Terraform resource for managing an AWS SSO Admin Application Access Scope.
data "aws_ssoadmin_instances" "example" {}
resource "aws_ssoadmin_application" "example" {
name = "example"
application_provider_arn = "arn:aws:sso::aws:applicationProvider/custom"
instance_arn = tolist(data.aws_ssoadmin_instances.example.arns)[0]
}
resource "aws_ssoadmin_application_access_scope" "example" {
application_arn = aws_ssoadmin_application.example.application_arn
authorized_targets = ["arn:aws:sso::012345678901:application/ssoins-012345678901/apl-012345678901"]
scope = "sso:account:access"
}
The following arguments are required:
application_arn
- (Required) Specifies the ARN of the application with the access scope with the targets to add or update.scope
- (Required) Specifies the name of the access scope to be associated with the specified targets.The following arguments are optional:
authorized_targets
- (Optional) Specifies an array list of ARNs that represent the authorized targets for this access scope.This resource exports the following attributes in addition to the arguments above:
id
- A comma-delimited string concatenating application_arn
and scope
.In Terraform v1.5.0 and later, use an import
block to import SSO Admin Application Access Scope using the id
. For example:
import {
to = aws_ssoadmin_application_access_scope.example
id = "arn:aws:sso::012345678901:application/ssoins-012345678901/apl-012345678901,sso:account:access"
}
Using terraform import
, import SSO Admin Application Access Scope using the id
. For example:
% terraform import aws_ssoadmin_application_access_scope.example arn:aws:sso::012345678901:application/ssoins-012345678901/apl-012345678901,sso:account:access