Table of Contents
IdentityStore.
Client
¶A low-level client representing AWS SSO Identity Store (IdentityStore)
The AWS Single Sign-On (SSO) Identity Store service provides a single place to retrieve all of your identities (users and groups). For more information about AWS, see the AWS Single Sign-On User Guide .
client = session.create_client('identitystore')
These are the available methods:
can_paginate
(operation_name)¶Check if an operation can be paginated.
operation_name (string) – The operation name. This is the same name
as the method name on the client. For example, if the
method name is create_foo
, and you’d normally invoke the
operation as client.create_foo(**kwargs)
, if the
create_foo
operation can be paginated, you can use the
call client.get_paginator("create_foo")
.
True
if the operation can be paginated,
False
otherwise.
describe_group
(**kwargs)¶Retrieves the group metadata and attributes from GroupId
in an identity store.
See also: AWS API Documentation
Request Syntax
response = client.describe_group(
IdentityStoreId='string',
GroupId='string'
)
IdentityStoreId (string) –
[REQUIRED]
The globally unique identifier for the identity store, such as d-1234567890
. In this example, d-
is a fixed prefix, and 1234567890
is a randomly generated string that contains number and lower case letters. This value is generated at the time that a new identity store is created.
GroupId (string) –
[REQUIRED]
The identifier for a group in the identity store.
dict
Response Syntax
{
'GroupId': 'string',
'DisplayName': 'string'
}
Response Structure
(dict) –
GroupId (string) –
The identifier for a group in the identity store.
DisplayName (string) –
Contains the group’s display name value. The length limit is 1,024 characters. This value can consist of letters, accented characters, symbols, numbers, punctuation, tab, new line, carriage return, space, and nonbreaking space in this attribute. The characters <>;:%
are excluded. This value is specified at the time that the group is created and stored as an attribute of the group object in the identity store.
Exceptions
describe_user
(**kwargs)¶Retrieves the user metadata and attributes from UserId
in an identity store.
See also: AWS API Documentation
Request Syntax
response = client.describe_user(
IdentityStoreId='string',
UserId='string'
)
IdentityStoreId (string) –
[REQUIRED]
The globally unique identifier for the identity store, such as d-1234567890
. In this example, d-
is a fixed prefix, and 1234567890
is a randomly generated string that contains number and lower case letters. This value is generated at the time that a new identity store is created.
UserId (string) –
[REQUIRED]
The identifier for a user in the identity store.
dict
Response Syntax
{
'UserName': 'string',
'UserId': 'string'
}
Response Structure
(dict) –
UserName (string) –
Contains the user’s user name value. The length limit is 128 characters. This value can consist of letters, accented characters, symbols, numbers, and punctuation. The characters <>;:%
are excluded. This value is specified at the time the user is created and stored as an attribute of the user object in the identity store.
UserId (string) –
The identifier for a user in the identity store.
Exceptions
get_paginator
(operation_name)¶Create a paginator for an operation.
operation_name (string) – The operation name. This is the same name
as the method name on the client. For example, if the
method name is create_foo
, and you’d normally invoke the
operation as client.create_foo(**kwargs)
, if the
create_foo
operation can be paginated, you can use the
call client.get_paginator("create_foo")
.
OperationNotPageableError – Raised if the operation is not
pageable. You can use the client.can_paginate
method to
check if an operation is pageable.
L{botocore.paginate.Paginator}
A paginator object.
get_waiter
(waiter_name)¶Returns an object that can wait for some condition.
waiter_name (str) – The name of the waiter to get. See the waiters section of the service docs for a list of available waiters.
The specified waiter object.
botocore.waiter.Waiter
list_groups
(**kwargs)¶Lists the attribute name and value of the group that you specified in the search. We only support DisplayName
as a valid filter attribute path currently, and filter is required. This API returns minimum attributes, including GroupId
and group DisplayName
in the response.
See also: AWS API Documentation
Request Syntax
response = client.list_groups(
IdentityStoreId='string',
MaxResults=123,
NextToken='string',
Filters=[
{
'AttributePath': 'string',
'AttributeValue': 'string'
},
]
)
IdentityStoreId (string) –
[REQUIRED]
The globally unique identifier for the identity store, such as d-1234567890
. In this example, d-
is a fixed prefix, and 1234567890
is a randomly generated string that contains number and lower case letters. This value is generated at the time that a new identity store is created.
MaxResults (integer) – The maximum number of results to be returned per request. This parameter is used in the ListUsers
and ListGroups
request to specify how many results to return in one page. The length limit is 50 characters.
NextToken (string) – The pagination token used for the ListUsers
and ListGroups
API operations. This value is generated by the identity store service. It is returned in the API response if the total results are more than the size of one page. This token is also returned when it is used in the API request to search for the next page.
