AWS SSO Connector

The sso-connector module provisions an IAM role that the AWS SSO Strategy can use to escalate or de-escalate users in SSO Instances.

Overview

This connector will provision an IAM role for the Sym Runtime to use with the AWS SSO Strategy. The AWS SSO Strategy adds and removes principals from Provisioned AWS SSO Permission Sets based on workflow state.

module "sso_connector" {
  source  = "terraform.symops.com/symopsio/sso-connector/sym"
  version = ">= 1.0.0"

  environment = "sandbox"
  runtime_role_arns = [ var.runtime_role_arn ]
}

Outputs

Name

Type

Description

settings

map

A map of settings to supply to a Sym Permission Context.

Inputs

Name

Type

Description

Required

environment

string

An environment qualifier for the resources this module creates, to support a Terraform SDLC.

yes

runtime_role_arns

list[string]

ARNs of the runtime connector roles that are trusted to assume the SSO role.

yes

sso_account_assignment_enabled

bool

Whether to allow Sym to assign permission sets to the same account where the SSO instance is provisioned. Defaults to true

no


Did this page help you?