interface PermissionsBoundaryProperty
Language | Type name |
---|---|
![]() | Amazon.CDK.AWS.SSO.CfnPermissionSet.PermissionsBoundaryProperty |
![]() | github.com/aws/aws-cdk-go/awscdk/v2/awssso#CfnPermissionSet_PermissionsBoundaryProperty |
![]() | software.amazon.awscdk.services.sso.CfnPermissionSet.PermissionsBoundaryProperty |
![]() | aws_cdk.aws_sso.CfnPermissionSet.PermissionsBoundaryProperty |
![]() | aws-cdk-lib » aws_sso » CfnPermissionSet » PermissionsBoundaryProperty |
Specifies the configuration of the AWS managed or customer managed policy that you want to set as a permissions boundary.
Specify either CustomerManagedPolicyReference
to use the name and path of a customer managed policy, or ManagedPolicyArn
to use the ARN of an AWS managed policy. A permissions boundary represents the maximum permissions that any policy can grant your role. For more information, see Permissions boundaries for IAM entities in the IAM User Guide .
Policies used as permissions boundaries don't provide permissions. You must also attach an IAM policy to the role. To learn how the effective permissions for a role are evaluated, see IAM JSON policy evaluation logic in the IAM User Guide .
Example
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import { aws_sso as sso } from 'aws-cdk-lib';
const permissionsBoundaryProperty: sso.CfnPermissionSet.PermissionsBoundaryProperty = {
customerManagedPolicyReference: {
name: 'name',
// the properties below are optional
path: 'path',
},
managedPolicyArn: 'managedPolicyArn',
};
Properties
Name | Type | Description |
---|---|---|
customer | IResolvable | Customer | Specifies the name and path of a customer managed policy. |
managed | string | The AWS managed policy ARN that you want to attach to a permission set as a permissions boundary. |
customerManagedPolicyReference?
Type:
IResolvable
|
Customer
(optional)
Specifies the name and path of a customer managed policy.
You must have an IAM policy that matches the name and path in each AWS account where you want to deploy your permission set.
managedPolicyArn?
Type:
string
(optional)
The AWS managed policy ARN that you want to attach to a permission set as a permissions boundary.