AWS::SSO::InstanceAccessControlAttributeConfiguration AccessControlAttribute - AWS CloudFormation (original) (raw)

These are IAM Identity Center identity store attributes that you can configure for use in attributes-based access control (ABAC). You can create permissions policies that determine who can access your AWS resources based upon the configured attribute values. When you enable ABAC and specify AccessControlAttributes, IAM Identity Center passes the attribute values of the authenticated user into IAM for use in policy evaluation.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

Properties

Key

The name of the attribute associated with your identities in your identity source. This is used to map a specified attribute in your identity source with an attribute in IAM Identity Center.

Required: Yes

Type: String

Pattern: [\p{L}\p{Z}\p{N}_.:\/=+\-@]+

Minimum: 1

Maximum: 128

Update requires: No interruption

Value

The value used for mapping a specified attribute to an identity source.

Required: Yes

Type: AccessControlAttributeValue

Update requires: No interruption

AWS::SSO::InstanceAccessControlAttributeConfiguration

AccessControlAttributeValue

Did this page help you? - Yes

Thanks for letting us know we're doing a good job!

If you've got a moment, please tell us what we did right so we can do more of it.

Did this page help you? - No

Thanks for letting us know this page needs work. We're sorry we let you down.

If you've got a moment, please tell us how we can make the documentation better.