This is the new Amazon CloudFormation Template Reference Guide. Please update your bookmarks and links. For help getting started with CloudFormation, see the Amazon CloudFormation User Guide.
AWS::SSO::PermissionSet PermissionsBoundary
Specifies the configuration of the Amazon managed or customer managed policy that you
want to set as a permissions boundary. Specify either
CustomerManagedPolicyReference to use the name and path of a customer
managed policy, or ManagedPolicyArn to use the ARN of an Amazon managed
policy. A permissions boundary represents the maximum permissions that any policy can
grant your role. For more information, see Permissions boundaries
for IAM entities in the IAM User Guide.
Important
Policies used as permissions boundaries don't provide permissions. You must also attach an IAM policy to the role. To learn how the effective permissions for a role are evaluated, see IAM JSON policy evaluation logic in the IAM User Guide.
Syntax
To declare this entity in your Amazon CloudFormation template, use the following syntax:
JSON
{ "CustomerManagedPolicyReference" :CustomerManagedPolicyReference, "ManagedPolicyArn" :String}
Properties
CustomerManagedPolicyReference-
Specifies the name and path of a customer managed policy. You must have an IAM policy that matches the name and path in each Amazon Web Services account where you want to deploy your permission set.
Required: No
Type: CustomerManagedPolicyReference
Update requires: No interruption
ManagedPolicyArn-
The Amazon managed policy ARN that you want to attach to a permission set as a permissions boundary.
Required: No
Type: String
Minimum:
20Maximum:
2048Update requires: No interruption