AWS CDK Construct Library for AWS SSO
Project description
CDK Library for AWS SSO
Note: This construct library is currently being developed and requires more tests, but fundamentally it should work.
This CDK library provides L2 constructs for the AWS SSO CfnPermissionSet and CfnAssignment. Assignment is not consumed by other resources so it's attributes and properties are minimal, but a L2 construct makes it easier to interact with and allows providing a more fully featured construct for the Permission Set and assignment requires.
Features
- L2 Construct for
PermissionSetincluding importing from ARN and granting the permission - L2 Construct for
Assignment - Some enums to provide valid inputs for certain properties
API Doc
See API
Examples
PermissionSet
import { PermissionSet, Assignment, PrincipalTypes } from '@renovosolutions/cdk-library-aws-sso';
import {
App,
Stack,
StackProps,
aws_sso as sso,
aws_iam as iam,
Duration,
} from 'aws-cdk-lib';
// create a permission set
const permissionSetExample = new PermissionSet(this, 'permissionSet', {
ssoInstanceArn: 'arn:aws:sso:::instance/ssoins-1234567891234567',
name: 'ExamplePermissionSet',
description: 'Example permission set with some policies',
awsManagedPolicies: [
iam.ManagedPolicy.fromAwsManagedPolicyName('job-function/ViewOnlyAccess'),
],
customerManagedPolicyReferences: [
{
name: 'someServiceLogRead', // must exist in the target account
path: '/',
}
],
relayStateType: 'https://us-east-1.console.aws.amazon.com/cloudwatch/home'
})
// assign it to an account/principal with an Assignment
new Assignment(this, 'ExampleAssignment', {
permissionSet: permissionSetExample,
principal: {
principalId: '25750630-0ae9-479a-97c2-0afc2d5b4eac,
principalType: PrincipalTypes.GROUP,
},
targetId: '124567890123456',
});
// assign it to something else with a grant
permissionSetExample.grant('permissionSetExampleAssignment', {
principal: {
principalId: '12350630-0ae9-479a-97c2-0afc2d5b4eac',
principalType: PrincipalTypes.GROUP,
},
targetId: '344567890123456',
});
// import an existing permission set
const existingPermissionSetExample = PermissionSet.fromPermissionSetArn(this, 'existingPermissionSetExample', 'arn:aws:sso:::permissionSet/ssoins-1234567891234567/ps-55a5555a5a55ab55');
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file renovosolutions.aws-cdk-aws-sso-0.1.150.tar.gz.
File metadata
- Download URL: renovosolutions.aws-cdk-aws-sso-0.1.150.tar.gz
- Upload date:
- Size: 49.5 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/5.0.0 CPython/3.10.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 39dca0c5bb1745f8ce81c3aa22a3c6fbfd0acef90116560b7c0220d3fe6fd6ea |
|
| MD5 | ee5c0cbe82d9f0f6d8d5c33d3e3dc8f8 |
|
| BLAKE2b-256 | fb3fddd969a0a5d6f1e737974f44a625f63f165274cd491131029ae2ef7c843a |
File details
Details for the file renovosolutions.aws_cdk_aws_sso-0.1.150-py3-none-any.whl.
File metadata
- Download URL: renovosolutions.aws_cdk_aws_sso-0.1.150-py3-none-any.whl
- Upload date:
- Size: 49.4 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/5.0.0 CPython/3.10.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 2f293e945f78a8e312c86219bc50480b0aa43152096ac82b6560fdd661f14477 |
|
| MD5 | 34d81d3b65854725ec7d32a33614a3ee |
|
| BLAKE2b-256 | 621511427f4bb0c6fe55e25dfa5fe0d635e983c0ec87fd64bed78262c2a3b64d |