Filters (list) –
A list of Filter
objects, which is used in the ListUsers
and ListGroups
request.
(dict) –
A query filter used by ListUsers
and ListGroup
. This filter object provides the attribute name and attribute value to search users or groups.
AttributePath (string) – [REQUIRED]
The attribute path that is used to specify which attribute name to search. Length limit is 255 characters. For example, UserName
is a valid attribute path for the ListUsers
API, and DisplayName
is a valid attribute path for the ListGroups
API.
AttributeValue (string) – [REQUIRED]
Represents the data for an attribute. Each attribute value is described as a name-value pair.
dict
Response Syntax
{
'Groups': [
{
'GroupId': 'string',
'DisplayName': 'string'
},
],
'NextToken': 'string'
}
Response Structure
(dict) –
Groups (list) –
A list of Group
objects in the identity store.
(dict) –
A group object, which contains a specified group’s metadata and attributes.
GroupId (string) –
The identifier for a group in the identity store.
DisplayName (string) –
Contains the group’s display name value. The length limit is 1,024 characters. This value can consist of letters, accented characters, symbols, numbers, punctuation, tab, new line, carriage return, space, and nonbreaking space in this attribute. The characters <>;:%
are excluded. This value is specified at the time the group is created and stored as an attribute of the group object in the identity store.
NextToken (string) –
The pagination token used for the ListUsers
and ListGroups
API operations. This value is generated by the identity store service. It is returned in the API response if the total results are more than the size of one page. This token is also returned when it1 is used in the API request to search for the next page.
Exceptions
list_users
(**kwargs)¶Lists the attribute name and value of the user that you specified in the search. We only support UserName
as a valid filter attribute path currently, and filter is required. This API returns minimum attributes, including UserId
and UserName
in the response.
See also: AWS API Documentation
Request Syntax
response = client.list_users(
IdentityStoreId='string',
MaxResults=123,
NextToken='string',
Filters=[
{
'AttributePath': 'string',
'AttributeValue': 'string'
},
]
)
IdentityStoreId (string) –
[REQUIRED]
The globally unique identifier for the identity store, such as d-1234567890
. In this example, d-
is a fixed prefix, and 1234567890
is a randomly generated string that contains number and lower case letters. This value is generated at the time that a new identity store is created.
MaxResults (integer) – The maximum number of results to be returned per request. This parameter is used in the ListUsers
and ListGroups
request to specify how many results to return in one page. The length limit is 50 characters.
NextToken (string) – The pagination token used for the ListUsers
and ListGroups
API operations. This value is generated by the identity store service. It is returned in the API response if the total results are more than the size of one page. This token is also returned when it is used in the API request to search for the next page.
Filters (list) –
A list of Filter
objects, which is used in the ListUsers
and ListGroups
request.
(dict) –
A query filter used by ListUsers
and ListGroup
. This filter object provides the attribute name and attribute value to search users or groups.
AttributePath (string) – [REQUIRED]
The attribute path that is used to specify which attribute name to search. Length limit is 255 characters. For example, UserName
is a valid attribute path for the ListUsers
API, and DisplayName
is a valid attribute path for the ListGroups
API.
AttributeValue (string) – [REQUIRED]
Represents the data for an attribute. Each attribute value is described as a name-value pair.
dict
Response Syntax
{
'Users': [
{
'UserName': 'string',
'UserId': 'string'
},
],
'NextToken': 'string'
}
Response Structure
(dict) –
Users (list) –
A list of User
objects in the identity store.
(dict) –
A user object, which contains a specified user’s metadata and attributes.
UserName (string) –
Contains the user’s user name value. The length limit is 128 characters. This value can consist of letters, accented characters, symbols, numbers, and punctuation. The characters <>;:%
are excluded. This value is specified at the time the user is created and stored as an attribute of the user object in the identity store.
UserId (string) –
The identifier for a user in the identity store.
NextToken (string) –
The pagination token used for the ListUsers
and ListGroups
API operations. This value is generated by the identity store service. It is returned in the API response if the total results are more than the size of one page. This token is also returned when it is used in the API request to search for the next page.
Exceptions
Client exceptions are available on a client instance via the exceptions
property. For more detailed instructions and examples on the exact usage of client exceptions, see the error handling user guide.
The available client exceptions are:
IdentityStore.Client.exceptions.
AccessDeniedException
¶You do not have sufficient access to perform this action.
Example
try:
...
except client.exceptions.AccessDeniedException as e:
print(e.response)
response
¶The parsed error response. All exceptions have a top level Error
key that provides normalized access to common exception atrributes. All other keys are specific to this service or exception class.
