Amazon IAM Identity Center · JSON Structure

Sso Admin Access Control Attribute Structure

These are IAM Identity Center identity store attributes that you can configure for use in attributes-based access control (ABAC). You can create permissions policies that determine who can access your AWS resources based upon the configured attribute values. When you enable ABAC and specify AccessControlAttributes, IAM Identity Center passes the attribute values of the authenticated user into IAM for use in policy evaluation.

Type: object Properties: 2 Required: 2
Access ControlAuthenticationIdentity ManagementSingle Sign-On

AccessControlAttribute is a JSON Structure definition published by Amazon IAM Identity Center, describing 2 properties, of which 2 are required. It conforms to the https://json-structure.org/meta/core/v0/# meta-schema.

Properties

Key Value

Meta-schema: https://json-structure.org/meta/core/v0/#

JSON Structure

Raw ↑ 
{
  "$schema": "https://json-structure.org/meta/core/v0/#",
  "$id": "https://raw.githubusercontent.com/api-evangelist/amazon-iam-identity-center/refs/heads/main/json-structure/sso-admin-access-control-attribute-structure.json",
  "name": "AccessControlAttribute",
  "description": "These are IAM Identity Center identity store attributes that you can configure for use in attributes-based access control (ABAC). You can create permissions policies that determine who can access your AWS resources based upon the configured attribute values. When you enable ABAC and specify <code>AccessControlAttributes</code>, IAM Identity Center passes the attribute values of the authenticated user into IAM for use in policy evaluation.",
  "type": "object",
  "properties": {
    "Key": {
      "allOf": [
        {
          "$ref": "#/components/schemas/AccessControlAttributeKey"
        },
        {
          "description": "The name of the attribute associated with your identities in your identity source. This is used to map a specified attribute in your identity source with an attribute in IAM Identity Center."
        }
      ]
    },
    "Value": {
      "allOf": [
        {
          "$ref": "#/components/schemas/AccessControlAttributeValue"
        },
        {
          "description": "The value used for mapping a specified attribute to an identity source."
        }
      ]
    }
  },
  "required": [
    "Key",
    "Value"
  ]
}