com.amazonaws.services.ssoadmin

Interface AWSSSOAdmin

All Known Subinterfaces:

AWSSSOAdminAsync

All Known Implementing Classes:

AbstractAWSSSOAdmin, AbstractAWSSSOAdminAsync, AWSSSOAdminAsyncClient, AWSSSOAdminClient

@Generated(value="com.amazonaws:aws-java-sdk-code-generator")
public interface AWSSSOAdmin

Interface for accessing SSO Admin.

Note: Do not directly implement this interface, new methods are added to it regularly. Extend from AbstractAWSSSOAdmin instead.

Amazon Web Services Single Sign On (SSO) is a cloud SSO service that makes it easy to centrally manage SSO access to multiple Amazon Web Services accounts and business applications. This guide provides information on SSO operations which could be used for access management of Amazon Web Services accounts. For information about Amazon Web Services SSO features, see the Amazon Web Services Single Sign-On User Guide.

Many operations in the SSO APIs rely on identifiers for users and groups, known as principals. For more information about how to work with principals and principal IDs in Amazon Web Services SSO, see the Amazon Web Services SSO Identity Store API Reference.

Field Summary

Fields

Modifier and Type	Field and Description
static String	ENDPOINT_PREFIX The region metadata service name for computing region endpoints.

Method Summary

Modifier and Type	Method and Description
AttachManagedPolicyToPermissionSetResult	attachManagedPolicyToPermissionSet(AttachManagedPolicyToPermissionSetRequest attachManagedPolicyToPermissionSetRequest) Attaches an IAM managed policy ARN to a permission set.
CreateAccountAssignmentResult	createAccountAssignment(CreateAccountAssignmentRequest createAccountAssignmentRequest) Assigns access to a principal for a specified Amazon Web Services account using a specified permission set.
CreateInstanceAccessControlAttributeConfigurationResult	createInstanceAccessControlAttributeConfiguration(CreateInstanceAccessControlAttributeConfigurationRequest createInstanceAccessControlAttributeConfigurationRequest) Enables the attributes-based access control (ABAC) feature for the specified Amazon Web Services SSO instance.
CreatePermissionSetResult	createPermissionSet(CreatePermissionSetRequest createPermissionSetRequest) Creates a permission set within a specified SSO instance.
DeleteAccountAssignmentResult	deleteAccountAssignment(DeleteAccountAssignmentRequest deleteAccountAssignmentRequest) Deletes a principal's access from a specified Amazon Web Services account using a specified permission set.
DeleteInlinePolicyFromPermissionSetResult	deleteInlinePolicyFromPermissionSet(DeleteInlinePolicyFromPermissionSetRequest deleteInlinePolicyFromPermissionSetRequest) Deletes the inline policy from a specified permission set.
DeleteInstanceAccessControlAttributeConfigurationResult	deleteInstanceAccessControlAttributeConfiguration(DeleteInstanceAccessControlAttributeConfigurationRequest deleteInstanceAccessControlAttributeConfigurationRequest) Disables the attributes-based access control (ABAC) feature for the specified Amazon Web Services SSO instance and deletes all of the attribute mappings that have been configured.
DeletePermissionSetResult	deletePermissionSet(DeletePermissionSetRequest deletePermissionSetRequest) Deletes the specified permission set.
DescribeAccountAssignmentCreationStatusResult	describeAccountAssignmentCreationStatus(DescribeAccountAssignmentCreationStatusRequest describeAccountAssignmentCreationStatusRequest) Describes the status of the assignment creation request.
DescribeAccountAssignmentDeletionStatusResult	describeAccountAssignmentDeletionStatus(DescribeAccountAssignmentDeletionStatusRequest describeAccountAssignmentDeletionStatusRequest) Describes the status of the assignment deletion request.
DescribeInstanceAccessControlAttributeConfigurationResult	describeInstanceAccessControlAttributeConfiguration(DescribeInstanceAccessControlAttributeConfigurationRequest describeInstanceAccessControlAttributeConfigurationRequest) Returns the list of Amazon Web Services SSO identity store attributes that have been configured to work with attributes-based access control (ABAC) for the specified Amazon Web Services SSO instance.
DescribePermissionSetResult	describePermissionSet(DescribePermissionSetRequest describePermissionSetRequest) Gets the details of the permission set.
DescribePermissionSetProvisioningStatusResult	describePermissionSetProvisioningStatus(DescribePermissionSetProvisioningStatusRequest describePermissionSetProvisioningStatusRequest) Describes the status for the given permission set provisioning request.
DetachManagedPolicyFromPermissionSetResult	detachManagedPolicyFromPermissionSet(DetachManagedPolicyFromPermissionSetRequest detachManagedPolicyFromPermissionSetRequest) Detaches the attached IAM managed policy ARN from the specified permission set.
ResponseMetadata	getCachedResponseMetadata(AmazonWebServiceRequest request) Returns additional metadata for a previously executed successful request, typically used for debugging issues where a service isn't acting as expected.
GetInlinePolicyForPermissionSetResult	getInlinePolicyForPermissionSet(GetInlinePolicyForPermissionSetRequest getInlinePolicyForPermissionSetRequest) Obtains the inline policy assigned to the permission set.
ListAccountAssignmentCreationStatusResult	listAccountAssignmentCreationStatus(ListAccountAssignmentCreationStatusRequest listAccountAssignmentCreationStatusRequest) Lists the status of the Amazon Web Services account assignment creation requests for a specified SSO instance.
ListAccountAssignmentDeletionStatusResult	listAccountAssignmentDeletionStatus(ListAccountAssignmentDeletionStatusRequest listAccountAssignmentDeletionStatusRequest) Lists the status of the Amazon Web Services account assignment deletion requests for a specified SSO instance.
ListAccountAssignmentsResult	listAccountAssignments(ListAccountAssignmentsRequest listAccountAssignmentsRequest) Lists the assignee of the specified Amazon Web Services account with the specified permission set.
ListAccountsForProvisionedPermissionSetResult	listAccountsForProvisionedPermissionSet(ListAccountsForProvisionedPermissionSetRequest listAccountsForProvisionedPermissionSetRequest) Lists all the Amazon Web Services accounts where the specified permission set is provisioned.
ListInstancesResult	listInstances(ListInstancesRequest listInstancesRequest) Lists the SSO instances that the caller has access to.
ListManagedPoliciesInPermissionSetResult	listManagedPoliciesInPermissionSet(ListManagedPoliciesInPermissionSetRequest listManagedPoliciesInPermissionSetRequest) Lists the IAM managed policy that is attached to a specified permission set.
ListPermissionSetProvisioningStatusResult	listPermissionSetProvisioningStatus(ListPermissionSetProvisioningStatusRequest listPermissionSetProvisioningStatusRequest) Lists the status of the permission set provisioning requests for a specified SSO instance.
ListPermissionSetsResult	listPermissionSets(ListPermissionSetsRequest listPermissionSetsRequest) Lists the PermissionSets in an SSO instance.
ListPermissionSetsProvisionedToAccountResult	listPermissionSetsProvisionedToAccount(ListPermissionSetsProvisionedToAccountRequest listPermissionSetsProvisionedToAccountRequest) Lists all the permission sets that are provisioned to a specified Amazon Web Services account.
ListTagsForResourceResult	listTagsForResource(ListTagsForResourceRequest listTagsForResourceRequest) Lists the tags that are attached to a specified resource.
ProvisionPermissionSetResult	provisionPermissionSet(ProvisionPermissionSetRequest provisionPermissionSetRequest) The process by which a specified permission set is provisioned to the specified target.
PutInlinePolicyToPermissionSetResult	putInlinePolicyToPermissionSet(PutInlinePolicyToPermissionSetRequest putInlinePolicyToPermissionSetRequest) Attaches an IAM inline policy to a permission set.
void	shutdown() Shuts down this client object, releasing any resources that might be held open.
TagResourceResult	tagResource(TagResourceRequest tagResourceRequest) Associates a set of tags with a specified resource.
UntagResourceResult	untagResource(UntagResourceRequest untagResourceRequest) Disassociates a set of tags from a specified resource.
UpdateInstanceAccessControlAttributeConfigurationResult	updateInstanceAccessControlAttributeConfiguration(UpdateInstanceAccessControlAttributeConfigurationRequest updateInstanceAccessControlAttributeConfigurationRequest) Updates the Amazon Web Services SSO identity store attributes that you can use with the Amazon Web Services SSO instance for attributes-based access control (ABAC).
UpdatePermissionSetResult	updatePermissionSet(UpdatePermissionSetRequest updatePermissionSetRequest) Updates an existing permission set.

Field Detail

ENDPOINT_PREFIX

static final String ENDPOINT_PREFIX

The region metadata service name for computing region endpoints. You can use this value to retrieve metadata (such as supported regions) of the service.

See Also:

RegionUtils.getRegionsForService(String), Constant Field Values

Method Detail

attachManagedPolicyToPermissionSet

AttachManagedPolicyToPermissionSetResult attachManagedPolicyToPermissionSet(AttachManagedPolicyToPermissionSetRequest attachManagedPolicyToPermissionSetRequest)

Attaches an IAM managed policy ARN to a permission set.

If the permission set is already referenced by one or more account assignments, you will need to call ProvisionPermissionSet after this operation. Calling ProvisionPermissionSet applies the corresponding IAM policy updates to all assigned accounts.

Parameters:

attachManagedPolicyToPermissionSetRequest -

Returns:

Result of the AttachManagedPolicyToPermissionSet operation returned by the service.

Throws:

ResourceNotFoundException - Indicates that a requested resource is not found.

InternalServerException - The request processing has failed because of an unknown error, exception, or failure with an internal server.

ServiceQuotaExceededException - Indicates that the principal has crossed the permitted number of resources that can be created.

ThrottlingException - Indicates that the principal has crossed the throttling limits of the API operations.

ValidationException - The request failed because it contains a syntax error.

AccessDeniedException - You do not have sufficient access to perform this action.

ConflictException - Occurs when a conflict with a previous successful write is detected. This generally occurs when the previous write did not have time to propagate to the host serving the current request. A retry (with appropriate backoff logic) is the recommended response to this exception.

See Also:

AWS API Documentation

createAccountAssignment

CreateAccountAssignmentResult createAccountAssignment(CreateAccountAssignmentRequest createAccountAssignmentRequest)

Assigns access to a principal for a specified Amazon Web Services account using a specified permission set.

The term principal here refers to a user or group that is defined in Amazon Web Services SSO.

As part of a successful CreateAccountAssignment call, the specified permission set will automatically be provisioned to the account in the form of an IAM policy. That policy is attached to the SSO-created IAM role. If the permission set is subsequently updated, the corresponding IAM policies attached to roles in your accounts will not be updated automatically. In this case, you must call ProvisionPermissionSet to make these updates.

Parameters:

createAccountAssignmentRequest -

Returns:

Result of the CreateAccountAssignment operation returned by the service.

Throws:

ResourceNotFoundException - Indicates that a requested resource is not found.

InternalServerException - The request processing has failed because of an unknown error, exception, or failure with an internal server.

ServiceQuotaExceededException - Indicates that the principal has crossed the permitted number of resources that can be created.

ThrottlingException - Indicates that the principal has crossed the throttling limits of the API operations.

ValidationException - The request failed because it contains a syntax error.

AccessDeniedException - You do not have sufficient access to perform this action.

ConflictException - Occurs when a conflict with a previous successful write is detected. This generally occurs when the previous write did not have time to propagate to the host serving the current request. A retry (with appropriate backoff logic) is the recommended response to this exception.

See Also:

AWS API Documentation

createInstanceAccessControlAttributeConfiguration

CreateInstanceAccessControlAttributeConfigurationResult createInstanceAccessControlAttributeConfiguration(CreateInstanceAccessControlAttributeConfigurationRequest createInstanceAccessControlAttributeConfigurationRequest)

Enables the attributes-based access control (ABAC) feature for the specified Amazon Web Services SSO instance. You can also specify new attributes to add to your ABAC configuration during the enabling process. For more information about ABAC, see Attribute-Based Access Control in the Amazon Web Services SSO User Guide.

Parameters:

createInstanceAccessControlAttributeConfigurationRequest -

Returns:

Result of the CreateInstanceAccessControlAttributeConfiguration operation returned by the service.

Throws:

InternalServerException - The request processing has failed because of an unknown error, exception, or failure with an internal server.

AccessDeniedException - You do not have sufficient access to perform this action.

ThrottlingException - Indicates that the principal has crossed the throttling limits of the API operations.

ValidationException - The request failed because it contains a syntax error.

ResourceNotFoundException - Indicates that a requested resource is not found.

ConflictException - Occurs when a conflict with a previous successful write is detected. This generally occurs when the previous write did not have time to propagate to the host serving the current request. A retry (with appropriate backoff logic) is the recommended response to this exception.

See Also:

AWS API Documentation

createPermissionSet

CreatePermissionSetResult createPermissionSet(CreatePermissionSetRequest createPermissionSetRequest)

Creates a permission set within a specified SSO instance.

To grant users and groups access to Amazon Web Services account resources, use CreateAccountAssignment .

Parameters:

createPermissionSetRequest -

Returns:

Result of the CreatePermissionSet operation returned by the service.

Throws:

ResourceNotFoundException - Indicates that a requested resource is not found.

InternalServerException - The request processing has failed because of an unknown error, exception, or failure with an internal server.

ServiceQuotaExceededException - Indicates that the principal has crossed the permitted number of resources that can be created.

ThrottlingException - Indicates that the principal has crossed the throttling limits of the API operations.

ValidationException - The request failed because it contains a syntax error.

AccessDeniedException - You do not have sufficient access to perform this action.

ConflictException - Occurs when a conflict with a previous successful write is detected. This generally occurs when the previous write did not have time to propagate to the host serving the current request. A retry (with appropriate backoff logic) is the recommended response to this exception.

See Also:

AWS API Documentation

deleteAccountAssignment

DeleteAccountAssignmentResult deleteAccountAssignment(DeleteAccountAssignmentRequest deleteAccountAssignmentRequest)

Deletes a principal's access from a specified Amazon Web Services account using a specified permission set.

Parameters:

deleteAccountAssignmentRequest -

Returns:

Result of the DeleteAccountAssignment operation returned by the service.

Throws:

ResourceNotFoundException - Indicates that a requested resource is not found.

InternalServerException - The request processing has failed because of an unknown error, exception, or failure with an internal server.

ThrottlingException - Indicates that the principal has crossed the throttling limits of the API operations.

ValidationException - The request failed because it contains a syntax error.

AccessDeniedException - You do not have sufficient access to perform this action.

ConflictException - Occurs when a conflict with a previous successful write is detected. This generally occurs when the previous write did not have time to propagate to the host serving the current request. A retry (with appropriate backoff logic) is the recommended response to this exception.

See Also:

AWS API Documentation

deleteInlinePolicyFromPermissionSet

DeleteInlinePolicyFromPermissionSetResult deleteInlinePolicyFromPermissionSet(DeleteInlinePolicyFromPermissionSetRequest deleteInlinePolicyFromPermissionSetRequest)

Deletes the inline policy from a specified permission set.

Parameters:

deleteInlinePolicyFromPermissionSetRequest -

Returns:

Result of the DeleteInlinePolicyFromPermissionSet operation returned by the service.

Throws:

ResourceNotFoundException - Indicates that a requested resource is not found.

InternalServerException - The request processing has failed because of an unknown error, exception, or failure with an internal server.

ThrottlingException - Indicates that the principal has crossed the throttling limits of the API operations.

ValidationException - The request failed because it contains a syntax error.

AccessDeniedException - You do not have sufficient access to perform this action.

ConflictException - Occurs when a conflict with a previous successful write is detected. This generally occurs when the previous write did not have time to propagate to the host serving the current request. A retry (with appropriate backoff logic) is the recommended response to this exception.

See Also:

AWS API Documentation

deleteInstanceAccessControlAttributeConfiguration

DeleteInstanceAccessControlAttributeConfigurationResult deleteInstanceAccessControlAttributeConfiguration(DeleteInstanceAccessControlAttributeConfigurationRequest deleteInstanceAccessControlAttributeConfigurationRequest)

Disables the attributes-based access control (ABAC) feature for the specified Amazon Web Services SSO instance and deletes all of the attribute mappings that have been configured. Once deleted, any attributes that are received from an identity source and any custom attributes you have previously configured will not be passed. For more information about ABAC, see Attribute-Based Access Control in the Amazon Web Services SSO User Guide.

Parameters:

deleteInstanceAccessControlAttributeConfigurationRequest -

Returns:

Result of the DeleteInstanceAccessControlAttributeConfiguration operation returned by the service.

Throws:

InternalServerException - The request processing has failed because of an unknown error, exception, or failure with an internal server.

AccessDeniedException - You do not have sufficient access to perform this action.

ThrottlingException - Indicates that the principal has crossed the throttling limits of the API operations.

ValidationException - The request failed because it contains a syntax error.

ResourceNotFoundException - Indicates that a requested resource is not found.

ConflictException - Occurs when a conflict with a previous successful write is detected. This generally occurs when the previous write did not have time to propagate to the host serving the current request. A retry (with appropriate backoff logic) is the recommended response to this exception.

See Also:

AWS API Documentation

deletePermissionSet

DeletePermissionSetResult deletePermissionSet(DeletePermissionSetRequest deletePermissionSetRequest)

Deletes the specified permission set.

Parameters:

deletePermissionSetRequest -

Returns:

Result of the DeletePermissionSet operation returned by the service.

Throws:

ResourceNotFoundException - Indicates that a requested resource is not found.

InternalServerException - The request processing has failed because of an unknown error, exception, or failure with an internal server.

ThrottlingException - Indicates that the principal has crossed the throttling limits of the API operations.

ValidationException - The request failed because it contains a syntax error.

AccessDeniedException - You do not have sufficient access to perform this action.

ConflictException - Occurs when a conflict with a previous successful write is detected. This generally occurs when the previous write did not have time to propagate to the host serving the current request. A retry (with appropriate backoff logic) is the recommended response to this exception.

See Also:

AWS API Documentation

describeAccountAssignmentCreationStatus

DescribeAccountAssignmentCreationStatusResult describeAccountAssignmentCreationStatus(DescribeAccountAssignmentCreationStatusRequest describeAccountAssignmentCreationStatusRequest)

Describes the status of the assignment creation request.

Parameters:

describeAccountAssignmentCreationStatusRequest -

Returns:

Result of the DescribeAccountAssignmentCreationStatus operation returned by the service.

Throws:

ResourceNotFoundException - Indicates that a requested resource is not found.

InternalServerException - The request processing has failed because of an unknown error, exception, or failure with an internal server.

ThrottlingException - Indicates that the principal has crossed the throttling limits of the API operations.

ValidationException - The request failed because it contains a syntax error.

AccessDeniedException - You do not have sufficient access to perform this action.

See Also:

AWS API Documentation

describeAccountAssignmentDeletionStatus

DescribeAccountAssignmentDeletionStatusResult describeAccountAssignmentDeletionStatus(DescribeAccountAssignmentDeletionStatusRequest describeAccountAssignmentDeletionStatusRequest)

Describes the status of the assignment deletion request.

Parameters:

describeAccountAssignmentDeletionStatusRequest -

Returns:

Result of the DescribeAccountAssignmentDeletionStatus operation returned by the service.

Throws:

ResourceNotFoundException - Indicates that a requested resource is not found.

InternalServerException - The request processing has failed because of an unknown error, exception, or failure with an internal server.

ThrottlingException - Indicates that the principal has crossed the throttling limits of the API operations.

ValidationException - The request failed because it contains a syntax error.

AccessDeniedException - You do not have sufficient access to perform this action.

See Also:

AWS API Documentation

describeInstanceAccessControlAttributeConfiguration

DescribeInstanceAccessControlAttributeConfigurationResult describeInstanceAccessControlAttributeConfiguration(DescribeInstanceAccessControlAttributeConfigurationRequest describeInstanceAccessControlAttributeConfigurationRequest)

Returns the list of Amazon Web Services SSO identity store attributes that have been configured to work with attributes-based access control (ABAC) for the specified Amazon Web Services SSO instance. This will not return attributes configured and sent by an external identity provider. For more information about ABAC, see Attribute-Based Access Control in the Amazon Web Services SSO User Guide.

Parameters:

describeInstanceAccessControlAttributeConfigurationRequest -

Returns:

Result of the DescribeInstanceAccessControlAttributeConfiguration operation returned by the service.

Throws:

ResourceNotFoundException - Indicates that a requested resource is not found.

InternalServerException - The request processing has failed because of an unknown error, exception, or failure with an internal server.

AccessDeniedException - You do not have sufficient access to perform this action.

ThrottlingException - Indicates that the principal has crossed the throttling limits of the API operations.

ValidationException - The request failed because it contains a syntax error.

See Also:

AWS API Documentation

describePermissionSet

DescribePermissionSetResult describePermissionSet(DescribePermissionSetRequest describePermissionSetRequest)

Gets the details of the permission set.

Parameters:

describePermissionSetRequest -

Returns:

Result of the DescribePermissionSet operation returned by the service.

Throws:

ResourceNotFoundException - Indicates that a requested resource is not found.

InternalServerException - The request processing has failed because of an unknown error, exception, or failure with an internal server.

ThrottlingException - Indicates that the principal has crossed the throttling limits of the API operations.

ValidationException - The request failed because it contains a syntax error.

AccessDeniedException - You do not have sufficient access to perform this action.

See Also:

AWS API Documentation

describePermissionSetProvisioningStatus

DescribePermissionSetProvisioningStatusResult describePermissionSetProvisioningStatus(DescribePermissionSetProvisioningStatusRequest describePermissionSetProvisioningStatusRequest)

Describes the status for the given permission set provisioning request.

Parameters:

describePermissionSetProvisioningStatusRequest -

Returns:

Result of the DescribePermissionSetProvisioningStatus operation returned by the service.

Throws:

ResourceNotFoundException - Indicates that a requested resource is not found.

InternalServerException - The request processing has failed because of an unknown error, exception, or failure with an internal server.

ThrottlingException - Indicates that the principal has crossed the throttling limits of the API operations.

ValidationException - The request failed because it contains a syntax error.

AccessDeniedException - You do not have sufficient access to perform this action.

See Also:

AWS API Documentation

detachManagedPolicyFromPermissionSet

DetachManagedPolicyFromPermissionSetResult detachManagedPolicyFromPermissionSet(DetachManagedPolicyFromPermissionSetRequest detachManagedPolicyFromPermissionSetRequest)

Detaches the attached IAM managed policy ARN from the specified permission set.

Parameters:

detachManagedPolicyFromPermissionSetRequest -

Returns:

Result of the DetachManagedPolicyFromPermissionSet operation returned by the service.

Throws:

ResourceNotFoundException - Indicates that a requested resource is not found.

InternalServerException - The request processing has failed because of an unknown error, exception, or failure with an internal server.

ThrottlingException - Indicates that the principal has crossed the throttling limits of the API operations.

ValidationException - The request failed because it contains a syntax error.

AccessDeniedException - You do not have sufficient access to perform this action.

ConflictException - Occurs when a conflict with a previous successful write is detected. This generally occurs when the previous write did not have time to propagate to the host serving the current request. A retry (with appropriate backoff logic) is the recommended response to this exception.

See Also:

AWS API Documentation

getInlinePolicyForPermissionSet

GetInlinePolicyForPermissionSetResult getInlinePolicyForPermissionSet(GetInlinePolicyForPermissionSetRequest getInlinePolicyForPermissionSetRequest)

Obtains the inline policy assigned to the permission set.

Parameters:

getInlinePolicyForPermissionSetRequest -

Returns:

Result of the GetInlinePolicyForPermissionSet operation returned by the service.

Throws:

ResourceNotFoundException - Indicates that a requested resource is not found.

InternalServerException - The request processing has failed because of an unknown error, exception, or failure with an internal server.

ThrottlingException - Indicates that the principal has crossed the throttling limits of the API operations.

ValidationException - The request failed because it contains a syntax error.

AccessDeniedException - You do not have sufficient access to perform this action.

See Also:

AWS API Documentation

listAccountAssignmentCreationStatus

ListAccountAssignmentCreationStatusResult listAccountAssignmentCreationStatus(ListAccountAssignmentCreationStatusRequest listAccountAssignmentCreationStatusRequest)

Lists the status of the Amazon Web Services account assignment creation requests for a specified SSO instance.

Parameters:

listAccountAssignmentCreationStatusRequest -

Returns:

Result of the ListAccountAssignmentCreationStatus operation returned by the service.

Throws:

ResourceNotFoundException - Indicates that a requested resource is not found.

InternalServerException - The request processing has failed because of an unknown error, exception, or failure with an internal server.

ThrottlingException - Indicates that the principal has crossed the throttling limits of the API operations.

ValidationException - The request failed because it contains a syntax error.

AccessDeniedException - You do not have sufficient access to perform this action.

See Also:

AWS API Documentation

listAccountAssignmentDeletionStatus

ListAccountAssignmentDeletionStatusResult listAccountAssignmentDeletionStatus(ListAccountAssignmentDeletionStatusRequest listAccountAssignmentDeletionStatusRequest)

Lists the status of the Amazon Web Services account assignment deletion requests for a specified SSO instance.

Parameters:

listAccountAssignmentDeletionStatusRequest -

Returns:

Result of the ListAccountAssignmentDeletionStatus operation returned by the service.

Throws:

ResourceNotFoundException - Indicates that a requested resource is not found.

InternalServerException - The request processing has failed because of an unknown error, exception, or failure with an internal server.

ThrottlingException - Indicates that the principal has crossed the throttling limits of the API operations.

ValidationException - The request failed because it contains a syntax error.

AccessDeniedException - You do not have sufficient access to perform this action.

See Also:

AWS API Documentation

listAccountAssignments

ListAccountAssignmentsResult listAccountAssignments(ListAccountAssignmentsRequest listAccountAssignmentsRequest)

Lists the assignee of the specified Amazon Web Services account with the specified permission set.

Parameters:

listAccountAssignmentsRequest -

Returns:

Result of the ListAccountAssignments operation returned by the service.

Throws:

ResourceNotFoundException - Indicates that a requested resource is not found.

InternalServerException - The request processing has failed because of an unknown error, exception, or failure with an internal server.

ThrottlingException - Indicates that the principal has crossed the throttling limits of the API operations.

ValidationException - The request failed because it contains a syntax error.

AccessDeniedException - You do not have sufficient access to perform this action.

See Also:

AWS API Documentation

listAccountsForProvisionedPermissionSet

ListAccountsForProvisionedPermissionSetResult listAccountsForProvisionedPermissionSet(ListAccountsForProvisionedPermissionSetRequest listAccountsForProvisionedPermissionSetRequest)

Lists all the Amazon Web Services accounts where the specified permission set is provisioned.

Parameters:

listAccountsForProvisionedPermissionSetRequest -

Returns:

Result of the ListAccountsForProvisionedPermissionSet operation returned by the service.

Throws:

ResourceNotFoundException - Indicates that a requested resource is not found.

InternalServerException - The request processing has failed because of an unknown error, exception, or failure with an internal server.

ThrottlingException - Indicates that the principal has crossed the throttling limits of the API operations.

ValidationException - The request failed because it contains a syntax error.

AccessDeniedException - You do not have sufficient access to perform this action.

See Also:

AWS API Documentation

listInstances

ListInstancesResult listInstances(ListInstancesRequest listInstancesRequest)

Lists the SSO instances that the caller has access to.

Parameters:

listInstancesRequest -

Returns:

Result of the ListInstances operation returned by the service.

Throws:

InternalServerException - The request processing has failed because of an unknown error, exception, or failure with an internal server.

ThrottlingException - Indicates that the principal has crossed the throttling limits of the API operations.

AccessDeniedException - You do not have sufficient access to perform this action.

ValidationException - The request failed because it contains a syntax error.

See Also:

AWS API Documentation

listManagedPoliciesInPermissionSet

ListManagedPoliciesInPermissionSetResult listManagedPoliciesInPermissionSet(ListManagedPoliciesInPermissionSetRequest listManagedPoliciesInPermissionSetRequest)

Lists the IAM managed policy that is attached to a specified permission set.

Parameters:

listManagedPoliciesInPermissionSetRequest -

Returns:

Result of the ListManagedPoliciesInPermissionSet operation returned by the service.

Throws:

ResourceNotFoundException - Indicates that a requested resource is not found.

InternalServerException - The request processing has failed because of an unknown error, exception, or failure with an internal server.

ThrottlingException - Indicates that the principal has crossed the throttling limits of the API operations.

ValidationException - The request failed because it contains a syntax error.

AccessDeniedException - You do not have sufficient access to perform this action.

See Also:

AWS API Documentation

listPermissionSetProvisioningStatus

ListPermissionSetProvisioningStatusResult listPermissionSetProvisioningStatus(ListPermissionSetProvisioningStatusRequest listPermissionSetProvisioningStatusRequest)

Lists the status of the permission set provisioning requests for a specified SSO instance.

Parameters:

listPermissionSetProvisioningStatusRequest -

Returns:

Result of the ListPermissionSetProvisioningStatus operation returned by the service.

