# AWS::SSO::InstanceAccessControlAttributeConfiguration Enables the attribute-based access control (ABAC) feature for the specified AWS SSO instance. You can also specify new attributes to add to your ABAC configuration during the enabling process. For more information about ABAC, see [Attribute-Based Access Control](https://docs.aws.amazon.com/singlesignon/latest/userguide/abac.html) in the AWS SSO User Guide. > **_NOTE:_** The InstanceAccessControlAttributeConfiguration property has been deprecated but is still supported for backwards compatibility purposes. We recomend that you use `AccessControlAttributes` property instead. ## Syntax To declare this entity in your AWS CloudFormation template, use the following syntax: ### JSON

{
    "Type" : "AWS::SSO::InstanceAccessControlAttributeConfiguration",
    "Properties" : {
        "InstanceArn" : String,
        "AccessControlAttributes" : [ AccessControlAttribute, ... ]
    }
}

### YAML

Type: AWS::SSO::InstanceAccessControlAttributeConfiguration
Properties:
    InstanceArn: String
    AccessControlAttributes: 
      - AccessControlAttribute

## Properties #### InstanceArn The ARN of the AWS SSO instance under which the operation will be executed. _Required_: Yes _Type_: String _Minimum_: 10 _Maximum_: 1224 _Pattern_: arn:aws:sso:::instance/(sso)?ins-[a-zA-Z0-9-.]{16} _Update requires_: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) #### AccessControlAttributes Lists the attributes that are configured for ABAC in the specified AWS SSO instance. _Required_: Yes (Unless deprecated field InstanceAccessControlAttributeConfiguration is in use, see deprecation notice)". _Type_: List of AccessControlAttribute _Update requires_: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) #### InstanceAccessControlAttributeConfiguration The InstanceAccessControlAttributeConfiguration property has been deprecated but is still supported for backwards compatibility purposes. We recomend that you use `AccessControlAttributes` property instead. _Required_: No _Type_: InstanceAccessControlAttributeConfiguration _Update requires_: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) ## Return Values ### Ref When you pass the logical ID of this resource to the intrinsic `Ref` function, Ref returns the InstanceArn.