aws-sdk-ssoadmin 1.19.0 → 1.21.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +10 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-ssoadmin/client.rb +230 -220
- data/lib/aws-sdk-ssoadmin/endpoint_parameters.rb +66 -0
- data/lib/aws-sdk-ssoadmin/endpoint_provider.rb +111 -0
- data/lib/aws-sdk-ssoadmin/endpoints.rb +533 -0
- data/lib/aws-sdk-ssoadmin/plugins/endpoints.rb +142 -0
- data/lib/aws-sdk-ssoadmin/types.rb +200 -208
- data/lib/aws-sdk-ssoadmin.rb +5 -1
- metadata +8 -4
@@ -30,7 +30,7 @@ require 'aws-sdk-core/plugins/http_checksum.rb'
|
|
30
30
|
require 'aws-sdk-core/plugins/checksum_algorithm.rb'
|
31
31
|
require 'aws-sdk-core/plugins/defaults_mode.rb'
|
32
32
|
require 'aws-sdk-core/plugins/recursion_detection.rb'
|
33
|
-
require 'aws-sdk-core/plugins/
|
33
|
+
require 'aws-sdk-core/plugins/sign.rb'
|
34
34
|
require 'aws-sdk-core/plugins/protocols/json_rpc.rb'
|
35
35
|
|
36
36
|
Aws::Plugins::GlobalConfiguration.add_identifier(:ssoadmin)
|
@@ -79,8 +79,9 @@ module Aws::SSOAdmin
|
|
79
79
|
add_plugin(Aws::Plugins::ChecksumAlgorithm)
|
80
80
|
add_plugin(Aws::Plugins::DefaultsMode)
|
81
81
|
add_plugin(Aws::Plugins::RecursionDetection)
|
82
|
-
add_plugin(Aws::Plugins::
|
82
|
+
add_plugin(Aws::Plugins::Sign)
|
83
83
|
add_plugin(Aws::Plugins::Protocols::JsonRpc)
|
84
|
+
add_plugin(Aws::SSOAdmin::Plugins::Endpoints)
|
84
85
|
|
85
86
|
# @overload initialize(options)
|
86
87
|
# @param [Hash] options
|
@@ -297,6 +298,19 @@ module Aws::SSOAdmin
|
|
297
298
|
# ** Please note ** When response stubbing is enabled, no HTTP
|
298
299
|
# requests are made, and retries are disabled.
|
299
300
|
#
|
301
|
+
# @option options [Aws::TokenProvider] :token_provider
|
302
|
+
# A Bearer Token Provider. This can be an instance of any one of the
|
303
|
+
# following classes:
|
304
|
+
#
|
305
|
+
# * `Aws::StaticTokenProvider` - Used for configuring static, non-refreshing
|
306
|
+
# tokens.
|
307
|
+
#
|
308
|
+
# * `Aws::SSOTokenProvider` - Used for loading tokens from AWS SSO using an
|
309
|
+
# access token generated from `aws login`.
|
310
|
+
#
|
311
|
+
# When `:token_provider` is not configured directly, the `Aws::TokenProviderChain`
|
312
|
+
# will be used to search for tokens configured for your profile in shared configuration files.
|
313
|
+
#
|
300
314
|
# @option options [Boolean] :use_dualstack_endpoint
|
301
315
|
# When set to `true`, dualstack enabled endpoints (with `.aws` TLD)
|
302
316
|
# will be used if available.
|
@@ -310,6 +324,9 @@ module Aws::SSOAdmin
|
|
310
324
|
# When `true`, request parameters are validated before
|
311
325
|
# sending the request.
|
312
326
|
#
|
327
|
+
# @option options [Aws::SSOAdmin::EndpointProvider] :endpoint_provider
|
328
|
+
# The endpoint provider used to resolve endpoints. Any object that responds to `#resolve_endpoint(parameters)` where `parameters` is a Struct similar to `Aws::SSOAdmin::EndpointParameters`
|
329
|
+
#
|
313
330
|
# @option options [URI::HTTP,String] :http_proxy A proxy to send
|
314
331
|
# requests through. Formatted like 'http://proxy.com:123'.
|
315
332
|
#
|
@@ -365,16 +382,16 @@ module Aws::SSOAdmin
|
|
365
382
|
# PermissionSet.
|
366
383
|
#
|
367
384
|
# @option params [required, String] :instance_arn
|
368
|
-
# The ARN of the
|
369
|
-
#
|
385
|
+
# The ARN of the IAM Identity Center instance under which the operation
|
386
|
+
# will be executed.
|
370
387
|
#
|
371
388
|
# @option params [required, String] :permission_set_arn
|
372
389
|
# The ARN of the `PermissionSet`.
|
373
390
|
#
|
374
391
|
# @option params [required, Types::CustomerManagedPolicyReference] :customer_managed_policy_reference
|
375
392
|
# Specifies the name and path of a customer managed policy. You must
|
376
|
-
# have an IAM policy that matches the name and path in each
|
377
|
-
#
|
393
|
+
# have an IAM policy that matches the name and path in each AWS account
|
394
|
+
# where you want to deploy your permission set.
|
378
395
|
#
|
379
396
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
380
397
|
#
|
@@ -398,8 +415,7 @@ module Aws::SSOAdmin
|
|
398
415
|
req.send_request(options)
|
399
416
|
end
|
400
417
|
|
401
|
-
# Attaches an
|
402
|
-
# set.
|
418
|
+
# Attaches an AWS managed policy ARN to a permission set.
|
403
419
|
#
|
404
420
|
# <note markdown="1"> If the permission set is already referenced by one or more account
|
405
421
|
# assignments, you will need to call ` ProvisionPermissionSet ` after
|
@@ -409,19 +425,18 @@ module Aws::SSOAdmin
|
|
409
425
|
# </note>
|
410
426
|
#
|
411
427
|
# @option params [required, String] :instance_arn
|
412
|
-
# The ARN of the
|
413
|
-
#
|
414
|
-
#
|
428
|
+
# The ARN of the IAM Identity Center instance under which the operation
|
429
|
+
# will be executed. For more information about ARNs, see [Amazon
|
430
|
+
# Resource Names (ARNs) and AWS Service
|
415
431
|
# Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
|
416
|
-
# *
|
432
|
+
# *AWS General Reference*.
|
417
433
|
#
|
418
434
|
# @option params [required, String] :permission_set_arn
|
419
435
|
# The ARN of the PermissionSet that the managed policy should be
|
420
436
|
# attached to.
|
421
437
|
#
|
422
438
|
# @option params [required, String] :managed_policy_arn
|
423
|
-
# The
|
424
|
-
# permission set.
|
439
|
+
# The AWS managed policy ARN to be attached to a permission set.
|
425
440
|
#
|
426
441
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
427
442
|
#
|
@@ -442,21 +457,21 @@ module Aws::SSOAdmin
|
|
442
457
|
req.send_request(options)
|
443
458
|
end
|
444
459
|
|
445
|
-
# Assigns access to a principal for a specified
|
446
|
-
#
|
460
|
+
# Assigns access to a principal for a specified AWS account using a
|
461
|
+
# specified permission set.
|
447
462
|
#
|
448
463
|
# <note markdown="1"> The term *principal* here refers to a user or group that is defined in
|
449
|
-
#
|
464
|
+
# IAM Identity Center.
|
450
465
|
#
|
451
466
|
# </note>
|
452
467
|
#
|
453
468
|
# <note markdown="1"> As part of a successful `CreateAccountAssignment` call, the specified
|
454
469
|
# permission set will automatically be provisioned to the account in the
|
455
470
|
# form of an IAM policy. That policy is attached to the IAM role created
|
456
|
-
# in
|
457
|
-
#
|
458
|
-
#
|
459
|
-
#
|
471
|
+
# in IAM Identity Center. If the permission set is subsequently updated,
|
472
|
+
# the corresponding IAM policies attached to roles in your accounts will
|
473
|
+
# not be updated automatically. In this case, you must call `
|
474
|
+
# ProvisionPermissionSet ` to make these updates.
|
460
475
|
#
|
461
476
|
# </note>
|
462
477
|
#
|
@@ -467,15 +482,15 @@ module Aws::SSOAdmin
|
|
467
482
|
# </note>
|
468
483
|
#
|
469
484
|
# @option params [required, String] :instance_arn
|
470
|
-
# The ARN of the
|
471
|
-
#
|
472
|
-
#
|
485
|
+
# The ARN of the IAM Identity Center instance under which the operation
|
486
|
+
# will be executed. For more information about ARNs, see [Amazon
|
487
|
+
# Resource Names (ARNs) and AWS Service
|
473
488
|
# Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
|
474
|
-
# *
|
489
|
+
# *AWS General Reference*.
|
475
490
|
#
|
476
491
|
# @option params [required, String] :target_id
|
477
|
-
# TargetID is an
|
478
|
-
#
|
492
|
+
# TargetID is an AWS account identifier, typically a 10-12 digit string
|
493
|
+
# (For example, 123456789012).
|
479
494
|
#
|
480
495
|
# @option params [required, String] :target_type
|
481
496
|
# The entity type for which the assignment will be created.
|
@@ -488,11 +503,11 @@ module Aws::SSOAdmin
|
|
488
503
|
# The entity type for which the assignment will be created.
|
489
504
|
#
|
490
505
|
# @option params [required, String] :principal_id
|
491
|
-
# An identifier for an object in
|
492
|
-
#
|
506
|
+
# An identifier for an object in IAM Identity Center, such as a user or
|
507
|
+
# group. PrincipalIds are GUIDs (For example,
|
493
508
|
# f81d4fae-7dec-11d0-a765-00a0c91e6bf6). For more information about
|
494
|
-
# PrincipalIds in
|
495
|
-
#
|
509
|
+
# PrincipalIds in IAM Identity Center, see the [IAM Identity Center
|
510
|
+
# Identity Store API
|
496
511
|
# Reference](/singlesignon/latest/IdentityStoreAPIReference/welcome.html).
|
497
512
|
#
|
498
513
|
# @return [Types::CreateAccountAssignmentResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
@@ -532,11 +547,11 @@ module Aws::SSOAdmin
|
|
532
547
|
end
|
533
548
|
|
534
549
|
# Enables the attributes-based access control (ABAC) feature for the
|
535
|
-
# specified
|
550
|
+
# specified IAM Identity Center instance. You can also specify new
|
536
551
|
# attributes to add to your ABAC configuration during the enabling
|
537
552
|
# process. For more information about ABAC, see [Attribute-Based Access
|
538
|
-
# Control](/singlesignon/latest/userguide/abac.html) in the *
|
539
|
-
#
|
553
|
+
# Control](/singlesignon/latest/userguide/abac.html) in the *IAM
|
554
|
+
# Identity Center User Guide*.
|
540
555
|
#
|
541
556
|
# <note markdown="1"> After a successful response, call
|
542
557
|
# `DescribeInstanceAccessControlAttributeConfiguration` to validate that
|
@@ -545,18 +560,18 @@ module Aws::SSOAdmin
|
|
545
560
|
# </note>
|
546
561
|
#
|
547
562
|
# @option params [required, String] :instance_arn
|
548
|
-
# The ARN of the
|
549
|
-
#
|
563
|
+
# The ARN of the IAM Identity Center instance under which the operation
|
564
|
+
# will be executed.
|
550
565
|
#
|
551
566
|
# @option params [required, Types::InstanceAccessControlAttributeConfiguration] :instance_access_control_attribute_configuration
