aws-sdk-ssoadmin 1.15.0 → 1.18.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -49,7 +49,12 @@ module Aws::SSOAdmin
49
49
  end
50
50
 
51
51
  # The value used for mapping a specified attribute to an identity
52
- # source.
52
+ # source. For more information, see [Attribute mappings][1] in the
53
+ # *Amazon Web Services SSO User Guide*.
54
+ #
55
+ #
56
+ #
57
+ # [1]: https://docs.aws.amazon.com/singlesignon/latest/userguide/attributemappingsconcept.html
53
58
  #
54
59
  # @note When making an API call, you may pass AccessControlAttributeValue
55
60
  # data as a hash:
@@ -218,6 +223,47 @@ module Aws::SSOAdmin
218
223
  include Aws::Structure
219
224
  end
220
225
 
226
+ # @note When making an API call, you may pass AttachCustomerManagedPolicyReferenceToPermissionSetRequest
227
+ # data as a hash:
228
+ #
229
+ # {
230
+ # instance_arn: "InstanceArn", # required
231
+ # permission_set_arn: "PermissionSetArn", # required
232
+ # customer_managed_policy_reference: { # required
233
+ # name: "ManagedPolicyName", # required
234
+ # path: "ManagedPolicyPath",
235
+ # },
236
+ # }
237
+ #
238
+ # @!attribute [rw] instance_arn
239
+ # The ARN of the Amazon Web Services SSO instance under which the
240
+ # operation will be executed.
241
+ # @return [String]
242
+ #
243
+ # @!attribute [rw] permission_set_arn
244
+ # The ARN of the `PermissionSet`.
245
+ # @return [String]
246
+ #
247
+ # @!attribute [rw] customer_managed_policy_reference
248
+ # Specifies the name and path of a customer managed policy. You must
249
+ # have an IAM policy that matches the name and path in each Amazon Web
250
+ # Services account where you want to deploy your permission set.
251
+ # @return [Types::CustomerManagedPolicyReference]
252
+ #
253
+ # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/AttachCustomerManagedPolicyReferenceToPermissionSetRequest AWS API Documentation
254
+ #
255
+ class AttachCustomerManagedPolicyReferenceToPermissionSetRequest < Struct.new(
256
+ :instance_arn,
257
+ :permission_set_arn,
258
+ :customer_managed_policy_reference)
259
+ SENSITIVE = []
260
+ include Aws::Structure
261
+ end
262
+
263
+ # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/AttachCustomerManagedPolicyReferenceToPermissionSetResponse AWS API Documentation
264
+ #
265
+ class AttachCustomerManagedPolicyReferenceToPermissionSetResponse < Aws::EmptyStructure; end
266
+
221
267
  # @note When making an API call, you may pass AttachManagedPolicyToPermissionSetRequest
222
268
  # data as a hash:
223
269
  #
@@ -228,9 +274,9 @@ module Aws::SSOAdmin
228
274
  # }
229
275
  #
230
276
  # @!attribute [rw] instance_arn
231
- # The ARN of the SSO instance under which the operation will be
232
- # executed. For more information about ARNs, see [Amazon Resource
233
- # Names (ARNs) and Amazon Web Services Service
277
+ # The ARN of the Amazon Web Services SSO instance under which the
278
+ # operation will be executed. For more information about ARNs, see
279
+ # [Amazon Resource Names (ARNs) and Amazon Web Services Service
234
280
  # Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
235
281
  # *Amazon Web Services General Reference*.
236
282
  # @return [String]
@@ -241,7 +287,8 @@ module Aws::SSOAdmin
241
287
  # @return [String]
242
288
  #
243
289
  # @!attribute [rw] managed_policy_arn
244
- # The IAM managed policy ARN to be attached to a permission set.
290
+ # The Amazon Web Services managed policy ARN to be attached to a
291
+ # permission set.
245
292
  # @return [String]
246
293
  #
247
294
  # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/AttachManagedPolicyToPermissionSetRequest AWS API Documentation
@@ -258,15 +305,17 @@ module Aws::SSOAdmin
258
305
  #
259
306
  class AttachManagedPolicyToPermissionSetResponse < Aws::EmptyStructure; end
260
307
 
261
- # A structure that stores the details of the IAM managed policy.
308
+ # A structure that stores the details of the Amazon Web Services managed
309
+ # policy.
262
310
  #
263
311
  # @!attribute [rw] name
264
- # The name of the IAM managed policy.
312
+ # The name of the Amazon Web Services managed policy.
265
313
  # @return [String]
266
314
  #
267
315
  # @!attribute [rw] arn
268
- # The ARN of the IAM managed policy. For more information about ARNs,
269
- # see [Amazon Resource Names (ARNs) and Amazon Web Services Service
316
+ # The ARN of the Amazon Web Services managed policy. For more
317
+ # information about ARNs, see [Amazon Resource Names (ARNs) and Amazon
318
+ # Web Services Service
270
319
  # Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
271
320
  # *Amazon Web Services General Reference*.
272
321
  # @return [String]
@@ -310,9 +359,9 @@ module Aws::SSOAdmin
310
359
  # }
311
360
  #
312
361
  # @!attribute [rw] instance_arn
313
- # The ARN of the SSO instance under which the operation will be
314
- # executed. For more information about ARNs, see [Amazon Resource
315
- # Names (ARNs) and Amazon Web Services Service
362
+ # The ARN of the Amazon Web Services SSO instance under which the
363
+ # operation will be executed. For more information about ARNs, see
364
+ # [Amazon Resource Names (ARNs) and Amazon Web Services Service
316
365
  # Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
317
366
  # *Amazon Web Services General Reference*.
318
367
  # @return [String]
@@ -387,8 +436,8 @@ module Aws::SSOAdmin
387
436
  # }
388
437
  #
389
438
  # @!attribute [rw] instance_arn
390
- # The ARN of the SSO instance under which the operation will be
391
- # executed.
439
+ # The ARN of the Amazon Web Services SSO instance under which the
440
+ # operation will be executed.
392
441
  # @return [String]
393
442
  #
394
443
  # @!attribute [rw] instance_access_control_attribute_configuration
@@ -426,8 +475,8 @@ module Aws::SSOAdmin
426
475
  # relay_state: "RelayState",
427
476
  # tags: [
428
477
  # {
429
- # key: "TagKey",
430
- # value: "TagValue",
478
+ # key: "TagKey", # required
479
+ # value: "TagValue", # required
431
480
  # },
432
481
  # ],
433
482
  # }
@@ -441,9 +490,9 @@ module Aws::SSOAdmin
441
490
  # @return [String]
442
491
  #
443
492
  # @!attribute [rw] instance_arn
444
- # The ARN of the SSO instance under which the operation will be
445
- # executed. For more information about ARNs, see [Amazon Resource
446
- # Names (ARNs) and Amazon Web Services Service
493
+ # The ARN of the Amazon Web Services SSO instance under which the
494
+ # operation will be executed. For more information about ARNs, see
495
+ # [Amazon Resource Names (ARNs) and Amazon Web Services Service
447
496
  # Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
448
497
  # *Amazon Web Services General Reference*.
449
498
  # @return [String]
@@ -487,6 +536,43 @@ module Aws::SSOAdmin
487
536
  include Aws::Structure
488
537
  end
489
538
 
539
+ # Specifies the name and path of a customer managed policy. You must
540
+ # have an IAM policy that matches the name and path in each Amazon Web
541
+ # Services account where you want to deploy your permission set.
542
+ #
543
+ # @note When making an API call, you may pass CustomerManagedPolicyReference
544
+ # data as a hash:
545
+ #
546
+ # {
547
+ # name: "ManagedPolicyName", # required
548
+ # path: "ManagedPolicyPath",
549
+ # }
550
+ #
551
+ # @!attribute [rw] name
552
+ # The name of the IAM policy that you have configured in each account
553
+ # where you want to deploy your permission set.
554
+ # @return [String]
555
+ #
556
+ # @!attribute [rw] path
557
+ # The path to the IAM policy that you have configured in each account
558
+ # where you want to deploy your permission set. The default is `/`.
559
+ # For more information, see [Friendly names and paths][1] in the
560
+ # *Identity and Access Management User Guide*.
561
+ #
562
+ #
563
+ #
564
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-friendly-names
565
+ # @return [String]
566
+ #
567
+ # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/CustomerManagedPolicyReference AWS API Documentation
568
+ #
569
+ class CustomerManagedPolicyReference < Struct.new(
570
+ :name,
571
+ :path)
572
+ SENSITIVE = []
573
+ include Aws::Structure
574
+ end
575
+
490
576
  # @note When making an API call, you may pass DeleteAccountAssignmentRequest
491
577
  # data as a hash:
492
578
  #
@@ -500,9 +586,9 @@ module Aws::SSOAdmin
500
586
  # }
501
587
  #
502
588
  # @!attribute [rw] instance_arn
503
- # The ARN of the SSO instance under which the operation will be
504
- # executed. For more information about ARNs, see [Amazon Resource
505
- # Names (ARNs) and Amazon Web Services Service
589
+ # The ARN of the Amazon Web Services SSO instance under which the
590
+ # operation will be executed. For more information about ARNs, see
591
+ # [Amazon Resource Names (ARNs) and Amazon Web Services Service
506
592
  # Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
507
593
  # *Amazon Web Services General Reference*.
508
594
  # @return [String]
@@ -567,9 +653,9 @@ module Aws::SSOAdmin
567
653
  # }
568
654
  #
569
655
  # @!attribute [rw] instance_arn
570
- # The ARN of the SSO instance under which the operation will be
571
- # executed. For more information about ARNs, see [Amazon Resource
572
- # Names (ARNs) and Amazon Web Services Service
656
+ # The ARN of the Amazon Web Services SSO instance under which the
657
+ # operation will be executed. For more information about ARNs, see
658
+ # [Amazon Resource Names (ARNs) and Amazon Web Services Service
573
659
  # Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
574
660
  # *Amazon Web Services General Reference*.
575
661
  # @return [String]
@@ -599,8 +685,8 @@ module Aws::SSOAdmin
599
685
  # }
600
686
  #
601
687
  # @!attribute [rw] instance_arn
602
- # The ARN of the SSO instance under which the operation will be
603
- # executed.
688
+ # The ARN of the Amazon Web Services SSO instance under which the
689
+ # operation will be executed.
604
690
  # @return [String]
605
691
  #
606
692
  # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/DeleteInstanceAccessControlAttributeConfigurationRequest AWS API Documentation
@@ -624,9 +710,9 @@ module Aws::SSOAdmin
624
710
  # }
625
711
  #
626
712
  # @!attribute [rw] instance_arn
627
- # The ARN of the SSO instance under which the operation will be
628
- # executed. For more information about ARNs, see [Amazon Resource
629
- # Names (ARNs) and Amazon Web Services Service
713
+ # The ARN of the Amazon Web Services SSO instance under which the
714
+ # operation will be executed. For more information about ARNs, see
715
+ # [Amazon Resource Names (ARNs) and Amazon Web Services Service
630
716
  # Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
631
717
  # *Amazon Web Services General Reference*.
632
718
  # @return [String]
@@ -648,6 +734,36 @@ module Aws::SSOAdmin
648
734
  #
649
735
  class DeletePermissionSetResponse < Aws::EmptyStructure; end
650
736
 
