AWS Single Sign-On Admin

2022/07/18 - AWS Single Sign-On Admin - 6 new api methods

Changes  AWS SSO now supports attaching customer managed policies and a permissions boundary to your permission sets. This release adds new API operations to manage and view the customer managed policies and the permissions boundary for a given permission set.

AttachCustomerManagedPolicyReferenceToPermissionSet (new) Link ¶

Attaches the specified IAM customer managed policy to the specified PermissionSet .

See also: AWS API Documentation

Request Syntax

client.attach_customer_managed_policy_reference_to_permission_set(
    InstanceArn='string',
    PermissionSetArn='string',
    CustomerManagedPolicyReference={
        'Name': 'string',
        'Path': 'string'
    }
)
type InstanceArn

string

param InstanceArn

[REQUIRED]

The ARN of the SSO instance under which the operation will be executed.

type PermissionSetArn

string

param PermissionSetArn

[REQUIRED]

The ARN of the PermissionSet .

type CustomerManagedPolicyReference

dict

param CustomerManagedPolicyReference

[REQUIRED]

Specifies the name and path of the IAM customer managed policy. You must have an IAM policy that matches the name and path in each Amazon Web Services account where you want to deploy your permission set.

  • Name (string) -- [REQUIRED]

    The name of the policy document.

  • Path (string) --

    The path for the policy. The default is / . For more information, see Friendly names and paths in the Identity and Access Management user guide.

rtype

dict

returns

Response Syntax

{}

Response Structure

  • (dict) --

PutPermissionsBoundaryToPermissionSet (new) Link ¶

Attaches an Amazon Web Services managed or customer managed IAM policy to the specified PermissionSet as a permissions boundary.

See also: AWS API Documentation

Request Syntax

client.put_permissions_boundary_to_permission_set(
    InstanceArn='string',
    PermissionSetArn='string',
    PermissionsBoundary={
        'CustomerManagedPolicyReference': {
            'Name': 'string',
            'Path': 'string'
        },
        'ManagedPolicyArn': 'string'
    }
)
type InstanceArn

string

param InstanceArn

[REQUIRED]

The ARN of the SSO instance under which the operation will be executed.

type PermissionSetArn

string

param PermissionSetArn

[REQUIRED]

The ARN of the PermissionSet .

type PermissionsBoundary

dict

param PermissionsBoundary

[REQUIRED]

The permissions boundary that you want to attach to a PermissionSet .

  • CustomerManagedPolicyReference (dict) --

    Specifies the name and path of the IAM customer managed policy. You must have an IAM policy that matches the name and path in each Amazon Web Services account where you want to deploy your permission set.

    • Name (string) -- [REQUIRED]

      The name of the policy document.

    • Path (string) --

      The path for the policy. The default is / . For more information, see Friendly names and paths in the Identity and Access Management user guide.

  • ManagedPolicyArn (string) --

    The Amazon Web Services managed policy ARN that you want to attach to a permission set as a permissions boundary.

rtype

dict

returns

Response Syntax

{}

Response Structure

  • (dict) --

DeletePermissionsBoundaryFromPermissionSet (new) Link ¶

Deletes the permissions boundary from a specified PermissionSet .

See also: AWS API Documentation

Request Syntax

client.delete_permissions_boundary_from_permission_set(
    InstanceArn='string',
    PermissionSetArn='string'
)
type InstanceArn

string

param InstanceArn

[REQUIRED]

The ARN of the SSO instance under which the operation will be executed.

type PermissionSetArn

string

param PermissionSetArn

[REQUIRED]

The ARN of the PermissionSet .

rtype

dict

returns

Response Syntax

{}

Response Structure

  • (dict) --

GetPermissionsBoundaryForPermissionSet (new) Link ¶

Obtains the permissions boundary for a specified PermissionSet .

