software.amazon.awscdk.services.sso

Class CfnPermissionSet

java.lang.Object

software.constructs.Construct

software.amazon.awscdk.core.Construct

software.amazon.awscdk.core.CfnElement

software.amazon.awscdk.core.CfnRefElement

software.amazon.awscdk.core.CfnResource

software.amazon.awscdk.services.sso.CfnPermissionSet

All Implemented Interfaces:

IConstruct, IDependable, IInspectable

@Generated(value="jsii-pacmak/1.74.0 (build 6d08790)",
           date="2023-03-22T19:35:40.211Z")
public class CfnPermissionSet
extends CfnResource
implements IInspectable

A CloudFormation `AWS::SSO::PermissionSet`.

Specifies a permission set within a specified IAM Identity Center instance.

Example:

 // The code below shows an example of how to instantiate this type.
 // The values are placeholders you should change.
 import software.amazon.awscdk.services.sso.*;
 Object inlinePolicy;
 CfnPermissionSet cfnPermissionSet = CfnPermissionSet.Builder.create(this, "MyCfnPermissionSet")
         .instanceArn("instanceArn")
         .name("name")
         // the properties below are optional
         .customerManagedPolicyReferences(List.of(CustomerManagedPolicyReferenceProperty.builder()
                 .name("name")
                 // the properties below are optional
                 .path("path")
                 .build()))
         .description("description")
         .inlinePolicy(inlinePolicy)
         .managedPolicies(List.of("managedPolicies"))
         .permissionsBoundary(PermissionsBoundaryProperty.builder()
                 .customerManagedPolicyReference(CustomerManagedPolicyReferenceProperty.builder()
                         .name("name")
                         // the properties below are optional
                         .path("path")
                         .build())
                 .managedPolicyArn("managedPolicyArn")
                 .build())
         .relayStateType("relayStateType")
         .sessionDuration("sessionDuration")
         .tags(List.of(CfnTag.builder()
                 .key("key")
                 .value("value")
                 .build()))
         .build();
 

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	CfnPermissionSet.Builder A fluent builder for CfnPermissionSet.
static interface	CfnPermissionSet.CustomerManagedPolicyReferenceProperty Specifies the name and path of a customer managed policy.
static interface	CfnPermissionSet.PermissionsBoundaryProperty Specifies the configuration of the AWS managed or customer managed policy that you want to set as a permissions boundary.

Nested classes/interfaces inherited from interface software.amazon.awscdk.core.IInspectable

IInspectable.Jsii$Default, IInspectable.Jsii$Proxy

Nested classes/interfaces inherited from interface software.amazon.awscdk.core.IConstruct

IConstruct.Jsii$Default

Field Summary

Fields

Modifier and Type	Field and Description
static java.lang.String	CFN_RESOURCE_TYPE_NAME The CloudFormation resource type name for this resource class.

Constructor Summary

Constructors

Modifier	Constructor and Description
	CfnPermissionSet(Construct scope, java.lang.String id, CfnPermissionSetProps props) Create a new `AWS::SSO::PermissionSet`.
protected	CfnPermissionSet(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)
protected	CfnPermissionSet(software.amazon.jsii.JsiiObjectRef objRef)

Method Summary

Modifier and Type	Method and Description
java.lang.String	getAttrPermissionSetArn() The permission set ARN of the permission set, such as `arn:aws:sso:::permissionSet/ins-instanceid/ps-permissionsetid` .
protected java.util.Map<java.lang.String,java.lang.Object>	getCfnProperties()
java.lang.Object	getCustomerManagedPolicyReferences() Specifies the names and paths of the customer managed policies that you have attached to your permission set.
java.lang.String	getDescription() The description of the `PermissionSet` .
java.lang.Object	getInlinePolicy() The inline policy that is attached to the permission set.
java.lang.String	getInstanceArn() The ARN of the IAM Identity Center instance under which the operation will be executed.
java.util.List<java.lang.String>	getManagedPolicies() A structure that stores the details of the AWS managed policy.
java.lang.String	getName() The name of the permission set.
java.lang.Object	getPermissionsBoundary() Specifies the configuration of the AWS managed or customer managed policy that you want to set as a permissions boundary.
java.lang.String	getRelayStateType() Used to redirect users within the application during the federation authentication process.
java.lang.String	getSessionDuration() The length of time that the application user sessions are valid for in the ISO-8601 standard.
TagManager	getTags() The tags to attach to the new `PermissionSet` .
void	inspect(TreeInspector inspector) Examines the CloudFormation resource and discloses attributes.
protected java.util.Map<java.lang.String,java.lang.Object>	renderProperties(java.util.Map<java.lang.String,java.lang.Object> props)
void	setCustomerManagedPolicyReferences(IResolvable value) Specifies the names and paths of the customer managed policies that you have attached to your permission set.
void	setCustomerManagedPolicyReferences(java.util.List<java.lang.Object> value) Specifies the names and paths of the customer managed policies that you have attached to your permission set.
void	setDescription(java.lang.String value) The description of the `PermissionSet` .
void	setInlinePolicy(java.lang.Object value) The inline policy that is attached to the permission set.
void	setInstanceArn(java.lang.String value) The ARN of the IAM Identity Center instance under which the operation will be executed.
void	setManagedPolicies(java.util.List<java.lang.String> value) A structure that stores the details of the AWS managed policy.
void	setName(java.lang.String value) The name of the permission set.
void	setPermissionsBoundary(CfnPermissionSet.PermissionsBoundaryProperty value) Specifies the configuration of the AWS managed or customer managed policy that you want to set as a permissions boundary.
void	setPermissionsBoundary(IResolvable value) Specifies the configuration of the AWS managed or customer managed policy that you want to set as a permissions boundary.
void	setRelayStateType(java.lang.String value) Used to redirect users within the application during the federation authentication process.
void	setSessionDuration(java.lang.String value) The length of time that the application user sessions are valid for in the ISO-8601 standard.

Methods inherited from class software.amazon.awscdk.core.CfnResource

addDeletionOverride, addDependsOn, addMetadata, addOverride, addPropertyDeletionOverride, addPropertyOverride, applyRemovalPolicy, applyRemovalPolicy, applyRemovalPolicy, getAtt, getCfnOptions, getCfnResourceType, getMetadata, getUpdatedProperites, isCfnResource, shouldSynthesize, toString, validateProperties

Methods inherited from class software.amazon.awscdk.core.CfnRefElement

getRef

Methods inherited from class software.amazon.awscdk.core.CfnElement

getCreationStack, getLogicalId, getStack, isCfnElement, overrideLogicalId

Methods inherited from class software.amazon.awscdk.core.Construct

getNode, isConstruct, onPrepare, onSynthesize, onValidate, prepare, synthesize, validate

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Detail

CFN_RESOURCE_TYPE_NAME

public static final java.lang.String CFN_RESOURCE_TYPE_NAME

The CloudFormation resource type name for this resource class.

Constructor Detail

CfnPermissionSet

protected CfnPermissionSet(software.amazon.jsii.JsiiObjectRef objRef)

CfnPermissionSet

protected CfnPermissionSet(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)

CfnPermissionSet

public CfnPermissionSet(Construct scope,
                        java.lang.String id,
                        CfnPermissionSetProps props)

Create a new `AWS::SSO::PermissionSet`.

Parameters:

scope - - scope in which this resource is defined. This parameter is required.

id - - scoped id of the resource. This parameter is required.

props - - resource properties. This parameter is required.

Method Detail

inspect

public void inspect(TreeInspector inspector)

Examines the CloudFormation resource and discloses attributes.

Specified by:

inspect in interface IInspectable

Parameters:

inspector - - tree inspector to collect and process attributes. This parameter is required.

renderProperties

protected java.util.Map<java.lang.String,java.lang.Object> renderProperties(java.util.Map<java.lang.String,java.lang.Object> props)

Overrides:

renderProperties in class CfnResource

Parameters:

props - This parameter is required.

getAttrPermissionSetArn

public java.lang.String getAttrPermissionSetArn()

The permission set ARN of the permission set, such as `arn:aws:sso:::permissionSet/ins-instanceid/ps-permissionsetid` .

getCfnProperties

protected java.util.Map<java.lang.String,java.lang.Object> getCfnProperties()

Overrides:

getCfnProperties in class CfnResource

getTags

public TagManager getTags()

The tags to attach to the new `PermissionSet` .

getInlinePolicy

public java.lang.Object getInlinePolicy()

The inline policy that is attached to the permission set.

For Length Constraints , if a valid ARN is provided for a permission set, it is possible for an empty inline policy to be returned.

setInlinePolicy

public void setInlinePolicy(java.lang.Object value)

The inline policy that is attached to the permission set.

For Length Constraints , if a valid ARN is provided for a permission set, it is possible for an empty inline policy to be returned.

getInstanceArn

public java.lang.String getInstanceArn()

The ARN of the IAM Identity Center instance under which the operation will be executed.

For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference .

setInstanceArn

public void setInstanceArn(java.lang.String value)

The ARN of the IAM Identity Center instance under which the operation will be executed.

For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference .

getName

public java.lang.String getName()

The name of the permission set.

setName

public void setName(java.lang.String value)

The name of the permission set.

getCustomerManagedPolicyReferences

public java.lang.Object getCustomerManagedPolicyReferences()

Specifies the names and paths of the customer managed policies that you have attached to your permission set.

setCustomerManagedPolicyReferences

public void setCustomerManagedPolicyReferences(IResolvable value)

Specifies the names and paths of the customer managed policies that you have attached to your permission set.

setCustomerManagedPolicyReferences

public void setCustomerManagedPolicyReferences(java.util.List<java.lang.Object> value)

Specifies the names and paths of the customer managed policies that you have attached to your permission set.

getDescription

public java.lang.String getDescription()

The description of the `PermissionSet` .

setDescription

public void setDescription(java.lang.String value)

The description of the `PermissionSet` .

getManagedPolicies

public java.util.List<java.lang.String> getManagedPolicies()

A structure that stores the details of the AWS managed policy.

setManagedPolicies

public void setManagedPolicies(java.util.List<java.lang.String> value)

A structure that stores the details of the AWS managed policy.

getPermissionsBoundary

public java.lang.Object getPermissionsBoundary()

Specifies the configuration of the AWS managed or customer managed policy that you want to set as a permissions boundary.

Specify either CustomerManagedPolicyReference to use the name and path of a customer managed policy, or ManagedPolicyArn to use the ARN of an AWS managed policy. A permissions boundary represents the maximum permissions that any policy can grant your role. For more information, see Permissions boundaries for IAM entities in the IAM User Guide .

Policies used as permissions boundaries don't provide permissions. You must also attach an IAM policy to the role. To learn how the effective permissions for a role are evaluated, see IAM JSON policy evaluation logic in the IAM User Guide .

setPermissionsBoundary

public void setPermissionsBoundary(IResolvable value)

Specifies the configuration of the AWS managed or customer managed policy that you want to set as a permissions boundary.

Specify either CustomerManagedPolicyReference to use the name and path of a customer managed policy, or ManagedPolicyArn to use the ARN of an AWS managed policy. A permissions boundary represents the maximum permissions that any policy can grant your role. For more information, see Permissions boundaries for IAM entities in the IAM User Guide .

Policies used as permissions boundaries don't provide permissions. You must also attach an IAM policy to the role. To learn how the effective permissions for a role are evaluated, see IAM JSON policy evaluation logic in the IAM User Guide .

setPermissionsBoundary

public void setPermissionsBoundary(CfnPermissionSet.PermissionsBoundaryProperty value)

Specifies the configuration of the AWS managed or customer managed policy that you want to set as a permissions boundary.

Specify either CustomerManagedPolicyReference to use the name and path of a customer managed policy, or ManagedPolicyArn to use the ARN of an AWS managed policy. A permissions boundary represents the maximum permissions that any policy can grant your role. For more information, see Permissions boundaries for IAM entities in the IAM User Guide .

Policies used as permissions boundaries don't provide permissions. You must also attach an IAM policy to the role. To learn how the effective permissions for a role are evaluated, see IAM JSON policy evaluation logic in the IAM User Guide .

getRelayStateType

public java.lang.String getRelayStateType()

Used to redirect users within the application during the federation authentication process.

setRelayStateType

public void setRelayStateType(java.lang.String value)

Used to redirect users within the application during the federation authentication process.

getSessionDuration

public java.lang.String getSessionDuration()

The length of time that the application user sessions are valid for in the ISO-8601 standard.

setSessionDuration

public void setSessionDuration(java.lang.String value)

The length of time that the application user sessions are valid for in the ISO-8601 standard.