AWS SSO Identity Store

2022/08/31 - AWS SSO Identity Store - 15 new4 updated api methods

Changes  Expand IdentityStore API to support Create, Read, Update, Delete and Get operations for User, Group and GroupMembership resources.

ListGroupMembershipsForMember (new) Link ¶

For the specified member in the specified identity store, returns the list of all GroupMembership objects and returns results in paginated form.

See also: AWS API Documentation

Request Syntax

client.list_group_memberships_for_member(
    IdentityStoreId='string',
    MemberId={
        'UserId': 'string'
    },
    MaxResults=123,
    NextToken='string'
)
type IdentityStoreId:

string

param IdentityStoreId:

[REQUIRED]

The globally unique identifier for the identity store.

type MemberId:

dict

param MemberId:

[REQUIRED]

An object that contains the identifier of a group member. Setting the UserID field to the specific identifier for a user indicates that the user is a member of the group.

  • UserId (string) --

    An object containing the identifiers of resources that can be members.

type MaxResults:

integer

param MaxResults:

The maximum number of results to be returned per request. This parameter is used in the ListUsers and ListGroups requests to specify how many results to return in one page. The length limit is 50 characters.

type NextToken:

string

param NextToken:

The pagination token used for the ListUsers, ListGroups and ListGroupMemberships API operations. This value is generated by the identity store service. It is returned in the API response if the total results are more than the size of one page. This token is also returned when it is used in the API request to search for the next page.

rtype:

dict

returns:

Response Syntax

{
    'GroupMemberships': [
        {
            'IdentityStoreId': 'string',
            'MembershipId': 'string',
            'GroupId': 'string',
            'MemberId': {
                'UserId': 'string'
            }
        },
    ],
    'NextToken': 'string'
}

Response Structure

  • (dict) --

    • GroupMemberships (list) --

      A list of GroupMembership objects in the group for a specified member.

      • (dict) --

        Contains the identifiers for a group, a group member, and a GroupMembership object in the identity store.

        • IdentityStoreId (string) --

          The globally unique identifier for the identity store.

        • MembershipId (string) --

          The identifier for a GroupMembership object in the identity store.

        • GroupId (string) --

          The identifier for a group in the identity store.

        • MemberId (dict) --

          An object that contains the identifier of a group member. Setting the UserID field to the specific identifier for a user indicates that the user is a member of the group.

          • UserId (string) --

            An object containing the identifiers of resources that can be members.

    • NextToken (string) --

      The pagination token used for the ListUsers, ListGroups and ListGroupMemberships API operations. This value is generated by the identity store service. It is returned in the API response if the total results are more than the size of one page. This token is also returned when it is used in the API request to search for the next page.

ListGroupMemberships (new) Link ¶

For the specified group in the specified identity store, returns the list of all GroupMembership objects and returns results in paginated form.

See also: AWS API Documentation

Request Syntax

client.list_group_memberships(
    IdentityStoreId='string',
    GroupId='string',
    MaxResults=123,
    NextToken='string'
)
type IdentityStoreId:

string

param IdentityStoreId:

[REQUIRED]

The globally unique identifier for the identity store.

type GroupId:

string

param GroupId:

[REQUIRED]

The identifier for a group in the identity store.

type MaxResults:

integer

param MaxResults:

The maximum number of results to be returned per request. This parameter is used in the ListUsers and ListGroups requests to specify how many results to return in one page. The length limit is 50 characters.

type NextToken:

string

param NextToken:

The pagination token used for the ListUsers, ListGroups and ListGroupMemberships API operations. This value is generated by the identity store service. It is returned in the API response if the total results are more than the size of one page. This token is also returned when it is used in the API request to search for the next page.

rtype:

dict

returns:

Response Syntax

{
    'GroupMemberships': [
        {
            'IdentityStoreId': 'string',
            'MembershipId': 'string',
            'GroupId': 'string',
            'MemberId': {
                'UserId': 'string'
            }
        },
    ],
    'NextToken': 'string'
}

Response Structure

  • (dict) --

    • GroupMemberships (list) --

      A list of GroupMembership objects in the group.

      • (dict) --

        Contains the identifiers for a group, a group member, and a GroupMembership object in the identity store.

        • IdentityStoreId (string) --

          The globally unique identifier for the identity store.

        • MembershipId (string) --

          The identifier for a GroupMembership object in the identity store.

        • GroupId (string) --

          The identifier for a group in the identity store.

        • MemberId (dict) --

          An object that contains the identifier of a group member. Setting the UserID field to the specific identifier for a user indicates that the user is a member of the group.

          • UserId (string) --

            An object containing the identifiers of resources that can be members.

    • NextToken (string) --

      The pagination token used for the ListUsers, ListGroups and ListGroupMemberships API operations. This value is generated by the identity store service. It is returned in the API response if the total results are more than the size of one page. This token is also returned when it is used in the API request to search for the next page.

DeleteGroupMembership (new) Link ¶

Delete a membership within a group given MembershipId.

