Service: AWS IAM Identity Center (successor to AWS Single Sign-On)
Short Name:
sso
ARN Format:
arn:aws:sso:::${RelativeId}ARN Regex:
^arn:aws:sso:::.+ReadOnlyAccess
…
AWSGrafanaWorkspacePermissionManagementV2Action | Access | Reference | Description |
|---|---|---|---|
| sso:ListAccountAssignmentCreationStatus | Docs | Grants permission to list the status of the AWS account assignment creation requests for a specified SSO instance | |
| sso:ListAccountAssignmentDeletionStatus | Docs | Grants permission to list the status of the AWS account assignment deletion requests for a specified SSO instance | |
| sso:ListAccountAssignments | Docs | Grants permission to list the assignee of the specified AWS account with the specified permission set | |
| sso:ListAccountAssignmentsForPrincipal | Docs | Grants permission to list accounts assigned to user or group | |
| sso:ListAccountsForProvisionedPermissionSet | Docs | Grants permission to list all the AWS accounts where the specified permission set is provisioned | |
| sso:ListApplicationAccessScopes | Docs | Grants permission to list access scopes to an application | |
| sso:ListApplicationAssignments | Docs | Grants permission to list application assignments | |
| sso:ListApplicationAssignmentsForPrincipal | Docs | Grants permission to list applications assigned to user or group | |
| sso:ListApplicationAuthenticationMethods | Docs | Grants permission to list authentication methods to an application | |
| sso:ListApplicationGrants | Docs | Grants permission to list grants from an application | |
| sso:ListApplicationInstances | Docs | Grants permission to retrieve all application instances | |
| sso:ListApplicationProviders | Docs | Grants permission to list application providers | |
| sso:ListApplications | Docs | Grants permission to retrieve all applications associated with the instance of IAM Identity Center | |
| sso:ListApplicationTemplates | Docs | Grants permission to retrieve all supported application templates | |
| sso:ListCustomerManagedPolicyReferencesInPermissionSet | Docs | Grants permission to list the customer managed policy references that are attached to a permission set | |
| sso:ListInstances | Docs | Grants permission to list the SSO Instances that the caller has access to | |
| sso:ListManagedPoliciesInPermissionSet | Docs | Grants permission to list the AWS managed policies that are attached to a specified permission set | |
| sso:ListPermissionSetProvisioningStatus | Docs | Grants permission to list the status of the Permission Set Provisioning requests for a specified SSO instance | |
| sso:ListPermissionSets | Docs | Grants permission to retrieve all permission sets | |
| sso:ListPermissionSetsProvisionedToAccount | Docs | Grants permission to list all the permission sets that are provisioned to a specified AWS account | |
| sso:ListProfiles | Docs | Grants permission to retrieve all profiles for an application instance | |
| sso:ListTrustedTokenIssuers | Docs | Grants permission to list trusted token issuers for an instance | |
| sso:AttachCustomerManagedPolicyReferenceToPermissionSet | Docs | Grants permission to attach a customer managed policy reference to a permission set | |
| sso:AttachManagedPolicyToPermissionSet | Docs | Grants permission to attach an AWS managed policy to a permission set | |
| sso:DeletePermissionsBoundaryFromPermissionSet | Docs | Grants permission to remove permissions boundary from a permission set | |
| sso:DeletePermissionsPolicy | Docs | Grants permission to delete the permission policy associated with a permission set | |
| sso:DetachCustomerManagedPolicyReferenceFromPermissionSet | Docs | Grants permission to detach a customer managed policy reference from a permission set | |
| sso:DetachManagedPolicyFromPermissionSet | Docs | Grants permission to detach the attached AWS managed policy from the specified permission set | |
| sso:PutPermissionsBoundaryToPermissionSet | Docs | Grants permission to add permissions boundary to a permission set | |
| sso:PutPermissionsPolicy | Docs | Grants permission to add a policy to a permission set | |
| sso:UpdatePermissionSet | Docs | Grants permission to update the permission set | |
| sso:DescribeAccountAssignmentCreationStatus | Docs | Grants permission to describe the status of the assignment creation request | |
| sso:DescribeAccountAssignmentDeletionStatus | Docs | Grants permission to describe the status of an assignment deletion request | |
| sso:DescribeApplication | Docs | Grants permission to obtain information about an application | |
| sso:DescribeApplicationAssignment | Docs | Grants permission to retrieve an application assignment | |
| sso:DescribeApplicationProvider | Docs | Grants permission to describe an application provider | |
| sso:DescribeDirectories | Docs | Grants permission to obtain information about the directories for this account | |
| sso:DescribeInstance | Docs | Grants permission to obtain information about an identity center instance | |
| sso:DescribeInstanceAccessControlAttributeConfiguration | Docs | Grants permission to get the list of attributes used by the instance for ABAC | |
