SSO-ADMIN
AttachCustomerManagedPolicyReferenceToPermissionSet
valid {
input.Body.CustomerManagedPolicyReference.Name == STRING
input.Body.CustomerManagedPolicyReference.Path == STRING
input.Body.InstanceArn == STRING
input.Body.PermissionSetArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
AttachManagedPolicyToPermissionSet
valid {
input.Body.InstanceArn == STRING
input.Body.ManagedPolicyArn == STRING
input.Body.PermissionSetArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
CreateAccountAssignment
enum_PrincipalType := [ "USER", "GROUP" ]
enum_TargetType := [ "AWS_ACCOUNT" ]
valid {
input.Body.InstanceArn == STRING
input.Body.PermissionSetArn == STRING
input.Body.PrincipalId == STRING
input.Body.PrincipalType == enum_PrincipalType[_]
input.Body.TargetId == STRING
input.Body.TargetType == enum_TargetType[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
CreateApplication
enum_ApplicationStatus := [ "ENABLED", "DISABLED" ]
enum_ApplicationVisibility := [ "ENABLED", "DISABLED" ]
enum_SignInOrigin := [ "IDENTITY_CENTER", "APPLICATION" ]
valid {
input.Body.ApplicationProviderArn == STRING
input.Body.ClientToken == STRING
input.Body.Description == STRING
input.Body.InstanceArn == STRING
input.Body.Name == STRING
input.Body.PortalOptions.SignInOptions.ApplicationUrl == STRING
input.Body.PortalOptions.SignInOptions.Origin == enum_SignInOrigin[_]
input.Body.PortalOptions.Visibility == enum_ApplicationVisibility[_]
input.Body.Status == enum_ApplicationStatus[_]
input.Body.Tags[_].Key == STRING
input.Body.Tags[_].Value == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
CreateApplicationAssignment
enum_PrincipalType := [ "USER", "GROUP" ]
valid {
input.Body.ApplicationArn == STRING
input.Body.PrincipalId == STRING
input.Body.PrincipalType == enum_PrincipalType[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
CreateInstance
valid {
input.Body.ClientToken == STRING
input.Body.Name == STRING
input.Body.Tags[_].Key == STRING
input.Body.Tags[_].Value == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
CreateInstanceAccessControlAttributeConfiguration
valid {
input.Body.InstanceAccessControlAttributeConfiguration.AccessControlAttributes[_].Key == STRING
input.Body.InstanceAccessControlAttributeConfiguration.AccessControlAttributes[_].Value.Source[_] == STRING
input.Body.InstanceArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
CreatePermissionSet
valid {
input.Body.Description == STRING
input.Body.InstanceArn == STRING
input.Body.Name == STRING
input.Body.RelayState == STRING
input.Body.SessionDuration == STRING
input.Body.Tags[_].Key == STRING
input.Body.Tags[_].Value == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
CreateTrustedTokenIssuer
enum_JwksRetrievalOption := [ "OPEN_ID_DISCOVERY" ]
enum_TrustedTokenIssuerType := [ "OIDC_JWT" ]
valid {
input.Body.ClientToken == STRING
input.Body.InstanceArn == STRING
input.Body.Name == STRING
input.Body.Tags[_].Key == STRING
input.Body.Tags[_].Value == STRING
input.Body.TrustedTokenIssuerConfiguration.OidcJwtConfiguration.ClaimAttributePath == STRING
input.Body.TrustedTokenIssuerConfiguration.OidcJwtConfiguration.IdentityStoreAttributePath == STRING
input.Body.TrustedTokenIssuerConfiguration.OidcJwtConfiguration.IssuerUrl == STRING
input.Body.TrustedTokenIssuerConfiguration.OidcJwtConfiguration.JwksRetrievalOption == enum_JwksRetrievalOption[_]
input.Body.TrustedTokenIssuerType == enum_TrustedTokenIssuerType[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteAccountAssignment
enum_PrincipalType := [ "USER", "GROUP" ]
enum_TargetType := [ "AWS_ACCOUNT" ]
valid {
input.Body.InstanceArn == STRING
input.Body.PermissionSetArn == STRING
input.Body.PrincipalId == STRING
input.Body.PrincipalType == enum_PrincipalType[_]
input.Body.TargetId == STRING
input.Body.TargetType == enum_TargetType[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteApplication
valid {
input.Body.ApplicationArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteApplicationAccessScope
valid {
input.Body.ApplicationArn == STRING
input.Body.Scope == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteApplicationAssignment
enum_PrincipalType := [ "USER", "GROUP" ]
valid {
input.Body.ApplicationArn == STRING
input.Body.PrincipalId == STRING
input.Body.PrincipalType == enum_PrincipalType[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteApplicationAuthenticationMethod
enum_AuthenticationMethodType := [ "IAM" ]
valid {
input.Body.ApplicationArn == STRING
input.Body.AuthenticationMethodType == enum_AuthenticationMethodType[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteApplicationGrant
enum_GrantType := [ "authorization_code", "refresh_token", "urn:ietf:params:oauth:grant-type:jwt-bearer", "urn:ietf:params:oauth:grant-type:token-exchange" ]
valid {
input.Body.ApplicationArn == STRING
input.Body.GrantType == enum_GrantType[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteInlinePolicyFromPermissionSet
valid {
input.Body.InstanceArn == STRING
input.Body.PermissionSetArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteInstance
valid {
input.Body.InstanceArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteInstanceAccessControlAttributeConfiguration
valid {
input.Body.InstanceArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeletePermissionSet
valid {
input.Body.InstanceArn == STRING
input.Body.PermissionSetArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeletePermissionsBoundaryFromPermissionSet
valid {
input.Body.InstanceArn == STRING
input.Body.PermissionSetArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteTrustedTokenIssuer
valid {
input.Body.TrustedTokenIssuerArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DescribeAccountAssignmentCreationStatus
valid {
input.Body.AccountAssignmentCreationRequestId == STRING
input.Body.InstanceArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DescribeAccountAssignmentDeletionStatus
valid {
input.Body.AccountAssignmentDeletionRequestId == STRING
input.Body.InstanceArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DescribeApplication
valid {
input.Body.ApplicationArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DescribeApplicationAssignment
enum_PrincipalType := [ "USER", "GROUP" ]
valid {
input.Body.ApplicationArn == STRING
input.Body.PrincipalId == STRING
input.Body.PrincipalType == enum_PrincipalType[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DescribeApplicationProvider
valid {
input.Body.ApplicationProviderArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DescribeInstance
valid {
input.Body.InstanceArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DescribeInstanceAccessControlAttributeConfiguration
valid {
input.Body.InstanceArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DescribePermissionSet
valid {
input.Body.InstanceArn == STRING
input.Body.PermissionSetArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DescribePermissionSetProvisioningStatus
valid {
input.Body.InstanceArn == STRING
input.Body.ProvisionPermissionSetRequestId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DescribeTrustedTokenIssuer
valid {
input.Body.TrustedTokenIssuerArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DetachCustomerManagedPolicyReferenceFromPermissionSet
valid {
input.Body.CustomerManagedPolicyReference.Name == STRING
input.Body.CustomerManagedPolicyReference.Path == STRING
input.Body.InstanceArn == STRING
input.Body.PermissionSetArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DetachManagedPolicyFromPermissionSet
valid {
input.Body.InstanceArn == STRING
input.Body.ManagedPolicyArn == STRING
input.Body.PermissionSetArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetApplicationAccessScope
valid {
input.Body.ApplicationArn == STRING
input.Body.Scope == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetApplicationAssignmentConfiguration
valid {
input.Body.ApplicationArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetApplicationAuthenticationMethod
enum_AuthenticationMethodType := [ "IAM" ]
valid {
input.Body.ApplicationArn == STRING
input.Body.AuthenticationMethodType == enum_AuthenticationMethodType[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetApplicationGrant
enum_GrantType := [ "authorization_code", "refresh_token", "urn:ietf:params:oauth:grant-type:jwt-bearer", "urn:ietf:params:oauth:grant-type:token-exchange" ]
valid {
input.Body.ApplicationArn == STRING
input.Body.GrantType == enum_GrantType[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetInlinePolicyForPermissionSet
valid {
input.Body.InstanceArn == STRING
input.Body.PermissionSetArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetPermissionsBoundaryForPermissionSet
valid {
input.Body.InstanceArn == STRING
input.Body.PermissionSetArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListAccountAssignmentCreationStatus
enum_StatusValues := [ "IN_PROGRESS", "FAILED", "SUCCEEDED" ]
valid {
input.Body.Filter.Status == enum_StatusValues[_]
input.Body.InstanceArn == STRING
input.Body.MaxResults == INTEGER
input.Body.NextToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListAccountAssignmentDeletionStatus
enum_StatusValues := [ "IN_PROGRESS", "FAILED", "SUCCEEDED" ]
valid {
input.Body.Filter.Status == enum_StatusValues[_]
input.Body.InstanceArn == STRING
input.Body.MaxResults == INTEGER
input.Body.NextToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListAccountAssignments
valid {
input.Body.AccountId == STRING
input.Body.InstanceArn == STRING
input.Body.MaxResults == INTEGER
input.Body.NextToken == STRING
input.Body.PermissionSetArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListAccountAssignmentsForPrincipal
enum_PrincipalType := [ "USER", "GROUP" ]
valid {
input.Body.Filter.AccountId == STRING
input.Body.InstanceArn == STRING
input.Body.MaxResults == INTEGER
input.Body.NextToken == STRING
input.Body.PrincipalId == STRING
input.Body.PrincipalType == enum_PrincipalType[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListAccountsForProvisionedPermissionSet
enum_ProvisioningStatus := [ "LATEST_PERMISSION_SET_PROVISIONED", "LATEST_PERMISSION_SET_NOT_PROVISIONED" ]
valid {
input.Body.InstanceArn == STRING
input.Body.MaxResults == INTEGER
input.Body.NextToken == STRING
input.Body.PermissionSetArn == STRING
input.Body.ProvisioningStatus == enum_ProvisioningStatus[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListApplicationAccessScopes
valid {
input.Body.ApplicationArn == STRING
input.Body.MaxResults == INTEGER
input.Body.NextToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListApplicationAssignments
valid {
input.Body.ApplicationArn == STRING
input.Body.MaxResults == INTEGER
input.Body.NextToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListApplicationAssignmentsForPrincipal
enum_PrincipalType := [ "USER", "GROUP" ]
valid {
input.Body.Filter.ApplicationArn == STRING
input.Body.InstanceArn == STRING
input.Body.MaxResults == INTEGER
input.Body.NextToken == STRING
input.Body.PrincipalId == STRING
input.Body.PrincipalType == enum_PrincipalType[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListApplicationAuthenticationMethods
valid {
input.Body.ApplicationArn == STRING
input.Body.NextToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListApplicationGrants
valid {
input.Body.ApplicationArn == STRING
input.Body.NextToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListApplicationProviders
valid {
input.Body.MaxResults == INTEGER
input.Body.NextToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListApplications
valid {
input.Body.Filter.ApplicationAccount == STRING
input.Body.Filter.ApplicationProvider == STRING
input.Body.InstanceArn == STRING
input.Body.MaxResults == INTEGER
input.Body.NextToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListCustomerManagedPolicyReferencesInPermissionSet
valid {
input.Body.InstanceArn == STRING
input.Body.MaxResults == INTEGER
input.Body.NextToken == STRING
input.Body.PermissionSetArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListInstances
valid {
input.Body.MaxResults == INTEGER
input.Body.NextToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListManagedPoliciesInPermissionSet
valid {
input.Body.InstanceArn == STRING
input.Body.MaxResults == INTEGER
input.Body.NextToken == STRING
input.Body.PermissionSetArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListPermissionSetProvisioningStatus
enum_StatusValues := [ "IN_PROGRESS", "FAILED", "SUCCEEDED" ]
valid {
input.Body.Filter.Status == enum_StatusValues[_]
input.Body.InstanceArn == STRING
input.Body.MaxResults == INTEGER
input.Body.NextToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListPermissionSets
valid {
input.Body.InstanceArn == STRING
input.Body.MaxResults == INTEGER
input.Body.NextToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListPermissionSetsProvisionedToAccount
enum_ProvisioningStatus := [ "LATEST_PERMISSION_SET_PROVISIONED", "LATEST_PERMISSION_SET_NOT_PROVISIONED" ]
valid {
input.Body.AccountId == STRING
input.Body.InstanceArn == STRING
input.Body.MaxResults == INTEGER
input.Body.NextToken == STRING
input.Body.ProvisioningStatus == enum_ProvisioningStatus[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListTagsForResource
valid {
input.Body.InstanceArn == STRING
input.Body.NextToken == STRING
