aws-sdk-ssoadmin 1.16.0 → 1.19.0

data/lib/aws-sdk-ssoadmin/client.rb

@@ -361,7 +361,45 @@ module Aws::SSOAdmin
 
     # @!group API Operations
 
-    # Attaches an IAM managed policy ARN to a permission set.
+    # Attaches the specified customer managed policy to the specified
+    # PermissionSet.
+    #
+    # @option params [required, String] :instance_arn
+    #   The ARN of the Amazon Web Services SSO instance under which the
+    #   operation will be executed.
+    #
+    # @option params [required, String] :permission_set_arn
+    #   The ARN of the `PermissionSet`.
+    #
+    # @option params [required, Types::CustomerManagedPolicyReference] :customer_managed_policy_reference
+    #   Specifies the name and path of a customer managed policy. You must
+    #   have an IAM policy that matches the name and path in each Amazon Web
+    #   Services account where you want to deploy your permission set.
+    #
+    # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.attach_customer_managed_policy_reference_to_permission_set({
+    #     instance_arn: "InstanceArn", # required
+    #     permission_set_arn: "PermissionSetArn", # required
+    #     customer_managed_policy_reference: { # required
+    #       name: "ManagedPolicyName", # required
+    #       path: "ManagedPolicyPath",
+    #     },
+    #   })
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/AttachCustomerManagedPolicyReferenceToPermissionSet AWS API Documentation
+    #
+    # @overload attach_customer_managed_policy_reference_to_permission_set(params = {})
+    # @param [Hash] params ({})
+    def attach_customer_managed_policy_reference_to_permission_set(params = {}, options = {})
+      req = build_request(:attach_customer_managed_policy_reference_to_permission_set, params)
+      req.send_request(options)
+    end
+
+    # Attaches an Amazon Web Services managed policy ARN to a permission
+    # set.
     #
     # <note markdown="1"> If the permission set is already referenced by one or more account
     # assignments, you will need to call ` ProvisionPermissionSet ` after
@@ -371,9 +409,9 @@ module Aws::SSOAdmin
     #  </note>
     #
     # @option params [required, String] :instance_arn
-    #   The ARN of the SSO instance under which the operation will be
-    #   executed. For more information about ARNs, see [Amazon Resource Names
-    #   (ARNs) and Amazon Web Services Service
+    #   The ARN of the Amazon Web Services SSO instance under which the
+    #   operation will be executed. For more information about ARNs, see
+    #   [Amazon Resource Names (ARNs) and Amazon Web Services Service
     #   Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
     #   *Amazon Web Services General Reference*.
     #
@@ -382,7 +420,8 @@ module Aws::SSOAdmin
     #   attached to.
     #
     # @option params [required, String] :managed_policy_arn
-    #   The IAM managed policy ARN to be attached to a permission set.
+    #   The Amazon Web Services managed policy ARN to be attached to a
+    #   permission set.
     #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
@@ -413,18 +452,24 @@ module Aws::SSOAdmin
     #
     # <note markdown="1"> As part of a successful `CreateAccountAssignment` call, the specified
     # permission set will automatically be provisioned to the account in the
-    # form of an IAM policy. That policy is attached to the SSO-created IAM
-    # role. If the permission set is subsequently updated, the corresponding
-    # IAM policies attached to roles in your accounts will not be updated
-    # automatically. In this case, you must call ` ProvisionPermissionSet `
-    # to make these updates.
+    # form of an IAM policy. That policy is attached to the IAM role created
+    # in Amazon Web Services SSO. If the permission set is subsequently
+    # updated, the corresponding IAM policies attached to roles in your
+    # accounts will not be updated automatically. In this case, you must
+    # call ` ProvisionPermissionSet ` to make these updates.
+    #
+    #  </note>
+    #
+    # <note markdown="1"> After a successful response, call
+    # `DescribeAccountAssignmentCreationStatus` to describe the status of an
+    # assignment creation request.
     #
     #  </note>
     #
     # @option params [required, String] :instance_arn
-    #   The ARN of the SSO instance under which the operation will be
-    #   executed. For more information about ARNs, see [Amazon Resource Names
-    #   (ARNs) and Amazon Web Services Service
+    #   The ARN of the Amazon Web Services SSO instance under which the
+    #   operation will be executed. For more information about ARNs, see
+    #   [Amazon Resource Names (ARNs) and Amazon Web Services Service
     #   Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
     #   *Amazon Web Services General Reference*.
     #
@@ -493,9 +538,15 @@ module Aws::SSOAdmin
     # Control](/singlesignon/latest/userguide/abac.html) in the *Amazon Web
     # Services SSO User Guide*.
     #
+    # <note markdown="1"> After a successful response, call
+    # `DescribeInstanceAccessControlAttributeConfiguration` to validate that
+    # `InstanceAccessControlAttributeConfiguration` was created.
+    #
+    #  </note>
+    #
     # @option params [required, String] :instance_arn
-    #   The ARN of the SSO instance under which the operation will be
-    #   executed.
+    #   The ARN of the Amazon Web Services SSO instance under which the
+    #   operation will be executed.
     #
     # @option params [required, Types::InstanceAccessControlAttributeConfiguration] :instance_access_control_attribute_configuration
     #   Specifies the Amazon Web Services SSO identity store attributes to add
@@ -534,7 +585,8 @@ module Aws::SSOAdmin
       req.send_request(options)
     end
 