|
552
|
-
# Specifies the
|
553
|
-
#
|
554
|
-
#
|
567
|
+
# Specifies the IAM Identity Center identity store attributes to add to
|
568
|
+
# your ABAC configuration. When using an external identity provider as
|
569
|
+
# an identity source, you can pass attributes through the SAML
|
555
570
|
# assertion. Doing so provides an alternative to configuring attributes
|
556
|
-
# from the
|
557
|
-
# passes any of these attributes,
|
558
|
-
#
|
559
|
-
#
|
571
|
+
# from the IAM Identity Center identity store. If a SAML assertion
|
572
|
+
# passes any of these attributes, IAM Identity Center will replace the
|
573
|
+
# attribute value with the value from the IAM Identity Center identity
|
574
|
+
# store.
|
560
575
|
#
|
561
576
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
562
577
|
#
|
@@ -585,11 +600,11 @@ module Aws::SSOAdmin
|
|
585
600
|
req.send_request(options)
|
586
601
|
end
|
587
602
|
|
588
|
-
# Creates a permission set within a specified
|
603
|
+
# Creates a permission set within a specified IAM Identity Center
|
589
604
|
# instance.
|
590
605
|
#
|
591
|
-
# <note markdown="1"> To grant users and groups access to
|
592
|
-
#
|
606
|
+
# <note markdown="1"> To grant users and groups access to AWS account resources, use `
|
607
|
+
# CreateAccountAssignment `.
|
593
608
|
#
|
594
609
|
# </note>
|
595
610
|
#
|
@@ -600,11 +615,11 @@ module Aws::SSOAdmin
|
|
600
615
|
# The description of the PermissionSet.
|
601
616
|
#
|
602
617
|
# @option params [required, String] :instance_arn
|
603
|
-
# The ARN of the
|
604
|
-
#
|
605
|
-
#
|
618
|
+
# The ARN of the IAM Identity Center instance under which the operation
|
619
|
+
# will be executed. For more information about ARNs, see [Amazon
|
620
|
+
# Resource Names (ARNs) and AWS Service
|
606
621
|
# Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
|
607
|
-
# *
|
622
|
+
# *AWS General Reference*.
|
608
623
|
#
|
609
624
|
# @option params [String] :session_duration
|
610
625
|
# The length of time that the application user sessions are valid in the
|
@@ -655,8 +670,8 @@ module Aws::SSOAdmin
|
|
655
670
|
req.send_request(options)
|
656
671
|
end
|
657
672
|
|
658
|
-
# Deletes a principal's access from a specified
|
659
|
-
#
|
673
|
+
# Deletes a principal's access from a specified AWS account using a
|
674
|
+
# specified permission set.
|
660
675
|
#
|
661
676
|
# <note markdown="1"> After a successful response, call
|
662
677
|
# `DescribeAccountAssignmentCreationStatus` to describe the status of an
|
@@ -665,15 +680,15 @@ module Aws::SSOAdmin
|
|
665
680
|
# </note>
|
666
681
|
#
|
667
682
|
# @option params [required, String] :instance_arn
|
668
|
-
# The ARN of the
|
669
|
-
#
|
670
|
-
#
|
683
|
+
# The ARN of the IAM Identity Center instance under which the operation
|
684
|
+
# will be executed. For more information about ARNs, see [Amazon
|
685
|
+
# Resource Names (ARNs) and AWS Service
|
671
686
|
# Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
|
672
|
-
# *
|
687
|
+
# *AWS General Reference*.
|
673
688
|
#
|
674
689
|
# @option params [required, String] :target_id
|
675
|
-
# TargetID is an
|
676
|
-
#
|
690
|
+
# TargetID is an AWS account identifier, typically a 10-12 digit string
|
691
|
+
# (For example, 123456789012).
|
677
692
|
#
|
678
693
|
# @option params [required, String] :target_type
|
679
694
|
# The entity type for which the assignment will be deleted.
|
@@ -685,11 +700,11 @@ module Aws::SSOAdmin
|
|
685
700
|
# The entity type for which the assignment will be deleted.
|
686
701
|
#
|
687
702
|
# @option params [required, String] :principal_id
|
688
|
-
# An identifier for an object in
|
689
|
-
#
|
703
|
+
# An identifier for an object in IAM Identity Center, such as a user or
|
704
|
+
# group. PrincipalIds are GUIDs (For example,
|
690
705
|
# f81d4fae-7dec-11d0-a765-00a0c91e6bf6). For more information about
|
691
|
-
# PrincipalIds in
|
692
|
-
#
|
706
|
+
# PrincipalIds in IAM Identity Center, see the [IAM Identity Center
|
707
|
+
# Identity Store API
|
693
708
|
# Reference](/singlesignon/latest/IdentityStoreAPIReference/welcome.html).
|
694
709
|
#
|
695
710
|
# @return [Types::DeleteAccountAssignmentResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
@@ -731,11 +746,11 @@ module Aws::SSOAdmin
|
|
731
746
|
# Deletes the inline policy from a specified permission set.
|
732
747
|
#
|
733
748
|
# @option params [required, String] :instance_arn
|
734
|
-
# The ARN of the
|
735
|
-
#
|
736
|
-
#
|
749
|
+
# The ARN of the IAM Identity Center instance under which the operation
|
750
|
+
# will be executed. For more information about ARNs, see [Amazon
|
751
|
+
# Resource Names (ARNs) and AWS Service
|
737
752
|
# Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
|
738
|
-
# *
|
753
|
+
# *AWS General Reference*.
|
739
754
|
#
|
740
755
|
# @option params [required, String] :permission_set_arn
|
741
756
|
# The ARN of the permission set that will be used to remove access.
|
@@ -759,17 +774,17 @@ module Aws::SSOAdmin
|
|
759
774
|
end
|
760
775
|
|
761
776
|
# Disables the attributes-based access control (ABAC) feature for the
|
762
|
-
# specified
|
777
|
+
# specified IAM Identity Center instance and deletes all of the
|
763
778
|
# attribute mappings that have been configured. Once deleted, any
|
764
779
|
# attributes that are received from an identity source and any custom
|
765
780
|
# attributes you have previously configured will not be passed. For more
|
766
781
|
# information about ABAC, see [Attribute-Based Access
|
767
|
-
# Control](/singlesignon/latest/userguide/abac.html) in the *
|
768
|
-
#
|
782
|
+
# Control](/singlesignon/latest/userguide/abac.html) in the *IAM
|
783
|
+
# Identity Center User Guide*.
|
769
784
|
#
|
770
785
|
# @option params [required, String] :instance_arn
|
771
|
-
# The ARN of the
|
772
|
-
#
|
786
|
+
# The ARN of the IAM Identity Center instance under which the operation
|
787
|
+
# will be executed.
|
773
788
|
#
|
774
789
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
775
790
|
#
|
@@ -791,11 +806,11 @@ module Aws::SSOAdmin
|
|
791
806
|
# Deletes the specified permission set.
|
792
807
|
#
|
793
808
|
# @option params [required, String] :instance_arn
|
794
|
-
# The ARN of the
|
795
|
-
#
|
796
|
-
#
|
809
|
+
# The ARN of the IAM Identity Center instance under which the operation
|
810
|
+
# will be executed. For more information about ARNs, see [Amazon
|
811
|
+
# Resource Names (ARNs) and AWS Service
|
797
812
|
# Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
|
798
|
-
# *
|
813
|
+
# *AWS General Reference*.
|
799
814
|
#
|
800
815
|
# @option params [required, String] :permission_set_arn
|
801
816
|
# The ARN of the permission set that should be deleted.
|
@@ -821,8 +836,8 @@ module Aws::SSOAdmin
|
|
821
836
|
# Deletes the permissions boundary from a specified PermissionSet.
|
822
837
|
#
|
823
838
|
# @option params [required, String] :instance_arn
|
824
|
-
# The ARN of the
|
825
|
-
#
|
839
|
+
# The ARN of the IAM Identity Center instance under which the operation
|
840
|
+
# will be executed.
|
826
841
|
#
|
827
842
|
# @option params [required, String] :permission_set_arn
|
828
843
|
# The ARN of the `PermissionSet`.
|
@@ -848,11 +863,11 @@ module Aws::SSOAdmin
|
|
848
863
|
# Describes the status of the assignment creation request.
|
849
864
|
#
|
850
865
|
# @option params [required, String] :instance_arn
|
851
|
-
# The ARN of the
|
852
|
-
#
|
853
|
-
#
|
866
|
+
# The ARN of the IAM Identity Center instance under which the operation
|
867
|
+
# will be executed. For more information about ARNs, see [Amazon
|
868
|
+
# Resource Names (ARNs) and AWS Service
|
854
869
|
# Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
|
855
|
-
# *
|
870
|
+
# *AWS General Reference*.
|
856
871
|
#
|
857
872
|
# @option params [required, String] :account_assignment_creation_request_id
|
858
873
|
# The identifier that is used to track the request operation progress.
|
@@ -892,11 +907,11 @@ module Aws::SSOAdmin
|
|
892
907
|
# Describes the status of the assignment deletion request.
|
893
908
|
#
|
894
909
|
# @option params [required, String] :instance_arn
|
895
|
-
# The ARN of the
|
896
|
-
#
|
897
|
-
#
|
910
|
+
# The ARN of the IAM Identity Center instance under which the operation
|
911
|
+
# will be executed. For more information about ARNs, see [Amazon
|
912
|
+
# Resource Names (ARNs) and AWS Service
|
898
913
|
# Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
|
899
|
-
# *
|
914
|
+
# *AWS General Reference*.
|
900
915
|
#
|
901
916
|
# @option params [required, String] :account_assignment_deletion_request_id
|
902
917
|
# The identifier that is used to track the request operation progress.
|
@@ -933,17 +948,17 @@ module Aws::SSOAdmin
|
|
933
948
|
req.send_request(options)
|
934
949
|
end
|
935
950
|
|
936
|
-
# Returns the list of
|
937
|
-
#
|
938
|
-
# (ABAC) for the specified
|
939
|
-
#
|
951
|
+
# Returns the list of IAM Identity Center identity store attributes that
|
952
|
+
# have been configured to work with attributes-based access control
|
953
|
+
# (ABAC) for the specified IAM Identity Center instance. This will not
|
954
|
+
# return attributes configured and sent by an external identity
|
940
955
|
# provider. For more information about ABAC, see [Attribute-Based Access
|
941
|
-
# Control](/singlesignon/latest/userguide/abac.html) in the *
|
942
|
-
#
|
956
|
+
# Control](/singlesignon/latest/userguide/abac.html) in the *IAM
|
957
|
+
# Identity Center User Guide*.
|
943
958
|
#
|
944
959
|
# @option params [required, String] :instance_arn
|
945
|
-
# The ARN of the
|
946
|
-
#
|
960
|
+
# The ARN of the IAM Identity Center instance under which the operation
|
961
|
+
# will be executed.
|
947
962
|
#
|
948
963
|
# @return [Types::DescribeInstanceAccessControlAttributeConfigurationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
