Skip to content

Resource: awsSsoadminPermissionSet

Provides a Single Sign-On (SSO) Permission Set resource

\~> NOTE: Updating this resource will automatically Provision the Permission Set to apply the corresponding updates to all assigned accounts.

Example Usage

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const dataAwsSsoadminInstancesExample =
  new aws.dataAwsSsoadminInstances.DataAwsSsoadminInstances(
    this,
    "example",
    {}
  );
const awsSsoadminPermissionSetExample =
  new aws.ssoadminPermissionSet.SsoadminPermissionSet(this, "example_1", {
    description: "An example",
    instanceArn: `\${tolist(${dataAwsSsoadminInstancesExample.arns})[0]}`,
    name: "Example",
    relayState: "https://s3.console.aws.amazon.com/s3/home?region=us-east-1#",
    sessionDuration: "PT2H",
  });
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsSsoadminPermissionSetExample.overrideLogicalId("example");

Argument Reference

The following arguments are supported:

  • description - (Optional) The description of the Permission Set.
  • instanceArn - (Required, Forces new resource) The Amazon Resource Name (ARN) of the SSO Instance under which the operation will be executed.
  • name - (Required, Forces new resource) The name of the Permission Set.
  • relayState - (Optional) The relay state URL used to redirect users within the application during the federation authentication process.
  • sessionDuration - (Optional) The length of time that the application user sessions are valid in the ISO-8601 standard. Default: pt1H.
  • tags - (Optional) Key-value map of resource tags. If configured with a provider defaultTags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

Attributes Reference

In addition to all arguments above, the following attributes are exported:

  • arn - The Amazon Resource Name (ARN) of the Permission Set.
  • id - The Amazon Resource Names (ARNs) of the Permission Set and SSO Instance, separated by a comma (,).
  • createdDate - The date the Permission Set was created in RFC3339 format.
  • tagsAll - A map of tags assigned to the resource, including those inherited from the provider defaultTags configuration block.

Import

SSO Permission Sets can be imported using the arn and instanceArn separated by a comma (,) e.g.,

$ terraform import aws_ssoadmin_permission_set.example arn:aws:sso:::permissionSet/ssoins-2938j0x8920sbj72/ps-80383020jr9302rk,arn:aws:sso:::instance/ssoins-2938j0x8920sbj72