IdentityStore

Client

class IdentityStore.Client

A low-level client representing AWS SSO Identity Store (IdentityStore):

client = session.create_client('identitystore')

These are the available methods:

can_paginate(operation_name)

Check if an operation can be paginated.

Parameters
operation_name (string) -- The operation name. This is the same name as the method name on the client. For example, if the method name is create_foo, and you'd normally invoke the operation as client.create_foo(**kwargs), if the create_foo operation can be paginated, you can use the call client.get_paginator("create_foo").
Returns
True if the operation can be paginated, False otherwise.
describe_group(**kwargs)

Retrieves the group metadata and attributes from GroupId in an identity store.

See also: AWS API Documentation

Request Syntax

response = client.describe_group(
    IdentityStoreId='string',
    GroupId='string'
)
Parameters
  • IdentityStoreId (string) --

    [REQUIRED]

    The globally unique identifier for the identity store, such as d-1234567890. In this example, d- is a fixed prefix, and 1234567890 is a randomly generated string which contains number and lower case letters. This value is generated at the time that a new identity store is created.

  • GroupId (string) --

    [REQUIRED]

    The identifier for a group in the identity store.

Return type

dict

Returns

Response Syntax

{
    'GroupId': 'string',
    'DisplayName': 'string'
}

Response Structure

  • (dict) --

    • GroupId (string) --

      The identifier for a group in the identity store.

    • DisplayName (string) --

      Contains the group’s display name value. The length limit is 1024 characters. This value can consist of letters, accented characters, symbols, numbers, punctuation, tab, new line, carriage return, space and non breaking space in this attribute. The characters “<>;:%” are excluded. This value is specified at the time the group is created and stored as an attribute of the group object in the identity store.

Exceptions

describe_user(**kwargs)

Retrieves the user metadata and attributes from UserId in an identity store.

See also: AWS API Documentation

Request Syntax

response = client.describe_user(
    IdentityStoreId='string',
    UserId='string'
)
Parameters
  • IdentityStoreId (string) --

    [REQUIRED]

    The globally unique identifier for the identity store, such as d-1234567890. In this example, d- is a fixed prefix, and 1234567890 is a randomly generated string which contains number and lower case letters. This value is generated at the time that a new identity store is created.

  • UserId (string) --

    [REQUIRED]

    The identifier for a user in the identity store.

Return type

dict

Returns

Response Syntax

{
    'UserName': 'string',
    'UserId': 'string'
}

Response Structure

  • (dict) --

    • UserName (string) --

      Contains the user’s username value. The length limit is 128 characters. This value can consist of letters, accented characters, symbols, numbers and punctuation. The characters “<>;:%” are excluded. This value is specified at the time the user is created and stored as an attribute of the user object in the identity store.

    • UserId (string) --

      The identifier for a user in the identity store.

Exceptions

generate_presigned_url(ClientMethod, Params=None, ExpiresIn=3600, HttpMethod=None)

Generate a presigned url given a client, its method, and arguments

Parameters
  • ClientMethod (string) -- The client method to presign for
  • Params (dict) -- The parameters normally passed to ClientMethod.
  • ExpiresIn (int) -- The number of seconds the presigned url is valid for. By default it expires in an hour (3600 seconds)
  • HttpMethod (string) -- The http method to use on the generated url. By default, the http method is whatever is used in the method's model.
Returns

The presigned url

get_paginator(operation_name)

Create a paginator for an operation.

Parameters
operation_name (string) -- The operation name. This is the same name as the method name on the client. For example, if the method name is create_foo, and you'd normally invoke the operation as client.create_foo(**kwargs), if the create_foo operation can be paginated, you can use the call client.get_paginator("create_foo").
Raises OperationNotPageableError
Raised if the operation is not pageable. You can use the client.can_paginate method to check if an operation is pageable.
Return type
L{botocore.paginate.Paginator}
Returns
A paginator object.
get_waiter(waiter_name)

Returns an object that can wait for some condition.

Parameters
waiter_name (str) -- The name of the waiter to get. See the waiters section of the service docs for a list of available waiters.
Returns
The specified waiter object.
Return type
botocore.waiter.Waiter
list_groups(**kwargs)

Lists the attribute name and value of the group that you specified in the search. We only support DisplayName as a valid filter attribute path currently, and filter is required. This API returns minimum attributes, including GroupId and group DisplayName in the response.

See also: AWS API Documentation

Request Syntax

response = client.list_groups(
    IdentityStoreId='string',
    MaxResults=123,
    NextToken='string',
    Filters=[
        {
            'AttributePath': 'string',
            'AttributeValue': 'string'
        },
    ]
)
Parameters
  • IdentityStoreId (string) --

    [REQUIRED]

    The globally unique identifier for the identity store, such as d-1234567890. In this example, d- is a fixed prefix, and 1234567890 is a randomly generated string which contains number and lower case letters. This value is generated at the time that a new identity store is created.

  • MaxResults (integer) -- The maximum number of results to be returned per request, which is used in the ListUsers and ListGroups request to specify how many results to return in one page. The length limit is 50 characters.
  • NextToken (string) -- The pagination token used for the ListUsers and ListGroups APIs. This value is generated by the identity store service and is returned in the API response if the total results are more than the size of one page, and when this token is used in the API request to search for the next page.
  • Filters (list) --

    A list of Filter objects, which is used in the ListUsers and ListGroups request.

    • (dict) --

      A query filter used by ListUsers and ListGroup . This filter object provides the attribute name and attribute value to search users or groups.

      • AttributePath (string) -- [REQUIRED]

        The attribute path used to specify which attribute name to search. Length limit is 255 characters. For example, UserName is a valid attribute path for the ListUsers API, and DisplayName is a valid attribute path for the ListGroups API.

      • AttributeValue (string) -- [REQUIRED]

        Represents the data for an attribute. Each attribute value is described as a name-value pair.

Return type

dict

Returns

Response Syntax

{
    'Groups': [
        {
            'GroupId': 'string',
            'DisplayName': 'string'
        },
    ],
    'NextToken': 'string'
}

Response Structure

  • (dict) --

    • Groups (list) --

      A list of Group objects in the identity store.

      • (dict) --

        A group object, which contains a specified group’s metadata and attributes.

        • GroupId (string) --

          The identifier for a group in the identity store.

        • DisplayName (string) --

          Contains the group’s display name value. The length limit is 1024 characters. This value can consist of letters, accented characters, symbols, numbers, punctuation, tab, new line, carriage return, space and non breaking space in this attribute. The characters “<>;:%” are excluded. This value is specified at the time the group is created and stored as an attribute of the group object in the identity store.

    • NextToken (string) --

      The pagination token used for the ListUsers and ListGroups APIs. This value is generated by the identity store service and is returned in the API response if the total results are more than the size of one page, and when this token is used in the API request to search for the next page.

Exceptions

list_users(**kwargs)

Lists the attribute name and value of the user that you specified in the search. We only support UserName as a valid filter attribute path currently, and filter is required. This API returns minimum attributes, including UserId and UserName in the response.

See also: AWS API Documentation

Request Syntax

response = client.list_users(
    IdentityStoreId='string',
    MaxResults=123,
    NextToken='string',
    Filters=[
        {
            'AttributePath': 'string',
            'AttributeValue': 'string'
        },
    ]
)
Parameters
  • IdentityStoreId (string) --

    [REQUIRED]

    The globally unique identifier for the identity store, such as d-1234567890. In this example, d- is a fixed prefix, and 1234567890 is a randomly generated string which contains number and lower case letters. This value is generated at the time that a new identity store is created.

  • MaxResults (integer) -- The maximum number of results to be returned per request, which is used in the ListUsers and ListGroups request to specify how many results to return in one page. The length limit is 50 characters.
  • NextToken (string) -- The pagination token used for the ListUsers and ListGroups APIs. This value is generated by the identity store service and is returned in the API response if the total results are more than the size of one page, and when this token is used in the API request to search for the next page.
  • Filters (list) --

    A list of Filter objects, which is used in the ListUsers and ListGroups request.

    • (dict) --

      A query filter used by ListUsers and ListGroup . This filter object provides the attribute name and attribute value to search users or groups.

      • AttributePath (string) -- [REQUIRED]

        The attribute path used to specify which attribute name to search. Length limit is 255 characters. For example, UserName is a valid attribute path for the ListUsers API, and DisplayName is a valid attribute path for the ListGroups API.

      • AttributeValue (string) -- [REQUIRED]

        Represents the data for an attribute. Each attribute value is described as a name-value pair.

Return type

dict

Returns

Response Syntax

{
    'Users': [
        {
            'UserName': 'string',
            'UserId': 'string'
        },
    ],
    'NextToken': 'string'
}

Response Structure

  • (dict) --

    • Users (list) --

      A list of User objects in the identity store.

      • (dict) --

        A user object, which contains a specified user’s metadata and attributes.

        • UserName (string) --

          Contains the user’s username value. The length limit is 128 characters. This value can consist of letters, accented characters, symbols, numbers and punctuation. The characters “<>;:%” are excluded. This value is specified at the time the user is created and stored as an attribute of the user object in the identity store.

        • UserId (string) --

          The identifier for a user in the identity store.

    • NextToken (string) --

      The pagination token used for the ListUsers and ListGroups APIs. This value is generated by the identity store service and is returned in the API response if the total results are more than the size of one page, and when this token is used in the API request to search for the next page.

Exceptions

Client Exceptions

Client exceptions are available on a client instance via the exceptions property. For more detailed instructions and examples on the exact usage of client exceptions, see the error handling user guide.

The available client exceptions are:

class IdentityStore.Client.exceptions.AccessDeniedException

You do not have sufficient access to perform this action.

Example

try:
  ...
except client.exceptions.AccessDeniedException as e:
  print(e.response)
response

The parsed error response. All exceptions have a top level Error key that provides normalized access to common exception atrributes. All other keys are specific to this service or exception class.

Syntax

{
    'Message': 'string',
    'RequestId': 'string',
    'Error': {
        'Code': 'string',
        'Message': 'string'
    }
}

Structure

  • (dict) --

    You do not have sufficient access to perform this action.

    • Message (string) --

    • RequestId (string) --

      The identifier for each request. This value is a globally unique ID that is generated by the Identity Store service for each sent request, and is then returned inside the exception if the request fails.

    • Error (dict) -- Normalized access to common exception attributes.

      • Code (string) -- An identifier specifying the exception type.
      • Message (string) -- A descriptive message explaining why the exception occured.
class IdentityStore.Client.exceptions.InternalServerException

The request processing has failed because of an unknown error, exception or failure with an internal server.

Example

try:
  ...
except client.exceptions.InternalServerException as e:
  print(e.response)
response

The parsed error response. All exceptions have a top level Error key that provides normalized access to common exception atrributes. All other keys are specific to this service or exception class.

Syntax

{
    'Message': 'string',
    'RequestId': 'string',
    'Error': {
        'Code': 'string',
        'Message': 'string'
    }
}

Structure

  • (dict) --

    The request processing has failed because of an unknown error, exception or failure with an internal server.

    • Message (string) --

    • RequestId (string) --

      The identifier for each request. This value is a globally unique ID that is generated by the Identity Store service for each sent request, and is then returned inside the exception if the request fails.

    • Error (dict) -- Normalized access to common exception attributes.

      • Code (string) -- An identifier specifying the exception type.
      • Message (string) -- A descriptive message explaining why the exception occured.
class IdentityStore.Client.exceptions.ResourceNotFoundException

Indicates that a requested resource is not found.

Example

try:
  ...
except client.exceptions.ResourceNotFoundException as e:
  print(e.response)
response

The parsed error response. All exceptions have a top level Error key that provides normalized access to common exception atrributes. All other keys are specific to this service or exception class.

Syntax

{
    'ResourceType': 'GROUP'|'USER'|'IDENTITY_STORE',
    'ResourceId': 'string',
    'Message': 'string',
    'RequestId': 'string',
    'Error': {
        'Code': 'string',
        'Message': 'string'
    }
}

Structure

  • (dict) --

    Indicates that a requested resource is not found.

    • ResourceType (string) --

      The type of resource in the Identity Store service, which is an enum object. Valid values include USER, GROUP, and IDENTITY_STORE.

    • ResourceId (string) --

      The identifier for a resource in the identity store, which can be used as UserId or GroupId . The format for ResourceId is either UUID or 1234567890-UUID , where UUID is a randomly generated value for each resource when it is created and 1234567890 represents the IdentityStoreId string value. In the case that the identity store is migrated from a legacy SSO identity store, the ResourceId for that identity store will be in the format of UUID . Otherwise, it will be in the 1234567890-UUID format.

    • Message (string) --

    • RequestId (string) --

      The identifier for each request. This value is a globally unique ID that is generated by the Identity Store service for each sent request, and is then returned inside the exception if the request fails.

    • Error (dict) -- Normalized access to common exception attributes.

      • Code (string) -- An identifier specifying the exception type.
      • Message (string) -- A descriptive message explaining why the exception occured.
class IdentityStore.Client.exceptions.ThrottlingException

Indicates that the principal has crossed the throttling limits of the API operations.

Example

try:
  ...
except client.exceptions.ThrottlingException as e:
  print(e.response)
response

The parsed error response. All exceptions have a top level Error key that provides normalized access to common exception atrributes. All other keys are specific to this service or exception class.

Syntax

{
    'Message': 'string',
    'RequestId': 'string',
    'Error': {
        'Code': 'string',
        'Message': 'string'
    }
}

Structure

  • (dict) --

    Indicates that the principal has crossed the throttling limits of the API operations.

    • Message (string) --

    • RequestId (string) --

      The identifier for each request. This value is a globally unique ID that is generated by the Identity Store service for each sent request, and is then returned inside the exception if the request fails.

    • Error (dict) -- Normalized access to common exception attributes.

      • Code (string) -- An identifier specifying the exception type.
      • Message (string) -- A descriptive message explaining why the exception occured.
class IdentityStore.Client.exceptions.ValidationException

The request failed because it contains a syntax error.

Example

try:
  ...
except client.exceptions.ValidationException as e:
  print(e.response)
response

The parsed error response. All exceptions have a top level Error key that provides normalized access to common exception atrributes. All other keys are specific to this service or exception class.

Syntax

{
    'Message': 'string',
    'RequestId': 'string',
    'Error': {
        'Code': 'string',
        'Message': 'string'
    }
}

Structure

  • (dict) --

    The request failed because it contains a syntax error.

    • Message (string) --

    • RequestId (string) --

      The identifier for each request. This value is a globally unique ID that is generated by the Identity Store service for each sent request, and is then returned inside the exception if the request fails.

    • Error (dict) -- Normalized access to common exception attributes.

      • Code (string) -- An identifier specifying the exception type.
      • Message (string) -- A descriptive message explaining why the exception occured.

Paginators

The available paginators are: