@renovosolutions/cdk-library-aws-sso v0.1.150
CDK Library for AWS SSO
Note: This construct library is currently being developed and requires more tests, but fundamentally it should work.
This CDK library provides L2 constructs for the AWS SSO CfnPermissionSet and CfnAssignment. Assignment is not consumed by other resources so it's attributes and properties are minimal, but a L2 construct makes it easier to interact with and allows providing a more fully featured construct for the Permission Set and assignment requires.
Features
- L2 Construct for
PermissionSet
including importing from ARN and granting the permission - L2 Construct for
Assignment
- Some enums to provide valid inputs for certain properties
API Doc
See API
Examples
PermissionSet
import { PermissionSet, Assignment, PrincipalTypes } from '@renovosolutions/cdk-library-aws-sso';
import {
App,
Stack,
StackProps,
aws_sso as sso,
aws_iam as iam,
Duration,
} from 'aws-cdk-lib';
// create a permission set
const permissionSetExample = new PermissionSet(this, 'permissionSet', {
ssoInstanceArn: 'arn:aws:sso:::instance/ssoins-1234567891234567',
name: 'ExamplePermissionSet',
description: 'Example permission set with some policies',
awsManagedPolicies: [
iam.ManagedPolicy.fromAwsManagedPolicyName('job-function/ViewOnlyAccess'),
],
customerManagedPolicyReferences: [
{
name: 'someServiceLogRead', // must exist in the target account
path: '/',
}
],
relayStateType: 'https://us-east-1.console.aws.amazon.com/cloudwatch/home'
})
// assign it to an account/principal with an Assignment
new Assignment(this, 'ExampleAssignment', {
permissionSet: permissionSetExample,
principal: {
principalId: '25750630-0ae9-479a-97c2-0afc2d5b4eac,
principalType: PrincipalTypes.GROUP,
},
targetId: '124567890123456',
});
// assign it to something else with a grant
permissionSetExample.grant('permissionSetExampleAssignment', {
principal: {
principalId: '12350630-0ae9-479a-97c2-0afc2d5b4eac',
principalType: PrincipalTypes.GROUP,
},
targetId: '344567890123456',
});
// import an existing permission set
const existingPermissionSetExample = PermissionSet.fromPermissionSetArn(this, 'existingPermissionSetExample', 'arn:aws:sso:::permissionSet/ssoins-1234567891234567/ps-55a5555a5a55ab55');
27 days ago
10 months ago
10 months ago
1 year ago
1 year ago
11 months ago
11 months ago
1 year ago
1 year ago
11 months ago
12 months ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
2 years ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago