2022-11-24 13:55:24 +08:00
|
|
|
# SSO permission set module
|
2022-11-24 09:52:27 +08:00
|
|
|
|
|
|
|
|
## Root module example
|
|
|
|
|
```
|
|
|
|
|
module sso {
|
|
|
|
|
source = "../modules/sso"
|
|
|
|
|
|
|
|
|
|
for_each = { for item in local.items : item.name => item }
|
|
|
|
|
|
|
|
|
|
default-tags = local.default-tags
|
|
|
|
|
pset-name = each.value.name
|
|
|
|
|
pset-desc = each.value.desc
|
|
|
|
|
pset-managed-policy-arn = each.value.mpolicy
|
|
|
|
|
pset-session-duration = each.value.session
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
locals {
|
|
|
|
|
csv_data = <<-CSV
|
|
|
|
|
name,desc,mpolicy,session
|
|
|
|
|
ViewOnly,View only access,arn:aws:iam::aws:policy/job-function/ViewOnlyAccess,PT4H
|
|
|
|
|
ReadOnly,Read only access,arn:aws:iam::aws:policy/ReadOnlyAccess,PT4H
|
|
|
|
|
FullAccess,Full admin access,arn:aws:iam::aws:policy/AdministratorAccess,PT4H
|
|
|
|
|
NetworkAdmin,Network admin access,arn:aws:iam::aws:policy/job-function/NetworkAdministrator,PT4H
|
|
|
|
|
DatabaseAdmin,Database admin access,arn:aws:iam::aws:policy/job-function/DatabaseAdministrator,PT4H
|
|
|
|
|
BillingAdmin,Billing admin access,arn:aws:iam::aws:policy/job-function/Billing,PT4H
|
|
|
|
|
SecurityAudit,Security admin access,arn:aws:iam::aws:policy/SecurityAudit,PT4H
|
|
|
|
|
PowerUser,Full access excluding IAM,arn:aws:iam::aws:policy/PowerUserAccess,PT4H
|
|
|
|
|
CSV
|
|
|
|
|
|
|
|
|
|
items = csvdecode(local.csv_data)
|
|
|
|
|
}
|
|
|
|
|
```
|