Throws:

ResourceNotFoundException - Indicates that a requested resource is not found.

InternalServerException - The request processing has failed because of an unknown error, exception, or failure with an internal server.

ThrottlingException - Indicates that the principal has crossed the throttling limits of the API operations.

ValidationException - The request failed because it contains a syntax error.

AccessDeniedException - You do not have sufficient access to perform this action.

See Also:

AWS API Documentation

listPermissionSets

ListPermissionSetsResult listPermissionSets(ListPermissionSetsRequest listPermissionSetsRequest)

Lists the PermissionSets in an SSO instance.

Parameters:

listPermissionSetsRequest -

Returns:

Result of the ListPermissionSets operation returned by the service.

Throws:

ResourceNotFoundException - Indicates that a requested resource is not found.

InternalServerException - The request processing has failed because of an unknown error, exception, or failure with an internal server.

ThrottlingException - Indicates that the principal has crossed the throttling limits of the API operations.

ValidationException - The request failed because it contains a syntax error.

AccessDeniedException - You do not have sufficient access to perform this action.

See Also:

AWS API Documentation

listPermissionSetsProvisionedToAccount

ListPermissionSetsProvisionedToAccountResult listPermissionSetsProvisionedToAccount(ListPermissionSetsProvisionedToAccountRequest listPermissionSetsProvisionedToAccountRequest)

Lists all the permission sets that are provisioned to a specified Amazon Web Services account.

Parameters:

listPermissionSetsProvisionedToAccountRequest -

Returns:

Result of the ListPermissionSetsProvisionedToAccount operation returned by the service.

Throws:

ResourceNotFoundException - Indicates that a requested resource is not found.

InternalServerException - The request processing has failed because of an unknown error, exception, or failure with an internal server.

ThrottlingException - Indicates that the principal has crossed the throttling limits of the API operations.

ValidationException - The request failed because it contains a syntax error.

AccessDeniedException - You do not have sufficient access to perform this action.

See Also:

AWS API Documentation

listTagsForResource

ListTagsForResourceResult listTagsForResource(ListTagsForResourceRequest listTagsForResourceRequest)

Lists the tags that are attached to a specified resource.

Parameters:

listTagsForResourceRequest -

Returns:

Result of the ListTagsForResource operation returned by the service.

Throws:

ResourceNotFoundException - Indicates that a requested resource is not found.

InternalServerException - The request processing has failed because of an unknown error, exception, or failure with an internal server.

ThrottlingException - Indicates that the principal has crossed the throttling limits of the API operations.

ValidationException - The request failed because it contains a syntax error.

AccessDeniedException - You do not have sufficient access to perform this action.

See Also:

AWS API Documentation

provisionPermissionSet

ProvisionPermissionSetResult provisionPermissionSet(ProvisionPermissionSetRequest provisionPermissionSetRequest)

The process by which a specified permission set is provisioned to the specified target.

Parameters:

provisionPermissionSetRequest -

Returns:

Result of the ProvisionPermissionSet operation returned by the service.

Throws:

ResourceNotFoundException - Indicates that a requested resource is not found.

InternalServerException - The request processing has failed because of an unknown error, exception, or failure with an internal server.

ThrottlingException - Indicates that the principal has crossed the throttling limits of the API operations.

ValidationException - The request failed because it contains a syntax error.

AccessDeniedException - You do not have sufficient access to perform this action.

ConflictException - Occurs when a conflict with a previous successful write is detected. This generally occurs when the previous write did not have time to propagate to the host serving the current request. A retry (with appropriate backoff logic) is the recommended response to this exception.

See Also:

AWS API Documentation

putInlinePolicyToPermissionSet

PutInlinePolicyToPermissionSetResult putInlinePolicyToPermissionSet(PutInlinePolicyToPermissionSetRequest putInlinePolicyToPermissionSetRequest)

Attaches an IAM inline policy to a permission set.

If the permission set is already referenced by one or more account assignments, you will need to call ProvisionPermissionSet after this action to apply the corresponding IAM policy updates to all assigned accounts.

Parameters:

putInlinePolicyToPermissionSetRequest -

Returns:

Result of the PutInlinePolicyToPermissionSet operation returned by the service.

Throws:

ResourceNotFoundException - Indicates that a requested resource is not found.

InternalServerException - The request processing has failed because of an unknown error, exception, or failure with an internal server.

ServiceQuotaExceededException - Indicates that the principal has crossed the permitted number of resources that can be created.

ThrottlingException - Indicates that the principal has crossed the throttling limits of the API operations.

ValidationException - The request failed because it contains a syntax error.

AccessDeniedException - You do not have sufficient access to perform this action.

ConflictException - Occurs when a conflict with a previous successful write is detected. This generally occurs when the previous write did not have time to propagate to the host serving the current request. A retry (with appropriate backoff logic) is the recommended response to this exception.

See Also:

AWS API Documentation

tagResource

TagResourceResult tagResource(TagResourceRequest tagResourceRequest)

Associates a set of tags with a specified resource.

Parameters:

tagResourceRequest -

Returns:

Result of the TagResource operation returned by the service.

Throws:

ResourceNotFoundException - Indicates that a requested resource is not found.

InternalServerException - The request processing has failed because of an unknown error, exception, or failure with an internal server.

ServiceQuotaExceededException - Indicates that the principal has crossed the permitted number of resources that can be created.

ThrottlingException - Indicates that the principal has crossed the throttling limits of the API operations.

ValidationException - The request failed because it contains a syntax error.

AccessDeniedException - You do not have sufficient access to perform this action.

ConflictException - Occurs when a conflict with a previous successful write is detected. This generally occurs when the previous write did not have time to propagate to the host serving the current request. A retry (with appropriate backoff logic) is the recommended response to this exception.

See Also:

AWS API Documentation

untagResource

UntagResourceResult untagResource(UntagResourceRequest untagResourceRequest)

Disassociates a set of tags from a specified resource.

Parameters:

untagResourceRequest -

Returns:

Result of the UntagResource operation returned by the service.

Throws:

ResourceNotFoundException - Indicates that a requested resource is not found.

InternalServerException - The request processing has failed because of an unknown error, exception, or failure with an internal server.

ThrottlingException - Indicates that the principal has crossed the throttling limits of the API operations.

ValidationException - The request failed because it contains a syntax error.

AccessDeniedException - You do not have sufficient access to perform this action.

ConflictException - Occurs when a conflict with a previous successful write is detected. This generally occurs when the previous write did not have time to propagate to the host serving the current request. A retry (with appropriate backoff logic) is the recommended response to this exception.

See Also:

AWS API Documentation

updateInstanceAccessControlAttributeConfiguration

UpdateInstanceAccessControlAttributeConfigurationResult updateInstanceAccessControlAttributeConfiguration(UpdateInstanceAccessControlAttributeConfigurationRequest updateInstanceAccessControlAttributeConfigurationRequest)

Updates the Amazon Web Services SSO identity store attributes that you can use with the Amazon Web Services SSO instance for attributes-based access control (ABAC). When using an external identity provider as an identity source, you can pass attributes through the SAML assertion as an alternative to configuring attributes from the Amazon Web Services SSO identity store. If a SAML assertion passes any of these attributes, Amazon Web Services SSO replaces the attribute value with the value from the Amazon Web Services SSO identity store. For more information about ABAC, see Attribute-Based Access Control in the Amazon Web Services SSO User Guide.

Parameters:

updateInstanceAccessControlAttributeConfigurationRequest -

Returns:

Result of the UpdateInstanceAccessControlAttributeConfiguration operation returned by the service.

Throws:

InternalServerException - The request processing has failed because of an unknown error, exception, or failure with an internal server.

AccessDeniedException - You do not have sufficient access to perform this action.

ThrottlingException - Indicates that the principal has crossed the throttling limits of the API operations.

ValidationException - The request failed because it contains a syntax error.

ResourceNotFoundException - Indicates that a requested resource is not found.

ConflictException - Occurs when a conflict with a previous successful write is detected. This generally occurs when the previous write did not have time to propagate to the host serving the current request. A retry (with appropriate backoff logic) is the recommended response to this exception.

See Also:

AWS API Documentation

updatePermissionSet

UpdatePermissionSetResult updatePermissionSet(UpdatePermissionSetRequest updatePermissionSetRequest)

Updates an existing permission set.

Parameters:

updatePermissionSetRequest -

Returns:

Result of the UpdatePermissionSet operation returned by the service.

Throws:

ResourceNotFoundException - Indicates that a requested resource is not found.

InternalServerException - The request processing has failed because of an unknown error, exception, or failure with an internal server.

ThrottlingException - Indicates that the principal has crossed the throttling limits of the API operations.

ValidationException - The request failed because it contains a syntax error.

AccessDeniedException - You do not have sufficient access to perform this action.

ConflictException - Occurs when a conflict with a previous successful write is detected. This generally occurs when the previous write did not have time to propagate to the host serving the current request. A retry (with appropriate backoff logic) is the recommended response to this exception.

See Also:

AWS API Documentation

shutdown

void shutdown()

Shuts down this client object, releasing any resources that might be held open. This is an optional method, and callers are not expected to call it, but can if they want to explicitly release any open resources. Once a client has been shutdown, it should not be used to make any more requests.

getCachedResponseMetadata

ResponseMetadata getCachedResponseMetadata(AmazonWebServiceRequest request)

Returns additional metadata for a previously executed successful request, typically used for debugging issues where a service isn't acting as expected. This data isn't considered part of the result data returned by an operation, so it's available through this separate, diagnostic interface.

Response metadata is only cached for a limited period of time, so if you need to access this extra diagnostic information for an executed request, you should use this method to retrieve it as soon as possible after executing a request.

Parameters:

request - The originally executed request.

Returns:

The response metadata for the specified request, or null if none is available.