Syntax
{
'Message': 'string',
'RequestId': 'string',
'Error': {
'Code': 'string',
'Message': 'string'
}
}
Structure
(dict) –
You do not have sufficient access to perform this action.
Message (string) –
RequestId (string) –
The identifier for each request. This value is a globally unique ID that is generated by the Identity Store service for each sent request, and is then returned inside the exception if the request fails.
Error (dict) – Normalized access to common exception attributes.
Code (string) – An identifier specifying the exception type.
Message (string) – A descriptive message explaining why the exception occured.
IdentityStore.Client.exceptions.
InternalServerException
¶The request processing has failed because of an unknown error, exception or failure with an internal server.
Example
try:
...
except client.exceptions.InternalServerException as e:
print(e.response)
response
¶The parsed error response. All exceptions have a top level Error
key that provides normalized access to common exception atrributes. All other keys are specific to this service or exception class.
Syntax
{
'Message': 'string',
'RequestId': 'string',
'Error': {
'Code': 'string',
'Message': 'string'
}
}
Structure
(dict) –
The request processing has failed because of an unknown error, exception or failure with an internal server.
Message (string) –
RequestId (string) –
The identifier for each request. This value is a globally unique ID that is generated by the Identity Store service for each sent request, and is then returned inside the exception if the request fails.
Error (dict) – Normalized access to common exception attributes.
Code (string) – An identifier specifying the exception type.
Message (string) – A descriptive message explaining why the exception occured.
IdentityStore.Client.exceptions.
ResourceNotFoundException
¶Indicates that a requested resource is not found.
Example
try:
...
except client.exceptions.ResourceNotFoundException as e:
print(e.response)
response
¶The parsed error response. All exceptions have a top level Error
key that provides normalized access to common exception atrributes. All other keys are specific to this service or exception class.
Syntax
{
'ResourceType': 'GROUP'|'USER'|'IDENTITY_STORE',
'ResourceId': 'string',
'Message': 'string',
'RequestId': 'string',
'Error': {
'Code': 'string',
'Message': 'string'
}
}
Structure
(dict) –
Indicates that a requested resource is not found.
ResourceType (string) –
The type of resource in the Identity Store service, which is an enum object. Valid values include USER, GROUP, and IDENTITY_STORE.
ResourceId (string) –
The identifier for a resource in the identity store, which can be used as UserId
or GroupId
. The format for ResourceId
is either UUID
or 1234567890-UUID
, where UUID
is a randomly generated value for each resource when it is created and 1234567890
represents the IdentityStoreId
string value. In the case that the identity store is migrated from a legacy SSO identity store, the ResourceId
for that identity store will be in the format of UUID
. Otherwise, it will be in the 1234567890-UUID
format.
Message (string) –
RequestId (string) –
The identifier for each request. This value is a globally unique ID that is generated by the Identity Store service for each sent request, and is then returned inside the exception if the request fails.
Error (dict) – Normalized access to common exception attributes.
Code (string) – An identifier specifying the exception type.
Message (string) – A descriptive message explaining why the exception occured.
IdentityStore.Client.exceptions.
ThrottlingException
¶Indicates that the principal has crossed the throttling limits of the API operations.
Example
try:
...
except client.exceptions.ThrottlingException as e:
print(e.response)
response
¶The parsed error response. All exceptions have a top level Error
key that provides normalized access to common exception atrributes. All other keys are specific to this service or exception class.
Syntax
{
'Message': 'string',
'RequestId': 'string',
'Error': {
'Code': 'string',
'Message': 'string'
}
}
Structure
(dict) –
Indicates that the principal has crossed the throttling limits of the API operations.
Message (string) –
RequestId (string) –
The identifier for each request. This value is a globally unique ID that is generated by the Identity Store service for each sent request, and is then returned inside the exception if the request fails.
Error (dict) – Normalized access to common exception attributes.
Code (string) – An identifier specifying the exception type.
Message (string) – A descriptive message explaining why the exception occured.
IdentityStore.Client.exceptions.
ValidationException
¶The request failed because it contains a syntax error.
Example
try:
...
except client.exceptions.ValidationException as e:
print(e.response)
response
¶The parsed error response. All exceptions have a top level Error
key that provides normalized access to common exception atrributes. All other keys are specific to this service or exception class.
Syntax
{
'Message': 'string',
'RequestId': 'string',
'Error': {
'Code': 'string',
'Message': 'string'
}
}
Structure
(dict) –
The request failed because it contains a syntax error.
Message (string) –
RequestId (string) –
The identifier for each request. This value is a globally unique ID that is generated by the Identity Store service for each sent request, and is then returned inside the exception if the request fails.
Error (dict) – Normalized access to common exception attributes.
Code (string) – An identifier specifying the exception type.
Message (string) – A descriptive message explaining why the exception occured.
The available paginators are: