1. Packages
  2. AWS
  3. API Docs
  4. ssoadmin
  5. AccountAssignment
AWS v6.54.0 published on Friday, Sep 27, 2024 by Pulumi

aws.ssoadmin.AccountAssignment

Explore with Pulumi AI

aws logo
AWS v6.54.0 published on Friday, Sep 27, 2024 by Pulumi

    Provides a Single Sign-On (SSO) Account Assignment resource

    Example Usage

    Basic Usage

    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    
    const example = aws.ssoadmin.getInstances({});
    const exampleGetPermissionSet = example.then(example => aws.ssoadmin.getPermissionSet({
        instanceArn: example.arns?.[0],
        name: "AWSReadOnlyAccess",
    }));
    const exampleGetGroup = example.then(example => aws.identitystore.getGroup({
        identityStoreId: example.identityStoreIds?.[0],
        alternateIdentifier: {
            uniqueAttribute: {
                attributePath: "DisplayName",
                attributeValue: "ExampleGroup",
            },
        },
    }));
    const exampleAccountAssignment = new aws.ssoadmin.AccountAssignment("example", {
        instanceArn: example.then(example => example.arns?.[0]),
        permissionSetArn: exampleGetPermissionSet.then(exampleGetPermissionSet => exampleGetPermissionSet.arn),
        principalId: exampleGetGroup.then(exampleGetGroup => exampleGetGroup.groupId),
        principalType: "GROUP",
        targetId: "123456789012",
        targetType: "AWS_ACCOUNT",
    });
    
    import pulumi
    import pulumi_aws as aws
    
    example = aws.ssoadmin.get_instances()
    example_get_permission_set = aws.ssoadmin.get_permission_set(instance_arn=example.arns[0],
        name="AWSReadOnlyAccess")
    example_get_group = aws.identitystore.get_group(identity_store_id=example.identity_store_ids[0],
        alternate_identifier={
            "unique_attribute": {
                "attribute_path": "DisplayName",
                "attribute_value": "ExampleGroup",
            },
        })
    example_account_assignment = aws.ssoadmin.AccountAssignment("example",
        instance_arn=example.arns[0],
        permission_set_arn=example_get_permission_set.arn,
        principal_id=example_get_group.group_id,
        principal_type="GROUP",
        target_id="123456789012",
        target_type="AWS_ACCOUNT")
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/identitystore"
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ssoadmin"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		example, err := ssoadmin.GetInstances(ctx, nil, nil)
    		if err != nil {
    			return err
    		}
    		exampleGetPermissionSet, err := ssoadmin.LookupPermissionSet(ctx, &ssoadmin.LookupPermissionSetArgs{
    			InstanceArn: example.Arns[0],
    			Name:        pulumi.StringRef("AWSReadOnlyAccess"),
    		}, nil)
    		if err != nil {
    			return err
    		}
    		exampleGetGroup, err := identitystore.LookupGroup(ctx, &identitystore.LookupGroupArgs{
    			IdentityStoreId: example.IdentityStoreIds[0],
    			AlternateIdentifier: identitystore.GetGroupAlternateIdentifier{
    				UniqueAttribute: identitystore.GetGroupAlternateIdentifierUniqueAttribute{
    					AttributePath:  "DisplayName",
    					AttributeValue: "ExampleGroup",
    				},
    			},
    		}, nil)
    		if err != nil {
    			return err
    		}
    		_, err = ssoadmin.NewAccountAssignment(ctx, "example", &ssoadmin.AccountAssignmentArgs{
    			InstanceArn:      pulumi.String(example.Arns[0]),
    			PermissionSetArn: pulumi.String(exampleGetPermissionSet.Arn),
    			PrincipalId:      pulumi.String(exampleGetGroup.GroupId),
    			PrincipalType:    pulumi.String("GROUP"),
    			TargetId:         pulumi.String("123456789012"),
    			TargetType:       pulumi.String("AWS_ACCOUNT"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Aws = Pulumi.Aws;
    
    return await Deployment.RunAsync(() => 
    {
        var example = Aws.SsoAdmin.GetInstances.Invoke();
    
        var exampleGetPermissionSet = Aws.SsoAdmin.GetPermissionSet.Invoke(new()
        {
            InstanceArn = example.Apply(getInstancesResult => getInstancesResult.Arns[0]),
            Name = "AWSReadOnlyAccess",
        });
    
        var exampleGetGroup = Aws.IdentityStore.GetGroup.Invoke(new()
        {
            IdentityStoreId = example.Apply(getInstancesResult => getInstancesResult.IdentityStoreIds[0]),
            AlternateIdentifier = new Aws.IdentityStore.Inputs.GetGroupAlternateIdentifierInputArgs
            {
                UniqueAttribute = new Aws.IdentityStore.Inputs.GetGroupAlternateIdentifierUniqueAttributeInputArgs
                {
                    AttributePath = "DisplayName",
                    AttributeValue = "ExampleGroup",
                },
            },
        });
    
        var exampleAccountAssignment = new Aws.SsoAdmin.AccountAssignment("example", new()
        {
            InstanceArn = example.Apply(getInstancesResult => getInstancesResult.Arns[0]),
            PermissionSetArn = exampleGetPermissionSet.Apply(getPermissionSetResult => getPermissionSetResult.Arn),
            PrincipalId = exampleGetGroup.Apply(getGroupResult => getGroupResult.GroupId),
            PrincipalType = "GROUP",
            TargetId = "123456789012",
            TargetType = "AWS_ACCOUNT",
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.ssoadmin.SsoadminFunctions;
    import com.pulumi.aws.ssoadmin.inputs.GetPermissionSetArgs;
    import com.pulumi.aws.identitystore.IdentitystoreFunctions;
    import com.pulumi.aws.identitystore.inputs.GetGroupArgs;
    import com.pulumi.aws.identitystore.inputs.GetGroupAlternateIdentifierArgs;
    import com.pulumi.aws.identitystore.inputs.GetGroupAlternateIdentifierUniqueAttributeArgs;
    import com.pulumi.aws.ssoadmin.AccountAssignment;
    import com.pulumi.aws.ssoadmin.AccountAssignmentArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            final var example = SsoadminFunctions.getInstances();
    
            final var exampleGetPermissionSet = SsoadminFunctions.getPermissionSet(GetPermissionSetArgs.builder()
                .instanceArn(example.applyValue(getInstancesResult -> getInstancesResult.arns()[0]))
                .name("AWSReadOnlyAccess")
                .build());
    
            final var exampleGetGroup = IdentitystoreFunctions.getGroup(GetGroupArgs.builder()
                .identityStoreId(example.applyValue(getInstancesResult -> getInstancesResult.identityStoreIds()[0]))
                .alternateIdentifier(GetGroupAlternateIdentifierArgs.builder()
                    .uniqueAttribute(GetGroupAlternateIdentifierUniqueAttributeArgs.builder()
                        .attributePath("DisplayName")
                        .attributeValue("ExampleGroup")
                        .build())
                    .build())
                .build());
    
            var exampleAccountAssignment = new AccountAssignment("exampleAccountAssignment", AccountAssignmentArgs.builder()
                .instanceArn(example.applyValue(getInstancesResult -> getInstancesResult.arns()[0]))
                .permissionSetArn(exampleGetPermissionSet.applyValue(getPermissionSetResult -> getPermissionSetResult.arn()))
                .principalId(exampleGetGroup.applyValue(getGroupResult -> getGroupResult.groupId()))
                .principalType("GROUP")
                .targetId("123456789012")
                .targetType("AWS_ACCOUNT")
                .build());
    
        }
    }
    
    resources:
      exampleAccountAssignment:
        type: aws:ssoadmin:AccountAssignment
        name: example
        properties:
          instanceArn: ${example.arns[0]}
          permissionSetArn: ${exampleGetPermissionSet.arn}
          principalId: ${exampleGetGroup.groupId}
          principalType: GROUP
          targetId: '123456789012'
          targetType: AWS_ACCOUNT
    variables:
      example:
        fn::invoke:
          Function: aws:ssoadmin:getInstances
          Arguments: {}
      exampleGetPermissionSet:
        fn::invoke:
          Function: aws:ssoadmin:getPermissionSet
          Arguments:
            instanceArn: ${example.arns[0]}
            name: AWSReadOnlyAccess
      exampleGetGroup:
        fn::invoke:
          Function: aws:identitystore:getGroup
          Arguments:
            identityStoreId: ${example.identityStoreIds[0]}
            alternateIdentifier:
              uniqueAttribute:
                attributePath: DisplayName
                attributeValue: ExampleGroup
    

    With Managed Policy Attachment

    Because destruction of a managed policy attachment resource also re-provisions the associated permission set to all accounts, explicitly indicating the dependency with the account assignment resource via the depends_on meta argument is necessary to ensure proper deletion order when these resources are used together.

    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    
    const example = aws.ssoadmin.getInstances({});
    const examplePermissionSet = new aws.ssoadmin.PermissionSet("example", {
        name: "Example",
        instanceArn: example.then(example => example.arns?.[0]),
    });
    const exampleGroup = new aws.identitystore.Group("example", {
        identityStoreId: example.then(example => example.identityStoreIds?.[0]),
        displayName: "Admin",
        description: "Admin Group",
    });
    const accountAssignment = new aws.ssoadmin.AccountAssignment("account_assignment", {
        instanceArn: example.then(example => example.arns?.[0]),
        permissionSetArn: examplePermissionSet.arn,
        principalId: exampleGroup.groupId,
        principalType: "GROUP",
        targetId: "123456789012",
        targetType: "AWS_ACCOUNT",
    });
    const exampleManagedPolicyAttachment = new aws.ssoadmin.ManagedPolicyAttachment("example", {
        instanceArn: example.then(example => example.arns?.[0]),
        managedPolicyArn: "arn:aws:iam::aws:policy/AlexaForBusinessDeviceSetup",
        permissionSetArn: examplePermissionSet.arn,
    }, {
        dependsOn: [exampleAwsSsoadminAccountAssignment],
    });
    
    import pulumi
    import pulumi_aws as aws
    
    example = aws.ssoadmin.get_instances()
    example_permission_set = aws.ssoadmin.PermissionSet("example",
        name="Example",
        instance_arn=example.arns[0])
    example_group = aws.identitystore.Group("example",
        identity_store_id=example.identity_store_ids[0],
        display_name="Admin",
        description="Admin Group")
    account_assignment = aws.ssoadmin.AccountAssignment("account_assignment",
        instance_arn=example.arns[0],
        permission_set_arn=example_permission_set.arn,
        principal_id=example_group.group_id,
        principal_type="GROUP",
        target_id="123456789012",
        target_type="AWS_ACCOUNT")
    example_managed_policy_attachment = aws.ssoadmin.ManagedPolicyAttachment("example",
        instance_arn=example.arns[0],
        managed_policy_arn="arn:aws:iam::aws:policy/AlexaForBusinessDeviceSetup",
        permission_set_arn=example_permission_set.arn,
        opts = pulumi.ResourceOptions(depends_on=[example_aws_ssoadmin_account_assignment]))
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/identitystore"
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ssoadmin"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		example, err := ssoadmin.GetInstances(ctx, nil, nil)
    		if err != nil {
    			return err
    		}
    		examplePermissionSet, err := ssoadmin.NewPermissionSet(ctx, "example", &ssoadmin.PermissionSetArgs{
    			Name:        pulumi.String("Example"),
    			InstanceArn: pulumi.String(example.Arns[0]),
    		})
    		if err != nil {
    			return err
    		}
    		exampleGroup, err := identitystore.NewGroup(ctx, "example", &identitystore.GroupArgs{
    			IdentityStoreId: pulumi.String(example.IdentityStoreIds[0]),
    			DisplayName:     pulumi.String("Admin"),
    			Description:     pulumi.String("Admin Group"),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = ssoadmin.NewAccountAssignment(ctx, "account_assignment", &ssoadmin.AccountAssignmentArgs{
    			InstanceArn:      pulumi.String(example.Arns[0]),
    			PermissionSetArn: examplePermissionSet.Arn,
    			PrincipalId:      exampleGroup.GroupId,
    			PrincipalType:    pulumi.String("GROUP"),
    			TargetId:         pulumi.String("123456789012"),
    			TargetType:       pulumi.String("AWS_ACCOUNT"),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = ssoadmin.NewManagedPolicyAttachment(ctx, "example", &ssoadmin.ManagedPolicyAttachmentArgs{
    			InstanceArn:      pulumi.String(example.Arns[0]),
    			ManagedPolicyArn: pulumi.String("arn:aws:iam::aws:policy/AlexaForBusinessDeviceSetup"),
    			PermissionSetArn: examplePermissionSet.Arn,
    		}, pulumi.DependsOn([]pulumi.Resource{
    			exampleAwsSsoadminAccountAssignment,
    		}))
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Aws = Pulumi.Aws;
    
    return await Deployment.RunAsync(() => 
    {
        var example = Aws.SsoAdmin.GetInstances.Invoke();
    
        var examplePermissionSet = new Aws.SsoAdmin.PermissionSet("example", new()
        {
            Name = "Example",
            InstanceArn = example.Apply(getInstancesResult => getInstancesResult.Arns[0]),
        });
    
        var exampleGroup = new Aws.IdentityStore.Group("example", new()
        {
            IdentityStoreId = example.Apply(getInstancesResult => getInstancesResult.IdentityStoreIds[0]),
            DisplayName = "Admin",
            Description = "Admin Group",
        });
    
        var accountAssignment = new Aws.SsoAdmin.AccountAssignment("account_assignment", new()
        {
            InstanceArn = example.Apply(getInstancesResult => getInstancesResult.Arns[0]),
            PermissionSetArn = examplePermissionSet.Arn,
            PrincipalId = exampleGroup.GroupId,
            PrincipalType = "GROUP",
            TargetId = "123456789012",
            TargetType = "AWS_ACCOUNT",
        });
    
        var exampleManagedPolicyAttachment = new Aws.SsoAdmin.ManagedPolicyAttachment("example", new()
        {
            InstanceArn = example.Apply(getInstancesResult => getInstancesResult.Arns[0]),
            ManagedPolicyArn = "arn:aws:iam::aws:policy/AlexaForBusinessDeviceSetup",
            PermissionSetArn = examplePermissionSet.Arn,
        }, new CustomResourceOptions
        {
            DependsOn =
            {
                exampleAwsSsoadminAccountAssignment,
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.ssoadmin.SsoadminFunctions;
    import com.pulumi.aws.ssoadmin.PermissionSet;
    import com.pulumi.aws.ssoadmin.PermissionSetArgs;
    import com.pulumi.aws.identitystore.Group;
    import com.pulumi.aws.identitystore.GroupArgs;
    import com.pulumi.aws.ssoadmin.AccountAssignment;
    import com.pulumi.aws.ssoadmin.AccountAssignmentArgs;
    import com.pulumi.aws.ssoadmin.ManagedPolicyAttachment;
    import com.pulumi.aws.ssoadmin.ManagedPolicyAttachmentArgs;
    import com.pulumi.resources.CustomResourceOptions;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            final var example = SsoadminFunctions.getInstances();
    
            var examplePermissionSet = new PermissionSet("examplePermissionSet", PermissionSetArgs.builder()
                .name("Example")
                .instanceArn(example.applyValue(getInstancesResult -> getInstancesResult.arns()[0]))
                .build());
    
            var exampleGroup = new Group("exampleGroup", GroupArgs.builder()
                .identityStoreId(example.applyValue(getInstancesResult -> getInstancesResult.identityStoreIds()[0]))
                .displayName("Admin")
                .description("Admin Group")
                .build());
    
            var accountAssignment = new AccountAssignment("accountAssignment", AccountAssignmentArgs.builder()
                .instanceArn(example.applyValue(getInstancesResult -> getInstancesResult.arns()[0]))
                .permissionSetArn(examplePermissionSet.arn())
                .principalId(exampleGroup.groupId())
                .principalType("GROUP")
                .targetId("123456789012")
                .targetType("AWS_ACCOUNT")
                .build());
    
            var exampleManagedPolicyAttachment = new ManagedPolicyAttachment("exampleManagedPolicyAttachment", ManagedPolicyAttachmentArgs.builder()
                .instanceArn(example.applyValue(getInstancesResult -> getInstancesResult.arns()[0]))
                .managedPolicyArn("arn:aws:iam::aws:policy/AlexaForBusinessDeviceSetup")
                .permissionSetArn(examplePermissionSet.arn())
                .build(), CustomResourceOptions.builder()
                    .dependsOn(exampleAwsSsoadminAccountAssignment)
                    .build());
    
        }
    }
    
    resources:
      examplePermissionSet:
        type: aws:ssoadmin:PermissionSet
        name: example
        properties:
          name: Example
          instanceArn: ${example.arns[0]}
      exampleGroup:
        type: aws:identitystore:Group
        name: example
        properties:
          identityStoreId: ${example.identityStoreIds[0]}
          displayName: Admin
          description: Admin Group
      accountAssignment:
        type: aws:ssoadmin:AccountAssignment
        name: account_assignment
        properties:
          instanceArn: ${example.arns[0]}
          permissionSetArn: ${examplePermissionSet.arn}
          principalId: ${exampleGroup.groupId}
          principalType: GROUP
          targetId: '123456789012'
          targetType: AWS_ACCOUNT
      exampleManagedPolicyAttachment:
        type: aws:ssoadmin:ManagedPolicyAttachment
        name: example
        properties:
          instanceArn: ${example.arns[0]}
          managedPolicyArn: arn:aws:iam::aws:policy/AlexaForBusinessDeviceSetup
          permissionSetArn: ${examplePermissionSet.arn}
        options:
          dependson:
            - ${exampleAwsSsoadminAccountAssignment}
    variables:
      example:
        fn::invoke:
          Function: aws:ssoadmin:getInstances
          Arguments: {}
    

    Create AccountAssignment Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new AccountAssignment(name: string, args: AccountAssignmentArgs, opts?: CustomResourceOptions);
    @overload
    def AccountAssignment(resource_name: str,
                          args: AccountAssignmentArgs,
                          opts: Optional[ResourceOptions] = None)
    
    @overload
    def AccountAssignment(resource_name: str,
                          opts: Optional[ResourceOptions] = None,
                          instance_arn: Optional[str] = None,
                          permission_set_arn: Optional[str] = None,
                          principal_id: Optional[str] = None,
                          principal_type: Optional[str] = None,
                          target_id: Optional[str] = None,
                          target_type: Optional[str] = None)
    func NewAccountAssignment(ctx *Context, name string, args AccountAssignmentArgs, opts ...ResourceOption) (*AccountAssignment, error)
    public AccountAssignment(string name, AccountAssignmentArgs args, CustomResourceOptions? opts = null)
    public AccountAssignment(String name, AccountAssignmentArgs args)
    public AccountAssignment(String name, AccountAssignmentArgs args, CustomResourceOptions options)
    
    type: aws:ssoadmin:AccountAssignment
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args AccountAssignmentArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args AccountAssignmentArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args AccountAssignmentArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args AccountAssignmentArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args AccountAssignmentArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var accountAssignmentResource = new Aws.SsoAdmin.AccountAssignment("accountAssignmentResource", new()
    {
        InstanceArn = "string",
        PermissionSetArn = "string",
        PrincipalId = "string",
        PrincipalType = "string",
        TargetId = "string",
        TargetType = "string",
    });
    
    example, err := ssoadmin.NewAccountAssignment(ctx, "accountAssignmentResource", &ssoadmin.AccountAssignmentArgs{
    	InstanceArn:      pulumi.String("string"),
    	PermissionSetArn: pulumi.String("string"),
    	PrincipalId:      pulumi.String("string"),
    	PrincipalType:    pulumi.String("string"),
    	TargetId:         pulumi.String("string"),
    	TargetType:       pulumi.String("string"),
    })
    
    var accountAssignmentResource = new AccountAssignment("accountAssignmentResource", AccountAssignmentArgs.builder()
        .instanceArn("string")
        .permissionSetArn("string")
        .principalId("string")
        .principalType("string")
        .targetId("string")
        .targetType("string")
        .build());
    
    account_assignment_resource = aws.ssoadmin.AccountAssignment("accountAssignmentResource",
        instance_arn="string",
        permission_set_arn="string",
        principal_id="string",
        principal_type="string",
        target_id="string",
        target_type="string")
    
    const accountAssignmentResource = new aws.ssoadmin.AccountAssignment("accountAssignmentResource", {
        instanceArn: "string",
        permissionSetArn: "string",
        principalId: "string",
        principalType: "string",
        targetId: "string",
        targetType: "string",
    });
    
    type: aws:ssoadmin:AccountAssignment
    properties:
        instanceArn: string
        permissionSetArn: string
        principalId: string
        principalType: string
        targetId: string
        targetType: string
    

    AccountAssignment Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The AccountAssignment resource accepts the following input properties:

    InstanceArn string
    The Amazon Resource Name (ARN) of the SSO Instance.
    PermissionSetArn string
    The Amazon Resource Name (ARN) of the Permission Set that the admin wants to grant the principal access to.
    PrincipalId string
    An identifier for an object in SSO, such as a user or group. PrincipalIds are GUIDs (For example, f81d4fae-7dec-11d0-a765-00a0c91e6bf6).
    PrincipalType string
    The entity type for which the assignment will be created. Valid values: USER, GROUP.
    TargetId string
    An AWS account identifier, typically a 10-12 digit string.
    TargetType string
    The entity type for which the assignment will be created. Valid values: AWS_ACCOUNT.
    InstanceArn string
    The Amazon Resource Name (ARN) of the SSO Instance.
    PermissionSetArn string
    The Amazon Resource Name (ARN) of the Permission Set that the admin wants to grant the principal access to.
    PrincipalId string
    An identifier for an object in SSO, such as a user or group. PrincipalIds are GUIDs (For example, f81d4fae-7dec-11d0-a765-00a0c91e6bf6).
    PrincipalType string
    The entity type for which the assignment will be created. Valid values: USER, GROUP.
    TargetId string
    An AWS account identifier, typically a 10-12 digit string.
    TargetType string
    The entity type for which the assignment will be created. Valid values: AWS_ACCOUNT.
    instanceArn String
    The Amazon Resource Name (ARN) of the SSO Instance.
    permissionSetArn String
    The Amazon Resource Name (ARN) of the Permission Set that the admin wants to grant the principal access to.
    principalId String
    An identifier for an object in SSO, such as a user or group. PrincipalIds are GUIDs (For example, f81d4fae-7dec-11d0-a765-00a0c91e6bf6).
    principalType String
    The entity type for which the assignment will be created. Valid values: USER, GROUP.
    targetId String
    An AWS account identifier, typically a 10-12 digit string.
    targetType String
    The entity type for which the assignment will be created. Valid values: AWS_ACCOUNT.
    instanceArn string
    The Amazon Resource Name (ARN) of the SSO Instance.
    permissionSetArn string
    The Amazon Resource Name (ARN) of the Permission Set that the admin wants to grant the principal access to.
    principalId string
    An identifier for an object in SSO, such as a user or group. PrincipalIds are GUIDs (For example, f81d4fae-7dec-11d0-a765-00a0c91e6bf6).
    principalType string
    The entity type for which the assignment will be created. Valid values: USER, GROUP.
    targetId string
    An AWS account identifier, typically a 10-12 digit string.
    targetType string
    The entity type for which the assignment will be created. Valid values: AWS_ACCOUNT.
    instance_arn str
    The Amazon Resource Name (ARN) of the SSO Instance.
    permission_set_arn str
    The Amazon Resource Name (ARN) of the Permission Set that the admin wants to grant the principal access to.
    principal_id str
    An identifier for an object in SSO, such as a user or group. PrincipalIds are GUIDs (For example, f81d4fae-7dec-11d0-a765-00a0c91e6bf6).
    principal_type str
    The entity type for which the assignment will be created. Valid values: USER, GROUP.
    target_id str
    An AWS account identifier, typically a 10-12 digit string.
    target_type str
    The entity type for which the assignment will be created. Valid values: AWS_ACCOUNT.
    instanceArn String
    The Amazon Resource Name (ARN) of the SSO Instance.
    permissionSetArn String
    The Amazon Resource Name (ARN) of the Permission Set that the admin wants to grant the principal access to.
    principalId String
    An identifier for an object in SSO, such as a user or group. PrincipalIds are GUIDs (For example, f81d4fae-7dec-11d0-a765-00a0c91e6bf6).
    principalType String
    The entity type for which the assignment will be created. Valid values: USER, GROUP.
    targetId String
    An AWS account identifier, typically a 10-12 digit string.
    targetType String
    The entity type for which the assignment will be created. Valid values: AWS_ACCOUNT.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the AccountAssignment resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    Id string
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.
    id string
    The provider-assigned unique ID for this managed resource.
    id str
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.

    Look up Existing AccountAssignment Resource

    Get an existing AccountAssignment resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: AccountAssignmentState, opts?: CustomResourceOptions): AccountAssignment
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            instance_arn: Optional[str] = None,
            permission_set_arn: Optional[str] = None,
            principal_id: Optional[str] = None,
            principal_type: Optional[str] = None,
            target_id: Optional[str] = None,
            target_type: Optional[str] = None) -> AccountAssignment
    func GetAccountAssignment(ctx *Context, name string, id IDInput, state *AccountAssignmentState, opts ...ResourceOption) (*AccountAssignment, error)
    public static AccountAssignment Get(string name, Input<string> id, AccountAssignmentState? state, CustomResourceOptions? opts = null)
    public static AccountAssignment get(String name, Output<String> id, AccountAssignmentState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    InstanceArn string
    The Amazon Resource Name (ARN) of the SSO Instance.
    PermissionSetArn string
    The Amazon Resource Name (ARN) of the Permission Set that the admin wants to grant the principal access to.
    PrincipalId string
    An identifier for an object in SSO, such as a user or group. PrincipalIds are GUIDs (For example, f81d4fae-7dec-11d0-a765-00a0c91e6bf6).
    PrincipalType string
    The entity type for which the assignment will be created. Valid values: USER, GROUP.
    TargetId string
    An AWS account identifier, typically a 10-12 digit string.
    TargetType string
    The entity type for which the assignment will be created. Valid values: AWS_ACCOUNT.
    InstanceArn string
    The Amazon Resource Name (ARN) of the SSO Instance.
    PermissionSetArn string
    The Amazon Resource Name (ARN) of the Permission Set that the admin wants to grant the principal access to.
    PrincipalId string
    An identifier for an object in SSO, such as a user or group. PrincipalIds are GUIDs (For example, f81d4fae-7dec-11d0-a765-00a0c91e6bf6).
    PrincipalType string
    The entity type for which the assignment will be created. Valid values: USER, GROUP.
    TargetId string
    An AWS account identifier, typically a 10-12 digit string.
    TargetType string
    The entity type for which the assignment will be created. Valid values: AWS_ACCOUNT.
    instanceArn String
    The Amazon Resource Name (ARN) of the SSO Instance.
    permissionSetArn String
    The Amazon Resource Name (ARN) of the Permission Set that the admin wants to grant the principal access to.
    principalId String
    An identifier for an object in SSO, such as a user or group. PrincipalIds are GUIDs (For example, f81d4fae-7dec-11d0-a765-00a0c91e6bf6).
    principalType String
    The entity type for which the assignment will be created. Valid values: USER, GROUP.
    targetId String
    An AWS account identifier, typically a 10-12 digit string.
    targetType String
    The entity type for which the assignment will be created. Valid values: AWS_ACCOUNT.
    instanceArn string
    The Amazon Resource Name (ARN) of the SSO Instance.
    permissionSetArn string
    The Amazon Resource Name (ARN) of the Permission Set that the admin wants to grant the principal access to.
    principalId string
    An identifier for an object in SSO, such as a user or group. PrincipalIds are GUIDs (For example, f81d4fae-7dec-11d0-a765-00a0c91e6bf6).
    principalType string
    The entity type for which the assignment will be created. Valid values: USER, GROUP.
    targetId string
    An AWS account identifier, typically a 10-12 digit string.
    targetType string
    The entity type for which the assignment will be created. Valid values: AWS_ACCOUNT.
    instance_arn str
    The Amazon Resource Name (ARN) of the SSO Instance.
    permission_set_arn str
    The Amazon Resource Name (ARN) of the Permission Set that the admin wants to grant the principal access to.
    principal_id str
    An identifier for an object in SSO, such as a user or group. PrincipalIds are GUIDs (For example, f81d4fae-7dec-11d0-a765-00a0c91e6bf6).
    principal_type str
    The entity type for which the assignment will be created. Valid values: USER, GROUP.
    target_id str
    An AWS account identifier, typically a 10-12 digit string.
    target_type str
    The entity type for which the assignment will be created. Valid values: AWS_ACCOUNT.
    instanceArn String
    The Amazon Resource Name (ARN) of the SSO Instance.
    permissionSetArn String
    The Amazon Resource Name (ARN) of the Permission Set that the admin wants to grant the principal access to.
    principalId String
    An identifier for an object in SSO, such as a user or group. PrincipalIds are GUIDs (For example, f81d4fae-7dec-11d0-a765-00a0c91e6bf6).
    principalType String
    The entity type for which the assignment will be created. Valid values: USER, GROUP.
    targetId String
    An AWS account identifier, typically a 10-12 digit string.
    targetType String
    The entity type for which the assignment will be created. Valid values: AWS_ACCOUNT.

    Import

    Using pulumi import, import SSO Account Assignments using the principal_id, principal_type, target_id, target_type, permission_set_arn, instance_arn separated by commas (,). For example:

    $ pulumi import aws:ssoadmin/accountAssignment:AccountAssignment example f81d4fae-7dec-11d0-a765-00a0c91e6bf6,GROUP,1234567890,AWS_ACCOUNT,arn:aws:sso:::permissionSet/ssoins-0123456789abcdef/ps-0123456789abcdef,arn:aws:sso:::instance/ssoins-0123456789abcdef
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    AWS Classic pulumi/pulumi-aws
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the aws Terraform Provider.
    aws logo
    AWS v6.54.0 published on Friday, Sep 27, 2024 by Pulumi