AWS singlesignon documentation change
Summary
Added documentation about member account access, new response fields (CreatedAt, CreatedBy, UpdatedAt, UpdatedBy), and KMS-related error reason explanations
Security assessment
The change adds documentation about limiting access from member accounts and clarifies KMS-related error handling. While these relate to security practices, there's no evidence of addressing a specific vulnerability. The updates improve security documentation by explaining access controls and encryption key management interactions.
Diff
diff --git a/singlesignon/latest/IdentityStoreAPIReference/API_ListGroupMemberships.md b/singlesignon/latest/IdentityStoreAPIReference/API_ListGroupMemberships.md index 18205e263..0e414dc19 100644 --- a//singlesignon/latest/IdentityStoreAPIReference/API_ListGroupMemberships.md +++ b//singlesignon/latest/IdentityStoreAPIReference/API_ListGroupMemberships.md @@ -8,0 +9,6 @@ Request SyntaxRequest ParametersResponse SyntaxResponse ElementsErrorsExamplesSe +For the specified group in the specified identity store, returns the list of all ` GroupMembership` objects and returns results in paginated form. + +###### Note + +If you have access to a member account, you can use this API operation from the member account. For more information, see [Limiting access to the identity store from member accounts](https://docs.aws.amazon.com/singlesignon/latest/userguide/manage-your-accounts.html#limiting-access-from-member-accounts) in the _AWS IAM Identity Center User Guide_. + @@ -80,0 +87,2 @@ Required: No + "[CreatedAt](./API_GroupMembership.html#singlesignon-Type-GroupMembership-CreatedAt)": **_number_** , + "[CreatedBy](./API_GroupMembership.html#singlesignon-Type-GroupMembership-CreatedBy)": "**_string_** ", @@ -84 +92,3 @@ Required: No - "[MembershipId](./API_GroupMembership.html#singlesignon-Type-GroupMembership-MembershipId)": "**_string_** " + "[MembershipId](./API_GroupMembership.html#singlesignon-Type-GroupMembership-MembershipId)": "**_string_** ", + "[UpdatedAt](./API_GroupMembership.html#singlesignon-Type-GroupMembership-UpdatedAt)": **_number_** , + "[UpdatedBy](./API_GroupMembership.html#singlesignon-Type-GroupMembership-UpdatedBy)": "**_string_** " @@ -122,0 +133,5 @@ You do not have sufficient access to perform this action. +**Reason** + + +Indicates the reason for an access denial when returned by KMS while accessing a Customer Managed KMS key. For non-KMS access-denied errors, this field is not included. + @@ -151,0 +167,5 @@ Indicates that a requested resource is not found. +**Reason** + + +Indicates the reason for a resource not found error when the service is unable to access a Customer Managed KMS key. For non-KMS permission errors, this field is not included. + @@ -173,0 +194,5 @@ Indicates that the principal has crossed the throttling limits of the API operat +**Reason** + + +Indicates the reason for the throttling error when the service is unable to access a Customer Managed KMS key. For non-KMS permission errors, this field is not included. + @@ -190,0 +216,5 @@ The request failed because it contains a syntax error. +**Reason** + + +Indicates the reason for the validation error when the service is unable to access a Customer Managed KMS key. For non-KMS permission errors, this field is not included. +