diff --git a/.header.md b/.header.md
index bf7c0fe..4995240 100644
--- a/.header.md
+++ b/.header.md
@@ -78,6 +78,22 @@ module "aws-iam-identity-center" {
       aws_managed_policies = ["arn:aws:iam::aws:policy/job-function/ViewOnlyAccess"]
       tags                 = { ManagedBy = "Terraform" }
     },
+    CustomPermissionAccess = {
+      description          = "Provides CustomPoweruser permissions.",
+      session_duration     = "PT3H", // how long until session expires - this means 3 hours. max is 12 hours
+      aws_managed_policies = [
+        "arn:aws:iam::aws:policy/ReadOnlyAccess",
+        "arn:aws:iam::aws:policy/AmazonS3FullAccess",
+      ]
+      inline_policy        = data.aws_iam_policy_document.CustomPermissionInlinePolicy.json
+      permissions_boundary = {
+        // either managed_policy_arn or customer_managed_policy_reference
+
+        // managed_policy_arn = "arn:aws:iam::aws:policy/PowerUserAccess"
+        customer_managed_policy_reference = "ExamplePermissionsBoundaryPolicy"
+      }
+      tags                 = { ManagedBy = "Terraform" }
+    },
   }
 
   // Assign users/groups access to accounts with the specified permissions
diff --git a/README.md b/README.md
index 44f1e17..1ffd905 100644
--- a/README.md
+++ b/README.md
@@ -79,6 +79,22 @@ module "aws-iam-identity-center" {
       aws_managed_policies = ["arn:aws:iam::aws:policy/job-function/ViewOnlyAccess"]
       tags                 = { ManagedBy = "Terraform" }
     },
+    CustomPermissionAccess = {
+      description          = "Provides CustomPoweruser permissions.",
+      session_duration     = "PT3H", // how long until session expires - this means 3 hours. max is 12 hours
+      aws_managed_policies = [
+        "arn:aws:iam::aws:policy/ReadOnlyAccess",
+        "arn:aws:iam::aws:policy/AmazonS3FullAccess",
+      ]
+      inline_policy        = data.aws_iam_policy_document.CustomPermissionInlinePolicy.json
+      permissions_boundary = {
+        // either managed_policy_arn or customer_managed_policy_reference
+
+        // managed_policy_arn = "arn:aws:iam::aws:policy/PowerUserAccess"
+        customer_managed_policy_reference = "ExamplePermissionsBoundaryPolicy"
+      }
+      tags                 = { ManagedBy = "Terraform" }
+    },
   }
 
   // Assign users/groups access to accounts with the specified permissions
@@ -140,6 +156,8 @@ No modules.
 | [aws_ssoadmin_managed_policy_attachment.pset_aws_managed_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ssoadmin_managed_policy_attachment) | resource |
 | [aws_ssoadmin_permission_set.pset](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ssoadmin_permission_set) | resource |
 | [aws_ssoadmin_permission_set_inline_policy.pset_inline_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ssoadmin_permission_set_inline_policy) | resource |
+| [aws_ssoadmin_permissions_boundary_attachment.pset_permissions_boundary_aws_managed](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ssoadmin_permissions_boundary_attachment) | resource |
+| [aws_ssoadmin_permissions_boundary_attachment.pset_permissions_boundary_customer_managed](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ssoadmin_permissions_boundary_attachment) | resource |
 | [aws_identitystore_group.existing_sso_groups](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/identitystore_group) | data source |
 | [aws_identitystore_group.identity_store_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/identitystore_group) | data source |
 | [aws_identitystore_user.existing_sso_users](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/identitystore_user) | data source |
diff --git a/locals.tf b/locals.tf
index a5918e2..7771f81 100644
--- a/locals.tf
+++ b/locals.tf
@@ -104,14 +104,13 @@ locals {
 locals {
 
   accounts_non_master_ids_maps = {
-    for idx, account in data.aws_organizations_organization.organization.non_master_accounts :
-    account.name => account.id
+    for idx, account in data.aws_organizations_organization.organization.non_master_accounts : account.name => account.id
     //     if account.status == "ACTIVE" && can(data.aws_organizations_organization.organization.non_master_accounts)
   }
   accounts_ids_maps = merge(
     {
       // require terraform-provider-aws v5.46.0
-      "${data.aws_organizations_organization.organization.master_account_name}" = "${data.aws_organizations_organization.organization.master_account_id}"
+      (data.aws_organizations_organization.organization.master_account_name) = (data.aws_organizations_organization.organization.master_account_id)
     },
     local.accounts_non_master_ids_maps
   )
diff --git a/main.tf b/main.tf
index d8eeef7..ee693ea 100644
--- a/main.tf
+++ b/main.tf
@@ -197,7 +197,7 @@ resource "aws_ssoadmin_permission_set_inline_policy" "pset_inline_policy" {
 
 # - Permissions Boundary -
 resource "aws_ssoadmin_permissions_boundary_attachment" "pset_permissions_boundary_aws_managed" {
-  for_each = { for pset in local.pset_permissions_boundary_aws_managed_maps : pset.pset_name => pset if can(pset.boundary) }
+  for_each = { for pset in local.pset_permissions_boundary_aws_managed_maps : pset.pset_name => pset if can(pset.boundary.managed_policy_arn) }
 
   instance_arn       = local.ssoadmin_instance_arn
   permission_set_arn = aws_ssoadmin_permission_set.pset[each.key].arn
@@ -208,14 +208,14 @@ resource "aws_ssoadmin_permissions_boundary_attachment" "pset_permissions_bounda
 }
 
 resource "aws_ssoadmin_permissions_boundary_attachment" "pset_permissions_boundary_customer_managed" {
-  for_each = { for pset in local.pset_permissions_boundary_customer_managed_maps : pset.pset_name => pset if can(pset.boundary) }
+  for_each = { for pset in local.pset_permissions_boundary_customer_managed_maps : pset.pset_name => pset if can(pset.boundary.customer_managed_policy_reference) }
 
   instance_arn       = local.ssoadmin_instance_arn
   permission_set_arn = aws_ssoadmin_permission_set.pset[each.key].arn
   permissions_boundary {
     customer_managed_policy_reference {
-      name = each.value.boundary
-      path = "/"
+      name = each.value.boundary.name
+      path = each.value.boundary.path == null ? "/" : each.value.boundary.path
     }
 
   }
diff --git a/outputs.tf b/outputs.tf
index 828f3ca..234989c 100644
--- a/outputs.tf
+++ b/outputs.tf
@@ -14,34 +14,3 @@ output "sso_groups_ids" {
   value       = { for k, v in aws_identitystore_group.sso_groups : k => v.group_id }
   description = "A map of SSO groups ids created by this module"
 }
-
-
-
-output "principals_and_their_account_assignments" {
-  value       = local.principals_and_their_account_assignments
-  description = "Map of principals and their account assignments"
-
-}
-/* debug output 
-output "accounts_ids_maps" {
-  value       = local.accounts_ids_maps
-  description = "A map of account ids"
-}
-
-output "pset_inline_policy_maps" {
-  value       = local.pset_inline_policy_maps
-  description = "A map of inline policies for permission sets"
-
-}
-
-output "pset_permissions_boundary_aws_managed_maps" {
-  value       = local.pset_permissions_boundary_aws_managed_maps
-  description = "A map of permissions boundary for permission"
-}
-
-output "pset_permissions_boundary_customer_managed_maps" {
-  value       = local.pset_permissions_boundary_customer_managed_maps
-  description = "A map of permissions boundary for permission"
-}
-
-*/