IdentityStore ************* Client ====== class IdentityStore.Client A low-level client representing AWS SSO Identity Store (IdentityStore) The Identity Store service used by IAM Identity Center provides a single place to retrieve all of your identities (users and groups). For more information, see the IAM Identity Center User Guide. This reference guide describes the identity store operations that you can call programmatically and includes detailed information about data types and errors. Note: IAM Identity Center uses the "sso" and "identitystore" API namespaces. import boto3 client = boto3.client('identitystore') These are the available methods: * can_paginate * close * create_group * create_group_membership * create_user * delete_group * delete_group_membership * delete_user * describe_group * describe_group_membership * describe_user * get_group_id * get_group_membership_id * get_paginator * get_user_id * get_waiter * is_member_in_groups * list_group_memberships * list_group_memberships_for_member * list_groups * list_users * update_group * update_user Paginators ========== Paginators are available on a client instance via the "get_paginator" method. For more detailed instructions and examples on the usage of paginators, see the paginators user guide. The available paginators are: * ListGroupMemberships * ListGroupMembershipsForMember * ListGroups * ListUsers IdentityStore / Paginator / ListGroupMemberships ListGroupMemberships ******************** class IdentityStore.Paginator.ListGroupMemberships paginator = client.get_paginator('list_group_memberships') paginate(**kwargs) Creates an iterator that will paginate through responses from "IdentityStore.Client.list_group_memberships()". See also: AWS API Documentation **Request Syntax** response_iterator = paginator.paginate( IdentityStoreId='string', GroupId='string', PaginationConfig={ 'MaxItems': 123, 'PageSize': 123, 'StartingToken': 'string' } ) Parameters: * **IdentityStoreId** (*string*) -- **[REQUIRED]** The globally unique identifier for the identity store. * **GroupId** (*string*) -- **[REQUIRED]** The identifier for a group in the identity store. * **PaginationConfig** (*dict*) -- A dictionary that provides parameters to control pagination. * **MaxItems** *(integer) --* The total number of items to return. If the total number of items available is more than the value specified in max-items then a "NextToken" will be provided in the output that you can use to resume pagination. * **PageSize** *(integer) --* The size of each page. * **StartingToken** *(string) --* A token to specify where to start paginating. This is the "NextToken" from a previous response. Return type: dict Returns: **Response Syntax** { 'GroupMemberships': [ { 'IdentityStoreId': 'string', 'MembershipId': 'string', 'GroupId': 'string', 'MemberId': { 'UserId': 'string' } }, ], } **Response Structure** * *(dict) --* * **GroupMemberships** *(list) --* A list of "GroupMembership" objects in the group. * *(dict) --* Contains the identifiers for a group, a group member, and a "GroupMembership" object in the identity store. * **IdentityStoreId** *(string) --* The globally unique identifier for the identity store. * **MembershipId** *(string) --* The identifier for a "GroupMembership" object in an identity store. * **GroupId** *(string) --* The identifier for a group in the identity store. * **MemberId** *(dict) --* An object that contains the identifier of a group member. Setting the "UserID" field to the specific identifier for a user indicates that the user is a member of the group. Note: This is a Tagged Union structure. Only one of the following top level keys will be set: "UserId". If a client receives an unknown member it will set "SDK_UNKNOWN_MEMBER" as the top level key, which maps to the name or tag of the unknown member. The structure of "SDK_UNKNOWN_MEMBER" is as follows: 'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'} * **UserId** *(string) --* An object containing the identifiers of resources that can be members. IdentityStore / Paginator / ListGroupMembershipsForMember ListGroupMembershipsForMember ***************************** class IdentityStore.Paginator.ListGroupMembershipsForMember paginator = client.get_paginator('list_group_memberships_for_member') paginate(**kwargs) Creates an iterator that will paginate through responses from "IdentityStore.Client.list_group_memberships_for_member()". See also: AWS API Documentation **Request Syntax** response_iterator = paginator.paginate( IdentityStoreId='string', MemberId={ 'UserId': 'string' }, PaginationConfig={ 'MaxItems': 123, 'PageSize': 123, 'StartingToken': 'string' } ) Parameters: * **IdentityStoreId** (*string*) -- **[REQUIRED]** The globally unique identifier for the identity store. * **MemberId** (*dict*) -- **[REQUIRED]** An object that contains the identifier of a group member. Setting the "UserID" field to the specific identifier for a user indicates that the user is a member of the group. Note: This is a Tagged Union structure. Only one of the following top level keys can be set: "UserId". * **UserId** *(string) --* An object containing the identifiers of resources that can be members. * **PaginationConfig** (*dict*) -- A dictionary that provides parameters to control pagination. * **MaxItems** *(integer) --* The total number of items to return. If the total number of items available is more than the value specified in max-items then a "NextToken" will be provided in the output that you can use to resume pagination. * **PageSize** *(integer) --* The size of each page. * **StartingToken** *(string) --* A token to specify where to start paginating. This is the "NextToken" from a previous response. Return type: dict Returns: **Response Syntax** { 'GroupMemberships': [ { 'IdentityStoreId': 'string', 'MembershipId': 'string', 'GroupId': 'string', 'MemberId': { 'UserId': 'string' } }, ], } **Response Structure** * *(dict) --* * **GroupMemberships** *(list) --* A list of "GroupMembership" objects in the group for a specified member. * *(dict) --* Contains the identifiers for a group, a group member, and a "GroupMembership" object in the identity store. * **IdentityStoreId** *(string) --* The globally unique identifier for the identity store. * **MembershipId** *(string) --* The identifier for a "GroupMembership" object in an identity store. * **GroupId** *(string) --* The identifier for a group in the identity store. * **MemberId** *(dict) --* An object that contains the identifier of a group member. Setting the "UserID" field to the specific identifier for a user indicates that the user is a member of the group. Note: This is a Tagged Union structure. Only one of the following top level keys will be set: "UserId". If a client receives an unknown member it will set "SDK_UNKNOWN_MEMBER" as the top level key, which maps to the name or tag of the unknown member. The structure of "SDK_UNKNOWN_MEMBER" is as follows: 'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'} * **UserId** *(string) --* An object containing the identifiers of resources that can be members. IdentityStore / Paginator / ListUsers ListUsers ********* class IdentityStore.Paginator.ListUsers paginator = client.get_paginator('list_users') paginate(**kwargs) Creates an iterator that will paginate through responses from "IdentityStore.Client.list_users()". See also: AWS API Documentation **Request Syntax** response_iterator = paginator.paginate( IdentityStoreId='string', Filters=[ { 'AttributePath': 'string', 'AttributeValue': 'string' }, ], PaginationConfig={ 'MaxItems': 123, 'PageSize': 123, 'StartingToken': 'string' } ) Parameters: * **IdentityStoreId** (*string*) -- **[REQUIRED]** The globally unique identifier for the identity store, such as "d-1234567890". In this example, "d-" is a fixed prefix, and "1234567890" is a randomly generated string that contains numbers and lower case letters. This value is generated at the time that a new identity store is created. * **Filters** (*list*) -- A list of "Filter" objects, which is used in the "ListUsers" and "ListGroups" requests. * *(dict) --* A query filter used by "ListUsers" and "ListGroups". This filter object provides the attribute name and attribute value to search users or groups. * **AttributePath** *(string) --* **[REQUIRED]** The attribute path that is used to specify which attribute name to search. Length limit is 255 characters. For example, "UserName" is a valid attribute path for the "ListUsers" API, and "DisplayName" is a valid attribute path for the "ListGroups" API. * **AttributeValue** *(string) --* **[REQUIRED]** Represents the data for an attribute. Each attribute value is described as a name-value pair. * **PaginationConfig** (*dict*) -- A dictionary that provides parameters to control pagination. * **MaxItems** *(integer) --* The total number of items to return. If the total number of items available is more than the value specified in max-items then a "NextToken" will be provided in the output that you can use to resume pagination. * **PageSize** *(integer) --* The size of each page. * **StartingToken** *(string) --* A token to specify where to start paginating. This is the "NextToken" from a previous response. Return type: dict Returns: **Response Syntax** { 'Users': [ { 'UserName': 'string', 'UserId': 'string', 'ExternalIds': [ { 'Issuer': 'string', 'Id': 'string' }, ], 'Name': { 'Formatted': 'string', 'FamilyName': 'string', 'GivenName': 'string', 'MiddleName': 'string', 'HonorificPrefix': 'string', 'HonorificSuffix': 'string' }, 'DisplayName': 'string', 'NickName': 'string', 'ProfileUrl': 'string', 'Emails': [ { 'Value': 'string', 'Type': 'string', 'Primary': True|False }, ], 'Addresses': [ { 'StreetAddress': 'string', 'Locality': 'string', 'Region': 'string', 'PostalCode': 'string', 'Country': 'string', 'Formatted': 'string', 'Type': 'string', 'Primary': True|False }, ], 'PhoneNumbers': [ { 'Value': 'string', 'Type': 'string', 'Primary': True|False }, ], 'UserType': 'string', 'Title': 'string', 'PreferredLanguage': 'string', 'Locale': 'string', 'Timezone': 'string', 'IdentityStoreId': 'string' }, ], } **Response Structure** * *(dict) --* * **Users** *(list) --* A list of "User" objects in the identity store. * *(dict) --* A user object that contains the metadata and attributes for a specified user. * **UserName** *(string) --* A unique string used to identify the user. The length limit is 128 characters. This value can consist of letters, accented characters, symbols, numbers, and punctuation. This value is specified at the time the user is created and stored as an attribute of the user object in the identity store. * **UserId** *(string) --* The identifier for a user in the identity store. * **ExternalIds** *(list) --* A list of "ExternalId" objects that contains the identifiers issued to this resource by an external identity provider. * *(dict) --* The identifier issued to this resource by an external identity provider. * **Issuer** *(string) --* The issuer for an external identifier. * **Id** *(string) --* The identifier issued to this resource by an external identity provider. * **Name** *(dict) --* An object containing the name of the user. * **Formatted** *(string) --* A string containing a formatted version of the name for display. * **FamilyName** *(string) --* The family name of the user. * **GivenName** *(string) --* The given name of the user. * **MiddleName** *(string) --* The middle name of the user. * **HonorificPrefix** *(string) --* The honorific prefix of the user. For example, "Dr." * **HonorificSuffix** *(string) --* The honorific suffix of the user. For example, "M.D." * **DisplayName** *(string) --* A string containing the name of the user that is formatted for display when the user is referenced. For example, "John Doe." * **NickName** *(string) --* A string containing an alternate name for the user. * **ProfileUrl** *(string) --* A string containing a URL that might be associated with the user. * **Emails** *(list) --* A list of "Email" objects containing email addresses associated with the user. * *(dict) --* The email address associated with the user. * **Value** *(string) --* A string containing an email address. For example, "johndoe@amazon.com." * **Type** *(string) --* A string representing the type of address. For example, "Work." * **Primary** *(boolean) --* A Boolean value representing whether this is the primary email address for the associated resource. * **Addresses** *(list) --* A list of "Address" objects containing addresses associated with the user. * *(dict) --* The address associated with the specified user. * **StreetAddress** *(string) --* The street of the address. * **Locality** *(string) --* A string of the address locality. * **Region** *(string) --* The region of the address. * **PostalCode** *(string) --* The postal code of the address. * **Country** *(string) --* The country of the address. * **Formatted** *(string) --* A string containing a formatted version of the address for display. * **Type** *(string) --* A string representing the type of address. For example, "Home." * **Primary** *(boolean) --* A Boolean value representing whether this is the primary address for the associated resource. * **PhoneNumbers** *(list) --* A list of "PhoneNumber" objects containing phone numbers associated with the user. * *(dict) --* The phone number associated with the user. * **Value** *(string) --* A string containing a phone number. For example, "8675309" or "+1 (800) 123-4567". * **Type** *(string) --* A string representing the type of a phone number. For example, "Mobile." * **Primary** *(boolean) --* A Boolean value representing whether this is the primary phone number for the associated resource. * **UserType** *(string) --* A string indicating the type of user. Possible values are left unspecified. The value can vary based on your specific use case. * **Title** *(string) --* A string containing the title of the user. Possible values are left unspecified. The value can vary based on your specific use case. * **PreferredLanguage** *(string) --* A string containing the preferred language of the user. For example, "American English" or "en-us." * **Locale** *(string) --* A string containing the geographical region or location of the user. * **Timezone** *(string) --* A string containing the time zone of the user. * **IdentityStoreId** *(string) --* The globally unique identifier for the identity store. IdentityStore / Paginator / ListGroups ListGroups ********** class IdentityStore.Paginator.ListGroups paginator = client.get_paginator('list_groups') paginate(**kwargs) Creates an iterator that will paginate through responses from "IdentityStore.Client.list_groups()". See also: AWS API Documentation **Request Syntax** response_iterator = paginator.paginate( IdentityStoreId='string', Filters=[ { 'AttributePath': 'string', 'AttributeValue': 'string' }, ], PaginationConfig={ 'MaxItems': 123, 'PageSize': 123, 'StartingToken': 'string' } ) Parameters: * **IdentityStoreId** (*string*) -- **[REQUIRED]** The globally unique identifier for the identity store, such as "d-1234567890". In this example, "d-" is a fixed prefix, and "1234567890" is a randomly generated string that contains numbers and lower case letters. This value is generated at the time that a new identity store is created. * **Filters** (*list*) -- A list of "Filter" objects, which is used in the "ListUsers" and "ListGroups" requests. * *(dict) --* A query filter used by "ListUsers" and "ListGroups". This filter object provides the attribute name and attribute value to search users or groups. * **AttributePath** *(string) --* **[REQUIRED]** The attribute path that is used to specify which attribute name to search. Length limit is 255 characters. For example, "UserName" is a valid attribute path for the "ListUsers" API, and "DisplayName" is a valid attribute path for the "ListGroups" API. * **AttributeValue** *(string) --* **[REQUIRED]** Represents the data for an attribute. Each attribute value is described as a name-value pair. * **PaginationConfig** (*dict*) -- A dictionary that provides parameters to control pagination. * **MaxItems** *(integer) --* The total number of items to return. If the total number of items available is more than the value specified in max-items then a "NextToken" will be provided in the output that you can use to resume pagination. * **PageSize** *(integer) --* The size of each page. * **StartingToken** *(string) --* A token to specify where to start paginating. This is the "NextToken" from a previous response. Return type: dict Returns: **Response Syntax** { 'Groups': [ { 'GroupId': 'string', 'DisplayName': 'string', 'ExternalIds': [ { 'Issuer': 'string', 'Id': 'string' }, ], 'Description': 'string', 'IdentityStoreId': 'string' }, ], } **Response Structure** * *(dict) --* * **Groups** *(list) --* A list of "Group" objects in the identity store. * *(dict) --* A group object that contains the metadata and attributes for a specified group. * **GroupId** *(string) --* The identifier for a group in the identity store. * **DisplayName** *(string) --* The display name value for the group. The length limit is 1,024 characters. This value can consist of letters, accented characters, symbols, numbers, punctuation, tab, new line, carriage return, space, and nonbreaking space in this attribute. This value is specified at the time the group is created and stored as an attribute of the group object in the identity store. * **ExternalIds** *(list) --* A list of "ExternalId" objects that contains the identifiers issued to this resource by an external identity provider. * *(dict) --* The identifier issued to this resource by an external identity provider. * **Issuer** *(string) --* The issuer for an external identifier. * **Id** *(string) --* The identifier issued to this resource by an external identity provider. * **Description** *(string) --* A string containing a description of the specified group. * **IdentityStoreId** *(string) --* The globally unique identifier for the identity store. IdentityStore / Client / get_paginator get_paginator ************* IdentityStore.Client.get_paginator(operation_name) Create a paginator for an operation. Parameters: **operation_name** (*string*) -- The operation name. This is the same name as the method name on the client. For example, if the method name is "create_foo", and you'd normally invoke the operation as "client.create_foo(**kwargs)", if the "create_foo" operation can be paginated, you can use the call "client.get_paginator("create_foo")". Raises: **OperationNotPageableError** -- Raised if the operation is not pageable. You can use the "client.can_paginate" method to check if an operation is pageable. Return type: "botocore.paginate.Paginator" Returns: A paginator object. IdentityStore / Client / is_member_in_groups is_member_in_groups ******************* IdentityStore.Client.is_member_in_groups(**kwargs) Checks the user's membership in all requested groups and returns if the member exists in all queried groups. Note: If you have administrator access to a member account, you can use this API from the member account. Read about member accounts in the *Organizations User Guide*. See also: AWS API Documentation **Request Syntax** response = client.is_member_in_groups( IdentityStoreId='string', MemberId={ 'UserId': 'string' }, GroupIds=[ 'string', ] ) Parameters: * **IdentityStoreId** (*string*) -- **[REQUIRED]** The globally unique identifier for the identity store. * **MemberId** (*dict*) -- **[REQUIRED]** An object containing the identifier of a group member. Note: This is a Tagged Union structure. Only one of the following top level keys can be set: "UserId". * **UserId** *(string) --* An object containing the identifiers of resources that can be members. * **GroupIds** (*list*) -- **[REQUIRED]** A list of identifiers for groups in the identity store. * *(string) --* Return type: dict Returns: **Response Syntax** { 'Results': [ { 'GroupId': 'string', 'MemberId': { 'UserId': 'string' }, 'MembershipExists': True|False }, ] } **Response Structure** * *(dict) --* * **Results** *(list) --* A list containing the results of membership existence checks. * *(dict) --* Indicates whether a resource is a member of a group in the identity store. * **GroupId** *(string) --* The identifier for a group in the identity store. * **MemberId** *(dict) --* An object that contains the identifier of a group member. Setting the "UserID" field to the specific identifier for a user indicates that the user is a member of the group. Note: This is a Tagged Union structure. Only one of the following top level keys will be set: "UserId". If a client receives an unknown member it will set "SDK_UNKNOWN_MEMBER" as the top level key, which maps to the name or tag of the unknown member. The structure of "SDK_UNKNOWN_MEMBER" is as follows: 'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'} * **UserId** *(string) --* An object containing the identifiers of resources that can be members. * **MembershipExists** *(boolean) --* Indicates whether a membership relation exists or not. **Exceptions** * "IdentityStore.Client.exceptions.ResourceNotFoundException" * "IdentityStore.Client.exceptions.ThrottlingException" * "IdentityStore.Client.exceptions.AccessDeniedException" * "IdentityStore.Client.exceptions.InternalServerException" * "IdentityStore.Client.exceptions.ValidationException" IdentityStore / Client / can_paginate can_paginate ************ IdentityStore.Client.can_paginate(operation_name) Check if an operation can be paginated. Parameters: **operation_name** (*string*) -- The operation name. This is the same name as the method name on the client. For example, if the method name is "create_foo", and you'd normally invoke the operation as "client.create_foo(**kwargs)", if the "create_foo" operation can be paginated, you can use the call "client.get_paginator("create_foo")". Returns: "True" if the operation can be paginated, "False" otherwise. IdentityStore / Client / list_group_memberships list_group_memberships ********************** IdentityStore.Client.list_group_memberships(**kwargs) For the specified group in the specified identity store, returns the list of all "GroupMembership" objects and returns results in paginated form. Note: If you have administrator access to a member account, you can use this API from the member account. Read about member accounts in the *Organizations User Guide*. See also: AWS API Documentation **Request Syntax** response = client.list_group_memberships( IdentityStoreId='string', GroupId='string', MaxResults=123, NextToken='string' ) Parameters: * **IdentityStoreId** (*string*) -- **[REQUIRED]** The globally unique identifier for the identity store. * **GroupId** (*string*) -- **[REQUIRED]** The identifier for a group in the identity store. * **MaxResults** (*integer*) -- The maximum number of results to be returned per request. This parameter is used in all "List" requests to specify how many results to return in one page. * **NextToken** (*string*) -- The pagination token used for the "ListUsers", "ListGroups" and "ListGroupMemberships" API operations. This value is generated by the identity store service. It is returned in the API response if the total results are more than the size of one page. This token is also returned when it is used in the API request to search for the next page. Return type: dict Returns: **Response Syntax** { 'GroupMemberships': [ { 'IdentityStoreId': 'string', 'MembershipId': 'string', 'GroupId': 'string', 'MemberId': { 'UserId': 'string' } }, ], 'NextToken': 'string' } **Response Structure** * *(dict) --* * **GroupMemberships** *(list) --* A list of "GroupMembership" objects in the group. * *(dict) --* Contains the identifiers for a group, a group member, and a "GroupMembership" object in the identity store. * **IdentityStoreId** *(string) --* The globally unique identifier for the identity store. * **MembershipId** *(string) --* The identifier for a "GroupMembership" object in an identity store. * **GroupId** *(string) --* The identifier for a group in the identity store. * **MemberId** *(dict) --* An object that contains the identifier of a group member. Setting the "UserID" field to the specific identifier for a user indicates that the user is a member of the group. Note: This is a Tagged Union structure. Only one of the following top level keys will be set: "UserId". If a client receives an unknown member it will set "SDK_UNKNOWN_MEMBER" as the top level key, which maps to the name or tag of the unknown member. The structure of "SDK_UNKNOWN_MEMBER" is as follows: 'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'} * **UserId** *(string) --* An object containing the identifiers of resources that can be members. * **NextToken** *(string) --* The pagination token used for the "ListUsers", "ListGroups", and "ListGroupMemberships" API operations. This value is generated by the identity store service. It is returned in the API response if the total results are more than the size of one page. This token is also returned when it is used in the API request to search for the next page. **Exceptions** * "IdentityStore.Client.exceptions.ResourceNotFoundException" * "IdentityStore.Client.exceptions.ThrottlingException" * "IdentityStore.Client.exceptions.AccessDeniedException" * "IdentityStore.Client.exceptions.InternalServerException" * "IdentityStore.Client.exceptions.ValidationException" IdentityStore / Client / get_group_id get_group_id ************ IdentityStore.Client.get_group_id(**kwargs) Retrieves "GroupId" in an identity store. Note: If you have administrator access to a member account, you can use this API from the member account. Read about member accounts in the *Organizations User Guide*. See also: AWS API Documentation **Request Syntax** response = client.get_group_id( IdentityStoreId='string', AlternateIdentifier={ 'ExternalId': { 'Issuer': 'string', 'Id': 'string' }, 'UniqueAttribute': { 'AttributePath': 'string', 'AttributeValue': {...}|[...]|123|123.4|'string'|True|None } } ) Parameters: * **IdentityStoreId** (*string*) -- **[REQUIRED]** The globally unique identifier for the identity store. * **AlternateIdentifier** (*dict*) -- **[REQUIRED]** A unique identifier for a user or group that is not the primary identifier. This value can be an identifier from an external identity provider (IdP) that is associated with the user, the group, or a unique attribute. For the unique attribute, the only valid path is "displayName". Note: This is a Tagged Union structure. Only one of the following top level keys can be set: "ExternalId", "UniqueAttribute". * **ExternalId** *(dict) --* The identifier issued to this resource by an external identity provider. * **Issuer** *(string) --* **[REQUIRED]** The issuer for an external identifier. * **Id** *(string) --* **[REQUIRED]** The identifier issued to this resource by an external identity provider. * **UniqueAttribute** *(dict) --* An entity attribute that's unique to a specific entity. * **AttributePath** *(string) --* **[REQUIRED]** A string representation of the path to a given attribute or sub-attribute. Supports JMESPath. * **AttributeValue** (*document*) -- **[REQUIRED]** The value of the attribute. This is a "Document" type. This type is not supported by Java V1, Go V1, and older versions of the CLI. Return type: dict Returns: **Response Syntax** { 'GroupId': 'string', 'IdentityStoreId': 'string' } **Response Structure** * *(dict) --* * **GroupId** *(string) --* The identifier for a group in the identity store. * **IdentityStoreId** *(string) --* The globally unique identifier for the identity store. **Exceptions** * "IdentityStore.Client.exceptions.ResourceNotFoundException" * "IdentityStore.Client.exceptions.ThrottlingException" * "IdentityStore.Client.exceptions.AccessDeniedException" * "IdentityStore.Client.exceptions.InternalServerException" * "IdentityStore.Client.exceptions.ValidationException" IdentityStore / Client / update_user update_user *********** IdentityStore.Client.update_user(**kwargs) For the specified user in the specified identity store, updates the user metadata and attributes. See also: AWS API Documentation **Request Syntax** response = client.update_user( IdentityStoreId='string', UserId='string', Operations=[ { 'AttributePath': 'string', 'AttributeValue': {...}|[...]|123|123.4|'string'|True|None }, ] ) Parameters: * **IdentityStoreId** (*string*) -- **[REQUIRED]** The globally unique identifier for the identity store. * **UserId** (*string*) -- **[REQUIRED]** The identifier for a user in the identity store. * **Operations** (*list*) -- **[REQUIRED]** A list of "AttributeOperation" objects to apply to the requested user. These operations might add, replace, or remove an attribute. * *(dict) --* An operation that applies to the requested group. This operation might add, replace, or remove an attribute. * **AttributePath** *(string) --* **[REQUIRED]** A string representation of the path to a given attribute or sub-attribute. Supports JMESPath. * **AttributeValue** (*document*) -- The value of the attribute. This is a "Document" type. This type is not supported by Java V1, Go V1, and older versions of the CLI. Return type: dict Returns: **Response Syntax** {} **Response Structure** * *(dict) --* **Exceptions** * "IdentityStore.Client.exceptions.ResourceNotFoundException" * "IdentityStore.Client.exceptions.ThrottlingException" * "IdentityStore.Client.exceptions.AccessDeniedException" * "IdentityStore.Client.exceptions.ConflictException" * "IdentityStore.Client.exceptions.InternalServerException" * "IdentityStore.Client.exceptions.ValidationException" * "IdentityStore.Client.exceptions.ServiceQuotaExceededException" IdentityStore / Client / delete_group delete_group ************ IdentityStore.Client.delete_group(**kwargs) Delete a group within an identity store given "GroupId". See also: AWS API Documentation **Request Syntax** response = client.delete_group( IdentityStoreId='string', GroupId='string' ) Parameters: * **IdentityStoreId** (*string*) -- **[REQUIRED]** The globally unique identifier for the identity store. * **GroupId** (*string*) -- **[REQUIRED]** The identifier for a group in the identity store. Return type: dict Returns: **Response Syntax** {} **Response Structure** * *(dict) --* **Exceptions** * "IdentityStore.Client.exceptions.ResourceNotFoundException" * "IdentityStore.Client.exceptions.ThrottlingException" * "IdentityStore.Client.exceptions.AccessDeniedException" * "IdentityStore.Client.exceptions.ConflictException" * "IdentityStore.Client.exceptions.InternalServerException" * "IdentityStore.Client.exceptions.ValidationException" IdentityStore / Client / create_user create_user *********** IdentityStore.Client.create_user(**kwargs) Creates a user within the specified identity store. See also: AWS API Documentation **Request Syntax** response = client.create_user( IdentityStoreId='string', UserName='string', Name={ 'Formatted': 'string', 'FamilyName': 'string', 'GivenName': 'string', 'MiddleName': 'string', 'HonorificPrefix': 'string', 'HonorificSuffix': 'string' }, DisplayName='string', NickName='string', ProfileUrl='string', Emails=[ { 'Value': 'string', 'Type': 'string', 'Primary': True|False }, ], Addresses=[ { 'StreetAddress': 'string', 'Locality': 'string', 'Region': 'string', 'PostalCode': 'string', 'Country': 'string', 'Formatted': 'string', 'Type': 'string', 'Primary': True|False }, ], PhoneNumbers=[ { 'Value': 'string', 'Type': 'string', 'Primary': True|False }, ], UserType='string', Title='string', PreferredLanguage='string', Locale='string', Timezone='string' ) Parameters: * **IdentityStoreId** (*string*) -- **[REQUIRED]** The globally unique identifier for the identity store. * **UserName** (*string*) -- A unique string used to identify the user. The length limit is 128 characters. This value can consist of letters, accented characters, symbols, numbers, and punctuation. This value is specified at the time the user is created and stored as an attribute of the user object in the identity store. "Administrator" and "AWSAdministrators" are reserved names and can't be used for users or groups. * **Name** (*dict*) -- An object containing the name of the user. * **Formatted** *(string) --* A string containing a formatted version of the name for display. * **FamilyName** *(string) --* The family name of the user. * **GivenName** *(string) --* The given name of the user. * **MiddleName** *(string) --* The middle name of the user. * **HonorificPrefix** *(string) --* The honorific prefix of the user. For example, "Dr." * **HonorificSuffix** *(string) --* The honorific suffix of the user. For example, "M.D." * **DisplayName** (*string*) -- A string containing the name of the user. This value is typically formatted for display when the user is referenced. For example, "John Doe." * **NickName** (*string*) -- A string containing an alternate name for the user. * **ProfileUrl** (*string*) -- A string containing a URL that might be associated with the user. * **Emails** (*list*) -- A list of "Email" objects containing email addresses associated with the user. * *(dict) --* The email address associated with the user. * **Value** *(string) --* A string containing an email address. For example, "johndoe@amazon.com." * **Type** *(string) --* A string representing the type of address. For example, "Work." * **Primary** *(boolean) --* A Boolean value representing whether this is the primary email address for the associated resource. * **Addresses** (*list*) -- A list of "Address" objects containing addresses associated with the user. * *(dict) --* The address associated with the specified user. * **StreetAddress** *(string) --* The street of the address. * **Locality** *(string) --* A string of the address locality. * **Region** *(string) --* The region of the address. * **PostalCode** *(string) --* The postal code of the address. * **Country** *(string) --* The country of the address. * **Formatted** *(string) --* A string containing a formatted version of the address for display. * **Type** *(string) --* A string representing the type of address. For example, "Home." * **Primary** *(boolean) --* A Boolean value representing whether this is the primary address for the associated resource. * **PhoneNumbers** (*list*) -- A list of "PhoneNumber" objects containing phone numbers associated with the user. * *(dict) --* The phone number associated with the user. * **Value** *(string) --* A string containing a phone number. For example, "8675309" or "+1 (800) 123-4567". * **Type** *(string) --* A string representing the type of a phone number. For example, "Mobile." * **Primary** *(boolean) --* A Boolean value representing whether this is the primary phone number for the associated resource. * **UserType** (*string*) -- A string indicating the type of user. Possible values are left unspecified. The value can vary based on your specific use case. * **Title** (*string*) -- A string containing the title of the user. Possible values are left unspecified. The value can vary based on your specific use case. * **PreferredLanguage** (*string*) -- A string containing the preferred language of the user. For example, "American English" or "en-us." * **Locale** (*string*) -- A string containing the geographical region or location of the user. * **Timezone** (*string*) -- A string containing the time zone of the user. Return type: dict Returns: **Response Syntax** { 'UserId': 'string', 'IdentityStoreId': 'string' } **Response Structure** * *(dict) --* * **UserId** *(string) --* The identifier of the newly created user in the identity store. * **IdentityStoreId** *(string) --* The globally unique identifier for the identity store. **Exceptions** * "IdentityStore.Client.exceptions.ResourceNotFoundException" * "IdentityStore.Client.exceptions.ThrottlingException" * "IdentityStore.Client.exceptions.AccessDeniedException" * "IdentityStore.Client.exceptions.ConflictException" * "IdentityStore.Client.exceptions.InternalServerException" * "IdentityStore.Client.exceptions.ValidationException" * "IdentityStore.Client.exceptions.ServiceQuotaExceededException" IdentityStore / Client / get_group_membership_id get_group_membership_id *********************** IdentityStore.Client.get_group_membership_id(**kwargs) Retrieves the "MembershipId" in an identity store. Note: If you have administrator access to a member account, you can use this API from the member account. Read about member accounts in the *Organizations User Guide*. See also: AWS API Documentation **Request Syntax** response = client.get_group_membership_id( IdentityStoreId='string', GroupId='string', MemberId={ 'UserId': 'string' } ) Parameters: * **IdentityStoreId** (*string*) -- **[REQUIRED]** The globally unique identifier for the identity store. * **GroupId** (*string*) -- **[REQUIRED]** The identifier for a group in the identity store. * **MemberId** (*dict*) -- **[REQUIRED]** An object that contains the identifier of a group member. Setting the "UserID" field to the specific identifier for a user indicates that the user is a member of the group. Note: This is a Tagged Union structure. Only one of the following top level keys can be set: "UserId". * **UserId** *(string) --* An object containing the identifiers of resources that can be members. Return type: dict Returns: **Response Syntax** { 'MembershipId': 'string', 'IdentityStoreId': 'string' } **Response Structure** * *(dict) --* * **MembershipId** *(string) --* The identifier for a "GroupMembership" in an identity