IsMemberInGroups - Identity Store
Request SyntaxRequest ParametersResponse SyntaxResponse ElementsErrorsExamplesSee Also

IsMemberInGroups

Checks the user's membership in all requested groups and returns if the member exists in all queried groups.

Note

If you have access to a member account, you can use this API operation from the member account. For more information, see Limiting access to the identity store from member accounts in the AWS IAM Identity Center User Guide.

Request Syntax

{
   "GroupIds": [ "string" ],
   "IdentityStoreId": "string",
   "MemberId": { ... }
}

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters.

The request accepts the following data in JSON format.

GroupIds

A list of identifiers for groups in the identity store.

Type: Array of strings

Array Members: Minimum number of 1 item. Maximum number of 100 items.

Length Constraints: Minimum length of 1. Maximum length of 47.

Pattern: ([0-9a-f]{10}-|)[A-Fa-f0-9]{8}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{12}

Required: Yes

IdentityStoreId

The globally unique identifier for the identity store.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 36.

Pattern: d-[0-9a-f]{10}$|^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}

Required: Yes

MemberId

An object containing the identifier of a group member.

Type: MemberId object

Note: This object is a Union. Only one member of this object can be specified or returned.

Required: Yes

Response Syntax

{
   "Results": [ 
      { 
         "GroupId": "string",
         "MemberId": { ... },
         "MembershipExists": boolean
      }
   ]
}

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

Results

A list containing the results of membership existence checks.

Type: Array of GroupMembershipExistenceResult objects

Errors

For information about the errors that are common to all actions, see Common Errors.

AccessDeniedException

You do not have sufficient access to perform this action.

Reason

Indicates the reason for an access denial when returned by KMS while accessing a Customer Managed KMS key. For non-KMS access-denied errors, this field is not included.

RequestId

The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.

HTTP Status Code: 400

InternalServerException

The request processing has failed because of an unknown error, exception or failure with an internal server.

RequestId

The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.

RetryAfterSeconds

The number of seconds to wait before retrying the next request.

HTTP Status Code: 500

ResourceNotFoundException

Indicates that a requested resource is not found.

Reason

Indicates the reason for a resource not found error when the service is unable to access a Customer Managed KMS key. For non-KMS permission errors, this field is not included.

RequestId

The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.

ResourceId

The identifier for a resource in the identity store that can be used as UserId or GroupId. The format for ResourceId is either UUID or 1234567890-UUID, where UUID is a randomly generated value for each resource when it is created and 1234567890 represents the IdentityStoreId string value. In the case that the identity store is migrated from a legacy SSO identity store, the ResourceId for that identity store will be in the format of UUID. Otherwise, it will be in the 1234567890-UUID format.

ResourceType

An enum object indicating the type of resource in the identity store service. Valid values include USER, GROUP, and IDENTITY_STORE.

HTTP Status Code: 400

ThrottlingException

Indicates that the principal has crossed the throttling limits of the API operations.

Reason

Indicates the reason for the throttling error when the service is unable to access a Customer Managed KMS key. For non-KMS permission errors, this field is not included.

RequestId

The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.

RetryAfterSeconds

The number of seconds to wait before retrying the next request.

HTTP Status Code: 400

ValidationException

The request failed because it contains a syntax error.

Reason

Indicates the reason for the validation error when the service is unable to access a Customer Managed KMS key. For non-KMS permission errors, this field is not included.

RequestId

The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.

HTTP Status Code: 400

Examples

Example

This example indicates that the specified user is a member of the specified group.

Sample Request

{
    "IdentityStoreId": "d-1234567890",
    "MemberId": {
        "UserId": "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111"
    },
    "GroupIds": [
        "a1b2c3d4-5678-90ab-cdef-EXAMPLE22222"
    ]
}

Sample Response

{
    "Results": [
        {
            "GroupId": "a1b2c3d4-5678-90ab-cdef-EXAMPLE22222",
            "MemberId": {
                "UserId": "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111"
            },
            "MembershipExists": true
        }
    ]
}

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: