AWS SSO will create an IAM role in each account for each permission set, but the role name includes a random string, making it difficult to refer to these roles in IAM policies.
This module provides a map of each permission set by name to the role provisioned for that permission set.
module "permission_set_roles" {
source = "[email protected]:thoughtbot/terraform-aws-sso-permission-set-roles.git?ref=v0.2.0"
}
data "aws_iam_policy_document" "assume_role" {
statement {
actions = ["sts:AssumeRole"]
principals {
identifiers = [module.permission_set_roles.by_name.PowerUserAccess]
type = "AWS"
}
}
}
| Name | Version |
|---|---|
| terraform | >= 0.14.0 |
| aws | ~> 4.0 |
| Name | Version |
|---|---|
| aws | ~> 4.0 |
No modules.
| Name | Type |
|---|---|
| aws_iam_roles.sso | data source |
No inputs.
| Name | Description |
|---|---|
| arns | ARNs for SSO-provisioned roles |
| arns_without_path | ARNs for SSO-provisioned roles without paths (for aws-auth) |
| by_name | Role ARN for each permission set name |
| by_name_without_path | Role ARN for each permission set name |
| names | Names of permission sets with provisioned roles |
Please see CONTRIBUTING.md.
This module is Copyright © 2022 Joe Ferris and thoughtbot. It is free software, and may be redistributed under the terms specified in the LICENSE file.
This module is maintained and funded by thoughtbot, inc. The names and logos for thoughtbot are trademarks of thoughtbot, inc.
We love open source software! See our other projects or hire us to design, develop, and grow your product.