AWS Single Sign-On Admin

{'EncryptionConfigurationDetails': {'EncryptionStatus': 'UPDATING | ENABLED | '
                                                        'UPDATE_FAILED',
                                    'EncryptionStatusReason': 'string',
                                    'KeyType': 'AWS_OWNED_KMS_KEY | '
                                               'CUSTOMER_MANAGED_KEY',
                                    'KmsKeyArn': 'string'},
 'Status': {'CREATE_FAILED'},
 'StatusReason': 'string'}

Returns the details of an instance of IAM Identity Center. The status can be one of the following:

• CREATE_IN_PROGRESS - The instance is in the process of being created. When the instance is ready for use, DescribeInstance returns the status of ACTIVE. While the instance is in the CREATE_IN_PROGRESS state, you can call only DescribeInstance and DeleteInstance operations.

• DELETE_IN_PROGRESS - The instance is being deleted. Returns AccessDeniedException after the delete operation completes.

• ACTIVE - The instance is active.

See also: AWS API Documentation

Request Syntax

client.describe_instance(
    InstanceArn='string'
)

type InstanceArn:

string

param InstanceArn:

[REQUIRED]

The ARN of the instance of IAM Identity Center under which the operation will run.

rtype:

dict

returns:

Response Syntax

{
    'InstanceArn': 'string',
    'IdentityStoreId': 'string',
    'OwnerAccountId': 'string',
    'Name': 'string',
    'CreatedDate': datetime(2015, 1, 1),
    'Status': 'CREATE_IN_PROGRESS'|'CREATE_FAILED'|'DELETE_IN_PROGRESS'|'ACTIVE',
    'StatusReason': 'string',
    'EncryptionConfigurationDetails': {
        'KeyType': 'AWS_OWNED_KMS_KEY'|'CUSTOMER_MANAGED_KEY',
        'KmsKeyArn': 'string',
        'EncryptionStatus': 'UPDATING'|'ENABLED'|'UPDATE_FAILED',
        'EncryptionStatusReason': 'string'
    }
}

Response Structure

• (dict) --

  • InstanceArn (string) --

    The ARN of the instance of IAM Identity Center under which the operation will run. For more information about ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.

  • IdentityStoreId (string) --

    The identifier of the identity store that is connected to the instance of IAM Identity Center.

  • OwnerAccountId (string) --

    The identifier of the Amazon Web Services account for which the instance was created.

  • Name (string) --

    Specifies the instance name.

  • CreatedDate (datetime) --

    The date the instance was created.

  • Status (string) --

    The status of the instance.

  • StatusReason (string) --

    Provides additional context about the current status of the IAM Identity Center instance. This field is particularly useful when an instance is in a non-ACTIVE state, such as CREATE_FAILED. When an instance fails to create or update, this field contains information about the cause, which may include issues with KMS key configuration, permission problems with the specified KMS key, or service-related errors.

  • EncryptionConfigurationDetails (dict) --

    Contains the encryption configuration for your IAM Identity Center instance, including the encryption status, KMS key type, and KMS key ARN.

    • KeyType (string) --

      The type of KMS key used for encryption.

    • KmsKeyArn (string) --

      The ARN of the KMS key currently used to encrypt data in your IAM Identity Center instance.

    • EncryptionStatus (string) --

      The current status of encryption configuration.

    • EncryptionStatusReason (string) --

      Provides additional context about the current encryption status. This field is particularly useful when the encryption status is UPDATE_FAILED. When encryption configuration update fails, this field contains information about the cause, which may include KMS key access issues, key not found errors, invalid key configuration, key in an invalid state, or a disabled key.

{'Instances': {'Status': {'CREATE_FAILED'}, 'StatusReason': 'string'}}

Lists the details of the organization and account instances of IAM Identity Center that were created in or visible to the account calling this API.

See also: AWS API Documentation

Request Syntax

client.list_instances(
    MaxResults=123,
    NextToken='string'
)

type MaxResults:

integer

param MaxResults:

The maximum number of results to display for the instance.

type NextToken:

string

param NextToken:

The pagination token for the list API. Initially the value is null. Use the output of previous API calls to make subsequent calls.

rtype:

dict

returns:

Response Syntax

{
    'Instances': [
        {
            'InstanceArn': 'string',
            'IdentityStoreId': 'string',
            'OwnerAccountId': 'string',
            'Name': 'string',
            'CreatedDate': datetime(2015, 1, 1),
            'Status': 'CREATE_IN_PROGRESS'|'CREATE_FAILED'|'DELETE_IN_PROGRESS'|'ACTIVE',
            'StatusReason': 'string'
        },
    ],
    'NextToken': 'string'
}

Response Structure

• (dict) --

  • Instances (list) --

    Lists the IAM Identity Center instances that the caller has access to.

    • (dict) --

      Provides information about the IAM Identity Center instance.

      • InstanceArn (string) --

        The ARN of the Identity Center instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.

      • IdentityStoreId (string) --

        The identifier of the identity store that is connected to the Identity Center instance.

      • OwnerAccountId (string) --

        The Amazon Web Services account ID number of the owner of the Identity Center instance.

      • Name (string) --

        The name of the Identity Center instance.

      • CreatedDate (datetime) --

        The date and time that the Identity Center instance was created.

      • Status (string) --

        The current status of this Identity Center instance.

      • StatusReason (string) --

        Provides additional context about the current status of the IAM Identity Center instance. This field is particularly useful when an instance is in a non-ACTIVE state, such as CREATE_FAILED. When an instance creation fails, this field contains information about the cause, which may include issues with KMS key configuration or insufficient permissions.

  • NextToken (string) --

    The pagination token for the list API. Initially the value is null. Use the output of previous API calls to make subsequent calls.

{'EncryptionConfiguration': {'KeyType': 'AWS_OWNED_KMS_KEY | '
                                        'CUSTOMER_MANAGED_KEY',
                             'KmsKeyArn': 'string'}}

Update the details for the instance of IAM Identity Center that is owned by the Amazon Web Services account.

See also: AWS API Documentation

Request Syntax

client.update_instance(
    Name='string',
    InstanceArn='string',
    EncryptionConfiguration={
        'KeyType': 'AWS_OWNED_KMS_KEY'|'CUSTOMER_MANAGED_KEY',
        'KmsKeyArn': 'string'
    }
)

type Name:

string

param Name:

Updates the instance name.

type InstanceArn:

string

param InstanceArn:

[REQUIRED]

The ARN of the instance of IAM Identity Center under which the operation will run. For more information about ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.

type EncryptionConfiguration:

dict

param EncryptionConfiguration:

Specifies the encryption configuration for your IAM Identity Center instance. You can use this to configure customer managed KMS keys (CMK) or Amazon Web Services owned KMS keys for encrypting your instance data.

• KeyType (string) -- [REQUIRED]

  The type of KMS key used for encryption.

• KmsKeyArn (string) --

  The ARN of the KMS key used to encrypt data. Required when KeyType is CUSTOMER_MANAGED_KEY. Cannot be specified when KeyType is AWS_OWNED_KMS_KEY.

rtype:

dict

returns:

Response Syntax

{}

Response Structure

• (dict) --