{ "typeName" : "AWS::SSO::PermissionSet", "taggable" : true, "description" : "Resource Type definition for SSO PermissionSet", "sourceUrl" : "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-sso/aws-sso-permissionset", "definitions" : { "Tag" : { "description" : "The metadata that you apply to the permission set to help you categorize and organize them.", "type" : "object", "properties" : { "Key" : { "type" : "string", "pattern" : "[\\w+=,.@-]+", "minLength" : 1, "maxLength" : 128 }, "Value" : { "type" : "string", "pattern" : "[\\w+=,.@-]+", "minLength" : 0, "maxLength" : 256 } }, "required" : [ "Key", "Value" ], "additionalProperties" : false }, "ManagedPolicyArn" : { "description" : "The managed policy to attach.", "type" : "string", "minLength" : 20, "maxLength" : 2048 }, "CustomerManagedPolicyReference" : { "type" : "object", "properties" : { "Name" : { "type" : "string", "pattern" : "[\\w+=,.@-]+", "minLength" : 1, "maxLength" : 128 }, "Path" : { "type" : "string", "pattern" : "((/[A-Za-z0-9\\.,\\+@=_-]+)*)/", "minLength" : 1, "maxLength" : 512 } }, "required" : [ "Name" ], "additionalProperties" : false }, "PermissionsBoundary" : { "type" : "object", "additionalProperties" : false, "properties" : { "CustomerManagedPolicyReference" : { "$ref" : "#/definitions/CustomerManagedPolicyReference" }, "ManagedPolicyArn" : { "$ref" : "#/definitions/ManagedPolicyArn" } } } }, "properties" : { "Name" : { "description" : "The name you want to assign to this permission set.", "type" : "string", "pattern" : "[\\w+=,.@-]+", "minLength" : 1, "maxLength" : 32 }, "PermissionSetArn" : { "description" : "The permission set that the policy will be attached to", "type" : "string", "pattern" : "arn:(aws|aws-us-gov|aws-cn|aws-iso|aws-iso-b):sso:::permissionSet/(sso)?ins-[a-zA-Z0-9-.]{16}/ps-[a-zA-Z0-9-./]{16}", "minLength" : 10, "maxLength" : 1224 }, "Description" : { "description" : "The permission set description.", "type" : "string", "pattern" : "[\\u0009\\u000A\\u000D\\u0020-\\u007E\\u00A1-\\u00FF]*", "minLength" : 1, "maxLength" : 700 }, "InstanceArn" : { "description" : "The sso instance arn that the permission set is owned.", "type" : "string", "pattern" : "arn:(aws|aws-us-gov|aws-cn|aws-iso|aws-iso-b):sso:::instance/(sso)?ins-[a-zA-Z0-9-.]{16}", "minLength" : 10, "maxLength" : 1224 }, "SessionDuration" : { "description" : "The length of time that a user can be signed in to an AWS account.", "type" : "string", "pattern" : "^(-?)P(?=\\d|T\\d)(?:(\\d+)Y)?(?:(\\d+)M)?(?:(\\d+)([DW]))?(?:T(?:(\\d+)H)?(?:(\\d+)M)?(?:(\\d+(?:\\.\\d+)?)S)?)?$", "minLength" : 1, "maxLength" : 100 }, "RelayStateType" : { "description" : "The relay state URL that redirect links to any service in the AWS Management Console.", "type" : "string", "pattern" : "[a-zA-Z0-9&$@#\\/%?=~\\-_'"|!:,.;*+\\[\\]\\ \\(\\)\\{\\}]+", "minLength" : 1, "maxLength" : 240 }, "ManagedPolicies" : { "type" : "array", "insertionOrder" : false, "items" : { "$ref" : "#/definitions/ManagedPolicyArn" }, "maxItems" : 20, "default" : [ ] }, "InlinePolicy" : { "description" : "The inline policy to put in permission set.", "type" : [ "object", "string" ] }, "Tags" : { "type" : "array", "insertionOrder" : false, "items" : { "$ref" : "#/definitions/Tag" }, "maxItems" : 50 }, "CustomerManagedPolicyReferences" : { "type" : "array", "insertionOrder" : false, "items" : { "$ref" : "#/definitions/CustomerManagedPolicyReference" }, "maxItems" : 20, "default" : [ ] }, "PermissionsBoundary" : { "$ref" : "#/definitions/PermissionsBoundary" } }, "additionalProperties" : false, "required" : [ "Name", "InstanceArn" ], "createOnlyProperties" : [ "/properties/InstanceArn", "/properties/Name" ], "readOnlyProperties" : [ "/properties/PermissionSetArn" ], "primaryIdentifier" : [ "/properties/InstanceArn", "/properties/PermissionSetArn" ], "handlers" : { "create" : { "permissions" : [ "sso:CreatePermissionSet", "sso:PutInlinePolicyToPermissionSet", "sso:AttachManagedPolicyToPermissionSet", "sso:AttachCustomerManagedPolicyReferenceToPermissionSet", "sso:PutPermissionsBoundaryToPermissionSet", "sso:ListManagedPoliciesInPermissionSet", "sso:ListCustomerManagedPolicyReferencesInPermissionSet", "sso:TagResource" ] }, "read" : { "permissions" : [ "sso:DescribePermissionSet", "sso:ListTagsForResource", "sso:ListManagedPoliciesInPermissionSet", "sso:ListCustomerManagedPolicyReferencesInPermissionSet", "sso:GetInlinePolicyForPermissionSet", "sso:GetPermissionsBoundaryForPermissionSet" ] }, "update" : { "permissions" : [ "sso:UpdatePermissionSet", "sso:TagResource", "sso:UntagResource", "sso:ListTagsForResource", "sso:AttachManagedPolicyToPermissionSet", "sso:AttachCustomerManagedPolicyReferenceToPermissionSet", "sso:DetachManagedPolicyFromPermissionSet", "sso:DetachCustomerManagedPolicyReferenceFromPermissionSet", "sso:ListManagedPoliciesInPermissionSet", "sso:ListCustomerManagedPolicyReferencesInPermissionSet", "sso:PutInlinePolicyToPermissionSet", "sso:GetPermissionsBoundaryForPermissionSet", "sso:DeletePermissionsBoundaryFromPermissionSet", "sso:PutPermissionsBoundaryToPermissionSet", "sso:DeleteInlinePolicyFromPermissionSet", "sso:ProvisionPermissionSet", "sso:DescribePermissionSetProvisioningStatus" ] }, "delete" : { "permissions" : [ "sso:DeletePermissionSet" ] }, "list" : { "permissions" : [ "sso:DescribePermissionSet" ] } } }