Reputation: 1
AWS SSO provision permission set automatically through cloudformation
I have created AWS SSO permission sets through CloudFormation and users are successfully assuming roles in downstream accounts. The issue I am seeing here is when a new change gets added to the code, let's say IAM inline policy gets edited with some extra permissions, I need to login into the account and manually provision the changes from main account to the downstream accounts.
I found provision-permission-set AWS CLI call but it doesn't look like there is a CloudFormation option.
I am considering having this step as a part of my deployment pipeline and if I don't have to create a custom script that is going to use AWS CLI to do that job that would be awesome.
Thanks y'all
Upvotes: 0
Views: 864
Answers (1)
Reputation: 7903
You can use AWS::SSO::Assignment to join the permission set, principal and account.
Upvotes: 1
Related Questions
- Is there a way to provision aws sso users via cloudformation/cdk?
- AWS CloudFormation use existing security group
- aws cloudformation - permission control / routine
- How to restrict IAM Role specific to SQS in aws cloudformation template
- Create IAM role and attach a custom policy
- Create IAM role only with managed cloudformation policy
- How do I identify what IAM permissions are required for AWS CloudFormation?
- create AWS IAM Policy using cloudformation
- CloudFormation IAM Role -- AssumeRolePolicyDocument
- Least privilege AWS IAM policy for cloudformation