Resource: awsSsoadminCustomerManagedPolicyAttachment
Provides a customer managed policy attachment for a Single Sign-On (SSO) Permission Set resource
\~> NOTE: Creating this resource will automatically Provision the Permission Set to apply the corresponding updates to all assigned accounts.
Example Usage
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsIamPolicyExample = new aws.iamPolicy.IamPolicy(this, "example", {
description: "My test policy",
name: "TestPolicy",
policy:
'${jsonencode({\n Version = "2012-10-17"\n Statement = [\n {\n Action = [\n "ec2:Describe*",\n ]\n Effect = "Allow"\n Resource = "*"\n },\n ]\n })}',
});
const dataAwsSsoadminInstancesExample =
new aws.dataAwsSsoadminInstances.DataAwsSsoadminInstances(
this,
"example_1",
{}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
dataAwsSsoadminInstancesExample.overrideLogicalId("example");
const awsSsoadminPermissionSetExample =
new aws.ssoadminPermissionSet.SsoadminPermissionSet(this, "example_2", {
instanceArn: `\${tolist(${dataAwsSsoadminInstancesExample.arns})[0]}`,
name: "Example",
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsSsoadminPermissionSetExample.overrideLogicalId("example");
const awsSsoadminCustomerManagedPolicyAttachmentExample =
new aws.ssoadminCustomerManagedPolicyAttachment.SsoadminCustomerManagedPolicyAttachment(
this,
"example_3",
{
customerManagedPolicyReference: {
name: awsIamPolicyExample.name,
path: "/",
},
instanceArn: awsSsoadminPermissionSetExample.instanceArn,
permissionSetArn: awsSsoadminPermissionSetExample.arn,
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsSsoadminCustomerManagedPolicyAttachmentExample.overrideLogicalId("example");
Argument Reference
The following arguments are supported:
instanceArn
- (Required, Forces new resource) The Amazon Resource Name (ARN) of the SSO Instance under which the operation will be executed.permissionSetArn
- (Required, Forces new resource) The Amazon Resource Name (ARN) of the Permission Set.customerManagedPolicyReference
- (Required, Forces new resource) Specifies the name and path of a customer managed policy. See below.
Customer Managed Policy Reference
The customerManagedPolicyReference
config block describes a customer managed IAM policy. You must have an IAM policy that matches the name and path in each AWS account where you want to deploy your specified permission set.
name
- (Required, Forces new resource) Name of the customer managed IAM Policy to be attached.path
- (Optional, Forces new resource) The path to the IAM policy to be attached. The default is/
. See IAM Identifiers for more information.
Attributes Reference
In addition to all arguments above, the following attributes are exported:
id
- Policy Name, Policy Path, Permission Set Amazon Resource Name (ARN), and SSO Instance ARN, each separated by a comma (,
).
Import
SSO Managed Policy Attachments can be imported using the name
, path
, permissionSetArn
, and instanceArn
separated by a comma (,
) e.g.,