https://pulumi.com logo
Join Slack
Powered by
Hi folks :wave: I think I may be misunderstanding ...
# getting-started
m
Hi folks 👋 I think I may be misunderstanding how the pulumi construct for aws.ssoadmin.PermissionSet works; I'd like to import the below permissionSet and assign an additional AWS account to it. The documentation (https://www.pulumi.com/registry/packages/aws/api-docs/ssoadmin/permissionset/#aws-ssoadmin-permissionset) Seems to require some kind of "instanceId"?
what I'm trying to do is: • create IAM user • assign user to groups • assign permission sets to user
l
When importing, you need to import the resource as-is. Any updates cannot be made until after the resource is imported. According to the page you linked, importing a PermissionSet needs the permission set's ARN and the SSO instance's ARN. There's an example at the bottom of the page.
m
Yeah, I'm not sure what the "SSO instance's ARN" means - is it a session or?
I'm trying to modify the permission sets from an org admin perspective, and have no idea what that value is expected to be - tried finding examples of usage but couldn't. The import example below:
Copy code
pulumi import aws:ssoadmin/permissionSet:PermissionSet example arn:aws:sso:::permissionSet/ssoins-2938j0x8920sbj72/ps-80383020jr9302rk,arn:aws:sso:::instance/ssoins-2938j0x8920sbj72
Gives me no clue as to where to actually find awssso:instance
l
The SSO instance is the thing that the PermissionSet is in. It's another AWS resource.
m
Yeah thats the thing, if i do list-instances it seems like it only lists active ones
And I'm trying to assign those from a user management perspective, not an active session one
l
Not session. Single Sign-On Instance. To view it, go to IAM Identity Center, Settings. You want the "Instance ARN" in the Details section.
m
OH
thank you so much ...i have been googling furiously for like 40+ min
l
Yes it's a bit of a problem / confusing point, since AWS renamed SSO to IAM Identity Center recently, and the search results get all tangled as a result...
m
yep, that
😭
Open in Slack
PreviousNext
Powered by