IdentityStore

Client

class IdentityStore.Client

A low-level client representing AWS SSO Identity Store (IdentityStore)

The Identity Store service used by AWS IAM Identity Center (successor to AWS Single Sign-On) provides a single place to retrieve all of your identities (users and groups). For more information, see the IAM Identity Center User Guide.

<note> <p>Although AWS Single Sign-On was renamed, the <code>sso</code> and <code>identitystore</code> API namespaces will continue to retain their original name for backward compatibility purposes. For more information, see <a href="https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html#renamed">IAM Identity Center rename</a>.</p> </note> <p>This reference guide describes the identity store operations that you can call programatically and includes detailed information on data types and errors.</p>

client = session.create_client('identitystore')

These are the available methods:

can_paginate(operation_name)

Check if an operation can be paginated.

Parameters
operation_name (string) -- The operation name. This is the same name as the method name on the client. For example, if the method name is create_foo, and you'd normally invoke the operation as client.create_foo(**kwargs), if the create_foo operation can be paginated, you can use the call client.get_paginator("create_foo").
Returns
True if the operation can be paginated, False otherwise.
close()

Closes underlying endpoint connections.

create_group(**kwargs)

Creates a group within the specified identity store.

See also: AWS API Documentation

Request Syntax

response = client.create_group(
    IdentityStoreId='string',
    DisplayName='string',
    Description='string'
)
Parameters
  • IdentityStoreId (string) --

    [REQUIRED]

    The globally unique identifier for the identity store.

  • DisplayName (string) -- A string containing the name of the group. This value is commonly displayed when the group is referenced.
  • Description (string) -- A string containing the description of the group.
Return type

dict

Returns

Response Syntax

{
    'GroupId': 'string',
    'IdentityStoreId': 'string'
}

Response Structure

  • (dict) --

    • GroupId (string) --

      The identifier of the newly created group in the identity store.

    • IdentityStoreId (string) --

      The globally unique identifier for the identity store.

Exceptions

create_group_membership(**kwargs)

Creates a relationship between a member and a group. The following identifiers must be specified: GroupId , IdentityStoreId , and MemberId .

See also: AWS API Documentation

Request Syntax

response = client.create_group_membership(
    IdentityStoreId='string',
    GroupId='string',
    MemberId={
        'UserId': 'string'
    }
)
Parameters
  • IdentityStoreId (string) --

    [REQUIRED]

    The globally unique identifier for the identity store.

  • GroupId (string) --

    [REQUIRED]

    The identifier for a group in the identity store.

  • MemberId (dict) --

    [REQUIRED]

    An object that contains the identifier of a group member. Setting the UserID field to the specific identifier for a user indicates that the user is a member of the group.

    Note

    This is a Tagged Union structure. Only one of the following top level keys can be set: UserId.

    • UserId (string) --

      An object containing the identifiers of resources that can be members.

Return type

dict

Returns

Response Syntax

{
    'MembershipId': 'string',
    'IdentityStoreId': 'string'
}

Response Structure

  • (dict) --

    • MembershipId (string) --

      The identifier for a newly created GroupMembership in an identity store.

    • IdentityStoreId (string) --

      The globally unique identifier for the identity store.

Exceptions

create_user(**kwargs)

Creates a new user within the specified identity store.

See also: AWS API Documentation

Request Syntax

response = client.create_user(
    IdentityStoreId='string',
    UserName='string',
    Name={
        'Formatted': 'string',
        'FamilyName': 'string',
        'GivenName': 'string',
        'MiddleName': 'string',
        'HonorificPrefix': 'string',
        'HonorificSuffix': 'string'
    },
    DisplayName='string',
    NickName='string',
    ProfileUrl='string',
    Emails=[
        {
            'Value': 'string',
            'Type': 'string',
            'Primary': True|False
        },
    ],
    Addresses=[
        {
            'StreetAddress': 'string',
            'Locality': 'string',
            'Region': 'string',
            'PostalCode': 'string',
            'Country': 'string',
            'Formatted': 'string',
            'Type': 'string',
            'Primary': True|False
        },
    ],
    PhoneNumbers=[
        {
            'Value': 'string',
            'Type': 'string',
            'Primary': True|False
        },
    ],
    UserType='string',
    Title='string',
    PreferredLanguage='string',
    Locale='string',
    Timezone='string'
)
Parameters
  • IdentityStoreId (string) --

    [REQUIRED]

    The globally unique identifier for the identity store.

  • UserName (string) -- A unique string used to identify the user. The length limit is 128 characters. This value can consist of letters, accented characters, symbols, numbers, and punctuation. This value is specified at the time the user is created and stored as an attribute of the user object in the identity store.
  • Name (dict) --

    An object containing the user's name.

    • Formatted (string) --

      A string containing a formatted version of the name for display.

    • FamilyName (string) --

      The family name of the user.

    • GivenName (string) --

      The given name of the user.

    • MiddleName (string) --

      The middle name of the user.

    • HonorificPrefix (string) --

      The honorific prefix of the user. For example, "Dr."

    • HonorificSuffix (string) --

      The honorific suffix of the user. For example, "M.D."

  • DisplayName (string) -- A string containing the user's name. This value is typically formatted for display when the user is referenced. For example, "John Doe."
  • NickName (string) -- A string containing an alternate name for the user.
  • ProfileUrl (string) -- A string containing a URL that may be associated with the user.
  • Emails (list) --

    A list of Email objects containing email addresses associated with the user.

    • (dict) --

      The email address associated with the user.

      • Value (string) --

        A string containing an email address. For example, "johndoe@amazon.com."

      • Type (string) --

        A string representing the type of address. For example, "Work."

      • Primary (boolean) --

        A Boolean value representing whether this is the primary email address for the associated resource.

  • Addresses (list) --

    A list of Address objects containing addresses associated with the user.

    • (dict) --

      The address associated with the specified user.

      • StreetAddress (string) --

        The street of the address.

      • Locality (string) --

        A string of the address locality.

      • Region (string) --

        The region of the address.

      • PostalCode (string) --

        The postal code of the address.

      • Country (string) --

        The country of the address.

      • Formatted (string) --

        A string containing a formatted version of the address for display.

      • Type (string) --

        A string representing the type of address. For example, "Home."

      • Primary (boolean) --

        A Boolean value representing whether this is the primary address for the associated resource.

  • PhoneNumbers (list) --

    A list of PhoneNumber objects containing phone numbers associated with the user.

    • (dict) --

      The phone number associated with the user.

      • Value (string) --

        A string containing a phone number. For example, "8675309" or "+1 (800) 123-4567".

      • Type (string) --

        A string representing the type of a phone number. For example, "Mobile."

      • Primary (boolean) --

        A Boolean value representing whether this is the primary phone number for the associated resource.

  • UserType (string) -- A string indicating the user's type. Possible values depend on each customer's specific needs, so they are left unspecified.
  • Title (string) -- A string containing the user's title. Possible values are left unspecified given that they depend on each customer's specific needs.
  • PreferredLanguage (string) -- A string containing the preferred language of the user. For example, "American English" or "en-us."
  • Locale (string) -- A string containing the user's geographical region or location.
  • Timezone (string) -- A string containing the user's time zone.
Return type

dict

Returns

Response Syntax

{
    'UserId': 'string',
    'IdentityStoreId': 'string'
}

Response Structure

  • (dict) --

    • UserId (string) --

      The identifier of the newly created user in the identity store.

    • IdentityStoreId (string) --

      The globally unique identifier for the identity store.

Exceptions

delete_group(**kwargs)

Delete a group within an identity store given GroupId .

See also: AWS API Documentation

Request Syntax

response = client.delete_group(
    IdentityStoreId='string',
    GroupId='string'
)
Parameters
  • IdentityStoreId (string) --

    [REQUIRED]

    The globally unique identifier for the identity store.

  • GroupId (string) --

    [REQUIRED]

    The identifier for a group in the identity store.

Return type

dict

Returns

Response Syntax

{}

Response Structure

  • (dict) --

Exceptions

delete_group_membership(**kwargs)

Delete a membership within a group given MembershipId .

See also: AWS API Documentation

Request Syntax

response = client.delete_group_membership(
    IdentityStoreId='string',
    MembershipId='string'
)
Parameters
  • IdentityStoreId (string) --

    [REQUIRED]

    The globally unique identifier for the identity store.

  • MembershipId (string) --

    [REQUIRED]

    The identifier for a GroupMembership in an identity store.

Return type

dict

Returns

Response Syntax

{}

Response Structure

  • (dict) --

Exceptions

delete_user(**kwargs)

Deletes a user within an identity store given UserId .

See also: AWS API Documentation

Request Syntax

response = client.delete_user(
    IdentityStoreId='string',
    UserId='string'
)
Parameters
  • IdentityStoreId (string) --

    [REQUIRED]

    The globally unique identifier for the identity store.

  • UserId (string) --

    [REQUIRED]

    The identifier for a user in the identity store.

Return type

dict

Returns

Response Syntax

{}

Response Structure

  • (dict) --

Exceptions

describe_group(**kwargs)

Retrieves the group metadata and attributes from GroupId in an identity store.

See also: AWS API Documentation

Request Syntax

response = client.describe_group(
    IdentityStoreId='string',
    GroupId='string'
)
Parameters
  • IdentityStoreId (string) --

    [REQUIRED]

    The globally unique identifier for the identity store, such as d-1234567890 . In this example, d- is a fixed prefix, and 1234567890 is a randomly generated string that contains numbers and lower case letters. This value is generated at the time that a new identity store is created.

  • GroupId (string) --

    [REQUIRED]

    The identifier for a group in the identity store.

Return type

dict

Returns

Response Syntax

{
    'GroupId': 'string',
    'DisplayName': 'string',
    'ExternalIds': [
        {
            'Issuer': 'string',
            'Id': 'string'
        },
    ],
    'Description': 'string',
    'IdentityStoreId': 'string'
}

Response Structure

  • (dict) --

    • GroupId (string) --

      The identifier for a group in the identity store.

    • DisplayName (string) --

      The group’s display name value. The length limit is 1,024 characters. This value can consist of letters, accented characters, symbols, numbers, punctuation, tab, new line, carriage return, space, and nonbreaking space in this attribute. This value is specified at the time that the group is created and stored as an attribute of the group object in the identity store.

    • ExternalIds (list) --

      A list of ExternalId objects that contains the identifiers issued to this resource by an external identity provider.

      • (dict) --

        The identifier issued to this resource by an external identity provider.

        • Issuer (string) --

          The issuer for an external identifier.

        • Id (string) --

          The identifier issued to this resource by an external identity provider.

    • Description (string) --

      A string containing a description of the group.

    • IdentityStoreId (string) --

      The globally unique identifier for the identity store.

Exceptions

describe_group_membership(**kwargs)

Retrieves membership metadata and attributes from MembershipId in an identity store.

See also: AWS API Documentation

Request Syntax

response = client.describe_group_membership(
    IdentityStoreId='string',
    MembershipId='string'
)
Parameters
  • IdentityStoreId (string) --

    [REQUIRED]

    The globally unique identifier for the identity store.

  • MembershipId (string) --

    [REQUIRED]

    The identifier for a GroupMembership in an identity store.

Return type

dict

Returns

Response Syntax

{
    'IdentityStoreId': 'string',
    'MembershipId': 'string',
    'GroupId': 'string',
    'MemberId': {
        'UserId': 'string'
    }
}

Response Structure

  • (dict) --

    • IdentityStoreId (string) --

      The globally unique identifier for the identity store.

    • MembershipId (string) --

      The identifier for a GroupMembership in an identity store.

    • GroupId (string) --

      The identifier for a group in the identity store.

    • MemberId (dict) --

      An object containing the identifier of a group member.

      Note

      This is a Tagged Union structure. Only one of the following top level keys will be set: UserId. If a client receives an unknown member it will set SDK_UNKNOWN_MEMBER as the top level key, which maps to the name or tag of the unknown member. The structure of SDK_UNKNOWN_MEMBER is as follows:

      'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}
      
      • UserId (string) --

        An object containing the identifiers of resources that can be members.

Exceptions

describe_user(**kwargs)

Retrieves the user metadata and attributes from the UserId in an identity store.

See also: AWS API Documentation

Request Syntax

response = client.describe_user(
    IdentityStoreId='string',
    UserId='string'
)
Parameters
  • IdentityStoreId (string) --

    [REQUIRED]

    The globally unique identifier for the identity store, such as d-1234567890 . In this example, d- is a fixed prefix, and 1234567890 is a randomly generated string that contains numbers and lower case letters. This value is generated at the time that a new identity store is created.

  • UserId (string) --

    [REQUIRED]

    The identifier for a user in the identity store.

Return type

dict

Returns

Response Syntax

{
    'UserName': 'string',
    'UserId': 'string',
    'ExternalIds': [
        {
            'Issuer': 'string',
            'Id': 'string'
        },
    ],
    'Name': {
        'Formatted': 'string',
        'FamilyName': 'string',
        'GivenName': 'string',
        'MiddleName': 'string',
        'HonorificPrefix': 'string',
        'HonorificSuffix': 'string'
    },
    'DisplayName': 'string',
    'NickName': 'string',
    'ProfileUrl': 'string',
    'Emails': [
        {
            'Value': 'string',
            'Type': 'string',
            'Primary': True|False
        },
    ],
    'Addresses': [
        {
            'StreetAddress': 'string',
            'Locality': 'string',
            'Region': 'string',
            'PostalCode': 'string',
            'Country': 'string',
            'Formatted': 'string',
            'Type': 'string',
            'Primary': True|False
        },
    ],
    'PhoneNumbers': [
        {
            'Value': 'string',
            'Type': 'string',
            'Primary': True|False
        },
    ],
    'UserType': 'string',
    'Title': 'string',
    'PreferredLanguage': 'string',
    'Locale': 'string',
    'Timezone': 'string',
    'IdentityStoreId': 'string'
}

Response Structure

  • (dict) --

    • UserName (string) --

      A unique string used to identify the user. The length limit is 128 characters. This value can consist of letters, accented characters, symbols, numbers, and punctuation. This value is specified at the time the user is created and stored as an attribute of the user object in the identity store.

    • UserId (string) --

      The identifier for a user in the identity store.

    • ExternalIds (list) --

      A list of ExternalId objects that contains the identifiers issued to this resource by an external identity provider.

      • (dict) --

        The identifier issued to this resource by an external identity provider.

        • Issuer (string) --

          The issuer for an external identifier.

        • Id (string) --

          The identifier issued to this resource by an external identity provider.

    • Name (dict) --

      The name of the user.

      • Formatted (string) --

        A string containing a formatted version of the name for display.

      • FamilyName (string) --

        The family name of the user.

      • GivenName (string) --

        The given name of the user.

      • MiddleName (string) --

        The middle name of the user.

      • HonorificPrefix (string) --

        The honorific prefix of the user. For example, "Dr."

      • HonorificSuffix (string) --

        The honorific suffix of the user. For example, "M.D."

    • DisplayName (string) --

      The user's name value for display.

    • NickName (string) --

      An alternative descriptive name for the user.

    • ProfileUrl (string) --

      A URL link for the user's profile.

    • Emails (list) --

      The user's email value.

      • (dict) --

        The email address associated with the user.

        • Value (string) --

          A string containing an email address. For example, "johndoe@amazon.com."

        • Type (string) --

          A string representing the type of address. For example, "Work."

        • Primary (boolean) --

          A Boolean value representing whether this is the primary email address for the associated resource.

    • Addresses (list) --

      The user's physical address.

      • (dict) --

        The address associated with the specified user.

        • StreetAddress (string) --

          The street of the address.

        • Locality (string) --

          A string of the address locality.

        • Region (string) --

          The region of the address.

        • PostalCode (string) --

          The postal code of the address.

        • Country (string) --

          The country of the address.

        • Formatted (string) --

          A string containing a formatted version of the address for display.

