com.amazonaws.services.ssoadmin

Class AWSSSOAdminClient

java.lang.Object

com.amazonaws.AmazonWebServiceClient

com.amazonaws.services.ssoadmin.AWSSSOAdminClient

All Implemented Interfaces:

AWSSSOAdmin

Direct Known Subclasses:

AWSSSOAdminAsyncClient

@ThreadSafe
 @Generated(value="com.amazonaws:aws-java-sdk-code-generator")
public class AWSSSOAdminClient
extends AmazonWebServiceClient
implements AWSSSOAdmin

Client for accessing SSO Admin. All service calls made using this client are blocking, and will not return until the service call completes.

Amazon Web Services Single Sign On (SSO) is a cloud SSO service that makes it easy to centrally manage SSO access to multiple Amazon Web Services accounts and business applications. This guide provides information on SSO operations which could be used for access management of Amazon Web Services accounts. For information about Amazon Web Services SSO features, see the Amazon Web Services Single Sign-On User Guide.

Many operations in the SSO APIs rely on identifiers for users and groups, known as principals. For more information about how to work with principals and principal IDs in Amazon Web Services SSO, see the Amazon Web Services SSO Identity Store API Reference.

Field Summary

Fields inherited from class com.amazonaws.AmazonWebServiceClient

LOGGING_AWS_REQUEST_METRIC

Fields inherited from interface com.amazonaws.services.ssoadmin.AWSSSOAdmin

ENDPOINT_PREFIX

Method Summary

Modifier and Type	Method and Description
AttachManagedPolicyToPermissionSetResult	attachManagedPolicyToPermissionSet(AttachManagedPolicyToPermissionSetRequest request) Attaches an IAM managed policy ARN to a permission set.
static AWSSSOAdminClientBuilder	builder()
CreateAccountAssignmentResult	createAccountAssignment(CreateAccountAssignmentRequest request) Assigns access to a principal for a specified Amazon Web Services account using a specified permission set.
CreateInstanceAccessControlAttributeConfigurationResult	createInstanceAccessControlAttributeConfiguration(CreateInstanceAccessControlAttributeConfigurationRequest request) Enables the attributes-based access control (ABAC) feature for the specified Amazon Web Services SSO instance.
CreatePermissionSetResult	createPermissionSet(CreatePermissionSetRequest request) Creates a permission set within a specified SSO instance.
DeleteAccountAssignmentResult	deleteAccountAssignment(DeleteAccountAssignmentRequest request) Deletes a principal's access from a specified Amazon Web Services account using a specified permission set.
DeleteInlinePolicyFromPermissionSetResult	deleteInlinePolicyFromPermissionSet(DeleteInlinePolicyFromPermissionSetRequest request) Deletes the inline policy from a specified permission set.
DeleteInstanceAccessControlAttributeConfigurationResult	deleteInstanceAccessControlAttributeConfiguration(DeleteInstanceAccessControlAttributeConfigurationRequest request) Disables the attributes-based access control (ABAC) feature for the specified Amazon Web Services SSO instance and deletes all of the attribute mappings that have been configured.
DeletePermissionSetResult	deletePermissionSet(DeletePermissionSetRequest request) Deletes the specified permission set.
DescribeAccountAssignmentCreationStatusResult	describeAccountAssignmentCreationStatus(DescribeAccountAssignmentCreationStatusRequest request) Describes the status of the assignment creation request.
DescribeAccountAssignmentDeletionStatusResult	describeAccountAssignmentDeletionStatus(DescribeAccountAssignmentDeletionStatusRequest request) Describes the status of the assignment deletion request.
DescribeInstanceAccessControlAttributeConfigurationResult	describeInstanceAccessControlAttributeConfiguration(DescribeInstanceAccessControlAttributeConfigurationRequest request) Returns the list of Amazon Web Services SSO identity store attributes that have been configured to work with attributes-based access control (ABAC) for the specified Amazon Web Services SSO instance.
DescribePermissionSetResult	describePermissionSet(DescribePermissionSetRequest request) Gets the details of the permission set.
DescribePermissionSetProvisioningStatusResult	describePermissionSetProvisioningStatus(DescribePermissionSetProvisioningStatusRequest request) Describes the status for the given permission set provisioning request.
DetachManagedPolicyFromPermissionSetResult	detachManagedPolicyFromPermissionSet(DetachManagedPolicyFromPermissionSetRequest request) Detaches the attached IAM managed policy ARN from the specified permission set.
ResponseMetadata	getCachedResponseMetadata(AmazonWebServiceRequest request) Returns additional metadata for a previously executed successful, request, typically used for debugging issues where a service isn't acting as expected.
GetInlinePolicyForPermissionSetResult	getInlinePolicyForPermissionSet(GetInlinePolicyForPermissionSetRequest request) Obtains the inline policy assigned to the permission set.
ListAccountAssignmentCreationStatusResult	listAccountAssignmentCreationStatus(ListAccountAssignmentCreationStatusRequest request) Lists the status of the Amazon Web Services account assignment creation requests for a specified SSO instance.
ListAccountAssignmentDeletionStatusResult	listAccountAssignmentDeletionStatus(ListAccountAssignmentDeletionStatusRequest request) Lists the status of the Amazon Web Services account assignment deletion requests for a specified SSO instance.
ListAccountAssignmentsResult	listAccountAssignments(ListAccountAssignmentsRequest request) Lists the assignee of the specified Amazon Web Services account with the specified permission set.
ListAccountsForProvisionedPermissionSetResult	listAccountsForProvisionedPermissionSet(ListAccountsForProvisionedPermissionSetRequest request) Lists all the Amazon Web Services accounts where the specified permission set is provisioned.
ListInstancesResult	listInstances(ListInstancesRequest request) Lists the SSO instances that the caller has access to.
ListManagedPoliciesInPermissionSetResult	listManagedPoliciesInPermissionSet(ListManagedPoliciesInPermissionSetRequest request) Lists the IAM managed policy that is attached to a specified permission set.
ListPermissionSetProvisioningStatusResult	listPermissionSetProvisioningStatus(ListPermissionSetProvisioningStatusRequest request) Lists the status of the permission set provisioning requests for a specified SSO instance.
ListPermissionSetsResult	listPermissionSets(ListPermissionSetsRequest request) Lists the PermissionSets in an SSO instance.
ListPermissionSetsProvisionedToAccountResult	listPermissionSetsProvisionedToAccount(ListPermissionSetsProvisionedToAccountRequest request) Lists all the permission sets that are provisioned to a specified Amazon Web Services account.
ListTagsForResourceResult	listTagsForResource(ListTagsForResourceRequest request) Lists the tags that are attached to a specified resource.
ProvisionPermissionSetResult	provisionPermissionSet(ProvisionPermissionSetRequest request) The process by which a specified permission set is provisioned to the specified target.
PutInlinePolicyToPermissionSetResult	putInlinePolicyToPermissionSet(PutInlinePolicyToPermissionSetRequest request) Attaches an IAM inline policy to a permission set.
void	shutdown() Shuts down this client object, releasing any resources that might be held open.
TagResourceResult	tagResource(TagResourceRequest request) Associates a set of tags with a specified resource.
UntagResourceResult	untagResource(UntagResourceRequest request) Disassociates a set of tags from a specified resource.
UpdateInstanceAccessControlAttributeConfigurationResult	updateInstanceAccessControlAttributeConfiguration(UpdateInstanceAccessControlAttributeConfigurationRequest request) Updates the Amazon Web Services SSO identity store attributes that you can use with the Amazon Web Services SSO instance for attributes-based access control (ABAC).
UpdatePermissionSetResult	updatePermissionSet(UpdatePermissionSetRequest request) Updates an existing permission set.

Methods inherited from class com.amazonaws.AmazonWebServiceClient

addRequestHandler, addRequestHandler, configureRegion, getClientConfiguration, getEndpointPrefix, getMonitoringListeners, getRequestMetricsCollector, getServiceName, getSignerByURI, getSignerOverride, getSignerRegionOverride, getTimeOffset, makeImmutable, removeRequestHandler, removeRequestHandler, setEndpoint, setEndpoint, setRegion, setServiceNameIntern, setSignerRegionOverride, setTimeOffset, withEndpoint, withRegion, withRegion, withTimeOffset

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

builder

public static AWSSSOAdminClientBuilder builder()

attachManagedPolicyToPermissionSet

public AttachManagedPolicyToPermissionSetResult attachManagedPolicyToPermissionSet(AttachManagedPolicyToPermissionSetRequest request)

Attaches an IAM managed policy ARN to a permission set.

If the permission set is already referenced by one or more account assignments, you will need to call ProvisionPermissionSet after this operation. Calling ProvisionPermissionSet applies the corresponding IAM policy updates to all assigned accounts.

Specified by:

attachManagedPolicyToPermissionSet in interface AWSSSOAdmin

Parameters:

attachManagedPolicyToPermissionSetRequest -

Returns:

Result of the AttachManagedPolicyToPermissionSet operation returned by the service.

Throws:

ResourceNotFoundException - Indicates that a requested resource is not found.

InternalServerException - The request processing has failed because of an unknown error, exception, or failure with an internal server.

ServiceQuotaExceededException - Indicates that the principal has crossed the permitted number of resources that can be created.

ThrottlingException - Indicates that the principal has crossed the throttling limits of the API operations.

ValidationException - The request failed because it contains a syntax error.

AccessDeniedException - You do not have sufficient access to perform this action.

ConflictException - Occurs when a conflict with a previous successful write is detected. This generally occurs when the previous write did not have time to propagate to the host serving the current request. A retry (with appropriate backoff logic) is the recommended response to this exception.

See Also:

AWS API Documentation

createAccountAssignment

public CreateAccountAssignmentResult createAccountAssignment(CreateAccountAssignmentRequest request)

Assigns access to a principal for a specified Amazon Web Services account using a specified permission set.

The term principal here refers to a user or group that is defined in Amazon Web Services SSO.

As part of a successful CreateAccountAssignment call, the specified permission set will automatically be provisioned to the account in the form of an IAM policy. That policy is attached to the SSO-created IAM role. If the permission set is subsequently updated, the corresponding IAM policies attached to roles in your accounts will not be updated automatically. In this case, you must call ProvisionPermissionSet to make these updates.

