # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/DescribeInstanceAccessControlAttributeConfiguration AWS API Documentation
858
+ #
859
+ # @overload describe_instance_access_control_attribute_configuration(params = {})
860
+ # @param [Hash] params ({})
861
+ def describe_instance_access_control_attribute_configuration(params = {}, options = {})
862
+ req = build_request(:describe_instance_access_control_attribute_configuration, params)
863
+ req.send_request(options)
864
+ end
865
+
715
866
  # Gets the details of the permission set.
716
867
  #
717
868
  # @option params [required, String] :instance_arn
@@ -1399,7 +1550,8 @@ module Aws::SSOAdmin
1399
1550
  # The ARN of the permission set.
1400
1551
  #
1401
1552
  # @option params [String] :target_id
1402
- # The identifier for the chosen target.
1553
+ # TargetID is an AWS account identifier, typically a 10-12 digit string
1554
+ # (For example, 123456789012).
1403
1555
  #
1404
1556
  # @option params [required, String] :target_type
1405
1557
  # The entity type for which the assignment will be created.
@@ -1437,6 +1589,13 @@ module Aws::SSOAdmin
1437
1589
 
1438
1590
  # Attaches an IAM inline policy to a permission set.
1439
1591
  #
1592
+ # <note markdown="1"> If the permission set is already referenced by one or more account
1593
+ # assignments, you will need to call ` ProvisionPermissionSet ` after
1594
+ # this action to apply the corresponding IAM policy updates to all
1595
+ # assigned accounts.
1596
+ #
1597
+ # </note>
1598
+ #
1440
1599
  # @option params [required, String] :instance_arn
1441
1600
  # The ARN of the SSO instance under which the operation will be
1442
1601
  # executed. For more information about ARNs, see [Amazon Resource Names
@@ -1542,6 +1701,51 @@ module Aws::SSOAdmin
1542
1701
  req.send_request(options)
1543
1702
  end
1544
1703
 
1704
+ # Updates the AWS SSO identity store attributes to use with the AWS SSO
1705
+ # instance for attributes-based access control (ABAC). When using an
1706
+ # external identity provider as an identity source, you can pass
1707
+ # attributes through the SAML assertion as an alternative to configuring
1708
+ # attributes from the AWS SSO identity store. If a SAML assertion passes
1709
+ # any of these attributes, AWS SSO will replace the attribute value with
1710
+ # the value from the AWS SSO identity store. For more information about
1711
+ # ABAC, see [Attribute-Based Access
1712
+ # Control](/singlesignon/latest/userguide/abac.html) in the *AWS SSO
1713
+ # User Guide*.
1714
+ #
1715
+ # @option params [required, String] :instance_arn
1716
+ # The ARN of the SSO instance under which the operation will be
1717
+ # executed.
1718
+ #
1719
+ # @option params [required, Types::InstanceAccessControlAttributeConfiguration] :instance_access_control_attribute_configuration
1720
+ # Updates the attributes for your ABAC configuration.
1721
+ #
1722
+ # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
1723
+ #
1724
+ # @example Request syntax with placeholder values
1725
+ #
1726
+ # resp = client.update_instance_access_control_attribute_configuration({
1727
+ # instance_arn: "InstanceArn", # required
1728
+ # instance_access_control_attribute_configuration: { # required
1729
+ # access_control_attributes: [ # required
1730
+ # {
1731
+ # key: "AccessControlAttributeKey", # required
1732
+ # value: { # required
1733
+ # source: ["AccessControlAttributeValueSource"], # required
1734
+ # },
1735
+ # },
1736
+ # ],
1737
+ # },
1738
+ # })
1739
+ #
1740
+ # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/UpdateInstanceAccessControlAttributeConfiguration AWS API Documentation
1741
+ #
1742
+ # @overload update_instance_access_control_attribute_configuration(params = {})
1743
+ # @param [Hash] params ({})
1744
+ def update_instance_access_control_attribute_configuration(params = {}, options = {})
1745
+ req = build_request(:update_instance_access_control_attribute_configuration, params)
1746
+ req.send_request(options)
1747
+ end
1748
+
1545
1749
  # Updates an existing permission set.
1546
1750
  #
1547
1751
  # @option params [required, String] :instance_arn
@@ -1599,7 +1803,7 @@ module Aws::SSOAdmin
1599
1803
  params: params,
1600
1804
  config: config)
1601
1805
  context[:gem_name] = 'aws-sdk-ssoadmin'
1602
- context[:gem_version] = '1.0.0'
1806
+ context[:gem_version] = '1.5.0'
1603
1807
  Seahorse::Client::Request.new(handlers, context)
1604
1808
  end
1605
1809
 
