AWS Single Sign-On Admin

2022/07/18 - AWS Single Sign-On Admin - 6 new api methods

Changes  AWS SSO now supports attaching customer managed policies and a permissions boundary to your permission sets. This release adds new API operations to manage and view the customer managed policies and the permissions boundary for a given permission set.

ListCustomerManagedPolicyReferencesInPermissionSet (new) Link ¶

Lists all IAM customer managed policies attached to a specified PermissionSet.

See also: AWS API Documentation

Request Syntax

client.list_customer_managed_policy_references_in_permission_set(
    InstanceArn='string',
    PermissionSetArn='string',
    MaxResults=123,
    NextToken='string'
)
type InstanceArn:

string

param InstanceArn:

[REQUIRED]

The ARN of the SSO instance under which the operation will be executed.

type PermissionSetArn:

string

param PermissionSetArn:

[REQUIRED]

The ARN of the PermissionSet.

type MaxResults:

integer

param MaxResults:

The maximum number of results to display for the list call.

type NextToken:

string

param NextToken:

The pagination token for the list API. Initially the value is null. Use the output of previous API calls to make subsequent calls.

rtype:

dict

returns:

Response Syntax

{
    'CustomerManagedPolicyReferences': [
        {
            'Name': 'string',
            'Path': 'string'
        },
    ],
    'NextToken': 'string'
}

Response Structure

  • (dict) --

    • CustomerManagedPolicyReferences (list) --

      Specifies the names and paths of the IAM customer managed policies that you have attached to your permission set.

      • (dict) --

        Specifies the name and path of the IAM customer managed policy. You must have an IAM policy that matches the name and path in each Amazon Web Services account where you want to deploy your permission set.

        • Name (string) --

          The name of the policy document.

        • Path (string) --

          The path for the policy. The default is /. For more information, see Friendly names and paths in the Identity and Access Management user guide.

    • NextToken (string) --

      The pagination token for the list API. Initially the value is null. Use the output of previous API calls to make subsequent calls.

PutPermissionsBoundaryToPermissionSet (new) Link ¶

Attaches an Amazon Web Services managed or customer managed IAM policy to the specified PermissionSet as a permissions boundary.

See also: AWS API Documentation

Request Syntax

client.put_permissions_boundary_to_permission_set(
    InstanceArn='string',
    PermissionSetArn='string',
    PermissionsBoundary={
        'CustomerManagedPolicyReference': {
            'Name': 'string',
            'Path': 'string'
        },
        'ManagedPolicyArn': 'string'
    }
)
type InstanceArn:

string

param InstanceArn:

[REQUIRED]

The ARN of the SSO instance under which the operation will be executed.

type PermissionSetArn:

string

param PermissionSetArn:

[REQUIRED]

The ARN of the PermissionSet.

type PermissionsBoundary:

dict

param PermissionsBoundary:

[REQUIRED]

The permissions boundary that you want to attach to a PermissionSet.

  • CustomerManagedPolicyReference (dict) --

    Specifies the name and path of the IAM customer managed policy. You must have an IAM policy that matches the name and path in each Amazon Web Services account where you want to deploy your permission set.

    • Name (string) -- [REQUIRED]

      The name of the policy document.

    • Path (string) --

      The path for the policy. The default is /. For more information, see Friendly names and paths in the Identity and Access Management user guide.

  • ManagedPolicyArn (string) --

    The Amazon Web Services managed policy ARN that you want to attach to a permission set as a permissions boundary.

rtype:

dict

returns:

Response Syntax

{}

Response Structure

  • (dict) --

GetPermissionsBoundaryForPermissionSet (new) Link ¶

Obtains the permissions boundary for a specified PermissionSet.

See also: AWS API Documentation

Request Syntax

client.get_permissions_boundary_for_permission_set(
    InstanceArn='string',
    PermissionSetArn='string'
)
type InstanceArn:

string

param InstanceArn:

[REQUIRED]

The ARN of the SSO instance under which the operation will be executed.

type PermissionSetArn:

string

param PermissionSetArn:

[REQUIRED]

The ARN of the PermissionSet.

rtype:

dict

returns:

Response Syntax

{
    'PermissionsBoundary': {
        'CustomerManagedPolicyReference': {
            'Name': 'string',
            'Path': 'string'
        },
        'ManagedPolicyArn': 'string'
    }
}

Response Structure

  • (dict) --

    • PermissionsBoundary (dict) --

      The permissions boundary attached to the specified permission set.

      • CustomerManagedPolicyReference (dict) --

        Specifies the name and path of the IAM customer managed policy. You must have an IAM policy that matches the name and path in each Amazon Web Services account where you want to deploy your permission set.

        • Name (string) --

          The name of the policy document.

        • Path (string) --

          The path for the policy. The default is /. For more information, see Friendly names and paths in the Identity and Access Management user guide.

      • ManagedPolicyArn (string) --

        The Amazon Web Services managed policy ARN that you want to attach to a permission set as a permissions boundary.

DetachCustomerManagedPolicyReferenceFromPermissionSet (new) Link ¶

Detaches the specified IAM customer managed policy from the specified PermissionSet.

See also: AWS API Documentation

Request Syntax

client.detach_customer_managed_policy_reference_from_permission_set(
    InstanceArn='string',
    PermissionSetArn='string',
    CustomerManagedPolicyReference={
        'Name': 'string',
        'Path': 'string'
    }
)
type InstanceArn:

string

param InstanceArn:

[REQUIRED]

The ARN of the SSO instance under which the operation will be executed.

type PermissionSetArn:

string

param PermissionSetArn:

[REQUIRED]

The ARN of the PermissionSet.

type CustomerManagedPolicyReference:

dict

param CustomerManagedPolicyReference:

[REQUIRED]

Specifies the name and path of the IAM customer managed policy. You must have an IAM policy that matches the name and path in each Amazon Web Services account where you want to deploy your permission set.

  • Name (string) -- [REQUIRED]

    The name of the policy document.

  • Path (string) --

    The path for the policy. The default is /. For more information, see Friendly names and paths in the Identity and Access Management user guide.

rtype:

dict

returns:

Response Syntax

{}

Response Structure

  • (dict) --

DeletePermissionsBoundaryFromPermissionSet (new) Link ¶

Deletes the permissions boundary from a specified PermissionSet.

See also: AWS API Documentation

Request Syntax

client.delete_permissions_boundary_from_permission_set(
    InstanceArn='string',
    PermissionSetArn='string'
)
type InstanceArn:

string

param InstanceArn:

[REQUIRED]

The ARN of the SSO instance under which the operation will be executed.

type PermissionSetArn:

string

param PermissionSetArn:

[REQUIRED]

The ARN of the PermissionSet.

rtype:

dict

returns:

Response Syntax

{}

Response Structure

  • (dict) --

AttachCustomerManagedPolicyReferenceToPermissionSet (new) Link ¶

Attaches the specified IAM customer managed policy to the specified PermissionSet.

See also: AWS API Documentation

Request Syntax

client.attach_customer_managed_policy_reference_to_permission_set(
    InstanceArn='string',
    PermissionSetArn='string',
    CustomerManagedPolicyReference={
        'Name': 'string',
        'Path': 'string'
    }
)
type InstanceArn:

string

param InstanceArn:

[REQUIRED]

The ARN of the SSO instance under which the operation will be executed.

type PermissionSetArn:

string

param PermissionSetArn:

[REQUIRED]

The ARN of the PermissionSet.

type CustomerManagedPolicyReference:

dict

param CustomerManagedPolicyReference:

[REQUIRED]

Specifies the name and path of the IAM customer managed policy. You must have an IAM policy that matches the name and path in each Amazon Web Services account where you want to deploy your permission set.

  • Name (string) -- [REQUIRED]

    The name of the policy document.

  • Path (string) --

    The path for the policy. The default is /. For more information, see Friendly names and paths in the Identity and Access Management user guide.

rtype:

dict

returns:

Response Syntax

{}

Response Structure

  • (dict) --