Module types

Expand description

Data structures used by operation inputs/outputs.

Modules§

builders: Builders
error: Error types that Amazon Verified Permissions can respond with.

Structs§

Contains information about an action for a request for which an authorization decision is made.

This data type is used as a request parameter to the IsAuthorized, BatchIsAuthorized, and IsAuthorizedWithToken operations.

Example: { "actionId": "<action name>", "actionType": "Action" }

BatchGetPolicyErrorItem

Contains the information about an error resulting from a BatchGetPolicy API call.

BatchGetPolicyInputItem

Information about a policy that you include in a BatchGetPolicy API request.

BatchGetPolicyOutputItem

Contains information about a policy returned from a BatchGetPolicy API request.

BatchIsAuthorizedInputItem

An authorization request that you include in a BatchIsAuthorized API request.

BatchIsAuthorizedOutputItem

The decision, based on policy evaluation, from an individual authorization request in a BatchIsAuthorized API request.

BatchIsAuthorizedWithTokenInputItem

An authorization request that you include in a BatchIsAuthorizedWithToken API request.

BatchIsAuthorizedWithTokenOutputItem

The decision, based on policy evaluation, from an individual authorization request in a BatchIsAuthorizedWithToken API request.

CognitoGroupConfiguration

The type of entity that a policy store maps to groups from an Amazon Cognito user pool identity source.

This data type is part of a CognitoUserPoolConfiguration structure and is a request parameter in CreateIdentitySource.

CognitoGroupConfigurationDetail

The type of entity that a policy store maps to groups from an Amazon Cognito user pool identity source.

This data type is part of an CognitoUserPoolConfigurationDetail structure and is a response parameter to GetIdentitySource.

CognitoGroupConfigurationItem

The type of entity that a policy store maps to groups from an Amazon Cognito user pool identity source.

This data type is part of an CognitoUserPoolConfigurationItem structure and is a response parameter to ListIdentitySources.

CognitoUserPoolConfiguration

The configuration for an identity source that represents a connection to an Amazon Cognito user pool used as an identity provider for Verified Permissions.

This data type part of a Configuration structure that is used as a parameter to CreateIdentitySource.

Example:"CognitoUserPoolConfiguration":{"UserPoolArn":"arn:aws:cognito-idp:us-east-1:123456789012:userpool/us-east-1_1a2b3c4d5","ClientIds": \["a1b2c3d4e5f6g7h8i9j0kalbmc"\],"groupConfiguration": {"groupEntityType": "MyCorp::Group"}}

CognitoUserPoolConfigurationDetail

The configuration for an identity source that represents a connection to an Amazon Cognito user pool used as an identity provider for Verified Permissions.

This data type is used as a field that is part of an ConfigurationDetail structure that is part of the response to GetIdentitySource.

Example:"CognitoUserPoolConfiguration":{"UserPoolArn":"arn:aws:cognito-idp:us-east-1:123456789012:userpool/us-east-1_1a2b3c4d5","ClientIds": \["a1b2c3d4e5f6g7h8i9j0kalbmc"\],"groupConfiguration": {"groupEntityType": "MyCorp::Group"}}

CognitoUserPoolConfigurationItem

The configuration for an identity source that represents a connection to an Amazon Cognito user pool used as an identity provider for Verified Permissions.

This data type is used as a field that is part of the ConfigurationItem structure that is part of the response to ListIdentitySources.

Example:"CognitoUserPoolConfiguration":{"UserPoolArn":"arn:aws:cognito-idp:us-east-1:123456789012:userpool/us-east-1_1a2b3c4d5","ClientIds": \["a1b2c3d4e5f6g7h8i9j0kalbmc"\],"groupConfiguration": {"groupEntityType": "MyCorp::Group"}}

DeterminingPolicyItem

Contains information about one of the policies that determined an authorization decision.

This data type is used as an element in a response parameter for the IsAuthorized, BatchIsAuthorized, and IsAuthorizedWithToken operations.

