SDK for PHP V3
AWS SSO Identity Store 2020-06-15
- Client: Aws\IdentityStore\IdentityStoreClient
- Service ID: identitystore
- Version: 2020-06-15
This page describes the parameters and results for the operations of the AWS SSO Identity Store (2020-06-15), and shows how to use the Aws\IdentityStore\IdentityStoreClient object to call the described operations. This documentation is specific to the 2020-06-15 API version of the service.
Operation Summary
Each of the following operations can be created from a client using
$client->getCommand('CommandName'), where "CommandName" is the
name of one of the following operations. Note: a command is a value that
encapsulates an operation and the parameters used to create an HTTP request.
You can also create and send a command immediately using the magic methods
available on a client object: $client->commandName(/* parameters */).
You can send the command asynchronously (returning a promise) by appending the
word "Async" to the operation name: $client->commandNameAsync(/* parameters */).
- CreateGroup ( array $params = [] )
- Creates a group within the specified identity store.
- CreateGroupMembership ( array $params = [] )
- Creates a relationship between a member and a group.
- CreateUser ( array $params = [] )
- Creates a user within the specified identity store.
- DeleteGroup ( array $params = [] )
- Delete a group within an identity store given GroupId.
- DeleteGroupMembership ( array $params = [] )
- Delete a membership within a group given MembershipId.
- DeleteUser ( array $params = [] )
- Deletes a user within an identity store given UserId.
- DescribeGroup ( array $params = [] )
- Retrieves the group metadata and attributes from GroupId in an identity store.
- DescribeGroupMembership ( array $params = [] )
- Retrieves membership metadata and attributes from MembershipId in an identity store.
- DescribeUser ( array $params = [] )
- Retrieves the user metadata and attributes from the UserId in an identity store.
- GetGroupId ( array $params = [] )
- Retrieves GroupId in an identity store.
- GetGroupMembershipId ( array $params = [] )
- Retrieves the MembershipId in an identity store.
- GetUserId ( array $params = [] )
- Retrieves the UserId in an identity store.
- IsMemberInGroups ( array $params = [] )
- Checks the user's membership in all requested groups and returns if the member exists in all queried groups.
- ListGroupMemberships ( array $params = [] )
- For the specified group in the specified identity store, returns the list of all GroupMembership objects and returns results in paginated form.
- ListGroupMembershipsForMember ( array $params = [] )
- For the specified member in the specified identity store, returns the list of all GroupMembership objects and returns results in paginated form.
- ListGroups ( array $params = [] )
- Lists all groups in the identity store.
- ListUsers ( array $params = [] )
- Lists all users in the identity store.
- UpdateGroup ( array $params = [] )
- Updates the specified group metadata and attributes in the specified identity store.
- UpdateUser ( array $params = [] )
- Updates the specified user metadata and attributes in the specified identity store.
Paginators
Paginators handle automatically iterating over paginated API results. Paginators are associated with specific API operations, and they accept the parameters that the corresponding API operation accepts. You can get a paginator from a client class using getPaginator($paginatorName, $operationParameters). This client supports the following paginators:
Operations
CreateGroup
$result = $client->createGroup([/* ... */]); $promise = $client->createGroupAsync([/* ... */]);
Creates a group within the specified identity store.
Parameter Syntax
$result = $client->createGroup([
'Description' => '<string>',
'DisplayName' => '<string>',
'IdentityStoreId' => '<string>', // REQUIRED
]);
Parameter Details
Members
- Description
-
- Type: string
A string containing the description of the group.
- DisplayName
-
- Type: string
A string containing the name of the group. This value is commonly displayed when the group is referenced.
AdministratorandAWSAdministratorsare reserved names and can't be used for users or groups. - IdentityStoreId
-
- Required: Yes
- Type: string
The globally unique identifier for the identity store.
Result Syntax
[
'GroupId' => '<string>',
'IdentityStoreId' => '<string>',
]
Result Details
Members
- GroupId
-
- Required: Yes
- Type: string
The identifier of the newly created group in the identity store.
- IdentityStoreId
-
- Required: Yes
- Type: string
The globally unique identifier for the identity store.
Errors
- ResourceNotFoundException:
Indicates that a requested resource is not found.
- ThrottlingException:
Indicates that the principal has crossed the throttling limits of the API operations.
- AccessDeniedException:
You do not have sufficient access to perform this action.
- ConflictException:
This request cannot be completed for one of the following reasons:
-
Performing the requested operation would violate an existing uniqueness claim in the identity store. Resolve the conflict before retrying this request.
-
The requested resource was being concurrently modified by another request.
-
- InternalServerException:
The request processing has failed because of an unknown error, exception or failure with an internal server.
- ValidationException:
The request failed because it contains a syntax error.
- ServiceQuotaExceededException:
The request would cause the number of users or groups in the identity store to exceed the maximum allowed.
CreateGroupMembership
$result = $client->createGroupMembership([/* ... */]); $promise = $client->createGroupMembershipAsync([/* ... */]);
Creates a relationship between a member and a group. The following identifiers must be specified: GroupId, IdentityStoreId, and MemberId.
Parameter Syntax
$result = $client->createGroupMembership([
'GroupId' => '<string>', // REQUIRED
'IdentityStoreId' => '<string>', // REQUIRED
'MemberId' => [ // REQUIRED
'UserId' => '<string>',
],
]);
Parameter Details
Members
- GroupId
-
- Required: Yes
- Type: string
The identifier for a group in the identity store.
- IdentityStoreId
-
- Required: Yes
- Type: string
The globally unique identifier for the identity store.
- MemberId
-
- Required: Yes
- Type: MemberId structure
An object that contains the identifier of a group member. Setting the
UserIDfield to the specific identifier for a user indicates that the user is a member of the group.
Result Syntax
[
'IdentityStoreId' => '<string>',
'MembershipId' => '<string>',
]
Result Details
Members
- IdentityStoreId
-
- Required: Yes
- Type: string
The globally unique identifier for the identity store.
- MembershipId
-
- Required: Yes
- Type: string
The identifier for a newly created
GroupMembershipin an identity store.
Errors
- ResourceNotFoundException:
Indicates that a requested resource is not found.
- ThrottlingException:
Indicates that the principal has crossed the throttling limits of the API operations.
- AccessDeniedException:
You do not have sufficient access to perform this action.
- ConflictException:
This request cannot be completed for one of the following reasons:
-
Performing the requested operation would violate an existing uniqueness claim in the identity store. Resolve the conflict before retrying this request.
-
The requested resource was being concurrently modified by another request.
-
- InternalServerException:
The request processing has failed because of an unknown error, exception or failure with an internal server.
- ValidationException:
The request failed because it contains a syntax error.
- ServiceQuotaExceededException:
The request would cause the number of users or groups in the identity store to exceed the maximum allowed.
CreateUser
$result = $client->createUser([/* ... */]); $promise = $client->createUserAsync([/* ... */]);
Creates a user within the specified identity store.
Parameter Syntax
$result = $client->createUser([
'Addresses' => [
[
'Country' => '<string>',
'Formatted' => '<string>',
'Locality' => '<string>',
'PostalCode' => '<string>',
'Primary' => true || false,
'Region' => '<string>',
'StreetAddress' => '<string>',
'Type' => '<string>',
],
// ...
],
'Birthdate' => '<string>',
'DisplayName' => '<string>',
'Emails' => [
[
'Primary' => true || false,
'Type' => '<string>',
'Value' => '<string>',
],
// ...
],
'IdentityStoreId' => '<string>', // REQUIRED
'Locale' => '<string>',
'Name' => [
'FamilyName' => '<string>',
'Formatted' => '<string>',
'GivenName' => '<string>',
'HonorificPrefix' => '<string>',
'HonorificSuffix' => '<string>',
'MiddleName' => '<string>',
],
'NickName' => '<string>',
'PhoneNumbers' => [
[
'Primary' => true || false,
'Type' => '<string>',
'Value' => '<string>',
],
// ...
],
'Photos' => [
[
'Display' => '<string>',
'Primary' => true || false,
'Type' => '<string>',
'Value' => '<string>', // REQUIRED
],
// ...
],
'PreferredLanguage' => '<string>',
'ProfileUrl' => '<string>',
'Timezone' => '<string>',
'Title' => '<string>',
'UserName' => '<string>',
'UserType' => '<string>',
'Website' => '<string>',
]);
Parameter Details
Members
- Addresses
-
- Type: Array of Address structures
A list of
Addressobjects containing addresses associated with the user. - Birthdate
-
- Type: string
The user's birthdate in YYYY-MM-DD format. This field supports standard date format for storing personal information.
- DisplayName
-
- Type: string
A string containing the name of the user. This value is typically formatted for display when the user is referenced. For example, "John Doe." When used in IAM Identity Center, this parameter is required.
- Emails
-
- Type: Array of Email structures
A list of
Emailobjects containing email addresses associated with the user. - IdentityStoreId
-
- Required: Yes
- Type: string
The globally unique identifier for the identity store.
- Locale
-
- Type: string
A string containing the geographical region or location of the user.
- Name
-
- Type: Name structure
An object containing the name of the user. When used in IAM Identity Center, this parameter is required.
- NickName
-
- Type: string
A string containing an alternate name for the user.
- PhoneNumbers
-
- Type: Array of PhoneNumber structures
A list of
PhoneNumberobjects containing phone numbers associated with the user. - Photos
-
- Type: Array of Photo structures
A list of photos associated with the user. You can add up to 3 photos per user. Each photo can include a value, type, display name, and primary designation.
- PreferredLanguage
-
- Type: string
A string containing the preferred language of the user. For example, "American English" or "en-us."
- ProfileUrl
-
- Type: string
A string containing a URL that might be associated with the user.
- Timezone
-
- Type: string
A string containing the time zone of the user.
- Title
-
- Type: string
A string containing the title of the user. Possible values are left unspecified. The value can vary based on your specific use case.
- UserName
-
- Type: string
A unique string used to identify the user. The length limit is 128 characters. This value can consist of letters, accented characters, symbols, numbers, and punctuation. This value is specified at the time the user is created and stored as an attribute of the user object in the identity store.
AdministratorandAWSAdministratorsare reserved names and can't be used for users or groups. - UserType
-
- Type: string
A string indicating the type of user. Possible values are left unspecified. The value can vary based on your specific use case.
- Website
-
- Type: string
The user's personal website or blog URL. This field allows users to provide a link to their personal or professional website.
Result Syntax
[
'IdentityStoreId' => '<string>',
'UserId' => '<string>',
]
Result Details
Members
- IdentityStoreId
-
- Required: Yes
- Type: string
The globally unique identifier for the identity store.
- UserId
-
- Required: Yes
- Type: string
The identifier of the newly created user in the identity store.
Errors
- ResourceNotFoundException:
Indicates that a requested resource is not found.
- ThrottlingException:
Indicates that the principal has crossed the throttling limits of the API operations.
- AccessDeniedException:
You do not have sufficient access to perform this action.
- ConflictException:
This request cannot be completed for one of the following reasons:
-
Performing the requested operation would violate an existing uniqueness claim in the identity store. Resolve the conflict before retrying this request.
-
The requested resource was being concurrently modified by another request.
-
- InternalServerException:
The request processing has failed because of an unknown error, exception or failure with an internal server.
- ValidationException:
The request failed because it contains a syntax error.
- ServiceQuotaExceededException:
The request would cause the number of users or groups in the identity store to exceed the maximum allowed.
DeleteGroup
$result = $client->deleteGroup([/* ... */]); $promise = $client->deleteGroupAsync([/* ... */]);
Delete a group within an identity store given GroupId.
Parameter Syntax
$result = $client->deleteGroup([
'GroupId' => '<string>', // REQUIRED
'IdentityStoreId' => '<string>', // REQUIRED
]);
Parameter Details
Members
- GroupId
-
- Required: Yes
- Type: string
The identifier for a group in the identity store.
- IdentityStoreId
-
- Required: Yes
- Type: string
The globally unique identifier for the identity store.
Result Syntax
[]
Result Details
Errors
- ResourceNotFoundException:
Indicates that a requested resource is not found.
- ThrottlingException:
Indicates that the principal has crossed the throttling limits of the API operations.
- AccessDeniedException:
You do not have sufficient access to perform this action.
- ConflictException:
This request cannot be completed for one of the following reasons:
-
Performing the requested operation would violate an existing uniqueness claim in the identity store. Resolve the conflict before retrying this request.
-
The requested resource was being concurrently modified by another request.
-
- InternalServerException:
The request processing has failed because of an unknown error, exception or failure with an internal server.
- ValidationException:
The request failed because it contains a syntax error.
DeleteGroupMembership
$result = $client->deleteGroupMembership([/* ... */]); $promise = $client->deleteGroupMembershipAsync([/* ... */]);
Delete a membership within a group given MembershipId.
Parameter Syntax
$result = $client->deleteGroupMembership([
'IdentityStoreId' => '<string>', // REQUIRED
'MembershipId' => '<string>', // REQUIRED
]);
Parameter Details
Members
- IdentityStoreId
-
- Required: Yes
- Type: string
The globally unique identifier for the identity store.
- MembershipId
-
- Required: Yes
- Type: string
The identifier for a
GroupMembershipin an identity store.
Result Syntax
[]
Result Details
Errors
- ResourceNotFoundException:
Indicates that a requested resource is not found.
- ThrottlingException:
Indicates that the principal has crossed the throttling limits of the API operations.
- AccessDeniedException:
You do not have sufficient access to perform this action.
- ConflictException:
This request cannot be completed for one of the following reasons:
-
Performing the requested operation would violate an existing uniqueness claim in the identity store. Resolve the conflict before retrying this request.
-
The requested resource was being concurrently modified by another request.
-
- InternalServerException:
The request processing has failed because of an unknown error, exception or failure with an internal server.
- ValidationException:
The request failed because it contains a syntax error.
DeleteUser
$result = $client->deleteUser([/* ... */]); $promise = $client->deleteUserAsync([/* ... */]);
Deletes a user within an identity store given UserId.
Parameter Syntax
$result = $client->deleteUser([
'IdentityStoreId' => '<string>', // REQUIRED
'UserId' => '<string>', // REQUIRED
]);
Parameter Details
Members
- IdentityStoreId
-
- Required: Yes
- Type: string
The globally unique identifier for the identity store.
- UserId
-
- Required: Yes
- Type: string
The identifier for a user in the identity store.
Result Syntax
[]
Result Details
Errors
- ResourceNotFoundException:
Indicates that a requested resource is not found.
- ThrottlingException:
Indicates that the principal has crossed the throttling limits of the API operations.
- AccessDeniedException:
You do not have sufficient access to perform this action.
- ConflictException:
This request cannot be completed for one of the following reasons:
-
Performing the requested operation would violate an existing uniqueness claim in the identity store. Resolve the conflict before retrying this request.
-
The requested resource was being concurrently modified by another request.
-
- InternalServerException:
The request processing has failed because of an unknown error, exception or failure with an internal server.
