https://github.com/lincolnloop/terraform-aws-sso-group

Terraform module for managing groups in IAM Identity Center (formerly SSO)
https://github.com/lincolnloop/terraform-aws-sso-group

Last synced: 5 months ago
JSON representation

Terraform module for managing groups in IAM Identity Center (formerly SSO)

• Host: GitHub
• URL: https://github.com/lincolnloop/terraform-aws-sso-group
• Owner: lincolnloop
• License: mit
• Created: 2023-05-18T20:06:10.000Z (about 3 years ago)
• Default Branch: main
• Last Pushed: 2023-05-25T23:31:15.000Z (about 3 years ago)
• Last Synced: 2025-04-09T18:54:26.466Z (about 1 year ago)
• Language: HCL
• Size: 7.81 KB
• Stars: 0
• Watchers: 13
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# Terraform AWS SSO User Module

This Terraform module creates AWS SSO users, groups, and permission sets.

## Resources

## Resources

The module creates the following resources:

| Resource                                           | Description                                                                                       |

|----------------------------------------------------|---------------------------------------------------------------------------------------------------|

| `aws_ssoadmin_permission_set`                      | Creates an AWS SSO permission set.                                                                |

| `aws_ssoadmin_permission_set_inline_policy`        | Attaches an inline policy to the AWS SSO permission set (optional).                               |

| `aws_ssoadmin_managed_policy_attachment`           | Attaches managed policies to the AWS SSO permission set.                                          |

| `aws_identitystore_group`                          | Creates an AWS SSO group in the identity store.                                                   |

| `aws_ssoadmin_account_assignment`                  | Assigns the AWS SSO permission set to the AWS SSO group in the specified AWS account.             |

## Variables

The module expects the following variables to be provided:

## Variables

| Variable               | Description                                                                                                      |

|------------------------|------------------------------------------------------------------------------------------------------------------|

| `name`                 | Name for the group and new policy group.                                                                          |

| `description`          | Description for the group and new policy group.                                                                   |

| `target_account_id`    | AWS account ID to deploy resources to.                                                                            |

| `relay_state`          | The relay state URL used to redirect users within the application during the federation authentication process (Optional). |

| `include_policy_json`  | With dynamic JSON, Terraform can't determine if the object should be created. This forces it.                    |

| `policy_json`          | Inline policy JSON to attach to the AWS SSO permission set.                                                      |

| `managed_policy_arns`  | List of managed policy ARNs to attach to the AWS SSO permission set.                                             |

| `session_duration`     | Duration for which the AWS SSO session is valid.                                                                 |

For more information on each variable, refer to the module's source code.

## Usage

```hcl

module "aws_sso_group" {

  source = "github.com/lincolnloop/terraform-aws-sso-group"

  name             = "MyGroup"

  description      = "MyGroup description"

  target_account_id = "123456789012"

  relay_state      = null

  include_policy_json = true

  policy_json      = ""

  managed_policy_arns = []

  session_duration = "PT1H"

}