* Note: Do not directly implement this interface, new methods are added to it regularly. Extend from * {@link com.amazonaws.services.ssoadmin.AbstractAWSSSOAdmin} instead. *
**
* AWS IAM Identity Center (successor to AWS Single Sign-On) helps you securely create, or connect, your workforce * identities and manage their access centrally across AWS accounts and applications. IAM Identity Center is the * recommended approach for workforce authentication and authorization in AWS, for organizations of any size and type. *
*
* Although AWS Single Sign-On was renamed, the sso and identitystore API namespaces will
* continue to retain their original name for backward compatibility purposes. For more information, see IAM Identity Center rename.
*
* This reference guide provides information on single sign-on operations which could be used for access management of * AWS accounts. For information about IAM Identity Center features, see the IAM Identity Center User Guide. *
** Many operations in the IAM Identity Center APIs rely on identifiers for users and groups, known as principals. For * more information about how to work with principals and principal IDs in IAM Identity Center, see the Identity Store API * Reference. *
** AWS provides SDKs that consist of libraries and sample code for various programming languages and platforms (Java, * Ruby, .Net, iOS, Android, and more). The SDKs provide a convenient way to create programmatic access to IAM Identity * Center and other AWS services. For more information about the AWS SDKs, including how to download and install them, * see Tools for Amazon Web Services. *
** Attaches the specified customer managed policy to the specified PermissionSet. *
* * @param attachCustomerManagedPolicyReferenceToPermissionSetRequest * @return Result of the AttachCustomerManagedPolicyReferenceToPermissionSet operation returned by the service. * @throws ResourceNotFoundException * Indicates that a requested resource is not found. * @throws InternalServerException * The request processing has failed because of an unknown error, exception, or failure with an internal * server. * @throws ServiceQuotaExceededException * Indicates that the principal has crossed the permitted number of resources that can be created. * @throws ThrottlingException * Indicates that the principal has crossed the throttling limits of the API operations. * @throws ValidationException * The request failed because it contains a syntax error. * @throws AccessDeniedException * You do not have sufficient access to perform this action. * @throws ConflictException * Occurs when a conflict with a previous successful write is detected. This generally occurs when the * previous write did not have time to propagate to the host serving the current request. A retry (with * appropriate backoff logic) is the recommended response to this exception. * @sample AWSSSOAdmin.AttachCustomerManagedPolicyReferenceToPermissionSet * @see AWS API Documentation */ AttachCustomerManagedPolicyReferenceToPermissionSetResult attachCustomerManagedPolicyReferenceToPermissionSet( AttachCustomerManagedPolicyReferenceToPermissionSetRequest attachCustomerManagedPolicyReferenceToPermissionSetRequest); /** ** Attaches an AWS managed policy ARN to a permission set. *
*
* If the permission set is already referenced by one or more account assignments, you will need to call
* ProvisionPermissionSet after this operation. Calling ProvisionPermissionSet
* applies the corresponding IAM policy updates to all assigned accounts.
*
* Assigns access to a principal for a specified AWS account using a specified permission set. *
** The term principal here refers to a user or group that is defined in IAM Identity Center. *
*
* As part of a successful CreateAccountAssignment call, the specified permission set will
* automatically be provisioned to the account in the form of an IAM policy. That policy is attached to the IAM role
* created in IAM Identity Center. If the permission set is subsequently updated, the corresponding IAM policies
* attached to roles in your accounts will not be updated automatically. In this case, you must call
* ProvisionPermissionSet to make these updates.
*
* After a successful response, call DescribeAccountAssignmentCreationStatus to describe the status of
* an assignment creation request.
*
* Enables the attributes-based access control (ABAC) feature for the specified IAM Identity Center instance. You * can also specify new attributes to add to your ABAC configuration during the enabling process. For more * information about ABAC, see Attribute-Based Access Control * in the IAM Identity Center User Guide. *
*
* After a successful response, call DescribeInstanceAccessControlAttributeConfiguration to validate
* that InstanceAccessControlAttributeConfiguration was created.
*
* Creates a permission set within a specified IAM Identity Center instance. *
*
* To grant users and groups access to AWS account resources, use CreateAccountAssignment .
*
* Deletes a principal's access from a specified AWS account using a specified permission set. *
*
* After a successful response, call DescribeAccountAssignmentCreationStatus to describe the status of
* an assignment deletion request.
