Viewing docs for AWS v7.22.0
published on Wednesday, Mar 11, 2026 by Pulumi
published on Wednesday, Mar 11, 2026 by Pulumi
Viewing docs for AWS v7.22.0
published on Wednesday, Mar 11, 2026 by Pulumi
published on Wednesday, Mar 11, 2026 by Pulumi
Resource for managing exclusive AWS SSO Admin Customer Managed Policy Attachments.
This resource is designed to manage all customer managed policy attachments for an SSO permission set. Using this resource, Terraform will remove any customer managed policies attached to the permission set that are not defined in the configuration.
!> WARNING: Do not use this resource together with the aws.ssoadmin.CustomerManagedPolicyAttachment resource for the same permission set. Doing so will cause a conflict and will lead to customer managed policies being removed.
Destruction of this resource means Terraform will no longer manage the customer managed policy attachments, but will not detach any policies. The permission set will retain all customer managed policies that were attached at the time of destruction.
Example Usage
Basic Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = aws.ssoadmin.getInstances({});
const examplePermissionSet = new aws.ssoadmin.PermissionSet("example", {
name: "Example",
instanceArn: example.then(example => example.arns?.[0]),
});
const examplePolicy = new aws.iam.Policy("example", {
name: "TestPolicy",
description: "My test policy",
policy: JSON.stringify({
Version: "2012-10-17",
Statement: [{
Action: ["ec2:Describe*"],
Effect: "Allow",
Resource: "*",
}],
}),
});
const exampleCustomerManagedPolicyAttachmentsExclusive = new aws.ssoadmin.CustomerManagedPolicyAttachmentsExclusive("example", {
instanceArn: example.then(example => example.arns?.[0]),
permissionSetArn: examplePermissionSet.arn,
customerManagedPolicyReferences: [{
name: examplePolicy.name,
path: "/",
}],
});
import pulumi
import json
import pulumi_aws as aws
example = aws.ssoadmin.get_instances()
example_permission_set = aws.ssoadmin.PermissionSet("example",
name="Example",
instance_arn=example.arns[0])
example_policy = aws.iam.Policy("example",
name="TestPolicy",
description="My test policy",
policy=json.dumps({
"Version": "2012-10-17",
"Statement": [{
"Action": ["ec2:Describe*"],
"Effect": "Allow",
"Resource": "*",
}],
}))
example_customer_managed_policy_attachments_exclusive = aws.ssoadmin.CustomerManagedPolicyAttachmentsExclusive("example",
instance_arn=example.arns[0],
permission_set_arn=example_permission_set.arn,
customer_managed_policy_references=[{
"name": example_policy.name,
"path": "/",
}])
package main
import (
"encoding/json"
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/iam"
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/ssoadmin"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := ssoadmin.GetInstances(ctx, &ssoadmin.GetInstancesArgs{}, nil)
if err != nil {
return err
}
examplePermissionSet, err := ssoadmin.NewPermissionSet(ctx, "example", &ssoadmin.PermissionSetArgs{
Name: pulumi.String("Example"),
InstanceArn: pulumi.String(example.Arns[0]),
})
if err != nil {
return err
}
tmpJSON0, err := json.Marshal(map[string]interface{}{
"Version": "2012-10-17",
"Statement": []map[string]interface{}{
map[string]interface{}{
"Action": []string{
"ec2:Describe*",
},
"Effect": "Allow",
"Resource": "*",
},
},
})
if err != nil {
return err
}
json0 := string(tmpJSON0)
examplePolicy, err := iam.NewPolicy(ctx, "example", &iam.PolicyArgs{
Name: pulumi.String("TestPolicy"),
Description: pulumi.String("My test policy"),
Policy: pulumi.String(json0),
})
if err != nil {
return err
}
_, err = ssoadmin.NewCustomerManagedPolicyAttachmentsExclusive(ctx, "example", &ssoadmin.CustomerManagedPolicyAttachmentsExclusiveArgs{
InstanceArn: pulumi.String(example.Arns[0]),
PermissionSetArn: examplePermissionSet.Arn,
CustomerManagedPolicyReferences: ssoadmin.CustomerManagedPolicyAttachmentsExclusiveCustomerManagedPolicyReferenceArray{
&ssoadmin.CustomerManagedPolicyAttachmentsExclusiveCustomerManagedPolicyReferenceArgs{
Name: examplePolicy.Name,
Path: pulumi.String("/"),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using System.Text.Json;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = Aws.SsoAdmin.GetInstances.Invoke();
var examplePermissionSet = new Aws.SsoAdmin.PermissionSet("example", new()
{
Name = "Example",
InstanceArn = example.Apply(getInstancesResult => getInstancesResult.Arns[0]),
});
var examplePolicy = new Aws.Iam.Policy("example", new()
{
Name = "TestPolicy",
Description = "My test policy",
PolicyDocument = JsonSerializer.Serialize(new Dictionary<string, object?>
{
["Version"] = "2012-10-17",
["Statement"] = new[]
{
new Dictionary<string, object?>
{
["Action"] = new[]
{
"ec2:Describe*",
},
["Effect"] = "Allow",
["Resource"] = "*",
},
},
}),
});
var exampleCustomerManagedPolicyAttachmentsExclusive = new Aws.SsoAdmin.CustomerManagedPolicyAttachmentsExclusive("example", new()
{
InstanceArn = example.Apply(getInstancesResult => getInstancesResult.Arns[0]),
PermissionSetArn = examplePermissionSet.Arn,
CustomerManagedPolicyReferences = new[]
{
new Aws.SsoAdmin.Inputs.CustomerManagedPolicyAttachmentsExclusiveCustomerManagedPolicyReferenceArgs
{
Name = examplePolicy.Name,
Path = "/",
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.ssoadmin.SsoadminFunctions;
import com.pulumi.aws.ssoadmin.inputs.GetInstancesArgs;
import com.pulumi.aws.ssoadmin.PermissionSet;
import com.pulumi.aws.ssoadmin.PermissionSetArgs;
import com.pulumi.aws.iam.Policy;
import com.pulumi.aws.iam.PolicyArgs;
import com.pulumi.aws.ssoadmin.CustomerManagedPolicyAttachmentsExclusive;
import com.pulumi.aws.ssoadmin.CustomerManagedPolicyAttachmentsExclusiveArgs;
import com.pulumi.aws.ssoadmin.inputs.CustomerManagedPolicyAttachmentsExclusiveCustomerManagedPolicyReferenceArgs;
import static com.pulumi.codegen.internal.Serialization.*;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var example = SsoadminFunctions.getInstances(GetInstancesArgs.builder()
.build());
var examplePermissionSet = new PermissionSet("examplePermissionSet", PermissionSetArgs.builder()
.name("Example")
.instanceArn(example.arns()[0])
.build());
var examplePolicy = new Policy("examplePolicy", PolicyArgs.builder()
.name("TestPolicy")
.description("My test policy")
.policy(serializeJson(
jsonObject(
jsonProperty("Version", "2012-10-17"),
jsonProperty("Statement", jsonArray(jsonObject(
jsonProperty("Action", jsonArray("ec2:Describe*")),
jsonProperty("Effect", "Allow"),
jsonProperty("Resource", "*")
)))
)))
.build());
var exampleCustomerManagedPolicyAttachmentsExclusive = new CustomerManagedPolicyAttachmentsExclusive("exampleCustomerManagedPolicyAttachmentsExclusive", CustomerManagedPolicyAttachmentsExclusiveArgs.builder()
.instanceArn(example.arns()[0])
.permissionSetArn(examplePermissionSet.arn())
.customerManagedPolicyReferences(CustomerManagedPolicyAttachmentsExclusiveCustomerManagedPolicyReferenceArgs.builder()
.name(examplePolicy.name())
.path("/")
.build())
.build());
}
}
resources:
examplePermissionSet:
type: aws:ssoadmin:PermissionSet
name: example
properties:
name: Example
instanceArn: ${example.arns[0]}
examplePolicy:
type: aws:iam:Policy
name: example
properties:
name: TestPolicy
description: My test policy
policy:
fn::toJSON:
Version: 2012-10-17
Statement:
- Action:
- ec2:Describe*
Effect: Allow
Resource: '*'
exampleCustomerManagedPolicyAttachmentsExclusive:
type: aws:ssoadmin:CustomerManagedPolicyAttachmentsExclusive
name: example
properties:
instanceArn: ${example.arns[0]}
permissionSetArn: ${examplePermissionSet.arn}
customerManagedPolicyReferences:
- name: ${examplePolicy.name}
path: /
variables:
example:
fn::invoke:
function: aws:ssoadmin:getInstances
arguments: {}
Disallow Customer Managed Policy Attachments
To disallow all customer managed policy attachments, omit the customer_managed_policy_reference block.
Any customer managed policies attached to the permission set will be removed.
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.ssoadmin.CustomerManagedPolicyAttachmentsExclusive("example", {
instanceArn: exampleAwsSsoadminInstances.arns[0],
permissionSetArn: exampleAwsSsoadminPermissionSet.arn,
});
import pulumi
import pulumi_aws as aws
example = aws.ssoadmin.CustomerManagedPolicyAttachmentsExclusive("example",
instance_arn=example_aws_ssoadmin_instances["arns"][0],
permission_set_arn=example_aws_ssoadmin_permission_set["arn"])
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/ssoadmin"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := ssoadmin.NewCustomerManagedPolicyAttachmentsExclusive(ctx, "example", &ssoadmin.CustomerManagedPolicyAttachmentsExclusiveArgs{
InstanceArn: pulumi.Any(exampleAwsSsoadminInstances.Arns[0]),
PermissionSetArn: pulumi.Any(exampleAwsSsoadminPermissionSet.Arn),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.SsoAdmin.CustomerManagedPolicyAttachmentsExclusive("example", new()
{
InstanceArn = exampleAwsSsoadminInstances.Arns[0],
PermissionSetArn = exampleAwsSsoadminPermissionSet.Arn,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.ssoadmin.CustomerManagedPolicyAttachmentsExclusive;
import com.pulumi.aws.ssoadmin.CustomerManagedPolicyAttachmentsExclusiveArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new CustomerManagedPolicyAttachmentsExclusive("example", CustomerManagedPolicyAttachmentsExclusiveArgs.builder()
.instanceArn(exampleAwsSsoadminInstances.arns()[0])
.permissionSetArn(exampleAwsSsoadminPermissionSet.arn())
.build());
}
}
resources:
example:
type: aws:ssoadmin:CustomerManagedPolicyAttachmentsExclusive
properties:
instanceArn: ${exampleAwsSsoadminInstances.arns[0]}
permissionSetArn: ${exampleAwsSsoadminPermissionSet.arn}
Create CustomerManagedPolicyAttachmentsExclusive Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new CustomerManagedPolicyAttachmentsExclusive(name: string, args: CustomerManagedPolicyAttachmentsExclusiveArgs, opts?: CustomResourceOptions);@overload
def CustomerManagedPolicyAttachmentsExclusive(resource_name: str,
args: CustomerManagedPolicyAttachmentsExclusiveArgs,
opts: Optional[ResourceOptions] = None)
@overload
def CustomerManagedPolicyAttachmentsExclusive(resource_name: str,
opts: Optional[ResourceOptions] = None,
instance_arn: Optional[str] = None,
permission_set_arn: Optional[str] = None,
customer_managed_policy_references: Optional[Sequence[CustomerManagedPolicyAttachmentsExclusiveCustomerManagedPolicyReferenceArgs]] = None,
region: Optional[str] = None,
timeouts: Optional[CustomerManagedPolicyAttachmentsExclusiveTimeoutsArgs] = None)func NewCustomerManagedPolicyAttachmentsExclusive(ctx *Context, name string, args CustomerManagedPolicyAttachmentsExclusiveArgs, opts ...ResourceOption) (*CustomerManagedPolicyAttachmentsExclusive, error)public CustomerManagedPolicyAttachmentsExclusive(string name, CustomerManagedPolicyAttachmentsExclusiveArgs args, CustomResourceOptions? opts = null)
public CustomerManagedPolicyAttachmentsExclusive(String name, CustomerManagedPolicyAttachmentsExclusiveArgs args)
public CustomerManagedPolicyAttachmentsExclusive(String name, CustomerManagedPolicyAttachmentsExclusiveArgs args, CustomResourceOptions options)
type: aws:ssoadmin:CustomerManagedPolicyAttachmentsExclusive
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args CustomerManagedPolicyAttachmentsExclusiveArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args CustomerManagedPolicyAttachmentsExclusiveArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args CustomerManagedPolicyAttachmentsExclusiveArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args CustomerManagedPolicyAttachmentsExclusiveArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args CustomerManagedPolicyAttachmentsExclusiveArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var customerManagedPolicyAttachmentsExclusiveResource = new Aws.SsoAdmin.CustomerManagedPolicyAttachmentsExclusive("customerManagedPolicyAttachmentsExclusiveResource", new()
