SSO permissions demo using Terraform

·

1 min read

Architecture of SSO

image.png

  • First, we are given a username like by Corp IT
  • Then we are assigned a Role like SRE-CASK-CTR
  • As the Microsoft Active Directory and SSO are linked, hence SSO User and SSO Group are created automatically for the user created previously.

Now when we need to Grant some access to a particular user:

  • We create a policy/ use an existing policy

  • Add it to the Terraform Module of Permission Set

module "pg_stage" {
  source = "../../modules/permission-set/v1"
  name = "PG-STAGE"
  session_duration = local.DURATION
  attachments = [
    "arn:aws:iam::aws:policy/SecretsManagerReadWrite",
    "arn:aws:iam::aws:policy/ReadOnlyAccess",
  ]
}
  • Then we add the "Permission Set ARN" to the Assignment Module and we also add the Role to which we need to grant access.
module "assign_pg_stage" {
  source = "../../modules/assign-account/v1"
  groups = [
    "ROLE-STD_DEVELOPMENT_PG_PLM-EEM",
    "ROLE-STD_DEVELOPMENT_PG_PLM-EEM_CTR"
  ]
  permission_set_arn = local.sets.PG-STAGE
  accounts = {
    pg_stage = 943962962571
  }
}

image.png