See also: AWS API Documentation

Request Syntax

client.delete_group_membership(
    IdentityStoreId='string',
    MembershipId='string'
)
type IdentityStoreId:

string

param IdentityStoreId:

[REQUIRED]

The globally unique identifier for the identity store.

type MembershipId:

string

param MembershipId:

[REQUIRED]

The identifier for a GroupMembership in the identity store.

rtype:

dict

returns:

Response Syntax

{}

Response Structure

  • (dict) --

DeleteGroup (new) Link ¶

Delete a group within an identity store given GroupId.

See also: AWS API Documentation

Request Syntax

client.delete_group(
    IdentityStoreId='string',
    GroupId='string'
)
type IdentityStoreId:

string

param IdentityStoreId:

[REQUIRED]

The globally unique identifier for the identity store.

type GroupId:

string

param GroupId:

[REQUIRED]

The identifier for a group in the identity store.

rtype:

dict

returns:

Response Syntax

{}

Response Structure

  • (dict) --

CreateGroup (new) Link ¶

Creates a group within the specified identity store.

See also: AWS API Documentation

Request Syntax

client.create_group(
    IdentityStoreId='string',
    DisplayName='string',
    Description='string'
)
type IdentityStoreId:

string

param IdentityStoreId:

[REQUIRED]

The globally unique identifier for the identity store.

type DisplayName:

string

param DisplayName:

A string containing the name of the group. This value is commonly displayed when the group is referenced.

type Description:

string

param Description:

A string containing the description of the group.

rtype:

dict

returns:

Response Syntax

{
    'GroupId': 'string',
    'IdentityStoreId': 'string'
}

Response Structure

  • (dict) --

    • GroupId (string) --

      The identifier of the newly created group in the identity store.

    • IdentityStoreId (string) --

      The globally unique identifier for the identity store.

UpdateUser (new) Link ¶

For the specified user in the specified identity store, updates the user metadata and attributes.

See also: AWS API Documentation

Request Syntax

client.update_user(
    IdentityStoreId='string',
    UserId='string',
    Operations=[
        {
            'AttributePath': 'string',
            'AttributeValue': {...}|[...]|123|123.4|'string'|True|None
        },
    ]
)
type IdentityStoreId:

string

param IdentityStoreId:

[REQUIRED]

The globally unique identifier for the identity store.

type UserId:

string

param UserId:

[REQUIRED]

The identifier for a user in the identity store.

type Operations:

list

param Operations:

[REQUIRED]

A list of AttributeOperation objects to apply to the requested user. These operations might add, replace, or remove an attribute.

  • (dict) --

    An operation that applies to the requested group. This operation might add, replace, or remove an attribute.

    • AttributePath (string) -- [REQUIRED]

      A string representation of the path to a given attribute or sub-attribute. Supports JMESPath.

    • AttributeValue (:ref:`document<document>`) --

      The value of the attribute.

rtype:

dict

returns:

Response Syntax

{}

Response Structure

  • (dict) --

IsMemberInGroups (new) Link ¶

Returns if a member exists in specified groups.

See also: AWS API Documentation

Request Syntax

client.is_member_in_groups(
    IdentityStoreId='string',
    MemberId={
        'UserId': 'string'
    },
    GroupIds=[
        'string',
    ]
)
type IdentityStoreId:

string

param IdentityStoreId:

[REQUIRED]

The globally unique identifier for the identity store.

type MemberId:

dict

param MemberId:

[REQUIRED]

An object containing the identifier of a group member.

  • UserId (string) --

    An object containing the identifiers of resources that can be members.

type GroupIds:

list

param GroupIds:

[REQUIRED]

A list of identifiers for groups in the identity store.

  • (string) --

rtype:

dict

returns:

Response Syntax

{
    'Results': [
        {
            'GroupId': 'string',
            'MemberId': {
                'UserId': 'string'
            },
            'MembershipExists': True|False
        },
    ]
}

Response Structure

  • (dict) --

    • Results (list) --

      An object containing results of batch IsMemberInGroups call.

      • (dict) --

        Indicates whether a resource is a member of a group in the identity store.

        • GroupId (string) --

          The identifier for a group in the identity store.

        • MemberId (dict) --

          An object that contains the identifier of a group member. Setting the UserID field to the specific identifier for a user indicates that the user is a member of the group.

          • UserId (string) --

            An object containing the identifiers of resources that can be members.

        • MembershipExists (boolean) --

          Indicates whether a membership relation exists or not.

GetGroupMembershipId (new) Link ¶

Retrieves the MembershipId in a group.

See also: AWS API Documentation

Request Syntax

client.get_group_membership_id(
    IdentityStoreId='string',
    GroupId='string',
    MemberId={
        'UserId': 'string'
    }
)
type IdentityStoreId:

string

param IdentityStoreId:

[REQUIRED]

The globally unique identifier for the identity store.

type GroupId:

string

param GroupId:

[REQUIRED]

The identifier for a group in the identity store.

type MemberId:

dict

param MemberId:

[REQUIRED]

An object that contains the identifier of a group member. Setting the UserID field to the specific identifier for a user indicates that the user is a member of the group.

  • UserId (string) --

    An object containing the identifiers of resources that can be members.

rtype:

dict

returns:

Response Syntax

{
    'MembershipId': 'string',
    'IdentityStoreId': 'string'
}

Response Structure

  • (dict) --

    • MembershipId (string) --

      The identifier for a GroupMembership in the identity store.

    • IdentityStoreId (string) --

      The globally unique identifier for the identity store.

UpdateGroup (new) Link ¶

For the specified group in the specified identity store, updates the group metadata and attributes.

See also: AWS API Documentation

Request Syntax

client.update_group(
    IdentityStoreId='string',
    GroupId='string',
    Operations=[
        {
            'AttributePath': 'string',
            'AttributeValue': {...}|[...]|123|123.4|'string'|True|None
        },
    ]
)
type IdentityStoreId:

string

param IdentityStoreId:

[REQUIRED]

The globally unique identifier for the identity store.

type GroupId:

string

param GroupId:

[REQUIRED]

The identifier for a group in the identity store.

type Operations:

list

param Operations:

[REQUIRED]

A list of AttributeOperation objects to apply to the requested group. These operations might add, replace, or remove an attribute.

  • (dict) --

    An operation that applies to the requested group. This operation might add, replace, or remove an attribute.

    • AttributePath (string) -- [REQUIRED]

      A string representation of the path to a given attribute or sub-attribute. Supports JMESPath.

    • AttributeValue (:ref:`document<document>`) --

      The value of the attribute.

rtype:

dict

returns:

Response Syntax

{}

Response Structure

  • (dict) --

DeleteUser (new) Link ¶

Deletes a user within an identity store given UserId.

See also: AWS API Documentation

Request Syntax

client.delete_user(
    IdentityStoreId='string',
    UserId='string'
)
type IdentityStoreId:

string

param IdentityStoreId:

[REQUIRED]

The globally unique identifier for the identity store.

type UserId:

string

param UserId:

[REQUIRED]

The identifier for a user in the identity store.

rtype:

dict

returns:

Response Syntax

{}

Response Structure

  • (dict) --

GetGroupId (new) Link ¶

Retrieves GroupId in an identity store.

See also: AWS API Documentation

Request Syntax

client.get_group_id(
    IdentityStoreId='string',
    AlternateIdentifier={
        'ExternalId': {
            'Issuer': 'string',
            'Id': 'string'
        },
        'UniqueAttribute': {
            'AttributePath': 'string',
            'AttributeValue': {...}|[...]|123|123.4|'string'|True|None
        }
    }
)
type IdentityStoreId:

string

param IdentityStoreId:

[REQUIRED]

The globally unique identifier for the identity store.

type AlternateIdentifier:

dict

param AlternateIdentifier:

[REQUIRED]

A unique identifier for the group value that is not the group's primary identifier. This value can be an identifier from an external identity provider (IdP) that is associated with the group or a unique attribute. For example, a unique GroupDisplayName.

  • ExternalId (dict) --

    The identifier issued to this resource by an external identity provider.

    • Issuer (string) -- [REQUIRED]

      The issuer for an external identifier.

    • Id (string) -- [REQUIRED]

      The identifier issued to this resource by an external identity provider.

  • UniqueAttribute (dict) --

    An entity attribute that's unique to a specific entity.

    • AttributePath (string) -- [REQUIRED]

      A string representation of the path to a given attribute or sub-attribute. Supports JMESPath.

    • AttributeValue (:ref:`document<document>`) -- [REQUIRED]

      The value of the attribute.

rtype:

dict

returns:

Response Syntax

{
    'GroupId': 'string',
    'IdentityStoreId': 'string'
}

Response Structure

  • (dict) --

    • GroupId (string) --

      The identifier for a group in the identity store.

    • IdentityStoreId (string) --

      The globally unique identifier for the identity store.

GetUserId (new) Link ¶

Retrieves the UserId in an identity store.

See also: AWS API Documentation

Request Syntax

client.get_user_id(
    IdentityStoreId='string',
    AlternateIdentifier={
        'ExternalId': {
            'Issuer': 'string',
            'Id': 'string'
        },
        'UniqueAttribute': {
            'AttributePath': 'string',
            'AttributeValue': {...}|[...]|123|123.4|'string'|True|None
        }
    }
)
type IdentityStoreId:

string

param IdentityStoreId:

[REQUIRED]

The globally unique identifier for the identity store.

type AlternateIdentifier:

dict

param AlternateIdentifier:

[REQUIRED]

Any unique attribute associated with a user that is not the UserId.

  • ExternalId (dict) --

    The identifier issued to this resource by an external identity provider.

    • Issuer (string) -- [REQUIRED]

      The issuer for an external identifier.

    • Id (string) -- [REQUIRED]

      The identifier issued to this resource by an external identity provider.

  • UniqueAttribute (dict) --

    An entity attribute that's unique to a specific entity.

    • AttributePath (string) -- [REQUIRED]

      A string representation of the path to a given attribute or sub-attribute. Supports JMESPath.

    • AttributeValue (:ref:`document<document>`) -- [REQUIRED]

      The value of the attribute.

rtype:

dict

returns:

Response Syntax

{
    'UserId': 'string',
    'IdentityStoreId': 'string'
}

Response Structure

  • (dict) --

    • UserId (string) --

      The identifier for a user in the identity store.

    • IdentityStoreId (string) --

      The globally unique identifier for the identity store.

CreateGroupMembership (new) Link ¶

Creates a relationship between a member and a group. The following identifiers must be specified: GroupId, IdentityStoreId, and MemberId.

See also: AWS API Documentation

Request Syntax

client.create_group_membership(
    IdentityStoreId='string',
    GroupId='string',
    MemberId={
        'UserId': 'string'
    }
)
type IdentityStoreId:

string

param IdentityStoreId:

[REQUIRED]

The globally unique identifier for the identity store.

type GroupId:

string

param GroupId:

[REQUIRED]

The identifier for a group in the identity store.

type MemberId:

dict

param MemberId:

[REQUIRED]

An object that contains the identifier of a group member. Setting the UserID field to the specific identifier for a user indicates that the user is a member of the group.

  • UserId (string) --

    An object containing the identifiers of resources that can be members.

rtype:

dict

returns:

Response Syntax

{
    'MembershipId': 'string',
    'IdentityStoreId': 'string'
}

Response Structure

  • (dict) --

    • MembershipId (string) --

      The identifier for a GroupMembership in the identity store.

    • IdentityStoreId (string) --

      The globally unique identifier for the identity store.

CreateUser (new) Link ¶

Creates a new user within the specified identity store.

See also: AWS API Documentation

Request Syntax

client.create_user(
    IdentityStoreId='string',
    UserName='string',
    Name={
        'Formatted': 'string',
        'FamilyName': 'string',
        'GivenName': 'string',
        'MiddleName': 'string',
        'HonorificPrefix': 'string',
        'HonorificSuffix': 'string'
    },
    DisplayName='string',
    NickName='string',
    ProfileUrl='string',
    Emails=[
        {
            'Value': 'string',
            'Type': 'string',
            'Primary': True|False
        },
    ],
    Addresses=[
        {
            'StreetAddress': 'string',
            'Locality': 'string',
            'Region': 'string',
            'PostalCode': 'string',
            'Country': 'string',
            'Formatted': 'string',
            'Type': 'string',
            'Primary': True|False
        },
    ],
    PhoneNumbers=[
        {
            'Value': 'string',
            'Type': 'string',
            'Primary': True|False
        },
    ],
    UserType='string',
    Title='string',
    PreferredLanguage='string',
    Locale='string',
    Timezone='string'
)
type IdentityStoreId:

string

param IdentityStoreId:

[REQUIRED]

The globally unique identifier for the identity store.

type UserName:

string

param UserName:

A unique string used to identify the user. The length limit is 128 characters. This value can consist of letters, accented characters, symbols, numbers, and punctuation. The characters <>;:% are excluded. This value is specified at the time the user is created and stored as an attribute of the user object in the identity store.

type Name:

dict

param Name:

An object containing the user's name.

  • Formatted (string) --

    A string containing a formatted version of the name for display.

  • FamilyName (string) --

    The family name of the user.

  • GivenName (string) --

    The given name of the user.

  • MiddleName (string) --

    The middle name of the user.

  • HonorificPrefix (string) --

    The honorific prefix of the user. For example, "Dr."

  • HonorificSuffix (string) --

    The honorific suffix of the user. For example, "M.D."

type DisplayName:

string

param DisplayName:

A string containing the user's name. This value is typically formatted for display when the user is referenced. For example, "John Doe."

type NickName:

string

param NickName:

A string containing an alternate name for the user.

type ProfileUrl:

string

param ProfileUrl:

A string containing a URL that may be associated with the user.

type Emails:

list

param Emails:

A list of Email objects containing email addresses associated with the user.

  • (dict) --

    The email address associated with the user.

    • Value (string) --

      A string containing an email address. For example, "johndoe@amazon.com."

    • Type (string) --

      A string representing the type of address. For example, "Work."

    • Primary (boolean) --

      A boolean representing whether this is the primary email for the associated resource.

type Addresses:

list

param Addresses:

A list of Address objects containing addresses associated with the user.

  • (dict) --

    The address associated with the specified user.

    • StreetAddress (string) --

      The street of the address.

    • Locality (string) --

      A string of the address locality.

    • Region (string) --

      The region of the address.

    • PostalCode (string) --

      The postal code of the address.

    • Country (string) --

      The country of the address.

    • Formatted (string) --

      A string containing a formatted version of the address for display.

    • Type (string) --

      A string representing the type of address. For example, "Home."

    • Primary (boolean) --

      A boolean representing whether this is the primary address for the associated resource.

type PhoneNumbers:

list

param PhoneNumbers:

A list of PhoneNumber objects containing phone numbers associated with the user.

  • (dict) --

    The phone number associated with the user.

    • Value (string) --

      A string containing a phone number. For example, "8675309" or "+1 (800) 123-4567".

    • Type (string) --

      A string representing the type of a phone number. For example, "Mobile."

    • Primary (boolean) --

      A boolean representing whether this is the primary phone number for the associated resource.

type UserType:

string

param UserType:

A string indicating the user's type. Possible values depend on each customer's specific needs, so they are left unspecified.

type Title:

string

param Title:

A string containing the user's title. Possible values are left unspecified given that they depend on each customer's specific needs.

type PreferredLanguage:

string

param PreferredLanguage:

A string containing the preferred language of the user. For example, "American English" or "en-us."

type Locale:

string

param Locale:

A string containing the user's geographical region or location.

type Timezone:

string

param Timezone:

A string containing the user's time zone.

rtype:

dict

returns:

Response Syntax

{
    'UserId': 'string',
    'IdentityStoreId': 'string'
}

Response Structure

  • (dict) --

    • UserId (string) --

      The identifier of the newly created user in the identity store.

