aws-sdk-ssoadmin 1.15.0 → 1.18.0

data/lib/aws-sdk-ssoadmin/types.rb

@@ -49,7 +49,12 @@ module Aws::SSOAdmin
     end
 
     # The value used for mapping a specified attribute to an identity
-    # source.
+    # source. For more information, see [Attribute mappings][1] in the
+    # *Amazon Web Services SSO User Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/singlesignon/latest/userguide/attributemappingsconcept.html
     #
     # @note When making an API call, you may pass AccessControlAttributeValue
     #   data as a hash:
@@ -218,6 +223,47 @@ module Aws::SSOAdmin
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass AttachCustomerManagedPolicyReferenceToPermissionSetRequest
+    #   data as a hash:
+    #
+    #       {
+    #         instance_arn: "InstanceArn", # required
+    #         permission_set_arn: "PermissionSetArn", # required
+    #         customer_managed_policy_reference: { # required
+    #           name: "ManagedPolicyName", # required
+    #           path: "ManagedPolicyPath",
+    #         },
+    #       }
+    #
+    # @!attribute [rw] instance_arn
+    #   The ARN of the Amazon Web Services SSO instance under which the
+    #   operation will be executed.
+    #   @return [String]
+    #
+    # @!attribute [rw] permission_set_arn
+    #   The ARN of the `PermissionSet`.
+    #   @return [String]
+    #
+    # @!attribute [rw] customer_managed_policy_reference
+    #   Specifies the name and path of a customer managed policy. You must
+    #   have an IAM policy that matches the name and path in each Amazon Web
+    #   Services account where you want to deploy your permission set.
+    #   @return [Types::CustomerManagedPolicyReference]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/AttachCustomerManagedPolicyReferenceToPermissionSetRequest AWS API Documentation
+    #
+    class AttachCustomerManagedPolicyReferenceToPermissionSetRequest < Struct.new(
+      :instance_arn,
+      :permission_set_arn,
+      :customer_managed_policy_reference)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/AttachCustomerManagedPolicyReferenceToPermissionSetResponse AWS API Documentation
+    #
+    class AttachCustomerManagedPolicyReferenceToPermissionSetResponse < Aws::EmptyStructure; end
+
     # @note When making an API call, you may pass AttachManagedPolicyToPermissionSetRequest
     #   data as a hash:
     #
@@ -228,9 +274,9 @@ module Aws::SSOAdmin
     #       }
     #
     # @!attribute [rw] instance_arn
-    #   The ARN of the SSO instance under which the operation will be
-    #   executed. For more information about ARNs, see [Amazon Resource
-    #   Names (ARNs) and Amazon Web Services Service
+    #   The ARN of the Amazon Web Services SSO instance under which the
+    #   operation will be executed. For more information about ARNs, see
+    #   [Amazon Resource Names (ARNs) and Amazon Web Services Service
     #   Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
     #   *Amazon Web Services General Reference*.
     #   @return [String]
@@ -241,7 +287,8 @@ module Aws::SSOAdmin
     #   @return [String]
     #
     # @!attribute [rw] managed_policy_arn
-    #   The IAM managed policy ARN to be attached to a permission set.
+    #   The Amazon Web Services managed policy ARN to be attached to a
+    #   permission set.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/AttachManagedPolicyToPermissionSetRequest AWS API Documentation
@@ -258,15 +305,17 @@ module Aws::SSOAdmin
     #
     class AttachManagedPolicyToPermissionSetResponse < Aws::EmptyStructure; end
 
-    # A structure that stores the details of the IAM managed policy.
+    # A structure that stores the details of the Amazon Web Services managed
+    # policy.
     #
     # @!attribute [rw] name
-    #   The name of the IAM managed policy.
+    #   The name of the Amazon Web Services managed policy.
     #   @return [String]
     #
     # @!attribute [rw] arn
-    #   The ARN of the IAM managed policy. For more information about ARNs,
-    #   see [Amazon Resource Names (ARNs) and Amazon Web Services Service
+    #   The ARN of the Amazon Web Services managed policy. For more
+    #   information about ARNs, see [Amazon Resource Names (ARNs) and Amazon
+    #   Web Services Service
     #   Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
     #   *Amazon Web Services General Reference*.
     #   @return [String]
@@ -310,9 +359,9 @@ module Aws::SSOAdmin
     #       }
     #
     # @!attribute [rw] instance_arn
-    #   The ARN of the SSO instance under which the operation will be
-    #   executed. For more information about ARNs, see [Amazon Resource
-    #   Names (ARNs) and Amazon Web Services Service
+    #   The ARN of the Amazon Web Services SSO instance under which the
+    #   operation will be executed. For more information about ARNs, see
+    #   [Amazon Resource Names (ARNs) and Amazon Web Services Service
     #   Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
     #   *Amazon Web Services General Reference*.
     #   @return [String]
@@ -387,8 +436,8 @@ module Aws::SSOAdmin
     #       }
     #
     # @!attribute [rw] instance_arn
-    #   The ARN of the SSO instance under which the operation will be
-    #   executed.
