Docs Home
We recommend new projects start with resources from the AWS provider.
aws-native.sso.PermissionSet
Explore with Pulumi AI
We recommend new projects start with resources from the AWS provider.
Resource Type definition for SSO PermissionSet
Create PermissionSet Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new PermissionSet(name: string, args: PermissionSetArgs, opts?: CustomResourceOptions);@overload
def PermissionSet(resource_name: str,
args: PermissionSetArgs,
opts: Optional[ResourceOptions] = None)
@overload
def PermissionSet(resource_name: str,
opts: Optional[ResourceOptions] = None,
instance_arn: Optional[str] = None,
customer_managed_policy_references: Optional[Sequence[PermissionSetCustomerManagedPolicyReferenceArgs]] = None,
description: Optional[str] = None,
inline_policy: Optional[Any] = None,
managed_policies: Optional[Sequence[str]] = None,
name: Optional[str] = None,
permissions_boundary: Optional[PermissionSetPermissionsBoundaryArgs] = None,
relay_state_type: Optional[str] = None,
session_duration: Optional[str] = None,
tags: Optional[Sequence[_root_inputs.TagArgs]] = None)func NewPermissionSet(ctx *Context, name string, args PermissionSetArgs, opts ...ResourceOption) (*PermissionSet, error)public PermissionSet(string name, PermissionSetArgs args, CustomResourceOptions? opts = null)public PermissionSet(String name, PermissionSetArgs args)
public PermissionSet(String name, PermissionSetArgs args, CustomResourceOptions options)
type: aws-native:sso:PermissionSet
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name
This property is required. string - The unique name of the resource.
- args
This property is required. PermissionSetArgs - The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name
This property is required. str - The unique name of the resource.
- args
This property is required. PermissionSetArgs - The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name
This property is required. string - The unique name of the resource.
- args
This property is required. PermissionSetArgs - The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name
This property is required. string - The unique name of the resource.
- args
This property is required. PermissionSetArgs - The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name
This property is required. String - The unique name of the resource.
- args
This property is required. PermissionSetArgs - The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
PermissionSet Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The PermissionSet resource accepts the following input properties:
- Instance
Arn This property is required. string - The sso instance arn that the permission set is owned.
- Customer
Managed List<Pulumi.Policy References Aws Native. Sso. Inputs. Permission Set Customer Managed Policy Reference> - Specifies the names and paths of the customer managed policies that you have attached to your permission set.
- Description string
- The permission set description.
- Inline
Policy object The inline policy to put in permission set.
Search the CloudFormation User Guide for
AWS::SSO::PermissionSetfor more information about the expected schema for this property.- Managed
Policies List<string> - A structure that stores a list of managed policy ARNs that describe the associated AWS managed policy.
- Name string
- The name you want to assign to this permission set.
- Permissions
Boundary Pulumi.Aws Native. Sso. Inputs. Permission Set Permissions Boundary Specifies the configuration of the AWS managed or customer managed policy that you want to set as a permissions boundary. Specify either
CustomerManagedPolicyReferenceto use the name and path of a customer managed policy, orManagedPolicyArnto use the ARN of an AWS managed policy. A permissions boundary represents the maximum permissions that any policy can grant your role. For more information, see Permissions boundaries for IAM entities in the IAM User Guide .Policies used as permissions boundaries don't provide permissions. You must also attach an IAM policy to the role. To learn how the effective permissions for a role are evaluated, see IAM JSON policy evaluation logic in the IAM User Guide .
- Relay
State stringType - The relay state URL that redirect links to any service in the AWS Management Console.
- Session
Duration string - The length of time that a user can be signed in to an AWS account.
-
List<Pulumi.
Aws Native. Inputs. Tag> - The tags to attach to the new
PermissionSet.
- Instance
Arn This property is required. string - The sso instance arn that the permission set is owned.
- Customer
Managed []PermissionPolicy References Set Customer Managed Policy Reference Args - Specifies the names and paths of the customer managed policies that you have attached to your permission set.
