AWS Single Sign-On Admin

2020/09/10 - AWS Single Sign-On Admin - 27 new api methods

Changes  Update sso-admin client to latest version

ListAccountAssignmentDeletionStatus (new) Link ¶

Lists the status of the AWS account assignment deletion requests for a specified SSO instance.

See also: AWS API Documentation

Request Syntax

client.list_account_assignment_deletion_status(
    InstanceArn='string',
    MaxResults=123,
    NextToken='string',
    Filter={
        'Status': 'IN_PROGRESS'|'FAILED'|'SUCCEEDED'
    }
)
type InstanceArn:

string

param InstanceArn:

[REQUIRED]

The ARN of the SSO instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.

type MaxResults:

integer

param MaxResults:

The maximum number of results to display for the assignment.

type NextToken:

string

param NextToken:

The pagination token for the list API. Initially the value is null. Use the output of previous API calls to make subsequent calls.

type Filter:

dict

param Filter:

Filters results based on the passed attribute value.

  • Status (string) --

    Filters the list operations result based on the status attribute.

rtype:

dict

returns:

Response Syntax

{
    'AccountAssignmentsDeletionStatus': [
        {
            'Status': 'IN_PROGRESS'|'FAILED'|'SUCCEEDED',
            'RequestId': 'string',
            'CreatedDate': datetime(2015, 1, 1)
        },
    ],
    'NextToken': 'string'
}

Response Structure

  • (dict) --

    • AccountAssignmentsDeletionStatus (list) --

      The status object for the account assignment deletion operation.

      • (dict) --

        Provides information about the AccountAssignment creation request.

        • Status (string) --

          The status of the permission set provisioning process.

        • RequestId (string) --

          The identifier for tracking the request operation that is generated by the universally unique identifier (UUID) workflow.

        • CreatedDate (datetime) --

          The date that the permission set was created.

    • NextToken (string) --

      The pagination token for the list API. Initially the value is null. Use the output of previous API calls to make subsequent calls.

ListPermissionSetsProvisionedToAccount (new) Link ¶

Lists all the permission sets that are provisioned to a specified AWS account.

See also: AWS API Documentation

Request Syntax

client.list_permission_sets_provisioned_to_account(
    InstanceArn='string',
    AccountId='string',
    ProvisioningStatus='LATEST_PERMISSION_SET_PROVISIONED'|'LATEST_PERMISSION_SET_NOT_PROVISIONED',
    MaxResults=123,
    NextToken='string'
)
type InstanceArn:

string

param InstanceArn:

[REQUIRED]

The ARN of the SSO instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.

type AccountId:

string

param AccountId:

[REQUIRED]

The identifier of the AWS account from which to list the assignments.

type ProvisioningStatus:

string

param ProvisioningStatus:

The status object for the permission set provisioning operation.

type MaxResults:

integer

param MaxResults:

The maximum number of results to display for the assignment.

type NextToken:

string

param NextToken:

The pagination token for the list API. Initially the value is null. Use the output of previous API calls to make subsequent calls.

rtype:

dict

returns:

Response Syntax

{
    'NextToken': 'string',
    'PermissionSets': [
        'string',
    ]
}

Response Structure

  • (dict) --

    • NextToken (string) --

      The pagination token for the list API. Initially the value is null. Use the output of previous API calls to make subsequent calls.

    • PermissionSets (list) --

      Defines the level of access that an AWS account has.

      • (string) --

DeletePermissionSet (new) Link ¶

Deletes the specified permission set.

See also: AWS API Documentation

Request Syntax

client.delete_permission_set(
    InstanceArn='string',
    PermissionSetArn='string'
)
type InstanceArn:

string

param InstanceArn:

[REQUIRED]

The ARN of the SSO instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.

type PermissionSetArn:

string

param PermissionSetArn:

[REQUIRED]

The ARN of the permission set that should be deleted.

rtype:

dict

returns:

Response Syntax

{}

Response Structure

  • (dict) --

UntagResource (new) Link ¶

Disassociates a set of tags from a specified resource.

See also: AWS API Documentation

Request Syntax

client.untag_resource(
    InstanceArn='string',
    ResourceArn='string',
    TagKeys=[
        'string',
    ]
)
type InstanceArn:

string

param InstanceArn:

[REQUIRED]

The ARN of the SSO instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.

type ResourceArn:

string

param ResourceArn:

[REQUIRED]

The ARN of the resource with the tags to be listed.

type TagKeys:

list

param TagKeys:

[REQUIRED]

The keys of tags that are attached to the resource.

  • (string) --

rtype:

dict

returns:

Response Syntax

{}

Response Structure

  • (dict) --

AttachManagedPolicyToPermissionSet (new) Link ¶

Attaches an IAM managed policy ARN to a permission set.

See also: AWS API Documentation

Request Syntax

client.attach_managed_policy_to_permission_set(
    InstanceArn='string',
    PermissionSetArn='string',
    ManagedPolicyArn='string'
)
type InstanceArn:

string

param InstanceArn:

[REQUIRED]

The ARN of the SSO instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.

type PermissionSetArn:

string

param PermissionSetArn:

[REQUIRED]

The ARN of the PermissionSet that the managed policy should be attached to.

type ManagedPolicyArn:

string

param ManagedPolicyArn:

[REQUIRED]

The IAM managed policy ARN to be attached to a permission set.

rtype:

dict

returns:

Response Syntax

{}

Response Structure

  • (dict) --

PutInlinePolicyToPermissionSet (new) Link ¶

Attaches an IAM inline policy to a permission set.

See also: AWS API Documentation

Request Syntax

client.put_inline_policy_to_permission_set(
    InstanceArn='string',
    PermissionSetArn='string',
    InlinePolicy='string'
)
type InstanceArn:

string

param InstanceArn:

[REQUIRED]

The ARN of the SSO instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.

type PermissionSetArn:

string

param PermissionSetArn:

[REQUIRED]

The ARN of the permission set.

type InlinePolicy:

string

param InlinePolicy:

[REQUIRED]

The IAM inline policy to attach to a PermissionSet.

rtype:

dict

returns:

Response Syntax

{}

Response Structure

  • (dict) --

DetachManagedPolicyFromPermissionSet (new) Link ¶

Detaches the attached IAM managed policy ARN from the specified permission set.

See also: AWS API Documentation

Request Syntax

client.detach_managed_policy_from_permission_set(
    InstanceArn='string',
    PermissionSetArn='string',
    ManagedPolicyArn='string'
)
type InstanceArn:

string

param InstanceArn:

[REQUIRED]

The ARN of the SSO instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.

type PermissionSetArn:

string

param PermissionSetArn:

[REQUIRED]

The ARN of the PermissionSet from which the policy should be detached.

type ManagedPolicyArn:

string

param ManagedPolicyArn:

[REQUIRED]

The IAM managed policy ARN to be attached to a permission set.

rtype:

dict

returns:

Response Syntax

{}

Response Structure

  • (dict) --

ListManagedPoliciesInPermissionSet (new) Link ¶

Lists the IAM managed policy that is attached to a specified permission set.

See also: AWS API Documentation

Request Syntax

client.list_managed_policies_in_permission_set(
    InstanceArn='string',
    PermissionSetArn='string',
    MaxResults=123,
    NextToken='string'
)
type InstanceArn:

string

param InstanceArn:

[REQUIRED]

The ARN of the SSO instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.

type PermissionSetArn:

string

param PermissionSetArn:

[REQUIRED]

The ARN of the PermissionSet whose managed policies will be listed.

type MaxResults:

integer

param MaxResults:

The maximum number of results to display for the PermissionSet.

type NextToken:

string

param NextToken:

The pagination token for the list API. Initially the value is null. Use the output of previous API calls to make subsequent calls.

rtype:

dict

returns:

Response Syntax

{
    'AttachedManagedPolicies': [
        {
            'Name': 'string',
            'Arn': 'string'
        },
    ],
    'NextToken': 'string'
}

Response Structure

  • (dict) --

    • AttachedManagedPolicies (list) --

      The array of the AttachedManagedPolicy data type object.

      • (dict) --

        A structure that stores the details of the IAM managed policy.

    • NextToken (string) --

      The pagination token for the list API. Initially the value is null. Use the output of previous API calls to make subsequent calls.

ListAccountAssignmentCreationStatus (new) Link ¶

Lists the status of the AWS account assignment creation requests for a specified SSO instance.

See also: AWS API Documentation

Request Syntax

client.list_account_assignment_creation_status(
    InstanceArn='string',
    MaxResults=123,
    NextToken='string',
    Filter={
        'Status': 'IN_PROGRESS'|'FAILED'|'SUCCEEDED'
    }
)
type InstanceArn:

string

param InstanceArn:

[REQUIRED]

The ARN of the SSO instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.

type MaxResults:

integer

param MaxResults:

The maximum number of results to display for the assignment.

type NextToken:

string

param NextToken:

The pagination token for the list API. Initially the value is null. Use the output of previous API calls to make subsequent calls.

type Filter:

dict

param Filter:

Filters results based on the passed attribute value.

