"AccountAssignmentDeletionStatus": { "CreatedDate": number,
"FailureReason": "string", "PermissionSetArn": "string", "PrincipalId": "string", "PrincipalType": "string", "RequestId": "string", "Status": "string", "TargetId": "string", "TargetType": "string"
}}
Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
AccountAssignmentDeletionStatus (p. 17)
The status object for the account assignment deletion operation.
Errors
Type: AccountAssignmentOperationStatus (p. 99) object
Errors
For information about the errors that are common to all actions, see Common Errors (p. 114).
AccessDeniedException
You do not have sufficient access to perform this action.
HTTP Status Code: 400 ConflictException
Occurs when a conflict with a previous successful write is detected. This generally occurs when the previous write did not have time to propagate to the host serving the current request. A retry (with appropriate backoff logic) is the recommended response to this exception.
HTTP Status Code: 400 InternalServerException
The request processing has failed because of an unknown error, exception, or failure with an internal server.
HTTP Status Code: 400 ResourceNotFoundException
Indicates that a requested resource is not found.
HTTP Status Code: 400 ThrottlingException
Indicates that the principal has crossed the throttling limits of the API operations.
HTTP Status Code: 400 ValidationException
The request failed because it contains a syntax error.
HTTP Status Code: 400
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface
• AWS SDK for .NET
• AWS SDK for C++
• AWS SDK for Go
• AWS SDK for Java V2
• AWS SDK for JavaScript
• AWS SDK for PHP V3
• AWS SDK for Python
• AWS SDK for Ruby V3
See Also
DeleteInlinePolicyFromPermissionSet
DeleteInlinePolicyFromPermissionSet
Deletes the inline policy from a specified permission set.
Request Syntax
{ "InstanceArn": "string", "PermissionSetArn": "string"
}
Request Parameters
For information about the parameters that are common to all actions, see Common Parameters (p. 112).
The request accepts the following data in JSON format.
InstanceArn (p. 20)
The ARN of the SSO instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.
Type: String
Length Constraints: Minimum length of 10. Maximum length of 1224.
Pattern: arn:(aws|aws-us-gov|aws-cn|aws-iso|aws-iso-b):sso:::instance/(sso)?
ins-[a-zA-Z0-9-.]{16}
Required: Yes PermissionSetArn (p. 20)
The ARN of the permission set that will be used to remove access.
Type: String
Length Constraints: Minimum length of 10. Maximum length of 1224.
Pattern: arn:(aws|aws-us-gov|aws-cn|aws-iso|aws-iso-b):sso:::permissionSet/
(sso)?ins-[a-zA-Z0-9-.]{16}/ps-[a-zA-Z0-9-./]{16}
Required: Yes
Response Elements
If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.
Errors
For information about the errors that are common to all actions, see Common Errors (p. 114).
AccessDeniedException
You do not have sufficient access to perform this action.
See Also
HTTP Status Code: 400 ConflictException
Occurs when a conflict with a previous successful write is detected. This generally occurs when the previous write did not have time to propagate to the host serving the current request. A retry (with appropriate backoff logic) is the recommended response to this exception.
HTTP Status Code: 400 InternalServerException
The request processing has failed because of an unknown error, exception, or failure with an internal server.
HTTP Status Code: 400 ResourceNotFoundException
Indicates that a requested resource is not found.
HTTP Status Code: 400 ThrottlingException
Indicates that the principal has crossed the throttling limits of the API operations.
HTTP Status Code: 400 ValidationException
The request failed because it contains a syntax error.
HTTP Status Code: 400
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface
• AWS SDK for .NET
• AWS SDK for C++
• AWS SDK for Go
• AWS SDK for Java V2
• AWS SDK for JavaScript
• AWS SDK for PHP V3
• AWS SDK for Python
• AWS SDK for Ruby V3
DeleteInstanceAccessControlAttributeConfiguration
DeleteInstanceAccessControlAttributeConfiguration
Disables the attributes-based access control (ABAC) feature for the specified AWS SSO instance and deletes all of the attribute mappings that have been configured. Once deleted, any attributes that are received from an identity source and any custom attributes you have previously configured will not be passed. For more information about ABAC, see Attribute-Based Access Control in the AWS SSO User Guide.