- Description string
- The permission set description.
- Inline
Policy interface{} The inline policy to put in permission set.
Search the CloudFormation User Guide for
AWS::SSO::PermissionSetfor more information about the expected schema for this property.- Managed
Policies []string - A structure that stores a list of managed policy ARNs that describe the associated AWS managed policy.
- Name string
- The name you want to assign to this permission set.
- Permissions
Boundary PermissionSet Permissions Boundary Args Specifies the configuration of the AWS managed or customer managed policy that you want to set as a permissions boundary. Specify either
CustomerManagedPolicyReferenceto use the name and path of a customer managed policy, orManagedPolicyArnto use the ARN of an AWS managed policy. A permissions boundary represents the maximum permissions that any policy can grant your role. For more information, see Permissions boundaries for IAM entities in the IAM User Guide .Policies used as permissions boundaries don't provide permissions. You must also attach an IAM policy to the role. To learn how the effective permissions for a role are evaluated, see IAM JSON policy evaluation logic in the IAM User Guide .
- Relay
State stringType - The relay state URL that redirect links to any service in the AWS Management Console.
- Session
Duration string - The length of time that a user can be signed in to an AWS account.
-
Tag
Args - The tags to attach to the new
PermissionSet.
- instance
Arn This property is required. String - The sso instance arn that the permission set is owned.
- customer
Managed List<PermissionPolicy References Set Customer Managed Policy Reference> - Specifies the names and paths of the customer managed policies that you have attached to your permission set.
- description String
- The permission set description.
- inline
Policy Object The inline policy to put in permission set.
Search the CloudFormation User Guide for
AWS::SSO::PermissionSetfor more information about the expected schema for this property.- managed
Policies List<String> - A structure that stores a list of managed policy ARNs that describe the associated AWS managed policy.
- name String
- The name you want to assign to this permission set.
- permissions
Boundary PermissionSet Permissions Boundary Specifies the configuration of the AWS managed or customer managed policy that you want to set as a permissions boundary. Specify either
CustomerManagedPolicyReferenceto use the name and path of a customer managed policy, orManagedPolicyArnto use the ARN of an AWS managed policy. A permissions boundary represents the maximum permissions that any policy can grant your role. For more information, see Permissions boundaries for IAM entities in the IAM User Guide .Policies used as permissions boundaries don't provide permissions. You must also attach an IAM policy to the role. To learn how the effective permissions for a role are evaluated, see IAM JSON policy evaluation logic in the IAM User Guide .
- relay
State StringType - The relay state URL that redirect links to any service in the AWS Management Console.
- session
Duration String - The length of time that a user can be signed in to an AWS account.
- List<Tag>
- The tags to attach to the new
PermissionSet.
- instance
Arn This property is required. string - The sso instance arn that the permission set is owned.
- customer
Managed PermissionPolicy References Set Customer Managed Policy Reference[] - Specifies the names and paths of the customer managed policies that you have attached to your permission set.
- description string
- The permission set description.
- inline
Policy any The inline policy to put in permission set.
Search the CloudFormation User Guide for
AWS::SSO::PermissionSetfor more information about the expected schema for this property.- managed
Policies string[] - A structure that stores a list of managed policy ARNs that describe the associated AWS managed policy.
- name string
- The name you want to assign to this permission set.
- permissions
Boundary PermissionSet Permissions Boundary Specifies the configuration of the AWS managed or customer managed policy that you want to set as a permissions boundary. Specify either
CustomerManagedPolicyReferenceto use the name and path of a customer managed policy, orManagedPolicyArnto use the ARN of an AWS managed policy. A permissions boundary represents the maximum permissions that any policy can grant your role. For more information, see Permissions boundaries for IAM entities in the IAM User Guide .Policies used as permissions boundaries don't provide permissions. You must also attach an IAM policy to the role. To learn how the effective permissions for a role are evaluated, see IAM JSON policy evaluation logic in the IAM User Guide .
- relay
State stringType - The relay state URL that redirect links to any service in the AWS Management Console.
- session
Duration string - The length of time that a user can be signed in to an AWS account.
- Tag[]
- The tags to attach to the new
PermissionSet.
- instance_
arn This property is required. str - The sso instance arn that the permission set is owned.
- customer_
managed_ Sequence[Permissionpolicy_ references Set Customer Managed Policy Reference Args] - Specifies the names and paths of the customer managed policies that you have attached to your permission set.
- description str
- The permission set description.
- inline_
policy Any The inline policy to put in permission set.
Search the CloudFormation User Guide for
AWS::SSO::PermissionSetfor more information about the expected schema for this property.- managed_
policies Sequence[str] - A structure that stores a list of managed policy ARNs that describe the associated AWS managed policy.
- name str
- The name you want to assign to this permission set.
- permissions_
boundary PermissionSet Permissions Boundary Args Specifies the configuration of the AWS managed or customer managed policy that you want to set as a permissions boundary. Specify either
CustomerManagedPolicyReferenceto use the name and path of a customer managed policy, orManagedPolicyArnto use the ARN of an AWS managed policy. A permissions boundary represents the maximum permissions that any policy can grant your role. For more information, see Permissions boundaries for IAM entities in the IAM User Guide .Policies used as permissions boundaries don't provide permissions. You must also attach an IAM policy to the role. To learn how the effective permissions for a role are evaluated, see IAM JSON policy evaluation logic in the IAM User Guide .
- relay_
state_ strtype - The relay state URL that redirect links to any service in the AWS Management Console.
- session_
duration str - The length of time that a user can be signed in to an AWS account.
-
Sequence[Tag
Args] - The tags to attach to the new
PermissionSet.
- instance
Arn This property is required. String - The sso instance arn that the permission set is owned.
- customer
Managed List<Property Map>Policy References - Specifies the names and paths of the customer managed policies that you have attached to your permission set.
- description String
- The permission set description.
- inline
Policy Any The inline policy to put in permission set.
Search the CloudFormation User Guide for
AWS::SSO::PermissionSetfor more information about the expected schema for this property.- managed
Policies List<String> - A structure that stores a list of managed policy ARNs that describe the associated AWS managed policy.
- name String
- The name you want to assign to this permission set.
- permissions
Boundary Property Map Specifies the configuration of the AWS managed or customer managed policy that you want to set as a permissions boundary. Specify either
CustomerManagedPolicyReferenceto use the name and path of a customer managed policy, orManagedPolicyArnto use the ARN of an AWS managed policy. A permissions boundary represents the maximum permissions that any policy can grant your role. For more information, see Permissions boundaries for IAM entities in the IAM User Guide .Policies used as permissions boundaries don't provide permissions. You must also attach an IAM policy to the role. To learn how the effective permissions for a role are evaluated, see IAM JSON policy evaluation logic in the IAM User Guide .
- relay
State StringType - The relay state URL that redirect links to any service in the AWS Management Console.
- session
Duration String - The length of time that a user can be signed in to an AWS account.
- List<Property Map>
- The tags to attach to the new
PermissionSet.
Outputs
All input properties are implicitly available as output properties. Additionally, the PermissionSet resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Permission
Set stringArn - The permission set that the policy will be attached to
- Id string
- The provider-assigned unique ID for this managed resource.
- Permission
Set stringArn - The permission set that the policy will be attached to
- id String
- The provider-assigned unique ID for this managed resource.
- permission
Set StringArn - The permission set that the policy will be attached to
- id string
- The provider-assigned unique ID for this managed resource.
- permission
Set stringArn - The permission set that the policy will be attached to
- id str
- The provider-assigned unique ID for this managed resource.
- permission_
set_ strarn - The permission set that the policy will be attached to
- id String
- The provider-assigned unique ID for this managed resource.
