2024/08/30 - Amazon DataZone - 11 new 7 updated api methods
Changes Amazon DataZone now adds new governance capabilities of Domain Units for organization within your Data Domains, and Authorization Policies for tighter controls.
Lists policy grants.
See also: AWS API Documentation
Request Syntax
client.list_policy_grants(
domainIdentifier='string',
entityIdentifier='string',
entityType='DOMAIN_UNIT'|'ENVIRONMENT_BLUEPRINT_CONFIGURATION'|'ENVIRONMENT_PROFILE',
maxResults=123,
nextToken='string',
policyType='CREATE_DOMAIN_UNIT'|'OVERRIDE_DOMAIN_UNIT_OWNERS'|'ADD_TO_PROJECT_MEMBER_POOL'|'OVERRIDE_PROJECT_OWNERS'|'CREATE_GLOSSARY'|'CREATE_FORM_TYPE'|'CREATE_ASSET_TYPE'|'CREATE_PROJECT'|'CREATE_ENVIRONMENT_PROFILE'|'DELEGATE_CREATE_ENVIRONMENT_PROFILE'|'CREATE_ENVIRONMENT'
)
string
[REQUIRED]
The ID of the domain where you want to list policy grants.
string
[REQUIRED]
The ID of the entity for which you want to list policy grants.
string
[REQUIRED]
The type of entity for which you want to list policy grants.
integer
The maximum number of grants to return in a single call to ListPolicyGrants . When the number of grants to be listed is greater than the value of MaxResults , the response contains a NextToken value that you can use in a subsequent call to ListPolicyGrants to list the next set of grants.
string
When the number of grants is greater than the default value for the MaxResults parameter, or if you explicitly specify a value for MaxResults that is less than the number of grants, the response includes a pagination token named NextToken . You can specify this NextToken value in a subsequent call to ListPolicyGrants to list the next set of grants.
string
[REQUIRED]
The type of policy that you want to list.
dict
Response Syntax
{
'grantList': [
{
'createdAt': datetime(2015, 1, 1),
'createdBy': 'string',
'detail': {
'addToProjectMemberPool': {
'includeChildDomainUnits': True|False
},
'createAssetType': {
'includeChildDomainUnits': True|False
},
'createDomainUnit': {
'includeChildDomainUnits': True|False
},
'createEnvironment': {},
'createEnvironmentProfile': {
'domainUnitId': 'string'
},
'createFormType': {
'includeChildDomainUnits': True|False
},
'createGlossary': {
'includeChildDomainUnits': True|False
},
'createProject': {
'includeChildDomainUnits': True|False
},
'delegateCreateEnvironmentProfile': {},
'overrideDomainUnitOwners': {
'includeChildDomainUnits': True|False
},
'overrideProjectOwners': {
'includeChildDomainUnits': True|False
}
},
'principal': {
'domainUnit': {
'domainUnitDesignation': 'OWNER',
'domainUnitGrantFilter': {
'allDomainUnitsGrantFilter': {}
},
'domainUnitIdentifier': 'string'
},
'group': {
'groupIdentifier': 'string'
},
'project': {
'projectDesignation': 'OWNER'|'CONTRIBUTOR',
'projectGrantFilter': {
'domainUnitFilter': {
'domainUnit': 'string',
'includeChildDomainUnits': True|False
}
},
'projectIdentifier': 'string'
},
'user': {
'allUsersGrantFilter': {},
'userIdentifier': 'string'
}
}
},
],
'nextToken': 'string'
}
Response Structure
(dict) --
grantList (list) --
The results of this action - the listed grants.
(dict) --
A member of the policy grant list.
createdAt (datetime) --
Specifies the timestamp at which policy grant member was created.
createdBy (string) --
Specifies the user who created the policy grant member.
detail (dict) --
The details of the policy grant member.
Note
This is a Tagged Union structure. Only one of the following top level keys will be set: addToProjectMemberPool, createAssetType, createDomainUnit, createEnvironment, createEnvironmentProfile, createFormType, createGlossary, createProject, delegateCreateEnvironmentProfile, overrideDomainUnitOwners, overrideProjectOwners. If a client receives an unknown member it will set SDK_UNKNOWN_MEMBER as the top level key, which maps to the name or tag of the unknown member. The structure of SDK_UNKNOWN_MEMBER is as follows:
'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}
addToProjectMemberPool (dict) --
Specifies that the policy grant is to be added to the members of the project.
includeChildDomainUnits (boolean) --
Specifies whether the policy grant is applied to child domain units.
createAssetType (dict) --
Specifies that this is a create asset type policy.
includeChildDomainUnits (boolean) --
Specifies whether the policy grant is applied to child domain units.
createDomainUnit (dict) --
Specifies that this is a create domain unit policy.
includeChildDomainUnits (boolean) --
Specifies whether the policy grant is applied to child domain units.
createEnvironment (dict) --
Specifies that this is a create environment policy.
createEnvironmentProfile (dict) --
Specifies that this is a create environment profile policy.
domainUnitId (string) --
The ID of the domain unit.
createFormType (dict) --
Specifies that this is a create form type policy.
includeChildDomainUnits (boolean) --
Specifies whether the policy grant is applied to child domain units.
createGlossary (dict) --
Specifies that this is a create glossary policy.
includeChildDomainUnits (boolean) --
Specifies whether the policy grant is applied to child domain units.
createProject (dict) --
Specifies that this is a create project policy.
includeChildDomainUnits (boolean) --
Specifies whether the policy grant is applied to child domain units.
delegateCreateEnvironmentProfile (dict) --
Specifies that this is the delegation of the create environment profile policy.
overrideDomainUnitOwners (dict) --
Specifies whether to override domain unit owners.
includeChildDomainUnits (boolean) --
Specifies whether the policy is inherited by child domain units.
overrideProjectOwners (dict) --
Specifies whether to override project owners.
includeChildDomainUnits (boolean) --
Specifies whether the policy is inherited by child domain units.
principal (dict) --
The principal of the policy grant member.
Note
This is a Tagged Union structure. Only one of the following top level keys will be set: domainUnit, group, project, user. If a client receives an unknown member it will set SDK_UNKNOWN_MEMBER as the top level key, which maps to the name or tag of the unknown member. The structure of SDK_UNKNOWN_MEMBER is as follows:
'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}
domainUnit (dict) --
The domain unit of the policy grant principal.
domainUnitDesignation (string) --
Specifes the designation of the domain unit users.
domainUnitGrantFilter (dict) --
The grant filter for the domain unit.
Note
This is a Tagged Union structure. Only one of the following top level keys will be set: allDomainUnitsGrantFilter. If a client receives an unknown member it will set SDK_UNKNOWN_MEMBER as the top level key, which maps to the name or tag of the unknown member. The structure of SDK_UNKNOWN_MEMBER is as follows:
'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}
allDomainUnitsGrantFilter (dict) --
Specifies a grant filter containing all domain units.
domainUnitIdentifier (string) --
The ID of the domain unit.
group (dict) --
The group of the policy grant principal.
Note
This is a Tagged Union structure. Only one of the following top level keys will be set: groupIdentifier. If a client receives an unknown member it will set SDK_UNKNOWN_MEMBER as the top level key, which maps to the name or tag of the unknown member. The structure of SDK_UNKNOWN_MEMBER is as follows:
'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}
groupIdentifier (string) --
The ID Of the group of the group principal.
project (dict) --
The project of the policy grant principal.
projectDesignation (string) --
The project designation of the project policy grant principal.
projectGrantFilter (dict) --
The project grant filter of the project policy grant principal.
Note
This is a Tagged Union structure. Only one of the following top level keys will be set: domainUnitFilter. If a client receives an unknown member it will set SDK_UNKNOWN_MEMBER as the top level key, which maps to the name or tag of the unknown member. The structure of SDK_UNKNOWN_MEMBER is as follows:
'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}
domainUnitFilter (dict) --
The domain unit filter of the project grant filter.
domainUnit (string) --
The domain unit ID to use in the filter.
includeChildDomainUnits (boolean) --
Specifies whether to include child domain units.
projectIdentifier (string) --
The project ID of the project policy grant principal.
user (dict) --
The user of the policy grant principal.
Note
This is a Tagged Union structure. Only one of the following top level keys will be set: allUsersGrantFilter, userIdentifier. If a client receives an unknown member it will set SDK_UNKNOWN_MEMBER as the top level key, which maps to the name or tag of the unknown member. The structure of SDK_UNKNOWN_MEMBER is as follows:
'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}
allUsersGrantFilter (dict) --
The all users grant filter of the user policy grant principal.
userIdentifier (string) --
The user ID of the user policy grant principal.
nextToken (string) --
When the number of grants is greater than the default value for the MaxResults parameter, or if you explicitly specify a value for MaxResults that is less than the number of grants, the response includes a pagination token named NextToken . You can specify this NextToken value in a subsequent call to ListPolicyGrants to list the next set of grants.
Deletes a domain unit.
See also: AWS API Documentation
Request Syntax
client.delete_domain_unit(
domainIdentifier='string',
identifier='string'
)
string
[REQUIRED]
The ID of the domain where you want to delete a domain unit.
string
[REQUIRED]
The ID of the domain unit that you want to delete.
dict
Response Syntax
{}
Response Structure
(dict) --
Adds a policy grant (an authorization policy) to a specified entity, including domain units, environment blueprint configurations, or environment profiles.
See also: AWS API Documentation
Request Syntax
client.add_policy_grant(
clientToken='string',
detail={
'addToProjectMemberPool': {
'includeChildDomainUnits': True|False
},
'createAssetType': {
'includeChildDomainUnits': True|False
},
'createDomainUnit': {
'includeChildDomainUnits': True|False
},
'createEnvironment': {}
,
'createEnvironmentProfile': {
'domainUnitId': 'string'
},
'createFormType': {
'includeChildDomainUnits': True|False
},
'createGlossary': {
'includeChildDomainUnits': True|False
},
'createProject': {
'includeChildDomainUnits': True|False
},
'delegateCreateEnvironmentProfile': {}
,
'overrideDomainUnitOwners': {
'includeChildDomainUnits': True|False
},
'overrideProjectOwners': {
'includeChildDomainUnits': True|False
}
},
domainIdentifier='string',
entityIdentifier='string',
entityType='DOMAIN_UNIT'|'ENVIRONMENT_BLUEPRINT_CONFIGURATION'|'ENVIRONMENT_PROFILE',
policyType='CREATE_DOMAIN_UNIT'|'OVERRIDE_DOMAIN_UNIT_OWNERS'|'ADD_TO_PROJECT_MEMBER_POOL'|'OVERRIDE_PROJECT_OWNERS'|'CREATE_GLOSSARY'|'CREATE_FORM_TYPE'|'CREATE_ASSET_TYPE'|'CREATE_PROJECT'|'CREATE_ENVIRONMENT_PROFILE'|'DELEGATE_CREATE_ENVIRONMENT_PROFILE'|'CREATE_ENVIRONMENT',
principal={
'domainUnit': {
'domainUnitDesignation': 'OWNER',
'domainUnitGrantFilter': {
'allDomainUnitsGrantFilter': {}
},
'domainUnitIdentifier': 'string'
},
'group': {
'groupIdentifier': 'string'
},
'project': {
'projectDesignation': 'OWNER'|'CONTRIBUTOR',
'projectGrantFilter': {
'domainUnitFilter': {
'domainUnit': 'string',
'includeChildDomainUnits': True|False
}
},
'projectIdentifier': 'string'
},
'user': {
'allUsersGrantFilter': {}
,
'userIdentifier': 'string'
}
}
)
string
A unique, case-sensitive identifier that is provided to ensure the idempotency of the request.
This field is autopopulated if not provided.
dict
[REQUIRED]
The details of the policy grant.
Note
This is a Tagged Union structure. Only one of the following top level keys can be set: addToProjectMemberPool, createAssetType, createDomainUnit, createEnvironment, createEnvironmentProfile, createFormType, createGlossary, createProject, delegateCreateEnvironmentProfile, overrideDomainUnitOwners, overrideProjectOwners.
addToProjectMemberPool (dict) --
Specifies that the policy grant is to be added to the members of the project.
includeChildDomainUnits (boolean) --
Specifies whether the policy grant is applied to child domain units.
createAssetType (dict) --
Specifies that this is a create asset type policy.
includeChildDomainUnits (boolean) --
Specifies whether the policy grant is applied to child domain units.
createDomainUnit (dict) --
Specifies that this is a create domain unit policy.
includeChildDomainUnits (boolean) --
Specifies whether the policy grant is applied to child domain units.
createEnvironment (dict) --
Specifies that this is a create environment policy.
createEnvironmentProfile (dict) --
Specifies that this is a create environment profile policy.
domainUnitId (string) --
The ID of the domain unit.
createFormType (dict) --
Specifies that this is a create form type policy.
includeChildDomainUnits (boolean) --
Specifies whether the policy grant is applied to child domain units.
createGlossary (dict) --
Specifies that this is a create glossary policy.
includeChildDomainUnits (boolean) --
Specifies whether the policy grant is applied to child domain units.
createProject (dict) --
Specifies that this is a create project policy.
includeChildDomainUnits (boolean) --
Specifies whether the policy grant is applied to child domain units.
delegateCreateEnvironmentProfile (dict) --
Specifies that this is the delegation of the create environment profile policy.
overrideDomainUnitOwners (dict) --
Specifies whether to override domain unit owners.
includeChildDomainUnits (boolean) --
Specifies whether the policy is inherited by child domain units.
overrideProjectOwners (dict) --
Specifies whether to override project owners.
includeChildDomainUnits (boolean) --
Specifies whether the policy is inherited by child domain units.
string
[REQUIRED]
The ID of the domain where you want to add a policy grant.
string
[REQUIRED]
The ID of the entity (resource) to which you want to add a policy grant.
string
[REQUIRED]
The type of entity (resource) to which the grant is added.
string
[REQUIRED]
The type of policy that you want to grant.
dict
[REQUIRED]
The principal to whom the permissions are granted.
Note
This is a Tagged Union structure. Only one of the following top level keys can be set: domainUnit, group, project, user.
domainUnit (dict) --
The domain unit of the policy grant principal.
domainUnitDesignation (string) -- [REQUIRED]
Specifes the designation of the domain unit users.
domainUnitGrantFilter (dict) --
The grant filter for the domain unit.
Note
This is a Tagged Union structure. Only one of the following top level keys can be set: allDomainUnitsGrantFilter.
allDomainUnitsGrantFilter (dict) --
Specifies a grant filter containing all domain units.
domainUnitIdentifier (string) --
The ID of the domain unit.
group (dict) --
The group of the policy grant principal.
Note
This is a Tagged Union structure. Only one of the following top level keys can be set: groupIdentifier.
groupIdentifier (string) --
The ID Of the group of the group principal.
project (dict) --
The project of the policy grant principal.
projectDesignation (string) -- [REQUIRED]
The project designation of the project policy grant principal.
projectGrantFilter (dict) --
The project grant filter of the project policy grant principal.
Note
This is a Tagged Union structure. Only one of the following top level keys can be set: domainUnitFilter.
domainUnitFilter (dict) --
The domain unit filter of the project grant filter.
domainUnit (string) -- [REQUIRED]
The domain unit ID to use in the filter.
includeChildDomainUnits (boolean) --
Specifies whether to include child domain units.
projectIdentifier (string) --
The project ID of the project policy grant principal.
user (dict) --
The user of the policy grant principal.
Note
This is a Tagged Union structure. Only one of the following top level keys can be set: allUsersGrantFilter, userIdentifier.
allUsersGrantFilter (dict) --
The all users grant filter of the user policy grant principal.
userIdentifier (string) --
The user ID of the user policy grant principal.
dict
Response Syntax
{}
Response Structure
(dict) --
Updates the domain unit.
See also: AWS API Documentation
Request Syntax
client.update_domain_unit(
description='string',
domainIdentifier='string',
identifier='string',
name='string'
)
string
The description of the domain unit that you want to update.
string
[REQUIRED]
The ID of the domain where you want to update a domain unit.
string
[REQUIRED]
The ID of the domain unit that you want to update.
string
The name of the domain unit that you want to update.
dict
Response Syntax
{
'createdAt': datetime(2015, 1, 1),
'createdBy': 'string',
'description': 'string',
'domainId': 'string',
'id': 'string',
'lastUpdatedAt': datetime(2015, 1, 1),
'lastUpdatedBy': 'string',
'name': 'string',
'owners': [
{
'group': {
'groupId': 'string'
},
'user': {
'userId': 'string'
}
},
],
'parentDomainUnitId': 'string'
}
Response Structure
(dict) --
createdAt (datetime) --
The time stamp at which the domain unit that you want to update was created.
createdBy (string) --
The user who created the domain unit that you want to update.
description (string) --
The description of the domain unit that you want to update.
domainId (string) --
The ID of the domain where you want to update the domain unit.
id (string) --
The ID of the domain unit that you want to update.
lastUpdatedAt (datetime) --
The timestamp at which the domain unit was last updated.
lastUpdatedBy (string) --
The user who last updated the domain unit.
name (string) --
The name of the domain unit that you want to update.
owners (list) --
The owners of the domain unit that you want to update.
(dict) --
The properties of the domain unit owner.
Note
This is a Tagged Union structure. Only one of the following top level keys will be set: group, user. If a client receives an unknown member it will set SDK_UNKNOWN_MEMBER as the top level key, which maps to the name or tag of the unknown member. The structure of SDK_UNKNOWN_MEMBER is as follows:
'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}
group (dict) --
Indicates that the domain unit owner is a group.
groupId (string) --
The ID of the domain unit group.
user (dict) --
Indicates that the domain unit owner is a user.
userId (string) --
The ID of teh domain unit user.
parentDomainUnitId (string) --
The ID of the parent domain unit.
Creates a domain unit in Amazon DataZone.
See also: AWS API Documentation
Request Syntax
client.create_domain_unit(
clientToken='string',
description='string',
domainIdentifier='string',
name='string',
parentDomainUnitIdentifier='string'
)
string
A unique, case-sensitive identifier that is provided to ensure the idempotency of the request.
This field is autopopulated if not provided.
string
The description of the domain unit.
string
[REQUIRED]
The ID of the domain where you want to crate a domain unit.
string
[REQUIRED]
The name of the domain unit.
string
[REQUIRED]
The ID of the parent domain unit.
dict
Response Syntax
{
'ancestorDomainUnitIds': [
'string',
],
'createdAt': datetime(2015, 1, 1),
'createdBy': 'string',
'description': 'string',
'domainId': 'string',
'id': 'string',
'name': 'string',
'owners': [
{
'group': {
'groupId': 'string'
},
'user': {
'userId': 'string'
}
},
],
'parentDomainUnitId': 'string'
}
Response Structure
(dict) --
ancestorDomainUnitIds (list) --
The IDs of the ancestor domain units.
(string) --
createdAt (datetime) --
The timestamp at which the domain unit was created.
createdBy (string) --
The user who created the domain unit.
description (string) --
The description of the domain unit.
domainId (string) --
The ID of the domain where the domain unit was created.
id (string) --
The ID of the domain unit.
name (string) --
The name of the domain unit.
owners (list) --
The owners of the domain unit.
(dict) --
The properties of the domain unit owner.
Note
This is a Tagged Union structure. Only one of the following top level keys will be set: group, user. If a client receives an unknown member it will set SDK_UNKNOWN_MEMBER as the top level key, which maps to the name or tag of the unknown member. The structure of SDK_UNKNOWN_MEMBER is as follows:
'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}
group (dict) --
Indicates that the domain unit owner is a group.
groupId (string) --
The ID of the domain unit group.
user (dict) --
Indicates that the domain unit owner is a user.
userId (string) --
The ID of teh domain unit user.
parentDomainUnitId (string) --
The ID of the parent domain unit.
Removes an owner from an entity.
See also: AWS API Documentation
Request Syntax
client.remove_entity_owner(
clientToken='string',
domainIdentifier='string',
entityIdentifier='string',
entityType='DOMAIN_UNIT',
owner={
'group': {
'groupIdentifier': 'string'
},
'user': {
'userIdentifier': 'string'
}
}
)
string
A unique, case-sensitive identifier that is provided to ensure the idempotency of the request.
This field is autopopulated if not provided.
string
[REQUIRED]
The ID of the domain where you want to remove an owner from an entity.
string
[REQUIRED]
The ID of the entity from which you want to remove an owner.
string
[REQUIRED]
The type of the entity from which you want to remove an owner.
dict
[REQUIRED]
The owner that you want to remove from an entity.
Note
This is a Tagged Union structure. Only one of the following top level keys can be set: group, user.
group (dict) --
Specifies that the domain unit owner is a group.
groupIdentifier (string) -- [REQUIRED]
The ID of the domain unit owners group.
user (dict) --
Specifies that the domain unit owner is a user.
userIdentifier (string) -- [REQUIRED]
The ID of the owner user.
dict
Response Syntax
{}
Response Structure
(dict) --
Removes a policy grant.
See also: AWS API Documentation
Request Syntax
client.remove_policy_grant(
clientToken='string',
domainIdentifier='string',
entityIdentifier='string',
entityType='DOMAIN_UNIT'|'ENVIRONMENT_BLUEPRINT_CONFIGURATION'|'ENVIRONMENT_PROFILE',
policyType='CREATE_DOMAIN_UNIT'|'OVERRIDE_DOMAIN_UNIT_OWNERS'|'ADD_TO_PROJECT_MEMBER_POOL'|'OVERRIDE_PROJECT_OWNERS'|'CREATE_GLOSSARY'|'CREATE_FORM_TYPE'|'CREATE_ASSET_TYPE'|'CREATE_PROJECT'|'CREATE_ENVIRONMENT_PROFILE'|'DELEGATE_CREATE_ENVIRONMENT_PROFILE'|'CREATE_ENVIRONMENT',
principal={
'domainUnit': {
'domainUnitDesignation': 'OWNER',
'domainUnitGrantFilter': {
'allDomainUnitsGrantFilter': {}
},
'domainUnitIdentifier': 'string'
},
'group': {
'groupIdentifier': 'string'
},
'project': {
'projectDesignation': 'OWNER'|'CONTRIBUTOR',
'projectGrantFilter': {
'domainUnitFilter': {
'domainUnit': 'string',
'includeChildDomainUnits': True|False
}
},
'projectIdentifier': 'string'
},
'user': {
'allUsersGrantFilter': {}
,
'userIdentifier': 'string'
}
}
)
string
A unique, case-sensitive identifier that is provided to ensure the idempotency of the request.
This field is autopopulated if not provided.
string
[REQUIRED]
The ID of the domain where you want to remove a policy grant.
string
[REQUIRED]
The ID of the entity from which you want to remove a policy grant.
string
[REQUIRED]
The type of the entity from which you want to remove a policy grant.
string
[REQUIRED]
The type of the policy that you want to remove.
dict
[REQUIRED]
The principal from which you want to remove a policy grant.
Note
This is a Tagged Union structure. Only one of the following top level keys can be set: domainUnit, group, project, user.
domainUnit (dict) --
The domain unit of the policy grant principal.
domainUnitDesignation (string) -- [REQUIRED]
Specifes the designation of the domain unit users.
domainUnitGrantFilter (dict) --
The grant filter for the domain unit.
Note
This is a Tagged Union structure. Only one of the following top level keys can be set: allDomainUnitsGrantFilter.
allDomainUnitsGrantFilter (dict) --
Specifies a grant filter containing all domain units.
domainUnitIdentifier (string) --
The ID of the domain unit.
group (dict) --
The group of the policy grant principal.
Note
This is a Tagged Union structure. Only one of the following top level keys can be set: groupIdentifier.
groupIdentifier (string) --
The ID Of the group of the group principal.
project (dict) --
The project of the policy grant principal.
projectDesignation (string) -- [REQUIRED]
The project designation of the project policy grant principal.
projectGrantFilter (dict) --
The project grant filter of the project policy grant principal.
Note
This is a Tagged Union structure. Only one of the following top level keys can be set: domainUnitFilter.
domainUnitFilter (dict) --
The domain unit filter of the project grant filter.
domainUnit (string) -- [REQUIRED]
The domain unit ID to use in the filter.
includeChildDomainUnits (boolean) --
Specifies whether to include child domain units.
projectIdentifier (string) --
The project ID of the project policy grant principal.
user (dict) --
The user of the policy grant principal.
Note
This is a Tagged Union structure. Only one of the following top level keys can be set: allUsersGrantFilter, userIdentifier.
allUsersGrantFilter (dict) --
The all users grant filter of the user policy grant principal.
userIdentifier (string) --
The user ID of the user policy grant principal.
dict
Response Syntax
{}
Response Structure
(dict) --
Gets the details of the specified domain unit.
See also: AWS API Documentation
Request Syntax
client.get_domain_unit(
domainIdentifier='string',
identifier='string'
)
string
[REQUIRED]
The ID of the domain where you want to get a domain unit.
string
[REQUIRED]
The identifier of the domain unit that you want to get.
dict
Response Syntax
{
'createdAt': datetime(2015, 1, 1),
'createdBy': 'string',
'description': 'string',
'domainId': 'string',
'id': 'string',
'lastUpdatedAt': datetime(2015, 1, 1),
'lastUpdatedBy': 'string',
'name': 'string',
'owners': [
{
'group': {
'groupId': 'string'
},
'user': {
'userId': 'string'
}
},
],
'parentDomainUnitId': 'string'
}
Response Structure
(dict) --
createdAt (datetime) --
The time stamp at which the domain unit was created.
createdBy (string) --
The user who created the domain unit.
description (string) --
The description of the domain unit.
domainId (string) --
The ID of the domain in which the domain unit lives.
id (string) --
The ID of the domain unit.
lastUpdatedAt (datetime) --
The timestamp at which the domain unit was last updated.
lastUpdatedBy (string) --
The user who last updated the domain unit.
name (string) --
The name of the domain unit.
owners (list) --
The owners of the domain unit.
(dict) --
The properties of the domain unit owner.
Note
This is a Tagged Union structure. Only one of the following top level keys will be set: group, user. If a client receives an unknown member it will set SDK_UNKNOWN_MEMBER as the top level key, which maps to the name or tag of the unknown member. The structure of SDK_UNKNOWN_MEMBER is as follows:
'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}
group (dict) --
Indicates that the domain unit owner is a group.
groupId (string) --
The ID of the domain unit group.
user (dict) --
Indicates that the domain unit owner is a user.
userId (string) --
The ID of teh domain unit user.
parentDomainUnitId (string) --
The ID of the parent domain unit.
Lists the entity (domain units) owners.
See also: AWS API Documentation
Request Syntax
client.list_entity_owners(
domainIdentifier='string',
entityIdentifier='string',
entityType='DOMAIN_UNIT',
maxResults=123,
nextToken='string'
)
string
[REQUIRED]
The ID of the domain where you want to list entity owners.
string
[REQUIRED]
The ID of the entity that you want to list.
string
[REQUIRED]
The type of the entity that you want to list.
integer
The maximum number of entities to return in a single call to ListEntityOwners . When the number of entities to be listed is greater than the value of MaxResults , the response contains a NextToken value that you can use in a subsequent call to ListEntityOwners to list the next set of entities.
string
When the number of entities is greater than the default value for the MaxResults parameter, or if you explicitly specify a value for MaxResults that is less than the number of entities, the response includes a pagination token named NextToken . You can specify this NextToken value in a subsequent call to ListEntityOwners to list the next set of entities.
dict
Response Syntax
{
'nextToken': 'string',
'owners': [
{
'group': {
'groupId': 'string'
},
'user': {
'userId': 'string'
}
},
]
}
Response Structure
(dict) --
nextToken (string) --
When the number of entities is greater than the default value for the MaxResults parameter, or if you explicitly specify a value for MaxResults that is less than the number of entities, the response includes a pagination token named NextToken . You can specify this NextToken value in a subsequent call to ListEntityOwners to list the next set of entities.
owners (list) --
The owners of the entity.
(dict) --
The ID of the domain unit owners group.
Note
This is a Tagged Union structure. Only one of the following top level keys will be set: group, user. If a client receives an unknown member it will set SDK_UNKNOWN_MEMBER as the top level key, which maps to the name or tag of the unknown member. The structure of SDK_UNKNOWN_MEMBER is as follows:
'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}
group (dict) --
Specifies that the domain unit owner is a group.
groupId (string) --
The ID of the domain unit owners group.
user (dict) --
Specifies that the domain unit owner is a user.
userId (string) --
The ID of the owner user.
Adds the owner of an entity (a domain unit).
See also: AWS API Documentation
Request Syntax
client.add_entity_owner(
clientToken='string',
domainIdentifier='string',
entityIdentifier='string',
entityType='DOMAIN_UNIT',
owner={
'group': {
'groupIdentifier': 'string'
},
'user': {
'userIdentifier': 'string'
}
}
)
string
A unique, case-sensitive identifier that is provided to ensure the idempotency of the request.
