AWS::SSO::Instance - Amazon CloudFormation
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).


Creates an instance of IAM Identity Center for a standalone Amazon Web Services account that is not managed by Amazon Organizations or a member Amazon Web Services account in an organization. You can create only one instance per account and across all Amazon Web Services Regions.

The CreateInstance request is rejected if the following apply:

  • The instance is created within the organization management account.

  • An instance already exists in the same account.


To declare this entity in your Amazon CloudFormation template, use the following syntax:


{ "Type" : "AWS::SSO::Instance", "Properties" : { "Name" : String, "Tags" : [ Tag, ... ] } }


Type: AWS::SSO::Instance Properties: Name: String Tags: - Tag



The name of the Identity Center instance.

Required: No

Type: String

Pattern: ^[\w+=,.@-]+$

Minimum: 1

Maximum: 32

Update requires: No interruption


Specifies tags to be attached to the instance of IAM Identity Center.

Required: No

Type: Array of Tag

Maximum: 75

Update requires: No interruption

Return values


When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns a generated ID, combined by all fields with the delimiter |.

For more information about using the Ref function, see Ref.



The identifier of the identity store that is connected to the Identity Center instance.


The ARN of the Identity Center instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and Amazon Service Namespaces in the Amazon General Reference.


The Amazon Web Services account ID number of the owner of the Identity Center instance.


The current status of this Identity Center instance.


Creating a new instance of IAM Identity Center

The following example creates an instance of IAM Identity Center for a specific Amazon account.


"Instance": { "Type": "AWS::SSO::Instance", "Properties": { "Name": "InstanceExample", "Tags": { "InstanceTagKey1": "InstanceTagValue1" } } }


Instance: Type: AWS::SSO::Instance Properties: Name: InstanceExample Tags: InstanceTagKey1: 'InstanceTagValue1'