pulumi-aws-kotlin/com.pulumi.aws.ssoadmin.kotlin/PermissionsBoundaryAttachmentArgs

PermissionsBoundaryAttachmentArgs

data class PermissionsBoundaryAttachmentArgs(val instanceArn: Output<String>? = null, val permissionSetArn: Output<String>? = null, val permissionsBoundary: Output<PermissionsBoundaryAttachmentPermissionsBoundaryArgs>? = null) : ConvertibleToJava<PermissionsBoundaryAttachmentArgs>

Attaches a permissions boundary policy to a Single Sign-On (SSO) Permission Set resource.

NOTE: A permission set can have at most one permissions boundary attached; using more than one aws.ssoadmin.PermissionsBoundaryAttachment references the same permission set will show a permanent difference.

Example Usage

Attaching an AWS-managed policy

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.ssoadmin.PermissionsBoundaryAttachment("example", {
    instanceArn: exampleAwsSsoadminPermissionSet.instanceArn,
    permissionSetArn: exampleAwsSsoadminPermissionSet.arn,
    permissionsBoundary: {
        managedPolicyArn: "arn:aws:iam::aws:policy/ReadOnlyAccess",
    },
});
Content copied to clipboard
import pulumi
import pulumi_aws as aws
example = aws.ssoadmin.PermissionsBoundaryAttachment("example",
    instance_arn=example_aws_ssoadmin_permission_set["instanceArn"],
    permission_set_arn=example_aws_ssoadmin_permission_set["arn"],
    permissions_boundary=aws.ssoadmin.PermissionsBoundaryAttachmentPermissionsBoundaryArgs(
        managed_policy_arn="arn:aws:iam::aws:policy/ReadOnlyAccess",
    ))
Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
    var example = new Aws.SsoAdmin.PermissionsBoundaryAttachment("example", new()
    {
        InstanceArn = exampleAwsSsoadminPermissionSet.InstanceArn,
        PermissionSetArn = exampleAwsSsoadminPermissionSet.Arn,
        PermissionsBoundary = new Aws.SsoAdmin.Inputs.PermissionsBoundaryAttachmentPermissionsBoundaryArgs
        {
            ManagedPolicyArn = "arn:aws:iam::aws:policy/ReadOnlyAccess",
        },
    });
});
Content copied to clipboard
package main
import (
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ssoadmin"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := ssoadmin.NewPermissionsBoundaryAttachment(ctx, "example", &ssoadmin.PermissionsBoundaryAttachmentArgs{
			InstanceArn:      pulumi.Any(exampleAwsSsoadminPermissionSet.InstanceArn),
			PermissionSetArn: pulumi.Any(exampleAwsSsoadminPermissionSet.Arn),
			PermissionsBoundary: &ssoadmin.PermissionsBoundaryAttachmentPermissionsBoundaryArgs{
				ManagedPolicyArn: pulumi.String("arn:aws:iam::aws:policy/ReadOnlyAccess"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.ssoadmin.PermissionsBoundaryAttachment;
import com.pulumi.aws.ssoadmin.PermissionsBoundaryAttachmentArgs;
import com.pulumi.aws.ssoadmin.inputs.PermissionsBoundaryAttachmentPermissionsBoundaryArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var example = new PermissionsBoundaryAttachment("example", PermissionsBoundaryAttachmentArgs.builder()
            .instanceArn(exampleAwsSsoadminPermissionSet.instanceArn())
            .permissionSetArn(exampleAwsSsoadminPermissionSet.arn())
            .permissionsBoundary(PermissionsBoundaryAttachmentPermissionsBoundaryArgs.builder()
                .managedPolicyArn("arn:aws:iam::aws:policy/ReadOnlyAccess")
                .build())
            .build());
    }
}
Content copied to clipboard
resources:
  example:
    type: aws:ssoadmin:PermissionsBoundaryAttachment
    properties:
      instanceArn: ${exampleAwsSsoadminPermissionSet.instanceArn}
      permissionSetArn: ${exampleAwsSsoadminPermissionSet.arn}
      permissionsBoundary:
        managedPolicyArn: arn:aws:iam::aws:policy/ReadOnlyAccess
Content copied to clipboard

Import

Using pulumi import, import SSO Admin Permissions Boundary Attachments using the permission_set_arn and instance_arn, separated by a comma (,). For example:

$ pulumi import aws:ssoadmin/permissionsBoundaryAttachment:PermissionsBoundaryAttachment example arn:aws:sso:::permissionSet/ssoins-2938j0x8920sbj72/ps-80383020jr9302rk,arn:aws:sso:::instance/ssoins-2938j0x8920sbj72
Content copied to clipboard

Constructors

Link copied to clipboard
fun PermissionsBoundaryAttachmentArgs(instanceArn: Output<String>? = null, permissionSetArn: Output<String>? = null, permissionsBoundary: Output<PermissionsBoundaryAttachmentPermissionsBoundaryArgs>? = null)

Functions

Link copied to clipboard
open override fun toJava(): PermissionsBoundaryAttachmentArgs

Properties

Link copied to clipboard
val instanceArn: Output<String>? = null

The Amazon Resource Name (ARN) of the SSO Instance under which the operation will be executed.

Link copied to clipboard
val permissionsBoundary: Output<PermissionsBoundaryAttachmentPermissionsBoundaryArgs>? = null

The permissions boundary policy. See below.

Link copied to clipboard
val permissionSetArn: Output<String>? = null

The Amazon Resource Name (ARN) of the Permission Set.