store. * **IdentityStoreId** *(string) --* The globally unique identifier for the identity store. **Exceptions** * "IdentityStore.Client.exceptions.ResourceNotFoundException" * "IdentityStore.Client.exceptions.ThrottlingException" * "IdentityStore.Client.exceptions.AccessDeniedException" * "IdentityStore.Client.exceptions.InternalServerException" * "IdentityStore.Client.exceptions.ValidationException" IdentityStore / Client / describe_group describe_group ************** IdentityStore.Client.describe_group(**kwargs) Retrieves the group metadata and attributes from "GroupId" in an identity store. Note: If you have administrator access to a member account, you can use this API from the member account. Read about member accounts in the *Organizations User Guide*. See also: AWS API Documentation **Request Syntax** response = client.describe_group( IdentityStoreId='string', GroupId='string' ) Parameters: * **IdentityStoreId** (*string*) -- **[REQUIRED]** The globally unique identifier for the identity store, such as "d-1234567890". In this example, "d-" is a fixed prefix, and "1234567890" is a randomly generated string that contains numbers and lower case letters. This value is generated at the time that a new identity store is created. * **GroupId** (*string*) -- **[REQUIRED]** The identifier for a group in the identity store. Return type: dict Returns: **Response Syntax** { 'GroupId': 'string', 'DisplayName': 'string', 'ExternalIds': [ { 'Issuer': 'string', 'Id': 'string' }, ], 'Description': 'string', 'IdentityStoreId': 'string' } **Response Structure** * *(dict) --* * **GroupId** *(string) --* The identifier for a group in the identity store. * **DisplayName** *(string) --* The group’s display name value. The length limit is 1,024 characters. This value can consist of letters, accented characters, symbols, numbers, punctuation, tab, new line, carriage return, space, and nonbreaking space in this attribute. This value is specified at the time that the group is created and stored as an attribute of the group object in the identity store. * **ExternalIds** *(list) --* A list of "ExternalId" objects that contains the identifiers issued to this resource by an external identity provider. * *(dict) --* The identifier issued to this resource by an external identity provider. * **Issuer** *(string) --* The issuer for an external identifier. * **Id** *(string) --* The identifier issued to this resource by an external identity provider. * **Description** *(string) --* A string containing a description of the group. * **IdentityStoreId** *(string) --* The globally unique identifier for the identity store. **Exceptions** * "IdentityStore.Client.exceptions.ResourceNotFoundException" * "IdentityStore.Client.exceptions.ThrottlingException" * "IdentityStore.Client.exceptions.AccessDeniedException" * "IdentityStore.Client.exceptions.InternalServerException" * "IdentityStore.Client.exceptions.ValidationException" IdentityStore / Client / get_waiter get_waiter ********** IdentityStore.Client.get_waiter(waiter_name) Returns an object that can wait for some condition. Parameters: **waiter_name** (*str*) -- The name of the waiter to get. See the waiters section of the service docs for a list of available waiters. Returns: The specified waiter object. Return type: "botocore.waiter.Waiter" IdentityStore / Client / list_users list_users ********** IdentityStore.Client.list_users(**kwargs) Lists all users in the identity store. Returns a paginated list of complete "User" objects. Filtering for a "User" by the "UserName" attribute is deprecated. Instead, use the "GetUserId" API action. Note: If you have administrator access to a member account, you can use this API from the member account. Read about member accounts in the *Organizations User Guide*. See also: AWS API Documentation **Request Syntax** response = client.list_users( IdentityStoreId='string', MaxResults=123, NextToken='string', Filters=[ { 'AttributePath': 'string', 'AttributeValue': 'string' }, ] ) Parameters: * **IdentityStoreId** (*string*) -- **[REQUIRED]** The globally unique identifier for the identity store, such as "d-1234567890". In this example, "d-" is a fixed prefix, and "1234567890" is a randomly generated string that contains numbers and lower case letters. This value is generated at the time that a new identity store is created. * **MaxResults** (*integer*) -- The maximum number of results to be returned per request. This parameter is used in the "ListUsers" and "ListGroups" requests to specify how many results to return in one page. The length limit is 50 characters. * **NextToken** (*string*) -- The pagination token used for the "ListUsers" and "ListGroups" API operations. This value is generated by the identity store service. It is returned in the API response if the total results are more than the size of one page. This token is also returned when it is used in the API request to search for the next page. * **Filters** (*list*) -- A list of "Filter" objects, which is used in the "ListUsers" and "ListGroups" requests. * *(dict) --* A query filter used by "ListUsers" and "ListGroups". This filter object provides the attribute name and attribute value to search users or groups. * **AttributePath** *(string) --* **[REQUIRED]** The attribute path that is used to specify which attribute name to search. Length limit is 255 characters. For example, "UserName" is a valid attribute path for the "ListUsers" API, and "DisplayName" is a valid attribute path for the "ListGroups" API. * **AttributeValue** *(string) --* **[REQUIRED]** Represents the data for an attribute. Each attribute value is described as a name-value pair. Return type: dict Returns: **Response Syntax** { 'Users': [ { 'UserName': 'string', 'UserId': 'string', 'ExternalIds': [ { 'Issuer': 'string', 'Id': 'string' }, ], 'Name': { 'Formatted': 'string', 'FamilyName': 'string', 'GivenName': 'string', 'MiddleName': 'string', 'HonorificPrefix': 'string', 'HonorificSuffix': 'string' }, 'DisplayName': 'string', 'NickName': 'string', 'ProfileUrl': 'string', 'Emails': [ { 'Value': 'string', 'Type': 'string', 'Primary': True|False }, ], 'Addresses': [ { 'StreetAddress': 'string', 'Locality': 'string', 'Region': 'string', 'PostalCode': 'string', 'Country': 'string', 'Formatted': 'string', 'Type': 'string', 'Primary': True|False }, ], 'PhoneNumbers': [ { 'Value': 'string', 'Type': 'string', 'Primary': True|False }, ], 'UserType': 'string', 'Title': 'string', 'PreferredLanguage': 'string', 'Locale': 'string', 'Timezone': 'string', 'IdentityStoreId': 'string' }, ], 'NextToken': 'string' } **Response Structure** * *(dict) --* * **Users** *(list) --* A list of "User" objects in the identity store. * *(dict) --* A user object that contains the metadata and attributes for a specified user. * **UserName** *(string) --* A unique string used to identify the user. The length limit is 128 characters. This value can consist of letters, accented characters, symbols, numbers, and punctuation. This value is specified at the time the user is created and stored as an attribute of the user object in the identity store. * **UserId** *(string) --* The identifier for a user in the identity store. * **ExternalIds** *(list) --* A list of "ExternalId" objects that contains the identifiers issued to this resource by an external identity provider. * *(dict) --* The identifier issued to this resource by an external identity provider. * **Issuer** *(string) --* The issuer for an external identifier. * **Id** *(string) --* The identifier issued to this resource by an external identity provider. * **Name** *(dict) --* An object containing the name of the user. * **Formatted** *(string) --* A string containing a formatted version of the name for display. * **FamilyName** *(string) --* The family name of the user. * **GivenName** *(string) --* The given name of the user. * **MiddleName** *(string) --* The middle name of the user. * **HonorificPrefix** *(string) --* The honorific prefix of the user. For example, "Dr." * **HonorificSuffix** *(string) --* The honorific suffix of the user. For example, "M.D." * **DisplayName** *(string) --* A string containing the name of the user that is formatted for display when the user is referenced. For example, "John Doe." * **NickName** *(string) --* A string containing an alternate name for the user. * **ProfileUrl** *(string) --* A string containing a URL that might be associated with the user. * **Emails** *(list) --* A list of "Email" objects containing email addresses associated with the user. * *(dict) --* The email address associated with the user. * **Value** *(string) --* A string containing an email address. For example, "johndoe@amazon.com." * **Type** *(string) --* A string representing the type of address. For example, "Work." * **Primary** *(boolean) --* A Boolean value representing whether this is the primary email address for the associated resource. * **Addresses** *(list) --* A list of "Address" objects containing addresses associated with the user. * *(dict) --* The address associated with the specified user. * **StreetAddress** *(string) --* The street of the address. * **Locality** *(string) --* A string of the address locality. * **Region** *(string) --* The region of the address. * **PostalCode** *(string) --* The postal code of the address. * **Country** *(string) --* The country of the address. * **Formatted** *(string) --* A string