Resource Type definition for SSO PermissionSet
Note: Currently there is no data source for fetching the IAM Identity Center (formerly AWS SSO)
instance arn in the awscc
provider so you must use both the aws
and awscc
providers.
data "aws_ssoadmin_instances" "example" {} // fetch IAM Identity Center instance arn
// create new permission set
resource "awscc_sso_permission_set" "example" {
instance_arn = data.aws_ssoadmin_instances.example.arns[0] // reference existing IAM IDC instance by arn
name = "ExamplePermissionSet" // add desired name for permission set
description = "An example Permission Set" // add desired description for permission set
// add multiple managed policies
managed_policies = [
"arn:aws:iam::aws:policy/job-function/ViewOnlyAccess",
]
// redirect to S3 in us-east-1 upon sign-in
relay_state_type = "https://s3.console.aws.amazon.com/s3/home?region=us-east-1#"
// set 2 hour session duration
session_duration = "PT2H"
tags = [
{
key = "Modified By"
value = "AWSCC"
}
]
}
instance_arn
(String) The sso instance arn that the permission set is owned.name
(String) The name you want to assign to this permission set.customer_managed_policy_references
(Attributes List) (see below for nested schema)description
(String) The permission set description.inline_policy
(String) The inline policy to put in permission set.managed_policies
(List of String)permissions_boundary
(Attributes) (see below for nested schema)relay_state_type
(String) The relay state URL that redirect links to any service in the AWS Management Console.session_duration
(String) The length of time that a user can be signed in to an AWS account.tags
(Attributes List) (see below for nested schema)id
(String) Uniquely identifies the resource.permission_set_arn
(String) The permission set that the policy will be attached tocustomer_managed_policy_references
Required:
name
(String)Optional:
path
(String)permissions_boundary
Optional:
customer_managed_policy_reference
(Attributes) (see below for nested schema)managed_policy_arn
(String) The managed policy to attach.permissions_boundary.customer_managed_policy_reference
Required:
name
(String)Optional:
path
(String)tags
Required:
key
(String)value
(String)Import is supported using the following syntax:
$ terraform import awscc_sso_permission_set.example <resource ID>