Comments (4)
PR #41 fixes the missing documentation, and since the functionality originates from a hard restriction on the service API, I am going ahead and closing the issue for now @allquixotic .
At a later time, when AWS SSO does allow operating permission sets/account assignments through API on org main account, then we would adapt the code to handle this. For reference, this is a single if condition that would be commented out, and the solution would then start treating org main account as any other account.
from aws-iam-identity-center-extensions.
Hi @allquixotic ,
This is a limitation with not our solution but AWS SSO admin API. Using AWS SSO admin API, you can't programmatically assign/remove a permission set to OrgMain account. The API does not allow this operation, as it's a fail safe implemented by the service directly.
This is why our solution skips OrgMain account in any root
scope type operations. With regards to override ability, since the API does not allow this , we don't have any way to implement this.
Please let me know if you need any other details.
from aws-iam-identity-center-extensions.
Thanks for the information. I am good with closing this issue, but my only suggestion might be to mention this prominently in README.md. I'll leave it open in case you want to reference this issue in a doc change PR.
Thanks again!
from aws-iam-identity-center-extensions.
Thank you for the feedback @allquixotic , we will reference this in the doc updates PR
from aws-iam-identity-center-extensions.
Related Issues (20)
- Update Deprecated Lambda Runtimes nodejs 12.x HOT 1
- Workshop updates HOT 1
- Unhandled exceptions when upgrading to 3.1.7 HOT 8
- Permission sets aren't provisioning in 3.1.7 HOT 3
- Unable to deploy 3.1.7
- Permission set doesn't update despite all good signs
- Trio of exception emails when uploading new permission sets
- Restricting creating Permission Sets without attaching the Permission Boundary for the same. HOT 1
- yarn install doesn't work HOT 1
- "User is missing the following permissions" error when trying to region switch HOT 1
- 3.2.0 introduces resource update behaviour bugs for IAM roles HOT 1
- Permission set schema doesn't handle NotAction and NotResource HOT 6
- ThrottlingException HOT 6
- Account provisioning does not work for tripple nested OUs HOT 4
- Permission sets failing to create with no SNS error HOT 9
- Option to make APIs / S3 uploads "always update" the solution HOT 2
- Space in group or user name should raise error
- Add customer managed policy and permission boundaries HOT 2
- Typo in Json Schema HOT 3
- AWS SSO renamed to AWS IAM Identity Center HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from aws-iam-identity-center-extensions.