  • Status (string) --

    Filters the list operations result based on the status attribute.

rtype:

dict

returns:

Response Syntax

{
    'AccountAssignmentsCreationStatus': [
        {
            'Status': 'IN_PROGRESS'|'FAILED'|'SUCCEEDED',
            'RequestId': 'string',
            'CreatedDate': datetime(2015, 1, 1)
        },
    ],
    'NextToken': 'string'
}

Response Structure

  • (dict) --

    • AccountAssignmentsCreationStatus (list) --

      The status object for the account assignment creation operation.

      • (dict) --

        Provides information about the AccountAssignment creation request.

        • Status (string) --

          The status of the permission set provisioning process.

        • RequestId (string) --

          The identifier for tracking the request operation that is generated by the universally unique identifier (UUID) workflow.

        • CreatedDate (datetime) --

          The date that the permission set was created.

    • NextToken (string) --

      The pagination token for the list API. Initially the value is null. Use the output of previous API calls to make subsequent calls.

DeleteAccountAssignment (new) Link ¶

Deletes a principal's access from a specified AWS account using a specified permission set.

See also: AWS API Documentation

Request Syntax

client.delete_account_assignment(
    InstanceArn='string',
    TargetId='string',
    TargetType='AWS_ACCOUNT',
    PermissionSetArn='string',
    PrincipalType='USER'|'GROUP',
    PrincipalId='string'
)
type InstanceArn:

string

param InstanceArn:

[REQUIRED]

The ARN of the SSO instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.

type TargetId:

string

param TargetId:

[REQUIRED]

The identifier for the chosen target.

type TargetType:

string

param TargetType:

[REQUIRED]

The entity type for which the assignment will be deleted.

type PermissionSetArn:

string

param PermissionSetArn:

[REQUIRED]

The ARN of the permission set that will be used to remove access.

type PrincipalType:

string

param PrincipalType:

[REQUIRED]

The entity type for which the assignment will be deleted.

type PrincipalId:

string

param PrincipalId:

[REQUIRED]

The identifier of the principal.

rtype:

dict

returns:

Response Syntax

{
    'AccountAssignmentDeletionStatus': {
        'Status': 'IN_PROGRESS'|'FAILED'|'SUCCEEDED',
        'RequestId': 'string',
        'FailureReason': 'string',
        'TargetId': 'string',
        'TargetType': 'AWS_ACCOUNT',
        'PermissionSetArn': 'string',
        'PrincipalType': 'USER'|'GROUP',
        'PrincipalId': 'string',
        'CreatedDate': datetime(2015, 1, 1)
    }
}

Response Structure

  • (dict) --

    • AccountAssignmentDeletionStatus (dict) --

      The status object for the account assignment deletion operation.

      • Status (string) --

        The status of the permission set provisioning process.

      • RequestId (string) --

        The identifier for tracking the request operation that is generated by the universally unique identifier (UUID) workflow.

      • FailureReason (string) --

        The message that contains an error or exception in case of an operation failure.

      • TargetId (string) --

        The identifier for the chosen target.

      • TargetType (string) --

        The entity type for which the assignment will be created.

      • PermissionSetArn (string) --

        The ARN of the permission set. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.

      • PrincipalType (string) --

        The entity type for which the assignment will be created.

      • PrincipalId (string) --

        The identifier of the principal.

      • CreatedDate (datetime) --

        The date that the permission set was created.

DescribeAccountAssignmentCreationStatus (new) Link ¶

Describes the status of the assignment creation request.

See also: AWS API Documentation

Request Syntax

client.describe_account_assignment_creation_status(
    InstanceArn='string',
    AccountAssignmentCreationRequestId='string'
)
type InstanceArn:

string

param InstanceArn:

[REQUIRED]

The ARN of the SSO instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.

type AccountAssignmentCreationRequestId:

string

param AccountAssignmentCreationRequestId:

[REQUIRED]

The identifier that is used to track the request operation progress.

rtype:

dict

returns:

Response Syntax

{
    'AccountAssignmentCreationStatus': {
        'Status': 'IN_PROGRESS'|'FAILED'|'SUCCEEDED',
        'RequestId': 'string',
        'FailureReason': 'string',
        'TargetId': 'string',
        'TargetType': 'AWS_ACCOUNT',
        'PermissionSetArn': 'string',
        'PrincipalType': 'USER'|'GROUP',
        'PrincipalId': 'string',
        'CreatedDate': datetime(2015, 1, 1)
    }
}

Response Structure

  • (dict) --

    • AccountAssignmentCreationStatus (dict) --

      The status object for the account assignment creation operation.

      • Status (string) --

        The status of the permission set provisioning process.

      • RequestId (string) --

        The identifier for tracking the request operation that is generated by the universally unique identifier (UUID) workflow.

