UNPKG

@pulumi/aws

Version:

A Pulumi package for creating and managing Amazon Web Services (AWS) cloud resources.

pulumi/pulumi-aws

134 lines • 6.3 kB

JavaScript

"use strict"; // *** WARNING: this file was generated by pulumi-language-nodejs. *** // *** Do not edit by hand unless you're certain you know what you are doing! *** Object.defineProperty(exports, "__esModule", { value: true }); exports.ManagedPolicyAttachment = void 0; const pulumi = require("@pulumi/pulumi"); const utilities = require("../utilities"); /** * Provides an IAM managed policy for a Single Sign-On (SSO) Permission Set resource * * > **NOTE:** Creating this resource will automatically [Provision the Permission Set](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ProvisionPermissionSet.html) to apply the corresponding updates to all assigned accounts. * * ## Example Usage * * ### Basic Usage * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as aws from "@pulumi/aws"; * * const example = aws.ssoadmin.getInstances({}); * const examplePermissionSet = new aws.ssoadmin.PermissionSet("example", { * name: "Example", * instanceArn: example.then(example => example.arns?.[0]), * }); * const exampleManagedPolicyAttachment = new aws.ssoadmin.ManagedPolicyAttachment("example", { * instanceArn: example.then(example => example.arns?.[0]), * managedPolicyArn: "arn:aws:iam::aws:policy/AlexaForBusinessDeviceSetup", * permissionSetArn: examplePermissionSet.arn, * }); * ``` * * ### With Account Assignment * * > Because destruction of a managed policy attachment resource also re-provisions the associated permission set to all accounts, explicitly indicating the dependency with the account assignment resource via the `dependsOn` meta argument is necessary to ensure proper deletion order when these resources are used together. * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as aws from "@pulumi/aws"; * * const example = aws.ssoadmin.getInstances({}); * const examplePermissionSet = new aws.ssoadmin.PermissionSet("example", { * name: "Example", * instanceArn: example.then(example => example.arns?.[0]), * }); * const exampleGroup = new aws.identitystore.Group("example", { * identityStoreId: example.then(example => example.identityStoreIds?.[0]), * displayName: "Admin", * description: "Admin Group", * }); * const exampleAccountAssignment = new aws.ssoadmin.AccountAssignment("example", { * instanceArn: example.then(example => example.arns?.[0]), * permissionSetArn: examplePermissionSet.arn, * principalId: exampleGroup.groupId, * principalType: "GROUP", * targetId: "123456789012", * targetType: "AWS_ACCOUNT", * }); * const exampleManagedPolicyAttachment = new aws.ssoadmin.ManagedPolicyAttachment("example", { * instanceArn: example.then(example => example.arns?.[0]), * managedPolicyArn: "arn:aws:iam::aws:policy/AlexaForBusinessDeviceSetup", * permissionSetArn: examplePermissionSet.arn, * }, { * dependsOn: [exampleAccountAssignment], * }); * ``` * * ## Import * * Using `pulumi import`, import SSO Managed Policy Attachments using the `managed_policy_arn`, `permission_set_arn`, and `instance_arn` separated by a comma (`,`). For example: * * ```sh * $ pulumi import aws:ssoadmin/managedPolicyAttachment:ManagedPolicyAttachment example arn:aws:iam::aws:policy/AlexaForBusinessDeviceSetup,arn:aws:sso:::permissionSet/ssoins-2938j0x8920sbj72/ps-80383020jr9302rk,arn:aws:sso:::instance/ssoins-2938j0x8920sbj72 * ``` */ class ManagedPolicyAttachment extends pulumi.CustomResource { /** * Get an existing ManagedPolicyAttachment resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name, id, state, opts) { return new ManagedPolicyAttachment(name, state, { ...opts, id: id }); } /** * Returns true if the given object is an instance of ManagedPolicyAttachment. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj) { if (obj === undefined || obj === null) { return false; } return obj['__pulumiType'] === ManagedPolicyAttachment.__pulumiType; } constructor(name, argsOrState, opts) { let resourceInputs = {}; opts = opts || {}; if (opts.id) { const state = argsOrState; resourceInputs["instanceArn"] = state?.instanceArn; resourceInputs["managedPolicyArn"] = state?.managedPolicyArn; resourceInputs["managedPolicyName"] = state?.managedPolicyName; resourceInputs["permissionSetArn"] = state?.permissionSetArn; resourceInputs["region"] = state?.region; } else { const args = argsOrState; if (args?.instanceArn === undefined && !opts.urn) { throw new Error("Missing required property 'instanceArn'"); } if (args?.managedPolicyArn === undefined && !opts.urn) { throw new Error("Missing required property 'managedPolicyArn'"); } if (args?.permissionSetArn === undefined && !opts.urn) { throw new Error("Missing required property 'permissionSetArn'"); } resourceInputs["instanceArn"] = args?.instanceArn; resourceInputs["managedPolicyArn"] = args?.managedPolicyArn; resourceInputs["permissionSetArn"] = args?.permissionSetArn; resourceInputs["region"] = args?.region; resourceInputs["managedPolicyName"] = undefined /*out*/; } opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts); super(ManagedPolicyAttachment.__pulumiType, name, resourceInputs, opts); } } exports.ManagedPolicyAttachment = ManagedPolicyAttachment; /** @internal */ ManagedPolicyAttachment.__pulumiType = 'aws:ssoadmin/managedPolicyAttachment:ManagedPolicyAttachment'; //# sourceMappingURL=managedPolicyAttachment.js.map