Removes Okta Groups

README.md

@@ -9,19 +9,6 @@ This module provisions by default a set of basic AWS Config Rules. In order to a
 aws_config_rules = ["ACCESS_KEYS_ROTATED", "ALB_WAF_ENABLED"]
 ```
 
-## Okta Groups for AWS SSO
-
-By default, this module will create an Okta Group called `AWSPlatformAdmins` and assign the group to the AWS SSO Okta App.
-
-To add other groups, a map of key-value pairs (`group_name` and `group_description`) can be passed down to the variable `aws_okta_groups` like in the example below:
-
-```hcl
-aws_okta_groups = {
-  "AWSAuditors"   = "Provides auditing access to AWS accounts" 
-  "AWSDevelopers" = "Provides developer access to AWS accounts"
-}
-```
-
 <!--- BEGIN_TF_DOCS --->
 ## Requirements
 

okta.tf

@@ -1,14 +1,5 @@
-locals {
-  aws_okta_groups = merge(
-    var.aws_okta_groups,
-    {
-      "AWSPlatformAdmins" = "AWS administrator access to all stacks/accounts"
-    }
-  )
-}
-
 resource "okta_app_saml" "aws_sso" {
-  groups            = [for group in okta_group.aws_groups : group.id]
+  groups            = toset(var.aws_okta_group_ids)
   key_years_valid   = 3
   label             = "Amazon Web Services"
   preconfigured_app = "amazon_aws_sso"
@@ -22,9 +13,3 @@ resource "okta_app_saml" "aws_sso" {
     ignore_changes = [features, users]
   }
 }
-
-resource "okta_group" "aws_groups" {
-  for_each    = local.aws_okta_groups
-  name        = each.key
-  description = each.value
-}

variables.tf

@@ -4,10 +4,10 @@ variable "aws_config_rules" {
   description = "List of managed AWS Config Rule identifiers that should be deployed across the organization"
 }
 
-variable "aws_okta_groups" {
-  type        = map
-  default     = {}
-  description = "Map of Okta Groups that should have access to the AWS organization (format: name => description)"
+variable "aws_okta_group_ids" {
+  type        = list
+  default     = []
+  description = "List of Okta Group Ids that should have access to the AWS organization"
 }
 
 variable "aws_sso_acs_url" {