aws-sdk-ssoadmin 1.16.0 → 1.17.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 20aee04e9e8da7b00e9ced7881e3619fca82ba227034ec32bf27667d996bdd2b
4
- data.tar.gz: 2719d9ec7730f75befe24ced4112d980947a17675eed763b22e05c94982d7139
3
+ metadata.gz: c915cef011351abba2ed5524b5fdf1f43a7a39d042724488f2c49d609cca1f82
4
+ data.tar.gz: 939d7ec566dcacc58dc5ae3fadfcd55d54d5f3aa3b4170ea1be612b1df23c7a3
5
5
  SHA512:
6
- metadata.gz: b3f0e81d662ffc6f1e6715ad414ed28e93d1b204df5d47224b9930057f9444f0efaef1a76c848fc849c059033614014615c0a991c14b6f3005aaac4aab552252
7
- data.tar.gz: 6d4e60011fd21c0b59fb9251cc17ce9ab4cf1dcd2e23e74f7692858c56e38a8a0734689ae2222a9153fdb45db16ca179d073073b174122452a86b219ff568daf
6
+ metadata.gz: 1f5699026d95effb289e508815d8eefd3711e10647bcc85e2e9feb2fa901ca909fc62a30206da7ae88ee10e6bd2268f873ee969ca595d222e7a5c9046f709118
7
+ data.tar.gz: aa3e97796906e96c33ac31b04f2ea1bb0ae71745a6290ed9bd2bd32fc0d50e7aa8dcced2444fd2b506b5b1f3d1dd727fa349ca74546068c357a260513de75fce
data/CHANGELOG.md CHANGED
@@ -1,6 +1,11 @@
1
1
  Unreleased Changes
2
2
  ------------------
3
3
 
4
+ 1.17.0 (2022-07-18)
5
+ ------------------
6
+
7
+ * Feature - AWS SSO now supports attaching customer managed policies and a permissions boundary to your permission sets. This release adds new API operations to manage and view the customer managed policies and the permissions boundary for a given permission set.
8
+
4
9
  1.16.0 (2022-02-24)
5
10
  ------------------
6
11
 
data/VERSION CHANGED
@@ -1 +1 @@
1
- 1.16.0
1
+ 1.17.0
@@ -361,7 +361,45 @@ module Aws::SSOAdmin
361
361
 
362
362
  # @!group API Operations
363
363
 
364
- # Attaches an IAM managed policy ARN to a permission set.
364
+ # Attaches the specified IAM customer managed policy to the specified
365
+ # PermissionSet.
366
+ #
367
+ # @option params [required, String] :instance_arn
368
+ # The ARN of the SSO instance under which the operation will be
369
+ # executed.
370
+ #
371
+ # @option params [required, String] :permission_set_arn
372
+ # The ARN of the `PermissionSet`.
373
+ #
374
+ # @option params [required, Types::CustomerManagedPolicyReference] :customer_managed_policy_reference
375
+ # Specifies the name and path of the IAM customer managed policy. You
376
+ # must have an IAM policy that matches the name and path in each Amazon
377
+ # Web Services account where you want to deploy your permission set.
378
+ #
379
+ # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
380
+ #
381
+ # @example Request syntax with placeholder values
382
+ #
383
+ # resp = client.attach_customer_managed_policy_reference_to_permission_set({
384
+ # instance_arn: "InstanceArn", # required
385
+ # permission_set_arn: "PermissionSetArn", # required
386
+ # customer_managed_policy_reference: { # required
387
+ # name: "ManagedPolicyName", # required
388
+ # path: "ManagedPolicyPath",
389
+ # },
390
+ # })
391
+ #
392
+ # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/AttachCustomerManagedPolicyReferenceToPermissionSet AWS API Documentation
393
+ #
394
+ # @overload attach_customer_managed_policy_reference_to_permission_set(params = {})
395
+ # @param [Hash] params ({})
396
+ def attach_customer_managed_policy_reference_to_permission_set(params = {}, options = {})
397
+ req = build_request(:attach_customer_managed_policy_reference_to_permission_set, params)
398
+ req.send_request(options)
399
+ end
400
+
401
+ # Attaches an Amazon Web Services managed IAM policy ARN to a permission
402
+ # set.
365
403
  #
366
404
  # <note markdown="1"> If the permission set is already referenced by one or more account
367
405
  # assignments, you will need to call ` ProvisionPermissionSet ` after
@@ -382,7 +420,8 @@ module Aws::SSOAdmin
382
420
  # attached to.
383
421
  #
384
422
  # @option params [required, String] :managed_policy_arn
385
- # The IAM managed policy ARN to be attached to a permission set.
423
+ # The Amazon Web Services managed policy ARN to be attached to a
424
+ # permission set.
386
425
  #
387
426
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
388
427
  #
@@ -579,8 +618,8 @@ module Aws::SSOAdmin
579
618
  # relay_state: "RelayState",
580
619
  # tags: [
581
620
  # {
582
- # key: "TagKey",
583
- # value: "TagValue",
621
+ # key: "TagKey", # required
622
+ # value: "TagValue", # required
584
623
  # },
585
624
  # ],
586
625
  # })
@@ -760,6 +799,33 @@ module Aws::SSOAdmin
760
799
  req.send_request(options)
761
800
  end
762
801
 
802
+ # Deletes the permissions boundary from a specified PermissionSet.
803
+ #
804
+ # @option params [required, String] :instance_arn
805
+ # The ARN of the SSO instance under which the operation will be
806
+ # executed.
807
+ #
808
+ # @option params [required, String] :permission_set_arn
809
+ # The ARN of the `PermissionSet`.
810
+ #
811
+ # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
812
+ #
813
+ # @example Request syntax with placeholder values
814
+ #
815
+ # resp = client.delete_permissions_boundary_from_permission_set({
816
+ # instance_arn: "InstanceArn", # required
817
+ # permission_set_arn: "PermissionSetArn", # required
818
+ # })
819
+ #
820
+ # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/DeletePermissionsBoundaryFromPermissionSet AWS API Documentation
821
+ #
822
+ # @overload delete_permissions_boundary_from_permission_set(params = {})
823
+ # @param [Hash] params ({})
824
+ def delete_permissions_boundary_from_permission_set(params = {}, options = {})
825
+ req = build_request(:delete_permissions_boundary_from_permission_set, params)
826
+ req.send_request(options)
827
+ end
828
+
763
829
  # Describes the status of the assignment creation request.
764
830
  #
765
831
  # @option params [required, String] :instance_arn
@@ -974,8 +1040,45 @@ module Aws::SSOAdmin
974
1040
  req.send_request(options)
975
1041
  end
976
1042
 
977
- # Detaches the attached IAM managed policy ARN from the specified
978
- # permission set.
1043
+ # Detaches the specified IAM customer managed policy from the specified
1044
+ # PermissionSet.
1045
+ #
1046
+ # @option params [required, String] :instance_arn
1047
+ # The ARN of the SSO instance under which the operation will be
1048
+ # executed.
1049
+ #
1050
+ # @option params [required, String] :permission_set_arn
1051
+ # The ARN of the `PermissionSet`.
1052
+ #
1053
+ # @option params [required, Types::CustomerManagedPolicyReference] :customer_managed_policy_reference
1054
+ # Specifies the name and path of the IAM customer managed policy. You
1055
+ # must have an IAM policy that matches the name and path in each Amazon
1056
+ # Web Services account where you want to deploy your permission set.
1057
+ #
1058
+ # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
1059
+ #
1060
+ # @example Request syntax with placeholder values
1061
+ #
1062
+ # resp = client.detach_customer_managed_policy_reference_from_permission_set({
1063
+ # instance_arn: "InstanceArn", # required
1064
+ # permission_set_arn: "PermissionSetArn", # required
1065
+ # customer_managed_policy_reference: { # required
1066
+ # name: "ManagedPolicyName", # required
1067
+ # path: "ManagedPolicyPath",
1068
+ # },
1069
+ # })
1070
+ #
1071
+ # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/DetachCustomerManagedPolicyReferenceFromPermissionSet AWS API Documentation
1072
+ #
1073
+ # @overload detach_customer_managed_policy_reference_from_permission_set(params = {})
1074
+ # @param [Hash] params ({})
1075
+ def detach_customer_managed_policy_reference_from_permission_set(params = {}, options = {})
1076
+ req = build_request(:detach_customer_managed_policy_reference_from_permission_set, params)
1077
+ req.send_request(options)
1078
+ end
1079
+
1080
+ # Detaches the attached Amazon Web Services managed IAM policy ARN from
1081
+ # the specified permission set.
979
1082
  #
980
1083
  # @option params [required, String] :instance_arn
981
1084
  # The ARN of the SSO instance under which the operation will be
@@ -988,7 +1091,8 @@ module Aws::SSOAdmin
988
1091
  # The ARN of the PermissionSet from which the policy should be detached.
989
1092
  #
990
1093
  # @option params [required, String] :managed_policy_arn
991
- # The IAM managed policy ARN to be attached to a permission set.
1094
+ # The Amazon Web Services managed policy ARN to be detached from a
1095
+ # permission set.
992
1096
  #
993
1097
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
994
1098
  #
@@ -1045,6 +1149,41 @@ module Aws::SSOAdmin
1045
1149
  req.send_request(options)
1046
1150
  end
1047
1151
 
