aws-cdk-lib

import * as cdk from "../../core/lib"; import * as constructs from "constructs"; import * as cfn_parse from "../../core/lib/helpers-internal"; import { ApplicationAssignmentReference, ApplicationReference, AssignmentReference, IApplicationAssignmentRef, IApplicationRef, IAssignmentRef, IInstanceAccessControlAttributeConfigurationRef, IInstanceRef, InstanceAccessControlAttributeConfigurationReference, InstanceReference, IPermissionSetRef, PermissionSetReference } from "../../interfaces/generated/aws-sso-interfaces.generated"; /** * Assigns access to a Principal for a specified AWS account using a specified permission set. * * > The term *principal* here refers to a user or group that is defined in . * * @cloudformationResource AWS::SSO::Assignment * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-assignment.html */ export declare class CfnAssignment extends cdk.CfnResource implements cdk.IInspectable, IAssignmentRef { /** * The CloudFormation resource type name for this resource class. */ static readonly CFN_RESOURCE_TYPE_NAME: string; /** * Build a CfnAssignment from CloudFormation properties * * A factory method that creates a new instance of this class from an object * containing the CloudFormation properties of this resource. * Used in the @aws-cdk/cloudformation-include module. * * @internal */ static _fromCloudFormation(scope: constructs.Construct, id: string, resourceAttributes: any, options: cfn_parse.FromCloudFormationOptions): CfnAssignment; /** * Checks whether the given object is a CfnAssignment */ static isCfnAssignment(x: any): x is CfnAssignment; /** * The ARN of the instance under which the operation will be executed. */ private _instanceArn; /** * The ARN of the permission set. */ private _permissionSetArn; /** * An identifier for an object in IAM Identity Center, such as a user or group. */ private _principalId; /** * The entity type for which the assignment will be created. */ private _principalType; /** * TargetID is an AWS account identifier, (For example, 123456789012). */ private _targetId; /** * The entity type for which the assignment will be created. */ private _targetType; /** * Create a new `AWS::SSO::Assignment`. * * @param scope Scope in which this resource is defined * @param id Construct identifier for this resource (unique in its scope) * @param props Resource properties */ constructor(scope: constructs.Construct, id: string, props: CfnAssignmentProps); get assignmentRef(): AssignmentReference; /** * The ARN of the instance under which the operation will be executed. */ get instanceArn(): string; /** * The ARN of the instance under which the operation will be executed. */ set instanceArn(value: string); /** * The ARN of the permission set. */ get permissionSetArn(): string; /** * The ARN of the permission set. */ set permissionSetArn(value: string); /** * An identifier for an object in IAM Identity Center, such as a user or group. */ get principalId(): string; /** * An identifier for an object in IAM Identity Center, such as a user or group. */ set principalId(value: string); /** * The entity type for which the assignment will be created. */ get principalType(): string; /** * The entity type for which the assignment will be created. */ set principalType(value: string); /** * TargetID is an AWS account identifier, (For example, 123456789012). */ get targetId(): string; /** * TargetID is an AWS account identifier, (For example, 123456789012). */ set targetId(value: string); /** * The entity type for which the assignment will be created. */ get targetType(): string; /** * The entity type for which the assignment will be created. */ set targetType(value: string); protected get cfnProperties(): Record<string, any>; /** * Examines the CloudFormation resource and discloses attributes * * @param inspector tree inspector to collect and process attributes */ inspect(inspector: cdk.TreeInspector): void; protected renderProperties(props: Record<string, any>): Record<string, any>; } /** * Properties for defining a `CfnAssignment` * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-assignment.html */ export interface CfnAssignmentProps { /** * The ARN of the instance under which the operation will be executed. * * For more information about ARNs, see [Amazon Resource Names (ARNs) and AWS Service Namespaces](https://docs.aws.amazon.com//general/latest/gr/aws-arns-and-namespaces.html) in the *AWS General Reference* . * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-assignment.html#cfn-sso-assignment-instancearn */ readonly instanceArn: string; /** * The ARN of the permission set. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-assignment.html#cfn-sso-assignment-permissionsetarn */ readonly permissionSetArn: string; /** * An identifier for an object in IAM Identity Center, such as a user or group. * * PrincipalIds are GUIDs (For example, f81d4fae-7dec-11d0-a765-00a0c91e6bf6). For more information about PrincipalIds in IAM Identity Center, see the [IAM Identity Center Identity Store API Reference](https://docs.aws.amazon.com//singlesignon/latest/IdentityStoreAPIReference/welcome.html) . * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-assignment.html#cfn-sso-assignment-principalid */ readonly principalId: string; /** * The entity type for which the assignment will be created. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-assignment.html#cfn-sso-assignment-principaltype */ readonly principalType: string; /** * TargetID is an AWS account identifier, (For example, 123456789012). * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-assignment.html#cfn-sso-assignment-targetid */ readonly targetId: string; /** * The entity type for which the assignment will be created. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-assignment.html#cfn-sso-assignment-targettype */ readonly targetType: string; } /** * Enables the attribute-based access control (ABAC) feature for the specified instance. * * You can also specify new attributes to add to your ABAC configuration during the enabling process. For more information about ABAC, see [Attribute-Based Access Control](https://docs.aws.amazon.com//singlesignon/latest/userguide/abac.html) in the *User Guide* . * * > The `InstanceAccessControlAttributeConfiguration` property has been deprecated but is still supported for backwards compatibility purposes. We recommend that you use the `AccessControlAttributes` property instead. * * @cloudformationResource AWS::SSO::InstanceAccessControlAttributeConfiguration * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-instanceaccesscontrolattributeconfiguration.html */ export declare class CfnInstanceAccessControlAttributeConfiguration extends cdk.CfnResource implements cdk.IInspectable, IInstanceAccessControlAttributeConfigurationRef { /** * The CloudFormation resource type name for this resource class. */ static readonly CFN_RESOURCE_TYPE_NAME: string; /** * Build a CfnInstanceAccessControlAttributeConfiguration from CloudFormation properties * * A factory method that creates a new instance of this class from an object * containing the CloudFormation properties of this resource. * Used in the @aws-cdk/cloudformation-include module. * * @internal */ static _fromCloudFormation(scope: constructs.Construct, id: string, resourceAttributes: any, options: cfn_parse.FromCloudFormationOptions): CfnInstanceAccessControlAttributeConfiguration; /** * Checks whether the given object is a CfnInstanceAccessControlAttributeConfiguration */ static isCfnInstanceAccessControlAttributeConfiguration(x: any): x is CfnInstanceAccessControlAttributeConfiguration; /** * Lists the attributes that are configured for ABAC in the specified instance. */ private _accessControlAttributes?; /** * The InstanceAccessControlAttributeConfiguration property has been deprecated but is still supported for backwards compatibility purposes. * * @deprecated this property has been deprecated */ private _instanceAccessControlAttributeConfiguration?; /** * The ARN of the instance under which the operation will be executed. */ private _instanceArn; /** * Create a new `AWS::SSO::InstanceAccessControlAttributeConfiguration`. * * @param scope Scope in which this resource is defined * @param id Construct identifier for this resource (unique in its scope) * @param props Resource properties */ constructor(scope: constructs.Construct, id: string, props: CfnInstanceAccessControlAttributeConfigurationProps); get instanceAccessControlAttributeConfigurationRef(): InstanceAccessControlAttributeConfigurationReference; /** * Lists the attributes that are configured for ABAC in the specified instance. */ get accessControlAttributes(): Array<CfnInstanceAccessControlAttributeConfiguration.AccessControlAttributeProperty | cdk.IResolvable> | cdk.IResolvable | undefined; /** * Lists the attributes that are configured for ABAC in the specified instance. */ set accessControlAttributes(value: Array<CfnInstanceAccessControlAttributeConfiguration.AccessControlAttributeProperty | cdk.IResolvable> | cdk.IResolvable | undefined); /** * The InstanceAccessControlAttributeConfiguration property has been deprecated but is still supported for backwards compatibility purposes. * * @deprecated this property has been deprecated */ get instanceAccessControlAttributeConfiguration(): CfnInstanceAccessControlAttributeConfiguration.InstanceAccessControlAttributeConfigurationProperty | cdk.IResolvable | undefined; /** * The InstanceAccessControlAttributeConfiguration property has been deprecated but is still supported for backwards compatibility purposes. * * @deprecated this property has been deprecated */ set instanceAccessControlAttributeConfiguration(value: CfnInstanceAccessControlAttributeConfiguration.InstanceAccessControlAttributeConfigurationProperty | cdk.IResolvable | undefined); /** * The ARN of the instance under which the operation will be executed. */ get instanceArn(): string; /** * The ARN of the instance under which the operation will be executed. */ set instanceArn(value: string); protected get cfnProperties(): Record<string, any>; /** * Examines the CloudFormation resource and discloses attributes * * @param inspector tree inspector to collect and process attributes */ inspect(inspector: cdk.TreeInspector): void; protected renderProperties(props: Record<string, any>): Record<string, any>; } export declare namespace CfnInstanceAccessControlAttributeConfiguration { /** * These are identity store attributes that you can configure for use in attributes-based access control (ABAC). * * You can create permissions policies that determine who can access your AWS resources based upon the configured attribute values. When you enable ABAC and specify `AccessControlAttributes` , passes the attribute values of the authenticated user into IAM for use in policy evaluation. * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sso-instanceaccesscontrolattributeconfiguration-accesscontrolattribute.html */ interface AccessControlAttributeProperty { /** * The name of the attribute associated with your identities in your identity source. * * This is used to map a specified attribute in your identity source with an attribute in . * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sso-instanceaccesscontrolattributeconfiguration-accesscontrolattribute.html#cfn-sso-instanceaccesscontrolattributeconfiguration-accesscontrolattribute-key */ readonly key: string; /** * The value used for mapping a specified attribute to an identity source. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sso-instanceaccesscontrolattributeconfiguration-accesscontrolattribute.html#cfn-sso-instanceaccesscontrolattributeconfiguration-accesscontrolattribute-value */ readonly value: CfnInstanceAccessControlAttributeConfiguration.AccessControlAttributeValueProperty | cdk.IResolvable; } /** * The value used for mapping a specified attribute to an identity source. * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sso-instanceaccesscontrolattributeconfiguration-accesscontrolattributevalue.html */ interface AccessControlAttributeValueProperty { /** * The identity source to use when mapping a specified attribute to . * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sso-instanceaccesscontrolattributeconfiguration-accesscontrolattributevalue.html#cfn-sso-instanceaccesscontrolattributeconfiguration-accesscontrolattributevalue-source */ readonly source: Array<string>; } /** * The InstanceAccessControlAttributeConfiguration property has been deprecated but is still supported for backwards compatibility purposes. * * We recomend that you use AccessControlAttributes property instead. * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sso-instanceaccesscontrolattributeconfiguration-instanceaccesscontrolattributeconfiguration.html */ interface InstanceAccessControlAttributeConfigurationProperty { /** * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sso-instanceaccesscontrolattributeconfiguration-instanceaccesscontrolattributeconfiguration.html#cfn-sso-instanceaccesscontrolattributeconfiguration-instanceaccesscontrolattributeconfiguration-accesscontrolattributes */ readonly accessControlAttributes: Array<CfnInstanceAccessControlAttributeConfiguration.AccessControlAttributeProperty | cdk.IResolvable> | cdk.IResolvable; } } /** * Properties for defining a `CfnInstanceAccessControlAttributeConfiguration` * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-instanceaccesscontrolattributeconfiguration.html */ export interface CfnInstanceAccessControlAttributeConfigurationProps { /** * Lists the attributes that are configured for ABAC in the specified instance. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-instanceaccesscontrolattributeconfiguration.html#cfn-sso-instanceaccesscontrolattributeconfiguration-accesscontrolattributes */ readonly accessControlAttributes?: Array<CfnInstanceAccessControlAttributeConfiguration.AccessControlAttributeProperty | cdk.IResolvable> | cdk.IResolvable; /** * The InstanceAccessControlAttributeConfiguration property has been deprecated but is still supported for backwards compatibility purposes. * * We recomend that you use AccessControlAttributes property instead. * * @deprecated this property has been deprecated * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-instanceaccesscontrolattributeconfiguration.html#cfn-sso-instanceaccesscontrolattributeconfiguration-instanceaccesscontrolattributeconfiguration */ readonly instanceAccessControlAttributeConfiguration?: CfnInstanceAccessControlAttributeConfiguration.InstanceAccessControlAttributeConfigurationProperty | cdk.IResolvable; /** * The ARN of the instance under which the operation will be executed. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-instanceaccesscontrolattributeconfiguration.html#cfn-sso-instanceaccesscontrolattributeconfiguration-instancearn */ readonly instanceArn: string; } /** * Specifies a permission set within a specified instance. * * @cloudformationResource AWS::SSO::PermissionSet * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-permissionset.html */ export declare class CfnPermissionSet extends cdk.CfnResource implements cdk.IInspectable, IPermissionSetRef, cdk.ITaggable { /** * The CloudFormation resource type name for this resource class. */ static readonly CFN_RESOURCE_TYPE_NAME: string; /** * Build a CfnPermissionSet from CloudFormation properties * * A factory method that creates a new instance of this class from an object * containing the CloudFormation properties of this resource. * Used in the @aws-cdk/cloudformation-include module. * * @internal */ static _fromCloudFormation(scope: constructs.Construct, id: string, resourceAttributes: any, options: cfn_parse.FromCloudFormationOptions): CfnPermissionSet; /** * Checks whether the given object is a CfnPermissionSet */ static isCfnPermissionSet(x: any): x is CfnPermissionSet; static arnForPermissionSet(resource: IPermissionSetRef): string; /** * Specifies the names and paths of the customer managed policies that you have attached to your permission set. */ private _customerManagedPolicyReferences?; /** * The description of the `PermissionSet` . */ private _description?; /** * The inline policy that is attached to the permission set. */ private _inlinePolicy?; /** * The ARN of the instance under which the operation will be executed. */ private _instanceArn; /** * A structure that stores a list of managed policy ARNs that describe the associated AWS managed policy. */ private _managedPolicies?; /** * The name of the permission set. */ private _name; /** * Specifies the configuration of the AWS managed or customer managed policy that you want to set as a permissions boundary. */ private _permissionsBoundary?; /** * Used to redirect users within the application during the federation authentication process. */ private _relayStateType?; /** * The length of time that the application user sessions are valid for in the ISO-8601 standard. */ private _sessionDuration?; /** * Tag Manager which manages the tags for this resource */ readonly tags: cdk.TagManager; /** * The tags to attach to the new `PermissionSet` . */ private _tagsRaw?; /** * Create a new `AWS::SSO::PermissionSet`. * * @param scope Scope in which this resource is defined * @param id Construct identifier for this resource (unique in its scope) * @param props Resource properties */ constructor(scope: constructs.Construct, id: string, props: CfnPermissionSetProps); get permissionSetRef(): PermissionSetReference; /** * Specifies the names and paths of the customer managed policies that you have attached to your permission set. */ get customerManagedPolicyReferences(): Array<CfnPermissionSet.CustomerManagedPolicyReferenceProperty | cdk.IResolvable> | cdk.IResolvable | undefined; /** * Specifies the names and paths of the customer managed policies that you have attached to your permission set. */ set customerManagedPolicyReferences(value: Array<CfnPermissionSet.CustomerManagedPolicyReferenceProperty | cdk.IResolvable> | cdk.IResolvable | undefined); /** * The description of the `PermissionSet` . */ get description(): string | undefined; /** * The description of the `PermissionSet` . */ set description(value: string | undefined); /** * The inline policy that is attached to the permission set. */ get inlinePolicy(): any | cdk.IResolvable | undefined; /** * The inline policy that is attached to the permission set. */ set inlinePolicy(value: any | cdk.IResolvable | undefined); /** * The ARN of the instance under which the operation will be executed. */ get instanceArn(): string; /** * The ARN of the instance under which the operation will be executed. */ set instanceArn(value: string); /** * A structure that stores a list of managed policy ARNs that describe the associated AWS managed policy. */ get managedPolicies(): Array<string> | undefined; /** * A structure that stores a list of managed policy ARNs that describe the associated AWS managed policy. */ set managedPolicies(value: Array<string> | undefined); /** * The name of the permission set. */ get name(): string; /** * The name of the permission set. */ set name(value: string); /** * Specifies the configuration of the AWS managed or customer managed policy that you want to set as a permissions boundary. */ get permissionsBoundary(): cdk.IResolvable | CfnPermissionSet.PermissionsBoundaryProperty | undefined; /** * Specifies the configuration of the AWS managed or customer managed policy that you want to set as a permissions boundary. */ set permissionsBoundary(value: cdk.IResolvable | CfnPermissionSet.PermissionsBoundaryProperty | undefined); /** * Used to redirect users within the application during the federation authentication process. */ get relayStateType(): string | undefined; /** * Used to redirect users within the application during the federation authentication process. */ set relayStateType(value: string | undefined); /** * The length of time that the application user sessions are valid for in the ISO-8601 standard. */ get sessionDuration(): string | undefined; /** * The length of time that the application user sessions are valid for in the ISO-8601 standard. */ set sessionDuration(value: string | undefined); /** * The tags to attach to the new `PermissionSet` . */ get tagsRaw(): Array<cdk.CfnTag> | undefined; /** * The tags to attach to the new `PermissionSet` . */ set tagsRaw(value: Array<cdk.CfnTag> | undefined); /** * The permission set ARN of the permission set, such as `arn:aws:sso:::permissionSet/ins-instanceid/ps-permissionsetid` . * * @cloudformationAttribute PermissionSetArn */ get attrPermissionSetArn(): string; protected get cfnProperties(): Record<string, any>; /** * Examines the CloudFormation resource and discloses attributes * * @param inspector tree inspector to collect and process attributes */ inspect(inspector: cdk.TreeInspector): void; protected renderProperties(props: Record<string, any>): Record<string, any>; } export declare namespace CfnPermissionSet { /** * Specifies the name and path of a customer managed policy. * * You must have an IAM policy that matches the name and path in each AWS account where you want to deploy your permission set. * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sso-permissionset-customermanagedpolicyreference.html */ interface CustomerManagedPolicyReferenceProperty { /** * The name of the IAM policy that you have configured in each account where you want to deploy your permission set. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sso-permissionset-customermanagedpolicyreference.html#cfn-sso-permissionset-customermanagedpolicyreference-name */ readonly name: string; /** * The path to the IAM policy that you have configured in each account where you want to deploy your permission set. * * The default is `/` . For more information, see [Friendly names and paths](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-friendly-names) in the *IAM User Guide* . * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sso-permissionset-customermanagedpolicyreference.html#cfn-sso-permissionset-customermanagedpolicyreference-path */ readonly path?: string; } /** * Specifies the configuration of the AWS managed or customer managed policy that you want to set as a permissions boundary. * * Specify either `CustomerManagedPolicyReference` to use the name and path of a customer managed policy, or `ManagedPolicyArn` to use the ARN of an AWS managed policy. A permissions boundary represents the maximum permissions that any policy can grant your role. For more information, see [Permissions boundaries for IAM entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html) in the *IAM User Guide* . * * > Policies used as permissions boundaries don't provide permissions. You must also attach an IAM policy to the role. To learn how the effective permissions for a role are evaluated, see [IAM JSON policy evaluation logic](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html) in the *IAM User Guide* . * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sso-permissionset-permissionsboundary.html */ interface PermissionsBoundaryProperty { /** * Specifies the name and path of a customer managed policy. * * You must have an IAM policy that matches the name and path in each AWS account where you want to deploy your permission set. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sso-permissionset-permissionsboundary.html#cfn-sso-permissionset-permissionsboundary-customermanagedpolicyreference */ readonly customerManagedPolicyReference?: CfnPermissionSet.CustomerManagedPolicyReferenceProperty | cdk.IResolvable; /** * The AWS managed policy ARN that you want to attach to a permission set as a permissions boundary. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sso-permissionset-permissionsboundary.html#cfn-sso-permissionset-permissionsboundary-managedpolicyarn */ readonly managedPolicyArn?: string; } } /** * Properties for defining a `CfnPermissionSet` * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-permissionset.html */ export interface CfnPermissionSetProps { /** * Specifies the names and paths of the customer managed policies that you have attached to your permission set. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-permissionset.html#cfn-sso-permissionset-customermanagedpolicyreferences */ readonly customerManagedPolicyReferences?: Array<CfnPermissionSet.CustomerManagedPolicyReferenceProperty | cdk.IResolvable> | cdk.IResolvable; /** * The description of the `PermissionSet` . * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-permissionset.html#cfn-sso-permissionset-description */ readonly description?: string; /** * The inline policy that is attached to the permission set. * * > For `Length Constraints` , if a valid ARN is provided for a permission set, it is possible for an empty inline policy to be returned. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-permissionset.html#cfn-sso-permissionset-inlinepolicy */ readonly inlinePolicy?: any | cdk.IResolvable; /** * The ARN of the instance under which the operation will be executed. * * For more information about ARNs, see [Amazon Resource Names (ARNs) and AWS Service Namespaces](https://docs.aws.amazon.com//general/latest/gr/aws-arns-and-namespaces.html) in the *AWS General Reference* . * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-permissionset.html#cfn-sso-permissionset-instancearn */ readonly instanceArn: string; /** * A structure that stores a list of managed policy ARNs that describe the associated AWS managed policy. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-permissionset.html#cfn-sso-permissionset-managedpolicies */ readonly managedPolicies?: Array<string>; /** * The name of the permission set. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-permissionset.html#cfn-sso-permissionset-name */ readonly name: string; /** * Specifies the configuration of the AWS managed or customer managed policy that you want to set as a permissions boundary. * * Specify either `CustomerManagedPolicyReference` to use the name and path of a customer managed policy, or `ManagedPolicyArn` to use the ARN of an AWS managed policy. A permissions boundary represents the maximum permissions that any policy can grant your role. For more information, see [Permissions boundaries for IAM entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html) in the *IAM User Guide* . * * > Policies used as permissions boundaries don't provide permissions. You must also attach an IAM policy to the role. To learn how the effective permissions for a role are evaluated, see [IAM JSON policy evaluation logic](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html) in the *IAM User Guide* . * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-permissionset.html#cfn-sso-permissionset-permissionsboundary */ readonly permissionsBoundary?: cdk.IResolvable | CfnPermissionSet.PermissionsBoundaryProperty; /** * Used to redirect users within the application during the federation authentication process. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-permissionset.html#cfn-sso-permissionset-relaystatetype */ readonly relayStateType?: string; /** * The length of time that the application user sessions are valid for in the ISO-8601 standard. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-permissionset.html#cfn-sso-permissionset-sessionduration */ readonly sessionDuration?: string; /** * The tags to attach to the new `PermissionSet` . * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-permissionset.html#cfn-sso-permissionset-tags */ readonly tags?: Array<cdk.CfnTag>; } /** * Creates an OAuth 2.0 customer managed application in IAM Identity Center for the given application provider. * * > This API does not support creating SAML 2.0 customer managed applications or AWS managed applications. To learn how to create an AWS managed application, see the application user guide. You can create a SAML 2.0 customer managed application in the AWS Management Console only. See [Setting up customer managed SAML 2.0 applications](https://docs.aws.amazon.com/singlesignon/latest/userguide/customermanagedapps-saml2-setup.html) . For more information on these application types, see [AWS managed applications](https://docs.aws.amazon.com/singlesignon/latest/userguide/awsapps.html) . * * @cloudformationResource AWS::SSO::Application * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-application.html */ export declare class CfnApplication extends cdk.CfnResource implements cdk.IInspectable, IApplicationRef, cdk.ITaggableV2 { /** * The CloudFormation resource type name for this resource class. */ static readonly CFN_RESOURCE_TYPE_NAME: string; /** * Build a CfnApplication from CloudFormation properties * * A factory method that creates a new instance of this class from an object * containing the CloudFormation properties of this resource. * Used in the @aws-cdk/cloudformation-include module. * * @internal */ static _fromCloudFormation(scope: constructs.Construct, id: string, resourceAttributes: any, options: cfn_parse.FromCloudFormationOptions): CfnApplication; /** * Checks whether the given object is a CfnApplication */ static isCfnApplication(x: any): x is CfnApplication; static arnForApplication(resource: IApplicationRef): string; /** * The ARN of the application provider for this application. */ private _applicationProviderArn; /** * Tag Manager which manages the tags for this resource */ readonly cdkTagManager: cdk.TagManager; /** * The description of the application. */ private _description?; /** * The ARN of the instance of IAM Identity Center that is configured with this application. */ private _instanceArn; /** * The name of the application. */ private _name; /** * A structure that describes the options for the access portal associated with this application. */ private _portalOptions?; /** * The current status of the application in this instance of IAM Identity Center. */ private _status?; /** * Specifies tags to be attached to the application. */ private _tags?; /** * Create a new `AWS::SSO::Application`. * * @param scope Scope in which this resource is defined * @param id Construct identifier for this resource (unique in its scope) * @param props Resource properties */ constructor(scope: constructs.Construct, id: string, props: CfnApplicationProps); get applicationRef(): ApplicationReference; /** * The ARN of the application provider for this application. */ get applicationProviderArn(): string; /** * The ARN of the application provider for this application. */ set applicationProviderArn(value: string); /** * The description of the application. */ get description(): string | undefined; /** * The description of the application. */ set description(value: string | undefined); /** * The ARN of the instance of IAM Identity Center that is configured with this application. */ get instanceArn(): string; /** * The ARN of the instance of IAM Identity Center that is configured with this application. */ set instanceArn(value: string); /** * The name of the application. */ get name(): string; /** * The name of the application. */ set name(value: string); /** * A structure that describes the options for the access portal associated with this application. */ get portalOptions(): cdk.IResolvable | CfnApplication.PortalOptionsConfigurationProperty | undefined; /** * A structure that describes the options for the access portal associated with this application. */ set portalOptions(value: cdk.IResolvable | CfnApplication.PortalOptionsConfigurationProperty | undefined); /** * The current status of the application in this instance of IAM Identity Center. */ get status(): string | undefined; /** * The current status of the application in this instance of IAM Identity Center. */ set status(value: string | undefined); /** * Specifies tags to be attached to the application. */ get tags(): Array<cdk.CfnTag> | undefined; /** * Specifies tags to be attached to the application. */ set tags(value: Array<cdk.CfnTag> | undefined); /** * The ARN of the application. * * @cloudformationAttribute ApplicationArn */ get attrApplicationArn(): string; protected get cfnProperties(): Record<string, any>; /** * Examines the CloudFormation resource and discloses attributes * * @param inspector tree inspector to collect and process attributes */ inspect(inspector: cdk.TreeInspector): void; protected renderProperties(props: Record<string, any>): Record<string, any>; } export declare namespace CfnApplication { /** * A structure that describes the options for the portal associated with an application. * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sso-application-portaloptionsconfiguration.html */ interface PortalOptionsConfigurationProperty { /** * A structure that describes the sign-in options for the access portal. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sso-application-portaloptionsconfiguration.html#cfn-sso-application-portaloptionsconfiguration-signinoptions */ readonly signInOptions?: cdk.IResolvable | CfnApplication.SignInOptionsProperty; /** * Indicates whether this application is visible in the access portal. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sso-application-portaloptionsconfiguration.html#cfn-sso-application-portaloptionsconfiguration-visibility */ readonly visibility?: string; } /** * A structure that describes the sign-in options for an application portal. * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sso-application-signinoptions.html */ interface SignInOptionsProperty { /** * The URL that accepts authentication requests for an application. * * This is a required parameter if the `Origin` parameter is `APPLICATION` . * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sso-application-signinoptions.html#cfn-sso-application-signinoptions-applicationurl */ readonly applicationUrl?: string; /** * This determines how IAM Identity Center navigates the user to the target application. * * It can be one of the following values: * * - `APPLICATION` : IAM Identity Center redirects the customer to the configured `ApplicationUrl` . * - `IDENTITY_CENTER` : IAM Identity Center uses SAML identity-provider initiated authentication to sign the customer directly into a SAML-based application. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sso-application-signinoptions.html#cfn-sso-application-signinoptions-origin */ readonly origin: string; } } /** * Properties for defining a `CfnApplication` * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-application.html */ export interface CfnApplicationProps { /** * The ARN of the application provider for this application. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-application.html#cfn-sso-application-applicationproviderarn */ readonly applicationProviderArn: string; /** * The description of the application. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-application.html#cfn-sso-application-description */ readonly description?: string; /** * The ARN of the instance of IAM Identity Center that is configured with this application. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-application.html#cfn-sso-application-instancearn */ readonly instanceArn: string; /** * The name of the application. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-application.html#cfn-sso-application-name */ readonly name: string; /** * A structure that describes the options for the access portal associated with this application. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-application.html#cfn-sso-application-portaloptions */ readonly portalOptions?: cdk.IResolvable | CfnApplication.PortalOptionsConfigurationProperty; /** * The current status of the application in this instance of IAM Identity Center. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-application.html#cfn-sso-application-status */ readonly status?: string; /** * Specifies tags to be attached to the application. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-application.html#cfn-sso-application-tags */ readonly tags?: Array<cdk.CfnTag>; } /** * A structure that describes an assignment of a principal to an application. * * @cloudformationResource AWS::SSO::ApplicationAssignment * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-applicationassignment.html */ export declare class CfnApplicationAssignment extends cdk.CfnResource implements cdk.IInspectable, IApplicationAssignmentRef { /** * The CloudFormation resource type name for this resource class. */ static readonly CFN_RESOURCE_TYPE_NAME: string; /** * Build a CfnApplicationAssignment from CloudFormation properties * * A factory method that creates a new instance of this class from an object * containing the CloudFormation properties of this resource. * Used in the @aws-cdk/cloudformation-include module. * * @internal */ static _fromCloudFormation(scope: constructs.Construct, id: string, resourceAttributes: any, options: cfn_parse.FromCloudFormationOptions): CfnApplicationAssignment; /** * Checks whether the given object is a CfnApplicationAssignment */ static isCfnApplicationAssignment(x: any): x is CfnApplicationAssignment; /** * The ARN of the application that has principals assigned. */ private _applicationArn; /** * The unique identifier of the principal assigned to the application. */ private _principalId; /** * The type of the principal assigned to the application. */ private _principalType; /** * Create a new `AWS::SSO::ApplicationAssignment`. * * @param scope Scope in which this resource is defined * @param id Construct identifier for this resource (unique in its scope) * @param props Resource properties */ constructor(scope: constructs.Construct, id: string, props: CfnApplicationAssignmentProps); get applicationAssignmentRef(): ApplicationAssignmentReference; /** * The ARN of the application that has principals assigned. */ get applicationArn(): string; /** * The ARN of the application that has principals assigned. */ set applicationArn(value: string); /** * The unique identifier of the principal assigned to the application. */ get principalId(): string; /** * The unique identifier of the principal assigned to the application. */ set principalId(value: string); /** * The type of the principal assigned to the application. */ get principalType(): string; /** * The type of the principal assigned to the application. */ set principalType(value: string); protected get cfnProperties(): Record<string, any>; /** * Examines the CloudFormation resource and discloses attributes * * @param inspector tree inspector to collect and process attributes */ inspect(inspector: cdk.TreeInspector): void; protected renderProperties(props: Record<string, any>): Record<string, any>; } /** * Properties for defining a `CfnApplicationAssignment` * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-applicationassignment.html */ export interface CfnApplicationAssignmentProps { /** * The ARN of the application that has principals assigned. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-applicationassignment.html#cfn-sso-applicationassignment-applicationarn */ readonly applicationArn: string; /** * The unique identifier of the principal assigned to the application. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-applicationassignment.html#cfn-sso-applicationassignment-principalid */ readonly principalId: string; /** * The type of the principal assigned to the application. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-applicationassignment.html#cfn-sso-applicationassignment-principaltype */ readonly principalType: string; } /** * Creates an instance of IAM Identity Center for a standalone AWS account that is not managed by AWS Organizations or a member AWS account in an organization. * * You can create only one instance per account and across all AWS Regions . * * The CreateInstance request is rejected if the following apply: * * - The instance is created within the organization management account. * - An instance already exists in the same account. * * @cloudformationResource AWS::SSO::Instance * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-instance.html */ export declare class CfnInstance extends cdk.CfnResource implements cdk.IInspectable, IInstanceRef, cdk.ITaggableV2 { /** * The CloudFormation resource type name for this resource class. */ static readonly CFN_RESOURCE_TYPE_NAME: string; /** * Build a CfnInstance from CloudFormation properties * * A factory method that creates a new instance of this class from an object * containing the CloudFormation properties of this resource. * Used in the @aws-cdk/cloudformation-include module. * * @internal */ static _fromCloudFormation(scope: constructs.Construct, id: string, resourceAttributes: any, options: cfn_parse.FromCloudFormationOptions): CfnInstance; /** * Checks whether the given object is a CfnInstance */ static isCfnInstance(x: any): x is CfnInstance; static arnForInstance(resource: IInstanceRef): string; /** * Tag Manager which manages the tags for this resource */ readonly cdkTagManager: cdk.TagManager; /** * The name of the Identity Center instance. */ private _name?; /** * Specifies tags to be attached to the instance of IAM Identity Center. */ private _tags?; /** * Create a new `AWS::SSO::Instance`. * * @param scope Scope in which this resource is defined * @param id Construct identifier for this resource (unique in its scope) * @param props Resource properties */ constructor(scope: constructs.Construct, id: string, props?: CfnInstanceProps); get instanceRef(): InstanceReference; /** * The name of the Identity Center instance. */ get name(): string | undefined; /** * The name of the Identity Center instance. */ set name(value: string | undefined); /** * Specifies tags to be attached to the instance of IAM Identity Center. */ get tags(): Array<cdk.CfnTag> | undefined; /** * Specifies tags to be attached to the instance of IAM Identity Center. */ set tags(value: Array<cdk.CfnTag> | undefined); /** * The identifier of the identity store that is connected to the Identity Center instance. * * @cloudformationAttribute IdentityStoreId */ get attrIdentityStoreId(): string; /** * The ARN of the Identity Center instance under which the operation will be executed. For more information about ARNs, see [Amazon Resource * Names (ARNs) and AWS Service Namespaces](https://docs.aws.amazon.com//general/latest/gr/aws-arns-and-namespaces.html) in the *AWS General Reference* . * * @cloudformationAttribute InstanceArn */ g