NAME

Paws::SSOAdmin - Perl Interface to AWS AWS Single Sign-On Admin

SYNOPSIS

use Paws;

my $obj = Paws->service('SSOAdmin');
my $res = $obj->Method(
  Arg1 => $val1,
  Arg2 => [ 'V1', 'V2' ],
  # if Arg3 is an object, the HashRef will be used as arguments to the constructor
  # of the arguments type
  Arg3 => { Att1 => 'Val1' },
  # if Arg4 is an array of objects, the HashRefs will be passed as arguments to
  # the constructor of the arguments type
  Arg4 => [ { Att1 => 'Val1'  }, { Att1 => 'Val2' } ],
);

DESCRIPTION

For the AWS API documentation, see https://docs.aws.amazon.com/goto/WebAPI/sso-2020-07-20

METHODS

AttachManagedPolicyToPermissionSet

InstanceArn => Str
ManagedPolicyArn => Str
PermissionSetArn => Str

Each argument is described in detail in: Paws::SSOAdmin::AttachManagedPolicyToPermissionSet

Returns: a Paws::SSOAdmin::AttachManagedPolicyToPermissionSetResponse instance

Attaches an IAM managed policy ARN to a permission set.

If the permission set is already referenced by one or more account assignments, you will need to call ProvisionPermissionSet after this action to apply the corresponding IAM policy updates to all assigned accounts.

CreateAccountAssignment

InstanceArn => Str
PermissionSetArn => Str
PrincipalId => Str
PrincipalType => Str
TargetId => Str
TargetType => Str

Each argument is described in detail in: Paws::SSOAdmin::CreateAccountAssignment

Returns: a Paws::SSOAdmin::CreateAccountAssignmentResponse instance

Assigns access to a principal for a specified AWS account using a specified permission set.

The term principal here refers to a user or group that is defined in AWS SSO.

As part of a successful CreateAccountAssignment call, the specified permission set will automatically be provisioned to the account in the form of an IAM policy attached to the SSO-created IAM role. If the permission set is subsequently updated, the corresponding IAM policies attached to roles in your accounts will not be updated automatically. In this case, you will need to call ProvisionPermissionSet to make these updates.

CreateInstanceAccessControlAttributeConfiguration

InstanceAccessControlAttributeConfiguration => Paws::SSOAdmin::InstanceAccessControlAttributeConfiguration
InstanceArn => Str

Each argument is described in detail in: Paws::SSOAdmin::CreateInstanceAccessControlAttributeConfiguration

Returns: a Paws::SSOAdmin::CreateInstanceAccessControlAttributeConfigurationResponse instance

Enables the attributes-based access control (ABAC) feature for the specified AWS SSO instance. You can also specify new attributes to add to your ABAC configuration during the enabling process. For more information about ABAC, see Attribute-Based Access Control in the AWS SSO User Guide.

CreatePermissionSet

InstanceArn => Str
Name => Str
[Description => Str]
[RelayState => Str]
[SessionDuration => Str]
[Tags => ArrayRef[Paws::SSOAdmin::Tag]]

Each argument is described in detail in: Paws::SSOAdmin::CreatePermissionSet

Returns: a Paws::SSOAdmin::CreatePermissionSetResponse instance

Creates a permission set within a specified SSO instance.

To grant users and groups access to AWS account resources, use CreateAccountAssignment .

DeleteAccountAssignment

InstanceArn => Str
PermissionSetArn => Str
PrincipalId => Str
PrincipalType => Str
TargetId => Str
TargetType => Str

Each argument is described in detail in: Paws::SSOAdmin::DeleteAccountAssignment

Returns: a Paws::SSOAdmin::DeleteAccountAssignmentResponse instance

Deletes a principal's access from a specified AWS account using a specified permission set.

DeleteInlinePolicyFromPermissionSet

InstanceArn => Str
PermissionSetArn => Str

Each argument is described in detail in: Paws::SSOAdmin::DeleteInlinePolicyFromPermissionSet

Returns: a Paws::SSOAdmin::DeleteInlinePolicyFromPermissionSetResponse instance

Deletes the inline policy from a specified permission set.

DeleteInstanceAccessControlAttributeConfiguration

InstanceArn => Str

Each argument is described in detail in: Paws::SSOAdmin::DeleteInstanceAccessControlAttributeConfiguration

Returns: a Paws::SSOAdmin::DeleteInstanceAccessControlAttributeConfigurationResponse instance

Disables the attributes-based access control (ABAC) feature for the specified AWS SSO instance and deletes all of the attribute mappings that have been configured. Once deleted, any attributes that are received from an identity source and any custom attributes you have previously configured will not be passed. For more information about ABAC, see Attribute-Based Access Control in the AWS SSO User Guide.

DeletePermissionSet

InstanceArn => Str
PermissionSetArn => Str

Each argument is described in detail in: Paws::SSOAdmin::DeletePermissionSet

Returns: a Paws::SSOAdmin::DeletePermissionSetResponse instance

Deletes the specified permission set.

DescribeAccountAssignmentCreationStatus

AccountAssignmentCreationRequestId => Str
InstanceArn => Str

Each argument is described in detail in: Paws::SSOAdmin::DescribeAccountAssignmentCreationStatus

Returns: a Paws::SSOAdmin::DescribeAccountAssignmentCreationStatusResponse instance

Describes the status of the assignment creation request.

DescribeAccountAssignmentDeletionStatus

AccountAssignmentDeletionRequestId => Str
InstanceArn => Str

Each argument is described in detail in: Paws::SSOAdmin::DescribeAccountAssignmentDeletionStatus

Returns: a Paws::SSOAdmin::DescribeAccountAssignmentDeletionStatusResponse instance

Describes the status of the assignment deletion request.

DescribeInstanceAccessControlAttributeConfiguration

InstanceArn => Str

Each argument is described in detail in: Paws::SSOAdmin::DescribeInstanceAccessControlAttributeConfiguration

Returns: a Paws::SSOAdmin::DescribeInstanceAccessControlAttributeConfigurationResponse instance

Returns the list of AWS SSO identity store attributes that have been configured to work with attributes-based access control (ABAC) for the specified AWS SSO instance. This will not return attributes configured and sent by an external identity provider. For more information about ABAC, see Attribute-Based Access Control in the AWS SSO User Guide.

DescribePermissionSet

InstanceArn => Str
PermissionSetArn => Str

Each argument is described in detail in: Paws::SSOAdmin::DescribePermissionSet

Returns: a Paws::SSOAdmin::DescribePermissionSetResponse instance

Gets the details of the permission set.

DescribePermissionSetProvisioningStatus

InstanceArn => Str
ProvisionPermissionSetRequestId => Str

Each argument is described in detail in: Paws::SSOAdmin::DescribePermissionSetProvisioningStatus

Returns: a Paws::SSOAdmin::DescribePermissionSetProvisioningStatusResponse instance

Describes the status for the given permission set provisioning request.

DetachManagedPolicyFromPermissionSet

InstanceArn => Str
ManagedPolicyArn => Str
PermissionSetArn => Str

Each argument is described in detail in: Paws::SSOAdmin::DetachManagedPolicyFromPermissionSet

Returns: a Paws::SSOAdmin::DetachManagedPolicyFromPermissionSetResponse instance

Detaches the attached IAM managed policy ARN from the specified permission set.

GetInlinePolicyForPermissionSet

InstanceArn => Str
PermissionSetArn => Str

Each argument is described in detail in: Paws::SSOAdmin::GetInlinePolicyForPermissionSet

Returns: a Paws::SSOAdmin::GetInlinePolicyForPermissionSetResponse instance

Obtains the inline policy assigned to the permission set.

ListAccountAssignmentCreationStatus

InstanceArn => Str
[Filter => Paws::SSOAdmin::OperationStatusFilter]
[MaxResults => Int]
[NextToken => Str]

Each argument is described in detail in: Paws::SSOAdmin::ListAccountAssignmentCreationStatus

Returns: a Paws::SSOAdmin::ListAccountAssignmentCreationStatusResponse instance

Lists the status of the AWS account assignment creation requests for a specified SSO instance.

ListAccountAssignmentDeletionStatus

InstanceArn => Str
[Filter => Paws::SSOAdmin::OperationStatusFilter]
[MaxResults => Int]
[NextToken => Str]

Each argument is described in detail in: Paws::SSOAdmin::ListAccountAssignmentDeletionStatus

Returns: a Paws::SSOAdmin::ListAccountAssignmentDeletionStatusResponse instance

Lists the status of the AWS account assignment deletion requests for a specified SSO instance.

ListAccountAssignments

AccountId => Str
InstanceArn => Str
PermissionSetArn => Str
[MaxResults => Int]
[NextToken => Str]

Each argument is described in detail in: Paws::SSOAdmin::ListAccountAssignments

Returns: a Paws::SSOAdmin::ListAccountAssignmentsResponse instance

Lists the assignee of the specified AWS account with the specified permission set.

ListAccountsForProvisionedPermissionSet

InstanceArn => Str
PermissionSetArn => Str
[MaxResults => Int]
[NextToken => Str]
[ProvisioningStatus => Str]

Each argument is described in detail in: Paws::SSOAdmin::ListAccountsForProvisionedPermissionSet

Returns: a Paws::SSOAdmin::ListAccountsForProvisionedPermissionSetResponse instance

Lists all the AWS accounts where the specified permission set is provisioned.

ListInstances

[MaxResults => Int]
[NextToken => Str]

Each argument is described in detail in: Paws::SSOAdmin::ListInstances

Returns: a Paws::SSOAdmin::ListInstancesResponse instance

Lists the SSO instances that the caller has access to.

ListManagedPoliciesInPermissionSet

InstanceArn => Str
PermissionSetArn => Str
[MaxResults => Int]
[NextToken => Str]

Each argument is described in detail in: Paws::SSOAdmin::ListManagedPoliciesInPermissionSet

Returns: a Paws::SSOAdmin::ListManagedPoliciesInPermissionSetResponse instance

Lists the IAM managed policy that is attached to a specified permission set.

ListPermissionSetProvisioningStatus

InstanceArn => Str
[Filter => Paws::SSOAdmin::OperationStatusFilter]
[MaxResults => Int]
[NextToken => Str]

Each argument is described in detail in: Paws::SSOAdmin::ListPermissionSetProvisioningStatus

Returns: a Paws::SSOAdmin::ListPermissionSetProvisioningStatusResponse instance

Lists the status of the permission set provisioning requests for a specified SSO instance.

ListPermissionSets

InstanceArn => Str
[MaxResults => Int]
[NextToken => Str]

Each argument is described in detail in: Paws::SSOAdmin::ListPermissionSets

Returns: a Paws::SSOAdmin::ListPermissionSetsResponse instance

Lists the PermissionSets in an SSO instance.

ListPermissionSetsProvisionedToAccount

AccountId => Str
InstanceArn => Str
[MaxResults => Int]
[NextToken => Str]
[ProvisioningStatus => Str]

Each argument is described in detail in: Paws::SSOAdmin::ListPermissionSetsProvisionedToAccount

Returns: a Paws::SSOAdmin::ListPermissionSetsProvisionedToAccountResponse instance

Lists all the permission sets that are provisioned to a specified AWS account.

ListTagsForResource

InstanceArn => Str
ResourceArn => Str
[NextToken => Str]

Each argument is described in detail in: Paws::SSOAdmin::ListTagsForResource

Returns: a Paws::SSOAdmin::ListTagsForResourceResponse instance

Lists the tags that are attached to a specified resource.

ProvisionPermissionSet

InstanceArn => Str
PermissionSetArn => Str
TargetType => Str
[TargetId => Str]

Each argument is described in detail in: Paws::SSOAdmin::ProvisionPermissionSet

Returns: a Paws::SSOAdmin::ProvisionPermissionSetResponse instance

The process by which a specified permission set is provisioned to the specified target.

PutInlinePolicyToPermissionSet

InlinePolicy => Str
InstanceArn => Str
PermissionSetArn => Str

Each argument is described in detail in: Paws::SSOAdmin::PutInlinePolicyToPermissionSet

Returns: a Paws::SSOAdmin::PutInlinePolicyToPermissionSetResponse instance

Attaches an IAM inline policy to a permission set.

If the permission set is already referenced by one or more account assignments, you will need to call ProvisionPermissionSet after this action to apply the corresponding IAM policy updates to all assigned accounts.

TagResource

InstanceArn => Str
ResourceArn => Str
Tags => ArrayRef[Paws::SSOAdmin::Tag]

Each argument is described in detail in: Paws::SSOAdmin::TagResource

Returns: a Paws::SSOAdmin::TagResourceResponse instance

Associates a set of tags with a specified resource.

UntagResource

InstanceArn => Str
ResourceArn => Str
TagKeys => ArrayRef[Str|Undef]

Each argument is described in detail in: Paws::SSOAdmin::UntagResource

Returns: a Paws::SSOAdmin::UntagResourceResponse instance

Disassociates a set of tags from a specified resource.

UpdateInstanceAccessControlAttributeConfiguration

InstanceAccessControlAttributeConfiguration => Paws::SSOAdmin::InstanceAccessControlAttributeConfiguration
InstanceArn => Str

Each argument is described in detail in: Paws::SSOAdmin::UpdateInstanceAccessControlAttributeConfiguration

Returns: a Paws::SSOAdmin::UpdateInstanceAccessControlAttributeConfigurationResponse instance

Updates the AWS SSO identity store attributes to use with the AWS SSO instance for attributes-based access control (ABAC). When using an external identity provider as an identity source, you can pass attributes through the SAML assertion as an alternative to configuring attributes from the AWS SSO identity store. If a SAML assertion passes any of these attributes, AWS SSO will replace the attribute value with the value from the AWS SSO identity store. For more information about ABAC, see Attribute-Based Access Control in the AWS SSO User Guide.

UpdatePermissionSet

InstanceArn => Str
PermissionSetArn => Str
[Description => Str]
[RelayState => Str]
[SessionDuration => Str]

Each argument is described in detail in: Paws::SSOAdmin::UpdatePermissionSet

Returns: a Paws::SSOAdmin::UpdatePermissionSetResponse instance

Updates an existing permission set.

PAGINATORS

Paginator methods are helpers that repetively call methods that return partial results

ListAllAccountAssignmentCreationStatus(sub { },InstanceArn => Str, [Filter => Paws::SSOAdmin::OperationStatusFilter, MaxResults => Int, NextToken => Str])

ListAllAccountAssignmentCreationStatus(InstanceArn => Str, [Filter => Paws::SSOAdmin::OperationStatusFilter, MaxResults => Int, NextToken => Str])

If passed a sub as first parameter, it will call the sub for each element found in :

- AccountAssignmentsCreationStatus, passing the object as the first parameter, and the string 'AccountAssignmentsCreationStatus' as the second parameter 

If not, it will return a a Paws::SSOAdmin::ListAccountAssignmentCreationStatusResponse instance with all the params; from all the responses. Please take into account that this mode can potentially consume vasts ammounts of memory.

ListAllAccountAssignmentDeletionStatus(sub { },InstanceArn => Str, [Filter => Paws::SSOAdmin::OperationStatusFilter, MaxResults => Int, NextToken => Str])

ListAllAccountAssignmentDeletionStatus(InstanceArn => Str, [Filter => Paws::SSOAdmin::OperationStatusFilter, MaxResults => Int, NextToken => Str])

If passed a sub as first parameter, it will call the sub for each element found in :

- AccountAssignmentsDeletionStatus, passing the object as the first parameter, and the string 'AccountAssignmentsDeletionStatus' as the second parameter 

If not, it will return a a Paws::SSOAdmin::ListAccountAssignmentDeletionStatusResponse instance with all the params; from all the responses. Please take into account that this mode can potentially consume vasts ammounts of memory.

ListAllAccountAssignments(sub { },AccountId => Str, InstanceArn => Str, PermissionSetArn => Str, [MaxResults => Int, NextToken => Str])

ListAllAccountAssignments(AccountId => Str, InstanceArn => Str, PermissionSetArn => Str, [MaxResults => Int, NextToken => Str])

If passed a sub as first parameter, it will call the sub for each element found in :

- AccountAssignments, passing the object as the first parameter, and the string 'AccountAssignments' as the second parameter 

If not, it will return a a Paws::SSOAdmin::ListAccountAssignmentsResponse instance with all the params; from all the responses. Please take into account that this mode can potentially consume vasts ammounts of memory.

ListAllAccountsForProvisionedPermissionSet(sub { },InstanceArn => Str, PermissionSetArn => Str, [MaxResults => Int, NextToken => Str, ProvisioningStatus => Str])

ListAllAccountsForProvisionedPermissionSet(InstanceArn => Str, PermissionSetArn => Str, [MaxResults => Int, NextToken => Str, ProvisioningStatus => Str])

If passed a sub as first parameter, it will call the sub for each element found in :

- AccountIds, passing the object as the first parameter, and the string 'AccountIds' as the second parameter 

If not, it will return a a Paws::SSOAdmin::ListAccountsForProvisionedPermissionSetResponse instance with all the params; from all the responses. Please take into account that this mode can potentially consume vasts ammounts of memory.

