Copyright | (c) 2013-2023 Brendan Hay |
---|---|
License | Mozilla Public License, v. 2.0. |
Maintainer | Brendan Hay |
Stability | auto-generated |
Portability | non-portable (GHC extensions) |
Safe Haskell | Safe-Inferred |
Language | Haskell2010 |
Derived from API version 2019-06-10
of the AWS service descriptions, licensed under Apache 2.0.
AWS IAM Identity Center (successor to AWS Single Sign-On) Portal is a web service that makes it easy for you to assign user access to IAM Identity Center resources such as the AWS access portal. Users can get AWS account applications and roles assigned to them and get federated into the application.
Although AWS Single Sign-On was renamed, the sso
and identitystore
API namespaces will continue to retain their original name for backward
compatibility purposes. For more information, see
IAM Identity Center rename.
This reference guide describes the IAM Identity Center Portal operations that you can call programatically and includes detailed information on data types and errors.
AWS provides SDKs that consist of libraries and sample code for various programming languages and platforms, such as Java, Ruby, .Net, iOS, or Android. The SDKs provide a convenient way to create programmatic access to IAM Identity Center and other AWS services. For more information about the AWS SDKs, including how to download and install them, see Tools for Amazon Web Services.
Synopsis
- defaultService :: Service
- _InvalidRequestException :: AsError a => Fold a ServiceError
- _ResourceNotFoundException :: AsError a => Fold a ServiceError
- _TooManyRequestsException :: AsError a => Fold a ServiceError
- _UnauthorizedException :: AsError a => Fold a ServiceError
- data GetRoleCredentials = GetRoleCredentials' Text Text (Sensitive Text)
- newGetRoleCredentials :: Text -> Text -> Text -> GetRoleCredentials
- data GetRoleCredentialsResponse = GetRoleCredentialsResponse' Int RoleCredentials
- newGetRoleCredentialsResponse :: Int -> RoleCredentials -> GetRoleCredentialsResponse
- data ListAccountRoles = ListAccountRoles' (Maybe Natural) (Maybe Text) (Sensitive Text) Text
- newListAccountRoles :: Text -> Text -> ListAccountRoles
- data ListAccountRolesResponse = ListAccountRolesResponse' (Maybe Text) (Maybe [RoleInfo]) Int
- newListAccountRolesResponse :: Int -> ListAccountRolesResponse
- data ListAccounts = ListAccounts' (Maybe Natural) (Maybe Text) (Sensitive Text)
- newListAccounts :: Text -> ListAccounts
- data ListAccountsResponse = ListAccountsResponse' (Maybe [AccountInfo]) (Maybe Text) Int
- newListAccountsResponse :: Int -> ListAccountsResponse
- data Logout = Logout' (Sensitive Text)
- newLogout :: Text -> Logout
- data LogoutResponse = LogoutResponse' {
- newLogoutResponse :: LogoutResponse
- data AccountInfo = AccountInfo' (Maybe Text) (Maybe Text) (Maybe Text)
- newAccountInfo :: AccountInfo
- data RoleCredentials = RoleCredentials' (Maybe Integer) (Maybe (Sensitive SessionToken)) AccessKey (Sensitive SecretKey)
- newRoleCredentials :: AccessKey -> SecretKey -> RoleCredentials
- data RoleInfo = RoleInfo' (Maybe Text) (Maybe Text)
- newRoleInfo :: RoleInfo
Service Configuration
defaultService :: Service Source #
API version 2019-06-10
of the Amazon Single Sign-On SDK configuration.
Errors
Error matchers are designed for use with the functions provided by
Control.Exception.Lens.
This allows catching (and rethrowing) service specific errors returned
by SSO
.
InvalidRequestException
_InvalidRequestException :: AsError a => Fold a ServiceError Source #
Indicates that a problem occurred with the input to the request. For example, a required parameter might be missing or out of range.
ResourceNotFoundException
_ResourceNotFoundException :: AsError a => Fold a ServiceError Source #
The specified resource doesn't exist.
TooManyRequestsException
_TooManyRequestsException :: AsError a => Fold a ServiceError Source #
Indicates that the request is being made too frequently and is more than what the server can handle.
UnauthorizedException
_UnauthorizedException :: AsError a => Fold a ServiceError Source #
Indicates that the request is not authorized. This can happen due to an invalid access token in the request.
Waiters
Waiters poll by repeatedly sending a request until some remote success condition
configured by the Wait
specification is fulfilled. The Wait
specification
determines how many attempts should be made, in addition to delay and retry strategies.
Operations
Some AWS operations return results that are incomplete and require subsequent
requests in order to obtain the entire result set. The process of sending
subsequent requests to continue where a previous request left off is called
pagination. For example, the ListObjects
operation of Amazon S3 returns up to
1000 objects at a time, and you must send subsequent requests with the
appropriate Marker in order to retrieve the next page of results.
