AWS Multi-party Approval

2025/06/17 - AWS Multi-party Approval - 21 new api methods

Changes  This release enables customers to create Multi-party approval teams and approval requests to protect supported operations.

GetIdentitySource (new) Link ¶

Returns details for an identity source. For more information, see Identity Source in the Multi-party approval User Guide.

See also: AWS API Documentation

Request Syntax

client.get_identity_source(
    IdentitySourceArn='string'
)
type IdentitySourceArn:

string

param IdentitySourceArn:

[REQUIRED]

Amazon Resource Name (ARN) for the identity source.

rtype:

dict

returns:

Response Syntax

{
    'IdentitySourceType': 'IAM_IDENTITY_CENTER',
    'IdentitySourceParameters': {
        'IamIdentityCenter': {
            'InstanceArn': 'string',
            'ApprovalPortalUrl': 'string',
            'Region': 'string'
        }
    },
    'IdentitySourceArn': 'string',
    'CreationTime': datetime(2015, 1, 1),
    'Status': 'CREATING'|'ACTIVE'|'DELETING'|'ERROR',
    'StatusCode': 'ACCESS_DENIED'|'DELETION_FAILED'|'IDC_INSTANCE_NOT_FOUND'|'IDC_INSTANCE_NOT_VALID',
    'StatusMessage': 'string'
}

Response Structure

  • (dict) --

    • IdentitySourceType (string) --

      The type of resource that provided identities to the identity source. For example, an IAM Identity Center instance.

    • IdentitySourceParameters (dict) --

      A IdentitySourceParameters object. Contains details for the resource that provides identities to the identity source. For example, an IAM Identity Center instance.

      • IamIdentityCenter (dict) --

        IAM Identity Center credentials.

        • InstanceArn (string) --

          Amazon Resource Name (ARN) for the IAM Identity Center instance.

        • ApprovalPortalUrl (string) --

          URL for the approval portal associated with the IAM Identity Center instance.

        • Region (string) --

          Amazon Web Services Region where the IAM Identity Center instance is located.

    • IdentitySourceArn (string) --

      Amazon Resource Name (ARN) for the identity source.

    • CreationTime (datetime) --

      Timestamp when the identity source was created.

    • Status (string) --

      Status for the identity source. For example, if the identity source is ACTIVE.

    • StatusCode (string) --

      Status code of the identity source.

    • StatusMessage (string) --

      Message describing the status for the identity source.

CreateIdentitySource (new) Link ¶

Creates a new identity source. For more information, see Identity Source in the Multi-party approval User Guide.

See also: AWS API Documentation

Request Syntax

client.create_identity_source(
    IdentitySourceParameters={
        'IamIdentityCenter': {
            'InstanceArn': 'string',
            'Region': 'string'
        }
    },
    ClientToken='string',
    Tags={
        'string': 'string'
    }
)
type IdentitySourceParameters:

dict

param IdentitySourceParameters:

[REQUIRED]

A IdentitySourceParameters object. Contains details for the resource that provides identities to the identity source. For example, an IAM Identity Center instance.

  • IamIdentityCenter (dict) --

    IAM Identity Center credentials.

    • InstanceArn (string) -- [REQUIRED]

      Amazon Resource Name (ARN) for the IAM Identity Center instance.

    • Region (string) -- [REQUIRED]

      Amazon Web Services Region where the IAM Identity Center instance is located.

type ClientToken:

string

param ClientToken:

Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. If not provided, the Amazon Web Services populates this field.

This field is autopopulated if not provided.

type Tags:

dict

param Tags:

Tag you want to attach to the identity source.

  • (string) --

    • (string) --

rtype:

dict

returns:

Response Syntax

{
    'IdentitySourceType': 'IAM_IDENTITY_CENTER',
    'IdentitySourceArn': 'string',
    'CreationTime': datetime(2015, 1, 1)
}

Response Structure

  • (dict) --

    • IdentitySourceType (string) --

      The type of resource that provided identities to the identity source. For example, an IAM Identity Center instance.

    • IdentitySourceArn (string) --

      Amazon Resource Name (ARN) for the identity source that was created.

    • CreationTime (datetime) --

      Timestamp when the identity source was created.

GetResourcePolicy (new) Link ¶

Returns details about a policy for a resource.

See also: AWS API Documentation

Request Syntax

client.get_resource_policy(
    ResourceArn='string',
    PolicyName='string',
    PolicyType='AWS_MANAGED'|'AWS_RAM'
)
type ResourceArn:

string

param ResourceArn:

[REQUIRED]

Amazon Resource Name (ARN) for the resource.

type PolicyName:

string

param PolicyName:

[REQUIRED]

Name of the policy.

type PolicyType:

string

param PolicyType:

[REQUIRED]

The type of policy.

rtype:

dict

returns:

Response Syntax

{
    'ResourceArn': 'string',
    'PolicyType': 'AWS_MANAGED'|'AWS_RAM',
    'PolicyVersionArn': 'string',
    'PolicyName': 'string',
    'PolicyDocument': 'string'
}

Response Structure

  • (dict) --

    • ResourceArn (string) --

      Amazon Resource Name (ARN) for the resource.

    • PolicyType (string) --

      The type of policy

    • PolicyVersionArn (string) --

      Amazon Resource Name (ARN) for the policy version.

    • PolicyName (string) --

      Name of the policy.

    • PolicyDocument (string) --

      Document that contains the contents for the policy.

ListApprovalTeams (new) Link ¶

Returns a list of approval teams.

See also: AWS API Documentation

Request Syntax

client.list_approval_teams(
    MaxResults=123,
    NextToken='string'
)
type MaxResults:

integer

param MaxResults:

The maximum number of items to return in the response. If more results exist than the specified MaxResults value, a token is included in the response so that you can retrieve the remaining results.

type NextToken:

string

param NextToken:

If present, indicates that more output is available than is included in the current response. Use this value in the NextToken request parameter in a next call to the operation to get more output. You can repeat this until the NextToken response element returns null.

rtype:

dict

returns:

Response Syntax

{
    'NextToken': 'string',
    'ApprovalTeams': [
        {
            'CreationTime': datetime(2015, 1, 1),
            'ApprovalStrategy': {
                'MofN': {
                    'MinApprovalsRequired': 123
                }
            },
            'NumberOfApprovers': 123,
            'Arn': 'string',
            'Name': 'string',
            'Description': 'string',
            'Status': 'ACTIVE'|'INACTIVE'|'DELETING'|'PENDING',
            'StatusCode': 'VALIDATING'|'PENDING_ACTIVATION'|'FAILED_VALIDATION'|'FAILED_ACTIVATION'|'UPDATE_PENDING_APPROVAL'|'UPDATE_PENDING_ACTIVATION'|'UPDATE_FAILED_APPROVAL'|'UPDATE_FAILED_ACTIVATION'|'UPDATE_FAILED_VALIDATION'|'DELETE_PENDING_APPROVAL'|'DELETE_FAILED_APPROVAL'|'DELETE_FAILED_VALIDATION',
            'StatusMessage': 'string'
        },
    ]
}

Response Structure

  • (dict) --

    • NextToken (string) --

      If present, indicates that more output is available than is included in the current response. Use this value in the NextToken request parameter in a next call to the operation to get more output. You can repeat this until the NextToken response element returns null.

    • ApprovalTeams (list) --

      An array of ListApprovalTeamsResponseApprovalTeam objects. Contains details for approval teams.

      • (dict) --

        Contains details for an approval team

        • CreationTime (datetime) --

          Timestamp when the team was created.

        • ApprovalStrategy (dict) --

          An ApprovalStrategyResponse object. Contains details for how an approval team grants approval.

          • MofN (dict) --

            Minimum number of approvals (M) required for a total number of approvers (N).

            • MinApprovalsRequired (integer) --

              Minimum number of approvals (M) required for a total number of approvers (N).

        • NumberOfApprovers (integer) --

          Total number of approvers in the team.

        • Arn (string) --

          Amazon Resource Name (ARN) for the team.

        • Name (string) --

          Name of the team.

        • Description (string) --

          Description for the team.

        • Status (string) --

          Status for the team. For more information, see Team health in the Multi-party approval User Guide.

        • StatusCode (string) --

          Status code for the team. For more information, see Team health in the Multi-party approval User Guide.

        • StatusMessage (string) --

          Message describing the status for the team.

ListSessions (new) Link ¶

Returns a list of approval sessions. For more information, see Session in the Multi-party approval User Guide.

See also: AWS API Documentation

Request Syntax

client.list_sessions(
    ApprovalTeamArn='string',
    MaxResults=123,
    NextToken='string',
    Filters=[
        {
            'FieldName': 'ActionName'|'ApprovalTeamName'|'VotingTime'|'Vote'|'SessionStatus'|'InitiationTime',
            'Operator': 'EQ'|'NE'|'GT'|'LT'|'GTE'|'LTE'|'CONTAINS'|'NOT_CONTAINS'|'BETWEEN',
            'Value': 'string'
        },
    ]
)
type ApprovalTeamArn:

string

param ApprovalTeamArn:

[REQUIRED]

Amazon Resource Name (ARN) for the approval team.

type MaxResults:

integer

param MaxResults:

The maximum number of items to return in the response. If more results exist than the specified MaxResults value, a token is included in the response so that you can retrieve the remaining results.

type NextToken:

string

param NextToken:

If present, indicates that more output is available than is included in the current response. Use this value in the NextToken request parameter in a next call to the operation to get more output. You can repeat this until the NextToken response element returns null.

type Filters:

list

param Filters:

An array of Filter objects. Contains the filter to apply when listing sessions.

  • (dict) --

    Contains the filter to apply to requests. You can specify up to 10 filters for a request.

    • FieldName (string) --

      Name of the filter to use.

    • Operator (string) --

      Operator to use for filtering.

      • EQ: Equal to the specified value

      • NE: Not equal to the specified value

      • GT: Greater than the specified value

      • LT: Less than the specified value

      • GTE: Greater than or equal to the specified value

      • LTE: Less than or equal to the specified value

      • CONTAINS: Contains the specified value

      • NOT_CONTAINS: Does not contain the specified value

      • BETWEEN: Between two values, inclusive of the specified values.

    • Value (string) --

      Value to use for filtering. For the BETWEEN operator, specify values in the format a AND b ( AND is case-insensitive).

rtype:

dict

returns:

Response Syntax

{
    'NextToken': 'string',
    'Sessions': [
        {
            'SessionArn': 'string',
            'ApprovalTeamName': 'string',
            'ApprovalTeamArn': 'string',
            'InitiationTime': datetime(2015, 1, 1),
            'ExpirationTime': datetime(2015, 1, 1),
            'CompletionTime': datetime(2015, 1, 1),
            'Description': 'string',
            'ActionName': 'string',
            'ProtectedResourceArn': 'string',
            'RequesterServicePrincipal': 'string',
            'RequesterPrincipalArn': 'string',
            'RequesterRegion': 'string',
            'RequesterAccountId': 'string',
            'Status': 'PENDING'|'CANCELLED'|'APPROVED'|'FAILED'|'CREATING',
            'StatusCode': 'REJECTED'|'EXPIRED'|'CONFIGURATION_CHANGED',
            'StatusMessage': 'string',
            'ActionCompletionStrategy': 'AUTO_COMPLETION_UPON_APPROVAL'
        },
    ]
}

Response Structure

  • (dict) --

    • NextToken (string) --

      If present, indicates that more output is available than is included in the current response. Use this value in the NextToken request parameter in a next call to the operation to get more output. You can repeat this until the NextToken response element returns null.

    • Sessions (list) --

      An array of ListSessionsResponseSession objects. Contains details for the sessions.

      • (dict) --

        Contains details for an approval session. For more information, see Session in the Multi-party approval User Guide

        • SessionArn (string) --

          Amazon Resource Name (ARN) for the session.

        • ApprovalTeamName (string) --

          Name of the approval team.

        • ApprovalTeamArn (string) --

          Amazon Resource Name (ARN) for the approval team.

        • InitiationTime (datetime) --

          Timestamp when the session was initiated.

        • ExpirationTime (datetime) --

          Timestamp when the session was expire.

        • CompletionTime (datetime) --

          Timestamp when the session was completed.

        • Description (string) --

          Description for the team.

        • ActionName (string) --

          Name of the protected operation.

        • ProtectedResourceArn (string) --

          Amazon Resource Name (ARN) for the protected operation.

        • RequesterServicePrincipal (string) --

          Service principal for the service associated with the protected operation.

        • RequesterPrincipalArn (string) --

          IAM principal that made the operation request.

        • RequesterRegion (string) --

          Amazon Web Services Region where the operation request originated.

        • RequesterAccountId (string) --

          ID for the account that made the operation request.

        • Status (string) --

          Status for the protected operation. For example, if the operation is PENDING.

        • StatusCode (string) --

          Status code of the session.

        • StatusMessage (string) --

          Message describing the status for session.

        • ActionCompletionStrategy (string) --

          Strategy for executing the protected operation. AUTO_COMPLETION_UPON_APPROVAL means the operation is executed automatically using the requester's permissions, if approved.

DeleteIdentitySource (new) Link ¶

Deletes an identity source. For more information, see Identity Source in the Multi-party approval User Guide.

See also: AWS API Documentation

Request Syntax

client.delete_identity_source(
    IdentitySourceArn='string'
)
type IdentitySourceArn:

string

param IdentitySourceArn:

[REQUIRED]

Amazon Resource Name (ARN) for identity source.

returns:

None

CreateApprovalTeam (new) Link ¶

Creates a new approval team. For more information, see Approval team in the Multi-party approval User Guide.

See also: AWS API Documentation

Request Syntax

client.create_approval_team(
    ClientToken='string',
    ApprovalStrategy={
        'MofN': {
            'MinApprovalsRequired': 123
        }
    },
    Approvers=[
        {
            'PrimaryIdentityId': 'string',
            'PrimaryIdentitySourceArn': 'string'
        },
    ],
    Description='string',
    Policies=[
        {
            'PolicyArn': 'string'
        },
    ],
    Name='string',
    Tags={
        'string': 'string'
    }
)
type ClientToken:

string

param ClientToken:

Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. If not provided, the Amazon Web Services populates this field.

This field is autopopulated if not provided.

type ApprovalStrategy:

dict

param ApprovalStrategy:

[REQUIRED]

An ApprovalStrategy object. Contains details for how the team grants approval.

  • MofN (dict) --

    Minimum number of approvals (M) required for a total number of approvers (N).

    • MinApprovalsRequired (integer) -- [REQUIRED]

      Minimum number of approvals (M) required for a total number of approvers (N).

type Approvers:

list

param Approvers:

[REQUIRED]

An array of ApprovalTeamRequesterApprovers objects. Contains details for the approvers in the team.

  • (dict) --

    Contains details for an approver.

    • PrimaryIdentityId (string) -- [REQUIRED]

      ID for the user.

    • PrimaryIdentitySourceArn (string) -- [REQUIRED]

      Amazon Resource Name (ARN) for the identity source. The identity source manages the user authentication for approvers.

type Description:

string

param Description:

[REQUIRED]

Description for the team.

type Policies:

list

param Policies:

[REQUIRED]

An array of PolicyReference objects. Contains a list of policies that define the permissions for team resources.

The protected operation for a service integration might require specific permissions. For more information, see How other services work with Multi-party approval in the Multi-party approval User Guide.

  • (dict) --

    Contains the Amazon Resource Name (ARN) for a policy. Policies define what operations a team that define the permissions for team resources.

    The protected operation for a service integration might require specific permissions. For more information, see How other services work with Multi-party approval in the Multi-party approval User Guide.

    • PolicyArn (string) -- [REQUIRED]

      Amazon Resource Name (ARN) for the policy.

type Name:

string

param Name:

[REQUIRED]

Name of the team.

type Tags:

dict

param Tags:

Tags you want to attach to the team.

  • (string) --

    • (string) --

rtype:

dict

returns:

Response Syntax

{
    'CreationTime': datetime(2015, 1, 1),
    'Arn': 'string',
    'Name': 'string',
    'VersionId': 'string'
}

Response Structure

  • (dict) --

    • CreationTime (datetime) --

      Timestamp when the team was created.

    • Arn (string) --

      Amazon Resource Name (ARN) for the team that was created.

    • Name (string) --

      Name of the team that was created.

    • VersionId (string) --

      Version ID for the team that was created. When a team is updated, the version ID changes.

GetSession (new) Link ¶

Returns details for an approval session. For more information, see Session in the Multi-party approval User Guide.

