CfnPermissionSetProps

class aws_cdk.aws_sso.CfnPermissionSetProps(*, instance_arn, name, customer_managed_policy_references=None, description=None, inline_policy=None, managed_policies=None, permissions_boundary=None, relay_state_type=None, session_duration=None, tags=None)

Bases: object

Properties for defining a CfnPermissionSet.

Parameters:
  • instance_arn (str) – The ARN of the IAM Identity Center instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference .

  • name (str) – The name of the permission set.

  • customer_managed_policy_references (Union[IResolvable, Sequence[Union[IResolvable, CustomerManagedPolicyReferenceProperty, Dict[str, Any]]], None]) – Specifies the names and paths of the customer managed policies that you have attached to your permission set.

  • description (Optional[str]) – The description of the PermissionSet .

  • inline_policy (Optional[Any]) – The inline policy that is attached to the permission set. .. epigraph:: For Length Constraints , if a valid ARN is provided for a permission set, it is possible for an empty inline policy to be returned.

  • managed_policies (Optional[Sequence[str]]) – A structure that stores the details of the AWS managed policy.

  • permissions_boundary (Union[IResolvable, PermissionsBoundaryProperty, Dict[str, Any], None]) – Specifies the configuration of the AWS managed or customer managed policy that you want to set as a permissions boundary. Specify either CustomerManagedPolicyReference to use the name and path of a customer managed policy, or ManagedPolicyArn to use the ARN of an AWS managed policy. A permissions boundary represents the maximum permissions that any policy can grant your role. For more information, see Permissions boundaries for IAM entities in the IAM User Guide . .. epigraph:: Policies used as permissions boundaries don’t provide permissions. You must also attach an IAM policy to the role. To learn how the effective permissions for a role are evaluated, see IAM JSON policy evaluation logic in the IAM User Guide .

  • relay_state_type (Optional[str]) – Used to redirect users within the application during the federation authentication process.

  • session_duration (Optional[str]) – The length of time that the application user sessions are valid for in the ISO-8601 standard.

  • tags (Optional[Sequence[Union[CfnTag, Dict[str, Any]]]]) – The tags to attach to the new PermissionSet .

Link:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-permissionset.html

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
import aws_cdk.aws_sso as sso

# inline_policy: Any

cfn_permission_set_props = sso.CfnPermissionSetProps(
    instance_arn="instanceArn",
    name="name",

    # the properties below are optional
    customer_managed_policy_references=[sso.CfnPermissionSet.CustomerManagedPolicyReferenceProperty(
        name="name",

        # the properties below are optional
        path="path"
    )],
    description="description",
    inline_policy=inline_policy,
    managed_policies=["managedPolicies"],
    permissions_boundary=sso.CfnPermissionSet.PermissionsBoundaryProperty(
        customer_managed_policy_reference=sso.CfnPermissionSet.CustomerManagedPolicyReferenceProperty(
            name="name",

            # the properties below are optional
            path="path"
        ),
        managed_policy_arn="managedPolicyArn"
    ),
    relay_state_type="relayStateType",
    session_duration="sessionDuration",
    tags=[CfnTag(
        key="key",
        value="value"
    )]
)

Attributes

customer_managed_policy_references

Specifies the names and paths of the customer managed policies that you have attached to your permission set.

Link:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-permissionset.html#cfn-sso-permissionset-customermanagedpolicyreferences

description

The description of the PermissionSet .

Link:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-permissionset.html#cfn-sso-permissionset-description

inline_policy

The inline policy that is attached to the permission set.

For Length Constraints , if a valid ARN is provided for a permission set, it is possible for an empty inline policy to be returned.

Link:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-permissionset.html#cfn-sso-permissionset-inlinepolicy

instance_arn

The ARN of the IAM Identity Center instance under which the operation will be executed.

For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference .

Link:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-permissionset.html#cfn-sso-permissionset-instancearn

managed_policies

A structure that stores the details of the AWS managed policy.

Link:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-permissionset.html#cfn-sso-permissionset-managedpolicies

name

The name of the permission set.

Link:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-permissionset.html#cfn-sso-permissionset-name

permissions_boundary

Specifies the configuration of the AWS managed or customer managed policy that you want to set as a permissions boundary.

Specify either CustomerManagedPolicyReference to use the name and path of a customer managed policy, or ManagedPolicyArn to use the ARN of an AWS managed policy. A permissions boundary represents the maximum permissions that any policy can grant your role. For more information, see Permissions boundaries for IAM entities in the IAM User Guide . .. epigraph:

Policies used as permissions boundaries don't provide permissions. You must also attach an IAM policy to the role. To learn how the effective permissions for a role are evaluated, see `IAM JSON policy evaluation logic <https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html>`_ in the *IAM User Guide* .
Link:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-permissionset.html#cfn-sso-permissionset-permissionsboundary

relay_state_type

Used to redirect users within the application during the federation authentication process.

Link:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-permissionset.html#cfn-sso-permissionset-relaystatetype

session_duration

The length of time that the application user sessions are valid for in the ISO-8601 standard.

Link:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-permissionset.html#cfn-sso-permissionset-sessionduration

tags

The tags to attach to the new PermissionSet .

Link:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-permissionset.html#cfn-sso-permissionset-tags