AWS Fundamentals Logo
AWS Fundamentals
AWS::SSO::PermissionSet

SSO PermissionSet

Resource Type definition for SSO PermissionSet

Properties

10 configurable properties. 2 required. Click a row to see details.

Filter:
PropertyTypeFlags
InstanceArn
string
RequiredCreate-only
Name
string
RequiredCreate-only
CustomerManagedPolicyReferences
Array<CustomerManagedPolicyReference>
Description
string
InlinePolicy
objectstring
ManagedPolicies
Array<string>
PermissionsBoundary
PermissionsBoundary
RelayStateType
string
SessionDuration
string
Tags
Array<Tag>

Return Values

Values returned after the resource is created. Access these with Fn::GetAtt.

AttributeTypeDescription
PermissionSetArnstringThe permission set that the policy will be attached to

Sample CloudFormation Template

A minimal template with required properties and common optional ones.

template.yaml
AWSTemplateFormatVersion: "2010-09-09"
Description: Sample template for AWS::SSO::PermissionSet

Resources:
  MyResource:
    Type: AWS::SSO::PermissionSet
    Properties:
      Name: "my-name"
      InstanceArn: "arn:aws:service:region:account:resource"
      Tags:
        - Key: Environment
          Value: Production
      Description: !Ref "AWS::StackName"

Required IAM Permissions

Permissions CloudFormation needs in your IAM role to manage this resource.

create

sso:CreatePermissionSetsso:PutInlinePolicyToPermissionSetsso:AttachManagedPolicyToPermissionSetsso:AttachCustomerManagedPolicyReferenceToPermissionSetsso:PutPermissionsBoundaryToPermissionSetsso:TagResourcesso:DescribePermissionSetsso:ListTagsForResource

read

sso:DescribePermissionSetsso:ListTagsForResourcesso:ListManagedPoliciesInPermissionSetsso:ListCustomerManagedPolicyReferencesInPermissionSetsso:GetInlinePolicyForPermissionSetsso:GetPermissionsBoundaryForPermissionSet

update

sso:UpdatePermissionSetsso:TagResourcesso:UntagResourcesso:ListTagsForResourcesso:AttachManagedPolicyToPermissionSetsso:AttachCustomerManagedPolicyReferenceToPermissionSetsso:DetachManagedPolicyFromPermissionSetsso:DetachCustomerManagedPolicyReferenceFromPermissionSet

delete

sso:DeletePermissionSet

list

sso:DescribePermissionSet

Learn AWS the Practical Way

Our bi-weekly newsletter teaches hands-on AWS fundamentals. No certification fluff - just practical knowledge.

Subscribe to Newsletter

Quick Facts

ServiceSSO
Properties11
Required2
TaggingSupported
Primary IDInstanceArn

Supported Operations

CreateReadUpdateDeleteList

Immutable After Creation

These properties cannot be changed after the resource is created. Updating them triggers a replacement.

InstanceArnName

Related Resources

External Links