1. Packages
  2. AWS Cloud Control
  3. API Docs
  4. sso
  5. PermissionSet

We recommend new projects start with resources from the AWS provider.

AWS Cloud Control v1.9.0 published on Monday, Nov 18, 2024 by Pulumi

aws-native.sso.PermissionSet

Explore with Pulumi AI

aws-native logo

We recommend new projects start with resources from the AWS provider.

AWS Cloud Control v1.9.0 published on Monday, Nov 18, 2024 by Pulumi

    Resource Type definition for SSO PermissionSet

    Create PermissionSet Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new PermissionSet(name: string, args: PermissionSetArgs, opts?: CustomResourceOptions);
    @overload
    def PermissionSet(resource_name: str,
                      args: PermissionSetArgs,
                      opts: Optional[ResourceOptions] = None)
    
    @overload
    def PermissionSet(resource_name: str,
                      opts: Optional[ResourceOptions] = None,
                      instance_arn: Optional[str] = None,
                      customer_managed_policy_references: Optional[Sequence[PermissionSetCustomerManagedPolicyReferenceArgs]] = None,
                      description: Optional[str] = None,
                      inline_policy: Optional[Any] = None,
                      managed_policies: Optional[Sequence[str]] = None,
                      name: Optional[str] = None,
                      permissions_boundary: Optional[PermissionSetPermissionsBoundaryArgs] = None,
                      relay_state_type: Optional[str] = None,
                      session_duration: Optional[str] = None,
                      tags: Optional[Sequence[_root_inputs.TagArgs]] = None)
    func NewPermissionSet(ctx *Context, name string, args PermissionSetArgs, opts ...ResourceOption) (*PermissionSet, error)
    public PermissionSet(string name, PermissionSetArgs args, CustomResourceOptions? opts = null)
    public PermissionSet(String name, PermissionSetArgs args)
    public PermissionSet(String name, PermissionSetArgs args, CustomResourceOptions options)
    
    type: aws-native:sso:PermissionSet
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args PermissionSetArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args PermissionSetArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args PermissionSetArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args PermissionSetArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args PermissionSetArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    PermissionSet Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The PermissionSet resource accepts the following input properties:

    InstanceArn string
    The sso instance arn that the permission set is owned.
    CustomerManagedPolicyReferences List<Pulumi.AwsNative.Sso.Inputs.PermissionSetCustomerManagedPolicyReference>
    Specifies the names and paths of the customer managed policies that you have attached to your permission set.
    Description string
    The permission set description.
    InlinePolicy object

    The inline policy to put in permission set.

    Search the CloudFormation User Guide for AWS::SSO::PermissionSet for more information about the expected schema for this property.

    ManagedPolicies List<string>
    A structure that stores the details of the AWS managed policy.
    Name string
    The name you want to assign to this permission set.
    PermissionsBoundary Pulumi.AwsNative.Sso.Inputs.PermissionSetPermissionsBoundary

    Specifies the configuration of the AWS managed or customer managed policy that you want to set as a permissions boundary. Specify either CustomerManagedPolicyReference to use the name and path of a customer managed policy, or ManagedPolicyArn to use the ARN of an AWS managed policy. A permissions boundary represents the maximum permissions that any policy can grant your role. For more information, see Permissions boundaries for IAM entities in the IAM User Guide .

    Policies used as permissions boundaries don't provide permissions. You must also attach an IAM policy to the role. To learn how the effective permissions for a role are evaluated, see IAM JSON policy evaluation logic in the IAM User Guide .

    RelayStateType string
    The relay state URL that redirect links to any service in the AWS Management Console.
    SessionDuration string
    The length of time that a user can be signed in to an AWS account.
    Tags List<Pulumi.AwsNative.Inputs.Tag>
    The tags to attach to the new PermissionSet .
    InstanceArn string
    The sso instance arn that the permission set is owned.
    CustomerManagedPolicyReferences []PermissionSetCustomerManagedPolicyReferenceArgs
    Specifies the names and paths of the customer managed policies that you have attached to your permission set.
    Description string
    The permission set description.
    InlinePolicy interface{}

    The inline policy to put in permission set.

    Search the CloudFormation User Guide for AWS::SSO::PermissionSet for more information about the expected schema for this property.

    ManagedPolicies []string
    A structure that stores the details of the AWS managed policy.
    Name string
    The name you want to assign to this permission set.
    PermissionsBoundary PermissionSetPermissionsBoundaryArgs

    Specifies the configuration of the AWS managed or customer managed policy that you want to set as a permissions boundary. Specify either CustomerManagedPolicyReference to use the name and path of a customer managed policy, or ManagedPolicyArn to use the ARN of an AWS managed policy. A permissions boundary represents the maximum permissions that any policy can grant your role. For more information, see Permissions boundaries for IAM entities in the IAM User Guide .

    Policies used as permissions boundaries don't provide permissions. You must also attach an IAM policy to the role. To learn how the effective permissions for a role are evaluated, see IAM JSON policy evaluation logic in the IAM User Guide .

    RelayStateType string
    The relay state URL that redirect links to any service in the AWS Management Console.
    SessionDuration string
    The length of time that a user can be signed in to an AWS account.
    Tags TagArgs
    The tags to attach to the new PermissionSet .
    instanceArn String
    The sso instance arn that the permission set is owned.
    customerManagedPolicyReferences List<PermissionSetCustomerManagedPolicyReference>
    Specifies the names and paths of the customer managed policies that you have attached to your permission set.
    description String
    The permission set description.
    inlinePolicy Object

    The inline policy to put in permission set.

    Search the CloudFormation User Guide for AWS::SSO::PermissionSet for more information about the expected schema for this property.

    managedPolicies List<String>
    A structure that stores the details of the AWS managed policy.
    name String
    The name you want to assign to this permission set.
    permissionsBoundary PermissionSetPermissionsBoundary

    Specifies the configuration of the AWS managed or customer managed policy that you want to set as a permissions boundary. Specify either CustomerManagedPolicyReference to use the name and path of a customer managed policy, or ManagedPolicyArn to use the ARN of an AWS managed policy. A permissions boundary represents the maximum permissions that any policy can grant your role. For more information, see Permissions boundaries for IAM entities in the IAM User Guide .

    Policies used as permissions boundaries don't provide permissions. You must also attach an IAM policy to the role. To learn how the effective permissions for a role are evaluated, see IAM JSON policy evaluation logic in the IAM User Guide .

    relayStateType String
    The relay state URL that redirect links to any service in the AWS Management Console.
    sessionDuration String
    The length of time that a user can be signed in to an AWS account.
    tags List<Tag>
    The tags to attach to the new PermissionSet .
    instanceArn string
    The sso instance arn that the permission set is owned.
    customerManagedPolicyReferences PermissionSetCustomerManagedPolicyReference[]
    Specifies the names and paths of the customer managed policies that you have attached to your permission set.
    description string
    The permission set description.
    inlinePolicy any

    The inline policy to put in permission set.

    Search the CloudFormation User Guide for AWS::SSO::PermissionSet for more information about the expected schema for this property.

    managedPolicies string[]
    A structure that stores the details of the AWS managed policy.
    name string
    The name you want to assign to this permission set.
    permissionsBoundary PermissionSetPermissionsBoundary

    Specifies the configuration of the AWS managed or customer managed policy that you want to set as a permissions boundary. Specify either CustomerManagedPolicyReference to use the name and path of a customer managed policy, or ManagedPolicyArn to use the ARN of an AWS managed policy. A permissions boundary represents the maximum permissions that any policy can grant your role. For more information, see Permissions boundaries for IAM entities in the IAM User Guide .

    Policies used as permissions boundaries don't provide permissions. You must also attach an IAM policy to the role. To learn how the effective permissions for a role are evaluated, see IAM JSON policy evaluation logic in the IAM User Guide .

    relayStateType string
    The relay state URL that redirect links to any service in the AWS Management Console.
    sessionDuration string
    The length of time that a user can be signed in to an AWS account.
    tags Tag[]
    The tags to attach to the new PermissionSet .
    instance_arn str
    The sso instance arn that the permission set is owned.
    customer_managed_policy_references Sequence[PermissionSetCustomerManagedPolicyReferenceArgs]
    Specifies the names and paths of the customer managed policies that you have attached to your permission set.
    description str
    The permission set description.
    inline_policy Any

    The inline policy to put in permission set.

    Search the CloudFormation User Guide for AWS::SSO::PermissionSet for more information about the expected schema for this property.

    managed_policies Sequence[str]
    A structure that stores the details of the AWS managed policy.
    name str
    The name you want to assign to this permission set.
    permissions_boundary PermissionSetPermissionsBoundaryArgs

    Specifies the configuration of the AWS managed or customer managed policy that you want to set as a permissions boundary. Specify either CustomerManagedPolicyReference to use the name and path of a customer managed policy, or ManagedPolicyArn to use the ARN of an AWS managed policy. A permissions boundary represents the maximum permissions that any policy can grant your role. For more information, see Permissions boundaries for IAM entities in the IAM User Guide .

    Policies used as permissions boundaries don't provide permissions. You must also attach an IAM policy to the role. To learn how the effective permissions for a role are evaluated, see IAM JSON policy evaluation logic in the IAM User Guide .

    relay_state_type str
    The relay state URL that redirect links to any service in the AWS Management Console.
    session_duration str
    The length of time that a user can be signed in to an AWS account.
    tags Sequence[TagArgs]
    The tags to attach to the new PermissionSet .
    instanceArn String
    The sso instance arn that the permission set is owned.
    customerManagedPolicyReferences List<Property Map>
    Specifies the names and paths of the customer managed policies that you have attached to your permission set.
    description String
    The permission set description.
    inlinePolicy Any

    The inline policy to put in permission set.

    Search the CloudFormation User Guide for AWS::SSO::PermissionSet for more information about the expected schema for this property.

    managedPolicies List<String>
    A structure that stores the details of the AWS managed policy.
    name String
    The name you want to assign to this permission set.
    permissionsBoundary Property Map

    Specifies the configuration of the AWS managed or customer managed policy that you want to set as a permissions boundary. Specify either CustomerManagedPolicyReference to use the name and path of a customer managed policy, or ManagedPolicyArn to use the ARN of an AWS managed policy. A permissions boundary represents the maximum permissions that any policy can grant your role. For more information, see Permissions boundaries for IAM entities in the IAM User Guide .

    Policies used as permissions boundaries don't provide permissions. You must also attach an IAM policy to the role. To learn how the effective permissions for a role are evaluated, see IAM JSON policy evaluation logic in the IAM User Guide .

    relayStateType String
    The relay state URL that redirect links to any service in the AWS Management Console.
    sessionDuration String
    The length of time that a user can be signed in to an AWS account.
    tags List<Property Map>
    The tags to attach to the new PermissionSet .

    Outputs

    All input properties are implicitly available as output properties. Additionally, the PermissionSet resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    PermissionSetArn string
    The permission set that the policy will be attached to
    Id string
    The provider-assigned unique ID for this managed resource.
    PermissionSetArn string
    The permission set that the policy will be attached to
    id String
    The provider-assigned unique ID for this managed resource.
    permissionSetArn String
    The permission set that the policy will be attached to
    id string
    The provider-assigned unique ID for this managed resource.
    permissionSetArn string
    The permission set that the policy will be attached to
    id str
    The provider-assigned unique ID for this managed resource.
    permission_set_arn str
    The permission set that the policy will be attached to
    id String
    The provider-assigned unique ID for this managed resource.
    permissionSetArn String
    The permission set that the policy will be attached to

    Supporting Types

    PermissionSetCustomerManagedPolicyReference, PermissionSetCustomerManagedPolicyReferenceArgs

