AccessControlAttribute - IAM Identity Center
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).


These are IAM Identity Center identity store attributes that you can configure for use in attributes-based access control (ABAC). You can create permissions policies that determine who can access your Amazon resources based upon the configured attribute values. When you enable ABAC and specify AccessControlAttributes, IAM Identity Center passes the attribute values of the authenticated user into IAM for use in policy evaluation.



The name of the attribute associated with your identities in your identity source. This is used to map a specified attribute in your identity source with an attribute in IAM Identity Center.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: [\p{L}\p{Z}\p{N}_.:\/=+\-@]+

Required: Yes


The value used for mapping a specified attribute to an identity source.

Type: AccessControlAttributeValue object

Required: Yes

See Also

For more information about using this API in one of the language-specific Amazon SDKs, see the following: