The sso-connector module provisions an IAM role that the AWS SSO Strategy can use to escalate or de-escalate users in SSO Instances.
This Connector will provision a single IAM role for the Sym Runtime to use with a Strategy.
Only the supplied runtime_role_arns are trusted to assume this role.
module "sso_connector" {
source = "symopsio/sso-connector/aws"
version = ">= 1.0.0"
environment = "sandbox"
runtime_role_arns = [ var.runtime_role_arn ]
}| Name | Version |
|---|---|
| terraform | >= 0.13.7 |
| aws | >= 3.0 |
| Name | Version |
|---|---|
| aws | >= 3.0 |
No modules.
| Name | Type |
|---|---|
| aws_iam_policy.account | resource |
| aws_iam_policy.list_accounts | resource |
| aws_iam_policy.sso | resource |
| aws_iam_policy.sso_groups | resource |
| aws_iam_role.this | resource |
| aws_iam_role_policy_attachment.account | resource |
| aws_iam_role_policy_attachment.list_accounts | resource |
| aws_iam_role_policy_attachment.sso | resource |
| aws_iam_role_policy_attachment.sso_groups | resource |
| aws_caller_identity.current | data source |
| aws_region.current | data source |
| aws_ssoadmin_instances.this | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| environment | An environment qualifier for the resources this module creates, to support a Terraform SDLC. | string |
n/a | yes |
| runtime_role_arns | ARNs of the runtime connector roles that are trusted to assume the SSO role. | list(string) |
n/a | yes |
| sso_account_assignment_enabled | Whether to allow Sym to assign permission sets to the same account where the SSO instance is provisioned | bool |
true |
no |
| tags | Additional tags to apply to resources | map(string) |
{} |
no |
| Name | Description |
|---|---|
| settings | A map of settings to supply to a Sym Permission Context. |