Remove AWS Entitlements
Deletes a principal's access from specified AWS accounts using specified permission sets.
Actions that involve adding or removing AWS entitlements take some time to be processed by AWS. This processing time means that the list of entitlements returned by List AWS Entitlements may not reflect all of the entitlements that were added or removed. Additionally, a conflict error can be returned if a remove entitlement action immediately follows an add entitlement before the entitlement was successfully added. To avoid unwanted side effects, you can insert a delay in your flow by using a Wait For function, with a suggested delay time of 30 seconds. This connector will try to complete its task a finite number of times before returning an error if unsuccessful.
|Region||Choose from the list of AWS regions.||Dropdown||TRUE|
|Instance ARN||Choose from the list of available Amazon Resource Names (ARNs) or select -- Enter Instance ARN -- to enter an ARN.||Dropdown||TRUE|
|Account ID||This dropdown displays a maximum of 300 accounts. Choose from the list of available AWS accounts or select -- Enter Account ID -- to enter an ID that doesn't appear in the list.
Note: While the root account does appear in the list of available accounts, the Account ID can't be that of the root account. The root account requires additional permissions associated with the policy that's attached to the customer's role. Disallowing the use of the root account prevents users from providing unnecessary permissions to root.
|Instance ARN||Amazon Resource Name (ARN) identifier of the instance. This field only appears when the -- Enter Instance ARN -- option is chosen from the Instance ARN dropdown in the Options section.||String||TRUE|
|Principal Type||Entity type of the principal.||Dropdown||TRUE|
|Principal ID||GUID identifier of the principal from which to remove the entitlements.||String||TRUE|
|Account ID||Identifier of the AWS account. This field only appears when the -- Enter Account ID -- option is chosen from the Account ID dropdown in the Options section.||String||TRUE|
|Permission Sets||Amazon Resource Names (ARNs) of permission sets to remove from the principal for a specified AWS account. Each AWS account has a default maximum of 50 permission sets, which can be increased by AWS at the request of a customer. See AWS account quotas.||List of Text||TRUE|
|Status Code||Result of the operation. The connector returns an HTTP status code that indicates whether the action taken by the card succeeded or failed. For example:
For a full list of possible status codes, see HTTP status codes.