AWS::SSO::InstanceAccessControlAttributeConfiguration AccessControlAttribute
These are IAM Identity Center identity store attributes that you can configure for use in
attributes-based access control (ABAC). You can create permissions policies that determine
who can access your Amazon resources based upon the configured attribute values. When you
enable ABAC and specify AccessControlAttributes
, IAM Identity Center passes the attribute
values of the authenticated user into IAM for use in policy evaluation.
Syntax
To declare this entity in your Amazon CloudFormation template, use the following syntax:
JSON
{ "Key" :
String
, "Value" :AccessControlAttributeValue
}
YAML
Key:
String
Value:AccessControlAttributeValue
Properties
Key
-
The name of the attribute associated with your identities in your identity source. This is used to map a specified attribute in your identity source with an attribute in IAM Identity Center.
Required: Yes
Type: String
Pattern:
[\p{L}\p{Z}\p{N}_.:\/=+\-@]+
Minimum:
1
Maximum:
128
Update requires: No interruption
Value
-
The value used for mapping a specified attribute to an identity source.
Required: Yes
Type: AccessControlAttributeValue
Update requires: No interruption