Request Syntax
{ "InstanceArn": "string"
}
Request Parameters
For information about the parameters that are common to all actions, see Common Parameters (p. 112).
The request accepts the following data in JSON format.
InstanceArn (p. 22)
The ARN of the SSO instance under which the operation will be executed.
Type: String
Length Constraints: Minimum length of 10. Maximum length of 1224.
Pattern: arn:(aws|aws-us-gov|aws-cn|aws-iso|aws-iso-b):sso:::instance/(sso)?
ins-[a-zA-Z0-9-.]{16}
Required: Yes
Response Elements
If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.
Errors
For information about the errors that are common to all actions, see Common Errors (p. 114).
AccessDeniedException
You do not have sufficient access to perform this action.
HTTP Status Code: 400 ConflictException
Occurs when a conflict with a previous successful write is detected. This generally occurs when the previous write did not have time to propagate to the host serving the current request. A retry (with appropriate backoff logic) is the recommended response to this exception.
HTTP Status Code: 400
See Also
InternalServerException
The request processing has failed because of an unknown error, exception, or failure with an internal server.
HTTP Status Code: 400 ResourceNotFoundException
Indicates that a requested resource is not found.
HTTP Status Code: 400 ThrottlingException
Indicates that the principal has crossed the throttling limits of the API operations.
HTTP Status Code: 400 ValidationException
The request failed because it contains a syntax error.
HTTP Status Code: 400
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface
• AWS SDK for .NET
• AWS SDK for C++
• AWS SDK for Go
• AWS SDK for Java V2
• AWS SDK for JavaScript
• AWS SDK for PHP V3
• AWS SDK for Python
• AWS SDK for Ruby V3
DeletePermissionSet
DeletePermissionSet
Deletes the specified permission set.
Request Syntax
{ "InstanceArn": "string", "PermissionSetArn": "string"
}
Request Parameters
For information about the parameters that are common to all actions, see Common Parameters (p. 112).
The request accepts the following data in JSON format.
InstanceArn (p. 24)
The ARN of the SSO instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.
Type: String
Length Constraints: Minimum length of 10. Maximum length of 1224.
Pattern: arn:(aws|aws-us-gov|aws-cn|aws-iso|aws-iso-b):sso:::instance/(sso)?
ins-[a-zA-Z0-9-.]{16}
Required: Yes PermissionSetArn (p. 24)
The ARN of the permission set that should be deleted.
Type: String
Length Constraints: Minimum length of 10. Maximum length of 1224.
Pattern: arn:(aws|aws-us-gov|aws-cn|aws-iso|aws-iso-b):sso:::permissionSet/
(sso)?ins-[a-zA-Z0-9-.]{16}/ps-[a-zA-Z0-9-./]{16}
Required: Yes
Response Elements
If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.
Errors
For information about the errors that are common to all actions, see Common Errors (p. 114).
AccessDeniedException
You do not have sufficient access to perform this action.
See Also
HTTP Status Code: 400 ConflictException
Occurs when a conflict with a previous successful write is detected. This generally occurs when the previous write did not have time to propagate to the host serving the current request. A retry (with appropriate backoff logic) is the recommended response to this exception.
HTTP Status Code: 400 InternalServerException
The request processing has failed because of an unknown error, exception, or failure with an internal server.
HTTP Status Code: 400 ResourceNotFoundException
Indicates that a requested resource is not found.
HTTP Status Code: 400 ThrottlingException
Indicates that the principal has crossed the throttling limits of the API operations.
HTTP Status Code: 400 ValidationException
The request failed because it contains a syntax error.
HTTP Status Code: 400
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface
• AWS SDK for .NET
• AWS SDK for C++
• AWS SDK for Go
• AWS SDK for Java V2
• AWS SDK for JavaScript
• AWS SDK for PHP V3
• AWS SDK for Python
• AWS SDK for Ruby V3
DescribeAccountAssignmentCreationStatus
DescribeAccountAssignmentCreationStatus
Describes the status of the assignment creation request.
Request Syntax
{ "AccountAssignmentCreationRequestId": "string", "InstanceArn": "string"
}
Request Parameters
For information about the parameters that are common to all actions, see Common Parameters (p. 112).
The request accepts the following data in JSON format.
AccountAssignmentCreationRequestId (p. 26)
The identifier that is used to track the request operation progress.
Type: String
Length Constraints: Fixed length of 36.
