Package-level declarations
Types
These are IAM Identity Center identity store attributes that you can configure for use in attributes-based access control (ABAC). You can create permissions policies that determine who can access your Amazon Web Services resources based upon the configured attribute values. When you enable ABAC and specify AccessControlAttributes, IAM Identity Center passes the attribute values of the authenticated user into IAM for use in policy evaluation.
The value used for mapping a specified attribute to an identity source. For more information, see Attribute mappings in the IAM Identity Center User Guide.
You do not have sufficient access to perform this action.
The assignment that indicates a principal's limited access to a specified Amazon Web Services account with a specified permission set.
A structure that describes an assignment of an Amazon Web Services account to a principal and the permissions that principal has in the account.
The status of the creation or deletion operation of an assignment that a principal needs to access an account.
Provides information about the AccountAssignment creation request.
A structure that describes an application that uses IAM Identity Center for access management.
A structure that describes an assignment of a principal to an application.
A structure that describes an application to which a principal is assigned.
A structure that describes a provider that can be used to connect an Amazon Web Services managed application or customer managed application to IAM Identity Center.
A structure that stores a list of managed policy ARNs that describe the associated Amazon Web Services managed policy.
A structure that describes an authentication method that can be used by an application.
A structure that describes an authentication method and its type.
A structure that defines configuration settings for an application that supports the OAuth 2.0 Authorization Code Grant.
A structure that describes a trusted token issuer and associates it with a set of authorized audiences.
Occurs when a conflict with a previous successful write is detected. This generally occurs when the previous write did not have time to propagate to the host serving the current request. A retry (with appropriate backoff logic) is the recommended response to this exception.
Specifies the name and path of a customer managed policy. You must have an IAM policy that matches the name and path in each Amazon Web Services account where you want to deploy your permission set.
A structure that describes how the portal represents an application provider.
A structure that describes details for authentication that uses IAM.
Specifies the attributes to add to your attribute-based access control (ABAC) configuration.
Provides information about the IAM Identity Center instance.
The request processing has failed because of an unknown error, exception, or failure with an internal server.
A structure that defines configuration settings for an application that supports the JWT Bearer Token Authorization Grant. The AuthorizedAudience field is the aud claim. For more information, see RFC 7523.
A structure that describes a filter for account assignments.
A structure that describes a filter for application assignments.
A structure that describes a filter for applications.
A structure that describes configuration settings for a trusted token issuer that supports OpenID Connect (OIDC) and JSON Web Tokens (JWTs).
A structure that describes updated configuration settings for a trusted token issuer that supports OpenID Connect (OIDC) and JSON Web Tokens (JWTs).
Filters the operation status list based on the passed attribute value.
Specifies the configuration of the Amazon Web Services managed or customer managed policy that you want to set as a permissions boundary. Specify either CustomerManagedPolicyReference to use the name and path of a customer managed policy, or ManagedPolicyArn to use the ARN of an Amazon Web Services managed policy. A permissions boundary represents the maximum permissions that any policy can grant your role. For more information, see Permissions boundaries for IAM entities in the IAM User Guide.
An entity that contains IAM policies.
A structure that is used to provide the status of the provisioning operation for a specified permission set.
Provides information about the permission set provisioning status.
A structure that describes the options for the access portal associated with an application.
A structure that defines configuration settings for an application that supports the OAuth 2.0 Refresh Token Grant. For more, see RFC 6749.
Indicates that a requested resource is not found.
A structure that describes the configuration of a resource server.
A structure that describes details for an IAM Identity Center access scope that is associated with a resource server.
A structure that describes an IAM Identity Center access scope and its authorized targets.
Indicates that the principal has crossed the permitted number of resources that can be created.
A structure that describes the sign-in options for an application portal.
Base class for all service related exceptions thrown by the SsoAdmin client
Indicates that the principal has crossed the throttling limits of the API operations.
A structure that defines configuration settings for an application that supports the OAuth 2.0 Token Exchange Grant. For more information, see RFC 8693.
A structure that describes the configuration of a trusted token issuer. The structure and available settings are determined by the type of the trusted token issuer.
A structure that describes a trusted token issuer.
A structure that contains details to be updated for a trusted token issuer configuration. The structure and settings that you can include depend on the type of the trusted token issuer being updated.
A structure that describes the options for the access portal associated with an application that can be updated.
The request failed because it contains a syntax error.