feat(client-sso-admin): Update PutPermissionBoundaryToPermissionSet API's managedPolicyArn pattern to allow valid ARN only. Update ApplicationName to allow white spaces.

Author: awstools

clients/client-sso-admin/README.md

@@ -6,19 +6,27 @@
 
 AWS SDK for JavaScript SSOAdmin Client for Node.js, Browser and React Native.
 
-<p>IAM Identity Center (successor to Single Sign-On) helps you securely create, or connect, your workforce identities and manage
-their access centrally across Amazon Web Services accounts and applications. IAM Identity Center is the recommended
-approach for workforce authentication and authorization in Amazon Web Services, for organizations of
-any size and type.</p>
+<p>IAM Identity Center is the Amazon Web Services solution for connecting your workforce users to Amazon Web Services managed
+applications and other Amazon Web Services resources. You can connect your existing identity provider
+and synchronize users and groups from your directory, or create and manage your users
+directly in IAM Identity Center. You can then use IAM Identity Center for either or both of the following:</p>
+<ul>
+<li>
+<p>User access to applications</p>
+</li>
+<li>
+<p>User access to Amazon Web Services accounts</p>
+</li>
+</ul>
+<p>This guide provides information about single sign-on operations that you can use for access to applications and
+Amazon Web Services accounts. For information about IAM Identity Center features, see the
+<a href="https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html">IAM Identity Center
+User Guide</a>.</p>
 <note>
 <p>IAM Identity Center uses the <code>sso</code> and <code>identitystore</code> API
 namespaces.</p>
 </note>
-<p>This reference guide provides information on single sign-on operations which could be
-used for access management of Amazon Web Services accounts. For information about IAM Identity Center features, see
-the <a href="https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html">IAM Identity Center
-User Guide</a>.</p>
-<p>Many operations in the IAM Identity Center APIs rely on identifiers for users and groups, known as
+<p>Many API operations for IAM Identity Center rely on identifiers for users and groups, known as
 principals. For more information about how to work with principals and principal IDs in
 IAM Identity Center, see the <a href="https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/welcome.html">Identity Store API
 Reference</a>.</p>

clients/client-sso-admin/src/SSOAdmin.ts

@@ -1661,19 +1661,27 @@ export interface SSOAdmin {
 }
 
 /**
- * <p>IAM Identity Center (successor to Single Sign-On) helps you securely create, or connect, your workforce identities and manage
- *             their access centrally across Amazon Web Services accounts and applications. IAM Identity Center is the recommended
- *             approach for workforce authentication and authorization in Amazon Web Services, for organizations of
- *             any size and type.</p>
+ * <p>IAM Identity Center is the Amazon Web Services solution for connecting your workforce users to Amazon Web Services managed
+ *             applications and other Amazon Web Services resources. You can connect your existing identity provider
+ *             and synchronize users and groups from your directory, or create and manage your users
+ *             directly in IAM Identity Center. You can then use IAM Identity Center for either or both of the following:</p>
+ *          <ul>
+ *             <li>
+ *                <p>User access to applications</p>
+ *             </li>
+ *             <li>
+ *                <p>User access to Amazon Web Services accounts</p>
+ *             </li>
+ *          </ul>
+ *          <p>This guide provides information about single sign-on operations that you can use for access to applications and
+ *             Amazon Web Services accounts. For information about IAM Identity Center features, see the
+ *             <a href="https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html">IAM Identity Center
+ *                 User Guide</a>.</p>
  *          <note>
  *             <p>IAM Identity Center uses the <code>sso</code> and <code>identitystore</code> API
  *                 namespaces.</p>
  *          </note>
- *          <p>This reference guide provides information on single sign-on operations which could be
- *             used for access management of Amazon Web Services accounts. For information about IAM Identity Center features, see
- *             the <a href="https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html">IAM Identity Center
- *                 User Guide</a>.</p>
- *          <p>Many operations in the IAM Identity Center APIs rely on identifiers for users and groups, known as
+ *          <p>Many API operations for IAM Identity Center rely on identifiers for users and groups, known as
  *             principals. For more information about how to work with principals and principal IDs in
  *             IAM Identity Center, see the <a href="https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/welcome.html">Identity Store API
  *                 Reference</a>.</p>

clients/client-sso-admin/src/SSOAdminClient.ts

@@ -667,19 +667,27 @@ export type SSOAdminClientResolvedConfigType = __SmithyResolvedConfiguration<__H
 export interface SSOAdminClientResolvedConfig extends SSOAdminClientResolvedConfigType {}
 
 /**
- * <p>IAM Identity Center (successor to Single Sign-On) helps you securely create, or connect, your workforce identities and manage
- *             their access centrally across Amazon Web Services accounts and applications. IAM Identity Center is the recommended
- *             approach for workforce authentication and authorization in Amazon Web Services, for organizations of
- *             any size and type.</p>
+ * <p>IAM Identity Center is the Amazon Web Services solution for connecting your workforce users to Amazon Web Services managed
+ *             applications and other Amazon Web Services resources. You can connect your existing identity provider
+ *             and synchronize users and groups from your directory, or create and manage your users
+ *             directly in IAM Identity Center. You can then use IAM Identity Center for either or both of the following:</p>
+ *          <ul>
+ *             <li>
+ *                <p>User access to applications</p>
+ *             </li>
+ *             <li>
+ *                <p>User access to Amazon Web Services accounts</p>
+ *             </li>
+ *          </ul>
+ *          <p>This guide provides information about single sign-on operations that you can use for access to applications and
+ *             Amazon Web Services accounts. For information about IAM Identity Center features, see the
+ *             <a href="https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html">IAM Identity Center
+ *                 User Guide</a>.</p>
  *          <note>
  *             <p>IAM Identity Center uses the <code>sso</code> and <code>identitystore</code> API
  *                 namespaces.</p>
  *          </note>
- *          <p>This reference guide provides information on single sign-on operations which could be
- *             used for access management of Amazon Web Services accounts. For information about IAM Identity Center features, see
- *             the <a href="https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html">IAM Identity Center
- *                 User Guide</a>.</p>
- *          <p>Many operations in the IAM Identity Center APIs rely on identifiers for users and groups, known as
+ *          <p>Many API operations for IAM Identity Center rely on identifiers for users and groups, known as
  *             principals. For more information about how to work with principals and principal IDs in
  *             IAM Identity Center, see the <a href="https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/welcome.html">Identity Store API
  *                 Reference</a>.</p>

clients/client-sso-admin/src/commands/CreateApplicationCommand.ts

@@ -28,7 +28,17 @@ export interface CreateApplicationCommandInput extends CreateApplicationRequest
 export interface CreateApplicationCommandOutput extends CreateApplicationResponse, __MetadataBearer {}
 
 /**
- * <p>Creates an application in IAM Identity Center for the given application provider.</p>
+ * <p>Creates an OAuth 2.0 customer managed application in IAM Identity Center for the given
+ *             application provider.</p>
+ *          <note>
+ *             <p>This API does not support creating SAML 2.0 customer managed applications or Amazon Web Services
+ *                 managed applications. To learn how to create an Amazon Web Services managed application, see the
+ *                 application user guide. You can create a SAML 2.0 customer managed application in
+ *                 the Amazon Web Services Management Console only. See <a href="https://docs.aws.amazon.com/singlesignon/latest/userguide/customermanagedapps-saml2-setup.html">Setting
+ *                     up customer managed SAML 2.0 applications</a>. For more information on these
+ *                 application types, see <a href="https://docs.aws.amazon.com/singlesignon/latest/userguide/awsapps.html">Amazon Web Services managed
+ *                     applications</a>.</p>
+ *          </note>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript

clients/client-sso-admin/src/commands/CreateInstanceCommand.ts

@@ -29,8 +29,8 @@ export interface CreateInstanceCommandOutput extends CreateInstanceResponse, __M
 
 /**
  * <p>Creates an instance of IAM Identity Center for a standalone Amazon Web Services account that is not
- *             managed by Organizations or a member Amazon Web Services account in an organization. You can
- *             create only one instance per account and across all Amazon Web Services Regions.</p>
+ *             managed by Organizations or a member Amazon Web Services account in an organization. You can create only
+ *             one instance per account and across all Amazon Web Services Regions.</p>
  *          <p>The CreateInstance request is rejected if the following apply: </p>
  *          <ul>
  *             <li>

clients/client-sso-admin/src/commands/CreateTrustedTokenIssuerCommand.ts

@@ -28,10 +28,12 @@ export interface CreateTrustedTokenIssuerCommandInput extends CreateTrustedToken
 export interface CreateTrustedTokenIssuerCommandOutput extends CreateTrustedTokenIssuerResponse, __MetadataBearer {}
 
 /**
- * <p>Creates a connection to a trusted token issuer in an instance of IAM Identity Center. A trusted token issuer enables trusted identity propagation to be used with applications that authenticate outside of Amazon Web Services.</p>
- *          <p>This trusted token issuer describes an external identity
- *             provider (IdP) that can generate claims or assertions in the form of access tokens for a
- *             user. Applications enabled for IAM Identity Center can use these tokens for authentication. </p>
+ * <p>Creates a connection to a trusted token issuer in an instance of IAM Identity Center. A trusted token issuer enables trusted
+ *             identity propagation to be used with applications that authenticate outside of
+ *             Amazon Web Services.</p>
+ *          <p>This trusted token issuer describes an external identity provider (IdP) that can generate claims or
+ *             assertions in the form of access tokens for a user. Applications enabled for IAM Identity Center
+ *             can use these tokens for authentication. </p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript

clients/client-sso-admin/src/commands/DeleteTrustedTokenIssuerCommand.ts

@@ -30,7 +30,8 @@ export interface DeleteTrustedTokenIssuerCommandOutput extends DeleteTrustedToke
 /**
  * <p>Deletes a trusted token issuer configuration from an instance of IAM Identity Center.</p>
  *          <note>
- *             <p>Deleting this trusted token issuer configuration will cause users to lose access to any applications that are configured to use the trusted token issuer.</p>
+ *             <p>Deleting this trusted token issuer configuration will cause users to lose access to any
+ *                 applications that are configured to use the trusted token issuer.</p>
  *          </note>
  * @example
  * Use a bare-bones client and the command you need to make an API call.

clients/client-sso-admin/src/commands/DescribeApplicationAssignmentCommand.ts

@@ -33,9 +33,10 @@ export interface DescribeApplicationAssignmentCommandOutput
     __MetadataBearer {}
 
 /**
- * <p>Retrieves a direct assignment of a user or group to an application. If the user doesn’t have a direct assignment to the application,
- *             the user may still have access to the application through a group. Therefore, don’t use this API to test access to an application for a user.
- *             Instead use <a>ListApplicationAssignmentsForPrincipal</a>.</p>
+ * <p>Retrieves a direct assignment of a user or group to an application. If the user
+ *             doesn’t have a direct assignment to the application, the user may still have access to
+ *             the application through a group. Therefore, don’t use this API to test access to an
+ *             application for a user. Instead use <a>ListApplicationAssignmentsForPrincipal</a>.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript

clients/client-sso-admin/src/commands/DescribeApplicationProviderCommand.ts

@@ -30,7 +30,8 @@ export interface DescribeApplicationProviderCommandOutput
     __MetadataBearer {}
 
 /**
- * <p>Retrieves details about a provider that can be used to connect an Amazon Web Services managed application or customer managed application to IAM Identity Center.</p>
+ * <p>Retrieves details about a provider that can be used to connect an Amazon Web Services managed
+ *             application or customer managed application to IAM Identity Center.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript

clients/client-sso-admin/src/commands/DescribeInstanceCommand.ts

@@ -28,19 +28,22 @@ export interface DescribeInstanceCommandInput extends DescribeInstanceRequest {}
 export interface DescribeInstanceCommandOutput extends DescribeInstanceResponse, __MetadataBearer {}
 
 /**
- * <p>Returns the details of an instance of IAM Identity Center. The status can be one of the following:</p>
+ * <p>Returns the details of an instance of IAM Identity Center. The status can be one of the
+ *             following:</p>
  *          <ul>
  *             <li>
  *                <p>
- *                   <code>CREATE_IN_PROGRESS</code> - The instance is in the process of being created. When the
- *                 instance is ready for use, DescribeInstance returns the status of
- *                 <code>ACTIVE</code>. While the instance is in the
- *                 <code>CREATE_IN_PROGRESS</code> state, you can call only DescribeInstance
- *                 and DeleteInstance operations.</p>
+ *                   <code>CREATE_IN_PROGRESS</code> - The instance is in the process of being
+ *                     created. When the instance is ready for use, DescribeInstance returns the status
+ *                     of <code>ACTIVE</code>. While the instance is in the
+ *                         <code>CREATE_IN_PROGRESS</code> state, you can call only DescribeInstance
+ *                     and DeleteInstance operations.</p>
  *             </li>
  *             <li>
  *                <p>
- *                   <code>DELETE_IN_PROGRESS</code> - The instance is being deleted. Returns <code>AccessDeniedException</code> after the delete operation completes. </p>
+ *                   <code>DELETE_IN_PROGRESS</code> - The instance is being deleted. Returns
+ *                         <code>AccessDeniedException</code> after the delete operation completes.
+ *                 </p>
  *             </li>
  *             <li>
  *                <p>

clients/client-sso-admin/src/commands/DescribeTrustedTokenIssuerCommand.ts

@@ -28,8 +28,9 @@ export interface DescribeTrustedTokenIssuerCommandInput extends DescribeTrustedT
 export interface DescribeTrustedTokenIssuerCommandOutput extends DescribeTrustedTokenIssuerResponse, __MetadataBearer {}
 
 /**
- * <p>Retrieves details about a trusted token issuer configuration stored in an instance of IAM Identity Center. Details include the  name of the trusted token issuer, the issuer URL, and the path of the source attribute and the destination attribute for a trusted token issuer configuration.
- *         </p>
+ * <p>Retrieves details about a trusted token issuer configuration stored in an instance of IAM Identity Center. Details
+ *             include the name of the trusted token issuer, the issuer URL, and the path of the source attribute and
+ *             the destination attribute for a trusted token issuer configuration. </p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript

clients/client-sso-admin/src/commands/ListAccountAssignmentsForPrincipalCommand.ts

@@ -37,7 +37,8 @@ export interface ListAccountAssignmentsForPrincipalCommandOutput
 
 /**
  * <p>Retrieves a list of the IAM Identity Center associated Amazon Web Services accounts that the principal has access
- *             to.</p>
+ *             to. This action must be called from the management account containing your organization
+ *             instance of IAM Identity Center. This action is not valid for account instances of IAM Identity Center.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript

clients/client-sso-admin/src/commands/ListApplicationAssignmentsForPrincipalCommand.ts

@@ -37,7 +37,11 @@ export interface ListApplicationAssignmentsForPrincipalCommandOutput
     __MetadataBearer {}
 
 /**
- * <p>Lists the applications to which a specified principal is assigned.</p>
+ * <p>Lists the applications to which a specified principal is assigned. You must provide a
+ *             filter when calling this action from a member account against your organization instance
+ *             of IAM Identity Center. A filter is not required when called from the management account against an
+ *             organization instance of IAM Identity Center, or from a member account against an account instance of
+ *             IAM Identity Center in the same account.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript

clients/client-sso-admin/src/commands/ListApplicationsCommand.ts

@@ -28,9 +28,11 @@ export interface ListApplicationsCommandInput extends ListApplicationsRequest {}
 export interface ListApplicationsCommandOutput extends ListApplicationsResponse, __MetadataBearer {}
 
 /**
- * <p>Lists all applications associated with the instance of IAM Identity Center. When listing applications for an instance
- *             in the management account, member accounts must use the <code>applicationAccount</code>
- *             parameter to filter the list to only applications created from that account.</p>
+ * <p>Lists all applications associated with the instance of IAM Identity Center. When listing
+ *             applications for an organization instance in the management account, member accounts
+ *             must use the <code>applicationAccount</code> parameter to filter the list to only
+ *             applications created from that account. When listing applications for an account
+ *             instance in the same member account, a filter is not required.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript