Provides an IAM inline policy for a Single Sign-On (SSO) Permission Set resource
data "aws_ssoadmin_instances" "example" {}
resource "aws_ssoadmin_permission_set" "example" {
name = "Example"
instance_arn = tolist(data.aws_ssoadmin_instances.example.arns)[0]
}
data "aws_iam_policy_document" "example" {
statement {
sid = "1"
actions = [
"s3:ListAllMyBuckets",
"s3:GetBucketLocation",
]
resources = [
"arn:aws:s3:::*",
]
}
}
resource "aws_ssoadmin_permission_set_inline_policy" "example" {
inline_policy = data.aws_iam_policy_document.example.json
instance_arn = tolist(data.aws_ssoadmin_instances.example.arns)[0]
permission_set_arn = aws_ssoadmin_permission_set.example.arn
}
This resource supports the following arguments:
inline_policy
- (Required) The IAM inline policy to attach to a Permission Set.instance_arn
- (Required, Forces new resource) The Amazon Resource Name (ARN) of the SSO Instance under which the operation will be executed.permission_set_arn
- (Required, Forces new resource) The Amazon Resource Name (ARN) of the Permission Set.This resource exports the following attributes in addition to the arguments above:
id
- The Amazon Resource Names (ARNs) of the Permission Set and SSO Instance, separated by a comma (,
).create
- (Default 10m
)delete
- (Default 10m
)In Terraform v1.5.0 and later, use an import
block to import SSO Permission Set Inline Policies using the permission_set_arn
and instance_arn
separated by a comma (,
). For example:
import {
to = aws_ssoadmin_permission_set_inline_policy.example
id = "arn:aws:sso:::permissionSet/ssoins-2938j0x8920sbj72/ps-80383020jr9302rk,arn:aws:sso:::instance/ssoins-2938j0x8920sbj72"
}
Using terraform import
, import SSO Permission Set Inline Policies using the permission_set_arn
and instance_arn
separated by a comma (,
). For example:
% terraform import aws_ssoadmin_permission_set_inline_policy.example arn:aws:sso:::permissionSet/ssoins-2938j0x8920sbj72/ps-80383020jr9302rk,arn:aws:sso:::instance/ssoins-2938j0x8920sbj72