737
+ # @note When making an API call, you may pass DeletePermissionsBoundaryFromPermissionSetRequest
738
+ # data as a hash:
739
+ #
740
+ # {
741
+ # instance_arn: "InstanceArn", # required
742
+ # permission_set_arn: "PermissionSetArn", # required
743
+ # }
744
+ #
745
+ # @!attribute [rw] instance_arn
746
+ # The ARN of the Amazon Web Services SSO instance under which the
747
+ # operation will be executed.
748
+ # @return [String]
749
+ #
750
+ # @!attribute [rw] permission_set_arn
751
+ # The ARN of the `PermissionSet`.
752
+ # @return [String]
753
+ #
754
+ # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/DeletePermissionsBoundaryFromPermissionSetRequest AWS API Documentation
755
+ #
756
+ class DeletePermissionsBoundaryFromPermissionSetRequest < Struct.new(
757
+ :instance_arn,
758
+ :permission_set_arn)
759
+ SENSITIVE = []
760
+ include Aws::Structure
761
+ end
762
+
763
+ # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/DeletePermissionsBoundaryFromPermissionSetResponse AWS API Documentation
764
+ #
765
+ class DeletePermissionsBoundaryFromPermissionSetResponse < Aws::EmptyStructure; end
766
+
651
767
  # @note When making an API call, you may pass DescribeAccountAssignmentCreationStatusRequest
652
768
  # data as a hash:
653
769
  #
@@ -657,9 +773,9 @@ module Aws::SSOAdmin
657
773
  # }
658
774
  #
659
775
  # @!attribute [rw] instance_arn
660
- # The ARN of the SSO instance under which the operation will be
661
- # executed. For more information about ARNs, see [Amazon Resource
662
- # Names (ARNs) and Amazon Web Services Service
776
+ # The ARN of the Amazon Web Services SSO instance under which the
777
+ # operation will be executed. For more information about ARNs, see
778
+ # [Amazon Resource Names (ARNs) and Amazon Web Services Service
663
779
  # Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
664
780
  # *Amazon Web Services General Reference*.
665
781
  # @return [String]
@@ -698,9 +814,9 @@ module Aws::SSOAdmin
698
814
  # }
699
815
  #
700
816
  # @!attribute [rw] instance_arn
701
- # The ARN of the SSO instance under which the operation will be
702
- # executed. For more information about ARNs, see [Amazon Resource
703
- # Names (ARNs) and Amazon Web Services Service
817
+ # The ARN of the Amazon Web Services SSO instance under which the
818
+ # operation will be executed. For more information about ARNs, see
819
+ # [Amazon Resource Names (ARNs) and Amazon Web Services Service
704
820
  # Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
705
821
  # *Amazon Web Services General Reference*.
706
822
  # @return [String]
@@ -738,8 +854,8 @@ module Aws::SSOAdmin
738
854
  # }
739
855
  #
740
856
  # @!attribute [rw] instance_arn
741
- # The ARN of the SSO instance under which the operation will be
742
- # executed.
857
+ # The ARN of the Amazon Web Services SSO instance under which the
858
+ # operation will be executed.
743
859
  # @return [String]
744
860
  #
745
861
  # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/DescribeInstanceAccessControlAttributeConfigurationRequest AWS API Documentation
@@ -783,9 +899,9 @@ module Aws::SSOAdmin
783
899
  # }
784
900
  #
785
901
  # @!attribute [rw] instance_arn
786
- # The ARN of the SSO instance under which the operation will be
787
- # executed. For more information about ARNs, see [Amazon Resource
788
- # Names (ARNs) and Amazon Web Services Service
902
+ # The ARN of the Amazon Web Services SSO instance under which the
903
+ # operation will be executed. For more information about ARNs, see
904
+ # [Amazon Resource Names (ARNs) and Amazon Web Services Service
789
905
  # Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
790
906
  # *Amazon Web Services General Reference*.
791
907
  # @return [String]
@@ -825,9 +941,9 @@ module Aws::SSOAdmin
825
941
  # }
826
942
  #
827
943
  # @!attribute [rw] instance_arn
828
- # The ARN of the SSO instance under which the operation will be
829
- # executed. For more information about ARNs, see [Amazon Resource
830
- # Names (ARNs) and Amazon Web Services Service
944
+ # The ARN of the Amazon Web Services SSO instance under which the
945
+ # operation will be executed. For more information about ARNs, see
946
+ # [Amazon Resource Names (ARNs) and Amazon Web Services Service
831
947
  # Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
832
948
  # *Amazon Web Services General Reference*.
833
949
  # @return [String]
@@ -857,6 +973,47 @@ module Aws::SSOAdmin
857
973
  include Aws::Structure
858
974
  end
859
975
 