@@ -13,6 +13,12 @@ module Aws::SSOAdmin
13
13
 
14
14
  include Seahorse::Model
15
15
 
16
+ AccessControlAttribute = Shapes::StructureShape.new(name: 'AccessControlAttribute')
17
+ AccessControlAttributeKey = Shapes::StringShape.new(name: 'AccessControlAttributeKey')
18
+ AccessControlAttributeList = Shapes::ListShape.new(name: 'AccessControlAttributeList')
19
+ AccessControlAttributeValue = Shapes::StructureShape.new(name: 'AccessControlAttributeValue')
20
+ AccessControlAttributeValueSource = Shapes::StringShape.new(name: 'AccessControlAttributeValueSource')
21
+ AccessControlAttributeValueSourceList = Shapes::ListShape.new(name: 'AccessControlAttributeValueSourceList')
16
22
  AccessDeniedException = Shapes::StructureShape.new(name: 'AccessDeniedException')
17
23
  AccessDeniedExceptionMessage = Shapes::StringShape.new(name: 'AccessDeniedExceptionMessage')
18
24
  AccountAssignment = Shapes::StructureShape.new(name: 'AccountAssignment')
@@ -30,6 +36,8 @@ module Aws::SSOAdmin
30
36
  ConflictExceptionMessage = Shapes::StringShape.new(name: 'ConflictExceptionMessage')
31
37
  CreateAccountAssignmentRequest = Shapes::StructureShape.new(name: 'CreateAccountAssignmentRequest')
32
38
  CreateAccountAssignmentResponse = Shapes::StructureShape.new(name: 'CreateAccountAssignmentResponse')
39
+ CreateInstanceAccessControlAttributeConfigurationRequest = Shapes::StructureShape.new(name: 'CreateInstanceAccessControlAttributeConfigurationRequest')
40
+ CreateInstanceAccessControlAttributeConfigurationResponse = Shapes::StructureShape.new(name: 'CreateInstanceAccessControlAttributeConfigurationResponse')
33
41
  CreatePermissionSetRequest = Shapes::StructureShape.new(name: 'CreatePermissionSetRequest')
34
42
  CreatePermissionSetResponse = Shapes::StructureShape.new(name: 'CreatePermissionSetResponse')
35
43
  Date = Shapes::TimestampShape.new(name: 'Date')
@@ -37,12 +45,16 @@ module Aws::SSOAdmin
37
45
  DeleteAccountAssignmentResponse = Shapes::StructureShape.new(name: 'DeleteAccountAssignmentResponse')
38
46
  DeleteInlinePolicyFromPermissionSetRequest = Shapes::StructureShape.new(name: 'DeleteInlinePolicyFromPermissionSetRequest')
39
47
  DeleteInlinePolicyFromPermissionSetResponse = Shapes::StructureShape.new(name: 'DeleteInlinePolicyFromPermissionSetResponse')
48
+ DeleteInstanceAccessControlAttributeConfigurationRequest = Shapes::StructureShape.new(name: 'DeleteInstanceAccessControlAttributeConfigurationRequest')
49
+ DeleteInstanceAccessControlAttributeConfigurationResponse = Shapes::StructureShape.new(name: 'DeleteInstanceAccessControlAttributeConfigurationResponse')
40
50
  DeletePermissionSetRequest = Shapes::StructureShape.new(name: 'DeletePermissionSetRequest')
41
51
  DeletePermissionSetResponse = Shapes::StructureShape.new(name: 'DeletePermissionSetResponse')
42
52
  DescribeAccountAssignmentCreationStatusRequest = Shapes::StructureShape.new(name: 'DescribeAccountAssignmentCreationStatusRequest')
43
53
  DescribeAccountAssignmentCreationStatusResponse = Shapes::StructureShape.new(name: 'DescribeAccountAssignmentCreationStatusResponse')
44
54
  DescribeAccountAssignmentDeletionStatusRequest = Shapes::StructureShape.new(name: 'DescribeAccountAssignmentDeletionStatusRequest')
45
55
  DescribeAccountAssignmentDeletionStatusResponse = Shapes::StructureShape.new(name: 'DescribeAccountAssignmentDeletionStatusResponse')
56
+ DescribeInstanceAccessControlAttributeConfigurationRequest = Shapes::StructureShape.new(name: 'DescribeInstanceAccessControlAttributeConfigurationRequest')
57
+ DescribeInstanceAccessControlAttributeConfigurationResponse = Shapes::StructureShape.new(name: 'DescribeInstanceAccessControlAttributeConfigurationResponse')
46
58
  DescribePermissionSetProvisioningStatusRequest = Shapes::StructureShape.new(name: 'DescribePermissionSetProvisioningStatusRequest')
47
59
  DescribePermissionSetProvisioningStatusResponse = Shapes::StructureShape.new(name: 'DescribePermissionSetProvisioningStatusResponse')
48
60
  DescribePermissionSetRequest = Shapes::StructureShape.new(name: 'DescribePermissionSetRequest')
@@ -54,6 +66,9 @@ module Aws::SSOAdmin
54
66
  GetInlinePolicyForPermissionSetRequest = Shapes::StructureShape.new(name: 'GetInlinePolicyForPermissionSetRequest')
55
67
  GetInlinePolicyForPermissionSetResponse = Shapes::StructureShape.new(name: 'GetInlinePolicyForPermissionSetResponse')
56
68
  Id = Shapes::StringShape.new(name: 'Id')
69
+ InstanceAccessControlAttributeConfiguration = Shapes::StructureShape.new(name: 'InstanceAccessControlAttributeConfiguration')
70
+ InstanceAccessControlAttributeConfigurationStatus = Shapes::StringShape.new(name: 'InstanceAccessControlAttributeConfigurationStatus')
71
+ InstanceAccessControlAttributeConfigurationStatusReason = Shapes::StringShape.new(name: 'InstanceAccessControlAttributeConfigurationStatusReason')
57
72
  InstanceArn = Shapes::StringShape.new(name: 'InstanceArn')
58
73
  InstanceList = Shapes::ListShape.new(name: 'InstanceList')
59
74
  InstanceMetadata = Shapes::StructureShape.new(name: 'InstanceMetadata')
@@ -122,11 +137,24 @@ module Aws::SSOAdmin
122
137
  UUId = Shapes::StringShape.new(name: 'UUId')
123
138
  UntagResourceRequest = Shapes::StructureShape.new(name: 'UntagResourceRequest')
124
139
  UntagResourceResponse = Shapes::StructureShape.new(name: 'UntagResourceResponse')
140
+ UpdateInstanceAccessControlAttributeConfigurationRequest = Shapes::StructureShape.new(name: 'UpdateInstanceAccessControlAttributeConfigurationRequest')
141
+ UpdateInstanceAccessControlAttributeConfigurationResponse = Shapes::StructureShape.new(name: 'UpdateInstanceAccessControlAttributeConfigurationResponse')
125
142
  UpdatePermissionSetRequest = Shapes::StructureShape.new(name: 'UpdatePermissionSetRequest')
126
143
  UpdatePermissionSetResponse = Shapes::StructureShape.new(name: 'UpdatePermissionSetResponse')
127
144
  ValidationException = Shapes::StructureShape.new(name: 'ValidationException')
128
145
  ValidationExceptionMessage = Shapes::StringShape.new(name: 'ValidationExceptionMessage')
129
146
 