+    #   The ARN of the Amazon Web Services SSO instance under which the
+    #   operation will be executed.
     #   @return [String]
     #
     # @!attribute [rw] instance_access_control_attribute_configuration
@@ -426,8 +475,8 @@ module Aws::SSOAdmin
     #         relay_state: "RelayState",
     #         tags: [
     #           {
-    #             key: "TagKey",
-    #             value: "TagValue",
+    #             key: "TagKey", # required
+    #             value: "TagValue", # required
     #           },
     #         ],
     #       }
@@ -441,9 +490,9 @@ module Aws::SSOAdmin
     #   @return [String]
     #
     # @!attribute [rw] instance_arn
-    #   The ARN of the SSO instance under which the operation will be
-    #   executed. For more information about ARNs, see [Amazon Resource
-    #   Names (ARNs) and Amazon Web Services Service
+    #   The ARN of the Amazon Web Services SSO instance under which the
+    #   operation will be executed. For more information about ARNs, see
+    #   [Amazon Resource Names (ARNs) and Amazon Web Services Service
     #   Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
     #   *Amazon Web Services General Reference*.
     #   @return [String]
@@ -487,6 +536,43 @@ module Aws::SSOAdmin
       include Aws::Structure
     end
 
+    # Specifies the name and path of a customer managed policy. You must
+    # have an IAM policy that matches the name and path in each Amazon Web
+    # Services account where you want to deploy your permission set.
+    #
+    # @note When making an API call, you may pass CustomerManagedPolicyReference
+    #   data as a hash:
+    #
+    #       {
+    #         name: "ManagedPolicyName", # required
+    #         path: "ManagedPolicyPath",
+    #       }
+    #
+    # @!attribute [rw] name
+    #   The name of the IAM policy that you have configured in each account
+    #   where you want to deploy your permission set.
+    #   @return [String]
+    #
+    # @!attribute [rw] path
+    #   The path to the IAM policy that you have configured in each account
+    #   where you want to deploy your permission set. The default is `/`.
+    #   For more information, see [Friendly names and paths][1] in the
+    #   *Identity and Access Management User Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-friendly-names
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/CustomerManagedPolicyReference AWS API Documentation
+    #
+    class CustomerManagedPolicyReference < Struct.new(
+      :name,
+      :path)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass DeleteAccountAssignmentRequest
     #   data as a hash:
     #
@@ -500,9 +586,9 @@ module Aws::SSOAdmin
     #       }
     #
     # @!attribute [rw] instance_arn
-    #   The ARN of the SSO instance under which the operation will be
-    #   executed. For more information about ARNs, see [Amazon Resource
-    #   Names (ARNs) and Amazon Web Services Service
+    #   The ARN of the Amazon Web Services SSO instance under which the
+    #   operation will be executed. For more information about ARNs, see
+    #   [Amazon Resource Names (ARNs) and Amazon Web Services Service
     #   Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
     #   *Amazon Web Services General Reference*.
     #   @return [String]
@@ -567,9 +653,9 @@ module Aws::SSOAdmin
     #       }
     #
     # @!attribute [rw] instance_arn
-    #   The ARN of the SSO instance under which the operation will be
-    #   executed. For more information about ARNs, see [Amazon Resource
-    #   Names (ARNs) and Amazon Web Services Service
+    #   The ARN of the Amazon Web Services SSO instance under which the
+    #   operation will be executed. For more information about ARNs, see
+    #   [Amazon Resource Names (ARNs) and Amazon Web Services Service
     #   Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
     #   *Amazon Web Services General Reference*.
     #   @return [String]
@@ -599,8 +685,8 @@ module Aws::SSOAdmin
     #       }
     #
     # @!attribute [rw] instance_arn
-    #   The ARN of the SSO instance under which the operation will be
-    #   executed.
+    #   The ARN of the Amazon Web Services SSO instance under which the
+    #   operation will be executed.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/DeleteInstanceAccessControlAttributeConfigurationRequest AWS API Documentation
@@ -624,9 +710,9 @@ module Aws::SSOAdmin
     #       }
     #
     # @!attribute [rw] instance_arn
-    #   The ARN of the SSO instance under which the operation will be
-    #   executed. For more information about ARNs, see [Amazon Resource
-    #   Names (ARNs) and Amazon Web Services Service
+    #   The ARN of the Amazon Web Services SSO instance under which the
+    #   operation will be executed. For more information about ARNs, see
+    #   [Amazon Resource Names (ARNs) and Amazon Web Services Service
     #   Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
     #   *Amazon Web Services General Reference*.
     #   @return [String]
@@ -648,6 +734,36 @@ module Aws::SSOAdmin
     #
     class DeletePermissionSetResponse < Aws::EmptyStructure; end
 
+    # @note When making an API call, you may pass DeletePermissionsBoundaryFromPermissionSetRequest
+    #   data as a hash:
+    #
+    #       {
+    #         instance_arn: "InstanceArn", # required
+    #         permission_set_arn: "PermissionSetArn", # required
+    #       }
+    #
+    # @!attribute [rw] instance_arn
+    #   The ARN of the Amazon Web Services SSO instance under which the
+    #   operation will be executed.
+    #   @return [String]
+    #
+    # @!attribute [rw] permission_set_arn
+    #   The ARN of the `PermissionSet`.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/DeletePermissionsBoundaryFromPermissionSetRequest AWS API Documentation
+    #
+    class DeletePermissionsBoundaryFromPermissionSetRequest < Struct.new(
+      :instance_arn,
+      :permission_set_arn)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/DeletePermissionsBoundaryFromPermissionSetResponse AWS API Documentation
+    #
+    class DeletePermissionsBoundaryFromPermissionSetResponse < Aws::EmptyStructure; end
+
     # @note When making an API call, you may pass DescribeAccountAssignmentCreationStatusRequest
     #   data as a hash:
     #
@@ -657,9 +773,9 @@ module Aws::SSOAdmin
     #       }
     #
     # @!attribute [rw] instance_arn
-    #   The ARN of the SSO instance under which the operation will be
-    #   executed. For more information about ARNs, see [Amazon Resource
-    #   Names (ARNs) and Amazon Web Services Service
+    #   The ARN of the Amazon Web Services SSO instance under which the
+    #   operation will be executed. For more information about ARNs, see
+    #   [Amazon Resource Names (ARNs) and Amazon Web Services Service
     #   Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
     #   *Amazon Web Services General Reference*.
     #   @return [String]
@@ -698,9 +814,9 @@ module Aws::SSOAdmin
     #       }
     #
     # @!attribute [rw] instance_arn
-    #   The ARN of the SSO instance under which the operation will be
-    #   executed. For more information about ARNs, see [Amazon Resource
-    #   Names (ARNs) and Amazon Web Services Service
+    #   The ARN of the Amazon Web Services SSO instance under which the
+    #   operation will be executed. For more information about ARNs, see
+    #   [Amazon Resource Names (ARNs) and Amazon Web Services Service
     #   Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
     #   *Amazon Web Services General Reference*.
     #   @return [String]
@@ -738,8 +854,8 @@ module Aws::SSOAdmin
     #       }
     #
     # @!attribute [rw] instance_arn
-    #   The ARN of the SSO instance under which the operation will be
-    #   executed.
+    #   The ARN of the Amazon Web Services SSO instance under which the
+    #   operation will be executed.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/DescribeInstanceAccessControlAttributeConfigurationRequest AWS API Documentation
@@ -783,9 +899,9 @@ module Aws::SSOAdmin
     #       }
     #
     # @!attribute [rw] instance_arn
-    #   The ARN of the SSO instance under which the operation will be
-    #   executed. For more information about ARNs, see [Amazon Resource
-    #   Names (ARNs) and Amazon Web Services Service
+    #   The ARN of the Amazon Web Services SSO instance under which the
+    #   operation will be executed. For more information about ARNs, see
+    #   [Amazon Resource Names (ARNs) and Amazon Web Services Service
     #   Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
     #   *Amazon Web Services General Reference*.
     #   @return [String]
@@ -825,9 +941,9 @@ module Aws::SSOAdmin
     #       }
     #
     # @!attribute [rw] instance_arn
-    #   The ARN of the SSO instance under which the operation will be
-    #   executed. For more information about ARNs, see [Amazon Resource
-    #   Names (ARNs) and Amazon Web Services Service
+    #   The ARN of the Amazon Web Services SSO instance under which the
+    #   operation will be executed. For more information about ARNs, see
+    #   [Amazon Resource Names (ARNs) and Amazon Web Services Service
     #   Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
     #   *Amazon Web Services General Reference*.
     #   @return [String]
@@ -857,6 +973,47 @@ module Aws::SSOAdmin
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass DetachCustomerManagedPolicyReferenceFromPermissionSetRequest
+    #   data as a hash:
+    #
+    #       {
+    #         instance_arn: "InstanceArn", # required
+    #         permission_set_arn: "PermissionSetArn", # required
+    #         customer_managed_policy_reference: { # required
+    #           name: "ManagedPolicyName", # required
+    #           path: "ManagedPolicyPath",
+    #         },
+    #       }
+    #
+    # @!attribute [rw] instance_arn
+    #   The ARN of the Amazon Web Services SSO instance under which the
+    #   operation will be executed.
