Add Partner Central Permission Sets mixin

[Benbentwo]

Summary

• Adds a new mixin file policy-PartnerCentral.tf with 8 AWS Partner Central permission sets
• Enables AWS Partner Central integration and AWS Partner Network (APN) program management

Permission Sets Included

1. PartnerCentralFullAccess - Full access to AWS Partner Central and related services
2. PartnerCentralAccountMgmt - Manage IAM roles linked to partner users
3. PartnerCentralOpportunityMgmt - Manage opportunities in AWS Partner Central
4. PartnerCentralSandboxAccess - Developer testing in the Sandbox catalog
5. PartnerCentralResourceSnapshot - ResourceSnapshotJob permissions
6. PartnerCentralChannelMgmt - Manage channel programs and relationships
7. PartnerCentralHandshakeMgmt - Channel handshake approval management
8. PartnerCentralMarketingMgmt - Manage marketing activities and campaigns

Test plan

• Verify mixin file can be imported into aws-identity-center component
• Validate Terraform syntax and formatting
• Confirm permission sets are available in catalog configurations

🤖 Generated with Claude Code

Summary by CodeRabbit

• Chores

  • Added structured Partner Central permission-set configurations covering nine Partner Central role types for consistent, reusable access definitions.

• Documentation

  • Added comprehensive mixins documentation and "Using Mixins" guidance with vendoring workflows, activation steps, examples, and instructions for creating and integrating custom permission-set mixins.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Note

Other AI code review bot(s) detected

CodeRabbit has detected other AI code review bot(s) in this pull request and will avoid duplicating their findings in the review comments. This may lead to a less comprehensive review.

📝 Walkthrough

Walkthrough

Adds a Terraform locals block partner_central_permission_sets defining nine Partner Central permission-set descriptors and new/expanded documentation (mixins/README.md, README.md, README.yaml) describing mixins, vendoring workflows, activation steps, and guidance for creating custom mixins.

Changes

Cohort / File(s)	Summary
Partner Central Policy Configuration mixins/policy-PartnerCentral.tf	Added locals.partner_central_permission_sets containing 9 permission-set objects (fields: name, description, relay_state, session_duration, tags, inline_policy, policy_attachments, customer_managed_policy_attachments).
Mixins Documentation mixins/README.md	Added comprehensive mixin README: purpose, listed permission sets, vendoring usage options (component.yaml, vendor.yaml, manual), activation steps, examples, and guidance for creating new mixins.
Top-level Documentation Updates README.md, README.yaml	Inserted "Using Mixins" content with vendoring workflows, examples, activation instructions, and guidance; README.yaml contains duplicated insertions of the same material.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• Add TerraformStateAccess Permission Set #57 — Adds new IAM permission-set definitions and modifies permission_sets locals/module inputs similar to this PR.

Suggested reviewers

• osterman

Poem

🐰 I hopped through code with carrot bright,

Nine tiny keys to grant the right,
Docs snug in burrows, tidy and sweet,
Permission carrots — a dev's little treat! 🥕

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the main change: adding a new Partner Central Permission Sets mixin file with associated documentation.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 844a6dcc1a

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[mergify]

Important

Do not edit the README.md directly. It's auto-generated from the README.yaml

Please update the README.yaml file instead.

Could you fix it @Benbentwo? 🙏

[Benbentwo]

Documentation Added

I've added comprehensive documentation in mixins/README.md that covers:

Usage Options

Option 1: Vendor via component.yaml

# components/terraform/aws-sso/component.yaml
spec:
  source:
    uri: github.com/cloudposse-terraform-components/aws-identity-center.git//src?ref={{ .Version }}
    version: 1.0.0
  mixins:
    - uri: github.com/cloudposse-terraform-components/aws-identity-center.git//mixins/policy-PartnerCentral.tf?ref={{ .Version }}
      version: 1.0.0
      filename: policy-PartnerCentral.tf

Option 2: Vendor via vendor.yaml (for centralized vendoring configuration)

Option 3: Manual copy (for quick testing)

Activating the Permission Sets

After vendoring, create or update additional-permission-sets_override.tf in your component:

# components/terraform/aws-sso/additional-permission-sets_override.tf
locals {
  overridable_additional_permission_sets = concat(
    local.partner_central_permission_sets,
    # Add other permission set locals here as needed
  )
}

Then run:

atmos vendor pull -c aws-sso

The mixin defines local.partner_central_permission_sets which contains all 8 Partner Central permission sets. By concatenating it into overridable_additional_permission_sets, these permission sets become available for assignment in your AWS Identity Center configuration.

See the full documentation for complete examples and patterns for creating your own custom mixins.

[github-actions]

These changes were released in v1.540.2.