SSOAdmin / Client / list_account_assignments_for_principal



Retrieves a list of the IAM Identity Center associated Amazon Web Services accounts that the principal has access to.

See also: AWS API Documentation

Request Syntax

response = client.list_account_assignments_for_principal(
        'AccountId': 'string'
  • Filter (dict) –

    Specifies an Amazon Web Services account ID number. Results are filtered to only those that match this ID number.

    • AccountId (string) –

      The ID number of an Amazon Web Services account that filters the results in the response.

  • InstanceArn (string) –


    Specifies the ARN of the instance of IAM Identity Center that contains the principal.

  • MaxResults (integer) – Specifies the total number of results that you want included in each response. If additional items exist beyond the number you specify, the NextToken response element is returned with a value (not null). Include the specified value as the NextToken request parameter in the next call to the operation to get the next set of results. Note that the service might return fewer results than the maximum even when there are more results available. You should check NextToken after every operation to ensure that you receive all of the results.

  • NextToken (string) – Specifies that you want to receive the next page of results. Valid only if you received a NextToken response in the previous request. If you did, it indicates that more output is available. Set this parameter to the value provided by the previous call’s NextToken response to request the next page of results.

  • PrincipalId (string) –


    Specifies the principal for which you want to retrieve the list of account assignments.

  • PrincipalType (string) –


    Specifies the type of the principal.

Return type:



Response Syntax

    'AccountAssignments': [
            'AccountId': 'string',
            'PermissionSetArn': 'string',
            'PrincipalId': 'string',
            'PrincipalType': 'USER'|'GROUP'
    'NextToken': 'string'

Response Structure

  • (dict) –

    • AccountAssignments (list) –

      An array list of the account assignments for the principal.

      • (dict) –

        A structure that describes an assignment of an Amazon Web Services account to a principal and the permissions that principal has in the account.

        • AccountId (string) –

          The account ID number of the Amazon Web Services account.

        • PermissionSetArn (string) –

          The ARN of the IAM Identity Center permission set assigned to this principal for this Amazon Web Services account.

        • PrincipalId (string) –

          The ID of the principal.

        • PrincipalType (string) –

          The type of the principal.

    • NextToken (string) –

      If present, this value indicates that more output is available than is included in the current response. Use this value in the NextToken request parameter in a subsequent call to the operation to get the next part of the output. You should repeat this until the NextToken response element comes back as null. This indicates that this is the last page of results.


  • SSOAdmin.Client.exceptions.ThrottlingException

  • SSOAdmin.Client.exceptions.InternalServerException

  • SSOAdmin.Client.exceptions.ResourceNotFoundException

  • SSOAdmin.Client.exceptions.AccessDeniedException

  • SSOAdmin.Client.exceptions.ValidationException