- Stack Overflow for Teams Where developers & technologists share private knowledge with coworkers
- Advertising & Talent Reach devs & technologists worldwide about your product, service or employer brand
- OverflowAI GenAI features for Teams
- OverflowAPI Train & fine-tune LLMs
- Labs The future of collective knowledge sharing
- About the company Visit the blog
Collectives™ on Stack Overflow
Find centralized, trusted content and collaborate around the technologies you use most.
Q&A for work
Connect and share knowledge within a single location that is structured and easy to search.
Get early access and see previews of new features.
Using AWS CLI to list SSO User/group assigned to a permission set
I'm trying to get information about which User/group (within AWS accounts) is assigned to each permission set using AWS CLI.
In CLI, using SSO-admin I tried using list-accounts-for-provisioned-permission-set and list-permission-sets-provisioned-to-account but this did not get me this information.
I also tried list-account-assignments and got a "PrincipalId" for a permission set but I'm not sure if this refers to the "User/group" from the picture above. Is there anywhere I could see which PrincipalId belongs to each user/group?
Is there a way to access this information with AWS CLI?
UPDATE: I found some documentation regarding the "PrincipalId" from list-account-assignments :
An identifier for an object in Amazon Web Services SSO, such as a user or group. PrincipalIds are GUIDs (For example, f81d4fae-7dec-11d0-a765-00a0c91e6bf6). For more information about PrincipalIds in Amazon Web Services SSO, see the Amazon Web Services SSO Identity Store API Reference .
From the reference above I found the following:
The scope of these API operations is currently limited to only this functionality and does not include generic operations, such as listing all users or groups in the AWS SSO Identity Store.
Based on this I'm guessing that what I'm trying to do is currently impossible.
- amazon-web-services
- Hey, Did you try aws iam list-groups-for-user --user-name example_user_name ,as described here: docs.aws.amazon.com/cli/latest/reference/iam/… – Roy Levy Commented Sep 9, 2021 at 10:24
- @RoyLevy That list IAM groups which are separate from SSO groups. – ire Commented Sep 9, 2021 at 11:01
- Oh my bad, I thought you were trying to receive IAM list. The only thing I found about SSO listing is list-permission-sets which states it lists all of the permissions in SSO instance: docs.aws.amazon.com/cli/latest/reference/sso-admin/… – Roy Levy Commented Sep 9, 2021 at 11:56
- Yes, that lists the permission sets but not any other information about them. – ire Commented Sep 9, 2021 at 11:59
- So you are getting Principals from the list-account-assignments but not the account id's? The structure of the API response should consist of them both in the same hierarchy, so if you are not getting them also something may be wrong with the request. – Roy Levy Commented Sep 9, 2021 at 12:17
2 Answers 2
It's not possible officially :( Here's the proof – https://github.com/aws/aws-sdk/issues/109 It's being anticipated by many users for months, but still unresolved.
Though, in the middle of comments you can find an unofficial way to do it with a limit, only a maximum of 50 results can be returned this way - https://github.com/aws/aws-sdk/issues/109#issuecomment-1031766572
- Thanks for the issue link. Didn't know it was widely anticipated. – ire Commented Jan 5, 2022 at 14:40
- The GitHub links from this answer are talking about listing users, whereas the parent is looking for a way to see both users and groups assigned/mapped to permission sets. – Ben Francom Commented Apr 26, 2023 at 22:33
There's no native feature currently with the cli. However, there's a custom solution built for that to automatically generate the report and list out all users and groups' associated permission sets + AWS/customer-managed/inline policies
https://github.com/ooiyeefei/aws-iam-identity-center-permission-policies-analyzer
Your Answer
Reminder: Answers generated by artificial intelligence tools are not allowed on Stack Overflow. Learn more
Sign up or log in
Post as a guest.
Required, but never shown
By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy .
Not the answer you're looking for? Browse other questions tagged amazon-web-services or ask your own question .
- The Overflow Blog
- Scaling systems to manage all the metadata ABOUT the data
- Navigating cities of code with Norris Numbers
- Featured on Meta
- We've made changes to our Terms of Service & Privacy Policy - July 2024
- Bringing clarity to status tag usage on meta sites
- Tag hover experiment wrap-up and next steps
Hot Network Questions
- Do space stations have anything that big spacecraft (such as the Space Shuttle and SpaceX Starship) don't have?
- Word to classify what powers a god is associated with?
- Where is the 6D-QSAR software Quasar(X) available?
- Unstable output C++: running the same thing twice gives different output
- If Venus had a sapient civilisation similar to our own prior to global resurfacing, would we know it?
- Writing a Puzzle Book - Enigmatic Puzzles 2
- A study on the speed of gravity
- DIN Rail Logic Gate
- Will the US Customs be suspicious of my luggage if i bought a lot of the same item?
- Multiplication of operators defined by commutation relations
- Making blackberry Jam with fully-ripe blackberries
- Has the application of a law ever being appealed anywhere due to the lawmakers not knowing what they were voting/ruling?
- Are there rules of when there is linking-sound compound words?
- Can two different points can be connected by multiple adiabatic curves?
- Zipping Many Files
- Connector's number of mating cycles
- Is there any point "clean-installing" on a brand-new MacBook?
- How to understand the use of "used to"?
- Returning to France with a Récépissé de Demande de Carte de Séjour stopping at Zurich first
- How can I cross an overpass in "Street View" without being dropped to the roadway below?
- Did Avraham derive and keep the oral and written torah some how on his own before the yeshiva of Noach or only after?
- Why do individuals with revoked master’s/PhD degrees due to plagiarism or misconduct not return to retake them?
- If there is no free will, doesn't that provide a framework for an ethical model?
- Someone wants to pay me to be his texting buddy. How am I being scammed?
- List Account Assignment Deletion Status
- List Account Assignments for Principal
- List Account Assignments
- List Accounts for Provisioned Permission Set
- List Application Access Scopes
- List Application Assignments for Principal
- List Application Assignments
- List Application Authentication Methods
- List Application Grants
- List Application Providers
- List Applications
- List Customer Managed Policy References in Permission Set
- List Instances
- List Managed Policies in Permission Set
- List Permission Set Provisioning Status
- List Permission Sets Provisioned to Account
- List Permission Sets
- List Tags for Resource
- List Trusted Token Issuers
- Provision Permission Set
- Put Application Access Scope
- Put Application Assignment Configuration
- Put Application Authentication Method
- Put Application Grant
- Put Inline Policy to Permission Set
- Put Permissions Boundary to Permission Set
- Tag Resource
- Untag Resource
- Update Application
- Update Instance Access Control Attribute Configuration
- Update Instance
- Update Permission Set
- Update Trusted Token Issuer
- Storagegateway
- Telconetworkbuilder
- Timestreamquery
- Timestreamwrite
- Transcribeservice
- Verifiedpermissions
- Wafregional
- Wellarchitected
- Workmailmessageflow
- Workspacesweb
- Developer Guide
- Code Examples
List Account Assignment Creation Status
| ssoadmin_list_account_assignment_creation_status | R Documentation |
Lists the status of the Amazon Web Services account assignment creation requests for a specified IAM Identity Center instance ¶
Description ¶.
Lists the status of the Amazon Web Services account assignment creation requests for a specified IAM Identity Center instance.
Usage ¶
Arguments ¶.
Filters results based on the passed attribute value.
[required] The ARN of the IAM Identity Center instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference .
The maximum number of results to display for the assignment.
The pagination token for the list API. Initially the value is null. Use the output of previous API calls to make subsequent calls.
