Docs
PackagesTry AWS Native preview for resources not in the classic version.
AWS Classic v6.42.0 published on Wednesday, Jun 26, 2024 by Pulumi
aws.ssoadmin.AccountAssignment
Explore with Pulumi AI
Try AWS Native preview for resources not in the classic version.
AWS Classic v6.42.0 published on Wednesday, Jun 26, 2024 by Pulumi
Provides a Single Sign-On (SSO) Account Assignment resource
Example Usage
Basic Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = aws.ssoadmin.getInstances({});
const exampleGetPermissionSet = example.then(example => aws.ssoadmin.getPermissionSet({
instanceArn: example.arns?.[0],
name: "AWSReadOnlyAccess",
}));
const exampleGetGroup = example.then(example => aws.identitystore.getGroup({
identityStoreId: example.identityStoreIds?.[0],
alternateIdentifier: {
uniqueAttribute: {
attributePath: "DisplayName",
attributeValue: "ExampleGroup",
},
},
}));
const exampleAccountAssignment = new aws.ssoadmin.AccountAssignment("example", {
instanceArn: example.then(example => example.arns?.[0]),
permissionSetArn: exampleGetPermissionSet.then(exampleGetPermissionSet => exampleGetPermissionSet.arn),
principalId: exampleGetGroup.then(exampleGetGroup => exampleGetGroup.groupId),
principalType: "GROUP",
targetId: "123456789012",
targetType: "AWS_ACCOUNT",
});
import pulumi
import pulumi_aws as aws
example = aws.ssoadmin.get_instances()
example_get_permission_set = aws.ssoadmin.get_permission_set(instance_arn=example.arns[0],
name="AWSReadOnlyAccess")
example_get_group = aws.identitystore.get_group(identity_store_id=example.identity_store_ids[0],
alternate_identifier={
"uniqueAttribute": {
"attributePath": "DisplayName",
"attributeValue": "ExampleGroup",
},
})
example_account_assignment = aws.ssoadmin.AccountAssignment("example",
instance_arn=example.arns[0],
permission_set_arn=example_get_permission_set.arn,
principal_id=example_get_group.group_id,
principal_type="GROUP",
target_id="123456789012",
target_type="AWS_ACCOUNT")
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/identitystore"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ssoadmin"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := ssoadmin.GetInstances(ctx, nil, nil)
if err != nil {
return err
}
exampleGetPermissionSet, err := ssoadmin.LookupPermissionSet(ctx, &ssoadmin.LookupPermissionSetArgs{
InstanceArn: example.Arns[0],
Name: pulumi.StringRef("AWSReadOnlyAccess"),
}, nil)
if err != nil {
return err
}
exampleGetGroup, err := identitystore.LookupGroup(ctx, &identitystore.LookupGroupArgs{
IdentityStoreId: example.IdentityStoreIds[0],
AlternateIdentifier: identitystore.GetGroupAlternateIdentifier{
UniqueAttribute: identitystore.GetGroupAlternateIdentifierUniqueAttribute{
AttributePath: "DisplayName",
AttributeValue: "ExampleGroup",
},
},
}, nil)
if err != nil {
return err
}
_, err = ssoadmin.NewAccountAssignment(ctx, "example", &ssoadmin.AccountAssignmentArgs{
InstanceArn: pulumi.String(example.Arns[0]),
PermissionSetArn: pulumi.String(exampleGetPermissionSet.Arn),
PrincipalId: pulumi.String(exampleGetGroup.GroupId),
PrincipalType: pulumi.String("GROUP"),
TargetId: pulumi.String("123456789012"),
TargetType: pulumi.String("AWS_ACCOUNT"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = Aws.SsoAdmin.GetInstances.Invoke();
var exampleGetPermissionSet = Aws.SsoAdmin.GetPermissionSet.Invoke(new()
{
InstanceArn = example.Apply(getInstancesResult => getInstancesResult.Arns[0]),
Name = "AWSReadOnlyAccess",
});
var exampleGetGroup = Aws.IdentityStore.GetGroup.Invoke(new()
{
IdentityStoreId = example.Apply(getInstancesResult => getInstancesResult.IdentityStoreIds[0]),
AlternateIdentifier = new Aws.IdentityStore.Inputs.GetGroupAlternateIdentifierInputArgs
{
UniqueAttribute = new Aws.IdentityStore.Inputs.GetGroupAlternateIdentifierUniqueAttributeInputArgs
{
AttributePath = "DisplayName",
AttributeValue = "ExampleGroup",
},
},
});
var exampleAccountAssignment = new Aws.SsoAdmin.AccountAssignment("example", new()
{
InstanceArn = example.Apply(getInstancesResult => getInstancesResult.Arns[0]),
PermissionSetArn = exampleGetPermissionSet.Apply(getPermissionSetResult => getPermissionSetResult.Arn),
PrincipalId = exampleGetGroup.Apply(getGroupResult => getGroupResult.GroupId),
PrincipalType = "GROUP",
TargetId = "123456789012",
TargetType = "AWS_ACCOUNT",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.ssoadmin.SsoadminFunctions;
import com.pulumi.aws.ssoadmin.inputs.GetPermissionSetArgs;
import com.pulumi.aws.identitystore.IdentitystoreFunctions;
import com.pulumi.aws.identitystore.inputs.GetGroupArgs;
import com.pulumi.aws.identitystore.inputs.GetGroupAlternateIdentifierArgs;
import com.pulumi.aws.identitystore.inputs.GetGroupAlternateIdentifierUniqueAttributeArgs;
import com.pulumi.aws.ssoadmin.AccountAssignment;
import com.pulumi.aws.ssoadmin.AccountAssignmentArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var example = SsoadminFunctions.getInstances();
final var exampleGetPermissionSet = SsoadminFunctions.getPermissionSet(GetPermissionSetArgs.builder()
.instanceArn(example.applyValue(getInstancesResult -> getInstancesResult.arns()[0]))
.name("AWSReadOnlyAccess")
.build());
final var exampleGetGroup = IdentitystoreFunctions.getGroup(GetGroupArgs.builder()
.identityStoreId(example.applyValue(getInstancesResult -> getInstancesResult.identityStoreIds()[0]))
.alternateIdentifier(GetGroupAlternateIdentifierArgs.builder()
.uniqueAttribute(GetGroupAlternateIdentifierUniqueAttributeArgs.builder()
.attributePath("DisplayName")
.attributeValue("ExampleGroup")
.build())
.build())
.build());
var exampleAccountAssignment = new AccountAssignment("exampleAccountAssignment", AccountAssignmentArgs.builder()
.instanceArn(example.applyValue(getInstancesResult -> getInstancesResult.arns()[0]))
.permissionSetArn(exampleGetPermissionSet.applyValue(getPermissionSetResult -> getPermissionSetResult.arn()))
.principalId(exampleGetGroup.applyValue(getGroupResult -> getGroupResult.groupId()))
.principalType("GROUP")
.targetId("123456789012")
.targetType("AWS_ACCOUNT")
.build());
}
}
resources:
exampleAccountAssignment:
type: aws:ssoadmin:AccountAssignment
name: example
properties:
instanceArn: ${example.arns[0]}
permissionSetArn: ${exampleGetPermissionSet.arn}
principalId: ${exampleGetGroup.groupId}
principalType: GROUP
targetId: '123456789012'
targetType: AWS_ACCOUNT
variables:
example:
fn::invoke:
Function: aws:ssoadmin:getInstances
Arguments: {}
exampleGetPermissionSet:
fn::invoke:
Function: aws:ssoadmin:getPermissionSet
Arguments:
instanceArn: ${example.arns[0]}
name: AWSReadOnlyAccess
exampleGetGroup:
fn::invoke:
Function: aws:identitystore:getGroup
Arguments:
identityStoreId: ${example.identityStoreIds[0]}
alternateIdentifier:
uniqueAttribute:
attributePath: DisplayName
attributeValue: ExampleGroup
With Managed Policy Attachment
Because destruction of a managed policy attachment resource also re-provisions the associated permission set to all accounts, explicitly indicating the dependency with the account assignment resource via the
depends_onmeta argument is necessary to ensure proper deletion order when these resources are used together.
