Copyright | (c) 2013-2023 Brendan Hay |
---|---|
License | Mozilla Public License, v. 2.0. |
Maintainer | Brendan Hay |
Stability | auto-generated |
Portability | non-portable (GHC extensions) |
Safe Haskell | Safe-Inferred |
Language | Haskell2010 |
- Service Configuration
- Errors
- InstanceAccessControlAttributeConfigurationStatus
- PrincipalType
- ProvisionTargetType
- ProvisioningStatus
- StatusValues
- TargetType
- AccessControlAttribute
- AccessControlAttributeValue
- AccountAssignment
- AccountAssignmentOperationStatus
- AccountAssignmentOperationStatusMetadata
- AttachedManagedPolicy
- CustomerManagedPolicyReference
- InstanceAccessControlAttributeConfiguration
- InstanceMetadata
- OperationStatusFilter
- PermissionSet
- PermissionSetProvisioningStatus
- PermissionSetProvisioningStatusMetadata
- PermissionsBoundary
- Tag
Synopsis
- defaultService :: Service
- _AccessDeniedException :: AsError a => Fold a ServiceError
- _ConflictException :: AsError a => Fold a ServiceError
- _InternalServerException :: AsError a => Fold a ServiceError
- _ResourceNotFoundException :: AsError a => Fold a ServiceError
- _ServiceQuotaExceededException :: AsError a => Fold a ServiceError
- _ThrottlingException :: AsError a => Fold a ServiceError
- _ValidationException :: AsError a => Fold a ServiceError
- newtype InstanceAccessControlAttributeConfigurationStatus where
- InstanceAccessControlAttributeConfigurationStatus' { }
- pattern InstanceAccessControlAttributeConfigurationStatus_CREATION_FAILED :: InstanceAccessControlAttributeConfigurationStatus
- pattern InstanceAccessControlAttributeConfigurationStatus_CREATION_IN_PROGRESS :: InstanceAccessControlAttributeConfigurationStatus
- pattern InstanceAccessControlAttributeConfigurationStatus_ENABLED :: InstanceAccessControlAttributeConfigurationStatus
- newtype PrincipalType where
- PrincipalType' { }
- pattern PrincipalType_GROUP :: PrincipalType
- pattern PrincipalType_USER :: PrincipalType
- newtype ProvisionTargetType where
- newtype ProvisioningStatus where
- newtype StatusValues where
- StatusValues' { }
- pattern StatusValues_FAILED :: StatusValues
- pattern StatusValues_IN_PROGRESS :: StatusValues
- pattern StatusValues_SUCCEEDED :: StatusValues
- newtype TargetType where
- TargetType' { }
- pattern TargetType_AWS_ACCOUNT :: TargetType
- data AccessControlAttribute = AccessControlAttribute' {}
- newAccessControlAttribute :: Text -> AccessControlAttributeValue -> AccessControlAttribute
- accessControlAttribute_key :: Lens' AccessControlAttribute Text
- accessControlAttribute_value :: Lens' AccessControlAttribute AccessControlAttributeValue
- data AccessControlAttributeValue = AccessControlAttributeValue' {}
- newAccessControlAttributeValue :: NonEmpty Text -> AccessControlAttributeValue
- accessControlAttributeValue_source :: Lens' AccessControlAttributeValue (NonEmpty Text)
- data AccountAssignment = AccountAssignment' {}
- newAccountAssignment :: AccountAssignment
- accountAssignment_accountId :: Lens' AccountAssignment (Maybe Text)
- accountAssignment_permissionSetArn :: Lens' AccountAssignment (Maybe Text)
- accountAssignment_principalId :: Lens' AccountAssignment (Maybe Text)
- accountAssignment_principalType :: Lens' AccountAssignment (Maybe PrincipalType)
- data AccountAssignmentOperationStatus = AccountAssignmentOperationStatus' {}
- newAccountAssignmentOperationStatus :: AccountAssignmentOperationStatus
- accountAssignmentOperationStatus_createdDate :: Lens' AccountAssignmentOperationStatus (Maybe UTCTime)
- accountAssignmentOperationStatus_failureReason :: Lens' AccountAssignmentOperationStatus (Maybe Text)
- accountAssignmentOperationStatus_permissionSetArn :: Lens' AccountAssignmentOperationStatus (Maybe Text)
- accountAssignmentOperationStatus_principalId :: Lens' AccountAssignmentOperationStatus (Maybe Text)
- accountAssignmentOperationStatus_principalType :: Lens' AccountAssignmentOperationStatus (Maybe PrincipalType)
- accountAssignmentOperationStatus_requestId :: Lens' AccountAssignmentOperationStatus (Maybe Text)
- accountAssignmentOperationStatus_status :: Lens' AccountAssignmentOperationStatus (Maybe StatusValues)
- accountAssignmentOperationStatus_targetId :: Lens' AccountAssignmentOperationStatus (Maybe Text)
- accountAssignmentOperationStatus_targetType :: Lens' AccountAssignmentOperationStatus (Maybe TargetType)
- data AccountAssignmentOperationStatusMetadata = AccountAssignmentOperationStatusMetadata' {}
- newAccountAssignmentOperationStatusMetadata :: AccountAssignmentOperationStatusMetadata
- accountAssignmentOperationStatusMetadata_createdDate :: Lens' AccountAssignmentOperationStatusMetadata (Maybe UTCTime)
- accountAssignmentOperationStatusMetadata_requestId :: Lens' AccountAssignmentOperationStatusMetadata (Maybe Text)
- accountAssignmentOperationStatusMetadata_status :: Lens' AccountAssignmentOperationStatusMetadata (Maybe StatusValues)
- data AttachedManagedPolicy = AttachedManagedPolicy' {}
- newAttachedManagedPolicy :: AttachedManagedPolicy
- attachedManagedPolicy_arn :: Lens' AttachedManagedPolicy (Maybe Text)
- attachedManagedPolicy_name :: Lens' AttachedManagedPolicy (Maybe Text)
- data CustomerManagedPolicyReference = CustomerManagedPolicyReference' {}
- newCustomerManagedPolicyReference :: Text -> CustomerManagedPolicyReference
- customerManagedPolicyReference_path :: Lens' CustomerManagedPolicyReference (Maybe Text)
- customerManagedPolicyReference_name :: Lens' CustomerManagedPolicyReference Text
- data InstanceAccessControlAttributeConfiguration = InstanceAccessControlAttributeConfiguration' {}
- newInstanceAccessControlAttributeConfiguration :: InstanceAccessControlAttributeConfiguration
- instanceAccessControlAttributeConfiguration_accessControlAttributes :: Lens' InstanceAccessControlAttributeConfiguration [AccessControlAttribute]
- data InstanceMetadata = InstanceMetadata' {}
- newInstanceMetadata :: InstanceMetadata
- instanceMetadata_identityStoreId :: Lens' InstanceMetadata (Maybe Text)
- instanceMetadata_instanceArn :: Lens' InstanceMetadata (Maybe Text)
- data OperationStatusFilter = OperationStatusFilter' {}
- newOperationStatusFilter :: OperationStatusFilter
- operationStatusFilter_status :: Lens' OperationStatusFilter (Maybe StatusValues)
- data PermissionSet = PermissionSet' {}
- newPermissionSet :: PermissionSet
- permissionSet_createdDate :: Lens' PermissionSet (Maybe UTCTime)
- permissionSet_description :: Lens' PermissionSet (Maybe Text)
- permissionSet_name :: Lens' PermissionSet (Maybe Text)
- permissionSet_permissionSetArn :: Lens' PermissionSet (Maybe Text)
- permissionSet_relayState :: Lens' PermissionSet (Maybe Text)
- permissionSet_sessionDuration :: Lens' PermissionSet (Maybe Text)
- data PermissionSetProvisioningStatus = PermissionSetProvisioningStatus' {}
- newPermissionSetProvisioningStatus :: PermissionSetProvisioningStatus
- permissionSetProvisioningStatus_accountId :: Lens' PermissionSetProvisioningStatus (Maybe Text)
- permissionSetProvisioningStatus_createdDate :: Lens' PermissionSetProvisioningStatus (Maybe UTCTime)
- permissionSetProvisioningStatus_failureReason :: Lens' PermissionSetProvisioningStatus (Maybe Text)
- permissionSetProvisioningStatus_permissionSetArn :: Lens' PermissionSetProvisioningStatus (Maybe Text)
- permissionSetProvisioningStatus_requestId :: Lens' PermissionSetProvisioningStatus (Maybe Text)
- permissionSetProvisioningStatus_status :: Lens' PermissionSetProvisioningStatus (Maybe StatusValues)
- data PermissionSetProvisioningStatusMetadata = PermissionSetProvisioningStatusMetadata' {}
- newPermissionSetProvisioningStatusMetadata :: PermissionSetProvisioningStatusMetadata
- permissionSetProvisioningStatusMetadata_createdDate :: Lens' PermissionSetProvisioningStatusMetadata (Maybe UTCTime)
- permissionSetProvisioningStatusMetadata_requestId :: Lens' PermissionSetProvisioningStatusMetadata (Maybe Text)
- permissionSetProvisioningStatusMetadata_status :: Lens' PermissionSetProvisioningStatusMetadata (Maybe StatusValues)
- data PermissionsBoundary = PermissionsBoundary' {}
- newPermissionsBoundary :: PermissionsBoundary
- permissionsBoundary_customerManagedPolicyReference :: Lens' PermissionsBoundary (Maybe CustomerManagedPolicyReference)
- permissionsBoundary_managedPolicyArn :: Lens' PermissionsBoundary (Maybe Text)
- data Tag = Tag' {}
- newTag :: Text -> Text -> Tag
- tag_key :: Lens' Tag Text
- tag_value :: Lens' Tag Text
Service Configuration
defaultService :: Service Source #
API version 2020-07-20
of the Amazon Single Sign-On Admin SDK configuration.
Errors
_AccessDeniedException :: AsError a => Fold a ServiceError Source #
You do not have sufficient access to perform this action.
_ConflictException :: AsError a => Fold a ServiceError Source #
Occurs when a conflict with a previous successful write is detected. This generally occurs when the previous write did not have time to propagate to the host serving the current request. A retry (with appropriate backoff logic) is the recommended response to this exception.
_InternalServerException :: AsError a => Fold a ServiceError Source #
The request processing has failed because of an unknown error, exception, or failure with an internal server.
_ResourceNotFoundException :: AsError a => Fold a ServiceError Source #
Indicates that a requested resource is not found.
_ServiceQuotaExceededException :: AsError a => Fold a ServiceError Source #
Indicates that the principal has crossed the permitted number of resources that can be created.
_ThrottlingException :: AsError a => Fold a ServiceError Source #
Indicates that the principal has crossed the throttling limits of the API operations.
_ValidationException :: AsError a => Fold a ServiceError Source #
The request failed because it contains a syntax error.
InstanceAccessControlAttributeConfigurationStatus
newtype InstanceAccessControlAttributeConfigurationStatus Source #
Instances
PrincipalType
newtype PrincipalType Source #
pattern PrincipalType_GROUP :: PrincipalType | |
pattern PrincipalType_USER :: PrincipalType |
Instances
ProvisionTargetType
newtype ProvisionTargetType Source #
pattern ProvisionTargetType_ALL_PROVISIONED_ACCOUNTS :: ProvisionTargetType | |
pattern ProvisionTargetType_AWS_ACCOUNT :: ProvisionTargetType |
Instances
ProvisioningStatus
newtype ProvisioningStatus Source #
pattern ProvisioningStatus_LATEST_PERMISSION_SET_NOT_PROVISIONED :: ProvisioningStatus | |
pattern ProvisioningStatus_LATEST_PERMISSION_SET_PROVISIONED :: ProvisioningStatus |
Instances
StatusValues
newtype StatusValues Source #
pattern StatusValues_FAILED :: StatusValues | |
pattern StatusValues_IN_PROGRESS :: StatusValues | |
pattern StatusValues_SUCCEEDED :: StatusValues |
Instances
TargetType
newtype TargetType Source #
pattern TargetType_AWS_ACCOUNT :: TargetType |
Instances
AccessControlAttribute
data AccessControlAttribute Source #
These are IAM Identity Center identity store attributes that you can
configure for use in attributes-based access control (ABAC). You can
create permissions policies that determine who can access your AWS
resources based upon the configured attribute values. When you enable
ABAC and specify AccessControlAttributes
, IAM Identity Center passes
the attribute values of the authenticated user into IAM for use in
policy evaluation.
See: newAccessControlAttribute
smart constructor.
AccessControlAttribute' | |
|
Instances
newAccessControlAttribute Source #
Create a value of AccessControlAttribute
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:key:AccessControlAttribute'
, accessControlAttribute_key
- The name of the attribute associated with your identities in your
identity source. This is used to map a specified attribute in your
identity source with an attribute in IAM Identity Center.
$sel:value:AccessControlAttribute'
, accessControlAttribute_value
- The value used for mapping a specified attribute to an identity source.
accessControlAttribute_key :: Lens' AccessControlAttribute Text Source #
The name of the attribute associated with your identities in your identity source. This is used to map a specified attribute in your identity source with an attribute in IAM Identity Center.
accessControlAttribute_value :: Lens' AccessControlAttribute AccessControlAttributeValue Source #
The value used for mapping a specified attribute to an identity source.
AccessControlAttributeValue
data AccessControlAttributeValue Source #
The value used for mapping a specified attribute to an identity source. For more information, see Attribute mappings in the IAM Identity Center User Guide.
See: newAccessControlAttributeValue
smart constructor.
Instances
newAccessControlAttributeValue Source #
Create a value of AccessControlAttributeValue
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:source:AccessControlAttributeValue'
, accessControlAttributeValue_source
- The identity source to use when mapping a specified attribute to IAM
Identity Center.
accessControlAttributeValue_source :: Lens' AccessControlAttributeValue (NonEmpty Text) Source #
The identity source to use when mapping a specified attribute to IAM Identity Center.
AccountAssignment
data AccountAssignment Source #
The assignment that indicates a principal's limited access to a specified AWS account with a specified permission set.
The term principal here refers to a user or group that is defined in IAM Identity Center.
See: newAccountAssignment
smart constructor.
AccountAssignment' | |
|
Instances
newAccountAssignment :: AccountAssignment Source #
Create a value of AccountAssignment
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:accountId:AccountAssignment'
, accountAssignment_accountId
- The identifier of the AWS account.
$sel:permissionSetArn:AccountAssignment'
, accountAssignment_permissionSetArn
- The ARN of the permission set. For more information about ARNs, see
Amazon Resource Names (ARNs) and AWS Service Namespaces
in the AWS General Reference.
$sel:principalId:AccountAssignment'
, accountAssignment_principalId
- An identifier for an object in IAM Identity Center, such as a user or
group. PrincipalIds are GUIDs (For example,
f81d4fae-7dec-11d0-a765-00a0c91e6bf6). For more information about
PrincipalIds in IAM Identity Center, see the
IAM Identity Center Identity Store API Reference.
$sel:principalType:AccountAssignment'
, accountAssignment_principalType
- The entity type for which the assignment will be created.
accountAssignment_accountId :: Lens' AccountAssignment (Maybe Text) Source #
The identifier of the AWS account.
accountAssignment_permissionSetArn :: Lens' AccountAssignment (Maybe Text) Source #
The ARN of the permission set. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.
accountAssignment_principalId :: Lens' AccountAssignment (Maybe Text) Source #
An identifier for an object in IAM Identity Center, such as a user or group. PrincipalIds are GUIDs (For example, f81d4fae-7dec-11d0-a765-00a0c91e6bf6). For more information about PrincipalIds in IAM Identity Center, see the IAM Identity Center Identity Store API Reference.
accountAssignment_principalType :: Lens' AccountAssignment (Maybe PrincipalType) Source #
The entity type for which the assignment will be created.
AccountAssignmentOperationStatus
data AccountAssignmentOperationStatus Source #
The status of the creation or deletion operation of an assignment that a principal needs to access an account.
See: newAccountAssignmentOperationStatus
smart constructor.
AccountAssignmentOperationStatus' | |
|
Instances
newAccountAssignmentOperationStatus :: AccountAssignmentOperationStatus Source #
Create a value of AccountAssignmentOperationStatus
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:createdDate:AccountAssignmentOperationStatus'
, accountAssignmentOperationStatus_createdDate
- The date that the permission set was created.
$sel:failureReason:AccountAssignmentOperationStatus'
, accountAssignmentOperationStatus_failureReason
- The message that contains an error or exception in case of an operation
failure.
$sel:permissionSetArn:AccountAssignmentOperationStatus'
, accountAssignmentOperationStatus_permissionSetArn
- The ARN of the permission set. For more information about ARNs, see
Amazon Resource Names (ARNs) and AWS Service Namespaces
in the AWS General Reference.
$sel:principalId:AccountAssignmentOperationStatus'
, accountAssignmentOperationStatus_principalId
- An identifier for an object in IAM Identity Center, such as a user or
group. PrincipalIds are GUIDs (For example,
f81d4fae-7dec-11d0-a765-00a0c91e6bf6). For more information about
PrincipalIds in IAM Identity Center, see the
IAM Identity Center Identity Store API Reference.
$sel:principalType:AccountAssignmentOperationStatus'
, accountAssignmentOperationStatus_principalType
- The entity type for which the assignment will be created.
