RubyGems - aws-sdk-ssoadmin - Versions diffs - 1.0.0 → 1.5.0 - Mend

aws-sdk-ssoadmin 1.0.0 → 1.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

checksums.yaml +4 -4
data/lib/aws-sdk-ssoadmin.rb +2 -1
data/lib/aws-sdk-ssoadmin/client.rb +210 -6
data/lib/aws-sdk-ssoadmin/client_api.rb +111 -0
data/lib/aws-sdk-ssoadmin/types.rb +270 -8
metadata +4 -4

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 78d783a645187efcf7dce2479fc3fe2a1d351075628a297a7b3289d724d99b6e
-  data.tar.gz: 1b8c5e150cb4eeddd208a37b6e213207fd93429a8ddd040c566d0357178c20f1
+  metadata.gz: e07a29693cb8e03889e5dce716990d04b7ac038dad09bebcb8c902be40d36631
+  data.tar.gz: 8c567ab0105278b17b9ac847e6160d9c3d5d62fdbeb716eeacb0db4a091da315
 SHA512:
-  metadata.gz: 92985c1203c9f42d6dbac2b7b53dd58be3bbf45bd5182f49e1fa05bbb5406bcacacda821013a6f477a951d02177003953a2bcc4354a223019d2abea9d52cd5fa
-  data.tar.gz: 82841762be02e70d77f0fa2a977995c2fd918d9b3cc304430b560e2b5b5d5ea27ccd6dce9b3af5409273d9dae8bb4a0154c91c5caf4505910449bf3270f1a2fb
+  metadata.gz: 7fa248ad13c651f9b1aa6fe378462b39147fc539006fc918fa3b1b31dd666029bcebdc42ae19cdf3c4ba59b326b49b0597ca40758425b066cb66e99f5afeedb7
+  data.tar.gz: 632241cbb2d94cc4011b7311123dcf9b18c98ee380acd6dc3e5ecef42215f77b4a8da24895598a261a8cc390546576d1ce6264f2d1e8173a330a0b22a39a87ea

data/lib/aws-sdk-ssoadmin.rb CHANGED Viewed

@@ -7,6 +7,7 @@
 #
 # WARNING ABOUT GENERATED CODE
 require 'aws-sdk-core'
 require 'aws-sigv4'
@@ -47,6 +48,6 @@ require_relative 'aws-sdk-ssoadmin/customizations'
 # @!group service
 module Aws::SSOAdmin
-  GEM_VERSION = '1.0.0'
+  GEM_VERSION = '1.5.0'
 end

data/lib/aws-sdk-ssoadmin/client.rb CHANGED Viewed

@@ -339,6 +339,13 @@ module Aws::SSOAdmin
     # Attaches an IAM managed policy ARN to a permission set.
     #
+    # <note markdown="1"> If the permission set is already referenced by one or more account
+    # assignments, you will need to call ` ProvisionPermissionSet ` after
+    # this action to apply the corresponding IAM policy updates to all
+    # assigned accounts.
+    #
+    #  </note>
+    #
     # @option params [required, String] :instance_arn
     #   The ARN of the SSO instance under which the operation will be
     #   executed. For more information about ARNs, see [Amazon Resource Names
@@ -380,6 +387,16 @@ module Aws::SSOAdmin
     #
     #  </note>
     #
+    # <note markdown="1"> As part of a successful `CreateAccountAssignment` call, the specified
+    # permission set will automatically be provisioned to the account in the
+    # form of an IAM policy attached to the SSO-created IAM role. If the
+    # permission set is subsequently updated, the corresponding IAM policies
+    # attached to roles in your accounts will not be updated automatically.
+    # In this case, you will need to call ` ProvisionPermissionSet ` to make
+    # these updates.
+    #
+    #  </note>
+    #
     # @option params [required, String] :instance_arn
     #   The ARN of the SSO instance under which the operation will be
     #   executed. For more information about ARNs, see [Amazon Resource Names
@@ -388,7 +405,8 @@ module Aws::SSOAdmin
     #   *AWS General Reference*.
     #
     # @option params [required, String] :target_id
-    #   The identifier for the chosen target.
+    #   TargetID is an AWS account identifier, typically a 10-12 digit string
+    #   (For example, 123456789012).
     #
     # @option params [required, String] :target_type
     #   The entity type for which the assignment will be created.
@@ -401,7 +419,11 @@ module Aws::SSOAdmin
     #   The entity type for which the assignment will be created.
     #
     # @option params [required, String] :principal_id
-    #   The identifier of the principal.
+    #   An identifier for an object in AWS SSO, such as a user or group.
+    #   PrincipalIds are GUIDs (For example,
+    #   f81d4fae-7dec-11d0-a765-00a0c91e6bf6). For more information about
+    #   PrincipalIds in AWS SSO, see the [AWS SSO Identity Store API
+    #   Reference](/singlesignon/latest/IdentityStoreAPIReference/welcome.html).
     #
     # @return [Types::CreateAccountAssignmentResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -439,8 +461,60 @@ module Aws::SSOAdmin
       req.send_request(options)
     end
+    # Enables the attributes-based access control (ABAC) feature for the
+    # specified AWS SSO instance. You can also specify new attributes to add
+    # to your ABAC configuration during the enabling process. For more
+    # information about ABAC, see [Attribute-Based Access
+    # Control](/singlesignon/latest/userguide/abac.html) in the *AWS SSO
+    # User Guide*.
+    #
+    # @option params [required, String] :instance_arn
+    #   The ARN of the SSO instance under which the operation will be
+    #   executed.
+    #
+    # @option params [required, Types::InstanceAccessControlAttributeConfiguration] :instance_access_control_attribute_configuration
+    #   Specifies the AWS SSO identity store attributes to add to your ABAC
+    #   configuration. When using an external identity provider as an identity
+    #   source, you can pass attributes through the SAML assertion as an
+    #   alternative to configuring attributes from the AWS SSO identity store.
+    #   If a SAML assertion passes any of these attributes, AWS SSO will
+    #   replace the attribute value with the value from the AWS SSO identity
+    #   store.
+    #
+    # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.create_instance_access_control_attribute_configuration({
+    #     instance_arn: "InstanceArn", # required
+    #     instance_access_control_attribute_configuration: { # required
+    #       access_control_attributes: [ # required
+    #         {
+    #           key: "AccessControlAttributeKey", # required
+    #           value: { # required
+    #             source: ["AccessControlAttributeValueSource"], # required
+    #           },
+    #         },
+    #       ],
+    #     },
+    #   })
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/CreateInstanceAccessControlAttributeConfiguration AWS API Documentation
+    #
+    # @overload create_instance_access_control_attribute_configuration(params = {})
+    # @param [Hash] params ({})
+    def create_instance_access_control_attribute_configuration(params = {}, options = {})
+      req = build_request(:create_instance_access_control_attribute_configuration, params)
+      req.send_request(options)
+    end
     # Creates a permission set within a specified SSO instance.
     #
+    # <note markdown="1"> To grant users and groups access to AWS account resources, use `
+    # CreateAccountAssignment `.
+    #
+    #  </note>
+    #
     # @option params [required, String] :name
     #   The name of the PermissionSet.
     #
@@ -514,7 +588,8 @@ module Aws::SSOAdmin
     #   *AWS General Reference*.
     #
     # @option params [required, String] :target_id
-    #   The identifier for the chosen target.
+    #   TargetID is an AWS account identifier, typically a 10-12 digit string
+    #   (For example, 123456789012).
     #
     # @option params [required, String] :target_type
     #   The entity type for which the assignment will be deleted.
@@ -526,7 +601,11 @@ module Aws::SSOAdmin
     #   The entity type for which the assignment will be deleted.
     #
     # @option params [required, String] :principal_id
-    #   The identifier of the principal.
+    #   An identifier for an object in AWS SSO, such as a user or group.
+    #   PrincipalIds are GUIDs (For example,
+    #   f81d4fae-7dec-11d0-a765-00a0c91e6bf6). For more information about
+    #   PrincipalIds in AWS SSO, see the [AWS SSO Identity Store API
+    #   Reference](/singlesignon/latest/IdentityStoreAPIReference/welcome.html).
     #
     # @return [Types::DeleteAccountAssignmentResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -594,6 +673,36 @@ module Aws::SSOAdmin
       req.send_request(options)
     end
+    # Disables the attributes-based access control (ABAC) feature for the
+    # specified AWS SSO instance and deletes all of the attribute mappings
+    # that have been configured. Once deleted, any attributes that are
+    # received from an identity source and any custom attributes you have
+    # previously configured will not be passed. For more information about
+    # ABAC, see [Attribute-Based Access
+    # Control](/singlesignon/latest/userguide/abac.html) in the *AWS SSO
+    # User Guide*.
+    #
+    # @option params [required, String] :instance_arn
+    #   The ARN of the SSO instance under which the operation will be
+    #   executed.
+    #
+    # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.delete_instance_access_control_attribute_configuration({
+    #     instance_arn: "InstanceArn", # required
+    #   })
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/DeleteInstanceAccessControlAttributeConfiguration AWS API Documentation
+    #
+    # @overload delete_instance_access_control_attribute_configuration(params = {})
+    # @param [Hash] params ({})
+    def delete_instance_access_control_attribute_configuration(params = {}, options = {})
+      req = build_request(:delete_instance_access_control_attribute_configuration, params)
+      req.send_request(options)
+    end
     # Deletes the specified permission set.
     #
     # @option params [required, String] :instance_arn
@@ -712,6 +821,48 @@ module Aws::SSOAdmin
       req.send_request(options)
     end
+    # Returns the list of AWS SSO identity store attributes that have been
+    # configured to work with attributes-based access control (ABAC) for the
+    # specified AWS SSO instance. This will not return attributes configured
+    # and sent by an external identity provider. For more information about
+    # ABAC, see [Attribute-Based Access
+    # Control](/singlesignon/latest/userguide/abac.html) in the *AWS SSO
+    # User Guide*.
+    #
+    # @option params [required, String] :instance_arn
+    #   The ARN of the SSO instance under which the operation will be
+    #   executed.
+    #
+    # @return [Types::DescribeInstanceAccessControlAttributeConfigurationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::DescribeInstanceAccessControlAttributeConfigurationResponse#status #status} => String
+    #   * {Types::DescribeInstanceAccessControlAttributeConfigurationResponse#status_reason #status_reason} => String
+    #   * {Types::DescribeInstanceAccessControlAttributeConfigurationResponse#instance_access_control_attribute_configuration #instance_access_control_attribute_configuration} => Types::InstanceAccessControlAttributeConfiguration
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.describe_instance_access_control_attribute_configuration({
+    #     instance_arn: "InstanceArn", # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.status #=> String, one of "ENABLED", "CREATION_IN_PROGRESS", "CREATION_FAILED"
+    #   resp.status_reason #=> String
+    #   resp.instance_access_control_attribute_configuration.access_control_attributes #=> Array
+    #   resp.instance_access_control_attribute_configuration.access_control_attributes[0].key #=> String
+    #   resp.instance_access_control_attribute_configuration.access_control_attributes[0].value.source #=> Array
+    #   resp.instance_access_control_attribute_configuration.access_control_attributes[0].value.source[0] #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/DescribeInstanceAccessControlAttributeConfiguration AWS API Documentation
+    #
+    # @overload describe_instance_access_control_attribute_configuration(params = {})
+    # @param [Hash] params ({})
+    def describe_instance_access_control_attribute_configuration(params = {}, options = {})
+      req = build_request(:describe_instance_access_control_attribute_configuration, params)
+      req.send_request(options)
+    end
     # Gets the details of the permission set.
     #
     # @option params [required, String] :instance_arn
@@ -1399,7 +1550,8 @@ module Aws::SSOAdmin
     #   The ARN of the permission set.
     #
     # @option params [String] :target_id
-    #   The identifier for the chosen target.
+    #   TargetID is an AWS account identifier, typically a 10-12 digit string
+    #   (For example, 123456789012).
     #
     # @option params [required, String] :target_type
     #   The entity type for which the assignment will be created.
@@ -1437,6 +1589,13 @@ module Aws::SSOAdmin
     # Attaches an IAM inline policy to a permission set.
     #
+    # <note markdown="1"> If the permission set is already referenced by one or more account
+    # assignments, you will need to call ` ProvisionPermissionSet ` after
+    # this action to apply the corresponding IAM policy updates to all
+    # assigned accounts.
+    #
+    #  </note>
+    #
     # @option params [required, String] :instance_arn
     #   The ARN of the SSO instance under which the operation will be
     #   executed. For more information about ARNs, see [Amazon Resource Names
@@ -1542,6 +1701,51 @@ module Aws::SSOAdmin
       req.send_request(options)
     end
+    # Updates the AWS SSO identity store attributes to use with the AWS SSO
+    # instance for attributes-based access control (ABAC). When using an
+    # external identity provider as an identity source, you can pass
+    # attributes through the SAML assertion as an alternative to configuring
+    # attributes from the AWS SSO identity store. If a SAML assertion passes
+    # any of these attributes, AWS SSO will replace the attribute value with
+    # the value from the AWS SSO identity store. For more information about
+    # ABAC, see [Attribute-Based Access
+    # Control](/singlesignon/latest/userguide/abac.html) in the *AWS SSO
+    # User Guide*.
+    #
+    # @option params [required, String] :instance_arn
+    #   The ARN of the SSO instance under which the operation will be
+    #   executed.
+    #
+    # @option params [required, Types::InstanceAccessControlAttributeConfiguration] :instance_access_control_attribute_configuration
+    #   Updates the attributes for your ABAC configuration.
+    #
+    # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.update_instance_access_control_attribute_configuration({
+    #     instance_arn: "InstanceArn", # required
+    #     instance_access_control_attribute_configuration: { # required
+    #       access_control_attributes: [ # required
+    #         {
+    #           key: "AccessControlAttributeKey", # required
+    #           value: { # required
+    #             source: ["AccessControlAttributeValueSource"], # required
+    #           },
+    #         },
+    #       ],
+    #     },
+    #   })
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/UpdateInstanceAccessControlAttributeConfiguration AWS API Documentation
+    #
+    # @overload update_instance_access_control_attribute_configuration(params = {})
+    # @param [Hash] params ({})
+    def update_instance_access_control_attribute_configuration(params = {}, options = {})
+      req = build_request(:update_instance_access_control_attribute_configuration, params)
+      req.send_request(options)
+    end
     # Updates an existing permission set.
     #
     # @option params [required, String] :instance_arn
@@ -1599,7 +1803,7 @@ module Aws::SSOAdmin
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-ssoadmin'
-      context[:gem_version] = '1.0.0'
+      context[:gem_version] = '1.5.0'
       Seahorse::Client::Request.new(handlers, context)
     end

data/lib/aws-sdk-ssoadmin/client_api.rb CHANGED Viewed

@@ -13,6 +13,12 @@ module Aws::SSOAdmin
     include Seahorse::Model
+    AccessControlAttribute = Shapes::StructureShape.new(name: 'AccessControlAttribute')
+    AccessControlAttributeKey = Shapes::StringShape.new(name: 'AccessControlAttributeKey')
+    AccessControlAttributeList = Shapes::ListShape.new(name: 'AccessControlAttributeList')
+    AccessControlAttributeValue = Shapes::StructureShape.new(name: 'AccessControlAttributeValue')
+    AccessControlAttributeValueSource = Shapes::StringShape.new(name: 'AccessControlAttributeValueSource')
+    AccessControlAttributeValueSourceList = Shapes::ListShape.new(name: 'AccessControlAttributeValueSourceList')
     AccessDeniedException = Shapes::StructureShape.new(name: 'AccessDeniedException')
     AccessDeniedExceptionMessage = Shapes::StringShape.new(name: 'AccessDeniedExceptionMessage')
     AccountAssignment = Shapes::StructureShape.new(name: 'AccountAssignment')
@@ -30,6 +36,8 @@ module Aws::SSOAdmin
     ConflictExceptionMessage = Shapes::StringShape.new(name: 'ConflictExceptionMessage')
     CreateAccountAssignmentRequest = Shapes::StructureShape.new(name: 'CreateAccountAssignmentRequest')
     CreateAccountAssignmentResponse = Shapes::StructureShape.new(name: 'CreateAccountAssignmentResponse')
+    CreateInstanceAccessControlAttributeConfigurationRequest = Shapes::StructureShape.new(name: 'CreateInstanceAccessControlAttributeConfigurationRequest')
+    CreateInstanceAccessControlAttributeConfigurationResponse = Shapes::StructureShape.new(name: 'CreateInstanceAccessControlAttributeConfigurationResponse')
     CreatePermissionSetRequest = Shapes::StructureShape.new(name: 'CreatePermissionSetRequest')
     CreatePermissionSetResponse = Shapes::StructureShape.new(name: 'CreatePermissionSetResponse')
     Date = Shapes::TimestampShape.new(name: 'Date')
@@ -37,12 +45,16 @@ module Aws::SSOAdmin
     DeleteAccountAssignmentResponse = Shapes::StructureShape.new(name: 'DeleteAccountAssignmentResponse')
     DeleteInlinePolicyFromPermissionSetRequest = Shapes::StructureShape.new(name: 'DeleteInlinePolicyFromPermissionSetRequest')
     DeleteInlinePolicyFromPermissionSetResponse = Shapes::StructureShape.new(name: 'DeleteInlinePolicyFromPermissionSetResponse')
+    DeleteInstanceAccessControlAttributeConfigurationRequest = Shapes::StructureShape.new(name: 'DeleteInstanceAccessControlAttributeConfigurationRequest')
+    DeleteInstanceAccessControlAttributeConfigurationResponse = Shapes::StructureShape.new(name: 'DeleteInstanceAccessControlAttributeConfigurationResponse')
     DeletePermissionSetRequest = Shapes::StructureShape.new(name: 'DeletePermissionSetRequest')
     DeletePermissionSetResponse = Shapes::StructureShape.new(name: 'DeletePermissionSetResponse')
     DescribeAccountAssignmentCreationStatusRequest = Shapes::StructureShape.new(name: 'DescribeAccountAssignmentCreationStatusRequest')
     DescribeAccountAssignmentCreationStatusResponse = Shapes::StructureShape.new(name: 'DescribeAccountAssignmentCreationStatusResponse')
     DescribeAccountAssignmentDeletionStatusRequest = Shapes::StructureShape.new(name: 'DescribeAccountAssignmentDeletionStatusRequest')
     DescribeAccountAssignmentDeletionStatusResponse = Shapes::StructureShape.new(name: 'DescribeAccountAssignmentDeletionStatusResponse')
+    DescribeInstanceAccessControlAttributeConfigurationRequest = Shapes::StructureShape.new(name: 'DescribeInstanceAccessControlAttributeConfigurationRequest')
+    DescribeInstanceAccessControlAttributeConfigurationResponse = Shapes::StructureShape.new(name: 'DescribeInstanceAccessControlAttributeConfigurationResponse')
     DescribePermissionSetProvisioningStatusRequest = Shapes::StructureShape.new(name: 'DescribePermissionSetProvisioningStatusRequest')
     DescribePermissionSetProvisioningStatusResponse = Shapes::StructureShape.new(name: 'DescribePermissionSetProvisioningStatusResponse')
     DescribePermissionSetRequest = Shapes::StructureShape.new(name: 'DescribePermissionSetRequest')
@@ -54,6 +66,9 @@ module Aws::SSOAdmin
     GetInlinePolicyForPermissionSetRequest = Shapes::StructureShape.new(name: 'GetInlinePolicyForPermissionSetRequest')
     GetInlinePolicyForPermissionSetResponse = Shapes::StructureShape.new(name: 'GetInlinePolicyForPermissionSetResponse')
     Id = Shapes::StringShape.new(name: 'Id')
+    InstanceAccessControlAttributeConfiguration = Shapes::StructureShape.new(name: 'InstanceAccessControlAttributeConfiguration')
+    InstanceAccessControlAttributeConfigurationStatus = Shapes::StringShape.new(name: 'InstanceAccessControlAttributeConfigurationStatus')
+    InstanceAccessControlAttributeConfigurationStatusReason = Shapes::StringShape.new(name: 'InstanceAccessControlAttributeConfigurationStatusReason')
     InstanceArn = Shapes::StringShape.new(name: 'InstanceArn')
     InstanceList = Shapes::ListShape.new(name: 'InstanceList')
     InstanceMetadata = Shapes::StructureShape.new(name: 'InstanceMetadata')
@@ -122,11 +137,24 @@ module Aws::SSOAdmin
     UUId = Shapes::StringShape.new(name: 'UUId')
     UntagResourceRequest = Shapes::StructureShape.new(name: 'UntagResourceRequest')
     UntagResourceResponse = Shapes::StructureShape.new(name: 'UntagResourceResponse')
+    UpdateInstanceAccessControlAttributeConfigurationRequest = Shapes::StructureShape.new(name: 'UpdateInstanceAccessControlAttributeConfigurationRequest')
+    UpdateInstanceAccessControlAttributeConfigurationResponse = Shapes::StructureShape.new(name: 'UpdateInstanceAccessControlAttributeConfigurationResponse')
     UpdatePermissionSetRequest = Shapes::StructureShape.new(name: 'UpdatePermissionSetRequest')
     UpdatePermissionSetResponse = Shapes::StructureShape.new(name: 'UpdatePermissionSetResponse')
     ValidationException = Shapes::StructureShape.new(name: 'ValidationException')
     ValidationExceptionMessage = Shapes::StringShape.new(name: 'ValidationExceptionMessage')
+    AccessControlAttribute.add_member(:key, Shapes::ShapeRef.new(shape: AccessControlAttributeKey, required: true, location_name: "Key"))
+    AccessControlAttribute.add_member(:value, Shapes::ShapeRef.new(shape: AccessControlAttributeValue, required: true, location_name: "Value"))
+    AccessControlAttribute.struct_class = Types::AccessControlAttribute
+    AccessControlAttributeList.member = Shapes::ShapeRef.new(shape: AccessControlAttribute)
+    AccessControlAttributeValue.add_member(:source, Shapes::ShapeRef.new(shape: AccessControlAttributeValueSourceList, required: true, location_name: "Source"))
+    AccessControlAttributeValue.struct_class = Types::AccessControlAttributeValue
+    AccessControlAttributeValueSourceList.member = Shapes::ShapeRef.new(shape: AccessControlAttributeValueSource)
     AccessDeniedException.add_member(:message, Shapes::ShapeRef.new(shape: AccessDeniedExceptionMessage, location_name: "Message"))
     AccessDeniedException.struct_class = Types::AccessDeniedException
@@ -185,6 +213,12 @@ module Aws::SSOAdmin
     CreateAccountAssignmentResponse.add_member(:account_assignment_creation_status, Shapes::ShapeRef.new(shape: AccountAssignmentOperationStatus, location_name: "AccountAssignmentCreationStatus"))
     CreateAccountAssignmentResponse.struct_class = Types::CreateAccountAssignmentResponse
+    CreateInstanceAccessControlAttributeConfigurationRequest.add_member(:instance_arn, Shapes::ShapeRef.new(shape: InstanceArn, required: true, location_name: "InstanceArn"))
+    CreateInstanceAccessControlAttributeConfigurationRequest.add_member(:instance_access_control_attribute_configuration, Shapes::ShapeRef.new(shape: InstanceAccessControlAttributeConfiguration, required: true, location_name: "InstanceAccessControlAttributeConfiguration"))
+    CreateInstanceAccessControlAttributeConfigurationRequest.struct_class = Types::CreateInstanceAccessControlAttributeConfigurationRequest
+    CreateInstanceAccessControlAttributeConfigurationResponse.struct_class = Types::CreateInstanceAccessControlAttributeConfigurationResponse
     CreatePermissionSetRequest.add_member(:name, Shapes::ShapeRef.new(shape: PermissionSetName, required: true, location_name: "Name"))
     CreatePermissionSetRequest.add_member(:description, Shapes::ShapeRef.new(shape: PermissionSetDescription, location_name: "Description"))
     CreatePermissionSetRequest.add_member(:instance_arn, Shapes::ShapeRef.new(shape: InstanceArn, required: true, location_name: "InstanceArn"))
@@ -213,6 +247,11 @@ module Aws::SSOAdmin
     DeleteInlinePolicyFromPermissionSetResponse.struct_class = Types::DeleteInlinePolicyFromPermissionSetResponse
+    DeleteInstanceAccessControlAttributeConfigurationRequest.add_member(:instance_arn, Shapes::ShapeRef.new(shape: InstanceArn, required: true, location_name: "InstanceArn"))
+    DeleteInstanceAccessControlAttributeConfigurationRequest.struct_class = Types::DeleteInstanceAccessControlAttributeConfigurationRequest
+    DeleteInstanceAccessControlAttributeConfigurationResponse.struct_class = Types::DeleteInstanceAccessControlAttributeConfigurationResponse
     DeletePermissionSetRequest.add_member(:instance_arn, Shapes::ShapeRef.new(shape: InstanceArn, required: true, location_name: "InstanceArn"))
     DeletePermissionSetRequest.add_member(:permission_set_arn, Shapes::ShapeRef.new(shape: PermissionSetArn, required: true, location_name: "PermissionSetArn"))
     DeletePermissionSetRequest.struct_class = Types::DeletePermissionSetRequest
@@ -233,6 +272,14 @@ module Aws::SSOAdmin
     DescribeAccountAssignmentDeletionStatusResponse.add_member(:account_assignment_deletion_status, Shapes::ShapeRef.new(shape: AccountAssignmentOperationStatus, location_name: "AccountAssignmentDeletionStatus"))
     DescribeAccountAssignmentDeletionStatusResponse.struct_class = Types::DescribeAccountAssignmentDeletionStatusResponse
+    DescribeInstanceAccessControlAttributeConfigurationRequest.add_member(:instance_arn, Shapes::ShapeRef.new(shape: InstanceArn, required: true, location_name: "InstanceArn"))
+    DescribeInstanceAccessControlAttributeConfigurationRequest.struct_class = Types::DescribeInstanceAccessControlAttributeConfigurationRequest
+    DescribeInstanceAccessControlAttributeConfigurationResponse.add_member(:status, Shapes::ShapeRef.new(shape: InstanceAccessControlAttributeConfigurationStatus, location_name: "Status"))
+    DescribeInstanceAccessControlAttributeConfigurationResponse.add_member(:status_reason, Shapes::ShapeRef.new(shape: InstanceAccessControlAttributeConfigurationStatusReason, location_name: "StatusReason"))
+    DescribeInstanceAccessControlAttributeConfigurationResponse.add_member(:instance_access_control_attribute_configuration, Shapes::ShapeRef.new(shape: InstanceAccessControlAttributeConfiguration, location_name: "InstanceAccessControlAttributeConfiguration"))
+    DescribeInstanceAccessControlAttributeConfigurationResponse.struct_class = Types::DescribeInstanceAccessControlAttributeConfigurationResponse
     DescribePermissionSetProvisioningStatusRequest.add_member(:instance_arn, Shapes::ShapeRef.new(shape: InstanceArn, required: true, location_name: "InstanceArn"))
     DescribePermissionSetProvisioningStatusRequest.add_member(:provision_permission_set_request_id, Shapes::ShapeRef.new(shape: UUId, required: true, location_name: "ProvisionPermissionSetRequestId"))
     DescribePermissionSetProvisioningStatusRequest.struct_class = Types::DescribePermissionSetProvisioningStatusRequest
@@ -261,6 +308,9 @@ module Aws::SSOAdmin
     GetInlinePolicyForPermissionSetResponse.add_member(:inline_policy, Shapes::ShapeRef.new(shape: PermissionSetPolicyDocument, location_name: "InlinePolicy"))
     GetInlinePolicyForPermissionSetResponse.struct_class = Types::GetInlinePolicyForPermissionSetResponse
+    InstanceAccessControlAttributeConfiguration.add_member(:access_control_attributes, Shapes::ShapeRef.new(shape: AccessControlAttributeList, required: true, location_name: "AccessControlAttributes"))
+    InstanceAccessControlAttributeConfiguration.struct_class = Types::InstanceAccessControlAttributeConfiguration
     InstanceList.member = Shapes::ShapeRef.new(shape: InstanceMetadata)
     InstanceMetadata.add_member(:instance_arn, Shapes::ShapeRef.new(shape: InstanceArn, location_name: "InstanceArn"))
@@ -444,6 +494,12 @@ module Aws::SSOAdmin
     UntagResourceResponse.struct_class = Types::UntagResourceResponse
+    UpdateInstanceAccessControlAttributeConfigurationRequest.add_member(:instance_arn, Shapes::ShapeRef.new(shape: InstanceArn, required: true, location_name: "InstanceArn"))
+    UpdateInstanceAccessControlAttributeConfigurationRequest.add_member(:instance_access_control_attribute_configuration, Shapes::ShapeRef.new(shape: InstanceAccessControlAttributeConfiguration, required: true, location_name: "InstanceAccessControlAttributeConfiguration"))
+    UpdateInstanceAccessControlAttributeConfigurationRequest.struct_class = Types::UpdateInstanceAccessControlAttributeConfigurationRequest
+    UpdateInstanceAccessControlAttributeConfigurationResponse.struct_class = Types::UpdateInstanceAccessControlAttributeConfigurationResponse
     UpdatePermissionSetRequest.add_member(:instance_arn, Shapes::ShapeRef.new(shape: InstanceArn, required: true, location_name: "InstanceArn"))
     UpdatePermissionSetRequest.add_member(:permission_set_arn, Shapes::ShapeRef.new(shape: PermissionSetArn, required: true, location_name: "PermissionSetArn"))
     UpdatePermissionSetRequest.add_member(:description, Shapes::ShapeRef.new(shape: PermissionSetDescription, location_name: "Description"))
@@ -506,6 +562,20 @@ module Aws::SSOAdmin
         o.errors << Shapes::ShapeRef.new(shape: ConflictException)
       end)
+      api.add_operation(:create_instance_access_control_attribute_configuration, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "CreateInstanceAccessControlAttributeConfiguration"
+        o.http_method = "POST"
+        o.http_request_uri = "/"
+        o.input = Shapes::ShapeRef.new(shape: CreateInstanceAccessControlAttributeConfigurationRequest)
+        o.output = Shapes::ShapeRef.new(shape: CreateInstanceAccessControlAttributeConfigurationResponse)
+        o.errors << Shapes::ShapeRef.new(shape: InternalServerException)
+        o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
