/AWS1/CL_SSAPERMSBOUNDARY¶
Specifies the configuration of the Amazon Web Services managed or customer managed policy that you
want to set as a permissions boundary. Specify either
CustomerManagedPolicyReference to use the name and path of a customer
managed policy, or ManagedPolicyArn to use the ARN of an Amazon Web Services managed
policy. A permissions boundary represents the maximum permissions that any policy can
grant your role. For more information, see Permissions boundaries
for IAM entities in the IAM User Guide.
Policies used as permissions boundaries don't provide permissions. You must also attach an IAM policy to the role. To learn how the effective permissions for a role are evaluated, see IAM JSON policy evaluation logic in the IAM User Guide.
CONSTRUCTOR¶
IMPORTING¶
Optional arguments:¶
IO_CUSMANAGEDPOLICYREFERENCE TYPE REF TO /AWS1/CL_SSACUSMANAGEDPLYREF00 /AWS1/CL_SSACUSMANAGEDPLYREF00¶
Specifies the name and path of a customer managed policy. You must have an IAM policy that matches the name and path in each Amazon Web Services account where you want to deploy your permission set.
IV_MANAGEDPOLICYARN TYPE /AWS1/SSAMANAGEDPOLICYARN /AWS1/SSAMANAGEDPOLICYARN¶
The Amazon Web Services managed policy ARN that you want to attach to a permission set as a permissions boundary.
Queryable Attributes¶
CustomerManagedPolicyReference¶
Specifies the name and path of a customer managed policy. You must have an IAM policy that matches the name and path in each Amazon Web Services account where you want to deploy your permission set.
Accessible with the following methods¶
| Method | Description |
|---|---|
GET_CUSMANAGEDPLYREFERENCE() |
Getter for CUSMANAGEDPOLICYREFERENCE |
ManagedPolicyArn¶
The Amazon Web Services managed policy ARN that you want to attach to a permission set as a permissions boundary.
Accessible with the following methods¶
| Method | Description |
|---|---|
GET_MANAGEDPOLICYARN() |
Getter for MANAGEDPOLICYARN, with configurable default |
ASK_MANAGEDPOLICYARN() |
Getter for MANAGEDPOLICYARN w/ exceptions if field has no va |
HAS_MANAGEDPOLICYARN() |
Determine if MANAGEDPOLICYARN has a value |