      • FailureReason (string) --

        The message that contains an error or exception in case of an operation failure.

      • TargetId (string) --

        The identifier for the chosen target.

      • TargetType (string) --

        The entity type for which the assignment will be created.

      • PermissionSetArn (string) --

        The ARN of the permission set. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.

      • PrincipalType (string) --

        The entity type for which the assignment will be created.

      • PrincipalId (string) --

        The identifier of the principal.

      • CreatedDate (datetime) --

        The date that the permission set was created.

ProvisionPermissionSet (new) Link ¶

The process by which a specified permission set is provisioned to the specified target.

See also: AWS API Documentation

Request Syntax

client.provision_permission_set(
    InstanceArn='string',
    PermissionSetArn='string',
    TargetId='string',
    TargetType='AWS_ACCOUNT'|'ALL_PROVISIONED_ACCOUNTS'
)
type InstanceArn:

string

param InstanceArn:

[REQUIRED]

The ARN of the SSO instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.

type PermissionSetArn:

string

param PermissionSetArn:

[REQUIRED]

The ARN of the permission set.

type TargetId:

string

param TargetId:

The identifier for the chosen target.

type TargetType:

string

param TargetType:

[REQUIRED]

The entity type for which the assignment will be created.

rtype:

dict

returns:

Response Syntax

{
    'PermissionSetProvisioningStatus': {
        'Status': 'IN_PROGRESS'|'FAILED'|'SUCCEEDED',
        'RequestId': 'string',
        'AccountId': 'string',
        'PermissionSetArn': 'string',
        'FailureReason': 'string',
        'CreatedDate': datetime(2015, 1, 1)
    }
}

Response Structure

  • (dict) --

    • PermissionSetProvisioningStatus (dict) --

      The status object for the permission set provisioning operation.

      • Status (string) --

        The status of the permission set provisioning process.

      • RequestId (string) --

        The identifier for tracking the request operation that is generated by the universally unique identifier (UUID) workflow.

      • AccountId (string) --

        The identifier of the AWS account from which to list the assignments.

      • PermissionSetArn (string) --

        The ARN of the permission set that is being provisioned. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.

      • FailureReason (string) --

        The message that contains an error or exception in case of an operation failure.

      • CreatedDate (datetime) --

        The date that the permission set was created.

ListPermissionSets (new) Link ¶

Lists the PermissionSets in an SSO instance.

See also: AWS API Documentation

Request Syntax

client.list_permission_sets(
    InstanceArn='string',
    NextToken='string',
    MaxResults=123
)
type InstanceArn:

string

param InstanceArn:

[REQUIRED]

The ARN of the SSO instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.

type NextToken:

string

param NextToken:

The pagination token for the list API. Initially the value is null. Use the output of previous API calls to make subsequent calls.

type MaxResults:

integer

param MaxResults:

The maximum number of results to display for the assignment.

rtype:

dict

returns:

Response Syntax

{
    'PermissionSets': [
        'string',
    ],
    'NextToken': 'string'
}

Response Structure

  • (dict) --

    • PermissionSets (list) --

      Defines the level of access on an AWS account.

      • (string) --

    • NextToken (string) --

      The pagination token for the list API. Initially the value is null. Use the output of previous API calls to make subsequent calls.

UpdatePermissionSet (new) Link ¶

Updates an existing permission set.

See also: AWS API Documentation

Request Syntax

client.update_permission_set(
    InstanceArn='string',
    PermissionSetArn='string',
    Description='string',
    SessionDuration='string',
    RelayState='string'
)
type InstanceArn:

string

param InstanceArn:

[REQUIRED]

The ARN of the SSO instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.

type PermissionSetArn:

string

param PermissionSetArn:

[REQUIRED]

The ARN of the permission set.

type Description:

string

param Description:

The description of the PermissionSet.

type SessionDuration:

string

param SessionDuration:

The length of time that the application user sessions are valid for in the ISO-8601 standard.

type RelayState:

string

param RelayState:

Used to redirect users within the application during the federation authentication process.

rtype:

dict

returns:

Response Syntax

{}

Response Structure

  • (dict) --

TagResource (new) Link ¶

Associates a set of tags with a specified resource.

See also: AWS API Documentation

Request Syntax

client.tag_resource(
    InstanceArn='string',
    ResourceArn='string',
    Tags=[
        {
            'Key': 'string',
            'Value': 'string'
        },
    ]
)
type InstanceArn:

string

param InstanceArn:

[REQUIRED]

The ARN of the SSO instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.

type ResourceArn:

string

param ResourceArn:

[REQUIRED]

The ARN of the resource with the tags to be listed.

type Tags:

list

param Tags:

[REQUIRED]

A set of key-value pairs that are used to manage the resource.