+    #   @return [String]
+    #
+    # @!attribute [rw] permission_set_arn
+    #   The ARN of the `PermissionSet`.
+    #   @return [String]
+    #
+    # @!attribute [rw] customer_managed_policy_reference
+    #   Specifies the name and path of a customer managed policy. You must
+    #   have an IAM policy that matches the name and path in each Amazon Web
+    #   Services account where you want to deploy your permission set.
+    #   @return [Types::CustomerManagedPolicyReference]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/DetachCustomerManagedPolicyReferenceFromPermissionSetRequest AWS API Documentation
+    #
+    class DetachCustomerManagedPolicyReferenceFromPermissionSetRequest < Struct.new(
+      :instance_arn,
+      :permission_set_arn,
+      :customer_managed_policy_reference)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/DetachCustomerManagedPolicyReferenceFromPermissionSetResponse AWS API Documentation
+    #
+    class DetachCustomerManagedPolicyReferenceFromPermissionSetResponse < Aws::EmptyStructure; end
+
     # @note When making an API call, you may pass DetachManagedPolicyFromPermissionSetRequest
     #   data as a hash:
     #
@@ -867,9 +1024,9 @@ module Aws::SSOAdmin
     #       }
     #
     # @!attribute [rw] instance_arn
-    #   The ARN of the SSO instance under which the operation will be
-    #   executed. For more information about ARNs, see [Amazon Resource
-    #   Names (ARNs) and Amazon Web Services Service
+    #   The ARN of the Amazon Web Services SSO instance under which the
+    #   operation will be executed. For more information about ARNs, see
+    #   [Amazon Resource Names (ARNs) and Amazon Web Services Service
     #   Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
     #   *Amazon Web Services General Reference*.
     #   @return [String]
@@ -880,7 +1037,8 @@ module Aws::SSOAdmin
     #   @return [String]
     #
     # @!attribute [rw] managed_policy_arn
-    #   The IAM managed policy ARN to be attached to a permission set.
+    #   The Amazon Web Services managed policy ARN to be detached from a
+    #   permission set.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/DetachManagedPolicyFromPermissionSetRequest AWS API Documentation
@@ -906,9 +1064,9 @@ module Aws::SSOAdmin
     #       }
     #
     # @!attribute [rw] instance_arn
-    #   The ARN of the SSO instance under which the operation will be
-    #   executed. For more information about ARNs, see [Amazon Resource
-    #   Names (ARNs) and Amazon Web Services Service
+    #   The ARN of the Amazon Web Services SSO instance under which the
+    #   operation will be executed. For more information about ARNs, see
+    #   [Amazon Resource Names (ARNs) and Amazon Web Services Service
     #   Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
     #   *Amazon Web Services General Reference*.
     #   @return [String]
@@ -927,14 +1085,52 @@ module Aws::SSOAdmin
     end
 
     # @!attribute [rw] inline_policy
-    #   The IAM inline policy that is attached to the permission set.
+    #   The inline policy that is attached to the permission set.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/GetInlinePolicyForPermissionSetResponse AWS API Documentation
     #
     class GetInlinePolicyForPermissionSetResponse < Struct.new(
       :inline_policy)
-      SENSITIVE = [:inline_policy]
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @note When making an API call, you may pass GetPermissionsBoundaryForPermissionSetRequest
+    #   data as a hash:
+    #
+    #       {
+    #         instance_arn: "InstanceArn", # required
+    #         permission_set_arn: "PermissionSetArn", # required
+    #       }
+    #
+    # @!attribute [rw] instance_arn
+    #   The ARN of the Amazon Web Services SSO instance under which the
+    #   operation will be executed.
+    #   @return [String]
+    #
+    # @!attribute [rw] permission_set_arn
+    #   The ARN of the `PermissionSet`.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/GetPermissionsBoundaryForPermissionSetRequest AWS API Documentation
+    #
+    class GetPermissionsBoundaryForPermissionSetRequest < Struct.new(
+      :instance_arn,
+      :permission_set_arn)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] permissions_boundary
+    #   The permissions boundary attached to the specified permission set.
+    #   @return [Types::PermissionsBoundary]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/GetPermissionsBoundaryForPermissionSetResponse AWS API Documentation
+    #
+    class GetPermissionsBoundaryForPermissionSetResponse < Struct.new(
+      :permissions_boundary)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -968,19 +1164,19 @@ module Aws::SSOAdmin
       include Aws::Structure
     end
 
-    # Provides information about the SSO instance.
+    # Provides information about the Amazon Web Services SSO instance.
     #
     # @!attribute [rw] instance_arn
-    #   The ARN of the SSO instance under which the operation will be
-    #   executed. For more information about ARNs, see [Amazon Resource
-    #   Names (ARNs) and Amazon Web Services Service
+    #   The ARN of the Amazon Web Services SSO instance under which the
+    #   operation will be executed. For more information about ARNs, see
+    #   [Amazon Resource Names (ARNs) and Amazon Web Services Service
     #   Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
     #   *Amazon Web Services General Reference*.
     #   @return [String]
     #
     # @!attribute [rw] identity_store_id
-    #   The identifier of the identity store that is connected to the SSO
-    #   instance.
+    #   The identifier of the identity store that is connected to the Amazon
+    #   Web Services SSO instance.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/InstanceMetadata AWS API Documentation
@@ -1019,9 +1215,9 @@ module Aws::SSOAdmin
     #       }
     #
     # @!attribute [rw] instance_arn
-    #   The ARN of the SSO instance under which the operation will be
-    #   executed. For more information about ARNs, see [Amazon Resource
-    #   Names (ARNs) and Amazon Web Services Service
+    #   The ARN of the Amazon Web Services SSO instance under which the
+    #   operation will be executed. For more information about ARNs, see
+    #   [Amazon Resource Names (ARNs) and Amazon Web Services Service
     #   Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
     #   *Amazon Web Services General Reference*.
     #   @return [String]
@@ -1081,9 +1277,9 @@ module Aws::SSOAdmin
     #       }
     #
     # @!attribute [rw] instance_arn
-    #   The ARN of the SSO instance under which the operation will be
-    #   executed. For more information about ARNs, see [Amazon Resource
-    #   Names (ARNs) and Amazon Web Services Service
+    #   The ARN of the Amazon Web Services SSO instance under which the
+    #   operation will be executed. For more information about ARNs, see
+    #   [Amazon Resource Names (ARNs) and Amazon Web Services Service
     #   Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
     #   *Amazon Web Services General Reference*.
     #   @return [String]
@@ -1142,9 +1338,9 @@ module Aws::SSOAdmin
     #       }
     #
     # @!attribute [rw] instance_arn
-    #   The ARN of the SSO instance under which the operation will be
-    #   executed. For more information about ARNs, see [Amazon Resource
-    #   Names (ARNs) and Amazon Web Services Service
+    #   The ARN of the Amazon Web Services SSO instance under which the
+    #   operation will be executed. For more information about ARNs, see
+    #   [Amazon Resource Names (ARNs) and Amazon Web Services Service
     #   Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
     #   *Amazon Web Services General Reference*.
     #   @return [String]
@@ -1210,9 +1406,9 @@ module Aws::SSOAdmin
     #       }
     #
     # @!attribute [rw] instance_arn
-    #   The ARN of the SSO instance under which the operation will be
-    #   executed. For more information about ARNs, see [Amazon Resource
-    #   Names (ARNs) and Amazon Web Services Service
+    #   The ARN of the Amazon Web Services SSO instance under which the
+    #   operation will be executed. For more information about ARNs, see
+    #   [Amazon Resource Names (ARNs) and Amazon Web Services Service
     #   Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
     #   *Amazon Web Services General Reference*.
     #   @return [String]
@@ -1266,6 +1462,64 @@ module Aws::SSOAdmin
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass ListCustomerManagedPolicyReferencesInPermissionSetRequest
+    #   data as a hash:
+    #
+    #       {
+    #         instance_arn: "InstanceArn", # required
+    #         permission_set_arn: "PermissionSetArn", # required
+    #         max_results: 1,
+    #         next_token: "Token",
+    #       }
+    #
+    # @!attribute [rw] instance_arn
+    #   The ARN of the Amazon Web Services SSO instance under which the
+    #   operation will be executed.
+    #   @return [String]
+    #
+    # @!attribute [rw] permission_set_arn
+    #   The ARN of the `PermissionSet`.
+    #   @return [String]
+    #
+    # @!attribute [rw] max_results
+    #   The maximum number of results to display for the list call.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] next_token
+    #   The pagination token for the list API. Initially the value is null.
+    #   Use the output of previous API calls to make subsequent calls.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/ListCustomerManagedPolicyReferencesInPermissionSetRequest AWS API Documentation
+    #
+    class ListCustomerManagedPolicyReferencesInPermissionSetRequest < Struct.new(
+      :instance_arn,
+      :permission_set_arn,
+      :max_results,
+      :next_token)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] customer_managed_policy_references
+    #   Specifies the names and paths of the customer managed policies that
+    #   you have attached to your permission set.
+    #   @return [Array<Types::CustomerManagedPolicyReference>]
+    #
+    # @!attribute [rw] next_token
+    #   The pagination token for the list API. Initially the value is null.
+    #   Use the output of previous API calls to make subsequent calls.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/ListCustomerManagedPolicyReferencesInPermissionSetResponse AWS API Documentation
+    #
+    class ListCustomerManagedPolicyReferencesInPermissionSetResponse < Struct.new(
+      :customer_managed_policy_references,
+      :next_token)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass ListInstancesRequest
     #   data as a hash:
     #
@@ -1293,7 +1547,8 @@ module Aws::SSOAdmin
     end
 
     # @!attribute [rw] instances
-    #   Lists the SSO instances that the caller has access to.
+    #   Lists the Amazon Web Services SSO instances that the caller has
+    #   access to.
     #   @return [Array<Types::InstanceMetadata>]
     #
     # @!attribute [rw] next_token
@@ -1321,9 +1576,9 @@ module Aws::SSOAdmin
     #       }
     #
     # @!attribute [rw] instance_arn
-    #   The ARN of the SSO instance under which the operation will be
-    #   executed. For more information about ARNs, see [Amazon Resource
-    #   Names (ARNs) and Amazon Web Services Service
+    #   The ARN of the Amazon Web Services SSO instance under which the
+    #   operation will be executed. For more information about ARNs, see
+    #   [Amazon Resource Names (ARNs) and Amazon Web Services Service
     #   Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
     #   *Amazon Web Services General Reference*.
     #   @return [String]
@@ -1353,7 +1608,7 @@ module Aws::SSOAdmin
     end
 
     # @!attribute [rw] attached_managed_policies
-    #   The array of the AttachedManagedPolicy data type object.
+    #   An array of the AttachedManagedPolicy data type object.