Value ¶
A list with the following syntax: list ( AccountAssignmentsCreationStatus = list ( list ( CreatedDate = as.POSIXct ( "2015-01-01" ), RequestId = "string" , Status = "IN_PROGRESS" | "FAILED" | "SUCCEEDED" ) ), NextToken = "string" )
Request syntax ¶
aws sso-admin describe-account-assignment-creation-status
Describes the status of the assignment creation request
| Name | Description |
|---|---|
| The ARN of the SSO instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference | |
| The identifier that is used to track the request operation progress | |
| Performs service operation based on the JSON string provided. The JSON string follows the format provided by ``--generate-cli-skeleton``. If other arguments are provided on the command line, the CLI values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally | |
| Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value ``input``, prints a sample input JSON that can be used as an argument for ``--cli-input-json``. If provided with the value ``output``, it validates the command inputs and returns a sample output JSON for that command |
On this page
Navigation Menu
Search code, repositories, users, issues, pull requests..., provide feedback.
We read every piece of feedback, and take your input very seriously.
Saved searches
Use saved searches to filter your results more quickly.
To see all available qualifiers, see our documentation .
- Notifications You must be signed in to change notification settings
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement . We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SSO Admin has no attribute 'list_account_assignments_for_principal' #4003
JosephLeva commented Jan 30, 2024
| Version: 1.34.30 When attempting to run client.list_account_assignments_for_principal' the following error arises. Exception has occurred: AttributeError'SSOAdmin' object has no attribute 'list_account_assignments_for_principal' File "H:\dev\2\ops-cloudformation-templates\IAM-Identity-Center\AUDIT\current_env.py", line 70, in list_group_associations print(sso_admin_client.list_account_assignments_for_principal(InstanceArn='arn:aws:sso:::instance/ssoins-72231cb50cde7102',PrincipalId='94d8a438-90c1-70cd-d176-090e04f945cb', File "H:\dev\2\ops-cloudformation-templates\IAM-Identity-Center\AUDIT\current_env.py", line 122, in lambda_handler group_associations = list_group_associations(sso_admin_client, identity_store_client, instance_arn) File "H:\dev\2\ops-cloudformation-templates\IAM-Identity-Center\AUDIT\current_env.py", line 132, in lambda_handler("event", "context")AttributeError: 'SSOAdmin' object has no attribute 'list_account_assignments_for_principal' Running the same client with other operations such as list instances works without a problem, as well as doing a direct cli call for this operation
|
| The text was updated successfully, but these errors were encountered: |
- 👍 1 reaction
RyanFitzSimmonsAK commented Jan 30, 2024 • edited Loading
| Hi , thanks for reaching out. I had some trouble reproducing this issue; on version , my call did not have this issue. Could you provide debug logs of this behavior, and tell me more about how you have your environment configured? In particular, could you tell me if this is a Lambda script? You can get debug logs by adding to the top of your script, and redacting any sensitive information. Thanks! |
Sorry, something went wrong.
JosephLeva commented Jan 30, 2024 • edited Loading
| Hi here is the script, output and error message i am receiving, note the version 1.34.30 and list_account_assignments_for_principal not being included in the methods for the sso admin client Script: import boto3 import json print(boto3. ) boto3.set_stream_logger('') sso_admin_client = boto3.client("sso-admin", methods = [method for method in dir(sso_admin_client) if callable(getattr(sso_admin_client, method))] print(methods) sso_admin_client.list_account_assignments_for_principal(InstanceArn='xxxx', PrincipalId='xxxx', PrincipalType='GROUP' ) Output: 1.34.30 Error: 'SSOAdmin' object has no attribute 'list_account_assignments_for_principal' File "H:\dev\2\ops-cloudformation-templates\IAM-Identity-Center\AUDIT\ex.py", line 14, in sso_admin_client.list_account_assignments_for_principal(InstanceArn=’xxxx’, PrincipalId=’xxxx’, PrincipalType='GROUP' )AttributeError: 'SSOAdmin' object has no attribute 'list_account_assignments_for_principal' |
RyanFitzSimmonsAK commented Jan 30, 2024
| The user agent containing the version wouldn't be in those debug logs, since it fails before the request is created or sent. Try checking the user agent on a successful operation. |
| Does print(boto3.version) show an accurate display of the version? |
