AWS singlesignon medium security documentation change
Summary
Added audit fields (CreatedAt/CreatedBy/UpdatedAt/UpdatedBy), member account access note, and KMS-related error reason documentation
Security assessment
Audit fields enhance security monitoring capabilities. KMS error documentation addresses encryption key management security aspects. Member account guidance improves access control documentation.
Diff
diff --git a/singlesignon/latest/IdentityStoreAPIReference/API_DescribeGroupMembership.md b/singlesignon/latest/IdentityStoreAPIReference/API_DescribeGroupMembership.md index e9207481d..d150f1376 100644 --- a//singlesignon/latest/IdentityStoreAPIReference/API_DescribeGroupMembership.md +++ b//singlesignon/latest/IdentityStoreAPIReference/API_DescribeGroupMembership.md @@ -8,0 +9,6 @@ Request SyntaxRequest ParametersResponse SyntaxResponse ElementsErrorsExamplesSe +Retrieves membership metadata and attributes from `MembershipId` in an identity store. + +###### Note + +If you have access to a member account, you can use this API operation from the member account. For more information, see [Limiting access to the identity store from member accounts](https://docs.aws.amazon.com/singlesignon/latest/userguide/manage-your-accounts.html#limiting-access-from-member-accounts) in the _AWS IAM Identity Center User Guide_. + @@ -52,0 +59,2 @@ Required: Yes + "CreatedAt": **_number_** , + "CreatedBy": "**_string_** ", @@ -56 +64,3 @@ Required: Yes - "MembershipId": "**_string_** " + "MembershipId": "**_string_** ", + "UpdatedAt": **_number_** , + "UpdatedBy": "**_string_** " @@ -64,0 +75,14 @@ The following data is returned in JSON format by the service. +**CreatedAt ** + + +The date and time the group membership was created. + +Type: Timestamp + +**CreatedBy ** + + +The identifier of the user or system that created the group membership. + +Type: String + @@ -106,0 +131,14 @@ Pattern: `([0-9a-f]{10}-|)[A-Fa-f0-9]{8}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0- +**UpdatedAt ** + + +The date and time the group membership was last updated. + +Type: Timestamp + +**UpdatedBy ** + + +The identifier of the user or system that last updated the group membership. + +Type: String + @@ -115,0 +154,5 @@ You do not have sufficient access to perform this action. +**Reason** + + +Indicates the reason for an access denial when returned by KMS while accessing a Customer Managed KMS key. For non-KMS access-denied errors, this field is not included. + @@ -144,0 +188,5 @@ Indicates that a requested resource is not found. +**Reason** + + +Indicates the reason for a resource not found error when the service is unable to access a Customer Managed KMS key. For non-KMS permission errors, this field is not included. + @@ -166,0 +215,5 @@ Indicates that the principal has crossed the throttling limits of the API operat +**Reason** + + +Indicates the reason for the throttling error when the service is unable to access a Customer Managed KMS key. For non-KMS permission errors, this field is not included. + @@ -183,0 +237,5 @@ The request failed because it contains a syntax error. +**Reason** + + +Indicates the reason for the validation error when the service is unable to access a Customer Managed KMS key. For non-KMS permission errors, this field is not included. +