适用于 AWS SSO 的 AWS CDK 构造库
项目描述
AWS SSO 的 CDK 库
注意:这个构造库目前正在开发中,需要更多的测试,但基本上它应该可以工作。
此 CDK 库为 AWS SSO CfnPermissionSet 和 CfnAssignment 提供 L2 构造。分配不被其他资源消耗,因此它的属性和属性是最小的,但是 L2 构造使其更易于交互,并允许为权限集和分配要求提供更全功能的构造。
特征
PermissionSet用于包括从 ARN 导入和授予权限的L2 构造- L2 构造
Assignment - 一些枚举为某些属性提供有效输入
API文档
见API
例子
权限集
import { PermissionSet, Assignment, PrincipalTypes } from '@renovosolutions/cdk-library-aws-sso';
import {
App,
Stack,
StackProps,
aws_sso as sso,
aws_iam as iam,
Duration,
} from 'aws-cdk-lib';
// create a permission set
const permissionSetExample = new PermissionSet(this, 'permissionSet', {
ssoInstanceArn: 'arn:aws:sso:::instance/ssoins-1234567891234567',
name: 'ExamplePermissionSet',
description: 'Example permission set with some policies',
awsManagedPolicies: [
iam.ManagedPolicy.fromAwsManagedPolicyName('job-function/ViewOnlyAccess'),
],
customerManagedPolicyReferences: [
{
name: 'someServiceLogRead', // must exist in the target account
path: '/',
}
],
relayStateType: 'https://us-east-1.console.aws.amazon.com/cloudwatch/home'
})
// assign it to an account/principal with an Assignment
new Assignment(this, 'ExampleAssignment', {
permissionSet: permissionSetExample,
principal: {
principalId: '25750630-0ae9-479a-97c2-0afc2d5b4eac,
principalType: PrincipalTypes.GROUP,
},
targetId: '124567890123456',
});
// assign it to something else with a grant
permissionSetExample.grant('permissionSetExampleAssignment', {
principal: {
principalId: '12350630-0ae9-479a-97c2-0afc2d5b4eac',
principalType: PrincipalTypes.GROUP,
},
targetId: '344567890123456',
});
// import an existing permission set
const existingPermissionSetExample = PermissionSet.fromPermissionSetArn(this, 'existingPermissionSetExample', 'arn:aws:sso:::permissionSet/ssoins-1234567891234567/ps-55a5555a5a55ab55');