| It should be , but yes. Can you confirm whether or not this is Lambda function as well? |
| I am currently not using a lambda function, running locally on my pc. |
matthill33 commented Feb 8, 2024
| I was seeing this bug while using a Lambda in the following environment: I could work around it with dynamically installing the newest version of boto3 with the code below. (credit ) sys from pip._internal import main main(['install', 'boto3', '--target', '/tmp/']) sys.path.insert(0,'/tmp/') import boto3 from botocore.exceptions import ClientError def handler(event, context): print(boto3.__version__)This upgraded the boto3 version to 1.34.37 and I could successfully call the function. |
RyanFitzSimmonsAK commented Feb 9, 2024
| Could you provide specifically the user agent portion of the debug logs? It should look something like this. |
github-actions bot commented Feb 20, 2024
| Greetings! It looks like this issue hasn’t been active in longer than five days. We encourage you to check if this is still an issue in the latest release. In the absence of more information, we will be closing this issue soon. If you find that this is still a problem, please feel free to provide a comment or upvote with a reaction on the initial post to prevent automatic closure. If the issue is already closed, please feel free to open a new one. |
No branches or pull requests
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
- Bahasa Indonesia
- Free Packages
- Elastic Cloud Server (ECS)
- Cloud Backup and Recovery (CBR)
- Host Security Service (HSS)
- Cloud Container Engine (CCE)
- Documentation
- Billing & Costs
- Service Tickets
- Unread Messages
- Partner Center
- Sign In Sign Up
- My Account Complete Sign Up
Listing Account Assignment Creation Statuses
This API is used to list the account assignment creation statuses of a specified IAM Identity Center instance.
GET /v1/instances/{instance_id}/account-assignments/creation-statuses
Parameter | Mandatory | Type | Description |
|---|---|---|---|
instance_id | Yes | String | Globally unique ID of an IAM Identity Center instance |
Parameter | Mandatory | Type | Description |
|---|---|---|---|
status | No | String | Status of the listing account assignment creation process Enumerated value: |
limit | No | Integer | Maximum number of results returned for each request Minimum value: Maximum value: Default value: |
marker | No | String | Pagination marker Minimum length: Maximum length: |
Request Parameters
Parameter | Mandatory | Type | Description |
|---|---|---|---|
X-Security-Token | No | String | Security token (session token) of your temporary security credentials. If a temporary security credential is used, this header is required. Maximum length: |
Response Parameters
Status code: 200
Parameter | Type | Description |
|---|---|---|
| Array of objects | Operation status list |
| Object | Pagination information |
Parameter | Type | Description |
|---|---|---|
created_date | Long | Creation date |
request_id | String | Unique ID of a request |
status | String | Authorization status of a permission set Enumerated value: |
Parameter | Type | Description |
|---|---|---|
next_marker | String | If present, it indicates that the available output is more than the output contained in the current response. Use this value in the marker request parameter in a subsequent call to the operation to get the next part of the output. You should repeat this operation until the response returns . |
current_count | Integer | Number of records returned on this page |
Status code: 400
Parameter | Type | Description |
|---|---|---|
error_code | String | Error code |
error_msg | String | Error message |
request_id | String | Unique ID of a request |
Status code: 403
Parameter | Type | Description |
|---|---|---|
error_code | String | Error code |
error_msg | String | Error message |
request_id | String | Unique ID of a request |
Example Request
Listing the account assignment creation statuses of a specified IAM Identity Center instance
Example Response
Status codes.
For details, see Status Codes .
Error Codes
For details, see Error Codes .
Previous topic: Querying Details about the Account Assignment Creation Status
Next topic: Listing Account Assignment Deletion Statuses
Was this page helpful?
Thank you very much for your feedback. We will continue working to improve the documentation. See the reply and handling status in My Cloud VOC .
Which of the following issues have you encountered?
Feedback (optional)
Select at least one type of issue, and enter your comments or suggestions.
Enter a maximum of 500 characters.
For any further questions, feel free to contact us through the chatbot.
