AWS Single Sign-On (AWS SSO) now supports AWS Identity and Access Management (IAM) customer managed policies (CMPs) and permission boundary policies within AWS SSO permission sets. The new capability helps AWS SSO customers to improve their security posture by creating larger and finer-grained policies for least privilege access and by tailoring policies to reference the resources of the account to which they are applied. Using CMPs, AWS SSO customers can maintain the consistency of policies, as CMP changes apply automatically to all permission sets and roles that use the CMP. This enables customers to govern their CMPs and permissions boundaries centrally, and allows auditors to find, monitor, and review them. Customers, who have existing CMPs for roles they manage in AWS IAM, can reuse their CMPs without the need to create, review, and approve new in-line policies for permission sets.
Source:: Amazon AWS