Operations that have an AWSPager
instance can transparently perform subsequent
requests, correctly setting Markers and other request facets to iterate through
the entire result set of a truncated API operation. Operations which support
this have an additional note in the documentation.
Many operations have the ability to filter results on the server side. See the individual operation parameters for details.
GetRoleCredentials
data GetRoleCredentials Source #
See: newGetRoleCredentials
smart constructor.
Instances
newGetRoleCredentials Source #
:: Text | |
-> Text | |
-> Text | |
-> GetRoleCredentials |
Create a value of GetRoleCredentials
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
GetRoleCredentials
, getRoleCredentials_roleName
- The friendly name of the role that is assigned to the user.
GetRoleCredentials
, getRoleCredentials_accountId
- The identifier for the AWS account that is assigned to the user.
$sel:accessToken:GetRoleCredentials'
, getRoleCredentials_accessToken
- The token issued by the CreateToken
API call. For more information,
see
CreateToken
in the IAM Identity Center OIDC API Reference Guide.
data GetRoleCredentialsResponse Source #
See: newGetRoleCredentialsResponse
smart constructor.
Instances
newGetRoleCredentialsResponse Source #
Create a value of GetRoleCredentialsResponse
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:httpStatus:GetRoleCredentialsResponse'
, getRoleCredentialsResponse_httpStatus
- The response's http status code.
$sel:roleCredentials:GetRoleCredentialsResponse'
, getRoleCredentialsResponse_roleCredentials
- The credentials for the role that is assigned to the user.
ListAccountRoles (Paginated)
data ListAccountRoles Source #
See: newListAccountRoles
smart constructor.
Instances
Create a value of ListAccountRoles
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:maxResults:ListAccountRoles'
, listAccountRoles_maxResults
- The number of items that clients can request per page.
ListAccountRoles
, listAccountRoles_nextToken
- The page token from the previous response output when you request
subsequent pages.
$sel:accessToken:ListAccountRoles'
, listAccountRoles_accessToken
- The token issued by the CreateToken
API call. For more information,
see
CreateToken
in the IAM Identity Center OIDC API Reference Guide.
ListAccountRoles
, listAccountRoles_accountId
- The identifier for the AWS account that is assigned to the user.
data ListAccountRolesResponse Source #
See: newListAccountRolesResponse
smart constructor.
Instances
newListAccountRolesResponse Source #
Create a value of ListAccountRolesResponse
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
ListAccountRoles
, listAccountRolesResponse_nextToken
- The page token client that is used to retrieve the list of accounts.
$sel:roleList:ListAccountRolesResponse'
, listAccountRolesResponse_roleList
- A paginated response with the list of roles and the next token if more
results are available.
$sel:httpStatus:ListAccountRolesResponse'
, listAccountRolesResponse_httpStatus
- The response's http status code.
ListAccounts (Paginated)
data ListAccounts Source #
See: newListAccounts
smart constructor.
Instances
Create a value of ListAccounts
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:maxResults:ListAccounts'
, listAccounts_maxResults
- This is the number of items clients can request per page.
ListAccounts
, listAccounts_nextToken
- (Optional) When requesting subsequent pages, this is the page token from
the previous response output.
$sel:accessToken:ListAccounts'
, listAccounts_accessToken
- The token issued by the CreateToken
API call. For more information,
see
CreateToken
in the IAM Identity Center OIDC API Reference Guide.
data ListAccountsResponse Source #
See: newListAccountsResponse
smart constructor.
Instances
newListAccountsResponse Source #
Create a value of ListAccountsResponse
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:accountList:ListAccountsResponse'
, listAccountsResponse_accountList
- A paginated response with the list of account information and the next
token if more results are available.
ListAccounts
, listAccountsResponse_nextToken
- The page token client that is used to retrieve the list of accounts.
$sel:httpStatus:ListAccountsResponse'
, listAccountsResponse_httpStatus
- The response's http status code.
Logout
See: newLogout
smart constructor.
Instances
ToJSON Logout Source # | |
Defined in Amazonka.SSO.Logout | |
ToHeaders Logout Source # | |
Defined in Amazonka.SSO.Logout | |
ToPath Logout Source # | |
Defined in Amazonka.SSO.Logout toPath :: Logout -> ByteString # | |
ToQuery Logout Source # | |
Defined in Amazonka.SSO.Logout toQuery :: Logout -> QueryString # | |
AWSRequest Logout Source # | |
Defined in Amazonka.SSO.Logout type AWSResponse Logout # request :: (Service -> Service) -> Logout -> Request Logout # response :: MonadResource m => (ByteStringLazy -> IO ByteStringLazy) -> Service -> Proxy Logout -> ClientResponse ClientBody -> m (Either Error (ClientResponse (AWSResponse Logout))) # | |
Generic Logout Source # | |
Show Logout Source # | |
NFData Logout Source # | |
Defined in Amazonka.SSO.Logout | |
Eq Logout Source # | |
Hashable Logout Source # | |
Defined in Amazonka.SSO.Logout | |
type AWSResponse Logout Source # | |
Defined in Amazonka.SSO.Logout | |
type Rep Logout Source # | |
Defined in Amazonka.SSO.Logout |
Create a value of Logout
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:accessToken:Logout'
, logout_accessToken
- The token issued by the CreateToken
API call. For more information,
see
CreateToken
in the IAM Identity Center OIDC API Reference Guide.
data LogoutResponse Source #
See: newLogoutResponse
smart constructor.