+        o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
+        o.errors << Shapes::ShapeRef.new(shape: ValidationException)
+        o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
+        o.errors << Shapes::ShapeRef.new(shape: ConflictException)
+      end)
       api.add_operation(:create_permission_set, Seahorse::Model::Operation.new.tap do |o|
         o.name = "CreatePermissionSet"
         o.http_method = "POST"
@@ -549,6 +619,20 @@ module Aws::SSOAdmin
         o.errors << Shapes::ShapeRef.new(shape: ConflictException)
       end)
+      api.add_operation(:delete_instance_access_control_attribute_configuration, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "DeleteInstanceAccessControlAttributeConfiguration"
+        o.http_method = "POST"
+        o.http_request_uri = "/"
+        o.input = Shapes::ShapeRef.new(shape: DeleteInstanceAccessControlAttributeConfigurationRequest)
+        o.output = Shapes::ShapeRef.new(shape: DeleteInstanceAccessControlAttributeConfigurationResponse)
+        o.errors << Shapes::ShapeRef.new(shape: InternalServerException)
+        o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
+        o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
+        o.errors << Shapes::ShapeRef.new(shape: ValidationException)
+        o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
+        o.errors << Shapes::ShapeRef.new(shape: ConflictException)
+      end)
       api.add_operation(:delete_permission_set, Seahorse::Model::Operation.new.tap do |o|
         o.name = "DeletePermissionSet"
         o.http_method = "POST"
@@ -589,6 +673,19 @@ module Aws::SSOAdmin
         o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
       end)
+      api.add_operation(:describe_instance_access_control_attribute_configuration, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "DescribeInstanceAccessControlAttributeConfiguration"
+        o.http_method = "POST"
+        o.http_request_uri = "/"
+        o.input = Shapes::ShapeRef.new(shape: DescribeInstanceAccessControlAttributeConfigurationRequest)
+        o.output = Shapes::ShapeRef.new(shape: DescribeInstanceAccessControlAttributeConfigurationResponse)
+        o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
+        o.errors << Shapes::ShapeRef.new(shape: InternalServerException)
+        o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
+        o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
+        o.errors << Shapes::ShapeRef.new(shape: ValidationException)
+      end)
       api.add_operation(:describe_permission_set, Seahorse::Model::Operation.new.tap do |o|
         o.name = "DescribePermissionSet"
         o.http_method = "POST"
@@ -888,6 +985,20 @@ module Aws::SSOAdmin
         o.errors << Shapes::ShapeRef.new(shape: ConflictException)
       end)
+      api.add_operation(:update_instance_access_control_attribute_configuration, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "UpdateInstanceAccessControlAttributeConfiguration"
+        o.http_method = "POST"
+        o.http_request_uri = "/"
+        o.input = Shapes::ShapeRef.new(shape: UpdateInstanceAccessControlAttributeConfigurationRequest)
+        o.output = Shapes::ShapeRef.new(shape: UpdateInstanceAccessControlAttributeConfigurationResponse)
+        o.errors << Shapes::ShapeRef.new(shape: InternalServerException)
+        o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
+        o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
+        o.errors << Shapes::ShapeRef.new(shape: ValidationException)
+        o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
+        o.errors << Shapes::ShapeRef.new(shape: ConflictException)
+      end)
       api.add_operation(:update_permission_set, Seahorse::Model::Operation.new.tap do |o|
         o.name = "UpdatePermissionSet"
         o.http_method = "POST"

data/lib/aws-sdk-ssoadmin/types.rb CHANGED Viewed

@@ -10,6 +10,66 @@
 module Aws::SSOAdmin
   module Types
+    # These are AWS SSO identity store attributes that you can configure for
+    # use in attributes-based access control (ABAC). You can create
+    # permission policies that determine who can access your AWS resources
+    # based upon the configured attribute value(s). When you enable ABAC and
+    # specify AccessControlAttributes, AWS SSO passes the attribute(s) value
+    # of the authenticated user into IAM for use in policy evaluation.
+    #
+    # @note When making an API call, you may pass AccessControlAttribute
+    #   data as a hash:
+    #
+    #       {
+    #         key: "AccessControlAttributeKey", # required
+    #         value: { # required
+    #           source: ["AccessControlAttributeValueSource"], # required
+    #         },
+    #       }
+    #
+    # @!attribute [rw] key
+    #   The name of the attribute associated with your identities in your
+    #   identity source. This is used to map a specified attribute in your
+    #   identity source with an attribute in AWS SSO.
+    #   @return [String]
+    #
+    # @!attribute [rw] value
+    #   The value used for mapping a specified attribute to an identity
+    #   source.
+    #   @return [Types::AccessControlAttributeValue]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/AccessControlAttribute AWS API Documentation
+    #
+    class AccessControlAttribute < Struct.new(
+      :key,
+      :value)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+    # The value used for mapping a specified attribute to an identity
+    # source.
+    #
+    # @note When making an API call, you may pass AccessControlAttributeValue
+    #   data as a hash:
+    #
+    #       {
+    #         source: ["AccessControlAttributeValueSource"], # required
+    #       }
+    #
+    # @!attribute [rw] source
+    #   The identity source to use when mapping a specified attribute to AWS
+    #   SSO.
+    #   @return [Array<String>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/AccessControlAttributeValue AWS API Documentation
+    #
+    class AccessControlAttributeValue < Struct.new(
+      :source)
+      SENSITIVE = []
+      include Aws::Structure
+    end
     # You do not have sufficient access to perform this action.
     #
     # @!attribute [rw] message
@@ -47,7 +107,11 @@ module Aws::SSOAdmin
     #   @return [String]
     #
     # @!attribute [rw] principal_id
-    #   The identifier of the principal.
+    #   An identifier for an object in AWS SSO, such as a user or group.
+    #   PrincipalIds are GUIDs (For example,
+    #   f81d4fae-7dec-11d0-a765-00a0c91e6bf6). For more information about
+    #   PrincipalIds in AWS SSO, see the [AWS SSO Identity Store API
+    #   Reference](/singlesignon/latest/IdentityStoreAPIReference/welcome.html).
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/AccountAssignment AWS API Documentation
@@ -79,7 +143,8 @@ module Aws::SSOAdmin
     #   @return [String]
     #
     # @!attribute [rw] target_id
-    #   The identifier for the chosen target.
+    #   TargetID is an AWS account identifier, typically a 10-12 digit
+    #   string (For example, 123456789012).
     #   @return [String]
     #
     # @!attribute [rw] target_type
@@ -98,7 +163,11 @@ module Aws::SSOAdmin
     #   @return [String]
     #
     # @!attribute [rw] principal_id
-    #   The identifier of the principal.
+    #   An identifier for an object in AWS SSO, such as a user or group.
+    #   PrincipalIds are GUIDs (For example,
+    #   f81d4fae-7dec-11d0-a765-00a0c91e6bf6). For more information about
+    #   PrincipalIds in AWS SSO, see the [AWS SSO Identity Store API
+    #   Reference](/singlesignon/latest/IdentityStoreAPIReference/welcome.html).
     #   @return [String]
     #
     # @!attribute [rw] created_date
@@ -246,7 +315,8 @@ module Aws::SSOAdmin
     #   @return [String]
     #
     # @!attribute [rw] target_id
-    #   The identifier for the chosen target.
+    #   TargetID is an AWS account identifier, typically a 10-12 digit
+    #   string (For example, 123456789012).
     #   @return [String]
     #
     # @!attribute [rw] target_type
@@ -263,7 +333,11 @@ module Aws::SSOAdmin
     #   @return [String]
     #
     # @!attribute [rw] principal_id
-    #   The identifier of the principal.
+    #   An identifier for an object in AWS SSO, such as a user or group.
+    #   PrincipalIds are GUIDs (For example,
+    #   f81d4fae-7dec-11d0-a765-00a0c91e6bf6). For more information about
+    #   PrincipalIds in AWS SSO, see the [AWS SSO Identity Store API
+    #   Reference](/singlesignon/latest/IdentityStoreAPIReference/welcome.html).
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/CreateAccountAssignmentRequest AWS API Documentation
@@ -291,6 +365,51 @@ module Aws::SSOAdmin
       include Aws::Structure
     end
+    # @note When making an API call, you may pass CreateInstanceAccessControlAttributeConfigurationRequest
+    #   data as a hash:
+    #
+    #       {
+    #         instance_arn: "InstanceArn", # required
+    #         instance_access_control_attribute_configuration: { # required
+    #           access_control_attributes: [ # required
+    #             {
+    #               key: "AccessControlAttributeKey", # required
+    #               value: { # required
+    #                 source: ["AccessControlAttributeValueSource"], # required
+    #               },
+    #             },
+    #           ],
+    #         },
+    #       }
+    #
+    # @!attribute [rw] instance_arn
+    #   The ARN of the SSO instance under which the operation will be
+    #   executed.
+    #   @return [String]
+    #
+    # @!attribute [rw] instance_access_control_attribute_configuration
+    #   Specifies the AWS SSO identity store attributes to add to your ABAC
+    #   configuration. When using an external identity provider as an
+    #   identity source, you can pass attributes through the SAML assertion
+    #   as an alternative to configuring attributes from the AWS SSO
+    #   identity store. If a SAML assertion passes any of these attributes,
+    #   AWS SSO will replace the attribute value with the value from the AWS
+    #   SSO identity store.
+    #   @return [Types::InstanceAccessControlAttributeConfiguration]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/CreateInstanceAccessControlAttributeConfigurationRequest AWS API Documentation
+    #
+    class CreateInstanceAccessControlAttributeConfigurationRequest < Struct.new(
+      :instance_arn,
+      :instance_access_control_attribute_configuration)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/CreateInstanceAccessControlAttributeConfigurationResponse AWS API Documentation
+    #
+    class CreateInstanceAccessControlAttributeConfigurationResponse < Aws::EmptyStructure; end
     # @note When making an API call, you may pass CreatePermissionSetRequest
     #   data as a hash:
     #
@@ -384,7 +503,8 @@ module Aws::SSOAdmin
     #   @return [String]
     #
     # @!attribute [rw] target_id
-    #   The identifier for the chosen target.
+    #   TargetID is an AWS account identifier, typically a 10-12 digit
+    #   string (For example, 123456789012).
     #   @return [String]
     #
     # @!attribute [rw] target_type
@@ -400,7 +520,11 @@ module Aws::SSOAdmin
     #   @return [String]
     #
     # @!attribute [rw] principal_id
-    #   The identifier of the principal.
+    #   An identifier for an object in AWS SSO, such as a user or group.
+    #   PrincipalIds are GUIDs (For example,
+    #   f81d4fae-7dec-11d0-a765-00a0c91e6bf6). For more information about
+    #   PrincipalIds in AWS SSO, see the [AWS SSO Identity Store API
+    #   Reference](/singlesignon/latest/IdentityStoreAPIReference/welcome.html).
