aws.ssoadmin.InstanceAccessControlAttributes
Explore with Pulumi AI
Provides a Single Sign-On (SSO) ABAC Resource: https://docs.aws.amazon.com/singlesignon/latest/userguide/abac.html
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = aws.ssoadmin.getInstances({});
const exampleInstanceAccessControlAttributes = new aws.ssoadmin.InstanceAccessControlAttributes("example", {
instanceArn: example.then(example => example.arns?.[0]),
attributes: [
{
key: "name",
values: [{
sources: ["${path:name.givenName}"],
}],
},
{
key: "last",
values: [{
sources: ["${path:name.familyName}"],
}],
},
],
});
import pulumi
import pulumi_aws as aws
example = aws.ssoadmin.get_instances()
example_instance_access_control_attributes = aws.ssoadmin.InstanceAccessControlAttributes("example",
instance_arn=example.arns[0],
attributes=[
{
"key": "name",
"values": [{
"sources": ["${path:name.givenName}"],
}],
},
{
"key": "last",
"values": [{
"sources": ["${path:name.familyName}"],
}],
},
])
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ssoadmin"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := ssoadmin.GetInstances(ctx, map[string]interface{}{}, nil)
if err != nil {
return err
}
_, err = ssoadmin.NewInstanceAccessControlAttributes(ctx, "example", &ssoadmin.InstanceAccessControlAttributesArgs{
InstanceArn: pulumi.String(example.Arns[0]),
Attributes: ssoadmin.InstanceAccessControlAttributesAttributeArray{
&ssoadmin.InstanceAccessControlAttributesAttributeArgs{
Key: pulumi.String("name"),
Values: ssoadmin.InstanceAccessControlAttributesAttributeValueArray{
&ssoadmin.InstanceAccessControlAttributesAttributeValueArgs{
Sources: pulumi.StringArray{
pulumi.String("${path:name.givenName}"),
},
},
},
},
&ssoadmin.InstanceAccessControlAttributesAttributeArgs{
Key: pulumi.String("last"),
Values: ssoadmin.InstanceAccessControlAttributesAttributeValueArray{
&ssoadmin.InstanceAccessControlAttributesAttributeValueArgs{
Sources: pulumi.StringArray{
pulumi.String("${path:name.familyName}"),
},
},
},
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = Aws.SsoAdmin.GetInstances.Invoke();
var exampleInstanceAccessControlAttributes = new Aws.SsoAdmin.InstanceAccessControlAttributes("example", new()
{
InstanceArn = example.Apply(getInstancesResult => getInstancesResult.Arns[0]),
Attributes = new[]
{
new Aws.SsoAdmin.Inputs.InstanceAccessControlAttributesAttributeArgs
{
Key = "name",
Values = new[]
{
new Aws.SsoAdmin.Inputs.InstanceAccessControlAttributesAttributeValueArgs
{
Sources = new[]
{
"${path:name.givenName}",
},
},
},
},
new Aws.SsoAdmin.Inputs.InstanceAccessControlAttributesAttributeArgs
{
Key = "last",
Values = new[]
{
new Aws.SsoAdmin.Inputs.InstanceAccessControlAttributesAttributeValueArgs
{
Sources = new[]
{
"${path:name.familyName}",
},
},
},
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.ssoadmin.SsoadminFunctions;
import com.pulumi.aws.ssoadmin.InstanceAccessControlAttributes;
import com.pulumi.aws.ssoadmin.InstanceAccessControlAttributesArgs;
import com.pulumi.aws.ssoadmin.inputs.InstanceAccessControlAttributesAttributeArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var example = SsoadminFunctions.getInstances();
var exampleInstanceAccessControlAttributes = new InstanceAccessControlAttributes("exampleInstanceAccessControlAttributes", InstanceAccessControlAttributesArgs.builder()
.instanceArn(example.applyValue(getInstancesResult -> getInstancesResult.arns()[0]))
.attributes(
InstanceAccessControlAttributesAttributeArgs.builder()
.key("name")
.values(InstanceAccessControlAttributesAttributeValueArgs.builder()
.sources("${path:name.givenName}")
.build())
.build(),
InstanceAccessControlAttributesAttributeArgs.builder()
.key("last")
.values(InstanceAccessControlAttributesAttributeValueArgs.builder()
.sources("${path:name.familyName}")
.build())
.build())
.build());
}
}
resources:
exampleInstanceAccessControlAttributes:
type: aws:ssoadmin:InstanceAccessControlAttributes
name: example
properties:
instanceArn: ${example.arns[0]}
attributes:
- key: name
values:
- sources:
- ${path:name.givenName}
- key: last
values:
- sources:
- ${path:name.familyName}
variables:
example:
fn::invoke:
Function: aws:ssoadmin:getInstances
Arguments: {}
Create InstanceAccessControlAttributes Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new InstanceAccessControlAttributes(name: string, args: InstanceAccessControlAttributesArgs, opts?: CustomResourceOptions);
@overload
def InstanceAccessControlAttributes(resource_name: str,
args: InstanceAccessControlAttributesArgs,
opts: Optional[ResourceOptions] = None)
@overload
def InstanceAccessControlAttributes(resource_name: str,
opts: Optional[ResourceOptions] = None,
attributes: Optional[Sequence[InstanceAccessControlAttributesAttributeArgs]] = None,
instance_arn: Optional[str] = None)
func NewInstanceAccessControlAttributes(ctx *Context, name string, args InstanceAccessControlAttributesArgs, opts ...ResourceOption) (*InstanceAccessControlAttributes, error)
public InstanceAccessControlAttributes(string name, InstanceAccessControlAttributesArgs args, CustomResourceOptions? opts = null)
public InstanceAccessControlAttributes(String name, InstanceAccessControlAttributesArgs args)
public InstanceAccessControlAttributes(String name, InstanceAccessControlAttributesArgs args, CustomResourceOptions options)
type: aws:ssoadmin:InstanceAccessControlAttributes
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args InstanceAccessControlAttributesArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args InstanceAccessControlAttributesArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args InstanceAccessControlAttributesArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args InstanceAccessControlAttributesArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args InstanceAccessControlAttributesArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var instanceAccessControlAttributesResource = new Aws.SsoAdmin.InstanceAccessControlAttributes("instanceAccessControlAttributesResource", new()
{
Attributes = new[]
{
new Aws.SsoAdmin.Inputs.InstanceAccessControlAttributesAttributeArgs
{
Key = "string",
Values = new[]
{
new Aws.SsoAdmin.Inputs.InstanceAccessControlAttributesAttributeValueArgs
{
Sources = new[]
{
"string",
},
},
},
},
},
InstanceArn = "string",
});
example, err := ssoadmin.NewInstanceAccessControlAttributes(ctx, "instanceAccessControlAttributesResource", &ssoadmin.InstanceAccessControlAttributesArgs{
Attributes: ssoadmin.InstanceAccessControlAttributesAttributeArray{
&ssoadmin.InstanceAccessControlAttributesAttributeArgs{
Key: pulumi.String("string"),
Values: ssoadmin.InstanceAccessControlAttributesAttributeValueArray{
&ssoadmin.InstanceAccessControlAttributesAttributeValueArgs{
Sources: pulumi.StringArray{
pulumi.String("string"),
},
},
},
},
},
InstanceArn: pulumi.String("string"),
})
var instanceAccessControlAttributesResource = new InstanceAccessControlAttributes("instanceAccessControlAttributesResource", InstanceAccessControlAttributesArgs.builder()
.attributes(InstanceAccessControlAttributesAttributeArgs.builder()
.key("string")
.values(InstanceAccessControlAttributesAttributeValueArgs.builder()
.sources("string")
.build())
.build())
.instanceArn("string")
.build());
instance_access_control_attributes_resource = aws.ssoadmin.InstanceAccessControlAttributes("instanceAccessControlAttributesResource",
attributes=[{
"key": "string",
"values": [{
"sources": ["string"],
}],
}],
instance_arn="string")
const instanceAccessControlAttributesResource = new aws.ssoadmin.InstanceAccessControlAttributes("instanceAccessControlAttributesResource", {
attributes: [{
key: "string",
values: [{
sources: ["string"],
}],
}],
instanceArn: "string",
});
type: aws:ssoadmin:InstanceAccessControlAttributes
properties:
attributes:
- key: string
values:
- sources:
- string
instanceArn: string
InstanceAccessControlAttributes Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The InstanceAccessControlAttributes resource accepts the following input properties:
- Attributes
List<Instance
Access Control Attributes Attribute> - See AccessControlAttribute for more details.
- Instance
Arn string - The Amazon Resource Name (ARN) of the SSO Instance.
- Attributes
[]Instance
Access Control Attributes Attribute Args - See AccessControlAttribute for more details.
- Instance
Arn string - The Amazon Resource Name (ARN) of the SSO Instance.
- attributes
List<Instance
Access Control Attributes Attribute> - See AccessControlAttribute for more details.
- instance
Arn String - The Amazon Resource Name (ARN) of the SSO Instance.
- attributes
Instance
Access Control Attributes Attribute[] - See AccessControlAttribute for more details.
- instance
Arn string - The Amazon Resource Name (ARN) of the SSO Instance.
- attributes
Sequence[Instance
Access Control Attributes Attribute Args] - See AccessControlAttribute for more details.
- instance_
arn str - The Amazon Resource Name (ARN) of the SSO Instance.
- attributes List<Property Map>
- See AccessControlAttribute for more details.
- instance
Arn String - The Amazon Resource Name (ARN) of the SSO Instance.
Outputs
All input properties are implicitly available as output properties. Additionally, the InstanceAccessControlAttributes resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Status string
- Status
Reason string
- Id string
- The provider-assigned unique ID for this managed resource.
- Status string
- Status
Reason string
- id String
- The provider-assigned unique ID for this managed resource.
- status String
- status
Reason String
- id string
- The provider-assigned unique ID for this managed resource.
- status string
- status
Reason string
- id str
- The provider-assigned unique ID for this managed resource.