containing a formatted version of the address for display. * **Type** *(string) --* A string representing the type of address. For example, "Home." * **Primary** *(boolean) --* A Boolean value representing whether this is the primary address for the associated resource. * **PhoneNumbers** *(list) --* A list of "PhoneNumber" objects containing phone numbers associated with the user. * *(dict) --* The phone number associated with the user. * **Value** *(string) --* A string containing a phone number. For example, "8675309" or "+1 (800) 123-4567". * **Type** *(string) --* A string representing the type of a phone number. For example, "Mobile." * **Primary** *(boolean) --* A Boolean value representing whether this is the primary phone number for the associated resource. * **UserType** *(string) --* A string indicating the type of user. Possible values are left unspecified. The value can vary based on your specific use case. * **Title** *(string) --* A string containing the title of the user. Possible values are left unspecified. The value can vary based on your specific use case. * **PreferredLanguage** *(string) --* A string containing the preferred language of the user. For example, "American English" or "en-us." * **Locale** *(string) --* A string containing the geographical region or location of the user. * **Timezone** *(string) --* A string containing the time zone of the user. * **IdentityStoreId** *(string) --* The globally unique identifier for the identity store. * **NextToken** *(string) --* The pagination token used for the "ListUsers" and "ListGroups" API operations. This value is generated by the identity store service. It is returned in the API response if the total results are more than the size of one page. This token is also returned when it is used in the API request to search for the next page. **Exceptions** * "IdentityStore.Client.exceptions.ResourceNotFoundException" * "IdentityStore.Client.exceptions.ThrottlingException" * "IdentityStore.Client.exceptions.AccessDeniedException" * "IdentityStore.Client.exceptions.InternalServerException" * "IdentityStore.Client.exceptions.ValidationException" IdentityStore / Client / delete_user delete_user *********** IdentityStore.Client.delete_user(**kwargs) Deletes a user within an identity store given "UserId". See also: AWS API Documentation **Request Syntax** response = client.delete_user( IdentityStoreId='string', UserId='string' ) Parameters: * **IdentityStoreId** (*string*) -- **[REQUIRED]** The globally unique identifier for the identity store. * **UserId** (*string*) -- **[REQUIRED]** The identifier for a user in the identity store. Return type: dict Returns: **Response Syntax** {} **Response Structure** * *(dict) --* **Exceptions** * "IdentityStore.Client.exceptions.ResourceNotFoundException" * "IdentityStore.Client.exceptions.ThrottlingException" * "IdentityStore.Client.exceptions.AccessDeniedException" * "IdentityStore.Client.exceptions.ConflictException" * "IdentityStore.Client.exceptions.InternalServerException" * "IdentityStore.Client.exceptions.ValidationException" IdentityStore / Client / create_group_membership create_group_membership *********************** IdentityStore.Client.create_group_membership(**kwargs) Creates a relationship between a member and a group. The following identifiers must be specified: "GroupId", "IdentityStoreId", and "MemberId". See also: AWS API Documentation **Request Syntax** response = client.create_group_membership( IdentityStoreId='string', GroupId='string', MemberId={ 'UserId': 'string' } ) Parameters: * **IdentityStoreId** (*string*) -- **[REQUIRED]** The globally unique identifier for the identity store. * **GroupId** (*string*) -- **[REQUIRED]** The identifier for a group in the identity store. * **MemberId** (*dict*) -- **[REQUIRED]** An object that contains the identifier of a group member. Setting the "UserID" field to the specific identifier for a user indicates that the user is a member of the group. Note: This is a Tagged Union structure. Only one of the following top level keys can be set: "UserId". * **UserId** *(string) --* An object containing the identifiers of resources that can be members. Return type: dict Returns: **Response Syntax** { 'MembershipId': 'string', 'IdentityStoreId': 'string' } **Response Structure** * *(dict) --* * **MembershipId** *(string) --* The identifier for a newly created "GroupMembership" in an identity store. * **IdentityStoreId** *(string) --* The globally unique identifier for the identity store. **Exceptions** * "IdentityStore.Client.exceptions.ResourceNotFoundException" * "IdentityStore.Client.exceptions.ThrottlingException" * "IdentityStore.Client.exceptions.AccessDeniedException" * "IdentityStore.Client.exceptions.ConflictException" * "IdentityStore.Client.exceptions.InternalServerException" * "IdentityStore.Client.exceptions.ValidationException" * "IdentityStore.Client.exceptions.ServiceQuotaExceededException" IdentityStore / Client / list_group_memberships_for_member list_group_memberships_for_member ********************************* IdentityStore.Client.list_group_memberships_for_member(**kwargs) For the specified member in the specified identity store, returns the list of all "GroupMembership" objects and returns results in paginated form. Note: If you have administrator access to a member account, you can use this API from the member account. Read about member accounts in the *Organizations User Guide*. See also: AWS API Documentation **Request Syntax** response = client.list_group_memberships_for_member( IdentityStoreId='string', MemberId={ 'UserId': 'string' }, MaxResults=123, NextToken='string' ) Parameters: * **IdentityStoreId** (*string*) -- **[REQUIRED]** The globally unique identifier for the identity store. * **MemberId** (*dict*) -- **[REQUIRED]** An object that contains the identifier of a group member. Setting the "UserID" field to the specific identifier for a user indicates that the user is a member of the group. Note: This is a Tagged Union structure. Only one of the following top level keys can be set: "UserId". * **UserId** *(string) --* An object containing the identifiers of resources that can be members. * **MaxResults** (*integer*) -- The maximum number of results to be returned per request. This parameter is used in the "ListUsers" and "ListGroups" requests to specify how many results to return in one page. The length limit is 50 characters. * **NextToken** (*string*) -- The pagination token used for the "ListUsers", "ListGroups", and "ListGroupMemberships" API operations. This value is generated by the identity store service. It is returned in the API response if the total results are more than the size of one page. This token is also returned when it is used in the API request to search for the next page. Return type: dict Returns: **Response Syntax** { 'GroupMemberships': [ { 'IdentityStoreId': 'string', 'MembershipId': 'string', 'GroupId': 'string', 'MemberId': { 'UserId': 'string' } }, ], 'NextToken': 'string' } **Response Structure** * *(dict) --* * **GroupMemberships** *(list) --* A list of "GroupMembership" objects in the group for a specified member. * *(dict) --* Contains the identifiers for a group, a group member, and a "GroupMembership" object in the identity store. * **IdentityStoreId** *(string) --* The globally unique identifier for the identity store. * **MembershipId** *(string) --* The identifier for a "GroupMembership" object in an identity store. * **GroupId** *(string) --* The identifier for a group in the identity store. * **MemberId** *(dict) --* An object that contains the identifier of a group member. Setting the "UserID" field to the specific identifier for a user indicates that the user is a member of the group. Note: This is a Tagged Union structure. Only one of the following top level keys will be set: "UserId". If a client receives an unknown member it will set "SDK_UNKNOWN_MEMBER" as the top level key, which maps to the name or tag of the unknown member. The structure of "SDK_UNKNOWN_MEMBER" is as follows: 'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'} * **UserId** *(string) --* An object containing the identifiers of resources that can be members. * **NextToken** *(string) --* The pagination token used for the "ListUsers", "ListGroups", and "ListGroupMemberships" API operations. This value is generated by the identity store service. It is returned in the API response if the total results are more than the size of one page. This token is also returned when it is used in the API request to search for the next page. **Exceptions** * "IdentityStore.Client.exceptions.ResourceNotFoundException" * "IdentityStore.Client.exceptions.ThrottlingException" * "IdentityStore.Client.exceptions.AccessDeniedException" * "IdentityStore.Client.exceptions.InternalServerException" * "IdentityStore.Client.exceptions.ValidationException" IdentityStore / Client / describe_user describe_user ************* IdentityStore.Client.describe_user(**kwargs) Retrieves the user metadata and attributes from the "UserId" in an identity store. Note: If you have administrator access to a member account, you can use this API from the member account. Read about member accounts in the *Organizations User Guide*. See also: AWS API Documentation **Request Syntax** response = client.describe_user( IdentityStoreId='string', UserId='string' ) Parameters: * **IdentityStoreId** (*string*) -- **[REQUIRED]** The globally unique identifier for the identity store, such as "d-1234567890". In this example, "d-" is a fixed prefix, and "1234567890" is a randomly generated string that contains numbers and lower case letters. This value is generated at the time that a new identity store is created. * **UserId** (*string*) -- **[REQUIRED]** The identifier for a user in the identity store. Return type: dict Returns: **Response Syntax** { 'UserName': 'string', 'UserId': 'string', 'ExternalIds': [ { 'Issuer': 'string', 'Id': 'string' }, ], 'Name': { 'Formatted': 'string', 'FamilyName': 'string', 'GivenName': 'string', 'MiddleName': 'string', 'HonorificPrefix': 'string', 'HonorificSuffix': 'string' }, 'DisplayName': 'string', 'NickName': 'string', 'ProfileUrl': 'string', 'Emails': [ { 'Value': 'string', 'Type': 'string', 'Primary': True|False }, ], 'Addresses': [ { 'StreetAddress': 'string', 'Locality': 'string', 'Region': 'string', 'PostalCode': 'string', 'Country': 'string', 'Formatted': 'string', 'Type': 'string', 'Primary': True|False }, ], 'PhoneNumbers': [ { 'Value': 'string', 'Type': 'string', 'Primary': True|False }, ], 'UserType': 'string', 'Title': 'string', 'PreferredLanguage': 'string', 'Locale': 'string', 'Timezone': 'string', 'IdentityStoreId': 'string' } **Response Structure** * *(dict) --* * **UserName** *(string) --* A unique string used to identify the user. The length limit is 128 characters. This value can consist of letters, accented characters, symbols, numbers, and punctuation. This value is specified at the time the user is created and stored as an attribute of the user object in the identity store. * **UserId** *(string) --* The identifier for a user in the identity store. * **ExternalIds** *(list) --* A list of "ExternalId" objects that contains the identifiers issued to this resource by an external identity provider. * *(dict) --* The identifier issued to this resource by an external identity provider. * **Issuer** *(string) --* The issuer for an external identifier. * **Id** *(string) --* The identifier issued to this resource by an external identity provider. * **Name** *(dict) --* The name of the user. * **Formatted** *(string) --* A string containing a formatted version of the name for display. * **FamilyName** *(string) --* The family name of the user. * **GivenName** *(string) --* The given name of the user. * **MiddleName** *(string) --* The middle name of the user. * **HonorificPrefix** *(string) --* The honorific prefix of the user. For example, "Dr." * **HonorificSuffix** *(string) --* The honorific suffix of the user. For example, "M.D." * **DisplayName** *(string) --* The display name of the user. * **NickName** *(string) --* An alternative descriptive name for the user. * **ProfileUrl** *(string) --* A URL link for the user's profile. * **Emails** *(list) --* The email address of the user. * *(dict) --* The email address associated with the user. * **Value** *(string) --* A string containing an email address. For example, "johndoe@amazon.com." * **Type** *(string) --* A string representing the type of address. For example, "Work." * **Primary** *(boolean) --* A Boolean value representing whether this is the primary email address for the associated resource. * **Addresses** *(list) --* The physical address of the user. * *(dict) --* The address associated with the specified user. * **StreetAddress** *(string) --* The street of the address. * **Locality** *(string) --* A string of the address locality. * **Region** *(string) --* The region of the address. * **PostalCode** *(string) --* The postal code of the address. * **Country** *(string) --* The country of the address. * **Formatted** *(string) --* A string containing a formatted version of the address for display. * **Type** *(string) --* A string representing the type of address. For example, "Home." * **Primary** *(boolean) --* A Boolean value representing whether this is the primary address for the associated resource. * **PhoneNumbers** *(list) --* A list of "PhoneNumber" objects associated with a user. * *(dict) --* The phone number associated with the user. * **Value** *(string) --* A string containing a phone number. For example, "8675309" or "+1 (800) 123-4567". * **Type** *(string) --* A string representing the type of a phone number. For example, "Mobile." * **Primary** *(boolean) --* A Boolean value representing whether this is the primary phone number for the associated resource. * **UserType** *(string) --* A string indicating the type of user. * **Title** *(string) --* A string containing the title of the user. * **PreferredLanguage** *(string) --* The preferred language of the user. * **Locale** *(string) --* A string containing the geographical region or location of the user. * **Timezone** *(string) --* The time zone for a user. * **IdentityStoreId** *(string) --* The globally unique identifier for the identity store. **Exceptions** * "IdentityStore.Client.exceptions.ResourceNotFoundException" * "IdentityStore.Client.exceptions.ThrottlingException" * "IdentityStore.Client.exceptions.AccessDeniedException" * "IdentityStore.Client.exceptions.InternalServerException" * "IdentityStore.Client.exceptions.ValidationException" IdentityStore / Client / create_group create_group ************ IdentityStore.Client.create_group(**kwargs) Creates a group within the specified identity store. See also: AWS API Documentation **Request Syntax** response = client.create_group( IdentityStoreId='string', DisplayName='string', Description='string' ) Parameters: * **IdentityStoreId** (*string*) -- **[REQUIRED]** The globally unique identifier for the identity store. * **DisplayName** (*string*) -- A string containing the name of the group. This value is commonly displayed when the group is referenced. "Administrator" and "AWSAdministrators" are reserved names and can't be used for users or groups. * **Description** (*string*) -- A string containing the description of the group. Return type: dict Returns: **Response Syntax** { 'GroupId': 'string', 'IdentityStoreId': 'string' } **Response Structure** * *(dict) --* * **GroupId** *(string) --* The identifier of the newly created group in the identity store. * **IdentityStoreId** *(string) --* The globally unique identifier for the identity store. **Exceptions** * "IdentityStore.Client.exceptions.ResourceNotFoundException" * "IdentityStore.Client.exceptions.ThrottlingException" * "IdentityStore.Client.exceptions.AccessDeniedException" * "IdentityStore.Client.exceptions.ConflictException" * "IdentityStore.Client.exceptions.InternalServerException" * "IdentityStore.Client.exceptions.ValidationException" * "IdentityStore.Client.exceptions.ServiceQuotaExceededException" IdentityStore / Client / close close ***** IdentityStore.Client.close() Closes underlying endpoint connections. IdentityStore / Client / list_groups list_groups *********** IdentityStore.Client.list_groups(**kwargs) Lists all groups in the identity store. Returns a paginated list of complete "Group" objects. Filtering for a "Group" by the "DisplayName" attribute is deprecated. Instead, use the "GetGroupId" API action. Note: If you have administrator access to a member account, you can use this API from the member account. Read about member accounts in the *Organizations User Guide*. See also: AWS API Documentation **Request Syntax** response = client.list_groups( IdentityStoreId='string', MaxResults=123, NextToken='string', Filters=[ { 'AttributePath': 'string', 'AttributeValue': 'string' }, ] ) Parameters: * **IdentityStoreId** (*string*) -- **[REQUIRED]** The globally unique identifier for the identity store, such as "d-1234567890". In this example, "d-" is a fixed prefix, and "1234567890" is a randomly generated string that contains numbers and lower case letters. This value is generated at the time that a new identity store is created. * **MaxResults** (*integer*) -- The maximum number of results to be returned per request. This parameter is used in the "ListUsers" and "ListGroups" requests to specify how many results to return in one page. The length limit is 50 characters. * **NextToken** (*string*) -- The pagination token used for the "ListUsers" and "ListGroups" API operations. This value is generated by the identity store service. It is returned in the API response if the total results are more than the size of one page. This token is also returned when it is used in the API request to search for the next page. * **Filters** (*list*) -- A list of "Filter" objects, which is used in the "ListUsers" and "ListGroups" requests. * *(dict) --* A query filter used by "ListUsers" and "ListGroups". This filter object provides the attribute name and attribute value to search users or groups. * **AttributePath** *(string) --* **[REQUIRED]** The attribute path that is used to specify which attribute name to search. Length limit is 255 characters. For example, "UserName" is a valid attribute path for the "ListUsers" API, and "DisplayName" is a valid attribute path for the "ListGroups" API. * **AttributeValue** *(string) --* **[REQUIRED]** Represents the data for an attribute. Each attribute value is described as a name-value pair. Return type: dict Returns: **Response Syntax** { 'Groups': [ { 'GroupId': 'string', 'DisplayName': 'string', 'ExternalIds': [ { 'Issuer': 'string', 'Id': 'string' }, ], 'Description': 'string', 'IdentityStoreId': 'string' }, ], 'NextToken': 'string' } **Response Structure** * *(dict) --* * **Groups** *(list) --* A list of "Group" objects in the identity store. * *(dict) --* A group object that contains the metadata and attributes for a specified group. * **GroupId** *(string) --* The identifier for a group in the identity store. * **DisplayName** *(string) --* The display name value for the group. The length limit is 1,024 characters. This value can consist of letters, accented characters, symbols, numbers, punctuation, tab, new line, carriage return, space, and nonbreaking space in this attribute. This value is specified at the time the group is created and stored as an attribute of the group object in the identity store. * **ExternalIds** *(list) --* A list of "ExternalId" objects that contains the identifiers issued to this resource by an external identity provider. * *(dict) --* The identifier issued to this resource by an external identity provider. * **Issuer** *(string) --* The issuer for an external identifier. * **Id** *(string) --* The identifier issued to this resource by an external identity provider. * **Description** *(string) --* A string containing a description of the specified group. * **IdentityStoreId** *(string) --* The globally unique identifier for the identity store. * **NextToken** *(string) --* The pagination token used for the "ListUsers" and "ListGroups" API operations. This value is generated by the identity store service. It is returned in the API response if the total results are more than the size of one page. This token is also returned when it1 is used in the API request to search for the next page. **Exceptions** * "IdentityStore.Client.exceptions.ResourceNotFoundException" * "IdentityStore.Client.exceptions.ThrottlingException" * "IdentityStore.Client.exceptions.AccessDeniedException" * "IdentityStore.Client.exceptions.InternalServerException" * "IdentityStore.Client.exceptions.ValidationException" IdentityStore / Client / describe_group_membership describe_group_membership ************************* IdentityStore.Client.describe_group_membership(**kwargs) Retrieves membership metadata and attributes from "MembershipId" in an identity store. Note: If you have administrator access to a member account, you can use this API from the member account. Read about member accounts in the *Organizations User Guide*. See also: AWS API Documentation **Request Syntax** response = client.describe_group_membership( IdentityStoreId='string', MembershipId='string' ) Parameters: * **IdentityStoreId** (*string*) -- **[REQUIRED]** The globally unique identifier for the identity store. * **MembershipId** (*string*) -- **[REQUIRED]** The identifier for a "GroupMembership" in an identity store. Return type: dict Returns: **Response Syntax** { 'IdentityStoreId': 'string', 'MembershipId': 'string', 'GroupId': 'string', 'MemberId': { 'UserId': 'string' } } **Response Structure** * *(dict) --* * **IdentityStoreId** *(string) --* The globally unique identifier for the identity store. * **MembershipId** *(string) --* The identifier for a "GroupMembership" in an identity store. * **GroupId** *(string) --* The identifier for a group in the identity store. * **MemberId** *(dict) --* An object containing the identifier of a group member. Note: This is a Tagged Union structure. Only one of the following top level keys will be set: "UserId". If a client receives an unknown member it will set "SDK_UNKNOWN_MEMBER" as the top level key, which maps to the name or tag of the unknown member. The structure of "SDK_UNKNOWN_MEMBER" is as follows: 'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'} * **UserId** *(string) --* An object containing the identifiers of resources that can be members. **Exceptions** * "IdentityStore.Client.exceptions.ResourceNotFoundException" * "IdentityStore.Client.exceptions.ThrottlingException" * "IdentityStore.Client.exceptions.AccessDeniedException" * "IdentityStore.Client.exceptions.InternalServerException" * "IdentityStore.Client.exceptions.ValidationException" IdentityStore / Client / update_group update_group ************ IdentityStore.Client.update_group(**kwargs) For the specified group in the specified identity store, updates the group metadata and attributes. See also: AWS API Documentation **Request Syntax** response = client.update_group( IdentityStoreId='string', GroupId='string', Operations=[ { 'AttributePath': 'string', 'AttributeValue': {...}|[...]|123|123.4|'string'|True|None }, ] ) Parameters: * **IdentityStoreId** (*string*) -- **[REQUIRED]** The globally unique identifier for the identity store. * **GroupId** (*string*) -- **[REQUIRED]** The identifier for a group in the identity store. * **Operations** (*list*) -- **[REQUIRED]** A list of "AttributeOperation" objects to apply to the requested group. These operations might add, replace, or remove an attribute. * *(dict) --* An operation that applies to the requested group. This operation might add, replace, or remove an attribute. * **AttributePath** *(string) --* **[REQUIRED]** A string representation of the path to a given attribute or sub-attribute. Supports JMESPath. * **AttributeValue** (*document*) -- The value of the attribute. This is a "Document" type. This type is not supported by Java V1, Go V1, and older versions of the CLI. Return type: dict Returns: **Response Syntax** {} **Response Structure** * *(dict) --* **Exceptions** * "IdentityStore.Client.exceptions.ResourceNotFoundException" * "IdentityStore.Client.exceptions.ThrottlingException" * "IdentityStore.Client.exceptions.AccessDeniedException" * "IdentityStore.Client.exceptions.ConflictException" * "IdentityStore.Client.exceptions.InternalServerException" * "IdentityStore.Client.exceptions.ValidationException" * "IdentityStore.Client.exceptions.ServiceQuotaExceededException" IdentityStore / Client / get_user_id get_user_id *********** IdentityStore.Client.get_user_id(**kwargs) Retrieves the "UserId" in an identity store. Note: If you have administrator access to a member account, you can use this API from the member account. Read about member accounts in the *Organizations User Guide*. See also: AWS API Documentation **Request Syntax** response = client.get_user_id( IdentityStoreId='string', AlternateIdentifier={ 'ExternalId': { 'Issuer': 'string', 'Id': 'string' }, 'UniqueAttribute': { 'AttributePath': 'string', 'AttributeValue': {...}|[...]|123|123.4|'string'|True|None } } ) Parameters: * **IdentityStoreId** (*string*) -- **[REQUIRED]** The globally unique identifier for the identity store. * **AlternateIdentifier** (*dict*) -- **[REQUIRED]** A unique identifier for a user or group that is not the primary identifier. This value can be an identifier from an external identity provider (IdP) that is associated with the user, the group, or a unique attribute. For the unique attribute, the only valid paths are "userName" and "emails.value". Note: This is a Tagged Union structure. Only one of the following top level keys can be set: "ExternalId", "UniqueAttribute". * **ExternalId** *(dict) --* The identifier issued to this resource by an external identity provider. * **Issuer** *(string) --* **[REQUIRED]** The issuer for an external identifier. * **Id** *(string) --* **[REQUIRED]** The identifier issued to this resource by an external identity provider. * **UniqueAttribute** *(dict) --* An entity attribute that's unique to a specific entity. * **AttributePath** *(string) --* **[REQUIRED]** A string representation of the path to a given attribute or sub-attribute. Supports JMESPath. * **AttributeValue** (*document*) -- **[REQUIRED]** The value of the attribute. This is a "Document" type. This type is not supported by Java V1, Go V1, and older versions of the CLI. Return type: dict Returns: **Response Syntax** { 'UserId': 'string', 'IdentityStoreId': 'string' } **Response Structure** * *(dict) --* * **UserId** *(string) --* The identifier for a user in the identity store. * **IdentityStoreId** *(string) --* The globally unique identifier for the identity store. **Exceptions** * "IdentityStore.Client.exceptions.ResourceNotFoundException" * "IdentityStore.Client.exceptions.ThrottlingException" * "IdentityStore.Client.exceptions.AccessDeniedException" * "IdentityStore.Client.exceptions.InternalServerException" * "IdentityStore.Client.exceptions.ValidationException" IdentityStore / Client / delete_group_membership delete_group_membership *********************** IdentityStore.Client.delete_group_membership(**kwargs) Delete a membership within a group given "MembershipId". See also: AWS API Documentation **Request Syntax** response = client.delete_group_membership( IdentityStoreId='string', MembershipId='string' ) Parameters: * **IdentityStoreId** (*string*) -- **[REQUIRED]** The globally unique identifier for the identity store. * **MembershipId** (*string*) -- **[REQUIRED]** The identifier for a "GroupMembership" in an identity store. Return type: dict Returns: **Response Syntax** {} **Response Structure** * *(dict) --* **Exceptions** * "IdentityStore.Client.exceptions.ResourceNotFoundException" * "IdentityStore.Client.exceptions.ThrottlingException" * "IdentityStore.Client.exceptions.AccessDeniedException" * "IdentityStore.Client.exceptions.ConflictException" * "IdentityStore.Client.exceptions.InternalServerException" * "IdentityStore.Client.exceptions.ValidationException"