input.Body.ResourceArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListTrustedTokenIssuers
valid {
input.Body.InstanceArn == STRING
input.Body.MaxResults == INTEGER
input.Body.NextToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ProvisionPermissionSet
enum_ProvisionTargetType := [ "AWS_ACCOUNT", "ALL_PROVISIONED_ACCOUNTS" ]
valid {
input.Body.InstanceArn == STRING
input.Body.PermissionSetArn == STRING
input.Body.TargetId == STRING
input.Body.TargetType == enum_ProvisionTargetType[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
PutApplicationAccessScope
valid {
input.Body.ApplicationArn == STRING
input.Body.AuthorizedTargets[_] == STRING
input.Body.Scope == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
PutApplicationAssignmentConfiguration
valid {
input.Body.ApplicationArn == STRING
input.Body.AssignmentRequired == BOOLEAN
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
PutApplicationAuthenticationMethod
enum_AuthenticationMethodType := [ "IAM" ]
valid {
input.Body.ApplicationArn == STRING
input.Body.AuthenticationMethod.Iam.ActorPolicy == {}
input.Body.AuthenticationMethodType == enum_AuthenticationMethodType[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
PutApplicationGrant
enum_GrantType := [ "authorization_code", "refresh_token", "urn:ietf:params:oauth:grant-type:jwt-bearer", "urn:ietf:params:oauth:grant-type:token-exchange" ]
valid {
input.Body.ApplicationArn == STRING
input.Body.Grant.AuthorizationCode.RedirectUris[_] == STRING
input.Body.Grant.JwtBearer.AuthorizedTokenIssuers[_].AuthorizedAudiences[_] == STRING
input.Body.Grant.JwtBearer.AuthorizedTokenIssuers[_].TrustedTokenIssuerArn == STRING
input.Body.Grant.RefreshToken == {}
input.Body.Grant.TokenExchange == {}
input.Body.GrantType == enum_GrantType[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
PutInlinePolicyToPermissionSet
valid {
input.Body.InlinePolicy == STRING
input.Body.InstanceArn == STRING
input.Body.PermissionSetArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
PutPermissionsBoundaryToPermissionSet
valid {
input.Body.InstanceArn == STRING
input.Body.PermissionSetArn == STRING
input.Body.PermissionsBoundary.CustomerManagedPolicyReference.Name == STRING
input.Body.PermissionsBoundary.CustomerManagedPolicyReference.Path == STRING
input.Body.PermissionsBoundary.ManagedPolicyArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
TagResource
valid {
input.Body.InstanceArn == STRING
input.Body.ResourceArn == STRING
input.Body.Tags[_].Key == STRING
input.Body.Tags[_].Value == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UntagResource
valid {
input.Body.InstanceArn == STRING
input.Body.ResourceArn == STRING
input.Body.TagKeys[_] == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UpdateApplication
enum_ApplicationStatus := [ "ENABLED", "DISABLED" ]
enum_SignInOrigin := [ "IDENTITY_CENTER", "APPLICATION" ]
valid {
input.Body.ApplicationArn == STRING
input.Body.Description == STRING
input.Body.Name == STRING
input.Body.PortalOptions.SignInOptions.ApplicationUrl == STRING
input.Body.PortalOptions.SignInOptions.Origin == enum_SignInOrigin[_]
input.Body.Status == enum_ApplicationStatus[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UpdateInstance
valid {
input.Body.InstanceArn == STRING
input.Body.Name == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UpdateInstanceAccessControlAttributeConfiguration
valid {
input.Body.InstanceAccessControlAttributeConfiguration.AccessControlAttributes[_].Key == STRING
input.Body.InstanceAccessControlAttributeConfiguration.AccessControlAttributes[_].Value.Source[_] == STRING
input.Body.InstanceArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UpdatePermissionSet
valid {
input.Body.Description == STRING
input.Body.InstanceArn == STRING
input.Body.PermissionSetArn == STRING
input.Body.RelayState == STRING
input.Body.SessionDuration == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UpdateTrustedTokenIssuer
enum_JwksRetrievalOption := [ "OPEN_ID_DISCOVERY" ]
valid {
input.Body.Name == STRING
input.Body.TrustedTokenIssuerArn == STRING
input.Body.TrustedTokenIssuerConfiguration.OidcJwtConfiguration.ClaimAttributePath == STRING
input.Body.TrustedTokenIssuerConfiguration.OidcJwtConfiguration.IdentityStoreAttributePath == STRING
input.Body.TrustedTokenIssuerConfiguration.OidcJwtConfiguration.JwksRetrievalOption == enum_JwksRetrievalOption[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
Updated 23 days ago