Example: "determiningPolicies":\[{"policyId":"SPEXAMPLEabcdefg111111"}\]

EntityIdentifier

Contains the identifier of an entity, including its ID and type.

This data type is used as a request parameter for IsAuthorized operation, and as a response parameter for the CreatePolicy, GetPolicy, and UpdatePolicy operations.

Example: {"entityId":"string","entityType":"string"}

EntityItem

Contains information about an entity that can be referenced in a Cedar policy.

This data type is used as one of the fields in the EntitiesDefinition structure.

{ "identifier": { "entityType": "Photo", "entityId": "VacationPhoto94.jpg" }, "attributes": {}, "parents": \[ { "entityType": "Album", "entityId": "alice_folder" } \] }

EvaluationErrorItem

Contains a description of an evaluation error.

This data type is a response parameter of the IsAuthorized, BatchIsAuthorized, and IsAuthorizedWithToken operations.

IdentitySourceDetailsDeprecated

A structure that contains configuration of the identity source.

This data type was a response parameter for the GetIdentitySource operation. Replaced by ConfigurationDetail.

IdentitySourceFilter

A structure that defines characteristics of an identity source that you can use to filter.

This data type is a request parameter for the ListIdentityStores operation.

IdentitySourceItem

A structure that defines an identity source.

This data type is a response parameter to the ListIdentitySources operation.

IdentitySourceItemDetailsDeprecated

A structure that contains configuration of the identity source.

This data type was a response parameter for the ListIdentitySources operation. Replaced by ConfigurationItem.

OpenIdConnectAccessTokenConfiguration

The configuration of an OpenID Connect (OIDC) identity source for handling access token claims. Contains the claim that you want to identify as the principal in an authorization request, and the values of the aud claim, or audiences, that you want to accept.

This data type is part of a OpenIdConnectTokenSelection structure, which is a parameter of CreateIdentitySource.

OpenIdConnectAccessTokenConfigurationDetail

The configuration of an OpenID Connect (OIDC) identity source for handling access token claims. Contains the claim that you want to identify as the principal in an authorization request, and the values of the aud claim, or audiences, that you want to accept.

This data type is part of a OpenIdConnectTokenSelectionDetail structure, which is a parameter of GetIdentitySource.

OpenIdConnectAccessTokenConfigurationItem

The configuration of an OpenID Connect (OIDC) identity source for handling access token claims. Contains the claim that you want to identify as the principal in an authorization request, and the values of the aud claim, or audiences, that you want to accept.

This data type is part of a OpenIdConnectTokenSelectionItem structure, which is a parameter of ListIdentitySources.

OpenIdConnectConfiguration

Contains configuration details of an OpenID Connect (OIDC) identity provider, or identity source, that Verified Permissions can use to generate entities from authenticated identities. It specifies the issuer URL, token type that you want to use, and policy store entity details.

This data type is part of a Configuration structure, which is a parameter to CreateIdentitySource.

OpenIdConnectConfigurationDetail

Contains configuration details of an OpenID Connect (OIDC) identity provider, or identity source, that Verified Permissions can use to generate entities from authenticated identities. It specifies the issuer URL, token type that you want to use, and policy store entity details.

This data type is part of a ConfigurationDetail structure, which is a parameter to GetIdentitySource.

OpenIdConnectConfigurationItem

Contains configuration details of an OpenID Connect (OIDC) identity provider, or identity source, that Verified Permissions can use to generate entities from authenticated identities. It specifies the issuer URL, token type that you want to use, and policy store entity details.

This data type is part of a ConfigurationItem structure, which is a parameter to ListIdentitySources.

OpenIdConnectGroupConfiguration

The claim in OIDC identity provider tokens that indicates a user's group membership, and the entity type that you want to map it to. For example, this object can map the contents of a groups claim to MyCorp::UserGroup.

This data type is part of a OpenIdConnectConfiguration structure, which is a parameter of CreateIdentitySource.

OpenIdConnectGroupConfigurationDetail

The claim in OIDC identity provider tokens that indicates a user's group membership, and the entity type that you want to map it to. For example, this object can map the contents of a groups claim to MyCorp::UserGroup.

This data type is part of a OpenIdConnectConfigurationDetail structure, which is a parameter of GetIdentitySource.

OpenIdConnectGroupConfigurationItem

The claim in OIDC identity provider tokens that indicates a user's group membership, and the entity type that you want to map it to. For example, this object can map the contents of a groups claim to MyCorp::UserGroup.

This data type is part of a OpenIdConnectConfigurationItem structure, which is a parameter of ListIdentitySourcea.

OpenIdConnectIdentityTokenConfiguration

The configuration of an OpenID Connect (OIDC) identity source for handling identity (ID) token claims. Contains the claim that you want to identify as the principal in an authorization request, and the values of the aud claim, or audiences, that you want to accept.

This data type is part of a OpenIdConnectTokenSelection structure, which is a parameter of CreateIdentitySource.

OpenIdConnectIdentityTokenConfigurationDetail

The configuration of an OpenID Connect (OIDC) identity source for handling identity (ID) token claims. Contains the claim that you want to identify as the principal in an authorization request, and the values of the aud claim, or audiences, that you want to accept.

This data type is part of a OpenIdConnectTokenSelectionDetail structure, which is a parameter of GetIdentitySource.

OpenIdConnectIdentityTokenConfigurationItem

The configuration of an OpenID Connect (OIDC) identity source for handling identity (ID) token claims. Contains the claim that you want to identify as the principal in an authorization request, and the values of the aud claim, or audiences, that you want to accept.

This data type is part of a OpenIdConnectTokenSelectionItem structure, which is a parameter of ListIdentitySources.

PolicyFilter

Contains information about a filter to refine policies returned in a query.

This data type is used as a response parameter for the ListPolicies operation.

PolicyItem

Contains information about a policy.

This data type is used as a response parameter for the ListPolicies operation.

PolicyStoreItem

Contains information about a policy store.

This data type is used as a response parameter for the ListPolicyStores operation.

PolicyTemplateItem

Contains details about a policy template

This data type is used as a response parameter for the ListPolicyTemplates operation.

ResourceConflict

Contains information about a resource conflict.

StaticPolicyDefinition

Contains information about a static policy.

This data type is used as a field that is part of the PolicyDefinitionDetail type.

StaticPolicyDefinitionDetail

A structure that contains details about a static policy. It includes the description and policy body.

This data type is used within a PolicyDefinition structure as part of a request parameter for the CreatePolicy operation.

StaticPolicyDefinitionItem

A structure that contains details about a static policy. It includes the description and policy statement.

This data type is used within a PolicyDefinition structure as part of a request parameter for the CreatePolicy operation.

TemplateLinkedPolicyDefinition

Contains information about a policy created by instantiating a policy template.

TemplateLinkedPolicyDefinitionDetail

Contains information about a policy that was created by instantiating a policy template.

TemplateLinkedPolicyDefinitionItem

Contains information about a policy created by instantiating a policy template.

UpdateCognitoGroupConfiguration

The user group entities from an Amazon Cognito user pool identity source.

UpdateCognitoUserPoolConfiguration

Contains configuration details of a Amazon Cognito user pool for use with an identity source.

UpdateOpenIdConnectAccessTokenConfiguration

The configuration of an OpenID Connect (OIDC) identity source for handling access token claims. Contains the claim that you want to identify as the principal in an authorization request, and the values of the aud claim, or audiences, that you want to accept.

This data type is part of a UpdateOpenIdConnectTokenSelection structure, which is a parameter to UpdateIdentitySource.

UpdateOpenIdConnectConfiguration

Contains configuration details of an OpenID Connect (OIDC) identity provider, or identity source, that Verified Permissions can use to generate entities from authenticated identities. It specifies the issuer URL, token type that you want to use, and policy store entity details.

This data type is part of a UpdateConfiguration structure, which is a parameter to UpdateIdentitySource.

UpdateOpenIdConnectGroupConfiguration

The claim in OIDC identity provider tokens that indicates a user's group membership, and the entity type that you want to map it to. For example, this object can map the contents of a groups claim to MyCorp::UserGroup.

This data type is part of a UpdateOpenIdConnectConfiguration structure, which is a parameter to UpdateIdentitySource.

UpdateOpenIdConnectIdentityTokenConfiguration

The configuration of an OpenID Connect (OIDC) identity source for handling identity (ID) token claims. Contains the claim that you want to identify as the principal in an authorization request, and the values of the aud claim, or audiences, that you want to accept.

This data type is part of a UpdateOpenIdConnectTokenSelection structure, which is a parameter to UpdateIdentitySource.

UpdateStaticPolicyDefinition

Contains information about an update to a static policy.

ValidationExceptionField

Details about a field that failed policy validation.

ValidationSettings

A structure that contains Cedar policy validation settings for the policy store. The validation mode determines which validation failures that Cedar considers serious enough to block acceptance of a new or edited static policy or policy template.

This data type is used as a request parameter in the CreatePolicyStore and UpdatePolicyStore operations.

Enums§

AttributeValue

The value of an attribute.

Contains information about the runtime context for a request for which an authorization decision is made.

This data type is used as a member of the ContextDefinition structure which is uses as a request parameter for the IsAuthorized, BatchIsAuthorized, and IsAuthorizedWithToken operations.

BatchGetPolicyErrorCode

When writing a match expression against BatchGetPolicyErrorCode, it is important to ensure your code is forward-compatible. That is, if a match arm handles a case for a feature that is supported by the service but has not been represented as an enum variant in a current version of SDK, your code should continue to work when you upgrade SDK to a future version in which the enum does include a variant for that feature.

CedarVersion

When writing a match expression against CedarVersion, it is important to ensure your code is forward-compatible. That is, if a match arm handles a case for a feature that is supported by the service but has not been represented as an enum variant in a current version of SDK, your code should continue to work when you upgrade SDK to a future version in which the enum does include a variant for that feature.

Configuration

Contains configuration information used when creating a new identity source.

This data type is used as a request parameter for the CreateIdentitySource operation.

ConfigurationDetail

Contains configuration information about an identity source.

This data type is a response parameter to the GetIdentitySource operation.

ConfigurationItem

Contains configuration information about an identity source.

This data type is a response parameter to the ListIdentitySources operation.

ContextDefinition

Contains additional details about the context of the request. Verified Permissions evaluates this information in an authorization request as part of the when and unless clauses in a policy.

This data type is used as a request parameter for the IsAuthorized, BatchIsAuthorized, and IsAuthorizedWithToken operations.

If you're passing context as part of the request, exactly one instance of context must be passed. If you don't want to pass context, omit the context parameter from your request rather than sending context {}.

Example: "context":{"contextMap":{"<KeyName1>":{"boolean":true},"<KeyName2>":{"long":1234}}}

Decision

When writing a match expression against Decision, it is important to ensure your code is forward-compatible. That is, if a match arm handles a case for a feature that is supported by the service but has not been represented as an enum variant in a current version of SDK, your code should continue to work when you upgrade SDK to a future version in which the enum does include a variant for that feature.

DeletionProtection

When writing a match expression against DeletionProtection, it is important to ensure your code is forward-compatible. That is, if a match arm handles a case for a feature that is supported by the service but has not been represented as an enum variant in a current version of SDK, your code should continue to work when you upgrade SDK to a future version in which the enum does include a variant for that feature.

EntitiesDefinition

Contains the list of entities to be considered during an authorization request. This includes all principals, resources, and actions required to successfully evaluate the request.

This data type is used as a field in the response parameter for the IsAuthorized and IsAuthorizedWithToken operations.

EntityReference

Contains information about a principal or resource that can be referenced in a Cedar policy.

