IdentitystoreClient

The Identity Store service used by IAM Identity Center provides a single place to retrieve all of your identities (users and groups). For more information, see the IAM Identity Center User Guide .

This reference guide describes the identity store operations that you can call programmatically and includes detailed information about data types and errors.

IAM Identity Center uses the sso and identitystore API namespaces.

Installation

NPM
npm install @aws-sdk/client-identitystore
Yarn
yarn add @aws-sdk/client-identitystore
pnpm
pnpm add @aws-sdk/client-identitystore

IdentitystoreClient Operations

Command
Summary
CreateGroupCommand

Creates a group within the specified identity store.

CreateGroupMembershipCommand

Creates a relationship between a member and a group. The following identifiers must be specified: GroupId, IdentityStoreId, and MemberId.

CreateUserCommand

Creates a user within the specified identity store.

DeleteGroupCommand

Delete a group within an identity store given GroupId.

DeleteGroupMembershipCommand

Delete a membership within a group given MembershipId.

DeleteUserCommand

Deletes a user within an identity store given UserId.

DescribeGroupCommand

Retrieves the group metadata and attributes from GroupId in an identity store.

If you have administrator access to a member account, you can use this API from the member account. Read about member accounts  in the Organizations User Guide.

DescribeGroupMembershipCommand

Retrieves membership metadata and attributes from MembershipId in an identity store.

If you have administrator access to a member account, you can use this API from the member account. Read about member accounts  in the Organizations User Guide.

DescribeUserCommand

Retrieves the user metadata and attributes from the UserId in an identity store.

If you have administrator access to a member account, you can use this API from the member account. Read about member accounts  in the Organizations User Guide.

GetGroupIdCommand

Retrieves GroupId in an identity store.

If you have administrator access to a member account, you can use this API from the member account. Read about member accounts  in the Organizations User Guide.

GetGroupMembershipIdCommand

Retrieves the MembershipId in an identity store.

If you have administrator access to a member account, you can use this API from the member account. Read about member accounts  in the Organizations User Guide.

GetUserIdCommand

Retrieves the UserId in an identity store.

If you have administrator access to a member account, you can use this API from the member account. Read about member accounts  in the Organizations User Guide.

IsMemberInGroupsCommand

Checks the user's membership in all requested groups and returns if the member exists in all queried groups.

If you have administrator access to a member account, you can use this API from the member account. Read about member accounts  in the Organizations User Guide.

ListGroupMembershipsCommand

For the specified group in the specified identity store, returns the list of all GroupMembership objects and returns results in paginated form.

If you have administrator access to a member account, you can use this API from the member account. Read about member accounts  in the Organizations User Guide.

ListGroupMembershipsForMemberCommand

For the specified member in the specified identity store, returns the list of all GroupMembership objects and returns results in paginated form.

If you have administrator access to a member account, you can use this API from the member account. Read about member accounts  in the Organizations User Guide.

ListGroupsCommand

Lists all groups in the identity store. Returns a paginated list of complete Group objects. Filtering for a Group by the DisplayName attribute is deprecated. Instead, use the GetGroupId API action.

If you have administrator access to a member account, you can use this API from the member account. Read about member accounts  in the Organizations User Guide.

ListUsersCommand

Lists all users in the identity store. Returns a paginated list of complete User objects. Filtering for a User by the UserName attribute is deprecated. Instead, use the GetUserId API action.

If you have administrator access to a member account, you can use this API from the member account. Read about member accounts  in the Organizations User Guide.

UpdateGroupCommand

For the specified group in the specified identity store, updates the group metadata and attributes.

UpdateUserCommand

For the specified user in the specified identity store, updates the user metadata and attributes.

IdentitystoreClient Configuration

Parameter
Type
Description
defaultsMode
Optional
DefaultsMode | Provider<DefaultsMode>
The @smithy/smithy-client#DefaultsMode that will be used to determine how certain default configuration options are resolved in the SDK.
disableHostPrefix
Optional
boolean
Disable dynamically changing the endpoint of the client based on the hostPrefix trait of an operation.
extensions
Optional
RuntimeExtension[]
Optional extensions
logger
Optional
Logger
Optional logger for logging debug/info/warn/error.
maxAttempts
Optional
number | Provider<number>
Value for how many times a request will be made at most in case of retry.
profile
Optional
string
Setting a client profile is similar to setting a value for the AWS_PROFILE environment variable. Setting a profile on a client in code only affects the single client instance, unlike AWS_PROFILE.When set, and only for environments where an AWS configuration file exists, fields configurable by this file will be retrieved from the specified profile within that file. Conflicting code configuration and environment variables will still have higher priority.For client credential resolution that involves checking the AWS configuration file, the client's profile (this value) will be used unless a different profile is set in the credential provider options.
region
Optional
string | Provider<string>
The AWS region to which this client will send requests
requestHandler
Optional
__HttpHandlerUserInput
The HTTP handler to use or its constructor options. Fetch in browser and Https in Nodejs.
retryMode
Optional
string | Provider<string>
Specifies which retry algorithm to use.
useDualstackEndpoint
Optional
boolean | Provider<boolean>
Enables IPv6/IPv4 dualstack endpoint.
useFipsEndpoint
Optional
boolean | Provider<boolean>
Enables FIPS compatible endpoints.
Additional config fields are described in the full configuration type: IdentitystoreClientConfig