An SSO permission set is a template that defines a collection of one or more IAM policies. A permission set is applied to allow SSO principals (users or groups) access to one or more AWS accounts.

A configuration template to assign access to a specified principal (SSO Group or User) to an AWS account using an SSO Permission Set

This template creates a custom permission set, `PermissionSetWithCmpPb`, with policies attached and a customer managed policy as a permissions boundary. The permission set is created within a specified IAM Identity Center instance. The template specifies the instance ARN, name, description, session duration, managed policies, customer managed policy references, and permissions boundary.

This template creates a custom permission set, `PermissionSet`, with a managed policies attachment (AdministratorAccess policy). The permission set is created within a specified IAM Identity Center instance, and creates an assignment for the AWS account Id 123456789012 and the user `my_admin_user`

This template enables the attribute-based access control (ABAC) feature for the specified IAM Identity Center instance. It creates a new attribute key `CostCenter` that is mapped to the value `“${path:enterprise.costCenter}”` which is coming from the identity source.

This template creates a custom assignment for the IAM Identity Center. It assigns the user with the ID 'user_id' access to the AWS account with the ID 'accountId' in the specified AWS SSO instance. The assignment is made using the permission set specified by the 'PermissionSetArn' property.