UNPKG

@taimos/cdk-controltower

Version:

[![npm version](https://badge.fury.io/js/@taimos%2Fcdk-controltower.svg)](https://badge.fury.io/js/@taimos%2Fcdk-controltower)

github.com/taimos/cdk-controltower

taimos/cdk-controltower

77 lines (76 loc) 3.31 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
import { IResolvable, Stack, StackProps } from 'aws-cdk-lib'; import { Construct } from 'constructs'; import { AccountConfig, GroupConfig, SsoProps } from './aws-org'; export interface PermissionSetOptions { /** * The description of the `PermissionSet` . * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-permissionset.html#cfn-sso-permissionset-description */ readonly description?: string; /** * The IAM inline policy that is attached to the permission set. * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-permissionset.html#cfn-sso-permissionset-inlinepolicy */ readonly inlinePolicy?: any | IResolvable; /** * A structure that stores the details of the IAM managed policy. * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-permissionset.html#cfn-sso-permissionset-managedpolicies */ readonly managedPolicies?: string[]; /** * The length of time that the application user sessions are valid for in the ISO-8601 standard. * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-permissionset.html#cfn-sso-permissionset-sessionduration */ readonly sessionDuration?: string; /** * Used to redirect users within the application during the federation authentication process. * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-permissionset.html#cfn-sso-permissionset-relaystatetype */ readonly relayStateType?: string; } export interface SsoPermissionConfig<T extends string, S extends string> { readonly groupPermissions: AccountConfig<T, GroupConfig<S, string[]>>; /** * optional configuration options for the Admin permission set * * @default `AdministratorAccess` with 8 hours session duration */ readonly adminSetOptions?: PermissionSetOptions; /** * optional configuration options for the ReadOnly permission set * * @default `ReadOnlyAccess` with 8 hours session duration */ readonly readOnlySetOptions?: PermissionSetOptions; /** * optional configuration options for the Admin permission set * * @default `ReadOnlyAccess` and `job-function/Billing` with 8 hours session duration */ readonly billingSetOptions?: PermissionSetOptions; /** * add more permission sets here besides Admin, Billing, and ReadOnly */ readonly permissionSets?: { [name: string]: PermissionSetOptions; }; /** * Collection of group - permission set assignments for every new account * * Use this to grant your admins permissions for every account directly after creation */ readonly defaultAssignmentsForNewAccount?: { readonly groupName: S; readonly permissionSetName: string; }[]; } export type SsoPermissionStackProps<T extends string, S extends string> = SsoProps<T, S> & SsoPermissionConfig<T, S> & StackProps; export declare class SsoPermissionStack<T extends string, S extends string> extends Stack { private permissionSets; constructor(scope: Construct, id: string, props: SsoPermissionStackProps<T, S>); }