Skip to content

speee/terraform-aws-sso-assignment

BranchesTags

Repository files navigation

terraform-aws-sso-assignment

Terraform module which creates AWS SSO assignments on AWS.

Usage

module "account_assignments" {
  source = "speee/sso-assignments/aws"

  instance_arn      = "arn:aws:sso:::instance/ssoins-9999999999999999"
  identity_store_id = "d-9999999999"

  organization_accounts = [
    {
      arn = "arn:aws:organizations::123456789012:account/o-xxxxxxxxxx/123456789012"
      email = "account1@example.com"
      id = "123456789012"
      name = "account1"
    },
    {
      arn = "arn:aws:organizations::123456789012:account/o-xxxxxxxxxx/234567890123"
      email = "account2@example.com"
      id = "234567890123"
      name = "account2"
    },
  ]

  assignments = {
    "account1" = {
      "groups" = {
        "SystemAdministrator" = [
          "AdministratorAccess",
        ],
        "Engineer" = [
          "PowerUserAccess",
        ],
        "Manager" = [
          "ReadOnlyAccess",
        ],
      },
      "users" = {
        "alice@example.com" = [
          "AdministratorAccess",
        ],
      },
    },
    "account2" = {
      "users" = {
        "alice@example.com" = [
          "AdministratorAccess",
        ],
        "bob@example.com" = [
          "ReadOnlyAccess",
        ],
      },
    },
  }
}

Examples

Notes

  1. This module does not create no resource other than aws_ssoadmin_account_assignment resource. Use resources or data sources directly to manage other resources like aws_ssoadmin_permission_set.

Requirements

Name Version
terraform >= 0.13.7
aws >= 3.24.0

Providers

Name Version
aws 3.24.0

Modules

No modules.

Resources

Name Type
aws_ssoadmin_account_assignment.groups resource
aws_ssoadmin_account_assignment.users resource
aws_identitystore_group.groups data source
aws_identitystore_user.users data source
aws_ssoadmin_permission_set.permission_sets data source

Inputs

Name Description Type Default Required
assignments Configuration variable for account assignments. map(map(map(list(string)))) n/a yes
identity_store_id The Identity Store ID associated with the Single Sign-On Instance. string n/a yes
instance_arn The Amazon Resource Name (ARN) of the SSO Instance under which the operation will be executed. string n/a yes
organization_accounts List of information of accounts which belongs to AWS Organizations. 
list(object({
    arn   = string
    email = string
    id    = string
    name  = string
  }))
 n/a yes

Outputs

No outputs.

About

Terraform module which creates AWS SSO assignments on AWS.

registry.terraform.io/modules/speee/sso-assignment/

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

8 stars

Watchers

21 watching

Forks

5 forks
Report repository

Releases 1

v1.0.0 Latest
Aug 6, 2021

Packages

No packages published

Contributors 2

  •  
  •  

Languages