This module maps Github users to the AWS web console via SAML and implements ABAC (Attribute-based access control) using resource tags.
See the examples/ folder.
To run terraform apply
, the AWS account (numeric) ID and Auth0 tennant (name) must be passed, AWS profile set in local config and env vars AUTH0_CLIENT_ID
, AUTH0_CLIENT_SECRET
, AUTH0_DOMAIN
exported, pointing to an app that has create privileges in the tenant (for us, it's the one called terraform-provider-auth0
).
The add groups Auth0 rule needs 2 variables defined in its config, AWS_ACCOUNT_ID
and AWS_SAML_PROVIDER_NAME
(DNS name of the tenant).
This module sets the auth0 var AWS_SAML_PROVIDER_NAME
, AWS_ACCOUNT_ID
is also needed but for us it's already set in global-resources/auth0.tf
Name | Version |
---|---|
terraform | >= 1.2.5 |
auth0 | >= 0.34.0 |
aws | >= 4.45.0 |
curl | >= 1.0.2 |
Name | Version |
---|---|
auth0 | >= 0.34.0 |
aws | >= 4.45.0 |
curl | >= 1.0.2 |
No modules.
Name | Description | Type | Default | Required |
---|---|---|---|---|
auth0_tenant_domain | Auth0 domain | string |
n/a | yes |
aws_callback_url | AWS SSO callback URL | string |
"https://signin.aws.amazon.com/saml" |
no |
Name | Description |
---|---|
saml_login_page | n/a |
https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_abac-saml.html