        • Type (string) --

          A string representing the type of address. For example, "Home."

        • Primary (boolean) --

          A Boolean value representing whether this is the primary address for the associated resource.

    • PhoneNumbers (list) --

      A list of PhoneNumber objects associated with a user.

      • (dict) --

        The phone number associated with the user.

        • Value (string) --

          A string containing a phone number. For example, "8675309" or "+1 (800) 123-4567".

        • Type (string) --

          A string representing the type of a phone number. For example, "Mobile."

        • Primary (boolean) --

          A Boolean value representing whether this is the primary phone number for the associated resource.

    • UserType (string) --

      A string indicating the user's type.

    • Title (string) --

      A string containing the user's title.

    • PreferredLanguage (string) --

      The preferred language of the user.

    • Locale (string) --

      A string containing the user's geographical region or location.

    • Timezone (string) --

      The time zone for a user.

    • IdentityStoreId (string) --

      The globally unique identifier for the identity store.

Exceptions

get_group_id(**kwargs)

Retrieves GroupId in an identity store.

See also: AWS API Documentation

Request Syntax

response = client.get_group_id(
    IdentityStoreId='string',
    AlternateIdentifier={
        'ExternalId': {
            'Issuer': 'string',
            'Id': 'string'
        },
        'UniqueAttribute': {
            'AttributePath': 'string',
            'AttributeValue': {...}|[...]|123|123.4|'string'|True|None
        }
    }
)
Parameters
  • IdentityStoreId (string) --

    [REQUIRED]

    The globally unique identifier for the identity store.

  • AlternateIdentifier (dict) --

    [REQUIRED]

    A unique identifier for a user or group that is not the primary identifier. This value can be an identifier from an external identity provider (IdP) that is associated with the user, the group, or a unique attribute. For example, a unique GroupDisplayName .

    Note

    This is a Tagged Union structure. Only one of the following top level keys can be set: ExternalId, UniqueAttribute.

    • ExternalId (dict) --

      The identifier issued to this resource by an external identity provider.

      • Issuer (string) -- [REQUIRED]

        The issuer for an external identifier.

      • Id (string) -- [REQUIRED]

        The identifier issued to this resource by an external identity provider.

    • UniqueAttribute (dict) --

      An entity attribute that's unique to a specific entity.

      • AttributePath (string) -- [REQUIRED]

        A string representation of the path to a given attribute or sub-attribute. Supports JMESPath.

      • AttributeValue (document) -- [REQUIRED]

        The value of the attribute. This is a Document type. This type is not supported by Java V1, Go V1, and older versions of the AWS CLI.

Return type

dict

Returns

Response Syntax

{
    'GroupId': 'string',
    'IdentityStoreId': 'string'
}

Response Structure

  • (dict) --

    • GroupId (string) --

      The identifier for a group in the identity store.

    • IdentityStoreId (string) --

      The globally unique identifier for the identity store.

Exceptions

get_group_membership_id(**kwargs)

Retrieves the MembershipId in an identity store.

See also: AWS API Documentation

Request Syntax

response = client.get_group_membership_id(
    IdentityStoreId='string',
    GroupId='string',
    MemberId={
        'UserId': 'string'
    }
)
Parameters
  • IdentityStoreId (string) --

    [REQUIRED]

    The globally unique identifier for the identity store.

  • GroupId (string) --

    [REQUIRED]

    The identifier for a group in the identity store.

  • MemberId (dict) --

    [REQUIRED]

    An object that contains the identifier of a group member. Setting the UserID field to the specific identifier for a user indicates that the user is a member of the group.

    Note

    This is a Tagged Union structure. Only one of the following top level keys can be set: UserId.

    • UserId (string) --

      An object containing the identifiers of resources that can be members.

Return type

dict

Returns

Response Syntax

{
    'MembershipId': 'string',
    'IdentityStoreId': 'string'
}

Response Structure

  • (dict) --

    • MembershipId (string) --

      The identifier for a GroupMembership in an identity store.

    • IdentityStoreId (string) --

      The globally unique identifier for the identity store.

Exceptions

get_paginator(operation_name)

Create a paginator for an operation.

Parameters
operation_name (string) -- The operation name. This is the same name as the method name on the client. For example, if the method name is create_foo, and you'd normally invoke the operation as client.create_foo(**kwargs), if the create_foo operation can be paginated, you can use the call client.get_paginator("create_foo").
Raises OperationNotPageableError
Raised if the operation is not pageable. You can use the client.can_paginate method to check if an operation is pageable.
Return type
L{botocore.paginate.Paginator}
Returns
A paginator object.
get_user_id(**kwargs)

Retrieves the UserId in an identity store.

See also: AWS API Documentation

Request Syntax

response = client.get_user_id(
    IdentityStoreId='string',
    AlternateIdentifier={
        'ExternalId': {
            'Issuer': 'string',
            'Id': 'string'
        },
        'UniqueAttribute': {
            'AttributePath': 'string',
            'AttributeValue': {...}|[...]|123|123.4|'string'|True|None
        }
    }
)
Parameters
  • IdentityStoreId (string) --

    [REQUIRED]

    The globally unique identifier for the identity store.

  • AlternateIdentifier (dict) --

    [REQUIRED]

    A unique identifier for a user or group that is not the primary identifier. This value can be an identifier from an external identity provider (IdP) that is associated with the user, the group, or a unique attribute. For example, a unique UserDisplayName .

    Note

    This is a Tagged Union structure. Only one of the following top level keys can be set: ExternalId, UniqueAttribute.

    • ExternalId (dict) --

      The identifier issued to this resource by an external identity provider.

      • Issuer (string) -- [REQUIRED]

        The issuer for an external identifier.

      • Id (string) -- [REQUIRED]

        The identifier issued to this resource by an external identity provider.

    • UniqueAttribute (dict) --

      An entity attribute that's unique to a specific entity.

      • AttributePath (string) -- [REQUIRED]

        A string representation of the path to a given attribute or sub-attribute. Supports JMESPath.

      • AttributeValue (document) -- [REQUIRED]

        The value of the attribute. This is a Document type. This type is not supported by Java V1, Go V1, and older versions of the AWS CLI.

Return type

dict

Returns

Response Syntax

{
    'UserId': 'string',
    'IdentityStoreId': 'string'
}

Response Structure

  • (dict) --

    • UserId (string) --

      The identifier for a user in the identity store.

    • IdentityStoreId (string) --

      The globally unique identifier for the identity store.

Exceptions

get_waiter(waiter_name)

Returns an object that can wait for some condition.

Parameters
waiter_name (str) -- The name of the waiter to get. See the waiters section of the service docs for a list of available waiters.
Returns
The specified waiter object.
Return type
botocore.waiter.Waiter
is_member_in_groups(**kwargs)

Checks the user's membership in all requested groups and returns if the member exists in all queried groups.

See also: AWS API Documentation

Request Syntax

response = client.is_member_in_groups(
    IdentityStoreId='string',
    MemberId={
        'UserId': 'string'
    },
    GroupIds=[
        'string',
    ]
)
Parameters
  • IdentityStoreId (string) --

    [REQUIRED]

    The globally unique identifier for the identity store.

  • MemberId (dict) --

    [REQUIRED]

    An object containing the identifier of a group member.

    Note

    This is a Tagged Union structure. Only one of the following top level keys can be set: UserId.

    • UserId (string) --

      An object containing the identifiers of resources that can be members.

  • GroupIds (list) --

    [REQUIRED]

    A list of identifiers for groups in the identity store.

    • (string) --
Return type

dict

Returns

Response Syntax

{
    'Results': [
        {
            'GroupId': 'string',
            'MemberId': {
                'UserId': 'string'
            },
            'MembershipExists': True|False
        },
    ]
}

Response Structure

  • (dict) --

    • Results (list) --

      A list containing the results of membership existence checks.

      • (dict) --

        Indicates whether a resource is a member of a group in the identity store.

        • GroupId (string) --

          The identifier for a group in the identity store.

        • MemberId (dict) --

          An object that contains the identifier of a group member. Setting the UserID field to the specific identifier for a user indicates that the user is a member of the group.

          Note

          This is a Tagged Union structure. Only one of the following top level keys will be set: UserId. If a client receives an unknown member it will set SDK_UNKNOWN_MEMBER as the top level key, which maps to the name or tag of the unknown member. The structure of SDK_UNKNOWN_MEMBER is as follows:

          'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}
          
          • UserId (string) --

            An object containing the identifiers of resources that can be members.

        • MembershipExists (boolean) --

          Indicates whether a membership relation exists or not.

Exceptions

list_group_memberships(**kwargs)

For the specified group in the specified identity store, returns the list of all GroupMembership objects and returns results in paginated form.

See also: AWS API Documentation

Request Syntax

response = client.list_group_memberships(
    IdentityStoreId='string',
    GroupId='string',
    MaxResults=123,
    NextToken='string'
)
Parameters
  • IdentityStoreId (string) --

    [REQUIRED]

    The globally unique identifier for the identity store.

  • GroupId (string) --

    [REQUIRED]

    The identifier for a group in the identity store.

  • MaxResults (integer) -- The maximum number of results to be returned per request. This parameter is used in all List requests to specify how many results to return in one page.
  • NextToken (string) -- The pagination token used for the ListUsers , ListGroups and ListGroupMemberships API operations. This value is generated by the identity store service. It is returned in the API response if the total results are more than the size of one page. This token is also returned when it is used in the API request to search for the next page.
Return type

dict

Returns

Response Syntax

{
    'GroupMemberships': [
        {
            'IdentityStoreId': 'string',
            'MembershipId': 'string',
            'GroupId': 'string',
            'MemberId': {
                'UserId': 'string'
            }
        },
    ],
    'NextToken': 'string'
}

Response Structure

  • (dict) --

    • GroupMemberships (list) --

      A list of GroupMembership objects in the group.

      • (dict) --

        Contains the identifiers for a group, a group member, and a GroupMembership object in the identity store.

        • IdentityStoreId (string) --

          The globally unique identifier for the identity store.

        • MembershipId (string) --

          The identifier for a GroupMembership object in an identity store.

        • GroupId (string) --

          The identifier for a group in the identity store.

        • MemberId (dict) --

          An object that contains the identifier of a group member. Setting the UserID field to the specific identifier for a user indicates that the user is a member of the group.

          Note

          This is a Tagged Union structure. Only one of the following top level keys will be set: UserId. If a client receives an unknown member it will set SDK_UNKNOWN_MEMBER as the top level key, which maps to the name or tag of the unknown member. The structure of SDK_UNKNOWN_MEMBER is as follows:

          'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}
          
          • UserId (string) --

            An object containing the identifiers of resources that can be members.

    • NextToken (string) --

      The pagination token used for the ListUsers , ListGroups , and ListGroupMemberships API operations. This value is generated by the identity store service. It is returned in the API response if the total results are more than the size of one page. This token is also returned when it is used in the API request to search for the next page.

Exceptions

list_group_memberships_for_member(**kwargs)

For the specified member in the specified identity store, returns the list of all GroupMembership objects and returns results in paginated form.

See also: AWS API Documentation

Request Syntax

response = client.list_group_memberships_for_member(
    IdentityStoreId='string',
    MemberId={
        'UserId': 'string'
    },
    MaxResults=123,
    NextToken='string'
)
Parameters
  • IdentityStoreId (string) --

    [REQUIRED]

    The globally unique identifier for the identity store.

  • MemberId (dict) --

    [REQUIRED]

    An object that contains the identifier of a group member. Setting the UserID field to the specific identifier for a user indicates that the user is a member of the group.

    Note

    This is a Tagged Union structure. Only one of the following top level keys can be set: UserId.

    • UserId (string) --

      An object containing the identifiers of resources that can be members.

  • MaxResults (integer) -- The maximum number of results to be returned per request. This parameter is used in the ListUsers and ListGroups requests to specify how many results to return in one page. The length limit is 50 characters.
  • NextToken (string) -- The pagination token used for the ListUsers , ListGroups , and ListGroupMemberships API operations. This value is generated by the identity store service. It is returned in the API response if the total results are more than the size of one page. This token is also returned when it is used in the API request to search for the next page.
Return type

dict

Returns

Response Syntax

{
    'GroupMemberships': [
        {
            'IdentityStoreId': 'string',
            'MembershipId': 'string',
            'GroupId': 'string',
            'MemberId': {
                'UserId': 'string'
            }
        },
    ],
    'NextToken': 'string'
}

Response Structure

  • (dict) --

    • GroupMemberships (list) --

      A list of GroupMembership objects in the group for a specified member.

      • (dict) --

        Contains the identifiers for a group, a group member, and a GroupMembership object in the identity store.

        • IdentityStoreId (string) --

          The globally unique identifier for the identity store.

        • MembershipId (string) --

          The identifier for a GroupMembership object in an identity store.

        • GroupId (string) --

          The identifier for a group in the identity store.

        • MemberId (dict) --

          An object that contains the identifier of a group member. Setting the UserID field to the specific identifier for a user indicates that the user is a member of the group.

          Note

          This is a Tagged Union structure. Only one of the following top level keys will be set: UserId. If a client receives an unknown member it will set SDK_UNKNOWN_MEMBER as the top level key, which maps to the name or tag of the unknown member. The structure of SDK_UNKNOWN_MEMBER is as follows:

          'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}
          
          • UserId (string) --

            An object containing the identifiers of resources that can be members.

    • NextToken (string) --

      The pagination token used for the ListUsers , ListGroups , and ListGroupMemberships API operations. This value is generated by the identity store service. It is returned in the API response if the total results are more than the size of one page. This token is also returned when it is used in the API request to search for the next page.

Exceptions

list_groups(**kwargs)

Lists all groups in the identity store. Returns a paginated list of complete Group objects. Filtering for a Group by the DisplayName attribute is deprecated. Instead, use the GetGroupId API action.

See also: AWS API Documentation

Request Syntax

response = client.list_groups(
    IdentityStoreId='string',
    MaxResults=123,
    NextToken='string',
    Filters=[
        {
            'AttributePath': 'string',
            'AttributeValue': 'string'
        },
    ]
)
Parameters
  • IdentityStoreId (string) --

    [REQUIRED]

    The globally unique identifier for the identity store, such as d-1234567890 . In this example, d- is a fixed prefix, and 1234567890 is a randomly generated string that contains numbers and lower case letters. This value is generated at the time that a new identity store is created.

  • MaxResults (integer) -- The maximum number of results to be returned per request. This parameter is used in the ListUsers and ListGroups requests to specify how many results to return in one page. The length limit is 50 characters.
  • NextToken (string) -- The pagination token used for the ListUsers and ListGroups API operations. This value is generated by the identity store service. It is returned in the API response if the total results are more than the size of one page. This token is also returned when it is used in the API request to search for the next page.
  • Filters (list) --

    A list of Filter objects, which is used in the ListUsers and ListGroups requests.

    • (dict) --

      A query filter used by ListUsers and ListGroups . This filter object provides the attribute name and attribute value to search users or groups.

      • AttributePath (string) -- [REQUIRED]

        The attribute path that is used to specify which attribute name to search. Length limit is 255 characters. For example, UserName is a valid attribute path for the ListUsers API, and DisplayName is a valid attribute path for the ListGroups API.

      • AttributeValue (string) -- [REQUIRED]

        Represents the data for an attribute. Each attribute value is described as a name-value pair.

Return type

dict

Returns

Response Syntax

{
    'Groups': [
        {
            'GroupId': 'string',
            'DisplayName': 'string',
            'ExternalIds': [
                {
                    'Issuer': 'string',
                    'Id': 'string'
                },
            ],
            'Description': 'string',
            'IdentityStoreId': 'string'
        },
    ],
    'NextToken': 'string'
}

Response Structure

  • (dict) --

    • Groups (list) --

      A list of Group objects in the identity store.

      • (dict) --

        A group object that contains a specified group’s metadata and attributes.

        • GroupId (string) --

          The identifier for a group in the identity store.

        • DisplayName (string) --

          The group’s display name value. The length limit is 1,024 characters. This value can consist of letters, accented characters, symbols, numbers, punctuation, tab, new line, carriage return, space, and nonbreaking space in this attribute. This value is specified at the time the group is created and stored as an attribute of the group object in the identity store.

        • ExternalIds (list) --

          A list of ExternalId objects that contains the identifiers issued to this resource by an external identity provider.

          • (dict) --

            The identifier issued to this resource by an external identity provider.

            • Issuer (string) --

              The issuer for an external identifier.

            • Id (string) --

              The identifier issued to this resource by an external identity provider.

        • Description (string) --

          A string containing a description of the specified group.

        • IdentityStoreId (string) --

          The globally unique identifier for the identity store.

    • NextToken (string) --

      The pagination token used for the ListUsers and ListGroups API operations. This value is generated by the identity store service. It is returned in the API response if the total results are more than the size of one page. This token is also returned when it1 is used in the API request to search for the next page.

Exceptions

list_users(**kwargs)

Lists all users in the identity store. Returns a paginated list of complete User objects. Filtering for a User by the UserName attribute is deprecated. Instead, use the GetUserId API action.

See also: AWS API Documentation

Request Syntax

response = client.list_users(
    IdentityStoreId='string',
    MaxResults=123,
    NextToken='string',
    Filters=[
        {
            'AttributePath': 'string',
            'AttributeValue': 'string'
        },
    ]
)
Parameters
  • IdentityStoreId (string) --

    [REQUIRED]

    The globally unique identifier for the identity store, such as d-1234567890 . In this example, d- is a fixed prefix, and 1234567890 is a randomly generated string that contains numbers and lower case letters. This value is generated at the time that a new identity store is created.

  • MaxResults (integer) -- The maximum number of results to be returned per request. This parameter is used in the ListUsers and ListGroups requests to specify how many results to return in one page. The length limit is 50 characters.
  • NextToken (string) -- The pagination token used for the ListUsers and ListGroups API operations. This value is generated by the identity store service. It is returned in the API response if the total results are more than the size of one page. This token is also returned when it is used in the API request to search for the next page.
  • Filters (list) --

    A list of Filter objects, which is used in the ListUsers and ListGroups requests.

    • (dict) --

      A query filter used by ListUsers and ListGroups . This filter object provides the attribute name and attribute value to search users or groups.

      • AttributePath (string) -- [REQUIRED]

        The attribute path that is used to specify which attribute name to search. Length limit is 255 characters. For example, UserName is a valid attribute path for the ListUsers API, and DisplayName is a valid attribute path for the ListGroups API.

      • AttributeValue (string) -- [REQUIRED]

        Represents the data for an attribute. Each attribute value is described as a name-value pair.

Return type

dict

Returns

Response Syntax

{
    'Users': [
        {
            'UserName': 'string',
            'UserId': 'string',
            'ExternalIds': [
                {
                    'Issuer': 'string',
                    'Id': 'string'
                },
            ],
            'Name': {
                'Formatted': 'string',
                'FamilyName': 'string',
                'GivenName': 'string',
                'MiddleName': 'string',
                'HonorificPrefix': 'string',
                'HonorificSuffix': 'string'
            },
            'DisplayName': 'string',
            'NickName': 'string',
            'ProfileUrl': 'string',
            'Emails': [
                {
                    'Value': 'string',
                    'Type': 'string',
                    'Primary': True|False
                },
            ],
            'Addresses': [
                {
                    'StreetAddress': 'string',
                    'Locality': 'string',
                    'Region': 'string',
                    'PostalCode': 'string',
                    'Country': 'string',
                    'Formatted': 'string',
                    'Type': 'string',
                    'Primary': True|False
                },
            ],
            'PhoneNumbers': [
                {
                    'Value': 'string',
                    'Type': 'string',
                    'Primary': True|False
                },
            ],
            'UserType': 'string',
            'Title': 'string',
            'PreferredLanguage': 'string',
            'Locale': 'string',
            'Timezone': 'string',
            'IdentityStoreId': 'string'
        },
    ],
    'NextToken': 'string'
}

Response Structure

  • (dict) --

    • Users (list) --

      A list of User objects in the identity store.

      • (dict) --

        A user object that contains a specified user’s metadata and attributes.

        • UserName (string) --

          A unique string used to identify the user. The length limit is 128 characters. This value can consist of letters, accented characters, symbols, numbers, and punctuation. This value is specified at the time the user is created and stored as an attribute of the user object in the identity store.

        • UserId (string) --

          The identifier for a user in the identity store.

        • ExternalIds (list) --

          A list of ExternalId objects that contains the identifiers issued to this resource by an external identity provider.

          • (dict) --

            The identifier issued to this resource by an external identity provider.

            • Issuer (string) --

              The issuer for an external identifier.

            • Id (string) --

              The identifier issued to this resource by an external identity provider.

        • Name (dict) --

          An object containing the user's name.

          • Formatted (string) --

            A string containing a formatted version of the name for display.

          • FamilyName (string) --

            The family name of the user.

          • GivenName (string) --

            The given name of the user.

          • MiddleName (string) --

            The middle name of the user.

          • HonorificPrefix (string) --

            The honorific prefix of the user. For example, "Dr."

          • HonorificSuffix (string) --

            The honorific suffix of the user. For example, "M.D."

        • DisplayName (string) --

          A string containing the user's name that's formatted for display when the user is referenced. For example, "John Doe."

        • NickName (string) --

          A string containing an alternate name for the user.

        • ProfileUrl (string) --

          A string containing a URL that may be associated with the user.

        • Emails (list) --

          A list of Email objects containing email addresses associated with the user.

          • (dict) --

            The email address associated with the user.

            • Value (string) --

              A string containing an email address. For example, "johndoe@amazon.com."

            • Type (string) --

              A string representing the type of address. For example, "Work."

            • Primary (boolean) --

              A Boolean value representing whether this is the primary email address for the associated resource.

        • Addresses (list) --

          A list of Address objects containing addresses associated with the user.

          • (dict) --

            The address associated with the specified user.

            • StreetAddress (string) --

              The street of the address.

            • Locality (string) --

              A string of the address locality.

            • Region (string) --

              The region of the address.

            • PostalCode (string) --

              The postal code of the address.

            • Country (string) --

              The country of the address.

            • Formatted (string) --

              A string containing a formatted version of the address for display.

            • Type (string) --

              A string representing the type of address. For example, "Home."

            • Primary (boolean) --

              A Boolean value representing whether this is the primary address for the associated resource.

        • PhoneNumbers (list) --

          A list of PhoneNumber objects containing phone numbers associated with the user.

          • (dict) --

            The phone number associated with the user.

            • Value (string) --

              A string containing a phone number. For example, "8675309" or "+1 (800) 123-4567".

            • Type (string) --

              A string representing the type of a phone number. For example, "Mobile."

            • Primary (boolean) --

              A Boolean value representing whether this is the primary phone number for the associated resource.

        • UserType (string) --

          A string indicating the user's type. Possible values depend on each customer's specific needs, so they are left unspecified.

        • Title (string) --

          A string containing the user's title. Possible values depend on each customer's specific needs, so they are left unspecified.

        • PreferredLanguage (string) --

          A string containing the preferred language of the user. For example, "American English" or "en-us."

        • Locale (string) --

          A string containing the user's geographical region or location.

        • Timezone (string) --

          A string containing the user's time zone.

        • IdentityStoreId (string) --

          The globally unique identifier for the identity store.

    • NextToken (string) --

      The pagination token used for the ListUsers and ListGroups API operations. This value is generated by the identity store service. It is returned in the API response if the total results are more than the size of one page. This token is also returned when it is used in the API request to search for the next page.

Exceptions

update_group(**kwargs)

For the specified group in the specified identity store, updates the group metadata and attributes.

