UNPKG

@pulumi/aws-native

Version:

The Pulumi AWS Cloud Control Provider enables you to build, deploy, and manage [any AWS resource that's supported by the AWS Cloud Control API](https://github.com/pulumi/pulumi-aws-native/blob/master/provider/cmd/pulumi-gen-aws-native/supported-types.txt)

pulumi.com

pulumi/pulumi-aws-native

73 lines (72 loc) 3.38 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
import * as pulumi from "@pulumi/pulumi"; import * as outputs from "../types/output"; /** * Resource Type definition for SSO PermissionSet */ export declare function getPermissionSet(args: GetPermissionSetArgs, opts?: pulumi.InvokeOptions): Promise<GetPermissionSetResult>; export interface GetPermissionSetArgs { /** * The sso instance arn that the permission set is owned. */ instanceArn: string; /** * The permission set that the policy will be attached to */ permissionSetArn: string; } export interface GetPermissionSetResult { /** * Specifies the names and paths of the customer managed policies that you have attached to your permission set. */ readonly customerManagedPolicyReferences?: outputs.sso.PermissionSetCustomerManagedPolicyReference[]; /** * The permission set description. */ readonly description?: string; /** * The inline policy to put in permission set. * * Search the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::SSO::PermissionSet` for more information about the expected schema for this property. */ readonly inlinePolicy?: any; /** * A structure that stores a list of managed policy ARNs that describe the associated AWS managed policy. */ readonly managedPolicies?: string[]; /** * The permission set that the policy will be attached to */ readonly permissionSetArn?: string; /** * Specifies the configuration of the AWS managed or customer managed policy that you want to set as a permissions boundary. Specify either `CustomerManagedPolicyReference` to use the name and path of a customer managed policy, or `ManagedPolicyArn` to use the ARN of an AWS managed policy. A permissions boundary represents the maximum permissions that any policy can grant your role. For more information, see [Permissions boundaries for IAM entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html) in the *IAM User Guide* . * * > Policies used as permissions boundaries don't provide permissions. You must also attach an IAM policy to the role. To learn how the effective permissions for a role are evaluated, see [IAM JSON policy evaluation logic](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html) in the *IAM User Guide* . */ readonly permissionsBoundary?: outputs.sso.PermissionSetPermissionsBoundary; /** * The relay state URL that redirect links to any service in the AWS Management Console. */ readonly relayStateType?: string; /** * The length of time that a user can be signed in to an AWS account. */ readonly sessionDuration?: string; /** * The tags to attach to the new `PermissionSet` . */ readonly tags?: outputs.Tag[]; } /** * Resource Type definition for SSO PermissionSet */ export declare function getPermissionSetOutput(args: GetPermissionSetOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output<GetPermissionSetResult>; export interface GetPermissionSetOutputArgs { /** * The sso instance arn that the permission set is owned. */ instanceArn: pulumi.Input<string>; /** * The permission set that the policy will be attached to */ permissionSetArn: pulumi.Input<string>; }