AWS IAM Identity Center

Refer to the AWS IAM Identity Center User Guide for guidance using AWS IAM Identity Center.

IAM Identity Center Identity Store API Access

The IIdentityStoreClient interface and its implementation TIdentityStoreClient provides access to all AWS IAM Identity Center Access Portal operations.

program ListUsers;

{$APPTYPE CONSOLE}

{$R *.res}

uses
  AWS.IdentityStore,
  System.SysUtils;

var
  Client: IIdentityStoreClient;
  Response: IIdentityStoreListUsersResponse;

begin
  try
    Client := TIdentityStoreClient.Create;
    Response := Client.ListUsers('identity-store-id');
    if Response.IsSuccessful then
      for var LUser in Response.Users do
        Writeln(LUser.UserId, ': ', LUser.DisplayName);
  except
    on E: Exception do
      Writeln(E.ClassName, ': ', E.Message);
  end;
end.

IAM Identity Center Access Portal Single Sign-On Credential Resolution

The Appercept AWS SDK for Delphi will automatically resolve credentials using AWS single sign-on if the current profile is configured appropriately. Here is an example profile configuration:

[profile my-profile]
sso_session = my-sso
sso_account_id = 123456789012
sso_role_name = UserRole

[sso-session my-sso]
sso_region = eu-west-1
sso_start_url = https://my-sso-portal.awsapps.com/start
sso_registration_scopes = sso:account:access

For more information about configuring the AWS SDK, see Shared Configuration.

IAM Identity Center Access Portal API Access

The ISSOClient interface and its implementation TSSOClient provides access to all AWS IAM Identity Center Access Portal operations.

program ListAWSAccountsForUser;

{$APPTYPE CONSOLE}

{$R *.res}

uses
  AWS.SSO,
  System.SysUtils;

var
  Client: ISSOClient;
  Response: ISSOListAccountsResponse;

begin
  try
    Client := TSSOClient.Create;
    Response := Client.ListAccounts('access-token');
    if Response.IsSuccessful then
      for var LAccountInfo in Response.accountList do
        Writeln(LAccountInfo.accountId, ': ', LAccountInfo.accountName);
  except
    on E: Exception do
      Writeln(E.ClassName, ': ', E.Message);
  end;
end.

IAM Identity Center OpenID-Connect (OIDC) API Access

The ISSOOIDCClient interface and its implementation TSSOOIDCClient provides access to all AWS IAM Identity Center OpenID-Connect (OIDC) operations.

program RegisterPublicClient;

{$APPTYPE CONSOLE}

{$R *.res}

uses
  AWS.SSOOIDC,
  System.SysUtils;

var
  Client: ISSOOIDCClient;
  Response: ISSOOIDCRegisterClientResponse;

begin
  try
    Client := TSSOOIDCClient.Create;
    Response := Client.RegisterClient('my-client');
    if Response.IsSuccessful then
      Writeln(Response.clientId, ': ', Response.authorizationEndpoint);
  except
    on E: Exception do
      Writeln(E.ClassName, ': ', E.Message);
  end;
end.

IAM Identity Center Identity Store API Access​

IAM Identity Center Access Portal Single Sign-On Credential Resolution​

IAM Identity Center Access Portal API Access​

IAM Identity Center OpenID-Connect (OIDC) API Access​

IAM Identity Center Identity Store API Access

IAM Identity Center Access Portal Single Sign-On Credential Resolution

IAM Identity Center Access Portal API Access

IAM Identity Center OpenID-Connect (OIDC) API Access