1152
+ # Obtains the permissions boundary for a specified PermissionSet.
1153
+ #
1154
+ # @option params [required, String] :instance_arn
1155
+ # The ARN of the SSO instance under which the operation will be
1156
+ # executed.
1157
+ #
1158
+ # @option params [required, String] :permission_set_arn
1159
+ # The ARN of the `PermissionSet`.
1160
+ #
1161
+ # @return [Types::GetPermissionsBoundaryForPermissionSetResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1162
+ #
1163
+ # * {Types::GetPermissionsBoundaryForPermissionSetResponse#permissions_boundary #permissions_boundary} => Types::PermissionsBoundary
1164
+ #
1165
+ # @example Request syntax with placeholder values
1166
+ #
1167
+ # resp = client.get_permissions_boundary_for_permission_set({
1168
+ # instance_arn: "InstanceArn", # required
1169
+ # permission_set_arn: "PermissionSetArn", # required
1170
+ # })
1171
+ #
1172
+ # @example Response structure
1173
+ #
1174
+ # resp.permissions_boundary.customer_managed_policy_reference.name #=> String
1175
+ # resp.permissions_boundary.customer_managed_policy_reference.path #=> String
1176
+ # resp.permissions_boundary.managed_policy_arn #=> String
1177
+ #
1178
+ # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/GetPermissionsBoundaryForPermissionSet AWS API Documentation
1179
+ #
1180
+ # @overload get_permissions_boundary_for_permission_set(params = {})
1181
+ # @param [Hash] params ({})
1182
+ def get_permissions_boundary_for_permission_set(params = {}, options = {})
1183
+ req = build_request(:get_permissions_boundary_for_permission_set, params)
1184
+ req.send_request(options)
1185
+ end
1186
+
1048
1187
  # Lists the status of the Amazon Web Services account assignment
1049
1188
  # creation requests for a specified SSO instance.
1050
1189
  #
@@ -1271,6 +1410,55 @@ module Aws::SSOAdmin
1271
1410
  req.send_request(options)
1272
1411
  end
1273
1412
 
1413
+ # Lists all IAM customer managed policies attached to a specified
1414
+ # PermissionSet.
1415
+ #
1416
+ # @option params [required, String] :instance_arn
1417
+ # The ARN of the SSO instance under which the operation will be
1418
+ # executed.
1419
+ #
1420
+ # @option params [required, String] :permission_set_arn
1421
+ # The ARN of the `PermissionSet`.
1422
+ #
1423
+ # @option params [Integer] :max_results
1424
+ # The maximum number of results to display for the list call.
1425
+ #
1426
+ # @option params [String] :next_token
1427
+ # The pagination token for the list API. Initially the value is null.
1428
+ # Use the output of previous API calls to make subsequent calls.
1429
+ #
1430
+ # @return [Types::ListCustomerManagedPolicyReferencesInPermissionSetResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1431
+ #
1432
+ # * {Types::ListCustomerManagedPolicyReferencesInPermissionSetResponse#customer_managed_policy_references #customer_managed_policy_references} => Array&lt;Types::CustomerManagedPolicyReference&gt;
1433
+ # * {Types::ListCustomerManagedPolicyReferencesInPermissionSetResponse#next_token #next_token} => String
1434
+ #
1435
+ # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
1436
+ #
1437
+ # @example Request syntax with placeholder values
1438
+ #
1439
+ # resp = client.list_customer_managed_policy_references_in_permission_set({
1440
+ # instance_arn: "InstanceArn", # required
1441
+ # permission_set_arn: "PermissionSetArn", # required
1442
+ # max_results: 1,
1443
+ # next_token: "Token",
1444
+ # })
1445
+ #
1446
+ # @example Response structure
1447
+ #
1448
+ # resp.customer_managed_policy_references #=> Array
1449
+ # resp.customer_managed_policy_references[0].name #=> String
1450
+ # resp.customer_managed_policy_references[0].path #=> String
1451
+ # resp.next_token #=> String
1452
+ #
1453
+ # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/ListCustomerManagedPolicyReferencesInPermissionSet AWS API Documentation
1454
+ #
1455
+ # @overload list_customer_managed_policy_references_in_permission_set(params = {})
1456
+ # @param [Hash] params ({})
1457
+ def list_customer_managed_policy_references_in_permission_set(params = {}, options = {})
1458
+ req = build_request(:list_customer_managed_policy_references_in_permission_set, params)
1459
+ req.send_request(options)
1460
+ end
1461
+
1274
1462
  # Lists the SSO instances that the caller has access to.
1275
1463
  #
1276
1464
  # @option params [Integer] :max_results
@@ -1310,8 +1498,8 @@ module Aws::SSOAdmin
1310
1498
  req.send_request(options)
1311
1499
  end
1312
1500
 
1313
- # Lists the IAM managed policy that is attached to a specified
1314
- # permission set.
1501
+ # Lists the Amazon Web Services managed IAM policy that is attached to a
1502
+ # specified permission set.
1315
1503
  #
1316
1504
  # @option params [required, String] :instance_arn
1317
1505
  # The ARN of the SSO instance under which the operation will be
@@ -1546,7 +1734,7 @@ module Aws::SSOAdmin
1546
1734
  #
1547
1735
  # resp = client.list_tags_for_resource({
1548
1736
  # instance_arn: "InstanceArn", # required
1549
- # resource_arn: "GeneralArn", # required
1737
+ # resource_arn: "TaggableResourceArn", # required
1550
1738
  # next_token: "Token",
1551
1739
  # })
1552
1740
  #
@@ -1658,6 +1846,44 @@ module Aws::SSOAdmin
1658
1846
  req.send_request(options)
1659
1847
  end
1660
1848
 
1849
+ # Attaches an Amazon Web Services managed or customer managed IAM policy
1850
+ # to the specified PermissionSet as a permissions boundary.
1851
+ #
1852
+ # @option params [required, String] :instance_arn
1853
+ # The ARN of the SSO instance under which the operation will be
1854
+ # executed.
1855
+ #
1856
+ # @option params [required, String] :permission_set_arn
1857
+ # The ARN of the `PermissionSet`.
1858
+ #
1859
+ # @option params [required, Types::PermissionsBoundary] :permissions_boundary
1860
+ # The permissions boundary that you want to attach to a `PermissionSet`.
1861
+ #
1862
+ # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
1863
+ #
1864
+ # @example Request syntax with placeholder values
1865
+ #
1866
+ # resp = client.put_permissions_boundary_to_permission_set({
1867
+ # instance_arn: "InstanceArn", # required
1868
+ # permission_set_arn: "PermissionSetArn", # required
1869
+ # permissions_boundary: { # required
1870
+ # customer_managed_policy_reference: {
1871
+ # name: "ManagedPolicyName", # required
1872
+ # path: "ManagedPolicyPath",
1873
+ # },
1874
+ # managed_policy_arn: "ManagedPolicyArn",
1875
+ # },
1876
+ # })
1877
+ #
1878
+ # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/PutPermissionsBoundaryToPermissionSet AWS API Documentation
1879
+ #
1880
+ # @overload put_permissions_boundary_to_permission_set(params = {})
1881
+ # @param [Hash] params ({})
1882
+ def put_permissions_boundary_to_permission_set(params = {}, options = {})
1883
+ req = build_request(:put_permissions_boundary_to_permission_set, params)
1884
+ req.send_request(options)
1885
+ end
1886
+
1661
1887
  # Associates a set of tags with a specified resource.
1662
1888
  #
1663
1889
  # @option params [required, String] :instance_arn
@@ -1679,11 +1905,11 @@ module Aws::SSOAdmin
1679
1905
  #
1680
1906
  # resp = client.tag_resource({
1681
1907
  # instance_arn: "InstanceArn", # required
1682
- # resource_arn: "GeneralArn", # required
1908
+ # resource_arn: "TaggableResourceArn", # required
1683
1909
  # tags: [ # required
1684
1910
  # {
1685
- # key: "TagKey",
1686
- # value: "TagValue",
1911
+ # key: "TagKey", # required
1912
+ # value: "TagValue", # required
1687
1913
  # },
1688
1914
  # ],
1689
1915
  # })
@@ -1718,7 +1944,7 @@ module Aws::SSOAdmin
1718
1944
  #
1719
1945
  # resp = client.untag_resource({
1720
1946
  # instance_arn: "InstanceArn", # required
1721
- # resource_arn: "GeneralArn", # required
1947
+ # resource_arn: "TaggableResourceArn", # required
1722
1948
  # tag_keys: ["TagKey"], # required
1723
1949
  # })
1724
1950
  #
@@ -1834,7 +2060,7 @@ module Aws::SSOAdmin
1834
2060
  params: params,
1835
2061
  config: config)
1836
2062
  context[:gem_name] = 'aws-sdk-ssoadmin'
1837
- context[:gem_version] = '1.16.0'
2063
+ context[:gem_version] = '1.17.0'
1838
2064
  Seahorse::Client::Request.new(handlers, context)
1839
2065
  end
1840
2066
 
@@ -28,6 +28,8 @@ module Aws::SSOAdmin
28
28
  AccountAssignmentOperationStatusMetadata = Shapes::StructureShape.new(name: 'AccountAssignmentOperationStatusMetadata')
29
29
  AccountId = Shapes::StringShape.new(name: 'AccountId')
30
30
  AccountList = Shapes::ListShape.new(name: 'AccountList')
31
+ AttachCustomerManagedPolicyReferenceToPermissionSetRequest = Shapes::StructureShape.new(name: 'AttachCustomerManagedPolicyReferenceToPermissionSetRequest')
32
+ AttachCustomerManagedPolicyReferenceToPermissionSetResponse = Shapes::StructureShape.new(name: 'AttachCustomerManagedPolicyReferenceToPermissionSetResponse')
31
33
  AttachManagedPolicyToPermissionSetRequest = Shapes::StructureShape.new(name: 'AttachManagedPolicyToPermissionSetRequest')
32
34
  AttachManagedPolicyToPermissionSetResponse = Shapes::StructureShape.new(name: 'AttachManagedPolicyToPermissionSetResponse')
33
35
  AttachedManagedPolicy = Shapes::StructureShape.new(name: 'AttachedManagedPolicy')
@@ -40,6 +42,8 @@ module Aws::SSOAdmin
40
42
  CreateInstanceAccessControlAttributeConfigurationResponse = Shapes::StructureShape.new(name: 'CreateInstanceAccessControlAttributeConfigurationResponse')
41
43
  CreatePermissionSetRequest = Shapes::StructureShape.new(name: 'CreatePermissionSetRequest')
42
44
  CreatePermissionSetResponse = Shapes::StructureShape.new(name: 'CreatePermissionSetResponse')
45
+ CustomerManagedPolicyReference = Shapes::StructureShape.new(name: 'CustomerManagedPolicyReference')
46
+ CustomerManagedPolicyReferenceList = Shapes::ListShape.new(name: 'CustomerManagedPolicyReferenceList')
43
47
  Date = Shapes::TimestampShape.new(name: 'Date')
44
48
  DeleteAccountAssignmentRequest = Shapes::StructureShape.new(name: 'DeleteAccountAssignmentRequest')
45
49
  DeleteAccountAssignmentResponse = Shapes::StructureShape.new(name: 'DeleteAccountAssignmentResponse')
@@ -49,6 +53,8 @@ module Aws::SSOAdmin
49
53
  DeleteInstanceAccessControlAttributeConfigurationResponse = Shapes::StructureShape.new(name: 'DeleteInstanceAccessControlAttributeConfigurationResponse')
50
54
  DeletePermissionSetRequest = Shapes::StructureShape.new(name: 'DeletePermissionSetRequest')
51
55
  DeletePermissionSetResponse = Shapes::StructureShape.new(name: 'DeletePermissionSetResponse')
56
+ DeletePermissionsBoundaryFromPermissionSetRequest = Shapes::StructureShape.new(name: 'DeletePermissionsBoundaryFromPermissionSetRequest')
57
+ DeletePermissionsBoundaryFromPermissionSetResponse = Shapes::StructureShape.new(name: 'DeletePermissionsBoundaryFromPermissionSetResponse')
52
58
  DescribeAccountAssignmentCreationStatusRequest = Shapes::StructureShape.new(name: 'DescribeAccountAssignmentCreationStatusRequest')
53
59
  DescribeAccountAssignmentCreationStatusResponse = Shapes::StructureShape.new(name: 'DescribeAccountAssignmentCreationStatusResponse')
54
60
  DescribeAccountAssignmentDeletionStatusRequest = Shapes::StructureShape.new(name: 'DescribeAccountAssignmentDeletionStatusRequest')
@@ -59,12 +65,15 @@ module Aws::SSOAdmin
59
65
  DescribePermissionSetProvisioningStatusResponse = Shapes::StructureShape.new(name: 'DescribePermissionSetProvisioningStatusResponse')
60
66
  DescribePermissionSetRequest = Shapes::StructureShape.new(name: 'DescribePermissionSetRequest')
61
67
  DescribePermissionSetResponse = Shapes::StructureShape.new(name: 'DescribePermissionSetResponse')
68
+ DetachCustomerManagedPolicyReferenceFromPermissionSetRequest = Shapes::StructureShape.new(name: 'DetachCustomerManagedPolicyReferenceFromPermissionSetRequest')
69
+ DetachCustomerManagedPolicyReferenceFromPermissionSetResponse = Shapes::StructureShape.new(name: 'DetachCustomerManagedPolicyReferenceFromPermissionSetResponse')
62
70
  DetachManagedPolicyFromPermissionSetRequest = Shapes::StructureShape.new(name: 'DetachManagedPolicyFromPermissionSetRequest')
63
71
  DetachManagedPolicyFromPermissionSetResponse = Shapes::StructureShape.new(name: 'DetachManagedPolicyFromPermissionSetResponse')
64
72
  Duration = Shapes::StringShape.new(name: 'Duration')
65
- GeneralArn = Shapes::StringShape.new(name: 'GeneralArn')
66
73
  GetInlinePolicyForPermissionSetRequest = Shapes::StructureShape.new(name: 'GetInlinePolicyForPermissionSetRequest')
67
74
  GetInlinePolicyForPermissionSetResponse = Shapes::StructureShape.new(name: 'GetInlinePolicyForPermissionSetResponse')
75
+ GetPermissionsBoundaryForPermissionSetRequest = Shapes::StructureShape.new(name: 'GetPermissionsBoundaryForPermissionSetRequest')
76
+ GetPermissionsBoundaryForPermissionSetResponse = Shapes::StructureShape.new(name: 'GetPermissionsBoundaryForPermissionSetResponse')
68
77
  Id = Shapes::StringShape.new(name: 'Id')
69
78
  InstanceAccessControlAttributeConfiguration = Shapes::StructureShape.new(name: 'InstanceAccessControlAttributeConfiguration')
70
79
  InstanceAccessControlAttributeConfigurationStatus = Shapes::StringShape.new(name: 'InstanceAccessControlAttributeConfigurationStatus')
@@ -82,6 +91,8 @@ module Aws::SSOAdmin
82
91
  ListAccountAssignmentsResponse = Shapes::StructureShape.new(name: 'ListAccountAssignmentsResponse')
83
92
  ListAccountsForProvisionedPermissionSetRequest = Shapes::StructureShape.new(name: 'ListAccountsForProvisionedPermissionSetRequest')
84
93
  ListAccountsForProvisionedPermissionSetResponse = Shapes::StructureShape.new(name: 'ListAccountsForProvisionedPermissionSetResponse')
94
+ ListCustomerManagedPolicyReferencesInPermissionSetRequest = Shapes::StructureShape.new(name: 'ListCustomerManagedPolicyReferencesInPermissionSetRequest')
95
+ ListCustomerManagedPolicyReferencesInPermissionSetResponse = Shapes::StructureShape.new(name: 'ListCustomerManagedPolicyReferencesInPermissionSetResponse')
85
96
  ListInstancesRequest = Shapes::StructureShape.new(name: 'ListInstancesRequest')
86
97
  ListInstancesResponse = Shapes::StructureShape.new(name: 'ListInstancesResponse')
87
98
  ListManagedPoliciesInPermissionSetRequest = Shapes::StructureShape.new(name: 'ListManagedPoliciesInPermissionSetRequest')
@@ -95,6 +106,8 @@ module Aws::SSOAdmin
95
106
  ListTagsForResourceRequest = Shapes::StructureShape.new(name: 'ListTagsForResourceRequest')
96
107
  ListTagsForResourceResponse = Shapes::StructureShape.new(name: 'ListTagsForResourceResponse')
97
108
  ManagedPolicyArn = Shapes::StringShape.new(name: 'ManagedPolicyArn')
109
+ ManagedPolicyName = Shapes::StringShape.new(name: 'ManagedPolicyName')
110
+ ManagedPolicyPath = Shapes::StringShape.new(name: 'ManagedPolicyPath')
98
111
  MaxResults = Shapes::IntegerShape.new(name: 'MaxResults')
99
112
  Name = Shapes::StringShape.new(name: 'Name')
100
113
  OperationStatusFilter = Shapes::StructureShape.new(name: 'OperationStatusFilter')
@@ -107,6 +120,7 @@ module Aws::SSOAdmin
107
120
  PermissionSetProvisioningStatus = Shapes::StructureShape.new(name: 'PermissionSetProvisioningStatus')
108
121
  PermissionSetProvisioningStatusList = Shapes::ListShape.new(name: 'PermissionSetProvisioningStatusList')
109
122
  PermissionSetProvisioningStatusMetadata = Shapes::StructureShape.new(name: 'PermissionSetProvisioningStatusMetadata')
123
+ PermissionsBoundary = Shapes::StructureShape.new(name: 'PermissionsBoundary')
110
124
  PrincipalId = Shapes::StringShape.new(name: 'PrincipalId')
111
125
  PrincipalType = Shapes::StringShape.new(name: 'PrincipalType')
112
126
  ProvisionPermissionSetRequest = Shapes::StructureShape.new(name: 'ProvisionPermissionSetRequest')
@@ -115,6 +129,8 @@ module Aws::SSOAdmin
115
129
  ProvisioningStatus = Shapes::StringShape.new(name: 'ProvisioningStatus')
116
130
  PutInlinePolicyToPermissionSetRequest = Shapes::StructureShape.new(name: 'PutInlinePolicyToPermissionSetRequest')
117
131
  PutInlinePolicyToPermissionSetResponse = Shapes::StructureShape.new(name: 'PutInlinePolicyToPermissionSetResponse')
132
+ PutPermissionsBoundaryToPermissionSetRequest = Shapes::StructureShape.new(name: 'PutPermissionsBoundaryToPermissionSetRequest')
133
+ PutPermissionsBoundaryToPermissionSetResponse = Shapes::StructureShape.new(name: 'PutPermissionsBoundaryToPermissionSetResponse')
118
134
  Reason = Shapes::StringShape.new(name: 'Reason')
119
135
  RelayState = Shapes::StringShape.new(name: 'RelayState')
120
136
  ResourceNotFoundException = Shapes::StructureShape.new(name: 'ResourceNotFoundException')
@@ -129,6 +145,7 @@ module Aws::SSOAdmin
129
145
  TagResourceRequest = Shapes::StructureShape.new(name: 'TagResourceRequest')
130
146
  TagResourceResponse = Shapes::StructureShape.new(name: 'TagResourceResponse')
131
147
  TagValue = Shapes::StringShape.new(name: 'TagValue')
148
+ TaggableResourceArn = Shapes::StringShape.new(name: 'TaggableResourceArn')
132
149
  TargetId = Shapes::StringShape.new(name: 'TargetId')
133
150
  TargetType = Shapes::StringShape.new(name: 'TargetType')
134
151
  ThrottlingException = Shapes::StructureShape.new(name: 'ThrottlingException')
@@ -186,6 +203,13 @@ module Aws::SSOAdmin
186
203
 