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = aws.ssoadmin.getInstances({});
const examplePermissionSet = new aws.ssoadmin.PermissionSet("example", {
name: "Example",
instanceArn: example.then(example => example.arns?.[0]),
});
const exampleGroup = new aws.identitystore.Group("example", {
identityStoreId: example.then(example => example.identityStoreIds?.[0]),
displayName: "Admin",
description: "Admin Group",
});
const accountAssignment = new aws.ssoadmin.AccountAssignment("account_assignment", {
instanceArn: example.then(example => example.arns?.[0]),
permissionSetArn: examplePermissionSet.arn,
principalId: exampleGroup.groupId,
principalType: "GROUP",
targetId: "123456789012",
targetType: "AWS_ACCOUNT",
});
const exampleManagedPolicyAttachment = new aws.ssoadmin.ManagedPolicyAttachment("example", {
instanceArn: example.then(example => example.arns?.[0]),
managedPolicyArn: "arn:aws:iam::aws:policy/AlexaForBusinessDeviceSetup",
permissionSetArn: examplePermissionSet.arn,
}, {
dependsOn: [exampleAwsSsoadminAccountAssignment],
});
import pulumi
import pulumi_aws as aws
example = aws.ssoadmin.get_instances()
example_permission_set = aws.ssoadmin.PermissionSet("example",
name="Example",
instance_arn=example.arns[0])
example_group = aws.identitystore.Group("example",
identity_store_id=example.identity_store_ids[0],
display_name="Admin",
description="Admin Group")
account_assignment = aws.ssoadmin.AccountAssignment("account_assignment",
instance_arn=example.arns[0],
permission_set_arn=example_permission_set.arn,
principal_id=example_group.group_id,
principal_type="GROUP",
target_id="123456789012",
target_type="AWS_ACCOUNT")
example_managed_policy_attachment = aws.ssoadmin.ManagedPolicyAttachment("example",
instance_arn=example.arns[0],
managed_policy_arn="arn:aws:iam::aws:policy/AlexaForBusinessDeviceSetup",
permission_set_arn=example_permission_set.arn,
opts = pulumi.ResourceOptions(depends_on=[example_aws_ssoadmin_account_assignment]))
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/identitystore"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ssoadmin"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := ssoadmin.GetInstances(ctx, nil, nil)
if err != nil {
return err
}
examplePermissionSet, err := ssoadmin.NewPermissionSet(ctx, "example", &ssoadmin.PermissionSetArgs{
Name: pulumi.String("Example"),
InstanceArn: pulumi.String(example.Arns[0]),
})
if err != nil {
return err
}
exampleGroup, err := identitystore.NewGroup(ctx, "example", &identitystore.GroupArgs{
IdentityStoreId: pulumi.String(example.IdentityStoreIds[0]),
DisplayName: pulumi.String("Admin"),
Description: pulumi.String("Admin Group"),
})
if err != nil {
return err
}
_, err = ssoadmin.NewAccountAssignment(ctx, "account_assignment", &ssoadmin.AccountAssignmentArgs{
InstanceArn: pulumi.String(example.Arns[0]),
PermissionSetArn: examplePermissionSet.Arn,
PrincipalId: exampleGroup.GroupId,
PrincipalType: pulumi.String("GROUP"),
TargetId: pulumi.String("123456789012"),
TargetType: pulumi.String("AWS_ACCOUNT"),
})
if err != nil {
return err
}
_, err = ssoadmin.NewManagedPolicyAttachment(ctx, "example", &ssoadmin.ManagedPolicyAttachmentArgs{
InstanceArn: pulumi.String(example.Arns[0]),
ManagedPolicyArn: pulumi.String("arn:aws:iam::aws:policy/AlexaForBusinessDeviceSetup"),
PermissionSetArn: examplePermissionSet.Arn,
}, pulumi.DependsOn([]pulumi.Resource{
exampleAwsSsoadminAccountAssignment,
}))
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = Aws.SsoAdmin.GetInstances.Invoke();
var examplePermissionSet = new Aws.SsoAdmin.PermissionSet("example", new()
{
Name = "Example",
InstanceArn = example.Apply(getInstancesResult => getInstancesResult.Arns[0]),
});
var exampleGroup = new Aws.IdentityStore.Group("example", new()
{
IdentityStoreId = example.Apply(getInstancesResult => getInstancesResult.IdentityStoreIds[0]),
DisplayName = "Admin",
Description = "Admin Group",
});
