Permission
data class PermissionSetInlinePolicyArgs(val inlinePolicy: Output<String>? = null, val instanceArn: Output<String>? = null, val permissionSetArn: Output<String>? = null) : ConvertibleToJava<PermissionSetInlinePolicyArgs>
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = aws.ssoadmin.getInstances({});
const examplePermissionSet = new aws.ssoadmin.PermissionSet("example", {
name: "Example",
instanceArn: example.then(example => example.arns?.[0]),
});
const exampleGetPolicyDocument = aws.iam.getPolicyDocument({
statements: [{
sid: "1",
actions: [
"s3:ListAllMyBuckets",
"s3:GetBucketLocation",
],
resources: ["arn:aws:s3:::*"],
}],
});
const examplePermissionSetInlinePolicy = new aws.ssoadmin.PermissionSetInlinePolicy("example", {
inlinePolicy: exampleGetPolicyDocument.then(exampleGetPolicyDocument => exampleGetPolicyDocument.json),
instanceArn: example.then(example => example.arns?.[0]),
permissionSetArn: examplePermissionSet.arn,
});Content copied to clipboard
import pulumi
import pulumi_aws as aws
example = aws.ssoadmin.get_instances()
example_permission_set = aws.ssoadmin.PermissionSet("example",
name="Example",
instance_arn=example.arns[0])
example_get_policy_document = aws.iam.get_policy_document(statements=[{
"sid": "1",
"actions": [
"s3:ListAllMyBuckets",
"s3:GetBucketLocation",
],
"resources": ["arn:aws:s3:::*"],
}])
example_permission_set_inline_policy = aws.ssoadmin.PermissionSetInlinePolicy("example",
inline_policy=example_get_policy_document.json,
instance_arn=example.arns[0],
permission_set_arn=example_permission_set.arn)Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = Aws.SsoAdmin.GetInstances.Invoke();
var examplePermissionSet = new Aws.SsoAdmin.PermissionSet("example", new()
{
Name = "Example",
InstanceArn = example.Apply(getInstancesResult => getInstancesResult.Arns[0]),
});
var exampleGetPolicyDocument = Aws.Iam.GetPolicyDocument.Invoke(new()
{
Statements = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs
{
Sid = "1",
Actions = new[]
{
"s3:ListAllMyBuckets",
"s3:GetBucketLocation",
},
Resources = new[]
{
"arn:aws:s3:::*",
},
},
},
});
var examplePermissionSetInlinePolicy = new Aws.SsoAdmin.PermissionSetInlinePolicy("example", new()
{
InlinePolicy = exampleGetPolicyDocument.Apply(getPolicyDocumentResult => getPolicyDocumentResult.Json),
InstanceArn = example.Apply(getInstancesResult => getInstancesResult.Arns[0]),
PermissionSetArn = examplePermissionSet.Arn,
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ssoadmin"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := ssoadmin.GetInstances(ctx, map[string]interface{}{}, nil)
if err != nil {
return err
}
examplePermissionSet, err := ssoadmin.NewPermissionSet(ctx, "example", &ssoadmin.PermissionSetArgs{
Name: pulumi.String("Example"),
InstanceArn: pulumi.String(example.Arns[0]),
})
if err != nil {
return err
}
exampleGetPolicyDocument, err := iam.GetPolicyDocument(ctx, &iam.GetPolicyDocumentArgs{
Statements: []iam.GetPolicyDocumentStatement{
{
Sid: pulumi.StringRef("1"),
Actions: []string{
"s3:ListAllMyBuckets",
"s3:GetBucketLocation",
},
Resources: []string{
"arn:aws:s3:::*",
},
},
},
}, nil)
if err != nil {
return err
}
_, err = ssoadmin.NewPermissionSetInlinePolicy(ctx, "example", &ssoadmin.PermissionSetInlinePolicyArgs{
InlinePolicy: pulumi.String(exampleGetPolicyDocument.Json),
InstanceArn: pulumi.String(example.Arns[0]),
PermissionSetArn: examplePermissionSet.Arn,
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.ssoadmin.SsoadminFunctions;
import com.pulumi.aws.ssoadmin.PermissionSet;
import com.pulumi.aws.ssoadmin.PermissionSetArgs;
import com.pulumi.aws.iam.IamFunctions;
import com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;
import com.pulumi.aws.ssoadmin.PermissionSetInlinePolicy;
import com.pulumi.aws.ssoadmin.PermissionSetInlinePolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var example = SsoadminFunctions.getInstances(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference);
var examplePermissionSet = new PermissionSet("examplePermissionSet", PermissionSetArgs.builder()
.name("Example")
.instanceArn(example.arns()[0])
.build());
final var exampleGetPolicyDocument = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
.statements(GetPolicyDocumentStatementArgs.builder()
.sid("1")
.actions(
"s3:ListAllMyBuckets",
"s3:GetBucketLocation")
.resources("arn:aws:s3:::*")
.build())
.build());
var examplePermissionSetInlinePolicy = new PermissionSetInlinePolicy("examplePermissionSetInlinePolicy", PermissionSetInlinePolicyArgs.builder()
.inlinePolicy(exampleGetPolicyDocument.json())
.instanceArn(example.arns()[0])
.permissionSetArn(examplePermissionSet.arn())
.build());
}
}Content copied to clipboard
resources:
examplePermissionSet:
type: aws:ssoadmin:PermissionSet
name: example
properties:
name: Example
instanceArn: ${example.arns[0]}
examplePermissionSetInlinePolicy:
type: aws:ssoadmin:PermissionSetInlinePolicy
name: example
properties:
inlinePolicy: ${exampleGetPolicyDocument.json}
instanceArn: ${example.arns[0]}
permissionSetArn: ${examplePermissionSet.arn}
variables:
example:
fn::invoke:
function: aws:ssoadmin:getInstances
arguments: {}
exampleGetPolicyDocument:
fn::invoke:
function: aws:iam:getPolicyDocument
arguments:
statements:
- sid: '1'
actions:
- s3:ListAllMyBuckets
- s3:GetBucketLocation
resources:
- arn:aws:s3:::*Content copied to clipboard
Import
Using pulumi import, import SSO Permission Set Inline Policies using the permission_set_arn and instance_arn separated by a comma (,). For example:
$ pulumi import aws:ssoadmin/permissionSetInlinePolicy:PermissionSetInlinePolicy example arn:aws:sso:::permissionSet/ssoins-2938j0x8920sbj72/ps-80383020jr9302rk,arn:aws:sso:::instance/ssoins-2938j0x8920sbj72Content copied to clipboard