949
964
|
#
|
@@ -978,11 +993,11 @@ module Aws::SSOAdmin
|
|
978
993
|
# Gets the details of the permission set.
|
979
994
|
#
|
980
995
|
# @option params [required, String] :instance_arn
|
981
|
-
# The ARN of the
|
982
|
-
#
|
983
|
-
#
|
996
|
+
# The ARN of the IAM Identity Center instance under which the operation
|
997
|
+
# will be executed. For more information about ARNs, see [Amazon
|
998
|
+
# Resource Names (ARNs) and AWS Service
|
984
999
|
# Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
|
985
|
-
# *
|
1000
|
+
# *AWS General Reference*.
|
986
1001
|
#
|
987
1002
|
# @option params [required, String] :permission_set_arn
|
988
1003
|
# The ARN of the permission set.
|
@@ -1020,11 +1035,11 @@ module Aws::SSOAdmin
|
|
1020
1035
|
# request.
|
1021
1036
|
#
|
1022
1037
|
# @option params [required, String] :instance_arn
|
1023
|
-
# The ARN of the
|
1024
|
-
#
|
1025
|
-
#
|
1038
|
+
# The ARN of the IAM Identity Center instance under which the operation
|
1039
|
+
# will be executed. For more information about ARNs, see [Amazon
|
1040
|
+
# Resource Names (ARNs) and AWS Service
|
1026
1041
|
# Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
|
1027
|
-
# *
|
1042
|
+
# *AWS General Reference*.
|
1028
1043
|
#
|
1029
1044
|
# @option params [required, String] :provision_permission_set_request_id
|
1030
1045
|
# The identifier that is provided by the ProvisionPermissionSet call to
|
@@ -1063,16 +1078,16 @@ module Aws::SSOAdmin
|
|
1063
1078
|
# PermissionSet.
|
1064
1079
|
#
|
1065
1080
|
# @option params [required, String] :instance_arn
|
1066
|
-
# The ARN of the
|
1067
|
-
#
|
1081
|
+
# The ARN of the IAM Identity Center instance under which the operation
|
1082
|
+
# will be executed.
|
1068
1083
|
#
|
1069
1084
|
# @option params [required, String] :permission_set_arn
|
1070
1085
|
# The ARN of the `PermissionSet`.
|
1071
1086
|
#
|
1072
1087
|
# @option params [required, Types::CustomerManagedPolicyReference] :customer_managed_policy_reference
|
1073
1088
|
# Specifies the name and path of a customer managed policy. You must
|
1074
|
-
# have an IAM policy that matches the name and path in each
|
1075
|
-
#
|
1089
|
+
# have an IAM policy that matches the name and path in each AWS account
|
1090
|
+
# where you want to deploy your permission set.
|
1076
1091
|
#
|
1077
1092
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
1078
1093
|
#
|
@@ -1096,22 +1111,21 @@ module Aws::SSOAdmin
|
|
1096
1111
|
req.send_request(options)
|
1097
1112
|
end
|
1098
1113
|
|
1099
|
-
# Detaches the attached
|
1100
|
-
#
|
1114
|
+
# Detaches the attached AWS managed policy ARN from the specified
|
1115
|
+
# permission set.
|
1101
1116
|
#
|
1102
1117
|
# @option params [required, String] :instance_arn
|
1103
|
-
# The ARN of the
|
1104
|
-
#
|
1105
|
-
#
|
1118
|
+
# The ARN of the IAM Identity Center instance under which the operation
|
1119
|
+
# will be executed. For more information about ARNs, see [Amazon
|
1120
|
+
# Resource Names (ARNs) and AWS Service
|
1106
1121
|
# Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
|
1107
|
-
# *
|
1122
|
+
# *AWS General Reference*.
|
1108
1123
|
#
|
1109
1124
|
# @option params [required, String] :permission_set_arn
|
1110
1125
|
# The ARN of the PermissionSet from which the policy should be detached.
|
1111
1126
|
#
|
1112
1127
|
# @option params [required, String] :managed_policy_arn
|
1113
|
-
# The
|
1114
|
-
# permission set.
|
1128
|
+
# The AWS managed policy ARN to be detached from a permission set.
|
1115
1129
|
#
|
1116
1130
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
1117
1131
|
#
|
@@ -1135,11 +1149,11 @@ module Aws::SSOAdmin
|
|
1135
1149
|
# Obtains the inline policy assigned to the permission set.
|
1136
1150
|
#
|
1137
1151
|
# @option params [required, String] :instance_arn
|
1138
|
-
# The ARN of the
|
1139
|
-
#
|
1140
|
-
#
|
1152
|
+
# The ARN of the IAM Identity Center instance under which the operation
|
1153
|
+
# will be executed. For more information about ARNs, see [Amazon
|
1154
|
+
# Resource Names (ARNs) and AWS Service
|
1141
1155
|
# Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
|
1142
|
-
# *
|
1156
|
+
# *AWS General Reference*.
|
1143
1157
|
#
|
1144
1158
|
# @option params [required, String] :permission_set_arn
|
1145
1159
|
# The ARN of the permission set.
|
@@ -1171,8 +1185,8 @@ module Aws::SSOAdmin
|
|
1171
1185
|
# Obtains the permissions boundary for a specified PermissionSet.
|
1172
1186
|
#
|
1173
1187
|
# @option params [required, String] :instance_arn
|
1174
|
-
# The ARN of the
|
1175
|
-
#
|
1188
|
+
# The ARN of the IAM Identity Center instance under which the operation
|
1189
|
+
# will be executed.
|
1176
1190
|
#
|
1177
1191
|
# @option params [required, String] :permission_set_arn
|
1178
1192
|
# The ARN of the `PermissionSet`.
|
@@ -1203,15 +1217,15 @@ module Aws::SSOAdmin
|
|
1203
1217
|
req.send_request(options)
|
1204
1218
|
end
|
1205
1219
|
|
1206
|
-
# Lists the status of the
|
1207
|
-
#
|
1220
|
+
# Lists the status of the AWS account assignment creation requests for a
|
1221
|
+
# specified IAM Identity Center instance.
|
1208
1222
|
#
|
1209
1223
|
# @option params [required, String] :instance_arn
|
1210
|
-
# The ARN of the
|
1211
|
-
#
|
1212
|
-
#
|
1224
|
+
# The ARN of the IAM Identity Center instance under which the operation
|
1225
|
+
# will be executed. For more information about ARNs, see [Amazon
|
1226
|
+
# Resource Names (ARNs) and AWS Service
|
1213
1227
|
# Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
|
1214
|
-
# *
|
1228
|
+
# *AWS General Reference*.
|
1215
1229
|
#
|
1216
1230
|
# @option params [Integer] :max_results
|
1217
1231
|
# The maximum number of results to display for the assignment.
|
@@ -1258,15 +1272,15 @@ module Aws::SSOAdmin
|
|
1258
1272
|
req.send_request(options)
|
1259
1273
|
end
|
1260
1274
|
|
1261
|
-
# Lists the status of the
|
1262
|
-
#
|
1275
|
+
# Lists the status of the AWS account assignment deletion requests for a
|
1276
|
+
# specified IAM Identity Center instance.
|
1263
1277
|
#
|
1264
1278
|
# @option params [required, String] :instance_arn
|
1265
|
-
# The ARN of the
|
1266
|
-
#
|
1267
|
-
#
|
1279
|
+
# The ARN of the IAM Identity Center instance under which the operation
|
1280
|
+
# will be executed. For more information about ARNs, see [Amazon
|
1281
|
+
# Resource Names (ARNs) and AWS Service
|
1268
1282
|
# Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
|
1269
|
-
# *
|
1283
|
+
# *AWS General Reference*.
|
1270
1284
|
#
|
1271
1285
|
# @option params [Integer] :max_results
|
1272
1286
|
# The maximum number of results to display for the assignment.
|
@@ -1313,19 +1327,18 @@ module Aws::SSOAdmin
|
|
1313
1327
|
req.send_request(options)
|
1314
1328
|
end
|
1315
1329
|
|
1316
|
-
# Lists the assignee of the specified
|
1317
|
-
#
|
1330
|
+
# Lists the assignee of the specified AWS account with the specified
|
1331
|
+
# permission set.
|
1318
1332
|
#
|
1319
1333
|
# @option params [required, String] :instance_arn
|
1320
|
-
# The ARN of the
|
1321
|
-
#
|
1322
|
-
#
|
1334
|
+
# The ARN of the IAM Identity Center instance under which the operation
|
1335
|
+
# will be executed. For more information about ARNs, see [Amazon
|
1336
|
+
# Resource Names (ARNs) and AWS Service
|
1323
1337
|
# Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
|
1324
|
-
# *
|
1338
|
+
# *AWS General Reference*.
|
1325
1339
|
#
|
1326
1340
|
# @option params [required, String] :account_id
|
1327
|
-
# The identifier of the
|
1328
|
-
# the assignments.
|
1341
|
+
# The identifier of the AWS account from which to list the assignments.
|
1329
1342
|
#
|
1330
1343
|
# @option params [required, String] :permission_set_arn
|
1331
1344
|
# The ARN of the permission set from which to list assignments.
|
@@ -1372,23 +1385,22 @@ module Aws::SSOAdmin
|
|
1372
1385
|
req.send_request(options)
|
1373
1386
|
end
|
1374
1387
|
|
1375
|
-
# Lists all the
|
1376
|
-
#
|
1388
|
+
# Lists all the AWS accounts where the specified permission set is
|
1389
|
+
# provisioned.
|
1377
1390
|
#
|
1378
1391
|
# @option params [required, String] :instance_arn
|
1379
|
-
# The ARN of the
|
1380
|
-
#
|
1381
|
-
#
|
1392
|
+
# The ARN of the IAM Identity Center instance under which the operation
|
1393
|
+
# will be executed. For more information about ARNs, see [Amazon
|
1394
|
+
# Resource Names (ARNs) and AWS Service
|
1382
1395
|
# Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
|
1383
|
-
# *
|
1396
|
+
# *AWS General Reference*.
|
1384
1397
|
#
|
1385
1398
|
# @option params [required, String] :permission_set_arn
|
1386
|
-
# The ARN of the PermissionSet from which the associated
|
1387
|
-
#
|
1399
|
+
# The ARN of the PermissionSet from which the associated AWS accounts
|
1400
|
+
# will be listed.
|
1388
1401
|
#
|
1389
1402
|
# @option params [String] :provisioning_status
|
1390
|
-
# The permission set provisioning status for an
|
1391
|
-
# account.
|
1403
|
+
# The permission set provisioning status for an AWS account.
|
1392
1404
|
#
|
1393
1405
|
# @option params [Integer] :max_results
|
1394
1406
|
# The maximum number of results to display for the PermissionSet.
|
@@ -1433,8 +1445,8 @@ module Aws::SSOAdmin
|
|
1433
1445
|
# PermissionSet.
|
1434
1446
|
#
|
1435
1447
|
# @option params [required, String] :instance_arn
|
1436
|
-
# The ARN of the
|
1437
|
-
#
|
1448
|
+
# The ARN of the IAM Identity Center instance under which the operation
|
1449
|
+
# will be executed.
|
1438
1450
|
#
|
1439
1451
|
# @option params [required, String] :permission_set_arn
|
1440
1452
|
# The ARN of the `PermissionSet`.
|
@@ -1478,8 +1490,7 @@ module Aws::SSOAdmin
|
|
1478
1490
|
req.send_request(options)
|
1479
1491
|
end
|
1480
1492
|
|
1481
|
-
# Lists the
|
1482
|
-
# to.
|
1493
|
+
# Lists the IAM Identity Center instances that the caller has access to.
|
1483
1494
|
#
|
1484
1495
|
# @option params [Integer] :max_results
|
1485
1496
|
# The maximum number of results to display for the instance.
|
@@ -1518,15 +1529,15 @@ module Aws::SSOAdmin
|
|
1518
1529
|
req.send_request(options)
|
1519
1530
|
end
|
1520
1531
|
|
1521
|
-
# Lists the
|
1522
|
-
#
|
1532
|
+
# Lists the AWS managed policy that is attached to a specified
|
1533
|
+
# permission set.
|
1523
1534
|
#
|
1524
1535
|
# @option params [required, String] :instance_arn
|
1525
|
-
# The ARN of the
|
1526
|
-
#
|
1527
|
-
#
|
1536
|
+
# The ARN of the IAM Identity Center instance under which the operation
|
1537
|
+
# will be executed. For more information about ARNs, see [Amazon
|
1538
|
+
# Resource Names (ARNs) and AWS Service
|
1528
1539
|
# Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
|
1529
|
-
# *
|
1540
|
+
# *AWS General Reference*.
|
1530
1541
|
#
|
1531
1542
|
# @option params [required, String] :permission_set_arn
|
1532
1543
|
# The ARN of the PermissionSet whose managed policies will be listed.
|
@@ -1571,14 +1582,14 @@ module Aws::SSOAdmin
|
|
1571
1582
|
end
|
1572
1583
|
|
1573
1584
|
# Lists the status of the permission set provisioning requests for a
|
1574
|
-
# specified
|
1585
|
+
# specified IAM Identity Center instance.
|
1575
1586
|
#
|
1576
1587
|
# @option params [required, String] :instance_arn
|
1577
|
-
# The ARN of the
|
1578
|
-
#
|
1579
|
-
#
|
1588
|
+
# The ARN of the IAM Identity Center instance under which the operation
|
1589
|
+
# will be executed. For more information about ARNs, see [Amazon
|
1590
|
+
# Resource Names (ARNs) and AWS Service
|
1580
1591
|
# Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
|
1581
|
-
# *
|
1592
|
+
# *AWS General Reference*.
|
1582
1593
|
#
|
1583
1594
|
# @option params [Integer] :max_results
|
1584
1595
|
# The maximum number of results to display for the assignment.
|
@@ -1625,14 +1636,14 @@ module Aws::SSOAdmin
|
|
1625
1636
|
req.send_request(options)
|
1626
1637
|
end
|
1627
1638
|
|
1628
|
-
# Lists the PermissionSets in an
|
1639
|
+
# Lists the PermissionSets in an IAM Identity Center instance.
|
1629
1640
|
#
|
1630
1641
|
# @option params [required, String] :instance_arn
|
1631
|
-
# The ARN of the
|
1632
|
-
#
|
1633
|
-
#
|
1642
|
+
# The ARN of the IAM Identity Center instance under which the operation
|
1643
|
+
# will be executed. For more information about ARNs, see [Amazon
|
1644
|
+
# Resource Names (ARNs) and AWS Service
|
1634
1645
|
# Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
|
1635
|
-
# *
|
1646
|
+
# *AWS General Reference*.
|
1636
1647
|
#
|
1637
1648
|
# @option params [String] :next_token
|
1638
1649
|
# The pagination token for the list API. Initially the value is null.
|
@@ -1671,19 +1682,18 @@ module Aws::SSOAdmin
|
|
1671
1682
|
req.send_request(options)
|
1672
1683
|
end
|
1673
1684
|
|
1674
|
-
# Lists all the permission sets that are provisioned to a specified
|
1675
|
-
#
|
1685
|
+
# Lists all the permission sets that are provisioned to a specified AWS
|
1686
|
+
# account.
|
1676
1687
|
#
|
1677
1688
|
# @option params [required, String] :instance_arn
|
1678
|
-
# The ARN of the
|
1679
|
-
#
|
1680
|
-
#
|
1689
|
+
# The ARN of the IAM Identity Center instance under which the operation
|
1690
|
+
# will be executed. For more information about ARNs, see [Amazon
|
1691
|
+
# Resource Names (ARNs) and AWS Service
|
1681
1692
|
# Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
|
1682
|
-
# *
|
1693
|
+
# *AWS General Reference*.
|
1683
1694
|
#
|
1684
1695
|
# @option params [required, String] :account_id
|
1685
|
-
# The identifier of the
|
1686
|
-
# the assignments.
|
1696
|
+
# The identifier of the AWS account from which to list the assignments.
|
1687
1697
|
#
|
1688
1698
|
# @option params [String] :provisioning_status
|
1689
1699
|
# The status object for the permission set provisioning operation.
|
@@ -1730,11 +1740,11 @@ module Aws::SSOAdmin
|
|
1730
1740
|
# Lists the tags that are attached to a specified resource.
|
1731
1741
|
#
|
1732
1742
|
# @option params [required, String] :instance_arn
|
1733
|
-
# The ARN of the
|
1734
|
-
#
|
1735
|
-
#
|
1743
|
+
# The ARN of the IAM Identity Center instance under which the operation
|
1744
|
+
# will be executed. For more information about ARNs, see [Amazon
|
1745
|
+
# Resource Names (ARNs) and AWS Service
|
1736
1746
|
# Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
|
1737
|
-
# *
|
1747
|
+
# *AWS General Reference*.
|
1738
1748
|
#
|
1739
1749
|
# @option params [required, String] :resource_arn
|
1740
1750
|
# The ARN of the resource with the tags to be listed.
|
@@ -1778,18 +1788,18 @@ module Aws::SSOAdmin
|
|
1778
1788
|
# specified target.
|
1779
1789
|
#
|
1780
1790
|
# @option params [required, String] :instance_arn
|
1781
|
-
# The ARN of the
|
1782
|
-
#
|
1783
|
-
#
|
1791
|
+
# The ARN of the IAM Identity Center instance under which the operation
|
1792
|
+
# will be executed. For more information about ARNs, see [Amazon
|
1793
|
+
# Resource Names (ARNs) and AWS Service
|
1784
1794
|
# Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
|
1785
|
-
# *
|
1795
|
+
# *AWS General Reference*.
|
1786
1796
|
#
|
1787
1797
|
# @option params [required, String] :permission_set_arn
|
1788
1798
|
# The ARN of the permission set.
|
1789
1799
|
#
|
1790
1800
|
# @option params [String] :target_id
|
1791
|
-
# TargetID is an
|
1792
|
-
#
|
1801
|
+
# TargetID is an AWS account identifier, typically a 10-12 digit string
|
1802
|
+
# (For example, 123456789012).
|
1793
1803
|
#
|
1794
1804
|
# @option params [required, String] :target_type
|
1795
1805
|
# The entity type for which the assignment will be created.
|
@@ -1835,11 +1845,11 @@ module Aws::SSOAdmin
|
|
1835
1845
|
# </note>
|
1836
1846
|
#
|
1837
1847
|
# @option params [required, String] :instance_arn
|
1838
|
-
# The ARN of the
|
1839
|
-
#
|
1840
|
-
#
|
1848
|
+
# The ARN of the IAM Identity Center instance under which the operation
|
1849
|
+
# will be executed. For more information about ARNs, see [Amazon
|
1850
|
+
# Resource Names (ARNs) and AWS Service
|
1841
1851
|
# Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
|
1842
|
-
# *
|
1852
|
+
# *AWS General Reference*.
|
1843
1853
|
#
|
1844
1854
|
# @option params [required, String] :permission_set_arn
|
1845
1855
|
# The ARN of the permission set.
|
@@ -1866,12 +1876,12 @@ module Aws::SSOAdmin
|
|
1866
1876
|
req.send_request(options)
|
1867
1877
|
end
|
1868
1878
|
|
1869
|
-
# Attaches an
|
1870
|
-
#
|
1879
|
+
# Attaches an AWS managed or customer managed policy to the specified
|
1880
|
+
# PermissionSet as a permissions boundary.
|
1871
1881
|
#
|
1872
1882
|
# @option params [required, String] :instance_arn
|
1873
|
-
# The ARN of the
|
1874
|
-
#
|
1883
|
+
# The ARN of the IAM Identity Center instance under which the operation
|
1884
|
+
# will be executed.
|
1875
1885
|
#
|
1876
1886
|
# @option params [required, String] :permission_set_arn
|
1877
1887
|
# The ARN of the `PermissionSet`.
|
@@ -1907,11 +1917,11 @@ module Aws::SSOAdmin
|
|
1907
1917
|
# Associates a set of tags with a specified resource.
|
1908
1918
|
#
|
1909
1919
|
# @option params [required, String] :instance_arn
|
1910
|
-
# The ARN of the
|
1911
|
-
#
|
1912
|
-
#
|
1920
|
+
# The ARN of the IAM Identity Center instance under which the operation
|
1921
|
+
# will be executed. For more information about ARNs, see [Amazon
|
1922
|
+
# Resource Names (ARNs) and AWS Service
|
1913
1923
|
# Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
|
1914
|
-
# *
|
1924
|
+
# *AWS General Reference*.
|
1915
1925
|
#
|
1916
1926
|
# @option params [required, String] :resource_arn
|
1917
1927
|
# The ARN of the resource with the tags to be listed.
|
@@ -1946,11 +1956,11 @@ module Aws::SSOAdmin
|
|
1946
1956
|
# Disassociates a set of tags from a specified resource.
|
1947
1957
|
#
|
1948
1958
|
# @option params [required, String] :instance_arn
|
1949
|
-
# The ARN of the
|
1950
|
-
#
|
1951
|
-
#
|
1959
|
+
# The ARN of the IAM Identity Center instance under which the operation
|
1960
|
+
# will be executed. For more information about ARNs, see [Amazon
|
1961
|
+
# Resource Names (ARNs) and AWS Service
|
1952
1962
|
# Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
|
1953
|
-
# *
|
1963
|
+
# *AWS General Reference*.
|
1954
1964
|
#
|
1955
1965
|
# @option params [required, String] :resource_arn
|
1956
1966
|
# The ARN of the resource with the tags to be listed.
|
@@ -1977,21 +1987,21 @@ module Aws::SSOAdmin
|
|
1977
1987
|
req.send_request(options)
|
1978
1988
|
end
|
1979
1989
|
|
1980
|
-
# Updates the
|
1981
|
-
#
|
1982
|
-
#
|
1990
|
+
# Updates the IAM Identity Center identity store attributes that you can
|
1991
|
+
# use with the IAM Identity Center instance for attributes-based access
|
1992
|
+
# control (ABAC). When using an external identity provider as an
|
1983
1993
|
# identity source, you can pass attributes through the SAML assertion as
|
1984
|
-
# an alternative to configuring attributes from the
|
1985
|
-
#
|
1986
|
-
#
|
1987
|
-
# the
|
1988
|
-
#
|
1989
|
-
# Control](/singlesignon/latest/userguide/abac.html) in the *
|
1990
|
-
#
|
1994
|
+
# an alternative to configuring attributes from the IAM Identity Center
|
1995
|
+
# identity store. If a SAML assertion passes any of these attributes,
|
1996
|
+
# IAM Identity Center replaces the attribute value with the value from
|
1997
|
+
# the IAM Identity Center identity store. For more information about
|
1998
|
+
# ABAC, see [Attribute-Based Access
|
1999
|
+
# Control](/singlesignon/latest/userguide/abac.html) in the *IAM
|
2000
|
+
# Identity Center User Guide*.
|
1991
2001
|
#
|
1992
2002
|
# @option params [required, String] :instance_arn
|
1993
|
-
# The ARN of the
|
1994
|
-
#
|
2003
|
+
# The ARN of the IAM Identity Center instance under which the operation
|
2004
|
+
# will be executed.
|
1995
2005
|
#
|
1996
2006
|
# @option params [required, Types::InstanceAccessControlAttributeConfiguration] :instance_access_control_attribute_configuration
|
1997
2007
|
# Updates the attributes for your ABAC configuration.
|
@@ -2026,11 +2036,11 @@ module Aws::SSOAdmin
|
|
2026
2036
|
# Updates an existing permission set.
|
2027
2037
|
#
|
2028
2038
|
# @option params [required, String] :instance_arn
|
2029
|
-
# The ARN of the
|
2030
|
-
#
|
2031
|
-
#
|
2039
|
+
# The ARN of the IAM Identity Center instance under which the operation
|
2040
|
+
# will be executed. For more information about ARNs, see [Amazon
|
2041
|
+
# Resource Names (ARNs) and AWS Service
|
2032
2042
|
# Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
|
2033
|
-
# *
|
2043
|
+
# *AWS General Reference*.
|
2034
2044
|
#
|
2035
2045
|
# @option params [required, String] :permission_set_arn
|
2036
2046
|
# The ARN of the permission set.
|
@@ -2080,7 +2090,7 @@ module Aws::SSOAdmin
|
|
2080
2090
|
params: params,
|
2081
2091
|
config: config)
|
2082
2092
|
context[:gem_name] = 'aws-sdk-ssoadmin'
|
2083
|
-
context[:gem_version] = '1.
|
2093
|
+
context[:gem_version] = '1.21.0'
|
2084
2094
|
Seahorse::Client::Request.new(handlers, context)
|
2085
2095
|
end
|
2086
2096
|
|