aws-cdk-lib

import * as cdk from "../../core"; import * as constructs from "constructs"; import * as cfn_parse from "../../core/lib/helpers-internal"; /** * Assigns access to a Principal for a specified AWS account using a specified permission set. * * > The term *principal* here refers to a user or group that is defined in IAM Identity Center . * * @cloudformationResource AWS::SSO::Assignment * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-assignment.html */ export declare class CfnAssignment extends cdk.CfnResource implements cdk.IInspectable { /** * The CloudFormation resource type name for this resource class. */ static readonly CFN_RESOURCE_TYPE_NAME: string; /** * Build a CfnAssignment from CloudFormation properties * * A factory method that creates a new instance of this class from an object * containing the CloudFormation properties of this resource. * Used in the @aws-cdk/cloudformation-include module. * * @internal */ static _fromCloudFormation(scope: constructs.Construct, id: string, resourceAttributes: any, options: cfn_parse.FromCloudFormationOptions): CfnAssignment; /** * The ARN of the IAM Identity Center instance under which the operation will be executed. */ instanceArn: string; /** * The ARN of the permission set. */ permissionSetArn: string; /** * An identifier for an object in IAM Identity Center, such as a user or group. */ principalId: string; /** * The entity type for which the assignment will be created. */ principalType: string; /** * TargetID is an AWS account identifier, (For example, 123456789012). */ targetId: string; /** * The entity type for which the assignment will be created. */ targetType: string; /** * @param scope Scope in which this resource is defined * @param id Construct identifier for this resource (unique in its scope) * @param props Resource properties */ constructor(scope: constructs.Construct, id: string, props: CfnAssignmentProps); protected get cfnProperties(): Record<string, any>; /** * Examines the CloudFormation resource and discloses attributes * * @param inspector tree inspector to collect and process attributes */ inspect(inspector: cdk.TreeInspector): void; protected renderProperties(props: Record<string, any>): Record<string, any>; } /** * Properties for defining a `CfnAssignment` * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-assignment.html */ export interface CfnAssignmentProps { /** * The ARN of the IAM Identity Center instance under which the operation will be executed. * * For more information about ARNs, see [Amazon Resource Names (ARNs) and AWS Service Namespaces](https://docs.aws.amazon.com//general/latest/gr/aws-arns-and-namespaces.html) in the *AWS General Reference* . * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-assignment.html#cfn-sso-assignment-instancearn */ readonly instanceArn: string; /** * The ARN of the permission set. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-assignment.html#cfn-sso-assignment-permissionsetarn */ readonly permissionSetArn: string; /** * An identifier for an object in IAM Identity Center, such as a user or group. * * PrincipalIds are GUIDs (For example, f81d4fae-7dec-11d0-a765-00a0c91e6bf6). For more information about PrincipalIds in IAM Identity Center, see the [IAM Identity Center Identity Store API Reference](https://docs.aws.amazon.com//singlesignon/latest/IdentityStoreAPIReference/welcome.html) . * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-assignment.html#cfn-sso-assignment-principalid */ readonly principalId: string; /** * The entity type for which the assignment will be created. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-assignment.html#cfn-sso-assignment-principaltype */ readonly principalType: string; /** * TargetID is an AWS account identifier, (For example, 123456789012). * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-assignment.html#cfn-sso-assignment-targetid */ readonly targetId: string; /** * The entity type for which the assignment will be created. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-assignment.html#cfn-sso-assignment-targettype */ readonly targetType: string; } /** * Enables the attribute-based access control (ABAC) feature for the specified IAM Identity Center instance. * * You can also specify new attributes to add to your ABAC configuration during the enabling process. For more information about ABAC, see [Attribute-Based Access Control](https://docs.aws.amazon.com//singlesignon/latest/userguide/abac.html) in the *IAM Identity Center User Guide* . * * > The `InstanceAccessControlAttributeConfiguration` property has been deprecated but is still supported for backwards compatibility purposes. We recommend that you use the `AccessControlAttributes` property instead. * * @cloudformationResource AWS::SSO::InstanceAccessControlAttributeConfiguration * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-instanceaccesscontrolattributeconfiguration.html */ export declare class CfnInstanceAccessControlAttributeConfiguration extends cdk.CfnResource implements cdk.IInspectable { /** * The CloudFormation resource type name for this resource class. */ static readonly CFN_RESOURCE_TYPE_NAME: string; /** * Build a CfnInstanceAccessControlAttributeConfiguration from CloudFormation properties * * A factory method that creates a new instance of this class from an object * containing the CloudFormation properties of this resource. * Used in the @aws-cdk/cloudformation-include module. * * @internal */ static _fromCloudFormation(scope: constructs.Construct, id: string, resourceAttributes: any, options: cfn_parse.FromCloudFormationOptions): CfnInstanceAccessControlAttributeConfiguration; /** * Lists the attributes that are configured for ABAC in the specified IAM Identity Center instance. */ accessControlAttributes?: Array<CfnInstanceAccessControlAttributeConfiguration.AccessControlAttributeProperty | cdk.IResolvable> | cdk.IResolvable; /** * The InstanceAccessControlAttributeConfiguration property has been deprecated but is still supported for backwards compatibility purposes. * * @deprecated this property has been deprecated */ instanceAccessControlAttributeConfiguration?: CfnInstanceAccessControlAttributeConfiguration.InstanceAccessControlAttributeConfigurationProperty | cdk.IResolvable; /** * The ARN of the IAM Identity Center instance under which the operation will be executed. */ instanceArn: string; /** * @param scope Scope in which this resource is defined * @param id Construct identifier for this resource (unique in its scope) * @param props Resource properties */ constructor(scope: constructs.Construct, id: string, props: CfnInstanceAccessControlAttributeConfigurationProps); protected get cfnProperties(): Record<string, any>; /** * Examines the CloudFormation resource and discloses attributes * * @param inspector tree inspector to collect and process attributes */ inspect(inspector: cdk.TreeInspector): void; protected renderProperties(props: Record<string, any>): Record<string, any>; } export declare namespace CfnInstanceAccessControlAttributeConfiguration { /** * These are IAM Identity Center identity store attributes that you can configure for use in attributes-based access control (ABAC). * * You can create permissions policies that determine who can access your AWS resources based upon the configured attribute values. When you enable ABAC and specify `AccessControlAttributes` , IAM Identity Center passes the attribute values of the authenticated user into IAM for use in policy evaluation. * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sso-instanceaccesscontrolattributeconfiguration-accesscontrolattribute.html */ interface AccessControlAttributeProperty { /** * The name of the attribute associated with your identities in your identity source. * * This is used to map a specified attribute in your identity source with an attribute in IAM Identity Center . * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sso-instanceaccesscontrolattributeconfiguration-accesscontrolattribute.html#cfn-sso-instanceaccesscontrolattributeconfiguration-accesscontrolattribute-key */ readonly key: string; /** * The value used for mapping a specified attribute to an identity source. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sso-instanceaccesscontrolattributeconfiguration-accesscontrolattribute.html#cfn-sso-instanceaccesscontrolattributeconfiguration-accesscontrolattribute-value */ readonly value: CfnInstanceAccessControlAttributeConfiguration.AccessControlAttributeValueProperty | cdk.IResolvable; } /** * The value used for mapping a specified attribute to an identity source. * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sso-instanceaccesscontrolattributeconfiguration-accesscontrolattributevalue.html */ interface AccessControlAttributeValueProperty { /** * The identity source to use when mapping a specified attribute to IAM Identity Center . * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sso-instanceaccesscontrolattributeconfiguration-accesscontrolattributevalue.html#cfn-sso-instanceaccesscontrolattributeconfiguration-accesscontrolattributevalue-source */ readonly source: Array<string>; } /** * The InstanceAccessControlAttributeConfiguration property has been deprecated but is still supported for backwards compatibility purposes. * * We recomend that you use AccessControlAttributes property instead. * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sso-instanceaccesscontrolattributeconfiguration-instanceaccesscontrolattributeconfiguration.html */ interface InstanceAccessControlAttributeConfigurationProperty { /** * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sso-instanceaccesscontrolattributeconfiguration-instanceaccesscontrolattributeconfiguration.html#cfn-sso-instanceaccesscontrolattributeconfiguration-instanceaccesscontrolattributeconfiguration-accesscontrolattributes */ readonly accessControlAttributes: Array<CfnInstanceAccessControlAttributeConfiguration.AccessControlAttributeProperty | cdk.IResolvable> | cdk.IResolvable; } } /** * Properties for defining a `CfnInstanceAccessControlAttributeConfiguration` * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-instanceaccesscontrolattributeconfiguration.html */ export interface CfnInstanceAccessControlAttributeConfigurationProps { /** * Lists the attributes that are configured for ABAC in the specified IAM Identity Center instance. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-instanceaccesscontrolattributeconfiguration.html#cfn-sso-instanceaccesscontrolattributeconfiguration-accesscontrolattributes */ readonly accessControlAttributes?: Array<CfnInstanceAccessControlAttributeConfiguration.AccessControlAttributeProperty | cdk.IResolvable> | cdk.IResolvable; /** * The InstanceAccessControlAttributeConfiguration property has been deprecated but is still supported for backwards compatibility purposes. * * We recomend that you use AccessControlAttributes property instead. * * @deprecated this property has been deprecated * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-instanceaccesscontrolattributeconfiguration.html#cfn-sso-instanceaccesscontrolattributeconfiguration-instanceaccesscontrolattributeconfiguration */ readonly instanceAccessControlAttributeConfiguration?: CfnInstanceAccessControlAttributeConfiguration.InstanceAccessControlAttributeConfigurationProperty | cdk.IResolvable; /** * The ARN of the IAM Identity Center instance under which the operation will be executed. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-instanceaccesscontrolattributeconfiguration.html#cfn-sso-instanceaccesscontrolattributeconfiguration-instancearn */ readonly instanceArn: string; } /** * Specifies a permission set within a specified IAM Identity Center instance. * * @cloudformationResource AWS::SSO::PermissionSet * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-permissionset.html */ export declare class CfnPermissionSet extends cdk.CfnResource implements cdk.IInspectable, cdk.ITaggable { /** * The CloudFormation resource type name for this resource class. */ static readonly CFN_RESOURCE_TYPE_NAME: string; /** * Build a CfnPermissionSet from CloudFormation properties * * A factory method that creates a new instance of this class from an object * containing the CloudFormation properties of this resource. * Used in the @aws-cdk/cloudformation-include module. * * @internal */ static _fromCloudFormation(scope: constructs.Construct, id: string, resourceAttributes: any, options: cfn_parse.FromCloudFormationOptions): CfnPermissionSet; /** * The permission set ARN of the permission set, such as `arn:aws:sso:::permissionSet/ins-instanceid/ps-permissionsetid` . * * @cloudformationAttribute PermissionSetArn */ readonly attrPermissionSetArn: string; /** * Specifies the names and paths of the customer managed policies that you have attached to your permission set. */ customerManagedPolicyReferences?: Array<CfnPermissionSet.CustomerManagedPolicyReferenceProperty | cdk.IResolvable> | cdk.IResolvable; /** * The description of the `PermissionSet` . */ description?: string; /** * The inline policy that is attached to the permission set. */ inlinePolicy?: any | cdk.IResolvable; /** * The ARN of the IAM Identity Center instance under which the operation will be executed. */ instanceArn: string; /** * A structure that stores a list of managed policy ARNs that describe the associated AWS managed policy. */ managedPolicies?: Array<string>; /** * The name of the permission set. */ name: string; /** * Specifies the configuration of the AWS managed or customer managed policy that you want to set as a permissions boundary. */ permissionsBoundary?: cdk.IResolvable | CfnPermissionSet.PermissionsBoundaryProperty; /** * Used to redirect users within the application during the federation authentication process. */ relayStateType?: string; /** * The length of time that the application user sessions are valid for in the ISO-8601 standard. */ sessionDuration?: string; /** * Tag Manager which manages the tags for this resource */ readonly tags: cdk.TagManager; /** * The tags to attach to the new `PermissionSet` . */ tagsRaw?: Array<cdk.CfnTag>; /** * @param scope Scope in which this resource is defined * @param id Construct identifier for this resource (unique in its scope) * @param props Resource properties */ constructor(scope: constructs.Construct, id: string, props: CfnPermissionSetProps); protected get cfnProperties(): Record<string, any>; /** * Examines the CloudFormation resource and discloses attributes * * @param inspector tree inspector to collect and process attributes */ inspect(inspector: cdk.TreeInspector): void; protected renderProperties(props: Record<string, any>): Record<string, any>; } export declare namespace CfnPermissionSet { /** * Specifies the name and path of a customer managed policy. * * You must have an IAM policy that matches the name and path in each AWS account where you want to deploy your permission set. * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sso-permissionset-customermanagedpolicyreference.html */ interface CustomerManagedPolicyReferenceProperty { /** * The name of the IAM policy that you have configured in each account where you want to deploy your permission set. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sso-permissionset-customermanagedpolicyreference.html#cfn-sso-permissionset-customermanagedpolicyreference-name */ readonly name: string; /** * The path to the IAM policy that you have configured in each account where you want to deploy your permission set. * * The default is `/` . For more information, see [Friendly names and paths](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-friendly-names) in the *IAM User Guide* . * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sso-permissionset-customermanagedpolicyreference.html#cfn-sso-permissionset-customermanagedpolicyreference-path */ readonly path?: string; } /** * Specifies the configuration of the AWS managed or customer managed policy that you want to set as a permissions boundary. * * Specify either `CustomerManagedPolicyReference` to use the name and path of a customer managed policy, or `ManagedPolicyArn` to use the ARN of an AWS managed policy. A permissions boundary represents the maximum permissions that any policy can grant your role. For more information, see [Permissions boundaries for IAM entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html) in the *IAM User Guide* . * * > Policies used as permissions boundaries don't provide permissions. You must also attach an IAM policy to the role. To learn how the effective permissions for a role are evaluated, see [IAM JSON policy evaluation logic](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html) in the *IAM User Guide* . * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sso-permissionset-permissionsboundary.html */ interface PermissionsBoundaryProperty { /** * Specifies the name and path of a customer managed policy. * * You must have an IAM policy that matches the name and path in each AWS account where you want to deploy your permission set. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sso-permissionset-permissionsboundary.html#cfn-sso-permissionset-permissionsboundary-customermanagedpolicyreference */ readonly customerManagedPolicyReference?: CfnPermissionSet.CustomerManagedPolicyReferenceProperty | cdk.IResolvable; /** * The AWS managed policy ARN that you want to attach to a permission set as a permissions boundary. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sso-permissionset-permissionsboundary.html#cfn-sso-permissionset-permissionsboundary-managedpolicyarn */ readonly managedPolicyArn?: string; } } /** * Properties for defining a `CfnPermissionSet` * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-permissionset.html */ export interface CfnPermissionSetProps { /** * Specifies the names and paths of the customer managed policies that you have attached to your permission set. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-permissionset.html#cfn-sso-permissionset-customermanagedpolicyreferences */ readonly customerManagedPolicyReferences?: Array<CfnPermissionSet.CustomerManagedPolicyReferenceProperty | cdk.IResolvable> | cdk.IResolvable; /** * The description of the `PermissionSet` . * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-permissionset.html#cfn-sso-permissionset-description */ readonly description?: string; /** * The inline policy that is attached to the permission set. * * > For `Length Constraints` , if a valid ARN is provided for a permission set, it is possible for an empty inline policy to be returned. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-permissionset.html#cfn-sso-permissionset-inlinepolicy */ readonly inlinePolicy?: any | cdk.IResolvable; /** * The ARN of the IAM Identity Center instance under which the operation will be executed. * * For more information about ARNs, see [Amazon Resource Names (ARNs) and AWS Service Namespaces](https://docs.aws.amazon.com//general/latest/gr/aws-arns-and-namespaces.html) in the *AWS General Reference* . * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-permissionset.html#cfn-sso-permissionset-instancearn */ readonly instanceArn: string; /** * A structure that stores a list of managed policy ARNs that describe the associated AWS managed policy. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-permissionset.html#cfn-sso-permissionset-managedpolicies */ readonly managedPolicies?: Array<string>; /** * The name of the permission set. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-permissionset.html#cfn-sso-permissionset-name */ readonly name: string; /** * Specifies the configuration of the AWS managed or customer managed policy that you want to set as a permissions boundary. * * Specify either `CustomerManagedPolicyReference` to use the name and path of a customer managed policy, or `ManagedPolicyArn` to use the ARN of an AWS managed policy. A permissions boundary represents the maximum permissions that any policy can grant your role. For more information, see [Permissions boundaries for IAM entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html) in the *IAM User Guide* . * * > Policies used as permissions boundaries don't provide permissions. You must also attach an IAM policy to the role. To learn how the effective permissions for a role are evaluated, see [IAM JSON policy evaluation logic](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html) in the *IAM User Guide* . * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-permissionset.html#cfn-sso-permissionset-permissionsboundary */ readonly permissionsBoundary?: cdk.IResolvable | CfnPermissionSet.PermissionsBoundaryProperty; /** * Used to redirect users within the application during the federation authentication process. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-permissionset.html#cfn-sso-permissionset-relaystatetype */ readonly relayStateType?: string; /** * The length of time that the application user sessions are valid for in the ISO-8601 standard. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-permissionset.html#cfn-sso-permissionset-sessionduration */ readonly sessionDuration?: string; /** * The tags to attach to the new `PermissionSet` . * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-permissionset.html#cfn-sso-permissionset-tags */ readonly tags?: Array<cdk.CfnTag>; } /** * Creates an OAuth 2.0 customer managed application in IAM Identity Center for the given application provider. * * > This API does not support creating SAML 2.0 customer managed applications or AWS managed applications. To learn how to create an AWS managed application, see the application user guide. You can create a SAML 2.0 customer managed application in the AWS Management Console only. See [Setting up customer managed SAML 2.0 applications](https://docs.aws.amazon.com/singlesignon/latest/userguide/customermanagedapps-saml2-setup.html) . For more information on these application types, see [AWS managed applications](https://docs.aws.amazon.com/singlesignon/latest/userguide/awsapps.html) . * * @cloudformationResource AWS::SSO::Application * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-application.html */ export declare class CfnApplication extends cdk.CfnResource implements cdk.IInspectable, cdk.ITaggableV2 { /** * The CloudFormation resource type name for this resource class. */ static readonly CFN_RESOURCE_TYPE_NAME: string; /** * Build a CfnApplication from CloudFormation properties * * A factory method that creates a new instance of this class from an object * containing the CloudFormation properties of this resource. * Used in the @aws-cdk/cloudformation-include module. * * @internal */ static _fromCloudFormation(scope: constructs.Construct, id: string, resourceAttributes: any, options: cfn_parse.FromCloudFormationOptions): CfnApplication; /** * The ARN of the application. * * @cloudformationAttribute ApplicationArn */ readonly attrApplicationArn: string; /** * The ARN of the application provider for this application. */ applicationProviderArn: string; /** * Tag Manager which manages the tags for this resource */ readonly cdkTagManager: cdk.TagManager; /** * The description of the application. */ description?: string; /** * The ARN of the instance of IAM Identity Center that is configured with this application. */ instanceArn: string; /** * The name of the application. */ name: string; /** * A structure that describes the options for the access portal associated with this application. */ portalOptions?: cdk.IResolvable | CfnApplication.PortalOptionsConfigurationProperty; /** * The current status of the application in this instance of IAM Identity Center. */ status?: string; /** * Specifies tags to be attached to the application. */ tags?: Array<cdk.CfnTag>; /** * @param scope Scope in which this resource is defined * @param id Construct identifier for this resource (unique in its scope) * @param props Resource properties */ constructor(scope: constructs.Construct, id: string, props: CfnApplicationProps); protected get cfnProperties(): Record<string, any>; /** * Examines the CloudFormation resource and discloses attributes * * @param inspector tree inspector to collect and process attributes */ inspect(inspector: cdk.TreeInspector): void; protected renderProperties(props: Record<string, any>): Record<string, any>; } export declare namespace CfnApplication { /** * A structure that describes the options for the portal associated with an application. * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sso-application-portaloptionsconfiguration.html */ interface PortalOptionsConfigurationProperty { /** * A structure that describes the sign-in options for the access portal. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sso-application-portaloptionsconfiguration.html#cfn-sso-application-portaloptionsconfiguration-signinoptions */ readonly signInOptions?: cdk.IResolvable | CfnApplication.SignInOptionsProperty; /** * Indicates whether this application is visible in the access portal. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sso-application-portaloptionsconfiguration.html#cfn-sso-application-portaloptionsconfiguration-visibility */ readonly visibility?: string; } /** * A structure that describes the sign-in options for an application portal. * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sso-application-signinoptions.html */ interface SignInOptionsProperty { /** * The URL that accepts authentication requests for an application. * * This is a required parameter if the `Origin` parameter is `APPLICATION` . * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sso-application-signinoptions.html#cfn-sso-application-signinoptions-applicationurl */ readonly applicationUrl?: string; /** * This determines how IAM Identity Center navigates the user to the target application. * * It can be one of the following values: * * - `APPLICATION` : IAM Identity Center redirects the customer to the configured `ApplicationUrl` . * - `IDENTITY_CENTER` : IAM Identity Center uses SAML identity-provider initiated authentication to sign the customer directly into a SAML-based application. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sso-application-signinoptions.html#cfn-sso-application-signinoptions-origin */ readonly origin: string; } } /** * Properties for defining a `CfnApplication` * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-application.html */ export interface CfnApplicationProps { /** * The ARN of the application provider for this application. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-application.html#cfn-sso-application-applicationproviderarn */ readonly applicationProviderArn: string; /** * The description of the application. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-application.html#cfn-sso-application-description */ readonly description?: string; /** * The ARN of the instance of IAM Identity Center that is configured with this application. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-application.html#cfn-sso-application-instancearn */ readonly instanceArn: string; /** * The name of the application. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-application.html#cfn-sso-application-name */ readonly name: string; /** * A structure that describes the options for the access portal associated with this application. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-application.html#cfn-sso-application-portaloptions */ readonly portalOptions?: cdk.IResolvable | CfnApplication.PortalOptionsConfigurationProperty; /** * The current status of the application in this instance of IAM Identity Center. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-application.html#cfn-sso-application-status */ readonly status?: string; /** * Specifies tags to be attached to the application. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-application.html#cfn-sso-application-tags */ readonly tags?: Array<cdk.CfnTag>; } /** * A structure that describes an assignment of a principal to an application. * * @cloudformationResource AWS::SSO::ApplicationAssignment * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-applicationassignment.html */ export declare class CfnApplicationAssignment extends cdk.CfnResource implements cdk.IInspectable { /** * The CloudFormation resource type name for this resource class. */ static readonly CFN_RESOURCE_TYPE_NAME: string; /** * Build a CfnApplicationAssignment from CloudFormation properties * * A factory method that creates a new instance of this class from an object * containing the CloudFormation properties of this resource. * Used in the @aws-cdk/cloudformation-include module. * * @internal */ static _fromCloudFormation(scope: constructs.Construct, id: string, resourceAttributes: any, options: cfn_parse.FromCloudFormationOptions): CfnApplicationAssignment; /** * The ARN of the application that has principals assigned. */ applicationArn: string; /** * The unique identifier of the principal assigned to the application. */ principalId: string; /** * The type of the principal assigned to the application. */ principalType: string; /** * @param scope Scope in which this resource is defined * @param id Construct identifier for this resource (unique in its scope) * @param props Resource properties */ constructor(scope: constructs.Construct, id: string, props: CfnApplicationAssignmentProps); protected get cfnProperties(): Record<string, any>; /** * Examines the CloudFormation resource and discloses attributes * * @param inspector tree inspector to collect and process attributes */ inspect(inspector: cdk.TreeInspector): void; protected renderProperties(props: Record<string, any>): Record<string, any>; } /** * Properties for defining a `CfnApplicationAssignment` * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-applicationassignment.html */ export interface CfnApplicationAssignmentProps { /** * The ARN of the application that has principals assigned. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-applicationassignment.html#cfn-sso-applicationassignment-applicationarn */ readonly applicationArn: string; /** * The unique identifier of the principal assigned to the application. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-applicationassignment.html#cfn-sso-applicationassignment-principalid */ readonly principalId: string; /** * The type of the principal assigned to the application. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-applicationassignment.html#cfn-sso-applicationassignment-principaltype */ readonly principalType: string; } /** * Creates an instance of IAM Identity Center for a standalone AWS account that is not managed by AWS Organizations or a member AWS account in an organization. * * You can create only one instance per account and across all AWS Regions . * * The CreateInstance request is rejected if the following apply: * * - The instance is created within the organization management account. * - An instance already exists in the same account. * * @cloudformationResource AWS::SSO::Instance * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-instance.html */ export declare class CfnInstance extends cdk.CfnResource implements cdk.IInspectable, cdk.ITaggableV2 { /** * The CloudFormation resource type name for this resource class. */ static readonly CFN_RESOURCE_TYPE_NAME: string; /** * Build a CfnInstance from CloudFormation properties * * A factory method that creates a new instance of this class from an object * containing the CloudFormation properties of this resource. * Used in the @aws-cdk/cloudformation-include module. * * @internal */ static _fromCloudFormation(scope: constructs.Construct, id: string, resourceAttributes: any, options: cfn_parse.FromCloudFormationOptions): CfnInstance; /** * The identifier of the identity store that is connected to the Identity Center instance. * * @cloudformationAttribute IdentityStoreId */ readonly attrIdentityStoreId: string; /** * The ARN of the Identity Center instance under which the operation will be executed. For more information about ARNs, see [Amazon Resource * Names (ARNs) and AWS Service Namespaces](https://docs.aws.amazon.com//general/latest/gr/aws-arns-and-namespaces.html) in the *AWS General Reference* . * * @cloudformationAttribute InstanceArn */ readonly attrInstanceArn: string; /** * The AWS account ID number of the owner of the Identity Center instance. * * @cloudformationAttribute OwnerAccountId */ readonly attrOwnerAccountId: string; /** * The current status of this Identity Center instance. * * @cloudformationAttribute Status */ readonly attrStatus: string; /** * Tag Manager which manages the tags for this resource */ readonly cdkTagManager: cdk.TagManager; /** * The name of the Identity Center instance. */ name?: string; /** * Specifies tags to be attached to the instance of IAM Identity Center. */ tags?: Array<cdk.CfnTag>; /** * @param scope Scope in which this resource is defined * @param id Construct identifier for this resource (unique in its scope) * @param props Resource properties */ constructor(scope: constructs.Construct, id: string, props?: CfnInstanceProps); protected get cfnProperties(): Record<string, any>; /** * Examines the CloudFormation resource and discloses attributes * * @param inspector tree inspector to collect and process attributes */ inspect(inspector: cdk.TreeInspector): void; protected renderProperties(props: Record<string, any>): Record<string, any>; } /** * Properties for defining a `CfnInstance` * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-instance.html */ export interface CfnInstanceProps { /** * The name of the Identity Center instance. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-instance.html#cfn-sso-instance-name */ readonly name?: string; /** * Specifies tags to be attached to the instance of IAM Identity Center. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-instance.html#cfn-sso-instance-tags */ readonly tags?: Array<cdk.CfnTag>; }