-    # Creates a permission set within a specified SSO instance.
+    # Creates a permission set within a specified Amazon Web Services SSO
+    # instance.
     #
     # <note markdown="1"> To grant users and groups access to Amazon Web Services account
     # resources, use ` CreateAccountAssignment `.
@@ -548,9 +600,9 @@ module Aws::SSOAdmin
     #   The description of the PermissionSet.
     #
     # @option params [required, String] :instance_arn
-    #   The ARN of the SSO instance under which the operation will be
-    #   executed. For more information about ARNs, see [Amazon Resource Names
-    #   (ARNs) and Amazon Web Services Service
+    #   The ARN of the Amazon Web Services SSO instance under which the
+    #   operation will be executed. For more information about ARNs, see
+    #   [Amazon Resource Names (ARNs) and Amazon Web Services Service
     #   Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
     #   *Amazon Web Services General Reference*.
     #
@@ -579,8 +631,8 @@ module Aws::SSOAdmin
     #     relay_state: "RelayState",
     #     tags: [
     #       {
-    #         key: "TagKey",
-    #         value: "TagValue",
+    #         key: "TagKey", # required
+    #         value: "TagValue", # required
     #       },
     #     ],
     #   })
@@ -606,10 +658,16 @@ module Aws::SSOAdmin
     # Deletes a principal's access from a specified Amazon Web Services
     # account using a specified permission set.
     #
+    # <note markdown="1"> After a successful response, call
+    # `DescribeAccountAssignmentCreationStatus` to describe the status of an
+    # assignment deletion request.
+    #
+    #  </note>
+    #
     # @option params [required, String] :instance_arn
-    #   The ARN of the SSO instance under which the operation will be
-    #   executed. For more information about ARNs, see [Amazon Resource Names
-    #   (ARNs) and Amazon Web Services Service
+    #   The ARN of the Amazon Web Services SSO instance under which the
+    #   operation will be executed. For more information about ARNs, see
+    #   [Amazon Resource Names (ARNs) and Amazon Web Services Service
     #   Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
     #   *Amazon Web Services General Reference*.
     #
@@ -673,9 +731,9 @@ module Aws::SSOAdmin
     # Deletes the inline policy from a specified permission set.
     #
     # @option params [required, String] :instance_arn
-    #   The ARN of the SSO instance under which the operation will be
-    #   executed. For more information about ARNs, see [Amazon Resource Names
-    #   (ARNs) and Amazon Web Services Service
+    #   The ARN of the Amazon Web Services SSO instance under which the
+    #   operation will be executed. For more information about ARNs, see
+    #   [Amazon Resource Names (ARNs) and Amazon Web Services Service
     #   Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
     #   *Amazon Web Services General Reference*.
     #
@@ -710,8 +768,8 @@ module Aws::SSOAdmin
     # Services SSO User Guide*.
     #
     # @option params [required, String] :instance_arn
-    #   The ARN of the SSO instance under which the operation will be
-    #   executed.
+    #   The ARN of the Amazon Web Services SSO instance under which the
+    #   operation will be executed.
     #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
@@ -733,9 +791,9 @@ module Aws::SSOAdmin
     # Deletes the specified permission set.
     #
     # @option params [required, String] :instance_arn
-    #   The ARN of the SSO instance under which the operation will be
-    #   executed. For more information about ARNs, see [Amazon Resource Names
-    #   (ARNs) and Amazon Web Services Service
+    #   The ARN of the Amazon Web Services SSO instance under which the
+    #   operation will be executed. For more information about ARNs, see
+    #   [Amazon Resource Names (ARNs) and Amazon Web Services Service
     #   Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
     #   *Amazon Web Services General Reference*.
     #
@@ -760,12 +818,39 @@ module Aws::SSOAdmin
       req.send_request(options)
     end
 