  • (dict) --

    A set of key-value pairs that are used to manage the resource. Tags can only be applied to permission sets and cannot be applied to corresponding roles that AWS SSO creates in AWS accounts.

    • Key (string) --

      The key for the tag.

    • Value (string) --

      The value of the tag.

rtype:

dict

returns:

Response Syntax

{}

Response Structure

  • (dict) --

DeleteInlinePolicyFromPermissionSet (new) Link ¶

Deletes the inline policy from a specified permission set.

See also: AWS API Documentation

Request Syntax

client.delete_inline_policy_from_permission_set(
    InstanceArn='string',
    PermissionSetArn='string'
)
type InstanceArn:

string

param InstanceArn:

[REQUIRED]

The ARN of the SSO instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.

type PermissionSetArn:

string

param PermissionSetArn:

[REQUIRED]

The ARN of the permission set that will be used to remove access.

rtype:

dict

returns:

Response Syntax

{}

Response Structure

  • (dict) --

GetInlinePolicyForPermissionSet (new) Link ¶

Obtains the inline policy assigned to the permission set.

See also: AWS API Documentation

Request Syntax

client.get_inline_policy_for_permission_set(
    InstanceArn='string',
    PermissionSetArn='string'
)
type InstanceArn:

string

param InstanceArn:

[REQUIRED]

The ARN of the SSO instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.

type PermissionSetArn:

string

param PermissionSetArn:

[REQUIRED]

The ARN of the permission set.

rtype:

dict

returns:

Response Syntax

{
    'InlinePolicy': 'string'
}

Response Structure

  • (dict) --

    • InlinePolicy (string) --

      The IAM inline policy that is attached to the permission set.

ListTagsForResource (new) Link ¶

Lists the tags that are attached to a specified resource.

See also: AWS API Documentation

Request Syntax

client.list_tags_for_resource(
    InstanceArn='string',
    ResourceArn='string',
    NextToken='string'
)
type InstanceArn:

string

param InstanceArn:

[REQUIRED]

The ARN of the SSO instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.

type ResourceArn:

string

param ResourceArn:

[REQUIRED]

The ARN of the resource with the tags to be listed.

type NextToken:

string

param NextToken:

The pagination token for the list API. Initially the value is null. Use the output of previous API calls to make subsequent calls.

rtype:

dict

returns:

Response Syntax

{
    'Tags': [
        {
            'Key': 'string',
            'Value': 'string'
        },
    ],
    'NextToken': 'string'
}

Response Structure

  • (dict) --

    • Tags (list) --

      A set of key-value pairs that are used to manage the resource.

      • (dict) --

        A set of key-value pairs that are used to manage the resource. Tags can only be applied to permission sets and cannot be applied to corresponding roles that AWS SSO creates in AWS accounts.

        • Key (string) --

          The key for the tag.

        • Value (string) --

          The value of the tag.

    • NextToken (string) --

      The pagination token for the list API. Initially the value is null. Use the output of previous API calls to make subsequent calls.

ListAccountsForProvisionedPermissionSet (new) Link ¶

Lists all the AWS accounts where the specified permission set is provisioned.

See also: AWS API Documentation

Request Syntax

client.list_accounts_for_provisioned_permission_set(
    InstanceArn='string',
    PermissionSetArn='string',
    ProvisioningStatus='LATEST_PERMISSION_SET_PROVISIONED'|'LATEST_PERMISSION_SET_NOT_PROVISIONED',
    MaxResults=123,
    NextToken='string'
)
type InstanceArn:

string

param InstanceArn:

[REQUIRED]

The ARN of the SSO instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.

type PermissionSetArn:

string

param PermissionSetArn:

[REQUIRED]

The ARN of the PermissionSet from which the associated AWS accounts will be listed.

type ProvisioningStatus:

string

param ProvisioningStatus:

The permission set provisioning status for an AWS account.

type MaxResults:

integer

param MaxResults:

The maximum number of results to display for the PermissionSet.

type NextToken:

string

param NextToken:

The pagination token for the list API. Initially the value is null. Use the output of previous API calls to make subsequent calls.

rtype:

dict

returns:

Response Syntax

{
    'AccountIds': [
        'string',
    ],
    'NextToken': 'string'
}

Response Structure

  • (dict) --

    • AccountIds (list) --

      The list of AWS AccountIds.

      • (string) --

    • NextToken (string) --

      The pagination token for the list API. Initially the value is null. Use the output of previous API calls to make subsequent calls.

CreateAccountAssignment (new) Link ¶

Assigns access to a principal for a specified AWS account using a specified permission set.

See also: AWS API Documentation

Request Syntax

client.create_account_assignment(
    InstanceArn='string',
    TargetId='string',
    TargetType='AWS_ACCOUNT',
    PermissionSetArn='string',
    PrincipalType='USER'|'GROUP',
    PrincipalId='string'
)
type InstanceArn:

string

param InstanceArn:

[REQUIRED]

The ARN of the SSO instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.

type TargetId:

string

param TargetId:

[REQUIRED]

The identifier for the chosen target.

type TargetType:

string

param TargetType:

[REQUIRED]

The entity type for which the assignment will be created.

type PermissionSetArn:

string

param PermissionSetArn:

[REQUIRED]

The ARN of the permission set that the admin wants to grant the principal access to.

type PrincipalType:

string

param PrincipalType:

[REQUIRED]

The entity type for which the assignment will be created.

type PrincipalId:

string

param PrincipalId:

[REQUIRED]

The identifier of the principal.

rtype:

dict

returns:

Response Syntax

{
    'AccountAssignmentCreationStatus': {
        'Status': 'IN_PROGRESS'|'FAILED'|'SUCCEEDED',
        'RequestId': 'string',
        'FailureReason': 'string',
        'TargetId': 'string',
        'TargetType': 'AWS_ACCOUNT',
        'PermissionSetArn': 'string',
        'PrincipalType': 'USER'|'GROUP',
        'PrincipalId': 'string',
        'CreatedDate': datetime(2015, 1, 1)
    }
}

Response Structure

  • (dict) --

    • AccountAssignmentCreationStatus (dict) --

      The status object for the account assignment creation operation.

      • Status (string) --

        The status of the permission set provisioning process.

      • RequestId (string) --

        The identifier for tracking the request operation that is generated by the universally unique identifier (UUID) workflow.

      • FailureReason (string) --

        The message that contains an error or exception in case of an operation failure.

      • TargetId (string) --

        The identifier for the chosen target.

      • TargetType (string) --

        The entity type for which the assignment will be created.

      • PermissionSetArn (string) --

        The ARN of the permission set. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.

      • PrincipalType (string) --

        The entity type for which the assignment will be created.

      • PrincipalId (string) --

        The identifier of the principal.

      • CreatedDate (datetime) --

        The date that the permission set was created.

ListPermissionSetProvisioningStatus (new) Link ¶

Lists the status of the permission set provisioning requests for a specified SSO instance.

See also: AWS API Documentation

Request Syntax

client.list_permission_set_provisioning_status(
    InstanceArn='string',
    MaxResults=123,
    NextToken='string',
    Filter={
        'Status': 'IN_PROGRESS'|'FAILED'|'SUCCEEDED'
    }
)
type InstanceArn:

string

param InstanceArn:

[REQUIRED]

The ARN of the SSO instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.

type MaxResults:

integer

param MaxResults:

The maximum number of results to display for the assignment.

type NextToken:

string

param NextToken:

The pagination token for the list API. Initially the value is null. Use the output of previous API calls to make subsequent calls.

type Filter:

dict

param Filter:

Filters results based on the passed attribute value.

  • Status (string) --

    Filters the list operations result based on the status attribute.

rtype:

dict

returns:

Response Syntax

{
    'PermissionSetsProvisioningStatus': [
        {
            'Status': 'IN_PROGRESS'|'FAILED'|'SUCCEEDED',
            'RequestId': 'string',
            'CreatedDate': datetime(2015, 1, 1)
        },
    ],
    'NextToken': 'string'
}

Response Structure

  • (dict) --

    • PermissionSetsProvisioningStatus (list) --

      The status object for the permission set provisioning operation.

      • (dict) --

        Provides information about the permission set provisioning status.

        • Status (string) --

          The status of the permission set provisioning process.

        • RequestId (string) --

          The identifier for tracking the request operation that is generated by the universally unique identifier (UUID) workflow.

        • CreatedDate (datetime) --

          The date that the permission set was created.

    • NextToken (string) --

      The pagination token for the list API. Initially the value is null. Use the output of previous API calls to make subsequent calls.

ListAccountAssignments (new) Link ¶

Lists the assignee of the specified AWS account with the specified permission set.

