sso:GetApplicationSessionConfiguration is a Read access-level action in the sso service. Grants permission to get session configuration for an application
ARNs that sso:GetApplicationSessionConfiguration can be scoped to in an IAM policy.
Keys you can use in the Condition block of a policy that grants sso:GetApplicationSessionConfiguration.
Filters access by the tags associated with the resource
Filters access by the account which creates the application. This condition key is not supported for customer managed SAML applications
Filters access by the primary region of the IAM Identity Center instance
To use sso:GetApplicationSessionConfiguration you may also need to grant:
A minimal policy that allows sso:GetApplicationSessionConfiguration. Replace "Resource": "*" with a specific ARN to follow least privilege.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowSsoGetApplicationSessionConfiguration",
"Effect": "Allow",
"Action": "sso:GetApplicationSessionConfiguration",
"Resource": "*"
}
]
}