| sso:DescribePermissionSet | Docs | Grants permission to describe a permission set | |
| sso:DescribePermissionSetProvisioningStatus | Docs | Grants permission to describe the status for the given Permission Set Provisioning request | |
| sso:DescribePermissionsPolicies | Docs | Grants permission to retrieve all the permissions policies associated with a permission set | |
| sso:DescribeRegisteredRegions | Docs | Grants permission to obtain the regions where your organization has enabled AWS IAM Identity Center | |
| sso:DescribeTrustedTokenIssuer | Docs | Grants permission to describe a trusted token issuer for an instance | |
| sso:DescribeTrusts | Docs | Grants permission to obtain information about the trust relationships for this account | |
| sso:GetApplicationAccessScope | Docs | Grants permission to get an access scope to an application | |
| sso:GetApplicationAssignmentConfiguration | Docs | Grants permission to read assignment configurations for an application | |
| sso:GetApplicationAuthenticationMethod | Docs | Grants permission to get an authentication method to an application | |
| sso:GetApplicationGrant | Docs | Grants permission to obtain details about a grant belonging to an application | |
| sso:GetApplicationInstance | Docs | Grants permission to retrieve details for an application instance | |
| sso:GetApplicationTemplate | Docs | Grants permission to retrieve application template details | |
| sso:GetInlinePolicyForPermissionSet | Docs | Grants permission to obtain the inline policy assigned to the permission set | |
| sso:GetManagedApplicationInstance | Docs | Grants permission to retrieve details for an application instance | |
| sso:GetMfaDeviceManagementForDirectory | Docs | Grants permission to retrieve Mfa Device Management settings for the directory | |
| sso:GetPermissionsBoundaryForPermissionSet | Docs | Grants permission to get permissions boundary for a permission set | |
| sso:GetPermissionSet | Docs | Grants permission to retrieve details of a permission set | |
| sso:GetPermissionsPolicy | Docs | Grants permission to retrieve all permission policies associated with a permission set | |
| sso:GetProfile | Docs | Grants permission to retrieve a profile for an application instance | |
| sso:GetSharedSsoConfiguration | Docs | Grants permission to retrieve shared configuration for the current SSO instance | |
| sso:GetSsoConfiguration | Docs | Grants permission to retrieve configuration for the current SSO instance | |
| sso:GetSSOStatus | Docs | Grants permission to check if AWS IAM Identity Center is enabled | |
| sso:GetTrust | Docs | Grants permission to retrieve the federation trust in a target account | |
| sso:ListApplicationInstanceCertificates | Docs | Grants permission to retrieve all of the certificates for a given application instance | |
| sso:ListDirectoryAssociations | Docs | Grants permission to retrieve details about the directory connected to AWS IAM Identity Center | |
| sso:ListProfileAssociations | Docs | Grants permission to retrieve the directory user or group associated with the profile | |
| sso:ListTagsForResource | Docs | Grants permission to list the tags that are attached to a specified resource | |
| sso:SearchGroups | Docs | Grants permission to search for groups within the associated directory | |
| sso:SearchUsers | Docs | Grants permission to search for users within the associated directory | |
| sso:TagResource | Docs | Grants permission to associate a set of tags with a specified resource | |
| sso:UntagResource | Docs | Grants permission to disassociate a set of tags from a specified resource | |
| sso:AssociateDirectory | Docs | Grants permission to connect a directory to be used by AWS IAM Identity Center | |
| sso:AssociateProfile | Docs | Grants permission to create an association between a directory user or group and a profile | |
| sso:CreateAccountAssignment | Docs | Grants permission to assign access to a Principal for a specified AWS account using a specified permission set | |
| sso:CreateApplication | Docs | Grants permission to create an application | |
| sso:CreateApplicationAssignment | Docs | Grants permission to create an application assignment | |
| sso:CreateApplicationInstance | Docs | Grants permission to add an application instance to AWS IAM Identity Center | |
| sso:CreateApplicationInstanceCertificate | Docs | Grants permission to add a new certificate for an application instance | |
| sso:CreateInstance | Docs | Grants permission to create an identity center instance | |
| sso:CreateInstanceAccessControlAttributeConfiguration | Docs | Grants permission to enable the instance for ABAC and specify the attributes | |
| sso:CreateManagedApplicationInstance | Docs | Grants permission to add a managed application instance to AWS IAM Identity Center | |
| sso:CreatePermissionSet | Docs | Grants permission to create a permission set | |
| sso:CreateProfile | Docs | Grants permission to create a profile for an application instance | |
| sso:CreateTrust | Docs | Grants permission to create a federation trust in a target account | |
| sso:CreateTrustedTokenIssuer | Docs | Grants permission to create a trusted token issuer for an instance | |