$sel:requestId:AccountAssignmentOperationStatus'
, accountAssignmentOperationStatus_requestId
- The identifier for tracking the request operation that is generated by
the universally unique identifier (UUID) workflow.
$sel:status:AccountAssignmentOperationStatus'
, accountAssignmentOperationStatus_status
- The status of the permission set provisioning process.
$sel:targetId:AccountAssignmentOperationStatus'
, accountAssignmentOperationStatus_targetId
- TargetID is an AWS account identifier, typically a 10-12 digit string
(For example, 123456789012).
$sel:targetType:AccountAssignmentOperationStatus'
, accountAssignmentOperationStatus_targetType
- The entity type for which the assignment will be created.
accountAssignmentOperationStatus_createdDate :: Lens' AccountAssignmentOperationStatus (Maybe UTCTime) Source #
The date that the permission set was created.
accountAssignmentOperationStatus_failureReason :: Lens' AccountAssignmentOperationStatus (Maybe Text) Source #
The message that contains an error or exception in case of an operation failure.
accountAssignmentOperationStatus_permissionSetArn :: Lens' AccountAssignmentOperationStatus (Maybe Text) Source #
The ARN of the permission set. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.
accountAssignmentOperationStatus_principalId :: Lens' AccountAssignmentOperationStatus (Maybe Text) Source #
An identifier for an object in IAM Identity Center, such as a user or group. PrincipalIds are GUIDs (For example, f81d4fae-7dec-11d0-a765-00a0c91e6bf6). For more information about PrincipalIds in IAM Identity Center, see the IAM Identity Center Identity Store API Reference.
accountAssignmentOperationStatus_principalType :: Lens' AccountAssignmentOperationStatus (Maybe PrincipalType) Source #
The entity type for which the assignment will be created.
accountAssignmentOperationStatus_requestId :: Lens' AccountAssignmentOperationStatus (Maybe Text) Source #
The identifier for tracking the request operation that is generated by the universally unique identifier (UUID) workflow.
accountAssignmentOperationStatus_status :: Lens' AccountAssignmentOperationStatus (Maybe StatusValues) Source #
The status of the permission set provisioning process.
accountAssignmentOperationStatus_targetId :: Lens' AccountAssignmentOperationStatus (Maybe Text) Source #
TargetID is an AWS account identifier, typically a 10-12 digit string (For example, 123456789012).
accountAssignmentOperationStatus_targetType :: Lens' AccountAssignmentOperationStatus (Maybe TargetType) Source #
The entity type for which the assignment will be created.
AccountAssignmentOperationStatusMetadata
data AccountAssignmentOperationStatusMetadata Source #
Provides information about the AccountAssignment creation request.
See: newAccountAssignmentOperationStatusMetadata
smart constructor.
AccountAssignmentOperationStatusMetadata' | |
|
Instances
newAccountAssignmentOperationStatusMetadata :: AccountAssignmentOperationStatusMetadata Source #
Create a value of AccountAssignmentOperationStatusMetadata
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:createdDate:AccountAssignmentOperationStatusMetadata'
, accountAssignmentOperationStatusMetadata_createdDate
- The date that the permission set was created.
$sel:requestId:AccountAssignmentOperationStatusMetadata'
, accountAssignmentOperationStatusMetadata_requestId
- The identifier for tracking the request operation that is generated by
the universally unique identifier (UUID) workflow.
$sel:status:AccountAssignmentOperationStatusMetadata'
, accountAssignmentOperationStatusMetadata_status
- The status of the permission set provisioning process.
accountAssignmentOperationStatusMetadata_createdDate :: Lens' AccountAssignmentOperationStatusMetadata (Maybe UTCTime) Source #
The date that the permission set was created.
accountAssignmentOperationStatusMetadata_requestId :: Lens' AccountAssignmentOperationStatusMetadata (Maybe Text) Source #
The identifier for tracking the request operation that is generated by the universally unique identifier (UUID) workflow.
accountAssignmentOperationStatusMetadata_status :: Lens' AccountAssignmentOperationStatusMetadata (Maybe StatusValues) Source #
The status of the permission set provisioning process.
AttachedManagedPolicy
data AttachedManagedPolicy Source #
A structure that stores the details of the AWS managed policy.
See: newAttachedManagedPolicy
smart constructor.
Instances
newAttachedManagedPolicy :: AttachedManagedPolicy Source #
Create a value of AttachedManagedPolicy
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:arn:AttachedManagedPolicy'
, attachedManagedPolicy_arn
- The ARN of the AWS managed policy. For more information about ARNs, see
Amazon Resource Names (ARNs) and AWS Service Namespaces
in the AWS General Reference.
