AWS::SSO::AssignmentSSO Assignment
Resource Type definition for SSO assignmet
Properties
6 configurable properties. 6 required. Click a row to see details.
Filter:
| Property | Type | Flags |
|---|---|---|
InstanceArn | string | RequiredCreate-only |
PermissionSetArn | string | RequiredCreate-only |
PrincipalId | string | RequiredCreate-only |
PrincipalType | string | RequiredCreate-only |
TargetId | string | RequiredCreate-only |
TargetType | string | RequiredCreate-only |
Sample CloudFormation Template
A minimal template with required properties and common optional ones.
template.yaml
AWSTemplateFormatVersion: "2010-09-09"
Description: Sample template for AWS::SSO::Assignment
Resources:
MyResource:
Type: AWS::SSO::Assignment
Properties:
InstanceArn: "arn:aws:service:region:account:resource"
TargetId: "my-targetid"
TargetType: "AWS_ACCOUNT"
PermissionSetArn: "arn:aws:service:region:account:resource"
PrincipalType: "USER"
PrincipalId: "my-principalid"Required IAM Permissions
Permissions CloudFormation needs in your IAM role to manage this resource.
create
sso:CreateAccountAssignmentsso:DescribeAccountAssignmentCreationStatussso:ListAccountAssignmentsiam:GetSAMLProvideriam:CreateSAMLProvideriam:AttachRolePolicyiam:PutRolePolicyiam:CreateRoleread
sso:ListAccountAssignmentsiam:GetSAMLProvideriam:ListRolePoliciesdelete
sso:ListAccountAssignmentssso:DeleteAccountAssignmentsso:DescribeAccountAssignmentDeletionStatusiam:GetSAMLProvideriam:ListRolePolicieslist
sso:ListAccountAssignmentsiam:ListRolePoliciesLearn AWS the Practical Way
Our bi-weekly newsletter teaches hands-on AWS fundamentals. No certification fluff - just practical knowledge.
Subscribe to NewsletterQuick Facts
ServiceSSO
Properties6
Required6
TaggingNot supported
Primary ID
InstanceArnSupported Operations
CreateReadDeleteList
Immutable After Creation
These properties cannot be changed after the resource is created. Updating them triggers a replacement.
InstanceArnTargetIdTargetTypePermissionSetArnPrincipalTypePrincipalId