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/DeleteAccountAssignmentRequest AWS API Documentation
@@ -461,6 +585,30 @@ module Aws::SSOAdmin
     #
     class DeleteInlinePolicyFromPermissionSetResponse < Aws::EmptyStructure; end
+    # @note When making an API call, you may pass DeleteInstanceAccessControlAttributeConfigurationRequest
+    #   data as a hash:
+    #
+    #       {
+    #         instance_arn: "InstanceArn", # required
+    #       }
+    #
+    # @!attribute [rw] instance_arn
+    #   The ARN of the SSO instance under which the operation will be
+    #   executed.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/DeleteInstanceAccessControlAttributeConfigurationRequest AWS API Documentation
+    #
+    class DeleteInstanceAccessControlAttributeConfigurationRequest < Struct.new(
+      :instance_arn)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/DeleteInstanceAccessControlAttributeConfigurationResponse AWS API Documentation
+    #
+    class DeleteInstanceAccessControlAttributeConfigurationResponse < Aws::EmptyStructure; end
     # @note When making an API call, you may pass DeletePermissionSetRequest
     #   data as a hash:
     #
@@ -576,6 +724,50 @@ module Aws::SSOAdmin
       include Aws::Structure
     end
+    # @note When making an API call, you may pass DescribeInstanceAccessControlAttributeConfigurationRequest
+    #   data as a hash:
+    #
+    #       {
+    #         instance_arn: "InstanceArn", # required
+    #       }
+    #
+    # @!attribute [rw] instance_arn
+    #   The ARN of the SSO instance under which the operation will be
+    #   executed.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/DescribeInstanceAccessControlAttributeConfigurationRequest AWS API Documentation
+    #
+    class DescribeInstanceAccessControlAttributeConfigurationRequest < Struct.new(
+      :instance_arn)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+    # @!attribute [rw] status
+    #   The status of the attribute configuration process.
+    #   @return [String]
+    #
+    # @!attribute [rw] status_reason
+    #   Provides more details about the current status of the specified
+    #   attribute.
+    #   @return [String]
+    #
+    # @!attribute [rw] instance_access_control_attribute_configuration
+    #   Gets the list of AWS SSO identity store attributes added to your
+    #   ABAC configuration.
+    #   @return [Types::InstanceAccessControlAttributeConfiguration]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/DescribeInstanceAccessControlAttributeConfigurationResponse AWS API Documentation
+    #
+    class DescribeInstanceAccessControlAttributeConfigurationResponse < Struct.new(
+      :status,
+      :status_reason,
+      :instance_access_control_attribute_configuration)
+      SENSITIVE = []
+      include Aws::Structure
+    end
     # @note When making an API call, you may pass DescribePermissionSetProvisioningStatusRequest
     #   data as a hash:
     #
@@ -740,6 +932,36 @@ module Aws::SSOAdmin
       include Aws::Structure
     end
+    # Specifies the attributes to add to your attribute-based access control
+    # (ABAC) configuration.
+    #
+    # @note When making an API call, you may pass InstanceAccessControlAttributeConfiguration
+    #   data as a hash:
+    #
+    #       {
+    #         access_control_attributes: [ # required
+    #           {
+    #             key: "AccessControlAttributeKey", # required
+    #             value: { # required
+    #               source: ["AccessControlAttributeValueSource"], # required
+    #             },
+    #           },
+    #         ],
+    #       }
+    #
+    # @!attribute [rw] access_control_attributes
+    #   Lists the attributes that are configured for ABAC in the specified
+    #   AWS SSO instance.
+    #   @return [Array<Types::AccessControlAttribute>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/InstanceAccessControlAttributeConfiguration AWS API Documentation
+    #
+    class InstanceAccessControlAttributeConfiguration < Struct.new(
+      :access_control_attributes)
+      SENSITIVE = []
+      include Aws::Structure
+    end
     # Provides information about the SSO instance.
     #
     # @!attribute [rw] instance_arn
@@ -1537,7 +1759,8 @@ module Aws::SSOAdmin
     #   @return [String]
     #
     # @!attribute [rw] target_id
-    #   The identifier for the chosen target.
+    #   TargetID is an AWS account identifier, typically a 10-12 digit
+    #   string (For example, 123456789012).
     #   @return [String]
     #
     # @!attribute [rw] target_type
@@ -1759,6 +1982,45 @@ module Aws::SSOAdmin
     #
     class UntagResourceResponse < Aws::EmptyStructure; end
+    # @note When making an API call, you may pass UpdateInstanceAccessControlAttributeConfigurationRequest
+    #   data as a hash:
+    #
+    #       {
+    #         instance_arn: "InstanceArn", # required
+    #         instance_access_control_attribute_configuration: { # required
+    #           access_control_attributes: [ # required
+    #             {
+    #               key: "AccessControlAttributeKey", # required
+    #               value: { # required
+    #                 source: ["AccessControlAttributeValueSource"], # required
+    #               },
+    #             },
+    #           ],
+    #         },
+    #       }
+    #
+    # @!attribute [rw] instance_arn
+    #   The ARN of the SSO instance under which the operation will be
+    #   executed.
+    #   @return [String]
+    #
+    # @!attribute [rw] instance_access_control_attribute_configuration
+    #   Updates the attributes for your ABAC configuration.
+    #   @return [Types::InstanceAccessControlAttributeConfiguration]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/UpdateInstanceAccessControlAttributeConfigurationRequest AWS API Documentation
+    #
+    class UpdateInstanceAccessControlAttributeConfigurationRequest < Struct.new(
+      :instance_arn,
+      :instance_access_control_attribute_configuration)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/UpdateInstanceAccessControlAttributeConfigurationResponse AWS API Documentation
+    #
+    class UpdateInstanceAccessControlAttributeConfigurationResponse < Aws::EmptyStructure; end
     # @note When making an API call, you may pass UpdatePermissionSetRequest
     #   data as a hash:
     #

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-ssoadmin
 version: !ruby/object:Gem::Version
-  version: 1.0.0
+  version: 1.5.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-09-10 00:00:00.000000000 Z
+date: 2021-02-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core
@@ -19,7 +19,7 @@ dependencies:
         version: '3'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.99.0
+        version: 3.112.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -29,7 +29,7 @@ dependencies:
         version: '3'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.99.0
+        version: 3.112.0
 - !ruby/object:Gem::Dependency
   name: aws-sigv4
   requirement: !ruby/object:Gem::Requirement