Skip to content

andresb39/terraform-aws-sso-permissions-set

BranchesTags

Repository files navigation

Run Pre-Commit

Amazon SSO Permission set

This module create identity groups and attachment policies inlines/managed and associated this groups with the accounts

Requirements

Name Version
terraform >= 1.0
aws >= 4.50.0

Providers

Name Version
aws >= 4.50.0

Modules

No modules.

Resources

Name Type
aws_identitystore_group.identitystore_group resource
aws_ssoadmin_account_assignment.account_assignment resource
aws_ssoadmin_managed_policy_attachment.sso_policy_attachment resource
aws_ssoadmin_permission_set.sso_permission_set resource
aws_ssoadmin_permission_set_inline_policy.sso_inline_policy resource
aws_identitystore_group.identitystore_group data source
aws_ssoadmin_instances.sso data source

Inputs

Name Description Type Default Required
description Permissions set group description string "" no
description_identity (Optional) A string containing the description of the group. string "" no
display_name (Optional) A string containing the name of the group. This value is commonly displayed when the group is referenced string "" no
group_name Group name string "" no
inline_policy Inline policies JSON to attach to SSO Permissions Set string "" no
policy_attachment ARN of the policy attachment list(string) [] no
session_duration The length of time that the application user sessions are valid in the ISO-8601 standard. Default: PT1H string "PT2H" no
tags A map of tags to add to all resources. map(string) {} no
target_id (Required, Forces new resource) An AWS account identifier, typically a 10-12 digit string. string n/a yes

Outputs

Name Description
group_id Group ID

Examples

Terraform

main.tf

data "aws_iam_policy_document" "example" {
  statement {
    sid = "1"

    actions = [
      "s3:ListAllMyBuckets",
      "s3:GetBucketLocation",
    ]

    resources = [
      "arn:aws:s3:::*",
    ]
  }
}

module "sso" {
  source = "git@github.com:andresb39/terraform-aws-sso-permissions-set.git?ref=v0.0.1"
  group_name           = "Mytest"
  description          = "My test Team"
  inline_policy        = data.aws_iam_policy_document.example.json
  display_name         = "Mytest"
  description_identity = "Mytest"
  target_id            = ["11111111111"]
  tags = {
    "Environment": "Test Environment"
    }
  }

Terragrum

terragrum.hcl

include {
  path = find_in_parent_folders()
}

terraform {
  source = "git@github.com:andresb39/terraform-aws-sso-permissions-set.git?ref=v0.0.1"
}

locals {
  policy   = jsondecode(file("policy.json"))

}

inputs = {
  group_name           = "Mytest"
  description          = "My test Team"
  inline_policy        = local.policy
  display_name         = "Mytest"
  description_identity = "Mytest"
  target_id            = ["11111111111"]
  tags = {
    "Environment": "Test Environment"
    }
}

policy.json

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "VisualEditor0",
      "Effect": "Allow",
      "Action": [
        "s3:Get*",
        "s3:List*"
      ],
      "Resource": "*"
    }
  ]
}

About

Terraform module for AWS SSO Permissions Set

Topics

aws terraform terraform-module control-tower

Resources

Readme

License

GPL-3.0 license
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

1 tags

Packages

No packages published

Languages
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy