[IT-3987] Configure SSO access for personal aws account

Setup SSO access for personal AWS account.

depends on Sage-Bionetworks-IT#1285

org-formation/700-aws-sso/_tasks.yaml

@@ -343,6 +343,10 @@ Parameters:
     Type: String
     Default: '143894c8-1031-70c4-b98a-9d2a9aec59bd'
 
+  MkPreYnAdminGroup:             #JC aws-MkPreYn-admins
+    Type: String
+    Default: 'TBD'
+
 #----------------------------------------------------------------------------------------------
 
 SsoAdministrator:
@@ -1704,6 +1708,23 @@ SsoBWmErzkAdmin:
     principalId: !Ref BWmErzkAdminGroup
     permissionSetArn: !CopyValue [ !Sub '${resourcePrefix}-${appName}-admin-permission-set-arn' ]
 
+SsoMkPreYnAdmin:
+  Type: update-stacks
+  DependsOn: SsoAdministrator
+  Template: https://raw.githubusercontent.com/Sage-Bionetworks/aws-infra/v0.2.11/templates/SSO/aws-sso.yaml
+  StackName: !Sub '${resourcePrefix}-${appName}-MkPreYn-admin'
+  StackDescription: 'SSO: admin role used by MkPreYn admin group'
+  DefaultOrganizationBindingRegion: !Ref primaryRegion
+  DefaultOrganizationBinding:
+    IncludeMasterAccount: true
+  OrganizationBindings:
+    TargetBinding:
+      Account: !Ref  MkPreYnAccount
+  Parameters:
+    instanceArn: !Ref instanceArn
+    principalId: !Ref MkPreYnAdminGroup
+    permissionSetArn: !CopyValue [ !Sub '${resourcePrefix}-${appName}-admin-permission-set-arn' ]
+
 SsoRecoverDevAdmin:
   Type: update-stacks
   DependsOn: SsoAdministrator