*
* Deletes the inline policy from a specified permission set. *
* * @param deleteInlinePolicyFromPermissionSetRequest * @return Result of the DeleteInlinePolicyFromPermissionSet operation returned by the service. * @throws ResourceNotFoundException * Indicates that a requested resource is not found. * @throws InternalServerException * The request processing has failed because of an unknown error, exception, or failure with an internal * server. * @throws ThrottlingException * Indicates that the principal has crossed the throttling limits of the API operations. * @throws ValidationException * The request failed because it contains a syntax error. * @throws AccessDeniedException * You do not have sufficient access to perform this action. * @throws ConflictException * Occurs when a conflict with a previous successful write is detected. This generally occurs when the * previous write did not have time to propagate to the host serving the current request. A retry (with * appropriate backoff logic) is the recommended response to this exception. * @sample AWSSSOAdmin.DeleteInlinePolicyFromPermissionSet * @see AWS API Documentation */ DeleteInlinePolicyFromPermissionSetResult deleteInlinePolicyFromPermissionSet( DeleteInlinePolicyFromPermissionSetRequest deleteInlinePolicyFromPermissionSetRequest); /** ** Disables the attributes-based access control (ABAC) feature for the specified IAM Identity Center instance and * deletes all of the attribute mappings that have been configured. Once deleted, any attributes that are received * from an identity source and any custom attributes you have previously configured will not be passed. For more * information about ABAC, see Attribute-Based Access Control * in the IAM Identity Center User Guide. *
* * @param deleteInstanceAccessControlAttributeConfigurationRequest * @return Result of the DeleteInstanceAccessControlAttributeConfiguration operation returned by the service. * @throws InternalServerException * The request processing has failed because of an unknown error, exception, or failure with an internal * server. * @throws AccessDeniedException * You do not have sufficient access to perform this action. * @throws ThrottlingException * Indicates that the principal has crossed the throttling limits of the API operations. * @throws ValidationException * The request failed because it contains a syntax error. * @throws ResourceNotFoundException * Indicates that a requested resource is not found. * @throws ConflictException * Occurs when a conflict with a previous successful write is detected. This generally occurs when the * previous write did not have time to propagate to the host serving the current request. A retry (with * appropriate backoff logic) is the recommended response to this exception. * @sample AWSSSOAdmin.DeleteInstanceAccessControlAttributeConfiguration * @see AWS API Documentation */ DeleteInstanceAccessControlAttributeConfigurationResult deleteInstanceAccessControlAttributeConfiguration( DeleteInstanceAccessControlAttributeConfigurationRequest deleteInstanceAccessControlAttributeConfigurationRequest); /** ** Deletes the specified permission set. *
* * @param deletePermissionSetRequest * @return Result of the DeletePermissionSet operation returned by the service. * @throws ResourceNotFoundException * Indicates that a requested resource is not found. * @throws InternalServerException * The request processing has failed because of an unknown error, exception, or failure with an internal * server. * @throws ThrottlingException * Indicates that the principal has crossed the throttling limits of the API operations. * @throws ValidationException * The request failed because it contains a syntax error. * @throws AccessDeniedException * You do not have sufficient access to perform this action. * @throws ConflictException * Occurs when a conflict with a previous successful write is detected. This generally occurs when the * previous write did not have time to propagate to the host serving the current request. A retry (with * appropriate backoff logic) is the recommended response to this exception. * @sample AWSSSOAdmin.DeletePermissionSet * @see AWS * API Documentation */ DeletePermissionSetResult deletePermissionSet(DeletePermissionSetRequest deletePermissionSetRequest); /** ** Deletes the permissions boundary from a specified PermissionSet. *
* * @param deletePermissionsBoundaryFromPermissionSetRequest * @return Result of the DeletePermissionsBoundaryFromPermissionSet operation returned by the service. * @throws ResourceNotFoundException * Indicates that a requested resource is not found. * @throws InternalServerException * The request processing has failed because of an unknown error, exception, or failure with an internal * server. * @throws ThrottlingException * Indicates that the principal has crossed the throttling limits of the API operations. * @throws ValidationException * The request failed because it contains a syntax error. * @throws AccessDeniedException * You do not have sufficient access to perform this action. * @sample AWSSSOAdmin.DeletePermissionsBoundaryFromPermissionSet * @see AWS API Documentation */ DeletePermissionsBoundaryFromPermissionSetResult deletePermissionsBoundaryFromPermissionSet( DeletePermissionsBoundaryFromPermissionSetRequest deletePermissionsBoundaryFromPermissionSetRequest); /** ** Describes the status of the assignment creation request. *
* * @param describeAccountAssignmentCreationStatusRequest * @return Result of the DescribeAccountAssignmentCreationStatus operation returned by the service. * @throws ResourceNotFoundException * Indicates that a requested resource is not found. * @throws InternalServerException * The request processing has failed because of an unknown error, exception, or failure with an internal * server. * @throws ThrottlingException * Indicates that the principal has crossed the throttling limits of the API operations. * @throws ValidationException * The request failed because it contains a syntax error. * @throws AccessDeniedException * You do not have sufficient access to perform this action. * @sample AWSSSOAdmin.DescribeAccountAssignmentCreationStatus * @see AWS API Documentation */ DescribeAccountAssignmentCreationStatusResult describeAccountAssignmentCreationStatus( DescribeAccountAssignmentCreationStatusRequest describeAccountAssignmentCreationStatusRequest); /** ** Describes the status of the assignment deletion request. *
* * @param describeAccountAssignmentDeletionStatusRequest * @return Result of the DescribeAccountAssignmentDeletionStatus operation returned by the service. * @throws ResourceNotFoundException * Indicates that a requested resource is not found. * @throws InternalServerException * The request processing has failed because of an unknown error, exception, or failure with an internal * server. * @throws ThrottlingException * Indicates that the principal has crossed the throttling limits of the API operations. * @throws ValidationException * The request failed because it contains a syntax error. * @throws AccessDeniedException * You do not have sufficient access to perform this action. * @sample AWSSSOAdmin.DescribeAccountAssignmentDeletionStatus * @see AWS API Documentation */ DescribeAccountAssignmentDeletionStatusResult describeAccountAssignmentDeletionStatus( DescribeAccountAssignmentDeletionStatusRequest describeAccountAssignmentDeletionStatusRequest); /** ** Returns the list of IAM Identity Center identity store attributes that have been configured to work with * attributes-based access control (ABAC) for the specified IAM Identity Center instance. This will not return * attributes configured and sent by an external identity provider. For more information about ABAC, see Attribute-Based Access Control in the IAM Identity Center * User Guide. *
* * @param describeInstanceAccessControlAttributeConfigurationRequest * @return Result of the DescribeInstanceAccessControlAttributeConfiguration operation returned by the service. * @throws ResourceNotFoundException * Indicates that a requested resource is not found. * @throws InternalServerException * The request processing has failed because of an unknown error, exception, or failure with an internal * server. * @throws AccessDeniedException * You do not have sufficient access to perform this action. * @throws ThrottlingException * Indicates that the principal has crossed the throttling limits of the API operations. * @throws ValidationException * The request failed because it contains a syntax error. * @sample AWSSSOAdmin.DescribeInstanceAccessControlAttributeConfiguration * @see AWS API Documentation */ DescribeInstanceAccessControlAttributeConfigurationResult describeInstanceAccessControlAttributeConfiguration( DescribeInstanceAccessControlAttributeConfigurationRequest describeInstanceAccessControlAttributeConfigurationRequest); /** ** Gets the details of the permission set. *
* * @param describePermissionSetRequest * @return Result of the DescribePermissionSet operation returned by the service. * @throws ResourceNotFoundException * Indicates that a requested resource is not found. * @throws InternalServerException * The request processing has failed because of an unknown error, exception, or failure with an internal * server. * @throws ThrottlingException * Indicates that the principal has crossed the throttling limits of the API operations. * @throws ValidationException * The request failed because it contains a syntax error. * @throws AccessDeniedException * You do not have sufficient access to perform this action. * @sample AWSSSOAdmin.DescribePermissionSet * @see AWS API Documentation */ DescribePermissionSetResult describePermissionSet(DescribePermissionSetRequest describePermissionSetRequest); /** ** Describes the status for the given permission set provisioning request. *
* * @param describePermissionSetProvisioningStatusRequest * @return Result of the DescribePermissionSetProvisioningStatus operation returned by the service. * @throws ResourceNotFoundException * Indicates that a requested resource is not found. * @throws InternalServerException * The request processing has failed because of an unknown error, exception, or failure with an internal * server. * @throws ThrottlingException * Indicates that the principal has crossed the throttling limits of the API operations. * @throws ValidationException * The request failed because it contains a syntax error. * @throws AccessDeniedException * You do not have sufficient access to perform this action. * @sample AWSSSOAdmin.DescribePermissionSetProvisioningStatus * @see AWS API Documentation */ DescribePermissionSetProvisioningStatusResult describePermissionSetProvisioningStatus( DescribePermissionSetProvisioningStatusRequest describePermissionSetProvisioningStatusRequest); /** ** Detaches the specified customer managed policy from the specified PermissionSet. *
* * @param detachCustomerManagedPolicyReferenceFromPermissionSetRequest * @return Result of the DetachCustomerManagedPolicyReferenceFromPermissionSet operation returned by the service. * @throws ResourceNotFoundException * Indicates that a requested resource is not found. * @throws InternalServerException * The request processing has failed because of an unknown error, exception, or failure with an internal * server. * @throws ThrottlingException * Indicates that the principal has crossed the throttling limits of the API operations. * @throws ValidationException * The request failed because it contains a syntax error. * @throws AccessDeniedException * You do not have sufficient access to perform this action. * @throws ConflictException * Occurs when a conflict with a previous successful write is detected. This generally occurs when the * previous write did not have time to propagate to the host serving the current request. A retry (with * appropriate backoff logic) is the recommended response to this exception. * @sample AWSSSOAdmin.DetachCustomerManagedPolicyReferenceFromPermissionSet * @see AWS API Documentation */ DetachCustomerManagedPolicyReferenceFromPermissionSetResult detachCustomerManagedPolicyReferenceFromPermissionSet( DetachCustomerManagedPolicyReferenceFromPermissionSetRequest detachCustomerManagedPolicyReferenceFromPermissionSetRequest); /** ** Detaches the attached AWS managed policy ARN from the specified permission set. *
* * @param detachManagedPolicyFromPermissionSetRequest * @return Result of the DetachManagedPolicyFromPermissionSet operation returned by the service. * @throws ResourceNotFoundException * Indicates that a requested resource is not found. * @throws InternalServerException * The request processing has failed because of an unknown error, exception, or failure with an internal * server. * @throws ThrottlingException * Indicates that the principal has crossed the throttling limits of the API operations. * @throws ValidationException * The request failed because it contains a syntax error. * @throws AccessDeniedException * You do not have sufficient access to perform this action. * @throws ConflictException * Occurs when a conflict with a previous successful write is detected. This generally occurs when the * previous write did not have time to propagate to the host serving the current request. A retry (with * appropriate backoff logic) is the recommended response to this exception. * @sample AWSSSOAdmin.DetachManagedPolicyFromPermissionSet * @see AWS API Documentation */ DetachManagedPolicyFromPermissionSetResult detachManagedPolicyFromPermissionSet( DetachManagedPolicyFromPermissionSetRequest detachManagedPolicyFromPermissionSetRequest); /** ** Obtains the inline policy assigned to the permission set. *
* * @param getInlinePolicyForPermissionSetRequest * @return Result of the GetInlinePolicyForPermissionSet operation returned by the service. * @throws ResourceNotFoundException * Indicates that a requested resource is not found. * @throws InternalServerException * The request processing has failed because of an unknown error, exception, or failure with an internal * server. * @throws ThrottlingException * Indicates that the principal has crossed the throttling limits of the API operations. * @throws ValidationException * The request failed because it contains a syntax error. * @throws AccessDeniedException * You do not have sufficient access to perform this action. * @sample AWSSSOAdmin.GetInlinePolicyForPermissionSet * @see AWS API Documentation */ GetInlinePolicyForPermissionSetResult getInlinePolicyForPermissionSet(GetInlinePolicyForPermissionSetRequest getInlinePolicyForPermissionSetRequest); /** ** Obtains the permissions boundary for a specified PermissionSet. *
* * @param getPermissionsBoundaryForPermissionSetRequest * @return Result of the GetPermissionsBoundaryForPermissionSet operation returned by the service. * @throws ResourceNotFoundException * Indicates that a requested resource is not found. * @throws InternalServerException * The request processing has failed because of an unknown error, exception, or failure with an internal * server. * @throws ThrottlingException * Indicates that the principal has crossed the throttling limits of the API operations. * @throws ValidationException * The request failed because it contains a syntax error. * @throws AccessDeniedException * You do not have sufficient access to perform this action. * @sample AWSSSOAdmin.GetPermissionsBoundaryForPermissionSet * @see AWS API Documentation */ GetPermissionsBoundaryForPermissionSetResult getPermissionsBoundaryForPermissionSet( GetPermissionsBoundaryForPermissionSetRequest getPermissionsBoundaryForPermissionSetRequest); /** ** Lists the status of the AWS account assignment creation requests for a specified IAM Identity Center instance. *
* * @param listAccountAssignmentCreationStatusRequest * @return Result of the ListAccountAssignmentCreationStatus operation returned by the service. * @throws ResourceNotFoundException * Indicates that a requested resource is not found. * @throws InternalServerException * The request processing has failed because of an unknown error, exception, or failure with an internal * server. * @throws ThrottlingException * Indicates that the principal has crossed the throttling limits of the API operations. * @throws ValidationException * The request failed because it contains a syntax error. * @throws AccessDeniedException * You do not have sufficient access to perform this action. * @sample AWSSSOAdmin.ListAccountAssignmentCreationStatus * @see AWS API Documentation */ ListAccountAssignmentCreationStatusResult listAccountAssignmentCreationStatus( ListAccountAssignmentCreationStatusRequest listAccountAssignmentCreationStatusRequest); /** ** Lists the status of the AWS account assignment deletion requests for a specified IAM Identity Center instance. *
* * @param listAccountAssignmentDeletionStatusRequest * @return Result of the ListAccountAssignmentDeletionStatus operation returned by the service. * @throws ResourceNotFoundException * Indicates that a requested resource is not found. * @throws InternalServerException * The request processing has failed because of an unknown error, exception, or failure with an internal * server. * @throws ThrottlingException * Indicates that the principal has crossed the throttling limits of the API operations. * @throws ValidationException * The request failed because it contains a syntax error. * @throws AccessDeniedException * You do not have sufficient access to perform this action. * @sample AWSSSOAdmin.ListAccountAssignmentDeletionStatus * @see AWS API Documentation */ ListAccountAssignmentDeletionStatusResult listAccountAssignmentDeletionStatus( ListAccountAssignmentDeletionStatusRequest listAccountAssignmentDeletionStatusRequest); /** ** Lists the assignee of the specified AWS account with the specified permission set. *
* * @param listAccountAssignmentsRequest * @return Result of the ListAccountAssignments operation returned by the service. * @throws ResourceNotFoundException * Indicates that a requested resource is not found. * @throws InternalServerException * The request processing has failed because of an unknown error, exception, or failure with an internal * server. * @throws ThrottlingException * Indicates that the principal has crossed the throttling limits of the API operations. * @throws ValidationException * The request failed because it contains a syntax error. * @throws AccessDeniedException * You do not have sufficient access to perform this action. * @sample AWSSSOAdmin.ListAccountAssignments * @see AWS API Documentation */ ListAccountAssignmentsResult listAccountAssignments(ListAccountAssignmentsRequest listAccountAssignmentsRequest); /** ** Lists all the AWS accounts where the specified permission set is provisioned. *
* * @param listAccountsForProvisionedPermissionSetRequest * @return Result of the ListAccountsForProvisionedPermissionSet operation returned by the service. * @throws ResourceNotFoundException * Indicates that a requested resource is not found. * @throws InternalServerException * The request processing has failed because of an unknown error, exception, or failure with an internal * server. * @throws ThrottlingException * Indicates that the principal has crossed the throttling limits of the API operations. * @throws ValidationException * The request failed because it contains a syntax error. * @throws AccessDeniedException * You do not have sufficient access to perform this action. * @sample AWSSSOAdmin.ListAccountsForProvisionedPermissionSet * @see AWS API Documentation */ ListAccountsForProvisionedPermissionSetResult listAccountsForProvisionedPermissionSet( ListAccountsForProvisionedPermissionSetRequest listAccountsForProvisionedPermissionSetRequest); /** ** Lists all customer managed policies attached to a specified PermissionSet. *
* * @param listCustomerManagedPolicyReferencesInPermissionSetRequest * @return Result of the ListCustomerManagedPolicyReferencesInPermissionSet operation returned by the service. * @throws ResourceNotFoundException * Indicates that a requested resource is not found. * @throws InternalServerException * The request processing has failed because of an unknown error, exception, or failure with an internal * server. * @throws ThrottlingException * Indicates that the principal has crossed the throttling limits of the API operations. * @throws ValidationException * The request failed because it contains a syntax error. * @throws AccessDeniedException * You do not have sufficient access to perform this action. * @sample AWSSSOAdmin.ListCustomerManagedPolicyReferencesInPermissionSet * @see AWS API Documentation */ ListCustomerManagedPolicyReferencesInPermissionSetResult listCustomerManagedPolicyReferencesInPermissionSet( ListCustomerManagedPolicyReferencesInPermissionSetRequest listCustomerManagedPolicyReferencesInPermissionSetRequest); /** ** Lists the IAM Identity Center instances that the caller has access to. *
* * @param listInstancesRequest * @return Result of the ListInstances operation returned by the service. * @throws InternalServerException * The request processing has failed because of an unknown error, exception, or failure with an internal * server. * @throws ThrottlingException * Indicates that the principal has crossed the throttling limits of the API operations. * @throws AccessDeniedException * You do not have sufficient access to perform this action. * @throws ValidationException * The request failed because it contains a syntax error. * @sample AWSSSOAdmin.ListInstances * @see AWS API * Documentation */ ListInstancesResult listInstances(ListInstancesRequest listInstancesRequest); /** ** Lists the AWS managed policy that is attached to a specified permission set. *
* * @param listManagedPoliciesInPermissionSetRequest * @return Result of the ListManagedPoliciesInPermissionSet operation returned by the service. * @throws ResourceNotFoundException * Indicates that a requested resource is not found. * @throws InternalServerException * The request processing has failed because of an unknown error, exception, or failure with an internal * server. * @throws ThrottlingException * Indicates that the principal has crossed the throttling limits of the API operations. * @throws ValidationException * The request failed because it contains a syntax error. * @throws AccessDeniedException * You do not have sufficient access to perform this action. * @sample AWSSSOAdmin.ListManagedPoliciesInPermissionSet * @see AWS API Documentation */ ListManagedPoliciesInPermissionSetResult listManagedPoliciesInPermissionSet( ListManagedPoliciesInPermissionSetRequest listManagedPoliciesInPermissionSetRequest); /** ** Lists the status of the permission set provisioning requests for a specified IAM Identity Center instance. *
* * @param listPermissionSetProvisioningStatusRequest * @return Result of the ListPermissionSetProvisioningStatus operation returned by the service. * @throws ResourceNotFoundException * Indicates that a requested resource is not found. * @throws InternalServerException * The request processing has failed because of an unknown error, exception, or failure with an internal * server. * @throws ThrottlingException * Indicates that the principal has crossed the throttling limits of the API operations. * @throws ValidationException * The request failed because it contains a syntax error. * @throws AccessDeniedException * You do not have sufficient access to perform this action. * @sample AWSSSOAdmin.ListPermissionSetProvisioningStatus * @see AWS API Documentation */ ListPermissionSetProvisioningStatusResult listPermissionSetProvisioningStatus( ListPermissionSetProvisioningStatusRequest listPermissionSetProvisioningStatusRequest); /** ** Lists the PermissionSets in an IAM Identity Center instance. *
* * @param listPermissionSetsRequest * @return Result of the ListPermissionSets operation returned by the service. * @throws ResourceNotFoundException * Indicates that a requested resource is not found. * @throws InternalServerException * The request processing has failed because of an unknown error, exception, or failure with an internal * server. * @throws ThrottlingException * Indicates that the principal has crossed the throttling limits of the API operations. * @throws ValidationException * The request failed because it contains a syntax error. * @throws AccessDeniedException * You do not have sufficient access to perform this action. * @sample AWSSSOAdmin.ListPermissionSets * @see AWS * API Documentation */ ListPermissionSetsResult listPermissionSets(ListPermissionSetsRequest listPermissionSetsRequest); /** ** Lists all the permission sets that are provisioned to a specified AWS account. *
* * @param listPermissionSetsProvisionedToAccountRequest * @return Result of the ListPermissionSetsProvisionedToAccount operation returned by the service. * @throws ResourceNotFoundException * Indicates that a requested resource is not found. * @throws InternalServerException * The request processing has failed because of an unknown error, exception, or failure with an internal * server. * @throws ThrottlingException * Indicates that the principal has crossed the throttling limits of the API operations. * @throws ValidationException * The request failed because it contains a syntax error. * @throws AccessDeniedException * You do not have sufficient access to perform this action. * @sample AWSSSOAdmin.ListPermissionSetsProvisionedToAccount * @see AWS API Documentation */ ListPermissionSetsProvisionedToAccountResult listPermissionSetsProvisionedToAccount( ListPermissionSetsProvisionedToAccountRequest listPermissionSetsProvisionedToAccountRequest); /** ** Lists the tags that are attached to a specified resource. *
* * @param listTagsForResourceRequest * @return Result of the ListTagsForResource operation returned by the service. * @throws ResourceNotFoundException * Indicates that a requested resource is not found. * @throws InternalServerException * The request processing has failed because of an unknown error, exception, or failure with an internal * server. * @throws ThrottlingException * Indicates that the principal has crossed the throttling limits of the API operations. * @throws ValidationException * The request failed because it contains a syntax error. * @throws AccessDeniedException * You do not have sufficient access to perform this action. * @sample AWSSSOAdmin.ListTagsForResource * @see AWS * API Documentation */ ListTagsForResourceResult listTagsForResource(ListTagsForResourceRequest listTagsForResourceRequest); /** ** The process by which a specified permission set is provisioned to the specified target. *
* * @param provisionPermissionSetRequest * @return Result of the ProvisionPermissionSet operation returned by the service. * @throws ResourceNotFoundException * Indicates that a requested resource is not found. * @throws InternalServerException * The request processing has failed because of an unknown error, exception, or failure with an internal * server. * @throws ThrottlingException * Indicates that the principal has crossed the throttling limits of the API operations. * @throws ValidationException * The request failed because it contains a syntax error. * @throws AccessDeniedException * You do not have sufficient access to perform this action. * @throws ConflictException * Occurs when a conflict with a previous successful write is detected. This generally occurs when the * previous write did not have time to propagate to the host serving the current request. A retry (with * appropriate backoff logic) is the recommended response to this exception. * @sample AWSSSOAdmin.ProvisionPermissionSet * @see AWS API Documentation */ ProvisionPermissionSetResult provisionPermissionSet(ProvisionPermissionSetRequest provisionPermissionSetRequest); /** ** Attaches an inline policy to a permission set. *
*
* If the permission set is already referenced by one or more account assignments, you will need to call
* ProvisionPermissionSet after this action to apply the corresponding IAM policy updates to
* all assigned accounts.
*
* Attaches an AWS managed or customer managed policy to the specified PermissionSet as a permissions * boundary. *
* * @param putPermissionsBoundaryToPermissionSetRequest * @return Result of the PutPermissionsBoundaryToPermissionSet operation returned by the service. * @throws ResourceNotFoundException * Indicates that a requested resource is not found. * @throws InternalServerException * The request processing has failed because of an unknown error, exception, or failure with an internal * server. * @throws ThrottlingException * Indicates that the principal has crossed the throttling limits of the API operations. * @throws ValidationException * The request failed because it contains a syntax error. * @throws AccessDeniedException * You do not have sufficient access to perform this action. * @throws ConflictException * Occurs when a conflict with a previous successful write is detected. This generally occurs when the * previous write did not have time to propagate to the host serving the current request. A retry (with * appropriate backoff logic) is the recommended response to this exception. * @sample AWSSSOAdmin.PutPermissionsBoundaryToPermissionSet * @see AWS API Documentation */ PutPermissionsBoundaryToPermissionSetResult putPermissionsBoundaryToPermissionSet( PutPermissionsBoundaryToPermissionSetRequest putPermissionsBoundaryToPermissionSetRequest); /** ** Associates a set of tags with a specified resource. *
* * @param tagResourceRequest * @return Result of the TagResource operation returned by the service. * @throws ResourceNotFoundException * Indicates that a requested resource is not found. * @throws InternalServerException * The request processing has failed because of an unknown error, exception, or failure with an internal * server. * @throws ServiceQuotaExceededException * Indicates that the principal has crossed the permitted number of resources that can be created. * @throws ThrottlingException * Indicates that the principal has crossed the throttling limits of the API operations. * @throws ValidationException * The request failed because it contains a syntax error. * @throws AccessDeniedException * You do not have sufficient access to perform this action. * @throws ConflictException * Occurs when a conflict with a previous successful write is detected. This generally occurs when the * previous write did not have time to propagate to the host serving the current request. A retry (with * appropriate backoff logic) is the recommended response to this exception. * @sample AWSSSOAdmin.TagResource * @see AWS API * Documentation */ TagResourceResult tagResource(TagResourceRequest tagResourceRequest); /** ** Disassociates a set of tags from a specified resource. *
* * @param untagResourceRequest * @return Result of the UntagResource operation returned by the service. * @throws ResourceNotFoundException * Indicates that a requested resource is not found. * @throws InternalServerException * The request processing has failed because of an unknown error, exception, or failure with an internal * server. * @throws ThrottlingException * Indicates that the principal has crossed the throttling limits of the API operations. * @throws ValidationException * The request failed because it contains a syntax error. * @throws AccessDeniedException * You do not have sufficient access to perform this action. * @throws ConflictException * Occurs when a conflict with a previous successful write is detected. This generally occurs when the * previous write did not have time to propagate to the host serving the current request. A retry (with * appropriate backoff logic) is the recommended response to this exception. * @sample AWSSSOAdmin.UntagResource * @see AWS API * Documentation */ UntagResourceResult untagResource(UntagResourceRequest untagResourceRequest); /** ** Updates the IAM Identity Center identity store attributes that you can use with the IAM Identity Center instance * for attributes-based access control (ABAC). When using an external identity provider as an identity source, you * can pass attributes through the SAML assertion as an alternative to configuring attributes from the IAM Identity * Center identity store. If a SAML assertion passes any of these attributes, IAM Identity Center replaces the * attribute value with the value from the IAM Identity Center identity store. For more information about ABAC, see * Attribute-Based Access Control in the IAM Identity * Center User Guide. *
* * @param updateInstanceAccessControlAttributeConfigurationRequest * @return Result of the UpdateInstanceAccessControlAttributeConfiguration operation returned by the service. * @throws InternalServerException * The request processing has failed because of an unknown error, exception, or failure with an internal * server. * @throws AccessDeniedException * You do not have sufficient access to perform this action. * @throws ThrottlingException * Indicates that the principal has crossed the throttling limits of the API operations. * @throws ValidationException * The request failed because it contains a syntax error. * @throws ResourceNotFoundException * Indicates that a requested resource is not found. * @throws ConflictException * Occurs when a conflict with a previous successful write is detected. This generally occurs when the * previous write did not have time to propagate to the host serving the current request. A retry (with * appropriate backoff logic) is the recommended response to this exception. * @sample AWSSSOAdmin.UpdateInstanceAccessControlAttributeConfiguration * @see AWS API Documentation */ UpdateInstanceAccessControlAttributeConfigurationResult updateInstanceAccessControlAttributeConfiguration( UpdateInstanceAccessControlAttributeConfigurationRequest updateInstanceAccessControlAttributeConfigurationRequest); /** ** Updates an existing permission set. *
* * @param updatePermissionSetRequest * @return Result of the UpdatePermissionSet operation returned by the service. * @throws ResourceNotFoundException * Indicates that a requested resource is not found. * @throws InternalServerException * The request processing has failed because of an unknown error, exception, or failure with an internal * server. * @throws ThrottlingException * Indicates that the principal has crossed the throttling limits of the API operations. * @throws ValidationException * The request failed because it contains a syntax error. * @throws AccessDeniedException * You do not have sufficient access to perform this action. * @throws ConflictException * Occurs when a conflict with a previous successful write is detected. This generally occurs when the * previous write did not have time to propagate to the host serving the current request. A retry (with * appropriate backoff logic) is the recommended response to this exception. * @sample AWSSSOAdmin.UpdatePermissionSet * @see AWS * API Documentation */ UpdatePermissionSetResult updatePermissionSet(UpdatePermissionSetRequest updatePermissionSetRequest); /** * Shuts down this client object, releasing any resources that might be held open. This is an optional method, and * callers are not expected to call it, but can if they want to explicitly release any open resources. Once a client * has been shutdown, it should not be used to make any more requests. */ void shutdown(); /** * Returns additional metadata for a previously executed successful request, typically used for debugging issues * where a service isn't acting as expected. This data isn't considered part of the result data returned by an * operation, so it's available through this separate, diagnostic interface. ** Response metadata is only cached for a limited period of time, so if you need to access this extra diagnostic * information for an executed request, you should use this method to retrieve it as soon as possible after * executing a request. * * @param request * The originally executed request. * * @return The response metadata for the specified request, or null if none is available. */ ResponseMetadata getCachedResponseMetadata(AmazonWebServiceRequest request); }