     #   @return [Array<Types::AttachedManagedPolicy>]
     #
     # @!attribute [rw] next_token
@@ -1383,9 +1638,9 @@ module Aws::SSOAdmin
     #       }
     #
     # @!attribute [rw] instance_arn
-    #   The ARN of the SSO instance under which the operation will be
-    #   executed. For more information about ARNs, see [Amazon Resource
-    #   Names (ARNs) and Amazon Web Services Service
+    #   The ARN of the Amazon Web Services SSO instance under which the
+    #   operation will be executed. For more information about ARNs, see
+    #   [Amazon Resource Names (ARNs) and Amazon Web Services Service
     #   Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
     #   *Amazon Web Services General Reference*.
     #   @return [String]
@@ -1444,9 +1699,9 @@ module Aws::SSOAdmin
     #       }
     #
     # @!attribute [rw] instance_arn
-    #   The ARN of the SSO instance under which the operation will be
-    #   executed. For more information about ARNs, see [Amazon Resource
-    #   Names (ARNs) and Amazon Web Services Service
+    #   The ARN of the Amazon Web Services SSO instance under which the
+    #   operation will be executed. For more information about ARNs, see
+    #   [Amazon Resource Names (ARNs) and Amazon Web Services Service
     #   Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
     #   *Amazon Web Services General Reference*.
     #   @return [String]
@@ -1509,9 +1764,9 @@ module Aws::SSOAdmin
     #       }
     #
     # @!attribute [rw] instance_arn
-    #   The ARN of the SSO instance under which the operation will be
-    #   executed. For more information about ARNs, see [Amazon Resource
-    #   Names (ARNs) and Amazon Web Services Service
+    #   The ARN of the Amazon Web Services SSO instance under which the
+    #   operation will be executed. For more information about ARNs, see
+    #   [Amazon Resource Names (ARNs) and Amazon Web Services Service
     #   Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
     #   *Amazon Web Services General Reference*.
     #   @return [String]
@@ -1558,14 +1813,14 @@ module Aws::SSOAdmin
     #
     #       {
     #         instance_arn: "InstanceArn", # required
-    #         resource_arn: "GeneralArn", # required
+    #         resource_arn: "TaggableResourceArn", # required
     #         next_token: "Token",
     #       }
     #
     # @!attribute [rw] instance_arn
-    #   The ARN of the SSO instance under which the operation will be
-    #   executed. For more information about ARNs, see [Amazon Resource
-    #   Names (ARNs) and Amazon Web Services Service
+    #   The ARN of the Amazon Web Services SSO instance under which the
+    #   operation will be executed. For more information about ARNs, see
+    #   [Amazon Resource Names (ARNs) and Amazon Web Services Service
     #   Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
     #   *Amazon Web Services General Reference*.
     #   @return [String]
@@ -1744,6 +1999,57 @@ module Aws::SSOAdmin
       include Aws::Structure
     end
 
+    # Specifies the configuration of the Amazon Web Services managed or
+    # customer managed policy that you want to set as a permissions
+    # boundary. Specify either `CustomerManagedPolicyReference` to use the
+    # name and path of a customer managed policy, or `ManagedPolicyArn` to
+    # use the ARN of an Amazon Web Services managed policy. A permissions
+    # boundary represents the maximum permissions that any policy can grant
+    # your role. For more information, see [Permissions boundaries for IAM
+    # entities][1] in the *Identity and Access Management User Guide*.
+    #
+    # Policies used as permissions boundaries don't provide permissions.
+    # You must also attach an IAM policy to the role. To learn how the
+    # effective permissions for a role are evaluated, see [IAM JSON policy
+    # evaluation logic][2] in the *Identity and Access Management User
+    # Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html
+    # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html
+    #
+    # @note When making an API call, you may pass PermissionsBoundary
+    #   data as a hash:
+    #
+    #       {
+    #         customer_managed_policy_reference: {
+    #           name: "ManagedPolicyName", # required
+    #           path: "ManagedPolicyPath",
+    #         },
+    #         managed_policy_arn: "ManagedPolicyArn",
+    #       }
+    #
+    # @!attribute [rw] customer_managed_policy_reference
+    #   Specifies the name and path of a customer managed policy. You must
+    #   have an IAM policy that matches the name and path in each Amazon Web
+    #   Services account where you want to deploy your permission set.
+    #   @return [Types::CustomerManagedPolicyReference]
+    #
+    # @!attribute [rw] managed_policy_arn
+    #   The Amazon Web Services managed policy ARN that you want to attach
+    #   to a permission set as a permissions boundary.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/PermissionsBoundary AWS API Documentation
+    #
+    class PermissionsBoundary < Struct.new(
+      :customer_managed_policy_reference,
+      :managed_policy_arn)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass ProvisionPermissionSetRequest
     #   data as a hash:
     #
@@ -1755,9 +2061,9 @@ module Aws::SSOAdmin
     #       }
     #
     # @!attribute [rw] instance_arn
-    #   The ARN of the SSO instance under which the operation will be
-    #   executed. For more information about ARNs, see [Amazon Resource
-    #   Names (ARNs) and Amazon Web Services Service
+    #   The ARN of the Amazon Web Services SSO instance under which the
+    #   operation will be executed. For more information about ARNs, see
+    #   [Amazon Resource Names (ARNs) and Amazon Web Services Service
     #   Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
     #   *Amazon Web Services General Reference*.
     #   @return [String]
@@ -1808,9 +2114,9 @@ module Aws::SSOAdmin
     #       }
     #
     # @!attribute [rw] instance_arn
-    #   The ARN of the SSO instance under which the operation will be
-    #   executed. For more information about ARNs, see [Amazon Resource
-    #   Names (ARNs) and Amazon Web Services Service
+    #   The ARN of the Amazon Web Services SSO instance under which the
+    #   operation will be executed. For more information about ARNs, see
+    #   [Amazon Resource Names (ARNs) and Amazon Web Services Service
     #   Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
     #   *Amazon Web Services General Reference*.
     #   @return [String]
@@ -1820,7 +2126,7 @@ module Aws::SSOAdmin
     #   @return [String]
     #
     # @!attribute [rw] inline_policy
-    #   The IAM inline policy to attach to a PermissionSet.
+    #   The inline policy to attach to a PermissionSet.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/PutInlinePolicyToPermissionSetRequest AWS API Documentation
@@ -1829,7 +2135,7 @@ module Aws::SSOAdmin
       :instance_arn,
       :permission_set_arn,
       :inline_policy)
-      SENSITIVE = [:inline_policy]
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1837,6 +2143,49 @@ module Aws::SSOAdmin
     #
     class PutInlinePolicyToPermissionSetResponse < Aws::EmptyStructure; end
 
+    # @note When making an API call, you may pass PutPermissionsBoundaryToPermissionSetRequest
+    #   data as a hash:
+    #
+    #       {
+    #         instance_arn: "InstanceArn", # required
+    #         permission_set_arn: "PermissionSetArn", # required
+    #         permissions_boundary: { # required
+    #           customer_managed_policy_reference: {
+    #             name: "ManagedPolicyName", # required
+    #             path: "ManagedPolicyPath",
+    #           },
+    #           managed_policy_arn: "ManagedPolicyArn",
+    #         },
+    #       }
+    #
+    # @!attribute [rw] instance_arn
+    #   The ARN of the Amazon Web Services SSO instance under which the
+    #   operation will be executed.
+    #   @return [String]
+    #
+    # @!attribute [rw] permission_set_arn
+    #   The ARN of the `PermissionSet`.
+    #   @return [String]
+    #
+    # @!attribute [rw] permissions_boundary
+    #   The permissions boundary that you want to attach to a
+    #   `PermissionSet`.
+    #   @return [Types::PermissionsBoundary]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/PutPermissionsBoundaryToPermissionSetRequest AWS API Documentation
+    #
+    class PutPermissionsBoundaryToPermissionSetRequest < Struct.new(
+      :instance_arn,
+      :permission_set_arn,
+      :permissions_boundary)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/PutPermissionsBoundaryToPermissionSetResponse AWS API Documentation
+    #
+    class PutPermissionsBoundaryToPermissionSetResponse < Aws::EmptyStructure; end
+
     # Indicates that a requested resource is not found.
     #
     # @!attribute [rw] message
@@ -1873,8 +2222,8 @@ module Aws::SSOAdmin
     #   data as a hash:
     #
     #       {
-    #         key: "TagKey",
-    #         value: "TagValue",
+    #         key: "TagKey", # required
+    #         value: "TagValue", # required
     #       }
     #
     # @!attribute [rw] key
@@ -1899,19 +2248,19 @@ module Aws::SSOAdmin
     #
     #       {
     #         instance_arn: "InstanceArn", # required
-    #         resource_arn: "GeneralArn", # required
+    #         resource_arn: "TaggableResourceArn", # required
     #         tags: [ # required
     #           {
-    #             key: "TagKey",
-    #             value: "TagValue",
+    #             key: "TagKey", # required
+    #             value: "TagValue", # required
     #           },
     #         ],
     #       }
     #
     # @!attribute [rw] instance_arn
-    #   The ARN of the SSO instance under which the operation will be
-    #   executed. For more information about ARNs, see [Amazon Resource
-    #   Names (ARNs) and Amazon Web Services Service
+    #   The ARN of the Amazon Web Services SSO instance under which the
+    #   operation will be executed. For more information about ARNs, see
+    #   [Amazon Resource Names (ARNs) and Amazon Web Services Service
     #   Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
     #   *Amazon Web Services General Reference*.
     #   @return [String]
@@ -1957,14 +2306,14 @@ module Aws::SSOAdmin
     #
     #       {
     #         instance_arn: "InstanceArn", # required
-    #         resource_arn: "GeneralArn", # required
+    #         resource_arn: "TaggableResourceArn", # required
     #         tag_keys: ["TagKey"], # required
     #       }
     #
     # @!attribute [rw] instance_arn
-    #   The ARN of the SSO instance under which the operation will be
-    #   executed. For more information about ARNs, see [Amazon Resource
-    #   Names (ARNs) and Amazon Web Services Service
+    #   The ARN of the Amazon Web Services SSO instance under which the
+    #   operation will be executed. For more information about ARNs, see
+    #   [Amazon Resource Names (ARNs) and Amazon Web Services Service
     #   Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
     #   *Amazon Web Services General Reference*.
     #   @return [String]
@@ -2009,8 +2358,8 @@ module Aws::SSOAdmin
     #       }
     #
     # @!attribute [rw] instance_arn
-    #   The ARN of the SSO instance under which the operation will be
-    #   executed.
+    #   The ARN of the Amazon Web Services SSO instance under which the
+    #   operation will be executed.
     #   @return [String]
     #
     # @!attribute [rw] instance_access_control_attribute_configuration
@@ -2042,9 +2391,9 @@ module Aws::SSOAdmin
     #       }
     #
     # @!attribute [rw] instance_arn
-    #   The ARN of the SSO instance under which the operation will be
-    #   executed. For more information about ARNs, see [Amazon Resource
-    #   Names (ARNs) and Amazon Web Services Service
+    #   The ARN of the Amazon Web Services SSO instance under which the
+    #   operation will be executed. For more information about ARNs, see
+    #   [Amazon Resource Names (ARNs) and Amazon Web Services Service
     #   Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
     #   *Amazon Web Services General Reference*.
     #   @return [String]