AWS::SSO::InstanceAccessControlAttributeConfiguration AccessControlAttribute - AWS CloudFormation

AWS::SSO::InstanceAccessControlAttributeConfiguration AccessControlAttribute

These are AWS SSO identity store attributes that you can configure for use in attributes-based access control (ABAC). You can create permissions policies that determine who can access your AWS resources based upon the configured attribute values. When you enable ABAC and specify AccessControlAttributes, AWS SSO passes the attribute values of the authenticated user into IAM for use in policy evaluation.


To declare this entity in your AWS CloudFormation template, use the following syntax:


{ "Key" : String, "Value" : AccessControlAttributeValue }



The name of the attribute associated with your identities in your identity source. This is used to map a specified attribute in your identity source with an attribute in AWS SSO.

Required: Yes

Type: String

Minimum: 1

Maximum: 128

Pattern: [\p{L}\p{Z}\p{N}_.:\/=+\-@]+

Update requires: No interruption


The value used for mapping a specified attribute to an identity source.

Required: Yes

Type: AccessControlAttributeValue

Update requires: No interruption