Help Center> IAM Identity Center> API Reference> API> Access Control Attribute Management> Obtaining Access Control Attributes for a Specified Instance
Updated on 2024-04-10 GMT+08:00
Online Debugging
CLI Examples
View PDF

Obtaining Access Control Attributes for a Specified Instance

Function

This API is used to return a list of IAM Identity Center identity source attributes that have been configured to be used with attribute-based access control (ABAC) of a specified IAM Identity Center instance.

URI

GET /v1/instances/{instance_id}/access-control-attribute-configuration

Table 1 Path parameters

Parameter

Mandatory

Type

Description

instance_id

Yes

String

Globally unique ID of an IAM Identity Center instance

Request Parameters

Table 2 Parameters in the request header

Parameter

Mandatory

Type

Description

X-Security-Token

No

String

Security token (session token) of your temporary security credentials. If a temporary security credential is used, this header is required.

Maximum length: 2048

Response Parameters

Status code: 200

Table 3 Parameters in the response body

Parameter

Type

Description

instance_access_control_attribute_configuration

Object

List of IAM Identity Center identity source attributes that have been added to the ABAC configuration

status

String

ABAC attribute configuration status

Enumerated value:

  • ENABLED
  • CREATION_IN_PROGRESS
  • CREATION_FAILED

status_reason

String

Details about the state of the specified attribute
Table 4 instance_access_control_attribute_configuration

Parameter

Type

Description

access_control_attributes

Array of objects

Attributes configured for ABAC in the IAM Identity Center instance

Array length: 0 - 20
Table 5 access_control_attributes

Parameter

Type

Description

key

String

Name of the attribute associated with the identity in the identity source

Minimum length: 1

Maximum length: 128

value

Object

Mapping the specified attribute to the identity source
Table 6 value

Parameter

Type

Description

source

Array of strings

Mapping the specified attribute to the identity source

Minimum length: 0

Maximum length: 255

Array length: 1-1

Status code: 400

Table 7 Parameters in the response body

Parameter

Type

Description

error_code

String

Error code

error_msg

String

Error message

request_id

String

Unique ID of a request

Status code: 403

Table 8 Parameters in the response body

Parameter

Type

Description

error_code

String

Error code

error_msg

String

Error message

request_id

String

Unique ID of a request

Example Request

Obtaining access control attributes for a specified instance

GET https://{hostname}/v1/instances/{instance_id}/access-control-attribute-configuration

Example Response

Status code: 200

Successful

{
  "instance_access_control_attribute_configuration" : {
    "access_control_attributes" : [ {
      "key" : "email",
      "value" : {
        "source" : [ "${path:emails[primary eq true].value}" ]
      }
    }, {
      "key" : "displayName",
      "value" : {
        "source" : [ "${path:displayName}" ]
      }
    } ]
  },
  "status" : "ENABLED",
  "status_reason" : null
}

Status Code

For details, see Status Codes.

Error Code

For details, see Error Codes.