openapi: 3.0.0 info: version: 2020-07-20 x-release: v4 title: AWS Single Sign-On Admin description:

AWS IAM Identity Center (successor to AWS Single Sign-On) helps you securely create, or connect, your workforce identities and manage their access centrally across AWS accounts and applications. IAM Identity Center is the recommended approach for workforce authentication and authorization in AWS, for organizations of any size and type.

Although AWS Single Sign-On was renamed, the sso and identitystore API namespaces will continue to retain their original name for backward compatibility purposes. For more information, see IAM Identity Center rename.

This reference guide provides information on single sign-on operations which could be used for access management of AWS accounts. For information about IAM Identity Center features, see the IAM Identity Center User Guide.

Many operations in the IAM Identity Center APIs rely on identifiers for users and groups, known as principals. For more information about how to work with principals and principal IDs in IAM Identity Center, see the Identity Store API Reference.

AWS provides SDKs that consist of libraries and sample code for various programming languages and platforms (Java, Ruby, .Net, iOS, Android, and more). The SDKs provide a convenient way to create programmatic access to IAM Identity Center and other AWS services. For more information about the AWS SDKs, including how to download and install them, see Tools for Amazon Web Services.

x-logo: url: https://api.apis.guru/v2/cache/logo/https_twitter.com_awscloud_profile_image.png backgroundColor: "#FFFFFF" termsOfService: https://aws.amazon.com/service-terms/ contact: name: Mike Ralphson email: mike.ralphson@gmail.com url: https://github.com/mermade/aws2openapi x-twitter: PermittedSoc license: name: Apache 2.0 License url: http://www.apache.org/licenses/ x-providerName: amazonaws.com x-serviceName: sso-admin x-aws-signingName: sso x-origin: - contentType: application/json url: https://raw.githubusercontent.com/aws/aws-sdk-js/master/apis/sso-admin-2020-07-20.normal.json converter: url: https://github.com/mermade/aws2openapi version: 1.0.0 x-apisguru-driver: external x-apiClientRegistration: url: https://portal.aws.amazon.com/gp/aws/developer/registration/index.html?nc2=h_ct x-apisguru-categories: - cloud x-preferred: true externalDocs: description: Amazon Web Services documentation url: https://docs.aws.amazon.com/sso/ servers: - url: http://sso.{region}.amazonaws.com variables: region: description: The AWS region enum: - us-east-1 - us-east-2 - us-west-1 - us-west-2 - us-gov-west-1 - us-gov-east-1 - ca-central-1 - eu-north-1 - eu-west-1 - eu-west-2 - eu-west-3 - eu-central-1 - eu-south-1 - af-south-1 - ap-northeast-1 - ap-northeast-2 - ap-northeast-3 - ap-southeast-1 - ap-southeast-2 - ap-east-1 - ap-south-1 - sa-east-1 - me-south-1 default: us-east-1 description: The SSO Admin multi-region endpoint - url: https://sso.{region}.amazonaws.com variables: region: description: The AWS region enum: - us-east-1 - us-east-2 - us-west-1 - us-west-2 - us-gov-west-1 - us-gov-east-1 - ca-central-1 - eu-north-1 - eu-west-1 - eu-west-2 - eu-west-3 - eu-central-1 - eu-south-1 - af-south-1 - ap-northeast-1 - ap-northeast-2 - ap-northeast-3 - ap-southeast-1 - ap-southeast-2 - ap-east-1 - ap-south-1 - sa-east-1 - me-south-1 default: us-east-1 description: The SSO Admin multi-region endpoint - url: http://sso.{region}.amazonaws.com.cn variables: region: description: The AWS region enum: - cn-north-1 - cn-northwest-1 default: cn-north-1 description: The SSO Admin endpoint for China (Beijing) and China (Ningxia) - url: https://sso.{region}.amazonaws.com.cn variables: region: description: The AWS region enum: - cn-north-1 - cn-northwest-1 default: cn-north-1 description: The SSO Admin endpoint for China (Beijing) and China (Ningxia) x-hasEquivalentPaths: true paths: /#X-Amz-Target=SWBExternalService.AttachCustomerManagedPolicyReferenceToPermissionSet: post: operationId: AttachCustomerManagedPolicyReferenceToPermissionSet description: Attaches the specified customer managed policy to the specified PermissionSet. responses: "200": description: Success content: application/json: schema: $ref: "#/components/schemas/AttachCustomerManagedPolicyReferenceToPermissionSetResponse" "480": description: ResourceNotFoundException content: application/json: schema: $ref: "#/components/schemas/ResourceNotFoundException" "481": description: InternalServerException content: application/json: schema: $ref: "#/components/schemas/InternalServerException" "482": description: ServiceQuotaExceededException content: application/json: schema: $ref: "#/components/schemas/ServiceQuotaExceededException" "483": description: ThrottlingException content: application/json: schema: $ref: "#/components/schemas/ThrottlingException" "484": description: ValidationException content: application/json: schema: $ref: "#/components/schemas/ValidationException" "485": description: AccessDeniedException content: application/json: schema: $ref: "#/components/schemas/AccessDeniedException" "486": description: ConflictException content: application/json: schema: $ref: "#/components/schemas/ConflictException" requestBody: required: true content: application/json: schema: $ref: "#/components/schemas/AttachCustomerManagedPolicyReferenceToPermissionSetRequest" parameters: - name: X-Amz-Target in: header required: true schema: type: string enum: - SWBExternalService.AttachCustomerManagedPolicyReferenceToPermissionSet summary: Amazon IAM Identity Center Attach Customer Managed Policy Reference to Permission Set x-microcks-operation: delay: 0 dispatcher: FALLBACK parameters: - $ref: "#/components/parameters/X-Amz-Content-Sha256" - $ref: "#/components/parameters/X-Amz-Date" - $ref: "#/components/parameters/X-Amz-Algorithm" - $ref: "#/components/parameters/X-Amz-Credential" - $ref: "#/components/parameters/X-Amz-Security-Token" - $ref: "#/components/parameters/X-Amz-Signature" - $ref: "#/components/parameters/X-Amz-SignedHeaders" /#X-Amz-Target=SWBExternalService.AttachManagedPolicyToPermissionSet: post: operationId: AttachManagedPolicyToPermissionSet description:

Attaches an AWS managed policy ARN to a permission set.

If the permission set is already referenced by one or more account assignments, you will need to call ProvisionPermissionSet after this operation. Calling ProvisionPermissionSet applies the corresponding IAM policy updates to all assigned accounts.

responses: "200": description: Success content: application/json: schema: $ref: "#/components/schemas/AttachManagedPolicyToPermissionSetResponse" "480": description: ResourceNotFoundException content: application/json: schema: $ref: "#/components/schemas/ResourceNotFoundException" "481": description: InternalServerException content: application/json: schema: $ref: "#/components/schemas/InternalServerException" "482": description: ServiceQuotaExceededException content: application/json: schema: $ref: "#/components/schemas/ServiceQuotaExceededException" "483": description: ThrottlingException content: application/json: schema: $ref: "#/components/schemas/ThrottlingException" "484": description: ValidationException content: application/json: schema: $ref: "#/components/schemas/ValidationException" "485": description: AccessDeniedException content: application/json: schema: $ref: "#/components/schemas/AccessDeniedException" "486": description: ConflictException content: application/json: schema: $ref: "#/components/schemas/ConflictException" requestBody: required: true content: application/json: schema: $ref: "#/components/schemas/AttachManagedPolicyToPermissionSetRequest" parameters: - name: X-Amz-Target in: header required: true schema: type: string enum: - SWBExternalService.AttachManagedPolicyToPermissionSet summary: Amazon IAM Identity Center Attach Managed Policy to Permission Set x-microcks-operation: delay: 0 dispatcher: FALLBACK parameters: - $ref: "#/components/parameters/X-Amz-Content-Sha256" - $ref: "#/components/parameters/X-Amz-Date" - $ref: "#/components/parameters/X-Amz-Algorithm" - $ref: "#/components/parameters/X-Amz-Credential" - $ref: "#/components/parameters/X-Amz-Security-Token" - $ref: "#/components/parameters/X-Amz-Signature" - $ref: "#/components/parameters/X-Amz-SignedHeaders" /#X-Amz-Target=SWBExternalService.CreateAccountAssignment: post: operationId: CreateAccountAssignment description:

Assigns access to a principal for a specified AWS account using a specified permission set.

The term principal here refers to a user or group that is defined in IAM Identity Center.

As part of a successful CreateAccountAssignment call, the specified permission set will automatically be provisioned to the account in the form of an IAM policy. That policy is attached to the IAM role created in IAM Identity Center. If the permission set is subsequently updated, the corresponding IAM policies attached to roles in your accounts will not be updated automatically. In this case, you must call ProvisionPermissionSet to make these updates.

After a successful response, call DescribeAccountAssignmentCreationStatus to describe the status of an assignment creation request.

responses: "200": description: Success content: application/json: schema: $ref: "#/components/schemas/CreateAccountAssignmentResponse" "480": description: ResourceNotFoundException content: application/json: schema: $ref: "#/components/schemas/ResourceNotFoundException" "481": description: InternalServerException content: application/json: schema: $ref: "#/components/schemas/InternalServerException" "482": description: ServiceQuotaExceededException content: application/json: schema: $ref: "#/components/schemas/ServiceQuotaExceededException" "483": description: ThrottlingException content: application/json: schema: $ref: "#/components/schemas/ThrottlingException" "484": description: ValidationException content: application/json: schema: $ref: "#/components/schemas/ValidationException" "485": description: AccessDeniedException content: application/json: schema: $ref: "#/components/schemas/AccessDeniedException" "486": description: ConflictException content: application/json: schema: $ref: "#/components/schemas/ConflictException" requestBody: required: true content: application/json: schema: $ref: "#/components/schemas/CreateAccountAssignmentRequest" parameters: - name: X-Amz-Target in: header required: true schema: type: string enum: - SWBExternalService.CreateAccountAssignment summary: Amazon IAM Identity Center Create Account Assignment x-microcks-operation: delay: 0 dispatcher: FALLBACK parameters: - $ref: "#/components/parameters/X-Amz-Content-Sha256" - $ref: "#/components/parameters/X-Amz-Date" - $ref: "#/components/parameters/X-Amz-Algorithm" - $ref: "#/components/parameters/X-Amz-Credential" - $ref: "#/components/parameters/X-Amz-Security-Token" - $ref: "#/components/parameters/X-Amz-Signature" - $ref: "#/components/parameters/X-Amz-SignedHeaders" /#X-Amz-Target=SWBExternalService.CreateInstanceAccessControlAttributeConfiguration: post: operationId: CreateInstanceAccessControlAttributeConfiguration description:

Enables the attributes-based access control (ABAC) feature for the specified IAM Identity Center instance. You can also specify new attributes to add to your ABAC configuration during the enabling process. For more information about ABAC, see Attribute-Based Access Control in the IAM Identity Center User Guide.

After a successful response, call DescribeInstanceAccessControlAttributeConfiguration to validate that InstanceAccessControlAttributeConfiguration was created.

responses: "200": description: Success content: application/json: schema: $ref: "#/components/schemas/CreateInstanceAccessControlAttributeConfigurationResponse" "480": description: InternalServerException content: application/json: schema: $ref: "#/components/schemas/InternalServerException" "481": description: AccessDeniedException content: application/json: schema: $ref: "#/components/schemas/AccessDeniedException" "482": description: ThrottlingException content: application/json: schema: $ref: "#/components/schemas/ThrottlingException" "483": description: ValidationException content: application/json: schema: $ref: "#/components/schemas/ValidationException" "484": description: ResourceNotFoundException content: application/json: schema: $ref: "#/components/schemas/ResourceNotFoundException" "485": description: ConflictException content: application/json: schema: $ref: "#/components/schemas/ConflictException" requestBody: required: true content: application/json: schema: $ref: "#/components/schemas/CreateInstanceAccessControlAttributeConfigurationRequest" parameters: - name: X-Amz-Target in: header required: true schema: type: string enum: - SWBExternalService.CreateInstanceAccessControlAttributeConfiguration summary: Amazon IAM Identity Center Create Instance Access Control Attribute Configuration x-microcks-operation: delay: 0 dispatcher: FALLBACK parameters: - $ref: "#/components/parameters/X-Amz-Content-Sha256" - $ref: "#/components/parameters/X-Amz-Date" - $ref: "#/components/parameters/X-Amz-Algorithm" - $ref: "#/components/parameters/X-Amz-Credential" - $ref: "#/components/parameters/X-Amz-Security-Token" - $ref: "#/components/parameters/X-Amz-Signature" - $ref: "#/components/parameters/X-Amz-SignedHeaders" /#X-Amz-Target=SWBExternalService.CreatePermissionSet: post: operationId: CreatePermissionSet description:

Creates a permission set within a specified IAM Identity Center instance.

To grant users and groups access to AWS account resources, use CreateAccountAssignment.

responses: "200": description: Success content: application/json: schema: $ref: "#/components/schemas/CreatePermissionSetResponse" "480": description: ResourceNotFoundException content: application/json: schema: $ref: "#/components/schemas/ResourceNotFoundException" "481": description: InternalServerException content: application/json: schema: $ref: "#/components/schemas/InternalServerException" "482": description: ServiceQuotaExceededException content: application/json: schema: $ref: "#/components/schemas/ServiceQuotaExceededException" "483": description: ThrottlingException content: application/json: schema: $ref: "#/components/schemas/ThrottlingException" "484": description: ValidationException content: application/json: schema: $ref: "#/components/schemas/ValidationException" "485": description: AccessDeniedException content: application/json: schema: $ref: "#/components/schemas/AccessDeniedException" "486": description: ConflictException content: application/json: schema: $ref: "#/components/schemas/ConflictException" requestBody: required: true content: application/json: schema: $ref: "#/components/schemas/CreatePermissionSetRequest" parameters: - name: X-Amz-Target in: header required: true schema: type: string enum: - SWBExternalService.CreatePermissionSet summary: Amazon IAM Identity Center Create Permission Set x-microcks-operation: delay: 0 dispatcher: FALLBACK parameters: - $ref: "#/components/parameters/X-Amz-Content-Sha256" - $ref: "#/components/parameters/X-Amz-Date" - $ref: "#/components/parameters/X-Amz-Algorithm" - $ref: "#/components/parameters/X-Amz-Credential" - $ref: "#/components/parameters/X-Amz-Security-Token" - $ref: "#/components/parameters/X-Amz-Signature" - $ref: "#/components/parameters/X-Amz-SignedHeaders" /#X-Amz-Target=SWBExternalService.DeleteAccountAssignment: post: operationId: DeleteAccountAssignment description:

Deletes a principal's access from a specified AWS account using a specified permission set.