ListAllInstances(sub { },[MaxResults => Int, NextToken => Str])

ListAllInstances([MaxResults => Int, NextToken => Str])

If passed a sub as first parameter, it will call the sub for each element found in :

- Instances, passing the object as the first parameter, and the string 'Instances' as the second parameter 

If not, it will return a a Paws::SSOAdmin::ListInstancesResponse instance with all the params; from all the responses. Please take into account that this mode can potentially consume vasts ammounts of memory.

ListAllManagedPoliciesInPermissionSet(sub { },InstanceArn => Str, PermissionSetArn => Str, [MaxResults => Int, NextToken => Str])

ListAllManagedPoliciesInPermissionSet(InstanceArn => Str, PermissionSetArn => Str, [MaxResults => Int, NextToken => Str])

If passed a sub as first parameter, it will call the sub for each element found in :

- AttachedManagedPolicies, passing the object as the first parameter, and the string 'AttachedManagedPolicies' as the second parameter 

If not, it will return a a Paws::SSOAdmin::ListManagedPoliciesInPermissionSetResponse instance with all the params; from all the responses. Please take into account that this mode can potentially consume vasts ammounts of memory.

ListAllPermissionSetProvisioningStatus(sub { },InstanceArn => Str, [Filter => Paws::SSOAdmin::OperationStatusFilter, MaxResults => Int, NextToken => Str])

ListAllPermissionSetProvisioningStatus(InstanceArn => Str, [Filter => Paws::SSOAdmin::OperationStatusFilter, MaxResults => Int, NextToken => Str])

If passed a sub as first parameter, it will call the sub for each element found in :

- PermissionSetsProvisioningStatus, passing the object as the first parameter, and the string 'PermissionSetsProvisioningStatus' as the second parameter 

If not, it will return a a Paws::SSOAdmin::ListPermissionSetProvisioningStatusResponse instance with all the params; from all the responses. Please take into account that this mode can potentially consume vasts ammounts of memory.

ListAllPermissionSets(sub { },InstanceArn => Str, [MaxResults => Int, NextToken => Str])

ListAllPermissionSets(InstanceArn => Str, [MaxResults => Int, NextToken => Str])

If passed a sub as first parameter, it will call the sub for each element found in :

- PermissionSets, passing the object as the first parameter, and the string 'PermissionSets' as the second parameter 

If not, it will return a a Paws::SSOAdmin::ListPermissionSetsResponse instance with all the params; from all the responses. Please take into account that this mode can potentially consume vasts ammounts of memory.

ListAllPermissionSetsProvisionedToAccount(sub { },AccountId => Str, InstanceArn => Str, [MaxResults => Int, NextToken => Str, ProvisioningStatus => Str])

ListAllPermissionSetsProvisionedToAccount(AccountId => Str, InstanceArn => Str, [MaxResults => Int, NextToken => Str, ProvisioningStatus => Str])

If passed a sub as first parameter, it will call the sub for each element found in :

- PermissionSets, passing the object as the first parameter, and the string 'PermissionSets' as the second parameter 

If not, it will return a a Paws::SSOAdmin::ListPermissionSetsProvisionedToAccountResponse instance with all the params; from all the responses. Please take into account that this mode can potentially consume vasts ammounts of memory.

ListAllTagsForResource(sub { },InstanceArn => Str, ResourceArn => Str, [NextToken => Str])

ListAllTagsForResource(InstanceArn => Str, ResourceArn => Str, [NextToken => Str])

If passed a sub as first parameter, it will call the sub for each element found in :

- Tags, passing the object as the first parameter, and the string 'Tags' as the second parameter 

If not, it will return a a Paws::SSOAdmin::ListTagsForResourceResponse instance with all the params; from all the responses. Please take into account that this mode can potentially consume vasts ammounts of memory.

SEE ALSO

This service class forms part of Paws

BUGS and CONTRIBUTIONS

The source code is located here: https://github.com/pplu/aws-sdk-perl

Please report bugs to: https://github.com/pplu/aws-sdk-perl/issues