https://pulumi.com logo
Join Slack
Powered by
This message was deleted.
# getting-started
s
This message was deleted.
m
what I'm trying to do is: • create IAM user • assign user to groups • assign permission sets to user
l
When importing, you need to import the resource as-is. Any updates cannot be made until after the resource is imported. According to the page you linked, importing a PermissionSet needs the permission set's ARN and the SSO instance's ARN. There's an example at the bottom of the page.
m
Yeah, I'm not sure what the "SSO instance's ARN" means - is it a session or?
I'm trying to modify the permission sets from an org admin perspective, and have no idea what that value is expected to be - tried finding examples of usage but couldn't. The import example below:
Copy code
pulumi import aws:ssoadmin/permissionSet:PermissionSet example arn:aws:sso:::permissionSet/ssoins-2938j0x8920sbj72/ps-80383020jr9302rk,arn:aws:sso:::instance/ssoins-2938j0x8920sbj72
Gives me no clue as to where to actually find awssso:instance
l
The SSO instance is the thing that the PermissionSet is in. It's another AWS resource.
m
Yeah thats the thing, if i do list-instances it seems like it only lists active ones
And I'm trying to assign those from a user management perspective, not an active session one
l
Not session. Single Sign-On Instance. To view it, go to IAM Identity Center, Settings. You want the "Instance ARN" in the Details section.
m
OH
thank you so much ...i have been googling furiously for like 40+ min
l
Yes it's a bit of a problem / confusing point, since AWS renamed SSO to IAM Identity Center recently, and the search results get all tangled as a result...
m
yep, that
😭
Open in Slack
PreviousNext
Powered by