- ValidationException:
The request failed because it contains a syntax error.
DescribeGroup
$result = $client->describeGroup([/* ... */]); $promise = $client->describeGroupAsync([/* ... */]);
Retrieves the group metadata and attributes from GroupId in an identity store.
If you have access to a member account, you can use this API operation from the member account. For more information, see Limiting access to the identity store from member accounts in the IAM Identity Center User Guide.
Parameter Syntax
$result = $client->describeGroup([
'GroupId' => '<string>', // REQUIRED
'IdentityStoreId' => '<string>', // REQUIRED
]);
Parameter Details
Members
- GroupId
-
- Required: Yes
- Type: string
The identifier for a group in the identity store.
- IdentityStoreId
-
- Required: Yes
- Type: string
The globally unique identifier for the identity store, such as
d-1234567890. In this example,d-is a fixed prefix, and1234567890is a randomly generated string that contains numbers and lower case letters. This value is generated at the time that a new identity store is created.
Result Syntax
[
'CreatedAt' => <DateTime>,
'CreatedBy' => '<string>',
'Description' => '<string>',
'DisplayName' => '<string>',
'ExternalIds' => [
[
'Id' => '<string>',
'Issuer' => '<string>',
],
// ...
],
'GroupId' => '<string>',
'IdentityStoreId' => '<string>',
'UpdatedAt' => <DateTime>,
'UpdatedBy' => '<string>',
]
Result Details
Members
- CreatedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time the group was created.
- CreatedBy
-
- Type: string
The identifier of the user or system that created the group.
- Description
-
- Type: string
A string containing a description of the group.
- DisplayName
-
- Type: string
The group’s display name value. The length limit is 1,024 characters. This value can consist of letters, accented characters, symbols, numbers, punctuation, tab, new line, carriage return, space, and nonbreaking space in this attribute. This value is specified at the time that the group is created and stored as an attribute of the group object in the identity store.
- ExternalIds
-
- Type: Array of ExternalId structures
A list of
ExternalIdobjects that contains the identifiers issued to this resource by an external identity provider. - GroupId
-
- Required: Yes
- Type: string
The identifier for a group in the identity store.
- IdentityStoreId
-
- Required: Yes
- Type: string
The globally unique identifier for the identity store.
- UpdatedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time the group was last updated.
- UpdatedBy
-
- Type: string
The identifier of the user or system that last updated the group.
Errors
- ResourceNotFoundException:
Indicates that a requested resource is not found.
- ThrottlingException:
Indicates that the principal has crossed the throttling limits of the API operations.
- AccessDeniedException:
You do not have sufficient access to perform this action.
- InternalServerException:
The request processing has failed because of an unknown error, exception or failure with an internal server.
- ValidationException:
The request failed because it contains a syntax error.
DescribeGroupMembership
$result = $client->describeGroupMembership([/* ... */]); $promise = $client->describeGroupMembershipAsync([/* ... */]);
Retrieves membership metadata and attributes from MembershipId in an identity store.
If you have access to a member account, you can use this API operation from the member account. For more information, see Limiting access to the identity store from member accounts in the IAM Identity Center User Guide.
Parameter Syntax
$result = $client->describeGroupMembership([
'IdentityStoreId' => '<string>', // REQUIRED
'MembershipId' => '<string>', // REQUIRED
]);
Parameter Details
Members
- IdentityStoreId
-
- Required: Yes
- Type: string
The globally unique identifier for the identity store.
- MembershipId
-
- Required: Yes
- Type: string
The identifier for a
GroupMembershipin an identity store.
Result Syntax
[
'CreatedAt' => <DateTime>,
'CreatedBy' => '<string>',
'GroupId' => '<string>',
'IdentityStoreId' => '<string>',
'MemberId' => [
'UserId' => '<string>',
],
'MembershipId' => '<string>',
'UpdatedAt' => <DateTime>,
'UpdatedBy' => '<string>',
]
Result Details
Members
- CreatedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time the group membership was created.
- CreatedBy
-
- Type: string
The identifier of the user or system that created the group membership.
- GroupId
-
- Required: Yes
- Type: string
The identifier for a group in the identity store.
- IdentityStoreId
-
- Required: Yes
- Type: string
The globally unique identifier for the identity store.
- MemberId
-
- Required: Yes
- Type: MemberId structure
An object containing the identifier of a group member.
- MembershipId
-
- Required: Yes
- Type: string
The identifier for a
GroupMembershipin an identity store. - UpdatedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time the group membership was last updated.
- UpdatedBy
-
- Type: string
The identifier of the user or system that last updated the group membership.
Errors
- ResourceNotFoundException:
Indicates that a requested resource is not found.
- ThrottlingException:
Indicates that the principal has crossed the throttling limits of the API operations.
- AccessDeniedException:
You do not have sufficient access to perform this action.
- InternalServerException:
The request processing has failed because of an unknown error, exception or failure with an internal server.
- ValidationException:
The request failed because it contains a syntax error.
DescribeUser
$result = $client->describeUser([/* ... */]); $promise = $client->describeUserAsync([/* ... */]);
Retrieves the user metadata and attributes from the UserId in an identity store.
If you have access to a member account, you can use this API operation from the member account. For more information, see Limiting access to the identity store from member accounts in the IAM Identity Center User Guide.
Parameter Syntax
$result = $client->describeUser([
'IdentityStoreId' => '<string>', // REQUIRED
'UserId' => '<string>', // REQUIRED
]);
Parameter Details
Members
- IdentityStoreId
-
- Required: Yes
- Type: string
The globally unique identifier for the identity store, such as
d-1234567890. In this example,d-is a fixed prefix, and1234567890is a randomly generated string that contains numbers and lower case letters. This value is generated at the time that a new identity store is created. - UserId
-
- Required: Yes
- Type: string
The identifier for a user in the identity store.
Result Syntax
[
'Addresses' => [
[
'Country' => '<string>',
'Formatted' => '<string>',
'Locality' => '<string>',
'PostalCode' => '<string>',
'Primary' => true || false,
'Region' => '<string>',
'StreetAddress' => '<string>',
'Type' => '<string>',
],
// ...
],
'Birthdate' => '<string>',
'CreatedAt' => <DateTime>,
'CreatedBy' => '<string>',
'DisplayName' => '<string>',
'Emails' => [
[
'Primary' => true || false,
'Type' => '<string>',
'Value' => '<string>',
],
// ...
],
'ExternalIds' => [
[
'Id' => '<string>',
'Issuer' => '<string>',
],
// ...
],
'IdentityStoreId' => '<string>',
'Locale' => '<string>',
'Name' => [
'FamilyName' => '<string>',
'Formatted' => '<string>',
'GivenName' => '<string>',
'HonorificPrefix' => '<string>',
'HonorificSuffix' => '<string>',
'MiddleName' => '<string>',
],
'NickName' => '<string>',
'PhoneNumbers' => [
[
'Primary' => true || false,
'Type' => '<string>',
'Value' => '<string>',
],
// ...
],
'Photos' => [
[
'Display' => '<string>',
'Primary' => true || false,
'Type' => '<string>',
'Value' => '<string>',
],
// ...
],
'PreferredLanguage' => '<string>',
'ProfileUrl' => '<string>',
'Timezone' => '<string>',
'Title' => '<string>',
'UpdatedAt' => <DateTime>,
'UpdatedBy' => '<string>',
'UserId' => '<string>',
'UserName' => '<string>',
'UserStatus' => 'ENABLED|DISABLED',
'UserType' => '<string>',
'Website' => '<string>',
]
Result Details
Members
- Addresses
-
- Type: Array of Address structures
The physical address of the user.
