AWS::SSO::ApplicationAssignment
A structure that describes an assignment of a principal to an application.
Syntax
To declare this entity in your Amazon CloudFormation template, use the following syntax:
JSON
{ "Type" : "AWS::SSO::ApplicationAssignment", "Properties" : { "ApplicationArn" :String, "PrincipalId" :String, "PrincipalType" :String} }
YAML
Type: AWS::SSO::ApplicationAssignment Properties: ApplicationArn:StringPrincipalId:StringPrincipalType:String
Properties
ApplicationArn-
The ARN of the application that has principals assigned.
Required: Yes
Type: String
Pattern:
arn:(aws|aws-us-gov|aws-cn|aws-iso|aws-iso-b):sso::\d{12}:application/(sso)?ins-[a-zA-Z0-9-.]{16}/apl-[a-zA-Z0-9]{16}Minimum:
10Maximum:
1224Update requires: Replacement
PrincipalId-
The unique identifier of the principal assigned to the application.
Required: Yes
Type: String
Pattern:
^([0-9a-f]{10}-|)[A-Fa-f0-9]{8}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{12}$Minimum:
1Maximum:
47Update requires: Replacement
PrincipalType-
The type of the principal assigned to the application.
Required: Yes
Type: String
Allowed values:
USER | GROUPUpdate requires: Replacement
Return values
Ref
When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns a generated ID, combined by all fields with the delimiter
|.
For more information about using the Ref function, see Ref.
Examples
Creating a new application assignment for IAM Identity Center
The following example grants the user permission to access the example application.
JSON
"ApplicationAssignment": { "Type": "AWS::SSO::ApplicationAssignment", "Properties": { "ApplicationArn": "arn:aws:sso:::application/ssoins-exampleapplicationid", "PrincipalID": "user_id", "PrincipalType": "USER" } }
YAML
ApplicationAssignment: Type: AWS::SSO::ApplicationAssignment Properties: ApplicationArn: 'arn:aws:sso:::application/ssoins-exampleapplicationid' PrincipalID: 'user_id' PrincipalType: 'USER'