- Privacy Statement
Explore Huawei Cloud
Featured Services
Service and Support
Account and Payment
Quick Links
© 2024, Huawei Cloud Computing Technologies Co., Ltd. and/or its affiliates. All rights reserved.
- AWS CLI 1.33.44 Command Reference »
- ← logout /
- attach-customer-managed-policy-reference-to-permission-set →
Table Of Contents
- Description
- Available Commands
Quick search
Did you find this page useful? Do you have a suggestion to improve the documentation? Give us feedback . If you would like to suggest an improvement or fix for the AWS CLI, check out our contributing guide on GitHub.
First time using the AWS CLI? See the User Guide for help getting started.
AWS CLI version 2, the latest major version of AWS CLI, is now stable and recommended for general use. To view this page for the AWS CLI version 2, click here . For more information see the AWS CLI version 2 installation instructions and migration guide .
sso-admin ¶
Description ¶.
IAM Identity Center (successor to Single Sign-On) helps you securely create, or connect, your workforce identities and manage their access centrally across Amazon Web Services accounts and applications. IAM Identity Center is the recommended approach for workforce authentication and authorization in Amazon Web Services, for organizations of any size and type.
This reference guide provides information on single sign-on operations which could be used for access management of Amazon Web Services accounts. For information about IAM Identity Center features, see the IAM Identity Center User Guide .
Many operations in the IAM Identity Center APIs rely on identifiers for users and groups, known as principals. For more information about how to work with principals and principal IDs in IAM Identity Center, see the Identity Store API Reference .
Available Commands ¶
- attach-customer-managed-policy-reference-to-permission-set
- attach-managed-policy-to-permission-set
- create-account-assignment
- create-application
- create-application-assignment
- create-instance
- create-instance-access-control-attribute-configuration
- create-permission-set
- create-trusted-token-issuer
- delete-account-assignment
- delete-application
- delete-application-access-scope
- delete-application-assignment
- delete-application-authentication-method
- delete-application-grant
- delete-inline-policy-from-permission-set
- delete-instance
- delete-instance-access-control-attribute-configuration
- delete-permission-set
- delete-permissions-boundary-from-permission-set
- delete-trusted-token-issuer
- describe-account-assignment-creation-status
- describe-account-assignment-deletion-status
- describe-application
- describe-application-assignment
- describe-application-provider
- describe-instance
- describe-instance-access-control-attribute-configuration
- describe-permission-set
- describe-permission-set-provisioning-status
- describe-trusted-token-issuer
- detach-customer-managed-policy-reference-from-permission-set
- detach-managed-policy-from-permission-set
- get-application-access-scope
- get-application-assignment-configuration
- get-application-authentication-method
- get-application-grant
- get-inline-policy-for-permission-set
- get-permissions-boundary-for-permission-set
- list-account-assignment-creation-status
- list-account-assignment-deletion-status
- list-account-assignments
- list-account-assignments-for-principal
- list-accounts-for-provisioned-permission-set
- list-application-access-scopes
- list-application-assignments
- list-application-assignments-for-principal
- list-application-authentication-methods
- list-application-grants
- list-application-providers
- list-applications
- list-customer-managed-policy-references-in-permission-set
- list-instances
- list-managed-policies-in-permission-set
- list-permission-set-provisioning-status
- list-permission-sets
- list-permission-sets-provisioned-to-account
- list-tags-for-resource
- list-trusted-token-issuers
- provision-permission-set
- put-application-access-scope
- put-application-assignment-configuration
- put-application-authentication-method
- put-application-grant
- put-inline-policy-to-permission-set
- put-permissions-boundary-to-permission-set
- tag-resource
- untag-resource
- update-application
- update-instance
- update-instance-access-control-attribute-configuration
- update-permission-set
- update-trusted-token-issuer
- AWS CLI 2.1.29 Command Reference »
- sso-admin »
- ← get-inline-policy-for-permission-set /
- list-account-assignment-deletion-status →
Table of Contents
- Description
Quick search
Did you find this page useful? Do you have a suggestion? Give us feedback or send us a pull request on GitHub.
First time using the AWS CLI? See the User Guide for help getting started.
[ aws . sso-admin ]
list-account-assignment-creation-status ¶
Description ¶.
Lists the status of the AWS account assignment creation requests for a specified SSO instance.
See also: AWS API Documentation
See ‘aws help’ for descriptions of global parameters.
list-account-assignment-creation-status is a paginated operation. Multiple API calls may be issued in order to retrieve the entire data set of results. You can disable pagination by providing the --no-paginate argument. When using --output text and the --query argument on a paginated response, the --query argument must extract data from the results of the following query expressions: AccountAssignmentsCreationStatus
--instance-arn (string)
The ARN of the SSO instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference .
--filter (structure)
Filters results based on the passed attribute value. Status -> (string) Filters the list operations result based on the status attribute.
Shorthand Syntax:
JSON Syntax:
--cli-input-json | --cli-input-yaml (string) Reads arguments from the JSON string provided. The JSON string follows the format provided by --generate-cli-skeleton . If other arguments are provided on the command line, those values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally. This may not be specified along with --cli-input-yaml .
--starting-token (string)
A token to specify where to start paginating. This is the NextToken from a previously truncated response. For usage examples, see Pagination in the AWS Command Line Interface User Guide .
--page-size (integer)
The size of each page to get in the AWS service call. This does not affect the number of items returned in the command’s output. Setting a smaller page size results in more calls to the AWS service, retrieving fewer items in each call. This can help prevent the AWS service calls from timing out. For usage examples, see Pagination in the AWS Command Line Interface User Guide .
--max-items (integer)
The total number of items to return in the command’s output. If the total number of items available is more than the value specified, a NextToken is provided in the command’s output. To resume pagination, provide the NextToken value in the starting-token argument of a subsequent command. Do not use the NextToken response element directly outside of the AWS CLI. For usage examples, see Pagination in the AWS Command Line Interface User Guide .
--generate-cli-skeleton (string) Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value input , prints a sample input JSON that can be used as an argument for --cli-input-json . Similarly, if provided yaml-input it will print a sample input YAML that can be used with --cli-input-yaml . If provided with the value output , it validates the command inputs and returns a sample output JSON for that command.
AccountAssignmentsCreationStatus -> (list)
The status object for the account assignment creation operation. (structure) Provides information about the AccountAssignment creation request. Status -> (string) The status of the permission set provisioning process.
RequestId -> (string)
The identifier for tracking the request operation that is generated by the universally unique identifier (UUID) workflow.
CreatedDate -> (timestamp)
The date that the permission set was created.
NextToken -> (string)
The pagination token for the list API. Initially the value is null. Use the output of previous API calls to make subsequent calls.
SSOAdmin / Paginator / ListAccountAssignmentCreationStatus
ListAccountAssignmentCreationStatus #
Creates an iterator that will paginate through responses from SSOAdmin.Client.list_account_assignment_creation_status() .
See also: AWS API Documentation
Request Syntax
Filters results based on the passed attribute value.
Status (string) –
Filters the list operations result based on the status attribute.
The ARN of the IAM Identity Center instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference .
A dictionary that provides parameters to control pagination.
MaxItems (integer) –
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
PageSize (integer) –
The size of each page.
StartingToken (string) –
A token to specify where to start paginating. This is the NextToken from a previous response.
Response Syntax
Response structure.
AccountAssignmentsCreationStatus (list) –
The status object for the account assignment creation operation.
Provides information about the AccountAssignment creation request.
CreatedDate (datetime) –
The date that the permission set was created.
RequestId (string) –
The identifier for tracking the request operation that is generated by the universally unique identifier (UUID) workflow.
The status of the permission set provisioning process.
COMMENTS
list-account-assignment-creation-status is a paginated operation. Multiple API calls may be issued in order to retrieve the entire data set of results. You can disable pagination by providing the --no-paginate argument. When using --output text and the --query argument on a paginated response, the --query argument must extract data from the ...
