application_assignments
Creates, updates, deletes or gets an application_assignment resource or lists application_assignments in a region
Overview
| Name | application_assignments |
| Type | Resource |
| Description | Resource Type definition for SSO application access grant to a user or group. |
| Id | awscc.sso.application_assignments |
Fields
- get (all properties)
- list (identifiers only)
| Name | Datatype | Description |
|---|---|---|
application_arn | string | The ARN of the application. |
principal_type | string | The entity type for which the assignment will be created. |
principal_id | string | An identifier for an object in IAM Identity Center, such as a user or group |
region | string | AWS region. |
| Name | Datatype | Description |
|---|---|---|
application_arn | string | The ARN of the application. |
principal_type | string | The entity type for which the assignment will be created. |
principal_id | string | An identifier for an object in IAM Identity Center, such as a user or group |
region | string | AWS region. |
For more information, see AWS::SSO::ApplicationAssignment.
Methods
| Name | Resource | Accessible by | Required Params |
|---|---|---|---|
create_resource | application_assignments | INSERT | ApplicationArn, PrincipalType, PrincipalId, region |
delete_resource | application_assignments | DELETE | Identifier, region |
list_resources | application_assignments_list_only | SELECT | region |
get_resource | application_assignments | SELECT | Identifier, region |
SELECT examples
- get (all properties)
- list (identifiers only)
Gets all properties from an individual application_assignment.
SELECT
region,
application_arn,
principal_type,
principal_id
FROM awscc.sso.application_assignments
WHERE
region = 'us-east-1' AND
Identifier = '{{ application_arn }}|{{ principal_type }}|{{ principal_id }}';
Lists all application_assignments in a region.
SELECT
region,
application_arn,
principal_type,
principal_id
FROM awscc.sso.application_assignments_list_only
WHERE
region = 'us-east-1';
INSERT example
Use the following StackQL query and manifest file to create a new application_assignment resource, using stack-deploy.
- Required Properties
- All Properties
- Manifest
/*+ create */
INSERT INTO awscc.sso.application_assignments (
ApplicationArn,
PrincipalType,
PrincipalId,
region
)
SELECT
'{{ application_arn }}',
'{{ principal_type }}',
'{{ principal_id }}',
'{{ region }}';
/*+ create */
INSERT INTO awscc.sso.application_assignments (
ApplicationArn,
PrincipalType,
PrincipalId,
region
)
SELECT
'{{ application_arn }}',
'{{ principal_type }}',
'{{ principal_id }}',
'{{ region }}';
version: 1
name: stack name
description: stack description
providers:
- aws
globals:
- name: region
value: '{{ vars.AWS_REGION }}'
resources:
- name: application_assignment
props:
- name: application_arn
value: '{{ application_arn }}'
- name: principal_type
value: '{{ principal_type }}'
- name: principal_id
value: '{{ principal_id }}'
DELETE example
/*+ delete */
DELETE FROM awscc.sso.application_assignments
WHERE
Identifier = '{{ application_arn }}|{{ principal_type }}|{{ principal_id }}' AND
region = 'us-east-1';
Permissions
To operate on the application_assignments resource, the following permissions are required:
- Create
- Read
- Delete
- List
sso:CreateApplicationAssignment,
sso:DescribeApplicationAssignment
sso:DescribeApplicationAssignment
sso:DeleteApplicationAssignment
sso:ListApplicationAssignments