187
204
  AccountList.member = Shapes::ShapeRef.new(shape: AccountId)
188
205
 
206
+ AttachCustomerManagedPolicyReferenceToPermissionSetRequest.add_member(:instance_arn, Shapes::ShapeRef.new(shape: InstanceArn, required: true, location_name: "InstanceArn"))
207
+ AttachCustomerManagedPolicyReferenceToPermissionSetRequest.add_member(:permission_set_arn, Shapes::ShapeRef.new(shape: PermissionSetArn, required: true, location_name: "PermissionSetArn"))
208
+ AttachCustomerManagedPolicyReferenceToPermissionSetRequest.add_member(:customer_managed_policy_reference, Shapes::ShapeRef.new(shape: CustomerManagedPolicyReference, required: true, location_name: "CustomerManagedPolicyReference"))
209
+ AttachCustomerManagedPolicyReferenceToPermissionSetRequest.struct_class = Types::AttachCustomerManagedPolicyReferenceToPermissionSetRequest
210
+
211
+ AttachCustomerManagedPolicyReferenceToPermissionSetResponse.struct_class = Types::AttachCustomerManagedPolicyReferenceToPermissionSetResponse
212
+
189
213
  AttachManagedPolicyToPermissionSetRequest.add_member(:instance_arn, Shapes::ShapeRef.new(shape: InstanceArn, required: true, location_name: "InstanceArn"))
190
214
  AttachManagedPolicyToPermissionSetRequest.add_member(:permission_set_arn, Shapes::ShapeRef.new(shape: PermissionSetArn, required: true, location_name: "PermissionSetArn"))
191
215
  AttachManagedPolicyToPermissionSetRequest.add_member(:managed_policy_arn, Shapes::ShapeRef.new(shape: ManagedPolicyArn, required: true, location_name: "ManagedPolicyArn"))
@@ -230,6 +254,12 @@ module Aws::SSOAdmin
230
254
  CreatePermissionSetResponse.add_member(:permission_set, Shapes::ShapeRef.new(shape: PermissionSet, location_name: "PermissionSet"))
231
255
  CreatePermissionSetResponse.struct_class = Types::CreatePermissionSetResponse
232
256
 
257
+ CustomerManagedPolicyReference.add_member(:name, Shapes::ShapeRef.new(shape: ManagedPolicyName, required: true, location_name: "Name"))
258
+ CustomerManagedPolicyReference.add_member(:path, Shapes::ShapeRef.new(shape: ManagedPolicyPath, location_name: "Path"))
259
+ CustomerManagedPolicyReference.struct_class = Types::CustomerManagedPolicyReference
260
+
261
+ CustomerManagedPolicyReferenceList.member = Shapes::ShapeRef.new(shape: CustomerManagedPolicyReference)
262
+
233
263
  DeleteAccountAssignmentRequest.add_member(:instance_arn, Shapes::ShapeRef.new(shape: InstanceArn, required: true, location_name: "InstanceArn"))
234
264
  DeleteAccountAssignmentRequest.add_member(:target_id, Shapes::ShapeRef.new(shape: TargetId, required: true, location_name: "TargetId"))
235
265
  DeleteAccountAssignmentRequest.add_member(:target_type, Shapes::ShapeRef.new(shape: TargetType, required: true, location_name: "TargetType"))
@@ -258,6 +288,12 @@ module Aws::SSOAdmin
258
288
 
259
289
  DeletePermissionSetResponse.struct_class = Types::DeletePermissionSetResponse
260
290
 
291
+ DeletePermissionsBoundaryFromPermissionSetRequest.add_member(:instance_arn, Shapes::ShapeRef.new(shape: InstanceArn, required: true, location_name: "InstanceArn"))
292
+ DeletePermissionsBoundaryFromPermissionSetRequest.add_member(:permission_set_arn, Shapes::ShapeRef.new(shape: PermissionSetArn, required: true, location_name: "PermissionSetArn"))
293
+ DeletePermissionsBoundaryFromPermissionSetRequest.struct_class = Types::DeletePermissionsBoundaryFromPermissionSetRequest
294
+
295
+ DeletePermissionsBoundaryFromPermissionSetResponse.struct_class = Types::DeletePermissionsBoundaryFromPermissionSetResponse
296
+
261
297
  DescribeAccountAssignmentCreationStatusRequest.add_member(:instance_arn, Shapes::ShapeRef.new(shape: InstanceArn, required: true, location_name: "InstanceArn"))
262
298
  DescribeAccountAssignmentCreationStatusRequest.add_member(:account_assignment_creation_request_id, Shapes::ShapeRef.new(shape: UUId, required: true, location_name: "AccountAssignmentCreationRequestId"))
263
299
  DescribeAccountAssignmentCreationStatusRequest.struct_class = Types::DescribeAccountAssignmentCreationStatusRequest
@@ -294,6 +330,13 @@ module Aws::SSOAdmin
294
330
  DescribePermissionSetResponse.add_member(:permission_set, Shapes::ShapeRef.new(shape: PermissionSet, location_name: "PermissionSet"))
295
331
  DescribePermissionSetResponse.struct_class = Types::DescribePermissionSetResponse
296
332
 
333
+ DetachCustomerManagedPolicyReferenceFromPermissionSetRequest.add_member(:instance_arn, Shapes::ShapeRef.new(shape: InstanceArn, required: true, location_name: "InstanceArn"))
334
+ DetachCustomerManagedPolicyReferenceFromPermissionSetRequest.add_member(:permission_set_arn, Shapes::ShapeRef.new(shape: PermissionSetArn, required: true, location_name: "PermissionSetArn"))
335
+ DetachCustomerManagedPolicyReferenceFromPermissionSetRequest.add_member(:customer_managed_policy_reference, Shapes::ShapeRef.new(shape: CustomerManagedPolicyReference, required: true, location_name: "CustomerManagedPolicyReference"))
336
+ DetachCustomerManagedPolicyReferenceFromPermissionSetRequest.struct_class = Types::DetachCustomerManagedPolicyReferenceFromPermissionSetRequest
337
+
338
+ DetachCustomerManagedPolicyReferenceFromPermissionSetResponse.struct_class = Types::DetachCustomerManagedPolicyReferenceFromPermissionSetResponse
339
+
297
340
  DetachManagedPolicyFromPermissionSetRequest.add_member(:instance_arn, Shapes::ShapeRef.new(shape: InstanceArn, required: true, location_name: "InstanceArn"))
298
341
  DetachManagedPolicyFromPermissionSetRequest.add_member(:permission_set_arn, Shapes::ShapeRef.new(shape: PermissionSetArn, required: true, location_name: "PermissionSetArn"))
299
342
  DetachManagedPolicyFromPermissionSetRequest.add_member(:managed_policy_arn, Shapes::ShapeRef.new(shape: ManagedPolicyArn, required: true, location_name: "ManagedPolicyArn"))
@@ -308,6 +351,13 @@ module Aws::SSOAdmin
308
351
  GetInlinePolicyForPermissionSetResponse.add_member(:inline_policy, Shapes::ShapeRef.new(shape: PermissionSetPolicyDocument, location_name: "InlinePolicy"))
309
352
  GetInlinePolicyForPermissionSetResponse.struct_class = Types::GetInlinePolicyForPermissionSetResponse
310
353
 
354
+ GetPermissionsBoundaryForPermissionSetRequest.add_member(:instance_arn, Shapes::ShapeRef.new(shape: InstanceArn, required: true, location_name: "InstanceArn"))
355
+ GetPermissionsBoundaryForPermissionSetRequest.add_member(:permission_set_arn, Shapes::ShapeRef.new(shape: PermissionSetArn, required: true, location_name: "PermissionSetArn"))
356
+ GetPermissionsBoundaryForPermissionSetRequest.struct_class = Types::GetPermissionsBoundaryForPermissionSetRequest
357
+
358
+ GetPermissionsBoundaryForPermissionSetResponse.add_member(:permissions_boundary, Shapes::ShapeRef.new(shape: PermissionsBoundary, location_name: "PermissionsBoundary"))
359
+ GetPermissionsBoundaryForPermissionSetResponse.struct_class = Types::GetPermissionsBoundaryForPermissionSetResponse
360
+
311
361
  InstanceAccessControlAttributeConfiguration.add_member(:access_control_attributes, Shapes::ShapeRef.new(shape: AccessControlAttributeList, required: true, location_name: "AccessControlAttributes"))
312
362
  InstanceAccessControlAttributeConfiguration.struct_class = Types::InstanceAccessControlAttributeConfiguration
313
363
 
@@ -362,6 +412,16 @@ module Aws::SSOAdmin
362
412
  ListAccountsForProvisionedPermissionSetResponse.add_member(:next_token, Shapes::ShapeRef.new(shape: Token, location_name: "NextToken"))
363
413
  ListAccountsForProvisionedPermissionSetResponse.struct_class = Types::ListAccountsForProvisionedPermissionSetResponse
364
414
 
415
+ ListCustomerManagedPolicyReferencesInPermissionSetRequest.add_member(:instance_arn, Shapes::ShapeRef.new(shape: InstanceArn, required: true, location_name: "InstanceArn"))
416
+ ListCustomerManagedPolicyReferencesInPermissionSetRequest.add_member(:permission_set_arn, Shapes::ShapeRef.new(shape: PermissionSetArn, required: true, location_name: "PermissionSetArn"))
417
+ ListCustomerManagedPolicyReferencesInPermissionSetRequest.add_member(:max_results, Shapes::ShapeRef.new(shape: MaxResults, location_name: "MaxResults"))
418
+ ListCustomerManagedPolicyReferencesInPermissionSetRequest.add_member(:next_token, Shapes::ShapeRef.new(shape: Token, location_name: "NextToken"))
419
+ ListCustomerManagedPolicyReferencesInPermissionSetRequest.struct_class = Types::ListCustomerManagedPolicyReferencesInPermissionSetRequest
420
+
421
+ ListCustomerManagedPolicyReferencesInPermissionSetResponse.add_member(:customer_managed_policy_references, Shapes::ShapeRef.new(shape: CustomerManagedPolicyReferenceList, location_name: "CustomerManagedPolicyReferences"))
422
+ ListCustomerManagedPolicyReferencesInPermissionSetResponse.add_member(:next_token, Shapes::ShapeRef.new(shape: Token, location_name: "NextToken"))
423
+ ListCustomerManagedPolicyReferencesInPermissionSetResponse.struct_class = Types::ListCustomerManagedPolicyReferencesInPermissionSetResponse
424
+
365
425
  ListInstancesRequest.add_member(:max_results, Shapes::ShapeRef.new(shape: MaxResults, location_name: "MaxResults"))
366
426
  ListInstancesRequest.add_member(:next_token, Shapes::ShapeRef.new(shape: Token, location_name: "NextToken"))
367
427
  ListInstancesRequest.struct_class = Types::ListInstancesRequest
@@ -411,7 +471,7 @@ module Aws::SSOAdmin
411
471
  ListPermissionSetsResponse.struct_class = Types::ListPermissionSetsResponse
412
472
 
413
473
  ListTagsForResourceRequest.add_member(:instance_arn, Shapes::ShapeRef.new(shape: InstanceArn, required: true, location_name: "InstanceArn"))
414
- ListTagsForResourceRequest.add_member(:resource_arn, Shapes::ShapeRef.new(shape: GeneralArn, required: true, location_name: "ResourceArn"))
474
+ ListTagsForResourceRequest.add_member(:resource_arn, Shapes::ShapeRef.new(shape: TaggableResourceArn, required: true, location_name: "ResourceArn"))
415
475
  ListTagsForResourceRequest.add_member(:next_token, Shapes::ShapeRef.new(shape: Token, location_name: "NextToken"))
416
476
  ListTagsForResourceRequest.struct_class = Types::ListTagsForResourceRequest
417
477
 
@@ -447,6 +507,10 @@ module Aws::SSOAdmin
447
507
  PermissionSetProvisioningStatusMetadata.add_member(:created_date, Shapes::ShapeRef.new(shape: Date, location_name: "CreatedDate"))
448
508
  PermissionSetProvisioningStatusMetadata.struct_class = Types::PermissionSetProvisioningStatusMetadata
449
509
 
510
+ PermissionsBoundary.add_member(:customer_managed_policy_reference, Shapes::ShapeRef.new(shape: CustomerManagedPolicyReference, location_name: "CustomerManagedPolicyReference"))
511
+ PermissionsBoundary.add_member(:managed_policy_arn, Shapes::ShapeRef.new(shape: ManagedPolicyArn, location_name: "ManagedPolicyArn"))
512
+ PermissionsBoundary.struct_class = Types::PermissionsBoundary
513
+
450
514
  ProvisionPermissionSetRequest.add_member(:instance_arn, Shapes::ShapeRef.new(shape: InstanceArn, required: true, location_name: "InstanceArn"))
451
515
  ProvisionPermissionSetRequest.add_member(:permission_set_arn, Shapes::ShapeRef.new(shape: PermissionSetArn, required: true, location_name: "PermissionSetArn"))
452
516
  ProvisionPermissionSetRequest.add_member(:target_id, Shapes::ShapeRef.new(shape: TargetId, location_name: "TargetId"))
@@ -463,14 +527,21 @@ module Aws::SSOAdmin
463
527
 
464
528
  PutInlinePolicyToPermissionSetResponse.struct_class = Types::PutInlinePolicyToPermissionSetResponse
465
529
 
530
+ PutPermissionsBoundaryToPermissionSetRequest.add_member(:instance_arn, Shapes::ShapeRef.new(shape: InstanceArn, required: true, location_name: "InstanceArn"))
531
+ PutPermissionsBoundaryToPermissionSetRequest.add_member(:permission_set_arn, Shapes::ShapeRef.new(shape: PermissionSetArn, required: true, location_name: "PermissionSetArn"))
532
+ PutPermissionsBoundaryToPermissionSetRequest.add_member(:permissions_boundary, Shapes::ShapeRef.new(shape: PermissionsBoundary, required: true, location_name: "PermissionsBoundary"))
533
+ PutPermissionsBoundaryToPermissionSetRequest.struct_class = Types::PutPermissionsBoundaryToPermissionSetRequest
534
+
535
+ PutPermissionsBoundaryToPermissionSetResponse.struct_class = Types::PutPermissionsBoundaryToPermissionSetResponse
536
+
466
537
  ResourceNotFoundException.add_member(:message, Shapes::ShapeRef.new(shape: ResourceNotFoundMessage, location_name: "Message"))
467
538
  ResourceNotFoundException.struct_class = Types::ResourceNotFoundException
468
539
 
469
540
  ServiceQuotaExceededException.add_member(:message, Shapes::ShapeRef.new(shape: ServiceQuotaExceededMessage, location_name: "Message"))
470
541
  ServiceQuotaExceededException.struct_class = Types::ServiceQuotaExceededException
471
542
 
472
- Tag.add_member(:key, Shapes::ShapeRef.new(shape: TagKey, location_name: "Key"))
473
- Tag.add_member(:value, Shapes::ShapeRef.new(shape: TagValue, location_name: "Value"))
543
+ Tag.add_member(:key, Shapes::ShapeRef.new(shape: TagKey, required: true, location_name: "Key"))
544
+ Tag.add_member(:value, Shapes::ShapeRef.new(shape: TagValue, required: true, location_name: "Value"))
474
545
  Tag.struct_class = Types::Tag
475
546
 
476
547
  TagKeyList.member = Shapes::ShapeRef.new(shape: TagKey)
@@ -478,7 +549,7 @@ module Aws::SSOAdmin
478
549
  TagList.member = Shapes::ShapeRef.new(shape: Tag)
479
550
 
480
551
  TagResourceRequest.add_member(:instance_arn, Shapes::ShapeRef.new(shape: InstanceArn, required: true, location_name: "InstanceArn"))
481
- TagResourceRequest.add_member(:resource_arn, Shapes::ShapeRef.new(shape: GeneralArn, required: true, location_name: "ResourceArn"))
552
+ TagResourceRequest.add_member(:resource_arn, Shapes::ShapeRef.new(shape: TaggableResourceArn, required: true, location_name: "ResourceArn"))
482
553
  TagResourceRequest.add_member(:tags, Shapes::ShapeRef.new(shape: TagList, required: true, location_name: "Tags"))
483
554
  TagResourceRequest.struct_class = Types::TagResourceRequest
484
555
 
@@ -488,7 +559,7 @@ module Aws::SSOAdmin
488
559
  ThrottlingException.struct_class = Types::ThrottlingException
489
560
 
490
561
  UntagResourceRequest.add_member(:instance_arn, Shapes::ShapeRef.new(shape: InstanceArn, required: true, location_name: "InstanceArn"))
491
- UntagResourceRequest.add_member(:resource_arn, Shapes::ShapeRef.new(shape: GeneralArn, required: true, location_name: "ResourceArn"))
562
+ UntagResourceRequest.add_member(:resource_arn, Shapes::ShapeRef.new(shape: TaggableResourceArn, required: true, location_name: "ResourceArn"))
492
563
  UntagResourceRequest.add_member(:tag_keys, Shapes::ShapeRef.new(shape: TagKeyList, required: true, location_name: "TagKeys"))
493
564
  UntagResourceRequest.struct_class = Types::UntagResourceRequest
494
565
 
@@ -532,6 +603,21 @@ module Aws::SSOAdmin
532
603
  "uid" => "sso-admin-2020-07-20",
533
604
  }
534
605
 
606
+ api.add_operation(:attach_customer_managed_policy_reference_to_permission_set, Seahorse::Model::Operation.new.tap do |o|
607
+ o.name = "AttachCustomerManagedPolicyReferenceToPermissionSet"
608
+ o.http_method = "POST"
609
+ o.http_request_uri = "/"
610
+ o.input = Shapes::ShapeRef.new(shape: AttachCustomerManagedPolicyReferenceToPermissionSetRequest)
611
+ o.output = Shapes::ShapeRef.new(shape: AttachCustomerManagedPolicyReferenceToPermissionSetResponse)
612
+ o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
613
+ o.errors << Shapes::ShapeRef.new(shape: InternalServerException)
614
+ o.errors << Shapes::ShapeRef.new(shape: ServiceQuotaExceededException)
615
+ o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
616
+ o.errors << Shapes::ShapeRef.new(shape: ValidationException)
617
+ o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
618
+ o.errors << Shapes::ShapeRef.new(shape: ConflictException)
619
+ end)
620
+
535
621
  api.add_operation(:attach_managed_policy_to_permission_set, Seahorse::Model::Operation.new.tap do |o|
536
622
  o.name = "AttachManagedPolicyToPermissionSet"
537
623
  o.http_method = "POST"
@@ -647,6 +733,19 @@ module Aws::SSOAdmin
647
733
  o.errors << Shapes::ShapeRef.new(shape: ConflictException)
648
734
  end)
649
735
 
736
+ api.add_operation(:delete_permissions_boundary_from_permission_set, Seahorse::Model::Operation.new.tap do |o|
737
+ o.name = "DeletePermissionsBoundaryFromPermissionSet"
738
+ o.http_method = "POST"
739
+ o.http_request_uri = "/"
740
+ o.input = Shapes::ShapeRef.new(shape: DeletePermissionsBoundaryFromPermissionSetRequest)
741
+ o.output = Shapes::ShapeRef.new(shape: DeletePermissionsBoundaryFromPermissionSetResponse)
742
+ o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
743
+ o.errors << Shapes::ShapeRef.new(shape: InternalServerException)
744
+ o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
745
+ o.errors << Shapes::ShapeRef.new(shape: ValidationException)
746
+ o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
747
+ end)
748
+
650
749
  api.add_operation(:describe_account_assignment_creation_status, Seahorse::Model::Operation.new.tap do |o|
651
750
  o.name = "DescribeAccountAssignmentCreationStatus"
652
751
  o.http_method = "POST"
@@ -712,6 +811,20 @@ module Aws::SSOAdmin
712
811
  o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
713
812
  end)
714
813
 
814
+ api.add_operation(:detach_customer_managed_policy_reference_from_permission_set, Seahorse::Model::Operation.new.tap do |o|
815
+ o.name = "DetachCustomerManagedPolicyReferenceFromPermissionSet"
816
+ o.http_method = "POST"
817
+ o.http_request_uri = "/"
818
+ o.input = Shapes::ShapeRef.new(shape: DetachCustomerManagedPolicyReferenceFromPermissionSetRequest)
819
+ o.output = Shapes::ShapeRef.new(shape: DetachCustomerManagedPolicyReferenceFromPermissionSetResponse)
820
+ o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
821
+ o.errors << Shapes::ShapeRef.new(shape: InternalServerException)
822
+ o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
823
+ o.errors << Shapes::ShapeRef.new(shape: ValidationException)
824
+ o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
825
+ o.errors << Shapes::ShapeRef.new(shape: ConflictException)
826
+ end)
827
+
715
828
  api.add_operation(:detach_managed_policy_from_permission_set, Seahorse::Model::Operation.new.tap do |o|
716
829
  o.name = "DetachManagedPolicyFromPermissionSet"
717
830
  o.http_method = "POST"
@@ -739,6 +852,19 @@ module Aws::SSOAdmin
739
852
  o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
740
853
  end)
741
854
 
855
+ api.add_operation(:get_permissions_boundary_for_permission_set, Seahorse::Model::Operation.new.tap do |o|
856
+ o.name = "GetPermissionsBoundaryForPermissionSet"
857
+ o.http_method = "POST"
858
+ o.http_request_uri = "/"
859
+ o.input = Shapes::ShapeRef.new(shape: GetPermissionsBoundaryForPermissionSetRequest)
860
+ o.output = Shapes::ShapeRef.new(shape: GetPermissionsBoundaryForPermissionSetResponse)
861
+ o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
862
+ o.errors << Shapes::ShapeRef.new(shape: InternalServerException)
863
+ o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
864
+ o.errors << Shapes::ShapeRef.new(shape: ValidationException)
865
+ o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
866
+ end)
867
+
742
868
  api.add_operation(:list_account_assignment_creation_status, Seahorse::Model::Operation.new.tap do |o|
743
869
  o.name = "ListAccountAssignmentCreationStatus"
744
870
  o.http_method = "POST"
@@ -815,6 +941,25 @@ module Aws::SSOAdmin
815
941
  )
816
942
  end)
817
943
 
944
+ api.add_operation(:list_customer_managed_policy_references_in_permission_set, Seahorse::Model::Operation.new.tap do |o|
945
+ o.name = "ListCustomerManagedPolicyReferencesInPermissionSet"
946
+ o.http_method = "POST"
947
+ o.http_request_uri = "/"
948
+ o.input = Shapes::ShapeRef.new(shape: ListCustomerManagedPolicyReferencesInPermissionSetRequest)
949
+ o.output = Shapes::ShapeRef.new(shape: ListCustomerManagedPolicyReferencesInPermissionSetResponse)
950
+ o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
951
+ o.errors << Shapes::ShapeRef.new(shape: InternalServerException)
952
+ o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
953
+ o.errors << Shapes::ShapeRef.new(shape: ValidationException)
954
+ o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
955
+ o[:pager] = Aws::Pager.new(
956
+ limit_key: "max_results",
957
+ tokens: {
958
+ "next_token" => "next_token"
959
+ }
960
+ )
961
+ end)
962
+
818
963
  api.add_operation(:list_instances, Seahorse::Model::Operation.new.tap do |o|
819
964
  o.name = "ListInstances"
820
965
  o.http_method = "POST"
@@ -956,6 +1101,20 @@ module Aws::SSOAdmin
956
1101
  o.errors << Shapes::ShapeRef.new(shape: ConflictException)
957
1102
  end)
958
1103
 
1104
+ api.add_operation(:put_permissions_boundary_to_permission_set, Seahorse::Model::Operation.new.tap do |o|
1105
+ o.name = "PutPermissionsBoundaryToPermissionSet"
1106
+ o.http_method = "POST"
1107
+ o.http_request_uri = "/"
1108
+ o.input = Shapes::ShapeRef.new(shape: PutPermissionsBoundaryToPermissionSetRequest)
1109
+ o.output = Shapes::ShapeRef.new(shape: PutPermissionsBoundaryToPermissionSetResponse)
1110
+ o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
1111
+ o.errors << Shapes::ShapeRef.new(shape: InternalServerException)
1112
+ o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
1113
+ o.errors << Shapes::ShapeRef.new(shape: ValidationException)
1114
+ o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
1115
+ o.errors << Shapes::ShapeRef.new(shape: ConflictException)
1116
+ end)
1117
+
959
1118
  api.add_operation(:tag_resource, Seahorse::Model::Operation.new.tap do |o|
960
1119
  o.name = "TagResource"
961
1120
  o.http_method = "POST"
@@ -49,7 +49,12 @@ module Aws::SSOAdmin
49
49
  end
50
50
 
51
51
  # The value used for mapping a specified attribute to an identity
52
- # source.
52
+ # source. For more information, see [Attribute mappings][1] in the
53
+ # Amazon Web Services Single Sign-On User Guide.
54
+ #
55
+ #
56
+ #
57
+ # [1]: https://docs.aws.amazon.com/singlesignon/latest/userguide/attributemappingsconcept.html
53
58
  #
54
59
  # @note When making an API call, you may pass AccessControlAttributeValue
55
60
  # data as a hash:
@@ -218,6 +223,48 @@ module Aws::SSOAdmin
218
223
  include Aws::Structure
219
224
  end
220
225
 
226
+ # @note When making an API call, you may pass AttachCustomerManagedPolicyReferenceToPermissionSetRequest
227
+ # data as a hash:
228
+ #
229
+ # {
230
+ # instance_arn: "InstanceArn", # required
231
+ # permission_set_arn: "PermissionSetArn", # required
232
+ # customer_managed_policy_reference: { # required
233
+ # name: "ManagedPolicyName", # required
234
+ # path: "ManagedPolicyPath",
235
+ # },
236
+ # }
237
+ #
238
+ # @!attribute [rw] instance_arn
239
+ # The ARN of the SSO instance under which the operation will be
240
+ # executed.
241
+ # @return [String]
242
+ #
243
+ # @!attribute [rw] permission_set_arn
244
+ # The ARN of the `PermissionSet`.
245
+ # @return [String]
246
+ #
247
+ # @!attribute [rw] customer_managed_policy_reference
248
+ # Specifies the name and path of the IAM customer managed policy. You
249
+ # must have an IAM policy that matches the name and path in each
250
+ # Amazon Web Services account where you want to deploy your permission
251
+ # set.
252
+ # @return [Types::CustomerManagedPolicyReference]
253
+ #
254
+ # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/AttachCustomerManagedPolicyReferenceToPermissionSetRequest AWS API Documentation
255
+ #
256
+ class AttachCustomerManagedPolicyReferenceToPermissionSetRequest < Struct.new(
257
+ :instance_arn,
258
+ :permission_set_arn,
259
+ :customer_managed_policy_reference)
260
+ SENSITIVE = []
261
+ include Aws::Structure
262
+ end
263
+
264
+ # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/AttachCustomerManagedPolicyReferenceToPermissionSetResponse AWS API Documentation
265
+ #
266
+ class AttachCustomerManagedPolicyReferenceToPermissionSetResponse < Aws::EmptyStructure; end
267
+
221
268
  # @note When making an API call, you may pass AttachManagedPolicyToPermissionSetRequest
222
269
  # data as a hash:
223
270
  #
@@ -241,7 +288,8 @@ module Aws::SSOAdmin
241
288
  # @return [String]
242
289
  #
243
290
  # @!attribute [rw] managed_policy_arn
244
- # The IAM managed policy ARN to be attached to a permission set.
291
+ # The Amazon Web Services managed policy ARN to be attached to a
292
+ # permission set.
245
293
  # @return [String]
246
294
  #
247
295
  # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/AttachManagedPolicyToPermissionSetRequest AWS API Documentation
@@ -258,15 +306,17 @@ module Aws::SSOAdmin
258
306
  #
259
307
  class AttachManagedPolicyToPermissionSetResponse < Aws::EmptyStructure; end
260
308
 