Specified by:

createAccountAssignment in interface AWSSSOAdmin

Parameters:

createAccountAssignmentRequest -

Returns:

Result of the CreateAccountAssignment operation returned by the service.

Throws:

ResourceNotFoundException - Indicates that a requested resource is not found.

InternalServerException - The request processing has failed because of an unknown error, exception, or failure with an internal server.

ServiceQuotaExceededException - Indicates that the principal has crossed the permitted number of resources that can be created.

ThrottlingException - Indicates that the principal has crossed the throttling limits of the API operations.

ValidationException - The request failed because it contains a syntax error.

AccessDeniedException - You do not have sufficient access to perform this action.

ConflictException - Occurs when a conflict with a previous successful write is detected. This generally occurs when the previous write did not have time to propagate to the host serving the current request. A retry (with appropriate backoff logic) is the recommended response to this exception.

See Also:

AWS API Documentation

createInstanceAccessControlAttributeConfiguration

public CreateInstanceAccessControlAttributeConfigurationResult createInstanceAccessControlAttributeConfiguration(CreateInstanceAccessControlAttributeConfigurationRequest request)

Enables the attributes-based access control (ABAC) feature for the specified Amazon Web Services SSO instance. You can also specify new attributes to add to your ABAC configuration during the enabling process. For more information about ABAC, see Attribute-Based Access Control in the Amazon Web Services SSO User Guide.

Specified by:

createInstanceAccessControlAttributeConfiguration in interface AWSSSOAdmin

Parameters:

createInstanceAccessControlAttributeConfigurationRequest -

Returns:

Result of the CreateInstanceAccessControlAttributeConfiguration operation returned by the service.

Throws:

InternalServerException - The request processing has failed because of an unknown error, exception, or failure with an internal server.

AccessDeniedException - You do not have sufficient access to perform this action.

ThrottlingException - Indicates that the principal has crossed the throttling limits of the API operations.

ValidationException - The request failed because it contains a syntax error.

ResourceNotFoundException - Indicates that a requested resource is not found.

ConflictException - Occurs when a conflict with a previous successful write is detected. This generally occurs when the previous write did not have time to propagate to the host serving the current request. A retry (with appropriate backoff logic) is the recommended response to this exception.

See Also:

AWS API Documentation

createPermissionSet

public CreatePermissionSetResult createPermissionSet(CreatePermissionSetRequest request)

Creates a permission set within a specified SSO instance.

To grant users and groups access to Amazon Web Services account resources, use CreateAccountAssignment .

Specified by:

createPermissionSet in interface AWSSSOAdmin

Parameters:

createPermissionSetRequest -

Returns:

Result of the CreatePermissionSet operation returned by the service.

Throws:

ResourceNotFoundException - Indicates that a requested resource is not found.

InternalServerException - The request processing has failed because of an unknown error, exception, or failure with an internal server.

ServiceQuotaExceededException - Indicates that the principal has crossed the permitted number of resources that can be created.

ThrottlingException - Indicates that the principal has crossed the throttling limits of the API operations.

ValidationException - The request failed because it contains a syntax error.

AccessDeniedException - You do not have sufficient access to perform this action.

ConflictException - Occurs when a conflict with a previous successful write is detected. This generally occurs when the previous write did not have time to propagate to the host serving the current request. A retry (with appropriate backoff logic) is the recommended response to this exception.

See Also:

AWS API Documentation

deleteAccountAssignment

public DeleteAccountAssignmentResult deleteAccountAssignment(DeleteAccountAssignmentRequest request)

Deletes a principal's access from a specified Amazon Web Services account using a specified permission set.

Specified by:

deleteAccountAssignment in interface AWSSSOAdmin

Parameters:

deleteAccountAssignmentRequest -

Returns:

Result of the DeleteAccountAssignment operation returned by the service.

Throws:

ResourceNotFoundException - Indicates that a requested resource is not found.

InternalServerException - The request processing has failed because of an unknown error, exception, or failure with an internal server.

ThrottlingException - Indicates that the principal has crossed the throttling limits of the API operations.

ValidationException - The request failed because it contains a syntax error.

AccessDeniedException - You do not have sufficient access to perform this action.

ConflictException - Occurs when a conflict with a previous successful write is detected. This generally occurs when the previous write did not have time to propagate to the host serving the current request. A retry (with appropriate backoff logic) is the recommended response to this exception.

See Also:

AWS API Documentation

deleteInlinePolicyFromPermissionSet

public DeleteInlinePolicyFromPermissionSetResult deleteInlinePolicyFromPermissionSet(DeleteInlinePolicyFromPermissionSetRequest request)

Deletes the inline policy from a specified permission set.

Specified by:

deleteInlinePolicyFromPermissionSet in interface AWSSSOAdmin

Parameters:

deleteInlinePolicyFromPermissionSetRequest -

Returns:

Result of the DeleteInlinePolicyFromPermissionSet operation returned by the service.

Throws:

ResourceNotFoundException - Indicates that a requested resource is not found.

InternalServerException - The request processing has failed because of an unknown error, exception, or failure with an internal server.

ThrottlingException - Indicates that the principal has crossed the throttling limits of the API operations.

ValidationException - The request failed because it contains a syntax error.

AccessDeniedException - You do not have sufficient access to perform this action.

ConflictException - Occurs when a conflict with a previous successful write is detected. This generally occurs when the previous write did not have time to propagate to the host serving the current request. A retry (with appropriate backoff logic) is the recommended response to this exception.

See Also:

AWS API Documentation

deleteInstanceAccessControlAttributeConfiguration

public DeleteInstanceAccessControlAttributeConfigurationResult deleteInstanceAccessControlAttributeConfiguration(DeleteInstanceAccessControlAttributeConfigurationRequest request)

Disables the attributes-based access control (ABAC) feature for the specified Amazon Web Services SSO instance and deletes all of the attribute mappings that have been configured. Once deleted, any attributes that are received from an identity source and any custom attributes you have previously configured will not be passed. For more information about ABAC, see Attribute-Based Access Control in the Amazon Web Services SSO User Guide.

Specified by:

deleteInstanceAccessControlAttributeConfiguration in interface AWSSSOAdmin

Parameters:

deleteInstanceAccessControlAttributeConfigurationRequest -

Returns:

Result of the DeleteInstanceAccessControlAttributeConfiguration operation returned by the service.

Throws:

InternalServerException - The request processing has failed because of an unknown error, exception, or failure with an internal server.

AccessDeniedException - You do not have sufficient access to perform this action.

ThrottlingException - Indicates that the principal has crossed the throttling limits of the API operations.

ValidationException - The request failed because it contains a syntax error.

ResourceNotFoundException - Indicates that a requested resource is not found.

ConflictException - Occurs when a conflict with a previous successful write is detected. This generally occurs when the previous write did not have time to propagate to the host serving the current request. A retry (with appropriate backoff logic) is the recommended response to this exception.

See Also:

AWS API Documentation

deletePermissionSet

public DeletePermissionSetResult deletePermissionSet(DeletePermissionSetRequest request)

Deletes the specified permission set.

Specified by:

deletePermissionSet in interface AWSSSOAdmin

Parameters:

deletePermissionSetRequest -

Returns:

Result of the DeletePermissionSet operation returned by the service.

Throws:

ResourceNotFoundException - Indicates that a requested resource is not found.

InternalServerException - The request processing has failed because of an unknown error, exception, or failure with an internal server.

ThrottlingException - Indicates that the principal has crossed the throttling limits of the API operations.

ValidationException - The request failed because it contains a syntax error.

AccessDeniedException - You do not have sufficient access to perform this action.

ConflictException - Occurs when a conflict with a previous successful write is detected. This generally occurs when the previous write did not have time to propagate to the host serving the current request. A retry (with appropriate backoff logic) is the recommended response to this exception.

See Also:

AWS API Documentation

describeAccountAssignmentCreationStatus

public DescribeAccountAssignmentCreationStatusResult describeAccountAssignmentCreationStatus(DescribeAccountAssignmentCreationStatusRequest request)

Describes the status of the assignment creation request.

Specified by:

describeAccountAssignmentCreationStatus in interface AWSSSOAdmin

Parameters:

describeAccountAssignmentCreationStatusRequest -

Returns:

Result of the DescribeAccountAssignmentCreationStatus operation returned by the service.

Throws:

ResourceNotFoundException - Indicates that a requested resource is not found.

InternalServerException - The request processing has failed because of an unknown error, exception, or failure with an internal server.

ThrottlingException - Indicates that the principal has crossed the throttling limits of the API operations.

ValidationException - The request failed because it contains a syntax error.

AccessDeniedException - You do not have sufficient access to perform this action.

See Also:

AWS API Documentation

describeAccountAssignmentDeletionStatus

public DescribeAccountAssignmentDeletionStatusResult describeAccountAssignmentDeletionStatus(DescribeAccountAssignmentDeletionStatusRequest request)

Describes the status of the assignment deletion request.

Specified by:

describeAccountAssignmentDeletionStatus in interface AWSSSOAdmin

Parameters:

describeAccountAssignmentDeletionStatusRequest -

Returns:

Result of the DescribeAccountAssignmentDeletionStatus operation returned by the service.

Throws:

ResourceNotFoundException - Indicates that a requested resource is not found.

InternalServerException - The request processing has failed because of an unknown error, exception, or failure with an internal server.

ThrottlingException - Indicates that the principal has crossed the throttling limits of the API operations.

ValidationException - The request failed because it contains a syntax error.

AccessDeniedException - You do not have sufficient access to perform this action.

See Also:

AWS API Documentation

describeInstanceAccessControlAttributeConfiguration

public DescribeInstanceAccessControlAttributeConfigurationResult describeInstanceAccessControlAttributeConfiguration(DescribeInstanceAccessControlAttributeConfigurationRequest request)

Returns the list of Amazon Web Services SSO identity store attributes that have been configured to work with attributes-based access control (ABAC) for the specified Amazon Web Services SSO instance. This will not return attributes configured and sent by an external identity provider. For more information about ABAC, see Attribute-Based Access Control in the Amazon Web Services SSO User Guide.

