Skip to content
/ moj-terraform-aws-sso Public

A Terraform module for setting up AWS SSO and Auth0, to allow users to sign-in to AWS using GitHub • This repository is defined and managed in Terraform

License

MIT license
4 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

ministryofjustice/moj-terraform-aws-sso

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

106 Commits
.github
.github
 
 
auth0-actions
auth0-actions
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
auth0.tf
auth0.tf
 
 
main.tf
main.tf
 
 
outputs.tf
outputs.tf
 
 
variables.tf
variables.tf
 
 
versions.tf
versions.tf
 
 

Repository files navigation

moj-terraform-aws-sso

repo standards badge

This Terraform module creates an Auth0 application and associated integrations to enable AWS SSO.

Usage

module "sso" {
  source                     = "github.com/ministryofjustice/moj-terraform-aws-sso"
  auth0_tenant_domain        = ""
  auth0_client_id            = ""
  auth0_client_secret        = ""
  auth0_debug                = false
  auth0_github_client_id     = ""
  auth0_github_client_secret = ""
  auth0_github_allowed_orgs  = ["example"]
  auth0_allowed_domains      = "@example.com"
  auth0_aws_sso_acs_url      = "https://${region}.signin.aws.amazon.com/platform/saml/acs/${random_key}"
  auth0_aws_sso_issuer_url   = "https://${region}.signin.aws.amazon.com/platform/saml/${random_key}"
  auth0_azure_entraid_client_id = ""
  auth0_azure_entraid_client_secret = ""
  auth0_azure_entraid_domain = "example.com"
}

Requirements

Name Version
terraform >= 1.0.0
auth0 >= 1.0.0
aws >= 5.0.0

Providers

Name Version
auth0 >= 1.0.0
aws >= 5.0.0

Modules

No modules.

Resources

Name Type
auth0_action.allow_github_organisations resource
auth0_action.saml_mappings resource
auth0_client.idp_token resource
auth0_client.saml resource
auth0_client_grant.idp_grant resource
auth0_connection.github_saml_connection resource
auth0_trigger_actions.flow resource
auth0_client.idp_token data source
aws_iam_account_alias.current data source

Inputs

Name Description Type Default Required
auth0_allowed_domains A list of authorised domains a user must have as part of their GitHub email addresses string n/a yes
auth0_aws_sso_acs_url AWS SSO: ACS URL string n/a yes
auth0_aws_sso_issuer_url AWS SSO: Issuer URL string n/a yes
auth0_client_id Auth0 client ID (from a Machine to Machine application) string n/a yes
auth0_client_secret Auth0 client secret (from a Machine to Machine application) string n/a yes
auth0_debug Auth0 debug flag bool false no
auth0_github_allowed_orgs A list of GitHub organisations a user has to be part of list(string) n/a yes
auth0_github_client_id Auth0: GitHub client ID string n/a yes
auth0_github_client_secret Auth0: GitHub client secret string n/a yes
auth0_tenant_domain Auth0 tenant domain string n/a yes
auth0_azure_entraid_client_id Client id for the azures application string n/a yes
auth0_azure_entraid_client_secret Client secret for the azures application string n/a yes
auth0_azure_entraid_domain Azures application domain name string n/a yes

Outputs

No outputs.

About

A Terraform module for setting up AWS SSO and Auth0, to allow users to sign-in to AWS using GitHub • This repository is defined and managed in Terraform

Topics

aws terraform iam sso terraform-module civil-service aws-sso operations-engineering

Resources

Readme

License

MIT license

Code of conduct

Code of conduct

Security policy

Security policy
Activity
Custom properties

Stars

4 stars

Watchers

12 watching

Forks

2 forks
Report repository

Releases 11

v3.3.1 Latest
Mar 6, 2024
+ 10 releases

Packages

No packages published

Contributors 9

Languages