After a successful response, call DescribeAccountAssignmentCreationStatus to describe the status of an assignment deletion request.

responses: "200": description: Success content: application/json: schema: $ref: "#/components/schemas/DeleteAccountAssignmentResponse" "480": description: ResourceNotFoundException content: application/json: schema: $ref: "#/components/schemas/ResourceNotFoundException" "481": description: InternalServerException content: application/json: schema: $ref: "#/components/schemas/InternalServerException" "482": description: ThrottlingException content: application/json: schema: $ref: "#/components/schemas/ThrottlingException" "483": description: ValidationException content: application/json: schema: $ref: "#/components/schemas/ValidationException" "484": description: AccessDeniedException content: application/json: schema: $ref: "#/components/schemas/AccessDeniedException" "485": description: ConflictException content: application/json: schema: $ref: "#/components/schemas/ConflictException" requestBody: required: true content: application/json: schema: $ref: "#/components/schemas/DeleteAccountAssignmentRequest" parameters: - name: X-Amz-Target in: header required: true schema: type: string enum: - SWBExternalService.DeleteAccountAssignment summary: Amazon IAM Identity Center Delete Account Assignment x-microcks-operation: delay: 0 dispatcher: FALLBACK parameters: - $ref: "#/components/parameters/X-Amz-Content-Sha256" - $ref: "#/components/parameters/X-Amz-Date" - $ref: "#/components/parameters/X-Amz-Algorithm" - $ref: "#/components/parameters/X-Amz-Credential" - $ref: "#/components/parameters/X-Amz-Security-Token" - $ref: "#/components/parameters/X-Amz-Signature" - $ref: "#/components/parameters/X-Amz-SignedHeaders" /#X-Amz-Target=SWBExternalService.DeleteInlinePolicyFromPermissionSet: post: operationId: DeleteInlinePolicyFromPermissionSet description: Deletes the inline policy from a specified permission set. responses: "200": description: Success content: application/json: schema: $ref: "#/components/schemas/DeleteInlinePolicyFromPermissionSetResponse" "480": description: ResourceNotFoundException content: application/json: schema: $ref: "#/components/schemas/ResourceNotFoundException" "481": description: InternalServerException content: application/json: schema: $ref: "#/components/schemas/InternalServerException" "482": description: ThrottlingException content: application/json: schema: $ref: "#/components/schemas/ThrottlingException" "483": description: ValidationException content: application/json: schema: $ref: "#/components/schemas/ValidationException" "484": description: AccessDeniedException content: application/json: schema: $ref: "#/components/schemas/AccessDeniedException" "485": description: ConflictException content: application/json: schema: $ref: "#/components/schemas/ConflictException" requestBody: required: true content: application/json: schema: $ref: "#/components/schemas/DeleteInlinePolicyFromPermissionSetRequest" parameters: - name: X-Amz-Target in: header required: true schema: type: string enum: - SWBExternalService.DeleteInlinePolicyFromPermissionSet summary: Amazon IAM Identity Center Delete Inline Policy from Permission Set x-microcks-operation: delay: 0 dispatcher: FALLBACK parameters: - $ref: "#/components/parameters/X-Amz-Content-Sha256" - $ref: "#/components/parameters/X-Amz-Date" - $ref: "#/components/parameters/X-Amz-Algorithm" - $ref: "#/components/parameters/X-Amz-Credential" - $ref: "#/components/parameters/X-Amz-Security-Token" - $ref: "#/components/parameters/X-Amz-Signature" - $ref: "#/components/parameters/X-Amz-SignedHeaders" /#X-Amz-Target=SWBExternalService.DeleteInstanceAccessControlAttributeConfiguration: post: operationId: DeleteInstanceAccessControlAttributeConfiguration description: Disables the attributes-based access control (ABAC) feature for the specified IAM Identity Center instance and deletes all of the attribute mappings that have been configured. Once deleted, any attributes that are received from an identity source and any custom attributes you have previously configured will not be passed. For more information about ABAC, see Attribute-Based Access Control in the IAM Identity Center User Guide. responses: "200": description: Success content: application/json: schema: $ref: "#/components/schemas/DeleteInstanceAccessControlAttributeConfigurationResponse" "480": description: InternalServerException content: application/json: schema: $ref: "#/components/schemas/InternalServerException" "481": description: AccessDeniedException content: application/json: schema: $ref: "#/components/schemas/AccessDeniedException" "482": description: ThrottlingException content: application/json: schema: $ref: "#/components/schemas/ThrottlingException" "483": description: ValidationException content: application/json: schema: $ref: "#/components/schemas/ValidationException" "484": description: ResourceNotFoundException content: application/json: schema: $ref: "#/components/schemas/ResourceNotFoundException" "485": description: ConflictException content: application/json: schema: $ref: "#/components/schemas/ConflictException" requestBody: required: true content: application/json: schema: $ref: "#/components/schemas/DeleteInstanceAccessControlAttributeConfigurationRequest" parameters: - name: X-Amz-Target in: header required: true schema: type: string enum: - SWBExternalService.DeleteInstanceAccessControlAttributeConfiguration summary: Amazon IAM Identity Center Delete Instance Access Control Attribute Configuration x-microcks-operation: delay: 0 dispatcher: FALLBACK parameters: - $ref: "#/components/parameters/X-Amz-Content-Sha256" - $ref: "#/components/parameters/X-Amz-Date" - $ref: "#/components/parameters/X-Amz-Algorithm" - $ref: "#/components/parameters/X-Amz-Credential" - $ref: "#/components/parameters/X-Amz-Security-Token" - $ref: "#/components/parameters/X-Amz-Signature" - $ref: "#/components/parameters/X-Amz-SignedHeaders" /#X-Amz-Target=SWBExternalService.DeletePermissionSet: post: operationId: DeletePermissionSet description: Deletes the specified permission set. responses: "200": description: Success content: application/json: schema: $ref: "#/components/schemas/DeletePermissionSetResponse" "480": description: ResourceNotFoundException content: application/json: schema: $ref: "#/components/schemas/ResourceNotFoundException" "481": description: InternalServerException content: application/json: schema: $ref: "#/components/schemas/InternalServerException" "482": description: ThrottlingException content: application/json: schema: $ref: "#/components/schemas/ThrottlingException" "483": description: ValidationException content: application/json: schema: $ref: "#/components/schemas/ValidationException" "484": description: AccessDeniedException content: application/json: schema: $ref: "#/components/schemas/AccessDeniedException" "485": description: ConflictException content: application/json: schema: $ref: "#/components/schemas/ConflictException" requestBody: required: true content: application/json: schema: $ref: "#/components/schemas/DeletePermissionSetRequest" parameters: - name: X-Amz-Target in: header required: true schema: type: string enum: - SWBExternalService.DeletePermissionSet summary: Amazon IAM Identity Center Delete Permission Set x-microcks-operation: delay: 0 dispatcher: FALLBACK parameters: - $ref: "#/components/parameters/X-Amz-Content-Sha256" - $ref: "#/components/parameters/X-Amz-Date" - $ref: "#/components/parameters/X-Amz-Algorithm" - $ref: "#/components/parameters/X-Amz-Credential" - $ref: "#/components/parameters/X-Amz-Security-Token" - $ref: "#/components/parameters/X-Amz-Signature" - $ref: "#/components/parameters/X-Amz-SignedHeaders" /#X-Amz-Target=SWBExternalService.DeletePermissionsBoundaryFromPermissionSet: post: operationId: DeletePermissionsBoundaryFromPermissionSet description: Deletes the permissions boundary from a specified PermissionSet. responses: "200": description: Success content: application/json: schema: $ref: "#/components/schemas/DeletePermissionsBoundaryFromPermissionSetResponse" "480": description: ResourceNotFoundException content: application/json: schema: $ref: "#/components/schemas/ResourceNotFoundException" "481": description: InternalServerException content: application/json: schema: $ref: "#/components/schemas/InternalServerException" "482": description: ThrottlingException content: application/json: schema: $ref: "#/components/schemas/ThrottlingException" "483": description: ValidationException content: application/json: schema: $ref: "#/components/schemas/ValidationException" "484": description: AccessDeniedException content: application/json: schema: $ref: "#/components/schemas/AccessDeniedException" requestBody: required: true content: application/json: schema: $ref: "#/components/schemas/DeletePermissionsBoundaryFromPermissionSetRequest" parameters: - name: X-Amz-Target in: header required: true schema: type: string enum: - SWBExternalService.DeletePermissionsBoundaryFromPermissionSet summary: Amazon IAM Identity Center Delete Permissions Boundary from Permission Set x-microcks-operation: delay: 0 dispatcher: FALLBACK parameters: - $ref: "#/components/parameters/X-Amz-Content-Sha256" - $ref: "#/components/parameters/X-Amz-Date" - $ref: "#/components/parameters/X-Amz-Algorithm" - $ref: "#/components/parameters/X-Amz-Credential" - $ref: "#/components/parameters/X-Amz-Security-Token" - $ref: "#/components/parameters/X-Amz-Signature" - $ref: "#/components/parameters/X-Amz-SignedHeaders" /#X-Amz-Target=SWBExternalService.DescribeAccountAssignmentCreationStatus: post: operationId: DescribeAccountAssignmentCreationStatus description: Describes the status of the assignment creation request. responses: "200": description: Success content: application/json: schema: $ref: "#/components/schemas/DescribeAccountAssignmentCreationStatusResponse" "480": description: ResourceNotFoundException content: application/json: schema: $ref: "#/components/schemas/ResourceNotFoundException" "481": description: InternalServerException content: application/json: schema: $ref: "#/components/schemas/InternalServerException" "482": description: ThrottlingException content: application/json: schema: $ref: "#/components/schemas/ThrottlingException" "483": description: ValidationException content: application/json: schema: $ref: "#/components/schemas/ValidationException" "484": description: AccessDeniedException content: application/json: schema: $ref: "#/components/schemas/AccessDeniedException" requestBody: required: true content: application/json: schema: $ref: "#/components/schemas/DescribeAccountAssignmentCreationStatusRequest" parameters: - name: X-Amz-Target in: header required: true schema: type: string enum: - SWBExternalService.DescribeAccountAssignmentCreationStatus summary: Amazon IAM Identity Center Describe Account Assignment Creation Status x-microcks-operation: delay: 0 dispatcher: FALLBACK parameters: - $ref: "#/components/parameters/X-Amz-Content-Sha256" - $ref: "#/components/parameters/X-Amz-Date" - $ref: "#/components/parameters/X-Amz-Algorithm" - $ref: "#/components/parameters/X-Amz-Credential" - $ref: "#/components/parameters/X-Amz-Security-Token" - $ref: "#/components/parameters/X-Amz-Signature" - $ref: "#/components/parameters/X-Amz-SignedHeaders" /#X-Amz-Target=SWBExternalService.DescribeAccountAssignmentDeletionStatus: post: operationId: DescribeAccountAssignmentDeletionStatus description: Describes the status of the assignment deletion request. responses: "200": description: Success content: application/json: schema: $ref: "#/components/schemas/DescribeAccountAssignmentDeletionStatusResponse" "480": description: ResourceNotFoundException content: application/json: schema: $ref: "#/components/schemas/ResourceNotFoundException" "481": description: InternalServerException content: application/json: schema: $ref: "#/components/schemas/InternalServerException" "482": description: ThrottlingException content: application/json: schema: $ref: "#/components/schemas/ThrottlingException" "483": description: ValidationException content: application/json: schema: $ref: "#/components/schemas/ValidationException" "484": description: AccessDeniedException content: application/json: schema: $ref: "#/components/schemas/AccessDeniedException" requestBody: required: true content: application/json: schema: $ref: "#/components/schemas/DescribeAccountAssignmentDeletionStatusRequest" parameters: - name: X-Amz-Target in: header required: true schema: type: string enum: - SWBExternalService.DescribeAccountAssignmentDeletionStatus summary: Amazon IAM Identity Center Describe Account Assignment Deletion Status x-microcks-operation: delay: 0 dispatcher: FALLBACK parameters: - $ref: "#/components/parameters/X-Amz-Content-Sha256" - $ref: "#/components/parameters/X-Amz-Date" - $ref: "#/components/parameters/X-Amz-Algorithm" - $ref: "#/components/parameters/X-Amz-Credential" - $ref: "#/components/parameters/X-Amz-Security-Token" - $ref: "#/components/parameters/X-Amz-Signature" - $ref: "#/components/parameters/X-Amz-SignedHeaders" /#X-Amz-Target=SWBExternalService.DescribeInstanceAccessControlAttributeConfiguration: post: operationId: DescribeInstanceAccessControlAttributeConfiguration description: Returns the list of IAM Identity Center identity store attributes that have been configured to work with attributes-based access control (ABAC) for the specified IAM Identity Center instance. This will not return attributes configured and sent by an external identity provider. For more information about ABAC, see Attribute-Based Access Control in the IAM Identity Center User Guide. responses: "200": description: Success content: application/json: schema: $ref: "#/components/schemas/DescribeInstanceAccessControlAttributeConfigurationResponse" "480": description: ResourceNotFoundException content: application/json: schema: $ref: "#/components/schemas/ResourceNotFoundException" "481": description: InternalServerException content: application/json: schema: $ref: "#/components/schemas/InternalServerException" "482": description: AccessDeniedException content: application/json: schema: $ref: "#/components/schemas/AccessDeniedException" "483": description: ThrottlingException content: application/json: schema: $ref: "#/components/schemas/ThrottlingException" "484": description: ValidationException content: application/json: schema: $ref: "#/components/schemas/ValidationException" requestBody: required: true content: application/json: schema: $ref: "#/components/schemas/DescribeInstanceAccessControlAttributeConfigurationRequest" parameters: - name: X-Amz-Target in: header required: true schema: type: string enum: - SWBExternalService.DescribeInstanceAccessControlAttributeConfiguration summary: Amazon IAM Identity Center Describe Instance Access Control Attribute Configuration x-microcks-operation: delay: 0 dispatcher: FALLBACK parameters: - $ref: "#/components/parameters/X-Amz-Content-Sha256" - $ref: "#/components/parameters/X-Amz-Date" - $ref: "#/components/parameters/X-Amz-Algorithm" - $ref: "#/components/parameters/X-Amz-Credential" - $ref: "#/components/parameters/X-Amz-Security-Token" - $ref: "#/components/parameters/X-Amz-Signature" - $ref: "#/components/parameters/X-Amz-SignedHeaders" /#X-Amz-Target=SWBExternalService.DescribePermissionSet: post: operationId: DescribePermissionSet description: Gets the details of the permission set. responses: "200": description: Success content: application/json: schema: $ref: "#/components/schemas/DescribePermissionSetResponse" "480": description: ResourceNotFoundException content: application/json: schema: $ref: "#/components/schemas/ResourceNotFoundException" "481": description: InternalServerException content: application/json: schema: $ref: "#/components/schemas/InternalServerException" "482": description: ThrottlingException content: application/json: schema: $ref: "#/components/schemas/ThrottlingException" "483": description: ValidationException content: application/json: schema: $ref: "#/components/schemas/ValidationException" "484": description: AccessDeniedException content: application/json: schema: $ref: "#/components/schemas/AccessDeniedException" requestBody: required: true content: application/json: schema: $ref: "#/components/schemas/DescribePermissionSetRequest" parameters: - name: X-Amz-Target in: header required: true schema: type: string enum: - SWBExternalService.DescribePermissionSet