com.amazonaws.services.ssoadmin

Interface AWSSSOAdmin

All Known Subinterfaces:

AWSSSOAdminAsync

All Known Implementing Classes:

AbstractAWSSSOAdmin, AbstractAWSSSOAdminAsync, AWSSSOAdminAsyncClient, AWSSSOAdminClient

@Generated(value="com.amazonaws:aws-java-sdk-code-generator")
public interface AWSSSOAdmin

Interface for accessing SSO Admin.

Note: Do not directly implement this interface, new methods are added to it regularly. Extend from AbstractAWSSSOAdmin instead.

AWS IAM Identity Center (successor to AWS Single Sign-On) helps you securely create, or connect, your workforce identities and manage their access centrally across AWS accounts and applications. IAM Identity Center is the recommended approach for workforce authentication and authorization in AWS, for organizations of any size and type.

Although AWS Single Sign-On was renamed, the sso and identitystore API namespaces will continue to retain their original name for backward compatibility purposes. For more information, see IAM Identity Center rename.

This reference guide provides information on single sign-on operations which could be used for access management of AWS accounts. For information about IAM Identity Center features, see the IAM Identity Center User Guide.

Many operations in the IAM Identity Center APIs rely on identifiers for users and groups, known as principals. For more information about how to work with principals and principal IDs in IAM Identity Center, see the Identity Store API Reference.

AWS provides SDKs that consist of libraries and sample code for various programming languages and platforms (Java, Ruby, .Net, iOS, Android, and more). The SDKs provide a convenient way to create programmatic access to IAM Identity Center and other AWS services. For more information about the AWS SDKs, including how to download and install them, see Tools for Amazon Web Services.

Field Summary

Fields

Modifier and Type	Field and Description
static String	ENDPOINT_PREFIX The region metadata service name for computing region endpoints.