var accountAssignment = new Aws.SsoAdmin.AccountAssignment("account_assignment", new()
{
InstanceArn = example.Apply(getInstancesResult => getInstancesResult.Arns[0]),
PermissionSetArn = examplePermissionSet.Arn,
PrincipalId = exampleGroup.GroupId,
PrincipalType = "GROUP",
TargetId = "123456789012",
TargetType = "AWS_ACCOUNT",
});
var exampleManagedPolicyAttachment = new Aws.SsoAdmin.ManagedPolicyAttachment("example", new()
{
InstanceArn = example.Apply(getInstancesResult => getInstancesResult.Arns[0]),
ManagedPolicyArn = "arn:aws:iam::aws:policy/AlexaForBusinessDeviceSetup",
PermissionSetArn = examplePermissionSet.Arn,
}, new CustomResourceOptions
{
DependsOn =
{
exampleAwsSsoadminAccountAssignment,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.ssoadmin.SsoadminFunctions;
import com.pulumi.aws.ssoadmin.PermissionSet;
import com.pulumi.aws.ssoadmin.PermissionSetArgs;
import com.pulumi.aws.identitystore.Group;
import com.pulumi.aws.identitystore.GroupArgs;
import com.pulumi.aws.ssoadmin.AccountAssignment;
import com.pulumi.aws.ssoadmin.AccountAssignmentArgs;
import com.pulumi.aws.ssoadmin.ManagedPolicyAttachment;
import com.pulumi.aws.ssoadmin.ManagedPolicyAttachmentArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var example = SsoadminFunctions.getInstances();
var examplePermissionSet = new PermissionSet("examplePermissionSet", PermissionSetArgs.builder()
.name("Example")
.instanceArn(example.applyValue(getInstancesResult -> getInstancesResult.arns()[0]))
.build());
var exampleGroup = new Group("exampleGroup", GroupArgs.builder()
.identityStoreId(example.applyValue(getInstancesResult -> getInstancesResult.identityStoreIds()[0]))
.displayName("Admin")
.description("Admin Group")
.build());
var accountAssignment = new AccountAssignment("accountAssignment", AccountAssignmentArgs.builder()
.instanceArn(example.applyValue(getInstancesResult -> getInstancesResult.arns()[0]))
.permissionSetArn(examplePermissionSet.arn())
.principalId(exampleGroup.groupId())
.principalType("GROUP")
.targetId("123456789012")
.targetType("AWS_ACCOUNT")
.build());
var exampleManagedPolicyAttachment = new ManagedPolicyAttachment("exampleManagedPolicyAttachment", ManagedPolicyAttachmentArgs.builder()
.instanceArn(example.applyValue(getInstancesResult -> getInstancesResult.arns()[0]))
.managedPolicyArn("arn:aws:iam::aws:policy/AlexaForBusinessDeviceSetup")
.permissionSetArn(examplePermissionSet.arn())
.build(), CustomResourceOptions.builder()
.dependsOn(exampleAwsSsoadminAccountAssignment)
.build());
}
}
resources:
examplePermissionSet:
type: aws:ssoadmin:PermissionSet
name: example
properties:
name: Example
instanceArn: ${example.arns[0]}
exampleGroup:
type: aws:identitystore:Group
name: example
properties:
identityStoreId: ${example.identityStoreIds[0]}
displayName: Admin
description: Admin Group
accountAssignment:
type: aws:ssoadmin:AccountAssignment
name: account_assignment
properties:
instanceArn: ${example.arns[0]}
permissionSetArn: ${examplePermissionSet.arn}
principalId: ${exampleGroup.groupId}
principalType: GROUP
targetId: '123456789012'
targetType: AWS_ACCOUNT
exampleManagedPolicyAttachment:
type: aws:ssoadmin:ManagedPolicyAttachment
name: example
properties:
instanceArn: ${example.arns[0]}
managedPolicyArn: arn:aws:iam::aws:policy/AlexaForBusinessDeviceSetup
permissionSetArn: ${examplePermissionSet.arn}
options:
dependson:
- ${exampleAwsSsoadminAccountAssignment}
variables:
example:
fn::invoke:
Function: aws:ssoadmin:getInstances
Arguments: {}
Create AccountAssignment Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new AccountAssignment(name: string, args: AccountAssignmentArgs, opts?: CustomResourceOptions);@overload
def AccountAssignment(resource_name: str,
args: AccountAssignmentArgs,
opts: Optional[ResourceOptions] = None)
@overload
def AccountAssignment(resource_name: str,
opts: Optional[ResourceOptions] = None,
instance_arn: Optional[str] = None,
permission_set_arn: Optional[str] = None,
principal_id: Optional[str] = None,
principal_type: Optional[str] = None,
target_id: Optional[str] = None,
target_type: Optional[str] = None)func NewAccountAssignment(ctx *Context, name string, args AccountAssignmentArgs, opts ...ResourceOption) (*AccountAssignment, error)public AccountAssignment(string name, AccountAssignmentArgs args, CustomResourceOptions? opts = null)
public AccountAssignment(String name, AccountAssignmentArgs args)
public AccountAssignment(String name, AccountAssignmentArgs args, CustomResourceOptions options)
type: aws:ssoadmin:AccountAssignment
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args AccountAssignmentArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args AccountAssignmentArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args AccountAssignmentArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args AccountAssignmentArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args AccountAssignmentArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var accountAssignmentResource = new Aws.SsoAdmin.AccountAssignment("accountAssignmentResource", new()
{
InstanceArn = "string",
PermissionSetArn = "string",
PrincipalId = "string",
PrincipalType = "string",
TargetId = "string",
TargetType = "string",
});
example, err := ssoadmin.NewAccountAssignment(ctx, "accountAssignmentResource", &ssoadmin.AccountAssignmentArgs{
InstanceArn: pulumi.String("string"),
PermissionSetArn: pulumi.String("string"),
PrincipalId: pulumi.String("string"),
PrincipalType: pulumi.String("string"),
TargetId: pulumi.String("string"),
TargetType: pulumi.String("string"),
})
var accountAssignmentResource = new AccountAssignment("accountAssignmentResource", AccountAssignmentArgs.builder()
.instanceArn("string")
.permissionSetArn("string")
.principalId("string")
.principalType("string")
.targetId("string")
.targetType("string")
.build());
account_assignment_resource = aws.ssoadmin.AccountAssignment("accountAssignmentResource",
instance_arn="string",
permission_set_arn="string",
principal_id="string",
principal_type="string",
target_id="string",
target_type="string")
const accountAssignmentResource = new aws.ssoadmin.AccountAssignment("accountAssignmentResource", {
instanceArn: "string",
permissionSetArn: "string",
principalId: "string",
principalType: "string",
targetId: "string",
targetType: "string",
});
type: aws:ssoadmin:AccountAssignment
properties:
instanceArn: string
permissionSetArn: string
principalId: string
principalType: string
targetId: string
targetType: string
AccountAssignment Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The AccountAssignment resource accepts the following input properties:
- Instance
Arn string - The Amazon Resource Name (ARN) of the SSO Instance.
- Permission
Set stringArn - The Amazon Resource Name (ARN) of the Permission Set that the admin wants to grant the principal access to.
- Principal
Id string - An identifier for an object in SSO, such as a user or group. PrincipalIds are GUIDs (For example,
f81d4fae-7dec-11d0-a765-00a0c91e6bf6). - Principal
Type string - The entity type for which the assignment will be created. Valid values:
USER,GROUP. - Target
Id string - An AWS account identifier, typically a 10-12 digit string.
- Target
Type string - The entity type for which the assignment will be created. Valid values:
AWS_ACCOUNT.
- Instance
Arn string - The Amazon Resource Name (ARN) of the SSO Instance.
- Permission
Set stringArn - The Amazon Resource Name (ARN) of the Permission Set that the admin wants to grant the principal access to.
- Principal
Id string - An identifier for an object in SSO, such as a user or group. PrincipalIds are GUIDs (For example,
f81d4fae-7dec-11d0-a765-00a0c91e6bf6). - Principal
Type string - The entity type for which the assignment will be created. Valid values:
USER,GROUP. - Target
Id string - An AWS account identifier, typically a 10-12 digit string.
