Copyright | (c) 2013-2023 Brendan Hay |
---|---|
License | Mozilla Public License, v. 2.0. |
Maintainer | Brendan Hay |
Stability | auto-generated |
Portability | non-portable (GHC extensions) |
Safe Haskell | Safe-Inferred |
Language | Haskell2010 |
Assigns access to a principal for a specified AWS account using a specified permission set.
The term principal here refers to a user or group that is defined in IAM Identity Center.
As part of a successful CreateAccountAssignment
call, the specified
permission set will automatically be provisioned to the account in the
form of an IAM policy. That policy is attached to the IAM role created
in IAM Identity Center. If the permission set is subsequently updated,
the corresponding IAM policies attached to roles in your accounts will
not be updated automatically. In this case, you must call
ProvisionPermissionSet
to make these updates.
After a successful response, call
DescribeAccountAssignmentCreationStatus
to describe the status of an
assignment creation request.
Synopsis
- data CreateAccountAssignment = CreateAccountAssignment' {}
- newCreateAccountAssignment :: Text -> Text -> TargetType -> Text -> PrincipalType -> Text -> CreateAccountAssignment
- createAccountAssignment_instanceArn :: Lens' CreateAccountAssignment Text
- createAccountAssignment_targetId :: Lens' CreateAccountAssignment Text
- createAccountAssignment_targetType :: Lens' CreateAccountAssignment TargetType
- createAccountAssignment_permissionSetArn :: Lens' CreateAccountAssignment Text
- createAccountAssignment_principalType :: Lens' CreateAccountAssignment PrincipalType
- createAccountAssignment_principalId :: Lens' CreateAccountAssignment Text
- data CreateAccountAssignmentResponse = CreateAccountAssignmentResponse' {}
- newCreateAccountAssignmentResponse :: Int -> CreateAccountAssignmentResponse
- createAccountAssignmentResponse_accountAssignmentCreationStatus :: Lens' CreateAccountAssignmentResponse (Maybe AccountAssignmentOperationStatus)
- createAccountAssignmentResponse_httpStatus :: Lens' CreateAccountAssignmentResponse Int
Creating a Request
data CreateAccountAssignment Source #
See: newCreateAccountAssignment
smart constructor.
CreateAccountAssignment' | |
|
Instances
newCreateAccountAssignment Source #
:: Text | |
-> Text | |
-> TargetType | |
-> Text | |
-> PrincipalType | |
-> Text | |
-> CreateAccountAssignment |
Create a value of CreateAccountAssignment
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
CreateAccountAssignment
, createAccountAssignment_instanceArn
- The ARN of the IAM Identity Center instance under which the operation
will be executed. For more information about ARNs, see
Amazon Resource Names (ARNs) and AWS Service Namespaces
in the AWS General Reference.
CreateAccountAssignment
, createAccountAssignment_targetId
- TargetID is an AWS account identifier, typically a 10-12 digit string
(For example, 123456789012).
CreateAccountAssignment
, createAccountAssignment_targetType
- The entity type for which the assignment will be created.
CreateAccountAssignment
, createAccountAssignment_permissionSetArn
- The ARN of the permission set that the admin wants to grant the
principal access to.
CreateAccountAssignment
, createAccountAssignment_principalType
- The entity type for which the assignment will be created.
CreateAccountAssignment
, createAccountAssignment_principalId
- An identifier for an object in IAM Identity Center, such as a user or
group. PrincipalIds are GUIDs (For example,
f81d4fae-7dec-11d0-a765-00a0c91e6bf6). For more information about
PrincipalIds in IAM Identity Center, see the
IAM Identity Center Identity Store API Reference.
Request Lenses
createAccountAssignment_instanceArn :: Lens' CreateAccountAssignment Text Source #
The ARN of the IAM Identity Center instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.
createAccountAssignment_targetId :: Lens' CreateAccountAssignment Text Source #
TargetID is an AWS account identifier, typically a 10-12 digit string (For example, 123456789012).
createAccountAssignment_targetType :: Lens' CreateAccountAssignment TargetType Source #
The entity type for which the assignment will be created.
createAccountAssignment_permissionSetArn :: Lens' CreateAccountAssignment Text Source #
The ARN of the permission set that the admin wants to grant the principal access to.
createAccountAssignment_principalType :: Lens' CreateAccountAssignment PrincipalType Source #
The entity type for which the assignment will be created.
createAccountAssignment_principalId :: Lens' CreateAccountAssignment Text Source #
An identifier for an object in IAM Identity Center, such as a user or group. PrincipalIds are GUIDs (For example, f81d4fae-7dec-11d0-a765-00a0c91e6bf6). For more information about PrincipalIds in IAM Identity Center, see the IAM Identity Center Identity Store API Reference.
Destructuring the Response
data CreateAccountAssignmentResponse Source #
See: newCreateAccountAssignmentResponse
smart constructor.
CreateAccountAssignmentResponse' | |
|
Instances
newCreateAccountAssignmentResponse Source #
Create a value of CreateAccountAssignmentResponse
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:accountAssignmentCreationStatus:CreateAccountAssignmentResponse'
, createAccountAssignmentResponse_accountAssignmentCreationStatus
- The status object for the account assignment creation operation.
$sel:httpStatus:CreateAccountAssignmentResponse'
, createAccountAssignmentResponse_httpStatus
- The response's http status code.
Response Lenses
createAccountAssignmentResponse_accountAssignmentCreationStatus :: Lens' CreateAccountAssignmentResponse (Maybe AccountAssignmentOperationStatus) Source #
The status object for the account assignment creation operation.
createAccountAssignmentResponse_httpStatus :: Lens' CreateAccountAssignmentResponse Int Source #
The response's http status code.