Method Summary

Modifier and Type	Method and Description
AttachCustomerManagedPolicyReferenceToPermissionSetResult	attachCustomerManagedPolicyReferenceToPermissionSet(AttachCustomerManagedPolicyReferenceToPermissionSetRequest attachCustomerManagedPolicyReferenceToPermissionSetRequest) Attaches the specified customer managed policy to the specified PermissionSet.
AttachManagedPolicyToPermissionSetResult	attachManagedPolicyToPermissionSet(AttachManagedPolicyToPermissionSetRequest attachManagedPolicyToPermissionSetRequest) Attaches an AWS managed policy ARN to a permission set.
CreateAccountAssignmentResult	createAccountAssignment(CreateAccountAssignmentRequest createAccountAssignmentRequest) Assigns access to a principal for a specified AWS account using a specified permission set.
CreateInstanceAccessControlAttributeConfigurationResult	createInstanceAccessControlAttributeConfiguration(CreateInstanceAccessControlAttributeConfigurationRequest createInstanceAccessControlAttributeConfigurationRequest) Enables the attributes-based access control (ABAC) feature for the specified IAM Identity Center instance.
CreatePermissionSetResult	createPermissionSet(CreatePermissionSetRequest createPermissionSetRequest) Creates a permission set within a specified IAM Identity Center instance.
DeleteAccountAssignmentResult	deleteAccountAssignment(DeleteAccountAssignmentRequest deleteAccountAssignmentRequest) Deletes a principal's access from a specified AWS account using a specified permission set.
DeleteInlinePolicyFromPermissionSetResult	deleteInlinePolicyFromPermissionSet(DeleteInlinePolicyFromPermissionSetRequest deleteInlinePolicyFromPermissionSetRequest) Deletes the inline policy from a specified permission set.
DeleteInstanceAccessControlAttributeConfigurationResult	deleteInstanceAccessControlAttributeConfiguration(DeleteInstanceAccessControlAttributeConfigurationRequest deleteInstanceAccessControlAttributeConfigurationRequest) Disables the attributes-based access control (ABAC) feature for the specified IAM Identity Center instance and deletes all of the attribute mappings that have been configured.
DeletePermissionsBoundaryFromPermissionSetResult	deletePermissionsBoundaryFromPermissionSet(DeletePermissionsBoundaryFromPermissionSetRequest deletePermissionsBoundaryFromPermissionSetRequest) Deletes the permissions boundary from a specified PermissionSet.
DeletePermissionSetResult	deletePermissionSet(DeletePermissionSetRequest deletePermissionSetRequest) Deletes the specified permission set.
DescribeAccountAssignmentCreationStatusResult	describeAccountAssignmentCreationStatus(DescribeAccountAssignmentCreationStatusRequest describeAccountAssignmentCreationStatusRequest) Describes the status of the assignment creation request.
DescribeAccountAssignmentDeletionStatusResult	describeAccountAssignmentDeletionStatus(DescribeAccountAssignmentDeletionStatusRequest describeAccountAssignmentDeletionStatusRequest) Describes the status of the assignment deletion request.
DescribeInstanceAccessControlAttributeConfigurationResult	describeInstanceAccessControlAttributeConfiguration(DescribeInstanceAccessControlAttributeConfigurationRequest describeInstanceAccessControlAttributeConfigurationRequest) Returns the list of IAM Identity Center identity store attributes that have been configured to work with attributes-based access control (ABAC) for the specified IAM Identity Center instance.
DescribePermissionSetResult	describePermissionSet(DescribePermissionSetRequest describePermissionSetRequest) Gets the details of the permission set.
DescribePermissionSetProvisioningStatusResult	describePermissionSetProvisioningStatus(DescribePermissionSetProvisioningStatusRequest describePermissionSetProvisioningStatusRequest) Describes the status for the given permission set provisioning request.
DetachCustomerManagedPolicyReferenceFromPermissionSetResult	detachCustomerManagedPolicyReferenceFromPermissionSet(DetachCustomerManagedPolicyReferenceFromPermissionSetRequest detachCustomerManagedPolicyReferenceFromPermissionSetRequest) Detaches the specified customer managed policy from the specified PermissionSet.
DetachManagedPolicyFromPermissionSetResult	detachManagedPolicyFromPermissionSet(DetachManagedPolicyFromPermissionSetRequest detachManagedPolicyFromPermissionSetRequest) Detaches the attached AWS managed policy ARN from the specified permission set.
ResponseMetadata	getCachedResponseMetadata(AmazonWebServiceRequest request) Returns additional metadata for a previously executed successful request, typically used for debugging issues where a service isn't acting as expected.
GetInlinePolicyForPermissionSetResult	getInlinePolicyForPermissionSet(GetInlinePolicyForPermissionSetRequest getInlinePolicyForPermissionSetRequest) Obtains the inline policy assigned to the permission set.
GetPermissionsBoundaryForPermissionSetResult	getPermissionsBoundaryForPermissionSet(GetPermissionsBoundaryForPermissionSetRequest getPermissionsBoundaryForPermissionSetRequest) Obtains the permissions boundary for a specified PermissionSet.
ListAccountAssignmentCreationStatusResult	listAccountAssignmentCreationStatus(ListAccountAssignmentCreationStatusRequest listAccountAssignmentCreationStatusRequest) Lists the status of the AWS account assignment creation requests for a specified IAM Identity Center instance.
ListAccountAssignmentDeletionStatusResult	listAccountAssignmentDeletionStatus(ListAccountAssignmentDeletionStatusRequest listAccountAssignmentDeletionStatusRequest) Lists the status of the AWS account assignment deletion requests for a specified IAM Identity Center instance.
ListAccountAssignmentsResult	listAccountAssignments(ListAccountAssignmentsRequest listAccountAssignmentsRequest) Lists the assignee of the specified AWS account with the specified permission set.
ListAccountsForProvisionedPermissionSetResult	listAccountsForProvisionedPermissionSet(ListAccountsForProvisionedPermissionSetRequest listAccountsForProvisionedPermissionSetRequest) Lists all the AWS accounts where the specified permission set is provisioned.
ListCustomerManagedPolicyReferencesInPermissionSetResult	listCustomerManagedPolicyReferencesInPermissionSet(ListCustomerManagedPolicyReferencesInPermissionSetRequest listCustomerManagedPolicyReferencesInPermissionSetRequest) Lists all customer managed policies attached to a specified PermissionSet.
ListInstancesResult	listInstances(ListInstancesRequest listInstancesRequest) Lists the IAM Identity Center instances that the caller has access to.
ListManagedPoliciesInPermissionSetResult	listManagedPoliciesInPermissionSet(ListManagedPoliciesInPermissionSetRequest listManagedPoliciesInPermissionSetRequest) Lists the AWS managed policy that is attached to a specified permission set.
ListPermissionSetProvisioningStatusResult	listPermissionSetProvisioningStatus(ListPermissionSetProvisioningStatusRequest listPermissionSetProvisioningStatusRequest) Lists the status of the permission set provisioning requests for a specified IAM Identity Center instance.
ListPermissionSetsResult	listPermissionSets(ListPermissionSetsRequest listPermissionSetsRequest) Lists the PermissionSets in an IAM Identity Center instance.
ListPermissionSetsProvisionedToAccountResult	listPermissionSetsProvisionedToAccount(ListPermissionSetsProvisionedToAccountRequest listPermissionSetsProvisionedToAccountRequest) Lists all the permission sets that are provisioned to a specified AWS account.
ListTagsForResourceResult	listTagsForResource(ListTagsForResourceRequest listTagsForResourceRequest) Lists the tags that are attached to a specified resource.
ProvisionPermissionSetResult	provisionPermissionSet(ProvisionPermissionSetRequest provisionPermissionSetRequest) The process by which a specified permission set is provisioned to the specified target.
PutInlinePolicyToPermissionSetResult	putInlinePolicyToPermissionSet(PutInlinePolicyToPermissionSetRequest putInlinePolicyToPermissionSetRequest) Attaches an inline policy to a permission set.
PutPermissionsBoundaryToPermissionSetResult	putPermissionsBoundaryToPermissionSet(PutPermissionsBoundaryToPermissionSetRequest putPermissionsBoundaryToPermissionSetRequest) Attaches an AWS managed or customer managed policy to the specified PermissionSet as a permissions boundary.
void	shutdown() Shuts down this client object, releasing any resources that might be held open.
TagResourceResult	tagResource(TagResourceRequest tagResourceRequest) Associates a set of tags with a specified resource.
UntagResourceResult	untagResource(UntagResourceRequest untagResourceRequest) Disassociates a set of tags from a specified resource.
UpdateInstanceAccessControlAttributeConfigurationResult	updateInstanceAccessControlAttributeConfiguration(UpdateInstanceAccessControlAttributeConfigurationRequest updateInstanceAccessControlAttributeConfigurationRequest) Updates the IAM Identity Center identity store attributes that you can use with the IAM Identity Center instance for attributes-based access control (ABAC).
UpdatePermissionSetResult	updatePermissionSet(UpdatePermissionSetRequest updatePermissionSetRequest) Updates an existing permission set.

Field Detail

ENDPOINT_PREFIX

static final String ENDPOINT_PREFIX

The region metadata service name for computing region endpoints. You can use this value to retrieve metadata (such as supported regions) of the service.

See Also:

RegionUtils.getRegionsForService(String), Constant Field Values

Method Detail

attachCustomerManagedPolicyReferenceToPermissionSet

AttachCustomerManagedPolicyReferenceToPermissionSetResult attachCustomerManagedPolicyReferenceToPermissionSet(AttachCustomerManagedPolicyReferenceToPermissionSetRequest attachCustomerManagedPolicyReferenceToPermissionSetRequest)

Attaches the specified customer managed policy to the specified PermissionSet.

Parameters:

attachCustomerManagedPolicyReferenceToPermissionSetRequest -

Returns:

Result of the AttachCustomerManagedPolicyReferenceToPermissionSet operation returned by the service.

Throws:

ResourceNotFoundException - Indicates that a requested resource is not found.

InternalServerException - The request processing has failed because of an unknown error, exception, or failure with an internal server.

ServiceQuotaExceededException - Indicates that the principal has crossed the permitted number of resources that can be created.

ThrottlingException - Indicates that the principal has crossed the throttling limits of the API operations.

ValidationException - The request failed because it contains a syntax error.

AccessDeniedException - You do not have sufficient access to perform this action.

ConflictException - Occurs when a conflict with a previous successful write is detected. This generally occurs when the previous write did not have time to propagate to the host serving the current request. A retry (with appropriate backoff logic) is the recommended response to this exception.

See Also:

AWS API Documentation

attachManagedPolicyToPermissionSet

AttachManagedPolicyToPermissionSetResult attachManagedPolicyToPermissionSet(AttachManagedPolicyToPermissionSetRequest attachManagedPolicyToPermissionSetRequest)

Attaches an AWS managed policy ARN to a permission set.

If the permission set is already referenced by one or more account assignments, you will need to call ProvisionPermissionSet after this operation. Calling ProvisionPermissionSet applies the corresponding IAM policy updates to all assigned accounts.

Parameters:

attachManagedPolicyToPermissionSetRequest -

Returns:

Result of the AttachManagedPolicyToPermissionSet operation returned by the service.

Throws:

ResourceNotFoundException - Indicates that a requested resource is not found.

InternalServerException - The request processing has failed because of an unknown error, exception, or failure with an internal server.

ServiceQuotaExceededException - Indicates that the principal has crossed the permitted number of resources that can be created.

ThrottlingException - Indicates that the principal has crossed the throttling limits of the API operations.

ValidationException - The request failed because it contains a syntax error.

AccessDeniedException - You do not have sufficient access to perform this action.

ConflictException - Occurs when a conflict with a previous successful write is detected. This generally occurs when the previous write did not have time to propagate to the host serving the current request. A retry (with appropriate backoff logic) is the recommended response to this exception.

See Also:

AWS API Documentation

createAccountAssignment

CreateAccountAssignmentResult createAccountAssignment(CreateAccountAssignmentRequest createAccountAssignmentRequest)

Assigns access to a principal for a specified AWS account using a specified permission set.

The term principal here refers to a user or group that is defined in IAM Identity Center.

As part of a successful CreateAccountAssignment call, the specified permission set will automatically be provisioned to the account in the form of an IAM policy. That policy is attached to the IAM role created in IAM Identity Center. If the permission set is subsequently updated, the corresponding IAM policies attached to roles in your accounts will not be updated automatically. In this case, you must call ProvisionPermissionSet to make these updates.

After a successful response, call DescribeAccountAssignmentCreationStatus to describe the status of an assignment creation request.

Parameters:

createAccountAssignmentRequest -

Returns:

Result of the CreateAccountAssignment operation returned by the service.

Throws:

ResourceNotFoundException - Indicates that a requested resource is not found.

InternalServerException - The request processing has failed because of an unknown error, exception, or failure with an internal server.

ServiceQuotaExceededException - Indicates that the principal has crossed the permitted number of resources that can be created.

ThrottlingException - Indicates that the principal has crossed the throttling limits of the API operations.

ValidationException - The request failed because it contains a syntax error.

AccessDeniedException - You do not have sufficient access to perform this action.

ConflictException - Occurs when a conflict with a previous successful write is detected. This generally occurs when the previous write did not have time to propagate to the host serving the current request. A retry (with appropriate backoff logic) is the recommended response to this exception.

See Also:

AWS API Documentation

createInstanceAccessControlAttributeConfiguration

CreateInstanceAccessControlAttributeConfigurationResult createInstanceAccessControlAttributeConfiguration(CreateInstanceAccessControlAttributeConfigurationRequest createInstanceAccessControlAttributeConfigurationRequest)

Enables the attributes-based access control (ABAC) feature for the specified IAM Identity Center instance. You can also specify new attributes to add to your ABAC configuration during the enabling process. For more information about ABAC, see Attribute-Based Access Control in the IAM Identity Center User Guide.

After a successful response, call DescribeInstanceAccessControlAttributeConfiguration to validate that InstanceAccessControlAttributeConfiguration was created.

Parameters:

createInstanceAccessControlAttributeConfigurationRequest -

Returns:

Result of the CreateInstanceAccessControlAttributeConfiguration operation returned by the service.

Throws:

InternalServerException - The request processing has failed because of an unknown error, exception, or failure with an internal server.

AccessDeniedException - You do not have sufficient access to perform this action.

ThrottlingException - Indicates that the principal has crossed the throttling limits of the API operations.

ValidationException - The request failed because it contains a syntax error.

ResourceNotFoundException - Indicates that a requested resource is not found.

ConflictException - Occurs when a conflict with a previous successful write is detected. This generally occurs when the previous write did not have time to propagate to the host serving the current request. A retry (with appropriate backoff logic) is the recommended response to this exception.

See Also:

AWS API Documentation

createPermissionSet

CreatePermissionSetResult createPermissionSet(CreatePermissionSetRequest createPermissionSetRequest)

Creates a permission set within a specified IAM Identity Center instance.

To grant users and groups access to AWS account resources, use CreateAccountAssignment .

Parameters:

createPermissionSetRequest -

Returns:

Result of the CreatePermissionSet operation returned by the service.

Throws:

ResourceNotFoundException - Indicates that a requested resource is not found.

InternalServerException - The request processing has failed because of an unknown error, exception, or failure with an internal server.

ServiceQuotaExceededException - Indicates that the principal has crossed the permitted number of resources that can be created.

ThrottlingException - Indicates that the principal has crossed the throttling limits of the API operations.

ValidationException - The request failed because it contains a syntax error.

AccessDeniedException - You do not have sufficient access to perform this action.

ConflictException - Occurs when a conflict with a previous successful write is detected. This generally occurs when the previous write did not have time to propagate to the host serving the current request. A retry (with appropriate backoff logic) is the recommended response to this exception.

See Also:

AWS API Documentation

deleteAccountAssignment

DeleteAccountAssignmentResult deleteAccountAssignment(DeleteAccountAssignmentRequest deleteAccountAssignmentRequest)

Deletes a principal's access from a specified AWS account using a specified permission set.

After a successful response, call DescribeAccountAssignmentCreationStatus to describe the status of an assignment deletion request.

Parameters:

deleteAccountAssignmentRequest -

Returns:

Result of the DeleteAccountAssignment operation returned by the service.

Throws:

ResourceNotFoundException - Indicates that a requested resource is not found.

InternalServerException - The request processing has failed because of an unknown error, exception, or failure with an internal server.

ThrottlingException - Indicates that the principal has crossed the throttling limits of the API operations.

ValidationException - The request failed because it contains a syntax error.

AccessDeniedException - You do not have sufficient access to perform this action.

ConflictException - Occurs when a conflict with a previous successful write is detected. This generally occurs when the previous write did not have time to propagate to the host serving the current request. A retry (with appropriate backoff logic) is the recommended response to this exception.

See Also:

AWS API Documentation

deleteInlinePolicyFromPermissionSet

DeleteInlinePolicyFromPermissionSetResult deleteInlinePolicyFromPermissionSet(DeleteInlinePolicyFromPermissionSetRequest deleteInlinePolicyFromPermissionSetRequest)

Deletes the inline policy from a specified permission set.

Parameters:

deleteInlinePolicyFromPermissionSetRequest -

Returns:

Result of the DeleteInlinePolicyFromPermissionSet operation returned by the service.

Throws:

ResourceNotFoundException - Indicates that a requested resource is not found.

InternalServerException - The request processing has failed because of an unknown error, exception, or failure with an internal server.

ThrottlingException - Indicates that the principal has crossed the throttling limits of the API operations.

ValidationException - The request failed because it contains a syntax error.

AccessDeniedException - You do not have sufficient access to perform this action.

ConflictException - Occurs when a conflict with a previous successful write is detected. This generally occurs when the previous write did not have time to propagate to the host serving the current request. A retry (with appropriate backoff logic) is the recommended response to this exception.

See Also:

AWS API Documentation

deleteInstanceAccessControlAttributeConfiguration

DeleteInstanceAccessControlAttributeConfigurationResult deleteInstanceAccessControlAttributeConfiguration(DeleteInstanceAccessControlAttributeConfigurationRequest deleteInstanceAccessControlAttributeConfigurationRequest)

Disables the attributes-based access control (ABAC) feature for the specified IAM Identity Center instance and deletes all of the attribute mappings that have been configured. Once deleted, any attributes that are received from an identity source and any custom attributes you have previously configured will not be passed. For more information about ABAC, see Attribute-Based Access Control in the IAM Identity Center User Guide.

Parameters:

deleteInstanceAccessControlAttributeConfigurationRequest -

Returns:

Result of the DeleteInstanceAccessControlAttributeConfiguration operation returned by the service.

Throws:

InternalServerException - The request processing has failed because of an unknown error, exception, or failure with an internal server.

AccessDeniedException - You do not have sufficient access to perform this action.

ThrottlingException - Indicates that the principal has crossed the throttling limits of the API operations.

ValidationException - The request failed because it contains a syntax error.

ResourceNotFoundException - Indicates that a requested resource is not found.

ConflictException - Occurs when a conflict with a previous successful write is detected. This generally occurs when the previous write did not have time to propagate to the host serving the current request. A retry (with appropriate backoff logic) is the recommended response to this exception.

See Also:

AWS API Documentation

deletePermissionSet

DeletePermissionSetResult deletePermissionSet(DeletePermissionSetRequest deletePermissionSetRequest)

Deletes the specified permission set.

Parameters:

deletePermissionSetRequest -

Returns:

Result of the DeletePermissionSet operation returned by the service.

Throws:

ResourceNotFoundException - Indicates that a requested resource is not found.

InternalServerException - The request processing has failed because of an unknown error, exception, or failure with an internal server.

ThrottlingException - Indicates that the principal has crossed the throttling limits of the API operations.

ValidationException - The request failed because it contains a syntax error.

AccessDeniedException - You do not have sufficient access to perform this action.

ConflictException - Occurs when a conflict with a previous successful write is detected. This generally occurs when the previous write did not have time to propagate to the host serving the current request. A retry (with appropriate backoff logic) is the recommended response to this exception.

See Also:

AWS API Documentation

deletePermissionsBoundaryFromPermissionSet

DeletePermissionsBoundaryFromPermissionSetResult deletePermissionsBoundaryFromPermissionSet(DeletePermissionsBoundaryFromPermissionSetRequest deletePermissionsBoundaryFromPermissionSetRequest)

Deletes the permissions boundary from a specified PermissionSet.

Parameters:

deletePermissionsBoundaryFromPermissionSetRequest -

Returns:

Result of the DeletePermissionsBoundaryFromPermissionSet operation returned by the service.

Throws:

ResourceNotFoundException - Indicates that a requested resource is not found.

InternalServerException - The request processing has failed because of an unknown error, exception, or failure with an internal server.

ThrottlingException - Indicates that the principal has crossed the throttling limits of the API operations.

ValidationException - The request failed because it contains a syntax error.

AccessDeniedException - You do not have sufficient access to perform this action.

See Also:

AWS API Documentation

describeAccountAssignmentCreationStatus

DescribeAccountAssignmentCreationStatusResult describeAccountAssignmentCreationStatus(DescribeAccountAssignmentCreationStatusRequest describeAccountAssignmentCreationStatusRequest)

Describes the status of the assignment creation request.

Parameters:

describeAccountAssignmentCreationStatusRequest -

Returns:

Result of the DescribeAccountAssignmentCreationStatus operation returned by the service.

Throws:

ResourceNotFoundException - Indicates that a requested resource is not found.

InternalServerException - The request processing has failed because of an unknown error, exception, or failure with an internal server.

ThrottlingException - Indicates that the principal has crossed the throttling limits of the API operations.

ValidationException - The request failed because it contains a syntax error.

AccessDeniedException - You do not have sufficient access to perform this action.

See Also:

AWS API Documentation

describeAccountAssignmentDeletionStatus

DescribeAccountAssignmentDeletionStatusResult describeAccountAssignmentDeletionStatus(DescribeAccountAssignmentDeletionStatusRequest describeAccountAssignmentDeletionStatusRequest)

Describes the status of the assignment deletion request.

Parameters:

describeAccountAssignmentDeletionStatusRequest -

Returns:

Result of the DescribeAccountAssignmentDeletionStatus operation returned by the service.

Throws:

ResourceNotFoundException - Indicates that a requested resource is not found.

InternalServerException - The request processing has failed because of an unknown error, exception, or failure with an internal server.

ThrottlingException - Indicates that the principal has crossed the throttling limits of the API operations.

ValidationException - The request failed because it contains a syntax error.

AccessDeniedException - You do not have sufficient access to perform this action.

See Also:

AWS API Documentation

describeInstanceAccessControlAttributeConfiguration

DescribeInstanceAccessControlAttributeConfigurationResult describeInstanceAccessControlAttributeConfiguration(DescribeInstanceAccessControlAttributeConfigurationRequest describeInstanceAccessControlAttributeConfigurationRequest)

Returns the list of IAM Identity Center identity store attributes that have been configured to work with attributes-based access control (ABAC) for the specified IAM Identity Center instance. This will not return attributes configured and sent by an external identity provider. For more information about ABAC, see Attribute-Based Access Control in the IAM Identity Center User Guide.

Parameters:

describeInstanceAccessControlAttributeConfigurationRequest -

Returns:

Result of the DescribeInstanceAccessControlAttributeConfiguration operation returned by the service.

Throws:

ResourceNotFoundException - Indicates that a requested resource is not found.

InternalServerException - The request processing has failed because of an unknown error, exception, or failure with an internal server.

AccessDeniedException - You do not have sufficient access to perform this action.

ThrottlingException - Indicates that the principal has crossed the throttling limits of the API operations.

ValidationException - The request failed because it contains a syntax error.

See Also:

AWS API Documentation

describePermissionSet

DescribePermissionSetResult describePermissionSet(DescribePermissionSetRequest describePermissionSetRequest)

Gets the details of the permission set.

Parameters:

describePermissionSetRequest -

Returns:

Result of the DescribePermissionSet operation returned by the service.

Throws:

ResourceNotFoundException - Indicates that a requested resource is not found.

InternalServerException - The request processing has failed because of an unknown error, exception, or failure with an internal server.

ThrottlingException - Indicates that the principal has crossed the throttling limits of the API operations.

ValidationException - The request failed because it contains a syntax error.

AccessDeniedException - You do not have sufficient access to perform this action.

See Also:

AWS API Documentation

describePermissionSetProvisioningStatus

DescribePermissionSetProvisioningStatusResult describePermissionSetProvisioningStatus(DescribePermissionSetProvisioningStatusRequest describePermissionSetProvisioningStatusRequest)

Describes the status for the given permission set provisioning request.

Parameters:

describePermissionSetProvisioningStatusRequest -

Returns:

Result of the DescribePermissionSetProvisioningStatus operation returned by the service.

Throws:

ResourceNotFoundException - Indicates that a requested resource is not found.

InternalServerException - The request processing has failed because of an unknown error, exception, or failure with an internal server.

ThrottlingException - Indicates that the principal has crossed the throttling limits of the API operations.

ValidationException - The request failed because it contains a syntax error.

AccessDeniedException - You do not have sufficient access to perform this action.

See Also:

AWS API Documentation

detachCustomerManagedPolicyReferenceFromPermissionSet

DetachCustomerManagedPolicyReferenceFromPermissionSetResult detachCustomerManagedPolicyReferenceFromPermissionSet(DetachCustomerManagedPolicyReferenceFromPermissionSetRequest detachCustomerManagedPolicyReferenceFromPermissionSetRequest)

Detaches the specified customer managed policy from the specified PermissionSet.

Parameters:

detachCustomerManagedPolicyReferenceFromPermissionSetRequest -

Returns:

Result of the DetachCustomerManagedPolicyReferenceFromPermissionSet operation returned by the service.

Throws:

ResourceNotFoundException - Indicates that a requested resource is not found.

InternalServerException - The request processing has failed because of an unknown error, exception, or failure with an internal server.

ThrottlingException - Indicates that the principal has crossed the throttling limits of the API operations.

ValidationException - The request failed because it contains a syntax error.

AccessDeniedException - You do not have sufficient access to perform this action.

ConflictException - Occurs when a conflict with a previous successful write is detected. This generally occurs when the previous write did not have time to propagate to the host serving the current request. A retry (with appropriate backoff logic) is the recommended response to this exception.

See Also:

AWS API Documentation

detachManagedPolicyFromPermissionSet

DetachManagedPolicyFromPermissionSetResult detachManagedPolicyFromPermissionSet(DetachManagedPolicyFromPermissionSetRequest detachManagedPolicyFromPermissionSetRequest)

Detaches the attached AWS managed policy ARN from the specified permission set.

Parameters:

detachManagedPolicyFromPermissionSetRequest -

Returns:

Result of the DetachManagedPolicyFromPermissionSet operation returned by the service.

Throws:

ResourceNotFoundException - Indicates that a requested resource is not found.

InternalServerException - The request processing has failed because of an unknown error, exception, or failure with an internal server.

ThrottlingException - Indicates that the principal has crossed the throttling limits of the API operations.

ValidationException - The request failed because it contains a syntax error.

AccessDeniedException - You do not have sufficient access to perform this action.

ConflictException - Occurs when a conflict with a previous successful write is detected. This generally occurs when the previous write did not have time to propagate to the host serving the current request. A retry (with appropriate backoff logic) is the recommended response to this exception.

See Also:

AWS API Documentation

getInlinePolicyForPermissionSet

GetInlinePolicyForPermissionSetResult getInlinePolicyForPermissionSet(GetInlinePolicyForPermissionSetRequest getInlinePolicyForPermissionSetRequest)

Obtains the inline policy assigned to the permission set.

Parameters:

getInlinePolicyForPermissionSetRequest -

Returns:

Result of the GetInlinePolicyForPermissionSet operation returned by the service.

Throws:

ResourceNotFoundException - Indicates that a requested resource is not found.

InternalServerException - The request processing has failed because of an unknown error, exception, or failure with an internal server.

ThrottlingException - Indicates that the principal has crossed the throttling limits of the API operations.

ValidationException - The request failed because it contains a syntax error.

AccessDeniedException - You do not have sufficient access to perform this action.

See Also:

AWS API Documentation

getPermissionsBoundaryForPermissionSet

GetPermissionsBoundaryForPermissionSetResult getPermissionsBoundaryForPermissionSet(GetPermissionsBoundaryForPermissionSetRequest getPermissionsBoundaryForPermissionSetRequest)

Obtains the permissions boundary for a specified PermissionSet.

Parameters:

getPermissionsBoundaryForPermissionSetRequest -

Returns:

Result of the GetPermissionsBoundaryForPermissionSet operation returned by the service.

Throws:

ResourceNotFoundException - Indicates that a requested resource is not found.

InternalServerException - The request processing has failed because of an unknown error, exception, or failure with an internal server.

ThrottlingException - Indicates that the principal has crossed the throttling limits of the API operations.

ValidationException - The request failed because it contains a syntax error.

AccessDeniedException - You do not have sufficient access to perform this action.

See Also:

AWS API Documentation

listAccountAssignmentCreationStatus

ListAccountAssignmentCreationStatusResult listAccountAssignmentCreationStatus(ListAccountAssignmentCreationStatusRequest listAccountAssignmentCreationStatusRequest)

Lists the status of the AWS account assignment creation requests for a specified IAM Identity Center instance.

Parameters:

listAccountAssignmentCreationStatusRequest -

Returns:

Result of the ListAccountAssignmentCreationStatus operation returned by the service.

Throws:

ResourceNotFoundException - Indicates that a requested resource is not found.

InternalServerException - The request processing has failed because of an unknown error, exception, or failure with an internal server.

ThrottlingException - Indicates that the principal has crossed the throttling limits of the API operations.

ValidationException - The request failed because it contains a syntax error.

AccessDeniedException - You do not have sufficient access to perform this action.

See Also:

AWS API Documentation

listAccountAssignmentDeletionStatus

ListAccountAssignmentDeletionStatusResult listAccountAssignmentDeletionStatus(ListAccountAssignmentDeletionStatusRequest listAccountAssignmentDeletionStatusRequest)

Lists the status of the AWS account assignment deletion requests for a specified IAM Identity Center instance.

Parameters:

listAccountAssignmentDeletionStatusRequest -

Returns:

Result of the ListAccountAssignmentDeletionStatus operation returned by the service.

Throws:

ResourceNotFoundException - Indicates that a requested resource is not found.

InternalServerException - The request processing has failed because of an unknown error, exception, or failure with an internal server.

ThrottlingException - Indicates that the principal has crossed the throttling limits of the API operations.

ValidationException - The request failed because it contains a syntax error.

AccessDeniedException - You do not have sufficient access to perform this action.

See Also:

AWS API Documentation

listAccountAssignments

ListAccountAssignmentsResult listAccountAssignments(ListAccountAssignmentsRequest listAccountAssignmentsRequest)

Lists the assignee of the specified AWS account with the specified permission set.

Parameters:

listAccountAssignmentsRequest -

Returns:

Result of the ListAccountAssignments operation returned by the service.

Throws:

ResourceNotFoundException - Indicates that a requested resource is not found.

InternalServerException - The request processing has failed because of an unknown error, exception, or failure with an internal server.

ThrottlingException - Indicates that the principal has crossed the throttling limits of the API operations.

ValidationException - The request failed because it contains a syntax error.

AccessDeniedException - You do not have sufficient access to perform this action.

See Also:

AWS API Documentation

listAccountsForProvisionedPermissionSet

ListAccountsForProvisionedPermissionSetResult listAccountsForProvisionedPermissionSet(ListAccountsForProvisionedPermissionSetRequest listAccountsForProvisionedPermissionSetRequest)

Lists all the AWS accounts where the specified permission set is provisioned.

Parameters:

listAccountsForProvisionedPermissionSetRequest -

Returns:

Result of the ListAccountsForProvisionedPermissionSet operation returned by the service.

Throws:

ResourceNotFoundException - Indicates that a requested resource is not found.

InternalServerException - The request processing has failed because of an unknown error, exception, or failure with an internal server.

ThrottlingException - Indicates that the principal has crossed the throttling limits of the API operations.

ValidationException - The request failed because it contains a syntax error.

AccessDeniedException - You do not have sufficient access to perform this action.

See Also:

AWS API Documentation

listCustomerManagedPolicyReferencesInPermissionSet

ListCustomerManagedPolicyReferencesInPermissionSetResult listCustomerManagedPolicyReferencesInPermissionSet(ListCustomerManagedPolicyReferencesInPermissionSetRequest listCustomerManagedPolicyReferencesInPermissionSetRequest)

Lists all customer managed policies attached to a specified PermissionSet.

Parameters:

listCustomerManagedPolicyReferencesInPermissionSetRequest -

Returns:

Result of the ListCustomerManagedPolicyReferencesInPermissionSet operation returned by the service.

Throws:

ResourceNotFoundException - Indicates that a requested resource is not found.

InternalServerException - The request processing has failed because of an unknown error, exception, or failure with an internal server.

ThrottlingException - Indicates that the principal has crossed the throttling limits of the API operations.

ValidationException - The request failed because it contains a syntax error.

AccessDeniedException - You do not have sufficient access to perform this action.

See Also:

AWS API Documentation

listInstances

ListInstancesResult listInstances(ListInstancesRequest listInstancesRequest)

Lists the IAM Identity Center instances that the caller has access to.

Parameters:

listInstancesRequest -

Returns:

Result of the ListInstances operation returned by the service.

Throws:

InternalServerException - The request processing has failed because of an unknown error, exception, or failure with an internal server.

ThrottlingException - Indicates that the principal has crossed the throttling limits of the API operations.

AccessDeniedException - You do not have sufficient access to perform this action.

ValidationException - The request failed because it contains a syntax error.