- Birthdate
-
- Type: string
The user's birthdate in YYYY-MM-DD format. This field returns the stored birthdate information for the user.
- CreatedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time the user was created.
- CreatedBy
-
- Type: string
The identifier of the user or system that created the user.
- DisplayName
-
- Type: string
The display name of the user.
- Emails
-
- Type: Array of Email structures
The email address of the user.
- ExternalIds
-
- Type: Array of ExternalId structures
A list of
ExternalIdobjects that contains the identifiers issued to this resource by an external identity provider. - IdentityStoreId
-
- Required: Yes
- Type: string
The globally unique identifier for the identity store.
- Locale
-
- Type: string
A string containing the geographical region or location of the user.
- Name
-
- Type: Name structure
The name of the user.
- NickName
-
- Type: string
An alternative descriptive name for the user.
- PhoneNumbers
-
- Type: Array of PhoneNumber structures
A list of
PhoneNumberobjects associated with a user. - Photos
-
- Type: Array of Photo structures
A list of photos associated with the user. Returns up to 3 photos with their associated metadata including type, display name, and primary designation.
- PreferredLanguage
-
- Type: string
The preferred language of the user.
- ProfileUrl
-
- Type: string
A URL link for the user's profile.
- Timezone
-
- Type: string
The time zone for a user.
- Title
-
- Type: string
A string containing the title of the user.
- UpdatedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time the user was last updated.
- UpdatedBy
-
- Type: string
The identifier of the user or system that last updated the user.
- UserId
-
- Required: Yes
- Type: string
The identifier for a user in the identity store.
- UserName
-
- Type: string
A unique string used to identify the user. The length limit is 128 characters. This value can consist of letters, accented characters, symbols, numbers, and punctuation. This value is specified at the time the user is created and stored as an attribute of the user object in the identity store.
- UserStatus
-
- Type: string
The current status of the user account.
- UserType
-
- Type: string
A string indicating the type of user.
- Website
-
- Type: string
The user's personal website or blog URL. Returns the stored website information for the user.
Errors
- ResourceNotFoundException:
Indicates that a requested resource is not found.
- ThrottlingException:
Indicates that the principal has crossed the throttling limits of the API operations.
- AccessDeniedException:
You do not have sufficient access to perform this action.
- InternalServerException:
The request processing has failed because of an unknown error, exception or failure with an internal server.
- ValidationException:
The request failed because it contains a syntax error.
GetGroupId
$result = $client->getGroupId([/* ... */]); $promise = $client->getGroupIdAsync([/* ... */]);
Retrieves GroupId in an identity store.
If you have access to a member account, you can use this API operation from the member account. For more information, see Limiting access to the identity store from member accounts in the IAM Identity Center User Guide.
Parameter Syntax
$result = $client->getGroupId([
'AlternateIdentifier' => [ // REQUIRED
'ExternalId' => [
'Id' => '<string>', // REQUIRED
'Issuer' => '<string>', // REQUIRED
],
'UniqueAttribute' => [
'AttributePath' => '<string>', // REQUIRED
'AttributeValue' => [ // REQUIRED
],
],
],
'IdentityStoreId' => '<string>', // REQUIRED
]);
Parameter Details
Members
- AlternateIdentifier
-
- Required: Yes
- Type: AlternateIdentifier structure
A unique identifier for a user or group that is not the primary identifier. This value can be an identifier from an external identity provider (IdP) that is associated with the user, the group, or a unique attribute. For the unique attribute, the only valid path is
displayName. - IdentityStoreId
-
- Required: Yes
- Type: string
The globally unique identifier for the identity store.
Result Syntax
[
'GroupId' => '<string>',
'IdentityStoreId' => '<string>',
]
Result Details
Members
- GroupId
-
- Required: Yes
- Type: string
The identifier for a group in the identity store.
- IdentityStoreId
-
- Required: Yes
- Type: string
The globally unique identifier for the identity store.
Errors
- ResourceNotFoundException:
Indicates that a requested resource is not found.
- ThrottlingException:
Indicates that the principal has crossed the throttling limits of the API operations.
- AccessDeniedException:
You do not have sufficient access to perform this action.
- InternalServerException:
The request processing has failed because of an unknown error, exception or failure with an internal server.
- ValidationException:
The request failed because it contains a syntax error.
GetGroupMembershipId
$result = $client->getGroupMembershipId([/* ... */]); $promise = $client->getGroupMembershipIdAsync([/* ... */]);
Retrieves the MembershipId in an identity store.
If you have access to a member account, you can use this API operation from the member account. For more information, see Limiting access to the identity store from member accounts in the IAM Identity Center User Guide.
Parameter Syntax
$result = $client->getGroupMembershipId([
'GroupId' => '<string>', // REQUIRED
'IdentityStoreId' => '<string>', // REQUIRED
'MemberId' => [ // REQUIRED
'UserId' => '<string>',
],
]);
Parameter Details
Members
- GroupId
-
- Required: Yes
- Type: string
The identifier for a group in the identity store.
- IdentityStoreId
-
- Required: Yes
- Type: string
The globally unique identifier for the identity store.
- MemberId
-
- Required: Yes
- Type: MemberId structure
An object that contains the identifier of a group member. Setting the
UserIDfield to the specific identifier for a user indicates that the user is a member of the group.
Result Syntax
[
'IdentityStoreId' => '<string>',
'MembershipId' => '<string>',
]
Result Details
Members
- IdentityStoreId
-
- Required: Yes
- Type: string
The globally unique identifier for the identity store.
- MembershipId
-
- Required: Yes
- Type: string
The identifier for a
GroupMembershipin an identity store.
Errors
- ResourceNotFoundException:
Indicates that a requested resource is not found.
- ThrottlingException:
Indicates that the principal has crossed the throttling limits of the API operations.
- AccessDeniedException:
You do not have sufficient access to perform this action.
- InternalServerException:
The request processing has failed because of an unknown error, exception or failure with an internal server.
- ValidationException:
The request failed because it contains a syntax error.
GetUserId
$result = $client->getUserId([/* ... */]); $promise = $client->getUserIdAsync([/* ... */]);
Retrieves the UserId in an identity store.
If you have access to a member account, you can use this API operation from the member account. For more information, see Limiting access to the identity store from member accounts in the IAM Identity Center User Guide.
Parameter Syntax
$result = $client->getUserId([
'AlternateIdentifier' => [ // REQUIRED
'ExternalId' => [
'Id' => '<string>', // REQUIRED
'Issuer' => '<string>', // REQUIRED
],
'UniqueAttribute' => [
'AttributePath' => '<string>', // REQUIRED
'AttributeValue' => [ // REQUIRED
],
],
],
'IdentityStoreId' => '<string>', // REQUIRED
]);
Parameter Details
Members
- AlternateIdentifier
-
- Required: Yes
- Type: AlternateIdentifier structure
A unique identifier for a user or group that is not the primary identifier. This value can be an identifier from an external identity provider (IdP) that is associated with the user, the group, or a unique attribute. For the unique attribute, the only valid paths are
userNameandemails.value. - IdentityStoreId
-
- Required: Yes
- Type: string
The globally unique identifier for the identity store.
Result Syntax
[
'IdentityStoreId' => '<string>',
'UserId' => '<string>',
]
Result Details
Members
- IdentityStoreId
-
- Required: Yes
- Type: string
The globally unique identifier for the identity store.
- UserId
-
- Required: Yes
- Type: string
The identifier for a user in the identity store.
Errors
- ResourceNotFoundException:
Indicates that a requested resource is not found.
- ThrottlingException:
Indicates that the principal has crossed the throttling limits of the API operations.
- AccessDeniedException:
You do not have sufficient access to perform this action.
- InternalServerException:
The request processing has failed because of an unknown error, exception or failure with an internal server.
- ValidationException:
The request failed because it contains a syntax error.
IsMemberInGroups
$result = $client->isMemberInGroups([/* ... */]); $promise = $client->isMemberInGroupsAsync([/* ... */]);
Checks the user's membership in all requested groups and returns if the member exists in all queried groups.
If you have access to a member account, you can use this API operation from the member account. For more information, see Limiting access to the identity store from member accounts in the IAM Identity Center User Guide.
Parameter Syntax
$result = $client->isMemberInGroups([
'GroupIds' => ['<string>', ...], // REQUIRED
'IdentityStoreId' => '<string>', // REQUIRED
'MemberId' => [ // REQUIRED
'UserId' => '<string>',
],
]);
Parameter Details
Members
- GroupIds
-
- Required: Yes
- Type: Array of strings
A list of identifiers for groups in the identity store.
- IdentityStoreId
-
- Required: Yes
- Type: string
The globally unique identifier for the identity store.
- MemberId
-
- Required: Yes
- Type: MemberId structure
An object containing the identifier of a group member.
Result Syntax
[
'Results' => [
[
'GroupId' => '<string>',
'MemberId' => [
'UserId' => '<string>',
],
'MembershipExists' => true || false,
],
// ...
],
]
Result Details
Members
- Results
-
- Required: Yes
- Type: Array of GroupMembershipExistenceResult structures
A list containing the results of membership existence checks.
Errors
- ResourceNotFoundException:
Indicates that a requested resource is not found.
- ThrottlingException:
Indicates that the principal has crossed the throttling limits of the API operations.
- AccessDeniedException:
You do not have sufficient access to perform this action.
- InternalServerException:
The request processing has failed because of an unknown error, exception or failure with an internal server.
- ValidationException:
The request failed because it contains a syntax error.
ListGroupMemberships
$result = $client->listGroupMemberships([/* ... */]); $promise = $client->listGroupMembershipsAsync([/* ... */]);
For the specified group in the specified identity store, returns the list of all GroupMembership objects and returns results in paginated form.
If you have access to a member account, you can use this API operation from the member account. For more information, see Limiting access to the identity store from member accounts in the IAM Identity Center User Guide.
Parameter Syntax
$result = $client->listGroupMemberships([
'GroupId' => '<string>', // REQUIRED
'IdentityStoreId' => '<string>', // REQUIRED
'MaxResults' => <integer>,
'NextToken' => '<string>',
]);
Parameter Details
Members
- GroupId
-
- Required: Yes
- Type: string
The identifier for a group in the identity store.
- IdentityStoreId
-
- Required: Yes
- Type: string
The globally unique identifier for the identity store.
- MaxResults
-
- Type: int
The maximum number of results to be returned per request. This parameter is used in all
Listrequests to specify how many results to return in one page. - NextToken
-
- Type: string
The pagination token used for the
ListUsers,ListGroupsandListGroupMembershipsAPI operations. This value is generated by the identity store service. It is returned in the API response if the total results are more than the size of one page. This token is also returned when it is used in the API request to search for the next page.
Result Syntax
[
'GroupMemberships' => [
[
'CreatedAt' => <DateTime>,
'CreatedBy' => '<string>',
'GroupId' => '<string>',
'IdentityStoreId' => '<string>',
'MemberId' => [
'UserId' => '<string>',
],
'MembershipId' => '<string>',
'UpdatedAt' => <DateTime>,
'UpdatedBy' => '<string>',
],
// ...
],
'NextToken' => '<string>',
]
Result Details
Members
- GroupMemberships
-
- Required: Yes
- Type: Array of GroupMembership structures
A list of
GroupMembershipobjects in the group. - NextToken
-
- Type: string
The pagination token used for the
ListUsers,ListGroups, andListGroupMembershipsAPI operations. This value is generated by the identity store service. It is returned in the API response if the total results are more than the size of one page. This token is also returned when it is used in the API request to search for the next page.
Errors
- ResourceNotFoundException:
Indicates that a requested resource is not found.
- ThrottlingException:
Indicates that the principal has crossed the throttling limits of the API operations.
- AccessDeniedException:
You do not have sufficient access to perform this action.
- InternalServerException:
The request processing has failed because of an unknown error, exception or failure with an internal server.
- ValidationException:
The request failed because it contains a syntax error.
ListGroupMembershipsForMember
$result = $client->listGroupMembershipsForMember([/* ... */]); $promise = $client->listGroupMembershipsForMemberAsync([/* ... */]);
For the specified member in the specified identity store, returns the list of all GroupMembership objects and returns results in paginated form.
If you have access to a member account, you can use this API operation from the member account. For more information, see Limiting access to the identity store from member accounts in the IAM Identity Center User Guide.
Parameter Syntax
$result = $client->listGroupMembershipsForMember([
'IdentityStoreId' => '<string>', // REQUIRED
'MaxResults' => <integer>,
'MemberId' => [ // REQUIRED
'UserId' => '<string>',
],
'NextToken' => '<string>',
]);
Parameter Details
Members
- IdentityStoreId
-
- Required: Yes
- Type: string
The globally unique identifier for the identity store.
- MaxResults
-
- Type: int
The maximum number of results to be returned per request. This parameter is used in the
ListUsersandListGroupsrequests to specify how many results to return in one page. The length limit is 50 characters. - MemberId
-
- Required: Yes
- Type: MemberId structure
An object that contains the identifier of a group member. Setting the
UserIDfield to the specific identifier for a user indicates that the user is a member of the group. - NextToken
-
- Type: string
The pagination token used for the
ListUsers,ListGroups, andListGroupMembershipsAPI operations. This value is generated by the identity store service. It is returned in the API response if the total results are more than the size of one page. This token is also returned when it is used in the API request to search for the next page.
Result Syntax
[
'GroupMemberships' => [
[
'CreatedAt' => <DateTime>,
'CreatedBy' => '<string>',
'GroupId' => '<string>',
'IdentityStoreId' => '<string>',
'MemberId' => [
'UserId' => '<string>',
],
'MembershipId' => '<string>',
'UpdatedAt' => <DateTime>,
'UpdatedBy' => '<string>',
],
// ...
],
'NextToken' => '<string>',
]
Result Details
Members
- GroupMemberships
-
- Required: Yes
- Type: Array of GroupMembership structures
A list of
GroupMembershipobjects in the group for a specified member. - NextToken
-
- Type: string
The pagination token used for the
ListUsers,ListGroups, andListGroupMembershipsAPI operations. This value is generated by the identity store service. It is returned in the API response if the total results are more than the size of one page. This token is also returned when it is used in the API request to search for the next page.
Errors
- ResourceNotFoundException:
Indicates that a requested resource is not found.
- ThrottlingException:
Indicates that the principal has crossed the throttling limits of the API operations.
- AccessDeniedException:
You do not have sufficient access to perform this action.
- InternalServerException:
The request processing has failed because of an unknown error, exception or failure with an internal server.
- ValidationException:
The request failed because it contains a syntax error.
ListGroups
$result = $client->listGroups([/* ... */]); $promise = $client->listGroupsAsync([/* ... */]);
Lists all groups in the identity store. Returns a paginated list of complete Group objects. Filtering for a Group by the DisplayName attribute is deprecated. Instead, use the GetGroupId API action.
If you have access to a member account, you can use this API operation from the member account. For more information, see Limiting access to the identity store from member accounts in the IAM Identity Center User Guide.
Parameter Syntax
$result = $client->listGroups([
'Filters' => [
[
'AttributePath' => '<string>', // REQUIRED
'AttributeValue' => '<string>', // REQUIRED
],
// ...
],
'IdentityStoreId' => '<string>', // REQUIRED
'MaxResults' => <integer>,
'NextToken' => '<string>',
]);
Parameter Details
Members
- Filters
-
- Type: Array of Filter structures
A list of
Filterobjects, which is used in theListUsersandListGroupsrequests. - IdentityStoreId
-
- Required: Yes
- Type: string
The globally unique identifier for the identity store, such as
d-1234567890. In this example,d-is a fixed prefix, and1234567890is a randomly generated string that contains numbers and lower case letters. This value is generated at the time that a new identity store is created. - MaxResults
-
- Type: int
The maximum number of results to be returned per request. This parameter is used in the
ListUsersandListGroupsrequests to specify how many results to return in one page. The length limit is 50 characters. - NextToken
-
- Type: string
The pagination token used for the
ListUsersandListGroupsAPI operations. This value is generated by the identity store service. It is returned in the API response if the total results are more than the size of one page. This token is also returned when it is used in the API request to search for the next page.
Result Syntax
[
'Groups' => [
[
'CreatedAt' => <DateTime>,
'CreatedBy' => '<string>',
'Description' => '<string>',
'DisplayName' => '<string>',
'ExternalIds' => [
[
'Id' => '<string>',
'Issuer' => '<string>',
],
// ...
],
'GroupId' => '<string>',
'IdentityStoreId' => '<string>',
'UpdatedAt' => <DateTime>,
'UpdatedBy' => '<string>',
],
// ...
],
'NextToken' => '<string>',
]
Result Details
Members
- Groups
-
- Required: Yes
- Type: Array of Group structures
A list of
Groupobjects in the identity store. - NextToken
-
- Type: string
The pagination token used for the
ListUsersandListGroupsAPI operations. This value is generated by the identity store service. It is returned in the API response if the total results are more than the size of one page. This token is also returned when it is used in the API request to search for the next page.
Errors
- ResourceNotFoundException:
Indicates that a requested resource is not found.
- ThrottlingException:
Indicates that the principal has crossed the throttling limits of the API operations.
- AccessDeniedException:
You do not have sufficient access to perform this action.
- InternalServerException:
The request processing has failed because of an unknown error, exception or failure with an internal server.
- ValidationException:
The request failed because it contains a syntax error.
ListUsers
$result = $client->listUsers([/* ... */]); $promise = $client->listUsersAsync([/* ... */]);
Lists all users in the identity store. Returns a paginated list of complete User objects. Filtering for a User by the UserName attribute is deprecated. Instead, use the GetUserId API action.
If you have access to a member account, you can use this API operation from the member account. For more information, see Limiting access to the identity store from member accounts in the IAM Identity Center User Guide.
Parameter Syntax
$result = $client->listUsers([
'Filters' => [
[
'AttributePath' => '<string>', // REQUIRED
'AttributeValue' => '<string>', // REQUIRED
],
// ...
],
'IdentityStoreId' => '<string>', // REQUIRED
'MaxResults' => <integer>,
'NextToken' => '<string>',
]);
Parameter Details
Members
- Filters
-
- Type: Array of Filter structures
A list of
Filterobjects, which is used in theListUsersandListGroupsrequests. - IdentityStoreId
-
- Required: Yes
- Type: string
The globally unique identifier for the identity store, such as
d-1234567890. In this example,d-is a fixed prefix, and1234567890is a randomly generated string that contains numbers and lower case letters. This value is generated at the time that a new identity store is created. - MaxResults
-
- Type: int
The maximum number of results to be returned per request. This parameter is used in the
ListUsersandListGroupsrequests to specify how many results to return in one page. The length limit is 50 characters. - NextToken
-
- Type: string
The pagination token used for the
ListUsersandListGroupsAPI operations. This value is generated by the identity store service. It is returned in the API response if the total results are more than the size of one page. This token is also returned when it is used in the API request to search for the next page.
Result Syntax
[
'NextToken' => '<string>',
'Users' => [
[
'Addresses' => [
[
'Country' => '<string>',
'Formatted' => '<string>',
'Locality' => '<string>',
'PostalCode' => '<string>',
'Primary' => true || false,
'Region' => '<string>',
'StreetAddress' => '<string>',
'Type' => '<string>',
],
// ...
],
'Birthdate' => '<string>',
'CreatedAt' => <DateTime>,
'CreatedBy' => '<string>',
'DisplayName' => '<string>',
'Emails' => [
[
'Primary' => true || false,
'Type' => '<string>',
'Value' => '<string>',
],
// ...
],
'ExternalIds' => [
[
'Id' => '<string>',
'Issuer' => '<string>',
],
// ...
],
'IdentityStoreId' => '<string>',
'Locale' => '<string>',
'Name' => [
'FamilyName' => '<string>',
'Formatted' => '<string>',
'GivenName' => '<string>',
'HonorificPrefix' => '<string>',
'HonorificSuffix' => '<string>',
'MiddleName' => '<string>',
],
'NickName' => '<string>',
'PhoneNumbers' => [
[
'Primary' => true || false,
'Type' => '<string>',
'Value' => '<string>',
],
// ...
],
'Photos' => [
[
'Display' => '<string>',
'Primary' => true || false,
'Type' => '<string>',
'Value' => '<string>',
],
// ...
],
'PreferredLanguage' => '<string>',
'ProfileUrl' => '<string>',
'Timezone' => '<string>',
'Title' => '<string>',
'UpdatedAt' => <DateTime>,
'UpdatedBy' => '<string>',
'UserId' => '<string>',
'UserName' => '<string>',
'UserStatus' => 'ENABLED|DISABLED',
'UserType' => '<string>',
'Website' => '<string>',
],
// ...
],
]
Result Details
Members
- NextToken
-
- Type: string
The pagination token used for the
ListUsersandListGroupsAPI operations. This value is generated by the identity store service. It is returned in the API response if the total results are more than the size of one page. This token is also returned when it is used in the API request to search for the next page. - Users
-
- Required: Yes
- Type: Array of User structures
A list of
Userobjects in the identity store.
Errors
- ResourceNotFoundException:
Indicates that a requested resource is not found.
- ThrottlingException:
Indicates that the principal has crossed the throttling limits of the API operations.
- AccessDeniedException:
You do not have sufficient access to perform this action.
- InternalServerException:
The request processing has failed because of an unknown error, exception or failure with an internal server.
- ValidationException:
The request failed because it contains a syntax error.
UpdateGroup
$result = $client->updateGroup([/* ... */]); $promise = $client->updateGroupAsync([/* ... */]);
Updates the specified group metadata and attributes in the specified identity store.
Parameter Syntax
$result = $client->updateGroup([
'GroupId' => '<string>', // REQUIRED
'IdentityStoreId' => '<string>', // REQUIRED
'Operations' => [ // REQUIRED
[
'AttributePath' => '<string>', // REQUIRED
'AttributeValue' => [
],
],
// ...
],
]);
Parameter Details
Members
- GroupId
-
- Required: Yes
- Type: string
The identifier for a group in the identity store.
- IdentityStoreId
-
- Required: Yes
- Type: string
The globally unique identifier for the identity store.
- Operations
-
- Required: Yes
- Type: Array of AttributeOperation structures
A list of
AttributeOperationobjects to apply to the requested group. These operations might add, replace, or remove an attribute. For more information on the attributes that can be added, replaced, or removed, see Group.
