![](/img/trans.png)
[英]Getting AccessDeniedException from Lambda function when calling AWS SSO Permission set
[英]Allocate AWS SSO Permission Set to Groups in Accounts
致力于对 aws sso 设置进行完整编码
到目前为止,通过 Terraform 编码我拥有所有权限集并使用 scim 拉入组。 将权限集分配给帐户中的组(我有 100 多个帐户)是手动完成的。 我想通过 IaC (Terraform) 将权限集分配给选定帐户中的组,但我终其一生都找不到工作代码。
我试过使用
aws_sso_permission_set_group_assignment
aws_sso_permission_set_group_attachment
aws_sso_group_permission_set_assignment
aws_sso_permission_set_assignment
aws_sso_permission_set_attachment
aws_sso_group_permission_set_attachment
,
我在一些旧文档中找到了这些,但它们不起作用:(给The provider hashicorp/aws does not support resource type
有没有人可以提供有关如何解决此问题或如何克服此问题的建议
这是尝试过的代码示例
resource "aws_sso_group_permission_set_attachment" "example" {
group_id = "93sd433ee-cd43e4b-cfww-434e-re33-707a0987eb"
permission_set_id = "arn:aws:sso:::permissionSet/ssoins-63456a11we432d8/ps-1231ded3d42fcrr2"
account_id = "8765322052550"
}
resource "aws_sso_group_permission_set_attachment" "example" {
permission_set_arn = "arn:aws:sso:::permissionSet/ssoins-63456a11we432d8/ps-1231ded3d42fcrr2"
group_name = "93sd433ee-cd43e4b-cfww-434e-re33-707a0987eb"
account_id = "8765322052550"
}
ssoadmin_account_assignment资源是您可能正在寻找的东西,请 go 通过资源中的所有可用属性来满足您的需求。
resource "aws_ssoadmin_account_assignment" "example" {
instance_arn = tolist(data.aws_ssoadmin_instances.example.arns)[0]
permission_set_arn = "arn_of_the_permission_set" # replace this with actually permission set arn
principal_id = "group_id" # replace this with groupID
principal_type = "GROUP"
target_id = "012347678910" # replace with account ID
target_type = "AWS_ACCOUNT"
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.