SSO-ADMIN
AttachCustomerManagedPolicyReferenceToPermissionSet
valid {
input.Body.InstanceArn == STRING
input.Body.PermissionSetArn == STRING
input.Body.CustomerManagedPolicyReference.Name == STRING
input.Body.CustomerManagedPolicyReference.Path == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}AttachManagedPolicyToPermissionSet
valid {
input.Body.InstanceArn == STRING
input.Body.PermissionSetArn == STRING
input.Body.ManagedPolicyArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}CreateAccountAssignment
enum_PrincipalType := [ "USER", "GROUP" ]
enum_TargetType := [ "AWS_ACCOUNT" ]
valid {
input.Body.InstanceArn == STRING
input.Body.TargetId == STRING
input.Body.TargetType == enum_TargetType[_]
input.Body.PermissionSetArn == STRING
input.Body.PrincipalType == enum_PrincipalType[_]
input.Body.PrincipalId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}CreateApplication
enum_ApplicationStatus := [ "ENABLED", "DISABLED" ]
enum_ApplicationVisibility := [ "ENABLED", "DISABLED" ]
enum_SignInOrigin := [ "IDENTITY_CENTER", "APPLICATION" ]
valid {
input.Body.InstanceArn == STRING
input.Body.ApplicationProviderArn == STRING
input.Body.Name == STRING
input.Body.Description == STRING
input.Body.PortalOptions.SignInOptions.Origin == enum_SignInOrigin[_]
input.Body.PortalOptions.SignInOptions.ApplicationUrl == STRING
input.Body.PortalOptions.Visibility == enum_ApplicationVisibility[_]
input.Body.Tags[_].Key == STRING
input.Body.Tags[_].Value == STRING
input.Body.Status == enum_ApplicationStatus[_]
input.Body.ClientToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}CreateApplicationAssignment
enum_PrincipalType := [ "USER", "GROUP" ]
valid {
input.Body.ApplicationArn == STRING
input.Body.PrincipalId == STRING
input.Body.PrincipalType == enum_PrincipalType[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}CreateInstance
valid {
input.Body.Name == STRING
input.Body.ClientToken == STRING
input.Body.Tags[_].Key == STRING
input.Body.Tags[_].Value == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}CreateInstanceAccessControlAttributeConfiguration
valid {
input.Body.InstanceArn == STRING
input.Body.InstanceAccessControlAttributeConfiguration.AccessControlAttributes[_].Key == STRING
input.Body.InstanceAccessControlAttributeConfiguration.AccessControlAttributes[_].Value.Source[_] == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}CreatePermissionSet
valid {
input.Body.Name == STRING
input.Body.Description == STRING
input.Body.InstanceArn == STRING
input.Body.SessionDuration == STRING
input.Body.RelayState == STRING
input.Body.Tags[_].Key == STRING
input.Body.Tags[_].Value == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}CreateTrustedTokenIssuer
enum_JwksRetrievalOption := [ "OPEN_ID_DISCOVERY" ]
enum_TrustedTokenIssuerType := [ "OIDC_JWT" ]
valid {
input.Body.InstanceArn == STRING
input.Body.Name == STRING
input.Body.TrustedTokenIssuerType == enum_TrustedTokenIssuerType[_]
input.Body.TrustedTokenIssuerConfiguration.OidcJwtConfiguration.IssuerUrl == STRING
input.Body.TrustedTokenIssuerConfiguration.OidcJwtConfiguration.ClaimAttributePath == STRING
input.Body.TrustedTokenIssuerConfiguration.OidcJwtConfiguration.IdentityStoreAttributePath == STRING
input.Body.TrustedTokenIssuerConfiguration.OidcJwtConfiguration.JwksRetrievalOption == enum_JwksRetrievalOption[_]
input.Body.ClientToken == STRING
input.Body.Tags[_].Key == STRING
input.Body.Tags[_].Value == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}DeleteAccountAssignment
enum_PrincipalType := [ "USER", "GROUP" ]
enum_TargetType := [ "AWS_ACCOUNT" ]
valid {
input.Body.InstanceArn == STRING
input.Body.TargetId == STRING
input.Body.TargetType == enum_TargetType[_]
input.Body.PermissionSetArn == STRING
input.Body.PrincipalType == enum_PrincipalType[_]
input.Body.PrincipalId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}DeleteApplication
valid {
input.Body.ApplicationArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}DeleteApplicationAccessScope
valid {
input.Body.ApplicationArn == STRING
input.Body.Scope == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}DeleteApplicationAssignment
enum_PrincipalType := [ "USER", "GROUP" ]
valid {
input.Body.ApplicationArn == STRING
input.Body.PrincipalId == STRING
input.Body.PrincipalType == enum_PrincipalType[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}DeleteApplicationAuthenticationMethod
enum_AuthenticationMethodType := [ "IAM" ]
valid {
input.Body.ApplicationArn == STRING
input.Body.AuthenticationMethodType == enum_AuthenticationMethodType[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}DeleteApplicationGrant
enum_GrantType := [ "authorization_code", "refresh_token", "urn:ietf:params:oauth:grant-type:jwt-bearer", "urn:ietf:params:oauth:grant-type:token-exchange" ]
valid {
input.Body.ApplicationArn == STRING
input.Body.GrantType == enum_GrantType[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}DeleteInlinePolicyFromPermissionSet
valid {
input.Body.InstanceArn == STRING
input.Body.PermissionSetArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}DeleteInstance
valid {
input.Body.InstanceArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}DeleteInstanceAccessControlAttributeConfiguration
valid {
input.Body.InstanceArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}DeletePermissionSet
valid {
input.Body.InstanceArn == STRING
input.Body.PermissionSetArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}DeletePermissionsBoundaryFromPermissionSet
valid {
input.Body.InstanceArn == STRING
input.Body.PermissionSetArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}DeleteTrustedTokenIssuer
valid {
input.Body.TrustedTokenIssuerArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}DescribeAccountAssignmentCreationStatus
valid {
input.Body.InstanceArn == STRING
input.Body.AccountAssignmentCreationRequestId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}DescribeAccountAssignmentDeletionStatus
valid {
input.Body.InstanceArn == STRING
input.Body.AccountAssignmentDeletionRequestId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}DescribeApplication
valid {
input.Body.ApplicationArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}DescribeApplicationAssignment
enum_PrincipalType := [ "USER", "GROUP" ]
valid {
input.Body.ApplicationArn == STRING
input.Body.PrincipalId == STRING
input.Body.PrincipalType == enum_PrincipalType[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}DescribeApplicationProvider
valid {
input.Body.ApplicationProviderArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}DescribeInstance
valid {
input.Body.InstanceArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}DescribeInstanceAccessControlAttributeConfiguration
valid {
input.Body.InstanceArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}DescribePermissionSet
valid {
input.Body.InstanceArn == STRING
input.Body.PermissionSetArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}DescribePermissionSetProvisioningStatus
valid {
input.Body.InstanceArn == STRING
input.Body.ProvisionPermissionSetRequestId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}DescribeTrustedTokenIssuer
valid {
input.Body.TrustedTokenIssuerArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}DetachCustomerManagedPolicyReferenceFromPermissionSet
valid {
input.Body.InstanceArn == STRING
input.Body.PermissionSetArn == STRING
input.Body.CustomerManagedPolicyReference.Name == STRING
input.Body.CustomerManagedPolicyReference.Path == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}DetachManagedPolicyFromPermissionSet
valid {
input.Body.InstanceArn == STRING
input.Body.PermissionSetArn == STRING
input.Body.ManagedPolicyArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}GetApplicationAccessScope
valid {
input.Body.ApplicationArn == STRING
input.Body.Scope == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}GetApplicationAssignmentConfiguration
valid {
input.Body.ApplicationArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}GetApplicationAuthenticationMethod
enum_AuthenticationMethodType := [ "IAM" ]
valid {
input.Body.ApplicationArn == STRING
input.Body.AuthenticationMethodType == enum_AuthenticationMethodType[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}GetApplicationGrant
enum_GrantType := [ "authorization_code", "refresh_token", "urn:ietf:params:oauth:grant-type:jwt-bearer", "urn:ietf:params:oauth:grant-type:token-exchange" ]
valid {
input.Body.ApplicationArn == STRING
input.Body.GrantType == enum_GrantType[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}GetApplicationSessionConfiguration
valid {
input.Body.ApplicationArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}GetInlinePolicyForPermissionSet
valid {
input.Body.InstanceArn == STRING
input.Body.PermissionSetArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}GetPermissionsBoundaryForPermissionSet
valid {
input.Body.InstanceArn == STRING
input.Body.PermissionSetArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}ListAccountAssignmentCreationStatus
enum_StatusValues := [ "IN_PROGRESS", "FAILED", "SUCCEEDED" ]
valid {
input.Body.InstanceArn == STRING
input.Body.MaxResults == INTEGER
input.Body.NextToken == STRING
input.Body.Filter.Status == enum_StatusValues[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}ListAccountAssignmentDeletionStatus
enum_StatusValues := [ "IN_PROGRESS", "FAILED", "SUCCEEDED" ]
valid {
input.Body.InstanceArn == STRING
input.Body.MaxResults == INTEGER
input.Body.NextToken == STRING
input.Body.Filter.Status == enum_StatusValues[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}ListAccountAssignments
valid {
input.Body.InstanceArn == STRING
input.Body.AccountId == STRING
input.Body.PermissionSetArn == STRING
input.Body.MaxResults == INTEGER
input.Body.NextToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}ListAccountAssignmentsForPrincipal
enum_PrincipalType := [ "USER", "GROUP" ]
valid {
input.Body.InstanceArn == STRING
input.Body.PrincipalId == STRING
input.Body.PrincipalType == enum_PrincipalType[_]
input.Body.Filter.AccountId == STRING
input.Body.NextToken == STRING
input.Body.MaxResults == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}ListAccountsForProvisionedPermissionSet
enum_ProvisioningStatus := [ "LATEST_PERMISSION_SET_PROVISIONED", "LATEST_PERMISSION_SET_NOT_PROVISIONED" ]
valid {
input.Body.InstanceArn == STRING
input.Body.PermissionSetArn == STRING
input.Body.ProvisioningStatus == enum_ProvisioningStatus[_]
input.Body.MaxResults == INTEGER
input.Body.NextToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}ListApplicationAccessScopes
valid {
input.Body.ApplicationArn == STRING
input.Body.MaxResults == INTEGER
input.Body.NextToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}ListApplicationAssignments
valid {
input.Body.ApplicationArn == STRING
input.Body.MaxResults == INTEGER
input.Body.NextToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}ListApplicationAssignmentsForPrincipal
enum_PrincipalType := [ "USER", "GROUP" ]
valid {
input.Body.InstanceArn == STRING
input.Body.PrincipalId == STRING
input.Body.PrincipalType == enum_PrincipalType[_]
input.Body.Filter.ApplicationArn == STRING
input.Body.NextToken == STRING
input.Body.MaxResults == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}ListApplicationAuthenticationMethods
valid {
input.Body.ApplicationArn == STRING
input.Body.NextToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}ListApplicationGrants
valid {
input.Body.ApplicationArn == STRING
input.Body.NextToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}ListApplicationProviders
valid {
input.Body.MaxResults == INTEGER
input.Body.NextToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}ListApplications
valid {
input.Body.InstanceArn == STRING
input.Body.MaxResults == INTEGER
input.Body.NextToken == STRING
input.Body.Filter.ApplicationAccount == STRING
input.Body.Filter.ApplicationProvider == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}ListCustomerManagedPolicyReferencesInPermissionSet
valid {
input.Body.InstanceArn == STRING
input.Body.PermissionSetArn == STRING
input.Body.MaxResults == INTEGER
input.Body.NextToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}ListInstances
valid {
input.Body.MaxResults == INTEGER
input.Body.NextToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}ListManagedPoliciesInPermissionSet
valid {
input.Body.InstanceArn == STRING
input.Body.PermissionSetArn == STRING
input.Body.MaxResults == INTEGER
input.Body.NextToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}ListPermissionSetProvisioningStatus
enum_StatusValues := [ "IN_PROGRESS", "FAILED", "SUCCEEDED" ]
valid {
input.Body.InstanceArn == STRING
input.Body.MaxResults == INTEGER
input.Body.NextToken == STRING
input.Body.Filter.Status == enum_StatusValues[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}ListPermissionSets
valid {
input.Body.InstanceArn == STRING
input.Body.NextToken == STRING
input.Body.MaxResults == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}ListPermissionSetsProvisionedToAccount
enum_ProvisioningStatus := [ "LATEST_PERMISSION_SET_PROVISIONED", "LATEST_PERMISSION_SET_NOT_PROVISIONED" ]
valid {
input.Body.InstanceArn == STRING
input.Body.AccountId == STRING
input.Body.ProvisioningStatus == enum_ProvisioningStatus[_]
input.Body.MaxResults == INTEGER
input.Body.NextToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}ListTagsForResource
valid {
input.Body.InstanceArn == STRING
input.Body.ResourceArn == STRING
input.Body.NextToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}ListTrustedTokenIssuers
valid {
input.Body.InstanceArn == STRING
input.Body.MaxResults == INTEGER
input.Body.NextToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}ProvisionPermissionSet
enum_ProvisionTargetType := [ "AWS_ACCOUNT", "ALL_PROVISIONED_ACCOUNTS" ]
valid {
input.Body.InstanceArn == STRING
input.Body.PermissionSetArn == STRING
input.Body.TargetId == STRING
input.Body.TargetType == enum_ProvisionTargetType[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}PutApplicationAccessScope
valid {
input.Body.Scope == STRING
input.Body.AuthorizedTargets[_] == STRING
input.Body.ApplicationArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}PutApplicationAssignmentConfiguration
valid {
input.Body.ApplicationArn == STRING
input.Body.AssignmentRequired == BOOLEAN
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}PutApplicationAuthenticationMethod
enum_AuthenticationMethodType := [ "IAM" ]
valid {
input.Body.ApplicationArn == STRING
input.Body.AuthenticationMethodType == enum_AuthenticationMethodType[_]
input.Body.AuthenticationMethod.Iam.ActorPolicy == {}
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}PutApplicationGrant
enum_GrantType := [ "authorization_code", "refresh_token", "urn:ietf:params:oauth:grant-type:jwt-bearer", "urn:ietf:params:oauth:grant-type:token-exchange" ]
valid {
input.Body.ApplicationArn == STRING
input.Body.GrantType == enum_GrantType[_]
input.Body.Grant.AuthorizationCode.RedirectUris[_] == STRING
input.Body.Grant.JwtBearer.AuthorizedTokenIssuers[_].TrustedTokenIssuerArn == STRING
input.Body.Grant.JwtBearer.AuthorizedTokenIssuers[_].AuthorizedAudiences[_] == STRING
input.Body.Grant.RefreshToken == {}
input.Body.Grant.TokenExchange == {}
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}PutApplicationSessionConfiguration
enum_UserBackgroundSessionApplicationStatus := [ "ENABLED", "DISABLED" ]
valid {
input.Body.ApplicationArn == STRING
input.Body.UserBackgroundSessionApplicationStatus == enum_UserBackgroundSessionApplicationStatus[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}PutInlinePolicyToPermissionSet
valid {
input.Body.InstanceArn == STRING
input.Body.PermissionSetArn == STRING
input.Body.InlinePolicy == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}PutPermissionsBoundaryToPermissionSet
valid {
input.Body.InstanceArn == STRING
input.Body.PermissionSetArn == STRING
input.Body.PermissionsBoundary.CustomerManagedPolicyReference.Name == STRING
input.Body.PermissionsBoundary.CustomerManagedPolicyReference.Path == STRING
input.Body.PermissionsBoundary.ManagedPolicyArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}TagResource
valid {
input.Body.InstanceArn == STRING
input.Body.ResourceArn == STRING
input.Body.Tags[_].Key == STRING
input.Body.Tags[_].Value == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}UntagResource
valid {
input.Body.InstanceArn == STRING
input.Body.ResourceArn == STRING
input.Body.TagKeys[_] == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}UpdateApplication
enum_ApplicationStatus := [ "ENABLED", "DISABLED" ]
enum_SignInOrigin := [ "IDENTITY_CENTER", "APPLICATION" ]
valid {
input.Body.ApplicationArn == STRING
input.Body.Name == STRING
input.Body.Description == STRING
input.Body.Status == enum_ApplicationStatus[_]
input.Body.PortalOptions.SignInOptions.Origin == enum_SignInOrigin[_]
input.Body.PortalOptions.SignInOptions.ApplicationUrl == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}UpdateInstance
enum_KmsKeyType := [ "AWS_OWNED_KMS_KEY", "CUSTOMER_MANAGED_KEY" ]
valid {
input.Body.Name == STRING
input.Body.InstanceArn == STRING
input.Body.EncryptionConfiguration.KeyType == enum_KmsKeyType[_]
input.Body.EncryptionConfiguration.KmsKeyArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}UpdateInstanceAccessControlAttributeConfiguration
valid {
input.Body.InstanceArn == STRING
input.Body.InstanceAccessControlAttributeConfiguration.AccessControlAttributes[_].Key == STRING
input.Body.InstanceAccessControlAttributeConfiguration.AccessControlAttributes[_].Value.Source[_] == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}UpdatePermissionSet
valid {
input.Body.InstanceArn == STRING
input.Body.PermissionSetArn == STRING
input.Body.Description == STRING
input.Body.SessionDuration == STRING
input.Body.RelayState == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}UpdateTrustedTokenIssuer
enum_JwksRetrievalOption := [ "OPEN_ID_DISCOVERY" ]
valid {
input.Body.TrustedTokenIssuerArn == STRING
input.Body.Name == STRING
input.Body.TrustedTokenIssuerConfiguration.OidcJwtConfiguration.ClaimAttributePath == STRING
input.Body.TrustedTokenIssuerConfiguration.OidcJwtConfiguration.IdentityStoreAttributePath == STRING
input.Body.TrustedTokenIssuerConfiguration.OidcJwtConfiguration.JwksRetrievalOption == enum_JwksRetrievalOption[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}Updated 18 days ago