Resource: awsSsoadminPermissionSet
Provides a Single Sign-On (SSO) Permission Set resource
\~> NOTE: Updating this resource will automatically Provision the Permission Set to apply the corresponding updates to all assigned accounts.
Example Usage
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const dataAwsSsoadminInstancesExample =
new aws.dataAwsSsoadminInstances.DataAwsSsoadminInstances(
this,
"example",
{}
);
const awsSsoadminPermissionSetExample =
new aws.ssoadminPermissionSet.SsoadminPermissionSet(this, "example_1", {
description: "An example",
instanceArn: `\${tolist(${dataAwsSsoadminInstancesExample.arns})[0]}`,
name: "Example",
relayState: "https://s3.console.aws.amazon.com/s3/home?region=us-east-1#",
sessionDuration: "PT2H",
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsSsoadminPermissionSetExample.overrideLogicalId("example");
Argument Reference
The following arguments are supported:
description
- (Optional) The description of the Permission Set.instanceArn
- (Required, Forces new resource) The Amazon Resource Name (ARN) of the SSO Instance under which the operation will be executed.name
- (Required, Forces new resource) The name of the Permission Set.relayState
- (Optional) The relay state URL used to redirect users within the application during the federation authentication process.sessionDuration
- (Optional) The length of time that the application user sessions are valid in the ISO-8601 standard. Default:pt1H
.tags
- (Optional) Key-value map of resource tags. If configured with a providerdefaultTags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.
Attributes Reference
In addition to all arguments above, the following attributes are exported:
arn
- The Amazon Resource Name (ARN) of the Permission Set.id
- The Amazon Resource Names (ARNs) of the Permission Set and SSO Instance, separated by a comma (,
).createdDate
- The date the Permission Set was created in RFC3339 format.tagsAll
- A map of tags assigned to the resource, including those inherited from the providerdefaultTags
configuration block.
Import
SSO Permission Sets can be imported using the arn
and instanceArn
separated by a comma (,
) e.g.,