AWS singlesignon medium security documentation change
Summary
Added audit fields (CreatedAt/CreatedBy/UpdatedAt/UpdatedBy), member account access note, and KMS-related error reason documentation
Security assessment
Added audit trail fields improve security visibility. KMS-specific error reasons document encryption key access issues. Member account guidance relates to access control security practices.
Diff
diff --git a/singlesignon/latest/IdentityStoreAPIReference/API_DescribeGroup.md b/singlesignon/latest/IdentityStoreAPIReference/API_DescribeGroup.md index 649ff9f3b..decbc1c18 100644 --- a//singlesignon/latest/IdentityStoreAPIReference/API_DescribeGroup.md +++ b//singlesignon/latest/IdentityStoreAPIReference/API_DescribeGroup.md @@ -8,0 +9,6 @@ Request SyntaxRequest ParametersResponse SyntaxResponse ElementsErrorsExamplesSe +Retrieves the group metadata and attributes from `GroupId` in an identity store. + +###### Note + +If you have access to a member account, you can use this API operation from the member account. For more information, see [Limiting access to the identity store from member accounts](https://docs.aws.amazon.com/singlesignon/latest/userguide/manage-your-accounts.html#limiting-access-from-member-accounts) in the _AWS IAM Identity Center User Guide_. + @@ -52,0 +59,2 @@ Required: Yes + "CreatedAt": **_number_** , + "CreatedBy": "**_string_** ", @@ -62 +70,3 @@ Required: Yes - "IdentityStoreId": "**_string_** " + "IdentityStoreId": "**_string_** ", + "UpdatedAt": **_number_** , + "UpdatedBy": "**_string_** " @@ -70,0 +81,14 @@ The following data is returned in JSON format by the service. +**CreatedAt ** + + +The date and time the group was created. + +Type: Timestamp + +**CreatedBy ** + + +The identifier of the user or system that created the group. + +Type: String + @@ -123,0 +148,14 @@ Pattern: `d-[0-9a-f]{10}$|^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a +**UpdatedAt ** + + +The date and time the group was last updated. + +Type: Timestamp + +**UpdatedBy ** + + +The identifier of the user or system that last updated the group. + +Type: String + @@ -132,0 +171,5 @@ You do not have sufficient access to perform this action. +**Reason** + + +Indicates the reason for an access denial when returned by KMS while accessing a Customer Managed KMS key. For non-KMS access-denied errors, this field is not included. + @@ -161,0 +205,5 @@ Indicates that a requested resource is not found. +**Reason** + + +Indicates the reason for a resource not found error when the service is unable to access a Customer Managed KMS key. For non-KMS permission errors, this field is not included. + @@ -183,0 +232,5 @@ Indicates that the principal has crossed the throttling limits of the API operat +**Reason** + + +Indicates the reason for the throttling error when the service is unable to access a Customer Managed KMS key. For non-KMS permission errors, this field is not included. + @@ -200,0 +254,5 @@ The request failed because it contains a syntax error. +**Reason** + + +Indicates the reason for the validation error when the service is unable to access a Customer Managed KMS key. For non-KMS permission errors, this field is not included. +