IAM / Client / list_delegation_requests

list_delegation_requests

IAM.Client.list_delegation_requests(**kwargs)

Lists delegation requests based on the specified criteria.

If a delegation request has no owner, even if it is assigned to a specific account, it will not be part of the ListDelegationRequests output for that account.

For more details, see Managing Permissions for Delegation Requests.

See also: AWS API Documentation

Request Syntax

response = client.list_delegation_requests(
    OwnerId='string',
    Marker='string',
    MaxItems=123
)
Parameters:

  • OwnerId (string) – The owner ID to filter delegation requests by.

  • Marker (string) – Use this parameter only when paginating results and only after you receive a response indicating that the results are truncated. Set it to the value of the Marker element in the response that you received to indicate where the next call should start.

  • MaxItems (integer) –

    Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the IsTruncated response element is true.

    If you do not include this parameter, the number of items defaults to 100. Note that IAM may return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true, and Marker contains a value to include in the subsequent call that tells the service where to continue from.

Return type:

dict

Returns:

Response Syntax

{
    'DelegationRequests': [
        {
            'DelegationRequestId': 'string',
            'OwnerAccountId': 'string',
            'Description': 'string',
            'RequestMessage': 'string',
            'Permissions': {
                'PolicyTemplateArn': 'string',
                'Parameters': [
                    {
                        'Name': 'string',
                        'Values': [
                            'string',
                        ],
                        'Type': 'string'|'stringList'
                    },
                ]
            },
            'PermissionPolicy': 'string',
            'RolePermissionRestrictionArns': [
                'string',
            ],
            'OwnerId': 'string',
            'ApproverId': 'string',
            'State': 'UNASSIGNED'|'ASSIGNED'|'PENDING_APPROVAL'|'FINALIZED'|'ACCEPTED'|'REJECTED'|'EXPIRED',
            'RequestorId': 'string',
            'RequestorName': 'string',
            'CreateDate': datetime(2015, 1, 1),
            'SessionDuration': 123,
            'RedirectUrl': 'string',
            'Notes': 'string',
            'RejectionReason': 'string',
            'OnlySendByOwner': True|False,
            'UpdatedTime': datetime(2015, 1, 1)
        },
    ],
    'Marker': 'string',
    'isTruncated': True|False
}

Response Structure

  • (dict) –

    • DelegationRequests (list) –

      A list of delegation requests that match the specified criteria.

      • (dict) –

        Contains information about a delegation request, including its status, permissions, and associated metadata.

        • DelegationRequestId (string) –

          The unique identifier for the delegation request.

        • OwnerAccountId (string) –

          Amazon Web Services account ID of the owner of the delegation request.

        • Description (string) –

          Description of the delegation request. This is a message that is provided by the Amazon Web Services partner that filed the delegation request.

        • RequestMessage (string) –

          A custom message that is added to the delegation request by the partner.

          This element is different from the Description element such that this is a request specific message injected by the partner. The Description is typically a generic explanation of what the delegation request is targeted to do.

        • Permissions (dict) –

          Contains information about the permissions being delegated in a delegation request.

          • PolicyTemplateArn (string) –

            This ARN maps to a pre-registered policy content for this partner. See the `partner onboarding documentation to understand how to create a delegation template.

          • Parameters (list) –

            A list of policy parameters that define the scope and constraints of the delegated permissions.

            • (dict) –

              Contains information about a policy parameter used to customize delegated permissions.

              • Name (string) –

                The name of the policy parameter.

              • Values (list) –

                The allowed values for the policy parameter.

                • (string) –

              • Type (string) –

                The data type of the policy parameter value.

        • PermissionPolicy (string) –

          JSON content of the associated permission policy of this delegation request.

        • RolePermissionRestrictionArns (list) –

          If the PermissionPolicy includes role creation permissions, this element will include the list of permissions boundary policies associated with the role creation. See Permissions boundaries for IAM entities for more details about IAM permission boundaries.

          • (string) –

            The Amazon Resource Name (ARN). ARNs are unique identifiers for Amazon Web Services resources.

            For more information about ARNs, go to Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.

        • OwnerId (string) –

          ARN of the owner of this delegation request.

        • ApproverId (string) –

          The Amazon Resource Name (ARN). ARNs are unique identifiers for Amazon Web Services resources.

          For more information about ARNs, go to Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.

        • State (string) –

          The state of this delegation request.

          See the Understanding the Request Lifecycle for an explanation of how these states are transitioned.

        • RequestorId (string) –

          Identity of the requestor of this delegation request. This will be an Amazon Web Services account ID.

        • RequestorName (string) –

          A friendly name of the requestor.

        • CreateDate (datetime) –

          Creation date (timestamp) of this delegation request.

        • SessionDuration (integer) –

          The life-time of the requested session credential.

        • RedirectUrl (string) –

          A URL to be redirected to once the delegation request is approved. Partners provide this URL when creating the delegation request.

        • Notes (string) –

          Notes added to this delegation request, if this request was updated via the UpdateDelegationRequest API.

        • RejectionReason (string) –

          Reasons for rejecting this delegation request, if this request was rejected. See also RejectDelegationRequest API documentation.

        • OnlySendByOwner (boolean) –

          A flag indicating whether the SendDelegationToken must be called by the owner of this delegation request. This is set by the requesting partner.

        • UpdatedTime (datetime) –

          Last updated timestamp of the request.

    • Marker (string) –

      When isTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent pagination request.

    • isTruncated (boolean) –

      A flag that indicates whether there are more items to return. If your results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items.

Exceptions

  • IAM.Client.exceptions.NoSuchEntityException

  • IAM.Client.exceptions.ServiceFailureException

  • IAM.Client.exceptions.InvalidInputException