identity_sources
Creates, updates, deletes or gets an identity_source resource or lists identity_sources in a region
Overview
| Name | identity_sources |
| Type | Resource |
| Description | Resource Type definition for AWS::MPA::IdentitySource. |
| Id | awscc.mpa.identity_sources |
Fields
- get (all properties)
- list (identifiers only)
| Name | Datatype | Description |
|---|---|---|
identity_source_arn | string | |
identity_source_parameters | object | |
tags | array | |
identity_source_type | string | |
creation_time | string | |
status | string | |
status_code | string | |
status_message | string | |
region | string | AWS region. |
| Name | Datatype | Description |
|---|---|---|
identity_source_arn | string | |
region | string | AWS region. |
For more information, see AWS::MPA::IdentitySource.
Methods
| Name | Resource | Accessible by | Required Params |
|---|---|---|---|
create_resource | identity_sources | INSERT | IdentitySourceParameters, region |
delete_resource | identity_sources | DELETE | Identifier, region |
update_resource | identity_sources | UPDATE | Identifier, PatchDocument, region |
list_resources | identity_sources_list_only | SELECT | region |
get_resource | identity_sources | SELECT | Identifier, region |
SELECT examples
- get (all properties)
- list (identifiers only)
Gets all properties from an individual identity_source.
SELECT
region,
identity_source_arn,
identity_source_parameters,
tags,
identity_source_type,
creation_time,
status,
status_code,
status_message
FROM awscc.mpa.identity_sources
WHERE
region = 'us-east-1' AND
Identifier = '{{ identity_source_arn }}';
Lists all identity_sources in a region.
SELECT
region,
identity_source_arn
FROM awscc.mpa.identity_sources_list_only
WHERE
region = 'us-east-1';
INSERT example
Use the following StackQL query and manifest file to create a new identity_source resource, using stack-deploy.
- Required Properties
- All Properties
- Manifest
/*+ create */
INSERT INTO awscc.mpa.identity_sources (
IdentitySourceParameters,
region
)
SELECT
'{{ identity_source_parameters }}',
'{{ region }}';
/*+ create */
INSERT INTO awscc.mpa.identity_sources (
IdentitySourceParameters,
Tags,
region
)
SELECT
'{{ identity_source_parameters }}',
'{{ tags }}',
'{{ region }}';
version: 1
name: stack name
description: stack description
providers:
- aws
globals:
- name: region
value: '{{ vars.AWS_REGION }}'
resources:
- name: identity_source
props:
- name: identity_source_parameters
value:
iam_identity_center:
instance_arn: '{{ instance_arn }}'
region: '{{ region }}'
approval_portal_url: '{{ approval_portal_url }}'
- name: tags
value:
- key: '{{ key }}'
value: '{{ value }}'
UPDATE example
Use the following StackQL query and manifest file to update a identity_source resource, using stack-deploy.
/*+ update */
UPDATE awscc.mpa.identity_sources
SET PatchDocument = string('{{ {
"Tags": tags
} | generate_patch_document }}')
WHERE
region = '{{ region }}' AND
Identifier = '{{ identity_source_arn }}';
DELETE example
/*+ delete */
DELETE FROM awscc.mpa.identity_sources
WHERE
Identifier = '{{ identity_source_arn }}' AND
region = 'us-east-1';
Permissions
To operate on the identity_sources resource, the following permissions are required:
- Create
- Read
- Update
- Delete
- List
mpa:CreateIdentitySource,
mpa:TagResource,
mpa:ListTagsForResource,
mpa:GetIdentitySource,
sso:DescribeApplication,
sso:DescribeInstance,
sso:CreateApplication,
sso:PutApplicationAssignmentConfiguration,
sso:PutApplicationGrant,
sso:PutApplicationAuthenticationMethod,
sso:PutApplicationAccessScope,
kms:Decrypt
mpa:GetIdentitySource,
mpa:ListTagsForResource
mpa:GetIdentitySource,
mpa:TagResource,
mpa:ListTagsForResource,
mpa:UntagResource
mpa:DeleteIdentitySource,
mpa:GetIdentitySource,
mpa:UntagResource,
sso:DeleteApplication,
sso:ListInstances,
kms:Decrypt
mpa:ListIdentitySources,
mpa:ListTagsForResource