aws-sdk-ssoadmin 1.15.0 → 1.18.0

data/lib/aws-sdk-ssoadmin/client.rb

@@ -27,6 +27,7 @@ require 'aws-sdk-core/plugins/client_metrics_plugin.rb'
 require 'aws-sdk-core/plugins/client_metrics_send_plugin.rb'
 require 'aws-sdk-core/plugins/transfer_encoding.rb'
 require 'aws-sdk-core/plugins/http_checksum.rb'
+require 'aws-sdk-core/plugins/checksum_algorithm.rb'
 require 'aws-sdk-core/plugins/defaults_mode.rb'
 require 'aws-sdk-core/plugins/recursion_detection.rb'
 require 'aws-sdk-core/plugins/signature_v4.rb'
@@ -75,6 +76,7 @@ module Aws::SSOAdmin
     add_plugin(Aws::Plugins::ClientMetricsSendPlugin)
     add_plugin(Aws::Plugins::TransferEncoding)
     add_plugin(Aws::Plugins::HttpChecksum)
+    add_plugin(Aws::Plugins::ChecksumAlgorithm)
     add_plugin(Aws::Plugins::DefaultsMode)
     add_plugin(Aws::Plugins::RecursionDetection)
     add_plugin(Aws::Plugins::SignatureV4)
@@ -359,7 +361,45 @@ module Aws::SSOAdmin
 
     # @!group API Operations
 
-    # Attaches an IAM managed policy ARN to a permission set.
+    # Attaches the specified customer managed policy to the specified
+    # PermissionSet.
+    #
+    # @option params [required, String] :instance_arn
+    #   The ARN of the Amazon Web Services SSO instance under which the
+    #   operation will be executed.
+    #
+    # @option params [required, String] :permission_set_arn
+    #   The ARN of the `PermissionSet`.
+    #
+    # @option params [required, Types::CustomerManagedPolicyReference] :customer_managed_policy_reference
+    #   Specifies the name and path of a customer managed policy. You must
+    #   have an IAM policy that matches the name and path in each Amazon Web
+    #   Services account where you want to deploy your permission set.
+    #
+    # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.attach_customer_managed_policy_reference_to_permission_set({
+    #     instance_arn: "InstanceArn", # required
+    #     permission_set_arn: "PermissionSetArn", # required
+    #     customer_managed_policy_reference: { # required
+    #       name: "ManagedPolicyName", # required
+    #       path: "ManagedPolicyPath",
+    #     },
+    #   })
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/AttachCustomerManagedPolicyReferenceToPermissionSet AWS API Documentation
+    #
+    # @overload attach_customer_managed_policy_reference_to_permission_set(params = {})
+    # @param [Hash] params ({})
+    def attach_customer_managed_policy_reference_to_permission_set(params = {}, options = {})
+      req = build_request(:attach_customer_managed_policy_reference_to_permission_set, params)
+      req.send_request(options)
+    end
+
+    # Attaches an Amazon Web Services managed policy ARN to a permission
+    # set.
     #
     # <note markdown="1"> If the permission set is already referenced by one or more account
     # assignments, you will need to call ` ProvisionPermissionSet ` after
@@ -369,9 +409,9 @@ module Aws::SSOAdmin
     #  </note>
     #
     # @option params [required, String] :instance_arn
-    #   The ARN of the SSO instance under which the operation will be
-    #   executed. For more information about ARNs, see [Amazon Resource Names
-    #   (ARNs) and Amazon Web Services Service
+    #   The ARN of the Amazon Web Services SSO instance under which the
+    #   operation will be executed. For more information about ARNs, see
+    #   [Amazon Resource Names (ARNs) and Amazon Web Services Service
     #   Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
     #   *Amazon Web Services General Reference*.
     #
@@ -380,7 +420,8 @@ module Aws::SSOAdmin
     #   attached to.
     #
     # @option params [required, String] :managed_policy_arn
-    #   The IAM managed policy ARN to be attached to a permission set.
+    #   The Amazon Web Services managed policy ARN to be attached to a
+    #   permission set.
     #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
@@ -411,18 +452,18 @@ module Aws::SSOAdmin
     #
     # <note markdown="1"> As part of a successful `CreateAccountAssignment` call, the specified
     # permission set will automatically be provisioned to the account in the
-    # form of an IAM policy. That policy is attached to the SSO-created IAM
-    # role. If the permission set is subsequently updated, the corresponding
-    # IAM policies attached to roles in your accounts will not be updated
-    # automatically. In this case, you must call ` ProvisionPermissionSet `
-    # to make these updates.
+    # form of an IAM policy. That policy is attached to the IAM role created
+    # in Amazon Web Services SSO. If the permission set is subsequently
+    # updated, the corresponding IAM policies attached to roles in your
+    # accounts will not be updated automatically. In this case, you must
+    # call ` ProvisionPermissionSet ` to make these updates.
     #
     #  </note>
     #
     # @option params [required, String] :instance_arn
-    #   The ARN of the SSO instance under which the operation will be
-    #   executed. For more information about ARNs, see [Amazon Resource Names
-    #   (ARNs) and Amazon Web Services Service
+    #   The ARN of the Amazon Web Services SSO instance under which the
+    #   operation will be executed. For more information about ARNs, see
+    #   [Amazon Resource Names (ARNs) and Amazon Web Services Service
     #   Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
     #   *Amazon Web Services General Reference*.
     #
@@ -492,8 +533,8 @@ module Aws::SSOAdmin
     # Services SSO User Guide*.
     #
     # @option params [required, String] :instance_arn
-    #   The ARN of the SSO instance under which the operation will be
-    #   executed.
+    #   The ARN of the Amazon Web Services SSO instance under which the
+    #   operation will be executed.
     #
     # @option params [required, Types::InstanceAccessControlAttributeConfiguration] :instance_access_control_attribute_configuration
     #   Specifies the Amazon Web Services SSO identity store attributes to add
@@ -532,7 +573,8 @@ module Aws::SSOAdmin
       req.send_request(options)
     end
 
-    # Creates a permission set within a specified SSO instance.
+    # Creates a permission set within a specified Amazon Web Services SSO
+    # instance.
     #
     # <note markdown="1"> To grant users and groups access to Amazon Web Services account
     # resources, use ` CreateAccountAssignment `.
@@ -546,9 +588,9 @@ module Aws::SSOAdmin
     #   The description of the PermissionSet.
     #
     # @option params [required, String] :instance_arn
-    #   The ARN of the SSO instance under which the operation will be
-    #   executed. For more information about ARNs, see [Amazon Resource Names
-    #   (ARNs) and Amazon Web Services Service
+    #   The ARN of the Amazon Web Services SSO instance under which the
+    #   operation will be executed. For more information about ARNs, see
+    #   [Amazon Resource Names (ARNs) and Amazon Web Services Service
     #   Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
     #   *Amazon Web Services General Reference*.
     #
@@ -577,8 +619,8 @@ module Aws::SSOAdmin
     #     relay_state: "RelayState",
     #     tags: [
     #       {
-    #         key: "TagKey",
-    #         value: "TagValue",
+    #         key: "TagKey", # required
+    #         value: "TagValue", # required
     #       },
     #     ],
     #   })
@@ -605,9 +647,9 @@ module Aws::SSOAdmin
     # account using a specified permission set.
     #
     # @option params [required, String] :instance_arn
-    #   The ARN of the SSO instance under which the operation will be
-    #   executed. For more information about ARNs, see [Amazon Resource Names
-    #   (ARNs) and Amazon Web Services Service
+    #   The ARN of the Amazon Web Services SSO instance under which the
+    #   operation will be executed. For more information about ARNs, see
+    #   [Amazon Resource Names (ARNs) and Amazon Web Services Service
     #   Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
     #   *Amazon Web Services General Reference*.
     #
@@ -671,9 +713,9 @@ module Aws::SSOAdmin
     # Deletes the inline policy from a specified permission set.
     #
     # @option params [required, String] :instance_arn
-    #   The ARN of the SSO instance under which the operation will be
-    #   executed. For more information about ARNs, see [Amazon Resource Names
-    #   (ARNs) and Amazon Web Services Service
+    #   The ARN of the Amazon Web Services SSO instance under which the
+    #   operation will be executed. For more information about ARNs, see
+    #   [Amazon Resource Names (ARNs) and Amazon Web Services Service
     #   Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
     #   *Amazon Web Services General Reference*.
     #
@@ -708,8 +750,8 @@ module Aws::SSOAdmin
     # Services SSO User Guide*.
     #
     # @option params [required, String] :instance_arn
-    #   The ARN of the SSO instance under which the operation will be
-    #   executed.
+    #   The ARN of the Amazon Web Services SSO instance under which the
+    #   operation will be executed.
     #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
@@ -731,9 +773,9 @@ module Aws::SSOAdmin
     # Deletes the specified permission set.
     #
     # @option params [required, String] :instance_arn
-    #   The ARN of the SSO instance under which the operation will be
-    #   executed. For more information about ARNs, see [Amazon Resource Names
-    #   (ARNs) and Amazon Web Services Service
+    #   The ARN of the Amazon Web Services SSO instance under which the
+    #   operation will be executed. For more information about ARNs, see
+    #   [Amazon Resource Names (ARNs) and Amazon Web Services Service
     #   Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
     #   *Amazon Web Services General Reference*.
     #
@@ -758,12 +800,39 @@ module Aws::SSOAdmin
       req.send_request(options)
     end
 