Instances
Generic LogoutResponse Source # | |
Defined in Amazonka.SSO.Logout type Rep LogoutResponse :: Type -> Type # from :: LogoutResponse -> Rep LogoutResponse x # to :: Rep LogoutResponse x -> LogoutResponse # | |
Read LogoutResponse Source # | |
Defined in Amazonka.SSO.Logout readsPrec :: Int -> ReadS LogoutResponse # readList :: ReadS [LogoutResponse] # | |
Show LogoutResponse Source # | |
Defined in Amazonka.SSO.Logout showsPrec :: Int -> LogoutResponse -> ShowS # show :: LogoutResponse -> String # showList :: [LogoutResponse] -> ShowS # | |
NFData LogoutResponse Source # | |
Defined in Amazonka.SSO.Logout rnf :: LogoutResponse -> () # | |
Eq LogoutResponse Source # | |
Defined in Amazonka.SSO.Logout (==) :: LogoutResponse -> LogoutResponse -> Bool # (/=) :: LogoutResponse -> LogoutResponse -> Bool # | |
type Rep LogoutResponse Source # | |
newLogoutResponse :: LogoutResponse Source #
Create a value of LogoutResponse
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
Types
AccountInfo
data AccountInfo Source #
Provides information about your AWS account.
See: newAccountInfo
smart constructor.
Instances
newAccountInfo :: AccountInfo Source #
Create a value of AccountInfo
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:accountId:AccountInfo'
, accountInfo_accountId
- The identifier of the AWS account that is assigned to the user.
$sel:accountName:AccountInfo'
, accountInfo_accountName
- The display name of the AWS account that is assigned to the user.
$sel:emailAddress:AccountInfo'
, accountInfo_emailAddress
- The email address of the AWS account that is assigned to the user.
RoleCredentials
data RoleCredentials Source #
Provides information about the role credentials that are assigned to the user.
See: newRoleCredentials
smart constructor.
Instances
:: AccessKey | |
-> SecretKey | |
-> RoleCredentials |
Create a value of RoleCredentials
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:expiration:RoleCredentials'
, roleCredentials_expiration
- The date on which temporary security credentials expire.
$sel:sessionToken:RoleCredentials'
, roleCredentials_sessionToken
- The token used for temporary credentials. For more information, see
Using Temporary Security Credentials to Request Access to AWS Resources
in the AWS IAM User Guide.
$sel:accessKeyId:RoleCredentials'
, roleCredentials_accessKeyId
- The identifier used for the temporary security credentials. For more
information, see
Using Temporary Security Credentials to Request Access to AWS Resources
in the AWS IAM User Guide.
$sel:secretAccessKey:RoleCredentials'
, roleCredentials_secretAccessKey
- The key that is used to sign the request. For more information, see
Using Temporary Security Credentials to Request Access to AWS Resources
in the AWS IAM User Guide.
RoleInfo
Provides information about the role that is assigned to the user.
See: newRoleInfo
smart constructor.
Instances
FromJSON RoleInfo Source # | |
Generic RoleInfo Source # | |
Read RoleInfo Source # | |
Show RoleInfo Source # | |
NFData RoleInfo Source # | |
Defined in Amazonka.SSO.Types.RoleInfo | |
Eq RoleInfo Source # | |
Hashable RoleInfo Source # | |
Defined in Amazonka.SSO.Types.RoleInfo | |
type Rep RoleInfo Source # | |
Defined in Amazonka.SSO.Types.RoleInfo type Rep RoleInfo = D1 ('MetaData "RoleInfo" "Amazonka.SSO.Types.RoleInfo" "amazonka-sso-2.0-B4gMJoZyEheG3SJYxPhDjE" 'False) (C1 ('MetaCons "RoleInfo'" 'PrefixI 'True) (S1 ('MetaSel ('Just "accountId") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Text)) :*: S1 ('MetaSel ('Just "roleName") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Text)))) |
newRoleInfo :: RoleInfo Source #
Create a value of RoleInfo
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:accountId:RoleInfo'
, roleInfo_accountId
- The identifier of the AWS account assigned to the user.
$sel:roleName:RoleInfo'
, roleInfo_roleName
- The friendly name of the role that is assigned to the user.