instance_access_control_attribute_configurations

Creates, updates, deletes or gets an instance_access_control_attribute_configuration resource or lists instance_access_control_attribute_configurations in a region

Overview

Name	`instance_access_control_attribute_configurations`
Type	Resource
Description	Resource Type definition for SSO InstanceAccessControlAttributeConfiguration
Id	`aws.sso.instance_access_control_attribute_configurations`

Fields

Name	Datatype	Description
`instance_arn`	`string`	The ARN of the AWS SSO instance under which the operation will be executed.
`instance_access_control_attribute_configuration`	`object`	The InstanceAccessControlAttributeConfiguration property has been deprecated but is still supported for backwards compatibility purposes. We recomend that you use AccessControlAttributes property instead.
`access_control_attributes`	`array`
`region`	`string`	AWS region.

Methods

Name	Accessible by	Required Params
`create_resource`	`INSERT`	`InstanceArn, region`
`delete_resource`	`DELETE`	`data__Identifier, region`
`update_resource`	`UPDATE`	`data__Identifier, data__PatchDocument, region`
`list_resources`	`SELECT`	`region`
`get_resource`	`SELECT`	`data__Identifier, region`

`SELECT` examples

Gets all instance_access_control_attribute_configurations in a region.

SELECT
region,
instance_arn,
instance_access_control_attribute_configuration,
access_control_attributes
FROM aws.sso.instance_access_control_attribute_configurations
WHERE region = 'us-east-1';

Gets all properties from an individual instance_access_control_attribute_configuration.

SELECT
region,
instance_arn,
instance_access_control_attribute_configuration,
access_control_attributes
FROM aws.sso.instance_access_control_attribute_configurations
WHERE region = 'us-east-1' AND data__Identifier = '<InstanceArn>';

`INSERT` example

Use the following StackQL query and manifest file to create a new instance_access_control_attribute_configuration resource, using stack-deploy.

Required Properties
All Properties
Manifest

/*+ create */
INSERT INTO aws.sso.instance_access_control_attribute_configurations (
 InstanceArn,
 region
)
SELECT 
'{{ InstanceArn }}',
'{{ region }}';

/*+ create */
INSERT INTO aws.sso.instance_access_control_attribute_configurations (
 InstanceArn,
 InstanceAccessControlAttributeConfiguration,
 AccessControlAttributes,
 region
)
SELECT 
 '{{ InstanceArn }}',
 '{{ InstanceAccessControlAttributeConfiguration }}',
 '{{ AccessControlAttributes }}',
 '{{ region }}';

version: 1
name: stack name
description: stack description
providers:
  - aws
globals:
  - name: region
    value: '{{ vars.AWS_REGION }}'
resources:
  - name: instance_access_control_attribute_configuration
    props:
      - name: InstanceArn
        value: '{{ InstanceArn }}'
      - name: InstanceAccessControlAttributeConfiguration
        value:
          AccessControlAttributes:
            - Key: '{{ Key }}'
              Value:
                Source:
                  - '{{ Source[0] }}'
      - name: AccessControlAttributes
        value: null

`DELETE` example

/*+ delete */
DELETE FROM aws.sso.instance_access_control_attribute_configurations
WHERE data__Identifier = '<InstanceArn>'
AND region = 'us-east-1';

Permissions

To operate on the instance_access_control_attribute_configurations resource, the following permissions are required:

Create

sso:CreateInstanceAccessControlAttributeConfiguration,
sso:UpdateApplicationProfileForAWSAccountInstance,
sso:DescribeInstanceAccessControlAttributeConfiguration

Read

sso:DescribeInstanceAccessControlAttributeConfiguration

Update

sso:UpdateInstanceAccessControlAttributeConfiguration,
sso:DescribeInstanceAccessControlAttributeConfiguration

Delete

sso:DeleteInstanceAccessControlAttributeConfiguration,
sso:DescribeInstanceAccessControlAttributeConfiguration

List

sso:DescribeInstanceAccessControlAttributeConfiguration

Overview​

Fields​

Methods​

SELECT examples​

INSERT example​

DELETE example​

Permissions​

Create​

Read​

Update​

Delete​

List​