See also: AWS API Documentation

Request Syntax

response = client.update_group(
    IdentityStoreId='string',
    GroupId='string',
    Operations=[
        {
            'AttributePath': 'string',
            'AttributeValue': {...}|[...]|123|123.4|'string'|True|None
        },
    ]
)
Parameters
  • IdentityStoreId (string) --

    [REQUIRED]

    The globally unique identifier for the identity store.

  • GroupId (string) --

    [REQUIRED]

    The identifier for a group in the identity store.

  • Operations (list) --

    [REQUIRED]

    A list of AttributeOperation objects to apply to the requested group. These operations might add, replace, or remove an attribute.

    • (dict) --

      An operation that applies to the requested group. This operation might add, replace, or remove an attribute.

      • AttributePath (string) -- [REQUIRED]

        A string representation of the path to a given attribute or sub-attribute. Supports JMESPath.

      • AttributeValue (document) --

        The value of the attribute. This is a Document type. This type is not supported by Java V1, Go V1, and older versions of the AWS CLI.

Return type

dict

Returns

Response Syntax

{}

Response Structure

  • (dict) --

Exceptions

update_user(**kwargs)

For the specified user in the specified identity store, updates the user metadata and attributes.

See also: AWS API Documentation

Request Syntax

response = client.update_user(
    IdentityStoreId='string',
    UserId='string',
    Operations=[
        {
            'AttributePath': 'string',
            'AttributeValue': {...}|[...]|123|123.4|'string'|True|None
        },
    ]
)
Parameters
  • IdentityStoreId (string) --

    [REQUIRED]

    The globally unique identifier for the identity store.

  • UserId (string) --

    [REQUIRED]

    The identifier for a user in the identity store.

  • Operations (list) --

    [REQUIRED]

    A list of AttributeOperation objects to apply to the requested user. These operations might add, replace, or remove an attribute.

    • (dict) --

      An operation that applies to the requested group. This operation might add, replace, or remove an attribute.

      • AttributePath (string) -- [REQUIRED]

        A string representation of the path to a given attribute or sub-attribute. Supports JMESPath.

      • AttributeValue (document) --

        The value of the attribute. This is a Document type. This type is not supported by Java V1, Go V1, and older versions of the AWS CLI.

Return type

dict

Returns

Response Syntax

{}

Response Structure

  • (dict) --

Exceptions

Client Exceptions

Client exceptions are available on a client instance via the exceptions property. For more detailed instructions and examples on the exact usage of client exceptions, see the error handling user guide.

The available client exceptions are:

class IdentityStore.Client.exceptions.AccessDeniedException

You do not have sufficient access to perform this action.

Example

try:
  ...
except client.exceptions.AccessDeniedException as e:
  print(e.response)
response

The parsed error response. All exceptions have a top level Error key that provides normalized access to common exception atrributes. All other keys are specific to this service or exception class.

Syntax

{
    'Message': 'string',
    'RequestId': 'string',
    'Error': {
        'Code': 'string',
        'Message': 'string'
    }
}

Structure

  • (dict) --

    You do not have sufficient access to perform this action.

    • Message (string) --

    • RequestId (string) --

      The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.

    • Error (dict) -- Normalized access to common exception attributes.

      • Code (string) -- An identifier specifying the exception type.
      • Message (string) -- A descriptive message explaining why the exception occured.
class IdentityStore.Client.exceptions.ConflictException

This request cannot be completed for one of the following reasons:

  • Performing the requested operation would violate an existing uniqueness claim in the identity store. Resolve the conflict before retrying this request.
  • The requested resource was being concurrently modified by another request.

Example

try:
  ...
except client.exceptions.ConflictException as e:
  print(e.response)
response

The parsed error response. All exceptions have a top level Error key that provides normalized access to common exception atrributes. All other keys are specific to this service or exception class.

Syntax

{
    'Message': 'string',
    'RequestId': 'string',
    'Reason': 'UNIQUENESS_CONSTRAINT_VIOLATION'|'CONCURRENT_MODIFICATION',
    'Error': {
        'Code': 'string',
        'Message': 'string'
    }
}

Structure

  • (dict) --

    This request cannot be completed for one of the following reasons:

    • Performing the requested operation would violate an existing uniqueness claim in the identity store. Resolve the conflict before retrying this request.
    • The requested resource was being concurrently modified by another request.
    • Message (string) --

    • RequestId (string) --

      The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.

    • Reason (string) --

      This request cannot be completed for one of the following reasons:

      • Performing the requested operation would violate an existing uniqueness claim in the identity store. Resolve the conflict before retrying this request.
      • The requested resource was being concurrently modified by another request.
    • Error (dict) -- Normalized access to common exception attributes.

      • Code (string) -- An identifier specifying the exception type.
      • Message (string) -- A descriptive message explaining why the exception occured.
class IdentityStore.Client.exceptions.InternalServerException

The request processing has failed because of an unknown error, exception or failure with an internal server.

Example

try:
  ...
except client.exceptions.InternalServerException as e:
  print(e.response)
response

The parsed error response. All exceptions have a top level Error key that provides normalized access to common exception atrributes. All other keys are specific to this service or exception class.

Syntax

{
    'Message': 'string',
    'RequestId': 'string',
    'RetryAfterSeconds': 123,
    'Error': {
        'Code': 'string',
        'Message': 'string'
    }
}

Structure

  • (dict) --

    The request processing has failed because of an unknown error, exception or failure with an internal server.

    • Message (string) --

    • RequestId (string) --

      The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.

    • RetryAfterSeconds (integer) --

      The number of seconds that you would like to wait before retrying the next request.

    • Error (dict) -- Normalized access to common exception attributes.

      • Code (string) -- An identifier specifying the exception type.
      • Message (string) -- A descriptive message explaining why the exception occured.
class IdentityStore.Client.exceptions.ResourceNotFoundException

Indicates that a requested resource is not found.

Example

try:
  ...
except client.exceptions.ResourceNotFoundException as e:
  print(e.response)
response

The parsed error response. All exceptions have a top level Error key that provides normalized access to common exception atrributes. All other keys are specific to this service or exception class.

Syntax

{
    'ResourceType': 'GROUP'|'USER'|'IDENTITY_STORE'|'GROUP_MEMBERSHIP',
    'ResourceId': 'string',
    'Message': 'string',
    'RequestId': 'string',
    'Error': {
        'Code': 'string',
        'Message': 'string'
    }
}

Structure

  • (dict) --

    Indicates that a requested resource is not found.

    • ResourceType (string) --

      An enum object indicating the type of resource in the identity store service. Valid values include USER, GROUP, and IDENTITY_STORE.

    • ResourceId (string) --

      The identifier for a resource in the identity store that can be used as UserId or GroupId . The format for ResourceId is either UUID or 1234567890-UUID , where UUID is a randomly generated value for each resource when it is created and 1234567890 represents the IdentityStoreId string value. In the case that the identity store is migrated from a legacy SSO identity store, the ResourceId for that identity store will be in the format of UUID . Otherwise, it will be in the 1234567890-UUID format.

    • Message (string) --

    • RequestId (string) --

      The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.

    • Error (dict) -- Normalized access to common exception attributes.

      • Code (string) -- An identifier specifying the exception type.
      • Message (string) -- A descriptive message explaining why the exception occured.
class IdentityStore.Client.exceptions.ServiceQuotaExceededException

The request would cause the number of users or groups in the identity store to exceed the maximum allowed.

Example

try:
  ...
except client.exceptions.ServiceQuotaExceededException as e:
  print(e.response)
response

The parsed error response. All exceptions have a top level Error key that provides normalized access to common exception atrributes. All other keys are specific to this service or exception class.

Syntax

{
    'Message': 'string',
    'RequestId': 'string',
    'Error': {
        'Code': 'string',
        'Message': 'string'
    }
}

Structure

  • (dict) --

    The request would cause the number of users or groups in the identity store to exceed the maximum allowed.

    • Message (string) --

    • RequestId (string) --

      The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.

    • Error (dict) -- Normalized access to common exception attributes.

      • Code (string) -- An identifier specifying the exception type.
      • Message (string) -- A descriptive message explaining why the exception occured.
class IdentityStore.Client.exceptions.ThrottlingException

Indicates that the principal has crossed the throttling limits of the API operations.

Example

try:
  ...
except client.exceptions.ThrottlingException as e:
  print(e.response)
response

The parsed error response. All exceptions have a top level Error key that provides normalized access to common exception atrributes. All other keys are specific to this service or exception class.

Syntax

{
    'Message': 'string',
    'RequestId': 'string',
    'RetryAfterSeconds': 123,
    'Error': {
        'Code': 'string',
        'Message': 'string'
    }
}

Structure

  • (dict) --

    Indicates that the principal has crossed the throttling limits of the API operations.

    • Message (string) --

    • RequestId (string) --

      The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.

    • RetryAfterSeconds (integer) --

      The number of seconds that you would like to wait before retrying the next request.

    • Error (dict) -- Normalized access to common exception attributes.

      • Code (string) -- An identifier specifying the exception type.
      • Message (string) -- A descriptive message explaining why the exception occured.
class IdentityStore.Client.exceptions.ValidationException

The request failed because it contains a syntax error.

Example

try:
  ...
except client.exceptions.ValidationException as e:
  print(e.response)
response

The parsed error response. All exceptions have a top level Error key that provides normalized access to common exception atrributes. All other keys are specific to this service or exception class.

Syntax

{
    'Message': 'string',
    'RequestId': 'string',
    'Error': {
        'Code': 'string',
        'Message': 'string'
    }
}

Structure

  • (dict) --

    The request failed because it contains a syntax error.

    • Message (string) --

    • RequestId (string) --

      The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.

    • Error (dict) -- Normalized access to common exception attributes.

      • Code (string) -- An identifier specifying the exception type.
      • Message (string) -- A descriptive message explaining why the exception occured.

Paginators

The available paginators are:

class IdentityStore.Paginator.ListGroupMemberships
paginator = client.get_paginator('list_group_memberships')
paginate(**kwargs)

Creates an iterator that will paginate through responses from IdentityStore.Client.list_group_memberships().

See also: AWS API Documentation

Request Syntax

response_iterator = paginator.paginate(
    IdentityStoreId='string',
    GroupId='string',
    PaginationConfig={
        'MaxItems': 123,
        'PageSize': 123,
        'StartingToken': 'string'
    }
)
Parameters
  • IdentityStoreId (string) --

    [REQUIRED]

    The globally unique identifier for the identity store.

  • GroupId (string) --

    [REQUIRED]

    The identifier for a group in the identity store.

  • PaginationConfig (dict) --

    A dictionary that provides parameters to control pagination.

    • MaxItems (integer) --

      The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.

    • PageSize (integer) --

      The size of each page.

    • StartingToken (string) --

      A token to specify where to start paginating. This is the NextToken from a previous response.

Return type

dict

Returns

Response Syntax

{
    'GroupMemberships': [
        {
            'IdentityStoreId': 'string',
            'MembershipId': 'string',
            'GroupId': 'string',
            'MemberId': {
                'UserId': 'string'
            }
        },
    ],

}

Response Structure

  • (dict) --

    • GroupMemberships (list) --

      A list of GroupMembership objects in the group.

      • (dict) --

        Contains the identifiers for a group, a group member, and a GroupMembership object in the identity store.

        • IdentityStoreId (string) --

          The globally unique identifier for the identity store.

        • MembershipId (string) --

          The identifier for a GroupMembership object in an identity store.

        • GroupId (string) --

          The identifier for a group in the identity store.

        • MemberId (dict) --

          An object that contains the identifier of a group member. Setting the UserID field to the specific identifier for a user indicates that the user is a member of the group.

          Note

          This is a Tagged Union structure. Only one of the following top level keys will be set: UserId. If a client receives an unknown member it will set SDK_UNKNOWN_MEMBER as the top level key, which maps to the name or tag of the unknown member. The structure of SDK_UNKNOWN_MEMBER is as follows:

          'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}
          
          • UserId (string) --

            An object containing the identifiers of resources that can be members.

class IdentityStore.Paginator.ListGroupMembershipsForMember
paginator = client.get_paginator('list_group_memberships_for_member')
paginate(**kwargs)

Creates an iterator that will paginate through responses from IdentityStore.Client.list_group_memberships_for_member().

See also: AWS API Documentation

Request Syntax

response_iterator = paginator.paginate(
    IdentityStoreId='string',
    MemberId={
        'UserId': 'string'
    },
    PaginationConfig={
        'MaxItems': 123,
        'PageSize': 123,
        'StartingToken': 'string'
    }
)
Parameters
  • IdentityStoreId (string) --

    [REQUIRED]

    The globally unique identifier for the identity store.

  • MemberId (dict) --

    [REQUIRED]

    An object that contains the identifier of a group member. Setting the UserID field to the specific identifier for a user indicates that the user is a member of the group.

    Note

    This is a Tagged Union structure. Only one of the following top level keys can be set: UserId.

    • UserId (string) --

      An object containing the identifiers of resources that can be members.

  • PaginationConfig (dict) --

    A dictionary that provides parameters to control pagination.

    • MaxItems (integer) --

      The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.

    • PageSize (integer) --

      The size of each page.

    • StartingToken (string) --

      A token to specify where to start paginating. This is the NextToken from a previous response.

Return type

dict

Returns

Response Syntax

{
    'GroupMemberships': [
        {
            'IdentityStoreId': 'string',
            'MembershipId': 'string',
            'GroupId': 'string',
            'MemberId': {
                'UserId': 'string'
            }
        },
    ],

}

Response Structure

  • (dict) --

    • GroupMemberships (list) --

      A list of GroupMembership objects in the group for a specified member.

      • (dict) --

        Contains the identifiers for a group, a group member, and a GroupMembership object in the identity store.

        • IdentityStoreId (string) --

          The globally unique identifier for the identity store.

        • MembershipId (string) --

          The identifier for a GroupMembership object in an identity store.

        • GroupId (string) --

          The identifier for a group in the identity store.

        • MemberId (dict) --

          An object that contains the identifier of a group member. Setting the UserID field to the specific identifier for a user indicates that the user is a member of the group.

          Note

          This is a Tagged Union structure. Only one of the following top level keys will be set: UserId. If a client receives an unknown member it will set SDK_UNKNOWN_MEMBER as the top level key, which maps to the name or tag of the unknown member. The structure of SDK_UNKNOWN_MEMBER is as follows:

          'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}
          
          • UserId (string) --

            An object containing the identifiers of resources that can be members.

class IdentityStore.Paginator.ListGroups
paginator = client.get_paginator('list_groups')
paginate(**kwargs)

Creates an iterator that will paginate through responses from IdentityStore.Client.list_groups().

See also: AWS API Documentation

Request Syntax

response_iterator = paginator.paginate(
    IdentityStoreId='string',
    Filters=[
        {
            'AttributePath': 'string',
            'AttributeValue': 'string'
        },
    ],
    PaginationConfig={
        'MaxItems': 123,
        'PageSize': 123,
        'StartingToken': 'string'
    }
)
Parameters
  • IdentityStoreId (string) --

    [REQUIRED]

    The globally unique identifier for the identity store, such as d-1234567890 . In this example, d- is a fixed prefix, and 1234567890 is a randomly generated string that contains numbers and lower case letters. This value is generated at the time that a new identity store is created.

  • Filters (list) --

    A list of Filter objects, which is used in the ListUsers and ListGroups requests.

    • (dict) --

      A query filter used by ListUsers and ListGroups . This filter object provides the attribute name and attribute value to search users or groups.

      • AttributePath (string) -- [REQUIRED]

        The attribute path that is used to specify which attribute name to search. Length limit is 255 characters. For example, UserName is a valid attribute path for the ListUsers API, and DisplayName is a valid attribute path for the ListGroups API.

      • AttributeValue (string) -- [REQUIRED]

        Represents the data for an attribute. Each attribute value is described as a name-value pair.

  • PaginationConfig (dict) --

    A dictionary that provides parameters to control pagination.

    • MaxItems (integer) --

      The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.

    • PageSize (integer) --

      The size of each page.

    • StartingToken (string) --

      A token to specify where to start paginating. This is the NextToken from a previous response.

Return type

dict

Returns

Response Syntax

{
    'Groups': [
        {
            'GroupId': 'string',
            'DisplayName': 'string',
            'ExternalIds': [
                {
                    'Issuer': 'string',
                    'Id': 'string'
                },
            ],
            'Description': 'string',
            'IdentityStoreId': 'string'
        },
    ],

}

Response Structure

  • (dict) --

    • Groups (list) --

      A list of Group objects in the identity store.

      • (dict) --

        A group object that contains a specified group’s metadata and attributes.

        • GroupId (string) --

          The identifier for a group in the identity store.

        • DisplayName (string) --

          The group’s display name value. The length limit is 1,024 characters. This value can consist of letters, accented characters, symbols, numbers, punctuation, tab, new line, carriage return, space, and nonbreaking space in this attribute. This value is specified at the time the group is created and stored as an attribute of the group object in the identity store.

        • ExternalIds (list) --

          A list of ExternalId objects that contains the identifiers issued to this resource by an external identity provider.

          • (dict) --

            The identifier issued to this resource by an external identity provider.

            • Issuer (string) --

              The issuer for an external identifier.

            • Id (string) --

              The identifier issued to this resource by an external identity provider.

        • Description (string) --

          A string containing a description of the specified group.

        • IdentityStoreId (string) --

          The globally unique identifier for the identity store.

class IdentityStore.Paginator.ListUsers
paginator = client.get_paginator('list_users')
paginate(**kwargs)

Creates an iterator that will paginate through responses from IdentityStore.Client.list_users().

See also: AWS API Documentation

Request Syntax

response_iterator = paginator.paginate(
    IdentityStoreId='string',
    Filters=[
        {
            'AttributePath': 'string',
            'AttributeValue': 'string'
        },
    ],
    PaginationConfig={
        'MaxItems': 123,
        'PageSize': 123,
        'StartingToken': 'string'
    }
)
Parameters
  • IdentityStoreId (string) --

    [REQUIRED]

    The globally unique identifier for the identity store, such as d-1234567890 . In this example, d- is a fixed prefix, and 1234567890 is a randomly generated string that contains numbers and lower case letters. This value is generated at the time that a new identity store is created.

  • Filters (list) --

    A list of Filter objects, which is used in the ListUsers and ListGroups requests.

    • (dict) --

      A query filter used by ListUsers and ListGroups . This filter object provides the attribute name and attribute value to search users or groups.

      • AttributePath (string) -- [REQUIRED]

        The attribute path that is used to specify which attribute name to search. Length limit is 255 characters. For example, UserName is a valid attribute path for the ListUsers API, and DisplayName is a valid attribute path for the ListGroups API.

      • AttributeValue (string) -- [REQUIRED]

        Represents the data for an attribute. Each attribute value is described as a name-value pair.

  • PaginationConfig (dict) --

    A dictionary that provides parameters to control pagination.

    • MaxItems (integer) --

      The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.

    • PageSize (integer) --

      The size of each page.

    • StartingToken (string) --

      A token to specify where to start paginating. This is the NextToken from a previous response.

Return type

dict

Returns

Response Syntax

{
    'Users': [
        {
            'UserName': 'string',
            'UserId': 'string',
            'ExternalIds': [
                {
                    'Issuer': 'string',
                    'Id': 'string'
                },
            ],
            'Name': {
                'Formatted': 'string',
                'FamilyName': 'string',
                'GivenName': 'string',
                'MiddleName': 'string',
                'HonorificPrefix': 'string',
                'HonorificSuffix': 'string'
            },
            'DisplayName': 'string',
            'NickName': 'string',
            'ProfileUrl': 'string',
            'Emails': [
                {
                    'Value': 'string',
                    'Type': 'string',
                    'Primary': True|False
                },
            ],
            'Addresses': [
                {
                    'StreetAddress': 'string',
                    'Locality': 'string',
                    'Region': 'string',
                    'PostalCode': 'string',
                    'Country': 'string',
                    'Formatted': 'string',
                    'Type': 'string',
                    'Primary': True|False
                },
            ],
            'PhoneNumbers': [
                {
                    'Value': 'string',
                    'Type': 'string',
                    'Primary': True|False
                },
            ],
            'UserType': 'string',
            'Title': 'string',
            'PreferredLanguage': 'string',
            'Locale': 'string',
            'Timezone': 'string',
            'IdentityStoreId': 'string'
        },
    ],

}

Response Structure

  • (dict) --

    • Users (list) --

      A list of User objects in the identity store.

      • (dict) --

        A user object that contains a specified user’s metadata and attributes.

        • UserName (string) --

          A unique string used to identify the user. The length limit is 128 characters. This value can consist of letters, accented characters, symbols, numbers, and punctuation. This value is specified at the time the user is created and stored as an attribute of the user object in the identity store.

        • UserId (string) --

          The identifier for a user in the identity store.

        • ExternalIds (list) --

          A list of ExternalId objects that contains the identifiers issued to this resource by an external identity provider.

          • (dict) --

            The identifier issued to this resource by an external identity provider.

            • Issuer (string) --

              The issuer for an external identifier.

            • Id (string) --

              The identifier issued to this resource by an external identity provider.

        • Name (dict) --

          An object containing the user's name.

          • Formatted (string) --

            A string containing a formatted version of the name for display.

          • FamilyName (string) --

            The family name of the user.

          • GivenName (string) --

            The given name of the user.

          • MiddleName (string) --

            The middle name of the user.

          • HonorificPrefix (string) --

            The honorific prefix of the user. For example, "Dr."

          • HonorificSuffix (string) --

            The honorific suffix of the user. For example, "M.D."

        • DisplayName (string) --

          A string containing the user's name that's formatted for display when the user is referenced. For example, "John Doe."

        • NickName (string) --

          A string containing an alternate name for the user.

        • ProfileUrl (string) --

          A string containing a URL that may be associated with the user.

        • Emails (list) --

          A list of Email objects containing email addresses associated with the user.

          • (dict) --

            The email address associated with the user.

            • Value (string) --

              A string containing an email address. For example, "johndoe@amazon.com."

            • Type (string) --

              A string representing the type of address. For example, "Work."

            • Primary (boolean) --

              A Boolean value representing whether this is the primary email address for the associated resource.

        • Addresses (list) --

          A list of Address objects containing addresses associated with the user.

          • (dict) --

            The address associated with the specified user.

            • StreetAddress (string) --

              The street of the address.

            • Locality (string) --

              A string of the address locality.

            • Region (string) --

              The region of the address.

            • PostalCode (string) --

              The postal code of the address.

            • Country (string) --

              The country of the address.

            • Formatted (string) --

              A string containing a formatted version of the address for display.

            • Type (string) --

              A string representing the type of address. For example, "Home."

            • Primary (boolean) --

              A Boolean value representing whether this is the primary address for the associated resource.

        • PhoneNumbers (list) --

          A list of PhoneNumber objects containing phone numbers associated with the user.

          • (dict) --

            The phone number associated with the user.

            • Value (string) --

              A string containing a phone number. For example, "8675309" or "+1 (800) 123-4567".

            • Type (string) --

              A string representing the type of a phone number. For example, "Mobile."

            • Primary (boolean) --

              A Boolean value representing whether this is the primary phone number for the associated resource.

        • UserType (string) --

          A string indicating the user's type. Possible values depend on each customer's specific needs, so they are left unspecified.

        • Title (string) --

          A string containing the user's title. Possible values depend on each customer's specific needs, so they are left unspecified.

        • PreferredLanguage (string) --

          A string containing the preferred language of the user. For example, "American English" or "en-us."

        • Locale (string) --

          A string containing the user's geographical region or location.

        • Timezone (string) --

          A string containing the user's time zone.

        • IdentityStoreId (string) --

          The globally unique identifier for the identity store.