Result Syntax
[]
Result Details
Errors
- ResourceNotFoundException:
Indicates that a requested resource is not found.
- ThrottlingException:
Indicates that the principal has crossed the throttling limits of the API operations.
- AccessDeniedException:
You do not have sufficient access to perform this action.
- ConflictException:
This request cannot be completed for one of the following reasons:
-
Performing the requested operation would violate an existing uniqueness claim in the identity store. Resolve the conflict before retrying this request.
-
The requested resource was being concurrently modified by another request.
-
- InternalServerException:
The request processing has failed because of an unknown error, exception or failure with an internal server.
- ValidationException:
The request failed because it contains a syntax error.
- ServiceQuotaExceededException:
The request would cause the number of users or groups in the identity store to exceed the maximum allowed.
UpdateUser
$result = $client->updateUser([/* ... */]); $promise = $client->updateUserAsync([/* ... */]);
Updates the specified user metadata and attributes in the specified identity store.
Parameter Syntax
$result = $client->updateUser([
'IdentityStoreId' => '<string>', // REQUIRED
'Operations' => [ // REQUIRED
[
'AttributePath' => '<string>', // REQUIRED
'AttributeValue' => [
],
],
// ...
],
'UserId' => '<string>', // REQUIRED
]);
Parameter Details
Members
- IdentityStoreId
-
- Required: Yes
- Type: string
The globally unique identifier for the identity store.
- Operations
-
- Required: Yes
- Type: Array of AttributeOperation structures
A list of
AttributeOperationobjects to apply to the requested user. These operations might add, replace, or remove an attribute. For more information on the attributes that can be added, replaced, or removed, see User. - UserId
-
- Required: Yes
- Type: string
The identifier for a user in the identity store.
Result Syntax
[]
Result Details
Errors
- ResourceNotFoundException:
Indicates that a requested resource is not found.
- ThrottlingException:
Indicates that the principal has crossed the throttling limits of the API operations.
- AccessDeniedException:
You do not have sufficient access to perform this action.
- ConflictException:
This request cannot be completed for one of the following reasons:
-
Performing the requested operation would violate an existing uniqueness claim in the identity store. Resolve the conflict before retrying this request.
-
The requested resource was being concurrently modified by another request.
-
- InternalServerException:
The request processing has failed because of an unknown error, exception or failure with an internal server.
- ValidationException:
The request failed because it contains a syntax error.
- ServiceQuotaExceededException:
The request would cause the number of users or groups in the identity store to exceed the maximum allowed.
Shapes
AccessDeniedException
Description
You do not have sufficient access to perform this action.
Members
- Message
-
- Type: string
- Reason
-
- Type: string
Indicates the reason for an access denial when returned by KMS while accessing a Customer Managed KMS key. For non-KMS access-denied errors, this field is not included.
- RequestId
-
- Type: string
The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.
Address
Description
The address associated with the specified user.
Members
- Country
-
- Type: string
The country of the address.
- Formatted
-
- Type: string
A string containing a formatted version of the address for display.
- Locality
-
- Type: string
A string of the address locality.
- PostalCode
-
- Type: string
The postal code of the address.
- Primary
-
- Type: boolean
A Boolean value representing whether this is the primary address for the associated resource.
- Region
-
- Type: string
The region of the address.
- StreetAddress
-
- Type: string
The street of the address.
- Type
-
- Type: string
A string representing the type of address. For example, "Home."
AlternateIdentifier
Description
A unique identifier for a user or group that is not the primary identifier. This value can be an identifier from an external identity provider (IdP) that is associated with the user, the group, or a unique attribute.
Members
- ExternalId
-
- Type: ExternalId structure
The identifier issued to this resource by an external identity provider.
- UniqueAttribute
-
- Type: UniqueAttribute structure
An entity attribute that's unique to a specific entity.
AttributeOperation
Description
An operation that applies to the requested group. This operation might add, replace, or remove an attribute.
Members
- AttributePath
-
- Required: Yes
- Type: string
A string representation of the path to a given attribute or sub-attribute. Supports JMESPath.
- AttributeValue
-
- Type: document (null|bool|string|numeric) or an (array|associative array) whose members are all valid documents
The value of the attribute. This is a
Documenttype. This type is not supported by Java V1, Go V1, and older versions of the CLI.
AttributeValue
Description
The value of the attribute. This is a Document type. This type is not supported by Java V1, Go V1, and older versions of the CLI.
Members
ConflictException
Description
This request cannot be completed for one of the following reasons:
-
Performing the requested operation would violate an existing uniqueness claim in the identity store. Resolve the conflict before retrying this request.
-
The requested resource was being concurrently modified by another request.
Members
- Message
-
- Type: string
- Reason
-
- Type: string
This request cannot be completed for one of the following reasons:
-
Performing the requested operation would violate an existing uniqueness claim in the identity store. Resolve the conflict before retrying this request.
-
The requested resource was being concurrently modified by another request.
- RequestId
-
- Type: string
The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.
Description
The email address associated with the user.
Members
- Primary
-
- Type: boolean
A Boolean value representing whether this is the primary email address for the associated resource.
- Type
-
- Type: string
A string representing the type of address. For example, "Work."
- Value
-
- Type: string
A string containing an email address. For example, "johndoe@amazon.com."
ExternalId
Description
The identifier issued to this resource by an external identity provider.
Members
- Id
-
- Required: Yes
- Type: string
The identifier issued to this resource by an external identity provider.
- Issuer
-
- Required: Yes
- Type: string
The issuer for an external identifier.
Filter
Description
A query filter used by ListUsers and ListGroups. This filter object provides the attribute name and attribute value to search users or groups.
Members
- AttributePath
-
- Required: Yes
- Type: string
The attribute path that is used to specify which attribute name to search. Length limit is 255 characters. For example,
UserNameis a valid attribute path for theListUsersAPI, andDisplayNameis a valid attribute path for theListGroupsAPI. - AttributeValue
-
- Required: Yes
- Type: string
Represents the data for an attribute. Each attribute value is described as a name-value pair.
Group
Description
A group object that contains the metadata and attributes for a specified group.
Members
- CreatedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time the group was created.
- CreatedBy
-
- Type: string
The identifier of the user or system that created the group.
- Description
-
- Type: string
A string containing a description of the specified group.
- DisplayName
-
- Type: string
The display name value for the group. The length limit is 1,024 characters. This value can consist of letters, accented characters, symbols, numbers, punctuation, tab, new line, carriage return, space, and nonbreaking space in this attribute. This value is specified at the time the group is created and stored as an attribute of the group object in the identity store.
Prefix search supports a maximum of 1,000 characters for the string.
- ExternalIds
-
- Type: Array of ExternalId structures
A list of
ExternalIdobjects that contains the identifiers issued to this resource by an external identity provider. - GroupId
-
- Required: Yes
- Type: string
The identifier for a group in the identity store.
- IdentityStoreId
-
- Required: Yes
- Type: string
The globally unique identifier for the identity store.
- UpdatedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time the group was last updated.
- UpdatedBy
-
- Type: string
The identifier of the user or system that last updated the group.
GroupMembership
Description
Contains the identifiers for a group, a group member, and a GroupMembership object in the identity store.
Members
- CreatedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time the group membership was created.
- CreatedBy
-
- Type: string
The identifier of the user or system that created the group membership.
- GroupId
-
- Type: string
The identifier for a group in the identity store.
- IdentityStoreId
-
- Required: Yes
- Type: string
The globally unique identifier for the identity store.
