Class: AWSCDK::SSO::CfnPermissionSet::PermissionsBoundaryProperty
- Inherits:
-
Jsii::Struct
- Object
- Jsii::Struct
- AWSCDK::SSO::CfnPermissionSet::PermissionsBoundaryProperty
- Defined in:
- sso/cfn_permission_set.rb
Overview
Specifies the configuration of the AWS managed or customer managed policy that you want to set as a permissions boundary.
Specify either CustomerManagedPolicyReference to use the name and path of a customer managed policy, or ManagedPolicyArn to use the ARN of an AWS managed policy. A permissions boundary represents the maximum permissions that any policy can grant your role. For more information, see Permissions boundaries for IAM entities in the IAM User Guide .
Policies used as permissions boundaries don't provide permissions. You must also attach an IAM policy to the role. To learn how the effective permissions for a role are evaluated, see IAM JSON policy evaluation logic in the IAM User Guide .
Instance Attribute Summary collapse
-
#customer_managed_policy_reference ⇒ AWSCDK::IResolvable, ...
readonly
Specifies the name and path of a customer managed policy.
-
#managed_policy_arn ⇒ String?
readonly
The AWS managed policy ARN that you want to attach to a permission set as a permissions boundary.
Class Method Summary collapse
Instance Method Summary collapse
-
#initialize(customer_managed_policy_reference: nil, managed_policy_arn: nil) ⇒ PermissionsBoundaryProperty
constructor
A new instance of PermissionsBoundaryProperty.
- #to_jsii ⇒ Object
Constructor Details
#initialize(customer_managed_policy_reference: nil, managed_policy_arn: nil) ⇒ PermissionsBoundaryProperty
Returns a new instance of PermissionsBoundaryProperty.
687 688 689 690 691 692 |
# File 'sso/cfn_permission_set.rb', line 687 def initialize(customer_managed_policy_reference: nil, managed_policy_arn: nil) @customer_managed_policy_reference = customer_managed_policy_reference.is_a?(Hash) ? ::AWSCDK::SSO::CfnPermissionSet::CustomerManagedPolicyReferenceProperty.new(**customer_managed_policy_reference.transform_keys(&:to_sym)) : customer_managed_policy_reference Jsii::Type.check_type(@customer_managed_policy_reference, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3siZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifSx7ImZxbiI6ImF3cy1jZGstbGliLmF3c19zc28uQ2ZuUGVybWlzc2lvblNldC5DdXN0b21lck1hbmFnZWRQb2xpY3lSZWZlcmVuY2VQcm9wZXJ0eSJ9XX19")), "customerManagedPolicyReference") unless @customer_managed_policy_reference.nil? @managed_policy_arn = managed_policy_arn Jsii::Type.check_type(@managed_policy_arn, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "managedPolicyArn") unless @managed_policy_arn.nil? end |
Instance Attribute Details
#customer_managed_policy_reference ⇒ AWSCDK::IResolvable, ... (readonly)
Specifies the name and path of a customer managed policy.
You must have an IAM policy that matches the name and path in each AWS account where you want to deploy your permission set.
700 701 702 |
# File 'sso/cfn_permission_set.rb', line 700 def customer_managed_policy_reference @customer_managed_policy_reference end |
#managed_policy_arn ⇒ String? (readonly)
The AWS managed policy ARN that you want to attach to a permission set as a permissions boundary.
705 706 707 |
# File 'sso/cfn_permission_set.rb', line 705 def managed_policy_arn @managed_policy_arn end |
Class Method Details
.jsii_properties ⇒ Object
707 708 709 710 711 712 |
# File 'sso/cfn_permission_set.rb', line 707 def self.jsii_properties { :customer_managed_policy_reference => "customerManagedPolicyReference", :managed_policy_arn => "managedPolicyArn", } end |
Instance Method Details
#to_jsii ⇒ Object
714 715 716 717 718 719 720 721 |
# File 'sso/cfn_permission_set.rb', line 714 def to_jsii result = {} result.merge!({ "customerManagedPolicyReference" => @customer_managed_policy_reference, "managedPolicyArn" => @managed_policy_arn, }) result.compact end |