Class CfnPermissionSet.PermissionsBoundaryProperty
Specifies the configuration of the AWS managed or customer managed policy that you want to set as a permissions boundary.
Inheritance
Namespace: Amazon.CDK.AWS.SSO
Assembly: Amazon.CDK.AWS.SSO.dll
Syntax (csharp)
public class PermissionsBoundaryProperty : Object, CfnPermissionSet.IPermissionsBoundaryProperty
Syntax (vb)
Public Class PermissionsBoundaryProperty
Inherits Object
Implements CfnPermissionSet.IPermissionsBoundaryProperty
Remarks
Specify either CustomerManagedPolicyReference
to use the name and path of a customer managed policy, or ManagedPolicyArn
to use the ARN of an AWS managed policy. A permissions boundary represents the maximum permissions that any policy can grant your role. For more information, see Permissions boundaries for IAM entities in the IAM User Guide .
Policies used as permissions boundaries don't provide permissions. You must also attach an IAM policy to the role. To learn how the effective permissions for a role are evaluated, see IAM JSON policy evaluation logic in the IAM User Guide .
ExampleMetadata: fixture=_generated
Examples
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
using Amazon.CDK.AWS.SSO;
var permissionsBoundaryProperty = new PermissionsBoundaryProperty {
CustomerManagedPolicyReference = new CustomerManagedPolicyReferenceProperty {
Name = "name",
// the properties below are optional
Path = "path"
},
ManagedPolicyArn = "managedPolicyArn"
};
Synopsis
Constructors
PermissionsBoundaryProperty() |
Properties
CustomerManagedPolicyReference | Specifies the name and path of a customer managed policy. |
ManagedPolicyArn | The AWS managed policy ARN that you want to attach to a permission set as a permissions boundary. |
Constructors
PermissionsBoundaryProperty()
public PermissionsBoundaryProperty()
Properties
CustomerManagedPolicyReference
Specifies the name and path of a customer managed policy.
public object CustomerManagedPolicyReference { get; set; }
Property Value
System.Object
Remarks
You must have an IAM policy that matches the name and path in each AWS account where you want to deploy your permission set.
ManagedPolicyArn
The AWS managed policy ARN that you want to attach to a permission set as a permissions boundary.
public string ManagedPolicyArn { get; set; }
Property Value
System.String