SSO Connector

The sso-connector module provisions an IAM role that the AWS SSO Strategy can use to escalate or de-escalate users in SSO Instances.

This Connector will provision an IAM role for the Sym Runtime to use with the AWS SSO Strategy. The AWS SSO Strategy adds and removes principals from Provisioned AWS SSO Permission Sets based on workflow state.

module "sso_connector" {
  source  = "terraform.symops.com/symopsio/sso-connector/sym"
  version = ">= 1.0.0"

  environment = "sandbox"
  runtime_role_arns = [ var.runtime_role_arn ]
}

Outputs

NameDescription
settingsA map of settings to supply to a Sym Permission Context.

Inputs

NameTypeDefaultRequired
environmentstringn/ayes
runtime_role_arnslist(string)n/ayes
sso_account_assignment_enabledbooltrueno

Required Inputs

The following input variables are required:

environment

Description: An environment qualifier for the resources this module creates, to support a Terraform SDLC.

Type: string

runtime_role_arns

Description: ARNs of the runtime connector roles that are trusted to assume the SSO role.

Type: list(string)

Optional Inputs

sso_account_assignment_enabled

Description: Whether to allow Sym to assign permission sets to the same account where the SSO instance is provisioned.

Type: bool

Default: true


Did this page help you?