UNPKG

@pulumi/aws-native

Version:

The Pulumi AWS Cloud Control Provider enables you to build, deploy, and manage [any AWS resource that's supported by the AWS Cloud Control API](https://github.com/pulumi/pulumi-aws-native/blob/master/provider/cmd/pulumi-gen-aws-native/supported-types.txt)

pulumi.com

pulumi/pulumi-aws-native

128 lines (127 loc) 6.8 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
import * as pulumi from "@pulumi/pulumi"; import * as inputs from "../types/input"; import * as outputs from "../types/output"; /** * Resource Type definition for SSO PermissionSet */ export declare class PermissionSet extends pulumi.CustomResource { /** * Get an existing PermissionSet resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input<pulumi.ID>, opts?: pulumi.CustomResourceOptions): PermissionSet; /** * Returns true if the given object is an instance of PermissionSet. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is PermissionSet; /** * Specifies the names and paths of the customer managed policies that you have attached to your permission set. */ readonly customerManagedPolicyReferences: pulumi.Output<outputs.sso.PermissionSetCustomerManagedPolicyReference[] | undefined>; /** * The permission set description. */ readonly description: pulumi.Output<string | undefined>; /** * The inline policy to put in permission set. * * Search the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::SSO::PermissionSet` for more information about the expected schema for this property. */ readonly inlinePolicy: pulumi.Output<any | undefined>; /** * The sso instance arn that the permission set is owned. */ readonly instanceArn: pulumi.Output<string>; /** * A structure that stores a list of managed policy ARNs that describe the associated AWS managed policy. */ readonly managedPolicies: pulumi.Output<string[] | undefined>; /** * The name you want to assign to this permission set. */ readonly name: pulumi.Output<string>; /** * The permission set that the policy will be attached to */ readonly permissionSetArn: pulumi.Output<string>; /** * Specifies the configuration of the AWS managed or customer managed policy that you want to set as a permissions boundary. Specify either `CustomerManagedPolicyReference` to use the name and path of a customer managed policy, or `ManagedPolicyArn` to use the ARN of an AWS managed policy. A permissions boundary represents the maximum permissions that any policy can grant your role. For more information, see [Permissions boundaries for IAM entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html) in the *IAM User Guide* . * * > Policies used as permissions boundaries don't provide permissions. You must also attach an IAM policy to the role. To learn how the effective permissions for a role are evaluated, see [IAM JSON policy evaluation logic](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html) in the *IAM User Guide* . */ readonly permissionsBoundary: pulumi.Output<outputs.sso.PermissionSetPermissionsBoundary | undefined>; /** * The relay state URL that redirect links to any service in the AWS Management Console. */ readonly relayStateType: pulumi.Output<string | undefined>; /** * The length of time that a user can be signed in to an AWS account. */ readonly sessionDuration: pulumi.Output<string | undefined>; /** * The tags to attach to the new `PermissionSet` . */ readonly tags: pulumi.Output<outputs.Tag[] | undefined>; /** * Create a PermissionSet resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: PermissionSetArgs, opts?: pulumi.CustomResourceOptions); } /** * The set of arguments for constructing a PermissionSet resource. */ export interface PermissionSetArgs { /** * Specifies the names and paths of the customer managed policies that you have attached to your permission set. */ customerManagedPolicyReferences?: pulumi.Input<pulumi.Input<inputs.sso.PermissionSetCustomerManagedPolicyReferenceArgs>[]>; /** * The permission set description. */ description?: pulumi.Input<string>; /** * The inline policy to put in permission set. * * Search the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::SSO::PermissionSet` for more information about the expected schema for this property. */ inlinePolicy?: any; /** * The sso instance arn that the permission set is owned. */ instanceArn: pulumi.Input<string>; /** * A structure that stores a list of managed policy ARNs that describe the associated AWS managed policy. */ managedPolicies?: pulumi.Input<pulumi.Input<string>[]>; /** * The name you want to assign to this permission set. */ name?: pulumi.Input<string>; /** * Specifies the configuration of the AWS managed or customer managed policy that you want to set as a permissions boundary. Specify either `CustomerManagedPolicyReference` to use the name and path of a customer managed policy, or `ManagedPolicyArn` to use the ARN of an AWS managed policy. A permissions boundary represents the maximum permissions that any policy can grant your role. For more information, see [Permissions boundaries for IAM entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html) in the *IAM User Guide* . * * > Policies used as permissions boundaries don't provide permissions. You must also attach an IAM policy to the role. To learn how the effective permissions for a role are evaluated, see [IAM JSON policy evaluation logic](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html) in the *IAM User Guide* . */ permissionsBoundary?: pulumi.Input<inputs.sso.PermissionSetPermissionsBoundaryArgs>; /** * The relay state URL that redirect links to any service in the AWS Management Console. */ relayStateType?: pulumi.Input<string>; /** * The length of time that a user can be signed in to an AWS account. */ sessionDuration?: pulumi.Input<string>; /** * The tags to attach to the new `PermissionSet` . */ tags?: pulumi.Input<pulumi.Input<inputs.TagArgs>[]>; }