CfnPermissionSetPropsMixin

class aws_cdk.mixins_preview.aws_sso.mixins.CfnPermissionSetPropsMixin(props, *, strategy=None)

Bases: Mixin

Specifies a permission set within a specified IAM Identity Center instance.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-permissionset.html
CloudformationResource:: AWS::SSO::PermissionSet
Mixin:: true
ExampleMetadata:: fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview import mixins
from aws_cdk.mixins_preview.aws_sso import mixins as sso_mixins

# inline_policy: Any

cfn_permission_set_props_mixin = sso_mixins.CfnPermissionSetPropsMixin(sso_mixins.CfnPermissionSetMixinProps(
    customer_managed_policy_references=[sso_mixins.CfnPermissionSetPropsMixin.CustomerManagedPolicyReferenceProperty(
        name="name",
        path="path"
    )],
    description="description",
    inline_policy=inline_policy,
    instance_arn="instanceArn",
    managed_policies=["managedPolicies"],
    name="name",
    permissions_boundary=sso_mixins.CfnPermissionSetPropsMixin.PermissionsBoundaryProperty(
        customer_managed_policy_reference=sso_mixins.CfnPermissionSetPropsMixin.CustomerManagedPolicyReferenceProperty(
            name="name",
            path="path"
        ),
        managed_policy_arn="managedPolicyArn"
    ),
    relay_state_type="relayStateType",
    session_duration="sessionDuration",
    tags=[CfnTag(
        key="key",
        value="value"
    )]
),
    strategy=mixins.PropertyMergeStrategy.OVERRIDE
)

Create a mixin to apply properties to AWS::SSO::PermissionSet.

Parameters:

props (Union[CfnPermissionSetMixinProps, Dict[str, Any]]) – L1 properties to apply.
strategy (Optional[PropertyMergeStrategy]) – (experimental) Strategy for merging nested properties. Default: - PropertyMergeStrategy.MERGE

Methods

apply_to(construct)

Apply the mixin properties to the construct.

Parameters:: construct (IConstruct)
Return type:: IConstruct

supports(construct)

Check if this mixin supports the given construct.

Parameters:: construct (IConstruct)
Return type:: bool

Attributes

CFN_PROPERTY_KEYS = ['customerManagedPolicyReferences', 'description', 'inlinePolicy', 'instanceArn', 'managedPolicies', 'name', 'permissionsBoundary', 'relayStateType', 'sessionDuration', 'tags']

Static Methods

classmethod is_mixin(x)

(experimental) Checks if x is a Mixin.

Parameters:: x (Any) – Any object.
Return type:: bool
Returns:: true if x is an object created from a class which extends Mixin.
Stability:: experimental

CustomerManagedPolicyReferenceProperty

class CfnPermissionSetPropsMixin.CustomerManagedPolicyReferenceProperty(*, name=None, path=None)

Bases: object

Specifies the name and path of a customer managed policy.

You must have an IAM policy that matches the name and path in each AWS account where you want to deploy your permission set.

Parameters:

name (Optional[str]) – The name of the IAM policy that you have configured in each account where you want to deploy your permission set.
path (Optional[str]) – The path to the IAM policy that you have configured in each account where you want to deploy your permission set. The default is / . For more information, see Friendly names and paths in the IAM User Guide .

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sso-permissionset-customermanagedpolicyreference.html

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_sso import mixins as sso_mixins

customer_managed_policy_reference_property = sso_mixins.CfnPermissionSetPropsMixin.CustomerManagedPolicyReferenceProperty(
    name="name",
    path="path"
)

Attributes

name

The name of the IAM policy that you have configured in each account where you want to deploy your permission set.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sso-permissionset-customermanagedpolicyreference.html#cfn-sso-permissionset-customermanagedpolicyreference-name

path

The path to the IAM policy that you have configured in each account where you want to deploy your permission set.

The default is / . For more information, see Friendly names and paths in the IAM User Guide .

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sso-permissionset-customermanagedpolicyreference.html#cfn-sso-permissionset-customermanagedpolicyreference-path

PermissionsBoundaryProperty

class CfnPermissionSetPropsMixin.PermissionsBoundaryProperty(*, customer_managed_policy_reference=None, managed_policy_arn=None)

Bases: object

Specifies the configuration of the AWS managed or customer managed policy that you want to set as a permissions boundary.

Specify either CustomerManagedPolicyReference to use the name and path of a customer managed policy, or ManagedPolicyArn to use the ARN of an AWS managed policy. A permissions boundary represents the maximum permissions that any policy can grant your role. For more information, see Permissions boundaries for IAM entities in the IAM User Guide . .. epigraph:

Policies used as permissions boundaries don't provide permissions. You must also attach an IAM policy to the role. To learn how the effective permissions for a role are evaluated, see `IAM JSON policy evaluation logic <https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html>`_ in the *IAM User Guide* .

Parameters:

customer_managed_policy_reference (Union[IResolvable, CustomerManagedPolicyReferenceProperty, Dict[str, Any], None]) – Specifies the name and path of a customer managed policy. You must have an IAM policy that matches the name and path in each AWS account where you want to deploy your permission set.
managed_policy_arn (Optional[str]) – The AWS managed policy ARN that you want to attach to a permission set as a permissions boundary.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sso-permissionset-permissionsboundary.html

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_sso import mixins as sso_mixins

permissions_boundary_property = sso_mixins.CfnPermissionSetPropsMixin.PermissionsBoundaryProperty(
    customer_managed_policy_reference=sso_mixins.CfnPermissionSetPropsMixin.CustomerManagedPolicyReferenceProperty(
        name="name",
        path="path"
    ),
    managed_policy_arn="managedPolicyArn"
)

Attributes

customer_managed_policy_reference

Specifies the name and path of a customer managed policy.

You must have an IAM policy that matches the name and path in each AWS account where you want to deploy your permission set.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sso-permissionset-permissionsboundary.html#cfn-sso-permissionset-permissionsboundary-customermanagedpolicyreference

managed_policy_arn

The AWS managed policy ARN that you want to attach to a permission set as a permissions boundary.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sso-permissionset-permissionsboundary.html#cfn-sso-permissionset-permissionsboundary-managedpolicyarn