Overview

This Connector will provision an IAM role for the Sym Runtime to use with the AWS IAM Strategy. The IAM Strategy allows Sym to add and remove users from AWS IAM groups based on workflow status.

module "iam_connector" {
  source  = "terraform.symops.com/symopsio/iam-connector/sym"
  version = ">= 1.0.0"

  environment = "sandbox"
  runtime_role_arns = [ var.runtime_role_arn ]
}

By default, the IAM connector can only modify groups that are within the /sym/ path. You can can configure the connector to access other groups by changing the group-config setting:

group_config = [
    { path="/", name="EscalationGroups*" },
    { path="/other-path/", name="BreakGlass*" }
  ]

Outputs

Name	Type	Description
`settings`	`map`	A map of settings to supply to a Sym Permission Context

Inputs

Name	Type	Description	Required
`environment`	`string`	An environment qualifier for the resources this module creates, to support a Terraform SDLC.	yes
`runtime_role_arns`	`list(string)`	ARNs of the runtime connector roles that are trusted to assume the SSO role.	yes
`group_config`	`list(object)`	List of group resources the connector can modify. Each group resource is an object that contains a path and a name property. Both the path and name can contain wildcards. Defaults to: `[{ "name": "*", "path": "/sym/"}]`	yes

Name

Type

Description

Required

environment

string

An environment qualifier for the resources this module creates, to support a Terraform SDLC.

yes

runtime_role_arns

list(string)

ARNs of the runtime connector roles that are trusted to assume the SSO role.

yes

group_config

list(object)

List of group resources the connector can modify. Each group resource is an object that contains a path and a name property. Both the path and name can contain wildcards.

Defaults to:
[{ "name": "*", "path": "/sym/"}]

yes