{
InstanceArn = "string",
PermissionSetArn = "string",
CustomerManagedPolicyReferences = new[]
{
new Aws.SsoAdmin.Inputs.CustomerManagedPolicyAttachmentsExclusiveCustomerManagedPolicyReferenceArgs
{
Name = "string",
Path = "string",
},
},
Region = "string",
Timeouts = new Aws.SsoAdmin.Inputs.CustomerManagedPolicyAttachmentsExclusiveTimeoutsArgs
{
Create = "string",
Update = "string",
},
});
example, err := ssoadmin.NewCustomerManagedPolicyAttachmentsExclusive(ctx, "customerManagedPolicyAttachmentsExclusiveResource", &ssoadmin.CustomerManagedPolicyAttachmentsExclusiveArgs{
InstanceArn: pulumi.String("string"),
PermissionSetArn: pulumi.String("string"),
CustomerManagedPolicyReferences: ssoadmin.CustomerManagedPolicyAttachmentsExclusiveCustomerManagedPolicyReferenceArray{
&ssoadmin.CustomerManagedPolicyAttachmentsExclusiveCustomerManagedPolicyReferenceArgs{
Name: pulumi.String("string"),
Path: pulumi.String("string"),
},
},
Region: pulumi.String("string"),
Timeouts: &ssoadmin.CustomerManagedPolicyAttachmentsExclusiveTimeoutsArgs{
Create: pulumi.String("string"),
Update: pulumi.String("string"),
},
})
var customerManagedPolicyAttachmentsExclusiveResource = new CustomerManagedPolicyAttachmentsExclusive("customerManagedPolicyAttachmentsExclusiveResource", CustomerManagedPolicyAttachmentsExclusiveArgs.builder()
.instanceArn("string")
.permissionSetArn("string")
.customerManagedPolicyReferences(CustomerManagedPolicyAttachmentsExclusiveCustomerManagedPolicyReferenceArgs.builder()
.name("string")
.path("string")
.build())
.region("string")
.timeouts(CustomerManagedPolicyAttachmentsExclusiveTimeoutsArgs.builder()
.create("string")
.update("string")
.build())
.build());
customer_managed_policy_attachments_exclusive_resource = aws.ssoadmin.CustomerManagedPolicyAttachmentsExclusive("customerManagedPolicyAttachmentsExclusiveResource",
instance_arn="string",
permission_set_arn="string",
customer_managed_policy_references=[{
"name": "string",
"path": "string",
}],
region="string",
timeouts={
"create": "string",
"update": "string",
})
const customerManagedPolicyAttachmentsExclusiveResource = new aws.ssoadmin.CustomerManagedPolicyAttachmentsExclusive("customerManagedPolicyAttachmentsExclusiveResource", {
instanceArn: "string",
permissionSetArn: "string",
customerManagedPolicyReferences: [{
name: "string",
path: "string",
}],
region: "string",
timeouts: {
create: "string",
update: "string",
},
});
type: aws:ssoadmin:CustomerManagedPolicyAttachmentsExclusive
properties:
customerManagedPolicyReferences:
- name: string
path: string
instanceArn: string
permissionSetArn: string
region: string
timeouts:
create: string
update: string
CustomerManagedPolicyAttachmentsExclusive Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The CustomerManagedPolicyAttachmentsExclusive resource accepts the following input properties:
- Instance
Arn string - ARN of the SSO Instance.
- Permission
Set stringArn ARN of the Permission Set.
The following arguments are optional:
- Customer
Managed List<CustomerPolicy References Managed Policy Attachments Exclusive Customer Managed Policy Reference> - Specifies the names and paths of the customer managed policies to attach. See Customer Managed Policy Reference below.
- Region string
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- Timeouts
Customer
Managed Policy Attachments Exclusive Timeouts
- Instance
Arn string - ARN of the SSO Instance.
- Permission
Set stringArn ARN of the Permission Set.
