1 個回答
- 最新
- 最多得票
- 最多評論
1
Hello.
Although you cannot enable IAM Identity Center with CloudFormation, you can create permission sets, etc.
https://docs.aws.amazon.com/ja_jp/AWSCloudFormation/latest/UserGuide/AWS_SSO.html
Create a permission set with "AWS::SSO::PermissionSet" and link it to the account with "AWS::SSO::Assignment".
PermissionSet:
Type: AWS::SSO::PermissionSet
Properties:
InstanceArn: 'arn:aws:sso:::instance/ssoins-xxxxxxxxxxxxxxxx'
Name: 'AdministratorAccess'
ManagedPolicies:
- 'arn:aws:iam::aws:policy/AdministratorAccess'
Assignment:
Type: AWS::SSO::Assignment
Properties:
InstanceArn: 'arn:aws:sso:::instance/ssoins-xxxxxxxxxxxxxxxx'
PermissionSetArn: !GetAtt PermissionSet.PermissionSetArn
TargetId: '123456789012'
TargetType: AWS_ACCOUNT
PrincipalId: 'f81d4fae-7dec-11d0-a765-00a0c91e6bf6'
PrincipalType: 'GROUP'
相關內容
- 已提問 6 個月前
AWS 官方已更新 1 年前- AWS 官方已更新 1 年前