AWS::SSO::ApplicationAssignment - AWS CloudFormation (original) (raw)
A structure that describes an assignment of a principal to an application.
Syntax
To declare this entity in your AWS CloudFormation template, use the following syntax:
JSON
{
"Type" : "AWS::SSO::ApplicationAssignment",
"Properties" : {
"ApplicationArn" : String,
"PrincipalId" : String,
"PrincipalType" : String
}
}
YAML
Type: AWS::SSO::ApplicationAssignment
Properties:
ApplicationArn: String
PrincipalId: String
PrincipalType: String
Properties
ApplicationArn
The ARN of the application that has principals assigned.
Required: Yes
Type: String
Pattern: arn:(aws|aws-us-gov|aws-cn|aws-iso|aws-iso-b):sso::\d{12}:application/(sso)?ins-[a-zA-Z0-9-.]{16}/apl-[a-zA-Z0-9]{16}
Minimum: 10
Maximum: 1224
Update requires: Replacement
PrincipalId
The unique identifier of the principal assigned to the application.
Required: Yes
Type: String
Pattern: ^([0-9a-f]{10}-|)[A-Fa-f0-9]{8}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{12}$
Minimum: 1
Maximum: 47
Update requires: Replacement
PrincipalType
The type of the principal assigned to the application.
Required: Yes
Type: String
Allowed values: USER | GROUP
Update requires: Replacement
Return values
Ref
When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns a generated ID, combined by all fields with the delimiter|.
For more information about using the Ref function, see Ref.
Examples
Creating a new application assignment for IAM Identity Center
The following example grants the user permission to access the example application.
JSON
"ApplicationAssignment": {
"Type": "AWS::SSO::ApplicationAssignment",
"Properties": {
"ApplicationArn": "arn:aws:sso:::application/ssoins-exampleapplicationid",
"PrincipalID": "user_id",
"PrincipalType": "USER"
}
}YAML
ApplicationAssignment:
Type: AWS::SSO::ApplicationAssignment
Properties:
ApplicationArn: 'arn:aws:sso:::application/ssoins-exampleapplicationid'
PrincipalID: 'user_id'
PrincipalType: 'USER'