SSOAdmin.Client.list_account_assignment_creation_status(**kwargs) # Lists the status of the Amazon Web Services account assignment creation requests for a specified IAM Identity Center instance.
Managing Amazon EC2 instances; Working with Amazon EC2 key pairs; Describe Amazon EC2 Regions and Availability Zones; Working with security groups in Amazon EC2
Lists the status of the AWS account assignment creation requests for a specified SSO instance
list-account-assignment-creation-status is a paginated operation. Multiple API calls may be issued in order to retrieve the entire data set of results. You can disable pagination by providing the --no-paginate argument. When using --outputtext and the --query argument on a paginated response, the --query argument must extract data from the ...
list-create-account-status is a paginated operation. Multiple API calls may be issued in order to retrieve the entire data set of results. You can disable pagination by providing the --no-paginate argument. When using --output text and the --query argument on a paginated response, the --query argument must extract data from the results of the ...
It returns "in progress" as the status and later fails when I get status from SSOAdmin.Client. list_account_assignment_creation_status the result of assignment :
Lists the status of the Amazon Web Services account assignment creation requests for a specified SSO instance. See also: AWS API Documentation. See 'aws help' for descriptions of global parameters. list-account-assignment-creation-status is a paginated operation. Multiple API calls may be issued in order to retrieve the entire data set of ...
In CLI, using SSO-admin I tried using list-accounts-for-provisioned-permission-set and list-permission-sets-provisioned-to-account but this did not get me this information. I also tried list-account-assignments and got a "PrincipalId" for a permission set but I'm not sure if this refers to the "User/group" from the picture above.
The identifier of the AWS account from which to list the assignments. --permission-set-arn <string>. The ARN of the permission set from which to list assignments. --max-results <integer>. The maximum number of results to display for the assignment. --next-token <string>. The pagination token for the list API. Initially the value is null.
Lists the status of the Amazon Web Services account assignment creation requests for a specified IAM Identity Center instance. Usage ¶ ssoadmin_list_account_assignment_creation_status ( Filter , InstanceArn , MaxResults , NextToken )
Lists the status of the Amazon Web Services account assignment creation requests for a specified IAM Identity Center instance. Example. Use a bare-bones client and the command you need to make an API call.
Describes the status of the assignment creation request
Output ¶ AccountAssignments -> (list) The list of assignments that match the input Amazon Web Services account and permission set. (structure) The assignment that indicates a principal's limited access to a specified Amazon Web Services account with a specified permission set.
Table Of Contents. Quickstart; A sample tutorial; Code examples; Developer guide; Security; Available services
When attempting to run client.list_account_assignments_for_principal' the following error arises.
SSOAdmin.Client.list_account_assignment_creation_status(**kwargs) # Lists the status of the Amazon Web Services account assignment creation requests for a specified IAM Identity Center instance.
Lists the status of the Amazon Web Services account assignment creation requests for a specified Amazon Web Services SSO instance. See also: AWS API Documentation. See 'aws help' for descriptions of global parameters. list-account-assignment-creation-status is a paginated operation. Multiple API calls may be issued in order to retrieve the ...
IAM Identity Center (successor to Single Sign-On) helps you securely create, or connect, your workforce identities and manage their access centrally across Amazon Web Services accounts and applications. IAM Identity Center is the recommended approach for workforce authentication and authorization in Amazon Web Services, for organizations of any size and type.
Function This API is used to list the account assignment creation statuses of a specified IAM Identity Center instance.
IAM Identity Center (successor to Single Sign-On) helps you securely create, or connect, your workforce identities and manage their access centrally across Amazon Web Services accounts and applications. IAM Identity Center is the recommended approach for workforce authentication and authorization in Amazon Web Services, for organizations of any ...
Lists the status of the AWS account assignment creation requests for a specified SSO instance. See also: AWS API Documentation. See 'aws help' for descriptions of global parameters. list-account-assignment-creation-status is a paginated operation. Multiple API calls may be issued in order to retrieve the entire data set of results.
Creates an iterator that will paginate through responses from SSOAdmin.Client.list_account_assignment_creation_status ().