- Target
Type string - The entity type for which the assignment will be created. Valid values:
AWS_ACCOUNT.
- instance
Arn String - The Amazon Resource Name (ARN) of the SSO Instance.
- permission
Set StringArn - The Amazon Resource Name (ARN) of the Permission Set that the admin wants to grant the principal access to.
- principal
Id String - An identifier for an object in SSO, such as a user or group. PrincipalIds are GUIDs (For example,
f81d4fae-7dec-11d0-a765-00a0c91e6bf6). - principal
Type String - The entity type for which the assignment will be created. Valid values:
USER,GROUP. - target
Id String - An AWS account identifier, typically a 10-12 digit string.
- target
Type String - The entity type for which the assignment will be created. Valid values:
AWS_ACCOUNT.
- instance
Arn string - The Amazon Resource Name (ARN) of the SSO Instance.
- permission
Set stringArn - The Amazon Resource Name (ARN) of the Permission Set that the admin wants to grant the principal access to.
- principal
Id string - An identifier for an object in SSO, such as a user or group. PrincipalIds are GUIDs (For example,
f81d4fae-7dec-11d0-a765-00a0c91e6bf6). - principal
Type string - The entity type for which the assignment will be created. Valid values:
USER,GROUP. - target
Id string - An AWS account identifier, typically a 10-12 digit string.
- target
Type string - The entity type for which the assignment will be created. Valid values:
AWS_ACCOUNT.
- instance_
arn str - The Amazon Resource Name (ARN) of the SSO Instance.
- permission_
set_ strarn - The Amazon Resource Name (ARN) of the Permission Set that the admin wants to grant the principal access to.
- principal_
id str - An identifier for an object in SSO, such as a user or group. PrincipalIds are GUIDs (For example,
f81d4fae-7dec-11d0-a765-00a0c91e6bf6). - principal_
type str - The entity type for which the assignment will be created. Valid values:
USER,GROUP. - target_
id str - An AWS account identifier, typically a 10-12 digit string.
- target_
type str - The entity type for which the assignment will be created. Valid values:
AWS_ACCOUNT.
- instance
Arn String - The Amazon Resource Name (ARN) of the SSO Instance.
- permission
Set StringArn - The Amazon Resource Name (ARN) of the Permission Set that the admin wants to grant the principal access to.
- principal
Id String - An identifier for an object in SSO, such as a user or group. PrincipalIds are GUIDs (For example,
f81d4fae-7dec-11d0-a765-00a0c91e6bf6). - principal
Type String - The entity type for which the assignment will be created. Valid values:
USER,GROUP. - target
Id String - An AWS account identifier, typically a 10-12 digit string.
- target
Type String - The entity type for which the assignment will be created. Valid values:
AWS_ACCOUNT.
Outputs
All input properties are implicitly available as output properties. Additionally, the AccountAssignment resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing AccountAssignment Resource
Get an existing AccountAssignment resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: AccountAssignmentState, opts?: CustomResourceOptions): AccountAssignment@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
instance_arn: Optional[str] = None,
permission_set_arn: Optional[str] = None,
principal_id: Optional[str] = None,
principal_type: Optional[str] = None,
target_id: Optional[str] = None,
target_type: Optional[str] = None) -> AccountAssignmentfunc GetAccountAssignment(ctx *Context, name string, id IDInput, state *AccountAssignmentState, opts ...ResourceOption) (*AccountAssignment, error)public static AccountAssignment Get(string name, Input<string> id, AccountAssignmentState? state, CustomResourceOptions? opts = null)public static AccountAssignment get(String name, Output<String> id, AccountAssignmentState state, CustomResourceOptions options)Resource lookup is not supported in YAML- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Instance
Arn string - The Amazon Resource Name (ARN) of the SSO Instance.
- Permission
Set stringArn - The Amazon Resource Name (ARN) of the Permission Set that the admin wants to grant the principal access to.
- Principal
Id string - An identifier for an object in SSO, such as a user or group. PrincipalIds are GUIDs (For example,
f81d4fae-7dec-11d0-a765-00a0c91e6bf6). - Principal
Type string - The entity type for which the assignment will be created. Valid values:
USER,GROUP. - Target
Id string - An AWS account identifier, typically a 10-12 digit string.
