2026/06/10 - AWS Sign-In Service - 7 new api methods
Changes AWS Sign-In now allows customers to control access to the AWS Management Console using resource-based policies. With this release customers can restrict console access based on network perimeters such as VPC IDs, VPC endpoints, and IP addresses.
Create a permission statement in the account's SignIn resource-based policy
See also: AWS API Documentation
Request Syntax
client.put_resource_permission_statement(
sourceVpc='string',
signinSourceVpce='string',
consoleSourceVpce='string',
vpcSourceIp='string',
sourceIp='string',
requestedRegion='string',
excludedPrincipal='string',
clientToken='string'
)
string
VPC identifier to restrict console access
string
SignIn VPC endpoint identifier
string
Console VPC endpoint identifier
string
Source IP address within VPC
string
Source IP address
string
AWS region where the VPC and VPC endpoint reside Required when sourceVpc or signinSourceVpce/consoleSourceVpce is provided
string
Principal to exclude from the permission statement
string
Idempotency token for the request
This field is autopopulated if not provided.
dict
Response Syntax
{
'statementId': 'string'
}
Response Structure
(dict) --
Output for PutResourcePermissionStatement operation
statementId (string) --
Unique identifier for the created permission statement
Retrieve the account's consolidated SignIn resource-based policy
See also: AWS API Documentation
Request Syntax
client.get_resource_policy()
dict
Response Syntax
{
'signinResourceBasedPolicy': {
'version': 'string',
'statement': [
{
'effect': 'string',
'principal': {
'string': 'string'
},
'action': [
'string',
],
'resource': 'string',
'condition': {
'string': {
'string': [
'string',
]
}
}
},
]
}
}
Response Structure
(dict) --
Output for GetResourcePolicy operation
signinResourceBasedPolicy (dict) --
The account's SignIn resource-based policy
version (string) --
Policy version
statement (list) --
Policy statements
(dict) --
Individual policy statement within a resource-based policy
effect (string) --
Effect of the policy statement (Allow/Deny)
principal (dict) --
Principal the statement applies to
(string) --
(string) --
action (list) --
Actions the statement controls
(string) --
resource (string) --
Resource the statement applies to
condition (dict) --
Condition block for the statement
(string) --
Condition type identifier
(dict) --
Condition mapping of keys to values
(string) --
(list) --
List of condition values
(string) --
Retrieve all permission statements in the account's SignIn resource-based policy
See also: AWS API Documentation
Request Syntax
client.list_resource_permission_statements(
maxResults=123,
nextToken='string'
)
integer
Maximum number of results to return
string
Token for pagination
dict
Response Syntax
{
'permissionStatements': [
{
'sid': 'string',
'condition': {
'string': {
'string': [
'string',
]
}
}
},
],
'nextToken': 'string'
}
Response Structure
(dict) --
Output for ListResourcePermissionStatements operation
permissionStatements (list) --
List of permission statement summaries
(dict) --
Summary of a permission statement
sid (string) --
Unique identifier for the permission statement
condition (dict) --
Condition block for the permission statement
(string) --
Condition type identifier
(dict) --
Condition mapping of keys to values
(string) --
(list) --
List of condition values
(string) --
nextToken (string) --
Token for next page of results
Enable console authorization configuration with automatic scope detection
See also: AWS API Documentation
Request Syntax
client.put_console_authorization_configuration(
targetId='string'
)
string
Target account identifier
dict
Response Syntax
{
'targetId': 'string',
'scope': 'string',
'consoleAuthorizationEnabled': True|False
}
Response Structure
(dict) --
Output for PutConsoleAuthorizationConfiguration operation
targetId (string) --
Target account identifier
scope (string) --
Authorization scope
consoleAuthorizationEnabled (boolean) --
Whether console authorization is enabled
Get console authorization configuration with automatic scope detection
See also: AWS API Documentation
Request Syntax
client.get_console_authorization_configuration(
targetId='string'
)
string
Target account identifier
dict
Response Syntax
{
'targetId': 'string',
'scope': 'string',
'consoleAuthorizationEnabled': True|False
}
Response Structure
(dict) --
Output for GetConsoleAuthorizationConfiguration operation
targetId (string) --
Target account identifier
scope (string) --
Authorization scope
consoleAuthorizationEnabled (boolean) --
Whether console authorization is enabled
Delete console authorization configuration with automatic scope detection
See also: AWS API Documentation
Request Syntax
client.delete_console_authorization_configuration(
targetId='string'
)
string
Target account identifier
dict
Response Syntax
{
'targetId': 'string',
'scope': 'string',
'consoleAuthorizationEnabled': True|False
}
Response Structure
(dict) --
Output for DeleteConsoleAuthorizationConfiguration operation
targetId (string) --
Target account identifier
scope (string) --
Authorization scope
consoleAuthorizationEnabled (boolean) --
Whether console authorization is enabled
Remove a permission statement from the account's SignIn resource-based policy
See also: AWS API Documentation
Request Syntax
client.delete_resource_permission_statement(
statementId='string',
clientToken='string'
)
string
[REQUIRED]
Unique identifier of the permission statement to delete
string
Idempotency token for the request
This field is autopopulated if not provided.
dict
Response Syntax
{}
Response Structure
(dict) --
Output for DeleteResourcePermissionStatement operation