security_profiles
Creates, updates, deletes or gets a security_profile resource or lists security_profiles in a region
Overview
| Name | security_profiles |
| Type | Resource |
| Description | Resource Type definition for AWS::Connect::SecurityProfile |
| Id | awscc.connect.security_profiles |
Fields
- get (all properties)
- list (identifiers only)
| Name | Datatype | Description |
|---|---|---|
allowed_access_control_tags | array | The list of tags that a security profile uses to restrict access to resources in Amazon Connect. |
description | string | The description of the security profile. |
instance_arn | string | The identifier of the Amazon Connect instance. |
permissions | array | Permissions assigned to the security profile. |
security_profile_arn | string | The Amazon Resource Name (ARN) for the security profile. |
security_profile_name | string | The name of the security profile. |
tag_restricted_resources | array | The list of resources that a security profile applies tag restrictions to in Amazon Connect. |
hierarchy_restricted_resources | array | The list of resources that a security profile applies hierarchy restrictions to in Amazon Connect. |
allowed_access_control_hierarchy_group_id | string | The identifier of the hierarchy group that a security profile uses to restrict access to resources in Amazon Connect. |
applications | array | A list of third-party applications that the security profile will give access to. |
tags | array | The tags used to organize, track, or control access for this resource. |
last_modified_region | string | The AWS Region where this resource was last modified. |
last_modified_time | number | The timestamp when this resource was last modified. |
region | string | AWS region. |
| Name | Datatype | Description |
|---|---|---|
security_profile_arn | string | The Amazon Resource Name (ARN) for the security profile. |
region | string | AWS region. |
For more information, see AWS::Connect::SecurityProfile.
Methods
| Name | Resource | Accessible by | Required Params |
|---|---|---|---|
create_resource | security_profiles | INSERT | InstanceArn, SecurityProfileName, region |
delete_resource | security_profiles | DELETE | Identifier, region |
update_resource | security_profiles | UPDATE | Identifier, PatchDocument, region |
list_resources | security_profiles_list_only | SELECT | region |
get_resource | security_profiles | SELECT | Identifier, region |
SELECT examples
- get (all properties)
- list (identifiers only)
Gets all properties from an individual security_profile.
SELECT
region,
allowed_access_control_tags,
description,
instance_arn,
permissions,
security_profile_arn,
security_profile_name,
tag_restricted_resources,
hierarchy_restricted_resources,
allowed_access_control_hierarchy_group_id,
applications,
tags,
last_modified_region,
last_modified_time
FROM awscc.connect.security_profiles
WHERE
region = 'us-east-1' AND
Identifier = '{{ security_profile_arn }}';
Lists all security_profiles in a region.
SELECT
region,
security_profile_arn
FROM awscc.connect.security_profiles_list_only
WHERE
region = 'us-east-1';
INSERT example
Use the following StackQL query and manifest file to create a new security_profile resource, using stack-deploy.
- Required Properties
- All Properties
- Manifest
/*+ create */
INSERT INTO awscc.connect.security_profiles (
InstanceArn,
SecurityProfileName,
region
)
SELECT
'{{ instance_arn }}',
'{{ security_profile_name }}',
'{{ region }}';
/*+ create */
INSERT INTO awscc.connect.security_profiles (
AllowedAccessControlTags,
Description,
InstanceArn,
Permissions,
SecurityProfileName,
TagRestrictedResources,
HierarchyRestrictedResources,
AllowedAccessControlHierarchyGroupId,
Applications,
Tags,
region
)
SELECT
'{{ allowed_access_control_tags }}',
'{{ description }}',
'{{ instance_arn }}',
'{{ permissions }}',
'{{ security_profile_name }}',
'{{ tag_restricted_resources }}',
'{{ hierarchy_restricted_resources }}',
'{{ allowed_access_control_hierarchy_group_id }}',
'{{ applications }}',
'{{ tags }}',
'{{ region }}';
version: 1
name: stack name
description: stack description
providers:
- aws
globals:
- name: region
value: '{{ vars.AWS_REGION }}'
resources:
- name: security_profile
props:
- name: allowed_access_control_tags
value:
- key: '{{ key }}'
value: '{{ value }}'
- name: description
value: '{{ description }}'
- name: instance_arn
value: '{{ instance_arn }}'
- name: permissions
value:
- '{{ permissions[0] }}'
- name: security_profile_name
value: '{{ security_profile_name }}'
- name: tag_restricted_resources
value:
- '{{ tag_restricted_resources[0] }}'
- name: hierarchy_restricted_resources
value:
- null
- name: allowed_access_control_hierarchy_group_id
value: '{{ allowed_access_control_hierarchy_group_id }}'
- name: applications
value:
- application_permissions:
- '{{ application_permissions[0] }}'
namespace: '{{ namespace }}'
- name: tags
value:
- null
UPDATE example
Use the following StackQL query and manifest file to update a security_profile resource, using stack-deploy.
/*+ update */
UPDATE awscc.connect.security_profiles
SET PatchDocument = string('{{ {
"AllowedAccessControlTags": allowed_access_control_tags,
"Description": description,
"Permissions": permissions,
"TagRestrictedResources": tag_restricted_resources,
"HierarchyRestrictedResources": hierarchy_restricted_resources,
"AllowedAccessControlHierarchyGroupId": allowed_access_control_hierarchy_group_id,
"Applications": applications,
"Tags": tags
} | generate_patch_document }}')
WHERE
region = '{{ region }}' AND
Identifier = '{{ security_profile_arn }}';
DELETE example
/*+ delete */
DELETE FROM awscc.connect.security_profiles
WHERE
Identifier = '{{ security_profile_arn }}' AND
region = 'us-east-1';
Permissions
To operate on the security_profiles resource, the following permissions are required:
- Create
- Read
- Update
- Delete
- List
connect:CreateSecurityProfile,
connect:TagResource
connect:DescribeSecurityProfile,
connect:ListSecurityProfileApplications,
connect:ListSecurityProfilePermissions
connect:TagResource,
connect:UpdateSecurityProfile,
connect:UntagResource
connect:DeleteSecurityProfile,
connect:UntagResource
connect:ListSecurityProfiles