See also: AWS API Documentation

Request Syntax

client.get_session(
    SessionArn='string'
)
type SessionArn:

string

param SessionArn:

[REQUIRED]

Amazon Resource Name (ARN) for the session.

rtype:

dict

returns:

Response Syntax

{
    'SessionArn': 'string',
    'ApprovalTeamArn': 'string',
    'ApprovalTeamName': 'string',
    'ProtectedResourceArn': 'string',
    'ApprovalStrategy': {
        'MofN': {
            'MinApprovalsRequired': 123
        }
    },
    'NumberOfApprovers': 123,
    'InitiationTime': datetime(2015, 1, 1),
    'ExpirationTime': datetime(2015, 1, 1),
    'CompletionTime': datetime(2015, 1, 1),
    'Description': 'string',
    'Metadata': {
        'string': 'string'
    },
    'Status': 'PENDING'|'CANCELLED'|'APPROVED'|'FAILED'|'CREATING',
    'StatusCode': 'REJECTED'|'EXPIRED'|'CONFIGURATION_CHANGED',
    'StatusMessage': 'string',
    'ExecutionStatus': 'EXECUTED'|'FAILED'|'PENDING',
    'ActionName': 'string',
    'RequesterServicePrincipal': 'string',
    'RequesterPrincipalArn': 'string',
    'RequesterAccountId': 'string',
    'RequesterRegion': 'string',
    'RequesterComment': 'string',
    'ActionCompletionStrategy': 'AUTO_COMPLETION_UPON_APPROVAL',
    'ApproverResponses': [
        {
            'ApproverId': 'string',
            'IdentitySourceArn': 'string',
            'IdentityId': 'string',
            'Response': 'APPROVED'|'REJECTED'|'NO_RESPONSE',
            'ResponseTime': datetime(2015, 1, 1)
        },
    ]
}

Response Structure

  • (dict) --

    • SessionArn (string) --

      Amazon Resource Name (ARN) for the session.

    • ApprovalTeamArn (string) --

      Amazon Resource Name (ARN) for the approval team.

    • ApprovalTeamName (string) --

      Name of the approval team.

    • ProtectedResourceArn (string) --

      Amazon Resource Name (ARN) for the protected operation.

    • ApprovalStrategy (dict) --

      An ApprovalStrategyResponse object. Contains details for how the team grants approval

      • MofN (dict) --

        Minimum number of approvals (M) required for a total number of approvers (N).

        • MinApprovalsRequired (integer) --

          Minimum number of approvals (M) required for a total number of approvers (N).

    • NumberOfApprovers (integer) --

      Total number of approvers in the session.

    • InitiationTime (datetime) --

      Timestamp when the session was initiated.

    • ExpirationTime (datetime) --

      Timestamp when the session will expire.

    • CompletionTime (datetime) --

      Timestamp when the session completed.

    • Description (string) --

      Description for the session.

    • Metadata (dict) --

      Metadata for the session.

      • (string) --

        • (string) --

    • Status (string) --

      Status for the session. For example, if the team has approved the requested operation.

    • StatusCode (string) --

      Status code of the session.

    • StatusMessage (string) --

      Message describing the status for session.

    • ExecutionStatus (string) --

      Status for the protected operation. For example, if the operation is PENDING.

    • ActionName (string) --

      Name of the protected operation.

    • RequesterServicePrincipal (string) --

      Service principal for the service associated with the protected operation.

    • RequesterPrincipalArn (string) --

      IAM principal that made the operation request.

    • RequesterAccountId (string) --

      ID for the account that made the operation request.

    • RequesterRegion (string) --

      Amazon Web Services Region where the operation request originated.

    • RequesterComment (string) --

      Message from the account that made the operation request

    • ActionCompletionStrategy (string) --

      Strategy for executing the protected operation. AUTO_COMPLETION_UPON_APPROVAL means the operation is automatically executed using the requester's permissions, if approved.

    • ApproverResponses (list) --

      An array of GetSessionResponseApproverResponse objects. Contains details for approver responses in the session.

      • (dict) --

        Contains details for an approver response in an approval session.

        • ApproverId (string) --

          ID for the approver.

        • IdentitySourceArn (string) --

          Amazon Resource Name (ARN) for the identity source. The identity source manages the user authentication for approvers.

        • IdentityId (string) --

          ID for the identity source. The identity source manages the user authentication for approvers.

        • Response (string) --

          Response to the operation request.

        • ResponseTime (datetime) --

          Timestamp when a approver responded to the operation request.

CancelSession (new) Link ¶

Cancels an approval session. For more information, see Session in the Multi-party approval User Guide.

See also: AWS API Documentation

Request Syntax

client.cancel_session(
    SessionArn='string'
)
type SessionArn:

string

param SessionArn:

[REQUIRED]

Amazon Resource Name (ARN) for the session.

rtype:

dict

returns:

Response Syntax

{}

Response Structure

  • (dict) --

GetApprovalTeam (new) Link ¶

Returns details for an approval team.

See also: AWS API Documentation

Request Syntax

client.get_approval_team(
    Arn='string'
)
type Arn:

string

param Arn:

[REQUIRED]

Amazon Resource Name (ARN) for the team.

rtype:

dict

returns:

Response Syntax

{
    'CreationTime': datetime(2015, 1, 1),
    'ApprovalStrategy': {
        'MofN': {
            'MinApprovalsRequired': 123
        }
    },
    'NumberOfApprovers': 123,
    'Approvers': [
        {
            'ApproverId': 'string',
            'ResponseTime': datetime(2015, 1, 1),
            'PrimaryIdentityId': 'string',
            'PrimaryIdentitySourceArn': 'string',
            'PrimaryIdentityStatus': 'PENDING'|'ACCEPTED'|'REJECTED'|'INVALID'
        },
    ],
    'Arn': 'string',
    'Description': 'string',
    'Name': 'string',
    'Status': 'ACTIVE'|'INACTIVE'|'DELETING'|'PENDING',
    'StatusCode': 'VALIDATING'|'PENDING_ACTIVATION'|'FAILED_VALIDATION'|'FAILED_ACTIVATION'|'UPDATE_PENDING_APPROVAL'|'UPDATE_PENDING_ACTIVATION'|'UPDATE_FAILED_APPROVAL'|'UPDATE_FAILED_ACTIVATION'|'UPDATE_FAILED_VALIDATION'|'DELETE_PENDING_APPROVAL'|'DELETE_FAILED_APPROVAL'|'DELETE_FAILED_VALIDATION',
    'StatusMessage': 'string',
    'UpdateSessionArn': 'string',
    'VersionId': 'string',
    'Policies': [
        {
            'PolicyArn': 'string'
        },
    ],
    'LastUpdateTime': datetime(2015, 1, 1),
    'PendingUpdate': {
        'VersionId': 'string',
        'Description': 'string',
        'ApprovalStrategy': {
            'MofN': {
                'MinApprovalsRequired': 123
            }
        },
        'NumberOfApprovers': 123,
        'Status': 'ACTIVE'|'INACTIVE'|'DELETING'|'PENDING',
        'StatusCode': 'VALIDATING'|'PENDING_ACTIVATION'|'FAILED_VALIDATION'|'FAILED_ACTIVATION'|'UPDATE_PENDING_APPROVAL'|'UPDATE_PENDING_ACTIVATION'|'UPDATE_FAILED_APPROVAL'|'UPDATE_FAILED_ACTIVATION'|'UPDATE_FAILED_VALIDATION'|'DELETE_PENDING_APPROVAL'|'DELETE_FAILED_APPROVAL'|'DELETE_FAILED_VALIDATION',
        'StatusMessage': 'string',
        'Approvers': [
            {
                'ApproverId': 'string',
                'ResponseTime': datetime(2015, 1, 1),
                'PrimaryIdentityId': 'string',
                'PrimaryIdentitySourceArn': 'string',
                'PrimaryIdentityStatus': 'PENDING'|'ACCEPTED'|'REJECTED'|'INVALID'
            },
        ],
        'UpdateInitiationTime': datetime(2015, 1, 1)
    }
}

Response Structure

  • (dict) --

    • CreationTime (datetime) --

      Timestamp when the team was created.

    • ApprovalStrategy (dict) --

      An ApprovalStrategyResponse object. Contains details for how the team grants approval.

      • MofN (dict) --

        Minimum number of approvals (M) required for a total number of approvers (N).

        • MinApprovalsRequired (integer) --

          Minimum number of approvals (M) required for a total number of approvers (N).

    • NumberOfApprovers (integer) --

      Total number of approvers in the team.

    • Approvers (list) --

      An array of GetApprovalTeamResponseApprover objects. Contains details for the approvers in the team.

      • (dict) --

        Contains details for an approver.

        • ApproverId (string) --

          ID for the approver.

        • ResponseTime (datetime) --

          Timestamp when the approver responded to an approval team invitation.

        • PrimaryIdentityId (string) --

          ID for the user.

        • PrimaryIdentitySourceArn (string) --

          Amazon Resource Name (ARN) for the identity source. The identity source manages the user authentication for approvers.

        • PrimaryIdentityStatus (string) --

          Status for the identity source. For example, if an approver has accepted a team invitation with a user authentication method managed by the identity source.

    • Arn (string) --

      Amazon Resource Name (ARN) for the team.

    • Description (string) --

      Description for the team.

    • Name (string) --

      Name of the approval team.

    • Status (string) --

      Status for the team. For more information, see Team health in the Multi-party approval User Guide.

    • StatusCode (string) --

      Status code for the approval team. For more information, see Team health in the Multi-party approval User Guide.

    • StatusMessage (string) --

      Message describing the status for the team.

    • UpdateSessionArn (string) --

      Amazon Resource Name (ARN) for the session.

    • VersionId (string) --

      Version ID for the team.

    • Policies (list) --

      An array of PolicyReference objects. Contains a list of policies that define the permissions for team resources.

      The protected operation for a service integration might require specific permissions. For more information, see How other services work with Multi-party approval in the Multi-party approval User Guide.

      • (dict) --

        Contains the Amazon Resource Name (ARN) for a policy. Policies define what operations a team that define the permissions for team resources.

        The protected operation for a service integration might require specific permissions. For more information, see How other services work with Multi-party approval in the Multi-party approval User Guide.

        • PolicyArn (string) --

          Amazon Resource Name (ARN) for the policy.

    • LastUpdateTime (datetime) --

      Timestamp when the team was last updated.

    • PendingUpdate (dict) --

      A PendingUpdate object. Contains details for the pending updates for the team, if applicable.

      • VersionId (string) --

        Version ID for the team.

      • Description (string) --

        Description for the team.

      • ApprovalStrategy (dict) --

        An ApprovalStrategyResponse object. Contains details for how the team grants approval.

        • MofN (dict) --

          Minimum number of approvals (M) required for a total number of approvers (N).

          • MinApprovalsRequired (integer) --

            Minimum number of approvals (M) required for a total number of approvers (N).

      • NumberOfApprovers (integer) --

        Total number of approvers in the team.

      • Status (string) --

        Status for the team. For more information, see Team health in the Multi-party approval User Guide.

      • StatusCode (string) --

        Status code for the update. For more information, see Team health in the Multi-party approval User Guide.

      • StatusMessage (string) --

        Message describing the status for the team.

      • Approvers (list) --

        An array of GetApprovalTeamResponseApprover objects. Contains details for the approvers in the team.

        • (dict) --

          Contains details for an approver.

          • ApproverId (string) --

            ID for the approver.

          • ResponseTime (datetime) --

            Timestamp when the approver responded to an approval team invitation.

          • PrimaryIdentityId (string) --

            ID for the user.

          • PrimaryIdentitySourceArn (string) --

            Amazon Resource Name (ARN) for the identity source. The identity source manages the user authentication for approvers.

          • PrimaryIdentityStatus (string) --

            Status for the identity source. For example, if an approver has accepted a team invitation with a user authentication method managed by the identity source.

      • UpdateInitiationTime (datetime) --

        Timestamp when the update request was initiated.

StartActiveApprovalTeamDeletion (new) Link ¶

Starts the deletion process for an active approval team.

See also: AWS API Documentation

Request Syntax

client.start_active_approval_team_deletion(
    PendingWindowDays=123,
    Arn='string'
)
type PendingWindowDays:

integer

param PendingWindowDays:

Number of days between when the team approves the delete request and when the team is deleted.

type Arn:

string

param Arn:

[REQUIRED]

Amazon Resource Name (ARN) for the team.

rtype:

dict

returns:

Response Syntax

{
    'DeletionCompletionTime': datetime(2015, 1, 1),
    'DeletionStartTime': datetime(2015, 1, 1)
}

Response Structure

  • (dict) --

    • DeletionCompletionTime (datetime) --

      Timestamp when the deletion process is scheduled to complete.

    • DeletionStartTime (datetime) --

      Timestamp when the deletion process was initiated.

DeleteInactiveApprovalTeamVersion (new) Link ¶

Deletes an inactive approval team. For more information, see Team health in the Multi-party approval User Guide.

You can also use this operation to delete a team draft. For more information, see Interacting with drafts in the Multi-party approval User Guide.

See also: AWS API Documentation

Request Syntax

client.delete_inactive_approval_team_version(
    Arn='string',
    VersionId='string'
)
type Arn:

string

param Arn:

[REQUIRED]

Amaazon Resource Name (ARN) for the team.

type VersionId:

string

param VersionId:

[REQUIRED]

Version ID for the team.

rtype:

dict

returns:

Response Syntax

{}

Response Structure

  • (dict) --

ListTagsForResource (new) Link ¶

Returns a list of the tags for a resource.

See also: AWS API Documentation

Request Syntax

client.list_tags_for_resource(
    ResourceArn='string'
)
type ResourceArn:

string

param ResourceArn:

[REQUIRED]

Amazon Resource Name (ARN) for the resource.

rtype:

dict

returns:

Response Syntax

{
    'Tags': {
        'string': 'string'
    }
}

Response Structure

  • (dict) --

    • Tags (dict) --

      Tags attached to the resource.

      • (string) --

        • (string) --

TagResource (new) Link ¶

Creates or updates a resource tag. Each tag is a label consisting of a user-defined key and value. Tags can help you manage, identify, organize, search for, and filter resources.

See also: AWS API Documentation

Request Syntax

client.tag_resource(
    ResourceArn='string',
    Tags={
        'string': 'string'
    }
)
type ResourceArn:

string

param ResourceArn:

[REQUIRED]

Amazon Resource Name (ARN) for the resource you want to tag.

type Tags:

dict

param Tags:

[REQUIRED]

Tags that you have added to the specified resource.

  • (string) --

    • (string) --

rtype:

dict

returns:

Response Syntax

{}

Response Structure

  • (dict) --

ListResourcePolicies (new) Link ¶

Returns a list of policies for a resource.

See also: AWS API Documentation

Request Syntax

client.list_resource_policies(
    ResourceArn='string',
    MaxResults=123,
    NextToken='string'
)
type ResourceArn:

string

param ResourceArn:

[REQUIRED]

Amazon Resource Name (ARN) for the resource.

type MaxResults:

integer

param MaxResults:

The maximum number of items to return in the response. If more results exist than the specified MaxResults value, a token is included in the response so that you can retrieve the remaining results.

type NextToken:

string

param NextToken:

If present, indicates that more output is available than is included in the current response. Use this value in the NextToken request parameter in a next call to the operation to get more output. You can repeat this until the NextToken response element returns null.

rtype:

dict

returns:

Response Syntax

{
    'NextToken': 'string',
    'ResourcePolicies': [
        {
            'PolicyArn': 'string',
            'PolicyType': 'AWS_MANAGED'|'AWS_RAM',
            'PolicyName': 'string'
        },
    ]
}

Response Structure

  • (dict) --

    • NextToken (string) --

      If present, indicates that more output is available than is included in the current response. Use this value in the NextToken request parameter in a next call to the operation to get more output. You can repeat this until the NextToken response element returns null.

    • ResourcePolicies (list) --

      An array of ListResourcePoliciesResponseResourcePolicy objects. Contains details about the policy for the resource.

      • (dict) --

        Contains details about a policy for a resource.

        • PolicyArn (string) --

          Amazon Resource Name (ARN) for policy.

        • PolicyType (string) --

          The type of policy.

        • PolicyName (string) --

          Name of the policy.

ListIdentitySources (new) Link ¶

Returns a list of identity sources. For more information, see Identity Source in the Multi-party approval User Guide.

See also: AWS API Documentation

Request Syntax

client.list_identity_sources(
    MaxResults=123,
    NextToken='string'
)
type MaxResults:

integer

param MaxResults:

The maximum number of items to return in the response. If more results exist than the specified MaxResults value, a token is included in the response so that you can retrieve the remaining results.

type NextToken:

string

param NextToken:

If present, indicates that more output is available than is included in the current response. Use this value in the NextToken request parameter in a next call to the operation to get more output. You can repeat this until the NextToken response element returns null.

rtype:

dict

returns:

Response Syntax

{
    'NextToken': 'string',
    'IdentitySources': [
        {
            'IdentitySourceType': 'IAM_IDENTITY_CENTER',
            'IdentitySourceParameters': {
                'IamIdentityCenter': {
                    'InstanceArn': 'string',
                    'ApprovalPortalUrl': 'string',
                    'Region': 'string'
                }
            },
            'IdentitySourceArn': 'string',
            'CreationTime': datetime(2015, 1, 1),
            'Status': 'CREATING'|'ACTIVE'|'DELETING'|'ERROR',
            'StatusCode': 'ACCESS_DENIED'|'DELETION_FAILED'|'IDC_INSTANCE_NOT_FOUND'|'IDC_INSTANCE_NOT_VALID',
            'StatusMessage': 'string'
        },
    ]
}

Response Structure

  • (dict) --

    • NextToken (string) --

      If present, indicates that more output is available than is included in the current response. Use this value in the NextToken request parameter in a next call to the operation to get more output. You can repeat this until the NextToken response element returns null.

    • IdentitySources (list) --

      A IdentitySources. Contains details for identity sources.

      • (dict) --

        Contains details for an identity source. For more information, see Identity source in the Multi-party approval User Guide.

        • IdentitySourceType (string) --

          The type of resource that provided identities to the identity source. For example, an IAM Identity Center instance.

        • IdentitySourceParameters (dict) --

          A IdentitySourceParametersForList object. Contains details for the resource that provides identities to the identity source. For example, an IAM Identity Center instance.

          • IamIdentityCenter (dict) --

            IAM Identity Center credentials.

            • InstanceArn (string) --

              Amazon Resource Name (ARN) for the IAM Identity Center instance.

            • ApprovalPortalUrl (string) --

              URL for the approval portal associated with the IAM Identity Center instance.

            • Region (string) --

              Amazon Web Services Region where the IAM Identity Center instance is located.

        • IdentitySourceArn (string) --

          Amazon Resource Name (ARN) for the identity source.

        • CreationTime (datetime) --

          Timestamp when the identity source was created.

        • Status (string) --

          Status for the identity source. For example, if the identity source is ACTIVE.

        • StatusCode (string) --

          Status code of the identity source.

        • StatusMessage (string) --

          Message describing the status for the identity source.

UntagResource (new) Link ¶

Removes a resource tag. Each tag is a label consisting of a user-defined key and value. Tags can help you manage, identify, organize, search for, and filter resources.

See also: AWS API Documentation

Request Syntax

client.untag_resource(
    ResourceArn='string',
    TagKeys=[
        'string',
    ]
)
type ResourceArn:

string

param ResourceArn:

[REQUIRED]

Amazon Resource Name (ARN) for the resource you want to untag.

type TagKeys:

list

param TagKeys:

[REQUIRED]

Array of tag key-value pairs that you want to untag.

  • (string) --

rtype:

dict

returns:

Response Syntax

{}

Response Structure

  • (dict) --

ListPolicyVersions (new) Link ¶

Returns a list of the versions for policies. Policies define the permissions for team resources.

The protected operation for a service integration might require specific permissions. For more information, see How other services work with Multi-party approval in the Multi-party approval User Guide.

See also: AWS API Documentation

Request Syntax

client.list_policy_versions(
    MaxResults=123,
    NextToken='string',
    PolicyArn='string'
)
type MaxResults:

integer

param MaxResults:

The maximum number of items to return in the response. If more results exist than the specified MaxResults value, a token is included in the response so that you can retrieve the remaining results.

type NextToken:

string

param NextToken:

If present, indicates that more output is available than is included in the current response. Use this value in the NextToken request parameter in a next call to the operation to get more output. You can repeat this until the NextToken response element returns null.

type PolicyArn:

string

param PolicyArn:

[REQUIRED]

Amazon Resource Name (ARN) for the policy.

rtype:

dict

returns:

Response Syntax

{
    'NextToken': 'string',
    'PolicyVersions': [
        {
            'Arn': 'string',
            'PolicyArn': 'string',
            'VersionId': 123,
            'PolicyType': 'AWS_MANAGED'|'AWS_RAM',
            'IsDefault': True|False,
            'Name': 'string',
            'Status': 'ATTACHABLE'|'DEPRECATED',
            'CreationTime': datetime(2015, 1, 1),
            'LastUpdatedTime': datetime(2015, 1, 1)
        },
    ]
}

Response Structure

  • (dict) --

    • NextToken (string) --

      If present, indicates that more output is available than is included in the current response. Use this value in the NextToken request parameter in a next call to the operation to get more output. You can repeat this until the NextToken response element returns null.

    • PolicyVersions (list) --

      An array of PolicyVersionSummary objects. Contains details for the version of the policies that define the permissions for team resources.

      The protected operation for a service integration might require specific permissions. For more information, see How other services work with Multi-party approval in the Multi-party approval User Guide.

      • (dict) --

        Contains details for the version of a policy. Policies define what operations a team that define the permissions for team resources.

        The protected operation for a service integration might require specific permissions. For more information, see How other services work with Multi-party approval in the Multi-party approval User Guide.

        • Arn (string) --

          Amazon Resource Name (ARN) for the team.

        • PolicyArn (string) --

          Amazon Resource Name (ARN) for the policy.

        • VersionId (integer) --

          Version ID for the policy.

        • PolicyType (string) --

          The type of policy.

        • IsDefault (boolean) --

          Determines if the specified policy is the default for the team.

        • Name (string) --

          Name of the policy

        • Status (string) --

          Status for the policy. For example, if the policy is attachable or deprecated.

        • CreationTime (datetime) --

          Timestamp when the policy was created.

        • LastUpdatedTime (datetime) --

          Timestamp when the policy was last updated.

ListPolicies (new) Link ¶

Returns a list of policies. Policies define the permissions for team resources.

The protected operation for a service integration might require specific permissions. For more information, see How other services work with Multi-party approval in the Multi-party approval User Guide.

See also: AWS API Documentation

Request Syntax

client.list_policies(
    MaxResults=123,
    NextToken='string'
)
type MaxResults:

integer

param MaxResults:

The maximum number of items to return in the response. If more results exist than the specified MaxResults value, a token is included in the response so that you can retrieve the remaining results.

type NextToken:

string

param NextToken:

If present, indicates that more output is available than is included in the current response. Use this value in the NextToken request parameter in a next call to the operation to get more output. You can repeat this until the NextToken response element returns null.

rtype:

dict

returns:

Response Syntax

{
    'NextToken': 'string',
    'Policies': [
        {
            'Arn': 'string',
            'DefaultVersion': 123,
            'PolicyType': 'AWS_MANAGED'|'AWS_RAM',
            'Name': 'string'
        },
    ]
}

Response Structure

  • (dict) --

    • NextToken (string) --

      If present, indicates that more output is available than is included in the current response. Use this value in the NextToken request parameter in a next call to the operation to get more output. You can repeat this until the NextToken response element returns null.

    • Policies (list) --

      An array of Policy objects. Contains a list of policies that define the permissions for team resources.

      The protected operation for a service integration might require specific permissions. For more information, see How other services work with Multi-party approval in the Multi-party approval User Guide.

      • (dict) --

        Contains details for a policy. Policies define what operations a team that define the permissions for team resources.

        The protected operation for a service integration might require specific permissions. For more information, see How other services work with Multi-party approval in the Multi-party approval User Guide.

        • Arn (string) --

          Amazon Resource Name (ARN) for the policy.

        • DefaultVersion (integer) --

          Determines if the specified policy is the default for the team.

        • PolicyType (string) --

          The type of policy.

        • Name (string) --

          Name of the policy.

GetPolicyVersion (new) Link ¶

Returns details for the version of a policy. Policies define the permissions for team resources.

The protected operation for a service integration might require specific permissions. For more information, see How other services work with Multi-party approval in the Multi-party approval User Guide.

See also: AWS API Documentation

Request Syntax

client.get_policy_version(
    PolicyVersionArn='string'
)
type PolicyVersionArn:

string

param PolicyVersionArn:

[REQUIRED]

Amazon Resource Name (ARN) for the policy.

rtype:

dict

returns:

Response Syntax

{
    'PolicyVersion': {
        'Arn': 'string',
        'PolicyArn': 'string',
        'VersionId': 123,
        'PolicyType': 'AWS_MANAGED'|'AWS_RAM',
        'IsDefault': True|False,
        'Name': 'string',
        'Status': 'ATTACHABLE'|'DEPRECATED',
        'CreationTime': datetime(2015, 1, 1),
        'LastUpdatedTime': datetime(2015, 1, 1),
        'Document': 'string'
    }
}

Response Structure

  • (dict) --

    • PolicyVersion (dict) --

      A PolicyVersion object. Contains details for the version of the policy. Policies define the permissions for team resources.

      The protected operation for a service integration might require specific permissions. For more information, see How other services work with Multi-party approval in the Multi-party approval User Guide.

      • Arn (string) --

        Amazon Resource Name (ARN) for the team.

      • PolicyArn (string) --

        Amazon Resource Name (ARN) for the policy.

      • VersionId (integer) --

        Verison ID

      • PolicyType (string) --

        The type of policy.

      • IsDefault (boolean) --

        Determines if the specified policy is the default for the team.

      • Name (string) --

        Name of the policy.

      • Status (string) --

        Status for the policy. For example, if the policy is attachable or deprecated.

      • CreationTime (datetime) --

        Timestamp when the policy was created.

      • LastUpdatedTime (datetime) --

        Timestamp when the policy was last updated.

      • Document (string) --

        Document that contains the policy contents.

UpdateApprovalTeam (new) Link ¶

Updates an approval team. You can request to update the team description, approval threshold, and approvers in the team.

See also: AWS API Documentation

Request Syntax

client.update_approval_team(
    ApprovalStrategy={
        'MofN': {
            'MinApprovalsRequired': 123
        }
    },
    Approvers=[
        {
            'PrimaryIdentityId': 'string',
            'PrimaryIdentitySourceArn': 'string'
        },
    ],
    Description='string',
    Arn='string'
)
type ApprovalStrategy:

dict

param ApprovalStrategy:

An ApprovalStrategy object. Contains details for how the team grants approval.

  • MofN (dict) --

    Minimum number of approvals (M) required for a total number of approvers (N).

    • MinApprovalsRequired (integer) -- [REQUIRED]

      Minimum number of approvals (M) required for a total number of approvers (N).

type Approvers:

list

param Approvers:

An array of ApprovalTeamRequestApprover objects. Contains details for the approvers in the team.

  • (dict) --

    Contains details for an approver.

    • PrimaryIdentityId (string) -- [REQUIRED]

      ID for the user.

    • PrimaryIdentitySourceArn (string) -- [REQUIRED]

      Amazon Resource Name (ARN) for the identity source. The identity source manages the user authentication for approvers.

type Description:

string

param Description:

Description for the team.

type Arn:

string

param Arn:

[REQUIRED]

Amazon Resource Name (ARN) for the team.

rtype:

dict

returns:

Response Syntax

{
    'VersionId': 'string'
}

Response Structure

  • (dict) --

    • VersionId (string) --

      Version ID for the team that was created. When an approval team is updated, the version ID changes.