summary: Amazon IAM Identity Center Describe Permission Set x-microcks-operation: delay: 0 dispatcher: FALLBACK parameters: - $ref: "#/components/parameters/X-Amz-Content-Sha256" - $ref: "#/components/parameters/X-Amz-Date" - $ref: "#/components/parameters/X-Amz-Algorithm" - $ref: "#/components/parameters/X-Amz-Credential" - $ref: "#/components/parameters/X-Amz-Security-Token" - $ref: "#/components/parameters/X-Amz-Signature" - $ref: "#/components/parameters/X-Amz-SignedHeaders" /#X-Amz-Target=SWBExternalService.DescribePermissionSetProvisioningStatus: post: operationId: DescribePermissionSetProvisioningStatus description: Describes the status for the given permission set provisioning request. responses: "200": description: Success content: application/json: schema: $ref: "#/components/schemas/DescribePermissionSetProvisioningStatusResponse" "480": description: ResourceNotFoundException content: application/json: schema: $ref: "#/components/schemas/ResourceNotFoundException" "481": description: InternalServerException content: application/json: schema: $ref: "#/components/schemas/InternalServerException" "482": description: ThrottlingException content: application/json: schema: $ref: "#/components/schemas/ThrottlingException" "483": description: ValidationException content: application/json: schema: $ref: "#/components/schemas/ValidationException" "484": description: AccessDeniedException content: application/json: schema: $ref: "#/components/schemas/AccessDeniedException" requestBody: required: true content: application/json: schema: $ref: "#/components/schemas/DescribePermissionSetProvisioningStatusRequest" parameters: - name: X-Amz-Target in: header required: true schema: type: string enum: - SWBExternalService.DescribePermissionSetProvisioningStatus summary: Amazon IAM Identity Center Describe Permission Set Provisioning Status x-microcks-operation: delay: 0 dispatcher: FALLBACK parameters: - $ref: "#/components/parameters/X-Amz-Content-Sha256" - $ref: "#/components/parameters/X-Amz-Date" - $ref: "#/components/parameters/X-Amz-Algorithm" - $ref: "#/components/parameters/X-Amz-Credential" - $ref: "#/components/parameters/X-Amz-Security-Token" - $ref: "#/components/parameters/X-Amz-Signature" - $ref: "#/components/parameters/X-Amz-SignedHeaders" /#X-Amz-Target=SWBExternalService.DetachCustomerManagedPolicyReferenceFromPermissionSet: post: operationId: DetachCustomerManagedPolicyReferenceFromPermissionSet description: Detaches the specified customer managed policy from the specified PermissionSet. responses: "200": description: Success content: application/json: schema: $ref: "#/components/schemas/DetachCustomerManagedPolicyReferenceFromPermissionSetResponse" "480": description: ResourceNotFoundException content: application/json: schema: $ref: "#/components/schemas/ResourceNotFoundException" "481": description: InternalServerException content: application/json: schema: $ref: "#/components/schemas/InternalServerException" "482": description: ThrottlingException content: application/json: schema: $ref: "#/components/schemas/ThrottlingException" "483": description: ValidationException content: application/json: schema: $ref: "#/components/schemas/ValidationException" "484": description: AccessDeniedException content: application/json: schema: $ref: "#/components/schemas/AccessDeniedException" "485": description: ConflictException content: application/json: schema: $ref: "#/components/schemas/ConflictException" requestBody: required: true content: application/json: schema: $ref: "#/components/schemas/DetachCustomerManagedPolicyReferenceFromPermissionSetRequest" parameters: - name: X-Amz-Target in: header required: true schema: type: string enum: - SWBExternalService.DetachCustomerManagedPolicyReferenceFromPermissionSet summary: Amazon IAM Identity Center Detach Customer Managed Policy Reference from Permission Set x-microcks-operation: delay: 0 dispatcher: FALLBACK parameters: - $ref: "#/components/parameters/X-Amz-Content-Sha256" - $ref: "#/components/parameters/X-Amz-Date" - $ref: "#/components/parameters/X-Amz-Algorithm" - $ref: "#/components/parameters/X-Amz-Credential" - $ref: "#/components/parameters/X-Amz-Security-Token" - $ref: "#/components/parameters/X-Amz-Signature" - $ref: "#/components/parameters/X-Amz-SignedHeaders" /#X-Amz-Target=SWBExternalService.DetachManagedPolicyFromPermissionSet: post: operationId: DetachManagedPolicyFromPermissionSet description: Detaches the attached AWS managed policy ARN from the specified permission set. responses: "200": description: Success content: application/json: schema: $ref: "#/components/schemas/DetachManagedPolicyFromPermissionSetResponse" "480": description: ResourceNotFoundException content: application/json: schema: $ref: "#/components/schemas/ResourceNotFoundException" "481": description: InternalServerException content: application/json: schema: $ref: "#/components/schemas/InternalServerException" "482": description: ThrottlingException content: application/json: schema: $ref: "#/components/schemas/ThrottlingException" "483": description: ValidationException content: application/json: schema: $ref: "#/components/schemas/ValidationException" "484": description: AccessDeniedException content: application/json: schema: $ref: "#/components/schemas/AccessDeniedException" "485": description: ConflictException content: application/json: schema: $ref: "#/components/schemas/ConflictException" requestBody: required: true content: application/json: schema: $ref: "#/components/schemas/DetachManagedPolicyFromPermissionSetRequest" parameters: - name: X-Amz-Target in: header required: true schema: type: string enum: - SWBExternalService.DetachManagedPolicyFromPermissionSet summary: Amazon IAM Identity Center Detach Managed Policy from Permission Set x-microcks-operation: delay: 0 dispatcher: FALLBACK parameters: - $ref: "#/components/parameters/X-Amz-Content-Sha256" - $ref: "#/components/parameters/X-Amz-Date" - $ref: "#/components/parameters/X-Amz-Algorithm" - $ref: "#/components/parameters/X-Amz-Credential" - $ref: "#/components/parameters/X-Amz-Security-Token" - $ref: "#/components/parameters/X-Amz-Signature" - $ref: "#/components/parameters/X-Amz-SignedHeaders" /#X-Amz-Target=SWBExternalService.GetInlinePolicyForPermissionSet: post: operationId: GetInlinePolicyForPermissionSet description: Obtains the inline policy assigned to the permission set. responses: "200": description: Success content: application/json: schema: $ref: "#/components/schemas/GetInlinePolicyForPermissionSetResponse" "480": description: ResourceNotFoundException content: application/json: schema: $ref: "#/components/schemas/ResourceNotFoundException" "481": description: InternalServerException content: application/json: schema: $ref: "#/components/schemas/InternalServerException" "482": description: ThrottlingException content: application/json: schema: $ref: "#/components/schemas/ThrottlingException" "483": description: ValidationException content: application/json: schema: $ref: "#/components/schemas/ValidationException" "484": description: AccessDeniedException content: application/json: schema: $ref: "#/components/schemas/AccessDeniedException" requestBody: required: true content: application/json: schema: $ref: "#/components/schemas/GetInlinePolicyForPermissionSetRequest" parameters: - name: X-Amz-Target in: header required: true schema: type: string enum: - SWBExternalService.GetInlinePolicyForPermissionSet summary: Amazon IAM Identity Center Get Inline Policy for Permission Set x-microcks-operation: delay: 0 dispatcher: FALLBACK parameters: - $ref: "#/components/parameters/X-Amz-Content-Sha256" - $ref: "#/components/parameters/X-Amz-Date" - $ref: "#/components/parameters/X-Amz-Algorithm" - $ref: "#/components/parameters/X-Amz-Credential" - $ref: "#/components/parameters/X-Amz-Security-Token" - $ref: "#/components/parameters/X-Amz-Signature" - $ref: "#/components/parameters/X-Amz-SignedHeaders" /#X-Amz-Target=SWBExternalService.GetPermissionsBoundaryForPermissionSet: post: operationId: GetPermissionsBoundaryForPermissionSet description: Obtains the permissions boundary for a specified PermissionSet. responses: "200": description: Success content: application/json: schema: $ref: "#/components/schemas/GetPermissionsBoundaryForPermissionSetResponse" "480": description: ResourceNotFoundException content: application/json: schema: $ref: "#/components/schemas/ResourceNotFoundException" "481": description: InternalServerException content: application/json: schema: $ref: "#/components/schemas/InternalServerException" "482": description: ThrottlingException content: application/json: schema: $ref: "#/components/schemas/ThrottlingException" "483": description: ValidationException content: application/json: schema: $ref: "#/components/schemas/ValidationException" "484": description: AccessDeniedException content: application/json: schema: $ref: "#/components/schemas/AccessDeniedException" requestBody: required: true content: application/json: schema: $ref: "#/components/schemas/GetPermissionsBoundaryForPermissionSetRequest" parameters: - name: X-Amz-Target in: header required: true schema: type: string enum: - SWBExternalService.GetPermissionsBoundaryForPermissionSet summary: Amazon IAM Identity Center Get Permissions Boundary for Permission Set x-microcks-operation: delay: 0 dispatcher: FALLBACK parameters: - $ref: "#/components/parameters/X-Amz-Content-Sha256" - $ref: "#/components/parameters/X-Amz-Date" - $ref: "#/components/parameters/X-Amz-Algorithm" - $ref: "#/components/parameters/X-Amz-Credential" - $ref: "#/components/parameters/X-Amz-Security-Token" - $ref: "#/components/parameters/X-Amz-Signature" - $ref: "#/components/parameters/X-Amz-SignedHeaders" /#X-Amz-Target=SWBExternalService.ListAccountAssignmentCreationStatus: post: operationId: ListAccountAssignmentCreationStatus description: Lists the status of the AWS account assignment creation requests for a specified IAM Identity Center instance. responses: "200": description: Success content: application/json: schema: $ref: "#/components/schemas/ListAccountAssignmentCreationStatusResponse" "480": description: ResourceNotFoundException content: application/json: schema: $ref: "#/components/schemas/ResourceNotFoundException" "481": description: InternalServerException content: application/json: schema: $ref: "#/components/schemas/InternalServerException" "482": description: ThrottlingException content: application/json: schema: $ref: "#/components/schemas/ThrottlingException" "483": description: ValidationException content: application/json: schema: $ref: "#/components/schemas/ValidationException" "484": description: AccessDeniedException content: application/json: schema: $ref: "#/components/schemas/AccessDeniedException" requestBody: required: true content: application/json: schema: $ref: "#/components/schemas/ListAccountAssignmentCreationStatusRequest" parameters: - name: MaxResults in: query schema: type: string description: Pagination limit required: false - name: NextToken in: query schema: type: string description: Pagination token required: false - name: X-Amz-Target in: header required: true schema: type: string enum: - SWBExternalService.ListAccountAssignmentCreationStatus summary: Amazon IAM Identity Center List Account Assignment Creation Status x-microcks-operation: delay: 0 dispatcher: FALLBACK parameters: - $ref: "#/components/parameters/X-Amz-Content-Sha256" - $ref: "#/components/parameters/X-Amz-Date" - $ref: "#/components/parameters/X-Amz-Algorithm" - $ref: "#/components/parameters/X-Amz-Credential" - $ref: "#/components/parameters/X-Amz-Security-Token" - $ref: "#/components/parameters/X-Amz-Signature" - $ref: "#/components/parameters/X-Amz-SignedHeaders" /#X-Amz-Target=SWBExternalService.ListAccountAssignmentDeletionStatus: post: operationId: ListAccountAssignmentDeletionStatus description: Lists the status of the AWS account assignment deletion requests for a specified IAM Identity Center instance. responses: "200": description: Success content: application/json: schema: $ref: "#/components/schemas/ListAccountAssignmentDeletionStatusResponse" "480": description: ResourceNotFoundException content: application/json: schema: $ref: "#/components/schemas/ResourceNotFoundException" "481": description: InternalServerException content: application/json: schema: $ref: "#/components/schemas/InternalServerException" "482": description: ThrottlingException content: application/json: schema: $ref: "#/components/schemas/ThrottlingException" "483": description: ValidationException content: application/json: schema: $ref: "#/components/schemas/ValidationException" "484": description: AccessDeniedException content: application/json: schema: $ref: "#/components/schemas/AccessDeniedException" requestBody: required: true content: application/json: schema: $ref: "#/components/schemas/ListAccountAssignmentDeletionStatusRequest" parameters: - name: MaxResults in: query schema: type: string description: Pagination limit required: false - name: NextToken in: query schema: type: string description: Pagination token required: false - name: X-Amz-Target in: header required: true schema: type: string enum: - SWBExternalService.ListAccountAssignmentDeletionStatus summary: Amazon IAM Identity Center List Account Assignment Deletion Status x-microcks-operation: delay: 0 dispatcher: FALLBACK parameters: - $ref: "#/components/parameters/X-Amz-Content-Sha256" - $ref: "#/components/parameters/X-Amz-Date" - $ref: "#/components/parameters/X-Amz-Algorithm" - $ref: "#/components/parameters/X-Amz-Credential" - $ref: "#/components/parameters/X-Amz-Security-Token" - $ref: "#/components/parameters/X-Amz-Signature" - $ref: "#/components/parameters/X-Amz-SignedHeaders" /#X-Amz-Target=SWBExternalService.ListAccountAssignments: post: operationId: ListAccountAssignments description: Lists the assignee of the specified AWS account with the specified permission set. responses: "200": description: Success content: application/json: schema: $ref: "#/components/schemas/ListAccountAssignmentsResponse" "480": description: ResourceNotFoundException content: application/json: schema: $ref: "#/components/schemas/ResourceNotFoundException" "481": description: InternalServerException content: application/json: schema: $ref: "#/components/schemas/InternalServerException" "482": description: ThrottlingException content: application/json: schema: $ref: "#/components/schemas/ThrottlingException" "483": description: ValidationException content: application/json: schema: $ref: "#/components/schemas/ValidationException" "484": description: AccessDeniedException content: application/json: schema: $ref: "#/components/schemas/AccessDeniedException" requestBody: required: true content: application/json: schema: $ref: "#/components/schemas/ListAccountAssignmentsRequest" parameters: - name: MaxResults in: query schema: type: string description: Pagination limit required: false - name: NextToken in: query schema: type: string description: Pagination token required: false - name: X-Amz-Target in: header required: true schema: type: string enum: - SWBExternalService.ListAccountAssignments summary: Amazon IAM Identity Center List Account Assignments x-microcks-operation: delay: 0 dispatcher: FALLBACK parameters: - $ref: "#/components/parameters/X-Amz-Content-Sha256" - $ref: "#/components/parameters/X-Amz-Date" - $ref: "#/components/parameters/X-Amz-Algorithm" - $ref: "#/components/parameters/X-Amz-Credential" - $ref: "#/components/parameters/X-Amz-Security-Token" - $ref: "#/components/parameters/X-Amz-Signature" - $ref: "#/components/parameters/X-Amz-SignedHeaders" /#X-Amz-Target=SWBExternalService.ListAccountsForProvisionedPermissionSet: post: operationId: ListAccountsForProvisionedPermissionSet description: Lists all the AWS accounts where the specified permission set is provisioned. responses: "200": description: Success content: application/json: schema: $ref: "#/components/schemas/ListAccountsForProvisionedPermissionSetResponse" "480": description: ResourceNotFoundException content: application/json: schema: $ref: "#/components/schemas/ResourceNotFoundException" "481": description: InternalServerException content: application/json: schema: $ref: "#/components/schemas/InternalServerException" "482": description: ThrottlingException content: application/json: schema: $ref: "#/components/schemas/ThrottlingException" "483": description: ValidationException content: application/json: schema: $ref: "#/components/schemas/ValidationException" "484": description: AccessDeniedException content: application/json: schema: $ref: "#/components/schemas/AccessDeniedException" requestBody: required: true content: application/json: schema: $ref: "#/components/schemas/ListAccountsForProvisionedPermissionSetRequest" parameters: - name: MaxResults in: query schema: type: string description: Pagination limit required: false - name: NextToken in: query schema: type: string description: Pagination token required: false - name: X-Amz-Target in: header required: true schema: type: string enum: - SWBExternalService.ListAccountsForProvisionedPermissionSet summary: Amazon IAM Identity Center List Accounts for Provisioned Permission Set x-microcks-operation: delay: 0 dispatcher: FALLBACK parameters: - $ref: "#/components/parameters/X-Amz-Content-Sha256" - $ref: "#/components/parameters/X-Amz-Date" - $ref: "#/components/parameters/X-Amz-Algorithm" - $ref: "#/components/parameters/X-Amz-Credential" - $ref: "#/components/parameters/X-Amz-Security-Token" - $ref: "#/components/parameters/X-Amz-Signature" - $ref: "#/components/parameters/X-Amz-SignedHeaders" /#X-Amz-Target=SWBExternalService.ListCustomerManagedPolicyReferencesInPermissionSet: post: operationId: ListCustomerManagedPolicyReferencesInPermissionSet description: Lists all customer managed policies attached to a specified PermissionSet. responses: "200": description: Success content: application/json: schema: $ref: "#/components/schemas/ListCustomerManagedPolicyReferencesInPermissionSetResponse" "480": description: ResourceNotFoundException content: application/json: schema: $ref: "#/components/schemas/ResourceNotFoundException" "481": description: InternalServerException content: application/json: schema: $ref: "#/components/schemas/InternalServerException" "482": description: ThrottlingException content: application/json: schema: $ref: "#/components/schemas/ThrottlingException" "483": description: ValidationException content: application/json: schema: $ref: "#/components/schemas/ValidationException" "484": description: AccessDeniedException content: application/json: schema: $ref: "#/components/schemas/AccessDeniedException" requestBody: required: true content: application/json: schema: $ref: "#/components/schemas/ListCustomerManagedPolicyReferencesInPermissionSetRequest" parameters: - name: MaxResults in: query schema: type: string description: Pagination limit required: false - name: NextToken in: query schema: type: string description: Pagination token required: false - name: X-Amz-Target in: header required: true schema: type: string enum: - SWBExternalService.ListCustomerManagedPolicyReferencesInPermissionSet summary: Amazon IAM Identity Center List Customer Managed Policy References in Permission Set x-microcks-operation: delay: 0 dispatcher: FALLBACK parameters: - $ref: "#/components/parameters/X-Amz-Content-Sha256" - $ref: "#/components/parameters/X-Amz-Date" - $ref: "#/components/parameters/X-Amz-Algorithm" - $ref: "#/components/parameters/X-Amz-Credential" - $ref: "#/components/parameters/X-Amz-Security-Token" - $ref: "#/components/parameters/X-Amz-Signature" - $ref: "#/components/parameters/X-Amz-SignedHeaders" /#X-Amz-Target=SWBExternalService.ListInstances: post: operationId: ListInstances description: Lists the IAM Identity Center instances that the caller has access to. responses: "200": description: Success content: application/json: schema: $ref: "#/components/schemas/ListInstancesResponse" "480": description: InternalServerException content: application/json: schema: $ref: "#/components/schemas/InternalServerException" "481": description: ThrottlingException content: application/json: schema: $ref: "#/components/schemas/ThrottlingException" "482": description: AccessDeniedException content: application/json: schema: $ref: "#/components/schemas/AccessDeniedException" "483": description: ValidationException content: application/json: schema: $ref: "#/components/schemas/ValidationException" requestBody: required: true content: application/json: schema: $ref: "#/components/schemas/ListInstancesRequest" parameters: - name: MaxResults in: query schema: type: string description: Pagination limit required: false - name: NextToken in: query schema: type: string description: Pagination token required: false - name: X-Amz-Target in: header required: true schema: type: string enum: - SWBExternalService.ListInstances summary: Amazon IAM Identity Center List Instances x-microcks-operation: delay: 0 dispatcher: FALLBACK parameters: - $ref: "#/components/parameters/X-Amz-Content-Sha256" - $ref: "#/components/parameters/X-Amz-Date" - $ref: "#/components/parameters/X-Amz-Algorithm" - $ref: "#/components/parameters/X-Amz-Credential" - $ref: "#/components/parameters/X-Amz-Security-Token" - $ref: "#/components/parameters/X-Amz-Signature" - $ref: "#/components/parameters/X-Amz-SignedHeaders" /#X-Amz-Target=SWBExternalService.ListManagedPoliciesInPermissionSet: post: operationId: ListManagedPoliciesInPermissionSet description: Lists the AWS managed policy that is attached to a specified permission set. responses: "200": description: Success content: application/json: schema: $ref: "#/components/schemas/ListManagedPoliciesInPermissionSetResponse" "480": description: ResourceNotFoundException content: application/json: schema: $ref: "#/components/schemas/ResourceNotFoundException" "481": description: InternalServerException content: application/json: schema: $ref: "#/components/schemas/InternalServerException" "482": description: ThrottlingException content: application/json: schema: $ref: "#/components/schemas/ThrottlingException" "483": description: ValidationException content: application/json: schema: $ref: "#/components/schemas/ValidationException" "484": description: AccessDeniedException content: application/json: schema: $ref: "#/components/schemas/AccessDeniedException" requestBody: required: true content: application/json: schema: $ref: "#/components/schemas/ListManagedPoliciesInPermissionSetRequest" parameters: - name: MaxResults in: query schema: type: string description: Pagination limit required: false - name: NextToken in: query schema: type: string description: Pagination token required: false - name: X-Amz-Target in: header required: true schema: type: string enum: - SWBExternalService.ListManagedPoliciesInPermissionSet summary: Amazon IAM Identity Center List Managed Policies in Permission Set x-microcks-operation: delay: 0 dispatcher: FALLBACK parameters: - $ref: "#/components/parameters/X-Amz-Content-Sha256" - $ref: "#/components/parameters/X-Amz-Date" - $ref: "#/components/parameters/X-Amz-Algorithm" - $ref: "#/components/parameters/X-Amz-Credential" - $ref: "#/components/parameters/X-Amz-Security-Token" - $ref: "#/components/parameters/X-Amz-Signature" - $ref: "#/components/parameters/X-Amz-SignedHeaders" /#X-Amz-Target=SWBExternalService.ListPermissionSetProvisioningStatus: post: operationId: ListPermissionSetProvisioningStatus description: Lists the status of the permission set provisioning requests for a specified IAM Identity Center instance. responses: "200": description: Success content: application/json: schema: $ref: "#/components/schemas/ListPermissionSetProvisioningStatusResponse" "480": description: ResourceNotFoundException content: application/json: schema: $ref: "#/components/schemas/ResourceNotFoundException" "481": description: InternalServerException content: application/json: schema: $ref: "#/components/schemas/InternalServerException" "482": description: ThrottlingException content: application/json: schema: $ref: "#/components/schemas/ThrottlingException" "483": description: ValidationException content: application/json: schema: $ref: "#/components/schemas/ValidationException" "484": description: AccessDeniedException content: application/json: schema: $ref: "#/components/schemas/AccessDeniedException" requestBody: required: true content: application/json: schema: $ref: "#/components/schemas/ListPermissionSetProvisioningStatusRequest" parameters: - name: MaxResults in: query schema: type: string description: Pagination limit required: false - name: NextToken in: query schema: type: string description: Pagination token required: false - name: X-Amz-Target in: header required: true schema: type: string enum: - SWBExternalService.ListPermissionSetProvisioningStatus summary: Amazon IAM Identity Center List Permission Set Provisioning Status x-microcks-operation: delay: 0 dispatcher: FALLBACK parameters: - $ref: "#/components/parameters/X-Amz-Content-Sha256" - $ref: "#/components/parameters/X-Amz-Date" - $ref: "#/components/parameters/X-Amz-Algorithm" - $ref: "#/components/parameters/X-Amz-Credential" - $ref: "#/components/parameters/X-Amz-Security-Token" - $ref: "#/components/parameters/X-Amz-Signature" - $ref: "#/components/parameters/X-Amz-SignedHeaders" /#X-Amz-Target=SWBExternalService.ListPermissionSets: post: operationId: ListPermissionSets description: Lists the PermissionSets in an IAM Identity Center instance. responses: "200": description: Success content: application/json: schema: $ref: "#/components/schemas/ListPermissionSetsResponse" "480": description: ResourceNotFoundException content: application/json: schema: $ref: "#/components/schemas/ResourceNotFoundException" "481": description: InternalServerException content: application/json: schema: $ref: "#/components/schemas/InternalServerException" "482": description: ThrottlingException content: application/json: schema: $ref: "#/components/schemas/ThrottlingException" "483": description: ValidationException content: application/json: schema: $ref: "#/components/schemas/ValidationException" "484": description: AccessDeniedException content: application/json: schema: $ref: "#/components/schemas/AccessDeniedException" requestBody: required: true content: application/json: schema: $ref: "#/components/schemas/ListPermissionSetsRequest" parameters: - name: MaxResults in: query schema: type: string description: Pagination limit required: false - name: NextToken in: query schema: type: string description: Pagination token required: false - name: X-Amz-Target in: header required: true schema: type: string enum: - SWBExternalService.ListPermissionSets summary: Amazon IAM Identity Center List Permission Sets x-microcks-operation: delay: 0 dispatcher: FALLBACK parameters: - $ref: "#/components/parameters/X-Amz-Content-Sha256" - $ref: "#/components/parameters/X-Amz-Date" - $ref: "#/components/parameters/X-Amz-Algorithm" - $ref: "#/components/parameters/X-Amz-Credential" - $ref: "#/components/parameters/X-Amz-Security-Token" - $ref: "#/components/parameters/X-Amz-Signature" - $ref: "#/components/parameters/X-Amz-SignedHeaders" /#X-Amz-Target=SWBExternalService.ListPermissionSetsProvisionedToAccount: post: operationId: ListPermissionSetsProvisionedToAccount description: Lists all the permission sets that are provisioned to a specified AWS account. responses: "200": description: Success content: application/json: schema: $ref: "#/components/schemas/ListPermissionSetsProvisionedToAccountResponse" "480": description: ResourceNotFoundException content: application/json: schema: $ref: "#/components/schemas/ResourceNotFoundException" "481": description: InternalServerException content: application/json: schema: $ref: "#/components/schemas/InternalServerException" "482": description: ThrottlingException content: application/json: schema: $ref: "#/components/schemas/ThrottlingException" "483": description: ValidationException content: application/json: schema: $ref: "#/components/schemas/ValidationException" "484": description: AccessDeniedException content: application/json: schema: $ref: "#/components/schemas/AccessDeniedException" requestBody: required: true content: application/json: schema: $ref: "#/components/schemas/ListPermissionSetsProvisionedToAccountRequest" parameters: - name: MaxResults in: query schema: type: string description: Pagination limit required: false - name: NextToken in: query schema: type: string description: Pagination token required: false - name: X-Amz-Target in: header required: true schema: type: string enum: - SWBExternalService.ListPermissionSetsProvisionedToAccount summary: Amazon IAM Identity Center List Permission Sets Provisioned to Account x-microcks-operation: delay: 0 dispatcher: FALLBACK parameters: - $ref: "#/components/parameters/X-Amz-Content-Sha256" - $ref: "#/components/parameters/X-Amz-Date" - $ref: "#/components/parameters/X-Amz-Algorithm" - $ref: "#/components/parameters/X-Amz-Credential" - $ref: "#/components/parameters/X-Amz-Security-Token" - $ref: "#/components/parameters/X-Amz-Signature" - $ref: "#/components/parameters/X-Amz-SignedHeaders" /#X-Amz-Target=SWBExternalService.ListTagsForResource: post: operationId: ListTagsForResource description: Lists the tags that are attached to a specified resource. responses: "200": description: Success content: application/json: schema: $ref: "#/components/schemas/ListTagsForResourceResponse" "480": description: ResourceNotFoundException content: application/json: schema: $ref: "#/components/schemas/ResourceNotFoundException" "481": description: InternalServerException content: application/json: schema: $ref: "#/components/schemas/InternalServerException" "482": description: ThrottlingException content: application/json: schema: $ref: "#/components/schemas/ThrottlingException" "483": description: ValidationException content: application/json: schema: $ref: "#/components/schemas/ValidationException" "484": description: AccessDeniedException content: application/json: schema: $ref: "#/components/schemas/AccessDeniedException" requestBody: required: true content: application/json: schema: $ref: "#/components/schemas/ListTagsForResourceRequest" parameters: - name: NextToken in: query schema: type: string description: Pagination token required: false - name: X-Amz-Target in: header required: true schema: type: string enum: - SWBExternalService.ListTagsForResource summary: Amazon IAM Identity Center List Tags for Resource x-microcks-operation: delay: 0 dispatcher: FALLBACK parameters: - $ref: "#/components/parameters/X-Amz-Content-Sha256" - $ref: "#/components/parameters/X-Amz-Date" - $ref: "#/components/parameters/X-Amz-Algorithm" - $ref: "#/components/parameters/X-Amz-Credential" - $ref: "#/components/parameters/X-Amz-Security-Token" - $ref: "#/components/parameters/X-Amz-Signature" - $ref: "#/components/parameters/X-Amz-SignedHeaders" /#X-Amz-Target=SWBExternalService.ProvisionPermissionSet: post: operationId: ProvisionPermissionSet description: The process by which a specified permission set is provisioned to the specified target. responses: "200": description: Success content: application/json: schema: $ref: "#/components/schemas/ProvisionPermissionSetResponse" "480": description: ResourceNotFoundException content: application/json: schema: $ref: "#/components/schemas/ResourceNotFoundException" "481": description: InternalServerException content: application/json: schema: $ref: "#/components/schemas/InternalServerException" "482": description: ThrottlingException content: application/json: schema: $ref: "#/components/schemas/ThrottlingException" "483": description: ValidationException content: application/json: schema: $ref: "#/components/schemas/ValidationException" "484": description: AccessDeniedException content: application/json: schema: $ref: "#/components/schemas/AccessDeniedException" "485": description: ConflictException content: application/json: schema: $ref: "#/components/schemas/ConflictException" requestBody: required: true content: application/json: schema: $ref: "#/components/schemas/ProvisionPermissionSetRequest" parameters: - name: X-Amz-Target in: header required: true schema: type: string enum: - SWBExternalService.ProvisionPermissionSet summary: Amazon IAM Identity Center Provision Permission Set x-microcks-operation: delay: 0 dispatcher: FALLBACK parameters: - $ref: "#/components/parameters/X-Amz-Content-Sha256" - $ref: "#/components/parameters/X-Amz-Date" - $ref: "#/components/parameters/X-Amz-Algorithm" - $ref: "#/components/parameters/X-Amz-Credential" - $ref: "#/components/parameters/X-Amz-Security-Token" - $ref: "#/components/parameters/X-Amz-Signature" - $ref: "#/components/parameters/X-Amz-SignedHeaders" /#X-Amz-Target=SWBExternalService.PutInlinePolicyToPermissionSet: post: operationId: PutInlinePolicyToPermissionSet description:

Attaches an inline policy to a permission set.

If the permission set is already referenced by one or more account assignments, you will need to call ProvisionPermissionSet after this action to apply the corresponding IAM policy updates to all assigned accounts.

responses: "200": description: Success content: application/json: schema: $ref: "#/components/schemas/PutInlinePolicyToPermissionSetResponse" "480": description: ResourceNotFoundException content: application/json: schema: $ref: "#/components/schemas/ResourceNotFoundException" "481": description: InternalServerException content: application/json: schema: $ref: "#/components/schemas/InternalServerException" "482": description: ServiceQuotaExceededException content: application/json: schema: $ref: "#/components/schemas/ServiceQuotaExceededException" "483": description: ThrottlingException content: application/json: schema: $ref: "#/components/schemas/ThrottlingException" "484": description: ValidationException content: application/json: schema: $ref: "#/components/schemas/ValidationException" "485": description: AccessDeniedException content: application/json: schema: $ref: "#/components/schemas/AccessDeniedException" "486": description: ConflictException content: application/json: schema: $ref: "#/components/schemas/ConflictException" requestBody: required: true content: application/json: schema: $ref: "#/components/schemas/PutInlinePolicyToPermissionSetRequest" parameters: - name: X-Amz-Target in: header required: true schema: type: string enum: - SWBExternalService.PutInlinePolicyToPermissionSet summary: Amazon IAM Identity Center Put Inline Policy to Permission Set x-microcks-operation: delay: 0 dispatcher: FALLBACK parameters: - $ref: "#/components/parameters/X-Amz-Content-Sha256" - $ref: "#/components/parameters/X-Amz-Date" - $ref: "#/components/parameters/X-Amz-Algorithm" - $ref: "#/components/parameters/X-Amz-Credential" - $ref: "#/components/parameters/X-Amz-Security-Token" - $ref: "#/components/parameters/X-Amz-Signature" - $ref: "#/components/parameters/X-Amz-SignedHeaders" /#X-Amz-Target=SWBExternalService.PutPermissionsBoundaryToPermissionSet: post: operationId: PutPermissionsBoundaryToPermissionSet description: Attaches an AWS managed or customer managed policy to the specified PermissionSet as a permissions boundary. responses: "200": description: Success content: application/json: schema: $ref: "#/components/schemas/PutPermissionsBoundaryToPermissionSetResponse" "480": description: ResourceNotFoundException content: application/json: schema: $ref: "#/components/schemas/ResourceNotFoundException" "481": description: InternalServerException content: application/json: schema: $ref: "#/components/schemas/InternalServerException" "482": description: ThrottlingException content: application/json: schema: $ref: "#/components/schemas/ThrottlingException" "483": description: ValidationException content: application/json: schema: $ref: "#/components/schemas/ValidationException" "484": description: AccessDeniedException content: application/json: schema: $ref: "#/components/schemas/AccessDeniedException" "485": description: ConflictException content: application/json: schema: $ref: "#/components/schemas/ConflictException" requestBody: required: true content: application/json: schema: $ref: "#/components/schemas/PutPermissionsBoundaryToPermissionSetRequest" parameters: - name: X-Amz-Target in: header required: true schema: type: string enum: - SWBExternalService.PutPermissionsBoundaryToPermissionSet summary: Amazon IAM Identity Center Put Permissions Boundary to Permission Set x-microcks-operation: delay: 0 dispatcher: FALLBACK parameters: - $ref: "#/components/parameters/X-Amz-Content-Sha256" - $ref: "#/components/parameters/X-Amz-Date" - $ref: "#/components/parameters/X-Amz-Algorithm" - $ref: "#/components/parameters/X-Amz-Credential" - $ref: "#/components/parameters/X-Amz-Security-Token" - $ref: "#/components/parameters/X-Amz-Signature" - $ref: "#/components/parameters/X-Amz-SignedHeaders" /#X-Amz-Target=SWBExternalService.TagResource: post: operationId: TagResource description: Associates a set of tags with a specified resource. responses: "200": description: Success content: application/json: schema: $ref: "#/components/schemas/TagResourceResponse" "480": description: ResourceNotFoundException content: application/json: schema: $ref: "#/components/schemas/ResourceNotFoundException" "481": description: InternalServerException content: application/json: schema: $ref: "#/components/schemas/InternalServerException" "482": description: ServiceQuotaExceededException content: application/json: schema: $ref: "#/components/schemas/ServiceQuotaExceededException" "483": description: ThrottlingException content: application/json: schema: $ref: "#/components/schemas/ThrottlingException" "484": description: ValidationException content: application/json: schema: $ref: "#/components/schemas/ValidationException" "485": description: AccessDeniedException content: application/json: schema: $ref: "#/components/schemas/AccessDeniedException" "486": description: ConflictException content: application/json: schema: $ref: "#/components/schemas/ConflictException" requestBody: required: true content: application/json: schema: $ref: "#/components/schemas/TagResourceRequest" parameters: - name: X-Amz-Target in: header required: true schema: type: string enum: - SWBExternalService.TagResource summary: Amazon IAM Identity Center Tag Resource x-microcks-operation: delay: 0 dispatcher: FALLBACK parameters: - $ref: "#/components/parameters/X-Amz-Content-Sha256" - $ref: "#/components/parameters/X-Amz-Date" - $ref: "#/components/parameters/X-Amz-Algorithm" - $ref: "#/components/parameters/X-Amz-Credential" - $ref: "#/components/parameters/X-Amz-Security-Token" - $ref: "#/components/parameters/X-Amz-Signature" - $ref: "#/components/parameters/X-Amz-SignedHeaders" /#X-Amz-Target=SWBExternalService.UntagResource: post: operationId: UntagResource description: Disassociates a set of tags from a specified resource. responses: "200": description: Success content: application/json: schema: $ref: "#/components/schemas/UntagResourceResponse" "480": description: ResourceNotFoundException content: application/json: schema: $ref: "#/components/schemas/ResourceNotFoundException" "481": description: InternalServerException content: application/json: schema: $ref: "#/components/schemas/InternalServerException" "482": description: ThrottlingException content: application/json: schema: $ref: "#/components/schemas/ThrottlingException" "483": description: ValidationException content: application/json: schema: $ref: "#/components/schemas/ValidationException" "484": description: AccessDeniedException content: application/json: schema: $ref: "#/components/schemas/AccessDeniedException" "485": description: ConflictException content: application/json: schema: $ref: "#/components/schemas/ConflictException" requestBody: required: true content: application/json: schema: $ref: "#/components/schemas/UntagResourceRequest" parameters: - name: X-Amz-Target in: header required: true schema: type: string enum: - SWBExternalService.UntagResource summary: Amazon IAM Identity Center Untag Resource x-microcks-operation: delay: 0 dispatcher: FALLBACK parameters: - $ref: "#/components/parameters/X-Amz-Content-Sha256" - $ref: "#/components/parameters/X-Amz-Date" - $ref: "#/components/parameters/X-Amz-Algorithm" - $ref: "#/components/parameters/X-Amz-Credential" - $ref: "#/components/parameters/X-Amz-Security-Token" - $ref: "#/components/parameters/X-Amz-Signature" - $ref: "#/components/parameters/X-Amz-SignedHeaders" /#X-Amz-Target=SWBExternalService.UpdateInstanceAccessControlAttributeConfiguration: post: operationId: UpdateInstanceAccessControlAttributeConfiguration description: Updates the IAM Identity Center identity store attributes that you can use with the IAM Identity Center instance for attributes-based access control (ABAC). When using an external identity provider as an identity source, you can pass attributes through the SAML assertion as an alternative to configuring attributes from the IAM Identity Center identity store. If a SAML assertion passes any of these attributes, IAM Identity Center replaces the attribute value with the value from the IAM Identity Center identity store. For more information about ABAC, see Attribute-Based Access Control in the IAM Identity Center User Guide. responses: "200": description: Success content: application/json: schema: $ref: "#/components/schemas/UpdateInstanceAccessControlAttributeConfigurationResponse" "480": description: InternalServerException content: application/json: schema: $ref: "#/components/schemas/InternalServerException" "481": description: AccessDeniedException content: application/json: schema: $ref: "#/components/schemas/AccessDeniedException" "482": description: ThrottlingException content: application/json: schema: $ref: "#/components/schemas/ThrottlingException" "483": description: ValidationException content: application/json: schema: $ref: "#/components/schemas/ValidationException" "484": description: ResourceNotFoundException content: application/json: schema: $ref: "#/components/schemas/ResourceNotFoundException" "485": description: ConflictException content: application/json: schema: $ref: "#/components/schemas/ConflictException" requestBody: required: true content: application/json: schema: $ref: "#/components/schemas/UpdateInstanceAccessControlAttributeConfigurationRequest" parameters: - name: X-Amz-Target in: header required: true schema: type: string enum: - SWBExternalService.UpdateInstanceAccessControlAttributeConfiguration summary: Amazon IAM Identity Center Update Instance Access Control Attribute Configuration x-microcks-operation: delay: 0 dispatcher: FALLBACK parameters: - $ref: "#/components/parameters/X-Amz-Content-Sha256" - $ref: "#/components/parameters/X-Amz-Date" - $ref: "#/components/parameters/X-Amz-Algorithm" - $ref: "#/components/parameters/X-Amz-Credential" - $ref: "#/components/parameters/X-Amz-Security-Token" - $ref: "#/components/parameters/X-Amz-Signature" - $ref: "#/components/parameters/X-Amz-SignedHeaders" /#X-Amz-Target=SWBExternalService.UpdatePermissionSet: post: operationId: UpdatePermissionSet description: Updates an existing permission set. responses: "200": description: Success content: application/json: schema: $ref: "#/components/schemas/UpdatePermissionSetResponse" "480": description: ResourceNotFoundException content: application/json: schema: $ref: "#/components/schemas/ResourceNotFoundException" "481": description: InternalServerException content: application/json: schema: $ref: "#/components/schemas/InternalServerException" "482": description: ThrottlingException content: application/json: schema: $ref: "#/components/schemas/ThrottlingException" "483": description: ValidationException content: application/json: schema: $ref: "#/components/schemas/ValidationException" "484": description: AccessDeniedException content: application/json: schema: $ref: "#/components/schemas/AccessDeniedException" "485": description: ConflictException content: application/json: schema: $ref: "#/components/schemas/ConflictException" requestBody: required: true content: application/json: schema: $ref: "#/components/schemas/UpdatePermissionSetRequest" parameters: - name: X-Amz-Target in: header required: true schema: type: string enum: - SWBExternalService.UpdatePermissionSet summary: Amazon IAM Identity Center Update Permission Set x-microcks-operation: delay: 0 dispatcher: FALLBACK parameters: - $ref: "#/components/parameters/X-Amz-Content-Sha256" - $ref: "#/components/parameters/X-Amz-Date" - $ref: "#/components/parameters/X-Amz-Algorithm" - $ref: "#/components/parameters/X-Amz-Credential" - $ref: "#/components/parameters/X-Amz-Security-Token" - $ref: "#/components/parameters/X-Amz-Signature" - $ref: "#/components/parameters/X-Amz-SignedHeaders" components: parameters: X-Amz-Content-Sha256: name: X-Amz-Content-Sha256 in: header schema: type: string required: false X-Amz-Date: name: X-Amz-Date in: header schema: type: string required: false X-Amz-Algorithm: name: X-Amz-Algorithm in: header schema: type: string required: false X-Amz-Credential: name: X-Amz-Credential in: header schema: type: string required: false X-Amz-Security-Token: name: X-Amz-Security-Token in: header schema: type: string required: false X-Amz-Signature: name: X-Amz-Signature in: header schema: type: string required: false X-Amz-SignedHeaders: name: X-Amz-SignedHeaders in: header schema: type: string required: false securitySchemes: hmac: type: apiKey name: Authorization in: header description: Amazon Signature authorization v4 x-amazon-apigateway-authtype: awsSigv4 schemas: AttachCustomerManagedPolicyReferenceToPermissionSetResponse: type: object properties: {} AttachCustomerManagedPolicyReferenceToPermissionSetRequest: type: object required: - InstanceArn - PermissionSetArn - CustomerManagedPolicyReference title: AttachCustomerManagedPolicyReferenceToPermissionSetRequest properties: InstanceArn: allOf: - $ref: "#/components/schemas/InstanceArn" - description: "The ARN of the IAM Identity Center instance under which the operation will be executed. " PermissionSetArn: allOf: - $ref: "#/components/schemas/PermissionSetArn" - description: The ARN of the PermissionSet. CustomerManagedPolicyReference: allOf: - $ref: "#/components/schemas/CustomerManagedPolicyReference" - description: Specifies the name and path of a customer managed policy. You must have an IAM policy that matches the name and path in each AWS account where you want to deploy your permission set. ResourceNotFoundException: {} InternalServerException: {} ServiceQuotaExceededException: {} ThrottlingException: {} ValidationException: {} AccessDeniedException: {} ConflictException: {} AttachManagedPolicyToPermissionSetResponse: type: object properties: {} AttachManagedPolicyToPermissionSetRequest: type: object required: - InstanceArn - PermissionSetArn - ManagedPolicyArn title: AttachManagedPolicyToPermissionSetRequest properties: InstanceArn: allOf: - $ref: "#/components/schemas/InstanceArn" - description: The ARN of the IAM Identity Center instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference. PermissionSetArn: allOf: - $ref: "#/components/schemas/PermissionSetArn" - description: The ARN of the PermissionSet that the managed policy should be attached to. ManagedPolicyArn: allOf: - $ref: "#/components/schemas/ManagedPolicyArn" - description: The AWS managed policy ARN to be attached to a permission set. CreateAccountAssignmentResponse: type: object properties: AccountAssignmentCreationStatus: allOf: - $ref: "#/components/schemas/AccountAssignmentOperationStatus" - description: The status object for the account assignment creation operation. CreateAccountAssignmentRequest: type: object required: - InstanceArn - TargetId - TargetType - PermissionSetArn - PrincipalType - PrincipalId title: CreateAccountAssignmentRequest properties: InstanceArn: allOf: - $ref: "#/components/schemas/InstanceArn" - description: The ARN of the IAM Identity Center instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference. TargetId: allOf: - $ref: "#/components/schemas/TargetId" - description: TargetID is an AWS account identifier, typically a 10-12 digit string (For example, 123456789012). TargetType: allOf: - $ref: "#/components/schemas/TargetType" - description: The entity type for which the assignment will be created. PermissionSetArn: allOf: - $ref: "#/components/schemas/PermissionSetArn" - description: The ARN of the permission set that the admin wants to grant the principal access to. PrincipalType: allOf: - $ref: "#/components/schemas/PrincipalType" - description: The entity type for which the assignment will be created. PrincipalId: allOf: - $ref: "#/components/schemas/PrincipalId" - description: An identifier for an object in IAM Identity Center, such as a user or group. PrincipalIds are GUIDs (For example, f81d4fae-7dec-11d0-a765-00a0c91e6bf6). For more information about PrincipalIds in IAM Identity Center, see the IAM Identity Center Identity Store API Reference. CreateInstanceAccessControlAttributeConfigurationResponse: type: object properties: {} CreateInstanceAccessControlAttributeConfigurationRequest: type: object required: - InstanceArn - InstanceAccessControlAttributeConfiguration title: CreateInstanceAccessControlAttributeConfigurationRequest properties: InstanceArn: allOf: - $ref: "#/components/schemas/InstanceArn" - description: The ARN of the IAM Identity Center instance under which the operation will be executed. InstanceAccessControlAttributeConfiguration: allOf: - $ref: "#/components/schemas/InstanceAccessControlAttributeConfiguration" - description: Specifies the IAM Identity Center identity store attributes to add to your ABAC configuration. When using an external identity provider as an identity source, you can pass attributes through the SAML assertion. Doing so provides an alternative to configuring attributes from the IAM Identity Center identity store. If a SAML assertion passes any of these attributes, IAM Identity Center will replace the attribute value with the value from the IAM Identity Center identity store. CreatePermissionSetResponse: type: object properties: PermissionSet: allOf: - $ref: "#/components/schemas/PermissionSet" - description: Defines the level of access on an AWS account. CreatePermissionSetRequest: type: object required: - Name - InstanceArn title: CreatePermissionSetRequest properties: Name: allOf: - $ref: "#/components/schemas/PermissionSetName" - description: The name of the PermissionSet. Description: allOf: - $ref: "#/components/schemas/PermissionSetDescription" - description: The description of the PermissionSet. InstanceArn: allOf: - $ref: "#/components/schemas/InstanceArn" - description: The ARN of the IAM Identity Center instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference. SessionDuration: allOf: - $ref: "#/components/schemas/Duration" - description: The length of time that the application user sessions are valid in the ISO-8601 standard. RelayState: allOf: - $ref: "#/components/schemas/RelayState" - description: Used to redirect users within the application during the federation authentication process. Tags: allOf: - $ref: "#/components/schemas/TagList" - description: The tags to attach to the new PermissionSet. DeleteAccountAssignmentResponse: type: object properties: AccountAssignmentDeletionStatus: allOf: - $ref: "#/components/schemas/AccountAssignmentOperationStatus" - description: The status object for the account assignment deletion operation. DeleteAccountAssignmentRequest: type: object required: - InstanceArn - TargetId - TargetType - PermissionSetArn - PrincipalType - PrincipalId title: DeleteAccountAssignmentRequest properties: InstanceArn: allOf: - $ref: "#/components/schemas/InstanceArn" - description: The ARN of the IAM Identity Center instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference. TargetId: allOf: - $ref: "#/components/schemas/TargetId" - description: TargetID is an AWS account identifier, typically a 10-12 digit string (For example, 123456789012). TargetType: allOf: - $ref: "#/components/schemas/TargetType" - description: The entity type for which the assignment will be deleted. PermissionSetArn: allOf: - $ref: "#/components/schemas/PermissionSetArn" - description: The ARN of the permission set that will be used to remove access. PrincipalType: allOf: - $ref: "#/components/schemas/PrincipalType" - description: The entity type for which the assignment will be deleted. PrincipalId: allOf: - $ref: "#/components/schemas/PrincipalId" - description: An identifier for an object in IAM Identity Center, such as a user or group. PrincipalIds are GUIDs (For example, f81d4fae-7dec-11d0-a765-00a0c91e6bf6). For more information about PrincipalIds in IAM Identity Center, see the IAM Identity Center Identity Store API Reference. DeleteInlinePolicyFromPermissionSetResponse: type: object properties: {} DeleteInlinePolicyFromPermissionSetRequest: type: object required: - InstanceArn - PermissionSetArn title: DeleteInlinePolicyFromPermissionSetRequest properties: InstanceArn: allOf: - $ref: "#/components/schemas/InstanceArn" - description: The ARN of the IAM Identity Center instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference. PermissionSetArn: allOf: - $ref: "#/components/schemas/PermissionSetArn" - description: The ARN of the permission set that will be used to remove access. DeleteInstanceAccessControlAttributeConfigurationResponse: type: object properties: {} DeleteInstanceAccessControlAttributeConfigurationRequest: type: object required: - InstanceArn title: DeleteInstanceAccessControlAttributeConfigurationRequest properties: InstanceArn: allOf: - $ref: "#/components/schemas/InstanceArn" - description: The ARN of the IAM Identity Center instance under which the operation will be executed. DeletePermissionSetResponse: type: object properties: {} DeletePermissionSetRequest: type: object required: - InstanceArn - PermissionSetArn title: DeletePermissionSetRequest properties: InstanceArn: allOf: - $ref: "#/components/schemas/InstanceArn" - description: The ARN of the IAM Identity Center instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference. PermissionSetArn: allOf: - $ref: "#/components/schemas/PermissionSetArn" - description: The ARN of the permission set that should be deleted. DeletePermissionsBoundaryFromPermissionSetResponse: type: object properties: {} DeletePermissionsBoundaryFromPermissionSetRequest: type: object required: - InstanceArn - PermissionSetArn title: DeletePermissionsBoundaryFromPermissionSetRequest properties: InstanceArn: allOf: - $ref: "#/components/schemas/InstanceArn" - description: "The ARN of the IAM Identity Center instance under which the operation will be executed. " PermissionSetArn: allOf: - $ref: "#/components/schemas/PermissionSetArn" - description: The ARN of the PermissionSet. DescribeAccountAssignmentCreationStatusResponse: type: object properties: AccountAssignmentCreationStatus: allOf: - $ref: "#/components/schemas/AccountAssignmentOperationStatus" - description: The status object for the account assignment creation operation. DescribeAccountAssignmentCreationStatusRequest: type: object required: - InstanceArn - AccountAssignmentCreationRequestId title: DescribeAccountAssignmentCreationStatusRequest properties: InstanceArn: allOf: - $ref: "#/components/schemas/InstanceArn" - description: The ARN of the IAM Identity Center instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference. AccountAssignmentCreationRequestId: allOf: - $ref: "#/components/schemas/UUId" - description: The identifier that is used to track the request operation progress. DescribeAccountAssignmentDeletionStatusResponse: type: object properties: AccountAssignmentDeletionStatus: allOf: - $ref: "#/components/schemas/AccountAssignmentOperationStatus" - description: The status object for the account assignment deletion operation. DescribeAccountAssignmentDeletionStatusRequest: type: object required: - InstanceArn - AccountAssignmentDeletionRequestId title: DescribeAccountAssignmentDeletionStatusRequest properties: InstanceArn: allOf: - $ref: "#/components/schemas/InstanceArn" - description: The ARN of the IAM Identity Center instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference. AccountAssignmentDeletionRequestId: allOf: - $ref: "#/components/schemas/UUId" - description: The identifier that is used to track the request operation progress. DescribeInstanceAccessControlAttributeConfigurationResponse: type: object properties: Status: allOf: - $ref: "#/components/schemas/InstanceAccessControlAttributeConfigurationStatus" - description: The status of the attribute configuration process. StatusReason: allOf: - $ref: "#/components/schemas/InstanceAccessControlAttributeConfigurationStatusReason" - description: Provides more details about the current status of the specified attribute. InstanceAccessControlAttributeConfiguration: allOf: - $ref: "#/components/schemas/InstanceAccessControlAttributeConfiguration" - description: Gets the list of IAM Identity Center identity store attributes that have been added to your ABAC configuration. DescribeInstanceAccessControlAttributeConfigurationRequest: type: object required: - InstanceArn title: DescribeInstanceAccessControlAttributeConfigurationRequest properties: InstanceArn: allOf: - $ref: "#/components/schemas/InstanceArn" - description: The ARN of the IAM Identity Center instance under which the operation will be executed. DescribePermissionSetResponse: type: object properties: PermissionSet: allOf: - $ref: "#/components/schemas/PermissionSet" - description: Describes the level of access on an AWS account. DescribePermissionSetRequest: type: object required: - InstanceArn - PermissionSetArn title: DescribePermissionSetRequest properties: InstanceArn: allOf: - $ref: "#/components/schemas/InstanceArn" - description: The ARN of the IAM Identity Center instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference. PermissionSetArn: allOf: - $ref: "#/components/schemas/PermissionSetArn" - description: "The ARN of the permission set. " DescribePermissionSetProvisioningStatusResponse: type: object properties: PermissionSetProvisioningStatus: allOf: - $ref: "#/components/schemas/PermissionSetProvisioningStatus" - description: The status object for the permission set provisioning operation. DescribePermissionSetProvisioningStatusRequest: type: object required: - InstanceArn - ProvisionPermissionSetRequestId title: DescribePermissionSetProvisioningStatusRequest properties: InstanceArn: allOf: - $ref: "#/components/schemas/InstanceArn" - description: The ARN of the IAM Identity Center instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference. ProvisionPermissionSetRequestId: allOf: - $ref: "#/components/schemas/UUId" - description: The identifier that is provided by the ProvisionPermissionSet call to retrieve the current status of the provisioning workflow. DetachCustomerManagedPolicyReferenceFromPermissionSetResponse: type: object properties: {} DetachCustomerManagedPolicyReferenceFromPermissionSetRequest: type: object required: - InstanceArn - PermissionSetArn - CustomerManagedPolicyReference title: DetachCustomerManagedPolicyReferenceFromPermissionSetRequest properties: InstanceArn: allOf: - $ref: "#/components/schemas/InstanceArn" - description: "The ARN of the IAM Identity Center instance under which the operation will be executed. " PermissionSetArn: allOf: - $ref: "#/components/schemas/PermissionSetArn" - description: The ARN of the PermissionSet. CustomerManagedPolicyReference: allOf: - $ref: "#/components/schemas/CustomerManagedPolicyReference" - description: Specifies the name and path of a customer managed policy. You must have an IAM policy that matches the name and path in each AWS account where you want to deploy your permission set. DetachManagedPolicyFromPermissionSetResponse: type: object properties: {} DetachManagedPolicyFromPermissionSetRequest: type: object required: - InstanceArn - PermissionSetArn - ManagedPolicyArn title: DetachManagedPolicyFromPermissionSetRequest properties: InstanceArn: allOf: - $ref: "#/components/schemas/InstanceArn" - description: The ARN of the IAM Identity Center instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference. PermissionSetArn: allOf: - $ref: "#/components/schemas/PermissionSetArn" - description: The ARN of the PermissionSet from which the policy should be detached. ManagedPolicyArn: allOf: - $ref: "#/components/schemas/ManagedPolicyArn" - description: The AWS managed policy ARN to be detached from a permission set. GetInlinePolicyForPermissionSetResponse: type: object properties: InlinePolicy: allOf: - $ref: "#/components/schemas/PermissionSetPolicyDocument" - description: The inline policy that is attached to the permission set. GetInlinePolicyForPermissionSetRequest: type: object required: - InstanceArn - PermissionSetArn title: GetInlinePolicyForPermissionSetRequest properties: InstanceArn: allOf: - $ref: "#/components/schemas/InstanceArn" - description: The ARN of the IAM Identity Center instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference. PermissionSetArn: allOf: - $ref: "#/components/schemas/PermissionSetArn" - description: The ARN of the permission set. GetPermissionsBoundaryForPermissionSetResponse: type: object properties: PermissionsBoundary: allOf: - $ref: "#/components/schemas/PermissionsBoundary" - description: The permissions boundary attached to the specified permission set. GetPermissionsBoundaryForPermissionSetRequest: type: object required: - InstanceArn - PermissionSetArn title: GetPermissionsBoundaryForPermissionSetRequest properties: InstanceArn: allOf: - $ref: "#/components/schemas/InstanceArn" - description: "The ARN of the IAM Identity Center instance under which the operation will be executed. " PermissionSetArn: allOf: - $ref: "#/components/schemas/PermissionSetArn" - description: The ARN of the PermissionSet. ListAccountAssignmentCreationStatusResponse: type: object properties: AccountAssignmentsCreationStatus: allOf: - $ref: "#/components/schemas/AccountAssignmentOperationStatusList" - description: The status object for the account assignment creation operation. NextToken: allOf: - $ref: "#/components/schemas/Token" - description: The pagination token for the list API. Initially the value is null. Use the output of previous API calls to make subsequent calls. ListAccountAssignmentCreationStatusRequest: type: object required: - InstanceArn title: ListAccountAssignmentCreationStatusRequest properties: InstanceArn: allOf: - $ref: "#/components/schemas/InstanceArn" - description: The ARN of the IAM Identity Center instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference. MaxResults: allOf: - $ref: "#/components/schemas/MaxResults" - description: The maximum number of results to display for the assignment. NextToken: allOf: - $ref: "#/components/schemas/Token" - description: The pagination token for the list API. Initially the value is null. Use the output of previous API calls to make subsequent calls. Filter: allOf: - $ref: "#/components/schemas/OperationStatusFilter" - description: Filters results based on the passed attribute value. ListAccountAssignmentDeletionStatusResponse: type: object properties: AccountAssignmentsDeletionStatus: allOf: - $ref: "#/components/schemas/AccountAssignmentOperationStatusList" - description: The status object for the account assignment deletion operation. NextToken: allOf: - $ref: "#/components/schemas/Token" - description: The pagination token for the list API. Initially the value is null. Use the output of previous API calls to make subsequent calls. ListAccountAssignmentDeletionStatusRequest: type: object required: - InstanceArn title: ListAccountAssignmentDeletionStatusRequest properties: InstanceArn: allOf: - $ref: "#/components/schemas/InstanceArn" - description: The ARN of the IAM Identity Center instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference. MaxResults: allOf: - $ref: "#/components/schemas/MaxResults" - description: The maximum number of results to display for the assignment. NextToken: allOf: - $ref: "#/components/schemas/Token" - description: The pagination token for the list API. Initially the value is null. Use the output of previous API calls to make subsequent calls. Filter: allOf: - $ref: "#/components/schemas/OperationStatusFilter" - description: Filters results based on the passed attribute value. ListAccountAssignmentsResponse: type: object properties: AccountAssignments: allOf: - $ref: "#/components/schemas/AccountAssignmentList" - description: The list of assignments that match the input AWS account and permission set. NextToken: allOf: - $ref: "#/components/schemas/Token" - description: The pagination token for the list API. Initially the value is null. Use the output of previous API calls to make subsequent calls. ListAccountAssignmentsRequest: type: object required: - InstanceArn - AccountId - PermissionSetArn title: ListAccountAssignmentsRequest properties: InstanceArn: allOf: - $ref: "#/components/schemas/InstanceArn" - description: The ARN of the IAM Identity Center instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference. AccountId: allOf: - $ref: "#/components/schemas/TargetId" - description: The identifier of the AWS account from which to list the assignments. PermissionSetArn: allOf: - $ref: "#/components/schemas/PermissionSetArn" - description: The ARN of the permission set from which to list assignments. MaxResults: allOf: - $ref: "#/components/schemas/MaxResults" - description: The maximum number of results to display for the assignment. NextToken: allOf: - $ref: "#/components/schemas/Token" - description: The pagination token for the list API. Initially the value is null. Use the output of previous API calls to make subsequent calls. ListAccountsForProvisionedPermissionSetResponse: type: object properties: AccountIds: allOf: - $ref: "#/components/schemas/AccountList" - description: The list of AWS AccountIds. NextToken: allOf: - $ref: "#/components/schemas/Token" - description: The pagination token for the list API. Initially the value is null. Use the output of previous API calls to make subsequent calls. ListAccountsForProvisionedPermissionSetRequest: type: object required: - InstanceArn - PermissionSetArn title: ListAccountsForProvisionedPermissionSetRequest properties: InstanceArn: allOf: - $ref: "#/components/schemas/InstanceArn" - description: The ARN of the IAM Identity Center instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference. PermissionSetArn: allOf: - $ref: "#/components/schemas/PermissionSetArn" - description: The ARN of the PermissionSet from which the associated AWS accounts will be listed. ProvisioningStatus: allOf: - $ref: "#/components/schemas/ProvisioningStatus" - description: The permission set provisioning status for an AWS account. MaxResults: allOf: - $ref: "#/components/schemas/MaxResults" - description: The maximum number of results to display for the PermissionSet. NextToken: allOf: - $ref: "#/components/schemas/Token" - description: The pagination token for the list API. Initially the value is null. Use the output of previous API calls to make subsequent calls. ListCustomerManagedPolicyReferencesInPermissionSetResponse: type: object properties: CustomerManagedPolicyReferences: allOf: - $ref: "#/components/schemas/CustomerManagedPolicyReferenceList" - description: Specifies the names and paths of the customer managed policies that you have attached to your permission set. NextToken: allOf: - $ref: "#/components/schemas/Token" - description: The pagination token for the list API. Initially the value is null. Use the output of previous API calls to make subsequent calls. ListCustomerManagedPolicyReferencesInPermissionSetRequest: type: object required: - InstanceArn - PermissionSetArn title: ListCustomerManagedPolicyReferencesInPermissionSetRequest properties: InstanceArn: allOf: - $ref: "#/components/schemas/InstanceArn" - description: "The ARN of the IAM Identity Center instance under which the operation will be executed. " PermissionSetArn: allOf: - $ref: "#/components/schemas/PermissionSetArn" - description: "The ARN of the PermissionSet. " MaxResults: allOf: - $ref: "#/components/schemas/MaxResults" - description: The maximum number of results to display for the list call. NextToken: allOf: - $ref: "#/components/schemas/Token" - description: The pagination token for the list API. Initially the value is null. Use the output of previous API calls to make subsequent calls. ListInstancesResponse: type: object properties: Instances: allOf: - $ref: "#/components/schemas/InstanceList" - description: Lists the IAM Identity Center instances that the caller has access to. NextToken: allOf: - $ref: "#/components/schemas/Token" - description: The pagination token for the list API. Initially the value is null. Use the output of previous API calls to make subsequent calls. ListInstancesRequest: type: object title: ListInstancesRequest properties: MaxResults: allOf: - $ref: "#/components/schemas/MaxResults" - description: The maximum number of results to display for the instance. NextToken: allOf: - $ref: "#/components/schemas/Token" - description: The pagination token for the list API. Initially the value is null. Use the output of previous API calls to make subsequent calls. ListManagedPoliciesInPermissionSetResponse: type: object properties: AttachedManagedPolicies: allOf: - $ref: "#/components/schemas/AttachedManagedPolicyList" - description: An array of the AttachedManagedPolicy data type object. NextToken: allOf: - $ref: "#/components/schemas/Token" - description: The pagination token for the list API. Initially the value is null. Use the output of previous API calls to make subsequent calls. ListManagedPoliciesInPermissionSetRequest: type: object required: - InstanceArn - PermissionSetArn title: ListManagedPoliciesInPermissionSetRequest properties: InstanceArn: allOf: - $ref: "#/components/schemas/InstanceArn" - description: The ARN of the IAM Identity Center instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference. PermissionSetArn: allOf: - $ref: "#/components/schemas/PermissionSetArn" - description: The ARN of the PermissionSet whose managed policies will be listed. MaxResults: allOf: - $ref: "#/components/schemas/MaxResults" - description: The maximum number of results to display for the PermissionSet. NextToken: allOf: - $ref: "#/components/schemas/Token" - description: The pagination token for the list API. Initially the value is null. Use the output of previous API calls to make subsequent calls. ListPermissionSetProvisioningStatusResponse: type: object properties: PermissionSetsProvisioningStatus: allOf: - $ref: "#/components/schemas/PermissionSetProvisioningStatusList" - description: The status object for the permission set provisioning operation. NextToken: allOf: - $ref: "#/components/schemas/Token" - description: The pagination token for the list API. Initially the value is null. Use the output of previous API calls to make subsequent calls. ListPermissionSetProvisioningStatusRequest: type: object required: - InstanceArn title: ListPermissionSetProvisioningStatusRequest properties: InstanceArn: allOf: - $ref: "#/components/schemas/InstanceArn" - description: The ARN of the IAM Identity Center instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference. MaxResults: allOf: - $ref: "#/components/schemas/MaxResults" - description: The maximum number of results to display for the assignment. NextToken: allOf: - $ref: "#/components/schemas/Token" - description: The pagination token for the list API. Initially the value is null. Use the output of previous API calls to make subsequent calls. Filter: allOf: - $ref: "#/components/schemas/OperationStatusFilter" - description: Filters results based on the passed attribute value. ListPermissionSetsResponse: type: object properties: PermissionSets: allOf: - $ref: "#/components/schemas/PermissionSetList" - description: Defines the level of access on an AWS account. NextToken: allOf: - $ref: "#/components/schemas/Token" - description: The pagination token for the list API. Initially the value is null. Use the output of previous API calls to make subsequent calls. ListPermissionSetsRequest: type: object required: - InstanceArn title: ListPermissionSetsRequest properties: InstanceArn: allOf: - $ref: "#/components/schemas/InstanceArn" - description: The ARN of the IAM Identity Center instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference. NextToken: allOf: - $ref: "#/components/schemas/Token" - description: The pagination token for the list API. Initially the value is null. Use the output of previous API calls to make subsequent calls. MaxResults: allOf: - $ref: "#/components/schemas/MaxResults" - description: The maximum number of results to display for the assignment. ListPermissionSetsProvisionedToAccountResponse: type: object properties: NextToken: allOf: - $ref: "#/components/schemas/Token" - description: The pagination token for the list API. Initially the value is null. Use the output of previous API calls to make subsequent calls. PermissionSets: allOf: - $ref: "#/components/schemas/PermissionSetList" - description: Defines the level of access that an AWS account has. ListPermissionSetsProvisionedToAccountRequest: type: object required: - InstanceArn - AccountId title: ListPermissionSetsProvisionedToAccountRequest properties: InstanceArn: allOf: - $ref: "#/components/schemas/InstanceArn" - description: The ARN of the IAM Identity Center instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference. AccountId: allOf: - $ref: "#/components/schemas/AccountId" - description: The identifier of the AWS account from which to list the assignments. ProvisioningStatus: allOf: - $ref: "#/components/schemas/ProvisioningStatus" - description: The status object for the permission set provisioning operation. MaxResults: allOf: - $ref: "#/components/schemas/MaxResults" - description: The maximum number of results to display for the assignment. NextToken: allOf: - $ref: "#/components/schemas/Token" - description: The pagination token for the list API. Initially the value is null. Use the output of previous API calls to make subsequent calls. ListTagsForResourceResponse: type: object properties: Tags: allOf: - $ref: "#/components/schemas/TagList" - description: A set of key-value pairs that are used to manage the resource. NextToken: allOf: - $ref: "#/components/schemas/Token" - description: The pagination token for the list API. Initially the value is null. Use the output of previous API calls to make subsequent calls. ListTagsForResourceRequest: type: object required: - InstanceArn - ResourceArn title: ListTagsForResourceRequest properties: InstanceArn: allOf: - $ref: "#/components/schemas/InstanceArn" - description: The ARN of the IAM Identity Center instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference. ResourceArn: allOf: - $ref: "#/components/schemas/TaggableResourceArn" - description: The ARN of the resource with the tags to be listed. NextToken: allOf: - $ref: "#/components/schemas/Token" - description: The pagination token for the list API. Initially the value is null. Use the output of previous API calls to make subsequent calls. ProvisionPermissionSetResponse: type: object properties: PermissionSetProvisioningStatus: allOf: - $ref: "#/components/schemas/PermissionSetProvisioningStatus" - description: The status object for the permission set provisioning operation. ProvisionPermissionSetRequest: type: object required: - InstanceArn - PermissionSetArn - TargetType title: ProvisionPermissionSetRequest properties: InstanceArn: allOf: - $ref: "#/components/schemas/InstanceArn" - description: The ARN of the IAM Identity Center instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference. PermissionSetArn: allOf: - $ref: "#/components/schemas/PermissionSetArn" - description: The ARN of the permission set. TargetId: allOf: - $ref: "#/components/schemas/TargetId" - description: TargetID is an AWS account identifier, typically a 10-12 digit string (For example, 123456789012). TargetType: allOf: - $ref: "#/components/schemas/ProvisionTargetType" - description: The entity type for which the assignment will be created. PutInlinePolicyToPermissionSetResponse: type: object properties: {} PutInlinePolicyToPermissionSetRequest: type: object required: - InstanceArn - PermissionSetArn - InlinePolicy title: PutInlinePolicyToPermissionSetRequest properties: InstanceArn: allOf: - $ref: "#/components/schemas/InstanceArn" - description: The ARN of the IAM Identity Center instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference. PermissionSetArn: allOf: - $ref: "#/components/schemas/PermissionSetArn" - description: The ARN of the permission set. InlinePolicy: allOf: - $ref: "#/components/schemas/PermissionSetPolicyDocument" - description: The inline policy to attach to a PermissionSet. PutPermissionsBoundaryToPermissionSetResponse: type: object properties: {} PutPermissionsBoundaryToPermissionSetRequest: type: object required: - InstanceArn - PermissionSetArn - PermissionsBoundary title: PutPermissionsBoundaryToPermissionSetRequest properties: InstanceArn: allOf: - $ref: "#/components/schemas/InstanceArn" - description: "The ARN of the IAM Identity Center instance under which the operation will be executed. " PermissionSetArn: allOf: - $ref: "#/components/schemas/PermissionSetArn" - description: The ARN of the PermissionSet. PermissionsBoundary: allOf: - $ref: "#/components/schemas/PermissionsBoundary" - description: The permissions boundary that you want to attach to a PermissionSet. TagResourceResponse: type: object properties: {} TagResourceRequest: type: object required: - InstanceArn - ResourceArn - Tags title: TagResourceRequest properties: InstanceArn: allOf: - $ref: "#/components/schemas/InstanceArn" - description: The ARN of the IAM Identity Center instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference. ResourceArn: allOf: - $ref: "#/components/schemas/TaggableResourceArn" - description: The ARN of the resource with the tags to be listed. Tags: allOf: - $ref: "#/components/schemas/TagList" - description: A set of key-value pairs that are used to manage the resource. UntagResourceResponse: type: object properties: {} UntagResourceRequest: type: object required: - InstanceArn - ResourceArn - TagKeys title: UntagResourceRequest properties: InstanceArn: allOf: - $ref: "#/components/schemas/InstanceArn" - description: The ARN of the IAM Identity Center instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference. ResourceArn: allOf: - $ref: "#/components/schemas/TaggableResourceArn" - description: The ARN of the resource with the tags to be listed. TagKeys: allOf: - $ref: "#/components/schemas/TagKeyList" - description: The keys of tags that are attached to the resource. UpdateInstanceAccessControlAttributeConfigurationResponse: type: object properties: {} UpdateInstanceAccessControlAttributeConfigurationRequest: type: object required: - InstanceArn - InstanceAccessControlAttributeConfiguration title: UpdateInstanceAccessControlAttributeConfigurationRequest properties: InstanceArn: allOf: - $ref: "#/components/schemas/InstanceArn" - description: The ARN of the IAM Identity Center instance under which the operation will be executed. InstanceAccessControlAttributeConfiguration: allOf: - $ref: "#/components/schemas/InstanceAccessControlAttributeConfiguration" - description: Updates the attributes for your ABAC configuration. UpdatePermissionSetResponse: type: object properties: {} UpdatePermissionSetRequest: type: object required: - InstanceArn - PermissionSetArn title: UpdatePermissionSetRequest properties: InstanceArn: allOf: - $ref: "#/components/schemas/InstanceArn" - description: The ARN of the IAM Identity Center instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference. PermissionSetArn: allOf: - $ref: "#/components/schemas/PermissionSetArn" - description: The ARN of the permission set. Description: allOf: - $ref: "#/components/schemas/PermissionSetDescription" - description: The description of the PermissionSet. SessionDuration: allOf: - $ref: "#/components/schemas/Duration" - description: The length of time that the application user sessions are valid for in the ISO-8601 standard. RelayState: allOf: - $ref: "#/components/schemas/RelayState" - description: Used to redirect users within the application during the federation authentication process. AccessControlAttributeKey: type: string pattern: "[\\p{L}\\p{Z}\\p{N}_.:\\/=+\\-@]+" minLength: 1 maxLength: 128 AccessControlAttributeValue: type: object required: - Source properties: Source: allOf: - $ref: "#/components/schemas/AccessControlAttributeValueSourceList" - description: The identity source to use when mapping a specified attribute to IAM Identity Center. description: The value used for mapping a specified attribute to an identity source. For more information, see Attribute mappings in the IAM Identity Center User Guide. AccessControlAttribute: type: object required: - Key - Value properties: Key: allOf: - $ref: "#/components/schemas/AccessControlAttributeKey" - description: The name of the attribute associated with your identities in your identity source. This is used to map a specified attribute in your identity source with an attribute in IAM Identity Center. Value: allOf: - $ref: "#/components/schemas/AccessControlAttributeValue" - description: The value used for mapping a specified attribute to an identity source. description: These are IAM Identity Center identity store attributes that you can configure for use in attributes-based access control (ABAC). You can create permissions policies that determine who can access your AWS resources based upon the configured attribute values. When you enable ABAC and specify AccessControlAttributes, IAM Identity Center passes the attribute values of the authenticated user into IAM for use in policy evaluation. AccessControlAttributeList: type: array items: $ref: "#/components/schemas/AccessControlAttribute" minItems: 0 maxItems: 50 AccessControlAttributeValueSourceList: type: array items: $ref: "#/components/schemas/AccessControlAttributeValueSource" minItems: 1 maxItems: 1 AccessControlAttributeValueSource: type: string pattern: '[\p{L}\p{Z}\p{N}_.:\/=+\-@\[\]\{\}\$\\"]*' minLength: 0 maxLength: 256 AccountId: type: string pattern: \d{12} minLength: 12 maxLength: 12 PermissionSetArn: type: string pattern: arn:(aws|aws-us-gov|aws-cn|aws-iso|aws-iso-b):sso:::permissionSet/(sso)?ins-[a-zA-Z0-9-.]{16}/ps-[a-zA-Z0-9-./]{16} minLength: 10 maxLength: 1224 PrincipalType: type: string enum: - USER - GROUP PrincipalId: type: string pattern: ^([0-9a-f]{10}-|)[A-Fa-f0-9]{8}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{12}$ minLength: 1 maxLength: 47 AccountAssignment: type: object properties: AccountId: allOf: - $ref: "#/components/schemas/AccountId" - description: The identifier of the AWS account. PermissionSetArn: allOf: - $ref: "#/components/schemas/PermissionSetArn" - description: The ARN of the permission set. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference. PrincipalType: allOf: - $ref: "#/components/schemas/PrincipalType" - description: The entity type for which the assignment will be created. PrincipalId: allOf: - $ref: "#/components/schemas/PrincipalId" - description: An identifier for an object in IAM Identity Center, such as a user or group. PrincipalIds are GUIDs (For example, f81d4fae-7dec-11d0-a765-00a0c91e6bf6). For more information about PrincipalIds in IAM Identity Center, see the IAM Identity Center Identity Store API Reference. description:

The assignment that indicates a principal's limited access to a specified AWS account with a specified permission set.

The term principal here refers to a user or group that is defined in IAM Identity Center.

AccountAssignmentList: type: array items: $ref: "#/components/schemas/AccountAssignment" StatusValues: type: string enum: - IN_PROGRESS - FAILED - SUCCEEDED UUId: type: string pattern: \b[0-9a-f]{8}\b-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-\b[0-9a-f]{12}\b minLength: 36 maxLength: 36 Reason: type: string pattern: "[\\p{L}\\p{M}\\p{Z}\\p{S}\\p{N}\\p{P}]*" TargetId: type: string pattern: \d{12} minLength: 12 maxLength: 12 TargetType: type: string enum: - AWS_ACCOUNT Date: type: string format: date-time AccountAssignmentOperationStatus: type: object properties: Status: allOf: - $ref: "#/components/schemas/StatusValues" - description: The status of the permission set provisioning process. RequestId: allOf: - $ref: "#/components/schemas/UUId" - description: The identifier for tracking the request operation that is generated by the universally unique identifier (UUID) workflow. FailureReason: allOf: - $ref: "#/components/schemas/Reason" - description: The message that contains an error or exception in case of an operation failure. TargetId: allOf: - $ref: "#/components/schemas/TargetId" - description: TargetID is an AWS account identifier, typically a 10-12 digit string (For example, 123456789012). TargetType: allOf: - $ref: "#/components/schemas/TargetType" - description: The entity type for which the assignment will be created. PermissionSetArn: allOf: - $ref: "#/components/schemas/PermissionSetArn" - description: The ARN of the permission set. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference. PrincipalType: allOf: - $ref: "#/components/schemas/PrincipalType" - description: The entity type for which the assignment will be created. PrincipalId: allOf: - $ref: "#/components/schemas/PrincipalId" - description: An identifier for an object in IAM Identity Center, such as a user or group. PrincipalIds are GUIDs (For example, f81d4fae-7dec-11d0-a765-00a0c91e6bf6). For more information about PrincipalIds in IAM Identity Center, see the IAM Identity Center Identity Store API Reference. CreatedDate: allOf: - $ref: "#/components/schemas/Date" - description: The date that the permission set was created. description: The status of the creation or deletion operation of an assignment that a principal needs to access an account. AccountAssignmentOperationStatusMetadata: type: object properties: Status: allOf: - $ref: "#/components/schemas/StatusValues" - description: The status of the permission set provisioning process. RequestId: allOf: - $ref: "#/components/schemas/UUId" - description: The identifier for tracking the request operation that is generated by the universally unique identifier (UUID) workflow. CreatedDate: allOf: - $ref: "#/components/schemas/Date" - description: The date that the permission set was created. description: Provides information about the AccountAssignment creation request. AccountAssignmentOperationStatusList: type: array items: $ref: "#/components/schemas/AccountAssignmentOperationStatusMetadata" AccountList: type: array items: $ref: "#/components/schemas/AccountId" InstanceArn: type: string pattern: arn:(aws|aws-us-gov|aws-cn|aws-iso|aws-iso-b):sso:::instance/(sso)?ins-[a-zA-Z0-9-.]{16} minLength: 10 maxLength: 1224 CustomerManagedPolicyReference: type: object required: - Name properties: Name: allOf: - $ref: "#/components/schemas/ManagedPolicyName" - description: The name of the IAM policy that you have configured in each account where you want to deploy your permission set. Path: allOf: - $ref: "#/components/schemas/ManagedPolicyPath" - description: The path to the IAM policy that you have configured in each account where you want to deploy your permission set. The default is /. For more information, see Friendly names and paths in the IAM User Guide. description: Specifies the name and path of a customer managed policy. You must have an IAM policy that matches the name and path in each AWS account where you want to deploy your permission set. ManagedPolicyArn: type: string pattern: arn:(aws|aws-us-gov|aws-cn|aws-iso|aws-iso-b):iam::aws:policy/[\p{L}\p{M}\p{Z}\p{S}\p{N}\p{P}]+ minLength: 20 maxLength: 2048 Name: type: string minLength: 1 maxLength: 100 AttachedManagedPolicy: type: object properties: Name: allOf: - $ref: "#/components/schemas/Name" - description: The name of the AWS managed policy. Arn: allOf: - $ref: "#/components/schemas/ManagedPolicyArn" - description: The ARN of the AWS managed policy. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference. description: A structure that stores the details of the AWS managed policy. AttachedManagedPolicyList: type: array items: $ref: "#/components/schemas/AttachedManagedPolicy" InstanceAccessControlAttributeConfiguration: type: object required: - AccessControlAttributes properties: AccessControlAttributes: allOf: - $ref: "#/components/schemas/AccessControlAttributeList" - description: Lists the attributes that are configured for ABAC in the specified IAM Identity Center instance. description: Specifies the attributes to add to your attribute-based access control (ABAC) configuration. PermissionSetName: type: string pattern: "[\\w+=,.@-]+" minLength: 1 maxLength: 32 PermissionSetDescription: type: string pattern: "[\\u0009\\u000A\\u000D\\u0020-\\u007E\\u00A0-\\u00FF]*" minLength: 1 maxLength: 700 Duration: type: string pattern: ^(-?)P(?=\d|T\d)(?:(\d+)Y)?(?:(\d+)M)?(?:(\d+)([DW]))?(?:T(?:(\d+)H)?(?:(\d+)M)?(?:(\d+(?:\.\d+)?)S)?)?$ minLength: 1 maxLength: 100 RelayState: type: string pattern: "[a-zA-Z0-9&$@#\\\\\\/%?=~\\-_'\"|!:,.;*+\\[\\]\\ \$\$\\{\\}]+" minLength: 1 maxLength: 240 TagList: type: array items: $ref: "#/components/schemas/Tag" minItems: 0 maxItems: 50 PermissionSet: type: object properties: Name: allOf: - $ref: "#/components/schemas/PermissionSetName" - description: The name of the permission set. PermissionSetArn: allOf: - $ref: "#/components/schemas/PermissionSetArn" - description: The ARN of the permission set. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference. Description: allOf: - $ref: "#/components/schemas/PermissionSetDescription" - description: The description of the PermissionSet. CreatedDate: allOf: - $ref: "#/components/schemas/Date" - description: The date that the permission set was created. SessionDuration: allOf: - $ref: "#/components/schemas/Duration" - description: The length of time that the application user sessions are valid for in the ISO-8601 standard. RelayState: allOf: - $ref: "#/components/schemas/RelayState" - description: Used to redirect users within the application during the federation authentication process. description: An entity that contains IAM policies. ManagedPolicyName: type: string pattern: "[\\w+=,.@-]+" minLength: 1 maxLength: 128 ManagedPolicyPath: type: string pattern: ((/[A-Za-z0-9\.,\+@=_-]+)*)/ minLength: 1 maxLength: 512 CustomerManagedPolicyReferenceList: type: array items: $ref: "#/components/schemas/CustomerManagedPolicyReference" InstanceAccessControlAttributeConfigurationStatus: type: string enum: - ENABLED - CREATION_IN_PROGRESS - CREATION_FAILED InstanceAccessControlAttributeConfigurationStatusReason: type: string PermissionSetProvisioningStatus: type: object properties: Status: allOf: - $ref: "#/components/schemas/StatusValues" - description: The status of the permission set provisioning process. RequestId: allOf: - $ref: "#/components/schemas/UUId" - description: The identifier for tracking the request operation that is generated by the universally unique identifier (UUID) workflow. AccountId: allOf: - $ref: "#/components/schemas/AccountId" - description: The identifier of the AWS account from which to list the assignments. PermissionSetArn: allOf: - $ref: "#/components/schemas/PermissionSetArn" - description: The ARN of the permission set that is being provisioned. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference. FailureReason: allOf: - $ref: "#/components/schemas/Reason" - description: The message that contains an error or exception in case of an operation failure. CreatedDate: allOf: - $ref: "#/components/schemas/Date" - description: The date that the permission set was created. description: A structure that is used to provide the status of the provisioning operation for a specified permission set. PermissionSetPolicyDocument: type: string pattern: "[\\u0009\\u000A\\u000D\\u0020-\\u00FF]+" minLength: 1 maxLength: 10240 PermissionsBoundary: type: object properties: CustomerManagedPolicyReference: allOf: - $ref: "#/components/schemas/CustomerManagedPolicyReference" - description: Specifies the name and path of a customer managed policy. You must have an IAM policy that matches the name and path in each AWS account where you want to deploy your permission set. ManagedPolicyArn: allOf: - $ref: "#/components/schemas/ManagedPolicyArn" - description: The AWS managed policy ARN that you want to attach to a permission set as a permissions boundary. description:

Specifies the configuration of the AWS managed or customer managed policy that you want to set as a permissions boundary. Specify either CustomerManagedPolicyReference to use the name and path of a customer managed policy, or ManagedPolicyArn to use the ARN of an AWS managed policy. A permissions boundary represents the maximum permissions that any policy can grant your role. For more information, see Permissions boundaries for IAM entities in the IAM User Guide.

Policies used as permissions boundaries don't provide permissions. You must also attach an IAM policy to the role. To learn how the effective permissions for a role are evaluated, see IAM JSON policy evaluation logic in the IAM User Guide.

Id: type: string pattern: ^[a-zA-Z0-9-]* minLength: 1 maxLength: 64 InstanceMetadata: type: object properties: InstanceArn: allOf: - $ref: "#/components/schemas/InstanceArn" - description: The ARN of the IAM Identity Center instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference. IdentityStoreId: allOf: - $ref: "#/components/schemas/Id" - description: The identifier of the identity store that is connected to the IAM Identity Center instance. description: Provides information about the IAM Identity Center instance. InstanceList: type: array items: $ref: "#/components/schemas/InstanceMetadata" MaxResults: type: integer minimum: 1 maximum: 100 Token: type: string pattern: ^[-a-zA-Z0-9+=/_]* maxLength: 2048 OperationStatusFilter: type: object properties: Status: allOf: - $ref: "#/components/schemas/StatusValues" - description: Filters the list operations result based on the status attribute. description: Filters he operation status list based on the passed attribute value. ProvisioningStatus: type: string enum: - LATEST_PERMISSION_SET_PROVISIONED - LATEST_PERMISSION_SET_NOT_PROVISIONED PermissionSetProvisioningStatusList: type: array items: $ref: "#/components/schemas/PermissionSetProvisioningStatusMetadata" PermissionSetList: type: array items: $ref: "#/components/schemas/PermissionSetArn" TaggableResourceArn: type: string pattern: arn:(aws|aws-us-gov|aws-cn|aws-iso|aws-iso-b):sso:::permissionSet/(sso)?ins-[a-zA-Z0-9-.]{16}/ps-[a-zA-Z0-9-./]{16} minLength: 10 maxLength: 2048 PermissionSetProvisioningStatusMetadata: type: object properties: Status: allOf: - $ref: "#/components/schemas/StatusValues" - description: The status of the permission set provisioning process. RequestId: allOf: - $ref: "#/components/schemas/UUId" - description: The identifier for tracking the request operation that is generated by the universally unique identifier (UUID) workflow. CreatedDate: allOf: - $ref: "#/components/schemas/Date" - description: The date that the permission set was created. description: Provides information about the permission set provisioning status. ProvisionTargetType: type: string enum: - AWS_ACCOUNT - ALL_PROVISIONED_ACCOUNTS TagKey: type: string pattern: ^([\p{L}\p{Z}\p{N}_.:/=+\-@]*)$ minLength: 1 maxLength: 128 TagValue: type: string pattern: ^([\p{L}\p{Z}\p{N}_.:/=+\-@]*)$ minLength: 0 maxLength: 256 Tag: type: object required: - Key - Value properties: Key: allOf: - $ref: "#/components/schemas/TagKey" - description: The key for the tag. Value: allOf: - $ref: "#/components/schemas/TagValue" - description: The value of the tag. description: A set of key-value pairs that are used to manage the resource. Tags can only be applied to permission sets and cannot be applied to corresponding roles that IAM Identity Center creates in AWS accounts. TagKeyList: type: array items: $ref: "#/components/schemas/TagKey" minItems: 1 maxItems: 50 security: - hmac: []