Resource: awsSsoadminInstanceAccessControlAttributes
Provides a Single Sign-On (SSO) ABAC Resource: https://docs.aws.amazon.com/singlesignon/latest/userguide/abac.html
Example Usage
data "aws_ssoadmin_instances" "example" {}
resource "aws_ssoadmin_instance_access_control_attributes" "example" {
instance_arn = tolist(data.aws_ssoadmin_instances.example.arns)[0]
attribute {
key = "name"
value {
source = ["${path:name.givenName}"]
}
}
attribute {
key = "last"
value {
source = ["${path:name.familyName}"]
}
}
}
Argument Reference
The following arguments are supported:
instanceArn
- (Required, Forces new resource) The Amazon Resource Name (ARN) of the SSO Instance.attribute
- (Required) See AccessControlAttribute for more details.
AccessControlAttribute
key
- (Required) The name of the attribute associated with your identities in your identity source. This is used to map a specified attribute in your identity source with an attribute in AWS SSO.value
- (Required) The value used for mapping a specified attribute to an identity source. See AccessControlAttributeValue
AccessControlAttributeValue
source
- (Required) The identity source to use when mapping a specified attribute to AWS SSO.
Attributes Reference
In addition to all arguments above, the following attributes are exported:
id
- The identifier of the Instance Access Control AttributeinstanceArn
.
Import
SSO Account Assignments can be imported using the instanceArn