See also: AWS API Documentation

Request Syntax

client.list_account_assignments(
    InstanceArn='string',
    AccountId='string',
    PermissionSetArn='string',
    MaxResults=123,
    NextToken='string'
)
type InstanceArn:

string

param InstanceArn:

[REQUIRED]

The ARN of the SSO instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.

type AccountId:

string

param AccountId:

[REQUIRED]

The identifier of the AWS account from which to list the assignments.

type PermissionSetArn:

string

param PermissionSetArn:

[REQUIRED]

The ARN of the permission set from which to list assignments.

type MaxResults:

integer

param MaxResults:

The maximum number of results to display for the assignment.

type NextToken:

string

param NextToken:

The pagination token for the list API. Initially the value is null. Use the output of previous API calls to make subsequent calls.

rtype:

dict

returns:

Response Syntax

{
    'AccountAssignments': [
        {
            'AccountId': 'string',
            'PermissionSetArn': 'string',
            'PrincipalType': 'USER'|'GROUP',
            'PrincipalId': 'string'
        },
    ],
    'NextToken': 'string'
}

Response Structure

  • (dict) --

    • AccountAssignments (list) --

      The list of assignments that match the input AWS account and permission set.

      • (dict) --

        The assignment that indicates a principal's limited access to a specified AWS account with a specified permission set.

        • AccountId (string) --

          The identifier of the AWS account.

        • PermissionSetArn (string) --

          The ARN of the permission set. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.

        • PrincipalType (string) --

          The entity type for which the assignment will be created.

        • PrincipalId (string) --

          The identifier of the principal.

    • NextToken (string) --

      The pagination token for the list API. Initially the value is null. Use the output of previous API calls to make subsequent calls.

DescribePermissionSet (new) Link ¶

Gets the details of the permission set.

See also: AWS API Documentation

Request Syntax

client.describe_permission_set(
    InstanceArn='string',
    PermissionSetArn='string'
)
type InstanceArn:

string

param InstanceArn:

[REQUIRED]

The ARN of the SSO instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.

type PermissionSetArn:

string

param PermissionSetArn:

[REQUIRED]

The ARN of the permission set.

rtype:

dict

returns:

Response Syntax

{
    'PermissionSet': {
        'Name': 'string',
        'PermissionSetArn': 'string',
        'Description': 'string',
        'CreatedDate': datetime(2015, 1, 1),
        'SessionDuration': 'string',
        'RelayState': 'string'
    }
}

Response Structure

  • (dict) --

    • PermissionSet (dict) --

      Describes the level of access on an AWS account.

      • Name (string) --

        The name of the permission set.

      • PermissionSetArn (string) --

        The ARN of the permission set. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.

      • Description (string) --

        The description of the PermissionSet.

      • CreatedDate (datetime) --

        The date that the permission set was created.

      • SessionDuration (string) --

        The length of time that the application user sessions are valid for in the ISO-8601 standard.

      • RelayState (string) --

        Used to redirect users within the application during the federation authentication process.

ListInstances (new) Link ¶

Lists the SSO instances that the caller has access to.

See also: AWS API Documentation

Request Syntax

client.list_instances(
    MaxResults=123,
    NextToken='string'
)
type MaxResults:

integer

param MaxResults:

The maximum number of results to display for the instance.

type NextToken:

string

param NextToken:

The pagination token for the list API. Initially the value is null. Use the output of previous API calls to make subsequent calls.

rtype:

dict

returns:

Response Syntax

{
    'Instances': [
        {
            'InstanceArn': 'string',
            'IdentityStoreId': 'string'
        },
    ],
    'NextToken': 'string'
}

Response Structure

  • (dict) --

    • Instances (list) --

      Lists the SSO instances that the caller has access to.

      • (dict) --

        Provides information about the SSO instance.

        • InstanceArn (string) --

          The ARN of the SSO instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.

        • IdentityStoreId (string) --

          The identifier of the identity store that is connected to the SSO instance.

    • NextToken (string) --

      The pagination token for the list API. Initially the value is null. Use the output of previous API calls to make subsequent calls.

DescribeAccountAssignmentDeletionStatus (new) Link ¶

Describes the status of the assignment deletion request.

See also: AWS API Documentation

Request Syntax

client.describe_account_assignment_deletion_status(
    InstanceArn='string',
    AccountAssignmentDeletionRequestId='string'
)
type InstanceArn:

string

param InstanceArn:

[REQUIRED]

The ARN of the SSO instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.

type AccountAssignmentDeletionRequestId:

string

param AccountAssignmentDeletionRequestId:

[REQUIRED]

The identifier that is used to track the request operation progress.

rtype:

dict

returns:

Response Syntax

{
    'AccountAssignmentDeletionStatus': {
        'Status': 'IN_PROGRESS'|'FAILED'|'SUCCEEDED',
        'RequestId': 'string',
        'FailureReason': 'string',
        'TargetId': 'string',
        'TargetType': 'AWS_ACCOUNT',
        'PermissionSetArn': 'string',
        'PrincipalType': 'USER'|'GROUP',
        'PrincipalId': 'string',
        'CreatedDate': datetime(2015, 1, 1)
    }
}

Response Structure

  • (dict) --

    • AccountAssignmentDeletionStatus (dict) --

      The status object for the account assignment deletion operation.

      • Status (string) --

        The status of the permission set provisioning process.

      • RequestId (string) --

        The identifier for tracking the request operation that is generated by the universally unique identifier (UUID) workflow.

      • FailureReason (string) --

        The message that contains an error or exception in case of an operation failure.

      • TargetId (string) --

        The identifier for the chosen target.

      • TargetType (string) --

        The entity type for which the assignment will be created.

      • PermissionSetArn (string) --

        The ARN of the permission set. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.

      • PrincipalType (string) --

        The entity type for which the assignment will be created.

      • PrincipalId (string) --

        The identifier of the principal.

      • CreatedDate (datetime) --

        The date that the permission set was created.

CreatePermissionSet (new) Link ¶

Creates a permission set within a specified SSO instance.

See also: AWS API Documentation

Request Syntax

client.create_permission_set(
    Name='string',
    Description='string',
    InstanceArn='string',
    SessionDuration='string',
    RelayState='string',
    Tags=[
        {
            'Key': 'string',
            'Value': 'string'
        },
    ]
)
type Name:

string

param Name:

[REQUIRED]

The name of the PermissionSet.

type Description:

string

param Description:

The description of the PermissionSet.

type InstanceArn:

string

param InstanceArn:

[REQUIRED]

The ARN of the SSO instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.

type SessionDuration:

string

param SessionDuration:

The length of time that the application user sessions are valid in the ISO-8601 standard.

type RelayState:

string

param RelayState:

Used to redirect users within the application during the federation authentication process.

type Tags:

list

param Tags:

The tags to attach to the new PermissionSet.

  • (dict) --

    A set of key-value pairs that are used to manage the resource. Tags can only be applied to permission sets and cannot be applied to corresponding roles that AWS SSO creates in AWS accounts.

    • Key (string) --

      The key for the tag.

    • Value (string) --

      The value of the tag.

rtype:

dict

returns:

Response Syntax

{
    'PermissionSet': {
        'Name': 'string',
        'PermissionSetArn': 'string',
        'Description': 'string',
        'CreatedDate': datetime(2015, 1, 1),
        'SessionDuration': 'string',
        'RelayState': 'string'
    }
}

Response Structure

  • (dict) --

    • PermissionSet (dict) --

      Defines the level of access on an AWS account.

      • Name (string) --

        The name of the permission set.

      • PermissionSetArn (string) --

        The ARN of the permission set. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.

      • Description (string) --

        The description of the PermissionSet.

      • CreatedDate (datetime) --

        The date that the permission set was created.

      • SessionDuration (string) --

        The length of time that the application user sessions are valid for in the ISO-8601 standard.

      • RelayState (string) --

        Used to redirect users within the application during the federation authentication process.

DescribePermissionSetProvisioningStatus (new) Link ¶

Describes the status for the given permission set provisioning request.

See also: AWS API Documentation

Request Syntax

client.describe_permission_set_provisioning_status(
    InstanceArn='string',
    ProvisionPermissionSetRequestId='string'
)
type InstanceArn:

string

param InstanceArn:

[REQUIRED]

The ARN of the SSO instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.

type ProvisionPermissionSetRequestId:

string

param ProvisionPermissionSetRequestId:

[REQUIRED]

The identifier that is provided by the ProvisionPermissionSet call to retrieve the current status of the provisioning workflow.

rtype:

dict

returns:

Response Syntax

{
    'PermissionSetProvisioningStatus': {
        'Status': 'IN_PROGRESS'|'FAILED'|'SUCCEEDED',
        'RequestId': 'string',
        'AccountId': 'string',
        'PermissionSetArn': 'string',
        'FailureReason': 'string',
        'CreatedDate': datetime(2015, 1, 1)
    }
}

Response Structure

  • (dict) --

    • PermissionSetProvisioningStatus (dict) --

      The status object for the permission set provisioning operation.

      • Status (string) --

        The status of the permission set provisioning process.

      • RequestId (string) --

        The identifier for tracking the request operation that is generated by the universally unique identifier (UUID) workflow.

      • AccountId (string) --

        The identifier of the AWS account from which to list the assignments.

      • PermissionSetArn (string) --

        The ARN of the permission set that is being provisioned. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.

      • FailureReason (string) --

        The message that contains an error or exception in case of an operation failure.

      • CreatedDate (datetime) --

        The date that the permission set was created.