aws-cdk-lib.aws_sso.CfnInstanceAccessControlAttributeConfiguration.AccessControlAttributeProperty

interface AccessControlAttributeProperty

LanguageType name
.NETAmazon.CDK.AWS.SSO.CfnInstanceAccessControlAttributeConfiguration.AccessControlAttributeProperty
Gogithub.com/aws/aws-cdk-go/awscdk/v2/awssso#CfnInstanceAccessControlAttributeConfiguration_AccessControlAttributeProperty
Javasoftware.amazon.awscdk.services.sso.CfnInstanceAccessControlAttributeConfiguration.AccessControlAttributeProperty
Pythonaws_cdk.aws_sso.CfnInstanceAccessControlAttributeConfiguration.AccessControlAttributeProperty
TypeScript aws-cdk-lib » aws_sso » CfnInstanceAccessControlAttributeConfiguration » AccessControlAttributeProperty

These are IAM Identity Center identity store attributes that you can configure for use in attributes-based access control (ABAC).

You can create permissions policies that determine who can access your AWS resources based upon the configured attribute values. When you enable ABAC and specify AccessControlAttributes , IAM Identity Center passes the attribute values of the authenticated user into IAM for use in policy evaluation.

Example

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import { aws_sso as sso } from 'aws-cdk-lib';
const accessControlAttributeProperty: sso.CfnInstanceAccessControlAttributeConfiguration.AccessControlAttributeProperty = {
  key: 'key',
  value: {
    source: ['source'],
  },
};

Properties

NameTypeDescription
keystringThe name of the attribute associated with your identities in your identity source.
valueIResolvable | AccessControlAttributeValuePropertyThe value used for mapping a specified attribute to an identity source.

key

Type: string

The name of the attribute associated with your identities in your identity source.

This is used to map a specified attribute in your identity source with an attribute in IAM Identity Center .


value

Type: IResolvable | AccessControlAttributeValueProperty

The value used for mapping a specified attribute to an identity source.