From 550b0b75c3ffd724f359110ef86ed95b34b963ab Mon Sep 17 00:00:00 2001 From: Michael Foley Date: Wed, 7 Feb 2024 17:25:58 +1100 Subject: [PATCH] feat(user): add permissions boundary arn config (#799) Allows for setting a permissions boundary on a user creation which can be set via the solution. This is generally an enforced value provided through external processes so configuring it makes sense --- aws/components/user/id.ftl | 13 +++++++++++++ aws/components/user/setup.ftl | 4 ++++ 2 files changed, 17 insertions(+) diff --git a/aws/components/user/id.ftl b/aws/components/user/id.ftl index 3914dc528..a8a6443a8 100644 --- a/aws/components/user/id.ftl +++ b/aws/components/user/id.ftl @@ -13,3 +13,16 @@ AWS_TRANSFER_SERVICE ] /] + + +[@addResourceGroupAttributeValues + type=USER_COMPONENT_TYPE + provider=AWS_PROVIDER + extensions=[ + { + "Names" : "PermissionsBoundaryPolicyArn", + "Types": STRING_TYPE, + "Description": "The Arn of a Permissions Boundary Policy Arn" + } + ] +/] diff --git a/aws/components/user/setup.ftl b/aws/components/user/setup.ftl index 1ee17449e..fb641ef91 100644 --- a/aws/components/user/setup.ftl +++ b/aws/components/user/setup.ftl @@ -234,6 +234,10 @@ attributeIfContent( "ManagedPolicyArns", getManagedPoliciesFromSet(policySet) + ) + + attributeIfContent( + "PermissionsBoundary", + (solution["aws:PermissionsBoundaryPolicyArn"])!"" ) outputs=USER_OUTPUT_MAPPINGS tags=getOccurrenceTags(occurrence)