AWS SSO Managed Policy Attachment

This page shows how to write Terraform and CloudFormation for AWS SSO Managed Policy Attachment and write them securely.

code-icon

Fix issues in your cloud & app configurations

Test for misconfigurations of this resource in your cloud.

get-started-button

Terraform Example (aws_ssoadmin_managed_policy_attachment)

Provides an IAM managed policy for a Single Sign-On (SSO) Permission Set resource

NOTE: Creating this resource will automatically Provision the Permission Set to apply the corresponding updates to all assigned accounts.

Parameters

Example Usage (from GitHub)

github-icondharada1/aws-sso-sample
resource "aws_ssoadmin_managed_policy_attachment" "admin" {
  instance_arn       = local.instance_arn
  managed_policy_arn = "arn:aws:iam::aws:policy/AdministratorAccess"
  permission_set_arn = aws_ssoadmin_permission_set.admin.arn
}

github-iconministryofjustice/aws-root-account
resource "aws_ssoadmin_managed_policy_attachment" "administrator-access-policy" {
  instance_arn       = local.sso_instance_arn
  managed_policy_arn = "arn:aws:iam::aws:policy/AdministratorAccess"
  permission_set_arn = aws_ssoadmin_permission_set.administrator-access.arn
}

github-icontintulip/cla-organisation
resource "aws_ssoadmin_managed_policy_attachment" "delivery_pipelines_policies" {
  for_each           = toset(["arn:aws:iam::aws:policy/AWSCodePipeline_ReadOnlyAccess", "arn:aws:iam::aws:policy/AWSCodeBuildReadOnlyAccess"])
  instance_arn       = aws_ssoadmin_permission_set.delivery_pipelines_readonly.instance_arn
  managed_policy_arn = each.key
  permission_set_arn = aws_ssoadmin_permission_set.delivery_pipelines_readonly.arn
}
github-iconhekonsek/terraform-aws-sso
resource "aws_ssoadmin_managed_policy_attachment" "permissionset_policy" {
  instance_arn       = tolist(data.aws_ssoadmin_instances.ssos.arns)[0]
  managed_policy_arn = var.policy_arn
  permission_set_arn = aws_ssoadmin_permission_set.permissionset.arn
}

github-iconcloud-security-labs/terraform-aws-ssoadmin-permission-set
resource "aws_ssoadmin_managed_policy_attachment" "this" {
  for_each           = length(var.managed_policy_arns) > 0 ? toset(var.managed_policy_arns) : []
  instance_arn       = var.instance_arn
  managed_policy_arn = each.value
  permission_set_arn = aws_ssoadmin_permission_set.this.arn
}

CloudFormation Example (AWS::SSO::PermissionSet)

Specifies a permission set within a specified SSO instance.

Parameters

Frequently asked questions

What is AWS SSO Managed Policy Attachment?

AWS SSO Managed Policy Attachment is a resource for SSO of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.

Where can I find the example code for the AWS SSO Managed Policy Attachment?

For Terraform, the dharada1/aws-sso-sample, ministryofjustice/aws-root-account and tintulip/cla-organisation source code examples are useful. See the Terraform Example section for further details.