| sso:DeleteAccountAssignment | Docs | Grants permission to delete a Principal's access from a specified AWS account using a specified permission set | |
| sso:DeleteApplication | Docs | Grants permission to delete an application | |
| sso:DeleteApplicationAccessScope | Docs | Grants permission to delete an access scope to an application | |
| sso:DeleteApplicationAssignment | Docs | Grants permission to delete an application assignment | |
| sso:DeleteApplicationAuthenticationMethod | Docs | Grants permission to delete an authentication method to an application | |
| sso:DeleteApplicationGrant | Docs | Grants permission to delete a grant from an application | |
| sso:DeleteApplicationInstance | Docs | Grants permission to delete the application instance | |
| sso:DeleteApplicationInstanceCertificate | Docs | Grants permission to delete an inactive or expired certificate from the application instance | |
| sso:DeleteInlinePolicyFromPermissionSet | Docs | Grants permission to delete the inline policy from a specified permission set | |
| sso:DeleteInstance | Docs | Grants permission to delete an identity center instance | |
| sso:DeleteInstanceAccessControlAttributeConfiguration | Docs | Grants permission to disable ABAC and remove the attributes list for the instance | |
| sso:DeleteManagedApplicationInstance | Docs | Grants permission to delete the managed application instance | |
| sso:DeletePermissionSet | Docs | Grants permission to delete a permission set | |
| sso:DeleteProfile | Docs | Grants permission to delete the profile for an application instance | |
| sso:DeleteTrustedTokenIssuer | Docs | Grants permission to delete a trusted token issuer for an instance | |
| sso:DisassociateDirectory | Docs | Grants permission to disassociate a directory to be used by AWS IAM Identity Center | |
| sso:DisassociateProfile | Docs | Grants permission to disassociate a directory user or group from a profile | |
| sso:ImportApplicationInstanceServiceProviderMetadata | Docs | Grants permission to update the application instance by uploading an application SAML metadata file provided by the service provider | |
| sso:ProvisionPermissionSet | Docs | Grants permission to provision a specified permission set to the specified target | |
| sso:PutApplicationAccessScope | Docs | Grants permission to create/update an access scope to an application | |
| sso:PutApplicationAssignmentConfiguration | Docs | Grants permission to add assignment configurations to an application | |
| sso:PutApplicationAuthenticationMethod | Docs | Grants permission to create/update an authentication method to an application | |
| sso:PutApplicationGrant | Docs | Grants permission to create/update a grant to an application | |
| sso:PutInlinePolicyToPermissionSet | Docs | Grants permission to attach an IAM inline policy to a permission set | |
| sso:PutMfaDeviceManagementForDirectory | Docs | Grants permission to put Mfa Device Management settings for the directory | |
| sso:StartSSO | Docs | Grants permission to initialize AWS IAM Identity Center | |
| sso:UpdateApplication | Docs | Grants permission to update an application | |
| sso:UpdateApplicationInstanceActiveCertificate | Docs | Grants permission to set a certificate as the active one for this application instance | |
| sso:UpdateApplicationInstanceDisplayData | Docs | Grants permission to update display data of an application instance | |
| sso:UpdateApplicationInstanceResponseConfiguration | Docs | Grants permission to update federation response configuration for the application instance | |
| sso:UpdateApplicationInstanceResponseSchemaConfiguration | Docs | Grants permission to update federation response schema configuration for the application instance | |
| sso:UpdateApplicationInstanceSecurityConfiguration | Docs | Grants permission to update security details for the application instance | |
| sso:UpdateApplicationInstanceServiceProviderConfiguration | Docs | Grants permission to update service provider related configuration for the application instance | |
| sso:UpdateApplicationInstanceStatus | Docs | Grants permission to update the status of an application instance | |
| sso:UpdateDirectoryAssociation | Docs | Grants permission to update the user attribute mappings for your connected directory | |
| sso:UpdateInstance | Docs | Grants permission to update an identity center instance | |
| sso:UpdateInstanceAccessControlAttributeConfiguration | Docs | Grants permission to update the attributes to use with the instance for ABAC | |
| sso:UpdateManagedApplicationInstanceStatus | Docs | Grants permission to update the status of a managed application instance | |
| sso:UpdateProfile | Docs | Grants permission to update the profile for an application instance | |
| sso:UpdateSSOConfiguration | Docs | Grants permission to update the configuration for the current SSO instance | |
| sso:UpdateTrust | Docs | Grants permission to update the federation trust in a target account | |
| sso:UpdateTrustedTokenIssuer | Docs | Grants permission to update a trusted token issuer for an instance |
aws:RequestTag/${TagKey}aws:ResourceTag/${TagKey}aws:TagKeyssso:ApplicationAccount