- Target
Type string - The entity type for which the assignment will be created. Valid values:
AWS_ACCOUNT.
- Instance
Arn string - The Amazon Resource Name (ARN) of the SSO Instance.
- Permission
Set stringArn - The Amazon Resource Name (ARN) of the Permission Set that the admin wants to grant the principal access to.
- Principal
Id string - An identifier for an object in SSO, such as a user or group. PrincipalIds are GUIDs (For example,
f81d4fae-7dec-11d0-a765-00a0c91e6bf6). - Principal
Type string - The entity type for which the assignment will be created. Valid values:
USER,GROUP. - Target
Id string - An AWS account identifier, typically a 10-12 digit string.
- Target
Type string - The entity type for which the assignment will be created. Valid values:
AWS_ACCOUNT.
- instance
Arn String - The Amazon Resource Name (ARN) of the SSO Instance.
- permission
Set StringArn - The Amazon Resource Name (ARN) of the Permission Set that the admin wants to grant the principal access to.
- principal
Id String - An identifier for an object in SSO, such as a user or group. PrincipalIds are GUIDs (For example,
f81d4fae-7dec-11d0-a765-00a0c91e6bf6). - principal
Type String - The entity type for which the assignment will be created. Valid values:
USER,GROUP. - target
Id String - An AWS account identifier, typically a 10-12 digit string.
- target
Type String - The entity type for which the assignment will be created. Valid values:
AWS_ACCOUNT.
- instance
Arn string - The Amazon Resource Name (ARN) of the SSO Instance.
- permission
Set stringArn - The Amazon Resource Name (ARN) of the Permission Set that the admin wants to grant the principal access to.
- principal
Id string - An identifier for an object in SSO, such as a user or group. PrincipalIds are GUIDs (For example,
f81d4fae-7dec-11d0-a765-00a0c91e6bf6). - principal
Type string - The entity type for which the assignment will be created. Valid values:
USER,GROUP. - target
Id string - An AWS account identifier, typically a 10-12 digit string.
- target
Type string - The entity type for which the assignment will be created. Valid values:
AWS_ACCOUNT.
- instance_
arn str - The Amazon Resource Name (ARN) of the SSO Instance.
- permission_
set_ strarn - The Amazon Resource Name (ARN) of the Permission Set that the admin wants to grant the principal access to.
- principal_
id str - An identifier for an object in SSO, such as a user or group. PrincipalIds are GUIDs (For example,
f81d4fae-7dec-11d0-a765-00a0c91e6bf6). - principal_
type str - The entity type for which the assignment will be created. Valid values:
USER,GROUP. - target_
id str - An AWS account identifier, typically a 10-12 digit string.
- target_
type str - The entity type for which the assignment will be created. Valid values:
AWS_ACCOUNT.
- instance
Arn String - The Amazon Resource Name (ARN) of the SSO Instance.
- permission
Set StringArn - The Amazon Resource Name (ARN) of the Permission Set that the admin wants to grant the principal access to.
- principal
Id String - An identifier for an object in SSO, such as a user or group. PrincipalIds are GUIDs (For example,
f81d4fae-7dec-11d0-a765-00a0c91e6bf6). - principal
Type String - The entity type for which the assignment will be created. Valid values:
USER,GROUP. - target
Id String - An AWS account identifier, typically a 10-12 digit string.
- target
Type String - The entity type for which the assignment will be created. Valid values:
AWS_ACCOUNT.
Import
Using pulumi import, import SSO Account Assignments using the principal_id, principal_type, target_id, target_type, permission_set_arn, instance_arn separated by commas (,). For example:
$ pulumi import aws:ssoadmin/accountAssignment:AccountAssignment example f81d4fae-7dec-11d0-a765-00a0c91e6bf6,GROUP,1234567890,AWS_ACCOUNT,arn:aws:sso:::permissionSet/ssoins-0123456789abcdef/ps-0123456789abcdef,arn:aws:sso:::instance/ssoins-0123456789abcdef
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- AWS Classic pulumi/pulumi-aws
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
awsTerraform Provider.
Try AWS Native preview for resources not in the classic version.
AWS Classic v6.42.0 published on Wednesday, Jun 26, 2024 by Pulumi