Support for aws_ssoadmin_permissions_boundary_attachment

[anthonyangel]

Have a question? Please checkout our Slack Community or visit our Slack Archive.

Describe the Feature

Extend this module to allow setting AWS SSO Admin Permissions Boundary resources, https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ssoadmin_permissions_boundary_attachment

Expected Behavior

Being able to set the permissions boundary via a call to the module

Use Case

This is a relatively new feature supported by AWS. Currently we have inline policies with Deny on them, but using a permissions boundary would be the more idiomatic AWS way of doing it.

Describe Ideal Solution

permissions_boundary as an optional argument to the permission set.

Alternatives Considered

• Using deny on an inline policy
• Creating the ssoadmin_permissions_boundary_attachment outside of the module (referencing the ARN created by the module)

Additional Context

ssoadmin_customer_managed_policy_attachment was also recently announced, as an alternative to inline policies. It would likely be a very similar implementation