976
+ # @note When making an API call, you may pass DetachCustomerManagedPolicyReferenceFromPermissionSetRequest
977
+ # data as a hash:
978
+ #
979
+ # {
980
+ # instance_arn: "InstanceArn", # required
981
+ # permission_set_arn: "PermissionSetArn", # required
982
+ # customer_managed_policy_reference: { # required
983
+ # name: "ManagedPolicyName", # required
984
+ # path: "ManagedPolicyPath",
985
+ # },
986
+ # }
987
+ #
988
+ # @!attribute [rw] instance_arn
989
+ # The ARN of the Amazon Web Services SSO instance under which the
990
+ # operation will be executed.
991
+ # @return [String]
992
+ #
993
+ # @!attribute [rw] permission_set_arn
994
+ # The ARN of the `PermissionSet`.
995
+ # @return [String]
996
+ #
997
+ # @!attribute [rw] customer_managed_policy_reference
998
+ # Specifies the name and path of a customer managed policy. You must
999
+ # have an IAM policy that matches the name and path in each Amazon Web
1000
+ # Services account where you want to deploy your permission set.
1001
+ # @return [Types::CustomerManagedPolicyReference]
1002
+ #
1003
+ # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/DetachCustomerManagedPolicyReferenceFromPermissionSetRequest AWS API Documentation
1004
+ #
1005
+ class DetachCustomerManagedPolicyReferenceFromPermissionSetRequest < Struct.new(
1006
+ :instance_arn,
1007
+ :permission_set_arn,
1008
+ :customer_managed_policy_reference)
1009
+ SENSITIVE = []
1010
+ include Aws::Structure
1011
+ end
1012
+
1013
+ # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/DetachCustomerManagedPolicyReferenceFromPermissionSetResponse AWS API Documentation
1014
+ #
1015
+ class DetachCustomerManagedPolicyReferenceFromPermissionSetResponse < Aws::EmptyStructure; end
1016
+
860
1017
  # @note When making an API call, you may pass DetachManagedPolicyFromPermissionSetRequest
861
1018
  # data as a hash:
862
1019
  #
@@ -867,9 +1024,9 @@ module Aws::SSOAdmin
867
1024
  # }
868
1025
  #
869
1026
  # @!attribute [rw] instance_arn
870
- # The ARN of the SSO instance under which the operation will be
871
- # executed. For more information about ARNs, see [Amazon Resource
872
- # Names (ARNs) and Amazon Web Services Service
1027
+ # The ARN of the Amazon Web Services SSO instance under which the
1028
+ # operation will be executed. For more information about ARNs, see
1029
+ # [Amazon Resource Names (ARNs) and Amazon Web Services Service
873
1030
  # Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
874
1031
  # *Amazon Web Services General Reference*.
875
1032
  # @return [String]
@@ -880,7 +1037,8 @@ module Aws::SSOAdmin
880
1037
  # @return [String]
881
1038
  #
882
1039
  # @!attribute [rw] managed_policy_arn
883
- # The IAM managed policy ARN to be attached to a permission set.
1040
+ # The Amazon Web Services managed policy ARN to be detached from a
1041
+ # permission set.
884
1042
  # @return [String]
885
1043
  #
886
1044
  # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/DetachManagedPolicyFromPermissionSetRequest AWS API Documentation
@@ -906,9 +1064,9 @@ module Aws::SSOAdmin
906
1064
  # }
907
1065
  #
908
1066
  # @!attribute [rw] instance_arn
909
- # The ARN of the SSO instance under which the operation will be
910
- # executed. For more information about ARNs, see [Amazon Resource
911
- # Names (ARNs) and Amazon Web Services Service
1067
+ # The ARN of the Amazon Web Services SSO instance under which the
1068
+ # operation will be executed. For more information about ARNs, see
1069
+ # [Amazon Resource Names (ARNs) and Amazon Web Services Service
912
1070
  # Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
913
1071
  # *Amazon Web Services General Reference*.
914
1072
  # @return [String]
@@ -927,14 +1085,52 @@ module Aws::SSOAdmin
927
1085
  end
928
1086
 
929
1087
  # @!attribute [rw] inline_policy
930
- # The IAM inline policy that is attached to the permission set.
1088
+ # The inline policy that is attached to the permission set.
931
1089
  # @return [String]
932
1090
  #
933
1091
  # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/GetInlinePolicyForPermissionSetResponse AWS API Documentation
934
1092
  #
935
1093
  class GetInlinePolicyForPermissionSetResponse < Struct.new(
936
1094
  :inline_policy)
937
- SENSITIVE = [:inline_policy]
1095
+ SENSITIVE = []
1096
+ include Aws::Structure
1097
+ end
1098
+
1099
+ # @note When making an API call, you may pass GetPermissionsBoundaryForPermissionSetRequest
1100
+ # data as a hash:
1101
+ #
1102
+ # {
1103
+ # instance_arn: "InstanceArn", # required
1104
+ # permission_set_arn: "PermissionSetArn", # required
1105
+ # }
1106
+ #
1107
+ # @!attribute [rw] instance_arn
1108
+ # The ARN of the Amazon Web Services SSO instance under which the
1109
+ # operation will be executed.
1110
+ # @return [String]
1111
+ #
1112
+ # @!attribute [rw] permission_set_arn
1113
+ # The ARN of the `PermissionSet`.
1114
+ # @return [String]
1115
+ #
1116
+ # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/GetPermissionsBoundaryForPermissionSetRequest AWS API Documentation
1117
+ #
1118
+ class GetPermissionsBoundaryForPermissionSetRequest < Struct.new(
1119
+ :instance_arn,
1120
+ :permission_set_arn)
1121
+ SENSITIVE = []
1122
+ include Aws::Structure
1123
+ end
1124
+
1125
+ # @!attribute [rw] permissions_boundary
1126
+ # The permissions boundary attached to the specified permission set.
1127
+ # @return [Types::PermissionsBoundary]
1128
+ #
1129
+ # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/GetPermissionsBoundaryForPermissionSetResponse AWS API Documentation
1130
+ #
1131
+ class GetPermissionsBoundaryForPermissionSetResponse < Struct.new(
1132
+ :permissions_boundary)
1133
+ SENSITIVE = []
938
1134
  include Aws::Structure
939
1135
  end
940
1136
 
@@ -968,19 +1164,19 @@ module Aws::SSOAdmin
968
1164
  include Aws::Structure
969
1165
  end
970
1166
 
