Provides a Single Sign-On (SSO) ABAC Resource: https://docs.aws.amazon.com/singlesignon/latest/userguide/abac.html
data "aws_ssoadmin_instances" "example" {}
resource "aws_ssoadmin_instance_access_control_attributes" "example" {
instance_arn = tolist(data.aws_ssoadmin_instances.example.arns)[0]
attribute {
key = "name"
value {
source = ["$${path:name.givenName}"]
}
}
attribute {
key = "last"
value {
source = ["$${path:name.familyName}"]
}
}
}
This resource supports the following arguments:
instance_arn
- (Required, Forces new resource) The Amazon Resource Name (ARN) of the SSO Instance.attribute
- (Required) See AccessControlAttribute for more details.key
- (Required) The name of the attribute associated with your identities in your identity source. This is used to map a specified attribute in your identity source with an attribute in AWS SSO.value
- (Required) The value used for mapping a specified attribute to an identity source. See AccessControlAttributeValuesource
- (Required) The identity source to use when mapping a specified attribute to AWS SSO.This resource exports the following attributes in addition to the arguments above:
id
- The identifier of the Instance Access Control Attribute instance_arn
.In Terraform v1.5.0 and later, use an import
block to import SSO Account Assignments using the instance_arn
. For example:
import {
to = aws_ssoadmin_instance_access_control_attributes.example
id = "arn:aws:sso:::instance/ssoins-0123456789abcdef"
}
Using terraform import
, import SSO Account Assignments using the instance_arn
. For example:
% terraform import aws_ssoadmin_instance_access_control_attributes.example arn:aws:sso:::instance/ssoins-0123456789abcdef