AWS SSO Account Assignments Module
This module assigns AWS SSO permission sets to Users and Groups from the AWS SSO Identity Source.
Some english-language examples of this would be:
- users who are in the group
Administratorsshould be assigned the permission setAdmininstratorAccessin theproductionaccount. - users who are in the group
Developersshould be assigned the permission setDeveloperAccessin theproductionaccount - users who are in the group
Developersshould be assigned the permission setAdministraorAccessin thesandboxaccount
Usage
IMPORTANT: The master branch is used in source just as an example. In your code, do not pin to master because there may be breaking changes between releases.
Instead pin to the release tag (e.g. ?ref=tags/x.y.z) of one of our latest releases.
For a complete example, see examples/complete.
module "sso_account_assignments" {
source = "https://github.com/cloudposse/terraform-aws-sso.git//modules/account-assignments?ref=master"
account_assignments = [
{
account = "111111111111",
permission_set_arn = "arn:aws:sso:::permissionSet/ssoins-0000000000000000/ps-31d20e5987f0ce66",
permission_set_name = "Administrators",
principal_type = "GROUP",
principal_name = "Administrators"
},
{
account = "111111111111",
permission_set_arn = "arn:aws:sso:::permissionSet/ssoins-0000000000000000/ps-955c264e8f20fea3",
permission_set_name = "Developers",
principal_type = "GROUP",
principal_name = "Developers"
},
{
account = "222222222222",
permission_set_arn = "arn:aws:sso:::permissionSet/ssoins-0000000000000000/ps-31d20e5987f0ce66",
permission_set_name = "Developers",
principal_type = "GROUP",
principal_name = "Developers"
},
]
}
Requirements
No requirements.
Providers
| Name | Version |
|---|---|
| external | n/a |
Modules
No modules.
Resources
| Name | Type |
|---|---|
| external_external.assertion | data source |
Inputs
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| condition | The condition to check | bool | n/a | yes |
| error_message | The error message to display if the assertion fails | string | n/a | yes |
Outputs
| Name | Description |
|---|---|
| checked | Whether the condition has been checked (used for assertion dependencies). |