- MemberId
-
- Type: MemberId structure
An object that contains the identifier of a group member. Setting the
UserIDfield to the specific identifier for a user indicates that the user is a member of the group. - MembershipId
-
- Type: string
The identifier for a
GroupMembershipobject in an identity store. - UpdatedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time the group membership was last updated.
- UpdatedBy
-
- Type: string
The identifier of the user or system that last updated the group membership.
GroupMembershipExistenceResult
Description
Indicates whether a resource is a member of a group in the identity store.
Members
- GroupId
-
- Type: string
The identifier for a group in the identity store.
- MemberId
-
- Type: MemberId structure
An object that contains the identifier of a group member. Setting the
UserIDfield to the specific identifier for a user indicates that the user is a member of the group. - MembershipExists
-
- Type: boolean
Indicates whether a membership relation exists or not.
InternalServerException
Description
The request processing has failed because of an unknown error, exception or failure with an internal server.
Members
- Message
-
- Type: string
- RequestId
-
- Type: string
The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.
- RetryAfterSeconds
-
- Type: int
The number of seconds to wait before retrying the next request.
MemberId
Description
An object containing the identifier of a group member.
Members
- UserId
-
- Type: string
An object containing the identifiers of resources that can be members.
Name
Description
The full name of the user.
Members
- FamilyName
-
- Type: string
The family name of the user.
- Formatted
-
- Type: string
A string containing a formatted version of the name for display.
- GivenName
-
- Type: string
The given name of the user.
- HonorificPrefix
-
- Type: string
The honorific prefix of the user. For example, "Dr."
- HonorificSuffix
-
- Type: string
The honorific suffix of the user. For example, "M.D."
- MiddleName
-
- Type: string
The middle name of the user.
PhoneNumber
Description
The phone number associated with the user.
Members
- Primary
-
- Type: boolean
A Boolean value representing whether this is the primary phone number for the associated resource.
- Type
-
- Type: string
A string representing the type of a phone number. For example, "Mobile."
- Value
-
- Type: string
A string containing a phone number. For example, "8675309" or "+1 (800) 123-4567".
Photo
Description
Contains information about a user's photo. Users can have up to 3 photos, with one designated as primary. Supports common image formats, including jpg, jpeg, png, and gif.
Members
- Display
-
- Type: string
A human-readable description of the photo for display purposes. This optional field provides context about the photo.
- Primary
-
- Type: boolean
Specifies whether this is the user's primary photo. Default value is
false. Only one photo can be designated as primary per user. - Type
-
- Type: string
The type of photo. This field is optional and can be used to categorize different types of photos.
- Value
-
- Required: Yes
- Type: string
The photo data or URL. Supported formats include jpg, jpeg, png, and gif. This field is required for all photo entries.
ResourceNotFoundException
Description
Indicates that a requested resource is not found.
Members
- Message
-
- Type: string
- Reason
-
- Type: string
Indicates the reason for a resource not found error when the service is unable to access a Customer Managed KMS key. For non-KMS permission errors, this field is not included.
- RequestId
-
- Type: string
The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.
- ResourceId
-
- Type: string
The identifier for a resource in the identity store that can be used as
UserIdorGroupId. The format forResourceIdis eitherUUIDor1234567890-UUID, whereUUIDis a randomly generated value for each resource when it is created and1234567890represents theIdentityStoreIdstring value. In the case that the identity store is migrated from a legacy SSO identity store, theResourceIdfor that identity store will be in the format ofUUID. Otherwise, it will be in the1234567890-UUIDformat. - ResourceType
-
- Type: string
An enum object indicating the type of resource in the identity store service. Valid values include USER, GROUP, and IDENTITY_STORE.
ServiceQuotaExceededException
Description
The request would cause the number of users or groups in the identity store to exceed the maximum allowed.
Members
- Message
-
- Type: string
- RequestId
-
- Type: string
The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.
ThrottlingException
Description
Indicates that the principal has crossed the throttling limits of the API operations.
Members
- Message
-
- Type: string
- Reason
-
- Type: string
Indicates the reason for the throttling error when the service is unable to access a Customer Managed KMS key. For non-KMS permission errors, this field is not included.
- RequestId
-
- Type: string
The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.
- RetryAfterSeconds
-
- Type: int
The number of seconds to wait before retrying the next request.
UniqueAttribute
Description
An entity attribute that's unique to a specific entity.
Members
- AttributePath
-
- Required: Yes
- Type: string
A string representation of the path to a given attribute or sub-attribute. Supports JMESPath.
- AttributeValue
-
- Required: Yes
- Type: document (null|bool|string|numeric) or an (array|associative array) whose members are all valid documents
The value of the attribute. This is a
Documenttype. This type is not supported by Java V1, Go V1, and older versions of the CLI.
User
Description
A user object that contains the metadata and attributes for a specified user.
Members
- Addresses
-
- Type: Array of Address structures
A list of
Addressobjects containing addresses associated with the user. - Birthdate
-
- Type: string
The user's birthdate in YYYY-MM-DD format. This field stores personal birthdate information for the user.
- CreatedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time the user was created.
- CreatedBy
-
- Type: string
The identifier of the user or system that created the user.
- DisplayName
-
- Type: string
A string containing the name of the user that is formatted for display when the user is referenced. For example, "John Doe."
Prefix search supports a maximum of 1,000 characters for the string.
- Emails
-
- Type: Array of Email structures
A list of
Emailobjects containing email addresses associated with the user. - ExternalIds
-
- Type: Array of ExternalId structures
A list of
ExternalIdobjects that contains the identifiers issued to this resource by an external identity provider. - IdentityStoreId
-
- Required: Yes
- Type: string
The globally unique identifier for the identity store.
- Locale
-
- Type: string
A string containing the geographical region or location of the user.
- Name
-
- Type: Name structure
An object containing the name of the user.
- NickName
-
- Type: string
A string containing an alternate name for the user.
- PhoneNumbers
-
- Type: Array of PhoneNumber structures
A list of
PhoneNumberobjects containing phone numbers associated with the user. - Photos
-
- Type: Array of Photo structures
A list of photos associated with the user. Users can have up to 3 photos with metadata including type, display name, and primary designation.
- PreferredLanguage
-
- Type: string
A string containing the preferred language of the user. For example, "American English" or "en-us."
- ProfileUrl
-
- Type: string
A string containing a URL that might be associated with the user.
- Timezone
-
- Type: string
A string containing the time zone of the user.
- Title
-
- Type: string
A string containing the title of the user. Possible values are left unspecified. The value can vary based on your specific use case.
- UpdatedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time the user was last updated.
- UpdatedBy
-
- Type: string
The identifier of the user or system that last updated the user.
- UserId
-
- Required: Yes
- Type: string
The identifier for a user in the identity store.
- UserName
-
- Type: string
A unique string used to identify the user. The length limit is 128 characters. This value can consist of letters, accented characters, symbols, numbers, and punctuation. This value is specified at the time the user is created and stored as an attribute of the user object in the identity store.
- UserStatus
-
- Type: string
The current status of the user account.
- UserType
-
- Type: string
A string indicating the type of user. Possible values are left unspecified. The value can vary based on your specific use case.
- Website
-
- Type: string
The user's personal website or blog URL. This field stores website information for personal or professional use.
ValidationException
Description
The request failed because it contains a syntax error.
Members
- Message
-
- Type: string
- Reason
-
- Type: string
Indicates the reason for the validation error when the service is unable to access a Customer Managed KMS key. For non-KMS permission errors, this field is not included.
- RequestId
-
- Type: string
The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.