[feat] Multi Party Approval Identity Source (aws-samples#34)

Author: jplock

template.yml

@@ -9,7 +9,11 @@ Description: "DO NOT DELETE - AWS Organization"
 Parameters:
   pInstanceArn:
     Type: String
-    Description: AWS Identity Center Center Instance ARN
+    Description: AWS Identity Center Instance ARN
+    Default: ""
+  pInstanceRegion:
+    Type: String
+    Description: AWS Identity Center Instance Region
     Default: ""
   pDeveloperPrefix:
     Type: String
@@ -74,6 +78,7 @@ Parameters:
 Conditions:
   cCreateNewAwsOrg: !Equals ["Yes", !Ref pCreateNewAwsOrg]
   cHasInstanceArn: !Not [!Equals [!Ref pInstanceArn, ""]]
+  cHasInstanceRegion: !Not [!Equals [!Ref pInstanceRegion, ""]]
   cHasOrganizationId: !And 
     - !Not [!Condition cCreateNewAwsOrg]
     - !Not [!Equals [!Ref pOrganizationId, ""]]
@@ -1136,6 +1141,18 @@ Resources:
         - Key: "aws-cloudformation:logical-id"
           Value: rSupportPermissionSet
 
+  rMultiPartyApprovalIdentitySource:
+    Type: "AWS::MPA::IdentitySource"
+    Condition: cHasInstanceArn
+    Properties:
+      IdentitySourceParameters:
+        IamIdentityCenter:
+          InstanceArn: !Ref pInstanceArn
+          Region: !If
+            - cHasInstanceRegion
+            - !Ref pInstanceRegion
+            - !Ref "AWS::Region"
+
 Outputs:
   oOrganizationId:
     Description: Organization ID