Connect / Client / create_security_profile

create_security_profile

Connect.Client.create_security_profile(**kwargs)

Creates a security profile.

For information about security profiles, see Security Profiles in the Amazon Connect Administrator Guide. For a mapping of the API name and user interface name of the security profile permissions, see List of security profile permissions.

See also: AWS API Documentation

Request Syntax

response = client.create_security_profile(
    SecurityProfileName='string',
    Description='string',
    Permissions=[
        'string',
    ],
    InstanceId='string',
    Tags={
        'string': 'string'
    },
    AllowedAccessControlTags={
        'string': 'string'
    },
    TagRestrictedResources=[
        'string',
    ],
    Applications=[
        {
            'Namespace': 'string',
            'ApplicationPermissions': [
                'string',
            ],
            'Type': 'MCP'|'THIRD_PARTY_APPLICATION'
        },
    ],
    HierarchyRestrictedResources=[
        'string',
    ],
    AllowedAccessControlHierarchyGroupId='string',
    AllowedFlowModules=[
        {
            'Type': 'MCP',
            'FlowModuleId': 'string'
        },
    ],
    GranularAccessControlConfiguration={
        'DataTableAccessControlConfiguration': {
            'PrimaryAttributeAccessControlConfiguration': {
                'PrimaryAttributeValues': [
                    {
                        'AccessType': 'ALLOW',
                        'AttributeName': 'string',
                        'Values': [
                            'string',
                        ]
                    },
                ]
            }
        }
    }
)

Parameters:

• SecurityProfileName (string) –

  [REQUIRED]

  The name of the security profile.

• Description (string) – The description of the security profile.

• Permissions (list) –

  Permissions assigned to the security profile. For a list of valid permissions, see List of security profile permissions.

  • (string) –

• InstanceId (string) –

  [REQUIRED]

  The identifier of the Amazon Connect instance. You can find the instance ID in the Amazon Resource Name (ARN) of the instance.

• Tags (dict) –

  The tags used to organize, track, or control access for this resource. For example, { “Tags”: {“key1”:”value1”, “key2”:”value2”} }.

  • (string) –

    • (string) –

• AllowedAccessControlTags (dict) –

  The list of tags that a security profile uses to restrict access to resources in Amazon Connect.

  • (string) –

    • (string) –

• TagRestrictedResources (list) –

  The list of resources that a security profile applies tag restrictions to in Amazon Connect. For a list of Amazon Connect resources that you can tag, see Add tags to resources in Amazon Connect in the Amazon Connect Administrator Guide.

  • (string) –

• Applications (list) –

  A list of third-party applications or MCP Servers that the security profile will give access to.

  • (dict) –

    This API is in preview release for Amazon Connect and is subject to change.

    A third-party application’s metadata.

    • Namespace (string) –

      Namespace of the application that you want to give access to.

    • ApplicationPermissions (list) –

      The permissions that the agent is granted on the application. For third-party applications, only the ACCESS permission is supported. For MCP Servers, the permissions are tool Identifiers accepted by MCP Server.

      • (string) –

    • Type (string) –

      Type of Application.

• HierarchyRestrictedResources (list) –

  The list of resources that a security profile applies hierarchy restrictions to in Amazon Connect. Following are acceptable ResourceNames: User.

  • (string) –

• AllowedAccessControlHierarchyGroupId (string) – The identifier of the hierarchy group that a security profile uses to restrict access to resources in Amazon Connect.

• AllowedFlowModules (list) –

  A list of Flow Modules an AI Agent can invoke as a tool.

  • (dict) –

    A list of Flow Modules an AI Agent can invoke as a tool

    • Type (string) –

      Only Type we support is MCP.

    • FlowModuleId (string) –

      If of Flow Modules invocable as tool

• GranularAccessControlConfiguration (dict) –

  The granular access control configuration for the security profile, including data table permissions.

  • DataTableAccessControlConfiguration (dict) –

    The access control configuration for data tables.

    • PrimaryAttributeAccessControlConfiguration (dict) –

      The configuration’s primary attribute access control configuration.

      • PrimaryAttributeValues (list) –

        The item’s primary attribute values.

        • (dict) –

          A primary attribute value.

          • AccessType (string) –

            The value’s access type.

          • AttributeName (string) –

            The value’s attribute name.

          • Values (list) –

            The value’s values.

            • (string) –

Return type:

dict

Returns:

Response Syntax

{
    'SecurityProfileId': 'string',
    'SecurityProfileArn': 'string'
}

Response Structure

• (dict) –

  • SecurityProfileId (string) –

    The identifier for the security profle.

  • SecurityProfileArn (string) –

    The Amazon Resource Name (ARN) for the security profile.

Exceptions

• Connect.Client.exceptions.InvalidRequestException

• Connect.Client.exceptions.InvalidParameterException

• Connect.Client.exceptions.LimitExceededException

• Connect.Client.exceptions.DuplicateResourceException

• Connect.Client.exceptions.ResourceNotFoundException

• Connect.Client.exceptions.ThrottlingException

• Connect.Client.exceptions.InternalServiceException