+    # Deletes the permissions boundary from a specified PermissionSet.
+    #
+    # @option params [required, String] :instance_arn
+    #   The ARN of the Amazon Web Services SSO instance under which the
+    #   operation will be executed.
+    #
+    # @option params [required, String] :permission_set_arn
+    #   The ARN of the `PermissionSet`.
+    #
+    # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.delete_permissions_boundary_from_permission_set({
+    #     instance_arn: "InstanceArn", # required
+    #     permission_set_arn: "PermissionSetArn", # required
+    #   })
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/DeletePermissionsBoundaryFromPermissionSet AWS API Documentation
+    #
+    # @overload delete_permissions_boundary_from_permission_set(params = {})
+    # @param [Hash] params ({})
+    def delete_permissions_boundary_from_permission_set(params = {}, options = {})
+      req = build_request(:delete_permissions_boundary_from_permission_set, params)
+      req.send_request(options)
+    end
+
     # Describes the status of the assignment creation request.
     #
     # @option params [required, String] :instance_arn
-    #   The ARN of the SSO instance under which the operation will be
-    #   executed. For more information about ARNs, see [Amazon Resource Names
-    #   (ARNs) and Amazon Web Services Service
+    #   The ARN of the Amazon Web Services SSO instance under which the
+    #   operation will be executed. For more information about ARNs, see
+    #   [Amazon Resource Names (ARNs) and Amazon Web Services Service
     #   Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
     #   *Amazon Web Services General Reference*.
     #
@@ -807,9 +892,9 @@ module Aws::SSOAdmin
     # Describes the status of the assignment deletion request.
     #
     # @option params [required, String] :instance_arn
-    #   The ARN of the SSO instance under which the operation will be
-    #   executed. For more information about ARNs, see [Amazon Resource Names
-    #   (ARNs) and Amazon Web Services Service
+    #   The ARN of the Amazon Web Services SSO instance under which the
+    #   operation will be executed. For more information about ARNs, see
+    #   [Amazon Resource Names (ARNs) and Amazon Web Services Service
     #   Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
     #   *Amazon Web Services General Reference*.
     #
@@ -857,8 +942,8 @@ module Aws::SSOAdmin
     # Services SSO User Guide*.
     #
     # @option params [required, String] :instance_arn
-    #   The ARN of the SSO instance under which the operation will be
-    #   executed.
+    #   The ARN of the Amazon Web Services SSO instance under which the
+    #   operation will be executed.
     #
     # @return [Types::DescribeInstanceAccessControlAttributeConfigurationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -893,9 +978,9 @@ module Aws::SSOAdmin
     # Gets the details of the permission set.
     #
     # @option params [required, String] :instance_arn
-    #   The ARN of the SSO instance under which the operation will be
-    #   executed. For more information about ARNs, see [Amazon Resource Names
-    #   (ARNs) and Amazon Web Services Service
+    #   The ARN of the Amazon Web Services SSO instance under which the
+    #   operation will be executed. For more information about ARNs, see
+    #   [Amazon Resource Names (ARNs) and Amazon Web Services Service
     #   Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
     #   *Amazon Web Services General Reference*.
     #
@@ -935,9 +1020,9 @@ module Aws::SSOAdmin
     # request.
     #
     # @option params [required, String] :instance_arn
-    #   The ARN of the SSO instance under which the operation will be
-    #   executed. For more information about ARNs, see [Amazon Resource Names
-    #   (ARNs) and Amazon Web Services Service
+    #   The ARN of the Amazon Web Services SSO instance under which the
+    #   operation will be executed. For more information about ARNs, see
+    #   [Amazon Resource Names (ARNs) and Amazon Web Services Service
     #   Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
     #   *Amazon Web Services General Reference*.
     #
@@ -974,13 +1059,50 @@ module Aws::SSOAdmin
       req.send_request(options)
     end
 
-    # Detaches the attached IAM managed policy ARN from the specified
-    # permission set.
+    # Detaches the specified customer managed policy from the specified
+    # PermissionSet.
     #
     # @option params [required, String] :instance_arn
-    #   The ARN of the SSO instance under which the operation will be
-    #   executed. For more information about ARNs, see [Amazon Resource Names
-    #   (ARNs) and Amazon Web Services Service
+    #   The ARN of the Amazon Web Services SSO instance under which the
+    #   operation will be executed.
+    #
+    # @option params [required, String] :permission_set_arn
+    #   The ARN of the `PermissionSet`.
+    #
+    # @option params [required, Types::CustomerManagedPolicyReference] :customer_managed_policy_reference
+    #   Specifies the name and path of a customer managed policy. You must
+    #   have an IAM policy that matches the name and path in each Amazon Web
+    #   Services account where you want to deploy your permission set.
+    #
+    # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.detach_customer_managed_policy_reference_from_permission_set({
+    #     instance_arn: "InstanceArn", # required
+    #     permission_set_arn: "PermissionSetArn", # required
+    #     customer_managed_policy_reference: { # required
+    #       name: "ManagedPolicyName", # required
+    #       path: "ManagedPolicyPath",
+    #     },
+    #   })
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/DetachCustomerManagedPolicyReferenceFromPermissionSet AWS API Documentation
+    #
+    # @overload detach_customer_managed_policy_reference_from_permission_set(params = {})
+    # @param [Hash] params ({})
+    def detach_customer_managed_policy_reference_from_permission_set(params = {}, options = {})
+      req = build_request(:detach_customer_managed_policy_reference_from_permission_set, params)
+      req.send_request(options)
+    end
+
+    # Detaches the attached Amazon Web Services managed policy ARN from the
+    # specified permission set.
+    #
+    # @option params [required, String] :instance_arn
+    #   The ARN of the Amazon Web Services SSO instance under which the
+    #   operation will be executed. For more information about ARNs, see
+    #   [Amazon Resource Names (ARNs) and Amazon Web Services Service
     #   Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
     #   *Amazon Web Services General Reference*.
     #
@@ -988,7 +1110,8 @@ module Aws::SSOAdmin
     #   The ARN of the PermissionSet from which the policy should be detached.
     #
     # @option params [required, String] :managed_policy_arn
-    #   The IAM managed policy ARN to be attached to a permission set.
+    #   The Amazon Web Services managed policy ARN to be detached from a
+    #   permission set.
     #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
@@ -1012,9 +1135,9 @@ module Aws::SSOAdmin
     # Obtains the inline policy assigned to the permission set.
     #
     # @option params [required, String] :instance_arn
-    #   The ARN of the SSO instance under which the operation will be
-    #   executed. For more information about ARNs, see [Amazon Resource Names
-    #   (ARNs) and Amazon Web Services Service
+    #   The ARN of the Amazon Web Services SSO instance under which the
+    #   operation will be executed. For more information about ARNs, see
+    #   [Amazon Resource Names (ARNs) and Amazon Web Services Service
     #   Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
     #   *Amazon Web Services General Reference*.
     #
@@ -1045,13 +1168,48 @@ module Aws::SSOAdmin
       req.send_request(options)
     end
 