Pattern: \b[0-9a-f]{8}\b-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-\b[0-9a-f]{12}\b Required: Yes
InstanceArn (p. 26)
The ARN of the SSO instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.
Type: String
Length Constraints: Minimum length of 10. Maximum length of 1224.
Pattern: arn:(aws|aws-us-gov|aws-cn|aws-iso|aws-iso-b):sso:::instance/(sso)?
ins-[a-zA-Z0-9-.]{16}
Required: Yes
Response Syntax
{ "AccountAssignmentCreationStatus": { "CreatedDate": number,
"FailureReason": "string", "PermissionSetArn": "string", "PrincipalId": "string", "PrincipalType": "string", "RequestId": "string", "Status": "string",
Response Elements
"TargetId": "string", "TargetType": "string"
}}
Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
AccountAssignmentCreationStatus (p. 26)
The status object for the account assignment creation operation.
Type: AccountAssignmentOperationStatus (p. 99) object
Errors
For information about the errors that are common to all actions, see Common Errors (p. 114).
AccessDeniedException
You do not have sufficient access to perform this action.
HTTP Status Code: 400 InternalServerException
The request processing has failed because of an unknown error, exception, or failure with an internal server.
HTTP Status Code: 400 ResourceNotFoundException
Indicates that a requested resource is not found.
HTTP Status Code: 400 ThrottlingException
Indicates that the principal has crossed the throttling limits of the API operations.
HTTP Status Code: 400 ValidationException
The request failed because it contains a syntax error.
HTTP Status Code: 400
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface
• AWS SDK for .NET
• AWS SDK for C++
See Also
• AWS SDK for Go
• AWS SDK for Java V2
• AWS SDK for JavaScript
• AWS SDK for PHP V3
• AWS SDK for Python
• AWS SDK for Ruby V3
DescribeAccountAssignmentDeletionStatus
DescribeAccountAssignmentDeletionStatus
Describes the status of the assignment deletion request.
Request Syntax
{ "AccountAssignmentDeletionRequestId": "string", "InstanceArn": "string"
}
Request Parameters
For information about the parameters that are common to all actions, see Common Parameters (p. 112).
The request accepts the following data in JSON format.
AccountAssignmentDeletionRequestId (p. 29)
The identifier that is used to track the request operation progress.
Type: String
Length Constraints: Fixed length of 36.
Pattern: \b[0-9a-f]{8}\b-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-\b[0-9a-f]{12}\b Required: Yes
InstanceArn (p. 29)
The ARN of the SSO instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.
Type: String
Length Constraints: Minimum length of 10. Maximum length of 1224.
Pattern: arn:(aws|aws-us-gov|aws-cn|aws-iso|aws-iso-b):sso:::instance/(sso)?
ins-[a-zA-Z0-9-.]{16}
Required: Yes
Response Syntax
{ "AccountAssignmentDeletionStatus": { "CreatedDate": number,
"FailureReason": "string", "PermissionSetArn": "string", "PrincipalId": "string", "PrincipalType": "string", "RequestId": "string", "Status": "string",
Response Elements
"TargetId": "string", "TargetType": "string"
}}
Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
AccountAssignmentDeletionStatus (p. 29)
The status object for the account assignment deletion operation.
Type: AccountAssignmentOperationStatus (p. 99) object
Errors
For information about the errors that are common to all actions, see Common Errors (p. 114).
AccessDeniedException
You do not have sufficient access to perform this action.
HTTP Status Code: 400 InternalServerException
The request processing has failed because of an unknown error, exception, or failure with an internal server.
HTTP Status Code: 400 ResourceNotFoundException
Indicates that a requested resource is not found.
HTTP Status Code: 400 ThrottlingException
Indicates that the principal has crossed the throttling limits of the API operations.
HTTP Status Code: 400 ValidationException
The request failed because it contains a syntax error.
HTTP Status Code: 400
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface
• AWS SDK for .NET
• AWS SDK for C++
See Also
• AWS SDK for Go
• AWS SDK for Java V2
• AWS SDK for JavaScript
• AWS SDK for PHP V3
• AWS SDK for Python
• AWS SDK for Ruby V3
DescribeInstanceAccessControlAttributeConfiguration
DescribeInstanceAccessControlAttributeConfiguration
Returns the list of AWS SSO identity store attributes that have been configured to work with attributes-based access control (ABAC) for the specified AWS SSO instance. This will not return attributes
configured and sent by an external identity provider. For more information about ABAC, see Attribute-Based Access Control in the AWS SSO User Guide.
Request Syntax
{ "InstanceArn": "string"
}
Request Parameters
For information about the parameters that are common to all actions, see Common Parameters (p. 112).
The request accepts the following data in JSON format.
InstanceArn (p. 32)
The ARN of the SSO instance under which the operation will be executed.
Type: String
Length Constraints: Minimum length of 10. Maximum length of 1224.
Pattern: arn:(aws|aws-us-gov|aws-cn|aws-iso|aws-iso-b):sso:::instance/(sso)?
ins-[a-zA-Z0-9-.]{16}
Required: Yes
Response Syntax
{
"InstanceAccessControlAttributeConfiguration": { "AccessControlAttributes": [
{
"Status": "string", "StatusReason": "string"
}
Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
Errors
InstanceAccessControlAttributeConfiguration (p. 32)
Gets the list of AWS SSO identity store attributes that have been added to your ABAC configuration.
Type: InstanceAccessControlAttributeConfiguration (p. 103) object Status (p. 32)
The status of the attribute configuration process.
Type: String
Valid Values: ENABLED | CREATION_IN_PROGRESS | CREATION_FAILED StatusReason (p. 32)
Provides more details about the current status of the specified attribute.
Type: String
Errors
For information about the errors that are common to all actions, see Common Errors (p. 114).
AccessDeniedException
You do not have sufficient access to perform this action.
HTTP Status Code: 400 InternalServerException
The request processing has failed because of an unknown error, exception, or failure with an internal server.
HTTP Status Code: 400 ResourceNotFoundException
Indicates that a requested resource is not found.
HTTP Status Code: 400 ThrottlingException
Indicates that the principal has crossed the throttling limits of the API operations.
HTTP Status Code: 400 ValidationException
The request failed because it contains a syntax error.
HTTP Status Code: 400
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface
• AWS SDK for .NET
• AWS SDK for C++
See Also
• AWS SDK for Go
• AWS SDK for Java V2
• AWS SDK for JavaScript
• AWS SDK for PHP V3
• AWS SDK for Python
• AWS SDK for Ruby V3
DescribePermissionSet
DescribePermissionSet
Gets the details of the permission set.
Request Syntax
{
"InstanceArn": "string", "PermissionSetArn": "string"
}
Request Parameters
For information about the parameters that are common to all actions, see Common Parameters (p. 112).
The request accepts the following data in JSON format.
InstanceArn (p. 35)
The ARN of the SSO instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.
Type: String
Length Constraints: Minimum length of 10. Maximum length of 1224.
Pattern: arn:(aws|aws-us-gov|aws-cn|aws-iso|aws-iso-b):sso:::instance/(sso)?
ins-[a-zA-Z0-9-.]{16}
Required: Yes PermissionSetArn (p. 35)
The ARN of the permission set.
Type: String
Length Constraints: Minimum length of 10. Maximum length of 1224.
Pattern: arn:(aws|aws-us-gov|aws-cn|aws-iso|aws-iso-b):sso:::permissionSet/ "Description": "string", "Name": "string",
"PermissionSetArn": "string", "RelayState": "string", "SessionDuration": "string"
Response Elements
} }
Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
PermissionSet (p. 35)
Describes the level of access on an AWS account.
Type: PermissionSet (p. 106) object
Errors
For information about the errors that are common to all actions, see Common Errors (p. 114).
AccessDeniedException
You do not have sufficient access to perform this action.
HTTP Status Code: 400 InternalServerException
The request processing has failed because of an unknown error, exception, or failure with an internal server.
HTTP Status Code: 400 ResourceNotFoundException
Indicates that a requested resource is not found.
HTTP Status Code: 400 ThrottlingException
Indicates that the principal has crossed the throttling limits of the API operations.
HTTP Status Code: 400 ValidationException
The request failed because it contains a syntax error.
HTTP Status Code: 400
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface
• AWS SDK for .NET
• AWS SDK for C++
• AWS SDK for Go
See Also
• AWS SDK for Java V2
• AWS SDK for JavaScript
• AWS SDK for PHP V3
• AWS SDK for Python
• AWS SDK for Ruby V3
DescribePermissionSetProvisioningStatus
DescribePermissionSetProvisioningStatus
Describes the status for the given permission set provisioning request.
Request Syntax
{
"InstanceArn": "string",
"ProvisionPermissionSetRequestId": "string"
}
Request Parameters
For information about the parameters that are common to all actions, see Common Parameters (p. 112).
The request accepts the following data in JSON format.
InstanceArn (p. 38)
The ARN of the SSO instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.
Type: String
Length Constraints: Minimum length of 10. Maximum length of 1224.
Pattern: arn:(aws|aws-us-gov|aws-cn|aws-iso|aws-iso-b):sso:::instance/(sso)?
ins-[a-zA-Z0-9-.]{16}
Required: Yes
ProvisionPermissionSetRequestId (p. 38)
The identifier that is provided by the ProvisionPermissionSet (p. 77) call to retrieve the current status of the provisioning workflow.
Type: String
Length Constraints: Fixed length of 36.
Pattern: \b[0-9a-f]{8}\b-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-\b[0-9a-f]{12}\b Required: Yes
Response Syntax
{
"PermissionSetProvisioningStatus": { "AccountId": "string",
"CreatedDate": number, "FailureReason": "string", "PermissionSetArn": "string", "RequestId": "string", "Status": "string"
Response Elements
} }
Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
PermissionSetProvisioningStatus (p. 38)
The status object for the permission set provisioning operation.
Type: PermissionSetProvisioningStatus (p. 108) object
Errors
For information about the errors that are common to all actions, see Common Errors (p. 114).
AccessDeniedException
You do not have sufficient access to perform this action.
HTTP Status Code: 400 InternalServerException
The request processing has failed because of an unknown error, exception, or failure with an internal server.
HTTP Status Code: 400 ResourceNotFoundException
Indicates that a requested resource is not found.
HTTP Status Code: 400 ThrottlingException
Indicates that the principal has crossed the throttling limits of the API operations.
HTTP Status Code: 400 ValidationException
The request failed because it contains a syntax error.
HTTP Status Code: 400
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface
• AWS SDK for .NET
• AWS SDK for C++
• AWS SDK for Go
See Also
• AWS SDK for Java V2
• AWS SDK for JavaScript
• AWS SDK for PHP V3
• AWS SDK for Python
• AWS SDK for Ruby V3
DetachManagedPolicyFromPermissionSet
DetachManagedPolicyFromPermissionSet
Detaches the attached IAM managed policy ARN from the specified permission set.
Request Syntax
{
"InstanceArn": "string", "ManagedPolicyArn": "string", "PermissionSetArn": "string"
}
Request Parameters
For information about the parameters that are common to all actions, see Common Parameters (p. 112).
The request accepts the following data in JSON format.
InstanceArn (p. 41)
The ARN of the SSO instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.
Type: String
Length Constraints: Minimum length of 10. Maximum length of 1224.
Pattern: arn:(aws|aws-us-gov|aws-cn|aws-iso|aws-iso-b):sso:::instance/(sso)?
ins-[a-zA-Z0-9-.]{16}
Required: Yes
ManagedPolicyArn (p. 41)
The IAM managed policy ARN to be detached from a permission set.
Type: String
Length Constraints: Minimum length of 20. Maximum length of 2048.
Required: Yes PermissionSetArn (p. 41)
The ARN of the PermissionSet (p. 106) from which the policy should be detached.
Type: String
Length Constraints: Minimum length of 10. Maximum length of 1224.
Pattern: arn:(aws|aws-us-gov|aws-cn|aws-iso|aws-iso-b):sso:::permissionSet/
(sso)?ins-[a-zA-Z0-9-.]{16}/ps-[a-zA-Z0-9-./]{16}
Required: Yes
Response Elements
Response Elements
If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.
Errors
For information about the errors that are common to all actions, see Common Errors (p. 114).
AccessDeniedException
You do not have sufficient access to perform this action.
HTTP Status Code: 400 ConflictException
Occurs when a conflict with a previous successful write is detected. This generally occurs when the previous write did not have time to propagate to the host serving the current request. A retry (with
Occurs when a conflict with a previous successful write is detected. This generally occurs when the previous write did not have time to propagate to the host serving the current request. A retry (with