    Name string
    The name of the IAM policy that you have configured in each account where you want to deploy your permission set.
    Path string
    The path to the IAM policy that you have configured in each account where you want to deploy your permission set. The default is / . For more information, see Friendly names and paths in the IAM User Guide .
    Name string
    The name of the IAM policy that you have configured in each account where you want to deploy your permission set.
    Path string
    The path to the IAM policy that you have configured in each account where you want to deploy your permission set. The default is / . For more information, see Friendly names and paths in the IAM User Guide .
    name String
    The name of the IAM policy that you have configured in each account where you want to deploy your permission set.
    path String
    The path to the IAM policy that you have configured in each account where you want to deploy your permission set. The default is / . For more information, see Friendly names and paths in the IAM User Guide .
    name string
    The name of the IAM policy that you have configured in each account where you want to deploy your permission set.
    path string
    The path to the IAM policy that you have configured in each account where you want to deploy your permission set. The default is / . For more information, see Friendly names and paths in the IAM User Guide .
    name str
    The name of the IAM policy that you have configured in each account where you want to deploy your permission set.
    path str
    The path to the IAM policy that you have configured in each account where you want to deploy your permission set. The default is / . For more information, see Friendly names and paths in the IAM User Guide .
    name String
    The name of the IAM policy that you have configured in each account where you want to deploy your permission set.
    path String
    The path to the IAM policy that you have configured in each account where you want to deploy your permission set. The default is / . For more information, see Friendly names and paths in the IAM User Guide .

    PermissionSetPermissionsBoundary, PermissionSetPermissionsBoundaryArgs

    CustomerManagedPolicyReference Pulumi.AwsNative.Sso.Inputs.PermissionSetCustomerManagedPolicyReference
    Specifies the name and path of a customer managed policy. You must have an IAM policy that matches the name and path in each AWS account where you want to deploy your permission set.
    ManagedPolicyArn string
    The AWS managed policy ARN that you want to attach to a permission set as a permissions boundary.
    CustomerManagedPolicyReference PermissionSetCustomerManagedPolicyReference
    Specifies the name and path of a customer managed policy. You must have an IAM policy that matches the name and path in each AWS account where you want to deploy your permission set.
    ManagedPolicyArn string
    The AWS managed policy ARN that you want to attach to a permission set as a permissions boundary.
    customerManagedPolicyReference PermissionSetCustomerManagedPolicyReference
    Specifies the name and path of a customer managed policy. You must have an IAM policy that matches the name and path in each AWS account where you want to deploy your permission set.
    managedPolicyArn String
    The AWS managed policy ARN that you want to attach to a permission set as a permissions boundary.
    customerManagedPolicyReference PermissionSetCustomerManagedPolicyReference
    Specifies the name and path of a customer managed policy. You must have an IAM policy that matches the name and path in each AWS account where you want to deploy your permission set.
    managedPolicyArn string
    The AWS managed policy ARN that you want to attach to a permission set as a permissions boundary.
    customer_managed_policy_reference PermissionSetCustomerManagedPolicyReference
    Specifies the name and path of a customer managed policy. You must have an IAM policy that matches the name and path in each AWS account where you want to deploy your permission set.
    managed_policy_arn str
    The AWS managed policy ARN that you want to attach to a permission set as a permissions boundary.
    customerManagedPolicyReference Property Map
    Specifies the name and path of a customer managed policy. You must have an IAM policy that matches the name and path in each AWS account where you want to deploy your permission set.
    managedPolicyArn String
    The AWS managed policy ARN that you want to attach to a permission set as a permissions boundary.

    Tag, TagArgs

    Key string
    The key name of the tag
    Value string
    The value of the tag
    Key string
    The key name of the tag
    Value string
    The value of the tag
    key String
    The key name of the tag
    value String
    The value of the tag
    key string
    The key name of the tag
    value string
    The value of the tag
    key str
    The key name of the tag
    value str
    The value of the tag
    key String
    The key name of the tag
    value String
    The value of the tag

    Package Details

    Repository
    AWS Native pulumi/pulumi-aws-native
    License
    Apache-2.0
    aws-native logo

    We recommend new projects start with resources from the AWS provider.

    AWS Cloud Control v1.9.0 published on Monday, Nov 18, 2024 by Pulumi