aws-cdk-lib.aws_sso.CfnPermissionSet.PermissionsBoundaryProperty

interface PermissionsBoundaryProperty

LanguageType name
.NETAmazon.CDK.AWS.SSO.CfnPermissionSet.PermissionsBoundaryProperty
Gogithub.com/aws/aws-cdk-go/awscdk/v2/awssso#CfnPermissionSet_PermissionsBoundaryProperty
Javasoftware.amazon.awscdk.services.sso.CfnPermissionSet.PermissionsBoundaryProperty
Pythonaws_cdk.aws_sso.CfnPermissionSet.PermissionsBoundaryProperty
TypeScript aws-cdk-lib » aws_sso » CfnPermissionSet » PermissionsBoundaryProperty

Specifies the configuration of the AWS managed or customer managed policy that you want to set as a permissions boundary.

Specify either CustomerManagedPolicyReference to use the name and path of a customer managed policy, or ManagedPolicyArn to use the ARN of an AWS managed policy. A permissions boundary represents the maximum permissions that any policy can grant your role. For more information, see Permissions boundaries for IAM entities in the IAM User Guide .

Policies used as permissions boundaries don't provide permissions. You must also attach an IAM policy to the role. To learn how the effective permissions for a role are evaluated, see IAM JSON policy evaluation logic in the IAM User Guide .

Example

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import { aws_sso as sso } from 'aws-cdk-lib';
const permissionsBoundaryProperty: sso.CfnPermissionSet.PermissionsBoundaryProperty = {
  customerManagedPolicyReference: {
    name: 'name',

    // the properties below are optional
    path: 'path',
  },
  managedPolicyArn: 'managedPolicyArn',
};

Properties

NameTypeDescription
customerManagedPolicyReference?IResolvable | CustomerManagedPolicyReferencePropertySpecifies the name and path of a customer managed policy.
managedPolicyArn?stringThe AWS managed policy ARN that you want to attach to a permission set as a permissions boundary.

customerManagedPolicyReference?

Type: IResolvable | CustomerManagedPolicyReferenceProperty (optional)

Specifies the name and path of a customer managed policy.

You must have an IAM policy that matches the name and path in each AWS account where you want to deploy your permission set.


managedPolicyArn?

Type: string (optional)

The AWS managed policy ARN that you want to attach to a permission set as a permissions boundary.