$sel:name:AttachedManagedPolicy'
, attachedManagedPolicy_name
- The name of the AWS managed policy.
attachedManagedPolicy_arn :: Lens' AttachedManagedPolicy (Maybe Text) Source #
The ARN of the AWS managed policy. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.
attachedManagedPolicy_name :: Lens' AttachedManagedPolicy (Maybe Text) Source #
The name of the AWS managed policy.
CustomerManagedPolicyReference
data CustomerManagedPolicyReference Source #
Specifies the name and path of a customer managed policy. You must have an IAM policy that matches the name and path in each AWS account where you want to deploy your permission set.
See: newCustomerManagedPolicyReference
smart constructor.
CustomerManagedPolicyReference' | |
|
Instances
newCustomerManagedPolicyReference Source #
Create a value of CustomerManagedPolicyReference
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:path:CustomerManagedPolicyReference'
, customerManagedPolicyReference_path
- The path to the IAM policy that you have configured in each account
where you want to deploy your permission set. The default is /
. For
more information, see
Friendly names and paths
in the IAM User Guide.
$sel:name:CustomerManagedPolicyReference'
, customerManagedPolicyReference_name
- The name of the IAM policy that you have configured in each account
where you want to deploy your permission set.
customerManagedPolicyReference_path :: Lens' CustomerManagedPolicyReference (Maybe Text) Source #
The path to the IAM policy that you have configured in each account
where you want to deploy your permission set. The default is /
. For
more information, see
Friendly names and paths
in the IAM User Guide.
customerManagedPolicyReference_name :: Lens' CustomerManagedPolicyReference Text Source #
The name of the IAM policy that you have configured in each account where you want to deploy your permission set.
InstanceAccessControlAttributeConfiguration
data InstanceAccessControlAttributeConfiguration Source #
Specifies the attributes to add to your attribute-based access control (ABAC) configuration.
See: newInstanceAccessControlAttributeConfiguration
smart constructor.
InstanceAccessControlAttributeConfiguration' | |
|
Instances
newInstanceAccessControlAttributeConfiguration :: InstanceAccessControlAttributeConfiguration Source #
Create a value of InstanceAccessControlAttributeConfiguration
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:accessControlAttributes:InstanceAccessControlAttributeConfiguration'
, instanceAccessControlAttributeConfiguration_accessControlAttributes
- Lists the attributes that are configured for ABAC in the specified IAM
Identity Center instance.
instanceAccessControlAttributeConfiguration_accessControlAttributes :: Lens' InstanceAccessControlAttributeConfiguration [AccessControlAttribute] Source #
Lists the attributes that are configured for ABAC in the specified IAM Identity Center instance.
InstanceMetadata
data InstanceMetadata Source #
Provides information about the IAM Identity Center instance.
See: newInstanceMetadata
smart constructor.
InstanceMetadata' | |
|
Instances
newInstanceMetadata :: InstanceMetadata Source #
Create a value of InstanceMetadata
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:identityStoreId:InstanceMetadata'
, instanceMetadata_identityStoreId
- The identifier of the identity store that is connected to the IAM
Identity Center instance.
$sel:instanceArn:InstanceMetadata'
, instanceMetadata_instanceArn
- The ARN of the IAM Identity Center instance under which the operation
will be executed. For more information about ARNs, see
Amazon Resource Names (ARNs) and AWS Service Namespaces
in the AWS General Reference.
instanceMetadata_identityStoreId :: Lens' InstanceMetadata (Maybe Text) Source #
The identifier of the identity store that is connected to the IAM Identity Center instance.
instanceMetadata_instanceArn :: Lens' InstanceMetadata (Maybe Text) Source #
The ARN of the IAM Identity Center instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.
OperationStatusFilter
data OperationStatusFilter Source #
Filters he operation status list based on the passed attribute value.
See: newOperationStatusFilter
smart constructor.
OperationStatusFilter' | |
|
Instances
newOperationStatusFilter :: OperationStatusFilter Source #
Create a value of OperationStatusFilter
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:status:OperationStatusFilter'
, operationStatusFilter_status
- Filters the list operations result based on the status attribute.
operationStatusFilter_status :: Lens' OperationStatusFilter (Maybe StatusValues) Source #
Filters the list operations result based on the status attribute.
PermissionSet
data PermissionSet Source #
An entity that contains IAM policies.
See: newPermissionSet
smart constructor.
PermissionSet' | |
|
Instances
newPermissionSet :: PermissionSet Source #
Create a value of PermissionSet
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:createdDate:PermissionSet'
, permissionSet_createdDate
- The date that the permission set was created.
$sel:description:PermissionSet'
, permissionSet_description
- The description of the PermissionSet.
$sel:name:PermissionSet'
, permissionSet_name
- The name of the permission set.
$sel:permissionSetArn:PermissionSet'
, permissionSet_permissionSetArn
- The ARN of the permission set. For more information about ARNs, see
Amazon Resource Names (ARNs) and AWS Service Namespaces
in the AWS General Reference.
$sel:relayState:PermissionSet'
, permissionSet_relayState
- Used to redirect users within the application during the federation
authentication process.
$sel:sessionDuration:PermissionSet'
, permissionSet_sessionDuration
- The length of time that the application user sessions are valid for in
the ISO-8601 standard.
permissionSet_createdDate :: Lens' PermissionSet (Maybe UTCTime) Source #
The date that the permission set was created.
permissionSet_description :: Lens' PermissionSet (Maybe Text) Source #
The description of the PermissionSet.
permissionSet_name :: Lens' PermissionSet (Maybe Text) Source #
The name of the permission set.
permissionSet_permissionSetArn :: Lens' PermissionSet (Maybe Text) Source #
The ARN of the permission set. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.
permissionSet_relayState :: Lens' PermissionSet (Maybe Text) Source #
Used to redirect users within the application during the federation authentication process.
permissionSet_sessionDuration :: Lens' PermissionSet (Maybe Text) Source #
The length of time that the application user sessions are valid for in the ISO-8601 standard.
PermissionSetProvisioningStatus
data PermissionSetProvisioningStatus Source #
A structure that is used to provide the status of the provisioning operation for a specified permission set.
See: newPermissionSetProvisioningStatus
smart constructor.
PermissionSetProvisioningStatus' | |
|
Instances
newPermissionSetProvisioningStatus :: PermissionSetProvisioningStatus Source #
Create a value of PermissionSetProvisioningStatus
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:accountId:PermissionSetProvisioningStatus'
, permissionSetProvisioningStatus_accountId
- The identifier of the AWS account from which to list the assignments.
$sel:createdDate:PermissionSetProvisioningStatus'
, permissionSetProvisioningStatus_createdDate
- The date that the permission set was created.
$sel:failureReason:PermissionSetProvisioningStatus'
, permissionSetProvisioningStatus_failureReason
- The message that contains an error or exception in case of an operation
failure.
$sel:permissionSetArn:PermissionSetProvisioningStatus'
, permissionSetProvisioningStatus_permissionSetArn
- The ARN of the permission set that is being provisioned. For more
information about ARNs, see
Amazon Resource Names (ARNs) and AWS Service Namespaces
in the AWS General Reference.
$sel:requestId:PermissionSetProvisioningStatus'
, permissionSetProvisioningStatus_requestId
- The identifier for tracking the request operation that is generated by
the universally unique identifier (UUID) workflow.
$sel:status:PermissionSetProvisioningStatus'
, permissionSetProvisioningStatus_status
- The status of the permission set provisioning process.
permissionSetProvisioningStatus_accountId :: Lens' PermissionSetProvisioningStatus (Maybe Text) Source #
The identifier of the AWS account from which to list the assignments.
permissionSetProvisioningStatus_createdDate :: Lens' PermissionSetProvisioningStatus (Maybe UTCTime) Source #
The date that the permission set was created.
permissionSetProvisioningStatus_failureReason :: Lens' PermissionSetProvisioningStatus (Maybe Text) Source #
The message that contains an error or exception in case of an operation failure.
permissionSetProvisioningStatus_permissionSetArn :: Lens' PermissionSetProvisioningStatus (Maybe Text) Source #
The ARN of the permission set that is being provisioned. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.
permissionSetProvisioningStatus_requestId :: Lens' PermissionSetProvisioningStatus (Maybe Text) Source #
The identifier for tracking the request operation that is generated by the universally unique identifier (UUID) workflow.
permissionSetProvisioningStatus_status :: Lens' PermissionSetProvisioningStatus (Maybe StatusValues) Source #
The status of the permission set provisioning process.
PermissionSetProvisioningStatusMetadata
data PermissionSetProvisioningStatusMetadata Source #
Provides information about the permission set provisioning status.
See: newPermissionSetProvisioningStatusMetadata
smart constructor.
PermissionSetProvisioningStatusMetadata' | |
|
Instances
newPermissionSetProvisioningStatusMetadata :: PermissionSetProvisioningStatusMetadata Source #
Create a value of PermissionSetProvisioningStatusMetadata
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:createdDate:PermissionSetProvisioningStatusMetadata'
, permissionSetProvisioningStatusMetadata_createdDate
- The date that the permission set was created.
$sel:requestId:PermissionSetProvisioningStatusMetadata'
, permissionSetProvisioningStatusMetadata_requestId
- The identifier for tracking the request operation that is generated by
the universally unique identifier (UUID) workflow.
$sel:status:PermissionSetProvisioningStatusMetadata'
, permissionSetProvisioningStatusMetadata_status
- The status of the permission set provisioning process.
permissionSetProvisioningStatusMetadata_createdDate :: Lens' PermissionSetProvisioningStatusMetadata (Maybe UTCTime) Source #
The date that the permission set was created.
permissionSetProvisioningStatusMetadata_requestId :: Lens' PermissionSetProvisioningStatusMetadata (Maybe Text) Source #
The identifier for tracking the request operation that is generated by the universally unique identifier (UUID) workflow.
permissionSetProvisioningStatusMetadata_status :: Lens' PermissionSetProvisioningStatusMetadata (Maybe StatusValues) Source #
The status of the permission set provisioning process.
PermissionsBoundary
data PermissionsBoundary Source #
Specifies the configuration of the AWS managed or customer managed
policy that you want to set as a permissions boundary. Specify either
CustomerManagedPolicyReference
to use the name and path of a customer
managed policy, or ManagedPolicyArn
to use the ARN of an AWS managed
policy. A permissions boundary represents the maximum permissions that
any policy can grant your role. For more information, see
Permissions boundaries for IAM entities
in the IAM User Guide.
Policies used as permissions boundaries don't provide permissions. You must also attach an IAM policy to the role. To learn how the effective permissions for a role are evaluated, see IAM JSON policy evaluation logic in the IAM User Guide.
See: newPermissionsBoundary
smart constructor.
PermissionsBoundary' | |
|
Instances
newPermissionsBoundary :: PermissionsBoundary Source #
Create a value of PermissionsBoundary
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:customerManagedPolicyReference:PermissionsBoundary'
, permissionsBoundary_customerManagedPolicyReference
- Specifies the name and path of a customer managed policy. You must have
an IAM policy that matches the name and path in each AWS account where
you want to deploy your permission set.
$sel:managedPolicyArn:PermissionsBoundary'
, permissionsBoundary_managedPolicyArn
- The AWS managed policy ARN that you want to attach to a permission set
as a permissions boundary.
permissionsBoundary_customerManagedPolicyReference :: Lens' PermissionsBoundary (Maybe CustomerManagedPolicyReference) Source #
Specifies the name and path of a customer managed policy. You must have an IAM policy that matches the name and path in each AWS account where you want to deploy your permission set.
permissionsBoundary_managedPolicyArn :: Lens' PermissionsBoundary (Maybe Text) Source #
The AWS managed policy ARN that you want to attach to a permission set as a permissions boundary.
Tag
A set of key-value pairs that are used to manage the resource. Tags can only be applied to permission sets and cannot be applied to corresponding roles that IAM Identity Center creates in AWS accounts.
See: newTag
smart constructor.
Instances
FromJSON Tag Source # | |
ToJSON Tag Source # | |
Defined in Amazonka.SSOAdmin.Types.Tag | |
Generic Tag Source # | |
Read Tag Source # | |
Show Tag Source # | |
NFData Tag Source # | |
Defined in Amazonka.SSOAdmin.Types.Tag | |
Eq Tag Source # | |
Hashable Tag Source # | |
Defined in Amazonka.SSOAdmin.Types.Tag | |
type Rep Tag Source # | |
Defined in Amazonka.SSOAdmin.Types.Tag type Rep Tag = D1 ('MetaData "Tag" "Amazonka.SSOAdmin.Types.Tag" "amazonka-sso-admin-2.0-HhKPJAnDdA18B4mnMjNqZF" 'False) (C1 ('MetaCons "Tag'" 'PrefixI 'True) (S1 ('MetaSel ('Just "key") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Text) :*: S1 ('MetaSel ('Just "value") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Text))) |
Create a value of Tag
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:key:Tag'
, tag_key
- The key for the tag.
$sel:value:Tag'
, tag_value
- The value of the tag.