971
- # Provides information about the SSO instance.
1167
+ # Provides information about the Amazon Web Services SSO instance.
972
1168
  #
973
1169
  # @!attribute [rw] instance_arn
974
- # The ARN of the SSO instance under which the operation will be
975
- # executed. For more information about ARNs, see [Amazon Resource
976
- # Names (ARNs) and Amazon Web Services Service
1170
+ # The ARN of the Amazon Web Services SSO instance under which the
1171
+ # operation will be executed. For more information about ARNs, see
1172
+ # [Amazon Resource Names (ARNs) and Amazon Web Services Service
977
1173
  # Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
978
1174
  # *Amazon Web Services General Reference*.
979
1175
  # @return [String]
980
1176
  #
981
1177
  # @!attribute [rw] identity_store_id
982
- # The identifier of the identity store that is connected to the SSO
983
- # instance.
1178
+ # The identifier of the identity store that is connected to the Amazon
1179
+ # Web Services SSO instance.
984
1180
  # @return [String]
985
1181
  #
986
1182
  # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/InstanceMetadata AWS API Documentation
@@ -1019,9 +1215,9 @@ module Aws::SSOAdmin
1019
1215
  # }
1020
1216
  #
1021
1217
  # @!attribute [rw] instance_arn
1022
- # The ARN of the SSO instance under which the operation will be
1023
- # executed. For more information about ARNs, see [Amazon Resource
1024
- # Names (ARNs) and Amazon Web Services Service
1218
+ # The ARN of the Amazon Web Services SSO instance under which the
1219
+ # operation will be executed. For more information about ARNs, see
1220
+ # [Amazon Resource Names (ARNs) and Amazon Web Services Service
1025
1221
  # Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
1026
1222
  # *Amazon Web Services General Reference*.
1027
1223
  # @return [String]
@@ -1081,9 +1277,9 @@ module Aws::SSOAdmin
1081
1277
  # }
1082
1278
  #
1083
1279
  # @!attribute [rw] instance_arn
1084
- # The ARN of the SSO instance under which the operation will be
1085
- # executed. For more information about ARNs, see [Amazon Resource
1086
- # Names (ARNs) and Amazon Web Services Service
1280
+ # The ARN of the Amazon Web Services SSO instance under which the
1281
+ # operation will be executed. For more information about ARNs, see
1282
+ # [Amazon Resource Names (ARNs) and Amazon Web Services Service
1087
1283
  # Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
1088
1284
  # *Amazon Web Services General Reference*.
1089
1285
  # @return [String]
@@ -1142,9 +1338,9 @@ module Aws::SSOAdmin
1142
1338
  # }
1143
1339
  #
1144
1340
  # @!attribute [rw] instance_arn
1145
- # The ARN of the SSO instance under which the operation will be
1146
- # executed. For more information about ARNs, see [Amazon Resource
1147
- # Names (ARNs) and Amazon Web Services Service
1341
+ # The ARN of the Amazon Web Services SSO instance under which the
1342
+ # operation will be executed. For more information about ARNs, see
1343
+ # [Amazon Resource Names (ARNs) and Amazon Web Services Service
1148
1344
  # Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
1149
1345
  # *Amazon Web Services General Reference*.
1150
1346
  # @return [String]
@@ -1210,9 +1406,9 @@ module Aws::SSOAdmin
1210
1406
  # }
1211
1407
  #
1212
1408
  # @!attribute [rw] instance_arn
1213
- # The ARN of the SSO instance under which the operation will be
1214
- # executed. For more information about ARNs, see [Amazon Resource
1215
- # Names (ARNs) and Amazon Web Services Service
1409
+ # The ARN of the Amazon Web Services SSO instance under which the
1410
+ # operation will be executed. For more information about ARNs, see
1411
+ # [Amazon Resource Names (ARNs) and Amazon Web Services Service
1216
1412
  # Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
1217
1413
  # *Amazon Web Services General Reference*.
1218
1414
  # @return [String]
@@ -1266,6 +1462,64 @@ module Aws::SSOAdmin
1266
1462
  include Aws::Structure
1267
1463
  end
1268
1464
 
1465
+ # @note When making an API call, you may pass ListCustomerManagedPolicyReferencesInPermissionSetRequest
1466
+ # data as a hash:
1467
+ #
1468
+ # {
1469
+ # instance_arn: "InstanceArn", # required
1470
+ # permission_set_arn: "PermissionSetArn", # required
1471
+ # max_results: 1,
1472
+ # next_token: "Token",
1473
+ # }
1474
+ #
1475
+ # @!attribute [rw] instance_arn
1476
+ # The ARN of the Amazon Web Services SSO instance under which the
1477
+ # operation will be executed.
1478
+ # @return [String]
1479
+ #
1480
+ # @!attribute [rw] permission_set_arn
1481
+ # The ARN of the `PermissionSet`.
1482
+ # @return [String]
1483
+ #
1484
+ # @!attribute [rw] max_results
1485
+ # The maximum number of results to display for the list call.
1486
+ # @return [Integer]
1487
+ #
1488
+ # @!attribute [rw] next_token
1489
+ # The pagination token for the list API. Initially the value is null.
1490
+ # Use the output of previous API calls to make subsequent calls.
1491
+ # @return [String]
1492
+ #
1493
+ # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/ListCustomerManagedPolicyReferencesInPermissionSetRequest AWS API Documentation
1494
+ #
1495
+ class ListCustomerManagedPolicyReferencesInPermissionSetRequest < Struct.new(
1496
+ :instance_arn,
1497
+ :permission_set_arn,
1498
+ :max_results,
1499
+ :next_token)
1500
+ SENSITIVE = []
1501
+ include Aws::Structure
1502
+ end
1503
+
1504
+ # @!attribute [rw] customer_managed_policy_references
1505
+ # Specifies the names and paths of the customer managed policies that
1506
+ # you have attached to your permission set.
1507
+ # @return [Array<Types::CustomerManagedPolicyReference>]
1508
+ #
1509
+ # @!attribute [rw] next_token
1510
+ # The pagination token for the list API. Initially the value is null.
1511
+ # Use the output of previous API calls to make subsequent calls.
1512
+ # @return [String]
1513
+ #
1514
+ # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/ListCustomerManagedPolicyReferencesInPermissionSetResponse AWS API Documentation
1515
+ #
1516
+ class ListCustomerManagedPolicyReferencesInPermissionSetResponse < Struct.new(
1517
+ :customer_managed_policy_references,
1518
+ :next_token)
1519
+ SENSITIVE = []
1520
+ include Aws::Structure
1521
+ end
1522
+
1269
1523
  # @note When making an API call, you may pass ListInstancesRequest
1270
1524
  # data as a hash:
1271
1525
  #
@@ -1293,7 +1547,8 @@ module Aws::SSOAdmin
1293
1547
  end
1294
1548
 