This data type is used as part of the PolicyFilter structure that is used as a request parameter for the ListPolicies operation..

OpenIdConnectTokenSelection

The token type that you want to process from your OIDC identity provider. Your policy store can process either identity (ID) or access tokens from a given OIDC identity source.

This data type is part of a OpenIdConnectConfiguration structure, which is a parameter of CreateIdentitySource.

OpenIdConnectTokenSelectionDetail

The token type that you want to process from your OIDC identity provider. Your policy store can process either identity (ID) or access tokens from a given OIDC identity source.

This data type is part of a OpenIdConnectConfigurationDetail structure, which is a parameter of GetIdentitySource.

OpenIdConnectTokenSelectionItem

The token type that you want to process from your OIDC identity provider. Your policy store can process either identity (ID) or access tokens from a given OIDC identity source.

This data type is part of a OpenIdConnectConfigurationItem structure, which is a parameter of ListIdentitySources.

OpenIdIssuer

When writing a match expression against OpenIdIssuer, it is important to ensure your code is forward-compatible. That is, if a match arm handles a case for a feature that is supported by the service but has not been represented as an enum variant in a current version of SDK, your code should continue to work when you upgrade SDK to a future version in which the enum does include a variant for that feature.

PolicyDefinition

A structure that contains the details for a Cedar policy definition. It includes the policy type, a description, and a policy body. This is a top level data type used to create a policy.

This data type is used as a request parameter for the CreatePolicy operation. This structure must always have either an static or a templateLinked element.

PolicyDefinitionDetail

A structure that describes a policy definition. It must always have either an static or a templateLinked element.

This data type is used as a response parameter for the GetPolicy operation.

PolicyDefinitionItem

A structure that describes a PolicyDefinintion. It will always have either an StaticPolicy or a TemplateLinkedPolicy element.

This data type is used as a response parameter for the CreatePolicy and ListPolicies operations.

PolicyEffect

When writing a match expression against PolicyEffect, it is important to ensure your code is forward-compatible. That is, if a match arm handles a case for a feature that is supported by the service but has not been represented as an enum variant in a current version of SDK, your code should continue to work when you upgrade SDK to a future version in which the enum does include a variant for that feature.

PolicyType

When writing a match expression against PolicyType, it is important to ensure your code is forward-compatible. That is, if a match arm handles a case for a feature that is supported by the service but has not been represented as an enum variant in a current version of SDK, your code should continue to work when you upgrade SDK to a future version in which the enum does include a variant for that feature.

ResourceType

When writing a match expression against ResourceType, it is important to ensure your code is forward-compatible. That is, if a match arm handles a case for a feature that is supported by the service but has not been represented as an enum variant in a current version of SDK, your code should continue to work when you upgrade SDK to a future version in which the enum does include a variant for that feature.

SchemaDefinition

Contains a list of principal types, resource types, and actions that can be specified in policies stored in the same policy store. If the validation mode for the policy store is set to STRICT, then policies that can't be validated by this schema are rejected by Verified Permissions and can't be stored in the policy store.

UpdateConfiguration

Contains an update to replace the configuration in an existing identity source.

UpdateOpenIdConnectTokenSelection

The token type that you want to process from your OIDC identity provider. Your policy store can process either identity (ID) or access tokens from a given OIDC identity source.

This data type is part of a UpdateOpenIdConnectConfiguration structure, which is a parameter to UpdateIdentitySource.

UpdatePolicyDefinition

Contains information about updates to be applied to a policy.

This data type is used as a request parameter in the UpdatePolicy operation.

ValidationMode

When writing a match expression against ValidationMode, it is important to ensure your code is forward-compatible. That is, if a match arm handles a case for a feature that is supported by the service but has not been represented as an enum variant in a current version of SDK, your code should continue to work when you upgrade SDK to a future version in which the enum does include a variant for that feature.

Module types

Module types Copy item path

Modules§

Structs§

Enums§

Module types