terraform-aws-identity-center

Manage AWS IAM Identity Center permission sets and account assignments with Terraform.

This pattern is twinned with terraform-aws-identity-center-users-and-groups.

Module Inputs

module "idc" {
  source              = "aws-samples/identity-center/aws"
  version             = "1.2.2"
  permission_sets     = "./permission_sets.yml"
  account_assignments = "./account_assignments.yml"
}

permission_sets and account_assignments are defined using yaml templates. These module inputs should point at the yaml file location. Example permission_sets.yml and account_assignments.yml.

Optional Inputs

module "idc" {
  ... 
  policies = "./policies/"
}

policies is used for inline policies on permission sets. This input should point at a directory of IAM policy json files. Example policies directory.

Template Files

The module accepts template files (.yml.tpl or .yaml.tpl). These can be inputted alongside regular yaml files.

module "idc" {
  ...
  permission_sets     = "./permission_sets.yml"
  account_assignments = "./account_assignments.yml.tpl"
  template_variables = {
    management       = var.management_account_id
    audit            = var.audit_account_id
    session_duration = "8"
    relay_state      = "https://eu-west-3.console.aws.amazon.com"
  }
}

template_variables inserts variables into template files. See permission_sets.yml.tpl and account_assignments.yml.tpl for examples with the above inputs. See template files for suggestions.

Users and groups

Users and groups can be created with: terraform-aws-identity-center-users-and-groups. The modules are de-coupled for AWS customers using an external Identity Provider (IdP).

Related Resources

• AWS IAM Identity User Guide
• Terraform Registry: aws-samples/identity-center/aws

Security

See CONTRIBUTING for more information.

License

This library is licensed under the MIT-0 License. See the LICENSE file.