These are IAM Identity Center identity store attributes that you can configure for use in attributes-based access control (ABAC).
You can create permissions policies that determine who can access your AWS resources based upon the configured attribute values.
When you enable ABAC and specify AccessControlAttributes, IAM Identity Center passes the attribute values of the authenticated user into IAM for use in policy evaluation.
The value used for mapping a specified attribute to an identity source.
For more information, see Attribute mappings in the IAM Identity Center User Guide.
Specifies the name and path of a customer managed policy.
You must have an IAM policy that matches the name and path in each AWS account where you want to deploy your permission set.
Specifies the configuration of the AWS managed or customer managed policy that you want to set as a permissions boundary.
Specify either CustomerManagedPolicyReference to use the name and path of a customer managed policy, or ManagedPolicyArn to use the ARN of an AWS managed policy.
A permissions boundary represents the maximum permissions that any policy can grant your role.
For more information, see Permissions boundaries for IAM entities in the IAM User Guide.
A set of key-value pairs that are used to manage the resource.
Tags can only be applied to permission sets and cannot be applied to corresponding roles that IAM Identity Center creates in AWS accounts.