SSO permissions demo using Terraform
Architecture of SSO
- First, we are given a username like spanda@frontlineed.com by Corp IT
- Then we are assigned a Role like
SRE-CASK-CTR
- As the Microsoft Active Directory and SSO are linked, hence SSO User and SSO Group are created automatically for the user created previously.
Now when we need to Grant some access to a particular user:
We create a policy/ use an existing policy
Add it to the Terraform Module of Permission Set
module "pg_stage" {
source = "../../modules/permission-set/v1"
name = "PG-STAGE"
session_duration = local.DURATION
attachments = [
"arn:aws:iam::aws:policy/SecretsManagerReadWrite",
"arn:aws:iam::aws:policy/ReadOnlyAccess",
]
}
- Then we add the "Permission Set ARN" to the Assignment Module and we also add the Role to which we need to grant access.
module "assign_pg_stage" {
source = "../../modules/assign-account/v1"
groups = [
"ROLE-STD_DEVELOPMENT_PG_PLM-EEM",
"ROLE-STD_DEVELOPMENT_PG_PLM-EEM_CTR"
]
permission_set_arn = local.sets.PG-STAGE
accounts = {
pg_stage = 943962962571
}
}