+    # Obtains the permissions boundary for a specified PermissionSet.
+    #
+    # @option params [required, String] :instance_arn
+    #   The ARN of the Amazon Web Services SSO instance under which the
+    #   operation will be executed.
+    #
+    # @option params [required, String] :permission_set_arn
+    #   The ARN of the `PermissionSet`.
+    #
+    # @return [Types::GetPermissionsBoundaryForPermissionSetResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::GetPermissionsBoundaryForPermissionSetResponse#permissions_boundary #permissions_boundary} => Types::PermissionsBoundary
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.get_permissions_boundary_for_permission_set({
+    #     instance_arn: "InstanceArn", # required
+    #     permission_set_arn: "PermissionSetArn", # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.permissions_boundary.customer_managed_policy_reference.name #=> String
+    #   resp.permissions_boundary.customer_managed_policy_reference.path #=> String
+    #   resp.permissions_boundary.managed_policy_arn #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/GetPermissionsBoundaryForPermissionSet AWS API Documentation
+    #
+    # @overload get_permissions_boundary_for_permission_set(params = {})
+    # @param [Hash] params ({})
+    def get_permissions_boundary_for_permission_set(params = {}, options = {})
+      req = build_request(:get_permissions_boundary_for_permission_set, params)
+      req.send_request(options)
+    end
+
     # Lists the status of the Amazon Web Services account assignment
-    # creation requests for a specified SSO instance.
+    # creation requests for a specified Amazon Web Services SSO instance.
     #
     # @option params [required, String] :instance_arn
-    #   The ARN of the SSO instance under which the operation will be
-    #   executed. For more information about ARNs, see [Amazon Resource Names
-    #   (ARNs) and Amazon Web Services Service
+    #   The ARN of the Amazon Web Services SSO instance under which the
+    #   operation will be executed. For more information about ARNs, see
+    #   [Amazon Resource Names (ARNs) and Amazon Web Services Service
     #   Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
     #   *Amazon Web Services General Reference*.
     #
@@ -1101,12 +1259,12 @@ module Aws::SSOAdmin
     end
 
     # Lists the status of the Amazon Web Services account assignment
-    # deletion requests for a specified SSO instance.
+    # deletion requests for a specified Amazon Web Services SSO instance.
     #
     # @option params [required, String] :instance_arn
-    #   The ARN of the SSO instance under which the operation will be
-    #   executed. For more information about ARNs, see [Amazon Resource Names
-    #   (ARNs) and Amazon Web Services Service
+    #   The ARN of the Amazon Web Services SSO instance under which the
+    #   operation will be executed. For more information about ARNs, see
+    #   [Amazon Resource Names (ARNs) and Amazon Web Services Service
     #   Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
     #   *Amazon Web Services General Reference*.
     #
@@ -1159,9 +1317,9 @@ module Aws::SSOAdmin
     # the specified permission set.
     #
     # @option params [required, String] :instance_arn
-    #   The ARN of the SSO instance under which the operation will be
-    #   executed. For more information about ARNs, see [Amazon Resource Names
-    #   (ARNs) and Amazon Web Services Service
+    #   The ARN of the Amazon Web Services SSO instance under which the
+    #   operation will be executed. For more information about ARNs, see
+    #   [Amazon Resource Names (ARNs) and Amazon Web Services Service
     #   Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
     #   *Amazon Web Services General Reference*.
     #
@@ -1218,9 +1376,9 @@ module Aws::SSOAdmin
     # permission set is provisioned.
     #
     # @option params [required, String] :instance_arn
-    #   The ARN of the SSO instance under which the operation will be
-    #   executed. For more information about ARNs, see [Amazon Resource Names
-    #   (ARNs) and Amazon Web Services Service
+    #   The ARN of the Amazon Web Services SSO instance under which the
+    #   operation will be executed. For more information about ARNs, see
+    #   [Amazon Resource Names (ARNs) and Amazon Web Services Service
     #   Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
     #   *Amazon Web Services General Reference*.
     #
@@ -1271,7 +1429,57 @@ module Aws::SSOAdmin
       req.send_request(options)
     end
 