- permission
Set StringArn - The permission set that the policy will be attached to
Supporting Types
PermissionSetCustomerManagedPolicyReference, PermissionSetCustomerManagedPolicyReferenceArgs
- Name
This property is required. string - The name of the IAM policy that you have configured in each account where you want to deploy your permission set.
- Path string
- The path to the IAM policy that you have configured in each account where you want to deploy your permission set. The default is
/. For more information, see Friendly names and paths in the IAM User Guide .
- Name
This property is required. string - The name of the IAM policy that you have configured in each account where you want to deploy your permission set.
- Path string
- The path to the IAM policy that you have configured in each account where you want to deploy your permission set. The default is
/. For more information, see Friendly names and paths in the IAM User Guide .
- name
This property is required. String - The name of the IAM policy that you have configured in each account where you want to deploy your permission set.
- path String
- The path to the IAM policy that you have configured in each account where you want to deploy your permission set. The default is
/. For more information, see Friendly names and paths in the IAM User Guide .
- name
This property is required. string - The name of the IAM policy that you have configured in each account where you want to deploy your permission set.
- path string
- The path to the IAM policy that you have configured in each account where you want to deploy your permission set. The default is
/. For more information, see Friendly names and paths in the IAM User Guide .
- name
This property is required. str - The name of the IAM policy that you have configured in each account where you want to deploy your permission set.
- path str
- The path to the IAM policy that you have configured in each account where you want to deploy your permission set. The default is
/. For more information, see Friendly names and paths in the IAM User Guide .
- name
This property is required. String - The name of the IAM policy that you have configured in each account where you want to deploy your permission set.
- path String
- The path to the IAM policy that you have configured in each account where you want to deploy your permission set. The default is
/. For more information, see Friendly names and paths in the IAM User Guide .
PermissionSetPermissionsBoundary, PermissionSetPermissionsBoundaryArgs
- Customer
Managed Pulumi.Policy Reference Aws Native. Sso. Inputs. Permission Set Customer Managed Policy Reference - Specifies the name and path of a customer managed policy. You must have an IAM policy that matches the name and path in each AWS account where you want to deploy your permission set.
- Managed
Policy stringArn - The AWS managed policy ARN that you want to attach to a permission set as a permissions boundary.
- Customer
Managed PermissionPolicy Reference Set Customer Managed Policy Reference - Specifies the name and path of a customer managed policy. You must have an IAM policy that matches the name and path in each AWS account where you want to deploy your permission set.
- Managed
Policy stringArn - The AWS managed policy ARN that you want to attach to a permission set as a permissions boundary.
- customer
Managed PermissionPolicy Reference Set Customer Managed Policy Reference - Specifies the name and path of a customer managed policy. You must have an IAM policy that matches the name and path in each AWS account where you want to deploy your permission set.
- managed
Policy StringArn - The AWS managed policy ARN that you want to attach to a permission set as a permissions boundary.
- customer
Managed PermissionPolicy Reference Set Customer Managed Policy Reference - Specifies the name and path of a customer managed policy. You must have an IAM policy that matches the name and path in each AWS account where you want to deploy your permission set.
- managed
Policy stringArn - The AWS managed policy ARN that you want to attach to a permission set as a permissions boundary.
- customer_
managed_ Permissionpolicy_ reference Set Customer Managed Policy Reference - Specifies the name and path of a customer managed policy. You must have an IAM policy that matches the name and path in each AWS account where you want to deploy your permission set.
- managed_
policy_ strarn - The AWS managed policy ARN that you want to attach to a permission set as a permissions boundary.
- customer
Managed Property MapPolicy Reference - Specifies the name and path of a customer managed policy. You must have an IAM policy that matches the name and path in each AWS account where you want to deploy your permission set.
- managed
Policy StringArn - The AWS managed policy ARN that you want to attach to a permission set as a permissions boundary.
Tag, TagArgs
Package Details
- Repository
- AWS Native pulumi/pulumi-aws-native
- License
- Apache-2.0
We recommend new projects start with resources from the AWS provider.