interface CfnPermissionSetProps

Language	Type name
.NET	Amazon.CDK.AWS.SSO.CfnPermissionSetProps
Go	github.com/aws/aws-cdk-go/awscdk/v2/awssso#CfnPermissionSetProps
Java	software.amazon.awscdk.services.sso.CfnPermissionSetProps
Python	aws_cdk.aws_sso.CfnPermissionSetProps
TypeScript	aws-cdk-lib » aws_sso » CfnPermissionSetProps

Properties for defining a CfnPermissionSet.

See also: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-permissionset.html

Example

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import { aws_sso as sso } from 'aws-cdk-lib';

declare const inlinePolicy: any;
const cfnPermissionSetProps: sso.CfnPermissionSetProps = {
  instanceArn: 'instanceArn',
  name: 'name',

  // the properties below are optional
  customerManagedPolicyReferences: [{
    name: 'name',

    // the properties below are optional
    path: 'path',
  }],
  description: 'description',
  inlinePolicy: inlinePolicy,
  managedPolicies: ['managedPolicies'],
  permissionsBoundary: {
    customerManagedPolicyReference: {
      name: 'name',

      // the properties below are optional
      path: 'path',
    },
    managedPolicyArn: 'managedPolicyArn',
  },
  relayStateType: 'relayStateType',
  sessionDuration: 'sessionDuration',
  tags: [{
    key: 'key',
    value: 'value',
  }],
};

Properties

Name	Type	Description
instanceArn	string	The ARN of the IAM Identity Center instance under which the operation will be executed.
name	string	The name of the permission set.
customerManagedPolicyReferences?	IResolvable | IResolvable | CustomerManagedPolicyReferenceProperty[]	Specifies the names and paths of the customer managed policies that you have attached to your permission set.
description?	string	The description of the PermissionSet .
inlinePolicy?	any	The inline policy that is attached to the permission set.
managedPolicies?	string[]	A structure that stores the details of the AWS managed policy.
permissionsBoundary?	IResolvable | PermissionsBoundaryProperty	Specifies the configuration of the AWS managed or customer managed policy that you want to set as a permissions boundary.
relayStateType?	string	Used to redirect users within the application during the federation authentication process.
sessionDuration?	string	The length of time that the application user sessions are valid for in the ISO-8601 standard.
tags?	CfnTag[]	The tags to attach to the new PermissionSet .

---

instanceArn

Type: string

The ARN of the IAM Identity Center instance under which the operation will be executed.

For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference .

See also: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-permissionset.html#cfn-sso-permissionset-instancearn

---

name

Type: string

The name of the permission set.

See also: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-permissionset.html#cfn-sso-permissionset-name

---

customerManagedPolicyReferences?

Type: IResolvable | IResolvable | CustomerManagedPolicyReferenceProperty[] (optional)

Specifies the names and paths of the customer managed policies that you have attached to your permission set.

See also: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-permissionset.html#cfn-sso-permissionset-customermanagedpolicyreferences

---

description?

Type: string (optional)

The description of the PermissionSet .

See also: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-permissionset.html#cfn-sso-permissionset-description

---

inlinePolicy?

Type: any (optional)

The inline policy that is attached to the permission set.

For Length Constraints , if a valid ARN is provided for a permission set, it is possible for an empty inline policy to be returned.

See also: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-permissionset.html#cfn-sso-permissionset-inlinepolicy

---

managedPolicies?

Type: string[] (optional)

A structure that stores the details of the AWS managed policy.

See also: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-permissionset.html#cfn-sso-permissionset-managedpolicies

---

permissionsBoundary?

Type: IResolvable | PermissionsBoundaryProperty (optional)

Specifies the configuration of the AWS managed or customer managed policy that you want to set as a permissions boundary.

Specify either CustomerManagedPolicyReference to use the name and path of a customer managed policy, or ManagedPolicyArn to use the ARN of an AWS managed policy. A permissions boundary represents the maximum permissions that any policy can grant your role. For more information, see Permissions boundaries for IAM entities in the IAM User Guide .

Policies used as permissions boundaries don't provide permissions. You must also attach an IAM policy to the role. To learn how the effective permissions for a role are evaluated, see IAM JSON policy evaluation logic in the IAM User Guide .

See also: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-permissionset.html#cfn-sso-permissionset-permissionsboundary

---

relayStateType?

Type: string (optional)

Used to redirect users within the application during the federation authentication process.

See also: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-permissionset.html#cfn-sso-permissionset-relaystatetype

---

sessionDuration?

Type: string (optional)

The length of time that the application user sessions are valid for in the ISO-8601 standard.

See also: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-permissionset.html#cfn-sso-permissionset-sessionduration

---

tags?

Type: CfnTag[] (optional)

The tags to attach to the new PermissionSet .

See also: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-permissionset.html#cfn-sso-permissionset-tags