147
+ AccessControlAttribute.add_member(:key, Shapes::ShapeRef.new(shape: AccessControlAttributeKey, required: true, location_name: "Key"))
148
+ AccessControlAttribute.add_member(:value, Shapes::ShapeRef.new(shape: AccessControlAttributeValue, required: true, location_name: "Value"))
149
+ AccessControlAttribute.struct_class = Types::AccessControlAttribute
150
+
151
+ AccessControlAttributeList.member = Shapes::ShapeRef.new(shape: AccessControlAttribute)
152
+
153
+ AccessControlAttributeValue.add_member(:source, Shapes::ShapeRef.new(shape: AccessControlAttributeValueSourceList, required: true, location_name: "Source"))
154
+ AccessControlAttributeValue.struct_class = Types::AccessControlAttributeValue
155
+
156
+ AccessControlAttributeValueSourceList.member = Shapes::ShapeRef.new(shape: AccessControlAttributeValueSource)
157
+
130
158
  AccessDeniedException.add_member(:message, Shapes::ShapeRef.new(shape: AccessDeniedExceptionMessage, location_name: "Message"))
131
159
  AccessDeniedException.struct_class = Types::AccessDeniedException
132
160
 
@@ -185,6 +213,12 @@ module Aws::SSOAdmin
185
213
  CreateAccountAssignmentResponse.add_member(:account_assignment_creation_status, Shapes::ShapeRef.new(shape: AccountAssignmentOperationStatus, location_name: "AccountAssignmentCreationStatus"))
186
214
  CreateAccountAssignmentResponse.struct_class = Types::CreateAccountAssignmentResponse
187
215
 
216
+ CreateInstanceAccessControlAttributeConfigurationRequest.add_member(:instance_arn, Shapes::ShapeRef.new(shape: InstanceArn, required: true, location_name: "InstanceArn"))
217
+ CreateInstanceAccessControlAttributeConfigurationRequest.add_member(:instance_access_control_attribute_configuration, Shapes::ShapeRef.new(shape: InstanceAccessControlAttributeConfiguration, required: true, location_name: "InstanceAccessControlAttributeConfiguration"))
218
+ CreateInstanceAccessControlAttributeConfigurationRequest.struct_class = Types::CreateInstanceAccessControlAttributeConfigurationRequest
219
+
220
+ CreateInstanceAccessControlAttributeConfigurationResponse.struct_class = Types::CreateInstanceAccessControlAttributeConfigurationResponse
221
+
188
222
  CreatePermissionSetRequest.add_member(:name, Shapes::ShapeRef.new(shape: PermissionSetName, required: true, location_name: "Name"))
189
223
  CreatePermissionSetRequest.add_member(:description, Shapes::ShapeRef.new(shape: PermissionSetDescription, location_name: "Description"))
190
224
  CreatePermissionSetRequest.add_member(:instance_arn, Shapes::ShapeRef.new(shape: InstanceArn, required: true, location_name: "InstanceArn"))
@@ -213,6 +247,11 @@ module Aws::SSOAdmin
213
247
 
214
248
  DeleteInlinePolicyFromPermissionSetResponse.struct_class = Types::DeleteInlinePolicyFromPermissionSetResponse
215
249
 
250
+ DeleteInstanceAccessControlAttributeConfigurationRequest.add_member(:instance_arn, Shapes::ShapeRef.new(shape: InstanceArn, required: true, location_name: "InstanceArn"))
251
+ DeleteInstanceAccessControlAttributeConfigurationRequest.struct_class = Types::DeleteInstanceAccessControlAttributeConfigurationRequest
252
+
253
+ DeleteInstanceAccessControlAttributeConfigurationResponse.struct_class = Types::DeleteInstanceAccessControlAttributeConfigurationResponse
254
+
216
255
  DeletePermissionSetRequest.add_member(:instance_arn, Shapes::ShapeRef.new(shape: InstanceArn, required: true, location_name: "InstanceArn"))
217
256
  DeletePermissionSetRequest.add_member(:permission_set_arn, Shapes::ShapeRef.new(shape: PermissionSetArn, required: true, location_name: "PermissionSetArn"))
218
257
  DeletePermissionSetRequest.struct_class = Types::DeletePermissionSetRequest
@@ -233,6 +272,14 @@ module Aws::SSOAdmin
233
272
  DescribeAccountAssignmentDeletionStatusResponse.add_member(:account_assignment_deletion_status, Shapes::ShapeRef.new(shape: AccountAssignmentOperationStatus, location_name: "AccountAssignmentDeletionStatus"))
234
273
  DescribeAccountAssignmentDeletionStatusResponse.struct_class = Types::DescribeAccountAssignmentDeletionStatusResponse
235
274
 
275
+ DescribeInstanceAccessControlAttributeConfigurationRequest.add_member(:instance_arn, Shapes::ShapeRef.new(shape: InstanceArn, required: true, location_name: "InstanceArn"))
276
+ DescribeInstanceAccessControlAttributeConfigurationRequest.struct_class = Types::DescribeInstanceAccessControlAttributeConfigurationRequest
277
+
278
+ DescribeInstanceAccessControlAttributeConfigurationResponse.add_member(:status, Shapes::ShapeRef.new(shape: InstanceAccessControlAttributeConfigurationStatus, location_name: "Status"))
279
+ DescribeInstanceAccessControlAttributeConfigurationResponse.add_member(:status_reason, Shapes::ShapeRef.new(shape: InstanceAccessControlAttributeConfigurationStatusReason, location_name: "StatusReason"))
280
+ DescribeInstanceAccessControlAttributeConfigurationResponse.add_member(:instance_access_control_attribute_configuration, Shapes::ShapeRef.new(shape: InstanceAccessControlAttributeConfiguration, location_name: "InstanceAccessControlAttributeConfiguration"))
281
+ DescribeInstanceAccessControlAttributeConfigurationResponse.struct_class = Types::DescribeInstanceAccessControlAttributeConfigurationResponse
282
+
236
283
  DescribePermissionSetProvisioningStatusRequest.add_member(:instance_arn, Shapes::ShapeRef.new(shape: InstanceArn, required: true, location_name: "InstanceArn"))
237
284
  DescribePermissionSetProvisioningStatusRequest.add_member(:provision_permission_set_request_id, Shapes::ShapeRef.new(shape: UUId, required: true, location_name: "ProvisionPermissionSetRequestId"))
238
285
  DescribePermissionSetProvisioningStatusRequest.struct_class = Types::DescribePermissionSetProvisioningStatusRequest
@@ -261,6 +308,9 @@ module Aws::SSOAdmin
261
308
  GetInlinePolicyForPermissionSetResponse.add_member(:inline_policy, Shapes::ShapeRef.new(shape: PermissionSetPolicyDocument, location_name: "InlinePolicy"))
262
309
  GetInlinePolicyForPermissionSetResponse.struct_class = Types::GetInlinePolicyForPermissionSetResponse
263
310
 
311
+ InstanceAccessControlAttributeConfiguration.add_member(:access_control_attributes, Shapes::ShapeRef.new(shape: AccessControlAttributeList, required: true, location_name: "AccessControlAttributes"))
312
+ InstanceAccessControlAttributeConfiguration.struct_class = Types::InstanceAccessControlAttributeConfiguration
313
+
264
314
  InstanceList.member = Shapes::ShapeRef.new(shape: InstanceMetadata)
265
315
 
266
316
  InstanceMetadata.add_member(:instance_arn, Shapes::ShapeRef.new(shape: InstanceArn, location_name: "InstanceArn"))
@@ -444,6 +494,12 @@ module Aws::SSOAdmin
444
494
 
445
495
  UntagResourceResponse.struct_class = Types::UntagResourceResponse
446
496
 
497
+ UpdateInstanceAccessControlAttributeConfigurationRequest.add_member(:instance_arn, Shapes::ShapeRef.new(shape: InstanceArn, required: true, location_name: "InstanceArn"))
498
+ UpdateInstanceAccessControlAttributeConfigurationRequest.add_member(:instance_access_control_attribute_configuration, Shapes::ShapeRef.new(shape: InstanceAccessControlAttributeConfiguration, required: true, location_name: "InstanceAccessControlAttributeConfiguration"))
499
+ UpdateInstanceAccessControlAttributeConfigurationRequest.struct_class = Types::UpdateInstanceAccessControlAttributeConfigurationRequest
500
+
501
+ UpdateInstanceAccessControlAttributeConfigurationResponse.struct_class = Types::UpdateInstanceAccessControlAttributeConfigurationResponse
502
+
447
503
  UpdatePermissionSetRequest.add_member(:instance_arn, Shapes::ShapeRef.new(shape: InstanceArn, required: true, location_name: "InstanceArn"))
448
504
  UpdatePermissionSetRequest.add_member(:permission_set_arn, Shapes::ShapeRef.new(shape: PermissionSetArn, required: true, location_name: "PermissionSetArn"))
449
505
  UpdatePermissionSetRequest.add_member(:description, Shapes::ShapeRef.new(shape: PermissionSetDescription, location_name: "Description"))
@@ -506,6 +562,20 @@ module Aws::SSOAdmin
506
562
  o.errors << Shapes::ShapeRef.new(shape: ConflictException)
507
563
  end)
508
564
 
565
+ api.add_operation(:create_instance_access_control_attribute_configuration, Seahorse::Model::Operation.new.tap do |o|
566
+ o.name = "CreateInstanceAccessControlAttributeConfiguration"
567
+ o.http_method = "POST"
568
+ o.http_request_uri = "/"
569
+ o.input = Shapes::ShapeRef.new(shape: CreateInstanceAccessControlAttributeConfigurationRequest)
570
+ o.output = Shapes::ShapeRef.new(shape: CreateInstanceAccessControlAttributeConfigurationResponse)
571
+ o.errors << Shapes::ShapeRef.new(shape: InternalServerException)
572
+ o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
573
+ o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
574
+ o.errors << Shapes::ShapeRef.new(shape: ValidationException)
575
+ o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
576
+ o.errors << Shapes::ShapeRef.new(shape: ConflictException)
577
+ end)
578
+
509
579
  api.add_operation(:create_permission_set, Seahorse::Model::Operation.new.tap do |o|
510
580
  o.name = "CreatePermissionSet"
511
581
  o.http_method = "POST"
@@ -549,6 +619,20 @@ module Aws::SSOAdmin
549
619
  o.errors << Shapes::ShapeRef.new(shape: ConflictException)
550
620
  end)
551
621
 
622
+ api.add_operation(:delete_instance_access_control_attribute_configuration, Seahorse::Model::Operation.new.tap do |o|
623
+ o.name = "DeleteInstanceAccessControlAttributeConfiguration"
624
+ o.http_method = "POST"
625
+ o.http_request_uri = "/"
626
+ o.input = Shapes::ShapeRef.new(shape: DeleteInstanceAccessControlAttributeConfigurationRequest)
627
+ o.output = Shapes::ShapeRef.new(shape: DeleteInstanceAccessControlAttributeConfigurationResponse)
628
+ o.errors << Shapes::ShapeRef.new(shape: InternalServerException)
629
+ o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
630
+ o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
631
+ o.errors << Shapes::ShapeRef.new(shape: ValidationException)
632
+ o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
633
+ o.errors << Shapes::ShapeRef.new(shape: ConflictException)
634
+ end)
635
+
552
636
  api.add_operation(:delete_permission_set, Seahorse::Model::Operation.new.tap do |o|
553
637
  o.name = "DeletePermissionSet"
554
638
  o.http_method = "POST"
@@ -589,6 +673,19 @@ module Aws::SSOAdmin
589
673
  o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
590
674
  end)
591
675
 
676
+ api.add_operation(:describe_instance_access_control_attribute_configuration, Seahorse::Model::Operation.new.tap do |o|
677
+ o.name = "DescribeInstanceAccessControlAttributeConfiguration"
678
+ o.http_method = "POST"
679
+ o.http_request_uri = "/"
680
+ o.input = Shapes::ShapeRef.new(shape: DescribeInstanceAccessControlAttributeConfigurationRequest)
681
+ o.output = Shapes::ShapeRef.new(shape: DescribeInstanceAccessControlAttributeConfigurationResponse)
682
+ o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
683
+ o.errors << Shapes::ShapeRef.new(shape: InternalServerException)
684
+ o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
685
+ o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
686
+ o.errors << Shapes::ShapeRef.new(shape: ValidationException)
687
+ end)
688
+
592
689
  api.add_operation(:describe_permission_set, Seahorse::Model::Operation.new.tap do |o|
593
690
  o.name = "DescribePermissionSet"
594
691
  o.http_method = "POST"
@@ -888,6 +985,20 @@ module Aws::SSOAdmin
888
985
  o.errors << Shapes::ShapeRef.new(shape: ConflictException)
889
986
  end)
890
987
 
988
+ api.add_operation(:update_instance_access_control_attribute_configuration, Seahorse::Model::Operation.new.tap do |o|
989
+ o.name = "UpdateInstanceAccessControlAttributeConfiguration"
990
+ o.http_method = "POST"
991
+ o.http_request_uri = "/"
992
+ o.input = Shapes::ShapeRef.new(shape: UpdateInstanceAccessControlAttributeConfigurationRequest)
993
+ o.output = Shapes::ShapeRef.new(shape: UpdateInstanceAccessControlAttributeConfigurationResponse)
994
+ o.errors << Shapes::ShapeRef.new(shape: InternalServerException)
995
+ o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
996
+ o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
997
+ o.errors << Shapes::ShapeRef.new(shape: ValidationException)
998
+ o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
999
+ o.errors << Shapes::ShapeRef.new(shape: ConflictException)
1000
+ end)
1001
+
891
1002
  api.add_operation(:update_permission_set, Seahorse::Model::Operation.new.tap do |o|
892
1003
  o.name = "UpdatePermissionSet"
893
1004
  o.http_method = "POST"
@@ -10,6 +10,66 @@
10
10
  module Aws::SSOAdmin
11
11
  module Types
12
12
 
13
+ # These are AWS SSO identity store attributes that you can configure for
14
+ # use in attributes-based access control (ABAC). You can create
15
+ # permission policies that determine who can access your AWS resources
16
+ # based upon the configured attribute value(s). When you enable ABAC and
17
+ # specify AccessControlAttributes, AWS SSO passes the attribute(s) value
18
+ # of the authenticated user into IAM for use in policy evaluation.
19
+ #
20
+ # @note When making an API call, you may pass AccessControlAttribute
21
+ # data as a hash:
22
+ #
23
+ # {
24
+ # key: "AccessControlAttributeKey", # required
25
+ # value: { # required
26
+ # source: ["AccessControlAttributeValueSource"], # required
27
+ # },
28
+ # }
29
+ #
30
+ # @!attribute [rw] key
31
+ # The name of the attribute associated with your identities in your
32
+ # identity source. This is used to map a specified attribute in your
33
+ # identity source with an attribute in AWS SSO.
34
+ # @return [String]
35
+ #
36
+ # @!attribute [rw] value
37
+ # The value used for mapping a specified attribute to an identity
38
+ # source.
39
+ # @return [Types::AccessControlAttributeValue]
40
+ #
41
+ # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/AccessControlAttribute AWS API Documentation
42
+ #
43
+ class AccessControlAttribute < Struct.new(
44
+ :key,
45
+ :value)
46
+ SENSITIVE = []
47
+ include Aws::Structure
48
+ end
49
+
50
+ # The value used for mapping a specified attribute to an identity
51
+ # source.
52
+ #
53
+ # @note When making an API call, you may pass AccessControlAttributeValue
54
+ # data as a hash:
55
+ #
56
+ # {
57
+ # source: ["AccessControlAttributeValueSource"], # required
58
+ # }
59
+ #
60
+ # @!attribute [rw] source
61
+ # The identity source to use when mapping a specified attribute to AWS
62
+ # SSO.
63
+ # @return [Array<String>]
64
+ #
65
+ # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/AccessControlAttributeValue AWS API Documentation
66
+ #
67
+ class AccessControlAttributeValue < Struct.new(
68
+ :source)
69
+ SENSITIVE = []
70
+ include Aws::Structure
71
+ end
72
+
13
73
  # You do not have sufficient access to perform this action.
14
74
  #
15
75
  # @!attribute [rw] message
@@ -47,7 +107,11 @@ module Aws::SSOAdmin
47
107
  # @return [String]
48
108
  #
49
109
  # @!attribute [rw] principal_id
50
- # The identifier of the principal.
110
+ # An identifier for an object in AWS SSO, such as a user or group.
111
+ # PrincipalIds are GUIDs (For example,
112
+ # f81d4fae-7dec-11d0-a765-00a0c91e6bf6). For more information about
113
+ # PrincipalIds in AWS SSO, see the [AWS SSO Identity Store API
114
+ # Reference](/singlesignon/latest/IdentityStoreAPIReference/welcome.html).
51
115
  # @return [String]
52
116
  #
53
117
  # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/AccountAssignment AWS API Documentation
@@ -79,7 +143,8 @@ module Aws::SSOAdmin
79
143
  # @return [String]
80
144
  #
81
145
  # @!attribute [rw] target_id
82
- # The identifier for the chosen target.
146
+ # TargetID is an AWS account identifier, typically a 10-12 digit
147
+ # string (For example, 123456789012).
83
148
  # @return [String]
84
149
  #
85
150
  # @!attribute [rw] target_type
@@ -98,7 +163,11 @@ module Aws::SSOAdmin
98
163
  # @return [String]
99
164
  #
100
165
  # @!attribute [rw] principal_id
101
- # The identifier of the principal.
166
+ # An identifier for an object in AWS SSO, such as a user or group.
167
+ # PrincipalIds are GUIDs (For example,
168
+ # f81d4fae-7dec-11d0-a765-00a0c91e6bf6). For more information about
169
+ # PrincipalIds in AWS SSO, see the [AWS SSO Identity Store API
170
+ # Reference](/singlesignon/latest/IdentityStoreAPIReference/welcome.html).
102
171
  # @return [String]
103
172
  #
104
173
  # @!attribute [rw] created_date
@@ -246,7 +315,8 @@ module Aws::SSOAdmin
246
315
  # @return [String]
247
316
  #
248
317
  # @!attribute [rw] target_id
249
- # The identifier for the chosen target.
318
+ # TargetID is an AWS account identifier, typically a 10-12 digit
319
+ # string (For example, 123456789012).
250
320
  # @return [String]
251
321
  #
252
322
  # @!attribute [rw] target_type
@@ -263,7 +333,11 @@ module Aws::SSOAdmin
263
333
  # @return [String]
264
334
  #
265
335
  # @!attribute [rw] principal_id
266
- # The identifier of the principal.
336
+ # An identifier for an object in AWS SSO, such as a user or group.
337
+ # PrincipalIds are GUIDs (For example,
338
+ # f81d4fae-7dec-11d0-a765-00a0c91e6bf6). For more information about
339
+ # PrincipalIds in AWS SSO, see the [AWS SSO Identity Store API
340
+ # Reference](/singlesignon/latest/IdentityStoreAPIReference/welcome.html).
267
341
  # @return [String]
268
342
  #
269
343
  # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/CreateAccountAssignmentRequest AWS API Documentation
@@ -291,6 +365,51 @@ module Aws::SSOAdmin
291
365
  include Aws::Structure
292
366
  end
293
367
 
368
+ # @note When making an API call, you may pass CreateInstanceAccessControlAttributeConfigurationRequest
369
+ # data as a hash:
370
+ #
371
+ # {
372
+ # instance_arn: "InstanceArn", # required
373
+ # instance_access_control_attribute_configuration: { # required
374
+ # access_control_attributes: [ # required
375
+ # {
376
+ # key: "AccessControlAttributeKey", # required
377
+ # value: { # required
378
+ # source: ["AccessControlAttributeValueSource"], # required
379
+ # },
380
+ # },
381
+ # ],
382
+ # },
383
+ # }
384
+ #
385
+ # @!attribute [rw] instance_arn
386
+ # The ARN of the SSO instance under which the operation will be
387
+ # executed.
388
+ # @return [String]
389
+ #
390
+ # @!attribute [rw] instance_access_control_attribute_configuration
391
+ # Specifies the AWS SSO identity store attributes to add to your ABAC
392
+ # configuration. When using an external identity provider as an
393
+ # identity source, you can pass attributes through the SAML assertion
394
+ # as an alternative to configuring attributes from the AWS SSO
395
+ # identity store. If a SAML assertion passes any of these attributes,
396
+ # AWS SSO will replace the attribute value with the value from the AWS
397
+ # SSO identity store.
398
+ # @return [Types::InstanceAccessControlAttributeConfiguration]
399
+ #
400
+ # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/CreateInstanceAccessControlAttributeConfigurationRequest AWS API Documentation
401
+ #
402
+ class CreateInstanceAccessControlAttributeConfigurationRequest < Struct.new(
403
+ :instance_arn,
404
+ :instance_access_control_attribute_configuration)
405
+ SENSITIVE = []
406
+ include Aws::Structure
407
+ end
408
+
409
+ # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/CreateInstanceAccessControlAttributeConfigurationResponse AWS API Documentation
410
+ #
411
+ class CreateInstanceAccessControlAttributeConfigurationResponse < Aws::EmptyStructure; end
412
+
294
413
  # @note When making an API call, you may pass CreatePermissionSetRequest
295
414
  # data as a hash:
296
415
  #
@@ -384,7 +503,8 @@ module Aws::SSOAdmin
384
503
  # @return [String]
385
504
  #
386
505
  # @!attribute [rw] target_id
387
- # The identifier for the chosen target.
506
+ # TargetID is an AWS account identifier, typically a 10-12 digit
507
+ # string (For example, 123456789012).
388
508
  # @return [String]
389
509
  #
390
510
  # @!attribute [rw] target_type
@@ -400,7 +520,11 @@ module Aws::SSOAdmin
400
520
  # @return [String]
401
521
  #
402
522
  # @!attribute [rw] principal_id
403
- # The identifier of the principal.
523
+ # An identifier for an object in AWS SSO, such as a user or group.
524
+ # PrincipalIds are GUIDs (For example,
525
+ # f81d4fae-7dec-11d0-a765-00a0c91e6bf6). For more information about
526
+ # PrincipalIds in AWS SSO, see the [AWS SSO Identity Store API
527
+ # Reference](/singlesignon/latest/IdentityStoreAPIReference/welcome.html).
404
528
  # @return [String]
405
529
  #
406
530
  # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/DeleteAccountAssignmentRequest AWS API Documentation
@@ -461,6 +585,30 @@ module Aws::SSOAdmin
461
585
  #
462
586
  class DeleteInlinePolicyFromPermissionSetResponse < Aws::EmptyStructure; end
463
587
 
588
+ # @note When making an API call, you may pass DeleteInstanceAccessControlAttributeConfigurationRequest
589
+ # data as a hash:
590
+ #
591
+ # {
592
+ # instance_arn: "InstanceArn", # required
593
+ # }
594
+ #
595
+ # @!attribute [rw] instance_arn
596
+ # The ARN of the SSO instance under which the operation will be
597
+ # executed.
598
+ # @return [String]
599
+ #
600
+ # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/DeleteInstanceAccessControlAttributeConfigurationRequest AWS API Documentation
601
+ #
602
+ class DeleteInstanceAccessControlAttributeConfigurationRequest < Struct.new(
603
+ :instance_arn)
604
+ SENSITIVE = []
605
+ include Aws::Structure
606
+ end
607
+
608
+ # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/DeleteInstanceAccessControlAttributeConfigurationResponse AWS API Documentation
609
+ #
610
+ class DeleteInstanceAccessControlAttributeConfigurationResponse < Aws::EmptyStructure; end
611
+
464
612
  # @note When making an API call, you may pass DeletePermissionSetRequest
465
613
  # data as a hash:
466
614
  #
@@ -576,6 +724,50 @@ module Aws::SSOAdmin
576
724
  include Aws::Structure
577
725
  end
578
726
 
727
+ # @note When making an API call, you may pass DescribeInstanceAccessControlAttributeConfigurationRequest
728
+ # data as a hash:
729
+ #
730
+ # {
731
+ # instance_arn: "InstanceArn", # required
732
+ # }
733
+ #
734
+ # @!attribute [rw] instance_arn
735
+ # The ARN of the SSO instance under which the operation will be
736
+ # executed.
737
+ # @return [String]
738
+ #
739
+ # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/DescribeInstanceAccessControlAttributeConfigurationRequest AWS API Documentation
740
+ #
741
+ class DescribeInstanceAccessControlAttributeConfigurationRequest < Struct.new(
742
+ :instance_arn)
743
+ SENSITIVE = []
744
+ include Aws::Structure
745
+ end
746
+
747
+ # @!attribute [rw] status
748
+ # The status of the attribute configuration process.
749
+ # @return [String]
750
+ #
751
+ # @!attribute [rw] status_reason
752
+ # Provides more details about the current status of the specified
753
+ # attribute.
754
+ # @return [String]
755
+ #
756
+ # @!attribute [rw] instance_access_control_attribute_configuration
757
+ # Gets the list of AWS SSO identity store attributes added to your
758
+ # ABAC configuration.
759
+ # @return [Types::InstanceAccessControlAttributeConfiguration]
760
+ #
761
+ # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/DescribeInstanceAccessControlAttributeConfigurationResponse AWS API Documentation
762
+ #
763
+ class DescribeInstanceAccessControlAttributeConfigurationResponse < Struct.new(
764
+ :status,
765
+ :status_reason,
766
+ :instance_access_control_attribute_configuration)
767
+ SENSITIVE = []
768
+ include Aws::Structure
769
+ end
770
+
579
771
  # @note When making an API call, you may pass DescribePermissionSetProvisioningStatusRequest
580
772
  # data as a hash:
581
773
  #
@@ -740,6 +932,36 @@ module Aws::SSOAdmin
740
932
  include Aws::Structure
741
933
  end
742
934
 
935
+ # Specifies the attributes to add to your attribute-based access control
936
+ # (ABAC) configuration.
937
+ #
938
+ # @note When making an API call, you may pass InstanceAccessControlAttributeConfiguration
939
+ # data as a hash:
940
+ #
941
+ # {
942
+ # access_control_attributes: [ # required
943
+ # {
944
+ # key: "AccessControlAttributeKey", # required
945
+ # value: { # required
946
+ # source: ["AccessControlAttributeValueSource"], # required
947
+ # },
948
+ # },
949
+ # ],
950
+ # }
951
+ #
952
+ # @!attribute [rw] access_control_attributes
953
+ # Lists the attributes that are configured for ABAC in the specified
954
+ # AWS SSO instance.
955
+ # @return [Array<Types::AccessControlAttribute>]
956
+ #
957
+ # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/InstanceAccessControlAttributeConfiguration AWS API Documentation
958
+ #
959
+ class InstanceAccessControlAttributeConfiguration < Struct.new(
960
+ :access_control_attributes)
961
+ SENSITIVE = []
962
+ include Aws::Structure
963
+ end
964
+
743
965
  # Provides information about the SSO instance.
744
966
  #
745
967
  # @!attribute [rw] instance_arn
@@ -1537,7 +1759,8 @@ module Aws::SSOAdmin
1537
1759
  # @return [String]
1538
1760
  #
1539
1761
  # @!attribute [rw] target_id
1540
- # The identifier for the chosen target.
1762
+ # TargetID is an AWS account identifier, typically a 10-12 digit
1763
+ # string (For example, 123456789012).
1541
1764
  # @return [String]
1542
1765
  #
1543
1766
  # @!attribute [rw] target_type
@@ -1759,6 +1982,45 @@ module Aws::SSOAdmin
1759
1982
  #
1760
1983
  class UntagResourceResponse < Aws::EmptyStructure; end
1761
1984
 
1985
+ # @note When making an API call, you may pass UpdateInstanceAccessControlAttributeConfigurationRequest
1986
+ # data as a hash:
1987
+ #
1988
+ # {
1989
+ # instance_arn: "InstanceArn", # required
1990
+ # instance_access_control_attribute_configuration: { # required
1991
+ # access_control_attributes: [ # required
1992
+ # {
1993
+ # key: "AccessControlAttributeKey", # required
1994
+ # value: { # required
1995
+ # source: ["AccessControlAttributeValueSource"], # required
1996
+ # },
1997
+ # },
1998
+ # ],
1999
+ # },
2000
+ # }
2001
+ #
2002
+ # @!attribute [rw] instance_arn
2003
+ # The ARN of the SSO instance under which the operation will be
2004
+ # executed.
2005
+ # @return [String]
2006
+ #
2007
+ # @!attribute [rw] instance_access_control_attribute_configuration
2008
+ # Updates the attributes for your ABAC configuration.
2009
+ # @return [Types::InstanceAccessControlAttributeConfiguration]
2010
+ #
2011
+ # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/UpdateInstanceAccessControlAttributeConfigurationRequest AWS API Documentation
2012
+ #
2013
+ class UpdateInstanceAccessControlAttributeConfigurationRequest < Struct.new(
2014
+ :instance_arn,
2015
+ :instance_access_control_attribute_configuration)
2016
+ SENSITIVE = []
2017
+ include Aws::Structure
2018
+ end
2019
+
2020
+ # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/UpdateInstanceAccessControlAttributeConfigurationResponse AWS API Documentation
2021
+ #
2022
+ class UpdateInstanceAccessControlAttributeConfigurationResponse < Aws::EmptyStructure; end
2023
+
1762
2024
  # @note When making an API call, you may pass UpdatePermissionSetRequest
1763
2025
  # data as a hash:
1764
2026
  #
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: aws-sdk-ssoadmin
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.0
4
+ version: 1.5.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Amazon Web Services
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-09-10 00:00:00.000000000 Z
11
+ date: 2021-02-02 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aws-sdk-core
@@ -19,7 +19,7 @@ dependencies:
19
19
  version: '3'
20
20
  - - ">="
21
21
  - !ruby/object:Gem::Version
22
- version: 3.99.0
22
+ version: 3.112.0
23
23
  type: :runtime
24
24
  prerelease: false
25
25
  version_requirements: !ruby/object:Gem::Requirement
@@ -29,7 +29,7 @@ dependencies:
29
29
  version: '3'
30
30
  - - ">="
31
31
  - !ruby/object:Gem::Version
32
- version: 3.99.0
32
+ version: 3.112.0
33
33
  - !ruby/object:Gem::Dependency
34
34
  name: aws-sigv4
35
35
  requirement: !ruby/object:Gem::Requirement