+    # Deletes the permissions boundary from a specified PermissionSet.
+    #
+    # @option params [required, String] :instance_arn
+    #   The ARN of the Amazon Web Services SSO instance under which the
+    #   operation will be executed.
+    #
+    # @option params [required, String] :permission_set_arn
+    #   The ARN of the `PermissionSet`.
+    #
+    # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.delete_permissions_boundary_from_permission_set({
+    #     instance_arn: "InstanceArn", # required
+    #     permission_set_arn: "PermissionSetArn", # required
+    #   })
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/DeletePermissionsBoundaryFromPermissionSet AWS API Documentation
+    #
+    # @overload delete_permissions_boundary_from_permission_set(params = {})
+    # @param [Hash] params ({})
+    def delete_permissions_boundary_from_permission_set(params = {}, options = {})
+      req = build_request(:delete_permissions_boundary_from_permission_set, params)
+      req.send_request(options)
+    end
+
     # Describes the status of the assignment creation request.
     #
     # @option params [required, String] :instance_arn
-    #   The ARN of the SSO instance under which the operation will be
-    #   executed. For more information about ARNs, see [Amazon Resource Names
-    #   (ARNs) and Amazon Web Services Service
+    #   The ARN of the Amazon Web Services SSO instance under which the
+    #   operation will be executed. For more information about ARNs, see
+    #   [Amazon Resource Names (ARNs) and Amazon Web Services Service
     #   Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
     #   *Amazon Web Services General Reference*.
     #
@@ -805,9 +874,9 @@ module Aws::SSOAdmin
     # Describes the status of the assignment deletion request.
     #
     # @option params [required, String] :instance_arn
-    #   The ARN of the SSO instance under which the operation will be
-    #   executed. For more information about ARNs, see [Amazon Resource Names
-    #   (ARNs) and Amazon Web Services Service
+    #   The ARN of the Amazon Web Services SSO instance under which the
+    #   operation will be executed. For more information about ARNs, see
+    #   [Amazon Resource Names (ARNs) and Amazon Web Services Service
     #   Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
     #   *Amazon Web Services General Reference*.
     #
@@ -855,8 +924,8 @@ module Aws::SSOAdmin
     # Services SSO User Guide*.
     #
     # @option params [required, String] :instance_arn
-    #   The ARN of the SSO instance under which the operation will be
-    #   executed.
+    #   The ARN of the Amazon Web Services SSO instance under which the
+    #   operation will be executed.
     #
     # @return [Types::DescribeInstanceAccessControlAttributeConfigurationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -891,9 +960,9 @@ module Aws::SSOAdmin
     # Gets the details of the permission set.
     #
     # @option params [required, String] :instance_arn
-    #   The ARN of the SSO instance under which the operation will be
-    #   executed. For more information about ARNs, see [Amazon Resource Names
-    #   (ARNs) and Amazon Web Services Service
+    #   The ARN of the Amazon Web Services SSO instance under which the
+    #   operation will be executed. For more information about ARNs, see
+    #   [Amazon Resource Names (ARNs) and Amazon Web Services Service
     #   Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
     #   *Amazon Web Services General Reference*.
     #
@@ -933,9 +1002,9 @@ module Aws::SSOAdmin
     # request.
     #
     # @option params [required, String] :instance_arn
-    #   The ARN of the SSO instance under which the operation will be
-    #   executed. For more information about ARNs, see [Amazon Resource Names
-    #   (ARNs) and Amazon Web Services Service
+    #   The ARN of the Amazon Web Services SSO instance under which the
+    #   operation will be executed. For more information about ARNs, see
+    #   [Amazon Resource Names (ARNs) and Amazon Web Services Service
     #   Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
     #   *Amazon Web Services General Reference*.
     #
@@ -972,13 +1041,50 @@ module Aws::SSOAdmin
       req.send_request(options)
     end
 
