groups
Creates, updates, deletes or gets a group resource or lists groups in a region
Overview
| Name | groups |
| Type | Resource |
| Description | Resource Type definition for AWS::IdentityStore::Group |
| Id | aws.identitystore.groups |
Fields
| Name | Datatype | Description |
|---|---|---|
description | string | A string containing the description of the group. |
display_name | string | A string containing the name of the group. This value is commonly displayed when the group is referenced. |
group_id | string | The unique identifier for a group in the identity store. |
identity_store_id | string | The globally unique identifier for the identity store. |
region | string | AWS region. |
Methods
| Name | Accessible by | Required Params |
|---|---|---|
create_resource | INSERT | IdentityStoreId, DisplayName, region |
delete_resource | DELETE | data__Identifier, region |
update_resource | UPDATE | data__Identifier, data__PatchDocument, region |
list_resources | SELECT | region |
get_resource | SELECT | data__Identifier, region |
SELECT examples
Gets all groups in a region.
SELECT
region,
description,
display_name,
group_id,
identity_store_id
FROM aws.identitystore.groups
WHERE region = 'us-east-1';
Gets all properties from an individual group.
SELECT
region,
description,
display_name,
group_id,
identity_store_id
FROM aws.identitystore.groups
WHERE region = 'us-east-1' AND data__Identifier = '<GroupId>|<IdentityStoreId>';
INSERT example
Use the following StackQL query and manifest file to create a new group resource, using stack-deploy.
- Required Properties
- All Properties
- Manifest
/*+ create */
INSERT INTO aws.identitystore.groups (
DisplayName,
IdentityStoreId,
region
)
SELECT
'{{ DisplayName }}',
'{{ IdentityStoreId }}',
'{{ region }}';
/*+ create */
INSERT INTO aws.identitystore.groups (
Description,
DisplayName,
IdentityStoreId,
region
)
SELECT
'{{ Description }}',
'{{ DisplayName }}',
'{{ IdentityStoreId }}',
'{{ region }}';
version: 1
name: stack name
description: stack description
providers:
- aws
globals:
- name: region
value: '{{ vars.AWS_REGION }}'
resources:
- name: group
props:
- name: Description
value: '{{ Description }}'
- name: DisplayName
value: '{{ DisplayName }}'
- name: IdentityStoreId
value: '{{ IdentityStoreId }}'
DELETE example
/*+ delete */
DELETE FROM aws.identitystore.groups
WHERE data__Identifier = '<GroupId|IdentityStoreId>'
AND region = 'us-east-1';
Permissions
To operate on the groups resource, the following permissions are required:
Create
identitystore:CreateGroup,
identitystore:DescribeGroup
Read
identitystore:DescribeGroup
Update
identitystore:DescribeGroup,
identitystore:UpdateGroup
Delete
identitystore:DescribeGroup,
identitystore:DeleteGroup
List
identitystore:ListGroups