:doc:`AppStream <../../appstream>` / Client / create_entitlement

******************
create_entitlement
******************



.. py:method:: AppStream.Client.create_entitlement(**kwargs)

  

  Creates a new entitlement. Entitlements control access to specific applications within a stack, based on user attributes. Entitlements apply to SAML 2.0 federated user identities. WorkSpaces Applications user pool and streaming URL users are entitled to all applications in a stack. Entitlements don't apply to the desktop stream view application, or to applications managed by a dynamic app provider using the Dynamic Application Framework.

  

  See also: `AWS API Documentation <https://docs.aws.amazon.com/goto/WebAPI/appstream-2016-12-01/CreateEntitlement>`_  


  **Request Syntax**
  ::

    response = client.create_entitlement(
        Name='string',
        StackName='string',
        Description='string',
        AppVisibility='ALL'|'ASSOCIATED',
        Attributes=[
            {
                'Name': 'string',
                'Value': 'string'
            },
        ]
    )
    
  :type Name: string
  :param Name: **[REQUIRED]** 

    The name of the entitlement.

    

  
  :type StackName: string
  :param StackName: **[REQUIRED]** 

    The name of the stack with which the entitlement is associated.

    

  
  :type Description: string
  :param Description: 

    The description of the entitlement.

    

  
  :type AppVisibility: string
  :param AppVisibility: **[REQUIRED]** 

    Specifies whether all or selected apps are entitled.

    

  
  :type Attributes: list
  :param Attributes: **[REQUIRED]** 

    The attributes of the entitlement.

    

  
    - *(dict) --* 

      An attribute associated with an entitlement. Application entitlements work by matching a supported SAML 2.0 attribute name to a value when a user identity federates to a WorkSpaces Applications SAML application.

      

    
      - **Name** *(string) --* **[REQUIRED]** 

        A supported AWS IAM SAML ``PrincipalTag`` attribute that is matched to the associated value when a user identity federates into a WorkSpaces Applications SAML application.

         

        The following are valid values:

         

        
        * roles
         
        * department
         
        * organization
         
        * groups
         
        * title
         
        * costCenter
         
        * userType
        

        

      
      - **Value** *(string) --* **[REQUIRED]** 

        A value that is matched to a supported SAML attribute name when a user identity federates into a WorkSpaces Applications SAML application.

        

      
    

  
  :rtype: dict
  :returns: 
    
    **Response Syntax**

    
    ::

      {
          'Entitlement': {
              'Name': 'string',
              'StackName': 'string',
              'Description': 'string',
              'AppVisibility': 'ALL'|'ASSOCIATED',
              'Attributes': [
                  {
                      'Name': 'string',
                      'Value': 'string'
                  },
              ],
              'CreatedTime': datetime(2015, 1, 1),
              'LastModifiedTime': datetime(2015, 1, 1)
          }
      }
      
    **Response Structure**

    

    - *(dict) --* 
      

      - **Entitlement** *(dict) --* 

        The entitlement.

        
        

        - **Name** *(string) --* 

          The name of the entitlement.

          
        

        - **StackName** *(string) --* 

          The name of the stack with which the entitlement is associated.

          
        

        - **Description** *(string) --* 

          The description of the entitlement.

          
        

        - **AppVisibility** *(string) --* 

          Specifies whether all or selected apps are entitled.

          
        

        - **Attributes** *(list) --* 

          The attributes of the entitlement.

          
          

          - *(dict) --* 

            An attribute associated with an entitlement. Application entitlements work by matching a supported SAML 2.0 attribute name to a value when a user identity federates to a WorkSpaces Applications SAML application.

            
            

            - **Name** *(string) --* 

              A supported AWS IAM SAML ``PrincipalTag`` attribute that is matched to the associated value when a user identity federates into a WorkSpaces Applications SAML application.

               

              The following are valid values:

               

              
              * roles
               
              * department
               
              * organization
               
              * groups
               
              * title
               
              * costCenter
               
              * userType
              

              
            

            - **Value** *(string) --* 

              A value that is matched to a supported SAML attribute name when a user identity federates into a WorkSpaces Applications SAML application.

              
        
      
        

        - **CreatedTime** *(datetime) --* 

          The time when the entitlement was created.

          
        

        - **LastModifiedTime** *(datetime) --* 

          The time when the entitlement was last modified.

          
    
  
  **Exceptions**
  
  *   :py:class:`AppStream.Client.exceptions.OperationNotPermittedException`

  
  *   :py:class:`AppStream.Client.exceptions.ResourceNotFoundException`

  
  *   :py:class:`AppStream.Client.exceptions.LimitExceededException`

  
  *   :py:class:`AppStream.Client.exceptions.EntitlementAlreadyExistsException`

  