- status str
- status_
reason str
- id String
- The provider-assigned unique ID for this managed resource.
- status String
- status
Reason String
Look up Existing InstanceAccessControlAttributes Resource
Get an existing InstanceAccessControlAttributes resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: InstanceAccessControlAttributesState, opts?: CustomResourceOptions): InstanceAccessControlAttributes
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
attributes: Optional[Sequence[InstanceAccessControlAttributesAttributeArgs]] = None,
instance_arn: Optional[str] = None,
status: Optional[str] = None,
status_reason: Optional[str] = None) -> InstanceAccessControlAttributes
func GetInstanceAccessControlAttributes(ctx *Context, name string, id IDInput, state *InstanceAccessControlAttributesState, opts ...ResourceOption) (*InstanceAccessControlAttributes, error)
public static InstanceAccessControlAttributes Get(string name, Input<string> id, InstanceAccessControlAttributesState? state, CustomResourceOptions? opts = null)
public static InstanceAccessControlAttributes get(String name, Output<String> id, InstanceAccessControlAttributesState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Attributes
List<Instance
Access Control Attributes Attribute> - See AccessControlAttribute for more details.
- Instance
Arn string - The Amazon Resource Name (ARN) of the SSO Instance.
- Status string
- Status
Reason string
- Attributes
[]Instance
Access Control Attributes Attribute Args - See AccessControlAttribute for more details.
- Instance
Arn string - The Amazon Resource Name (ARN) of the SSO Instance.
- Status string
- Status
Reason string
- attributes
List<Instance
Access Control Attributes Attribute> - See AccessControlAttribute for more details.
- instance
Arn String - The Amazon Resource Name (ARN) of the SSO Instance.
- status String
- status
Reason String
- attributes
Instance
Access Control Attributes Attribute[] - See AccessControlAttribute for more details.
- instance
Arn string - The Amazon Resource Name (ARN) of the SSO Instance.
- status string
- status
Reason string
- attributes
Sequence[Instance
Access Control Attributes Attribute Args] - See AccessControlAttribute for more details.
- instance_
arn str - The Amazon Resource Name (ARN) of the SSO Instance.
- status str
- status_
reason str
- attributes List<Property Map>
- See AccessControlAttribute for more details.
- instance
Arn String - The Amazon Resource Name (ARN) of the SSO Instance.
- status String
- status
Reason String
Supporting Types
InstanceAccessControlAttributesAttribute, InstanceAccessControlAttributesAttributeArgs
- Key string
- The name of the attribute associated with your identities in your identity source. This is used to map a specified attribute in your identity source with an attribute in AWS SSO.
- Values
List<Instance
Access Control Attributes Attribute Value> - The value used for mapping a specified attribute to an identity source. See AccessControlAttributeValue
- Key string
- The name of the attribute associated with your identities in your identity source. This is used to map a specified attribute in your identity source with an attribute in AWS SSO.
- Values
[]Instance
Access Control Attributes Attribute Value - The value used for mapping a specified attribute to an identity source. See AccessControlAttributeValue
- key String
- The name of the attribute associated with your identities in your identity source. This is used to map a specified attribute in your identity source with an attribute in AWS SSO.
- values
List<Instance
Access Control Attributes Attribute Value> - The value used for mapping a specified attribute to an identity source. See AccessControlAttributeValue
- key string
- The name of the attribute associated with your identities in your identity source. This is used to map a specified attribute in your identity source with an attribute in AWS SSO.
- values
Instance
Access Control Attributes Attribute Value[] - The value used for mapping a specified attribute to an identity source. See AccessControlAttributeValue
- key str
- The name of the attribute associated with your identities in your identity source. This is used to map a specified attribute in your identity source with an attribute in AWS SSO.
- values
Sequence[Instance
Access Control Attributes Attribute Value] - The value used for mapping a specified attribute to an identity source. See AccessControlAttributeValue
- key String
- The name of the attribute associated with your identities in your identity source. This is used to map a specified attribute in your identity source with an attribute in AWS SSO.
- values List<Property Map>
- The value used for mapping a specified attribute to an identity source. See AccessControlAttributeValue
InstanceAccessControlAttributesAttributeValue, InstanceAccessControlAttributesAttributeValueArgs
- Sources List<string>
- The identity source to use when mapping a specified attribute to AWS SSO.
- Sources []string
- The identity source to use when mapping a specified attribute to AWS SSO.
- sources List<String>
- The identity source to use when mapping a specified attribute to AWS SSO.
- sources string[]
- The identity source to use when mapping a specified attribute to AWS SSO.
- sources Sequence[str]
- The identity source to use when mapping a specified attribute to AWS SSO.
- sources List<String>
- The identity source to use when mapping a specified attribute to AWS SSO.
Import
Using pulumi import
, import SSO Account Assignments using the instance_arn
. For example:
$ pulumi import aws:ssoadmin/instanceAccessControlAttributes:InstanceAccessControlAttributes example arn:aws:sso:::instance/ssoins-0123456789abcdef
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- AWS Classic pulumi/pulumi-aws
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
aws
Terraform Provider.