See also: AWS API Documentation

Request Syntax

client.get_permissions_boundary_for_permission_set(
    InstanceArn='string',
    PermissionSetArn='string'
)
type InstanceArn

string

param InstanceArn

[REQUIRED]

The ARN of the SSO instance under which the operation will be executed.

type PermissionSetArn

string

param PermissionSetArn

[REQUIRED]

The ARN of the PermissionSet .

rtype

dict

returns

Response Syntax

{
    'PermissionsBoundary': {
        'CustomerManagedPolicyReference': {
            'Name': 'string',
            'Path': 'string'
        },
        'ManagedPolicyArn': 'string'
    }
}

Response Structure

  • (dict) --

    • PermissionsBoundary (dict) --

      The permissions boundary attached to the specified permission set.

      • CustomerManagedPolicyReference (dict) --

        Specifies the name and path of the IAM customer managed policy. You must have an IAM policy that matches the name and path in each Amazon Web Services account where you want to deploy your permission set.

        • Name (string) --

          The name of the policy document.

        • Path (string) --

          The path for the policy. The default is / . For more information, see Friendly names and paths in the Identity and Access Management user guide.

      • ManagedPolicyArn (string) --

        The Amazon Web Services managed policy ARN that you want to attach to a permission set as a permissions boundary.

ListCustomerManagedPolicyReferencesInPermissionSet (new) Link ¶

Lists all IAM customer managed policies attached to a specified PermissionSet .

See also: AWS API Documentation

Request Syntax

client.list_customer_managed_policy_references_in_permission_set(
    InstanceArn='string',
    PermissionSetArn='string',
    MaxResults=123,
    NextToken='string'
)
type InstanceArn

string

param InstanceArn

[REQUIRED]

The ARN of the SSO instance under which the operation will be executed.

type PermissionSetArn

string

param PermissionSetArn

[REQUIRED]

The ARN of the PermissionSet .

type MaxResults

integer

param MaxResults

The maximum number of results to display for the list call.

type NextToken

string

param NextToken

The pagination token for the list API. Initially the value is null. Use the output of previous API calls to make subsequent calls.

rtype

dict

returns

Response Syntax

{
    'CustomerManagedPolicyReferences': [
        {
            'Name': 'string',
            'Path': 'string'
        },
    ],
    'NextToken': 'string'
}

Response Structure

  • (dict) --

    • CustomerManagedPolicyReferences (list) --

      Specifies the names and paths of the IAM customer managed policies that you have attached to your permission set.

      • (dict) --

        Specifies the name and path of the IAM customer managed policy. You must have an IAM policy that matches the name and path in each Amazon Web Services account where you want to deploy your permission set.

        • Name (string) --

          The name of the policy document.

        • Path (string) --

          The path for the policy. The default is / . For more information, see Friendly names and paths in the Identity and Access Management user guide.

    • NextToken (string) --

      The pagination token for the list API. Initially the value is null. Use the output of previous API calls to make subsequent calls.

DetachCustomerManagedPolicyReferenceFromPermissionSet (new) Link ¶

Detaches the specified IAM customer managed policy from the specified PermissionSet .

See also: AWS API Documentation

Request Syntax

client.detach_customer_managed_policy_reference_from_permission_set(
    InstanceArn='string',
    PermissionSetArn='string',
    CustomerManagedPolicyReference={
        'Name': 'string',
        'Path': 'string'
    }
)
type InstanceArn

string

param InstanceArn

[REQUIRED]

The ARN of the SSO instance under which the operation will be executed.

type PermissionSetArn

string

param PermissionSetArn

[REQUIRED]

The ARN of the PermissionSet .

type CustomerManagedPolicyReference

dict

param CustomerManagedPolicyReference

[REQUIRED]

Specifies the name and path of the IAM customer managed policy. You must have an IAM policy that matches the name and path in each Amazon Web Services account where you want to deploy your permission set.

  • Name (string) -- [REQUIRED]

    The name of the policy document.

  • Path (string) --

    The path for the policy. The default is / . For more information, see Friendly names and paths in the Identity and Access Management user guide.

rtype

dict

returns

Response Syntax

{}

Response Structure

  • (dict) --