This field is autopopulated if not provided.
string
[REQUIRED]
The ID of the domain in which you want to add the entity owner.
string
[REQUIRED]
The ID of the entity to which you want to add an owner.
string
[REQUIRED]
The type of an entity.
dict
[REQUIRED]
The owner that you want to add to the entity.
Note
This is a Tagged Union structure. Only one of the following top level keys can be set: group, user.
group (dict) --
Specifies that the domain unit owner is a group.
groupIdentifier (string) -- [REQUIRED]
The ID of the domain unit owners group.
user (dict) --
Specifies that the domain unit owner is a user.
userIdentifier (string) -- [REQUIRED]
The ID of the owner user.
dict
Response Syntax
{}
Response Structure
(dict) --
Lists child domain units for the specified parent domain unit.
See also: AWS API Documentation
Request Syntax
client.list_domain_units_for_parent(
domainIdentifier='string',
maxResults=123,
nextToken='string',
parentDomainUnitIdentifier='string'
)
string
[REQUIRED]
The ID of the domain in which you want to list domain units for a parent domain unit.
integer
The maximum number of domain units to return in a single call to ListDomainUnitsForParent. When the number of domain units to be listed is greater than the value of MaxResults, the response contains a NextToken value that you can use in a subsequent call to ListDomainUnitsForParent to list the next set of domain units.
string
When the number of domain units is greater than the default value for the MaxResults parameter, or if you explicitly specify a value for MaxResults that is less than the number of domain units, the response includes a pagination token named NextToken. You can specify this NextToken value in a subsequent call to ListDomainUnitsForParent to list the next set of domain units.
string
[REQUIRED]
The ID of the parent domain unit.
dict
Response Syntax
{
'items': [
{
'id': 'string',
'name': 'string'
},
],
'nextToken': 'string'
}
Response Structure
(dict) --
items (list) --
The results returned by this action.
(dict) --
The summary of the domain unit.
id (string) --
The ID of the domain unit summary.
name (string) --
The name of the domain unit summary.
nextToken (string) --
When the number of domain units is greater than the default value for the MaxResults parameter, or if you explicitly specify a value for MaxResults that is less than the number of domain units, the response includes a pagination token named NextToken. You can specify this NextToken value in a subsequent call to ListDomainUnitsForParent to list the next set of domain units.
{'rootDomainUnitId': 'string'}
Creates an Amazon DataZone domain.
See also: AWS API Documentation
Request Syntax
client.create_domain(
clientToken='string',
description='string',
domainExecutionRole='string',
kmsKeyIdentifier='string',
name='string',
singleSignOn={
'type': 'IAM_IDC'|'DISABLED',
'userAssignment': 'AUTOMATIC'|'MANUAL'
},
tags={
'string': 'string'
}
)
string
A unique, case-sensitive identifier that is provided to ensure the idempotency of the request.
This field is autopopulated if not provided.
string
The description of the Amazon DataZone domain.
string
[REQUIRED]
The domain execution role that is created when an Amazon DataZone domain is created. The domain execution role is created in the Amazon Web Services account that houses the Amazon DataZone domain.
string
The identifier of the Amazon Web Services Key Management Service (KMS) key that is used to encrypt the Amazon DataZone domain, metadata, and reporting data.
string
[REQUIRED]
The name of the Amazon DataZone domain.
dict
The single-sign on configuration of the Amazon DataZone domain.
type (string) --
The type of single sign-on in Amazon DataZone.
userAssignment (string) --
The single sign-on user assignment in Amazon DataZone.
dict
The tags specified for the Amazon DataZone domain.
(string) --
(string) --
dict
Response Syntax
{
'arn': 'string',
'description': 'string',
'domainExecutionRole': 'string',
'id': 'string',
'kmsKeyIdentifier': 'string',
'name': 'string',
'portalUrl': 'string',
'rootDomainUnitId': 'string',
'singleSignOn': {
'type': 'IAM_IDC'|'DISABLED',
'userAssignment': 'AUTOMATIC'|'MANUAL'
},
'status': 'CREATING'|'AVAILABLE'|'CREATION_FAILED'|'DELETING'|'DELETED'|'DELETION_FAILED',
'tags': {
'string': 'string'
}
}
Response Structure
(dict) --
arn (string) --
The ARN of the Amazon DataZone domain.
description (string) --
The description of the Amazon DataZone domain.
domainExecutionRole (string) --
The domain execution role that is created when an Amazon DataZone domain is created. The domain execution role is created in the Amazon Web Services account that houses the Amazon DataZone domain.
id (string) --
The identifier of the Amazon DataZone domain.
kmsKeyIdentifier (string) --
The identifier of the Amazon Web Services Key Management Service (KMS) key that is used to encrypt the Amazon DataZone domain, metadata, and reporting data.
name (string) --
The name of the Amazon DataZone domain.
portalUrl (string) --
The URL of the data portal for this Amazon DataZone domain.
rootDomainUnitId (string) --
The ID of the root domain unit.
singleSignOn (dict) --
The single-sign on configuration of the Amazon DataZone domain.
type (string) --
The type of single sign-on in Amazon DataZone.
userAssignment (string) --
The single sign-on user assignment in Amazon DataZone.
status (string) --
The status of the Amazon DataZone domain.
tags (dict) --
The tags specified for the Amazon DataZone domain.
(string) --
(string) --
{'domainUnitId': 'string'}
Creates an Amazon DataZone project.
See also: AWS API Documentation
Request Syntax
client.create_project(
description='string',
domainIdentifier='string',
domainUnitId='string',
glossaryTerms=[
'string',
],
name='string'
)
string
The description of the Amazon DataZone project.
string
[REQUIRED]
The ID of the Amazon DataZone domain in which this project is created.
string
The ID of the domain unit. This parameter is not required and if it is not specified, then the project is created at the root domain unit level.
list
The glossary terms that can be used in this Amazon DataZone project.
(string) --
string
[REQUIRED]
The name of the Amazon DataZone project.
dict
Response Syntax
{
'createdAt': datetime(2015, 1, 1),
'createdBy': 'string',
'description': 'string',
'domainId': 'string',
'domainUnitId': 'string',
'failureReasons': [
{
'code': 'string',
'message': 'string'
},
],
'glossaryTerms': [
'string',
],
'id': 'string',
'lastUpdatedAt': datetime(2015, 1, 1),
'name': 'string',
'projectStatus': 'ACTIVE'|'DELETING'|'DELETE_FAILED'
}
Response Structure
(dict) --
createdAt (datetime) --
The timestamp of when the project was created.
createdBy (string) --
The Amazon DataZone user who created the project.
description (string) --
The description of the project.
domainId (string) --
The identifier of the Amazon DataZone domain in which the project was created.
domainUnitId (string) --
The ID of the domain unit.
failureReasons (list) --
Specifies the error message that is returned if the operation cannot be successfully completed.
(dict) --
Specifies the error message that is returned if the operation cannot be successfully completed.
code (string) --
The code of the project deletion error.
message (string) --
The message of the project deletion error.
glossaryTerms (list) --
The glossary terms that can be used in the project.
(string) --
id (string) --
The ID of the Amazon DataZone project.
lastUpdatedAt (datetime) --
The timestamp of when the project was last updated.
name (string) --
The name of the project.
projectStatus (string) --
The status of the Amazon DataZone project that was created.
{'rootDomainUnitId': 'string'}
Gets an Amazon DataZone domain.
See also: AWS API Documentation
Request Syntax
client.get_domain(
identifier='string'
)
string
[REQUIRED]
The identifier of the specified Amazon DataZone domain.
dict
Response Syntax
{
'arn': 'string',
'createdAt': datetime(2015, 1, 1),
'description': 'string',
'domainExecutionRole': 'string',
'id': 'string',
'kmsKeyIdentifier': 'string',
'lastUpdatedAt': datetime(2015, 1, 1),
'name': 'string',
'portalUrl': 'string',
'rootDomainUnitId': 'string',
'singleSignOn': {
'type': 'IAM_IDC'|'DISABLED',
'userAssignment': 'AUTOMATIC'|'MANUAL'
},
'status': 'CREATING'|'AVAILABLE'|'CREATION_FAILED'|'DELETING'|'DELETED'|'DELETION_FAILED',
'tags': {
'string': 'string'
}
}
Response Structure
(dict) --
arn (string) --
The ARN of the specified Amazon DataZone domain.
createdAt (datetime) --
The timestamp of when the Amazon DataZone domain was created.
description (string) --
The description of the Amazon DataZone domain.
domainExecutionRole (string) --
The domain execution role with which the Amazon DataZone domain is created.
id (string) --
The identifier of the specified Amazon DataZone domain.
kmsKeyIdentifier (string) --
The identifier of the Amazon Web Services Key Management Service (KMS) key that is used to encrypt the Amazon DataZone domain, metadata, and reporting data.
lastUpdatedAt (datetime) --
The timestamp of when the Amazon DataZone domain was last updated.
name (string) --
The name of the Amazon DataZone domain.
portalUrl (string) --
The URL of the data portal for this Amazon DataZone domain.
rootDomainUnitId (string) --
The ID of the root domain in Amazon Datazone.
singleSignOn (dict) --
The single sing-on option of the specified Amazon DataZone domain.
type (string) --
The type of single sign-on in Amazon DataZone.
userAssignment (string) --
The single sign-on user assignment in Amazon DataZone.
status (string) --
The status of the specified Amazon DataZone domain.
tags (dict) --
The tags specified for the Amazon DataZone domain.
(string) --
(string) --
{'domainUnitId': 'string'}
Gets a project in Amazon DataZone.
See also: AWS API Documentation
Request Syntax
client.get_project(
domainIdentifier='string',
identifier='string'
)
string
[REQUIRED]
The ID of the Amazon DataZone domain in which the project exists.
string
[REQUIRED]
The ID of the project.
dict
Response Syntax
{
'createdAt': datetime(2015, 1, 1),
'createdBy': 'string',
'description': 'string',
'domainId': 'string',
'domainUnitId': 'string',
'failureReasons': [
{
'code': 'string',
'message': 'string'
},
],
'glossaryTerms': [
'string',
],
'id': 'string',
'lastUpdatedAt': datetime(2015, 1, 1),
'name': 'string',
'projectStatus': 'ACTIVE'|'DELETING'|'DELETE_FAILED'
}
Response Structure
(dict) --
createdAt (datetime) --
The timestamp of when the project was created.
createdBy (string) --
The Amazon DataZone user who created the project.
description (string) --
The description of the project.
domainId (string) --
The ID of the Amazon DataZone domain in which the project exists.
domainUnitId (string) --
The ID of the domain unit.
failureReasons (list) --
Specifies the error message that is returned if the operation cannot be successfully completed.
(dict) --
Specifies the error message that is returned if the operation cannot be successfully completed.
code (string) --
The code of the project deletion error.
message (string) --
The message of the project deletion error.
glossaryTerms (list) --
The business glossary terms that can be used in the project.
(string) --
id (string) --
>The ID of the project.
lastUpdatedAt (datetime) --
The timestamp of when the project was last updated.
name (string) --
The name of the project.
projectStatus (string) --
The status of the project.
{'items': {'domainUnitId': 'string'}}
Lists Amazon DataZone projects.
See also: AWS API Documentation
Request Syntax
client.list_projects(
domainIdentifier='string',
groupIdentifier='string',
maxResults=123,
name='string',
nextToken='string',
userIdentifier='string'
)
string
[REQUIRED]
The identifier of the Amazon DataZone domain.
string
The identifier of a group.
integer
The maximum number of projects to return in a single call to ListProjects . When the number of projects to be listed is greater than the value of MaxResults , the response contains a NextToken value that you can use in a subsequent call to ListProjects to list the next set of projects.
string
The name of the project.
string
When the number of projects is greater than the default value for the MaxResults parameter, or if you explicitly specify a value for MaxResults that is less than the number of projects, the response includes a pagination token named NextToken . You can specify this NextToken value in a subsequent call to ListProjects to list the next set of projects.
string
The identifier of the Amazon DataZone user.
dict
Response Syntax
{
'items': [
{
'createdAt': datetime(2015, 1, 1),
'createdBy': 'string',
'description': 'string',
'domainId': 'string',
'domainUnitId': 'string',
'failureReasons': [
{
'code': 'string',
'message': 'string'
},
],
'id': 'string',
'name': 'string',
'projectStatus': 'ACTIVE'|'DELETING'|'DELETE_FAILED',
'updatedAt': datetime(2015, 1, 1)
},
],
'nextToken': 'string'
}
Response Structure
(dict) --
items (list) --
The results of the ListProjects action.
(dict) --
The details of a Amazon DataZone project.
createdAt (datetime) --
The timestamp of when a project was created.
createdBy (string) --
The Amazon DataZone user who created the project.
description (string) --
The description of a project.
domainId (string) --
The identifier of a Amazon DataZone domain where the project exists.
domainUnitId (string) --
The ID of the domain unit.
failureReasons (list) --
Specifies the error message that is returned if the operation cannot be successfully completed.
(dict) --
Specifies the error message that is returned if the operation cannot be successfully completed.
code (string) --
The code of the project deletion error.
message (string) --
The message of the project deletion error.
id (string) --
The identifier of a project.
name (string) --
The name of a project.
projectStatus (string) --
The status of the project.
updatedAt (datetime) --
The timestamp of when the project was updated.
nextToken (string) --
When the number of projects is greater than the default value for the MaxResults parameter, or if you explicitly specify a value for MaxResults that is less than the number of projects, the response includes a pagination token named NextToken . You can specify this NextToken value in a subsequent call to ListProjects to list the next set of projects.
{'rootDomainUnitId': 'string'}
Updates a Amazon DataZone domain.
See also: AWS API Documentation
Request Syntax
client.update_domain(
clientToken='string',
description='string',
domainExecutionRole='string',
identifier='string',
name='string',
singleSignOn={
'type': 'IAM_IDC'|'DISABLED',
'userAssignment': 'AUTOMATIC'|'MANUAL'
}
)
string
A unique, case-sensitive identifier that is provided to ensure the idempotency of the request.
This field is autopopulated if not provided.
string
The description to be updated as part of the UpdateDomain action.
string
The domain execution role to be updated as part of the UpdateDomain action.
string
[REQUIRED]
The ID of the Amazon Web Services domain that is to be updated.
string
The name to be updated as part of the UpdateDomain action.
dict
The single sign-on option to be updated as part of the UpdateDomain action.
type (string) --
The type of single sign-on in Amazon DataZone.
userAssignment (string) --
The single sign-on user assignment in Amazon DataZone.
dict
Response Syntax
{
'description': 'string',
'domainExecutionRole': 'string',
'id': 'string',
'lastUpdatedAt': datetime(2015, 1, 1),
'name': 'string',
'rootDomainUnitId': 'string',
'singleSignOn': {
'type': 'IAM_IDC'|'DISABLED',
'userAssignment': 'AUTOMATIC'|'MANUAL'
}
}
Response Structure
(dict) --
description (string) --
The description to be updated as part of the UpdateDomain action.
domainExecutionRole (string) --
The domain execution role to be updated as part of the UpdateDomain action.
id (string) --
The identifier of the Amazon DataZone domain.
lastUpdatedAt (datetime) --
Specifies the timestamp of when the domain was last updated.
name (string) --
The name to be updated as part of the UpdateDomain action.
rootDomainUnitId (string) --
The ID of the root domain unit.
singleSignOn (dict) --
The single sign-on option of the Amazon DataZone domain.
type (string) --
The type of single sign-on in Amazon DataZone.
userAssignment (string) --
The single sign-on user assignment in Amazon DataZone.
{'domainUnitId': 'string'}
Updates the specified project in Amazon DataZone.
See also: AWS API Documentation
Request Syntax
client.update_project(
description='string',
domainIdentifier='string',
glossaryTerms=[
'string',
],
identifier='string',
name='string'
)
string
The description to be updated as part of the UpdateProject action.
string
[REQUIRED]
The ID of the Amazon DataZone domain where a project is being updated.
list
The glossary terms to be updated as part of the UpdateProject action.
(string) --
string
[REQUIRED]
The identifier of the project that is to be updated.
string
The name to be updated as part of the UpdateProject action.
dict
Response Syntax
{
'createdAt': datetime(2015, 1, 1),
'createdBy': 'string',
'description': 'string',
'domainId': 'string',
'domainUnitId': 'string',
'failureReasons': [
{
'code': 'string',
'message': 'string'
},
],
'glossaryTerms': [
'string',
],
'id': 'string',
'lastUpdatedAt': datetime(2015, 1, 1),
'name': 'string',
'projectStatus': 'ACTIVE'|'DELETING'|'DELETE_FAILED'
}
Response Structure
(dict) --
createdAt (datetime) --
The timestamp of when the project was created.
createdBy (string) --
The Amazon DataZone user who created the project.
description (string) --
The description of the project that is to be updated.
domainId (string) --
The identifier of the Amazon DataZone domain in which a project is updated.
domainUnitId (string) --
The ID of the domain unit.
failureReasons (list) --
Specifies the error message that is returned if the operation cannot be successfully completed.
(dict) --
Specifies the error message that is returned if the operation cannot be successfully completed.
code (string) --
The code of the project deletion error.
message (string) --
The message of the project deletion error.
glossaryTerms (list) --
The glossary terms of the project that are to be updated.
(string) --
id (string) --
The identifier of the project that is to be updated.
lastUpdatedAt (datetime) --
The timestamp of when the project was last updated.
name (string) --
The name of the project that is to be updated.
projectStatus (string) --
The status of the project.