Copyright	(c) 2013-2023 Brendan Hay
License	Mozilla Public License, v. 2.0.
Maintainer	Brendan Hay
Stability	auto-generated
Portability	non-portable (GHC extensions)
Safe Haskell	Safe-Inferred
Language	Haskell2010

Amazonka.SSOAdmin.CreateAccountAssignment

Contents

Creating a Request
Request Lenses
Destructuring the Response
Response Lenses

Description

Assigns access to a principal for a specified AWS account using a specified permission set.

The term principal here refers to a user or group that is defined in IAM Identity Center.

As part of a successful CreateAccountAssignment call, the specified permission set will automatically be provisioned to the account in the form of an IAM policy. That policy is attached to the IAM role created in IAM Identity Center. If the permission set is subsequently updated, the corresponding IAM policies attached to roles in your accounts will not be updated automatically. In this case, you must call ProvisionPermissionSet to make these updates.

After a successful response, call DescribeAccountAssignmentCreationStatus to describe the status of an assignment creation request.

Synopsis

Creating a Request

data CreateAccountAssignment Source #

See: newCreateAccountAssignment smart constructor.

Constructors

CreateAccountAssignment'

Fields

instanceArn :: Text
The ARN of the IAM Identity Center instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.
targetId :: Text
TargetID is an AWS account identifier, typically a 10-12 digit string (For example, 123456789012).
targetType :: TargetType
The entity type for which the assignment will be created.
permissionSetArn :: Text
The ARN of the permission set that the admin wants to grant the principal access to.
principalType :: PrincipalType
The entity type for which the assignment will be created.
principalId :: Text
An identifier for an object in IAM Identity Center, such as a user or group. PrincipalIds are GUIDs (For example, f81d4fae-7dec-11d0-a765-00a0c91e6bf6). For more information about PrincipalIds in IAM Identity Center, see the IAM Identity Center Identity Store API Reference.

Instances

Instances details

ToJSON CreateAccountAssignment Source #
Instance details Defined in Amazonka.SSOAdmin.CreateAccountAssignment Methods toJSON :: CreateAccountAssignment -> Value # toEncoding :: CreateAccountAssignment -> Encoding # toJSONList :: [CreateAccountAssignment] -> Value # toEncodingList :: [CreateAccountAssignment] -> Encoding #
ToHeaders CreateAccountAssignment Source #
Instance details Defined in Amazonka.SSOAdmin.CreateAccountAssignment Methods toHeaders :: CreateAccountAssignment -> [Header] #
ToPath CreateAccountAssignment Source #
Instance details Defined in Amazonka.SSOAdmin.CreateAccountAssignment Methods toPath :: CreateAccountAssignment -> ByteString #
ToQuery CreateAccountAssignment Source #
Instance details Defined in Amazonka.SSOAdmin.CreateAccountAssignment Methods toQuery :: CreateAccountAssignment -> QueryString #
AWSRequest CreateAccountAssignment Source #
Instance details Defined in Amazonka.SSOAdmin.CreateAccountAssignment Associated Types type AWSResponse CreateAccountAssignment # Methods request :: (Service -> Service) -> CreateAccountAssignment -> Request CreateAccountAssignment # response :: MonadResource m => (ByteStringLazy -> IO ByteStringLazy) -> Service -> Proxy CreateAccountAssignment -> ClientResponse ClientBody -> m (Either Error (ClientResponse (AWSResponse CreateAccountAssignment))) #
Generic CreateAccountAssignment Source #
Instance details Defined in Amazonka.SSOAdmin.CreateAccountAssignment Associated Types type Rep CreateAccountAssignment :: Type -> Type # Methods from :: CreateAccountAssignment -> Rep CreateAccountAssignment x # to :: Rep CreateAccountAssignment x -> CreateAccountAssignment #
Read CreateAccountAssignment Source #
Instance details Defined in Amazonka.SSOAdmin.CreateAccountAssignment Methods readsPrec :: Int -> ReadS CreateAccountAssignment # readList :: ReadS [CreateAccountAssignment] # readPrec :: ReadPrec CreateAccountAssignment # readListPrec :: ReadPrec [CreateAccountAssignment] #
Show CreateAccountAssignment Source #
Instance details Defined in Amazonka.SSOAdmin.CreateAccountAssignment Methods showsPrec :: Int -> CreateAccountAssignment -> ShowS # show :: CreateAccountAssignment -> String # showList :: [CreateAccountAssignment] -> ShowS #
NFData CreateAccountAssignment Source #
Instance details Defined in Amazonka.SSOAdmin.CreateAccountAssignment Methods rnf :: CreateAccountAssignment -> () #
Eq CreateAccountAssignment Source #
Instance details Defined in Amazonka.SSOAdmin.CreateAccountAssignment Methods (==) :: CreateAccountAssignment -> CreateAccountAssignment -> Bool # (/=) :: CreateAccountAssignment -> CreateAccountAssignment -> Bool #
Hashable CreateAccountAssignment Source #
Instance details Defined in Amazonka.SSOAdmin.CreateAccountAssignment Methods hashWithSalt :: Int -> CreateAccountAssignment -> Int # hash :: CreateAccountAssignment -> Int #
type AWSResponse CreateAccountAssignment Source #
Instance details Defined in Amazonka.SSOAdmin.CreateAccountAssignment type AWSResponse CreateAccountAssignment = CreateAccountAssignmentResponse
type Rep CreateAccountAssignment Source #
Instance details Defined in Amazonka.SSOAdmin.CreateAccountAssignment type Rep CreateAccountAssignment = D1 ('MetaData "CreateAccountAssignment" "Amazonka.SSOAdmin.CreateAccountAssignment" "amazonka-sso-admin-2.0-HhKPJAnDdA18B4mnMjNqZF" 'False) (C1 ('MetaCons "CreateAccountAssignment'" 'PrefixI 'True) ((S1 ('MetaSel ('Just "instanceArn") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Text) :: (S1 ('MetaSel ('Just "targetId") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Text) :: S1 ('MetaSel ('Just "targetType") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 TargetType))) :: (S1 ('MetaSel ('Just "permissionSetArn") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Text) :: (S1 ('MetaSel ('Just "principalType") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 PrincipalType) :*: S1 ('MetaSel ('Just "principalId") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Text)))))

newCreateAccountAssignment Source #

Arguments

:: Text	`CreateAccountAssignment`
-> Text	`CreateAccountAssignment`
-> TargetType	`CreateAccountAssignment`
-> Text	`CreateAccountAssignment`
-> PrincipalType	`CreateAccountAssignment`
-> Text	`CreateAccountAssignment`
-> CreateAccountAssignment

Create a value of CreateAccountAssignment with all optional fields omitted.

Use generic-lens or optics to modify other optional fields.

The following record fields are available, with the corresponding lenses provided for backwards compatibility:

CreateAccountAssignment, createAccountAssignment_instanceArn - The ARN of the IAM Identity Center instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.

CreateAccountAssignment, createAccountAssignment_targetId - TargetID is an AWS account identifier, typically a 10-12 digit string (For example, 123456789012).

CreateAccountAssignment, createAccountAssignment_targetType - The entity type for which the assignment will be created.

CreateAccountAssignment, createAccountAssignment_permissionSetArn - The ARN of the permission set that the admin wants to grant the principal access to.

CreateAccountAssignment, createAccountAssignment_principalType - The entity type for which the assignment will be created.

CreateAccountAssignment, createAccountAssignment_principalId - An identifier for an object in IAM Identity Center, such as a user or group. PrincipalIds are GUIDs (For example, f81d4fae-7dec-11d0-a765-00a0c91e6bf6). For more information about PrincipalIds in IAM Identity Center, see the IAM Identity Center Identity Store API Reference.

Request Lenses

createAccountAssignment_instanceArn :: Lens' CreateAccountAssignment Text Source #

The ARN of the IAM Identity Center instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.

createAccountAssignment_targetId :: Lens' CreateAccountAssignment Text Source #

TargetID is an AWS account identifier, typically a 10-12 digit string (For example, 123456789012).

createAccountAssignment_targetType :: Lens' CreateAccountAssignment TargetType Source #

The entity type for which the assignment will be created.

createAccountAssignment_permissionSetArn :: Lens' CreateAccountAssignment Text Source #

The ARN of the permission set that the admin wants to grant the principal access to.

createAccountAssignment_principalType :: Lens' CreateAccountAssignment PrincipalType Source #

The entity type for which the assignment will be created.

createAccountAssignment_principalId :: Lens' CreateAccountAssignment Text Source #

An identifier for an object in IAM Identity Center, such as a user or group. PrincipalIds are GUIDs (For example, f81d4fae-7dec-11d0-a765-00a0c91e6bf6). For more information about PrincipalIds in IAM Identity Center, see the IAM Identity Center Identity Store API Reference.

Destructuring the Response

data CreateAccountAssignmentResponse Source #

See: newCreateAccountAssignmentResponse smart constructor.

Constructors

CreateAccountAssignmentResponse'
Fields accountAssignmentCreationStatus :: Maybe AccountAssignmentOperationStatus The status object for the account assignment creation operation. httpStatus :: Int The response's http status code.

Instances

Instances details

Generic CreateAccountAssignmentResponse Source #
Instance details Defined in Amazonka.SSOAdmin.CreateAccountAssignment Associated Types type Rep CreateAccountAssignmentResponse :: Type -> Type # Methods from :: CreateAccountAssignmentResponse -> Rep CreateAccountAssignmentResponse x # to :: Rep CreateAccountAssignmentResponse x -> CreateAccountAssignmentResponse #
Read CreateAccountAssignmentResponse Source #
Instance details Defined in Amazonka.SSOAdmin.CreateAccountAssignment Methods readsPrec :: Int -> ReadS CreateAccountAssignmentResponse # readList :: ReadS [CreateAccountAssignmentResponse] # readPrec :: ReadPrec CreateAccountAssignmentResponse # readListPrec :: ReadPrec [CreateAccountAssignmentResponse] #
Show CreateAccountAssignmentResponse Source #
Instance details Defined in Amazonka.SSOAdmin.CreateAccountAssignment Methods showsPrec :: Int -> CreateAccountAssignmentResponse -> ShowS # show :: CreateAccountAssignmentResponse -> String # showList :: [CreateAccountAssignmentResponse] -> ShowS #
NFData CreateAccountAssignmentResponse Source #
Instance details Defined in Amazonka.SSOAdmin.CreateAccountAssignment Methods rnf :: CreateAccountAssignmentResponse -> () #
Eq CreateAccountAssignmentResponse Source #
Instance details Defined in Amazonka.SSOAdmin.CreateAccountAssignment Methods (==) :: CreateAccountAssignmentResponse -> CreateAccountAssignmentResponse -> Bool # (/=) :: CreateAccountAssignmentResponse -> CreateAccountAssignmentResponse -> Bool #
type Rep CreateAccountAssignmentResponse Source #
Instance details Defined in Amazonka.SSOAdmin.CreateAccountAssignment type Rep CreateAccountAssignmentResponse = D1 ('MetaData "CreateAccountAssignmentResponse" "Amazonka.SSOAdmin.CreateAccountAssignment" "amazonka-sso-admin-2.0-HhKPJAnDdA18B4mnMjNqZF" 'False) (C1 ('MetaCons "CreateAccountAssignmentResponse'" 'PrefixI 'True) (S1 ('MetaSel ('Just "accountAssignmentCreationStatus") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe AccountAssignmentOperationStatus)) :*: S1 ('MetaSel ('Just "httpStatus") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Int)))

newCreateAccountAssignmentResponse Source #

Arguments

:: Int	`$sel:httpStatus:CreateAccountAssignmentResponse'`
-> CreateAccountAssignmentResponse

Create a value of CreateAccountAssignmentResponse with all optional fields omitted.

Use generic-lens or optics to modify other optional fields.

The following record fields are available, with the corresponding lenses provided for backwards compatibility:

$sel:accountAssignmentCreationStatus:CreateAccountAssignmentResponse', createAccountAssignmentResponse_accountAssignmentCreationStatus - The status object for the account assignment creation operation.

$sel:httpStatus:CreateAccountAssignmentResponse', createAccountAssignmentResponse_httpStatus - The response's http status code.

Response Lenses

createAccountAssignmentResponse_accountAssignmentCreationStatus :: Lens' CreateAccountAssignmentResponse (Maybe AccountAssignmentOperationStatus) Source #

The status object for the account assignment creation operation.

createAccountAssignmentResponse_httpStatus :: Lens' CreateAccountAssignmentResponse Int Source #

The response's http status code.