AWS CLI Command Reference

[ aws . iam ]

list-delegation-requests

Description

Lists delegation requests based on the specified criteria.

If a delegation request has no owner, even if it is assigned to a specific account, it will not be part of the ListDelegationRequests output for that account.

For more details, see Managing Permissions for Delegation Requests .

See also: AWS API Documentation

Synopsis

  list-delegation-requests
[--owner-id <value>]
[--marker <value>]
[--max-items <value>]
[--cli-input-json | --cli-input-yaml]
[--generate-cli-skeleton <value>]
[--debug]
[--endpoint-url <value>]
[--no-verify-ssl]
[--no-paginate]
[--output <value>]
[--query <value>]
[--profile <value>]
[--region <value>]
[--version <value>]
[--color <value>]
[--no-sign-request]
[--ca-bundle <value>]
[--cli-read-timeout <value>]
[--cli-connect-timeout <value>]
[--cli-binary-format <value>]
[--no-cli-pager]
[--cli-auto-prompt]
[--no-cli-auto-prompt]

Options

--owner-id (string)

The owner ID to filter delegation requests by.

Constraints:

  • min: 20
  • max: 2048
  • pattern: ^[a-zA-Z0-9:/+=,.@_-]+$

--marker (string)

Use this parameter only when paginating results and only after you receive a response indicating that the results are truncated. Set it to the value of the Marker element in the response that you received to indicate where the next call should start.

Constraints:

  • min: 1
  • max: 320
  • pattern: [\u0020-\u00FF]+

--max-items (integer)

Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the IsTruncated response element is true .

If you do not include this parameter, the number of items defaults to 100. Note that IAM may return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true , and Marker contains a value to include in the subsequent call that tells the service where to continue from.

Constraints:

  • min: 1
  • max: 1000

--cli-input-json | --cli-input-yaml (string) Reads arguments from the JSON string provided. The JSON string follows the format provided by --generate-cli-skeleton. If other arguments are provided on the command line, those values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally. This may not be specified along with --cli-input-yaml.

--generate-cli-skeleton (string) Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value input, prints a sample input JSON that can be used as an argument for --cli-input-json. Similarly, if provided yaml-input it will print a sample input YAML that can be used with --cli-input-yaml. If provided with the value output, it validates the command inputs and returns a sample output JSON for that command. The generated JSON skeleton is not stable between versions of the AWS CLI and there are no backwards compatibility guarantees in the JSON skeleton generated.

Global Options

--debug (boolean)

Turn on debug logging.

--endpoint-url (string)

Override command’s default URL with the given URL.

--no-verify-ssl (boolean)

By default, the AWS CLI uses SSL when communicating with AWS services. For each SSL connection, the AWS CLI will verify SSL certificates. This option overrides the default behavior of verifying SSL certificates.

--no-paginate (boolean)

Disable automatic pagination. If automatic pagination is disabled, the AWS CLI will only make one call, for the first page of results.

--output (string)

The formatting style for command output.

  • json
  • text
  • table
  • yaml
  • yaml-stream

--query (string)

A JMESPath query to use in filtering the response data.

--profile (string)

Use a specific profile from your credential file.

--region (string)

The region to use. Overrides config/env settings.

--version (string)

Display the version of this tool.

--color (string)

Turn on/off color output.

  • on
  • off
  • auto

--no-sign-request (boolean)

Do not sign requests. Credentials will not be loaded if this argument is provided.

--ca-bundle (string)

The CA certificate bundle to use when verifying SSL certificates. Overrides config/env settings.

--cli-read-timeout (int)

The maximum socket read time in seconds. If the value is set to 0, the socket read will be blocking and not timeout. The default value is 60 seconds.

--cli-connect-timeout (int)

The maximum socket connect time in seconds. If the value is set to 0, the socket connect will be blocking and not timeout. The default value is 60 seconds.

--cli-binary-format (string)

The formatting style to be used for binary blobs. The default format is base64. The base64 format expects binary blobs to be provided as a base64 encoded string. The raw-in-base64-out format preserves compatibility with AWS CLI V1 behavior and binary values must be passed literally. When providing contents from a file that map to a binary blob fileb:// will always be treated as binary and use the file contents directly regardless of the cli-binary-format setting. When using file:// the file contents will need to properly formatted for the configured cli-binary-format.

  • base64
  • raw-in-base64-out

--no-cli-pager (boolean)

Disable cli pager for output.

--cli-auto-prompt (boolean)

Automatically prompt for CLI input parameters.

--no-cli-auto-prompt (boolean)

Disable automatically prompt for CLI input parameters.

Output

DelegationRequests -> (list)

A list of delegation requests that match the specified criteria.

(structure)

Contains information about a delegation request, including its status, permissions, and associated metadata.

DelegationRequestId -> (string)

The unique identifier for the delegation request.

Constraints:

  • min: 16
  • max: 128
  • pattern: [\w-]+

OwnerAccountId -> (string)

Amazon Web Services account ID of the owner of the delegation request.