-    # Detaches the attached IAM managed policy ARN from the specified
-    # permission set.
+    # Detaches the specified customer managed policy from the specified
+    # PermissionSet.
     #
     # @option params [required, String] :instance_arn
-    #   The ARN of the SSO instance under which the operation will be
-    #   executed. For more information about ARNs, see [Amazon Resource Names
-    #   (ARNs) and Amazon Web Services Service
+    #   The ARN of the Amazon Web Services SSO instance under which the
+    #   operation will be executed.
+    #
+    # @option params [required, String] :permission_set_arn
+    #   The ARN of the `PermissionSet`.
+    #
+    # @option params [required, Types::CustomerManagedPolicyReference] :customer_managed_policy_reference
+    #   Specifies the name and path of a customer managed policy. You must
+    #   have an IAM policy that matches the name and path in each Amazon Web
+    #   Services account where you want to deploy your permission set.
+    #
+    # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.detach_customer_managed_policy_reference_from_permission_set({
+    #     instance_arn: "InstanceArn", # required
+    #     permission_set_arn: "PermissionSetArn", # required
+    #     customer_managed_policy_reference: { # required
+    #       name: "ManagedPolicyName", # required
+    #       path: "ManagedPolicyPath",
+    #     },
+    #   })
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/DetachCustomerManagedPolicyReferenceFromPermissionSet AWS API Documentation
+    #
+    # @overload detach_customer_managed_policy_reference_from_permission_set(params = {})
+    # @param [Hash] params ({})
+    def detach_customer_managed_policy_reference_from_permission_set(params = {}, options = {})
+      req = build_request(:detach_customer_managed_policy_reference_from_permission_set, params)
+      req.send_request(options)
+    end
+
+    # Detaches the attached Amazon Web Services managed policy ARN from the
+    # specified permission set.
+    #
+    # @option params [required, String] :instance_arn
+    #   The ARN of the Amazon Web Services SSO instance under which the
+    #   operation will be executed. For more information about ARNs, see
+    #   [Amazon Resource Names (ARNs) and Amazon Web Services Service
     #   Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
     #   *Amazon Web Services General Reference*.
     #
@@ -986,7 +1092,8 @@ module Aws::SSOAdmin
     #   The ARN of the PermissionSet from which the policy should be detached.
     #
     # @option params [required, String] :managed_policy_arn
-    #   The IAM managed policy ARN to be attached to a permission set.
+    #   The Amazon Web Services managed policy ARN to be detached from a
+    #   permission set.
     #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
@@ -1010,9 +1117,9 @@ module Aws::SSOAdmin
     # Obtains the inline policy assigned to the permission set.
     #
     # @option params [required, String] :instance_arn
-    #   The ARN of the SSO instance under which the operation will be
-    #   executed. For more information about ARNs, see [Amazon Resource Names
-    #   (ARNs) and Amazon Web Services Service
+    #   The ARN of the Amazon Web Services SSO instance under which the
+    #   operation will be executed. For more information about ARNs, see
+    #   [Amazon Resource Names (ARNs) and Amazon Web Services Service
     #   Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
     #   *Amazon Web Services General Reference*.
     #
@@ -1043,13 +1150,48 @@ module Aws::SSOAdmin
       req.send_request(options)
     end
 
