Skip to content

Commit a5406f2

Browse files
Benbentwoclaude
andauthored
Add Partner Central Permission Sets mixin (#59)
* Add Partner Central Permission Sets mixin This adds a new mixin file with 8 AWS Partner Central permission sets: - PartnerCentralFullAccess - PartnerCentralAccountMgmt - PartnerCentralOpportunityMgmt - PartnerCentralSandboxAccess - PartnerCentralResourceSnapshot - PartnerCentralChannelMgmt - PartnerCentralHandshakeMgmt - PartnerCentralMarketingMgmt These permission sets enable AWS Partner Central integration and APN program management. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com> * Add mixins documentation Adds comprehensive documentation for using mixins with the aws-identity-center component: - How to vendor mixins via component.yaml - How to vendor mixins via vendor.yaml - How to activate permission sets using additional-permission-sets_override.tf - Pattern for creating custom mixins - Detailed examples for all approaches Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com> * docs: Add mixins usage documentation to README - Add comprehensive "Using Mixins" section to README.yaml - Document how to vendor mixins via component.yaml and vendor.yaml - Explain how to activate permission sets using additional-permission-sets_override.tf - Provide examples for creating custom mixins - Regenerate README.md using atmos docs generate readme Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com> --------- Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>
1 parent f390601 commit a5406f2

File tree

4 files changed

+478
-0
lines changed

4 files changed

+478
-0
lines changed

README.md

Lines changed: 120 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

README.yaml

Lines changed: 120 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -145,6 +145,126 @@ usage: |-
145145
7. If you want the permission set to be able to use Terraform, enable access to the Terraform state read/write (default)
146146
role in `tfstate-backend`.
147147
148+
### Using Mixins
149+
150+
Mixins provide a way to extend the component with additional permission sets without modifying the core component code.
151+
This makes it easier to keep your components up-to-date with upstream changes while maintaining custom functionality.
152+
153+
#### Available Mixins
154+
155+
This component provides several mixins in the [`mixins/`](./mixins) directory:
156+
157+
- **`policy-PartnerCentral.tf`** - AWS Partner Central permission sets for AWS Partner Network (APN) integration
158+
159+
See the [mixins/README.md](./mixins/README.md) for a complete list of available mixins and detailed documentation.
160+
161+
#### Vendoring Mixins
162+
163+
**Option 1: Via component.yaml (Recommended)**
164+
165+
Add the mixin to your component's `component.yaml` file:
166+
167+
```yaml
168+
# components/terraform/aws-sso/component.yaml
169+
apiVersion: atmos/v1
170+
kind: ComponentVendorConfig
171+
spec:
172+
source:
173+
uri: github.com/cloudposse-terraform-components/aws-identity-center.git//src?ref={{ .Version }}
174+
version: 1.0.0
175+
included_paths:
176+
- "**/**"
177+
excluded_paths: []
178+
179+
# Mixins are pulled and merged into your component directory
180+
mixins:
181+
- uri: github.com/cloudposse-terraform-components/aws-identity-center.git//mixins/policy-PartnerCentral.tf?ref={{ .Version }}
182+
version: 1.0.0
183+
filename: policy-PartnerCentral.tf
184+
```
185+
186+
**Option 2: Via vendor.yaml**
187+
188+
Use a centralized `vendor.yaml` file:
189+
190+
```yaml
191+
# vendor.yaml
192+
apiVersion: atmos/v1
193+
kind: AtmosVendorConfig
194+
spec:
195+
sources:
196+
- component: "terraform/aws-sso"
197+
source: "github.com/cloudposse-terraform-components/aws-identity-center.git//src?ref={{ .Version }}"
198+
version: "1.0.0"
199+
targets:
200+
- "components/terraform/aws-sso"
201+
mixins:
202+
- source: "github.com/cloudposse-terraform-components/aws-identity-center.git//mixins/policy-PartnerCentral.tf?ref={{ .Version }}"
203+
version: "1.0.0"
204+
filename: "policy-PartnerCentral.tf"
205+
```
206+
207+
Then run:
208+
```bash
209+
atmos vendor pull -c aws-sso
210+
```
211+
212+
#### Activating Vendored Permission Sets
213+
214+
After vendoring a mixin, include the permission sets in your component by updating `additional-permission-sets_override.tf`:
215+
216+
```hcl
217+
# components/terraform/aws-sso/additional-permission-sets_override.tf
218+
locals {
219+
# Add custom permission sets.
220+
# Mixins define local variables (e.g., local.partner_central_permission_sets)
221+
# that you concatenate into this list.
222+
overridable_additional_permission_sets = concat(
223+
local.partner_central_permission_sets, # From policy-PartnerCentral.tf mixin
224+
# Add other permission set locals here as needed
225+
# local.custom_permission_sets,
226+
)
227+
}
228+
```
229+
230+
Each mixin defines a local variable containing its permission sets. For example, `policy-PartnerCentral.tf` defines
231+
`local.partner_central_permission_sets` with 8 permission sets for AWS Partner Central.
232+
233+
#### Creating Custom Mixins
234+
235+
You can create your own mixin files following this pattern:
236+
237+
```hcl
238+
# components/terraform/aws-sso/policy-CustomRole.tf
239+
locals {
240+
custom_permission_sets = [
241+
{
242+
name = "MyCustomRole"
243+
description = "Description of the role"
244+
relay_state = ""
245+
session_duration = ""
246+
tags = {}
247+
inline_policy = ""
248+
policy_attachments = ["arn:${local.aws_partition}:iam::aws:policy/CustomPolicy"]
249+
customer_managed_policy_attachments = []
250+
},
251+
]
252+
}
253+
```
254+
255+
Then reference it in `additional-permission-sets_override.tf`:
256+
257+
```hcl
258+
locals {
259+
overridable_additional_permission_sets = concat(
260+
local.custom_permission_sets,
261+
local.partner_central_permission_sets,
262+
)
263+
}
264+
```
265+
266+
For more details, see [mixins/README.md](./mixins/README.md).
267+
148268
#### Example
149269
150270
The example snippet below shows how to use this module with various combinations (plain YAML, YAML Anchors and a

0 commit comments

Comments
 (0)