Copyright | (c) 2013-2023 Brendan Hay |
---|---|
License | Mozilla Public License, v. 2.0. |
Maintainer | Brendan Hay |
Stability | auto-generated |
Portability | non-portable (GHC extensions) |
Safe Haskell | Safe-Inferred |
Language | Haskell2010 |
Documentation
data PermissionsBoundary Source #
Specifies the configuration of the AWS managed or customer managed
policy that you want to set as a permissions boundary. Specify either
CustomerManagedPolicyReference
to use the name and path of a customer
managed policy, or ManagedPolicyArn
to use the ARN of an AWS managed
policy. A permissions boundary represents the maximum permissions that
any policy can grant your role. For more information, see
Permissions boundaries for IAM entities
in the IAM User Guide.
Policies used as permissions boundaries don't provide permissions. You must also attach an IAM policy to the role. To learn how the effective permissions for a role are evaluated, see IAM JSON policy evaluation logic in the IAM User Guide.
See: newPermissionsBoundary
smart constructor.
PermissionsBoundary' | |
|
Instances
newPermissionsBoundary :: PermissionsBoundary Source #
Create a value of PermissionsBoundary
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:customerManagedPolicyReference:PermissionsBoundary'
, permissionsBoundary_customerManagedPolicyReference
- Specifies the name and path of a customer managed policy. You must have
an IAM policy that matches the name and path in each AWS account where
you want to deploy your permission set.
$sel:managedPolicyArn:PermissionsBoundary'
, permissionsBoundary_managedPolicyArn
- The AWS managed policy ARN that you want to attach to a permission set
as a permissions boundary.
permissionsBoundary_customerManagedPolicyReference :: Lens' PermissionsBoundary (Maybe CustomerManagedPolicyReference) Source #
Specifies the name and path of a customer managed policy. You must have an IAM policy that matches the name and path in each AWS account where you want to deploy your permission set.
permissionsBoundary_managedPolicyArn :: Lens' PermissionsBoundary (Maybe Text) Source #
The AWS managed policy ARN that you want to attach to a permission set as a permissions boundary.