Specified by:

describeInstanceAccessControlAttributeConfiguration in interface AWSSSOAdmin

Parameters:

describeInstanceAccessControlAttributeConfigurationRequest -

Returns:

Result of the DescribeInstanceAccessControlAttributeConfiguration operation returned by the service.

Throws:

ResourceNotFoundException - Indicates that a requested resource is not found.

InternalServerException - The request processing has failed because of an unknown error, exception, or failure with an internal server.

AccessDeniedException - You do not have sufficient access to perform this action.

ThrottlingException - Indicates that the principal has crossed the throttling limits of the API operations.

ValidationException - The request failed because it contains a syntax error.

See Also:

AWS API Documentation

describePermissionSet

public DescribePermissionSetResult describePermissionSet(DescribePermissionSetRequest request)

Gets the details of the permission set.

Specified by:

describePermissionSet in interface AWSSSOAdmin

Parameters:

describePermissionSetRequest -

Returns:

Result of the DescribePermissionSet operation returned by the service.

Throws:

ResourceNotFoundException - Indicates that a requested resource is not found.

InternalServerException - The request processing has failed because of an unknown error, exception, or failure with an internal server.

ThrottlingException - Indicates that the principal has crossed the throttling limits of the API operations.

ValidationException - The request failed because it contains a syntax error.

AccessDeniedException - You do not have sufficient access to perform this action.

See Also:

AWS API Documentation

describePermissionSetProvisioningStatus

public DescribePermissionSetProvisioningStatusResult describePermissionSetProvisioningStatus(DescribePermissionSetProvisioningStatusRequest request)

Describes the status for the given permission set provisioning request.

Specified by:

describePermissionSetProvisioningStatus in interface AWSSSOAdmin

Parameters:

describePermissionSetProvisioningStatusRequest -

Returns:

Result of the DescribePermissionSetProvisioningStatus operation returned by the service.

Throws:

ResourceNotFoundException - Indicates that a requested resource is not found.

InternalServerException - The request processing has failed because of an unknown error, exception, or failure with an internal server.

ThrottlingException - Indicates that the principal has crossed the throttling limits of the API operations.

ValidationException - The request failed because it contains a syntax error.

AccessDeniedException - You do not have sufficient access to perform this action.

See Also:

AWS API Documentation

detachManagedPolicyFromPermissionSet

public DetachManagedPolicyFromPermissionSetResult detachManagedPolicyFromPermissionSet(DetachManagedPolicyFromPermissionSetRequest request)

Detaches the attached IAM managed policy ARN from the specified permission set.

Specified by:

detachManagedPolicyFromPermissionSet in interface AWSSSOAdmin

Parameters:

detachManagedPolicyFromPermissionSetRequest -

Returns:

Result of the DetachManagedPolicyFromPermissionSet operation returned by the service.

Throws:

ResourceNotFoundException - Indicates that a requested resource is not found.

InternalServerException - The request processing has failed because of an unknown error, exception, or failure with an internal server.

ThrottlingException - Indicates that the principal has crossed the throttling limits of the API operations.

ValidationException - The request failed because it contains a syntax error.

AccessDeniedException - You do not have sufficient access to perform this action.

ConflictException - Occurs when a conflict with a previous successful write is detected. This generally occurs when the previous write did not have time to propagate to the host serving the current request. A retry (with appropriate backoff logic) is the recommended response to this exception.

See Also:

AWS API Documentation

getInlinePolicyForPermissionSet

public GetInlinePolicyForPermissionSetResult getInlinePolicyForPermissionSet(GetInlinePolicyForPermissionSetRequest request)

Obtains the inline policy assigned to the permission set.

Specified by:

getInlinePolicyForPermissionSet in interface AWSSSOAdmin

Parameters:

getInlinePolicyForPermissionSetRequest -

Returns:

Result of the GetInlinePolicyForPermissionSet operation returned by the service.

Throws:

ResourceNotFoundException - Indicates that a requested resource is not found.

InternalServerException - The request processing has failed because of an unknown error, exception, or failure with an internal server.

ThrottlingException - Indicates that the principal has crossed the throttling limits of the API operations.

ValidationException - The request failed because it contains a syntax error.

AccessDeniedException - You do not have sufficient access to perform this action.

See Also:

AWS API Documentation

listAccountAssignmentCreationStatus

public ListAccountAssignmentCreationStatusResult listAccountAssignmentCreationStatus(ListAccountAssignmentCreationStatusRequest request)

Lists the status of the Amazon Web Services account assignment creation requests for a specified SSO instance.

Specified by:

listAccountAssignmentCreationStatus in interface AWSSSOAdmin

Parameters:

listAccountAssignmentCreationStatusRequest -

Returns:

Result of the ListAccountAssignmentCreationStatus operation returned by the service.

Throws:

ResourceNotFoundException - Indicates that a requested resource is not found.

InternalServerException - The request processing has failed because of an unknown error, exception, or failure with an internal server.

ThrottlingException - Indicates that the principal has crossed the throttling limits of the API operations.

ValidationException - The request failed because it contains a syntax error.

AccessDeniedException - You do not have sufficient access to perform this action.

See Also:

AWS API Documentation

listAccountAssignmentDeletionStatus

public ListAccountAssignmentDeletionStatusResult listAccountAssignmentDeletionStatus(ListAccountAssignmentDeletionStatusRequest request)

Lists the status of the Amazon Web Services account assignment deletion requests for a specified SSO instance.

Specified by:

listAccountAssignmentDeletionStatus in interface AWSSSOAdmin

Parameters:

listAccountAssignmentDeletionStatusRequest -

Returns:

Result of the ListAccountAssignmentDeletionStatus operation returned by the service.

Throws:

ResourceNotFoundException - Indicates that a requested resource is not found.

InternalServerException - The request processing has failed because of an unknown error, exception, or failure with an internal server.

ThrottlingException - Indicates that the principal has crossed the throttling limits of the API operations.

ValidationException - The request failed because it contains a syntax error.

AccessDeniedException - You do not have sufficient access to perform this action.

See Also:

AWS API Documentation

listAccountAssignments

public ListAccountAssignmentsResult listAccountAssignments(ListAccountAssignmentsRequest request)

Lists the assignee of the specified Amazon Web Services account with the specified permission set.

Specified by:

listAccountAssignments in interface AWSSSOAdmin

Parameters:

listAccountAssignmentsRequest -

Returns:

Result of the ListAccountAssignments operation returned by the service.

Throws:

ResourceNotFoundException - Indicates that a requested resource is not found.

InternalServerException - The request processing has failed because of an unknown error, exception, or failure with an internal server.

ThrottlingException - Indicates that the principal has crossed the throttling limits of the API operations.

ValidationException - The request failed because it contains a syntax error.

AccessDeniedException - You do not have sufficient access to perform this action.

See Also:

AWS API Documentation

listAccountsForProvisionedPermissionSet

public ListAccountsForProvisionedPermissionSetResult listAccountsForProvisionedPermissionSet(ListAccountsForProvisionedPermissionSetRequest request)

Lists all the Amazon Web Services accounts where the specified permission set is provisioned.

Specified by:

listAccountsForProvisionedPermissionSet in interface AWSSSOAdmin

Parameters:

listAccountsForProvisionedPermissionSetRequest -

Returns:

Result of the ListAccountsForProvisionedPermissionSet operation returned by the service.

Throws:

ResourceNotFoundException - Indicates that a requested resource is not found.

InternalServerException - The request processing has failed because of an unknown error, exception, or failure with an internal server.

ThrottlingException - Indicates that the principal has crossed the throttling limits of the API operations.

ValidationException - The request failed because it contains a syntax error.

AccessDeniedException - You do not have sufficient access to perform this action.

See Also:

AWS API Documentation

listInstances

public ListInstancesResult listInstances(ListInstancesRequest request)

Lists the SSO instances that the caller has access to.

Specified by:

listInstances in interface AWSSSOAdmin

Parameters:

listInstancesRequest -

Returns:

Result of the ListInstances operation returned by the service.

Throws:

InternalServerException - The request processing has failed because of an unknown error, exception, or failure with an internal server.

ThrottlingException - Indicates that the principal has crossed the throttling limits of the API operations.

AccessDeniedException - You do not have sufficient access to perform this action.

ValidationException - The request failed because it contains a syntax error.

See Also:

AWS API Documentation

listManagedPoliciesInPermissionSet

public ListManagedPoliciesInPermissionSetResult listManagedPoliciesInPermissionSet(ListManagedPoliciesInPermissionSetRequest request)

Lists the IAM managed policy that is attached to a specified permission set.

Specified by:

listManagedPoliciesInPermissionSet in interface AWSSSOAdmin

Parameters:

listManagedPoliciesInPermissionSetRequest -

Returns:

Result of the ListManagedPoliciesInPermissionSet operation returned by the service.

Throws:

ResourceNotFoundException - Indicates that a requested resource is not found.

InternalServerException - The request processing has failed because of an unknown error, exception, or failure with an internal server.

ThrottlingException - Indicates that the principal has crossed the throttling limits of the API operations.

ValidationException - The request failed because it contains a syntax error.

AccessDeniedException - You do not have sufficient access to perform this action.

See Also:

AWS API Documentation

listPermissionSetProvisioningStatus

public ListPermissionSetProvisioningStatusResult listPermissionSetProvisioningStatus(ListPermissionSetProvisioningStatusRequest request)

Lists the status of the permission set provisioning requests for a specified SSO instance.

Specified by:

listPermissionSetProvisioningStatus in interface AWSSSOAdmin

Parameters:

listPermissionSetProvisioningStatusRequest -

Returns:

Result of the ListPermissionSetProvisioningStatus operation returned by the service.

Throws:

ResourceNotFoundException - Indicates that a requested resource is not found.

InternalServerException - The request processing has failed because of an unknown error, exception, or failure with an internal server.

ThrottlingException - Indicates that the principal has crossed the throttling limits of the API operations.

ValidationException - The request failed because it contains a syntax error.

