Docs
PackagesTry AWS Native preview for resources not in the classic version.
AWS Classic v6.32.0 published on Friday, Apr 19, 2024 by Pulumi
aws.ssoadmin.PermissionsBoundaryAttachment
Explore with Pulumi AI
Try AWS Native preview for resources not in the classic version.
AWS Classic v6.32.0 published on Friday, Apr 19, 2024 by Pulumi
Attaches a permissions boundary policy to a Single Sign-On (SSO) Permission Set resource.
NOTE: A permission set can have at most one permissions boundary attached; using more than one
aws.ssoadmin.PermissionsBoundaryAttachmentreferences the same permission set will show a permanent difference.
Example Usage
Attaching an AWS-managed policy
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.ssoadmin.PermissionsBoundaryAttachment("example", {
instanceArn: exampleAwsSsoadminPermissionSet.instanceArn,
permissionSetArn: exampleAwsSsoadminPermissionSet.arn,
permissionsBoundary: {
managedPolicyArn: "arn:aws:iam::aws:policy/ReadOnlyAccess",
},
});
import pulumi
import pulumi_aws as aws
example = aws.ssoadmin.PermissionsBoundaryAttachment("example",
instance_arn=example_aws_ssoadmin_permission_set["instanceArn"],
permission_set_arn=example_aws_ssoadmin_permission_set["arn"],
permissions_boundary=aws.ssoadmin.PermissionsBoundaryAttachmentPermissionsBoundaryArgs(
managed_policy_arn="arn:aws:iam::aws:policy/ReadOnlyAccess",
))
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ssoadmin"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := ssoadmin.NewPermissionsBoundaryAttachment(ctx, "example", &ssoadmin.PermissionsBoundaryAttachmentArgs{
InstanceArn: pulumi.Any(exampleAwsSsoadminPermissionSet.InstanceArn),
PermissionSetArn: pulumi.Any(exampleAwsSsoadminPermissionSet.Arn),
PermissionsBoundary: &ssoadmin.PermissionsBoundaryAttachmentPermissionsBoundaryArgs{
ManagedPolicyArn: pulumi.String("arn:aws:iam::aws:policy/ReadOnlyAccess"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.SsoAdmin.PermissionsBoundaryAttachment("example", new()
{
InstanceArn = exampleAwsSsoadminPermissionSet.InstanceArn,
PermissionSetArn = exampleAwsSsoadminPermissionSet.Arn,
PermissionsBoundary = new Aws.SsoAdmin.Inputs.PermissionsBoundaryAttachmentPermissionsBoundaryArgs
{
ManagedPolicyArn = "arn:aws:iam::aws:policy/ReadOnlyAccess",
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.ssoadmin.PermissionsBoundaryAttachment;
import com.pulumi.aws.ssoadmin.PermissionsBoundaryAttachmentArgs;
import com.pulumi.aws.ssoadmin.inputs.PermissionsBoundaryAttachmentPermissionsBoundaryArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new PermissionsBoundaryAttachment("example", PermissionsBoundaryAttachmentArgs.builder()
.instanceArn(exampleAwsSsoadminPermissionSet.instanceArn())
.permissionSetArn(exampleAwsSsoadminPermissionSet.arn())
.permissionsBoundary(PermissionsBoundaryAttachmentPermissionsBoundaryArgs.builder()
.managedPolicyArn("arn:aws:iam::aws:policy/ReadOnlyAccess")
.build())
.build());
}
}
resources:
example:
type: aws:ssoadmin:PermissionsBoundaryAttachment
properties:
instanceArn: ${exampleAwsSsoadminPermissionSet.instanceArn}
permissionSetArn: ${exampleAwsSsoadminPermissionSet.arn}
permissionsBoundary:
managedPolicyArn: arn:aws:iam::aws:policy/ReadOnlyAccess
Create PermissionsBoundaryAttachment Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new PermissionsBoundaryAttachment(name: string, args: PermissionsBoundaryAttachmentArgs, opts?: CustomResourceOptions);@overload
def PermissionsBoundaryAttachment(resource_name: str,
args: PermissionsBoundaryAttachmentArgs,
opts: Optional[ResourceOptions] = None)
@overload
def PermissionsBoundaryAttachment(resource_name: str,
opts: Optional[ResourceOptions] = None,
instance_arn: Optional[str] = None,
permission_set_arn: Optional[str] = None,
permissions_boundary: Optional[PermissionsBoundaryAttachmentPermissionsBoundaryArgs] = None)func NewPermissionsBoundaryAttachment(ctx *Context, name string, args PermissionsBoundaryAttachmentArgs, opts ...ResourceOption) (*PermissionsBoundaryAttachment, error)public PermissionsBoundaryAttachment(string name, PermissionsBoundaryAttachmentArgs args, CustomResourceOptions? opts = null)
public PermissionsBoundaryAttachment(String name, PermissionsBoundaryAttachmentArgs args)
public PermissionsBoundaryAttachment(String name, PermissionsBoundaryAttachmentArgs args, CustomResourceOptions options)
type: aws:ssoadmin:PermissionsBoundaryAttachment
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args PermissionsBoundaryAttachmentArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args PermissionsBoundaryAttachmentArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args PermissionsBoundaryAttachmentArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args PermissionsBoundaryAttachmentArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args PermissionsBoundaryAttachmentArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Example
The following reference example uses placeholder values for all input properties.
var permissionsBoundaryAttachmentResource = new Aws.SsoAdmin.PermissionsBoundaryAttachment("permissionsBoundaryAttachmentResource", new()
{
InstanceArn = "string",
PermissionSetArn = "string",
PermissionsBoundary = new Aws.SsoAdmin.Inputs.PermissionsBoundaryAttachmentPermissionsBoundaryArgs
{
CustomerManagedPolicyReference = new Aws.SsoAdmin.Inputs.PermissionsBoundaryAttachmentPermissionsBoundaryCustomerManagedPolicyReferenceArgs
{
Name = "string",
Path = "string",
},
ManagedPolicyArn = "string",
},
});
example, err := ssoadmin.NewPermissionsBoundaryAttachment(ctx, "permissionsBoundaryAttachmentResource", &ssoadmin.PermissionsBoundaryAttachmentArgs{
InstanceArn: pulumi.String("string"),
PermissionSetArn: pulumi.String("string"),
PermissionsBoundary: &ssoadmin.PermissionsBoundaryAttachmentPermissionsBoundaryArgs{
CustomerManagedPolicyReference: &ssoadmin.PermissionsBoundaryAttachmentPermissionsBoundaryCustomerManagedPolicyReferenceArgs{
Name: pulumi.String("string"),
Path: pulumi.String("string"),
},
ManagedPolicyArn: pulumi.String("string"),
},
})
var permissionsBoundaryAttachmentResource = new PermissionsBoundaryAttachment("permissionsBoundaryAttachmentResource", PermissionsBoundaryAttachmentArgs.builder()
.instanceArn("string")
.permissionSetArn("string")
.permissionsBoundary(PermissionsBoundaryAttachmentPermissionsBoundaryArgs.builder()
.customerManagedPolicyReference(PermissionsBoundaryAttachmentPermissionsBoundaryCustomerManagedPolicyReferenceArgs.builder()
.name("string")
.path("string")
.build())
.managedPolicyArn("string")
.build())
.build());
permissions_boundary_attachment_resource = aws.ssoadmin.PermissionsBoundaryAttachment("permissionsBoundaryAttachmentResource",
instance_arn="string",
permission_set_arn="string",
permissions_boundary=aws.ssoadmin.PermissionsBoundaryAttachmentPermissionsBoundaryArgs(
customer_managed_policy_reference=aws.ssoadmin.PermissionsBoundaryAttachmentPermissionsBoundaryCustomerManagedPolicyReferenceArgs(
name="string",
path="string",
),
managed_policy_arn="string",
))
const permissionsBoundaryAttachmentResource = new aws.ssoadmin.PermissionsBoundaryAttachment("permissionsBoundaryAttachmentResource", {
instanceArn: "string",
permissionSetArn: "string",
permissionsBoundary: {
customerManagedPolicyReference: {
name: "string",
path: "string",
},
managedPolicyArn: "string",
},
});
type: aws:ssoadmin:PermissionsBoundaryAttachment
properties:
instanceArn: string
permissionSetArn: string
permissionsBoundary:
customerManagedPolicyReference:
name: string
path: string
managedPolicyArn: string
PermissionsBoundaryAttachment Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The PermissionsBoundaryAttachment resource accepts the following input properties:
- Instance
Arn string - The Amazon Resource Name (ARN) of the SSO Instance under which the operation will be executed.
- Permission
Set stringArn - The Amazon Resource Name (ARN) of the Permission Set.
- Permissions
Boundary PermissionsBoundary Attachment Permissions Boundary - The permissions boundary policy. See below.
- Instance
Arn string - The Amazon Resource Name (ARN) of the SSO Instance under which the operation will be executed.
- Permission
Set stringArn - The Amazon Resource Name (ARN) of the Permission Set.
- Permissions
Boundary PermissionsBoundary Attachment Permissions Boundary Args - The permissions boundary policy. See below.
- instance
Arn String - The Amazon Resource Name (ARN) of the SSO Instance under which the operation will be executed.
- permission
Set StringArn - The Amazon Resource Name (ARN) of the Permission Set.
- permissions
Boundary PermissionsBoundary Attachment Permissions Boundary - The permissions boundary policy. See below.
- instance
Arn string - The Amazon Resource Name (ARN) of the SSO Instance under which the operation will be executed.
- permission
Set stringArn - The Amazon Resource Name (ARN) of the Permission Set.
- permissions
Boundary PermissionsBoundary Attachment Permissions Boundary - The permissions boundary policy. See below.
- instance_
arn str - The Amazon Resource Name (ARN) of the SSO Instance under which the operation will be executed.
- permission_
set_ strarn - The Amazon Resource Name (ARN) of the Permission Set.
- permissions_
boundary PermissionsBoundary Attachment Permissions Boundary Args - The permissions boundary policy. See below.
- instance
Arn String - The Amazon Resource Name (ARN) of the SSO Instance under which the operation will be executed.
- permission
Set StringArn - The Amazon Resource Name (ARN) of the Permission Set.
- permissions
Boundary Property Map - The permissions boundary policy. See below.
Outputs
All input properties are implicitly available as output properties. Additionally, the PermissionsBoundaryAttachment resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing PermissionsBoundaryAttachment Resource
Get an existing PermissionsBoundaryAttachment resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: PermissionsBoundaryAttachmentState, opts?: CustomResourceOptions): PermissionsBoundaryAttachment@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
instance_arn: Optional[str] = None,
permission_set_arn: Optional[str] = None,
permissions_boundary: Optional[PermissionsBoundaryAttachmentPermissionsBoundaryArgs] = None) -> PermissionsBoundaryAttachmentfunc GetPermissionsBoundaryAttachment(ctx *Context, name string, id IDInput, state *PermissionsBoundaryAttachmentState, opts ...ResourceOption) (*PermissionsBoundaryAttachment, error)public static PermissionsBoundaryAttachment Get(string name, Input<string> id, PermissionsBoundaryAttachmentState? state, CustomResourceOptions? opts = null)public static PermissionsBoundaryAttachment get(String name, Output<String> id, PermissionsBoundaryAttachmentState state, CustomResourceOptions options)Resource lookup is not supported in YAML- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Instance
Arn string - The Amazon Resource Name (ARN) of the SSO Instance under which the operation will be executed.
- Permission
Set stringArn - The Amazon Resource Name (ARN) of the Permission Set.
- Permissions
Boundary PermissionsBoundary Attachment Permissions Boundary - The permissions boundary policy. See below.
- Instance
Arn string - The Amazon Resource Name (ARN) of the SSO Instance under which the operation will be executed.
- Permission
Set stringArn - The Amazon Resource Name (ARN) of the Permission Set.
- Permissions
Boundary PermissionsBoundary Attachment Permissions Boundary Args - The permissions boundary policy. See below.
- instance
Arn String - The Amazon Resource Name (ARN) of the SSO Instance under which the operation will be executed.
- permission
Set StringArn - The Amazon Resource Name (ARN) of the Permission Set.
- permissions
Boundary PermissionsBoundary Attachment Permissions Boundary - The permissions boundary policy. See below.
- instance
Arn string - The Amazon Resource Name (ARN) of the SSO Instance under which the operation will be executed.
- permission
Set stringArn - The Amazon Resource Name (ARN) of the Permission Set.
- permissions
Boundary PermissionsBoundary Attachment Permissions Boundary - The permissions boundary policy. See below.
- instance_
arn str - The Amazon Resource Name (ARN) of the SSO Instance under which the operation will be executed.
- permission_
set_ strarn - The Amazon Resource Name (ARN) of the Permission Set.
- permissions_
boundary PermissionsBoundary Attachment Permissions Boundary Args - The permissions boundary policy. See below.
- instance
Arn String - The Amazon Resource Name (ARN) of the SSO Instance under which the operation will be executed.
- permission
Set StringArn - The Amazon Resource Name (ARN) of the Permission Set.
- permissions
Boundary Property Map - The permissions boundary policy. See below.
Supporting Types
PermissionsBoundaryAttachmentPermissionsBoundary, PermissionsBoundaryAttachmentPermissionsBoundaryArgs
- Customer
Managed PermissionsPolicy Reference Boundary Attachment Permissions Boundary Customer Managed Policy Reference - Specifies the name and path of a customer managed policy. See below.
- Managed
Policy stringArn - AWS-managed IAM policy ARN to use as the permissions boundary.
- Customer
Managed PermissionsPolicy Reference Boundary Attachment Permissions Boundary Customer Managed Policy Reference - Specifies the name and path of a customer managed policy. See below.
- Managed
Policy stringArn - AWS-managed IAM policy ARN to use as the permissions boundary.
- customer
Managed PermissionsPolicy Reference Boundary Attachment Permissions Boundary Customer Managed Policy Reference - Specifies the name and path of a customer managed policy. See below.
- managed
Policy StringArn - AWS-managed IAM policy ARN to use as the permissions boundary.
- customer
Managed PermissionsPolicy Reference Boundary Attachment Permissions Boundary Customer Managed Policy Reference - Specifies the name and path of a customer managed policy. See below.
- managed
Policy stringArn - AWS-managed IAM policy ARN to use as the permissions boundary.
- customer_
managed_ Permissionspolicy_ reference Boundary Attachment Permissions Boundary Customer Managed Policy Reference - Specifies the name and path of a customer managed policy. See below.
- managed_
policy_ strarn - AWS-managed IAM policy ARN to use as the permissions boundary.
- customer
Managed Property MapPolicy Reference - Specifies the name and path of a customer managed policy. See below.
- managed
Policy StringArn - AWS-managed IAM policy ARN to use as the permissions boundary.
PermissionsBoundaryAttachmentPermissionsBoundaryCustomerManagedPolicyReference, PermissionsBoundaryAttachmentPermissionsBoundaryCustomerManagedPolicyReferenceArgs
- Name string
- Name of the customer managed IAM Policy to be attached.
- Path string
- The path to the IAM policy to be attached. The default is
/. See IAM Identifiers for more information.
- Name string
- Name of the customer managed IAM Policy to be attached.
- Path string
- The path to the IAM policy to be attached. The default is
/. See IAM Identifiers for more information.
- name String
- Name of the customer managed IAM Policy to be attached.
- path String
- The path to the IAM policy to be attached. The default is
/. See IAM Identifiers for more information.
- name string
- Name of the customer managed IAM Policy to be attached.
- path string
- The path to the IAM policy to be attached. The default is
/. See IAM Identifiers for more information.
- name str
- Name of the customer managed IAM Policy to be attached.
- path str
- The path to the IAM policy to be attached. The default is
/. See IAM Identifiers for more information.
- name String
- Name of the customer managed IAM Policy to be attached.
- path String
- The path to the IAM policy to be attached. The default is
/. See IAM Identifiers for more information.
Import
Using pulumi import, import SSO Admin Permissions Boundary Attachments using the permission_set_arn and instance_arn, separated by a comma (,). For example:
$ pulumi import aws:ssoadmin/permissionsBoundaryAttachment:PermissionsBoundaryAttachment example arn:aws:sso:::permissionSet/ssoins-2938j0x8920sbj72/ps-80383020jr9302rk,arn:aws:sso:::instance/ssoins-2938j0x8920sbj72
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- AWS Classic pulumi/pulumi-aws
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
awsTerraform Provider.
Try AWS Native preview for resources not in the classic version.
AWS Classic v6.32.0 published on Friday, Apr 19, 2024 by Pulumi