1295
1549
  # @!attribute [rw] instances
1296
- # Lists the SSO instances that the caller has access to.
1550
+ # Lists the Amazon Web Services SSO instances that the caller has
1551
+ # access to.
1297
1552
  # @return [Array<Types::InstanceMetadata>]
1298
1553
  #
1299
1554
  # @!attribute [rw] next_token
@@ -1321,9 +1576,9 @@ module Aws::SSOAdmin
1321
1576
  # }
1322
1577
  #
1323
1578
  # @!attribute [rw] instance_arn
1324
- # The ARN of the SSO instance under which the operation will be
1325
- # executed. For more information about ARNs, see [Amazon Resource
1326
- # Names (ARNs) and Amazon Web Services Service
1579
+ # The ARN of the Amazon Web Services SSO instance under which the
1580
+ # operation will be executed. For more information about ARNs, see
1581
+ # [Amazon Resource Names (ARNs) and Amazon Web Services Service
1327
1582
  # Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
1328
1583
  # *Amazon Web Services General Reference*.
1329
1584
  # @return [String]
@@ -1353,7 +1608,7 @@ module Aws::SSOAdmin
1353
1608
  end
1354
1609
 
1355
1610
  # @!attribute [rw] attached_managed_policies
1356
- # The array of the AttachedManagedPolicy data type object.
1611
+ # An array of the AttachedManagedPolicy data type object.
1357
1612
  # @return [Array<Types::AttachedManagedPolicy>]
1358
1613
  #
1359
1614
  # @!attribute [rw] next_token
@@ -1383,9 +1638,9 @@ module Aws::SSOAdmin
1383
1638
  # }
1384
1639
  #
1385
1640
  # @!attribute [rw] instance_arn
1386
- # The ARN of the SSO instance under which the operation will be
1387
- # executed. For more information about ARNs, see [Amazon Resource
1388
- # Names (ARNs) and Amazon Web Services Service
1641
+ # The ARN of the Amazon Web Services SSO instance under which the
1642
+ # operation will be executed. For more information about ARNs, see
1643
+ # [Amazon Resource Names (ARNs) and Amazon Web Services Service
1389
1644
  # Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
1390
1645
  # *Amazon Web Services General Reference*.
1391
1646
  # @return [String]
@@ -1444,9 +1699,9 @@ module Aws::SSOAdmin
1444
1699
  # }
1445
1700
  #
1446
1701
  # @!attribute [rw] instance_arn
1447
- # The ARN of the SSO instance under which the operation will be
1448
- # executed. For more information about ARNs, see [Amazon Resource
1449
- # Names (ARNs) and Amazon Web Services Service
1702
+ # The ARN of the Amazon Web Services SSO instance under which the
1703
+ # operation will be executed. For more information about ARNs, see
1704
+ # [Amazon Resource Names (ARNs) and Amazon Web Services Service
1450
1705
  # Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
1451
1706
  # *Amazon Web Services General Reference*.
1452
1707
  # @return [String]
@@ -1509,9 +1764,9 @@ module Aws::SSOAdmin
1509
1764
  # }
1510
1765
  #
1511
1766
  # @!attribute [rw] instance_arn
1512
- # The ARN of the SSO instance under which the operation will be
1513
- # executed. For more information about ARNs, see [Amazon Resource
1514
- # Names (ARNs) and Amazon Web Services Service
1767
+ # The ARN of the Amazon Web Services SSO instance under which the
1768
+ # operation will be executed. For more information about ARNs, see
1769
+ # [Amazon Resource Names (ARNs) and Amazon Web Services Service
1515
1770
  # Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
1516
1771
  # *Amazon Web Services General Reference*.
1517
1772
  # @return [String]
@@ -1558,14 +1813,14 @@ module Aws::SSOAdmin
1558
1813
  #
1559
1814
  # {
1560
1815
  # instance_arn: "InstanceArn", # required
1561
- # resource_arn: "GeneralArn", # required
1816
+ # resource_arn: "TaggableResourceArn", # required
1562
1817
  # next_token: "Token",
1563
1818
  # }
1564
1819
  #
1565
1820
  # @!attribute [rw] instance_arn
1566
- # The ARN of the SSO instance under which the operation will be
1567
- # executed. For more information about ARNs, see [Amazon Resource
1568
- # Names (ARNs) and Amazon Web Services Service
1821
+ # The ARN of the Amazon Web Services SSO instance under which the
1822
+ # operation will be executed. For more information about ARNs, see
1823
+ # [Amazon Resource Names (ARNs) and Amazon Web Services Service
1569
1824
  # Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
1570
1825
  # *Amazon Web Services General Reference*.
1571
1826
  # @return [String]
@@ -1744,6 +1999,57 @@ module Aws::SSOAdmin
1744
1999
  include Aws::Structure
1745
2000
  end
1746
2001
 
2002
+ # Specifies the configuration of the Amazon Web Services managed or
2003
+ # customer managed policy that you want to set as a permissions
2004
+ # boundary. Specify either `CustomerManagedPolicyReference` to use the
2005
+ # name and path of a customer managed policy, or `ManagedPolicyArn` to
2006
+ # use the ARN of an Amazon Web Services managed policy. A permissions
2007
+ # boundary represents the maximum permissions that any policy can grant
2008
+ # your role. For more information, see [Permissions boundaries for IAM
2009
+ # entities][1] in the *Identity and Access Management User Guide*.
2010
+ #
2011
+ # Policies used as permissions boundaries don't provide permissions.
2012
+ # You must also attach an IAM policy to the role. To learn how the
2013
+ # effective permissions for a role are evaluated, see [IAM JSON policy
2014
+ # evaluation logic][2] in the *Identity and Access Management User
2015
+ # Guide*.
2016
+ #
2017
+ #
2018
+ #
2019
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html
2020
+ # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html
2021
+ #
2022
+ # @note When making an API call, you may pass PermissionsBoundary
2023
+ # data as a hash:
2024
+ #
2025
+ # {
2026
+ # customer_managed_policy_reference: {
2027
+ # name: "ManagedPolicyName", # required
2028
+ # path: "ManagedPolicyPath",
2029
+ # },
2030
+ # managed_policy_arn: "ManagedPolicyArn",
2031
+ # }
2032
+ #
2033
+ # @!attribute [rw] customer_managed_policy_reference
2034
+ # Specifies the name and path of a customer managed policy. You must
2035
+ # have an IAM policy that matches the name and path in each Amazon Web
2036
+ # Services account where you want to deploy your permission set.
2037
+ # @return [Types::CustomerManagedPolicyReference]
2038
+ #
2039
+ # @!attribute [rw] managed_policy_arn
2040
+ # The Amazon Web Services managed policy ARN that you want to attach
2041
+ # to a permission set as a permissions boundary.
2042
+ # @return [String]
2043
+ #
2044
+ # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/PermissionsBoundary AWS API Documentation
2045
+ #
2046
+ class PermissionsBoundary < Struct.new(
2047
+ :customer_managed_policy_reference,
2048
+ :managed_policy_arn)
2049
+ SENSITIVE = []
2050
+ include Aws::Structure
2051
+ end
2052
+
1747
2053
  # @note When making an API call, you may pass ProvisionPermissionSetRequest
1748
2054
  # data as a hash:
1749
2055
  #
@@ -1755,9 +2061,9 @@ module Aws::SSOAdmin
1755
2061
  # }
1756
2062
  #
1757
2063
  # @!attribute [rw] instance_arn
1758
- # The ARN of the SSO instance under which the operation will be
1759
- # executed. For more information about ARNs, see [Amazon Resource
1760
- # Names (ARNs) and Amazon Web Services Service
2064
+ # The ARN of the Amazon Web Services SSO instance under which the
2065
+ # operation will be executed. For more information about ARNs, see
2066
+ # [Amazon Resource Names (ARNs) and Amazon Web Services Service
1761
2067
  # Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
1762
2068
  # *Amazon Web Services General Reference*.
1763
2069
  # @return [String]
@@ -1808,9 +2114,9 @@ module Aws::SSOAdmin
1808
2114
  # }
1809
2115
  #
1810
2116
  # @!attribute [rw] instance_arn
1811
- # The ARN of the SSO instance under which the operation will be
1812
- # executed. For more information about ARNs, see [Amazon Resource
1813
- # Names (ARNs) and Amazon Web Services Service
2117
+ # The ARN of the Amazon Web Services SSO instance under which the
2118
+ # operation will be executed. For more information about ARNs, see
2119
+ # [Amazon Resource Names (ARNs) and Amazon Web Services Service
1814
2120
  # Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
1815
2121
  # *Amazon Web Services General Reference*.
1816
2122
  # @return [String]
@@ -1820,7 +2126,7 @@ module Aws::SSOAdmin
1820
2126
  # @return [String]
1821
2127
  #
1822
2128
  # @!attribute [rw] inline_policy
1823
- # The IAM inline policy to attach to a PermissionSet.
2129
+ # The inline policy to attach to a PermissionSet.
1824
2130
  # @return [String]
1825
2131
  #
1826
2132
  # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/PutInlinePolicyToPermissionSetRequest AWS API Documentation
@@ -1829,7 +2135,7 @@ module Aws::SSOAdmin
1829
2135
  :instance_arn,
1830
2136
  :permission_set_arn,
1831
2137
  :inline_policy)
1832
- SENSITIVE = [:inline_policy]
2138
+ SENSITIVE = []
1833
2139
  include Aws::Structure
1834
2140
  end
1835
2141
 
@@ -1837,6 +2143,49 @@ module Aws::SSOAdmin
1837
2143
  #
1838
2144
  class PutInlinePolicyToPermissionSetResponse < Aws::EmptyStructure; end
1839
2145
 
2146
+ # @note When making an API call, you may pass PutPermissionsBoundaryToPermissionSetRequest
2147
+ # data as a hash:
2148
+ #
2149
+ # {
2150
+ # instance_arn: "InstanceArn", # required
2151
+ # permission_set_arn: "PermissionSetArn", # required
2152
+ # permissions_boundary: { # required
2153
+ # customer_managed_policy_reference: {
2154
+ # name: "ManagedPolicyName", # required
2155
+ # path: "ManagedPolicyPath",
2156
+ # },
2157
+ # managed_policy_arn: "ManagedPolicyArn",
2158
+ # },
2159
+ # }
2160
+ #
2161
+ # @!attribute [rw] instance_arn
2162
+ # The ARN of the Amazon Web Services SSO instance under which the
2163
+ # operation will be executed.
2164
+ # @return [String]
2165
+ #
2166
+ # @!attribute [rw] permission_set_arn
2167
+ # The ARN of the `PermissionSet`.
2168
+ # @return [String]
2169
+ #
2170
+ # @!attribute [rw] permissions_boundary
2171
+ # The permissions boundary that you want to attach to a
2172
+ # `PermissionSet`.
2173
+ # @return [Types::PermissionsBoundary]
2174
+ #
2175
+ # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/PutPermissionsBoundaryToPermissionSetRequest AWS API Documentation
2176
+ #
2177
+ class PutPermissionsBoundaryToPermissionSetRequest < Struct.new(
2178
+ :instance_arn,
2179
+ :permission_set_arn,
2180
+ :permissions_boundary)
2181
+ SENSITIVE = []
2182
+ include Aws::Structure
2183
+ end
2184
+
2185
+ # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/PutPermissionsBoundaryToPermissionSetResponse AWS API Documentation
2186
+ #
2187
+ class PutPermissionsBoundaryToPermissionSetResponse < Aws::EmptyStructure; end
2188
+
1840
2189
  # Indicates that a requested resource is not found.
1841
2190
  #
1842
2191
  # @!attribute [rw] message
@@ -1873,8 +2222,8 @@ module Aws::SSOAdmin
1873
2222
  # data as a hash:
1874
2223
  #
1875
2224
  # {
1876
- # key: "TagKey",
1877
- # value: "TagValue",
2225
+ # key: "TagKey", # required
2226
+ # value: "TagValue", # required
1878
2227
  # }
1879
2228
  #
1880
2229
  # @!attribute [rw] key
@@ -1899,19 +2248,19 @@ module Aws::SSOAdmin
1899
2248
  #
1900
2249
  # {
1901
2250
  # instance_arn: "InstanceArn", # required
1902
- # resource_arn: "GeneralArn", # required
2251
+ # resource_arn: "TaggableResourceArn", # required
1903
2252
  # tags: [ # required
1904
2253
  # {
1905
- # key: "TagKey",
1906
- # value: "TagValue",
2254
+ # key: "TagKey", # required
2255
+ # value: "TagValue", # required
1907
2256
  # },
1908
2257
  # ],
1909
2258
  # }
1910
2259
  #
1911
2260
  # @!attribute [rw] instance_arn
1912
- # The ARN of the SSO instance under which the operation will be
1913
- # executed. For more information about ARNs, see [Amazon Resource
1914
- # Names (ARNs) and Amazon Web Services Service
2261
+ # The ARN of the Amazon Web Services SSO instance under which the
2262
+ # operation will be executed. For more information about ARNs, see
2263
+ # [Amazon Resource Names (ARNs) and Amazon Web Services Service
1915
2264
  # Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
1916
2265
  # *Amazon Web Services General Reference*.
1917
2266
  # @return [String]
@@ -1957,14 +2306,14 @@ module Aws::SSOAdmin
1957
2306
  #
1958
2307
  # {
1959
2308
  # instance_arn: "InstanceArn", # required
1960
- # resource_arn: "GeneralArn", # required
2309
+ # resource_arn: "TaggableResourceArn", # required
1961
2310
  # tag_keys: ["TagKey"], # required
1962
2311
  # }
1963
2312
  #
1964
2313
  # @!attribute [rw] instance_arn
1965
- # The ARN of the SSO instance under which the operation will be
1966
- # executed. For more information about ARNs, see [Amazon Resource
1967
- # Names (ARNs) and Amazon Web Services Service
2314
+ # The ARN of the Amazon Web Services SSO instance under which the
2315
+ # operation will be executed. For more information about ARNs, see
2316
+ # [Amazon Resource Names (ARNs) and Amazon Web Services Service
1968
2317
  # Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
1969
2318
  # *Amazon Web Services General Reference*.
1970
2319
  # @return [String]
@@ -2009,8 +2358,8 @@ module Aws::SSOAdmin
2009
2358
  # }
2010
2359
  #
2011
2360
  # @!attribute [rw] instance_arn
2012
- # The ARN of the SSO instance under which the operation will be
2013
- # executed.
2361
+ # The ARN of the Amazon Web Services SSO instance under which the
2362
+ # operation will be executed.
2014
2363
  # @return [String]
2015
2364
  #
2016
2365
  # @!attribute [rw] instance_access_control_attribute_configuration
@@ -2042,9 +2391,9 @@ module Aws::SSOAdmin
2042
2391
  # }
2043
2392
  #
2044
2393
  # @!attribute [rw] instance_arn
2045
- # The ARN of the SSO instance under which the operation will be
2046
- # executed. For more information about ARNs, see [Amazon Resource
2047
- # Names (ARNs) and Amazon Web Services Service
2394
+ # The ARN of the Amazon Web Services SSO instance under which the
2395
+ # operation will be executed. For more information about ARNs, see
2396
+ # [Amazon Resource Names (ARNs) and Amazon Web Services Service
2048
2397
  # Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
2049
2398
  # *Amazon Web Services General Reference*.
2050
2399
  # @return [String]