AccessDeniedException - You do not have sufficient access to perform this action.

See Also:

AWS API Documentation

listPermissionSets

public ListPermissionSetsResult listPermissionSets(ListPermissionSetsRequest request)

Lists the PermissionSets in an SSO instance.

Specified by:

listPermissionSets in interface AWSSSOAdmin

Parameters:

listPermissionSetsRequest -

Returns:

Result of the ListPermissionSets operation returned by the service.

Throws:

ResourceNotFoundException - Indicates that a requested resource is not found.

InternalServerException - The request processing has failed because of an unknown error, exception, or failure with an internal server.

ThrottlingException - Indicates that the principal has crossed the throttling limits of the API operations.

ValidationException - The request failed because it contains a syntax error.

AccessDeniedException - You do not have sufficient access to perform this action.

See Also:

AWS API Documentation

listPermissionSetsProvisionedToAccount

public ListPermissionSetsProvisionedToAccountResult listPermissionSetsProvisionedToAccount(ListPermissionSetsProvisionedToAccountRequest request)

Lists all the permission sets that are provisioned to a specified Amazon Web Services account.

Specified by:

listPermissionSetsProvisionedToAccount in interface AWSSSOAdmin

Parameters:

listPermissionSetsProvisionedToAccountRequest -

Returns:

Result of the ListPermissionSetsProvisionedToAccount operation returned by the service.

Throws:

ResourceNotFoundException - Indicates that a requested resource is not found.

InternalServerException - The request processing has failed because of an unknown error, exception, or failure with an internal server.

ThrottlingException - Indicates that the principal has crossed the throttling limits of the API operations.

ValidationException - The request failed because it contains a syntax error.

AccessDeniedException - You do not have sufficient access to perform this action.

See Also:

AWS API Documentation

listTagsForResource

public ListTagsForResourceResult listTagsForResource(ListTagsForResourceRequest request)

Lists the tags that are attached to a specified resource.

Specified by:

listTagsForResource in interface AWSSSOAdmin

Parameters:

listTagsForResourceRequest -

Returns:

Result of the ListTagsForResource operation returned by the service.

Throws:

ResourceNotFoundException - Indicates that a requested resource is not found.

InternalServerException - The request processing has failed because of an unknown error, exception, or failure with an internal server.

ThrottlingException - Indicates that the principal has crossed the throttling limits of the API operations.

ValidationException - The request failed because it contains a syntax error.

AccessDeniedException - You do not have sufficient access to perform this action.

See Also:

AWS API Documentation

provisionPermissionSet

public ProvisionPermissionSetResult provisionPermissionSet(ProvisionPermissionSetRequest request)

The process by which a specified permission set is provisioned to the specified target.

Specified by:

provisionPermissionSet in interface AWSSSOAdmin

Parameters:

provisionPermissionSetRequest -

Returns:

Result of the ProvisionPermissionSet operation returned by the service.

Throws:

ResourceNotFoundException - Indicates that a requested resource is not found.

InternalServerException - The request processing has failed because of an unknown error, exception, or failure with an internal server.

ThrottlingException - Indicates that the principal has crossed the throttling limits of the API operations.

ValidationException - The request failed because it contains a syntax error.

AccessDeniedException - You do not have sufficient access to perform this action.

ConflictException - Occurs when a conflict with a previous successful write is detected. This generally occurs when the previous write did not have time to propagate to the host serving the current request. A retry (with appropriate backoff logic) is the recommended response to this exception.

See Also:

AWS API Documentation

putInlinePolicyToPermissionSet

public PutInlinePolicyToPermissionSetResult putInlinePolicyToPermissionSet(PutInlinePolicyToPermissionSetRequest request)

Attaches an IAM inline policy to a permission set.

If the permission set is already referenced by one or more account assignments, you will need to call ProvisionPermissionSet after this action to apply the corresponding IAM policy updates to all assigned accounts.

Specified by:

putInlinePolicyToPermissionSet in interface AWSSSOAdmin

Parameters:

putInlinePolicyToPermissionSetRequest -

Returns:

Result of the PutInlinePolicyToPermissionSet operation returned by the service.

Throws:

ResourceNotFoundException - Indicates that a requested resource is not found.

InternalServerException - The request processing has failed because of an unknown error, exception, or failure with an internal server.

ServiceQuotaExceededException - Indicates that the principal has crossed the permitted number of resources that can be created.

ThrottlingException - Indicates that the principal has crossed the throttling limits of the API operations.

ValidationException - The request failed because it contains a syntax error.

AccessDeniedException - You do not have sufficient access to perform this action.

ConflictException - Occurs when a conflict with a previous successful write is detected. This generally occurs when the previous write did not have time to propagate to the host serving the current request. A retry (with appropriate backoff logic) is the recommended response to this exception.

See Also:

AWS API Documentation

tagResource

public TagResourceResult tagResource(TagResourceRequest request)

Associates a set of tags with a specified resource.

Specified by:

tagResource in interface AWSSSOAdmin

Parameters:

tagResourceRequest -

Returns:

Result of the TagResource operation returned by the service.