+    # Obtains the permissions boundary for a specified PermissionSet.
+    #
+    # @option params [required, String] :instance_arn
+    #   The ARN of the Amazon Web Services SSO instance under which the
+    #   operation will be executed.
+    #
+    # @option params [required, String] :permission_set_arn
+    #   The ARN of the `PermissionSet`.
+    #
+    # @return [Types::GetPermissionsBoundaryForPermissionSetResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::GetPermissionsBoundaryForPermissionSetResponse#permissions_boundary #permissions_boundary} => Types::PermissionsBoundary
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.get_permissions_boundary_for_permission_set({
+    #     instance_arn: "InstanceArn", # required
+    #     permission_set_arn: "PermissionSetArn", # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.permissions_boundary.customer_managed_policy_reference.name #=> String
+    #   resp.permissions_boundary.customer_managed_policy_reference.path #=> String
+    #   resp.permissions_boundary.managed_policy_arn #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/GetPermissionsBoundaryForPermissionSet AWS API Documentation
+    #
+    # @overload get_permissions_boundary_for_permission_set(params = {})
+    # @param [Hash] params ({})
+    def get_permissions_boundary_for_permission_set(params = {}, options = {})
+      req = build_request(:get_permissions_boundary_for_permission_set, params)
+      req.send_request(options)
+    end
+
     # Lists the status of the Amazon Web Services account assignment
-    # creation requests for a specified SSO instance.
+    # creation requests for a specified Amazon Web Services SSO instance.
     #
     # @option params [required, String] :instance_arn
-    #   The ARN of the SSO instance under which the operation will be
-    #   executed. For more information about ARNs, see [Amazon Resource Names
-    #   (ARNs) and Amazon Web Services Service
+    #   The ARN of the Amazon Web Services SSO instance under which the
+    #   operation will be executed. For more information about ARNs, see
+    #   [Amazon Resource Names (ARNs) and Amazon Web Services Service
     #   Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
     #   *Amazon Web Services General Reference*.
     #
@@ -1099,12 +1241,12 @@ module Aws::SSOAdmin
     end
 
     # Lists the status of the Amazon Web Services account assignment
-    # deletion requests for a specified SSO instance.
+    # deletion requests for a specified Amazon Web Services SSO instance.
     #
     # @option params [required, String] :instance_arn
-    #   The ARN of the SSO instance under which the operation will be
-    #   executed. For more information about ARNs, see [Amazon Resource Names
-    #   (ARNs) and Amazon Web Services Service
+    #   The ARN of the Amazon Web Services SSO instance under which the
+    #   operation will be executed. For more information about ARNs, see
+    #   [Amazon Resource Names (ARNs) and Amazon Web Services Service
     #   Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
     #   *Amazon Web Services General Reference*.
     #
@@ -1157,9 +1299,9 @@ module Aws::SSOAdmin
     # the specified permission set.
     #
     # @option params [required, String] :instance_arn
-    #   The ARN of the SSO instance under which the operation will be
-    #   executed. For more information about ARNs, see [Amazon Resource Names
-    #   (ARNs) and Amazon Web Services Service
+    #   The ARN of the Amazon Web Services SSO instance under which the
+    #   operation will be executed. For more information about ARNs, see
+    #   [Amazon Resource Names (ARNs) and Amazon Web Services Service
     #   Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
     #   *Amazon Web Services General Reference*.
     #
@@ -1216,9 +1358,9 @@ module Aws::SSOAdmin
     # permission set is provisioned.
     #
     # @option params [required, String] :instance_arn
-    #   The ARN of the SSO instance under which the operation will be
-    #   executed. For more information about ARNs, see [Amazon Resource Names
-    #   (ARNs) and Amazon Web Services Service
+    #   The ARN of the Amazon Web Services SSO instance under which the
+    #   operation will be executed. For more information about ARNs, see
+    #   [Amazon Resource Names (ARNs) and Amazon Web Services Service
     #   Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
     #   *Amazon Web Services General Reference*.
     #
@@ -1269,7 +1411,57 @@ module Aws::SSOAdmin
       req.send_request(options)
     end
 
-    # Lists the SSO instances that the caller has access to.
+    # Lists all customer managed policies attached to a specified
+    # PermissionSet.
+    #
+    # @option params [required, String] :instance_arn
+    #   The ARN of the Amazon Web Services SSO instance under which the
+    #   operation will be executed.
+    #
+    # @option params [required, String] :permission_set_arn
+    #   The ARN of the `PermissionSet`.
+    #
+    # @option params [Integer] :max_results
+    #   The maximum number of results to display for the list call.
+    #
+    # @option params [String] :next_token
+    #   The pagination token for the list API. Initially the value is null.
+    #   Use the output of previous API calls to make subsequent calls.
+    #
+    # @return [Types::ListCustomerManagedPolicyReferencesInPermissionSetResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::ListCustomerManagedPolicyReferencesInPermissionSetResponse#customer_managed_policy_references #customer_managed_policy_references} => Array&lt;Types::CustomerManagedPolicyReference&gt;
+    #   * {Types::ListCustomerManagedPolicyReferencesInPermissionSetResponse#next_token #next_token} => String
+    #
+    # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.list_customer_managed_policy_references_in_permission_set({
+    #     instance_arn: "InstanceArn", # required
+    #     permission_set_arn: "PermissionSetArn", # required
+    #     max_results: 1,
+    #     next_token: "Token",
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.customer_managed_policy_references #=> Array
+    #   resp.customer_managed_policy_references[0].name #=> String
+    #   resp.customer_managed_policy_references[0].path #=> String
+    #   resp.next_token #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/ListCustomerManagedPolicyReferencesInPermissionSet AWS API Documentation
+    #
+    # @overload list_customer_managed_policy_references_in_permission_set(params = {})
+    # @param [Hash] params ({})
+    def list_customer_managed_policy_references_in_permission_set(params = {}, options = {})
+      req = build_request(:list_customer_managed_policy_references_in_permission_set, params)
+      req.send_request(options)
+    end
+
+    # Lists the Amazon Web Services SSO instances that the caller has access
+    # to.
     #
     # @option params [Integer] :max_results
     #   The maximum number of results to display for the instance.
@@ -1308,13 +1500,13 @@ module Aws::SSOAdmin
       req.send_request(options)
     end
 
-    # Lists the IAM managed policy that is attached to a specified
-    # permission set.
+    # Lists the Amazon Web Services managed policy that is attached to a
+    # specified permission set.
     #
     # @option params [required, String] :instance_arn
-    #   The ARN of the SSO instance under which the operation will be
-    #   executed. For more information about ARNs, see [Amazon Resource Names
-    #   (ARNs) and Amazon Web Services Service
+    #   The ARN of the Amazon Web Services SSO instance under which the
+    #   operation will be executed. For more information about ARNs, see
+    #   [Amazon Resource Names (ARNs) and Amazon Web Services Service
     #   Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
     #   *Amazon Web Services General Reference*.
     #
@@ -1361,12 +1553,12 @@ module Aws::SSOAdmin
     end
 
     # Lists the status of the permission set provisioning requests for a
-    # specified SSO instance.
+    # specified Amazon Web Services SSO instance.
     #
     # @option params [required, String] :instance_arn
-    #   The ARN of the SSO instance under which the operation will be
-    #   executed. For more information about ARNs, see [Amazon Resource Names
-    #   (ARNs) and Amazon Web Services Service
+    #   The ARN of the Amazon Web Services SSO instance under which the
+    #   operation will be executed. For more information about ARNs, see
+    #   [Amazon Resource Names (ARNs) and Amazon Web Services Service
     #   Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
     #   *Amazon Web Services General Reference*.
     #
@@ -1415,12 +1607,12 @@ module Aws::SSOAdmin
       req.send_request(options)
     end
 
-    # Lists the PermissionSets in an SSO instance.
+    # Lists the PermissionSets in an Amazon Web Services SSO instance.
     #
     # @option params [required, String] :instance_arn
-    #   The ARN of the SSO instance under which the operation will be
-    #   executed. For more information about ARNs, see [Amazon Resource Names
-    #   (ARNs) and Amazon Web Services Service
+    #   The ARN of the Amazon Web Services SSO instance under which the
+    #   operation will be executed. For more information about ARNs, see
+    #   [Amazon Resource Names (ARNs) and Amazon Web Services Service
     #   Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
     #   *Amazon Web Services General Reference*.
     #
@@ -1465,9 +1657,9 @@ module Aws::SSOAdmin
     # Amazon Web Services account.
     #
     # @option params [required, String] :instance_arn
-    #   The ARN of the SSO instance under which the operation will be
-    #   executed. For more information about ARNs, see [Amazon Resource Names
-    #   (ARNs) and Amazon Web Services Service
+    #   The ARN of the Amazon Web Services SSO instance under which the
+    #   operation will be executed. For more information about ARNs, see
+    #   [Amazon Resource Names (ARNs) and Amazon Web Services Service
     #   Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
     #   *Amazon Web Services General Reference*.
     #
@@ -1520,9 +1712,9 @@ module Aws::SSOAdmin
     # Lists the tags that are attached to a specified resource.
     #
     # @option params [required, String] :instance_arn
-    #   The ARN of the SSO instance under which the operation will be
-    #   executed. For more information about ARNs, see [Amazon Resource Names
-    #   (ARNs) and Amazon Web Services Service
+    #   The ARN of the Amazon Web Services SSO instance under which the
+    #   operation will be executed. For more information about ARNs, see
+    #   [Amazon Resource Names (ARNs) and Amazon Web Services Service
     #   Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
     #   *Amazon Web Services General Reference*.
     #
@@ -1544,7 +1736,7 @@ module Aws::SSOAdmin
     #
     #   resp = client.list_tags_for_resource({
     #     instance_arn: "InstanceArn", # required
-    #     resource_arn: "GeneralArn", # required
+    #     resource_arn: "TaggableResourceArn", # required
     #     next_token: "Token",
     #   })
     #
@@ -1568,9 +1760,9 @@ module Aws::SSOAdmin
     # specified target.
     #
     # @option params [required, String] :instance_arn
-    #   The ARN of the SSO instance under which the operation will be
-    #   executed. For more information about ARNs, see [Amazon Resource Names
-    #   (ARNs) and Amazon Web Services Service
+    #   The ARN of the Amazon Web Services SSO instance under which the
+    #   operation will be executed. For more information about ARNs, see
+    #   [Amazon Resource Names (ARNs) and Amazon Web Services Service
     #   Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
     #   *Amazon Web Services General Reference*.
     #
@@ -1615,7 +1807,7 @@ module Aws::SSOAdmin
       req.send_request(options)
     end
 
-    # Attaches an IAM inline policy to a permission set.
+    # Attaches an inline policy to a permission set.
     #
     # <note markdown="1"> If the permission set is already referenced by one or more account
     # assignments, you will need to call ` ProvisionPermissionSet ` after
@@ -1625,9 +1817,9 @@ module Aws::SSOAdmin
     #  </note>
     #
     # @option params [required, String] :instance_arn
-    #   The ARN of the SSO instance under which the operation will be
-    #   executed. For more information about ARNs, see [Amazon Resource Names
-    #   (ARNs) and Amazon Web Services Service
+    #   The ARN of the Amazon Web Services SSO instance under which the
+    #   operation will be executed. For more information about ARNs, see
+    #   [Amazon Resource Names (ARNs) and Amazon Web Services Service
     #   Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
     #   *Amazon Web Services General Reference*.
     #
@@ -1635,7 +1827,7 @@ module Aws::SSOAdmin
     #   The ARN of the permission set.
     #
     # @option params [required, String] :inline_policy
-    #   The IAM inline policy to attach to a PermissionSet.
+    #   The inline policy to attach to a PermissionSet.
     #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
@@ -1656,12 +1848,50 @@ module Aws::SSOAdmin
       req.send_request(options)
     end
 
+    # Attaches an Amazon Web Services managed or customer managed policy to
+    # the specified PermissionSet as a permissions boundary.
+    #
+    # @option params [required, String] :instance_arn
+    #   The ARN of the Amazon Web Services SSO instance under which the
+    #   operation will be executed.
+    #
+    # @option params [required, String] :permission_set_arn
+    #   The ARN of the `PermissionSet`.
+    #
+    # @option params [required, Types::PermissionsBoundary] :permissions_boundary
+    #   The permissions boundary that you want to attach to a `PermissionSet`.
+    #
+    # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.put_permissions_boundary_to_permission_set({
+    #     instance_arn: "InstanceArn", # required
+    #     permission_set_arn: "PermissionSetArn", # required
+    #     permissions_boundary: { # required
+    #       customer_managed_policy_reference: {
+    #         name: "ManagedPolicyName", # required
+    #         path: "ManagedPolicyPath",
+    #       },
+    #       managed_policy_arn: "ManagedPolicyArn",
+    #     },
+    #   })
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/PutPermissionsBoundaryToPermissionSet AWS API Documentation
+    #
+    # @overload put_permissions_boundary_to_permission_set(params = {})
+    # @param [Hash] params ({})
+    def put_permissions_boundary_to_permission_set(params = {}, options = {})
+      req = build_request(:put_permissions_boundary_to_permission_set, params)
+      req.send_request(options)
+    end
+
     # Associates a set of tags with a specified resource.
     #
     # @option params [required, String] :instance_arn
-    #   The ARN of the SSO instance under which the operation will be
-    #   executed. For more information about ARNs, see [Amazon Resource Names
-    #   (ARNs) and Amazon Web Services Service
+    #   The ARN of the Amazon Web Services SSO instance under which the
+    #   operation will be executed. For more information about ARNs, see
+    #   [Amazon Resource Names (ARNs) and Amazon Web Services Service
     #   Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
     #   *Amazon Web Services General Reference*.
     #
@@ -1677,11 +1907,11 @@ module Aws::SSOAdmin
     #
     #   resp = client.tag_resource({
     #     instance_arn: "InstanceArn", # required
-    #     resource_arn: "GeneralArn", # required
+    #     resource_arn: "TaggableResourceArn", # required
     #     tags: [ # required
     #       {
-    #         key: "TagKey",
-    #         value: "TagValue",
+    #         key: "TagKey", # required
+    #         value: "TagValue", # required
     #       },
     #     ],
     #   })
@@ -1698,9 +1928,9 @@ module Aws::SSOAdmin
     # Disassociates a set of tags from a specified resource.
     #
     # @option params [required, String] :instance_arn
-    #   The ARN of the SSO instance under which the operation will be
-    #   executed. For more information about ARNs, see [Amazon Resource Names
-    #   (ARNs) and Amazon Web Services Service
+    #   The ARN of the Amazon Web Services SSO instance under which the
+    #   operation will be executed. For more information about ARNs, see
+    #   [Amazon Resource Names (ARNs) and Amazon Web Services Service
     #   Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
     #   *Amazon Web Services General Reference*.
     #
@@ -1716,7 +1946,7 @@ module Aws::SSOAdmin
     #
     #   resp = client.untag_resource({
     #     instance_arn: "InstanceArn", # required
-    #     resource_arn: "GeneralArn", # required
+    #     resource_arn: "TaggableResourceArn", # required
     #     tag_keys: ["TagKey"], # required
     #   })
     #
@@ -1742,8 +1972,8 @@ module Aws::SSOAdmin
     # Services SSO User Guide*.
     #
     # @option params [required, String] :instance_arn
-    #   The ARN of the SSO instance under which the operation will be
-    #   executed.
+    #   The ARN of the Amazon Web Services SSO instance under which the
+    #   operation will be executed.
     #
     # @option params [required, Types::InstanceAccessControlAttributeConfiguration] :instance_access_control_attribute_configuration
     #   Updates the attributes for your ABAC configuration.
@@ -1778,9 +2008,9 @@ module Aws::SSOAdmin
     # Updates an existing permission set.
     #
     # @option params [required, String] :instance_arn
-    #   The ARN of the SSO instance under which the operation will be
-    #   executed. For more information about ARNs, see [Amazon Resource Names
-    #   (ARNs) and Amazon Web Services Service
+    #   The ARN of the Amazon Web Services SSO instance under which the
+    #   operation will be executed. For more information about ARNs, see
+    #   [Amazon Resource Names (ARNs) and Amazon Web Services Service
     #   Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
     #   *Amazon Web Services General Reference*.
     #
@@ -1832,7 +2062,7 @@ module Aws::SSOAdmin
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-ssoadmin'
-      context[:gem_version] = '1.15.0'
+      context[:gem_version] = '1.18.0'
       Seahorse::Client::Request.new(handlers, context)
     end