-    # Lists the SSO instances that the caller has access to.
+    # Lists all customer managed policies attached to a specified
+    # PermissionSet.
+    #
+    # @option params [required, String] :instance_arn
+    #   The ARN of the Amazon Web Services SSO instance under which the
+    #   operation will be executed.
+    #
+    # @option params [required, String] :permission_set_arn
+    #   The ARN of the `PermissionSet`.
+    #
+    # @option params [Integer] :max_results
+    #   The maximum number of results to display for the list call.
+    #
+    # @option params [String] :next_token
+    #   The pagination token for the list API. Initially the value is null.
+    #   Use the output of previous API calls to make subsequent calls.
+    #
+    # @return [Types::ListCustomerManagedPolicyReferencesInPermissionSetResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::ListCustomerManagedPolicyReferencesInPermissionSetResponse#customer_managed_policy_references #customer_managed_policy_references} => Array&lt;Types::CustomerManagedPolicyReference&gt;
+    #   * {Types::ListCustomerManagedPolicyReferencesInPermissionSetResponse#next_token #next_token} => String
+    #
+    # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.list_customer_managed_policy_references_in_permission_set({
+    #     instance_arn: "InstanceArn", # required
+    #     permission_set_arn: "PermissionSetArn", # required
+    #     max_results: 1,
+    #     next_token: "Token",
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.customer_managed_policy_references #=> Array
+    #   resp.customer_managed_policy_references[0].name #=> String
+    #   resp.customer_managed_policy_references[0].path #=> String
+    #   resp.next_token #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/ListCustomerManagedPolicyReferencesInPermissionSet AWS API Documentation
+    #
+    # @overload list_customer_managed_policy_references_in_permission_set(params = {})
+    # @param [Hash] params ({})
+    def list_customer_managed_policy_references_in_permission_set(params = {}, options = {})
+      req = build_request(:list_customer_managed_policy_references_in_permission_set, params)
+      req.send_request(options)
+    end
+
+    # Lists the Amazon Web Services SSO instances that the caller has access
+    # to.
     #
     # @option params [Integer] :max_results
     #   The maximum number of results to display for the instance.
@@ -1310,13 +1518,13 @@ module Aws::SSOAdmin
       req.send_request(options)
     end
 
-    # Lists the IAM managed policy that is attached to a specified
-    # permission set.
+    # Lists the Amazon Web Services managed policy that is attached to a
+    # specified permission set.
     #
     # @option params [required, String] :instance_arn
-    #   The ARN of the SSO instance under which the operation will be
-    #   executed. For more information about ARNs, see [Amazon Resource Names
-    #   (ARNs) and Amazon Web Services Service
+    #   The ARN of the Amazon Web Services SSO instance under which the
+    #   operation will be executed. For more information about ARNs, see
+    #   [Amazon Resource Names (ARNs) and Amazon Web Services Service
     #   Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
     #   *Amazon Web Services General Reference*.
     #
@@ -1363,12 +1571,12 @@ module Aws::SSOAdmin
     end
 
     # Lists the status of the permission set provisioning requests for a
-    # specified SSO instance.
+    # specified Amazon Web Services SSO instance.
     #
     # @option params [required, String] :instance_arn
-    #   The ARN of the SSO instance under which the operation will be
-    #   executed. For more information about ARNs, see [Amazon Resource Names
-    #   (ARNs) and Amazon Web Services Service
+    #   The ARN of the Amazon Web Services SSO instance under which the
+    #   operation will be executed. For more information about ARNs, see
+    #   [Amazon Resource Names (ARNs) and Amazon Web Services Service
     #   Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
     #   *Amazon Web Services General Reference*.
     #
@@ -1417,12 +1625,12 @@ module Aws::SSOAdmin
       req.send_request(options)
     end
 
-    # Lists the PermissionSets in an SSO instance.
+    # Lists the PermissionSets in an Amazon Web Services SSO instance.
     #
     # @option params [required, String] :instance_arn
-    #   The ARN of the SSO instance under which the operation will be
-    #   executed. For more information about ARNs, see [Amazon Resource Names
-    #   (ARNs) and Amazon Web Services Service
+    #   The ARN of the Amazon Web Services SSO instance under which the
+    #   operation will be executed. For more information about ARNs, see
+    #   [Amazon Resource Names (ARNs) and Amazon Web Services Service
     #   Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
     #   *Amazon Web Services General Reference*.
     #
@@ -1467,9 +1675,9 @@ module Aws::SSOAdmin
     # Amazon Web Services account.
     #
     # @option params [required, String] :instance_arn
-    #   The ARN of the SSO instance under which the operation will be
-    #   executed. For more information about ARNs, see [Amazon Resource Names
-    #   (ARNs) and Amazon Web Services Service
+    #   The ARN of the Amazon Web Services SSO instance under which the
+    #   operation will be executed. For more information about ARNs, see
+    #   [Amazon Resource Names (ARNs) and Amazon Web Services Service
     #   Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
     #   *Amazon Web Services General Reference*.
     #
@@ -1522,9 +1730,9 @@ module Aws::SSOAdmin
     # Lists the tags that are attached to a specified resource.
     #
     # @option params [required, String] :instance_arn
-    #   The ARN of the SSO instance under which the operation will be
-    #   executed. For more information about ARNs, see [Amazon Resource Names
-    #   (ARNs) and Amazon Web Services Service
+    #   The ARN of the Amazon Web Services SSO instance under which the
+    #   operation will be executed. For more information about ARNs, see
+    #   [Amazon Resource Names (ARNs) and Amazon Web Services Service
     #   Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
     #   *Amazon Web Services General Reference*.
     #
@@ -1546,7 +1754,7 @@ module Aws::SSOAdmin
     #
     #   resp = client.list_tags_for_resource({
     #     instance_arn: "InstanceArn", # required
-    #     resource_arn: "GeneralArn", # required
+    #     resource_arn: "TaggableResourceArn", # required
     #     next_token: "Token",
     #   })
     #
@@ -1570,9 +1778,9 @@ module Aws::SSOAdmin
     # specified target.
     #
     # @option params [required, String] :instance_arn
-    #   The ARN of the SSO instance under which the operation will be
-    #   executed. For more information about ARNs, see [Amazon Resource Names
-    #   (ARNs) and Amazon Web Services Service
+    #   The ARN of the Amazon Web Services SSO instance under which the
+    #   operation will be executed. For more information about ARNs, see
+    #   [Amazon Resource Names (ARNs) and Amazon Web Services Service
     #   Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
     #   *Amazon Web Services General Reference*.
     #
@@ -1617,7 +1825,7 @@ module Aws::SSOAdmin
       req.send_request(options)
     end
 
-    # Attaches an IAM inline policy to a permission set.
+    # Attaches an inline policy to a permission set.
     #
     # <note markdown="1"> If the permission set is already referenced by one or more account
     # assignments, you will need to call ` ProvisionPermissionSet ` after
@@ -1627,9 +1835,9 @@ module Aws::SSOAdmin
     #  </note>
     #
     # @option params [required, String] :instance_arn
-    #   The ARN of the SSO instance under which the operation will be
-    #   executed. For more information about ARNs, see [Amazon Resource Names
-    #   (ARNs) and Amazon Web Services Service
+    #   The ARN of the Amazon Web Services SSO instance under which the
+    #   operation will be executed. For more information about ARNs, see
+    #   [Amazon Resource Names (ARNs) and Amazon Web Services Service
     #   Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
     #   *Amazon Web Services General Reference*.
     #
@@ -1637,7 +1845,7 @@ module Aws::SSOAdmin
     #   The ARN of the permission set.
     #
     # @option params [required, String] :inline_policy
-    #   The IAM inline policy to attach to a PermissionSet.
+    #   The inline policy to attach to a PermissionSet.
     #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
@@ -1658,12 +1866,50 @@ module Aws::SSOAdmin
       req.send_request(options)
     end
 