Throws:

ResourceNotFoundException - Indicates that a requested resource is not found.

InternalServerException - The request processing has failed because of an unknown error, exception, or failure with an internal server.

ServiceQuotaExceededException - Indicates that the principal has crossed the permitted number of resources that can be created.

ThrottlingException - Indicates that the principal has crossed the throttling limits of the API operations.

ValidationException - The request failed because it contains a syntax error.

AccessDeniedException - You do not have sufficient access to perform this action.

ConflictException - Occurs when a conflict with a previous successful write is detected. This generally occurs when the previous write did not have time to propagate to the host serving the current request. A retry (with appropriate backoff logic) is the recommended response to this exception.

See Also:

AWS API Documentation

untagResource

public UntagResourceResult untagResource(UntagResourceRequest request)

Disassociates a set of tags from a specified resource.

Specified by:

untagResource in interface AWSSSOAdmin

Parameters:

untagResourceRequest -

Returns:

Result of the UntagResource operation returned by the service.

Throws:

ResourceNotFoundException - Indicates that a requested resource is not found.

InternalServerException - The request processing has failed because of an unknown error, exception, or failure with an internal server.

ThrottlingException - Indicates that the principal has crossed the throttling limits of the API operations.

ValidationException - The request failed because it contains a syntax error.

AccessDeniedException - You do not have sufficient access to perform this action.

ConflictException - Occurs when a conflict with a previous successful write is detected. This generally occurs when the previous write did not have time to propagate to the host serving the current request. A retry (with appropriate backoff logic) is the recommended response to this exception.

See Also:

AWS API Documentation

updateInstanceAccessControlAttributeConfiguration

public UpdateInstanceAccessControlAttributeConfigurationResult updateInstanceAccessControlAttributeConfiguration(UpdateInstanceAccessControlAttributeConfigurationRequest request)

Updates the Amazon Web Services SSO identity store attributes that you can use with the Amazon Web Services SSO instance for attributes-based access control (ABAC). When using an external identity provider as an identity source, you can pass attributes through the SAML assertion as an alternative to configuring attributes from the Amazon Web Services SSO identity store. If a SAML assertion passes any of these attributes, Amazon Web Services SSO replaces the attribute value with the value from the Amazon Web Services SSO identity store. For more information about ABAC, see Attribute-Based Access Control in the Amazon Web Services SSO User Guide.

Specified by:

updateInstanceAccessControlAttributeConfiguration in interface AWSSSOAdmin

Parameters:

updateInstanceAccessControlAttributeConfigurationRequest -

Returns:

Result of the UpdateInstanceAccessControlAttributeConfiguration operation returned by the service.

Throws:

InternalServerException - The request processing has failed because of an unknown error, exception, or failure with an internal server.

AccessDeniedException - You do not have sufficient access to perform this action.

ThrottlingException - Indicates that the principal has crossed the throttling limits of the API operations.

ValidationException - The request failed because it contains a syntax error.

ResourceNotFoundException - Indicates that a requested resource is not found.

ConflictException - Occurs when a conflict with a previous successful write is detected. This generally occurs when the previous write did not have time to propagate to the host serving the current request. A retry (with appropriate backoff logic) is the recommended response to this exception.

See Also:

AWS API Documentation

updatePermissionSet

public UpdatePermissionSetResult updatePermissionSet(UpdatePermissionSetRequest request)

Updates an existing permission set.

Specified by:

updatePermissionSet in interface AWSSSOAdmin

Parameters:

updatePermissionSetRequest -

Returns:

Result of the UpdatePermissionSet operation returned by the service.

Throws:

ResourceNotFoundException - Indicates that a requested resource is not found.

InternalServerException - The request processing has failed because of an unknown error, exception, or failure with an internal server.

ThrottlingException - Indicates that the principal has crossed the throttling limits of the API operations.

ValidationException - The request failed because it contains a syntax error.

AccessDeniedException - You do not have sufficient access to perform this action.

ConflictException - Occurs when a conflict with a previous successful write is detected. This generally occurs when the previous write did not have time to propagate to the host serving the current request. A retry (with appropriate backoff logic) is the recommended response to this exception.

See Also:

AWS API Documentation

getCachedResponseMetadata

public ResponseMetadata getCachedResponseMetadata(AmazonWebServiceRequest request)

Returns additional metadata for a previously executed successful, request, typically used for debugging issues where a service isn't acting as expected. This data isn't considered part of the result data returned by an operation, so it's available through this separate, diagnostic interface.

Response metadata is only cached for a limited period of time, so if you need to access this extra diagnostic information for an executed request, you should use this method to retrieve it as soon as possible after executing the request.

Specified by:

getCachedResponseMetadata in interface AWSSSOAdmin

Parameters:

request - The originally executed request

Returns:

The response metadata for the specified request, or null if none is available.

shutdown

public void shutdown()

Description copied from class: AmazonWebServiceClient

Shuts down this client object, releasing any resources that might be held open. If this method is not invoked, resources may be leaked. Once a client has been shutdown, it should not be used to make any more requests.

Specified by:

shutdown in interface AWSSSOAdmin

Overrides:

shutdown in class AmazonWebServiceClient