See Also:

AWS API Documentation

listManagedPoliciesInPermissionSet

ListManagedPoliciesInPermissionSetResult listManagedPoliciesInPermissionSet(ListManagedPoliciesInPermissionSetRequest listManagedPoliciesInPermissionSetRequest)

Lists the AWS managed policy that is attached to a specified permission set.

Parameters:

listManagedPoliciesInPermissionSetRequest -

Returns:

Result of the ListManagedPoliciesInPermissionSet operation returned by the service.

Throws:

ResourceNotFoundException - Indicates that a requested resource is not found.

InternalServerException - The request processing has failed because of an unknown error, exception, or failure with an internal server.

ThrottlingException - Indicates that the principal has crossed the throttling limits of the API operations.

ValidationException - The request failed because it contains a syntax error.

AccessDeniedException - You do not have sufficient access to perform this action.

See Also:

AWS API Documentation

listPermissionSetProvisioningStatus

ListPermissionSetProvisioningStatusResult listPermissionSetProvisioningStatus(ListPermissionSetProvisioningStatusRequest listPermissionSetProvisioningStatusRequest)

Lists the status of the permission set provisioning requests for a specified IAM Identity Center instance.

Parameters:

listPermissionSetProvisioningStatusRequest -

Returns:

Result of the ListPermissionSetProvisioningStatus operation returned by the service.

Throws:

ResourceNotFoundException - Indicates that a requested resource is not found.

InternalServerException - The request processing has failed because of an unknown error, exception, or failure with an internal server.

ThrottlingException - Indicates that the principal has crossed the throttling limits of the API operations.

ValidationException - The request failed because it contains a syntax error.

AccessDeniedException - You do not have sufficient access to perform this action.

See Also:

AWS API Documentation

listPermissionSets

ListPermissionSetsResult listPermissionSets(ListPermissionSetsRequest listPermissionSetsRequest)

Lists the PermissionSets in an IAM Identity Center instance.

Parameters:

listPermissionSetsRequest -

Returns:

Result of the ListPermissionSets operation returned by the service.

Throws:

ResourceNotFoundException - Indicates that a requested resource is not found.

InternalServerException - The request processing has failed because of an unknown error, exception, or failure with an internal server.

ThrottlingException - Indicates that the principal has crossed the throttling limits of the API operations.

ValidationException - The request failed because it contains a syntax error.

AccessDeniedException - You do not have sufficient access to perform this action.

See Also:

AWS API Documentation

listPermissionSetsProvisionedToAccount

ListPermissionSetsProvisionedToAccountResult listPermissionSetsProvisionedToAccount(ListPermissionSetsProvisionedToAccountRequest listPermissionSetsProvisionedToAccountRequest)

Lists all the permission sets that are provisioned to a specified AWS account.

Parameters:

listPermissionSetsProvisionedToAccountRequest -

Returns:

Result of the ListPermissionSetsProvisionedToAccount operation returned by the service.

Throws:

ResourceNotFoundException - Indicates that a requested resource is not found.

InternalServerException - The request processing has failed because of an unknown error, exception, or failure with an internal server.

ThrottlingException - Indicates that the principal has crossed the throttling limits of the API operations.

ValidationException - The request failed because it contains a syntax error.

AccessDeniedException - You do not have sufficient access to perform this action.

See Also:

AWS API Documentation

listTagsForResource

ListTagsForResourceResult listTagsForResource(ListTagsForResourceRequest listTagsForResourceRequest)

Lists the tags that are attached to a specified resource.

Parameters:

listTagsForResourceRequest -

Returns:

Result of the ListTagsForResource operation returned by the service.

Throws:

ResourceNotFoundException - Indicates that a requested resource is not found.

InternalServerException - The request processing has failed because of an unknown error, exception, or failure with an internal server.

ThrottlingException - Indicates that the principal has crossed the throttling limits of the API operations.

ValidationException - The request failed because it contains a syntax error.

AccessDeniedException - You do not have sufficient access to perform this action.

See Also:

AWS API Documentation

provisionPermissionSet

ProvisionPermissionSetResult provisionPermissionSet(ProvisionPermissionSetRequest provisionPermissionSetRequest)

The process by which a specified permission set is provisioned to the specified target.

Parameters:

provisionPermissionSetRequest -

Returns:

Result of the ProvisionPermissionSet operation returned by the service.

Throws:

ResourceNotFoundException - Indicates that a requested resource is not found.

InternalServerException - The request processing has failed because of an unknown error, exception, or failure with an internal server.

ThrottlingException - Indicates that the principal has crossed the throttling limits of the API operations.

ValidationException - The request failed because it contains a syntax error.

AccessDeniedException - You do not have sufficient access to perform this action.

ConflictException - Occurs when a conflict with a previous successful write is detected. This generally occurs when the previous write did not have time to propagate to the host serving the current request. A retry (with appropriate backoff logic) is the recommended response to this exception.

See Also:

AWS API Documentation

putInlinePolicyToPermissionSet

PutInlinePolicyToPermissionSetResult putInlinePolicyToPermissionSet(PutInlinePolicyToPermissionSetRequest putInlinePolicyToPermissionSetRequest)

Attaches an inline policy to a permission set.

If the permission set is already referenced by one or more account assignments, you will need to call ProvisionPermissionSet after this action to apply the corresponding IAM policy updates to all assigned accounts.

Parameters:

putInlinePolicyToPermissionSetRequest -

Returns:

Result of the PutInlinePolicyToPermissionSet operation returned by the service.

Throws:

ResourceNotFoundException - Indicates that a requested resource is not found.

InternalServerException - The request processing has failed because of an unknown error, exception, or failure with an internal server.

ServiceQuotaExceededException - Indicates that the principal has crossed the permitted number of resources that can be created.

ThrottlingException - Indicates that the principal has crossed the throttling limits of the API operations.

ValidationException - The request failed because it contains a syntax error.

AccessDeniedException - You do not have sufficient access to perform this action.

ConflictException - Occurs when a conflict with a previous successful write is detected. This generally occurs when the previous write did not have time to propagate to the host serving the current request. A retry (with appropriate backoff logic) is the recommended response to this exception.

See Also:

AWS API Documentation

putPermissionsBoundaryToPermissionSet

PutPermissionsBoundaryToPermissionSetResult putPermissionsBoundaryToPermissionSet(PutPermissionsBoundaryToPermissionSetRequest putPermissionsBoundaryToPermissionSetRequest)

Attaches an AWS managed or customer managed policy to the specified PermissionSet as a permissions boundary.

Parameters:

putPermissionsBoundaryToPermissionSetRequest -

Returns:

Result of the PutPermissionsBoundaryToPermissionSet operation returned by the service.

Throws:

ResourceNotFoundException - Indicates that a requested resource is not found.

InternalServerException - The request processing has failed because of an unknown error, exception, or failure with an internal server.

ThrottlingException - Indicates that the principal has crossed the throttling limits of the API operations.

ValidationException - The request failed because it contains a syntax error.

AccessDeniedException - You do not have sufficient access to perform this action.

ConflictException - Occurs when a conflict with a previous successful write is detected. This generally occurs when the previous write did not have time to propagate to the host serving the current request. A retry (with appropriate backoff logic) is the recommended response to this exception.

See Also:

AWS API Documentation

tagResource

TagResourceResult tagResource(TagResourceRequest tagResourceRequest)

Associates a set of tags with a specified resource.

Parameters:

tagResourceRequest -

Returns:

Result of the TagResource operation returned by the service.

Throws:

ResourceNotFoundException - Indicates that a requested resource is not found.

InternalServerException - The request processing has failed because of an unknown error, exception, or failure with an internal server.

ServiceQuotaExceededException - Indicates that the principal has crossed the permitted number of resources that can be created.

ThrottlingException - Indicates that the principal has crossed the throttling limits of the API operations.

ValidationException - The request failed because it contains a syntax error.

AccessDeniedException - You do not have sufficient access to perform this action.

ConflictException - Occurs when a conflict with a previous successful write is detected. This generally occurs when the previous write did not have time to propagate to the host serving the current request. A retry (with appropriate backoff logic) is the recommended response to this exception.

See Also:

AWS API Documentation

untagResource

UntagResourceResult untagResource(UntagResourceRequest untagResourceRequest)

Disassociates a set of tags from a specified resource.

Parameters:

untagResourceRequest -

Returns:

Result of the UntagResource operation returned by the service.

Throws:

ResourceNotFoundException - Indicates that a requested resource is not found.

InternalServerException - The request processing has failed because of an unknown error, exception, or failure with an internal server.

ThrottlingException - Indicates that the principal has crossed the throttling limits of the API operations.

ValidationException - The request failed because it contains a syntax error.

AccessDeniedException - You do not have sufficient access to perform this action.

ConflictException - Occurs when a conflict with a previous successful write is detected. This generally occurs when the previous write did not have time to propagate to the host serving the current request. A retry (with appropriate backoff logic) is the recommended response to this exception.

See Also:

AWS API Documentation

updateInstanceAccessControlAttributeConfiguration

UpdateInstanceAccessControlAttributeConfigurationResult updateInstanceAccessControlAttributeConfiguration(UpdateInstanceAccessControlAttributeConfigurationRequest updateInstanceAccessControlAttributeConfigurationRequest)

Updates the IAM Identity Center identity store attributes that you can use with the IAM Identity Center instance for attributes-based access control (ABAC). When using an external identity provider as an identity source, you can pass attributes through the SAML assertion as an alternative to configuring attributes from the IAM Identity Center identity store. If a SAML assertion passes any of these attributes, IAM Identity Center replaces the attribute value with the value from the IAM Identity Center identity store. For more information about ABAC, see Attribute-Based Access Control in the IAM Identity Center User Guide.

Parameters:

updateInstanceAccessControlAttributeConfigurationRequest -

Returns:

Result of the UpdateInstanceAccessControlAttributeConfiguration operation returned by the service.

Throws:

InternalServerException - The request processing has failed because of an unknown error, exception, or failure with an internal server.

AccessDeniedException - You do not have sufficient access to perform this action.

ThrottlingException - Indicates that the principal has crossed the throttling limits of the API operations.

ValidationException - The request failed because it contains a syntax error.

ResourceNotFoundException - Indicates that a requested resource is not found.

ConflictException - Occurs when a conflict with a previous successful write is detected. This generally occurs when the previous write did not have time to propagate to the host serving the current request. A retry (with appropriate backoff logic) is the recommended response to this exception.

See Also:

AWS API Documentation

updatePermissionSet

UpdatePermissionSetResult updatePermissionSet(UpdatePermissionSetRequest updatePermissionSetRequest)

Updates an existing permission set.

Parameters:

updatePermissionSetRequest -

Returns:

Result of the UpdatePermissionSet operation returned by the service.

Throws:

ResourceNotFoundException - Indicates that a requested resource is not found.

InternalServerException - The request processing has failed because of an unknown error, exception, or failure with an internal server.

ThrottlingException - Indicates that the principal has crossed the throttling limits of the API operations.

ValidationException - The request failed because it contains a syntax error.

AccessDeniedException - You do not have sufficient access to perform this action.

ConflictException - Occurs when a conflict with a previous successful write is detected. This generally occurs when the previous write did not have time to propagate to the host serving the current request. A retry (with appropriate backoff logic) is the recommended response to this exception.

See Also:

AWS API Documentation

shutdown

void shutdown()

Shuts down this client object, releasing any resources that might be held open. This is an optional method, and callers are not expected to call it, but can if they want to explicitly release any open resources. Once a client has been shutdown, it should not be used to make any more requests.

getCachedResponseMetadata

ResponseMetadata getCachedResponseMetadata(AmazonWebServiceRequest request)

Returns additional metadata for a previously executed successful request, typically used for debugging issues where a service isn't acting as expected. This data isn't considered part of the result data returned by an operation, so it's available through this separate, diagnostic interface.

Response metadata is only cached for a limited period of time, so if you need to access this extra diagnostic information for an executed request, you should use this method to retrieve it as soon as possible after executing a request.

Parameters:

request - The originally executed request.

Returns:

The response metadata for the specified request, or null if none is available.