Skip to content

Service: sso

Attached Policies

Policy ARN Policy Name
arn:aws:iam::aws:policy/ReadOnlyAccess ReadOnlyAccess
arn:aws:iam::aws:policy/SecurityAudit SecurityAudit
arn:aws:iam::aws:policy/aws-service-role/AWSConfigServiceRolePolicy AWSConfigServiceRolePolicy
arn:aws:iam::aws:policy/AWSSSOReadOnly AWSSSOReadOnly
arn:aws:iam::aws:policy/AWSSSOMasterAccountAdministrator AWSSSOMasterAccountAdministrator
arn:aws:iam::aws:policy/AWSSSOMemberAccountAdministrator AWSSSOMemberAccountAdministrator
arn:aws:iam::aws:policy/AWSSSODirectoryAdministrator AWSSSODirectoryAdministrator
arn:aws:iam::aws:policy/aws-service-role/AmazonSageMakerNotebooksServiceRolePolicy AmazonSageMakerNotebooksServiceRolePolicy
arn:aws:iam::aws:policy/service-role/AWS_ConfigRole AWS_ConfigRole
arn:aws:iam::aws:policy/aws-service-role/AWSSupportServiceRolePolicy AWSSupportServiceRolePolicy
arn:aws:iam::aws:policy/aws-service-role/AmazonHoneycodeServiceRolePolicy AmazonHoneycodeServiceRolePolicy
arn:aws:iam::aws:policy/aws-service-role/AWSServiceRoleForMonitronPolicy AWSServiceRoleForMonitronPolicy
arn:aws:iam::aws:policy/aws-service-role/AWSSystemsManagerChangeManagementServicePolicy AWSSystemsManagerChangeManagementServicePolicy
arn:aws:iam::aws:policy/AWSGrafanaWorkspacePermissionManagement AWSGrafanaWorkspacePermissionManagement
arn:aws:iam::aws:policy/aws-service-role/AmazonOpenSearchServiceRolePolicy AmazonOpenSearchServiceRolePolicy
arn:aws:iam::aws:policy/service-role/AWSSupplyChainFederationAdminAccess AWSSupplyChainFederationAdminAccess
arn:aws:iam::aws:policy/aws-service-role/AWSServiceRoleForCodeWhispererPolicy AWSServiceRoleForCodeWhispererPolicy
arn:aws:iam::aws:policy/AmazonDataZoneFullAccess AmazonDataZoneFullAccess
arn:aws:iam::aws:policy/AWSGrafanaWorkspacePermissionManagementV2 AWSGrafanaWorkspacePermissionManagementV2
arn:aws:iam::aws:policy/AmazonDataZoneSageMakerEnvironmentRolePermissionsBoundary AmazonDataZoneSageMakerEnvironmentRolePermissionsBoundary
arn:aws:iam::aws:policy/aws-service-role/AWSServiceRoleForUserSubscriptions AWSServiceRoleForUserSubscriptions
arn:aws:iam::aws:policy/aws-service-role/AppStudioServiceRolePolicy AppStudioServiceRolePolicy
arn:aws:iam::aws:policy/SageMakerStudioFullAccess SageMakerStudioFullAccess
arn:aws:iam::aws:policy/AIOpsAssistantPolicy AIOpsAssistantPolicy
arn:aws:iam::aws:policy/AIOpsConsoleAdminPolicy AIOpsConsoleAdminPolicy
arn:aws:iam::aws:policy/AIOpsReadOnlyAccess AIOpsReadOnlyAccess
arn:aws:iam::aws:policy/AIOpsOperatorAccess AIOpsOperatorAccess

Allowed Actions

Action Service
sso:* sso
sso:AssociateProfile sso
sso:CreateApplication sso
sso:CreateApplicationAssignment sso
sso:CreateManagedApplicationInstance sso
sso:DeleteApplication sso
sso:DeleteManagedApplicationInstance sso
sso:Describe* sso
sso:DescribeAccountAssignmentCreationStatus sso
sso:DescribeApplication sso
sso:DescribeInstance sso
sso:DescribeInstanceAccessControlAttributeConfiguration sso
sso:DescribePermissionSet sso
sso:DescribePermissionsPolicies sso
sso:DescribeRegisteredRegions sso
sso:DisassociateProfile sso
sso:Get* sso
sso:GetApplicationAssignmentConfiguration sso
sso:GetInlinePolicyForPermissionSet sso
sso:GetManagedApplicationInstance sso
sso:GetPermissionsBoundaryForPermissionSet sso
sso:GetProfile sso
sso:GetSSOStatus sso
sso:GetSharedSsoConfiguration sso
sso:List* sso
sso:ListAccountAssignments sso
sso:ListApplicationAssignments sso
sso:ListApplications sso
sso:ListCustomerManagedPolicyReferencesInPermissionSet sso
sso:ListDirectoryAssociations sso
sso:ListInstances sso
sso:ListManagedPoliciesInPermissionSet sso
sso:ListPermissionSets sso
sso:ListProfileAssociations sso
sso:ListProfiles sso
sso:ListTagsForResource sso
sso:PutApplicationAccessScope sso
sso:PutApplicationAssignmentConfiguration sso
sso:PutApplicationAuthenticationMethod sso
sso:PutApplicationGrant sso
sso:Search* sso
sso:TagResource sso
sso:describeApplication sso
sso:describeApplicationAssignment sso
sso:describeApplicationProvider sso
sso:describeInstance sso
sso:describeTrustedTokenIssuer sso
sso:getApplicationAccessScope sso
sso:getApplicationAssignmentConfiguration sso
sso:getApplicationAuthenticationMethod sso
sso:getApplicationGrant sso
sso:getApplicationInstance sso
sso:getApplicationTemplate sso
sso:getManagedApplicationInstance sso
sso:getSharedSsoConfiguration sso
sso:listApplicationAccessScopes sso
sso:listApplicationAssignments sso
sso:listApplicationAuthenticationMethods sso
sso:listApplicationGrants sso
sso:listApplicationInstances sso
sso:listApplicationProviders sso
sso:listApplicationTemplates sso
sso:listApplications sso
sso:listDirectoryAssociations sso
sso:listInstances sso
sso:listProfileAssociations sso
sso:listTrustedTokenIssuers sso