describe_instance_access_control_attribute_configuration

SSOAdmin.Client.describe_instance_access_control_attribute_configuration(**kwargs)

Returns the list of IAM Identity Center identity store attributes that have been configured to work with attributes-based access control (ABAC) for the specified IAM Identity Center instance. This will not return attributes configured and sent by an external identity provider. For more information about ABAC, see Attribute-Based Access Control in the IAM Identity Center User Guide .

See also: AWS API Documentation

Request Syntax

response = client.describe_instance_access_control_attribute_configuration(
    InstanceArn='string'
)
Parameters
InstanceArn (string) --

[REQUIRED]

The ARN of the IAM Identity Center instance under which the operation will be executed.

Return type
dict
Returns
Response Syntax
{
    'Status': 'ENABLED'|'CREATION_IN_PROGRESS'|'CREATION_FAILED',
    'StatusReason': 'string',
    'InstanceAccessControlAttributeConfiguration': {
        'AccessControlAttributes': [
            {
                'Key': 'string',
                'Value': {
                    'Source': [
                        'string',
                    ]
                }
            },
        ]
    }
}

Response Structure

  • (dict) --
    • Status (string) --

      The status of the attribute configuration process.

    • StatusReason (string) --

      Provides more details about the current status of the specified attribute.

    • InstanceAccessControlAttributeConfiguration (dict) --

      Gets the list of IAM Identity Center identity store attributes that have been added to your ABAC configuration.

      • AccessControlAttributes (list) --

        Lists the attributes that are configured for ABAC in the specified IAM Identity Center instance.

        • (dict) --

          These are IAM Identity Center identity store attributes that you can configure for use in attributes-based access control (ABAC). You can create permissions policies that determine who can access your AWS resources based upon the configured attribute values. When you enable ABAC and specify AccessControlAttributes , IAM Identity Center passes the attribute values of the authenticated user into IAM for use in policy evaluation.

          • Key (string) --

            The name of the attribute associated with your identities in your identity source. This is used to map a specified attribute in your identity source with an attribute in IAM Identity Center.

          • Value (dict) --

            The value used for mapping a specified attribute to an identity source.

            • Source (list) --

              The identity source to use when mapping a specified attribute to IAM Identity Center.

              • (string) --

Exceptions

  • SSOAdmin.Client.exceptions.ResourceNotFoundException
  • SSOAdmin.Client.exceptions.InternalServerException
  • SSOAdmin.Client.exceptions.AccessDeniedException
  • SSOAdmin.Client.exceptions.ThrottlingException
  • SSOAdmin.Client.exceptions.ValidationException