+    # Attaches an Amazon Web Services managed or customer managed policy to
+    # the specified PermissionSet as a permissions boundary.
+    #
+    # @option params [required, String] :instance_arn
+    #   The ARN of the Amazon Web Services SSO instance under which the
+    #   operation will be executed.
+    #
+    # @option params [required, String] :permission_set_arn
+    #   The ARN of the `PermissionSet`.
+    #
+    # @option params [required, Types::PermissionsBoundary] :permissions_boundary
+    #   The permissions boundary that you want to attach to a `PermissionSet`.
+    #
+    # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.put_permissions_boundary_to_permission_set({
+    #     instance_arn: "InstanceArn", # required
+    #     permission_set_arn: "PermissionSetArn", # required
+    #     permissions_boundary: { # required
+    #       customer_managed_policy_reference: {
+    #         name: "ManagedPolicyName", # required
+    #         path: "ManagedPolicyPath",
+    #       },
+    #       managed_policy_arn: "ManagedPolicyArn",
+    #     },
+    #   })
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/PutPermissionsBoundaryToPermissionSet AWS API Documentation
+    #
+    # @overload put_permissions_boundary_to_permission_set(params = {})
+    # @param [Hash] params ({})
+    def put_permissions_boundary_to_permission_set(params = {}, options = {})
+      req = build_request(:put_permissions_boundary_to_permission_set, params)
+      req.send_request(options)
+    end
+
     # Associates a set of tags with a specified resource.
     #
     # @option params [required, String] :instance_arn
-    #   The ARN of the SSO instance under which the operation will be
-    #   executed. For more information about ARNs, see [Amazon Resource Names
-    #   (ARNs) and Amazon Web Services Service
+    #   The ARN of the Amazon Web Services SSO instance under which the
+    #   operation will be executed. For more information about ARNs, see
+    #   [Amazon Resource Names (ARNs) and Amazon Web Services Service
     #   Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
     #   *Amazon Web Services General Reference*.
     #
@@ -1679,11 +1925,11 @@ module Aws::SSOAdmin
     #
     #   resp = client.tag_resource({
     #     instance_arn: "InstanceArn", # required
-    #     resource_arn: "GeneralArn", # required
+    #     resource_arn: "TaggableResourceArn", # required
     #     tags: [ # required
     #       {
-    #         key: "TagKey",
-    #         value: "TagValue",
+    #         key: "TagKey", # required
+    #         value: "TagValue", # required
     #       },
     #     ],
     #   })
@@ -1700,9 +1946,9 @@ module Aws::SSOAdmin
     # Disassociates a set of tags from a specified resource.
     #
     # @option params [required, String] :instance_arn
-    #   The ARN of the SSO instance under which the operation will be
-    #   executed. For more information about ARNs, see [Amazon Resource Names
-    #   (ARNs) and Amazon Web Services Service
+    #   The ARN of the Amazon Web Services SSO instance under which the
+    #   operation will be executed. For more information about ARNs, see
+    #   [Amazon Resource Names (ARNs) and Amazon Web Services Service
     #   Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
     #   *Amazon Web Services General Reference*.
     #
@@ -1718,7 +1964,7 @@ module Aws::SSOAdmin
     #
     #   resp = client.untag_resource({
     #     instance_arn: "InstanceArn", # required
-    #     resource_arn: "GeneralArn", # required
+    #     resource_arn: "TaggableResourceArn", # required
     #     tag_keys: ["TagKey"], # required
     #   })
     #
@@ -1744,8 +1990,8 @@ module Aws::SSOAdmin
     # Services SSO User Guide*.
     #
     # @option params [required, String] :instance_arn
-    #   The ARN of the SSO instance under which the operation will be
-    #   executed.
+    #   The ARN of the Amazon Web Services SSO instance under which the
+    #   operation will be executed.
     #
     # @option params [required, Types::InstanceAccessControlAttributeConfiguration] :instance_access_control_attribute_configuration
     #   Updates the attributes for your ABAC configuration.
@@ -1780,9 +2026,9 @@ module Aws::SSOAdmin
     # Updates an existing permission set.
     #
     # @option params [required, String] :instance_arn
-    #   The ARN of the SSO instance under which the operation will be
-    #   executed. For more information about ARNs, see [Amazon Resource Names
-    #   (ARNs) and Amazon Web Services Service
+    #   The ARN of the Amazon Web Services SSO instance under which the
+    #   operation will be executed. For more information about ARNs, see
+    #   [Amazon Resource Names (ARNs) and Amazon Web Services Service
     #   Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
     #   *Amazon Web Services General Reference*.
     #
@@ -1834,7 +2080,7 @@ module Aws::SSOAdmin
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-ssoadmin'
-      context[:gem_version] = '1.16.0'
+      context[:gem_version] = '1.19.0'
       Seahorse::Client::Request.new(handlers, context)
     end