    • IdentityStoreId (string) --

      The globally unique identifier for the identity store.

DescribeGroupMembership (new) Link ¶

Retrieves membership metadata and attributes from MembershipId in a group.

See also: AWS API Documentation

Request Syntax

client.describe_group_membership(
    IdentityStoreId='string',
    MembershipId='string'
)
type IdentityStoreId:

string

param IdentityStoreId:

[REQUIRED]

The globally unique identifier for the identity store.

type MembershipId:

string

param MembershipId:

[REQUIRED]

The identifier for a GroupMembership in the identity store.

rtype:

dict

returns:

Response Syntax

{
    'IdentityStoreId': 'string',
    'MembershipId': 'string',
    'GroupId': 'string',
    'MemberId': {
        'UserId': 'string'
    }
}

Response Structure

  • (dict) --

    • IdentityStoreId (string) --

      The globally unique identifier for the identity store.

    • MembershipId (string) --

      The identifier for a GroupMembership in the identity store.

    • GroupId (string) --

      The identifier for a group in the identity store.

    • MemberId (dict) --

      An object containing the identifier of a group member.

      • UserId (string) --

        An object containing the identifiers of resources that can be members.

DescribeGroup (updated) Link ¶
Changes (response)
{'Description': 'string',
 'ExternalIds': [{'Id': 'string', 'Issuer': 'string'}],
 'IdentityStoreId': 'string'}

Retrieves the group metadata and attributes from GroupId in an identity store.

See also: AWS API Documentation

Request Syntax

client.describe_group(
    IdentityStoreId='string',
    GroupId='string'
)
type IdentityStoreId:

string

param IdentityStoreId:

[REQUIRED]

The globally unique identifier for the identity store, such as d-1234567890. In this example, d- is a fixed prefix, and 1234567890 is a randomly generated string that contains numbers and lower case letters. This value is generated at the time that a new identity store is created.

type GroupId:

string

param GroupId:

[REQUIRED]

The identifier for a group in the identity store.

rtype:

dict

returns:

Response Syntax

{
    'GroupId': 'string',
    'DisplayName': 'string',
    'ExternalIds': [
        {
            'Issuer': 'string',
            'Id': 'string'
        },
    ],
    'Description': 'string',
    'IdentityStoreId': 'string'
}

Response Structure

  • (dict) --

    • GroupId (string) --

      The identifier for a group in the identity store.

    • DisplayName (string) --

      The group’s display name value. The length limit is 1,024 characters. This value can consist of letters, accented characters, symbols, numbers, punctuation, tab, new line, carriage return, space, and nonbreaking space in this attribute. The characters <>;:% are excluded. This value is specified at the time that the group is created and stored as an attribute of the group object in the identity store.

    • ExternalIds (list) --

      A list of ExternalId objects that contains the identifiers issued to this resource by an external identity provider.

      • (dict) --

        The identifier issued to this resource by an external identity provider.

        • Issuer (string) --

          The issuer for an external identifier.

        • Id (string) --

          The identifier issued to this resource by an external identity provider.

    • Description (string) --

      A string containing a description of the group.

    • IdentityStoreId (string) --

      The globally unique identifier for the identity store.

DescribeUser (updated) Link ¶
Changes (response)
{'Addresses': [{'Country': 'string',
                'Formatted': 'string',
                'Locality': 'string',
                'PostalCode': 'string',
                'Primary': 'boolean',
                'Region': 'string',
                'StreetAddress': 'string',
                'Type': 'string'}],
 'DisplayName': 'string',
 'Emails': [{'Primary': 'boolean', 'Type': 'string', 'Value': 'string'}],
 'ExternalIds': [{'Id': 'string', 'Issuer': 'string'}],
 'IdentityStoreId': 'string',
 'Locale': 'string',
 'Name': {'FamilyName': 'string',
          'Formatted': 'string',
          'GivenName': 'string',
          'HonorificPrefix': 'string',
          'HonorificSuffix': 'string',
          'MiddleName': 'string'},
 'NickName': 'string',
 'PhoneNumbers': [{'Primary': 'boolean', 'Type': 'string', 'Value': 'string'}],
 'PreferredLanguage': 'string',
 'ProfileUrl': 'string',
 'Timezone': 'string',
 'Title': 'string',
 'UserType': 'string'}

Retrieves the user metadata and attributes from the UserId in an identity store.

See also: AWS API Documentation

Request Syntax

client.describe_user(
    IdentityStoreId='string',
    UserId='string'
)
type IdentityStoreId:

string

param IdentityStoreId:

[REQUIRED]

The globally unique identifier for the identity store, such as d-1234567890. In this example, d- is a fixed prefix, and 1234567890 is a randomly generated string that contains numbers and lower case letters. This value is generated at the time that a new identity store is created.

type UserId:

string

param UserId:

[REQUIRED]

The identifier for a user in the identity store.

rtype:

dict

returns:

Response Syntax

{
    'UserName': 'string',
    'UserId': 'string',
    'ExternalIds': [
        {
            'Issuer': 'string',
            'Id': 'string'
        },
    ],
    'Name': {
        'Formatted': 'string',
        'FamilyName': 'string',
        'GivenName': 'string',
        'MiddleName': 'string',
        'HonorificPrefix': 'string',
        'HonorificSuffix': 'string'
    },
    'DisplayName': 'string',
    'NickName': 'string',
    'ProfileUrl': 'string',
    'Emails': [
        {
            'Value': 'string',
            'Type': 'string',
            'Primary': True|False
        },
    ],
    'Addresses': [
        {
            'StreetAddress': 'string',
            'Locality': 'string',
            'Region': 'string',
            'PostalCode': 'string',
            'Country': 'string',
            'Formatted': 'string',
            'Type': 'string',
            'Primary': True|False
        },
    ],
    'PhoneNumbers': [
        {
            'Value': 'string',
            'Type': 'string',
            'Primary': True|False
        },
    ],
    'UserType': 'string',
    'Title': 'string',
    'PreferredLanguage': 'string',
    'Locale': 'string',
    'Timezone': 'string',
    'IdentityStoreId': 'string'
}

Response Structure

  • (dict) --

    • UserName (string) --

      The user’s username value. The length limit is 128 characters. This value can consist of letters, accented characters, symbols, numbers, and punctuation. The characters <>;:% are excluded. This value is specified at the time the user is created and stored as an attribute of the user object in the identity store.

    • UserId (string) --

      The identifier for a user in the identity store.

    • ExternalIds (list) --

      A list of ExternalId objects that contains the identifiers issued to this resource by an external identity provider.

      • (dict) --

        The identifier issued to this resource by an external identity provider.

        • Issuer (string) --

          The issuer for an external identifier.

        • Id (string) --

          The identifier issued to this resource by an external identity provider.

    • Name (dict) --

      The name of the user.

      • Formatted (string) --

        A string containing a formatted version of the name for display.

      • FamilyName (string) --

        The family name of the user.

      • GivenName (string) --

        The given name of the user.

      • MiddleName (string) --

        The middle name of the user.

      • HonorificPrefix (string) --

        The honorific prefix of the user. For example, "Dr."

      • HonorificSuffix (string) --

        The honorific suffix of the user. For example, "M.D."

    • DisplayName (string) --

      The user's name value for display.

    • NickName (string) --

      An alternative descriptive name for the user.

    • ProfileUrl (string) --

      A URL link for the user's profile.

    • Emails (list) --

      The user's email value.

      • (dict) --

        The email address associated with the user.

        • Value (string) --

          A string containing an email address. For example, "johndoe@amazon.com."

        • Type (string) --

          A string representing the type of address. For example, "Work."

        • Primary (boolean) --

          A boolean representing whether this is the primary email for the associated resource.

    • Addresses (list) --

      The user's physical address.

      • (dict) --

        The address associated with the specified user.

        • StreetAddress (string) --

          The street of the address.

        • Locality (string) --

          A string of the address locality.

        • Region (string) --

          The region of the address.

        • PostalCode (string) --

          The postal code of the address.

        • Country (string) --

          The country of the address.

        • Formatted (string) --

          A string containing a formatted version of the address for display.

        • Type (string) --

          A string representing the type of address. For example, "Home."

        • Primary (boolean) --

          A boolean representing whether this is the primary address for the associated resource.

    • PhoneNumbers (list) --

      A list of PhoneNumber objects associated with a user.

      • (dict) --

        The phone number associated with the user.

        • Value (string) --

          A string containing a phone number. For example, "8675309" or "+1 (800) 123-4567".

        • Type (string) --

          A string representing the type of a phone number. For example, "Mobile."

        • Primary (boolean) --

          A boolean representing whether this is the primary phone number for the associated resource.

    • UserType (string) --

      A string indicating the user's type.

    • Title (string) --

      A string containing the user's title.

    • PreferredLanguage (string) --

      The preferred language of the user.

    • Locale (string) --

      A string containing the user's geographical region or location.

    • Timezone (string) --

      The time zone for a user.

    • IdentityStoreId (string) --

      The globally unique identifier for the identity store.

ListGroups (updated) Link ¶
Changes (response)
{'Groups': {'Description': 'string',
            'ExternalIds': [{'Id': 'string', 'Issuer': 'string'}],
            'IdentityStoreId': 'string'}}

Filtering for a group by the group DisplayName attribute is deprecated. Instead, use the GetGroupId API action.

Lists all groups in the identity store. Returns a paginated list of complete Group objects.

See also: AWS API Documentation

Request Syntax

client.list_groups(
    IdentityStoreId='string',
    MaxResults=123,
    NextToken='string',
    Filters=[
        {
            'AttributePath': 'string',
            'AttributeValue': 'string'
        },
    ]
)
type IdentityStoreId:

string

param IdentityStoreId:

[REQUIRED]

The globally unique identifier for the identity store, such as d-1234567890. In this example, d- is a fixed prefix, and 1234567890 is a randomly generated string that contains numbers and lower case letters. This value is generated at the time that a new identity store is created.

type MaxResults:

integer

param MaxResults:

The maximum number of results to be returned per request. This parameter is used in the ListUsers and ListGroups requests to specify how many results to return in one page. The length limit is 50 characters.

type NextToken:

string

param NextToken:

The pagination token used for the ListUsers and ListGroups API operations. This value is generated by the identity store service. It is returned in the API response if the total results are more than the size of one page. This token is also returned when it is used in the API request to search for the next page.

type Filters:

list

param Filters:

A list of Filter objects that is used in the ListUsers and ListGroups requests.

  • (dict) --

    A query filter used by ListUsers and ListGroups. This filter object provides the attribute name and attribute value to search users or groups.

    • AttributePath (string) -- [REQUIRED]

      The attribute path that is used to specify which attribute name to search. Length limit is 255 characters. For example, UserName is a valid attribute path for the ListUsers API, and DisplayName is a valid attribute path for the ListGroups API.

    • AttributeValue (string) -- [REQUIRED]

      Represents the data for an attribute. Each attribute value is described as a name-value pair.

rtype:

dict

returns:

Response Syntax

{
    'Groups': [
        {
            'GroupId': 'string',
            'DisplayName': 'string',
            'ExternalIds': [
                {
                    'Issuer': 'string',
                    'Id': 'string'
                },
            ],
            'Description': 'string',
            'IdentityStoreId': 'string'
        },
    ],
    'NextToken': 'string'
}

Response Structure

  • (dict) --

    • Groups (list) --

      A list of Group objects in the identity store.

      • (dict) --

        A group object that contains a specified group’s metadata and attributes.

        • GroupId (string) --

          The identifier for a group in the identity store.

        • DisplayName (string) --

          The group’s display name value. The length limit is 1,024 characters. This value can consist of letters, accented characters, symbols, numbers, punctuation, tab, new line, carriage return, space, and nonbreaking space in this attribute. The characters <>;:% are excluded. This value is specified at the time the group is created and stored as an attribute of the group object in the identity store.

        • ExternalIds (list) --

          A list of ExternalId objects that contains the identifiers issued to this resource by an external identity provider.

          • (dict) --

            The identifier issued to this resource by an external identity provider.

            • Issuer (string) --

              The issuer for an external identifier.

            • Id (string) --

              The identifier issued to this resource by an external identity provider.

        • Description (string) --

          A string containing a description of the specified group.

        • IdentityStoreId (string) --

          The globally unique identifier for the identity store.

    • NextToken (string) --

      The pagination token used for the ListUsers and ListGroups API operations. This value is generated by the identity store service. It is returned in the API response if the total results are more than the size of one page. This token is also returned when it1 is used in the API request to search for the next page.

ListUsers (updated) Link ¶
Changes (response)
{'Users': {'Addresses': [{'Country': 'string',
                          'Formatted': 'string',
                          'Locality': 'string',
                          'PostalCode': 'string',
                          'Primary': 'boolean',
                          'Region': 'string',
                          'StreetAddress': 'string',
                          'Type': 'string'}],
           'DisplayName': 'string',
           'Emails': [{'Primary': 'boolean',
                       'Type': 'string',
                       'Value': 'string'}],
           'ExternalIds': [{'Id': 'string', 'Issuer': 'string'}],
           'IdentityStoreId': 'string',
           'Locale': 'string',
           'Name': {'FamilyName': 'string',
                    'Formatted': 'string',
                    'GivenName': 'string',
                    'HonorificPrefix': 'string',
                    'HonorificSuffix': 'string',
                    'MiddleName': 'string'},
           'NickName': 'string',
           'PhoneNumbers': [{'Primary': 'boolean',
                             'Type': 'string',
                             'Value': 'string'}],
           'PreferredLanguage': 'string',
           'ProfileUrl': 'string',
           'Timezone': 'string',
           'Title': 'string',
           'UserType': 'string'}}

Filtering for a user by the UserName attribute is deprecated. Instead, use the GetUserId API action.

Lists all users in the identity store. Returns a paginated list of complete User objects.

See also: AWS API Documentation

Request Syntax

client.list_users(
    IdentityStoreId='string',
    MaxResults=123,
    NextToken='string',
    Filters=[
        {
            'AttributePath': 'string',
            'AttributeValue': 'string'
        },
    ]
)
type IdentityStoreId:

string

param IdentityStoreId:

[REQUIRED]

The globally unique identifier for the identity store, such as d-1234567890. In this example, d- is a fixed prefix, and 1234567890 is a randomly generated string that contains numbers and lower case letters. This value is generated at the time that a new identity store is created.

type MaxResults:

integer

param MaxResults:

The maximum number of results to be returned per request. This parameter is used in the ListUsers and ListGroups requests to specify how many results to return in one page. The length limit is 50 characters.

type NextToken:

string

param NextToken:

The pagination token used for the ListUsers and ListGroups API operations. This value is generated by the identity store service. It is returned in the API response if the total results are more than the size of one page. This token is also returned when it is used in the API request to search for the next page.

type Filters:

list

param Filters:

A list of Filter objects that is used in the ListUsers and ListGroups requests.

  • (dict) --

    A query filter used by ListUsers and ListGroups. This filter object provides the attribute name and attribute value to search users or groups.

    • AttributePath (string) -- [REQUIRED]

      The attribute path that is used to specify which attribute name to search. Length limit is 255 characters. For example, UserName is a valid attribute path for the ListUsers API, and DisplayName is a valid attribute path for the ListGroups API.

