A structure that describes an assignment of a principal to an application.
Syntax
To declare this entity in your AWS CloudFormation template, use the following syntax:
JSON
{
"Type" : "AWS::SSO::ApplicationAssignment",
"Properties" : {
"ApplicationArn" : String,
"PrincipalId" : String,
"PrincipalType" : String
}
}
YAML
Type: AWS::SSO::ApplicationAssignment
Properties:
ApplicationArn: String
PrincipalId: String
PrincipalType: String
Properties
ApplicationArn-
The ARN of the application that has principals assigned.
Required: Yes
Type: String
Pattern:
arn:(aws|aws-us-gov|aws-cn|aws-iso|aws-iso-b):sso::\d{12}:application/(sso)?ins-[a-zA-Z0-9-.]{16}/apl-[a-zA-Z0-9]{16}Minimum:
10Maximum:
1224Update requires: Replacement
PrincipalId-
The unique identifier of the principal assigned to the application.
Required: Yes
Type: String
Pattern:
^([0-9a-f]{10}-|)[A-Fa-f0-9]{8}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{12}$Minimum:
1Maximum:
47Update requires: Replacement
PrincipalType-
The type of the principal assigned to the application.
Required: Yes
Type: String
Allowed values:
USER | GROUPUpdate requires: Replacement
Return values
Ref
When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns a generated ID, combined by all fields with the delimiter
|.
For more information about using the Ref function, see Ref.
Examples
Creating a new application assignment for IAM Identity Center
The following example grants the user permission to access the example application.
JSON
"ApplicationAssignment": {
"Type": "AWS::SSO::ApplicationAssignment",
"Properties": {
"ApplicationArn": "arn:aws:sso:::application/ssoins-exampleapplicationid",
"PrincipalID": "user_id",
"PrincipalType": "USER"
}
}YAML
ApplicationAssignment:
Type: AWS::SSO::ApplicationAssignment
Properties:
ApplicationArn: 'arn:aws:sso:::application/ssoins-exampleapplicationid'
PrincipalID: 'user_id'
PrincipalType: 'USER'