Constraints:

  • pattern: \d{12}

Description -> (string)

Description of the delegation request. This is a message that is provided by the Amazon Web Services partner that filed the delegation request.

Constraints:

  • max: 1000
  • pattern: [\u0009\u000A\u000D\u0020-\u007E\u00A1-\u00FF]*

RequestMessage -> (string)

A custom message that is added to the delegation request by the partner.

This element is different from the Description element such that this is a request specific message injected by the partner. The Description is typically a generic explanation of what the delegation request is targeted to do.

Constraints:

  • max: 200
  • pattern: [\u0009\u000A\u000D\u0020-\u007E\u00A1-\u00FF]*

Permissions -> (structure)

Contains information about the permissions being delegated in a delegation request.

PolicyTemplateArn -> (string)

This ARN maps to a pre-registered policy content for this partner. See the `partner onboarding documentation to understand how to create a delegation template.

Constraints:

  • min: 20
  • max: 2048

Parameters -> (list)

A list of policy parameters that define the scope and constraints of the delegated permissions.

Constraints:

  • max: 50

(structure)

Contains information about a policy parameter used to customize delegated permissions.

Name -> (string)

The name of the policy parameter.

Constraints:

  • min: 5
  • max: 256
  • pattern: [ -~]+

Values -> (list)

The allowed values for the policy parameter.

(string)

Constraints:

  • pattern: [ -~]+

Type -> (string)

The data type of the policy parameter value.

Possible values:

  • string
  • stringList

PermissionPolicy -> (string)

JSON content of the associated permission policy of this delegation request.

RolePermissionRestrictionArns -> (list)

If the PermissionPolicy includes role creation permissions, this element will include the list of permissions boundary policies associated with the role creation. See Permissions boundaries for IAM entities for more details about IAM permission boundaries.

(string)

The Amazon Resource Name (ARN). ARNs are unique identifiers for Amazon Web Services resources.

For more information about ARNs, go to Amazon Resource Names (ARNs) in the Amazon Web Services General Reference .

Constraints:

  • min: 20
  • max: 2048

OwnerId -> (string)

ARN of the owner of this delegation request.

Constraints:

  • min: 20
  • max: 2048
  • pattern: ^[a-zA-Z0-9:/+=,.@_-]+$

ApproverId -> (string)

The Amazon Resource Name (ARN). ARNs are unique identifiers for Amazon Web Services resources.

For more information about ARNs, go to Amazon Resource Names (ARNs) in the Amazon Web Services General Reference .

Constraints:

  • min: 20
  • max: 2048

State -> (string)

The state of this delegation request.

See the Understanding the Request Lifecycle for an explanation of how these states are transitioned.

Possible values:

  • UNASSIGNED
  • ASSIGNED
  • PENDING_APPROVAL
  • FINALIZED
  • ACCEPTED
  • REJECTED
  • EXPIRED

RequestorId -> (string)

Identity of the requestor of this delegation request. This will be an Amazon Web Services account ID.

Constraints:

  • pattern: \d{12}

RequestorName -> (string)

A friendly name of the requestor.

Constraints:

  • max: 30
  • pattern: [\u0009\u000A\u000D\u0020-\u007E\u00A1-\u00FF]*

CreateDate -> (timestamp)

Creation date (timestamp) of this delegation request.

SessionDuration -> (integer)

The life-time of the requested session credential.

Constraints:

  • min: 300
  • max: 43200

RedirectUrl -> (string)

A URL to be redirected to once the delegation request is approved. Partners provide this URL when creating the delegation request.

Constraints:

  • min: 1
  • max: 255
  • pattern: ^http(s?)://[a-zA-Z0-9._/-]*(\?[a-zA-Z0-9._=&-]*)?(#[a-zA-Z0-9._/-]*)?$

Notes -> (string)

Notes added to this delegation request, if this request was updated via the UpdateDelegationRequest API.

Constraints:

  • max: 500
  • pattern: [\u0009\u000A\u000D\u0020-\u007E\u00A1-\u00FF]*

RejectionReason -> (string)

Reasons for rejecting this delegation request, if this request was rejected. See also RejectDelegationRequest API documentation.

Constraints:

  • max: 500
  • pattern: [\u0009\u000A\u000D\u0020-\u007E\u00A1-\u00FF]*

OnlySendByOwner -> (boolean)

A flag indicating whether the SendDelegationToken must be called by the owner of this delegation request. This is set by the requesting partner.

UpdatedTime -> (timestamp)

Last updated timestamp of the request.

Marker -> (string)

When isTruncated is true , this element is present and contains the value to use for the Marker parameter in a subsequent pagination request.

Constraints:

  • min: 1
  • max: 320
  • pattern: [\u0020-\u00FF]+

isTruncated -> (boolean)

A flag that indicates whether there are more items to return. If your results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items.
© Copyright 2025, Amazon Web Services. Created using Sphinx.