    • AttributeValue (string) -- [REQUIRED]

      Represents the data for an attribute. Each attribute value is described as a name-value pair.

rtype:

dict

returns:

Response Syntax

{
    'Users': [
        {
            'UserName': 'string',
            'UserId': 'string',
            'ExternalIds': [
                {
                    'Issuer': 'string',
                    'Id': 'string'
                },
            ],
            'Name': {
                'Formatted': 'string',
                'FamilyName': 'string',
                'GivenName': 'string',
                'MiddleName': 'string',
                'HonorificPrefix': 'string',
                'HonorificSuffix': 'string'
            },
            'DisplayName': 'string',
            'NickName': 'string',
            'ProfileUrl': 'string',
            'Emails': [
                {
                    'Value': 'string',
                    'Type': 'string',
                    'Primary': True|False
                },
            ],
            'Addresses': [
                {
                    'StreetAddress': 'string',
                    'Locality': 'string',
                    'Region': 'string',
                    'PostalCode': 'string',
                    'Country': 'string',
                    'Formatted': 'string',
                    'Type': 'string',
                    'Primary': True|False
                },
            ],
            'PhoneNumbers': [
                {
                    'Value': 'string',
                    'Type': 'string',
                    'Primary': True|False
                },
            ],
            'UserType': 'string',
            'Title': 'string',
            'PreferredLanguage': 'string',
            'Locale': 'string',
            'Timezone': 'string',
            'IdentityStoreId': 'string'
        },
    ],
    'NextToken': 'string'
}

Response Structure

  • (dict) --

    • Users (list) --

      A list of User objects in the identity store.

      • (dict) --

        A user object that contains a specified user’s metadata and attributes.

        • UserName (string) --

          The user’s user name value. The length limit is 128 characters. This value can consist of letters, accented characters, symbols, numbers, and punctuation. The characters <>;:% are excluded. This value is specified at the time the user is created and stored as an attribute of the user object in the identity store.

        • UserId (string) --

          The identifier for a user in the identity store.

        • ExternalIds (list) --

          A list of ExternalId objects that contains the identifiers issued to this resource by an external identity provider.

          • (dict) --

            The identifier issued to this resource by an external identity provider.

            • Issuer (string) --

              The issuer for an external identifier.

            • Id (string) --

              The identifier issued to this resource by an external identity provider.

        • Name (dict) --

          An object containing the user's name.

          • Formatted (string) --

            A string containing a formatted version of the name for display.

          • FamilyName (string) --

            The family name of the user.

          • GivenName (string) --

            The given name of the user.

          • MiddleName (string) --

            The middle name of the user.

          • HonorificPrefix (string) --

            The honorific prefix of the user. For example, "Dr."

          • HonorificSuffix (string) --

            The honorific suffix of the user. For example, "M.D."

        • DisplayName (string) --

          A string containing the user's name that's formatted for display when the user is referenced. For example, "John Doe."

        • NickName (string) --

          A string containing an alternate name for the user.

        • ProfileUrl (string) --

          A string containing a URL that may be associated with the user.

        • Emails (list) --

          A list of Email objects containing email addresses associated with the user.

          • (dict) --

            The email address associated with the user.

            • Value (string) --

              A string containing an email address. For example, "johndoe@amazon.com."

            • Type (string) --

              A string representing the type of address. For example, "Work."

            • Primary (boolean) --

              A boolean representing whether this is the primary email for the associated resource.

        • Addresses (list) --

          A list of Address objects containing addresses associated with the user.

          • (dict) --

            The address associated with the specified user.

            • StreetAddress (string) --

              The street of the address.

            • Locality (string) --

              A string of the address locality.

            • Region (string) --

              The region of the address.

            • PostalCode (string) --

              The postal code of the address.

            • Country (string) --

              The country of the address.

            • Formatted (string) --

              A string containing a formatted version of the address for display.

            • Type (string) --

              A string representing the type of address. For example, "Home."

            • Primary (boolean) --

              A boolean representing whether this is the primary address for the associated resource.

        • PhoneNumbers (list) --

          A list of PhoneNumber objects containing phone numbers associated with the user.

          • (dict) --

            The phone number associated with the user.

            • Value (string) --

              A string containing a phone number. For example, "8675309" or "+1 (800) 123-4567".

            • Type (string) --

              A string representing the type of a phone number. For example, "Mobile."

            • Primary (boolean) --

              A boolean representing whether this is the primary phone number for the associated resource.

        • UserType (string) --

          A string indicating the user's type. Possible values depend on each customer's specific needs, so they are left unspecified.

        • Title (string) --

          A string containing the user's title. Possible values depend on each customer's specific needs, so they are left unspecified

        • PreferredLanguage (string) --

          A string containing the preferred language of the user. For example, "American English" or "en-us."

        • Locale (string) --

          A string containing the user's geographical region or location.

        • Timezone (string) --

          A string containing the user's time zone.

        • IdentityStoreId (string) --

          The globally unique identifier for the identity store.

    • NextToken (string) --

      The pagination token used for the ListUsers and ListGroups API operations. This value is generated by the identity store service. It is returned in the API response if the total results are more than the size of one page. This token is also returned when it is used in the API request to search for the next page.