Help Center/ IAM Identity Center/ API Reference/ API/ Access Control Attribute Management/ Updating Access Control Attributes for a Specified Instance
Updated on 2025-08-21 GMT+08:00

Updating Access Control Attributes for a Specified Instance

Function

This API is used to update IAM Identity Center identity source attributes that can be used with the IAM Identity Center instance for ABAC. It can be called only from the organization's management account or from a delegated administrator account of a cloud service.

URI

PUT /v1/instances/{instance_id}/access-control-attribute-configuration

Table 1 Path parameters

Parameter

Mandatory

Type

Description

instance_id

Yes

String

Globally unique ID of an IAM Identity Center instance.

Request Parameters

Table 2 Parameters in the request header

Parameter

Mandatory

Type

Description

X-Security-Token

No

String

Security token (session token) of your temporary security credentials. If a temporary security credential is used, this header is required.

Maximum length: 2048

Table 3 Parameters in the request body

Parameter

Mandatory

Type

Description

instance_access_control_attribute_configuration

Yes

Object

Update of ABAC configuration attributes.

Table 4 instance_access_control_attribute_configuration

Parameter

Mandatory

Type

Description

access_control_attributes

Yes

Array of objects

Attributes configured for ABAC in the IAM Identity Center instance.

Array length: 0 - 20

Table 5 access_control_attributes

Parameter

Mandatory

Type

Description

key

Yes

String

Name of the attribute associated with the identity in the identity source.

Minimum length: 1

Maximum length: 128

value

Yes

Object

Mapping the specified attribute to the identity source.

Table 6 value

Parameter

Mandatory

Type

Description

source

Yes

Array of strings

Mapping the specified attribute to the identity source.

Minimum length: 0

Maximum length: 255

Array length: 1-1

Response Parameters

Status code: 400

Table 7 Parameters in the response body

Parameter

Type

Description

error_code

String

Error code.

error_msg

String

Error message.

request_id

String

Unique ID of a request.

encoded_authorization_message

String

Encrypted error message.

Status code: 403

Table 8 Parameters in the response body

Parameter

Type

Description

error_code

String

Error code.

error_msg

String

Error message.

request_id

String

Unique ID of a request.

encoded_authorization_message

String

Encrypted error message.

Example Request

Updating access control attributes for a specified instance

PUT https://{hostname}/v1/instances/{instance_id}/access-control-attribute-configuration

{
  "instance_access_control_attribute_configuration" : {
    "access_control_attributes" : [ {
      "key" : "email",
      "value" : {
        "source" : [ "${path:emails[primary eq true].value}" ]
      }
    }, {
      "key" : "nickName",
      "value" : {
        "source" : [ "${path:nickName}" ]
      }
    } ]
  }
}

Example Response

None

Status Codes

For details, see Status Codes.

Error Codes

For details, see Error Codes.