The following arguments are optional:
- Customer
Managed []CustomerPolicy References Managed Policy Attachments Exclusive Customer Managed Policy Reference Args - Specifies the names and paths of the customer managed policies to attach. See Customer Managed Policy Reference below.
- Region string
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- Timeouts
Customer
Managed Policy Attachments Exclusive Timeouts Args
- instance
Arn String - ARN of the SSO Instance.
- permission
Set StringArn ARN of the Permission Set.
The following arguments are optional:
- customer
Managed List<CustomerPolicy References Managed Policy Attachments Exclusive Customer Managed Policy Reference> - Specifies the names and paths of the customer managed policies to attach. See Customer Managed Policy Reference below.
- region String
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- timeouts
Customer
Managed Policy Attachments Exclusive Timeouts
- instance
Arn string - ARN of the SSO Instance.
- permission
Set stringArn ARN of the Permission Set.
The following arguments are optional:
- customer
Managed CustomerPolicy References Managed Policy Attachments Exclusive Customer Managed Policy Reference[] - Specifies the names and paths of the customer managed policies to attach. See Customer Managed Policy Reference below.
- region string
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- timeouts
Customer
Managed Policy Attachments Exclusive Timeouts
- instance_
arn str - ARN of the SSO Instance.
- permission_
set_ strarn ARN of the Permission Set.
The following arguments are optional:
- customer_
managed_ Sequence[Customerpolicy_ references Managed Policy Attachments Exclusive Customer Managed Policy Reference Args] - Specifies the names and paths of the customer managed policies to attach. See Customer Managed Policy Reference below.
- region str
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- timeouts
Customer
Managed Policy Attachments Exclusive Timeouts Args
- instance
Arn String - ARN of the SSO Instance.
- permission
Set StringArn ARN of the Permission Set.
The following arguments are optional:
- customer
Managed List<Property Map>Policy References - Specifies the names and paths of the customer managed policies to attach. See Customer Managed Policy Reference below.
- region String
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- timeouts Property Map
Outputs
All input properties are implicitly available as output properties. Additionally, the CustomerManagedPolicyAttachmentsExclusive resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing CustomerManagedPolicyAttachmentsExclusive Resource
Get an existing CustomerManagedPolicyAttachmentsExclusive resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: CustomerManagedPolicyAttachmentsExclusiveState, opts?: CustomResourceOptions): CustomerManagedPolicyAttachmentsExclusive@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
customer_managed_policy_references: Optional[Sequence[CustomerManagedPolicyAttachmentsExclusiveCustomerManagedPolicyReferenceArgs]] = None,
instance_arn: Optional[str] = None,
permission_set_arn: Optional[str] = None,
region: Optional[str] = None,
timeouts: Optional[CustomerManagedPolicyAttachmentsExclusiveTimeoutsArgs] = None) -> CustomerManagedPolicyAttachmentsExclusivefunc GetCustomerManagedPolicyAttachmentsExclusive(ctx *Context, name string, id IDInput, state *CustomerManagedPolicyAttachmentsExclusiveState, opts ...ResourceOption) (*CustomerManagedPolicyAttachmentsExclusive, error)public static CustomerManagedPolicyAttachmentsExclusive Get(string name, Input<string> id, CustomerManagedPolicyAttachmentsExclusiveState? state, CustomResourceOptions? opts = null)public static CustomerManagedPolicyAttachmentsExclusive get(String name, Output<String> id, CustomerManagedPolicyAttachmentsExclusiveState state, CustomResourceOptions options)resources: _: type: aws:ssoadmin:CustomerManagedPolicyAttachmentsExclusive get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Customer
Managed List<CustomerPolicy References Managed Policy Attachments Exclusive Customer Managed Policy Reference> - Specifies the names and paths of the customer managed policies to attach. See Customer Managed Policy Reference below.
- Instance
Arn string - ARN of the SSO Instance.
- Permission
Set stringArn ARN of the Permission Set.
The following arguments are optional:
- Region string
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- Timeouts
Customer
Managed Policy Attachments Exclusive Timeouts
- Customer
Managed []CustomerPolicy References Managed Policy Attachments Exclusive Customer Managed Policy Reference Args - Specifies the names and paths of the customer managed policies to attach. See Customer Managed Policy Reference below.
- Instance
Arn string - ARN of the SSO Instance.
- Permission
Set stringArn ARN of the Permission Set.
The following arguments are optional:
- Region string
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- Timeouts
Customer
Managed Policy Attachments Exclusive Timeouts Args
- customer
Managed List<CustomerPolicy References Managed Policy Attachments Exclusive Customer Managed Policy Reference> - Specifies the names and paths of the customer managed policies to attach. See Customer Managed Policy Reference below.
- instance
Arn String - ARN of the SSO Instance.
- permission
Set StringArn ARN of the Permission Set.
The following arguments are optional:
- region String
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- timeouts
Customer
Managed Policy Attachments Exclusive Timeouts
- customer
Managed CustomerPolicy References Managed Policy Attachments Exclusive Customer Managed Policy Reference[] - Specifies the names and paths of the customer managed policies to attach. See Customer Managed Policy Reference below.
- instance
Arn string - ARN of the SSO Instance.
- permission
Set stringArn ARN of the Permission Set.
The following arguments are optional:
- region string
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- timeouts
Customer
Managed Policy Attachments Exclusive Timeouts
- customer_
managed_ Sequence[Customerpolicy_ references Managed Policy Attachments Exclusive Customer Managed Policy Reference Args] - Specifies the names and paths of the customer managed policies to attach. See Customer Managed Policy Reference below.
- instance_
arn str - ARN of the SSO Instance.
- permission_
set_ strarn ARN of the Permission Set.
The following arguments are optional:
- region str
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- timeouts
Customer
Managed Policy Attachments Exclusive Timeouts Args
- customer
Managed List<Property Map>Policy References - Specifies the names and paths of the customer managed policies to attach. See Customer Managed Policy Reference below.
- instance
Arn String - ARN of the SSO Instance.
- permission
Set StringArn ARN of the Permission Set.
The following arguments are optional:
- region String
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- timeouts Property Map
Supporting Types
CustomerManagedPolicyAttachmentsExclusiveCustomerManagedPolicyReference, CustomerManagedPolicyAttachmentsExclusiveCustomerManagedPolicyReferenceArgs
- Name string
- Name of the customer managed IAM Policy to be attached.
- Path string
- The path to the IAM policy to be attached. The default is
/. See IAM Identifiers for more information.
- Name string
- Name of the customer managed IAM Policy to be attached.
- Path string
- The path to the IAM policy to be attached. The default is
/. See IAM Identifiers for more information.
- name String
- Name of the customer managed IAM Policy to be attached.
- path String
- The path to the IAM policy to be attached. The default is
/. See IAM Identifiers for more information.
- name string
- Name of the customer managed IAM Policy to be attached.
- path string
- The path to the IAM policy to be attached. The default is
/. See IAM Identifiers for more information.
- name str
- Name of the customer managed IAM Policy to be attached.
- path str
- The path to the IAM policy to be attached. The default is
/. See IAM Identifiers for more information.
- name String
- Name of the customer managed IAM Policy to be attached.
- path String
- The path to the IAM policy to be attached. The default is
/. See IAM Identifiers for more information.
CustomerManagedPolicyAttachmentsExclusiveTimeouts, CustomerManagedPolicyAttachmentsExclusiveTimeoutsArgs
- Create string
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- Update string
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- Create string
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- Update string
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- create String
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- update String
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- create string
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- update string
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- create str
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- update str
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- create String
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- update String
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
Import
Identity Schema
Required
instance_arn(String) ARN of the SSO Instance.permission_set_arn(String) ARN of the Permission Set.
Optional
region(String) Region where this resource is managed.
Using pulumi import, import SSO Admin Customer Managed Policy Attachments Exclusive using the instance_arn and permission_set_arn arguments, separated by a comma (,). For example:
$ pulumi import aws:ssoadmin/customerManagedPolicyAttachmentsExclusive:CustomerManagedPolicyAttachmentsExclusive example arn:aws:sso:::instance/ssoins-1234567890abcdef,arn:aws:sso:::permissionSet/ssoins-1234567890abcdef/ps-1234567890abcdef
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- AWS Classic pulumi/pulumi-aws
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
awsTerraform Provider.
Viewing docs for AWS v7.22.0
published on Wednesday, Mar 11, 2026 by Pulumi
published on Wednesday, Mar 11, 2026 by Pulumi
