|
| 1 | +<!-- BEGIN_TF_DOCS --> |
| 2 | +This directory contains examples of using the module to **create** applications, application assignments configurations, users, groups and application assignments to both users and groups |
| 3 | + |
| 4 | +**IMPORTANT:** Ensure that the name of your object matches the name of your principal (e.g. user name or group name). See the following example with object/principal names 'Admin' and 'nuzumaki': |
| 5 | + |
| 6 | +```hcl |
| 7 | + sso_groups = { |
| 8 | + Admin : { |
| 9 | + group_name = "Admin" |
| 10 | + group_description = "Admin IAM Identity Center Group" |
| 11 | + }, |
| 12 | + } |
| 13 | +
|
| 14 | + // Create desired USERS in IAM Identity Center |
| 15 | + sso_users = { |
| 16 | + nuzumaki : { |
| 17 | + group_membership = ["Admin",] |
| 18 | + user_name = "nuzumaki" |
| 19 | + given_name = "Naruto" |
| 20 | + family_name = "Uzumaki" |
| 21 | + email = "nuzumaki@hiddenleaf.village" |
| 22 | + }, |
| 23 | + } |
| 24 | +
|
| 25 | + // Create desired Applications in IAM Identity Center |
| 26 | + sso_applications = { |
| 27 | + FirstApplication : { |
| 28 | + application_provider_arn = "arn:aws:sso::aws:applicationProvider/custom" |
| 29 | + description = "I am the First Application" |
| 30 | + name = "FirstApplication" |
| 31 | + portal_options = { |
| 32 | + sign_in_options = { |
| 33 | + application_url = "http://example.com" |
| 34 | + origin = "APPLICATION" |
| 35 | + } |
| 36 | + visibility = "ENABLED" |
| 37 | + } |
| 38 | + status = "ENABLED" |
| 39 | + assignment_required = true |
| 40 | + assignments_access_scope = [ |
| 41 | + { |
| 42 | + authorized_targets = ["FirstApplication"] |
| 43 | + scope = "sso:account:access" |
| 44 | + } |
| 45 | + ] |
| 46 | + group_assignments = ["Dev"] |
| 47 | + user_assignments = ["nuzumaki"] |
| 48 | + } |
| 49 | + } |
| 50 | +
|
| 51 | +``` |
| 52 | + |
| 53 | +These names are referenced throughout the module. Failure to do this may lead to unintentional errors such as the following: |
| 54 | + |
| 55 | +``` |
| 56 | +Error: Invalid index |
| 57 | +│ |
| 58 | +│ on ../../main.tf line 141, in resource "aws_identitystore_group_membership" "sso_group_membership": |
| 59 | +│ 141: member_id = (contains(local.this_users, each.value.user_name) ? aws_identitystore_user.sso_users[each.value.user_name].user_id : data.aws_identitystore_user.existing_sso_users[each.value.user_name].id) |
| 60 | +│ ├──────────────── |
| 61 | +│ │ aws_identitystore_user.sso_users is object with 2 attributes |
| 62 | +│ │ each.value.user_name is "nuzumaki" |
| 63 | +│ |
| 64 | +│ The given key does not identify an element in this collection value. |
| 65 | +``` |
| 66 | + |
| 67 | +To resolve this, ensure your object and principal names are the same and re-run `terraform plan` and `terraform apply`. |
| 68 | + |
| 69 | +## Requirements |
| 70 | + |
| 71 | +No requirements. |
| 72 | + |
| 73 | +## Providers |
| 74 | + |
| 75 | +| Name | Version | |
| 76 | +|------|---------| |
| 77 | +| <a name="provider_aws"></a> [aws](#provider\_aws) | n/a | |
| 78 | + |
| 79 | +## Modules |
| 80 | + |
| 81 | +| Name | Source | Version | |
| 82 | +|------|--------|---------| |
| 83 | +| <a name="module_aws-iam-identity-center"></a> [aws-iam-identity-center](#module\_aws-iam-identity-center) | ../.. | n/a | |
| 84 | + |
| 85 | +## Resources |
| 86 | + |
| 87 | +| Name | Type | |
| 88 | +|------|------| |
| 89 | +| [aws_ssm_parameter.account1_account_id](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ssm_parameter) | data source | |
| 90 | + |
| 91 | +## Inputs |
| 92 | + |
| 93 | +No inputs. |
| 94 | + |
| 95 | +## Outputs |
| 96 | + |
| 97 | +No outputs. |
| 98 | +<!-- END_TF_DOCS --> |
0 commit comments