Class: Aws::SSOAdmin::Types::PermissionsBoundary

Inherits:

Struct

• Object
• Struct
• Aws::SSOAdmin::Types::PermissionsBoundary

Includes:

Aws::Structure

Defined in:

lib/aws-sdk-ssoadmin/types.rb

Overview

Specifies the configuration of the Amazon Web Services managed or customer managed policy that you want to set as a permissions boundary. Specify either ‘CustomerManagedPolicyReference` to use the name and path of a customer managed policy, or `ManagedPolicyArn` to use the ARN of an Amazon Web Services managed policy. A permissions boundary represents the maximum permissions that any policy can grant your role. For more information, see [Permissions boundaries for IAM entities] in the *IAM User Guide*.

Policies used as permissions boundaries don’t provide permissions. You must also attach an IAM policy to the role. To learn how the effective permissions for a role are evaluated, see [IAM JSON policy evaluation logic] in the *IAM User Guide*.

[1]: docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html [2]: docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html

See Also:

• AWS API Documentation

Constant Summary

SENSITIVE =

[]

Instance Attribute Summary

• #customer_managed_policy_reference ⇒ Types::CustomerManagedPolicyReference

  Specifies the name and path of a customer managed policy.

• #managed_policy_arn ⇒ String

  The Amazon Web Services managed policy ARN that you want to attach to a permission set as a permissions boundary.

Instance Attribute Details

#customer_managed_policy_reference ⇒ Types::CustomerManagedPolicyReference

Specifies the name and path of a customer managed policy. You must have an IAM policy that matches the name and path in each Amazon Web Services account where you want to deploy your permission set.

Returns:

• (Types::CustomerManagedPolicyReference)

# File 'lib/aws-sdk-ssoadmin/types.rb', line 3671

class PermissionsBoundary < Struct.new(
  :customer_managed_policy_reference,
  :managed_policy_arn)
  SENSITIVE = []
  include Aws::Structure
end

#managed_policy_arn ⇒ String

The Amazon Web Services managed policy ARN that you want to attach to a permission set as a permissions boundary.

Returns:

• (String)

# File 'lib/aws-sdk-ssoadmin/types.rb', line 3671

class PermissionsBoundary < Struct.new(
  :customer_managed_policy_reference,
  :managed_policy_arn)
  SENSITIVE = []
  include Aws::Structure
end