Skip to content

Latest commit

 

History

History
111 lines (85 loc) · 4.73 KB

README.md

File metadata and controls

111 lines (85 loc) · 4.73 KB
Raw

GitHub release (latest SemVer) Terraform Version

Description

Install SAML.to as an IAM Provider to an AWS Account.

Usage

Option 1: Use the Generated Trust Policy

# Creates a SAML Provider in AWS for SAML.to
module "saml_to_iam" {
  source  = "saml-to/iam/aws"

  owner = "a_github_user_or_organization"
}

# Create a role which trusts SAML.to
resource "aws_iam_role" "my_role" {
  name               = "my_role"
  assume_role_policy = module.saml_to_iam.trust_policy
}

Option 2: Generate a Custom Trust Policy

# Creates a SAML Provider in AWS for SAML.to
module "saml_to_iam" {
  source  = "saml-to/iam/aws"

  owner = "a_github_user_or_organization"
}

# Create a Trust Policy
data "aws_iam_policy_document" "saml_to_trust" {
  statement {
    actions = module.saml_to_iam.trust_actions
    effect  = "Allow"

    principals {
      identifiers = module.saml_to_iam.trust_principal_identifiers
      type        = module.saml_to_iam.trust_principal_type
    }

    condition {
      test     = module.saml_to_iam.trust_condition_saml_test
      variable = module.saml_to_iam.trust_condition_saml_variable
      values   = module.saml_to_iam.trust_condition_saml_values
    }
  }
}

# Create a role which trusts SAML.to
resource "aws_iam_role" "my_role" {
  name               = "my_role"
  assume_role_policy = data.aws_iam_policy_document.saml_to_trust.json
}

Requirements

Name Version
terraform >= 1.0.0

Providers

Name Version
aws 4.45.0
http 3.2.1

Modules

No modules.

Resources

Name Type
aws_iam_saml_provider.provider resource
aws_iam_policy_document.trust data source
http_http.metadata data source

Inputs

Name Description Type Default Required
owner A GitHub User or Orgranization string n/a yes
provider_name_prefix Prefix for the name of the AWS IAM SAML Provider string "saml.to" no

Outputs

Name Description
owner Re-output of var.owner
provider_arn The ARN of the AWS IAM SAML Provider
provider_name The name of the AWS IAM SAML Provider ({var.provider_name_prefix}-{var.owner})
trust A map of values for an IAM Trust Relationship containing the following keys: trust_actions, trust_principal_identifiers, trust_principal_type, trust_condition_saml_test, trust_condition_saml_variable, and trust_condition_saml_values
trust_actions The IAM Trust Relationship Actions (["sts:AssumeRoleWithSAML"])
trust_condition_saml_test The IAM Trust Relationship Condition Test for SAML (StringEquals)
trust_condition_saml_values The IAM Trust Relationship Condition Values for SAML (["https://signin.aws.amazon.com/saml"])
trust_condition_saml_variable The IAM Trust Relationship Condition Variable for SAML (SAML:aud)
trust_policy A policy, in JSON format, that can be added to Role Trust Relationships
trust_principal_identifiers The IAM Trust Relationship Principal Identifiers (a single-item list containing the Provider ARN)
trust_principal_type The IAM Trust Relationship Principal Type (Federated)