261
- # A structure that stores the details of the IAM managed policy.
309
+ # A structure that stores the details of the Amazon Web Services managed
310
+ # IAM policy.
262
311
  #
263
312
  # @!attribute [rw] name
264
- # The name of the IAM managed policy.
313
+ # The name of the Amazon Web Services managed IAM policy.
265
314
  # @return [String]
266
315
  #
267
316
  # @!attribute [rw] arn
268
- # The ARN of the IAM managed policy. For more information about ARNs,
269
- # see [Amazon Resource Names (ARNs) and Amazon Web Services Service
317
+ # The ARN of the Amazon Web Services managed IAM policy. For more
318
+ # information about ARNs, see [Amazon Resource Names (ARNs) and Amazon
319
+ # Web Services Service
270
320
  # Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
271
321
  # *Amazon Web Services General Reference*.
272
322
  # @return [String]
@@ -426,8 +476,8 @@ module Aws::SSOAdmin
426
476
  # relay_state: "RelayState",
427
477
  # tags: [
428
478
  # {
429
- # key: "TagKey",
430
- # value: "TagValue",
479
+ # key: "TagKey", # required
480
+ # value: "TagValue", # required
431
481
  # },
432
482
  # ],
433
483
  # }
@@ -487,6 +537,41 @@ module Aws::SSOAdmin
487
537
  include Aws::Structure
488
538
  end
489
539
 
540
+ # Specifies the name and path of the IAM customer managed policy. You
541
+ # must have an IAM policy that matches the name and path in each Amazon
542
+ # Web Services account where you want to deploy your permission set.
543
+ #
544
+ # @note When making an API call, you may pass CustomerManagedPolicyReference
545
+ # data as a hash:
546
+ #
547
+ # {
548
+ # name: "ManagedPolicyName", # required
549
+ # path: "ManagedPolicyPath",
550
+ # }
551
+ #
552
+ # @!attribute [rw] name
553
+ # The name of the policy document.
554
+ # @return [String]
555
+ #
556
+ # @!attribute [rw] path
557
+ # The path for the policy. The default is `/`. For more information,
558
+ # see [Friendly names and paths][1] in the Identity and Access
559
+ # Management user guide.
560
+ #
561
+ #
562
+ #
563
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-friendly-names
564
+ # @return [String]
565
+ #
566
+ # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/CustomerManagedPolicyReference AWS API Documentation
567
+ #
568
+ class CustomerManagedPolicyReference < Struct.new(
569
+ :name,
570
+ :path)
571
+ SENSITIVE = []
572
+ include Aws::Structure
573
+ end
574
+
490
575
  # @note When making an API call, you may pass DeleteAccountAssignmentRequest
491
576
  # data as a hash:
492
577
  #
@@ -648,6 +733,36 @@ module Aws::SSOAdmin
648
733
  #
649
734
  class DeletePermissionSetResponse < Aws::EmptyStructure; end
650
735
 
736
+ # @note When making an API call, you may pass DeletePermissionsBoundaryFromPermissionSetRequest
737
+ # data as a hash:
738
+ #
739
+ # {
740
+ # instance_arn: "InstanceArn", # required
741
+ # permission_set_arn: "PermissionSetArn", # required
742
+ # }
743
+ #
744
+ # @!attribute [rw] instance_arn
745
+ # The ARN of the SSO instance under which the operation will be
746
+ # executed.
747
+ # @return [String]
748
+ #
749
+ # @!attribute [rw] permission_set_arn
750
+ # The ARN of the `PermissionSet`.
751
+ # @return [String]
752
+ #
753
+ # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/DeletePermissionsBoundaryFromPermissionSetRequest AWS API Documentation
754
+ #
755
+ class DeletePermissionsBoundaryFromPermissionSetRequest < Struct.new(
756
+ :instance_arn,
757
+ :permission_set_arn)
758
+ SENSITIVE = []
759
+ include Aws::Structure
760
+ end
761
+
762
+ # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/DeletePermissionsBoundaryFromPermissionSetResponse AWS API Documentation
763
+ #
764
+ class DeletePermissionsBoundaryFromPermissionSetResponse < Aws::EmptyStructure; end
765
+
651
766
  # @note When making an API call, you may pass DescribeAccountAssignmentCreationStatusRequest
652
767
  # data as a hash:
653
768
  #
@@ -857,6 +972,48 @@ module Aws::SSOAdmin
857
972
  include Aws::Structure
858
973
  end
859
974
 
975
+ # @note When making an API call, you may pass DetachCustomerManagedPolicyReferenceFromPermissionSetRequest
976
+ # data as a hash:
977
+ #
978
+ # {
979
+ # instance_arn: "InstanceArn", # required
980
+ # permission_set_arn: "PermissionSetArn", # required
981
+ # customer_managed_policy_reference: { # required
982
+ # name: "ManagedPolicyName", # required
983
+ # path: "ManagedPolicyPath",
984
+ # },
985
+ # }
986
+ #
987
+ # @!attribute [rw] instance_arn
988
+ # The ARN of the SSO instance under which the operation will be
989
+ # executed.
990
+ # @return [String]
991
+ #
992
+ # @!attribute [rw] permission_set_arn
993
+ # The ARN of the `PermissionSet`.
994
+ # @return [String]
995
+ #
996
+ # @!attribute [rw] customer_managed_policy_reference
997
+ # Specifies the name and path of the IAM customer managed policy. You
998
+ # must have an IAM policy that matches the name and path in each
999
+ # Amazon Web Services account where you want to deploy your permission
1000
+ # set.
1001
+ # @return [Types::CustomerManagedPolicyReference]
1002
+ #
1003
+ # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/DetachCustomerManagedPolicyReferenceFromPermissionSetRequest AWS API Documentation
1004
+ #
1005
+ class DetachCustomerManagedPolicyReferenceFromPermissionSetRequest < Struct.new(
1006
+ :instance_arn,
1007
+ :permission_set_arn,
1008
+ :customer_managed_policy_reference)
1009
+ SENSITIVE = []
1010
+ include Aws::Structure
1011
+ end
1012
+
1013
+ # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/DetachCustomerManagedPolicyReferenceFromPermissionSetResponse AWS API Documentation
1014
+ #
1015
+ class DetachCustomerManagedPolicyReferenceFromPermissionSetResponse < Aws::EmptyStructure; end
1016
+
860
1017
  # @note When making an API call, you may pass DetachManagedPolicyFromPermissionSetRequest
861
1018
  # data as a hash:
862
1019
  #
@@ -880,7 +1037,8 @@ module Aws::SSOAdmin
880
1037
  # @return [String]
881
1038
  #
882
1039
  # @!attribute [rw] managed_policy_arn
883
- # The IAM managed policy ARN to be attached to a permission set.
1040
+ # The Amazon Web Services managed policy ARN to be detached from a
1041
+ # permission set.
884
1042
  # @return [String]
885
1043
  #
886
1044
  # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/DetachManagedPolicyFromPermissionSetRequest AWS API Documentation
@@ -934,7 +1092,45 @@ module Aws::SSOAdmin
934
1092
  #
935
1093
  class GetInlinePolicyForPermissionSetResponse < Struct.new(
936
1094
  :inline_policy)
937
- SENSITIVE = [:inline_policy]
1095
+ SENSITIVE = []
1096
+ include Aws::Structure
1097
+ end
1098
+
1099
+ # @note When making an API call, you may pass GetPermissionsBoundaryForPermissionSetRequest
1100
+ # data as a hash:
1101
+ #
1102
+ # {
1103
+ # instance_arn: "InstanceArn", # required
1104
+ # permission_set_arn: "PermissionSetArn", # required
1105
+ # }
1106
+ #
1107
+ # @!attribute [rw] instance_arn
1108
+ # The ARN of the SSO instance under which the operation will be
1109
+ # executed.
1110
+ # @return [String]
1111
+ #
1112
+ # @!attribute [rw] permission_set_arn
1113
+ # The ARN of the `PermissionSet`.
1114
+ # @return [String]
1115
+ #
1116
+ # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/GetPermissionsBoundaryForPermissionSetRequest AWS API Documentation
1117
+ #
1118
+ class GetPermissionsBoundaryForPermissionSetRequest < Struct.new(
1119
+ :instance_arn,
1120
+ :permission_set_arn)
1121
+ SENSITIVE = []
1122
+ include Aws::Structure
1123
+ end
1124
+
1125
+ # @!attribute [rw] permissions_boundary
1126
+ # The permissions boundary attached to the specified permission set.
1127
+ # @return [Types::PermissionsBoundary]
1128
+ #
1129
+ # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/GetPermissionsBoundaryForPermissionSetResponse AWS API Documentation
1130
+ #
1131
+ class GetPermissionsBoundaryForPermissionSetResponse < Struct.new(
1132
+ :permissions_boundary)
1133
+ SENSITIVE = []
938
1134
  include Aws::Structure
939
1135
  end
940
1136
 
@@ -1266,6 +1462,64 @@ module Aws::SSOAdmin
1266
1462
  include Aws::Structure
1267
1463
  end
1268
1464
 
1465
+ # @note When making an API call, you may pass ListCustomerManagedPolicyReferencesInPermissionSetRequest
1466
+ # data as a hash:
1467
+ #
1468
+ # {
1469
+ # instance_arn: "InstanceArn", # required
1470
+ # permission_set_arn: "PermissionSetArn", # required
1471
+ # max_results: 1,
1472
+ # next_token: "Token",
1473
+ # }
1474
+ #
1475
+ # @!attribute [rw] instance_arn
1476
+ # The ARN of the SSO instance under which the operation will be
1477
+ # executed.
1478
+ # @return [String]
1479
+ #
1480
+ # @!attribute [rw] permission_set_arn
1481
+ # The ARN of the `PermissionSet`.
1482
+ # @return [String]
1483
+ #
1484
+ # @!attribute [rw] max_results
1485
+ # The maximum number of results to display for the list call.
1486
+ # @return [Integer]
1487
+ #
1488
+ # @!attribute [rw] next_token
1489
+ # The pagination token for the list API. Initially the value is null.
1490
+ # Use the output of previous API calls to make subsequent calls.
1491
+ # @return [String]
1492
+ #
1493
+ # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/ListCustomerManagedPolicyReferencesInPermissionSetRequest AWS API Documentation
1494
+ #
1495
+ class ListCustomerManagedPolicyReferencesInPermissionSetRequest < Struct.new(
1496
+ :instance_arn,
1497
+ :permission_set_arn,
1498
+ :max_results,
1499
+ :next_token)
1500
+ SENSITIVE = []
1501
+ include Aws::Structure
1502
+ end
1503
+
1504
+ # @!attribute [rw] customer_managed_policy_references
1505
+ # Specifies the names and paths of the IAM customer managed policies
1506
+ # that you have attached to your permission set.
1507
+ # @return [Array<Types::CustomerManagedPolicyReference>]
1508
+ #
1509
+ # @!attribute [rw] next_token
1510
+ # The pagination token for the list API. Initially the value is null.
1511
+ # Use the output of previous API calls to make subsequent calls.
1512
+ # @return [String]
1513
+ #
1514
+ # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/ListCustomerManagedPolicyReferencesInPermissionSetResponse AWS API Documentation
1515
+ #
1516
+ class ListCustomerManagedPolicyReferencesInPermissionSetResponse < Struct.new(
1517
+ :customer_managed_policy_references,
1518
+ :next_token)
1519
+ SENSITIVE = []
1520
+ include Aws::Structure
1521
+ end
1522
+
1269
1523
  # @note When making an API call, you may pass ListInstancesRequest
1270
1524
  # data as a hash:
1271
1525
  #
@@ -1558,7 +1812,7 @@ module Aws::SSOAdmin
1558
1812
  #
1559
1813
  # {
1560
1814
  # instance_arn: "InstanceArn", # required
1561
- # resource_arn: "GeneralArn", # required
1815
+ # resource_arn: "TaggableResourceArn", # required
1562
1816
  # next_token: "Token",
1563
1817
  # }
1564
1818
  #
@@ -1744,6 +1998,59 @@ module Aws::SSOAdmin
1744
1998
  include Aws::Structure
1745
1999
  end
1746
2000
 
2001
+ # Specifies the configuration of the Amazon Web Services managed or
2002
+ # customer managed policy that you want to set as a permissions
2003
+ # boundary. Specify either `CustomerManagedPolicyReference` to use the
2004
+ # name and path of a customer managed policy, or `ManagedPolicyArn` to
2005
+ # use the ARN of an Amazon Web Services managed IAM policy. A
2006
+ # permissions boundary represents the maximum permissions that any
2007
+ # policy can grant your role. For more information, see [Permissions
2008
+ # boundaries for IAM entities][1] in the *Identity and Access Management
2009
+ # User Guide*.
2010
+ #
2011
+ # Policies used as permissions boundaries do not provide permissions.
2012
+ # You must also attach an IAM policy to the role. To learn how the
2013
+ # effective permissions for a role are evaluated, see [IAM JSON policy
2014
+ # evaluation logic][2] in the *Identity and Access Management User
2015
+ # Guide*.
2016
+ #
2017
+ #
2018
+ #
2019
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html
2020
+ # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html
2021
+ #
2022
+ # @note When making an API call, you may pass PermissionsBoundary
2023
+ # data as a hash:
2024
+ #
2025
+ # {
2026
+ # customer_managed_policy_reference: {
2027
+ # name: "ManagedPolicyName", # required
2028
+ # path: "ManagedPolicyPath",
2029
+ # },
2030
+ # managed_policy_arn: "ManagedPolicyArn",
2031
+ # }
2032
+ #
2033
+ # @!attribute [rw] customer_managed_policy_reference
2034
+ # Specifies the name and path of the IAM customer managed policy. You
2035
+ # must have an IAM policy that matches the name and path in each
2036
+ # Amazon Web Services account where you want to deploy your permission
2037
+ # set.
2038
+ # @return [Types::CustomerManagedPolicyReference]
2039
+ #
2040
+ # @!attribute [rw] managed_policy_arn
2041
+ # The Amazon Web Services managed policy ARN that you want to attach
2042
+ # to a permission set as a permissions boundary.
2043
+ # @return [String]
2044
+ #
2045
+ # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/PermissionsBoundary AWS API Documentation
2046
+ #
2047
+ class PermissionsBoundary < Struct.new(
2048
+ :customer_managed_policy_reference,
2049
+ :managed_policy_arn)
2050
+ SENSITIVE = []
2051
+ include Aws::Structure
2052
+ end
2053
+
1747
2054
  # @note When making an API call, you may pass ProvisionPermissionSetRequest
1748
2055
  # data as a hash:
1749
2056
  #
@@ -1829,7 +2136,7 @@ module Aws::SSOAdmin
1829
2136
  :instance_arn,
1830
2137
  :permission_set_arn,
1831
2138
  :inline_policy)
1832
- SENSITIVE = [:inline_policy]
2139
+ SENSITIVE = []
1833
2140
  include Aws::Structure
1834
2141
  end
1835
2142
 
@@ -1837,6 +2144,49 @@ module Aws::SSOAdmin
1837
2144
  #
1838
2145
  class PutInlinePolicyToPermissionSetResponse < Aws::EmptyStructure; end
1839
2146
 
2147
+ # @note When making an API call, you may pass PutPermissionsBoundaryToPermissionSetRequest
2148
+ # data as a hash:
2149
+ #
2150
+ # {
2151
+ # instance_arn: "InstanceArn", # required
2152
+ # permission_set_arn: "PermissionSetArn", # required
2153
+ # permissions_boundary: { # required
2154
+ # customer_managed_policy_reference: {
2155
+ # name: "ManagedPolicyName", # required
2156
+ # path: "ManagedPolicyPath",
2157
+ # },
2158
+ # managed_policy_arn: "ManagedPolicyArn",
2159
+ # },
2160
+ # }
2161
+ #
2162
+ # @!attribute [rw] instance_arn
2163
+ # The ARN of the SSO instance under which the operation will be
2164
+ # executed.
2165
+ # @return [String]
2166
+ #
2167
+ # @!attribute [rw] permission_set_arn
2168
+ # The ARN of the `PermissionSet`.
2169
+ # @return [String]
2170
+ #
2171
+ # @!attribute [rw] permissions_boundary
2172
+ # The permissions boundary that you want to attach to a
2173
+ # `PermissionSet`.
2174
+ # @return [Types::PermissionsBoundary]
2175
+ #
2176
+ # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/PutPermissionsBoundaryToPermissionSetRequest AWS API Documentation
2177
+ #
2178
+ class PutPermissionsBoundaryToPermissionSetRequest < Struct.new(
2179
+ :instance_arn,
2180
+ :permission_set_arn,
2181
+ :permissions_boundary)
2182
+ SENSITIVE = []
2183
+ include Aws::Structure
2184
+ end
2185
+
2186
+ # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/PutPermissionsBoundaryToPermissionSetResponse AWS API Documentation
2187
+ #
2188
+ class PutPermissionsBoundaryToPermissionSetResponse < Aws::EmptyStructure; end
2189
+
1840
2190
  # Indicates that a requested resource is not found.
1841
2191
  #
1842
2192
  # @!attribute [rw] message
@@ -1873,8 +2223,8 @@ module Aws::SSOAdmin
1873
2223
  # data as a hash:
1874
2224
  #
1875
2225
  # {
1876
- # key: "TagKey",
1877
- # value: "TagValue",
2226
+ # key: "TagKey", # required
2227
+ # value: "TagValue", # required
1878
2228
  # }
1879
2229
  #
1880
2230
  # @!attribute [rw] key
@@ -1899,11 +2249,11 @@ module Aws::SSOAdmin
1899
2249
  #
1900
2250
  # {
1901
2251
  # instance_arn: "InstanceArn", # required
1902
- # resource_arn: "GeneralArn", # required
2252
+ # resource_arn: "TaggableResourceArn", # required
1903
2253
  # tags: [ # required
1904
2254
  # {
1905
- # key: "TagKey",
1906
- # value: "TagValue",
2255
+ # key: "TagKey", # required
2256
+ # value: "TagValue", # required
1907
2257
  # },
1908
2258
  # ],
1909
2259
  # }
@@ -1957,7 +2307,7 @@ module Aws::SSOAdmin
1957
2307
  #
1958
2308
  # {
1959
2309
  # instance_arn: "InstanceArn", # required
1960
- # resource_arn: "GeneralArn", # required
2310
+ # resource_arn: "TaggableResourceArn", # required
1961
2311
  # tag_keys: ["TagKey"], # required
1962
2312
  # }
1963
2313
  #
@@ -28,7 +28,7 @@ require_relative 'aws-sdk-ssoadmin/customizations'
28
28
  # structure.
29
29
  #
30
30
  # sso_admin = Aws::SSOAdmin::Client.new
31
- # resp = sso_admin.attach_managed_policy_to_permission_set(params)
31
+ # resp = sso_admin.attach_customer_managed_policy_reference_to_permission_set(params)
32
32
  #
33
33
  # See {Client} for more information.
34
34
  #
@@ -48,6 +48,6 @@ require_relative 'aws-sdk-ssoadmin/customizations'
48
48
  # @!group service
49
49
  module Aws::SSOAdmin
50
50
 
51
- GEM_VERSION = '1.16.0'
51
+ GEM_VERSION = '1.17.0'
52
52
 
53
53
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: aws-sdk-ssoadmin
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.16.0
4
+ version: 1.17.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Amazon Web Services
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-02-24 00:00:00.000000000 Z
11
+ date: 2022-07-18 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aws-sdk-core